From 888e2b327817268705bc35693b5c7a721452f914 Mon Sep 17 00:00:00 2001 From: Julien Riou Date: Mon, 6 Oct 2025 13:43:42 +0200 Subject: [PATCH 1/9] fix(clients): download URL for copier The project name is "coller" and not the client name. Fixes #42. Signed-off-by: Julien Riou --- src/server/handlers_api.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/server/handlers_api.go b/src/server/handlers_api.go index 74000b3..09adb3c 100644 --- a/src/server/handlers_api.go +++ b/src/server/handlers_api.go @@ -253,5 +253,5 @@ func (h *ClientHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { version = "latest" } - http.Redirect(w, r, fmt.Sprintf("https://git.riou.xyz/jriou/%s/releases/download/%s/%s-%s-%s", clientName, version, clientName, os, arch), http.StatusMovedPermanently) + http.Redirect(w, r, fmt.Sprintf("https://git.riou.xyz/jriou/coller/releases/download/%s/%s-%s-%s", version, clientName, os, arch), http.StatusMovedPermanently) } From b0c0162b0634b54b4246b998df9f6e0ef2fcdffc Mon Sep 17 00:00:00 2001 From: Julien Riou Date: Fri, 10 Oct 2025 09:19:29 +0200 Subject: [PATCH 2/9] feat: serve only the bootstrap minimal css file Fixes #45. Signed-off-by: Julien Riou --- src/server/server.go | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/server/server.go b/src/server/server.go index df86710..8443f22 100644 --- a/src/server/server.go +++ b/src/server/server.go @@ -177,7 +177,9 @@ func (s *Server) Start() error { } if s.config.BootstrapDirectory != "" { - r.PathPrefix("/static/bootstrap/").Handler(http.StripPrefix("/static/bootstrap/", http.FileServer(http.Dir(s.config.BootstrapDirectory)))) + r.HandleFunc("/static/bootstrap/css/bootstrap.min.css", func(w http.ResponseWriter, r *http.Request) { + http.ServeFile(w, r, s.config.BootstrapDirectory+"/css/bootstrap.min.css") + }) } r.Path("/").Handler(&HomeHandler{Templates: templates, PageData: p}).Methods("GET") From ab6b03a6d46de6b02d82820aa0d5db2b6fece84a Mon Sep 17 00:00:00 2001 From: Julien Riou Date: Fri, 10 Oct 2025 12:30:32 +0200 Subject: [PATCH 3/9] feat: serve clients binaries from a local directory Fixes #44. Signed-off-by: Julien Riou --- src/cmd/collerd/README.md | 1 + src/server/config.go | 1 + src/server/handlers_api.go | 11 ++++++++--- src/server/server.go | 5 +++-- 4 files changed, 13 insertions(+), 5 deletions(-) diff --git a/src/cmd/collerd/README.md b/src/cmd/collerd/README.md index 9c0aae1..182e3c7 100644 --- a/src/cmd/collerd/README.md +++ b/src/cmd/collerd/README.md @@ -41,6 +41,7 @@ The file format is **JSON**: * **tls_key_file** (string): Path to TLS key file to enable HTTPS * **ace_directory** (string): Serve [Ace](hhttps://ace.c9.io/) assets from this local directory (ex: "./node_modules/ace-builds"). See **Dependencies** for details. * **bootstrap_directory** (string): Serve [Bootstrap](https://getbootstrap.com/) assets from this local directory (ex: "./node_modules/bootstrap/dist"). See **Dependencies** for details. +* **clients_directory** (string): Serve clients binaries from this local directory (ex: "./releases/1.2.0") * **disable_editor** (bool): Disable Ace editor. The configuration file is not required but the service might not be exposed to the public. diff --git a/src/server/config.go b/src/server/config.go index bb27bd2..a25752f 100644 --- a/src/server/config.go +++ b/src/server/config.go @@ -34,6 +34,7 @@ type Config struct { AceDirectory string `json:"ace_directory"` BootstrapDirectory string `json:"bootstrap_directory"` DisableEditor bool `json:"disable_editor"` + ClientsDirectory string `json:"clients_directory"` } func NewConfig() *Config { diff --git a/src/server/handlers_api.go b/src/server/handlers_api.go index 09adb3c..0912718 100644 --- a/src/server/handlers_api.go +++ b/src/server/handlers_api.go @@ -232,8 +232,9 @@ func (h *GetProtectedNoteHandler) ServeHTTP(w http.ResponseWriter, r *http.Reque } type ClientHandler struct { - logger *slog.Logger - version string + logger *slog.Logger + version string + directory string } func (h *ClientHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { @@ -253,5 +254,9 @@ func (h *ClientHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { version = "latest" } - http.Redirect(w, r, fmt.Sprintf("https://git.riou.xyz/jriou/coller/releases/download/%s/%s-%s-%s", version, clientName, os, arch), http.StatusMovedPermanently) + if h.directory != "" { + http.ServeFile(w, r, h.directory+"/"+fmt.Sprintf("%s-%s-%s", clientName, os, arch)) + } else { + http.Redirect(w, r, fmt.Sprintf("https://git.riou.xyz/jriou/coller/releases/download/%s/%s-%s-%s", version, clientName, os, arch), http.StatusMovedPermanently) + } } diff --git a/src/server/server.go b/src/server/server.go index 8443f22..2c8f2b0 100644 --- a/src/server/server.go +++ b/src/server/server.go @@ -133,8 +133,9 @@ func (s *Server) Start() error { r.Path("/clients.html").Handler(clientsHandler).Methods("GET") clientHandler := &ClientHandler{ - logger: s.logger, - version: p.Version, + logger: s.logger, + version: p.Version, + directory: s.config.ClientsDirectory, } r.Path("/clients/{os:[a-z]+}-{arch:[a-z0-9]+}/{clientName:[a-z]+}").Handler(clientHandler).Methods("GET") From b35828d909927809d33323f5e3e31c1fa09c8df8 Mon Sep 17 00:00:00 2001 From: Julien Riou Date: Fri, 10 Oct 2025 12:52:27 +0200 Subject: [PATCH 4/9] feat: Add clients base URL - Add `clients_base_url` to define an alternative URL to download clients - Rename `clients_directory` to `clients_base_directory` to download clients locally based on the version. If `show_version` is disabled and `clients_base_directory` are both defined, a redirection to a remote URL with the "latest" version is chosen in order to avoid to disclose the server version. Fixes #43. Signed-off-by: Julien Riou --- src/cmd/collerd/README.md | 3 ++- src/server/config.go | 4 +++- src/server/handlers_api.go | 24 +++++++++++++++--------- src/server/server.go | 7 ++++--- 4 files changed, 24 insertions(+), 14 deletions(-) diff --git a/src/cmd/collerd/README.md b/src/cmd/collerd/README.md index 182e3c7..c3aa87b 100644 --- a/src/cmd/collerd/README.md +++ b/src/cmd/collerd/README.md @@ -41,7 +41,8 @@ The file format is **JSON**: * **tls_key_file** (string): Path to TLS key file to enable HTTPS * **ace_directory** (string): Serve [Ace](hhttps://ace.c9.io/) assets from this local directory (ex: "./node_modules/ace-builds"). See **Dependencies** for details. * **bootstrap_directory** (string): Serve [Bootstrap](https://getbootstrap.com/) assets from this local directory (ex: "./node_modules/bootstrap/dist"). See **Dependencies** for details. -* **clients_directory** (string): Serve clients binaries from this local directory (ex: "./releases/1.2.0") +* **clients_base_directory** (string): Serve clients binaries from this local base directory (ex: "./releases"). The version will be append to the directory. Ignored if `show_version` is disabled. +* **clients_base_url** (string): Define the base URL to download clients (default "https://git.riou.xyz/jriou/coller/releases/download"). The version (or "latest") will be append. * **disable_editor** (bool): Disable Ace editor. The configuration file is not required but the service might not be exposed to the public. diff --git a/src/server/config.go b/src/server/config.go index a25752f..9e41bd8 100644 --- a/src/server/config.go +++ b/src/server/config.go @@ -34,7 +34,8 @@ type Config struct { AceDirectory string `json:"ace_directory"` BootstrapDirectory string `json:"bootstrap_directory"` DisableEditor bool `json:"disable_editor"` - ClientsDirectory string `json:"clients_directory"` + ClientsBaseURL string `json:"clients_base_url"` + ClientsBaseDirectory string `json:"clients_base_directory"` } func NewConfig() *Config { @@ -81,6 +82,7 @@ func NewConfig() *Config { Language: "text", EnableUploadFileButton: true, EnablePasswordProtection: true, + ClientsBaseURL: "https://git.riou.xyz/jriou/coller/releases/download", } } diff --git a/src/server/handlers_api.go b/src/server/handlers_api.go index 0912718..56b2451 100644 --- a/src/server/handlers_api.go +++ b/src/server/handlers_api.go @@ -232,9 +232,10 @@ func (h *GetProtectedNoteHandler) ServeHTTP(w http.ResponseWriter, r *http.Reque } type ClientHandler struct { - logger *slog.Logger - version string - directory string + logger *slog.Logger + version string + baseURL string + baseDirectory string } func (h *ClientHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { @@ -249,14 +250,19 @@ func (h *ClientHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { return } - version := h.version - if version == "" { - version = "latest" + // No disclosure of the version running on the server + if h.version == "" { + http.Redirect(w, r, fmt.Sprintf("%s/%s/%s-%s-%s", h.baseURL, "latest", clientName, os, arch), http.StatusMovedPermanently) + return } - if h.directory != "" { - http.ServeFile(w, r, h.directory+"/"+fmt.Sprintf("%s-%s-%s", clientName, os, arch)) + if h.baseDirectory != "" { + // Serve file locally + // Example: ./releases/1.2.0/coller-linux-amd64 + http.ServeFile(w, r, fmt.Sprintf("%s/%s/%s-%s-%s", h.baseDirectory, h.version, clientName, os, arch)) } else { - http.Redirect(w, r, fmt.Sprintf("https://git.riou.xyz/jriou/coller/releases/download/%s/%s-%s-%s", version, clientName, os, arch), http.StatusMovedPermanently) + // Redirect to a download link + // Example: https://git.riou.xyz/jriou/coller/releases/download/1.2.0/coller-linux-amd64 + http.Redirect(w, r, fmt.Sprintf("%s/%s/%s-%s-%s", h.baseURL, h.version, clientName, os, arch), http.StatusMovedPermanently) } } diff --git a/src/server/server.go b/src/server/server.go index 2c8f2b0..77950a1 100644 --- a/src/server/server.go +++ b/src/server/server.go @@ -133,9 +133,10 @@ func (s *Server) Start() error { r.Path("/clients.html").Handler(clientsHandler).Methods("GET") clientHandler := &ClientHandler{ - logger: s.logger, - version: p.Version, - directory: s.config.ClientsDirectory, + logger: s.logger, + version: p.Version, + baseURL: s.config.ClientsBaseURL, + baseDirectory: s.config.ClientsBaseDirectory, } r.Path("/clients/{os:[a-z]+}-{arch:[a-z0-9]+}/{clientName:[a-z]+}").Handler(clientHandler).Methods("GET") From 0ed61db444e3ba75d57cb7cb6a68783fdebc75e7 Mon Sep 17 00:00:00 2001 From: Julien Riou Date: Fri, 10 Oct 2025 13:01:18 +0200 Subject: [PATCH 5/9] docs(README): configuration file is optional Signed-off-by: Julien Riou --- src/cmd/collerd/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/cmd/collerd/README.md b/src/cmd/collerd/README.md index c3aa87b..a8936e4 100644 --- a/src/cmd/collerd/README.md +++ b/src/cmd/collerd/README.md @@ -45,7 +45,7 @@ The file format is **JSON**: * **clients_base_url** (string): Define the base URL to download clients (default "https://git.riou.xyz/jriou/coller/releases/download"). The version (or "latest") will be append. * **disable_editor** (bool): Disable Ace editor. -The configuration file is not required but the service might not be exposed to the public. +The configuration file is optional. ## API From 685914c32309e6ffb7c74377ff7f591f0b706abd Mon Sep 17 00:00:00 2001 From: Julien Riou Date: Fri, 10 Oct 2025 17:30:09 +0200 Subject: [PATCH 6/9] Release 1.3.0 Signed-off-by: Julien Riou --- VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION b/VERSION index 26aaba0..f0bb29e 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.2.0 +1.3.0 From 020b50fb581d7ad970f1e67e4273856a170f12de Mon Sep 17 00:00:00 2001 From: Thibault Piron Date: Mon, 13 Oct 2025 17:37:20 +0200 Subject: [PATCH 7/9] fix: add missing return in protected note create handler (#46) Reviewed-on: https://git.riou.xyz/jriou/coller/pulls/46 Reviewed-by: Julien Riou Co-authored-by: Thibault Piron Co-committed-by: Thibault Piron --- src/server/handlers_web.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/server/handlers_web.go b/src/server/handlers_web.go index c1a38ac..a3c018d 100644 --- a/src/server/handlers_web.go +++ b/src/server/handlers_web.go @@ -147,10 +147,12 @@ func (h *CreateNoteWithFormHandler) ServeHTTP(w http.ResponseWriter, r *http.Req if !h.PageData.AllowNoEncryption && noEncryption != "" { h.WebError(w, logger, ErrEncryptionRequired, nil) + return } if !h.PageData.AllowClientEncryptionKey && encryptionKey != "" { h.WebError(w, logger, ErrClientEncryptionKeyNotAllowed, nil) + return } if !h.PageData.AllowClientEncryptionKey && encryptionKey == "" && noEncryption == "" { From 121971210afedbbbb22f767cacbd0416a720acf6 Mon Sep 17 00:00:00 2001 From: Thibault Piron Date: Mon, 13 Oct 2025 17:38:25 +0200 Subject: [PATCH 8/9] fix: use innerText instead of innerHTML (#47) Reviewed-on: https://git.riou.xyz/jriou/coller/pulls/47 Reviewed-by: Julien Riou Co-authored-by: Thibault Piron Co-committed-by: Thibault Piron --- src/server/templates/note.html | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/server/templates/note.html b/src/server/templates/note.html index 498aea2..03aca94 100644 --- a/src/server/templates/note.html +++ b/src/server/templates/note.html @@ -48,7 +48,7 @@ if (encryptionKey != "") { copierCommand += "#" + encryptionKey; } - document.getElementById("copierCommand").innerHTML = copierCommand; + document.getElementById("copierCommand").innerText = copierCommand; document.getElementById("copier").addEventListener("click", () => { document.getElementById("copierContainer").style.display = ""; }); @@ -77,7 +77,7 @@ curlCommand += " -XPOST -d '" + payload + "'"; } curlCommand += " " + window.location.origin + "/api/note/{{ .Note.ID }}"; - document.getElementById("curlCommand").innerHTML = curlCommand; + document.getElementById("curlCommand").innerText = curlCommand; document.getElementById("curl").addEventListener("click", () => { document.getElementById("curlContainer").style.display = ""; }); From 2c4ce556dc4a00a530476341bcb36f2456393d1c Mon Sep 17 00:00:00 2001 From: Julien Riou Date: Tue, 14 Oct 2025 08:08:47 +0200 Subject: [PATCH 9/9] Release 1.3.1 Signed-off-by: Julien Riou --- VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION b/VERSION index f0bb29e..3a3cd8c 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.3.0 +1.3.1