pevent access from messengers

9 files changed, 51 insertions, 17 deletions

diff --git a/internal/storer/storer.go b/internal/storer/storer.go
index b8b4ffd..99da8b8 100644
--- a/internal/storer/storer.go
+++ b/internal/storer/storer.go
@@ -65,7 +65,11 @@ func (s *Store) IsEncrypted(id string) (bool, error) {
 	var encrypted bool
 
 	return encrypted, s.db.View(func(txn *badger.Txn) error {
-		value, err := txn.Get([]byte(id))
+		uid, err := xid.FromString(id)
+		if err != nil {
+			return err
+		}
+		value, err := txn.Get(uid.Bytes())
 		if err != nil {
 			return err
 		}
diff --git a/main.go b/main.go
index f3a9c22..0cf0827 100644
--- a/main.go
+++ b/main.go
@@ -102,18 +102,37 @@ func main() {
 
 	r.Get("/s/{id}", func(rw http.ResponseWriter, r *http.Request) {
 		id := chi.URLParam(r, "id")
-		secret, err := s.Get(id, "")
 		if err != nil {
 			log.Println(err)
 			_ = tpl.Render("notfound.gohtml", nil, rw)
 			return
 		}
-		if err := tpl.Render("memo.gohtml", renderer.Map{"secret": secret}, rw); err != nil {
+		_, err := s.IsEncrypted(id)
+		if err != nil {
+			log.Println(err)
+			_ = tpl.Render("notfound.gohtml", nil, rw)
+			return
+		}
+		if err := tpl.Render("memo.gohtml", renderer.Map{"id": id}, rw); err != nil {
 			log.Println(err)
 			_ = tpl.Render("error.gohtml", nil, rw)
 		}
 	})
 
+	r.Get("/api/s/{id}", func(rw http.ResponseWriter, r *http.Request) {
+		id := chi.URLParam(r, "id")
+		secret, err := s.Get(id, "")
+		if err != nil {
+			log.Println(err)
+			_ = tpl.Render("notfoundinline.gohtml", nil, rw)
+			return
+		}
+		if err := tpl.Render("secret.gohtml", renderer.Map{"secret": secret}, rw); err != nil {
+			log.Println(err)
+			_ = tpl.Render("notfoundinline.gohtml", nil, rw)
+		}
+	})
+
 	filesDir := http.Dir(filepath.Join(workDir, "public"))
 
 	r.Get("/*", func(w http.ResponseWriter, r *http.Request) {
diff --git a/public/css/index.css b/public/css/index.css
index db341af..a304ed4 100644
--- a/public/css/index.css
+++ b/public/css/index.css
@@ -141,7 +141,7 @@ form label {
     align-items: center;
 }
 
-input, textarea {
+input, textarea, button {
     background-color: var(--background-secondary);
     color: var(--text);
     border: 1px solid var(--border);
@@ -158,7 +158,7 @@ label {
     padding: 8px;
 }
 
-input:active {
+input:active, textarea:active, button:active {
     background-color: rgb(33, 33, 38);
 }
 
diff --git a/templates/includes/layout.gohtml b/templates/includes/layout.gohtml
index adebd99..03cf430 100644
--- a/templates/includes/layout.gohtml
+++ b/templates/includes/layout.gohtml
@@ -8,6 +8,7 @@
     <title>SendSafe</title>
     <link rel="stylesheet" href="/css/index.css" />
     <script src="https://unpkg.com/turbolinks/dist/turbolinks.js" crossorigin="anonymous"></script>
+    <script src="https://unpkg.com/htmx.org@1.3.1" crossorigin="anonymous"></script>
 </head>
 
 <body>
diff --git a/templates/pages/memo.gohtml b/templates/pages/memo.gohtml
index 804d7b7..e981266 100644
--- a/templates/pages/memo.gohtml
+++ b/templates/pages/memo.gohtml
@@ -3,10 +3,16 @@
 <div class="layout-center">
     <form action="/">
         <h1>Secret:</h1>
-        <b>Warning!</b> This text already deleted from server! If you refresh or close page - secret will be completely lost!
-        <hr />
-        <pre>{{.secret}}</pre>
-        <hr />
+        <div id="content">
+            <button
+                class='btn'
+                hx-get="/api/s/{{.id}}"
+                hx-target="#content"
+                hx-swap="innerHTML">
+                Show secret content
+            </button>
+            <span class="htmx-indicator">Loading...</span>
+        </div>
         <input type="submit" value="&larr; Back">
     </form>
 </div>
diff --git a/templates/pages/norfoundinline.gohtml b/templates/pages/norfoundinline.gohtml
new file mode 100644
index 0000000..32c2f62
--- /dev/null
+++ b/templates/pages/norfoundinline.gohtml
@@ -0,0 +1,2 @@
+<h1>Not found.</h1>
+<p>Link expired or already viewed.</p>
diff --git a/templates/pages/notfound.gohtml b/templates/pages/notfound.gohtml
index 911f8e1..d1b6e85 100644
--- a/templates/pages/notfound.gohtml
+++ b/templates/pages/notfound.gohtml
@@ -1,10 +1,5 @@
 {{template "layout.gohtml" .}}
 {{define "content"}}
-<div class="layout-center">
-    <form action="/">
-        <h1>Not found.</h1>
-        <p>Link expired or already viewed.</p>
-        <input type="submit" value="&larr; Back">
-    </form>
-</div>
+    <h1>Not found.</h1>
+    <p>Link expired or already viewed.</p>
 {{ end }}
diff --git a/templates/pages/save.gohtml b/templates/pages/save.gohtml
index f940502..2b427f6 100644
--- a/templates/pages/save.gohtml
+++ b/templates/pages/save.gohtml
@@ -5,7 +5,8 @@
         <h1>Saved</h1>
         Secret url:
         <hr />
-        <a href="https://sendsafe.xyz/s/{{.id}}">https://sendsafe.xyz/s/{{.id}}</a>
+        <p>https://sendsafe.xyz/s/{{.id}}</p>
+        <p>Send this link to recepient. This link can be viewed only once!</p>
         <hr />
         <input type="submit" value="&larr; Back">
     </form>
diff --git a/templates/pages/secret.gohtml b/templates/pages/secret.gohtml
new file mode 100644
index 0000000..94af286
--- /dev/null
+++ b/templates/pages/secret.gohtml
@@ -0,0 +1,6 @@
+<b>Warning!</b> This text already deleted from server! If you refresh or close page - secret will be completely lost!
+<hr />
+<pre id="content">
+    {{.secret}}
+</pre>
+<hr />