update docs and readme

Author: CodeShellDev

.github/templates/README.template.md

@@ -46,10 +46,11 @@ endpoint restrictions, placeholders, flexible configuration
 
 ## Contents
 
+- [Documentation](https://codeshelldev.github.io/secured-signal-api/docs)
+
 - [Getting Started](#getting-started)
 - [Setup](#setup)
 - [Usage](#usage)
-- [Best Practices](#best-practices)
 - [Configuration](#configuration)
   - [Endpoints](#endpoints)
   - [Variables](#variables)
@@ -67,7 +68,7 @@ endpoint restrictions, placeholders, flexible configuration
 Get the latest version of the `docker-compose.yaml` file:
 
 ```yaml
-{{{ #://docker-compose.yaml }}}
+{{{ #://docs-src/getting-started/examples/docker-compose.yaml }}}
 ```
 
 And add secure Token(s) to `api.tokens`. See [API TOKENs](#api-tokens).
@@ -76,32 +77,6 @@ And add secure Token(s) to `api.tokens`. See [API TOKENs](#api-tokens).
 > In this documentation, we use `sec-signal-api:8880` as the host for simplicity.
 > Replace it with your actual container/host IP, port, or hostname.
 
-### Reverse Proxy
-
-#### Traefik
-
-Take a look at the [traefik](https://github.com/traefik/traefik) implementation:
-
-```yaml
-{{{ #://examples/reverse-proxy/traefik/traefik.docker-compose.yaml }}}
-```
-
-#### NGINX Proxy
-
-This is the [NGINX](https://github.com/nginx/nginx) `docker-compose.yaml` file:
-
-```yaml
-{{{ #://examples/reverse-proxy/nginx/nginx.docker-compose.yaml }}}
-```
-
-Create a `nginx.conf` file in the `docker-compose.yaml` folder and mount it to `etc/nginx/conf.d/default.conf`:
-
-```conf
-{{{ #://examples/reverse-proxy/nginx/nginx.conf }}}
-```
-
-Lastly add your `cert.key` and `cert.crt` into your `certs/` folder and mount it to `/etc/nginx/ssl`.
-
 ## Setup
 
 Before you can send messages via Secured Signal API you must first set up [Signal rAPI](https://github.com/bbernhard/signal-cli-rest-api/blob/master/doc/EXAMPLES.md)
@@ -175,14 +150,7 @@ In some cases you may not be able to access / modify the Request Body, in that c
 In order to differentiate Injection Queries and _regular_ Queries
 you have to add `@` in front of any KeyValue Pair assignment.
 
-Supported types include **strings**, **ints**, **arrays** and **json dictionaries**. See [Formatting](#string-to-type).
-
-## Best Practices
-
-- Always use API tokens in production
-- Run behind a TLS-enabled [Reverse Proxy](#reverse-proxy) (Traefik, Nginx, Caddy)
-- Be cautious when overriding Blocked Endpoints
-- Use per-token overrides to enforce least privilege
+Supported types include **strings**, **ints**, **arrays** and **json dictionaries**. See [Formatting](https://codeshelldev.github.io/secured-signal-api/docs/usage/formatting).
 
 ## Configuration
 
@@ -197,7 +165,7 @@ To change the internal config file location set `CONFIG_PATH` in your **Environm
 This example config shows all of the individual settings that can be applied:
 
 ```yaml
-{{{ #://examples/config.yml }}}
+{{{ #://docs-src/configuration/examples/config.yml }}}
 ```
 
 #### Token Configs
@@ -209,44 +177,9 @@ This way you can permission tokens by further restricting or adding [Endpoints](
 Here is an example:
 
 ```yaml
-{{{ #://examples/token.yml }}}
+{{{ #://docs-src/configuration/examples/token.yml }}}
 ```
 
-### Environment
-
-Suppose you want to set a new [Placeholder](#placeholders) `NUMBER` in your Environment...
-
-```yaml
-environment:
-  SETTINGS__VARIABLES__NUMBER: "+123400001"
-```
-
-This would internally be converted into `settings.variables.number` matching the config formatting.
-
-> [!IMPORTANT]
-> Underscores `_` are removed during Conversion, Double Underscores `__` on the other hand convert the Variable into a nested Object (`__` replaced by `.`)
-
-### String To Type
-
-> [!TIP]
-> This formatting applies to almost every situation where the only (allowed) Input Type is a string and other Output Types are needed.
-
-If you are using Environment Variables as an example you won't be able to specify an Array or a Dictionary of items, in that case you can provide a specifically formatted string which will be translated into the correct type...
-
-| type       | example           |
-| :--------- | :---------------- |
-| string     | abc               |
-| string     | +123              |
-| int        | 123               |
-| int        | -123              |
-| json       | {"a":"b","c":"d"} |
-| array(int) | [1,2,3]           |
-| array(str) | [a,b,c]           |
-
-> [!NOTE]
-> If you have a string that should not be turned into any other type, then you will need to escape all Type Denotations, `[]` or `{}` (also `-`) with a `\` **Backslash** (or Double Backslash).
-> An **Odd** number of **Backslashes** **escape** the character in front of them and an **Even** number leave the character **as-is**.
-
 ### Templating
 
 Secured Signal API uses Golang's [Standard Templating Library](https://pkg.go.dev/text/template).
@@ -260,35 +193,10 @@ Go's templating library is used in the following features:
 This makes advanced [Message Templates](#message-templates) like this one possible:
 
 ```yaml
-settings:
-    messageTemplate: |
-    {{- $greeting := "Hello" -}}
-    {{ $greeting }}, {{ @name }}!
-    {{ if @age -}}
-    You are {{ @age }} years old.
-    {{- else -}}
-    Age unknown.
-    {{- end }}
-    Your friends:
-    {{- range @friends }}
-    - {{ . }}
-    {{- else }}
-    You have no friends.
-    {{- end }}
-    Profile details:
-    {{- range $key, $value := @profile }}
-    - {{ $key }}: {{ $value }}
-    {{- end }}
-    {{ define "footer" -}}
-    This is the footer for {{ @name }}.
-    {{- end }}
-    {{ template "footer" . -}}
-    ------------------------------------
-    Content-Type: {{ #Content_Type }}
-    Redacted Auth Header: {{ #Authorization }}
+{{{ #://docs-src/configuration/examples/message-template.yml }}}
 ```
 
-### API Token(s)
+### API Tokens
 
 During Authentication Secured Signal API will try to match the given Token against the list of Tokens inside of these Variables.
 
@@ -409,28 +317,6 @@ settings:
 
 Use `@` for aliasing Body Keys and `.` for aliasing Variables.
 
-### Port
-
-To change the Port which Secured Signal API uses, you need to set `service.port` in your config. (default: `8880`)
-
-### Log Level
-
-To change the Log Level set `logLevel` to: (default: `info`)
-
-<details>
-<summary>Log Levels</summary>
-
-| Level   |
-| ------- |
-| `info`  |
-| `debug` |
-| `warn`  |
-| `error` |
-| `fatal` |
-| `dev`   |
-
-</details>
-
 ## Contributing
 
 Found a bug? Want to change or add something?

data/defaults.yml renamed to docs-src/data/defaults.yml

@@ -0,0 +1,22 @@
+---
+sidebar_position: 4
+title: Best Practices
+---
+
+# Best Practices
+
+Here are some common best practices for running **Secured Signal API**, but these generally apply for any service.
+
+## Usage
+
+- Create **seperate configs** for each service
+- Use **Placeholders** extensively _(they are your friends)_
+- Always keep your stack **up-to-date** _(this is why we have docker)_
+
+## Security
+
+- Always use **API tokens** in production
+- Run behind a **tls-enabled** [Reverse Proxy](../reverse-proxy/overview)
+- Be cautious when overriding **Blocked Endpoints**
+- Use per-token overrides to **enforce least privilege**
+- Always allow the least possible access points

docs/best-practices/best-practices.md

@@ -0,0 +1,4 @@
+{
+	"label": "Configuration",
+	"position": 5
+}

docs/configuration/_category_.json

@@ -0,0 +1,19 @@
+---
+title: API Tokens
+---
+
+# API Tokens
+
+> [!IMPORTANT]
+> Using API Tokens is highly **recommended**, but not mandatory.
+> Some important Security Features won't be available (like default Blocked Endpoints).
+
+Defined API Tokens for accessing **Secured Signal API** endpoints.
+
+```yaml
+api:
+  tokens: [token1, token2, token3]
+```
+
+> [!NOTE]
+> Blocked Endpoints can be reactivated by manually configuring them

docs/configuration/api-tokens.md

@@ -0,0 +1,43 @@
+---
+title: Data Aliases
+---
+
+# Data Aliases
+
+A Compatibility Layer for **Secured Signal API**.
+
+To improve compatibility with other services Secured Signal API provides **Data Aliases** and even a built-in `message` Alias.
+
+<details>
+<summary><strong>Default `message` Aliases</strong></summary>
+
+| Alias        | Score | Alias            | Score |
+| ------------ | ----- | ---------------- | ----- |
+| msg          | 100   | data.content     | 9     |
+| content      | 99    | data.description | 8     |
+| description  | 98    | data.text        | 7     |
+| text         | 20    | data.summary     | 6     |
+| summary      | 15    | data.details     | 5     |
+| details      | 14    | body             | 2     |
+| data.message | 10    | data             | 1     |
+
+</details>
+
+Secured Signal API will pick the highest scoring **Data Alias** (if available) to set the key to the correct value **using the request body**.
+
+Data Aliases can be added by setting `dataAliases` in your config:
+
+```yaml
+settings:
+  dataAliases:
+    "@message":
+      [
+        { alias: "msg", score: 80 },
+        { alias: "data.message", score: 79 },
+        { alias: "array[0].message", score: 78 },
+      ]
+    ".NUMBER": [{ alias: "phone_number", score: 100 }]
+```
+
+> [!IMPORTANT]
+> Use `@` for aliasing Body Keys and `.` for aliasing Variables.

docs/configuration/data-aliases.md

@@ -0,0 +1,44 @@
+---
+title: Endpoints
+---
+
+# Endpoints
+
+Restrict access to your **Secured Signal API**.
+
+## Default
+
+Secured Signal API is just a Proxy, which means any and **all** of the **Signal CLI REST API** **endpoints are available**,
+but by default the following endpoints are **blocked**, because of Security Concerns:
+
+| Endpoint              |                    |
+| :-------------------- | ------------------ |
+| **/v1/about**         | **/v1/unregister** |
+| **/v1/configuration** | **/v1/qrcodelink** |
+| **/v1/devices**       | **/v1/contacts**   |
+| **/v1/register**      | **/v1/accounts**   |
+
+## Customize
+
+> [!NOTE]
+> Matching works by checking if the requested Endpoints starts with a Blocked or an Allowed Endpoint
+
+You can modify Blocked Endpoints by configuring `blockedEndpoints` in your config:
+
+```yaml
+settings:
+  blockedEndpoints: [/v1/register, /v1/unregister, /v1/qrcodelink, /v1/contacts]
+```
+
+You can also override Blocked Endpoints by adding Allowed Endpoints to `allowedEndpoints`.
+
+```yaml
+settings:
+  allowedEndpoints: [/v2/send]
+```
+
+| Config (Allow)                   | (Block)                             |   Result   |     |                   |     |
+| :------------------------------- | :---------------------------------- | :--------: | --- | :---------------: | --- |
+| `allowedEndpoints: ["/v2/send"]` | `unset`                             |  **all**   | 🛑  |  **`/v2/send`**   | ✅  |
+| `unset`                          | `blockedEndpoints: ["/v1/receive"]` |  **all**   | ✅  | **`/v1/receive`** | 🛑  |
+| `blockedEndpoints: ["/v2"]`      | `allowedEndpoints: ["/v2/send"]`    | **`/v2*`** | 🛑  |  **`/v2/send`**   | ✅  |

docs/configuration/endpoints.md

@@ -0,0 +1,26 @@
+settings:
+    messageTemplate: |
+    {{- $greeting := "Hello" -}}
+    {{ $greeting }}, {{ @name }}!
+    {{ if @age -}}
+    You are {{ @age }} years old.
+    {{- else -}}
+    Age unknown.
+    {{- end }}
+    Your friends:
+    {{- range @friends }}
+    - {{ . }}
+    {{- else }}
+    You have no friends.
+    {{- end }}
+    Profile details:
+    {{- range $key, $value := @profile }}
+    - {{ $key }}: {{ $value }}
+    {{- end }}
+    {{ define "footer" -}}
+    This is the footer for {{ @name }}.
+    {{- end }}
+    {{ template "footer" . -}}
+    ------------------------------------
+    Content-Type: {{ #Content_Type }}
+    Redacted Auth Header: {{ #Authorization }}