Biggest ?
Interacting with shikijs, the CLI doesnt seem very powerfull, but it looks like it will work. I dont see any options to tell it to use transformers, but maybe there is a way. Figure this out, worst case i have a local webserver to wrap shiki.
MVP
- generate a webpage that displays notes with syntax highlighting
- allow notes to define the routes displayed in the address bar and other aliases
- Refresh changes after files have been changed or off time
- simple note layout and linktree style homepage
- section for displaying notes like this note and a section for wiki style notes
Core goals
- Have all posts be entirely configured by yaml frontmatter
- set the /url manually from yaml, also have aliases for name changes
- cache changes from disk to a db.
- detect changes to files to update cache in db. Maybe an admin page? or auto scan changes every X minutes?
- auth for admin page?
- Use “custom” auth (discord/twitch login) and only persist account info if i really need to (i dont for 99% of things this site will be used for)
- xml sitemap
Security
- 3rd party oauth (most likely discord, github or steam) for admin page (maybe restrict admin page to VPN ips only)
- Strip all image metadata using image magick (
mogrify -striporconvert -strip) - Admin account ids to be stored outside the db, either as appsettings.json or container env vars. To prevent any accidental changing when doing db operations.
- If I decide to do user comments / interactions, only store user email and the registering platform user id. No passwords here, to much to deal with.
- rootless podman?
- spend more time actually learning linux user permissions
- No reason currently to persist data protection keys. Since all it will do is force users to login again with an oauth provider. Worst cast its a little annoying if the site reboots right after logging in
Workflow
- Author notes in Obsidian or any other markdown editor, as long as all the page links are full (relative to the root of the vault/notes)
- Set page properties like page name, url…
- push markdown files to a remote folder that is a full copy of the obsidian vault
- server detects file changes or auto scans every X and rebuilds notes that have changed. (hash?metadata? say fuck it and full rebuild everytime?)
Style / Layout References
https://emnudge.dev/ a good mobile first layout that doesnt feel like desktop loses anything. I dont like how the notes page looks
Resouces
[Blazor Authentication Tutorial - How to Authorize in Blazor Blazor Tutorial This is more or less how i remember setting up auth before, pray its not changed.
External Login Authentication from Scratch in Blazor
Libraries
https://github.com/shikijs/shiki https://github.com/litedb-org/LiteDB
Notes
How do i plan on adding auth for the admin page? I need to figure out how to readd auth to a blazor site and have it work like a simple cookie based flow. But blazor handles its own bs inside the signalR connection. So work within the normal blazor way. The only data that needs to be stored locally is a login id (like a steam ID/github ID/ Twitch ID) and the role of that ID. In practice it should only be my account ID and it should be admin. I should be able to be a little lazy here without making anything less secure. The risk is giving access to the site someone else not leaking data (for now) as all the data on the site should be public anyway outside of the oauth provider secrets.
I think im only going to support updating notes through the file system. Most of the time im going to have access to scp or rsync files into the right directory anyway. This will also lower the risk of someone getting access to my account and editing pages.
Holy shit MemoryCacheTicketStore is the play. https://nestenius.se/net/improving-asp-net-core-security-by-putting-your-cookies-on-a-diet/
it lets you invalidate cookies server side without requiring you to use a db. I really dont want to use the normal blazor auth because its so extra for what i want. I need everything to be as simple as it can be.