ui

package
v1.19.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 29, 2026 License: MIT Imports: 52 Imported by: 0

Documentation

Overview

Package ui mounts the v1.3 minimal UI shell on the daemon's chi router. Hand-written Go templates + inline CSS for the v1.3 foundation; v1.4 phase 0 swaps in the Tailwind + Preline + htmx build pipeline.

Routes (all session-auth gated except /login): 

GET  /           → redirect to /scans (or /login)
GET  /login      → form
POST /logout     → destroy session + redirect to /login
GET  /scans      → paginated history
GET  /scans/{id} → the v1.2 HTML report served from DB findings
GET  /providers  → read-only provider+auth status table
GET  /checks     → catalog browser (read-only)

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AuditVerifyResult added in v1.12.0 

type AuditVerifyResult struct {
	Total     int
	Chained   int
	Unchained int // pre-v1.12 rows with NULL row_hash
	Broken    []string
}

AuditVerifyResult is the report shape VerifyAuditChain returns.

type UI 

type UI struct {
	// contains filtered or unexported fields
}

UI is the handler bundle. Constructed with the same store + auth dependencies the API layer uses.

func New 

func New(st *store.Store, users *auth.Users, sessions *auth.Sessions) *UI

New constructs the UI handle.

func (*UI) AuditLog added in v1.4.0 

func (u *UI) AuditLog(ctx context.Context, action, entityType, entityID string, metadata map[string]any)

AuditLog records one entry in the audit_log table. Any UI handler that mutates state should call this with the (action, entity_type, entity_id, metadata) shape. Failures are logged + swallowed — the underlying operation already succeeded; we don't want a missing audit row to bubble a 500 to the user.

v1.12 phase 10: each inserted row is hash-chained. prev_hash is the previous row's row_hash (or the all-zero hash for the first row); row_hash = SHA-256(prev_hash || canonical-json(this row)). compliancekit serve audit verify walks the chain to detect tampering.

func (*UI) CountUnreadInbox added in v1.4.0 

func (u *UI) CountUnreadInbox(ctx context.Context, userID string) int

CountUnreadInbox is exposed so the topbar can render the unread badge. Returns 0 on any error so a flaky inbox doesn't take down the whole UI.

func (*UI) Mount 

func (u *UI) Mount(r chi.Router)

Mount installs the UI routes on r. Login is open; everything else gated by sessions.RequireAuth. /assets/* is unauthenticated by design — CSS + vendored JS that the login page needs before a session exists.

func (*UI) NotifyInbox added in v1.4.0 

func (u *UI) NotifyInbox(ctx context.Context, userID, severity, title, body, href string)

NotifyInbox writes one inbox alert. userID may be empty to broadcast to every user; severity defaults to "info" when blank.

func (*UI) SetBackupConfig added in v1.12.0 

func (u *UI) SetBackupConfig(dir, dsn string)

SetBackupConfig installs the dump-output directory + postgres DSN (empty for SQLite). Called by cmd/serve at boot.

func (*UI) SetBrandPrimary added in v1.18.0 

func (u *UI) SetBrandPrimary(hslTriple string)

SetBrandPrimary installs the v1.18 phase 12 operator brand-primary override as an HSL triple ("239 66% 58%"). base.html injects it as a --primary / --ring / --sidebar-primary override in an inline <style> (CSP-safe; no inline <script>). cli/serve.go validates contrast via design.ParseBrandPrimary before calling this; an empty string leaves the default brand palette intact.

func (*UI) SetOIDCProviders added in v1.5.1 

func (u *UI) SetOIDCProviders(providers []auth.OIDCProviderButton)

SetOIDCProviders installs the list of upstream identity providers the daemon accepts logins from. Called by cli/serve.go after constructing each auth.OIDC handler so the /login template can render the right button set. Empty list → password-only login.

func (*UI) SetPluginCatalog added in v1.13.0 

func (u *UI) SetPluginCatalog(cat *plugins.Catalog)

SetPluginCatalog installs the catalog handle the /settings/plugins page reads from. nil disables the catalog UI gracefully (the page still renders but shows the placeholder copy).

func (*UI) SetSAMLProviders added in v1.12.0 

func (u *UI) SetSAMLProviders(providers []auth.SAMLProviderButton)

SetSAMLProviders installs the v1.12 phase 3 SAML connection buttons. Same shape as SetOIDCProviders — the login template renders both alongside the local password form.

func (*UI) VerifyAuditChain added in v1.12.0 

func (u *UI) VerifyAuditChain(ctx context.Context) (AuditVerifyResult, error)

VerifyAuditChain walks audit_log oldest-first and recomputes each row's hash. Returns the rowIDs of any rows where prev_hash or row_hash doesn't match the recomputed value. Unchained legacy rows (NULL row_hash) are counted but not validated.

func (*UI) WithLogBuffer added in v1.6.0 

func (u *UI) WithLogBuffer(b *logs.Buffer) *UI

WithLogBuffer installs the v1.6 phase 6 log-tail buffer so the /admin/logs page + /admin/logs/stream SSE handler get mounted. nil-safe: callers can omit + the routes simply 404.

func (*UI) WithPush added in v1.16.0 

func (u *UI) WithPush(p *push.Store) *UI

pushStore wires the push package into the UI so the route can list subscriptions per user. Optional — when nil, the page renders the "not enabled" state. Set via WithPush from the daemon boot path.

type View 

type View struct {
	Title     string
	Active    string // nav highlight key — "scans" / "providers" / "checks" / ""
	LoginPage bool
	Flash     string
	Next      string
	User      *auth.User
	CSRFToken string

	// OIDCProviders enumerates the upstream identity providers the
	// daemon is configured for. The login template renders one button
	// per entry; empty slice → password-only login. v1.5.1 F15.
	OIDCProviders []auth.OIDCProviderButton

	// SAMLProviders enumerates the v1.12 phase 3 SAML connections. The
	// login template renders one "Sign in with X" button per entry.
	SAMLProviders []auth.SAMLProviderButton

	// BrandPrimary is the v1.18 phase 12 operator brand-primary override
	// (HSL triple). When set, base.html injects a --primary override.
	BrandPrimary template.CSS

	// DismissedToursJSON is the v1.19 phase 0 JSON array of tour IDs the
	// session user has dismissed. base.html stamps it on <body> as
	// data-ck-tours-dismissed (HTML-attribute context — html/template
	// escapes the quotes, the browser's dataset API decodes them back to
	// valid JSON) so tour.js skips already-seen tours.
	DismissedToursJSON string

	// ShowChangelog + Changelog drive the v1.19 phase 1 "what's new"
	// modal — set when the session user hasn't dismissed the newest
	// changelog entry. base.html renders the modal when ShowChangelog.
	ShowChangelog bool
	Changelog     changelogEntry

	// Page-specific
	Items any
	Total int
}

View is the layout-template payload. The Content sub-template reads .Items / .Total / .Providers / etc. — driver helpers below load the right shape per page.

Source Files

View all Source files

Directories

Path Synopsis
Package design hosts the v1.18 design-system contract per ADR-017.
 Package design hosts the v1.18 design-system contract per ADR-017.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.