about summary refs log tree commit diff
Commit message (Collapse)AuthorAgeFilesLines
* kittybox-indieauth-helper: ignore TLS in debug and xdg-open the pageVika2024-08-181-1/+14
|
* Parse redirect URIs from MF2 metadataVika2024-08-181-1/+3
|
* onboarding: attempt to fix the redirection bugVika2024-08-181-2/+2
|
* feat: logins!!Vika2024-08-1812-94/+530
| | | | | | | | yes you can finally sign in this is also supposed to show private posts intended for you! maybe i can also reveal my email to those who sign in! :3
* kittybox-indieauth: support transforming strings to PKCEVerifierVika2024-08-181-0/+5
| | | | for apps that can't hold state for long
* Don't log extraneous MF2 parsing dataVika2024-08-181-1/+1
|
* indieauth: Extension -> StateVika2024-08-181-10/+12
| | | | whoops
* indieauth: fix profile fetching if some properties are undeclaredVika2024-08-181-19/+23
|
* file auth backend: properly handle non-standard relative file:// urlsVika2024-08-181-4/+15
| | | | I use these in development.
* kittybox-indieauth: support OAuth2 Client MetadataVika2024-08-182-1/+115
| | | | Required for new revision of IndieAuth.
* kittybox-indieauth: separate ProfileUrl struct from GrantResponseVika2024-08-182-8/+12
| | | | Seems to be useful on its own.
* Don't verify TLS certificates when fetching things in devVika2024-08-182-1/+12
| | | | | | | When testing things, I don't test TLS verification, that's what reqwest unit tests should exist for. I test my things, and some of my things assume some form of TLS. I don't need it to be valid TLS, I need it to be TLS so I can use the `https://` links in dev.
* kittybox-frontend-renderer: add a notice to pester me on non-descriptive errorsVika2024-08-181-0/+5
|
* kittybox-frontend-renderer: fix onboarding CSS a littleVika2024-08-181-1/+4
|
* onboarding: provide official alternate onboarding flow for no-JSVika2024-08-181-0/+38
| | | | | | | | | | | | | This documents the onboarding request schema so somebody unwilling or unable to run JavaScript (why would you subject yourself to this?) is still able to use Kittybox. Since JavaScript is used to provide form interactivity and complex data structures in the onboarding flow, whoever cannot run JS will have to manually compose the onboarding request, and this will help them a little. I just need to remember to update this if the schema ever changes.
* kittybox-indieauth-helper: small cleanupsVika2024-08-181-44/+44
| | | | | | | - Properly catch IndieAuth errors when parsing grant responses - Use the new `into_query_pairs()` method to serialize the authorization request into the authorization endpoint URL - Migrate to `axum::serve` for simplicity in serving the callback hook
* Add caddy to the dev shellVika2024-08-171-2/+3
| | | | | | `caddy reverse-proxy -r --from https://localhost:8443 --to http://localhost:8080` can help meet Kittybox's security assumptions in development (and could be a good way to meet them in production too.)
* kittybox-indieauth: small code cleanupsVika2024-08-173-8/+15
|
* kittybox-indieauth: allow using custom RNGs for PKCEVika2024-08-171-1/+10
|
* kittybox-indieauth: allow using custom RNGs for stateVika2024-08-171-2/+14
|
* kittybox-indieauth: AuthorizationRequest::into_query_pairs()Vika2024-08-171-1/+37
| | | | | | | | This is a more efficient way of appending to a query string, as it avoids a needless copy and borrows most things instead. We can't really avoid copying here, since we'll need to write to the query string, but we can avoid an extra copy by borrowing most of our way through.
* kittybox-util: move out fs moduleVika2024-08-042-58/+57
|
* flake.lock: UpdateVika2024-08-031-3/+3
| | | | | | | | Flake lock file updates: • Updated input 'nixpkgs': 'github:nixos/nixpkgs/9f4128e00b0ae8ec65918efeba59db998750ead6' (2024-07-03) → 'github:nixos/nixpkgs/9f918d616c5321ad374ae6cb5ea89c9e04bf3e58' (2024-07-31)
* Migrate from naersk to craneVika2024-08-033-57/+84
| | | | | Naersk has been creating problems for me, and crane seems better maintained.
* kittybox-html: raise recursion limit to 512Vika2024-08-022-0/+2
| | | | I'm not sure why this is required.
* Upgrade dependencies and fix deprecated functionalityVika2024-08-0217-760/+1442
| | | | | | | I think I managed to not lose any functionality from my dependencies. sqlparser remains unupgraded, but that's mostly because it is only used in one example and it's not worth it to upgrade right now.
* cargo updateVika2024-08-011-900/+871
|
* Get cookie key from the environmentVika2024-08-015-4/+18
|
* Move Kittybox router composition into the libraryVika2024-08-012-53/+51
| | | | | | | | Since Kittybox router composition is entirely generic, we can move it into the library. I feel like I could also split database types into their own crates, too.
* Simplify jobset creation a littleVika2024-08-011-1/+2
|
* Migrate from axum::Extension to axum::extract::StateVika2024-08-019-372/+378
| | | | | This somehow allowed me to shrink the construction phase of Kittybox by a huge amount of code.
* treewide: create a common method for state initializationVika2024-08-0110-65/+53
| | | | | Now the database objects can be uniformly created from a URI. They can also optionally do sanity checks and one-time initialization.
* indieauth: remove unnecessary cloning of MF2 itemsVika2024-08-011-5/+11
| | | | | | | | | Per clippy suggestion. While they're behind a reference counter, and thus cloning is cheap, we can avoid increasing the reference counter by borrowing here. Also now the code is a bit prettier.
* Start working on login functionalityVika2024-07-096-3/+57
|
* database: use Url to represent user authoritiesVika2024-07-098-91/+93
| | | | This makes the interface more consistent and resistant to misuse.
* kittybox-indieauth: 0.1.0 -> 0.2.0Vika2024-07-097-14/+119
| | | | | | | | | Added fundamental AutoAuth types. This library can now be used to augment existing authorization and token endpoints with AutoAuth capabilities. See https://github.com/sknebel/AutoAuth/blob/master/AutoAuth.md for the latest spec draft.
* micropub: fix channels in ?q=configVika2024-07-091-1/+2
|
* WIP: admin (not wired up yet, and DEFINITELY NOT SECURE, DO NOT WIRE UP)Vika2024-07-083-0/+121
|
* flake.lock: UpdateVika2024-07-081-9/+9
| | | | | | | | | | | | | | Flake lock file updates: • Updated input 'flake-utils': 'github:numtide/flake-utils/dbabf0ca0c0c4bce6ea5eaf65af5cb694d2082c7' (2023-06-25) → 'github:numtide/flake-utils/b1d9ab70662946ef0850d488da1c9019f3a9752a' (2024-03-11) • Updated input 'naersk': 'github:nix-community/naersk/abca1fb7a6cfdd355231fc220c3d0302dbb4369a' (2023-07-05) → 'github:nix-community/naersk/941ce6dc38762a7cfb90b5add223d584feed299b' (2024-06-18) • Updated input 'nixpkgs': 'github:nixos/nixpkgs/0fbe93c5a7cac99f90b60bdf5f149383daaa615f' (2023-07-02) → 'github:nixos/nixpkgs/9f4128e00b0ae8ec65918efeba59db998750ead6' (2024-07-03)
* webmention: HTTP 202 shouldn't include Location URLVika2024-07-081-3/+1
|
* Add licensing information to Cargo.tomlVika2024-07-081-0/+1
|
* .envrc: add DATABASE_URL for `cargo test` to workVika2024-07-081-1/+3
|
* companion-lite: todos for laterVika2024-07-081-2/+3
|
* examples/sql: make optionalVika2024-06-152-1/+7
|
* Prototype sanitizer for SQLVika2024-06-143-0/+145
| | | | | | This might allow me to use SQL syntax in Kittybox's private search interfaces, allowing for queries of incredible specificity while not allowing to query private data or inject arbitrary SQL.
* kittybox-html: cargo fmtVika2024-06-142-138/+184
|
* Mask sensitive headersVika2024-06-142-2/+8
|
* configuration.nix: don't rely on `config.nixpkgs`Vika2024-05-181-1/+1
|
* Expose ?q=category queries in Micropub APIVika2024-03-041-1/+15
|
* Support ?q=category queriesVika2024-03-044-1/+37
| | | | Warning, untested. But hopefully works!