Phil Skentelbery
0cca8169ce
## Phase 4: Web Interface Implementation Implemented complete web interface with public and admin routes, templates, CSS, and development authentication. ### Core Features **Public Routes**: - Homepage with recent published notes - Note permalinks with microformats2 - Server-side rendering (Jinja2) **Admin Routes**: - Login via IndieLogin - Dashboard with note management - Create, edit, delete notes - Protected with @require_auth decorator **Development Authentication**: - Dev login bypass for local testing (DEV_MODE only) - Security safeguards per ADR-011 - Returns 404 when disabled **Templates & Frontend**: - Base layouts (public + admin) - 8 HTML templates with microformats2 - Custom responsive CSS (114 lines) - Error pages (404, 500) ### Bugfixes (v0.5.1 → v0.5.2) 1. **Cookie collision fix (v0.5.1)**: - Renamed auth cookie from "session" to "starpunk_session" - Fixed redirect loop between dev login and admin dashboard - Flask's session cookie no longer conflicts with auth 2. **HTTP 404 error handling (v0.5.1)**: - Update route now returns 404 for nonexistent notes - Delete route now returns 404 for nonexistent notes - Follows ADR-012 HTTP Error Handling Policy - Pattern consistency across all admin routes 3. **Note model enhancement (v0.5.2)**: - Exposed deleted_at field from database schema - Enables soft deletion verification in tests - Follows ADR-013 transparency principle ### Architecture **New ADRs**: - ADR-011: Development Authentication Mechanism - ADR-012: HTTP Error Handling Policy - ADR-013: Expose deleted_at Field in Note Model **Standards Compliance**: - Uses uv for Python environment - Black formatted, Flake8 clean - Follows git branching strategy - Version incremented per versioning strategy ### Test Results - 405/406 tests passing (99.75%) - 87% code coverage - All security tests passing - Manual testing confirmed working ### Documentation - Complete implementation reports in docs/reports/ - Architecture reviews in docs/reviews/ - Design documents in docs/design/ - CHANGELOG updated for v0.5.2 ### Files Changed **New Modules**: - starpunk/dev_auth.py - starpunk/routes/ (public, admin, auth, dev_auth) **Templates**: 10 files (base, pages, admin, errors) **Static**: CSS and optional JavaScript **Tests**: 4 test files for routes and templates **Docs**: 20+ architectural and implementation documents 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
1.6 KiB
1.6 KiB
QUICK FIX: Auth Redirect Loop
Problem: Dev login redirects back to login page (loop)
Cause: Cookie name collision (session used by both Flask and StarPunk)
Fix: Rename auth cookie to starpunk_session
Time: 30 minutes
6 Changes in 3 Files
1. starpunk/routes/dev_auth.py (Line 75)
# Change this:
response.set_cookie("session", session_token, ...)
# To this:
response.set_cookie("starpunk_session", session_token, ...)
2. starpunk/routes/auth.py (5 changes)
Line 47:
session_token = request.cookies.get("starpunk_session") # was "session"
Line 121:
response.set_cookie("starpunk_session", session_token, ...) # was "session"
Line 167:
session_token = request.cookies.get("starpunk_session") # was "session"
Line 178:
response.delete_cookie("starpunk_session") # was "session"
3. starpunk/auth.py (Line 390)
session_token = request.cookies.get("starpunk_session") # was "session"
Test It
# Run tests
uv run pytest tests/ -v
# Start server
uv run flask run
# Browser test:
# 1. Go to http://localhost:5000/admin/
# 2. Click dev login
# 3. Should see dashboard (not login page)
# 4. Check cookies in DevTools - should see "starpunk_session"
Full Docs
- Executive Summary:
/docs/design/auth-redirect-loop-executive-summary.md - Implementation Guide:
/docs/design/auth-redirect-loop-fix-implementation.md - Visual Diagrams:
/docs/design/auth-redirect-loop-diagram.md - Root Cause Analysis:
/docs/design/auth-redirect-loop-diagnosis.md