~sircmpwn/meta.sr.ht

Replace x/crypto package by ProtonMail/go-crypto to support ed25519 OpenPGP keys
API: Don't attempt to parse IPv6 as a hostname

Fixes a crash that occurs when the remote address is an IPv6 address.
The address should only be parsed as a hostport string if it also cannot
be parsed as a normal IP address.
699f8ae5 — Peter Sanchez 7 days ago 0.56.23
go.mod: core-go version bump
Add query param to select oauth2 token grants
Make User.userType @private

This allows requests with a private token or a cookie to query this
field.
.builds/alpine.yml: drop -t from ssh

Why was this ever here? Maybe sudo wanted it, dunno.
API: Fix nil dereference on URL validation error
API: suspensionNotice is nullable
auth: fix open redirect bug on non-2FA login

Thanks to Dag Vikan for pointing this out.
Fix field name when validating the PGP key in RegisterAccount

The consequence was that a validation error related to PGP key was not
shown on the web interface when trying to register a new user.
OAuth 2.0: fix duplicate grants in kwargs
API: Correct name of username constraint
auth: import validate_password

This fixes password resets, which I forgot were still handled by Python.
API: Log new user registrations
Re-introduce auth_validation.py

This is used in a couple of places I had missed.
Move account registration into GQL

This moves the account registration process into GraphQL and updates
meta.sr.ht to be a thin shim on top of it. This also adds a database
constraint to prevent duplicate emails - thankfully there was only one.

This change also fixes a couple of lingering bugs: attempting to sign up
with a PGP key already in the system now shows an error, and a few
places where key_id was still used in the UI were replaced with
fingerprint_hex.
The nice thing about statically typed languages is that when you change the name of something, everything that you need to update causes a compiler error
This is the nightmare change which is never fixed
Legacy API: Further improvements to PGP keys
API: More PGP key fixes

Yeesh, I had thought I tested this pretty exhaustively.
Next