add /assets as root dir of public files

[a1012112796]

This PR moves root directory of public files from / to /assets

⚠️ BREAKING ⚠️

All pages and resources rendered from custom/public will now be rendered at /assets instead of /. This means that if you have a impressum.html - you need to update links to this to /assets/impressum.html. Similarly for users of STL renderers and external markup renderers.

Administrators should check custom templates to ensure that these are correct.

If you have previously placed robots.txt within custom/public you must move it to custom instead.

[zeripath]

I think this is a great idea - just need to double check that this is all of the things.

---

I do wonder if we should however migrate our URLs to use a non user name allowed character as the root (and explicitly exclude it in the reserved list for future safety)

RFC 3986 allows the following in segments:

• [A-Za-z0-9_.-]
• ~
• %-encoded chars
• [!$&'()]
• @

Although : is allowed in some paths its use in relative paths would be a source of trouble. (Similarly & and @ could be troublesome)

I think of these characters ! and ~ seem the most likely to be unambiguously internal the trouble is I don't know how it would affect markdown.

[silverwind]

I think assets is a unlikely name for an organization or user and would just go ahead and reserve it while calling out the change in the release notes.

Is the PR complete? I think after it there should only be assets and serviceworker.js as remaining entries KnownPublicEntries. I think serviceworker probably has to remain on root because of restrictions on that API which I can't find docs for right now.

[silverwind]

I think we can put serviceworker.js into assets/serviceworker.js as per:

https://developers.google.com/web/ilt/pwa/introduction-to-service-worker#registration_and_scope

The scope of the service worker determines which files the service worker controls, in other words, from which path the service worker will intercept requests. The default scope is the location of the service worker file, and extends to all directories below. So if service-worker.js is located in the root directory, the service worker will control requests from all files at this domain.

Meaning the serviceworker is restricted to manage files under assets which is ideal in our case as it should not manage anything else.

[zeripath]

I think assets is a unlikely name for an organization or user and would just go ahead and reserve it while calling out the change in the release notes.

it's been reserved since at least #4685 #20

[a1012112796]

I think this is a great idea - just need to double check that this is all of the things.

I do wonder if we should however migrate our URLs to use a non user name allowed character as the root (and explicitly exclude it in the reserved list for future safety)

RFC 3986 allows the following in segments:

• [A-Za-z0-9_.-]
• ~
• %-encoded chars
• [!$&'()]
• @

Although : is allowed in some paths its use in relative paths would be a source of trouble. (Similarly & and @ could be troublesome)

I think of these characters ! and ~ seem the most likely to be unambiguously internal the trouble is I don't know how it would affect markdown.

yes, If we want all words are useable user org, or repo name. we should make sure all One or two levels of routing has _ as prefix(like _user/xxxxx, _org/xxxx). But in fact, that's not soo usefull...

[a1012112796]

suggest remove some reserved words. Please check again. Thanks.

• admin (It's a meaningfull user name, isn't it? :) )
• debug (not used)
• error (not used)
• help (not used)
• plugins (not used)
• template (a not verry usefull router for development, suggest rename to _template)

[lunny]

suggest remove some reserved words. Please check again. Thanks.

• admin (It's a meaningfull user name, isn't it? :) )
• debug (not used)
• error (not used)
• ghost (I wonder why ...)
• help (not used)
• plugins (not used)
• template (a not verry usefull router for development, suggest rename to _template)

This could be another PR.

[noerw]

suggest remove some reserved words. Please check again. Thanks.

@a1012112796 No, of some I know that they are used, the others should be very thoughly checked.
/admin → admin dashboard
ghost → user name of deleted users

[lunny]

I think there should be something missing, at least oauth2 login logos. maybe you can search "/img to find more.

[silverwind]

Patch to fix loading of webpack assets (like label color picker image):

diff --git a/webpack.config.js b/webpack.config.js
index 53d553825..44d50a45e 100644
--- a/webpack.config.js
+++ b/webpack.config.js
@@ -185,17 +185,17 @@ export default {
         test: /\.(ttf|woff2?)$/,
         type: 'asset/resource',
         generator: {
           filename: 'fonts/[name][ext]',
-          publicPath: '/', // required to remove css/ path segment
+          publicPath: '/assets/', // required to remove css/ path segment
         }
       },
       {
         test: /\.png$/i,
         type: 'asset/resource',
         generator: {
           filename: 'img/webpack/[name][ext]',
-          publicPath: '/', // required to remove css/ path segment
+          publicPath: '/assets/', // required to remove css/ path segment
         }
       },
     ],
   },

[silverwind]

Hope we didn't miss any. Guess we will find out later if we did.

[codecov-io]

Codecov Report

Merging #15219 (13bb69b) into master (487f2ee) will increase coverage by 1.62%.
The diff coverage is 54.99%.

@@            Coverage Diff             @@
##           master   #15219      +/-   ##
==========================================
+ Coverage   42.21%   43.83%   +1.62%     
==========================================
  Files         767      677      -90     
  Lines       81624    81339     -285     
==========================================
+ Hits        34458    35657    +1199     
+ Misses      41531    39910    -1621     
- Partials     5635     5772     +137     

Impacted Files	Coverage Δ
cmd/admin.go	0.00% <0.00%> (ø)
cmd/dump.go	0.93% <0.00%> (-0.01%)	⬇️
cmd/hook.go	0.00% <0.00%> (ø)
cmd/serv.go	2.61% <0.00%> (-0.02%)	⬇️
cmd/web.go	0.00% <0.00%> (ø)
cmd/web_graceful.go	0.00% <0.00%> (ø)
cmd/web_letsencrypt.go	0.00% <0.00%> (ø)
models/admin.go	60.31% <ø> (ø)
models/branches.go	42.61% <ø> (+1.51%)	⬆️
models/commit_status.go	61.74% <0.00%> (ø)
... and 397 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update d42509a...13bb69b. Read the comment docs.

[zeripath]

make lgtm work

[codecov-commenter]

Codecov Report

Merging #15219 (0e36b41) into master (cc7d118) will decrease coverage by 0.00%.
The diff coverage is 85.71%.

@@            Coverage Diff             @@
##           master   #15219      +/-   ##
==========================================
- Coverage   43.91%   43.91%   -0.01%     
==========================================
  Files         678      678              
  Lines       81741    81742       +1     
==========================================
- Hits        35900    35895       -5     
- Misses      39987    39998      +11     
+ Partials     5854     5849       -5     

Impacted Files	Coverage Δ
models/oauth2.go	29.16% <ø> (ø)
models/user.go	53.06% <ø> (ø)
modules/public/public.go	46.57% <ø> (-8.22%)	⬇️
routers/user/profile.go	42.17% <0.00%> (ø)
models/avatar.go	32.30% <100.00%> (ø)
modules/setting/picture.go	56.00% <100.00%> (ø)
modules/setting/setting.go	49.80% <100.00%> (ø)
modules/templates/helper.go	50.08% <100.00%> (ø)
routers/routes/web.go	86.47% <100.00%> (+0.01%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update cc7d118...0e36b41. Read the comment docs.