about summary refs log tree commit diff
path: root/kittybox-rs
Commit message (Collapse)AuthorAgeFilesLines
* cargo updateVika2023-02-271-563/+766
|
* Clarity improvementsVika2023-02-273-5/+9
|
* Add a skip link to the page layoutVika2023-01-252-3/+19
| | | | | | | | I tried to run my website through a screen reader, and thought this would be a nice addition. Also it turns out my website is *mostly* accessible as it is -- yay for semantic HTML!
* Show rainbow hearts on webinteractions widget tooVika2023-01-221-1/+5
| | | | More rainbows! 🏳️‍🌈
* Add rainbow hearts on like postsVika2023-01-222-1/+27
| | | | | A cute little easter-egg from an old version of my site, now available all year round, because I'm sick of hiding my true self.
* templates: ellipsize u-in-reply-to to 48, not 24Vika2022-11-081-2/+2
|
* templates: fix no space between links in mini entryVika2022-11-081-2/+3
|
* media: get rid of an extraneous Arc over BytesVika2022-11-071-5/+9
| | | | | Bytes buffers are already reference-counted and cheaply clonable; there is no need to wrap them further.
* templates: hotfix rich reply contextsVika2022-11-061-9/+30
| | | | When did I implement that?!!!
* kittybox-frontend-renderer: gzip static assetsVika2022-11-064-18/+149
|
* indieauth: parse application metadataVika2022-10-244-34/+101
|
* media: implement file range requests for backendsVika2022-10-142-16/+274
| | | | | | | For now it is not yet exposed on the frontend, but that is merely a matter of time. TODO possibly remove the legacy methods, since they're obsoleted
* templates: move static assets to the templates crateVika2022-10-0720-85/+237
| | | | | | | | | | | | It makes more sense to keep CSS near the templates, and the client-side JavaScript code too, since it depends on the DOM structure to work. Additionally, the overhead of `include_dir!()` is almost completely mitigated by the fact that this is a separate crate that isn't recompiled often. The linking stage, however, is still expected to take a little bit long. But I doubt it'd be longer than what it was before, since it's the same exact files that get linked into the app.
* media: Use ETag and If-None-MatchVika2022-10-043-4/+38
| | | | | | | | | | | | | | | | | | | | Note: this requires a reindex of the media database. For the default CAS backend, use the following: ```bash for i in */*/*/*/*.json; do etag="$(echo $i | sed -e 's/\///g' -e 's/\.json$//')"; mv "$i" "$i.bak" cat "$i.bak" | jq '. + { "etag": '\""$etag"\"'}' > "$i" rm "$i.bak" done ``` This change is backwards compatible, but caching headers won't be emitted without etags present in the metadata. Actual etags are backend-specific and might differ from backend to backend.
* LibreJS compatibilityVika2022-10-034-2/+88
| | | | | | I don't know how worthwhile that was, given that LibreJS developers themselves don't care to properly declare licenses on the Bazaar frontend they use to host the extension's source code on the Web 🤡
* companion-lite: rewrite to use IndieAuthVika2022-10-027-100/+467
| | | | | This is a naive implementation that doesn't have some security checks. It's ok tho, should work fine... can refine it later
* companion-lite: port to TypeScriptVika2022-09-2910-128/+301
|
* AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAVika2022-09-291-1/+1
|
* AAAAAAAAAAAAAAAAAVika2022-09-291-1/+1
|
* AAAAAAAAVika2022-09-291-1/+1
|
* indieauth: fix submit handler not being appliedVika2022-09-292-2/+7
|
* Switch to TypeScriptVika2022-09-287-196/+390
| | | | | | | | This neccesitates installing TypeScript to build Kittybox, but thankfully Nix actually takes care of that. Build Kittybox with Nix and you won't have problems. Also now I can safely do stuff.
* fix param name for media endpointVika2022-09-281-1/+1
| | | | AAAAAAAAAAAAAAAAAAAAAAAAA
* Use tokens from the auth backend to authenticate for MicropubVika2022-09-288-120/+201
|
* Fix some clippy errorsVika2022-09-282-1/+7
|
* indieauth: add "token_type" and "scope" to token grant responseVika2022-09-282-1/+26
| | | | | | | It looks like some badly-behaved apps require "scope" even though it is optional according to OAuth2. Additionally, both of these fields are not present in the IndieAuth spec (this is an error in the spec, tracked here: https://github.com/indieweb/indieauth/issues/116
* frontend: fix indieauth page crashing if no scopes requestedVika2022-09-201-1/+1
| | | | JavaScript is a hellpit i want out of it please help me
* kittybox-indieauth: fix extraneous padding in PKCE challengesVika2022-09-202-5/+25
|
* Make webauthn and openssl optionalVika2022-09-194-9/+37
|
* Add test password hasherVika2022-09-191-0/+33
|
* Small optimizations to frontend codeVika2022-09-192-27/+38
| | | | | | There is a possibility of refactoring some of the companion code to act as a generic embedded asset framework and put it in the `util` crate.
* feat: indieauth supportVika2022-09-1918-193/+2224
| | | | | | | | | | Working: - Tokens and codes - Authenticating with a password Not working: - Setting the password (need to patch onboarding) - WebAuthn (the JavaScript is too complicated)
* kittybox-indieauth: Allow converting more types to/from stringsVika2022-09-193-0/+41
| | | | | Sometimes it is needed, for example, to construct an HTML form pre-filled with the request data.
* NixOS module fixes and temporary fixes to the legacy configurationVika2022-08-131-36/+7
|
* Add a placeholder template for the authorization request pageVika2022-08-131-0/+7
|
* tokenauth: migrate tests to WiremockVika2022-08-133-651/+127
| | | | Wiremock doesn't require external C dependencies.
* fix flake not reloadingVika2022-08-071-1/+1
|
* kittybox-templates: split out MF2 rendering and get rid of log crateVika2022-07-2712-975/+513
| | | | | Kittybox now uses tracing instead of log. Why would I keep an unneccesary dependency in my Cargo.lock?
* indieauth: replace numerous placeholders in the prototypeVika2022-07-272-28/+156
| | | | | | Fetching profiles is now fully implemented. The only missing pieces are the frontend template and the persistent store for tokens and codes.
* FileStorage: save memory by taking children instead of cloningVika2022-07-231-16/+22
|
* kittybox-indieauth: fix AuthorizationRequest doctestVika2022-07-221-2/+3
|
* kittybox-indieauth: document the entire crateVika2022-07-223-23/+333
| | | | I am procrastinating very hard right now.
* kittybox-indieauth: axum helpers for responsesVika2022-07-222-13/+53
| | | | Some responses need to set Cache-Control and Pragma: no-cache headers according to RFC 6749.
* media: improve Metadata typingVika2022-07-213-14/+24
| | | | | | | | | | | | | content_type is now optional; if not specified, it will remain empty. `application/octet-stream` will be put on read in the frontend. Length is now represented as NonZeroUsize - why would you upload a zero-byte file when you can just conjure one from the void whenever you need one? This should save me a little bit of memory. Representing content_type as a typed MIME value would be the next logical step.
* media: fix small files not being saved to disk properlyVika2022-07-193-11/+46
| | | | | It turns out that BufWriter requires calling `flush()` manually and doesn't do it on `drop()`. I forgot about that.
* indieauth: Indicate refresh token grant as supportedVika2022-07-191-1/+1
|
* kittybox-indieauth: convert Error into axum::response::ResponseVika2022-07-195-22/+52
| | | | | | This requires the `axum` feature to be enabled, to prevent unwanted dependencies (e.g. in client apps or when using a different framework, since the library doesn't concern itself with I/O)
* indieauth: improve security checksVika2022-07-191-2/+29
| | | | | Client ID and the redirect URI must match those that were used to create the grant.
* Implement /.well-known/oauth-authorization-serverVika2022-07-192-24/+39
| | | | | This may help non-IndieAuth-aware clients to integrate better into the flow.
* kittybox-indieauth: improve docs and the Error typeVika2022-07-193-36/+157
| | | | | | | `kittybox_indieauth::Error` now represents errors in the IndieAuth process itself. `IndieAuthError` got renamed to `ResourceErrorKind` to reflect errors that a resource server (i.e. IndieAuth consumer) might return to a client who somehow didn't authorize themselves properly.