favoritter/internal/middleware/basepath.go

// SPDX-License-Identifier: AGPL-3.0-or-later

package middleware

import (
	"net/http"
	"strings"
)

// BasePath strips a configured path prefix from incoming requests so the
// router sees paths without the prefix. This enables deployment at both
// faves.example.com (basePath="") and example.com/faves (basePath="/faves").
func BasePath(prefix string) func(http.Handler) http.Handler {
	return func(next http.Handler) http.Handler {
		if prefix == "" {
			return next
		}
		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
			// Strip the prefix from the URL path.
			if strings.HasPrefix(r.URL.Path, prefix) {
				r.URL.Path = strings.TrimPrefix(r.URL.Path, prefix)
				if r.URL.Path == "" {
					r.URL.Path = "/"
				}
				// Also update RawPath if present.
				if r.URL.RawPath != "" {
					r.URL.RawPath = strings.TrimPrefix(r.URL.RawPath, prefix)
					if r.URL.RawPath == "" {
						r.URL.RawPath = "/"
					}
				}
			}
			next.ServeHTTP(w, r)
		})
	}
}
feat: implement Phase 1 (auth) and Phase 2 (faves CRUD) foundation Go backend with server-rendered HTML/HTMX frontend, SQLite database, and filesystem image storage. Self-hostable single-binary architecture. Phase 1 — Authentication & project foundation: - Argon2id password hashing with timing-attack prevention - Session management with cookie-based auth and periodic cleanup - Login, signup (open/requests/closed modes), logout, forced password reset - CSRF double-submit cookie pattern with HTMX auto-inclusion - Proxy-aware real IP extraction (WireGuard/Tailscale support) - Configurable base path for subdomain and subpath deployment - Rate limiting on auth endpoints with background cleanup - Security headers (CSP, X-Frame-Options, Referrer-Policy) - Structured logging with slog, graceful shutdown - Pico CSS + HTMX vendored and embedded via go:embed Phase 2 — Faves CRUD with tags and images: - Full CRUD for favorites with ownership checks - Image upload with EXIF stripping, resize to 1920px, UUID filenames - Tag system with HTMX autocomplete (prefix search, popularity-sorted) - Privacy controls (public/private per fave, user-configurable default) - Tag browsing, pagination, batch tag loading (avoids N+1) - OpenGraph meta tags on public fave detail pages Includes code quality pass: extracted shared helpers, fixed signup request persistence bug, plugged rate limiter memory leak, removed dead code, and logged previously-swallowed errors. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-29 15:55:22 +02:00			`// SPDX-License-Identifier: AGPL-3.0-or-later`

			`package middleware`

			`import (`
			`"net/http"`
			`"strings"`
			`)`

			`// BasePath strips a configured path prefix from incoming requests so the`
			`// router sees paths without the prefix. This enables deployment at both`
			`// faves.example.com (basePath="") and example.com/faves (basePath="/faves").`
			`func BasePath(prefix string) func(http.Handler) http.Handler {`
			`return func(next http.Handler) http.Handler {`
			`if prefix == "" {`
			`return next`
			`}`
			`return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {`
			`// Strip the prefix from the URL path.`
			`if strings.HasPrefix(r.URL.Path, prefix) {`
			`r.URL.Path = strings.TrimPrefix(r.URL.Path, prefix)`
			`if r.URL.Path == "" {`
			`r.URL.Path = "/"`
			`}`
			`// Also update RawPath if present.`
			`if r.URL.RawPath != "" {`
			`r.URL.RawPath = strings.TrimPrefix(r.URL.RawPath, prefix)`
			`if r.URL.RawPath == "" {`
			`r.URL.RawPath = "/"`
			`}`
			`}`
			`}`
			`next.ServeHTTP(w, r)`
			`})`
			`}`
			`}`