about summary refs log tree commit diff
Commit message (Collapse)AuthorAgeFilesLines
* Add a small note about the authorization confirmation endpoint dataVika13 days1-0/+7
| | | | Change-Id: I145777043c043163f7c7f3acbb405994d73b479f
* Fix the IndieAuth scriptVika13 days2-6/+3
| | | | Change-Id: I17af1bd69de0f885e28db161d9ca81fa199a8aa5
* kittybox-indieauth-helper: fix handler typesVika13 days1-16/+12
| | | | Change-Id: I991a3b935b4ae435acd852ee62a8d2893cf00950
* Harden default CSPVika14 days1-1/+1
| | | | Change-Id: I31362b3ec779a1eaea54c0d9567daa5de0ae0fc0
* Don't exclude fonts from Nix buildsVika14 days1-1/+1
| | | | Change-Id: I1b4e56874b86151c9b76495f3a1f63ba8bd527b3
* Allow arbitrary HTML in Markdown post contentVika14 days1-1/+11
| | | | | | Oh, that's how it's done. Fuck. Change-Id: I40c5296ba05ddec7aa277308520017e5068e6fc9
* Add styles for delimiting LLM quotes to the default themeVika14 days1-0/+19
| | | | | | Might be useful, who knows :3 Change-Id: I9f2886575cfa3ab0c89a074a494d97b5b2547e5c
* Vendor fonts into KittyboxVika14 days14-24/+320
| | | | | | | These fonts are licensed under OFL 1.1, which means I can freely redistribute them. Ain't that nice? Change-Id: Ide32286305680865652db17c8d482b5ac0f20a50
* Fix CSP and allow Google FontsVika2025-01-021-1/+1
| | | | | | I really need to figure out how to rip fonts from Google Fonts. Change-Id: I66f62ca639bf399223a1cd030d057bdcc3bc0de1
* Set a minimal CSPVika2025-01-022-2/+7
| | | | | | | | | | | - Styles and scripts can now only be loaded from Kittybox (hint: use the media endpoint if you wish to upload custom CSS) - Inline scripts are now completely prohibited (this means it's safe to show arbitrary HTML from Webmentions) - `<base>` element is prohibited (who uses that anyway?) - Loading anything else is only allowed via HTTPS Change-Id: I285a18b71dd9860416b18dd0e88f8fe7c8511e0b
* Set X-Content-Type-Options: nosniffVika2025-01-023-6/+24
| | | | | | | | This prevents browsers from guessing the Content-Type, and since we're always making sure to serve with the known-correct content type, we don't need the browser to guess. Change-Id: I02550d6763969f999ec22ec41e5539f945ea7ca4
* axum: 0.7.9 → 0.8.1Vika2025-01-0111-62/+61
| | | | | | | | | | | | | Some breaking changes. For better or for worse. The optional extractor breaking change is a double-edged sword, since not all extractors can be used with `Option<T>` now, and you have to use `Result<T, T::Rejection>` even when you want to ignore an error coming from an extractor, such as `Query`. However, this allows catching errors on authorization extractors even in places where authorization is optional. Change-Id: I35f809d3adf27dbef0e7ee93dc1a7af178b7d014
* distributed-test: wait for Kittybox to start up explicitlyVika2025-01-011-1/+2
| | | | | | | Makes logs more readable, because we aren't confused on concurrency that the socket listener introduces. Change-Id: Id471d314a1507b5b48d6fa53ba9ca743977c1c6a
* distributed-test: add Postgres-based job queueVika2025-01-011-0/+22
| | | | | | | | This test historically existed to showcase clustering via NFS, so we don't use the Postgres backend for the data. That would be too easy. Instead, we only use it for the webmention job queue! Change-Id: I975893b974063f24f2761186df57db4b876366f6
* PGPASS → PGPASSWORDVika2025-01-012-19/+4
| | | | | | | | Turns out sqlx natively reads a plaintext password from this variable, otherwise from the `$PGPASSFILE`, otherwise from `$HOME/.pgpass`, so I don't need custom logic around passwords. Yay for sqlx being smart! Change-Id: I14858903ea1605469f9ea8095dc3bb056f617e85
* Add a dev-shell and a check to verify MSRVVika2025-01-012-18/+43
| | | | | | This builds the entire crate using my chosen MSRV. Isn't that nice? Change-Id: I8bbe47cc5db63ab3f27616a9e3576a50d349b89b
* Remove Docker containerVika2025-01-012-48/+0
| | | | | | It was outdated. Anyway, Docker is no longer in vogue anyway. Change-Id: Ic1ace406f3f8453de174ee465d0db6d17502822e
* Give NixOS e2e tests unique names in CIVika2025-01-013-3/+3
| | | | Change-Id: I6f9262d94736debf23c8f21618ed49ace8b2b8eb
* Bump MSRV to 1.81 due to dependency using error_in_coreVika2025-01-011-1/+1
| | | | Change-Id: I8c0ccf651d05b33fa33cbf8bb454b27ad6b9af98
* Fix Postgres setup in testsVika2025-01-013-9/+3
| | | | Change-Id: Ibc26d9700faa0c25663146871924ee196dc62274
* cargo update, bump msrv to match microformats crateVika2025-01-012-5/+5
| | | | | | I need to actually verify the msrv tho Change-Id: I61ce30845b9a076849ebc6adde65e58763b3741e
* Partially appease clippyVika2025-01-015-8/+7
| | | | | | | Some false positives on `serde(rename)` remain, as well as lints still requiring my attention. Change-Id: I3166771af20b2d07c6226b3b1a9d15fe36152356
* Get rid of base64 and hex in favor of data_encoding crateVika2025-01-015-15/+16
| | | | | | Less dependency duplication = more fun Change-Id: Icbd0497a68fdd5bea3757e3c62c80008b87bce96
* Use workspace dependencies to simplify dependency managementVika2025-01-016-190/+151
| | | | | | | | | | | | | This will reduce risks of dependency duplication in the tree when updating or adding new dependencies, as one could simply inherit from the workspace. `cargo-autoinherit` was considered, but it migrates EVERY single dependency, whereas I'd prefer that only reused dependencies are migrated. Additionally, it doesn't merge features automatically, requiring manual intervention anyway. Change-Id: If0dd19012c723ab71f599119d108e805b2d5e463
* micropub: Don't map-n-filter where we can filter_mapVika2025-01-011-2/+1
| | | | | | | | The channel iterator did its filtering of non-strings with an `unwrap_or()`, but we can safely get rid of it, since `<&'a Value>::as_str()` returns `Option<&'a str>`. Change-Id: Ie7a74247db4709e2aafd6bcd3623fab592bede81
* PostgresStorage: use query_scalar for post_existsVika2025-01-011-2/+1
| | | | | | Simplifes typing a little. Change-Id: I2a686e5c8ce09efc047d7caec687911f08eb7628
* Storage::all_posts to return all posts for ?q=source w/o filtersVika2024-12-314-0/+25
| | | | Change-Id: I5d1220b6a2abbcb460bdb13c088c3dbd7e4d9856
* microformats: 0.12.0 -> 0.14.0Vika2024-12-314-7/+132
| | | | | | | | | | Even though there is no corresponding source published to GitLab, it seems the package is fine and is still maintained. I also had to manually fix a versioning glitch because the required microformats-types version was not bumped. Change-Id: I6c052fac465f7e8c3d8cbb785f73e750c546d7a3
* ignore rsa false-positive via sqlx-mysql, since it's unusedVika2024-12-312-1/+8
| | | | Change-Id: Ic76cbc7f5343edad057b0eca121357c56d9c79ae
* Upgrade SemVer-breaking packagesVika2024-12-304-480/+128
| | | | Change-Id: I187fbf798ea6e29a8d04c4e3a894dc4a115ea9a7
* cargo upgradeVika2024-12-307-475/+801
| | | | Change-Id: I3c02e42596d9e307e4f155959ea5f1493322df82
* Fix up CLI featureVika2024-12-301-5/+3
| | | | Change-Id: Ia72ec9b7cdaae86c3f6a963f9f22c26801f56851
* fixup! microformats: 0.9.1 -> 0.12.0Vika2024-12-301-1/+1
|
* kittybox-mf2: add tracingVika2024-12-301-0/+16
| | | | Change-Id: I9ed27cbf17ab65ec35ca45b36a4144296c7b6a6e
* microformats: 0.9.1 -> 0.12.0Vika2024-12-304-21/+8
| | | | Change-Id: Ief031acfc014bf3b74874f778600ee214cf61301
* flake.lock: UpdateVika2024-12-301-14/+9
| | | | | | | | | | | | | | | | | Flake lock file updates: • Updated input 'crane': 'github:ipetkov/crane/529c1a0b1f29f0d78fa3086b8f6a134c71ef3aaf' (2024-07-24) → 'github:ipetkov/crane/72e2d02dbac80c8c86bf6bf3e785536acf8ee926' (2024-12-21) • Removed input 'crane/nixpkgs' • Updated input 'flake-utils': 'github:numtide/flake-utils/b1d9ab70662946ef0850d488da1c9019f3a9752a' (2024-03-11) → 'github:numtide/flake-utils/11707dc2f618dd54ca8739b309ec4fc024de578b' (2024-11-13) • Updated input 'nixpkgs': 'github:nixos/nixpkgs/9f918d616c5321ad374ae6cb5ea89c9e04bf3e58' (2024-07-31) → 'github:nixos/nixpkgs/88195a94f390381c6afcdaa933c2f6ff93959cb4' (2024-12-29) Change-Id: I1154855638b2fe40595dea21ecbabfa537875b71
* decrease logspam from filter_post spansVika2024-12-301-1/+1
| | | | Change-Id: Ibecb139196711eb045460739435af5dbcf258024
* kittybox-util: bump to 0.3.0Vika2024-12-038-117/+131
| | | | | | | | Changed micropub::Error's description to Option<Cow<'static, str>> to allow for that sweet sweet memory savings from not having to heap-allocate strings for static errors. Change-Id: Ic82e5ad5cacea766ea0a7e8677ce6a7f16ae8668
* unauthorized -> not_authorizedVika2024-11-152-359/+1
| | | | | | whoops Change-Id: I695c77b76806165af88935c37f40386923d95220
* tower-watchdog: init at 1.0.0Vika2024-11-135-5/+236
| | | | | | | Wait, is this my first self-contained crate? Not bad. I like this. Maybe I'll go publish it to crates.io? Change-Id: I340d0839746ff1cfbcc4c82c230ae2adff2a92f7
* media endpoint: small code cleanupVika2024-11-132-8/+5
| | | | Change-Id: I10d8ffd53bd3c02d6de3ba4520ab859c18697c61
* shell.nix: take entire nodePackagesVika2024-11-132-6/+5
| | | | Change-Id: I9f0a88a20078603a8fbcf14a975878126bcdefcf
* kittybox-util: fix incorrect features in a dependency, preventing builds ↵Vika2024-10-291-1/+4
| | | | | | with crate2nix Change-Id: Id44454df4155cc9626c4e4c19d332fd154f4e7db
* Delete the unused login codeVika2024-10-041-333/+0
| | | | Change-Id: Ic684e5e127ff717fa6cb2f480d3bf1520e8ae93b
* Fix the current-thread runtime tests w/ sqlxVika2024-09-191-0/+3
| | | | Tracked upstream as https://github.com/launchbadge/sqlx/issues/3510
* If like/bookmark-of name is empty, pretend it isn't thereVika2024-09-071-0/+2
|
* Reduce unwraps in u-ate and u-drank handlingVika2024-09-071-10/+10
|
* kittybox-frontend-renderer: use p-summary if availableVika2024-09-071-5/+15
|
* Introduce `Storage::update_with`Vika2024-08-284-7/+54
| | | | | | | | | This function takes a closure that modifies the post. This could be useful in maintenance utilities that scan and fixup posts. For now this isn't used anywhere within Kittybox, but once all backends implement this correctly, this could replace `Storage::update_post` calls. For supporting backends, `Storage::update_post` is implemented in terms of `Storage::update_with`.
* Check validity of Micropub updatesVika2024-08-281-6/+50
| | | | | | | | In Kittybox, Micropub updates cannot modify UIDs, since UIDs are used as a primary key. Additional constraints may be added later, and perhaps I'll add a Storage method that would check backend-specific constraints.