about summary refs log tree commit diff
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
* kittybox-indieauth-helper: fix handler typesVika13 days1-16/+12
| | | | Change-Id: I991a3b935b4ae435acd852ee62a8d2893cf00950
* Harden default CSPVika14 days1-1/+1
| | | | Change-Id: I31362b3ec779a1eaea54c0d9567daa5de0ae0fc0
* Allow arbitrary HTML in Markdown post contentVika14 days1-1/+11
| | | | | | Oh, that's how it's done. Fuck. Change-Id: I40c5296ba05ddec7aa277308520017e5068e6fc9
* Vendor fonts into KittyboxVika2025-01-021-2/+2
| | | | | | | These fonts are licensed under OFL 1.1, which means I can freely redistribute them. Ain't that nice? Change-Id: Ide32286305680865652db17c8d482b5ac0f20a50
* Fix CSP and allow Google FontsVika2025-01-021-1/+1
| | | | | | I really need to figure out how to rip fonts from Google Fonts. Change-Id: I66f62ca639bf399223a1cd030d057bdcc3bc0de1
* Set a minimal CSPVika2025-01-021-0/+6
| | | | | | | | | | | - Styles and scripts can now only be loaded from Kittybox (hint: use the media endpoint if you wish to upload custom CSS) - Inline scripts are now completely prohibited (this means it's safe to show arbitrary HTML from Webmentions) - `<base>` element is prohibited (who uses that anyway?) - Loading anything else is only allowed via HTTPS Change-Id: I285a18b71dd9860416b18dd0e88f8fe7c8511e0b
* Set X-Content-Type-Options: nosniffVika2025-01-022-0/+12
| | | | | | | | This prevents browsers from guessing the Content-Type, and since we're always making sure to serve with the known-correct content type, we don't need the browser to guess. Change-Id: I02550d6763969f999ec22ec41e5539f945ea7ca4
* axum: 0.7.9 → 0.8.1Vika2025-01-019-43/+47
| | | | | | | | | | | | | Some breaking changes. For better or for worse. The optional extractor breaking change is a double-edged sword, since not all extractors can be used with `Option<T>` now, and you have to use `Result<T, T::Rejection>` even when you want to ignore an error coming from an extractor, such as `Query`. However, this allows catching errors on authorization extractors even in places where authorization is optional. Change-Id: I35f809d3adf27dbef0e7ee93dc1a7af178b7d014
* PGPASS → PGPASSWORDVika2025-01-012-19/+4
| | | | | | | | Turns out sqlx natively reads a plaintext password from this variable, otherwise from the `$PGPASSFILE`, otherwise from `$HOME/.pgpass`, so I don't need custom logic around passwords. Yay for sqlx being smart! Change-Id: I14858903ea1605469f9ea8095dc3bb056f617e85
* Partially appease clippyVika2025-01-014-8/+4
| | | | | | | Some false positives on `serde(rename)` remain, as well as lints still requiring my attention. Change-Id: I3166771af20b2d07c6226b3b1a9d15fe36152356
* Get rid of base64 and hex in favor of data_encoding crateVika2025-01-013-11/+16
| | | | | | Less dependency duplication = more fun Change-Id: Icbd0497a68fdd5bea3757e3c62c80008b87bce96
* micropub: Don't map-n-filter where we can filter_mapVika2025-01-011-2/+1
| | | | | | | | The channel iterator did its filtering of non-strings with an `unwrap_or()`, but we can safely get rid of it, since `<&'a Value>::as_str()` returns `Option<&'a str>`. Change-Id: Ie7a74247db4709e2aafd6bcd3623fab592bede81
* PostgresStorage: use query_scalar for post_existsVika2025-01-011-2/+1
| | | | | | Simplifes typing a little. Change-Id: I2a686e5c8ce09efc047d7caec687911f08eb7628
* Storage::all_posts to return all posts for ?q=source w/o filtersVika2024-12-314-0/+25
| | | | Change-Id: I5d1220b6a2abbcb460bdb13c088c3dbd7e4d9856
* kittybox-mf2: add tracingVika2024-12-301-0/+16
| | | | Change-Id: I9ed27cbf17ab65ec35ca45b36a4144296c7b6a6e
* decrease logspam from filter_post spansVika2024-12-301-1/+1
| | | | Change-Id: Ibecb139196711eb045460739435af5dbcf258024
* kittybox-util: bump to 0.3.0Vika2024-12-032-104/+101
| | | | | | | | Changed micropub::Error's description to Option<Cow<'static, str>> to allow for that sweet sweet memory savings from not having to heap-allocate strings for static errors. Change-Id: Ic82e5ad5cacea766ea0a7e8677ce6a7f16ae8668
* unauthorized -> not_authorizedVika2024-11-152-359/+1
| | | | | | whoops Change-Id: I695c77b76806165af88935c37f40386923d95220
* media endpoint: small code cleanupVika2024-11-132-8/+5
| | | | Change-Id: I10d8ffd53bd3c02d6de3ba4520ab859c18697c61
* Delete the unused login codeVika2024-10-041-333/+0
| | | | Change-Id: Ic684e5e127ff717fa6cb2f480d3bf1520e8ae93b
* Fix the current-thread runtime tests w/ sqlxVika2024-09-191-0/+3
| | | | Tracked upstream as https://github.com/launchbadge/sqlx/issues/3510
* Introduce `Storage::update_with`Vika2024-08-284-7/+54
| | | | | | | | | This function takes a closure that modifies the post. This could be useful in maintenance utilities that scan and fixup posts. For now this isn't used anywhere within Kittybox, but once all backends implement this correctly, this could replace `Storage::update_post` calls. For supporting backends, `Storage::update_post` is implemented in terms of `Storage::update_with`.
* Check validity of Micropub updatesVika2024-08-281-6/+50
| | | | | | | | In Kittybox, Micropub updates cannot modify UIDs, since UIDs are used as a primary key. Additional constraints may be added later, and perhaps I'll add a Storage method that would check backend-specific constraints.
* Make Micropub update logic self-containedVika2024-08-283-35/+42
| | | | | | This allows for a separation of concerns between database backends and Micropub, unless such backend have special requirements, like the file backend storing children of a feed in an array.
* Add Last-Modified header to post pages to help heuristic cachingVika2024-08-261-0/+22
|
* Use `Cache-Control: private` whenever the user is authorizedVika2024-08-261-18/+31
|
* Explicitly allow caching IndieAuth client metadataVika2024-08-261-2/+23
| | | | | This might save a round-trip for clients that know how to cache things. Such as Kittybox's HTTP fetcher.
* Set MSRV to 1.75, remove #[async_trait] declarations whenever possibleVika2024-08-2610-91/+78
| | | | | | | Axum still uses `async_trait`, let them do whatever they want. I will no longer be subject to the humiliation of trying to dig through lifetime errors and unreadable declarations. Also I don't fucking care about MSRV, I'm not a library. If you don't have modern Rust, get one.
* Indicate `u-uid` as `rel=canonical`Vika2024-08-261-1/+1
| | | | | | | | | | | This only displays on top-level entries, not ones in feeds. This should help search indexers know which URI is the canonical for a given link. I wonder why Google doesn't bother to parse MF2 markup. Do they think themselves monarchs of the Internet, able to show peasants their place? their search results are shitty anyway, I'd rather ask GPT-2. Yes, GPT TWO. Not even 3, 4 or 4o!
* Fix kittybox-check-webmention CLI toolVika2024-08-262-109/+8
| | | | Now it uses the same code as Kittybox itself.
* Add HTTP fetcher cacheVika2024-08-268-27/+57
| | | | | | | It just does its thing in the background, potentially speeding up things. Maybe I could also use the underlying in-memory cache implementation (Moka) to speed up my database. I heard crates.io got some good results from that.
* Appease most clippy warningsVika2024-08-2611-110/+27
| | | | | | The warnings only remain in places where I need them to remain, because I either need a reminder to implement something, or I need to refactor and simplify the code in question.
* FileStorage: appease clippy and use block_in_place for rewinding feedsVika2024-08-262-10/+15
| | | | | Using `tokio::task::block_in_place` downgrades the thread temporarily to avoid starvation.
* indieauth_metadata -> indieauth-metadataVika2024-08-241-1/+1
|
* micropub: Suppress adding to default feeds on visibility="unlisted"Vika2024-08-231-2/+30
| | | | | | If the post has no explicit channels, normally Kittybox attempts to post to a channel that makes sense for the post type. Adding `unlisted` to `visibility` now suppresses this behavior.
* Fix private posts with no defined audience not being shown in feedsVika2024-08-232-7/+10
|
* kittybox-util: 0.1.0 -> 0.2.0Vika2024-08-204-47/+46
| | | | Micropub types are now more coherent and gathered in one place.
* oopsVika2024-08-181-2/+1
|
* Better match html content-typeVika2024-08-181-1/+1
|
* kittybox-indieauth-helper: ignore TLS in debug and xdg-open the pageVika2024-08-181-1/+14
|
* Parse redirect URIs from MF2 metadataVika2024-08-181-1/+3
|
* feat: logins!!Vika2024-08-186-63/+493
| | | | | | | | yes you can finally sign in this is also supposed to show private posts intended for you! maybe i can also reveal my email to those who sign in! :3
* indieauth: Extension -> StateVika2024-08-181-10/+12
| | | | whoops
* indieauth: fix profile fetching if some properties are undeclaredVika2024-08-181-19/+23
|
* file auth backend: properly handle non-standard relative file:// urlsVika2024-08-181-4/+15
| | | | I use these in development.
* kittybox-indieauth: support OAuth2 Client MetadataVika2024-08-181-0/+1
| | | | Required for new revision of IndieAuth.
* kittybox-indieauth: separate ProfileUrl struct from GrantResponseVika2024-08-181-1/+1
| | | | Seems to be useful on its own.
* Don't verify TLS certificates when fetching things in devVika2024-08-181-0/+9
| | | | | | | When testing things, I don't test TLS verification, that's what reqwest unit tests should exist for. I test my things, and some of my things assume some form of TLS. I don't need it to be valid TLS, I need it to be TLS so I can use the `https://` links in dev.
* kittybox-indieauth-helper: small cleanupsVika2024-08-181-44/+44
| | | | | | | - Properly catch IndieAuth errors when parsing grant responses - Use the new `into_query_pairs()` method to serialize the authorization request into the authorization endpoint URL - Migrate to `axum::serve` for simplicity in serving the callback hook
* Upgrade dependencies and fix deprecated functionalityVika2024-08-029-47/+580
| | | | | | | I think I managed to not lose any functionality from my dependencies. sqlparser remains unupgraded, but that's mostly because it is only used in one example and it's not worth it to upgrade right now.
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-01-16 11:04:34 +0000