StarPunk

phil/StarPunk

Fork 0

Commit Graph

Author	SHA1	Message	Date
Phil Skentelbery	3b41029c75	feat: Implement secure token management for Micropub Implements token security and management as specified in ADR-029: Database Changes (BREAKING): - Add secure tokens table with SHA256 hashed storage - Add authorization_codes table for IndieAuth token exchange - Drop old insecure tokens table (invalidates existing tokens) - Update SCHEMA_SQL to match post-migration state Token Management (starpunk/tokens.py): - Generate cryptographically secure tokens - Hash tokens with SHA256 for secure storage - Create and verify access tokens - Create and exchange authorization codes - PKCE support (optional but recommended) - Scope validation (V1: only 'create' scope) - Token expiry and revocation support Testing: - Comprehensive test suite for all token operations - Test authorization code replay protection - Test PKCE validation - Test parameter validation - Test token expiry Security: - Tokens never stored in plain text - Authorization codes single-use with replay protection - Optional PKCE for enhanced security - Proper UTC datetime handling for expiry Related: - ADR-029: Micropub IndieAuth Integration Strategy - Migration 002: Secure tokens and authorization codes 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-11-24 11:52:09 -07:00
Phil Skentelbery	9a805ec316	Implement automatic database migration system Following design in ADR-020, implementation guidance, and quick reference. Phase 1: Migration System Core (starpunk/migrations.py) - Create migration runner with fresh database detection - Implement is_schema_current() heuristic for fresh DB detection - Add helper functions (table_exists, column_exists, index_exists) - Complete error handling with MigrationError exception - 315 lines of production code Phase 2: Database Integration (starpunk/database.py) - Modify init_db() to call run_migrations() - Add logger parameter handling - 5 lines changed for integration Phase 3: Comprehensive Testing (tests/test_migrations.py) - 26 tests covering all scenarios (100% pass rate) - Tests for fresh DB, legacy DB, helpers, error handling - Integration test with actual migration file - 560 lines of test code Phase 4: Version and Documentation - Bump version to 0.9.0 (MINOR increment per versioning strategy) - Update CHANGELOG.md with comprehensive v0.9.0 entry - Create implementation report documenting all details Features: - Fresh database detection prevents unnecessary migrations - Legacy database detection applies pending migrations automatically - Migration tracking table records all applied migrations - Idempotent execution safe for multiple runs - Fail-safe: app won't start if migrations fail - Container deployments now fully automatic Testing: - All 26 migration tests passing (100%) - Fresh database scenario verified (auto-skip) - Legacy database scenario verified (migrations applied) - Idempotent behavior confirmed Documentation: - Implementation report in docs/reports/ - CHANGELOG.md updated with v0.9.0 entry - All architecture decisions from ADR-020 implemented 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-11-19 16:08:33 -07:00

Author

SHA1

Message

Date

Phil Skentelbery

3b41029c75

feat: Implement secure token management for Micropub

Implements token security and management as specified in ADR-029:

Database Changes (BREAKING):
- Add secure tokens table with SHA256 hashed storage
- Add authorization_codes table for IndieAuth token exchange
- Drop old insecure tokens table (invalidates existing tokens)
- Update SCHEMA_SQL to match post-migration state

Token Management (starpunk/tokens.py):
- Generate cryptographically secure tokens
- Hash tokens with SHA256 for secure storage
- Create and verify access tokens
- Create and exchange authorization codes
- PKCE support (optional but recommended)
- Scope validation (V1: only 'create' scope)
- Token expiry and revocation support

Testing:
- Comprehensive test suite for all token operations
- Test authorization code replay protection
- Test PKCE validation
- Test parameter validation
- Test token expiry

Security:
- Tokens never stored in plain text
- Authorization codes single-use with replay protection
- Optional PKCE for enhanced security
- Proper UTC datetime handling for expiry

Related:
- ADR-029: Micropub IndieAuth Integration Strategy
- Migration 002: Secure tokens and authorization codes

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

2025-11-24 11:52:09 -07:00

Phil Skentelbery

9a805ec316

Implement automatic database migration system

Following design in ADR-020, implementation guidance, and quick reference.

Phase 1: Migration System Core (starpunk/migrations.py)
- Create migration runner with fresh database detection
- Implement is_schema_current() heuristic for fresh DB detection
- Add helper functions (table_exists, column_exists, index_exists)
- Complete error handling with MigrationError exception
- 315 lines of production code

Phase 2: Database Integration (starpunk/database.py)
- Modify init_db() to call run_migrations()
- Add logger parameter handling
- 5 lines changed for integration

Phase 3: Comprehensive Testing (tests/test_migrations.py)
- 26 tests covering all scenarios (100% pass rate)
- Tests for fresh DB, legacy DB, helpers, error handling
- Integration test with actual migration file
- 560 lines of test code

Phase 4: Version and Documentation
- Bump version to 0.9.0 (MINOR increment per versioning strategy)
- Update CHANGELOG.md with comprehensive v0.9.0 entry
- Create implementation report documenting all details

Features:
- Fresh database detection prevents unnecessary migrations
- Legacy database detection applies pending migrations automatically
- Migration tracking table records all applied migrations
- Idempotent execution safe for multiple runs
- Fail-safe: app won't start if migrations fail
- Container deployments now fully automatic

Testing:
- All 26 migration tests passing (100%)
- Fresh database scenario verified (auto-skip)
- Legacy database scenario verified (migrations applied)
- Idempotent behavior confirmed

Documentation:
- Implementation report in docs/reports/
- CHANGELOG.md updated with v0.9.0 entry
- All architecture decisions from ADR-020 implemented

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

2025-11-19 16:08:33 -07:00

2 Commits