Kyle Isom
a80242ae3e
- Introduced `web/templates/` for HTMX-fragmented pages (`dashboard`, `accounts`, `account_detail`, `error_fragment`, etc.). - Implemented UI routes for account CRUD, audit log display, and login/logout with CSRF protection. - Added `internal/ui/` package for handlers, CSRF manager, session validation, and token issuance. - Updated documentation to include new UI features and templates directory structure. - Security: Double-submit CSRF cookies, constant-time HMAC validation, login password/Argon2id re-verification at all steps to prevent bypass.
46 lines
1.1 KiB
Go
46 lines
1.1 KiB
Go
package ui
|
|
|
|
import (
|
|
"net/http"
|
|
|
|
"git.wntrmute.dev/kyle/mcias/internal/db"
|
|
"git.wntrmute.dev/kyle/mcias/internal/model"
|
|
)
|
|
|
|
// handleDashboard renders the main dashboard page with account counts and recent events.
|
|
func (u *UIServer) handleDashboard(w http.ResponseWriter, r *http.Request) {
|
|
csrfToken, err := u.setCSRFCookies(w)
|
|
if err != nil {
|
|
u.logger.Error("set CSRF cookies", "error", err)
|
|
http.Error(w, "internal error", http.StatusInternalServerError)
|
|
return
|
|
}
|
|
|
|
accounts, err := u.db.ListAccounts()
|
|
if err != nil {
|
|
u.renderError(w, r, http.StatusInternalServerError, "failed to load accounts")
|
|
return
|
|
}
|
|
|
|
var total, active int
|
|
for _, a := range accounts {
|
|
total++
|
|
if a.Status == model.AccountStatusActive {
|
|
active++
|
|
}
|
|
}
|
|
|
|
events, _, err := u.db.ListAuditEventsPaged(db.AuditQueryParams{Limit: 10, Offset: 0})
|
|
if err != nil {
|
|
u.logger.Warn("load recent audit events", "error", err)
|
|
events = nil
|
|
}
|
|
|
|
u.render(w, "dashboard", DashboardData{
|
|
PageData: PageData{CSRFToken: csrfToken},
|
|
TotalAccounts: total,
|
|
ActiveAccounts: active,
|
|
RecentEvents: events,
|
|
})
|
|
}
|