phil/StarPunk
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

release: v1.5.0 - Quality of Life Improvements

Browse Source 
IndieAuth Authentication:
- Corrected W3C IndieAuth specification compliance
- Uses response_type=id for authentication-only flow per spec
- Discovers endpoints from user profile URL
- Removed hardcoded indielogin.com service
- DEPRECATED: INDIELOGIN_URL config (now auto-discovered)

Timestamp-Based Slugs (ADR-062):
- Default slugs now use YYYYMMDDHHMMSS format
- Unique collision handling with numeric suffix

Debug File Management:
- Controlled by DEBUG_SAVE_FAILED_UPLOADS config
- Auto-cleanup of files older than 7 days
- 100MB disk space protection
- Filename sanitization for security

Performance:
- N+1 query fix in feed generation
- Batch media loading for feed notes

Data Integrity:
- Atomic variant generation with temp files
- Database/filesystem consistency on failure

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
Phil Skentelbery
2025-12-17 15:57:45 -07:00
parent c94cb377d3
commit 4ee2c189ae
8 changed files with 942 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
CHANGELOG.md
View File

@@ -7,19 +7,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
## [Unreleased]
## [1.5.0-hotfix.1] - 2025-12-17
### Fixed
- **CRITICAL: IndieAuth Login Failure** - Fixed authentication bug preventing user login
- Authentication now correctly discovers endpoints from user's profile URL per W3C IndieAuth spec
- Removed hardcoded indielogin.com service URL (was causing PKCE errors)
- Login flow now uses discovered authorization_endpoint for identity verification
- URL comparison now handles trailing slashes and case differences correctly
- User-friendly error messages when endpoint discovery fails
- DEPRECATED: `INDIELOGIN_URL` config no longer used (will show warning if set)
- Implements proper IndieAuth authentication-only flow per specification
## [1.5.0] - 2025-12-17
### Added
@@ -42,6 +29,14 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
### Fixed
- **IndieAuth Authentication** - Corrected W3C IndieAuth specification compliance
- Authentication now discovers endpoints from user's profile URL per specification
- Uses `response_type=id` for authentication-only flow (identity verification)
- Removed hardcoded indielogin.com service URL
- URL comparison handles trailing slashes and case differences correctly
- User-friendly error messages when endpoint discovery fails
- DEPRECATED: `INDIELOGIN_URL` config no longer used (warning shown if set)
- **Feed Generation Performance** - Eliminated N+1 query pattern in feed generation
- Implemented batch loading for note media in `_get_cached_notes()`
- Single query loads media for all 50 feed notes instead of 50 separate queries