favoritter

olemd/favoritter

Fork 0

Commit graph

Author	SHA1	Message	Date
Ole-Morten Duesund	aa5ab6b415	fix: address code review findings for Phase 7-8 Bugs fixed: - Renderer.Error set WriteHeader before Content-Type, causing the header to be silently dropped. Now sets Content-Type first. - truncate template function operated on bytes, not runes — could split multi-byte UTF-8 characters (Norwegian æøå). Now uses []rune for correct Unicode handling. Performance: - Skip session DB lookup (2 queries) on /static/ and /uploads/ requests — these never use user context. UX consistency: - Replace all http.NotFound and http.Error("Forbidden") in handler layer with styled error pages via Renderer.Error. - Add notFound/forbidden helper methods on Handler. Deployment fixes: - Remove false libc6/glibc deps from nfpm.yaml (binary is statically linked with CGO_ENABLED=0). - Add CGO_ENABLED=0 to Makefile build target for consistency. - Add .dockerignore to exclude .git, dist/, data/ from build context. - Remove phantom 'lint' from Makefile .PHONY. - Document ProtectSystem=strict constraint in systemd service. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-29 16:39:10 +02:00
Ole-Morten Duesund	2cbbb20278	feat: add profiles, public views, settings, and code quality fixes Phase 3 — Profiles & Public Views: - Public profile page (/u/{username}) with OG meta tags - User settings page (display name, bio, visibility, default privacy) - Avatar upload with image processing - Password change from settings (verifies current password) - Home page shows public fave feed for logged-in users - Must-reset-password guard redirects to /reset-password - Profile visibility: public (full) or limited (username only) Code quality improvements from /simplify review: - Fix signup request persistence bug (was silently discarding data) - Fix health check to use configured listen address, not hardcoded :8080 - Add rate limiter cleanup goroutine (was leaking memory) - Extract shared helpers: ClearSessionCookie, IsSecureRequest, scanTags, scanUserFrom (scanner interface), SignupRequestStore - Replace hand-rolled joinPlaceholders with strings.Join - Remove dead _method hidden field, redundant devMode field - Simplify rate-limited route registration (remove double-mux) - Log previously-swallowed errors (session delete, image delete) - Stop leaking internal error messages to users in image upload Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-29 16:01:41 +02:00

Author

SHA1

Message

Date

Ole-Morten Duesund

aa5ab6b415

fix: address code review findings for Phase 7-8

Bugs fixed:
- Renderer.Error set WriteHeader before Content-Type, causing
  the header to be silently dropped. Now sets Content-Type first.
- truncate template function operated on bytes, not runes — could
  split multi-byte UTF-8 characters (Norwegian æøå). Now uses
  []rune for correct Unicode handling.

Performance:
- Skip session DB lookup (2 queries) on /static/ and /uploads/
  requests — these never use user context.

UX consistency:
- Replace all http.NotFound and http.Error("Forbidden") in
  handler layer with styled error pages via Renderer.Error.
- Add notFound/forbidden helper methods on Handler.

Deployment fixes:
- Remove false libc6/glibc deps from nfpm.yaml (binary is
  statically linked with CGO_ENABLED=0).
- Add CGO_ENABLED=0 to Makefile build target for consistency.
- Add .dockerignore to exclude .git, dist/, data/ from build
  context.
- Remove phantom 'lint' from Makefile .PHONY.
- Document ProtectSystem=strict constraint in systemd service.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-03-29 16:39:10 +02:00

Ole-Morten Duesund

2cbbb20278

feat: add profiles, public views, settings, and code quality fixes

Phase 3 — Profiles & Public Views:
- Public profile page (/u/{username}) with OG meta tags
- User settings page (display name, bio, visibility, default privacy)
- Avatar upload with image processing
- Password change from settings (verifies current password)
- Home page shows public fave feed for logged-in users
- Must-reset-password guard redirects to /reset-password
- Profile visibility: public (full) or limited (username only)

Code quality improvements from /simplify review:
- Fix signup request persistence bug (was silently discarding data)
- Fix health check to use configured listen address, not hardcoded :8080
- Add rate limiter cleanup goroutine (was leaking memory)
- Extract shared helpers: ClearSessionCookie, IsSecureRequest, scanTags,
  scanUserFrom (scanner interface), SignupRequestStore
- Replace hand-rolled joinPlaceholders with strings.Join
- Remove dead _method hidden field, redundant devMode field
- Simplify rate-limited route registration (remove double-mux)
- Log previously-swallowed errors (session delete, image delete)
- Stop leaking internal error messages to users in image upload

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-03-29 16:01:41 +02:00

2 commits