NAME

App::Phoebe::RegisteredEditorsOnly - only known users may edit Phoebe wiki pages

DESCRIPTION

This extension limits editing to registered editors only. In order to register an editor, you need to know the client certificate's fingerprint, and add it to the Phoebe wiki config file. Do this by setting @known_fingerprints. Here’s an example:

package App::Phoebe;
our @known_fingerprints = qw(
  sha256$fce75346ccbcf0da647e887271c3d3666ef8c7b181f2a3b22e976ddc8fa38401
  sha256$54c0b95dd56aebac1432a3665107d3aec0d4e28fef905020ed6762db49e84ee1);
use App::Phoebe::RegisteredEditorsOnly;

If you have your editor’s client certificate (not their key!), run the following to get the fingerprint:

openssl x509 -in client-cert.pem -noout -sha256 -fingerprint \
| sed -e 's/://g' -e 's/SHA256 Fingerprint=/sha256$/' \
| tr [:upper:] [:lower:]

This should give you the fingerprint in the correct format to add to the list above. Add it, and restart Phoebe.

If a visitor uses a fingerprint that Phoebe doesn’t know, the fingerprint is printed in the log (if your log level is set to “info” or more), so you can get it from there in case the user can’t send you their client certificate, or tell you what the fingerprint is.

You should also have a login link somewhere such that people can login immediately. If they don’t, and they try to save, their client is going to ask them for a certificate and their edits may or may not be lost. It depends. 😅

=> /login Login

This code works by intercepting all titan: links. Specifically:

If you allow simple comments using App::Phoebe::Comments, then these are not affected, since these comments use Gemini instead of Titan. Thus, people can still leave comments.

If you allow editing via the web using App::Phoebe::WebEdit, then those are not affected, since these edits use HTTP instead of Titan. Thus, people can still edit pages. This is probably not what you want!