blog.bunko.me — flat-file markdown blog with RSS
- HTML 63.6%
- Python 35.6%
- Dockerfile 0.8%
53cfa1bbcf
POST /admin/upload-image accepts multipart files with allowed image
extensions, caps at 10 MB, writes them to /app/data/images/ with a
random hex filename, and returns {url: "/blog/images/<hex>.<ext>"}.
GET /images/{filename} serves them publicly (post images are
embedded in public posts) with explicit path-traversal guards.
The admin/new.html and admin/edit.html templates now load the shared
markdown-editor.js after the form and call MarkdownEditor.attach on
the body textarea, pointing at /blog/admin/upload-image. Drag-into
and paste-from-clipboard image flows work with no other UI changes.
The /admin/* prefix means Caddy's existing forward_auth gates the
upload endpoint; /blog/images/* stays public, which is what we want.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
|
||
|---|---|---|
| app | ||
| .gitignore | ||
| docker-compose.yml | ||