docs: Address Micropub design issues and clarify V1 scope
- Create ADR-029 for IndieAuth/Micropub integration strategy - Address all critical issues from developer review: - Add missing 'me' parameter to token endpoint - Clarify PKCE as optional extension - Define token security migration strategy - Add authorization_codes table schema - Define property mapping rules - Clarify two authentication flows - Simplify V1 scope per user decision: - Remove update/delete operations from V1 - Focus on create-only functionality - Reduce timeline from 8-10 to 6-8 days - Update project plan with post-V1 roadmap: - Phase 11: Update/delete operations (V1.1) - Phase 12: Media endpoint (V1.2) - Phase 13: Advanced IndieWeb features (V2.0) - Phase 14: Enhanced features (V2.0+) - Create token security migration documentation - Update ADR-028 for consistency with simplified scope BREAKING CHANGE: Token migration will invalidate all existing tokens for security
This commit is contained in:
@@ -1278,6 +1278,122 @@ Final steps before V1 release.
|
||||
|
||||
---
|
||||
|
||||
## Post-V1 Roadmap
|
||||
|
||||
### Phase 11: Micropub Extended Operations (V1.1)
|
||||
|
||||
**Priority**: HIGH for V1.1 release
|
||||
**Estimated Effort**: 4-6 hours
|
||||
**Dependencies**: Phase 6 (Micropub Core) must be complete
|
||||
|
||||
#### 11.1 Update Operations
|
||||
- [ ] Implement `action=update` handler in `/micropub`
|
||||
- Support replace operations (replace entire property)
|
||||
- Support add operations (append to array properties)
|
||||
- Support delete operations (remove from array properties)
|
||||
- Map Micropub properties to StarPunk note fields
|
||||
- Validate URL belongs to this StarPunk instance
|
||||
- **Acceptance Criteria**: Can update posts via Micropub clients
|
||||
|
||||
#### 11.2 Delete Operations
|
||||
- [ ] Implement `action=delete` handler in `/micropub`
|
||||
- Soft delete implementation (set deleted_at timestamp)
|
||||
- URL validation and slug extraction
|
||||
- Authorization check (delete scope required)
|
||||
- Proper 204 No Content response
|
||||
- **Acceptance Criteria**: Can delete posts via Micropub clients
|
||||
|
||||
#### 11.3 Extended Scopes
|
||||
- [ ] Add "update" and "delete" to SUPPORTED_SCOPES
|
||||
- [ ] Update authorization form to display requested scopes
|
||||
- [ ] Implement scope-specific permission checks
|
||||
- [ ] Update token endpoint to validate extended scopes
|
||||
- [ ] **Acceptance Criteria**: Fine-grained permission control
|
||||
|
||||
### Phase 12: Media Endpoint (V1.2)
|
||||
|
||||
**Priority**: MEDIUM for V1.2 release
|
||||
**Estimated Effort**: 6-8 hours
|
||||
**Dependencies**: Micropub core functionality
|
||||
|
||||
#### 12.1 Media Upload Endpoint
|
||||
- [ ] Create `/micropub/media` endpoint
|
||||
- [ ] Handle multipart/form-data file uploads
|
||||
- [ ] Store files in `/data/media/YYYY/MM/` structure
|
||||
- [ ] Generate unique filenames to prevent collisions
|
||||
- [ ] Image optimization (resize, compress)
|
||||
- [ ] Return 201 Created with Location header
|
||||
- [ ] **Acceptance Criteria**: Can upload images via Micropub clients
|
||||
|
||||
#### 12.2 Media in Posts
|
||||
- [ ] Support photo property in Micropub create/update
|
||||
- [ ] Embed images in Markdown content
|
||||
- [ ] Update templates to display images properly
|
||||
- [ ] Add media-endpoint to Micropub config query
|
||||
- [ ] **Acceptance Criteria**: Posts can include images
|
||||
|
||||
### Phase 13: Advanced IndieWeb Features (V2.0)
|
||||
|
||||
**Priority**: LOW - Future enhancement
|
||||
**Estimated Effort**: 10-15 hours per feature
|
||||
**Dependencies**: All V1.x features complete
|
||||
|
||||
#### 13.1 Webmentions
|
||||
- [ ] Receive webmentions at `/webmention` endpoint
|
||||
- [ ] Verify source links to target
|
||||
- [ ] Extract microformats from source
|
||||
- [ ] Store webmentions in database
|
||||
- [ ] Display webmentions on posts
|
||||
- [ ] Send webmentions on publish
|
||||
- [ ] Moderation interface in admin
|
||||
|
||||
#### 13.2 Syndication (POSSE)
|
||||
- [ ] Add syndication targets configuration
|
||||
- [ ] Support mp-syndicate-to in Micropub
|
||||
- [ ] Implement Mastodon syndication
|
||||
- [ ] Implement Twitter/X syndication (if API available)
|
||||
- [ ] Store syndication URLs in post metadata
|
||||
- [ ] Display syndication links on posts
|
||||
|
||||
#### 13.3 IndieAuth Server
|
||||
- [ ] Implement full authorization server
|
||||
- [ ] Allow StarPunk to be identity provider
|
||||
- [ ] Profile URL verification
|
||||
- [ ] Client registration/discovery
|
||||
- [ ] Token introspection endpoint
|
||||
- [ ] Token revocation endpoint
|
||||
- [ ] Refresh tokens support
|
||||
|
||||
### Phase 14: Enhanced Features (V2.0+)
|
||||
|
||||
**Priority**: LOW - Long-term vision
|
||||
**Estimated Effort**: Variable
|
||||
|
||||
#### 14.1 Multiple Post Types
|
||||
- [ ] Articles (long-form with title)
|
||||
- [ ] Replies (in-reply-to support)
|
||||
- [ ] Likes (like-of property)
|
||||
- [ ] Bookmarks (bookmark-of property)
|
||||
- [ ] Events (h-event microformat)
|
||||
- [ ] Check-ins (location data)
|
||||
|
||||
#### 14.2 Multi-User Support
|
||||
- [ ] User registration system
|
||||
- [ ] Per-user permissions and roles
|
||||
- [ ] Separate author feeds (/author/username)
|
||||
- [ ] Multi-author Micropub (me verification)
|
||||
- [ ] User profile pages
|
||||
|
||||
#### 14.3 Advanced UI Features
|
||||
- [ ] WYSIWYG Markdown editor
|
||||
- [ ] Draft/schedule posts
|
||||
- [ ] Batch operations interface
|
||||
- [ ] Analytics dashboard
|
||||
- [ ] Theme customization
|
||||
- [ ] Plugin system
|
||||
|
||||
---
|
||||
|
||||
## Summary Checklist
|
||||
|
||||
### Core Features (Must Have)
|
||||
|
||||
Reference in New Issue
Block a user