favoritter/web/templates/layouts/base.html

{{define "base.html"}}<!DOCTYPE html>
<html lang="nb">
<head>
    <meta charset="utf-8">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <title>{{if .Title}}{{.Title}} — {{end}}{{.SiteName}}</title>
    <link rel="stylesheet" href="{{basePath}}/static/vendor/pico.min.css">
    <link rel="stylesheet" href="{{basePath}}/static/css/style.css">
    {{block "head" .}}{{end}}
</head>
<body>
    <a href="#main-content" class="skip-link">Hopp til hovedinnhold</a>

    <header class="container">
        <nav aria-label="Hovednavigasjon">
            <ul>
                <li><a href="{{basePath}}/" class="site-title"><strong>{{.SiteName}}</strong></a></li>
            </ul>
            <ul>
                {{if .User}}
                    <li><a href="{{basePath}}/faves">Mine favoritter</a></li>
                    <li><a href="{{basePath}}/u/{{.User.Username}}">Profil</a></li>
                    {{if .User.IsAdmin}}
                        <li><a href="{{basePath}}/admin">Admin</a></li>
                    {{end}}
                    <li>
                        <form method="POST" action="{{basePath}}/logout" class="inline-form">
                            <input type="hidden" name="csrf_token" value="{{.CSRFToken}}">
                            <button type="submit" class="outline secondary nav-button">Logg ut</button>
                        </form>
                    </li>
                {{else}}
                    <li><a href="{{basePath}}/login">Logg inn</a></li>
                    <li><a href="{{basePath}}/signup">Registrer</a></li>
                {{end}}
            </ul>
        </nav>
    </header>

    <main id="main-content" class="container">
        {{if .Flash}}
            <div class="flash flash-{{.FlashType}}" role="alert">
                {{.Flash}}
            </div>
        {{end}}
        {{block "content" .}}{{end}}
    </main>

    <footer class="container">
        <hr>
        <p>
            <small>
                Drevet av <a href="https://kode.naiv.no/olemd/favoritter" target="_blank" rel="noopener">Favoritter</a>
                — fri programvare under <a href="https://www.gnu.org/licenses/agpl-3.0.html" target="_blank" rel="noopener" hreflang="en">AGPL-3.0</a>
            </small>
        </p>
    </footer>

    <script src="{{basePath}}/static/vendor/htmx.min.js"></script>
    <script src="{{basePath}}/static/js/app.js"></script>
</body>
</html>{{end}}
feat: implement Phase 1 (auth) and Phase 2 (faves CRUD) foundation Go backend with server-rendered HTML/HTMX frontend, SQLite database, and filesystem image storage. Self-hostable single-binary architecture. Phase 1 — Authentication & project foundation: - Argon2id password hashing with timing-attack prevention - Session management with cookie-based auth and periodic cleanup - Login, signup (open/requests/closed modes), logout, forced password reset - CSRF double-submit cookie pattern with HTMX auto-inclusion - Proxy-aware real IP extraction (WireGuard/Tailscale support) - Configurable base path for subdomain and subpath deployment - Rate limiting on auth endpoints with background cleanup - Security headers (CSP, X-Frame-Options, Referrer-Policy) - Structured logging with slog, graceful shutdown - Pico CSS + HTMX vendored and embedded via go:embed Phase 2 — Faves CRUD with tags and images: - Full CRUD for favorites with ownership checks - Image upload with EXIF stripping, resize to 1920px, UUID filenames - Tag system with HTMX autocomplete (prefix search, popularity-sorted) - Privacy controls (public/private per fave, user-configurable default) - Tag browsing, pagination, batch tag loading (avoids N+1) - OpenGraph meta tags on public fave detail pages Includes code quality pass: extracted shared helpers, fixed signup request persistence bug, plugged rate limiter memory leak, removed dead code, and logged previously-swallowed errors. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-29 15:55:22 +02:00			`{{define "base.html"}}<!DOCTYPE html>`
			`<html lang="nb">`
			`<head>`
			`<meta charset="utf-8">`
			`<meta name="viewport" content="width=device-width, initial-scale=1">`
			`<title>{{if .Title}}{{.Title}} — {{end}}{{.SiteName}}</title>`
			`<link rel="stylesheet" href="{{basePath}}/static/vendor/pico.min.css">`
			`<link rel="stylesheet" href="{{basePath}}/static/css/style.css">`
			`{{block "head" .}}{{end}}`
			`</head>`
			`<body>`
			`<a href="#main-content" class="skip-link">Hopp til hovedinnhold</a>`

			`<header class="container">`
			`<nav aria-label="Hovednavigasjon">`
			`<ul>`
			`<li><a href="{{basePath}}/" class="site-title"><strong>{{.SiteName}}</strong></a></li>`
			`</ul>`
			`<ul>`
			`{{if .User}}`
			`<li><a href="{{basePath}}/faves">Mine favoritter</a></li>`
			`<li><a href="{{basePath}}/u/{{.User.Username}}">Profil</a></li>`
			`{{if .User.IsAdmin}}`
			`<li><a href="{{basePath}}/admin">Admin</a></li>`
			`{{end}}`
			`<li>`
			`<form method="POST" action="{{basePath}}/logout" class="inline-form">`
			`<input type="hidden" name="csrf_token" value="{{.CSRFToken}}">`
			`<button type="submit" class="outline secondary nav-button">Logg ut</button>`
			`</form>`
			`</li>`
			`{{else}}`
			`<li><a href="{{basePath}}/login">Logg inn</a></li>`
			`<li><a href="{{basePath}}/signup">Registrer</a></li>`
			`{{end}}`
			`</ul>`
			`</nav>`
			`</header>`

			`<main id="main-content" class="container">`
			`{{if .Flash}}`
			`<div class="flash flash-{{.FlashType}}" role="alert">`
			`{{.Flash}}`
			`</div>`
			`{{end}}`
			`{{block "content" .}}{{end}}`
			`</main>`

			`<footer class="container">`
			`<hr>`
			`<p>`
			`<small>`
			`Drevet av <a href="https://kode.naiv.no/olemd/favoritter" target="_blank" rel="noopener">Favoritter</a>`
a11y: fix WCAG 2.2 AA and Uutilsynet audit findings Tag autocomplete combobox pattern (WCAG 2.1.1, 4.1.2, 4.1.3): - Add role="combobox", aria-expanded, aria-haspopup to tag input - Implement arrow key navigation (up/down) through suggestions - Add Space key support alongside Enter for selecting tags - Manage aria-activedescendant to track highlighted option - Add Escape to close suggestions - Add aria-live="polite" status region announcing suggestion count - Add aria-selected state on options - Tag suggestions now have stable IDs for activedescendant Focus visibility (WCAG 2.4.7): - Remove outline:none on tag suggestions, replace with visible 2px solid outline on :focus-visible Contrast (WCAG 1.4.3): - Replace opacity:0.5 on disabled rows with muted text color and strikethrough on username (maintains 4.5:1 ratio) Structure and semantics (WCAG 1.3.1): - Fix heading hierarchy H1→H3 skip in import.html (now H2) - Replace <nav> misuse for fave actions with div[role="group"] - Add aria-label="Administrasjonsmeny" to admin dashboard nav - Wrap admin users table in responsive scrollable region - Remove redundant "Bilde for:" prefix from image alt text - Make error page H1 descriptive: "Feil 404: Ikke funnet" - Add .sr-only utility class for screen-reader-only content - Add hreflang="en" to English-language external link Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-29 17:54:24 +02:00			`— fri programvare under <a href="https://www.gnu.org/licenses/agpl-3.0.html" target="_blank" rel="noopener" hreflang="en">AGPL-3.0</a>`
feat: implement Phase 1 (auth) and Phase 2 (faves CRUD) foundation Go backend with server-rendered HTML/HTMX frontend, SQLite database, and filesystem image storage. Self-hostable single-binary architecture. Phase 1 — Authentication & project foundation: - Argon2id password hashing with timing-attack prevention - Session management with cookie-based auth and periodic cleanup - Login, signup (open/requests/closed modes), logout, forced password reset - CSRF double-submit cookie pattern with HTMX auto-inclusion - Proxy-aware real IP extraction (WireGuard/Tailscale support) - Configurable base path for subdomain and subpath deployment - Rate limiting on auth endpoints with background cleanup - Security headers (CSP, X-Frame-Options, Referrer-Policy) - Structured logging with slog, graceful shutdown - Pico CSS + HTMX vendored and embedded via go:embed Phase 2 — Faves CRUD with tags and images: - Full CRUD for favorites with ownership checks - Image upload with EXIF stripping, resize to 1920px, UUID filenames - Tag system with HTMX autocomplete (prefix search, popularity-sorted) - Privacy controls (public/private per fave, user-configurable default) - Tag browsing, pagination, batch tag loading (avoids N+1) - OpenGraph meta tags on public fave detail pages Includes code quality pass: extracted shared helpers, fixed signup request persistence bug, plugged rate limiter memory leak, removed dead code, and logged previously-swallowed errors. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-29 15:55:22 +02:00			`</small>`
			`</p>`
			`</footer>`

			`<script src="{{basePath}}/static/vendor/htmx.min.js"></script>`
			`<script src="{{basePath}}/static/js/app.js"></script>`
			`</body>`
			`</html>{{end}}`