Initial commit

Signed-off-by: Julien Riou <julien@riou.xyz>
2025-08-21 16:22:03 +02:00 · 2025-08-21 16:22:03 +02:00 · ef9aca1f3b
commit ef9aca1f3b
26 changed files with 1668 additions and 0 deletions
--- a/src/server/compression.go
+++ b/src/server/compression.go
@ -0,0 +1,31 @@
+package server
+
+import (
+	"bytes"
+	"compress/gzip"
+)
+
+func Compress(data []byte) []byte {
+	var b bytes.Buffer
+	w := gzip.NewWriter(&b)
+	w.Write(data)
+	w.Close()
+	return b.Bytes()
+}
+
+func Decompress(data []byte) ([]byte, error) {
+	b := bytes.NewBuffer(data)
+
+	r, err := gzip.NewReader(b)
+	if err != nil {
+		return nil, err
+	}
+
+	var w bytes.Buffer
+	_, err = w.ReadFrom(r)
+	if err != nil {
+		return nil, err
+	}
+
+	return w.Bytes(), nil
+}
--- a/src/server/compression_test.go
+++ b/src/server/compression_test.go
@ -0,0 +1,27 @@
+package server
+
+import (
+	"testing"
+)
+
+func TestCompressAndDecompress(t *testing.T) {
+	text := "test"
+
+	compressed := Compress([]byte(text))
+
+	if text == string(compressed) {
+		t.Errorf("text and compressed text are equal")
+		return
+	}
+
+	decompressed, err := Decompress(compressed)
+	if err != nil {
+		t.Errorf("unexpected error when decompressing: %v", err)
+		return
+	}
+
+	if string(text) != string(decompressed) {
+		t.Errorf("got '%s', expected '%s'", decompressed, text)
+		return
+	}
+}
--- a/src/server/config.go
+++ b/src/server/config.go
@ -0,0 +1,65 @@
+package server
+
+import (
+	"fmt"
+
+	"git.riou.xyz/jriou/coller/internal"
+)
+
+type Config struct {
+	Title              string `json:"title"`
+	DatabaseType       string `json:"database_type"`
+	DatabaseDsn        string `json:"database_dsn"`
+	IDLength           int    `json:"id_length"`
+	PasswordLength     int    `json:"password_length"`
+	ExpirationInterval int    `json:"expiration_interval"`
+	ListenAddress      string `json:"listen_address"`
+	ListenPort         int    `json:"listen_port"`
+	Expirations        []int  `json:"expirations"`
+	Expiration         int    `json:"expiration"`
+	MaxUploadSize      int64  `json:"max_upload_size"`
+	ShowVersion        bool   `json:"show_version"`
+}
+
+func NewConfig() *Config {
+	return &Config{
+		Title:              "Coller",
+		DatabaseType:       "sqlite",
+		DatabaseDsn:        "collerd.db",
+		IDLength:           5,
+		PasswordLength:     16,
+		ExpirationInterval: 60, // 1 minute
+		ListenAddress:      "127.0.0.1",
+		ListenPort:         8080,
+		Expirations: []int{
+			300,      // 5 minutes
+			3600,     // 1 hour
+			86400,    // 1 day
+			604800,   // 7 days
+			18144000, // 30 days
+		},
+		Expiration:    604800,   // 7 days
+		MaxUploadSize: 10485760, // 10MiB (encoded)
+		ShowVersion:   false,
+	}
+}
+
+func (c *Config) Check() error {
+	if len(c.Expirations) == 0 {
+		return fmt.Errorf("expirations are required")
+	}
+	for _, e := range c.Expirations {
+		if e <= 0 {
+			return fmt.Errorf("invalid expiration %d: must be greater than zero", e)
+		}
+	}
+
+	if c.IDLength <= 0 {
+		return fmt.Errorf("identifiers length must be greater than zero")
+	}
+
+	if c.PasswordLength < internal.MIN_PASSWORD_LENGTH || c.PasswordLength > internal.MAX_PASSWORD_LENGTH {
+		return fmt.Errorf("password length must be between %d and %d", internal.MIN_PASSWORD_LENGTH, internal.MAX_PASSWORD_LENGTH)
+	}
+	return nil
+}
--- a/src/server/db.go
+++ b/src/server/db.go
@ -0,0 +1,149 @@
+package server
+
+import (
+	"fmt"
+	"log/slog"
+	"slices"
+	"strings"
+	"time"
+
+	"git.riou.xyz/jriou/coller/internal"
+	"gorm.io/driver/postgres"
+	"gorm.io/driver/sqlite"
+	"gorm.io/gorm"
+	"gorm.io/gorm/logger"
+)
+
+type Database struct {
+	logger             *slog.Logger
+	db                 *gorm.DB
+	expirationInterval int
+	expirations        []int
+	expiration         int
+}
+
+var gconfig = &gorm.Config{
+	Logger: logger.Default.LogMode(logger.Silent),
+}
+
+func NewDatabase(logger *slog.Logger, config *Config) (d *Database, err error) {
+	l := logger.With("module", "db")
+
+	logger.Debug("connecting to the database")
+	var db *gorm.DB
+
+	switch config.DatabaseType {
+	case "postgres":
+		db, err = gorm.Open(postgres.New(postgres.Config{DSN: config.DatabaseDsn}), gconfig)
+	default:
+		db, err = gorm.Open(sqlite.Open(config.DatabaseDsn), gconfig)
+	}
+	if err != nil {
+		return nil, err
+	}
+
+	logger.Debug("connected to the database")
+
+	d = &Database{
+		logger:             l,
+		db:                 db,
+		expirationInterval: config.ExpirationInterval,
+		expirations:        config.Expirations,
+		expiration:         config.Expiration,
+	}
+
+	if err = d.UpdateSchema(); err != nil {
+		return nil, err
+	}
+
+	go d.StartExpireThread()
+
+	return d, nil
+}
+
+func (d *Database) UpdateSchema() error {
+	d.logger.Debug("updating database schema")
+	if err := d.db.AutoMigrate(&Note{}); err != nil {
+		return err
+	}
+	d.logger.Debug("database schema updated")
+	return nil
+}
+
+func (d *Database) StartExpireThread() {
+	for {
+		d.logger.Debug("deleting expired notes")
+		trx := d.db.Where("expires_at <= ?", time.Now()).Delete(&Note{})
+		if trx.Error != nil {
+			d.logger.Error("could not delete note", slog.Any("error", trx.Error))
+		}
+		d.logger.Debug("expired notes deleted")
+
+		wording := "second"
+		if d.expirationInterval > 1 {
+			wording += "s"
+		}
+		d.logger.Debug(fmt.Sprintf("waiting for %d %s before next expiration", d.expirationInterval, wording))
+		time.Sleep(time.Duration(d.expirationInterval) * time.Second)
+	}
+}
+
+func (d *Database) Get(id string) (*Note, error) {
+	var note Note
+	trx := d.db.Where("id = ?", id).Find(&note)
+	if trx.Error != nil {
+		d.logger.Warn("could not find note", slog.Any("error", trx.Error))
+		return nil, trx.Error
+	}
+	if note.ID != "" {
+		if note.DeleteAfterRead {
+			if err := d.Delete(note.ID); err != nil {
+				return nil, err
+			}
+		}
+		return &note, nil
+	}
+	return nil, nil
+}
+
+func (d *Database) Create(content []byte, password string, encrypted bool, expiration int, deleteAfterRead bool) (note *Note, err error) {
+	if expiration == 0 {
+		expiration = d.expiration
+	}
+	if !slices.Contains(d.expirations, expiration) {
+		validExpirations := strings.Trim(strings.Join(strings.Fields(fmt.Sprint(d.expirations)), ", "), "[]")
+		return nil, fmt.Errorf("invalid expiration: must be one of %s", validExpirations)
+	}
+
+	note = &Note{
+		Content:         content,
+		ExpiresAt:       time.Now().Add(time.Duration(expiration) * time.Second),
+		Encrypted:       encrypted,
+		DeleteAfterRead: deleteAfterRead,
+	}
+	if password != "" {
+		if err = internal.ValidatePassword(password); err != nil {
+			return nil, err
+		}
+		note.Content, err = internal.Encrypt(note.Content, password)
+		if err != nil {
+			return nil, err
+		}
+		note.Encrypted = true
+	}
+	trx := d.db.Create(note)
+	if trx.Error != nil {
+		d.logger.Warn("could not create note", slog.Any("error", trx.Error))
+		return nil, trx.Error
+	}
+	return note, nil
+}
+
+func (d *Database) Delete(id string) error {
+	trx := d.db.Where("id = ?", id).Delete(&Note{})
+	if trx.Error != nil {
+		d.logger.Error("could not delete note", slog.Any("error", trx.Error))
+		return trx.Error
+	}
+	return nil
+}
--- a/src/server/note.go
+++ b/src/server/note.go
@ -0,0 +1,56 @@
+package server
+
+import (
+	"fmt"
+	"time"
+
+	"git.riou.xyz/jriou/coller/internal"
+	"gorm.io/gorm"
+)
+
+const ID_MAX_RETRIES = 10
+
+var idLength = 5
+
+type Note struct {
+	ID              string    `json:"id" gorm:"primaryKey"`
+	Content         []byte    `json:"content" gorm:"not null"`
+	Encrypted       bool      `json:"encrypted"`
+	ExpiresAt       time.Time `json:"expires_at" gorm:"index"`
+	DeleteAfterRead bool      `json:"delete_after_read"`
+}
+
+// Generate ID and compress content before saving to the database
+func (n *Note) BeforeCreate(tx *gorm.DB) (err error) {
+	for i := 0; i < ID_MAX_RETRIES; i++ {
+		if n.ID != "" {
+			continue
+		}
+
+		id := internal.GenerateChars(idLength)
+
+		var note *Note
+		tx.Where("id = ?", id).Scan(&note)
+
+		// TODO: time=2025-08-21T09:20:31.342+02:00 level=ERROR msg="could not create note" error="UNIQUE constraint failed: notes.id"
+		if note == nil {
+			n.ID = id
+			continue
+		}
+	}
+	if n.ID == "" {
+		return fmt.Errorf("could not find unique id before creating the note")
+	}
+
+	n.Content = Compress(n.Content)
+	return nil
+}
+
+// Decompress content from the database
+func (n *Note) AfterFind(tx *gorm.DB) (err error) {
+	n.Content, err = Decompress(n.Content)
+	if err != nil {
+		return err
+	}
+	return nil
+}
--- a/src/server/server.go
+++ b/src/server/server.go
@ -0,0 +1,351 @@
+package server
+
+import (
+	"bytes"
+	"embed"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"html/template"
+	"io"
+	"log/slog"
+	"net/http"
+	"strconv"
+
+	"git.riou.xyz/jriou/coller/internal"
+	"github.com/gorilla/mux"
+)
+
+var passwordLength = internal.MIN_PASSWORD_LENGTH
+
+type Server struct {
+	logger  *slog.Logger
+	db      *Database
+	config  *Config
+	version string
+}
+
+func NewServer(logger *slog.Logger, db *Database, config *Config, version string) (*Server, error) {
+	l := logger.With("module", "server")
+
+	return &Server{
+		logger:  l,
+		db:      db,
+		config:  config,
+		version: version,
+	}, nil
+}
+
+func (s *Server) SetIDLength(length int) {
+	idLength = length
+}
+
+func (s *Server) SetPasswordLength(length int) {
+	passwordLength = length
+}
+
+type ErrorResponse struct {
+	Message string `json:"message"`
+	Error   string `json:"error"`
+}
+
+func (e ErrorResponse) ToJSON() string {
+	b, err := json.Marshal(e)
+	if err == nil {
+		return string(b)
+	}
+	return fmt.Sprintf("{\"message\":\"could not serialize response to JSON\", \"error\":\"%v\"}", err)
+}
+
+func WriteError(w http.ResponseWriter, message string, err error) {
+	w.Header().Set("Content-Type", "application/json")
+	w.WriteHeader(http.StatusInternalServerError)
+	fmt.Fprint(w, ErrorResponse{
+		Message: message,
+		Error:   fmt.Sprintf("%v", err),
+	}.ToJSON())
+}
+
+func HeathHandler(w http.ResponseWriter, r *http.Request) {
+	fmt.Fprintf(w, "OK")
+}
+
+type CreateNoteHandler struct {
+	logger        *slog.Logger
+	db            *Database
+	maxUploadSize int64
+}
+
+type CreateNotePayload struct {
+	Content         string `json:"content"`
+	Password        string `json:"password"`
+	Encrypted       bool   `json:"encrypted"`
+	Expiration      int    `json:"expiration"`
+	DeleteAfterRead bool   `json:"delete_after_read"`
+}
+
+type CreateNoteResponse struct {
+	ID string `json:"id"`
+}
+
+func (h *CreateNoteHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
+	w.Header().Set("Content-Type", "application/json")
+
+	bodyReader := http.MaxBytesReader(w, r.Body, h.maxUploadSize)
+	defer r.Body.Close()
+
+	var body CreateNotePayload
+	err := json.NewDecoder(bodyReader).Decode(&body)
+	if err != nil {
+		WriteError(w, "could not decode payload to create note", err)
+		return
+	}
+
+	content, err := internal.Decode(body.Content)
+
+	if err != nil {
+		WriteError(w, "could not decode content", err)
+		return
+	}
+
+	note, err := h.db.Create(content, body.Password, body.Encrypted, body.Expiration, body.DeleteAfterRead)
+	if err != nil {
+		WriteError(w, "could not create note", err)
+		return
+	}
+
+	w.WriteHeader(http.StatusOK)
+	json.NewEncoder(w).Encode(CreateNoteResponse{ID: note.ID})
+}
+
+type GetNoteHandler struct {
+	logger *slog.Logger
+	db     *Database
+}
+
+func (h *GetNoteHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
+	w.Header().Set("Content-Type", "text/plain")
+
+	id := mux.Vars(r)["id"]
+
+	note, err := h.db.Get(id)
+
+	if err != nil {
+		WriteError(w, "could not get note", err)
+	} else if note == nil {
+		w.WriteHeader(http.StatusNotFound)
+	} else {
+		if note.Encrypted {
+			w.Header().Set("Content-Type", "application/octet-stream")
+		}
+		w.WriteHeader(http.StatusOK)
+		fmt.Fprint(w, string(note.Content))
+	}
+}
+
+type GetProtectedNoteHandler struct {
+	logger *slog.Logger
+	db     *Database
+}
+
+func (h *GetProtectedNoteHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
+	w.Header().Set("Content-Type", "text/plain")
+
+	vars := mux.Vars(r)
+	id := vars["id"]
+	password := vars["password"]
+
+	note, err := h.db.Get(id)
+
+	if err != nil {
+		WriteError(w, "could not get note", err)
+		return
+	} else if note == nil {
+		w.WriteHeader(http.StatusNotFound)
+		return
+	}
+
+	if password != "" && note.Encrypted {
+		note.Content, err = internal.Decrypt(note.Content, password)
+		if err != nil {
+			WriteError(w, "could not decrypt note", err)
+			return
+		}
+	}
+
+	w.WriteHeader(http.StatusOK)
+	fmt.Fprint(w, string(note.Content))
+}
+
+type PageData struct {
+	Title       string
+	Version     string
+	Expirations []int
+	Err         error
+	URL         string
+}
+
+type HomeHandler struct {
+	Templates *template.Template
+	PageData  PageData
+}
+
+func (h *HomeHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
+	h.Templates.ExecuteTemplate(w, "index", h.PageData)
+}
+
+type CreateNoteWithFormHandler struct {
+	Templates     *template.Template
+	PageData      PageData
+	logger        *slog.Logger
+	db            *Database
+	maxUploadSize int64
+}
+
+func (h *CreateNoteWithFormHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
+	h.PageData.Err = nil
+	templateName := "create"
+
+	h.logger.Debug("parsing multipart form")
+	err := r.ParseMultipartForm(h.maxUploadSize)
+	if err != nil {
+		h.PageData.Err = err
+		h.Templates.ExecuteTemplate(w, templateName, h.PageData)
+		return
+	}
+
+	h.logger.Debug("parsing content")
+	content := []byte(r.FormValue("content"))
+
+	h.logger.Debug("parsing file")
+	file, handler, err := r.FormFile("file")
+	if err != nil && !errors.Is(err, http.ErrMissingFile) {
+		h.PageData.Err = err
+		h.Templates.ExecuteTemplate(w, templateName, h.PageData)
+		return
+	}
+
+	if !errors.Is(err, http.ErrMissingFile) {
+		defer file.Close()
+
+		h.logger.Debug("checking file size")
+		if handler.Size > h.maxUploadSize {
+			h.PageData.Err = fmt.Errorf("file too large (%d > %d)", handler.Size, h.maxUploadSize)
+			h.Templates.ExecuteTemplate(w, templateName, h.PageData)
+			return
+		}
+
+		h.logger.Debug("checking file content type")
+		if handler.Header.Get("Content-Type") != "text/plain" {
+			h.PageData.Err = fmt.Errorf("text file expected (got %s)", handler.Header.Get("Content-Type"))
+			h.Templates.ExecuteTemplate(w, templateName, h.PageData)
+			return
+		}
+
+		h.logger.Debug("reading uploaded file")
+		var fileContent bytes.Buffer
+		n, err := io.Copy(&fileContent, file)
+		if err != nil {
+			h.PageData.Err = err
+			h.Templates.ExecuteTemplate(w, templateName, h.PageData)
+			return
+		}
+
+		h.logger.Debug("file uploaded", slog.Any("bytes", n))
+		if n != 0 {
+			content = fileContent.Bytes()
+		}
+	}
+
+	h.logger.Debug("checking content")
+	if content == nil {
+		h.PageData.Err = fmt.Errorf("empty note")
+		h.Templates.ExecuteTemplate(w, templateName, h.PageData)
+		return
+	}
+
+	h.logger.Debug("checking inputs")
+	noPassword := r.FormValue("no-password")
+	password := r.FormValue("password")
+	expiration := r.FormValue("expiration")
+	deleteAfterRead := r.FormValue("delete-after-read")
+
+	if password == "" && noPassword == "" {
+		h.logger.Debug("generating password")
+		password = internal.GenerateChars(passwordLength)
+	}
+
+	h.logger.Debug("computing expiration")
+	var expirationInt int
+	if expiration == "Expiration" {
+		expirationInt = 0
+	} else {
+		expirationInt, _ = strconv.Atoi(expiration)
+	}
+
+	h.logger.Debug("saving note to the database")
+	note, err := h.db.Create(content, password, password != "", expirationInt, deleteAfterRead != "")
+	if err != nil {
+		h.PageData.Err = err
+		h.Templates.ExecuteTemplate(w, templateName, h.PageData)
+		return
+	}
+
+	h.logger.Debug("building note url")
+	var scheme = "http://"
+	if r.TLS != nil {
+		scheme = "https://"
+	}
+
+	h.PageData.URL = fmt.Sprintf("%s%s/%s", scheme, r.Host, note.ID)
+	if password != "" {
+		h.PageData.URL += "/" + password
+	}
+
+	h.logger.Debug("rendering page")
+	h.Templates.ExecuteTemplate(w, "create", h.PageData)
+}
+
+//go:embed templates/*
+var templatesFS embed.FS
+
+func (s *Server) Start() error {
+	r := mux.NewRouter().StrictSlash(true)
+
+	// API
+	r.HandleFunc("/health", HeathHandler)
+	r.Path("/api/note").Handler(&CreateNoteHandler{logger: s.logger, db: s.db, maxUploadSize: s.config.MaxUploadSize}).Methods("POST")
+	r.Path("/{id:[a-zA-Z0-9]+}/{password:[a-zA-Z0-9]+}").Handler(&GetProtectedNoteHandler{logger: s.logger, db: s.db}).Methods("GET")
+	r.Path("/{id:[a-zA-Z0-9]+}").Handler(&GetNoteHandler{logger: s.logger, db: s.db}).Methods("GET")
+
+	// Web pages
+	funcs := template.FuncMap{
+		"HumanDuration": internal.HumanDuration,
+	}
+	p := PageData{
+		Title:       s.config.Title,
+		Expirations: s.config.Expirations,
+	}
+
+	if s.config.ShowVersion {
+		p.Version = s.version
+	}
+
+	templates, err := template.New("templates").Funcs(funcs).ParseFS(templatesFS, "templates/*.html")
+	if err != nil {
+		return err
+	}
+	createNoteWithFormHandler := &CreateNoteWithFormHandler{
+		Templates:     templates,
+		PageData:      p,
+		logger:        s.logger,
+		db:            s.db,
+		maxUploadSize: s.config.MaxUploadSize,
+	}
+	r.Path("/create").Handler(createNoteWithFormHandler).Methods("POST")
+
+	r.Path("/").Handler(&HomeHandler{Templates: templates, PageData: p}).Methods("GET")
+
+	addr := fmt.Sprintf("%s:%d", s.config.ListenAddress, s.config.ListenPort)
+	return http.ListenAndServe(addr, r)
+}
--- a/src/server/templates/create.html
+++ b/src/server/templates/create.html
@ -0,0 +1,30 @@
+{{define "create"}}
+<!DOCTYPE html>
+<html lang="en">
+
+{{block "head" .}}{{end}}
+
+<body>
+{{block "header" .}}{{end}}
+
+    <div class="container mb-4 text-center">
+{{if eq .Err nil}}
+        <div class="alert alert-success" role="alert">
+            <p>Note created successfully</p>
+            <p>
+                <a href="{{.URL}}">{{.URL}}</a>
+            </p>
+        </div>
+{{else}}
+        <div class="alert alert-danger" role="alert">
+            <p>Could not create note</p>
+            <p><strong>{{.Err}}</strong></p>
+        </div>
+    </div>
+{{end}}
+
+{{block "footer" .}}{{end}}
+</body>
+
+</html>
+{{end}}
--- a/src/server/templates/footer.html
+++ b/src/server/templates/footer.html
@ -0,0 +1,5 @@
+    {{define "footer"}}
+    <footer class="text-center">
+        <small>Powered by <a href="https://git.riou.xyz/jriou/coller">coller</a> {{if ne .Version ``}}({{.Version}}){{end}}</small>
+    </footer>
+    {{end}}
--- a/src/server/templates/head.html
+++ b/src/server/templates/head.html
@ -0,0 +1,7 @@
+{{define "head"}}
+<head>
+    <title>{{.Title}}</title>
+    <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css" rel="stylesheet"
+        integrity="sha384-EVSTQN3/azprG1Anm3QDgpJLIm9Nao0Yz1ztcQTwFspd3yD65VohhpuuCOmLASjC" crossorigin="anonymous">
+</head>
+{{end}}
--- a/src/server/templates/header.html
+++ b/src/server/templates/header.html
@ -0,0 +1,16 @@
+{{define "header"}}
+    <div class="text-center justify-content-center align-items-center bg-light border-bottom mb-4">
+        <div class="container">
+            <header class="d-flex flex-wrap py-2">
+                <a class="d-flex mb-3 mb-md-0 me-md-auto text-dark text-decoration-none" href="/">
+                    <span class="fs-3">{{.Title}}</span>
+                </a>
+                <ul class="nav nav-pills">
+                    <li class="nav-item">
+                        <a class="nav-link active" href="/" aria-content="page">New note</a>
+                    </li>
+                </ul>
+            </header>
+        </div>
+    </div>
+{{end}}
--- a/src/server/templates/index.html
+++ b/src/server/templates/index.html
@ -0,0 +1,67 @@
+{{define "index"}}
+<!DOCTYPE html>
+<html lang="en">
+
+{{block "head" .}}{{end}}
+
+<body>
+    {{block "header" .}}{{end}}
+
+    <form action="/create" method="post" enctype="multipart/form-data">
+        <div class="container mb-4">
+            <p class="fs-4">New note</p>
+        </div>
+        <div class="container text-center justify-content-center w-75 mb-4">
+            <div class="row align-items-center">
+                <div class="col-1">
+                    <label class="col-form-label col-form-label-sm" for="password">Password</label>
+                </div>
+                <div class="col">
+                    <input type="password" pattern="^[a-zA-Z0-9]{16,256}$"
+                        title="Letters and numbers with length from 16 to 256" class="form-control" id="password"
+                        name="password">
+                </div>
+                <div class="col-1">
+                    <input type="checkbox" class="form-check-input" for="no-password" id="no-password"
+                        value="no-password" name="no-password">
+                    <label class="col-form-label col-form-label-sm" for="no-password">No password</label>
+                </div>
+                <div class="col-1">
+                    <input type="checkbox" class="form-check-input" for="delete-after-read" id="delete-after-read"
+                        value="delete-after-read" name="delete-after-read">
+                    <label class="col-form-label col-form-label-sm" for="delete-after-read">Delete after read</label>
+                </div>
+                <div class="col">
+                    <input type="file" class="form-control" for="file" id="file" name="file" accept="text/plain" />
+                </div>
+                <div class="col">
+                    <select class="form-select" aria-label="Expiration" id="expiration" name="expiration">
+                        <option selected>Expiration</option>
+                        {{range .Expirations}}
+                        <option value="{{.}}">{{HumanDuration .}}</option>
+                        {{end}}
+                    </select>
+                </div>
+            </div>
+        </div>
+
+        <div class="container mb-4">
+            <div class="row">
+                <textarea class="form-control" id="content" name="content" cols="40" rows="12"></textarea>
+            </div>
+        </div>
+        <div class="container mb-4">
+            <div class="row text-center justify-content-center">
+                <div class="col-1">
+                    <button type="submit" class="btn btn-success">Create</button>
+                </div>
+            </div>
+        </div>
+
+    </form>
+
+    {{block "footer" .}}{{end}}
+</body>
+
+</html>
+{{end}}