repos / pico

chore(pobj): rm unused log stmts

feat(pgs): lru cache for object info and special files

chore: use `user_id` in log middleware to set the user ctx

feat(pgs): admins can impersonate

This change will let admins impersonate any user for the pgs cli

fix(pgs): do not expose `_redirects` and `_headers` over https.

fix(tui.analytics): allow users to enable analytics

The core issue here is around focus management.  When a user enters the
analytics page, we fetch site stats regardless if they have analytics
enabled which then applies focus to the left page.  However for users
witohut analytics enabled we do not focus the left pane which means all
key events are lost.  In vaxis if we try to focus a widget that doesn't
exist we lose the key events in our page widget.

fix(pgs): ability to create multiple projects in single ssh session

Previously we were caching the project when a user uploaded a bunch of
files.  This was an optimization that didn't account for when a user has
an active sftp connection where they create multiple projects in a
single session.  This code change performs an extra check to ensure we
are always creating new projects when necessary.

docs(pgs): copy

Don't require focus for adding

fix(tui.tokens): add explainer text about how to copy tokens

Ensure auth uses a good dns

Only add host key if it's not empty

Allow host key to be passed in, update deps

fix(tui.signup): when focus is on input and use presses enter, submit
form

chore(make): rm tty for dump cmd

Fix pipemgr command

Fix sni events

Fixes races and cleanup rogue print

chore: update senpai v0.4.0

Fix logs for sni

fix(tui): dont fetch user info when creating a page

fix(tui): dont panic

Fix server id

Fix lint

Use durable tunnel ids and fix logs

fix(auth): newlines for rss tuns events

fix(auth): test

chore(auth): change pico+ interval to 10min

feat(tui.tuns): conn events

fix(tui): add loading states for analytics and tuns

fix(tui.tuns): reset requests pane when selecting

chore(tui.tuns): godmode for admins

fix(tui.tuns): filter by user

feat(tui): tuns

docs(tui): descriptions for pubkeys and tokens

style(tui): analytics tweaks

Add impersonation for pipe

chore(tui.logs): lint

chore(tui.logs): remove focus ability

chore(auth): better pico+ rss feed items

Fix feeds and remove deprecated notice for cli apps

Merge pull request #190 from picosh/am/ssh-server

Started work on a crypto/ssh based ssh server

Add session specific context based on conn context

Treat EOFs as okay

Add more context to logs

More cleanup

Bring back anon auth for pipe and pico

Add logging

Cleanup prom

Single ssh server generator and prometheus support

Fix lint, remove aws, update deps

Refactor modules

Updates

Remove charm

Almost fully working

More updates

Rebase

Set command properly

More refactoring

More work on standalone ssh

Started work on a crypto/ssh based ssh server

feat(tui): support arrow keys for navigation

fix(pico): filter logs by user

refactor(tui): use vaxis

While we really enjoyed the charm stack for our ssh apps, we are at a
point where we want to reduce our overall dependencies for our SSH apps.

With charm we have:

- `crypto/ssh`
- `gliberlabs/ssh`
- `charmbracelet/ssh`
- `charmbracelet/wish`

There's a lot that can go wrong here and we have seen quite a bit of
thrashing within these libraries that required us to make moderate
changes when upgrading.

We also enjoyed bubbletea/lipgloss but we are at the point where we would like to
switch to `vaxis` since it is more inline with our design ethos.

We are basically going to replace 5 go packages with 1 and we are
starting with the TUI.

Update senpai

Add internal crawler matching

Enable ipv6

Merge pull request #191 from picosh/am/web-metrics

Am/web metrics

Set auth metric route

Update bouncer ports

Add promhttp metrics

Switch to senpai upstream

Fix file rejection

Remove pprof diff

update libs

Run tidy

Disable always checksum

Update skip logic

Fix leak in skip

Remove interval and burst from caddy

Ensure pipe logger gets attrs

chore(pgs): zip and rar content type

Fix pico reverse proxy

Use consistent naming

Add more detail logging attributes

Fix pipe

Update deps

Logging improvements

Merge pull request #188 from picosh/am/rsync-updates-2025

Started work on a number of rsync updates

Cleanup

Fix last test

Fix tests

docs(pgs): cleanup

docs(pgs): landing page copy

Fix api test with memory db

Prepare for deploy

Fix sender, attempt work on compress

Work on sender tests

Fix rsync deletes

fix(metrics): track prose 404s

Started work on a number of rsync updates

Merge pull request #186 from picosh/rsync-test

Rsync test

Allow clean run of all tests

Fix lint

chore: test is failing on `--delete`

Alright, the test is failing because of the new `--delete` flag.

```
time=2025-02-21T21:10:11.225-05:00 level=ERROR source=/home/erock/go/pkg/mod/github.com/picosh/send@v0.0.0-20250213162645-ec2027b68462/protocols/rsync/rsync.go:157 msg="error running rsync middleware" service=pgs err="runtime error: index out of range [7876097] with length 0"
```

chore: add `rsync --delete` test

I can't figure out how to format the `exec.Command` for rsync with `-e`
flag

Current error:

```
[rsync -rv -e "ssh -p 2222 -o IdentitiesOnly=yes -i /tmp/rsync-3246995037/id_ed25519 -o StrictHostKeyChecking=no" /tmp/rsync-3246995037/ localhost:/test]
rsync: [sender] Failed to exec ssh -p 2222 -o IdentitiesOnly=yes -i /tmp/rsync-3246995037/id_ed25519 -o StrictHostKeyChecking=no: No such file or directory (2)
rsync error: error in IPC code (code 14) at pipe.c(85) [sender=3.4.0]
rsync: connection unexpectedly closed (0 bytes received so far) [sender]
rsync error: error in IPC code (code 14) at io.c(232) [sender=3.4.0]
 exit status 14
--- FAIL: TestSshServerRsync (0.10s)
    ssh_test.go:152: exit status 14
```

Add experimental delete functionality

Fix log line

Update go version and add buffer to scanner with pipe

feat(feeds): unsubscribe link in email digests

fix(feeds): show inline content by default

chore(plus): enroll pico blog into digest for pico+ users

fix: dockerfile

fix(feeds): guid logic

chore: extra log item

feat(feeds): cli

A remote CLI with some handy options: ls, rm, and run

`run {filename}` is the most interesting because it will run the feed
digest post immediately, ignoring last digest time validation.

This will be useful for people to debug their posts since that is a
pain point for a lot of users.

fix(feeds): fallback to feed.Link when feed.GUID is empty

Closes: #184

fix: prose and pastes limit filesize uploads

chore(pgs): rm apple touch icon

docs(pipe): most content on pico.sh/pipe now

chore: docker-compose.prod-irc.yml

chore(prose): better log stmts

chore(pico): hide status section in log line if it is empty

Add websocket to pipe web

chore: rm pgs specific settings in shared config struct

refactor(pgs): decouple from rest of codebase

chore(pgs): cleanup deprecated buckets

fix(pgs): close any open readers

chore(pgs): ignore error from souin ServeHTTP

Reference: https://github.com/darkweak/souin/blob/0e1579f1adc7c94f16852531c1c3658752c2e3d8/plugins/souin/main.go#L69

chore: cleanup logs

chore: set log level to info

chore: limit minio and imgproxy cpu utilization for prod

chore(pgs): rm comments

chore(auth): move logs to debug level

chore: update `send`

chore: update `send` to address rsync goroutine leak

fix(prose): only proxy requests to pgs if an image

Add nuremberg dc

chore(pgs): prevent deleting `prose` project

refactor(prose): remove concept of posts for images

chore(pgs): rm deprecated cmd

feat(pgs): list urls of all assets in a project with `fzf` cmd

chore(prose): cap images to 25mb for free users

chore(prose): migrate images to pgs

chore(prose): rm cli mdw

chore(prose): limit image uploads to 50mb

fix: go deps

chore: imgs cleanup

chore: rm imgs

revert: ssg

chore: setup upload-drain for all pgs/prose files uploaded

chore(prose): experimental ssg works

feat(prose): experimental ssg

Instead of having a web server that serves our blogs on prose.sh, we can
generate the sites and publish them to pgs.sh

This has some benefits:
- HTTP caching
- No need for a web server
- No need for an SSH server

Everything should work the exact same with the one exception for how
users upload their markdown files.

```
rsync *.md prose.sh:/
rsync *.md pgs.sh:/prose
```

Then we have a pipe `prose-drain` that we will use to listen for new
files being uploaded and generate the HTML after that.

fix(imgproxy): properly handle missing last-modified

chore: expose minio to imgproxy

docs(bouncer): motd

Reference: https://soju.im/doc/soju.1.html

Fix lint, update soju diff and update senpair window change refresh logic

Update deps

style(prose): new card image

feat(plus): when purchasing membership, automatically enroll in rss feed

In an effort to improve our communication with pico+ users, we want to
automatically enroll them into our user notification feed.

Add entries to name deny list

fix(pico): use ssh shared public key auth mechanism

chore(tui): copy tweaks

chore(feeds): remove posts without an email

chore(feeds): better error handling for invalid feed files

When a user uploads an invalid feed file we do not have any mechanism
currently to notify that user.  Further will continue to run the file
through our rss-to-email cron.

This commit makes it so we perform validation on the feed files as they
are uploaded and refuse to save files that we know will eventually
fail.

Further, we don't want to continuously try files that we know will not
succeed so we are pushing those known issues into our retry-then-delete
mechanism inside our cron.

fix(pgs): add forward slash to prefix of filepath for calc_route

fix(pgs): infinite redirect with 404

fix(pgs): default redirect status should be `301`

fix(pgs): handle empty filepaths in calc_route

fix(storage): check for empty metadata

feat(pgs): initial support for conditional requests (#178)

fix(gha): only push images on merge/release (#180)

fix(pgs): tests

feat(pgs): forward etag and last-modified headers from imgproxy

fix(pgs): forward query params for rewrites and redirects

fix(pgs): redirect slice out-of-bounds

fix(pgs): wildcard with splat suffix

chore(script): change col names

chore(script): new users by month

docs: readme

docs: readme

docs: readme

chore: rm workflow

chore(tui): copy

chore: update send pkg

chore(pgs): cache logging

chore(pgs): consistent pkg versions

chore(auth): better logging

refactor(auth): send caddy access logs directly to metric-drain

This change removes the need to hop from `container-drain` to
`metric-drain`.  Instead we are going to process access logs directly
inside of our `metric-drain` function.

chore: filter pipemgr logs to only include access logs

refactor(tui): chat page to describe how it works with senpai

We also notify the user that chat is pico+ only

feat(pgs): Configure cache-control, TTL, max body, exclude /check (#176)

style: tweaks

refactor(pgs): use soiun in-app for http caching

This gives us more control over the underlying cache and lets us build
our own system for purging our cache.

chore(pico): added services section to settings page

This will hopefully make it easier to understand what services a user
can access

fix(feeds): move last digest to end of cron

fix(pipe): use public key to find user

refactor(feeds): remove feeds after 3 failed attempts

We have a bunch of feeds in our system that are failing in a loop.
Previously we did not notify the user when there was a failure, we just
logged it internally.

With this change, we will prepend errors to the email message body.
Further, if the feeds errors and doesn't return any feed items, we
increment a counter.  3 failed attempts and we remove the post and
notify the user.

fix: pgs tunnels

fix: address CVE-2024-45337

Reference: https://github.com/golang/go/issues/70779

feat(pgs): cli command to manually clear cache for project

chore(pgs): update souin auth user

feat(pgs): http caching with souin (#159)

style(prose): remove `unlisted` tag

This is in an effort to support "pages" that are not automatically
listed on the blog, rather, can be specified in the nav, readme, or
footer.

chore(plus): record purchasing email address

chore(logs): shorten timestamp

chore(analytics): add more indexes

chore: copy

fix(analytics): limit user sites to valid http.status

feat(pico): impersonation

chore(analytics): 404 table

fix(analytics): `stats` command

fix(analytics): remove created_at for site list

feat(tui): analytics

chore(auth): ignore usage analytics for everything but text/html

chore: cleanup makefile

chore(analytics): more cleaning of data

chore: tui copy

fix(auth): user `server_id` to classify space

fix(auth): analytics

reactor(metric-drain): use caddy access logs

Previously we were sending site usage analytics within our web app code.
This worked well for our use case because we could filter, parse, and
send the analytics to our pipe `metric-drain` which would then store the
analytics into our database.

Because we want to enable HTTP caching for pgs we won't always reach our
web app code since usage analytics will terminate at our cache layer.

Instead, we want to record analytics higher in the request stack.  In
this case, we want to record site analytics from Caddy access logs.

Here's how it works:

- `pub` caddy access logs to our pipe `container-drain`
- `auth/web` will `sub` to `container-drain`, filter, deserialize, and
  `pub` to `metric-drain`
- `auth/web` will `sub` to `metric-drain` and store the analytics in our
  database

chore(sql): update teardown

chore(caddy): add access logs for custom domains

feat(pipe) web (#160)

refactor(auth): use new http mux router

---------

Co-authored-by: Eric Bower <me@erock.io>

chore: caddy logs to pipe

Don't require space

Set bouncer for oauth

Change auth endpoints to check plus and space

chore: go tidy

Only insert visit if clean

Add user to analytics entries

No read timeout when reading metrics

Fix metric drain

Bump utils

Use shared lib for metrics connection

Cleanup and standardize user id for logs

Updates utils

Update to add read and write timeouts

Update to use reconnect logger

Continue on err for analytics

Add buffering to analytics collection and make it non-blocking

Update utils

Update pipe logger and other utils

fix(pgs): trusted_proxies

chore(pgs,prose): caddy access logs

fix: ip address typo

feat(auth): subscribe to pico's metric-drain pipe

We have a lot of services that need to record site usage analytics so we
need a distributed way to receive these events.

As a result, all of our site visits will be sent through our pipe
service.  Then inside of our auth service we process the visits and
store them in our analytics table.

This overloads the auth service since it's now serving as a destination
for our metric-drain, but we think that's okay for now.

fix(pgs): caddy

fix(pgs): trust upstream reverse proxies and forward client ip

refactor(pgs): use pobj/storage

fix(pgs): set content-length so caddy can compress content

Allow unauthenticated access to public pipes (#157)


Co-authored-by: Eric Bower <me@erock.io>

fix(bouncer): previous alpine docker was failing to build

chore: 20gb to 10gb for pico+

fix(pipe): remove csp

chore(analytics): add indexes to table

docs: readme

chore(pgs): move fns around

refactor(pgs): move filehandler to pgs folder

fix(pgs): root domain routes were broken

refactor(pgs): use `http.ServeMux` v1.22

This change futher separates `pgs` from most of the other services.

One important change is refactoring our web router to use the new
`http.ServeMux` router that does a better job of routing with templated
strings.

Further, we try to leverage the `http.Handler` interface that removes
the need to use `context.Context` as much.

Decrease loop iteration time for pubsub

chore(pipe): update cicd copy

chore(pgs): print 4 decimal places special files

chore(pgs): limit size of _redirects and _headers files

chore(pgs): api tests

chore(pgs): api tests

chore(pgs): integration tests for web api (#152)

chore: monthly active users script

fix(auth): associate payment history and `plus` feature flag

fix: check if user is nil when uploading files

refactor(pgs): use httputil rev proxy to external service

refactor(feeds): only show banner notice when <30 days

feat(feeds): extend engagement click once every 6 months

fix(pgs): various _redirects fixes with wildcards and splats

fix: linter

Fix silent failure on invalid redirect syntax (#148)

Add logger and prom to imgs

Merge pull request #147 from picosh/am/light-refactor

Refactor pubsub->pipe

Update caddyfiles

Refactor pubsub->pipe

Refactor shared utilities

docs(pubsub): copy

Add public key comment to pubsub ls

docs(pubsub): copy

chore(pgs): block site access when project is blocked

fix(pico): reject external service redirects for non-paid users

chore(pubsub): update asciicast

chore: changes asciicast

chore: blah

docs(pubsub): copy

style(pubsub): make it pop

chore(pubsub): print `-p` flag for pub and pipe stdout msg

Merge pull request #145 from picosh/am/lib-refactor

Refactor

Refactor

docs(pubsub): web copy

docs(pubsub): copy

fix(pico): cleanup logs when leaving page

chore(pico): logs work

fix(pico): cap log lines to 1k

chore(pastes): better logs

chore(pastes): better api logs

feat(pgs): add cache headers etag and last-modified

feat(tui): logs

Fix leaky logs

chore: log formatting

feat(pico): logs ssh command

Change to log drain

chore: logs

Set proper profile setting

Fix incomplete messages

fix(pgs): log

fix(pgs): log

Updated the output

chore(pgs): better structured logging

Merge pull request #143 from picosh/am/send-log-sink

Setup a send log sink

Fix write lock

Add configuration options

Make sure to build pico app

Remove log dep and add data race safe impl

Use once to close channels

Enable robust log handler

Setup a send log sink

style(pastes): smol-v2 styles

Fix port setting

Update help command output

chore(pubsub): update pubsub dep

Simplify ls

Update go version and update pubsub features

Pubsub refactor

style(prose): moved tags block to bottom of page

feat(prose): `with_styles` setting in `_readme`

This adds a new frontmatter property in `_readme` that allows users to
request no styles from us.  This allows for better customization in
conjunction with `_styles.css` which is the user-defined CSS stylesheet
that gets loaded.

refactor(pubsub): default timeout set to 30 days

feat(pubsub): if no channel is provided, randomly gen one

chore(pubsub): pub log when timeout reached

feat(pubsub): pub new flag, `-t {duration}` timeout

The default is no timeout.

docs(pubsub): update copy

fix(feeds): days until expiration date

fix(feeds): flip post expiration check

fix(auth): docker tag

fix(feeds): url

feat(feeds): require human interaction to continue sending emails

BREAKING CHANGE: we require users to click a link in their feed emails
once every 90 days

fix(prose): undo footer box for posts

chore(feeds): more logging cleanup

chore: structured logging for servier and user info

Update some page options

docs(pubsub): add our logo

docs(pubsub): reorg content

Add gifs to marketing page for send

Added pipe support to send

Merge pull request #140 from picosh/am/pubsub-clean

Alternate pubsub implementation

Add more caching to builds

Added admin listing

Updated pubsub ref

chore(prose): revert diff code

fix(pgs): redirects

Update dep

Update cli

Alternate pubsub implementation

docs(pubsub): copy

docs(pubsub): copy

fix(pubsub): proper bidirectional blocking

docs(pubsub): web copy

chore: cleanup

feat(pubsub): send messages over public channels

feat(pubsub): flag for empty messages

docs: copy

fix(pubsub): scope `ls` to ssh user

fix(pgs): rss feed

fix(pubsub): web

fix(pubsub): create channel for multicast

feat(pubsub): pub waits for a sub

chore: cleanup

fix(pubsub): compose file

chore(pubsub): Caddy use basic reverse proxy

chore(pubsub): docker compose config

feat: pubsub service

feat(imgs): pubsub

Send keys for user info

Add user handler to auth system

refactor(pgs): remove CSP and allow headers to be overriden

chore: fix linter

chore: cleanup go.mod

chore: update send pkg

feat(pgs): block uploads for specific projects

chore(pgs): add projects.blocked col

Sometimes users have sites that violate our ToS.  We can delete the
content but if they have a script that will reupload it will
automatically recreate the site.  So we need a way to prevent uploads to
projects.

chore(bouncer): remove debug flag

fix(prose): add rss route back

chore(bouncer): add `-debug` flag to soju

chore(bouncer): update patch against soju upstream

chore: diff in post

feat(prose): live journal

The goal is to be able to use posts as live journals where reader can
receive updates to docs via rss.

chore(pgs): marketing page copy

chore: rm lists.sh

chore: test names

fix(tui): force minimum color profile

docs: dev doc

feat(pgs): rewrite support

feat(pgs): rewrite proxy api support

fix(bouncer): update go to 1.22

chore(bouncer): disable inactive users after 30 days

See soju docs to read more: https://soju.im/doc/soju.1.html

chore(bouncer): switch to codeberg for upstream remote

chore: update send and pobj

fix: cleanup go.mod

chore: ptun => tunkit

use local

chore: keep pgs ssh pprof

fix: use file size if available when uploading

chore: update `send`

This fixes a memory leak in our ssh apps.

style: update smol

style: tweaks

style: blockquote for post description

style(prose): adjust spacing

style: mv anchor link to end of title

style: use `time.DateOnly` format for dates

style: update smol.css

fix(pgs): when removing project, always try to remove objects

refactor(pgs): use pubkey auth handler

refactor: be pickier with which pubkey to accept

chore: formatting analytics

feat(prose): cli cmd `stats {post}` for analytics

feat(pgs): cli cmd `stats {project}` for project analytics

chore(pgs): better error message for uploads

feat(pgs): change max file size for free tier 1->10mb

fix: use official send pkg

refactor(pgs): dont copy reader into memory

chore(pgs): set memory limit for ssh container

feat(imgs): pubsub for docker image tag updates

Updated go.mod to remove replacement

chore(pastes): set cron to once every 12h

chore(pastes): show unlisted tag

Merge pull request #136 from picosh/am/update-deps

Update dependencies (for chroma)

Fix lint

Update dependencies (for chroma

Set ip correctly based on prod-irc as well

chore(plus): change payment history amount to $24

Speed up caddy build

Merge pull request #134 from picosh/am/sshfs

Added support for sshfs

Fix lint

Added support for sshfs

fix(imgs): user can be nil

refactor: remove ability to override CSP for pgs subdomains

BREAKING CHANGE: cannot override default CSP for pgs

fix: linter

fix: denylist for discovery feed to remove spam

chore: use consistent date fmt

styles(tui): settings page suggested width

feat(tui): settings page

styles(tui): md word wrapping

styles(tui): create account page

docs(tui): copy

styles(tui): update input placeholder

fix(tui): update models when resizing

chore(tui): cleanup

chore: cleanup

style: page titles

refactor(tui): reorganize into pages

chore(pgs): set default height to 24

chore: use `MakeOptions`

refactor: use bubbletea's renderer fn

refactor: tui pages

styles: cleanup tui colors

ascii logo

chore(pico): better logging statements

chore: copy

chore: update storage quotas from 1024 -> 1000

docs: copy

refactor(plus): make plus a single feature (#128)

fix(lint): comment

chore: url shortener for payment processor checkout url

fix: rm `links` from `registry` service

minio and registry are not on the same VM so it was failing when running
docker compose commands

fix(pico): check for user in new tui pages

refactor(plus): use lemonsqueezy

feat(plus): support international users

docs(pico): copy

style: update smol.css

chore: cleanup

chore: tui fixes

chore: new screen

style: blog posts spacing

style: light theme colors

style: code headers

chore: update smol.css

chore: update deps

fix(prose): allow .ico to be uploaded

Closes: #131

feat: senpai integration (#129)

Co-authored-by: Antonio Mika <antoniomika@gmail.com>

fix(tui): don't delete account when active key is deleted (#130)

feat: update pubkey comments w authorized_keys

chore: better output when uploading pubkeys

fix: users not being able to register an account

feat: pico ssh app (#126)

docs: showcase some features

chore: readme

docs: readme

docs: fmt

chore: docs

chore: doc links

chore: readme

chore: readme

chore: update readme

fix(pgs): analytics for private sites

chore: update env.example to include registry url

feat(imgs): ssh cli with ls and rm commands

chore: downgrade go version requirements

chore: cleanup pgs cli

fix(imgs): need allowed ext

chore: TUI only accessible via pico.sh

BREAKING CHANGE: TUI only accessible via pico.sh

Readme: Bump required version to 1.22.0 (#121)

fix: linter

feat(pgs): override denylist

refactor(prose): discover page sorts by publish_at

chore: `lint-dev` => `lint`

chore(pgs): add better err messages

refactor(pgs): switch from allowlist to denylist for files

fix(pgs): add trailing slash even with extension

feat(pgs): support serving files without extensions

feat(pgs): append trailing slash to redirect matchers

This change will make it so a user can provide -- or not provide -- a
trailing slash for matching a route, that way the user doesn't need to
think about it.

refactor(pgs): redirects and rewrites

feat(pgs): 301 redirect urls that are directories without trailing slash (#116)

feat(pgs): support yml, eot, and LICENSE

Closes: #118

fix(analytics): better analytic queries

chore(feeds): cleanup

refactor(feeds): change digest var name

fix(analytics): better first day of month calc

feat(pgs): add opml to allowlist

fix(ui): scope where statement properly

fix(pgs): use full filepath when checking for `.well-known`

Closes: #113

docs(pgs): copy

feat(ui): ability to enable/disable analytics

chore(ui): more analytics API endpoints

feat(pgs): allow csp to be overriden by upstream

fix(prose): add smol.css route

fix(prose): copy smol.css from pico.sh

fix(prose): use relative _styles.css

Closes: #112

docs(pgs): copy

refactor(analytics): cleanup naming and fn params

chore(analytics): hmac ip address

feat: analytics for visitors on prose and pgs (#111)

chore(ui): cleanup api

chore(ui): authorization checks

fix

chore: add pico+ to latest expiration date instead of now

When a user eventually purchases another year of pico+, we don't want to
set the expiration date a year from purchase date.  Rather, we want to
set the expiration date to the expiration date of the feature + 1
year.

chore: change toc to Table of Contents

cleanup

md/toc: make it nice, flexible, and fast

cleanup

feat(prose): toc

Merge branch 'tags'

refactor(prose): dedupe string slice for embedded tags

feat(pgs): support `.xsl`

Closes: https://github.com/picosh/pico/issues/105

chore: upgrade pgit

chore: fmt

fix(prose): use image mimetype if file ext provided

Closes: #104

docs(pgs): change free tier limit

chore(plus): increase imgs quota

fix(ui): always fetch user from ctx

When a user registers for an account, we set the user ctx, but all the
api endpoint are using an closured version of the user.

fix(ui): set user ctx after registering

feat(auth): stripe webhook integration (#101)

fix(prose): RSS content-type with charset=utf-8 (#103)

feat(prose): CSS var --body-max-width (#102)

chore(auth): pico+ activated rss feed item

chore(pgs): reduce free trial to 5MB

chore(imgs): cors headers

chore: update ptun

fix(imgs): registry needs imgs network

fix(imgs): need tmp file

fix

chore(imgs): move ssh app into pico

feat(pgs): impersonation working

feat(pgs): impersonate any user

chore(ui): objects postfix

chore(pgs): add id to objects

feat(ui): api for fetching project objects

docs(pgs): use port `1337` as canonical port for web tunnels

chore(prose): use middle dot to separate date and link

chore(prose): rm "on" from post date line

A small gesture to make prose more multi-lingual

fix(ui): posts should fetch all posts

chore(ui): change post apis

chore: cleanup

chore: rename plus folder to ui

feat: add public_keys.name column

feat(ui): more api endpoints!

chore(pgs): api cleanup

fix(ui): don't bomb on rss token missing

feat(pgs): allow cors for private sites

chore(pgs): rm cors

fix(pgs): caddy

chore(pgs): caddy

fix: caddy

chore: caddy

fmt

chore(pgs): caddy

revert

custom caddyfile for pgs

feat(pgs): pico-ui

mdparser: extract hashtag detection into a func

Also fix a bug where `tags: []` would still do the detection.

mdparser: implicitly capture hashtags in document

When they're found, they will be rendered as so:
`<span class="hashtag">...</span>`.

They are ignored in the following:
* block code sections
* block quote sections
* span code sections

This list can be expanded.

We then collect all of the matching hashtags and provide them as
metadata, but only if there is no explicit frontmatter for them.
So a workaround for undesirable hashtag detection is to use front-matter
to specify `tags: []` or similar.

mdparser: extract ast manipulation into shared fn (#96)

chore: update user to `pico`

prose: infer title from first <h1> before any <p> (#93)

This eliminates the need to use explicit title metadata for the vast
majority of posts.

This still allows explicitly setting a title via the frontmatter.
If neither is found, the current logic goes on.

fix(prose): rss link should be to website

Closes: #94

feat(pgs): add `.wasm` to allowlist

feat(pgs): support more file formats

fix(pgs): redirect to full url

fix(prose): better front-matter error handling on file upload

chore(pgs): log requests

fix(pgs): various redirect fixes (#92)

Closes: #91

fix(pgs): sort rss feed

feat(pgs): add new updated_at rss feed

fix: pico-plus script args

feat(prose): let user customize 404 page

feat(prose): `_404.md` file now supported

chore(pgs): docker compose tmp folder

fix(scripts): make pico-plus script more flexible

chore: bump docker go version

refactor: shared router

refactor(shared): http router

docs: cleanup

chore: pico+ go script

fix: empty username

refactor: ssh styles
feat: add pico+ info

chore: rm TERM

chore: add ico to imgs

fix: pin charm libs

Fix environment colors

feat(pgs): support avif and heif image formats

docs(pgs): private projects

docs(pgs): marketing

use v3

chore: use v1 gha

fix write flag

fixes

refactor(pgs): new cli api

design(pgs): cli aesthetic

fix(feeds): name is nullable

feat(pgs): _headers file (#83)

https://docs.netlify.com/routing/headers/

Closes: #82

chore(pgs): cleanup logs

chore: update ptun

fix(router): pass writer to create serve basic

chore(pgs): acl for public sites

chore(pgs): web tunnel cleanup

feat(pgs): private projects with web tunnels (#80)

We can support private projects via local forward ssh tunnels.

Eric sets ACL for project `hey-docs-dev`:

```
ssh pgs.sh acl hey-docs-dev pico antonio
```

Antonio creates SSH tunnel to project:

```
ssh -L 5000:localhost:80 -N hey-docs-dev@pgs.sh
```

Antonio can access site via http://localhost:5000

Other options we support:

- `acl public` -> default, open to everyone
- `acl pico` -> private to any pico user
- `acl pico xxx,yyy` -> private to specific pico users
- `acl public_keys` -> private to anyone with a pubkey
- `acl public_keys sha256:xxx,sha256:yyy` -> private to specific pubkeys

Further, there is a special API endpoint for any sites accessed via a
tunnel: GET http://localhost:5000/pico

This will return information about the user accessing the site, like
pico username, public key used, etc.

refactor: make public keys unique (#81)

BREAKING CHANGE: we will no longer support multiple account with the
same public key

docs(pgs): copy

fix: ssh cms

chore: fmt

chore: rm set username

chore: rm set username

docs(pgs): marketing copy

refactor: make pgs the CMS for pico (#79)

feat(auth): pico+ rss feed

fix: pico+ sql

fix: new user error

chore: update pico+ sql

chore: use slog wish middleware logger

chore: add `GetObjectSize`

refactor: use pobj (#76)

refactor: replace zap with slog (#75)

chore: remove lists project

fix(prose): allow `_styles.css` to be uploaded again

Closes #74

chore(imgs): dont run ssh

chore: update auth and imgs services

feat(auth): privileged access based on `auth` feature flag

refactor(auth): `/key?space=xxx` instead of inside POST body

feat(auth): `/key` support to check any space

docs: copy changes

fix(pgs): correct content type

chore(prose): set img proc defaults

feat: support more imgproxy options (#73)

New options in any combinations:

- `/s:w:h`
- `/q:1-100`
- `/rt:angle`

We also still support our imgs api version of sizing.

fix(imgs): redirect to prose.sh

chore(imgs): remove unused code

feat(prose): directory of images at `x.prose.sh/i`

refactor(imgs): merge into prose.sh (#71)

feat(pgs): use image proxy for images

BREAKING CHANGE: removed imgs.sh blog features

fix: go fmt

fix(pgs): classify xml when calc routes

`.xml` files were returning as `text/plain` which has different routing
rules than what xml should have.

Closes https://github.com/picosh/pico/issues/72

chore(pgs): increase storage max to 25MB

fix: default size limit fallbacks

pico pro (#69)

Update irc configs

chore: allow us to use sojuctl (#70)

chore: add feeds cmd for testing fetcher

fix(lists): update shutdown date

fix(lists): add real blog post

shutdown notice

fix(feeds): move cron to web app

Our `Dockerfile` doesn't move template files into their respective
images when it's an SSH app.  feeds' cron requires those template files
in order to send emails.

revert: imgs ssh

Use new httpmux config option and explicitly set max users

refactor(imgs): use prose ssh app

Prose's ssh app does the same thing as imgs so there is no point in
having them both.  This frees up an IP address for us to use for other
purposes.

refactor(feeds): cron to run on ssh server

style(pastes): add `.post-date` css

chore: force pgit to update

chore: update license with company name

Fix soju config

Update subscriber change for soju

Add prometheus and identd

style: use docs smol.css as canonical css framework

chore: update service intros

refactor: move ssh services into service packages

The only excpetion is imgs.sh which contains a circular dep.

docs: readme

docs: tweak footers

Refactor docs (#68)

Removed all docs associated with our services and moved them to a centralized source: https://pico.sh

doc suggestion from IRC #pico.sh @ libera.chat (#67)

[10:25am] pareidoliac: I have had problem with the docs apart from the minor detail that the "-> yourusername"
          should be "-> {username}-myproject" in the https://pgs.sh/help#custom-domain section.
[10:25am] pareidoliac: thinking of making a PR to suggest that
[10:29am] pareidoliac: also suggest mentioning the CSP policy pico.sh vs custom domain in the https://pgs.sh/help#spa section
[10:44am] erock: happy to accept PRs

Co-authored-by: jungle <jungle@night.local>

docs(pastes): showcase rsync support

docs(pastes): showcase sftp support

chore(prose): support trailing "/" for post raw

fix(prose): support trailing "/" in url

Closes: https://github.com/picosh/pico/issues/64

fix(imgs): dont clip ext unless actually file ext

Closes: https://github.com/picosh/pico/issues/65

docs(prose): prefer rsync

docs(prose): promote `sftp`

chore(deps): tidy

chore: update golang.org/x/crypto (#63)

Reference: https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ

refactor: move `wish/*` to its own repo (#62)

typo: help.page.tmpl (#61)

Don't send notifications when self

Fix bug in contains

Update soju patch to include selective message notifications

fix(pgs): period in route redirects to 404 (#59)

Closes #58

chore: add tokens view to pgs cms (#60)

Push network id with broadcasted message in soju

Enable panic recovery in ssh and set logger to be based on debug

Redirect imgproxy root

Add metrics for imgproxy

Set proper route ordering

Fixed endpoint for caddy metrics

Update our caddyfiles for imgproxy

refactor(imgs): use imgproxy instead of libwebp (#56)

---------

Co-authored-by: Antonio Mika <antoniomika@gmail.com>

chore: go deps

refactor(imgs): dont bring libwebp into every service (#55)

Most of our libwebp related code lived inside the `shared` package.  This is
problematic since every service imports that package, thereby requiring
libwebp for every service.

Now references to libwebp live solely inside `imgs` library.

Unfortunately, all of our post-based SSH services import `imgs` so they
still have the requirement.

Merge pull request #53 from picosh/post-filesize

post filesize script

Merge pull request #54 from picosh/am/dynamic-list

Add the ability to set the per page by window height

Add the ability to set the per page by window height

feat(prose): render `unlisted` on post when hidden

feat(pastes): set custom expiration and set paste to unlisted (#52)

fix(pgs): load created_at and updated_at for projects

chore: `make scripts` command

skip imgs

ready

post filesize

chore(script): clean write env var

fix: lint

chore(pgs): rm objects from store when project no longer exists

fix(pgs): missing project name when deleting project files from store

Fix panic in toupper

Add feature flag for advanced pastes management

fix(gha): copy contents not dir itself

chore: use latest pgs-action

Report same issues on receive

Added the tuns caddyfile

Put key auth behind feature flag

Add key endpoint for sish

Set correct updated at when creating a post

Don't use now for updates

Properly check mod time as well for updating a post

Use modtime from client, not now

Properly update post time when updated

Skip empty files in rsync

Change to 1.21 for static site builder

Merge pull request #51 from picosh/am/rsync-updates

Am/rsync updates

Ignore error on status messages

Properly close connection for unsupported flags

Ignore error for chtimes as nop

Update go-rsync dep

More work to properly support rsync

Working on adding more features to rsync

Improve pgs filesystem support (and fix local storage)

Fix sftp

Only build bouncer and caddy when changes are made to their contexts

Set auth tag properly

Merge pull request #50 from picosh/am/update-sftp

Fixed issues with sftp file listing and downloading from minio

Checkout repo before start

Break out reused code

Another one

Last try

Last change

Another one

Retry build

Fix

Refactor actions for matrix builds

Fix deprecations

Added the ability to remove files using sftp

Fixed issues with sftp file listing and downloading from minio

design: tweak headers

fix(imgs): better handling of 404 images

Added caddy metrics to auth

docs(pgs): `_redirects` copy

feat(pgs): support `_redirects` special file for routing (#48)

Merge pull request #47 from picosh/am/soju-webpush

Added simple diff for soju to fix firefox and ios webpush

Added simple diff for soju to fix firefox and ios webpush

fix(bouncer): makefile cmd

chore: update soju.config

doc(pgs): copy edits marketing page

feat(pastes): extend file expiration from 7 -> 90 days
chore(pastes): update copy
refactor(pastes): move ssh server into `pastes` package

chore(pgs): add more mime types to helper

Implement a fake oauth login system that uses ssh generated tokens (#44)

Ensure caddy metrics are enabled

Ops cleanup

Merge pull request #43 from picosh/am/irc

Adds infra support for irc infrastructure

Added monitoring caddyfile

Fixed minio env var

Work on adding bouncer and auth services to deployments

chore(docker): sync production changes

fix(imgs): regression with upload changes

fix(bouncer): soju config

feat(pgs): add .webmanifest and .map

chore(irc): separate docker compose file

fix(imgs): when calc user's total img size, coalesce null to 0

chore: add more error logging for us to debug

feat(auth): web service (#42)

Authentication (oauth2) web service intended for soju bouncer.

We are also introducings tokens which users can create through the SSH CMS for all services. This will allow users to generate an API token so they can authenticate with our oauth2 API.

feat: anchor links for prose

design: preserve header `font-size` when there's a `<code />` child

fix: gitignore

design(pastes): max-width 1025px

feat(pgs): pretty urls

chore(router): remove noisy logs

doc(pgs): copy changes

doc(pgs): better articulate this is closed beta

Also describe the requirements for participation

feat(pgs): allowing `.rss` `.atom`, and `.xml` file extensions