tenseleyflow/shithub / 134847d

+		"Title":          "SSH keys",

+		"CSRFToken":      middleware.CSRFTokenForRequest(r),

+		"SettingsActive": "keys",

+		"Keys":           keys,

+		"AddError":       addError,

+		"AddTitle":       addTitle,

+		"AddBlob":        addBlob,

+		"SettingsActive": "tokens",

+		"Title":          "Enable two-factor authentication",

+		"CSRFToken":      middleware.CSRFTokenForRequest(r),

+		"SettingsActive": "2fa",

+		"QRSvg":          svg,

+		"Secret":         totp.EncodeBase32(secret), // displayed for manual entry; also high-entropy + redacted in logs

+			"Title":          "Enable two-factor authentication",

+			"CSRFToken":      middleware.CSRFTokenForRequest(r),

+			"SettingsActive": "2fa",

+		"Title":          "Disable two-factor authentication",

+		"CSRFToken":      middleware.CSRFTokenForRequest(r),

+		"SettingsActive": "2fa",

+			"Title":          "Disable two-factor authentication",

+			"CSRFToken":      middleware.CSRFTokenForRequest(r),

+			"SettingsActive": "2fa",

+			"Error":          msg,

+		"Title":          "New recovery codes",

+		"CSRFToken":      middleware.CSRFTokenForRequest(r),

+		"SettingsActive": "2fa",

+		"RecoveryCodes":  codes,

+

+/* ----- settings shell (S10) ----- */

+.shithub-settings-page {

+  max-width: 64rem;

+  margin: 2rem auto;

+  padding: 0 1rem;

+  display: grid;

+  grid-template-columns: 220px 1fr;

+  gap: 2rem;

+  align-items: start;

+}

+.shithub-settings-side { font-size: 0.9rem; }

+.shithub-settings-side-title {

+  margin: 0 0 0.75rem;

+  font-size: 1.5rem;

+  font-weight: 400;

+  padding-bottom: 0.5rem;

+  border-bottom: 1px solid var(--border-default);

+}

+.shithub-settings-side nav ul {

+  list-style: none;

+  padding: 0;

+  margin: 0 0 1rem;

+}

+.shithub-settings-side nav li {

+  border-radius: 6px;

+}

+.shithub-settings-side nav li.active {

+  background: var(--canvas-subtle);

+  border-left: 2px solid var(--accent-emphasis);

+}

+.shithub-settings-side nav li a {

+  display: block;

+  padding: 0.4rem 0.75rem;

+  color: var(--fg-default);

+  text-decoration: none;

+  border-radius: 6px;

+}

+.shithub-settings-side nav li a:hover { background: var(--canvas-subtle); }

+.shithub-settings-side nav li.active a { font-weight: 500; }

+.shithub-settings-side-group {

+  margin: 1.25rem 0 0.5rem;

+  padding-top: 0.75rem;

+  border-top: 1px solid var(--border-default);

+  font-size: 0.75rem;

+  font-weight: 600;

+  text-transform: uppercase;

+  letter-spacing: 0.05em;

+  color: var(--fg-muted);

+}

+.shithub-settings-danger { color: #cf222e; }

+

+.shithub-settings-content { min-width: 0; }

+.shithub-settings-content > h1 {

+  margin: 0 0 1.5rem;

+  padding-bottom: 0.75rem;

+  border-bottom: 1px solid var(--border-default);

+  font-size: 1.5rem;

+  font-weight: 400;

+}

+.shithub-settings-section {

+  margin: 0 0 2rem;

+  padding-bottom: 1.5rem;

+  border-bottom: 1px solid var(--border-muted, var(--border-default));

+}

+.shithub-settings-section:last-child { border-bottom: none; }

+.shithub-settings-section h2 {

+  margin: 0 0 0.5rem;

+  font-size: 1rem;

+  font-weight: 600;

+}

+.shithub-settings-section p { margin: 0 0 1rem; color: var(--fg-muted); }

+.shithub-settings-section form { display: grid; gap: 0.85rem; max-width: 32rem; }

+.shithub-settings-section label { display: grid; gap: 0.25rem; font-weight: 500; font-size: 0.9rem; }

+.shithub-settings-section input[type=text],

+.shithub-settings-section input[type=email],

+.shithub-settings-section input[type=password],

+.shithub-settings-section input[type=url],

+.shithub-settings-section textarea,

+.shithub-settings-section select {

+  font: inherit;

+  padding: 0.5rem 0.75rem;

+  border: 1px solid var(--border-default);

+  border-radius: 6px;

+  background: var(--canvas-subtle);

+}

+.shithub-settings-section textarea { min-height: 4rem; resize: vertical; }

+.shithub-settings-section .shithub-button { justify-self: start; }

+

+.shithub-settings-danger-zone {

+  border: 1px solid rgba(207, 34, 46, 0.4);

+  border-radius: 6px;

+  padding: 1rem 1.25rem;

+  background: rgba(207, 34, 46, 0.04);

+}

+.shithub-settings-danger-zone h2 { color: #cf222e; }

+{{ define "settings-nav" -}}

+<aside class="shithub-settings-side" aria-label="Settings sections">

+  <h2 class="shithub-settings-side-title">Settings</h2>

+  <nav>

+    <ul>

+      <li{{ if eq .SettingsActive "profile" }} class="active"{{ end }}>

+        <a href="/settings/profile">Public profile</a>

+      </li>

+      <li{{ if eq .SettingsActive "account" }} class="active"{{ end }}>

+        <a href="/settings/account">Account</a>

+      </li>

+      <li{{ if eq .SettingsActive "appearance" }} class="active"{{ end }}>

+        <a href="/settings/appearance">Appearance</a>

+      </li>

+      <li{{ if eq .SettingsActive "notifications" }} class="active"{{ end }}>

+        <a href="/settings/notifications">Notifications</a>

+      </li>

+    </ul>

+    <h3 class="shithub-settings-side-group">Access</h3>

+    <ul>

+      <li{{ if eq .SettingsActive "emails" }} class="active"{{ end }}>

+        <a href="/settings/emails">Emails</a>

+      </li>

+      <li{{ if eq .SettingsActive "password" }} class="active"{{ end }}>

+        <a href="/settings/password">Password</a>

+      </li>

+      <li{{ if eq .SettingsActive "2fa" }} class="active"{{ end }}>

+        <a href="/settings/security/2fa/enable">Two-factor auth</a>

+      </li>

+      <li{{ if eq .SettingsActive "keys" }} class="active"{{ end }}>

+        <a href="/settings/keys">SSH keys</a>

+      </li>

+      <li{{ if eq .SettingsActive "tokens" }} class="active"{{ end }}>

+        <a href="/settings/tokens">Personal access tokens</a>

+      </li>

+      <li{{ if eq .SettingsActive "sessions" }} class="active"{{ end }}>

+        <a href="/settings/sessions">Sessions</a>

+      </li>

+    </ul>

+    <h3 class="shithub-settings-side-group">Danger</h3>

+    <ul>

+      <li{{ if eq .SettingsActive "danger" }} class="active"{{ end }}>

+        <a href="/settings/danger" class="shithub-settings-danger">Delete account</a>

+      </li>

+    </ul>

+  </nav>

+</aside>

+{{- end }}

+<div class="shithub-settings-page">

+  {{ template "settings-nav" . }}

+  <div class="shithub-settings-content">

+    <h1>Two-factor authentication</h1>

+    <section class="shithub-settings-section">

+      <h2>Disable 2FA</h2>

+      <p>To disable 2FA, confirm your password and a current authenticator code. This protects your account if your session is hijacked.</p>

+      {{ with .Error }}<p class="shithub-flash shithub-flash-error" role="alert">{{ . }}</p>{{ end }}

+      <form method="POST" action="/settings/security/2fa/disable" novalidate>

+        <input type="hidden" name="csrf_token" value="{{ .CSRFToken }}">

+        <label>

+          <span>Password</span>

+          <input type="password" name="password" required autocomplete="current-password">

+        </label>

+        <label>

+          <span>Authenticator code</span>

+          <input type="text" name="code" required inputmode="numeric"

+                 pattern="[0-9]{6}" minlength="6" maxlength="6" autocomplete="one-time-code">

+        </label>

+        <button type="submit" class="shithub-button shithub-button-danger">Disable 2FA</button>

+      </form>

+    </section>

+

+    <section class="shithub-settings-section">

+      <h2>Regenerate recovery codes</h2>

+      <p>Issue a fresh set of recovery codes. The old set stops working immediately.</p>

+      <form method="POST" action="/settings/security/2fa/regenerate" novalidate>

+        <input type="hidden" name="csrf_token" value="{{ .CSRFToken }}">

+        <label>

+          <span>Password</span>

+          <input type="password" name="password" required autocomplete="current-password">

+        </label>

+        <label>

+          <span>Authenticator code</span>

+          <input type="text" name="code" required inputmode="numeric"

+                 pattern="[0-9]{6}" minlength="6" maxlength="6" autocomplete="one-time-code">

+        </label>

+        <button type="submit" class="shithub-button">Regenerate recovery codes</button>

+      </form>

+    </section>

+  </div>

+</div>

+<div class="shithub-settings-page">

+  {{ template "settings-nav" . }}

+  <div class="shithub-settings-content">

+    <h1>Enable two-factor authentication</h1>

+    <section class="shithub-settings-section">

+      <ol class="shithub-2fa-steps">

+        <li>Install an authenticator app (Aegis, 1Password, Authy, Google Authenticator, …).</li>

+        <li>Scan this QR code, or paste the secret manually.</li>

+        <li>Enter the 6-digit code your app shows to confirm.</li>

+      </ol>

+      <div class="shithub-2fa-qr" aria-hidden="false">

+        {{ .QRSvg }}

+      </div>

+      <p class="shithub-2fa-secret"><code>{{ .Secret }}</code></p>

+      <form method="POST" action="/settings/security/2fa/enable" novalidate>

+        <input type="hidden" name="csrf_token" value="{{ .CSRFToken }}">

+        <label>

+          <span>6-digit code from your app</span>

+          <input type="text" name="code" required autocomplete="one-time-code"

+                 inputmode="numeric" pattern="[0-9]{6}" minlength="6" maxlength="6">

+        </label>

+        <button type="submit" class="shithub-button shithub-button-primary">Confirm</button>

+      </form>

+    </section>

+</div>

+<div class="shithub-settings-page">

+  {{ template "settings-nav" . }}

+  <div class="shithub-settings-content">

+    {{ if .RecoveryCodes }}

+    <h1>Save your recovery codes</h1>

+    <section class="shithub-settings-section">

+      <p>These codes are shown <strong>once</strong>. Each works one time, in place of your authenticator code, if you lose access to your device. Store them in a password manager or print them.</p>

+      <ul class="shithub-recovery-codes" aria-label="Recovery codes">

+        {{ range .RecoveryCodes }}<li><code>{{ . }}</code></li>{{ end }}

+      </ul>

+      <p><a href="/settings/security/2fa/disable" class="shithub-button">Done — return to security settings</a></p>

+    </section>

+    {{ else }}

+    <h1>Two-factor authentication</h1>

+    <section class="shithub-settings-section">

+      {{ with .Error }}<p class="shithub-flash shithub-flash-error" role="alert">{{ . }}</p>{{ end }}

+      <p>Enter the 6-digit code from your authenticator app to finish enabling 2FA.</p>

+      <form method="POST" action="/settings/security/2fa/enable" novalidate>

+        <input type="hidden" name="csrf_token" value="{{ .CSRFToken }}">

+        <label>

+          <span>Code</span>

+          <input type="text" name="code" required inputmode="numeric"

+                 pattern="[0-9]{6}" minlength="6" maxlength="6">

+        </label>

+        <button type="submit" class="shithub-button shithub-button-primary">Confirm</button>

+      </form>

+    </section>

+    {{ end }}

+  </div>

+</div>

+<div class="shithub-settings-page">

+  {{ template "settings-nav" . }}

+  <div class="shithub-settings-content">

+    <h1>SSH keys</h1>

+    <section class="shithub-settings-section">

+      <p>SSH keys let you push and clone over SSH without typing a password. Generate one with <code>ssh-keygen -t ed25519</code> and paste the contents of the <code>.pub</code> file below.</p>

+      {{ if .Keys }}

+      <ul class="shithub-key-list">

+        {{ range .Keys }}

+        <li class="shithub-key-row">

+          <div>

+            <strong>{{ .Title }}</strong>

+            <span class="shithub-key-meta">{{ .KeyType }}{{ if .KeyBits }} · {{ .KeyBits }} bits{{ end }}</span>

+            <code class="shithub-key-fp">{{ .FingerprintSha256 }}</code>

+            {{ if .LastUsedAt.Valid }}<span class="shithub-key-last">last used {{ .LastUsedAt.Time.Format "2006-01-02" }}</span>{{ end }}

+          </div>

+          <form method="POST" action="/settings/keys/{{ .ID }}/delete" novalidate>

+            <input type="hidden" name="csrf_token" value="{{ $.CSRFToken }}">

+            <button type="submit" class="shithub-button shithub-button-danger">Delete</button>

+          </form>

+        </li>

+        {{ end }}

+      </ul>

+      {{ else }}

+      <p class="shithub-key-empty">No SSH keys yet.</p>

+      {{ end }}

+    </section>

+    <section class="shithub-settings-section">

+      <h2>Add a key</h2>

+      {{ with .AddError }}<p class="shithub-flash shithub-flash-error" role="alert">{{ . }}</p>{{ end }}

+      <form method="POST" action="/settings/keys" novalidate>

+        <input type="hidden" name="csrf_token" value="{{ .CSRFToken }}">

+        <label>

+          <span>Title</span>

+          <input type="text" name="title" maxlength="80" required value="{{ .AddTitle }}">

+        </label>

+        <label>

+          <span>Public key</span>

+          <textarea name="public_key" rows="4" required spellcheck="false"

+                    placeholder="ssh-ed25519 AAAA...">{{ .AddBlob }}</textarea>

+        </label>

+        <button type="submit" class="shithub-button shithub-button-primary">Add SSH key</button>

+      </form>

+    </section>

+  </div>

+</div>

+<div class="shithub-settings-page">

+  {{ template "settings-nav" . }}

+  <div class="shithub-settings-content">

+    <h1>Personal access tokens</h1>

+    <section class="shithub-settings-section">

+      <p>Tokens authenticate API calls and git-over-HTTPS pushes. Use them with <code>Authorization: token &lt;value&gt;</code> or as the password in HTTP Basic.</p>

+      {{ if .JustCreatedRaw }}

+      <div class="shithub-token-created" role="alert">

+        <strong>Save this token now — it won't be shown again.</strong>

+        <pre><code>{{ .JustCreatedRaw }}</code></pre>

+      {{ if .Tokens }}

+      <ul class="shithub-token-list">

+        {{ range .Tokens }}

+        <li class="shithub-token-row">

+          <div>

+            <strong>{{ .Name }}</strong>

+            <span class="shithub-key-meta">

+              {{ if .RevokedAt.Valid }}revoked{{ else if and .ExpiresAt.Valid (gt .ExpiresAt.Time.Unix 0) }}expires {{ .ExpiresAt.Time.Format "2006-01-02" }}{{ else }}no expiry{{ end }}

+            </span>

+            <code class="shithub-key-fp">{{ .TokenPrefix }}…</code>

+            <div class="shithub-token-scopes">{{ range .Scopes }}<span>{{ . }}</span>{{ end }}</div>

+            {{ if .LastUsedAt.Valid }}<span class="shithub-key-last">last used {{ .LastUsedAt.Time.Format "2006-01-02 15:04" }}</span>{{ end }}

+          </div>

+          {{ if not .RevokedAt.Valid }}

+          <form method="POST" action="/settings/tokens/{{ .ID }}/revoke" novalidate>

+            <input type="hidden" name="csrf_token" value="{{ $.CSRFToken }}">

+            <button type="submit" class="shithub-button shithub-button-danger">Revoke</button>

+          </form>

+          {{ end }}

+        </li>

+        {{ end }}

+      </ul>

+      {{ else }}

+      <p class="shithub-key-empty">No tokens yet.</p>

+    </section>

+

+    <section class="shithub-settings-section">

+      <h2>Create a token</h2>

+      {{ if not .RecentAuthOK }}

+        <p class="shithub-flash shithub-flash-error" role="alert">

+          Confirm 2FA before creating a token. <a href="/login">Sign in again</a> with your authenticator code.

+        </p>

+      {{ end }}

+      {{ with .CreateError }}<p class="shithub-flash shithub-flash-error" role="alert">{{ . }}</p>{{ end }}

+      <form method="POST" action="/settings/tokens" novalidate>

+        <input type="hidden" name="csrf_token" value="{{ .CSRFToken }}">

+        <label>

+          <span>Name</span>

+          <input type="text" name="name" maxlength="80" required value="{{ .CreateName }}" placeholder="ci runner, laptop, …">

+        </label>

+        <label>

+          <span>Expiry</span>

+          <select name="expires_in">

+            <option value="90">90 days (recommended)</option>

+            <option value="30">30 days</option>

+            <option value="365">1 year</option>

+            <option value="">No expiry</option>

+          </select>

+        </label>

+        <fieldset class="shithub-token-scopes-pick">

+          <legend>Scopes</legend>

+          {{ $picked := .CreateScopes }}

+          {{ range .AllScopes }}

+          {{ $s := . }}

+          <label>

+            <input type="checkbox" name="scopes" value="{{ . }}"

+              {{ range $picked }}{{ if eq . (printf "%s" $s) }}checked{{ end }}{{ end }}>

+            <code>{{ . }}</code>

+          </label>

+          {{ end }}

+        </fieldset>

+        <button type="submit" class="shithub-button shithub-button-primary">Create token</button>

+      </form>

+    </section>

+  </div>

+</div>