olemd/favoritter
1
0
Fork 0
Code Issues Pull requests Projects Releases 1 Packages Wiki Activity Actions
favoritter/internal/handler/profile.go

212 lines
6.5 KiB
Go
Raw Normal View History

feat: add profiles, public views, settings, and code quality fixes Phase 3 — Profiles & Public Views: - Public profile page (/u/{username}) with OG meta tags - User settings page (display name, bio, visibility, default privacy) - Avatar upload with image processing - Password change from settings (verifies current password) - Home page shows public fave feed for logged-in users - Must-reset-password guard redirects to /reset-password - Profile visibility: public (full) or limited (username only) Code quality improvements from /simplify review: - Fix signup request persistence bug (was silently discarding data) - Fix health check to use configured listen address, not hardcoded :8080 - Add rate limiter cleanup goroutine (was leaking memory) - Extract shared helpers: ClearSessionCookie, IsSecureRequest, scanTags, scanUserFrom (scanner interface), SignupRequestStore - Replace hand-rolled joinPlaceholders with strings.Join - Remove dead _method hidden field, redundant devMode field - Simplify rate-limited route registration (remove double-mux) - Log previously-swallowed errors (session delete, image delete) - Stop leaking internal error messages to users in image upload Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-29 16:01:41 +02:00
// SPDX-License-Identifier: AGPL-3.0-or-later
package handler
import (
"errors"
"log/slog"
"net/http"
"strings"
"kode.naiv.no/olemd/favoritter/internal/image"
"kode.naiv.no/olemd/favoritter/internal/middleware"
"kode.naiv.no/olemd/favoritter/internal/model"
"kode.naiv.no/olemd/favoritter/internal/render"
"kode.naiv.no/olemd/favoritter/internal/store"
)
// handlePublicProfile shows a user's public profile and their public faves.
func (h *Handler) handlePublicProfile(w http.ResponseWriter, r *http.Request) {
username := r.PathValue("username")
profileUser, err := h.deps.Users.GetByUsername(username)
if err != nil {
if errors.Is(err, store.ErrUserNotFound) {
http.NotFound(w, r)
return
}
slog.Error("get user error", "error", err)
http.Error(w, "Internal error", http.StatusInternalServerError)
return
}
if profileUser.Disabled {
http.NotFound(w, r)
return
}
// Check if the viewing user is the profile owner.
viewer := middleware.UserFromContext(r.Context())
isOwner := viewer != nil && viewer.ID == profileUser.ID
page := queryInt(r, "page", 1)
offset := (page - 1) * defaultPageSize
var faves []*model.Fave
var total int
if isOwner {
faves, total, err = h.deps.Faves.ListByUser(profileUser.ID, defaultPageSize, offset)
} else {
faves, total, err = h.deps.Faves.ListPublicByUser(profileUser.ID, defaultPageSize, offset)
}
if err != nil {
slog.Error("list faves error", "error", err)
http.Error(w, "Internal error", http.StatusInternalServerError)
return
}
if err := h.deps.Faves.LoadTags(faves); err != nil {
slog.Error("load tags error", "error", err)
}
totalPages := (total + defaultPageSize - 1) / defaultPageSize
h.deps.Renderer.Page(w, r, "profile", render.PageData{
Title: profileUser.DisplayNameOrUsername() + " sine favoritter",
Data: map[string]any{
"ProfileUser": profileUser,
"IsOwner": isOwner,
"IsLimited": profileUser.ProfileVisibility == "limited" && !isOwner,
"Faves": faves,
"Page": page,
"TotalPages": totalPages,
"Total": total,
},
})
}
// handleSettingsGet shows the user settings page.
func (h *Handler) handleSettingsGet(w http.ResponseWriter, r *http.Request) {
user := middleware.UserFromContext(r.Context())
h.deps.Renderer.Page(w, r, "settings", render.PageData{
Title: "Innstillinger",
Data: map[string]any{
"SettingsUser": user,
},
})
}
// handleSettingsPost processes the settings form.
func (h *Handler) handleSettingsPost(w http.ResponseWriter, r *http.Request) {
user := middleware.UserFromContext(r.Context())
if err := r.ParseForm(); err != nil {
h.flash(w, r, "settings", "Ugyldig forespørsel.", "error", settingsData(user))
return
}
displayName := strings.TrimSpace(r.FormValue("display_name"))
bio := strings.TrimSpace(r.FormValue("bio"))
profileVisibility := r.FormValue("profile_visibility")
defaultFavePrivacy := r.FormValue("default_fave_privacy")
if profileVisibility != "public" && profileVisibility != "limited" {
profileVisibility = user.ProfileVisibility
}
if defaultFavePrivacy != "public" && defaultFavePrivacy != "private" {
defaultFavePrivacy = user.DefaultFavePrivacy
}
if err := h.deps.Users.UpdateProfile(user.ID, displayName, bio, profileVisibility, defaultFavePrivacy); err != nil {
slog.Error("update profile error", "error", err)
h.flash(w, r, "settings", "Noe gikk galt. Prøv igjen.", "error", settingsData(user))
return
}
h.flash(w, r, "settings", "Innstillingene er lagret.", "success", settingsData(user))
}
// handleSettingsPasswordPost handles password change from the settings page.
func (h *Handler) handleSettingsPasswordPost(w http.ResponseWriter, r *http.Request) {
user := middleware.UserFromContext(r.Context())
if err := r.ParseForm(); err != nil {
h.flash(w, r, "settings", "Ugyldig forespørsel.", "error", settingsData(user))
return
}
currentPassword := r.FormValue("current_password")
newPassword := r.FormValue("new_password")
confirmPassword := r.FormValue("confirm_password")
// Verify current password.
if _, err := h.deps.Users.Authenticate(user.Username, currentPassword); err != nil {
h.flash(w, r, "settings", "Nåværende passord er feil.", "error", settingsData(user))
return
}
if len(newPassword) < 8 {
h.flash(w, r, "settings", "Nytt passord må være minst 8 tegn.", "error", settingsData(user))
return
}
if newPassword != confirmPassword {
h.flash(w, r, "settings", "Passordene er ikke like.", "error", settingsData(user))
return
}
if err := h.deps.Users.UpdatePassword(user.ID, newPassword); err != nil {
slog.Error("update password error", "error", err)
h.flash(w, r, "settings", "Noe gikk galt. Prøv igjen.", "error", settingsData(user))
return
}
// Invalidate other sessions, keep current one.
if delErr := h.deps.Sessions.DeleteAllForUser(user.ID); delErr != nil {
slog.Error("session cleanup error", "error", delErr)
}
token, err := h.deps.Sessions.Create(user.ID)
if err != nil {
slog.Error("session create error", "error", err)
http.Redirect(w, r, h.deps.Config.BasePath+"/login", http.StatusSeeOther)
return
}
h.setSessionCookie(w, r, token)
h.flash(w, r, "settings", "Passordet er endret.", "success", settingsData(user))
}
// handleAvatarPost handles avatar upload.
func (h *Handler) handleAvatarPost(w http.ResponseWriter, r *http.Request) {
user := middleware.UserFromContext(r.Context())
if err := r.ParseMultipartForm(h.deps.Config.MaxUploadSize); err != nil {
h.flash(w, r, "settings", "Filen er for stor.", "error", settingsData(user))
return
}
file, header, err := r.FormFile("avatar")
if err != nil {
h.flash(w, r, "settings", "Velg et bilde å laste opp.", "error", settingsData(user))
return
}
defer file.Close()
result, err := image.Process(file, header, h.deps.Config.UploadDir)
if err != nil {
slog.Error("avatar process error", "error", err)
h.flash(w, r, "settings", "Kunne ikke behandle bildet. Sjekk at filen er et gyldig bilde.", "error", settingsData(user))
return
}
// Delete old avatar if there was one.
if user.AvatarPath != "" {
if delErr := image.Delete(h.deps.Config.UploadDir, user.AvatarPath); delErr != nil {
slog.Error("avatar delete error", "error", delErr)
}
}
if err := h.deps.Users.UpdateAvatar(user.ID, result.Filename); err != nil {
slog.Error("update avatar error", "error", err)
h.flash(w, r, "settings", "Noe gikk galt. Prøv igjen.", "error", settingsData(user))
return
}
h.flash(w, r, "settings", "Profilbildet er oppdatert.", "success", settingsData(user))
}
func settingsData(user *model.User) map[string]any {
return map[string]any{"SettingsUser": user}
}
Reference in a new issue Copy permalink