feat: implement Phase 1 (auth) and Phase 2 (faves CRUD) foundation
Go backend with server-rendered HTML/HTMX frontend, SQLite database, and filesystem image storage. Self-hostable single-binary architecture. Phase 1 — Authentication & project foundation: - Argon2id password hashing with timing-attack prevention - Session management with cookie-based auth and periodic cleanup - Login, signup (open/requests/closed modes), logout, forced password reset - CSRF double-submit cookie pattern with HTMX auto-inclusion - Proxy-aware real IP extraction (WireGuard/Tailscale support) - Configurable base path for subdomain and subpath deployment - Rate limiting on auth endpoints with background cleanup - Security headers (CSP, X-Frame-Options, Referrer-Policy) - Structured logging with slog, graceful shutdown - Pico CSS + HTMX vendored and embedded via go:embed Phase 2 — Faves CRUD with tags and images: - Full CRUD for favorites with ownership checks - Image upload with EXIF stripping, resize to 1920px, UUID filenames - Tag system with HTMX autocomplete (prefix search, popularity-sorted) - Privacy controls (public/private per fave, user-configurable default) - Tag browsing, pagination, batch tag loading (avoids N+1) - OpenGraph meta tags on public fave detail pages Includes code quality pass: extracted shared helpers, fixed signup request persistence bug, plugged rate limiter memory leak, removed dead code, and logged previously-swallowed errors. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
commit
fc1f7259c5
52 changed files with 5459 additions and 0 deletions
47
internal/store/signup_request.go
Normal file
47
internal/store/signup_request.go
Normal file
|
|
@ -0,0 +1,47 @@
|
|||
// SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
|
||||
package store
|
||||
|
||||
import (
|
||||
"database/sql"
|
||||
"errors"
|
||||
"fmt"
|
||||
"strings"
|
||||
)
|
||||
|
||||
var ErrSignupRequestExists = errors.New("signup request already exists")
|
||||
|
||||
type SignupRequestStore struct {
|
||||
db *sql.DB
|
||||
}
|
||||
|
||||
func NewSignupRequestStore(db *sql.DB) *SignupRequestStore {
|
||||
return &SignupRequestStore{db: db}
|
||||
}
|
||||
|
||||
// Create stores a pending signup request with a hashed password.
|
||||
func (s *SignupRequestStore) Create(username, password string) error {
|
||||
hash, err := hashPassword(password)
|
||||
if err != nil {
|
||||
return fmt.Errorf("hash password: %w", err)
|
||||
}
|
||||
|
||||
_, err = s.db.Exec(
|
||||
`INSERT INTO signup_requests (username, password_hash) VALUES (?, ?)`,
|
||||
username, hash,
|
||||
)
|
||||
if err != nil {
|
||||
if strings.Contains(err.Error(), "UNIQUE constraint failed") {
|
||||
return ErrSignupRequestExists
|
||||
}
|
||||
return fmt.Errorf("insert signup request: %w", err)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// PendingCount returns the number of pending signup requests.
|
||||
func (s *SignupRequestStore) PendingCount() (int, error) {
|
||||
var n int
|
||||
err := s.db.QueryRow("SELECT COUNT(*) FROM signup_requests WHERE status = 'pending'").Scan(&n)
|
||||
return n, err
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue