favoritter

olemd/favoritter

Fork 0

Commit graph

Author	SHA1	Message	Date
Ole-Morten Duesund	ab07a7f93f	fix: use envsubst for nfpm variable expansion in Makefile nfpm v2 does not expand ${VAR} in contents.src fields. The deb/rpm targets now pipe nfpm.yaml through envsubst to resolve ARCH and VERSION before passing the config to nfpm. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-29 19:18:14 +02:00
Ole-Morten Duesund	aa5ab6b415	fix: address code review findings for Phase 7-8 Bugs fixed: - Renderer.Error set WriteHeader before Content-Type, causing the header to be silently dropped. Now sets Content-Type first. - truncate template function operated on bytes, not runes — could split multi-byte UTF-8 characters (Norwegian æøå). Now uses []rune for correct Unicode handling. Performance: - Skip session DB lookup (2 queries) on /static/ and /uploads/ requests — these never use user context. UX consistency: - Replace all http.NotFound and http.Error("Forbidden") in handler layer with styled error pages via Renderer.Error. - Add notFound/forbidden helper methods on Handler. Deployment fixes: - Remove false libc6/glibc deps from nfpm.yaml (binary is statically linked with CGO_ENABLED=0). - Add CGO_ENABLED=0 to Makefile build target for consistency. - Add .dockerignore to exclude .git, dist/, data/ from build context. - Remove phantom 'lint' from Makefile .PHONY. - Document ProtectSystem=strict constraint in systemd service. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-29 16:39:10 +02:00
Ole-Morten Duesund	1fc42bf1b2	feat: add packaging, deployment, error pages, and project docs Phase 7 — Polish: - Error page template with styled 404/403/500 pages - Error rendering helper on Renderer Phase 8 — Packaging & Deployment: - Containerfile: multi-stage build, non-root user, health check, OCI labels with build date and git revision - Makefile: build, test, cross-compile, deb, rpm, container, tarballs, checksums targets - nfpm.yaml: .deb and .rpm package config - systemd service: hardened with NoNewPrivileges, ProtectSystem, ProtectHome, PrivateTmp, RestrictSUIDSGID - Default environment file with commented examples - postinstall/preremove scripts (shellcheck validated) - compose.yaml: example Podman/Docker Compose - Caddyfile.example: subdomain, subpath, and remote proxy configs - CHANGELOG.md for release notes - CLAUDE.md with architecture, conventions, and quick reference Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-29 16:34:32 +02:00

Author

SHA1

Message

Date

Ole-Morten Duesund

ab07a7f93f

fix: use envsubst for nfpm variable expansion in Makefile

nfpm v2 does not expand ${VAR} in contents.src fields. The deb/rpm
targets now pipe nfpm.yaml through envsubst to resolve ARCH and
VERSION before passing the config to nfpm.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-03-29 19:18:14 +02:00

Ole-Morten Duesund

aa5ab6b415

fix: address code review findings for Phase 7-8

Bugs fixed:
- Renderer.Error set WriteHeader before Content-Type, causing
  the header to be silently dropped. Now sets Content-Type first.
- truncate template function operated on bytes, not runes — could
  split multi-byte UTF-8 characters (Norwegian æøå). Now uses
  []rune for correct Unicode handling.

Performance:
- Skip session DB lookup (2 queries) on /static/ and /uploads/
  requests — these never use user context.

UX consistency:
- Replace all http.NotFound and http.Error("Forbidden") in
  handler layer with styled error pages via Renderer.Error.
- Add notFound/forbidden helper methods on Handler.

Deployment fixes:
- Remove false libc6/glibc deps from nfpm.yaml (binary is
  statically linked with CGO_ENABLED=0).
- Add CGO_ENABLED=0 to Makefile build target for consistency.
- Add .dockerignore to exclude .git, dist/, data/ from build
  context.
- Remove phantom 'lint' from Makefile .PHONY.
- Document ProtectSystem=strict constraint in systemd service.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-03-29 16:39:10 +02:00

Ole-Morten Duesund

1fc42bf1b2

feat: add packaging, deployment, error pages, and project docs

Phase 7 — Polish:
- Error page template with styled 404/403/500 pages
- Error rendering helper on Renderer

Phase 8 — Packaging & Deployment:
- Containerfile: multi-stage build, non-root user, health check,
  OCI labels with build date and git revision
- Makefile: build, test, cross-compile, deb, rpm, container,
  tarballs, checksums targets
- nfpm.yaml: .deb and .rpm package config
- systemd service: hardened with NoNewPrivileges, ProtectSystem,
  ProtectHome, PrivateTmp, RestrictSUIDSGID
- Default environment file with commented examples
- postinstall/preremove scripts (shellcheck validated)
- compose.yaml: example Podman/Docker Compose
- Caddyfile.example: subdomain, subpath, and remote proxy configs
- CHANGELOG.md for release notes
- CLAUDE.md with architecture, conventions, and quick reference

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-03-29 16:34:32 +02:00

3 commits