- Salt passwords.
- Added
user.salted
field. - Updated auth view to salt passwords when signing up.
- Updated auth view to replace old passwords in the database when logging in.
- Updated auth view to properly check for password validity.
- Updated user update view to salt password when changing it.
- Added
- Configured logging in
development.ini
. - Increased the maximum length of short description to 300 characters.
- Forbade using uppercase characters in package names.
- Fixed the issue in
list_users
where only the left-most digit ofoffset
was read.
- Added
versions.files.path
, deprectedversions.files.dir
andversions.files.name
.
- Made it possible to change user password.
- Made
q
search param case-insensitive.
- Added
owners
search param. - Added
q
search param. - Added group
~banned
. - Wrapped
User:PATCH
.
- Added dependency remove code.
- Refactored the code of package update route a bit.
- Removed compatibility code.
- Removed an ACE granting all permissions to
~allperms
.
- Added the PATCH request method to the list of allowed HTTP methods.
- Added the line of code to actually change the name of a package.
- Fixed crash when sending preflight CORS request without
Access-Control-Request-Headers
.
- Reissue tickets on every request. They become invalid after log out.
- Respond with
200 OK
instead of204 No Content
if tried tolog-in
orregister
when logged in. - Copypasted a more advanced solution to CORS problem.
- Unified responses.
- Refactored the code.
- Removed stats.downloads.
- Renamed data.data (
Packages:GET
) to data.list. - Added the same metadata to the response of
Users:GET
as thePackages:GET
's. - Always set Content-Type to application/json.
- Added more CORS headers.
- Added the /profile route.
- Fixed a bug when version details could contain only some of required fields.
- Change the response of
Packages:GET
. - When the user is logged in, don't respond with the
400 Bad Request
message if they send some action, other thanlog-out
. - Packages now can have multiple owners.
- Usernames are checked against a regex (
[A-Za-z0-9-_]+
).
The first stable API release.
- Added
stats.date
field.
- Added URL validity checks.
- Removed
passwd-confirm
param.
- Made the /auth view process
application/json
instead ofapplication/x-www-form-urlencoded
(that was illogical).
- Made the previous change not breaking.
- Add the
stats.views
field. This breaks existing packages.
- Changed the replacement character. This breaks existing packages.
- Made error messages unified.
- Added
Access-Control-Allow-Origin
header for cross-origin AJAX API requests. - Fixed strange log in and log out behaviours.
- Separated the auth logic from the home view, effectively enabling authorization via API.
- Added versions.num.changes field.
- Minor updates.
- Wrappers for the remaining views.
- A wrapper around package creating.
- A User:GET wrapper.
- A User:POST wrapper.
- 100% test coverage.
- Short description search.
- Disabled use of GET params for authorization.
- Added a teapot.
- Fixed an issue where the forms were shown before loading the page.
- Implementation of package updating (i.e., Package:PUT wrapper).
- Updated package model, breaking many things depending on the old one.
- Reimplementation of some classes related to search.
- Set up Travis CI.
- Authentication and authorization.
- Added tests.
- Packages:GET, Users:GET wrappers.
- Updated landing design.
- Basic package search.
- The beginning of the story.
- Simple /package controller.