diff --git a/gobsidian b/gobsidian new file mode 100755 index 0000000..0d861eb Binary files /dev/null and b/gobsidian differ diff --git a/internal/config/config.go b/internal/config/config.go index 2f24a15..5a27abd 100644 --- a/internal/config/config.go +++ b/internal/config/config.go @@ -17,6 +17,7 @@ type Config struct { SecretKey string Debug bool MaxContentLength int64 // in bytes + URLPrefix string // MD Notes App settings AppName string @@ -68,6 +69,7 @@ var defaultConfig = map[string]map[string]string{ "SECRET_KEY": "change-this-secret-key", "DEBUG": "false", "MAX_CONTENT_LENGTH": "16", // in MB + "URL_PREFIX": "", }, "MD_NOTES_APP": { "APP_NAME": "Gobsidian", @@ -148,6 +150,14 @@ func Load() (*Config, error) { config.Debug, _ = SERVERSection.Key("DEBUG").Bool() maxContentMB, _ := SERVERSection.Key("MAX_CONTENT_LENGTH").Int() config.MaxContentLength = int64(maxContentMB) * 1024 * 1024 // Convert MB to bytes + // Normalize URL prefix: "" or starts with '/' and no trailing '/' + rawPrefix := strings.TrimSpace(SERVERSection.Key("URL_PREFIX").String()) + if rawPrefix == "/" { rawPrefix = "" } + if rawPrefix != "" { + if !strings.HasPrefix(rawPrefix, "/") { rawPrefix = "/" + rawPrefix } + rawPrefix = strings.TrimRight(rawPrefix, "/") + } + config.URLPrefix = rawPrefix // Load MD_NOTES_APP section notesSection := cfg.Section("MD_NOTES_APP") @@ -340,6 +350,14 @@ func (c *Config) SaveSetting(section, key, value string) error { if size, err := strconv.ParseInt(value, 10, 64); err == nil { c.MaxContentLength = size * 1024 * 1024 } + case "URL_PREFIX": + v := strings.TrimSpace(value) + if v == "/" { v = "" } + if v != "" { + if !strings.HasPrefix(v, "/") { v = "/" + v } + v = strings.TrimRight(v, "/") + } + c.URLPrefix = v } case "MD_NOTES_APP": switch key { diff --git a/internal/handlers/auth.go b/internal/handlers/auth.go index 320c792..5c6e026 100644 --- a/internal/handlers/auth.go +++ b/internal/handlers/auth.go @@ -20,6 +20,11 @@ const sessionCookieName = "gobsidian_session" // LoginPage renders the login form func (h *Handlers) LoginPage(c *gin.Context) { + // If already authenticated, redirect to home (respect URL prefix) + if isAuthenticated(c) { + c.Redirect(http.StatusFound, h.config.URLPrefix+"/") + return + } token, _ := c.Get("csrf_token") c.HTML(http.StatusOK, "login", gin.H{ "app_name": h.config.AppName, @@ -128,7 +133,7 @@ func isAllDigits(s string) bool { func (h *Handlers) MFALoginPage(c *gin.Context) { session, _ := h.store.Get(c.Request, sessionCookieName) if _, ok := session.Values["mfa_user_id"]; !ok { - c.Redirect(http.StatusFound, "/editor/login") + c.Redirect(http.StatusFound, h.config.URLPrefix+"/editor/login") return } token, _ := c.Get("csrf_token") @@ -161,7 +166,7 @@ func (h *Handlers) MFALoginVerify(c *gin.Context) { session, _ := h.store.Get(c.Request, sessionCookieName) uidAny, ok := session.Values["mfa_user_id"] if !ok { - c.Redirect(http.StatusFound, "/editor/login") + c.Redirect(http.StatusFound, h.config.URLPrefix+"/editor/login") return } uid, _ := uidAny.(int64) @@ -188,14 +193,14 @@ func (h *Handlers) MFALoginVerify(c *gin.Context) { delete(session.Values, "mfa_user_id") session.Values["user_id"] = uid _ = session.Save(c.Request, c.Writer) - c.Redirect(http.StatusFound, "/") + c.Redirect(http.StatusFound, h.config.URLPrefix+"/") } // ProfileMFASetupPage shows QR and input to verify during enrollment func (h *Handlers) ProfileMFASetupPage(c *gin.Context) { uidPtr := getUserIDPtr(c) if uidPtr == nil { - c.Redirect(http.StatusFound, "/editor/login") + c.Redirect(http.StatusFound, h.config.URLPrefix+"/editor/login") return } // ensure enrollment exists, otherwise create one @@ -329,7 +334,7 @@ func (h *Handlers) LoginPost(c *gin.Context) { session, _ := h.store.Get(c.Request, sessionCookieName) session.Values["mfa_user_id"] = user.ID _ = session.Save(c.Request, c.Writer) - c.Redirect(http.StatusFound, "/editor/mfa") + c.Redirect(http.StatusFound, h.config.URLPrefix+"/editor/mfa") return } @@ -340,7 +345,7 @@ func (h *Handlers) LoginPost(c *gin.Context) { session, _ := h.store.Get(c.Request, sessionCookieName) session.Values["user_id"] = user.ID _ = session.Save(c.Request, c.Writer) - c.Redirect(http.StatusFound, "/editor/profile/mfa/setup") + c.Redirect(http.StatusFound, h.config.URLPrefix+"/editor/profile/mfa/setup") return } @@ -349,7 +354,7 @@ func (h *Handlers) LoginPost(c *gin.Context) { session.Values["user_id"] = user.ID _ = session.Save(c.Request, c.Writer) - c.Redirect(http.StatusFound, "/") + c.Redirect(http.StatusFound, h.config.URLPrefix+"/") } // LogoutPost clears the session @@ -357,5 +362,5 @@ func (h *Handlers) LogoutPost(c *gin.Context) { session, _ := h.store.Get(c.Request, sessionCookieName) session.Options.MaxAge = -1 _ = session.Save(c.Request, c.Writer) - c.Redirect(http.StatusFound, "/editor/login") + c.Redirect(http.StatusFound, h.config.URLPrefix+"/editor/login") } diff --git a/internal/handlers/editor.go b/internal/handlers/editor.go index 60764f6..9c18fff 100644 --- a/internal/handlers/editor.go +++ b/internal/handlers/editor.go @@ -142,9 +142,9 @@ func (h *Handlers) CreateNoteHandler(c *gin.Context) { } // Redirect based on extension - redirect := "/note/" + notePath + redirect := h.config.URLPrefix + "/note/" + notePath if strings.ToLower(ext) != "md" { - redirect = "/view_text/" + notePath + redirect = h.config.URLPrefix + "/view_text/" + notePath } c.JSON(http.StatusOK, gin.H{ @@ -297,7 +297,7 @@ func (h *Handlers) EditNoteHandler(c *gin.Context) { c.JSON(http.StatusOK, gin.H{ "success": true, "message": "Note saved successfully", - "redirect": "/note/" + notePath, + "redirect": h.config.URLPrefix + "/note/" + notePath, }) } diff --git a/internal/handlers/handlers.go b/internal/handlers/handlers.go index 22dc55e..8bdefce 100644 --- a/internal/handlers/handlers.go +++ b/internal/handlers/handlers.go @@ -344,7 +344,7 @@ func (h *Handlers) ProfilePage(c *gin.Context) { // Must be authenticated; middleware ensures user_id is set uidPtr := getUserIDPtr(c) if uidPtr == nil { - c.Redirect(http.StatusFound, "/editor/login") + c.Redirect(http.StatusFound, h.config.URLPrefix+"/editor/login") return } @@ -477,7 +477,7 @@ func (h *Handlers) PostProfileEnableMFA(c *gin.Context) { c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()}) return } - c.JSON(http.StatusOK, gin.H{"success": true, "setup": true, "redirect": "/editor/profile/mfa/setup"}) + c.JSON(http.StatusOK, gin.H{"success": true, "setup": true, "redirect": h.config.URLPrefix+"/editor/profile/mfa/setup"}) } // PostProfileDisableMFA clears the user's MFA secret @@ -611,16 +611,18 @@ func (h *Handlers) AdminEnableUserMFA(c *gin.Context) { c.JSON(http.StatusBadRequest, gin.H{"error": "invalid user id"}) return } - // Create or replace an enrollment so user is prompted on next login + // Admin enable: set a new secret directly so MFA is immediately enabled secret, err := generateBase32Secret() if err != nil { c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to generate secret"}) return } - if _, err := h.authSvc.DB.Exec(`INSERT OR REPLACE INTO mfa_enrollments (user_id, secret) VALUES (?, ?)`, id, secret); err != nil { + if _, err := h.authSvc.DB.Exec(`UPDATE users SET mfa_secret = ?, updated_at = CURRENT_TIMESTAMP WHERE id = ?`, secret, id); err != nil { c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()}) return } + // Remove any pending enrollment rows + _, _ = h.authSvc.DB.Exec(`DELETE FROM mfa_enrollments WHERE user_id = ?`, id) c.JSON(http.StatusOK, gin.H{"success": true}) } @@ -890,7 +892,7 @@ func (h *Handlers) PostEditTextHandler(c *gin.Context) { return } - c.JSON(http.StatusOK, gin.H{"success": true, "redirect": "/view_text/" + filePath}) + c.JSON(http.StatusOK, gin.H{"success": true, "redirect": h.config.URLPrefix + "/view_text/" + filePath}) } func New(cfg *config.Config, store *sessions.CookieStore, authSvc *auth.Service) *Handlers { diff --git a/internal/handlers/settings.go b/internal/handlers/settings.go index c9d2f76..c125e9c 100644 --- a/internal/handlers/settings.go +++ b/internal/handlers/settings.go @@ -30,10 +30,9 @@ func (h *Handlers) SettingsPageHandler(c *gin.Context) { "notes_tree": notesTree, "active_path": []string{}, "current_note": nil, - "breadcrumbs": []gin.H{ - {"name": "/", "url": "/"}, - {"name": "Settings", "url": ""}, - }, + "breadcrumbs": utils.GenerateBreadcrumbs(""), + "Authenticated": isAuthenticated(c), + "IsAdmin": isAdmin(c), "ContentTemplate": "settings_content", "ScriptsTemplate": "settings_scripts", "Page": "settings", diff --git a/internal/markdown/renderer.go b/internal/markdown/renderer.go index 4bf5927..ce0d5fb 100644 --- a/internal/markdown/renderer.go +++ b/internal/markdown/renderer.go @@ -100,6 +100,11 @@ func (r *Renderer) processObsidianImages(content string, notePath string) string imageURL = fmt.Sprintf("/serve_attached_image/%s", cleanPath) } + // Prefix with configured URL base + if bp := r.config.URLPrefix; bp != "" { + imageURL = bp + imageURL + } + // Convert to standard markdown image syntax alt := filepath.Base(imagePath) return fmt.Sprintf("![%s](%s)", alt, imageURL) @@ -127,6 +132,9 @@ func (r *Renderer) processObsidianLinks(content string) string { // Convert note name to URL-friendly format noteURL := strings.ReplaceAll(noteName, " ", "%20") noteURL = fmt.Sprintf("/note/%s.md", noteURL) + if bp := r.config.URLPrefix; bp != "" { + noteURL = bp + noteURL + } // Convert to standard markdown link syntax return fmt.Sprintf("[%s](%s)", displayText, noteURL) diff --git a/internal/server/middleware.go b/internal/server/middleware.go index 736c3d6..a4872b7 100644 --- a/internal/server/middleware.go +++ b/internal/server/middleware.go @@ -84,7 +84,7 @@ func (s *Server) CSRFRequire() gin.HandlerFunc { func (s *Server) RequireAuth() gin.HandlerFunc { return func(c *gin.Context) { if _, exists := c.Get("user_id"); !exists { - c.Redirect(http.StatusFound, "/editor/login") + c.Redirect(http.StatusFound, s.config.URLPrefix+"/editor/login") c.Abort() return } @@ -96,7 +96,7 @@ func (s *Server) RequireAuth() gin.HandlerFunc { func (s *Server) RequireAdmin() gin.HandlerFunc { return func(c *gin.Context) { if _, exists := c.Get("user_id"); !exists { - c.Redirect(http.StatusFound, "/editor/login") + c.Redirect(http.StatusFound, s.config.URLPrefix+"/editor/login") c.Abort() return } diff --git a/internal/server/server.go b/internal/server/server.go index fdab476..a360e2b 100644 --- a/internal/server/server.go +++ b/internal/server/server.go @@ -85,28 +85,30 @@ func (s *Server) Start() error { func (s *Server) setupRoutes() { h := handlers.New(s.config, s.store, s.auth) + // Group all routes under optional URL prefix + r := s.router.Group(s.config.URLPrefix) // Main routes - s.router.GET("/", h.IndexHandler) - s.router.GET("/folder/*path", h.FolderHandler) - s.router.GET("/note/*path", h.NoteHandler) + r.GET("/", h.IndexHandler) + r.GET("/folder/*path", h.FolderHandler) + r.GET("/note/*path", h.NoteHandler) // File serving routes - s.router.GET("/serve_attached_image/*path", h.ServeAttachedImageHandler) - s.router.GET("/serve_stored_image/:filename", h.ServeStoredImageHandler) - s.router.GET("/download/*path", h.DownloadHandler) - s.router.GET("/view_text/*path", h.ViewTextHandler) + r.GET("/serve_attached_image/*path", h.ServeAttachedImageHandler) + r.GET("/serve_stored_image/:filename", h.ServeStoredImageHandler) + r.GET("/download/*path", h.DownloadHandler) + r.GET("/view_text/*path", h.ViewTextHandler) // Auth routes - s.router.GET("/editor/login", h.LoginPage) - s.router.POST("/editor/login", s.CSRFRequire(), h.LoginPost) - s.router.POST("/editor/logout", s.RequireAuth(), s.CSRFRequire(), h.LogoutPost) + r.GET("/editor/login", h.LoginPage) + r.POST("/editor/login", s.CSRFRequire(), h.LoginPost) + r.POST("/editor/logout", s.RequireAuth(), s.CSRFRequire(), h.LogoutPost) // MFA challenge routes (no auth yet, but CSRF) - s.router.GET("/editor/mfa", s.CSRFRequire(), h.MFALoginPage) - s.router.POST("/editor/mfa", s.CSRFRequire(), h.MFALoginVerify) + r.GET("/editor/mfa", s.CSRFRequire(), h.MFALoginPage) + r.POST("/editor/mfa", s.CSRFRequire(), h.MFALoginVerify) // New /editor group protected by auth + CSRF - editor := s.router.Group("/editor", s.RequireAuth(), s.CSRFRequire()) + editor := r.Group("/editor", s.RequireAuth(), s.CSRFRequire()) { editor.GET("/create", h.CreateNotePageHandler) editor.POST("/create", h.CreateNoteHandler) @@ -171,8 +173,8 @@ func (s *Server) setupRoutes() { } // API routes - s.router.GET("/api/tree", h.TreeAPIHandler) - s.router.GET("/api/search", h.SearchHandler) + r.GET("/api/tree", h.TreeAPIHandler) + r.GET("/api/search", h.SearchHandler) } func (s *Server) setupStaticFiles() { @@ -181,9 +183,9 @@ func (s *Server) setupStaticFiles() { if err != nil { panic(err) } - s.router.StaticFS("/static", http.FS(sub)) + s.router.StaticFS(s.config.URLPrefix+"/static", http.FS(sub)) // Favicon from same sub FS - s.router.StaticFileFS("/favicon.ico", "favicon.ico", http.FS(sub)) + s.router.StaticFileFS(s.config.URLPrefix+"/favicon.ico", "favicon.ico", http.FS(sub)) } func (s *Server) setupTemplates() { @@ -192,6 +194,24 @@ func (s *Server) setupTemplates() { "formatSize": utils.FormatFileSize, "formatTime": utils.FormatTime, "join": strings.Join, + // base returns the configured URL prefix ("" for root) + "base": func() string { return s.config.URLPrefix }, + // url joins the base with the given path ensuring single slash + "url": func(p string) string { + bp := s.config.URLPrefix + if bp == "" { + if p == "" { return "" } + if strings.HasPrefix(p, "/") { return p } + return "/" + p + } + if p == "" || p == "/" { + return bp + "/" + } + if strings.HasPrefix(p, "/") { + return bp + p + } + return bp + "/" + p + }, "contains": func(slice []string, item string) bool { for _, s := range slice { if s == item { diff --git a/web/static/app.js b/web/static/app.js index abacc9b..50de14f 100644 --- a/web/static/app.js +++ b/web/static/app.js @@ -64,9 +64,11 @@ function initEnhancedUpload() { // Enhanced upload function with progress tracking function uploadFilesWithProgress(files) { - const folderPath = window.location.pathname.includes('/folder/') - ? window.location.pathname.replace('/folder/', '') - : ''; + // Derive folder path accounting for BASE prefix + const base = (window.BASE || '').replace(/\/$/, ''); + let path = window.location.pathname || ''; + if (base && path.startsWith(base)) path = path.slice(base.length); + const folderPath = path.startsWith('/folder/') ? path.replace('/folder/', '') : ''; uploadElements.progress.classList.remove('hidden'); uploadElements.progressBar.style.width = '0%'; @@ -117,7 +119,7 @@ function initEnhancedUpload() { const m = document.cookie.match(/(?:^|; )csrf_token=([^;]+)/); const csrf = m && m[1] ? decodeURIComponent(m[1]) : ''; - xhr.open('POST', '/editor/upload'); + xhr.open('POST', window.prefix('/editor/upload')); if (csrf) { try { xhr.setRequestHeader('X-CSRF-Token', csrf); } catch (_) {} } @@ -210,13 +212,13 @@ function initKeyboardShortcuts() { case 'n': if (e.ctrlKey || e.metaKey) { e.preventDefault(); - window.location.href = '/editor/create'; + window.location.href = window.prefix('/editor/create'); } break; case 's': if (e.ctrlKey || e.metaKey) { e.preventDefault(); - window.location.href = '/editor/settings'; + window.location.href = window.prefix('/editor/settings'); } break; } diff --git a/web/templates/admin.html b/web/templates/admin.html index d5f149e..0a993fd 100644 --- a/web/templates/admin.html +++ b/web/templates/admin.html @@ -184,7 +184,7 @@ formCreateUser.addEventListener('submit', async (e) => { e.preventDefault(); const fd = new FormData(formCreateUser); - const res = await fetch('/editor/admin/users', { method: 'POST', headers: { 'X-CSRF-Token': getCSRF() }, body: fd }); + const res = await fetch(window.prefix('/editor/admin/users'), { method: 'POST', headers: { 'X-CSRF-Token': getCSRF() }, body: fd }); const data = await res.json().catch(() => ({})); if (res.ok && data.success) { showNotification('User created', 'success'); window.location.reload(); } else { showNotification('Create user failed: ' + (data.error || res.statusText), 'error'); } @@ -200,7 +200,7 @@ if (!id) return; if (username === 'admin') { showNotification('Cannot delete default admin user', 'error'); return; } if (!confirm('Delete user ' + username + ' ?')) return; - const res = await fetch('/editor/admin/users/' + encodeURIComponent(id), { method: 'DELETE', headers: { 'X-CSRF-Token': getCSRF() } }); + const res = await fetch(window.prefix('/editor/admin/users/' + encodeURIComponent(id)), { method: 'DELETE', headers: { 'X-CSRF-Token': getCSRF() } }); const data = await res.json().catch(() => ({})); if (res.ok && data.success) { showNotification('User deleted', 'success'); window.location.reload(); } else { showNotification('Delete user failed: ' + (data.error || res.statusText), 'error'); } @@ -216,7 +216,7 @@ const active = action === 'user-activate' ? '1' : '0'; const fd = new FormData(); fd.set('active', active); - const res = await fetch('/editor/admin/users/' + encodeURIComponent(id) + '/active', { method: 'POST', headers: { 'X-CSRF-Token': getCSRF() }, body: fd }); + const res = await fetch(window.prefix('/editor/admin/users/' + encodeURIComponent(id) + '/active'), { method: 'POST', headers: { 'X-CSRF-Token': getCSRF() }, body: fd }); const data = await res.json().catch(() => ({})); if (res.ok && data.success) { showNotification('User status updated', 'success'); window.location.reload(); } else { showNotification('Update status failed: ' + (data.error || res.statusText), 'error'); } @@ -226,7 +226,7 @@ // MFA actions const mfaRequest = async (row, path, okMsg) => { const id = row && row.getAttribute('data-user-id'); - const res = await fetch('/editor/admin/users/' + encodeURIComponent(id) + path, { method: 'POST', headers: { 'X-CSRF-Token': getCSRF() } }); + const res = await fetch(window.prefix('/editor/admin/users/' + encodeURIComponent(id) + path), { method: 'POST', headers: { 'X-CSRF-Token': getCSRF() } }); const data = await res.json().catch(() => ({})); if (res.ok && data.success) { showNotification(okMsg, 'success'); window.location.reload(); } else { showNotification('MFA action failed: ' + (data.error || res.statusText), 'error'); } @@ -241,7 +241,7 @@ formCreateGroup.addEventListener('submit', async (e) => { e.preventDefault(); const fd = new FormData(formCreateGroup); - const res = await fetch('/editor/admin/groups', { method: 'POST', headers: { 'X-CSRF-Token': getCSRF() }, body: fd }); + const res = await fetch(window.prefix('/editor/admin/groups'), { method: 'POST', headers: { 'X-CSRF-Token': getCSRF() }, body: fd }); const data = await res.json().catch(() => ({})); if (res.ok && data.success) { showNotification('Group created', 'success'); window.location.reload(); } else { showNotification('Create group failed: ' + (data.error || res.statusText), 'error'); } @@ -257,7 +257,7 @@ if (!id) return; if (name === 'admin' || name === 'public') { showNotification('Cannot delete core group: ' + name, 'error'); return; } if (!confirm('Delete group ' + name + ' ?')) return; - const res = await fetch('/editor/admin/groups/' + encodeURIComponent(id), { method: 'DELETE', headers: { 'X-CSRF-Token': getCSRF() } }); + const res = await fetch(window.prefix('/editor/admin/groups/' + encodeURIComponent(id)), { method: 'DELETE', headers: { 'X-CSRF-Token': getCSRF() } }); const data = await res.json().catch(() => ({})); if (res.ok && data.success) { showNotification('Group deleted', 'success'); window.location.reload(); } else { showNotification('Delete group failed: ' + (data.error || res.statusText), 'error'); } @@ -270,7 +270,7 @@ formAddMem.addEventListener('submit', async (e) => { e.preventDefault(); const fd = new FormData(formAddMem); - const res = await fetch('/editor/admin/memberships/add', { method: 'POST', headers: { 'X-CSRF-Token': getCSRF() }, body: fd }); + const res = await fetch(window.prefix('/editor/admin/memberships/add'), { method: 'POST', headers: { 'X-CSRF-Token': getCSRF() }, body: fd }); const data = await res.json().catch(() => ({})); if (res.ok && data.success) { showNotification('User added to group', 'success'); } else { showNotification('Add membership failed: ' + (data.error || res.statusText), 'error'); } @@ -283,7 +283,7 @@ formRemMem.addEventListener('submit', async (e) => { e.preventDefault(); const fd = new FormData(formRemMem); - const res = await fetch('/editor/admin/memberships/remove', { method: 'POST', headers: { 'X-CSRF-Token': getCSRF() }, body: fd }); + const res = await fetch(window.prefix('/editor/admin/memberships/remove'), { method: 'POST', headers: { 'X-CSRF-Token': getCSRF() }, body: fd }); const data = await res.json().catch(() => ({})); if (res.ok && data.success) { showNotification('User removed from group', 'success'); } else { showNotification('Remove membership failed: ' + (data.error || res.statusText), 'error'); } diff --git a/web/templates/admin_logs.html b/web/templates/admin_logs.html index 0e1a85b..809ac76 100644 --- a/web/templates/admin_logs.html +++ b/web/templates/admin_logs.html @@ -9,11 +9,11 @@

Admin Logs

Recent access, errors, failed logins, and IP bans

- Back to Admin + Back to Admin -
+
@@ -38,7 +38,7 @@
- Reset + Reset
@@ -249,7 +249,7 @@ async function postForm(url, data) { const csrf = getCSRF(); const form = new URLSearchParams(); Object.entries(data || {}).forEach(([k, v]) => form.append(k, v)); - const res = await fetch(url, { method: 'POST', headers: Object.assign({'Content-Type': 'application/x-www-form-urlencoded'}, csrf ? {'X-CSRF-Token': csrf} : {}), body: form.toString() }); + const res = await fetch(window.prefix(url), { method: 'POST', headers: Object.assign({'Content-Type': 'application/x-www-form-urlencoded'}, csrf ? {'X-CSRF-Token': csrf} : {}), body: form.toString() }); if (!res.ok) { const j = await res.json().catch(() => ({})); throw new Error(j.error || res.statusText); diff --git a/web/templates/base.html b/web/templates/base.html index 489d14f..aef09e8 100644 --- a/web/templates/base.html +++ b/web/templates/base.html @@ -264,7 +264,7 @@
- + {{.app_name}}
@@ -274,14 +274,14 @@ {{if .Authenticated}} {{if .IsAdmin}} - + {{end}} - + - + {{end}} @@ -290,7 +290,7 @@ {{else}} - + {{end}} @@ -305,7 +305,7 @@
{{if .Authenticated}} - + New Note {{end}} @@ -332,7 +332,7 @@ {{range $i, $crumb := .breadcrumbs}} {{if $i}}{{end}} {{if $crumb.URL}} - {{$crumb.Name}} + {{$crumb.Name}} {{else}} {{$crumb.Name}} {{end}} @@ -401,6 +401,18 @@ // Initialize syntax highlighting hljs.highlightAll(); + // Base URL prefix from server + window.BASE = '{{base}}'; + window.prefix = function(p) { + var b = window.BASE || ''; + if (!b) { + if (!p) return ''; + return p[0] === '/' ? p : '/' + p; + } + if (!p || p === '/') return b + '/'; + return p[0] === '/' ? (b + p) : (b + '/' + p); + }; + // Tree functionality document.addEventListener('click', function(e) { if (e.target.closest('.tree-toggle')) { @@ -423,7 +435,7 @@ if (!toggle) return; e.preventDefault(); const path = toggle.getAttribute('data-path') || ''; - const url = '/folder/' + path; + const url = window.prefix('/folder/' + path); window.location.href = url; }); @@ -522,7 +534,7 @@ if (hasTree) return; // already populated // Fetch tree - fetch('/api/tree') + fetch(window.prefix('/api/tree')) .then(r => r.json()) .then(data => { if (!data || !Array.isArray(data.children)) return; @@ -554,13 +566,13 @@ wrapper.appendChild(toggle); wrapper.appendChild(children); } else { - let href = '/view_text/' + (node.path || ''); + let href = window.prefix('/view_text/' + (node.path || '')); let icon = '📄'; if ((node.type || '').toLowerCase() === 'md') { - href = '/note/' + (node.path || ''); + href = window.prefix('/note/' + (node.path || '')); icon = '📝'; } else if ((node.type || '').toLowerCase() === 'image') { - href = '/serve_attached_image/' + (node.path || ''); + href = window.prefix('/serve_attached_image/' + (node.path || '')); icon = '🖼️'; } const a = document.createElement('a'); @@ -636,7 +648,7 @@ title.className = 'flex items-center justify-between text-sm text-blue-300 hover:text-blue-200 cursor-pointer'; title.innerHTML = `${escapeHTML(r.path)}`; title.addEventListener('click', () => { - const url = r.path.endsWith('.md') ? `/note/${r.path}` : `/view_text/${r.path}`; + const url = r.path.endsWith('.md') ? window.prefix(`/note/${r.path}`) : window.prefix(`/view_text/${r.path}`); // remember query if (searchInput) localStorage.setItem(LS_KEY_QUERY, searchInput.value.trim()); window.location.href = url; @@ -661,7 +673,7 @@ } try { searchStatus.textContent = 'Searching...'; - const res = await fetch(`/api/search?q=${encodeURIComponent(query)}`); + const res = await fetch(window.prefix(`/api/search?q=${encodeURIComponent(query)}`)); const data = await res.json(); if (res.ok) { localStorage.setItem(LS_KEY_QUERY, query); @@ -696,12 +708,12 @@ try { const m = document.cookie.match(/(?:^|; )csrf_token=([^;]+)/); const csrf = m && m[1] ? decodeURIComponent(m[1]) : ''; - const res = await fetch('/editor/logout', { + const res = await fetch(window.prefix('/editor/logout'), { method: 'POST', headers: csrf ? { 'X-CSRF-Token': csrf } : {}, }); if (res.ok) { - window.location.href = '/editor/login'; + window.location.href = window.prefix('/editor/login'); } else { const data = await res.json().catch(() => ({})); showNotification('Logout failed: ' + (data.error || res.statusText), 'error'); @@ -762,17 +774,17 @@
{{else}} {{if eq .node.Type "md"}} - + 📝 {{.node.Name}} {{else if eq .node.Type "image"}} - + 🖼️ {{.node.Name}} {{else}} - + 📄 {{.node.Name}} diff --git a/web/templates/create.html b/web/templates/create.html index feba6d3..10a7981 100644 --- a/web/templates/create.html +++ b/web/templates/create.html @@ -111,7 +111,7 @@ console.log('Hello, World!'); function buildImageURL(filename) { if (imageStorageMode === 2) { - return `/serve_stored_image/${filename}`; + return window.prefix(`/serve_stored_image/${filename}`); } let path = filename; if (imageStorageMode === 3 && currentFolderPath) { @@ -119,7 +119,7 @@ console.log('Hello, World!'); } else if (imageStorageMode === 4 && currentFolderPath) { path = `${currentFolderPath}/${imageSubfolderName}/${filename}`; } - return `/serve_attached_image/${path}`; + return window.prefix(`/serve_attached_image/${path}`); } function transformObsidianEmbeds(md) { @@ -177,7 +177,7 @@ console.log('Hello, World!'); // CSRF token from cookie const csrf = (document.cookie.match(/(?:^|; )csrf_token=([^;]+)/)||[])[1] ? decodeURIComponent((document.cookie.match(/(?:^|; )csrf_token=([^;]+)/)||[])[1]) : ''; - fetch('/editor/create', { + fetch(window.prefix('/editor/create'), { method: 'POST', headers: csrf ? { 'X-CSRF-Token': csrf } : {}, body: formData @@ -263,7 +263,7 @@ console.log('Hello, World!'); formData.append('path', uploadPath); try { - const resp = await fetch('/upload', { method: 'POST', body: formData }); + const resp = await fetch(window.prefix('/upload'), { method: 'POST', body: formData }); const data = await resp.json(); if (!resp.ok || !data.success) throw new Error(data.error || 'Upload failed'); diff --git a/web/templates/edit.html b/web/templates/edit.html index 099d842..4b9f39b 100644 --- a/web/templates/edit.html +++ b/web/templates/edit.html @@ -21,7 +21,7 @@ {{if .folder_path}}

- {{.folder_path}} + {{.folder_path}}

{{end}}
@@ -104,7 +104,7 @@ function buildImageURL(filename) { // Map Obsidian embed to server URL if (imageStorageMode === 2) { - return `/serve_stored_image/${filename}`; + return window.prefix(`/serve_stored_image/${filename}`); } let path = filename; if (imageStorageMode === 3 && currentFolderPath) { @@ -112,7 +112,7 @@ } else if (imageStorageMode === 4 && currentFolderPath) { path = `${currentFolderPath}/${imageSubfolderName}/${filename}`; } - return `/serve_attached_image/${path}`; + return window.prefix(`/serve_attached_image/${path}`); } function transformObsidianEmbeds(md) { @@ -161,7 +161,7 @@ // CSRF token from cookie const csrf = (document.cookie.match(/(?:^|; )csrf_token=([^;]+)/)||[])[1] ? decodeURIComponent((document.cookie.match(/(?:^|; )csrf_token=([^;]+)/)||[])[1]) : ''; - fetch('/editor/edit/' + notePath, { + fetch(window.prefix('/editor/edit/' + notePath), { method: 'POST', headers: csrf ? { 'X-CSRF-Token': csrf } : {}, body: formData @@ -300,7 +300,7 @@ formData.append('path', uploadPath); try { - const resp = await fetch('/upload', { method: 'POST', body: formData }); + const resp = await fetch(window.prefix('/upload'), { method: 'POST', body: formData }); const data = await resp.json(); if (!resp.ok || !data.success) throw new Error(data.error || 'Upload failed'); diff --git a/web/templates/edit_text.html b/web/templates/edit_text.html index c44521b..69550ac 100644 --- a/web/templates/edit_text.html +++ b/web/templates/edit_text.html @@ -24,7 +24,7 @@ {{if .folder_path}}

- {{.folder_path}} + {{.folder_path}}

{{end}}
@@ -171,7 +171,7 @@ formData.append('content', cm ? cm.getValue() : contentEl.value); const m = document.cookie.match(/(?:^|; )csrf_token=([^;]+)/); const csrf = m && m[1] ? decodeURIComponent(m[1]) : ''; - fetch('/editor/edit_text/' + filePath, { method: 'POST', headers: csrf ? { 'X-CSRF-Token': csrf } : {}, body: formData }) + fetch(window.prefix('/editor/edit_text/' + filePath), { method: 'POST', headers: csrf ? { 'X-CSRF-Token': csrf } : {}, body: formData }) .then(r => r.json()) .then(data => { if (data.success) { diff --git a/web/templates/error.html b/web/templates/error.html index c402674..f3d576f 100644 --- a/web/templates/error.html +++ b/web/templates/error.html @@ -21,7 +21,7 @@ {{end}}
- + Go Home - + New Note
@@ -70,22 +70,22 @@
{{if eq .Type "md"}} - + {{end}} {{if eq .Type "text"}} - + {{end}} {{if eq .Type "image"}} - + {{end}} {{if ne .Type "dir"}} - + {{end}} @@ -181,7 +181,7 @@ const m = document.cookie.match(/(?:^|; )csrf_token=([^;]+)/); const csrf = m && m[1] ? decodeURIComponent(m[1]) : ''; - fetch('/editor/upload', { + fetch(window.prefix('/editor/upload'), { method: 'POST', headers: csrf ? { 'X-CSRF-Token': csrf } : {}, body: formData @@ -213,13 +213,13 @@ const type = itemCard.dataset.type; if (type === 'dir') { - window.location.href = '/folder/' + path; + window.location.href = window.prefix('/folder/' + path); } else if (type === 'md') { - window.location.href = '/note/' + path; + window.location.href = window.prefix('/note/' + path); } else if (type === 'image') { - window.open('/serve_attached_image/' + path, '_blank'); + window.open(window.prefix('/serve_attached_image/' + path), '_blank'); } else { - window.location.href = '/view_text/' + path; + window.location.href = window.prefix('/view_text/' + path); } } }); @@ -242,7 +242,7 @@ if (deleteTarget) { const m = document.cookie.match(/(?:^|; )csrf_token=([^;]+)/); const csrf = m && m[1] ? decodeURIComponent(m[1]) : ''; - fetch('/editor/delete/' + deleteTarget, { + fetch(window.prefix('/editor/delete/' + deleteTarget), { method: 'DELETE', headers: csrf ? { 'X-CSRF-Token': csrf } : {} }) diff --git a/web/templates/login.html b/web/templates/login.html index 4831b8f..ae3da08 100644 --- a/web/templates/login.html +++ b/web/templates/login.html @@ -8,7 +8,7 @@ {{if .error}}
{{.error}}
{{end}} -
+
diff --git a/web/templates/mfa.html b/web/templates/mfa.html index 39ba62c..ddafe5a 100644 --- a/web/templates/mfa.html +++ b/web/templates/mfa.html @@ -11,7 +11,7 @@
{{.error}}
{{end}} - +
diff --git a/web/templates/mfa_setup.html b/web/templates/mfa_setup.html index e64a52c..2953288 100644 --- a/web/templates/mfa_setup.html +++ b/web/templates/mfa_setup.html @@ -45,11 +45,11 @@ const fd = new FormData(form); const params = new URLSearchParams(Array.from(fd.entries())); try { - const res = await fetch('/editor/profile/mfa/verify', { method: 'POST', headers: { 'X-CSRF-Token': getCSRF() }, body: params }); + const res = await fetch(window.prefix('/editor/profile/mfa/verify'), { method: 'POST', headers: { 'X-CSRF-Token': getCSRF() }, body: params }); const data = await res.json().catch(() => ({})); if (res.ok && data.success) { showNotification('MFA enabled', 'success'); - window.location.href = '/editor/profile'; + window.location.href = window.prefix('/editor/profile'); } else { throw new Error(data.error || res.statusText); } diff --git a/web/templates/note.html b/web/templates/note.html index 90507c8..572fc77 100644 --- a/web/templates/note.html +++ b/web/templates/note.html @@ -10,11 +10,11 @@

{{.title}}

{{if .Authenticated}} - + Edit {{end}} - + Download {{if .Authenticated}} @@ -28,7 +28,7 @@ {{if .folder_path}}

- {{.folder_path}} + {{.folder_path}}

{{end}}
@@ -79,13 +79,13 @@ document.addEventListener('DOMContentLoaded', function() { const path = deleteBtn.dataset.path; const m = document.cookie.match(/(?:^|; )csrf_token=([^;]+)/); const csrf = m && m[1] ? decodeURIComponent(m[1]) : ''; - fetch(`/editor/delete/${path}`, { + fetch(window.prefix(`/editor/delete/${path}`), { method: 'DELETE', headers: csrf ? { 'X-CSRF-Token': csrf } : {} }) .then(response => { if (response.ok) { - window.location.href = '/'; + window.location.href = window.prefix('/'); } else { alert('Error deleting note'); } diff --git a/web/templates/profile.html b/web/templates/profile.html index 36525fb..d274fde 100644 --- a/web/templates/profile.html +++ b/web/templates/profile.html @@ -96,7 +96,7 @@ if (emailForm) emailForm.addEventListener('submit', async (e) => { e.preventDefault(); try { - const res = await fetch('/editor/profile/email', { + const res = await fetch(window.prefix('/editor/profile/email'), { method: 'POST', headers: Object.assign({'X-CSRF-Token': getCSRF()}), body: formToJSON(emailForm) @@ -121,7 +121,7 @@ return; } try { - const res = await fetch('/editor/profile/password', { + const res = await fetch(window.prefix('/editor/profile/password'), { method: 'POST', headers: Object.assign({'X-CSRF-Token': getCSRF()}), body: formToJSON(passwordForm) @@ -141,7 +141,7 @@ async function toggleMFA(enable) { try { const url = enable ? '/editor/profile/mfa/enable' : '/editor/profile/mfa/disable'; - const res = await fetch(url, { method: 'POST', headers: {'X-CSRF-Token': getCSRF()} }); + const res = await fetch(window.prefix(url), { method: 'POST', headers: {'X-CSRF-Token': getCSRF()} }); const data = await res.json().catch(() => ({})); if (res.ok && data.success) { if (enable) { diff --git a/web/templates/settings.html b/web/templates/settings.html index 5ce01e1..48046e4 100644 --- a/web/templates/settings.html +++ b/web/templates/settings.html @@ -22,7 +22,7 @@

Access logs and security controls

- + View Logs
@@ -247,7 +247,7 @@ // Load current settings function loadSettings() { // Load image storage settings - fetch('/editor/settings/image_storage') + fetch(window.prefix('/editor/settings/image_storage')) .then(response => response.json()) .then(data => { document.querySelector(`input[name="storage_mode"][value="${data.mode}"]`).checked = true; @@ -258,7 +258,7 @@ .catch(error => console.error('Error loading image storage settings:', error)); // Load notes directory settings - fetch('/editor/settings/notes_dir') + fetch(window.prefix('/editor/settings/notes_dir')) .then(response => response.json()) .then(data => { document.getElementById('notes_dir').value = data.notes_dir || ''; @@ -266,7 +266,7 @@ .catch(error => console.error('Error loading notes directory settings:', error)); // Load file extensions settings - fetch('/editor/settings/file_extensions') + fetch(window.prefix('/editor/settings/file_extensions')) .then(response => response.json()) .then(data => { document.getElementById('allowed_image_extensions').value = data.allowed_image_extensions || ''; @@ -283,7 +283,7 @@ .catch(error => console.error('Error loading file extensions settings:', error)); // Load security settings - fetch('/editor/settings/security') + fetch(window.prefix('/editor/settings/security')) .then(response => response.json()) .then(data => { document.getElementById('pwd_failures_threshold').value = data.pwd_failures_threshold ?? ''; @@ -322,7 +322,7 @@ const csrf = (document.cookie.match(/(?:^|; )csrf_token=([^;]+)/)||[])[1] ? decodeURIComponent((document.cookie.match(/(?:^|; )csrf_token=([^;]+)/)||[])[1]) : ''; - fetch('/editor/settings/security', { + fetch(window.prefix('/editor/settings/security'), { method: 'POST', headers: csrf ? { 'X-CSRF-Token': csrf } : {}, body: formData @@ -348,7 +348,7 @@ const csrf = (document.cookie.match(/(?:^|; )csrf_token=([^;]+)/)||[])[1] ? decodeURIComponent((document.cookie.match(/(?:^|; )csrf_token=([^;]+)/)||[])[1]) : ''; - fetch('/editor/settings/image_storage', { + fetch(window.prefix('/editor/settings/image_storage'), { method: 'POST', headers: csrf ? { 'X-CSRF-Token': csrf } : {}, body: formData @@ -377,7 +377,7 @@ const csrf = (document.cookie.match(/(?:^|; )csrf_token=([^;]+)/)||[])[1] ? decodeURIComponent((document.cookie.match(/(?:^|; )csrf_token=([^;]+)/)||[])[1]) : ''; - fetch('/editor/settings/notes_dir', { + fetch(window.prefix('/editor/settings/notes_dir'), { method: 'POST', headers: csrf ? { 'X-CSRF-Token': csrf } : {}, body: formData @@ -406,7 +406,7 @@ const csrf = (document.cookie.match(/(?:^|; )csrf_token=([^;]+)/)||[])[1] ? decodeURIComponent((document.cookie.match(/(?:^|; )csrf_token=([^;]+)/)||[])[1]) : ''; - fetch('/editor/settings/file_extensions', { + fetch(window.prefix('/editor/settings/file_extensions'), { method: 'POST', headers: csrf ? { 'X-CSRF-Token': csrf } : {}, body: formData diff --git a/web/templates/view_text.html b/web/templates/view_text.html index 726b4fc..a18c8bd 100644 --- a/web/templates/view_text.html +++ b/web/templates/view_text.html @@ -10,11 +10,11 @@

{{.file_name}}

{{if and .Authenticated .is_editable}} - + Edit {{end}} - + Download {{if .Authenticated}} @@ -28,7 +28,7 @@ {{if .folder_path}}

- {{.folder_path}} + {{.folder_path}}

{{end}}
@@ -72,8 +72,11 @@ document.getElementById('confirm-delete').addEventListener('click', function() { if (deleteTarget) { - fetch('/delete/' + deleteTarget, { - method: 'DELETE' + const m = document.cookie.match(/(?:^|; )csrf_token=([^;]+)/); + const csrf = m && m[1] ? decodeURIComponent(m[1]) : ''; + fetch(window.prefix('/editor/delete/' + deleteTarget), { + method: 'DELETE', + headers: csrf ? { 'X-CSRF-Token': csrf } : {} }) .then(response => response.json()) .then(data => { @@ -82,9 +85,9 @@ // Redirect to folder or root const folderPath = '{{.folder_path}}'; if (folderPath) { - window.location.href = '/folder/' + folderPath; + window.location.href = window.prefix('/folder/' + folderPath); } else { - window.location.href = '/'; + window.location.href = window.prefix('/'); } } else { throw new Error(data.error || 'Delete failed');