drwily/veola
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ea3577a45e2136d4b1ba137e0e84e561bd5e7b94
veola/internal/handlers/users.go
prosolis edb732ee1f Auction end times, visual flair, and pre-launch cleanup 
Auction handling:
- Capture itemEndDate from eBay Browse API and ending_date from ZenMarket
  (Yahoo JP); plumb through results.ends_at column. Permissive ZenMarket
  parser (multiple layouts, JST when offset missing).
- Per-row "Ends" countdown column + "Ending soon" banner on results pages,
  live-ticked by flair.js with urgent/critical tinting under 1h/5m.
- Backfill ends_at for known auctions when their URL reappears in a poll
  (dedup hit no longer drops the new end time).
- Hide ended auctions from result listings by default via
  ResultsQuery.ExcludeEnded; rows stay in the DB.

Visual flair:
- Glassy backdrop-blur v-cards with gradient-mask borders and hover-lift.
- htmx swap fade-in via transient .v-just-swapped class.
- Count-up animation on dashboard stats. All animations gated behind
  prefers-reduced-motion.

eBay condition + region filters (auctions-style scoping):
- items.condition and items.region columns; threaded through item form,
  CreateItem/UpdateItem, scheduler eBay plan input, and previewKey so
  cache invalidates when these change.
- ebay.SearchParams gains conditionIds and itemLocationCountry filters.

Run Now reload + countdown engine:
- Run Now now sets HX-Refresh: true (non-htmx fallback: 303 redirect) so
  the entire results view — best price, chart, badge, last polled —
  reflects the new poll, instead of swapping just one partial.

Pre-launch hardening (P1 set):
- auth.EqualizeLoginTiming on no-such-user branch.
- (*App).serverError centralizes 500s; replaces err.Error() leaks across
  results/settings/items/users/dashboard handlers.
- main.go server: ReadTimeout 30s / WriteTimeout 60s / IdleTimeout 120s
  alongside the existing ReadHeaderTimeout.
- noListFS wrapper blocks static directory listings.
- Credential fields in settings no longer render value=; blank submission
  preserves the saved value, with per-field "Saved in settings / Set in
  config.toml / Not set" status indicator.

Misc:
- -debug flag wires slog to LevelDebug; raw ZenMarket items logged for
  format diagnosis.
- /healthz public endpoint for reverse-proxy probes.
- deploy/veola.service systemd unit template (hardening flags, single
  ReadWritePaths=/var/lib/veola).
- handlers_test.go covers /healthz, setup-gate redirect, auth gate, and
  /login render with httptest + in-memory sqlite.
- best_price_currency on items; templates pick the right symbol per row.
- .gitignore now excludes *.log / veola-debug.log.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-15 17:47:09 -07:00

102 lines
2.9 KiB
Go
Raw Blame History

package handlers
import (
"fmt"
"net/http"
"strings"
"veola/internal/auth"
"veola/internal/models"
"veola/templates"
)
func (a *App) renderSettingsWithUserMsg(w http.ResponseWriter, r *http.Request, msg, errMsg string) {
d, err := a.settingsData(r)
if err != nil {
a.serverError(w, r, err)
return
}
d.UserMsg = msg
d.UserError = errMsg
render(w, r, templates.Settings(d))
}
func (a *App) PostCreateUser(w http.ResponseWriter, r *http.Request) {
if err := r.ParseForm(); err != nil {
http.Error(w, "bad form", http.StatusBadRequest)
return
}
username := strings.TrimSpace(r.PostFormValue("username"))
password := r.PostFormValue("password")
role := strings.TrimSpace(r.PostFormValue("role"))
if role != string(models.RoleAdmin) {
role = string(models.RoleUser)
}
switch {
case username == "":
a.renderSettingsWithUserMsg(w, r, "", "Username is required")
return
case len(password) < auth.MinPasswordLen:
a.renderSettingsWithUserMsg(w, r, "", fmt.Sprintf("Password must be at least %d characters", auth.MinPasswordLen))
return
}
existing, _ := a.Store.GetUserByUsername(r.Context(), username)
if existing != nil {
a.renderSettingsWithUserMsg(w, r, "", "User already exists")
return
}
hash, err := auth.HashPassword(password)
if err != nil {
a.renderSettingsWithUserMsg(w, r, "", "hash error")
return
}
if _, err := a.Store.CreateUser(r.Context(), username, hash, models.Role(role)); err != nil {
a.renderSettingsWithUserMsg(w, r, "", err.Error())
return
}
a.renderSettingsWithUserMsg(w, r, "Created user "+username, "")
}
func (a *App) PostDeleteUser(w http.ResponseWriter, r *http.Request) {
id := intParam(r, "id")
cur := auth.CurrentUserFromRequest(r)
if cur != nil && cur.ID == id {
a.renderSettingsWithUserMsg(w, r, "", "You cannot delete your own account")
return
}
if err := a.Store.DeleteUser(r.Context(), id); err != nil {
a.renderSettingsWithUserMsg(w, r, "", err.Error())
return
}
a.renderSettingsWithUserMsg(w, r, "User removed", "")
}
func (a *App) PostResetPassword(w http.ResponseWriter, r *http.Request) {
id := intParam(r, "id")
if err := r.ParseForm(); err != nil {
http.Error(w, "bad form", http.StatusBadRequest)
return
}
next := r.PostFormValue("new_password")
if len(next) < auth.MinPasswordLen {
a.renderSettingsWithUserMsg(w, r, "", fmt.Sprintf("Password must be at least %d characters", auth.MinPasswordLen))
return
}
u, err := a.Store.GetUserByID(r.Context(), id)
if err != nil || u == nil {
a.renderSettingsWithUserMsg(w, r, "", "User not found")
return
}
hash, err := auth.HashPassword(next)
if err != nil {
a.renderSettingsWithUserMsg(w, r, "", "hash error")
return
}
if err := a.Store.UpdateUserPassword(r.Context(), id, hash); err != nil {
a.renderSettingsWithUserMsg(w, r, "", err.Error())
return
}
a.renderSettingsWithUserMsg(w, r, "Password reset for "+u.Username, "")
}
Reference in New Issue View Git Blame Copy Permalink