v1.9.0

* Skip CSRF for embeds

The CSRF middleware sets a _csrf cookie also for loading the embed
javascript on third-party sites. With this change no _csrf cookie is set
when loading the embed javascript (regardless if third-party site or
first-party).

.gitattributes

@@ -1,2 +1,4 @@
 templates/**/* linguist-vendored
 public/**/*.css linguist-vendored
+public/**/*.scss linguist-vendored
+*.config.js linguist-vendored

.github/FUNDING.yml

@@ -0,0 +1 @@
+github: thomiceli

.github/workflows/docs.yml

@@ -0,0 +1,47 @@
+name: Build / Deploy docs
+
+on:
+  push:
+    tags:
+      - 'v*'
+  workflow_dispatch:
+
+jobs:
+  build-and-deploy:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+
+      - name: Install JS dependencies
+        run: |
+          npm install vitepress@1.3.4 tailwindcss@3.4.10
+
+      - name: Build docs
+        run: |
+          cd docs
+          npx tailwindcss -i .vitepress/theme/style.css -o .vitepress/theme/theme.css -c .vitepress/tailwind.config.js
+          npm run docs:build
+
+      - name: Deploy to server
+        uses: appleboy/scp-action@master
+        with:
+          host: ${{ secrets.SERVER_HOST }}
+          username: ${{ secrets.SERVER_USERNAME }}
+          key: ${{ secrets.SERVER_SSH_KEY }}
+          source: "docs/.vitepress/dist/*"
+          target: ${{ secrets.SERVER_PATH }}
+
+      - name: Update remote docs
+        uses: appleboy/ssh-action@master
+        with:
+          host: ${{ secrets.SERVER_HOST }}
+          username: ${{ secrets.SERVER_USERNAME }}
+          key: ${{ secrets.SERVER_SSH_KEY }}
+          script: |
+            ${{ secrets.UPDATE_DOCS }}

.github/workflows/go.yml

@@ -0,0 +1,138 @@
+name: "Go CI"
+on:
+  push:
+    branches:
+      - master
+      - 'dev-*'
+  workflow_dispatch:
+
+  pull_request:
+    paths-ignore:
+      - '**.yml'
+      - '**.md'
+
+jobs:
+  lint:
+    name: Lint
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Set up Go 1.23
+        uses: actions/setup-go@v4
+        with:
+          go-version: "1.23"
+
+      - name: Lint
+        uses: golangci/golangci-lint-action@v6
+        with:
+          version: v1.60
+          args: --out-format=colored-line-number --timeout=20m
+
+      - name: Format
+        run: make fmt check_changes
+
+  check:
+    name: Check
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Set up Go 1.23
+        uses: actions/setup-go@v4
+        with:
+          go-version: "1.23"
+
+      - name: Check Go modules
+        run: make go_mod check_changes
+
+      - name: Check translations
+        run: make check-tr
+
+  test-db:
+    name: Test
+    strategy:
+      fail-fast: false
+      matrix:
+        os: ["ubuntu-latest"]
+        go: ["1.23"]
+        database: [postgres, mysql]
+        include:
+          - database: postgres
+            image: postgres:16
+            port: 5432:5432
+          - database: mysql
+            image: mysql:8
+            port: 3306:3306
+
+    runs-on: ${{ matrix.os }}
+    services:
+      database:
+        image: ${{ matrix.image }}
+        ports:
+          - ${{ matrix.port }}
+        env:
+          POSTGRES_PASSWORD: opengist
+          POSTGRES_DB: opengist_test
+          MYSQL_ROOT_PASSWORD: opengist
+          MYSQL_DATABASE: opengist_test
+        options: >-
+          --health-cmd ${{ matrix.database == 'postgres' && 'pg_isready' || '"mysqladmin ping"' }}
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Set up Go ${{ matrix.go }}
+        uses: actions/setup-go@v4
+        with:
+          go-version: ${{ matrix.go }}
+
+      - name: Run tests
+        run: make test TEST_DB_TYPE=${{ matrix.database }}
+
+  test:
+    name: Test
+    strategy:
+      fail-fast: false
+      matrix:
+        os: ["ubuntu-latest", "macOS-latest", "windows-latest"]
+        go: ["1.23"]
+        database: ["sqlite"]
+    runs-on: ${{ matrix.os }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Set up Go ${{ matrix.go }}
+        uses: actions/setup-go@v4
+        with:
+          go-version: ${{ matrix.go }}
+
+      - name: Run tests
+        run: make test TEST_DB_TYPE=${{ matrix.database }}
+
+  build:
+    name: Build
+    strategy:
+      fail-fast: false
+      matrix:
+        os: ["ubuntu-latest", "macOS-latest", "windows-latest"]
+        go: ["1.23"]
+    runs-on: ${{ matrix.os }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Set up Go 1.23
+        uses: actions/setup-go@v4
+        with:
+          go-version: ${{ matrix.go }}
+
+      - name: Build
+        shell: bash
+        run: make

.github/workflows/release.yml

@@ -1,12 +1,37 @@
-name: Docker
+name: Release
 
 on:
   release:
     types: [published]
-  workflow_dispatch:
 
 jobs:
-  docker:
+  binaries-build-release:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Set up Go 1.23
+        uses: actions/setup-go@v4
+        with:
+          go-version: "1.23"
+
+      - name: Cross compile build
+        run: make all_crosscompile
+
+      - name: Upload Release Assets
+        uses: softprops/action-gh-release@v1
+        with:
+          files: |
+            build/*.tar.gz 
+            build/*.zip 
+            build/checksums.txt
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+  docker-build-release:
     runs-on: ubuntu-latest
     permissions:
       contents: read
@@ -21,6 +46,7 @@ jobs:
         with:
           images: |
             ghcr.io/thomiceli/opengist
+            docker.io/thomiceli/opengist
           tags: |
             type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', github.event.repository.default_branch) }}
             type=semver,pattern={{major}}
@@ -40,6 +66,12 @@ jobs:
           username: ${{ github.repository_owner }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
+      - name: Login to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
       - name: Build and push
         uses: docker/build-push-action@v4
         with:
@@ -49,4 +81,4 @@ jobs:
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
           cache-from: type=gha
-          cache-to: type=gha,mode=max
+          cache-to: type=gha,mode=max

.gitignore

@@ -6,3 +6,6 @@ gist.db
 public/assets/*
 public/manifest.json
 opengist
+build/
+docs/.vitepress/dist/
+docs/.vitepress/cache/

CHANGELOG.md

@@ -1,9 +1,426 @@
 # Changelog
 
-## [1.0.1](https://github.com/thomiceli/opengist/compare/v1.0.0...v1.0.1) - [2023-04-12]
+## [1.9.0](https://github.com/thomiceli/opengist/compare/v1.8.4...v1.9.0) - 2025-02-02
+See here how to [update](https://opengist.io/docs/update) Opengist.
+
+### Added
+- Topics (tags) for Gists (#413)
+- Gist languages saved in database (#422)
+- Search gists on user profile with title, visibility, language & topics (#422)
+- Jdenticon for default avatars (#416)
+- Git push option for description (#412)
+- MIME type support for raw file serving (#417)
+
+### Fixed
+- Skip CSRF for embed gists (#402)
+- Remove CSRF check for Git HTTP packs (#408)
+- Replace path.Join with filepath.Join for file system paths (#414)
+- Empty password error when trying to change the username (#418)
+- Save content form on gist create error (#420)
+
+### Other
+- Refactor server code (#407)
+- Remove memdb for gist init (#421)
+- Added Opengist Docker images to Docker Hub
+
+## [1.8.4](https://github.com/thomiceli/opengist/compare/v1.8.3...v1.8.4) - 2024-12-15
+See here how to [update](/docs/update.md) Opengist.
+
+### Added
+- More translation strings (#398)
+- Custom instance names (#399)
+
+### Fixed
+- Prevent passwords managers autofill on filename inputs (#357)
+
+## [1.8.3](https://github.com/thomiceli/opengist/compare/v1.8.2...v1.8.3) - 2024-11-26
+See here how to [update](/docs/update.md) Opengist.
+
+### Changed
+- Throw `warn` instead of `fatal` on Git global config init failure (#392)
+- Define esbuild as a Javascript dependency for all other platforms (#393)
+
+## [1.8.2](https://github.com/thomiceli/opengist/compare/v1.8.1...v1.8.2) - 2024-11-25
+See here how to [update](/docs/update.md) Opengist.
+
+### Added
+- More translation strings (#373) (#388)
+
+### Changed
+- Enforce git config on startup (#383)
+- Respect file scheme URIs for SQLite. (#387)
+
+### Fixed
+- Convert octal notation file names in Git (#380)
+- Git clone on SSH with MySQL (#382)
+- Escaping for embed gists (#381)
+
+### Other
+- Update deps Golang & JS deps
+
+## [1.8.1](https://github.com/thomiceli/opengist/compare/v1.8.0...v1.8.1) - 2024-11-02
+See here how to [update](/docs/update.md) Opengist.
+
+### Changed
+- Hide passkey login when login form is disabled (#369)
+
+### Fixed
+- Markdown preview (#368)
+- confirm() popup messages (#370)
+
+## [1.8.0](https://github.com/thomiceli/opengist/compare/v1.7.5...v1.8.0) - 2024-10-31
+See here how to [update](https://opengist.io/docs/update) Opengist.
+
+### 🔴 Deprecations 
+_Removed in the next SemVer MAJOR version of Opengist._
+* Use the configuration option `db-uri`/`OG_DB_URI` **instead of** `db-filename`/`OG_DB_FILENAME`.\
+  More info [here](https://opengist.io/docs/configuration/databases/sqlite) if you plan to keep SQLite as a DBMS for Opengist.
+
+### Added
+- Postgres and MySQL databases support (#335)
+- Passkeys & TOTP support + MFA (#341) (#342)
+- Add/Remove admins (#337)
+- Queriable shorter uuids (#338)
+- Use Docker secrets (#340)
+- SVG preview in Markdown (#346)
+- Secret key definition & move the secret key file to its parent directory (#358)
+- More translation strings (#339)
+
+### Changed
+- Separate OAuth unlink URL (#336)
+
+### Fixed
+- Adding multiple empty lines in editor. (#345)
+- Config URL (#343)
+- Send Markdown preview data as form params (#347)
+- Fix oauth endpoint to support detecting https in 'Forwarded' header, enabling google support (#359)
+- Use mail handle if OAuth nickname is empty (#362)
+
+### Other
+- Use go 1.23 and update deps (#354)
+- Typos in README (#363)
+
+## [1.7.5](https://github.com/thomiceli/opengist/compare/v1.7.4...v1.7.5) - 2024-09-12
+See here how to [update](/docs/update.md) Opengist.
+
+### Added
+- New website for documentation using Vitepress [https://opengist.io](https://opengist.io) (#326)
+- Ukrainian localization (#325)
+- Dummy /metrics endpoint (#327)
+
+## [1.7.4](https://github.com/thomiceli/opengist/compare/v1.7.3...v1.7.4) - 2024-09-09
+See here how to [update](/docs/update.md) Opengist.
+
+### Added
+- More translations strings (#294) (#304)
+- Hide change password form when login via password disabled (#314)
+- File delete button on create editor (#320)
+- Assets cache header 
+- Hide secret values in admin config page
+- Atomic pointer for indexer (#321)
+
+### Fixed
+- Fatal error using `cases.Title()` (#313)
+- Search unlisted gist (#319)
+
+### Other
+- Removed logger `trace` and `fatal` levels (#322)
+
+## [1.7.3](https://github.com/thomiceli/opengist/compare/v1.7.2...v1.7.3) - 2024-06-03
+See here how to [update](/docs/update.md) Opengist.
+
+### Added
+- Setting to allow anonymous access to individual gists while still RequireLogin everywhere else (#229)
+- Make edit visibility a toggle (#277)
+- More translation strings (#274) (#281)
+- String method to visibility (#276)
+
+### Fixed
+- Perms for http/ssh clone (#288)
+- Fix translation string (#293)
+
+### Other
+- Update deps Golang & JS deps
+- Check translations keys in CI (#279)
+- Fix CI check for additional translations only (#289)
+
+## [1.7.2](https://github.com/thomiceli/opengist/compare/v1.7.1...v1.7.2) - 2024-05-05
+See here how to [update](/docs/update.md) Opengist.
+
+### Added
+- Docs: 
+  - Run with systemd as a normal user (#254)
+  - Kubernetes deployment (#258)
+- More translation strings (#269) (#271)
+
+### Changed
+- Rework git log parsing and truncating (#260)
+- Set Opengist version from git tags (#261)
+
+### Fixed
+- Missing preview button when editing .md gist (#259)
+- Frontend (#267)
+  - Fix mermaid display 
+  - Move Login/Register buttons on mobile 
+  - Set minimum width on avatar
+
+### Other
+- Use go 1.22 and update deps (#244)
+
+## [1.7.1](https://github.com/thomiceli/opengist/compare/v1.7.0...v1.7.1) - 2024-04-05
+See here how to [update](/docs/update.md) Opengist.
+
+### Added
+- Docs: More detailed variant for custom pages (#248)
+
+### Fixed
+- Auth page GitlabName Error (#242)
+- Empty invitation on user creation (#247)
+
+## [1.7.0](https://github.com/thomiceli/opengist/compare/v1.6.1...v1.7.0) - 2024-04-03
+See here how to [update](/docs/update.md) Opengist.
+
+Note: all sessions will be invalidated after this update.
+
+### Added
+- Custom logo configuration (#209)
+- Custom static links (#234)
+- Invitations for closed registrations (#233)
+- Set gist visibility via Git push options (#215)
+- Set gist URL and title via push options (#216)
+- Specify custom names in the OAuth login buttons (#214)
+- Markdown preview (#224)
+- Reset a user password using CLI (#226)
+- Translations (#207, #210)
+
+### Changed
+- Use filesystem session store (#240)
+- Move Git hook logic to Opengist (#213)
+- Increase login for 1 year (#222)
+
+### Fixed
+- Show theme change button on responsive devices (#225)
+- New line literal in embed gists (#237)
+
+### Other
+- GitHub security updates
+- New docker dev env (#220)
+
+## [1.6.1](https://github.com/thomiceli/opengist/compare/v1.6.0...v1.6.1) - 2024-01-06
+See here how to [update](/docs/update.md) Opengist.
+
+### Added
+- Healthcheck on Docker container (#204)
+- Translations:
+  - fr-FR (#201)
+
+### Fixed
+- Directory renaming on username change (#205)
+
+## [1.6.0](https://github.com/thomiceli/opengist/compare/v1.5.3...v1.6.0) - 2024-01-04
+See here how to [update](/docs/update.md) Opengist.
+
+### Added
+- Embedded gists (#179)
+- Gist code search (#194)
+- Custom URLS for gists (#183)
+- Gist JSON data/metadata (#179)
+- Keep default visibility when creating a gist on the UI (#155)
+- Health check endpoint (#170)
+- GitLab OAuth2 login (#174)
+- Syntax highlighting for more file types (#176) 
+- Checkable Markdown checkboxes (#182)
+- Config:
+  - Log output (#172) 
+  - Default git branch name (#171)
+- Change username setting (#190)
+- Admin actions:
+  - Synchronize all gists previews (#191)
+  - Reset Git server hooks for all repositories (#191)
+  - Index all gists (#194)
+- Translations:
+  - cs-CZ (#164)
+  - zh-TW (#166, #195)
+  - hu-HU (#185)
+  - pt-BR (#193)
+- Docs (#198)
+
+### Changed
+- Updated dependencies (#197):
+  - Go `1.20` -> `1.21` 
+  - JavaScript packages
+  - NodeJS Docker image `18` -> `20`
+  - Alpine Docker image `3.17` -> `3.19`
+
+### Fixed
+- Fix reverse proxy subpath support (#192)
+- Fix undecoded gist content when going back to editing in the UI (#184)
+- Fix outputting non-truncated large files for editon/zip download (#184)
+- Allow dashes in usernames (#184)
+- Delete SSH keys associated to deleted user (#184)
+- Better error message when there is no files in gist (#184)
+- Show if there is no files in gist preview (#184)
+- Log parsing for the 11th empty commit (#184)
+- Optimize reading gist files content (#186)
+
+## [1.5.3](https://github.com/thomiceli/opengist/compare/v1.5.2...v1.5.3) - 2023-11-20
+### Added
+- es-ES translation (#139)
+- Create/change account password (#156)
+- Display OAuth error messages when HTTP 400 (#159)
+
+### Fixed
+- Git bare repository branch name creation (#157)
+- Git file truncated output hanging (#157) 
+- Home user directory detection handling (#145)
+- UI changes (#158)
+
+## [1.5.2](https://github.com/thomiceli/opengist/compare/v1.5.1...v1.5.2) - 2023-10-16
+### Added
+- zh-CN translation (#130)
+- ru-RU translation (#135)
+- config.yml usage in the Docker container (#131)
+- Longer title and description (#129)
+
+### Fixed
+- Private gist visibility (#128)
+- Dark background color in Markdown rendering (#137)
+- Error handling for password hashes (#132)
+
+## [1.5.1](https://github.com/thomiceli/opengist/compare/v1.5.0...v1.5.1) - 2023-09-29
+### Added
+- Hungarian translations (#123)
+
+### Fixed
+- .c and .h syntax highlighting (#119)
+- Login page disabled depending on locale (#120)
+- Syntax error on templates when calling locale function (#122)
+
+## [1.5.0](https://github.com/thomiceli/opengist/compare/v1.4.2...v1.5.0) - 2023-09-26
+### Added
+- Private Gist visibility (#87)
+- Create gists from a special Git HTTP server remote URL (#95)
+- OIDC provider integration (#98)
+- Translation system (#104)
+- Run `git gc` on all repositories as admin (#90)
+- Unit and integration tests (#97)
+- Documentation (#110, #111)
+- New logo (#103)
+
+### Changed
+- Use Non-CGO SQLite instead of CGO SQLite (#100)
+- Various UI changes (#84, #93)
+- Improved CI/CD pipeline (#99, #113)
+- Improved git http semantics and repo obfuscation (#94)
+- Updated Go deps (#102)
+
+### Fixed
+- Find command for Windows users (#89)
+- Retain visibility when editing a gist (#83)
+- Typo on admin index page (#85)
+- ViteJS dev server (#91)
+- Bugs (#105)
+
+### Breaking changes
+- Removed CONFIG env var
+- Removed TLS server (#101)
+
+## [1.4.2](https://github.com/thomiceli/opengist/compare/v1.4.1...v1.4.2) - 2023-07-17
+### Added
+- External url to HTML links & redirects (#75)
+- Make unlisted gists not SEO crawlable (#78)
+- Warning message on OAuth unlink (#79)
+
+### Changed
+- Redirect to `/all` when not logged in (#76)
+- Removed Dev Docker image (#80)
+
+## [1.4.1](https://github.com/thomiceli/opengist/compare/v1.4.0...v1.4.1) - 2023-06-25
+### ⚠️ Docker users ⚠️
+Opengist Docker volume has been changed from `/root/.opengist` to `/opengist`, do not forget to update your
+`docker-compose.yml` file or any other Docker related configuration.
+
+Please make a backup of your Opengist data directory before updating.
+
+### Fixed
+- Git message remote: `warning: unable to access '/root/.config/git/attributes': Permission denied` (#71)
+
+## [1.4.0](https://github.com/thomiceli/opengist/compare/v1.3.0...v1.4.0) - 2023-06-23
+### ⚠️ Docker users ⚠️
+Opengist Docker volume has been changed from `/root/.opengist` to `/opengist`, do not forget to update your
+`docker-compose.yml` file or any other Docker related configuration.
+
+Please make a backup of your Opengist data directory before updating.
+
+### Added
+- Search gists, browse users snippets, likes and forks (#68)
+- SQLite WAL journal mode by default (#54)
+- Change SQLite journal mode via configuration (#54)
+- Configuration via environment variables (#50)
+- Docker dev image (#56)
+- Choose Docker container/volumes owner via UID/GID (#63)
+
+### Changed
+- Docker volume changed from `/root/.opengist` to `/opengist` (#63)
+- `DEV` environment variable renamed to `OG_DEV` (#64)
+- Use `npx` in Makefile instead of `./node_modules/.bin` (#66)
+- DEPRECATED: `OG_CONFIG` environment variable (#64)
+
+### Fixed
+- Gitea URL joins (#43, #61)
+- Dark mode flickering (#44)
+- Typos (#42)
+
+## [1.3.0](https://github.com/thomiceli/opengist/compare/v1.2.0...v1.3.0) - 2023-05-27
+### Added
+- Disable login form via admin panel
+- Syntax highlighting in Markdown code block (#29)
+- Better UI for admin settings (#30)
+- Disable Gravatar (#37)
+- Swap between dark and light theme (#38)
+
+### Changed
+- Logs are now also appended to stdout
+- Golang module name is now `github.com/thomiceli/opengist`
+
+### Fixed
+- First account registering with OAuth is now admin
+- Fix HTML entities escaping in Markdown code block (#29)
+
+## [1.2.0](https://github.com/thomiceli/opengist/compare/v1.1.1...v1.2.0) - 2023-05-01
+### Added
+- Restrict or unrestrict snippets visibility to anonymous users (#19)
+- Go CI with Staticcheck
+
+### Changed
+- Filenames are now trimmed when creating a snippet (#20)
+- SSH public key comments are now trimmed when adding a new key (#22)
+
+### Fixed
+- Respect ExternalUrl for OAuth (#21)
+- SSH public key detection (#22)
+
+## [1.1.1](https://github.com/thomiceli/opengist/compare/v1.1.0...v1.1.1) - 2023-04-20
+### Fixed
+- Git processes are now correctly killed
+
+## [1.1.0](https://github.com/thomiceli/opengist/compare/v1.0.1...v1.1.0) - 2023-04-18
+### Added
+- GitHub and Gitea OAuth2 login
+- Database migration system
+
+### Changed
+- Admin panel route from `/admin` route to `/admin-panel`
+- Moved disable signup option to admin panel
+
+### Fixed
+- Truncate raw file (#4)
+- Fix SSH key table constraints on user delete
+
+## [1.0.1](https://github.com/thomiceli/opengist/compare/v1.0.0...v1.0.1) - 2023-04-12
 ### Changed
 - Updated base footer
 - Changed redirections when not logged in
 
-## 1.0.0 - [2023-04-10]
+## 1.0.0 - 2023-04-10
 - Initial release

Dockerfile

@@ -1,16 +1,25 @@
-FROM alpine:3.17 AS build
+FROM alpine:3.19 AS base
 
 RUN apk update && \
-    apk add --no-cache \
-    make \
-    gcc \
-    musl-dev \
-    libstdc++
+        apk add --no-cache \
+        make \
+        shadow \
+        openssl \
+        openssh \
+        curl \
+        wget \
+        git \
+        gnupg \
+        xz \
+        gcc \
+        musl-dev \
+        libstdc++
 
-COPY --from=golang:1.19-alpine /usr/local/go/ /usr/local/go/
+COPY --from=golang:1.23-alpine /usr/local/go/ /usr/local/go/
 ENV PATH="/usr/local/go/bin:${PATH}"
+ENV CGO_ENABLED=0
 
-COPY --from=node:18-alpine /usr/local/ /usr/local/
+COPY --from=node:20-alpine /usr/local/ /usr/local/
 ENV NODE_PATH="/usr/local/lib/node_modules"
 ENV PATH="/usr/local/bin:${PATH}"
 
@@ -18,13 +27,25 @@ WORKDIR /opengist
 
 COPY . .
 
+
+FROM base AS dev
+
+EXPOSE 6157 2222 16157
+VOLUME /opengist
+
+CMD ["make", "watch"]
+
+
+FROM base AS build
+
 RUN make
 
 
-FROM alpine:3.17
+FROM alpine:3.19 as prod
 
 RUN apk update && \
     apk add --no-cache \
+    shadow \
     openssl \
     openssh \
     curl \
@@ -36,10 +57,17 @@ RUN apk update && \
     musl-dev \
     libstdc++
 
-WORKDIR /opengist
+RUN addgroup -S opengist && \
+    adduser -S -G opengist -s /bin/ash -g 'Opengist User' opengist
 
-COPY --from=build /opengist/opengist .
+COPY --from=build --chown=opengist:opengist /opengist/config.yml config.yml
+
+WORKDIR /app/opengist
+
+COPY --from=build --chown=opengist:opengist /opengist/opengist .
+COPY --from=build --chown=opengist:opengist /opengist/docker ./docker
 
 EXPOSE 6157 2222
-VOLUME /root/.opengist
-CMD ["./opengist"]
+VOLUME /opengist
+HEALTHCHECK --interval=60s --timeout=30s --start-period=15s --retries=3 CMD curl -f http://localhost:6157/healthcheck || exit 1
+ENTRYPOINT ["./docker/entrypoint.sh"]

Makefile

@@ -1,9 +1,14 @@
-.PHONY: all install build_frontend build_backend build build_docker watch_frontend watch_backend watch clean clean_docker
+.PHONY: all all_crosscompile install build_frontend build_backend build build_crosscompile build_docker build_dev_docker run_dev_docker watch_frontend watch_backend watch clean clean_docker check_changes go_mod fmt test check-tr
 
 # Specify the name of your Go binary output
 BINARY_NAME := opengist
+GIT_TAG := $(shell git describe --tags)
+VERSION_PKG := github.com/thomiceli/opengist/internal/config.OpengistVersion
+TEST_DB_TYPE ?= sqlite
 
-all: install build
+all: clean install build
+
+all_crosscompile: clean install build_frontend build_crosscompile
 
 install:
 	@echo "Installing NPM dependencies..."
@@ -13,34 +18,62 @@ install:
 
 build_frontend:
 	@echo "Building frontend assets..."
-	./node_modules/.bin/vite build
+	npx vite -c public/vite.config.js build
+	@EMBED=1 npx postcss 'public/assets/embed-*.css' -c public/postcss.config.js --replace # until we can .nest { @tailwind } in Sass
 
 build_backend:
 	@echo "Building Opengist binary..."
-	go build -tags fs_embed -o $(BINARY_NAME) .
+	go build -tags fs_embed -ldflags "-X $(VERSION_PKG)=$(GIT_TAG)" -o $(BINARY_NAME) .
 
 build: build_frontend build_backend
 
+build_crosscompile:
+	@bash ./scripts/build-all.sh
+
 build_docker:
 	@echo "Building Docker image..."
 	docker build -t $(BINARY_NAME):latest .
 
+build_dev_docker:
+	@echo "Building Docker image..."
+	docker build -t $(BINARY_NAME)-dev:latest --target dev .
+
+run_dev_docker:
+	docker run -v .:/opengist -p 6157:6157 -p 16157:16157 -p 2222:2222 -v $(HOME)/.opengist-dev:/root/.opengist --rm $(BINARY_NAME)-dev:latest
+
 watch_frontend:
 	@echo "Building frontend assets..."
-	./node_modules/.bin/vite dev --port 16157
+	npx vite -c public/vite.config.js dev --port 16157 --host
 
 watch_backend:
 	@echo "Building Opengist binary..."
-	DEV=1 ./node_modules/.bin/nodemon --watch '**/*' -e html,yml,go,js --signal SIGTERM --exec 'go run . --config config.yml'
+	OG_DEV=1 npx nodemon --watch '**/*' -e html,yml,go,js --signal SIGTERM --exec 'go run -ldflags "-X $(VERSION_PKG)=$(GIT_TAG)" . --config config.yml'
 
 watch:
-	@bash ./watch.sh
+	@sh ./scripts/watch.sh
 
 clean:
 	@echo "Cleaning up build artifacts..."
 	@rm -f $(BINARY_NAME) public/manifest.json
-	@rm -rf public/assets
+	@rm -rf public/assets build
 
 clean_docker:
 	@echo "Cleaning up Docker image..."
 	@docker rmi $(BINARY_NAME)
+
+check_changes:
+	@echo "Checking for changes..."
+	@git --no-pager diff --exit-code || (echo "There are unstaged changes detected." && exit 1)
+
+go_mod:
+	@go mod download
+	@go mod tidy
+
+fmt:
+	@go fmt ./...
+
+test:
+	@OPENGIST_TEST_DB=$(TEST_DB_TYPE) go test ./... -p 1
+
+check-tr:
+	@bash ./scripts/check-translations.sh

README.md

@@ -1,55 +1,44 @@
 # Opengist
 
+<img height="108px" src="https://raw.githubusercontent.com/thomiceli/opengist/master/public/opengist.svg" alt="Opengist" align="right" />
+
+Opengist is a **self-hosted** Pastebin **powered by Git**. All snippets are stored in a Git repository and can be
+read and/or modified using standard Git commands, or with the web interface.
+It is similar to [GitHub Gist](https://gist.github.com/), but open-source and could be self-hosted.
+
+[Home Page](https://opengist.io) • [Documentation](https://opengist.io/docs) • [Discord](https://discord.gg/9Pm3X5scZT) • [Demo](https://demo.opengist.io)
+
+
 ![GitHub release (latest SemVer)](https://img.shields.io/github/v/release/thomiceli/opengist?sort=semver)
 ![License](https://img.shields.io/github/license/thomiceli/opengist?color=blue)
-
-A self-hosted pastebin **powered by Git**. [Try it here](https://opengist.thomice.li).
-
-* [Features](#features)
-* [Install](#install)
-    * [With Docker](#with-docker)
-    * [From source](#from-source)
-* [Configuration](#configuration)
-* [Administration](#administration)
-    * [Use Nginx as a reverse proxy](#use-nginx-as-a-reverse-proxy)
-    * [Use Fail2ban](#use-fail2ban)
-* [License](#license)
+[![Go CI](https://github.com/thomiceli/opengist/actions/workflows/go.yml/badge.svg)](https://github.com/thomiceli/opengist/actions/workflows/go.yml)
+[![Go Report Card](https://goreportcard.com/badge/github.com/thomiceli/opengist)](https://goreportcard.com/report/github.com/thomiceli/opengist)
+[![Translate](https://tr.opengist.io/widget/_/svg-badge.svg)](https://tr.opengist.io/projects/_/opengist/)
 
 ## Features
 
-* Create public or unlisted snippets
-* Clone / Pull / Push snippets **via Git** over HTTP or SSH
-* Revisions history
+* Create public, unlisted or private snippets
+* [Init](/docs/usage/init-via-git.md) / Clone / Pull / Push snippets **via Git** over HTTP or SSH
 * Syntax highlighting ; markdown & CSV support
+* Search code in snippets; browse users snippets, likes and forks
+* Add topics to snippets
+* Embed snippets in other websites
+* Revisions history
 * Like / Fork snippets
-* Search for all snippets or for certain users snippets
-* Editor with indentation mode & size ; drag and drop files
 * Download raw files or as a ZIP archive
-* Avatars
-* Responsive UI
-* Enable or disable signups
-* Admin panel : delete users/gists; clean database/filesystem by syncing gists
-* SQLite database
-* Logging
+* OAuth2 login with GitHub, GitLab, Gitea, and OpenID Connect
+* Restrict or unrestrict snippets visibility to anonymous users
 * Docker support
+* [More...](/docs/introduction.md#features)
 
-#### Todo
-
-- [ ] Light mode
-- [ ] Tests
-- [ ] Search for snippets
-- [ ] Embed snippets
-- [ ] Filesystem/Redis support for user sessions
-- [ ] Have a cool logo
-
-## Install
+## Quick start
 
 ### With Docker
 
-A Docker [image](https://github.com/users/thomiceli/packages/container/package/opengist), available for each release, can be pulled
+Docker [images](https://github.com/thomiceli/opengist/pkgs/container/opengist) are available for each release :
 
-```
-docker pull ghcr.io/thomiceli/opengist:1
+```shell
+docker pull ghcr.io/thomiceli/opengist:1.9
 ```
 
 It can be used in a `docker-compose.yml` file :
@@ -59,26 +48,48 @@ It can be used in a `docker-compose.yml` file :
 3. Opengist is now running on port 6157, you can browse http://localhost:6157
 
 ```yml
-version: "3"
-
 services:
   opengist:
-    image: ghcr.io/thomiceli/opengist:1
+    image: ghcr.io/thomiceli/opengist:1.9
     container_name: opengist
     restart: unless-stopped
     ports:
       - "6157:6157" # HTTP port
       - "2222:2222" # SSH port, can be removed if you don't use SSH
     volumes:
-      - "$HOME/.opengist:/root/.opengist"
-    environment:
-      CONFIG: |
-        log-level: info
+      - "$HOME/.opengist:/opengist"
 ```
 
+You can define which user/group should run the container and own the files by setting the `UID` and `GID` environment variables :
+
+```yml
+services:
+  opengist:
+    # ...
+    environment:
+      UID: 1001
+      GID: 1001
+```
+
+### Via binary
+
+Download the archive for your system from the release page [here](https://github.com/thomiceli/opengist/releases/latest), and extract it.
+
+```shell
+# example for linux amd64
+wget https://github.com/thomiceli/opengist/releases/download/v1.9.0/opengist1.9.0-linux-amd64.tar.gz
+
+tar xzvf opengist1.9.0-linux-amd64.tar.gz
+cd opengist
+chmod +x opengist
+./opengist # with or without `--config config.yml`
+```
+
+Opengist is now running on port 6157, you can browse http://localhost:6157
+
 ### From source
 
-Requirements : [Git](https://git-scm.com/downloads) (2.20+), [Go](https://go.dev/doc/install) (1.19+), [Node.js](https://nodejs.org/en/download/) (16+)
+Requirements: [Git](https://git-scm.com/downloads) (2.28+), [Go](https://go.dev/doc/install) (1.23+), [Node.js](https://nodejs.org/en/download/) (16+), [Make](https://linux.die.net/man/1/make) (optional, but easier)
 
 ```shell
 git clone https://github.com/thomiceli/opengist
@@ -89,87 +100,15 @@ make
 
 Opengist is now running on port 6157, you can browse http://localhost:6157
 
-## Configuration
+---
 
-Opengist can be configured using YAML. The full configuration file is [config.yml](config.yml), each default key/value
-pair can be overridden.
+To create and run a development environment, see [run-development.md](/docs/contributing/development.md).
 
-### With docker
+## Documentation
 
-Add a `CONFIG` environment variable in the `docker-compose.yml` file to the `opengist` service :
-
-```diff
-environment:
-  CONFIG: |
-    log-level: info
-    ssh.git-enabled: false
-    disable-signup: true
-    # ...
-```
-
-### With binary
-
-Create a `config.yml` file (you can reuse this [one](config.yml)) and run Opengist binary with the `--config` flag :
-
-```shell
-./opengist --config /path/to/config.yml
-```
+The documentation is available at [https://opengist.io/](https://opengist.io/) or in the [/docs](/docs) directory.
 
 
-## Administration
-
-### Use Nginx as a reverse proxy
-
-Configure Nginx to proxy requests to Opengist. Here is an example configuration file :
-```
-server {
-    listen 80;
-    server_name opengist.example.com;
-
-    location / {
-        proxy_pass http://127.0.0.1:6157;
-        proxy_set_header Host $host;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
-    }
-}
-```
-
-Then run :
-```shell
-service nginx restart 
-```
-
-### Use Fail2ban
-
-Fail2ban can be used to ban IPs that try to bruteforce the login page.
-Log level must be set at least to `warn`.
-
-Add this filter in `etc/fail2ban/filter.d/opengist.conf` :
-```ini
-[Definition]
-failregex =  Invalid .* authentication attempt from <HOST>
-ignoreregex =
-```
-
-Add this jail in `etc/fail2ban/jail.d/opengist.conf` :
-```ini
-[opengist]
-enabled = true
-filter = opengist
-logpath = /home/*/.opengist/log/opengist.log
-maxretry = 10
-findtime = 3600
-bantime = 600
-banaction = iptables-allports
-port = anyport
-```
-
-Then run
-```shell
-service fail2ban restart 
-```
 ## License
 
-Opengist is licensed under the [AGPL-3.0 license](LICENSE).
+Opengist is licensed under the [AGPL-3.0 license](/LICENSE).

config.yml

@@ -1,19 +1,42 @@
-# Set the log level to one of the following: trace, debug, info, warn, error, fatal, panic. Default: warn
+# Learn more about Opengist configuration here:
+# https://github.com/thomiceli/opengist/blob/master/docs/configuration/configure.md
+# https://github.com/thomiceli/opengist/blob/master/docs/configuration/cheat-sheet.md
+
+# Set the log level to one of the following: debug, info, warn, error, fatal. Default: warn
 log-level: warn
 
-# Public URL for the Git HTTP/SSH connection.
-# If not set, uses the URL from the request
-external-url:
+# Set the log output to one or more of the following: `stdout`, `file`. Default: stdout,file
+log-output: stdout,file
 
-# Prevents the creation of new accounts (either `true` or `false`). Default: false
-disable-signup: false
+# Public URL to access to Opengist
+external-url:
 
 # Directory where Opengist will store its data. Default: ~/.opengist/
 opengist-home:
 
-# Name of the SQLite database file. Default: opengist.db
-db-filename: opengist.db
+# Secret key used for session store & encrypt MFA data on database. Default: <randomized 32 bytes>
+secret-key:
 
+# URI of the database. Default: opengist.db (SQLite) is placed in opengist-home
+# SQLite:        file:/path/to/database
+# PostgreSQL:    postgres://user:password@host:port/database
+# MySQL/MariaDB: mysql://user:password@host:port/database
+db-uri: opengist.db
+
+# Enable or disable the code search index (either `true` or `false`). Default: true
+index.enabled: true
+
+# Name of the directory where the code search index is stored. Default: opengist.index
+index.dirname: opengist.index
+
+# Default branch name used by Opengist when initializing Git repositories.
+# If not set, uses the Git default branch name. See https://git-scm.com/book/en/v2/Getting-Started-First-Time-Git-Setup#_new_default_branch
+git.default-branch:
+
+# Set the journal mode for SQLite. Default: WAL
+# See https://www.sqlite.org/pragma.html#pragma_journal_mode
+# For SQLite databases only.
+sqlite.journal-mode: WAL
 
 # HTTP server configuration
 # Host to bind to. Default: 0.0.0.0
@@ -25,15 +48,6 @@ http.port: 6157
 # Enable or disable git operations (clone, pull, push) via HTTP (either `true` or `false`). Default: true
 http.git-enabled: true
 
-# Enable or disable TLS (either `true` or `false`). Default: false
-http.tls-enabled: false
-
-# Path to the TLS certificate file if TLS is enabled
-http.cert-file:
-
-# Path to the TLS key file if TLS is enabled
-http.key-file:
-
 # SSH built-in server configuration
 # Note: it is not using the SSH daemon from your machine (yet)
 
@@ -56,3 +70,49 @@ ssh.external-domain:
 
 # Path or alias to ssh-keygen executable. Default: ssh-keygen
 ssh.keygen-executable: ssh-keygen
+
+# OAuth2 configuration
+# The callback/redirect URL must be http://opengist.url/oauth/<github|gitlab|gitea|openid-connect>/callback
+
+# To create a new OAuth2 application using GitHub : https://github.com/settings/applications/new
+github.client-key:
+github.secret:
+
+# To create a new OAuth2 application using Gitlab : https://gitlab.com/-/user_settings/applications
+gitlab.client-key:
+gitlab.secret:
+# URL of the Gitlab instance. Default: https://gitlab.com/
+gitlab.url: https://gitlab.com/
+# The name of the GitLab instance. It is displayed in the OAuth login button. Default: GitLab
+gitlab.name: GitLab
+
+# To create a new OAuth2 application using Gitea : https://gitea.domain/user/settings/applications
+gitea.client-key:
+gitea.secret:
+# URL of the Gitea instance. Default: https://gitea.com/
+gitea.url: https://gitea.com/
+# The name of the Gitea instance. It is displayed in the OAuth login button. Default: Gitea
+gitea.name: Gitea
+
+# To create a new OAuth2 application using OpenID Connect:
+oidc.client-key:
+oidc.secret:
+# Discovery endpoint of the OpenID provider. Generally something like http://auth.example.com/.well-known/openid-configuration
+oidc.discovery-url:
+
+# Instance name
+# Set your own custom name to be displayed instead of 'Opengist'
+custom.name:
+
+# Custom assets
+# Add your own custom assets, that are files relatives to $opengist-home/custom/
+custom.logo:
+custom.favicon:
+
+# Static pages in footer (like legal notices, privacy policy, etc.)
+# The path can be a URL or a relative path to a file in the $opengist-home/custom/ directory
+custom.static-links:
+#  - name: Gitea
+#    path: https://gitea.com
+#  - name: Legal notices
+#    path: legal.html

deploy/README.md

@@ -0,0 +1,75 @@
+# kustomize
+
+## Simple
+
+`kustomization.yaml`:
+
+```yaml
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+metadata:
+  name: opengist
+
+resources:
+  - https://github.com/thomiceli/opengist/deploy/
+```
+
+## Full example
+
+`kustomization.yaml`:
+
+```yaml
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+metadata:
+  name: opengist
+
+namespace: opengist
+
+resources:
+  - namespace.yaml
+  - https://github.com/thomiceli/opengist/deploy/?ref:v1.9.0
+
+images:
+  - name: ghcr.io/thomiceli/opengist
+    newTag: 1.9.0
+
+patches:
+  # Add your ingress
+  - path: ingress.yaml
+  - patch: |-
+      - op: add
+        path: /spec/rules/0/host
+        value: opengist.mydomain.com
+    target:
+      group: networking.k8s.io
+      version: v1
+      kind: Ingress
+      name: opengist
+```
+
+`namespace.yaml`:
+
+```yaml
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: opengist
+```
+
+`ingress.yaml`:
+
+```yaml
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: opengist
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-production
+spec:
+  ingressClassName: nginx
+  tls:
+    - hosts:
+        - opengist.mydomain.com
+      secretName: opengist-tls
+```

deploy/deployment.yaml

@@ -0,0 +1,29 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: opengist
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: opengist
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: opengist
+    spec:
+      containers:
+        - name: opengist
+          image: ghcr.io/thomiceli/opengist
+          ports:
+            - name: http
+              containerPort: 6157
+            - name: ssh
+              containerPort: 2222
+          volumeMounts:
+            - mountPath: /opengist
+              name: data
+      volumes:
+        - name: data
+          persistentVolumeClaim:
+            claimName: opengist-data

deploy/ingress.yaml

@@ -0,0 +1,20 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: opengist
+  labels:
+    app.kubernetes.io/name: opengist
+    app.kubernetes.io/component: ingress
+spec:
+  rules:
+    - host: opengist.local
+      http:
+        paths:
+          - pathType: Prefix
+            path: "/"
+            backend:
+              service:
+                name: opengist
+                port:
+                  name: http

deploy/kustomization.yaml

@@ -0,0 +1,11 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+metadata:
+  name: opengist
+
+resources:
+  - deployment.yaml
+  - pvc.yaml
+  - ingress.yaml
+  - service.yaml

deploy/pvc.yaml

@@ -0,0 +1,15 @@
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: opengist-data
+  labels:
+    app.kubernetes.io/name: opengist
+    app.kubernetes.io/component: data
+spec:
+  resources:
+    requests:
+      storage: 1Gi
+  volumeMode: Filesystem
+  accessModes:
+    - ReadWriteOnce

deploy/service.yaml

@@ -0,0 +1,14 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: opengist
+  labels:
+    app.kubernetes.io/name: opengist
+spec:
+  selector:
+    app.kubernetes.io/name: opengist
+  ports:
+    - port: 80
+      targetPort: http
+      name: http

docker/entrypoint.sh

@@ -0,0 +1,18 @@
+#!/bin/sh
+
+export USER=opengist
+UID=${UID:-1000}
+GID=${GID:-1000}
+groupmod -o -g "$GID" $USER
+usermod -o -u "$UID" $USER
+
+chown -R "$USER:$USER" /opengist
+chown -R "$USER:$USER" /config.yml
+
+if [ -f "/run/secrets/opengist_secrets" ]; then
+    set -a
+    . /run/secrets/opengist_secrets
+    set +a
+fi
+
+exec su $USER -c "OG_OPENGIST_HOME=/opengist /app/opengist/opengist --config /config.yml"

docs/.vitepress/config.mts

@@ -0,0 +1,95 @@
+import {defineConfig} from 'vitepress'
+
+// https://vitepress.dev/reference/site-config
+export default defineConfig({
+    title: "Opengist",
+    description: "Documention for Opengist",
+    rewrites: {
+        'index.md': 'index.md',
+        'introduction.md': 'docs/index.md',
+        ':path(.*)': 'docs/:path'
+    },
+    themeConfig: {
+        // https://vitepress.dev/reference/default-theme-config
+        logo: 'https://raw.githubusercontent.com/thomiceli/opengist/master/public/opengist.svg',
+        logoLink: '/',
+        nav: [
+            { text: 'Demo', link: 'https://demo.opengist.io' },
+            { text: 'Translate', link: 'https://tr.opengist.io' }
+        ],
+
+        sidebar: {
+            '/docs/': [
+            {
+                text: '', items: [
+                    {text: 'Introduction', link: '/docs'},
+                    {text: 'Installation', link: '/docs/installation', items: [
+                        {text: 'Docker', link: '/docs/installation/docker'},
+                        {text: 'Binary', link: '/docs/installation/binary'},
+                        {text: 'Source', link: '/docs/installation/source'},
+                        ],
+                        collapsed: true
+                    },
+                    {text: 'Update', link: '/docs/update'},
+                ], collapsed: false
+            },
+            {
+                text: 'Configuration', base: '/docs/configuration', items: [
+                    {text: 'Configure Opengist', link: '/configure'},
+                    {text: 'Databases', items: [
+                        {text: 'SQLite', link: '/databases/sqlite'},
+                        {text: 'PostgreSQL', link: '/databases/postgresql'},
+                        {text: 'MySQL', link: '/databases/mysql'},
+                        ], collapsed: true
+                    },
+                    {text: 'OAuth Providers', link: '/oauth-providers'},
+                    {text: 'Custom assets', link: '/custom-assets'},
+                    {text: 'Custom links', link: '/custom-links'},
+                    {text: 'Cheat Sheet', link: '/cheat-sheet'},
+                    {text: 'Admin panel', link: '/admin-panel'},
+                ], collapsed: false
+            },
+            {
+                text: 'Usage', base: '/docs/usage', items: [
+                    {text: 'Init via Git', link: '/init-via-git'},
+                    {text: 'Embed Gist', link: '/embed'},
+                    {text: 'Gist as JSON', link: '/gist-json'},
+                    {text: 'Import Gists from Github', link: '/import-from-github-gist'},
+                    {text: 'Git push options', link: '/git-push-options'},
+                ], collapsed: false
+            },
+            {
+                text: 'Administration', base: '/docs/administration', items: [
+                    {text: 'Run with systemd', link: '/run-with-systemd'},
+                    {text: 'Reverse proxy', items: [
+                        {text: 'Nginx', link: '/nginx-reverse-proxy'},
+                        {text: 'Traefik', link: '/traefik-reverse-proxy'},
+                    ], collapsed: true},
+                    {text: 'Fail2ban', link: '/fail2ban-setup'},
+                    {text: 'Healthcheck', link: '/healthcheck'},
+                ], collapsed: false
+            },
+            {
+                text: 'Contributing', base: '/docs/contributing', items: [
+                    {text: 'Community', link: '/community'},
+                    {text: 'Development', link: '/development'},
+                ], collapsed: false
+            },
+
+        ]},
+
+        socialLinks: [
+            {icon: 'github', link: 'https://github.com/thomiceli/opengist'}
+        ],
+        editLink: {
+            pattern: 'https://github.com/thomiceli/opengist/edit/stable/docs/:path'
+        },
+        // @ts-ignore
+        lastUpdated: true,
+
+    },
+    head: [
+        ['link', {rel: 'icon', href: '/favicon.svg'}],
+    ],
+    ignoreDeadLinks: true
+})

docs/.vitepress/tailwind.config.js

@@ -1,8 +1,9 @@
 const colors = require('tailwindcss/colors')
 
+/** @type {import('tailwindcss').Config} */
 module.exports = {
   content: [
-    "./templates/**/*.html",
+    "./.vitepress/theme/*.vue",
   ],
   theme: {
     colors: {
@@ -22,10 +23,8 @@ module.exports = {
         800: "#232429",
         900: "#131316"
       },
-      emerald: colors.emerald,
-      rose: colors.rose,
-      primary: colors.sky,
-      slate: colors.slate
+      indigo: colors.indigo,
+
     },
     extend: {
       borderWidth: {
@@ -33,5 +32,6 @@ module.exports = {
       }
     },
   },
-  plugins: [require("@tailwindcss/typography"),require('@tailwindcss/forms')],
+  plugins: [],
+  darkMode: 'class',
 }

docs/.vitepress/theme/Home.vue

@@ -0,0 +1,101 @@
+<script>
+import { withBase } from 'vitepress';
+import './theme.css'
+
+export default {
+
+  setup() {
+    return { withBase };
+  },
+};
+
+</script>
+
+
+<template>
+  <main class="home">
+    <header class="hero">
+      <div class="mx-auto max-w-7xl px-6 lg:px-8">
+        <div class="mx-auto  lg:text-center">
+          <img class="rotating h-36 mx-auto my-8 " src="https://raw.githubusercontent.com/thomiceli/opengist/master/public/opengist.svg" alt="" >
+          <a target="_blank" href="https://github.com/thomiceli/opengist/releases" class="inline-flex items-center rounded-full bg-indigo-100 hover:bg-indigo-200 px-4 py-1.5 text-lg font-medium text-indigo-700">
+              <span class="pr-1">Released 1.9</span>
+                        <svg xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor" class="size-4">
+              <path stroke-linecap="round" stroke-linejoin="round" d="m4.5 19.5 15-15m0 0H8.25m11.25 0v11.25" />
+            </svg>
+            </a>
+            <h1 class="mt-5 text-4xl font-bold tracking-tight sm:text-5xl">Opengist</h1>
+            <h2 class="mt-4 text-xl">Self-hosted pastebin powered by Git, open-source alternative to Github Gist.</h2>
+          </div>
+        <div class="space-x-2 my-12">
+          <a href="/docs" class="rounded-md bg-indigo-600 mt-6 px-5 py-3 text-xl font-semibold text-white shadow-sm hover:bg-indigo-500 focus-visible:outline focus-visible:outline-2 focus-visible:outline-offset-2 focus-visible:outline-indigo-600">Docs</a>
+          <a target="_blank" href="https://demo.opengist.io" class="rounded-md bg-indigo-400 mt-6 px-5 py-3 text-xl border-white font-semibold text-white shadow-sm hover:bg-indigo-300 focus-visible:outline focus-visible:outline-2 focus-visible:outline-offset-2 focus-visible:outline-indigo-600">Live demo</a>
+          <a target="_blank" href="https://github.com/thomiceli/opengist" class="rounded-md bg-gray-800 mt-6 px-3 py-3 text-xl dark:border dark:border-1 dark:border-gray-400 font-semibold text-white shadow-sm hover:bg-gray-700 focus-visible:outline focus-visible:outline-2 focus-visible:outline-offset-2 focus-visible:outline-indigo-600">
+            <svg stroke="currentColor" fill="currentColor" stroke-width="0" viewBox="0 0 16 16" class="w-7 h-auto inline" height="1em" width="1em" xmlns="http://www.w3.org/2000/svg"><path d="M8 0C3.58 0 0 3.58 0 8c0 3.54 2.29 6.53 5.47 7.59.4.07.55-.17.55-.38 0-.19-.01-.82-.01-1.49-2.01.37-2.53-.49-2.69-.94-.09-.23-.48-.94-.82-1.13-.28-.15-.68-.52-.01-.53.63-.01 1.08.58 1.23.82.72 1.21 1.87.87 2.33.66.07-.52.28-.87.51-1.07-1.78-.2-3.64-.89-3.64-3.95 0-.87.31-1.59.82-2.15-.08-.2-.36-1.02.08-2.12 0 0 .67-.21 2.2.82.64-.18 1.32-.27 2-.27s1.36.09 2 .27c1.53-1.04 2.2-.82 2.2-.82.44 1.1.16 1.92.08 2.12.51.56.82 1.27.82 2.15 0 3.07-1.87 3.75-3.65 3.95.29.25.54.73.54 1.48 0 1.07-.01 1.93-.01 2.2 0 .21.15.46.55.38A8.01 8.01 0 0 0 16 8c0-4.42-3.58-8-8-8"></path></svg>
+          </a>
+        </div>
+        <div class="border border-1 mt-6 px-5 py-3 rounded-md shadow-sm ">
+          <code class="select-all ">docker run --name <span class="text-indigo-700 dark:text-indigo-300 font-bold">opengist</span> -p <span class="text-indigo-700 dark:text-indigo-300 font-bold">6157</span>:6157 -v "<span class="text-indigo-700 dark:text-indigo-300 font-bold">$HOME/.opengist</span>:/opengist" ghcr.io/thomiceli/opengist:1</code>
+        </div>
+      </div>
+    </header>
+
+    <div class="relative w-full sm:max-w-7xl mx-auto overflow-auto">
+      <img class="block w-[200vw] max-w-none sm:w-full h-auto" :src="withBase('/opengist-demo.png')" alt="demo-opengist-screenshot" />
+    </div>
+
+  </main>
+</template>
+
+
+
+<style>
+@-webkit-keyframes rotating /* Safari and Chrome */ {
+  from {
+    -webkit-transform: rotate(0deg);
+    -o-transform: rotate(0deg);
+    transform: rotate(0deg);
+  }
+  to {
+    -webkit-transform: rotate(360deg);
+    -o-transform: rotate(360deg);
+    transform: rotate(360deg);
+  }
+}
+@keyframes rotating {
+  from {
+    -ms-transform: rotate(0deg);
+    -moz-transform: rotate(0deg);
+    -webkit-transform: rotate(0deg);
+    -o-transform: rotate(0deg);
+    transform: rotate(0deg);
+  }
+  to {
+    -ms-transform: rotate(360deg);
+    -moz-transform: rotate(360deg);
+    -webkit-transform: rotate(360deg);
+    -o-transform: rotate(360deg);
+    transform: rotate(360deg);
+  }
+}
+
+.home {
+
+  -webkit-font-smoothing: antialiased;
+  -moz-osx-font-smoothing: grayscale;
+  display: flex;
+  flex-direction: column;
+  gap: 1rem;
+  text-align: center;
+}
+
+.rotating {
+  -webkit-animation: rotating 8s linear infinite;
+  -moz-animation: rotating 4s linear infinite;
+  -ms-animation: rotating 4s linear infinite;
+  -o-animation: rotating 4s linear infinite;
+  animation: rotating 12s linear infinite;
+}
+
+
+</style>

docs/.vitepress/theme/Layout.vue

@@ -0,0 +1,16 @@
+<script setup>
+import { useData } from 'vitepress'
+import Home from './Home.vue'
+import DefaultTheme from 'vitepress/theme'
+
+const { Layout } = DefaultTheme
+const { frontmatter } = useData()
+</script>
+
+<template>
+  <Layout>
+    <template v-if="frontmatter.layout === 'home'" #home-hero-after>
+      <Home />
+    </template>
+  </Layout>
+</template>

docs/.vitepress/theme/index.ts

@@ -0,0 +1,12 @@
+import { h } from 'vue'
+import type { Theme } from 'vitepress'
+import DefaultTheme from 'vitepress/theme'
+import Layout from "./Layout.vue";
+
+export default {
+  ...DefaultTheme,
+  Layout,
+  enhanceApp({ app, router, siteData }) {
+    // ...
+  }
+} satisfies Theme

docs/.vitepress/theme/style.css

@@ -0,0 +1,147 @@
+/**
+ * Customize default theme styling by overriding CSS variables:
+ * https://github.com/vuejs/vitepress/blob/main/src/client/theme-default/styles/vars.css
+ */
+
+/**
+ * Colors
+ *
+ * Each colors have exact same color scale system with 3 levels of solid
+ * colors with different brightness, and 1 soft color.
+ *
+ * - `XXX-1`: The most solid color used mainly for colored text. It must
+ *   satisfy the contrast ratio against when used on top of `XXX-soft`.
+ *
+ * - `XXX-2`: The color used mainly for hover state of the button.
+ *
+ * - `XXX-3`: The color for solid background, such as bg color of the button.
+ *   It must satisfy the contrast ratio with pure white (#ffffff) text on
+ *   top of it.
+ *
+ * - `XXX-soft`: The color used for subtle background such as custom container
+ *   or badges. It must satisfy the contrast ratio when putting `XXX-1` colors
+ *   on top of it.
+ *
+ *   The soft color must be semi transparent alpha channel. This is crucial
+ *   because it allows adding multiple "soft" colors on top of each other
+ *   to create a accent, such as when having inline code block inside
+ *   custom containers.
+ *
+ * - `default`: The color used purely for subtle indication without any
+ *   special meanings attched to it such as bg color for menu hover state.
+ *
+ * - `brand`: Used for primary brand colors, such as link text, button with
+ *   brand theme, etc.
+ *
+ * - `tip`: Used to indicate useful information. The default theme uses the
+ *   brand color for this by default.
+ *
+ * - `warning`: Used to indicate warning to the users. Used in custom
+ *   container, badges, etc.
+ *
+ * - `danger`: Used to show error, or dangerous message to the users. Used
+ *   in custom container, badges, etc.
+ * -------------------------------------------------------------------------- */
+
+ :root {
+  --vp-c-default-1: var(--vp-c-gray-1);
+  --vp-c-default-2: var(--vp-c-gray-2);
+  --vp-c-default-3: var(--vp-c-gray-3);
+  --vp-c-default-soft: var(--vp-c-gray-soft);
+
+  --vp-c-brand-1: var(--vp-c-indigo-1);
+  --vp-c-brand-2: var(--vp-c-indigo-2);
+  --vp-c-brand-3: var(--vp-c-indigo-3);
+  --vp-c-brand-soft: var(--vp-c-indigo-soft);
+
+  --vp-c-tip-1: var(--vp-c-brand-1);
+  --vp-c-tip-2: var(--vp-c-brand-2);
+  --vp-c-tip-3: var(--vp-c-brand-3);
+  --vp-c-tip-soft: var(--vp-c-brand-soft);
+
+  --vp-c-warning-1: var(--vp-c-yellow-1);
+  --vp-c-warning-2: var(--vp-c-yellow-2);
+  --vp-c-warning-3: var(--vp-c-yellow-3);
+  --vp-c-warning-soft: var(--vp-c-yellow-soft);
+
+  --vp-c-danger-1: var(--vp-c-red-1);
+  --vp-c-danger-2: var(--vp-c-red-2);
+  --vp-c-danger-3: var(--vp-c-red-3);
+  --vp-c-danger-soft: var(--vp-c-red-soft);
+}
+
+/**
+ * Component: Button
+ * -------------------------------------------------------------------------- */
+
+:root {
+  --vp-button-brand-border: transparent;
+  --vp-button-brand-text: var(--vp-c-white);
+  --vp-button-brand-bg: var(--vp-c-brand-3);
+  --vp-button-brand-hover-border: transparent;
+  --vp-button-brand-hover-text: var(--vp-c-white);
+  --vp-button-brand-hover-bg: var(--vp-c-brand-2);
+  --vp-button-brand-active-border: transparent;
+  --vp-button-brand-active-text: var(--vp-c-white);
+  --vp-button-brand-active-bg: var(--vp-c-brand-1);
+}
+
+/**
+ * Component: Home
+ * -------------------------------------------------------------------------- */
+
+:root {
+  --vp-home-hero-name-color: transparent;
+  --vp-home-hero-name-background: -webkit-linear-gradient(
+    120deg,
+    #0f0513 30%,
+    #7e8b90
+  );
+
+  --vp-home-hero-image-background-image: linear-gradient(
+    -45deg,
+    #bd34fe 50%,
+    #47caff 50%
+  );
+  --vp-home-hero-image-filter: blur(44px);
+}
+
+@media (min-width: 640px) {
+  :root {
+    --vp-home-hero-image-filter: blur(56px);
+  }
+}
+
+@media (min-width: 960px) {
+  :root {
+    --vp-home-hero-image-filter: blur(68px);
+  }
+}
+
+/**
+ * Component: Custom Block
+ * -------------------------------------------------------------------------- */
+
+:root {
+  --vp-custom-block-tip-border: transparent;
+  --vp-custom-block-tip-text: var(--vp-c-text-1);
+  --vp-custom-block-tip-bg: var(--vp-c-brand-soft);
+  --vp-custom-block-tip-code-bg: var(--vp-c-brand-soft);
+}
+
+/**
+ * Component: Algolia
+ * -------------------------------------------------------------------------- */
+
+.DocSearch {
+  --docsearch-primary-color: var(--vp-c-brand-1) !important;
+}
+
+.content img {
+    padding-left: 20px;
+    height: 108px;
+}
+
+@tailwind base;
+@tailwind components;
+@tailwind utilities;

docs/administration/fail2ban-setup.md

@@ -0,0 +1,29 @@
+# Fail2ban setup
+
+Fail2ban can be used to ban IPs that try to bruteforce the login page.
+Log level must be set at least to `warn`.
+
+Add this filter in `etc/fail2ban/filter.d/opengist.conf` :
+```ini
+[Definition]
+failregex =  Invalid .* authentication attempt from <HOST>
+ignoreregex =
+```
+
+Add this jail in `etc/fail2ban/jail.d/opengist.conf` :
+```ini
+[opengist]
+enabled = true
+filter = opengist
+logpath = /home/*/.opengist/log/opengist.log
+maxretry = 10
+findtime = 3600
+bantime = 600
+banaction = iptables-allports
+port = anyport
+```
+
+Then run
+```shell
+service fail2ban restart
+```

docs/administration/healthcheck.md

@@ -0,0 +1,13 @@
+# Healthcheck
+
+A healthcheck is a simple HTTP GET request to the `/healthcheck` endpoint. It returns a `200 OK` response if the server is healthy.
+
+## Example
+
+```shell
+curl http://localhost:6157/healthcheck
+```
+
+```json
+{"database":"ok","opengist":"ok","time":"2024-01-04T05:18:33+01:00"}
+```

docs/administration/manage-admins.md

@@ -0,0 +1,11 @@
+# Manage admins
+
+You can add and remove Opengist admins from the CLI.
+
+```bash
+./opengist admin toggle-admin <username>
+```
+```bash
+$ ./opengist admin toggle-admin thomas
+User thomas admin set to true
+```

docs/administration/nginx-reverse-proxy.md

@@ -0,0 +1,46 @@
+# Use Nginx as a reverse proxy
+
+Configure Nginx to proxy requests to Opengist. Here are example configuration file to use Opengist on a subdomain or on a subpath.
+
+Make sure you set the base url for Opengist via the [configuration](/docs/configuration/cheat-sheet.md).
+
+### Subdomain
+```
+server {
+    listen 80;
+    server_name opengist.example.com;
+
+    location / {
+        proxy_pass http://127.0.0.1:6157;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+}
+```
+
+### Subpath
+```
+server {
+    listen 80;
+    server_name example.com;
+
+    location /opengist/ {
+        rewrite ^/opengist(/.*)$ $1 break;
+        proxy_pass http://127.0.0.1:6157;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Forwarded-Prefix /opengist;
+    }
+}
+```
+
+---
+
+To apply changes:
+```shell
+sudo systemctl restart nginx
+```

docs/administration/reset-password.md

@@ -0,0 +1,7 @@
+# Reset a user password
+
+To reset a user password, run the following command using the Opengist binary:
+
+```bash
+./opengist admin reset-password <username> <new-password>
+```

docs/administration/run-with-systemd.md

@@ -0,0 +1,92 @@
+# Run with Systemd
+
+For non-Docker users, you could run Opengist as a systemd service.
+
+## As root
+On Unix distributions with systemd, place the Opengist binary like:
+
+```shell
+sudo cp opengist /usr/local/bin
+sudo mkdir -p /var/lib/opengist
+sudo cp config.yml /etc/opengist
+```
+
+Edit the Opengist home directory configuration in `/etc/opengist/config.yml` like:
+```shell
+opengist-home: /var/lib/opengist
+```
+
+Create a new user to run Opengist:
+```shell
+sudo useradd --system opengist
+sudo mkdir -p /var/lib/opengist
+sudo chown -R opengist:opengist /var/lib/opengist
+```
+
+Then create a service file at `/etc/systemd/system/opengist.service`:
+```ini
+[Unit]
+Description=opengist Server
+After=network.target
+
+[Service]
+Type=simple
+User=opengist
+Group=opengist
+ExecStart=opengist --config /etc/opengist/config.yml
+Restart=on-failure
+
+[Install]
+WantedBy=multi-user.target
+```
+
+Finally, start the service:
+```shell
+systemctl daemon-reload
+systemctl enable --now opengist
+systemctl status opengist
+```
+
+----
+
+## As a normal user
+**NOTE: This was tested on Ubuntu 20.04 and newer. For other distros, please check the respective documentation**  
+
+#### For the purpose of this documentation, we will assume that:
+- You've followed the instructions on how to run opengist [from source](https://github.com/thomiceli/opengist?tab=readme-ov-file#from-source)
+- Your shell user is named `pastebin`
+- All commands are being executed as the `pastebin` user
+
+_If none of the above is true, then adapt the commands and paths to fit your needs._
+
+Enable lingering for the user:
+```shell
+loginctl enable-linger
+```
+
+Create the user systemd folder:
+```
+mkdir -p /home/pastebin/.config/systemd/user
+```
+
+Then create a service file at `/home/pastebin/.config/systemd/user/opengist.service`:
+```ini
+[Unit]
+Description=opengist Server
+After=network.target
+
+[Service]
+Type=simple
+ExecStart=/home/pastebin/opengist/opengist --config /home/pastebin/opengist/config.yml
+Restart=on-failure
+
+[Install]
+WantedBy=default.target
+```
+
+Finally, start the service:
+```shell
+systemctl --user daemon-reload
+systemctl --user enable --now opengist
+systemctl --user status opengist
+```

docs/administration/traefik-reverse-proxy.md

@@ -0,0 +1,48 @@
+# Use Traefik as a reverse proxy
+
+You can set up Traefik in two ways:
+
+<details>
+<summary>Using Docker labels</summary>
+
+Add these labels to your `docker-compose.yml` file:
+
+```yml
+labels:
+  - traefik.http.routers.opengist.rule=Host(`opengist.example.com`) # Change to your subdomain
+  # Uncomment the line below if you run Opengist in a subdirectory
+  # - traefik.http.routers.app1.rule=PathPrefix(`/opengist{regex:$$|/.*}`) # Change opentist in the regex to yuor subdirectory name
+  - traefik.http.routers.opengist.entrypoints=websecure # Change to the name of your 443 port entrypoint
+  - traefik.http.routers.opengist.tls.certresolver=lets-encrypt # Change to certresolver's name
+  - traefik.http.routers.opengist.service=opengist
+  - traefik.http.services.opengist.loadBalancer.server.port=6157
+```
+</details>
+<details>
+<summary>Using a <code>yml</code> file</summary>
+
+> [!Note]
+> Don't forget to change the `<server-address>` to your server's IP
+
+`traefik_dynamic.yml`
+```yml
+http:
+  routers:
+    opengist:
+      entrypoints: websecure
+      rule: Host(`opengist.example.com`) # Comment this line and uncomment the line below if using a subpath
+      # rule: PathPrefix(`/opengist{regex:$$|/.*}`) # Change opentist in the regex to yuor subdirectory name
+      # middlewares:
+      #   - opengist-fail2ban
+      service: opengist
+      tls:
+        certresolver: lets-encrypt
+  services:
+    opengist:
+      loadbalancer:
+        servers:
+          - url: "http://<server-address>:6157"
+
+```
+
+</details>

docs/configuration/admin-panel.md

@@ -0,0 +1,53 @@
+# Admin panel
+
+The first user created on your Opengist instance has access to the Admin panel.
+
+To access the Admin panel:
+
+1. Log in
+2. Click your username in the upper right corner
+3. Select `Admin`
+
+## Usage
+
+### General
+
+Here you can see some basic information, like Opengist version, alongside some stats.
+
+You can also start some actions like forcing synchronization of gists,
+starting garbage collection, etc.
+
+### Users
+
+Here you can see your users and delete them.
+
+### Gists
+
+Here you can see all the gists and some basic information about them. You also have an option
+to delete them.
+
+
+### Invitations
+
+Here you can create invitation links with some options like limiting the number of signed up
+users or setting an expiration date.
+
+> [!Note]
+> Invitation links override the `Disable signup` option but not the `Disable login form` option.
+>
+> Users will see only the OAuth providers when `Disable login form` is enabled.
+
+### Configuration
+
+Here you can change a limited number of settings without restarting the instance.
+
+- Disable signup
+    - Forbid the creation of new accounts.
+- Require login
+    - Enforce users to be logged in to see gists.
+- Allow individual gists without login
+    - Allow individual gists to be viewed and downloaded without login, while requiring login for discovering gists.
+- Disable login form
+    - Forbid logging in via the login form to force using OAuth providers instead.
+- Disable Gravatar
+    - Disable the usage of Gravatar as an avatar provider.

docs/configuration/cheat-sheet.md

@@ -0,0 +1,43 @@
+---
+aside: false
+---
+
+# Configuration Cheat Sheet
+
+| YAML Config Key       | Environment Variable                | Default value         | Description                                                                                                                                                                                                                      |
+|-----------------------|-------------------------------------|-----------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| log-level             | OG_LOG_LEVEL                        | `warn`                | Set the log level to one of the following: `debug`, `info`, `warn`, `error`, `fatal`.                                                                                                                                            |
+| log-output            | OG_LOG_OUTPUT                       | `stdout,file`         | Set the log output to one or more of the following: `stdout`, `file`.                                                                                                                                                            |
+| external-url          | OG_EXTERNAL_URL                     | none                  | Public URL to access to Opengist.                                                                                                                                                                                                |
+| opengist-home         | OG_OPENGIST_HOME                    | home directory        | Path to the directory where Opengist stores its data.                                                                                                                                                                            |
+| secret-key            | OG_SECRET_KEY                       | randomized 32 bytes   | Secret key used for session store & encrypt MFA data on database.                                                                                                                                                                |
+| db-uri                | OG_DB_URI                           | `opengist.db`         | URI of the database.                                                                                                                                                                                                             |
+| index.enabled         | OG_INDEX_ENABLED                    | `true`                | Enable or disable the code search index (`true` or `false`)                                                                                                                                                                      |
+| index.dirname         | OG_INDEX_DIRNAME                    | `opengist.index`      | Name of the directory where the code search index is stored.                                                                                                                                                                     |
+| git.default-branch    | OG_GIT_DEFAULT_BRANCH               | none                  | Default branch name used by Opengist when initializing Git repositories. If not set, uses the Git default branch name. More info [here](https://git-scm.com/book/en/v2/Getting-Started-First-Time-Git-Setup#_new_default_branch) |
+| sqlite.journal-mode   | OG_SQLITE_JOURNAL_MODE              | `WAL`                 | Set the journal mode for SQLite. More info [here](https://www.sqlite.org/pragma.html#pragma_journal_mode)                                                                                                                        |
+| http.host             | OG_HTTP_HOST                        | `0.0.0.0`             | The host on which the HTTP server should bind.                                                                                                                                                                                   |
+| http.port             | OG_HTTP_PORT                        | `6157`                | The port on which the HTTP server should listen.                                                                                                                                                                                 |
+| http.git-enabled      | OG_HTTP_GIT_ENABLED                 | `true`                | Enable or disable git operations (clone, pull, push) via HTTP. (`true` or `false`)                                                                                                                                               |
+| ssh.git-enabled       | OG_SSH_GIT_ENABLED                  | `true`                | Enable or disable git operations (clone, pull, push) via SSH. (`true` or `false`)                                                                                                                                                |
+| ssh.host              | OG_SSH_HOST                         | `0.0.0.0`             | The host on which the SSH server should bind.                                                                                                                                                                                    |
+| ssh.port              | OG_SSH_PORT                         | `2222`                | The port on which the SSH server should listen.                                                                                                                                                                                  |
+| ssh.external-domain   | OG_SSH_EXTERNAL_DOMAIN              | none                  | Public domain for the Git SSH connection, if it has to be different from the HTTP one. If not set, uses the URL from the request.                                                                                                |
+| ssh.keygen-executable | OG_SSH_KEYGEN_EXECUTABLE            | `ssh-keygen`          | Path to the SSH key generation executable.                                                                                                                                                                                       |
+| github.client-key     | OG_GITHUB_CLIENT_KEY                | none                  | The client key for the GitHub OAuth application.                                                                                                                                                                                 |
+| github.secret         | OG_GITHUB_SECRET                    | none                  | The secret for the GitHub OAuth application.                                                                                                                                                                                     |
+| gitlab.client-key     | OG_GITLAB_CLIENT_KEY                | none                  | The client key for the GitLab OAuth application.                                                                                                                                                                                 |
+| gitlab.secret         | OG_GITLAB_SECRET                    | none                  | The secret for the GitLab OAuth application.                                                                                                                                                                                     |
+| gitlab.url            | OG_GITLAB_URL                       | `https://gitlab.com/` | The URL of the GitLab instance.                                                                                                                                                                                                  |
+| gitlab.name           | OG_GITLAB_NAME                      | `GitLab`              | The name of the GitLab instance. It is displayed in the OAuth login button.                                                                                                                                                      |
+| gitea.client-key      | OG_GITEA_CLIENT_KEY                 | none                  | The client key for the Gitea OAuth application.                                                                                                                                                                                  |
+| gitea.secret          | OG_GITEA_SECRET                     | none                  | The secret for the Gitea OAuth application.                                                                                                                                                                                      |
+| gitea.url             | OG_GITEA_URL                        | `https://gitea.com/`  | The URL of the Gitea instance.                                                                                                                                                                                                   |
+| gitea.name            | OG_GITEA_NAME                       | `Gitea`               | The name of the Gitea instance. It is displayed in the OAuth login button.                                                                                                                                                       |
+| oidc.client-key       | OG_OIDC_CLIENT_KEY                  | none                  | The client key for the OpenID application.                                                                                                                                                                                       |
+| oidc.secret           | OG_OIDC_SECRET                      | none                  | The secret for the OpenID application.                                                                                                                                                                                           |
+| oidc.discovery-url    | OG_OIDC_DISCOVERY_URL               | none                  | Discovery endpoint of the OpenID provider.                                                                                                                                                                                       |
+| custom.name           | OG_CUSTOM_NAME                      | none                  | The name of your instance, to be displayed in the tab title                                                                                                                                                                      |
+| custom.logo           | OG_CUSTOM_LOGO                      | none                  | Path to an image, relative to $opengist-home/custom.                                                                                                                                                                             |
+| custom.favicon        | OG_CUSTOM_FAVICON                   | none                  | Path to an image, relative to $opengist-home/custom.                                                                                                                                                                             |
+| custom.static-links   | OG_CUSTOM_STATIC_LINK_#_(PATH,NAME) | none                  | Path and name to custom links, more info [here](custom-links.md).                                                                                                                                                                |

docs/configuration/configure.md

@@ -0,0 +1,72 @@
+# Configuration
+
+Opengist provides flexible configuration options through either a YAML file and/or environment variables.
+You would only need to specify the configuration options you want to change — for any config option left untouched, 
+Opengist will simply apply the default values.
+
+The [configuration cheat sheet](cheat-sheet.md) lists all available configuration options.
+
+
+## Configuration via YAML file
+
+The configuration file must be specified when launching the application, using the `--config` flag followed by the path 
+to your YAML file.
+
+Usage with Docker Compose :
+```yml
+services:
+  opengist:
+    # ...
+    volumes:
+    # ...
+    - "/path/to/config.yml:/config.yml"
+```
+
+Usage via command line :
+```shell
+./opengist --config /path/to/config.yml
+```
+
+You can start by copying and/or modifying the provided [config.yml](https://github.com/thomiceli/opengist/blob/stable/config.yml) file.
+
+
+## Configuration via Environment Variables
+
+Usage with Docker Compose :
+```yml
+services:
+  opengist:
+    # ...
+    environment:
+      OG_LOG_LEVEL: "info"
+      # etc.
+```
+
+Usage via command line :
+```shell
+OG_LOG_LEVEL=info ./opengist
+```
+
+### Using Docker Compose secrets
+
+You can use Docker Compose secrets to not expose sensitive information in your compose file, using a `.env` file.
+
+```dotenv
+# file secrets.env
+OG_GITLAB_CLIENT_KEY=your_gitlab_client_key
+OG_GITLAB_SECRET=your_gitlab_secret_key
+```
+
+And then use it in your compose file :
+
+```yml
+services:
+  opengist:
+    # ...
+    secrets:
+      - opengist_secrets
+
+secrets:
+  opengist_secrets:
+    file: ./secrets.env
+```

docs/configuration/custom-assets.md

@@ -0,0 +1,45 @@
+# Custom assets
+
+To add custom assets to your Opengist instance, you can use the `$opengist-home/custom` directory (where `$opengist-home` is the directory where Opengist stores its data).
+
+### Logo / Favicon
+
+To add a custom logo or favicon, you can add your own image file to the `$opengist-home/custom` directory, then define the relative path in the config.
+
+For example, if you have a logo file `logo.png` in the `$opengist-home/custom` directory, you can set the logo path in the config as follows:
+
+#### YAML
+```yaml
+custom.logo: logo.png
+```
+
+#### Environment variable
+```sh
+export OG_CUSTOM_LOGO=logo.png
+```
+
+Same as the favicon:
+
+#### YAML
+```yaml
+custom.favicon: favicon.png
+```
+
+#### Environment variable
+```sh
+export OG_CUSTOM_FAVICON=favicon.png
+```
+
+### Instance Name
+
+It is also possible to set a name for your instance, that would be displayed in the title bar instead of 'Opengist'.
+
+#### YAML
+```yaml
+custom.name: My Gists
+```
+
+#### Environment variable
+```sh
+export OG_CUSTOM_NAME="My Gists"
+```

docs/configuration/custom-links.md

@@ -0,0 +1,62 @@
+# Custom links
+
+On the footer of your Opengist instance, you can add links to custom static templates or any other website you want to link to.
+This can be useful for legal information, privacy policy, or any other information you want to provide to your users.
+
+To add one or more links, you can add your own file to the `$opengist-home/custom` directory or set a URL, then define the relative path and its name in the config.
+
+For example, if you have a legal information file `legal.html` in the `$opengist-home/custom` directory, and also wish to add a link to a Gitea instance, you can set the link in the config as follows:
+
+#### YAML
+```yaml
+custom.static-links:
+  - name: Legal notices
+    path: legal.html
+  - name: Gitea
+    path: https://gitea.com
+```
+
+#### Environment variable
+```sh
+OG_CUSTOM_STATIC_LINK_0_NAME="Legal Notices" \
+OG_CUSTOM_STATIC_LINK_0_PATH=legal.html \
+OG_CUSTOM_STATIC_LINK_1_NAME=Gitea \
+OG_CUSTOM_STATIC_LINK_1_PATH=https://gitea.com \
+./opengist
+```
+
+## Templating custom HTML pages
+
+In the start and end of the custom HTML files, you can use the syntax to include the header and footer of the Opengist instance:
+
+```html
+{{ template "header" . }}
+
+<!-- my content -->
+
+{{ template "footer" . }}
+```
+
+If you want your custom page to integrate well into the existing theme, you can use the following:
+
+```html
+{{ template "header" . }}
+
+<div class="py-10">
+   <header class="pb-4 ">
+      <div class="flex">
+         <div class="flex-auto">
+            <h2 class="text-2xl font-bold leading-tight">Heading</h2>
+         </div>
+      </div>
+   </header>
+   <main>
+     <h3 class="text-xl font-bold leading-tight mt-4">Sub-Heading</h3>
+     <p class="mt-4 ml-1"><!-- my content --></p>
+   </main>
+</div>
+
+{{ template "footer" . }}
+```
+
+You can adjust above as needed. Opengist uses TailwindCSS classes.

docs/configuration/databases/mysql.md

@@ -0,0 +1,47 @@
+# Using MySQL/MariaDB
+
+To use MySQL/MariaDB as the database backend, you need to set the database URI configuration to the connection string of your MySQL/MariaDB database with this format :
+
+`mysql://<user>:<password>@<host>:<port>/<database>`
+
+#### YAML
+```yaml
+# Example
+db-uri: mysql://root:passwd@localhost:3306/opengist_db
+```
+
+#### Environment variable
+```sh
+# Example
+OG_DB_URI=mysql://root:passwd@localhost:3306/opengist_db
+```
+
+### Docker Compose
+```yml
+services:
+  opengist:
+    image: ghcr.io/thomiceli/opengist:1
+    container_name: opengist
+    restart: unless-stopped
+    depends_on:
+      - mysql
+    ports:
+      - "6157:6157"
+      - "2222:2222"
+    volumes:
+      - "$HOME/.opengist:/opengist"
+    environment:
+      OG_DB_URI: mysql://opengist:secret@mysql:3306/opengist_db
+      # other configuration options
+
+  mysql:
+    image: mysql:8.4
+    restart: unless-stopped
+    volumes:
+      - "./opengist-database:/var/lib/mysql"
+    environment:
+      MYSQL_USER: opengist
+      MYSQL_PASSWORD: secret
+      MYSQL_DATABASE: opengist_db
+      MYSQL_ROOT_PASSWORD: rootsecret
+```

docs/configuration/databases/postgresql.md

@@ -0,0 +1,46 @@
+# Using PostgreSQL
+
+To use PostgreSQL as the database backend, you need to set the database URI configuration to the connection string of your PostgreSQL database with this format :
+
+`postgres://<user>:<password>@<host>:<port>/<database>`
+
+#### YAML
+```yaml
+# Example
+db-uri: postgres://postgres:passwd@localhost:5432/opengist_db
+```
+
+#### Environment variable
+```sh
+# Example
+OG_DB_URI=postgres://postgres:passwd@localhost:5432/opengist_db
+```
+
+### Docker Compose
+```yml
+services:
+  opengist:
+    image: ghcr.io/thomiceli/opengist:1
+    container_name: opengist
+    restart: unless-stopped
+    depends_on:
+      - postgres
+    ports:
+      - "6157:6157"
+      - "2222:2222"
+    volumes:
+      - "$HOME/.opengist:/opengist"
+    environment:
+      OG_DB_URI: postgres://opengist:secret@postgres:5432/opengist_db
+      # other configuration options
+
+  postgres:
+    image: postgres:16.4
+    restart: unless-stopped
+    volumes:
+      - "./opengist-database:/var/lib/postgresql/data"
+    environment:
+      POSTGRES_USER: opengist
+      POSTGRES_PASSWORD: secret
+      POSTGRES_DB: opengist_db
+```

docs/configuration/databases/sqlite.md

@@ -0,0 +1,44 @@
+# Using SQLite
+
+By default, Opengist uses SQLite as the database backend.
+
+Because SQLite is a file-based database, there is not much configuration to tweak.
+
+The configuration `db-uri`/`OG_DB_URI` refers to the path of the SQLite database file relative in the `$opengist-home/` directory (default `opengist.db`),
+although it can be left untouched. You can also use an absolute path outside the `$opengist-home/` directory.
+
+The SQLite journal mode is set to [`WAL` (Write-Ahead Logging)](https://www.sqlite.org/pragma.html#pragma_journal_mode) by default and can be changed.
+
+#### YAML
+```yaml
+# default
+db-uri: opengist.db
+sqlite.journal-mode: WAL
+
+# absolute path outside the $opengist-home/ directory
+db-uri: file:/home/user/opengist.db
+```
+
+#### Environment variable
+```sh
+# default
+OG_DB_URI=opengist.db
+OG_SQLITE_JOURNAL_MODE=WAL
+```
+
+### Docker Compose
+```yml
+services:
+  opengist:
+    image: ghcr.io/thomiceli/opengist:1
+    container_name: opengist
+    restart: unless-stopped
+    ports:
+      - "6157:6157" # HTTP port
+      - "2222:2222" # SSH port, can be removed if you don't use SSH
+    volumes:
+      - "$HOME/.opengist:/opengist"
+    environment:
+      OG_SQLITE_JOURNAL_MODE: WAL
+      # other configuration options
+```

docs/configuration/oauth-providers.md

@@ -0,0 +1,77 @@
+# Use OAuth providers
+
+Opengist can be configured to use OAuth to authenticate users, with GitHub, Gitea, or OpenID Connect.
+
+## GitHub
+
+* Add a new OAuth app in your [GitHub account settings](https://github.com/settings/applications/new)
+* Set 'Authorization callback URL' to `http://opengist.url/oauth/github/callback`
+* Copy the 'Client ID' and 'Client Secret' and add them to the [configuration](cheat-sheet.md) :
+  ```yaml
+  github.client-key: <key>
+  github.secret: <secret>
+  ```
+  ```shell
+  OG_GITHUB_CLIENT_KEY=<key>
+  OG_GITHUB_SECRET=<secret>
+  ```
+
+
+## GitLab
+
+* Add a new OAuth app in Application settings from the [GitLab instance](https://gitlab.com/-/user_settings/applications)
+* Set 'Redirect URI' to `http://opengist.url/oauth/gitlab/callback`
+* Copy the 'Client ID' and 'Client Secret' and add them to the [configuration](cheat-sheet.md) :
+  ```yaml
+  gitlab.client-key: <key>
+  gitlab.secret: <secret>
+  # URL of the GitLab instance. Default: https://gitlab.com/
+  gitlab.url: https://gitlab.com/
+  ```
+  ```shell
+  OG_GITLAB_CLIENT_KEY=<key>
+  OG_GITLAB_SECRET=<secret>
+  # URL of the GitLab instance. Default: https://gitlab.com/
+  OG_GITLAB_URL=https://gitlab.com/
+  ```
+  
+
+
+## Gitea
+
+* Add a new OAuth app in Application settings from the [Gitea instance](https://gitea.com/user/settings/applications)
+* Set 'Redirect URI' to `http://opengist.url/oauth/gitea/callback`
+* Copy the 'Client ID' and 'Client Secret' and add them to the [configuration](cheat-sheet.md) :
+  ```yaml
+  gitea.client-key: <key>
+  gitea.secret: <secret>
+  # URL of the Gitea instance. Default: https://gitea.com/
+  gitea.url: http://localhost:3000
+  ```
+  ```shell
+  OG_GITEA_CLIENT_KEY=<key>
+  OG_GITEA_SECRET=<secret>
+  # URL of the Gitea instance. Default: https://gitea.com/
+  OG_GITEA_URL=http://localhost:3000
+  ```
+  
+
+
+## OpenID Connect
+
+* Add a new OAuth app in Application settings of your OIDC provider
+* Set 'Redirect URI' to `http://opengist.url/oauth/openid-connect/callback`
+* Copy the 'Client ID', 'Client Secret', and the discovery endpoint, and add them to the [configuration](cheat-sheet.md) :
+  ```yaml
+  oidc.client-key: <key>
+  oidc.secret: <secret>
+  # Discovery endpoint of the OpenID provider. Generally something like http://auth.example.com/.well-known/openid-configuration
+  oidc.discovery-url: http://auth.example.com/.well-known/openid-configuration
+  ```
+  ```shell
+  OG_OIDC_CLIENT_KEY=<key>
+  OG_OIDC_SECRET=<secret>
+  # Discovery endpoint of the OpenID provider. Generally something like http://auth.example.com/.well-known/openid-configuration
+  OG_OIDC_DISCOVERY_URL=http://auth.example.com/.well-known/openid-configuration
+  ```
+  

docs/contributing/community.md

@@ -0,0 +1,6 @@
+# Community
+
+The following is a list of resources made by happy users of Opengist. Feel free to make a PR add your own!
+
+- [Aetherinox/opengist-debian](https://github.com/Aetherinox/opengist-debian) - A Debian package for Opengist
+- [How to Install Opengist on Your Synology NAS](https://mariushosting.com/how-to-install-opengist-on-your-synology-nas/) - A guide to install Opengist on a Synology NAS

docs/contributing/development.md

@@ -0,0 +1,38 @@
+# Run Opengist in development mode
+
+## With Docker
+
+Assuming you have [Make](https://linux.die.net/man/1/make) installed,
+
+```shell
+# Clone the repository
+git clone git@github.com:thomiceli/opengist.git
+cd opengist
+
+# Build the development image
+make build_dev_docker
+```
+
+Now you can run the development image with the following command:
+
+```shell
+make run_dev_docker
+```
+
+Opengist is now running on port 6157, you can browse http://localhost:6157
+
+## As a binary
+
+Requirements:
+* [Git](https://git-scm.com/downloads) (2.28+)
+* [Go](https://go.dev/doc/install) (1.23+)
+* [Node.js](https://nodejs.org/en/download/) (16+)
+* [Make](https://linux.die.net/man/1/make) (optional, but easier)
+
+```shell
+git clone git@github.com:thomiceli/opengist.git
+cd opengist
+make watch
+```
+
+Opengist is now running on port 6157, you can browse http://localhost:6157

docs/index.md

@@ -0,0 +1,4 @@
+---
+layout: home
+navbar: false
+---

docs/installation.md

@@ -0,0 +1,7 @@
+# Install Opengist
+
+There are several ways to install Opengist, depending on your preferences and your environment.
+
+- [Docker](installation/docker.md)
+- [Source](installation/source.md)
+- [Binary](installation/binary.md)

docs/installation/binary.md

@@ -0,0 +1,14 @@
+# Install from binary
+
+Download the archive for your system from the release page [here](https://github.com/thomiceli/opengist/releases/latest), and extract it.
+
+```shell
+# example for linux amd64
+wget https://github.com/thomiceli/opengist/releases/download/v1.9.0/opengist1.9.0-linux-amd64.tar.gz
+
+tar xzvf opengist1.9.0-linux-amd64.tar.gz
+cd opengist
+chmod +x opengist
+./opengist # with or without `--config config.yml`
+```
+

docs/installation/docker.md

@@ -0,0 +1,41 @@
+# Install with Docker
+
+Docker [images](https://github.com/thomiceli/opengist/pkgs/container/opengist) are available for each release :
+
+```shell
+docker pull ghcr.io/thomiceli/opengist:1
+```
+
+It can be used in a `docker-compose.yml` file :
+
+1. Create a `docker-compose.yml` file with the following content
+2. Run `docker compose up -d`
+3. Opengist is now running on port 6157, you can browse http://localhost:6157
+
+```yml
+services:
+  opengist:
+    image: ghcr.io/thomiceli/opengist:1
+    container_name: opengist
+    restart: unless-stopped
+    ports:
+      - "6157:6157" # HTTP port
+      - "2222:2222" # SSH port, can be removed if you don't use SSH
+    volumes:
+      - "$HOME/.opengist:/opengist"
+    environment:
+      # OG_LOG_LEVEL: info
+      # other configuration options
+```
+
+You can define which user/group should run the container and own the files by setting the `UID` and `GID` environment
+variables :
+
+```yml
+services:
+  opengist:
+    # ...
+    environment:
+      UID: 1001
+      GID: 1001
+```

docs/installation/source.md

@@ -0,0 +1,19 @@
+# Installation from source
+
+Requirements:
+* [Git](https://git-scm.com/downloads) (2.28+)
+* [Go](https://go.dev/doc/install) (1.23+)
+* [Node.js](https://nodejs.org/en/download/) (16+)
+* [Make](https://linux.die.net/man/1/make) (optional, but easier)
+
+```shell
+git clone https://github.com/thomiceli/opengist
+cd opengist
+
+git checkout v1.9.0 # optional, to checkout the latest release
+
+make
+./opengist
+```
+
+Opengist is now running on port 6157, you can browse http://localhost:6157

docs/introduction.md

@@ -0,0 +1,56 @@
+# Opengist
+
+<img height="108px" src="https://raw.githubusercontent.com/thomiceli/opengist/master/public/opengist.svg" alt="Opengist" align="right" />
+
+Opengist is a **self-hosted** pastebin **powered by Git**. All snippets are stored in a Git repository and can be
+read and/or modified using standard Git commands, or with the web interface. 
+It is similiar to [GitHub Gist](https://gist.github.com/), but open-source and could be self-hosted.
+
+Written in [Go](https://go.dev), Opengist aims to be fast and easy to deploy.
+
+
+## Features
+
+* Create public, unlisted or private snippets
+* [Init](usage/init-via-git.md) / Clone / Pull / Push snippets **via Git** over HTTP or SSH
+* Syntax highlighting ; markdown & CSV support
+* Search code in snippets ; browse users snippets, likes and forks
+* Add topics to snippets
+* Embed snippets in other websites
+* Revisions history
+* Like / Fork snippets
+* Editor with indentation mode & size ; drag and drop files
+* Download raw files or as a ZIP archive
+* Retrieve snippet data/metadata via a JSON API
+* OAuth2 login with GitHub, GitLab, Gitea, and OpenID Connect
+* Avatars via Gravatar or OAuth2 providers
+* Light/Dark mode
+* Responsive UI
+* Enable or disable signups
+* Restrict or unrestrict snippets visibility to anonymous users
+* Admin panel : 
+  * delete users/gists; 
+  * clean database/filesystem by syncing gists
+  * run `git gc` for all repositories
+* SQLite/PostgreSQL/MySQL database
+* Logging
+* Docker support
+
+
+## System requirements
+
+[Git](https://git-scm.com/download) is obviously required to run Opengist, as it's the main feature of the app.
+Version **2.28** or later is recommended as the app has not been tested with older Git versions and some features would not work.
+
+[OpenSSH](https://www.openssh.com/) suite if you wish to use Git over SSH.
+
+
+## Components
+
+* Backend Web Framework: [Echo](https://echo.labstack.com/)
+* ORM: [GORM](https://gorm.io/)
+* Frontend libraries:
+  * [TailwindCSS](https://tailwindcss.com/)
+  * [CodeMirror](https://codemirror.net/)
+  * [Day.js](https://day.js.org/)
+  * and [others](/package.json)

docs/public/favicon.svg

@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Generator: Adobe Illustrator 27.0.0, SVG Export Plug-In . SVG Version: 6.00 Build 0)  -->
+<svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px" viewBox="0 0 500 500" style="enable-background:new 0 0 500 500;" xml:space="preserve">
+<style type="text/css">
+	.st0{fill:#FFFFFF;}
+</style>
+<g id="document" transform="scale(1.6666666666666667 1.6666666666666667) translate(150.0 150.0)">
+	<path class="st0" d="M131.3,24.3c13.7-71-33.9-139.5-106.4-152.9C-47.7-142-117.6-95.3-131.3-24.3s33.9,139.5,106.4,152.9   C47.7,142,117.6,95.3,131.3,24.3z"/>
+	<path class="st0" d="M128.9,0c0,55.7-36.8,103-88,119.8c0.2-1.2,0.3-2.5,0.3-4c0.1-22.3,0.2-36.2,0.2-52.8   c0-11.7-0.2-18.1-0.2-18.1c1.8,0,21.1-6,29.9-12.1S89.2,15.1,90.5-1.4c1.3-16.6-6-36.2-12.4-47.8C65.3-72.4,54.7-86.6,45.4-94.5   c-9.3-7.8-16.1-6.1-22.1-1.4S8.5-76.9,2.2-71.2c-3,2.8-10.6,12-20.4,3.3C-21-70.3-38-93.6-48.5-90.6c-13.1,3.7-28.1,27.3-35.1,43.8   c-9,21-10.8,33.6-6.1,63.5c4.7,29.9,7.5,60,11.8,76.4c1,4,2.3,7.4,4,10.4c-33.2-22.8-55-60.7-55-103.5   c0-69.7,57.7-126.3,128.9-126.3S128.9-69.7,128.9,0z"/>
+	<path d="M0-145c-81.8,0-148.1,64.9-148.1,145S-81.8,145,0,145S148.1,80.1,148.1,0S81.8-145,0-145z M40.9,119.8   c0.2-1.2,0.3-2.5,0.3-4c0.1-22.3,0.2-36.2,0.2-52.8c0-11.7-0.2-18.1-0.2-18.1c1.8,0,21.1-6,29.9-12.1S89.2,15.1,90.5-1.4   c1.3-16.6-6-36.2-12.4-47.8C65.3-72.4,54.7-86.6,45.4-94.5c-9.3-7.8-16.1-6.1-22.1-1.4S8.5-76.9,2.2-71.2c-3,2.8-10.6,12-20.4,3.3   C-21-70.3-38-93.6-48.5-90.6c-13.1,3.7-28.1,27.3-35.1,43.8c-9,21-10.8,33.6-6.1,63.5c4.7,29.9,7.5,60,11.8,76.4   c1,4,2.3,7.4,4,10.4c-33.2-22.8-55-60.7-55-103.5c0-69.7,57.7-126.3,128.9-126.3S128.9-69.7,128.9,0   C128.9,55.7,92.1,103,40.9,119.8z"/>
+	<path class="st0" d="M-102.8-7.2l91.2-9.4l-0.3-7l-91.2,9.4L-102.8-7.2z"/>
+	<path class="st0" d="M12-17.3c0.8-9.6-6.5-18-16.3-18.8s-18.4,6.4-19.2,16S-17-2.1-7.2-1.3S11.2-7.7,12-17.3z"/>
+	<path class="st0" d="M62.9-24.6c0.8-9.6-6.5-18-16.3-18.8c-9.8-0.8-18.4,6.4-19.2,16c-0.8,9.6,6.5,18,16.3,18.8S62.1-15,62.9-24.6z   "/>
+	<path class="st0" d="M-11.8-16.8l67.6-7.3l-0.5-6.3l-67.5,7.3L-11.8-16.8z"/>
+	<path class="st0" d="M53.1-23.6l49.5-12.2l-0.6-6.3L52.5-29.9L53.1-23.6z"/>
+</g>
+</svg>

docs/update.md

@@ -0,0 +1,58 @@
+# Update Opengist
+
+## Make a backup
+
+Before updating, always make sure to backup the Opengist home directory, where all the data is stored. 
+
+You can do so by copying the `~/.opengist` directory (default location).
+
+```shell
+cp -r ~/.opengist ~/.opengist.bak
+```
+
+## Install the new version
+
+### With Docker
+
+Pull the last version of Opengist
+```shell
+docker pull ghcr.io/thomiceli/opengist:1
+```
+
+And restart the container, using `docker compose up -d` for example if you use docker compose.
+
+### Via binary
+
+Stop the running instance; then like your first installation of Opengist, download the archive for your system from the release page [here](https://github.com/thomiceli/opengist/releases/latest), and extract it.
+
+```shell
+# example for linux amd64
+wget https://github.com/thomiceli/opengist/releases/download/v1.9.0/opengist1.9.0-linux-amd64.tar.gz
+
+tar xzvf opengist1.9.0-linux-amd64.tar.gz
+cd opengist
+chmod +x opengist
+./opengist # with or without `--config config.yml`
+```
+
+### From source
+
+Stop the running instance; then pull the last changes from the master branch, and build the new version.
+
+```shell
+git switch master
+git pull
+make
+./opengist
+```
+
+## Restore the backup
+
+If you have any issue with the new version, you can restore the backup you made before updating.
+
+```shell
+rm -rf ~/.opengist
+cp -r ~/.opengist.bak ~/.opengist
+```
+
+Then run the old version of Opengist again.

docs/usage/embed.md

@@ -0,0 +1,11 @@
+# Embed a Gist to your webpage
+
+To embed a Gist to your webpage, you can add a script tag with the URL of your gist followed by `.js` to your HTML page:
+    
+```html
+<script src="http://opengist.url/user/gist-url.js"></script>
+
+<!-- Dark mode: -->
+<script src="http://opengist.url/user/gist-url.js?dark"></script>
+```
+

docs/usage/gist-json.md

@@ -0,0 +1,37 @@
+# Retrieve Gist as JSON
+
+To retrieve a Gist as JSON, you can add `.json` to the end of the URL of your gist:
+
+```shell
+curl http://opengist.url/thomas/my-gist.json | jq '.'
+```
+
+It returns a JSON object with the following structure similar to this one:
+```json
+{
+  "created_at": "2023-04-12T13:15:20+02:00",
+  "description": "",
+  "embed": {
+    "css": "http://localhost:6157/assets/embed-94abc261.css",
+    "html": "<div class=\"opengist-embed\" id=\"my-gist\">\n    <div class=\"html \">\n    \n        <div class=\"rounded-md border-1 border-gray-100 dark:border-gray-800 overflow-auto mb-4\">\n            <div class=\"border-b-1 border-gray-100 dark:border-gray-700 text-xs p-2 pl-4 bg-gray-50 dark:bg-gray-800 text-gray-400\">\n                <a target=\"_blank\" href=\"http://localhost:6157/thomas/my-gist#file-hello-md\"><span class=\"font-bold text-gray-700 dark:text-gray-200\">hello.md</span> · 21 B · Markdown</a>\n                <span class=\"float-right\"><a target=\"_blank\" href=\"http://localhost:6157\">Hosted via Opengist</a> · <span class=\"text-gray-700 dark:text-gray-200 font-bold\"><a target=\"_blank\" href=\"http://localhost:6157/thomas/my-gist/raw/HEAD/hello.md\">view raw</a></span></span>\n            </div>\n            \n            \n            \n            <div class=\"chroma markdown markdown-body p-8\"><h1>Welcome to Opengist</h1>\n</div>\n            \n\n        </div>\n    \n    </div>\n</div>\n",
+    "js": "http://localhost:6157/thomas/my-gist.js",
+    "js_dark": "http://localhost:6157/thomas/my-gist.js?dark"
+  },
+  "files": [
+    {
+      "filename": "hello.md",
+      "size": 21,
+      "human_size": "21 B",
+      "content": "# Welcome to Opengist",
+      "truncated": false,
+      "type": "Markdown"
+    }
+  ],
+  "id": "my-gist",
+  "owner": "thomas",
+  "title": "hello.md",
+  "uuid": "8622b297bce54b408e36d546cef8019d",
+  "visibility": "public"
+}
+```
+

docs/usage/git-push-options.md

@@ -0,0 +1,32 @@
+# Push Options
+
+Opengist has support for a few [Git push options](https://git-scm.com/docs/git-push#Documentation/git-push.txt--oltoptiongt). 
+
+These options are passed to `git push` command and can be used to change the metadata of a gist.
+
+## Set URL
+
+```shell
+git push -o url=mygist # Will set the URL to https://opengist.example.com/user/mygist
+```
+
+## Change title
+
+```shell
+git push -o title=Gist123
+git push -o title="My Gist 123"
+```
+
+## Change description
+
+```shell
+git push -o description="This is my gist description"
+```
+
+## Change visibility
+
+```shell
+git push -o visibility=public
+git push -o visibility=unlisted
+git push -o visibility=private
+```

docs/usage/import-from-github-gist.md

@@ -0,0 +1,23 @@
+# Import Gists from GitHub
+
+After running Opengist at least once, you can import your Gists from GitHub using this script:
+
+```shell
+github_user=user # replace with your GitHub username
+opengist_url="http://user:password@opengist.url/init" # replace user, password and Opengist url
+
+curl -s https://api.github.com/users/"$github_user"/gists?per_page=100 | jq '.[] | .git_pull_url' -r | while read url; do 
+    git clone "$url"
+    repo_dir=$(basename "$url" .git)
+    
+    # Add remote, push, and remove the directory
+    if [ -d "$repo_dir" ]; then
+        cd "$repo_dir"
+        git remote add gist "$opengist_url"
+        git push -u gist --all
+        cd ..
+        rm -rf "$repo_dir"
+    fi
+done
+```
+

docs/usage/init-via-git.md

@@ -0,0 +1,42 @@
+# Init Gists via Git
+
+Opengist allows you to create new snippets via Git over HTTP.
+
+Simply init a new Git repository where your file(s) is/are located:
+
+```shell
+git init
+git add .
+git commit -m "My cool snippet"
+```
+
+Then add this Opengist special remote URL and push your changes:
+
+```shell
+git remote add origin http://localhost:6157/init
+
+git push -u origin master
+```
+
+Log in with your Opengist account credentials, and your snippet will be created at the specified URL:
+
+```shell
+Username for 'http://localhost:6157': thomas
+Password for 'http://thomas@localhost:6157':
+Enumerating objects: 3, done.
+Counting objects: 100% (3/3), done.
+Delta compression using up to 8 threads
+Compressing objects: 100% (2/2), done.
+Writing objects: 100% (3/3), 416 bytes | 416.00 KiB/s, done.
+Total 3 (delta 0), reused 0 (delta 0), pack-reused 0
+remote:
+remote: Your new repository has been created here: http://localhost:6157/thomas/6051e930f140429f9a2f3bb1fa101066
+remote:
+remote: If you want to keep working with your gist, you could set the remote URL via:
+remote: git remote set-url origin http://localhost:6157/thomas/6051e930f140429f9a2f3bb1fa101066
+remote:
+To http://localhost:6157/init
+ * [new branch]      master -> master
+```
+
+<video controls="controls" src="https://github.com/thomiceli/opengist/assets/27960254/3fe1a0ba-b638-4928-83a1-f38e46fea066" />

fs_embed.go

@@ -1,8 +0,0 @@
-//go:build fs_embed
-
-package main
-
-import "embed"
-
-//go:embed templates/*/*.html public/manifest.json public/assets/*.js public/assets/*.css public/assets/*.svg
-var dirFS embed.FS

fs_os.go

@@ -1,7 +0,0 @@
-//go:build !fs_embed
-
-package main
-
-import "os"
-
-var dirFS = os.DirFS(".")

go.mod

@@ -1,35 +1,112 @@
-module opengist
+module github.com/thomiceli/opengist
 
-go 1.19
+go 1.23
 
 require (
-	github.com/go-playground/validator/v10 v10.11.0
-	github.com/google/uuid v1.3.0
-	github.com/gorilla/sessions v1.2.1
-	github.com/labstack/echo/v4 v4.10.0
-	github.com/rs/zerolog v1.29.0
-	golang.org/x/crypto v0.2.0
+	github.com/Kunde21/markdownfmt/v3 v3.1.0
+	github.com/alecthomas/chroma/v2 v2.14.0
+	github.com/blevesearch/bleve/v2 v2.4.3
+	github.com/dustin/go-humanize v1.0.1
+	github.com/glebarez/sqlite v1.11.0
+	github.com/go-playground/validator/v10 v10.23.0
+	github.com/go-webauthn/webauthn v0.11.2
+	github.com/google/uuid v1.6.0
+	github.com/gorilla/schema v1.4.1
+	github.com/gorilla/securecookie v1.1.2
+	github.com/gorilla/sessions v1.4.0
+	github.com/labstack/echo/v4 v4.12.0
+	github.com/markbates/goth v1.80.0
+	github.com/pquerna/otp v1.4.0
+	github.com/rs/zerolog v1.33.0
+	github.com/stretchr/testify v1.10.0
+	github.com/urfave/cli/v2 v2.27.5
+	github.com/yuin/goldmark v1.7.8
+	github.com/yuin/goldmark-emoji v1.0.4
+	github.com/yuin/goldmark-highlighting/v2 v2.0.0-20230729083705-37449abec8cc
+	go.abhg.dev/goldmark/mermaid v0.5.0
+	golang.org/x/crypto v0.29.0
+	golang.org/x/text v0.20.0
 	gopkg.in/yaml.v3 v3.0.1
-	gorm.io/driver/sqlite v1.3.2
-	gorm.io/gorm v1.23.5
+	gorm.io/driver/mysql v1.5.7
+	gorm.io/driver/postgres v1.5.10
+	gorm.io/gorm v1.25.12
 )
 
 require (
-	github.com/go-playground/locales v0.14.0 // indirect
-	github.com/go-playground/universal-translator v0.18.0 // indirect
+	filippo.io/edwards25519 v1.1.0 // indirect
+	github.com/RoaringBitmap/roaring v1.9.4 // indirect
+	github.com/bits-and-blooms/bitset v1.17.0 // indirect
+	github.com/blevesearch/bleve_index_api v1.1.13 // indirect
+	github.com/blevesearch/geo v0.1.20 // indirect
+	github.com/blevesearch/go-faiss v1.0.23 // indirect
+	github.com/blevesearch/go-porterstemmer v1.0.3 // indirect
+	github.com/blevesearch/gtreap v0.1.1 // indirect
+	github.com/blevesearch/mmap-go v1.0.4 // indirect
+	github.com/blevesearch/scorch_segment_api/v2 v2.2.16 // indirect
+	github.com/blevesearch/segment v0.9.1 // indirect
+	github.com/blevesearch/snowballstem v0.9.0 // indirect
+	github.com/blevesearch/upsidedown_store_api v1.0.2 // indirect
+	github.com/blevesearch/vellum v1.0.11 // indirect
+	github.com/blevesearch/zapx/v11 v11.3.10 // indirect
+	github.com/blevesearch/zapx/v12 v12.3.10 // indirect
+	github.com/blevesearch/zapx/v13 v13.3.10 // indirect
+	github.com/blevesearch/zapx/v14 v14.3.10 // indirect
+	github.com/blevesearch/zapx/v15 v15.3.16 // indirect
+	github.com/blevesearch/zapx/v16 v16.1.8 // indirect
+	github.com/boombuler/barcode v1.0.2 // indirect
+	github.com/cpuguy83/go-md2man/v2 v2.0.5 // indirect
+	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/dlclark/regexp2 v1.11.4 // indirect
+	github.com/fxamacker/cbor/v2 v2.7.0 // indirect
+	github.com/gabriel-vasile/mimetype v1.4.7 // indirect
+	github.com/glebarez/go-sqlite v1.22.0 // indirect
+	github.com/go-playground/locales v0.14.1 // indirect
+	github.com/go-playground/universal-translator v0.18.1 // indirect
+	github.com/go-sql-driver/mysql v1.8.1 // indirect
+	github.com/go-webauthn/x v0.1.15 // indirect
 	github.com/golang-jwt/jwt v3.2.2+incompatible // indirect
-	github.com/gorilla/securecookie v1.1.1 // indirect
+	github.com/golang-jwt/jwt/v5 v5.2.1 // indirect
+	github.com/golang/geo v0.0.0-20230421003525-6adc56603217 // indirect
+	github.com/golang/protobuf v1.5.4 // indirect
+	github.com/golang/snappy v0.0.4 // indirect
+	github.com/google/go-tpm v0.9.1 // indirect
+	github.com/gorilla/mux v1.8.1 // indirect
+	github.com/jackc/pgpassfile v1.0.0 // indirect
+	github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761 // indirect
+	github.com/jackc/pgx/v5 v5.7.1 // indirect
+	github.com/jackc/puddle/v2 v2.2.2 // indirect
 	github.com/jinzhu/inflection v1.0.0 // indirect
 	github.com/jinzhu/now v1.1.5 // indirect
-	github.com/labstack/gommon v0.4.0 // indirect
-	github.com/leodido/go-urn v1.2.1 // indirect
+	github.com/json-iterator/go v1.1.12 // indirect
+	github.com/kr/text v0.2.0 // indirect
+	github.com/labstack/gommon v0.4.2 // indirect
+	github.com/leodido/go-urn v1.4.0 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
-	github.com/mattn/go-isatty v0.0.17 // indirect
-	github.com/mattn/go-sqlite3 v1.14.13 // indirect
+	github.com/mattn/go-isatty v0.0.20 // indirect
+	github.com/mattn/go-runewidth v0.0.16 // indirect
+	github.com/mitchellh/mapstructure v1.5.0 // indirect
+	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
+	github.com/modern-go/reflect2 v1.0.2 // indirect
+	github.com/mschoch/smat v0.2.0 // indirect
+	github.com/ncruces/go-strftime v0.1.9 // indirect
+	github.com/pmezard/go-difflib v1.0.0 // indirect
+	github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec // indirect
+	github.com/rivo/uniseg v0.4.7 // indirect
+	github.com/russross/blackfriday/v2 v2.1.0 // indirect
 	github.com/valyala/bytebufferpool v1.0.0 // indirect
 	github.com/valyala/fasttemplate v1.2.2 // indirect
-	golang.org/x/net v0.4.0 // indirect
-	golang.org/x/sys v0.5.0 // indirect
-	golang.org/x/text v0.5.0 // indirect
-	golang.org/x/time v0.2.0 // indirect
+	github.com/x448/float16 v0.8.4 // indirect
+	github.com/xrash/smetrics v0.0.0-20240521201337-686a1a2994c1 // indirect
+	go.etcd.io/bbolt v1.3.11 // indirect
+	golang.org/x/exp v0.0.0-20241108190413-2d47ceb2692f // indirect
+	golang.org/x/net v0.31.0 // indirect
+	golang.org/x/oauth2 v0.24.0 // indirect
+	golang.org/x/sync v0.9.0 // indirect
+	golang.org/x/sys v0.27.0 // indirect
+	golang.org/x/time v0.8.0 // indirect
+	google.golang.org/protobuf v1.35.2 // indirect
+	modernc.org/libc v1.61.2 // indirect
+	modernc.org/mathutil v1.6.0 // indirect
+	modernc.org/memory v1.8.0 // indirect
+	modernc.org/sqlite v1.34.1 // indirect
 )

go.sum

@@ -1,110 +1,294 @@
-github.com/coreos/go-systemd/v22 v22.3.3-0.20220203105225-a9a7ef127534/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
+filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA=
+filippo.io/edwards25519 v1.1.0/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4=
+github.com/Kunde21/markdownfmt/v3 v3.1.0 h1:KiZu9LKs+wFFBQKhrZJrFZwtLnCCWJahL+S+E/3VnM0=
+github.com/Kunde21/markdownfmt/v3 v3.1.0/go.mod h1:tPXN1RTyOzJwhfHoon9wUr4HGYmWgVxSQN6VBJDkrVc=
+github.com/RoaringBitmap/roaring v1.9.4 h1:yhEIoH4YezLYT04s1nHehNO64EKFTop/wBhxv2QzDdQ=
+github.com/RoaringBitmap/roaring v1.9.4/go.mod h1:6AXUsoIEzDTFFQCe1RbGA6uFONMhvejWj5rqITANK90=
+github.com/alecthomas/assert/v2 v2.7.0 h1:QtqSACNS3tF7oasA8CU6A6sXZSBDqnm7RfpLl9bZqbE=
+github.com/alecthomas/assert/v2 v2.7.0/go.mod h1:Bze95FyfUr7x34QZrjL+XP+0qgp/zg8yS+TtBj1WA3k=
+github.com/alecthomas/chroma/v2 v2.2.0/go.mod h1:vf4zrexSH54oEjJ7EdB65tGNHmH3pGZmVkgTP5RHvAs=
+github.com/alecthomas/chroma/v2 v2.14.0 h1:R3+wzpnUArGcQz7fCETQBzO5n9IMNi13iIs46aU4V9E=
+github.com/alecthomas/chroma/v2 v2.14.0/go.mod h1:QolEbTfmUHIMVpBqxeDnNBj2uoeI4EbYP4i6n68SG4I=
+github.com/alecthomas/repr v0.0.0-20220113201626-b1b626ac65ae/go.mod h1:2kn6fqh/zIyPLmm3ugklbEi5hg5wS435eygvNfaDQL8=
+github.com/alecthomas/repr v0.4.0 h1:GhI2A8MACjfegCPVq9f1FLvIBS+DrQ2KQBFZP1iFzXc=
+github.com/alecthomas/repr v0.4.0/go.mod h1:Fr0507jx4eOXV7AlPV6AVZLYrLIuIeSOWtW57eE/O/4=
+github.com/bits-and-blooms/bitset v1.12.0/go.mod h1:7hO7Gc7Pp1vODcmWvKMRA9BNmbv6a/7QIWpPxHddWR8=
+github.com/bits-and-blooms/bitset v1.17.0 h1:1X2TS7aHz1ELcC0yU1y2stUs/0ig5oMU6STFZGrhvHI=
+github.com/bits-and-blooms/bitset v1.17.0/go.mod h1:7hO7Gc7Pp1vODcmWvKMRA9BNmbv6a/7QIWpPxHddWR8=
+github.com/blevesearch/bleve/v2 v2.4.3 h1:XDYj+1prgX84L2Cf+V3ojrOPqXxy0qxyd2uLMmeuD+4=
+github.com/blevesearch/bleve/v2 v2.4.3/go.mod h1:hEPDPrbYw3vyrm5VOa36GyS4bHWuIf4Fflp7460QQXY=
+github.com/blevesearch/bleve_index_api v1.1.13 h1:+nrA6oRJr85aCPyqaeZtsruObwKojutfonHJin/BP48=
+github.com/blevesearch/bleve_index_api v1.1.13/go.mod h1:PbcwjIcRmjhGbkS/lJCpfgVSMROV6TRubGGAODaK1W8=
+github.com/blevesearch/geo v0.1.20 h1:paaSpu2Ewh/tn5DKn/FB5SzvH0EWupxHEIwbCk/QPqM=
+github.com/blevesearch/geo v0.1.20/go.mod h1:DVG2QjwHNMFmjo+ZgzrIq2sfCh6rIHzy9d9d0B59I6w=
+github.com/blevesearch/go-faiss v1.0.23 h1:Wmc5AFwDLKGl2L6mjLX1Da3vCL0EKa2uHHSorcIS1Uc=
+github.com/blevesearch/go-faiss v1.0.23/go.mod h1:OMGQwOaRRYxrmeNdMrXJPvVx8gBnvE5RYrr0BahNnkk=
+github.com/blevesearch/go-porterstemmer v1.0.3 h1:GtmsqID0aZdCSNiY8SkuPJ12pD4jI+DdXTAn4YRcHCo=
+github.com/blevesearch/go-porterstemmer v1.0.3/go.mod h1:angGc5Ht+k2xhJdZi511LtmxuEf0OVpvUUNrwmM1P7M=
+github.com/blevesearch/gtreap v0.1.1 h1:2JWigFrzDMR+42WGIN/V2p0cUvn4UP3C4Q5nmaZGW8Y=
+github.com/blevesearch/gtreap v0.1.1/go.mod h1:QaQyDRAT51sotthUWAH4Sj08awFSSWzgYICSZ3w0tYk=
+github.com/blevesearch/mmap-go v1.0.4 h1:OVhDhT5B/M1HNPpYPBKIEJaD0F3Si+CrEKULGCDPWmc=
+github.com/blevesearch/mmap-go v1.0.4/go.mod h1:EWmEAOmdAS9z/pi/+Toxu99DnsbhG1TIxUoRmJw/pSs=
+github.com/blevesearch/scorch_segment_api/v2 v2.2.16 h1:uGvKVvG7zvSxCwcm4/ehBa9cCEuZVE+/zvrSl57QUVY=
+github.com/blevesearch/scorch_segment_api/v2 v2.2.16/go.mod h1:VF5oHVbIFTu+znY1v30GjSpT5+9YFs9dV2hjvuh34F0=
+github.com/blevesearch/segment v0.9.1 h1:+dThDy+Lvgj5JMxhmOVlgFfkUtZV2kw49xax4+jTfSU=
+github.com/blevesearch/segment v0.9.1/go.mod h1:zN21iLm7+GnBHWTao9I+Au/7MBiL8pPFtJBJTsk6kQw=
+github.com/blevesearch/snowballstem v0.9.0 h1:lMQ189YspGP6sXvZQ4WZ+MLawfV8wOmPoD/iWeNXm8s=
+github.com/blevesearch/snowballstem v0.9.0/go.mod h1:PivSj3JMc8WuaFkTSRDW2SlrulNWPl4ABg1tC/hlgLs=
+github.com/blevesearch/upsidedown_store_api v1.0.2 h1:U53Q6YoWEARVLd1OYNc9kvhBMGZzVrdmaozG2MfoB+A=
+github.com/blevesearch/upsidedown_store_api v1.0.2/go.mod h1:M01mh3Gpfy56Ps/UXHjEO/knbqyQ1Oamg8If49gRwrQ=
+github.com/blevesearch/vellum v1.0.11 h1:SJI97toEFTtA9WsDZxkyGTaBWFdWl1n2LEDCXLCq/AU=
+github.com/blevesearch/vellum v1.0.11/go.mod h1:QgwWryE8ThtNPxtgWJof5ndPfx0/YMBh+W2weHKPw8Y=
+github.com/blevesearch/zapx/v11 v11.3.10 h1:hvjgj9tZ9DeIqBCxKhi70TtSZYMdcFn7gDb71Xo/fvk=
+github.com/blevesearch/zapx/v11 v11.3.10/go.mod h1:0+gW+FaE48fNxoVtMY5ugtNHHof/PxCqh7CnhYdnMzQ=
+github.com/blevesearch/zapx/v12 v12.3.10 h1:yHfj3vXLSYmmsBleJFROXuO08mS3L1qDCdDK81jDl8s=
+github.com/blevesearch/zapx/v12 v12.3.10/go.mod h1:0yeZg6JhaGxITlsS5co73aqPtM04+ycnI6D1v0mhbCs=
+github.com/blevesearch/zapx/v13 v13.3.10 h1:0KY9tuxg06rXxOZHg3DwPJBjniSlqEgVpxIqMGahDE8=
+github.com/blevesearch/zapx/v13 v13.3.10/go.mod h1:w2wjSDQ/WBVeEIvP0fvMJZAzDwqwIEzVPnCPrz93yAk=
+github.com/blevesearch/zapx/v14 v14.3.10 h1:SG6xlsL+W6YjhX5N3aEiL/2tcWh3DO75Bnz77pSwwKU=
+github.com/blevesearch/zapx/v14 v14.3.10/go.mod h1:qqyuR0u230jN1yMmE4FIAuCxmahRQEOehF78m6oTgns=
+github.com/blevesearch/zapx/v15 v15.3.16 h1:Ct3rv7FUJPfPk99TI/OofdC+Kpb4IdyfdMH48sb+FmE=
+github.com/blevesearch/zapx/v15 v15.3.16/go.mod h1:Turk/TNRKj9es7ZpKK95PS7f6D44Y7fAFy8F4LXQtGg=
+github.com/blevesearch/zapx/v16 v16.1.8 h1:Bxzpw6YQpFs7UjoCV1+RvDw6fmAT2GZxldwX8b3wVBM=
+github.com/blevesearch/zapx/v16 v16.1.8/go.mod h1:JqQlOqlRVaYDkpLIl3JnKql8u4zKTNlVEa3nLsi0Gn8=
+github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8=
+github.com/boombuler/barcode v1.0.2 h1:79yrbttoZrLGkL/oOI8hBrUKucwOL0oOjUgEguGMcJ4=
+github.com/boombuler/barcode v1.0.2/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8=
+github.com/chromedp/cdproto v0.0.0-20230220211738-2b1ec77315c9 h1:wMSvdj3BswqfQOXp2R1bJOAE7xIQLt2dlMQDMf836VY=
+github.com/chromedp/cdproto v0.0.0-20230220211738-2b1ec77315c9/go.mod h1:GKljq0VrfU4D5yc+2qA6OVr8pmO/MBbPEWqWQ/oqGEs=
+github.com/chromedp/chromedp v0.9.1 h1:CC7cC5p1BeLiiS2gfNNPwp3OaUxtRMBjfiw3E3k6dFA=
+github.com/chromedp/chromedp v0.9.1/go.mod h1:DUgZWRvYoEfgi66CgZ/9Yv+psgi+Sksy5DTScENWjaQ=
+github.com/chromedp/sysutil v1.0.0 h1:+ZxhTpfpZlmchB58ih/LBHX52ky7w2VhQVKQMucy3Ic=
+github.com/chromedp/sysutil v1.0.0/go.mod h1:kgWmDdq8fTzXYcKIBqIYvRRTnYb9aNS9moAV0xufSww=
+github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
+github.com/cpuguy83/go-md2man/v2 v2.0.5 h1:ZtcqGrnekaHpVLArFSe4HK5DoKx1T0rq2DwVB0alcyc=
+github.com/cpuguy83/go-md2man/v2 v2.0.5/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/go-playground/assert/v2 v2.0.1 h1:MsBgLAaY856+nPRTKrp3/OZK38U/wa0CcBYNjji3q3A=
-github.com/go-playground/assert/v2 v2.0.1/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
-github.com/go-playground/locales v0.14.0 h1:u50s323jtVGugKlcYeyzC0etD1HifMjqmJqb8WugfUU=
-github.com/go-playground/locales v0.14.0/go.mod h1:sawfccIbzZTqEDETgFXqTho0QybSa7l++s0DH+LDiLs=
-github.com/go-playground/universal-translator v0.18.0 h1:82dyy6p4OuJq4/CByFNOn/jYrnRPArHwAcmLoJZxyho=
-github.com/go-playground/universal-translator v0.18.0/go.mod h1:UvRDBj+xPUEGrFYl+lu/H90nyDXpg0fqeB/AQUGNTVA=
-github.com/go-playground/validator/v10 v10.11.0 h1:0W+xRM511GY47Yy3bZUbJVitCNg2BOGlCyvTqsp/xIw=
-github.com/go-playground/validator/v10 v10.11.0/go.mod h1:i+3WkQ1FvaUjjxh1kSvIA4dMGDBiPU55YFDl0WbKdWU=
+github.com/dlclark/regexp2 v1.4.0/go.mod h1:2pZnwuY/m+8K6iRw6wQdMtk+rH5tNGR1i55kozfMjCc=
+github.com/dlclark/regexp2 v1.7.0/go.mod h1:DHkYz0B9wPfa6wondMfaivmHpzrQ3v9q8cnmRbL6yW8=
+github.com/dlclark/regexp2 v1.11.4 h1:rPYF9/LECdNymJufQKmri9gV604RvvABwgOA8un7yAo=
+github.com/dlclark/regexp2 v1.11.4/go.mod h1:DHkYz0B9wPfa6wondMfaivmHpzrQ3v9q8cnmRbL6yW8=
+github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY=
+github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto=
+github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E=
+github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ=
+github.com/gabriel-vasile/mimetype v1.4.7 h1:SKFKl7kD0RiPdbht0s7hFtjl489WcQ1VyPW8ZzUMYCA=
+github.com/gabriel-vasile/mimetype v1.4.7/go.mod h1:GDlAgAyIRT27BhFl53XNAFtfjzOkLaF35JdEG0P7LtU=
+github.com/glebarez/go-sqlite v1.22.0 h1:uAcMJhaA6r3LHMTFgP0SifzgXg46yJkgxqyuyec+ruQ=
+github.com/glebarez/go-sqlite v1.22.0/go.mod h1:PlBIdHe0+aUEFn+r2/uthrWq4FxbzugL0L8Li6yQJbc=
+github.com/glebarez/sqlite v1.11.0 h1:wSG0irqzP6VurnMEpFGer5Li19RpIRi2qvQz++w0GMw=
+github.com/glebarez/sqlite v1.11.0/go.mod h1:h8/o8j5wiAsqSPoWELDUdJXhjAhsVliSn7bWZjOhrgQ=
+github.com/go-playground/assert/v2 v2.2.0 h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s=
+github.com/go-playground/assert/v2 v2.2.0/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
+github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA=
+github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY=
+github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY=
+github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY=
+github.com/go-playground/validator/v10 v10.23.0 h1:/PwmTwZhS0dPkav3cdK9kV1FsAmrL8sThn8IHr/sO+o=
+github.com/go-playground/validator/v10 v10.23.0/go.mod h1:dbuPbCMFw/DrkbEynArYaCwl3amGuJotoKCe95atGMM=
+github.com/go-sql-driver/mysql v1.7.0/go.mod h1:OXbVy3sEdcQ2Doequ6Z5BW6fXNQTmx+9S1MCJN5yJMI=
+github.com/go-sql-driver/mysql v1.8.1 h1:LedoTUt/eveggdHS9qUFC1EFSa8bU2+1pZjSRpvNJ1Y=
+github.com/go-sql-driver/mysql v1.8.1/go.mod h1:wEBSXgmK//2ZFJyE+qWnIsVGmvmEKlqwuVSjsCm7DZg=
+github.com/go-webauthn/webauthn v0.11.2 h1:Fgx0/wlmkClTKlnOsdOQ+K5HcHDsDcYIvtYmfhEOSUc=
+github.com/go-webauthn/webauthn v0.11.2/go.mod h1:aOtudaF94pM71g3jRwTYYwQTG1KyTILTcZqN1srkmD0=
+github.com/go-webauthn/x v0.1.15 h1:eG1OhggBJTkDE8gUeOlGRbRe8E/PSVG26YG4AyFbwkU=
+github.com/go-webauthn/x v0.1.15/go.mod h1:pf7VI23raFLHPO9VVIs9/u1etqwAOP0S2KoHGL6WbZ8=
+github.com/gobwas/httphead v0.1.0 h1:exrUm0f4YX0L7EBwZHuCF4GDp8aJfVeBrlLQrs6NqWU=
+github.com/gobwas/httphead v0.1.0/go.mod h1:O/RXo79gxV8G+RqlR/otEwx4Q36zl9rqC5u12GKvMCM=
+github.com/gobwas/pool v0.2.1 h1:xfeeEhW7pwmX8nuLVlqbzVc7udMDrwetjEv+TZIz1og=
+github.com/gobwas/pool v0.2.1/go.mod h1:q8bcK0KcYlCgd9e7WYLm9LpyS+YeLd8JVDW6WezmKEw=
+github.com/gobwas/ws v1.1.0 h1:7RFti/xnNkMJnrK7D1yQ/iCIB5OrrY/54/H930kIbHA=
+github.com/gobwas/ws v1.1.0/go.mod h1:nzvNcVha5eUziGrbxFCo6qFIojQHjJV5cLYIbezhfL0=
 github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
 github.com/golang-jwt/jwt v3.2.2+incompatible h1:IfV12K8xAKAnZqdXVzCZ+TOjboZ2keLg81eXfW3O+oY=
 github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I=
-github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
-github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/gorilla/securecookie v1.1.1 h1:miw7JPhV+b/lAHSXz4qd/nN9jRiAFV5FwjeKyCS8BvQ=
-github.com/gorilla/securecookie v1.1.1/go.mod h1:ra0sb63/xPlUeL+yeDciTfxMRAA+MP+HVt/4epWDjd4=
-github.com/gorilla/sessions v1.2.1 h1:DHd3rPN5lE3Ts3D8rKkQ8x/0kqfeNmBAaiSi+o7FsgI=
-github.com/gorilla/sessions v1.2.1/go.mod h1:dk2InVEVJ0sfLlnXv9EAgkf6ecYs/i80K/zI+bUmuGM=
+github.com/golang-jwt/jwt/v5 v5.2.1 h1:OuVbFODueb089Lh128TAcimifWaLhJwVflnrgM17wHk=
+github.com/golang-jwt/jwt/v5 v5.2.1/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
+github.com/golang/geo v0.0.0-20230421003525-6adc56603217 h1:HKlyj6in2JV6wVkmQ4XmG/EIm+SCYlPZ+V4GWit7Z+I=
+github.com/golang/geo v0.0.0-20230421003525-6adc56603217/go.mod h1:8wI0hitZ3a1IxZfeH3/5I97CI8i5cLGsYe7xNhQGs9U=
+github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
+github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
+github.com/golang/snappy v0.0.4 h1:yAGX7huGHXlcLOEtBnF4w7FQwA26wojNCwOYAEhLjQM=
+github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
+github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
+github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/go-tpm v0.9.1 h1:0pGc4X//bAlmZzMKf8iz6IsDo1nYTbYJ6FZN/rg4zdM=
+github.com/google/go-tpm v0.9.1/go.mod h1:h9jEsEECg7gtLis0upRBQU+GhYVH6jMjrFxI8u6bVUY=
+github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
+github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/google/pprof v0.0.0-20240409012703-83162a5b38cd h1:gbpYu9NMq8jhDVbvlGkMFWCjLFlqqEZjEmObmhUy6Vo=
+github.com/google/pprof v0.0.0-20240409012703-83162a5b38cd/go.mod h1:kf6iHlnVGwgKolg33glAes7Yg/8iWP8ukqeldJSO7jw=
+github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
+github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/gorilla/mux v1.8.1 h1:TuBL49tXwgrFYWhqrNgrUNEY92u81SPhu7sTdzQEiWY=
+github.com/gorilla/mux v1.8.1/go.mod h1:AKf9I4AEqPTmMytcMc0KkNouC66V3BtZ4qD5fmWSiMQ=
+github.com/gorilla/schema v1.4.1 h1:jUg5hUjCSDZpNGLuXQOgIWGdlgrIdYvgQ0wZtdK1M3E=
+github.com/gorilla/schema v1.4.1/go.mod h1:Dg5SSm5PV60mhF2NFaTV1xuYYj8tV8NOPRo4FggUMnM=
+github.com/gorilla/securecookie v1.1.2 h1:YCIWL56dvtr73r6715mJs5ZvhtnY73hBvEF8kXD8ePA=
+github.com/gorilla/securecookie v1.1.2/go.mod h1:NfCASbcHqRSY+3a8tlWJwsQap2VX5pwzwo4h3eOamfo=
+github.com/gorilla/sessions v1.4.0 h1:kpIYOp/oi6MG/p5PgxApU8srsSw9tuFbt46Lt7auzqQ=
+github.com/gorilla/sessions v1.4.0/go.mod h1:FLWm50oby91+hl7p/wRxDth9bWSuk0qVL2emc7lT5ik=
+github.com/hexops/gotextdiff v1.0.3 h1:gitA9+qJrrTCsiCl7+kh75nPqQt1cx4ZkudSTLoUqJM=
+github.com/hexops/gotextdiff v1.0.3/go.mod h1:pSWU5MAI3yDq+fZBTazCSJysOMbxWL1BSow5/V2vxeg=
+github.com/jackc/pgpassfile v1.0.0 h1:/6Hmqy13Ss2zCq62VdNG8tM1wchn8zjSGOBJ6icpsIM=
+github.com/jackc/pgpassfile v1.0.0/go.mod h1:CEx0iS5ambNFdcRtxPj5JhEz+xB6uRky5eyVu/W2HEg=
+github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761 h1:iCEnooe7UlwOQYpKFhBabPMi4aNAfoODPEFNiAnClxo=
+github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761/go.mod h1:5TJZWKEWniPve33vlWYSoGYefn3gLQRzjfDlhSJ9ZKM=
+github.com/jackc/pgx/v5 v5.7.1 h1:x7SYsPBYDkHDksogeSmZZ5xzThcTgRz++I5E+ePFUcs=
+github.com/jackc/pgx/v5 v5.7.1/go.mod h1:e7O26IywZZ+naJtWWos6i6fvWK+29etgITqrqHLfoZA=
+github.com/jackc/puddle/v2 v2.2.2 h1:PR8nw+E/1w0GLuRFSmiioY6UooMp6KJv0/61nB7icHo=
+github.com/jackc/puddle/v2 v2.2.2/go.mod h1:vriiEXHvEE654aYKXXjOvZM39qJ0q+azkZFrfEOc3H4=
 github.com/jinzhu/inflection v1.0.0 h1:K317FqzuhWc8YvSVlFMCCUb36O/S9MCKRDI7QkRKD/E=
 github.com/jinzhu/inflection v1.0.0/go.mod h1:h+uFLlag+Qp1Va5pdKtLDYj+kHp5pxUVkryuEj+Srlc=
-github.com/jinzhu/now v1.1.4/go.mod h1:d3SSVoowX0Lcu0IBviAWJpolVfI5UJVZZ7cO71lE/z8=
 github.com/jinzhu/now v1.1.5 h1:/o9tlHleP7gOFmsnYNz3RGnqzefHA47wQpKrrdTIwXQ=
 github.com/jinzhu/now v1.1.5/go.mod h1:d3SSVoowX0Lcu0IBviAWJpolVfI5UJVZZ7cO71lE/z8=
-github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
-github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
-github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0=
-github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk=
-github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
-github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
+github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
+github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
+github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
+github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
+github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
+github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
-github.com/labstack/echo/v4 v4.10.0 h1:5CiyngihEO4HXsz3vVsJn7f8xAlWwRr3aY6Ih280ZKA=
-github.com/labstack/echo/v4 v4.10.0/go.mod h1:S/T/5fy/GigaXnHTkh0ZGe4LpkkQysvRjFMSUTkDRNQ=
-github.com/labstack/gommon v0.4.0 h1:y7cvthEAEbU0yHOf4axH8ZG2NH8knB9iNSoTO8dyIk8=
-github.com/labstack/gommon v0.4.0/go.mod h1:uW6kP17uPlLJsD3ijUYn3/M5bAxtlZhMI6m3MFxTMTM=
-github.com/leodido/go-urn v1.2.1 h1:BqpAaACuzVSgi/VLzGZIobT2z4v53pjosyNd9Yv6n/w=
-github.com/leodido/go-urn v1.2.1/go.mod h1:zt4jvISO2HfUBqxjfIshjdMTYS56ZS/qv49ictyFfxY=
-github.com/mattn/go-colorable v0.1.11/go.mod h1:u5H1YNBxpqRaxsYJYSkiCWKzEfiAb1Gb520KVy5xxl4=
-github.com/mattn/go-colorable v0.1.12/go.mod h1:u5H1YNBxpqRaxsYJYSkiCWKzEfiAb1Gb520KVy5xxl4=
+github.com/labstack/echo/v4 v4.12.0 h1:IKpw49IMryVB2p1a4dzwlhP1O2Tf2E0Ir/450lH+kI0=
+github.com/labstack/echo/v4 v4.12.0/go.mod h1:UP9Cr2DJXbOK3Kr9ONYzNowSh7HP0aG0ShAyycHSJvM=
+github.com/labstack/gommon v0.4.2 h1:F8qTUNXgG1+6WQmqoUWnz8WiEU60mXVVw0P4ht1WRA0=
+github.com/labstack/gommon v0.4.2/go.mod h1:QlUFxVM+SNXhDL/Z7YhocGIBYOiwB0mXm1+1bAPHPyU=
+github.com/leodido/go-urn v1.4.0 h1:WT9HwE9SGECu3lg4d/dIA+jxlljEa1/ffXKmRjqdmIQ=
+github.com/leodido/go-urn v1.4.0/go.mod h1:bvxc+MVxLKB4z00jd1z+Dvzr47oO32F/QSNjSBOlFxI=
+github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0=
+github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
+github.com/markbates/goth v1.80.0 h1:NnvatczZDzOs1hn9Ug+dVYf2Viwwkp/ZDX5K+GLjan8=
+github.com/markbates/goth v1.80.0/go.mod h1:4/GYHo+W6NWisrMPZnq0Yr2Q70UntNLn7KXEFhrIdAY=
 github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA=
 github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
-github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94=
 github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
-github.com/mattn/go-isatty v0.0.17 h1:BTarxUcIeDqL27Mc+vyvdWYSL28zpIhv3RoTdsLMPng=
-github.com/mattn/go-isatty v0.0.17/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
-github.com/mattn/go-sqlite3 v1.14.12/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU=
-github.com/mattn/go-sqlite3 v1.14.13 h1:1tj15ngiFfcZzii7yd82foL+ks+ouQcj8j/TPq3fk1I=
-github.com/mattn/go-sqlite3 v1.14.13/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU=
-github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA=
+github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
+github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
+github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
+github.com/mattn/go-runewidth v0.0.16 h1:E5ScNMtiwvlvB5paMFdw9p4kSQzbXFikJ5SQO6TULQc=
+github.com/mattn/go-runewidth v0.0.16/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
+github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=
+github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
+github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
+github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
+github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
+github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
+github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
+github.com/mschoch/smat v0.2.0 h1:8imxQsjDm8yFEAVBe7azKmKSgzSkZXDuKkSq9374khM=
+github.com/mschoch/smat v0.2.0/go.mod h1:kc9mz7DoBKqDyiRL7VZN8KvXQMWeTaVnttLRXOlotKw=
+github.com/ncruces/go-strftime v0.1.9 h1:bY0MQC28UADQmHmaF5dgpLmImcShSi2kHU9XLdhx/f4=
+github.com/ncruces/go-strftime v0.1.9/go.mod h1:Fwc5htZGVVkseilnfgOVb9mKy6w1naJmn9CehxcKcls=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
-github.com/rogpeppe/go-internal v1.8.0 h1:FCbCCtXNOY3UtUuHUYaghJg4y7Fd14rXifAYUAtL9R8=
-github.com/rogpeppe/go-internal v1.8.0/go.mod h1:WmiCO8CzOY8rg0OYDC4/i/2WRWAB6poM+XZ2dLUbcbE=
-github.com/rs/xid v1.4.0/go.mod h1:trrq9SKmegXys3aeAKXMUTdJsYXVwGY3RLcfgqegfbg=
-github.com/rs/zerolog v1.29.0 h1:Zes4hju04hjbvkVkOhdl2HpZa+0PmVwigmo8XoORE5w=
-github.com/rs/zerolog v1.29.0/go.mod h1:NILgTygv/Uej1ra5XxGf82ZFSLk58MFGAUS2o6usyD0=
+github.com/pquerna/otp v1.4.0 h1:wZvl1TIVxKRThZIBiwOOHOGP/1+nZyWBil9Y2XNEDzg=
+github.com/pquerna/otp v1.4.0/go.mod h1:dkJfzwRKNiegxyNb54X/3fLwhCynbMspSyWKnvi1AEg=
+github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec h1:W09IVJc94icq4NjY3clb7Lk8O1qJ8BdBEF8z0ibU0rE=
+github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec/go.mod h1:qqbHyh8v60DhA7CoWK5oRCqLrMHRGoxYCSS9EjAz6Eo=
+github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
+github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ=
+github.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
+github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8=
+github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4=
+github.com/rs/xid v1.5.0/go.mod h1:trrq9SKmegXys3aeAKXMUTdJsYXVwGY3RLcfgqegfbg=
+github.com/rs/zerolog v1.33.0 h1:1cU2KZkvPxNyfgEmhHAz/1A9Bz+llsdYzklWFzgp0r8=
+github.com/rs/zerolog v1.33.0/go.mod h1:/7mN4D5sKwJLZQ2b/znpjC3/GQWY/xaDXUM0kKWRHss=
+github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk=
+github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk=
+github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
+github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+github.com/urfave/cli/v2 v2.27.5 h1:WoHEJLdsXr6dDWoJgMq/CboDmyY/8HMMH1fTECbih+w=
+github.com/urfave/cli/v2 v2.27.5/go.mod h1:3Sevf16NykTbInEnD0yKkjDAeZDS0A6bzhBH5hrMvTQ=
 github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6KllzawFIhcdPw=
 github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc=
-github.com/valyala/fasttemplate v1.2.1/go.mod h1:KHLXt3tVN2HBp8eijSv/kGJopbvo7S+qRAEEKiv+SiQ=
 github.com/valyala/fasttemplate v1.2.2 h1:lxLXG0uE3Qnshl9QyaK6XJxMXlQZELvChBOCmQD0Loo=
 github.com/valyala/fasttemplate v1.2.2/go.mod h1:KHLXt3tVN2HBp8eijSv/kGJopbvo7S+qRAEEKiv+SiQ=
-golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.2.0 h1:BRXPfhNivWL5Yq0BGQ39a2sW6t44aODpfxkWjYdzewE=
-golang.org/x/crypto v0.2.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
-golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.4.0 h1:Q5QPcMlvfxFTAPV0+07Xz/MpK9NTXu2VDUuy0FeMfaU=
-golang.org/x/net v0.4.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE=
-golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20211103235746-7861aae1554b/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
+github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg=
+github.com/xrash/smetrics v0.0.0-20240521201337-686a1a2994c1 h1:gEOO8jv9F4OT7lGCjxCBTO/36wtF6j2nSip77qHd4x4=
+github.com/xrash/smetrics v0.0.0-20240521201337-686a1a2994c1/go.mod h1:Ohn+xnUBiLI6FVj/9LpzZWtj1/D6lUovWYBkxHVV3aM=
+github.com/yuin/goldmark v1.4.15/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
+github.com/yuin/goldmark v1.7.1/go.mod h1:uzxRWxtg69N339t3louHJ7+O03ezfj6PlliRlaOzY1E=
+github.com/yuin/goldmark v1.7.8 h1:iERMLn0/QJeHFhxSt3p6PeN9mGnvIKSpG9YYorDMnic=
+github.com/yuin/goldmark v1.7.8/go.mod h1:uzxRWxtg69N339t3louHJ7+O03ezfj6PlliRlaOzY1E=
+github.com/yuin/goldmark-emoji v1.0.4 h1:vCwMkPZSNefSUnOW2ZKRUjBSD5Ok3W78IXhGxxAEF90=
+github.com/yuin/goldmark-emoji v1.0.4/go.mod h1:tTkZEbwu5wkPmgTcitqddVxY9osFZiavD+r4AzQrh1U=
+github.com/yuin/goldmark-highlighting/v2 v2.0.0-20230729083705-37449abec8cc h1:+IAOyRda+RLrxa1WC7umKOZRsGq4QrFFMYApOeHzQwQ=
+github.com/yuin/goldmark-highlighting/v2 v2.0.0-20230729083705-37449abec8cc/go.mod h1:ovIvrum6DQJA4QsJSovrkC4saKHQVs7TvcaeO8AIl5I=
+go.abhg.dev/goldmark/mermaid v0.5.0 h1:mDkykpSPJ+5wCQ8bSXgzJ2KQskjXkI5Ndxz7JYDHW38=
+go.abhg.dev/goldmark/mermaid v0.5.0/go.mod h1:OCyk2o85TX2drWHH+HRy6bih2yZlUwbbv/R1MMh1YLs=
+go.etcd.io/bbolt v1.3.11 h1:yGEzV1wPz2yVCLsD8ZAiGHhHVlczyC9d1rP43/VCRJ0=
+go.etcd.io/bbolt v1.3.11/go.mod h1:dksAq7YMXoljX0xu6VF5DMZGbhYYoLUalEiSySYAS4I=
+golang.org/x/crypto v0.29.0 h1:L5SG1JTTXupVV3n6sUqMTeWbjAyfPwoda2DLX8J8FrQ=
+golang.org/x/crypto v0.29.0/go.mod h1:+F4F4N5hv6v38hfeYwTdx20oUvLLc+QfrE9Ax9HtgRg=
+golang.org/x/exp v0.0.0-20241108190413-2d47ceb2692f h1:XdNn9LlyWAhLVp6P/i8QYBW+hlyhrhei9uErw2B5GJo=
+golang.org/x/exp v0.0.0-20241108190413-2d47ceb2692f/go.mod h1:D5SMRVC3C2/4+F/DB1wZsLRnSNimn2Sp/NPsCrsv8ak=
+golang.org/x/mod v0.22.0 h1:D4nJWe9zXqHOmWqj4VMOJhvzj7bEZg4wEYa759z1pH4=
+golang.org/x/mod v0.22.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY=
+golang.org/x/net v0.31.0 h1:68CPQngjLL0r2AlUKiSxtQFKvzRVbnzLwMUn5SzcLHo=
+golang.org/x/net v0.31.0/go.mod h1:P4fl1q7dY2hnZFxEk4pPSkDHF+QqjitcnDjUQyMM+pM=
+golang.org/x/oauth2 v0.24.0 h1:KTBBxWqUa0ykRPLtV69rRto9TLXcqYkeswu48x/gvNE=
+golang.org/x/oauth2 v0.24.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
+golang.org/x/sync v0.9.0 h1:fEo0HyrW1GIgZdpbhCRO0PkJajUS5H9IFUztCgEo2jQ=
+golang.org/x/sync v0.9.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.5.0 h1:MUK/U/4lj1t1oPg0HfuXDN/Z1wv31ZJ/YcPiGccS4DU=
-golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
-golang.org/x/term v0.3.0 h1:qoo4akIqOcDME5bhc/NgxUdovd6BSS2uMsVjB56q1xI=
-golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
-golang.org/x/text v0.5.0 h1:OLmvp0KP+FVG99Ct/qFiL/Fhk4zp4QQnZ7b2U+5piUM=
-golang.org/x/text v0.5.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
-golang.org/x/time v0.2.0 h1:52I/1L54xyEQAYdtcSuxtiT84KGYTBGXwayxmIpNJhE=
-golang.org/x/time v0.2.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.27.0 h1:wBqf8DvsY9Y/2P8gAfPDEYNuS30J4lPHJxXSb/nJZ+s=
+golang.org/x/sys v0.27.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/term v0.26.0 h1:WEQa6V3Gja/BhNxg540hBip/kkaYtRg3cxg4oXSw4AU=
+golang.org/x/term v0.26.0/go.mod h1:Si5m1o57C5nBNQo5z1iq+XDijt21BDBDp2bK0QI8e3E=
+golang.org/x/text v0.20.0 h1:gK/Kv2otX8gz+wn7Rmb3vT96ZwuoxnQlY+HlJVj7Qug=
+golang.org/x/text v0.20.0/go.mod h1:D4IsuqiFMhST5bX19pQ9ikHC2GsaKyk/oF+pn3ducp4=
+golang.org/x/time v0.8.0 h1:9i3RxcPv3PZnitoVGMPDKZSq1xW1gK1Xy3ArNOGZfEg=
+golang.org/x/time v0.8.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
+golang.org/x/tools v0.27.0 h1:qEKojBykQkQ4EynWy4S8Weg69NumxKdn40Fce3uc/8o=
+golang.org/x/tools v0.27.0/go.mod h1:sUi0ZgbwW9ZPAq26Ekut+weQPR5eIM6GQLQ1Yjm1H0Q=
+google.golang.org/protobuf v1.35.2 h1:8Ar7bF+apOIoThw1EdZl0p1oWvMqTHmpA2fRTyZO8io=
+google.golang.org/protobuf v1.35.2/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
-gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gorm.io/driver/sqlite v1.3.2 h1:nWTy4cE52K6nnMhv23wLmur9Y3qWbZvOBz+V4PrGAxg=
-gorm.io/driver/sqlite v1.3.2/go.mod h1:B+8GyC9K7VgzJAcrcXMRPdnMcck+8FgJynEehEPM16U=
-gorm.io/gorm v1.23.4/go.mod h1:l2lP/RyAtc1ynaTjFksBde/O8v9oOGIApu2/xRitmZk=
-gorm.io/gorm v1.23.5 h1:TnlF26wScKSvknUC/Rn8t0NLLM22fypYBlvj1+aH6dM=
-gorm.io/gorm v1.23.5/go.mod h1:l2lP/RyAtc1ynaTjFksBde/O8v9oOGIApu2/xRitmZk=
+gorm.io/driver/mysql v1.5.7 h1:MndhOPYOfEp2rHKgkZIhJ16eVUIRf2HmzgoPmh7FCWo=
+gorm.io/driver/mysql v1.5.7/go.mod h1:sEtPWMiqiN1N1cMXoXmBbd8C6/l+TESwriotuRRpkDM=
+gorm.io/driver/postgres v1.5.10 h1:7Lggqempgy496c0WfHXsYWxk3Th+ZcW66/21QhVFdeE=
+gorm.io/driver/postgres v1.5.10/go.mod h1:DX3GReXH+3FPWGrrgffdvCk3DQ1dwDPdmbenSkweRGI=
+gorm.io/gorm v1.25.7/go.mod h1:hbnx/Oo0ChWMn1BIhpy1oYozzpM15i4YPuHDmfYtwg8=
+gorm.io/gorm v1.25.12 h1:I0u8i2hWQItBq1WfE0o2+WuL9+8L21K9e2HHSTE/0f8=
+gorm.io/gorm v1.25.12/go.mod h1:xh7N7RHfYlNc5EmcI/El95gXusucDrQnHXe0+CgWcLQ=
+modernc.org/cc/v4 v4.23.1 h1:WqJoPL3x4cUufQVHkXpXX7ThFJ1C4ik80i2eXEXbhD8=
+modernc.org/cc/v4 v4.23.1/go.mod h1:HM7VJTZbUCR3rV8EYBi9wxnJ0ZBRiGE5OeGXNA0IsLQ=
+modernc.org/ccgo/v4 v4.22.3 h1:C7AW89Zw3kygesTQWBzApwIn9ldM+cb/plrTIKq41Os=
+modernc.org/ccgo/v4 v4.22.3/go.mod h1:Dz7n0/UkBbH3pnYaxgi1mFSfF4REqUOZNziphZASx6k=
+modernc.org/fileutil v1.3.0 h1:gQ5SIzK3H9kdfai/5x41oQiKValumqNTDXMvKo62HvE=
+modernc.org/fileutil v1.3.0/go.mod h1:XatxS8fZi3pS8/hKG2GH/ArUogfxjpEKs3Ku3aK4JyQ=
+modernc.org/gc/v2 v2.5.0 h1:bJ9ChznK1L1mUtAQtxi0wi5AtAs5jQuw4PrPHO5pb6M=
+modernc.org/gc/v2 v2.5.0/go.mod h1:wzN5dK1AzVGoH6XOzc3YZ+ey/jPgYHLuVckd62P0GYU=
+modernc.org/libc v1.61.2 h1:dkO4DlowfClcJYsvf/RiK6fUwvzCQTmB34bJLt0CAGQ=
+modernc.org/libc v1.61.2/go.mod h1:4QGjNyX3h+rn7V5oHpJY2yH0QN6frt1X+5BkXzwLPCo=
+modernc.org/mathutil v1.6.0 h1:fRe9+AmYlaej+64JsEEhoWuAYBkOtQiMEU7n/XgfYi4=
+modernc.org/mathutil v1.6.0/go.mod h1:Ui5Q9q1TR2gFm0AQRqQUaBWFLAhQpCwNcuhBOSedWPo=
+modernc.org/memory v1.8.0 h1:IqGTL6eFMaDZZhEWwcREgeMXYwmW83LYW8cROZYkg+E=
+modernc.org/memory v1.8.0/go.mod h1:XPZ936zp5OMKGWPqbD3JShgd/ZoQ7899TUuQqxY+peU=
+modernc.org/opt v0.1.3 h1:3XOZf2yznlhC+ibLltsDGzABUGVx8J6pnFMS3E4dcq4=
+modernc.org/opt v0.1.3/go.mod h1:WdSiB5evDcignE70guQKxYUl14mgWtbClRi5wmkkTX0=
+modernc.org/sortutil v1.2.0 h1:jQiD3PfS2REGJNzNCMMaLSp/wdMNieTbKX920Cqdgqc=
+modernc.org/sortutil v1.2.0/go.mod h1:TKU2s7kJMf1AE84OoiGppNHJwvB753OYfNl2WRb++Ss=
+modernc.org/sqlite v1.34.1 h1:u3Yi6M0N8t9yKRDwhXcyp1eS5/ErhPTBggxWFuR6Hfk=
+modernc.org/sqlite v1.34.1/go.mod h1:pXV2xHxhzXZsgT/RtTFAPY6JJDEvOTcTdwADQCCWD4k=
+modernc.org/strutil v1.2.0 h1:agBi9dp1I+eOnxXeiZawM8F4LawKv4NzGWSaLfyeNZA=
+modernc.org/strutil v1.2.0/go.mod h1:/mdcBmfOibveCTBxUl5B5l6W+TTH1FXPLHZE6bTosX0=
+modernc.org/token v1.1.0 h1:Xl7Ap9dKaEs5kLoOQeQmPWevfnk/DM5qcLcYlA8ys6Y=
+modernc.org/token v1.1.0/go.mod h1:UGzOrNV1mAFSEB63lOFHIpNRUVMvYTc6yu1SMY/XTDM=

internal/actions/actions.go

@@ -0,0 +1,185 @@
+package actions
+
+import (
+	"github.com/rs/zerolog/log"
+	"github.com/thomiceli/opengist/internal/config"
+	"github.com/thomiceli/opengist/internal/db"
+	"github.com/thomiceli/opengist/internal/git"
+	"github.com/thomiceli/opengist/internal/index"
+	"os"
+	"path/filepath"
+	"strings"
+	"sync"
+)
+
+type ActionStatus struct {
+	Running bool
+}
+
+const (
+	SyncReposFromFS = iota
+	SyncReposFromDB
+	GitGcRepos
+	SyncGistPreviews
+	ResetHooks
+	IndexGists
+	SyncGistLanguages
+)
+
+var (
+	mutex   sync.Mutex
+	actions = make(map[int]ActionStatus)
+)
+
+func updateActionStatus(actionType int, running bool) {
+	actions[actionType] = ActionStatus{
+		Running: running,
+	}
+}
+
+func IsRunning(actionType int) bool {
+	mutex.Lock()
+	defer mutex.Unlock()
+	return actions[actionType].Running
+}
+
+func Run(actionType int) {
+	mutex.Lock()
+
+	if actions[actionType].Running {
+		mutex.Unlock()
+		return
+	}
+
+	updateActionStatus(actionType, true)
+	mutex.Unlock()
+
+	defer func() {
+		mutex.Lock()
+		updateActionStatus(actionType, false)
+		mutex.Unlock()
+	}()
+
+	var functionToRun func()
+	switch actionType {
+	case SyncReposFromFS:
+		functionToRun = syncReposFromFS
+	case SyncReposFromDB:
+		functionToRun = syncReposFromDB
+	case GitGcRepos:
+		functionToRun = gitGcRepos
+	case SyncGistPreviews:
+		functionToRun = syncGistPreviews
+	case ResetHooks:
+		functionToRun = resetHooks
+	case IndexGists:
+		functionToRun = indexGists
+	case SyncGistLanguages:
+		functionToRun = syncGistLanguages
+	default:
+		log.Error().Msg("Unknown action type")
+	}
+
+	functionToRun()
+}
+
+func syncReposFromFS() {
+	log.Info().Msg("Syncing repositories from filesystem...")
+	gists, err := db.GetAllGistsRows()
+	if err != nil {
+		log.Error().Err(err).Msg("Cannot get gists")
+		return
+	}
+	for _, gist := range gists {
+		// if repository does not exist, delete gist from database
+		if _, err := os.Stat(git.RepositoryPath(gist.User.Username, gist.Uuid)); err != nil && !os.IsExist(err) {
+			if err2 := gist.Delete(); err2 != nil {
+				log.Error().Err(err2).Msgf("Cannot delete gist %d", gist.ID)
+			}
+		}
+	}
+}
+
+func syncReposFromDB() {
+	log.Info().Msg("Syncing repositories from database...")
+	entries, err := filepath.Glob(filepath.Join(config.GetHomeDir(), "repos", "*", "*"))
+	if err != nil {
+		log.Error().Err(err).Msg("Cannot read repos directories")
+		return
+	}
+
+	for _, e := range entries {
+		path := strings.Split(e, string(os.PathSeparator))
+		gist, _ := db.GetGist(path[len(path)-2], path[len(path)-1])
+
+		if gist.ID == 0 {
+			if err := git.DeleteRepository(path[len(path)-2], path[len(path)-1]); err != nil {
+				log.Error().Err(err).Msgf("Cannot delete repository %s/%s", path[len(path)-2], path[len(path)-1])
+			}
+		}
+	}
+}
+
+func gitGcRepos() {
+	log.Info().Msg("Garbage collecting all repositories...")
+	if err := git.GcRepos(); err != nil {
+		log.Error().Err(err).Msg("Error garbage collecting repositories")
+	}
+}
+
+func syncGistPreviews() {
+	log.Info().Msg("Syncing all Gist previews...")
+
+	gists, err := db.GetAllGistsRows()
+	if err != nil {
+		log.Error().Err(err).Msg("Cannot get gists")
+		return
+	}
+	for _, gist := range gists {
+		if err = gist.UpdatePreviewAndCount(false); err != nil {
+			log.Error().Err(err).Msgf("Cannot update preview and count for gist %d", gist.ID)
+		}
+	}
+}
+
+func resetHooks() {
+	log.Info().Msg("Resetting Git server hooks for all repositories...")
+	if err := git.ResetHooks(); err != nil {
+		log.Error().Err(err).Msg("Error resetting hooks for repositories")
+	}
+}
+
+func indexGists() {
+	log.Info().Msg("Indexing all Gists...")
+	gists, err := db.GetAllGistsRows()
+	if err != nil {
+		log.Error().Err(err).Msg("Cannot get gists")
+		return
+	}
+
+	for _, gist := range gists {
+		log.Info().Msgf("Indexing gist %d", gist.ID)
+		indexedGist, err := gist.ToIndexedGist()
+		if err != nil {
+			log.Error().Err(err).Msgf("Cannot convert gist %d to indexed gist", gist.ID)
+			continue
+		}
+		if err = index.AddInIndex(indexedGist); err != nil {
+			log.Error().Err(err).Msgf("Cannot index gist %d", gist.ID)
+		}
+	}
+}
+
+func syncGistLanguages() {
+	log.Info().Msg("Syncing all Gist languages...")
+	gists, err := db.GetAllGistsRows()
+	if err != nil {
+		log.Error().Err(err).Msg("Cannot get gists")
+		return
+	}
+
+	for _, gist := range gists {
+		log.Info().Msgf("Syncing languages for gist %d", gist.ID)
+		gist.UpdateLanguages()
+	}
+}

internal/auth/aes.go

@@ -0,0 +1,46 @@
+package auth
+
+import (
+	"crypto/aes"
+	"crypto/cipher"
+	"crypto/rand"
+	"fmt"
+	"io"
+)
+
+func AESEncrypt(key, text []byte) ([]byte, error) {
+	block, err := aes.NewCipher(key)
+	if err != nil {
+		return nil, err
+	}
+
+	ciphertext := make([]byte, aes.BlockSize+len(text))
+	iv := ciphertext[:aes.BlockSize]
+	if _, err = io.ReadFull(rand.Reader, iv); err != nil {
+		return nil, err
+	}
+
+	stream := cipher.NewCFBEncrypter(block, iv)
+	stream.XORKeyStream(ciphertext[aes.BlockSize:], text)
+
+	return ciphertext, nil
+}
+
+func AESDecrypt(key, ciphertext []byte) ([]byte, error) {
+	block, err := aes.NewCipher(key)
+	if err != nil {
+		return nil, err
+	}
+
+	if len(ciphertext) < aes.BlockSize {
+		return nil, fmt.Errorf("ciphertext too short")
+	}
+
+	iv := ciphertext[:aes.BlockSize]
+	ciphertext = ciphertext[aes.BlockSize:]
+
+	stream := cipher.NewCFBDecrypter(block, iv)
+	stream.XORKeyStream(ciphertext, ciphertext)
+
+	return ciphertext, nil
+}

internal/auth/argon2id.go

@@ -0,0 +1,76 @@
+package auth
+
+import (
+	"crypto/rand"
+	"crypto/subtle"
+	"encoding/base64"
+	"errors"
+	"fmt"
+	"golang.org/x/crypto/argon2"
+	"strings"
+)
+
+type argon2ID struct {
+	format  string
+	version int
+	time    uint32
+	memory  uint32
+	keyLen  uint32
+	saltLen uint32
+	threads uint8
+}
+
+var Argon2id = argon2ID{
+	format:  "$argon2id$v=%d$m=%d,t=%d,p=%d$%s$%s",
+	version: argon2.Version,
+	time:    1,
+	memory:  64 * 1024,
+	keyLen:  32,
+	saltLen: 16,
+	threads: 4,
+}
+
+func (a argon2ID) Hash(plain string) (string, error) {
+	salt := make([]byte, a.saltLen)
+	if _, err := rand.Read(salt); err != nil {
+		return "", err
+	}
+
+	hash := argon2.IDKey([]byte(plain), salt, a.time, a.memory, a.threads, a.keyLen)
+
+	return fmt.Sprintf(a.format, a.version, a.memory, a.time, a.threads,
+		base64.RawStdEncoding.EncodeToString(salt),
+		base64.RawStdEncoding.EncodeToString(hash),
+	), nil
+}
+
+func (a argon2ID) Verify(plain, hash string) (bool, error) {
+	if hash == "" {
+		return false, nil
+	}
+
+	hashParts := strings.Split(hash, "$")
+
+	if len(hashParts) != 6 {
+		return false, errors.New("invalid hash")
+	}
+
+	_, err := fmt.Sscanf(hashParts[3], "m=%d,t=%d,p=%d", &a.memory, &a.time, &a.threads)
+	if err != nil {
+		return false, err
+	}
+
+	salt, err := base64.RawStdEncoding.DecodeString(hashParts[4])
+	if err != nil {
+		return false, err
+	}
+
+	decodedHash, err := base64.RawStdEncoding.DecodeString(hashParts[5])
+	if err != nil {
+		return false, err
+	}
+
+	hashToCompare := argon2.IDKey([]byte(plain), salt, a.time, a.memory, a.threads, uint32(len(decodedHash)))
+
+	return subtle.ConstantTimeCompare(decodedHash, hashToCompare) == 1, nil
+}

internal/auth/auth.go

@@ -0,0 +1,18 @@
+package auth
+
+type AuthInfoProvider interface {
+	RequireLogin() (bool, error)
+	AllowGistsWithoutLogin() (bool, error)
+}
+
+func ShouldAllowUnauthenticatedGistAccess(prov AuthInfoProvider, isSingleGistAccess bool) (bool, error) {
+	require, err := prov.RequireLogin()
+	if err != nil {
+		return false, err
+	}
+	allow, err := prov.AllowGistsWithoutLogin()
+	if err != nil {
+		return false, err
+	}
+	return !require || (isSingleGistAccess && allow), nil
+}

internal/auth/oauth/gitea.go

@@ -0,0 +1,117 @@
+package oauth
+
+import (
+	gocontext "context"
+	gojson "encoding/json"
+	"github.com/markbates/goth"
+	"github.com/markbates/goth/gothic"
+	"github.com/markbates/goth/providers/gitea"
+	"github.com/rs/zerolog/log"
+	"github.com/thomiceli/opengist/internal/config"
+	"github.com/thomiceli/opengist/internal/db"
+	"github.com/thomiceli/opengist/internal/web/context"
+	"io"
+	"net/http"
+)
+
+type GiteaProvider struct {
+	Provider
+	URL string
+}
+
+func (p *GiteaProvider) RegisterProvider() error {
+	goth.UseProviders(
+		gitea.NewCustomisedURL(
+			config.C.GiteaClientKey,
+			config.C.GiteaSecret,
+			urlJoin(p.URL, "/oauth/gitea/callback"),
+			urlJoin(config.C.GiteaUrl, "/login/oauth/authorize"),
+			urlJoin(config.C.GiteaUrl, "/login/oauth/access_token"),
+			urlJoin(config.C.GiteaUrl, "/api/v1/user"),
+		),
+	)
+
+	return nil
+}
+
+func (p *GiteaProvider) BeginAuthHandler(ctx *context.Context) {
+	ctxValue := gocontext.WithValue(ctx.Request().Context(), gothic.ProviderParamKey, GiteaProviderString)
+	ctx.SetRequest(ctx.Request().WithContext(ctxValue))
+
+	gothic.BeginAuthHandler(ctx.Response(), ctx.Request())
+}
+
+func (p *GiteaProvider) UserHasProvider(user *db.User) bool {
+	return user.GiteaID != ""
+}
+
+func NewGiteaProvider(url string) *GiteaProvider {
+	return &GiteaProvider{
+		URL: url,
+	}
+}
+
+type GiteaCallbackProvider struct {
+	CallbackProvider
+	User *goth.User
+}
+
+func (p *GiteaCallbackProvider) GetProvider() string {
+	return GiteaProviderString
+}
+
+func (p *GiteaCallbackProvider) GetProviderUser() *goth.User {
+	return p.User
+}
+
+func (p *GiteaCallbackProvider) GetProviderUserID(user *db.User) bool {
+	return user.GiteaID != ""
+}
+
+func (p *GiteaCallbackProvider) GetProviderUserSSHKeys() ([]string, error) {
+	resp, err := http.Get(urlJoin(config.C.GiteaUrl, p.User.NickName+".keys"))
+	if err != nil {
+		return nil, err
+	}
+	defer resp.Body.Close()
+
+	return readKeys(resp)
+}
+
+func (p *GiteaCallbackProvider) UpdateUserDB(user *db.User) {
+	user.GiteaID = p.User.UserID
+
+	resp, err := http.Get(urlJoin(config.C.GiteaUrl, "/api/v1/users/", p.User.UserID))
+	if err != nil {
+		log.Error().Err(err).Msg("Cannot get user from Gitea")
+		return
+	}
+	defer resp.Body.Close()
+
+	body, err := io.ReadAll(resp.Body)
+	if err != nil {
+		log.Error().Err(err).Msg("Cannot read Gitea response body")
+		return
+	}
+
+	var result map[string]interface{}
+	err = gojson.Unmarshal(body, &result)
+	if err != nil {
+		log.Error().Err(err).Msg("Cannot unmarshal Gitea response body")
+		return
+	}
+
+	field, ok := result["avatar_url"]
+	if !ok {
+		log.Error().Msg("Field 'avatar_url' not found in Gitea JSON response")
+		return
+	}
+
+	user.AvatarURL = field.(string)
+}
+
+func NewGiteaCallbackProvider(user *goth.User) CallbackProvider {
+	return &GiteaCallbackProvider{
+		User: user,
+	}
+}

internal/auth/oauth/github.go

@@ -0,0 +1,84 @@
+package oauth
+
+import (
+	gocontext "context"
+	"github.com/markbates/goth"
+	"github.com/markbates/goth/gothic"
+	"github.com/markbates/goth/providers/github"
+	"github.com/thomiceli/opengist/internal/config"
+	"github.com/thomiceli/opengist/internal/db"
+	"github.com/thomiceli/opengist/internal/web/context"
+	"net/http"
+)
+
+type GitHubProvider struct {
+	Provider
+	URL string
+}
+
+func (p *GitHubProvider) RegisterProvider() error {
+	goth.UseProviders(
+		github.New(
+			config.C.GithubClientKey,
+			config.C.GithubSecret,
+			urlJoin(p.URL, "/oauth/github/callback"),
+		),
+	)
+
+	return nil
+}
+
+func (p *GitHubProvider) BeginAuthHandler(ctx *context.Context) {
+	ctxValue := gocontext.WithValue(ctx.Request().Context(), gothic.ProviderParamKey, GitHubProviderString)
+	ctx.SetRequest(ctx.Request().WithContext(ctxValue))
+
+	gothic.BeginAuthHandler(ctx.Response(), ctx.Request())
+}
+
+func (p *GitHubProvider) UserHasProvider(user *db.User) bool {
+	return user.GithubID != ""
+}
+
+func NewGitHubProvider(url string) *GitHubProvider {
+	return &GitHubProvider{
+		URL: url,
+	}
+}
+
+type GitHubCallbackProvider struct {
+	CallbackProvider
+	User *goth.User
+}
+
+func (p *GitHubCallbackProvider) GetProvider() string {
+	return GitHubProviderString
+}
+
+func (p *GitHubCallbackProvider) GetProviderUser() *goth.User {
+	return p.User
+}
+
+func (p *GitHubCallbackProvider) GetProviderUserID(user *db.User) bool {
+	return user.GithubID != ""
+}
+
+func (p *GitHubCallbackProvider) GetProviderUserSSHKeys() ([]string, error) {
+	resp, err := http.Get("https://github.com/" + p.User.NickName + ".keys")
+	if err != nil {
+		return nil, err
+	}
+	defer resp.Body.Close()
+
+	return readKeys(resp)
+}
+
+func (p *GitHubCallbackProvider) UpdateUserDB(user *db.User) {
+	user.GithubID = p.User.UserID
+	user.AvatarURL = "https://avatars.githubusercontent.com/u/" + p.User.UserID + "?v=4"
+}
+
+func NewGitHubCallbackProvider(user *goth.User) CallbackProvider {
+	return &GitHubCallbackProvider{
+		User: user,
+	}
+}

internal/auth/oauth/gitlab.go

@@ -0,0 +1,87 @@
+package oauth
+
+import (
+	gocontext "context"
+	"github.com/markbates/goth"
+	"github.com/markbates/goth/gothic"
+	"github.com/markbates/goth/providers/gitlab"
+	"github.com/thomiceli/opengist/internal/config"
+	"github.com/thomiceli/opengist/internal/db"
+	"github.com/thomiceli/opengist/internal/web/context"
+	"net/http"
+)
+
+type GitLabProvider struct {
+	Provider
+	URL string
+}
+
+func (p *GitLabProvider) RegisterProvider() error {
+	goth.UseProviders(
+		gitlab.NewCustomisedURL(
+			config.C.GitlabClientKey,
+			config.C.GitlabSecret,
+			urlJoin(p.URL, "/oauth/gitlab/callback"),
+			urlJoin(config.C.GitlabUrl, "/oauth/authorize"),
+			urlJoin(config.C.GitlabUrl, "/oauth/token"),
+			urlJoin(config.C.GitlabUrl, "/api/v4/user"),
+		),
+	)
+
+	return nil
+}
+
+func (p *GitLabProvider) BeginAuthHandler(ctx *context.Context) {
+	ctxValue := gocontext.WithValue(ctx.Request().Context(), gothic.ProviderParamKey, GitLabProviderString)
+	ctx.SetRequest(ctx.Request().WithContext(ctxValue))
+
+	gothic.BeginAuthHandler(ctx.Response(), ctx.Request())
+}
+
+func (p *GitLabProvider) UserHasProvider(user *db.User) bool {
+	return user.GitlabID != ""
+}
+
+func NewGitLabProvider(url string) *GitLabProvider {
+	return &GitLabProvider{
+		URL: url,
+	}
+}
+
+type GitLabCallbackProvider struct {
+	CallbackProvider
+	User *goth.User
+}
+
+func (p *GitLabCallbackProvider) GetProvider() string {
+	return GitLabProviderString
+}
+
+func (p *GitLabCallbackProvider) GetProviderUser() *goth.User {
+	return p.User
+}
+
+func (p *GitLabCallbackProvider) GetProviderUserID(user *db.User) bool {
+	return user.GitlabID != ""
+}
+
+func (p *GitLabCallbackProvider) GetProviderUserSSHKeys() ([]string, error) {
+	resp, err := http.Get(urlJoin(config.C.GitlabUrl, p.User.NickName+".keys"))
+	if err != nil {
+		return nil, err
+	}
+	defer resp.Body.Close()
+
+	return readKeys(resp)
+}
+
+func (p *GitLabCallbackProvider) UpdateUserDB(user *db.User) {
+	user.GitlabID = p.User.UserID
+	user.AvatarURL = urlJoin(config.C.GitlabUrl, "/uploads/-/system/user/avatar/", p.User.UserID, "/avatar.png") + "?width=400"
+}
+
+func NewGitLabCallbackProvider(user *goth.User) CallbackProvider {
+	return &GitLabCallbackProvider{
+		User: user,
+	}
+}

internal/auth/oauth/openid.go

@@ -0,0 +1,85 @@
+package oauth
+
+import (
+	gocontext "context"
+	"errors"
+	"github.com/markbates/goth"
+	"github.com/markbates/goth/gothic"
+	"github.com/markbates/goth/providers/openidConnect"
+	"github.com/thomiceli/opengist/internal/config"
+	"github.com/thomiceli/opengist/internal/db"
+	"github.com/thomiceli/opengist/internal/web/context"
+)
+
+type OIDCProvider struct {
+	Provider
+	URL string
+}
+
+func (p *OIDCProvider) RegisterProvider() error {
+	oidcProvider, err := openidConnect.New(
+		config.C.OIDCClientKey,
+		config.C.OIDCSecret,
+		urlJoin(p.URL, "/oauth/openid-connect/callback"),
+		config.C.OIDCDiscoveryUrl,
+		"openid",
+		"email",
+		"profile",
+	)
+
+	if err != nil {
+		return errors.New("Cannot create OIDC provider: " + err.Error())
+	}
+
+	goth.UseProviders(oidcProvider)
+	return nil
+}
+
+func (p *OIDCProvider) BeginAuthHandler(ctx *context.Context) {
+	ctxValue := gocontext.WithValue(ctx.Request().Context(), gothic.ProviderParamKey, OpenIDConnectString)
+	ctx.SetRequest(ctx.Request().WithContext(ctxValue))
+
+	gothic.BeginAuthHandler(ctx.Response(), ctx.Request())
+}
+
+func (p *OIDCProvider) UserHasProvider(user *db.User) bool {
+	return user.OIDCID != ""
+}
+
+func NewOIDCProvider(url string) *OIDCProvider {
+	return &OIDCProvider{
+		URL: url,
+	}
+}
+
+type OIDCCallbackProvider struct {
+	CallbackProvider
+	User *goth.User
+}
+
+func (p *OIDCCallbackProvider) GetProvider() string {
+	return OpenIDConnectString
+}
+
+func (p *OIDCCallbackProvider) GetProviderUser() *goth.User {
+	return p.User
+}
+
+func (p *OIDCCallbackProvider) GetProviderUserID(user *db.User) bool {
+	return user.OIDCID != ""
+}
+
+func (p *OIDCCallbackProvider) GetProviderUserSSHKeys() ([]string, error) {
+	return nil, nil
+}
+
+func (p *OIDCCallbackProvider) UpdateUserDB(user *db.User) {
+	user.OIDCID = p.User.UserID
+	user.AvatarURL = p.User.AvatarURL
+}
+
+func NewOIDCCallbackProvider(user *goth.User) CallbackProvider {
+	return &OIDCCallbackProvider{
+		User: user,
+	}
+}

internal/auth/oauth/provider.go

@@ -0,0 +1,93 @@
+package oauth
+
+import (
+	"fmt"
+	"github.com/markbates/goth"
+	"github.com/markbates/goth/gothic"
+	"github.com/rs/zerolog/log"
+	"github.com/thomiceli/opengist/internal/db"
+	"github.com/thomiceli/opengist/internal/web/context"
+	"io"
+	"net/http"
+	"net/url"
+	"strings"
+)
+
+const (
+	GitHubProviderString = "github"
+	GitLabProviderString = "gitlab"
+	GiteaProviderString  = "gitea"
+	OpenIDConnectString  = "openid-connect"
+)
+
+type Provider interface {
+	RegisterProvider() error
+	BeginAuthHandler(ctx *context.Context)
+	UserHasProvider(user *db.User) bool
+}
+
+type CallbackProvider interface {
+	GetProvider() string
+	GetProviderUser() *goth.User
+	GetProviderUserID(user *db.User) bool
+	GetProviderUserSSHKeys() ([]string, error)
+	UpdateUserDB(user *db.User)
+}
+
+func DefineProvider(provider string, url string) (Provider, error) {
+	switch provider {
+	case GitHubProviderString:
+		return NewGitHubProvider(url), nil
+	case GitLabProviderString:
+		return NewGitLabProvider(url), nil
+	case GiteaProviderString:
+		return NewGiteaProvider(url), nil
+	case OpenIDConnectString:
+		return NewOIDCProvider(url), nil
+	}
+
+	return nil, fmt.Errorf("unsupported provider %s", provider)
+}
+
+func CompleteUserAuth(ctx *context.Context) (CallbackProvider, error) {
+	user, err := gothic.CompleteUserAuth(ctx.Response(), ctx.Request())
+	if err != nil {
+		return nil, err
+	}
+
+	switch user.Provider {
+	case GitHubProviderString:
+		return NewGitHubCallbackProvider(&user), nil
+	case GitLabProviderString:
+		return NewGitLabCallbackProvider(&user), nil
+	case GiteaProviderString:
+		return NewGiteaCallbackProvider(&user), nil
+	case OpenIDConnectString:
+		return NewOIDCCallbackProvider(&user), nil
+	}
+
+	return nil, fmt.Errorf("unsupported provider %s", user.Provider)
+}
+
+func urlJoin(base string, elem ...string) string {
+	joined, err := url.JoinPath(base, elem...)
+	if err != nil {
+		log.Error().Err(err).Msg("Cannot join url")
+	}
+
+	return joined
+}
+
+func readKeys(response *http.Response) ([]string, error) {
+	body, err := io.ReadAll(response.Body)
+	if err != nil {
+		return nil, fmt.Errorf("could not get user keys %v", err)
+	}
+
+	keys := strings.Split(string(body), "\n")
+	if len(keys[len(keys)-1]) == 0 {
+		keys = keys[:len(keys)-1]
+	}
+
+	return keys, nil
+}

internal/auth/password/password.go

@@ -0,0 +1,11 @@
+package password
+
+import "github.com/thomiceli/opengist/internal/auth"
+
+func HashPassword(code string) (string, error) {
+	return auth.Argon2id.Hash(code)
+}
+
+func VerifyPassword(code, hashedCode string) (bool, error) {
+	return auth.Argon2id.Verify(code, hashedCode)
+}

internal/auth/totp/totp.go

@@ -0,0 +1,61 @@
+package totp
+
+import (
+	"bytes"
+	"crypto/rand"
+	"encoding/base64"
+	"github.com/pquerna/otp/totp"
+	"html/template"
+	"image/png"
+	"strings"
+)
+
+const secretSize = 16
+
+func GenerateQRCode(username, siteUrl string, secret []byte) (string, template.URL, error, []byte) {
+	var err error
+	if secret == nil {
+		secret, err = generateSecret()
+		if err != nil {
+			return "", "", err, nil
+		}
+	}
+
+	otpKey, err := totp.Generate(totp.GenerateOpts{
+		SecretSize:  secretSize,
+		Issuer:      "Opengist (" + strings.ReplaceAll(siteUrl, ":", "") + ")",
+		AccountName: username,
+		Secret:      secret,
+	})
+	if err != nil {
+		return "", "", err, nil
+	}
+
+	qrcode, err := otpKey.Image(320, 240)
+	if err != nil {
+		return "", "", err, nil
+	}
+
+	var imgBytes bytes.Buffer
+	if err = png.Encode(&imgBytes, qrcode); err != nil {
+		return "", "", err, nil
+	}
+
+	qrcodeImage := template.URL("data:image/png;base64," + base64.StdEncoding.EncodeToString(imgBytes.Bytes()))
+
+	return otpKey.Secret(), qrcodeImage, nil, secret
+}
+
+func Validate(passcode, secret string) bool {
+	return totp.Validate(passcode, secret)
+}
+
+func generateSecret() ([]byte, error) {
+	secret := make([]byte, secretSize)
+	_, err := rand.Reader.Read(secret)
+	if err != nil {
+		return nil, err
+	}
+
+	return secret, nil
+}

internal/auth/webauthn/user.go

@@ -0,0 +1,58 @@
+package webauthn
+
+import (
+	"encoding/binary"
+	"github.com/go-webauthn/webauthn/protocol"
+	"github.com/go-webauthn/webauthn/webauthn"
+	"github.com/thomiceli/opengist/internal/db"
+)
+
+type user struct {
+	*db.User
+}
+
+func (u *user) WebAuthnID() []byte {
+	return uintToBytes(u.ID)
+}
+
+func (u *user) WebAuthnName() string {
+	return u.Username
+}
+
+func (u *user) WebAuthnDisplayName() string {
+	return u.Username
+}
+
+func (u *user) WebAuthnCredentials() []webauthn.Credential {
+	dbCreds, err := db.GetAllWACredentialsForUser(u.ID)
+	if err != nil {
+		return nil
+	}
+
+	return dbCreds
+}
+
+func (u *user) Exclusions() []protocol.CredentialDescriptor {
+	creds := u.WebAuthnCredentials()
+	exclusions := make([]protocol.CredentialDescriptor, len(creds))
+	for i, cred := range creds {
+		exclusions[i] = cred.Descriptor()
+	}
+
+	return exclusions
+}
+
+func discoverUser(rawID []byte, _ []byte) (webauthn.User, error) {
+	ogUser, err := db.GetUserByCredentialID(rawID)
+	if err != nil {
+		return nil, err
+	}
+
+	return &user{User: ogUser}, nil
+}
+
+func uintToBytes(n uint) []byte {
+	b := make([]byte, 8)
+	binary.BigEndian.PutUint64(b, uint64(n))
+	return b
+}

internal/auth/webauthn/webauthn.go

@@ -0,0 +1,138 @@
+package webauthn
+
+import (
+	"encoding/json"
+	"github.com/go-webauthn/webauthn/protocol"
+	"github.com/go-webauthn/webauthn/webauthn"
+	"github.com/rs/zerolog/log"
+	"github.com/thomiceli/opengist/internal/config"
+	"github.com/thomiceli/opengist/internal/db"
+	"net/http"
+	"net/url"
+)
+
+var webAuthn *webauthn.WebAuthn
+
+func Init(urlStr string) error {
+	var rpid, rporigin string
+	var err error
+
+	if urlStr == "" {
+		log.Info().Msg("External URL is not set, passkeys RP ID and Origins will be set to localhost")
+		rpid = "localhost"
+		rporigin = "http://localhost" + ":" + config.C.HttpPort
+	} else {
+		urlStruct, err := url.Parse(urlStr)
+		if err != nil {
+			return err
+		}
+
+		rpid = urlStruct.Hostname()
+		rporigin, err = protocol.FullyQualifiedOrigin(urlStr)
+		if err != nil {
+			log.Error().Err(err).Msg("Failed to get fully qualified origin from external URL")
+		}
+	}
+
+	webAuthn, err = webauthn.New(&webauthn.Config{
+		RPDisplayName: "Opengist",
+		RPID:          rpid,
+		RPOrigins:     []string{rporigin},
+	})
+	return err
+}
+
+func BeginBinding(dbUser *db.User) (credCreation *protocol.CredentialCreation, jsonSession []byte, err error) {
+	waUser := &user{User: dbUser}
+	credCreation, session, err := webAuthn.BeginRegistration(waUser, webauthn.WithAuthenticatorSelection(
+		protocol.AuthenticatorSelection{
+			ResidentKey:      protocol.ResidentKeyRequirementRequired,
+			UserVerification: protocol.VerificationRequired,
+		},
+	), webauthn.WithAppIdExcludeExtension("Opengist"), webauthn.WithExclusions(waUser.Exclusions()))
+	if err != nil {
+		return nil, nil, err
+	}
+
+	jsonSession, _ = json.Marshal(session)
+	return
+}
+
+func FinishBinding(dbUser *db.User, jsonSession []byte, response *http.Request) (*webauthn.Credential, error) {
+	waUser := &user{User: dbUser}
+
+	var session webauthn.SessionData
+	_ = json.Unmarshal(jsonSession, &session)
+
+	return webAuthn.FinishRegistration(waUser, session, response)
+}
+
+func BeginDiscoverableLogin() (credCreation *protocol.CredentialAssertion, jsonSession []byte, err error) {
+	credCreation, session, err := webAuthn.BeginDiscoverableLogin(
+		webauthn.WithUserVerification(protocol.VerificationPreferred),
+	)
+
+	jsonSession, _ = json.Marshal(session)
+	return
+}
+
+func FinishDiscoverableLogin(jsonSession []byte, response *http.Request) (uint, error) {
+	var session webauthn.SessionData
+	_ = json.Unmarshal(jsonSession, &session)
+
+	parsedResponse, err := protocol.ParseCredentialRequestResponse(response)
+	if err != nil {
+		return 0, err
+	}
+
+	waUser, cred, err := webAuthn.ValidatePasskeyLogin(discoverUser, session, parsedResponse)
+	if err != nil {
+		return 0, err
+	}
+
+	dbCredential, err := db.GetCredentialByID(cred.ID)
+	if err != nil {
+		return 0, err
+	}
+	if err = dbCredential.UpdateSignCount(); err != nil {
+		return 0, err
+	}
+	if err = dbCredential.UpdateLastUsedAt(); err != nil {
+		return 0, err
+	}
+
+	return waUser.(*user).User.ID, nil
+}
+
+func BeginLogin(dbUser *db.User) (credCreation *protocol.CredentialAssertion, jsonSession []byte, err error) {
+	waUser := &user{User: dbUser}
+	credCreation, session, err := webAuthn.BeginLogin(waUser)
+
+	jsonSession, _ = json.Marshal(session)
+	return
+}
+
+func FinishLogin(dbUser *db.User, jsonSession []byte, response *http.Request) error {
+	waUser := &user{User: dbUser}
+
+	var session webauthn.SessionData
+	_ = json.Unmarshal(jsonSession, &session)
+
+	cred, err := webAuthn.FinishLogin(waUser, session, response)
+	if err != nil {
+		return err
+	}
+
+	dbCredential, err := db.GetCredentialByID(cred.ID)
+	if err != nil {
+		return err
+	}
+	if err = dbCredential.UpdateSignCount(); err != nil {
+		return err
+	}
+	if err = dbCredential.UpdateLastUsedAt(); err != nil {
+		return err
+	}
+
+	return err
+}

internal/cli/admin.go

@@ -0,0 +1,78 @@
+package cli
+
+import (
+	"fmt"
+	"github.com/thomiceli/opengist/internal/auth/password"
+	"github.com/thomiceli/opengist/internal/db"
+	"github.com/urfave/cli/v2"
+)
+
+var CmdAdmin = cli.Command{
+	Name:  "admin",
+	Usage: "Admin commands",
+	Subcommands: []*cli.Command{
+		&CmdAdminResetPassword,
+		&CmdAdminToggleAdmin,
+	},
+}
+
+var CmdAdminResetPassword = cli.Command{
+	Name:      "reset-password",
+	Usage:     "Reset the password for a given user",
+	ArgsUsage: "[username] [password]",
+	Action: func(ctx *cli.Context) error {
+		initialize(ctx)
+		if ctx.NArg() < 2 {
+			return fmt.Errorf("username and password are required")
+		}
+		username := ctx.Args().Get(0)
+		plainPassword := ctx.Args().Get(1)
+
+		user, err := db.GetUserByUsername(username)
+		if err != nil {
+			fmt.Printf("Cannot get user %s: %s\n", username, err)
+			return err
+		}
+		password, err := password.HashPassword(plainPassword)
+		if err != nil {
+			fmt.Printf("Cannot hash password for user %s: %s\n", username, err)
+			return err
+		}
+		user.Password = password
+
+		if err = user.Update(); err != nil {
+			fmt.Printf("Cannot update password for user %s: %s\n", username, err)
+			return err
+		}
+
+		fmt.Printf("Password for user %s has been reset.\n", username)
+		return nil
+	},
+}
+
+var CmdAdminToggleAdmin = cli.Command{
+	Name:      "toggle-admin",
+	Usage:     "Toggle the admin status for a given user",
+	ArgsUsage: "[username]",
+	Action: func(ctx *cli.Context) error {
+		initialize(ctx)
+		if ctx.NArg() < 1 {
+			return fmt.Errorf("username is required")
+		}
+		username := ctx.Args().Get(0)
+
+		user, err := db.GetUserByUsername(username)
+		if err != nil {
+			fmt.Printf("Cannot get user %s: %s\n", username, err)
+			return err
+		}
+
+		user.IsAdmin = !user.IsAdmin
+		if err = user.Update(); err != nil {
+			fmt.Printf("Cannot update user %s: %s\n", username, err)
+		}
+
+		fmt.Printf("User %s admin set to %t\n", username, user.IsAdmin)
+		return nil
+	},
+}

internal/cli/hook.go

@@ -0,0 +1,56 @@
+package cli
+
+import (
+	"github.com/rs/zerolog/log"
+	"github.com/thomiceli/opengist/internal/config"
+	"github.com/thomiceli/opengist/internal/db"
+	"github.com/thomiceli/opengist/internal/hooks"
+	"github.com/urfave/cli/v2"
+	"io"
+	"os"
+)
+
+var CmdHook = cli.Command{
+	Name:  "hook",
+	Usage: "Run Git server hooks, used and should only be called by Opengist itself",
+	Subcommands: []*cli.Command{
+		&CmdHookPreReceive,
+		&CmdHookPostReceive,
+	},
+}
+
+var CmdHookPreReceive = cli.Command{
+	Name:  "pre-receive",
+	Usage: "Run Git server pre-receive hook for a repository",
+	Action: func(ctx *cli.Context) error {
+		initialize(ctx)
+		if err := hooks.PreReceive(os.Stdin, os.Stdout, os.Stderr); err != nil {
+			os.Exit(1)
+		}
+		return nil
+	},
+}
+
+var CmdHookPostReceive = cli.Command{
+	Name:  "post-receive",
+	Usage: "Run Git server post-receive hook for a repository",
+	Action: func(ctx *cli.Context) error {
+		initialize(ctx)
+		if err := hooks.PostReceive(os.Stdin, os.Stdout, os.Stderr); err != nil {
+			os.Exit(1)
+		}
+		return nil
+	},
+}
+
+func initialize(ctx *cli.Context) {
+	if err := config.InitConfig(ctx.String("config"), io.Discard); err != nil {
+		panic(err)
+	}
+	config.InitLog()
+
+	db.DeprecationDBFilename()
+	if err := db.Setup(config.C.DBUri); err != nil {
+		log.Fatal().Err(err).Msg("Failed to initialize database in hooks")
+	}
+}

internal/cli/main.go

@@ -0,0 +1,184 @@
+package cli
+
+import (
+	"fmt"
+	"github.com/rs/zerolog/log"
+	"github.com/thomiceli/opengist/internal/auth/webauthn"
+	"github.com/thomiceli/opengist/internal/config"
+	"github.com/thomiceli/opengist/internal/db"
+	"github.com/thomiceli/opengist/internal/git"
+	"github.com/thomiceli/opengist/internal/index"
+	"github.com/thomiceli/opengist/internal/ssh"
+	"github.com/thomiceli/opengist/internal/web/server"
+	"github.com/urfave/cli/v2"
+	"os"
+	"os/signal"
+	"path"
+	"path/filepath"
+	"syscall"
+)
+
+var CmdVersion = cli.Command{
+	Name:  "version",
+	Usage: "Print the version of Opengist",
+	Action: func(c *cli.Context) error {
+		fmt.Println("Opengist " + config.OpengistVersion)
+		return nil
+	},
+}
+
+var CmdStart = cli.Command{
+	Name:  "start",
+	Usage: "Start Opengist server",
+	Action: func(ctx *cli.Context) error {
+		stopCtx, stop := signal.NotifyContext(ctx.Context, syscall.SIGINT, syscall.SIGTERM)
+		defer stop()
+
+		Initialize(ctx)
+
+		go server.NewServer(os.Getenv("OG_DEV") == "1", path.Join(config.GetHomeDir(), "sessions"), false).Start()
+		go ssh.Start()
+
+		<-stopCtx.Done()
+		shutdown()
+		return nil
+	},
+}
+
+var ConfigFlag = cli.StringFlag{
+	Name:    "config",
+	Aliases: []string{"c"},
+	Usage:   "Path to a config file in YAML format",
+}
+
+func App() error {
+	app := cli.NewApp()
+	app.Name = "Opengist"
+	app.Usage = "A self-hosted pastebin powered by Git."
+	app.HelpName = "opengist"
+
+	app.Commands = []*cli.Command{&CmdVersion, &CmdStart, &CmdHook, &CmdAdmin}
+	app.DefaultCommand = CmdStart.Name
+	app.Flags = []cli.Flag{
+		&ConfigFlag,
+	}
+	return app.Run(os.Args)
+}
+
+func Initialize(ctx *cli.Context) {
+	fmt.Println("Opengist " + config.OpengistVersion)
+
+	if err := config.InitConfig(ctx.String("config"), os.Stdout); err != nil {
+		panic(err)
+	}
+	if err := os.MkdirAll(filepath.Join(config.GetHomeDir()), 0755); err != nil {
+		panic(err)
+	}
+
+	config.SetupSecretKey()
+
+	config.InitLog()
+
+	gitVersion, err := git.GetGitVersion()
+	if err != nil {
+		log.Fatal().Err(err).Send()
+	}
+
+	if ok, err := config.CheckGitVersion(gitVersion); err != nil {
+		log.Fatal().Err(err).Send()
+	} else if !ok {
+		log.Warn().Msg("Git version may be too old, as Opengist has not been tested prior git version 2.28 and some features would not work. " +
+			"Current git version: " + gitVersion)
+	}
+
+	homePath := config.GetHomeDir()
+	log.Info().Msg("Data directory: " + homePath)
+
+	if err := git.InitGitConfig(); err != nil {
+		log.Warn().Err(err).Msgf("Failed to change the host's git global config, ensure to add to `safe.directory` the path %s, and `receive.advertisePushOptions` is set to true.", homePath)
+	}
+
+	if err := createSymlink(homePath, ctx.String("config")); err != nil {
+		log.Fatal().Err(err).Msg("Failed to create symlinks")
+	}
+
+	if err := os.MkdirAll(filepath.Join(homePath, "sessions"), 0755); err != nil {
+		log.Fatal().Err(err).Send()
+	}
+	if err := os.MkdirAll(filepath.Join(homePath, "repos"), 0755); err != nil {
+		log.Fatal().Err(err).Send()
+	}
+	if err := os.MkdirAll(filepath.Join(homePath, "tmp", "repos"), 0755); err != nil {
+		log.Fatal().Err(err).Send()
+	}
+	if err := os.MkdirAll(filepath.Join(homePath, "custom"), 0755); err != nil {
+		log.Fatal().Err(err).Send()
+	}
+
+	db.DeprecationDBFilename()
+	if err := db.Setup(config.C.DBUri); err != nil {
+		log.Fatal().Err(err).Msg("Failed to initialize database")
+	}
+
+	if err := webauthn.Init(config.C.ExternalUrl); err != nil {
+		log.Error().Err(err).Msg("Failed to initialize WebAuthn")
+	}
+
+	if config.C.IndexEnabled {
+		log.Info().Msg("Index directory: " + filepath.Join(homePath, config.C.IndexDirname))
+		index.Init(filepath.Join(homePath, config.C.IndexDirname))
+	}
+}
+
+func shutdown() {
+	log.Info().Msg("Shutting down database...")
+	if err := db.Close(); err != nil {
+		log.Error().Err(err).Msg("Failed to close database")
+	}
+
+	if config.C.IndexEnabled {
+		log.Info().Msg("Shutting down index...")
+		index.Close()
+	}
+
+	log.Info().Msg("Shutdown complete")
+}
+
+func createSymlink(homePath string, configPath string) error {
+	if err := os.MkdirAll(filepath.Join(homePath, "symlinks"), 0755); err != nil {
+		return err
+	}
+
+	exePath, err := os.Executable()
+	if err != nil {
+		return err
+	}
+
+	symlinkExePath := path.Join(config.GetHomeDir(), "symlinks", "opengist")
+	if _, err := os.Lstat(symlinkExePath); err == nil {
+		if err := os.Remove(symlinkExePath); err != nil {
+			return err
+		}
+	}
+	if err = os.Symlink(exePath, symlinkExePath); err != nil {
+		return err
+	}
+
+	if configPath == "" {
+		return nil
+	}
+
+	configPath, _ = filepath.Abs(configPath)
+	configPath = filepath.Clean(configPath)
+	symlinkConfigPath := path.Join(config.GetHomeDir(), "symlinks", "config.yml")
+	if _, err := os.Lstat(symlinkConfigPath); err == nil {
+		if err := os.Remove(symlinkConfigPath); err != nil {
+			return err
+		}
+	}
+	if err = os.Symlink(configPath, symlinkConfigPath); err != nil {
+		return err
+	}
+
+	return nil
+}

internal/config/config.go

@@ -2,109 +2,154 @@ package config
 
 import (
 	"fmt"
+	"github.com/thomiceli/opengist/internal/session"
+	"io"
+	"net/url"
+	"os"
+	"path/filepath"
+	"reflect"
+	"slices"
+	"strconv"
+	"strings"
+	"time"
+
 	"github.com/rs/zerolog"
 	"github.com/rs/zerolog/log"
 	"gopkg.in/yaml.v3"
-	"os"
-	"path/filepath"
-	"strconv"
-	"strings"
 )
 
-var OpengistVersion = "1.0.1"
+var OpengistVersion = ""
 
 var C *config
 
+var SecretKey []byte
+
 // Not using nested structs because the library
 // doesn't support dot notation in this case sadly
 type config struct {
-	LogLevel      string `yaml:"log-level"`
-	ExternalUrl   string `yaml:"external-url"`
-	DisableSignup bool   `yaml:"disable-signup"`
-	OpengistHome  string `yaml:"opengist-home"`
-	DBFilename    string `yaml:"db-filename"`
+	SecretKey string `yaml:"secret-key" env:"OG_SECRET_KEY"`
 
-	HttpHost       string `yaml:"http.host"`
-	HttpPort       string `yaml:"http.port"`
-	HttpGit        bool   `yaml:"http.git-enabled"`
-	HttpTLSEnabled bool   `yaml:"http.tls-enabled"`
-	HttpCertFile   string `yaml:"http.cert-file"`
-	HttpKeyFile    string `yaml:"http.key-file"`
+	LogLevel     string `yaml:"log-level" env:"OG_LOG_LEVEL"`
+	LogOutput    string `yaml:"log-output" env:"OG_LOG_OUTPUT"`
+	ExternalUrl  string `yaml:"external-url" env:"OG_EXTERNAL_URL"`
+	OpengistHome string `yaml:"opengist-home" env:"OG_OPENGIST_HOME"`
 
-	SshGit            bool   `yaml:"ssh.git-enabled"`
-	SshHost           string `yaml:"ssh.host"`
-	SshPort           string `yaml:"ssh.port"`
-	SshExternalDomain string `yaml:"ssh.external-domain"`
-	SshKeygen         string `yaml:"ssh.keygen-executable"`
+	DBUri      string `yaml:"db-uri" env:"OG_DB_URI"`
+	DBFilename string `yaml:"db-filename" env:"OG_DB_FILENAME"` // deprecated
+
+	IndexEnabled bool   `yaml:"index.enabled" env:"OG_INDEX_ENABLED"`
+	IndexDirname string `yaml:"index.dirname" env:"OG_INDEX_DIRNAME"`
+
+	GitDefaultBranch string `yaml:"git.default-branch" env:"OG_GIT_DEFAULT_BRANCH"`
+
+	SqliteJournalMode string `yaml:"sqlite.journal-mode" env:"OG_SQLITE_JOURNAL_MODE"`
+
+	HttpHost string `yaml:"http.host" env:"OG_HTTP_HOST"`
+	HttpPort string `yaml:"http.port" env:"OG_HTTP_PORT"`
+	HttpGit  bool   `yaml:"http.git-enabled" env:"OG_HTTP_GIT_ENABLED"`
+
+	SshGit            bool   `yaml:"ssh.git-enabled" env:"OG_SSH_GIT_ENABLED"`
+	SshHost           string `yaml:"ssh.host" env:"OG_SSH_HOST"`
+	SshPort           string `yaml:"ssh.port" env:"OG_SSH_PORT"`
+	SshExternalDomain string `yaml:"ssh.external-domain" env:"OG_SSH_EXTERNAL_DOMAIN"`
+	SshKeygen         string `yaml:"ssh.keygen-executable" env:"OG_SSH_KEYGEN_EXECUTABLE"`
+
+	GithubClientKey string `yaml:"github.client-key" env:"OG_GITHUB_CLIENT_KEY"`
+	GithubSecret    string `yaml:"github.secret" env:"OG_GITHUB_SECRET"`
+
+	GitlabClientKey string `yaml:"gitlab.client-key" env:"OG_GITLAB_CLIENT_KEY"`
+	GitlabSecret    string `yaml:"gitlab.secret" env:"OG_GITLAB_SECRET"`
+	GitlabUrl       string `yaml:"gitlab.url" env:"OG_GITLAB_URL"`
+	GitlabName      string `yaml:"gitlab.name" env:"OG_GITLAB_NAME"`
+
+	GiteaClientKey string `yaml:"gitea.client-key" env:"OG_GITEA_CLIENT_KEY"`
+	GiteaSecret    string `yaml:"gitea.secret" env:"OG_GITEA_SECRET"`
+	GiteaUrl       string `yaml:"gitea.url" env:"OG_GITEA_URL"`
+	GiteaName      string `yaml:"gitea.name" env:"OG_GITEA_NAME"`
+
+	OIDCClientKey    string `yaml:"oidc.client-key" env:"OG_OIDC_CLIENT_KEY"`
+	OIDCSecret       string `yaml:"oidc.secret" env:"OG_OIDC_SECRET"`
+	OIDCDiscoveryUrl string `yaml:"oidc.discovery-url" env:"OG_OIDC_DISCOVERY_URL"`
+
+	CustomName    string       `yaml:"custom.name" env:"OG_CUSTOM_NAME"`
+	CustomLogo    string       `yaml:"custom.logo" env:"OG_CUSTOM_LOGO"`
+	CustomFavicon string       `yaml:"custom.favicon" env:"OG_CUSTOM_FAVICON"`
+	StaticLinks   []StaticLink `yaml:"custom.static-links" env:"OG_CUSTOM_STATIC_LINK"`
+}
+
+type StaticLink struct {
+	Name string `yaml:"name" env:"OG_CUSTOM_STATIC_LINK_#_NAME"`
+	Path string `yaml:"path" env:"OG_CUSTOM_STATIC_LINK_#_PATH"`
 }
 
 func configWithDefaults() (*config, error) {
-	homeDir, err := os.UserHomeDir()
 	c := &config{}
-	if err != nil {
-		return c, err
-	}
+
+	c.SecretKey = ""
 
 	c.LogLevel = "warn"
-	c.DisableSignup = false
-	c.OpengistHome = filepath.Join(homeDir, ".opengist")
-	c.DBFilename = "opengist.db"
+	c.LogOutput = "stdout,file"
+	c.OpengistHome = ""
+	c.DBUri = "opengist.db"
+	c.IndexEnabled = true
+	c.IndexDirname = "opengist.index"
+
+	c.SqliteJournalMode = "WAL"
 
 	c.HttpHost = "0.0.0.0"
 	c.HttpPort = "6157"
 	c.HttpGit = true
-	c.HttpTLSEnabled = false
 
 	c.SshGit = true
 	c.SshHost = "0.0.0.0"
 	c.SshPort = "2222"
 	c.SshKeygen = "ssh-keygen"
 
+	c.GitlabName = "GitLab"
+
+	c.GiteaUrl = "https://gitea.com"
+	c.GiteaName = "Gitea"
+
 	return c, nil
 }
 
-func InitConfig(configPath string) error {
+func InitConfig(configPath string, out io.Writer) error {
 	// Default values
 	c, err := configWithDefaults()
 	if err != nil {
 		return err
 	}
 
-	if configPath != "" {
-		absolutePath, _ := filepath.Abs(configPath)
-		absolutePath = filepath.Clean(absolutePath)
-		file, err := os.Open(absolutePath)
-		if err != nil {
-			if !os.IsNotExist(err) {
-				return err
-			}
-			fmt.Println("No YML config file found at " + absolutePath)
-		} else {
-			fmt.Println("Using config file: " + absolutePath)
-
-			// Override default values with values from config.yml
-			d := yaml.NewDecoder(file)
-			if err = d.Decode(&c); err != nil {
-				return err
-			}
-			defer file.Close()
-		}
-	} else {
-		fmt.Println("No config file specified. Using default values.")
+	if err = loadConfigFromYaml(c, configPath, out); err != nil {
+		return err
 	}
 
-	// Override default values with environment variables (as yaml)
-	configEnv := os.Getenv("CONFIG")
-	if configEnv != "" {
-		fmt.Println("Using config from environment variable: CONFIG")
-		d := yaml.NewDecoder(strings.NewReader(configEnv))
-		if err = d.Decode(&c); err != nil {
-			return err
+	if err = loadConfigFromEnv(c, out); err != nil {
+		return err
+	}
+
+	if c.OpengistHome == "" {
+		homeDir, err := os.UserHomeDir()
+		if err != nil {
+			return fmt.Errorf("opengist home directory is not set and current user home directory could not be determined; please specify the opengist home directory manually via the configuration")
 		}
+
+		c.OpengistHome = filepath.Join(homeDir, ".opengist")
+	}
+
+	if err = checks(c); err != nil {
+		return err
 	}
 
 	C = c
 
+	if err = migrateConfig(); err != nil {
+		return err
+	}
+
+	if err = os.Setenv("OG_OPENGIST_HOME_INTERNAL", GetHomeDir()); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -112,22 +157,62 @@ func InitLog() {
 	if err := os.MkdirAll(filepath.Join(GetHomeDir(), "log"), 0755); err != nil {
 		panic(err)
 	}
-	file, err := os.OpenFile(filepath.Join(GetHomeDir(), "log", "opengist.log"), os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644)
-	if err != nil {
-		panic(err)
-	}
 
 	var level zerolog.Level
-	level, err = zerolog.ParseLevel(C.LogLevel)
+	level, err := zerolog.ParseLevel(C.LogLevel)
 	if err != nil {
 		level = zerolog.InfoLevel
 	}
 
-	if os.Getenv("DEV") == "1" {
-		multi := zerolog.MultiLevelWriter(zerolog.NewConsoleWriter(), file)
-		log.Logger = zerolog.New(multi).Level(level).With().Timestamp().Logger()
-	} else {
-		log.Logger = zerolog.New(file).Level(level).With().Timestamp().Logger()
+	var logWriters []io.Writer
+	logOutputTypes := strings.Split(strings.ToLower(C.LogOutput), ",")
+	slices.Sort(logOutputTypes)
+	logOutputTypes = slices.Compact(logOutputTypes)
+
+	consoleWriter := zerolog.NewConsoleWriter(
+		func(w *zerolog.ConsoleWriter) {
+			w.TimeFormat = time.TimeOnly
+			w.FormatCaller = func(i interface{}) string {
+				file := i.(string)
+				index := strings.Index(file, "internal")
+				if index == -1 {
+					return file
+				}
+				return file[index:]
+			}
+		},
+	)
+
+	for _, logOutputType := range logOutputTypes {
+		logOutputType = strings.TrimSpace(logOutputType)
+		if !slices.Contains([]string{"stdout", "file"}, logOutputType) {
+			defer func() { log.Warn().Msg("Invalid log output type: " + logOutputType) }()
+			continue
+		}
+
+		switch logOutputType {
+		case "stdout":
+			logWriters = append(logWriters, consoleWriter)
+			defer func() { log.Debug().Msg("Logging to stdout") }()
+		case "file":
+			file, err := os.OpenFile(filepath.Join(GetHomeDir(), "log", "opengist.log"), os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644)
+			if err != nil {
+				panic(err)
+			}
+			logWriters = append(logWriters, file)
+			defer func() { log.Debug().Msg("Logging to file: " + file.Name()) }()
+		}
+	}
+	if len(logWriters) == 0 {
+		logWriters = append(logWriters, consoleWriter)
+		defer func() { log.Warn().Msg("No valid log outputs, defaulting to stdout") }()
+	}
+
+	multi := zerolog.MultiLevelWriter(logWriters...)
+	log.Logger = zerolog.New(multi).Level(level).With().Caller().Timestamp().Logger()
+
+	if !slices.Contains([]string{"debug", "info", "warn", "error", "fatal"}, strings.ToLower(C.LogLevel)) {
+		log.Warn().Msg("Invalid log level: " + C.LogLevel)
 	}
 }
 
@@ -145,8 +230,8 @@ func CheckGitVersion(version string) (bool, error) {
 		return false, fmt.Errorf("invalid minor version number")
 	}
 
-	// Check if version is prior to 2.20
-	if major < 2 || (major == 2 && minor < 20) {
+	// Check if version is prior to 2.28
+	if major < 2 || (major == 2 && minor < 28) {
 		return false, nil
 	}
 	return true, nil
@@ -156,3 +241,135 @@ func GetHomeDir() string {
 	absolutePath, _ := filepath.Abs(C.OpengistHome)
 	return filepath.Clean(absolutePath)
 }
+
+func SetupSecretKey() {
+	if C.SecretKey == "" {
+		path := filepath.Join(GetHomeDir(), "opengist-secret.key")
+		SecretKey, _ = session.GenerateSecretKey(path)
+	} else {
+		SecretKey = []byte(C.SecretKey)
+	}
+}
+
+func loadConfigFromYaml(c *config, configPath string, out io.Writer) error {
+	if configPath != "" {
+		absolutePath, _ := filepath.Abs(configPath)
+		absolutePath = filepath.Clean(absolutePath)
+		file, err := os.Open(absolutePath)
+		if err != nil {
+			if !os.IsNotExist(err) {
+				return err
+			}
+			_, _ = fmt.Fprintln(out, "No YAML config file found at "+absolutePath)
+		} else {
+			_, _ = fmt.Fprintln(out, "Using YAML config file: "+absolutePath)
+
+			// Override default values with values from config.yml
+			d := yaml.NewDecoder(file)
+			if err = d.Decode(&c); err != nil {
+				return err
+			}
+			defer file.Close()
+		}
+	} else {
+		_, _ = fmt.Fprintln(out, "No YAML config file specified.")
+	}
+
+	return nil
+}
+
+func loadConfigFromEnv(c *config, out io.Writer) error {
+	v := reflect.ValueOf(c).Elem()
+	var envVars []string
+
+	for i := 0; i < v.NumField(); i++ {
+		tag := v.Type().Field(i).Tag.Get("env")
+
+		if tag == "" {
+			continue
+		}
+
+		envValue := os.Getenv(strings.ToUpper(tag))
+		if envValue == "" && v.Field(i).Kind() != reflect.Slice {
+			continue
+		}
+
+		switch v.Field(i).Kind() {
+		case reflect.String:
+			v.Field(i).SetString(envValue)
+			envVars = append(envVars, tag)
+		case reflect.Bool:
+			boolVal, err := strconv.ParseBool(envValue)
+			if err != nil {
+				return err
+			}
+			v.Field(i).SetBool(boolVal)
+			envVars = append(envVars, tag)
+		case reflect.Slice:
+			if v.Type().Field(i).Type.Elem().Kind() == reflect.Struct {
+				prefix := strings.ToUpper(tag) + "_"
+				var sliceValue reflect.Value
+				elemType := v.Type().Field(i).Type.Elem()
+
+				for index := 0; ; index++ {
+					allFieldsPresent := true
+					elemValue := reflect.New(elemType).Elem()
+
+					for j := 0; j < elemValue.NumField() && allFieldsPresent; j++ {
+						elemField := elemValue.Type().Field(j)
+						envName := fmt.Sprintf("%s%d_%s", prefix, index, strings.ToUpper(elemField.Name))
+						envValue, present := os.LookupEnv(envName)
+
+						if !present {
+							allFieldsPresent = false
+							break
+						}
+
+						envVars = append(envVars, envName)
+						elemValue.Field(j).SetString(envValue)
+					}
+
+					if !allFieldsPresent {
+						break
+					}
+
+					if sliceValue.Kind() != reflect.Slice {
+						sliceValue = reflect.MakeSlice(v.Type().Field(i).Type, 0, index+1)
+					}
+					sliceValue = reflect.Append(sliceValue, elemValue)
+				}
+
+				if sliceValue.IsValid() {
+					v.Field(i).Set(sliceValue)
+				}
+			}
+		default:
+			return fmt.Errorf("unsupported type: %s", v.Field(i).Kind())
+		}
+
+	}
+
+	if len(envVars) > 0 {
+		_, _ = fmt.Fprintln(out, "Using environment variables config: "+strings.Join(envVars, ", "))
+	} else {
+		_, _ = fmt.Fprintln(out, "No environment variables config specified.")
+	}
+
+	return nil
+}
+
+func checks(c *config) error {
+	if _, err := url.Parse(c.ExternalUrl); err != nil {
+		return err
+	}
+
+	if _, err := url.Parse(c.GiteaUrl); err != nil {
+		return err
+	}
+
+	if _, err := url.Parse(c.OIDCDiscoveryUrl); err != nil {
+		return err
+	}
+
+	return nil
+}

internal/config/migrate.go

@@ -0,0 +1,42 @@
+package config
+
+import (
+	"fmt"
+	"os"
+	"path/filepath"
+)
+
+// auto migration for newer versions of Opengist
+func migrateConfig() error {
+	configMigrations := []struct {
+		Version string
+		Func    func() error
+	}{
+		{"1.8.0", v1_8_0},
+	}
+
+	for _, fn := range configMigrations {
+		err := fn.Func()
+		if err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+func v1_8_0() error {
+	homeDir := GetHomeDir()
+	moveFile(filepath.Join(filepath.Join(homeDir, "sessions"), "session-auth.key"), filepath.Join(homeDir, "opengist-secret.key"))
+	return nil
+}
+
+func moveFile(oldPath, newPath string) {
+	if _, err := os.Stat(oldPath); err != nil {
+		return
+	}
+
+	if err := os.Rename(oldPath, newPath); err == nil {
+		fmt.Printf("Automatically moved %s to %s\n", oldPath, newPath)
+	}
+}

internal/db/admin_setting.go

@@ -0,0 +1,89 @@
+package db
+
+import (
+	"gorm.io/gorm/clause"
+)
+
+type AdminSetting struct {
+	Key   string `gorm:"index:,unique"`
+	Value string
+}
+
+const (
+	SettingDisableSignup          = "disable-signup"
+	SettingRequireLogin           = "require-login"
+	SettingAllowGistsWithoutLogin = "allow-gists-without-login"
+	SettingDisableLoginForm       = "disable-login-form"
+	SettingDisableGravatar        = "disable-gravatar"
+)
+
+func GetSetting(key string) (string, error) {
+	var setting AdminSetting
+	var err error
+	switch db.Dialector.Name() {
+	case "mysql", "sqlite":
+		err = db.Where("`key` = ?", key).First(&setting).Error
+	case "postgres":
+		err = db.Where("key = ?", key).First(&setting).Error
+	}
+	return setting.Value, err
+}
+
+func GetSettings() (map[string]string, error) {
+	var settings []AdminSetting
+	err := db.Find(&settings).Error
+	if err != nil {
+		return nil, err
+	}
+
+	result := make(map[string]string)
+	for _, setting := range settings {
+		result[setting.Key] = setting.Value
+	}
+
+	return result, nil
+}
+
+func UpdateSetting(key string, value string) error {
+	return db.Clauses(clause.OnConflict{
+		Columns:   []clause.Column{{Name: "key"}}, // key column
+		DoUpdates: clause.AssignmentColumns([]string{"value"}),
+	}).Create(&AdminSetting{
+		Key:   key,
+		Value: value,
+	}).Error
+}
+
+func setSetting(key string, value string) error {
+	return db.FirstOrCreate(&AdminSetting{Key: key, Value: value}, &AdminSetting{Key: key}).Error
+}
+
+func initAdminSettings(settings map[string]string) error {
+	for key, value := range settings {
+		if err := setSetting(key, value); err != nil {
+			if !IsUniqueConstraintViolation(err) {
+				return err
+			}
+		}
+	}
+
+	return nil
+}
+
+type AuthInfo struct{}
+
+func (auth AuthInfo) RequireLogin() (bool, error) {
+	s, err := GetSetting(SettingRequireLogin)
+	if err != nil {
+		return true, err
+	}
+	return s == "1", nil
+}
+
+func (auth AuthInfo) AllowGistsWithoutLogin() (bool, error) {
+	s, err := GetSetting(SettingAllowGistsWithoutLogin)
+	if err != nil {
+		return false, err
+	}
+	return s == "1", nil
+}

internal/db/db.go

@@ -0,0 +1,262 @@
+package db
+
+import (
+	"errors"
+	"fmt"
+	"github.com/glebarez/sqlite"
+	"gorm.io/driver/mysql"
+	"gorm.io/driver/postgres"
+	"gorm.io/gorm/logger"
+	"net/url"
+	"path/filepath"
+	"slices"
+	"strings"
+	"time"
+
+	"github.com/rs/zerolog/log"
+	"github.com/thomiceli/opengist/internal/config"
+	"gorm.io/gorm"
+)
+
+var db *gorm.DB
+
+const (
+	SQLite databaseType = iota
+	PostgreSQL
+	MySQL
+)
+
+type databaseType int
+
+func (d databaseType) String() string {
+	return [...]string{"SQLite", "PostgreSQL", "MySQL"}[d]
+}
+
+type databaseInfo struct {
+	Type     databaseType
+	Host     string
+	Port     string
+	User     string
+	Password string
+	Database string
+}
+
+var DatabaseInfo *databaseInfo
+
+func parseDBURI(uri string) (*databaseInfo, error) {
+	info := &databaseInfo{}
+
+	if uri == ":memory:" {
+		info.Type = SQLite
+		info.Database = uri
+		return info, nil
+	}
+
+	u, err := url.Parse(uri)
+	if err != nil {
+		return nil, fmt.Errorf("invalid URI: %v", err)
+	}
+
+	if u.Scheme == "" {
+		info.Type = SQLite
+		info.Database = filepath.Join(config.GetHomeDir(), uri)
+		return info, nil
+	}
+
+	switch u.Scheme {
+	case "postgres", "postgresql":
+		info.Type = PostgreSQL
+	case "mysql", "mariadb":
+		info.Type = MySQL
+	case "file":
+		info.Type = SQLite
+	default:
+		return nil, fmt.Errorf("unknown database: %v", err)
+	}
+
+	if u.Host != "" {
+		host, port, _ := strings.Cut(u.Host, ":")
+		info.Host = host
+		info.Port = port
+	}
+
+	if u.User != nil {
+		info.User = u.User.Username()
+		info.Password, _ = u.User.Password()
+	}
+
+	switch info.Type {
+	case PostgreSQL, MySQL:
+		info.Database = strings.TrimPrefix(u.Path, "/")
+	case SQLite:
+		info.Database = u.String()
+	default:
+		return nil, fmt.Errorf("unknown database: %v", err)
+	}
+
+	return info, nil
+}
+
+func Setup(dbUri string) error {
+	dbInfo, err := parseDBURI(dbUri)
+	if err != nil {
+		return err
+	}
+
+	log.Info().Msgf("Setting up a %s database connection", dbInfo.Type)
+	var setupFunc func(databaseInfo) error
+	switch dbInfo.Type {
+	case SQLite:
+		setupFunc = setupSQLite
+	case PostgreSQL:
+		setupFunc = setupPostgres
+	case MySQL:
+		setupFunc = setupMySQL
+	default:
+		return fmt.Errorf("unknown database type: %v", dbInfo.Type)
+	}
+
+	maxAttempts := 60
+	retryInterval := 1 * time.Second
+
+	for attempt := 1; attempt <= maxAttempts; attempt++ {
+		err = setupFunc(*dbInfo)
+		if err == nil {
+			log.Info().Msg("Database connection established")
+			break
+		}
+
+		if attempt < maxAttempts {
+			log.Warn().Err(err).Msgf("Failed to connect to database (attempt %d), retrying in %v...", attempt, retryInterval)
+			time.Sleep(retryInterval)
+		} else {
+			return err
+		}
+	}
+
+	DatabaseInfo = dbInfo
+
+	if err = db.SetupJoinTable(&Gist{}, "Likes", &Like{}); err != nil {
+		return err
+	}
+
+	if err = db.SetupJoinTable(&User{}, "Liked", &Like{}); err != nil {
+		return err
+	}
+
+	if err = db.AutoMigrate(&User{}, &Gist{}, &SSHKey{}, &AdminSetting{}, &Invitation{}, &WebAuthnCredential{}, &TOTP{}, &GistTopic{}, &GistLanguage{}); err != nil {
+		return err
+	}
+
+	if err = applyMigrations(dbInfo); err != nil {
+		return err
+	}
+
+	// Default admin setting values
+	return initAdminSettings(map[string]string{
+		SettingDisableSignup:          "0",
+		SettingRequireLogin:           "0",
+		SettingAllowGistsWithoutLogin: "0",
+		SettingDisableLoginForm:       "0",
+		SettingDisableGravatar:        "0",
+	})
+}
+
+func Close() error {
+	sqlDB, err := db.DB()
+	if err != nil {
+		return err
+	}
+	return sqlDB.Close()
+}
+
+func CountAll(table interface{}) (int64, error) {
+	var count int64
+	err := db.Model(table).Count(&count).Error
+	return count, err
+}
+
+func IsUniqueConstraintViolation(err error) bool {
+	return errors.Is(err, gorm.ErrDuplicatedKey)
+}
+
+func Ping() error {
+	sql, err := db.DB()
+	if err != nil {
+		return err
+	}
+
+	return sql.Ping()
+}
+
+func setupSQLite(dbInfo databaseInfo) error {
+	var err error
+	var dsn string
+	journalMode := strings.ToUpper(config.C.SqliteJournalMode)
+
+	if !slices.Contains([]string{"DELETE", "TRUNCATE", "PERSIST", "MEMORY", "WAL", "OFF"}, journalMode) {
+		log.Warn().Msg("Invalid SQLite journal mode: " + journalMode)
+	}
+
+	if dbInfo.Database == ":memory:" {
+		dsn = ":memory:?_fk=true&cache=shared"
+	} else {
+		u, err := url.Parse(dbInfo.Database)
+		if err != nil {
+			return err
+		}
+
+		u.Scheme = "file"
+		q := u.Query()
+		q.Set("_pragma", "foreign_keys(1)")
+		q.Set("_journal_mode", journalMode)
+		u.RawQuery = q.Encode()
+		dsn = u.String()
+	}
+	db, err = gorm.Open(sqlite.Open(dsn), &gorm.Config{
+		Logger:         logger.Default.LogMode(logger.Silent),
+		TranslateError: true,
+	})
+	return err
+}
+
+func setupPostgres(dbInfo databaseInfo) error {
+	var err error
+	dsn := fmt.Sprintf("host=%s port=%s user=%s password=%s dbname=%s sslmode=disable", dbInfo.Host, dbInfo.Port, dbInfo.User, dbInfo.Password, dbInfo.Database)
+
+	db, err = gorm.Open(postgres.Open(dsn), &gorm.Config{
+		Logger:         logger.Default.LogMode(logger.Silent),
+		TranslateError: true,
+	})
+
+	return err
+}
+
+func setupMySQL(dbInfo databaseInfo) error {
+	var err error
+	dsn := fmt.Sprintf("%s:%s@tcp(%s:%s)/%s?charset=utf8mb4&parseTime=True&loc=Local", dbInfo.User, dbInfo.Password, dbInfo.Host, dbInfo.Port, dbInfo.Database)
+
+	db, err = gorm.Open(mysql.New(mysql.Config{
+		DSN:                    dsn,
+		DontSupportRenameIndex: true,
+	}), &gorm.Config{
+		Logger:         logger.Default.LogMode(logger.Silent),
+		TranslateError: true,
+	})
+
+	return err
+}
+
+func DeprecationDBFilename() {
+	if config.C.DBFilename != "" {
+		log.Warn().Msg("The 'db-filename'/'OG_DB_FILENAME' configuration option is deprecated and will be removed in a future version. Please use 'db-uri'/'OG_DB_URI' instead.")
+	}
+
+	if config.C.DBUri == "" {
+		config.C.DBUri = config.C.DBFilename
+	}
+}
+
+func TruncateDatabase() error {
+	return db.Migrator().DropTable("likes", &User{}, "gists", &SSHKey{}, &AdminSetting{}, &Invitation{}, &WebAuthnCredential{}, &TOTP{}, &GistTopic{}, &GistLanguage{})
+}

internal/db/gist.go

@@ -0,0 +1,841 @@
+package db
+
+import (
+	"bytes"
+	"encoding/gob"
+	"fmt"
+	"os/exec"
+	"path/filepath"
+	"slices"
+	"strings"
+	"time"
+
+	"github.com/alecthomas/chroma/v2"
+	"github.com/alecthomas/chroma/v2/lexers"
+	"github.com/dustin/go-humanize"
+	"github.com/rs/zerolog/log"
+	"github.com/thomiceli/opengist/internal/git"
+	"github.com/thomiceli/opengist/internal/index"
+	"gorm.io/gorm"
+)
+
+type Visibility int
+
+const (
+	PublicVisibility Visibility = iota
+	UnlistedVisibility
+	PrivateVisibility
+)
+
+func (v Visibility) String() string {
+	switch v {
+	case PublicVisibility:
+		return "public"
+	case UnlistedVisibility:
+		return "unlisted"
+	case PrivateVisibility:
+		return "private"
+	default:
+		return "???"
+	}
+}
+
+func (v Visibility) Next() Visibility {
+	switch v {
+	case PublicVisibility:
+		return UnlistedVisibility
+	case UnlistedVisibility:
+		return PrivateVisibility
+	default:
+		return PublicVisibility
+	}
+}
+
+func ParseVisibility[T string | int](v T) Visibility {
+	switch s := fmt.Sprint(v); s {
+	case "0", "public":
+		return PublicVisibility
+	case "1", "unlisted":
+		return UnlistedVisibility
+	case "2", "private":
+		return PrivateVisibility
+	default:
+		return PublicVisibility
+	}
+}
+
+type Gist struct {
+	ID              uint `gorm:"primaryKey"`
+	Uuid            string
+	Title           string
+	URL             string
+	Preview         string
+	PreviewFilename string
+	Description     string
+	Private         Visibility // 0: public, 1: unlisted, 2: private
+	UserID          uint
+	User            User
+	NbFiles         int
+	NbLikes         int
+	NbForks         int
+	CreatedAt       int64
+	UpdatedAt       int64
+
+	Likes    []User `gorm:"many2many:likes;constraint:OnUpdate:CASCADE,OnDelete:CASCADE"`
+	Forked   *Gist  `gorm:"foreignKey:ForkedID;constraint:OnUpdate:CASCADE,OnDelete:SET NULL"`
+	ForkedID uint
+
+	Topics    []GistTopic    `gorm:"constraint:OnUpdate:CASCADE,OnDelete:CASCADE"`
+	Languages []GistLanguage `gorm:"constraint:OnUpdate:CASCADE,OnDelete:CASCADE"`
+}
+
+type Like struct {
+	UserID    uint `gorm:"primaryKey"`
+	GistID    uint `gorm:"primaryKey"`
+	CreatedAt int64
+}
+
+func (gist *Gist) BeforeDelete(tx *gorm.DB) error {
+	// Decrement fork counter if the gist was forked
+	err := tx.Model(&Gist{}).
+		Omit("updated_at").
+		Where("id = ?", gist.ForkedID).
+		UpdateColumn("nb_forks", gorm.Expr("nb_forks - 1")).Error
+	return err
+}
+
+func GetGist(user string, gistUuid string) (*Gist, error) {
+	gist := new(Gist)
+	err := db.Preload("User").Preload("Forked.User").Preload("Topics").
+		Where("(gists.uuid like ? OR gists.url = ?) AND users.username like ?", gistUuid+"%", gistUuid, user).
+		Joins("join users on gists.user_id = users.id").
+		First(&gist).Error
+
+	return gist, err
+}
+
+func GetGistByID(gistId string) (*Gist, error) {
+	gist := new(Gist)
+	err := db.Preload("User").Preload("Forked.User").Preload("Topics").
+		Where("gists.id = ?", gistId).
+		First(&gist).Error
+
+	return gist, err
+}
+
+func GetAllGistsForCurrentUser(currentUserId uint, offset int, sort string, order string) ([]*Gist, error) {
+	var gists []*Gist
+	err := db.Preload("User").
+		Preload("Forked.User").
+		Preload("Topics").
+		Where("gists.private = 0 or gists.user_id = ?", currentUserId).
+		Limit(11).
+		Offset(offset * 10).
+		Order(sort + "_at " + order).
+		Find(&gists).Error
+
+	return gists, err
+}
+
+func GetAllGists(offset int) ([]*Gist, error) {
+	var gists []*Gist
+	err := db.Preload("User").
+		Limit(11).
+		Offset(offset * 10).
+		Order("id asc").
+		Find(&gists).Error
+
+	return gists, err
+}
+
+func GetAllGistsFromSearch(currentUserId uint, query string, offset int, sort string, order string, topic string) ([]*Gist, error) {
+	var gists []*Gist
+	tx := db.Preload("User").Preload("Forked.User").Preload("Topics").
+		Where("((gists.private = 0) or (gists.private > 0 and gists.user_id = ?))", currentUserId).
+		Where("gists.title like ? or gists.description like ?", "%"+query+"%", "%"+query+"%")
+
+	if topic != "" {
+		tx = tx.Joins("join gist_topics on gists.id = gist_topics.gist_id").
+			Where("gist_topics.topic = ?", topic)
+	}
+
+	err := tx.Limit(11).
+		Offset(offset * 10).
+		Order("gists." + sort + "_at " + order).
+		Find(&gists).Error
+
+	return gists, err
+}
+
+func gistsFromUserStatement(fromUserId uint, currentUserId uint) *gorm.DB {
+	return db.
+		Where("((gists.private = 0) or (gists.private > 0 and gists.user_id = ?))", currentUserId).
+		Where("users.id = ?", fromUserId).
+		Joins("join users on gists.user_id = users.id")
+}
+
+func gistsFromUserStatementWithPreloads(fromUserId uint, currentUserId uint) *gorm.DB {
+	return db.Preload("User").Preload("Forked.User").Preload("Topics").
+		Where("((gists.private = 0) or (gists.private > 0 and gists.user_id = ?))", currentUserId).
+		Where("users.id = ?", fromUserId).
+		Joins("join users on gists.user_id = users.id")
+}
+
+func GetAllGistsFromUser(fromUserId uint, currentUserId uint, title string, language string, visibility string, topics []string, offset int, sort string, order string) ([]*Gist, int64, error) {
+	var gists []*Gist
+	var count int64
+
+	baseQuery := gistsFromUserStatementWithPreloads(fromUserId, currentUserId).Model(&Gist{})
+
+	if title != "" {
+		baseQuery = baseQuery.Where("gists.title like ?", "%"+title+"%")
+	}
+
+	if language != "" {
+		baseQuery = baseQuery.Joins("join gist_languages on gists.id = gist_languages.gist_id").
+			Where("gist_languages.language = ?", language)
+	}
+
+	if visibility != "" {
+		baseQuery = baseQuery.Where("gists.private = ?", ParseVisibility(visibility))
+	}
+
+	if len(topics) > 0 {
+		baseQuery = baseQuery.Joins("join gist_topics on gists.id = gist_topics.gist_id").
+			Where("gist_topics.topic in ?", topics)
+	}
+
+	err := baseQuery.Count(&count).Error
+	if err != nil {
+		return nil, 0, err
+	}
+
+	err = baseQuery.Limit(11).
+		Offset(offset * 10).
+		Order("gists." + sort + "_at " + order).
+		Find(&gists).Error
+
+	return gists, count, err
+}
+
+func CountAllGistsFromUser(fromUserId uint, currentUserId uint) (int64, error) {
+	var count int64
+	err := gistsFromUserStatementWithPreloads(fromUserId, currentUserId).Model(&Gist{}).Count(&count).Error
+	return count, err
+}
+
+func likedStatement(fromUserId uint, currentUserId uint) *gorm.DB {
+	return db.Preload("User").Preload("Forked.User").Preload("Topics").
+		Where("((gists.private = 0) or (gists.private > 0 and gists.user_id = ?))", currentUserId).
+		Where("likes.user_id = ?", fromUserId).
+		Joins("join likes on gists.id = likes.gist_id").
+		Joins("join users on likes.user_id = users.id")
+}
+
+func GetAllGistsLikedByUser(fromUserId uint, currentUserId uint, offset int, sort string, order string) ([]*Gist, error) {
+	var gists []*Gist
+	err := likedStatement(fromUserId, currentUserId).Limit(11).
+		Offset(offset * 10).
+		Order("gists." + sort + "_at " + order).
+		Find(&gists).Error
+	return gists, err
+}
+
+func CountAllGistsLikedByUser(fromUserId uint, currentUserId uint) (int64, error) {
+	var count int64
+	err := likedStatement(fromUserId, currentUserId).Model(&Gist{}).Count(&count).Error
+	return count, err
+}
+
+func forkedStatement(fromUserId uint, currentUserId uint) *gorm.DB {
+	return db.Preload("User").Preload("Forked.User").Preload("Topics").
+		Where("gists.forked_id is not null and ((gists.private = 0) or (gists.private > 0 and gists.user_id = ?))", currentUserId).
+		Where("gists.user_id = ?", fromUserId).
+		Joins("join users on gists.user_id = users.id")
+}
+
+func GetAllGistsForkedByUser(fromUserId uint, currentUserId uint, offset int, sort string, order string) ([]*Gist, error) {
+	var gists []*Gist
+	err := forkedStatement(fromUserId, currentUserId).Limit(11).
+		Offset(offset * 10).
+		Order("gists." + sort + "_at " + order).
+		Find(&gists).Error
+	return gists, err
+}
+
+func CountAllGistsForkedByUser(fromUserId uint, currentUserId uint) (int64, error) {
+	var count int64
+	err := forkedStatement(fromUserId, currentUserId).Model(&Gist{}).Count(&count).Error
+	return count, err
+}
+
+func GetAllGistsRows() ([]*Gist, error) {
+	var gists []*Gist
+	err := db.Table("gists").
+		Preload("User").
+		Find(&gists).Error
+
+	return gists, err
+}
+
+func GetAllGistsVisibleByUser(userId uint) ([]uint, error) {
+	var gists []uint
+
+	err := db.Table("gists").
+		Where("gists.private = 0 or gists.user_id = ?", userId).
+		Pluck("gists.id", &gists).Error
+
+	return gists, err
+}
+
+func GetAllGistsByIds(ids []uint) ([]*Gist, error) {
+	var gists []*Gist
+	err := db.Preload("User").Preload("Forked.User").Preload("Topics").
+		Where("id in ?", ids).
+		Find(&gists).Error
+
+	// keep order
+	ordered := make([]*Gist, 0, len(ids))
+	for _, wantedId := range ids {
+		for _, gist := range gists {
+			if gist.ID == wantedId {
+				ordered = append(ordered, gist)
+				break
+			}
+		}
+	}
+
+	return ordered, err
+}
+
+func (gist *Gist) Create() error {
+	// avoids foreign key constraint error because the default value in the struct is 0
+	return db.Omit("forked_id").Create(&gist).Error
+}
+
+func (gist *Gist) CreateForked() error {
+	return db.Create(&gist).Error
+}
+
+func (gist *Gist) Update() error {
+	// reset the topics
+	err := db.Model(&GistTopic{}).Where("gist_id = ?", gist.ID).Delete(&GistTopic{}).Error
+	if err != nil {
+		return err
+	}
+
+	return db.Omit("forked_id").Save(&gist).Error
+}
+
+func (gist *Gist) UpdateNoTimestamps() error {
+	return db.Omit("forked_id", "updated_at").Save(&gist).Error
+}
+
+func (gist *Gist) Delete() error {
+	err := gist.DeleteRepository()
+	if err != nil {
+		return err
+	}
+
+	return db.Delete(&gist).Error
+}
+
+func (gist *Gist) SetLastActiveNow() error {
+	return db.Model(&Gist{}).
+		Where("id = ?", gist.ID).
+		Update("updated_at", time.Now().Unix()).Error
+}
+
+func (gist *Gist) AppendUserLike(user *User) error {
+	err := db.Model(&gist).Omit("updated_at").Update("nb_likes", gist.NbLikes+1).Error
+	if err != nil {
+		return err
+	}
+
+	return db.Model(&gist).Omit("updated_at").Association("Likes").Append(user)
+}
+
+func (gist *Gist) RemoveUserLike(user *User) error {
+	err := db.Model(&gist).Omit("updated_at").Update("nb_likes", gist.NbLikes-1).Error
+	if err != nil {
+		return err
+	}
+
+	return db.Model(&gist).Omit("updated_at").Association("Likes").Delete(user)
+}
+
+func (gist *Gist) IncrementForkCount() error {
+	return db.Model(&gist).Omit("updated_at").Update("nb_forks", gist.NbForks+1).Error
+}
+
+func (gist *Gist) GetForkParent(user *User) (*Gist, error) {
+	fork := new(Gist)
+	err := db.Preload("User").
+		Where("forked_id = ? and user_id = ?", gist.ID, user.ID).
+		First(&fork).Error
+	return fork, err
+}
+
+func (gist *Gist) GetUsersLikes(offset int) ([]*User, error) {
+	var users []*User
+	err := db.Model(&gist).
+		Where("gist_id = ?", gist.ID).
+		Limit(31).
+		Offset(offset * 30).
+		Association("Likes").Find(&users)
+	return users, err
+}
+
+func (gist *Gist) GetForks(currentUserId uint, offset int) ([]*Gist, error) {
+	var gists []*Gist
+	err := db.Model(&gist).Preload("User").
+		Where("forked_id = ?", gist.ID).
+		Where("(gists.private = 0) or (gists.private > 0 and gists.user_id = ?)", currentUserId).
+		Limit(11).
+		Offset(offset * 10).
+		Order("updated_at desc").
+		Find(&gists).Error
+
+	return gists, err
+}
+
+func (gist *Gist) CanWrite(user *User) bool {
+	return !(user == nil) && (gist.UserID == user.ID)
+}
+
+func (gist *Gist) InitRepository() error {
+	return git.InitRepository(gist.User.Username, gist.Uuid)
+}
+
+func (gist *Gist) DeleteRepository() error {
+	return git.DeleteRepository(gist.User.Username, gist.Uuid)
+}
+
+func (gist *Gist) Files(revision string, truncate bool) ([]*git.File, error) {
+	filesCat, err := git.CatFileBatch(gist.User.Username, gist.Uuid, revision, truncate)
+	if err != nil {
+		// if the revision or the file do not exist
+		if exiterr, ok := err.(*exec.ExitError); ok && exiterr.ExitCode() == 128 {
+			return nil, &git.RevisionNotFoundError{}
+		}
+		return nil, err
+	}
+
+	var files []*git.File
+	for _, fileCat := range filesCat {
+		files = append(files, &git.File{
+			Filename:  fileCat.Name,
+			Size:      fileCat.Size,
+			HumanSize: humanize.IBytes(fileCat.Size),
+			Content:   fileCat.Content,
+			Truncated: fileCat.Truncated,
+		})
+	}
+	return files, err
+}
+
+func (gist *Gist) File(revision string, filename string, truncate bool) (*git.File, error) {
+	content, truncated, err := git.GetFileContent(gist.User.Username, gist.Uuid, revision, filename, truncate)
+
+	// if the revision or the file do not exist
+	if exiterr, ok := err.(*exec.ExitError); ok && exiterr.ExitCode() == 128 {
+		return nil, nil
+	}
+
+	var size uint64
+
+	size, err = git.GetFileSize(gist.User.Username, gist.Uuid, revision, filename)
+	if err != nil {
+		return nil, err
+	}
+
+	return &git.File{
+		Filename:  filename,
+		Size:      size,
+		HumanSize: humanize.IBytes(size),
+		Content:   content,
+		Truncated: truncated,
+	}, err
+}
+
+func (gist *Gist) FileNames(revision string) ([]string, error) {
+	return git.GetFilesOfRepository(gist.User.Username, gist.Uuid, revision)
+}
+
+func (gist *Gist) Log(skip int) ([]*git.Commit, error) {
+	return git.GetLog(gist.User.Username, gist.Uuid, skip)
+}
+
+func (gist *Gist) NbCommits() (string, error) {
+	return git.CountCommits(gist.User.Username, gist.Uuid)
+}
+
+func (gist *Gist) AddAndCommitFiles(files *[]FileDTO) error {
+	if err := git.CloneTmp(gist.User.Username, gist.Uuid, gist.Uuid, gist.User.Email, true); err != nil {
+		return err
+	}
+
+	for _, file := range *files {
+		if err := git.SetFileContent(gist.Uuid, file.Filename, file.Content); err != nil {
+			return err
+		}
+	}
+
+	if err := git.AddAll(gist.Uuid); err != nil {
+		return err
+	}
+
+	if err := git.CommitRepository(gist.Uuid, gist.User.Username, gist.User.Email); err != nil {
+		return err
+	}
+
+	return git.Push(gist.Uuid)
+}
+
+func (gist *Gist) AddAndCommitFile(file *FileDTO) error {
+	if err := git.CloneTmp(gist.User.Username, gist.Uuid, gist.Uuid, gist.User.Email, false); err != nil {
+		return err
+	}
+
+	if err := git.SetFileContent(gist.Uuid, file.Filename, file.Content); err != nil {
+		return err
+	}
+
+	if err := git.AddAll(gist.Uuid); err != nil {
+		return err
+	}
+
+	if err := git.CommitRepository(gist.Uuid, gist.User.Username, gist.User.Email); err != nil {
+		return err
+	}
+
+	return git.Push(gist.Uuid)
+}
+
+func (gist *Gist) ForkClone(username string, uuid string) error {
+	return git.ForkClone(gist.User.Username, gist.Uuid, username, uuid)
+}
+
+func (gist *Gist) UpdateServerInfo() error {
+	return git.UpdateServerInfo(gist.User.Username, gist.Uuid)
+}
+
+func (gist *Gist) RPC(service string) ([]byte, error) {
+	return git.RPC(gist.User.Username, gist.Uuid, service)
+}
+
+func (gist *Gist) UpdatePreviewAndCount(withTimestampUpdate bool) error {
+	filesStr, err := git.GetFilesOfRepository(gist.User.Username, gist.Uuid, "HEAD")
+	if err != nil {
+		return err
+	}
+	gist.NbFiles = len(filesStr)
+
+	if len(filesStr) == 0 {
+		gist.Preview = ""
+		gist.PreviewFilename = ""
+	} else {
+		file, err := gist.File("HEAD", filesStr[0], true)
+		if err != nil {
+			return err
+		}
+
+		split := strings.Split(file.Content, "\n")
+		if len(split) > 10 {
+			gist.Preview = strings.Join(split[:10], "\n")
+		} else {
+			gist.Preview = file.Content
+		}
+
+		gist.PreviewFilename = file.Filename
+	}
+
+	if withTimestampUpdate {
+		return gist.Update()
+	}
+	return gist.UpdateNoTimestamps()
+}
+
+func (gist *Gist) VisibilityStr() string {
+	switch gist.Private {
+	case PublicVisibility:
+		return "public"
+	case UnlistedVisibility:
+		return "unlisted"
+	case PrivateVisibility:
+		return "private"
+	default:
+		return ""
+	}
+}
+
+func (gist *Gist) Identifier() string {
+	if gist.URL != "" {
+		return gist.URL
+	}
+	return gist.Uuid
+}
+
+func (gist *Gist) GetLanguagesFromFiles() ([]string, error) {
+	files, err := gist.Files("HEAD", true)
+	if err != nil {
+		return nil, err
+	}
+
+	languages := make([]string, 0, len(files))
+	for _, file := range files {
+		var lexer chroma.Lexer
+		if lexer = lexers.Get(file.Filename); lexer == nil {
+			lexer = lexers.Fallback
+		}
+
+		fileType := lexer.Config().Name
+		if lexer.Config().Name == "fallback" || lexer.Config().Name == "plaintext" {
+			fileType = "Text"
+		}
+
+		languages = append(languages, fileType)
+	}
+
+	return languages, nil
+}
+
+func (gist *Gist) GetTopics() ([]string, error) {
+	var topics []string
+	err := db.Model(&GistTopic{}).
+		Where("gist_id = ?", gist.ID).
+		Pluck("topic", &topics).Error
+	return topics, err
+}
+
+func (gist *Gist) TopicsSlice() []string {
+	topics := make([]string, 0, len(gist.Topics))
+	for _, topic := range gist.Topics {
+		topics = append(topics, topic.Topic)
+	}
+	return topics
+}
+
+func (gist *Gist) SerialiseInitRepository() error {
+	var gobBuffer bytes.Buffer
+	encoder := gob.NewEncoder(&gobBuffer)
+	if err := encoder.Encode(gist); err != nil {
+		return fmt.Errorf("gob encoding error: %v", err)
+	}
+
+	return git.SerialiseInitRepository(gist.User.Username, gobBuffer.Bytes())
+}
+
+func DeserialiseInitRepository(user string) (*Gist, error) {
+	data, err := git.DeserialiseInitRepository(user)
+	if err != nil {
+		return nil, err
+	}
+
+	var gist Gist
+	decoder := gob.NewDecoder(bytes.NewReader(data))
+	if err := decoder.Decode(&gist); err != nil {
+		return nil, fmt.Errorf("gob decoding error: %v", err)
+	}
+	return &gist, nil
+}
+
+func (gist *Gist) UpdateLanguages() {
+	languages, err := gist.GetLanguagesFromFiles()
+	if err != nil {
+		log.Error().Err(err).Msgf("Cannot get languages for gist %d", gist.ID)
+		return
+	}
+
+	slices.Sort(languages)
+	languages = slices.Compact(languages)
+
+	tx := db.Begin()
+	if tx.Error != nil {
+		log.Error().Err(tx.Error).Msgf("Cannot start transaction for gist %d", gist.ID)
+		return
+	}
+
+	if err := tx.Where("gist_id = ?", gist.ID).Delete(&GistLanguage{}).Error; err != nil {
+		tx.Rollback()
+		log.Error().Err(err).Msgf("Cannot delete languages for gist %d", gist.ID)
+		return
+	}
+
+	for _, language := range languages {
+		gistLanguage := &GistLanguage{
+			GistID:   gist.ID,
+			Language: language,
+		}
+		if err := tx.Create(gistLanguage).Error; err != nil {
+			tx.Rollback()
+			log.Error().Err(err).Msgf("Cannot create gist language %s for gist %d", language, gist.ID)
+			return
+		}
+	}
+
+	if err := tx.Commit().Error; err != nil {
+		tx.Rollback()
+		log.Error().Err(err).Msgf("Cannot commit transaction for gist %d", gist.ID)
+		return
+	}
+}
+
+func (gist *Gist) ToDTO() (*GistDTO, error) {
+	files, err := gist.Files("HEAD", false)
+	if err != nil {
+		return nil, err
+	}
+
+	fileDTOs := make([]FileDTO, 0, len(files))
+	for _, file := range files {
+		fileDTOs = append(fileDTOs, FileDTO{
+			Filename: file.Filename,
+			Content:  file.Content,
+		})
+	}
+
+	return &GistDTO{
+		Title:       gist.Title,
+		Description: gist.Description,
+		URL:         gist.URL,
+		Files:       fileDTOs,
+		VisibilityDTO: VisibilityDTO{
+			Private: gist.Private,
+		},
+		Topics: strings.Join(gist.TopicsSlice(), " "),
+	}, nil
+}
+
+// -- DTO -- //
+
+type GistDTO struct {
+	Title       string    `validate:"max=250" form:"title"`
+	Description string    `validate:"max=1000" form:"description"`
+	URL         string    `validate:"max=32,alphanumdashorempty" form:"url"`
+	Files       []FileDTO `validate:"min=1,dive"`
+	Name        []string  `form:"name"`
+	Content     []string  `form:"content"`
+	Topics      string    `validate:"gisttopics" form:"topics"`
+	VisibilityDTO
+}
+
+func (dto *GistDTO) HasMetadata() bool {
+	return dto.Title != "" || dto.Description != "" || dto.URL != "" || dto.Topics != ""
+}
+
+type VisibilityDTO struct {
+	Private Visibility `validate:"number,min=0,max=2" form:"private"`
+}
+
+type FileDTO struct {
+	Filename string `validate:"excludes=\x2f,excludes=\x5c,max=255"`
+	Content  string `validate:"required"`
+}
+
+func (dto *GistDTO) ToGist() *Gist {
+	return &Gist{
+		Title:       dto.Title,
+		Description: dto.Description,
+		Private:     dto.Private,
+		URL:         dto.URL,
+		Topics:      dto.TopicStrToSlice(),
+	}
+}
+
+func (dto *GistDTO) ToExistingGist(gist *Gist) *Gist {
+	gist.Title = dto.Title
+	gist.Description = dto.Description
+	gist.URL = dto.URL
+	gist.Topics = dto.TopicStrToSlice()
+	return gist
+}
+
+func (dto *GistDTO) TopicStrToSlice() []GistTopic {
+	topics := strings.Fields(dto.Topics)
+	gistTopics := make([]GistTopic, 0, len(topics))
+	for _, topic := range topics {
+		gistTopics = append(gistTopics, GistTopic{Topic: topic})
+	}
+	return gistTopics
+}
+
+// -- Index -- //
+
+func (gist *Gist) ToIndexedGist() (*index.Gist, error) {
+	files, err := gist.Files("HEAD", true)
+	if err != nil {
+		return nil, err
+	}
+
+	exts := make([]string, 0, len(files))
+	wholeContent := ""
+	for _, file := range files {
+		wholeContent += file.Content
+		if !strings.HasSuffix(wholeContent, "\n") {
+			wholeContent += "\n"
+		}
+		exts = append(exts, filepath.Ext(file.Filename))
+	}
+
+	fileNames, err := gist.FileNames("HEAD")
+	if err != nil {
+		return nil, err
+	}
+
+	langs, err := gist.GetLanguagesFromFiles()
+	if err != nil {
+		return nil, err
+	}
+
+	topics, err := gist.GetTopics()
+	if err != nil {
+		return nil, err
+	}
+
+	indexedGist := &index.Gist{
+		GistID:     gist.ID,
+		Username:   gist.User.Username,
+		Title:      gist.Title,
+		Content:    wholeContent,
+		Filenames:  fileNames,
+		Extensions: exts,
+		Languages:  langs,
+		Topics:     topics,
+		CreatedAt:  gist.CreatedAt,
+		UpdatedAt:  gist.UpdatedAt,
+	}
+
+	return indexedGist, nil
+}
+
+func (gist *Gist) AddInIndex() {
+	if !index.Enabled() {
+		return
+	}
+
+	go func() {
+		indexedGist, err := gist.ToIndexedGist()
+		if err != nil {
+			log.Error().Err(err).Msgf("Cannot convert gist %d to indexed gist", gist.ID)
+			return
+		}
+		err = index.AddInIndex(indexedGist)
+		if err != nil {
+			log.Error().Err(err).Msgf("Error adding gist %d to index", gist.ID)
+		}
+	}()
+}
+
+func (gist *Gist) RemoveFromIndex() {
+	if !index.Enabled() {
+		return
+	}
+
+	go func() {
+		err := index.RemoveFromIndex(gist.ID)
+		if err != nil {
+			log.Error().Err(err).Msgf("Error remove gist %d from index", gist.ID)
+		}
+	}()
+}

internal/db/gist_language.go

@@ -0,0 +1,27 @@
+package db
+
+type GistLanguage struct {
+	GistID   uint   `gorm:"primaryKey"`
+	Language string `gorm:"primaryKey;size:100"`
+}
+
+func GetGistLanguagesForUser(fromUserId, currentUserId uint) ([]struct {
+	Language string
+	Count    int64
+}, error) {
+	var results []struct {
+		Language string
+		Count    int64
+	}
+
+	err := gistsFromUserStatement(fromUserId, currentUserId).Model(&GistLanguage{}).
+		Select("language, count(*) as count").
+		Joins("JOIN gists ON gists.id = gist_languages.gist_id").
+		Where("gists.user_id = ?", fromUserId).
+		Group("language").
+		Order("count DESC").
+		Limit(15). // Added limit of 15
+		Find(&results).Error
+
+	return results, err
+}

internal/db/gist_topic.go

@@ -0,0 +1,6 @@
+package db
+
+type GistTopic struct {
+	GistID uint   `gorm:"primaryKey"`
+	Topic  string `gorm:"primaryKey;size:50"`
+}

internal/db/invitation.go

@@ -0,0 +1,99 @@
+package db
+
+import (
+	"fmt"
+	"math/rand"
+	"time"
+)
+
+type Invitation struct {
+	ID        uint `gorm:"primaryKey"`
+	Code      string
+	ExpiresAt int64
+	NbUsed    uint
+	NbMax     uint
+}
+
+func GetAllInvitations() ([]*Invitation, error) {
+	var invitations []*Invitation
+	dialect := db.Dialector.Name()
+	query := db.Model(&Invitation{})
+
+	switch dialect {
+	case "sqlite":
+		query = query.Order("(((expires_at >= strftime('%s', 'now')) AND ((nb_max <= 0) OR (nb_used < nb_max)))) DESC")
+	case "postgres":
+		query = query.Order("(((expires_at >= EXTRACT(EPOCH FROM CURRENT_TIMESTAMP)) AND ((nb_max <= 0) OR (nb_used < nb_max)))) DESC")
+	case "mysql":
+		query = query.Order("(((expires_at >= UNIX_TIMESTAMP()) AND ((nb_max <= 0) OR (nb_used < nb_max)))) DESC")
+	default:
+		return nil, fmt.Errorf("unsupported database dialect: %s", dialect)
+	}
+
+	err := query.Order("id ASC").Find(&invitations).Error
+
+	return invitations, err
+}
+
+func GetInvitationByID(id uint) (*Invitation, error) {
+	invitation := new(Invitation)
+	err := db.
+		Where("id = ?", id).
+		First(&invitation).Error
+	return invitation, err
+}
+
+func GetInvitationByCode(code string) (*Invitation, error) {
+	invitation := new(Invitation)
+	err := db.
+		Where("code = ?", code).
+		First(&invitation).Error
+	return invitation, err
+}
+
+func InvitationCodeExists(code string) (bool, error) {
+	var count int64
+	err := db.Model(&Invitation{}).Where("code = ?", code).Count(&count).Error
+	return count > 0, err
+}
+
+func (i *Invitation) Create() error {
+	i.Code = generateRandomCode()
+	return db.Create(&i).Error
+}
+
+func (i *Invitation) Update() error {
+	return db.Save(&i).Error
+}
+
+func (i *Invitation) Delete() error {
+	return db.Delete(&i).Error
+}
+
+func (i *Invitation) IsExpired() bool {
+	return i.ExpiresAt < time.Now().Unix()
+}
+
+func (i *Invitation) IsMaxedOut() bool {
+	return i.NbMax > 0 && i.NbUsed >= i.NbMax
+}
+
+func (i *Invitation) IsUsable() bool {
+	return !i.IsExpired() && !i.IsMaxedOut()
+}
+
+func (i *Invitation) Use() error {
+	i.NbUsed++
+	return i.Update()
+}
+
+func generateRandomCode() string {
+	const charset = "0123456789ABCDEF"
+	var seededRand = rand.New(rand.NewSource(time.Now().UnixNano()))
+	result := make([]byte, 16)
+
+	for i := range result {
+		result[i] = charset[seededRand.Intn(len(charset))]
+	}
+	return string(result)
+}

internal/db/migration.go

@@ -0,0 +1,114 @@
+package db
+
+import (
+	"fmt"
+	"github.com/rs/zerolog/log"
+)
+
+type MigrationVersion struct {
+	ID      uint `gorm:"primaryKey"`
+	Version uint
+}
+
+func applyMigrations(dbInfo *databaseInfo) error {
+	switch dbInfo.Type {
+	case SQLite:
+		return applySqliteMigrations()
+	case PostgreSQL, MySQL:
+		return nil
+	default:
+		return fmt.Errorf("unknown database type: %s", dbInfo.Type)
+	}
+
+}
+
+func applySqliteMigrations() error {
+	// Create migration table if it doesn't exist
+	if err := db.AutoMigrate(&MigrationVersion{}); err != nil {
+		log.Fatal().Err(err).Msg("Error creating migration version table")
+		return err
+	}
+
+	// Get the current migration version
+	var currentVersion MigrationVersion
+	db.First(&currentVersion)
+
+	// Define migrations
+	migrations := []struct {
+		Version uint
+		Func    func() error
+	}{
+		{1, v1_modifyConstraintToSSHKeys},
+		{2, v2_lowercaseEmails},
+		// Add more migrations here as needed
+	}
+
+	// Apply migrations
+	for _, m := range migrations {
+		if m.Version > currentVersion.Version {
+			tx := db.Begin()
+			if err := tx.Error; err != nil {
+				log.Fatal().Err(err).Msg("Error starting transaction")
+				return err
+			}
+
+			if err := m.Func(); err != nil {
+				log.Fatal().Err(err).Msg(fmt.Sprintf("Error applying migration %d:", m.Version))
+				tx.Rollback()
+				return err
+			} else {
+				if err = tx.Commit().Error; err != nil {
+					log.Fatal().Err(err).Msg(fmt.Sprintf("Error committing migration %d:", m.Version))
+					return err
+				}
+				currentVersion.Version = m.Version
+				db.Save(&currentVersion)
+				log.Info().Msg(fmt.Sprintf("Migration %d applied successfully", m.Version))
+			}
+		}
+	}
+
+	return nil
+}
+
+// Modify the constraint on the ssh_keys table to use ON DELETE CASCADE
+func v1_modifyConstraintToSSHKeys() error {
+	createSQL := `
+	CREATE TABLE ssh_keys_temp (
+		id integer primary key,
+		title text,
+		content text,
+		sha text,
+		created_at integer,
+		last_used_at integer,
+		user_id integer
+		constraint fk_users_ssh_keys references users(id) on update cascade on delete cascade
+	);
+	`
+
+	if err := db.Exec(createSQL).Error; err != nil {
+		return err
+	}
+
+	// Copy data from the old table to the new table
+	copySQL := `INSERT INTO ssh_keys_temp SELECT * FROM ssh_keys;`
+	if err := db.Exec(copySQL).Error; err != nil {
+		return err
+	}
+
+	// Drop the old table
+	dropSQL := `DROP TABLE ssh_keys;`
+	if err := db.Exec(dropSQL).Error; err != nil {
+		return err
+	}
+
+	// Rename the new table to the original table name
+	renameSQL := `ALTER TABLE ssh_keys_temp RENAME TO ssh_keys;`
+	return db.Exec(renameSQL).Error
+}
+
+func v2_lowercaseEmails() error {
+	// Copy the lowercase emails into the new column
+	copySQL := `UPDATE users SET email = lower(email);`
+	return db.Exec(copySQL).Error
+}

internal/db/sshkey.go

@@ -1,6 +1,12 @@
-package models
+package db
 
-import "time"
+import (
+	"crypto/sha256"
+	"encoding/base64"
+	"golang.org/x/crypto/ssh"
+	"gorm.io/gorm"
+	"time"
+)
 
 type SSHKey struct {
 	ID         uint `gorm:"primaryKey"`
@@ -13,6 +19,16 @@ type SSHKey struct {
 	User       User `validate:"-" `
 }
 
+func (sshKey *SSHKey) BeforeCreate(*gorm.DB) error {
+	pubKey, _, _, _, err := ssh.ParseAuthorizedKey([]byte(sshKey.Content))
+	if err != nil {
+		return err
+	}
+	sha := sha256.Sum256(pubKey.Marshal())
+	sshKey.SHA = base64.StdEncoding.EncodeToString(sha[:])
+	return nil
+}
+
 func GetSSHKeysByUserID(userId uint) ([]*SSHKey, error) {
 	var sshKeys []*SSHKey
 	err := db.
@@ -32,13 +48,12 @@ func GetSSHKeyByID(sshKeyId uint) (*SSHKey, error) {
 	return sshKey, err
 }
 
-func GetSSHKeyByContent(sshKeyContent string) (*SSHKey, error) {
-	sshKey := new(SSHKey)
-	err := db.
-		Where("content like ?", sshKeyContent+"%").
-		First(&sshKey).Error
-
-	return sshKey, err
+func SSHKeyDoesExists(sshKeyContent string) (bool, error) {
+	var count int64
+	err := db.Model(&SSHKey{}).
+		Where("content = ?", sshKeyContent).
+		Count(&count).Error
+	return count > 0, err
 }
 
 func (sshKey *SSHKey) Create() error {
@@ -49,9 +64,9 @@ func (sshKey *SSHKey) Delete() error {
 	return db.Delete(&sshKey).Error
 }
 
-func SSHKeyLastUsedNow(sshKeyID uint) error {
+func SSHKeyLastUsedNow(sshKeyContent string) error {
 	return db.Model(&SSHKey{}).
-		Where("id = ?", sshKeyID).
+		Where("content = ?", sshKeyContent).
 		Update("last_used_at", time.Now().Unix()).Error
 }
 

internal/db/totp.go

@@ -0,0 +1,123 @@
+package db
+
+import (
+	"crypto/rand"
+	"encoding/base64"
+	"encoding/hex"
+	"encoding/json"
+	"fmt"
+	"github.com/thomiceli/opengist/internal/auth"
+	"github.com/thomiceli/opengist/internal/auth/password"
+	ogtotp "github.com/thomiceli/opengist/internal/auth/totp"
+	"github.com/thomiceli/opengist/internal/config"
+	"slices"
+)
+
+type TOTP struct {
+	ID            uint `gorm:"primaryKey"`
+	UserID        uint `gorm:"uniqueIndex"`
+	User          User
+	Secret        string
+	RecoveryCodes jsonData `gorm:"type:json"`
+	CreatedAt     int64
+	LastUsedAt    int64
+}
+
+func GetTOTPByUserID(userID uint) (*TOTP, error) {
+	var totp TOTP
+	err := db.Where("user_id = ?", userID).First(&totp).Error
+	return &totp, err
+}
+
+func (totp *TOTP) StoreSecret(secret string) error {
+	secretBytes := []byte(secret)
+	encrypted, err := auth.AESEncrypt(config.SecretKey, secretBytes)
+	if err != nil {
+		return err
+	}
+
+	totp.Secret = base64.URLEncoding.EncodeToString(encrypted)
+	return nil
+}
+
+func (totp *TOTP) ValidateCode(code string) (bool, error) {
+	ciphertext, err := base64.URLEncoding.DecodeString(totp.Secret)
+	if err != nil {
+		return false, err
+	}
+
+	secretBytes, err := auth.AESDecrypt(config.SecretKey, ciphertext)
+	if err != nil {
+		return false, err
+	}
+
+	return ogtotp.Validate(code, string(secretBytes)), nil
+}
+
+func (totp *TOTP) ValidateRecoveryCode(code string) (bool, error) {
+	var hashedCodes []string
+	if err := json.Unmarshal(totp.RecoveryCodes, &hashedCodes); err != nil {
+		return false, err
+	}
+
+	for i, hashedCode := range hashedCodes {
+		ok, err := password.VerifyPassword(code, hashedCode)
+		if err != nil {
+			return false, err
+		}
+		if ok {
+			codesJson, _ := json.Marshal(slices.Delete(hashedCodes, i, i+1))
+			totp.RecoveryCodes = codesJson
+			return true, db.Model(&totp).Updates(TOTP{RecoveryCodes: codesJson}).Error
+		}
+	}
+	return false, nil
+}
+
+func (totp *TOTP) GenerateRecoveryCodes() ([]string, error) {
+	codes, plainCodes, err := generateRandomCodes()
+	if err != nil {
+		return nil, err
+	}
+
+	codesJson, _ := json.Marshal(codes)
+	totp.RecoveryCodes = codesJson
+
+	return plainCodes, db.Model(&totp).Updates(TOTP{RecoveryCodes: codesJson}).Error
+}
+
+func (totp *TOTP) Create() error {
+	return db.Create(&totp).Error
+}
+
+func (totp *TOTP) Delete() error {
+	return db.Delete(&totp).Error
+}
+
+func generateRandomCodes() ([]string, []string, error) {
+	const count = 5
+	const length = 10
+	codes := make([]string, count)
+	plainCodes := make([]string, count)
+	for i := 0; i < count; i++ {
+		bytes := make([]byte, (length+1)/2)
+		if _, err := rand.Read(bytes); err != nil {
+			return nil, nil, err
+		}
+		hexCode := hex.EncodeToString(bytes)
+		code := fmt.Sprintf("%s-%s", hexCode[:length/2], hexCode[length/2:])
+		plainCodes[i] = code
+		hashed, err := password.HashPassword(code)
+		if err != nil {
+			return nil, nil, err
+		}
+		codes[i] = hashed
+	}
+	return codes, plainCodes, nil
+}
+
+// -- DTO -- //
+
+type TOTPDTO struct {
+	Code string `form:"code" validate:"max=50"`
+}

internal/db/types.go

@@ -0,0 +1,77 @@
+package db
+
+import (
+	"database/sql/driver"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"gorm.io/gorm"
+	"gorm.io/gorm/schema"
+)
+
+type binaryData []byte
+
+func (b *binaryData) Value() (driver.Value, error) {
+	return []byte(*b), nil
+}
+
+func (b *binaryData) Scan(value interface{}) error {
+	valBytes, ok := value.([]byte)
+	if !ok {
+		return fmt.Errorf("failed to unmarshal BinaryData: %v", value)
+	}
+	*b = valBytes
+	return nil
+}
+
+func (*binaryData) GormDataType() string {
+	return "binary_data"
+}
+
+func (*binaryData) GormDBDataType(db *gorm.DB, _ *schema.Field) string {
+	switch db.Dialector.Name() {
+	case "sqlite":
+		return "BLOB"
+	case "mysql":
+		return "VARBINARY(1024)"
+	case "postgres":
+		return "BYTEA"
+	default:
+		return "BLOB"
+	}
+}
+
+type jsonData json.RawMessage
+
+func (j *jsonData) Scan(value interface{}) error {
+	bytes, ok := value.([]byte)
+	if !ok {
+		return errors.New(fmt.Sprint("Failed to unmarshal JSONB value:", value))
+	}
+
+	result := json.RawMessage{}
+	err := json.Unmarshal(bytes, &result)
+	*j = jsonData(result)
+	return err
+}
+
+func (j *jsonData) Value() (driver.Value, error) {
+	if len(*j) == 0 {
+		return nil, nil
+	}
+	return json.RawMessage(*j).MarshalJSON()
+}
+
+func (*jsonData) GormDataType() string {
+	return "json"
+}
+
+func (*jsonData) GormDBDataType(db *gorm.DB, _ *schema.Field) string {
+	switch db.Dialector.Name() {
+	case "mysql", "sqlite":
+		return "JSON"
+	case "postgres":
+		return "JSONB"
+	}
+	return ""
+}

internal/db/user.go

@@ -0,0 +1,253 @@
+package db
+
+import (
+	"github.com/thomiceli/opengist/internal/git"
+	"gorm.io/gorm"
+)
+
+type User struct {
+	ID        uint   `gorm:"primaryKey"`
+	Username  string `gorm:"uniqueIndex,size:191"`
+	Password  string
+	IsAdmin   bool
+	CreatedAt int64
+	Email     string
+	MD5Hash   string // for gravatar, if no Email is specified, the value is random
+	AvatarURL string
+	GithubID  string
+	GitlabID  string
+	GiteaID   string
+	OIDCID    string `gorm:"column:oidc_id"`
+
+	Gists               []Gist               `gorm:"constraint:OnUpdate:CASCADE,OnDelete:CASCADE;foreignKey:UserID"`
+	SSHKeys             []SSHKey             `gorm:"constraint:OnUpdate:CASCADE,OnDelete:CASCADE;foreignKey:UserID"`
+	Liked               []Gist               `gorm:"many2many:likes;constraint:OnUpdate:CASCADE,OnDelete:CASCADE"`
+	WebAuthnCredentials []WebAuthnCredential `gorm:"constraint:OnUpdate:CASCADE,OnDelete:CASCADE;foreignKey:UserID"`
+}
+
+func (user *User) BeforeDelete(tx *gorm.DB) error {
+	// Decrement likes counter using derived table
+	err := tx.Exec(`
+		UPDATE gists 
+		SET nb_likes = nb_likes - 1
+		WHERE id IN (
+			SELECT gist_id 
+			FROM (
+				SELECT gist_id 
+				FROM likes 
+				WHERE user_id = ?
+			) AS derived_likes
+		)
+	`, user.ID).Error
+	if err != nil {
+		return err
+	}
+
+	// Decrement forks counter using derived table
+	err = tx.Exec(`
+		UPDATE gists 
+		SET nb_forks = nb_forks - 1
+		WHERE id IN (
+			SELECT forked_id 
+			FROM (
+				SELECT forked_id 
+				FROM gists 
+				WHERE user_id = ? AND forked_id IS NOT NULL
+			) AS derived_forks
+		)
+	`, user.ID).Error
+	if err != nil {
+		return err
+	}
+
+	err = tx.Where("user_id = ?", user.ID).Delete(&SSHKey{}).Error
+	if err != nil {
+		return err
+	}
+
+	err = tx.Where("user_id = ?", user.ID).Delete(&WebAuthnCredential{}).Error
+	if err != nil {
+		return err
+	}
+
+	err = tx.Where("user_id = ?", user.ID).Delete(&Gist{}).Error
+	if err != nil {
+		return err
+	}
+
+	// Delete user directory
+	if err = git.DeleteUserDirectory(user.Username); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func UserExists(username string) (bool, error) {
+	var count int64
+	err := db.Model(&User{}).Where("username like ?", username).Count(&count).Error
+	return count > 0, err
+}
+
+func GetAllUsers(offset int) ([]*User, error) {
+	var users []*User
+	err := db.
+		Limit(11).
+		Offset(offset * 10).
+		Order("id asc").
+		Find(&users).Error
+
+	return users, err
+}
+
+func GetUserByUsername(username string) (*User, error) {
+	user := new(User)
+	err := db.
+		Where("username like ?", username).
+		First(&user).Error
+	return user, err
+}
+
+func GetUserById(userId uint) (*User, error) {
+	user := new(User)
+	err := db.
+		Where("id = ?", userId).
+		First(&user).Error
+	return user, err
+}
+
+func GetUsersFromEmails(emailsSet map[string]struct{}) (map[string]*User, error) {
+	var users []*User
+
+	emails := make([]string, 0, len(emailsSet))
+	for email := range emailsSet {
+		emails = append(emails, email)
+	}
+
+	err := db.
+		Where("email IN ?", emails).
+		Find(&users).Error
+	if err != nil {
+		return nil, err
+	}
+
+	userMap := make(map[string]*User)
+	for _, user := range users {
+		userMap[user.Email] = user
+	}
+
+	return userMap, nil
+}
+
+func GetUserFromSSHKey(sshKey string) (*User, error) {
+	user := new(User)
+	err := db.
+		Joins("JOIN ssh_keys ON users.id = ssh_keys.user_id").
+		Where("ssh_keys.content = ?", sshKey).
+		First(&user).Error
+	return user, err
+}
+
+func SSHKeyExistsForUser(sshKey string, userId uint) (*SSHKey, error) {
+	key := new(SSHKey)
+	err := db.
+		Where("content = ?", sshKey).
+		Where("user_id = ?", userId).
+		First(&key).Error
+
+	return key, err
+}
+
+func GetUserByProvider(id string, provider string) (*User, error) {
+	user := new(User)
+	var err error
+	switch provider {
+	case "github":
+		err = db.Where("github_id = ?", id).First(&user).Error
+	case "gitlab":
+		err = db.Where("gitlab_id = ?", id).First(&user).Error
+	case "gitea":
+		err = db.Where("gitea_id = ?", id).First(&user).Error
+	case "openid-connect":
+		err = db.Where("oidc_id = ?", id).First(&user).Error
+	}
+
+	return user, err
+}
+
+func (user *User) Create() error {
+	return db.Create(&user).Error
+}
+
+func (user *User) Update() error {
+	return db.Save(&user).Error
+}
+
+func (user *User) Delete() error {
+	return db.Delete(&user).Error
+}
+
+func (user *User) SetAdmin() error {
+	return db.Model(&user).Update("is_admin", true).Error
+}
+
+func (user *User) HasLiked(gist *Gist) (bool, error) {
+	association := db.Model(&gist).Where("user_id = ?", user.ID).Association("Likes")
+	if association.Error != nil {
+		return false, association.Error
+	}
+
+	if association.Count() == 0 {
+		return false, nil
+	}
+	return true, nil
+}
+
+func (user *User) DeleteProviderID(provider string) error {
+	providerIDFields := map[string]string{
+		"github":         "github_id",
+		"gitlab":         "gitlab_id",
+		"gitea":          "gitea_id",
+		"openid-connect": "oidc_id",
+	}
+
+	if providerIDField, ok := providerIDFields[provider]; ok {
+		return db.Model(&user).
+			Update(providerIDField, nil).
+			Update("avatar_url", nil).
+			Error
+	}
+
+	return nil
+}
+
+func (user *User) HasMFA() (bool, bool, error) {
+	var webauthn bool
+	var totp bool
+	err := db.Model(&WebAuthnCredential{}).Select("count(*) > 0").Where("user_id = ?", user.ID).Find(&webauthn).Error
+	if err != nil {
+		return false, false, err
+	}
+
+	err = db.Model(&TOTP{}).Select("count(*) > 0").Where("user_id = ?", user.ID).Find(&totp).Error
+
+	return webauthn, totp, err
+}
+
+// -- DTO -- //
+
+type UserDTO struct {
+	Username string `form:"username" validate:"required,max=24,alphanumdash,notreserved"`
+	Password string `form:"password" validate:"required"`
+}
+
+func (dto *UserDTO) ToUser() *User {
+	return &User{
+		Username: dto.Username,
+		Password: dto.Password,
+	}
+}
+
+type UserUsernameDTO struct {
+	Username string `form:"username" validate:"required,max=24,alphanumdash,notreserved"`
+}

internal/db/webauth_credential.go

@@ -0,0 +1,147 @@
+package db
+
+import (
+	"encoding/hex"
+	"github.com/go-webauthn/webauthn/webauthn"
+	"time"
+)
+
+type WebAuthnCredential struct {
+	ID                 uint `gorm:"primaryKey"`
+	Name               string
+	UserID             uint
+	User               User
+	CredentialID       binaryData `gorm:"type:binary_data"`
+	PublicKey          binaryData `gorm:"type:binary_data"`
+	AttestationType    string
+	AAGUID             binaryData `gorm:"type:binary_data"`
+	SignCount          uint32
+	CloneWarning       bool
+	FlagUserPresent    bool
+	FlagUserVerified   bool
+	FlagBackupEligible bool
+	FlagBackupState    bool
+	CreatedAt          int64
+	LastUsedAt         int64
+}
+
+func (*WebAuthnCredential) TableName() string {
+	return "webauthn"
+}
+
+func GetAllWACredentialsForUser(userID uint) ([]webauthn.Credential, error) {
+	var creds []WebAuthnCredential
+	err := db.Where("user_id = ?", userID).Find(&creds).Error
+	if err != nil {
+		return nil, err
+	}
+	webCreds := make([]webauthn.Credential, len(creds))
+	for i, cred := range creds {
+		webCreds[i] = webauthn.Credential{
+			ID:              cred.CredentialID,
+			PublicKey:       cred.PublicKey,
+			AttestationType: cred.AttestationType,
+			Authenticator: webauthn.Authenticator{
+				AAGUID:       cred.AAGUID,
+				SignCount:    cred.SignCount,
+				CloneWarning: cred.CloneWarning,
+			},
+			Flags: webauthn.CredentialFlags{
+				UserPresent:    cred.FlagUserPresent,
+				UserVerified:   cred.FlagUserVerified,
+				BackupEligible: cred.FlagBackupEligible,
+				BackupState:    cred.FlagBackupState,
+			},
+		}
+	}
+	return webCreds, nil
+}
+
+func GetAllCredentialsForUser(userID uint) ([]WebAuthnCredential, error) {
+	var creds []WebAuthnCredential
+	err := db.Where("user_id = ?", userID).Find(&creds).Error
+	return creds, err
+}
+
+func GetUserByCredentialID(credID binaryData) (*User, error) {
+	var credential WebAuthnCredential
+	var err error
+
+	switch db.Dialector.Name() {
+	case "postgres":
+		hexCredID := hex.EncodeToString(credID)
+		if err = db.Preload("User").Where("credential_id = decode(?, 'hex')", hexCredID).First(&credential).Error; err != nil {
+			return nil, err
+		}
+	case "mysql", "sqlite":
+		hexCredID := hex.EncodeToString(credID)
+		if err = db.Preload("User").Where("credential_id = unhex(?)", hexCredID).First(&credential).Error; err != nil {
+			return nil, err
+		}
+	}
+
+	return &credential.User, err
+}
+
+func GetCredentialByIDDB(id uint) (*WebAuthnCredential, error) {
+	var cred WebAuthnCredential
+	err := db.Where("id = ?", id).First(&cred).Error
+	return &cred, err
+}
+
+func GetCredentialByID(id binaryData) (*WebAuthnCredential, error) {
+	var cred WebAuthnCredential
+	var err error
+
+	switch db.Dialector.Name() {
+	case "postgres":
+		hexCredID := hex.EncodeToString(id)
+		if err = db.Where("credential_id = decode(?, 'hex')", hexCredID).First(&cred).Error; err != nil {
+			return nil, err
+		}
+	case "mysql", "sqlite":
+		hexCredID := hex.EncodeToString(id)
+		if err = db.Where("credential_id = unhex(?)", hexCredID).First(&cred).Error; err != nil {
+			return nil, err
+		}
+	}
+
+	return &cred, err
+}
+
+func CreateFromCrendential(userID uint, name string, cred *webauthn.Credential) (*WebAuthnCredential, error) {
+	credDb := &WebAuthnCredential{
+		UserID:             userID,
+		Name:               name,
+		CredentialID:       cred.ID,
+		PublicKey:          cred.PublicKey,
+		AttestationType:    cred.AttestationType,
+		AAGUID:             cred.Authenticator.AAGUID,
+		SignCount:          cred.Authenticator.SignCount,
+		CloneWarning:       cred.Authenticator.CloneWarning,
+		FlagUserPresent:    cred.Flags.UserPresent,
+		FlagUserVerified:   cred.Flags.UserVerified,
+		FlagBackupEligible: cred.Flags.BackupEligible,
+		FlagBackupState:    cred.Flags.BackupState,
+	}
+	err := db.Create(credDb).Error
+	return credDb, err
+}
+
+func (w *WebAuthnCredential) UpdateSignCount() error {
+	return db.Model(w).Update("sign_count", w.SignCount).Error
+}
+
+func (w *WebAuthnCredential) UpdateLastUsedAt() error {
+	return db.Model(w).Update("last_used_at", time.Now().Unix()).Error
+}
+
+func (w *WebAuthnCredential) Delete() error {
+	return db.Delete(w).Error
+}
+
+// -- DTO -- //
+
+type CrendentialDTO struct {
+	PasskeyName string `json:"passkeyname" validate:"max=50"`
+}

internal/git/commands.go

@@ -1,17 +1,63 @@
 package git
 
 import (
+	"bufio"
+	"bytes"
+	"context"
+	"encoding/base64"
 	"fmt"
-	"opengist/internal/config"
+	"io"
+	"net/url"
 	"os"
 	"os/exec"
 	"path"
 	"path/filepath"
+	"strconv"
 	"strings"
+	"time"
+
+	"github.com/labstack/echo/v4"
+	"github.com/rs/zerolog/log"
+	"github.com/thomiceli/opengist/internal/config"
 )
 
+var (
+	ReposDirectory = "repos"
+)
+
+const truncateLimit = 2 << 18
+const diffSize = 2 << 12
+const maxFilesPerDiffCommit = 10
+
+type RevisionNotFoundError struct{}
+
+func (m *RevisionNotFoundError) Error() string {
+	return "revision not found"
+}
+
 func RepositoryPath(user string, gist string) string {
-	return filepath.Join(config.GetHomeDir(), "repos", strings.ToLower(user), gist)
+	return filepath.Join(config.GetHomeDir(), ReposDirectory, strings.ToLower(user), gist)
+}
+
+func UserRepositoriesPath(user string) string {
+	return filepath.Join(config.GetHomeDir(), ReposDirectory, strings.ToLower(user))
+}
+
+func RepositoryUrl(ctx echo.Context, user string, gist string) string {
+	httpProtocol := "http"
+	if ctx.Request().TLS != nil || ctx.Request().Header.Get("X-Forwarded-Proto") == "https" {
+		httpProtocol = "https"
+	}
+
+	var baseHttpUrl string
+	// if a custom external url is set, use it
+	if config.C.ExternalUrl != "" {
+		baseHttpUrl = config.C.ExternalUrl
+	} else {
+		baseHttpUrl = httpProtocol + "://" + ctx.Request().Host
+	}
+
+	return fmt.Sprintf("%s/%s/%s", baseHttpUrl, user, gist)
 }
 
 func TmpRepositoryPath(gistId string) string {
@@ -26,22 +72,23 @@ func TmpRepositoriesPath() string {
 func InitRepository(user string, gist string) error {
 	repositoryPath := RepositoryPath(user, gist)
 
-	cmd := exec.Command(
-		"git",
-		"init",
-		"--bare",
-		repositoryPath,
-	)
+	var args []string
+	args = append(args, "init")
+	if config.C.GitDefaultBranch != "" {
+		args = append(args, "--initial-branch", config.C.GitDefaultBranch)
+	}
+	args = append(args, "--bare", repositoryPath)
 
-	err := cmd.Run()
-	if err != nil {
+	cmd := exec.Command("git", args...)
+
+	if err := cmd.Run(); err != nil {
 		return err
 	}
 
-	return copyFiles(repositoryPath)
+	return CreateDotGitFiles(user, gist)
 }
 
-func GetNumberOfCommitsOfRepository(user string, gist string) (string, error) {
+func CountCommits(user string, gist string) (string, error) {
 	repositoryPath := RepositoryPath(user, gist)
 
 	cmd := exec.Command(
@@ -62,8 +109,9 @@ func GetFilesOfRepository(user string, gist string, revision string) ([]string,
 	cmd := exec.Command(
 		"git",
 		"ls-tree",
-		revision,
 		"--name-only",
+		"--",
+		revision,
 	)
 	cmd.Dir = repositoryPath
 
@@ -73,35 +121,180 @@ func GetFilesOfRepository(user string, gist string, revision string) ([]string,
 	}
 
 	slice := strings.Split(string(stdout), "\n")
+	for i, s := range slice {
+		slice[i] = convertOctalToUTF8(s)
+	}
 	return slice[:len(slice)-1], nil
 }
 
+type catFileBatch struct {
+	Name, Hash, Content string
+	Size                uint64
+	Truncated           bool
+}
+
+func CatFileBatch(user string, gist string, revision string, truncate bool) ([]*catFileBatch, error) {
+	repositoryPath := RepositoryPath(user, gist)
+
+	lsTreeCmd := exec.Command("git", "ls-tree", "-l", revision)
+	lsTreeCmd.Dir = repositoryPath
+	lsTreeOutput, err := lsTreeCmd.Output()
+	if err != nil {
+		return nil, err
+	}
+
+	fileMap := make([]*catFileBatch, 0)
+
+	lines := strings.Split(string(lsTreeOutput), "\n")
+	for _, line := range lines {
+		fields := strings.Fields(line)
+		if len(fields) < 4 {
+			continue // Skip lines that don't have enough fields
+		}
+
+		hash := fields[2]
+		size, err := strconv.ParseUint(fields[3], 10, 64)
+		if err != nil {
+			continue // Skip lines with invalid size field
+		}
+		name := strings.Join(fields[4:], " ") // File name may contain spaces
+
+		fileMap = append(fileMap, &catFileBatch{
+			Hash: hash,
+			Size: size,
+			Name: convertOctalToUTF8(name),
+		})
+	}
+
+	catFileCmd := exec.Command("git", "cat-file", "--batch")
+	catFileCmd.Dir = repositoryPath
+	stdin, err := catFileCmd.StdinPipe()
+	if err != nil {
+		return nil, err
+	}
+	stdout, err := catFileCmd.StdoutPipe()
+	if err != nil {
+		return nil, err
+	}
+	if err = catFileCmd.Start(); err != nil {
+		return nil, err
+	}
+
+	reader := bufio.NewReader(stdout)
+
+	for _, file := range fileMap {
+		_, err = stdin.Write([]byte(file.Hash + "\n"))
+		if err != nil {
+			return nil, err
+		}
+
+		header, err := reader.ReadString('\n')
+		if err != nil {
+			return nil, err
+		}
+
+		parts := strings.Fields(header)
+		if len(parts) > 3 {
+			continue // Not a valid header, skip this entry
+		}
+
+		size, err := strconv.ParseUint(parts[2], 10, 64)
+		if err != nil {
+			return nil, err
+		}
+
+		sizeToRead := size
+		if truncate && sizeToRead > truncateLimit {
+			sizeToRead = truncateLimit
+		}
+
+		// Read exactly size bytes from header, or the max allowed if truncated
+		content := make([]byte, sizeToRead)
+		if _, err = io.ReadFull(reader, content); err != nil {
+			return nil, err
+		}
+
+		file.Content = string(content)
+
+		if truncate && size > truncateLimit {
+			// skip other bytes if truncated
+			if _, err = reader.Discard(int(size - truncateLimit)); err != nil {
+				return nil, err
+			}
+			file.Truncated = true
+		}
+
+		// Read the blank line following the content
+		if _, err := reader.ReadByte(); err != nil {
+			return nil, err
+		}
+	}
+
+	if err = stdin.Close(); err != nil {
+		return nil, err
+	}
+
+	if err = catFileCmd.Wait(); err != nil {
+		return nil, err
+	}
+
+	return fileMap, nil
+}
+
 func GetFileContent(user string, gist string, revision string, filename string, truncate bool) (string, bool, error) {
 	repositoryPath := RepositoryPath(user, gist)
 
 	var maxBytes int64 = -1
 	if truncate {
-		maxBytes = 2 << 18
+		maxBytes = truncateLimit
 	}
 
-	cmd := exec.Command(
+	// Set up a context with a timeout
+	ctx, cancel := context.WithTimeout(context.Background(), 1*time.Minute)
+	defer cancel()
+
+	cmd := exec.CommandContext(
+		ctx,
 		"git",
 		"--no-pager",
 		"show",
-		revision+":"+filename,
+		revision+":"+convertURLToOctal(filename),
 	)
 	cmd.Dir = repositoryPath
 
-	stdout, _ := cmd.StdoutPipe()
-	err := cmd.Start()
+	output, err := cmd.Output()
 	if err != nil {
 		return "", false, err
 	}
 
-	return truncateCommandOutput(stdout, maxBytes)
+	content, truncated, err := truncateCommandOutput(bytes.NewReader(output), maxBytes)
+	if err != nil {
+		return "", false, err
+	}
+
+	return content, truncated, nil
 }
 
-func GetLog(user string, gist string, skip string) ([]*Commit, error) {
+func GetFileSize(user string, gist string, revision string, filename string) (uint64, error) {
+	repositoryPath := RepositoryPath(user, gist)
+
+	cmd := exec.Command(
+		"git",
+		"cat-file",
+		"-s",
+		revision+":"+convertURLToOctal(filename),
+	)
+	cmd.Dir = repositoryPath
+
+	stdout, err := cmd.Output()
+	if err != nil {
+		return 0, err
+	}
+
+	return strconv.ParseUint(strings.TrimSuffix(string(stdout), "\n"), 10, 64)
+}
+
+func GetLog(user string, gist string, skip int) ([]*Commit, error) {
 	repositoryPath := RepositoryPath(user, gist)
 
 	cmd := exec.Command(
@@ -113,7 +306,7 @@ func GetLog(user string, gist string, skip string) ([]*Commit, error) {
 		"--no-color",
 		"-p",
 		"--skip",
-		skip,
+		strconv.Itoa(skip),
 		"--format=format:c %H%na %aN%nm %ae%nt %at",
 		"--shortstat",
 		"HEAD",
@@ -124,11 +317,17 @@ func GetLog(user string, gist string, skip string) ([]*Commit, error) {
 	if err != nil {
 		return nil, err
 	}
+	defer func(cmd *exec.Cmd) {
+		waitErr := cmd.Wait()
+		if waitErr != nil {
+			err = waitErr
+		}
+	}(cmd)
 
-	return parseLog(stdout, 2<<18), nil
+	return parseLog(stdout, maxFilesPerDiffCommit, diffSize)
 }
 
-func CloneTmp(user string, gist string, gistTmpId string, email string) error {
+func CloneTmp(user string, gist string, gistTmpId string, email string, remove bool) error {
 	repositoryPath := RepositoryPath(user, gist)
 
 	tmpPath := TmpRepositoriesPath()
@@ -146,13 +345,13 @@ func CloneTmp(user string, gist string, gistTmpId string, email string) error {
 		return err
 	}
 
-	// remove every file (and not the .git directory!)
-	cmd = exec.Command("find", ".", "-maxdepth", "1", "-type", "f", "-delete")
-	cmd.Dir = tmpRepositoryPath
-	if err = cmd.Run(); err != nil {
-		return err
+	// remove every file (keep the .git directory)
+	// useful when user wants to edit multiple files from an existing gist
+	if remove {
+		if err = removeFilesExceptGit(tmpRepositoryPath); err != nil {
+			return err
+		}
 	}
-
 	cmd = exec.Command("git", "config", "--local", "user.name", user)
 	cmd.Dir = tmpRepositoryPath
 	if err = cmd.Run(); err != nil {
@@ -173,7 +372,7 @@ func ForkClone(userSrc string, gistSrc string, userDst string, gistDst string) e
 		return err
 	}
 
-	return copyFiles(repositoryPathDst)
+	return CreateDotGitFiles(userDst, gistDst)
 }
 
 func SetFileContent(gistTmpId string, filename string, content string) error {
@@ -226,7 +425,6 @@ func Push(gistTmpId string) error {
 	if err != nil {
 		return err
 	}
-
 	return os.RemoveAll(tmpRepositoryPath)
 }
 
@@ -251,6 +449,83 @@ func RPC(user string, gist string, service string) ([]byte, error) {
 	return stdout, err
 }
 
+func GcRepos() error {
+	subdirs, err := os.ReadDir(filepath.Join(config.GetHomeDir(), ReposDirectory))
+	if err != nil {
+		return err
+	}
+
+	for _, subdir := range subdirs {
+		if !subdir.IsDir() {
+			continue
+		}
+
+		subRoot := filepath.Join(config.GetHomeDir(), ReposDirectory, subdir.Name())
+
+		gitRepos, err := os.ReadDir(subRoot)
+		if err != nil {
+			log.Warn().Err(err).Msg("Cannot read directory")
+			continue
+		}
+
+		for _, repo := range gitRepos {
+			if !repo.IsDir() {
+				continue
+			}
+
+			repoPath := filepath.Join(subRoot, repo.Name())
+
+			log.Info().Msg("Running git gc for repository " + repoPath)
+
+			cmd := exec.Command("git", "gc")
+			cmd.Dir = repoPath
+			err = cmd.Run()
+			if err != nil {
+				log.Warn().Err(err).Msg("Cannot run git gc for repository " + repoPath)
+				continue
+			}
+		}
+	}
+
+	return err
+}
+
+func ResetHooks() error {
+	entries, err := filepath.Glob(filepath.Join(config.GetHomeDir(), ReposDirectory, "*", "*"))
+	if err != nil {
+		return err
+	}
+
+	for _, e := range entries {
+		repoPath := strings.Split(e, string(os.PathSeparator))
+		if err := CreateDotGitFiles(repoPath[len(repoPath)-2], repoPath[len(repoPath)-1]); err != nil {
+			log.Error().Err(err).Msgf("Cannot reset hooks for repository %s/%s", repoPath[len(repoPath)-2], repoPath[len(repoPath)-1])
+		}
+	}
+
+	return nil
+}
+
+func HasNoCommits(user string, gist string) (bool, error) {
+	repositoryPath := RepositoryPath(user, gist)
+
+	cmd := exec.Command("git", "rev-parse", "--all")
+	cmd.Dir = repositoryPath
+
+	var out bytes.Buffer
+	cmd.Stdout = &out
+
+	if err := cmd.Run(); err != nil {
+		return false, err
+	}
+
+	if out.String() == "" {
+		return true, nil // No commits exist
+	}
+
+	return false, nil // Commits exist
+}
+
 func GetGitVersion() (string, error) {
 	cmd := exec.Command("git", "--version")
 	stdout, err := cmd.Output()
@@ -266,16 +541,81 @@ func GetGitVersion() (string, error) {
 	return versionFields[2], nil
 }
 
-func copyFiles(repositoryPath string) error {
+func CreateDotGitFiles(user string, gist string) error {
+	repositoryPath := RepositoryPath(user, gist)
+
 	f1, err := os.OpenFile(filepath.Join(repositoryPath, "git-daemon-export-ok"), os.O_RDONLY|os.O_CREATE, 0644)
+	if err != nil {
+		return err
+	}
 	defer f1.Close()
 
-	preReceiveDst, err := os.OpenFile(filepath.Join(repositoryPath, "hooks", "pre-receive"), os.O_APPEND|os.O_WRONLY|os.O_CREATE, 0744)
+	if os.Getenv("OPENGIST_SKIP_GIT_HOOKS") != "1" {
+		for _, hook := range []string{"pre-receive", "post-receive"} {
+			if err = createDotGitHookFile(repositoryPath, hook, fmt.Sprintf(hookTemplate, hook)); err != nil {
+				return err
+			}
+		}
+	}
+
+	return nil
+}
+
+func DeleteUserDirectory(user string) error {
+	return os.RemoveAll(filepath.Join(config.GetHomeDir(), ReposDirectory, user))
+}
+
+func SerialiseInitRepository(user string, serialized []byte) error {
+	userRepositoryPath := UserRepositoriesPath(user)
+	initPath := filepath.Join(userRepositoryPath, "_init")
+
+	f, err := os.OpenFile(initPath, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644)
+	if err != nil {
+		return err
+	}
+	defer f.Close()
+
+	encodedData := base64.StdEncoding.EncodeToString(serialized)
+	_, err = f.Write(append([]byte(encodedData), '\n'))
+	return err
+}
+
+func DeserialiseInitRepository(user string) ([]byte, error) {
+	initPath := filepath.Join(UserRepositoriesPath(user), "_init")
+
+	content, err := os.ReadFile(initPath)
+	if err != nil {
+		return nil, err
+	}
+
+	idx := bytes.Index(content, []byte{'\n'})
+	if idx == -1 {
+		return base64.StdEncoding.DecodeString(string(content))
+	}
+
+	firstLine := content[:idx]
+	remaining := content[idx+1:]
+
+	if len(remaining) == 0 {
+		if err := os.Remove(initPath); err != nil {
+			return nil, fmt.Errorf("failed to remove file: %v", err)
+		}
+	} else {
+		if err := os.WriteFile(initPath, remaining, 0644); err != nil {
+			return nil, fmt.Errorf("failed to write remaining content: %v", err)
+		}
+	}
+
+	return base64.StdEncoding.DecodeString(string(firstLine))
+}
+
+func createDotGitHookFile(repositoryPath string, hook string, content string) error {
+	preReceiveDst, err := os.OpenFile(filepath.Join(repositoryPath, "hooks", hook), os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0744)
 	if err != nil {
 		return err
 	}
 
-	if _, err = preReceiveDst.WriteString(preReceive); err != nil {
+	if _, err = preReceiveDst.WriteString(content); err != nil {
 		return err
 	}
 	defer preReceiveDst.Close()
@@ -283,29 +623,63 @@ func copyFiles(repositoryPath string) error {
 	return nil
 }
 
-const preReceive = `#!/bin/sh
+func removeFilesExceptGit(dir string) error {
+	return filepath.WalkDir(dir, func(path string, d os.DirEntry, err error) error {
+		if err != nil {
+			return err
+		}
+		if d.IsDir() && filepath.Base(path) == ".git" {
+			return filepath.SkipDir
+		}
+		if !d.IsDir() {
+			return os.Remove(path)
+		}
+		return nil
+	})
+}
 
-disallowed_files=""
+func convertOctalToUTF8(name string) string {
+	name = strings.Trim(name, `"`)
+	utf8Name, err := strconv.Unquote(name)
+	if err != nil {
+		utf8Name, err = strconv.Unquote(`"` + name + `"`)
+		if err != nil {
+			return name
+		}
+	}
+	return utf8Name
+}
 
-while read -r old_rev new_rev ref
-do
-  while IFS= read -r file
-  do
-    case $file in
-      */*)
-        disallowed_files="${disallowed_files}${file} "
-        ;;
-    esac
-  done <<EOF
-$(git diff --name-only "$old_rev" "$new_rev")
-EOF
-done
+func convertUTF8ToOctal(name string) string {
+	if strings.Contains(name, "\\") {
+		return name
+	}
 
-if [ -n "$disallowed_files" ]; then
-  echo "Pushing files in folders is not allowed:"
-  for file in $disallowed_files; do
-    echo "  $file"
-  done
-  exit 1
-fi
+	needsQuoting := false
+	for _, r := range name {
+		if r > 127 {
+			needsQuoting = true
+			break
+		}
+	}
+
+	if !needsQuoting {
+		return name
+	}
+
+	quoted := fmt.Sprintf("%q", name)
+	return strings.Trim(quoted, `"`)
+}
+
+func convertURLToOctal(name string) string {
+	decoded, err := url.QueryUnescape(name)
+	if err != nil {
+		return name
+	}
+
+	return convertUTF8ToOctal(decoded)
+}
+
+const hookTemplate = `#!/bin/sh
+"$OG_OPENGIST_HOME_INTERNAL/symlinks/opengist" --config=$OG_OPENGIST_HOME_INTERNAL/symlinks/config.yml hook %s
 `

internal/git/commands_test.go

@@ -0,0 +1,249 @@
+package git
+
+import (
+	"github.com/stretchr/testify/require"
+	"github.com/thomiceli/opengist/internal/config"
+	"os"
+	"os/exec"
+	"path"
+	"strings"
+	"testing"
+)
+
+func TestInitDeleteRepository(t *testing.T) {
+	SetupTest(t)
+	defer TeardownTest(t)
+
+	cmd := exec.Command("git", "rev-parse", "--is-bare-repository")
+	cmd.Dir = RepositoryPath("thomas", "gist1")
+	out, err := cmd.Output()
+	require.NoError(t, err, "Could not run git command")
+	require.Equal(t, "true", strings.TrimSpace(string(out)), "Repository is not bare")
+
+	_, err = os.Stat(path.Join(RepositoryPath("thomas", "gist1"), "git-daemon-export-ok"))
+	require.NoError(t, err, "git-daemon-export-ok file not found")
+
+	err = DeleteRepository("thomas", "gist1")
+	require.NoError(t, err, "Could not delete repository")
+	require.NoDirExists(t, RepositoryPath("thomas", "gist1"), "Repository should not exist")
+}
+
+func TestCommits(t *testing.T) {
+	SetupTest(t)
+	defer TeardownTest(t)
+
+	hasNoCommits, err := HasNoCommits("thomas", "gist1")
+	require.NoError(t, err, "Could not check if repository has no commits")
+	require.True(t, hasNoCommits, "Repository should have no commits")
+
+	CommitToBare(t, "thomas", "gist1", nil)
+
+	hasNoCommits, err = HasNoCommits("thomas", "gist1")
+	require.NoError(t, err, "Could not check if repository has no commits")
+	require.False(t, hasNoCommits, "Repository should have commits")
+
+	nbCommits, err := CountCommits("thomas", "gist1")
+	require.NoError(t, err, "Could not count commits")
+	require.Equal(t, "1", nbCommits, "Repository should have 1 commit")
+
+	CommitToBare(t, "thomas", "gist1", nil)
+	nbCommits, err = CountCommits("thomas", "gist1")
+	require.NoError(t, err, "Could not count commits")
+	require.Equal(t, "2", nbCommits, "Repository should have 2 commits")
+}
+
+func TestContent(t *testing.T) {
+	SetupTest(t)
+	defer TeardownTest(t)
+
+	CommitToBare(t, "thomas", "gist1", map[string]string{
+		"my_file.txt": "I love Opengist\n",
+		"my_other_file.txt": `I really
+hate Opengist`,
+		"rip.txt": "byebye",
+		"中文名.txt": "中文内容",
+	})
+
+	files, err := GetFilesOfRepository("thomas", "gist1", "HEAD")
+	require.NoError(t, err, "Could not get files of repository")
+	require.Subset(t, []string{"my_file.txt", "my_other_file.txt", "rip.txt", "中文名.txt"}, files, "Files are not correct")
+
+	content, truncated, err := GetFileContent("thomas", "gist1", "HEAD", "my_file.txt", false)
+	require.NoError(t, err, "Could not get content")
+	require.False(t, truncated, "Content should not be truncated")
+	require.Equal(t, "I love Opengist\n", content, "Content is not correct")
+
+	content, truncated, err = GetFileContent("thomas", "gist1", "HEAD", "my_other_file.txt", false)
+	require.NoError(t, err, "Could not get content")
+	require.False(t, truncated, "Content should not be truncated")
+	require.Equal(t, "I really\nhate Opengist", content, "Content is not correct")
+
+	content, truncated, err = GetFileContent("thomas", "gist1", "HEAD", "中文名.txt", false)
+	require.NoError(t, err, "Could not get content")
+	require.False(t, truncated, "Content should not be truncated")
+	require.Equal(t, "中文内容", content, "Content is not correct")
+
+	CommitToBare(t, "thomas", "gist1", map[string]string{
+		"my_renamed_file.txt": "I love Opengist\n",
+		"my_other_file.txt": `I really
+like Opengist actually`,
+		"new_file.txt": "Wait now there is a new file",
+		"中文名.txt":      "中文内容",
+	})
+
+	files, err = GetFilesOfRepository("thomas", "gist1", "HEAD")
+	require.NoError(t, err, "Could not get files of repository")
+	require.Subset(t, []string{"my_renamed_file.txt", "my_other_file.txt", "new_file.txt", "中文名.txt"}, files, "Files are not correct")
+
+	content, truncated, err = GetFileContent("thomas", "gist1", "HEAD", "my_other_file.txt", false)
+	require.NoError(t, err, "Could not get content")
+	require.False(t, truncated, "Content should not be truncated")
+	require.Equal(t, "I really\nlike Opengist actually", content, "Content is not correct")
+
+	commits, err := GetLog("thomas", "gist1", 0)
+	require.NoError(t, err, "Could not get log")
+	require.Equal(t, 2, len(commits), "Commits count are not correct")
+	require.Regexp(t, "[a-f0-9]{40}", commits[0].Hash, "Commit ID is not correct")
+	require.Regexp(t, "[0-9]{10}", commits[0].Timestamp, "Commit timestamp is not correct")
+	require.Equal(t, "thomas", commits[0].AuthorName, "Commit author name is not correct")
+	require.Equal(t, "thomas@mail.com", commits[0].AuthorEmail, "Commit author email is not correct")
+	require.Equal(t, "4 files changed, 2 insertions, 2 deletions", commits[0].Changed, "Commit author name is not correct")
+
+	require.Contains(t, commits[0].Files, File{
+		Filename:    "my_renamed_file.txt",
+		OldFilename: "my_file.txt",
+		Content:     "",
+		Truncated:   false,
+		IsCreated:   false,
+		IsDeleted:   false,
+	}, "File my_renamed_file.txt is not correct")
+
+	require.Contains(t, commits[0].Files, File{
+		Filename:    "rip.txt",
+		OldFilename: "",
+		Content: `@@ -1 +0,0 @@
+-byebye
+\ No newline at end of file
+`,
+		Truncated: false,
+		IsCreated: false,
+		IsDeleted: true,
+	}, "File rip.txt is not correct")
+
+	require.Contains(t, commits[0].Files, File{
+		Filename:    "my_other_file.txt",
+		OldFilename: "my_other_file.txt",
+		Content: `@@ -1,2 +1,2 @@
+ I really
+-hate Opengist
+\ No newline at end of file
++like Opengist actually
+\ No newline at end of file
+`,
+		Truncated: false,
+		IsCreated: false,
+		IsDeleted: false,
+	}, "File my_other_file.txt is not correct")
+
+	require.Contains(t, commits[0].Files, File{
+		Filename:    "new_file.txt",
+		OldFilename: "",
+		Content: `@@ -0,0 +1 @@
++Wait now there is a new file
+\ No newline at end of file
+`,
+		Truncated: false,
+		IsCreated: true,
+		IsDeleted: false,
+	}, "File new_file.txt is not correct")
+
+	commitsSkip1, err := GetLog("thomas", "gist1", 1)
+	require.NoError(t, err, "Could not get log")
+	require.Equal(t, commitsSkip1[0], commits[1], "Commits skips are not correct")
+}
+
+func TestGitGc(t *testing.T) {
+	SetupTest(t)
+	defer TeardownTest(t)
+
+	err := GcRepos()
+	require.NoError(t, err, "Could not run git gc")
+}
+
+func TestFork(t *testing.T) {
+	SetupTest(t)
+	defer TeardownTest(t)
+
+	CommitToBare(t, "thomas", "gist1", map[string]string{
+		"my_file.txt": "I love Opengist\n",
+	})
+
+	err := ForkClone("thomas", "gist1", "thomas", "gist2")
+	require.NoError(t, err, "Could not fork repository")
+
+	files1, err := GetFilesOfRepository("thomas", "gist1", "HEAD")
+	require.NoError(t, err, "Could not get files of repository")
+	files2, err := GetFilesOfRepository("thomas", "gist2", "HEAD")
+	require.NoError(t, err, "Could not get files of repository")
+
+	require.Equal(t, files1, files2, "Files are not the same")
+
+}
+
+func TestTruncate(t *testing.T) {
+	SetupTest(t)
+	defer TeardownTest(t)
+
+	CommitToBare(t, "thomas", "gist1", map[string]string{
+		"my_file.txt": "A",
+	})
+
+	content, truncated, err := GetFileContent("thomas", "gist1", "HEAD", "my_file.txt", true)
+	require.NoError(t, err, "Could not get content")
+	require.False(t, truncated, "Content should not be truncated")
+	require.Equal(t, 1, len(content), "Content size is not correct")
+
+	var builder strings.Builder
+	for i := 0; i < truncateLimit+10; i++ {
+		builder.WriteString("A")
+	}
+	str := builder.String()
+	CommitToBare(t, "thomas", "gist1", map[string]string{
+		"my_file.txt": str,
+	})
+
+	content, truncated, err = GetFileContent("thomas", "gist1", "HEAD", "my_file.txt", true)
+	require.NoError(t, err, "Could not get content")
+	require.True(t, truncated, "Content should be truncated")
+	require.Equal(t, truncateLimit, len(content), "Content size should be at truncate limit")
+
+	CommitToBare(t, "thomas", "gist1", map[string]string{
+		"my_file.txt": "AA\n" + str,
+	})
+
+	content, truncated, err = GetFileContent("thomas", "gist1", "HEAD", "my_file.txt", true)
+	require.NoError(t, err, "Could not get content")
+	require.True(t, truncated, "Content should be truncated")
+	require.Equal(t, 2, len(content), "Content size is not correct")
+}
+
+func TestGitInitBranchNames(t *testing.T) {
+	SetupTest(t)
+	defer TeardownTest(t)
+
+	cmd := exec.Command("git", "symbolic-ref", "HEAD")
+	cmd.Dir = RepositoryPath("thomas", "gist1")
+	out, err := cmd.Output()
+	require.NoError(t, err, "Could not run git command")
+	require.Equal(t, "refs/heads/master", strings.TrimSpace(string(out)), "Repository should have master branch as default")
+
+	config.C.GitDefaultBranch = "main"
+
+	err = InitRepository("thomas", "gist2")
+	require.NoError(t, err)
+	cmd = exec.Command("git", "symbolic-ref", "HEAD")
+	cmd.Dir = RepositoryPath("thomas", "gist2")
+	out, err = cmd.Output()
+	require.NoError(t, err, "Could not run git command")
+	require.Equal(t, "refs/heads/main", strings.TrimSpace(string(out)), "Repository should have main branch as default")
+}

internal/git/config.go

@@ -0,0 +1,63 @@
+package git
+
+import (
+	"errors"
+	"os/exec"
+	"regexp"
+)
+
+type configEntry struct {
+	value string
+	fn    func(string, string) error
+}
+
+func InitGitConfig() error {
+	configs := map[string]configEntry{
+		"receive.advertisePushOptions": {value: "true", fn: setGitConfig},
+		"safe.directory":               {value: "*", fn: addGitConfig},
+	}
+
+	for key, entry := range configs {
+		if err := entry.fn(key, entry.value); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+func setGitConfig(key, value string) error {
+	_, err := getGitConfig(key, value)
+	if err != nil && !checkErrorCode(err, 1) {
+		return err
+	}
+
+	cmd := exec.Command("git", "config", "--global", key, value)
+	return cmd.Run()
+}
+
+func addGitConfig(key, value string) error {
+	_, err := getGitConfig(key, regexp.QuoteMeta(value))
+	if err == nil {
+		return nil
+	}
+	if checkErrorCode(err, 1) {
+		cmd := exec.Command("git", "config", "--global", "--add", key, value)
+		return cmd.Run()
+	}
+	return err
+}
+
+func getGitConfig(key, value string) (string, error) {
+	cmd := exec.Command("git", "config", "--global", "--get", key, value)
+	out, err := cmd.Output()
+	return string(out), err
+}
+
+func checkErrorCode(err error, code int) bool {
+	var exitError *exec.ExitError
+	if errors.As(err, &exitError) {
+		return exitError.ExitCode() == code
+	}
+	return false
+}

internal/git/output_parser.go

@@ -6,17 +6,18 @@ import (
 	"encoding/csv"
 	"fmt"
 	"io"
-	"regexp"
 	"strings"
 )
 
 type File struct {
-	Filename    string
-	OldFilename string
-	Content     string
-	Truncated   bool
-	IsCreated   bool
-	IsDeleted   bool
+	Filename    string `json:"filename"`
+	Size        uint64 `json:"size"`
+	HumanSize   string `json:"human_size"`
+	OldFilename string `json:"-"`
+	Content     string `json:"content"`
+	Truncated   bool   `json:"truncated"`
+	IsCreated   bool   `json:"-"`
+	IsDeleted   bool   `json:"-"`
 }
 
 type CsvFile struct {
@@ -46,7 +47,7 @@ func truncateCommandOutput(out io.Reader, maxBytes int64) (string, bool, error)
 	if err != nil {
 		return "", false, err
 	}
-	truncated := len(buf) >= int(maxBytes)
+	truncated := maxBytes > 0 && len(buf) >= int(maxBytes)
 	// Remove the last line if it's truncated
 	if truncated {
 		// Find the index of the last newline character
@@ -61,124 +62,287 @@ func truncateCommandOutput(out io.Reader, maxBytes int64) (string, bool, error)
 	return string(buf), truncated, nil
 }
 
-func parseLog(out io.Reader, maxBytes int) []*Commit {
-	scanner := bufio.NewScanner(out)
-
+// inspired from https://github.com/go-gitea/gitea/blob/main/services/gitdiff/gitdiff.go
+func parseLog(out io.Reader, maxFiles int, maxBytes int) ([]*Commit, error) {
 	var commits []*Commit
 	var currentCommit *Commit
 	var currentFile *File
-	var isContent bool
-	var bytesRead = 0
-	scanNext := true
+	var headerParsed = false
+	var skipped = false
+	var line string
+	var err error
+
+	input := bufio.NewReaderSize(out, maxBytes)
+
+	// Loop Commits
+loopLog:
+	for {
+		// If a commit was skipped, do not read a new line
+		if !skipped {
+			line, err = input.ReadString('\n')
+			if err != nil {
+				if err == io.EOF {
+					break loopLog
+				}
+				return commits, err
+			}
+		}
+
+		// Remove trailing newline characters
+		if len(line) > 0 && (line[len(line)-1] == '\n' || line[len(line)-1] == '\r') {
+			line = line[:len(line)-1]
+		}
+
+		// Attempt to parse commit header (hash, author, mail, timestamp) or a diff
+		switch line[0] {
+		// Commit hash
+		case 'c':
+			if headerParsed {
+				commits = append(commits, currentCommit)
+			}
+			skipped = false
+			currentCommit = &Commit{Hash: line[2:], Files: []File{}}
+			continue
+
+		// Author name
+		case 'a':
+			headerParsed = true
+			currentCommit.AuthorName = line[2:]
+			continue
+
+		// Author email
+		case 'm':
+			currentCommit.AuthorEmail = line[2:]
+			continue
+
+		// Commit timestamp
+		case 't':
+			currentCommit.Timestamp = line[2:]
+			continue
+
+		// Commit shortstat
+		case ' ':
+			changed := []byte(line)[1:]
+			changed = bytes.ReplaceAll(changed, []byte("(+)"), []byte(""))
+			changed = bytes.ReplaceAll(changed, []byte("(-)"), []byte(""))
+			currentCommit.Changed = string(changed)
+
+			// shortstat is followed by an empty line
+			line, err = input.ReadString('\n')
+			if err != nil {
+				if err == io.EOF {
+					break loopLog
+				}
+				return commits, err
+			}
+			continue
+
+		// Commit diff
+		default:
+			// Loop files in diff
+		loopCommit:
+			for {
+				// If we have reached the maximum number of files to show for a single commit, skip to the next commit
+				if len(currentCommit.Files) >= maxFiles {
+					line, err = skipToNextCommit(input)
+					if err != nil {
+						if err == io.EOF {
+							break loopLog
+						}
+						return commits, err
+					}
+
+					// Skip to the next commit
+					headerParsed = false
+					skipped = true
+					break loopCommit
+				}
+
+				// Else create a new file and parse it
+				currentFile = &File{}
+				parseRename := true
+
+			loopFileDiff:
+				for {
+					line, err = input.ReadString('\n')
+					if err != nil {
+						if err != io.EOF {
+							return commits, err
+						}
+						headerParsed = false
+						break loopCommit
+					}
+
+					// If the line is a newline character, the commit is finished
+					if line == "\n" {
+						currentCommit.Files = append(currentCommit.Files, *currentFile)
+						headerParsed = false
+						break loopCommit
+					}
+
+					// Attempt to parse the file header
+					switch {
+					case strings.HasPrefix(line, "diff --git"):
+						currentCommit.Files = append(currentCommit.Files, *currentFile)
+						headerParsed = false
+						break loopFileDiff
+					case strings.HasPrefix(line, "old mode"):
+					case strings.HasPrefix(line, "new mode"):
+					case strings.HasPrefix(line, "index"):
+					case strings.HasPrefix(line, "similarity index"):
+					case strings.HasPrefix(line, "dissimilarity index"):
+						continue
+					case strings.HasPrefix(line, "rename from "):
+						currentFile.OldFilename = convertOctalToUTF8(line[12 : len(line)-1])
+					case strings.HasPrefix(line, "rename to "):
+						currentFile.Filename = convertOctalToUTF8(line[10 : len(line)-1])
+						parseRename = false
+					case strings.HasPrefix(line, "copy from "):
+						currentFile.OldFilename = convertOctalToUTF8(line[10 : len(line)-1])
+					case strings.HasPrefix(line, "copy to "):
+						currentFile.Filename = convertOctalToUTF8(line[8 : len(line)-1])
+						parseRename = false
+					case strings.HasPrefix(line, "new file"):
+						currentFile.IsCreated = true
+					case strings.HasPrefix(line, "deleted file"):
+						currentFile.IsDeleted = true
+					case strings.HasPrefix(line, "--- "):
+						name := convertOctalToUTF8(line[4 : len(line)-1])
+						if parseRename && currentFile.IsDeleted {
+							currentFile.Filename = name[2:]
+						} else if parseRename && strings.HasPrefix(name, "a/") {
+							currentFile.OldFilename = name[2:]
+						}
+					case strings.HasPrefix(line, "+++ "):
+						name := convertOctalToUTF8(line[4 : len(line)-1])
+						if parseRename && strings.HasPrefix(name, "b/") {
+							currentFile.Filename = name[2:]
+						}
+
+						// Header is finally parsed, now we can parse the file diff content
+						lineBytes, isFragment, err := parseDiffContent(currentFile, maxBytes, input)
+						if err != nil {
+							if err != io.EOF {
+								return commits, err
+							}
+
+							// EOF reached, commit is finished
+							currentCommit.Files = append(currentCommit.Files, *currentFile)
+							headerParsed = false
+							break loopCommit
+						}
+
+						currentCommit.Files = append(currentCommit.Files, *currentFile)
+
+						if string(lineBytes) == "" {
+							headerParsed = false
+							break loopCommit
+						}
+
+						for isFragment {
+							_, isFragment, err = input.ReadLine()
+							if err != nil {
+								return commits, fmt.Errorf("unable to ReadLine: %w", err)
+							}
+						}
+
+						break loopFileDiff
+					}
+				}
+			}
+		}
+		commits = append(commits, currentCommit)
+	}
+
+	return commits, nil
+}
+
+func parseDiffContent(currentFile *File, maxBytes int, input *bufio.Reader) (lineBytes []byte, isFragment bool, err error) {
+	sb := &strings.Builder{}
+	var currFileLineCount int
 
 	for {
-		if scanNext && !scanner.Scan() {
-			break
+		for isFragment {
+			currentFile.Truncated = true
+
+			// Read the next line
+			_, isFragment, err = input.ReadLine()
+			if err != nil {
+				return nil, false, err
+			}
 		}
-		scanNext = true
 
-		// new commit found
-		currentFile = nil
-		currentCommit = &Commit{Hash: string(scanner.Bytes()[2:]), Files: []File{}}
+		sb.Reset()
 
-		scanner.Scan()
-		currentCommit.AuthorName = string(scanner.Bytes()[2:])
+		// Read the next line
+		lineBytes, isFragment, err = input.ReadLine()
+		if err != nil {
+			if err == io.EOF {
+				return lineBytes, isFragment, err
+			}
+			return nil, false, err
+		}
 
-		scanner.Scan()
-		currentCommit.AuthorEmail = string(scanner.Bytes()[2:])
+		// End of file
+		if len(lineBytes) == 0 {
+			return lineBytes, false, err
+		}
+		if lineBytes[0] == 'd' {
+			return lineBytes, false, err
+		}
 
-		scanner.Scan()
-		currentCommit.Timestamp = string(scanner.Bytes()[2:])
-
-		scanner.Scan()
-
-		// if there is no shortstat, it means that the commit is empty, we add it and move onto the next one
-		if scanner.Bytes()[0] != ' ' {
-			commits = append(commits, currentCommit)
-
-			// avoid scanning the next line, as we already did it
-			scanNext = false
+		if currFileLineCount >= maxBytes {
+			currentFile.Truncated = true
 			continue
 		}
 
-		changed := scanner.Bytes()[1:]
-		changed = bytes.ReplaceAll(changed, []byte("(+)"), []byte(""))
-		changed = bytes.ReplaceAll(changed, []byte("(-)"), []byte(""))
-		currentCommit.Changed = string(changed)
-
-		// twice because --shortstat adds a new line
-		scanner.Scan()
-		scanner.Scan()
-		// commit header parsed
-
-		// files changes inside the commit
-		for {
-			line := scanner.Bytes()
-
-			// end of content of file
-			if len(line) == 0 {
-				isContent = false
-				if currentFile != nil {
-					currentCommit.Files = append(currentCommit.Files, *currentFile)
-				}
-				break
-			}
-
-			// new file found
-			if bytes.HasPrefix(line, []byte("diff --git")) {
-				// current file is finished, we can add it to the commit
-				if currentFile != nil {
-					currentCommit.Files = append(currentCommit.Files, *currentFile)
-				}
-
-				// create a new file
-				isContent = false
-				bytesRead = 0
-				currentFile = &File{}
-				filenameRegex := regexp.MustCompile(`^diff --git a/(.+) b/(.+)$`)
-				matches := filenameRegex.FindStringSubmatch(string(line))
-				if len(matches) == 3 {
-					currentFile.Filename = matches[2]
-					if matches[1] != matches[2] {
-						currentFile.OldFilename = matches[1]
-					}
-				}
-				scanner.Scan()
-				continue
-			}
-
-			if bytes.HasPrefix(line, []byte("new")) {
-				currentFile.IsCreated = true
-			}
-
-			if bytes.HasPrefix(line, []byte("deleted")) {
-				currentFile.IsDeleted = true
-			}
-
-			// file content found
-			if line[0] == '@' {
-				isContent = true
-			}
-
-			if isContent {
-				currentFile.Content += string(line) + "\n"
-
-				bytesRead += len(line)
-				if bytesRead > maxBytes {
-					currentFile.Truncated = true
-					currentFile.Content = ""
-					isContent = false
+		line := string(lineBytes)
+		if isFragment {
+			currentFile.Truncated = true
+			for isFragment {
+				lineBytes, isFragment, err = input.ReadLine()
+				if err != nil {
+					return lineBytes, isFragment, fmt.Errorf("unable to ReadLine: %w", err)
 				}
 			}
-
-			scanner.Scan()
 		}
 
-		commits = append(commits, currentCommit)
-
+		if len(line) > maxBytes {
+			currentFile.Truncated = true
+			line = line[:maxBytes]
+		}
+		currentFile.Content += line + "\n"
 	}
+}
 
-	return commits
+func skipToNextCommit(input *bufio.Reader) (line string, err error) {
+	// need to skip until the next cmdDiffHead
+	var isFragment, wasFragment bool
+	var lineBytes []byte
+	for {
+		lineBytes, isFragment, err = input.ReadLine()
+		if err != nil {
+			return "", err
+		}
+		if wasFragment {
+			wasFragment = isFragment
+			continue
+		}
+		if bytes.HasPrefix(lineBytes, []byte("c")) {
+			break
+		}
+		wasFragment = isFragment
+	}
+	line = string(lineBytes)
+	if isFragment {
+		var tail string
+		tail, err = input.ReadString('\n')
+		if err != nil {
+			return "", err
+		}
+		line += tail
+	}
+	return line, err
 }
 
 func ParseCsv(file *File) (*CsvFile, error) {

internal/git/test_funcs.go

@@ -0,0 +1,71 @@
+package git
+
+import (
+	"github.com/stretchr/testify/require"
+	"github.com/thomiceli/opengist/internal/config"
+	"io"
+	"os"
+	"os/exec"
+	"path"
+	"path/filepath"
+	"strings"
+	"testing"
+)
+
+func SetupTest(t *testing.T) {
+	_ = os.Setenv("OPENGIST_SKIP_GIT_HOOKS", "1")
+
+	err := config.InitConfig("", io.Discard)
+	require.NoError(t, err, "Could not init config")
+
+	err = os.MkdirAll(path.Join(config.GetHomeDir(), "tests"), 0755)
+	ReposDirectory = path.Join("tests")
+	require.NoError(t, err)
+
+	err = os.MkdirAll(filepath.Join(config.GetHomeDir(), "tmp", "repos"), 0755)
+	require.NoError(t, err)
+
+	err = InitRepository("thomas", "gist1")
+	require.NoError(t, err)
+}
+
+func TeardownTest(t *testing.T) {
+	err := os.RemoveAll(path.Join(config.GetHomeDir(), "tests"))
+	require.NoError(t, err, "Could not remove repos directory")
+}
+
+func CommitToBare(t *testing.T, user string, gist string, files map[string]string) {
+	err := CloneTmp(user, gist, gist, "thomas@mail.com", true)
+	require.NoError(t, err, "Could not clone repository")
+
+	if len(files) > 0 {
+		for filename, content := range files {
+			if strings.Contains(filename, "/") {
+				dir := filepath.Dir(filename)
+				err := os.MkdirAll(filepath.Join(TmpRepositoryPath(gist), dir), os.ModePerm)
+				require.NoError(t, err, "Could not create directory")
+			}
+			_ = os.WriteFile(filepath.Join(TmpRepositoryPath(gist), filename), []byte(content), 0644)
+
+			if err := AddAll(gist); err != nil {
+				require.NoError(t, err, "Could not add all to repository")
+			}
+		}
+	}
+
+	if err := CommitRepository(gist, user, "thomas@mail.com"); err != nil {
+		require.NoError(t, err, "Could not commit to repository")
+	}
+
+	if err := Push(gist); err != nil {
+		require.NoError(t, err, "Could not push to repository")
+	}
+}
+
+func LastHashOfCommit(t *testing.T, user string, gist string) string {
+	cmd := exec.Command("git", "rev-parse", "HEAD")
+	cmd.Dir = RepositoryPath(user, gist)
+	out, err := cmd.Output()
+	require.NoError(t, err, "Could not run git command")
+	return strings.TrimSpace(string(out))
+}

internal/hooks/hook.go

@@ -0,0 +1,24 @@
+package hooks
+
+import (
+	"fmt"
+	"os"
+	"strconv"
+	"strings"
+)
+
+const BaseHash = "0000000000000000000000000000000000000000"
+
+func pushOptions() map[string]string {
+	opts := make(map[string]string)
+	if pushCount, err := strconv.Atoi(os.Getenv("GIT_PUSH_OPTION_COUNT")); err == nil {
+		for i := 0; i < pushCount; i++ {
+			opt := os.Getenv(fmt.Sprintf("GIT_PUSH_OPTION_%d", i))
+			kv := strings.SplitN(opt, "=", 2)
+			if len(kv) == 2 {
+				opts[kv[0]] = kv[1]
+			}
+		}
+	}
+	return opts
+}

internal/hooks/post_receive.go

@@ -0,0 +1,112 @@
+package hooks
+
+import (
+	"bufio"
+	"fmt"
+	"github.com/thomiceli/opengist/internal/db"
+	"github.com/thomiceli/opengist/internal/git"
+	validatorpkg "github.com/thomiceli/opengist/internal/validator"
+	"io"
+	"os"
+	"os/exec"
+	"slices"
+	"strings"
+)
+
+func PostReceive(in io.Reader, out, er io.Writer) error {
+	var outputSb strings.Builder
+	newGist := false
+	opts := pushOptions()
+	gistUrl := os.Getenv("OPENGIST_REPOSITORY_URL_INTERNAL")
+	validator := validatorpkg.NewValidator()
+
+	scanner := bufio.NewScanner(in)
+	for scanner.Scan() {
+		line := scanner.Text()
+		parts := strings.Fields(line)
+		if len(parts) != 3 {
+			_, _ = fmt.Fprintln(er, "Invalid input")
+			return fmt.Errorf("invalid input")
+		}
+		oldrev, _, refname := parts[0], parts[1], parts[2]
+
+		if err := verifyHEAD(); err != nil {
+			setSymbolicRef(refname)
+		}
+
+		if oldrev == BaseHash {
+			newGist = true
+		}
+	}
+
+	gist, err := db.GetGistByID(os.Getenv("OPENGIST_REPOSITORY_ID"))
+	if err != nil {
+		_, _ = fmt.Fprintln(er, "Failed to get gist")
+		return fmt.Errorf("failed to get gist: %w", err)
+	}
+
+	if slices.Contains([]string{"public", "unlisted", "private"}, opts["visibility"]) {
+		gist.Private = db.ParseVisibility(opts["visibility"])
+		outputSb.WriteString(fmt.Sprintf("Gist visibility set to %s\n\n", opts["visibility"]))
+	}
+
+	if opts["url"] != "" && validator.Var(opts["url"], "max=32,alphanumdashorempty") == nil {
+		gist.URL = opts["url"]
+		lastIndex := strings.LastIndex(gistUrl, "/")
+		gistUrl = gistUrl[:lastIndex+1] + gist.URL
+		if !newGist {
+			outputSb.WriteString(fmt.Sprintf("Gist URL set to %s. Set the Git remote URL via:\n", gistUrl))
+			outputSb.WriteString(fmt.Sprintf("git remote set-url origin %s\n\n", gistUrl))
+		}
+	}
+
+	if opts["title"] != "" && validator.Var(opts["title"], "max=250") == nil {
+		gist.Title = opts["title"]
+		outputSb.WriteString(fmt.Sprintf("Gist title set to \"%s\"\n\n", opts["title"]))
+	}
+
+	if opts["description"] != "" && validator.Var(opts["description"], "max=1000") == nil {
+		gist.Description = opts["description"]
+		outputSb.WriteString(fmt.Sprintf("Gist description set to \"%s\"\n\n", opts["description"]))
+	}
+
+	if hasNoCommits, err := git.HasNoCommits(gist.User.Username, gist.Uuid); err != nil {
+		_, _ = fmt.Fprintln(er, "Failed to check if gist has no commits")
+		return fmt.Errorf("failed to check if gist has no commits: %w", err)
+	} else if hasNoCommits {
+		if err = gist.Delete(); err != nil {
+			_, _ = fmt.Fprintln(er, "Failed to delete gist")
+			return fmt.Errorf("failed to delete gist: %w", err)
+		}
+	}
+
+	_ = gist.SetLastActiveNow()
+	err = gist.UpdatePreviewAndCount(true)
+	if err != nil {
+		_, _ = fmt.Fprintln(er, "Failed to update gist")
+		return fmt.Errorf("failed to update gist: %w", err)
+	}
+
+	gist.AddInIndex()
+
+	if newGist {
+		outputSb.WriteString(fmt.Sprintf("Your new gist has been created here: %s\n", gistUrl))
+		outputSb.WriteString("If you want to keep working with your gist, you could set the Git remote URL via:\n")
+		outputSb.WriteString(fmt.Sprintf("git remote set-url origin %s\n\n", gistUrl))
+	}
+
+	outputStr := outputSb.String()
+	if outputStr != "" {
+		_, _ = fmt.Fprint(out, "\n"+outputStr)
+	}
+
+	return nil
+}
+
+func verifyHEAD() error {
+	return exec.Command("git", "rev-parse", "--verify", "--quiet", "HEAD").Run()
+}
+
+func setSymbolicRef(refname string) {
+	_ = exec.Command("git", "symbolic-ref", "HEAD", refname).Run()
+}

internal/hooks/pre_receive.go

@@ -0,0 +1,78 @@
+package hooks
+
+import (
+	"bufio"
+	"bytes"
+	"fmt"
+	"io"
+	"os/exec"
+	"strings"
+)
+
+func PreReceive(in io.Reader, out, er io.Writer) error {
+	var err error
+	var disallowedFiles []string
+	var disallowedCommits []string
+
+	scanner := bufio.NewScanner(in)
+	for scanner.Scan() {
+		line := scanner.Text()
+		parts := strings.Split(line, " ")
+		if len(parts) < 3 {
+			_, _ = fmt.Fprintln(er, "Invalid input")
+			return fmt.Errorf("invalid input")
+		}
+
+		oldRev, newRev := parts[0], parts[1]
+
+		var changedFiles string
+		if oldRev == BaseHash {
+			// First commit
+			if changedFiles, err = getChangedFiles(newRev); err != nil {
+				_, _ = fmt.Fprintln(er, "Failed to get changed files")
+				return err
+			}
+		} else {
+			if changedFiles, err = getChangedFiles(fmt.Sprintf("%s..%s", oldRev, newRev)); err != nil {
+				_, _ = fmt.Fprintln(er, "Failed to get changed files")
+				return err
+			}
+		}
+
+		var currentCommit string
+		for _, file := range strings.Fields(changedFiles) {
+			if strings.HasPrefix(file, "/") {
+				currentCommit = file[1:]
+			}
+
+			if strings.Contains(file[1:], "/") {
+				disallowedFiles = append(disallowedFiles, file)
+				disallowedCommits = append(disallowedCommits, currentCommit[0:7])
+			}
+		}
+	}
+
+	if len(disallowedFiles) > 0 {
+		_, _ = fmt.Fprintln(out, "\nPushing files in directories is not allowed:")
+		for i := range disallowedFiles {
+			_, _ = fmt.Fprintf(out, "  %s (%s)\n", disallowedFiles[i], disallowedCommits[i])
+		}
+		_, _ = fmt.Fprintln(out)
+		return fmt.Errorf("pushing files in directories is not allowed: %s", disallowedFiles)
+	}
+
+	return nil
+}
+
+func getChangedFiles(rev string) (string, error) {
+	cmd := exec.Command("git", "log", "--name-only", "--format=/%H", "--diff-filter=AM", rev)
+
+	var out bytes.Buffer
+	cmd.Stdout = &out
+	err := cmd.Run()
+	if err != nil {
+		return "", err
+	}
+
+	return out.String(), nil
+}

internal/hooks/pre_receive_test.go

@@ -0,0 +1,54 @@
+package hooks
+
+import (
+	"bytes"
+	"fmt"
+	"github.com/stretchr/testify/require"
+	"github.com/thomiceli/opengist/internal/git"
+	"os"
+	"testing"
+)
+
+func TestPreReceiveHook(t *testing.T) {
+	git.SetupTest(t)
+	defer git.TeardownTest(t)
+	var lastCommitHash string
+	err := os.Chdir(git.RepositoryPath("thomas", "gist1"))
+	require.NoError(t, err, "Could not change directory")
+
+	git.CommitToBare(t, "thomas", "gist1", map[string]string{
+		"my_file.txt":  "some allowed file",
+		"my_file2.txt": "some allowed file\nagain",
+	})
+	lastCommitHash = git.LastHashOfCommit(t, "thomas", "gist1")
+	err = PreReceive(bytes.NewBufferString(fmt.Sprintf("%s %s %s", BaseHash, lastCommitHash, "refs/heads/master")), os.Stdout, os.Stderr)
+	require.NoError(t, err, "Should not have an error on pre-receive hook for commit+push 1")
+
+	git.CommitToBare(t, "thomas", "gist1", map[string]string{
+		"my_file.txt":     "some allowed file",
+		"dir/my_file.txt": "some disallowed file suddenly",
+	})
+	lastCommitHash = git.LastHashOfCommit(t, "thomas", "gist1")
+	err = PreReceive(bytes.NewBufferString(fmt.Sprintf("%s %s %s", BaseHash, lastCommitHash, "refs/heads/master")), os.Stdout, os.Stderr)
+	require.Error(t, err, "Should have an error on pre-receive hook for commit+push 2")
+	require.Equal(t, "pushing files in directories is not allowed: [dir/my_file.txt]", err.Error(), "Error message is not correct")
+
+	git.CommitToBare(t, "thomas", "gist1", map[string]string{
+		"my_file.txt":           "some allowed file",
+		"dir/ok/afileagain.txt": "some disallowed file\nagain",
+	})
+	lastCommitHash = git.LastHashOfCommit(t, "thomas", "gist1")
+	err = PreReceive(bytes.NewBufferString(fmt.Sprintf("%s %s %s", BaseHash, lastCommitHash, "refs/heads/master")), os.Stdout, os.Stderr)
+	require.Error(t, err, "Should have an error on pre-receive hook for commit+push 3")
+	require.Equal(t, "pushing files in directories is not allowed: [dir/ok/afileagain.txt dir/my_file.txt]", err.Error(), "Error message is not correct")
+
+	git.CommitToBare(t, "thomas", "gist1", map[string]string{
+		"allowedfile.txt": "some allowed file only",
+	})
+	lastCommitHash = git.LastHashOfCommit(t, "thomas", "gist1")
+	err = PreReceive(bytes.NewBufferString(fmt.Sprintf("%s %s %s", BaseHash, lastCommitHash, "refs/heads/master")), os.Stdout, os.Stderr)
+	require.Error(t, err, "Should have an error on pre-receive hook for commit+push 4")
+	require.Equal(t, "pushing files in directories is not allowed: [dir/ok/afileagain.txt dir/my_file.txt]", err.Error(), "Error message is not correct")
+
+	_ = os.Chdir(os.TempDir()) // Leave the current dir to avoid errors on teardown
+}

internal/i18n/locale.go

@@ -0,0 +1,140 @@
+package i18n
+
+import (
+	"fmt"
+	"github.com/thomiceli/opengist/internal/i18n/locales"
+	"golang.org/x/text/cases"
+	"golang.org/x/text/language"
+	"golang.org/x/text/language/display"
+	"gopkg.in/yaml.v3"
+	"html/template"
+	"io"
+	"io/fs"
+	"path/filepath"
+	"strings"
+)
+
+var Locales = NewLocaleStore()
+
+type LocaleStore struct {
+	Locales map[string]*Locale
+}
+
+type Locale struct {
+	Code     string
+	Name     string
+	Messages map[string]string
+}
+
+// NewLocaleStore creates a new LocaleStore
+func NewLocaleStore() *LocaleStore {
+	return &LocaleStore{
+		Locales: make(map[string]*Locale),
+	}
+}
+
+// loadLocaleFromYAML loads a single Locale from a given YAML file
+func (store *LocaleStore) loadLocaleFromYAML(localeCode, path string) error {
+	a, err := locales.Files.Open(path)
+	if err != nil {
+		return err
+	}
+	data, err := io.ReadAll(a)
+	if err != nil {
+		return err
+	}
+
+	tag, err := language.Parse(localeCode)
+	if err != nil {
+		return err
+	}
+
+	name := display.Self.Name(tag)
+	if tag == language.AmericanEnglish {
+		name = "English"
+	} else if tag == language.EuropeanSpanish {
+		name = "Español"
+	}
+
+	locale := &Locale{
+		Code:     localeCode,
+		Name:     cases.Title(language.English).String(name),
+		Messages: make(map[string]string),
+	}
+
+	err = yaml.Unmarshal(data, &locale.Messages)
+	if err != nil {
+		return err
+	}
+
+	store.Locales[localeCode] = locale
+	return nil
+}
+
+func (store *LocaleStore) LoadAll() error {
+	return fs.WalkDir(locales.Files, ".", func(path string, d fs.DirEntry, err error) error {
+		if err != nil {
+			return err
+		}
+		if !d.IsDir() {
+			localeKey := strings.TrimSuffix(path, filepath.Ext(path))
+			err := store.loadLocaleFromYAML(localeKey, path)
+			if err != nil {
+				return err
+			}
+		}
+		return nil
+	})
+}
+
+func (store *LocaleStore) GetLocale(lang string) (*Locale, error) {
+	_, ok := store.Locales[lang]
+	if !ok {
+		return nil, fmt.Errorf("locale %s not found", lang)
+	}
+
+	return store.Locales[lang], nil
+}
+
+func (store *LocaleStore) HasLocale(lang string) bool {
+	_, ok := store.Locales[lang]
+	return ok
+}
+
+func (store *LocaleStore) MatchTag(langs []language.Tag) string {
+	for _, lang := range langs {
+		if store.HasLocale(lang.String()) {
+			return lang.String()
+		}
+	}
+
+	return "en-US"
+}
+
+func (l *Locale) String(key string, args ...any) string {
+	message := l.Messages[key]
+
+	if message == "" {
+		return Locales.Locales["en-US"].String(key, args...)
+	}
+
+	if len(args) == 0 {
+		return message
+	}
+
+	return fmt.Sprintf(message, args...)
+}
+
+func (l *Locale) Tr(key string, args ...any) template.HTML {
+	message := l.Messages[key]
+
+	if message == "" {
+		return Locales.Locales["en-US"].Tr(key, args...)
+	}
+
+	if len(args) == 0 {
+		return template.HTML(message)
+	}
+
+	return template.HTML(fmt.Sprintf(message, args...))
+}