Publ: Development Blog

News and updates about Publ

Publ v0.5.16 released

Posted Sunday, February 23 at 10:35 PM (2 days ago)

Today I released Publ v0.5.16, since it has a few features I wanted to deploy on my own sites:

  • Path aliases can now be set to be an alternate “mount point” or to override the canonical entry path (for example)
  • View tags can now be filtered to show entries with any, all, or none of the requested tags
  • As a consequence of the above, category tag lists can also be used as a progressive refinement (see, for example, on this blog)

Publ v0.5.15

Posted Wednesday, February 12 at 12:47 AM (2 weeks ago)

Not much to say about this, just a handful of performance tweaks and bug fixes:

  • Improved caching behavior around URL parameters
  • Allow configuring the maximum image render threads
  • Fixed an exception when trying to extract an OpenGraph card from an empty entry
  • Improve entry ID conflict reconciliation
  • Force absolute image URLs in OpenGraph tags

Publ v0.5.14 released!

Posted Tuesday, February 4 at 5:40 PM (3 weeks ago)

Today I released v0.5.14 of Publ, which has a bunch of improvements:

  • Fixed a bug in card retrieval when there’s no summary
  • Admin panel works again
  • Markdown entry headings now get individual permalinks (the presentation of which can be templated)
  • Markdown entry headings can be extracted into an outline to be used for a table of contents
  • Lots of performance improvements around ToC and footnote extraction, and template API functions in general

Publ v0.5.13 released

Posted Tuesday, January 7 at 12:25 AM (2 months ago)

Progress being made, although not much of it has been in service of my intended v0.6 milestone. At some point I’m going to have to bite the bullet and actually start writing some automated tests.

Release notes:

  • Applied the smartquotes/no_smartquotes API change to entry.title
  • Consolidated and cleaned up OpenGraph card parsing to make it consistent across Markdown and HTML entries, and fixing a few Markdown-specific bugs
  • Refactored the image rendition pipeline to make it more extensible/testable/clean (and also fixed a caching issue with palette quantization)
  • Added the ability to select scaling algorithm on a per-image basis
  • Cleaned up entry deletion and reindexing
  • Improved the testing of entry.auth
  • Removed a short-term performance hack on the authentication dashboard

Also, as of now, I run a live version of the Publ integration tests, although it’s currently only manually-updated.

Update: And as if to hammer home the point regarding automated testing, I had to release 0.5.13.1 because, wellp, released with a site-breaking bug in the new card parser… Sigh.

v0.5.12 released, and lots of documentation fixes

Posted Tuesday, December 31 at 12:02 AM (2 months ago)

Release notes

Today I got a fire lit under me and decided to do a bunch of bug fixing and general performance improvements.

Changes since v0.5.11:

  • Fixed a micro-optimization which was causing some pretty bad cache problems (I really should write a blog entry about this but tl;dr micro-optimizations are usually bugs in disguise)
  • Fixed an issue which was causing the page render cache to not actually activate most of the time (you know there’s going to be a ramble about this below…)
  • Fixed a bunch of spurious log meessages about nested transactions
  • Refactored the way that markup=False works, making it available from all Markdown/HTML contexts
  • Changed no_smartquotes=True to smartquotes=False (no_smartquotes is retained for template compatibility) (although I missed this on entry.title; I’ve already committed a fix for the next version)
  • Improve the way that the page render cache interacts with templates
  • Fixed an issue where changing a template might cause issues to occur until the cache expires

Documentation improvements

This site now self-hosted

Posted Saturday, December 28 at 11:57 PM (2 months ago)

I’d been running this website on Heroku’s free tier for a while, but it’s been getting enough traffic that it was getting close to my free runtime limit. So, I’ve moved this over to my own personal server.

However, the site repository is still configured to work with Heroku (as well as being self-hosted), and you can still access the Heroku instance at publ.herokuapp.com to see it in action. They should, for the most part, mirror one another.

Anyway, there will probably be some kinks to iron out in the meantime. But on the plus side, it means this site will finally be accessible via https!

Publ v0.5.11, Authl v0.3.5

Posted Saturday, December 14 at 2:24 PM (2 months ago)

Some fresh new versions of things.

Publ

Changes to Publ:

  • Massive improvements to how footnotes are handled; now they get their own virtual section (so if you’re currently using footnotes you’ll need to update your templates!)1
  • Various performance improvements:
    • Some internal caching on image rendition stuff
    • Reduce contention in the content indexer (to hopefully make large sites more responsive on restart)
    • Minor optimizations to category.subcats
  • Removed config.secret_key; now this should be configured on the application object per Flask standards
  • Allow HTML attributes other than href and src to contain image renditions

Authl

  • Improve WebFinger support
  • Improve the JavaScript in the default Flask template

webmention.js v0.1.0 now on npm

Posted Wednesday, December 4 at 8:56 PM (2 months ago)

Due to popular demand, there is now an NPM package for webmention.js. So, if you use npm as part of your site JavaScript workflow, now you can theoretically use this.

Thanks to André Jaenisch for his incredibly generous help in getting this set up!

And, if you run into any trouble (or have any suggestions for improvement), please open an issue.

(Full disclosure: I have even more of no idea what I’m doing than usual.)

Pushl v0.2.13

Posted Sunday, December 1 at 9:10 PM (2 months ago)

I’ve released a new version of Pushl.

Changes since the last version:

  • Added support for tracking entry URL changes
  • Finally got around to adding type annotations and static analysis

Publ v0.5.10 released

Posted Wednesday, November 27 at 9:13 PM (3 months ago)

Publ v0.5.10 is now available. The following has changed since v0.5.9:

  • Image sets will generate fullsize renditions (and their links) for images which were skipped, so they will still appear in the lightbox
  • Footnotes now get rolled up into the entry.more (with some caveats), and also get stable permalinks for their references1
  • You can now annotate an HTML attribute with $ to force it to resolve as an asset (useful for certain JavaScript libraries); see the relevant documentation

I’ve also made a bunch of changes to the sample templates.

Authl v0.3.3

Posted Thursday, November 14 at 10:23 PM (3 months ago)

Just a tiny fix in this; it works around an inconsistency between the IndieAuth spec and IndieAuth.com’s implementation. Normally I’d just be all, “this is a bug in IndieAuth.com” but that’s the most popular IndieAuth endpoint right now so I decided it was prudent to make a compromise. And really it’s a good idea to always specify an Accept: header anyway.

Thanks to Colin for bringing this to my attention.

Publ v0.5.9 released

Posted Thursday, November 7 at 12:03 PM (3 months ago)

Publ v0.5.9 is now out. Just a couple of bugfixes in this one:

  • Login pages now properly redirect to https again (after that was broken due to some of the recent auth-related changes)
  • view.range works correctly again, as does everything else that relied on len() on parameter-optional properties (e.g. view.count)

Authl v0.3.2

Posted Monday, November 4 at 3:04 PM (3 months ago)

I’ve now released v0.3.2 of Authl, which adds the following changes:

  • Fixed IndieAuth URL validation rules
  • Improved UX for login type preview
  • Now it supports Twitter on “stateless” hosting

As an experiment I’ve enabled Twitter login on this site, so now you should be able to use it to look at protected entries.

Publ 0.5.8, Authl 0.3.1, and IndieAuth security

Posted Wednesday, October 30 at 7:11 PM (4 months ago)

So, both Publ and Authl had a pretty naïve issue with the identity verification step of the IndieAuth flow; it simply accepted whatever the authorization endpoint said the user’s identity was. This made it very simple to spoof one’s identity and log in as anyone on any Publ or Authl site.

Authl 0.3.1 fixes the problem with the IndieAuth login flow, and Publ 0.5.8 fixes the problem with the Bearer token flow.

Authl v0.3.0

Posted Wednesday, October 30 at 2:53 AM (4 months ago)

I just released Authl v0.3.0; minor version bump because of a public API change, to better facilitate stateless storage.

Which is to say I converted most of the handlers to be stateless, which hopefully fixes the issues with running on Heroku.

Unfortunately Twitter couldn’t be fixed easily but I wasn’t running the Twitter handler on this site anyway. I do have some ideas but they’re fairly involved and will have to come later, and not when I’m up way past my bedtime.

Also, there still seems to be some cache-related issue that’s making it necessary to shift-reload the page after logging in or out, sometimes.

Publ v0.5.7, now with theoretical AutoAuth support!

Posted Tuesday, October 29 at 9:38 PM (4 months ago)

There is only one feature for this new release of Publ, but it’s a big one – there is (theoretical) support for AutoAuth! That’s right, deploy this version and people should be able to magically log on to your website using unattended IndieAuth providers.

Unfortunately, there aren’t any tools that I know of which actually support this mode of operation; all testing has been manual and In Theory.

Fortunately, if someone does want to test AutoAuth (or IndieAuth Bearer authentication in general), you can test it out on this site! You can use this entry as an individual entry, and this category or this feed to see how well it works with the “partial public” path.

Also, this page will tell you all sorts of useful information about the current user (if any).

And I’d might as well use this opportunity to show off the admin dashboard – just sign in as the user test:admin to see how it looks.

EDIT: It looks like there’s a problem with third-party auth due to the way that Heroku works. I should have anticipated this. Third-party auth is temporarily disabled for now. (But this doesn’t affect AutoAuth at least!)

Publ v0.5.6 released

Posted Friday, October 25 at 10:45 PM (4 months ago)

Oops, I’d been sitting on a bunch of bugfixes for a month, which I didn’t notice until I put in another bugfix tonight.

Changes since v0.5.5:

  • Fix title sanitization
  • Handle category.name with the same formatting options as entry.title
  • Replace hand-rolled atomic file operations with atomicwrites
  • Add link_class to image renditions
  • Fix automatic alt generation for external images
  • Simplify the way entry URLs are canonicized
  • Fix some bitrot in older tests

Why Publ won’t support magic auth links

Posted Friday, October 25 at 5:36 PM (4 months ago)

Since adding user authentication to Publ, I’ve been thinking of ways of allowing people to subscribe to sites from feed readers while getting their own native authorization, so that people can see entries directly in their readers rather than needing the clumsy mechanisms of unauthorized placeholder entries.

Out of the box, Publ authentication does support a shared cookie jar; if you can provide your cookies to your feed reader in some way, then things will Just Work. Unfortunately, I don’t know of any feed readers that actually support this, at least not easily. (Back when most browsers had a feed reader built-in this was a lot simpler. But time marches on.)

The two mechanisms which seemed most promising are AutoAuth and “magic links,” where users get signed URLs that come pre-authenticated and show the full authorized content for that user. AutoAuth is still in a draft phase that’s stuck in a chicken-and-egg situation (and also requires a lot of buy-in to IndieWeb protocols, which is still a pill too large to swallow for most of the folks who follow my blog), so magic feed links seemed like the best path forward.

I even got so far as to draft out an implementation, but there’s a few bad issues with it which just made me opt not to.