about summary refs log tree commit diff
path: root/kittybox-rs/src/indieauth/backend
diff options
context:
space:
mode:
authorVika <vika@fireburn.ru>2022-07-15 02:18:14 +0300
committerVika <vika@fireburn.ru>2022-07-15 02:18:14 +0300
commitc00547c8437b992aa073378ab165aa40b073e1b4 (patch)
tree01c62edbca13acc2789c427c7abdd4d2eb0a7bc1 /kittybox-rs/src/indieauth/backend
parent9c3b8424fb834a0f3576dfd1970ba4cad0afb95a (diff)
downloadkittybox-c00547c8437b992aa073378ab165aa40b073e1b4.tar.zst
PoC for modularity and WIP built-in Micropub client rework
This is the living, breathing proof that Kittybox can be split into
independent components without sacrificing any functionality. Just
make sure all neccesary backing storage components are available to
the modules that need them.

Also the Micropub client was split into several files, because it's
about to get much bigger and more full-featured.

Yes, I am going to write it in vanilla JavaScript. I don't trust
anything from NPM to run on my computer. Not anymore. Not after the
node-ipc malware fiasco. And I am definitely not going to spin up a VM
or a Docker container (who uses Docker containers as a security
measure?) to hack on my own code.

Cargo can at least be sandboxed inside Nix, where it can't do much
harm. NPM basically requires unrestricted network access to download
dependencies, and it runs arbitrary code upon **downloading**
them. Cargo and rust-analyzer, on the other hand, can be configured to
not trust the source code and its dependencies (for example, Cargo
doesn't execute code on fetching dependencies - only on building, and
rust-analyzer's proc-macro expansion support can be sacrificed for
more security).
Diffstat (limited to 'kittybox-rs/src/indieauth/backend')
0 files changed, 0 insertions, 0 deletions