Fat Kiss — Natural Ritual Skincare

https://getfatkiss.com | "Everybody Wants One."

Hugo static site with Decap CMS admin. Handcrafted on Kauaʻi.

Quick Start

# Local dev
docker compose up preview    # → http://localhost:1317

# Build
docker compose run --rm build

# Deploy
bash scripts/deploy.sh

Project Structure

content/          # Markdown content (products, about, journal)
data/site/        # YAML config (home, contact, settings, navigation)
data/reviews/     # Review YAML files
assets/scss/      # SCSS design system
assets/js/        # JavaScript
layouts/          # Hugo templates
static/admin/     # Decap CMS
static/uploads/   # Media uploads
server/           # Contact form backend
scripts/          # Build & deploy scripts

How Amber Edits Content

1. Go to https://getfatkiss.com/admin/
2. Log in with Gitea (MFA required)
3. Use the sidebar to edit:
   • Pages → Home Page — hero, brand statement, featured products, ethos
   • Pages → Site Settings — toggle sections on/off
   • Pages → Contact Settings — social links, routing
   • Products — add/edit/archive products
   • About — edit about page sections
   • Journal — write journal posts
   • Reviews — manage customer reviews
4. Changes commit to Gitea → webhook triggers deploy

How to Add a Product

1. Admin → Products → New Product
2. Fill in: title, product type, status, summary, benefit chips, blend description, directions, ingredients, CTA
3. Set status: inquiry (visible, contact to order) or coming_soon (visible, not yet available)
4. Save → deploys automatically

How to Hide a Section

1. Admin → Pages → Home Page
2. Find the section (e.g. Reviews, Journal Preview)
3. Set enabled: false
4. Save → section disappears from site

Conditional Rendering

Sections render ONLY when enabled: true AND content exists. No empty boxes. No "coming soon" placeholders (unless explicitly enabled).

Contact Form Security

• Cloudflare Turnstile (bot protection)
• Server-side token verification
• Rate limiting (5 req / 15 min)
• Honeypot field
• Input sanitization
• Category allowlist
• CORS locked to getfatkiss.com
• No personal emails exposed in HTML

Deploy Flow

1. Content edited in Decap CMS
2. Commit pushed to Gitea
3. Gitea webhook → scripts/deploy.sh
4. Hugo builds to temp directory
5. Validates output exists
6. Atomically rsyncs to live webroot
7. Previous build kept as rollback

Rollback

# Content rollback: revert commit in Gitea
# Build rollback on Hub:
ssh hub-direct 'sudo rsync -az --delete /home/benjoe/getfatkiss/public.prev/ /var/www/getfatkiss.com/public_html/'

Future Roadmap

• Ecommerce: Stripe integration, cart, checkout
• Newsletter: Listmonk integration
• Fat Kiss Studio: Custom admin replacing Decap CMS
• Subscriptions: Recurring orders
• Wholesale portal: B2B ordering
• Local pickup: Kauaʻi fulfillment option

Security Headers

Configured in Apache:

• X-Frame-Options: SAMEORIGIN
• X-Content-Type-Options: nosniff
• Referrer-Policy: strict-origin-when-cross-origin
• Permissions-Policy: geolocation=(), microphone=(), camera=()

Admin Security

• /admin/ — noindex, nofollow
• Gitea OAuth authentication
• MFA required on Amber's Gitea account
• No secrets in admin config
• Media uploads restricted to /static/uploads/

Tech Stack

• Hugo — static site generator
• Decap CMS — browser-based content editing
• Gitea — self-hosted Git + auth backend
• Docker — Hugo build environment
• Apache — web server on Hub
• Cloudflare — DNS + CDN + Turnstile
• Node.js — contact form backend