favoritter/internal/store/settings.go

// SPDX-License-Identifier: AGPL-3.0-or-later

package store

import (
	"database/sql"
	"fmt"
	"time"

	"kode.naiv.no/olemd/favoritter/internal/model"
)

type SettingsStore struct {
	db *sql.DB
}

func NewSettingsStore(db *sql.DB) *SettingsStore {
	return &SettingsStore{db: db}
}

// Get returns the current site settings.
func (s *SettingsStore) Get() (*model.SiteSettings, error) {
	var settings model.SiteSettings
	var updatedAt string
	err := s.db.QueryRow(
		`SELECT site_name, site_description, signup_mode, updated_at
		FROM site_settings WHERE id = 1`,
	).Scan(&settings.SiteName, &settings.SiteDescription, &settings.SignupMode, &updatedAt)
	if err != nil {
		return nil, fmt.Errorf("query site settings: %w", err)
	}

	settings.UpdatedAt, _ = time.Parse(time.RFC3339, updatedAt)
	return &settings, nil
}

// Update updates the site settings.
func (s *SettingsStore) Update(siteName, siteDescription, signupMode string) error {
	_, err := s.db.Exec(
		`UPDATE site_settings SET site_name = ?, site_description = ?, signup_mode = ?,
			updated_at = strftime('%Y-%m-%dT%H:%M:%SZ', 'now')
		WHERE id = 1`,
		siteName, siteDescription, signupMode,
	)
	return err
}
feat: implement Phase 1 (auth) and Phase 2 (faves CRUD) foundation Go backend with server-rendered HTML/HTMX frontend, SQLite database, and filesystem image storage. Self-hostable single-binary architecture. Phase 1 — Authentication & project foundation: - Argon2id password hashing with timing-attack prevention - Session management with cookie-based auth and periodic cleanup - Login, signup (open/requests/closed modes), logout, forced password reset - CSRF double-submit cookie pattern with HTMX auto-inclusion - Proxy-aware real IP extraction (WireGuard/Tailscale support) - Configurable base path for subdomain and subpath deployment - Rate limiting on auth endpoints with background cleanup - Security headers (CSP, X-Frame-Options, Referrer-Policy) - Structured logging with slog, graceful shutdown - Pico CSS + HTMX vendored and embedded via go:embed Phase 2 — Faves CRUD with tags and images: - Full CRUD for favorites with ownership checks - Image upload with EXIF stripping, resize to 1920px, UUID filenames - Tag system with HTMX autocomplete (prefix search, popularity-sorted) - Privacy controls (public/private per fave, user-configurable default) - Tag browsing, pagination, batch tag loading (avoids N+1) - OpenGraph meta tags on public fave detail pages Includes code quality pass: extracted shared helpers, fixed signup request persistence bug, plugged rate limiter memory leak, removed dead code, and logged previously-swallowed errors. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-29 15:55:22 +02:00			`// SPDX-License-Identifier: AGPL-3.0-or-later`

			`package store`

			`import (`
			`"database/sql"`
			`"fmt"`
			`"time"`

			`"kode.naiv.no/olemd/favoritter/internal/model"`
			`)`

			`type SettingsStore struct {`
			`db *sql.DB`
			`}`

			`func NewSettingsStore(db sql.DB) SettingsStore {`
			`return &SettingsStore{db: db}`
			`}`

			`// Get returns the current site settings.`
			`func (s SettingsStore) Get() (model.SiteSettings, error) {`
			`var settings model.SiteSettings`
			`var updatedAt string`
			`err := s.db.QueryRow(`
			`SELECT site_name, site_description, signup_mode, updated_at
			FROM site_settings WHERE id = 1`,
			`).Scan(&settings.SiteName, &settings.SiteDescription, &settings.SignupMode, &updatedAt)`
			`if err != nil {`
			`return nil, fmt.Errorf("query site settings: %w", err)`
			`}`

			`settings.UpdatedAt, _ = time.Parse(time.RFC3339, updatedAt)`
			`return &settings, nil`
			`}`

			`// Update updates the site settings.`
			`func (s *SettingsStore) Update(siteName, siteDescription, signupMode string) error {`
			`_, err := s.db.Exec(`
			`UPDATE site_settings SET site_name = ?, site_description = ?, signup_mode = ?,
			`updated_at = strftime('%Y-%m-%dT%H:%M:%SZ', 'now')`
			WHERE id = 1`,
			`siteName, siteDescription, signupMode,`
			`)`
			`return err`
			`}`