fixed path traversal bug + started working on file display

cmds/webservice/bin/Scoala/notita-2026-03-05-183434.697315.json

@@ -1,5 +0,0 @@
-{
-  "titlu": "Teste",
-  "continut": "Multe teste",
-  "director": "Scoala"
-}

cmds/webservice/bin/notes/notita-2026-03-05-182957.416486.json

@@ -1,4 +0,0 @@
-{
-  "titlu": "Teste",
-  "continut": "Multe teste"
-}

cmds/webservice/bin/notes/notita-2026-03-05-183515.544056.json

@@ -1,5 +0,0 @@
-{
-  "titlu": "Bam",
-  "continut": "Bum",
-  "director": "notes"
-}

cmds/webservice/bin/notes_folder/Scoala/notita-2026-03-06-195056.785738.json

@@ -0,0 +1,5 @@
+{
+  "titlu": "Scoala",
+  "continut": "Scoala\r\n",
+  "director": "Scoala"
+}

cmds/webservice/bin/notes_folder/Test/notita-2026-03-06-195042.107546.json

@@ -0,0 +1,5 @@
+{
+  "titlu": "test",
+  "continut": "test",
+  "director": "Test"
+}

cmds/webservice/bin/notes_folder/istorie/notita-2026-03-06-211318.356942.json

@@ -0,0 +1,5 @@
+{
+  "titlu": "Dada",
+  "continut": "dasdwads",
+  "director": "./istorie"
+}

cmds/webservice/bin/notite/notita-2026-03-05-142949.071361.json

@@ -1,4 +0,0 @@
-{
-  "titlu": "GPT",
-  "continut": "In Go, the layout you used:\r\n\r\n```go\r\ntime.Now().Format(\"2006-01-02-150405.666666\")\r\n```\r\n\r\ndoes **not show nanoseconds**, it shows **microseconds (6 digits)**.\r\n\r\n### Go time formatting rule\r\n\r\nGo uses the reference time:\r\n\r\n```\r\nMon Jan 2 15:04:05 MST 2006\r\n```\r\n\r\nFractional seconds are controlled by the number of `9` or `0` digits.\r\n\r\n### Nanoseconds (9 digits)\r\n\r\nUse **9 digits**:\r\n\r\n```go\r\ntime.Now().Format(\"2006-01-02-150405.000000000\")\r\n```\r\n\r\nExample output:\r\n\r\n```\r\n2026-03-05-143512.123456789\r\n```\r\n\r\n### Recommended way (auto trim zeros)\r\n\r\nBetter is using `9` instead of `0`:\r\n\r\n```go\r\ntime.Now().Format(\"2006-01-02-150405.999999999\")\r\n```\r\n\r\nExample outputs:\r\n\r\n```\r\n2026-03-05-143512.1\r\n2026-03-05-143512.12345\r\n2026-03-05-143512.123456789\r\n```\r\n\r\nTrailing zeros are removed.\r\n\r\n### If you want guaranteed nanoseconds\r\n\r\nUse:\r\n\r\n```go\r\ntime.Now().Format(\"2006-01-02-150405.000000000\")\r\n```\r\n\r\n### Alternative (manual)\r\n\r\nYou can also append them:\r\n\r\n```go\r\nt := time.Now()\r\nfmt.Printf(\"%s.%09d\\n\", t.Format(\"2006-01-02-150405\"), t.Nanosecond())\r\n```\r\n\r\nOutput:\r\n\r\n```\r\n2026-03-05-143512.123456789\r\n```\r\n\r\n---\r\n\r\n✅ **Summary**\r\n\r\n| Format       | Result              |\r\n| ------------ | ------------------- |\r\n| `.666666`    | microseconds        |\r\n| `.000000000` | nanoseconds fixed   |\r\n| `.999999999` | nanoseconds trimmed |\r\n\r\n---\r\n\r\nIf you're using this for **unique filenames**, I can show a **better collision-safe timestamp format used in high-performance Go systems**.\r\n"
-}

cmds/webservice/bin/notite/notita-2026-03-05-181711.177972.json

@@ -1,4 +0,0 @@
-{
-  "titlu": "Test",
-  "continut": "Test"
-}

cmds/webservice/bin/templates/list_notes.tmpl

@@ -0,0 +1,33 @@
+<!DOCTYPE html>
+<html lang="ro">
+
+<head>
+  <meta charset="UTF-8">
+  <title>Notițe</title>
+  <script src="https://cdn.tailwindcss.com"></script>
+</head>
+
+<body class="bg-[#0f0f0f] text-white p-10 font-sans">
+  <h1 class="text-3xl mb-8 text-[#9974d0] font-bold">Notițele existente</h1>
+
+  {{range .}}
+  <div class="mb-8 bg-[#1a1a1a] border border-[#303030] rounded-xl p-5 shadow-lg">
+    <h2 class="text-xl font-bold text-[#c7a6ff] mb-4">
+      Folder: {{.Folder}}
+    </h2>
+
+    <div class="space-y-2">
+      {{range .Files}}
+      <div class="bg-[#202020] border border-[#3e3e3e] rounded-lg p-3">
+        <a href="/notes/{{.FullPath}}" class="text-gray-200 hover:text-[#9974d0] hover:underline">
+          {{.Name}}
+        </a>
+      </div>
+      {{end}}
+    </div>
+  </div>
+  {{end}}
+
+</body>
+
+</html>

cmds/webservice/notita-2026-03-06-173748.931064.json

@@ -0,0 +1,5 @@
+{
+  "titlu": "dwadw",
+  "continut": "dwasds",
+  "director": "./../."
+}

cmds/webservice/notita-2026-03-06-173815.162624.json

@@ -0,0 +1,5 @@
+{
+  "titlu": "dwadw",
+  "continut": "dwasds",
+  "director": "./../."
+}

cmds/webservice/types/types.go

@@ -6,3 +6,8 @@ type Notita struct {
 	Folder   string `json:"director"`
 	HTML     string `json:"-"`
 }
+type Folder struct {
+	Nume       string
+	Fisiere    []string
+	Subfoldere string
+}

lib/server/handlers.go

@@ -50,16 +50,27 @@ func API(w http.ResponseWriter, r *http.Request) {
 			n.Titlu = r.Form.Get("titlu")
 			n.Continut = r.Form.Get("notita")
 			n.Folder = r.Form.Get("director")
-			err := os.MkdirAll(n.Folder, 0755)
+			if n.Folder == "" {
+				n.Folder = "default"
+			}
+			err := safeDirectory(n.Folder)
+			if err != nil {
+				w.WriteHeader(http.StatusBadRequest)
+				fmt.Fprintf(w, "Error : %+v, %s", err, n.Folder)
+				return
+			}
+			err = os.MkdirAll(filepath.Join("notes_folder", n.Folder), 0755)
+			fmt.Println(n.Folder)
 			if err != nil {
 				w.WriteHeader(http.StatusBadRequest)
-				fmt.Fprintf(w, "ParseForm error: %+v", err)
+				fmt.Fprintf(w, "ParseForm error: %+v , %s", err, n.Folder)
+				return
 			}
 			fisier := fmt.Sprintf("notita-%s.json", time.Now().Format("2006-01-02-150405.999999"))
 			//fmt.Println(fisier, r.Form)
 			//return
 
-			err = inout.ObjToFile(filepath.Join(n.Folder, fisier), n, true)
+			err = inout.ObjToFile(filepath.Join("notes_folder", n.Folder, fisier), n, true)
 			if err != nil {
 				w.WriteHeader(http.StatusInternalServerError)
 				fmt.Fprintf(w, "%+v", err)
@@ -111,3 +122,38 @@ func Notes(w http.ResponseWriter, r *http.Request, fisier string) {
 		return
 	}
 }
+
+func safeDirectory(path string) error {
+	path = filepath.Clean(path)
+	if strings.HasPrefix(path, "..") || filepath.IsAbs(path) {
+		return fmt.Errorf("Invalid Path")
+	}
+	return nil
+}
+
+func ListNotes(w http.ResponseWriter, r *http.Request) {
+	if r.Method == "GET" {
+		w.Write(inout.FileToBytes("./templates/list_notes.tmpl"))
+		buildFolderStructure("./notes_folder", w)
+	}
+}
+
+func buildFolderStructure(path string, w http.ResponseWriter /*f []types.Folder*/) {
+	entries, err := os.ReadDir(path)
+	if err != nil {
+		w.WriteHeader(http.StatusBadRequest)
+		fmt.Fprintf(w, "%+v", err)
+		return
+	}
+	for _, entry := range entries {
+		/*if entry.IsDir() {
+			w.WriteHeader(http.StatusNotImplemented)
+			fmt.Fprint(w, "Functie Neimplementata - Subdirectorii")
+		}*/
+		fmt.Fprintln(w, entry, entry.IsDir())
+		if entry.IsDir() {
+			buildFolderStructure(filepath.Join(path, entry.Name()), w)
+		}
+
+	}
+}

lib/server/srv.go

@@ -29,6 +29,10 @@ func (s *Server) Run() {
 		note := r.URL.Query().Get("note")
 		Notes(w, r, note)
 	})
+	http.HandleFunc("/list_notes/", func(w http.ResponseWriter, r *http.Request) {
+		ListNotes(w, r)
+
+	})
 
 	//running server
 	fmt.Printf("Server running at http://%s:%s/\n", s.Host, s.Port)