| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Working:
- Tokens and codes
- Authenticating with a password
Not working:
- Setting the password (need to patch onboarding)
- WebAuthn (the JavaScript is too complicated)
|
| |
|
|
|
|
|
| |
Kittybox now uses tracing instead of log. Why would I keep an
unneccesary dependency in my Cargo.lock?
|
|
|
|
|
| |
This may help non-IndieAuth-aware clients to integrate better into the
flow.
|
|
|
|
|
|
|
|
|
| |
This will allow to display a prettier error page in the future.
There is a possibility of instantiating the panic handler per-module
to allow for custom panic messages expressed in the same form the
module itself gives error messages (e.g. pretty HTML for frontend,
MicropubError for Micropub messages etc.)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is the living, breathing proof that Kittybox can be split into
independent components without sacrificing any functionality. Just
make sure all neccesary backing storage components are available to
the modules that need them.
Also the Micropub client was split into several files, because it's
about to get much bigger and more full-featured.
Yes, I am going to write it in vanilla JavaScript. I don't trust
anything from NPM to run on my computer. Not anymore. Not after the
node-ipc malware fiasco. And I am definitely not going to spin up a VM
or a Docker container (who uses Docker containers as a security
measure?) to hack on my own code.
Cargo can at least be sandboxed inside Nix, where it can't do much
harm. NPM basically requires unrestricted network access to download
dependencies, and it runs arbitrary code upon **downloading**
them. Cargo and rust-analyzer, on the other hand, can be configured to
not trust the source code and its dependencies (for example, Cargo
doesn't execute code on fetching dependencies - only on building, and
rust-analyzer's proc-macro expansion support can be sacrificed for
more security).
|
|
|
|
|
|
|
|
|
|
|
|
| |
This frees up the name for the future in-house IndieAuth
implementation and also clarifies the purpose of this module.
Its future is uncertain - most probably when the token endpoint gets
finished, it will transform into a way to query that token
endpoint. But then, the media endpoint also depends on it, so I might
have to copy that implementation (that queries an external token
endpoint) and make it generic enough so I could both query an external
endpoint or use internal data.
|
|
|
|
|
|
|
|
|
|
| |
Supported features:
- Streaming upload
- Content-addressed storage
- Metadata
- MIME type (taken from Content-Type)
- Length (I could use stat() for this one tho)
- filename (for Content-Disposition: attachment, WIP)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Axum has streaming bodies and allows to write simpler code. It also
helps enforce stronger types and looks much more neat.
This allows me to progress on the media endpoint and add streaming
reads and writes to the MediaStore trait.
Metrics are temporarily not implemented. Everything else was
preserved, and the tests still pass, after adjusting for new calling
conventions.
TODO: create method routers for protocol endpoints
|
|
|
|
|
| |
Actually got the idea from https://xeiaso.net/, who groups xer
website's endpoints under the `.within` folder.
|
|
- Kittybox's source code is moved to a subfolder
- This improves build caching by Nix since it doesn't take changes
to other files into account
- Package and test definitions were spun into separate files
- This makes my flake.nix much easier to navigate
- This also makes it somewhat possible to use without flakes (but
it is still not easy, so use flakes!)
- Some attributes were moved in compliance with Nix 2.8's changes to
flake schema
|