StarPunk

phil/StarPunk

Fork 0

Commit Graph

Author	SHA1	Message	Date
Phil Skentelbery	c64feaea23	feat: v1.4.0 Phase 3 - Micropub Media Endpoint Implement W3C Micropub media endpoint for external client uploads. Changes: - Add POST /micropub/media endpoint in routes/micropub.py - Accept multipart/form-data with 'file' field - Require bearer token with 'create' scope - Return 201 Created with Location header - Validate, optimize, and generate variants via save_media() - Update q=config response to advertise media-endpoint - Include media-endpoint URL in config response - Add 'photo' post-type to supported types - Add photo property support to Micropub create - extract_photos() function to parse photo property - Handles both simple URL strings and structured objects with alt text - _attach_photos_to_note() function to attach photos by URL - Only attach photos from our server (by URL match) - External URLs logged but ignored (no download) - Maximum 4 photos per note (per ADR-057) - SITE_URL normalization pattern - Use .rstrip('/') for consistent URL comparison - Applied in media endpoint and photo attachment Per design document: docs/design/v1.4.0/media-implementation-design.md 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-12-10 18:32:21 -07:00
Phil Skentelbery	a3bac86647	feat: Complete IndieAuth server removal (Phases 2-4) Completed all remaining phases of ADR-030 IndieAuth provider removal. StarPunk no longer acts as an authorization server - all IndieAuth operations delegated to external providers. Phase 2 - Remove Token Issuance: - Deleted /auth/token endpoint - Removed token_endpoint() function from routes/auth.py - Deleted tests/test_routes_token.py Phase 3 - Remove Token Storage: - Deleted starpunk/tokens.py module entirely - Created migration 004 to drop tokens and authorization_codes tables - Deleted tests/test_tokens.py - Removed all internal token CRUD operations Phase 4 - External Token Verification: - Created starpunk/auth_external.py module - Implemented verify_external_token() for external IndieAuth providers - Updated Micropub endpoint to use external verification - Added TOKEN_ENDPOINT configuration - Updated all Micropub tests to mock external verification - HTTP timeout protection (5s) for external requests Additional Changes: - Created migration 003 to remove code_verifier from auth_state - Fixed 5 migration tests that referenced obsolete code_verifier column - Updated 11 Micropub tests for external verification - Fixed test fixture and app context issues - All 501 tests passing Breaking Changes: - Micropub clients must use external IndieAuth providers - TOKEN_ENDPOINT configuration now required - Existing internal tokens invalid (tables dropped) Migration Impact: - Simpler codebase: -500 lines of code - Fewer database tables: -2 tables (tokens, authorization_codes) - More secure: External providers handle token security - More maintainable: Less authentication code to maintain Standards Compliance: - W3C IndieAuth specification - OAuth 2.0 Bearer token authentication - IndieWeb principle: delegate to external services Related: - ADR-030: IndieAuth Provider Removal Strategy - ADR-050: Remove Custom IndieAuth Server - Migration 003: Remove code_verifier from auth_state - Migration 004: Drop tokens and authorization_codes tables 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-11-24 17:23:46 -07:00
Phil Skentelbery	d8828fb6c6	feat: Implement Micropub endpoint for creating posts (Phase 3) Following design in /docs/design/micropub-endpoint-design.md and /docs/decisions/ADR-028-micropub-implementation.md Micropub Module (starpunk/micropub.py): - Property normalization for form-encoded and JSON requests - Content/title/tags extraction from Micropub properties - Bearer token extraction from Authorization header or form - Create action handler integrating with notes.py CRUD - Query endpoints (config, source, syndicate-to) - OAuth 2.0 compliant error responses Micropub Route (starpunk/routes/micropub.py): - Main /micropub endpoint handling GET and POST - Bearer token authentication and validation - Content-type handling (form-encoded and JSON) - Action routing (create supported, update/delete return V1 error) - Comprehensive error handling Integration: - Registered micropub blueprint in routes/__init__.py - Maps Micropub properties to StarPunk note format - Returns 201 Created with Location header per spec - V1 limitations clearly documented (no update/delete) All 23 Phase 3 tests pass Total: 77 tests pass (21 Phase 1 + 33 Phase 2 + 23 Phase 3) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-11-24 12:33:39 -07:00

Author

SHA1

Message

Date

Phil Skentelbery

c64feaea23

feat: v1.4.0 Phase 3 - Micropub Media Endpoint

Implement W3C Micropub media endpoint for external client uploads.

Changes:
- Add POST /micropub/media endpoint in routes/micropub.py
  - Accept multipart/form-data with 'file' field
  - Require bearer token with 'create' scope
  - Return 201 Created with Location header
  - Validate, optimize, and generate variants via save_media()

- Update q=config response to advertise media-endpoint
  - Include media-endpoint URL in config response
  - Add 'photo' post-type to supported types

- Add photo property support to Micropub create
  - extract_photos() function to parse photo property
  - Handles both simple URL strings and structured objects with alt text
  - _attach_photos_to_note() function to attach photos by URL
  - Only attach photos from our server (by URL match)
  - External URLs logged but ignored (no download)
  - Maximum 4 photos per note (per ADR-057)

- SITE_URL normalization pattern
  - Use .rstrip('/') for consistent URL comparison
  - Applied in media endpoint and photo attachment

Per design document: docs/design/v1.4.0/media-implementation-design.md

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

2025-12-10 18:32:21 -07:00

Phil Skentelbery

a3bac86647

feat: Complete IndieAuth server removal (Phases 2-4)

Completed all remaining phases of ADR-030 IndieAuth provider removal.
StarPunk no longer acts as an authorization server - all IndieAuth
operations delegated to external providers.

Phase 2 - Remove Token Issuance:
- Deleted /auth/token endpoint
- Removed token_endpoint() function from routes/auth.py
- Deleted tests/test_routes_token.py

Phase 3 - Remove Token Storage:
- Deleted starpunk/tokens.py module entirely
- Created migration 004 to drop tokens and authorization_codes tables
- Deleted tests/test_tokens.py
- Removed all internal token CRUD operations

Phase 4 - External Token Verification:
- Created starpunk/auth_external.py module
- Implemented verify_external_token() for external IndieAuth providers
- Updated Micropub endpoint to use external verification
- Added TOKEN_ENDPOINT configuration
- Updated all Micropub tests to mock external verification
- HTTP timeout protection (5s) for external requests

Additional Changes:
- Created migration 003 to remove code_verifier from auth_state
- Fixed 5 migration tests that referenced obsolete code_verifier column
- Updated 11 Micropub tests for external verification
- Fixed test fixture and app context issues
- All 501 tests passing

Breaking Changes:
- Micropub clients must use external IndieAuth providers
- TOKEN_ENDPOINT configuration now required
- Existing internal tokens invalid (tables dropped)

Migration Impact:
- Simpler codebase: -500 lines of code
- Fewer database tables: -2 tables (tokens, authorization_codes)
- More secure: External providers handle token security
- More maintainable: Less authentication code to maintain

Standards Compliance:
- W3C IndieAuth specification
- OAuth 2.0 Bearer token authentication
- IndieWeb principle: delegate to external services

Related:
- ADR-030: IndieAuth Provider Removal Strategy
- ADR-050: Remove Custom IndieAuth Server
- Migration 003: Remove code_verifier from auth_state
- Migration 004: Drop tokens and authorization_codes tables

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

2025-11-24 17:23:46 -07:00

Phil Skentelbery

d8828fb6c6

feat: Implement Micropub endpoint for creating posts (Phase 3)

Following design in /docs/design/micropub-endpoint-design.md and
/docs/decisions/ADR-028-micropub-implementation.md

Micropub Module (starpunk/micropub.py):
- Property normalization for form-encoded and JSON requests
- Content/title/tags extraction from Micropub properties
- Bearer token extraction from Authorization header or form
- Create action handler integrating with notes.py CRUD
- Query endpoints (config, source, syndicate-to)
- OAuth 2.0 compliant error responses

Micropub Route (starpunk/routes/micropub.py):
- Main /micropub endpoint handling GET and POST
- Bearer token authentication and validation
- Content-type handling (form-encoded and JSON)
- Action routing (create supported, update/delete return V1 error)
- Comprehensive error handling

Integration:
- Registered micropub blueprint in routes/__init__.py
- Maps Micropub properties to StarPunk note format
- Returns 201 Created with Location header per spec
- V1 limitations clearly documented (no update/delete)

All 23 Phase 3 tests pass
Total: 77 tests pass (21 Phase 1 + 33 Phase 2 + 23 Phase 3)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

2025-11-24 12:33:39 -07:00

3 Commits