From 57fd472eda21713baf3dca0ac13ce4e82c63f3d8 Mon Sep 17 00:00:00 2001
From: Jade <jade@schrottkatze.de>
Date: Fri, 17 Feb 2023 11:28:09 +0100
Subject: [PATCH] changes like

- xss vuln
- docker shit
+ nix shit
---
 .envrc                          |  1 +
 .github/workflows/build_nix.yml | 13 ++++++
 Dockerfile                      | 37 ----------------
 default.nix                     |  7 +++
 flake.lock                      | 77 +++++++++++++++++++++++++++++++++
 flake.nix                       | 21 +++++++++
 render.yaml                     |  9 ----
 shell.nix                       |  7 +++
 src/pasta.rs                    |  5 ++-
 templates/pasta.html            |  2 +-
 10 files changed, 131 insertions(+), 48 deletions(-)
 create mode 100644 .envrc
 create mode 100644 .github/workflows/build_nix.yml
 delete mode 100644 Dockerfile
 create mode 100644 default.nix
 create mode 100644 flake.lock
 create mode 100644 flake.nix
 delete mode 100644 render.yaml
 create mode 100644 shell.nix

diff --git a/.envrc b/.envrc
new file mode 100644
index 0000000..3550a30
--- /dev/null
+++ b/.envrc
@@ -0,0 +1 @@
+use flake
diff --git a/.github/workflows/build_nix.yml b/.github/workflows/build_nix.yml
new file mode 100644
index 0000000..2f684e1
--- /dev/null
+++ b/.github/workflows/build_nix.yml
@@ -0,0 +1,13 @@
+name: "Build legacy Nix package on Ubuntu"
+
+on:
+  push:
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: cachix/install-nix-action@v12
+      - name: Building package
+        run: nix-build . -A defaultPackage.x86_64-linux
diff --git a/Dockerfile b/Dockerfile
deleted file mode 100644
index 33fc4a8..0000000
--- a/Dockerfile
+++ /dev/null
@@ -1,37 +0,0 @@
-FROM rust:latest as build
-
-WORKDIR /app
-
-COPY . .
-
-RUN \
-  DEBIAN_FRONTEND=noninteractive \
-  apt-get update &&\
-  apt-get -y install ca-certificates tzdata &&\
-  CARGO_NET_GIT_FETCH_WITH_CLI=true \
-  cargo build --release
-
-# https://hub.docker.com/r/bitnami/minideb
-FROM bitnami/minideb:latest
-
-# microbin will be in /app
-WORKDIR /app
-
-# copy time zone info
-COPY --from=build \
-  /usr/share/zoneinfo \
-  /usr/share/zoneinfo
-
-COPY --from=build \
-  /etc/ssl/certs/ca-certificates.crt \
-  /etc/ssl/certs/ca-certificates.crt
-
-# copy built executable
-COPY --from=build \
-  /app/target/release/microbin \
-  /usr/bin/microbin
-
-# Expose webport used for the webserver to the docker runtime
-EXPOSE 8080
-
-ENTRYPOINT ["microbin"]
diff --git a/default.nix b/default.nix
new file mode 100644
index 0000000..39bacff
--- /dev/null
+++ b/default.nix
@@ -0,0 +1,7 @@
+(import (
+  fetchTarball {
+    url = "https://github.com/edolstra/flake-compat/archive/99f1c2157fba4bfe6211a321fd0ee43199025dbf.tar.gz";
+    sha256 = "0x2jn3vrawwv9xp15674wjz9pixwjyj3j771izayl962zziivbx2"; }
+) {
+  src =  ./.;
+}).defaultNix
diff --git a/flake.lock b/flake.lock
new file mode 100644
index 0000000..cecfde6
--- /dev/null
+++ b/flake.lock
@@ -0,0 +1,77 @@
+{
+  "nodes": {
+    "naersk": {
+      "inputs": {
+        "nixpkgs": "nixpkgs"
+      },
+      "locked": {
+        "lastModified": 1671096816,
+        "narHash": "sha256-ezQCsNgmpUHdZANDCILm3RvtO1xH8uujk/+EqNvzIOg=",
+        "owner": "nix-community",
+        "repo": "naersk",
+        "rev": "d998160d6a076cfe8f9741e56aeec7e267e3e114",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "ref": "master",
+        "repo": "naersk",
+        "type": "github"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1676549890,
+        "narHash": "sha256-sq/WcOEAl7gWrrfGkWdnyYazRyTf+enEim/o6LOQzI8=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "8c66bd1b68f4708c90dcc97c6f7052a5a7b33257",
+        "type": "github"
+      },
+      "original": {
+        "id": "nixpkgs",
+        "type": "indirect"
+      }
+    },
+    "nixpkgs_2": {
+      "locked": {
+        "lastModified": 1676549890,
+        "narHash": "sha256-sq/WcOEAl7gWrrfGkWdnyYazRyTf+enEim/o6LOQzI8=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "8c66bd1b68f4708c90dcc97c6f7052a5a7b33257",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixpkgs-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "naersk": "naersk",
+        "nixpkgs": "nixpkgs_2",
+        "utils": "utils"
+      }
+    },
+    "utils": {
+      "locked": {
+        "lastModified": 1676283394,
+        "narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}
diff --git a/flake.nix b/flake.nix
new file mode 100644
index 0000000..2f907a6
--- /dev/null
+++ b/flake.nix
@@ -0,0 +1,21 @@
+{
+  inputs = {
+    naersk.url = "github:nix-community/naersk/master";
+    nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
+    utils.url = "github:numtide/flake-utils";
+  };
+
+  outputs = { self, nixpkgs, utils, naersk }:
+    utils.lib.eachDefaultSystem (system:
+      let
+        pkgs = import nixpkgs { inherit system; };
+        naersk-lib = pkgs.callPackage naersk { };
+      in
+      {
+        defaultPackage = naersk-lib.buildPackage ./.;
+        devShell = with pkgs; mkShell {
+          buildInputs = [ cargo rustc rustfmt pre-commit rustPackages.clippy ];
+          RUST_SRC_PATH = rustPlatform.rustLibSrc;
+        };
+      });
+}
diff --git a/render.yaml b/render.yaml
deleted file mode 100644
index 3c3e430..0000000
--- a/render.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
-services:
-  - type: web
-    name: microbin
-    plan: free
-    numInstances: 1
-    env: rust
-    repo: https://github.com/szabodanika/microbin.git
-    buildCommand: cargo build --release
-    startCommand: ./target/release/microbin --editable --highlightsyntax
diff --git a/shell.nix b/shell.nix
new file mode 100644
index 0000000..77db547
--- /dev/null
+++ b/shell.nix
@@ -0,0 +1,7 @@
+(import (
+  fetchTarball {
+    url = "https://github.com/edolstra/flake-compat/archive/99f1c2157fba4bfe6211a321fd0ee43199025dbf.tar.gz";
+    sha256 = "0x2jn3vrawwv9xp15674wjz9pixwjyj3j771izayl962zziivbx2"; }
+) {
+  src =  ./.;
+}).shellNix
diff --git a/src/pasta.rs b/src/pasta.rs
index 04ee45d..b7d06f4 100644
--- a/src/pasta.rs
+++ b/src/pasta.rs
@@ -144,7 +144,10 @@ impl Pasta {
     }
 
     pub fn content_escaped(&self) -> String {
-        self.content.replace('`', "\\`").replace('$', "\\$")
+        self.content
+            .replace('`', "\\`")
+            .replace('$', "\\$")
+            .replace("</script", "<\\/script")
     }
 }
 
diff --git a/templates/pasta.html b/templates/pasta.html
index 360425c..76694d6 100644
--- a/templates/pasta.html
+++ b/templates/pasta.html
@@ -142,4 +142,4 @@
   }
 </style>
 
-{% include "footer.html" %}
\ No newline at end of file
+{% include "footer.html" %}