Phil Skentelbery
a3bac86647
Completed all remaining phases of ADR-030 IndieAuth provider removal. StarPunk no longer acts as an authorization server - all IndieAuth operations delegated to external providers. Phase 2 - Remove Token Issuance: - Deleted /auth/token endpoint - Removed token_endpoint() function from routes/auth.py - Deleted tests/test_routes_token.py Phase 3 - Remove Token Storage: - Deleted starpunk/tokens.py module entirely - Created migration 004 to drop tokens and authorization_codes tables - Deleted tests/test_tokens.py - Removed all internal token CRUD operations Phase 4 - External Token Verification: - Created starpunk/auth_external.py module - Implemented verify_external_token() for external IndieAuth providers - Updated Micropub endpoint to use external verification - Added TOKEN_ENDPOINT configuration - Updated all Micropub tests to mock external verification - HTTP timeout protection (5s) for external requests Additional Changes: - Created migration 003 to remove code_verifier from auth_state - Fixed 5 migration tests that referenced obsolete code_verifier column - Updated 11 Micropub tests for external verification - Fixed test fixture and app context issues - All 501 tests passing Breaking Changes: - Micropub clients must use external IndieAuth providers - TOKEN_ENDPOINT configuration now required - Existing internal tokens invalid (tables dropped) Migration Impact: - Simpler codebase: -500 lines of code - Fewer database tables: -2 tables (tokens, authorization_codes) - More secure: External providers handle token security - More maintainable: Less authentication code to maintain Standards Compliance: - W3C IndieAuth specification - OAuth 2.0 Bearer token authentication - IndieWeb principle: delegate to external services Related: - ADR-030: IndieAuth Provider Removal Strategy - ADR-050: Remove Custom IndieAuth Server - Migration 003: Remove code_verifier from auth_state - Migration 004: Drop tokens and authorization_codes tables 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
StarPunk
A minimal, self-hosted IndieWeb CMS for publishing notes with RSS syndication.
Current Version: 0.9.5 (development)
Versioning
StarPunk follows Semantic Versioning 2.0.0:
- Version format:
MAJOR.MINOR.PATCH - Current:
0.9.5(pre-release development) - First stable release will be
1.0.0
Version Information:
- Current:
0.9.5(pre-release development) - Check version:
python -c "from starpunk import __version__; print(__version__)" - See changes: CHANGELOG.md
- Versioning strategy: docs/standards/versioning-strategy.md
Philosophy
"Every line of code must justify its existence. When in doubt, leave it out."
StarPunk is designed for a single user who wants to:
- Publish short notes to their personal website
- Own their content (notes stored as portable markdown files)
- Syndicate via RSS
- Support IndieWeb standards (Micropub, IndieAuth)
- Run on minimal resources
Features
- File-based storage: Notes are markdown files, owned by you
- IndieAuth authentication: Use your own website as identity
- Micropub support: Coming in v1.0 (currently in development)
- RSS feed: Automatic syndication
- No database lock-in: SQLite for metadata, files for content
- Self-hostable: Run on your own server
- Minimal dependencies: 6 core dependencies, no build tools
Requirements
- Python 3.11 or higher
- 500MB disk space
- Linux, macOS, or Windows with WSL2
Quick Start
# Clone repository
git clone https://github.com/YOUR_USERNAME/starpunk.git
cd starpunk
# Install uv (package manager)
curl -LsSf https://astral.sh/uv/install.sh | sh
# Create virtual environment
uv venv .venv --python 3.11
# Install dependencies
uv pip install -r requirements.txt
# Configure
cp .env.example .env
# Edit .env and set ADMIN_ME and SESSION_SECRET
# Initialize database
mkdir -p data/notes
.venv/bin/python -c "from starpunk.database import init_db; init_db()"
# Note: Database also auto-initializes on first run if not present
# Run development server
.venv/bin/flask --app app.py run --debug
# Visit http://localhost:5000
Configuration
All configuration is in the .env file. Required settings:
ADMIN_ME- Your IndieWeb identity URL (e.g., https://yoursite.com)SESSION_SECRET- Random secret key (generate withpython3 -c "import secrets; print(secrets.token_hex(32))")SITE_URL- Public URL of your site
See .env.example for all options.
Project Structure
starpunk/
├── app.py # Application entry point
├── starpunk/ # Application code
├── data/ # Your notes and database (gitignored)
│ ├── notes/ # Markdown files
│ └── starpunk.db # SQLite database
├── static/ # CSS and JavaScript
├── templates/ # HTML templates
└── tests/ # Test suite
Usage
Publishing Notes
Via Web Interface:
- Navigate to
/admin - Login with your IndieWeb identity
- Create notes in markdown
Via Micropub Client (Coming in v1.0):
- Configure client with your site URL
- Authenticate via IndieAuth
- Publish from any Micropub-compatible app
Backing Up Your Data
Your notes are stored as plain markdown files in data/notes/. Back up this directory:
# Simple backup
tar -czf backup.tar.gz data/
# Or use rsync
rsync -av data/ /backup/starpunk/
Development
See docs/standards/development-setup.md for detailed setup.
# Install dev dependencies
uv pip install -r requirements-dev.txt
# Run tests
.venv/bin/pytest
# Format code
.venv/bin/black starpunk/ tests/
# Lint
.venv/bin/flake8 starpunk/ tests/
Architecture
StarPunk uses a hybrid storage approach:
- Notes content: Markdown files (portable, human-readable)
- Metadata: SQLite database (fast queries)
This gives you both portability AND performance.
See docs/architecture/ for complete documentation.
IndieWeb Compliance
StarPunk implements:
- Micropub - Publishing API
- IndieAuth - Authentication
- Microformats2 - Semantic HTML markup
- RSS 2.0 - Feed syndication
Deployment
Production Setup
# Install gunicorn
uv pip install gunicorn
# Run with gunicorn
.venv/bin/gunicorn -w 4 -b 127.0.0.1:8000 app:app
# Configure nginx/Caddy for HTTPS
# Set up systemd for process management
# Enable regular backups of data/ directory
See docs/standards/deployment-standards.md for details.
License
MIT License - see LICENSE file
Credits
Built with:
- Flask - Web framework
- python-markdown - Markdown processing
- feedgen - RSS generation
- httpx - HTTP client
- IndieLogin - Authentication service
Contributing
This is a personal project optimized for single-user use. If you want additional features, consider forking!
Support
- Documentation: docs/
- Issues: GitHub Issues
- IndieWeb: indieweb.org