d420269bc0
feat: add RSS feed endpoint and configuration
...
Implements /feed.xml route with caching and ETag support.
Features:
- GET /feed.xml returns RSS 2.0 feed of published notes
- Server-side caching (5 minutes default, configurable)
- ETag generation for conditional requests
- Cache-Control headers for client-side caching
- Configurable feed item limit (50 default)
Configuration:
- FEED_MAX_ITEMS: Maximum items in feed (default: 50)
- FEED_CACHE_SECONDS: Cache duration in seconds (default: 300)
Related: docs/decisions/ADR-014-rss-feed-implementation.md
2025-11-19 08:42:32 -07:00
856148209a
feat: add RSS feed generation module
...
Implements RSS 2.0 feed generation using feedgen library.
Features:
- generate_feed() creates standards-compliant RSS 2.0 XML
- RFC-822 date formatting for pubDate elements
- Title extraction from note content (first line or timestamp)
- CDATA safety for HTML content
- Configurable feed item limits
Follows ADR-014 RSS implementation strategy.
Related: docs/decisions/ADR-014-rss-feed-implementation.md
2025-11-19 08:40:46 -07:00
b02df151a1
chore: bump version to 0.6.0 for Phase 5
...
Phase 5 adds RSS feed generation and production containerization.
This is a minor version bump per semantic versioning.
Related: docs/decisions/ADR-015-phase-5-implementation-approach.md
2025-11-19 08:39:29 -07:00
0664d510a6
Merge branch 'feature/phase-4-web-interface'
2025-11-18 23:02:17 -07:00
0cca8169ce
feat: Implement Phase 4 Web Interface with bugfixes (v0.5.2)
...
## Phase 4: Web Interface Implementation
Implemented complete web interface with public and admin routes,
templates, CSS, and development authentication.
### Core Features
**Public Routes**:
- Homepage with recent published notes
- Note permalinks with microformats2
- Server-side rendering (Jinja2)
**Admin Routes**:
- Login via IndieLogin
- Dashboard with note management
- Create, edit, delete notes
- Protected with @require_auth decorator
**Development Authentication**:
- Dev login bypass for local testing (DEV_MODE only)
- Security safeguards per ADR-011
- Returns 404 when disabled
**Templates & Frontend**:
- Base layouts (public + admin)
- 8 HTML templates with microformats2
- Custom responsive CSS (114 lines)
- Error pages (404, 500)
### Bugfixes (v0.5.1 → v0.5.2)
1. **Cookie collision fix (v0.5.1)**:
- Renamed auth cookie from "session" to "starpunk_session"
- Fixed redirect loop between dev login and admin dashboard
- Flask's session cookie no longer conflicts with auth
2. **HTTP 404 error handling (v0.5.1)**:
- Update route now returns 404 for nonexistent notes
- Delete route now returns 404 for nonexistent notes
- Follows ADR-012 HTTP Error Handling Policy
- Pattern consistency across all admin routes
3. **Note model enhancement (v0.5.2)**:
- Exposed deleted_at field from database schema
- Enables soft deletion verification in tests
- Follows ADR-013 transparency principle
### Architecture
**New ADRs**:
- ADR-011: Development Authentication Mechanism
- ADR-012: HTTP Error Handling Policy
- ADR-013: Expose deleted_at Field in Note Model
**Standards Compliance**:
- Uses uv for Python environment
- Black formatted, Flake8 clean
- Follows git branching strategy
- Version incremented per versioning strategy
### Test Results
- 405/406 tests passing (99.75%)
- 87% code coverage
- All security tests passing
- Manual testing confirmed working
### Documentation
- Complete implementation reports in docs/reports/
- Architecture reviews in docs/reviews/
- Design documents in docs/design/
- CHANGELOG updated for v0.5.2
### Files Changed
**New Modules**:
- starpunk/dev_auth.py
- starpunk/routes/ (public, admin, auth, dev_auth)
**Templates**: 10 files (base, pages, admin, errors)
**Static**: CSS and optional JavaScript
**Tests**: 4 test files for routes and templates
**Docs**: 20+ architectural and implementation documents
🤖 Generated with [Claude Code](https://claude.com/claude-code )
Co-Authored-By: Claude <noreply@anthropic.com >
2025-11-18 23:01:53 -07:00
575a02186b
Merge branch 'feature/phase-3-authentication'
2025-11-18 20:41:35 -07:00
d4f1bfb198
feat: Implement Phase 3 authentication module with IndieLogin support
...
Implement complete authentication system following ADR-010 and Phase 3 design specs.
This is a MINOR version increment (0.3.0 -> 0.4.0) as it adds new functionality.
Authentication Features:
- IndieLogin authentication flow via indielogin.com
- Secure session management with SHA-256 token hashing
- CSRF protection with single-use state tokens
- Session lifecycle (create, verify, destroy)
- require_auth decorator for protected routes
- Automatic cleanup of expired sessions
- IP address and user agent tracking
Security Measures:
- Cryptographically secure token generation (secrets module)
- Token hashing for storage (never plaintext)
- SQL injection prevention (prepared statements)
- Single-use CSRF state tokens
- 30-day session expiry with activity refresh
- Comprehensive security logging
Implementation Details:
- starpunk/auth.py: 406 lines, 6 core functions, 4 helpers, 4 exceptions
- tests/test_auth.py: 648 lines, 37 tests, 96% coverage
- Database schema updates for sessions and auth_state tables
- URL validation utility added to utils.py
Test Coverage:
- 37 authentication tests
- 96% code coverage (exceeds 90% target)
- All security features tested
- Edge cases and error paths covered
Documentation:
- Implementation report in docs/reports/
- Updated CHANGELOG.md with detailed changes
- Version incremented to 0.4.0
- ADR-010 and Phase 3 design docs included
Follows project standards:
- Black code formatting (88 char lines)
- Flake8 linting (no errors)
- Python coding standards
- Type hints on all functions
- Comprehensive docstrings
🤖 Generated with [Claude Code](https://claude.com/claude-code )
Co-Authored-By: Claude <noreply@anthropic.com >
2025-11-18 20:35:36 -07:00
a68fd570c7
that initial commit
2025-11-18 19:21:31 -07:00
