thohlt/archtika
1
0
Fork 0
mirror of https://github.com/thiloho/archtika.git synced 2025-11-22 02:41:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: thohlt:v1.0.1
Branches Tags
thohlt:main thohlt:devel
thohlt:v1.2.3 thohlt:v1.2.2 thohlt:v1.2.1 thohlt:v1.2.0 thohlt:v1.1.0 thohlt:v1.0.1 thohlt:v1.0.0
...
compare: thohlt:v1.2.3
Branches Tags
thohlt:main thohlt:devel
thohlt:v1.2.3 thohlt:v1.2.2 thohlt:v1.2.1 thohlt:v1.2.0 thohlt:v1.1.0 thohlt:v1.0.1 thohlt:v1.0.0

42 Commits
v1.0.1 ... v1.2.3

Author SHA1 Message Date
Thilo Hohlt
10b713d725 Merge pull request #36 from archtika/devel 
Replace diff-match-patch with js-diff and fix missing filesystem deletion
 2025-04-10 21:40:24 +02:00
thiloho
d34a623e39 Trigger actions 2025-04-10 21:21:43 +02:00
thiloho
c738bfbd36 Remove old diff-match-patch import 2025-04-10 20:55:37 +02:00
thiloho
7dcbd5e9d9 Use js-diff instead of diff-match-patch for word level diffs 2025-04-10 20:54:58 +02:00
thiloho
ebff67e8a7 Remove rollback migrations and fix filesystem deletion on user delete 2025-04-10 18:35:09 +02:00
Thilo Hohlt
36881bf79e Merge pull request #35 from archtika/devel 
Use english catalog for Postgres full-text search and fix logo scaling on mobile devices
 2025-04-08 13:11:00 +02:00
thiloho
1d8f5251aa Use regular expression for logo image test 2025-04-08 12:59:18 +02:00
thiloho
37ba49a4f7 Use english catelog for Postgres full-text search and fix logo scaling on mobile devices 2025-04-08 12:36:39 +02:00
Thilo Hohlt
281851f9a2 Merge pull request #34 from archtika/devel 
Escape user input <ins> and <del> elements in logs
 2025-04-06 16:52:41 +02:00
thiloho
5a6214878f Escape user input <ins> and <del> elements in logs 2025-04-06 16:43:12 +02:00
Thilo Hohlt
0c15769f63 Merge pull request #33 from archtika/devel 
Update vite and replace escaped doublequotes with normal representation
 2025-04-06 12:25:43 +02:00
thiloho
70a81158ef Update vite and replace escaped doublequotes with normal representation 2025-04-06 09:41:31 +02:00
Thilo Hohlt
084ab000bb Merge pull request #32 from archtika/devel 
Update npm dependencies
 2025-03-23 17:37:47 +01:00
thiloho
d06664931a Update npm deps hash 2025-03-23 17:27:25 +01:00
thiloho
9d06ab96cc Update npm dependencies 2025-03-23 17:17:21 +01:00
Thilo Hohlt
d8b471764c Merge pull request #31 from archtika/devel 
Render line breaks in change log and add more usernames to the blacklist
 2025-03-23 15:43:24 +01:00
thiloho
3f59fd4c58 Add more usernames to the blacklist 2025-03-23 14:49:13 +01:00
thiloho
20bcd84d7e Render line breaks in change lot HTML representation 2025-03-23 14:25:15 +01:00
Thilo Hohlt
09f1b1c533 Merge pull request #30 from archtika/devel 
Update flake and use remote Nix module from nixpkgs
 2025-03-09 17:37:05 +01:00
thiloho
f85a7b3023 Update NPM deps hash 2025-03-09 17:24:50 +01:00
thiloho
f5125e11ba Use remote Nix flake module for archtika instead of local one 2025-03-09 16:52:05 +01:00
thiloho
4afd58c24d Update flake 2025-03-09 16:37:01 +01:00
thiloho
c76c5cc0a3 Allow the postgres user to connect to the postgres database 2025-02-07 04:13:50 +01:00
thiloho
c7f912947a Restrict module postgres settings to archtika database 2025-02-07 03:55:28 +01:00
Thilo Hohlt
33acb2578c Merge pull request #29 from archtika/devel 
Refactoring and small improvements
 2025-01-30 00:36:47 +01:00
thiloho
c97347e760 Update Nix module 2025-01-30 00:16:50 +01:00
thiloho
fba3aef8aa Update nix module, add resizing to WebsiteEditor and make preview load without JS 2025-01-29 19:53:38 +01:00
Thilo Hohlt
2757ddb774 Merge pull request #28 from archtika/devel 
Set custom domains for docs and portfolio
 2025-01-12 14:37:43 +01:00
thiloho
c6111fd247 Set custom domains for docs and portfolio 2025-01-12 14:16:22 +01:00
Thilo Hohlt
94c1f46d0c Merge pull request #27 from archtika/devel 
Allow removing images and wrap tables with scroll container
 2025-01-11 21:15:04 +01:00
thiloho
24d81a8e4d Allow removing images and wrap tables with scroll container 2025-01-11 20:59:36 +01:00
Thilo Hohlt
eba317f8de Merge pull request #26 from archtika/devel 
Refactoring
 2025-01-07 19:53:15 +01:00
thiloho
d570fb6906 Update SSH public keys for servers 2025-01-07 19:33:26 +01:00
thiloho
32a3e7f694 Adjust playwright config options back to localhost 2025-01-04 20:47:29 +01:00
thiloho
4af15717f4 Refactor flake api package and adjust prod nix config 2025-01-04 20:33:00 +01:00
thiloho
f0ebb94d82 Give read permissions to restricted postgres service in module 2025-01-03 17:28:02 +01:00
thiloho
dd59e995e8 Update module 2025-01-03 16:02:16 +01:00
thiloho
8bb4549fa4 Update dev vm and module 2025-01-03 15:58:12 +01:00
thiloho
79a41f7e49 Update flake nixpkgs commit 2025-01-03 11:44:53 +01:00
thiloho
7d79d60132 Refactor NixOS module 2025-01-03 11:29:48 +01:00
Thilo Hohlt
741ec830a8 Merge pull request #25 from archtika/devel 
Make nav logo image auto adjust to width
 2024-12-20 16:33:01 +01:00
thiloho
56646e8d61 Make nav logo image auto adjustable to width 2024-12-20 16:17:21 +01:00
46 changed files with 1444 additions and 1989 deletions
Expand all files Collapse all files

6
.github/workflows/test.yml vendored
View File

@@ -23,7 +23,7 @@ jobs:
run: |
wait_for_postgres() {
echo "Waiting for PostgreSQL to be ready..."
while ! nix shell nixpkgs#postgresql_16 -c pg_isready -h localhost -p 15432 -U postgres; do
while ! nix shell nixpkgs#postgresql -c pg_isready -h 127.0.0.1 -p 15432 -U postgres; do
sleep 1
done
echo "PostgreSQL is ready."
@@ -31,10 +31,10 @@ jobs:
wait_for_postgrest() {
echo "Waiting for PostgREST to be live and ready..."
while ! curl -s -I "http://localhost:3001/live" | grep "OK"; do
while ! curl -s -I "http://127.0.0.1:3001/live" | grep "OK"; do
sleep 1
done
while ! curl -s -I "http://localhost:3001/ready" | grep "OK"; do
while ! curl -s -I "http://127.0.0.1:3001/ready" | grep "OK"; do
sleep 1
done
echo "PostgREST is live and ready."

6
flake.lock generated
View File

@@ -2,11 +2,11 @@
"nodes": {
"nixpkgs": {
"locked": {
"lastModified": 1729256560,
"narHash": "sha256-/uilDXvCIEs3C9l73JTACm4quuHUsIHcns1c+cHUJwA=",
"lastModified": 1741379970,
"narHash": "sha256-Wh7esNh7G24qYleLvgOSY/7HlDUzWaL/n4qzlBePpiw=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "4c2fcb090b1f3e5b47eaa7bd33913b574a11e0a0",
"rev": "36fd87baa9083f34f7f5027900b62ee6d09b1f2f",
"type": "github"
},
"original": {

47
flake.nix
View File

@@ -14,6 +14,8 @@
];
forAllSystems = nixpkgs.lib.genAttrs allSystems;
dbUrl = user: "postgres://${user}@127.0.0.1:15432/archtika";
in
{
devShells = forAllSystems (
@@ -24,19 +26,19 @@
{
api = pkgs.mkShell {
packages = with pkgs; [
postgresql_16
postgresql
postgrest
];
shellHook = ''
alias dbmate="${pkgs.dbmate}/bin/dbmate --no-dump-schema --url postgres://postgres@localhost:15432/archtika?sslmode=disable"
alias dbmate="${pkgs.dbmate}/bin/dbmate --no-dump-schema --url ${dbUrl "postgres"}?sslmode=disable"
alias formatsql="${pkgs.pgformatter}/bin/pg_format -s 2 -f 2 -U 2 -i db/migrations/*.sql"
alias dbconnect="${pkgs.postgresql_16}/bin/psql postgres://postgres@localhost:15432/archtika"
alias dbconnect="${pkgs.postgresql}/bin/psql ${dbUrl "postgres"}"
'';
};
web = pkgs.mkShell {
packages = with pkgs; [ nodejs_22 ];
packages = with pkgs; [ nodejs ];
shellHook = ''
export PLAYWRIGHT_BROWSERS_PATH=${pkgs.playwright-driver.browsers}
export PLAYWRIGHT_BROWSERS_PATH=${pkgs.playwright.browsers}
export PLAYWRIGHT_SKIP_VALIDATE_HOST_REQUIREMENTS=true
'';
};
@@ -65,19 +67,32 @@
{
api = {
type = "app";
program = "${pkgs.writeShellScriptBin "api-setup" ''
JWT_SECRET=$(tr -dc 'A-Za-z0-9' < /dev/urandom | head -c64)
WEBSITE_MAX_STORAGE_SIZE=100
WEBSITE_MAX_NUMBER_USER=3
program =
let
settings = {
maxStorage = 100;
maxWebsites = 3;
};
jwtSecret = "BMlgCY9fEzmf7jhQpNnxlS6TM8E6xk2vS08C3ukm5LM2aTooaF5PfxT3o2K9uKzq";
in
"${pkgs.writeShellScriptBin "api-setup" ''
${pkgs.postgresql}/bin/psql ${dbUrl "postgres"} \
-c "ALTER DATABASE archtika SET \"app.jwt_secret\" TO '${jwtSecret}'" \
-c "ALTER DATABASE archtika SET \"app.website_max_storage_size\" TO ${toString settings.maxStorage}" \
-c "ALTER DATABASE archtika SET \"app.website_max_number_user\" TO ${toString settings.maxWebsites}"
${pkgs.postgresql_16}/bin/psql postgres://postgres@localhost:15432/archtika -c "ALTER DATABASE archtika SET \"app.jwt_secret\" TO '$JWT_SECRET'"
${pkgs.postgresql_16}/bin/psql postgres://postgres@localhost:15432/archtika -c "ALTER DATABASE archtika SET \"app.website_max_storage_size\" TO $WEBSITE_MAX_STORAGE_SIZE"
${pkgs.postgresql_16}/bin/psql postgres://postgres@localhost:15432/archtika -c "ALTER DATABASE archtika SET \"app.website_max_number_user\" TO $WEBSITE_MAX_NUMBER_USER"
${pkgs.dbmate}/bin/dbmate --no-dump-schema \
--url ${dbUrl "postgres"}?sslmode=disable \
--migrations-dir ${self.outPath}/rest-api/db/migrations up
${pkgs.dbmate}/bin/dbmate --url postgres://postgres@localhost:15432/archtika?sslmode=disable --migrations-dir ${self.outPath}/rest-api/db/migrations up
PGRST_ADMIN_SERVER_PORT=3001 PGRST_DB_SCHEMAS="api" PGRST_DB_ANON_ROLE="anon" PGRST_OPENAPI_MODE="ignore-privileges" PGRST_DB_URI="postgres://authenticator@localhost:15432/archtika" PGRST_JWT_SECRET="$JWT_SECRET" ${pkgs.postgrest}/bin/postgrest
''}/bin/api-setup";
PGRST_ADMIN_SERVER_PORT=3001 \
PGRST_DB_SCHEMAS="api" \
PGRST_DB_ANON_ROLE="anon" \
PGRST_OPENAPI_MODE="ignore-privileges" \
PGRST_DB_URI="${dbUrl "authenticator"}" \
PGRST_JWT_SECRET="${jwtSecret}" \
${pkgs.postgrest}/bin/postgrest
''}/bin/api-setup";
};
}
);

54
nix/deploy/prod/default.nix
View File

@@ -1,9 +1,13 @@
{ pkgs, localArchtikaPackage, ... }:
let
domain = "demo.archtika.com";
docsSubdomain = "docs.archtika.com";
portfolioDomain = "thilohohlt.com";
in
{
imports = [
./hardware-configuration.nix
../shared.nix
../../module.nix
];
networking.hostName = "archtika-demo";
@@ -11,14 +15,50 @@
services.archtika = {
enable = true;
package = localArchtikaPackage;
domain = "demo.archtika.com";
acmeEmail = "thilo.hohlt@tutanota.com";
dnsProvider = "porkbun";
dnsEnvironmentFile = /var/lib/porkbun.env;
inherit domain;
settings = {
disableRegistration = true;
maxWebsiteStorageSize = 50;
maxUserWebsites = 2;
};
};
security.acme = {
acceptTerms = true;
defaults.email = "thilo.hohlt@tutanota.com";
certs."${domain}" = {
inherit domain;
extraDomainNames = [
"*.${domain}"
docsSubdomain
];
dnsProvider = "porkbun";
environmentFile = /var/lib/porkbun.env;
group = "nginx";
};
};
services.nginx.virtualHosts."${docsSubdomain}" = {
useACMEHost = domain;
forceSSL = true;
locations = {
"/" = {
root = "/var/www/archtika-websites/archtika/archtika-documentation";
index = "index.html";
tryFiles = "$uri $uri/ $uri.html =404";
};
};
};
services.nginx.virtualHosts."${portfolioDomain}" = {
enableACME = true;
forceSSL = true;
locations = {
"/" = {
root = "/var/www/archtika-websites/thiloho/thilo-hohlt";
index = "index.html";
tryFiles = "$uri $uri/ $uri.html =404";
};
};
};
services.postgresql.settings.default_text_search_config = "pg_catalog.english";
}

25
nix/deploy/qs/default.nix
View File

@@ -1,9 +1,11 @@
{ pkgs, localArchtikaPackage, ... }:
let
domain = "qs.archtika.com";
in
{
imports = [
./hardware-configuration.nix
../shared.nix
../../module.nix
];
networking.hostName = "archtika-qs";
@@ -11,14 +13,23 @@
services.archtika = {
enable = true;
package = localArchtikaPackage;
domain = "qs.archtika.com";
acmeEmail = "thilo.hohlt@tutanota.com";
dnsProvider = "porkbun";
dnsEnvironmentFile = /var/lib/porkbun.env;
inherit domain;
settings = {
disableRegistration = true;
maxWebsiteStorageSize = 250;
maxUserWebsites = 3;
};
};
security.acme = {
acceptTerms = true;
defaults.email = "thilo.hohlt@tutanota.com";
certs."${domain}" = {
inherit domain;
extraDomainNames = [ "*.${domain}" ];
dnsProvider = "porkbun";
environmentFile = /var/lib/porkbun.env;
group = "nginx";
};
};
services.postgresql.settings.default_text_search_config = "pg_catalog.english";
}

5
nix/deploy/shared.nix
View File

@@ -32,7 +32,7 @@
users = {
root = {
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFE42q8e7egSSTs4YJo8vQFDbRWqrGTQkR1weq8nT0Zx thiloho@pc"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFlDyJt72c/mxyN9cujc081J3uzWCyKtr4k2faBtgldD thiloho@pc"
];
hashedPassword = "$y$j9T$MuWDs5Ind6VPEM78u5VTy/$XAuRCaOPtS/8Vj8XgpxB/XX2ygftNLql2VrFWcC/sq7";
};
@@ -44,8 +44,7 @@
];
hashedPassword = "$y$j9T$Y0ffzVb7wrZSdCKbiYHin0$oahgfFqH/Eep6j6f4iKPETEfGZSOkgu74UT2eyG2uI1";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBj6+r+vMXJyy5wvQTLyfd2rIw62WCg9eIpwsciHg4ym thiloho@pc"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIgfOa8N46PBUO2gj8UeyrV0R+MRZFnJqUzG132UjaFS thiloho@laptop"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFlDyJt72c/mxyN9cujc081J3uzWCyKtr4k2faBtgldD thiloho@pc"
];
};
};

30
nix/dev-vm.nix
View File

@@ -20,9 +20,20 @@
password = "dev";
};
systemd.tmpfiles.rules = [ "d /var/www/archtika-websites 0777 root root -" ];
systemd.tmpfiles.settings = {
"10-archtika" = {
"/var/www/archtika-websites" = {
d = {
mode = "0777";
user = "root";
group = "root";
};
};
};
};
virtualisation = {
msize = 65536;
graphics = false;
memorySize = 2048;
cores = 2;
@@ -51,23 +62,13 @@
services = {
postgresql = {
enable = true;
package = pkgs.postgresql_16;
/*
PL/Perl:
overrideAttrs (
finalAttrs: previousAttrs: {
buildInputs = previousAttrs.buildInputs ++ [ pkgs.perl ];
configureFlags = previousAttrs.configureFlags ++ [ "--with-perl" ];
}
);
*/
ensureDatabases = [ "archtika" ];
authentication = lib.mkForce ''
local all all trust
host all all all trust
'';
enableTCPIP = true;
extraPlugins = with pkgs.postgresql16Packages; [ pgjwt ];
extensions = ps: with ps; [ pgjwt ];
};
nginx = {
enable = true;
@@ -105,10 +106,13 @@
systemd.services.postgresql = {
path = with pkgs; [
# Tar and gzip are needed for tar.gz exports
gnutar
gzip
];
serviceConfig = {
ReadWritePaths = [ "/var/www/archtika-websites" ];
};
};
services.getty.autologinUser = "dev";

2
nix/docker.nix
View File

@@ -26,7 +26,7 @@ pkgs.dockerTools.buildLayeredImage {
contents = [
archtika
entrypoint
pkgs.postgresql_16
pkgs.postgresql
pkgs.nginx
pkgs.acme-sh
pkgs.bash

309
nix/module.nix
View File

@@ -1,309 +0,0 @@
{
config,
lib,
pkgs,
...
}:
with lib;
let
cfg = config.services.archtika;
baseHardenedSystemdOptions = {
CapabilityBoundingSet = "";
LockPersonality = true;
NoNewPrivileges = true;
PrivateDevices = true;
PrivateTmp = true;
ProtectClock = true;
ProtectControlGroups = true;
ProtectHome = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectSystem = "strict";
RemoveIPC = true;
RestrictNamespaces = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
SystemCallArchitectures = "native";
SystemCallFilter = [
"@system-service"
"~@privileged"
"~@resources"
];
ReadWritePaths = [ "/var/www/archtika-websites" ];
};
in
{
options.services.archtika = {
enable = mkEnableOption "archtika service";
package = mkPackageOption pkgs "archtika" { };
user = mkOption {
type = types.str;
default = "archtika";
description = "User account under which archtika runs.";
};
group = mkOption {
type = types.str;
default = "archtika";
description = "Group under which archtika runs.";
};
databaseName = mkOption {
type = types.str;
default = "archtika";
description = "Name of the PostgreSQL database for archtika.";
};
apiPort = mkOption {
type = types.port;
default = 5000;
description = "Port on which the API runs.";
};
apiAdminPort = mkOption {
type = types.port;
default = 7500;
description = "Port on which the API admin server runs.";
};
webAppPort = mkOption {
type = types.port;
default = 10000;
description = "Port on which the web application runs.";
};
domain = mkOption {
type = types.str;
default = null;
description = "Domain to use for the application.";
};
acmeEmail = mkOption {
type = types.str;
default = null;
description = "Email to notify for the SSL certificate renewal process.";
};
dnsProvider = mkOption {
type = types.str;
default = null;
description = "DNS provider for the DNS-01 challenge (required for wildcard domains).";
};
dnsEnvironmentFile = mkOption {
type = types.path;
default = null;
description = "API secrets for the DNS-01 challenge (required for wildcard domains).";
};
settings = mkOption {
type = types.submodule {
options = {
disableRegistration = mkOption {
type = types.bool;
default = false;
description = "By default any user can create an account. That behavior can be disabled by using this option.";
};
maxUserWebsites = mkOption {
type = types.int;
default = 2;
description = "Maximum number of websites allowed per user by default.";
};
maxWebsiteStorageSize = mkOption {
type = types.int;
default = 500;
description = "Maximum amount of disk space in MB allowed per user website by default.";
};
};
};
};
};
config = mkIf cfg.enable {
users.users.${cfg.user} = {
isSystemUser = true;
group = cfg.group;
};
users.groups.${cfg.group} = {
members = [
"nginx"
"postgres"
];
};
systemd.tmpfiles.rules = [
"d /var/www 0755 root root -"
"d /var/www/archtika-websites 0770 ${cfg.user} ${cfg.group} -"
];
systemd.services.archtika-api = {
description = "archtika API service";
wantedBy = [ "multi-user.target" ];
after = [
"network.target"
"postgresql.service"
];
serviceConfig = baseHardenedSystemdOptions // {
User = cfg.user;
Group = cfg.group;
Restart = "always";
WorkingDirectory = "${cfg.package}/rest-api";
RestrictAddressFamilies = [
"AF_INET"
"AF_INET6"
"AF_UNIX"
];
};
script = ''
JWT_SECRET=$(tr -dc 'A-Za-z0-9' < /dev/urandom | head -c64)
${pkgs.postgresql_16}/bin/psql postgres://postgres@localhost:5432/${cfg.databaseName} -c "ALTER DATABASE ${cfg.databaseName} SET \"app.jwt_secret\" TO '$JWT_SECRET'"
${pkgs.postgresql_16}/bin/psql postgres://postgres@localhost:5432/${cfg.databaseName} -c "ALTER DATABASE ${cfg.databaseName} SET \"app.website_max_storage_size\" TO ${toString cfg.settings.maxWebsiteStorageSize}"
${pkgs.postgresql_16}/bin/psql postgres://postgres@localhost:5432/${cfg.databaseName} -c "ALTER DATABASE ${cfg.databaseName} SET \"app.website_max_number_user\" TO ${toString cfg.settings.maxUserWebsites}"
${pkgs.dbmate}/bin/dbmate --url postgres://postgres@localhost:5432/archtika?sslmode=disable --migrations-dir ${cfg.package}/rest-api/db/migrations up
PGRST_SERVER_CORS_ALLOWED_ORIGINS="https://${cfg.domain}" PGRST_ADMIN_SERVER_PORT=${toString cfg.apiAdminPort} PGRST_SERVER_PORT=${toString cfg.apiPort} PGRST_DB_SCHEMAS="api" PGRST_DB_ANON_ROLE="anon" PGRST_OPENAPI_MODE="ignore-privileges" PGRST_DB_URI="postgres://authenticator@localhost:5432/${cfg.databaseName}" PGRST_JWT_SECRET="$JWT_SECRET" ${pkgs.postgrest}/bin/postgrest
'';
};
systemd.services.archtika-web = {
description = "archtika Web App service";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
serviceConfig = baseHardenedSystemdOptions // {
User = cfg.user;
Group = cfg.group;
Restart = "always";
WorkingDirectory = "${cfg.package}/web-app";
RestrictAddressFamilies = [
"AF_INET"
"AF_INET6"
];
};
script = ''
REGISTRATION_IS_DISABLED=${toString cfg.settings.disableRegistration} BODY_SIZE_LIMIT=10M ORIGIN=https://${cfg.domain} PORT=${toString cfg.webAppPort} ${pkgs.nodejs_22}/bin/node ${cfg.package}/web-app
'';
};
services.postgresql = {
enable = true;
package = pkgs.postgresql_16;
ensureDatabases = [ cfg.databaseName ];
authentication = lib.mkForce ''
# IPv4 local connections:
host all all 127.0.0.1/32 trust
# IPv6 local connections:
host all all ::1/128 trust
# Local socket connections:
local all all trust
'';
extraPlugins = with pkgs.postgresql16Packages; [ pgjwt ];
};
systemd.services.postgresql = {
path = with pkgs; [
# Tar and gzip are needed for tar.gz exports
gnutar
gzip
];
};
services.nginx = {
enable = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
recommendedZstdSettings = true;
recommendedOptimisation = true;
appendHttpConfig = ''
limit_req_zone $binary_remote_addr zone=requestLimit:10m rate=5r/s;
limit_req_status 429;
limit_req zone=requestLimit burst=20 nodelay;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
add_header Permissions-Policy "accelerometer=(),autoplay=(),camera=(),cross-origin-isolated=(),display-capture=(),encrypted-media=(),fullscreen=(self),geolocation=(),gyroscope=(),keyboard-map=(),magnetometer=(),microphone=(),midi=(),payment=(),picture-in-picture=(self),publickey-credentials-get=(),screen-wake-lock=(),sync-xhr=(self),usb=(),xr-spatial-tracking=(),clipboard-read=(self),clipboard-write=(self),gamepad=(),hid=(),idle-detection=(),interest-cohort=(),serial=(),unload=()" always;
map $http_cookie $auth_header {
default "";
"~*session_token=([^;]+)" "Bearer $1";
}
'';
virtualHosts = {
"${cfg.domain}" = {
useACMEHost = cfg.domain;
forceSSL = true;
locations = {
"/" = {
proxyPass = "http://localhost:${toString cfg.webAppPort}";
};
"/previews/" = {
alias = "/var/www/archtika-websites/previews/";
index = "index.html";
tryFiles = "$uri $uri/ $uri.html =404";
};
"/api/rpc/export_articles_zip" = {
proxyPass = "http://localhost:${toString cfg.apiPort}/rpc/export_articles_zip";
extraConfig = ''
default_type application/json;
proxy_set_header Authorization $auth_header;
'';
};
"/api/" = {
proxyPass = "http://localhost:${toString cfg.apiPort}/";
extraConfig = ''
default_type application/json;
'';
};
"/api/rpc/register" = mkIf cfg.settings.disableRegistration {
extraConfig = ''
deny all;
'';
};
};
};
"~^(?<subdomain>.+)\\.${cfg.domain}$" = {
useACMEHost = cfg.domain;
forceSSL = true;
locations = {
"/" = {
root = "/var/www/archtika-websites/$subdomain";
index = "index.html";
tryFiles = "$uri $uri/ $uri.html =404";
};
};
};
};
};
security.acme = {
acceptTerms = true;
defaults.email = cfg.acmeEmail;
certs."${cfg.domain}" = {
domain = cfg.domain;
extraDomainNames = [ "*.${cfg.domain}" ];
dnsProvider = cfg.dnsProvider;
environmentFile = cfg.dnsEnvironmentFile;
group = config.services.nginx.group;
};
};
};
}

12
nix/package.nix
View File

@@ -10,8 +10,7 @@ let
web = buildNpmPackage {
name = "web-app";
src = ../web-app;
npmDeps = importNpmLock { npmRoot = ../web-app; };
npmConfigHook = importNpmLock.npmConfigHook;
npmDepsHash = "sha256-ab7MJ5vl6XNaAHTyzRxj/Zpk1nEKQLzGmPGJdDrdemg=";
npmFlags = [ "--legacy-peer-deps" ];
installPhase = ''
mkdir -p $out/web-app
@@ -34,18 +33,9 @@ in
symlinkJoin {
name = "archtika";
pname = "archtika";
version = "1.0.0";
paths = [
web
api
];
meta = with lib; {
description = "A modern, performant and lightweight CMS";
homepage = "https://archtika.com";
license = licenses.mit;
maintainers = with maintainers; [ thiloho ];
platforms = platforms.unix;
};
}

38
rest-api/db/migrations/20240719071602_main_tables.sql
View File

@@ -157,41 +157,3 @@ CREATE TABLE internal.collab (
);
-- migrate:down
DROP TABLE internal.collab;
DROP TABLE internal.footer;
DROP TABLE internal.article;
DROP TABLE internal.docs_category;
DROP TABLE internal.home;
DROP TABLE internal.header;
DROP TABLE internal.settings;
DROP TABLE internal.media;
DROP TABLE internal.website;
DROP TABLE internal.user;
DROP SCHEMA api;
DROP FUNCTION internal.generate_slug;
DROP SCHEMA internal;
DROP ROLE anon;
DROP ROLE authenticated_user;
DROP ROLE administrator;
DROP ROLE authenticator;
ALTER DEFAULT PRIVILEGES GRANT EXECUTE ON FUNCTIONS TO PUBLIC;
DROP EXTENSION unaccent;

4
rest-api/db/migrations/20240720073454_automatic_schema_cache_reloading.sql
View File

@@ -13,7 +13,3 @@ CREATE EVENT TRIGGER pgrst_watch ON ddl_command_end
EXECUTE FUNCTION internal.pgrst_watch ();
-- migrate:down
DROP EVENT TRIGGER pgrst_watch;
DROP FUNCTION internal.pgrst_watch;

20
rest-api/db/migrations/20240720074103_user_management_roles_jwt.sql
View File

@@ -170,23 +170,3 @@ GRANT EXECUTE ON FUNCTION api.login TO anon;
GRANT EXECUTE ON FUNCTION api.delete_account TO authenticated_user;
-- migrate:down
DROP TRIGGER encrypt_pass ON internal.user;
DROP TRIGGER ensure_user_role_exists ON internal.user;
DROP FUNCTION api.register;
DROP FUNCTION api.login;
DROP FUNCTION api.delete_account;
DROP FUNCTION internal.user_role;
DROP FUNCTION internal.encrypt_pass;
DROP FUNCTION internal.check_role_exists;
DROP EXTENSION pgjwt;
DROP EXTENSION pgcrypto;

22
rest-api/db/migrations/20240720132802_exposed_views_functions.sql
View File

@@ -163,25 +163,3 @@ GRANT SELECT, INSERT (website_id, user_id, permission_level), UPDATE (permission
GRANT SELECT, INSERT, UPDATE, DELETE ON api.collab TO authenticated_user;
-- migrate:down
DROP FUNCTION api.create_website;
DROP VIEW api.collab;
DROP VIEW api.footer;
DROP VIEW api.home;
DROP VIEW api.docs_category;
DROP VIEW api.article;
DROP VIEW api.header;
DROP VIEW api.settings;
DROP VIEW api.website;
DROP VIEW api.user;
DROP VIEW api.account;

74
rest-api/db/migrations/20240724191017_row_level_security.sql
View File

@@ -170,77 +170,3 @@ CREATE POLICY delete_collaborations ON internal.collab
USING (internal.user_has_website_access (website_id, 30, collaborator_permission_level => permission_level, collaborator_user_id => user_id));
-- migrate:down
DROP POLICY view_user ON internal.user;
DROP POLICY update_user ON internal.user;
DROP POLICY delete_user ON internal.user;
DROP POLICY view_websites ON internal.website;
DROP POLICY delete_website ON internal.website;
DROP POLICY update_website ON internal.website;
DROP POLICY view_settings ON internal.settings;
DROP POLICY update_settings ON internal.settings;
DROP POLICY view_header ON internal.header;
DROP POLICY update_header ON internal.header;
DROP POLICY view_home ON internal.home;
DROP POLICY update_home ON internal.home;
DROP POLICY view_articles ON internal.article;
DROP POLICY update_article ON internal.article;
DROP POLICY delete_article ON internal.article;
DROP POLICY insert_article ON internal.article;
DROP POLICY view_categories ON internal.docs_category;
DROP POLICY update_category ON internal.docs_category;
DROP POLICY delete_category ON internal.docs_category;
DROP POLICY insert_category ON internal.docs_category;
DROP POLICY view_footer ON internal.footer;
DROP POLICY update_footer ON internal.footer;
DROP POLICY view_collaborations ON internal.collab;
DROP POLICY insert_collaborations ON internal.collab;
DROP POLICY update_collaborations ON internal.collab;
DROP POLICY delete_collaborations ON internal.collab;
DROP FUNCTION internal.user_has_website_access;
ALTER TABLE internal.user DISABLE ROW LEVEL SECURITY;
ALTER TABLE internal.website DISABLE ROW LEVEL SECURITY;
ALTER TABLE internal.media DISABLE ROW LEVEL SECURITY;
ALTER TABLE internal.settings DISABLE ROW LEVEL SECURITY;
ALTER TABLE internal.header DISABLE ROW LEVEL SECURITY;
ALTER TABLE internal.home DISABLE ROW LEVEL SECURITY;
ALTER TABLE internal.article DISABLE ROW LEVEL SECURITY;
ALTER TABLE internal.docs_category DISABLE ROW LEVEL SECURITY;
ALTER TABLE internal.footer DISABLE ROW LEVEL SECURITY;
ALTER TABLE internal.collab DISABLE ROW LEVEL SECURITY;

18
rest-api/db/migrations/20240805132306_last_modified_triggers.sql
View File

@@ -74,21 +74,3 @@ CREATE TRIGGER update_collab_last_modified
EXECUTE FUNCTION internal.update_last_modified ();
-- migrate:down
DROP TRIGGER update_website_last_modified ON internal.website;
DROP TRIGGER update_settings_last_modified ON internal.settings;
DROP TRIGGER update_header_last_modified ON internal.header;
DROP TRIGGER update_home_last_modified ON internal.home;
DROP TRIGGER update_article_last_modified ON internal.article;
DROP TRIGGER update_docs_category_modified ON internal.docs_category;
DROP TRIGGER update_footer_last_modified ON internal.footer;
DROP TRIGGER update_collab_last_modified ON internal.collab;
DROP FUNCTION internal.update_last_modified;

4
rest-api/db/migrations/20240808141708_collaborator_not_owner.sql
View File

@@ -24,7 +24,3 @@ CREATE CONSTRAINT TRIGGER check_user_not_website_owner
EXECUTE FUNCTION internal.check_user_not_website_owner ();
-- migrate:down
DROP TRIGGER check_user_not_website_owner ON internal.collab;
DROP FUNCTION internal.check_user_not_website_owner;

6
rest-api/db/migrations/20240810115846_image_upload_function.sql
View File

@@ -95,9 +95,3 @@ GRANT EXECUTE ON FUNCTION api.retrieve_file TO anon;
GRANT EXECUTE ON FUNCTION api.retrieve_file TO authenticated_user;
-- migrate:down
DROP FUNCTION api.upload_file;
DROP FUNCTION api.retrieve_file;
DROP DOMAIN "*/*";

26
rest-api/db/migrations/20240911070907_change_log.sql
View File

@@ -133,29 +133,3 @@ CREATE TRIGGER track_changes_collab
EXECUTE FUNCTION internal.track_changes ();
-- migrate:down
DROP TRIGGER track_changes_website ON internal.website;
DROP TRIGGER track_changes_media ON internal.media;
DROP TRIGGER track_changes_settings ON internal.settings;
DROP TRIGGER track_changes_header ON internal.header;
DROP TRIGGER track_changes_home ON internal.home;
DROP TRIGGER track_changes_article ON internal.article;
DROP TRIGGER track_changes_docs_category ON internal.docs_category;
DROP TRIGGER track_changes_footer ON internal.footer;
DROP TRIGGER track_changes_collab ON internal.collab;
DROP FUNCTION internal.track_changes;
DROP VIEW api.change_log;
DROP TABLE internal.change_log;
DROP EXTENSION hstore;

26
rest-api/db/migrations/20241006165029_administrator.sql
View File

@@ -141,29 +141,3 @@ GRANT UPDATE, DELETE ON internal.user TO administrator;
GRANT UPDATE, DELETE ON api.user TO administrator;
-- migrate:down
DROP FUNCTION api.user_websites_storage_size;
DROP TRIGGER _prevent_storage_excess_article ON internal.article;
DROP TRIGGER _prevent_storage_excess_collab ON internal.collab;
DROP TRIGGER _prevent_storage_excess_docs_category ON internal.docs_category;
DROP TRIGGER _prevent_storage_excess_footer ON internal.footer;
DROP TRIGGER _prevent_storage_excess_header ON internal.header;
DROP TRIGGER _prevent_storage_excess_home ON internal.home;
DROP TRIGGER _prevent_storage_excess_media ON internal.media;
DROP TRIGGER _prevent_storage_excess_settings ON internal.settings;
DROP FUNCTION internal.prevent_website_storage_size_excess;
REVOKE UPDATE (max_storage_size) ON internal.website FROM administrator;
REVOKE UPDATE, DELETE ON internal.user FROM administrator;
REVOKE UPDATE, DELETE ON api.user FROM administrator;

6
rest-api/db/migrations/20241011092744_filesystem_triggers.sql
View File

@@ -56,9 +56,3 @@ CREATE TRIGGER _cleanup_filesystem_article
EXECUTE FUNCTION internal.cleanup_filesystem ();
-- migrate:down
DROP TRIGGER _cleanup_filesystem_website ON internal.website;
DROP TRIGGER _cleanup_filesystem_article ON internal.article;
DROP FUNCTION internal.cleanup_filesystem;

2
rest-api/db/migrations/20241029160539_export_articles.sql
View File

@@ -39,5 +39,3 @@ SECURITY DEFINER;
GRANT EXECUTE ON FUNCTION api.export_articles_zip TO authenticated_user;
-- migrate:down
DROP FUNCTION api.export_articles_zip;

3
rest-api/db/migrations/20241206191942_username_blocklist.sql
View File

@@ -3,6 +3,3 @@ ALTER TABLE internal.user
ADD CONSTRAINT username_not_blocked CHECK (LOWER(username) NOT IN ('admin', 'administrator', 'api', 'auth', 'blog', 'cdn', 'docs', 'help', 'login', 'logout', 'profile', 'register', 'settings', 'setup', 'signin', 'signup', 'support', 'test', 'www'));
-- migrate:down
ALTER TABLE internal.user
DROP CONSTRAINT username_not_blocked;

8
rest-api/db/migrations/20250323134405_username_blocklist.sql Normal file
View File

@@ -0,0 +1,8 @@
-- migrate:up
ALTER TABLE internal.user
DROP CONSTRAINT username_not_blocked;
ALTER TABLE internal.user
ADD CONSTRAINT username_not_blocked CHECK (LOWER(username) NOT IN ('admin', 'administrator', 'api', 'auth', 'blog', 'cdn', 'docs', 'help', 'login', 'logout', 'profile', 'preview', 'previews', 'register', 'settings', 'setup', 'signin', 'signup', 'support', 'test', 'www'));
-- migrate:down

88
rest-api/db/migrations/20250410150518_filesystem_triggers.sql Normal file
View File

@@ -0,0 +1,88 @@
-- migrate:up
DROP TRIGGER _cleanup_filesystem_website ON internal.website;
DROP TRIGGER _cleanup_filesystem_article ON internal.article;
DROP FUNCTION internal.cleanup_filesystem;
CREATE FUNCTION internal.cleanup_filesystem ()
RETURNS TRIGGER
AS $$
DECLARE
_website_id UUID;
_website_user_id UUID;
_website_slug TEXT;
_username TEXT;
_base_path CONSTANT TEXT := '/var/www/archtika-websites';
_preview_path TEXT;
_prod_path TEXT;
_article_slug TEXT;
BEGIN
IF TG_TABLE_NAME = 'website' THEN
_website_id := OLD.id;
_website_user_id = OLD.user_id;
_website_slug := OLD.slug;
ELSE
_website_id := OLD.website_id;
END IF;
SELECT
u.username INTO _username
FROM
internal.user AS u
WHERE
u.id = _website_user_id;
_preview_path := _base_path || '/previews/' || _website_id;
IF TG_TABLE_NAME = 'website' THEN
EXECUTE FORMAT('COPY (SELECT 1) TO PROGRAM ''rm -rf %s''', _preview_path);
IF _username IS NOT NULL THEN
_prod_path := _base_path || '/' || _username || '/' || _website_slug;
EXECUTE FORMAT('COPY (SELECT 1) TO PROGRAM ''rm -rf %s''', _prod_path);
END IF;
ELSIF TG_TABLE_NAME = 'article' THEN
SELECT
a.slug INTO _article_slug
FROM
internal.article AS a
WHERE
a.id = OLD.id;
EXECUTE FORMAT('COPY (SELECT 1) TO PROGRAM ''rm -f %s/articles/%s.html''', _preview_path, _article_slug);
END IF;
RETURN COALESCE(NEW, OLD);
END;
$$
LANGUAGE plpgsql
SECURITY DEFINER;
CREATE FUNCTION internal.cleanup_user_directory ()
RETURNS TRIGGER
AS $$
DECLARE
_username TEXT;
_base_path CONSTANT TEXT := '/var/www/archtika-websites';
_user_path TEXT;
BEGIN
_username := OLD.username;
_user_path := _base_path || '/' || _username;
EXECUTE FORMAT('COPY (SELECT 1) TO PROGRAM ''rm -rf %s''', _user_path);
RETURN OLD;
END;
$$
LANGUAGE plpgsql
SECURITY DEFINER;
CREATE TRIGGER _cleanup_filesystem_website
BEFORE UPDATE OF title OR DELETE ON internal.website
FOR EACH ROW
EXECUTE FUNCTION internal.cleanup_filesystem ();
CREATE TRIGGER _cleanup_filesystem_article
BEFORE UPDATE OF title OR DELETE ON internal.article
FOR EACH ROW
EXECUTE FUNCTION internal.cleanup_filesystem ();
CREATE TRIGGER _cleanup_user_directory
BEFORE DELETE ON internal.user
FOR EACH ROW
EXECUTE FUNCTION internal.cleanup_user_directory ();
-- migrate:down

2363
web-app/package-lock.json generated
View File

File diff suppressed because it is too large Load Diff

50
web-app/package.json
View File

@@ -11,38 +11,38 @@
"check:watch": "svelte-kit sync && svelte-check --tsconfig ./tsconfig.json --watch",
"lint": "prettier --check . && eslint .",
"format": "prettier --write .",
"gents": "pg-to-ts generate -c postgres://postgres@localhost:15432/archtika -o src/lib/db-schema.ts -s internal --datesAsStrings"
"gents": "pg-to-ts generate -c postgres://postgres@127.0.0.1:15432/archtika -o src/lib/db-schema.ts -s internal --datesAsStrings"
},
"devDependencies": {
"@playwright/test": "1.47.0",
"@sveltejs/adapter-auto": "3.2.5",
"@sveltejs/adapter-node": "5.2.3",
"@sveltejs/kit": "2.5.28",
"@sveltejs/vite-plugin-svelte": "4.0.0-next.6",
"@types/diff-match-patch": "1.0.36",
"@playwright/test": "1.50.1",
"@sveltejs/adapter-auto": "5.0.0",
"@sveltejs/adapter-node": "5.2.12",
"@sveltejs/kit": "2.20.2",
"@sveltejs/vite-plugin-svelte": "5.0.3",
"@types/diff": "7.0.2",
"@types/eslint": "9.6.1",
"@types/eslint__js": "8.42.3",
"@types/eslint__js": "9.14.0",
"@types/eslint-config-prettier": "6.11.3",
"@types/node": "22.5.5",
"eslint": "9.15.0",
"eslint-config-prettier": "9.1.0",
"eslint-plugin-svelte": "2.44.0",
"globals": "15.9.0",
"@types/node": "22.13.11",
"eslint": "9.23.0",
"eslint-config-prettier": "10.1.1",
"eslint-plugin-svelte": "3.3.3",
"globals": "16.0.0",
"pg-to-ts": "4.1.1",
"prettier": "3.3.3",
"prettier-plugin-svelte": "3.2.6",
"svelte": "5.0.0-next.253",
"svelte-check": "4.0.2",
"typescript": "5.6.2",
"typescript-eslint": "8.6.0",
"vite": "5.4.6"
"prettier": "3.5.3",
"prettier-plugin-svelte": "3.3.3",
"svelte": "5.25.3",
"svelte-check": "4.1.5",
"typescript": "5.8.2",
"typescript-eslint": "8.27.0",
"vite": "6.2.5"
},
"dependencies": {
"diff-match-patch": "1.0.5",
"highlight.js": "11.10.0",
"isomorphic-dompurify": "2.15.0",
"marked": "14.1.2",
"marked-highlight": "2.1.4"
"diff": "7.0.0",
"highlight.js": "11.11.1",
"isomorphic-dompurify": "2.22.0",
"marked": "15.0.7",
"marked-highlight": "2.2.1"
},
"overrides": {
"cookie": "0.7.0"

2
web-app/src/lib/components/Pagination.svelte
View File

@@ -8,7 +8,7 @@
<div class="pagination">
{#snippet commonFilterInputs()}
{#each commonFilters as filter}
{#each commonFilters as filter (filter)}
<input type="hidden" name={filter} value={$page.url.searchParams.get(filter)} />
{/each}
{/snippet}

10
web-app/src/lib/components/WebsiteEditor.svelte
View File

@@ -3,6 +3,7 @@
import { md } from "$lib/utils";
import { page } from "$app/stores";
import { previewContent, textareaScrollTop } from "$lib/runes.svelte";
import { browser } from "$app/environment";
const {
id,
@@ -38,7 +39,7 @@
<nav class="operations__nav">
<ul class="unpadded">
{#each tabs.filter((tab) => (tab !== "categories" && contentType === "Blog") || contentType === "Docs") as tab}
{#each tabs.filter((tab) => (tab !== "categories" && contentType === "Blog") || contentType === "Docs") as tab (tab)}
<li>
<a
href="/website/{id}{tab === 'settings' ? '' : `/${tab}`}"
@@ -57,14 +58,14 @@
<div class="preview" bind:this={previewElement}>
{#if fullPreview}
{#if !iframeLoaded}
{#if !iframeLoaded && browser}
<p>Loading preview...</p>
{/if}
<iframe
src={previewContent.value}
title="Preview"
onload={() => (iframeLoaded = true)}
style:display={iframeLoaded ? "block" : "none"}
style:display={!browser || iframeLoaded ? "block" : "none"}
></iframe>
{:else}
{@html md(
@@ -131,6 +132,9 @@
.operations {
padding-block-start: var(--space-s);
resize: horizontal;
min-inline-size: 100%;
max-inline-size: calc(1536px - 320px);
}
.preview {

2
web-app/src/lib/db-schema.ts
View File

@@ -5,7 +5,7 @@
* AUTO-GENERATED FILE - DO NOT EDIT!
*
* This file was automatically generated by pg-to-ts v.4.1.1
* $ pg-to-ts generate -c postgres://username:password@localhost:15432/archtika -t article -t change_log -t collab -t docs_category -t footer -t header -t home -t media -t settings -t user -t website -s internal
* $ pg-to-ts generate -c postgres://username:password@127.0.0.1:15432/archtika -t article -t change_log -t collab -t docs_category -t footer -t header -t home -t media -t settings -t user -t website -s internal
*
*/

5
web-app/src/lib/server/utils.ts
View File

@@ -1,8 +1,8 @@
import { dev } from "$app/environment";
export const API_BASE_PREFIX = dev
? "http://localhost:3000"
: `${process.env.ORIGIN ? `${process.env.ORIGIN}/api` : "http://localhost:3000"}`;
? "http://127.0.0.1:3000"
: `${process.env.ORIGIN ? `${process.env.ORIGIN}/api` : "http://127.0.0.1:3000"}`;
export const REGISTRATION_IS_DISABLED = dev
? false
@@ -16,6 +16,7 @@ export const apiRequest = async (
method: "HEAD" | "GET" | "POST" | "PATCH" | "DELETE",
options: {
headers?: Record<string, string>;
// eslint-disable-next-line @typescript-eslint/no-explicit-any
body?: any;
successMessage?: string;
returnData?: boolean;

12
web-app/src/lib/templates/Index.svelte
View File

@@ -54,18 +54,18 @@
</h2>
<ul class="unpadded">
{#each sortedArticles as article}
{#each sortedArticles as { id, publication_date, slug, title, meta_description } (id)}
<li>
{#if article.publication_date}
<p>{article.publication_date}</p>
{#if publication_date}
<p>{publication_date}</p>
{/if}
<p>
<strong>
<a href="./articles/{article.slug}">{article.title}</a>
<a href="./articles/{slug}">{title}</a>
</strong>
</p>
{#if article.meta_description}
<p>{article.meta_description}</p>
{#if meta_description}
<p>{meta_description}</p>
{/if}
</li>
{/each}

7
web-app/src/lib/templates/Nav.svelte
View File

@@ -55,11 +55,11 @@
<section id="docs-navigation" class="docs-navigation">
<ul>
{#each Object.keys(categorizedArticles) as key}
{#each Object.keys(categorizedArticles) as key (key)}
<li>
<strong>{key}</strong>
<ul>
{#each categorizedArticles[key] as { title, slug }}
{#each categorizedArticles[key] as { title, slug } (slug)}
<li>
<a href="{isIndexPage ? './articles' : '.'}/{slug}">{title}</a>
</li>
@@ -75,9 +75,8 @@
<strong>{websiteOverview.header.logo_text}</strong>
{:else}
<img
class="top-nav-logo"
src="{apiUrl}/rpc/retrieve_file?id={websiteOverview.header.logo_image}"
width="32"
height="32"
alt=""
/>
{/if}

13
web-app/src/lib/utils.ts
View File

@@ -1,5 +1,5 @@
import { Marked } from "marked";
import type { Renderer, Token } from "marked";
import { Marked, Renderer } from "marked";
import type { Token } from "marked";
import { markedHighlight } from "marked-highlight";
import hljs from "highlight.js";
import DOMPurify from "isomorphic-dompurify";
@@ -40,6 +40,7 @@ const slugify = (string: string) => {
const createMarkdownParser = (showToc = true) => {
const marked = new Marked();
const renderer = new Renderer();
marked.use({
async: false,
@@ -58,6 +59,14 @@ const createMarkdownParser = (showToc = true) => {
})
);
marked.use({
renderer: {
table(...args) {
return `<div class="scroll-container">${renderer.table.apply(this, args)}</div>`;
}
}
});
const gfmHeadingId = ({ prefix = "", showToc = true } = {}) => {
const headings: { text: string; level: number; id: string }[] = [];
const sectionStack: { level: number; id: string }[] = [];

2
web-app/src/routes/(authenticated)/account/+page.svelte
View File

@@ -39,7 +39,7 @@
<a href="#storage">Storage</a>
</h2>
<ul class="unpadded storage-grid">
{#each data.storageSizes.data as { website_title, storage_size_bytes, max_storage_bytes, max_storage_pretty, diff_storage_pretty }}
{#each data.storageSizes.data as { website_id, website_title, storage_size_bytes, max_storage_bytes, max_storage_pretty, diff_storage_pretty } (website_id)}
<li>
<strong>{website_title}</strong>
<label>

26
web-app/src/routes/(authenticated)/website/[websiteId]/+page.server.ts
View File

@@ -72,6 +72,19 @@ export const actions: Actions = {
}
);
},
removeFavicon: async ({ fetch, params }) => {
return await apiRequest(
fetch,
`${API_BASE_PREFIX}/settings?website_id=eq.${params.websiteId}`,
"PATCH",
{
body: {
favicon_image: null
},
successMessage: "Successfully removed favicon"
}
);
},
updateHeader: async ({ request, fetch, params }) => {
const data = await request.formData();
const logoImage = data.get("logo-image") as File;
@@ -110,6 +123,19 @@ export const actions: Actions = {
}
);
},
removeLogoImage: async ({ fetch, params }) => {
return await apiRequest(
fetch,
`${API_BASE_PREFIX}/header?website_id=eq.${params.websiteId}`,
"PATCH",
{
body: {
logo_image: null
},
successMessage: "Successfully removed logo image"
}
);
},
updateHome: async ({ request, fetch, params }) => {
const data = await request.formData();

16
web-app/src/routes/(authenticated)/website/[websiteId]/+page.svelte
View File

@@ -91,6 +91,13 @@
src={`${data.API_BASE_PREFIX}/rpc/retrieve_file?id=${data.globalSettings.favicon_image}`}
alt=""
/>
<form
method="POST"
action="?/removeFavicon"
use:enhance={enhanceForm({ reset: false, closeModal: true })}
>
<button type="submit">Remove</button>
</form>
</Modal>
{/if}
</div>
@@ -129,7 +136,7 @@
</label>
<div class="file-field">
<label>
Logo image:
Logo image (height should be &lt;= 32px):
<input type="file" name="logo-image" accept={ALLOWED_MIME_TYPES.join(", ")} />
</label>
{#if data.header.logo_image}
@@ -138,6 +145,13 @@
src={`${data.API_BASE_PREFIX}/rpc/retrieve_file?id=${data.header.logo_image}`}
alt=""
/>
<form
method="POST"
action="?/removeLogoImage"
use:enhance={enhanceForm({ reset: false, closeModal: true })}
>
<button type="submit">Remove</button>
</form>
</Modal>
{/if}
</div>

13
web-app/src/routes/(authenticated)/website/[websiteId]/articles/[articleId]/+page.server.ts
View File

@@ -72,6 +72,19 @@ export const actions: Actions = {
}
);
},
removeCoverImage: async ({ fetch, params }) => {
return await apiRequest(
fetch,
`${API_BASE_PREFIX}/article?id=eq.${params.articleId}`,
"PATCH",
{
body: {
cover_image: null
},
successMessage: "Successfully removed cover image"
}
);
},
pasteImage: async ({ request, fetch, params }) => {
const data = await request.formData();
const file = data.get("file") as File;

9
web-app/src/routes/(authenticated)/website/[websiteId]/articles/[articleId]/+page.svelte
View File

@@ -48,7 +48,7 @@
<label>
Category:
<select name="category">
{#each data.categories as { id, category_name }}
{#each data.categories as { id, category_name } (id)}
<option value={id} selected={id === data.article.category}>{category_name}</option>
{/each}
</select>
@@ -107,6 +107,13 @@
src={`${data.API_BASE_PREFIX}/rpc/retrieve_file?id=${data.article.cover_image}`}
alt=""
/>
<form
method="POST"
action="?/removeCoverImage"
use:enhance={enhanceForm({ reset: false, closeModal: true })}
>
<button type="submit">Remove</button>
</form>
</Modal>
{/if}
</div>

30
web-app/src/routes/(authenticated)/website/[websiteId]/logs/+page.server.ts
View File

@@ -1,8 +1,8 @@
import type { PageServerLoad, Actions } from "./$types";
import { API_BASE_PREFIX, apiRequest } from "$lib/server/utils";
import type { ChangeLog, User, Collab } from "$lib/db-schema";
import DiffMatchPatch from "diff-match-patch";
import { PAGINATION_MAX_ITEMS } from "$lib/utils";
import * as Diff from "diff";
export const load: PageServerLoad = async ({ parent, fetch, params, url }) => {
const userFilter = url.searchParams.get("user");
@@ -76,21 +76,19 @@ export const actions: Actions = {
computeDiff: async ({ request, fetch }) => {
const data = await request.formData();
const dmp = new DiffMatchPatch();
const htmlDiff = (oldValue: string, newValue: string) => {
const diff = dmp.diff_main(oldValue, newValue);
dmp.diff_cleanupSemantic(diff);
const diff = Diff.diffWordsWithSpace(oldValue, newValue);
return diff
.map(([op, text]) => {
switch (op) {
case 1:
return `<ins>${text}</ins>`;
case -1:
return `<del>${text}</del>`;
default:
return text;
.map((part) => {
const escapedText = part.value.replace(/</g, "&lt;").replace(/>/g, "&gt;");
if (part.added) {
return `<ins>${escapedText}</ins>`;
} else if (part.removed) {
return `<del>${escapedText}</del>`;
} else {
return escapedText;
}
})
.join("");
@@ -111,8 +109,12 @@ export const actions: Actions = {
return {
logId: data.get("id"),
currentDiff: htmlDiff(
JSON.stringify(log.old_value, null, 2),
JSON.stringify(log.old_value, null, 2)
.replace(/\\r\\n|\\n|\\r/g, "\n")
.replace(/\\\"/g, '"'),
JSON.stringify(log.new_value, null, 2)
.replace(/\\r\\n|\\n|\\r/g, "\n")
.replace(/\\\"/g, '"')
)
};
}

12
web-app/src/routes/(authenticated)/website/[websiteId]/logs/+page.svelte
View File

@@ -63,7 +63,7 @@
/>
<datalist id="users-{data.website.id}">
<option value={data.website.user.username}></option>
{#each data.collaborators as { user: { username } }}
{#each data.collaborators as { user: { username } } (username)}
<option value={username}></option>
{/each}
</datalist>
@@ -72,7 +72,7 @@
Resource:
<select name="resource">
<option value="all">Show all</option>
{#each Object.keys(resources) as resource}
{#each Object.keys(resources) as resource (resource)}
<option
value={resource}
selected={resource === $page.url.searchParams.get("resource")}>{resource}</option
@@ -141,20 +141,18 @@
<button type="submit">Compute diff</button>
</form>
{#if form?.logId === id && form?.currentDiff}
<pre>{@html DOMPurify.sanitize(form.currentDiff, {
ALLOWED_TAGS: ["ins", "del"]
})}</pre>
<pre>{@html form.currentDiff}</pre>
{/if}
{/if}
{#if new_value && !old_value}
<h4>New value</h4>
<pre>{DOMPurify.sanitize(newValue)}</pre>
<pre>{newValue.replace(/\\\"/g, '"').replace(/\\r\\n|\\n|\\r/g, "\n")}</pre>
{/if}
{#if old_value && !new_value}
<h4>Old value</h4>
<pre>{DOMPurify.sanitize(oldValue)}</pre>
<pre>{oldValue.replace(/\\\"/g, '"').replace(/\\r\\n|\\n|\\r/g, "\n")}</pre>
{/if}
</Modal>
</td>

8
web-app/src/routes/(authenticated)/website/[websiteId]/publish/+page.server.ts
View File

@@ -98,17 +98,17 @@ const generateStaticFiles = async (
) => {
const websitePreviewUrl = `${
dev
? "http://localhost:18000"
? "http://127.0.0.1:18000"
: process.env.ORIGIN
? process.env.ORIGIN
: "http://localhost:18000"
: "http://127.0.0.1:18000"
}/previews/${websiteData.id}/`;
const websiteProdUrl = dev
? `http://localhost:18000/${websiteData.user.username}/${websiteData.slug}`
? `http://127.0.0.1:18000/${websiteData.user.username}/${websiteData.slug}`
: process.env.ORIGIN
? `${process.env.ORIGIN.replace("//", `//${websiteData.user.username}.`)}/${websiteData.slug}`
: `http://localhost:18000/${websiteData.user.username}/${websiteData.slug}`;
: `http://127.0.0.1:18000/${websiteData.user.username}/${websiteData.slug}`;
const fileContents = (head: string, body: string) => {
return `

1
web-app/template-styles/blog-styles.css
View File

@@ -33,7 +33,6 @@ header img {
object-position: center;
}
nav,
header,
main {
padding-block: var(--space-s);

1
web-app/template-styles/docs-styles.css
View File

@@ -26,7 +26,6 @@ header > .container {
gap: var(--space-s);
}
nav,
header,
main {
padding-block: var(--space-s);

8
web-app/tests/settings.spec.ts
View File

@@ -50,9 +50,9 @@ test.describe("Website owner", () => {
await page.getByLabel("Logo text:").click();
await page.getByLabel("Logo text:").press("ControlOrMeta+a");
await page.getByLabel("Logo text:").fill("Logo text");
await page.getByLabel("Logo image:").click();
await page.getByLabel(/Logo image/).click();
await page
.getByLabel("Logo image")
.getByLabel(/Logo image/)
.setInputFiles(join(__dirname, "sample-files", "archtika-logo-512x512.png"));
await page.getByRole("button", { name: "Update header" }).click();
await expect(page.getByText("Successfully updated header")).toBeVisible();
@@ -122,9 +122,9 @@ for (const permissionLevel of permissionLevels) {
await page.getByLabel("Logo text:").click();
await page.getByLabel("Logo text:").press("ControlOrMeta+a");
await page.getByLabel("Logo text:").fill("Logo text");
await page.getByLabel("Logo image:").click();
await page.getByLabel(/Logo image/).click();
await page
.getByLabel("Logo image")
.getByLabel(/Logo image/)
.setInputFiles(join(__dirname, "sample-files", "archtika-logo-512x512.png"));
await page
.getByRole("button", { name: "Update header" })

2
website/index.html
View File

@@ -17,7 +17,7 @@
<p class="mt-2 text-xl text-neutral-700 sm:text-2xl">FLOSS, modern, performant, lightweight and self&#8209;hosted CMS</p>
<div class="mt-8 flex flex-wrap gap-6 sm:justify-end">
<a href="https://github.com/archtika/archtika" class="text-neutral-900 rounded-full bg-neutral-200 px-4 py-2 outline outline-1 outline-offset-4 outline-neutral-300 hover:bg-neutral-300 hover:underline focus:outline-2 focus:outline-neutral-900">GitHub</a>
<a href="https://archtika.demo.archtika.com/archtika-documentation" class="text-neutral-900 rounded-full bg-neutral-200 px-4 py-2 outline outline-1 outline-offset-4 outline-neutral-300 hover:bg-neutral-300 hover:underline focus:outline-2 focus:outline-neutral-900">Documentation</a>
<a href="https://docs.archtika.com" class="text-neutral-900 rounded-full bg-neutral-200 px-4 py-2 outline outline-1 outline-offset-4 outline-neutral-300 hover:bg-neutral-300 hover:underline focus:outline-2 focus:outline-neutral-900">Documentation</a>
</div>
</div>
</body>