dotplan-online/README.md

dotplan.online

The un-social network.

• User-provided content tied to an email address.
• Text only, limited to 4kb.
• No retweets, shares, @s, likes, or boosting of any kind.
• Authenticity optionally verified by clients using public PGP keys.
• Accessed via public APIs.
• Open source.
• Self-hostable, discovery via domain SRV records.
• Single giant Perl script because PERL IS AWESOME!

API

Authentication

• POST /users/{email} - request new account
  • request data: {"password":"whatever"}
  • email with validation token will be sent
• GET /users/{email}?token={token} - validate new account
• GET /token - retrieve auth token
  • http basic auth
  • ?expires={minutes} sets an explicit expiration, default is 5 minutes from creation
  • response data: {"token":"whatever"}
• DELETE /token - invalidate current auth token
  • http basic auth
• GET /users/{email}/pwtoken - get password change token
  • email with password change token will be sent
• PUT /users/{email} - update password
  • request data: {"password":"whatever","pwtoken":"whatever"}
  • token expires 600 seconds from creation

Plans

• PUT /plan/{email} - update a plan
  • request data: {"plan":"whatever","signature":"base64 encoded signature","auth":"token"}
  • omitting plan from the payload will delete the existing plan
• GET /plan/{email} - retrieve a plan
  • text/plain by default - raw plan content
  • ?format=html or Accept: text/html - plan content with html entity encoding for special characters
  • ?format=json or Accept: application/json - response data: {"plan":"whatever","signature":"base64 encoded signature"}
  • 404 if no plan found
  • 301 redirect if plan is on a different provider
• POST /verify/{email} - verify PGP signature of a plan
  • request data: {"pgpkey":"ascii public key"}
  • response data: {"plan":"whatever","verified":1} or {"verified":0}
  • 404 if no plan found
  • 308 redirect if plan is on a different provider