Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feature/bare2share: implement redirect anonymous bare url to /share page #667

Draft
wants to merge 25 commits into
base: develop
Choose a base branch
from

Conversation

maphew
Copy link

@maphew maphew commented Nov 24, 2024

addresses #658
Adds Options >> Other >> Share Settings:

  • Added a simple checkbox to enable/disable bare domain redirect to /share
  • "Show login in share theme" option

Some of the intemediate commits use custom urls for both Share and Login.
I rolled back because was getting too complicated. For example,
what if user defined urls that are already used by existing routes? We'd
need to add path validation and probably other stuff too.

My motivation was to obscure the login link in order to provide a little
protection from simple bot attacks. It's likely better to take a
considered security look (from folks who know this space!)

Redirect works. Must share at least one note and make it `#shareRoot`

Todo:
- explore making this an optional setting in UI
- make the share and login urls customizable
- think about if/where/how to put login link in default share theme
- if word other than `share` is used, there is no route. Maybe making
this configurable is too much overhead.

- Login link is incorrect - `share_page.login` instead of `./login`,
probably bad translation setup
Rolled back custom url setting. It was getting too complicated. For example,
what if user defined urls that are already used by existing routes? We'd
need to add path validation and probably other stuff too.

My motivation was to obscure the login link in order to provide a little
protection from simple bot attacks. It's likely better to take a
considered security look (from folks who know this space!)
@perfectra1n
Copy link
Contributor

I understand about the motivation - but security through obscurity doesn't count for much unfortunately. Definitely a cool idea though, I dig the effort 💪

@maphew maphew marked this pull request as draft November 24, 2024 22:20
@maphew
Copy link
Author

maphew commented Nov 24, 2024

current code is not working. :-/
converted to draft.
Somehow what I committed differs from what I had running and working. I'm tracking that down now.

Previous commit contained mishmash of the abandoned custom share and
login redirect urls and simple bare domain redirect. Simply put: was
broken and didn't work.

Todo: test with a new setup and no initialised db.
...and put Share settings at end of Other section
@maphew maphew marked this pull request as ready for review November 25, 2024 05:40
@maphew
Copy link
Author

maphew commented Nov 25, 2024

Cleaned up and believed ready for review.

# Conflicts:
#	src/public/app/widgets/type_widgets/content_widget.js
#	src/public/translations/en/translation.json
#	src/routes/api/options.ts
#	src/services/options_init.ts
docker: untested
fly.io: untested (that's next)

refactor: simplify TypeScript development environment

- Streamline dev environment to run TS directly with ts-node
- Add separate production Dockerfile for fly.io deployment
- Update tsconfig.json paths for better type resolution
- Add development log for tracking setup decisions

Development changes:
- Remove complex build steps from dev environment
- Use nodemon for better hot-reloading experience
- Keep source TypeScript files for easier debugging

Production changes:
- Add fly.dockerfile with proper build and optimization
- Create separate production run script
- Maintain full TypeScript compilation for production
@maphew
Copy link
Author

maphew commented Dec 3, 2024

Latest changes are about making deploy to Fly.io so the new feature can be demoed. Converting back to draft as there are files that I would rename/move/delete if having Fly files in the repo doesn't make sense. But please do review current state so I can continue.

Deploying to Fly works, and the new redirect options in Other are seen but for a reason I haven't been able to troubleshoot saving is disallowed. It works fine in my local development container though. I need help!

image

@maphew maphew marked this pull request as draft December 3, 2024 06:54
@maphew
Copy link
Author

maphew commented Dec 3, 2024

the powershell scripts run-notes-dev.ps1 and run-notes-prod.ps1 build and run those respective containers. I'm using podman instead of docker but I believe most/all the command arguments the same for both tools.

# Conflicts:
#	src/public/translations/en/translation.json
#	src/routes/api/options.ts
...that unwaps all packets in transit, which all sane SSL interpret as
conducting man in the middle attacks.
@maphew
Copy link
Author

maphew commented Dec 10, 2024

status: not ready for review. More files have been touched than necessary and I need to audit those changes.

# Conflicts:
#	src/public/translations/en/translation.json
#	src/services/auth.ts
#	src/services/options.ts
#	tsconfig.json
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants