**Google Summer of Code 2016**
**Organization:** [FOSSASIA](http://fossasia.org/)
**Project:** [Loklak_Sever](https://github.com/loklak/loklak_server)
**Task:** No specific task as I originally applied for another project, but turned out to mostly about user management, peer-features and general technical enhancements
- Update jetty to recent version
- Add basic http authentication
- Persistent JSON storage
- Store private and public settings
- Create secure peer key and peer hash
- extend the '/api/hello.json' servlet - return the public settings
- create basic peer information and create a peer hash
- every Timeline must contain the creators peer hash and public key
- IP Blacklist fails to deny access to the IP addresses listed
- stop.sh doesn't work after two starts
- Move to Java 8
- Login Page and Passwords Storage
- Loklak failing on scalingo after a short time
- Login authentication in AbstractAPIHandler
- Make JsonFile syncronized and the IO asyncronous
- Add long living cookie to login
- Restrictions on signup (server side)
- Safety meassurements for authentication
- Clean up of json files - solved differently in the end
- More efficient logging
- Elasticsearch logging
- loklak does not start because of missing library
- no log in eclipse terminal
- Create servlet to obtain acces/login token
- Public/private key login
- Automatic creation of Javadocs
- grant a user to list the content of the account api if the user is logged in and retrieves the own account
- Make signatures on JSONObjects
- Installation page
- (Re-)add ssl support with an option to toggle it on,off and redirect all http to https
- Some cleanup
- Fixed dead code
- Fix a lot of deprecation and unchecked warnings
- Save client connection
- add persistent json storage
- Create or load files for public/private settings
- use OS.protectPath instead of custom settings
- [fix blacklisting](fix blacklisting)
- make start.sh check for correct start
- Make DAO throw exception to abort on error
- Fix start.sh sometimes allowing starts of multiple servers
- update to jetty 9.3
- Java8
- Secure peer hashes
- peer hashes in timeline #378
- Login verification
- [start session manager](start session manager)
- Sign up servlet
- Assume passwords to be in base64
- Some rewrite of login check, temporary test side for logins (only shows sessions right now)
- Added simple login servlet, just giving feedback if the retained iden…
- Code cleanup and config switch for public signup. Default is false
- Use encodeURI instead of base64 for signin and login
- Cookie (long living) authentication and expiration timestamps on temporary or anonymous Authentication and Authorization objects
- Log4j2 logging backend
- Use the logging backend instead of direckt printing
- Cap log at 10 mb, then gzip it. Keep up to three gzipped logs around
- Don't print stacktraces on common connection errors
- Remove cities1000.zip if broken and some code cleanup
- Email verifications for signups and lots of refinement
- add checks in signup servlet, make password configurable via config,...
- make elasticsearch use log4j2 logging backend
- Add email sending to sign up process. Add a template and a host url t…
- Make httpclient use the log4j2 logging backend
- suppress cookie warning, update httpclient, make log more precise
- add ant clean to upgrade.sh
- fix bug with startscript displaying a comment
- readd log libs to build files and add console log configuration file
- add cache for readfile
- Some refinements on the login and signup frontend, propper error code on wrong login in AbstractAPIHandler
- Disable signup form if signup is disabled in config
- Use the APIServiceLevel to limit access to servlets
- Add handshake servlet to get access token. Renamed login token to acc…
- Authorization system
- little fixes
- added servlet to change user roles (localhost only)
- Always respond with an http status code if a request was not successfull
- Have a permission object for the serviceIml
- make travis only build once on PRs from branches
- Login changes, key registration and login, lots of small changes
- Invalid login protection using the accounting system
- Propper key conversion from DER to PEM format (as used with openssl)
- HTTPS portability
- Log all output to data/loklak.log
- Add openjdk8 to travis (to ensure portability)
- Fix file logger to flush on exit, update log4j2
- Revert travis to default distribution (because of build errors)
- Under the hood: logging and start-script
- Under the hood: Authentication (login)
- Under the hood: Authorization
- Under the hood: Javadocs
- Under the hood: Public key login
- Under the hood: Accounting example
- Under the hood: HTTPS in Loklak
- Under the Hood: Installation wizard
Mostly here