fix: use innerText instead of innerHTML

Signed-off-by: Julien Riou <julien@riou.xyz>

VERSION

@@ -1 +1 @@
-1.1.0
+1.3.0

src/cmd/coller/main.go

@@ -61,6 +61,7 @@ func handleMain() int {
 	quiet := flag.Bool("quiet", false, "Log errors only")
 	verbose := flag.Bool("verbose", false, "Print more logs")
 	debug := flag.Bool("debug", false, "Print even more logs")
+	jsonFormat := flag.Bool("json", false, "Print logs in JSON format")
 	configFile := flag.String("config", filepath.Join(homeDir, ".config", AppName+".json"), "Configuration file")
 	reconfigure := flag.Bool("reconfigure", false, "Re-create configuration file")
 	url := flag.String("url", "", "URL of the coller API")
@@ -102,7 +103,13 @@ func handleMain() int {
 	if *quiet {
 		level = slog.LevelError
 	}
-	logger := slog.New(slog.NewTextHandler(os.Stdout, &slog.HandlerOptions{Level: level}))
+
+	var logger *slog.Logger
+	if *jsonFormat {
+		logger = slog.New(slog.NewJSONHandler(os.Stdout, &slog.HandlerOptions{Level: level}))
+	} else {
+		logger = slog.New(slog.NewTextHandler(os.Stdout, &slog.HandlerOptions{Level: level}))
+	}
 
 	if *url == "" {
 		if _, err = os.Stat(*configFile); errors.Is(err, os.ErrNotExist) || *reconfigure {

src/cmd/collerd/README.md

@@ -41,9 +41,11 @@ The file format is **JSON**:
 * **tls_key_file** (string): Path to TLS key file to enable HTTPS
 * **ace_directory** (string): Serve [Ace](hhttps://ace.c9.io/) assets from this local directory (ex: "./node_modules/ace-builds"). See **Dependencies** for details.
 * **bootstrap_directory** (string): Serve [Bootstrap](https://getbootstrap.com/) assets from this local directory (ex: "./node_modules/bootstrap/dist"). See **Dependencies** for details.
+* **clients_base_directory** (string): Serve clients binaries from this local base directory (ex: "./releases"). The version will be append to the directory. Ignored if `show_version` is disabled.
+* **clients_base_url** (string): Define the base URL to download clients (default "https://git.riou.xyz/jriou/coller/releases/download"). The version (or "latest") will be append.
 * **disable_editor** (bool): Disable Ace editor.
 
-The configuration file is not required but the service might not be exposed to the public.
+The configuration file is optional.
 
 ## API
 

src/cmd/collerd/main.go

@@ -27,6 +27,7 @@ func handleMain() int {
 	quiet := flag.Bool("quiet", false, "Log errors only")
 	verbose := flag.Bool("verbose", false, "Print more logs")
 	debug := flag.Bool("debug", false, "Print even more logs")
+	jsonFormat := flag.Bool("json", false, "Print logs in JSON format")
 	configFileName := flag.String("config", "", "Configuration file name")
 
 	flag.Parse()
@@ -46,7 +47,13 @@ func handleMain() int {
 	if *quiet {
 		level = slog.LevelError
 	}
-	logger := slog.New(slog.NewTextHandler(os.Stdout, &slog.HandlerOptions{Level: level}))
+
+	var logger *slog.Logger
+	if *jsonFormat {
+		logger = slog.New(slog.NewJSONHandler(os.Stdout, &slog.HandlerOptions{Level: level}))
+	} else {
+		logger = slog.New(slog.NewTextHandler(os.Stdout, &slog.HandlerOptions{Level: level}))
+	}
 
 	if *configFileName != "" {
 		err = internal.ReadConfig(*configFileName, config)

src/cmd/copier/main.go

@@ -41,6 +41,7 @@ func handleMain() int {
 	quiet := flag.Bool("quiet", false, "Log errors only")
 	verbose := flag.Bool("verbose", false, "Print more logs")
 	debug := flag.Bool("debug", false, "Print even more logs")
+	jsonFormat := flag.Bool("json", false, "Print logs in JSON format")
 	encryptionKey := flag.String("encryption-key", os.Getenv("COLLER_ENCRYPTION_KEY"), "Key to decrypt the note")
 	askEncryptionKey := flag.Bool("ask-encryption-key", false, "Read encryption key from input")
 	fileName := flag.String("file", "", "Write content of the note to a file")
@@ -72,7 +73,13 @@ func handleMain() int {
 	if *quiet {
 		level = slog.LevelError
 	}
-	logger := slog.New(slog.NewTextHandler(os.Stdout, &slog.HandlerOptions{Level: level}))
+
+	var logger *slog.Logger
+	if *jsonFormat {
+		logger = slog.New(slog.NewJSONHandler(os.Stdout, &slog.HandlerOptions{Level: level}))
+	} else {
+		logger = slog.New(slog.NewTextHandler(os.Stdout, &slog.HandlerOptions{Level: level}))
+	}
 
 	if *askEncryptionKey {
 		fmt.Print("Encryption key: ")
@@ -112,7 +119,7 @@ func handleMain() int {
 	var req *http.Request
 	if *password != "" {
 		body := &NotePayload{
-			Password: *password,
+			Password: internal.Encode([]byte(*password)),
 		}
 		payload, err := json.Marshal(body)
 		if err != nil {

src/server/config.go

@@ -34,6 +34,8 @@ type Config struct {
 	AceDirectory             string   `json:"ace_directory"`
 	BootstrapDirectory       string   `json:"bootstrap_directory"`
 	DisableEditor            bool     `json:"disable_editor"`
+	ClientsBaseURL           string   `json:"clients_base_url"`
+	ClientsBaseDirectory     string   `json:"clients_base_directory"`
 }
 
 func NewConfig() *Config {
@@ -80,6 +82,7 @@ func NewConfig() *Config {
 		Language:                 "text",
 		EnableUploadFileButton:   true,
 		EnablePasswordProtection: true,
+		ClientsBaseURL:           "https://git.riou.xyz/jriou/coller/releases/download",
 	}
 }
 

src/server/handlers_api.go

@@ -213,8 +213,14 @@ func (h *GetProtectedNoteHandler) ServeHTTP(w http.ResponseWriter, r *http.Reque
 		}
 	}
 
+	password, err := internal.Decode(body.Password)
+	if err != nil {
+		APIError(w, logger, ErrCouldNotDecodePassword, err)
+		return
+	}
+
 	if len(note.PasswordHash) > 0 {
-		err := bcrypt.CompareHashAndPassword(note.PasswordHash, []byte(body.Password))
+		err := bcrypt.CompareHashAndPassword(note.PasswordHash, password)
 		if err != nil {
 			APIErrorBadRequest(w, logger, ErrInvalidPassword, err)
 			return
@@ -228,6 +234,8 @@ func (h *GetProtectedNoteHandler) ServeHTTP(w http.ResponseWriter, r *http.Reque
 type ClientHandler struct {
 	logger        *slog.Logger
 	version       string
+	baseURL       string
+	baseDirectory string
 }
 
 func (h *ClientHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
@@ -242,10 +250,19 @@ func (h *ClientHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	version := h.version
+	// No disclosure of the version running on the server
-	if version == "" {
+	if h.version == "" {
-		version = "latest"
+		http.Redirect(w, r, fmt.Sprintf("%s/%s/%s-%s-%s", h.baseURL, "latest", clientName, os, arch), http.StatusMovedPermanently)
+		return
 	}
 
-	http.Redirect(w, r, fmt.Sprintf("https://git.riou.xyz/jriou/%s/releases/download/%s/%s-%s-%s", clientName, version, clientName, os, arch), http.StatusMovedPermanently)
+	if h.baseDirectory != "" {
+		// Serve file locally
+		// Example: ./releases/1.2.0/coller-linux-amd64
+		http.ServeFile(w, r, fmt.Sprintf("%s/%s/%s-%s-%s", h.baseDirectory, h.version, clientName, os, arch))
+	} else {
+		// Redirect to a download link
+		// Example: https://git.riou.xyz/jriou/coller/releases/download/1.2.0/coller-linux-amd64
+		http.Redirect(w, r, fmt.Sprintf("%s/%s/%s-%s-%s", h.baseURL, h.version, clientName, os, arch), http.StatusMovedPermanently)
+	}
 }

src/server/handlers_web.go

@@ -34,6 +34,7 @@ type PageData struct {
 	AceDirectory             string
 	BootstrapDirectory       string
 	DisableEditor            bool
+	Password                 string // Not stored in the database
 }
 
 func WebError(w http.ResponseWriter, pageData PageData, templates *template.Template, templateName string, logger *slog.Logger, topLevelErr error, err error) {
@@ -439,6 +440,7 @@ func (h *GetProtectedWebNoteHandler) ServeHTTP(w http.ResponseWriter, r *http.Re
 		}
 	}
 
+	h.PageData.Password = password
 	h.PageData.Note = note
 
 	logger.Debug("rendering page")

src/server/server.go

@@ -135,6 +135,8 @@ func (s *Server) Start() error {
 	clientHandler := &ClientHandler{
 		logger:        s.logger,
 		version:       p.Version,
+		baseURL:       s.config.ClientsBaseURL,
+		baseDirectory: s.config.ClientsBaseDirectory,
 	}
 	r.Path("/clients/{os:[a-z]+}-{arch:[a-z0-9]+}/{clientName:[a-z]+}").Handler(clientHandler).Methods("GET")
 
@@ -177,7 +179,9 @@ func (s *Server) Start() error {
 	}
 
 	if s.config.BootstrapDirectory != "" {
-		r.PathPrefix("/static/bootstrap/").Handler(http.StripPrefix("/static/bootstrap/", http.FileServer(http.Dir(s.config.BootstrapDirectory))))
+		r.HandleFunc("/static/bootstrap/css/bootstrap.min.css", func(w http.ResponseWriter, r *http.Request) {
+			http.ServeFile(w, r, s.config.BootstrapDirectory+"/css/bootstrap.min.css")
+		})
 	}
 
 	r.Path("/").Handler(&HomeHandler{Templates: templates, PageData: p}).Methods("GET")

src/server/templates/note.html

@@ -6,6 +6,12 @@
     <div class="d-flex flex-wrap py-2">
         <span class="fs-4 d-flex mb-3 mb-md-0 me-md-auto text-decoration-none">Note {{.Note.ID}}</span>
         <ul class="nav nav-pills align-items-center">
+            <li class="nav-item">
+                <button type="button" class="btn btn-link" id="copier">copier</button>
+            </li>
+            <li class="nav-item">
+                <button type="button" class="btn btn-link" id="curl">curl</button>
+            </li>
             <li class="nav-item px-2">
                 <a href="" id="rawURL">raw</a>
                 <script>document.getElementById("rawURL").href = window.location.href.replace(".html", "");</script>
@@ -20,6 +26,65 @@
             {{end}}
         </ul>
     </div>
+    <script>
+        var password = "{{ .Password }}";
+        var encryptionKey = window.location.hash.substr(1);
+    </script>
+    <div id="copierContainer" style="display: none;" class="alert alert-info alert-dismissible" role="alert">
+        <p>Access the note with <strong>copier</strong>:</p>
+        <pre id="copierCommand" style="border: 1px solid;" class="p-2"></pre>
+        <button type="button" class="btn-close" data-dismiss="alert" aria-label="Close" id="copierClose">
+            <span aria-hidden="true"></span>
+        </button>
+    </div>
+    <script>
+        var copierCommand = "copier";
+        var copierOpts = "";
+        if (password != "") {
+            copierOpts += " -password '" + password + "'";
+        }
+        copierCommand += copierOpts + " " + window.location.origin + "/{{ .Note.ID }}";
+
+        if (encryptionKey != "") {
+            copierCommand += "#" + encryptionKey;
+        }
+        document.getElementById("copierCommand").innerText = copierCommand;
+        document.getElementById("copier").addEventListener("click", () => {
+            document.getElementById("copierContainer").style.display = "";
+        });
+        document.getElementById("copierClose").addEventListener("click", () => {
+            document.getElementById("copierContainer").style.display = "none";
+        });
+    </script>
+    <div id="curlContainer" style="display: none;" class="alert alert-info alert-dismissible" role="alert">
+        <p>Access the note with <strong>curl</strong>:</p>
+        <pre id="curlCommand" style="border: 1px solid;" class="p-2"></pre>
+        <button type="button" class="btn-close" data-dismiss="alert" aria-label="Close" id="curlClose">
+            <span aria-hidden="true"></span>
+        </button>
+    </div>
+    <script>
+        var curlCommand = "curl";
+        var curlData = {};
+        if (encryptionKey != "") {
+            curlData.encryption_key = encryptionKey;
+        };
+        if (password != "") {
+            curlData.password = window.btoa(password);
+        }
+        var payload = JSON.stringify(curlData);
+        if (payload != "{}") {
+            curlCommand += " -XPOST -d '" + payload + "'";
+        }
+        curlCommand += " " + window.location.origin + "/api/note/{{ .Note.ID }}";
+        document.getElementById("curlCommand").innerText = curlCommand;
+        document.getElementById("curl").addEventListener("click", () => {
+            document.getElementById("curlContainer").style.display = "";
+        });
+        document.getElementById("curlClose").addEventListener("click", () => {
+            document.getElementById("curlContainer").style.display = "none";
+        });
+    </script>
     {{if .DisableEditor}}
     <div class="row">
         <pre class="border px-3 pt-3" style="min-height: 300px; resize: vertical; overflow: auto;">
@@ -28,7 +93,8 @@
     </div>
     {{else}}
     <div class="row">
-        <div id="editor" name="editor" class="form-control" style="min-height: 300px; resize: vertical; overflow: auto;">
+        <div id="editor" name="editor" class="form-control"
+            style="min-height: 300px; resize: vertical; overflow: auto;">
         </div>
     </div>
     <script