TIL

The … (the Unicode ellipsis character) works as both a Crystal Language macro and method name, as in:

macro …(str, n)
  Ktistec::Util.render_as_text_and_truncate({{str}}, {{n}})
end

Which can be used in a view template as:

= … preview, 120

I'm not saying you should. I'm saying you can.

#crystallang #til

the kingdom was lost for want of a path attribute in a cookie... 😡

I love a good discussion, but navigating large threads is difficult, and filtering the dross to find the silver and gold is tedious. I am working on thread analytics and an improved thread header to make it easier to identify the interesting bits and to quickly navigate to them.

Here's a peek:

In addition to top contributors, the thread header now includes a timeline histogram showing periods of engagement, and a table of contents with notable branches and direct links to those branches.

This feature is still under development, so expect changes and refinements before the next release.

#ktistec

Okay, my analysis is complete! Here are the core changes to Ktistec required for Mastodon API compatibility:

• PKCE (Proof Key for Code Exchange) must be optional: Because Mastodon makes PKCE optional, clients don't support it, which means other servers can't require it. PKCE (and the code_challenge parameter) ensures that an authorization code can only be exchanged by the client that initiated the OAuth request.
• Support for the client_credentials grant type: The client_credentials grant type is used to grant a client app-level access without requiring user authentication. Mastodon requires this for some of its "public" API endpoints. This necessitates a change to the database schema to allow a null account id in the client secrets table.
• Addition of a created_at timestamp property: Mastodon requires a non-standard created_at property in the body of the /oauth/token endpoint response instead of (in addition to) the standard expires_in property.
• Support for both form-encoded and JSON request bodies: This isn't a Mastodon requirement per se but popular clients clearly demand some latitude in what they send.
• WebFinger must accept requests with no resource parameter: This is honestly a bug on my part.
• Mastodon-compatible endpoints: A boatload of them. Clients expect many endpoints and don't gracefully degrade if they're not present. Really I should just implement features like pinned posts and bookmarks...

The only thing here that gives me heartburn is that PKCE is not required.

#ktistec #mastodonapi #oauth

mastodon's creative extensions to oauth are gonna make me cry...

Ktistec is going to require that clients support PKCE

both 1000xRESIST and Clair Obscur: Expedition 33 are listed a "playable" on the Steam Deck but not "verified". it sounds like some of the problem might be frame rate. i'm unsure whether or not to take the risk. sadly neither run on a mac.

ugh, i just spent an unfortunate amount of time obsessing about focal points...

There are two big features in release v3.1.3 of Ktistec: auto-approve followers and a new image viewer.

Auto-approve followers is conceptually simple ("the server automatically sends an Accept activity when it receives a Follow activity") but it required extensive changes to some of the oldest code in the codebase: the inboxes and outboxes controllers. I refactored inbox and outbox side-effect processing into independent services, which made it possible to support side-effects like auto-approve follow (and also auto-follow back), without having to go through the controllers.

A more significant change for me personally was replacing the lightGallery image gallery (an external dependency) with my own implementation. It's not as slick, and not as full of features—I wrote it in two days—but it is fully free software, and that's important to me.

Added

• Add admin page for managing OAuth access tokens.
• Add support for auto-approve followers. (fixes #26)
• Add support for auto-follow back.

Fixed

• Prevent triggering actor refresh when user is anonymous.

Changed

• Replace "lightgallery" dependency with custom image viewer.
• Set OAuth access token expiry to 30 days (previously expired after 24 hours).
• Refactor inbox and outbox processing into dedicated processor services.

The OAuth changes set the groundwork for better support of the Mastodon API and the Fediverse clients that depend on it. Stay tuned!

#ktistec #fediverse #activitypub #crystallang