* Some code notes

+ Implemented Gorilla Sockets
+ Implemented a javascript class
+ Golang Struct introduced
+ JSON parsing from the websocket
+ Fail handlers

.env.example

@@ -21,4 +21,8 @@ CLEANUP_MAX_AGE=43200 # Default is a month
 
 # Maximum pad file lenght, this is in characters, a character is one byte.
 # Default: 524288 ( 500kb )
-MAXIMUM_PAD_SIZE=524288
+MAXIMUM_PAD_SIZE=524288
+
+# Your admin access token
+# If the value is not defined the admin interface will not be available
+# ADMIN_TOKEN=SUPER_SECRET_ADMIN_TOKEN

Dockerfile

@@ -1,9 +1,27 @@
-FROM alpine
+# Importing golang 1.18 to use as a builder for our source
+FROM golang:1.18 as builder
+
+# Use the /src directory as a workdir
+WORKDIR /src
+
+# Copy the src to /src
+COPY . ./
+
+# Download dependencies
+RUN go mod download
+
+# Build the executable
+RUN CGO_ENABLED=0 go build -a -installsuffix cgo -o freepad .
+
+# Import alpine linux as a base
+FROM scratch
 
 LABEL version="1.4.0"
 
-# Copy the distribution files
+# Copy the files from the builder to the new image
-COPY ./dist /app
+COPY --from=builder /src/freepad /app/freepad
+COPY --from=builder /src/templates /app/templates
+COPY --from=builder /src/static /app/static
 
 # Make /app the work directory
 WORKDIR /app

docker-compose.example.yaml

@@ -3,13 +3,13 @@ version: '3'
 services:
   freepad:
     # Uncomment the bellow to use the production docker image from the docker repository
-    # image: 
+    image: justkato/freepad
     # Comment the build line if you are just looking to use a docker-compose file
-    build: .
+    # build: .
     # I don't recommend changing the 8080 as there would be no reason to,
     # simply change the 3113 port to anything you would like for the container to listen on
     ports:
-      - 3113:8080
+      - 8080:8080
     # This will read from your .env variables, in that file you will find the documentation as well
     environment:
       - DOMAIN_BASE

go.mod

@@ -4,6 +4,7 @@ go 1.15
 
 require (
 	github.com/gin-gonic/gin v1.7.7
+	github.com/gorilla/websocket v1.5.0 // indirect
 	github.com/joho/godotenv v1.4.0
 	github.com/mrz1836/go-sanitize v1.1.5
 	github.com/ulule/limiter/v3 v3.10.0

go.sum

@@ -38,6 +38,8 @@ github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
 github.com/google/go-cmp v0.5.6 h1:BKbKCqvP6I+rmFHt06ZmyQtvB8xAkWdhFyr0ZUNZcxQ=
 github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/gorilla/websocket v1.5.0 h1:PPwGk2jz7EePpoHN/+ClbZu8SPxiqlu12wZP/3sWmnc=
+github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
 github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
 github.com/joho/godotenv v1.4.0 h1:3l4+N6zfMWnkbPEXKng2o2/MR5mSwTrBih4ZEkkz1lg=
 github.com/joho/godotenv v1.4.0/go.mod h1:f4LDr5Voq0i2e/R5DDNOoa2zzDfwtkZa6DnEwAbqwq4=

lib/controllers/controllers_admin.go

@@ -0,0 +1,62 @@
+package controllers
+
+import (
+	"crypto/sha512"
+	"encoding/hex"
+	"fmt"
+	"net/http"
+
+	"github.com/JustKato/FreePad/lib/helper"
+	"github.com/gin-gonic/gin"
+)
+
+func AdminMiddleware(router *gin.RouterGroup) {
+
+	// Handl
+	router.Use(func(ctx *gin.Context) {
+
+		// Check which route we are accessing
+		fmt.Println(`Accesing: `, ctx.Request.RequestURI)
+
+		// Check if the request is other than the login request
+		if ctx.Request.RequestURI != "/admin/login" {
+			// Check if the user is logged-in
+
+			fmt.Println(`Checking if admin`)
+
+			if !IsAdmin(ctx) {
+				// Not an admin, redirect to homepage
+				ctx.Redirect(http.StatusTemporaryRedirect, "/")
+				ctx.Abort()
+
+				fmt.Println(`Not an admin!`)
+				return
+			}
+
+		}
+
+	})
+
+}
+
+func IsAdmin(ctx *gin.Context) bool {
+	adminToken, err := ctx.Cookie("admin_token")
+	if err != nil {
+		return false
+	}
+
+	// Encode the real token
+	sha512Hasher := sha512.New()
+	sha512Hasher.Write([]byte(helper.GetAdminToken()))
+	hashHexToken := sha512Hasher.Sum(nil)
+	trueToken := hex.EncodeToString(hashHexToken)
+
+	// Check if the user's admin token matches the token
+	if adminToken != "" && adminToken == trueToken {
+		// Yep, it's the admin!
+		return true
+	}
+
+	// Definitely not an admin
+	return false
+}

lib/helper/helper_main.go

@@ -72,3 +72,18 @@ func GetCacheMapLimit() int {
 
 	return rez
 }
+
+// Get the admin token used to authenticate as an admin
+func GetAdminToken() string {
+	// Get the admin login from the environment
+	adminToken, exists := os.LookupEnv("ADMIN_TOKEN")
+
+	// Check if the admin token was defined
+	if !exists {
+		// The admin token was not defined, disable admin logins
+		return ""
+	}
+
+	// Return the admin token
+	return adminToken
+}

lib/objects/objects_post.go

@@ -26,6 +26,13 @@ type Post struct {
 	Views        uint32 `json:"views"`
 }
 
+func (p *Post) Delete() error {
+	filePath := path.Join(getStorageDirectory(), p.Name)
+
+	// Remove the file and return the result
+	return os.Remove(filePath)
+}
+
 // Get the path to the views JSON
 func getViewsFilePath() (string, error) {
 	// Get the path to the storage then append the const name for the storage file
@@ -94,7 +101,7 @@ func LoadViewsCache() error {
 	return nil
 }
 
-func AddViewToPost(postName string) uint32 {
+func AddViewToPost(postName string, incrementViews bool) uint32 {
 	// Lock the viewers mapping
 	viewersLock.Lock()
 
@@ -104,8 +111,10 @@ func AddViewToPost(postName string) uint32 {
 		ViewsCache[postName] = 0
 	}
 
-	// Add to the counter
+	if incrementViews {
-	ViewsCache[postName]++
+		// Add to the counter
+		ViewsCache[postName]++
+	}
 
 	// Unlock
 	viewersLock.Unlock()
@@ -175,7 +184,7 @@ func getStorageDirectory() string {
 }
 
 // Get a post from the file system
-func GetPost(fileName string) Post {
+func GetPost(fileName string, incrementViews bool) Post {
 	// Get the base storage directory and make sure it exists
 	storageDir := getStorageDirectory()
 
@@ -183,7 +192,7 @@ func GetPost(fileName string) Post {
 	filePath := fmt.Sprintf("%s%s", storageDir, fileName)
 
 	// Get the post views and add 1 to them
-	postViews := AddViewToPost(fileName)
+	postViews := AddViewToPost(fileName, incrementViews)
 
 	p := Post{
 		Name:         fileName,
@@ -295,3 +304,30 @@ func CleanupPosts(age int) {
 
 	}
 }
+
+func GetAllPosts() []Post {
+	// Initialize the list of posts
+	postList := []Post{}
+
+	// Get the posts storage directory
+	storageDir := getStorageDirectory()
+
+	// Read the directory listing
+	files, err := os.ReadDir(storageDir)
+	// Check if thereh as been an issues with reading the directory contents
+	if err != nil {
+		// Log the error
+		fmt.Println("Error::GetAllPosts:", err)
+		// Return an empty list to have a clean fallback
+		return []Post{}
+	}
+
+	// Go through all of the files
+	for _, v := range files {
+		// Process the file into a pad
+		postList = append(postList, GetPost(v.Name(), false))
+	}
+
+	// Return the post list
+	return postList
+}

lib/routes/routes_admin.go

@@ -0,0 +1,95 @@
+package routes
+
+import (
+	"encoding/hex"
+	"fmt"
+	"net/http"
+
+	"github.com/JustKato/FreePad/lib/controllers"
+	"github.com/JustKato/FreePad/lib/helper"
+	"github.com/JustKato/FreePad/lib/objects"
+	"github.com/gin-gonic/gin"
+
+	"crypto/sha512"
+)
+
+var adminLoginToken string = ""
+
+func AdminRoutes(router *gin.RouterGroup) {
+
+	adminLoginToken = helper.GetAdminToken()
+
+	// Apply the admin middleware for identification
+	controllers.AdminMiddleware(router)
+
+	// Admin login route
+	router.GET("/login", func(ctx *gin.Context) {
+		ctx.HTML(200, "admin_login.html", gin.H{
+			"title":       "Login Login",
+			"domain_base": helper.GetDomainBase(),
+		})
+	})
+
+	router.POST("/login", func(ctx *gin.Context) {
+
+		// Get the value of the admin token
+		adminToken := ctx.PostForm("admin-token")
+
+		// Check if the input admin token matches our admin token
+		if adminLoginToken != "" && adminLoginToken == adminToken {
+
+			sha512Hasher := sha512.New()
+			sha512Hasher.Write([]byte(adminToken))
+
+			// Set the cookie to be an admin
+			hashHexToken := sha512Hasher.Sum(nil)
+			hashToken := hex.EncodeToString(hashHexToken)
+
+			// Set the cookie
+			ctx.SetCookie("admin_token", hashToken, 60*60, "/", helper.GetDomainBase(), true, true)
+
+			ctx.Request.Method = "GET"
+
+			// Redirect the user to the admin page
+			ctx.Redirect(http.StatusFound, "/admin/view")
+			return
+		} else {
+			ctx.Request.Method = "GET"
+
+			// Redirect the user to the admin page
+			ctx.Redirect(http.StatusFound, "/admin/login?fail")
+			return
+		}
+
+	})
+
+	router.GET("/delete/:padname", func(ctx *gin.Context) {
+		// Get the pad name that we bout' to delete
+		padName := ctx.Param("padname")
+
+		// Try and get the pad, check if valid
+		pad := objects.GetPost(padName, false)
+
+		// Delete the pad
+		err := pad.Delete()
+		fmt.Println(err)
+
+		// Redirect the user to the admin page
+		ctx.Redirect(http.StatusFound, "/admin/view")
+	})
+
+	// Admin view route
+	router.GET("/view", func(ctx *gin.Context) {
+
+		// Get all of the pads as a listing
+		padList := objects.GetAllPosts()
+
+		ctx.HTML(200, "admin_view.html", gin.H{
+			"title":       "Admin",
+			"padList":     padList,
+			"domain_base": helper.GetDomainBase(),
+		})
+
+	})
+
+}

lib/routes/routes_home.go

@@ -41,7 +41,7 @@ func HomeRoutes(router *gin.Engine) {
 		}
 		postName = sanitize.XSS(sanitize.SingleLine(postName))
 
-		post := objects.GetPost(postName)
+		post := objects.GetPost(postName, true)
 
 		c.HTML(200, "page.html", gin.H{
 			"title":          postName,

lib/socketmanager/socketmanager.go

@@ -0,0 +1,85 @@
+package socketmanager
+
+import (
+	"encoding/json"
+	"errors"
+	"fmt"
+	"net/http"
+
+	"github.com/gin-gonic/gin"
+	"github.com/gorilla/websocket"
+)
+
+var wsUpgrader = websocket.Upgrader{
+	ReadBufferSize:  1024, // TODO: Make it configurable via the .env file
+	WriteBufferSize: 1024, // TODO: Make it configurable via the .env file
+}
+
+// TODO: Use generics so that we can take string messages, that'd be nice!
+type SocketMessage struct {
+	EventType string                 `json:"eventType"`
+	PadName   string                 `json:"padName"`
+	Message   map[string]interface{} `json:"message"`
+}
+
+// Bind the websockets to the gin router
+func BindSocket(router *gin.RouterGroup) {
+
+	router.GET("/get", func(ctx *gin.Context) {
+		webSocketUpgrade(ctx.Writer, ctx.Request)
+	})
+
+}
+
+func webSocketUpgrade(w http.ResponseWriter, r *http.Request) {
+	conn, err := wsUpgrader.Upgrade(w, r, nil)
+	if err != nil {
+		fmt.Printf("Failed to set websocket upgrade: %v\n", err)
+		return
+	}
+
+	// Start listening to this socket
+	for {
+		// Try Read the JSON input from the socket
+		_, msg, err := conn.ReadMessage()
+
+		// Check if a close request was sent
+		if errors.Is(err, websocket.ErrCloseSent) {
+			break
+		}
+
+		if err != nil {
+			// There has been an error reading the message
+			fmt.Println("Failed to read from the socket")
+			// Skip this cycle
+			continue
+		}
+
+		// Init the variable
+		var p SocketMessage
+		// Try and parse the json
+		err = json.Unmarshal([]byte(msg), &p)
+		if err != nil {
+			// There has been an error reading the message
+			fmt.Println("Failed to parse the JSON", err)
+			// Skip this cycle
+			continue
+		}
+
+		// Pass the message to the proper handlers
+
+		handleSocketMessage(p)
+	}
+}
+
+// Handle the socket's message
+func handleSocketMessage(msg SocketMessage) {
+
+	// Check the type of message
+	fmt.Println(msg.EventType)
+
+}
+
+func BroadcastMessage(padName string, message string) {
+
+}

main.go

@@ -7,6 +7,7 @@ import (
 	"github.com/JustKato/FreePad/lib/controllers"
 	"github.com/JustKato/FreePad/lib/objects"
 	"github.com/JustKato/FreePad/lib/routes"
+	"github.com/JustKato/FreePad/lib/socketmanager"
 	"github.com/gin-gonic/gin"
 	"github.com/joho/godotenv"
 )
@@ -46,9 +47,15 @@ func main() {
 	// Implement the rate limiter
 	controllers.DoRateLimit(router)
 
+	// Admin Routing
+	routes.AdminRoutes(router.Group("/admin"))
+
 	// Add Routes
 	routes.HomeRoutes(router)
 
+	// Bind the Web Sockets
+	socketmanager.BindSocket(router.Group("/ws"))
+
 	router.Run(":8080")
 
 }

static/js/ws.js

@@ -0,0 +1,77 @@
+class PadSocket {
+
+    ws      = null;
+    padName = null;
+    /**
+     * @deprecated
+     */
+    state   = null;
+
+    /**
+     * Create a new PadSocket
+     * @param {string} padName The name of the pad
+     * @param {string} connUrl The URL to the websocket
+     */
+    constructor(padName, connUrl = null) {
+
+        // Check if a connection URL was mentioned
+        if ( connUrl == null ) {
+            // Try and connect to the local websocket
+            connUrl = `ws://` + window.location.host + "/ws/get";
+        }
+
+        // Connect to the websocket
+        const ws = new WebSocket(connUrl);
+        ws.onopen = () => {
+            // TODO: This is redundant, we could check the websocket status: ws.readyState == WebSocket.OPEN
+            this.state = 'active';
+        }
+
+        // Bind the onMessage function
+        ws.onmessage = this.handleMessage;
+
+        // Assign the websocket
+        this.ws = ws;
+        // Assign the pad name
+        this.padName = padName;
+    }
+
+    /**
+     * @description Send a message to the server
+     * @param {string} eventType The type of event, this can be anything really, it's just used for routing by the server
+     * @param {Object} message The message to send out to the server, this can only be of format string but JSON is parsed.
+     */
+    sendMessage = (eventType, message) => {
+
+        if ( this.state != 'active' ) {
+            throw new Error(`The websocket connection is not active`);
+        }
+
+        // Check if the message is a string
+        if ( typeof message == 'string' ) {
+            // Convert the message into a map[string]interface{}
+            message = {
+                "message": message,
+            };
+        }
+
+        // TODO: Compress the message, usually we will be sending the whole body of the pad from the client to the server or vice-versa.
+        this.ws.send( JSON.stringify({
+            eventType,
+            padName: this.padName,
+            message,
+        }))
+
+    }
+
+    handleMessage = ev => {
+        console.log(ev);
+    }
+
+}
+
+// TODO: Test if this is actually necessary or the DOMContentLoaded event would suffice
+// wait for the whole window to load
+window.addEventListener(`load`, e => {
+    window.socket = new PadSocket(padTitle);
+})

templates/pages/admin_login.html

@@ -0,0 +1,42 @@
+{{ template "inc/header.html" .}}
+
+<body>
+
+    <main id="main-card" class="container rounded mt-5 shadow-sm">
+        <div class="p-3">
+
+            <a href="/" class="logo-container w-100 d-flex mb-4">
+                <img src="/static/img/logo_transparent.png" alt="Logo" style="max-width: 50%; margin: 0 auto;" class="mx-auto">
+            </a>
+
+            <div class="form-group my-4">
+                <form class="search-action input-group" method="post" action="/admin/login">
+                    <input autocomplete="off" type="password" class="form-control form-control-lg" name="admin-token" placeholder="Your Admin token" aria-label="Your Admin token" aria-describedby="admin-token-button" id="admin-token">
+
+                    <button class="btn btn-primary" type="submit" id="admin-token-button">
+                        <svg xmlns="http://www.w3.org/2000/svg" width="24 " height="24 " fill="currentColor" class="bi bi-box-arrow-in-right" viewBox="0 0 16 16">
+                            <path fill-rule="evenodd" d="M6 3.5a.5.5 0 0 1 .5-.5h8a.5.5 0 0 1 .5.5v9a.5.5 0 0 1-.5.5h-8a.5.5 0 0 1-.5-.5v-2a.5.5 0 0 0-1 0v2A1.5 1.5 0 0 0 6.5 14h8a1.5 1.5 0 0 0 1.5-1.5v-9A1.5 1.5 0 0 0 14.5 2h-8A1.5 1.5 0 0 0 5 3.5v2a.5.5 0 0 0 1 0v-2z"/>
+                            <path fill-rule="evenodd" d="M11.854 8.354a.5.5 0 0 0 0-.708l-3-3a.5.5 0 1 0-.708.708L10.293 7.5H1.5a.5.5 0 0 0 0 1h8.793l-2.147 2.146a.5.5 0 0 0 .708.708l3-3z"/>
+                        </svg>
+                    </button>
+
+                </form>
+                <small class="text-muted">Access the admin interface for FreePad, this can only be done through the Admin Token.</small>
+            </div>
+        </div>
+
+        <footer class="text-muted py-5 border-top text-center">
+            <p class="mb-1">
+                FreePad by <a href="https://justkato.me/">©Kato Twofold</a>
+            </p>
+            <p class="mb-0">
+                FreePad is freely available over on our <a href="https://github.com/JustKato/FreePad">GitHub</a>
+            </p>
+        </footer>
+
+    </main>
+
+    {{ template "inc/theme-toggle.html" .}}
+</body>
+
+{{ template "inc/footer.html" .}}

templates/pages/admin_view.html

@@ -0,0 +1,94 @@
+{{ template "inc/header.html" .}}
+
+<style>
+
+    .pad-instance {
+        display: flex;
+        flex-flow: row;
+        justify-content: space-between;
+        align-items: center;
+    }
+
+    #pad-list {
+        max-height: 30rem;
+        overflow-x: hidden;
+        overflow-y: auto;
+    }
+
+    .pad-name {
+        max-width: 30%;
+        overflow: hidden;
+    }
+
+</style>
+
+<body>
+
+    <main id="main-card" class="container rounded mt-5 shadow-sm">
+        <div class="p-3">
+
+            <a href="/" class="logo-container w-100 d-flex mb-4">
+                <img src="/static/img/logo_transparent.png" alt="Logo" style="max-width: 50%; margin: 0 auto;" class="mx-auto">
+            </a>
+
+            <div class="form-group my-4 border-top p-3 border">
+
+                <div class="pad-instance my-2 border-bottom">
+                    <div class="pad-name col-5">
+                        Pad Name
+                    </div>
+                    <div class="pad-last-view col-1">
+                        Views
+                    </div>
+                    <div class="pad-last-modified col-4">
+                        Create Date
+                    </div>
+                    <div class="col-2">
+                        Actions
+                    </div>
+                </div>
+
+                <div id="pad-list" >
+                    {{ range $indx, $element := .padList }}
+
+                        <div class="pad-instance my-2">
+                            <div class="pad-name col-5">
+                                <a href="/{{ $element.Name }}">
+                                    {{ $element.Name }}
+                                </a>
+                            </div>
+                            <div class="pad-last-view col-1">
+                                {{ $element.Views }}
+                            </div>
+                            <div class="pad-last-modified col-4">
+                                {{ $element.LastModified }}
+                            </div>
+                            <div class="col-2">
+                                <div onclick="doDelete({{ $element.Name }})" class="btn btn-danger">
+                                    Delete
+                                </div>
+                            </div>
+                        </div>
+    
+                    {{ end }}
+                </div>
+
+            </div>
+        </div>
+
+    </main>
+
+    {{ template "inc/theme-toggle.html" .}}
+</body>
+
+<script>
+    function doDelete(id) {
+        // Confirm deletion
+        if ( confirm("Confirm pad deletion?") ) {
+            // Do delete
+            window.location.href = `/admin/delete/${id}`;
+        }
+    }
+</script>
+
+{{ template "inc/footer.html" .}}

templates/pages/page.html

@@ -209,6 +209,7 @@
     {{ template "inc/theme-toggle.html" .}}
 </body>
 
+<script src="/static/js/ws.js"></script>
 <script src="/static/js/fileSaver.js"></script>
 <script src="/static/js/pad.js"></script>
 <script src="/static/js/pad-scripts.js"></script>