favoritter/web/templates/pages/login.html

{{define "head"}}
<meta name="robots" content="noindex">
{{end}}

{{define "content"}}
<article>
    <h1>Logg inn</h1>
    <form method="POST" action="{{basePath}}/login">
        <input type="hidden" name="csrf_token" value="{{.CSRFToken}}">
        <label for="username">
            Brukernavn
            <input type="text" id="username" name="username" required autofocus
                   autocomplete="username" autocapitalize="none">
        </label>
        <label for="password">
            Passord
            <input type="password" id="password" name="password" required
                   autocomplete="current-password">
        </label>
        <button type="submit">Logg inn</button>
    </form>
    <p><a href="{{basePath}}/signup">Har du ikke konto? Registrer deg</a></p>
</article>
{{end}}
feat: implement Phase 1 (auth) and Phase 2 (faves CRUD) foundation Go backend with server-rendered HTML/HTMX frontend, SQLite database, and filesystem image storage. Self-hostable single-binary architecture. Phase 1 — Authentication & project foundation: - Argon2id password hashing with timing-attack prevention - Session management with cookie-based auth and periodic cleanup - Login, signup (open/requests/closed modes), logout, forced password reset - CSRF double-submit cookie pattern with HTMX auto-inclusion - Proxy-aware real IP extraction (WireGuard/Tailscale support) - Configurable base path for subdomain and subpath deployment - Rate limiting on auth endpoints with background cleanup - Security headers (CSP, X-Frame-Options, Referrer-Policy) - Structured logging with slog, graceful shutdown - Pico CSS + HTMX vendored and embedded via go:embed Phase 2 — Faves CRUD with tags and images: - Full CRUD for favorites with ownership checks - Image upload with EXIF stripping, resize to 1920px, UUID filenames - Tag system with HTMX autocomplete (prefix search, popularity-sorted) - Privacy controls (public/private per fave, user-configurable default) - Tag browsing, pagination, batch tag loading (avoids N+1) - OpenGraph meta tags on public fave detail pages Includes code quality pass: extracted shared helpers, fixed signup request persistence bug, plugged rate limiter memory leak, removed dead code, and logged previously-swallowed errors. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-29 15:55:22 +02:00			`{{define "head"}}`
			`<meta name="robots" content="noindex">`
			`{{end}}`

			`{{define "content"}}`
			`<article>`
			`<h1>Logg inn</h1>`
			`<form method="POST" action="{{basePath}}/login">`
			`<input type="hidden" name="csrf_token" value="{{.CSRFToken}}">`
			`<label for="username">`
			`Brukernavn`
			`<input type="text" id="username" name="username" required autofocus`
			`autocomplete="username" autocapitalize="none">`
			`</label>`
			`<label for="password">`
			`Passord`
			`<input type="password" id="password" name="password" required`
			`autocomplete="current-password">`
			`</label>`
			`<button type="submit">Logg inn</button>`
			`</form>`
			`<p><a href="{{basePath}}/signup">Har du ikke konto? Registrer deg</a></p>`
			`</article>`
			`{{end}}`