Commit graph

9 commits

Author SHA1 Message Date
0611aac45f Escape HTML while parsing Markdown documents to remove XSS vulnerabilities (#4)
Here, I opted to use the Markdown parser's detection of HTML so that we don't add another library. This does limit users somewhat, because it means that *no* inline HTML is allowed, but I think this is acceptable: this is a platform for project management, not general-purpose publishing, so inline HTML is probably not necessary. There is a clear upgrade path in the future to add sanitizing instead of escaping tags, if we want.

This approach also gives us a clear place to plug in detection of extra things, like custom `@` tags or other features.

Reviewed-on: #4
2024-06-03 18:15:52 +00:00
137dfa747d Improve editor user experience (no longer WYSIWYG, fixed bugs, added view vs. edit distinction) (#3)
This makes the editor experience much better (by subjective measures). Now instead of a WYSIWYG editor, we have a markdown code editor, and we also have the ability to view documents without editing them.

While I was at it, I fixed a bug where if you didn't edit a document at all, it would save blank. This was fixed as a happenstance from the switch.

Also included here is making the UI work with Javascript disabled. If you don't have JS, you will get a textarea which allows editing the markdown directly. If you do have JS enabled, you'll get a smarter editor.

Reviewed-on: #3
2024-06-03 14:56:15 +00:00
65ad20d197 Switch DB layer to Diesel from SeaORM and Fjall (#2)
Refactors Pique to use Diesel for the backing database layer instead of the previous choices of SeaORM and Fjall (with a custom DB on top of the KV store). This choice was made to speed up development. I found SeaORM much more challenging to discover things in than Diesel, and with Fjall I was getting mired in building things that already exist. This is a migration to a boring choice, and that's the right decision for this moment in time.

Among other things, the diff stats wind up being `47 files changed, 926 insertions(+), 950 deletions(-)` when you exclude lockfile changes and markdown changes. This validates that the code is not significantly more or less verbose, but is simply structured differently. So we're not giving anything up in brevity.

I decided to structure query calls into their own submodules, called `q` (short for `query`). I shortened the names to make it easier to type and make lines shorter, which may be a controversial take, but I think that it will wind up being worth it and will be easy to get used to.

I also renamed `Context` to `Provider`, because I think `Context` implies things like cancellation, while `Provider` implies giving access to resources, which is more precisely what's going on here.

Reviewed-on: #2
2024-06-02 18:37:15 +00:00
e0653e4bdd Create project and documents (#1)
This is a big dump of a lot of code, mostly making it so that:
- we have a key-value store
- we can create/save/load projects and documents
- there's a sidebar layout with some placeholders we may or may not need
- other stuff I forgot

Reviewed-on: #1
2024-05-21 12:59:04 +00:00
5b117e9a8c Remove remember-me / forgot-password since they're not implemented 2024-03-24 01:30:59 -04:00
e31994a8cf Add layout for main page with top bar 2024-03-24 01:28:21 -04:00
3acafda0d3 Create web skeleton, including Tailwind for CSS and hot reloading of CSS
and templates. Tihs also adds an ADR for using Tailwind.

Add a pile of dependencies

setup orm, add admin tool

admin tool does random pass if none provided

add tons of css stuff

finish up web skeleton
2024-03-23 12:43:02 -04:00
77d4ebb371 Add ADR for our choice of SQLite as our primary database,
backed up by experiments demonstrating that SQLite will meet all of our
requirements.

This also introduces ADRs in the repo, and adds a README in preparation
making the repository public.
2024-03-16 11:12:46 -04:00
05812a521e Ran cargo init. 2024-02-28 10:34:58 -05:00