Initial commit after re-initialization.

Repo had to be re-initialized due to contamination with private sample files. Original git history can be found in the (private) adjacent repo suffixed `-archive`.

Author: pklaschka

.dockerignore

@@ -0,0 +1,3 @@
+static/dist
+data
+branding

.github/workflows/deno.yml

@@ -0,0 +1,45 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+# This workflow will install Deno then run `deno lint` and `deno test`.
+# For more information see: https://github.com/denoland/setup-deno
+
+name: Deno
+
+on:
+  push:
+    branches: ["main"]
+  pull_request:
+    branches: ["main"]
+
+permissions:
+  contents: read
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Setup repo
+        uses: actions/checkout@v4
+
+      - name: Setup Deno
+        # uses: denoland/setup-deno@v1
+        uses: denoland/setup-deno@61fe2df320078202e33d7d5ad347e7dcfa0e8f31 # v1.1.2
+        with:
+          deno-version: v2.x
+
+      # Uncomment this step to verify the use of 'deno fmt' on each commit.
+      # - name: Verify formatting
+      #   run: deno fmt --check
+
+      - name: Run linter
+        run: deno lint
+
+      - name: Run Type Check
+        run: deno check **/*.ts **/*.tsx
+
+      - name: Run tests
+        run: deno test -A

.github/workflows/docker-publish.yml

@@ -0,0 +1,97 @@
+name: Docker
+
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+on:
+  schedule:
+    - cron: "17 13 * * *"
+  push:
+    branches: ["main"]
+    # Publish semver tags as releases.
+    tags: ["v*.*.*"]
+  pull_request:
+    branches: ["main"]
+
+env:
+  # Use docker.io for Docker Hub if empty
+  REGISTRY: ghcr.io
+  # github.repository as <account>/<repo>
+  IMAGE_NAME: ${{ github.repository }}
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+      # This is used to complete the identity challenge
+      # with sigstore/fulcio when running outside of PRs.
+      id-token: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      # Install the cosign tool except on PR
+      # https://github.com/sigstore/cosign-installer
+      - name: Install cosign
+        if: github.event_name != 'pull_request'
+        uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 #v3.5.0
+        with:
+          cosign-release: "v2.2.4"
+
+      # Set up BuildKit Docker container builder to be able to build
+      # multi-platform images and export cache
+      # https://github.com/docker/setup-buildx-action
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
+
+      # Login against a Docker registry except on PR
+      # https://github.com/docker/login-action
+      - name: Log into registry ${{ env.REGISTRY }}
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      # Extract metadata (tags, labels) for Docker
+      # https://github.com/docker/metadata-action
+      - name: Extract Docker metadata
+        id: meta
+        uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5.0.0
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+
+      # Build and push Docker image with Buildx (don't push on PR)
+      # https://github.com/docker/build-push-action
+      - name: Build and push Docker image
+        id: build-and-push
+        uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0
+        with:
+          context: .
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          platforms: linux/amd64,linux/arm64
+
+      # Sign the resulting Docker image digest except on PRs.
+      # This will only write to the public Rekor transparency log when the Docker
+      # repository is public to avoid leaking data.  If you would like to publish
+      # transparency data even for private images, pass --force to cosign below.
+      # https://github.com/sigstore/cosign
+      - name: Sign the published Docker image
+        if: ${{ github.event_name != 'pull_request' }}
+        env:
+          # https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable
+          TAGS: ${{ steps.meta.outputs.tags }}
+          DIGEST: ${{ steps.build-and-push.outputs.digest }}
+        # This step uses the identity token to provision an ephemeral certificate
+        # against the sigstore community Fulcio instance.
+        run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST}

.github/workflows/git-town.yml

@@ -0,0 +1,19 @@
+name: Git Town
+
+on:
+  pull_request:
+    branches:
+      - "**"
+
+jobs:
+  git-town:
+    name: Display the branch stack
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: read
+      pull-requests: write
+
+    steps:
+      - uses: actions/checkout@v4
+      - uses: git-town/action@v1

.gitignore

@@ -0,0 +1,23 @@
+/data
+/ingest
+*.pdf
+!sample.pdf
+!wbd-sample.pdf
+
+# Static Assets
+static/dist
+
+# Secrets
+.env
+
+# OS Files
+.DS_Store
+Thumbs.db
+
+# IDEs
+.idea
+.vscode
+!.vscode/settings.json
+!.vscode/tasks.json
+!.vscode/launch.json
+!.vscode/extensions.json

.pre-commit-config.yaml

@@ -0,0 +1,45 @@
+repos:
+  - repo: local
+    hooks:
+      - id: deno-install
+        name: deno-install
+        description: "Install Deno dependencies and check that the deno.lock file is up to date"
+        language: system
+        entry: deno install --frozen
+        stages: [pre-commit]
+        pass_filenames: false
+        always_run: true
+        require_serial: true
+      - id: deno-fmt
+        name: deno-fmt
+        entry: deno fmt
+        require_serial: true
+        language: system
+        pass_filenames: true
+        description: "Format code using Deno's built-in formatter"
+        stages: [pre-commit]
+      - id: deno-lint
+        name: deno-lint
+        entry: deno lint
+        language: system
+        # pass_filenames: false
+        files: \.(ts|tsx|js|jsx)$
+        description: "Lint code using Deno's built-in linter"
+        stages: [pre-commit]
+      - id: deno-check
+        name: deno-check
+        entry: deno check
+        language: system
+        files: \.(ts|tsx|js|jsx)$
+        # pass_filenames: false
+        description: "Type-check code using Deno's built-in type checker"
+        stages: [pre-commit]
+      - id: deno-check-i18n
+        name: deno-check-i18n
+        entry: deno task check:i18n
+        language: system
+        files: \.(ts|tsx|js|jsx)$
+        pass_filenames: false
+        always_run: true
+        description: "Run tests using Deno's built-in test runner"
+        stages: [pre-commit]

.zed/settings.json

@@ -0,0 +1,44 @@
+// Folder-specific settings
+//
+// For a full list of overridable settings, and general information on folder-specific settings,
+// see the documentation: https://zed.dev/docs/configuring-zed#settings-files
+{
+  "lsp": {
+    "deno": {
+      "settings": {
+        "deno": {
+          "enable": true
+        }
+      }
+    }
+  },
+  "languages": {
+    "JavaScript": {
+      "language_servers": [
+        "deno",
+        "!typescript-language-server",
+        "!vtsls",
+        "!eslint"
+      ],
+      "formatter": "language_server"
+    },
+    "TypeScript": {
+      "language_servers": [
+        "deno",
+        "!typescript-language-server",
+        "!vtsls",
+        "!eslint"
+      ],
+      "formatter": "language_server"
+    },
+    "TSX": {
+      "language_servers": [
+        "deno",
+        "!typescript-language-server",
+        "!vtsls",
+        "!eslint"
+      ],
+      "formatter": "language_server"
+    }
+  }
+}

Dockerfile

@@ -0,0 +1,51 @@
+FROM denoland/deno:debian
+
+LABEL org.label-schema.name="dms"
+LABEL org.opencontainers.image.description="MongoDB Based DMS System working with the deno-asn-generator"
+LABEL org.opencontainers.image.source=https://github.com/wuespace/dms
+LABEL org.opencontainers.image.licenses=MIT
+LABEL maintainer="WüSpace e. V."
+
+EXPOSE 41319
+
+ARG PACKAGES="\
+	# Fonts
+	fonts-liberation \
+	# PDF text extraction with pdftotext
+	poppler-utils \
+	# OCR with ocrmypdf
+	ocrmypdf \
+	tesseract-ocr-eng \
+	tesseract-ocr-deu \
+	# ImageMagick
+	imagemagick \
+	# ImageMagick with PDF support
+	ghostscript \
+	# zbarimg
+	zbar-tools \
+	"
+
+RUN apt-get update && apt-get install --yes --quiet --no-install-recommends ${PACKAGES}
+
+WORKDIR /app
+
+# Install Dependencies
+COPY deno.json deno.json
+COPY deno.lock deno.lock
+
+RUN deno install --frozen
+
+# Prepare static files
+COPY theme.scss theme.scss
+COPY client client
+COPY scripts scripts
+
+RUN deno task compile:theme
+RUN deno task compile:client
+
+
+COPY . .
+
+RUN deno install --frozen --entrypoint main.ts
+
+ENTRYPOINT [ "/tini", "--", "docker-entrypoint.sh", "./main.ts" ]

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2024 WüSpace e. V.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

NOTES.md

@@ -0,0 +1,40 @@
+# Development Notes
+
+Stuff that should probably get documented at some point.
+
+## Permission Model
+
+### Write Permissions(_user_, _file_)
+
+Write permissions allow users to update the data of a file.
+
+1. Let _asn_ be the file's ASN
+2. Let _asn write roles_ be the `write` roles configured in the configuration
+   corresponding to the _asn_'s folder.
+3. Let _user roles_ be the _user_'s roles
+4. If the _asn write roles_ include one or more roles from the _user roles_
+   1. Return `true`
+5. If the _file_'s additional `write` roles include one or more roles from the
+   _user roles_
+   1. Return `true`
+6. Return `false`
+
+### Read Permissions(_user_, _file_)
+
+Read permissions allow users to see files without updating them.
+
+1. Let _asn_ be the file's ASN
+2. Let _asn read roles_ be the `read` roles configured in the configuration
+   corresponding to the _asn_'s folder.
+3. Let _user roles_ be the _user_'s roles
+4. If _user_ has write permissions for _file_
+   1. Return `true`
+5. If the _file_'s `tags` include one or more of the `publicTags` configured in
+   the configuration
+   1. Return `true`
+6. If the _asn read roles_ include one or more roles from the _user roles_
+   1. Return `true`
+7. If the _file_'s additional `read` roles include one or more roles from the
+   _user roles_
+   1. Return `true`
+8. Return `false`