favoritter/internal/handler/handler.go

// SPDX-License-Identifier: AGPL-3.0-or-later

// Package handler contains HTTP handlers for all web and API routes.
package handler

import (
	"context"
	"io/fs"
	"net/http"
	"time"

	"kode.naiv.no/olemd/favoritter/internal/config"
	"kode.naiv.no/olemd/favoritter/internal/middleware"
	"kode.naiv.no/olemd/favoritter/internal/render"
	"kode.naiv.no/olemd/favoritter/internal/store"
	"kode.naiv.no/olemd/favoritter/web"
)

// Deps bundles all dependencies injected into handlers.
type Deps struct {
	Config   *config.Config
	Users    *store.UserStore
	Sessions *store.SessionStore
	Settings *store.SettingsStore
	Faves          *store.FaveStore
	Tags           *store.TagStore
	SignupRequests *store.SignupRequestStore
	Renderer       *render.Renderer
}

// Handler holds all HTTP handler methods and their dependencies.
type Handler struct {
	deps        Deps
	rateLimiter *middleware.RateLimiter
}

// New creates a new Handler with the given dependencies.
func New(deps Deps) *Handler {
	return &Handler{
		deps:        deps,
		rateLimiter: middleware.NewRateLimiter(deps.Config.RateLimit),
	}
}

// RateLimiterCleanupLoop periodically evicts stale rate limiter entries.
func (h *Handler) RateLimiterCleanupLoop(ctx context.Context, interval time.Duration) {
	ticker := time.NewTicker(interval)
	defer ticker.Stop()
	for {
		select {
		case <-ctx.Done():
			return
		case <-ticker.C:
			h.rateLimiter.Cleanup()
		}
	}
}

// Routes registers all routes on a new ServeMux and returns it.
func (h *Handler) Routes() *http.ServeMux {
	mux := http.NewServeMux()

	// Static files (served from embedded filesystem).
	staticFS, err := fs.Sub(web.StaticFS, "static")
	if err != nil {
		panic("embedded static filesystem missing: " + err.Error())
	}
	mux.Handle("GET /static/", http.StripPrefix("/static/", http.FileServer(http.FS(staticFS))))

	// Uploaded images (served from the filesystem upload directory).
	mux.Handle("GET /uploads/", http.StripPrefix("/uploads/",
		http.FileServer(http.Dir(h.deps.Config.UploadDir))))

	// Health check.
	mux.HandleFunc("GET /health", h.handleHealth)

	// Auth routes (rate-limited).
	mux.Handle("POST /login", h.rateLimiter.Limit(http.HandlerFunc(h.handleLoginPost)))
	mux.Handle("POST /signup", h.rateLimiter.Limit(http.HandlerFunc(h.handleSignupPost)))

	mux.HandleFunc("GET /login", h.handleLoginGet)
	mux.HandleFunc("GET /signup", h.handleSignupGet)
	mux.HandleFunc("POST /logout", h.handleLogout)

	// Password reset (for must-reset-password flow).
	mux.HandleFunc("GET /reset-password", h.handleResetPasswordGet)
	mux.HandleFunc("POST /reset-password", h.handleResetPasswordPost)

	// Home page.
	mux.HandleFunc("GET /{$}", h.handleHome)

	// Faves — authenticated routes use requireLogin wrapper.
	requireLogin := middleware.RequireLogin(h.deps.Config.BasePath)
	mux.Handle("GET /faves", requireLogin(http.HandlerFunc(h.handleFaveList)))
	mux.Handle("GET /faves/new", requireLogin(http.HandlerFunc(h.handleFaveNew)))
	mux.Handle("POST /faves", requireLogin(http.HandlerFunc(h.handleFaveCreate)))
	mux.HandleFunc("GET /faves/{id}", h.handleFaveDetail)
	mux.Handle("GET /faves/{id}/edit", requireLogin(http.HandlerFunc(h.handleFaveEdit)))
	mux.Handle("POST /faves/{id}", requireLogin(http.HandlerFunc(h.handleFaveUpdate)))
	mux.Handle("DELETE /faves/{id}", requireLogin(http.HandlerFunc(h.handleFaveDelete)))

	// Tags.
	mux.HandleFunc("GET /tags/search", h.handleTagSearch)
	mux.HandleFunc("GET /tags/{name}", h.handleTagBrowse)

	// Profiles.
	mux.HandleFunc("GET /u/{username}", h.handlePublicProfile)

	// User settings (authenticated).
	mux.Handle("GET /settings", requireLogin(http.HandlerFunc(h.handleSettingsGet)))
	mux.Handle("POST /settings", requireLogin(http.HandlerFunc(h.handleSettingsPost)))
	mux.Handle("POST /settings/avatar", requireLogin(http.HandlerFunc(h.handleAvatarPost)))
	mux.Handle("POST /settings/password", requireLogin(http.HandlerFunc(h.handleSettingsPasswordPost)))

	// Feeds (public, no auth required).
	mux.HandleFunc("GET /feed.xml", h.handleFeedGlobal)
	mux.HandleFunc("GET /u/{username}/feed.xml", h.handleFeedUser)
	mux.HandleFunc("GET /tags/{name}/feed.xml", h.handleFeedTag)

	// Import/Export (authenticated).
	mux.Handle("GET /export", requireLogin(http.HandlerFunc(h.handleExportPage)))
	mux.Handle("GET /export/json", requireLogin(http.HandlerFunc(h.handleExportJSON)))
	mux.Handle("GET /export/csv", requireLogin(http.HandlerFunc(h.handleExportCSV)))
	mux.Handle("GET /import", requireLogin(http.HandlerFunc(h.handleImportPage)))
	mux.Handle("POST /import", requireLogin(http.HandlerFunc(h.handleImportPost)))

	// Admin panel (requires admin role).
	admin := func(hf http.HandlerFunc) http.Handler {
		return requireLogin(middleware.RequireAdmin(http.HandlerFunc(hf)))
	}
	mux.Handle("GET /admin", admin(h.handleAdminDashboard))
	mux.Handle("GET /admin/users", admin(h.handleAdminUsers))
	mux.Handle("POST /admin/users", admin(h.handleAdminCreateUser))
	mux.Handle("POST /admin/users/{id}/reset-password", admin(h.handleAdminResetPassword))
	mux.Handle("POST /admin/users/{id}/toggle-disabled", admin(h.handleAdminToggleDisabled))
	mux.Handle("GET /admin/tags", admin(h.handleAdminTags))
	mux.Handle("POST /admin/tags/{id}/rename", admin(h.handleAdminRenameTag))
	mux.Handle("POST /admin/tags/{id}/delete", admin(h.handleAdminDeleteTag))
	mux.Handle("GET /admin/signup-requests", admin(h.handleAdminSignupRequests))
	mux.Handle("POST /admin/signup-requests/{id}", admin(h.handleAdminSignupRequestAction))
	mux.Handle("GET /admin/settings", admin(h.handleAdminSettingsGet))
	mux.Handle("POST /admin/settings", admin(h.handleAdminSettingsPost))

	return mux
}

// handleNotFound renders a styled 404 page.
func (h *Handler) handleNotFound(w http.ResponseWriter, r *http.Request) {
	h.deps.Renderer.Error(w, r, http.StatusNotFound, "Ikke funnet")
}
feat: implement Phase 1 (auth) and Phase 2 (faves CRUD) foundation Go backend with server-rendered HTML/HTMX frontend, SQLite database, and filesystem image storage. Self-hostable single-binary architecture. Phase 1 — Authentication & project foundation: - Argon2id password hashing with timing-attack prevention - Session management with cookie-based auth and periodic cleanup - Login, signup (open/requests/closed modes), logout, forced password reset - CSRF double-submit cookie pattern with HTMX auto-inclusion - Proxy-aware real IP extraction (WireGuard/Tailscale support) - Configurable base path for subdomain and subpath deployment - Rate limiting on auth endpoints with background cleanup - Security headers (CSP, X-Frame-Options, Referrer-Policy) - Structured logging with slog, graceful shutdown - Pico CSS + HTMX vendored and embedded via go:embed Phase 2 — Faves CRUD with tags and images: - Full CRUD for favorites with ownership checks - Image upload with EXIF stripping, resize to 1920px, UUID filenames - Tag system with HTMX autocomplete (prefix search, popularity-sorted) - Privacy controls (public/private per fave, user-configurable default) - Tag browsing, pagination, batch tag loading (avoids N+1) - OpenGraph meta tags on public fave detail pages Includes code quality pass: extracted shared helpers, fixed signup request persistence bug, plugged rate limiter memory leak, removed dead code, and logged previously-swallowed errors. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-29 15:55:22 +02:00			`// SPDX-License-Identifier: AGPL-3.0-or-later`

			`// Package handler contains HTTP handlers for all web and API routes.`
			`package handler`

			`import (`
			`"context"`
			`"io/fs"`
			`"net/http"`
			`"time"`

			`"kode.naiv.no/olemd/favoritter/internal/config"`
			`"kode.naiv.no/olemd/favoritter/internal/middleware"`
			`"kode.naiv.no/olemd/favoritter/internal/render"`
			`"kode.naiv.no/olemd/favoritter/internal/store"`
			`"kode.naiv.no/olemd/favoritter/web"`
			`)`

			`// Deps bundles all dependencies injected into handlers.`
			`type Deps struct {`
			`Config *config.Config`
			`Users *store.UserStore`
			`Sessions *store.SessionStore`
			`Settings *store.SettingsStore`
			`Faves *store.FaveStore`
			`Tags *store.TagStore`
			`SignupRequests *store.SignupRequestStore`
			`Renderer *render.Renderer`
			`}`

			`// Handler holds all HTTP handler methods and their dependencies.`
			`type Handler struct {`
			`deps Deps`
			`rateLimiter *middleware.RateLimiter`
			`}`

			`// New creates a new Handler with the given dependencies.`
			`func New(deps Deps) *Handler {`
			`return &Handler{`
			`deps: deps,`
			`rateLimiter: middleware.NewRateLimiter(deps.Config.RateLimit),`
			`}`
			`}`

			`// RateLimiterCleanupLoop periodically evicts stale rate limiter entries.`
			`func (h *Handler) RateLimiterCleanupLoop(ctx context.Context, interval time.Duration) {`
			`ticker := time.NewTicker(interval)`
			`defer ticker.Stop()`
			`for {`
			`select {`
			`case <-ctx.Done():`
			`return`
			`case <-ticker.C:`
			`h.rateLimiter.Cleanup()`
			`}`
			`}`
			`}`

			`// Routes registers all routes on a new ServeMux and returns it.`
			`func (h Handler) Routes() http.ServeMux {`
			`mux := http.NewServeMux()`

			`// Static files (served from embedded filesystem).`
			`staticFS, err := fs.Sub(web.StaticFS, "static")`
			`if err != nil {`
			`panic("embedded static filesystem missing: " + err.Error())`
			`}`
			`mux.Handle("GET /static/", http.StripPrefix("/static/", http.FileServer(http.FS(staticFS))))`

			`// Uploaded images (served from the filesystem upload directory).`
			`mux.Handle("GET /uploads/", http.StripPrefix("/uploads/",`
			`http.FileServer(http.Dir(h.deps.Config.UploadDir))))`

			`// Health check.`
			`mux.HandleFunc("GET /health", h.handleHealth)`

			`// Auth routes (rate-limited).`
			`mux.Handle("POST /login", h.rateLimiter.Limit(http.HandlerFunc(h.handleLoginPost)))`
			`mux.Handle("POST /signup", h.rateLimiter.Limit(http.HandlerFunc(h.handleSignupPost)))`

			`mux.HandleFunc("GET /login", h.handleLoginGet)`
			`mux.HandleFunc("GET /signup", h.handleSignupGet)`
			`mux.HandleFunc("POST /logout", h.handleLogout)`

			`// Password reset (for must-reset-password flow).`
			`mux.HandleFunc("GET /reset-password", h.handleResetPasswordGet)`
			`mux.HandleFunc("POST /reset-password", h.handleResetPasswordPost)`

			`// Home page.`
			`mux.HandleFunc("GET /{$}", h.handleHome)`

			`// Faves — authenticated routes use requireLogin wrapper.`
			`requireLogin := middleware.RequireLogin(h.deps.Config.BasePath)`
			`mux.Handle("GET /faves", requireLogin(http.HandlerFunc(h.handleFaveList)))`
			`mux.Handle("GET /faves/new", requireLogin(http.HandlerFunc(h.handleFaveNew)))`
			`mux.Handle("POST /faves", requireLogin(http.HandlerFunc(h.handleFaveCreate)))`
			`mux.HandleFunc("GET /faves/{id}", h.handleFaveDetail)`
			`mux.Handle("GET /faves/{id}/edit", requireLogin(http.HandlerFunc(h.handleFaveEdit)))`
			`mux.Handle("POST /faves/{id}", requireLogin(http.HandlerFunc(h.handleFaveUpdate)))`
			`mux.Handle("DELETE /faves/{id}", requireLogin(http.HandlerFunc(h.handleFaveDelete)))`

			`// Tags.`
			`mux.HandleFunc("GET /tags/search", h.handleTagSearch)`
			`mux.HandleFunc("GET /tags/{name}", h.handleTagBrowse)`

feat: add profiles, public views, settings, and code quality fixes Phase 3 — Profiles & Public Views: - Public profile page (/u/{username}) with OG meta tags - User settings page (display name, bio, visibility, default privacy) - Avatar upload with image processing - Password change from settings (verifies current password) - Home page shows public fave feed for logged-in users - Must-reset-password guard redirects to /reset-password - Profile visibility: public (full) or limited (username only) Code quality improvements from /simplify review: - Fix signup request persistence bug (was silently discarding data) - Fix health check to use configured listen address, not hardcoded :8080 - Add rate limiter cleanup goroutine (was leaking memory) - Extract shared helpers: ClearSessionCookie, IsSecureRequest, scanTags, scanUserFrom (scanner interface), SignupRequestStore - Replace hand-rolled joinPlaceholders with strings.Join - Remove dead _method hidden field, redundant devMode field - Simplify rate-limited route registration (remove double-mux) - Log previously-swallowed errors (session delete, image delete) - Stop leaking internal error messages to users in image upload Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-29 16:01:41 +02:00			`// Profiles.`
			`mux.HandleFunc("GET /u/{username}", h.handlePublicProfile)`

			`// User settings (authenticated).`
			`mux.Handle("GET /settings", requireLogin(http.HandlerFunc(h.handleSettingsGet)))`
			`mux.Handle("POST /settings", requireLogin(http.HandlerFunc(h.handleSettingsPost)))`
			`mux.Handle("POST /settings/avatar", requireLogin(http.HandlerFunc(h.handleAvatarPost)))`
			`mux.Handle("POST /settings/password", requireLogin(http.HandlerFunc(h.handleSettingsPasswordPost)))`

feat: add Atom feeds and JSON/CSV import/export Phase 5 — Feeds & Import/Export: - Atom feeds: global (/feed.xml), per-user (/u/{name}/feed.xml), per-tag (/tags/{name}/feed.xml). Uses gorilla/feeds. - JSON export: all user's faves with tags, pretty-printed - CSV export: standard format with header row - JSON import: validates and creates faves with tags - CSV import: flexible column mapping from header row - Import/export pages with format documentation - Feed items include enclosure for images, author info - Limited-visibility profiles excluded from feeds Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-29 16:11:44 +02:00			`// Feeds (public, no auth required).`
			`mux.HandleFunc("GET /feed.xml", h.handleFeedGlobal)`
			`mux.HandleFunc("GET /u/{username}/feed.xml", h.handleFeedUser)`
			`mux.HandleFunc("GET /tags/{name}/feed.xml", h.handleFeedTag)`

			`// Import/Export (authenticated).`
			`mux.Handle("GET /export", requireLogin(http.HandlerFunc(h.handleExportPage)))`
			`mux.Handle("GET /export/json", requireLogin(http.HandlerFunc(h.handleExportJSON)))`
			`mux.Handle("GET /export/csv", requireLogin(http.HandlerFunc(h.handleExportCSV)))`
			`mux.Handle("GET /import", requireLogin(http.HandlerFunc(h.handleImportPage)))`
			`mux.Handle("POST /import", requireLogin(http.HandlerFunc(h.handleImportPost)))`

feat: add admin panel with user, tag, and signup management Phase 4 — Admin Panel: - Admin dashboard with user/fave/pending-request counts - User management: create with temp password, reset password, enable/disable accounts (prevents self-disable) - Tag management: rename and delete tags - Signup request management: approve (creates user with must-reset-password) and reject pending requests - Site settings: site name, description, signup mode (open/requests/closed) - All admin routes require both login and admin role - SignupRequest model and full store (create, list pending, approve with user creation, reject) - SetMustResetPassword method on UserStore for admin password resets Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-29 16:09:30 +02:00			`// Admin panel (requires admin role).`
			`admin := func(hf http.HandlerFunc) http.Handler {`
			`return requireLogin(middleware.RequireAdmin(http.HandlerFunc(hf)))`
			`}`
			`mux.Handle("GET /admin", admin(h.handleAdminDashboard))`
			`mux.Handle("GET /admin/users", admin(h.handleAdminUsers))`
			`mux.Handle("POST /admin/users", admin(h.handleAdminCreateUser))`
			`mux.Handle("POST /admin/users/{id}/reset-password", admin(h.handleAdminResetPassword))`
			`mux.Handle("POST /admin/users/{id}/toggle-disabled", admin(h.handleAdminToggleDisabled))`
			`mux.Handle("GET /admin/tags", admin(h.handleAdminTags))`
			`mux.Handle("POST /admin/tags/{id}/rename", admin(h.handleAdminRenameTag))`
			`mux.Handle("POST /admin/tags/{id}/delete", admin(h.handleAdminDeleteTag))`
			`mux.Handle("GET /admin/signup-requests", admin(h.handleAdminSignupRequests))`
			`mux.Handle("POST /admin/signup-requests/{id}", admin(h.handleAdminSignupRequestAction))`
			`mux.Handle("GET /admin/settings", admin(h.handleAdminSettingsGet))`
			`mux.Handle("POST /admin/settings", admin(h.handleAdminSettingsPost))`

feat: implement Phase 1 (auth) and Phase 2 (faves CRUD) foundation Go backend with server-rendered HTML/HTMX frontend, SQLite database, and filesystem image storage. Self-hostable single-binary architecture. Phase 1 — Authentication & project foundation: - Argon2id password hashing with timing-attack prevention - Session management with cookie-based auth and periodic cleanup - Login, signup (open/requests/closed modes), logout, forced password reset - CSRF double-submit cookie pattern with HTMX auto-inclusion - Proxy-aware real IP extraction (WireGuard/Tailscale support) - Configurable base path for subdomain and subpath deployment - Rate limiting on auth endpoints with background cleanup - Security headers (CSP, X-Frame-Options, Referrer-Policy) - Structured logging with slog, graceful shutdown - Pico CSS + HTMX vendored and embedded via go:embed Phase 2 — Faves CRUD with tags and images: - Full CRUD for favorites with ownership checks - Image upload with EXIF stripping, resize to 1920px, UUID filenames - Tag system with HTMX autocomplete (prefix search, popularity-sorted) - Privacy controls (public/private per fave, user-configurable default) - Tag browsing, pagination, batch tag loading (avoids N+1) - OpenGraph meta tags on public fave detail pages Includes code quality pass: extracted shared helpers, fixed signup request persistence bug, plugged rate limiter memory leak, removed dead code, and logged previously-swallowed errors. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-29 15:55:22 +02:00			`return mux`
			`}`
feat: add packaging, deployment, error pages, and project docs Phase 7 — Polish: - Error page template with styled 404/403/500 pages - Error rendering helper on Renderer Phase 8 — Packaging & Deployment: - Containerfile: multi-stage build, non-root user, health check, OCI labels with build date and git revision - Makefile: build, test, cross-compile, deb, rpm, container, tarballs, checksums targets - nfpm.yaml: .deb and .rpm package config - systemd service: hardened with NoNewPrivileges, ProtectSystem, ProtectHome, PrivateTmp, RestrictSUIDSGID - Default environment file with commented examples - postinstall/preremove scripts (shellcheck validated) - compose.yaml: example Podman/Docker Compose - Caddyfile.example: subdomain, subpath, and remote proxy configs - CHANGELOG.md for release notes - CLAUDE.md with architecture, conventions, and quick reference Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-29 16:34:32 +02:00
			`// handleNotFound renders a styled 404 page.`
			`func (h Handler) handleNotFound(w http.ResponseWriter, r http.Request) {`
			`h.deps.Renderer.Error(w, r, http.StatusNotFound, "Ikke funnet")`
			`}`