From 3085dac359f4a43b43f2f0c3b0c53cf379f4897b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mika=C3=ABl=20Cluseau?= <mikael.cluseau@gmail.com>
Date: Thu, 22 Jan 2026 17:54:31 +0100
Subject: [PATCH] move ui to using trunk

cargo install trunk
---
 cmd/dkl-local-server/ws-ssh-acls.go   |  44 -------------
 cmd/dkl-local-server/ws.go            |  54 ----------------
 html/html.go                          |   2 +-
 ui/Trunk.toml                         |  24 +++++++
 {html/ui => ui}/app.css               |  13 ++++
 {html => ui}/favicon.ico              | Bin
 {html/ui => ui}/index.html            |  21 +++---
 {html/ui => ui}/js/Cluster.js         |  90 +++++++++++++++-----------
 {html/ui => ui}/js/Downloads.js       |   3 +-
 {html/ui => ui}/js/GetCopy.js         |   2 +-
 {html/ui => ui}/js/Host.js            |   5 +-
 {html/ui => ui}/js/app.js             |   6 +-
 {html/ui => ui}/js/jsonpatch.min.js   |   0
 {html/ui => ui}/js/vue.esm-browser.js |   0
 {html/ui => ui}/style.css             |   0
 15 files changed, 109 insertions(+), 155 deletions(-)
 delete mode 100644 cmd/dkl-local-server/ws-ssh-acls.go
 create mode 100644 ui/Trunk.toml
 rename {html/ui => ui}/app.css (76%)
 rename {html => ui}/favicon.ico (100%)
 rename {html/ui => ui}/index.html (89%)
 rename {html/ui => ui}/js/Cluster.js (71%)
 rename {html/ui => ui}/js/Downloads.js (99%)
 rename {html/ui => ui}/js/GetCopy.js (98%)
 rename {html/ui => ui}/js/Host.js (86%)
 rename {html/ui => ui}/js/app.js (98%)
 rename {html/ui => ui}/js/jsonpatch.min.js (100%)
 rename {html/ui => ui}/js/vue.esm-browser.js (100%)
 rename {html/ui => ui}/style.css (100%)

diff --git a/cmd/dkl-local-server/ws-ssh-acls.go b/cmd/dkl-local-server/ws-ssh-acls.go
deleted file mode 100644
index 32d20f7..0000000
--- a/cmd/dkl-local-server/ws-ssh-acls.go
+++ /dev/null
@@ -1,44 +0,0 @@
-package main
-
-import (
-	"net/http"
-	"os"
-	"path/filepath"
-
-	restful "github.com/emicklei/go-restful"
-	yaml "gopkg.in/yaml.v2"
-)
-
-type SSH_ACL struct {
-	Keys     []string
-	Clusters []string
-	Groups   []string
-	Hosts    []string
-}
-
-func loadSSH_ACLs() (acls []SSH_ACL, err error) {
-	f, err := os.Open(filepath.Join(*dataDir, "ssh-acls.yaml"))
-	if err != nil {
-		return
-	}
-
-	defer f.Close()
-
-	err = yaml.NewDecoder(f).Decode(&acls)
-	return
-}
-
-func wsSSH_ACL_List(req *restful.Request, resp *restful.Response) {
-	// TODO
-	http.NotFound(resp.ResponseWriter, req.Request)
-}
-
-func wsSSH_ACL_Get(req *restful.Request, resp *restful.Response) {
-	// TODO
-	http.NotFound(resp.ResponseWriter, req.Request)
-}
-
-func wsSSH_ACL_Set(req *restful.Request, resp *restful.Response) {
-	// TODO
-	http.NotFound(resp.ResponseWriter, req.Request)
-}
diff --git a/cmd/dkl-local-server/ws.go b/cmd/dkl-local-server/ws.go
index bec8a7f..4f95ff3 100644
--- a/cmd/dkl-local-server/ws.go
+++ b/cmd/dkl-local-server/ws.go
@@ -4,9 +4,7 @@ import (
 	"errors"
 	"fmt"
 	"log"
-	"net"
 	"net/http"
-	"strings"
 	"text/template"
 
 	cfsslconfig "github.com/cloudflare/cfssl/config"
@@ -152,10 +150,6 @@ func registerWS(rest *restful.Container) {
 	ws.Route(ws.GET("/hosts").To(wsListHosts).
 		Doc("List hosts"))
 
-	ws.Route(ws.GET("/ssh-acls").To(wsSSH_ACL_List))
-	ws.Route(ws.GET("/ssh-acls/{acl-name}").To(wsSSH_ACL_Get))
-	ws.Route(ws.PUT("/ssh-acls/{acl-name}").To(wsSSH_ACL_Set))
-
 	rest.Add(ws)
 
 	// Hosts API
@@ -176,19 +170,6 @@ func registerWS(rest *restful.Container) {
 
 	rest.Add(ws)
 
-	// Detected host API
-	ws = (&restful.WebService{}).
-		Filter(requireSecStore).
-		Path("/me").
-		Param(ws.HeaderParameter("Authorization", "Host or admin bearer token"))
-
-	(&wsHost{
-		hostDoc: "detected host",
-		getHost: detectHost,
-	}).register(ws, func(rb *restful.RouteBuilder) {
-		rb.Notes("In this case, the host is detected from the remote IP")
-	})
-
 	// Hosts by token API
 	ws = (&restful.WebService{}).
 		Filter(requireSecStore).
@@ -229,41 +210,6 @@ func requireSecStore(req *restful.Request, resp *restful.Response, chain *restfu
 	chain.ProcessFilter(req, resp)
 }
 
-func detectHost(req *restful.Request) (hostName string, err error) {
-	if !*allowDetectedHost {
-		return
-	}
-
-	r := req.Request
-	remoteAddr := r.RemoteAddr
-
-	if *trustXFF {
-		if xff := r.Header.Get("X-Forwarded-For"); xff != "" {
-			remoteAddr = strings.Split(xff, ",")[0]
-		}
-	}
-
-	hostIP, _, err := net.SplitHostPort(remoteAddr)
-
-	if err != nil {
-		hostIP = remoteAddr
-	}
-
-	cfg, err := readConfig()
-	if err != nil {
-		return
-	}
-
-	host := cfg.HostByIP(hostIP)
-
-	if host == nil {
-		log.Print("no host found for IP ", hostIP)
-		return
-	}
-
-	return host.Name, nil
-}
-
 func wsReadConfig(resp *restful.Response) *localconfig.Config {
 	cfg, err := readConfig()
 	if err != nil {
diff --git a/html/html.go b/html/html.go
index eb03fda..8755ed7 100644
--- a/html/html.go
+++ b/html/html.go
@@ -2,5 +2,5 @@ package dlshtml
 
 import "embed"
 
-//go:embed favicon.ico ui
+//go:embed ui
 var FS embed.FS
diff --git a/ui/Trunk.toml b/ui/Trunk.toml
new file mode 100644
index 0000000..cf581d6
--- /dev/null
+++ b/ui/Trunk.toml
@@ -0,0 +1,24 @@
+[build]
+public_url = "/ui"
+dist = "../html/ui"
+
+[[proxy]]
+backend = "http://localhost:7606/public-state"
+[[proxy]]
+backend = "http://localhost:7606/state"
+[[proxy]]
+backend = "http://localhost:7606/public"
+[[proxy]]
+backend = "http://localhost:7606/store"
+[[proxy]]
+backend = "http://localhost:7606/authorize-download"
+[[proxy]]
+backend = "http://localhost:7606/sign-download-set"
+[[proxy]]
+backend = "http://localhost:7606/configs"
+[[proxy]]
+backend = "http://localhost:7606/clusters"
+[[proxy]]
+backend = "http://localhost:7606/hosts-from-template"
+[[proxy]]
+backend = "http://localhost:7606/hosts"
diff --git a/html/ui/app.css b/ui/app.css
similarity index 76%
rename from html/ui/app.css
rename to ui/app.css
index d5dd4c3..f3a6bab 100644
--- a/html/ui/app.css
+++ b/ui/app.css
@@ -27,3 +27,16 @@
     color: var(--link);
   }
 }
+
+.text-and-file {
+  position:relative;
+
+  textarea {
+    width: 64em;
+  }
+
+  input[type="file"] {
+    position:absolute;
+    bottom:0;right:0;
+  }
+}
diff --git a/html/favicon.ico b/ui/favicon.ico
similarity index 100%
rename from html/favicon.ico
rename to ui/favicon.ico
diff --git a/html/ui/index.html b/ui/index.html
similarity index 89%
rename from html/ui/index.html
rename to ui/index.html
index 61616f7..7f2215a 100644
--- a/html/ui/index.html
+++ b/ui/index.html
@@ -2,18 +2,24 @@
 <html>
 <head>
 <title>Direktil Local Server</title>
-<style>
-@import url('./style.css');
-@import url('./app.css');
-</style>
-<script src="js/jsonpatch.min.js" crossorigin="anonymous"></script>
-<script src="js/app.js" type="module" defer></script>
+<base data-trunk-public-url />
+<link data-trunk rel="copy-file" href="favicon.ico" />
+<link rel="icon" href="favicon.ico" />
+<link data-trunk rel="copy-file" href="js/vue.esm-browser.js" />
+<link data-trunk rel="inline" href="style.css" />
+<link data-trunk rel="inline" href="app.css" />
+<script data-trunk src="js/jsonpatch.min.js"></script>
+<script data-trunk src="js/app.js" type="module" defer></script>
+<script data-trunk src="js/Downloads.js"></script>
+<script data-trunk src="js/GetCopy.js"></script>
+<script data-trunk src="js/Cluster.js"></script>
+<script data-trunk src="js/Host.js"></script>
 <body>
 
 <div id="app">
 <header>
     <div id="logo">
-        <img src="/favicon.ico" />
+        <img src="favicon.ico" />
         <span>Direktil Local Server</span>
     </div>
     <div class="utils">
@@ -134,6 +140,5 @@
   </div>
 </template>
 </div>
-
 </body>
 </html>
diff --git a/html/ui/js/Cluster.js b/ui/js/Cluster.js
similarity index 71%
rename from html/ui/js/Cluster.js
rename to ui/js/Cluster.js
index 49a67d5..2436c51 100644
--- a/html/ui/js/Cluster.js
+++ b/ui/js/Cluster.js
@@ -1,8 +1,4 @@
-
-import Downloads from './Downloads.js';
-import GetCopy from './GetCopy.js';
-
-export default {
+const Cluster = {
     components: { Downloads, GetCopy },
     props: [ 'cluster', 'token', 'state' ],
     data() {
@@ -52,8 +48,61 @@ export default {
               })
               .catch((e) => { alert('failed to sign: '+e); })
         },
+        readFile(e, onload) {
+            const file = e.target.files[0];
+            if (!file) { return; }
+            const reader = new FileReader();
+            reader.onload = () => { onload(reader.result) };
+            reader.onerror = () => { alert("error reading file"); };
+            reader.readAsText(file);
+        },
+        loadPubKey(e) {
+            this.readFile(e, (v) => {
+                this.sshSignReq.PubKey = v;
+            });
+        },
+        loadCSR(e) {
+            this.readFile(e, (v) => {
+                this.kubeSignReq.CSR = v;
+            });
+        },
     },
     template: `
+  <h3>Access</h3>
+
+  <p>Allow cluster access from a public key</p>
+
+  <h4>Grant SSH access</h4>
+
+  <p>Validity: <input type="text" v-model="signReqValidity"/> <small>time range, ie: -5m:1w, 5m, 1M, 1y, 1d-1s, etc.</small></p>
+  <p>User: <input type="text" v-model="sshSignReq.Principal"/></p>
+  <p>Public key (OpenSSH format):<br/>
+     <span class="text-and-file"><textarea v-model="sshSignReq.PubKey" style="height:3lh"></textarea>
+     <input type="file" accept=".pub" @change="loadPubKey" /></span>
+  </p>
+
+  <p><button @click="sshCASign">Sign SSH access</button>
+    <template v-if="sshUserCert">
+    =&gt; <a :href="sshUserCert" download="ssh-cert.pub">Get certificate</a>
+    </template>
+  </p>
+
+  <h4>Grant Kubernetes API access</h4>
+
+  <p>Validity: <input type="text" v-model="signReqValidity"/> <small>time range, ie: -5m:1w, 5m, 1M, 1y, 1d-1s, etc.</small></p>
+  <p>User: <input type="text" v-model="kubeSignReq.User"/> (by default, from the CSR)</p>
+  <p>Group: <input type="text" v-model="kubeSignReq.Group"/></p>
+  <p>Certificate signing request (PEM format):<br/>
+     <span class="text-and-file"><textarea v-model="kubeSignReq.CSR" style="height:7lh;"></textarea>
+     <input type="file" accept=".csr" @change="loadCSR" /></span>
+  </p>
+
+  <p><button @click="kubeCASign">Sign Kubernetes API access</button>
+    <template v-if="kubeUserCert">
+      =&gt; <a :href="kubeUserCert" download="kube-cert.pub">Get certificate</a>
+    </template>
+  </p>
+
   <h3>Tokens</h3>
   <section class="links">
     <GetCopy v-for="n in cluster.Tokens" :token="token" :name="n" :href="'/clusters/'+cluster.Name+'/tokens/'+n" />
@@ -78,36 +127,5 @@ export default {
     </template></td>
   </tr></table>
 
-  <h3>Access</h3>
-
-  <p>Allow cluster access from a public key</p>
-  <p>Certificate time validity: <input type="text" v-model="signReqValidity"/> <small>ie: -5m:1w, 5m, 1M, 1y, 1d-1s, etc.</p>
-
-  <h4>Grant SSH access</h4>
-
-  <p>Public key (OpenSSH format):<br/>
-     <textarea v-model="sshSignReq.PubKey" style="width:64em;height:2lh"></textarea>
-  </p>
-  <p>User: <input type="text" v-model="sshSignReq.Principal"/></p>
-
-  <p><button @click="sshCASign">Sign SSH access (validity: {{signReqValidity}})</button>
-    <template v-if="sshUserCert">
-    =&gt; <a :href="sshUserCert" download="ssh-cert.pub">Get certificate</a>
-    </template>
-  </p>
-
-  <h4>Grant Kubernetes API access</h4>
-
-  <p>Certificate signing request (PEM format):<br/>
-     <textarea v-model="kubeSignReq.CSR" style="width:64em;height:7lh;"></textarea>
-  </p>
-  <p>User: <input type="text" v-model="kubeSignReq.User"/></p>
-  <p>Group: <input type="text" v-model="kubeSignReq.Group"/></p>
-
-  <p><button @click="kubeCASign">Sign Kubernetes API access (validity: {{signReqValidity}})</button>
-    <template v-if="kubeUserCert">
-      =&gt; <a :href="kubeUserCert" download="kube-cert.pub">Get certificate</a>
-    </template>
-  </p>
 `
 }
diff --git a/html/ui/js/Downloads.js b/ui/js/Downloads.js
similarity index 99%
rename from html/ui/js/Downloads.js
rename to ui/js/Downloads.js
index fbaab1e..0e64c8e 100644
--- a/html/ui/js/Downloads.js
+++ b/ui/js/Downloads.js
@@ -1,5 +1,4 @@
-
-export default {
+const Downloads = {
     props: [ 'kind', 'name', 'token', 'state' ],
     data() {
         return { createDisabled: false, selectedAssets: {} }
diff --git a/html/ui/js/GetCopy.js b/ui/js/GetCopy.js
similarity index 98%
rename from html/ui/js/GetCopy.js
rename to ui/js/GetCopy.js
index 4c3b0be..aed4707 100644
--- a/html/ui/js/GetCopy.js
+++ b/ui/js/GetCopy.js
@@ -1,4 +1,4 @@
-export default {
+const GetCopy = {
     props: [ 'name', 'href', 'token' ],
     data() { return {showCopied: false} },
     template: `<span class="notif"><div v-if="showCopied">copied!</div><a :href="href" @click="fetchAndSave()">{{name}}</a>&nbsp;<a href="#" class="copy" @click="fetchAndCopy()">&#x1F5D0;</a></span>`,
diff --git a/html/ui/js/Host.js b/ui/js/Host.js
similarity index 86%
rename from html/ui/js/Host.js
rename to ui/js/Host.js
index 2be06e8..95871d8 100644
--- a/html/ui/js/Host.js
+++ b/ui/js/Host.js
@@ -1,7 +1,4 @@
-
-import Downloads from './Downloads.js';
-
-export default {
+const Host = {
     components: { Downloads },
     props: [ 'host', 'token', 'state' ],
     template: `
diff --git a/html/ui/js/app.js b/ui/js/app.js
similarity index 98%
rename from html/ui/js/app.js
rename to ui/js/app.js
index 87fdc44..764c04b 100644
--- a/html/ui/js/app.js
+++ b/ui/js/app.js
@@ -1,9 +1,6 @@
 
 import { createApp } from './vue.esm-browser.js';
 
-import Cluster from './Cluster.js';
-import Host    from './Host.js';
-
 createApp({
     components: { Cluster, Host },
     data() {
@@ -262,5 +259,4 @@ createApp({
         },
     }
 
-}).mount('#app')
-
+}).mount('#app');
diff --git a/html/ui/js/jsonpatch.min.js b/ui/js/jsonpatch.min.js
similarity index 100%
rename from html/ui/js/jsonpatch.min.js
rename to ui/js/jsonpatch.min.js
diff --git a/html/ui/js/vue.esm-browser.js b/ui/js/vue.esm-browser.js
similarity index 100%
rename from html/ui/js/vue.esm-browser.js
rename to ui/js/vue.esm-browser.js
diff --git a/html/ui/style.css b/ui/style.css
similarity index 100%
rename from html/ui/style.css
rename to ui/style.css