Merge pull request #48 from ronnyworm/add-helm-chart

add helm chart and add instructions for its usage in README

.gitignore

@@ -10,3 +10,4 @@ urls.sqlite
 .env
 cookie*
 .idea/
+.DS_Store

Makefile

@@ -24,7 +24,7 @@ docker-test: docker-local docker-stop
 	docker run -p ${PORT}:${PORT} --name chhoto-url -e password="${PASSWORD}" -e public_mode="${PUBLIC_MODE}" \
 		-e site_url="${SITE_URL}" -e db_url="${DB_URL}" -e redirect_method="${REDIRECT_METHOD}" -e port="${PORT}"\
 		-e slug_style="${SLUG_STYLE}" -e slug_length="${SLUG_LENGTH}" -e cache_control_header="${CACHE_CONTROL_HEADER}"\
-		-e api_key="${API_KEY}"\
+		-e api_key="${API_KEY}" -e disable_frontend="${DISABLE_FRONTEND}"\
 		-d chhoto-url
 	docker logs chhoto-url -f
 

README.md

@@ -45,9 +45,10 @@ for small. URL means, well... URL. So the name simply means Small URL.
   stays under 5MB under normal use.)
 - Counts number of hits for each short link in a privacy respecting way
   i.e. only the hit is recorded, and nothing else.
-- Has a mobile friendly UI.
+- Has a mobile friendly UI, and automatic dark mode.
 - Has a public mode, where anyone can add links without authentication. Deleting 
-  or listing available links will need admin access using the password.
+  or listing available links will need admin access using the password. It's also 
+  possible to completely disable the frontend.
 - Allows setting the URL of your website, in case you want to conveniently
   generate short links locally.
 - Links are stored in an SQLite database.
@@ -56,7 +57,7 @@ for small. URL means, well... URL. So the name simply means Small URL.
   written in plain HTML and vanilla JS, using [Pure CSS](https://purecss.io/)
   for styling.
 - Uses very basic authentication using a provided password. It's not encrypted in transport.
-  I  recommend using something like [caddy](https://caddyserver.com/) to
+  I  recommend using a reverse proxy such as [caddy](https://caddyserver.com/) to
   encrypt the connection by SSL.
   
 # Bloat that will not be implemented
@@ -72,7 +73,6 @@ not needed here.
 whatever reason), you can message me through GitHub issues.
 
 # Screenshots 
-#### Note: I'm using Dark Reader here to get the dark theme.
 <p align="middle">
   <img src="screenshot-desktop.webp" height="250" alt="desktop screenshot" />
   <img src="screenshot-mobile.webp" height="250" alt="mobile screenshot" />
@@ -147,7 +147,8 @@ the `slug_style` variable to `UID`. You can also set the length of those slug by
 the `slug_length` variable. It defaults to 8, and a minimum of 4 is supported.
 
 To enable public mode, set `public_mode` to `Enable`. With this, anyone will be able to add 
-links. Listing existing links or deleting links will need admin access using the password.
+links. Listing existing links or deleting links will need admin access using the password. To
+completely disable the frontend, set `disable_frontend` to `True`.
 
 By default, the server sends no Cache-Control headers. You can set custom `cache_control_header` 
 to send your desired headers. It must be a comma separated list of valid 
@@ -155,6 +156,20 @@ to send your desired headers. It must be a comma separated list of valid
 you can set it to `no-cache, private` to disable caching. It might help during testing if
 served through a proxy.
 
+## Deploying in your Kubernetes cluster with Helm
+The helm values are very sparse to keep it simple. If you need more values to be variable, feel free to adjust.
+
+The PVC allocates 100Mi and the PV is using a host path volume.
+
+The helm chart assumes you have [cert manager](https://github.com/jetstack/cert-manager) deployed to have TLS certificates managed easily in your cluster. Feel free to remove the issuer and adjust the ingress if you're on AWS with EKS for example. To install cert-manager, I recommend using the ["kubectl apply" way](https://cert-manager.io/docs/installation/kubectl/) to install cert-manager.
+
+To get started, `cp helm-chart/values.yaml helm-chart/my-values.yaml` and adjust `password`, `fqdn` and `letsencryptmail` in your new `my-values.yaml`, then just run
+
+``` bash
+cd helm-chart
+helm upgrade --install chhoto-url . -n chhoto-url --create-namespace -f my-values.yaml
+```
+
 ## Instructions for CLI usage
 The application can be used from the terminal using something like `curl`. In all the examples
 below, replace `http://localhost:4567` with where your instance of `chhoto-url` is accessible.
@@ -232,5 +247,7 @@ that those links aren't created by you.
 
 ## Notes
 - It started as a fork of [`simply-shorten`](https://gitlab.com/draganczukp/simply-shorten).
+- There's an (unofficial) extension maintained by for shortening URLs easily using Chhoto URL.
+  [You can take a look at it here.](https://github.com/SolninjaA/Chhoto-URL-Extension)
 - The list of adjectives and names used for random short url generation is a modified
   version of [this list used by docker](https://github.com/moby/moby/blob/master/pkg/namesgenerator/names-generator.go).

actix/Cargo.toml

@@ -3,7 +3,7 @@
 
 [package]
 name = "chhoto-url"
-version = "5.6.1"
+version = "5.6.3"
 edition = "2021"
 authors = ["Sayantan Santra <sayantan[dot]santra689[at]gmail[dot]com"]
 license = "mit"
@@ -29,9 +29,9 @@ categories = ["web-programming"]
 [dependencies]
 actix-web = "4.5.1"
 actix-files = "0.6.5"
-rusqlite = { version = "0.32.0", features = ["bundled"] }
+rusqlite = { version = "0.34.0", features = ["bundled"] }
 regex = "1.10.3"
-rand = "0.8.5"
+rand = "0.9.0"
 passwords = "3.1.16"
 actix-session = { version = "0.10.0", features = ["cookie-session"] }
 env_logger = "0.11.1"

actix/src/database.rs

@@ -33,7 +33,7 @@ pub fn find_url(shortlink: &str, db: &Connection, needhits: bool) -> (Option<Str
 // Get all URLs in DB
 pub fn getall(db: &Connection) -> Vec<DBRow> {
     let mut statement = db
-        .prepare_cached("SELECT * FROM urls")
+        .prepare_cached("SELECT * FROM urls ORDER BY id ASC")
         .expect("Error preparing SQL statement for getall.");
 
     let mut data = statement

actix/src/main.rs

@@ -40,6 +40,8 @@ async fn main() -> Result<()> {
         .ok()
         .filter(|s| !s.trim().is_empty());
 
+    let disable_frontend = env::var("disable_frontend").is_ok_and(|s| s.trim() == "True");
+
     // If an API key is set, check the security
     if let Ok(key) = env::var("api_key") {
         if !auth::is_key_secure() {
@@ -82,7 +84,7 @@ async fn main() -> Result<()> {
 
     // Actually start the server
     HttpServer::new(move || {
-        App::new()
+        let mut app = App::new()
             .wrap(middleware::Logger::default())
             .wrap(middleware::Compress::default())
             .wrap(
@@ -108,9 +110,13 @@ async fn main() -> Result<()> {
             .service(services::delete_link)
             .service(services::login)
             .service(services::logout)
-            .service(services::expand)
-            .service(Files::new("/", "./resources/").index_file("index.html"))
-            .default_service(actix_web::web::get().to(services::error404))
+            .service(services::expand);
+
+        if !disable_frontend {
+            app = app.service(Files::new("/", "./resources/").index_file("index.html"));
+        }
+
+        app.default_service(actix_web::web::get().to(services::error404))
     })
     // Hardcode the port the server listens to. Allows for more intuitive Docker Compose port management
     .bind(("0.0.0.0", port))?

actix/src/services.rs

@@ -79,9 +79,9 @@ pub async fn add_link(
             // Return http://
             if port == 80 {
                 url = env::var("site_url")
-                        .ok()
-                        .filter(|s| !s.trim().is_empty())
-                        .unwrap_or(String::from("http://localhost"));
+                    .ok()
+                    .filter(|s| !s.trim().is_empty())
+                    .unwrap_or(String::from("http://localhost"));
             }
             // If the port is 443, remove the port from the returned URL (better for copying and pasting)
             // Return https://

actix/src/utils.rs

@@ -4,7 +4,7 @@
 use crate::{auth, database};
 use actix_web::HttpRequest;
 use nanoid::nanoid;
-use rand::seq::SliceRandom;
+use rand::seq::IndexedRandom;
 use regex::Regex;
 use rusqlite::Connection;
 use serde::{Deserialize, Serialize};
@@ -190,10 +190,10 @@ fn gen_link(style: String, len: usize) -> String {
         format!(
             "{0}-{1}",
             ADJECTIVES
-                .choose(&mut rand::thread_rng())
+                .choose(&mut rand::rng())
                 .expect("Error choosing random adjective."),
             NAMES
-                .choose(&mut rand::thread_rng())
+                .choose(&mut rand::rng())
                 .expect("Error choosing random name.")
         )
     }

compose.yaml

@@ -6,6 +6,12 @@ services:
         image: sintan1729/chhoto-url:latest
         restart: unless-stopped
         container_name: chhoto-url
+        # You may enable the next two options if you want, but it may break the program if the db is bind
+        # mounted from the system. It does add extra security, but I don't know enough about docker
+        # to help in case it breaks something.
+        # read_only: true
+        # cap_drop:
+        #   - ALL
         ports:
             # If you changed the "port" environment variable, adjust accordingly
             # The number AFTER the colon should match the "port" variable and the number
@@ -53,6 +59,9 @@ services:
             # In case you want to provide public access to adding links (and not 
             # delete, or listing), change the following option to Enable.
             # - public_mode=Disable
+            # In case you want to completely disable the frontend, change the following
+            # to True.
+            # - disable_frontend=False
             
             # By default, the server sends no Cache-Control headers. You can supply a 
             # comma separated list of valid header as per RFC 7234 §5.2 to send those

helm-chart/Chart.yaml

@@ -0,0 +1,24 @@
+apiVersion: v2
+name: chhoto-url
+description: A Helm chart for Kubernetes
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "1.16.0"

helm-chart/templates/ingress.yml

@@ -0,0 +1,23 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: chhoto-url
+  annotations:
+    cert-manager.io/issuer: "letsencrypt"
+    acme.cert-manager.io/http01-edit-in-place: "true"
+spec:
+  tls:
+    - hosts:
+      - {{ .Values.fqdn }}
+      secretName: my-tls
+  rules:
+  - host: {{ .Values.fqdn }}
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: chhoto-url
+            port:
+              number: 80

helm-chart/templates/issuer.yml

@@ -0,0 +1,18 @@
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: letsencrypt
+spec:
+  acme:
+    # The ACME server URL
+    server: https://acme-v02.api.letsencrypt.org/directory
+    # Email address used for ACME registration
+    email: {{ .Values.letsencryptmail }}
+    # Name of a secret used to store the ACME account private key
+    privateKeySecretRef:
+      name: letsencrypt
+    # Enable the HTTP-01 challenge provider
+    solvers:
+      - http01:
+          ingress:
+            ingressClassName: nginx

helm-chart/templates/pv.yml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: chhoto-pv
+  labels:
+    app: chhoto-url
+spec:
+  capacity:
+    storage: 100Mi
+  accessModes:
+    - ReadWriteOnce
+  hostPath:
+    path: {{ .Values.persistence.hostPath.path }}

helm-chart/templates/secret.yml

@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: secret
+type: Opaque
+data:
+  password: {{ .Values.password }}
+  {{- if .Values.api_key }}
+  api_key: {{ .Values.api_key }}
+  {{- end }}

helm-chart/templates/sts.yml

@@ -0,0 +1,61 @@
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: chhoto-url
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: chhoto-url
+  template:
+    metadata:
+      labels:
+        app: chhoto-url
+    spec:
+      containers:
+        - name: chhoto-url
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+          ports:
+            - containerPort: 4567
+          env:
+            - name: password
+              valueFrom:
+                secretKeyRef:
+                  name: secret
+                  key: password
+            {{- if .Values.api_key }}
+            - name: api_key
+              valueFrom:
+                secretKeyRef:
+                  name: secret
+                  key: api_key
+            {{- end }}
+            - name: db_url
+              value: /db/urls.sqlite
+            - name: site_url
+              value: "{{ .Values.protocol }}://{{ .Values.fqdn }}"
+            - name: redirect_method
+              value: {{ .Values.redirect_method }}
+            - name: slug_style
+              value: {{ .Values.slug_style }}
+            - name: slug_length
+              value: "{{ .Values.slug_length }}"
+            - name: public_mode
+              value: {{ .Values.public_mode }}
+            - name: disable_frontend
+              value: {{ .Values.disable_frontend }}
+            {{- if .Values.cache_control_header }}
+            - name: cache_control_header
+              value: {{ .Values.cache_control_header }}
+            {{- end }}
+          volumeMounts:
+            - name: data
+              mountPath: /db
+  volumeClaimTemplates:
+    - metadata:
+        name: data
+      spec:
+        accessModes: [ "ReadWriteOnce" ]
+        resources:
+          requests:
+            storage: 100Mi

helm-chart/templates/svc.yml

@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: chhoto-url
+  labels:
+    app: chhoto-url
+spec:
+  type: ClusterIP
+  ports:
+    - port: 80
+      targetPort: 4567
+      protocol: TCP
+  selector:
+    app: chhoto-url

helm-chart/values.yaml

@@ -0,0 +1,28 @@
+# Default values for chhoto-url.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+image:
+  repository: sintan1729/chhoto-url
+  pullPolicy: IfNotPresent
+  tag: "5.4.6"
+
+# please use a better password in your values and base64 encode it
+password: cGFzc3dvcmQ=
+# if used, needs to be base64 encoded as well
+# api_key: U0VDVVJFX0FQSV9LRVk=
+
+persistence:
+  hostPath:
+    path: /mnt/data/chhoto-data
+
+redirect_method: PERMANENT
+slug_style: Pair
+slug_length: 8
+public_mode: Disable
+disable_frontend: False
+# cache_control_header: "no-cache, private"
+
+protocol: https
+fqdn: your.short.link.url.com
+letsencryptmail: your.mail@address.com

resources/index.html

@@ -78,7 +78,7 @@
             <p>Please enter password to access this website</p>
             <input type="password" id="password" />
             <button class="pure-button pure-button-primary" value="default">Log in</button>
-            <p id="wrong-pass">&nbsp;</p>
+            <p id="wrong-pass" hidden>Wrong password!</p>
         </form>
     </dialog>
 

resources/static/script.js

@@ -56,7 +56,7 @@ const refreshData = async () => {
         }
     } else {
         let data = await res.json();
-        displayData(data);
+        displayData(data.reverse());
     }
 }
 
@@ -129,10 +129,10 @@ const copyShortUrl = async (link) => {
     const site = await getSiteUrl();
     try {
         navigator.clipboard.writeText(`${site}/${link}`);
-        showAlert(`Short URL ${link} was copied to clipboard!`, "green");
+        showAlert(`Short URL ${link} was copied to clipboard!`, "light-dark(green, #72ff72)");
     } catch (e) {
         console.log(e);
-        showAlert(`Could not copy short URL to clipboard, please do it manually: <a href=${site}/${link}>${site}/${link}</a>`, "red");
+        showAlert(`Could not copy short URL to clipboard, please do it manually: <a href=${site}/${link}>${site}/${link}</a>`, "light-dark(red, #ff1a1a)");
     }
 
 }
@@ -213,7 +213,7 @@ const submitForm = () => {
         })
         .then(text => {
             if (!ok) {
-                showAlert(text, "red");
+                showAlert(text, "light-dark(red, #ff1a1a)");
             }
             else {
                 copyShortUrl(text);
@@ -234,11 +234,10 @@ const submitLogin = () => {
             document.getElementById("container").style.filter = "blur(0px)"
             document.getElementById("login-dialog").close();
             password.value = '';
+            document.getElementById("wrong-pass").hidden = true;
             refreshData();
         } else {
-            const wrongPassBox = document.getElementById("wrong-pass");
-            wrongPassBox.innerHTML = "Wrong password!";
-            wrongPassBox.style.color = "red";
+            document.getElementById("wrong-pass").hidden = false;
             password.focus();
         }
     })

resources/static/styles.css

@@ -6,6 +6,33 @@
     src: url('/assets/Montserrat-VF.woff2');
 }
 
+:root {
+    color-scheme: light dark;
+}
+
+body {
+    color: light-dark(black, #e8e6e3);
+    background-color: light-dark(white, #181a1b);
+}
+
+.pure-button {
+    background-color: light-dark(#0078e7, #0060b9);
+}
+
+input {
+    border-color: light-dark(#cccccc, #3e4446) !important;
+    box-shadow: light-dark(#dddddd, #2b2f31) 0px 1px 3px inset !important;
+}
+
+::placeholder {
+    color: light-dark(#757575, #636061);
+}
+
+legend {
+    color: light-dark(#333333, #c8c3bc) !important;
+    border-bottom-color: light-dark(#e5e5e5 ,#373c3e) !important;
+}
+
 * {
     font-family: Montserrat;
 }
@@ -15,6 +42,10 @@
     margin: 20px auto auto;
 }
 
+a {
+    color: light-dark(blue, #3391ff);
+}
+
 table tr td div {
     max-height: 75px;
     line-height: 25px;
@@ -23,6 +54,19 @@ table tr td div {
     overflow: auto;
 }
 
+.pure-table {
+    border-color: light-dark(black, #867d6e);
+}
+
+.pure-table caption {
+    color: light-dark(black, #e8e6e3);
+}
+
+.pure-table thead {
+    color: light-dark(black, #e8e6e3);
+    background-color: light-dark(#e0e0e0, #2a2d2f);
+}
+
 .pure-table td {
     border-left: none;
 }
@@ -86,10 +130,19 @@ div[name="links-div"] {
     margin-bottom: 10px;
 }
 
-dialog form {
+#login-dialog {
+    border-radius: 10px;
+    border-width: 2px;
+}
+
+#login-dialog form {
     text-align: center;
 }
 
+#wrong-pass {
+    color: light-dark(red, #ff1a1a);
+}
+
 /* Settings for mobile devices */
 @media (pointer:none),
 (pointer:coarse) {