tldr; nothing works

eod commit
added jwt, sqlite, build sh
2025-11-28 12:31:12 +01:00 · 2025-11-27 22:11:13 +01:00 · 2025-11-27 20:45:50 +01:00 · 2025-11-27 17:31:00 +01:00 · 2025-11-26 19:51:26 +01:00 · 2025-11-26 13:24:52 +00:00
23 changed files with 783 additions and 98 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -15,6 +15,8 @@ main
 *.out
 *.zst
 *.gzip
+*.env
+*.db

 bin/

--- a/app/Dockerfile
+++ b/app/Dockerfile
@@ -0,0 +1,33 @@
+FROM ghcr.io/prantlf/vlang:latest AS builder
+WORKDIR ./src/
+
+COPY . .
+RUN mkdir -p ./src/../../build/
+
+# Build release binary. Output to /src/bin/cdn_app
+# If your main file is main.v in the root of the context, this will work.
+RUN v -prod -o ./src/../../build/ ./main.v
+
+# Stage 2: runtime
+FROM debian:bookworm-slim AS runtime
+WORKDIR /app
+
+# create non-root user (good practice)
+RUN useradd -m appuser
+
+# copy binary from builder
+COPY --from=builder /src/bin/cdn_app /app/cdn_app
+
+# copy templates/assets if your binary loads embedded files at runtime or expects files on disk
+# (If you use V's $embed_file at compile time then templates are already embedded and this is optional)
+COPY template/ /app/template/
+COPY util/ /app/util/
+COPY database/ /app/database/
+
+RUN chown -R appuser:appuser /app
+USER appuser
+
+# expose container ports your app might use (adjust if you use different ports)
+EXPOSE 8080 6767
+
+ENTRYPOINT ["/app/cdn_app"]
--- a/app/build
+++ b/app/build
@@ -0,0 +1,6 @@
+#!/bin/bash
+
+cd src
+v install fleximus.argon2
+v install thomaspeissl.dotenv
+v -prod -cflags "-static" -os linux -o ../../build/app/cdn .
--- a/app/src/assets/style/style.css.zst
+++ b/app/src/assets/style/style.css.zst
--- a/app/src/cryptography/crypto.v
+++ b/app/src/cryptography/crypto.v
@@ -0,0 +1,14 @@
+module cryptography
+
+import rand
+import fleximus.argon2
+
+pub fn hash_password(password string) !string {
+	salt := rand.bytes(16) or { return error('failed to generate salt: ${err}') }
+	hash := argon2.hash(password.bytes(), salt) or { return error('argon2 hash failed: ${err}') }
+	return hash
+}
+
+pub fn hash_verify(password string, hash string) !bool {
+	return argon2.verify(hash, password.bytes()) or { return error('argon2 verify failed: ${err}') }
+}
--- a/app/src/database/db.v
+++ b/app/src/database/db.v
@@ -1,16 +1,49 @@
 module database

-import fleximus.argon2
-import rand
+import os
+import orm
+import util
+import db.sqlite

-pub struct Crypto {}
-
-pub fn Crypto.hash_password(password string) !string {
-	salt := rand.bytes(16) or { return error('failed to generate salt: ${err}') }
-	hash := argon2.hash(password.bytes(), salt) or { return error('argon2 hash failed: ${err}') }
-	return hash
+pub struct Database {
+	cfg util.Config
 }

-pub fn Crypto.hash_verify(password string, hash string) !bool {
-	return argon2.verify(hash, password.bytes()) or { return error('argon2 verify failed: ${err}') }
+pub fn get_dummy_exclusion_list(exe string, root string) []string {
+	return [
+		exe,
+		util.Utility.normalize_path(os.join_path(root, 'update.sh')),
+	]
+}
+
+fn (db &Database) get_connection() !sqlite.DB {
+	conn := sqlite.connect(db.cfg.database)!
+
+	if db.cfg.debug {
+		conn.synchronization_mode(.off)!
+		conn.journal_mode(.memory)!
+	}
+
+	sql conn {
+		create table User
+		create table Files
+		create table Logins
+	}!
+
+	return conn
+}
+
+pub fn get_database(cfg util.Config) !&Database {
+	return &Database{
+		cfg: cfg
+	}
+}
+
+pub fn (mut db Database) query[T](statement orm.QueryBuilder[T]) ![]T {
+	return statement.query()!
+}
+
+pub fn (db Database) get_query_builder[T]() &orm.QueryBuilder[T] {
+	conn := db.get_connection() or { panic(err) }
+	return orm.new_query[T](conn)
 }
--- a/app/src/database/files.v
+++ b/app/src/database/files.v
@@ -0,0 +1,8 @@
+module database
+
+@[table: 'files']
+pub struct Files {
+	id      int    @[primary; serial]
+	path    string @[nonnull; unique]
+	visible bool   @[default: false; nonnull]
+}
--- a/app/src/database/logins.v
+++ b/app/src/database/logins.v
@@ -0,0 +1,46 @@
+module database
+
+import time
+
+@[table: 'login_attempts']
+pub struct Logins {
+mut:
+	ip           string    @[primary]
+	attempts     int       @[nonnull]
+	attempt_time time.Time @[nonnull]
+}
+
+pub fn Logins.by_ip(ip string, mut database_ Database) ?Logins {
+	query := database_.get_query_builder[Logins]().where('ip = ?', ip) or { return none }
+	result := database_.query[Logins](query) or { return none }
+
+	return result.first()
+}
+
+pub fn Logins.create_or_update(ip string, mut database_ Database) ?Logins {
+	mut login := Logins{
+		ip:           ip
+		attempts:     1
+		attempt_time: time.now()
+	}
+
+	if existing := Logins.by_ip(ip, mut database_) {
+		login.attempts = existing.attempts + 1
+		login.attempt_time = time.now()
+
+		db := database_.get_connection() or { panic(err) }
+
+		sql db {
+			update Logins set attempts = login.attempts, attempt_time = login.attempt_time
+			where ip == ip
+		} or { return none }
+	} else {
+		db := database_.get_connection() or { panic(err) }
+
+		sql db {
+			insert login into Logins
+		} or { return none }
+	}
+
+	return login
+}
--- a/app/src/database/user.v
+++ b/app/src/database/user.v
@@ -0,0 +1,52 @@
+module database
+
+import orm
+import cryptography
+
+@[table: 'users']
+pub struct User {
+pub:
+	id       ?int   @[primary; serial]
+	username string @[nonnull; unique]
+	password string @[nonnull]
+}
+
+pub fn User.by_id(user_id orm.Primitive, mut database_ Database) ?User {
+	query := database_.get_query_builder[User]().where('id = ?', user_id) or { return none }
+	result := database_.query[User](query) or { return none }
+
+	return result.first()
+}
+
+pub fn User.by_name(username orm.Primitive, mut database_ Database) ?User {
+	eprintln('qb')
+	query := database_.get_query_builder[User]().where('username = ?', username) or { return none }
+	eprintln('result')
+	result := database_.query[User](*query) or { return none }
+
+	eprintln('first')
+	return result.first()
+}
+
+pub fn User.create(username string, password string, database_ Database) ?User {
+	hash := cryptography.hash_password(password) or { return none }
+	mut user := User{
+		id:       none
+		username: username
+		password: hash
+	}
+
+	db := database_.get_connection() or { panic(err) }
+
+	sql db {
+		insert user into User
+	} or { return none }
+
+	return user
+}
+
+pub fn User.verify(username orm.Primitive, password string, mut database_ Database) ?User {
+	eprintln('by_name')
+	user := User.by_name(username, mut database_) or { return none }
+	return if cryptography.hash_verify(password, user.password) or { false } { user } else { none }
+}
--- a/app/src/jwt/algoritm.v
+++ b/app/src/jwt/algoritm.v
@@ -0,0 +1,19 @@
+module jwt
+
+pub interface Algorithm {
+	name string
+	sign(contents string, secretOrKey string) !string
+	verify(token string, secretOrKey string) !Token
+}
+
+pub enum AlgorithmType {
+	hs256
+}
+
+pub fn new_algorithm(algorithmType AlgorithmType) Algorithm {
+	match algorithmType {
+		.hs256 {
+			return HS256{}
+		}
+	}
+}
--- a/app/src/jwt/hs256.v
+++ b/app/src/jwt/hs256.v
@@ -0,0 +1,31 @@
+module jwt
+
+import crypto.hmac
+import crypto.sha256
+import encoding.base64
+
+pub struct HS256 {
+pub:
+	name string = 'HS256'
+}
+
+pub fn (algorithm HS256) sign(content string, secret string) !string {
+	return base64.url_encode(hmac.new(secret.bytes(), content.bytes(), sha256.sum, sha256.block_size))
+}
+
+pub fn (algorithm HS256) verify(token_raw string, secret string) !Token {
+	token := parse_token(token_raw)!
+	parts := token_raw.split('.')
+	header := parts[0]
+	claims := parts[1]
+	signed := algorithm.sign('${header}.${claims}', secret)!
+
+	if signed != token.signature {
+		return error('Invalid token')
+	}
+	if token.is_expired() {
+		return error('Token already expired')
+	}
+
+	return token
+}
--- a/app/src/jwt/jwt.v
+++ b/app/src/jwt/jwt.v
@@ -0,0 +1,40 @@
+module jwt
+
+import json
+import time
+import x.json2
+import encoding.base64
+
+pub fn encode[T](claims T, algorithm Algorithm, secretOrKey string, exp int) !string {
+	header := new_header(algorithm)
+	header_b64 := base64.url_encode(json.encode(header).bytes())
+
+	mut claims_final := json2.decode[json2.Any](json.encode(claims))!.as_map()
+
+	if exp != 0 {
+		claims_final['exp'] = time.now().unix() + exp
+	}
+
+	claims_b64 := base64.url_encode(claims_final.str().bytes())
+	contents := '${header_b64}.${claims_b64}'
+	signature := algorithm.sign(contents, secretOrKey)!
+
+	return '${contents}.${signature}'
+}
+
+pub fn verify[T](token string, algorithm Algorithm, secretOrKey string) !T {
+	return algorithm.verify(token, secretOrKey)!.parse_claims[T]()
+}
+
+pub struct UserJwt {
+pub:
+	id string
+}
+
+pub fn create(user_id string, secret string) !string {
+	return encode[UserJwt](UserJwt{ id: user_id }, new_algorithm(.hs256), secret, 7 * 24 * 60 * 60)!
+}
+
+pub fn decode(token string, secret string) !string {
+	return verify[UserJwt](token, new_algorithm(.hs256), secret)!.id
+}
--- a/app/src/jwt/structs.v
+++ b/app/src/jwt/structs.v
@@ -0,0 +1,65 @@
+module jwt
+
+import json
+import time
+import x.json2
+import encoding.base64
+
+pub struct JWTHeader {
+pub:
+	alg string
+	typ string = 'JWT'
+}
+
+fn new_header(algorithm Algorithm) JWTHeader {
+	return JWTHeader{
+		alg: algorithm.name.str().to_upper()
+	}
+}
+
+struct Token {
+pub:
+	header     JWTHeader
+	claims     string
+	signature  string
+	expiration int
+}
+
+pub fn (t Token) parse_claims[T]() !T {
+	return json.decode(T, t.claims)
+}
+
+pub fn (t Token) is_expired() bool {
+	return t.expiration == -1 || time.unix(t.expiration) < time.now()
+}
+
+pub fn parse_token(token_raw string) !Token {
+	parts := token_raw.split('.')
+	if parts.len != 3 {
+		return error('Invalid token')
+	}
+
+	header_raw := if parts[0].len % 4 == 0 { parts[0] } else { parts[0] + '==' }
+	claims_raw := if parts[1].len % 4 == 0 { parts[1] } else { parts[1] + '==' }
+
+	decoded_header := base64.decode_str(header_raw)
+	decoded_claims := base64.decode_str(claims_raw)
+
+	claims := json2.decode[json2.Any](decoded_claims)!.as_map()
+
+	mut expiration_given := true
+
+	expiration_unix := claims['exp'] or {
+		expiration_given = false
+		json2.Null{}
+	}
+
+	token := Token{
+		header:     json.decode(JWTHeader, decoded_header)!
+		claims:     decoded_claims
+		signature:  parts[2]
+		expiration: if expiration_given { expiration_unix.int() } else { -1 }
+	}
+
+	return token
+}
--- a/app/src/main.v
+++ b/app/src/main.v
@@ -2,42 +2,55 @@ module main

 import os
 import veb
+import jwt
 import util
+import sync
+import database
+import thomaspeissl.dotenv
+import time
+import net.http

-//
+// structs

-pub struct User {
-pub mut:
-	name string
-	id   int
+pub struct CachedUser {
+pub:
+	user    database.User
+	expires int
 }

 pub struct Context {
 	veb.Context
 pub mut:
-	embed      util.Embedded
-	user       User
-	session_id string
+	app  &App
+	user database.User
 }

 pub struct App {
 	veb.Controller
 	veb.StaticHandler
 	veb.Middleware[Context]
-pub mut:
-	embed util.Embedded
 pub:
 	cfg   util.Config
+	embed util.Embedded
+pub mut:
+	database   database.Database
+	cache_lock sync.RwMutex
+	user_cache map[string]CachedUser
 }

-pub struct Auth {}
+pub struct Auth {
+	veb.Controller
+	veb.Middleware[Context]
+pub:
+	app &App
+}

 // endpoints

@['/:path...']
 pub fn (app &App) root(mut ctx Context, path string) veb.Result {
-	abs_root := util.Utility.normalize_path(os.abs_path(app.cfg.root))
-	abs_path := util.Utility.normalize_path(abs_root + os.abs_path(path))
+	abs_root := util.Utility.normalize_path(os.real_path(app.cfg.root))
+	abs_path := util.Utility.normalize_path(os.real_path(os.join_path(abs_root, path)))

 	if !abs_path.starts_with(abs_root) && abs_path != abs_root {
 		return ctx.forbidden()
@@ -51,25 +64,85 @@ pub fn (app &App) root(mut ctx Context, path string) veb.Result {
 		return ctx.text(content)
 	}

-	entries := util.Utility.list_files(abs_path, abs_root) or { return ctx.not_found() }
+	exclude := database.get_dummy_exclusion_list(app.cfg.exe, app.cfg.root)
+	entries := util.Utility.list_files(abs_path, abs_root, exclude) or { return ctx.not_found() }

 	directory := util.HtmlBuilder.generate_breadcrumbs(abs_path.split(abs_root)[1])
 	files, meta := util.HtmlBuilder.generate_file_list(entries, abs_path)
 	style := app.embed.style_css

+	username := if ctx.user.username != '' { ctx.user.username } else { 'noone' }
 	return ctx.html($tmpl('template/dashboard.html'))
 }

 // auth endpoints

+@['/']
+pub fn (auth &Auth) root(mut ctx Context) veb.Result {
+	return ctx.redirect('/')
+}
+
@[get; post]
 pub fn (auth &Auth) login(mut ctx Context) veb.Result {
-	return ctx.text('login')
+	if ctx.req.method == .get {
+		style := auth.app.embed.admin_css
+		return ctx.html($tmpl('template/auth/login.html'))
+	}
+
+	token := ctx.get_cookie('veb_session') or { '' }
+	if token != '' {
+		return ctx.redirect('/')
+	}
+
+	username := ctx.form['username'] or { return ctx.request_error('') }
+	password := ctx.form['password'] or { return ctx.request_error('') }
+
+	if password.len < 8 {
+		return ctx.request_error('')
+	}
+
+	if user := database.User.verify(username, password, mut ctx.app.database) {
+		id := user.id or { return ctx.server_error('') }
+		ctx.set_cookie(http.Cookie{
+			name:      'veb_session'
+			value:     jwt.create(id.str(), ctx.app.cfg.jwt_key) or { return ctx.server_error('') }
+			path:      '/'
+			secure:    true
+			http_only: true
+			same_site: .same_site_strict_mode
+		})
+	} else {
+		// todo cache login attempts per ip as well and block early.
+		database.Logins.create_or_update(ctx.ip(), mut ctx.app.database)
+		return ctx.forbidden()
+	}
+
+	return ctx.redirect('/')
 }

@[get; post]
 pub fn (auth &Auth) logout(mut ctx Context) veb.Result {
-	return ctx.text('logout')
+	if ctx.req.method == .get {
+		style := auth.app.embed.admin_css
+		return ctx.html($tmpl('template/auth/logout.html'))
+	}
+
+	token := ctx.get_cookie('veb_session') or { '' }
+	if token == '' {
+		return ctx.redirect('/')
+	}
+
+	ctx.set_cookie(http.Cookie{
+		name:      'veb_session'
+		value:     ''
+		path:      '/'
+		secure:    true
+		http_only: true
+		same_site: .same_site_strict_mode
+		max_age:   -1
+	})
+
+	return ctx.redirect('/')
 }

@[get; post; put]
@@ -77,13 +150,68 @@ pub fn (auth &Auth) register(mut ctx Context) veb.Result {
 	return ctx.text('register')
 }

+// middleware
+
+fn (mut app App) prepare() fn (mut Context) bool {
+	return fn [mut app] (mut ctx Context) bool {
+		ctx.app = &app
+		return true
+	}
+}
+
+pub fn session(mut ctx Context) bool {
+	token := ctx.get_cookie('veb_session') or { '' }
+	if token == '' {
+		return true
+	}
+
+	if id := jwt.decode(token, ctx.app.cfg.jwt_key) {
+		if user := ctx.app.get_user(id) {
+			ctx.user = user
+		}
+	}
+
+	return true
+}
+
+fn (mut app App) get_user(user_id string) ?database.User {
+	now := time.now().unix()
+
+	app.cache_lock.rlock()
+
+	if cu := app.user_cache[user_id] {
+		if cu.expires > int(now) {
+			app.cache_lock.runlock()
+			return cu.user
+		}
+	}
+
+	app.cache_lock.runlock()
+
+	user := database.User.by_id(user_id, mut app.database) or { return none }
+
+	app.cache_lock.lock()
+	app.user_cache[user_id] = CachedUser{
+		user:    user
+		expires: int(now) + 300
+	}
+	app.cache_lock.unlock()
+
+	return user
+}
+
 // utility

 fn (mut ctx Context) error_page(code int, short string, long string) string {
-	style := ctx.embed.error_css
+	style := ctx.app.embed.error_css
 	return $tmpl('template/error.html')
 }

+pub fn (mut ctx Context) request_error(msg string) veb.Result {
+	ctx.res.set_status(.bad_request)
+	return ctx.html(ctx.error_page(400, 'Bad Request', 'This request is malformed or otherwise invalid.'))
+}
+
 pub fn (mut ctx Context) forbidden() veb.Result {
 	ctx.res.set_status(.forbidden)
 	return ctx.html(ctx.error_page(403, 'Forbidden', "Oops! You aren't allowed around here."))
@@ -94,54 +222,50 @@ pub fn (mut ctx Context) not_found() veb.Result {
 	return ctx.html(ctx.error_page(404, 'Not found', 'Oops! The page you are looking for does not exist.'))
 }

-// --
+pub fn (mut ctx Context) server_error(msg string) veb.Result {
+	ctx.res.set_status(.internal_server_error)
+	return ctx.html(ctx.error_page(500, 'Interal Server Error', 'Oops! Something went wrong here.'))
+}

-fn populate() &util.Config {
-	def_root := $d('root', '.')
+// main
+
+fn populate() (util.Config, util.Embedded) {
+	dotenv.load()
+
+	executable := os.executable()
+	def_root := os.dir(executable)
 	def_port := int($d('port', 6767))
+	def_sqlt := $d('database', 'cdn_web.db')
+	def_jwt := $d('jwt', 'supersecurejwttokenkey')

-	def_user := $d('username', 'cdn')
-	def_pass := $d('password', 'totallySafeCdnDatabasePassword1235')
-
-	return &util.Config{
-		root:     if os.getenv('CDN_ROOT') != '' { os.getenv('CDN_ROOT').str() } else { def_root }
+	// vfmt off
+	return util.Config{
+		exe:      util.Utility.normalize_path(executable)
+		root:     util.Utility.normalize_path(if os.getenv('CDN_ROOT') != '' { util.Utility.resolve_path(def_root, os.getenv('CDN_ROOT').str()) } else { def_root })
 		port:     if os.getenv('CDN_PORT')    != '' { os.getenv('CDN_PORT').int()    } else { def_port }
-		database: &util.Database{
-			username: if os.getenv('CDN_DB_USERNAME') != '' {
-				os.getenv('CDN_DB_USERNAME').str()
-			} else {
-				def_user
-			}
-			password: if os.getenv('CDN_DB_PASSWORD') != '' {
-				os.getenv('CDN_DB_PASSWORD').str()
-			} else {
-				def_pass
-			}
-		}
+		jwt_key:  if os.getenv('CDN_JWT_KEY') != '' { os.getenv('CDN_JWT_KEY').str() } else { def_jwt  }
+		database: if os.getenv('CDN_SQL_DSN') != '' { os.getenv('CDN_SQL_DSN').str() } else { def_sqlt }
+	}, util.Embedded{
+		style_css: $embed_file('template/assets/style.css', .zlib).to_string()
+		error_css: $embed_file('template/assets/error.css', .zlib).to_string()
+		admin_css: $embed_file('template/assets/admin.css', .zlib).to_string()
 	}
+	// vfmt on
 }

 fn main() {
-	mut app := &App{
-		cfg: populate()
-	}
-	mut auth := &Auth{}
-	app.embed = &util.Embedded{
-		style_css: $embed_file('assets/style/style.css', .zlib).to_string()
-		error_css: $embed_file('assets/style/error.css', .zlib).to_string()
-	}
+	// vfmt off
+	mut cfg, mut embed := populate()
+	mut app := &App{ cfg: cfg, embed: embed, database: database.get_database(cfg)! }
+	mut auth := &Auth{ app: app }
+	// vfmt on

 	app.register_controller[Auth, Context]('/auth', mut auth)!

 	app.enable_static_compression = true
 	app.use(veb.encode_auto[Context]())
-
-	app.use(veb.MiddlewareOptions[Context]{
-		handler: fn [app] (mut ctx Context) bool {
-			ctx.embed = &app.embed
-			return true
-		}
-	})
+	app.use(handler: app.prepare())
+	app.use(handler: session)

 	veb.run[App, Context](mut app, app.cfg.port)
 }
--- a/app/src/template/assets/admin.css
+++ b/app/src/template/assets/admin.css
@@ -0,0 +1,157 @@
+/* General Reset */
+* {
+    margin: 0;
+    padding: 0;
+    box-sizing: border-box;
+}
+
+/* Light Theme */
+:root[data-theme="light"] {
+    --bg-primary: #ffffff;
+    --bg-secondary: #f5f7fb;
+    --bg-tertiary: #eff2f5;
+    --text-primary: #1a202c;
+    --text-secondary: #6c757d;
+    --border-color: #d4d7de;
+    --accent: #0051ba;
+    --accent-hover: #003e8f;
+}
+
+/* Dark Theme */
+:root[data-theme="dark"] {
+    --bg-primary: #0d1117;
+    --bg-secondary: #161b22;
+    --bg-tertiary: #21262d;
+    --text-primary: #e6edf3;
+    --text-secondary: #8b949e;
+    --border-color: #30363d;
+    --accent: #58a6ff;
+    --accent-hover: #79c0ff;
+}
+
+/* Default theme */
+:root {
+    --bg-primary: #0d1117;
+    --bg-secondary: #161b22;
+    --bg-tertiary: #21262d;
+    --text-primary: #e6edf3;
+    --text-secondary: #8b949e;
+    --border-color: #30363d;
+    --accent: #58a6ff;
+    --accent-hover: #79c0ff;
+}
+
+body {
+    font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif;
+    background-color: var(--bg-primary);
+    color: var(--text-primary);
+    display: flex;
+    justify-content: center;
+    align-items: center;
+    height: 100vh;
+    flex-direction: column;
+    text-align: center;
+    transition: background-color 0.3s ease, color 0.3s ease;
+}
+
+.container {
+    background-color: var(--bg-secondary);
+    border: 1px solid var(--border-color);
+    padding: 2rem 3rem;
+    border-radius: 0.5rem;
+    box-shadow: 0 4px 12px rgba(0,0,0,0.15);
+    width: 100%;
+    max-width: 400px;
+}
+
+h1 {
+    font-size: 2rem;
+    margin-bottom: 1.5rem;
+    color: var(--accent);
+}
+
+form {
+    display: flex;
+    flex-direction: column;
+    gap: 1rem;
+}
+
+label {
+    text-align: left;
+    font-size: 0.875rem;
+    color: var(--text-secondary);
+}
+
+input[type="text"],
+input[type="password"] {
+    padding: 0.5rem 0.75rem;
+    border-radius: 0.375rem;
+    border: 1px solid var(--border-color);
+    background-color: var(--bg-tertiary);
+    color: var(--text-primary);
+    font-size: 1rem;
+    transition: all 0.2s ease;
+}
+
+input[type="text"]:focus,
+input[type="password"]:focus {
+    border-color: var(--accent);
+    outline: none;
+}
+
+button {
+    padding: 0.5rem 1rem;
+    border-radius: 0.375rem;
+    border: 1px solid var(--border-color);
+    background-color: var(--bg-tertiary);
+    color: var(--text-primary);
+    cursor: pointer;
+    font-size: 1rem;
+    transition: all 0.2s ease;
+}
+
+button:hover {
+    background-color: var(--accent);
+    border-color: var(--accent);
+    color: #fff;
+}
+
+button:active {
+    transform: scale(0.98);
+}
+
+a.logout-link {
+    color: var(--accent);
+    text-decoration: none;
+    margin-top: 1rem;
+    display: inline-block;
+    font-size: 0.875rem;
+}
+
+a.logout-link:hover {
+    color: var(--accent-hover);
+}
+
+.theme-toggle {
+    margin-top: 1rem;
+    width: 1.75rem;
+    height: 1.75rem;
+    border: none;
+    background-color: var(--text-secondary);
+    border-radius: 6px;
+    cursor: pointer;
+}
+
+.theme-toggle:active {
+    transform: scale(0.98);
+}
+
+@media (max-width: 480px) {
+    .container {
+        padding: 1.5rem 2rem;
+    }
+
+    h1 {
+        font-size: 1.75rem;
+    }
+}
--- a/app/src/template/assets/error.css
+++ b/app/src/template/assets/error.css
--- a/app/src/template/assets/style.css
+++ b/app/src/template/assets/style.css
@@ -63,7 +63,7 @@ body {
 .header {
    background-color: var(--bg-secondary);
    border-bottom: 1px solid var(--border-color);
-    padding: 3rem;
+    padding: 2rem 3rem 1rem 3rem;
    position: sticky;
    top: 0;
    z-index: 10;
@@ -170,7 +170,6 @@ body {
    border-bottom: 1px solid var(--border-color);
    background-color: var(--bg-secondary);
    transition: background-color 0.3s ease, border-color 0.3s ease;
-    overflow: scroll;
    height: 100%;
 }

@@ -244,6 +243,10 @@ body {
    -webkit-tap-highlight-color: transparent;
 }

+.icon svg {
+    fill: var(--text-secondary);
+}
+
 .file-list {
    display: flex;
    flex-direction: column;
--- a/app/src/template/auth/login.html
+++ b/app/src/template/auth/login.html
@@ -0,0 +1,25 @@
+<!DOCTYPE html>
+<!--suppress HtmlFormInputWithoutLabel -->
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Login</title>
+    <style>@{style}</style>
+</head>
+<body>
+<div class="container">
+    <h1>Login</h1>
+    <form action="/auth/login" method="POST">
+        <input placeholder="Username" type="text" id="username" name="username" required>
+        <input placeholder="Password" type="password" id="password" name="password" minlength="8" required>
+
+        <button type="submit">Sign In</button>
+    </form>
+</div>
+<script>
+    if ((savedTheme = (localStorage.getItem('theme') || 'light')))
+        document.documentElement.setAttribute('data-theme', savedTheme);
+</script>
+</body>
+</html>
--- a/app/src/template/auth/logout.html
+++ b/app/src/template/auth/logout.html
@@ -0,0 +1,21 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Logout</title>
+    <style>@{style}</style>
+</head>
+<body>
+<div class="container">
+    <h1>Log Out?</h1>
+    <form action="/auth/logout" method="POST">
+        <button type="submit">Logout</button>
+    </form>
+</div>
+<script>
+    if ((savedTheme = (localStorage.getItem('theme') || 'light')))
+        document.documentElement.setAttribute('data-theme', savedTheme);
+</script>
+</body>
+</html>
--- a/app/src/template/dashboard.html
+++ b/app/src/template/dashboard.html
--- a/app/src/util/http.v
+++ b/app/src/util/http.v
@@ -0,0 +1 @@
+module util
--- a/app/src/util/structs.v
+++ b/app/src/util/structs.v
@@ -3,25 +3,23 @@ module util

 import os
 import time
-
-pub struct Database {
-pub:
-	username string
-	password string
-}
+import encoding.base64

 pub struct Config {
-pub mut:
+pub:
+	exe      string
 	root     string
 	port     int
-pub:
-	database Database
+	debug    bool
+	jwt_key  string
+	database string
 }

 pub struct Embedded {
 pub mut:
 	style_css string
 	error_css string
+	admin_css string
 }

 pub struct FileEntry {
@@ -53,6 +51,8 @@ pub fn Utility.get_icon(ext string, is_dir bool) string {
 		'zip':     '<svg xmlns="http://www.w3.org/2000/svg" height="24px" viewBox="0 -960 960 960" width="24px" fill="#e3e3e3"><path d="M640-480v-80h80v80h-80Zm0 80h-80v-80h80v80Zm0 80v-80h80v80h-80ZM447-640l-80-80H160v480h400v-80h80v80h160v-400H640v80h-80v-80H447ZM160-160q-33 0-56.5-23.5T80-240v-480q0-33 23.5-56.5T160-800h240l80 80h320q33 0 56.5 23.5T880-640v400q0 33-23.5 56.5T800-160H160Zm0-80v-480 480Z"/></svg>'
 		'rar':     '<svg xmlns="http://www.w3.org/2000/svg" height="24px" viewBox="0 -960 960 960" width="24px" fill="#e3e3e3"><path d="M640-480v-80h80v80h-80Zm0 80h-80v-80h80v80Zm0 80v-80h80v80h-80ZM447-640l-80-80H160v480h400v-80h80v80h160v-400H640v80h-80v-80H447ZM160-160q-33 0-56.5-23.5T80-240v-480q0-33 23.5-56.5T160-800h240l80 80h320q33 0 56.5 23.5T880-640v400q0 33-23.5 56.5T800-160H160Zm0-80v-480 480Z"/></svg>'
 		'7z':      '<svg xmlns="http://www.w3.org/2000/svg" height="24px" viewBox="0 -960 960 960" width="24px" fill="#e3e3e3"><path d="M640-480v-80h80v80h-80Zm0 80h-80v-80h80v80Zm0 80v-80h80v80h-80ZM447-640l-80-80H160v480h400v-80h80v80h160v-400H640v80h-80v-80H447ZM160-160q-33 0-56.5-23.5T80-240v-480q0-33 23.5-56.5T160-800h240l80 80h320q33 0 56.5 23.5T880-640v400q0 33-23.5 56.5T800-160H160Zm0-80v-480 480Z"/></svg>'
+		'zst':     '<svg xmlns="http://www.w3.org/2000/svg" height="24px" viewBox="0 -960 960 960" width="24px" fill="#e3e3e3"><path d="M640-480v-80h80v80h-80Zm0 80h-80v-80h80v80Zm0 80v-80h80v80h-80ZM447-640l-80-80H160v480h400v-80h80v80h160v-400H640v80h-80v-80H447ZM160-160q-33 0-56.5-23.5T80-240v-480q0-33 23.5-56.5T160-800h240l80 80h320q33 0 56.5 23.5T880-640v400q0 33-23.5 56.5T800-160H160Zm0-80v-480 480Z"/></svg>'
+		'gzip':    '<svg xmlns="http://www.w3.org/2000/svg" height="24px" viewBox="0 -960 960 960" width="24px" fill="#e3e3e3"><path d="M640-480v-80h80v80h-80Zm0 80h-80v-80h80v80Zm0 80v-80h80v80h-80ZM447-640l-80-80H160v480h400v-80h80v80h160v-400H640v80h-80v-80H447ZM160-160q-33 0-56.5-23.5T80-240v-480q0-33 23.5-56.5T160-800h240l80 80h320q33 0 56.5 23.5T880-640v400q0 33-23.5 56.5T800-160H160Zm0-80v-480 480Z"/></svg>'
 		'mp3':     '<svg xmlns="http://www.w3.org/2000/svg" height="24px" viewBox="0 -960 960 960" width="24px" fill="#e3e3e3"><path d="M430-200q38 0 64-26t26-64v-150h120v-80H480v155q-11-8-23.5-11.5T430-380q-38 0-64 26t-26 64q0 38 26 64t64 26ZM240-80q-33 0-56.5-23.5T160-160v-640q0-33 23.5-56.5T240-880h320l240 240v480q0 33-23.5 56.5T720-80H240Zm280-520v-200H240v640h480v-440H520ZM240-800v200-200 640-640Z"/></svg>'
 		'mp4':     '<svg xmlns="http://www.w3.org/2000/svg" height="24px" viewBox="0 -960 960 960" width="24px" fill="#e3e3e3"><path d="M360-240h160q17 0 28.5-11.5T560-280v-40l80 42v-164l-80 42v-40q0-17-11.5-28.5T520-480H360q-17 0-28.5 11.5T320-440v160q0 17 11.5 28.5T360-240ZM240-80q-33 0-56.5-23.5T160-160v-640q0-33 23.5-56.5T240-880h320l240 240v480q0 33-23.5 56.5T720-80H240Zm280-520v-200H240v640h480v-440H520ZM240-800v200-200 640-640Z"/></svg>'
 		'avi':     '<svg xmlns="http://www.w3.org/2000/svg" height="24px" viewBox="0 -960 960 960" width="24px" fill="#e3e3e3"><path d="M360-240h160q17 0 28.5-11.5T560-280v-40l80 42v-164l-80 42v-40q0-17-11.5-28.5T520-480H360q-17 0-28.5 11.5T320-440v160q0 17 11.5 28.5T360-240ZM240-80q-33 0-56.5-23.5T160-160v-640q0-33 23.5-56.5T240-880h320l240 240v480q0 33-23.5 56.5T720-80H240Zm280-520v-200H240v640h480v-440H520ZM240-800v200-200 640-640Z"/></svg>'
@@ -68,13 +68,11 @@ pub fn Utility.get_icon(ext string, is_dir bool) string {
 		'unknown': '<svg xmlns="http://www.w3.org/2000/svg" height="24px" viewBox="0 -960 960 960" width="24px" fill="#e3e3e3"><path d="M240-80q-33 0-56.5-23.5T160-160v-640q0-33 23.5-56.5T240-880h320l240 240v480q0 33-23.5 56.5T720-80H240Zm280-520v-200H240v640h480v-440H520ZM240-800v200-200 640-640Z"/></svg>'
 	}

-	return Utility.svg_to_data_uri(if is_dir { icons['dir'] } else { icons[ext] or {
-			icons['unknown']} })
+	return if is_dir { icons['dir'] } else { icons[ext] or { icons['unknown'] } }
 }

 pub fn Utility.svg_to_data_uri(svg string) string {
-	return svg
-	// return 'data:image/svg+xml;base64,${base64.encode(svg.bytes())}'
+	return 'data:image/svg+xml;base64,${base64.encode(svg.bytes())}'
 }

 pub fn Utility.format_size(bytes i64) string {
@@ -102,21 +100,35 @@ pub fn Utility.format_date(unix_time i64) string {
 	return time.unix(unix_time).format_ss_milli()
 }

-pub fn Utility.list_files(dir_path string, relative string) ![]FileEntry {
+pub fn Utility.resolve_path(base string, path string) string {
+	if os.is_abs_path(path) {
+		return path
+	}
+
+	return os.real_path(os.join_path(base, path))
+}
+
+pub fn Utility.list_files(dir_path string, relative string, exclude []string) ![]FileEntry {
 	mut entries := []FileEntry{}

 	files := os.ls(dir_path)!

 	for file in files {
 		full_path := os.join_path(dir_path, file)
+		normalized := Utility.normalize_path(full_path)
+
+		if normalized in exclude {
+			continue
+		}
+
 		is_dir := os.is_dir(full_path)
 		file_info := os.stat(full_path)!
 		file_ext := full_path.split('.').last()

 		entries << FileEntry{
 			name:     if is_dir { '${file}/' } else { file }
-			abs_path: Utility.normalize_path(full_path)
-			path:     Utility.normalize_path(full_path).split(relative)[1] // if relative != "" { Utility.normalize_path(full_path.split(relative)[1]) } else { Utility.normalize_path(full_path) }
+			abs_path: normalized
+			path:     Utility.normalize_path(full_path).split(relative)[1] or { 'err' }
 			is_dir:   is_dir
 			size:     if !is_dir { file_info.size } else { 0 }
 			modified: file_info.mtime
@@ -142,7 +154,7 @@ pub fn Utility.list_files(dir_path string, relative string) ![]FileEntry {
 }

 pub fn Utility.normalize_path(path string) string {
-	return path.replace('\\', '/')
+	return path.replace('\\', '/').replace('//', '/')
 }

 pub struct HtmlBuilder {}
@@ -191,18 +203,17 @@ pub fn HtmlBuilder.generate_file_list(entries []FileEntry, current_path string)
 	for entry in entries {
 		if entry.is_dir {
 			dir_count++
-			file_class := 'directory'
-			html += '<div class="file-row ${file_class}">'
-			html += '<div>${entry.icon}</div>'
+			html += '<div class="file-row directory">'
+			html += '<div class="icon">${entry.icon}</div>'
 			html += '<div class="name"><a href="${entry.path}">${entry.name}</a></div>'
-			html += '<div class="size">-</div>'
+			html += '<div class="size">${Utility.format_size(entry.size)}</div>'
 			html += '<div class="date">${Utility.format_date(entry.modified)}</div>'
 			html += '</div>'
 		} else {
 			file_count++
 			total_size += entry.size
 			html += '<div class="file-row file">'
-			html += '<div>${entry.icon}</div>'
+			html += '<div class="icon">${entry.icon}</div>'
 			html += '<div class="name"><a href="${entry.path}">${entry.name}</a></div>'
 			html += '<div class="size">${Utility.format_size(entry.size)}</div>'
 			html += '<div class="date">${Utility.format_date(entry.modified)}</div>'
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,15 +1,11 @@
 services:
  app:
-    build:
-      context: ./app
-      dockerfile: Dockerfile
    container_name: cdn_web
    depends_on:
      - db
    ports:
-      - "8080:8080"
+      - "8080:8080" // how do these get passed to my exe?, etc
    environment:
-      # env shee
      DB_HOST: db
      DB_USER: appuser
      DB_PASS: s3cret
Author	SHA1	Message	Date
Overlord	9d541bd2bc	tldr; nothing works	2025-11-28 12:31:12 +01:00
Overlord	58849118d8	eod commit	2025-11-27 22:11:13 +01:00
Overlord	09539a9cd0	added jwt, sqlite, build sh	2025-11-27 20:45:50 +01:00
Overlord	6c6dfade42	updated .gitignore	2025-11-27 17:31:00 +01:00
Overlord	e0298c9934	eod commit, working beta deployed (https://dev.security-command.org/)	2025-11-26 19:51:26 +01:00
Overlord	70eb05c10b	escaped string	2025-11-26 13:24:52 +00:00
Overlord	330a22068f	working, beta	2025-11-26 13:22:39 +00:00
Overlord	635f16f8ff	fuckass db shit	2025-11-26 12:29:31 +01:00
Overlord	2c1cc78cb3	qol	2025-11-26 11:00:11 +01:00
Overlord	ce7bc124ed	hopefully fixed pointer deref / invalid mem access issue	2025-11-26 10:55:50 +01:00