furtka/pyproject.toml

[project]
name = "furtka"
version = "26.11-alpha"
description = "Open-source home server OS — simple enough for everyone."
requires-python = ">=3.11"
readme = "README.md"
license = { text = "AGPL-3.0-or-later" }
authors = [
    { name = "Daniel Syrnicki" },
    { name = "Robert Syrnicki" },
]

dependencies = [
    "flask>=3.0",
]

[project.optional-dependencies]
dev = [
    "ruff>=0.6",
    "pytest>=8.0",
]

[tool.ruff]
line-length = 100
target-version = "py311"
extend-exclude = [".venv", "*.venv"]

[tool.ruff.lint]
select = [
    "E",    # pycodestyle errors
    "F",    # pyflakes
    "I",    # isort
    "W",    # pycodestyle warnings
    "B",    # flake8-bugbear
    "UP",   # pyupgrade
]

[tool.pytest.ini_options]
testpaths = ["tests"]
pythonpath = ["webinstaller", "."]

[project.scripts]
furtka = "furtka.cli:main"

[tool.setuptools]
packages = ["furtka"]
ci: add Forgejo Actions workflow with ruff, pytest, JSON + link checks - .forgejo/workflows/ci.yml: four jobs (lint, test, validate-json, markdown-links) running on push to main and on pull requests - pyproject.toml: project metadata, flask dep, dev extras (ruff, pytest), ruff config (E/F/I/W/B/UP rulesets, 100-char lines, py311 target), pytest config (pythonpath=webinstaller so tests can import drives) - tests/test_drives.py: 11 unit tests covering parse_size_gb (TB/GB/MB, European comma decimal, empty input, unknown units), drive type scoring (nvme/ssd/hdd), size scoring bands, and score_device summing - .gitignore: ignore .pytest_cache, *.egg-info, .ruff_cache - webinstaller/drives.py: refactor subprocess.run to capture_output kwarg (ruff UP022) — drops four lines, same behavior - webinstaller/app.py: ruff-sorted imports (isort) All checks pass locally: ruff check + format, pytest 11/11, JSON valid. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-04-13 20:24:05 +02:00			`[project]`
chore: rename project Homebase → Furtka, domain furtka.org furtka.org registered via Strato 2026-04-13, so the working title is retired. Python package, managed-gateway NS hostnames, and repo URLs all follow. The CHANGELOG "Unreleased" section documents the switch so the history is preserved at the 26.0-alpha → next-release boundary. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-04-13 21:43:34 +02:00			`name = "furtka"`
feat(auth): login-guard the Furtka UI with a cookie session One-admin, one-password model — all of /apps, /api/, /, and /settings/ now require a signed-in session. Passwords are werkzeug PBKDF2-hashed in /var/lib/furtka/users.json (mode 0600, atomic write via the same .tmp+chmod+rename dance installer.write_env uses). Sessions are secrets.token_urlsafe(32) tokens held in a module-level SessionStore dict (thread-safe lock included for when we swap to ThreadingHTTPServer). Cookies are HttpOnly, SameSite=Strict, and Path=/, with Secure set when X-Forwarded-Proto from Caddy says HTTPS. Two bootstrap paths: Fresh install — webinstaller step-1 collects Linux user + password, the chroot post-install step hashes the password and writes users.json on the target partition. First browser visit lands on /login with the account already present. * Upgrade from 26.10-alpha — no users.json yet, so /login detects setup_needed() and renders a first-run setup form. POST creates the admin and immediately logs in. POST /logout revokes the server session and clears the cookie. Unauthenticated HTML requests 302 to /login; unauthenticated API requests 401 JSON so fetch() callers see a clean error. A sleep(0.5) on failed logins is the brute-force speed bump on top of werkzeug's ~600k-iter PBKDF2. Caddyfile gains /login* and /logout* handle blocks in the shared furtka_routes snippet so both :80 and the HTTPS hostname block forward the auth endpoints to localhost:7000. Without this Caddy would 404 from the static file server. Test surface: * tests/test_auth.py (new, 19 cases): hash roundtrip, users.json I/O, session create/lookup/expire/revoke. * tests/test_api.py: new admin_session fixture; existing HTTP tests updated to send the cookie; new tests cover login setup, login success, wrong-password 401, logout revocation, and the guard's 302/401 split. * tests/test_webinstaller_assets.py: new case that unpacks the users.json _write_file_cmd body and verifies the werkzeug hash round-trips against the step-1 password. Bumped version to 26.11-alpha and rolled CHANGELOG. Also folded in the ruff-format fix that was pending from 26.10-alpha's lint red. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> 2026-04-21 13:01:17 +02:00			`version = "26.11-alpha"`
ci: add Forgejo Actions workflow with ruff, pytest, JSON + link checks - .forgejo/workflows/ci.yml: four jobs (lint, test, validate-json, markdown-links) running on push to main and on pull requests - pyproject.toml: project metadata, flask dep, dev extras (ruff, pytest), ruff config (E/F/I/W/B/UP rulesets, 100-char lines, py311 target), pytest config (pythonpath=webinstaller so tests can import drives) - tests/test_drives.py: 11 unit tests covering parse_size_gb (TB/GB/MB, European comma decimal, empty input, unknown units), drive type scoring (nvme/ssd/hdd), size scoring bands, and score_device summing - .gitignore: ignore .pytest_cache, *.egg-info, .ruff_cache - webinstaller/drives.py: refactor subprocess.run to capture_output kwarg (ruff UP022) — drops four lines, same behavior - webinstaller/app.py: ruff-sorted imports (isort) All checks pass locally: ruff check + format, pytest 11/11, JSON valid. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-04-13 20:24:05 +02:00			`description = "Open-source home server OS — simple enough for everyone."`
			`requires-python = ">=3.11"`
			`readme = "README.md"`
			`license = { text = "AGPL-3.0-or-later" }`
			`authors = [`
			`{ name = "Daniel Syrnicki" },`
			`{ name = "Robert Syrnicki" },`
			`]`

			`dependencies = [`
			`"flask>=3.0",`
			`]`

			`[project.optional-dependencies]`
			`dev = [`
			`"ruff>=0.6",`
			`"pytest>=8.0",`
			`]`

			`[tool.ruff]`
			`line-length = 100`
			`target-version = "py311"`
			`extend-exclude = [".venv", "*.venv"]`

			`[tool.ruff.lint]`
			`select = [`
			`"E", # pycodestyle errors`
			`"F", # pyflakes`
			`"I", # isort`
			`"W", # pycodestyle warnings`
			`"B", # flake8-bugbear`
			`"UP", # pyupgrade`
			`]`

			`[tool.pytest.ini_options]`
			`testpaths = ["tests"]`
feat(furtka): resource-manager skeleton — manifest, scanner, CLI Slice 1 of the Resource Manager (see docs/resource-manager.md + plan in ~/.claude/plans/stateful-juggling-pike.md). Lays down the read-only half: a JSON manifest schema with namespacing, a scanner that walks /var/lib/furtka/apps/, and a `furtka` CLI with `app list` and `reconcile --dry-run`. Reconciler / volume creation / docker compose calls land in the next slice. - furtka.manifest: dataclass + load_manifest with required-field + type validation. volume_name() injects the furtka_<app>_<vol> namespace so apps can each declare a "data" volume without colliding. - furtka.scanner: tolerant — broken manifest = ScanResult with error, not an exception. Lets reconcile log + skip rather than abort. - furtka.cli: text + --json output. argparse with `app list` and `reconcile --dry-run`. main() returns int for clean exit codes. - furtka.paths: FURTKA_APPS_DIR env override so tests don't need root. - 19 new tests covering valid manifests, every validation branch, scanner edge cases (missing root, broken manifest, sort order), and the CLI subcommands. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-04-15 09:59:41 +02:00			`pythonpath = ["webinstaller", "."]`

			`[project.scripts]`
			`furtka = "furtka.cli:main"`
ci: add Forgejo Actions workflow with ruff, pytest, JSON + link checks - .forgejo/workflows/ci.yml: four jobs (lint, test, validate-json, markdown-links) running on push to main and on pull requests - pyproject.toml: project metadata, flask dep, dev extras (ruff, pytest), ruff config (E/F/I/W/B/UP rulesets, 100-char lines, py311 target), pytest config (pythonpath=webinstaller so tests can import drives) - tests/test_drives.py: 11 unit tests covering parse_size_gb (TB/GB/MB, European comma decimal, empty input, unknown units), drive type scoring (nvme/ssd/hdd), size scoring bands, and score_device summing - .gitignore: ignore .pytest_cache, *.egg-info, .ruff_cache - webinstaller/drives.py: refactor subprocess.run to capture_output kwarg (ruff UP022) — drops four lines, same behavior - webinstaller/app.py: ruff-sorted imports (isort) All checks pass locally: ruff check + format, pytest 11/11, JSON valid. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-04-13 20:24:05 +02:00
			`[tool.setuptools]`
feat(furtka): resource-manager skeleton — manifest, scanner, CLI Slice 1 of the Resource Manager (see docs/resource-manager.md + plan in ~/.claude/plans/stateful-juggling-pike.md). Lays down the read-only half: a JSON manifest schema with namespacing, a scanner that walks /var/lib/furtka/apps/, and a `furtka` CLI with `app list` and `reconcile --dry-run`. Reconciler / volume creation / docker compose calls land in the next slice. - furtka.manifest: dataclass + load_manifest with required-field + type validation. volume_name() injects the furtka_<app>_<vol> namespace so apps can each declare a "data" volume without colliding. - furtka.scanner: tolerant — broken manifest = ScanResult with error, not an exception. Lets reconcile log + skip rather than abort. - furtka.cli: text + --json output. argparse with `app list` and `reconcile --dry-run`. main() returns int for clean exit codes. - furtka.paths: FURTKA_APPS_DIR env override so tests don't need root. - 19 new tests covering valid manifests, every validation branch, scanner edge cases (missing root, broken manifest, sort order), and the CLI subcommands. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-04-15 09:59:41 +02:00			`packages = ["furtka"]`