dotplan-online/README.md

# dotplan.online

## The un-social network.

- User-provided content tied to an email address.
- Text only, limited to 4kb.
- No retweets, shares, @s, likes, or boosting of any kind.
- Authenticity optionally verified by clients using public PGP keys.
- Accessed via public APIs.
- Open source.
- Self-hostable, discovery via domain SRV records.
- Single giant Perl script because PERL IS AWESOME!

## API

### Authentication

- `POST /users/{email}` - request new account
   - request data: `{"password":"whatever"}`
   - email with validation token will be sent
- `GET /users/{email}?token={token}` - validate new account
- `GET /token` - retrieve auth token
   - http basic auth
   - `?expires={minutes}` sets an explicit expiration, default is 5 minutes from creation
   - response data: `{"token":"whatever"}`
- `DELETE /token` - invalidate current auth token
   - http basic auth
- `GET /users/{email}/pwtoken` - get password change token
   - email with password change token will be sent
- `PUT /users/{email}` - update password
   - request data: `{"password":"whatever","pwtoken":"whatever"}`
   - token expires 600 seconds from creation

### Plans

- `PUT /plan/{email}` - update a plan
   - request data: `{"plan":"whatever","signature":"base64 encoded signature","auth":"token"}`
   - omitting `plan` from the payload will delete the existing plan
- `GET /plan/{email}` - retrieve a plan
   - `text/plain` by default - raw plan content
   - `?format=html` or `Accept: text/html` - plan content with html entity encoding for special characters
   - `?format=json` or `Accept: application/json` - response data: `{"plan":"whatever","signature":"base64 encoded signature"}`
   - `404` if no plan found
   - `301` redirect if plan is on a different provider
- `POST /verify/{email}` - verify PGP signature of a plan
   - request data: `{"pubkey":"ascii public key"}`
   - response data: `{"plan":"whatever","verified":1}` or `{"verified":0}`
   - `404` if no plan found
   - `308` redirect if plan is on a different provider
started reference implementation 2020-07-16 20:48:53 -05:00			`# dotplan.online`

			`## The un-social network.`

			`- User-provided content tied to an email address.`
			`- Text only, limited to 4kb.`
			`- No retweets, shares, @s, likes, or boosting of any kind.`
ctl script 2020-07-16 23:55:59 -05:00			`- Authenticity optionally verified by clients using public PGP keys.`
started reference implementation 2020-07-16 20:48:53 -05:00			`- Accessed via public APIs.`
ctl script 2020-07-16 23:55:59 -05:00			`- Open source.`
			`- Self-hostable, discovery via domain SRV records.`
			`- Single giant Perl script because PERL IS AWESOME!`
started reference implementation 2020-07-16 20:48:53 -05:00
			`## API`

ctl script 2020-07-16 23:55:59 -05:00			`### Authentication`

			- `POST /users/{email}` - request new account
			- request data: `{"password":"whatever"}`
			`- email with validation token will be sent`
			- `GET /users/{email}?token={token}` - validate new account
finished initial implementation 2020-07-17 21:36:12 -05:00			- `GET /token` - retrieve auth token
ctl script 2020-07-16 23:55:59 -05:00			`- http basic auth`
finished initial implementation 2020-07-17 21:36:12 -05:00			- `?expires={minutes}` sets an explicit expiration, default is 5 minutes from creation
ctl script 2020-07-16 23:55:59 -05:00			- response data: `{"token":"whatever"}`
finished initial implementation 2020-07-17 21:36:12 -05:00			- `DELETE /token` - invalidate current auth token
ctl script 2020-07-16 23:55:59 -05:00			`- http basic auth`
			- `GET /users/{email}/pwtoken` - get password change token
			`- email with password change token will be sent`
			- `PUT /users/{email}` - update password
			- request data: `{"password":"whatever","pwtoken":"whatever"}`
			`- token expires 600 seconds from creation`

			`### Plans`

			- `PUT /plan/{email}` - update a plan
started on POST /verify/{email} service 2020-07-17 23:57:40 -05:00			- request data: `{"plan":"whatever","signature":"base64 encoded signature","auth":"token"}`
finished initial implementation 2020-07-17 21:36:12 -05:00			- omitting `plan` from the payload will delete the existing plan
ctl script 2020-07-16 23:55:59 -05:00			- `GET /plan/{email}` - retrieve a plan
			- `text/plain` by default - raw plan content
			- `?format=html` or `Accept: text/html` - plan content with html entity encoding for special characters
started on POST /verify/{email} service 2020-07-17 23:57:40 -05:00			- `?format=json` or `Accept: application/json` - response data: `{"plan":"whatever","signature":"base64 encoded signature"}`
ctl script 2020-07-16 23:55:59 -05:00			- `404` if no plan found
finished initial implementation 2020-07-17 21:36:12 -05:00			- `301` redirect if plan is on a different provider
ctl script 2020-07-16 23:55:59 -05:00			- `POST /verify/{email}` - verify PGP signature of a plan
finished pubkey validation service 2020-07-18 15:23:29 -05:00			- request data: `{"pubkey":"ascii public key"}`
started on POST /verify/{email} service 2020-07-17 23:57:40 -05:00			- response data: `{"plan":"whatever","verified":1}` or `{"verified":0}`
finished initial implementation 2020-07-17 21:36:12 -05:00			- `404` if no plan found
			- `308` redirect if plan is on a different provider