Publ v0.6.3

Just a few bugfixes:

• Fixed a problem that prevented logging out from working
• Made view.deleted work correctly on count-based paginations
• Allowed date-based paginations to work from an empty starting point

v0.6.2

Just a few changes:

• External images now get correctly-extracted into og:image card data
• Local images get og:image:width and og:image:height attributes
• Scheduled posts now flush the cache when they become visible
• Once again fix extracted entry summaries to not be double-escaped

webmention.js 0.3 released

webmention.js now supports changing the sort criterion and order of responses, and defaults to publication (rather than receipt) time.

This was mostly to improve the presentation of responses received via brid.gy, particularly from Twitter.

v0.6.1 releashed released

This is a new version of Publ. The main change is how deletions (using ~~markdown~~ and <del>HTML</del> <s>tags</s>) get converted to plaintext — namely they get removed, to make it make more visible sense.

Doing this also led to refactoring the internal strip_html function to provide a bit more flexibility, so now it’s now available as a Jinja2 template filter.

I also removed a couple of troublesome micro-optimizations that were causing more trouble than they were worth.

v0.6.0 released!

The 0.6 milestone has finally been completed, so Publ 0.6.0 is now released!

Changes since v0.5.16:

• Fix some startup bugs around file fingerprint checking
• Make category.tags use the most-recently-seen capitalization of any given tag
• Make view tag tests case-insensitive (so tag browsers have a chance of working correctly)
• Add some basic unit tests and coverage analysis
• Fix some bugs which were shaken out by the unit testing (go figure!)

And, since this is a new milestone, what’s improved since v0.5.0? Quite a lot! 237 commits, in fact. Here’s some of the features that stand out to me in the change log:

• Testing!
• Major improvements to entry authentication, both for performance and admin usability
• Footnotes!
• Tables of contents!
• Improved support for tag browsing, including filter constraints!
• Support for image renditions in arbitrary HTML attributes
• IndieAuth c2s support (groundwork for apps like MicroPub), and a first pass at s2s (for AutoAuth)
• Lots and lots of bug fixes

At this point I feel like Publ is very usable and flexible, and I would love to see more people give it a try. At some point I need to do a documentation push — both improving the quality of the user documentation (it’s gotten to be quite a mess!) and also making this site more of a demo of what Publ can do.

This is something I’d love to get some help with.

Publ v0.5.16 released

Today I released Publ v0.5.16, since it has a few features I wanted to deploy on my own sites:

• Path aliases can now be set to be an alternate “mount point” or to override the canonical entry path (for example)
• View tags can now be filtered to show entries with any, all, or none of the requested tags
• As a consequence of the above, category tag lists can also be used as a progressive refinement (see, for example, on this blog)

Publ v0.5.15

Not much to say about this, just a handful of performance tweaks and bug fixes:

• Improved caching behavior around URL parameters
• Allow configuring the maximum image render threads
• Fixed an exception when trying to extract an OpenGraph card from an empty entry
• Improve entry ID conflict reconciliation
• Force absolute image URLs in OpenGraph tags

Publ v0.5.14 released!

Today I released v0.5.14 of Publ, which has a bunch of improvements:

• Fixed a bug in card retrieval when there’s no summary
• Admin panel works again
• Markdown entry headings now get individual permalinks (the presentation of which can be templated)
• Markdown entry headings can be extracted into an outline to be used for a table of contents
• Lots of performance improvements around ToC and footnote extraction, and template API functions in general

Publ v0.5.13 released

Progress being made, although not much of it has been in service of my intended v0.6 milestone. At some point I’m going to have to bite the bullet and actually start writing some automated tests.

Release notes:

• Applied the smartquotes/no_smartquotes API change to entry.title
• Consolidated and cleaned up OpenGraph card parsing to make it consistent across Markdown and HTML entries, and fixing a few Markdown-specific bugs
• Refactored the image rendition pipeline to make it more extensible/testable/clean (and also fixed a caching issue with palette quantization)
• Added the ability to select scaling algorithm on a per-image basis
• Cleaned up entry deletion and reindexing
• Improved the testing of entry.auth
• Removed a short-term performance hack on the authentication dashboard

Also, as of now, I run a live version of the Publ integration tests, although it’s currently only manually-updated.

Update: And as if to hammer home the point regarding automated testing, I had to release 0.5.13.1 because, wellp, released with a site-breaking bug in the new card parser… Sigh.

v0.5.12 released, and lots of documentation fixes

Release notes

Today I got a fire lit under me and decided to do a bunch of bug fixing and general performance improvements.

Changes since v0.5.11:

• Fixed a micro-optimization which was causing some pretty bad cache problems (I really should write a blog entry about this but tl;dr micro-optimizations are usually bugs in disguise)
• Fixed an issue which was causing the page render cache to not actually activate most of the time (you know there’s going to be a ramble about this below…)
• Fixed a bunch of spurious log meessages about nested transactions
• Refactored the way that markup=False works, making it available from all Markdown/HTML contexts
• Changed no_smartquotes=True to smartquotes=False (no_smartquotes is retained for template compatibility) (although I missed this on entry.title; I’ve already committed a fix for the next version)
• Improve the way that the page render cache interacts with templates
• Fixed an issue where changing a template might cause issues to occur until the cache expires

Documentation improvements

• The Apache/nginx deployment guide is vastly improved:
  • Now it uses UNIX domain sockets instead of localhost ports, making service provisioning a bit easier
  • The systemd unit is now a user unit instead of a system unit, which improves security and also allows for gentler service restarts
• The git deployment guide has been updated per the above, and also some of the code snippets are cleaned up
• The information about HTML processing and image renditions has been consolidated and cleaned up
• Information about private posts and user configuration has also been cleaned up somewhat
• Also lots of updates to the beesbuzz.biz Publ templates

Publ v0.5.11, Authl v0.3.5

Some fresh new versions of things.

Publ

Changes to Publ:

• Massive improvements to how footnotes are handled; now they get their own virtual section (so if you’re currently using footnotes you’ll need to update your templates!)¹
• Various performance improvements:
  • Some internal caching on image rendition stuff
  • Reduce contention in the content indexer (to hopefully make large sites more responsive on restart)
  • Minor optimizations to category.subcats
• Removed config.secret_key; now this should be configured on the application object per Flask standards
• Allow HTML attributes other than href and src to contain image renditions

Authl

• Improve WebFinger support
• Improve the JavaScript in the default Flask template

Publ v0.5.10 released

Publ v0.5.10 is now available. The following has changed since v0.5.9:

• Image sets will generate fullsize renditions (and their links) for images which were skipped, so they will still appear in the lightbox
• Footnotes now get rolled up into the entry.more (with some caveats), and also get stable permalinks for their references¹
• You can now annotate an HTML attribute with $ to force it to resolve as an asset (useful for certain JavaScript libraries); see the relevant documentation

I’ve also made a bunch of changes to the sample templates.

Publ v0.5.9 released

Publ v0.5.9 is now out. Just a couple of bugfixes in this one:

• Login pages now properly redirect to https again (after that was broken due to some of the recent auth-related changes)
• view.range works correctly again, as does everything else that relied on len() on parameter-optional properties (e.g. view.count)

Publ 0.5.8, Authl 0.3.1, and IndieAuth security

So, both Publ and Authl had a pretty naïve issue with the identity verification step of the IndieAuth flow; it simply accepted whatever the authorization endpoint said the user’s identity was. This made it very simple to spoof one’s identity and log in as anyone on any Publ or Authl site.

Authl 0.3.1 fixes the problem with the IndieAuth login flow, and Publ 0.5.8 fixes the problem with the Bearer token flow.

Publ v0.5.7, now with theoretical AutoAuth support!

There is only one feature for this new release of Publ, but it’s a big one – there is (theoretical) support for AutoAuth! That’s right, deploy this version and people should be able to magically log on to your website using unattended IndieAuth providers.

Unfortunately, there aren’t any tools that I know of which actually support this mode of operation; all testing has been manual and In Theory.

Fortunately, if someone does want to test AutoAuth (or IndieAuth Bearer authentication in general), you can test it out on this site! You can use this entry as an individual entry, and this category or this feed to see how well it works with the “partial public” path.

Also, this page will tell you all sorts of useful information about the current user (if any).

And I’d might as well use this opportunity to show off the admin dashboard – just sign in as the user test:admin to see how it looks.

EDIT: It looks like there’s a problem with third-party auth due to the way that Heroku works. I should have anticipated this. Third-party auth is temporarily disabled for now. (But this doesn’t affect AutoAuth at least!)

Publ v0.5.6 released

Oops, I’d been sitting on a bunch of bugfixes for a month, which I didn’t notice until I put in another bugfix tonight.

Changes since v0.5.5:

• Fix title sanitization
• Handle category.name with the same formatting options as entry.title
• Replace hand-rolled atomic file operations with atomicwrites
• Add link_class to image renditions
• Fix automatic alt generation for external images
• Simplify the way entry URLs are canonicized
• Fix some bitrot in older tests

Publ v0.5.5 released

Howdy y'all! Here’s a new release of Publ for you.

What’s new in this version:

• Add the ability to filter by multiple categories, and also to filter out categories as well
• Various code cleanups, especially around the query generator

Also the unannounced v0.5.4 release was to fix some stuff that broke due to an upstream Arrow change (specifically dealing with them removing an API that I was using to suppress warnings for a different upstream change that I’d already handled).

I should also mention that I’ve updated the beesbuzz.biz template samples to improve IndieWeb and ActivityPub compatibility. (Publ still doesn’t support ActivityPub itself but these changes make it interoperate with Bridgy Fed a bit better.)

On a meta note, I’ve left the microbiology lab I was at; I hope they continue to use Publ, of course! Over the next little while I’m going to spend some more time working on my own things again (including Publ et al), but I’ve also had some interesting job interviews with one of them seeming very likely to turn into an offer. Wish me luck, if you’re into that sort of thing! (And of course, follow my blog for the primary source of this stuff.)

Publ v0.5.3, Authl v0.2.2

I’ve released updates to both Publ and Authl.

On the Authl side:

• Code quality and documentation improvements
• Add an asynchronous client-side lookup thing that tells users how their login will proceed
• Add the redirection target to disposition.Error so that can be preserved correctly
• Update the Flask wrapper to use disposition.Error.redir
• Let the application know the redirection target in render_login_func

On the Publ side:

• If the site is configured to force HTTPS in authentication, force the cookie to be HTTPS-only
• If a user is already logged in, make the login handler redirect them to their destination

For both:

• Improved build scripts to make it less convenient to accidentally push a build from the wrong branch or version

These changes help to keep sites more secure from eavesdroppers, while also hopefully improving the user experience!

v0.5.1 released (also Authl v0.1.6)

Oh gosh I seem to be on a roll with these updates again. Here’s what changed in Publ:

• Fixed a silly bug in the admin dashboard renderer which made it not work in production mode
• Make the admin log only record the most recent access per user per entry, making it way more useful
• Make the logout operation happen via POST method rather than GET, fixing a problem with browser prefetching; added a logout.html template to support that. (Also made the default unauthorized.html use Authl’s default CSS.)
• Actually make entry.authorized available, rather than just documented. Also gave it a better name while I was at it.
• view.entries can now take an optional argument for inlining unauthorized entries, improving its usage within feeds.
• view.unauthorized can now take an optional argument for limiting the unauthorized view count, which helps performance and makes it a bit more predictable
• Images now provide their filename as the default alt text, which is arguably better for accessibility than just leaving it a blank string. I am willing to change my mind on this, however.
• Cleaned up the code around category.subcats(recurse=True) and also added some actual tests for the sort ordering. They pass.

And the Authl changes (which were actually released before Publ 0.5.0 but I didn’t bother announcing them until I had them tested “in the wild”):

• Changed to using packaged data for templates
• Made the login page CSS available through url_for
• Removed the spurious precision from the email message template

Anyway, I of course updated the sample beesbuzz.biz templates to reflect the new functionality.

Wow, Publ’s feeling like it’s actually kinda pretty good at stuff now. I hope someone else ever wants to actually, like, use it or something.

v0.5.0 released

I figured there wasn’t really any reason to keep waiting. So here we are.

Changes since v0.4.6:

• Improve the performance and stability of the admin dashboard
• Correctly fall back to the internal Authl templates
• Remove some spurious/empty attributes from image tags
• Don’t cache template mappings forever
• Don’t mark an entry title as being markup if its markup is disabled
• Correctly set the default entry recursion for entry.previous/next
• Disable an arrow warning for a future change

In other news, over on my main website I have successfully migrated my comments over to Isso, which is a nice self-hosted alternative to Disqus that does a much better job of handling privacy in particular, as well as providing a simpler UX that doesn’t try to get in your face about everything. If you want to read more about how I made that change, read the several blog entries starting with “Moving away from Disqus,” and also look at the sample templates to see the actual implementation.

May your private entries remain exclusive, and your public entries be brilliant.

UPDATE: Someday I’ll learn to use and test rc builds before making an actual public release. Oops.