-
Notifications
You must be signed in to change notification settings - Fork 82
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feature/bare2share: implement redirect anonymous bare url to /share page #667
base: develop
Are you sure you want to change the base?
Conversation
Redirect works. Must share at least one note and make it `#shareRoot` Todo: - explore making this an optional setting in UI - make the share and login urls customizable - think about if/where/how to put login link in default share theme
- if word other than `share` is used, there is no route. Maybe making this configurable is too much overhead. - Login link is incorrect - `share_page.login` instead of `./login`, probably bad translation setup
Rolled back custom url setting. It was getting too complicated. For example, what if user defined urls that are already used by existing routes? We'd need to add path validation and probably other stuff too. My motivation was to obscure the login link in order to provide a little protection from simple bot attacks. It's likely better to take a considered security look (from folks who know this space!)
I understand about the motivation - but security through obscurity doesn't count for much unfortunately. Definitely a cool idea though, I dig the effort 💪 |
current code is not working. :-/ |
Previous commit contained mishmash of the abandoned custom share and login redirect urls and simple bare domain redirect. Simply put: was broken and didn't work. Todo: test with a new setup and no initialised db.
...and put Share settings at end of Other section
Cleaned up and believed ready for review. |
# Conflicts: # src/public/app/widgets/type_widgets/content_widget.js # src/public/translations/en/translation.json # src/routes/api/options.ts # src/services/options_init.ts
docker: untested fly.io: untested (that's next) refactor: simplify TypeScript development environment - Streamline dev environment to run TS directly with ts-node - Add separate production Dockerfile for fly.io deployment - Update tsconfig.json paths for better type resolution - Add development log for tracking setup decisions Development changes: - Remove complex build steps from dev environment - Use nodemon for better hot-reloading experience - Keep source TypeScript files for easier debugging Production changes: - Add fly.dockerfile with proper build and optimization - Create separate production run script - Maintain full TypeScript compilation for production
suggested by Claude 3.5 Sonnet
Latest changes are about making deploy to Fly.io so the new feature can be demoed. Converting back to draft as there are files that I would rename/move/delete if having Fly files in the repo doesn't make sense. But please do review current state so I can continue. Deploying to Fly works, and the new redirect options in Other are seen but for a reason I haven't been able to troubleshoot saving is disallowed. It works fine in my local development container though. I need help! |
the powershell scripts |
# Conflicts: # src/public/translations/en/translation.json # src/routes/api/options.ts
...that unwaps all packets in transit, which all sane SSL interpret as conducting man in the middle attacks.
status: not ready for review. More files have been touched than necessary and I need to audit those changes. |
# Conflicts: # src/public/translations/en/translation.json # src/services/auth.ts # src/services/options.ts # tsconfig.json
addresses #658
Adds Options >> Other >> Share Settings:
Some of the intemediate commits use custom urls for both Share and Login.
I rolled back because was getting too complicated. For example,
what if user defined urls that are already used by existing routes? We'd
need to add path validation and probably other stuff too.
My motivation was to obscure the login link in order to provide a little
protection from simple bot attacks. It's likely better to take a
considered security look (from folks who know this space!)