commits
Rework timeline page to be two column layout on desktop.
Signed-off-by: Anirudh Oppiliappan <anirudh@tangled.org>
Signed-off-by: Anirudh Oppiliappan <anirudh@tangled.org>
Signed-off-by: Anirudh Oppiliappan <anirudh@tangled.org>
Signed-off-by: Anirudh Oppiliappan <anirudh@tangled.org>
And some misc. css tweaks.
Signed-off-by: Anirudh Oppiliappan <anirudh@tangled.org>
Add nix/pkgs/blog.nix to build the blog with proper static assets
including the dolly favicon files. Update the CI workflow to generate
favicons using the dolly tool before building.
The favicon was missing in production because appview/pages/static/* is
gitignored, and the CI workflow wasn't generating the dolly icons.
Signed-off-by: eti <eti@eti.tf>
`after-request` is not triggered because the response causes a full page
reload.
Persisted input values were due to browser autofill, not htmx state.
Signed-off-by: tobinio <Tobias.frischmann1@gmail.com>
large repos like witchsky seem to require a large request window. the
real issue here is the transaction process: we should use the knotstream
to identify successful/failed merges, and not depend entirely on the
request timeout.
additionaly: investigate the root cause of slow merges.
Signed-off-by: oppiliappan <me@oppi.li>
Signed-off-by: Will Andrews <did:plc:dadhhalkfcq3gucaq25hjqon>
Signed-off-by: eti <eti@eti.tf>
Signed-off-by: Seongmin Lee <git@boltless.me>
Signed-off-by: Anirudh Oppiliappan <anirudh@tangled.org>
This is not required anymore. `MultiAccountUser` can just hold active
user DID.
Signed-off-by: Seongmin Lee <git@boltless.me>
In most helper methods, DID is enough. Don't pass entire session info.
Signed-off-by: Seongmin Lee <git@boltless.me>
We are using `MultiAccountUser.Did()` to get current DID instead.
Signed-off-by: Seongmin Lee <git@boltless.me>
We should resolve handle on render and we are already doing that.
Removing the unused field.
Signed-off-by: Seongmin Lee <git@boltless.me>
Signed-off-by: Seongmin Lee <git@boltless.me>
idk why was this added. Seems like it isn't used?
Signed-off-by: Seongmin Lee <git@boltless.me>
We don't need to pass full `MultiAccountUser` here. just `[]AccountInfo`
should be enough. This way, we can make `MultiAccountUser` to always
hold an active user.
Signed-off-by: Seongmin Lee <git@boltless.me>
- `AccountRegistry.OtherAccounts()` is not used anywhere
- Removed several legacy session value names from `oauth/consts.go`
- We can just embed the `oauth.GetUser()` now
Signed-off-by: Seongmin Lee <git@boltless.me>
`oauth.ClientSessionData.HostURL` is not validated after first session
creation. If user switches the PDS while logged in, `.HostURL` will
still point to old PDS, showing account management options for `tngl.sh`
users. This can confuse users to accidentally put account in odd state
(activated in both PDSes)
Instead, always resolve Handles and PDS hosts on-demand. Technically
`HostURL` is used on creating authorized atpclient, but that's ok
because request to old PDS will reject the request.
Ideally we should revoke user sessions on `#account` event, indigo
currently doesn't support DID based revoking.
Signed-off-by: Seongmin Lee <git@boltless.me>
PDS might have different domain for PDS hostname & user handles
Signed-off-by: Seongmin Lee <git@boltless.me>
Lewis: May this revision serve well! <lewis@tangled.org>
Signed-off-by: Seongmin Lee <git@boltless.me>
Signed-off-by: Seongmin Lee <git@boltless.me>
Signed-off-by: Seongmin Lee <git@boltless.me>
Signed-off-by: Seongmin Lee <git@boltless.me>
Signed-off-by: Seongmin Lee <git@boltless.me>
Signed-off-by: oppiliappan <me@oppi.li>
knotmirror update happens asynchronously, so if we immediately refresh
the page, default branch will rollback to original.
Not refreshing a page here is totally fine.
Signed-off-by: Seongmin Lee <git@boltless.me>
Signed-off-by: Seongmin Lee <git@boltless.me>
Signed-off-by: Seongmin Lee <git@boltless.me>
Signed-off-by: Patrick Dewey <p@pdewey.com>
Signed-off-by: Patrick Dewey <p@pdewey.com>
Signed-off-by: Patrick Dewey <p@pdewey.com>
Signed-off-by: oppiliappan <me@oppi.li>
Signed-off-by: oppiliappan <me@oppi.li>
Signed-off-by: oppiliappan <me@oppi.li>
Signed-off-by: oppiliappan <me@oppi.li>
Signed-off-by: oppiliappan <me@oppi.li>
makes the homepage more "live".
Signed-off-by: oppiliappan <me@oppi.li>
this is already present in a migration. doing this causes a migration
error on fresh DBs.
Signed-off-by: oppiliappan <me@oppi.li>
Signed-off-by: Seongmin Lee <git@boltless.me>
Search was returning nil,nil on error, silently bypassing every
caller's error guard and causing a nil pointer dereference on the
result. Return nil,err instead.
Signed-off-by: Matías Insaurralde <matias@insaurral.de>
Fix various misspellings found by the typos tool:
- Error messages: Forbiden -> Forbidden, insufficent -> insufficient
- Comments and docs: recieve -> receive, acheive -> achieve, etc.
- Variable names: Referencs -> References, intialize -> initialize
- HTML templates: Unubscribe -> Unsubscribe, explictly -> explicitly
- Function names: perferom -> perform
Also remove backwards compat code for is_deafult JSON field.
Add _typos.toml config for false positives (external APIs, etc.)
Signed-off-by: eti <eti@eti.tf>
uses a bit of js to modify the final link
Signed-off-by: oppiliappan <me@oppi.li>
using the include query param, the user can now select portions of the
repo feed to listen to
Signed-off-by: oppiliappan <me@oppi.li>
Signed-off-by: eti <eti@eti.tf>
Signed-off-by: eti <eti@eti.tf>
Signed-off-by: oppiliappan <me@oppi.li>
Previously, CreateRepo submitted the PLC DID before the remaining local setup steps had completed. If RBAC setup or hook installation failed after that point, the handler cleaned up local state but still left behind a published DID with no corresponding repo on disk. Move PLC submission to the end of the create flow so the DID is only published after local repo setup succeeds. Also roll back repo RBAC state during cleanup, and treat hook setup failure as fatal instead of silently continuing.
Signed-off-by: oppiliappan <me@oppi.li>
Validate return_url before storing it in the session: only relative
paths starting with "/" (and not "//") are accepted. Anything else —
absolute URLs and protocol-relative URLs — is replaced with "/".
Add tests covering the accepted and rejected cases.
Signed-off-by: Matías Insaurralde <matias@insaurral.de>
Add logger *slog.Logger to Middleware struct and thread it through New().
Replace all log.Println/log.Printf calls with mw.logger.Error/Warn using
structured key-value pairs. Standalone functions (AuthMiddleware, Paginate)
use slog.Default() to avoid signature breakage. Update router.go call site
to pass s.logger.
Signed-off-by: Matías Insaurralde <matias@insaurral.de>
Signed-off-by: Matías Insaurralde <matias@insaurral.de>
Signed-off-by: Lucas Garron <code@garron.net>
Replace all log.Println/log.Printf calls across follow.go, star.go,
reaction.go, gfi.go, and profile.go with s.logger.Error/Warn/Info using
structured key-value pairs. Each handler opens with a child logger via
s.logger.With("handler", "FuncName"). Firehose-idempotent delete failures
(follow, star, reaction) use Warn; all other failures use Error.
Signed-off-by: Matías Insaurralde <matias@insaurral.de>
Add nix/pkgs/blog.nix to build the blog with proper static assets
including the dolly favicon files. Update the CI workflow to generate
favicons using the dolly tool before building.
The favicon was missing in production because appview/pages/static/* is
gitignored, and the CI workflow wasn't generating the dolly icons.
Signed-off-by: eti <eti@eti.tf>
large repos like witchsky seem to require a large request window. the
real issue here is the transaction process: we should use the knotstream
to identify successful/failed merges, and not depend entirely on the
request timeout.
additionaly: investigate the root cause of slow merges.
Signed-off-by: oppiliappan <me@oppi.li>
`oauth.ClientSessionData.HostURL` is not validated after first session
creation. If user switches the PDS while logged in, `.HostURL` will
still point to old PDS, showing account management options for `tngl.sh`
users. This can confuse users to accidentally put account in odd state
(activated in both PDSes)
Instead, always resolve Handles and PDS hosts on-demand. Technically
`HostURL` is used on creating authorized atpclient, but that's ok
because request to old PDS will reject the request.
Ideally we should revoke user sessions on `#account` event, indigo
currently doesn't support DID based revoking.
Signed-off-by: Seongmin Lee <git@boltless.me>
Fix various misspellings found by the typos tool:
- Error messages: Forbiden -> Forbidden, insufficent -> insufficient
- Comments and docs: recieve -> receive, acheive -> achieve, etc.
- Variable names: Referencs -> References, intialize -> initialize
- HTML templates: Unubscribe -> Unsubscribe, explictly -> explicitly
- Function names: perferom -> perform
Also remove backwards compat code for is_deafult JSON field.
Add _typos.toml config for false positives (external APIs, etc.)
Signed-off-by: eti <eti@eti.tf>
Previously, CreateRepo submitted the PLC DID before the remaining local setup steps had completed. If RBAC setup or hook installation failed after that point, the handler cleaned up local state but still left behind a published DID with no corresponding repo on disk. Move PLC submission to the end of the create flow so the DID is only published after local repo setup succeeds. Also roll back repo RBAC state during cleanup, and treat hook setup failure as fatal instead of silently continuing.
Validate return_url before storing it in the session: only relative
paths starting with "/" (and not "//") are accepted. Anything else —
absolute URLs and protocol-relative URLs — is replaced with "/".
Add tests covering the accepted and rejected cases.
Signed-off-by: Matías Insaurralde <matias@insaurral.de>
Add logger *slog.Logger to Middleware struct and thread it through New().
Replace all log.Println/log.Printf calls with mw.logger.Error/Warn using
structured key-value pairs. Standalone functions (AuthMiddleware, Paginate)
use slog.Default() to avoid signature breakage. Update router.go call site
to pass s.logger.
Signed-off-by: Matías Insaurralde <matias@insaurral.de>
Replace all log.Println/log.Printf calls across follow.go, star.go,
reaction.go, gfi.go, and profile.go with s.logger.Error/Warn/Info using
structured key-value pairs. Each handler opens with a child logger via
s.logger.With("handler", "FuncName"). Firehose-idempotent delete failures
(follow, star, reaction) use Warn; all other failures use Error.
Signed-off-by: Matías Insaurralde <matias@insaurral.de>