favoritter

olemd/favoritter

Fork 0

Commit graph

Author	SHA1	Message	Date
Ole-Morten Duesund	b186fb4bc5	feat: add edit/delete buttons to list views and inline privacy toggle Fave cards in the list and profile views now show edit, delete, and privacy toggle buttons directly — no need to open the detail page first. - New POST /faves/{id}/privacy route with HTMX privacy toggle partial - New UpdatePrivacy store method for single-column update - fave_list.html: edit link, HTMX delete, privacy toggle on every card - profile.html: edit/delete for owner's own cards - privacy_toggle.html: new HTMX partial that swaps inline on toggle - CSS: compact .fave-card-actions styles The existing handleFaveDelete already returns empty 200 for HTMX requests, so hx-target="closest article" hx-swap="outerHTML" removes the card from DOM seamlessly. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-07 10:17:46 +02:00
Ole-Morten Duesund	a9d84a4de8	a11y: fix WCAG 2.2 AA and Uutilsynet audit findings Tag autocomplete combobox pattern (WCAG 2.1.1, 4.1.2, 4.1.3): - Add role="combobox", aria-expanded, aria-haspopup to tag input - Implement arrow key navigation (up/down) through suggestions - Add Space key support alongside Enter for selecting tags - Manage aria-activedescendant to track highlighted option - Add Escape to close suggestions - Add aria-live="polite" status region announcing suggestion count - Add aria-selected state on options - Tag suggestions now have stable IDs for activedescendant Focus visibility (WCAG 2.4.7): - Remove outline:none on tag suggestions, replace with visible 2px solid outline on :focus-visible Contrast (WCAG 1.4.3): - Replace opacity:0.5 on disabled rows with muted text color and strikethrough on username (maintains 4.5:1 ratio) Structure and semantics (WCAG 1.3.1): - Fix heading hierarchy H1→H3 skip in import.html (now H2) - Replace <nav> misuse for fave actions with div[role="group"] - Add aria-label="Administrasjonsmeny" to admin dashboard nav - Wrap admin users table in responsive scrollable region - Remove redundant "Bilde for:" prefix from image alt text - Make error page H1 descriptive: "Feil 404: Ikke funnet" - Add .sr-only utility class for screen-reader-only content - Add hreflang="en" to English-language external link Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-29 17:54:24 +02:00
Ole-Morten Duesund	fc1f7259c5	feat: implement Phase 1 (auth) and Phase 2 (faves CRUD) foundation Go backend with server-rendered HTML/HTMX frontend, SQLite database, and filesystem image storage. Self-hostable single-binary architecture. Phase 1 — Authentication & project foundation: - Argon2id password hashing with timing-attack prevention - Session management with cookie-based auth and periodic cleanup - Login, signup (open/requests/closed modes), logout, forced password reset - CSRF double-submit cookie pattern with HTMX auto-inclusion - Proxy-aware real IP extraction (WireGuard/Tailscale support) - Configurable base path for subdomain and subpath deployment - Rate limiting on auth endpoints with background cleanup - Security headers (CSP, X-Frame-Options, Referrer-Policy) - Structured logging with slog, graceful shutdown - Pico CSS + HTMX vendored and embedded via go:embed Phase 2 — Faves CRUD with tags and images: - Full CRUD for favorites with ownership checks - Image upload with EXIF stripping, resize to 1920px, UUID filenames - Tag system with HTMX autocomplete (prefix search, popularity-sorted) - Privacy controls (public/private per fave, user-configurable default) - Tag browsing, pagination, batch tag loading (avoids N+1) - OpenGraph meta tags on public fave detail pages Includes code quality pass: extracted shared helpers, fixed signup request persistence bug, plugged rate limiter memory leak, removed dead code, and logged previously-swallowed errors. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-29 15:55:22 +02:00

Author

SHA1

Message

Date

Ole-Morten Duesund

b186fb4bc5

feat: add edit/delete buttons to list views and inline privacy toggle

Fave cards in the list and profile views now show edit, delete, and
privacy toggle buttons directly — no need to open the detail page first.

- New POST /faves/{id}/privacy route with HTMX privacy toggle partial
- New UpdatePrivacy store method for single-column update
- fave_list.html: edit link, HTMX delete, privacy toggle on every card
- profile.html: edit/delete for owner's own cards
- privacy_toggle.html: new HTMX partial that swaps inline on toggle
- CSS: compact .fave-card-actions styles

The existing handleFaveDelete already returns empty 200 for HTMX
requests, so hx-target="closest article" hx-swap="outerHTML" removes
the card from DOM seamlessly.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-04-07 10:17:46 +02:00

Ole-Morten Duesund

a9d84a4de8

a11y: fix WCAG 2.2 AA and Uutilsynet audit findings

Tag autocomplete combobox pattern (WCAG 2.1.1, 4.1.2, 4.1.3):
- Add role="combobox", aria-expanded, aria-haspopup to tag input
- Implement arrow key navigation (up/down) through suggestions
- Add Space key support alongside Enter for selecting tags
- Manage aria-activedescendant to track highlighted option
- Add Escape to close suggestions
- Add aria-live="polite" status region announcing suggestion count
- Add aria-selected state on options
- Tag suggestions now have stable IDs for activedescendant

Focus visibility (WCAG 2.4.7):
- Remove outline:none on tag suggestions, replace with visible
  2px solid outline on :focus-visible

Contrast (WCAG 1.4.3):
- Replace opacity:0.5 on disabled rows with muted text color
  and strikethrough on username (maintains 4.5:1 ratio)

Structure and semantics (WCAG 1.3.1):
- Fix heading hierarchy H1→H3 skip in import.html (now H2)
- Replace <nav> misuse for fave actions with div[role="group"]
- Add aria-label="Administrasjonsmeny" to admin dashboard nav
- Wrap admin users table in responsive scrollable region
- Remove redundant "Bilde for:" prefix from image alt text
- Make error page H1 descriptive: "Feil 404: Ikke funnet"
- Add .sr-only utility class for screen-reader-only content
- Add hreflang="en" to English-language external link

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-03-29 17:54:24 +02:00

Ole-Morten Duesund

fc1f7259c5

feat: implement Phase 1 (auth) and Phase 2 (faves CRUD) foundation

Go backend with server-rendered HTML/HTMX frontend, SQLite database,
and filesystem image storage. Self-hostable single-binary architecture.

Phase 1 — Authentication & project foundation:
- Argon2id password hashing with timing-attack prevention
- Session management with cookie-based auth and periodic cleanup
- Login, signup (open/requests/closed modes), logout, forced password reset
- CSRF double-submit cookie pattern with HTMX auto-inclusion
- Proxy-aware real IP extraction (WireGuard/Tailscale support)
- Configurable base path for subdomain and subpath deployment
- Rate limiting on auth endpoints with background cleanup
- Security headers (CSP, X-Frame-Options, Referrer-Policy)
- Structured logging with slog, graceful shutdown
- Pico CSS + HTMX vendored and embedded via go:embed

Phase 2 — Faves CRUD with tags and images:
- Full CRUD for favorites with ownership checks
- Image upload with EXIF stripping, resize to 1920px, UUID filenames
- Tag system with HTMX autocomplete (prefix search, popularity-sorted)
- Privacy controls (public/private per fave, user-configurable default)
- Tag browsing, pagination, batch tag loading (avoids N+1)
- OpenGraph meta tags on public fave detail pages

Includes code quality pass: extracted shared helpers, fixed signup
request persistence bug, plugged rate limiter memory leak, removed
dead code, and logged previously-swallowed errors.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-03-29 15:55:22 +02:00

3 commits