phil/StarPunk
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
v0.4.0
StarPunk/CHANGELOG.md
Phil Skentelbery d4f1bfb198 feat: Implement Phase 3 authentication module with IndieLogin support 
Implement complete authentication system following ADR-010 and Phase 3 design specs.
This is a MINOR version increment (0.3.0 -> 0.4.0) as it adds new functionality.

Authentication Features:
- IndieLogin authentication flow via indielogin.com
- Secure session management with SHA-256 token hashing
- CSRF protection with single-use state tokens
- Session lifecycle (create, verify, destroy)
- require_auth decorator for protected routes
- Automatic cleanup of expired sessions
- IP address and user agent tracking

Security Measures:
- Cryptographically secure token generation (secrets module)
- Token hashing for storage (never plaintext)
- SQL injection prevention (prepared statements)
- Single-use CSRF state tokens
- 30-day session expiry with activity refresh
- Comprehensive security logging

Implementation Details:
- starpunk/auth.py: 406 lines, 6 core functions, 4 helpers, 4 exceptions
- tests/test_auth.py: 648 lines, 37 tests, 96% coverage
- Database schema updates for sessions and auth_state tables
- URL validation utility added to utils.py

Test Coverage:
- 37 authentication tests
- 96% code coverage (exceeds 90% target)
- All security features tested
- Edge cases and error paths covered

Documentation:
- Implementation report in docs/reports/
- Updated CHANGELOG.md with detailed changes
- Version incremented to 0.4.0
- ADR-010 and Phase 3 design docs included

Follows project standards:
- Black code formatting (88 char lines)
- Flake8 linting (no errors)
- Python coding standards
- Type hints on all functions
- Comprehensive docstrings

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-11-18 20:35:36 -07:00

3.2 KiB
Raw Permalink Blame History

Changelog

All notable changes to StarPunk will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

Unreleased

0.4.0 - 2025-11-18

Added

  • Authentication module (starpunk/auth.py) with IndieLogin support
  • Core authentication functions: initiate_login, handle_callback, create_session, verify_session, destroy_session
  • require_auth decorator for protecting admin routes
  • Custom authentication exceptions (AuthError, InvalidStateError, UnauthorizedError, IndieLoginError)
  • CSRF protection via state tokens
  • Secure session management with SHA-256 token hashing
  • Session metadata tracking (user agent, IP address)
  • Automatic cleanup of expired sessions and state tokens
  • URL validation utility function (is_valid_url)
  • Comprehensive authentication test suite (37 tests, 96% coverage)

Changed

  • Updated sessions table schema to use session_token_hash instead of plaintext tokens
  • Added user_agent and ip_address fields to sessions table
  • Added redirect_uri field to auth_state table
  • Added indexes for authentication performance (session_token_hash, me)

Security

  • Token hashing with SHA-256 for secure storage
  • CSRF protection with single-use state tokens
  • Cryptographically secure token generation (secrets module)
  • SQL injection prevention with prepared statements
  • Comprehensive security logging

0.3.0 - 2025-11-18

Added

  • Notes management module (starpunk/notes.py) with CRUD operations
  • Custom exceptions for note operations (NoteError, NoteNotFoundError, InvalidNoteDataError, NoteSyncError)
  • File and database synchronization with transaction safety
  • Support for soft and hard note deletion
  • Comprehensive test suite for notes module (85 tests, 86% coverage)
  • Database schema support for soft deletes (deleted_at column)
  • Slug uniqueness enforcement with random suffix generation
  • Content hash calculation for integrity verification

Changed

  • Updated database schema to include deleted_at column in notes table
  • Added index on deleted_at for query performance

0.1.0 - 2024-11-18

Added

  • Initial project structure
  • Core architecture design
  • Technology stack selection (Flask, SQLite, file-based storage)
  • Architecture Decision Records (ADR-001 through ADR-007)
  • Development documentation and standards
  • Phase 1.1 design: Core utilities specification
  • Python coding standards
  • Documentation organization structure

Documentation

  • Complete architecture overview
  • Technology stack documentation
  • ADR-001: Python web framework (Flask)
  • ADR-002: Flask extensions (minimal approach)
  • ADR-003: Frontend technology (server-side rendering)
  • ADR-004: File-based note storage
  • ADR-005: IndieLogin authentication
  • ADR-006: Python virtual environment (uv)
  • ADR-007: Slug generation algorithm
  • ADR-008: Versioning strategy
Reference in New Issue View Git Blame Copy Permalink