Add public feed, admin area, self-registration, visibility & hashtags

- Public feed (/) with infinite scroll via Intersection Observer - Self-registration (/register) - Admin area (/admin/entries, /admin/users) with user management - journal_entries: visibility (public/private) + hashtags fields - users: is_admin flag - DB schema updated (recreate DB to apply) - CI: run go test via docker run (golang:1.25-alpine) — fixes 'go not found' Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-07 20:53:31 +02:00
parent 034d16e059
commit 86627f94b1
20 changed files with 783 additions and 92 deletions
--- a/backend/internal/api/router.go
+++ b/backend/internal/api/router.go
@@ -16,6 +16,7 @@ func NewRouter(
 	stopStore *db.StopStore,
 	suggStore *db.SuggestionStore,
 	journalStore *db.JournalStore,
+	userStore *db.UserStore,
 	uploadDir string,
 ) http.Handler {
 	r := chi.NewRouter()
@@ -23,10 +24,9 @@ func NewRouter(
 	r.Use(middleware.Logger)
 	r.Use(middleware.Recoverer)

-	webUI := NewWebUI(authStore, tpStore, stopStore, journalStore)
+	webUI := NewWebUI(authStore, tpStore, stopStore, journalStore, userStore)
 	journalHandler := NewJournalHandler(journalStore, uploadDir)
 	authMW := RequireAuth(authStore)
-	webAuthMW := requireWebAuth(authStore)

 	// Health
 	r.Get("/healthz", func(w http.ResponseWriter, r *http.Request) {
@@ -55,19 +55,37 @@ func NewRouter(
 	// Static assets (CSS etc.)
 	r.Handle("/static/*", http.StripPrefix("/static/", http.FileServer(http.FS(staticFS()))))

-	// Web UI
+	// Public routes (no auth required)
+	r.Get("/", webUI.HandleFeed)
+	r.Get("/feed", webUI.HandleFeedFragment)
+	r.Get("/register", webUI.HandleGetRegister)
+	r.Post("/register", webUI.HandlePostRegister)
 	r.Get("/login", webUI.HandleGetLogin)
 	r.Post("/login", webUI.HandlePostLogin)
 	r.Post("/logout", webUI.HandleLogout)

+	// Authenticated web routes
 	r.Group(func(r chi.Router) {
-		r.Use(webAuthMW)
+		r.Use(authMW)
 		r.Get("/days", webUI.HandleDaysList)
 		r.Get("/days/redirect", webUI.HandleDaysRedirect)
 		r.Get("/days/{date}", webUI.HandleDayDetail)
 		r.Post("/entries", journalHandler.HandleCreateEntry)
 	})

+	// Admin routes
+	r.Group(func(r chi.Router) {
+		r.Use(authMW)
+		r.Use(requireAdmin)
+		r.Get("/admin", func(w http.ResponseWriter, r *http.Request) {
+			http.Redirect(w, r, "/admin/entries", http.StatusSeeOther)
+		})
+		r.Get("/admin/entries", webUI.HandleAdminEntries)
+		r.Get("/admin/users", webUI.HandleAdminUsers)
+		r.Post("/admin/users", webUI.HandleAdminCreateUser)
+		r.Delete("/admin/users/{id}", webUI.HandleAdminDeleteUser)
+	})
+
 	// Serve uploaded images
 	r.Handle("/uploads/*", http.StripPrefix("/uploads/", http.FileServer(http.Dir(uploadDir))))

@@ -76,31 +94,5 @@ func NewRouter(
 	r.Handle(spaPrefix, http.RedirectHandler(spaPrefix+"/", http.StatusMovedPermanently))
 	r.Handle(spaPrefix+"/*", http.StripPrefix(spaPrefix, SPAHandler(spaPrefix)))

-	// Redirect root to Go Web UI /days
-	r.Get("/", func(w http.ResponseWriter, r *http.Request) {
-		http.Redirect(w, r, "/days", http.StatusSeeOther)
-	})
-
 	return r
 }
-
-// requireWebAuth redirects to /login for unauthenticated web users (HTML response).
-func requireWebAuth(authStore *auth.Store) func(http.Handler) http.Handler {
-	return func(next http.Handler) http.Handler {
-		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-			cookie, err := r.Cookie(sessionCookieName)
-			if err != nil {
-				http.Redirect(w, r, "/login", http.StatusSeeOther)
-				return
-			}
-			sess, err := authStore.GetSession(r.Context(), cookie.Value)
-			if err != nil {
-				http.Redirect(w, r, "/login", http.StatusSeeOther)
-				return
-			}
-			ctx := r.Context()
-			ctx = contextWithUserID(ctx, sess.UserID)
-			next.ServeHTTP(w, r.WithContext(ctx))
-		})
-	}
-}