doc/CHANGELOG: move to separate file, add v1.5.0 changelog

CHANGELOG.md

@@ -0,0 +1,62 @@
+# Changelog
+
+2026-03-03 v1.5.0
+- Reduce Gitea refresh interval to 60m
+- Support SVG images
+- Support embedded images in markdown doc
+- Add `CHANGELOG.md` support
+- Add Content-Security-Policy
+- Change image URLs to be clearer and simpler
+- Fix broken image links if proxy is used
+- Fix pixellated image scaling in Chrome browser
+- Use Go1.26, use new net/http router 
+
+2025-06-01 v1.4.2
+- Proxy images from Gitea, for servers using `REQUIRE_SIGNIN_VIEW=expensive`
+- Always use fallback markdown renderer
+- Fix missing support for markdown tables in fallback renderer
+- Fix very wide code blocks overflowing page width
+
+2024-03-19 v1.4.1
+- Add cooldown for failed markdown API calls
+- Fix missing extra html elements when using fallback markdown renderer
+
+2024-03-19 v1.4.0
+- Support using application token for Gitea API
+- Add fallback to internal markdown renderer if Gitea's API is unavailable
+- Add fallback to Gitea page redirect if there are any errors building repo page
+- Embed static web assets in binary (requires Go 1.16+)
+
+2022-12-31 v1.3.1
+- Fix missing images on homepage
+- Fix an issue with wrong mtime comparisons for updated repositories
+
+2022-12-31 v1.3.0
+- Add `OverrideOrder` configuration option to insert repos at specific positions
+- Cache target image URLs to improve homepage load performance
+
+2021-04-12 v1.2.1
+- Exclude 'build:success' tag from article-only repositories, and re-host the image locally
+- Also search root repo directory for images
+- Enhance mobile viewport and table styling
+
+2020-11-19 v1.2.0
+- Cache homepage repositories, sync changes in the background
+- Consider the updated time to be the most recent commit, not the Gitea repository metadata update field
+- Add extra logging to startup
+
+2020-11-08 v1.1.1
+- Fix an issue with newer versions of Gitea that paginate repoistory list responses
+- Fix an issue with blocking semaphores for a cancelled network request
+
+2020-05-24 v1.1.0
+- Support limiting the number of concurrent API requests to Gitea
+- Display total number of projects
+- Fix cosmetic issues with page background image, page height, and margins around thumbnails
+
+2020-05-24 v1.0.1
+- Remove image dependency from static files
+- Fix a cosmetic issue with `h2`/`h3` margins
+
+2020-05-05 v1.0.0
+- Initial release

Dockerfile

@@ -1,6 +1,6 @@
 # Dockerfile for production Teafolio deployments
 
-FROM golang:1.19-alpine AS builder
+FROM golang:1.26-alpine AS builder
 
 WORKDIR /app
 COPY . .
@@ -10,6 +10,5 @@ FROM alpine:latest
 
 WORKDIR /app
 COPY --from=builder /app/teafolio /app/teafolio
-COPY /static /app/static
 
 ENTRYPOINT [ "/app/teafolio" ]

README.md

@@ -28,39 +28,3 @@ By default, Dokku will proxy HTTP on port 5000.
 dokku apps:create teafolio
 dokku storage:mount teafolio /srv/teafolio-dokku/config.toml:/app/config.toml
 ```
-
-## CHANGELOG
-
-2022-12-31 v1.3.1
-- Fix missing images on homepage
-- Fix an issue with wrong mtime comparisons for updated repositories
-
-2022-12-31 v1.3.0
-- Add `OverrideOrder` configuration option to insert repos at specific positions
-- Cache target image URLs to improve homepage load performance
-
-2021-04-12 v1.2.1
-- Exclude 'build:success' tag from article-only repositories, and re-host the image locally
-- Also search root repo directory for images
-- Enhance mobile viewport and table styling
-
-2020-11-19 v1.2.0
-- Cache homepage repositories, sync changes in the background
-- Consider the updated time to be the most recent commit, not the Gitea repository metadata update field
-- Add extra logging to startup
-
-2020-11-08 v1.1.1
-- Fix an issue with newer versions of Gitea that paginate repoistory list responses
-- Fix an issue with blocking semaphores for a cancelled network request
-
-2020-05-24 v1.1.0
-- Support limiting the number of concurrent API requests to Gitea
-- Display total number of projects
-- Fix cosmetic issues with page background image, page height, and margins around thumbnails
-
-2020-05-24 v1.0.1
-- Remove image dependency from static files
-- Fix a cosmetic issue with `h2`/`h3` margins
-
-2020-05-05 v1.0.0
-- Initial release

config.toml.sample

@@ -5,6 +5,7 @@ BindTo="0.0.0.0:5656"
 [Gitea]
 URL="https://gitea.com/"
 Org="gitea"
+Token="" # Must have misc:write, org:read, repo:read permission
 MaxConnections=2 # Use zero for unlimited
 
 [Redirect]

gitea/apiclient.go

@@ -1,7 +1,6 @@
 package gitea
 
 import (
-	"bytes"
 	"context"
 	"encoding/json"
 	"fmt"
@@ -9,20 +8,23 @@ import (
 	"net/http"
 	"net/url"
 	"strings"
+	"sync/atomic"
 	"time"
-
-	"golang.org/x/sync/semaphore"
 )
 
 type APIClient struct {
 	urlBase string
 	orgName string
-	apiSem  *semaphore.Weighted
+	token   string
+
+	apiSem chan struct{}
+
+	lastMarkdownFailure atomic.Int64
 }
 
 // NewAPIClient creates a new Gitea API client for a single Gitea organization.
 // Set maxConnections to 0 for unlimited concurrent API calls.
-func NewAPIClient(urlBase string, orgName string, maxConnections int64) *APIClient {
+func NewAPIClient(urlBase string, orgName string, token string, maxConnections int64) *APIClient {
 
 	if !strings.HasSuffix(urlBase, `/`) {
 		urlBase += `/`
@@ -31,17 +33,31 @@ func NewAPIClient(urlBase string, orgName string, maxConnections int64) *APIClie
 	ret := &APIClient{
 		urlBase: urlBase,
 		orgName: orgName,
+		token:   token,
 	}
 
 	if maxConnections == 0 { // unlimited
-		ret.apiSem = semaphore.NewWeighted(99999)
+		// no-op
 	} else {
-		ret.apiSem = semaphore.NewWeighted(maxConnections)
+		ret.apiSem = make(chan struct{}, maxConnections)
 	}
 
 	return ret
 }
 
+func (ac *APIClient) Sem() func() {
+	if ac.apiSem == nil {
+		// No connection limit
+		return func() {}
+	}
+
+	// Connection limit
+	ac.apiSem <- struct{}{}
+	return func() {
+		<-ac.apiSem
+	}
+}
+
 func (ac *APIClient) PopulateCommitInfo(ctx context.Context, rr *Repo) error {
 
 	// The most recent commit will be the head of one of the branches (easy to find)
@@ -87,17 +103,18 @@ func (ac *APIClient) PopulateImages(ctx context.Context, rr *Repo) error {
 }
 
 func (ac *APIClient) apiRequest(ctx context.Context, endpoint string, target interface{}) error {
-	err := ac.apiSem.Acquire(ctx, 1)
+	release := ac.Sem()
-	if err != nil {
+	defer release()
-		return err // e.g. ctx closed
-	}
-	defer ac.apiSem.Release(1)
 
 	req, err := http.NewRequestWithContext(ctx, http.MethodGet, ac.urlBase+endpoint, nil)
 	if err != nil {
 		return err
 	}
 
+	if ac.token != "" {
+		req.Header.Set(`Authorization`, `token `+ac.token)
+	}
+
 	resp, err := http.DefaultClient.Do(req)
 	if err != nil {
 		return err
@@ -215,11 +232,8 @@ func (ac *APIClient) RepoFile(ctx context.Context, repo, filename string) ([]byt
 }
 
 func (ac *APIClient) filesInDirectory(ctx context.Context, repo, dir string) ([]ReaddirEntry, error) {
-	err := ac.apiSem.Acquire(ctx, 1)
+	release := ac.Sem()
-	if err != nil {
+	defer release()
-		return nil, err // e.g. ctx closed
-	}
-	defer ac.apiSem.Release(1)
 
 	req, err := http.NewRequestWithContext(ctx, http.MethodGet, ac.urlBase+`api/v1/repos/`+url.PathEscape(ac.orgName)+`/`+url.PathEscape(repo)+`/contents/`+dir, nil) // n.b. $dir param not escaped
 	if err != nil {
@@ -290,68 +304,3 @@ func (ac *APIClient) topicsForRepo(ctx context.Context, repo string) ([]string,
 
 	return tr.Topics, nil
 }
-
-// renderMarkdown calls the remote Gitea server's own markdown renderer.
-func (ac *APIClient) RenderMarkdown(ctx context.Context, repoName string, body string) ([]byte, error) {
-	err := ac.apiSem.Acquire(ctx, 1)
-	if err != nil {
-		return nil, err // e.g. ctx closed
-	}
-	defer ac.apiSem.Release(1)
-
-	jb, err := json.Marshal(MarkdownRequest{
-		Context: ac.urlBase + url.PathEscape(ac.orgName) + `/` + url.PathEscape(repoName) + `/src/branch/master`,
-		Mode:    "gfm", // magic constant - Github Flavoured Markdown
-		Text:    body,
-	})
-	if err != nil {
-		return nil, err
-	}
-
-	req, err := http.NewRequestWithContext(ctx, http.MethodPost, ac.urlBase+`api/v1/markdown/`, bytes.NewReader(jb))
-	if err != nil {
-		return nil, err
-	}
-	req.Header.Set(`Content-Type`, `application/json`)
-	req.Header.Set(`Content-Length`, fmt.Sprintf("%d", len(jb)))
-
-	resp, err := http.DefaultClient.Do(req)
-	if err != nil {
-		return nil, err
-	}
-	defer resp.Body.Close()
-
-	if resp.StatusCode != 200 {
-		return nil, fmt.Errorf("HTTP %d", resp.StatusCode)
-	}
-
-	return ioutil.ReadAll(resp.Body)
-}
-
-// renderMarkdownRaw calls the remote Gitea server's own markdown renderer.
-func (ac *APIClient) renderMarkdownRaw(ctx context.Context, body []byte) ([]byte, error) {
-	err := ac.apiSem.Acquire(ctx, 1)
-	if err != nil {
-		return nil, err // e.g. ctx closed
-	}
-	defer ac.apiSem.Release(1)
-
-	req, err := http.NewRequestWithContext(ctx, http.MethodPost, ac.urlBase+`api/v1/markdown/raw`, bytes.NewReader(body))
-	if err != nil {
-		return nil, err
-	}
-	req.Header.Set(`Content-Type`, `text/plain`)
-	req.Header.Set(`Content-Length`, fmt.Sprintf("%d", len(body)))
-
-	resp, err := http.DefaultClient.Do(req)
-	if err != nil {
-		return nil, err
-	}
-	defer resp.Body.Close()
-
-	if resp.StatusCode != 200 {
-		return nil, fmt.Errorf("HTTP %d", resp.StatusCode)
-	}
-
-	return ioutil.ReadAll(resp.Body)
-}

gitea/types.go

@@ -35,7 +35,10 @@ type ReaddirEntry struct {
 }
 
 func (rde ReaddirEntry) isImage() bool {
-	return strings.HasSuffix(rde.Name, `.png`) || strings.HasSuffix(rde.Name, `.jpg`) || strings.HasSuffix(rde.Name, `.jpeg`)
+	return strings.HasSuffix(rde.Name, `.png`) ||
+		strings.HasSuffix(rde.Name, `.jpg`) ||
+		strings.HasSuffix(rde.Name, `.jpeg`) ||
+		strings.HasSuffix(rde.Name, `.svg`)
 }
 
 type MarkdownRequest struct {

go.mod

@@ -1,8 +1,9 @@
 module teafolio
 
-go 1.19
+go 1.22
 
 require (
 	github.com/BurntSushi/toml v0.3.1
-	golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a
 )
+
+require github.com/yuin/goldmark v1.7.8 // indirect

go.sum

@@ -1,4 +1,8 @@
 github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
+github.com/yuin/goldmark v1.7.0 h1:EfOIvIMZIzHdB/R/zVrikYLPPwJlfMcNczJFMs1m6sA=
+github.com/yuin/goldmark v1.7.0/go.mod h1:uzxRWxtg69N339t3louHJ7+O03ezfj6PlliRlaOzY1E=
+github.com/yuin/goldmark v1.7.8 h1:iERMLn0/QJeHFhxSt3p6PeN9mGnvIKSpG9YYorDMnic=
+github.com/yuin/goldmark v1.7.8/go.mod h1:uzxRWxtg69N339t3louHJ7+O03ezfj6PlliRlaOzY1E=
 golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a h1:WXEvlFVvvGxCJLG6REjsT03iWnKLEWinaScsxF2Vm2o=
 golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=

main.go

@@ -5,18 +5,19 @@ import (
 	"flag"
 	"log"
 	"net/http"
-	"regexp"
 	"sync"
 	"teafolio/gitea"
 
 	"github.com/BurntSushi/toml"
+	"github.com/yuin/goldmark"
+	"github.com/yuin/goldmark/extension"
 )
 
 type Config struct {
 	BindTo string
 	Gitea  struct {
-		URL, Org       string
+		URL, Org, Token string
-		MaxConnections int64
+		MaxConnections  int64
 	}
 	Redirect map[string]string
 	Template struct {
@@ -30,9 +31,8 @@ type Config struct {
 type Application struct {
 	cfg Config
 
-	rxRepoPage, rxRepoImage *regexp.Regexp
-
 	gitea *gitea.APIClient
+	md    goldmark.Markdown
 
 	reposMut               sync.RWMutex
 	reposCache             []gitea.Repo // Sorted by recently-created-first
@@ -42,8 +42,9 @@ type Application struct {
 
 func main() {
 	app := Application{
-		rxRepoPage:  regexp.MustCompile(`^/([^/]+)/?$`),
+		md: goldmark.New(
-		rxRepoImage: regexp.MustCompile(`^/:banner/([^/]+)/?$`),
+			goldmark.WithExtensions(extension.GFM), // required for table rendering support
+		),
 	}
 
 	configFile := flag.String(`ConfigFile`, `config.toml`, `Configuration file in TOML format`)
@@ -55,11 +56,13 @@ func main() {
 	}
 
 	// Create Gitea API client
-	app.gitea = gitea.NewAPIClient(app.cfg.Gitea.URL, app.cfg.Gitea.Org, app.cfg.Gitea.MaxConnections)
+	app.gitea = gitea.NewAPIClient(app.cfg.Gitea.URL, app.cfg.Gitea.Org, app.cfg.Gitea.Token, app.cfg.Gitea.MaxConnections)
+
+	mux := app.createRouter()
 
 	// Sync worker
 	go app.syncWorker(context.Background())
 
 	log.Printf("Starting web server on [%s]...", app.cfg.BindTo)
-	log.Fatal(http.ListenAndServe(app.cfg.BindTo, &app))
+	log.Fatal(http.ListenAndServe(app.cfg.BindTo, mux))
 }

page_changelog.go

@@ -0,0 +1,45 @@
+package main
+
+import (
+	"fmt"
+	"html"
+	"log"
+	"net/http"
+	"net/url"
+)
+
+const (
+	ChangelogFilename = `CHANGELOG.md`
+)
+
+func (this *Application) ChangelogPage(w http.ResponseWriter, r *http.Request, repoName string) {
+	ctx := r.Context()
+	repoURL := this.repoURL(repoName)
+
+	changelog, err := this.gitea.RepoFile(ctx, repoName, ChangelogFilename)
+	if err != nil {
+		log.Printf("%s %s: loading changelog %q: %s", r.Method, r.URL.Path, ChangelogFilename, err)
+		http.Redirect(w, r, repoURL, http.StatusTemporaryRedirect)
+		return
+	}
+
+	// Convert to markdown
+
+	changelogHtml, _, err := this.renderMarkdown(repoName, changelog)
+	if err != nil {
+		log.Printf("%s %s: %s", r.Method, r.URL.Path, fmt.Errorf("rendering markdown: %w", err))
+		http.Redirect(w, r, repoURL, http.StatusTemporaryRedirect)
+		return
+	}
+
+	// Ready for template
+
+	this.Templatepage(w, r, repoName, "", func() {
+		fmt.Fprint(w, `<div class="projinfo"><div class="projbody">`)
+		fmt.Fprint(w, `<h2><a href="`+html.EscapeString(`/`+url.PathEscape(repoName))+`">`+html.EscapeString(repoName)+`</a> &gt; Changelog</h2>`)
+		fmt.Fprint(w, changelogHtml)
+		fmt.Fprint(w, `</div>`)
+		fmt.Fprint(w, `<div style="clear:both;"></div>`)
+		fmt.Fprint(w, `</div>`) // projbody
+	})
+}

page_home.go

@@ -66,7 +66,7 @@ func (this *Application) Homepage(w http.ResponseWriter, r *http.Request) {
 				data-sort-mt="`+fmt.Sprintf("%d", repo.NewestCommit.Unix())+`"
 			>
 				<td>
-					<a href="`+pageHref+`"><img class="homeimage" loading="lazy" src="`+html.EscapeString(`/:banner/`+url.PathEscape(repo.Name))+`"></div></a>
+					<a href="`+pageHref+`"><img class="homeimage" loading="lazy" src="`+html.EscapeString(`/`+url.PathEscape(repo.Name)+`/banner`)+`"></div></a>
 				</td>
 				<td>
 					<strong>`+html.EscapeString(repo.Name)+`</strong>`+html.EscapeString(normalisedDesc)+`

page_imageredir.go

@@ -1,28 +1,53 @@
 package main
 
 import (
+	"bytes"
 	"net/http"
+	"strings"
 )
 
-func (this *Application) Bannerpage(w http.ResponseWriter, r *http.Request, repoName string) {
+func (this *Application) Bannerpage(w http.ResponseWriter, r *http.Request, repoName string, imageIdx int) {
 
 	this.reposMut.RLock()
 	defer this.reposMut.RUnlock()
 
 	ridx, ok := this.reposCacheByName[repoName]
 	if !ok {
-		w.Header().Set(`Location`, `/static/no_image.png`)
+		http.Redirect(w, r, `/static/no_image.png`, 301)
-		w.WriteHeader(301)
 		return
 	}
 
 	images := this.reposCache[ridx].Images
-	if len(images) == 0 {
+	if imageIdx >= len(images) {
-		w.Header().Set(`Location`, `/static/no_image.png`)
+		http.Redirect(w, r, `/static/no_image.png`, 301)
-		w.WriteHeader(301)
 		return
 	}
 
-	w.Header().Set(`Location`, images[0].RawURL)
+	// Mirror serving
-	w.WriteHeader(301)
+	// (Direct 301 redirects are no longer available)
+
+	imgData, err := this.gitea.RepoFile(r.Context(), repoName, images[imageIdx].Path)
+	if err != nil {
+		http.Error(w, err.Error(), 500)
+		return
+	}
+
+	// Go will automatically add a Content-Type header, but, sniff it ourselves
+	// to ensure it's really an image and not arbitrary data
+	// This is important for SVG that might embed JS
+
+	contentType := http.DetectContentType(imgData)
+	if strings.HasPrefix(contentType, `text/xml`) && bytes.Contains(imgData, []byte(`<svg`)) {
+		contentType = `image/svg+xml`
+	}
+
+	if !strings.HasPrefix(contentType, `image/`) {
+		http.Error(w, "not an image", 500)
+		return
+	}
+
+	w.Header().Set(`Content-Type`, contentType)
+	w.Header().Set(`Content-Disposition`, `inline`)
+	w.WriteHeader(200)
+	w.Write(imgData)
 }

page_repository.go

@@ -4,48 +4,34 @@ import (
 	"bytes"
 	"fmt"
 	"html"
+	"log"
 	"net/http"
 	"net/url"
+	"strconv"
 	"strings"
 )
 
 func (this *Application) Repopage(w http.ResponseWriter, r *http.Request, repoName string) {
 	ctx := r.Context()
-	repoURL := this.cfg.Gitea.URL + url.PathEscape(this.cfg.Gitea.Org) + `/` + url.PathEscape(repoName)
+	repoURL := this.repoURL(repoName)
 	extraHead := ""
 
 	readme, err := this.gitea.RepoFile(ctx, repoName, `README.md`)
 	if err != nil {
-		this.internalError(w, r, fmt.Errorf("loading README.md: %w", err))
+		log.Printf("%s %s: %s", r.Method, r.URL.Path, err)
+		http.Redirect(w, r, repoURL, http.StatusTemporaryRedirect)
 		return
 	}
 
-	lines := strings.Split(string(readme), "\n")
+	// Inject more badges to 3rd line; or, create badges on 3rd line if there are none already
-
-	// Check if this repo has the 'article' tag
-	hasArticleTag := false
-	this.reposMut.RLock()
-	for _, rr := range this.reposCache {
-		if rr.Name != repoName {
-			continue
-		}
-		for _, topic := range rr.Topics {
-			if topic == "article" {
-				hasArticleTag = true
-				break
-			}
-		}
-	}
-	this.reposMut.RUnlock()
-
 	// We add some extra badges based on special text entries
 	extraBadgesMd := ``
-	if !hasArticleTag {
+	if !this.repoHasTag(repoName, "article") {
-		extraBadgesMd += ` %%REPLACEME__BADGE%%`
+		extraBadgesMd += ` ![](/static/build_success_brightgreen.svg)`
 	}
 	extraBadgesMd += ` [![](https://img.shields.io/badge/vcs-git-green?logo=git)](` + repoURL + `)`
 
-	// Inject more badges to 3rd line; or, create badges on 3rd line if there are none already
+	lines := strings.Split(string(readme), "\n")
 	if len(lines) >= 3 && strings.Contains(lines[2], `shields.io`) {
 		lines[2] += ` ` + extraBadgesMd
 	} else {
@@ -53,17 +39,24 @@ func (this *Application) Repopage(w http.ResponseWriter, r *http.Request, repoNa
 		lines = append([]string{lines[0], lines[1], extraBadgesMd, ""}, lines[2:]...)
 	}
 
-	readmeHtml, err := this.gitea.RenderMarkdown(ctx, repoName, strings.Join(lines, "\n"))
+	if _, err := this.gitea.RepoFile(ctx, repoName, ChangelogFilename); err == nil {
-	if err != nil {
+		// Changelog exists
-		this.internalError(w, r, fmt.Errorf("rendering markdown: %w", err))
+		// Add link at footer
-		return
+		lines = append(lines,
+			"",
+			"## Changelog",
+			"",
+			`[➡️ View changelog](/`+url.PathEscape(repoName)+`/changelog)`,
+		)
 	}
 
-	readmeHtml = []byte(strings.Replace(string(readmeHtml), `%%REPLACEME__BADGE%%`, `<img src="/static/build_success_brightgreen.svg" style="width:90px;height:20px;">`, 1))
+	// Convert to markdown
 
-	images, err := this.gitea.ImageFilesForRepo(ctx, repoName)
+	readmeHtml, images, err := this.renderMarkdown(repoName, []byte(strings.Join(lines, "\n")))
 	if err != nil {
-		this.internalError(w, r, fmt.Errorf("listing images: %w", err))
+		// Built-in markdown renderer didn't work either
+		log.Printf("%s %s: %s", r.Method, r.URL.Path, fmt.Errorf("rendering markdown: %w", err))
+		http.Redirect(w, r, repoURL, http.StatusTemporaryRedirect)
 		return
 	}
 
@@ -78,10 +71,6 @@ func (this *Application) Repopage(w http.ResponseWriter, r *http.Request, repoNa
 		}
 	}
 
-	// De-escalate all headers in rendered markdown to match our style
-	repl := strings.NewReplacer(`<h1`, `<h2`, `<h2`, `<h3`, `<h3`, `<h4`,
-		`</h1>`, `</h2>`, `</h2>`, `</h3>`, `</h3>`, `</h4>`)
-
 	// Ready for template
 
 	this.Templatepage(w, r, repoName, extraHead, func() {
@@ -92,13 +81,17 @@ func (this *Application) Repopage(w http.ResponseWriter, r *http.Request, repoNa
 		}
 
 		fmt.Fprint(w, `<div class="projinfo"><div class="`+projBodyclass+`">`)
-		repl.WriteString(w, string(readmeHtml))
+		fmt.Fprint(w, readmeHtml)
 		fmt.Fprint(w, `</div>`)
 
 		if len(images) > 0 {
 			fmt.Fprint(w, `<div class="projimg">`)
-			for _, img := range images {
+			for imgIdx, _ := range images {
-				fmt.Fprint(w, `<a href="`+html.EscapeString(img.RawURL)+`"><img alt="" class="thumbimage" src="`+html.EscapeString(img.RawURL)+`" /></a>`)
+
+				// imageUrl := img.RawURL // Direct link
+				imageUrl := `/` + url.PathEscape(repoName) + `/img/` + strconv.Itoa(imgIdx) // Proxied image
+
+				fmt.Fprint(w, `<a href="`+html.EscapeString(imageUrl)+`"><img alt="" class="thumbimage" src="`+html.EscapeString(imageUrl)+`" /></a>`)
 			}
 			fmt.Fprint(w, `</div>`)
 		}

page_template.go

@@ -0,0 +1,45 @@
+package main
+
+import (
+	"fmt"
+	"html"
+	"net/http"
+)
+
+func (this *Application) Templatepage(w http.ResponseWriter, r *http.Request, pageDesc, extraHead string, cb func()) {
+
+	pageTitle := this.cfg.Template.AppName
+	if pageDesc != "" {
+		pageTitle = pageDesc + ` | ` + pageTitle
+	}
+
+	w.Header().Set(`Content-Type`, `text/html; charset=UTF-8`)
+	w.WriteHeader(200)
+	fmt.Fprint(w, `<!DOCTYPE html>
+<html lang="en">
+	<head>
+		<meta http-equiv="X-UA-Compatible" content="IE=edge">
+		<meta charset="UTF-8">
+		<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+		<meta http-equiv="Content-Security-Policy" content="default-src 'self' ; style-src 'unsafe-inline' 'self' ; img-src data: * ;">
+		
+		<meta name="viewport" content="width=device-width, initial-scale=1">
+		<title>`+html.EscapeString(pageTitle)+`</title>
+		`+extraHead+`
+		<link rel="shortcut icon" href="/static/logo.png" type="image/png">
+		<link rel="apple-touch-icon" href="/static/logo.png" type="image/png">
+		<link type="text/css" rel="stylesheet" href="/static/style.css">
+	</head>
+	<body>
+		<div id="container">
+			<div id="content">
+				<h1><a href="/"><div id="logo"></div>`+html.EscapeString(this.cfg.Template.AppName)+`</a></h1>
+	`)
+	cb()
+	fmt.Fprint(w, `
+	</body>
+	<script type="text/javascript" src="/static/site.js"></script>
+</html>
+`)
+
+}

page_util.go

@@ -5,42 +5,69 @@ import (
 	"html"
 	"log"
 	"net/http"
+	"net/url"
+	"slices"
+	"strconv"
+	"strings"
+
+	"teafolio/gitea"
 )
 
-func (this *Application) Templatepage(w http.ResponseWriter, r *http.Request, pageDesc, extraHead string, cb func()) {
+func (this *Application) renderMarkdown(repoName string, markdown []byte) (string, []gitea.ReaddirEntry, error) {
 
-	pageTitle := this.cfg.Template.AppName
+	rendered := strings.Builder{}
-	if pageDesc != "" {
+	err := this.md.Convert(markdown, &rendered)
-		pageTitle = pageDesc + ` | ` + pageTitle
+	if err != nil {
+		return "", nil, err
 	}
 
-	w.Header().Set(`Content-Type`, `text/html; charset=UTF-8`)
+	readmeHtml := rendered.String()
-	w.WriteHeader(200)
-	fmt.Fprint(w, `<!DOCTYPE html>
-<html lang="en">
-	<head>
-		<meta http-equiv="X-UA-Compatible" content="IE=edge">
-		<meta charset="UTF-8">
-		<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
-		<meta name="viewport" content="width=device-width, initial-scale=1">
-		<title>`+html.EscapeString(pageTitle)+`</title>
-		`+extraHead+`
-		<link rel="shortcut icon" href="/static/logo.png" type="image/png">
-		<link rel="apple-touch-icon" href="/static/logo.png" type="image/png">
-		<link type="text/css" rel="stylesheet" href="/static/style.css">
-	</head>
-	<body>
-		<div id="container">
-			<div id="content">
-				<h1><a href="/"><div id="logo"></div>`+html.EscapeString(this.cfg.Template.AppName)+`</a></h1>
-	`)
-	cb()
-	fmt.Fprint(w, `
-	</body>
-	<script type="text/javascript" src="/static/site.js"></script>
-</html>
-`)
 
+	// Replace image embed links
+	var images []gitea.ReaddirEntry
+	this.reposMut.RLock()
+	if cacheIdx, ok := this.reposCacheByName[repoName]; ok {
+		images = this.reposCache[cacheIdx].Images
+	}
+	this.reposMut.RUnlock()
+
+	// Replace simple image embeds with our version
+	for imgIdx, img := range images {
+		readmeHtml = strings.ReplaceAll(
+			readmeHtml,
+			`<img src="`+html.EscapeString(img.Path)+`"`,
+			`<img src="`+html.EscapeString(`/`+url.PathEscape(repoName)+`/img/`+strconv.Itoa(imgIdx))+`"`, // Proxied image
+		)
+	}
+
+	// De-escalate all headers in rendered markdown to match our style
+	readmeHtml = strings.NewReplacer(
+		`<h1`, `<h2`,
+		`<h2`, `<h3`,
+		`<h3`, `<h4`,
+		`</h1>`, `</h2>`,
+		`</h2>`, `</h3>`,
+		`</h3>`, `</h4>`,
+	).Replace(readmeHtml)
+
+	return readmeHtml, images, nil
+}
+
+func (this *Application) repoHasTag(repoName string, searchTag string) bool {
+	this.reposMut.RLock()
+	defer this.reposMut.RUnlock()
+
+	repoId, ok := this.reposCacheByName[repoName]
+	if !ok {
+		return false
+	}
+
+	rr := this.reposCache[repoId]
+	return slices.Contains(rr.Topics, searchTag)
+}
+
+func (this *Application) repoURL(repoName string) string {
+	return this.cfg.Gitea.URL + url.PathEscape(this.cfg.Gitea.Org) + `/` + url.PathEscape(repoName)
 }
 
 func (this *Application) internalError(w http.ResponseWriter, r *http.Request, err error) {

router.go

@@ -1,84 +1,95 @@
 package main
 
 import (
+	"embed"
 	"encoding/base64"
 	"fmt"
 	"net/http"
 	"net/url"
+	"strconv"
 	"strings"
 )
 
-func (this *Application) ServeHTTP(w http.ResponseWriter, r *http.Request) {
+//go:embed static/*
-	if r.Method == `GET` {
+var StaticFiles embed.FS
+
+func (this *Application) ServeStatic(w http.ResponseWriter, r *http.Request) {
+	http.FileServer(http.FS(StaticFiles)).ServeHTTP(w, r)
+}
+
+func (this *Application) createRouter() *http.ServeMux {
+
+	mux := http.NewServeMux()
+
+	// No trailing slash = not a recursive match
+	mux.HandleFunc(`GET /{project}`, func(w http.ResponseWriter, r *http.Request) {
+
+		repoName := r.PathValue("project")
+
+		// Support /repo.html URIs for backward compatibility
+		if strings.HasSuffix(repoName, `.html`) {
+			targetUrl := `/` + url.PathEscape(strings.TrimSuffix(repoName, `.html`))
+			http.Redirect(w, r, targetUrl, 301)
+			return
+		}
+
+		// Maybe it's a redirected project (alternative name)
+		if rename, ok := this.cfg.Redirect[repoName]; ok {
+			http.Redirect(w, r, `/`+url.PathEscape(rename), 301)
+			return
+		}
+
+		this.Repopage(w, r, repoName)
+	})
+
+	mux.HandleFunc(`GET /{project}/changelog`, func(w http.ResponseWriter, r *http.Request) {
+		this.ChangelogPage(w, r, r.PathValue("project"))
+	})
+
+	mux.HandleFunc(`GET /{project}/banner`, func(w http.ResponseWriter, r *http.Request) {
+		this.Bannerpage(w, r, r.PathValue("project"), 0) // 0th image
+	})
+
+	mux.HandleFunc(`GET /{project}/img/{id}`, func(w http.ResponseWriter, r *http.Request) {
+		imageIdx, err := strconv.Atoi(r.PathValue("id"))
+		if err != nil {
+			http.Error(w, "Invalid request", 400)
+			return
+		}
+
+		this.Bannerpage(w, r, r.PathValue("project"), imageIdx) // 0th image
+	})
+
+	mux.HandleFunc(`GET /favicon.ico`, func(w http.ResponseWriter, r *http.Request) {
+		http.Redirect(w, r, `/static/logo.png`, 301)
+	})
+
+	// Wildcard route (ends in /)
+	mux.HandleFunc(`GET /`, func(w http.ResponseWriter, r *http.Request) {
 		if r.URL.Path == `/` {
+			// homepage
 			this.Homepage(w, r)
 
-		} else if r.URL.Path == `/favicon.ico` {
+		} else if r.URL.Path == `/static/logo.png` && this.cfg.Template.CustomLogoPngBase64 != "" {
-			w.Header().Set(`Location`, `/static/logo.png`)
-			w.WriteHeader(301)
 
-		} else if r.URL.Path == `/robots.txt` {
+			logoPng, err := base64.StdEncoding.DecodeString(this.cfg.Template.CustomLogoPngBase64)
-			http.Error(w, "not found", 404)
-
-		} else if parts := this.rxRepoImage.FindStringSubmatch(r.URL.Path); parts != nil {
-			this.Bannerpage(w, r, parts[1])
-
-		} else if parts := this.rxRepoPage.FindStringSubmatch(r.URL.Path); parts != nil {
-
-			// Support /repo.html URIs for backward compatibility
-			if strings.HasSuffix(parts[1], `.html`) {
-				w.Header().Set(`Location`, r.URL.Path[0:len(r.URL.Path)-5])
-				w.WriteHeader(301)
-				return
-			}
-
-			// The regexp supports an optional trailing slash
-			// Redirect to canonical no-trailing-slash
-			if strings.HasSuffix(r.URL.Path, `/`) {
-				w.Header().Set(`Location`, `/`+parts[1]) // n.b. parts[1] isn't urldecoded yet
-				w.WriteHeader(301)
-				return
-			}
-
-			// Proper decoding of special characters in repo path component
-			repoName, err := url.PathUnescape(parts[1])
 			if err != nil {
-				http.Error(w, "malformed url encoding in repository name", 400)
+				this.internalError(w, r, fmt.Errorf("parsing base64 logo: %w", err))
 				return
 			}
 
-			// Maybe it's a redirected project (alternative name)
+			w.Header().Set(`Content-Length`, fmt.Sprintf("%d", len(logoPng)))
-			if rename, ok := this.cfg.Redirect[repoName]; ok {
+			w.Header().Set(`Content-Type`, `image/png`)
-				w.Header().Set(`Location`, `/`+url.PathEscape(rename))
+			w.WriteHeader(200)
-				w.WriteHeader(301)
+			w.Write(logoPng)
-				return
+			return
-			}
-
-			this.Repopage(w, r, repoName)
-
-		} else if r.URL.Path == `/static/logo.png` {
-			if this.cfg.Template.CustomLogoPngBase64 != "" {
-
-				logoPng, err := base64.StdEncoding.DecodeString(this.cfg.Template.CustomLogoPngBase64)
-				if err != nil {
-					this.internalError(w, r, fmt.Errorf("parsing base64 logo: %w", err))
-					return
-				}
-
-				w.Header().Set(`Content-Length`, fmt.Sprintf("%d", len(logoPng)))
-				w.Header().Set(`Content-Type`, `image/png`)
-				w.WriteHeader(200)
-				w.Write(logoPng)
-
-			} else {
-				r.URL.Path = r.URL.Path[8:]
-				http.FileServer(http.Dir(`static`)).ServeHTTP(w, r)
-
-			}
 
 		} else if strings.HasPrefix(r.URL.Path, `/static/`) {
-			r.URL.Path = r.URL.Path[8:]
+			// Embedded resource
-			http.FileServer(http.Dir(`static`)).ServeHTTP(w, r)
+			// Can't use a regular mux route for this, otherwise routes like
+			// e.g. `/static/changelog` would conflict with an actual repo
+			// project named 'static'
+			this.ServeStatic(w, r) // knows to look after /static/ prefix
 
 		} else if r.URL.Query().Get("go-get") == "1" {
 			// This wasn't one of our standard `/repo` paths, but there is the ?go-get=1 parameter
@@ -89,16 +100,14 @@ func (this *Application) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 
 			slashParts := strings.SplitN(r.URL.Path, `/`, 3) // len === 3 is guaranteed from earlier if cases
 
-			w.Header().Set(`Location`, `/`+slashParts[1])
+			http.Redirect(w, r, `/`+slashParts[1], 301)
-			w.WriteHeader(301)
-			return
 
 		} else {
+			// 404
 			http.Error(w, "not found", 404)
 		}
+	})
 
-	} else {
+	return mux
-		http.Error(w, "invalid method", 400)
-	}
 
 }

static/style.css

@@ -28,6 +28,10 @@ h1 a:hover {
 h1 {
 	margin-top:0;
 }
+pre {
+	/* wide codeblocks should scroll */
+	overflow-y: auto;
+}
 .code {
 	background: #F8F8F8;
 	font-family:Consolas,monospace;
@@ -137,6 +141,9 @@ body {
 }
 .projbody {	
 }
+.projbody img {
+	max-width: 100%;
+}
 .projbody_halfw {
 	float:left;
 	width: 860px; /* 740px full - 60px rhs column - 2px border */
@@ -215,6 +222,7 @@ img[src*="shields.io"] {
 	height:32px;
 	
 	object-fit: cover;
+	overflow-clip-margin: unset; /* higher quality image resampling on Chrome */ 
 }
 
 .thumbimage {

sync.go

@@ -174,7 +174,7 @@ func (this *Application) sync(ctx context.Context) (bool, error) {
 
 func (this *Application) syncWorker(ctx context.Context) {
 
-	t := time.NewTicker(30 * time.Minute)
+	t := time.NewTicker(60 * time.Minute)
 	defer t.Stop()
 
 	for {