# website

code for my website! like the last iterations, the web server runs on python, but unlike the last, it uses [quart](https://quart.palletsprojects.com/) instead of fastapi. it also uses postgres to store information like blog posts, comments, and admin logins.

## features

- basic server-side processing with [jinja2](https://jinja.palletsprojects.com/en/stable/)
- support for user interactions via comments in blog posts (client-side reactivity powered by [htmx](https://htmx.org))
- limited admin panel for managing blog posts
- cool styling :3

## security

this only applies to the admin panel since no other part of the website collects sensitive data.

the admin panel uses sha256 hashing for passwords. the stored correct password is hashed beforehand, as to limit direct storage of the plaintext password on the server as much as possible.

you may notice there is a cookie stored on the website. this cookie is generated by quart, and stores encrypted information related to the admin session that expires after 1 day. the information contains a signature on it, meaning it cannot be changed by any client-side code.