| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
| |
This was the job of the database before. Now the frontend should do it
before passing the post to the templates.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
`filter_post` is now out of here and moved into the frontend. This
kind of non-intrusive filtering can be done on the frontend, and the
database need not concern itself with this.
It can still be done as an optimisation... probably? but the frontend
is going to sanitize things like location in the post by itself now,
so it is not required anymore (and might be harmful, if frontend
starts indicating that there are some hidden fields by replacing them
with placeholders that ask one to log in to view information).
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
We insert published time into all objects anyway, and expect feeds to
be ordered by publishing time. We should let databases rely on that
assumption when returning feeds.
|
| |
|
|
|
| |
Some database backends may have optimized ways of tracking feed
contents. Others might just use the "children" property directly.
|
| |
|
|
|
| |
This allows disregarding http/https comparisons and simplifies some
database designs.
|
| |
|
|
|
| |
read_feed_with_cursor allows using an arbitrary string as a cursor,
unlike read_feed_with_limit, which uses last post's UID as a cursor.
|
| |
|
|
|
| |
This allows avoiding an unnecessary allocation whenever the error
message is static.
|
| |
|
|
|
|
| |
This allows proper separation of backend initialization and Kittybox
construction code. Some boilerplate is still present, but there's much
less of it now thanks to functions being generic.
|
| |
|
|
| |
should've been a LazyLock tho
|
| |
|
|
|
|
| |
- cleaner format!()
- syndication links
- broke up a long line
|
| |
|
|
| |
Optional at first. Onboarding UI not yet exposed.
|
| |
|
|
| |
This allows much for a cleaner and idiomatic settings interface.
|
| | |
|
| | |
|
| |
|
|
|
| |
Bytes buffers are already reference-counted and cheaply clonable;
there is no need to wrap them further.
|
| | |
|
| |
|
|
|
|
|
| |
For now it is not yet exposed on the frontend, but that is merely a
matter of time.
TODO possibly remove the legacy methods, since they're obsoleted
|
| |
|
|
|
|
|
|
|
|
|
|
| |
It makes more sense to keep CSS near the templates, and the
client-side JavaScript code too, since it depends on the DOM structure
to work. Additionally, the overhead of `include_dir!()` is almost
completely mitigated by the fact that this is a separate crate that
isn't recompiled often.
The linking stage, however, is still expected to take a little bit
long. But I doubt it'd be longer than what it was before, since it's
the same exact files that get linked into the app.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Note: this requires a reindex of the media database. For the default
CAS backend, use the following:
```bash
for i in */*/*/*/*.json; do
etag="$(echo $i | sed -e 's/\///g' -e 's/\.json$//')";
mv "$i" "$i.bak"
cat "$i.bak" | jq '. + { "etag": '\""$etag"\"'}' > "$i"
rm "$i.bak"
done
```
This change is backwards compatible, but caching headers won't be
emitted without etags present in the metadata.
Actual etags are backend-specific and might differ from backend to
backend.
|
| |
|
|
|
|
| |
I don't know how worthwhile that was, given that LibreJS developers
themselves don't care to properly declare licenses on the Bazaar
frontend they use to host the extension's source code on the Web π€‘
|
| |
|
|
|
| |
This is a naive implementation that doesn't have some security
checks. It's ok tho, should work fine... can refine it later
|
| | |
|
| |
|
|
|
|
|
|
| |
This neccesitates installing TypeScript to build Kittybox, but
thankfully Nix actually takes care of that. Build Kittybox with Nix
and you won't have problems.
Also now I can safely do stuff.
|
| |
|
|
| |
AAAAAAAAAAAAAAAAAAAAAAAAA
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
It looks like some badly-behaved apps require "scope" even though it
is optional according to OAuth2. Additionally, both of these fields
are not present in the IndieAuth spec (this is an error in the spec,
tracked here: https://github.com/indieweb/indieauth/issues/116
|
| |
|
|
| |
JavaScript is a hellpit i want out of it please help me
|
| | |
|
| |
|
|
|
|
| |
There is a possibility of refactoring some of the companion code to
act as a generic embedded asset framework and put it in the `util`
crate.
|
| |
|
|
|
|
|
|
|
|
| |
Working:
- Tokens and codes
- Authenticating with a password
Not working:
- Setting the password (need to patch onboarding)
- WebAuthn (the JavaScript is too complicated)
|
| | |
|
| |
|
|
| |
Wiremock doesn't require external C dependencies.
|
| |
|
|
|
| |
Kittybox now uses tracing instead of log. Why would I keep an
unneccesary dependency in my Cargo.lock?
|
| |
|
|
|
|
| |
Fetching profiles is now fully implemented. The only missing pieces
are the frontend template and the persistent store for tokens and
codes.
|
| | |
|
| |
|
|
| |
Some responses need to set Cache-Control and Pragma: no-cache headers according to RFC 6749.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
content_type is now optional; if not specified, it will remain
empty. `application/octet-stream` will be put on read in the
frontend.
Length is now represented as NonZeroUsize - why would you upload a
zero-byte file when you can just conjure one from the void whenever
you need one? This should save me a little bit of memory.
Representing content_type as a typed MIME value would be the next
logical step.
|
| |
|
|
|
| |
It turns out that BufWriter requires calling `flush()` manually and
doesn't do it on `drop()`. I forgot about that.
|
| | |
|
| |
|
|
|
|
| |
This requires the `axum` feature to be enabled, to prevent unwanted
dependencies (e.g. in client apps or when using a different framework,
since the library doesn't concern itself with I/O)
|
| |
|
|
|
| |
Client ID and the redirect URI must match those that were used to
create the grant.
|
| |
|
|
|
| |
This may help non-IndieAuth-aware clients to integrate better into the
flow.
|
| |
|
|
|
|
|
| |
`kittybox_indieauth::Error` now represents errors in the IndieAuth
process itself. `IndieAuthError` got renamed to `ResourceErrorKind` to
reflect errors that a resource server (i.e. IndieAuth consumer) might
return to a client who somehow didn't authorize themselves properly.
|
| |
|
|
|
|
|
|
|
| |
This will allow to display a prettier error page in the future.
There is a possibility of instantiating the panic handler per-module
to allow for custom panic messages expressed in the same form the
module itself gives error messages (e.g. pretty HTML for frontend,
MicropubError for Micropub messages etc.)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is the living, breathing proof that Kittybox can be split into
independent components without sacrificing any functionality. Just
make sure all neccesary backing storage components are available to
the modules that need them.
Also the Micropub client was split into several files, because it's
about to get much bigger and more full-featured.
Yes, I am going to write it in vanilla JavaScript. I don't trust
anything from NPM to run on my computer. Not anymore. Not after the
node-ipc malware fiasco. And I am definitely not going to spin up a VM
or a Docker container (who uses Docker containers as a security
measure?) to hack on my own code.
Cargo can at least be sandboxed inside Nix, where it can't do much
harm. NPM basically requires unrestricted network access to download
dependencies, and it runs arbitrary code upon **downloading**
them. Cargo and rust-analyzer, on the other hand, can be configured to
not trust the source code and its dependencies (for example, Cargo
doesn't execute code on fetching dependencies - only on building, and
rust-analyzer's proc-macro expansion support can be sacrificed for
more security).
|
