feat: add profiles, public views, settings, and code quality fixes

Phase 3 — Profiles & Public Views: - Public profile page (/u/{username}) with OG meta tags - User settings page (display name, bio, visibility, default privacy) - Avatar upload with image processing - Password change from settings (verifies current password) - Home page shows public fave feed for logged-in users - Must-reset-password guard redirects to /reset-password - Profile visibility: public (full) or limited (username only) Code quality improvements from /simplify review: - Fix signup request persistence bug (was silently discarding data) - Fix health check to use configured listen address, not hardcoded :8080 - Add rate limiter cleanup goroutine (was leaking memory) - Extract shared helpers: ClearSessionCookie, IsSecureRequest, scanTags, scanUserFrom (scanner interface), SignupRequestStore - Replace hand-rolled joinPlaceholders with strings.Join - Remove dead _method hidden field, redundant devMode field - Simplify rate-limited route registration (remove double-mux) - Log previously-swallowed errors (session delete, image delete) - Stop leaking internal error messages to users in image upload Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-29 16:01:41 +02:00 · 2026-03-29 16:01:41 +02:00 · 2cbbb20278
commit 2cbbb20278
parent fc1f7259c5
9 changed files with 549 additions and 6 deletions
--- a/web/templates/pages/settings.html
+++ b/web/templates/pages/settings.html
@ -0,0 +1,95 @@
+{{define "head"}}
+<meta name="robots" content="noindex">
+{{end}}
+
+{{define "content"}}
+{{with .Data}}{{with .SettingsUser}}
+<h1>Innstillinger</h1>
+
+<article>
+    <h2>Profil</h2>
+    <form method="POST" action="{{basePath}}/settings">
+        <input type="hidden" name="csrf_token" value="{{$.CSRFToken}}">
+        <label for="display_name">
+            Visningsnavn
+            <input type="text" id="display_name" name="display_name"
+                   value="{{.DisplayName}}" maxlength="50"
+                   placeholder="Vises i stedet for brukernavnet">
+        </label>
+        <label for="bio">
+            Om meg
+            <textarea id="bio" name="bio" rows="3" maxlength="500"
+                      placeholder="Kort om deg selv">{{.Bio}}</textarea>
+        </label>
+        <fieldset>
+            <legend>Profilsynlighet</legend>
+            <label>
+                <input type="radio" name="profile_visibility" value="public"
+                       {{if eq .ProfileVisibility "public"}}checked{{end}}>
+                Offentlig — visningsnavn, bio og favoritter synlig for alle
+            </label>
+            <label>
+                <input type="radio" name="profile_visibility" value="limited"
+                       {{if eq .ProfileVisibility "limited"}}checked{{end}}>
+                Begrenset — bare brukernavn synlig
+            </label>
+        </fieldset>
+        <fieldset>
+            <legend>Standard synlighet for nye favoritter</legend>
+            <label>
+                <input type="radio" name="default_fave_privacy" value="public"
+                       {{if eq .DefaultFavePrivacy "public"}}checked{{end}}>
+                Offentlig
+            </label>
+            <label>
+                <input type="radio" name="default_fave_privacy" value="private"
+                       {{if eq .DefaultFavePrivacy "private"}}checked{{end}}>
+                Privat
+            </label>
+        </fieldset>
+        <button type="submit">Lagre profil</button>
+    </form>
+</article>
+
+<article>
+    <h2>Profilbilde</h2>
+    {{if .AvatarPath}}
+        <img src="{{basePath}}/uploads/{{.AvatarPath}}"
+             alt="Nåværende profilbilde"
+             class="avatar-large">
+    {{end}}
+    <form method="POST" action="{{basePath}}/settings/avatar" enctype="multipart/form-data">
+        <input type="hidden" name="csrf_token" value="{{$.CSRFToken}}">
+        <label for="avatar">
+            Last opp nytt profilbilde
+            <input type="file" id="avatar" name="avatar"
+                   accept="image/jpeg,image/png,image/gif,image/webp">
+        </label>
+        <button type="submit">Last opp</button>
+    </form>
+</article>
+
+<article>
+    <h2>Endre passord</h2>
+    <form method="POST" action="{{basePath}}/settings/password">
+        <input type="hidden" name="csrf_token" value="{{$.CSRFToken}}">
+        <label for="current_password">
+            Nåværende passord
+            <input type="password" id="current_password" name="current_password" required
+                   autocomplete="current-password">
+        </label>
+        <label for="new_password">
+            Nytt passord
+            <input type="password" id="new_password" name="new_password" required
+                   autocomplete="new-password" minlength="8">
+        </label>
+        <label for="confirm_password">
+            Bekreft nytt passord
+            <input type="password" id="confirm_password" name="confirm_password" required
+                   autocomplete="new-password">
+        </label>
+        <button type="submit">Endre passord</button>
+    </form>
+</article>
+{{end}}{{end}}
+{{end}}