Commit graph

320 commits

Author SHA1 Message Date
9add6be8e4
Remove the pointless verify_auth_code wrapper - it's easier to do the verification work in the view anyway 2017-11-03 16:40:09 +11:00
3d5b537369
Oops, forgot to put .objects after the model to get the actual manager 2017-11-03 16:19:26 +11:00
ab810a8f94
Simplify the auth code format a little: the 'me' value can be computed from the user ID and so is redundant 2017-11-03 16:14:30 +11:00
43a56e865e
Add the current user's ID to the auth code, will be handy when making a token since we need to know who the token's for 2017-11-03 15:51:27 +11:00
40810d6310
Refactor the actual JWT calls into separate functions since I'll be needing them for tokens as well as auth codes 2017-11-03 14:37:39 +11:00
6f6bb4e534
Improve JWT security by specifying the algorithm used, and also use shorter key names to make the code a little shorter 2017-11-03 14:33:27 +11:00
6b1cd896ea
Handle IndieAuth redirect URIs that already have query parameters 2017-11-03 12:14:15 +11:00
b658bf5c79
Default to form encoding rather than JSON, since legacy clients that don't support JSON usually also don't ask for a certain format 2017-11-03 11:51:34 +11:00
92cd38cbb0
Make relative redirect URIs redirect to the right place, by urljoining them with the client ID 2017-11-03 11:28:26 +11:00
1c09be1b1c
Switch from database-persisted auth codes to stateless JSON Web Tokens :) 2017-11-02 16:36:16 +11:00
41d490ea80
Put the shortcuts for returning 40* responses into lemoncurry.utils 2017-11-02 16:16:04 +11:00
1e56d5a09a
Install django-model-utils and use it for automatic timestamp fields on entries 2017-11-02 12:59:23 +11:00
4b4ab324cc
Enable analytics in production 2017-11-01 16:18:48 +11:00
06278935b6
Add support for selecting scopes during IndieAuth's 'code' type 2017-11-01 13:27:55 +11:00
0a202a215d
Include references to the Atom and RSS feeds in the host-meta 2017-11-01 11:09:12 +11:00
387e7d859c
Smarter handling of IndieAuth code verification, including verifying the response type is correct 2017-11-01 10:56:49 +11:00
5555cdfd1e
Render the entry content to HTML when syndicating it as Atom or RSS 2017-11-01 09:32:42 +11:00
730a2bcb9d
Added support for RSS and Atom feeds, because why not 2017-11-01 09:29:59 +11:00
c34ec965a1
Improved host-meta support, with correct JRD format and more links to stuff 2017-10-31 15:42:20 +11:00
ee9992603c
1.5.2 2017-10-31 15:10:22 +11:00
5aa4eed816
Add simple /robots.txt support 2017-10-31 15:10:13 +11:00
7090db3c37
Add JSON-LD support to entries too, mostly so Google can understand the site a little better 2017-10-31 14:51:50 +11:00
371401d441
Teach users how to generate their own JSON-LD representation rather than doing it in the view code 2017-10-31 14:33:16 +11:00
a86188fcb6
Put the JSON-LD version of my user profile inside my h-card, so it's easy to access with an mf2 parser if you want it (although I dunno why you would) 2017-10-31 14:24:30 +11:00
91fc632703
Tweak the styling of entry footers 2017-10-31 14:05:34 +11:00
b053ba3c88
Order sites by domain rather than by name 2017-10-31 13:57:55 +11:00
8a9f41759e
Add a field site.domain, so that profiles can be labeled as username@domain, WebFinger style 2017-10-31 13:47:47 +11:00
76305543fa
Just glue the netloc and path together rather than using urlunparse - it doesn't need to be a valid URL, just a nice-looking one 2017-10-30 15:02:49 +11:00
71295e30f0
1.5.1 2017-10-30 14:59:18 +11:00
52106f1d3f
Make shortlinks discoverable by displaying them on each entry, with extraneous bits trimmed out 2017-10-30 14:59:02 +11:00
65ff5f947a
Set the short base URL to my new short domain 2017-10-30 14:25:40 +11:00
93e3fa5412
Add a Forwardfile for development 2017-10-30 13:31:27 +11:00
e0dfdafdc0
Delegate OpenID authentication to IndieAuth - OpenID is barely used nowadays but this is such a tiny change I might as well do it 2017-10-30 11:46:38 +11:00
3f4c5bbc11
Replace use of abandoned rev="canonical" with rel="shortlink" 2017-10-30 10:03:08 +11:00
bfa7f68edc
Make POST /indie/auth return a 403 if parameters are missing, rather than a 500 2017-10-30 08:27:19 +11:00
d87d49e67b
Default the Accept header to */* if there isn't one provided 2017-10-30 08:24:36 +11:00
e8214b45ef
Use an absolute URI for the IndieAuth authorisation endpoint - many IndieAuth clients don't resolve the relative URI correctly 2017-10-30 08:08:11 +11:00
75ed4503c8
Make some little quality-of-life improvements to the Django admin for my models 2017-10-29 22:44:11 +11:00
63b0ec45e9
Keep images in entry content inside the card, oops 2017-10-29 19:39:31 +11:00
53b7b86515
Whoops, allow images in bleached content 2017-10-29 19:35:57 +11:00
e5d3af1b51
Make redirect_uri verification optional because many IndieAuth clients don't implement it - show a stylish icon to convey whether the client was verified 2017-10-29 19:15:29 +11:00
3c95eeeefb
Insist on Python 3.6, since the 'secrets' module for making secure tokens isn't available in 3.5 2017-10-29 17:13:28 +11:00
486eec2448
1.5.0 2017-10-29 17:08:43 +11:00
360063845e
Make the IndieAuth authorisation endpoint discoverable :o 2017-10-29 17:08:36 +11:00
acce72e90e
Implement the auth-code verification step, producing a complete IndieAuth implementation for 'id' type (nothing for 'code' type yet tho) 2017-10-29 17:07:36 +11:00
8b4a14ffa3
On approving an IndieAuth request, actually generate an auth code and redirect 2017-10-29 16:16:27 +11:00
221d548e4a
Give better 'me' normalisation to IndieAuth processing + Aadd a simple POST route for actually submitting the form 2017-10-29 14:39:30 +11:00
6bdcce1844
1.4.5 2017-10-29 13:08:30 +11:00
54bed15585
In production, move the static and media directories out of the app directory (which puts them in the lemoncurry user's home dir) 2017-10-29 13:07:28 +11:00
7027c74035
Install django-shorturls to generate simple shortpermalinks for entries :3 2017-10-29 12:56:30 +11:00