patillacode/piruetas
patillacode/piruetas
1
0
Fork 0
Code Issues Pull requests Projects Releases 20 Packages 1 Wiki Activity Actions
20 releases 20 tags
  • v0.20.0 331b34e5fa

    v0.20.0
    All checks were successful
    Release / test (push) Successful in 39s
    Details
    Release / e2e (push) Successful in 6m32s
    Details
    Release / build (push) Successful in 1m56s
    Details
    Stable

    patillacode released this 2026-05-25 21:29:31 +02:00 | 0 commits to main since this release

    v0.20.0

    This release is all about security visibility and keeping bots out.

    Security notifications

    Piruetas can now ping you in real time when things happen on your instance, things like admin logins, new signups, and rate limit hits.
    Both ntfy and Telegram are supported; configure whichever you prefer (or both) via NTFY_URL, NTFY_TOPIC, NTFY_TOKEN, TELEGRAM_BOT_TOKEN, and TELEGRAM_CHAT_ID.
    All optional, all off by default.

    Sharing age gate

    New accounts have to wait 7 days (by default) before they can share journal entries publicly.
    The share button is disabled in the meantime and tells you exactly how many days are left.
    Admins are exempt.
    If 7 days doesn't fit your setup, SHARING_WAIT_DAYS lets you change it. Set to zero 0 if don't want to enable this feature.

    Bug fix

    Corrected a template block placement in the admin users page that was causing page scripts to load incorrectly.

    Downloads
  • v0.19.0 d16136a73c

    v0.19.0
    All checks were successful
    Release / test (push) Successful in 36s
    Details
    Release / e2e (push) Successful in 6m26s
    Details
    Release / build (push) Successful in 1m51s
    Details
    Stable

    patillacode released this 2026-05-06 21:56:48 +02:00 | 5 commits to main since this release

    v0.19.0

    Admin: User Stats & Banner Messages

    The admin panel now shows per-user statistics and lets you set a banner for individual users.

    New User fields (applied via safe ALTER TABLE migration on startup):

    • last_login: timestamp of the user's most recent login
    • storage_bytes: disk usage across all uploaded images, recalculated on a schedule
    • banner_message: a warning or notice shown to the user on every page

    Admin user modal now surfaces: last login date, total storage used, entry count, and days written.
    Admins can set or clear a banner per user directly from the modal.
    The demo account gets a default banner explaining the periodic data reset.

    New scheduled task (recalculate_storage) runs alongside the existing cleanup and vacuum jobs, keeping
    storage_bytes up to date.

    All new strings are translated in both English and Spanish.

    Fix: Self-hosted Ko-fi Badge

    The Ko-fi support badge image is now served from /static/img/kofi1.png instead of the external CDN, avoiding a
    third-party request on the landing page.
    README description of the admin panel was also corrected.

    E2E Test Suite Refactor

    The flat tests/e2e/ directory has been reorganized into focused subdirectories:

    • test_auth/: login, logout, registration, rate limiting, demo user, password recovery
    • test_account/: password change, data management, recovery codes, demo restrictions
    • test_admin/: banner management, user deletion, admin tasks, user list, user stats
    • test_journal/: entry CRUD, image upload, navigation, sharing
    • journeys/ multi-feature end-to-end journeys: admin lifecycle, orphan image cleanup, recovery flow, share flow, user stats

    Also adds locale-switching tests and fixes an admin_page fixture leak (now uses an isolated browser context).

    Downloads
  • v0.18.0 01b2d25fd8

    v0.18.0
    All checks were successful
    Release / test (push) Successful in 35s
    Details
    Release / e2e (push) Successful in 4m42s
    Details
    Release / build (push) Successful in 1m45s
    Details
    Stable

    patillacode released this 2026-05-03 14:25:13 +02:00 | 8 commits to main since this release

    v0.18.0

    arm64 support & GHCR publishing

    What's new

    • Raspberry Pi support: Docker images are now built for both linux/amd64 (standard servers and desktops) and linux/arm64 (Raspberry Pi 4/5, Apple Silicon).

    • Images on GitHub Container Registry: images are now published to GHCR (ghcr.io/patillacode/piruetas) in addition to the Forgejo registry.
      GHCR requires no authentication to pull and is the recommended source for new deployments.

    Upgrading

    Existing users on Forgejo registry: docker compose pull && docker compose up -d (no changes needed)

    New users or those switching to GHCR, update your compose.yml:

    image: ghcr.io/patillacode/piruetas:latest
    Downloads
  • v0.17.0 6a2aef6137

    v0.17.0
    All checks were successful
    Release / test (push) Successful in 35s
    Details
    Release / e2e (push) Successful in 5m13s
    Details
    Release / build (push) Successful in 51s
    Details
    Stable

    patillacode released this 2026-05-03 05:16:25 +02:00 | 9 commits to main since this release

    v0.17.0

    Features

    • Proxy headers middleware: When TRUST_PROXY=true, the app now enables ProxyHeadersMiddleware so that real client IPs are correctly resolved when behind a reverse proxy (nginx, Traefik, etc.).
    • robots.txt: Added a /robots.txt endpoint that allows crawlers on public-facing pages only (/, /about, /terms, /privacy, /login, /signup, /forgot-password) and disallows everything else, keeping journal content and private routes out of search indexes.

    Internal

    • CI/CD: Split the single docker.yml workflow into separate ci.yml (tests/lint) and release.yml (build/push image) workflows for cleaner pipeline separation.
    Downloads
  • v0.16.0 d2cc9a2483

    v0.16.0
    All checks were successful
    Test and publish Docker image / e2e (push) Successful in 4m57s
    Details
    Test and publish Docker image / test (push) Successful in 36s
    Details
    Test and publish Docker image / build (push) Successful in 47s
    Details
    Stable

    patillacode released this 2026-05-02 15:23:40 +02:00 | 11 commits to main since this release

    v0.16.0

    Bug fixes

    • Demo account hardening: the demo user can no longer change their own password, access or regenerate recovery codes, or use the forgot-password flow.

    This closes a troll trend where anyone with demo access could lock other visitors out.

    Downloads
  • v0.15.0 50b5d94811

    v0.15.0
    All checks were successful
    Test and publish Docker image / test (pull_request) Successful in 36s
    Details
    Test and publish Docker image / e2e (pull_request) Successful in 4m45s
    Details
    Test and publish Docker image / build (pull_request) Has been skipped
    Details
    Test and publish Docker image / test (push) Successful in 34s
    Details
    Test and publish Docker image / e2e (push) Successful in 4m41s
    Details
    Test and publish Docker image / build (push) Successful in 47s
    Details
    Stable

    patillacode released this 2026-05-02 11:58:36 +02:00 | 4 commits to main since this release

    v0.15.0

    Features

    • Demo user banner: Demo accounts now display a persistent banner showing a live countdown to the next
      scheduled data reset. The banner uses role=status for accessibility and updates in real time.
    • Clock-aligned demo resets: The demo cleanup loop now aligns to clock half-hours (:00 and :30) rather than
      running on a fixed interval from startup. The next reset timestamp is exposed to the frontend for accurate
      countdown display.

    Fixes

    • Editor link insertion: Selecting text and inserting a link via the toolbar now correctly preserves the
      selection. Previously, focus shifting to the URL input lost the selected range; the selection is now saved
      before the modal opens and restored on confirm. The Enter key is also scoped to the URL input to prevent
      keystrokes from leaking into the editor after the modal closes.
    • Editor link styles: Inserted links in the editor are now visually underlined (.ProseMirror a).
    • Skip link: Fixed unreliable positioning by switching from position:absolute; top:-100% to position:fixed; translateY(-100%).
    • Ko-fi button: Added width:auto; display:inline-block to prevent the button image from stretching to fill its container.
    • Signup form links: Links now use accent color + underline instead of muted text with no decoration.
    • Demo banner stability: Cleared the countdown interval before triggering a reload to avoid double-fire.
      Guarded against NaN timestamps from missing or malformed data-* attributes.
    • Demo banner layout: Corrected a duplicate vertical offset that pushed the banner too far down on pages using the app layout.
    • Half-hour boundary condition: Fixed an off-by-one in _seconds_until_next_half_hour that could return 0seconds exactly on the boundary.
    • Demo reset timestamp: demo_next_reset_ts is now only computed when is_demo is true, avoiding unnecessary work on every request.

    Tests

    • Unit tests for _seconds_until_next_half_hour covering boundary and midpoint cases.
    • E2E tests for the demo banner (visibility, countdown display, role attribute).
    Downloads
  • v0.14.0 10675b3693

    v0.14.0
    All checks were successful
    Test and publish Docker image / test (push) Successful in 34s
    Details
    Test and publish Docker image / e2e (push) Successful in 4m25s
    Details
    Test and publish Docker image / build (push) Successful in 47s
    Details
    Stable

    patillacode released this 2026-05-01 20:41:29 +02:00 | 13 commits to main since this release

    v0.14.0

    Accessibility

    • Full WCAG AA contrast audit across all UI components
    • Improved keyboard focus styles and focus management throughout the app
    • Focus trap for modal overlays
    • Semantic HTML improvements on auth, layout, and editor templates

    Code quality & internals

    • Extracted export logic into dedicated app/export.py module
    • Renamed app/auth.py to app/session_token.py for clarity
    • Extracted Jinja2 macros into app/templates/macros.html
    • Theme switching logic moved to dedicated app/static/js/theme.js
    • Added CSS export bundle (app/static/css/export-bundle.css)
    • Router cleanup across account.py, auth.py, and journal.py

    Bug fixes (QA)

    • Fixed form layout and styling issues on mobile
    • Auth JS improvements (signup/login edge cases)
    • Recovery codes page polish
    • i18n string additions for missing UI labels

    Tests

    • Expanded e2e suite: new test files for account, auth, registration, and sharing flows
    • Reorganised e2e test structure (test_data_management.py → test_data.py)
    • New unit tests for account, entries, and security

    Docker / CI

    • .dockerignore and compose.yml improvements
    • Docker workflow updated

    Landing page

    • Replaced old landing screenshots with new feature-specific screenshots
    • Added scripts/take_screenshots.py for automated screenshot generation
    • Landing page CSS and copy updates for public release
    Downloads
  • v0.13.0 a57f275727

    v0.13.0
    All checks were successful
    Test and publish Docker image / e2e (push) Successful in 3m29s
    Details
    Test and publish Docker image / test (push) Successful in 1m40s
    Details
    Test and publish Docker image / build (push) Successful in 49s
    Details
    Stable

    patillacode released this 2026-04-28 16:23:03 +02:00 | 17 commits to main since this release

    v0.13.0 - Security & Account Recovery

    New features

    • Recovery codes: Users can now generate a set of 12 one-time recovery codes from their account security
      page. Codes are bcrypt-hashed at rest and can be used to regain access to an account when the password is
      lost.
    • Forgot password flow: New forgot-password page and supporting auth routes let users request a password
      reset without admin intervention.
    • User self-registration: Signup is now a proper auth route (/auth/signup), replacing the old top-level page.
    • Privacy Policy and Terms of Service pages: Static /privacy and /terms pages added.

    Improvements

    • Security page (/account/security) redesigned to surface recovery code management alongside existing
      password-change controls.
    • Admin user management table updated for clarity.
    • i18n dictionaries extended with translations for all new flows (en/es).
    • Landing page and form styles polished.

    Tests

    • New test modules: test_recovery.py and test_recovery_routes.py covering code generation, consumption, and
      all new auth endpoints.
    Downloads
  • v0.12.0 84bdf7f001

    v0.12.0
    All checks were successful
    Test and publish Docker image / e2e (push) Successful in 3m26s
    Details
    Test and publish Docker image / test (push) Successful in 30s
    Details
    Test and publish Docker image / build (push) Successful in 48s
    Details
    Stable

    patillacode released this 2026-04-27 18:43:57 +02:00 | 20 commits to main since this release

    v0.12.0 - Public Launch

    This release makes Piruetas publicly presentable:
    unauthenticated visitors now land on a product page instead of being bounced straight to the login form.

    What's new

    Landing page

    The root route (/) now serves a full marketing page for visitors who aren't logged in. Authenticated users are
    still redirected directly to today's journal entry as before. The landing page includes:

    • Animated headline and hero section
    • Desktop + mobile screenshots (light and dark)
    • Feature highlights and "try it" block with demo credentials
    • Self-hosting instructions (one-liner and docker-compose)
    • Language switcher (EN/ES) and theme toggle

    Self-hosted fonts

    EB Garamond and JetBrains Mono are now bundled as self-hosted .woff2 files so the landing page loads cleanly without any external font CDN requests.
    Full i18n coverage for all new landing page strings in both English and Spanish.

    Polish

    • Admin tasks page "Run now" button now uses the shared .btn.btn-accent style instead of one-off inline CSS
    • Account data and security pages: minor typography alignment fixes
    • Login page: added a styled "back to landing" link
    Downloads
  • v0.11.0 ddd6819d1e

    v0.11.0
    All checks were successful
    Test and publish Docker image / e2e (push) Successful in 2m15s
    Details
    Test and publish Docker image / test (push) Successful in 31s
    Details
    Test and publish Docker image / build (push) Successful in 50s
    Details
    Stable

    patillacode released this 2026-04-25 12:55:01 +02:00 | 21 commits to main since this release

    v0.11.0

    Product landing page

    Added a public-facing landing page at / for unauthenticated visitors.
    Previously the root redirected straight to login.

    What's new:

    • New landing page (app/templates/index.html) with light/dark product screenshots, marketing copy, and a clear
      call-to-action to sign up / log in
    • Dedicated stylesheet (app/static/css/landing.css) — scoped to the landing page, no impact on the app shell
    • Self-hosted EB Garamond and JetBrains Mono fonts (app/static/fonts/) with a shared fonts.css manifest;
      reduces third-party font requests across the app
    • i18n strings extended (app/i18n.py) to cover all landing page copy in EN and ES
    • Minor form CSS tweak (forms.css) and template polish across account, admin, and login pages
    • Security tests updated to account for the new unauthenticated root route
    Downloads