Merge 97506c0bcd into 6b576f2ffe

announce: URL encode/decode template labels
Fixes #340, allowing slashes (/) in label names which would break the URL otherwise.
2024-09-07 21:10:11 +00:00 · 2024-07-24 22:11:51 +02:00 · 2024-07-21 17:45:36 +01:00 · 2024-07-21 17:27:41 +01:00 · 2024-07-21 14:29:35 +01:00 · 2024-07-14 00:32:25 +01:00
9 changed files with 50 additions and 23 deletions
--- a/.drone.yml
+++ b/.drone.yml
@ -85,7 +85,7 @@ steps:
      commands:
        - curl -sL https://git.io/goreleaser > goreleaser
        - chmod +x goreleaser
-        - ./scripts/version.sh ./goreleaser --snapshot --skip-publish --clean
+        - ./scripts/version.sh ./goreleaser --snapshot --skip=publish --clean
        - wget https://builds.hrfee.pw/upload.py
        - pip3 install requests
        - bash -c 'sftp -i /id_rsa2 -o StrictHostKeyChecking=no root@161.97.102.153:/mnt/redoc <<< $"put docs/swagger.json jfa-go.json"'
@ -164,7 +164,7 @@ steps:
      commands:
        - curl -sL https://git.io/goreleaser > goreleaser
        - chmod +x goreleaser
-        - ./scripts/version.sh ./goreleaser --snapshot --skip-publish --clean
+        - ./scripts/version.sh ./goreleaser --snapshot --skip=publish --clean

 trigger:
    event:
--- a/.goreleaser.yml
+++ b/.goreleaser.yml
@ -1,3 +1,5 @@
+# yaml-language-server: $schema=https://goreleaser.com/static/schema.json
+version: 2
 project_name: jfa-go
 release:
    github:
--- a/api-users.go
+++ b/api-users.go
@ -2,6 +2,7 @@ package main

 import (
 	"fmt"
+	"net/url"
 	"os"
 	"strings"
 	"time"
@ -927,12 +928,17 @@ func (app *appContext) GetAnnounceTemplates(gc *gin.Context) {
 // @Produce json
 // @Success 200 {object} announcementTemplate
 // @Failure 400 {object} boolResponse
-// @Param name path string true "name of template"
+// @Param name path string true "name of template (url encoded if necessary)"
 // @Router /users/announce/template/{name} [get]
 // @Security Bearer
 // @tags Users
 func (app *appContext) GetAnnounceTemplate(gc *gin.Context) {
-	name := gc.Param("name")
+	escapedName := gc.Param("name")
+	name, err := url.QueryUnescape(escapedName)
+	if err != nil {
+		respondBool(400, false, gc)
+		return
+	}
 	if announcement, ok := app.storage.GetAnnouncementsKey(name); ok {
 		gc.JSON(200, announcement)
 		return
--- a/main.go
+++ b/main.go
@ -566,11 +566,19 @@ func start(asDaemon, firstCall bool) {
 					}
 				}

-				app.err.Fatalf("Failure serving with SSL/TLS: %s", err)
+				if err == http.ErrServerClosed {
+					app.err.Printf("Failure serving with SSL/TLS: %s", err)
+				} else {
+					app.err.Fatalf("Failure serving with SSL/TLS: %s", err)
+				}
 			}
 		} else {
 			if err := SRV.ListenAndServe(); err != nil {
-				app.err.Printf("Failure serving: %s", err)
+				if err == http.ErrServerClosed {
+					app.err.Printf("Failure serving: %s", err)
+				} else {
+					app.err.Fatalf("Failure serving: %s", err)
+				}
 			}
 		}
 	}()
--- a/package-lock.json
+++ b/package-lock.json
@ -22,7 +22,7 @@
        "mjml": "^4.14.1",
        "nightwind": "^1.1.13",
        "perl-regex": "^1.0.4",
-        "postcss": "^8.4.24",
+        "postcss": "^8.4.31",
        "remixicon": "^3.3.0",
        "remove-markdown": "^0.5.0",
        "tailwindcss": "^3.3.2",
@ -1653,6 +1653,7 @@
      "resolved": "https://registry.npmjs.org/esbuild/-/esbuild-0.18.20.tgz",
      "integrity": "sha512-ceqxoedUrcayh7Y7ZX6NdbbDzGROiyVBgC4PriJThBKSVPWnnFHZAkfI1lJT8QFkOwH4qOS2SJkS4wvpGl8BpA==",
      "hasInstallScript": true,
+      "license": "MIT",
      "optional": true,
      "bin": {
        "esbuild": "bin/esbuild"
@ -4273,9 +4274,9 @@
      }
    },
    "node_modules/postcss": {
-      "version": "8.4.24",
-      "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.24.tgz",
-      "integrity": "sha512-M0RzbcI0sO/XJNucsGjvWU9ERWxb/ytp1w6dKtxTKgixdtQDq4rmx/g8W1hnaheq9jgwL/oyEdH5Bc4WwJKMqg==",
+      "version": "8.4.31",
+      "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.31.tgz",
+      "integrity": "sha512-PS08Iboia9mts/2ygV3eLpY5ghnUcfLV/EXTOW1E2qYxJKGGBUtNjN76FYHnMs36RmARn41bC0AZmn+rR0OVpQ==",
      "funding": [
        {
          "type": "opencollective",
@ -9990,9 +9991,9 @@
      "dev": true
    },
    "postcss": {
-      "version": "8.4.24",
-      "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.24.tgz",
-      "integrity": "sha512-M0RzbcI0sO/XJNucsGjvWU9ERWxb/ytp1w6dKtxTKgixdtQDq4rmx/g8W1hnaheq9jgwL/oyEdH5Bc4WwJKMqg==",
+      "version": "8.4.31",
+      "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.31.tgz",
+      "integrity": "sha512-PS08Iboia9mts/2ygV3eLpY5ghnUcfLV/EXTOW1E2qYxJKGGBUtNjN76FYHnMs36RmARn41bC0AZmn+rR0OVpQ==",
      "requires": {
        "nanoid": "^3.3.6",
        "picocolors": "^1.0.0",
--- a/package.json
+++ b/package.json
@ -30,7 +30,7 @@
    "mjml": "^4.14.1",
    "nightwind": "^1.1.13",
    "perl-regex": "^1.0.4",
-    "postcss": "^8.4.24",
+    "postcss": "^8.4.31",
    "remixicon": "^3.3.0",
    "remove-markdown": "^0.5.0",
    "tailwindcss": "^3.3.2",
--- a/scripts/version.sh
+++ b/scripts/version.sh
@ -16,4 +16,6 @@ else
 fi

 JFA_GO_VERSION=$(git describe --exact-match HEAD 2> /dev/null || echo 'vgit')
-JFA_GO_CSS_VERSION="v3" JFA_GO_NFPM_EPOCH=$(git rev-list --all --count) JFA_GO_BUILD_TIME=$(date +%s) JFA_GO_BUILT_BY=${JFA_GO_BUILT_BY:-"???"} JFA_GO_VERSION="$(echo $JFA_GO_VERSION | sed 's/v//g')" $@
+TIMEOUT=60m
+
+JFA_GO_CSS_VERSION="v3" JFA_GO_NFPM_EPOCH=$(git rev-list --all --count) JFA_GO_BUILD_TIME=$(date +%s) JFA_GO_BUILT_BY=${JFA_GO_BUILT_BY:-"???"} JFA_GO_VERSION="$(echo $JFA_GO_VERSION | sed 's/v//g')" $@ --timeout $TIMEOUT
--- a/ts/modules/accounts.ts
+++ b/ts/modules/accounts.ts
@ -1275,8 +1275,9 @@ export class accountsList {
                el.innerHTML = `
                <span class="button ~neutral sm full-width accounts-announce-template-button">${name}</span><span class="button ~critical fr ml-4 accounts-announce-template-delete">&times;</span>
                `;
+                let urlSafeName = encodeURIComponent(encodeURIComponent(name));
                (el.querySelector("span.accounts-announce-template-button") as HTMLSpanElement).onclick = () => {
-                    _get("/users/announce/" + name, null, (req: XMLHttpRequest) => {
+                    _get("/users/announce/" + urlSafeName, null, (req: XMLHttpRequest) => {
                        if (req.readyState == 4) {
                            let template: announcementTemplate;
                            if (req.status != 200) {
@ -1289,7 +1290,7 @@ export class accountsList {
                    });
                };
                (el.querySelector("span.accounts-announce-template-delete") as HTMLSpanElement).onclick = () => {
-                    _delete("/users/announce/" + name, null, (req: XMLHttpRequest) => {
+                    _delete("/users/announce/" + urlSafeName, null, (req: XMLHttpRequest) => {
                        if (req.readyState == 4) {
                            if (req.status != 200) {
                                window.notifications.customError("deleteTemplateError", window.lang.notif("errorFailureCheckLogs"));
--- a/ts/user.ts
+++ b/ts/user.ts
@ -266,13 +266,20 @@ class ReferralCard {
    get code(): string { return this._code; }
    set code(c: string) {
        this._code = c;
-        let url = window.location.href;
-        for (let split of ["#", "?", "account", "my"]) {
-            url = url.split(split)[0];
+        
+        let u = new URL(window.location.href);
+        let path = u.pathname;
+        for (let split of ["account", "my"]) {
+            path = path.split(split)[0];
        }
-        if (url.slice(-1) != "/") { url += "/"; }
-        url = url + "invite/" + this._code;
-        this._url = url;
+        if (path.slice(-1) != "/") { path += "/"; }
+        path = path + "invite/" + this._code;
+        
+        u.pathname = path;
+        u.hash = "";
+        u.search = "";
+    
+        this._url = u.toString();
    }

    get remaining_uses(): number { return this._remainingUses; }
Author	SHA1	Message	Date
dependabot[bot]	610ca635f3	Merge `97506c0bcd` into `6b576f2ffe`	2024-07-24 22:11:51 +02:00
Harvey Tindall	6b576f2ffe	announce: URL encode/decode template labels Fixes #340, allowing slashes (/) in label names which would break the URL otherwise.	2024-07-21 17:45:36 +01:00
Harvey Tindall	7c989fda08	tls: don't "crash" on server close TLS server section called Fatalf, while the normal section called Printf on server close. Fatalf is now only called if the server wasn't shutdown manually, e.g. when certificates are wrong. Same change was applied to non-tls section, so crashes will actually occur when things like ports are occupied. Fixes #343.	2024-07-21 17:27:41 +01:00
Harvey Tindall	a4d436b16b	build: increase goreleaser build timeout CI server is quite slow, so the 30m timeout of goreleaser was being exceeded. Bumped to 60m, as defined by "TIMEOUT" in version.sh.	2024-07-21 14:29:35 +01:00
Harvey Tindall	9339992693	Merge branch 'main' of github.com:hrfee/jfa-go	2024-07-14 00:32:25 +01:00
Harvey Tindall	214d16cf0e	goreleaser: increment version no actual changes.	2024-07-14 00:30:01 +01:00
Harvey Tindall	a085e91cc6	Merge pull request #347 from jeppevinkel/patch-1 Fix referral url when subdomain contains `account`	2024-07-13 23:33:46 +01:00
Harvey Tindall	272c38e0c5	user: url split on pathname only	2024-07-13 14:22:05 +01:00
jeppevinkel	6052329c0b	Fix deprecated georeleaser flag Updated the `--skip-publish` flag to the new `--skip=publish` format.	2024-07-10 09:07:21 +02:00
jeppevinkel	acfdcdbc63	Fix referral url when subdomain contains `account` This fix should work to grab the base url more consistently when the sub domain includes `account` in the name.	2024-07-10 01:22:12 +02:00
dependabot[bot]	97506c0bcd	build(deps): bump postcss from 8.4.24 to 8.4.31 Bumps [postcss](https://github.com/postcss/postcss) from 8.4.24 to 8.4.31. - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](https://github.com/postcss/postcss/compare/8.4.24...8.4.31) --- updated-dependencies: - dependency-name: postcss dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>	2023-10-05 11:38:10 +00:00