git.stevedylan.dev

Merge pull request #32 from stevedylandev/chore/sipp-add-andromeda-auth 7aa23575

Steve Simkins · 2026-04-18 15:41 21 file(s) · +457 −160

Cargo.lock +2 −1


[[package]]
name = "sipp-so"
version = "0.1.6"
version = "0.2.0"
dependencies = [
 "andromeda-auth",
 "andromeda-db",
 "arboard",
 "askama 0.15.6",

apps/backup/.env.example +1 −0

# SIPP_VOLUME=sipp_sipp-data
# CELLAR_VOLUME=cellar_cellar-data
# POSTS_VOLUME=posts_posts-data
# FEEDS_VOLUME=feeds_feeds-data

# Optional: days to keep backups (default: 30)
# RETENTION_DAYS=30

apps/backup/README.md +4 −1

# Backup

Automated SQLite backups for Jotts, Sipp, Cellar, and Posts to Cloudflare R2. Runs every 6 hours via cron inside a Docker container and prunes backups older than 30 days.
Automated SQLite backups for Jotts, Sipp, Cellar, Posts, and Feeds to Cloudflare R2. Runs every 6 hours via cron inside a Docker container and prunes backups older than 30 days.

## Setup


SIPP_VOLUME=sipp_sipp-data
CELLAR_VOLUME=cellar_cellar-data
POSTS_VOLUME=posts_posts-data
FEEDS_VOLUME=feeds_feeds-data
```

Run `docker volume ls` to check the actual names on your host.

  -v sipp_sipp-data:/data/sipp:ro \
  -v cellar_cellar-data:/data/cellar:ro \
  -v posts_posts-data:/data/posts:ro \
  -v feeds_feeds-data:/data/feeds:ro \
  ghcr.io/stevedylandev/andromeda-backup:latest
```


| `SIPP_VOLUME` | `sipp_sipp-data` | Docker volume name for Sipp data |
| `CELLAR_VOLUME` | `cellar_cellar-data` | Docker volume name for Cellar data |
| `POSTS_VOLUME` | `posts_posts-data` | Docker volume name for Posts data |
| `FEEDS_VOLUME` | `feeds_feeds-data` | Docker volume name for Feeds data |

apps/backup/backup.sh +2 −2

BUCKET="${R2_BUCKET:-andromeda-backups}"
RETENTION_DAYS="${RETENTION_DAYS:-30}"

DBS="jotts:/data/jotts/jotts.sqlite sipp:/data/sipp/sipp.sqlite cellar:/data/cellar/cellar.sqlite posts:/data/posts/posts.sqlite"
DBS="jotts:/data/jotts/jotts.sqlite sipp:/data/sipp/sipp.sqlite cellar:/data/cellar/cellar.sqlite posts:/data/posts/posts.sqlite feeds:/data/feeds/feeds.sqlite"

for entry in $DBS; do
  name="${entry%%:*}"


# Prune old backups
cutoff=$(date -u -d "-${RETENTION_DAYS} days" +%Y-%m-%d 2>/dev/null || date -u -v-${RETENTION_DAYS}d +%Y-%m-%d)
for name in jotts sipp cellar posts; do
for name in jotts sipp cellar posts feeds; do
  aws s3 ls "s3://${BUCKET}/${name}/" --endpoint-url "${R2_ENDPOINT}" 2>/dev/null | while read -r line; do
    filedate=$(echo "$line" | awk '{print $1}')
    filename=$(echo "$line" | awk '{print $4}')

apps/backup/docker-compose.yml +4 −0

6	6		- sipp-data:/data/sipp:ro
7	7		- cellar-data:/data/cellar:ro
8	8		- posts-data:/data/posts:ro
	9	+	- feeds-data:/data/feeds:ro
9	10		env_file: .env
10	11		restart: unless-stopped
11	12

22	23		posts-data:
23	24		external: true
24	25		name: ${POSTS_VOLUME:-posts_posts-data}
	26	+	feeds-data:
	27	+	external: true
	28	+	name: ${FEEDS_VOLUME:-feeds_feeds-data}

apps/feeds/.env.example +1 −1

BASE_URL=http://localhost:3000
HOST=127.0.0.1
PORT=3000
DB_PATH=feeds.sqlite
FEEDS_DB_PATH=/data/feeds.sqlite
API_KEY=
DEFAULT_POLL_MINUTES=30
ITEM_CAP_PER_FEED=200

apps/feeds/Dockerfile +3 −1


FROM debian:bookworm-slim
RUN apt-get update && apt-get install -y ca-certificates && rm -rf /var/lib/apt/lists/*
WORKDIR /data
COPY --from=builder /app/target/release/feeds /usr/local/bin/feeds
WORKDIR /data
EXPOSE 3000
ENV HOST=0.0.0.0
ENV PORT=3000
CMD ["feeds"]

apps/feeds/README.md +2 −2

| `BASE_URL` | Public base URL of the app | `http://localhost:3000` |
| `HOST` | Bind address | `0.0.0.0` |
| `PORT` | Bind port | `3000` |
| `DB_PATH` | SQLite database path | `feeds.sqlite` |
| `FEEDS_DB_PATH` | SQLite database path | `/data/feeds.sqlite` |
| `DEFAULT_POLL_MINUTES` | Background poll interval in minutes (overridable from the admin panel) | `30` |
| `ITEM_CAP_PER_FEED` | Maximum stored items per subscription; older items pruned | `200` |
| `COOKIE_SECURE` | Enable HTTPS-only cookies | `false` |

docker compose up -d
```

Mount a volume at `DB_PATH` to persist the SQLite database.
Mount a volume at `FEEDS_DB_PATH` to persist the SQLite database.

### Binary


apps/feeds/docker-compose.yml +12 −6

services:
  feeds:
  app:
    build:
      context: ../..
      dockerfile: apps/feeds/Dockerfile
    ports:
      - "3000:3000"
      - "${PORT:-3000}:${PORT:-3000}"
    environment:
      - ADMIN_PASSWORD=${ADMIN_PASSWORD:-changeme}
      - API_KEY=${API_KEY:-}
      - FEEDS_DB_PATH=/data/feeds.sqlite
      - BASE_URL=${BASE_URL:-http://localhost:3000}
      - COOKIE_SECURE=false
      - HOST=0.0.0.0
      - PORT=${PORT:-3000}
    volumes:
      - feeds_data:/app/data
    env_file:
      - .env
      - feeds-data:/data
    restart: unless-stopped

volumes:
  feeds_data:
  feeds-data:

apps/feeds/src/main.rs +2 −1

        )
        .init();

    let db_path = std::env::var("DB_PATH").unwrap_or_else(|_| "feeds.sqlite".to_string());
    let db_path =
        std::env::var("FEEDS_DB_PATH").unwrap_or_else(|_| "/data/feeds.sqlite".to_string());
    let conn = Connection::open(&db_path).expect("open sqlite");
    conn.execute_batch(SESSION_SCHEMA).expect("session schema");
    conn.execute_batch(fdb::FEEDS_SCHEMA).expect("feeds schema");

apps/sipp/Cargo.toml +3 −2

[package]
name = "sipp-so"
version = "0.1.6"
version = "0.2.0"
edition = "2024"
description = "Minimal code sharing - single binary for web server, CLI, and TUI"
license = "MIT"

dotenvy = { workspace = true }
subtle = { workspace = true }
rusqlite = { workspace = true }
andromeda-db = { workspace = true }
andromeda-db = { workspace = true, features = ["session"] }
andromeda-auth = { workspace = true }
askama = "0.15.4"
askama_web = { version = "0.15.1", features = ["axum-0.8"] }
ratatui = "0.30"

apps/sipp/docker-compose.yml +1 −0

    environment:
      - SIPP_API_KEY=${SIPP_API_KEY:-changeme}
      - SIPP_AUTH_ENDPOINTS=api_delete,api_list
      - SIPP_DB_PATH=/data/sipp.sqlite
    volumes:
      - sipp-data:/data
    restart: unless-stopped

apps/sipp/src/auth.rs (added) +58 −0

1	+	use axum::{
2	+	extract::FromRequestParts,
3	+	http::request::Parts,
4	+	response::{IntoResponse, Redirect, Response},
5	+	};
6	+
7	+	use crate::db;
8	+	use crate::server::AppState;
9	+
10	+	pub use andromeda_auth::{
11	+	build_session_cookie, clear_session_cookie, generate_session_token, verify_api_key,
12	+	};
13	+
14	+	pub struct AuthSession;
15	+
16	+	impl FromRequestParts<AppState> for AuthSession {
17	+	type Rejection = Response;
18	+
19	+	async fn from_request_parts(
20	+	parts: &mut Parts,
21	+	state: &AppState,
22	+	) -> Result<Self, Self::Rejection> {
23	+	if let Some(token) = andromeda_auth::extract_session_cookie(&parts.headers) {
24	+	if is_valid_session(state, &token) {
25	+	return Ok(AuthSession);
26	+	}
27	+	}
28	+	let path = parts
29	+	.uri
30	+	.path_and_query()
31	+	.map(\|pq\| pq.as_str())
32	+	.unwrap_or(parts.uri.path());
33	+	let login_url = format!("/admin/login?next={}", urlencoding(path));
34	+	Err(Redirect::to(&login_url).into_response())
35	+	}
36	+	}
37	+
38	+	pub fn is_valid_session(state: &AppState, token: &str) -> bool {
39	+	match db::get_session_expiry(&state.db, token) {
40	+	Ok(Some(expires_at)) => expires_at > andromeda_auth::datetime::now_datetime_string(),
41	+	_ => false,
42	+	}
43	+	}
44	+
45	+	pub fn urlencoding(s: &str) -> String {
46	+	let mut out = String::with_capacity(s.len());
47	+	for b in s.bytes() {
48	+	match b {
49	+	b'A'..=b'Z' \| b'a'..=b'z' \| b'0'..=b'9' \| b'-' \| b'_' \| b'.' \| b'~' \| b'/' => {
50	+	out.push(b as char);
51	+	}
52	+	_ => {
53	+	out.push_str(&format!("%{:02X}", b));
54	+	}
55	+	}
56	+	}
57	+	out
58	+	}

apps/sipp/src/db.rs +9 −0

use serde::{Deserialize, Serialize};
use std::sync::{Arc, Mutex};

pub use andromeda_db::session::{
    delete_session, get_session_expiry, insert_session, prune_expired_sessions,
};
pub use andromeda_db::{Db, DbError};

#[derive(Serialize, Deserialize)]

        short_id TEXT NOT NULL UNIQUE,
        content TEXT NOT NULL,
        name TEXT NOT NULL
    );

    CREATE TABLE IF NOT EXISTS sessions (
        id         INTEGER PRIMARY KEY AUTOINCREMENT,
        token      TEXT NOT NULL UNIQUE,
        expires_at TEXT NOT NULL
    );
";


apps/sipp/src/lib.rs +1 −0

	1	+	pub mod auth;
1	2		pub mod backend;
2	3		pub mod config;
3	4		pub mod db;

apps/sipp/src/server.rs +141 −18

use askama::Template;
use askama_web::WebTemplate;
use subtle::ConstantTimeEq;
use axum::{
    Form, Json, Router,
    extract::{Path, Request, State},
    http::{HeaderMap, StatusCode, header},
    extract::{Path, Query, Request, State},
    http::{HeaderMap, HeaderValue, StatusCode, header},
    middleware::{self, Next},
    response::{Html, IntoResponse, Redirect, Response},
    routing::{delete, get, post, put},
};
use rust_embed::Embed;
use serde::Deserialize;
use crate::auth;
use crate::db::{self, Db, Snippet};
use crate::highlight::Highlighter;
use std::collections::HashSet;

struct Static;

#[derive(Clone)]
struct ServerConfig {
pub struct ServerConfig {
    api_key: Option<String>,
    auth_endpoints: HashSet<String>,
    max_content_size: usize,

}

#[derive(Clone)]
struct AppState {
    db: Db,
    highlighter: Arc<Highlighter>,
    server_config: ServerConfig,
    base_url: String,
pub struct AppState {
    pub db: Db,
    pub highlighter: Arc<Highlighter>,
    pub server_config: ServerConfig,
    pub base_url: String,
    pub cookie_secure: bool,
}

#[derive(Template)]

#[template(path = "admin.html")]
struct AdminTemplate {
    base_url: String,
    snippets: Vec<Snippet>,
}

#[derive(Template)]
#[template(path = "login.html")]
struct LoginTemplate {
    error: Option<String>,
    next: Option<String>,
}

#[derive(Template)]

    content: String,
}

#[derive(Deserialize)]
struct LoginForm {
    api_key: String,
}

#[derive(Deserialize, Default)]
struct FlashQuery {
    error: Option<String>,
    next: Option<String>,
}

async fn index(State(state): State<AppState>) -> WebTemplate<IndexTemplate> {
    WebTemplate(IndexTemplate { base_url: state.base_url.clone() })
}

async fn admin(State(state): State<AppState>) -> WebTemplate<AdminTemplate> {
    WebTemplate(AdminTemplate { base_url: state.base_url.clone() })
async fn admin(
    _session: auth::AuthSession,
    State(state): State<AppState>,
) -> Response {
    match db::get_all_snippets(&state.db) {
        Ok(snippets) => WebTemplate(AdminTemplate {
            base_url: state.base_url.clone(),
            snippets,
        })
        .into_response(),
        Err(_) => (
            StatusCode::INTERNAL_SERVER_ERROR,
            Html("<h1>Internal server error</h1>".to_string()),
        )
            .into_response(),
    }
}

async fn get_login(Query(q): Query<FlashQuery>) -> WebTemplate<LoginTemplate> {
    WebTemplate(LoginTemplate {
        error: q.error,
        next: q.next,
    })
}

async fn post_login(
    State(state): State<AppState>,
    Query(q): Query<FlashQuery>,
    Form(form): Form<LoginForm>,
) -> Response {
    let next = q.next.as_deref().unwrap_or("/admin");
    let server_key = match &state.server_config.api_key {
        Some(k) => k,
        None => {
            return Redirect::to("/admin/login?error=No+API+key+configured").into_response();
        }
    };

    if !auth::verify_api_key(&form.api_key, server_key) {
        return Redirect::to(&format!(
            "/admin/login?error=Invalid+API+key&next={}",
            auth::urlencoding(next)
        ))
        .into_response();
    }

    let token = auth::generate_session_token();
    let expires_at = andromeda_auth::datetime::expiry_datetime_string(7 * 24 * 3600);

    if db::insert_session(&state.db, &token, &expires_at).is_err() {
        return Redirect::to("/admin/login?error=Server+error").into_response();
    }
    let _ = db::prune_expired_sessions(&state.db);

    let cookie = auth::build_session_cookie(&token, state.cookie_secure);
    let redirect_to = if next.starts_with('/') { next } else { "/admin" };
    let mut resp = Redirect::to(redirect_to).into_response();
    resp.headers_mut().insert(
        header::SET_COOKIE,
        HeaderValue::from_str(&cookie).unwrap(),
    );
    resp
}

async fn post_logout(
    State(state): State<AppState>,
    headers: HeaderMap,
) -> Response {
    if let Some(token) = andromeda_auth::extract_session_cookie(&headers) {
        let _ = db::delete_session(&state.db, &token);
    }
    let cookie = auth::clear_session_cookie();
    let mut resp = Redirect::to("/admin/login").into_response();
    resp.headers_mut().insert(
        header::SET_COOKIE,
        HeaderValue::from_str(&cookie).unwrap(),
    );
    resp
}

async fn admin_delete_snippet(
    _session: auth::AuthSession,
    State(state): State<AppState>,
    Path(short_id): Path<String>,
) -> Response {
    let _ = db::delete_snippet_by_short_id(&state.db, &short_id);
    Redirect::to("/admin").into_response()
}

fn is_cli_user_agent(headers: &HeaderMap) -> bool {

    let provided = headers
        .get("x-api-key")
        .and_then(|v| v.to_str().ok());
    match provided {
        Some(k) if k.as_bytes().ct_eq(server_key.as_bytes()).into() => Ok(next.run(request).await),
        _ => Err((
            StatusCode::UNAUTHORIZED,
            Json(serde_json::json!({"error": "Invalid or missing API key"})),
        )),
    if let Some(k) = provided {
        if auth::verify_api_key(k, server_key) {
            return Ok(next.run(request).await);
        }
    }
    if let Some(token) = andromeda_auth::extract_session_cookie(&headers) {
        if auth::is_valid_session(&state, &token) {
            return Ok(next.run(request).await);
        }
    }
    Err((
        StatusCode::UNAUTHORIZED,
        Json(serde_json::json!({"error": "Invalid or missing API key"})),
    ))
}

async fn api_list_snippets(


    let base_url = std::env::var("BASE_URL").unwrap_or_else(|_| "http://localhost:3000".to_string());

    let cookie_secure = std::env::var("SIPP_COOKIE_SECURE")
        .map(|v| v == "true")
        .unwrap_or(false);

    let db = db::init_db().expect("Failed to initialize database");
    let _ = db::prune_expired_sessions(&db);

    let state = AppState {
        db: db::init_db().expect("Failed to initialize database"),
        db,
        highlighter: Arc::new(Highlighter::new()),
        server_config,
        base_url,
        cookie_secure,
    };

    let api_routes = build_api_routes(&state);

    let app = Router::new()
        .route("/", get(index))
        .route("/admin", get(admin))
        .route("/admin/login", get(get_login).post(post_login))
        .route("/admin/logout", post(post_logout))
        .route("/admin/snippets/{short_id}/delete", post(admin_delete_snippet))
        .route("/s/{short_id}", get(view_snippet))
        .route("/snippets", post(create_snippet))
        .merge(api_routes)

apps/sipp/static/styles.css +149 −35

html {
	background: #121113;
	color: #ffffff;
	font-size: 14px;
	line-height: 1.6;
}

a {
	color: #ffffff;
	text-decoration: none;
}

a:hover {
	opacity: 0.7;
}

html::-webkit-scrollbar {

	min-height: 100vh;
	max-width: 700px;
	margin: auto;
	padding: 0 1rem 4rem;
}

.header {
	display: flex;
	text-decoration: none;
	flex-direction: column;
	gap: 0.5rem;
	margin-top: 2rem;
}

.logo {
	text-decoration: none !important;
}

.nav {
.links {
	display: flex;
	align-items: center;
	justify-content: space-between;
	width: 100%;
	margin-top: 2rem;
	gap: 0.75rem;
	font-size: 12px;
	text-decoration: none;
}

.links .inline-form {
	display: inline;
	margin: 0;
	padding: 0;
}

.links .link-button {
	font-size: 12px;
}

.icon {

	width: 100%;
}

#snippetForm input {
	background: #121113;
	color: #ffffff;
	border: 1px solid white;
	padding: 4px;
}

#authForm input {
input, textarea, select {
	background: #121113;
	color: #ffffff;
	border: 1px solid white;
	padding: 4px;
	padding: 0.4rem 0.75rem;
	font-size: 16px;
	width: 100%;
	border-radius: 0;
}

textarea {
	background: #121113;
	color: #ffffff;
	width: 100%;
	min-height: 400px;
	padding: 6px;
	border: 1px solid white;
	resize: vertical;
}

.code-container {

	line-height: 1.4;
}

button {
button, .btn {
	background: #121113;
	color: #ffffff;
	padding: 6px;
	padding: 0.4rem 0.75rem;
	border: 1px solid white;
	cursor: pointer;
	width: fit-content;
	font-size: 14px;
	border-radius: 0;
	text-decoration: none;
	display: inline-block;
}

a {
	background: #121113;
	color: #ffffff;
button:hover, .btn:hover {
	opacity: 0.7;
}

@media (max-width: 480px) {

	}
}

#snippetList {
.empty {
	opacity: 0.5;
	font-size: 12px;
}

.admin-list {
	display: flex;
	flex-direction: column;
	gap: 0;
	width: 100%;
}

.snippet-item {
.admin-list-item {
	display: flex;
	justify-content: space-between;
	align-items: center;
	padding: 8px;
	border: 1px solid white;
	margin-top: -1px;
	text-decoration: none;
	padding: 8px 0;
	border-bottom: 1px solid #333;
	gap: 1rem;
}

.snippet-item:hover {
	background: #1e1d1f;
.admin-list-info {
	display: flex;
	flex-direction: column;
	gap: 0.2rem;
	min-width: 0;
}

.admin-list-title {
	font-size: 15px;
	white-space: nowrap;
	overflow: hidden;
	text-overflow: ellipsis;
}

.snippet-id {
	color: #878787;
.admin-list-meta {
	display: flex;
	gap: 0.75rem;
	align-items: center;
}

.admin-list-date {
	font-size: 11px;
	opacity: 0.4;
}

.admin-list-actions {
	display: flex;
	gap: 1rem;
	font-size: 12px;
	flex-shrink: 0;
}

.inline-form {
	display: inline;
	margin: 0;
	padding: 0;
}

.link-button {
	background: none;
	border: none;
	color: #ffffff;
	cursor: pointer;
	font-size: 12px;
	padding: 0;
	font-family: inherit;
}

.link-button:hover {
	opacity: 0.7;
}

.link-button.danger {
	opacity: 0.5;
}

.link-button.danger:hover {
	opacity: 0.3;
}

@media (max-width: 480px) {
	.admin-list-item {
		flex-direction: column;
		align-items: flex-start;
		gap: 0.5rem;
	}
}

main {
	width: 100%;
	display: flex;
	flex-direction: column;
	gap: 1rem;
}

.form {
	display: flex;
	flex-direction: column;
	gap: 0.5rem;
	width: 100%;
}

label {
	font-size: 12px;
	opacity: 0.7;
}

.error {
	color: #ffffff;
	border-left: 2px solid #ffffff;
	padding-left: 0.5rem;
	font-size: 13px;
	opacity: 0.8;
}

@font-face {

apps/sipp/templates/admin.html +24 −72

  </head>
  <body>

    <div class="nav">
      <a href="/" class="header">
        <h1>SIPP</h1>
      </a>

      <a class="icon" target="_blank" href="https://github.com/stevedylandev/sipp">
        <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24">
          <title>GitHub</title>
          <path d="m21.838 11.677l-9.549-9.58c-.129-.13-.451-.13-.645 0L9 4.742l2.452 2.452c.193-.097.419-.13.645-.13c.903 0 1.58.742 1.58 1.581c0 .226-.032.452-.129.645l1.968 1.968c.194-.097.42-.129.645-.129c.904 0 1.58.742 1.58 1.58c0 .904-.741 1.581-1.58 1.581c-.903 0-1.58-.742-1.58-1.58c0-.226.032-.452.129-.646l-1.968-1.967h-.032v3.71c.58.258 1 .806 1 1.483c0 .904-.742 1.581-1.581 1.581c-.903 0-1.58-.742-1.58-1.58c0-.678.419-1.259 1-1.485v-3.612c-.581-.259-1-.807-1-1.484c0-.226.032-.452.128-.645L8.225 5.613l-6.097 6.064c-.129.13-.129.452 0 .646l9.58 9.58c.13.13.452.13.646 0l9.548-9.58a.59.59 0 0 0-.064-.646"/>
        </svg>
      </a>
    </div>

    <div id="authForm" style="display: flex; gap: 1rem; width: 100%;">
      <input placeholder="API Key" type="password" id="apiKey" style="flex: 1;">
      <button id="loadBtn" onclick="loadSnippets()">Load Snippets</button>
    <div class="header">
      <a href="/" class="logo"><h1>SIPP</h1></a>
    </div>

    <div id="error" style="display: none; color: #ff6b6b;"></div>

    <div id="snippetList" style="display: none; width: 100%;"></div>

    <script>
      async function loadSnippets() {
        const apiKey = document.getElementById('apiKey').value;
        const errorEl = document.getElementById('error');
        const listEl = document.getElementById('snippetList');
        const loadBtn = document.getElementById('loadBtn');

        errorEl.style.display = 'none';
        listEl.style.display = 'none';
        loadBtn.textContent = 'Loading...';
        loadBtn.disabled = true;

        try {
          const res = await fetch('/api/snippets', {
            headers: { 'x-api-key': apiKey }
          });

          if (!res.ok) {
            const data = await res.json();
            throw new Error(data.error || 'Failed to load snippets');
          }

          const snippets = await res.json();

          if (snippets.length === 0) {
            listEl.innerHTML = '<p>No snippets found.</p>';
          } else {
            listEl.innerHTML = snippets.map(s =>
              `<a class="snippet-item" href="/s/${s.short_id}">` +
                `<span class="snippet-name">${s.name}</span>` +
                `<span class="snippet-id">/s/${s.short_id}</span>` +
              `</a>`
            ).join('');
          }

          listEl.style.display = 'flex';
        } catch (err) {
          errorEl.textContent = err.message;
          errorEl.style.display = 'block';
        } finally {
          loadBtn.textContent = 'Load Snippets';
          loadBtn.disabled = false;
        }
      }

      document.getElementById('apiKey').addEventListener('keydown', (e) => {
        if (e.key === 'Enter') {
          e.preventDefault();
          loadSnippets();
        }
      });
    </script>
    {% if snippets.is_empty() %}
      <p class="empty">no snippets yet</p>
    {% else %}
      <div class="admin-list">
        {% for s in snippets %}
          <div class="admin-list-item">
            <div class="admin-list-info">
              <a href="/s/{{ s.short_id }}" class="admin-list-title">{{ s.name }}</a>
              <div class="admin-list-meta">
                <span class="admin-list-date">/s/{{ s.short_id }}</span>
              </div>
            </div>
            <div class="admin-list-actions">
              <a href="/s/{{ s.short_id }}">view</a>
              <form method="POST" action="/admin/snippets/{{ s.short_id }}/delete" class="inline-form" onsubmit="return confirm('delete this snippet?')">
                <button type="submit" class="link-button danger">delete</button>
              </form>
            </div>
          </div>
        {% endfor %}
      </div>
    {% endif %}
  </body>
</html>

apps/sipp/templates/index.html +5 −11

27	27		</head>
28	28		<body>
29	29
30		-	<div class="nav">
31		-	<a href="/" class="header">
32		-	<h1>SIPP</h1>
33		-	</a>
34		-
35		-	<a class="icon" target="_blank" href="https://github.com/stevedylandev/sipp">
36		-	<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24">
37		-	<title>GitHub</title>
38		-	<path d="m21.838 11.677l-9.549-9.58c-.129-.13-.451-.13-.645 0L9 4.742l2.452 2.452c.193-.097.419-.13.645-.13c.903 0 1.58.742 1.58 1.581c0 .226-.032.452-.129.645l1.968 1.968c.194-.097.42-.129.645-.129c.904 0 1.58.742 1.58 1.58c0 .904-.741 1.581-1.58 1.581c-.903 0-1.58-.742-1.58-1.58c0-.226.032-.452.129-.646l-1.968-1.967h-.032v3.71c.58.258 1 .806 1 1.483c0 .904-.742 1.581-1.581 1.581c-.903 0-1.58-.742-1.58-1.58c0-.678.419-1.259 1-1.485v-3.612c-.581-.259-1-.807-1-1.484c0-.226.032-.452.128-.645L8.225 5.613l-6.097 6.064c-.129.13-.129.452 0 .646l9.58 9.58c.13.13.452.13.646 0l9.548-9.58a.59.59 0 0 0-.064-.646"/>
39		-	</svg>
40		-	</a>
	30	+	<div class="header">
	31	+	<a href="/" class="logo"><h1>SIPP</h1></a>
	32	+	<nav class="links">
	33	+	<a href="/admin">admin</a>
	34	+	</nav>
41	35		</div>
42	36
43	37

apps/sipp/templates/login.html (added) +33 −0

1	+	<!doctype html>
2	+	<html lang="en">
3	+	<head>
4	+	<meta charset="UTF-8" />
5	+	<meta name="viewport" content="width=device-width, initial-scale=1.0" />
6	+	<meta name="theme-color" content="#121113" />
7	+	<link rel="stylesheet" href="/static/styles.css" />
8	+	<link rel="apple-touch-icon" sizes="180x180" href="/static/apple-touch-icon.png">
9	+	<link rel="icon" type="image/png" sizes="32x32" href="/static/favicon-32x32.png">
10	+	<link rel="icon" type="image/png" sizes="16x16" href="/static/favicon-16x16.png">
11	+	<link rel="manifest" href="/static/site.webmanifest">
12	+
13	+	<title>Sipp - Login</title>
14	+	<meta name="description" content="Minimal Code Sharing">
15	+	</head>
16	+	<body>
17	+
18	+	<header class="header">
19	+	<a href="/" class="logo"><h1>SIPP</h1></a>
20	+	</header>
21	+	<main>
22	+	{% if let Some(error) = error %}
23	+	<p class="error">{{ error }}</p>
24	+	{% endif %}
25	+
26	+	<form method="POST" action="/admin/login{% if let Some(next) = next %}?next={{ next }}{% endif %}" class="form">
27	+	<label for="api_key">api key</label>
28	+	<input type="password" id="api_key" name="api_key" autofocus required>
29	+	<button type="submit">login</button>
30	+	</form>
31	+	</main>
32	+	</body>
33	+	</html>

apps/sipp/templates/snippet.html +0 −7

31	31		<a href="/" class="header">
32	32		<h1>SIPP</h1>
33	33		</a>
34		-
35		-	<a class="icon" target="_blank" href="https://github.com/stevedylandev/sipp">
36		-	<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24">
37		-	<title>GitHub</title>
38		-	<path d="m21.838 11.677l-9.549-9.58c-.129-.13-.451-.13-.645 0L9 4.742l2.452 2.452c.193-.097.419-.13.645-.13c.903 0 1.58.742 1.58 1.581c0 .226-.032.452-.129.645l1.968 1.968c.194-.097.42-.129.645-.129c.904 0 1.58.742 1.58 1.58c0 .904-.741 1.581-1.58 1.581c-.903 0-1.58-.742-1.58-1.58c0-.226.032-.452.129-.646l-1.968-1.967h-.032v3.71c.58.258 1 .806 1 1.483c0 .904-.742 1.581-1.581 1.581c-.903 0-1.58-.742-1.58-1.58c0-.678.419-1.259 1-1.485v-3.612c-.581-.259-1-.807-1-1.484c0-.226.032-.452.128-.645L8.225 5.613l-6.097 6.064c-.129.13-.129.452 0 .646l9.58 9.58c.13.13.452.13.646 0l9.548-9.58a.59.59 0 0 0-.064-.646"/>
39		-	</svg>
40		-	</a>
41	34		</div>
42	35
43	36		<div id="snippetForm">

4202	4202
4203	4203		[[package]]
4204	4204		name = "sipp-so"
4205		-	version = "0.1.6"
	4205	+	version = "0.2.0"
4206	4206		dependencies = [
	4207	+	"andromeda-auth",
4207	4208		"andromeda-db",
4208	4209		"arboard",
4209	4210		"askama 0.15.6",

558	558		)
559	559		.init();
560	560
561		-	let db_path = std::env::var("DB_PATH").unwrap_or_else(\|_\| "feeds.sqlite".to_string());
	561	+	let db_path =
	562	+	std::env::var("FEEDS_DB_PATH").unwrap_or_else(\|_\| "/data/feeds.sqlite".to_string());
562	563		let conn = Connection::open(&db_path).expect("open sqlite");
563	564		conn.execute_batch(SESSION_SCHEMA).expect("session schema");
564	565		conn.execute_batch(fdb::FEEDS_SCHEMA).expect("feeds schema");

10	10		# SIPP_VOLUME=sipp_sipp-data
11	11		# CELLAR_VOLUME=cellar_cellar-data
12	12		# POSTS_VOLUME=posts_posts-data
	13	+	# FEEDS_VOLUME=feeds_feeds-data
13	14
14	15		# Optional: days to keep backups (default: 30)
15	16		# RETENTION_DAYS=30

1	1		# Backup
2	2
3		-	Automated SQLite backups for Jotts, Sipp, Cellar, and Posts to Cloudflare R2. Runs every 6 hours via cron inside a Docker container and prunes backups older than 30 days.
	3	+	Automated SQLite backups for Jotts, Sipp, Cellar, Posts, and Feeds to Cloudflare R2. Runs every 6 hours via cron inside a Docker container and prunes backups older than 30 days.
4	4
5	5		## Setup
6	6

45	45		SIPP_VOLUME=sipp_sipp-data
46	46		CELLAR_VOLUME=cellar_cellar-data
47	47		POSTS_VOLUME=posts_posts-data
	48	+	FEEDS_VOLUME=feeds_feeds-data
48	49		```
49	50
50	51		Run `docker volume ls` to check the actual names on your host.

83	84		-v sipp_sipp-data:/data/sipp:ro \
84	85		-v cellar_cellar-data:/data/cellar:ro \
85	86		-v posts_posts-data:/data/posts:ro \
	87	+	-v feeds_feeds-data:/data/feeds:ro \
86	88		ghcr.io/stevedylandev/andromeda-backup:latest
87	89		```
88	90

151	153		\| `SIPP_VOLUME` \| `sipp_sipp-data` \| Docker volume name for Sipp data \|
152	154		\| `CELLAR_VOLUME` \| `cellar_cellar-data` \| Docker volume name for Cellar data \|
153	155		\| `POSTS_VOLUME` \| `posts_posts-data` \| Docker volume name for Posts data \|
	156	+	\| `FEEDS_VOLUME` \| `feeds_feeds-data` \| Docker volume name for Feeds data \|

5	5		BUCKET="${R2_BUCKET:-andromeda-backups}"
6	6		RETENTION_DAYS="${RETENTION_DAYS:-30}"
7	7
8		-	DBS="jotts:/data/jotts/jotts.sqlite sipp:/data/sipp/sipp.sqlite cellar:/data/cellar/cellar.sqlite posts:/data/posts/posts.sqlite"
	8	+	DBS="jotts:/data/jotts/jotts.sqlite sipp:/data/sipp/sipp.sqlite cellar:/data/cellar/cellar.sqlite posts:/data/posts/posts.sqlite feeds:/data/feeds/feeds.sqlite"
9	9
10	10		for entry in $DBS; do
11	11		name="${entry%%:*}"

28	28
29	29		# Prune old backups
30	30		cutoff=$(date -u -d "-${RETENTION_DAYS} days" +%Y-%m-%d 2>/dev/null \|\| date -u -v-${RETENTION_DAYS}d +%Y-%m-%d)
31		-	for name in jotts sipp cellar posts; do
	31	+	for name in jotts sipp cellar posts feeds; do
32	32		aws s3 ls "s3://${BUCKET}/${name}/" --endpoint-url "${R2_ENDPOINT}" 2>/dev/null \| while read -r line; do
33	33		filedate=$(echo "$line" \| awk '{print $1}')
34	34		filename=$(echo "$line" \| awk '{print $4}')

3	3		BASE_URL=http://localhost:3000
4	4		HOST=127.0.0.1
5	5		PORT=3000
6		-	DB_PATH=feeds.sqlite
	6	+	FEEDS_DB_PATH=/data/feeds.sqlite
7	7		API_KEY=
8	8		DEFAULT_POLL_MINUTES=30
9	9		ITEM_CAP_PER_FEED=200

36	36
37	37		FROM debian:bookworm-slim
38	38		RUN apt-get update && apt-get install -y ca-certificates && rm -rf /var/lib/apt/lists/*
39		-	WORKDIR /data
40	39		COPY --from=builder /app/target/release/feeds /usr/local/bin/feeds
	40	+	WORKDIR /data
41	41		EXPOSE 3000
	42	+	ENV HOST=0.0.0.0
	43	+	ENV PORT=3000
42	44		CMD ["feeds"]

36	36		\| `BASE_URL` \| Public base URL of the app \| `http://localhost:3000` \|
37	37		\| `HOST` \| Bind address \| `0.0.0.0` \|
38	38		\| `PORT` \| Bind port \| `3000` \|
39		-	\| `DB_PATH` \| SQLite database path \| `feeds.sqlite` \|
	39	+	\| `FEEDS_DB_PATH` \| SQLite database path \| `/data/feeds.sqlite` \|
40	40		\| `DEFAULT_POLL_MINUTES` \| Background poll interval in minutes (overridable from the admin panel) \| `30` \|
41	41		\| `ITEM_CAP_PER_FEED` \| Maximum stored items per subscription; older items pruned \| `200` \|
42	42		\| `COOKIE_SECURE` \| Enable HTTPS-only cookies \| `false` \|

146	146		docker compose up -d
147	147		```
148	148
149		-	Mount a volume at `DB_PATH` to persist the SQLite database.
	149	+	Mount a volume at `FEEDS_DB_PATH` to persist the SQLite database.
150	150
151	151		### Binary
152	152

1	1		services:
2		-	feeds:
	2	+	app:
3	3		build:
4	4		context: ../..
5	5		dockerfile: apps/feeds/Dockerfile
6	6		ports:
7		-	- "3000:3000"
	7	+	- "${PORT:-3000}:${PORT:-3000}"
	8	+	environment:
	9	+	- ADMIN_PASSWORD=${ADMIN_PASSWORD:-changeme}
	10	+	- API_KEY=${API_KEY:-}
	11	+	- FEEDS_DB_PATH=/data/feeds.sqlite
	12	+	- BASE_URL=${BASE_URL:-http://localhost:3000}
	13	+	- COOKIE_SECURE=false
	14	+	- HOST=0.0.0.0
	15	+	- PORT=${PORT:-3000}
8	16		volumes:
9		-	- feeds_data:/app/data
10		-	env_file:
11		-	- .env
	17	+	- feeds-data:/data
12	18		restart: unless-stopped
13	19
14	20		volumes:
15		-	feeds_data:
	21	+	feeds-data:

1	1		[package]
2	2		name = "sipp-so"
3		-	version = "0.1.6"
	3	+	version = "0.2.0"
4	4		edition = "2024"
5	5		description = "Minimal code sharing - single binary for web server, CLI, and TUI"
6	6		license = "MIT"

28	28		dotenvy = { workspace = true }
29	29		subtle = { workspace = true }
30	30		rusqlite = { workspace = true }
31		-	andromeda-db = { workspace = true }
	31	+	andromeda-db = { workspace = true, features = ["session"] }
	32	+	andromeda-auth = { workspace = true }
32	33		askama = "0.15.4"
33	34		askama_web = { version = "0.15.1", features = ["axum-0.8"] }
34	35		ratatui = "0.30"

8	8		environment:
9	9		- SIPP_API_KEY=${SIPP_API_KEY:-changeme}
10	10		- SIPP_AUTH_ENDPOINTS=api_delete,api_list
	11	+	- SIPP_DB_PATH=/data/sipp.sqlite
11	12		volumes:
12	13		- sipp-data:/data
13	14		restart: unless-stopped

3	3		use serde::{Deserialize, Serialize};
4	4		use std::sync::{Arc, Mutex};
5	5
	6	+	pub use andromeda_db::session::{
	7	+	delete_session, get_session_expiry, insert_session, prune_expired_sessions,
	8	+	};
6	9		pub use andromeda_db::{Db, DbError};
7	10
8	11		#[derive(Serialize, Deserialize)]

44	47		short_id TEXT NOT NULL UNIQUE,
45	48		content TEXT NOT NULL,
46	49		name TEXT NOT NULL
	50	+	);
	51	+
	52	+	CREATE TABLE IF NOT EXISTS sessions (
	53	+	id INTEGER PRIMARY KEY AUTOINCREMENT,
	54	+	token TEXT NOT NULL UNIQUE,
	55	+	expires_at TEXT NOT NULL
47	56		);
48	57		";
49	58

1	1		use askama::Template;
2	2		use askama_web::WebTemplate;
3		-	use subtle::ConstantTimeEq;
4	3		use axum::{
5	4		Form, Json, Router,
6		-	extract::{Path, Request, State},
7		-	http::{HeaderMap, StatusCode, header},
	5	+	extract::{Path, Query, Request, State},
	6	+	http::{HeaderMap, HeaderValue, StatusCode, header},
8	7		middleware::{self, Next},
9	8		response::{Html, IntoResponse, Redirect, Response},
10	9		routing::{delete, get, post, put},
11	10		};
12	11		use rust_embed::Embed;
13	12		use serde::Deserialize;
	13	+	use crate::auth;
14	14		use crate::db::{self, Db, Snippet};
15	15		use crate::highlight::Highlighter;
16	16		use std::collections::HashSet;

21	21		struct Static;
22	22
23	23		#[derive(Clone)]
24		-	struct ServerConfig {
	24	+	pub struct ServerConfig {
25	25		api_key: Option<String>,
26	26		auth_endpoints: HashSet<String>,
27	27		max_content_size: usize,

48	48		}
49	49
50	50		#[derive(Clone)]
51		-	struct AppState {
52		-	db: Db,
53		-	highlighter: Arc<Highlighter>,
54		-	server_config: ServerConfig,
55		-	base_url: String,
	51	+	pub struct AppState {
	52	+	pub db: Db,
	53	+	pub highlighter: Arc<Highlighter>,
	54	+	pub server_config: ServerConfig,
	55	+	pub base_url: String,
	56	+	pub cookie_secure: bool,
56	57		}
57	58
58	59		#[derive(Template)]

65	66		#[template(path = "admin.html")]
66	67		struct AdminTemplate {
67	68		base_url: String,
	69	+	snippets: Vec<Snippet>,
	70	+	}
	71	+
	72	+	#[derive(Template)]
	73	+	#[template(path = "login.html")]
	74	+	struct LoginTemplate {
	75	+	error: Option<String>,
	76	+	next: Option<String>,
68	77		}
69	78
70	79		#[derive(Template)]

82	91		content: String,
83	92		}
84	93
	94	+	#[derive(Deserialize)]
	95	+	struct LoginForm {
	96	+	api_key: String,
	97	+	}
	98	+
	99	+	#[derive(Deserialize, Default)]
	100	+	struct FlashQuery {
	101	+	error: Option<String>,
	102	+	next: Option<String>,
	103	+	}
	104	+
85	105		async fn index(State(state): State<AppState>) -> WebTemplate<IndexTemplate> {
86	106		WebTemplate(IndexTemplate { base_url: state.base_url.clone() })
87	107		}
88	108
89		-	async fn admin(State(state): State<AppState>) -> WebTemplate<AdminTemplate> {
90		-	WebTemplate(AdminTemplate { base_url: state.base_url.clone() })
	109	+	async fn admin(
	110	+	_session: auth::AuthSession,
	111	+	State(state): State<AppState>,
	112	+	) -> Response {
	113	+	match db::get_all_snippets(&state.db) {
	114	+	Ok(snippets) => WebTemplate(AdminTemplate {
	115	+	base_url: state.base_url.clone(),
	116	+	snippets,
	117	+	})
	118	+	.into_response(),
	119	+	Err(_) => (
	120	+	StatusCode::INTERNAL_SERVER_ERROR,
	121	+	Html("<h1>Internal server error</h1>".to_string()),
	122	+	)
	123	+	.into_response(),
	124	+	}
	125	+	}
	126	+
	127	+	async fn get_login(Query(q): Query<FlashQuery>) -> WebTemplate<LoginTemplate> {
	128	+	WebTemplate(LoginTemplate {
	129	+	error: q.error,
	130	+	next: q.next,
	131	+	})
	132	+	}
	133	+
	134	+	async fn post_login(
	135	+	State(state): State<AppState>,
	136	+	Query(q): Query<FlashQuery>,
	137	+	Form(form): Form<LoginForm>,
	138	+	) -> Response {
	139	+	let next = q.next.as_deref().unwrap_or("/admin");
	140	+	let server_key = match &state.server_config.api_key {
	141	+	Some(k) => k,
	142	+	None => {
	143	+	return Redirect::to("/admin/login?error=No+API+key+configured").into_response();
	144	+	}
	145	+	};
	146	+
	147	+	if !auth::verify_api_key(&form.api_key, server_key) {
	148	+	return Redirect::to(&format!(
	149	+	"/admin/login?error=Invalid+API+key&next={}",
	150	+	auth::urlencoding(next)
	151	+	))
	152	+	.into_response();
	153	+	}
	154	+
	155	+	let token = auth::generate_session_token();
	156	+	let expires_at = andromeda_auth::datetime::expiry_datetime_string(7 * 24 * 3600);
	157	+
	158	+	if db::insert_session(&state.db, &token, &expires_at).is_err() {
	159	+	return Redirect::to("/admin/login?error=Server+error").into_response();
	160	+	}
	161	+	let _ = db::prune_expired_sessions(&state.db);
	162	+
	163	+	let cookie = auth::build_session_cookie(&token, state.cookie_secure);
	164	+	let redirect_to = if next.starts_with('/') { next } else { "/admin" };
	165	+	let mut resp = Redirect::to(redirect_to).into_response();
	166	+	resp.headers_mut().insert(
	167	+	header::SET_COOKIE,
	168	+	HeaderValue::from_str(&cookie).unwrap(),
	169	+	);
	170	+	resp
	171	+	}
	172	+
	173	+	async fn post_logout(
	174	+	State(state): State<AppState>,
	175	+	headers: HeaderMap,
	176	+	) -> Response {
	177	+	if let Some(token) = andromeda_auth::extract_session_cookie(&headers) {
	178	+	let _ = db::delete_session(&state.db, &token);
	179	+	}
	180	+	let cookie = auth::clear_session_cookie();
	181	+	let mut resp = Redirect::to("/admin/login").into_response();
	182	+	resp.headers_mut().insert(
	183	+	header::SET_COOKIE,
	184	+	HeaderValue::from_str(&cookie).unwrap(),
	185	+	);
	186	+	resp
	187	+	}
	188	+
	189	+	async fn admin_delete_snippet(
	190	+	_session: auth::AuthSession,
	191	+	State(state): State<AppState>,
	192	+	Path(short_id): Path<String>,
	193	+	) -> Response {
	194	+	let _ = db::delete_snippet_by_short_id(&state.db, &short_id);
	195	+	Redirect::to("/admin").into_response()
91	196		}
92	197
93	198		fn is_cli_user_agent(headers: &HeaderMap) -> bool {

175	280		let provided = headers
176	281		.get("x-api-key")
177	282		.and_then(\|v\| v.to_str().ok());
178		-	match provided {
179		-	Some(k) if k.as_bytes().ct_eq(server_key.as_bytes()).into() => Ok(next.run(request).await),
180		-	_ => Err((
181		-	StatusCode::UNAUTHORIZED,
182		-	Json(serde_json::json!({"error": "Invalid or missing API key"})),
183		-	)),
	283	+	if let Some(k) = provided {
	284	+	if auth::verify_api_key(k, server_key) {
	285	+	return Ok(next.run(request).await);
	286	+	}
	287	+	}
	288	+	if let Some(token) = andromeda_auth::extract_session_cookie(&headers) {
	289	+	if auth::is_valid_session(&state, &token) {
	290	+	return Ok(next.run(request).await);
	291	+	}
184	292		}
	293	+	Err((
	294	+	StatusCode::UNAUTHORIZED,
	295	+	Json(serde_json::json!({"error": "Invalid or missing API key"})),
	296	+	))
185	297		}
186	298
187	299		async fn api_list_snippets(

369	481
370	482		let base_url = std::env::var("BASE_URL").unwrap_or_else(\|_\| "http://localhost:3000".to_string());
371	483
	484	+	let cookie_secure = std::env::var("SIPP_COOKIE_SECURE")
	485	+	.map(\|v\| v == "true")
	486	+	.unwrap_or(false);
	487	+
	488	+	let db = db::init_db().expect("Failed to initialize database");
	489	+	let _ = db::prune_expired_sessions(&db);
	490	+
372	491		let state = AppState {
373		-	db: db::init_db().expect("Failed to initialize database"),
	492	+	db,
374	493		highlighter: Arc::new(Highlighter::new()),
375	494		server_config,
376	495		base_url,
	496	+	cookie_secure,
377	497		};
378	498
379	499		let api_routes = build_api_routes(&state);

381	501		let app = Router::new()
382	502		.route("/", get(index))
383	503		.route("/admin", get(admin))
	504	+	.route("/admin/login", get(get_login).post(post_login))
	505	+	.route("/admin/logout", post(post_logout))
	506	+	.route("/admin/snippets/{short_id}/delete", post(admin_delete_snippet))
384	507		.route("/s/{short_id}", get(view_snippet))
385	508		.route("/snippets", post(create_snippet))
386	509		.merge(api_routes)

10	10		html {
11	11		background: #121113;
12	12		color: #ffffff;
	13	+	font-size: 14px;
	14	+	line-height: 1.6;
	15	+	}
	16	+
	17	+	a {
	18	+	color: #ffffff;
	19	+	text-decoration: none;
	20	+	}
	21	+
	22	+	a:hover {
	23	+	opacity: 0.7;
13	24		}
14	25
15	26		html::-webkit-scrollbar {

25	36		min-height: 100vh;
26	37		max-width: 700px;
27	38		margin: auto;
	39	+	padding: 0 1rem 4rem;
28	40		}
29	41
30	42		.header {
31	43		display: flex;
32		-	text-decoration: none;
	44	+	flex-direction: column;
	45	+	gap: 0.5rem;
	46	+	margin-top: 2rem;
	47	+	}
	48	+
	49	+	.logo {
	50	+	text-decoration: none !important;
33	51		}
34	52
35		-	.nav {
	53	+	.links {
36	54		display: flex;
37	55		align-items: center;
38		-	justify-content: space-between;
39		-	width: 100%;
40		-	margin-top: 2rem;
	56	+	gap: 0.75rem;
	57	+	font-size: 12px;
	58	+	text-decoration: none;
	59	+	}
	60	+
	61	+	.links .inline-form {
	62	+	display: inline;
	63	+	margin: 0;
	64	+	padding: 0;
	65	+	}
	66	+
	67	+	.links .link-button {
	68	+	font-size: 12px;
41	69		}
42	70
43	71		.icon {

69	97		width: 100%;
70	98		}
71	99
72		-	#snippetForm input {
73		-	background: #121113;
74		-	color: #ffffff;
75		-	border: 1px solid white;
76		-	padding: 4px;
77		-	}
78		-
79		-	#authForm input {
	100	+	input, textarea, select {
80	101		background: #121113;
81	102		color: #ffffff;
82	103		border: 1px solid white;
83		-	padding: 4px;
	104	+	padding: 0.4rem 0.75rem;
	105	+	font-size: 16px;
	106	+	width: 100%;
	107	+	border-radius: 0;
84	108		}
85	109
86	110		textarea {
87		-	background: #121113;
88		-	color: #ffffff;
89		-	width: 100%;
90	111		min-height: 400px;
91		-	padding: 6px;
92		-	border: 1px solid white;
	112	+	resize: vertical;
93	113		}
94	114
95	115		.code-container {

107	127		line-height: 1.4;
108	128		}
109	129
110		-	button {
	130	+	button, .btn {
111	131		background: #121113;
112	132		color: #ffffff;
113		-	padding: 6px;
	133	+	padding: 0.4rem 0.75rem;
114	134		border: 1px solid white;
115	135		cursor: pointer;
116	136		width: fit-content;
	137	+	font-size: 14px;
	138	+	border-radius: 0;
	139	+	text-decoration: none;
	140	+	display: inline-block;
117	141		}
118	142
119		-	a {
120		-	background: #121113;
121		-	color: #ffffff;
	143	+	button:hover, .btn:hover {
	144	+	opacity: 0.7;
122	145		}
123	146
124	147		@media (max-width: 480px) {

128	151		}
129	152		}
130	153
131		-	#snippetList {
	154	+	.empty {
	155	+	opacity: 0.5;
	156	+	font-size: 12px;
	157	+	}
	158	+
	159	+	.admin-list {
	160	+	display: flex;
132	161		flex-direction: column;
133		-	gap: 0;
	162	+	width: 100%;
134	163		}
135	164
136		-	.snippet-item {
	165	+	.admin-list-item {
137	166		display: flex;
138	167		justify-content: space-between;
139	168		align-items: center;
140		-	padding: 8px;
141		-	border: 1px solid white;
142		-	margin-top: -1px;
143		-	text-decoration: none;
	169	+	padding: 8px 0;
	170	+	border-bottom: 1px solid #333;
	171	+	gap: 1rem;
144	172		}
145	173
146		-	.snippet-item:hover {
147		-	background: #1e1d1f;
	174	+	.admin-list-info {
	175	+	display: flex;
	176	+	flex-direction: column;
	177	+	gap: 0.2rem;
	178	+	min-width: 0;
	179	+	}
	180	+
	181	+	.admin-list-title {
	182	+	font-size: 15px;
	183	+	white-space: nowrap;
	184	+	overflow: hidden;
	185	+	text-overflow: ellipsis;
148	186		}
149	187
150		-	.snippet-id {
151		-	color: #878787;
	188	+	.admin-list-meta {
	189	+	display: flex;
	190	+	gap: 0.75rem;
	191	+	align-items: center;
	192	+	}
	193	+
	194	+	.admin-list-date {
	195	+	font-size: 11px;
	196	+	opacity: 0.4;
	197	+	}
	198	+
	199	+	.admin-list-actions {
	200	+	display: flex;
	201	+	gap: 1rem;
	202	+	font-size: 12px;
	203	+	flex-shrink: 0;
	204	+	}
	205	+
	206	+	.inline-form {
	207	+	display: inline;
	208	+	margin: 0;
	209	+	padding: 0;
	210	+	}
	211	+
	212	+	.link-button {
	213	+	background: none;
	214	+	border: none;
	215	+	color: #ffffff;
	216	+	cursor: pointer;
	217	+	font-size: 12px;
	218	+	padding: 0;
	219	+	font-family: inherit;
	220	+	}
	221	+
	222	+	.link-button:hover {
	223	+	opacity: 0.7;
	224	+	}
	225	+
	226	+	.link-button.danger {
	227	+	opacity: 0.5;
	228	+	}
	229	+
	230	+	.link-button.danger:hover {
	231	+	opacity: 0.3;
	232	+	}
	233	+
	234	+	@media (max-width: 480px) {
	235	+	.admin-list-item {
	236	+	flex-direction: column;
	237	+	align-items: flex-start;
	238	+	gap: 0.5rem;
	239	+	}
	240	+	}
	241	+
	242	+	main {
	243	+	width: 100%;
	244	+	display: flex;
	245	+	flex-direction: column;
	246	+	gap: 1rem;
	247	+	}
	248	+
	249	+	.form {
	250	+	display: flex;
	251	+	flex-direction: column;
	252	+	gap: 0.5rem;
	253	+	width: 100%;
	254	+	}
	255	+
	256	+	label {
	257	+	font-size: 12px;
	258	+	opacity: 0.7;
	259	+	}
	260	+
	261	+	.error {
	262	+	color: #ffffff;
	263	+	border-left: 2px solid #ffffff;
	264	+	padding-left: 0.5rem;
152	265		font-size: 13px;
	266	+	opacity: 0.8;
153	267		}
154	268
155	269		@font-face {