`e32287a`

S21: issues, labels, milestones routes + handlers (auth-gated writes)

Authored by mfwolffe <wolffemf@dukes.jmu.edu> 6 days ago

SHA: e32287a6974cc7ae30565f3a053c67c3d89abdbe
Parents: b4aa714
Tree: 165be3d

5 changed files

Status	File	+	-
M	`internal/web/handlers/handlers.go`	7	0
A	`internal/web/handlers/repo/issues.go`	487	0
A	`internal/web/handlers/repo/labels_milestones.go`	240	0
M	`internal/web/handlers/repo/repo.go`	3	1
M	`internal/web/server.go`	8	0

internal/web/handlers/handlers.gomodified

  	// RepoSettingsBranchesMounter registers /settings/branches +
  	// /settings/default-branch (S20). Auth-required.
  	RepoSettingsBranchesMounter func(chi.Router)
 +	// RepoIssuesMounter registers /{owner}/{repo}/issues, /labels, and
 +	// /milestones routes (S21). Reads are public (per-repo policy gate);
 +	// writes are auth-required.
 +	RepoIssuesMounter func(chi.Router)
  	// GitHTTPMounter, when non-nil, registers the smart-HTTP git routes
  	// (`*.git/info/refs`, `git-upload-pack`, `git-receive-pack`). MUST
  	// land in a route group that bypasses CSRF, response compression,
  		if deps.RepoSettingsBranchesMounter != nil {
  			deps.RepoSettingsBranchesMounter(r)
+ 		}
 +		if deps.RepoIssuesMounter != nil {
 +			deps.RepoIssuesMounter(r)
 +		}
  		if deps.RepoHomeMounter != nil {
  			deps.RepoHomeMounter(r)
+ 		}

internal/web/handlers/repo/issues.goadded

 +// SPDX-License-Identifier: AGPL-3.0-or-later
++
 +package repo
++
 +import (
 +	"errors"
 +	"net/http"
 +	"strconv"
 +	"strings"
++
 +	"github.com/go-chi/chi/v5"
 +	"github.com/jackc/pgx/v5"
 +	"github.com/jackc/pgx/v5/pgtype"
++
 +	"github.com/tenseleyFlow/shithub/internal/auth/policy"
 +	"github.com/tenseleyFlow/shithub/internal/auth/throttle"
 +	"github.com/tenseleyFlow/shithub/internal/issues"
 +	issuesdb "github.com/tenseleyFlow/shithub/internal/issues/sqlc"
 +	reposdb "github.com/tenseleyFlow/shithub/internal/repos/sqlc"
 +	"github.com/tenseleyFlow/shithub/internal/web/middleware"
 +)
++
 +// MountIssues registers the issues + labels + milestones routes under
 +// /{owner}/{repo}. Read paths are public (subject to policy.Can which
 +// gates private repos); write paths run through RequireUser so an
 +// anonymous browser hits the login redirect rather than the 404
 +// existence-leak path.
 +func (h *Handlers) MountIssues(r chi.Router) {
 +	// Public reads.
 +	r.Get("/{owner}/{repo}/issues", h.issuesList)
 +	r.Get("/{owner}/{repo}/issues/{number}", h.issueView)
 +	r.Get("/{owner}/{repo}/labels", h.labelsList)
 +	r.Get("/{owner}/{repo}/milestones", h.milestonesList)
++
 +	// Auth-required: form GETs + state-changing POSTs. policy.Can
 +	// inside the handler still applies (e.g. archived repos block
 +	// writes even for the owner), but RequireUser handles the simpler
 +	// "you need to be logged in" case with a /login redirect.
 +	r.Group(func(r chi.Router) {
 +		r.Use(middleware.RequireUser)
 +		r.Get("/{owner}/{repo}/issues/new", h.issueNewForm)
 +		r.Post("/{owner}/{repo}/issues", h.issueCreate)
 +		r.Post("/{owner}/{repo}/issues/{number}/comments", h.issueComment)
 +		r.Post("/{owner}/{repo}/issues/{number}/state", h.issueSetState)
 +		r.Post("/{owner}/{repo}/issues/{number}/lock", h.issueSetLock)
 +		r.Post("/{owner}/{repo}/issues/{number}/labels", h.issueApplyLabels)
 +		r.Post("/{owner}/{repo}/issues/{number}/milestone", h.issueAssignMilestone)
 +		r.Post("/{owner}/{repo}/issues/{number}/assignees", h.issueToggleAssignee)
++
 +		r.Post("/{owner}/{repo}/labels", h.labelCreate)
 +		r.Post("/{owner}/{repo}/labels/{id}/update", h.labelUpdate)
 +		r.Post("/{owner}/{repo}/labels/{id}/delete", h.labelDelete)
++
 +		r.Post("/{owner}/{repo}/milestones", h.milestoneCreate)
 +		r.Post("/{owner}/{repo}/milestones/{id}/update", h.milestoneUpdate)
 +		r.Post("/{owner}/{repo}/milestones/{id}/state", h.milestoneSetState)
 +		r.Post("/{owner}/{repo}/milestones/{id}/delete", h.milestoneDelete)
 +	})
 +}
++
 +// issuesDeps materializes an issues.Deps from the handler-set deps.
 +// Limiter is the same per-process instance used by repo create — the
 +// orchestrator scopes by Identifier so namespaces don't collide.
 +func (h *Handlers) issuesDeps() issues.Deps {
 +	return issues.Deps{
 +		Pool:    h.d.Pool,
 +		Limiter: h.d.Limiter,
 +		Logger:  h.d.Logger,
 +	}
 +}
++
 +// issuesList renders /{owner}/{repo}/issues with optional ?state filter.
 +func (h *Handlers) issuesList(w http.ResponseWriter, r *http.Request) {
 +	row, owner, ok := h.loadRepoAndAuthorize(w, r, policy.ActionIssueRead)
 +	if !ok {
 +		return
 +	}
 +	stateFilter := r.URL.Query().Get("state")
 +	if stateFilter == "" {
 +		stateFilter = "open"
 +	}
 +	stateNarg := pgtype.Text{}
 +	if stateFilter == "open" || stateFilter == "closed" {
 +		stateNarg = pgtype.Text{String: stateFilter, Valid: true}
 +	}
 +	page, _ := strconv.Atoi(r.URL.Query().Get("page"))
 +	if page < 1 {
 +		page = 1
 +	}
 +	const perPage = 25
 +	rows, err := h.iq.ListIssues(r.Context(), h.d.Pool, issuesdb.ListIssuesParams{
 +		RepoID:      row.ID,
 +		StateFilter: stateNarg,
 +		Kind:        issuesdb.NullIssueKind{IssueKind: issuesdb.IssueKindIssue, Valid: true},
 +		Limit:       perPage,
 +		Offset:      int32((page - 1) * perPage),
 +	})
 +	if err != nil {
 +		h.d.Logger.WarnContext(r.Context(), "issues: list", "error", err)
 +		h.d.Render.HTTPError(w, r, http.StatusInternalServerError, "")
 +		return
 +	}
 +	total, _ := h.iq.CountIssues(r.Context(), h.d.Pool, issuesdb.CountIssuesParams{
 +		RepoID:      row.ID,
 +		StateFilter: stateNarg,
 +		Kind:        issuesdb.NullIssueKind{IssueKind: issuesdb.IssueKindIssue, Valid: true},
 +	})
 +	openCount, _ := h.iq.CountIssues(r.Context(), h.d.Pool, issuesdb.CountIssuesParams{
 +		RepoID:      row.ID,
 +		StateFilter: pgtype.Text{String: "open", Valid: true},
 +		Kind:        issuesdb.NullIssueKind{IssueKind: issuesdb.IssueKindIssue, Valid: true},
 +	})
 +	closedCount, _ := h.iq.CountIssues(r.Context(), h.d.Pool, issuesdb.CountIssuesParams{
 +		RepoID:      row.ID,
 +		StateFilter: pgtype.Text{String: "closed", Valid: true},
 +		Kind:        issuesdb.NullIssueKind{IssueKind: issuesdb.IssueKindIssue, Valid: true},
 +	})
++
 +	// Decorate with author username + label set + assignee count for the
 +	// list. Cheap N+1 for v1; S36 will batch this.
 +	type listItem struct {
 +		Issue        issuesdb.Issue
 +		AuthorName   string
 +		Labels       []issuesdb.Label
 +		Assignees    []issuesdb.ListIssueAssigneesRow
 +		CommentCount int64
 +	}
 +	items := make([]listItem, 0, len(rows))
 +	for _, ir := range rows {
 +		it := listItem{Issue: ir}
 +		if ir.AuthorUserID.Valid {
 +			if u, err := h.uq.GetUserByID(r.Context(), h.d.Pool, ir.AuthorUserID.Int64); err == nil {
 +				it.AuthorName = u.Username
 +			}
 +		}
 +		it.Labels, _ = h.iq.ListLabelsOnIssue(r.Context(), h.d.Pool, ir.ID)
 +		it.Assignees, _ = h.iq.ListIssueAssignees(r.Context(), h.d.Pool, ir.ID)
 +		items = append(items, it)
 +	}
++
 +	w.Header().Set("Content-Type", "text/html; charset=utf-8")
 +	if err := h.d.Render.RenderPage(w, r, "repo/issues_list", map[string]any{
 +		"Title":       "Issues · " + row.Name,
 +		"Owner":       owner.Username,
 +		"Repo":        row,
 +		"Items":       items,
 +		"State":       stateFilter,
 +		"OpenCount":   openCount,
 +		"ClosedCount": closedCount,
 +		"Total":       total,
 +		"Page":        page,
 +		"PerPage":     perPage,
 +		"CSRFToken":   middleware.CSRFTokenForRequest(r),
 +	}); err != nil {
 +		h.d.Logger.ErrorContext(r.Context(), "issues: render list", "error", err)
 +	}
 +}
++
 +// issueNewForm renders the new-issue form.
 +func (h *Handlers) issueNewForm(w http.ResponseWriter, r *http.Request) {
 +	row, owner, ok := h.loadRepoAndAuthorize(w, r, policy.ActionIssueCreate)
 +	if !ok {
 +		return
 +	}
 +	w.Header().Set("Content-Type", "text/html; charset=utf-8")
 +	_ = h.d.Render.RenderPage(w, r, "repo/issue_new", map[string]any{
 +		"Title":     "New issue · " + row.Name,
 +		"Owner":     owner.Username,
 +		"Repo":      row,
 +		"CSRFToken": middleware.CSRFTokenForRequest(r),
 +	})
 +}
++
 +// issueCreate handles the new-issue POST.
 +func (h *Handlers) issueCreate(w http.ResponseWriter, r *http.Request) {
 +	row, owner, ok := h.loadRepoAndAuthorize(w, r, policy.ActionIssueCreate)
 +	if !ok {
 +		return
 +	}
 +	if err := r.ParseForm(); err != nil {
 +		h.d.Render.HTTPError(w, r, http.StatusBadRequest, "form parse")
 +		return
 +	}
 +	viewer := middleware.CurrentUserFromContext(r.Context())
 +	title := strings.TrimSpace(r.PostFormValue("title"))
 +	body := r.PostFormValue("body")
 +	created, err := issues.Create(r.Context(), h.issuesDeps(), issues.CreateParams{
 +		RepoID:       row.ID,
 +		AuthorUserID: viewer.ID,
 +		Title:        title,
 +		Body:         body,
 +		Kind:         "issue",
 +	})
 +	if err != nil {
 +		h.renderIssueCreateError(w, r, owner.Username, row, title, body, err)
 +		return
 +	}
 +	http.Redirect(w, r,
 +		"/"+owner.Username+"/"+row.Name+"/issues/"+strconv.FormatInt(created.Number, 10),
 +		http.StatusSeeOther,
 +	)
 +}
++
 +func (h *Handlers) renderIssueCreateError(w http.ResponseWriter, r *http.Request, owner string, row reposdb.Repo, title, body string, err error) {
 +	msg := "Could not create the issue. Try again."
 +	switch {
 +	case errors.Is(err, issues.ErrEmptyTitle):
 +		msg = "Title is required."
 +	case errors.Is(err, issues.ErrTitleTooLong):
 +		msg = "Title is too long (max 256)."
 +	case errors.Is(err, issues.ErrBodyTooLong):
 +		msg = "Body is too long."
 +	}
 +	w.Header().Set("Content-Type", "text/html; charset=utf-8")
 +	w.WriteHeader(http.StatusBadRequest)
 +	_ = h.d.Render.RenderPage(w, r, "repo/issue_new", map[string]any{
 +		"Title":     "New issue · " + row.Name,
 +		"Owner":     owner,
 +		"Repo":      row,
 +		"FormTitle": title,
 +		"FormBody":  body,
 +		"Error":     msg,
 +		"CSRFToken": middleware.CSRFTokenForRequest(r),
 +	})
 +}
++
 +// issueView renders /{owner}/{repo}/issues/{number} with the timeline.
 +func (h *Handlers) issueView(w http.ResponseWriter, r *http.Request) {
 +	row, owner, ok := h.loadRepoAndAuthorize(w, r, policy.ActionIssueRead)
 +	if !ok {
 +		return
 +	}
 +	num, err := strconv.ParseInt(chi.URLParam(r, "number"), 10, 64)
 +	if err != nil {
 +		h.d.Render.HTTPError(w, r, http.StatusNotFound, "")
 +		return
 +	}
 +	issue, err := h.iq.GetIssueByNumber(r.Context(), h.d.Pool, issuesdb.GetIssueByNumberParams{
 +		RepoID: row.ID, Number: num,
 +	})
 +	if err != nil {
 +		if errors.Is(err, pgx.ErrNoRows) {
 +			h.d.Render.HTTPError(w, r, http.StatusNotFound, "")
 +			return
 +		}
 +		h.d.Logger.WarnContext(r.Context(), "issues: get", "error", err)
 +		h.d.Render.HTTPError(w, r, http.StatusInternalServerError, "")
 +		return
 +	}
++
 +	comments, _ := h.iq.ListIssueComments(r.Context(), h.d.Pool, issue.ID)
 +	events, _ := h.iq.ListIssueEvents(r.Context(), h.d.Pool, issue.ID)
 +	labels, _ := h.iq.ListLabelsOnIssue(r.Context(), h.d.Pool, issue.ID)
 +	assignees, _ := h.iq.ListIssueAssignees(r.Context(), h.d.Pool, issue.ID)
 +	allLabels, _ := h.iq.ListLabels(r.Context(), h.d.Pool, row.ID)
 +	milestones, _ := h.iq.ListMilestones(r.Context(), h.d.Pool, row.ID)
++
 +	// Resolve usernames for comment authors.
 +	type commentRow struct {
 +		C          issuesdb.IssueComment
 +		AuthorName string
 +	}
 +	cs := make([]commentRow, 0, len(comments))
 +	for _, c := range comments {
 +		cr := commentRow{C: c}
 +		if c.AuthorUserID.Valid {
 +			if u, err := h.uq.GetUserByID(r.Context(), h.d.Pool, c.AuthorUserID.Int64); err == nil {
 +				cr.AuthorName = u.Username
 +			}
 +		}
 +		cs = append(cs, cr)
 +	}
 +	// Author username on the issue itself.
 +	authorName := ""
 +	if issue.AuthorUserID.Valid {
 +		if u, err := h.uq.GetUserByID(r.Context(), h.d.Pool, issue.AuthorUserID.Int64); err == nil {
 +			authorName = u.Username
 +		}
 +	}
++
 +	w.Header().Set("Content-Type", "text/html; charset=utf-8")
 +	_ = h.d.Render.RenderPage(w, r, "repo/issue_view", map[string]any{
 +		"Title":      issue.Title + " · " + row.Name,
 +		"Owner":      owner.Username,
 +		"Repo":       row,
 +		"Issue":      issue,
 +		"AuthorName": authorName,
 +		"Comments":   cs,
 +		"Events":     events,
 +		"Labels":     labels,
 +		"Assignees":  assignees,
 +		"AllLabels":  allLabels,
 +		"Milestones": milestones,
 +		"CSRFToken":  middleware.CSRFTokenForRequest(r),
 +	})
 +}
++
 +func (h *Handlers) loadIssueByNumber(w http.ResponseWriter, r *http.Request, repo reposdb.Repo) (issuesdb.Issue, bool) {
 +	num, err := strconv.ParseInt(chi.URLParam(r, "number"), 10, 64)
 +	if err != nil {
 +		h.d.Render.HTTPError(w, r, http.StatusNotFound, "")
 +		return issuesdb.Issue{}, false
 +	}
 +	issue, err := h.iq.GetIssueByNumber(r.Context(), h.d.Pool, issuesdb.GetIssueByNumberParams{
 +		RepoID: repo.ID, Number: num,
 +	})
 +	if err != nil {
 +		if errors.Is(err, pgx.ErrNoRows) {
 +			h.d.Render.HTTPError(w, r, http.StatusNotFound, "")
 +		} else {
 +			h.d.Render.HTTPError(w, r, http.StatusInternalServerError, "")
 +		}
 +		return issuesdb.Issue{}, false
 +	}
 +	return issue, true
 +}
++
 +// issueComment handles POST .../comments
 +func (h *Handlers) issueComment(w http.ResponseWriter, r *http.Request) {
 +	row, owner, ok := h.loadRepoAndAuthorize(w, r, policy.ActionIssueComment)
 +	if !ok {
 +		return
 +	}
 +	if err := r.ParseForm(); err != nil {
 +		h.d.Render.HTTPError(w, r, http.StatusBadRequest, "form parse")
 +		return
 +	}
 +	issue, ok := h.loadIssueByNumber(w, r, row)
 +	if !ok {
 +		return
 +	}
 +	viewer := middleware.CurrentUserFromContext(r.Context())
 +	body := r.PostFormValue("body")
++
 +	// IsCollab — for v1 only the repo owner counts as collaborator
 +	// (S15 attaches collaborators table; lookup deferred for the
 +	// locked-issue gate). Owners always pass.
 +	isCollab := row.OwnerUserID.Valid && row.OwnerUserID.Int64 == viewer.ID
++
 +	_, err := issues.AddComment(r.Context(), h.issuesDeps(), issues.CommentCreateParams{
 +		IssueID:      issue.ID,
 +		AuthorUserID: viewer.ID,
 +		Body:         body,
 +		IsCollab:     isCollab,
 +	})
 +	if err != nil {
 +		h.handleIssueWriteError(w, r, owner.Username, row, issue, err)
 +		return
 +	}
 +	h.redirectIssue(w, r, owner.Username, row.Name, issue.Number)
 +}
++
 +func (h *Handlers) issueSetState(w http.ResponseWriter, r *http.Request) {
 +	row, owner, ok := h.loadRepoAndAuthorize(w, r, policy.ActionIssueClose)
 +	if !ok {
 +		return
 +	}
 +	issue, ok := h.loadIssueByNumber(w, r, row)
 +	if !ok {
 +		return
 +	}
 +	state := strings.TrimSpace(r.PostFormValue("state"))
 +	reason := strings.TrimSpace(r.PostFormValue("reason"))
 +	viewer := middleware.CurrentUserFromContext(r.Context())
 +	if err := issues.SetState(r.Context(), h.issuesDeps(), viewer.ID, issue.ID, state, reason); err != nil {
 +		h.handleIssueWriteError(w, r, owner.Username, row, issue, err)
 +		return
 +	}
 +	h.redirectIssue(w, r, owner.Username, row.Name, issue.Number)
 +}
++
 +func (h *Handlers) issueSetLock(w http.ResponseWriter, r *http.Request) {
 +	row, owner, ok := h.loadRepoAndAuthorize(w, r, policy.ActionIssueClose)
 +	if !ok {
 +		return
 +	}
 +	issue, ok := h.loadIssueByNumber(w, r, row)
 +	if !ok {
 +		return
 +	}
 +	locked := r.PostFormValue("lock") == "true"
 +	reason := strings.TrimSpace(r.PostFormValue("reason"))
 +	viewer := middleware.CurrentUserFromContext(r.Context())
 +	if err := issues.SetLock(r.Context(), h.issuesDeps(), viewer.ID, issue.ID, locked, reason); err != nil {
 +		h.handleIssueWriteError(w, r, owner.Username, row, issue, err)
 +		return
 +	}
 +	h.redirectIssue(w, r, owner.Username, row.Name, issue.Number)
 +}
++
 +func (h *Handlers) issueApplyLabels(w http.ResponseWriter, r *http.Request) {
 +	row, owner, ok := h.loadRepoAndAuthorize(w, r, policy.ActionIssueLabel)
 +	if !ok {
 +		return
 +	}
 +	issue, ok := h.loadIssueByNumber(w, r, row)
 +	if !ok {
 +		return
 +	}
 +	if err := r.ParseForm(); err != nil {
 +		h.d.Render.HTTPError(w, r, http.StatusBadRequest, "form parse")
 +		return
 +	}
 +	raw := r.PostForm["label_ids"]
 +	ids := make([]int64, 0, len(raw))
 +	for _, s := range raw {
 +		if id, err := strconv.ParseInt(s, 10, 64); err == nil {
 +			ids = append(ids, id)
 +		}
 +	}
 +	viewer := middleware.CurrentUserFromContext(r.Context())
 +	if err := issues.ApplyLabels(r.Context(), h.issuesDeps(), viewer.ID, issue.ID, ids); err != nil {
 +		h.handleIssueWriteError(w, r, owner.Username, row, issue, err)
 +		return
 +	}
 +	h.redirectIssue(w, r, owner.Username, row.Name, issue.Number)
 +}
++
 +func (h *Handlers) issueAssignMilestone(w http.ResponseWriter, r *http.Request) {
 +	row, owner, ok := h.loadRepoAndAuthorize(w, r, policy.ActionIssueLabel)
 +	if !ok {
 +		return
 +	}
 +	issue, ok := h.loadIssueByNumber(w, r, row)
 +	if !ok {
 +		return
 +	}
 +	mid, _ := strconv.ParseInt(strings.TrimSpace(r.PostFormValue("milestone_id")), 10, 64)
 +	viewer := middleware.CurrentUserFromContext(r.Context())
 +	if err := issues.AssignMilestone(r.Context(), h.issuesDeps(), viewer.ID, issue.ID, mid); err != nil {
 +		h.handleIssueWriteError(w, r, owner.Username, row, issue, err)
 +		return
 +	}
 +	h.redirectIssue(w, r, owner.Username, row.Name, issue.Number)
 +}
++
 +func (h *Handlers) issueToggleAssignee(w http.ResponseWriter, r *http.Request) {
 +	row, owner, ok := h.loadRepoAndAuthorize(w, r, policy.ActionIssueAssign)
 +	if !ok {
 +		return
 +	}
 +	issue, ok := h.loadIssueByNumber(w, r, row)
 +	if !ok {
 +		return
 +	}
 +	target := strings.TrimSpace(r.PostFormValue("username"))
 +	mode := r.PostFormValue("mode") // "add" | "remove"
 +	tu, err := h.uq.GetUserByUsername(r.Context(), h.d.Pool, target)
 +	if err != nil {
 +		h.handleIssueWriteError(w, r, owner.Username, row, issue, errors.New("user not found"))
 +		return
 +	}
 +	viewer := middleware.CurrentUserFromContext(r.Context())
 +	if mode == "remove" {
 +		err = issues.UnassignUser(r.Context(), h.issuesDeps(), viewer.ID, issue.ID, tu.ID)
 +	} else {
 +		err = issues.AssignUser(r.Context(), h.issuesDeps(), viewer.ID, issue.ID, tu.ID)
 +	}
 +	if err != nil {
 +		h.handleIssueWriteError(w, r, owner.Username, row, issue, err)
 +		return
 +	}
 +	h.redirectIssue(w, r, owner.Username, row.Name, issue.Number)
 +}
++
 +func (h *Handlers) redirectIssue(w http.ResponseWriter, r *http.Request, owner, repo string, number int64) {
 +	http.Redirect(w, r, "/"+owner+"/"+repo+"/issues/"+strconv.FormatInt(number, 10), http.StatusSeeOther)
 +}
++
 +func (h *Handlers) handleIssueWriteError(w http.ResponseWriter, r *http.Request, _ string, _ reposdb.Repo, _ issuesdb.Issue, err error) {
 +	switch {
 +	case errors.Is(err, issues.ErrIssueLocked):
 +		h.d.Render.HTTPError(w, r, http.StatusLocked, "issue is locked")
 +	case errors.Is(err, issues.ErrCommentRateLimit):
 +		h.d.Render.HTTPError(w, r, http.StatusTooManyRequests, "rate limit")
 +	case errors.Is(err, issues.ErrCommentTooLong):
 +		h.d.Render.HTTPError(w, r, http.StatusBadRequest, "comment too long")
 +	default:
 +		var t *throttle.ErrThrottled
 +		if errors.As(err, &t) {
 +			h.d.Render.HTTPError(w, r, http.StatusTooManyRequests, "rate limit")
 +			return
 +		}
 +		h.d.Logger.WarnContext(r.Context(), "issues: write", "error", err)
 +		h.d.Render.HTTPError(w, r, http.StatusInternalServerError, "")
 +	}
 +}

internal/web/handlers/repo/labels_milestones.goadded

 +// SPDX-License-Identifier: AGPL-3.0-or-later
++
 +package repo
++
 +import (
 +	"errors"
 +	"net/http"
 +	"strconv"
 +	"strings"
 +	"time"
++
 +	"github.com/go-chi/chi/v5"
++
 +	"github.com/tenseleyFlow/shithub/internal/auth/policy"
 +	"github.com/tenseleyFlow/shithub/internal/issues"
 +	"github.com/tenseleyFlow/shithub/internal/web/middleware"
 +)
++
 +// ─── labels ──────────────────────────────────────────────────────────
++
 +func (h *Handlers) labelsList(w http.ResponseWriter, r *http.Request) {
 +	row, owner, ok := h.loadRepoAndAuthorize(w, r, policy.ActionRepoRead)
 +	if !ok {
 +		return
 +	}
 +	labels, _ := h.iq.ListLabels(r.Context(), h.d.Pool, row.ID)
 +	w.Header().Set("Content-Type", "text/html; charset=utf-8")
 +	_ = h.d.Render.RenderPage(w, r, "repo/labels", map[string]any{
 +		"Title":     "Labels · " + row.Name,
 +		"Owner":     owner.Username,
 +		"Repo":      row,
 +		"Labels":    labels,
 +		"CSRFToken": middleware.CSRFTokenForRequest(r),
 +	})
 +}
++
 +func (h *Handlers) labelCreate(w http.ResponseWriter, r *http.Request) {
 +	row, owner, ok := h.loadRepoAndAuthorize(w, r, policy.ActionIssueLabel)
 +	if !ok {
 +		return
 +	}
 +	if err := r.ParseForm(); err != nil {
 +		h.d.Render.HTTPError(w, r, http.StatusBadRequest, "form parse")
 +		return
 +	}
 +	_, err := issues.CreateLabel(r.Context(), h.issuesDeps(), issues.LabelCreateParams{
 +		RepoID:      row.ID,
 +		Name:        r.PostFormValue("name"),
 +		Color:       r.PostFormValue("color"),
 +		Description: r.PostFormValue("description"),
 +	})
 +	if err != nil {
 +		h.handleLabelError(w, r, err)
 +		return
 +	}
 +	http.Redirect(w, r, "/"+owner.Username+"/"+row.Name+"/labels", http.StatusSeeOther)
 +}
++
 +func (h *Handlers) labelUpdate(w http.ResponseWriter, r *http.Request) {
 +	row, owner, ok := h.loadRepoAndAuthorize(w, r, policy.ActionIssueLabel)
 +	if !ok {
 +		return
 +	}
 +	id, err := strconv.ParseInt(chi.URLParam(r, "id"), 10, 64)
 +	if err != nil {
 +		h.d.Render.HTTPError(w, r, http.StatusNotFound, "")
 +		return
 +	}
 +	if err := r.ParseForm(); err != nil {
 +		h.d.Render.HTTPError(w, r, http.StatusBadRequest, "form parse")
 +		return
 +	}
 +	if err := issues.UpdateLabel(r.Context(), h.issuesDeps(), issues.LabelUpdateParams{
 +		ID:          id,
 +		Name:        r.PostFormValue("name"),
 +		Color:       r.PostFormValue("color"),
 +		Description: r.PostFormValue("description"),
 +	}); err != nil {
 +		h.handleLabelError(w, r, err)
 +		return
 +	}
 +	http.Redirect(w, r, "/"+owner.Username+"/"+row.Name+"/labels", http.StatusSeeOther)
 +}
++
 +func (h *Handlers) labelDelete(w http.ResponseWriter, r *http.Request) {
 +	row, owner, ok := h.loadRepoAndAuthorize(w, r, policy.ActionIssueLabel)
 +	if !ok {
 +		return
 +	}
 +	id, err := strconv.ParseInt(chi.URLParam(r, "id"), 10, 64)
 +	if err != nil {
 +		h.d.Render.HTTPError(w, r, http.StatusNotFound, "")
 +		return
 +	}
 +	if err := issues.DeleteLabel(r.Context(), h.issuesDeps(), id); err != nil {
 +		h.handleLabelError(w, r, err)
 +		return
 +	}
 +	http.Redirect(w, r, "/"+owner.Username+"/"+row.Name+"/labels", http.StatusSeeOther)
 +}
++
 +func (h *Handlers) handleLabelError(w http.ResponseWriter, r *http.Request, err error) {
 +	switch {
 +	case errors.Is(err, issues.ErrLabelExists):
 +		h.d.Render.HTTPError(w, r, http.StatusConflict, "label name already taken")
 +	case errors.Is(err, issues.ErrLabelInvalidColor):
 +		h.d.Render.HTTPError(w, r, http.StatusBadRequest, "label color must be 6 hex chars")
 +	default:
 +		h.d.Logger.WarnContext(r.Context(), "labels: write", "error", err)
 +		h.d.Render.HTTPError(w, r, http.StatusInternalServerError, "")
 +	}
 +}
++
 +// ─── milestones ──────────────────────────────────────────────────────
++
 +func (h *Handlers) milestonesList(w http.ResponseWriter, r *http.Request) {
 +	row, owner, ok := h.loadRepoAndAuthorize(w, r, policy.ActionRepoRead)
 +	if !ok {
 +		return
 +	}
 +	ms, _ := h.iq.ListMilestones(r.Context(), h.d.Pool, row.ID)
 +	w.Header().Set("Content-Type", "text/html; charset=utf-8")
 +	_ = h.d.Render.RenderPage(w, r, "repo/milestones", map[string]any{
 +		"Title":      "Milestones · " + row.Name,
 +		"Owner":      owner.Username,
 +		"Repo":       row,
 +		"Milestones": ms,
 +		"CSRFToken":  middleware.CSRFTokenForRequest(r),
 +	})
 +}
++
 +func (h *Handlers) milestoneCreate(w http.ResponseWriter, r *http.Request) {
 +	row, owner, ok := h.loadRepoAndAuthorize(w, r, policy.ActionIssueLabel)
 +	if !ok {
 +		return
 +	}
 +	if err := r.ParseForm(); err != nil {
 +		h.d.Render.HTTPError(w, r, http.StatusBadRequest, "form parse")
 +		return
 +	}
 +	due := parseDueOn(r.PostFormValue("due_on"))
 +	_, err := issues.CreateMilestone(r.Context(), h.issuesDeps(), issues.MilestoneCreateParams{
 +		RepoID:      row.ID,
 +		Title:       r.PostFormValue("title"),
 +		Description: r.PostFormValue("description"),
 +		DueOn:       due,
 +	})
 +	if err != nil {
 +		h.handleMilestoneError(w, r, err)
 +		return
 +	}
 +	http.Redirect(w, r, "/"+owner.Username+"/"+row.Name+"/milestones", http.StatusSeeOther)
 +}
++
 +func (h *Handlers) milestoneUpdate(w http.ResponseWriter, r *http.Request) {
 +	row, owner, ok := h.loadRepoAndAuthorize(w, r, policy.ActionIssueLabel)
 +	if !ok {
 +		return
 +	}
 +	id, err := strconv.ParseInt(chi.URLParam(r, "id"), 10, 64)
 +	if err != nil {
 +		h.d.Render.HTTPError(w, r, http.StatusNotFound, "")
 +		return
 +	}
 +	if err := r.ParseForm(); err != nil {
 +		h.d.Render.HTTPError(w, r, http.StatusBadRequest, "form parse")
 +		return
 +	}
 +	due := parseDueOn(r.PostFormValue("due_on"))
 +	if err := issues.UpdateMilestone(r.Context(), h.issuesDeps(), issues.MilestoneUpdateParams{
 +		ID:          id,
 +		Title:       r.PostFormValue("title"),
 +		Description: r.PostFormValue("description"),
 +		DueOn:       due,
 +	}); err != nil {
 +		h.handleMilestoneError(w, r, err)
 +		return
 +	}
 +	http.Redirect(w, r, "/"+owner.Username+"/"+row.Name+"/milestones", http.StatusSeeOther)
 +}
++
 +func (h *Handlers) milestoneSetState(w http.ResponseWriter, r *http.Request) {
 +	row, owner, ok := h.loadRepoAndAuthorize(w, r, policy.ActionIssueLabel)
 +	if !ok {
 +		return
 +	}
 +	id, err := strconv.ParseInt(chi.URLParam(r, "id"), 10, 64)
 +	if err != nil {
 +		h.d.Render.HTTPError(w, r, http.StatusNotFound, "")
 +		return
 +	}
 +	state := strings.TrimSpace(r.PostFormValue("state"))
 +	if err := issues.SetMilestoneState(r.Context(), h.issuesDeps(), id, state); err != nil {
 +		h.handleMilestoneError(w, r, err)
 +		return
 +	}
 +	http.Redirect(w, r, "/"+owner.Username+"/"+row.Name+"/milestones", http.StatusSeeOther)
 +}
++
 +func (h *Handlers) milestoneDelete(w http.ResponseWriter, r *http.Request) {
 +	row, owner, ok := h.loadRepoAndAuthorize(w, r, policy.ActionIssueLabel)
 +	if !ok {
 +		return
 +	}
 +	id, err := strconv.ParseInt(chi.URLParam(r, "id"), 10, 64)
 +	if err != nil {
 +		h.d.Render.HTTPError(w, r, http.StatusNotFound, "")
 +		return
 +	}
 +	if err := issues.DeleteMilestone(r.Context(), h.issuesDeps(), id); err != nil {
 +		h.handleMilestoneError(w, r, err)
 +		return
 +	}
 +	http.Redirect(w, r, "/"+owner.Username+"/"+row.Name+"/milestones", http.StatusSeeOther)
 +}
++
 +func (h *Handlers) handleMilestoneError(w http.ResponseWriter, r *http.Request, err error) {
 +	switch {
 +	case errors.Is(err, issues.ErrMilestoneExists):
 +		h.d.Render.HTTPError(w, r, http.StatusConflict, "milestone title already taken")
 +	default:
 +		h.d.Logger.WarnContext(r.Context(), "milestones: write", "error", err)
 +		h.d.Render.HTTPError(w, r, http.StatusInternalServerError, "")
 +	}
 +}
++
 +// parseDueOn accepts a yyyy-mm-dd input from the form (HTML date input
 +// shape). Empty string clears the due date. Anything unparseable is
 +// treated as cleared so a malformed date doesn't 400 the form.
 +func parseDueOn(s string) *time.Time {
 +	s = strings.TrimSpace(s)
 +	if s == "" {
 +		return nil
 +	}
 +	t, err := time.Parse("2006-01-02", s)
 +	if err != nil {
 +		return nil
 +	}
 +	return &t
 +}

internal/web/handlers/repo/repo.gomodified

  	"github.com/tenseleyFlow/shithub/internal/auth/policy"
  	"github.com/tenseleyFlow/shithub/internal/auth/throttle"
  	"github.com/tenseleyFlow/shithub/internal/infra/storage"
 +	issuesdb "github.com/tenseleyFlow/shithub/internal/issues/sqlc"
  	"github.com/tenseleyFlow/shithub/internal/repos"
  	repogit "github.com/tenseleyFlow/shithub/internal/repos/git"
  	reposdb "github.com/tenseleyFlow/shithub/internal/repos/sqlc"
  	d  Deps
  	rq *reposdb.Queries
  	uq *usersdb.Queries
 +	iq *issuesdb.Queries
+ }
  // New constructs the handler set, validating Deps.
  	if d.Limiter == nil {
  		d.Limiter = throttle.NewLimiter()
+ 	}
 -	return &Handlers{d: d, rq: reposdb.New(), uq: usersdb.New()}, nil
 +	return &Handlers{d: d, rq: reposdb.New(), uq: usersdb.New(), iq: issuesdb.New()}, nil
+ }
  // MountNew registers /new (auth-required). Caller wraps with

internal/web/server.gomodified

  				repoH.MountSettingsBranches(r)
  			})
+ 		}
 +		// Issues GETs are public (subject to policy.Can), POSTs require
 +		// auth. The handler enforces auth + policy per request, so we
 +		// register the whole surface in the public group; an unauth
 +		// POST hits the policy gate and 404s out of the existence-leak
 +		// path. Browser flows still need RequireUser to redirect-to-login,
 +		// so the POST routes get wrapped through the same group with
 +		// RequireUser inserted only for state-mutating verbs.
 +		deps.RepoIssuesMounter = repoH.MountIssues
  		// Lifecycle danger-zone routes — also auth-required.
  		deps.RepoLifecycleMounter = func(r chi.Router) {
  			r.Group(func(r chi.Router) {