From fa66648e7c22601e1586c9e25215119a3d2f09e7 Mon Sep 17 00:00:00 2001 From: Zack Scholl Date: Sat, 13 Feb 2016 23:10:34 -0500 Subject: [PATCH 1/4] Bluemonday onto lists too Former-commit-id: 4988450f045d0ec49825027b0a65ded8a01c0ef8 [formerly 4ebc8adf84d82b208853620fa527dcbb57090cb2] [formerly aecf8096ddf3e1cd81c019d6956cc9b3d6a60b84 [formerly 041f0336c1847a715560b5610cbfcbda2203e971 [formerly 2e9549e735098b7aa0c873d2d35558a1e6f30610]]] Former-commit-id: fe758d90425821157c44bebf7fa14de330b83b51 [formerly 1571aab7d0bc0b5c2e87bfe17702cc75ae681462] Former-commit-id: fd6052e2ecadf09c7512dc80265cb7b3b7e92f7a Former-commit-id: 32d06f199b1ff70536e69639023dd0c600862c58 --- routes.go | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/routes.go b/routes.go index 27f5db1..18b5471 100644 --- a/routes.go +++ b/routes.go @@ -9,6 +9,7 @@ import ( "strconv" "strings" "time" + "fmt" "github.com/boltdb/bolt" "github.com/gin-gonic/gin" @@ -197,8 +198,18 @@ func renderList(c *gin.Context, title string) { panic(err) } - listItems, _ := reorderList(p.CurrentText) - + fmt.Println(p.CurrentText) + pClean := bluemonday.UGCPolicy() + pClean.AllowElements("img") + pClean.AllowAttrs("alt").OnElements("img") + pClean.AllowAttrs("src").OnElements("img") + pClean.AllowAttrs("class").OnElements("a") + pClean.AllowAttrs("href").OnElements("a") + pClean.AllowAttrs("id").OnElements("a") + pClean.AllowDataURIImages() + text := pClean.SanitizeBytes([]byte(p.CurrentText)) + listItems, _ := reorderList(string(text)) + fmt.Println(string(text)) c.HTML(http.StatusOK, "list.tmpl", gin.H{ "Title": title, "WikiName": RuntimeArgs.WikiName, From 7f10b225be1b1c86ca5ee1abaa974ec8e008069a Mon Sep 17 00:00:00 2001 From: Zack Date: Sat, 13 Feb 2016 23:14:13 -0500 Subject: [PATCH 2/4] Update README.md Former-commit-id: 2ff1b943cb6eb33bd27fcecb5f2b45e46777d4c8 [formerly 9919d98797c394f4c3bff3cb3e26cc1aaefd7d2f] [formerly 3234c8e8fb1eaef8656183cee08c58141b2f917c [formerly deca1212cbe587eda22a16f136e5fa5cc79fb5d5 [formerly ccae45e3b3c6f3c0070181529e31f7c1c3e73524]]] Former-commit-id: aa7142b0034d8c673c618cf1e4cfd3f70328ff45 [formerly 2d06690604787e74c835c5d996e0d59b19695d85] Former-commit-id: 13fb8fd4c27ecbf061cb3bf44b5c09faa40e3515 Former-commit-id: 4d1074f2a69ac28ce7d5f81795e366cad0efd651 --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 7ba332d..2f79f4f 100644 --- a/README.md +++ b/README.md @@ -21,7 +21,7 @@ All previous versions of all notes are stored and can be accessed by adding `?ve ## Security -Now comes with HTTPS! +HTTPS support is provided. Also uses a HTML sanitizer to prevent XSS attacks. ## Keyboard Shortcuts From 5f1edd9e535e603df374aee3d9e17dcf4490b601 Mon Sep 17 00:00:00 2001 From: Zack Date: Sat, 13 Feb 2016 23:19:40 -0500 Subject: [PATCH 3/4] Update README.md Former-commit-id: f8d2a8d36fddf1ef723bcef3737023e3de6d9c3d [formerly 89f9482f7fddd1071c631f988635e70a06219278] [formerly eef52e49afd3b2df7719451629d58f146ebace0c [formerly 15144e56fc0c28742d3bd39e3a6724e38e2e25c4 [formerly 48650192d83a62e3e29f795d2a7661d365371e08]]] Former-commit-id: e7b77853ba4908ec076dadc5b26ecbd9412f9219 [formerly 8698429f41eb5135920fd8281e883f499669262a] Former-commit-id: b8bcd4bdb7f5f7460a7ba84e6b2040f594f785df Former-commit-id: 060524d7af7d1ab2ada55d9611cc0844b9c7265b --- README.md | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 2f79f4f..365178f 100644 --- a/README.md +++ b/README.md @@ -32,7 +32,11 @@ Quickly transition between Edit/View/List by using `Ctl+Shift+E` to Edit, `Ctl+S The Admin can view/delete all the documents by setting the `-a YourAdminKey` when starting the program. Then the admin has access to the `/ls/YourAdminKey` to view and delete any of the pages. # Install -To get started on your local network just do: + + +First [install Go](https://golang.org/doc/install). + +Then, if you want to host on your local network just do: ``` git clone https://github.com/schollz/awwkoala.git @@ -44,7 +48,7 @@ make and then goto the address `http://LOCALIPADDRESS:8001/` ## Production server -I recommend using `NGINX` as middleware, as it will do caching of the static files for you. There is an example `NGINX` block in `install/`. To automatically install, on Raspberry Pi / Ubuntu / Debian system use: +I recommend using `NGINX` as middleware, as it will do caching of the static files for you. There is an example `NGINX` block in `install/`. If you want to use SSL instead, follow the instructions in `letsencrypt/README.md`. To automatically install, on Raspberry Pi / Ubuntu / Debian system use: ``` git clone https://github.com/schollz/awwkoala.git From a52c72b618dcdec93a3fbde6f33816989568bd2a Mon Sep 17 00:00:00 2001 From: Zack Date: Sun, 14 Feb 2016 00:07:09 -0500 Subject: [PATCH 4/4] Needs to use fullchain, not cert, for mobile Former-commit-id: 2a630dde7ba043c7ff4d7ee90e008f6a3e0a7f6f [formerly 72e759c0b57effef041641fa15d2b62241a4cc22] [formerly e8f937eb644b06942c8f1e719f6b73ec78872a3c [formerly 19904b1961a61e6079ae98eaf6a1dad529ed79b4 [formerly 70fb2e1a7b1bc09fa8771e345e1f296eba76340f]]] Former-commit-id: 2b50c1da2395ee7a3e6df267e44e2992d5551aa5 [formerly a7c0c45469e60b071c28e48a2366fbe06772010f] Former-commit-id: 782ecd4185f040b22abafdf931a3bcc2133e3843 Former-commit-id: 6620808f86ecf414c38dfd7ff932df608c30f9a1 --- letsencrypt/awwkoala.ssl.nginx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/letsencrypt/awwkoala.ssl.nginx b/letsencrypt/awwkoala.ssl.nginx index 90efeb5..ca59024 100644 --- a/letsencrypt/awwkoala.ssl.nginx +++ b/letsencrypt/awwkoala.ssl.nginx @@ -8,7 +8,7 @@ server { # SERVER BLOCK FOR ADDRESS listen 443 ssl; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; - ssl_certificate /etc/letsencrypt/live/ADDRESS/cert.pem; + ssl_certificate /etc/letsencrypt/live/ADDRESS/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/ADDRESS/privkey.pem; access_log /etc/nginx/logs/access-ADDRESS.log;