1. two cool things in lemoncurry 1.8

    i decided to bump the minor version because there are two fairly big improvements in lemoncurry 1.8!

    first up, lemoncurry does pagination!! 📄

    • every entry feed page now automatically paginates, ten entries to a page, which is good because i’ve now written thirteen entries here. which actually is.......... not a lot, i guess? but it’d have gotten real slow eventually if it kept on having to load every single entry all the time 😉
    • all the paginated feeds use rel="next" and rel="prev" appropriately, so it’s still very easy for programs to navigate. this is very good for indieweb feed readers, like woodwind, as well as for sufficiently advanced screen readers?

    the other exciting thing is improved micropub support! there are two major improvements that make lemoncurry more compliant with the micropub spec and therefore more compatible with a variety of micropub clients

    • my previous implementation only supported formencoded requests, which is the default format that all micropub servers are required to handle. however, micropub also defines a json request format, which happens to be more powerful in various ways, so now i support that too!
    • to authorise any micropub request, you have to provide a token - i supported one way of doing this, which is setting the Authorization http header, but the spec also allows the token to be passed as a query or form parameter, so now i support that too ✨

    yay!!

    but what’s next? well, the infrastructure changes i made while implementing those two improvements will make it way easier to implement the other aspects of micropub i haven’t yet, too:

    • you’re supposed to verify the oauth scopes attached to the client’s micropub token? that’s stuff like “yes, this particular token has been granted permission to create new entries”. you’ve probably seen the little prompts while oauthing with sites before, when you give your third-party twitter clients permission to post tweets and stuff like that. my previous token auth code made scope verification pretty annoying to do, but it should be as simple as a cute little check like this now?

      if 'create' not in token:
        return deny("you can't create new entries!!")
      
    • the micropub spec allows you to update existing entries as well as make new ones! however, it only allows updates to be provided in the json request format, not the formencoded request format. so of course that wasn’t possible when i only supported formencoded requests, but it should be easy enough to do now 🐱 yay!

    • the auth logic was pretty much hardcoded into the POST /micropub view handler before, which is bad because you actually need to use it in a few other places too - i had duplicate auth logic in GET /auth/token, since its whole job is verifying that the token is valid and will be accepted by POST /micropub? there’s also additional endpoints, like GET /micropub, that i haven’t implemented yet but that will need to reuse the same logic too

    pretty rad?? 🐎