Releases: jacobobryant/platypub
Important: bug fix in recaptcha verification
There've been a bunch of small updates since the last "official" release, but I'm announcing another release now because I just fixed an important bug. If you've published a real website with platypub, you should upgrade soon.
The recaptcha verification on the backend was completely broken because I forgot to add an await somewhere, so any bots who try to sign up for your newsletter will get through easily. (I noticed this because I started getting a bunch of fishy looking signups myself a few days ago.)
To upgrade:
- Do a
git pullon Platypub so you have the latest commits. - If you have any custom themes, change the
:git/shafor platypub/the default theme dependency to"c24d2f82585bd9a285417e98e8ffa997815529aa" - If you're running Platypub in production, deploy (
./task deploy, or./task soft-deploywould work too in this case) - Go to the "Sites" page in Platypub and hit "Publish" on all your websites.
To verify the recaptcha test is working, you can run curl --verbose https://<yourwebsite>.com/.netlify/functions/subscribe -d email=<email address> and make sure the request fails. For example:
$ curl --verbose https://biffweb.com/.netlify/functions/subscribe -d [email protected]
...
< location: https://biffweb.com/?error=recaptcha-failed&email=hello%40jacobobryant.com
...And then try to sign up from your web browser and make sure the signup works.
I have also added "Page" and "Referrer" fields to the Subscribers page in Platypub. It's normal for the referrer to be blank, but if the page is blank, that's pretty fishy. Basically it means that javascript was disabled, which means there's a high probability of it being a bot. Though since recaptcha wasn't working, it is possible that humans with javascript disabled would still be able to get through the signup form. Going forward, to get past the recaptcha test, you'd have to enable javascript.
30 Aug 2022: New theme structure
Changes:
- New theme structure
- Default theme's CSS is generated only during theme dev
- New config option:
:com.platypub/copy-theme-npm-deps
Just pushed a big update to platypub's default theme: https://github.com/jacobobryant/platypub/tree/master/themes/default
I have similarly updated biffweb.com's theme: https://github.com/jacobobryant/platypub-biffweb-theme
Now themes are structured as regular clojure/babashka projects with a deps.edn file, which means the code can be reused via deps.edn dependencies (local or git). For example, the biff site's theme reuses the default theme's config file, but exposes a different set of site settings:
- https://github.com/jacobobryant/platypub-biffweb-theme/blob/master/deps.edn
- https://github.com/jacobobryant/platypub-biffweb-theme/blob/master/src/com/biffweb/theme/config.clj
Also themes now use babashka tasks instead of ./render-site and ./render-email scripts (however platypub still checks for those for backwards compatibilite). See:
- https://github.com/jacobobryant/platypub/blob/master/themes/default/bb.edn
- https://github.com/jacobobryant/platypub-biffweb-theme/blob/master/bb.edn
This update should be fully backwards compatible; no need to update custom themes right away. But if you do hit a bug let me know.
Previously when Platypub called the default theme's ./render-site command, the default theme would run tailwind to generate the main.css file. This is slow in prod if you're running on a small server. Now we track the main.css file in git. If you make changes to the default theme that result in a new css file, you'll have to ensure the updated main.css is written and committed.
The new :com.platypub/copy-theme-npm-deps option, if set to true, instructs platypub to reuse the node_modules folder whenever it renders the site instead of running npm install each time. We started running npm install each time because sometimes (always?) on Mac, using the same node_modules folder in a different directory from where it was installed caused an error. However it seems to work fine on linux, and copying it is faster. I recommend setting the option to true under the :prod section in platypub's config.edn file. If you run into problems in dev, set it to false in the :dev section.
6 August 2022: breaking change
The latest commit (146850e) includes a Big Honkin' Breaking Change: I've completely overhauled the data model, in order to make it extensible by themes. Platypub no longer defines "Posts". Instead, it defines "Items" which have only two required attributes: :item/user (the user who owns the item) and :item/sites (the set of sites to which this item belongs). Any other attributes (like title, post content, publish date, etc) need to be defined by themes via a new config.edn file. Themes can also define different types of items, which can have different sets of attributes and which are given their own sections in Platypub's UI. The default theme defines Posts and Pages.
To upgrade: after you've pulled in the new commit and started the app, go to repl.clj and evaluate (migrate-items!).
NOTE: if you're using a custom theme, you will need to update it. See the files under themes/default/ at 146850e. If you don't want to update your theme immediately, you may want to hold off on upgrading Platypub until you have time to do so.