`fa5aa61`

S10: Appearance theme picker — writes users.theme + theme cookie

Authored by mfwolffe <wolffemf@dukes.jmu.edu> 6 days ago

SHA: fa5aa6160bb2d7a9fb5302940fdb59fe101cfadc
Parents: 82087a7
Tree: 7127fe4

6 changed files

Status	File	+
A	`internal/web/handlers/auth/appearance.go`	97
A	`internal/web/handlers/auth/appearance_test.go`	102
M	`internal/web/handlers/auth/auth.go`	2
M	`internal/web/handlers/auth/auth_test.go`	2
M	`internal/web/static/css/shithub.css`	45
A	`internal/web/templates/settings/appearance.html`	56

internal/web/handlers/auth/appearance.goadded

 +// SPDX-License-Identifier: AGPL-3.0-or-later
++
 +package auth
++
 +import (
 +	"net/http"
++
 +	usersdb "github.com/tenseleyFlow/shithub/internal/users/sqlc"
 +	"github.com/tenseleyFlow/shithub/internal/web/middleware"
 +)
++
 +// allowedThemes mirrors the CHECK constraint on users.theme. Plus the
 +// empty string, which we treat the same as "auto" but persist as "" in
 +// the DB so the cookie wins on devices where the user hasn't set a
 +// preference.
 +var allowedThemes = map[string]struct{}{
 +	"":              {},
 +	"light":         {},
 +	"dark":          {},
 +	"auto":          {},
 +	"high_contrast": {},
 +}
++
 +// themeCookieName is read by the inline script in _layout.html before any
 +// CSS computes, avoiding a flash on first paint.
 +const themeCookieName = "theme"
++
 +// settingsAppearanceForm renders GET /settings/appearance.
 +func (h *Handlers) settingsAppearanceForm(w http.ResponseWriter, r *http.Request) {
 +	h.renderAppearanceForm(w, r, "", "")
 +}
++
 +// settingsAppearanceSubmit handles POST /settings/appearance.
 +//
 +// Two writes:
 +//  1. users.theme — source of truth across devices.
 +//  2. theme cookie — so the next request paints the right theme without
 +//     waiting on the inline JS to fall back to system preference.
 +func (h *Handlers) settingsAppearanceSubmit(w http.ResponseWriter, r *http.Request) {
 +	if err := r.ParseForm(); err != nil {
 +		h.d.Render.HTTPError(w, r, http.StatusBadRequest, "form parse")
 +		return
 +	}
 +	user := middleware.CurrentUserFromContext(r.Context())
 +	choice := r.PostFormValue("theme")
 +	if _, ok := allowedThemes[choice]; !ok {
 +		h.renderAppearanceForm(w, r, "Unknown theme.", "")
 +		return
 +	}
++
 +	if err := h.q.UpdateUserTheme(r.Context(), h.d.Pool, usersdb.UpdateUserThemeParams{
 +		ID:    user.ID,
 +		Theme: choice,
 +	}); err != nil {
 +		h.d.Logger.ErrorContext(r.Context(), "appearance: update", "error", err)
 +		h.d.Render.HTTPError(w, r, http.StatusInternalServerError, "")
 +		return
 +	}
++
 +	//nolint:gosec // G124 false positive: HttpOnly intentionally false because the
 +	// inline script in _layout.html reads this cookie before any CSS computes,
 +	// avoiding a flash of unthemed content. The cookie carries no auth value.
 +	cookie := &http.Cookie{
 +		Name:     themeCookieName,
 +		Value:    choice,
 +		Path:     "/",
 +		MaxAge:   60 * 60 * 24 * 365, // 1 year
 +		HttpOnly: false,
 +		Secure:   r.TLS != nil,
 +		SameSite: http.SameSiteLaxMode,
 +	}
 +	if choice == "" {
 +		// Empty value clears the cookie so the inline script falls back
 +		// to system preference on the next paint.
 +		cookie.Value = ""
 +		cookie.MaxAge = -1
 +	}
 +	http.SetCookie(w, cookie)
++
 +	h.renderAppearanceForm(w, r, "", "Appearance updated.")
 +}
++
 +func (h *Handlers) renderAppearanceForm(w http.ResponseWriter, r *http.Request, errMsg, successMsg string) {
 +	user := middleware.CurrentUserFromContext(r.Context())
 +	current := ""
 +	if row, err := h.q.GetUserByID(r.Context(), h.d.Pool, user.ID); err == nil {
 +		current = row.Theme
 +	}
 +	h.renderPage(w, r, "settings/appearance", map[string]any{
 +		"Title":          "Appearance",
 +		"CSRFToken":      middleware.CSRFTokenForRequest(r),
 +		"SettingsActive": "appearance",
 +		"CurrentTheme":   current,
 +		"Error":          errMsg,
 +		"Success":        successMsg,
 +	})
 +}

internal/web/handlers/auth/appearance_test.goadded

 +// SPDX-License-Identifier: AGPL-3.0-or-later
++
 +package auth_test
++
 +import (
 +	"io"
 +	"net/http"
 +	"net/url"
 +	"strings"
 +	"testing"
 +)
++
 +func loginAppearanceUser(t *testing.T, name string) *client {
 +	t.Helper()
 +	httpsrv, captor := newTestServer(t, false)
 +	cli := newClient(t, httpsrv)
 +	mustSignup(t, cli, name, name+"@example.com", "correct horse battery staple")
 +	tok := extractTokenFromMessage(t, captor.all()[0], "/verify-email")
 +	_ = cli.get(t, "/verify-email/"+tok).Body.Close()
++
 +	csrf := cli.extractCSRF(t, "/login")
 +	resp := cli.post(t, "/login", url.Values{
 +		"csrf_token": {csrf},
 +		"username":   {name},
 +		"password":   {"correct horse battery staple"},
 +	})
 +	if resp.StatusCode != http.StatusSeeOther {
 +		t.Fatalf("login: %d", resp.StatusCode)
 +	}
 +	_ = resp.Body.Close()
 +	return cli
 +}
++
 +func TestAppearance_PersistsTheme(t *testing.T) {
 +	t.Parallel()
 +	cli := loginAppearanceUser(t, "appra")
 +	csrf := cli.extractCSRF(t, "/settings/appearance")
 +	resp := cli.post(t, "/settings/appearance", url.Values{
 +		"csrf_token": {csrf},
 +		"theme":      {"dark"},
 +	})
 +	defer func() { _ = resp.Body.Close() }()
 +	body, _ := io.ReadAll(resp.Body)
 +	if !strings.Contains(string(body), "Appearance updated") {
 +		t.Fatalf("expected success, got: %s", body)
 +	}
 +	if !strings.Contains(string(body), "THEME=dark") {
 +		t.Fatalf("expected THEME=dark, got: %s", body)
 +	}
++
 +	// Cookie should also be set.
 +	var found bool
 +	for _, c := range resp.Cookies() {
 +		if c.Name == "theme" && c.Value == "dark" {
 +			found = true
 +			break
 +		}
 +	}
 +	if !found {
 +		t.Fatalf("expected theme=dark cookie in response; got %+v", resp.Cookies())
 +	}
 +}
++
 +func TestAppearance_RejectsUnknownTheme(t *testing.T) {
 +	t.Parallel()
 +	cli := loginAppearanceUser(t, "apprb")
 +	csrf := cli.extractCSRF(t, "/settings/appearance")
 +	resp := cli.post(t, "/settings/appearance", url.Values{
 +		"csrf_token": {csrf},
 +		"theme":      {"neon"},
 +	})
 +	defer func() { _ = resp.Body.Close() }()
 +	body, _ := io.ReadAll(resp.Body)
 +	if !strings.Contains(string(body), "Unknown theme") {
 +		t.Fatalf("expected unknown-theme error, got: %s", body)
 +	}
 +}
++
 +func TestAppearance_EmptyClearsCookie(t *testing.T) {
 +	t.Parallel()
 +	cli := loginAppearanceUser(t, "apprc")
++
 +	// Set a theme first.
 +	csrf := cli.extractCSRF(t, "/settings/appearance")
 +	_ = cli.post(t, "/settings/appearance", url.Values{
 +		"csrf_token": {csrf},
 +		"theme":      {"dark"},
 +	}).Body.Close()
++
 +	// Now clear it.
 +	csrf = cli.extractCSRF(t, "/settings/appearance")
 +	resp := cli.post(t, "/settings/appearance", url.Values{
 +		"csrf_token": {csrf},
 +		"theme":      {""},
 +	})
 +	defer func() { _ = resp.Body.Close() }()
 +	for _, c := range resp.Cookies() {
 +		if c.Name == "theme" && c.MaxAge >= 0 {
 +			t.Fatalf("expected theme cookie cleared (MaxAge<0); got %+v", c)
 +		}
 +	}
 +}

internal/web/handlers/auth/auth.gomodified

  			r.Post("/settings/account/username", h.settingsAccountUsername)
  			r.Get("/settings/password", h.settingsPasswordForm)
  			r.Post("/settings/password", h.settingsPasswordSubmit)
 +			r.Get("/settings/appearance", h.settingsAppearanceForm)
 +			r.Post("/settings/appearance", h.settingsAppearanceSubmit)
  			r.Get("/settings/keys", h.sshKeysList)
  			r.Post("/settings/keys", h.sshKeysAdd)
  			r.Post("/settings/keys/{id}/delete", h.sshKeysDelete)

internal/web/handlers/auth/auth_test.gomodified

  	accountTpl := `{{ define "page" }}<h1>Account</h1>{{ with .Error }}<p class=error>{{.}}</p>{{ end }}{{ with .Success }}<p class=notice>{{.}}</p>{{ end }}<form action="/settings/account/username" method=POST><input name=csrf_token value="{{.CSRFToken}}">USERNAME={{.CurrentUsername}};USED={{.RecentRenames}}/{{.MaxRenames}};</form>{{ end }}`
  	//nolint:gosec // G101 false positive: HTML fixture, not a credential.
  	pwTpl := `{{ define "page" }}<h1>Password</h1>{{ with .Error }}<p class=error>{{.}}</p>{{ end }}{{ with .Success }}<p class=notice>{{.}}</p>{{ end }}<form action="/settings/password" method=POST><input name=csrf_token value="{{.CSRFToken}}">RECENT={{.RecentAuthOK}};</form>{{ end }}`
 +	apprTpl := `{{ define "page" }}<h1>Appearance</h1>{{ with .Error }}<p class=error>{{.}}</p>{{ end }}{{ with .Success }}<p class=notice>{{.}}</p>{{ end }}<form action="/settings/appearance" method=POST><input name=csrf_token value="{{.CSRFToken}}">THEME={{.CurrentTheme}};</form>{{ end }}`
  	errorPage := `{{ define "page" }}<h1>{{.Status}} {{.StatusText}}</h1><p>{{.Message}}</p>{{ end }}`
  	return fstest.MapFS{
  		"_layout.html":               {Data: []byte(layout)},
  		"settings/profile.html":      {Data: []byte(profileTpl)},
  		"settings/account.html":      {Data: []byte(accountTpl)},
  		"settings/password.html":     {Data: []byte(pwTpl)},
 +		"settings/appearance.html":   {Data: []byte(apprTpl)},
  		"errors/404.html":            {Data: []byte(errorPage)},
  		"errors/403.html":            {Data: []byte(errorPage)},
  		"errors/429.html":            {Data: []byte(errorPage)},

internal/web/static/css/shithub.cssmodified

      grid-template-columns: 1fr;
+   }
+ }
++
 +/* ----- theme picker (S10) ----- */
 +.shithub-theme-grid {
 +  border: none;
 +  padding: 0;
 +  margin: 0 0 1rem;
 +  display: grid;
 +  grid-template-columns: repeat(auto-fill, minmax(220px, 1fr));
 +  gap: 0.75rem;
 +}
 +.shithub-theme-grid legend {
 +  padding: 0;
 +  margin: 0 0 0.5rem;
 +  font-size: 0.85rem;
 +  font-weight: 500;
 +}
 +.shithub-theme-card {
 +  display: grid;
 +  gap: 0.25rem;
 +  padding: 0.85rem 1rem;
 +  border: 1px solid var(--border-default);
 +  border-radius: 8px;
 +  background: var(--canvas-subtle);
 +  cursor: pointer;
 +  position: relative;
 +  transition: border-color 120ms;
 +}
 +.shithub-theme-card:hover { border-color: var(--accent-emphasis); }
 +.shithub-theme-card.active {
 +  border-color: var(--accent-emphasis);
 +  box-shadow: 0 0 0 1px var(--accent-emphasis) inset;
 +}
 +.shithub-theme-card input[type=radio] {
 +  position: absolute;
 +  top: 0.6rem;
 +  right: 0.6rem;
 +}
 +.shithub-theme-card-title {
 +  font-weight: 600;
 +  font-size: 0.95rem;
 +}
 +.shithub-theme-card-desc {
 +  font-size: 0.8rem;
 +  color: var(--fg-muted);
 +}

internal/web/templates/settings/appearance.htmladded

 +{{ define "page" -}}
 +<div class="shithub-settings-page">
 +  {{ template "settings-nav" . }}
 +  <div class="shithub-settings-content">
 +    <h1>Appearance</h1>
++
 +    {{ with .Error }}<p class="shithub-flash shithub-flash-error" role="alert">{{ . }}</p>{{ end }}
 +    {{ with .Success }}<p class="shithub-flash shithub-flash-notice" role="status">{{ . }}</p>{{ end }}
++
 +    <section class="shithub-settings-section">
 +      <h2>Theme preferences</h2>
 +      <p>Choose how shithub looks. <em>Sync with system</em> matches your OS setting and switches automatically when it does.</p>
++
 +      <form method="POST" action="/settings/appearance" novalidate class="shithub-theme-form">
 +        <input type="hidden" name="csrf_token" value="{{ .CSRFToken }}">
++
 +        <fieldset class="shithub-theme-grid">
 +          <legend>Theme mode</legend>
++
 +          <label class="shithub-theme-card{{ if eq .CurrentTheme "" }} active{{ end }}">
 +            <input type="radio" name="theme" value=""{{ if eq .CurrentTheme "" }} checked{{ end }}>
 +            <span class="shithub-theme-card-title">Sync with system</span>
 +            <span class="shithub-theme-card-desc">Follow your OS light/dark setting.</span>
 +          </label>
++
 +          <label class="shithub-theme-card{{ if eq .CurrentTheme "auto" }} active{{ end }}">
 +            <input type="radio" name="theme" value="auto"{{ if eq .CurrentTheme "auto" }} checked{{ end }}>
 +            <span class="shithub-theme-card-title">Auto (time-of-day)</span>
 +            <span class="shithub-theme-card-desc">Light by day, dark by night — based on your OS preference.</span>
 +          </label>
++
 +          <label class="shithub-theme-card{{ if eq .CurrentTheme "light" }} active{{ end }}">
 +            <input type="radio" name="theme" value="light"{{ if eq .CurrentTheme "light" }} checked{{ end }}>
 +            <span class="shithub-theme-card-title">Light</span>
 +            <span class="shithub-theme-card-desc">Always use the light theme.</span>
 +          </label>
++
 +          <label class="shithub-theme-card{{ if eq .CurrentTheme "dark" }} active{{ end }}">
 +            <input type="radio" name="theme" value="dark"{{ if eq .CurrentTheme "dark" }} checked{{ end }}>
 +            <span class="shithub-theme-card-title">Dark</span>
 +            <span class="shithub-theme-card-desc">Always use the dark theme.</span>
 +          </label>
++
 +          <label class="shithub-theme-card{{ if eq .CurrentTheme "high_contrast" }} active{{ end }}">
 +            <input type="radio" name="theme" value="high_contrast"{{ if eq .CurrentTheme "high_contrast" }} checked{{ end }}>
 +            <span class="shithub-theme-card-title">High contrast</span>
 +            <span class="shithub-theme-card-desc">Increased contrast for accessibility.</span>
 +          </label>
 +        </fieldset>
++
 +        <button type="submit" class="shithub-button shithub-button-primary">Update theme</button>
 +      </form>
 +    </section>
 +  </div>
 +</div>
 +{{- end }}