auravoid
diff --git a/‎.github/workflows/docker-image.yml‎
Lines changed: 8 additions & 8 deletions b/‎.github/workflows/docker-image.yml‎
Lines changed: 8 additions & 8 deletions
diff --git a/‎Dockerfile‎
Lines changed: 8 additions & 7 deletions b/‎Dockerfile‎
Lines changed: 8 additions & 7 deletions
diff --git a/‎README.md‎
Lines changed: 71 additions & 74 deletions b/‎README.md‎
Lines changed: 71 additions & 74 deletions
@@ -11,10 +11,8 @@ env:
   REGISTRY: ghcr.io
   IMAGE_NAME: ${{ github.repository }}
 
-
 jobs:
-  build:
-
+  test-and-build:
     runs-on: ubuntu-latest
     permissions:
       contents: read
@@ -25,12 +23,14 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@v4
 
-      - name: Install cosign
-        if: github.event_name != 'pull_request'
-        uses: sigstore/cosign-installer@v3.5.0
+      - name: Set up Go
+        uses: actions/setup-go@v5
         with:
-          cosign-release: 'v2.2.4'
-          
+          go-version: '1.24'
+
+      - name: Run Tests
+        run: go test -v ./...
+
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
 
 
@@ -1,24 +1,25 @@
 FROM golang:alpine AS builder
 
+RUN apk add --no-cache ca-certificates
+
 WORKDIR /app
 
 COPY go.mod go.sum ./
 RUN go mod download
+
 COPY . .
 
-RUN CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -o short-it ./cmd/short-it
-FROM alpine:latest
+RUN CGO_ENABLED=0 GOOS=linux go build -ldflags="-w -s" -a -installsuffix cgo -o short-it ./cmd/short-it
 
-RUN apk --no-cache add ca-certificates
+FROM scratch
 
-WORKDIR /root/
+COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
 
-COPY --from=builder /app/short-it .
-RUN mkdir -p /data
+COPY --from=builder /app/short-it /short-it
 
 EXPOSE 8080
 EXPOSE 8090
 
 ENV DB_PATH=/data/short-it.db
 
-CMD ["./short-it"] 
+CMD ["/short-it"]
@@ -4,12 +4,21 @@ A minimal, self-hosted URL shortener written in Go using bbolt (BoltDB). This pr
 
 ## Features
 
-- Shorten URLs with autogenerated 6-character keys
-- Create custom paths
-- List stored URLs with cursor-based pagination
-- Simple token-based authorization
-- Single-file embedded database (bbolt)
-- Tracking analytics with Rybbit (other providers soon to come)
+* Shorten URLs with autogenerated 6-character keys
+
+* Create custom paths (or relative links with safe-mode disabled)
+
+* List stored URLs with cursor-based pagination
+
+* Unified API and redirect listener
+
+* Built-in lightweight, simple web UI (optional)
+
+* Simple token-based authorization for operations
+
+* Single-file embedded database (bbolt)
+
+* Tracking analytics with Rybbit (more soon), natively integrated (optional)
 
 ## Quick Start
 
@@ -18,115 +27,103 @@ Prerequisites: Go 1.24 or Docker.
 Run locally:
 
 ```bash
-go build -o short-it ./cmd/short-it
-APP_TOKEN=your-secret-token DB_PATH=short-it.db API_PORT=8080 ./short-it
+go build -o short-it .
+APP_TOKEN=your-secret-token API_PORT=8080 WEB_UI=true ./short-it
 ```
 
 Run with Docker:
 
 ```bash
 docker build -t short-it .
-docker run -e APP_TOKEN=your-secret-token -p 8080:8080 -v $(pwd)/data:/data short-it
+docker run -e APP_TOKEN=your-secret-token -e WEB_UI=true -p 8080:8080 -p 8090:8090 -v $(pwd)/data:/data short-it
 ```
 
-Or use the provided docker-compose configuration:
+Or use the provided `docker-compose.yml` configuration:
 
-```bash
+```yaml
 docker-compose up -d
 # edit docker-compose.yml to set APP_TOKEN or update the environment
 ```
 
-The server listens on `API_PORT` (default `8080`) and stores the BoltDB file at `DB_PATH` (default `short-it.db`).
+The primary API and redirect server listens on `API_PORT` (default `8080`). If enabled, the Web UI listens on `WEB_UI_PORT` (default `8090`).
+The BoltDB file is stored at `./short-it.db` by default, or `/data/short-it.db` in Docker configurations.
 
 Or deploy it in one click:
 
 [![Deploy on Railway](https://railway.com/button.svg)](https://railway.com/deploy/UaONmD?referralCode=Zw7fpP&utm_medium=integration&utm_source=template&utm_campaign=generic)
 
+> **Note:** Ensure you update the environment variables to match the latest version when deploying.
+
 ## Configuration
 
 Environment variables:
 
-- `APP_TOKEN` (required): token used for authorization on protected endpoints
-- `API_PORT` (optional): HTTP port (default `8080`)
-- `API_URL` (optional): URL to access the API (default `http://localhost:8080`)
-- `DB_PATH` (optional): path to BoltDB file (default `short-it.db`)
-- `WEB_UI` (optional): set to `true` to host a small link-creation webpage
-- `WEB_UI_URL` (optional): URL to access the web UI (default `http://localhost:8090`)
-- `WEB_UI_PORT` (optional): port for the web UI server (default `8080`)
-- `RYBBIT_SITE_ID` (optional): Site ID provided by Rybbit
-- `RYBBIT_SITE_KEY` (optional): API key found in account settings for Rybbit
-- `RYBBIT_SITE_URL` (optional): Base URL for your Rybbit instance
+### Core Setup
 
-Notes for `WEB_UI`:
+* `APP_TOKEN` (required): Token used for authorization on protected API endpoints.
 
-- The API server still listens on `API_PORT`.
-- The web UI starts only when `WEB_UI=true`.
-- If `WEB_UI_PORT` is the same value as `API_PORT`, the UI is skipped to avoid interfering with the API process.
+* `API_PORT` (optional): Port for the main API and URL redirection (default `8080`).
 
-## HTTP API
+* `API_URL` (optional): Explicit base URL used for generating shortened links in the Web UI. Intelligently inferred if omitted.
 
-All endpoints that modify or list data require the `Authorization` header to equal the `APP_TOKEN` value.
+* `DB_PATH` (optional): Filepath for the BoltDB database (default `short-it.db`).
 
-- Create a short URL
-  - `POST /`
-  - Headers: `Authorization`, `URL` (or JSON body `{ "url": "..." }`)
-  - Response: `{"key":"<generated-key>"}`
+* `ALLOW_UNSAFE_URLS` (optional): Set to `true` to allow relative paths (e.g., `/relative`) or unsupported schemas (default `false`).
 
-- List URLs (paginated)
-  - `GET /`
-  - Headers: `Authorization`, optional `Cursor`, optional `Limit` (max 100)
-  - Response: `{ "items": [{"key":"...","value":"..."}], "next":"<cursor>" }`
+### Web UI Settings
 
-- Redirect
-  - `GET /{key}`
-  - Redirects (302) to the stored URL if found
+* `WEB_UI` (optional): Set to `true` to enable the built-in HTML creation page (default `false`).
 
-- Create/Update custom path
-  - `PUT /{path}`
-  - Headers: `Authorization`, `URL` (or JSON body)
-  - Response: `201 Created`
+* `WEB_UI_PORT` (optional): Port for the Web UI (default `8090`).
 
-- Delete path
-  - `DELETE /{path}`
-  - Headers: `Authorization`
-  - Response: `204 No Content`
+### Rybbit Analytics (Optional)
 
-Examples:
+* `RYBBIT_SITE_ID`: Your Rybbit Site ID.
 
-```bash
-# shorten a URL (using header)
-curl -X POST -H "Authorization: your-secret-token" -H "URL: https://example.com" http://localhost:8080/
+* `RYBBIT_SITE_KEY`: Your Rybbit API Key.
 
-# get redirect
-curl -v http://localhost:8080/:key
+* `RYBBIT_SITE_URL`: The URL to your Rybbit instance.
 
-# create custom path
-curl -X PUT -H "Authorization: your-secret-token" -H "URL: https://custom.example" http://localhost:8080/custom
+## HTTP API
 
-# delete
-curl -X DELETE -H "Authorization: your-secret-token" http://localhost:8080/custom
+All management endpoints require the `Authorization` header to equal the `APP_TOKEN` value.
 
-# list
-curl -H "Authorization: your-secret-token" http://localhost:8080/
-```
+Base URL: `http://localhost:8080` (or your `API_PORT` value)
 
-## Development & Tests
+* **Create a short URL**
+  * `POST /`
+  * Headers: `Authorization`, `URL` (or JSON body `{ "url": "..." }`)
+  * Response: `{"key":"<generated-key>"}`
 
-Run unit tests:
+* **List URLs (paginated)**
+  * `GET /`
+  * Headers: `Authorization`, optional `Cursor`, optional `Limit` (default max 100, or unlimited with 0)
+  * Response: `{ "items": [{"key":"...","value":"..."}], "next":"<cursor>" }`
 
-```bash
-go test ./cmd/short-it
-```
+* **Create/Update custom path**
+  * `PUT /{path}`
+  * Headers: `Authorization`, `URL` (or JSON body `{ "url": "..." }`)
+  * Response: `201 Created`
+
+* **Delete path**
+  * `DELETE /{path}`
+  * Headers: `Authorization`
+  * Response: `204 No Content`
+
+* **Redirect (Public)**
+  * `GET /{key}`
+  * Redirects (302 Found) to the stored URL if it exists.
+
+## Web UI
+
+If `WEB_UI=true` is set, a web interface is exposed on `http://localhost:8090` (or `WEB_UI_PORT`).
+
+* `GET /`: Serves the HTML interface to easily create short URLs.
 
-Key implementation files:
+* `POST /api/create`: Internal endpoint used by the Web UI form.
 
-- [cmd/short-it/main.go](cmd/short-it/main.go#L1) — HTTP handlers and core logic
-- [cmd/short-it/main_test.go](cmd/short-it/main_test.go#L1) — unit tests for handlers and DB ops
-- [Dockerfile](Dockerfile) — container build
-- [docker-compose.yml](docker-compose.yml) — example compose configuration
+### Notes
 
-## Notes
+* The app uses a BoltDB bucket named `urls` to store key → URL mappings.
 
-- The app uses a BoltDB bucket named `urls` to store key → URL mappings.
-- The autogenerated keys are 6 characters drawn from `a-zA-Z0-9`.
-- Sends pageview events to Rybbit if configured with the hostname, language, pathname, user-agent, referrer, and IP address gathered from `X-Forwarded-For`.
+* The autogenerated keys are 6 characters drawn from `a-zA-Z0-9`.