Commit Graph

80 Commits

Author SHA1 Message Date
code a51faa7208 Fix tags/changefreq/priority leaking into rendered page output
A Twig {% block %} always emits its content wherever it's declared -
wrapping novaconium/pages/_layout/layout.twig's metadata-only blocks
(tags/changefreq/priority) in a plain {# #} comment doesn't suppress
that, and a literal {% block %} tag inside a {# #} comment doesn't even
compile (comments are stripped before parsing). Both bugs were present:
the first caused "monthly 0.5" to appear as visible text in <head> on
every page; fixing that by wrapping the blocks in a real HTML comment
tripped the second, a Twig SyntaxError, because the explanatory comment
above them contained literal {% %}/{# #} sequences that terminated the
outer Twig comment early.

Fixed by wrapping the three blocks in an actual HTML comment (invisible
to a reader/browser, still genuine Twig blocks - overridable and
harvestable via renderBlock() exactly as before) and rewriting the
explanatory comment without embedding literal Twig delimiter syntax.
Verified the fix doesn't regress ContentIndexer's metadata extraction.
2026-07-14 18:01:30 +00:00
code 37b6764431 Add content index: keywords, tags/categories, search, and XML sitemap
Ships Blog tags/categories, Internal search, and XML sitemap together as
one shared mechanism, plus a new meta keywords request, rather than three
separate ones - the "worth deciding together" call ISSUES.md made when
XML sitemap was first written.

Content stays in files. Per-page metadata is four Twig blocks in the
root layout, the same override mechanism already used for
title/description/og_* - keywords (rendered), tags/changefreq/priority
(not rendered, harvested only). App\ContentIndexer crawls every routable
page (Overlay::listPageDirs(), new) and pulls each block via
Renderer::renderForIndex() (new) calling Twig's own renderBlock() API,
not regex-parsing .twig source, so overrides and layout inheritance
resolve exactly like a real render. Rendered HTML is stripped and
indexed into a SQLite FTS5 table for search.

Off by default (content_index_enabled) - same posture as Matomo/admin
auth, since this is a real SQLite dependency plenty of sites won't want.
Verified true zero footprint when disabled: no data/novaconium.sqlite
gets created, all three consumer routes 404 like they don't exist.
content_index_auto (default true) reindexes lazily on first stale touch
of a consumer route, never on a normal page view; both that path and the
explicit `php novaconium/bin/index-content.php` share one reindex().

Two real bugs caught by testing, not review: a reentrancy bug where
/search's own sidecar calling ensureFresh() during the crawl triggered a
nested reindex() mid-transaction (fixed with a static re-entrancy guard),
and a wrong PDO constant in the search sidecar. Also fixed two unrelated
pre-existing bugs found while building this: an unescaped {{ }} in
admin/docs/sidecars that fataled Twig on any real render of that page,
and a stale "no database layer yet" claim there and in Lib\Input's
docblock, left over from before Lib\Db shipped.

Lib\Db's migrations_dir now accepts an ordered list of roots, not just
one path, so the content index's schema could ship as a framework
migration (novaconium/migrations/) without colliding with project
migrations in App/migrations/ - the two-root extension point flagged in
AGENTS.md when SQLite groundwork shipped. Migrations are tracked by path
relative to the repo root rather than bare filename so two roots with a
same-named file can't shadow each other.

New consumer routes: novaconium/pages/sitemap.xml/ and
novaconium/pages/search/ (framework defaults), App/pages/blog/tag/[tag]/
(project-owned, since blog/ is project content - the existing hand
-written post array in App/pages/blog/index.php is untouched). Added
tags to the 4 existing blog posts as a real demonstration.

Closes the Blog tags/categories, Internal search, and XML sitemap
backlog items in novaconium/ISSUES.md.
2026-07-14 17:35:30 +00:00
code 4862526fa1 Add draft pages (admin-only preview); fix admin panel cache leak
Lets a page under App/pages/ be previewed by an admin before the public
can see it: list its route in draft_routes (App/config.php), checked in
bootstrap.php alongside the existing /admin/* gate. Not authenticated ->
same plain 404 an unmatched route gets, not a login prompt, so a draft's
existence isn't revealed. Authenticated -> renders normally. No separate
login flow needed - Basic Auth credentials are scoped to the whole
origin/realm, so authenticating once at /admin covers draft URLs too.

AdminAuth::isAuthenticated() is extracted out of requireLogin() so the
draft gate can reuse the same credential check with a different failure
response (404 vs. a 401 challenge).

Renderer::render() gains an $excludeFromCache param so a draft without
its own sidecar can't get written to the static HTML cache - .htaccess
serves a cached file before PHP, and therefore any auth check, ever runs
again, so an uncached exception is required, not just the auth gate.

While testing this, found the same bug already existed for /admin itself:
novaconium/pages/admin/index.twig has no sidecar, so it was already being
cached - meaning any admin visiting /admin once caused the panel to be
served to everyone, unauthenticated, straight from
public/cache/admin/. Fixed in this change by excluding every /admin/*
route from the cache the same way, and documented as a standing rule in
AGENTS.md: any future mechanism that conditionally hides page content
from the public has to make the same check, not just gate the initial
request.

Closes the "Draft pages (admin-only preview)" backlog item in
novaconium/ISSUES.md.
2026-07-14 16:35:31 +00:00
code 5deb298b91 Add Lib\Session: native session wrapper with flash data
Lib\Session (novaconium/lib/Session.php) is a thin, all-static wrapper
around PHP's native session handling — get/set/has/remove plus
CodeIgniter-style flash data (flash()/getFlash()): a value set now is
readable on exactly the next request, then gone, for post/redirect/GET
flows like the contact form's hand-rolled ?sent=1 (not refactored here —
the original spec cites it as a motivating example, not a mandate).

Lazy-start, same shape as the already-shipped Lib\Csrf, which the two
classes can share a native session with in the same request without
conflict. Flash data is a single per-request swap (snapshot last
request's bucket, clear the stored one) rather than a sweep/expiry pass.

Verified end-to-end across three separate HTTP requests sharing a cookie
jar (not just in-process calls), confirming a flashed value survives
exactly one subsequent request.

Closes the "Session handling (with flash sessions)" backlog item in
novaconium/ISSUES.md.
2026-07-14 06:43:11 +00:00
code 3a59269eaa Add MySQL support to Lib\Db via multiple simultaneous named connections
Redesigns Lib\Db from a single global connection to a config-driven map
of named connections (config['db_connections']), each independently
lazy-connected, each with its own optional migrations_dir and its own
schema_migrations table. A sidecar can use more than one connection in
the same request (e.g. Db::query(...) against SQLite alongside
Db::query(..., 'legacy') against MySQL) — sidecars have full access to
any Lib\ class, so nothing stops a request from needing two databases
at once, which the original single-driver spec didn't account for.

Db::query()/Db::connection() both default to the 'default' connection
name so the common single-database case is unchanged at the call site.
Supersedes the flat db_driver/db_path/db_migrations_dir keys shipped in
the SQLite groundwork commit (a3b9967) — no downstream consumers yet,
so no migration path needed.

db_connections needed one deliberate exception to the project's usual
shallow config-merge rule: merged one level deeper, by connection name,
so App/config.php adding a connection doesn't delete 'default'. Verified
end-to-end against a real local MariaDB instance running alongside the
existing SQLite connection, which caught a real ordering bug in the
initial merge implementation (capturing defaults after they'd already
been overwritten) before it shipped.

Closes the "MySQL support" backlog item in novaconium/ISSUES.md.
2026-07-14 03:53:27 +00:00
code a3b996719a Add SQLite groundwork: Lib\Db, migrations, and a project-owned data dir
Lib\Db (novaconium/lib/Db.php) is a thin, no-ORM PDO wrapper — lazy-connect
like Lib\Csrf, Db::query() as the only query-running helper (prepared
statements only, no interpolation shortcut, per Lib\Input's existing
security stance). Plain .sql migrations under App/migrations/, applied in
filename order and tracked in an auto-created schema_migrations table, run
automatically on first connection or via novaconium/bin/migrate.php.

Data lives in a new top-level data/ directory rather than novaconium/ or
public/ — outside public/ so it's never web-accessible, and outside
novaconium/ since that directory gets wholesale-replaced by the "Updating
the framework" workflow, which would otherwise destroy it on every update.

New config keys: db_driver (only 'sqlite' implemented), db_path,
db_migrations_dir. Documented at /admin/docs/database and in AGENTS.md.
Closes the "SQLite groundwork" backlog item in novaconium/ISSUES.md.
2026-07-14 03:33:38 +00:00
code 672f997d8b Add copy-to-clipboard button to code blocks
Injects a hover-revealed copy button into every <pre><code> block
site-wide via a single layout partial, reading textContent so escaped
samples copy as literal text. Ships copy/check icons and matching Sass.

Passes icon markup to JS via <template> elements instead of Twig's
|escape('js'), which calls mb_ord() and fatals without mbstring — same
class of bug as the existing |slice/mb_substr gotcha, now documented in
AGENTS.md.

Closes the "Copy-to-clipboard button on code blocks" backlog item in
novaconium/ISSUES.md.
2026-07-14 03:03:29 +00:00
code fe5f5ee131 Document how to start and update a project in Getting started docs
Add clone-and-drop-.git setup steps and a tag-and-overwrite recipe for
updating just novaconium/, mirrored in README.md and /admin/docs/getting-started.
2026-07-14 02:44:40 +00:00
code fbd4e92e9f Replace v1 with v2 codebase
Full rewrite: swap out the v1 framework (src/, controllers/, views/,
twig/, sass/, skeleton/) for the working v2 codebase from phpproject
(App/, novaconium/, public/).
2026-07-14 01:58:25 +00:00
code d9c4b64d9c Add AGENTS.md and CLAUDE.md for agent onboarding
Documents project structure, Docker-only build/run commands, and
conventions so any coding agent (Claude Code, DeepSeek, etc.) can
orient quickly. CLAUDE.md imports AGENTS.md as the single source of
truth.

Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com>
2026-07-10 00:59:47 +00:00
nick 27c15f747a ignore claude dir 2026-07-09 17:29:08 -07:00
nick d5871ed8e7 minor updates 2026-06-16 19:00:30 -07:00
nick ad6e07c76d fixed css and changed timezone 2026-05-04 11:30:14 -07:00
nick 06310d9eb9 Updated readme and composer 2026-05-03 13:27:30 -07:00
nick f679d0b20e safety fix 2026-02-07 17:26:26 -08:00
nick 9feccf9eaa tabs and draft working 1.0.10 2026-01-26 21:55:22 -08:00
nick 14ec6b7e7a fixed matomo to be in the master twig template. 2026-01-22 15:40:46 -08:00
nick 42a828a778 edit page template 2026-01-12 19:00:03 -08:00
nick 81c239f043 added matomo 1.0.9 2026-01-09 12:41:55 -08:00
nick 0d91b61bd0 control panel head changes 2025-12-22 18:32:35 -08:00
nick fd9a71c4d6 added page to the front end 2025-12-16 05:35:56 -08:00
nick 71413283c8 added humans and robots 1.0.8 2025-12-15 09:54:57 -08:00
nick a32956b4a2 added coming soon page 2025-12-15 09:28:09 -08:00
nick 7bf3dc6610 added coming soon page 2025-12-15 09:27:56 -08:00
nick 7b064eb6da morning changes 2025-12-15 06:14:07 -08:00
nick 934e134941 ready to test new layout 2025-12-14 03:45:07 -08:00
nick 6f410b5d0e added logs to docker 2025-12-07 23:10:32 -08:00
nick e5aadb3b82 final checks and fixes for launch 1.0.7 2025-12-07 20:33:42 -08:00
nick 08b8009dec tags working 2025-12-06 01:09:39 -08:00
nick 208534b5fb fixed twig and functions 2025-12-05 18:04:17 -08:00
nick 466d34c39f made the code more composer friendly 2025-11-19 00:03:03 -08:00
nick a14df54cd9 Added Tabs to edit page 2025-11-16 21:57:10 -08:00
nick bba62180fe fixed timezone 2025-11-16 14:54:33 -08:00
nick 4c598340a8 clean up meta 2025-11-13 11:10:39 -08:00
nick 6d7a7a5e9d 404 fixes and added pure twig 2025-11-13 11:05:55 -08:00
nick 1cdf4f1fe8 Fixed new logo 2025-11-13 09:55:34 -08:00
nick 12783d351c Sass Updates 2025-11-12 01:39:45 -08:00
nick 39a14a759b Added sass 2025-11-10 18:54:16 -08:00
nick 869c3a8d6a Edit Page fixes 2025-11-08 10:28:13 -08:00
nick a459b86169 added sitemap and docs 2025-11-07 14:45:13 -08:00
nick fb5407a60b fixed bugs for setup, added messages table 2025-10-08 23:34:17 -07:00
nick 344786ee95 fixed up session class 2025-08-14 20:19:24 -07:00
nick 892110703b Made pages edit better and added messages 1.0.6 2025-08-14 18:14:59 -07:00
nick 2f76c1ae35 Edit page working 2025-08-12 23:08:20 -07:00
nick 4aebef12c8 removed about page, fixed ny validation 2025-07-17 18:24:27 -07:00
nick 2021ada52b added validation and fixed missing quote 2025-07-07 22:01:42 -07:00
nick caca552cae Big Update Added Services and Admin 2025-06-22 11:26:57 -07:00
nick 8f462953b7 updated first page of framework 2025-06-12 20:40:25 -07:00
nick 20d01d0d4c fixed semi colons 2025-06-08 18:27:32 -07:00
nick 7b02960b46 added a skeleton for faster deployment 1.0.5 2025-06-08 18:19:12 -07:00