fumix / fublog Goto Github PK
View Code? Open in Web Editor NEWBlog Software
Home Page: https://blog.fumix.de
License: Apache License 2.0
Blog Software
Home Page: https://blog.fumix.de
License: Apache License 2.0
If blog entries are linked or bookmarked from outside the system they may get deleted and still be referenced.
At the moment there will be just a blank screen.
API key must not be checked in here!
Provide API key via local configuration only.
Server and client running on developer machine.
At the moment we login the user with the ID token, which we receive from the OAuth provider, which will expire after a while (usually 3600 seconds).
This time span should be extended by refreshing the token.
https://kroki.io/ is a service to render diagrams from text. It's a HTTP interface to a number of tools like plantUML. It's also available as OS docker container for self hosting.
The markdown code-blocks can be used for embedded diagrams. When the markdown is rendered kroki is called on the content of such code blocks to render svg-diagrams. The svg-diagrams are inlined into the output html.
Within markdown the type of the diagram is defined at the "language" level, e.g. "diagram-plantuml". The string after "diagram-" has to match the kroki diagram id.
```diagram-plantuml
<some plantuml markup>
\```
When composing a new post, a draft should be persisted in intervals to avoid losing data when accidentally closing a tab or ending the session in some other way.
implement i18n to project.
add german and english messages
locale is set by env variables.
The admin panel should have some settings that can be toggled by ADMIN
users in the UI.
For starters I'd suggest:
Sometimes when a user filled the registration form and clicks submit, they get the message "User info not found!". When they try again it usually works, because it seems to be an issue that happens randomly sometimes.
Observed in production when logging in via our GitLab.
There's already an endpoint implemented that returns autocompletion suggestions.
see https://github.com/fumiX/fuBlog/blob/main/client/src/views/PostFormView.vue#L331
https://github.com/fumiX/fuBlog/blob/main/server/src/routes/posts.ts#L219
Folgende Berechtigungen sind vorgesehen:
Aufgaben:
Provide Login for the blog required for creating/editing posts.
The users are intended to be "internal" users.
NOT:
Provide a link to:
Either configure the links via environment variables, or make it configurable in UI: #37
When I start writing a new post, but leave the page without saving, the progress should be saved and the user should be able to continue where they left off when they return to the form.
The state should probably be stored in local storage or session storage, kind of like how Github does it with comments on issues and PRs, which are stored in the session storage.
Administrative UI mit Liste aller Benutzer in der DB (alle, die sich schon mal registriert haben).
Erstmal ohne Suche/Filter/Paging.
Jeder Benutzer in einer Zeile, mit Checkboxen o.ä. für die Berechtigungen.
Benutzer können gelöscht werden. Es genügt im ersten Anlauf richtiges Löschen. Später evtl. nur markieren und damit erneute Registrierung sperren, oder ähnliche Mechanismen.
Datensparsam: Nur absolut relevante Benutzerdaten werden gespeichert -> Email-Adresse.
Berechtigung: Diese Seite sollte über die Nav-Bar ("Administration" ?) erreichbar sein und über das "Adminstrations"-Recht gesichert sein:
API key must not be checked in here!
Provide API key via local configuration only.
We should use some key shortcut here to trigger auto completion to avoid unnecessary request we have to pay. Then maybe show a popup with three choices to select from.
Add code highlighting to code blocks
Currently we fetch the profile picture once on registration and then it does not change.
This should be done every time a user logs in, so changes in profile picture are reflected on our end.
Question: Should we allow people to opt-out of using the profile picture from the OAuth provider and instead use a different one or none?
Avoid sql injection via type orm, as this is still possible via search function for example.
Die Bearbeitung von Blog-Einträgen soll nur durch authentifizierte Benutzer erfolgen. Im ersten Wurf über Google-OAuth.
Der Login Button ist für jeden sichtlich, und jeder kann sich mit einem Google-Login anmelden. Neu angemeldete Benutzer werden in der Datenbank angelegt, aber ohne Rechte.
Über eine Umgebungsvariable wir eine Admin-Email-Adresse im Container konfiguriert. Wenn sich dieser Benutzer registriert, bekommt er auch gleich Admin-Rechte.
Aufgaben:
-[ ] Google als OAuth-Provider einrichten.
-[ ] Anleitung, wie ein neues Blog-Deployment (produktiv und für lokale Tests) bei Google registriert werden kann.
-[ ] Anlegen der Benutzer in die Datenbank, bei erstmaligem Login, ohne Rechte.
-[ ] Docker-Umgebungsvariable für Admin-Email umsetzen - diesen User bei erstmaligem Login mit Admin Rechten speichern.
API key must not be checked in here!
Provide API key via local configuration only.
Extracted from #17:
Allow deletion of users:
If there are still posts, these should be showing as „authored by a deleted user“.
Initial setup of the main blog UI.
Not:
Figure out how the user management, authentication and authorization should work.
Ideally deferred to some OpenID connect service like Azure (what we have for everybody).
Questions to be decided:
Sharing images should be added to at least links to a single post.
https://github.blog/2021-06-22-framework-building-open-graph-images/
https://ogp.me/
When getting a post from the backend, createdBy and updatedBy leaks complete user info (email, roles etc), that is not relevant to the client. This should be hidden. Only return what is relevant for display.
Create a docker container containing node server and able to serve the UI pages.
Details TBD.
Node server can access a postgres database.
At the moment we use (at least) two different indentations:
*.json
, *.yml
, on client side: *.ts
)*.ts
)I created an .editorconfig
file, so the different editors pick up the correct basic formatting (indentation, line feed type, character encoding, …). JetBrains IDEs have a plugin respecting .editorconfig
files installed by default. In VSCode this extension needs to be installed.
Probably we should move to a unified indentation style across file types.
In order to avoid merge conflicts, this change should probably wait for a moment when there are as few branches around as possible.
cc @fumix/entwickler
When trying to save a newly created post in production environment, a 401 err is being thrown.
This is about this endpoint, which returns e.g. createdBy and updatedBy as ID instead of entity:
fuBlog/server/src/routes/posts.ts
Lines 36 to 50 in ac40333
Edit/Display blog posts from DB.
First shot to blog posts, just markdown. When stored in the DB, the original markdown is stored and also the rendered HTML (caching).
NOT:
kroki connect for diagramms (that's another story)
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.