Signed-off-by: Seongmin Lee <git@boltless.me>

There can be multiple reactable entities in same page.
Fetch every reactions in `aturi->reactionMap` format where reactionMap
is `kind->T` map

Signed-off-by: Seongmin Lee <git@boltless.me>

Signed-off-by: Seongmin Lee <git@boltless.me>

So that we can render reply comments from non-issue threads.

Signed-off-by: Seongmin Lee <git@boltless.me>

share as much handlers/fragments as possible.
PR has still `/.../comment` endpoint to serve comment form htmx
fragment. Due to how it is designed.

Signed-off-by: Seongmin Lee <git@boltless.me>

Signed-off-by: Seongmin Lee <git@boltless.me>

Signed-off-by: Seongmin Lee <git@boltless.me>

Including db migration to migrate `issue_comments` and `pull_comments`
to unified `comments` table.

Signed-off-by: Seongmin Lee <git@boltless.me>

use `com.atproto.repo.strongRef` for more explicit reference &
`markup.markdown` type to give clear semantic meaning in markdown

Close: <https://tangled.org/tangled.org/core/issues/383>
Signed-off-by: Seongmin Lee <git@boltless.me>

Signed-off-by: Seongmin Lee <git@boltless.me>

This is not required anymore. `MultiAccountUser` can just hold active
user DID.

Signed-off-by: Seongmin Lee <git@boltless.me>

In most helper methods, DID is enough. Don't pass entire session info.

Signed-off-by: Seongmin Lee <git@boltless.me>

We are using `MultiAccountUser.Did()` to get current DID instead.

Signed-off-by: Seongmin Lee <git@boltless.me>

We should resolve handle on render and we are already doing that.
Removing the unused field.

Signed-off-by: Seongmin Lee <git@boltless.me>

Signed-off-by: Seongmin Lee <git@boltless.me>

idk why was this added. Seems like it isn't used?

Signed-off-by: Seongmin Lee <git@boltless.me>

We don't need to pass full `MultiAccountUser` here. just `[]AccountInfo`
should be enough. This way, we can make `MultiAccountUser` to always
hold an active user.

Signed-off-by: Seongmin Lee <git@boltless.me>

- `AccountRegistry.OtherAccounts()` is not used anywhere
- Removed several legacy session value names from `oauth/consts.go`
- We can just embed the `oauth.GetUser()` now

Signed-off-by: Seongmin Lee <git@boltless.me>

`oauth.ClientSessionData.HostURL` is not validated after first session
creation. If user switches the PDS while logged in, `.HostURL` will
still point to old PDS, showing account management options for `tngl.sh`
users. This can confuse users to accidentally put account in odd state
(activated in both PDSes)

Instead, always resolve Handles and PDS hosts on-demand. Technically
`HostURL` is used on creating authorized atpclient, but that's ok
because request to old PDS will reject the request.

Ideally we should revoke user sessions on `#account` event, indigo
currently doesn't support DID based revoking.

Signed-off-by: Seongmin Lee <git@boltless.me>

PDS might have different domain for PDS hostname & user handles

Signed-off-by: Seongmin Lee <git@boltless.me>

Lewis: May this revision serve well! <lewis@tangled.org>

Signed-off-by: Seongmin Lee <git@boltless.me>

Signed-off-by: Seongmin Lee <git@boltless.me>

Signed-off-by: Seongmin Lee <git@boltless.me>

Signed-off-by: Seongmin Lee <git@boltless.me>

Signed-off-by: Seongmin Lee <git@boltless.me>

Signed-off-by: oppiliappan <me@oppi.li>

knotmirror update happens asynchronously, so if we immediately refresh
the page, default branch will rollback to original.

Not refreshing a page here is totally fine.

Signed-off-by: Seongmin Lee <git@boltless.me>

Signed-off-by: Seongmin Lee <git@boltless.me>

Signed-off-by: Seongmin Lee <git@boltless.me>

Signed-off-by: Patrick Dewey <p@pdewey.com>

Signed-off-by: Patrick Dewey <p@pdewey.com>

Signed-off-by: Patrick Dewey <p@pdewey.com>

Signed-off-by: oppiliappan <me@oppi.li>

Signed-off-by: oppiliappan <me@oppi.li>

Signed-off-by: oppiliappan <me@oppi.li>

Signed-off-by: oppiliappan <me@oppi.li>

Signed-off-by: oppiliappan <me@oppi.li>

Signed-off-by: oppiliappan <me@oppi.li>

Signed-off-by: oppiliappan <me@oppi.li>

makes the homepage more "live".

Signed-off-by: oppiliappan <me@oppi.li>

this is already present in a migration. doing this causes a migration
error on fresh DBs.

Signed-off-by: oppiliappan <me@oppi.li>

Signed-off-by: Seongmin Lee <git@boltless.me>

Search was returning nil,nil on error, silently bypassing every
caller's error guard and causing a nil pointer dereference on the
result. Return nil,err instead.

Signed-off-by: Matías Insaurralde <matias@insaurral.de>

Fix various misspellings found by the typos tool:
- Error messages: Forbiden -> Forbidden, insufficent -> insufficient
- Comments and docs: recieve -> receive, acheive -> achieve, etc.
- Variable names: Referencs -> References, intialize -> initialize
- HTML templates: Unubscribe -> Unsubscribe, explictly -> explicitly
- Function names: perferom -> perform

Also remove backwards compat code for is_deafult JSON field.

Add _typos.toml config for false positives (external APIs, etc.)

Signed-off-by: eti <eti@eti.tf>

uses a bit of js to modify the final link

Signed-off-by: oppiliappan <me@oppi.li>

using the include query param, the user can now select portions of the
repo feed to listen to

Signed-off-by: oppiliappan <me@oppi.li>

Signed-off-by: eti <eti@eti.tf>

Signed-off-by: eti <eti@eti.tf>

Signed-off-by: oppiliappan <me@oppi.li>

Previously, CreateRepo submitted the PLC DID before the remaining local setup steps had completed. If RBAC setup or hook installation failed after that point, the handler cleaned up local state but still left behind a published DID with no corresponding repo on disk. Move PLC submission to the end of the create flow so the DID is only published after local repo setup succeeds. Also roll back repo RBAC state during cleanup, and treat hook setup failure as fatal instead of silently continuing.

Signed-off-by: oppiliappan <me@oppi.li>

Signed-off-by: oppiliappan <me@oppi.li>

Validate return_url before storing it in the session: only relative
paths starting with "/" (and not "//") are accepted. Anything else —
absolute URLs and protocol-relative URLs — is replaced with "/".

Add tests covering the accepted and rejected cases.

Signed-off-by: Matías Insaurralde <matias@insaurral.de>

Add logger *slog.Logger to Middleware struct and thread it through New().
Replace all log.Println/log.Printf calls with mw.logger.Error/Warn using
structured key-value pairs. Standalone functions (AuthMiddleware, Paginate)
use slog.Default() to avoid signature breakage. Update router.go call site
to pass s.logger.

Signed-off-by: Matías Insaurralde <matias@insaurral.de>

Signed-off-by: Matías Insaurralde <matias@insaurral.de>

Signed-off-by: Lucas Garron <code@garron.net>

Replace all log.Println/log.Printf calls across follow.go, star.go,
reaction.go, gfi.go, and profile.go with s.logger.Error/Warn/Info using
structured key-value pairs. Each handler opens with a child logger via
s.logger.With("handler", "FuncName"). Firehose-idempotent delete failures
(follow, star, reaction) use Warn; all other failures use Error.

Signed-off-by: Matías Insaurralde <matias@insaurral.de>

Replace the image/ prefix match with an explicit allowlist of safe
binary MIME types. SVG is intentionally excluded as it supports
embedded scripts.

Normalize the knot-supplied Content-Type with mime.ParseMediaType
before classification to strip parameters and prevent bypass attempts.
Add X-Content-Type-Options: nosniff as defence-in-depth.

Add tests covering the allowlist invariants and the normalization
behaviour.

Signed-off-by: Matías Insaurralde <matias@insaurral.de>