From 82cb1cf71189953d3c3e40d3cd34ba5d6a31714d Mon Sep 17 00:00:00 2001 From: gilesb Date: Thu, 8 Jan 2026 17:38:14 +0000 Subject: [PATCH] Fix logout to clear both legacy and shared domain cookies Co-Authored-By: Claude Opus 4.5 --- README.md | 105 ++++++++++++++++++++++++--------------------- docker-compose.yml | 2 +- server.py | 5 ++- 3 files changed, 62 insertions(+), 50 deletions(-) diff --git a/README.md b/README.md index e1f28df..f5b0f2a 100644 --- a/README.md +++ b/README.md @@ -19,7 +19,7 @@ pip install -r requirements.txt export ARTDAG_DOMAIN=artdag.rose-ash.com export ARTDAG_USER=giles export ARTDAG_DATA=~/.artdag/l2 -export ARTDAG_L1=http://localhost:8100 +export DATABASE_URL=postgresql://artdag:artdag@localhost:5432/artdag # Generate signing keys (required for federation) python setup_keys.py @@ -96,12 +96,53 @@ Keys are stored in `$ARTDAG_DATA/keys/`: **Important**: Private keys are gitignored. Back them up securely. Losing them invalidates all your signatures. +## Client Commands + +### Upload Media + +Register a media asset (image, video, audio) with a content hash: + +```bash +curl -X POST http://localhost:8200/assets \ + -H "Content-Type: application/json" \ + -H "Authorization: Bearer " \ + -d '{ + "name": "my-video", + "content_hash": "abc123...", + "asset_type": "video", + "tags": ["art", "generated"] + }' +``` + +### Upload Recipe + +Record an L1 run as an owned asset. This fetches the run details from the L1 server and registers the output: + +```bash +curl -X POST http://localhost:8200/assets/record-run \ + -H "Content-Type: application/json" \ + -H "Authorization: Bearer " \ + -d '{ + "run_id": "uuid-from-l1", + "l1_server": "https://celery-artdag.rose-ash.com", + "output_name": "my-rendered-video" + }' +``` + ## API Endpoints ### Server Info | Method | Path | Description | |--------|------|-------------| -| GET | `/` | Server info | +| GET | `/` | Home page with stats | + +### Assets +| Method | Path | Description | +|--------|------|-------------| +| GET | `/assets` | List all assets | +| GET | `/assets/{name}` | Get asset by name | +| POST | `/assets` | Upload media - register new asset | +| POST | `/assets/record-run` | Upload recipe - record L1 run | ### ActivityPub | Method | Path | Description | @@ -112,65 +153,33 @@ Keys are stored in `$ARTDAG_DATA/keys/`: | POST | `/users/{username}/inbox` | Receive activities | | GET | `/users/{username}/followers` | Followers list | | GET | `/objects/{content_hash}` | Get object by hash | +| GET | `/activities/{index}` | Get activity by index | -### Registry +### Authentication | Method | Path | Description | |--------|------|-------------| -| GET | `/registry` | Full registry | -| GET | `/registry/{name}` | Get asset by name | -| POST | `/registry` | Register new asset | -| POST | `/registry/record-run` | Record L1 run as owned asset | - -## Example Usage - -### Register an asset -```bash -curl -X POST http://localhost:8200/registry \ - -H "Content-Type: application/json" \ - -d '{ - "name": "my-video", - "content_hash": "abc123...", - "asset_type": "video", - "tags": ["art", "generated"] - }' -``` - -### Record an L1 run -```bash -curl -X POST http://localhost:8200/registry/record-run \ - -H "Content-Type: application/json" \ - -d '{ - "run_id": "uuid-from-l1", - "output_name": "my-rendered-video" - }' -``` - -### Discover actor (WebFinger) -```bash -curl "http://localhost:8200/.well-known/webfinger?resource=acct:giles@artdag.rose-ash.com" -``` - -### Get actor profile -```bash -curl -H "Accept: application/activity+json" http://localhost:8200/users/giles -``` +| POST | `/auth/register` | Register new user | +| POST | `/auth/login` | Login, get JWT token | +| GET | `/auth/me` | Get current user | ## Data Storage -Data stored in `~/.artdag/l2/`: -- `registry.json` - Asset registry -- `activities.json` - Signed activities -- `actor.json` - Actor profile -- `followers.json` - Followers list +Data stored in PostgreSQL: +- `users` - Registered users +- `assets` - Asset registry +- `activities` - Signed activities +- `followers` - Followers list + +RSA keys stored in `$ARTDAG_DATA/keys/` (files, not database). ## Architecture ``` L2 Server (port 8200) │ - ├── POST /registry → Register asset → Create activity → Sign + ├── POST /assets (upload media) → Register asset → Create activity → Sign │ - ├── POST /registry/record-run → Fetch L1 run → Register output + ├── POST /assets/record-run (upload recipe) → Fetch L1 run → Register output │ │ │ └── GET L1_SERVER/runs/{id} │ diff --git a/docker-compose.yml b/docker-compose.yml index 0770138..f9863ed 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -24,7 +24,7 @@ services: environment: - ARTDAG_DATA=/data/l2 - DATABASE_URL=postgresql://artdag:${POSTGRES_PASSWORD:-artdag}@postgres:5432/artdag - # ARTDAG_DOMAIN, ARTDAG_USER, ARTDAG_L1, JWT_SECRET from .env file + # ARTDAG_DOMAIN, ARTDAG_USER, JWT_SECRET from .env file volumes: - l2_data:/data/l2 # Still needed for RSA keys networks: diff --git a/server.py b/server.py index 0d4090f..778a893 100644 --- a/server.py +++ b/server.py @@ -451,7 +451,10 @@ async def ui_register_submit(request: Request): async def logout(): """Handle logout - clear cookie and redirect to home.""" response = RedirectResponse(url="/", status_code=302) - response.delete_cookie("auth_token", domain=COOKIE_DOMAIN) + # Delete both legacy (no domain) and new (shared domain) cookies + response.delete_cookie("auth_token") + if COOKIE_DOMAIN: + response.delete_cookie("auth_token", domain=COOKIE_DOMAIN) return response