tenseleyflow/shithub / 75b2ec9

+	// OrgCreateMounter registers /organizations/new + POST

+	// /organizations (S30). Wrapped in RequireUser at the wiring

+	// layer.

+	OrgCreateMounter func(chi.Router)

+	// OrgRoutesMounter registers /{org}/people + invite + member

+	// management. Reads (people page) are public; mutations are

+	// owner-gated inside the handler. Must register BEFORE the

+	// /{username} catch-all so the `people` segment matches.

+	OrgRoutesMounter func(chi.Router)

+	// OrgInvitationsMounter registers /invitations/{token} +

+	// accept/decline. RequireUser at the wiring layer.

+	OrgInvitationsMounter func(chi.Router)

+		if deps.OrgCreateMounter != nil {

+			deps.OrgCreateMounter(r)

+		}

+		if deps.OrgInvitationsMounter != nil {

+			deps.OrgInvitationsMounter(r)

+		}

+		// /{org}/people MUST register before /{username} catch-all

+		// so the explicit `people` segment matches first.

+		if deps.OrgRoutesMounter != nil {

+			deps.OrgRoutesMounter(r)

+		}

+// SPDX-License-Identifier: AGPL-3.0-or-later

+

+// Package orgs wires the S30 organization web surface:

+//

+//   GET  /organizations/new            create form

+//   POST /organizations                create submit

+//   GET  /{org}/people                 members + pending invites + invite form

+//   POST /{org}/people/invite          invite by username or email

+//   POST /{org}/people/{user}/role     change role

+//   POST /{org}/people/{user}/remove   remove member

+//   GET  /invitations/{token}          accept/decline view

+//   POST /invitations/{token}/accept   accept

+//   POST /invitations/{token}/decline  decline

+//

+// Profile rendering for /{org} is dispatched from the existing

+// /{username} catch-all in internal/web/handlers/profile via the

+// principals.Resolve lookup; this handler set only owns the org-

+// specific surfaces.

+package orgs

+

+import (

+	"errors"

+	"log/slog"

+	"net/http"

+	"strconv"

+	"strings"

+

+	"github.com/go-chi/chi/v5"

+	"github.com/jackc/pgx/v5/pgxpool"

+

+	authemail "github.com/tenseleyFlow/shithub/internal/auth/email"

+	"github.com/tenseleyFlow/shithub/internal/orgs"

+	orgsdb "github.com/tenseleyFlow/shithub/internal/orgs/sqlc"

+	"github.com/tenseleyFlow/shithub/internal/web/middleware"

+	"github.com/tenseleyFlow/shithub/internal/web/render"

+)

+

+// Deps wires the handler set.

+type Deps struct {

+	Logger      *slog.Logger

+	Render      *render.Renderer

+	Pool        *pgxpool.Pool

+	EmailSender authemail.Sender

+	EmailFrom   string

+	SiteName    string

+	BaseURL     string

+}

+

+// Handlers groups the org surface handlers.

+type Handlers struct {

+	d Deps

+}

+

+// New constructs the handler set, validating Deps.

+func New(d Deps) (*Handlers, error) {

+	if d.Render == nil {

+		return nil, errors.New("orgs handlers: nil Render")

+	}

+	if d.Pool == nil {

+		return nil, errors.New("orgs handlers: nil Pool")

+	}

+	return &Handlers{d: d}, nil

+}

+

+// MountCreate registers /organizations/new + POST /organizations.

+// Caller wraps these in RequireUser since both require a logged-in

+// creator. The /organizations prefix is on the auth-reserved list so

+// it never shadows a user/org slug.

+func (h *Handlers) MountCreate(r chi.Router) {

+	r.Get("/organizations/new", h.newForm)

+	r.Post("/organizations", h.createSubmit)

+}

+

+// MountOrgRoutes registers the per-org surface under /{org}/people

+// and /{org}/settings. Caller MUST register this before the

+// /{username} catch-all so the `people` segment matches.

+//

+// Member-management routes live behind RequireUser at the wiring

+// layer (server.go); profile-style reads stay public.

+func (h *Handlers) MountOrgRoutes(r chi.Router) {

+	r.Get("/{org}/people", h.peoplePage)

+	r.Post("/{org}/people/invite", h.invite)

+	r.Post("/{org}/people/{userID}/role", h.changeRole)

+	r.Post("/{org}/people/{userID}/remove", h.removeMember)

+}

+

+// MountInvitations registers /invitations/{token}* — accept/decline.

+// Authed-only; the page also shows a hint when the viewer's logged-in

+// user doesn't match the invite's target email.

+func (h *Handlers) MountInvitations(r chi.Router) {

+	r.Get("/invitations/{token}", h.invitationView)

+	r.Post("/invitations/{token}/accept", h.invitationAccept)

+	r.Post("/invitations/{token}/decline", h.invitationDecline)

+}

+

+// ─── helpers ───────────────────────────────────────────────────────

+

+func (h *Handlers) deps() orgs.Deps {

+	return orgs.Deps{

+		Pool:        h.d.Pool,

+		Logger:      h.d.Logger,

+		EmailSender: h.d.EmailSender,

+		EmailFrom:   h.d.EmailFrom,

+		SiteName:    h.d.SiteName,

+		BaseURL:     h.d.BaseURL,

+	}

+}

+

+// orgFromSlug resolves the org from a {org} URL param, with an

+// existence-leak-safe 404 path.

+func (h *Handlers) orgFromSlug(w http.ResponseWriter, r *http.Request) (orgsdb.Org, bool) {

+	slug := chi.URLParam(r, "org")

+	row, err := orgsdb.New().GetOrgBySlug(r.Context(), h.d.Pool, slug)

+	if err != nil {

+		h.d.Render.HTTPError(w, r, http.StatusNotFound, "")

+		return orgsdb.Org{}, false

+	}

+	return row, true

+}

+

+func parseUserIDParam(s string) (int64, error) {

+	return strconv.ParseInt(s, 10, 64)

+}

+

+// ─── create ────────────────────────────────────────────────────────

+

+func (h *Handlers) newForm(w http.ResponseWriter, r *http.Request) {

+	viewer := middleware.CurrentUserFromContext(r.Context())

+	if viewer.IsAnonymous() {

+		http.Redirect(w, r, "/login?next=/organizations/new", http.StatusSeeOther)

+		return

+	}

+	h.renderNewForm(w, r, "", "")

+}

+

+func (h *Handlers) createSubmit(w http.ResponseWriter, r *http.Request) {

+	viewer := middleware.CurrentUserFromContext(r.Context())

+	if viewer.IsAnonymous() {

+		http.Redirect(w, r, "/login?next=/organizations/new", http.StatusSeeOther)

+		return

+	}

+	if err := r.ParseForm(); err != nil {

+		h.d.Render.HTTPError(w, r, http.StatusBadRequest, "")

+		return

+	}

+	slug := strings.TrimSpace(r.PostFormValue("slug"))

+	displayName := strings.TrimSpace(r.PostFormValue("display_name"))

+	billingEmail := strings.TrimSpace(r.PostFormValue("billing_email"))

+

+	row, err := orgs.Create(r.Context(), h.deps(), orgs.CreateParams{

+		Slug:            slug,

+		DisplayName:     displayName,

+		BillingEmail:    billingEmail,

+		CreatedByUserID: viewer.ID,

+	})

+	if err != nil {

+		h.renderNewForm(w, r, slug, friendlyOrgErr(err))

+		return

+	}

+	http.Redirect(w, r, "/"+row.Slug, http.StatusSeeOther)

+}

+

+func (h *Handlers) renderNewForm(w http.ResponseWriter, r *http.Request, slug, errMsg string) {

+	_ = h.d.Render.RenderPage(w, r, "orgs/new", map[string]any{

+		"Title":     "New organization",

+		"CSRFToken": middleware.CSRFTokenForRequest(r),

+		"Slug":      slug,

+		"Error":     errMsg,

+	})

+}

+

+// ─── people ────────────────────────────────────────────────────────

+

+func (h *Handlers) peoplePage(w http.ResponseWriter, r *http.Request) {

+	org, ok := h.orgFromSlug(w, r)

+	if !ok {

+		return

+	}

+	viewer := middleware.CurrentUserFromContext(r.Context())

+	q := orgsdb.New()

+	members, err := q.ListOrgMembers(r.Context(), h.d.Pool, org.ID)

+	if err != nil {

+		h.d.Logger.ErrorContext(r.Context(), "orgs: list members", "error", err)

+		h.d.Render.HTTPError(w, r, http.StatusInternalServerError, "")

+		return

+	}

+	var pending []orgsdb.ListPendingInvitationsForOrgRow

+	isOwner := false

+	if !viewer.IsAnonymous() {

+		isOwner, _ = orgs.IsOwner(r.Context(), h.deps(), org.ID, viewer.ID)

+		if isOwner {

+			pending, _ = q.ListPendingInvitationsForOrg(r.Context(), h.d.Pool, org.ID)

+		}

+	}

+	_ = h.d.Render.RenderPage(w, r, "orgs/people", map[string]any{

+		"Title":     org.Slug + " · people",

+		"CSRFToken": middleware.CSRFTokenForRequest(r),

+		"Org":       org,

+		"Members":   members,

+		"Pending":   pending,

+		"IsOwner":   isOwner,

+	})

+}

+

+func (h *Handlers) invite(w http.ResponseWriter, r *http.Request) {

+	org, ok := h.orgFromSlug(w, r)

+	if !ok {

+		return

+	}

+	viewer := middleware.CurrentUserFromContext(r.Context())

+	if viewer.IsAnonymous() {

+		h.d.Render.HTTPError(w, r, http.StatusUnauthorized, "")

+		return

+	}

+	owner, err := orgs.IsOwner(r.Context(), h.deps(), org.ID, viewer.ID)

+	if err != nil || !owner {

+		h.d.Render.HTTPError(w, r, http.StatusForbidden, "")

+		return

+	}

+	if err := r.ParseForm(); err != nil {

+		h.d.Render.HTTPError(w, r, http.StatusBadRequest, "")

+		return

+	}

+	target := strings.TrimSpace(r.PostFormValue("target"))

+	role := r.PostFormValue("role")

+	if role == "" {

+		role = "member"

+	}

+	p := orgs.InviteParams{

+		OrgID:           org.ID,

+		InvitedByUserID: viewer.ID,

+		Role:            role,

+	}

+	if strings.Contains(target, "@") {

+		p.TargetEmail = target

+	} else {

+		p.TargetUsername = target

+	}

+	if _, err := orgs.Invite(r.Context(), h.deps(), p); err != nil {

+		h.d.Logger.WarnContext(r.Context(), "orgs: invite failed",

+			"org", org.Slug, "target", target, "error", err)

+	}

+	http.Redirect(w, r, "/"+org.Slug+"/people", http.StatusSeeOther)

+}

+

+func (h *Handlers) changeRole(w http.ResponseWriter, r *http.Request) {

+	h.memberMutate(w, r, func(orgID, userID int64) error {

+		role := r.PostFormValue("role")

+		return orgs.ChangeRole(r.Context(), h.deps(), orgID, userID, role)

+	})

+}

+

+func (h *Handlers) removeMember(w http.ResponseWriter, r *http.Request) {

+	h.memberMutate(w, r, func(orgID, userID int64) error {

+		return orgs.RemoveMember(r.Context(), h.deps(), orgID, userID)

+	})

+}

+

+// memberMutate is the shared owner-check + redirect wrapper for the

+// member-management POSTs. Centralizes the policy gate so each route

+// is one line.

+func (h *Handlers) memberMutate(w http.ResponseWriter, r *http.Request, action func(orgID, userID int64) error) {

+	org, ok := h.orgFromSlug(w, r)

+	if !ok {

+		return

+	}

+	viewer := middleware.CurrentUserFromContext(r.Context())

+	if viewer.IsAnonymous() {

+		h.d.Render.HTTPError(w, r, http.StatusUnauthorized, "")

+		return

+	}

+	owner, _ := orgs.IsOwner(r.Context(), h.deps(), org.ID, viewer.ID)

+	if !owner {

+		h.d.Render.HTTPError(w, r, http.StatusForbidden, "")

+		return

+	}

+	if err := r.ParseForm(); err != nil {

+		h.d.Render.HTTPError(w, r, http.StatusBadRequest, "")

+		return

+	}

+	uid, err := parseUserIDParam(chi.URLParam(r, "userID"))

+	if err != nil {

+		h.d.Render.HTTPError(w, r, http.StatusBadRequest, "")

+		return

+	}

+	if err := action(org.ID, uid); err != nil {

+		h.d.Logger.WarnContext(r.Context(), "orgs: member mutation",

+			"org", org.Slug, "user_id", uid, "error", err)

+	}

+	http.Redirect(w, r, "/"+org.Slug+"/people", http.StatusSeeOther)

+}

+

+// ─── invitations ───────────────────────────────────────────────────

+

+func (h *Handlers) invitationView(w http.ResponseWriter, r *http.Request) {

+	tok := chi.URLParam(r, "token")

+	inv, err := orgs.LookupInvitationByToken(r.Context(), h.deps(), tok)

+	if err != nil {

+		h.d.Render.HTTPError(w, r, http.StatusNotFound, "")

+		return

+	}

+	org, err := orgsdb.New().GetOrgByID(r.Context(), h.d.Pool, inv.OrgID)

+	if err != nil {

+		h.d.Render.HTTPError(w, r, http.StatusNotFound, "")

+		return

+	}

+	_ = h.d.Render.RenderPage(w, r, "orgs/invitation", map[string]any{

+		"Title":      "Organization invitation",

+		"CSRFToken":  middleware.CSRFTokenForRequest(r),

+		"Org":        org,

+		"Invitation": inv,

+		"Token":      tok,

+	})

+}

+

+func (h *Handlers) invitationAccept(w http.ResponseWriter, r *http.Request) {

+	h.invitationAction(w, r, true)

+}

+

+func (h *Handlers) invitationDecline(w http.ResponseWriter, r *http.Request) {

+	h.invitationAction(w, r, false)

+}

+

+func (h *Handlers) invitationAction(w http.ResponseWriter, r *http.Request, accept bool) {

+	viewer := middleware.CurrentUserFromContext(r.Context())

+	if viewer.IsAnonymous() {

+		http.Redirect(w, r, "/login?next="+r.URL.Path, http.StatusSeeOther)

+		return

+	}

+	tok := chi.URLParam(r, "token")

+	inv, err := orgs.LookupInvitationByToken(r.Context(), h.deps(), tok)

+	if err != nil {

+		h.d.Render.HTTPError(w, r, http.StatusNotFound, "")

+		return

+	}

+	if accept {

+		if err := orgs.AcceptInvitation(r.Context(), h.deps(), inv, viewer.ID); err != nil {

+			h.d.Logger.WarnContext(r.Context(), "orgs: accept invitation",

+				"id", inv.ID, "error", err)

+			h.d.Render.HTTPError(w, r, http.StatusForbidden, "")

+			return

+		}

+	} else {

+		if err := orgs.DeclineInvitation(r.Context(), h.deps(), inv, viewer.ID); err != nil {

+			h.d.Logger.WarnContext(r.Context(), "orgs: decline invitation",

+				"id", inv.ID, "error", err)

+		}

+	}

+	org, _ := orgsdb.New().GetOrgByID(r.Context(), h.d.Pool, inv.OrgID)

+	http.Redirect(w, r, "/"+org.Slug, http.StatusSeeOther)

+}

+

+// friendlyOrgErr maps orchestrator errors to user-facing strings.

+// Unknown errors collapse to a generic message — the underlying err

+// is logged at the call site.

+func friendlyOrgErr(err error) string {

+	switch {

+	case errors.Is(err, orgs.ErrEmptySlug):

+		return "Slug is required."

+	case errors.Is(err, orgs.ErrSlugTooLong):

+		return "Slug too long (max 39 characters)."

+	case errors.Is(err, orgs.ErrSlugInvalid):

+		return "Slug must be lowercase letters, digits, or hyphens; cannot start or end with a hyphen."

+	case errors.Is(err, orgs.ErrSlugReserved):

+		return "That slug is reserved. Try another."

+	case errors.Is(err, orgs.ErrSlugTaken):

+		return "That slug is already in use. Try another."

+	}

+	return "Something went wrong creating the organization."

+}

+	"github.com/tenseleyFlow/shithub/internal/orgs"

+	orgsdb "github.com/tenseleyFlow/shithub/internal/orgs/sqlc"

+	reposdb "github.com/tenseleyFlow/shithub/internal/repos/sqlc"

+	// S30: principals first. The single-row lookup decides whether

+	// /{slug} dispatches to the user-profile renderer (existing) or

+	// the org-profile renderer (this sprint). On miss, fall through

+	// to username_redirects so renamed users keep redirecting.

+	if p, err := orgs.Resolve(r.Context(), h.d.Pool, lower); err == nil {

+		switch p.Kind {

+		case orgs.PrincipalOrg:

+			h.serveOrgProfile(w, r, p.ID)

+			return

+		case orgs.PrincipalUser:

+			// Fall through to the user lookup below — keeps the

+			// existing canonical-case redirect + suspension paths.

+		}

+	}

+

+

+// serveOrgProfile renders /{org}. Pulls the org row + a small set of

+// the org's visible repos. Visibility scoping defers to the caller's

+// authentication state — a viewer that isn't a member sees only

+// public repos.

+func (h *Handlers) serveOrgProfile(w http.ResponseWriter, r *http.Request, orgID int64) {

+	ctx := r.Context()

+	org, err := orgsdb.New().GetOrgByID(ctx, h.d.Pool, orgID)

+	if err != nil {

+		h.d.Render.HTTPError(w, r, http.StatusNotFound, r.URL.Path)

+		return

+	}

+	if org.DeletedAt.Valid {

+		// Soft-deleted orgs render the same "unavailable" shell as

+		// suspended/deleted users so the existence-leak posture is

+		// uniform.

+		h.renderUnavailable(w, r, string(org.Slug))

+		return

+	}

+	viewer := middleware.CurrentUserFromContext(r.Context())

+	isOwner := false

+	isMember := false

+	if !viewer.IsAnonymous() {

+		isOwner, _ = orgs.IsOwner(ctx, orgs.Deps{Pool: h.d.Pool, Logger: h.d.Logger}, org.ID, viewer.ID)

+		isMember, _ = orgs.IsMember(ctx, orgs.Deps{Pool: h.d.Pool, Logger: h.d.Logger}, org.ID, viewer.ID)

+	}

+

+	// Org repo listing — small inline query to avoid widening sqlc

+	// for one read. Members see private + public; non-members see

+	// public only. Soft-deleted repos are excluded uniformly.

+	visClause := "AND visibility = 'public'"

+	args := []any{org.ID}

+	if isMember {

+		visClause = ""

+	}

+	rows, err := h.d.Pool.Query(ctx,

+		`SELECT id, name, description, visibility::text

+		   FROM repos

+		  WHERE owner_org_id = $1 AND deleted_at IS NULL `+visClause+`

+		  ORDER BY name ASC LIMIT 50`,

+		args...)

+	if err != nil {

+		h.d.Logger.ErrorContext(ctx, "orgs profile: list repos", "error", err)

+	}

+	type repoRow struct {

+		Name, Description, Visibility string

+	}

+	var repos []repoRow

+	if rows != nil {

+		defer rows.Close()

+		for rows.Next() {

+			var id int64

+			var rr repoRow

+			if err := rows.Scan(&id, &rr.Name, &rr.Description, &rr.Visibility); err == nil {

+				repos = append(repos, rr)

+			}

+		}

+	}

+	memberCount := 0

+	{

+		var n int64

+		_ = h.d.Pool.QueryRow(ctx, `SELECT count(*) FROM org_members WHERE org_id = $1`, org.ID).Scan(&n)

+		memberCount = int(n)

+	}

+

+	_ = h.d.Render.RenderPage(w, r, "orgs/profile", map[string]any{

+		"Title":       org.DisplayName,

+		"Org":         org,

+		"Repos":       repos,

+		"MemberCount": memberCount,

+		"IsOwner":     isOwner,

+		"IsMember":    isMember,

+	})

+}

+

+// avoid the unused-import lint when reposdb is only referenced in

+// the inline raw query above.

+var _ = reposdb.New

+// SPDX-License-Identifier: AGPL-3.0-or-later

+

+package web

+

+import (

+	"errors"

+	"io/fs"

+	"log/slog"

+	"net/http"

+	"os"

+	"time"

+

+	"github.com/jackc/pgx/v5/pgxpool"

+

+	"github.com/tenseleyFlow/shithub/internal/auth/email"

+	"github.com/tenseleyFlow/shithub/internal/infra/config"

+	orgshandlers "github.com/tenseleyFlow/shithub/internal/web/handlers/orgs"

+	"github.com/tenseleyFlow/shithub/internal/web/render"

+)

+

+// buildOrgHandlers wires the S30 organization handler set. Owns its

+// own renderer (same pattern as the search/notif builders).

+func buildOrgHandlers(

+	cfg config.Config,

+	pool *pgxpool.Pool,

+	tmplFS fs.FS,

+	logger *slog.Logger,

+) (*orgshandlers.Handlers, error) {

+	rr, err := render.New(tmplFS, render.Options{Octicons: render.BuiltinOcticons()})

+	if err != nil {

+		return nil, err

+	}

+	sender, _ := pickOrgsEmailSender(cfg)

+	return orgshandlers.New(orgshandlers.Deps{

+		Logger:      logger,

+		Render:      rr,

+		Pool:        pool,

+		EmailSender: sender,

+		EmailFrom:   cfg.Auth.EmailFrom,

+		SiteName:    cfg.Auth.SiteName,

+		BaseURL:     cfg.Auth.BaseURL,

+	})

+}

+

+// pickOrgsEmailSender mirrors pickEmailSender in auth_wiring.go.

+// Kept local so a missing/misconfigured email backend doesn't crash

+// the org surface — invitations still land in the DB; the email side

+// is best-effort.

+func pickOrgsEmailSender(cfg config.Config) (email.Sender, error) {

+	switch cfg.Auth.EmailBackend {

+	case "stdout":

+		return email.NewStdoutSender(os.Stdout), nil

+	case "smtp":

+		return &email.SMTPSender{

+			Addr:     cfg.Auth.SMTP.Addr,

+			From:     cfg.Auth.EmailFrom,

+			Username: cfg.Auth.SMTP.Username,

+			Password: cfg.Auth.SMTP.Password,

+		}, nil

+	case "postmark":

+		return &email.PostmarkSender{

+			ServerToken: cfg.Auth.Postmark.ServerToken,

+			From:        cfg.Auth.EmailFrom,

+			HTTP:        &http.Client{Timeout: 10 * time.Second},

+		}, nil

+	default:

+		return nil, errors.New("orgs: unknown email_backend")

+	}

+}

+		// S30 — orgs.

+		orgH, err := buildOrgHandlers(cfg, pool, deps.TemplatesFS, logger)

+		if err != nil {

+			return fmt.Errorf("org handlers: %w", err)

+		}

+		deps.OrgCreateMounter = func(r chi.Router) {

+			r.Group(func(r chi.Router) {

+				r.Use(middleware.RequireUser)

+				orgH.MountCreate(r)

+			})

+		}

+		// /{org}/people: GETs are public (org existence is non-secret;

+		// member lists for private orgs are deferred). Mutations are

+		// owner-checked inside the handler, but RequireUser wraps the

+		// POST routes so unauth submits redirect to /login.

+		deps.OrgRoutesMounter = func(r chi.Router) {

+			r.Group(func(r chi.Router) {

+				orgH.MountOrgRoutes(r)

+			})

+		}

+		deps.OrgInvitationsMounter = func(r chi.Router) {

+			r.Group(func(r chi.Router) {

+				r.Use(middleware.RequireUser)

+				orgH.MountInvitations(r)

+			})

+		}

+

+        <a role="menuitem" href="/organizations/new">New organization</a>

+{{ define "page" -}}

+<section class="shithub-auth">

+  <h1>Organization invitation</h1>

+  <p>You've been invited to join <strong>{{ .Org.DisplayName }}</strong> (@{{ .Org.Slug }}) as a <strong>{{ .Invitation.Role }}</strong>.</p>

+  <form method="POST" action="/invitations/{{ .Token }}/accept" style="display:inline">

+    <input type="hidden" name="csrf_token" value="{{ .CSRFToken }}">

+    <button type="submit" class="shithub-button shithub-button-primary">Accept</button>

+  </form>

+  <form method="POST" action="/invitations/{{ .Token }}/decline" style="display:inline">

+    <input type="hidden" name="csrf_token" value="{{ .CSRFToken }}">

+    <button type="submit" class="shithub-button">Decline</button>

+  </form>

+</section>

+{{- end }}

+{{ define "page" -}}

+<section class="shithub-auth">

+  <h1>Create an organization</h1>

+  {{ if .Error }}<p class="shithub-flash shithub-flash-error" role="alert">{{ .Error }}</p>{{ end }}

+  <form method="POST" action="/organizations" novalidate>

+    <input type="hidden" name="csrf_token" value="{{ .CSRFToken }}">

+    <label>

+      <span>Slug</span>

+      <input type="text" name="slug" required

+             pattern="[a-z0-9](?:[a-z0-9-]{0,37}[a-z0-9])?"

+             title="lowercase letters, digits, and hyphens; 1–39 chars; cannot start or end with a hyphen"

+             value="{{ .Slug }}" autofocus>

+    </label>

+    <label>

+      <span>Display name</span>

+      <input type="text" name="display_name">

+    </label>

+    <label>

+      <span>Billing email (optional)</span>

+      <input type="email" name="billing_email" autocomplete="email">

+    </label>

+    <button type="submit" class="shithub-button shithub-button-primary">Create organization</button>

+  </form>

+  <p class="shithub-auth-aside">

+    The slug is your org's URL handle and must be unique across users + orgs. You can change the display name later.

+  </p>

+</section>

+{{- end }}

+{{ define "page" -}}

+<section class="shithub-org-people">

+  <header class="shithub-org-profile-head">

+    <h1>{{ .Org.DisplayName }} · People</h1>

+    <p class="shithub-meta">@{{ .Org.Slug }}</p>

+  </header>

+

+  {{ if .IsOwner }}

+  <section class="shithub-org-invite">

+    <h2>Invite a new member</h2>

+    <form method="POST" action="/{{ .Org.Slug }}/people/invite">

+      <input type="hidden" name="csrf_token" value="{{ .CSRFToken }}">

+      <label>

+        <span>Username or email</span>

+        <input type="text" name="target" required placeholder="@username or someone@example.com">

+      </label>

+      <label>

+        <span>Role</span>

+        <select name="role">

+          <option value="member" selected>Member</option>

+          <option value="owner">Owner</option>

+        </select>

+      </label>

+      <button type="submit" class="shithub-button shithub-button-primary">Invite</button>

+    </form>

+  </section>

+  {{ end }}

+

+  <section class="shithub-org-members">

+    <h2>Members ({{ len .Members }})</h2>

+    <table class="shithub-table">

+      <thead><tr><th>User</th><th>Role</th><th>Joined</th>{{ if .IsOwner }}<th></th>{{ end }}</tr></thead>

+      <tbody>

+        {{ range .Members }}

+        <tr>

+          <td><a href="/{{ .Username }}">@{{ .Username }}</a> {{ if .DisplayName }}<span class="shithub-meta">— {{ .DisplayName }}</span>{{ end }}</td>

+          <td>{{ .Role }}</td>

+          <td>{{ relativeTime .JoinedAt.Time }}</td>

+          {{ if $.IsOwner }}

+          <td>

+            <form method="POST" action="/{{ $.Org.Slug }}/people/{{ .UserID }}/role" style="display:inline">

+              <input type="hidden" name="csrf_token" value="{{ $.CSRFToken }}">

+              <select name="role" onchange="this.form.submit()" aria-label="Change role">

+                <option value="member" {{ if eq (printf "%s" .Role) "member" }}selected{{ end }}>Member</option>

+                <option value="owner" {{ if eq (printf "%s" .Role) "owner" }}selected{{ end }}>Owner</option>

+              </select>

+            </form>

+            <form method="POST" action="/{{ $.Org.Slug }}/people/{{ .UserID }}/remove" style="display:inline">

+              <input type="hidden" name="csrf_token" value="{{ $.CSRFToken }}">

+              <button type="submit" class="shithub-button">Remove</button>

+            </form>

+          </td>

+          {{ end }}

+        </tr>

+        {{ end }}

+      </tbody>

+    </table>

+  </section>

+

+  {{ if and .IsOwner .Pending }}

+  <section class="shithub-org-pending">

+    <h2>Pending invitations</h2>

+    <ul>

+    {{ range .Pending }}

+      <li>

+        {{ if .TargetUsername.Valid }}@{{ .TargetUsername.String }}{{ else }}{{ .TargetEmail.String }}{{ end }}

+        — {{ .Role }} — invited {{ relativeTime .CreatedAt.Time }}

+      </li>

+    {{ end }}

+    </ul>

+  </section>

+  {{ end }}

+</section>

+{{- end }}

+{{ define "page" -}}

+<section class="shithub-org-profile">

+  <header class="shithub-org-profile-head">

+    <h1>{{ .Org.DisplayName }}</h1>

+    <p class="shithub-meta">@{{ .Org.Slug }}</p>

+    {{ if .Org.Description }}<p>{{ .Org.Description }}</p>{{ end }}

+    <nav class="shithub-org-tabs">

+      <a href="/{{ .Org.Slug }}/people">People ({{ .MemberCount }})</a>

+      {{ if .IsOwner }}<a href="/{{ .Org.Slug }}/settings/profile">Settings</a>{{ end }}

+    </nav>

+  </header>

+  {{ if .Org.SuspendedAt.Valid }}

+  <p class="shithub-flash shithub-flash-error">This organization is suspended. Pushes are blocked; reads continue.</p>

+  {{ end }}

+  <section class="shithub-org-repos">

+    <h2>Repositories</h2>

+    {{ if .Repos }}

+      <ul class="shithub-search-list">

+      {{ range .Repos }}

+        <li>

+          <a href="/{{ $.Org.Slug }}/{{ .Name }}"><strong>{{ $.Org.Slug }}/{{ .Name }}</strong></a>

+          {{ if eq (printf "%s" .Visibility) "private" }}<span class="shithub-pill shithub-pill-private">private</span>{{ end }}

+          {{ if .Description }}<p class="shithub-meta">{{ .Description }}</p>{{ end }}

+        </li>

+      {{ end }}

+      </ul>

+    {{ else }}

+      <p class="shithub-empty">No repositories yet.</p>

+    {{ end }}

+  </section>

+</section>

+{{- end }}