StarPunk

phil/StarPunk

Fork 0

Commit Graph

Author	SHA1	Message	Date
Phil Skentelbery	80bd51e4c1	fix: Implement IndieAuth endpoint discovery (v1.0.0-rc.5) CRITICAL: Fix hardcoded IndieAuth endpoint configuration that violated the W3C IndieAuth specification. Endpoints are now discovered dynamically from the user's profile URL as required by the spec. This combines two critical fixes for v1.0.0-rc.5: 1. Migration race condition fix (previously committed) 2. IndieAuth endpoint discovery (this commit) ## What Changed ### Endpoint Discovery Implementation - Completely rewrote starpunk/auth_external.py with full endpoint discovery - Implements W3C IndieAuth specification Section 4.2 (Discovery by Clients) - Supports HTTP Link headers and HTML link elements for discovery - Always discovers from ADMIN_ME (single-user V1 assumption) - Endpoint caching (1 hour TTL) for performance - Token verification caching (5 minutes TTL) - Graceful fallback to expired cache on network failures ### Breaking Changes - REMOVED: TOKEN_ENDPOINT configuration variable - Endpoints now discovered automatically from ADMIN_ME profile - ADMIN_ME profile must include IndieAuth link elements or headers - Deprecation warning shown if TOKEN_ENDPOINT still in environment ### Added - New dependency: beautifulsoup4>=4.12.0 for HTML parsing - HTTP Link header parsing (RFC 8288 basic support) - HTML link element extraction with BeautifulSoup4 - Relative URL resolution against profile URL - HTTPS enforcement in production (HTTP allowed in debug mode) - Comprehensive error handling with clear messages - 35 new tests covering all discovery scenarios ### Security - Token hashing (SHA-256) for secure caching - HTTPS required in production, localhost only in debug mode - URL validation prevents injection - Fail closed on security errors - Single-user validation (token must belong to ADMIN_ME) ### Performance - Cold cache: ~700ms (first request per hour) - Warm cache: ~2ms (subsequent requests) - Grace period maintains service during network issues ## Testing - 536 tests passing (excluding timing-sensitive migration tests) - 35 new endpoint discovery tests (all passing) - Zero regressions in existing functionality ## Documentation - Updated CHANGELOG.md with comprehensive v1.0.0-rc.5 entry - Implementation report: docs/reports/2025-11-24-v1.0.0-rc.5-implementation.md - Migration guide: docs/migration/fix-hardcoded-endpoints.md (architect) - ADR-031: Endpoint Discovery Implementation Details (architect) ## Migration Required 1. Ensure ADMIN_ME profile has IndieAuth link elements 2. Remove TOKEN_ENDPOINT from .env file 3. Restart StarPunk - endpoints discovered automatically Following: - ADR-031: Endpoint Discovery Implementation Details - docs/architecture/endpoint-discovery-answers.md (architect Q&A) - docs/architecture/indieauth-endpoint-discovery.md (architect guide) - W3C IndieAuth Specification Section 4.2 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-11-24 19:41:39 -07:00
Phil Skentelbery	a3bac86647	feat: Complete IndieAuth server removal (Phases 2-4) Completed all remaining phases of ADR-030 IndieAuth provider removal. StarPunk no longer acts as an authorization server - all IndieAuth operations delegated to external providers. Phase 2 - Remove Token Issuance: - Deleted /auth/token endpoint - Removed token_endpoint() function from routes/auth.py - Deleted tests/test_routes_token.py Phase 3 - Remove Token Storage: - Deleted starpunk/tokens.py module entirely - Created migration 004 to drop tokens and authorization_codes tables - Deleted tests/test_tokens.py - Removed all internal token CRUD operations Phase 4 - External Token Verification: - Created starpunk/auth_external.py module - Implemented verify_external_token() for external IndieAuth providers - Updated Micropub endpoint to use external verification - Added TOKEN_ENDPOINT configuration - Updated all Micropub tests to mock external verification - HTTP timeout protection (5s) for external requests Additional Changes: - Created migration 003 to remove code_verifier from auth_state - Fixed 5 migration tests that referenced obsolete code_verifier column - Updated 11 Micropub tests for external verification - Fixed test fixture and app context issues - All 501 tests passing Breaking Changes: - Micropub clients must use external IndieAuth providers - TOKEN_ENDPOINT configuration now required - Existing internal tokens invalid (tables dropped) Migration Impact: - Simpler codebase: -500 lines of code - Fewer database tables: -2 tables (tokens, authorization_codes) - More secure: External providers handle token security - More maintainable: Less authentication code to maintain Standards Compliance: - W3C IndieAuth specification - OAuth 2.0 Bearer token authentication - IndieWeb principle: delegate to external services Related: - ADR-030: IndieAuth Provider Removal Strategy - ADR-050: Remove Custom IndieAuth Server - Migration 003: Remove code_verifier from auth_state - Migration 004: Drop tokens and authorization_codes tables 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-11-24 17:23:46 -07:00

Author

SHA1

Message

Date

Phil Skentelbery

80bd51e4c1

fix: Implement IndieAuth endpoint discovery (v1.0.0-rc.5)

CRITICAL: Fix hardcoded IndieAuth endpoint configuration that violated
the W3C IndieAuth specification. Endpoints are now discovered dynamically
from the user's profile URL as required by the spec.

This combines two critical fixes for v1.0.0-rc.5:
1. Migration race condition fix (previously committed)
2. IndieAuth endpoint discovery (this commit)

## What Changed

### Endpoint Discovery Implementation
- Completely rewrote starpunk/auth_external.py with full endpoint discovery
- Implements W3C IndieAuth specification Section 4.2 (Discovery by Clients)
- Supports HTTP Link headers and HTML link elements for discovery
- Always discovers from ADMIN_ME (single-user V1 assumption)
- Endpoint caching (1 hour TTL) for performance
- Token verification caching (5 minutes TTL)
- Graceful fallback to expired cache on network failures

### Breaking Changes
- REMOVED: TOKEN_ENDPOINT configuration variable
- Endpoints now discovered automatically from ADMIN_ME profile
- ADMIN_ME profile must include IndieAuth link elements or headers
- Deprecation warning shown if TOKEN_ENDPOINT still in environment

### Added
- New dependency: beautifulsoup4>=4.12.0 for HTML parsing
- HTTP Link header parsing (RFC 8288 basic support)
- HTML link element extraction with BeautifulSoup4
- Relative URL resolution against profile URL
- HTTPS enforcement in production (HTTP allowed in debug mode)
- Comprehensive error handling with clear messages
- 35 new tests covering all discovery scenarios

### Security
- Token hashing (SHA-256) for secure caching
- HTTPS required in production, localhost only in debug mode
- URL validation prevents injection
- Fail closed on security errors
- Single-user validation (token must belong to ADMIN_ME)

### Performance
- Cold cache: ~700ms (first request per hour)
- Warm cache: ~2ms (subsequent requests)
- Grace period maintains service during network issues

## Testing
- 536 tests passing (excluding timing-sensitive migration tests)
- 35 new endpoint discovery tests (all passing)
- Zero regressions in existing functionality

## Documentation
- Updated CHANGELOG.md with comprehensive v1.0.0-rc.5 entry
- Implementation report: docs/reports/2025-11-24-v1.0.0-rc.5-implementation.md
- Migration guide: docs/migration/fix-hardcoded-endpoints.md (architect)
- ADR-031: Endpoint Discovery Implementation Details (architect)

## Migration Required
1. Ensure ADMIN_ME profile has IndieAuth link elements
2. Remove TOKEN_ENDPOINT from .env file
3. Restart StarPunk - endpoints discovered automatically

Following:
- ADR-031: Endpoint Discovery Implementation Details
- docs/architecture/endpoint-discovery-answers.md (architect Q&A)
- docs/architecture/indieauth-endpoint-discovery.md (architect guide)
- W3C IndieAuth Specification Section 4.2

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

2025-11-24 19:41:39 -07:00

Phil Skentelbery

a3bac86647

feat: Complete IndieAuth server removal (Phases 2-4)

Completed all remaining phases of ADR-030 IndieAuth provider removal.
StarPunk no longer acts as an authorization server - all IndieAuth
operations delegated to external providers.

Phase 2 - Remove Token Issuance:
- Deleted /auth/token endpoint
- Removed token_endpoint() function from routes/auth.py
- Deleted tests/test_routes_token.py

Phase 3 - Remove Token Storage:
- Deleted starpunk/tokens.py module entirely
- Created migration 004 to drop tokens and authorization_codes tables
- Deleted tests/test_tokens.py
- Removed all internal token CRUD operations

Phase 4 - External Token Verification:
- Created starpunk/auth_external.py module
- Implemented verify_external_token() for external IndieAuth providers
- Updated Micropub endpoint to use external verification
- Added TOKEN_ENDPOINT configuration
- Updated all Micropub tests to mock external verification
- HTTP timeout protection (5s) for external requests

Additional Changes:
- Created migration 003 to remove code_verifier from auth_state
- Fixed 5 migration tests that referenced obsolete code_verifier column
- Updated 11 Micropub tests for external verification
- Fixed test fixture and app context issues
- All 501 tests passing

Breaking Changes:
- Micropub clients must use external IndieAuth providers
- TOKEN_ENDPOINT configuration now required
- Existing internal tokens invalid (tables dropped)

Migration Impact:
- Simpler codebase: -500 lines of code
- Fewer database tables: -2 tables (tokens, authorization_codes)
- More secure: External providers handle token security
- More maintainable: Less authentication code to maintain

Standards Compliance:
- W3C IndieAuth specification
- OAuth 2.0 Bearer token authentication
- IndieWeb principle: delegate to external services

Related:
- ADR-030: IndieAuth Provider Removal Strategy
- ADR-050: Remove Custom IndieAuth Server
- Migration 003: Remove code_verifier from auth_state
- Migration 004: Drop tokens and authorization_codes tables

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

2025-11-24 17:23:46 -07:00

2 Commits