olemd/favoritter
1
0
Fork 0
Code Issues Pull requests Projects Releases 1 Packages Wiki Activity Actions
favoritter/web/templates/pages/fave_detail.html

84 lines
3.1 KiB
HTML
Raw Normal View History

feat: implement Phase 1 (auth) and Phase 2 (faves CRUD) foundation Go backend with server-rendered HTML/HTMX frontend, SQLite database, and filesystem image storage. Self-hostable single-binary architecture. Phase 1 — Authentication & project foundation: - Argon2id password hashing with timing-attack prevention - Session management with cookie-based auth and periodic cleanup - Login, signup (open/requests/closed modes), logout, forced password reset - CSRF double-submit cookie pattern with HTMX auto-inclusion - Proxy-aware real IP extraction (WireGuard/Tailscale support) - Configurable base path for subdomain and subpath deployment - Rate limiting on auth endpoints with background cleanup - Security headers (CSP, X-Frame-Options, Referrer-Policy) - Structured logging with slog, graceful shutdown - Pico CSS + HTMX vendored and embedded via go:embed Phase 2 — Faves CRUD with tags and images: - Full CRUD for favorites with ownership checks - Image upload with EXIF stripping, resize to 1920px, UUID filenames - Tag system with HTMX autocomplete (prefix search, popularity-sorted) - Privacy controls (public/private per fave, user-configurable default) - Tag browsing, pagination, batch tag loading (avoids N+1) - OpenGraph meta tags on public fave detail pages Includes code quality pass: extracted shared helpers, fixed signup request persistence bug, plugged rate limiter memory leak, removed dead code, and logged previously-swallowed errors. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-29 15:55:22 +02:00
{{define "head"}}
{{with .Data}}{{with .Fave}}
{{if eq .Privacy "public"}}
<meta property="og:title" content="{{truncate 70 .Description}}">
feat: add notes field to favorites and enhance OG meta tags Add an optional long-form "notes" text field to each favorite for reviews, thoughts, or extended descriptions. The field is stored in SQLite via a new migration (002_add_fave_notes.sql) and propagated through the entire stack: - Model: Notes field on Fave struct - Store: All SQL queries (Create, GetByID, Update, list methods, scanFaves) updated with notes column - Web handlers: Read/write notes in create, edit, update forms - API handlers: Notes in create, update, get, import request/response - Export: Notes included in both JSON and CSV exports - Import: Notes parsed from both JSON and CSV imports - Feed: Notes used as Atom feed item summary when present - Form template: New textarea between URL and image fields - Detail template: Display notes, enhanced og:description with cascade: notes (truncated) → URL → generic fallback text Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-04 00:40:08 +02:00
{{if .Notes}}
<meta property="og:description" content="{{truncate 200 .Notes}}">
{{else if .URL}}
<meta property="og:description" content="{{.URL}}">
{{else}}
<meta property="og:description" content="En favoritt av {{.DisplayName}} på {{$.SiteName}}">
{{end}}
feat: implement Phase 1 (auth) and Phase 2 (faves CRUD) foundation Go backend with server-rendered HTML/HTMX frontend, SQLite database, and filesystem image storage. Self-hostable single-binary architecture. Phase 1 — Authentication & project foundation: - Argon2id password hashing with timing-attack prevention - Session management with cookie-based auth and periodic cleanup - Login, signup (open/requests/closed modes), logout, forced password reset - CSRF double-submit cookie pattern with HTMX auto-inclusion - Proxy-aware real IP extraction (WireGuard/Tailscale support) - Configurable base path for subdomain and subpath deployment - Rate limiting on auth endpoints with background cleanup - Security headers (CSP, X-Frame-Options, Referrer-Policy) - Structured logging with slog, graceful shutdown - Pico CSS + HTMX vendored and embedded via go:embed Phase 2 — Faves CRUD with tags and images: - Full CRUD for favorites with ownership checks - Image upload with EXIF stripping, resize to 1920px, UUID filenames - Tag system with HTMX autocomplete (prefix search, popularity-sorted) - Privacy controls (public/private per fave, user-configurable default) - Tag browsing, pagination, batch tag loading (avoids N+1) - OpenGraph meta tags on public fave detail pages Includes code quality pass: extracted shared helpers, fixed signup request persistence bug, plugged rate limiter memory leak, removed dead code, and logged previously-swallowed errors. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-29 15:55:22 +02:00
<meta property="og:type" content="article">
{{if $.ExternalURL}}
<meta property="og:url" content="{{$.ExternalURL}}/faves/{{.ID}}">
{{if .ImagePath}}
<meta property="og:image" content="{{$.ExternalURL}}/uploads/{{.ImagePath}}">
<meta name="twitter:card" content="summary_large_image">
{{else}}
<meta name="twitter:card" content="summary">
{{end}}
{{end}}
<meta property="og:site_name" content="{{$.SiteName}}">
{{range .Tags}}
<meta property="article:tag" content="{{.Name}}">
{{end}}
{{end}}
{{end}}{{end}}
{{end}}
{{define "content"}}
{{with .Data}}
test: add comprehensive test suite (44 tests across 3 packages) Store tests (21 tests): - Session: create, validate, delete, delete-all, expiry - Signup requests: create, duplicate, list pending, approve (creates user with must-reset), reject, double-approve/reject - Existing: user CRUD, auth, fave CRUD, tags, pagination Middleware tests (9 tests): - Real IP extraction from trusted/untrusted proxies - Base path stripping (with prefix, empty prefix) - Rate limiter (per-IP, exhaustion, different IPs) - Panic recovery (returns 500) - Security headers (CSP, X-Frame-Options, etc.) - RequireLogin redirect - MustResetPasswordGuard (static path passthrough) Handler integration tests (14 tests): - Health endpoint - Login page rendering, successful login, wrong password - Fave list requires auth, works when authenticated - Private fave hidden from other users, visible to owner - Admin panel requires admin role, works for admin - Tag search endpoint - Global Atom feed - Public profile with display name - Limited profile hides bio Also fixes template bugs: profile.html and fave_detail.html used $.IsOwner which fails inside {{with}} blocks ($ = root PageData, not .Data map). Fixed with $d variable capture pattern. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-29 16:47:32 +02:00
{{$d := .}}
feat: implement Phase 1 (auth) and Phase 2 (faves CRUD) foundation Go backend with server-rendered HTML/HTMX frontend, SQLite database, and filesystem image storage. Self-hostable single-binary architecture. Phase 1 — Authentication & project foundation: - Argon2id password hashing with timing-attack prevention - Session management with cookie-based auth and periodic cleanup - Login, signup (open/requests/closed modes), logout, forced password reset - CSRF double-submit cookie pattern with HTMX auto-inclusion - Proxy-aware real IP extraction (WireGuard/Tailscale support) - Configurable base path for subdomain and subpath deployment - Rate limiting on auth endpoints with background cleanup - Security headers (CSP, X-Frame-Options, Referrer-Policy) - Structured logging with slog, graceful shutdown - Pico CSS + HTMX vendored and embedded via go:embed Phase 2 — Faves CRUD with tags and images: - Full CRUD for favorites with ownership checks - Image upload with EXIF stripping, resize to 1920px, UUID filenames - Tag system with HTMX autocomplete (prefix search, popularity-sorted) - Privacy controls (public/private per fave, user-configurable default) - Tag browsing, pagination, batch tag loading (avoids N+1) - OpenGraph meta tags on public fave detail pages Includes code quality pass: extracted shared helpers, fixed signup request persistence bug, plugged rate limiter memory leak, removed dead code, and logged previously-swallowed errors. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-29 15:55:22 +02:00
<article>
{{with .Fave}}
{{if .ImagePath}}
<img src="{{basePath}}/uploads/{{.ImagePath}}"
a11y: fix WCAG 2.2 AA and Uutilsynet audit findings Tag autocomplete combobox pattern (WCAG 2.1.1, 4.1.2, 4.1.3): - Add role="combobox", aria-expanded, aria-haspopup to tag input - Implement arrow key navigation (up/down) through suggestions - Add Space key support alongside Enter for selecting tags - Manage aria-activedescendant to track highlighted option - Add Escape to close suggestions - Add aria-live="polite" status region announcing suggestion count - Add aria-selected state on options - Tag suggestions now have stable IDs for activedescendant Focus visibility (WCAG 2.4.7): - Remove outline:none on tag suggestions, replace with visible 2px solid outline on :focus-visible Contrast (WCAG 1.4.3): - Replace opacity:0.5 on disabled rows with muted text color and strikethrough on username (maintains 4.5:1 ratio) Structure and semantics (WCAG 1.3.1): - Fix heading hierarchy H1→H3 skip in import.html (now H2) - Replace <nav> misuse for fave actions with div[role="group"] - Add aria-label="Administrasjonsmeny" to admin dashboard nav - Wrap admin users table in responsive scrollable region - Remove redundant "Bilde for:" prefix from image alt text - Make error page H1 descriptive: "Feil 404: Ikke funnet" - Add .sr-only utility class for screen-reader-only content - Add hreflang="en" to English-language external link Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-29 17:54:24 +02:00
alt="{{.Description}}">
feat: implement Phase 1 (auth) and Phase 2 (faves CRUD) foundation Go backend with server-rendered HTML/HTMX frontend, SQLite database, and filesystem image storage. Self-hostable single-binary architecture. Phase 1 — Authentication & project foundation: - Argon2id password hashing with timing-attack prevention - Session management with cookie-based auth and periodic cleanup - Login, signup (open/requests/closed modes), logout, forced password reset - CSRF double-submit cookie pattern with HTMX auto-inclusion - Proxy-aware real IP extraction (WireGuard/Tailscale support) - Configurable base path for subdomain and subpath deployment - Rate limiting on auth endpoints with background cleanup - Security headers (CSP, X-Frame-Options, Referrer-Policy) - Structured logging with slog, graceful shutdown - Pico CSS + HTMX vendored and embedded via go:embed Phase 2 — Faves CRUD with tags and images: - Full CRUD for favorites with ownership checks - Image upload with EXIF stripping, resize to 1920px, UUID filenames - Tag system with HTMX autocomplete (prefix search, popularity-sorted) - Privacy controls (public/private per fave, user-configurable default) - Tag browsing, pagination, batch tag loading (avoids N+1) - OpenGraph meta tags on public fave detail pages Includes code quality pass: extracted shared helpers, fixed signup request persistence bug, plugged rate limiter memory leak, removed dead code, and logged previously-swallowed errors. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-29 15:55:22 +02:00
{{end}}
<header>
<h1>{{.Description}}</h1>
<p>
Av <a href="{{basePath}}/u/{{.Username}}">{{.DisplayName}}</a>
{{if eq .Privacy "private"}}
<small class="badge-private" aria-label="Privat">Privat</small>
{{end}}
</p>
</header>
{{if .URL}}
<p><a href="{{.URL}}" target="_blank" rel="noopener noreferrer">{{.URL}}</a></p>
{{end}}
feat: add notes field to favorites and enhance OG meta tags Add an optional long-form "notes" text field to each favorite for reviews, thoughts, or extended descriptions. The field is stored in SQLite via a new migration (002_add_fave_notes.sql) and propagated through the entire stack: - Model: Notes field on Fave struct - Store: All SQL queries (Create, GetByID, Update, list methods, scanFaves) updated with notes column - Web handlers: Read/write notes in create, edit, update forms - API handlers: Notes in create, update, get, import request/response - Export: Notes included in both JSON and CSV exports - Import: Notes parsed from both JSON and CSV imports - Feed: Notes used as Atom feed item summary when present - Form template: New textarea between URL and image fields - Detail template: Display notes, enhanced og:description with cascade: notes (truncated) → URL → generic fallback text Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-04 00:40:08 +02:00
{{if .Notes}}
<div class="fave-notes">{{.Notes}}</div>
{{end}}
feat: implement Phase 1 (auth) and Phase 2 (faves CRUD) foundation Go backend with server-rendered HTML/HTMX frontend, SQLite database, and filesystem image storage. Self-hostable single-binary architecture. Phase 1 — Authentication & project foundation: - Argon2id password hashing with timing-attack prevention - Session management with cookie-based auth and periodic cleanup - Login, signup (open/requests/closed modes), logout, forced password reset - CSRF double-submit cookie pattern with HTMX auto-inclusion - Proxy-aware real IP extraction (WireGuard/Tailscale support) - Configurable base path for subdomain and subpath deployment - Rate limiting on auth endpoints with background cleanup - Security headers (CSP, X-Frame-Options, Referrer-Policy) - Structured logging with slog, graceful shutdown - Pico CSS + HTMX vendored and embedded via go:embed Phase 2 — Faves CRUD with tags and images: - Full CRUD for favorites with ownership checks - Image upload with EXIF stripping, resize to 1920px, UUID filenames - Tag system with HTMX autocomplete (prefix search, popularity-sorted) - Privacy controls (public/private per fave, user-configurable default) - Tag browsing, pagination, batch tag loading (avoids N+1) - OpenGraph meta tags on public fave detail pages Includes code quality pass: extracted shared helpers, fixed signup request persistence bug, plugged rate limiter memory leak, removed dead code, and logged previously-swallowed errors. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-29 15:55:22 +02:00
{{if .Tags}}
<p>
{{range .Tags}}
<a href="{{basePath}}/tags/{{.Name}}" class="tag-chip">{{.Name}}</a>
{{end}}
</p>
{{end}}
<footer>
<small>Lagt til {{.CreatedAt.Format "02.01.2006"}}</small>
test: add comprehensive test suite (44 tests across 3 packages) Store tests (21 tests): - Session: create, validate, delete, delete-all, expiry - Signup requests: create, duplicate, list pending, approve (creates user with must-reset), reject, double-approve/reject - Existing: user CRUD, auth, fave CRUD, tags, pagination Middleware tests (9 tests): - Real IP extraction from trusted/untrusted proxies - Base path stripping (with prefix, empty prefix) - Rate limiter (per-IP, exhaustion, different IPs) - Panic recovery (returns 500) - Security headers (CSP, X-Frame-Options, etc.) - RequireLogin redirect - MustResetPasswordGuard (static path passthrough) Handler integration tests (14 tests): - Health endpoint - Login page rendering, successful login, wrong password - Fave list requires auth, works when authenticated - Private fave hidden from other users, visible to owner - Admin panel requires admin role, works for admin - Tag search endpoint - Global Atom feed - Public profile with display name - Limited profile hides bio Also fixes template bugs: profile.html and fave_detail.html used $.IsOwner which fails inside {{with}} blocks ($ = root PageData, not .Data map). Fixed with $d variable capture pattern. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-29 16:47:32 +02:00
{{if $d.IsOwner}}
a11y: fix WCAG 2.2 AA and Uutilsynet audit findings Tag autocomplete combobox pattern (WCAG 2.1.1, 4.1.2, 4.1.3): - Add role="combobox", aria-expanded, aria-haspopup to tag input - Implement arrow key navigation (up/down) through suggestions - Add Space key support alongside Enter for selecting tags - Manage aria-activedescendant to track highlighted option - Add Escape to close suggestions - Add aria-live="polite" status region announcing suggestion count - Add aria-selected state on options - Tag suggestions now have stable IDs for activedescendant Focus visibility (WCAG 2.4.7): - Remove outline:none on tag suggestions, replace with visible 2px solid outline on :focus-visible Contrast (WCAG 1.4.3): - Replace opacity:0.5 on disabled rows with muted text color and strikethrough on username (maintains 4.5:1 ratio) Structure and semantics (WCAG 1.3.1): - Fix heading hierarchy H1→H3 skip in import.html (now H2) - Replace <nav> misuse for fave actions with div[role="group"] - Add aria-label="Administrasjonsmeny" to admin dashboard nav - Wrap admin users table in responsive scrollable region - Remove redundant "Bilde for:" prefix from image alt text - Make error page H1 descriptive: "Feil 404: Ikke funnet" - Add .sr-only utility class for screen-reader-only content - Add hreflang="en" to English-language external link Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-29 17:54:24 +02:00
<div class="fave-actions" role="group" aria-label="Handlinger for favoritt">
feat: implement Phase 1 (auth) and Phase 2 (faves CRUD) foundation Go backend with server-rendered HTML/HTMX frontend, SQLite database, and filesystem image storage. Self-hostable single-binary architecture. Phase 1 — Authentication & project foundation: - Argon2id password hashing with timing-attack prevention - Session management with cookie-based auth and periodic cleanup - Login, signup (open/requests/closed modes), logout, forced password reset - CSRF double-submit cookie pattern with HTMX auto-inclusion - Proxy-aware real IP extraction (WireGuard/Tailscale support) - Configurable base path for subdomain and subpath deployment - Rate limiting on auth endpoints with background cleanup - Security headers (CSP, X-Frame-Options, Referrer-Policy) - Structured logging with slog, graceful shutdown - Pico CSS + HTMX vendored and embedded via go:embed Phase 2 — Faves CRUD with tags and images: - Full CRUD for favorites with ownership checks - Image upload with EXIF stripping, resize to 1920px, UUID filenames - Tag system with HTMX autocomplete (prefix search, popularity-sorted) - Privacy controls (public/private per fave, user-configurable default) - Tag browsing, pagination, batch tag loading (avoids N+1) - OpenGraph meta tags on public fave detail pages Includes code quality pass: extracted shared helpers, fixed signup request persistence bug, plugged rate limiter memory leak, removed dead code, and logged previously-swallowed errors. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-29 15:55:22 +02:00
<a href="{{basePath}}/faves/{{.ID}}/edit" role="button" class="outline">Rediger</a>
<button
hx-delete="{{basePath}}/faves/{{.ID}}"
hx-confirm="Er du sikker på at du vil slette denne favoritten?"
hx-headers='{"X-CSRF-Token": "{{$.CSRFToken}}"}'
class="outline secondary"
data-redirect="{{basePath}}/faves"
>Slett</button>
a11y: fix WCAG 2.2 AA and Uutilsynet audit findings Tag autocomplete combobox pattern (WCAG 2.1.1, 4.1.2, 4.1.3): - Add role="combobox", aria-expanded, aria-haspopup to tag input - Implement arrow key navigation (up/down) through suggestions - Add Space key support alongside Enter for selecting tags - Manage aria-activedescendant to track highlighted option - Add Escape to close suggestions - Add aria-live="polite" status region announcing suggestion count - Add aria-selected state on options - Tag suggestions now have stable IDs for activedescendant Focus visibility (WCAG 2.4.7): - Remove outline:none on tag suggestions, replace with visible 2px solid outline on :focus-visible Contrast (WCAG 1.4.3): - Replace opacity:0.5 on disabled rows with muted text color and strikethrough on username (maintains 4.5:1 ratio) Structure and semantics (WCAG 1.3.1): - Fix heading hierarchy H1→H3 skip in import.html (now H2) - Replace <nav> misuse for fave actions with div[role="group"] - Add aria-label="Administrasjonsmeny" to admin dashboard nav - Wrap admin users table in responsive scrollable region - Remove redundant "Bilde for:" prefix from image alt text - Make error page H1 descriptive: "Feil 404: Ikke funnet" - Add .sr-only utility class for screen-reader-only content - Add hreflang="en" to English-language external link Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-29 17:54:24 +02:00
</div>
feat: implement Phase 1 (auth) and Phase 2 (faves CRUD) foundation Go backend with server-rendered HTML/HTMX frontend, SQLite database, and filesystem image storage. Self-hostable single-binary architecture. Phase 1 — Authentication & project foundation: - Argon2id password hashing with timing-attack prevention - Session management with cookie-based auth and periodic cleanup - Login, signup (open/requests/closed modes), logout, forced password reset - CSRF double-submit cookie pattern with HTMX auto-inclusion - Proxy-aware real IP extraction (WireGuard/Tailscale support) - Configurable base path for subdomain and subpath deployment - Rate limiting on auth endpoints with background cleanup - Security headers (CSP, X-Frame-Options, Referrer-Policy) - Structured logging with slog, graceful shutdown - Pico CSS + HTMX vendored and embedded via go:embed Phase 2 — Faves CRUD with tags and images: - Full CRUD for favorites with ownership checks - Image upload with EXIF stripping, resize to 1920px, UUID filenames - Tag system with HTMX autocomplete (prefix search, popularity-sorted) - Privacy controls (public/private per fave, user-configurable default) - Tag browsing, pagination, batch tag loading (avoids N+1) - OpenGraph meta tags on public fave detail pages Includes code quality pass: extracted shared helpers, fixed signup request persistence bug, plugged rate limiter memory leak, removed dead code, and logged previously-swallowed errors. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-29 15:55:22 +02:00
{{end}}
</footer>
{{end}}
</article>
{{end}}
{{end}}
Reference in a new issue Copy permalink