changes like

- xss vuln
- docker shit
+ nix shit
This commit is contained in:
Schrottkatze 2023-02-17 11:28:09 +01:00
parent 84136f1106
commit 57fd472eda
10 changed files with 131 additions and 48 deletions

1
.envrc Normal file
View file

@ -0,0 +1 @@
use flake

13
.github/workflows/build_nix.yml vendored Normal file
View file

@ -0,0 +1,13 @@
name: "Build legacy Nix package on Ubuntu"
on:
push:
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: cachix/install-nix-action@v12
- name: Building package
run: nix-build . -A defaultPackage.x86_64-linux

View file

@ -1,37 +0,0 @@
FROM rust:latest as build
WORKDIR /app
COPY . .
RUN \
DEBIAN_FRONTEND=noninteractive \
apt-get update &&\
apt-get -y install ca-certificates tzdata &&\
CARGO_NET_GIT_FETCH_WITH_CLI=true \
cargo build --release
# https://hub.docker.com/r/bitnami/minideb
FROM bitnami/minideb:latest
# microbin will be in /app
WORKDIR /app
# copy time zone info
COPY --from=build \
/usr/share/zoneinfo \
/usr/share/zoneinfo
COPY --from=build \
/etc/ssl/certs/ca-certificates.crt \
/etc/ssl/certs/ca-certificates.crt
# copy built executable
COPY --from=build \
/app/target/release/microbin \
/usr/bin/microbin
# Expose webport used for the webserver to the docker runtime
EXPOSE 8080
ENTRYPOINT ["microbin"]

7
default.nix Normal file
View file

@ -0,0 +1,7 @@
(import (
fetchTarball {
url = "https://github.com/edolstra/flake-compat/archive/99f1c2157fba4bfe6211a321fd0ee43199025dbf.tar.gz";
sha256 = "0x2jn3vrawwv9xp15674wjz9pixwjyj3j771izayl962zziivbx2"; }
) {
src = ./.;
}).defaultNix

77
flake.lock Normal file
View file

@ -0,0 +1,77 @@
{
"nodes": {
"naersk": {
"inputs": {
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1671096816,
"narHash": "sha256-ezQCsNgmpUHdZANDCILm3RvtO1xH8uujk/+EqNvzIOg=",
"owner": "nix-community",
"repo": "naersk",
"rev": "d998160d6a076cfe8f9741e56aeec7e267e3e114",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "master",
"repo": "naersk",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1676549890,
"narHash": "sha256-sq/WcOEAl7gWrrfGkWdnyYazRyTf+enEim/o6LOQzI8=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "8c66bd1b68f4708c90dcc97c6f7052a5a7b33257",
"type": "github"
},
"original": {
"id": "nixpkgs",
"type": "indirect"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1676549890,
"narHash": "sha256-sq/WcOEAl7gWrrfGkWdnyYazRyTf+enEim/o6LOQzI8=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "8c66bd1b68f4708c90dcc97c6f7052a5a7b33257",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"naersk": "naersk",
"nixpkgs": "nixpkgs_2",
"utils": "utils"
}
},
"utils": {
"locked": {
"lastModified": 1676283394,
"narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

21
flake.nix Normal file
View file

@ -0,0 +1,21 @@
{
inputs = {
naersk.url = "github:nix-community/naersk/master";
nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
utils.url = "github:numtide/flake-utils";
};
outputs = { self, nixpkgs, utils, naersk }:
utils.lib.eachDefaultSystem (system:
let
pkgs = import nixpkgs { inherit system; };
naersk-lib = pkgs.callPackage naersk { };
in
{
defaultPackage = naersk-lib.buildPackage ./.;
devShell = with pkgs; mkShell {
buildInputs = [ cargo rustc rustfmt pre-commit rustPackages.clippy ];
RUST_SRC_PATH = rustPlatform.rustLibSrc;
};
});
}

View file

@ -1,9 +0,0 @@
services:
- type: web
name: microbin
plan: free
numInstances: 1
env: rust
repo: https://github.com/szabodanika/microbin.git
buildCommand: cargo build --release
startCommand: ./target/release/microbin --editable --highlightsyntax

7
shell.nix Normal file
View file

@ -0,0 +1,7 @@
(import (
fetchTarball {
url = "https://github.com/edolstra/flake-compat/archive/99f1c2157fba4bfe6211a321fd0ee43199025dbf.tar.gz";
sha256 = "0x2jn3vrawwv9xp15674wjz9pixwjyj3j771izayl962zziivbx2"; }
) {
src = ./.;
}).shellNix

View file

@ -144,7 +144,10 @@ impl Pasta {
}
pub fn content_escaped(&self) -> String {
self.content.replace('`', "\\`").replace('$', "\\$")
self.content
.replace('`', "\\`")
.replace('$', "\\$")
.replace("</script", "<\\/script")
}
}