jonschoning / espial Goto Github PK

I try to make a package for my distro. This means an executable binary and static directory are owned by root and service is running under less privileged user. But when after login I go to /Settings or another route I get .../static/tmp: createDirectory: permission denied ..., i.e. espial wants to make a tmp subdirectory inside a static one.

Is temporary directory location configurable?

PS. I use the following Nix package: https://gist.github.com/le-chat/0c26919eaf39e5914fc425ea35cf880c

It would be nice to have some type of tag cloud.

Would it be very difficult to change the configuration (hopefully, only Yesod configuration) so to have this program running with an existing PostgreSQL instance, instead of the sqlite backend it uses by default?.

Also I would like to be able to use it through CGI with Apache.

I'm a newbie in Haskell, but I would like to contribute some code in this direction, but I think I'm going to need help.

Thank you!

Thanks for this nice selfhosted pinboard alternative!

Would it be possible to fetch and show existing tags in the bookmarklet to avoid duplicate tags?
I tend to forget my tags and usually end up with e.g. tool, tools, howto, how-to, etc. 😬

Hi there!

I was trying to get Espial to build again on nixpkgs earlier and realized the release being tracked was of version 0.0.11.

Can we get a new release with the latest changes on Hackage?

When looking at a list of links resulting from combined or single tags, the RSS feed proposed is always for all the content, not the search result.

For example for https://esp.ae8.org/u:demo/t:test+tag the RSS feed is proposing https://esp.ae8.org/u:demo/feed.xml

It would be useful to be able to have RSS feeds per tag or per tag combinations.

First, let me say that I love the simplistic nature of this project and the bookmark page.

But, I think I may not be understanding what public and private are intended to be used for on both bookmarks and notes.

What I was thinking I could do is self host this using separate logins for my family. But, I was expecting to be able to use the public vs private fields to allow each member to keep their privacy along with being able to share some items too.

For example, my wife and I both use the same banking bookmarks. But, I have my own forums that she has zero interest in (F150Gen14 for example). She has the same. And, she is not as technical as I am.

So, I figured I could add all of our banking links as public and my own form links as private. Then, expected for her to login and see the 'public' bookmarks I have added.

But, when she logs in, she doesn't see any of the 'public' bookmarks I have added.

Am I misunderstanding the intention of this? Or, is it just not working? And, not just the bookmarks. But, the notes too.

And, what does Privacy Lockout (Private Account) mean in settings?

Thanks again!

Are there are any plans to add a local archive feature? Full-text search across all my bookmarks (including PDFs) is an amazing feature to have and I would love to see that here.

At a minimum, shouldn't the sqlite database be closed before terminating the process?

I have not touched Haskell in 15 years, so I wasn't sure if perhaps the framework was doing this. But the espial process does not even catch SIGTERM. So I'm assuming there's no shutdown code.

Checking to see if the process has registered a SIGTERM handler (reading /proc/[pid]/status for the SigCgt bitmap, where SIGTERM is signal 15, 1-based index):

ps aux | grep "[e]spial" | awk '{print $2}' | xargs -I{} grep SigCgt /proc/{}/status | awk '{print $2}' | xargs -I{} bash -c 'echo "$(((0x$1 >> 14) & 1))"' -- {}

There is a secondary problem with the docker configuration, where when shutting down the container SIGTERM will not reach espial (even after a signal handler is added). The way CMD is used executes espial under a shell. The shell is PID 1, and PID 1 does not have default signal handlers, so the signal just disappears. Changing from CMD ./espial +RTS -T to CMD ["./espial", "+RTS", "-T"] would cause espial to run as PID 1 instead of a shell, and be able to receive signals. (https://docs.docker.com/engine/reference/builder/#understand-how-cmd-and-entrypoint-interact)

This would be very convenient and I suspect it's not only relevant to edge cases.

Thank you very much for your work on this, I just love it.

It would be awesome to have a browser plugin, no?

Trying to import a freshly exported pinboard bookmarks (~25k) and getting the following error: "Error in $[803].description: parsing Text failed, expected String, but encountered Boolean"
It seems the description field could be a string or a boolean (found 23 entries with false and 1 with an empty string "").

Is it possible to import existing archived sites along with bookmarks JSON using this tool?

Thanks

I have installed espial via docker compose on my docker running box, however I cannot log in due to XSRF errors. This is my docker compose file (note the image name is a local copy of your image that I docker save / docker import here, as my docker box does not have access to the internet, but only to the local network, which is mynet2 here).

version: "2"

networks:
  macvlan:
    external:
      name: mynet2

services:
  espial:
    image: jonschoning/espial:espial
    restart: always
    networks:
      macvlan:
        ipv4_address: 172.22.10.92
    ports:
      - "80:80"
    volumes:
      - ./data:/app/data
    environment:
      - PORT=80
      - IP_FROM_HEADER=false
      - SQLITE_DATABASE=/app/data/espial.sqlite3

when I try to log in via a browser I get an XSRF error, which I also see in the docker log

(open the login page)
192.168.1.200 - - [17/Jan/2015:15:15:51 +0000] "GET / HTTP/1.1" 303 0 "" "Mozilla/5.0 (X11; Linux x86_64; rv:106.0) Gecko/20100101 Firefox/106.0"
192.168.1.200 - - [17/Jan/2015:15:15:51 +0000] "GET /auth/login HTTP/1.1" 200 - "" "Mozilla/5.0 (X11; Linux x86_64; rv:106.0) Gecko/20100101 Firefox/106.0"
192.168.1.200 - - [17/Jan/2015:15:15:51 +0000] "GET /static/css/tachyons.min.css?etag=jhoIzwsR HTTP/1.1" 304 - "http://172.22.10.92/auth/login" "Mozilla/5.0 (X11; Linux x86_64; rv:106.0) Gecko/20100101 Firefox/106.0"
192.168.1.200 - - [17/Jan/2015:15:15:51 +0000] "GET /static/css/main.css?etag=GyxCR4FW HTTP/1.1" 304 - "http://172.22.10.92/auth/login" "Mozilla/5.0 (X11; Linux x86_64; rv:106.0) Gecko/20100101 Firefox/106.0"

(submit the password)
17/Jan/2015:15:16:02 +0000 [Warn#yesod-core] A valid CSRF token wasn't present. Because the request could have been forged, it's been rejected altogether.
If you're a developer of this site, these tips will help you debug the issue:
- Read the Yesod.Core.Handler docs of the yesod-core package for details on CSRF protection.
- Check that your HTTP client is persisting cookies between requests, like a browser does.
- By default, the CSRF token is sent to the client in a cookie named XSRF-TOKEN.
- The server is looking for the token in the following locations:
  - An HTTP header named X-XSRF-TOKEN (which is not currently set)
  - A POST parameter named _token (which has the current, incorrect value: 'KcSEju61n5JQFkWjwAOBFwBos8qyC2OnBpgDbQIg') @(yesod-core-1.6.24.0-12q7eAY8cgKPjk7uY7MUx:Yesod.Core.Handler src/Yesod/Core/Handler.hs:1665:6)
192.168.1.200 - - [17/Jan/2015:15:16:02 +0000] "POST /auth/page/db/login HTTP/1.1" 403 - "http://172.22.10.92/auth/login" "Mozilla/5.0 (X11; Linux x86_64; rv:106.0) Gecko/20100101 Firefox/106.0"
192.168.1.200 - - [17/Jan/2015:15:16:02 +0000] "GET /static/css/tachyons.min.css?etag=jhoIzwsR HTTP/1.1" 304 - "http://172.22.10.92/auth/page/db/login" "Mozilla/5.0 (X11; Linux x86_64; rv:106.0) Gecko/20100101 Firefox/106.0"
192.168.1.200 - - [17/Jan/2015:15:16:02 +0000] "GET /static/css/main.css?etag=GyxCR4FW HTTP/1.1" 304 - "http://172.22.10.92/auth/page/db/login" "Mozilla/5.0 (X11; Linux x86_64; rv:106.0) Gecko/20100101 Firefox/106.0"

I have tried this both with firefox and safari with identical results. Is something else I should be configuring? Is there any way to disable XSRF protection etc. (this is just in my local network which only I use, so I am not too worried about XSRF).

If I'm looking at someone else's pins, I see the tags associated with individual entries, but don't see an exhaustive set of tags available for their account. Can the tag cloud be made publicly available so that any non logged-in user can also interact with it? Currently it's only visible if you're logged in.

Instead of [no title], there could be a button for users to fetch the title from the <title> tag of the website.

How does one export all the bookmarks currently saved on their instance of espial?

"Error in $: parsing [] failed, expected Array, but encountered Object"

I would rather not post my entire bookmarks file publically can I email a private link to you?

I should note I exported my bookmarks in firefox 77.0.1 as json.

I like the simplicity of espial, but one neat feature I really miss is the ability to toggle archiving of individual bookmarks, so that I can turn off automatic archiving but still archive the ones I wish to be archived.

The little checkbox right next to the URL in the list of added bookmarks only links me to the corresponding archive.today link without actually archiving it. I'm either prompted with

or

What I would like is to have is a checkbox titled "Archive this URL" or something similar in

• the add URL page
• as well as either directly in the list of added bookmarks or preferably in the edit view of individual bookmarks.

Alternatively maybe change the behavior of the little checkbox right next to the URL to actually archive the URL, or add a "force refresh archiving" button.

One of the reasons why I ask for this is convenience for the people that are not technically inclined at all and might screw up. Think of "elderly" people for example, not really that swift with the mouse just happens to accidentally click "archive this URL", and maybe easily gets distracted by just handling a computer in general to actually forget about the archiving aspect of this tool.

I know this is not a real issue but it might be good to include the necessary configurations to setup a reverse proxy. The following code snippet can be great help to others since the application requires some headers to be set and most browsers give mixed content error if the headers are not in place.

  location ^~ / {
  proxy_pass http://yourdomain.com:3000/;
  proxy_buffering off;
  proxy_set_header Host $host;
  proxy_set_header X-Real-IP $remote_addr;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header X-Forwarded-Proto $scheme;
  }

Shortly, at least the following headers should be set:

• Host
• X-Forwarded-Proto

The other's are not required to make CSS and JS files load correctly, however can be useful for other purposes.

One possible solution to remove the protocol dependency is to call the styles and scripts by omitting the protocol and letting the browser handling it: //domain.com/stlye.css
I tried to find where this is being set but couldn't navigate myself safely in Haskell code.

It appears for me that when I try to send a page to be archived to archive.is it just gets stuck on the captcha page. I also noticed the Docker image hasn't been updated in over a year. Maybe that is the issue? Any plans to update the image?

Are there plans to document some of the common operations?

For example: for someone like me, who's never used Haskell before, how do I close the network socket that was opened when I ran espial?

Is there a help section that I'm missing?

There is an option to enable link archiving for added bookmarks but it is only valid if the account is public. As a private account holder, I'd like to be able to archive the links I want whether I am using a public or a private account.

Possible solutions:

• The archive option could be changed so that it can process all the links.
• Add URL page can have a new option to override global archive settings.

Mobile browsers on iOS devices "zoom" in on focused input elements when form elements are less 16px font-size.

For additional context, I provided a similar request to StackOverflow in a meta conversation. There are two possible solutions to this issue that I'm aware of:

(a) Give inputs font-size of 16 pixels

If mobile font-sizes in text inputs and text areas are at least 16px, browsers on iOS devices won't zoom into the element when the user selects the input.

Because the necolas/normalize CSS stylsheet adds font-size: 100% to all inputs, the input font size uses the body's which is 14px with the Tachyon class f6. The solution likely won't require removing the f6 class. Something likely this in main.css and popup.css would probably work.

input[type="text"],
input[type="url"],
input[type="password"],
textarea {
    font-size: 16px;
}

Unless you can think of any other selectors that should also be included.

(b) User scalable "hack"

A less common and disadvantaged solution, is one that Maciej employs on Pinboard's mobile site. He disables user-scalable viewport option within the viewport meta tag:

<meta name="viewport" content="width=device-width; initial-scale=1.0; maximum-scale=1.0; user-scalable=0;">
                                                                                         ^^^^^^^^^^^^^^^^

Unfortunately, using this method is an accessibility issue for users that might need to zoom. It's more practical for a site with a map. We could opt for this solution if you felt strongly in favor of the frontend's small font-size.

If you're open to it, I'd be happy to perform a PR.

Hey there!

I belong to an open source security research community, and a member (@noobpk) has found an issue, but doesn’t know the best way to disclose it.

If not a hassle, might you kindly add a SECURITY.md file with an email, or another contact method? GitHub recommends this best practice to ensure security issues are responsibly disclosed, and it would serve as a simple instruction for security researchers in the future.

Thank you for your consideration, and I look forward to hearing from you!

(cc @huntr-helper)

Is there interest in implementing this or how would I do it with cron etc?

Dear Developer of Espial,

I could successfully migrate espial from sqlite to mysql. However, there is one thing that simply doesn't work. The search realized in the function Model.bookmarksTagsQuery does not produce any search results. It's because I can't create a customized group_concat function for mysql. THe mysql version contains no commas:
https://www.mysqltutorial.org/mysql-group_concat/

Could you please give me a workable alternative to Model.sqliteGroupConcat. As you implemented such a complicated search I assume that you can implement a group_concat version for mysql. Here is an example of mysql's group_concat:

SELECT GROUP_CONCAT(DISTINCT country ORDER BY country SEPARATOR ' ')
FROM customers;

This is a wish list item, but I wanted to get it down in writing in case others are aware of any similar efforts or had ideas.

I operate most of my self-hosted services on ARM64 CPUs. While I do run espial on an x86_64 box, I'd love an arm container image or build target.

There may be an arch-specific limitation in the build process or dependent library that I'm not aware of that may preclude this from being possible. I also know that GHC cross-compiling is not an easy feat, so I would imagine that either a) running a Docker build on an arm host natively or b) relying on a toolchain such as cabal2nix may be the easiest path forward. "Will not implement" is also a valid response that will make me sad but is understandable 😄

FWIW, if there aren't any factors limiting the feasability of this I'm willing to put together a PR (would that go here or in espial-docker?)

I have been using espial for a few years and I have also saved URLs related to non-browser applications such as anydesk.
I have hundreds of links saved in the espial DB like this:
"anydesk: 12345678"
For a few days (perhaps with the last update) I have not been able to add URLs of this type, an error message appears with the indication
"Invalid URL"
This is the detailed log:

POST /api/add
  Request Body: {"url":"anydesk:12345678","toread":null,"title":"TEST","time":null,"tags":"test","slug":null,"selected":null,"private":true,"description":"Anydeks TEST","bid":null,"archiveUrl":null}
  Accept: */*
  Status: 400 Bad Request 0.0014245s

The same thing if I try to modify an existing URL.

404 Not Found when open https://archive.li

Hi! I am an Espial user on NixOS, and I am trying to write a NixOS module for Espial to make it easier for people on NixOS to run an Espial service. However, nix package repository grabs Haskell packages off of Hackage, and the currently published version of Espial (0.0.7) fails to build with current Nix-Haskell infrastructure. Therefore the package is marked as broken. I have tested building it with the latest source on GitHub and it seems to build fine.

TL;DR: Is it possible to publish the latest release version (which seems to be 0.0.9) to Hackage? Thanks!

I saw that the first line of the installation guide is:

curl -sSL https://get.haskellstack.org/ | sh

It's probably not a good idea to recommend executing a remote shell script without verifying its contents in any way. Or am I too paranoid?