Initial commit: Fat Kiss site — Hugo + Decap CMS

README.md

@@ -0,0 +1,129 @@
+# Fat Kiss — Natural Ritual Skincare
+
+**https://getfatkiss.com** | "Everybody Wants One."
+
+Hugo static site with Decap CMS admin. Handcrafted on Kauaʻi.
+
+## Quick Start
+
+```bash
+# Local dev
+docker compose up preview    # → http://localhost:1317
+
+# Build
+docker compose run --rm build
+
+# Deploy
+bash scripts/deploy.sh
+```
+
+## Project Structure
+
+```
+content/          # Markdown content (products, about, journal)
+data/site/        # YAML config (home, contact, settings, navigation)
+data/reviews/     # Review YAML files
+assets/scss/      # SCSS design system
+assets/js/        # JavaScript
+layouts/          # Hugo templates
+static/admin/     # Decap CMS
+static/uploads/   # Media uploads
+server/           # Contact form backend
+scripts/          # Build & deploy scripts
+```
+
+## How Amber Edits Content
+
+1. Go to **https://getfatkiss.com/admin/**
+2. Log in with Gitea (MFA required)
+3. Use the sidebar to edit:
+   - **Pages → Home Page** — hero, brand statement, featured products, ethos
+   - **Pages → Site Settings** — toggle sections on/off
+   - **Pages → Contact Settings** — social links, routing
+   - **Products** — add/edit/archive products
+   - **About** — edit about page sections
+   - **Journal** — write journal posts
+   - **Reviews** — manage customer reviews
+4. Changes commit to Gitea → webhook triggers deploy
+
+## How to Add a Product
+
+1. Admin → Products → New Product
+2. Fill in: title, product type, status, summary, benefit chips, blend description, directions, ingredients, CTA
+3. Set status: `inquiry` (visible, contact to order) or `coming_soon` (visible, not yet available)
+4. Save → deploys automatically
+
+## How to Hide a Section
+
+1. Admin → Pages → Home Page
+2. Find the section (e.g. Reviews, Journal Preview)
+3. Set `enabled: false`
+4. Save → section disappears from site
+
+## Conditional Rendering
+
+Sections render ONLY when `enabled: true` AND content exists. No empty boxes. No "coming soon" placeholders (unless explicitly enabled).
+
+## Contact Form Security
+
+- Cloudflare Turnstile (bot protection)
+- Server-side token verification
+- Rate limiting (5 req / 15 min)
+- Honeypot field
+- Input sanitization
+- Category allowlist
+- CORS locked to getfatkiss.com
+- No personal emails exposed in HTML
+
+## Deploy Flow
+
+1. Content edited in Decap CMS
+2. Commit pushed to Gitea
+3. Gitea webhook → `scripts/deploy.sh`
+4. Hugo builds to temp directory
+5. Validates output exists
+6. Atomically rsyncs to live webroot
+7. Previous build kept as rollback
+
+## Rollback
+
+```bash
+# Content rollback: revert commit in Gitea
+# Build rollback on Hub:
+ssh hub-direct 'sudo rsync -az --delete /home/benjoe/getfatkiss/public.prev/ /var/www/getfatkiss.com/public_html/'
+```
+
+## Future Roadmap
+
+- **Ecommerce**: Stripe integration, cart, checkout
+- **Newsletter**: Listmonk integration
+- **Fat Kiss Studio**: Custom admin replacing Decap CMS
+- **Subscriptions**: Recurring orders
+- **Wholesale portal**: B2B ordering
+- **Local pickup**: Kauaʻi fulfillment option
+
+## Security Headers
+
+Configured in Apache:
+- X-Frame-Options: SAMEORIGIN
+- X-Content-Type-Options: nosniff
+- Referrer-Policy: strict-origin-when-cross-origin
+- Permissions-Policy: geolocation=(), microphone=(), camera=()
+
+## Admin Security
+
+- `/admin/` — noindex, nofollow
+- Gitea OAuth authentication
+- MFA required on Amber's Gitea account
+- No secrets in admin config
+- Media uploads restricted to `/static/uploads/`
+
+## Tech Stack
+
+- **Hugo** — static site generator
+- **Decap CMS** — browser-based content editing
+- **Gitea** — self-hosted Git + auth backend
+- **Docker** — Hugo build environment
+- **Apache** — web server on Hub
+- **Cloudflare** — DNS + CDN + Turnstile
+- **Node.js** — contact form backend