todo

.gitignore

@@ -1,9 +1,14 @@
 **/*.sw*
+server/exec-server
 server/ezmded
+server/exec-ezmded
 server/server
 server/testdata/files/**/*
 server/testdata/workd/**/*
 server/testdata/media/**/*
 server/testdata/index.html
 ui/render
-ui/**/.*.html
+server/public/ui/**/.*.html
+**/*.ctmpl.html
+server/public/ui/render
+server/releasedata

crawler/README.md

@@ -0,0 +1,10 @@
+## running
+
+export RCLONE_CONFIG=/tmp/rclone.temp.conf
+export RCLONE_CONFIG_PASS=abc
+export CACHE=/tmp/notea-team3
+export NOTES_ADDR=${NOTES_ADDR:-http://localhost:3004}
+export GITLAB_PAT=$(get_secret GITLAB_PAT)
+mkdir -p $CACHE
+bash main.sh
+echo $?

crawler/gitlab.sh

@@ -32,7 +32,6 @@ gitlab() (
       blob="$(urlencode "$blob")"
 
       local path="api/v4/projects/$project/repository/files/$blob/raw"
-		log "url: https://gitlab-app.eng.qops.net/$path (blob=$blob, project=$project)"
       echo "https://gitlab-app.eng.qops.net/$path"
 	}
 
@@ -73,7 +72,6 @@ gitlab() (
       root="${root#tree/}"
 		root="$(echo "$root" | sed 's/^[^\/]*//')"
 		root="${root#/}"
-		log project=$project, root=$root, url=$url
       echo "$project"
       echo "$root"
    }

crawler/gitlab_wiki.sh

@@ -6,8 +6,9 @@ gitlab_wiki() (
    }
 
 	human_url() {
-		log "not impl: human url: $@"
-		exit 1
+		local url="${1%/}"
+		url="${url%%#*}"
+		echo "$url/$(echo "$2" | base64 --decode)"
 	}
 
 	_host() {
@@ -25,7 +26,7 @@ gitlab_wiki() (
 		project="${project%/-/}"
 		project="${project#/}"
 		project="${project%/}"
-		echo "$project"
+		echo "${project%%#*}"
 	}
 
 	_blob() {
@@ -36,7 +37,7 @@ gitlab_wiki() (
 		local blob="${path#*/wikis}"
 		blob="${blob#/}"
 		blob="${blob%/}"
-		echo "$blob"
+		echo "${blob%%#*}"
 	}
 
    get() {

crawler/main.sh

@@ -95,6 +95,8 @@ crawl_with() {
 	local content="$(echo "$json" | jq -r .content)"
 	local crawlable_source="$(extract_crawlable_source "$content")"
 
+	notes put "$pid" "$(notes meta "$pid" | jq -r .Meta.Title)" "$crawlable_source"
+
 	local expanded=($($backend expand "$crawlable_source"))
 
 	log purge $crawlable_source:
@@ -102,7 +104,7 @@ crawl_with() {
 		notes del "$subid"
 	done
 
-	log expand $crawlable_source:"$expanded"
+	log expand $crawlable_source:"${#expanded[@]}: ${expanded[@]}"
 	notes_mkdir_p() {
 		local id="$1"
 		local subtitle="${2%/}"
@@ -123,6 +125,7 @@ crawl_with() {
 		export CONTENT="$(
 			echo "**!! WARNING !! This page is autogenerated and prone to destruction and replacement**"
 			echo "**[See the original]($human_url)**"
+			echo ""
 			$backend get "$crawlable_source" "$i" \
 				| sed 's/](\([^#h]\)/]\(%%%\1/g'
 		)"
@@ -147,6 +150,11 @@ crawl_with() {
 			echo "$sum"
 		)"
 		ID="${ID%/}"
+		if [ "${#expanded[@]}" -lt 2 ]; then
+			ID="$pid"
+			TITLE="$(notes meta "$ID" | jq -r .Meta.Title)"
+			CONTENT="$(printf "%s\n\n%s", "$crawlable_source" "$CONTENT")"
+		fi
 		log "	$ID ($TITLE): ${#CONTENT}"
 		push_crawled "$ID" "$TITLE" "$CONTENT"
 		log "	/$ID ($TITLE): ${#CONTENT}"

crawler/notes.sh

@@ -106,6 +106,7 @@ notes() (
       _nncurl \
          -X PUT \
 			-H "Title: $title" \
+			-H "Read-Only: true" \
          -d "$body" \
          $NOTES_ADDR/api/v0/files/$id >&2
    }

server/.dockerignore

@@ -0,0 +1,3 @@
+.*
+**/.*
+**/*.sw*

server/Dockerfile

@@ -0,0 +1,32 @@
+FROM registry-app.eng.qops.net:5001/imported/alpine:3.15 as certs
+RUN apk update && apk add --no-cache ca-certificates
+
+FROM registry-app.eng.qops.net:5001/imported/alpine:3.15 as encoder
+WORKDIR /main
+RUN apk update && apk add --no-cache gpg gpg-agent
+ARG KEY=""
+COPY ./releasedata ./releasedata
+RUN cat ./releasedata/users.yaml \
+	| gpg --batch --no-tty --passphrase="$KEY" --cipher-algo AES256 --symmetric -z 0 \
+	> ./users.yaml.gpg
+
+FROM registry-app.eng.qops.net:5001/imported/alpine:3.15 as runner
+RUN apk update && apk --no-cache upgrade && apk add --no-cache bash gpg gpg-agent
+WORKDIR /main
+COPY --from=certs /etc/ssl/certs /etc/ssl/certs
+COPY --from=encoder /main/users.yaml.gpg ./
+
+COPY ./exec-server ./
+COPY ./public ./public
+RUN test -e /main/exec-server
+RUN test -d /main/public
+RUN mkdir -p /var/log /main/public/files /main/public/media
+
+ENV GOPATH=""
+VOLUME /main/public/files
+VOLUME /main/public/media
+ENV COOKIE_SECRET=""
+ENV KEY=""
+RUN echo 'cat /main/users.yaml.gpg | gpg --batch --no-tty --passphrase="$KEY" --decrypt > /main/users.yaml && /main/exec-server "$@"' > /main/entrypoint.sh
+ENTRYPOINT ["bash", "/main/entrypoint.sh"]
+CMD []

server/README.md

@@ -0,0 +1,19 @@
+## Using File Auth
+
+1. Build a linux binary with `GOOS=linux CGO_ENABLED=0 go build -o ./exec-server -a -installsuffix cgo -ldflags "-s -w"`
+1. Add your usernames, passwords, groups to `releasedata/users.yaml`
+1. {one time} Generate and store an encryption `KEY` in Vault+Lastpass
+1. Build a Docker image with `docker build -t registry-app.eng.qops.net:5001/breel/work-notes:latest --build-arg KEY='{{INSERT YOUR KEY HERE}}' .`
+1. Push with `docker push registry-app.eng.qops.net:5001/breel/work-notes:latest`
+1. Run like `docker run -v /mnt/files:/main/public/files -v /mnt/media:/main/public/media -e KEY='{{INSERT YOUR KEY HERE}}' -e COOKIE_SECRET='{{INSERT ANOTHER KEY HERE}}' -p 3005:3005 --rm -it registry-app.eng.qops.net:5001/breel/work-notes:latest -auth ./users.yaml -p 3005`
+
+### `users.yaml` Format
+
+```yaml
+users:
+  breel:
+    password: breel
+    groups:
+    - g1
+    - g2
+```

server/auth.go

@@ -0,0 +1,61 @@
+package main
+
+import (
+	"errors"
+	"io/ioutil"
+
+	yaml "gopkg.in/yaml.v2"
+)
+
+type auth interface {
+	Login(string, string) (bool, error)
+	Groups(string) ([]string, error)
+}
+
+type FileAuth struct {
+	path string
+}
+
+type fileAuthContent struct {
+	Users map[string]struct {
+		Password string
+		Groups   []string
+	}
+}
+
+func NewFileAuth(path string) FileAuth {
+	return FileAuth{path: path}
+}
+
+func (fileAuth FileAuth) Login(u, p string) (bool, error) {
+	content, err := fileAuth.load()
+	if err != nil {
+		return false, err
+	}
+	entry, ok := content.Users[u]
+	return ok && entry.Password == p, nil
+}
+
+func (fileAuth FileAuth) Groups(u string) ([]string, error) {
+	content, err := fileAuth.load()
+	if err != nil {
+		return nil, err
+	}
+	entry, ok := content.Users[u]
+	if !ok {
+		return nil, errors.New("invalid user")
+	}
+	return entry.Groups, nil
+}
+
+func (fileAuth FileAuth) load() (fileAuthContent, error) {
+	var fileAuthContent fileAuthContent
+	b, err := ioutil.ReadFile(fileAuth.path)
+	if err != nil {
+		return fileAuthContent, err
+	}
+	if err := yaml.Unmarshal(b, &fileAuthContent); err != nil {
+		return fileAuthContent, err
+	}
+	return fileAuthContent, nil
+}

server/auth_test.go

@@ -0,0 +1,118 @@
+package main
+
+import (
+	"fmt"
+	"io/ioutil"
+	"os"
+	"path"
+	"testing"
+)
+
+func TestFileAuth(t *testing.T) {
+	user := "username"
+	passw := "password"
+	g := "group"
+	emptyp := func() string {
+		d := t.TempDir()
+		f, err := ioutil.TempFile(d, "login.yaml.*")
+		if err != nil {
+			t.Fatal(err)
+		}
+		f.Close()
+		return path.Join(d, f.Name())
+	}
+	goodp := func() string {
+		p := emptyp()
+		if err := ensureAndWrite(p, []byte(fmt.Sprintf(`{
+			"users": {
+				%q: {
+					"password": %q,
+					"groups": [%q]
+				}
+			}
+		}`, user, passw, g))); err != nil {
+			t.Fatal(err)
+		}
+		return p
+	}
+
+	t.Run("no file", func(t *testing.T) {
+		p := emptyp()
+		os.Remove(p)
+		fa := NewFileAuth(p)
+		if _, err := fa.Login(user, passw); err == nil {
+			t.Fatal(err)
+		}
+	})
+
+	t.Run("bad file", func(t *testing.T) {
+		p := emptyp()
+		if err := ensureAndWrite(p, []byte(`{"hello:}`)); err != nil {
+			t.Fatal(err)
+		}
+		fa := NewFileAuth(p)
+		if _, err := fa.Login(user, passw); err == nil {
+			t.Fatal(err)
+		}
+	})
+
+	t.Run("bad user", func(t *testing.T) {
+		p := goodp()
+		fa := NewFileAuth(p)
+		if ok, err := fa.Login("bad"+user, passw); err != nil {
+			t.Fatal(err)
+		} else if ok {
+			t.Fatal(ok)
+		}
+	})
+
+	t.Run("bad pass", func(t *testing.T) {
+		p := goodp()
+		fa := NewFileAuth(p)
+		if ok, err := fa.Login(user, "bad"+passw); err != nil {
+			t.Fatal(err)
+		} else if ok {
+			t.Fatal(ok)
+		}
+	})
+
+	t.Run("good load", func(t *testing.T) {
+		p := goodp()
+		fa := NewFileAuth(p)
+		got, err := fa.load()
+		if err != nil {
+			t.Fatal(err)
+		}
+		if len(got.Users) != 1 {
+			t.Error(got.Users)
+		}
+		if entry, ok := got.Users[user]; !ok {
+			t.Error(ok)
+		} else if entry.Password != passw {
+			t.Error(entry)
+		} else if len(entry.Groups) != 1 {
+			t.Error(entry.Groups)
+		} else if entry.Groups[0] != g {
+			t.Error(entry.Groups)
+		}
+	})
+
+	t.Run("good", func(t *testing.T) {
+		p := goodp()
+		b, _ := ioutil.ReadFile(p)
+		t.Logf("goodp: %s: %s", p, b)
+		fa := NewFileAuth(p)
+		if ok, err := fa.Login(user, passw); err != nil {
+			t.Fatal(err)
+		} else if !ok {
+			t.Fatal(ok)
+		}
+		if groups, err := fa.Groups(user); err != nil {
+			t.Fatal(err)
+		} else if len(groups) != 1 {
+			t.Fatal(groups)
+		} else if groups[0] != g {
+			t.Fatal(groups)
+		}
+	})
+}

server/authenticate.go

@@ -0,0 +1,251 @@
+package main
+
+import (
+	"context"
+	"encoding/base64"
+	"encoding/json"
+	"errors"
+	"hash/crc32"
+	"log"
+	"net/http"
+	"os"
+	"time"
+
+	"github.com/google/uuid"
+)
+
+var cookieSecret = os.Getenv("COOKIE_SECRET")
+
+type User struct {
+	User   string
+	Group  string
+	Groups []string
+}
+
+func (user User) Is(other User) bool {
+	for i := range user.Groups {
+		if i >= len(other.Groups) || user.Groups[i] != other.Groups[i] {
+			return false
+		}
+	}
+	return user.User == other.User &&
+		user.Group == other.Group &&
+		len(user.Groups) == len(other.Groups)
+}
+
+type Cookie struct {
+	Hash  string
+	Salt  string
+	Value string
+}
+
+func (server *Server) authenticate(w http.ResponseWriter, r *http.Request) (*Server, bool, error) {
+	if done, err := server.parseLogin(w, r); err != nil {
+		log.Printf("error parsing login: %v", err)
+		return nil, false, err
+	} else if done {
+		log.Printf("login rendered body")
+		return nil, true, nil
+	}
+
+	if ok, err := needsLogin(r); err != nil {
+		log.Printf("error checking if login needed: %v", err)
+		return nil, false, err
+	} else if ok {
+		log.Printf("needs login")
+		promptLogin(w)
+		return nil, true, nil
+	}
+
+	if done, err := changeNamespace(w, r); err != nil {
+		return nil, false, err
+	} else if done {
+		return nil, true, nil
+	}
+
+	user, _ := loginCookie(r)
+	return server.WithUser(user.User, user.Group, user.Groups), false, nil
+}
+
+func promptLogin(w http.ResponseWriter) {
+	w.Header().Set("WWW-Authenticate", "Basic")
+	w.WriteHeader(http.StatusUnauthorized)
+}
+
+func (server *Server) parseLogin(w http.ResponseWriter, r *http.Request) (bool, error) {
+	username, password, ok := r.BasicAuth()
+	if !ok {
+		return false, nil
+	}
+
+	ok, err := server.auth.Login(username, password)
+	if err != nil {
+		return false, err
+	}
+	if !ok {
+		promptLogin(w)
+		return true, nil
+	}
+
+	groups, err := server.auth.Groups(username)
+	if err != nil {
+		return false, err
+	}
+	if len(groups) == 0 {
+		return false, errors.New("user has no groups")
+	}
+
+	user := User{
+		User:   username,
+		Groups: groups,
+		Group:  groups[0],
+	}
+
+	olduser, _ := loginCookie(r)
+	for i := range groups {
+		if groups[i] == olduser.Group {
+			user.Group = olduser.Group
+		}
+	}
+	log.Printf("%+v => %+v", olduser, user)
+
+	setLoginCookie(w, r, user)
+	return false, nil
+}
+
+func changeNamespace(w http.ResponseWriter, r *http.Request) (bool, error) {
+	want := r.URL.Query().Get("namespace")
+	if want == "" {
+		return false, nil
+	}
+
+	user, ok := loginCookie(r)
+	if !ok {
+		promptLogin(w)
+		return true, nil
+	}
+
+	if user.Group == want {
+		return false, nil
+	}
+	for i := range user.Groups {
+		if want == user.Groups[i] {
+			user.Group = want
+			setLoginCookie(w, r, user)
+			return false, nil
+		}
+	}
+	return false, nil
+}
+
+func needsLogin(r *http.Request) (bool, error) {
+	user, ok := loginCookie(r)
+	if !ok {
+		return true, nil
+	}
+	for i := range user.Groups {
+		if user.Group == user.Groups[i] {
+			return false, nil
+		}
+	}
+	return true, nil
+}
+
+func setLoginCookie(w http.ResponseWriter, r *http.Request, user User) {
+	cookie := &http.Cookie{
+		Name:    "login",
+		Value:   encodeUserCookie(user),
+		Expires: time.Now().Add(time.Hour * 24),
+		Path:    "/",
+	}
+	if was, ok := requestLoginCookie(r); !ok || !was.Is(user) {
+		w.Header().Set("Set-Cookie", cookie.String())
+	}
+	log.Printf("setting login cookie: %+v", user)
+	*r = *r.WithContext(context.WithValue(r.Context(), "LOGIN_COOKIE", cookie.Value))
+}
+
+func loginCookie(r *http.Request) (User, bool) {
+	if v := r.Context().Value("LOGIN_COOKIE"); v != nil {
+		log.Printf("login cookie from ctx")
+		return decodeUserCookie(v.(string))
+	}
+	return requestLoginCookie(r)
+}
+
+func requestLoginCookie(r *http.Request) (User, bool) {
+	c, ok := getCookie("login", r)
+	log.Printf("request login cookie: %v, %v", c, ok)
+	if !ok {
+		return User{}, false
+	}
+	return decodeUserCookie(c)
+}
+
+func getCookie(key string, r *http.Request) (string, bool) {
+	var cookie *http.Cookie
+	cookies := r.Cookies()
+	for i := range cookies {
+		if cookies[i].Name == key && (cookies[i].Expires.IsZero() || time.Now().Before(cookies[i].Expires)) {
+			cookie = cookies[i]
+		}
+	}
+	if cookie == nil {
+		return "", false
+	}
+	return cookie.Value, cookie.Expires.IsZero() || time.Now().Before(cookie.Expires)
+}
+
+func decodeUserCookie(raw string) (User, bool) {
+	decoded, ok := decodeCookie(raw)
+	if !ok {
+		return User{}, ok
+	}
+	var user User
+	err := json.Unmarshal([]byte(decoded), &user)
+	return user, err == nil
+}
+
+func encodeUserCookie(user User) string {
+	b, err := json.Marshal(user)
+	if err != nil {
+		panic(err)
+	}
+	return encodeCookie(string(b))
+}
+
+func encodeCookie(s string) string {
+	cookie := Cookie{
+		Salt:  uuid.New().String(),
+		Value: s,
+	}
+	hash := crc32.NewIEEE()
+	hash.Write([]byte(cookieSecret))
+	hash.Write([]byte(cookie.Salt))
+	hash.Write([]byte(cookie.Value))
+	cookie.Hash = base64.StdEncoding.EncodeToString(hash.Sum(nil))
+	b, err := json.Marshal(cookie)
+	if err != nil {
+		panic(err)
+	}
+	return base64.StdEncoding.EncodeToString(b)
+}
+
+func decodeCookie(s string) (string, bool) {
+	b, err := base64.StdEncoding.DecodeString(s)
+	if err != nil {
+		return "", false
+	}
+	var cookie Cookie
+	if err := json.Unmarshal(b, &cookie); err != nil {
+		return "", false
+	}
+	hash := crc32.NewIEEE()
+	hash.Write([]byte(cookieSecret))
+	hash.Write([]byte(cookie.Salt))
+	hash.Write([]byte(cookie.Value))
+	if got := base64.StdEncoding.EncodeToString(hash.Sum(nil)); cookie.Hash != got {
+		return "", false
+	}
+	return cookie.Value, true
+}

server/authenticate_test.go

@@ -0,0 +1,361 @@
+package main
+
+import (
+	"fmt"
+	"net/http"
+	"net/http/httptest"
+	"path"
+	"testing"
+	"time"
+
+	"github.com/google/uuid"
+)
+
+func TestEncodeDecodeCookie(t *testing.T) {
+	newTestServer(t)
+
+	for i := 0; i < 5; i++ {
+		value := uuid.New().String()
+		encoded := encodeCookie(value)
+		for j := 0; j < 5; j++ {
+			decoded, ok := decodeCookie(encoded)
+			if !ok || decoded != value {
+				t.Errorf("value=%s, encoded=%s, decoded=%s", value, encoded, decoded)
+			}
+		}
+	}
+}
+
+func TestEncodeDecodeUserCookie(t *testing.T) {
+	newTestServer(t)
+
+	user := User{
+		User:   "abc",
+		Groups: []string{"def", "ghi"},
+	}
+	encoded := encodeUserCookie(user)
+	decoded, ok := decodeUserCookie(encoded)
+	if !ok {
+		t.Fatal(ok)
+	}
+	if fmt.Sprint(user) != fmt.Sprint(decoded) {
+		t.Fatal(user, decoded)
+	}
+}
+
+func TestGetCookie(t *testing.T) {
+	r := httptest.NewRequest(http.MethodGet, "/", nil)
+	r.AddCookie(&http.Cookie{
+		Name:    "abc",
+		Value:   "def",
+		Expires: time.Now().Add(time.Hour),
+	})
+	got, _ := getCookie("abc", r)
+	if got != "def" {
+		t.Fatal(r.Cookies(), got)
+	}
+}
+
+func TestGetSetLoginCookie(t *testing.T) {
+	w := httptest.NewRecorder()
+	r := httptest.NewRequest(http.MethodGet, "/", nil)
+	user := User{User: "a", Groups: []string{"g"}}
+
+	setLoginCookie(w, r, user)
+	if w.Header().Get("Set-Cookie") == "" {
+		t.Error(w.Header())
+	}
+
+	got, ok := loginCookie(r)
+	if !ok {
+		t.Error(ok)
+	}
+	if fmt.Sprint(user) != fmt.Sprint(got) {
+		t.Error(user, got)
+	}
+}
+
+func TestChangeNamespace(t *testing.T) {
+	newTestServer(t)
+	user := User{
+		User:   "user",
+		Groups: []string{"group", "othergroup"},
+		Group:  "group",
+	}
+
+	t.Run("noop", func(t *testing.T) {
+		r := httptest.NewRequest(http.MethodGet, "/", nil)
+		w := httptest.NewRecorder()
+		done, err := changeNamespace(w, r)
+		if err != nil {
+			t.Error(err)
+		}
+		if done {
+			t.Error(done)
+		}
+	})
+
+	t.Run("change to ``", func(t *testing.T) {
+		r := httptest.NewRequest(http.MethodGet, "/?namespace=", nil)
+		w := httptest.NewRecorder()
+		done, err := changeNamespace(w, r)
+		if err != nil {
+			t.Error(err)
+		}
+		if done {
+			t.Error(done)
+		}
+	})
+
+	t.Run("change to bad", func(t *testing.T) {
+		r := httptest.NewRequest(http.MethodGet, "/?namespace=never", nil)
+		w := httptest.NewRecorder()
+		setLoginCookie(w, r, user)
+		done, err := changeNamespace(w, r)
+		if err != nil {
+			t.Error(err)
+		}
+		if done {
+			t.Error(done)
+		}
+		user, ok := loginCookie(r)
+		if !ok {
+			t.Error(ok)
+		}
+		if user.Group == "never" {
+			t.Error("change namespace acknowledged bad change")
+		}
+	})
+
+	t.Run("change without login", func(t *testing.T) {
+		r := httptest.NewRequest(http.MethodGet, "/?namespace="+user.Group, nil)
+		w := httptest.NewRecorder()
+		done, err := changeNamespace(w, r)
+		if err != nil {
+			t.Error(err)
+		}
+		if !done {
+			t.Error(done)
+		}
+	})
+
+	t.Run("change to same", func(t *testing.T) {
+		r := httptest.NewRequest(http.MethodGet, "/?namespace="+user.Group, nil)
+		w := httptest.NewRecorder()
+		setLoginCookie(w, r, user)
+		done, err := changeNamespace(w, r)
+		if err != nil {
+			t.Error(err)
+		}
+		if done {
+			t.Error(done)
+		}
+	})
+
+	t.Run("change to ok", func(t *testing.T) {
+		r := httptest.NewRequest(http.MethodGet, "/?namespace="+user.Groups[1], nil)
+		w := httptest.NewRecorder()
+		setLoginCookie(w, r, user)
+		done, err := changeNamespace(w, r)
+		if err != nil {
+			t.Error(err)
+		}
+		if done {
+			t.Error(done)
+		}
+		user, ok := loginCookie(r)
+		if !ok {
+			t.Error(ok)
+		}
+		if user.Group != user.Groups[1] {
+			t.Error(user.Group)
+		}
+		if w.Header().Get("Set-Cookie") == "" {
+			t.Error(w.Header())
+		}
+	})
+}
+
+func TestNeedsLogin(t *testing.T) {
+	w := httptest.NewRecorder()
+	user := User{User: "user", Groups: []string{"group0", "group1"}, Group: "group0"}
+
+	t.Run("no login provided", func(t *testing.T) {
+		r := httptest.NewRequest(http.MethodGet, "/", nil)
+		if ok, err := needsLogin(r); err != nil {
+			t.Fatal(err)
+		} else if !ok {
+			t.Fatal(ok)
+		}
+	})
+
+	t.Run("no namespace provided", func(t *testing.T) {
+		r := httptest.NewRequest(http.MethodGet, "/", nil)
+		u2 := user
+		u2.Group = ""
+		setLoginCookie(w, r, u2)
+		if ok, err := needsLogin(r); err != nil {
+			t.Fatal(err)
+		} else if !ok {
+			t.Fatal(ok)
+		}
+	})
+
+	t.Run("cookie tampered", func(t *testing.T) {
+		r := httptest.NewRequest(http.MethodGet, "/", nil)
+		setLoginCookie(w, r, user)
+		cookieSecret += "modified"
+		if ok, err := needsLogin(r); err != nil {
+			t.Fatal(err)
+		} else if !ok {
+			t.Fatal(ok)
+		}
+	})
+
+	t.Run("bad namespace", func(t *testing.T) {
+		r := httptest.NewRequest(http.MethodGet, "/", nil)
+		u2 := user
+		u2.Group = "teehee"
+		setLoginCookie(w, r, u2)
+		if ok, err := needsLogin(r); err != nil {
+			t.Fatal(err)
+		} else if !ok {
+			t.Fatal(ok)
+		}
+	})
+
+	t.Run("ok", func(t *testing.T) {
+		r := httptest.NewRequest(http.MethodGet, "/", nil)
+		setLoginCookie(w, r, user)
+		if ok, err := needsLogin(r); err != nil {
+			t.Fatal(err)
+		} else if ok {
+			t.Fatal(ok)
+		}
+	})
+}
+
+func TestServerParseLogin(t *testing.T) {
+	server := newTestServer(t)
+
+	t.Run("no basic auth", func(t *testing.T) {
+		w := httptest.NewRecorder()
+		r := httptest.NewRequest(http.MethodGet, "/", nil)
+		if done, err := server.parseLogin(w, r); done || err != nil {
+			t.Fatal(done, err)
+		}
+		if w.Code == http.StatusUnauthorized {
+			t.Error(w.Code)
+		}
+	})
+
+	t.Run("bad basic auth", func(t *testing.T) {
+		w := httptest.NewRecorder()
+		r := httptest.NewRequest(http.MethodGet, "/", nil)
+		r.SetBasicAuth("junk", "junk")
+		if done, err := server.parseLogin(w, r); !done || err != nil {
+			t.Fatal(done, err)
+		}
+		if w.Code != http.StatusUnauthorized {
+			t.Error(w.Code)
+		}
+	})
+
+	t.Run("ok", func(t *testing.T) {
+		w := httptest.NewRecorder()
+		r := httptest.NewRequest(http.MethodGet, "/", nil)
+		r.SetBasicAuth("user", "passw")
+		if done, err := server.parseLogin(w, r); done || err != nil {
+			t.Fatal(done, err)
+		}
+		if w.Code == http.StatusUnauthorized {
+			t.Error(w.Code)
+		}
+		if len(w.Header()["Set-Cookie"]) != 1 {
+			t.Error(w.Header())
+		}
+		if user, ok := loginCookie(r); !ok || user.User != "user" || user.Groups[0] != "group" || user.Groups[1] != "othergroup" {
+			t.Error(user)
+		}
+	})
+}
+
+func TestServerAuthenticate(t *testing.T) {
+	server := newTestServer(t)
+
+	t.Run("ok: already logged in", func(t *testing.T) {
+		r := httptest.NewRequest(http.MethodGet, "/", nil)
+		setLoginCookie(httptest.NewRecorder(), r, User{User: "user", Group: "othergroup", Groups: []string{"group", "othergroup"}})
+		s2, done, err := server.authenticate(nil, r)
+		if err != nil {
+			t.Error(err)
+		}
+		if done {
+			t.Error(done)
+		}
+		if server == s2 {
+			t.Error(done)
+		}
+		if server.user != nil {
+			t.Error(server.user)
+		}
+		if s2.user == nil {
+			t.Error(s2.user)
+		}
+		if s2.user.User != "user" {
+			t.Error(s2.user)
+		}
+		if s2.user.Group != "othergroup" {
+			t.Error(s2.user)
+		}
+		if fmt.Sprint(s2.user.Groups) != fmt.Sprint([]string{"group", "othergroup"}) {
+			t.Error(s2.user)
+		}
+	})
+
+	t.Run("ok: basic auth", func(t *testing.T) {
+		r := httptest.NewRequest(http.MethodGet, "/", nil)
+		w := httptest.NewRecorder()
+		r.SetBasicAuth("user", "passw")
+		s2, done, err := server.authenticate(w, r)
+		if err != nil {
+			t.Error(err)
+		}
+		if done {
+			t.Error(done)
+		}
+		if server == s2 {
+			t.Error(done)
+		}
+		if server.user != nil {
+			t.Error(server.user)
+		}
+		if s2.user == nil {
+			t.Error(s2.user)
+		}
+		if s2.user.User != "user" {
+			t.Error(s2.user)
+		}
+		if s2.user.Group != "group" {
+			t.Error(s2.user)
+		}
+		if fmt.Sprint(s2.user.Groups) != fmt.Sprint([]string{"group", "othergroup"}) {
+			t.Error(s2.user)
+		}
+		if w.Code != http.StatusOK {
+			t.Error(w.Code)
+		}
+		if len(w.Header()["Set-Cookie"]) != 1 {
+			t.Error(w.Header())
+		}
+	})
+}
+
+func newTestServer(t *testing.T) *Server {
+	cookieSecret = uuid.New().String()
+	p := path.Join(t.TempDir(), "auth.yaml")
+	ensureAndWrite(p, []byte(`{"users":{"user":{"password":"passw", "groups":["group", "othergroup"]}}}`))
+	return &Server{
+		auth: NewFileAuth(p),
+	}
+}

server/go.mod

@@ -3,8 +3,8 @@ module ezmded
 go 1.17
 
 require (
+	github.com/gomarkdown/markdown v0.0.0-20220114203417-14399d5448c4
 	github.com/google/uuid v1.3.0
-	go.mongodb.org/mongo-driver v1.7.2
 	gopkg.in/yaml.v2 v2.4.0
 	local/args v0.0.0-00010101000000-000000000000
 	local/gziphttp v0.0.0-00010101000000-000000000000
@@ -12,8 +12,6 @@ require (
 	local/simpleserve v0.0.0-00010101000000-000000000000
 )
 
-require github.com/go-stack/stack v1.8.0 // indirect
-
 replace local/args => ../../../../args
 
 replace local/logb => ../../../../logb

server/go.sum

@@ -18,14 +18,12 @@ github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghf
 github.com/coreos/bbolt v0.0.0-20180318001526-af9db2027c98/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk=
 github.com/cpuguy83/go-md2man v1.0.8/go.mod h1:N6JayAiVKtlHSnuTCeuLSQVs75hb8q+dYQLjr7cDsKY=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/djherbis/times v1.1.0/go.mod h1:CGMZlo255K5r4Yw0b9RRfFQpM2y7uOmxg4jm9HsaVf8=
 github.com/dropbox/dropbox-sdk-go-unofficial v5.4.0+incompatible/go.mod h1:lr+LhMM3F6Y3lW1T9j2U5l7QeuWm87N9+PPXo3yH4qY=
 github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
 github.com/fairlyblank/md2min v0.0.0-20171213131418-39cd6e9904ac/go.mod h1:QAobgT+CwT/SRphqV6Jrz5jt3wkW9Q72QNquEvh6dLk=
 github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
-github.com/go-stack/stack v1.8.0 h1:5SgMzNM5HxrEjV0ww2lTmX6E2Izsfxas4+YHWRs3Lsk=
 github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
 github.com/gobuffalo/attrs v0.0.0-20190224210810-a9411de4debd/go.mod h1:4duuawTqi2wkkpB4ePgWMaai6/Kc6WEz83bhFwpHzj0=
 github.com/gobuffalo/depgen v0.0.0-20190329151759-d478694a28d3/go.mod h1:3STtPUQYuzV0gBVOY3vy6CfMm/ljR4pABfrTeHNLHUY=
@@ -57,8 +55,9 @@ github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5y
 github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
 github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
 github.com/gomarkdown/markdown v0.0.0-20210208175418-bda154fe17d8/go.mod h1:aii0r/K0ZnHv7G0KF7xy1v0A7s2Ljrb5byB7MO5p6TU=
+github.com/gomarkdown/markdown v0.0.0-20220114203417-14399d5448c4 h1:6GlsnS3GQYfrJZTJEUsheoyLE6kLXQJDvQKIKxgL/9Q=
+github.com/gomarkdown/markdown v0.0.0-20220114203417-14399d5448c4/go.mod h1:JDGcbDT52eL4fju3sZ4TeHGsQwhG9nbDV21aMyhwPoA=
 github.com/gomodule/redigo v1.8.5/go.mod h1:P9dn9mFrCBvWhGE1wpxx6fgq7BAeLBk+UUUzlpkBYO0=
-github.com/google/go-cmp v0.5.2 h1:X2ev0eStA3AbceY54o37/0PQ/UWqKEiiO2dKL5OPaFM=
 github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
@@ -113,7 +112,6 @@ github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINE
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/sftp v1.8.3/go.mod h1:NxmoDg/QLVWluQDUYG7XBZTLUpKeFa8e3aMf1BfjyHk=
-github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/rfjakob/eme v0.0.0-20171028163933-2222dbd4ba46/go.mod h1:U2bmx0hDj8EyDdcxmD5t3XHDnBFnyNNc22n1R4008eM=
 github.com/rogpeppe/go-internal v1.1.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
@@ -141,11 +139,9 @@ github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
-github.com/stretchr/testify v1.6.1 h1:hDPOHmpOpP40lSULcqw7IrRb/u7w6RpDC9399XyoNd0=
 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/syndtr/goleveldb v1.0.0/go.mod h1:ZVVdQEZoIme9iO1Ch2Jdy24qqXrMMOU6lpPAyBWyWuQ=
 github.com/t3rm1n4l/go-mega v0.0.0-20190205172012-55a226cf41da/go.mod h1:XWL4vDyd3JKmJx+hZWUVgCNmmhZ2dTBcaNDcxH465s0=
-github.com/tidwall/pretty v1.0.0 h1:HsD+QiTn7sK6flMKIvNmpqz1qrpP3Ps6jOKIKMooyg4=
 github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk=
 github.com/xanzy/ssh-agent v0.2.0/go.mod h1:0NyE30eGUDliuLEHJgYte/zncp2zdTStcOnWhgSqHD8=
 github.com/xdg-go/pbkdf2 v1.0.0/go.mod h1:jrpuAogTd400dnrH08LKmI/xc1MbPOebTwRqcT5RDeI=
@@ -154,7 +150,6 @@ github.com/xdg-go/stringprep v1.0.2/go.mod h1:8F9zXuvzgwmyT5DUm4GUfZGDdT3W+LCvS6
 github.com/youmark/pkcs8 v0.0.0-20181117223130-1be2e3e5546d/go.mod h1:rHwXgn7JulP+udvsHwJoVG1YGAP6VLg4y9I5dyZdqmA=
 github.com/yuin/goldmark v1.3.4-0.20210326114109-75d8cce5b78c/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
 github.com/yunify/qingstor-sdk-go v2.2.15+incompatible/go.mod h1:w6wqLDQ5bBTzxGJ55581UrSwLrsTAsdo9N6yX/8d9RY=
-go.mongodb.org/mongo-driver v1.7.2 h1:pFttQyIiJUHEn50YfZgC9ECjITMT44oiN36uArf/OFg=
 go.mongodb.org/mongo-driver v1.7.2/go.mod h1:Q4oFMbo1+MSNqICAdYMlC/zSTrwCogR4R8NzkI+yfU8=
 golang.org/dl v0.0.0-20190829154251-82a15e2f2ead/go.mod h1:IUMfjQLJQd4UTqG1Z90tenwKoCX93Gn3MAQJMOSBsDQ=
 golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
@@ -211,5 +206,4 @@ gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
 gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
-gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=

server/id.go

@@ -47,5 +47,9 @@ func (id ID) withClean() ID {
 			splits[i] = t
 		}
 	}
-	return ID(path.Join(splits...))
+	clean := path.Join(splits...)
+	if clean == "" || clean == "." {
+		clean = ""
+	}
+	return ID(clean)
 }

server/leaf.go

@@ -0,0 +1,68 @@
+package main
+
+import (
+	"io"
+	"io/ioutil"
+	"net/http"
+	"strconv"
+	"strings"
+)
+
+type Leaf struct {
+	Meta    Meta
+	Content string
+}
+
+type Meta struct {
+	Title    string
+	ReadOnly bool
+	Deleted  bool
+}
+
+func NewHTTPRequestLeaf(r *http.Request) (Leaf, error) {
+	var leaf Leaf
+	if b, err := ioutil.ReadAll(r.Body); err != nil {
+		return leaf, err
+	} else {
+		leaf.Content = string(b)
+	}
+	if leaf.Meta.Title = r.Header.Get("Title"); leaf.Meta.Title == "" {
+		leaf.Meta.Title = "Untitled"
+	}
+	if readOnly := r.Header.Get("Read-Only"); readOnly == "true" {
+		leaf.Meta.ReadOnly = true
+	} else if readOnly == "false" {
+		leaf.Meta.ReadOnly = false
+	}
+	leaf.Meta.Deleted = r.Method == http.MethodDelete
+	return leaf, nil
+}
+
+func NewLeaf(title string, content string) (Leaf, error) {
+	return NewHTTPRequestLeaf(&http.Request{
+		Header: http.Header{
+			"Title": []string{title},
+		},
+		Body: io.NopCloser(strings.NewReader(content)),
+	})
+}
+
+func (leaf Leaf) WriteHTTP(w http.ResponseWriter) error {
+	w.Header().Set("Title", leaf.Meta.Title)
+	w.Header().Set("Read-Only", strconv.FormatBool(leaf.Meta.ReadOnly))
+	_, err := w.Write([]byte(leaf.Content))
+	return err
+}
+
+func (base Leaf) Merge(updated Leaf) Leaf {
+	if updated.Meta.Title != "" {
+		base.Meta.Title = updated.Meta.Title
+	}
+	if base.Meta.Title == "" {
+		base.Meta.Title = "Untitled"
+	}
+	base.Meta.Deleted = updated.Meta.Deleted
+	base.Meta.ReadOnly = updated.Meta.ReadOnly
+	base.Content = updated.Content
+	return base
+}

server/main.go

@@ -1,23 +1,52 @@
 package main
 
 import (
+	"errors"
 	"local/args"
+	"log"
 	"net/http"
+	"os"
+	"path"
 	"strconv"
+	"strings"
 )
 
 func main() {
 	as := args.NewArgSet()
 	as.Append(args.INT, "p", "port to listen on", 3004)
 	as.Append(args.STRING, "d", "root dir with /index.html and /media and /files", "./public")
+	as.Append(args.STRING, "auth", "auth mode [none, path/to/some.yaml, ldap", "none")
 	if err := as.Parse(); err != nil {
 		panic(err)
 	}
-	s := NewServer(as.GetString("d"))
+	auth, err := authFactory(as.GetString("auth"))
+	if err != nil {
+		panic(err)
+	}
+	s := NewServer(as.GetString("d"), auth)
 	if err := s.Routes(); err != nil {
 		panic(err)
 	}
+	log.Printf("listening on %v with %s", as.GetInt("p"), as.GetString("auth"))
 	if err := http.ListenAndServe(":"+strconv.Itoa(as.GetInt("p")), s); err != nil {
 		panic(err)
 	}
 }
+
+func authFactory(key string) (auth, error) {
+	switch path.Base(strings.ToLower(key)) {
+	case "none", "":
+		return nil, nil
+	case "ldap":
+		return nil, errors.New("not impl ldap auth")
+	}
+	stat, err := os.Stat(key)
+	if os.IsNotExist(err) {
+		return nil, errors.New("looks like auth path does not exist")
+	} else if err != nil {
+		return nil, err
+	} else if stat.IsDir() {
+		return nil, errors.New("looks like auth path is a dir")
+	}
+	return NewFileAuth(key), nil
+}

server/public/ui/.index.html

@@ -0,0 +1,456 @@
+<!DOCTYPE html>
+<html>
+	<header>
+		<title>Notes</title>
+	 	<meta charset="utf-8">
+	 	<meta http-equiv="X-UA-Compatible" content="IE=edge">
+	 	<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
+
+		<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/easymde/dist/easymde.min.css">
+		<script src="https://cdn.jsdelivr.net/npm/easymde/dist/easymde.min.js"></script>
+		<script src="https://cdn.jsdelivr.net/highlight.js/latest/highlight.min.js"></script>
+		<link rel="stylesheet" href="https://cdn.jsdelivr.net/highlight.js/latest/styles/github.min.css">
+
+		<link rel="stylesheet" href="https://unpkg.com/turretcss/dist/turretcss.min.css" crossorigin="anonymous">
+		<!-- todo css
+		<link rel="stylesheet" href="https://cdn.concisecss.com/concise.min.css">
+		<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/water.css@2/out/light.css">
+		<link rel="stylesheet" href="https://cdn.simplecss.org/simple.min.css">
+		-->
+
+		<style>
+			html, body {
+				background-color: #f8f8f8;
+			}
+			.EasyMDEContainer button {
+				color: black;
+			}
+			img {
+				max-width: 100%;
+				max-height: 100%;
+			}
+			.filetree {
+				max-width: 15em;
+				width: 15em;
+				min-width: 15em;
+				overflow-x: scroll;
+				white-space: nowrap;
+			}
+			.filesummary {
+				min-width: 10em;
+			}
+			.filedetails {
+				padding-inline-start: 2em;
+			}
+			.filetree > .filedetails,
+			.filetree > .filedetails > .filedetails {
+				padding-inline-start: 0em;
+			}
+			.fileleaf {
+				display: inline-flex;
+				flex-direction: row;
+				width: calc(100% - 1em);
+			}
+			.fileleaf > input {
+				border: none;
+				border-radius: 0;
+				background: none;
+				outline: none;
+			}
+			.fileleaf > input:hover,
+			input.live_leaf {
+				background: #ddd;
+			}
+			.lr_fullscreen {
+				width: 90%;
+				max-width: 1024px;
+				margin-right: auto;
+				margin-left: auto;
+			}
+			.tb_fullscreen {
+				margin-top: 1em;
+			}
+			.columns {
+				display: flex;
+				flex-direction: row;
+			}
+			.rows {
+				width: 100%;
+				display: flex;
+				flex-direction: column;
+			}
+			.thic_flex {
+				text-align: left;
+				flex-grow: 1;
+			}
+			.mia {
+				display: none;
+			}
+			.align_left {
+				text-align: left;
+			}
+			.tb_buffer {
+				margin-top: 1em;
+				margin-bottom: 1em;
+			}
+			.r_buffer {
+				margin-right: 1em;
+			}
+			.l_buffer {
+				margin-left: 1em;
+			}
+			.monospace {
+				font-family: Consolas,Monaco,Lucida Console,Liberation Mono,DejaVu Sans Mono,Bitstream Vera Sans Mono,Courier New, monospace;
+			}
+			.lil_btn {
+				width: initial;
+				display: inline-block;
+			}
+			input, label, textarea {
+				margin: initial;
+			}
+			.editor-toolbar > button.preview {
+				color: #08c;
+			}
+		</style>
+		<script>
+			function init() {
+				drawTree()
+				setInterval(drawTree, 100000)
+				navigateToQueryParams()
+			}
+
+			function navigateToQueryParams() {
+				var queryF = getParameterByName("f")
+				var queryQ = getParameterByName("q")
+				console.log("init query f:", queryF, "q:", queryQ)
+				if (queryF && queryF.length > 0) {
+					drawFile(queryF)
+				} else if (queryQ && queryQ.length > 0) {
+					searchFilesFor(queryQ)
+				}
+			}
+
+			function getParameterByName(name, url = window.location.href) {
+				name = name.replace(/[\[\]]/g, '\\$&');
+				var regex = new RegExp('[?&]' + name + '(=([^&#]*)|&|#|$)'),
+					results = regex.exec(url);
+				if (!results) return null;
+				if (!results[2]) return '';
+				return decodeURIComponent(results[2].replace(/\+/g, ' '));
+			}
+
+			function deleteFile() {
+				if (!confirm("would you like to delete this file?"))
+					return
+				const id = easyMDE.meta.id
+				if (!id || id.length == 0)
+					return
+				http("DELETE", "/api/v0/files/" + id, (body, status) => {
+					if (status != 200) {
+						alert(`failed to delete file ${id}: ${status}: ${body}`)
+						throw `failed to delete file ${id}: ${status}: ${body}`
+					}
+					drawTree()
+					var pid = id.slice(0, id.lastIndexOf("/"))
+					if (pid) {
+						drawFile(pid)
+					} else {
+						disableMDE()
+					}
+				})
+			}
+
+			function searchFiles() {
+				const q = document.getElementById("searchbox").value
+				searchFilesFor(q)
+			}
+
+			function searchFilesFor(q) {
+				http("GET", "/api/v0/search?q=" + q, (body, status) => {
+					var results = JSON.parse(body)
+					console.log(q, results)
+					results.sort()
+					var innerHTML = "<ul>"
+					for (var result in results)
+						innerHTML += `<li><input class="align_left" type="button" onclick="drawFile('${results[result]}');" value="${idsToFullTitle(results[result].split("/"))}"</li>`
+					innerHTML += "</ul>"
+					if (!results || results.length == 0)
+						innerHTML = "no results"
+					disableMDE()
+					navigateToQuery("q", q)
+					document.getElementById("searchResults").innerHTML = innerHTML
+				})
+			}
+
+			var saveFeedbackInterval = null
+			function pushFile() {
+				const title = document.getElementById("title").innerHTML ? document.getElementById("title").innerHTML : ""
+				const body = easyMDE.value() ? easyMDE.value() : ""
+				const id = easyMDE.meta.id ? easyMDE.meta.id : ""
+				headers = {}
+				if (title)
+					headers["Title"] = title
+				http("PUT", "/api/v0/files/" + id, (body, status) => {
+					if (status != 200) {
+						alert(`failed to push file ${id}: ${status}: ${body}`)
+						throw `failed to push file ${id}: ${status}: ${body}`
+					}
+					drawTree()
+					//drawFile(id)
+					document.getElementById("saveFeedback").innerHTML = "success!"
+					if (saveFeedbackInterval) {
+						clearTimeout(saveFeedbackInterval)
+					}
+					saveFeedbackInterval = setTimeout(() => {document.getElementById("saveFeedback").innerHTML = ""}, 5000)
+				}, body, headers)
+			}
+
+			function drawFile(id) {
+				if (!id || id.length < 1) {
+					return
+				}
+				http("GET", "/api/v0/files/"+id, (body, status, headers) => {
+					if (status != 200) {
+						throw `ERR loading file: ${status}: ${body}`
+					}
+					const title = headers("title") ? headers("title") : ""
+					setMDE(id, title, body)
+				})
+			}
+
+			function drawNewFile(pid) {
+				setMDE(pid + "/" + crypto.randomUUID().substr(0, 5), "", "")
+				if (easyMDE.isPreviewActive()) {
+					easyMDE.togglePreview()
+				}
+			}
+
+			function enableMDE() {
+				document.getElementById("searchResults").className = "mia";
+				document.getElementById("article").className = "";
+			}
+
+			function disableMDE() {
+				document.getElementById("article").className = "mia";
+				document.getElementById("searchResults").className = "";
+			}
+
+			var liveLeafTimeout = null
+
+			function setMDE(id, title, body) {
+				if (id[0] == "/")
+					id = id.slice(1, id.length)
+				if (id[id.length-1] == "/")
+					id = id.slice(0, id.length-1)
+				var pids = id.split("/")
+				pids = pids.slice(0, pids.length-1)
+
+				var titlePath = "/"
+				for (var i = 0; i < pids.length; i++) {
+					const fullPid = pids.slice(0, i+1)
+					titlePath = `/ <input type="button" class="lil_btn" value="${idsToTitle(fullPid)}" onclick="drawFile('${fullPid.join("/")}');"/> /`
+				}
+				if (pids.length > 1) {
+					titlePath = "/ ... "+titlePath
+				}
+
+				enableMDE()
+				document.getElementById("titlePath").innerHTML = titlePath
+				document.getElementById("title").innerHTML = title
+				easyMDE.value(body)
+				easyMDE.meta = {
+					id: id,
+				}
+				if (!easyMDE.isPreviewActive()) {
+					easyMDE.togglePreview()
+					var previews = document.getElementsByClassName("preview")
+				}
+				const previouslyHighlighted = document.getElementsByClassName("live_leaf")
+				for (var i in previouslyHighlighted)
+					if (previouslyHighlighted && previouslyHighlighted[i] && previouslyHighlighted[i].classList)
+						previouslyHighlighted[i].classList.remove("live_leaf")
+				if (liveLeafTimeout)
+					clearTimeout(liveLeafTimeout)
+				liveLeafTimeout = setTimeout(() => {
+					const toHighlight = document.getElementsByClassName(btoa("/"+id))
+					for (var i = 0; i < toHighlight.length; i++) {
+						if (toHighlight && toHighlight[i] && toHighlight[i].classList)
+							toHighlight[i].classList.add("live_leaf")
+					}
+				}, 100)
+				navigateToQuery("f", id)
+			}
+
+			var lastNavigateToQuery = new Date()
+
+			function navigateToQuery(k, v) {
+				if (new Date() - lastNavigateToQuery < .1)
+					return
+				lastNavigateToQuery = new Date()
+				const url = new URL(window.location)
+				url.searchParams.set(k, v)
+				var hash = "#?"
+				const it = url.searchParams.entries()
+				let result = it.next()
+				while (!result.done) {
+					hash = hash + result.value[0] + "=" + result.value[1] + "&"
+					result = it.next()
+				}
+				window.location.hash = hash
+			}
+
+			var lastTree = {}
+
+			function idsToTitle(original_ids) {
+				const fullTitle = idsToFullTitle(original_ids)
+				return fullTitle.slice(fullTitle.lastIndexOf("/")+1, fullTitle.length)
+			}
+
+			function idsToFullTitle(original_ids) {
+				var ids = original_ids.slice(0, original_ids.length)
+				var subtree = lastTree
+				var fullTitle = ""
+				while (ids && ids.length > 0) {
+					if (!subtree || !subtree["Branches"] || !subtree["Branches"][ids[0]])
+						break
+					subtree = subtree["Branches"][ids[0]]
+					if (subtree && subtree.Leaf && subtree.Leaf.Title)
+						fullTitle += "/" + subtree.Leaf.Title
+					ids = ids.slice(1, ids.length)
+					if (ids.length == 0) {
+						return fullTitle.slice(1, fullTitle.length)
+					}
+				}
+				return ids[ids.length-1]
+			}
+
+			function drawTree() {
+				function htmlifyBranch(id, branch) {
+					const maxTreeTitleLength = 35
+					var parent = `
+						<input class="thic_flex ${btoa(id)}" type="button" value="${branch.Leaf.Title.substr(0, maxTreeTitleLength)}" onclick="drawFile('${id}');"/>
+						<input type="button" class="lil_btn" value="+" onclick="drawNewFile('${id}');"/>
+					`
+					if (id == "") {
+						parent = `
+							<span class="thic_flex"></span>
+							<input type="button" value="+" onclick="drawNewFile('${id}');"/>
+						`
+					}
+					var children = []
+					for (var child in branch.Branches)
+						children.push({title: branch.Branches[child].Leaf.Title, content: htmlifyBranch(id + "/" + child, branch.Branches[child])})
+					children = children.map((e) => `<!--${e.title}-->${e.content}`)
+					children.sort();
+					children = children.join("\n")
+					return `
+						<details class="filedetails" open>
+							<summary class="filesummary">
+								<div class="fileleaf">${parent}</div>
+							</summary>
+							${children}
+						</details>
+					`
+				}
+				http("GET", "/api/v0/tree", (body, status) => {
+					if (status != 200)
+						throw `bad status getting tree: ${status}: ${body}`
+					lastTree = JSON.parse(body)
+					document.getElementById("tree").innerHTML = htmlifyBranch("", lastTree)
+				})
+			}
+
+			function http(method, remote, callback, body, headers) {
+				var xmlhttp = new XMLHttpRequest();
+				xmlhttp.onreadystatechange = function() {
+					if (xmlhttp.readyState == XMLHttpRequest.DONE) {
+						callback(xmlhttp.responseText, xmlhttp.status, (key) => xmlhttp.getResponseHeader(key))
+					}
+				};
+				xmlhttp.open(method, remote, true);
+				if (typeof body == "undefined") {
+					body = null
+				}
+				if (headers) {
+					for (var key in headers)
+						xmlhttp.setRequestHeader(key, headers[key])
+				}
+				xmlhttp.send(body);
+			}
+		</script>
+	</header>
+	<body class="lr_fullscreen tb_fullscreen" onload="init(); return false;">
+		<br>
+		<div class="rows">
+			<form class="columns" action="return false;">
+				<input class="thic_flex" type="text" id="searchbox" placeholder="search regexp"/>
+				<input class="info lil_btn" type="submit" value="search" onclick="searchFiles(); return false;"/>
+			</form>
+			<div class="columns thic_flex tb_buffer">
+				<div id="tree" class="filetree"></div>
+				<div class="thic_flex lr_fullscreen" style="margin-left: 1em; width: 5px;">
+					<article id="searchResults" class="mia">
+					</article>
+					<article id="article" class="mia">
+						<div>
+							<h1 class="columns">
+								<span class="r_buffer">
+									<input class="button-info lil_btn" type="submit" value="SAVE" onclick="pushFile(); return false;"/>
+								</span>
+								<span id="titlePath">
+								</span>
+								<span id="title" class="thic_flex" contenteditable></span>
+								<span class="l_buffer">
+									<input class="button-error lil_btn" type="submit" value="DELETE" onclick="deleteFile(); return false;"/>
+								</span>
+							</h1>
+						</div>
+						<div id="saveFeedback" style="min-height: 1.2em; text-align: right;">
+						</div>
+						<!-- todo: each line no is an anchor -->
+						<div class="monospace">
+							<textarea id="my-text-area"></textarea>
+						</font>
+					</article>
+				</div>
+			</div>
+		</div>
+	</body>
+	<footer>
+		<script>
+			const easyMDE = new EasyMDE({
+				autoDownloadFontAwesome: true,
+				autofocus: true,
+				autosave: {
+					enabled: false,
+				},
+				element: document.getElementById('my-text-area'),
+				forceSync: true,
+				indentWithTabs: false,
+				initialValue: "# initial\nvalue",
+				showIcons: ["code", "table"],
+				spellChecker: false,
+				sideBySideFullscreen: false,
+				tabSize: 3,
+				previewImagesInEditor: true,
+				insertTexts: {
+					image: ["![](", ")"],
+					link: ["[](", ")"],
+				},
+				lineNumbers: true,
+				lineWrapping: false,
+				uploadImage: true,
+				imageUploadEndpoint: "/api/v0/media", // POST wants {data: {filePath: "/..."}}
+				imagePathAbsolute: false,
+				renderingConfig: {
+					codeSyntaxHighlighting: true,
+				},
+			})
+			function logValue() {
+				console.log(easyMDE.value())
+			}
+			logValue()
+		</script>
+	</footer>
+</html>

server/public/ui/files.ctmpl

@@ -3,15 +3,23 @@
 <html>
 	<header>
 		<title>{{ .This.Title }}</title>
-      {{ template "_import" }}
+		{{ template "_import" }}
 	</header>
 	<body class="fullscreen tb_fullscreen lr_fullscreen" style="position: absolute">
 		<div class="rows" style="height: inherit;">
-         {{ template "_searchbar" }}
+			{{ template "_topbar" . }}
 			<div class="columns thic_flex tb_buffer" style="height: calc(100% - 4rem);">
-            {{ template "_filetree" . }}
+				{{ template "_filetree" . }}
 				<div class="thic_flex lr_fullscreen" style="margin-left: 1em; width: 5px;">
-               {{ template "_editor" . }}
+					{{ if eq .This.ID "" }}
+						{{ template "_about" . }}
+					{{ else }}
+						{{ if .This.ReadOnly }}
+							{{ template "_readonly" . }}
+						{{ else }}
+							{{ template "_editor" . }}
+						{{ end }}
+					{{ end }}
 				</div>
 			</div>
 		</div>

server/public/ui/render.go

@@ -36,19 +36,21 @@ func main() {
 		return oneT
 	}
 	data := map[string]interface{}{
+		"Namespaces": []string{"datastore", "dp-orchestration"},
 		"This": map[string]interface{}{
-			"ID":     "id00/id11",
-			"Title":  "title id11",
-			"PID":    "id00",
-			"PTitle": "title id00",
+			"ID":       "id00/id11",
+			"Title":    "title id11",
+			"ReadOnly": false,
+			"PID":      "id00",
+			"PTitle":   "title id00",
 			"Content": `# hello
 
 ## world
 
-| this | is | my | table |
-| ---- | ---| ---| ----- |
-| hey |
-| ya | hey | ya |
+| this | is  | my  | table |
+| ---- | --- | --- | ----- |
+| hey  | ya  | hey | ya    |
+| a    | b   | c   | d     |
 
 * and
 	* a bulleted
@@ -93,25 +95,25 @@ newlines
 			{Title: "title id00 / title id10 / title id20", ID: "id00/id10/id20"},
 		},
 		"Tree": `{
-			"Leaf": {"Title": ""},
+			"Leaf": {"Meta":{"Title": "","ReadOnly":false}},
 			"Branches": {
 				"id00": {
-					"Leaf": {"Title": "title id00"},
+					"Leaf": {"Meta":{"Title": "title id00","ReadOnly":false}},
 					"Branches": {
-						"id10": {"Leaf":{"Title":"title id10"},"Branches":{
-							"id20": {"Leaf":{"Title":"title id20"},"Branches":{}}
+						"id10": {"Leaf":{"Meta":{"Title":"title id10","ReadOnly":false}},"Branches":{
+							"id20": {"Leaf":{"Meta":{"Title":"title id20","ReadOnly":false}},"Branches":{}}
 						}},
-						"id11": {"Leaf":{"Title":"title id11"},"Branches":{}}
+						"id11": {"Leaf":{"Meta":{"Title":"title id11","ReadOnly":false}},"Branches":{}}
 					}
 				},
-				"id01": {"Leaf":{"Title":"title id01"},"Branches":{}},
-				"id02": {"Leaf":{"Title":"title id02"},"Branches":{}},
-				"id03": {"Leaf":{"Title":"title id03"},"Branches":{}},
-				"id04": {"Leaf":{"Title":"title id04"},"Branches":{}},
-				"id04": {"Leaf":{"Title":"title id04"},"Branches":{}},
-				"id05": {"Leaf":{"Title":"title id05"},"Branches":{}},
-				"id06": {"Leaf":{"Title":"title id06"},"Branches":{}},
-				"id07": {"Leaf":{"Title":"title id07 but it's really really really long"},"Branches":{}}
+				"id01": {"Leaf":{"Meta":{"Title":"title id01","ReadOnly":false}},"Branches":{}},
+				"id02": {"Leaf":{"Meta":{"Title":"title id02","ReadOnly":false}},"Branches":{}},
+				"id03": {"Leaf":{"Meta":{"Title":"title id03","ReadOnly":false}},"Branches":{}},
+				"id04": {"Leaf":{"Meta":{"Title":"title id04","ReadOnly":false}},"Branches":{}},
+				"id04": {"Leaf":{"Meta":{"Title":"title id04","ReadOnly":false}},"Branches":{}},
+				"id05": {"Leaf":{"Meta":{"Title":"title id05","ReadOnly":false}},"Branches":{}},
+				"id06": {"Leaf":{"Meta":{"Title":"title id06","ReadOnly":false}},"Branches":{}},
+				"id07": {"Leaf":{"Meta":{"Title":"title id07 but it's really really really long","ReadOnly":false}},"Branches":{}}
 			}
 		}`,
 	}

server/public/ui/search.ctmpl

@@ -2,12 +2,12 @@
 <!DOCTYPE html>
 <html>
 	<header>
-		<title>{{ .This.Title }}</title>
+		<title>Search</title>
       {{ template "_import" }}
 	</header>
 	<body class="fullscreen tb_fullscreen lr_fullscreen" style="position: absolute">
 		<div class="rows" style="height: inherit;">
-         {{ template "_searchbar" }}
+			{{ template "_topbar" . }}
 			<div class="columns thic_flex tb_buffer" style="height: calc(100% - 4rem);">
             {{ template "_filetree" . }}
 				<div class="thic_flex lr_fullscreen" style="margin-left: 1em; width: 5px;">

server/public/ui/templates/_about.ctmpl

@@ -0,0 +1,57 @@
+{{ define "_about" }}
+<div class="fullscreen tb_fullscreen">
+	<h1>Welcome!</h1>
+
+	<h2>TLDR; how do I write something?</h2>
+	<div>
+		<ol>
+			<li>Click a `+` button somewhere in the tree on the left</li>
+			<li>Hit "save"</li>
+			<li>You'll see "Success!" in green at the bottom on save</li>
+		</ol>
+	</div>
+
+	<h2>What is this?</h2>
+	<div>
+		This is a one-stop shop for reading, searching, and optionally writing docs.
+	</div>
+
+	<h2>Why would I use it? (It looks a little... "janky", no offense)</h2>
+	<div>
+		<ul>
+			<li>Load your Gitlab, Gitlab Wikis, Google Docs, Google Spreadsheets, and Google Slides and enjoy that search bar above.</li>
+			<li>No version control BUT very fast to edit and hit "save"</li>
+			<li>Automagically updates, so throw a link to your docs here and continue using Gitlab/Google/etc. as you were</li>
+			<li>Link to a Gitlab repo/path/wiki and automagically get the entire tree</li>
+		</ul>
+	</div>
+
+	<h2>What's this about magic?</h2>
+	<div>
+		<ul>
+			<li>Create a file that just contains "https://gitlab.com/my/repo/-/tree/master/README.md" or "https://docs.google.com/docs/my-doc/edit", wait some time, and now it's an updating version of that doc</li>
+			<li>Create a file that just contains "https://gitlab.com/my/repo/-/tree/master/runbooks", wait some time, and now it's an updating version of all those docs</li>
+		</ul>
+
+		<h3>Butt how do I use it?</h3>
+		<div>
+			<ol>
+				<li>Make or edit a file</li>
+				<li>The first line is a link to Gitlab or Google</li>
+				<li>Save</li>
+				<li>Wait</li>
+			</ol>
+		</div>
+	</div>
+
+	<h2>I got a bone to pick with you!!! Who are you exactly?</h2>
+	<div>
+		<table>
+			<tr><td> Slack User </td><td> @breel </td></tr>
+			<tr><td> Email </td><td> breel@qualtrics.com </td></tr>
+			<tr><td> Slack Channel </td><td> #storage-platform </td></tr>
+			<tr><td> Gitlab </td><td> TODO </td></tr>
+		</table>
+	</div>
+</div>
+{{ end }}

server/public/ui/templates/_editor.ctmpl

@@ -5,10 +5,15 @@
 	#easyMDEwrap {
 		flex-grow: 1;
 	}
+	.CodeMirror {
+		min-height: 7em;
+	}
 	.CodeMirror-scroll, .CodeMirror-sizer {
-		min-height: 10px !important;
 		height: auto !important;
 	}
+	.CodeMirror-sizer {
+		min-height: 10rem !important;
+	}
 	#article {
 		display: flex;
 		flex-direction: column;

server/public/ui/templates/_filetree.ctmpl

@@ -43,21 +43,25 @@
 		`
 	}
 	function leafHTML(id, branch) {
-		const href="/ui/files/" + (id ? id : "#")
+		const href="/ui/files/" + (id ? id : "")
 		var nameSafeId = id.replace(/\//g, "-")
 		var parentNameSafeId = nameSafeId
 		if (id.includes("/"))
 			parentNameSafeId = id.slice(0, id.lastIndexOf("/")).replace(/\//g, "-")
 		const name=`filetree-leaf-${nameSafeId}`
 		const parentname=`filetree-leaf-${parentNameSafeId}`
-		const title=id ? branch.Leaf.Title : "ROOT"
+		const title=id ? branch.Leaf.Meta.Title : "ROOT"
 		const isLiveParent = '{{ .This.ID }}'.slice(0, id.length) == id
 		const isLive = '{{ .This.ID }}' == id
-		return `
+		const linkToFile = `
 			<div style="margin: 0; padding: 0; height: 0; width: 0;" id="${name}"></div>
-			<a style="flex-grow: 1;" href="${href}#${parentname}"><button style="width: 100%; text-align: left; outline: none;" class="${isLiveParent ? `button button-info ${!isLive ? "button-border" : ""}` : ""}">${title}</button></a>
-			<a href="${href}/${generateUUID().split("-")[0]}#${parentname}"><button>+</button></a>
+			<a style="flex-grow: 1;" href="${href}#${parentname}">
+				<button style="width: 100%; text-align: left; outline: none;" class="${isLiveParent ? `button button-info ${!isLive ? "button-border" : ""}` : ""}">
+					${title}
+				</button>
+			</a>
 		`
+		return linkToFile + (branch.Leaf.Meta.ReadOnly ? "" : `<a href="${href}/${generateUUID().split("-")[0]}#${parentname}"><button>+</button></a>`)
 	}
 	function branchesHTML(id, branches) {
 		if (!branchesHaveContent(branches))
@@ -65,7 +69,7 @@
 		var html = []
 		var out = ``
 		for(var i in branches) {
-			html.push([branches[i].Leaf.Title, `<details open>` + branchHTML(i, branches[i]) + `</details>`])
+			html.push([branches[i].Leaf.Meta.Title, `<details open>` + branchHTML(i, branches[i]) + `</details>`])
 		}
 		html.sort()
 		for(var i in html)

server/public/ui/templates/_namespace.ctmpl

@@ -0,0 +1,16 @@
+{{ define "_namespace" }}
+	<script>
+		function setNamespace() {
+			document.getElementById("namespace").disabled = true
+			window.location.href = `${window.location.protocol}`+"//"+`${window.location.host}/ui/files?namespace=${document.getElementById("namespace").value}`
+		}
+	</script>
+	{{ $cur := .Namespace }}
+	{{ if .Namespaces }}
+		<select id="namespace" onload="markNamespace()" onchange="setNamespace()" style="max-width: 7rem;">
+			{{ range .Namespaces }}
+				<option {{ if eq $cur . }}selected{{ end }}>{{ . }}</option>
+			{{ end }}
+		</select>
+	{{ end }}
+{{ end }}

server/public/ui/templates/_readonly.ctmpl

@@ -0,0 +1,9 @@
+{{ define "_readonly" }}
+<div class="fullscreen tb_fullscreen">
+	<a href="/ui/files/{{ .This.ID }}?edit"><button>Edit this page</button></a>
+	<article id="article"></article>
+	<script>
+		document.getElementById("article").innerHTML = {{ .This.Content }}
+	</script>
+</div>
+{{ end }}

server/public/ui/templates/_searchbar.ctmpl

@@ -1,5 +1,5 @@
 {{ define "_searchbar" }}
-<form class="columns" action="/ui/search" method="GET">
+<form class="columns thic_flex" action="/ui/search" method="GET">
 	<input class="thic_flex" type="text" name="q" placeholder="space delimited search regexp"/>
 	<input class="info lil_btn" type="submit" value="search"/>
 </form>

server/public/ui/templates/_topbar.ctmpl

@@ -0,0 +1,6 @@
+{{ define "_topbar" }}
+			<div class="columns lr_fullscreen">
+				{{ template "_namespace" . }}
+				{{ template "_searchbar" . }}
+			</div>
+{{ end }}

server/server.go

@@ -1,6 +1,7 @@
 package main
 
 import (
+	"bytes"
 	"encoding/json"
 	"errors"
 	"fmt"
@@ -17,22 +18,39 @@ import (
 	"regexp"
 	"strings"
 
+	"github.com/gomarkdown/markdown"
+	"github.com/gomarkdown/markdown/html"
+	"github.com/gomarkdown/markdown/parser"
+
 	"github.com/google/uuid"
 )
 
 type Server struct {
 	router *router.Router
 	root   string
+	auth   auth
+	user   *User
 }
 
-func NewServer(root string) *Server {
+func NewServer(root string, auth auth) *Server {
 	return &Server{
-		router: router.New(),
-		root:   root,
+		root: root,
+		auth: auth,
 	}
 }
 
+func (server *Server) WithUser(user, group string, groups []string) *Server {
+	s2 := *server
+	s2.user = &User{
+		User:   user,
+		Group:  group,
+		Groups: groups,
+	}
+	return &s2
+}
+
 func (server *Server) Routes() error {
+	server.router = router.New()
 	wildcard := func(s string) string {
 		return strings.TrimSuffix(s, "/") + "/" + router.Wildcard
 	}
@@ -51,7 +69,6 @@ func (server *Server) Routes() error {
 		"/ui/search":               server.uiSearchHandler,
 		wildcards("/ui/files"):     server.uiFilesHandler,
 	} {
-		log.Printf("listening for %s", path)
 		if err := server.router.Add(path, server.tryCatchHttpHandler(handler)); err != nil {
 			return err
 		}
@@ -60,6 +77,22 @@ func (server *Server) Routes() error {
 }
 
 func (server *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
+	if server.auth != nil {
+		s2, done, err := server.authenticate(w, r)
+		if err != nil {
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+		if done {
+			return
+		}
+		if s2 != nil {
+			server = s2
+		}
+	}
+	if err := server.Routes(); err != nil {
+		http.Error(w, err.Error(), http.StatusInternalServerError)
+	}
 	server.router.ServeHTTP(w, r)
 }
 
@@ -230,16 +263,22 @@ func (server *Server) uiSearchHandler(w http.ResponseWriter, r *http.Request) er
 		return err
 	}
 	return t.Lookup("search").Execute(w, map[string]interface{}{
-		"Results": data,
-		"Tree":    string(branchesJSON),
+		"Results":    data,
+		"Tree":       string(branchesJSON),
+		"Namespaces": server.getUser().Groups,
+		"Namespace":  server.getUser().Group,
 	})
 }
 
+func (server *Server) getUser() User {
+	if server.user != nil {
+		return *server.user
+	}
+	return User{}
+}
+
 func (server *Server) uiFilesHandler(w http.ResponseWriter, r *http.Request) error {
 	id := NewID(strings.TrimPrefix(r.URL.Path, "/ui/files"))
-	if id == "" {
-		return server.rootHandler(w, r)
-	}
 	t, err := server.uiSubTemplates()
 	if err != nil {
 		return err
@@ -258,25 +297,38 @@ func (server *Server) uiFilesHandler(w http.ResponseWriter, r *http.Request) err
 		return err
 	}
 	var parent Leaf
-	if id.Pop() != "" {
-		parent, err = tree.Get(id.Pop())
+	var leaf Leaf
+	if id != "" {
+		if id.Pop() != "" {
+			parent, err = tree.Get(id.Pop())
+			if err != nil {
+				return fmt.Errorf("failed to get pid %q: %v", id.Pop(), err)
+			}
+		}
+		leaf, err = tree.Get(id)
 		if err != nil {
-			return fmt.Errorf("failed to get pid %q: %v", id.Pop(), err)
+			leaf.Meta.Title = "My New File"
 		}
 	}
-	leaf, err := tree.Get(id)
-	if err != nil {
-		leaf.Title = "My New File"
+	if leaf.Meta.ReadOnly {
+		if _, ok := r.URL.Query()["edit"]; !ok {
+			leaf.Content = Gomarkdown([]byte(leaf.Content))
+		} else {
+			leaf.Meta.ReadOnly = false
+		}
 	}
 	data := map[string]interface{}{
 		"This": map[string]interface{}{
-			"Title":   leaf.Title,
-			"Content": leaf.Content,
-			"ID":      id.String(),
-			"PID":     id.Pop().String(),
-			"PTitle":  parent.Title,
+			"Title":    leaf.Meta.Title,
+			"ReadOnly": leaf.Meta.ReadOnly,
+			"Content":  leaf.Content,
+			"ID":       id.String(),
+			"PID":      id.Pop().String(),
+			"PTitle":   parent.Meta.Title,
 		},
-		"Tree": string(branchesJSON),
+		"Tree":       string(branchesJSON),
+		"Namespaces": server.getUser().Groups,
+		"Namespace":  server.getUser().Group,
 	}
 	return t.Lookup("files").Execute(w, data)
 }
@@ -309,12 +361,12 @@ func (server *Server) uiSubTemplates() (*template.Template, error) {
 }
 
 func (server *Server) rootHandler(w http.ResponseWriter, r *http.Request) error {
-	http.Redirect(w, r, "/ui/files/"+uuid.New().String()[:5], 302)
+	http.Redirect(w, r, "/ui/files", 302)
 	return nil
 }
 
 func (server *Server) tree() Tree {
-	return NewTree(path.Join(server.root, "files"))
+	return NewTree(path.Join(server.root, "files", server.getUser().Group))
 }
 
 func (server *Server) diskMediaPath(id string) string {
@@ -354,10 +406,15 @@ func (server *Server) apiV0FilesPostHandler(w http.ResponseWriter, r *http.Reque
 	if err != nil {
 		return err
 	}
+	r.Body = io.NopCloser(bytes.NewReader(b))
 
 	pid := server.fileId(r)
 	id := NewID(pid).Push(strings.Split(uuid.New().String(), "-")[0])
-	if err := server.tree().Put(id, Leaf{Title: r.Header.Get("Title"), Content: string(b)}); err != nil {
+	leaf, err := NewHTTPRequestLeaf(r)
+	if err != nil {
+		return err
+	}
+	if err := server.tree().Put(id, leaf); err != nil {
 		return err
 	}
 	return json.NewEncoder(w).Encode(map[string]map[string]string{
@@ -381,9 +438,7 @@ func (server *Server) apiV0FilesIDGetHandler(w http.ResponseWriter, r *http.Requ
 		return err
 	}
 
-	w.Header().Set("Title", leaf.Title)
-	_, err = w.Write([]byte(leaf.Content))
-	return err
+	return leaf.WriteHTTP(w)
 }
 
 func (server *Server) apiV0FilesIDDelHandler(w http.ResponseWriter, r *http.Request) error {
@@ -398,7 +453,7 @@ func (server *Server) apiV0FilesIDDelHandler(w http.ResponseWriter, r *http.Requ
 	} else if err != nil {
 		return err
 	}
-	leaf.Deleted = true
+	leaf.Meta.Deleted = true
 
 	return server.tree().Put(id, leaf)
 }
@@ -424,14 +479,12 @@ func (server *Server) apiV0FilesIDPutHandler(w http.ResponseWriter, r *http.Requ
 	} else if err != nil {
 		return err
 	}
-	b, err := ioutil.ReadAll(r.Body)
+
+	updatedLeaf, err := NewHTTPRequestLeaf(r)
 	if err != nil {
 		return err
 	}
-
-	leaf.Content = string(b)
-	leaf.Title = r.Header.Get("Title")
-	leaf.Deleted = false
+	leaf = leaf.Merge(updatedLeaf)
 
 	if err := server.tree().Put(id, leaf); err != nil {
 		return err
@@ -479,18 +532,18 @@ func (server *Server) _apiV0SearchHandler(query string) ([][2]string, error) {
 	result := [][2]string{}
 	if err := tree.ForEach(func(id ID, leaf Leaf) error {
 		for _, pattern := range patterns {
-			if !pattern.MatchString(leaf.Content) && !pattern.MatchString(leaf.Title) {
+			if !pattern.MatchString(leaf.Content) && !pattern.MatchString(leaf.Meta.Title) {
 				return nil
 			}
 		}
-		title := leaf.Title
+		title := leaf.Meta.Title
 		pid := id.Pop()
 		for pid != "" {
 			parent, err := server.tree().Get(pid)
 			if err != nil {
 				return err
 			}
-			title = path.Join(parent.Title, title)
+			title = path.Join(parent.Meta.Title, title)
 			pid = pid.Pop()
 		}
 		result = append(result, [2]string{id.URLSafeString(), title})
@@ -500,3 +553,30 @@ func (server *Server) _apiV0SearchHandler(query string) ([][2]string, error) {
 	}
 	return result, nil
 }
+
+func Gomarkdown(b []byte) string {
+	renderer := html.NewRenderer(html.RendererOptions{
+		Flags: html.CommonFlags | html.TOC,
+	})
+	ext := parser.NoExtensions
+	for _, extension := range []parser.Extensions{
+		parser.NoIntraEmphasis,
+		parser.Tables,
+		parser.FencedCode,
+		parser.Autolink,
+		parser.Strikethrough,
+		parser.SpaceHeadings,
+		parser.HeadingIDs,
+		parser.BackslashLineBreak,
+		parser.DefinitionLists,
+		parser.MathJax,
+		parser.Titleblock,
+		parser.AutoHeadingIDs,
+		parser.Includes,
+	} {
+		ext |= extension
+	}
+	parser := parser.NewWithExtensions(ext)
+	content := markdown.ToHTML(b, parser, renderer)
+	return string(content) + "\n"
+}

server/server_test.go

@@ -12,7 +12,7 @@ import (
 )
 
 func TestServerRoutes(t *testing.T) {
-	server := NewServer(t.TempDir())
+	server := NewServer(t.TempDir(), nil)
 	if err := server.Routes(); err != nil {
 		t.Fatal(err)
 	}
@@ -31,11 +31,17 @@ func TestServerRoutes(t *testing.T) {
 	ensureAndWrite(server.diskMediaPath("delid"), []byte("hi"))
 
 	tree := server.tree()
-	if err := tree.Put(NewID("getfid"), Leaf{Title: "", Content: "getfid body"}); err != nil {
+	leaf, _ := NewLeaf("", "getfid body")
+	if err := tree.Put(NewID("getfid"), leaf); err != nil {
 		t.Fatal(err)
 	}
-	tree.Put(NewID("putfid"), Leaf{Title: "putfid title", Content: "initial putfid body"})
-	tree.Put(NewID("delfid"), Leaf{Title: "delfid title", Content: "delfid body"})
+
+	leaf, _ = NewLeaf("putfid title", "initial putfid body")
+	tree.Put(NewID("putfid"), leaf)
+
+	leaf, _ = NewLeaf("delfid title", "delfid body")
+	tree.Put(NewID("delfid"), leaf)
+
 	t.Log(tree.GetRoot())
 
 	ensureAndWrite(path.Join(server.root, "index.html"), []byte("mom"))
@@ -49,7 +55,7 @@ func TestServerRoutes(t *testing.T) {
 		"v0: /: get": {
 			path:   "/",
 			method: http.MethodGet,
-			want:   "/ui/files/",
+			want:   "/ui/files",
 		},
 		"v0: search: get": {
 			path:   "/api/v0/search?q=getf%20bod",
@@ -96,17 +102,17 @@ func TestServerRoutes(t *testing.T) {
 		"v0: /: redir": {
 			path:   "/",
 			method: http.MethodGet,
-			want:   "/ui/files/",
+			want:   "/ui/files",
 		},
 		"v0: /ui/: redir": {
 			path:   "/ui/",
 			method: http.MethodGet,
-			want:   "/ui/files/",
+			want:   "/ui/files",
 		},
 		"v0: /ui: redir": {
 			path:   "/ui",
 			method: http.MethodGet,
-			want:   "/ui/files/",
+			want:   "/ui/files",
 		},
 		"v0: /ui/search": {
 			path:   "/ui/search",
@@ -147,7 +153,7 @@ func TestServerRoutes(t *testing.T) {
 }
 
 func TestServerPutTreeGetFile(t *testing.T) {
-	server := NewServer(t.TempDir())
+	server := NewServer(t.TempDir(), nil)
 	if err := server.Routes(); err != nil {
 		t.Fatal(err)
 	}
@@ -207,7 +213,7 @@ func TestServerPutTreeGetFile(t *testing.T) {
 		if w.Code != http.StatusOK {
 			t.Fatal(w)
 		}
-		if !bytes.Contains(w.Body.Bytes(), []byte(`{"Title":"my title","Deleted":false,"Content":"`)) {
+		if !bytes.Contains(w.Body.Bytes(), []byte(`{"Meta":{"Title":"my title","ReadOnly":false,"Deleted":false},"Content":"`)) {
 			t.Fatal(w)
 		}
 		var branch Branch
@@ -220,11 +226,11 @@ func TestServerPutTreeGetFile(t *testing.T) {
 		}
 		if parent, ok := branch.Branches["my pid"]; !ok {
 			t.Error(ok, branch)
-		} else if parent.Leaf.Title != "Untitled" {
+		} else if parent.Leaf.Meta.Title != "Untitled" {
 			t.Error(parent.Leaf)
 		} else if child, ok := parent.Branches[NewID(id)]; !ok {
 			t.Error(ok, NewID("my pid").Push(id), parent)
-		} else if child.Leaf.Title != "my title" {
+		} else if child.Leaf.Meta.Title != "my title" {
 			t.Error(child.Leaf)
 		}
 	})

server/testdata/ui

@@ -1 +1 @@
-../../ui/
+../public/ui

server/testdata/users.yaml

@@ -0,0 +1,6 @@
+users:
+  breel:
+    password: breel
+    groups:
+    - g1
+    - g2

server/tree.go

@@ -34,24 +34,6 @@ func (branch Branch) forEach(preid ID, foo func(ID, Leaf) error) error {
 	return nil
 }
 
-type Leaf struct {
-	Title   string
-	Deleted bool
-	Content string
-}
-
-func (base Leaf) Merge(updated Leaf) Leaf {
-	if updated.Title != "" {
-		base.Title = updated.Title
-	}
-	if base.Title == "" {
-		base.Title = "Untitled"
-	}
-	base.Deleted = updated.Deleted
-	base.Content = updated.Content
-	return base
-}
-
 type Tree struct {
 	root string
 }
@@ -147,14 +129,14 @@ func (tree Tree) getRoot(pid ID, withContent, withDeleted bool) (Branch, error)
 			if !withContent {
 				m.Leaf.Content = ""
 			}
-			if m.Leaf.Deleted && !withDeleted {
-				return m, nil
+			if m.Leaf.Meta.Deleted && !withDeleted {
+				return Branch{Branches: map[ID]Branch{}}, nil
 			}
 		} else if entry.IsDir() {
 			subtree := tree.WithRoot(path.Join(tree.root, entry.Name()))
 			if branch, err := subtree.getRoot(pid.Push(entry.Name()), withContent, withDeleted); err != nil {
 				return Branch{}, err
-			} else if !branch.IsZero() && (!branch.Leaf.Deleted || withDeleted) {
+			} else if !branch.IsZero() && (!branch.Leaf.Meta.Deleted || withDeleted) {
 				m.Branches[pid.Push(entry.Name())] = branch
 			}
 		}
@@ -208,10 +190,10 @@ func (tree Tree) Del(id ID) error {
 	if err != nil {
 		return err
 	}
-	if got.Deleted {
+	if got.Meta.Deleted {
 		return nil
 	}
-	got.Deleted = true
+	got.Meta.Deleted = true
 	return tree.Put(id, got)
 }
 

server/tree_test.go

@@ -13,7 +13,9 @@ func TestTreeForEach(t *testing.T) {
 	id := ""
 	for i := 0; i < 5; i++ {
 		id = path.Join(id, strconv.Itoa(i))
-		if err := tree.Put(NewID(id), Leaf{Title: id, Content: id}); err != nil {
+		leaf := Leaf{Content: id}
+		leaf.Meta.Title = id
+		if err := tree.Put(NewID(id), leaf); err != nil {
 			t.Fatal(err)
 		}
 	}
@@ -42,7 +44,7 @@ func TestTreeDel(t *testing.T) {
 		t.Fatal(err)
 	} else if got, err := tree.Get(NewID("id")); err != nil {
 		t.Fatal(err)
-	} else if !got.Deleted {
+	} else if !got.Meta.Deleted {
 		t.Fatal(got)
 	}
 
@@ -72,11 +74,10 @@ func TestTreeCrud(t *testing.T) {
 		t.Fatal(err)
 	}
 
-	want := Leaf{
-		Title:   "leaf title",
-		Deleted: false,
-		Content: "leaf content",
-	}
+	want := Leaf{}
+	want.Meta.Title = "leaf title"
+	want.Meta.Deleted = false
+	want.Content = "leaf content"
 	if err := tree.Put(NewID("id"), want); err != nil {
 		t.Fatal(err)
 	} else if l, err := tree.Get(NewID("id")); err != nil {

todo.yaml

@@ -1,12 +1,30 @@
 todo:
-- scrape odo
+- create fileauth login file
+- secret for cookie encrypt+decrypt
+- secrets
+- team-specific deployment;; prob grab a VM
 - mark generated via meta so other files in the dir can be created, deleted, replaced safely
+- links like `/Smoktests` in user-files home wiki don't rewrite
+- map fullURLScraped->internalURL for relative links sometimes
+- LDAP login
+- scrape odo
 - rewrite links if available to local
-- table of contents
 - anchor per line
 - anchor links work
 - ui; last updated; 2022.02.01T12:34:56
 done:
+- encrypt files at docker build time, put decrypt key in vault
+- gitlab/-/blob/about.md does NOT map to exactly 1 file
+- crawler does NOT modify title cause readme.md everywhere
+- use `meta` so no need for extra level for explicit single files
+- table of contents
+- min-height for easymde
+- /ui/files does not redir in b1
+- anchors on gitlab wikis at least are bad
+- gitlab wiki original links are empty
+- /ui/files is an about page over a redir
+- use `read-only` for autogenerated things;; could skip easymde and make google docs much faster
+- new line after original link
 - scrape gslide
 - scrape gsheet
 - scrape gdoc