favoritter/web/templates/pages/home.html

{{define "head"}}
<meta property="og:title" content="{{.SiteName}}">
<meta property="og:description" content="Lagre og del dine favoritter">
<meta property="og:type" content="website">
{{if .ExternalURL}}
    <meta property="og:url" content="{{.ExternalURL}}">
{{end}}
<meta property="og:site_name" content="{{.SiteName}}">
{{end}}

{{define "content"}}
{{if .User}}
    <hgroup>
        <h1>Siste offentlige favoritter</h1>
        <p>Se hva folk deler</p>
    </hgroup>

    {{with .Data}}
        {{if .Faves}}
            <div class="fave-grid" role="list">
                {{range .Faves}}
                    <article class="fave-card" role="listitem">
                        {{if .ImagePath}}
                            <img src="{{basePath}}/uploads/{{.ImagePath}}"
                                 alt="{{.Description}}"
                                 loading="lazy">
                        {{end}}
                        <header>
                            <a href="{{basePath}}/faves/{{.ID}}">
                                <strong>{{.Description}}</strong>
                            </a>
                            <small>av <a href="{{basePath}}/u/{{.Username}}">{{.DisplayName}}</a></small>
                        </header>
                        {{if .Tags}}
                            <footer>
                                {{range .Tags}}
                                    <a href="{{basePath}}/tags/{{.Name}}" class="tag-chip">{{.Name}}</a>
                                {{end}}
                            </footer>
                        {{end}}
                    </article>
                {{end}}
            </div>

            {{if gt .TotalPages 1}}
                <nav aria-label="Sidenavigasjon">
                    <ul>
                        {{if gt .Page 1}}
                            <li><a href="{{basePath}}/?page={{subtract .Page 1}}">← Forrige</a></li>
                        {{end}}
                        <li>Side {{.Page}} av {{.TotalPages}}</li>
                        {{if lt .Page .TotalPages}}
                            <li><a href="{{basePath}}/?page={{add .Page 1}}">Neste →</a></li>
                        {{end}}
                    </ul>
                </nav>
            {{end}}
        {{else}}
            <p>Ingen offentlige favoritter ennå. <a href="{{basePath}}/faves/new">Legg til din første!</a></p>
        {{end}}
    {{end}}
{{else}}
    <hgroup>
        <h1>Velkommen til {{.SiteName}}</h1>
        <p>Del dine favoritter med verden — eller behold dem for deg selv.</p>
    </hgroup>
    <div class="grid">
        <a href="{{basePath}}/login" role="button">Logg inn</a>
        <a href="{{basePath}}/signup" role="button" class="outline">Registrer deg</a>
    </div>
{{end}}
{{end}}
feat: add OG meta tags to home page, tag browse, and profile bio Complete Open Graph coverage across all public pages: - Home page: og:title (site name), og:description, og:type=website, og:url, og:site_name - Tag browse: og:title with tag name, og:description with count, og:url, og:site_name - Profile: add og:description using bio (truncated to 200 chars) with fallback to generic text Previously only fave detail and profile (without description) had OG tags. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-04-07 10:54:23 +02:00			`{{define "head"}}`
			`<meta property="og:title" content="{{.SiteName}}">`
			`<meta property="og:description" content="Lagre og del dine favoritter">`
			`<meta property="og:type" content="website">`
			`{{if .ExternalURL}}`
			`<meta property="og:url" content="{{.ExternalURL}}">`
			`{{end}}`
			`<meta property="og:site_name" content="{{.SiteName}}">`
			`{{end}}`

feat: implement Phase 1 (auth) and Phase 2 (faves CRUD) foundation Go backend with server-rendered HTML/HTMX frontend, SQLite database, and filesystem image storage. Self-hostable single-binary architecture. Phase 1 — Authentication & project foundation: - Argon2id password hashing with timing-attack prevention - Session management with cookie-based auth and periodic cleanup - Login, signup (open/requests/closed modes), logout, forced password reset - CSRF double-submit cookie pattern with HTMX auto-inclusion - Proxy-aware real IP extraction (WireGuard/Tailscale support) - Configurable base path for subdomain and subpath deployment - Rate limiting on auth endpoints with background cleanup - Security headers (CSP, X-Frame-Options, Referrer-Policy) - Structured logging with slog, graceful shutdown - Pico CSS + HTMX vendored and embedded via go:embed Phase 2 — Faves CRUD with tags and images: - Full CRUD for favorites with ownership checks - Image upload with EXIF stripping, resize to 1920px, UUID filenames - Tag system with HTMX autocomplete (prefix search, popularity-sorted) - Privacy controls (public/private per fave, user-configurable default) - Tag browsing, pagination, batch tag loading (avoids N+1) - OpenGraph meta tags on public fave detail pages Includes code quality pass: extracted shared helpers, fixed signup request persistence bug, plugged rate limiter memory leak, removed dead code, and logged previously-swallowed errors. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-29 15:55:22 +02:00			`{{define "content"}}`
feat: add profiles, public views, settings, and code quality fixes Phase 3 — Profiles & Public Views: - Public profile page (/u/{username}) with OG meta tags - User settings page (display name, bio, visibility, default privacy) - Avatar upload with image processing - Password change from settings (verifies current password) - Home page shows public fave feed for logged-in users - Must-reset-password guard redirects to /reset-password - Profile visibility: public (full) or limited (username only) Code quality improvements from /simplify review: - Fix signup request persistence bug (was silently discarding data) - Fix health check to use configured listen address, not hardcoded :8080 - Add rate limiter cleanup goroutine (was leaking memory) - Extract shared helpers: ClearSessionCookie, IsSecureRequest, scanTags, scanUserFrom (scanner interface), SignupRequestStore - Replace hand-rolled joinPlaceholders with strings.Join - Remove dead _method hidden field, redundant devMode field - Simplify rate-limited route registration (remove double-mux) - Log previously-swallowed errors (session delete, image delete) - Stop leaking internal error messages to users in image upload Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-29 16:01:41 +02:00			`{{if .User}}`
			`<hgroup>`
			`<h1>Siste offentlige favoritter</h1>`
			`<p>Se hva folk deler</p>`
			`</hgroup>`
feat: implement Phase 1 (auth) and Phase 2 (faves CRUD) foundation Go backend with server-rendered HTML/HTMX frontend, SQLite database, and filesystem image storage. Self-hostable single-binary architecture. Phase 1 — Authentication & project foundation: - Argon2id password hashing with timing-attack prevention - Session management with cookie-based auth and periodic cleanup - Login, signup (open/requests/closed modes), logout, forced password reset - CSRF double-submit cookie pattern with HTMX auto-inclusion - Proxy-aware real IP extraction (WireGuard/Tailscale support) - Configurable base path for subdomain and subpath deployment - Rate limiting on auth endpoints with background cleanup - Security headers (CSP, X-Frame-Options, Referrer-Policy) - Structured logging with slog, graceful shutdown - Pico CSS + HTMX vendored and embedded via go:embed Phase 2 — Faves CRUD with tags and images: - Full CRUD for favorites with ownership checks - Image upload with EXIF stripping, resize to 1920px, UUID filenames - Tag system with HTMX autocomplete (prefix search, popularity-sorted) - Privacy controls (public/private per fave, user-configurable default) - Tag browsing, pagination, batch tag loading (avoids N+1) - OpenGraph meta tags on public fave detail pages Includes code quality pass: extracted shared helpers, fixed signup request persistence bug, plugged rate limiter memory leak, removed dead code, and logged previously-swallowed errors. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-29 15:55:22 +02:00
feat: add profiles, public views, settings, and code quality fixes Phase 3 — Profiles & Public Views: - Public profile page (/u/{username}) with OG meta tags - User settings page (display name, bio, visibility, default privacy) - Avatar upload with image processing - Password change from settings (verifies current password) - Home page shows public fave feed for logged-in users - Must-reset-password guard redirects to /reset-password - Profile visibility: public (full) or limited (username only) Code quality improvements from /simplify review: - Fix signup request persistence bug (was silently discarding data) - Fix health check to use configured listen address, not hardcoded :8080 - Add rate limiter cleanup goroutine (was leaking memory) - Extract shared helpers: ClearSessionCookie, IsSecureRequest, scanTags, scanUserFrom (scanner interface), SignupRequestStore - Replace hand-rolled joinPlaceholders with strings.Join - Remove dead _method hidden field, redundant devMode field - Simplify rate-limited route registration (remove double-mux) - Log previously-swallowed errors (session delete, image delete) - Stop leaking internal error messages to users in image upload Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-29 16:01:41 +02:00			`{{with .Data}}`
			`{{if .Faves}}`
			`<div class="fave-grid" role="list">`
			`{{range .Faves}}`
			`<article class="fave-card" role="listitem">`
			`{{if .ImagePath}}`
			`<img src="{{basePath}}/uploads/{{.ImagePath}}"`
a11y: fix WCAG 2.2 AA and Uutilsynet audit findings Tag autocomplete combobox pattern (WCAG 2.1.1, 4.1.2, 4.1.3): - Add role="combobox", aria-expanded, aria-haspopup to tag input - Implement arrow key navigation (up/down) through suggestions - Add Space key support alongside Enter for selecting tags - Manage aria-activedescendant to track highlighted option - Add Escape to close suggestions - Add aria-live="polite" status region announcing suggestion count - Add aria-selected state on options - Tag suggestions now have stable IDs for activedescendant Focus visibility (WCAG 2.4.7): - Remove outline:none on tag suggestions, replace with visible 2px solid outline on :focus-visible Contrast (WCAG 1.4.3): - Replace opacity:0.5 on disabled rows with muted text color and strikethrough on username (maintains 4.5:1 ratio) Structure and semantics (WCAG 1.3.1): - Fix heading hierarchy H1→H3 skip in import.html (now H2) - Replace <nav> misuse for fave actions with div[role="group"] - Add aria-label="Administrasjonsmeny" to admin dashboard nav - Wrap admin users table in responsive scrollable region - Remove redundant "Bilde for:" prefix from image alt text - Make error page H1 descriptive: "Feil 404: Ikke funnet" - Add .sr-only utility class for screen-reader-only content - Add hreflang="en" to English-language external link Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-29 17:54:24 +02:00			`alt="{{.Description}}"`
feat: add profiles, public views, settings, and code quality fixes Phase 3 — Profiles & Public Views: - Public profile page (/u/{username}) with OG meta tags - User settings page (display name, bio, visibility, default privacy) - Avatar upload with image processing - Password change from settings (verifies current password) - Home page shows public fave feed for logged-in users - Must-reset-password guard redirects to /reset-password - Profile visibility: public (full) or limited (username only) Code quality improvements from /simplify review: - Fix signup request persistence bug (was silently discarding data) - Fix health check to use configured listen address, not hardcoded :8080 - Add rate limiter cleanup goroutine (was leaking memory) - Extract shared helpers: ClearSessionCookie, IsSecureRequest, scanTags, scanUserFrom (scanner interface), SignupRequestStore - Replace hand-rolled joinPlaceholders with strings.Join - Remove dead _method hidden field, redundant devMode field - Simplify rate-limited route registration (remove double-mux) - Log previously-swallowed errors (session delete, image delete) - Stop leaking internal error messages to users in image upload Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-29 16:01:41 +02:00			`loading="lazy">`
			`{{end}}`
			`<header>`
			`<a href="{{basePath}}/faves/{{.ID}}">`
			`<strong>{{.Description}}</strong>`
			`</a>`
			`<small>av <a href="{{basePath}}/u/{{.Username}}">{{.DisplayName}}</a></small>`
			`</header>`
			`{{if .Tags}}`
			`<footer>`
			`{{range .Tags}}`
			`<a href="{{basePath}}/tags/{{.Name}}" class="tag-chip">{{.Name}}</a>`
			`{{end}}`
			`</footer>`
			`{{end}}`
			`</article>`
			`{{end}}`
			`</div>`

			`{{if gt .TotalPages 1}}`
			`<nav aria-label="Sidenavigasjon">`
			`<ul>`
			`{{if gt .Page 1}}`
			`<li><a href="{{basePath}}/?page={{subtract .Page 1}}">← Forrige</a></li>`
			`{{end}}`
			`<li>Side {{.Page}} av {{.TotalPages}}</li>`
			`{{if lt .Page .TotalPages}}`
			`<li><a href="{{basePath}}/?page={{add .Page 1}}">Neste →</a></li>`
			`{{end}}`
			`</ul>`
			`</nav>`
			`{{end}}`
			`{{else}}`
			`<p>Ingen offentlige favoritter ennå. <a href="{{basePath}}/faves/new">Legg til din første!</a></p>`
			`{{end}}`
			`{{end}}`
			`{{else}}`
			`<hgroup>`
			`<h1>Velkommen til {{.SiteName}}</h1>`
			`<p>Del dine favoritter med verden — eller behold dem for deg selv.</p>`
			`</hgroup>`
feat: implement Phase 1 (auth) and Phase 2 (faves CRUD) foundation Go backend with server-rendered HTML/HTMX frontend, SQLite database, and filesystem image storage. Self-hostable single-binary architecture. Phase 1 — Authentication & project foundation: - Argon2id password hashing with timing-attack prevention - Session management with cookie-based auth and periodic cleanup - Login, signup (open/requests/closed modes), logout, forced password reset - CSRF double-submit cookie pattern with HTMX auto-inclusion - Proxy-aware real IP extraction (WireGuard/Tailscale support) - Configurable base path for subdomain and subpath deployment - Rate limiting on auth endpoints with background cleanup - Security headers (CSP, X-Frame-Options, Referrer-Policy) - Structured logging with slog, graceful shutdown - Pico CSS + HTMX vendored and embedded via go:embed Phase 2 — Faves CRUD with tags and images: - Full CRUD for favorites with ownership checks - Image upload with EXIF stripping, resize to 1920px, UUID filenames - Tag system with HTMX autocomplete (prefix search, popularity-sorted) - Privacy controls (public/private per fave, user-configurable default) - Tag browsing, pagination, batch tag loading (avoids N+1) - OpenGraph meta tags on public fave detail pages Includes code quality pass: extracted shared helpers, fixed signup request persistence bug, plugged rate limiter memory leak, removed dead code, and logged previously-swallowed errors. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-29 15:55:22 +02:00			`<div class="grid">`
			`<a href="{{basePath}}/login" role="button">Logg inn</a>`
			`<a href="{{basePath}}/signup" role="button" class="outline">Registrer deg</a>`
			`</div>`
			`{{end}}`
			`{{end}}`