olemd/favoritter
1
0
Fork 0
Code Issues Pull requests Projects Releases 1 Packages Wiki Activity Actions
favoritter/web/static/js/app.js

167 lines
5.7 KiB
JavaScript
Raw Normal View History

feat: implement Phase 1 (auth) and Phase 2 (faves CRUD) foundation Go backend with server-rendered HTML/HTMX frontend, SQLite database, and filesystem image storage. Self-hostable single-binary architecture. Phase 1 — Authentication & project foundation: - Argon2id password hashing with timing-attack prevention - Session management with cookie-based auth and periodic cleanup - Login, signup (open/requests/closed modes), logout, forced password reset - CSRF double-submit cookie pattern with HTMX auto-inclusion - Proxy-aware real IP extraction (WireGuard/Tailscale support) - Configurable base path for subdomain and subpath deployment - Rate limiting on auth endpoints with background cleanup - Security headers (CSP, X-Frame-Options, Referrer-Policy) - Structured logging with slog, graceful shutdown - Pico CSS + HTMX vendored and embedded via go:embed Phase 2 — Faves CRUD with tags and images: - Full CRUD for favorites with ownership checks - Image upload with EXIF stripping, resize to 1920px, UUID filenames - Tag system with HTMX autocomplete (prefix search, popularity-sorted) - Privacy controls (public/private per fave, user-configurable default) - Tag browsing, pagination, batch tag loading (avoids N+1) - OpenGraph meta tags on public fave detail pages Includes code quality pass: extracted shared helpers, fixed signup request persistence bug, plugged rate limiter memory leak, removed dead code, and logged previously-swallowed errors. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-29 15:55:22 +02:00
// Favoritter — minimal JavaScript for HTMX configuration and form helpers.
// SPDX-License-Identifier: AGPL-3.0-or-later
(function () {
"use strict";
// Auto-include the CSRF token in all HTMX requests.
document.body.addEventListener("htmx:configRequest", function (event) {
var csrfCookie = getCookie("csrf_token");
if (csrfCookie) {
event.detail.headers["X-CSRF-Token"] = csrfCookie;
}
// For the tag search input, send the current value of the last
// comma-separated segment as the 'q' parameter.
var elt = event.detail.elt;
if (elt && elt.id === "tags") {
var val = elt.value;
var parts = val.split(",");
var lastPart = parts[parts.length - 1].trim();
event.detail.parameters["q"] = lastPart;
}
});
a11y: fix WCAG 2.2 AA and Uutilsynet audit findings Tag autocomplete combobox pattern (WCAG 2.1.1, 4.1.2, 4.1.3): - Add role="combobox", aria-expanded, aria-haspopup to tag input - Implement arrow key navigation (up/down) through suggestions - Add Space key support alongside Enter for selecting tags - Manage aria-activedescendant to track highlighted option - Add Escape to close suggestions - Add aria-live="polite" status region announcing suggestion count - Add aria-selected state on options - Tag suggestions now have stable IDs for activedescendant Focus visibility (WCAG 2.4.7): - Remove outline:none on tag suggestions, replace with visible 2px solid outline on :focus-visible Contrast (WCAG 1.4.3): - Replace opacity:0.5 on disabled rows with muted text color and strikethrough on username (maintains 4.5:1 ratio) Structure and semantics (WCAG 1.3.1): - Fix heading hierarchy H1→H3 skip in import.html (now H2) - Replace <nav> misuse for fave actions with div[role="group"] - Add aria-label="Administrasjonsmeny" to admin dashboard nav - Wrap admin users table in responsive scrollable region - Remove redundant "Bilde for:" prefix from image alt text - Make error page H1 descriptive: "Feil 404: Ikke funnet" - Add .sr-only utility class for screen-reader-only content - Add hreflang="en" to English-language external link Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-29 17:54:24 +02:00
// Update aria-expanded and announce suggestion count after HTMX swaps.
feat: implement Phase 1 (auth) and Phase 2 (faves CRUD) foundation Go backend with server-rendered HTML/HTMX frontend, SQLite database, and filesystem image storage. Self-hostable single-binary architecture. Phase 1 — Authentication & project foundation: - Argon2id password hashing with timing-attack prevention - Session management with cookie-based auth and periodic cleanup - Login, signup (open/requests/closed modes), logout, forced password reset - CSRF double-submit cookie pattern with HTMX auto-inclusion - Proxy-aware real IP extraction (WireGuard/Tailscale support) - Configurable base path for subdomain and subpath deployment - Rate limiting on auth endpoints with background cleanup - Security headers (CSP, X-Frame-Options, Referrer-Policy) - Structured logging with slog, graceful shutdown - Pico CSS + HTMX vendored and embedded via go:embed Phase 2 — Faves CRUD with tags and images: - Full CRUD for favorites with ownership checks - Image upload with EXIF stripping, resize to 1920px, UUID filenames - Tag system with HTMX autocomplete (prefix search, popularity-sorted) - Privacy controls (public/private per fave, user-configurable default) - Tag browsing, pagination, batch tag loading (avoids N+1) - OpenGraph meta tags on public fave detail pages Includes code quality pass: extracted shared helpers, fixed signup request persistence bug, plugged rate limiter memory leak, removed dead code, and logged previously-swallowed errors. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-29 15:55:22 +02:00
document.body.addEventListener("htmx:afterSwap", function (event) {
var target = event.detail.target;
a11y: fix WCAG 2.2 AA and Uutilsynet audit findings Tag autocomplete combobox pattern (WCAG 2.1.1, 4.1.2, 4.1.3): - Add role="combobox", aria-expanded, aria-haspopup to tag input - Implement arrow key navigation (up/down) through suggestions - Add Space key support alongside Enter for selecting tags - Manage aria-activedescendant to track highlighted option - Add Escape to close suggestions - Add aria-live="polite" status region announcing suggestion count - Add aria-selected state on options - Tag suggestions now have stable IDs for activedescendant Focus visibility (WCAG 2.4.7): - Remove outline:none on tag suggestions, replace with visible 2px solid outline on :focus-visible Contrast (WCAG 1.4.3): - Replace opacity:0.5 on disabled rows with muted text color and strikethrough on username (maintains 4.5:1 ratio) Structure and semantics (WCAG 1.3.1): - Fix heading hierarchy H1→H3 skip in import.html (now H2) - Replace <nav> misuse for fave actions with div[role="group"] - Add aria-label="Administrasjonsmeny" to admin dashboard nav - Wrap admin users table in responsive scrollable region - Remove redundant "Bilde for:" prefix from image alt text - Make error page H1 descriptive: "Feil 404: Ikke funnet" - Add .sr-only utility class for screen-reader-only content - Add hreflang="en" to English-language external link Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-29 17:54:24 +02:00
if (!target) return;
// Focus management: if swapped content has autofocus, focus it.
var autoFocus = target.querySelector("[autofocus]");
if (autoFocus) {
autoFocus.focus();
}
// Tag suggestions: update combobox state.
if (target.id === "tag-suggestions") {
var input = document.getElementById("tags");
var items = target.querySelectorAll("[role='option']");
var count = items.length;
if (input) {
input.setAttribute("aria-expanded", count > 0 ? "true" : "false");
feat: implement Phase 1 (auth) and Phase 2 (faves CRUD) foundation Go backend with server-rendered HTML/HTMX frontend, SQLite database, and filesystem image storage. Self-hostable single-binary architecture. Phase 1 — Authentication & project foundation: - Argon2id password hashing with timing-attack prevention - Session management with cookie-based auth and periodic cleanup - Login, signup (open/requests/closed modes), logout, forced password reset - CSRF double-submit cookie pattern with HTMX auto-inclusion - Proxy-aware real IP extraction (WireGuard/Tailscale support) - Configurable base path for subdomain and subpath deployment - Rate limiting on auth endpoints with background cleanup - Security headers (CSP, X-Frame-Options, Referrer-Policy) - Structured logging with slog, graceful shutdown - Pico CSS + HTMX vendored and embedded via go:embed Phase 2 — Faves CRUD with tags and images: - Full CRUD for favorites with ownership checks - Image upload with EXIF stripping, resize to 1920px, UUID filenames - Tag system with HTMX autocomplete (prefix search, popularity-sorted) - Privacy controls (public/private per fave, user-configurable default) - Tag browsing, pagination, batch tag loading (avoids N+1) - OpenGraph meta tags on public fave detail pages Includes code quality pass: extracted shared helpers, fixed signup request persistence bug, plugged rate limiter memory leak, removed dead code, and logged previously-swallowed errors. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-29 15:55:22 +02:00
}
a11y: fix WCAG 2.2 AA and Uutilsynet audit findings Tag autocomplete combobox pattern (WCAG 2.1.1, 4.1.2, 4.1.3): - Add role="combobox", aria-expanded, aria-haspopup to tag input - Implement arrow key navigation (up/down) through suggestions - Add Space key support alongside Enter for selecting tags - Manage aria-activedescendant to track highlighted option - Add Escape to close suggestions - Add aria-live="polite" status region announcing suggestion count - Add aria-selected state on options - Tag suggestions now have stable IDs for activedescendant Focus visibility (WCAG 2.4.7): - Remove outline:none on tag suggestions, replace with visible 2px solid outline on :focus-visible Contrast (WCAG 1.4.3): - Replace opacity:0.5 on disabled rows with muted text color and strikethrough on username (maintains 4.5:1 ratio) Structure and semantics (WCAG 1.3.1): - Fix heading hierarchy H1→H3 skip in import.html (now H2) - Replace <nav> misuse for fave actions with div[role="group"] - Add aria-label="Administrasjonsmeny" to admin dashboard nav - Wrap admin users table in responsive scrollable region - Remove redundant "Bilde for:" prefix from image alt text - Make error page H1 descriptive: "Feil 404: Ikke funnet" - Add .sr-only utility class for screen-reader-only content - Add hreflang="en" to English-language external link Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-29 17:54:24 +02:00
// Announce suggestion count to screen readers.
var status = document.getElementById("tag-status");
if (status) {
status.textContent = count > 0
? count + " forslag tilgjengelig"
: "";
}
// Reset active descendant tracking.
activeIndex = -1;
clearActiveDescendant();
feat: implement Phase 1 (auth) and Phase 2 (faves CRUD) foundation Go backend with server-rendered HTML/HTMX frontend, SQLite database, and filesystem image storage. Self-hostable single-binary architecture. Phase 1 — Authentication & project foundation: - Argon2id password hashing with timing-attack prevention - Session management with cookie-based auth and periodic cleanup - Login, signup (open/requests/closed modes), logout, forced password reset - CSRF double-submit cookie pattern with HTMX auto-inclusion - Proxy-aware real IP extraction (WireGuard/Tailscale support) - Configurable base path for subdomain and subpath deployment - Rate limiting on auth endpoints with background cleanup - Security headers (CSP, X-Frame-Options, Referrer-Policy) - Structured logging with slog, graceful shutdown - Pico CSS + HTMX vendored and embedded via go:embed Phase 2 — Faves CRUD with tags and images: - Full CRUD for favorites with ownership checks - Image upload with EXIF stripping, resize to 1920px, UUID filenames - Tag system with HTMX autocomplete (prefix search, popularity-sorted) - Privacy controls (public/private per fave, user-configurable default) - Tag browsing, pagination, batch tag loading (avoids N+1) - OpenGraph meta tags on public fave detail pages Includes code quality pass: extracted shared helpers, fixed signup request persistence bug, plugged rate limiter memory leak, removed dead code, and logged previously-swallowed errors. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-29 15:55:22 +02:00
}
});
a11y: fix WCAG 2.2 AA and Uutilsynet audit findings Tag autocomplete combobox pattern (WCAG 2.1.1, 4.1.2, 4.1.3): - Add role="combobox", aria-expanded, aria-haspopup to tag input - Implement arrow key navigation (up/down) through suggestions - Add Space key support alongside Enter for selecting tags - Manage aria-activedescendant to track highlighted option - Add Escape to close suggestions - Add aria-live="polite" status region announcing suggestion count - Add aria-selected state on options - Tag suggestions now have stable IDs for activedescendant Focus visibility (WCAG 2.4.7): - Remove outline:none on tag suggestions, replace with visible 2px solid outline on :focus-visible Contrast (WCAG 1.4.3): - Replace opacity:0.5 on disabled rows with muted text color and strikethrough on username (maintains 4.5:1 ratio) Structure and semantics (WCAG 1.3.1): - Fix heading hierarchy H1→H3 skip in import.html (now H2) - Replace <nav> misuse for fave actions with div[role="group"] - Add aria-label="Administrasjonsmeny" to admin dashboard nav - Wrap admin users table in responsive scrollable region - Remove redundant "Bilde for:" prefix from image alt text - Make error page H1 descriptive: "Feil 404: Ikke funnet" - Add .sr-only utility class for screen-reader-only content - Add hreflang="en" to English-language external link Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-29 17:54:24 +02:00
// After a successful HTMX DELETE, redirect if the element has a data-redirect.
feat: implement Phase 1 (auth) and Phase 2 (faves CRUD) foundation Go backend with server-rendered HTML/HTMX frontend, SQLite database, and filesystem image storage. Self-hostable single-binary architecture. Phase 1 — Authentication & project foundation: - Argon2id password hashing with timing-attack prevention - Session management with cookie-based auth and periodic cleanup - Login, signup (open/requests/closed modes), logout, forced password reset - CSRF double-submit cookie pattern with HTMX auto-inclusion - Proxy-aware real IP extraction (WireGuard/Tailscale support) - Configurable base path for subdomain and subpath deployment - Rate limiting on auth endpoints with background cleanup - Security headers (CSP, X-Frame-Options, Referrer-Policy) - Structured logging with slog, graceful shutdown - Pico CSS + HTMX vendored and embedded via go:embed Phase 2 — Faves CRUD with tags and images: - Full CRUD for favorites with ownership checks - Image upload with EXIF stripping, resize to 1920px, UUID filenames - Tag system with HTMX autocomplete (prefix search, popularity-sorted) - Privacy controls (public/private per fave, user-configurable default) - Tag browsing, pagination, batch tag loading (avoids N+1) - OpenGraph meta tags on public fave detail pages Includes code quality pass: extracted shared helpers, fixed signup request persistence bug, plugged rate limiter memory leak, removed dead code, and logged previously-swallowed errors. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-29 15:55:22 +02:00
document.body.addEventListener("htmx:afterRequest", function (event) {
if (event.detail.successful && event.detail.verb === "delete") {
var redirect = event.detail.elt.getAttribute("data-redirect");
if (redirect) {
window.location.href = redirect;
}
}
});
a11y: fix WCAG 2.2 AA and Uutilsynet audit findings Tag autocomplete combobox pattern (WCAG 2.1.1, 4.1.2, 4.1.3): - Add role="combobox", aria-expanded, aria-haspopup to tag input - Implement arrow key navigation (up/down) through suggestions - Add Space key support alongside Enter for selecting tags - Manage aria-activedescendant to track highlighted option - Add Escape to close suggestions - Add aria-live="polite" status region announcing suggestion count - Add aria-selected state on options - Tag suggestions now have stable IDs for activedescendant Focus visibility (WCAG 2.4.7): - Remove outline:none on tag suggestions, replace with visible 2px solid outline on :focus-visible Contrast (WCAG 1.4.3): - Replace opacity:0.5 on disabled rows with muted text color and strikethrough on username (maintains 4.5:1 ratio) Structure and semantics (WCAG 1.3.1): - Fix heading hierarchy H1→H3 skip in import.html (now H2) - Replace <nav> misuse for fave actions with div[role="group"] - Add aria-label="Administrasjonsmeny" to admin dashboard nav - Wrap admin users table in responsive scrollable region - Remove redundant "Bilde for:" prefix from image alt text - Make error page H1 descriptive: "Feil 404: Ikke funnet" - Add .sr-only utility class for screen-reader-only content - Add hreflang="en" to English-language external link Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-29 17:54:24 +02:00
// --- Tag autocomplete combobox pattern ---
var activeIndex = -1;
// Handle keyboard navigation in the tag suggestions listbox.
document.addEventListener("keydown", function (event) {
var input = document.getElementById("tags");
if (!input || document.activeElement !== input) return;
var listbox = document.getElementById("tag-suggestions");
if (!listbox) return;
var items = listbox.querySelectorAll("[role='option']");
if (items.length === 0) return;
switch (event.key) {
case "ArrowDown":
event.preventDefault();
activeIndex = Math.min(activeIndex + 1, items.length - 1);
setActiveDescendant(items);
break;
case "ArrowUp":
event.preventDefault();
activeIndex = Math.max(activeIndex - 1, 0);
setActiveDescendant(items);
break;
case "Enter":
if (activeIndex >= 0 && activeIndex < items.length) {
event.preventDefault();
var tagName = items[activeIndex].textContent.trim();
addTag(null, tagName);
}
break;
case " ":
if (activeIndex >= 0 && activeIndex < items.length) {
event.preventDefault();
var tagName2 = items[activeIndex].textContent.trim();
addTag(null, tagName2);
}
break;
case "Escape":
closeSuggestions();
break;
}
});
function setActiveDescendant(items) {
for (var i = 0; i < items.length; i++) {
items[i].setAttribute("aria-selected", i === activeIndex ? "true" : "false");
}
var input = document.getElementById("tags");
if (input && activeIndex >= 0) {
var activeItem = items[activeIndex];
if (!activeItem.id) {
activeItem.id = "tag-option-" + activeIndex;
}
input.setAttribute("aria-activedescendant", activeItem.id);
activeItem.scrollIntoView({ block: "nearest" });
}
}
function clearActiveDescendant() {
var input = document.getElementById("tags");
if (input) {
input.removeAttribute("aria-activedescendant");
}
}
function closeSuggestions() {
var listbox = document.getElementById("tag-suggestions");
if (listbox) {
while (listbox.firstChild) {
listbox.removeChild(listbox.firstChild);
}
}
var input = document.getElementById("tags");
if (input) {
input.setAttribute("aria-expanded", "false");
}
activeIndex = -1;
}
// Add a selected tag to the tag input.
feat: implement Phase 1 (auth) and Phase 2 (faves CRUD) foundation Go backend with server-rendered HTML/HTMX frontend, SQLite database, and filesystem image storage. Self-hostable single-binary architecture. Phase 1 — Authentication & project foundation: - Argon2id password hashing with timing-attack prevention - Session management with cookie-based auth and periodic cleanup - Login, signup (open/requests/closed modes), logout, forced password reset - CSRF double-submit cookie pattern with HTMX auto-inclusion - Proxy-aware real IP extraction (WireGuard/Tailscale support) - Configurable base path for subdomain and subpath deployment - Rate limiting on auth endpoints with background cleanup - Security headers (CSP, X-Frame-Options, Referrer-Policy) - Structured logging with slog, graceful shutdown - Pico CSS + HTMX vendored and embedded via go:embed Phase 2 — Faves CRUD with tags and images: - Full CRUD for favorites with ownership checks - Image upload with EXIF stripping, resize to 1920px, UUID filenames - Tag system with HTMX autocomplete (prefix search, popularity-sorted) - Privacy controls (public/private per fave, user-configurable default) - Tag browsing, pagination, batch tag loading (avoids N+1) - OpenGraph meta tags on public fave detail pages Includes code quality pass: extracted shared helpers, fixed signup request persistence bug, plugged rate limiter memory leak, removed dead code, and logged previously-swallowed errors. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-29 15:55:22 +02:00
window.addTag = function (element, tagName) {
var input = document.getElementById("tags");
if (!input) return;
var parts = input.value.split(",").map(function (s) { return s.trim(); });
parts[parts.length - 1] = tagName;
input.value = parts.join(", ") + ", ";
input.focus();
a11y: fix WCAG 2.2 AA and Uutilsynet audit findings Tag autocomplete combobox pattern (WCAG 2.1.1, 4.1.2, 4.1.3): - Add role="combobox", aria-expanded, aria-haspopup to tag input - Implement arrow key navigation (up/down) through suggestions - Add Space key support alongside Enter for selecting tags - Manage aria-activedescendant to track highlighted option - Add Escape to close suggestions - Add aria-live="polite" status region announcing suggestion count - Add aria-selected state on options - Tag suggestions now have stable IDs for activedescendant Focus visibility (WCAG 2.4.7): - Remove outline:none on tag suggestions, replace with visible 2px solid outline on :focus-visible Contrast (WCAG 1.4.3): - Replace opacity:0.5 on disabled rows with muted text color and strikethrough on username (maintains 4.5:1 ratio) Structure and semantics (WCAG 1.3.1): - Fix heading hierarchy H1→H3 skip in import.html (now H2) - Replace <nav> misuse for fave actions with div[role="group"] - Add aria-label="Administrasjonsmeny" to admin dashboard nav - Wrap admin users table in responsive scrollable region - Remove redundant "Bilde for:" prefix from image alt text - Make error page H1 descriptive: "Feil 404: Ikke funnet" - Add .sr-only utility class for screen-reader-only content - Add hreflang="en" to English-language external link Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-29 17:54:24 +02:00
closeSuggestions();
feat: implement Phase 1 (auth) and Phase 2 (faves CRUD) foundation Go backend with server-rendered HTML/HTMX frontend, SQLite database, and filesystem image storage. Self-hostable single-binary architecture. Phase 1 — Authentication & project foundation: - Argon2id password hashing with timing-attack prevention - Session management with cookie-based auth and periodic cleanup - Login, signup (open/requests/closed modes), logout, forced password reset - CSRF double-submit cookie pattern with HTMX auto-inclusion - Proxy-aware real IP extraction (WireGuard/Tailscale support) - Configurable base path for subdomain and subpath deployment - Rate limiting on auth endpoints with background cleanup - Security headers (CSP, X-Frame-Options, Referrer-Policy) - Structured logging with slog, graceful shutdown - Pico CSS + HTMX vendored and embedded via go:embed Phase 2 — Faves CRUD with tags and images: - Full CRUD for favorites with ownership checks - Image upload with EXIF stripping, resize to 1920px, UUID filenames - Tag system with HTMX autocomplete (prefix search, popularity-sorted) - Privacy controls (public/private per fave, user-configurable default) - Tag browsing, pagination, batch tag loading (avoids N+1) - OpenGraph meta tags on public fave detail pages Includes code quality pass: extracted shared helpers, fixed signup request persistence bug, plugged rate limiter memory leak, removed dead code, and logged previously-swallowed errors. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-29 15:55:22 +02:00
};
function getCookie(name) {
var match = document.cookie.match(new RegExp("(^| )" + name + "=([^;]+)"));
return match ? match[2] : null;
}
})();
Reference in a new issue Copy permalink