The LLM scrapers started to reliably knock nóssa offline (even with Anubis difficulty increased), so I had to implement Measures :( Logged-out users can view the root page of any repository, but can’t navigate to any blob, tree or commit. (You can still clone them fine, though!)

That seemed like a pity since I like to deep-link a lot in posts and emails and that kind of thing, so I added a “signed URL” feature. This link to the code responsible is an example!

It still seemed a shame: registration isn’t open on the instance, so in practice no-one can navigate repositories but me and Annie. For a long time I wanted to support “remote” users from e.g. Forgejo instances for eventual coordination activities like issue tracking, and so now seemed like the time: you can login with Codeberg, GitLab, or GitHub, and an account is created automatically if it’s not linked to an existing one, with no extra steps. (Shout out to Überauth and OIDC.) To prevent abuse new accounts are given “viewer” status and can’t create new repositories or have public profiles.

This took a couple hours of a Sunday evening, mostly debugging semi-arcane “invalid redirect URI” responses¹, and I’m really happy it’s done.