settings

package

v0.1.3 Latest Latest Go to latest Published: Jun 13, 2026 License: Apache-2.0 Imports: 12 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/tamnd/githome

Links

Open Source Insights

Documentation ¶

Overview ¶

Package settings holds the Githome web front's account settings handlers. The account settings tree lives under /settings and is gated to the signed-in viewer: it administers the viewer's own account. The surface is function-private rather than secret (every account has settings), so an anonymous request is bounced to the sign-in form with return_to carrying the page it wanted, the 302 github.com answers; nothing leaks because there is nothing to confirm. Githome backs one account section today, the appearance preference, since the color mode and themes ride cookies the color-mode middleware already reads; the unbacked sections (profile, emails, keys, tokens, sessions, security) get no nav entry rather than a dead link, the same honest absence the profile took for its unbacked tabs. Every mutation posts and redirects, so the no-JS flow lands on a clean GET, and the CSRF guard the page chain installs verifies each post. See implementation/13.

Index ¶

type AccountSection
- func AccountSections() []AccountSection
type Deps
type Flasher
type Handlers
- func New(d Deps) *Handlers
type PAT
type TokenService

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type AccountSection ¶ added in v0.1.3

type AccountSection struct {
	Path string
	// contains filtered or unexported fields
}

AccountSection is one stubbed account-settings section: the URL that selects it (exported so the mount can register the route), the page title, and the blankslate heading and description the stub shows.

func AccountSections ¶ added in v0.1.3

func AccountSections() []AccountSection

AccountSections returns the known stubbed sections so the mount can register a route for each. The handler is Section.

type Deps ¶

type Deps struct {
	Render *render.Set
	View   *view.Builder
	Flash  Flasher
	Users  *domain.UserService
	Tokens TokenService // nil keeps the tokens page on its honest-absence stub
	Logger *slog.Logger
}

Deps are the account settings handlers' dependencies: the render set, the view builder for the shell chrome, the flash store for the one-shot outcome notice a save reports after its redirect, the user service for reading and writing account profile fields, and a logger.

type Flasher ¶

type Flasher interface {
	Add(c *mizu.Ctx, kind, message string)
}

Flasher is the slice of the flash store the settings handlers use: stage a one-shot message to show on the page the redirect lands on. The webmw.Flash satisfies it; the narrow interface keeps the handler testable without a cookie round-trip.

type Handlers ¶

type Handlers struct {
	// contains filtered or unexported fields
}

Handlers is the account settings handler set. One is built at boot and shared; it holds no per-request state.

func New ¶

func New(d Deps) *Handlers

New wires the handler set from its dependencies.

func (*Handlers) Appearance ¶

func (h *Handlers) Appearance(c *mizu.Ctx) error

Appearance renders the appearance form, prefilled from the color mode the middleware resolved for this request, so the form opens showing the viewer's current choice rather than a default.

func (*Handlers) CreateToken ¶ added in v0.1.3

func (h *Handlers) CreateToken(c *mizu.Ctx) error

CreateToken mints a new token from the form's note and scopes and re-renders the page with the one-time plaintext. It renders rather than redirects: the secret must not survive the response, so it never enters a cookie.

func (*Handlers) DeleteToken ¶ added in v0.1.3

func (h *Handlers) DeleteToken(c *mizu.Ctx) error

DeleteToken revokes one of the viewer's tokens and redirects back to the list. Deleting a token the viewer does not have lands on the same flash as a double-submit: the row is gone either way.

func (*Handlers) Index ¶

func (h *Handlers) Index(c *mizu.Ctx) error

Index redirects the bare /settings root to the first backed section. A bookmark of /settings keeps working as Githome adds sections, always landing on a real page rather than a blank index.

func (*Handlers) Keys ¶ added in v0.1.3

func (h *Handlers) Keys(c *mizu.Ctx) error

Keys renders the SSH and GPG keys stub. The key store is not backed today, so this page shows an honest-absence message rather than an empty list that looks like everything is working.

func (*Handlers) NewToken ¶ added in v0.1.3

func (h *Handlers) NewToken(c *mizu.Ctx) error

NewToken renders the mint-a-token form at /settings/tokens/new, the dedicated page github.com links to for creating a classic token. It renders the same tokens page the list lives on, whose mint form is the focus here; with no token service wired it falls back to the honest-absence stub.

func (*Handlers) Profile ¶ added in v0.1.3

func (h *Handlers) Profile(c *mizu.Ctx) error

Profile renders the profile settings form, prefilled with the viewer's current account fields so they only edit what they want to change.

func (*Handlers) SaveAppearance ¶

func (h *Handlers) SaveAppearance(c *mizu.Ctx) error

SaveAppearance validates the submitted mode and themes against the closed catalogs the form offered, writes the three cookies, and redirects back to the form with a flash. The form can only present valid values, so a value outside the catalogs is a forged post: it is rejected with an error flash and no cookie is written, rather than poisoning the preference with a theme that does not exist.

func (*Handlers) SaveProfile ¶ added in v0.1.3

func (h *Handlers) SaveProfile(c *mizu.Ctx) error

SaveProfile validates and writes the submitted profile fields, then redirects back to the form with a flash notice.

func (*Handlers) Section ¶ added in v0.1.3

func (h *Handlers) Section(sec AccountSection) mizu.Handler

Section returns the handler for one stubbed section: it gates the viewer the same as every settings page, then renders the stub inside the settings chrome and nav.

func (*Handlers) Tokens ¶ added in v0.1.3

func (h *Handlers) Tokens(c *mizu.Ctx) error

Tokens renders the personal access tokens page: the viewer's live tokens and the mint form. With no token service wired it renders the honest-absence stub instead.

type PAT ¶ added in v0.1.3

type PAT struct {
	ID         int64
	Note       string
	Scopes     string
	LastEight  string
	CreatedAt  time.Time
	LastUsedAt *time.Time
}

PAT is the displayable summary of one personal access token. It carries everything the page shows and nothing that authenticates.

type TokenService ¶ added in v0.1.3

type TokenService interface {
	CreatePAT(ctx context.Context, userPK int64, note string, scopes []string) (string, error)
	ListPATs(ctx context.Context, userPK int64) ([]PAT, error)
	DeletePAT(ctx context.Context, userPK, id int64) error
}

TokenService is the slice of the auth service the tokens page uses: mint, list, delete. cmd/githome adapts *auth.Service to it; the narrow interface keeps the web front off the auth package and the handler testable with a fake.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL