/kbin - preview of upcoming changes
Hi there, in the upcoming kbin releases, I will be describing the changes along with author tags, but for now, you can check out what's happening here: https://codeberg.org/Kbin/kbin-core/activity, as well as my personal feed: https://ernest.dev... #kbin #fediverse #kbinMeta
Nice!
The PWA rotation issue is really annoying, happy to see this will be fixed. :)
In your browser, if you go into the menu there should be something like 'Install', 'Add to Homescreen', something like that.
On chrome it is add to homescreen, but there is also a pop-up at the bottom that gives an install button. The browser menu should be the easiest spot though.
It creates a shortcut on your homescreen and allows the site to run in full screen mode, so it acts like a native app.
Thanks for the great work on this @ernest and every contributor who's dove in and made a PR.
EDIT: Interestingly that @ mention does not work on my instance, but it does on kbin.social EDIT2: fixed, yay
ernest
albatros
I_Miss_Daniel
CosmicApe[email protected]. In the future, there will probably be some sort of suggestion when mentioning people, similar to Mastodon.
Will the test instances be publicly available?
That would be greatly appreciated by us over at /m/kbinStyles so that it’s possible to see that everything still works before the new version goes live.
Sure thing, I will manually approve accounts from time to time. These scripts are mind blowing ;)
I'm really looking forward to https://codeberg.org/Kbin/kbin-core/pulls/167 . Maybe I'm just old or something, but the indent is quite slight sometimes and hard for me to see what belongs at which level at certain levels of nesting.
I wish I could contribute, but I've hardly touched anything UI-related in a decade, and likewise haven't worked with newer PHP at all.
#### Resolves https://codeberg.org/Kbin/kbin-core/issues/9 ### Description When you click on the comment collapse/expand indicator, it will now collapse and hide all its children. If you click it again, it'll show all its children again. NOTE: I've opted for a simpler solution for nested comment threads (if you have a collapsed thread in another collapsed thread, expanding the one at a higher level will expand the whole thing, TODO: https://codeberg.org/Kbin/kbin-core/issues/284) for now to get this out as a "V1" ### Testing Tested it by bashing locally on a thread's comments with various levels of nesting (gif attached). Also tested on user profile where comments show and there are no regressions. ### Demo GIFs  
I'm super super keen on that one. It's actually the reason I got kbin running locally, so I could implement a quick toggle open/close for deeply nested comments.
Been following that thread and hope it gets out soon, it's something I severely miss from Reddit mobile.
Appreciate all your work and I am enjoying kbin but please make sure you are not burning yourself out. I have seen it too many times, especially in open source projects that become super popular all of a sudden. Take care of your mental health and work at a pace that you still enjoy. You don't ow us anything.
Have a great Sunday!
Cheers for the ongoing support mate. I've been pretty keen on contributing and getting some of the UI/UX polished up, keen to see these all hit prod so everyone can benefit ❤️
Love to make the experience on mobile good enough that if you want you won't even need a third party app.
Somewhat off topic but does kbin currently have a working API? Every instance I've attempted an API call on just errors out. Same thing when running a local test instance.
Would also likely be a good idea to distribute an OpenAPI spec so people can automatically generate API clients in the future.
Thanks for making such a great platform by the way. Genuinely impressed what a solo dev is able to build with activitypub.
**This PR is being split to make reviews easier** * #815 * #817 * #883 * #950 * more on their way... I've started working on a basic REST API for kbin and I wanted to put it out there for feedback - there are still lots of items to implement and designs to discuss. This likely should be split into several issues / a milestone rather than just being a single pull request ### OAuth API requests which access restricted data or modify state must be authenticated by Bearer token, retrieved via OAuth2 `authorization_code` or `client_credentials` flow: #### authorization_code 1. Client makes a request to `GET /authorize?response_type=code&client_id={{oauth_client_id}}&redirect_uri={{uri}}&scope={{scopes}}&state={{oauth_state}}` 2. User is directed to login if not already logged in. 3. Once logged in, user is directed to the consent page that explains what permissions the app is asking for. 4. Permission is checked: - If the user denies the app permission, the user will be redirected to the given redirect URI (if it is one of the URIs your client was initially created with) with an error message explaining that the user denied the request. - If the user permits the app to use those permissions, the user will be redirected with the following request: - `GET {{uri}}/?code={{code}}&state={{oauth_state}}` 5. The client will need to verify the state is correct, then use the code to make a form-data POST request to retrieve the token: ``` POST /token grant_type=authorization_code client_id={{oauth_client_id}} client_secret={{oauth_client_secret}} code={{code}} redirect_uri={{uri}} ``` 6. The server will verify the information and return json with the following data: ``` { "token_type": "Bearer", "expires_in": 3600, "access_token": "{{token}}", "refresh_token": "{{refresh_token}}" } ``` 7. The client can save the access token and use it to authenticate against the API to enjoy a higher rate limit and write/moderate/admin permissions depending on grants requested and user permissions available. 8. When the access token expires, the client may use the refresh token to perform a refresh_token grant_type to avoid making the user log back in. #### client_credentials 1. The client will use its id and secret to make a form-data POST request to retrieve a token authorizing it to use a bot account created when the client was created. ``` POST /token grant_type=client_credentials client_id={{oauth_client_id}} client_secret={{oauth_client_secret}} scope=scope1 scope2 scope3 (etc...) ``` 2. The server will verify the information and return json with the following data: ``` { "token_type": "Bearer", "expires_in": 3600, "access_token": "{{token}}" } ``` 3. The client can save the token and use it to access the API as a user distinguished as a bot account. ### Todo List: - [ ] Add general usage APIs - [ ] Entries/Thread API - [x] OpenAPI specification - [ ] API test cases - [x] Rate limiting - [x] Retrieve entries by id - [x] Retrieve a list of entries from the instance - [x] Filterable by language(s) - [x] Create an entry in a specific magazine - [x] Upload images with entries - [x] Update single entry by id - [x] Delete entry by id - [x] Upvote entry - [x] Downvote entry - [x] Boost entry - [x] Report entry - [x] Retrieve a list of entries from a specific magazine - [x] Filterable by language(s) - [x] Filterable by preferred languages - [x] Retrieve a list of entries from subscribed magazines - [x] Retrieve a list of entries from moderated magazines - [ ] Entry Comments API - [x] OpenAPI specification - [ ] API test cases - [x] Rate limiting - [x] Retrieve comments of an entry - [x] Filterable by language(s) - [x] Filterable by preferred languages - [x] Add a comment to an entry - [x] Add a comment reply to another comment - [x] Upload images with comments - [x] Retrieve a comment by id - [x] Update comment by id - [x] Delete comment by id - [x] Upvote comment (Favourite) - [x] Downvote comment - [x] Boost comment - [x] Report comment - [ ] Posts/Microblog API - [x] OpenAPI specification - [ ] API test cases - [x] Rate limiting - [x] Create post - [x] Upload images with posts - [x] Retrieve post by id - [x] Retrieve posts from magazine - [x] Filterable by language(s) - [x] Filterable by preferred languages - [x] Update post by id - [x] Delete post by id - [x] Boost post - [x] Favourite post - [x] Report post - [ ] Post Comments API - [x] OpenApi specification - [ ] API test cases - [x] Rate limiting - [x] Create comment on post - [x] Create comment as reply - [x] Upload images with comments - [x] Retrieve post comment by id - [x] Retrieve comments from a post - [x] Filterable by language(s) - [x] Filterable by preferred languages - [x] Update post comment by id - [x] Delete post comment by id - [x] Boost post comment - [x] Favourite post comment - [x] Report post comment - [ ] Magazine API - [x] OpenAPI specification - [ ] API test cases - [x] Rate limiting - [x] Retrieve details about a magazine (title, rules, description, isAdult, moderators, tags, badges, etc) - [x] By name as well - [x] Retrieve list of magazines - [x] Retrieve list of user's subscribed magazines - [x] Retrieve list of user's moderated magazines - [x] Retrieve list of user's blocked magazines - [x] Subscribe to magazine - [x] Unsubscribe from magazine - [x] Block magazine - [x] Unblock magazine - [x] Retrieve Mod Log - [ ] User API - [x] OpenAPI specification - [ ] API test cases - [x] Rate limiting - [x] Retrieve user details - [x] Follow user - [x] Unfollow user - [x] Retrieve users following a user - [x] Retrieve users followed by a user (if visible) - [x] Retrieve user's subscribed magazines - [x] Retrieve user's subscribed domains - [x] Block user - [x] Unblock user - [x] Retrieve current user's blocked users - [x] Edit current user's profile - [x] Edit current user's settings - [ ] Message API - [x] OpenAPI specification - [ ] API test cases - [x] Rate limiting - [x] Retrieve incoming messages - [x] Mark messages as read - [x] Mark messages as not read - [x] Message user - [x] Reply to message thread - [ ] Notification API - [x] OpenAPI specification - [ ] API test cases - [x] Rate limiting - [x] Retrieve incoming notifications - [x] Retrieve a count of unread notifications - [x] Mark a notification as read - [x] Mark a notification as not read - [x] Mark all notifications as read - [x] Delete a notification - [x] Delete all notifications - [ ] Domain API - [x] OpenAPI specification - [ ] API test cases - [x] Rate limiting - [x] Retrieve domain details - [x] Retrieve entries from domain - [x] Filterable by language(s) - [x] Filterable by preferred languages - [x] Retrieve entry comments from domain - [x] Filterable by language(s) - [x] Filterable by preferred languages - [x] Subscribe to domain - [x] Unsubscribe from domain - [x] Block domain - [x] Unblock domain - [ ] Instance API - [x] OpenAPI specification - [ ] API test cases - [x] Retrieve instance About text - [x] Retrieve instance FAQ text - [x] Retrieve instance Contact text - [x] Retrieve instance Terms of Service text - [x] Retrieve instance Privacy policy text - [x] Retrieve global mod log - [ ] Add moderation APIs - [x] OpenAPI specification - [ ] API test cases - [x] Mark threads as adult - [x] Mark comments as adult - [x] Mark posts as adult - [x] Mark post comments as adult - [x] Pin threads - [x] Trash threads - [x] Restore threads - [x] Trash comments - [x] Restore comments - [x] Trash posts - [x] Restore posts - [x] Trash post comments - [x] Restore post comments - [x] Ban user from magazine - [x] Change language tag of threads - [x] Change language tag of comments - [x] Change language tag of posts - [x] Change language tag of post comments - [ ] Add magazine admin APIs - [x] OpenAPI specification - [ ] API test cases - [x] Create magazine - [x] Update magazine - [x] (Soft) Delete magazine - [x] Purge Entry - [x] Retrieve reports - [x] Reject reports - [x] Accept reports * I think reports should be accessible to all mods, not just the magazine creator - [x] Add moderator(s) - [x] Remove moderator(s) - [x] Create badge(s) - [x] Delete badge(s) * How do these actually work? Are these meant to be like flair on reddit? - [x] Add tag(s) - [x] Remove tag(s) - [x] Retrieve list of banned users - [x] Remove user from ban list - [x] Retrieve list of trashed entries * Also should be available to any mod - [x] Retrieve appearance settings - [x] Update appearance settings - [x] Retrieve magazine statistics - [ ] Admin APIs - [x] OpenAPI specification - [ ] API test cases - [x] Move entry to another magazine - [x] Ban/unban user from instance - [x] Retrieve a list of banned users - [x] Delete user from instance - [x] Purge user from instance - [x] Purge threads/posts/comments - [x] Verify user on instance - [x] Retrieve instance stats - [x] Retrieve instance settings - [x] Update instance settings - [x] Update instance About text - [x] Update instance FAQ text - [x] Update instance Contact text - [x] Update instance Terms of Service text - [x] Update instance Privacy policy text - [x] Retrieve list of defederated instances - [x] Defederate instance - [x] Refederate instance - [x] Retrieve oauth2 clients - [x] Retrieve oauth2 client usage stats - [x] Revoke oauth2 client keys - [ ] Instance Admin Configs - [x] Configurable rate limiting - [x] View API usage data - [ ] Authentication/Authorization pass - [x] OpenAPI specification - [x] API test cases - [x] Implement OAuth2 server for 3rd party application user auth - [x] Add a user consent page informing the user what permissions the app is requesting - [x] Add the minimum page needed to accept - [x] Add information about what roles grant what permissions in a decent manner - [x] Add translatable messages for the page's text and role grants - [x] Add optional client logo to consent page - [ ] Maybe? make it look nice (I am not a UI designer so I'll probably leave this for a future PR by someone else) - [x] Add API to create an API client - similar to Mastodon's [here](https://docs.joinmastodon.org/spec/oauth/) - [x] Add API to view oauth consents given to (an) app(s) - [x] Add API to revoke oauth consent from an app - [ ] Add page to revoke oauth consent from an app - [x] Add appropriate roles to existing APIs - [x] Flesh out what roles need to be separated and break them down by permissions - [x] Enable heavily rate limited anonymous read access to the API - should be enough for normal human usage of the API, but anything heavier should prefer a token Let me know what you think should be added/changed/improved about this list and about the code I've currently got - I'm learning PHP with this project so I expect there to be lots of improvements to be made
Thank you for all your continued hard work, Ernest! I can't imagine the amount of work you have put in as a server admin, as a developer, as front line support, etc.
For those people reading, if you have the means you can buy Ernest a coffee to thank and support him and his efforts.
Stay safe and don’t burn out.
Make the donation page more prominent!
Thank you for your work!
I'm especially looking forward to the bug which causes notifications not to be sent when you receive replies to your comments being fixed. This one is a huge drag on conversation.
As for features, very much looking forward to being able to collapse comments.
A couple things I would like to see on kbin:
Otherwise, this is pretty much perfect so far.
Perry
lohrun
tal
LollerCorleone
frasassi
AnonymousLlama
EnglishMobster
Mnmalst
rideranton
melroy
ngmi
demvoter
DrChickenbeer
AngrilyEatingMuffins
DerpyPoint
Charlielx
VulcanSphere
AndreTelevise