LiteGUI/SiteGUI is a hybrid CMS that caters for both mobile apps and web apps. Every Model/Class will return one or more ViewBlocks that contain API root variable ($api) and optionally HTML helper root variable ($html) that can be consumed by API clients or utilized by the built-in View layer to render HTML from PHP Smarty templates server side. This means no separated API codebase is needed, Models/Classes are and should be developed using API first principle with additional on-demand HTML helpers. The integrated rate limiting engine is also capable of detecting API/non-API requests and applying thresholds accordingly. With this flexibility, LiteGUI/SiteGUI can be used as a stand-alone web app (server side rendering) or serves as the backend for other client side rendering (front-end) frameworks (NextJS, ReactJS etc) and mobile apps.
LiteGUI/SiteGUI is also the first CMS that employs sub-domains/sandboxing for mitigating XSS attacks. As LiteGUI/SiteGUI supports 3rd-party templates/themes, this mitigation strategy helps protect site owners from all types of XSS attacks (stored, reflected or DOM-based) that may (accidentally) be brought into their sites from 3rd party templates/themes. LiteGUI/SiteGUI uses a dedicated sub-domain for managing/submitting sensitive data and another sub-domain (loaded in a frame) for managing arbitrary contents and widgets (sandboxing). The advantage of sandboxing is that LiteGUI/SiteGUI can accept raw HTML content produced by a WYSIWYG editor or even through the browser's developer console, there is no need to use non-HTML editor like Markdown for editing the content. The main domain can display arbitrary contents (produced by site editors) as sensitive write operations are limited on the main domain. Despite using different sub-domains to avoid sharing cookies/authentication, the transitions/experience are seamless as LiteGUI/SiteGUI employs resource-based time-constraint token to automatically pass authenticated user information between sub-domains.
I also use ST and use browser if I need some AI assisted coding. What about you guys? Is using IDEs with native AI coding plugin a good reason to switch away from ST?
If anything, ST taught me that I didn't actually need an IDE to be productive, but mind you this was in the years where JS became huge but didn't have good editor support yet.
Yeah, that's exactly what we have in mind, the core source code is available to anyone to utilize for any commercial purposes except providing mass hosting for the source code without any substantial development/customization. Do you think this restriction will prevent people from using the software?
Yeah, the Common Clause license is pretty close to what I want, I'm just concerned with the SaaS offering in one of the examples in the license:
"Let’s apply the example to Commons Clause licensed software. Commons Clause-licensed Redis Graph is a graph database module for BSD-licensed Redis. Can you create applications with Redis Graph and distribute and/or sell them? Yes. Can you redistribute Redis Graph along with your application? Yes. Can you offer that application as SaaS and charge for it? Yes. Can you take Redis Graph itself, call it ElastiGraph and offer it as SaaS and charge for it. No."
It could be that the application developed with Redis Graph is totally different to Redis Graph so SaaS offering is allowed. I will check this further, thanks for your suggestion.
Does kit work with Markdown? How about just plain HTML/CSS? I created a very versatile CMS system (https://sitegui.com) that can be extended to cross-post or serve different content types via hooks and automation, it is not newsletter focus by now but it should not be hard to use automation to send out emails to subscribers when a new post is published.
The email returned by OAuth providers is not always verified and thus cannot be trusted, anyone relies on the email as the ID is open to compromise. The sub claim should always be used as the ID, if you can prove that "the sub claim changes in about 0.04% of logins" then it's Google flaw and they should fix it, otherwise it isn't and there is no need to add another ID to the claim.
