Publ v0.7.15, Authl v0.6.1

I haven’t been working on this stuff in a while, but there were reasons to make some updates and releases for both Publ and Authl.

Publ changes:

• Updated dependencies and fixed code standards to the latest pylint and mypy
• Fixed a bug where if an image file disappears before the async rendition is generated, it was generating a 503 error instead of a 404

Authl changes:

• Updated packages and fixed code standards to the latest pylint and mypy
• Removed a couple of Fediverse method hacks which are no longer necessary due to updates in mastodon.py

Some of the dependency changes necessitated updating the minimum Python version; in particular, Publ and Authl now require Python 3.7.2 or greater. But if you’re still running Python 3.6 for some reason you’re used to things being broken or outdated.

Also, due to an impending change in Flask, the Publ API is going to have to change somewhat; the short version is that app.secret_key will no longer be the means of configuring authentication. Most likely the config will change to get a secret_key key within the auth section instead. This actually makes the configuration a lot easier to deal with anyway, and I was never happy about this inconsistency. (In fact, I’m pretty sure that’s how it used to be configured until I changed it to be more Flask-like in the first place!)

It’s also possible that publ.Publ will revert to being a function that constructs a Flask application object, rather than being a subclass of Flask, but I haven’t yet investigated what the implications of this change would be. I believe there are a few places in the Publ codebase which rely directly on the subclass relationship (which would be difficult to change, such as the way that the Authl instance is associated with the application), and prior to that there’s a reason I switched it from a factory to a subclass in the first place, although I can’t quite remember what it was (it was probably either something to do with the ORM’s startup behavior or something to do with Authl’s lifetime). Either way, it’ll take significant investigation, and this will be necessary before Flask 2.3 is released. (In retrospect I meant to pin Publ’s Flask requirement to <2.3.0 before I did this release, but I forgot. Oops.)

Publ v0.7.14 released

Publ v0.7.14 is now released. Changes:

• Images now only get rendered when they’re first retrieved
• Certain classes of date-handling issues are handled less-badly on 32-bit systems

Publ v0.7.10 v0.7.11 released

Version 0.7.10 0.7.11 of Publ has been released. Not much different from 0.7.9:

• Force an update of Pygments to remove a temporary backwards-compatibility hack
• Add proper support for WebP image compression (as seen in the image rendition options)
• Make the installations of whoosh and authl optional, to cut down on installation bloat for sites that don’t need them

The dependency changes have the potential for breaking functionality in existing sites. In order to restore full-text search and federated authentication, you’ll need to add whoosh and authl to your deployment options, respectively. If you’re using Poetry or another dependency manager which understands extras, you can specify the search and auth extras in your pyproject.toml; for example:

[tool.poetry.dependencies]
python = "^3.8"
gunicorn = "^20.0.4"
publ = {version = "^0.7.9", extras = ["search","auth"]}
pushl = "^0.3.3"
python-memcached = "^1.59"

Hopefully this is a helpful change for some people, and not too annoying for others.

Update: Until I tried to roll out a site without Authl enabled, I had failed to realize one spot where Authl was still being unconditionally imported. If you actually want to run without Authl, update to v0.7.11.

Publ v0.7.9 (a very minor update)

Publ v0.7.9 is out. The only change from 0.7.8 is a bugfix to fenced code blocks, which were broken by an excruciatingly subtle change to the pygments API. Oops.

Publ v0.7.8 released

Another update to Publ. Changes in this release:

• The TicketAuth request flow now supports rel="canonical" URLs on the profile page
• The Entry get and get_all APIs now respect the security model, as an extra helpful safety check

Publ v0.7.7 released

It’s been a hot minute since I’ve worked on any Publ stuff, but v0.7.7 is now released. The following changes have been made since then:

• TicketAuth: added support for the provisional request flow and for refresh tokens
• Also added an optional scope parameter to the TicketAuth request (which Publ itself doesn’t use and it doesn’t make much sense in a TicketAuth context but maybe someone will have a use for it)
• Added the ability to specify absolute links on the login and logout template functions
• Allow disabling the index watchdog
• Properly strip tables from auto-generated entry summaries

Publ v0.7.6

Both a minor update, and a major one; due to upstream vulnerabilities in Pillow, which are only resolved in a version which drops support Python 3.6, Publ now also drops support for Python 3.6.

There are no other changes.

Publ v0.7.5

Releasing v0.7.5 of Publ just to get some bugfixes out. Namely:

• Update Flask to v2.0 and refactor around typing issues
• Add missing test for path_alias_regex
• Handle normalization collisions better
• Don’t erroneously pre-strip markup from autosummary
• Improve handling of pre-paragraph block tags in paragraph extractor

Publ v0.7.4, Authl v0.6.0

Released new versions of Publ and Authl today.

First, the Authl changes:

• Fixed some test coverage
• Changed Twitter user URLs to be stable (but less readable)
• Added profile_url field to user profiles to make up for the Twitter URL thing

And the Publ changes:

• Fixed image cache stale directory removal
• Fix ETag output
• Full-text search now properly excludes future articles
• Added a filename normalization tool
• Fixed an Internal Server Error that occurred from a malformed or expired bearer token (AutoAuth et al)
• Updated to Authl 0.6.0 and made use of the new profile_url field

Publ v0.7.3

Publ v0.7.3 is now out, with the following changes:

• Properly handles markdown and HTML stripping in summary text
• Improves first-paragraph extraction for OpenGraph cards
• Reduces unnecessary image renditions for OpenGraph cards
• Finally deprecates the AUTHL_FORCE_SSL configuration setting
• Adds group display to the user information on the admin panel
• Fix the PyPI listing
• Make the image rendition cache purge mechanism actually, you know, work

Note that entry.summary now takes an optional parameter, markup, which defaults to True, for the sake of consistency with the rest of the Publ templating API. If you are using entry.summary to provide descriptive text for things (e.g. <a title="{{entry.summary}}"> or <meta name="description" content="{{entry.summary}}">) this will have to change to {{entry.summary(markup=False)}}.

Pushl v0.3.3

Pushl has been updated, specifically to rewrite the way that feeds are parsed to avoid a problem due to feedparser internals changing in a way that made the caching mechanism stop working.

Authl v0.5.2

Authl v0.5.2 is now out.

Changes:

• Fixed some caching-related issues on IndieAuth profiles
• The IndieAuth handler now supports PKCE
• IndieAuth takes detection priority over Fediverse
• Authl is now compatible with Flask 2.0

Authl v0.5.1 released

I’ve just released v0.5.1 of Authl. The only functional change is adding support for actually parsing IndieAuth server response profiles (rather than just requesting one and only using the h-card), now that there’s implementations in the wild, meaning that egg has hatched into a chicken.

There were also some minor documentation cleanups since v0.5.0.

Publ v0.7.2, Authl v0.5.0

Big new releases for Publ and Authl!

Publ changes:

• Added support for IndieAuth Ticket Auth, allowing aware readers to automatically log in on your behalf and get private entries
• Added support for HTML 5 lazy image loading; all images are now lazy-loaded by default

Authl changes:

• Improve the meta robots rules on the login form
• Add IndieWeb endpoint discovery to the profile

SQLite vs. Postgres, at a glance

There’s a general belief that SQLite is a “slow” database and Postgres is “fast,” and many software packages (including FOSS) insist that SQLite is only suitable for testing and doesn’t scale. However, this doesn’t make much sense when you think about it; SQLite is an in-process database so there’s no communications overhead between the service and the database, and because it’s only designed to be accessed from a single process it can make use of optimistic locking to speed up transactions.

Since I was installing postgres for another purpose on my webserver, I decided to quickly see if Publ performs better on Postgres vs SQLite. To test the performance I compared the timing for my website on both doing a full site reindex, and rendering the Atom feed several times (using the debug Flask server and caching disabled).

Publ 0.7.1, now with full-text search

I finally got around to adding whoosh full-text search to Publ, as an experimental feature. See it in operation.

Other changes:

• Improve the way that tag names get normalized
• Change entry.prev and entry.next to not default to subcategory recursion if a category context is specified

v0.7.0 finally released

It took me way longer than I should have, but I finally decided to bump the minor version of Publ to 0.7.0.

My original intention was to only do that after getting the unit test coverage up to 90%, then to 80%, then to 50%… but it’s at 45% and that’s Good Enough I guess. I’d still like to get some proper automated testing in place for the bits that are tricky to test but with a system as complex as Publ it’s not particularly clear how to do a lot of that. The main issue is a fundamental mismatch between how the underlying ORM works vs. how unit testing is supposed to work, and I’ve so far been unable to square that circle. But maybe someday I’ll get the test coverage number up where I want it to be.

In any case, the only actual code change since 0.6.14 was some fixes to how page redirection works, especially around private entries.

Publ v0.6.14

End-of-the-year updates to Publ, mostly bug/interoperability fixes but a couple of small new features:

• URL chasing (e.g. example.com/1234 → example.com/blog/1234-hello-world) now uses permanent redirects
• Tag displayname normalization only updates if the newly-seen version is mixed-case
• You can now configure template default layout options globally
• view now has a has_unauthorized property
• Hidden tags no longer appear in category.tags
• Generated tag-browsing URLs (e.g. view(tag=...).link, entry.archive(tag=...), etc.) will normalize the case and order of included tags

Assuming this is stable, this will become the basis of the long-overdue 0.7.0 release.

Publ v0.6.13 released

Just some minor fixes for v0.6.13:

• Database performance improvements
• SEO improvements
• Fix the Windows test runner (ironically untested)
• Remove the minimal sample site from the source repository, as this is better served by the git repository for this site and the getting started documentation.

Authl v0.4.6 released

Wow, it’s been a while since I’ve worked on this stuff, huh?

Anyway, IndieAuth validation rules have changed for the better, so Authl has been updated accordingly.

There’s a few other changes as well:

• On IndieAuth profiles, p-pronoun is treated as a fallback for p-pronouns
• The Flask templates add some rel="nofollow" in some appropriate places