mc/mcq
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: mc:v0.3.0
Branches Tags
mc:master
mc:v0.4.2 mc:v0.4.1 mc:v0.4.0 mc:v0.3.2 mc:v0.3.1 mc:v0.3.0 mc:v0.2.0
..
compare: mc:master
Branches Tags
mc:master
mc:v0.4.2 mc:v0.4.1 mc:v0.4.0 mc:v0.3.2 mc:v0.3.1 mc:v0.3.0 mc:v0.2.0

8 Commits
v0.3.0 ... master

Author SHA1 Message Date
Kyle Isom
5122e9cd87 Bump ToC font size to match body text 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-04-01 08:10:53 -07:00
Kyle Isom
ed9291a7ad Add sticky ToC sidebar to document read view 
Builds a table of contents client-side from rendered heading IDs.
Highlights the current section on scroll. Collapses to inline on
narrow screens.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-31 23:59:14 -07:00
kyle
7ab00fc518 Remove docs file — lives on mcq.metacircular.net instead 2001-01-01 00:00:00 +00:00
Kyle Isom
051abae390 Add platform packaging and deployment guide 
Synced from metacircular/docs with SSO login documentation.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-31 23:50:10 -07:00
Kyle Isom
dd5142a48a Fix template error: pass CSRF func on SSO login page 
Go templates require all referenced functions to be defined at parse
time, even in branches that won't execute.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-31 23:35:21 -07:00
Kyle Isom
2c3db6ea25 Add SSO login support via mcdsl/sso 
When [sso].redirect_uri is configured, the web UI shows a "Sign in
with MCIAS" button instead of the username/password form. Upgrades
mcdsl to v1.7.0 which includes the Firefox cookie fix.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-31 23:15:06 -07:00
Kyle Isom
063bdccf1b Second deployment test. 2026-03-29 18:13:15 -07:00
Kyle Isom
67cbcd85bd Tweaking to test deployment. 2026-03-29 18:10:51 -07:00
9 changed files with 230 additions and 46 deletions
Expand all files Collapse all files

3
cmd/mcq/server.go
View File

@@ -77,6 +77,9 @@ func runServer(configPath string) error {
wsCfg := webserver.Config{ wsCfg := webserver.Config{
ServiceName: cfg.MCIAS.ServiceName, ServiceName: cfg.MCIAS.ServiceName,
Tags: cfg.MCIAS.Tags, Tags: cfg.MCIAS.Tags,
MciasURL: cfg.MCIAS.ServerURL,
CACert: cfg.MCIAS.CACert,
RedirectURI: cfg.SSO.RedirectURI,
} }
webSrv, err := webserver.New(wsCfg, database, authClient, logger) webSrv, err := webserver.New(wsCfg, database, authClient, logger)
if err != nil { if err != nil {

2
go.mod
View File

@@ -3,7 +3,7 @@ module git.wntrmute.dev/mc/mcq
go 1.25.7 go 1.25.7
require ( require (
git.wntrmute.dev/mc/mcdsl v1.2.0 git.wntrmute.dev/mc/mcdsl v1.7.0
github.com/alecthomas/chroma/v2 v2.18.0 github.com/alecthomas/chroma/v2 v2.18.0
github.com/go-chi/chi/v5 v5.2.5 github.com/go-chi/chi/v5 v5.2.5
github.com/mark3labs/mcp-go v0.46.0 github.com/mark3labs/mcp-go v0.46.0

4
go.sum
View File

@@ -1,5 +1,5 @@
git.wntrmute.dev/mc/mcdsl v1.2.0 h1:41hep7/PNZJfN0SN/nM+rQpyF1GSZcvNNjyVG81DI7U= git.wntrmute.dev/mc/mcdsl v1.7.0 h1:dAh2SGdzjhz0H66i3KAMDm1eRYYgMaxqQ0Pj5NzF7fc=
git.wntrmute.dev/mc/mcdsl v1.2.0/go.mod h1:lXYrAt74ZUix6rx9oVN8d2zH1YJoyp4uxPVKQ+SSxuM= git.wntrmute.dev/mc/mcdsl v1.7.0/go.mod h1:MhYahIu7Sg53lE2zpQ20nlrsoNRjQzOJBAlCmom2wJc=
github.com/alecthomas/assert/v2 v2.11.0 h1:2Q9r3ki8+JYXvGsDyBXwH3LcJ+WK5D0gc5E8vS6K3D0= github.com/alecthomas/assert/v2 v2.11.0 h1:2Q9r3ki8+JYXvGsDyBXwH3LcJ+WK5D0gc5E8vS6K3D0=
github.com/alecthomas/assert/v2 v2.11.0/go.mod h1:Bze95FyfUr7x34QZrjL+XP+0qgp/zg8yS+TtBj1WA3k= github.com/alecthomas/assert/v2 v2.11.0/go.mod h1:Bze95FyfUr7x34QZrjL+XP+0qgp/zg8yS+TtBj1WA3k=
github.com/alecthomas/chroma/v2 v2.2.0/go.mod h1:vf4zrexSH54oEjJ7EdB65tGNHmH3pGZmVkgTP5RHvAs= github.com/alecthomas/chroma/v2 v2.2.0/go.mod h1:vf4zrexSH54oEjJ7EdB65tGNHmH3pGZmVkgTP5RHvAs=

14
internal/config/config.go
View File

@@ -14,10 +14,18 @@ import (
// Config is the MCQ configuration. // Config is the MCQ configuration.
type Config struct { type Config struct {
Server ServerConfig `toml:"server"` Server ServerConfig `toml:"server"`
Database DatabaseConfig `toml:"database"` Database DatabaseConfig `toml:"database"`
MCIAS mcdslauth.Config `toml:"mcias"` MCIAS mcdslauth.Config `toml:"mcias"`
Log LogConfig `toml:"log"` SSO SSOConfig `toml:"sso"`
Log LogConfig `toml:"log"`
}
// SSOConfig holds SSO redirect settings for the web UI.
type SSOConfig struct {
// RedirectURI is the callback URL that MCIAS redirects to after login.
// Must exactly match the redirect_uri registered in MCIAS config.
RedirectURI string `toml:"redirect_uri"`
} }
// ServerConfig holds HTTP/gRPC server settings. TLS fields are optional; // ServerConfig holds HTTP/gRPC server settings. TLS fields are optional;

77
internal/webserver/server.go
View File

@@ -11,6 +11,7 @@ import (
"git.wntrmute.dev/mc/mcdsl/auth" "git.wntrmute.dev/mc/mcdsl/auth"
"git.wntrmute.dev/mc/mcdsl/csrf" "git.wntrmute.dev/mc/mcdsl/csrf"
mcdsso "git.wntrmute.dev/mc/mcdsl/sso"
"git.wntrmute.dev/mc/mcdsl/web" "git.wntrmute.dev/mc/mcdsl/web"
mcqweb "git.wntrmute.dev/mc/mcq/web" mcqweb "git.wntrmute.dev/mc/mcq/web"
@@ -25,16 +26,22 @@ const cookieName = "mcq_session"
type Config struct { type Config struct {
ServiceName string ServiceName string
Tags []string Tags []string
// SSO fields — when RedirectURI is non-empty, the web UI uses SSO instead
// of the direct username/password login form.
MciasURL string
CACert string
RedirectURI string
} }
// Server is the MCQ web UI server. // Server is the MCQ web UI server.
type Server struct { type Server struct {
db *db.DB db *db.DB
auth *auth.Authenticator auth *auth.Authenticator
csrf *csrf.Protect csrf *csrf.Protect
render *render.Renderer ssoClient *mcdsso.Client
logger *slog.Logger render *render.Renderer
config Config logger *slog.Logger
config Config
} }
// New creates a web UI server. // New creates a web UI server.
@@ -45,20 +52,43 @@ func New(cfg Config, database *db.DB, authenticator *auth.Authenticator, logger
} }
csrfProtect := csrf.New(csrfSecret, "_csrf", "csrf_token") csrfProtect := csrf.New(csrfSecret, "_csrf", "csrf_token")
return &Server{ s := &Server{
db: database, db: database,
auth: authenticator, auth: authenticator,
csrf: csrfProtect, csrf: csrfProtect,
render: render.New(), render: render.New(),
logger: logger, logger: logger,
config: cfg, config: cfg,
}, nil }
// Create SSO client if the service has an SSO redirect_uri configured.
if cfg.RedirectURI != "" {
ssoClient, err := mcdsso.New(mcdsso.Config{
MciasURL: cfg.MciasURL,
ClientID: "mcq",
RedirectURI: cfg.RedirectURI,
CACert: cfg.CACert,
})
if err != nil {
return nil, fmt.Errorf("create SSO client: %w", err)
}
s.ssoClient = ssoClient
logger.Info("SSO enabled: redirecting to MCIAS for login", "mcias_url", cfg.MciasURL)
}
return s, nil
} }
// RegisterRoutes adds web UI routes to the given router. // RegisterRoutes adds web UI routes to the given router.
func (s *Server) RegisterRoutes(r chi.Router) { func (s *Server) RegisterRoutes(r chi.Router) {
r.Get("/login", s.handleLoginPage) if s.ssoClient != nil {
r.Post("/login", s.csrf.Middleware(http.HandlerFunc(s.handleLogin)).ServeHTTP) r.Get("/login", s.handleSSOLogin)
r.Get("/sso/redirect", s.handleSSORedirect)
r.Get("/sso/callback", s.handleSSOCallback)
} else {
r.Get("/login", s.handleLoginPage)
r.Post("/login", s.csrf.Middleware(http.HandlerFunc(s.handleLogin)).ServeHTTP)
}
r.Get("/static/*", http.FileServer(http.FS(mcqweb.FS)).ServeHTTP) r.Get("/static/*", http.FileServer(http.FS(mcqweb.FS)).ServeHTTP)
// Authenticated routes. // Authenticated routes.
@@ -80,6 +110,7 @@ type pageData struct {
Error string Error string
Title string Title string
Content any Content any
SSO bool
} }
func (s *Server) handleLoginPage(w http.ResponseWriter, r *http.Request) { func (s *Server) handleLoginPage(w http.ResponseWriter, r *http.Request) {
@@ -101,6 +132,32 @@ func (s *Server) handleLogin(w http.ResponseWriter, r *http.Request) {
http.Redirect(w, r, "/", http.StatusFound) http.Redirect(w, r, "/", http.StatusFound)
} }
// handleSSOLogin renders a landing page with a "Sign in with MCIAS" button.
func (s *Server) handleSSOLogin(w http.ResponseWriter, r *http.Request) {
web.RenderTemplate(w, mcqweb.FS, "login.html", pageData{SSO: true}, s.csrf.TemplateFunc(w))
}
// handleSSORedirect initiates the SSO redirect to MCIAS.
func (s *Server) handleSSORedirect(w http.ResponseWriter, r *http.Request) {
if err := mcdsso.RedirectToLogin(w, r, s.ssoClient, "mcq"); err != nil {
s.logger.Error("sso: redirect to login", "error", err)
http.Error(w, "internal error", http.StatusInternalServerError)
}
}
// handleSSOCallback exchanges the authorization code for a JWT and sets the session.
func (s *Server) handleSSOCallback(w http.ResponseWriter, r *http.Request) {
token, returnTo, err := mcdsso.HandleCallback(w, r, s.ssoClient, "mcq")
if err != nil {
s.logger.Error("sso: callback", "error", err)
http.Error(w, "Login failed. Please try again.", http.StatusUnauthorized)
return
}
web.SetSessionCookie(w, cookieName, token)
http.Redirect(w, r, returnTo, http.StatusSeeOther)
}
func (s *Server) handleLogout(w http.ResponseWriter, r *http.Request) { func (s *Server) handleLogout(w http.ResponseWriter, r *http.Request) {
token := web.GetSessionToken(r, cookieName) token := web.GetSessionToken(r, cookieName)
if token != "" { if token != "" {

69
web/static/style.css
View File

@@ -353,8 +353,75 @@ button:hover, .btn:hover {
} }
/* =========================== /* ===========================
Read view Read view — two-column layout
=========================== */ =========================== */
.read-container {
max-width: 1200px;
margin: 0 auto;
padding: 2rem 2rem 2rem 0;
}
.read-layout {
display: grid;
grid-template-columns: 220px 1fr;
gap: 2rem;
align-items: start;
}
.read-main {
max-width: 900px;
min-width: 0;
}
.read-toc {
position: sticky;
top: 1rem;
max-height: calc(100vh - 2rem);
overflow-y: auto;
padding: 0.5rem 0;
font-size: 0.875rem;
line-height: 1.5;
border-right: 1px solid var(--border-lt);
padding-right: 1rem;
}
.read-toc ul {
list-style: none;
padding: 0;
margin: 0;
}
.read-toc li {
margin-bottom: 0.25rem;
}
.read-toc a {
color: var(--text-lt);
text-decoration: none;
display: block;
padding: 0.125rem 0;
transition: color 0.1s;
}
.read-toc a:hover {
color: var(--text);
text-decoration: none;
}
.read-toc a.toc-active {
color: var(--accent);
}
@media (max-width: 900px) {
.read-container {
padding: 1.5rem 1rem;
}
.read-layout {
grid-template-columns: 1fr;
}
.read-toc {
position: static;
max-height: none;
border-right: none;
border-bottom: 1px solid var(--border-lt);
padding-right: 0;
padding-bottom: 0.75rem;
margin-bottom: 0.5rem;
}
}
.read-header { .read-header {
margin-bottom: 1.5rem; margin-bottom: 1.5rem;
} }

2
web/templates/list.html
View File

@@ -1,6 +1,6 @@
{{define "title"}} — Queue{{end}} {{define "title"}} — Queue{{end}}
{{define "content"}} {{define "content"}}
<h2>Reading Queue</h2> <h2>Metacircular Reading Queue</h2>
{{if not .Documents}} {{if not .Documents}}
<div class="card"> <div class="card">
<p>No documents in queue.</p> <p>No documents in queue.</p>

8
web/templates/login.html
View File

@@ -3,10 +3,15 @@
{{define "content"}} {{define "content"}}
<div class="auth-header"> <div class="auth-header">
<div class="brand">mcq</div> <div class="brand">mcq</div>
<div class="tagline">Reading Queue</div> <div class="tagline">Metacircular Reading Queue</div>
</div> </div>
<div class="card"> <div class="card">
{{if .Error}}<div class="error">{{.Error}}</div>{{end}} {{if .Error}}<div class="error">{{.Error}}</div>{{end}}
{{if .SSO}}
<div class="form-actions">
<a href="/sso/redirect" style="display:block;text-align:center;text-decoration:none;"><button type="button" style="width:100%" class="btn">Sign in with MCIAS</button></a>
</div>
{{else}}
<form method="POST" action="/login"> <form method="POST" action="/login">
{{csrfField}} {{csrfField}}
<div class="form-group"> <div class="form-group">
@@ -25,5 +30,6 @@
<button type="submit" class="btn">Login</button> <button type="submit" class="btn">Login</button>
</div> </div>
</form> </form>
{{end}}
</div> </div>
{{end}} {{end}}

97
web/templates/read.html
View File

@@ -1,32 +1,75 @@
{{define "title"}} — {{.Doc.Title}}{{end}} {{define "title"}} — {{.Doc.Title}}{{end}}
{{define "container-class"}}read-container{{end}}
{{define "content"}} {{define "content"}}
<div class="read-header"> <div class="read-layout">
<h2>{{.Doc.Title}}</h2> <nav class="read-toc" id="toc" aria-label="Table of contents"></nav>
<div class="read-meta"> <div class="read-main">
<span>Pushed by {{.Doc.PushedBy}}</span> <div class="read-header">
<span>{{.Doc.PushedAt}}</span> <h2>{{.Doc.Title}}</h2>
</div> <div class="read-meta">
<div class="read-actions"> <span>Pushed by {{.Doc.PushedBy}}</span>
{{if .Doc.Read}} <span>{{.Doc.PushedAt}}</span>
<form method="POST" action="/d/{{.Doc.Slug}}/unread" style="display:inline"> </div>
{{csrfField}} <div class="read-actions">
<button type="submit" class="btn-ghost btn btn-sm">Mark unread</button> {{if .Doc.Read}}
</form> <form method="POST" action="/d/{{.Doc.Slug}}/unread" style="display:inline">
{{else}} {{csrfField}}
<form method="POST" action="/d/{{.Doc.Slug}}/read" style="display:inline"> <button type="submit" class="btn-ghost btn btn-sm">Mark unread</button>
{{csrfField}} </form>
<button type="submit" class="btn-ghost btn btn-sm">Mark read</button> {{else}}
</form> <form method="POST" action="/d/{{.Doc.Slug}}/read" style="display:inline">
{{end}} {{csrfField}}
<form method="POST" action="/d/{{.Doc.Slug}}/delete" style="display:inline" <button type="submit" class="btn-ghost btn btn-sm">Mark read</button>
onsubmit="return confirm('Delete this document?')"> </form>
{{csrfField}} {{end}}
<button type="submit" class="btn-ghost btn btn-sm btn-danger">Unqueue</button> <form method="POST" action="/d/{{.Doc.Slug}}/delete" style="display:inline"
</form> onsubmit="return confirm('Delete this document?')">
<a href="/" class="btn-ghost btn btn-sm">Back to queue</a> {{csrfField}}
<button type="submit" class="btn-ghost btn btn-sm btn-danger">Unqueue</button>
</form>
<a href="/" class="btn-ghost btn btn-sm">Back to queue</a>
</div>
</div>
<div class="card markdown-body" id="article">
{{.HTML}}
</div>
</div> </div>
</div> </div>
<div class="card markdown-body"> <script>
{{.HTML}} (function(){
</div> var toc=document.getElementById("toc");
var headings=document.querySelectorAll("#article h1, #article h2, #article h3");
if(headings.length<2){toc.style.display="none";return;}
var ul=document.createElement("ul");
var minLevel=6;
headings.forEach(function(h){var l=parseInt(h.tagName[1]);if(l<minLevel)minLevel=l;});
headings.forEach(function(h){
if(!h.id)return;
var li=document.createElement("li");
var a=document.createElement("a");
a.href="#"+h.id;
a.textContent=h.textContent;
var depth=parseInt(h.tagName[1])-minLevel;
li.style.paddingLeft=(depth*0.75)+"rem";
li.appendChild(a);
ul.appendChild(li);
});
toc.appendChild(ul);
/* highlight current section on scroll */
var links=toc.querySelectorAll("a");
var ids=[];links.forEach(function(a){ids.push(a.getAttribute("href").slice(1));});
function onScroll(){
var current="";
for(var i=0;i<ids.length;i++){
var el=document.getElementById(ids[i]);
if(el&&el.getBoundingClientRect().top<=80)current=ids[i];
}
links.forEach(function(a){
a.classList.toggle("toc-active",a.getAttribute("href")==="#"+current);
});
}
window.addEventListener("scroll",onScroll,{passive:true});
onScroll();
})();
</script>
{{end}} {{end}}