mirror/Gokapi
1
0
Fork 0
mirror of https://github.com/Forceu/Gokapi.git synced 2025-12-29 21:09:34 -06:00
Code Issues Packages Projects Releases Wiki Activity

Add feature to add custom css/js instead of overwriting all content (#248)

Browse Source
This commit is contained in:
Marc Bulling
2025-05-19 20:43:18 +02:00
committed by GitHub
parent e41c4bd1ff
commit d4bfad90c3
26 changed files with 357 additions and 190 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@@ -11,3 +11,4 @@ internal/webserver/web/e2e.wasm
internal/webserver/web/static/js/wasm_exec.js
internal/webserver/web/static/js/min/wasm_exec.min.js
.vendor/
custom/

14
docs/advanced.rst
View File

@@ -363,10 +363,12 @@ If you are using a Docker image, this has to be done by starting a container wit
Customising
********************************
By default, all files are included in the executable. If you want to change the layout (e.g. add your company logo or change the app name etc.), follow these steps:
If you want to change the layout (e.g. add your company logo or add/disable certain features), follow these steps:
1. Download the source code for the Gokapi version you are using. It is either attached to the specific release `on Github <https://github.com/Forceu/Gokapi/releases>`_ or you can clone the repository and checkout the tag for the specific version.
2. Copy either the folder ``static``, ``templates`` or both from the ``internal/webserver/web`` folder to the directory where the executable is located (if you are using Docker, mount the folders into the the ``/app/`` directory, e.g. ``/app/templates``).
3. Make changes to the folders. ``static`` contains images, CSS files and JavaScript. ``templates`` contains the HTML code.
4. Restart the server. If the folders exist, the server will use the local files instead of the embedded files.
5. Optional: To embed the files permanently, copy the modified files back to the original folders and recompile with ``go generate ./...`` and then ``go build github.com/forceu/gokapi/cmd/gokapi``.
1. Create a new folder named ``custom`` where your executable is. When using Docker, mount a new folder to ``/app/custom/``. Any file in this directory will be publicly available in the sub-URL ``/custom/``.
2. To have custom CSS included, create a file in the folder named ``custom.css``. The CSS will be applied to all pages.
3. To have custom JavaScript included, create the file ``public.js`` for all public pages and/or ``admin.js`` for all admin-related pages. Please note that the ``admin.js`` will be readable to all users.
4. In order to prevent caching issues, you can version your files by creating the file ``version.txt`` with a version number.
5. Restart the server. If the folders exist, the server will now add the local files.
Optional: If you require further changes or want to embedded the changes permanently, you can clone the source code and then modify the templates in ``internal/webserver/web/templates``. Afterwards run ``make`` to build a new binary with these changes.

6
docs/conf.py
View File

@@ -18,7 +18,7 @@
# -- Project information -----------------------------------------------------
project = 'Gokapi Documentation'
copyright = '2024, Marc Ole Bulling'
copyright = '2025, Marc Ole Bulling'
author = 'Marc Ole Bulling'
# The full version, including alpha/beta/rc tags
@@ -53,7 +53,9 @@ html_theme = "sphinx_rtd_theme"
# Add any paths that contain custom static files (such as style sheets) here,
# relative to this directory. They are copied after the builtin static files,
# so a file named "default.css" will overwrite the builtin "default.css".
html_static_path = ['']
html_static_path = ['static']
html_css_files = ['custom.css']
master_doc = 'index'
#autosectionlabel_prefix_document = True

199
docs/examples.rst
View File

@@ -24,7 +24,7 @@ Nginx Configuration
ssl_certificate /your/certificate/fullchain.pem;
ssl_certificate_key /your/certificate/privkey.pem;
client_max_body_size 500M;
client_max_body_size 200M;
client_body_buffer_size 128k;
server_name your.server.url;
@@ -123,46 +123,40 @@ See the `Authelia documentation <https://www.authelia.com/configuration/identity
* Set ``authorization_policy`` to ``two_factor`` to use OTP or a hardware key.
* If ``consent_mode`` is ``pre-configured``, the user has the option to remember consent. That way you can use a lower ``Recheck identity`` interval in Gokapi. Logout through the Gokapi interface will not be possible anymore, unless the user logs out their Authelia account. If the option is set to ``explicit``, the user always has to grant the permission after the ``Recheck identity`` interval has passed
* ``scopes`` may exclude ``email`` and ``groups`` if these are not required for authentication, e.g. if all users registered with Authelia may access Gokapi.
* ``scopes`` may exclude ``groups`` if these are not required for authentication, e.g. if all users registered with Authelia may access Gokapi.
* Make sure ``redirect_uris`` is set to the correct value
Gokapi Configuration
""""""""""""""""""""""
+--------------------------+-----------------------------------------------------------+-----------------------------------------+
| Gokapi Configuration | Input | Example |
+==========================+===========================================================+=========================================+
| Provider URL | URL to Authelia Server | \https://auth.autheliaserver.com |
+--------------------------+-----------------------------------------------------------+-----------------------------------------+
| Client ID | Client ID provided in config | gokapi-dev |
+--------------------------+-----------------------------------------------------------+-----------------------------------------+
| Client Secret | Client secret provided in config | AhXeV7_EXAMPLE_KEY |
+--------------------------+-----------------------------------------------------------+-----------------------------------------+
| Recheck identity | If mode is ``pre-configured``, use a low interval | 12 hours |
+--------------------------+-----------------------------------------------------------+-----------------------------------------+
| Restrict to user | Check this, if only certain users shall be allowed to | checked |
| | | |
| | access Gokapi admin menu | |
+--------------------------+-----------------------------------------------------------+-----------------------------------------+
| Scope identifier (user) | Use a scope that is unique to the user, e.g. the username | email |
| | | |
| | or the email | |
+--------------------------+-----------------------------------------------------------+-----------------------------------------+
| Authorised users | Enter all users, separated by semicolon | \*\@company.com;admin\@othercompany.com |
| | | |
| | ``*`` can be used as a wildcard | |
+--------------------------+-----------------------------------------------------------+-----------------------------------------+
| Restrict to group | Check this, if only users from certain groups shall be | checked |
| | | |
| | allowed to access Gokapi admin menu | |
+--------------------------+-----------------------------------------------------------+-----------------------------------------+
| Scope identifier (group) | Use a scope that lists the user's groups | groups |
+--------------------------+-----------------------------------------------------------+-----------------------------------------+
| Authorised groups | Enter all groups, separated by semicolon | dev;admins;gokapi-* |
| | | |
| | ``*`` can be used as a wildcard | |
+--------------------------+-----------------------------------------------------------+-----------------------------------------+
+---------------------------+-------------------------------------------------------------+-----------------------------------------+
| Gokapi Configuration | Input | Example |
+===========================+=============================================================+=========================================+
| Provider URL | URL to Authelia Server | \https://auth.autheliaserver.com |
+---------------------------+-------------------------------------------------------------+-----------------------------------------+
| Client ID | Client ID provided in config | gokapi-dev |
+---------------------------+-------------------------------------------------------------+-----------------------------------------+
| Client Secret | Client secret provided in config | AhXeV7_EXAMPLE_KEY |
+---------------------------+-------------------------------------------------------------+-----------------------------------------+
| Admin email address | The email address for the super-admin | gokapi@example.com |
+---------------------------+-------------------------------------------------------------+-----------------------------------------+
| Recheck identity | If mode is ``pre-configured``, use a low interval | 12 hours |
+---------------------------+-------------------------------------------------------------+-----------------------------------------+
| Restrict to group | Check this, if only users from certain groups shall be | checked |
| | | |
| | allowed to access Gokapi admin menu | |
+---------------------------+-------------------------------------------------------------+-----------------------------------------+
| Scope identifier (group) | Use a scope that lists the user's groups | groups |
+---------------------------+-------------------------------------------------------------+-----------------------------------------+
| Authorised groups | Enter all groups, separated by semicolon | dev;admins;gokapi-* |
| | | |
| | ``*`` can be used as a wildcard | |
+---------------------------+-------------------------------------------------------------+-----------------------------------------+
| Only allow existing users | Check this, if you do not want authenticated users to | unchecked |
| | | |
| | automatically create a new account or restore a deleted one | |
+---------------------------+-------------------------------------------------------------+-----------------------------------------+
.. _oidcconfig_keycloak:
@@ -230,39 +224,33 @@ Addding a scope for exposing groups (optional)
Gokapi Configuration
""""""""""""""""""""""
+--------------------------+-----------------------------------------------------------------------+--------------------------------------------+
| Gokapi Configuration | Input | Example |
+==========================+=======================================================================+============================================+
| Provider URL | URL to Keycloak realm | \http://keycloak.server.com/realms/master |
+--------------------------+-----------------------------------------------------------------------+--------------------------------------------+
| Client ID | Client ID provided | gokapi-dev |
+--------------------------+-----------------------------------------------------------------------+--------------------------------------------+
| Client Secret | Client secret provided | AhXeV7_EXAMPLE_KEY |
+--------------------------+-----------------------------------------------------------------------+--------------------------------------------+
| Recheck identity | If open ``Consent required`` is disabled, use a low interval | 12 hours |
+--------------------------+-----------------------------------------------------------------------+--------------------------------------------+
| Restrict to user | Check this, if only certain users shall be allowed to | checked |
| | | |
| | access Gokapi admin menu | |
+--------------------------+-----------------------------------------------------------------------+--------------------------------------------+
| Scope identifier (user) | Use a scope that is unique to the user, e.g. the username | email |
| | | |
| | or the email | |
+--------------------------+-----------------------------------------------------------------------+--------------------------------------------+
| Authorised users | Enter all users, separated by semicolon | \*\@company.com;admin\@othercompany.com |
| | | |
| | ``*`` can be used as a wildcard | |
+--------------------------+-----------------------------------------------------------------------+--------------------------------------------+
| Restrict to group | Check this, if only users from certain groups shall be | checked |
| | | |
| | allowed to access Gokapi admin menu | |
+--------------------------+-----------------------------------------------------------------------+--------------------------------------------+
| Scope identifier (group) | Use a scope that lists the user's groups | groups |
+--------------------------+-----------------------------------------------------------------------+--------------------------------------------+
| Authorised groups | Enter all groups, separated by semicolon | dev;admins;gokapi-* |
| | | |
| | ``*`` can be used as a wildcard | |
+--------------------------+-----------------------------------------------------------------------+--------------------------------------------+
+---------------------------+-----------------------------------------------------------------------+--------------------------------------------+
| Gokapi Configuration | Input | Example |
+===========================+=======================================================================+============================================+
| Provider URL | URL to Keycloak realm | \http://keycloak.server.com/realms/master |
+---------------------------+-----------------------------------------------------------------------+--------------------------------------------+
| Client ID | Client ID provided | gokapi-dev |
+---------------------------+-----------------------------------------------------------------------+--------------------------------------------+
| Client Secret | Client secret provided | AhXeV7_EXAMPLE_KEY |
+---------------------------+-----------------------------------------------------------------------+--------------------------------------------+
| Recheck identity | If open ``Consent required`` is disabled, use a low interval | 12 hours |
+---------------------------+-----------------------------------------------------------------------+--------------------------------------------+
| Admin email address | The email address for the super-admin | gokapi@example.com |
+---------------------------+-----------------------------------------------------------------------+--------------------------------------------+
| Restrict to group | Check this, if only users from certain groups shall be | checked |
| | | |
| | allowed to access Gokapi admin menu | |
+---------------------------+-----------------------------------------------------------------------+--------------------------------------------+
| Scope identifier (group) | Use a scope that lists the user's groups | groups |
+---------------------------+-----------------------------------------------------------------------+--------------------------------------------+
| Authorised groups | Enter all groups, separated by semicolon | dev;admins;gokapi-* |
| | | |
| | ``*`` can be used as a wildcard | |
+---------------------------+-----------------------------------------------------------------------+--------------------------------------------+
| Only allow existing users | Check this, if you do not want authenticated users to | unchecked |
| | | |
| | automatically create a new account or restore a deleted one | |
+---------------------------+-----------------------------------------------------------------------+--------------------------------------------+
.. note::
@@ -293,28 +281,25 @@ Server Configuration
Gokapi Configuration
""""""""""""""""""""""
+-------------------------+--------------------------------------------------+----------------------------------+
| Gokapi Configuration | Input | Example |
+=========================+==================================================+==================================+
| Provider URL | \https://accounts.google.com | \https://accounts.google.com |
+-------------------------+--------------------------------------------------+----------------------------------+
| Client ID | Client ID provided | XXX.apps.googleusercontent.com |
+-------------------------+--------------------------------------------------+----------------------------------+
| Client Secret | Client secret provided | AhXeV7_EXAMPLE_KEY |
+-------------------------+--------------------------------------------------+----------------------------------+
| Recheck identity | Use a low interval | 12 hours |
+-------------------------+--------------------------------------------------+----------------------------------+
| Restrict to user | Check this, otherwise any Google user can access | checked |
| | | |
| | | |
| | your Gokapi admin menu | |
+-------------------------+--------------------------------------------------+----------------------------------+
| Scope identifier (user) | email | email |
+-------------------------+--------------------------------------------------+----------------------------------+
| Authorised users | Enter all users, separated by semicolon | user\@gmail.com;admin\@gmail.com |
+-------------------------+--------------------------------------------------+----------------------------------+
| Restrict to group | Unsupported | unchecked |
+-------------------------+--------------------------------------------------+----------------------------------+
+---------------------------+-------------------------------------------------------------+----------------------------------+
| Gokapi Configuration | Input | Example |
+===========================+=============================================================+==================================+
| Provider URL | \https://accounts.google.com | \https://accounts.google.com |
+---------------------------+-------------------------------------------------------------+----------------------------------+
| Client ID | Client ID provided | XXX.apps.googleusercontent.com |
+---------------------------+-------------------------------------------------------------+----------------------------------+
| Client Secret | Client secret provided | AhXeV7_EXAMPLE_KEY |
+---------------------------+-------------------------------------------------------------+----------------------------------+
| Recheck identity | Use a low interval | 12 hours |
+---------------------------+-------------------------------------------------------------+----------------------------------+
| Admin email address | The email address for the super-admin | gokapi@example.com |
+---------------------------+-------------------------------------------------------------+----------------------------------+
| Restrict to group | Unsupported | unchecked |
+---------------------------+-------------------------------------------------------------+----------------------------------+
| Only allow existing users | Check this, if you do not want authenticated users to | unchecked |
| | | |
| | automatically create a new account or restore a deleted one | |
+---------------------------+-------------------------------------------------------------+----------------------------------+
@@ -359,18 +344,22 @@ Optional: Restricting Gokapi to specific users or groups:
Gokapi Configuration
""""""""""""""""""""""
+----------------------+-------------------------------------------------------------------+-----------------------------------------------------------------------------+
| Gokapi Configuration | Input | Example |
+======================+===================================================================+=============================================================================+
| Provider URL | \https://login.microsoftonline.com/REALM/v2.0/, replace ``REALM`` | \https://login.microsoftonline.com/abcdef-1234-4678-9540-abcdefabcdef/v2.0/ |
+----------------------+-------------------------------------------------------------------+-----------------------------------------------------------------------------+
| Client ID | Client ID provided | 11111122222-4444-55555-66666-abcdefabcdef |
+----------------------+-------------------------------------------------------------------+-----------------------------------------------------------------------------+
| Client Secret | Client secret provided | ach5sho3Ru-Heop7aMaez-example |
+----------------------+-------------------------------------------------------------------+-----------------------------------------------------------------------------+
| Recheck identity | Use a low interval | 12 hours |
+----------------------+-------------------------------------------------------------------+-----------------------------------------------------------------------------+
| Restrict to user | Unsupported | unchecked |
+----------------------+-------------------------------------------------------------------+-----------------------------------------------------------------------------+
| Restrict to group | Unsupported | unchecked |
+----------------------+-------------------------------------------------------------------+-----------------------------------------------------------------------------+
+---------------------------+-------------------------------------------------------------------+-----------------------------------------------------------------------------+
| Gokapi Configuration | Input | Example |
+===========================+===================================================================+=============================================================================+
| Provider URL | \https://login.microsoftonline.com/REALM/v2.0/, replace ``REALM`` | \https://login.microsoftonline.com/abcdef-1234-4678-9540-abcdefabcdef/v2.0/ |
+---------------------------+-------------------------------------------------------------------+-----------------------------------------------------------------------------+
| Client ID | Client ID provided | 11111122222-4444-55555-66666-abcdefabcdef |
+---------------------------+-------------------------------------------------------------------+-----------------------------------------------------------------------------+
| Client Secret | Client secret provided | ach5sho3Ru-Heop7aMaez-example |
+---------------------------+-------------------------------------------------------------------+-----------------------------------------------------------------------------+
| Admin email address | The email address for the super-admin | gokapi@example.com |
+---------------------------+-------------------------------------------------------------------+-----------------------------------------------------------------------------+
| Recheck identity | Use a low interval | 12 hours |
+---------------------------+-------------------------------------------------------------------+-----------------------------------------------------------------------------+
| Restrict to group | Unsupported | unchecked |
+---------------------------+-------------------------------------------------------------------+-----------------------------------------------------------------------------+
| Only allow existing users | Check this, if you do not want authenticated users to | checked |
| | | |
| | automatically create a new account or restore a deleted one | |
+---------------------------+-------------------------------------------------------------------+-----------------------------------------------------------------------------+

84
docs/setup.rst
View File

@@ -117,6 +117,7 @@ The following configuration can be set:
- **Use SSL** Generates a self-signed SSL certificate (which can be replaced with a valid one). Select this if you are not running Gokapi behind a reverse proxy. Please note: Gokapi needs to be restarted in order to renew a certificate.
- **Save IP** If set, the IP address of the client requesting a download will be saved to the log file. This might not be GDPR compliant.
- **Include filename in download URL** If set, all Gokapi URLs for file downloads will include the filename as well. Example: ``https:/gokapi.server/d/1234/File.pdf`` instead of ``https:/gokapi.server/d?id=1234``
- **Public Name** The name that is set in the title. You can for example use your company name
- **Webserver Port** Set the port that Gokapi can be accessed on
- **Public Facing URL** Enter the URL where users from an external network can use to reach Gokapi. The URL will be used for generating download links
- **Redirection URL** By default Gokapi redirects to this URL instead of showing a generic page if no download link was passed
@@ -132,13 +133,13 @@ The following configuration can be set:
Authentication
""""""""""""""
This menu guides you through the authentication setup, where you select how an admin user logs in (only user that can upload files). It is possible to disable authentication completely, but strongly discouraged.
This menu guides you through the authentication setup, where you select how users log in. It is possible to disable authentication completely, but strongly discouraged.
Username / Password
*********************
The default authentication method. A single admin user will be generated that authenticates with a password
The default authentication method. All users authenticate with a username and password. In the next step, you will be asked for the credentials for an admin account.
OAuth2 OpenID Connect
@@ -147,49 +148,44 @@ OAuth2 OpenID Connect
Setup interface
========================
Use this to authenticate with an OIDC server, e.g. Google or an internal server like Authelia or Keycloak.
Use this to authenticate with an OIDC server, e.g. Google or an internal server like Authelia or Keycloak. It is required that users have an email associated with their OIDC account.
+---------------------+---------------------------------------------------------------------------------------------------+-----------------------------------------+
| Option | Expected Entry | Example |
+=====================+===================================================================================================+=========================================+
| Provider URL | The URL to connect to the OIDC server | https://accounts.google.com |
+---------------------+---------------------------------------------------------------------------------------------------+-----------------------------------------+
| Client ID | Client ID provided by the OIDC server | [random String] |
+---------------------+---------------------------------------------------------------------------------------------------+-----------------------------------------+
| Client Secret | Client secret provided by the OIDC server | [random String] |
+---------------------+---------------------------------------------------------------------------------------------------+-----------------------------------------+
| Admin email | The email address used to identify the super-admin | gokapi@company.com |
+---------------------+---------------------------------------------------------------------------------------------------+-----------------------------------------+
| Recheck identity | How often to recheck identity. | 12 hours |
| | | |
| | If the OIDC server is configured to remember the consent, the user should not receive any further | |
| | | |
| | login prompts and it can be ensured, that the user still exist on the server. | |
| | | |
| | Otherwise the user has actively grant access every time the identity is rechecked. In that case | |
| | | |
| | a higher interval would make sense. | |
+---------------------+---------------------------------------------------------------------------------------------------+-----------------------------------------+
| Restrict to groups | Only allow users that are part of authorised groups to access Gokapi | true |
+---------------------+---------------------------------------------------------------------------------------------------+-----------------------------------------+
| Scope for groups | The OIDC scope that contains the group info | groups |
+---------------------+---------------------------------------------------------------------------------------------------+-----------------------------------------+
| Only existing users | When selected, a new user will not be created automatically | checked |
+---------------------+---------------------------------------------------------------------------------------------------+-----------------------------------------+
| Authorised groups | List of groups that are authorised to log their users in as an admin, separated by semicolon. | admin;dev;gokapi-\* |
| | | |
| | ``*`` can be used as a wildcard | |
+---------------------+---------------------------------------------------------------------------------------------------+-----------------------------------------+
+--------------------+---------------------------------------------------------------------------------------------------+-----------------------------------------+
| Option | Expected Entry | Example |
+====================+===================================================================================================+=========================================+
| Provider URL | The URL to connect to the OIDC server | https://accounts.google.com |
+--------------------+---------------------------------------------------------------------------------------------------+-----------------------------------------+
| Client ID | Client ID provided by the OIDC server | [random String] |
+--------------------+---------------------------------------------------------------------------------------------------+-----------------------------------------+
| Client Secret | Client secret provided by the OIDC server | [random String] |
+--------------------+---------------------------------------------------------------------------------------------------+-----------------------------------------+
| Recheck identity | How often to recheck identity. | 12 hours |
| | | |
| | If the OIDC server is configured to remember the consent, the user should not receive any further | |
| | | |
| | login prompts and it can be ensured, that the user still exist on the server. | |
| | | |
| | Otherwise the user has actively grant access every time the identity is rechecked. In that case | |
| | | |
| | a higher interval would make sense. | |
+--------------------+---------------------------------------------------------------------------------------------------+-----------------------------------------+
| Restrict to users | Only allow authorised users to access Gokapi that are listed below | true |
+--------------------+---------------------------------------------------------------------------------------------------+-----------------------------------------+
| Scope for users | The OIDC scope that contains the user info | email |
+--------------------+---------------------------------------------------------------------------------------------------+-----------------------------------------+
| Authorised users | List of users that are authorised to log in as an admin, separated by semicolon. | \*\@company.com;admin\@othercompany.com |
| | | |
| | ``*`` can be used as a wildcard | |
+--------------------+---------------------------------------------------------------------------------------------------+-----------------------------------------+
| Restrict to groups | Only allow users that are part of authorised groups to access Gokapi | true |
+--------------------+---------------------------------------------------------------------------------------------------+-----------------------------------------+
| Scope for groups | The OIDC scope that contains the group info | groups |
+--------------------+---------------------------------------------------------------------------------------------------+-----------------------------------------+
| Authorised groups | List of groups that are authorised to log their users in as an admin, separated by semicolon. | admin;dev;gokapi-\* |
| | | |
| | ``*`` can be used as a wildcard | |
+--------------------+---------------------------------------------------------------------------------------------------+-----------------------------------------+
.. note::
If login is restricted to users and groups, both need to be present for a user to access. That means if a user has only one of the two factors, access to the admin menu will be denied.
.. note::
A user will be authenticated until the time specified in ``Recheck identity`` has passed. To log out all users immediately, re-run the setup with `--reconfigure`` and complete it. Thereafter all active session will be deleted.
If a user was disabled in OIDC, the they will still be able to login to Gokapi until the time specified in ``Recheck identity`` has passed. To prevent the user from
logging in immediately, the respective Gokapi user account should be deleted through the UI.
.. note::
@@ -217,7 +213,7 @@ Header Authentication
Only use this if you are running Gokapi behind a reverse proxy that is capable of authenticating users, e.g. by using Authelia or Authentik. Keycloak does apparently not support this feature.
Enter the key of the header that returns the username. For Authelia this would be ``Remote-User`` and for Authentik ``X-authentik-username``.
Separate users with a semicolon or leave blank to allow any authenticated user, e.g. ``gokapiuser@gmail.com;companyadmin@gmail.com``
Enter the username for the admin in the respective field. If ``Only allow already existing users to log in``, new users will not be able to use Gokapi until an account was created through the UI.
Disabled / Access Restriction
@@ -245,7 +241,7 @@ This option disables Gokapis internal authentication completely, except for API
Storage
""""""""""""""
Here you can choose where uploaded files shall be stored. Use the option to always store image files to the local storage, if you want to use encryption for cloudstorage, but require hotlink support.
Here you can choose where uploaded files shall be stored. If you select cloud storage, you have the option to always store image files to the local storage. That way you can use encryption for cloudstorage, but also have hotlink support.
If using cloud storage, by default Gokapi creates a pre-signed download link for files to be downloaded (basically a URL that can only be used for a very short time). If your storage is not accessible from the internet or if you prefer to not expose any cloud storage URLs, you can choose to proxy the downloads. That way Gokapi downloads them and passes them to the user through the Gokapi service.

3
docs/static/custom.css vendored Normal file
View File

@@ -0,0 +1,3 @@
.wy-nav-content {
max-width: 80% !important;
}

2
internal/configuration/setup/templates/setup.tmpl
View File

@@ -280,7 +280,7 @@
<div class="wizard-input-section">
<div class="form-group">
<p>
Please enter the OIDC client configuration. Multiple users and groups can be separated with a semicolon. The <a href="https://gokapi.readthedocs.io/en/stable/setup.html#oauth2-openid-connect" target="_blank" rel="noopener noreferrer">documentation</a> has examples on how to configure for different providers.<br>
Please enter the OIDC client configuration. Groups can be separated with a semicolon. The <a href="https://gokapi.readthedocs.io/en/stable/setup.html#oauth2-openid-connect" target="_blank" rel="noopener noreferrer">documentation</a> has examples on how to configure for different providers.<br>
</p>
<div class="col-sm-8" style="width:90%">

95
internal/webserver/CustomStaticContent.go Normal file
View File

@@ -0,0 +1,95 @@
package webserver
import (
"bufio"
"fmt"
"github.com/NYTimes/gziphandler"
"github.com/forceu/gokapi/internal/helper"
"net/http"
"os"
"strconv"
"strings"
)
const pathCustomFolder = "custom/"
const pathCustomCss = pathCustomFolder + "custom.css"
const pathCustomPublicJs = pathCustomFolder + "public.js"
const pathCustomAdminJs = pathCustomFolder + "admin.js"
const pathCustomVersioning = pathCustomFolder + "version.txt"
type customStatic struct {
Version string
CustomFolderExists bool
UseCustomCss bool
UseCustomPublicJs bool
UseCustomAdminJs bool
}
func loadCustomCssJsInfo() {
customStaticInfo = customStatic{}
folderExists := helper.FolderExists(pathCustomFolder)
customStaticInfo.CustomFolderExists = folderExists
if !folderExists {
return
}
customStaticInfo.Version = strconv.Itoa(readCustomStaticVersion())
customStaticInfo.UseCustomCss = helper.FileExists(pathCustomCss)
customStaticInfo.UseCustomPublicJs = helper.FileExists(pathCustomPublicJs)
customStaticInfo.UseCustomAdminJs = helper.FileExists(pathCustomAdminJs)
}
func addMuxForCustomContent(mux *http.ServeMux) {
if !customStaticInfo.CustomFolderExists {
return
}
fmt.Println("Serving custom static content")
// Serve the user-created "custom" folder to /custom
mux.Handle("/custom/", http.StripPrefix("/custom/", http.FileServer(http.Dir(pathCustomFolder))))
// Allow versioning to prevent caching old version
if customStaticInfo.UseCustomCss {
mux.Handle("/custom/custom.v"+customStaticInfo.Version+".css", gziphandler.GzipHandler(http.HandlerFunc(serveCustomCss)))
}
if customStaticInfo.UseCustomPublicJs {
mux.Handle("/custom/public.v"+customStaticInfo.Version+".js", gziphandler.GzipHandler(http.HandlerFunc(serveCustomPublicJs)))
}
if customStaticInfo.UseCustomAdminJs {
mux.Handle("/custom/admin.v"+customStaticInfo.Version+".js", gziphandler.GzipHandler(http.HandlerFunc(serveCustomAdminJs)))
}
}
func serveCustomCss(w http.ResponseWriter, r *http.Request) {
serveCustomFile(pathCustomCss, w, r)
}
func serveCustomPublicJs(w http.ResponseWriter, r *http.Request) {
serveCustomFile(pathCustomPublicJs, w, r)
}
func serveCustomAdminJs(w http.ResponseWriter, r *http.Request) {
serveCustomFile(pathCustomAdminJs, w, r)
}
func serveCustomFile(filePath string, w http.ResponseWriter, r *http.Request) {
w.Header().Add("Cache-Control", "public, max-age=100800") // 2 days
http.ServeFile(w, r, filePath)
}
func readCustomStaticVersion() int {
if !helper.FileExists(pathCustomVersioning) {
return 0
}
file, err := os.Open(pathCustomVersioning)
if err != nil {
fmt.Println(err)
return 0
}
defer file.Close()
sc := bufio.NewScanner(file)
if !sc.Scan() {
return 0
}
line := strings.TrimSpace(sc.Text())
version, err := strconv.Atoi(line)
if err != nil {
fmt.Println("Content of " + pathCustomVersioning + " must be numerical")
}
return version
}

79
internal/webserver/Webserver.go
View File

@@ -63,14 +63,19 @@ var wasmDownloadFile embed.FS
//go:embed web/e2e.wasm
var wasmE2EFile embed.FS
const timeOutWebserverRead = 12 * time.Hour
const timeOutWebserverRead = 2 * time.Hour
const timeOutWebserverWrite = 12 * time.Hour
// Variable containing all parsed templates
// templateFolder contains all parsed templates
var templateFolder *template.Template
// customStaticInfo is passed to all templates, so custom CSS or JS can be embedded
var customStaticInfo customStatic
// imageExpiredPicture is sent for an expired hotlink
var imageExpiredPicture []byte
// srv is the web server that is used for this module
var srv http.Server
// Start the webserver on the port set in the config
@@ -80,15 +85,10 @@ func Start() {
var err error
mux := http.NewServeMux()
if helper.FolderExists("static") {
fmt.Println("Found folder 'static', using local folder instead of internal static folder")
mux.Handle("/", http.FileServer(http.Dir("static")))
} else {
mux.Handle("/", http.FileServer(http.FS(webserverDir)))
}
loadCustomCssJsInfo()
loadExpiryImage()
mux.Handle("/", http.FileServer(http.FS(webserverDir)))
mux.HandleFunc("/admin", requireLogin(showAdminMenu, true, false))
mux.HandleFunc("/api/", processApi)
mux.HandleFunc("/apiKeys", requireLogin(showApiAdmin, true, false))
@@ -113,10 +113,11 @@ func Start() {
mux.HandleFunc("/users", requireLogin(showUserAdmin, true, false))
mux.Handle("/main.wasm", gziphandler.GzipHandler(http.HandlerFunc(serveDownloadWasm)))
mux.Handle("/e2e.wasm", gziphandler.GzipHandler(http.HandlerFunc(serveE2EWasm)))
mux.HandleFunc("/d/{id}/{filename}", redirectFromFilename)
mux.HandleFunc("/dh/{id}/{filename}", downloadFileWithNameInUrl)
addMuxForCustomContent(mux)
if configuration.Get().Authentication.Method == models.AuthenticationOAuth2 {
oauth.Init(configuration.Get().ServerUrl, configuration.Get().Authentication)
mux.HandleFunc("/oauth-login", oauth.HandlerLogin)
@@ -255,7 +256,9 @@ func doLogout(w http.ResponseWriter, r *http.Request) {
// Handling of /index and redirecting to globalConfig.RedirectUrl
func showIndex(w http.ResponseWriter, r *http.Request) {
err := templateFolder.ExecuteTemplate(w, "index", genericView{RedirectUrl: configuration.Get().RedirectUrl, PublicName: configuration.Get().PublicName})
err := templateFolder.ExecuteTemplate(w, "index", genericView{RedirectUrl: configuration.Get().RedirectUrl,
PublicName: configuration.Get().PublicName,
CustomContent: customStaticInfo})
helper.CheckIgnoreTimeout(err)
}
@@ -292,7 +295,8 @@ func changePassword(w http.ResponseWriter, r *http.Request) {
err = templateFolder.ExecuteTemplate(w, "changepw",
genericView{PublicName: configuration.Get().PublicName,
MinPasswordLength: configuration.MinLengthPassword,
ErrorMessage: errMessage})
ErrorMessage: errMessage,
CustomContent: customStaticInfo})
helper.CheckIgnoreTimeout(err)
}
@@ -323,25 +327,33 @@ func showError(w http.ResponseWriter, r *http.Request) {
if r.URL.Query().Has("key") {
errorReason = wrongCipher
}
err := templateFolder.ExecuteTemplate(w, "error", genericView{ErrorId: errorReason, PublicName: configuration.Get().PublicName})
err := templateFolder.ExecuteTemplate(w, "error", genericView{
ErrorId: errorReason,
PublicName: configuration.Get().PublicName,
CustomContent: customStaticInfo})
helper.CheckIgnoreTimeout(err)
}
// Handling of /error-auth
func showErrorAuth(w http.ResponseWriter, r *http.Request) {
err := templateFolder.ExecuteTemplate(w, "error_auth", genericView{PublicName: configuration.Get().PublicName})
err := templateFolder.ExecuteTemplate(w, "error_auth", genericView{
PublicName: configuration.Get().PublicName,
CustomContent: customStaticInfo})
helper.CheckIgnoreTimeout(err)
}
// Handling of /error-header
func showErrorHeader(w http.ResponseWriter, r *http.Request) {
err := templateFolder.ExecuteTemplate(w, "error_auth_header", genericView{PublicName: configuration.Get().PublicName})
err := templateFolder.ExecuteTemplate(w, "error_auth_header", genericView{
PublicName: configuration.Get().PublicName,
CustomContent: customStaticInfo})
helper.CheckIgnoreTimeout(err)
}
// Handling of /error-oauth
func showErrorIntOAuth(w http.ResponseWriter, r *http.Request) {
view := oauthErrorView{PublicName: configuration.Get().PublicName}
view := oauthErrorView{PublicName: configuration.Get().PublicName,
CustomContent: customStaticInfo}
view.IsAuthDenied = r.URL.Query().Get("isDenied") == "true"
view.ErrorProvidedName = r.URL.Query().Get("error")
view.ErrorProvidedMessage = r.URL.Query().Get("error_description")
@@ -352,7 +364,9 @@ func showErrorIntOAuth(w http.ResponseWriter, r *http.Request) {
// Handling of /forgotpw
func forgotPassword(w http.ResponseWriter, r *http.Request) {
err := templateFolder.ExecuteTemplate(w, "forgotpw", genericView{PublicName: configuration.Get().PublicName})
err := templateFolder.ExecuteTemplate(w, "forgotpw", genericView{
PublicName: configuration.Get().PublicName,
CustomContent: customStaticInfo})
helper.CheckIgnoreTimeout(err)
}
@@ -363,7 +377,7 @@ func showApiAdmin(w http.ResponseWriter, r *http.Request) {
if err != nil {
panic(err)
}
view := (&UploadView{}).convertGlobalConfig(ViewAPI, userId)
view := (&AdminView{}).convertGlobalConfig(ViewAPI, userId)
err = templateFolder.ExecuteTemplate(w, "api", view)
helper.CheckIgnoreTimeout(err)
}
@@ -375,7 +389,7 @@ func showUserAdmin(w http.ResponseWriter, r *http.Request) {
if err != nil {
panic(err)
}
view := (&UploadView{}).convertGlobalConfig(ViewUsers, userId)
view := (&AdminView{}).convertGlobalConfig(ViewUsers, userId)
if !view.ActiveUser.HasPermissionManageUsers() || configuration.Get().Authentication.Method == models.AuthenticationDisabled {
redirect(w, "admin")
return
@@ -437,6 +451,7 @@ func showLogin(w http.ResponseWriter, r *http.Request) {
User: user,
IsAdminView: false,
PublicName: configuration.Get().PublicName,
CustomContent: customStaticInfo,
})
helper.CheckIgnoreTimeout(err)
}
@@ -448,6 +463,7 @@ type LoginView struct {
IsDownloadView bool
User string
PublicName string
CustomContent customStatic
}
// Handling of /d
@@ -474,6 +490,7 @@ func showDownload(w http.ResponseWriter, r *http.Request) {
BaseUrl: config.ServerUrl,
IsFailedLogin: false,
UsesHttps: configuration.UsesHttps(),
CustomContent: customStaticInfo,
}
if file.RequiresClientDecryption() {
@@ -600,7 +617,6 @@ func queryUrl(w http.ResponseWriter, r *http.Request, redirectUrl string) string
// Handling of /admin
// If user is authenticated, this menu lists all uploads and enables uploading new files
func showAdminMenu(w http.ResponseWriter, r *http.Request) {
user, err := authentication.GetUserFromRequest(r)
if err != nil {
panic(err)
@@ -613,7 +629,7 @@ func showAdminMenu(w http.ResponseWriter, r *http.Request) {
return
}
}
err = templateFolder.ExecuteTemplate(w, "admin", (&UploadView{}).convertGlobalConfig(ViewMain, user))
err = templateFolder.ExecuteTemplate(w, "admin", (&AdminView{}).convertGlobalConfig(ViewMain, user))
helper.CheckIgnoreTimeout(err)
}
@@ -624,7 +640,7 @@ func showLogs(w http.ResponseWriter, r *http.Request) {
if err != nil {
panic(err)
}
view := (&UploadView{}).convertGlobalConfig(ViewLogs, user)
view := (&AdminView{}).convertGlobalConfig(ViewLogs, user)
if !view.ActiveUser.HasPermissionManageLogs() {
redirect(w, "admin")
return
@@ -644,7 +660,10 @@ func showE2ESetup(w http.ResponseWriter, r *http.Request) {
panic(err)
}
e2einfo := database.GetEnd2EndInfo(user.Id)
err = templateFolder.ExecuteTemplate(w, "e2esetup", e2ESetupView{HasBeenSetup: e2einfo.HasBeenSetUp(), PublicName: configuration.Get().PublicName})
err = templateFolder.ExecuteTemplate(w, "e2esetup", e2ESetupView{
HasBeenSetup: e2einfo.HasBeenSetUp(),
PublicName: configuration.Get().PublicName,
CustomContent: customStaticInfo})
helper.CheckIgnoreTimeout(err)
}
@@ -663,6 +682,7 @@ type DownloadView struct {
ClientSideDecryption bool
EndToEndEncryption bool
UsesHttps bool
CustomContent customStatic
}
type e2ESetupView struct {
@@ -670,10 +690,11 @@ type e2ESetupView struct {
IsDownloadView bool
HasBeenSetup bool
PublicName string
CustomContent customStatic
}
// UploadView contains parameters for the admin menu template
type UploadView struct {
// AdminView contains parameters for all admin related pages
type AdminView struct {
Items []models.FileApiOutput
ApiKeys []models.ApiKey
Users []userInfo
@@ -696,6 +717,7 @@ type UploadView struct {
ChunkSize int
MaxParallelUploads int
TimeNow int64
CustomContent customStatic
}
// getUserMap needs to return the map with pointers, otherwise template cannot call
@@ -720,9 +742,9 @@ const (
ViewUsers
)
// Converts the globalConfig variable to an UploadView struct to pass the infos to
// Converts the globalConfig variable to an AdminView struct to pass the infos to
// the admin template
func (u *UploadView) convertGlobalConfig(view int, user models.User) *UploadView {
func (u *AdminView) convertGlobalConfig(view int, user models.User) *AdminView {
var result []models.FileApiOutput
var resultApi []models.ApiKey
@@ -730,6 +752,7 @@ func (u *UploadView) convertGlobalConfig(view int, user models.User) *UploadView
u.IsInternalAuth = config.Authentication.Method == models.AuthenticationInternal
u.ActiveUser = user
u.UserMap = getUserMap()
u.CustomContent = customStaticInfo
switch view {
case ViewMain:
for _, element := range database.GetAllMetadata() {
@@ -946,6 +969,7 @@ type genericView struct {
ErrorMessage string
ErrorId int
MinPasswordLength int
CustomContent customStatic
}
// A view containing parameters for an oauth error
@@ -957,4 +981,5 @@ type oauthErrorView struct {
ErrorGenericMessage string
ErrorProvidedName string
ErrorProvidedMessage string
CustomContent customStatic
}

3
internal/webserver/web/templates/html_admin.tmpl
View File

@@ -169,6 +169,9 @@
</script>
{{ end }}
{{ template "pagename" "UploadMenu"}}
{{ template "customjs" .}}
{{ template "footer" true}}

5
internal/webserver/web/templates/html_api.tmpl
View File

@@ -77,5 +77,10 @@
var canReplaceFiles = {{.ActiveUser.HasPermissionManageApi }};
var canManageUsers = {{.ActiveUser.HasPermissionManageApi }};
</script>
{{ template "pagename" "ApiOverview"}}
{{ template "customjs" .}}
{{ template "footer" true }}
{{ end }}

2
internal/webserver/web/templates/html_changepw.tmpl
View File

@@ -54,5 +54,7 @@ function submitForm() {
}
</script>
{{ template "pagename" "ChangePw"}}
{{ template "customjs" .}}
{{ template "footer" }}
{{end}}

5
internal/webserver/web/templates/html_download.tmpl
View File

@@ -155,6 +155,9 @@
document.title = "{{.PublicName}}: "+ filename;
</script>
{{ end }}
{{ template "pagename" "PublicDownload"}}
{{ template "customjs" .}}
{{template "footer"}}
{{end}}

2
internal/webserver/web/templates/html_download_password.tmpl
View File

@@ -34,5 +34,7 @@ function submitForm(){
return true;
}
</script>
{{ template "pagename" "PublicDownloadPw"}}
{{ template "customjs" .}}
{{template "footer"}}
{{end}}

2
internal/webserver/web/templates/html_end2end.tmpl
View File

@@ -124,5 +124,7 @@
</script>
{{ end }}
{{ template "pagename" "E2EGeneration"}}
{{ template "customjs" .}}
{{template "footer" true}}
{{end}}

2
internal/webserver/web/templates/html_error.tmpl
View File

@@ -22,5 +22,7 @@
</div>
</div>
</div>
{{ template "pagename" "PublicError"}}
{{ template "customjs" .}}
{{template "footer"}}
{{end}}

2
internal/webserver/web/templates/html_error_auth.tmpl
View File

@@ -12,5 +12,7 @@
</div>
</div>
</div>
{{ template "pagename" "LoginError"}}
{{ template "customjs" .}}
{{template "footer"}}
{{end}}

2
internal/webserver/web/templates/html_error_header.tmpl
View File

@@ -11,5 +11,7 @@
</div>
</div>
</div>
{{ template "pagename" "LoginErrorHeader"}}
{{ template "customjs" .}}
{{template "footer"}}
{{end}}

2
internal/webserver/web/templates/html_error_int_oauth.tmpl
View File

@@ -24,5 +24,7 @@
</div>
</div>
</div>
{{ template "pagename" "LoginErrorOauth"}}
{{ template "customjs" .}}
{{template "footer"}}
{{end}}

2
internal/webserver/web/templates/html_forgotpw.tmpl
View File

@@ -12,5 +12,7 @@
</div>
</div>
</div>
{{ template "pagename" "ForgotPw"}}
{{ template "customjs" .}}
{{ template "footer" }}
{{end}}

13
internal/webserver/web/templates/html_header.tmpl
View File

@@ -12,7 +12,7 @@
<link rel="icon" type="image/png" sizes="32x32" href="./favicon-32x32.png">
<link rel="icon" type="image/png" sizes="16x16" href="./favicon-16x16.png">
<link rel="manifest" href="./site.webmanifest">
<link href="css/min/gokapi.min.{{ template "css_main"}}.css" rel="stylesheet">
<link href="./css/min/gokapi.min.{{ template "css_main"}}.css" rel="stylesheet">
<link href="./assets/dist/icons/bootstrap-icons.min.css" rel="stylesheet">
{{ if .IsAdminView }}
<title>{{.PublicName}} Admin</title>
@@ -25,7 +25,6 @@
<link href="./assets/dist/css/datatables.min.css" rel="stylesheet">
<link href="./assets/dist/css/flatpickr.min.css" rel="stylesheet">
<link href="./assets/dist/css/flatpickr.dark.min.css" rel="stylesheet">
<style>
.masthead-brand {
float: left;
@@ -34,6 +33,9 @@
float: right;
}
</style>
{{ if .CustomContent.UseCustomCss }}
<link href="./custom/custom.v{{.CustomContent.Version}}.css" rel="stylesheet">
{{ end }}
{{ else }}
{{ if .IsDownloadView }}
{{ if .IsPasswordView }}
@@ -53,14 +55,17 @@
{{end }}
<meta property="og:url" content="{{.BaseUrl}}"/>
{{ else }}
<title>{{.PublicName}}</title>
<title>{{.PublicName}}</title>
{{end }}
<style>
body {
box-shadow: inset 0 0 5rem rgba(0, 0, 0, .5);
}
</style>
<script src="./js/min/end2end_download.min.{{ template "js_e2eversion"}}.js"></script>
{{ if .CustomContent.UseCustomCss }}
<link href="./custom/custom.v{{.CustomContent.Version}}.css" rel="stylesheet">
{{ end }}
<script src="./js/min/end2end_download.min.{{ template "js_e2eversion"}}.js"></script>
{{end}}
</head>
<body class="d-flex h-100 text-center text-white bg-dark">

2
internal/webserver/web/templates/html_login.tmpl
View File

@@ -34,5 +34,7 @@ function submitForm(){
return true;
}
</script>
{{ template "pagename" "Login"}}
{{ template "customjs" .}}
{{ template "footer" }}
{{end}}

2
internal/webserver/web/templates/html_logs.tmpl
View File

@@ -44,5 +44,7 @@
textarea.scrollTop = textarea.scrollHeight;
var logContent = textarea.value;
</script>
{{ template "pagename" "LogOverview"}}
{{ template "customjs" .}}
{{ template "footer" true}}
{{ end }}

2
internal/webserver/web/templates/html_users.tmpl
View File

@@ -205,5 +205,7 @@
var systemKey = "{{.SystemKey}}";
var isInternalAuth = {{.IsInternalAuth}};
</script>
{{ template "pagename" "OverviewUsers"}}
{{ template "customjs" .}}
{{ template "footer" true }}
{{ end }}

11
internal/webserver/web/templates/js_custom.tmpl Normal file
View File

@@ -0,0 +1,11 @@
{{define "customjs"}}
{{ if .IsAdminView }}
{{ if .CustomContent.UseCustomAdminJs }}
<script src="./custom/admin.v{{.CustomContent.Version}}.js"></script>
{{ end }}
{{else}}
{{ if .CustomContent.UseCustomPublicJs }}
<script src="./custom/public.v{{.CustomContent.Version}}.js"></script>
{{ end }}
{{end}}
{{end}}

5
internal/webserver/web/templates/js_pagename.tmpl Normal file
View File

@@ -0,0 +1,5 @@
{{define "pagename"}}
<script>
var pageName = "{{ . }}";
</script>
{{end}}