~sircmpwn/core.sr.ht

core.sr.ht/srht/templates/nav.html -rw-r--r-- 1.5 KiB
Redirect users to hub instead of their meta profile
nav.html: remove text-muted on hubless install
navbar: I prefer it all black tbh
Improve nav for sites with no hub
More refinements to navbar
Overhaul site navigation
Remove debug code from previous change
Do not show nav for logged-out users

This is more confusing than helpful most of the time. Logged in users
would use these to go to the dashboard for each service, but logged-out
users don't have a similar use-case and often get confused by these
links, thinking that they will take you to pages related to the git repo
you're looking at.
Responsiveness improvements
Add separate path for service-to-service auth

How this basically works is:

1. A fernet key is established which is shared between all services
2. For website logins, a cookie with the user's meta.sr.ht profile info
   is encrypted with the fernet key and placed on the global domain
3. For API access, the fernet key is used to sign and encrypt a header
   with a short JSON payload specifying the username the request is made
   on behalf of, as well as the client ID for the requesting service. A
   synthetic OAuth token is generated on the fly at the other end.

Problems this solves:

- Single sign-on/sign-off
- API authentication prior to first log-in at each service
- Referencing unknown users will fetch their info and make them known
  (e.g. adding new users to an ACL before their first log-in)

Future improvements:

- Drop the core.sr.ht flask.session wrapper
- Use session IDs from the database to allow session revocation
- Add a version number to the user info cookie so we can go back and
  update our webhooks et al when necessary

I have attempted to leave the OAuth path in place, so that third-parties
can run *.sr.ht services with upstream meta.sr.ht handling logins, but I
have not tested this code.
nofollow on login links
Fix get_origin usage in nav.html
Allow admins to configure svcs to talk over LAN
49b3150a — Francis Dinh 2 years ago 0.39.1
Fix username link in navigation

The link extended by an extra space due to extra whitespace before the
closing </a> tag.
Add layout-full template