1
0
Fork 1
mirror of https://github.com/git-pkgs/proxy.git synced 2026-07-07 14:53:20 -04:00
Commit graph

4 commits

Author SHA1 Message Date
Andrew Nesbitt
8c28b02035
Polish UI: lucide icons, sticky footer, hamburger nav, clickable logo (#162)
- Move third-party JS into static/vendor/ and add lucide for icons; refine
  .gitignore so embedded vendor dirs aren't caught by the Go vendor rule.
- Replace folder/file emojis in the source browser with lucide icons.
- Wrap the header logo and title in a single anchor so the icon is clickable.
- Drop the redundant "Powered by git-pkgs" footer block; add a GitHub repo
  link to the About column and bump the ecosystem count from 16+ to 17+.
- Sticky footer pattern: body is min-h-full flex column with main growing to
  fill, so the footer sits at the bottom of short pages.
- Hamburger menu under md: search and nav links collapse into a drawer
  toggled by a menu button; theme toggle stays visible at both sizes.
2026-06-07 16:44:30 +01:00
Andrew Nesbitt
08d975c397
Mount web UI under /ui (#148)
* Mount web UI under /ui (closes #123)

The UI now lives under /ui so reverse proxies can apply different
access rules to it (e.g. require auth) while leaving the package
endpoints (/npm, /pypi, /v2, ...) open to build machines.

- GET / redirects to /ui/
- /api/browse and /api/compare move to /ui/api/browse and
  /ui/api/compare since only the browser JS calls them
- /health, /stats, /metrics, /openapi.json and /api/* stay at root

* README: nginx example for splitting UI auth from package endpoints

The /ui prefix lets a reverse proxy apply different access rules to the
web UI than to the package endpoints. Adds the snippet that motivated
the prefix change so deployers don't have to derive it.
2026-06-07 15:47:29 +01:00
Andrew Nesbitt
9e97a3316a
Escape user-controlled strings in browse source JavaScript
File paths from archive contents were interpolated directly into onclick
handlers and innerHTML via template literals. A crafted filename containing
quotes could break out of the string context and execute arbitrary JS.

Add an escapeHTML helper and use it on all interpolated path and URL values
in the browse source page.
2026-03-12 11:59:14 +00:00
Andrew Nesbitt
2d7cb8eae5
Refactoring and features 2026-02-03 22:40:40 +00:00