<feed xmlns='http://www.w3.org/2005/Atom'>
<title>food/food_project, branch master</title>
<subtitle>Meal planning system (Django)</subtitle>
<id>https://git.tomflux.xyz/food/atom?h=master</id>
<link rel='self' href='https://git.tomflux.xyz/food/atom?h=master'/>
<link rel='alternate' type='text/html' href='https://git.tomflux.xyz/food/'/>
<updated>2026-06-23T19:45:46+00:00</updated>
<entry>
<title>auth: trust nginx HTTPS proxy for CSRF (SECURE_PROXY_SSL_HEADER + CSRF_TRUSTED_ORIGINS)</title>
<updated>2026-06-23T19:45:46+00:00</updated>
<author>
<name>Tom Flux</name>
<email>tom@tomflux.xyz</email>
</author>
<published>2026-06-23T19:45:14+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tomflux.xyz/food/commit/?id=cd0e10ed3cc591e1ac4d8743144750aa35c33a80'/>
<id>urn:sha1:cd0e10ed3cc591e1ac4d8743144750aa35c33a80</id>
<content type='text'>
Co-Authored-By: Claude Opus 4.8 &lt;noreply@anthropic.com&gt;
</content>
</entry>
<entry>
<title>Phase 2: session auth for the web UI</title>
<updated>2026-06-23T19:37:48+00:00</updated>
<author>
<name>Tom Flux</name>
<email>tom@tomflux.xyz</email>
</author>
<published>2026-06-23T19:37:48+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tomflux.xyz/food/commit/?id=d92deeab514a52e7c3416baef78f8969ade951cc'/>
<id>urn:sha1:d92deeab514a52e7c3416baef78f8969ade951cc</id>
<content type='text'>
Require login for /app/, with a long sliding session so you log in
once per device and effectively stay in.

- AppLoginRequiredMiddleware gates only /app/; /api/ keeps DRF token
  auth and /admin/ keeps its own login (a blanket LoginRequired would
  break token requests, whose user isn't resolved until the view runs).
- Login page (styled to the dark palette) via django.contrib.auth.urls;
  logout control in the nav.
- Session: ~1 year cookie, sliding (saved every request), survives
  browser close.
- Dropped every @csrf_exempt now that a real session + CSRF token are
  in place (HTMX already sends X-CSRFToken).
- SECRET_KEY and DEBUG now read from the environment (prod-safe
  defaults); systemd loads an optional /var/lib/food/.env.
- Tests authenticate, plus new coverage: /app/ redirects when logged
  out, login grants access, /api/ is not caught by the app gate.

Co-Authored-By: Claude Opus 4.8 &lt;noreply@anthropic.com&gt;
</content>
</entry>
<entry>
<title>Add food.tomflux.xyz to ALLOWED_HOSTS</title>
<updated>2026-04-02T22:23:20+00:00</updated>
<author>
<name>Caine</name>
<email>caine@jihakuz.xyz</email>
</author>
<published>2026-04-02T22:23:20+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tomflux.xyz/food/commit/?id=96d9c4b22e5bcae1d19b2dd1fcae3bc46f080254'/>
<id>urn:sha1:96d9c4b22e5bcae1d19b2dd1fcae3bc46f080254</id>
<content type='text'>
</content>
</entry>
<entry>
<title>Phase 4: HTMX frontend with dark palette</title>
<updated>2026-04-02T22:08:43+00:00</updated>
<author>
<name>Caine</name>
<email>caine@jihakuz.xyz</email>
</author>
<published>2026-04-02T22:08:43+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tomflux.xyz/food/commit/?id=f7f9e7057c4f2593bb78df654c1b85cc6e59573f'/>
<id>urn:sha1:f7f9e7057c4f2593bb78df654c1b85cc6e59573f</id>
<content type='text'>
- 4 pages: Pantry, Recipes, Shopping List, Cook Log
- HTMX-powered: add/delete pantry items, toggle shopping, generate smart list
- Custom 13-colour palette from Lospec (dark bg, yellow accent)
- Mobile-responsive
- Whitenoise for static files in production
- All routes under /app/
- API (/api/) stays internal, frontend (/app/) for browser use
</content>
</entry>
<entry>
<title>Add API: URLs, token auth, what-can-i-cook endpoint, log-cook with pantry deduction, browsable API</title>
<updated>2026-04-02T15:33:31+00:00</updated>
<author>
<name>Caine</name>
<email>caine@jihakuz.xyz</email>
</author>
<published>2026-04-02T15:33:31+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tomflux.xyz/food/commit/?id=fe00286f7558d379d392f8a46d10a4689f95d472'/>
<id>urn:sha1:fe00286f7558d379d392f8a46d10a4689f95d472</id>
<content type='text'>
</content>
</entry>
<entry>
<title>Configure settings: add kitchen app, DRF, timezone, allowed hosts</title>
<updated>2026-04-01T21:48:28+00:00</updated>
<author>
<name>Caine</name>
<email>caine@jihakuz.xyz</email>
</author>
<published>2026-04-01T21:48:28+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tomflux.xyz/food/commit/?id=5c6f7ead8f23ac76d6650858d1e06d4afb6a2efe'/>
<id>urn:sha1:5c6f7ead8f23ac76d6650858d1e06d4afb6a2efe</id>
<content type='text'>
</content>
</entry>
</feed>
