Till Wegmueller
4f62ce2d3b
Add worktrees to ignore
...
Signed-off-by: Till Wegmueller <toasterson@gmail.com>
2026-04-06 17:16:35 +02:00
Till Wegmueller
950d54f531
chore: update gitignore for SQLite files
2026-04-06 17:16:05 +02:00
Till Wegmueller
f9b9c37e29
test: add full integration test covering multi-service WebFinger flow
2026-04-06 17:15:30 +02:00
Till Wegmueller
1ca65df43d
feat: finalize main.rs with graceful shutdown and full wiring
2026-04-06 17:15:30 +02:00
Till Wegmueller
244397274c
feat: add server-rendered web UI for domain owner management
2026-04-06 17:15:30 +02:00
Till Wegmueller
820a6410c4
feat: add Prometheus metrics endpoint and query instrumentation
2026-04-06 17:15:29 +02:00
Till Wegmueller
df3cc1eb91
feat: add rate limiting, request ID, and CORS middleware
2026-04-06 17:15:29 +02:00
Till Wegmueller
66b3de433f
feat: add background TTL reaper with orphaned resource cleanup
2026-04-06 17:15:29 +02:00
Till Wegmueller
9464e2692e
feat: add link registration API with scope enforcement, upsert, and batch
2026-04-06 17:15:29 +02:00
Till Wegmueller
a34da0a407
feat: add service token CRUD with pattern validation and revocation cascade
2026-04-06 17:15:28 +02:00
Till Wegmueller
9829f84034
feat: add domain onboarding API with ACME-style challenges
2026-04-06 17:15:28 +02:00
Till Wegmueller
7aa5a6738c
feat: add host-meta endpoint with domain-aware XRD response
2026-04-06 17:15:28 +02:00
Till Wegmueller
697c84accf
feat: add WebFinger query endpoint with rel filtering and CORS
2026-04-06 17:15:28 +02:00
Till Wegmueller
4b04cf9b76
feat: add test helpers with in-memory DB and test state
2026-04-06 17:15:28 +02:00
Till Wegmueller
1d4873ba75
feat: add SeaORM entities, cache, auth helpers, and AppState
2026-04-06 17:15:27 +02:00
Till Wegmueller
c993f4d703
feat: add database migrations for domains, resources, service_tokens, links
2026-04-06 17:15:27 +02:00
Till Wegmueller
8123752c9c
feat: project scaffold with config and error types
2026-04-06 17:15:24 +02:00
Till Wegmueller
59d7c88707
Add webfingerd implementation plan (16 tasks)
...
Covers: project scaffold, migrations, entities, cache, auth (prefixed
tokens for O(1) lookup), webfinger/host-meta endpoints, domain
onboarding with ChallengeVerifier trait, service token CRUD, link
registration with transactional batch, TTL reaper, keyed rate limiting,
Prometheus metrics, server-rendered UI, and integration tests.
2026-04-06 17:14:36 +02:00
Till Wegmueller
92e355e63b
Address minor spec review suggestions
...
- Document orphaned resource cleanup by reaper
- Acknowledge intentional domain_id denormalization on links
- Enable SQLite WAL mode by default for concurrent reads
- Fix session_secret config to be commented-out placeholder
2026-04-06 17:14:36 +02:00
Till Wegmueller
045365e0eb
Address spec review findings
...
- Add resources table for JRD subject/aliases (RFC 7033 compliance)
- Secure verify endpoint with registration secret (prevent race condition)
- Add unique constraint on (resource_id, rel, href) with upsert semantics
- Add cascade behavior for domain deletion and token revocation
- Add owner token rotation endpoint
- Fix host-meta to be domain-aware via Host/X-Forwarded-Host
- Define batch endpoint as all-or-nothing transactions
- Pin glob matching semantics with validation rules
- Document domain re-verification as known v1 limitation
- Require session_secret (no default), restrict /metrics via network
- Clarify multi-rel filtering and CORS scoping
2026-04-06 17:14:36 +02:00
Till Wegmueller
ed5ff2a796
Add webfingerd design specification
...
Multi-tenant WebFinger server (RFC 7033) with ACME-style domain
onboarding, scoped service token authorization, in-memory cache
backed by SQLite, and server-rendered management UI.
2026-04-06 17:14:35 +02:00
Till Wegmüller
a526566a43
Initial commit
2026-04-06 17:14:00 +02:00
