ah, beautiful api docs. I reworked the api docs (because they were a messy mess because of my past laziness [not understandable!!]) and now they are organized in pretty folders (tags) with correct descriptions and titles. now its even helpful to read the api docs to understand how to use a api handler, not having to dig into the code [noone does that :(]

right, I DID THE EMAIL CHANGE THING and LOGIN tooo wohooo…. yeah it isn’t that amazing lol. at the start i was just thinking about using the typical chacha encryption that ive used for the TOTP stuff but for a random token nanoid’d… you just don’t, hMAc is fine. Ended up with a dual like verification flow where both the old email AND the new email get a token link (well, now it just the token string because, ahem, i dont have a frontend). both have to be verified before the change goes through. sooo, no more “oh noes, not again, someone got into my account and changed the mail to their own, smh”. then you just get the notif saying “hey, your email has been changed”.

SEEECOND, login (your username) changing magic that is way simpler because I just check if you have sudo enabled and that you havent changed it in the last 24 days (why not). Just like with the email stuff, you get a notification saying “yay, you changed it!”.

and I think that’s the last of the tiny stuff i wanted to do before the BIG and PAINFUL oauth stuff. i think i am going to burst into flames and go boom and the floor is covered with dust and feathers.

OH wait, i sitll need to do account deletion… whatever its just a simple “hya you need sudo”, “are you sure about this”, “ok, bye” flow. meh. i also need profile pictures… heh backblaze or maybe cloudflare idk i like backblaze more but uhh I GOTTA RESEARCH OKAY!?!

shall you see the probabaly useless screenshots that atleast show the tiny progress that i always do. great