aboutsummaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2022-10-28add gitpad.encode_uri_component Lua functionMartin Fischer
2022-10-28drop gitpad.decode_toml Lua functionMartin Fischer
The function made sense when we had Lua shebangs but now that they have been removed, the function doesn't make much sense anymore.
2022-10-28refactor: avoid unnecessary LuaTable::get callMartin Fischer
2022-10-28drop support for Lua shebangsMartin Fischer
Now that we have Lua templating, which is more flexible, it doesn't make sense to keep Lua shebangs around.
2022-10-28implement lua-based templatesMartin Fischer
2022-10-28refactor: introduce lua_context functionMartin Fischer
2022-10-28stop rendering .html files via <iframe>sMartin Fischer
Now that we have Lua scripting we don't need iframes anymore.
2022-08-14add gitpad.decode_toml lua methodMartin Fischer
We are vendoring the rlua_serde crate because it currently depends on rlua 0.17, which is outdated and my attempts to contact the crate author were bounced by Yandex for somehow looking like spam.
2022-08-14allow inline CSS (for lua scripts)Martin Fischer
2022-07-30implement lua scriptingMartin Fischer
Inspired by the Scribunto extension for MediaWiki.
2022-07-30fix SoloController::build_url_pathMartin Fischer
2022-07-30set Referrer-Policy: same-origin for more privacyMartin Fischer
2022-07-30fix regression: allow creation of branchesMartin Fischer
2022-07-30refactor: restructure build_response logicMartin Fischer
2022-07-30add some basic testsMartin Fischer
2022-07-29refactor: introduce SoloController::newMartin Fischer
2022-07-27refactor: use Context::branch_headMartin Fischer
2022-07-27refactor: remove needless borrows / returnsMartin Fischer
2022-07-27update clap dependencyMartin Fischer
2021-07-18refactor: use camino for UTF-8 pathsMartin Fischer
2021-07-18refactor: remove unreachable else branchMartin Fischer
When viewing the user directory of another user the request is intercepted beforehand by parse_url_path.
2021-07-18support If-None-Match headers with W/ prefixMartin Fischer
2021-07-05refactor: move HttpOrigin to new origins moduleMartin Fischer
2021-07-05disable textarea spellcheck for ext not in (md, txt)Martin Fischer
2021-07-05css: stop wrapping action links in divMartin Fischer
2021-07-05refactor: stop wrapping Page.header in OptionMartin Fischer
2021-07-04refactor: short-circuit with ? instead of mappingMartin Fischer
2021-07-04move src/help/*.html files to src/static/Martin Fischer
2021-07-04refactor: move Error rendering to error moduleMartin Fischer
2021-07-04strictly enforce Host and Origin headersMartin Fischer
Previously the Origin header was only checked if you specified an origin with --origin on startup and when you didn't we just printed a warning that this might make you vulnerable to CSRF attacks. I implemented it this way since I wanted GitPad to be runnable without any command-line options, but such warnings are of course suboptimal for security since they can simply be ignored. This commit changes this behavior so that the Origin header is always checked for POST requests. If you just run "gitpad" the enforced origin defaults to http://127.0.0.1:<port>. Additionally this commit also enforces an exact Host header (extracted from the Origin) to prevent DNS rebinding attacks.
2021-07-03refactor: introduce build_raw_response helperMartin Fischer
2021-07-03render .html files securely using IFramesMartin Fischer
2021-07-03allow renderers to mutate Page (and frame-src CSP)Martin Fischer
2021-06-24generate <script> tags and CSP from Page vectorsMartin Fischer
2021-06-24refactor render_pageMartin Fischer
2021-06-24make CSP stricter by setting default-src to 'self'Martin Fischer
Embedding remote files can leak info via the Referer header. Also changes child-src to frame-src since it has a higher precedence. (https://www.w3.org/TR/CSP3/#changes-from-level-2)
2021-06-24refactor: simplify Page and Context structsMartin Fischer
Previously the Page struct contained references to the Controller and the http::request::Parts, so that page.render() could call controller.user_info_html(parts). This commit removes these references from the Page struct, so that it can implement Default in the future. The Context struct needs to be moved around since it contains git2::Repository, which isn't Send. Previously the Context struct also contained the http::request::Parts, so they were moved along. This commit extracts Parts out of the Context struct, so that our service function can access Parts after invoking our build_request method, allowing us to easily log request details for errors in the future.
2021-06-24refactor: simplify Controller request interceptionMartin Fischer
In multi-user mode if Alice attempts to access /~bob/ she would get an Unauthorized error since branches are private. To improve the UX we instead already showed Alice a list of which files Bob has shared with her. Previously this was achieved with an before_return_error hook in the Controller trait. While this worked fine, it wasn't elegant, since it required passing the Context struct in all Unauthorized errors, so that the before_return_error hook could access the context. This commit refactors the code to intercept requests to paths like /~bob/ before the regular request handling instead of afterwards. While this could have been implemented in the before_route hook, this would have required either invoking parse_url_path a second time or passing the Result of parse_url_path, both of which would be akward. Therefore this commit also merges before_route into parse_url_path.
2021-06-24css: decrease margin-top for h1Martin Fischer
2021-06-24log: allow diffing specific revisionsMartin Fischer
2021-06-24log: mark up dates as headingsMartin Fischer
2021-06-24css: set row-gap for bodyMartin Fischer
2021-06-24refactor diff_blobMartin Fischer
2021-06-24refactor: move Error enum and impls to own moduleMartin Fischer
2021-06-24split off diff action from log actionMartin Fischer
2021-06-24refactor: split up blob routes into functionsMartin Fischer
2021-06-23make single-user mode operate on HEAD branchMartin Fischer
2021-06-23stop using #![feature] to support stable RustMartin Fischer
2021-06-23refactor: split off shares.rs from controller.rsMartin Fischer
2021-06-23refactor: split up main.rs into multiple modulesMartin Fischer
generated by cgit v1.2.3 (git 2.25.1) at 2024-10-16 16:20:03 +0000