Ole-Morten Duesund
aa5ab6b415
Bugs fixed:
- Renderer.Error set WriteHeader before Content-Type, causing
the header to be silently dropped. Now sets Content-Type first.
- truncate template function operated on bytes, not runes — could
split multi-byte UTF-8 characters (Norwegian æøå). Now uses
[]rune for correct Unicode handling.
Performance:
- Skip session DB lookup (2 queries) on /static/ and /uploads/
requests — these never use user context.
UX consistency:
- Replace all http.NotFound and http.Error("Forbidden") in
handler layer with styled error pages via Renderer.Error.
- Add notFound/forbidden helper methods on Handler.
Deployment fixes:
- Remove false libc6/glibc deps from nfpm.yaml (binary is
statically linked with CGO_ENABLED=0).
- Add CGO_ENABLED=0 to Makefile build target for consistency.
- Add .dockerignore to exclude .git, dist/, data/ from build
context.
- Remove phantom 'lint' from Makefile .PHONY.
- Document ProtectSystem=strict constraint in systemd service.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
28 lines
701 B
Desktop File
28 lines
701 B
Desktop File
[Unit]
|
|
Description=Favoritter - Self-hosted favorites web app
|
|
After=network.target
|
|
|
|
[Service]
|
|
Type=simple
|
|
User=favoritter
|
|
Group=favoritter
|
|
EnvironmentFile=/etc/favoritter/favoritter.env
|
|
ExecStart=/usr/bin/favoritter
|
|
Restart=on-failure
|
|
RestartSec=5
|
|
|
|
# Hardening — ProtectSystem=strict makes the filesystem read-only
|
|
# except for ReadWritePaths. If you change FAVORITTER_UPLOAD_DIR or
|
|
# FAVORITTER_DB_PATH to a location outside /var/lib/favoritter, add
|
|
# that path to ReadWritePaths.
|
|
NoNewPrivileges=yes
|
|
ProtectSystem=strict
|
|
ProtectHome=yes
|
|
ReadWritePaths=/var/lib/favoritter
|
|
PrivateTmp=yes
|
|
ProtectKernelTunables=yes
|
|
ProtectControlGroups=yes
|
|
RestrictSUIDSGID=yes
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|