- entry: reply_to/reply_count/last_activity; reply_count bubbelt bis Root
- Hauptfeed nur Roots nach last_activity, Profil-Feed inkl. Antworten
- GET /entry/{pid}/thread (Ahnen+Antworten), GET /e/{pid} Focus-Seite
- Frontend: Antworten-Link im Feed, entry.html/entry.js Focus-Seite
- notes/migrations.md: ALTER TABLE fuer Prod
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
- Account-Section nur sichtbar wenn eingeloggt; zeigt Nutzername und
Mitglied-seit-Datum aus /user/info
- Konto loeschen in aufklappbarer Danger-Zone, Passwortbestaetigung
plus zusaetzliche confirm()-Rueckfrage (unwiderruflich)
- nach Loeschung zurueck zur Login-Ansicht via refreshHeader
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Go-Reimplementierung hat Feature-Paritaet (inkl. URL-Linkify im
JS-Frontend via linkify()). static/ bleibt (Go liefert /static/* aus
und legt Uploads unter static/media/ ab); alte Flask-Assets dort
unberuehrt.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Two small refactors make the handlers testable:
- extract route registration into routes() http.Handler (was inline in main)
- initDB(dsn) takes a DSN so tests use an isolated temp-file DB
loginJitter var lets tests disable the anti-timing sleep for speed.
endpoints_test.go covers the main flows via httptest + cookie jar:
register/login/headerbar, empty-then-populated feed, create requires auth,
voting (new/toggle/switch, per-user tallies), vote auth + invalid mode,
and account deletion (wrong/correct password, login fails after).
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Replaces the GET-mutates-state interactions route with a proper split:
- GET /entry/{pid}/votes reads the tally (public, read-only)
- POST /entry/{pid}/vote casts/toggles the vote (auth, mode in body)
Shared voteTally/writeTally helpers back both handlers. Invalid mode now
returns 400. Frontend updated to read via GET and vote via POST.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
GET /entry/{pid}/interactions/{mode} now reads the vote tally and, for
mode=left/right (auth required), toggles the user's vote: new vote, repeat
same mode removes it, different mode switches. Returns {left, right,
selected}. A UNIQUE(uid, pid) constraint on the vote table prevents
duplicate votes. The JS frontend renders Links/Rechts buttons with live
counts under each entry.
This completes the voting feature that was left commented-out and broken
in the Flask version.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
POST /user/delete (auth required) verifies the password via pass1 and
transactionally removes the user's sessions, votes, entries and the user
row, then clears the session cookie. Associated media files are removed
best effort after commit. This was only a stub in the Flask original.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Reimplements the Flask app as a Go HTTP API (chi + modernc sqlite) with a
minimal vanilla-JS frontend in web/. Endpoints mirror the original Flask
routes but return JSON instead of HTML.
- auth: login/logout/register/sessioninfo/headerbar with crypto/rand tokens
- entry: paginated feed (single JOIN), create with image scaling
- user: profile, userinfo; delete still a stub
- requireAuth middleware passes uid via context
- notes/api.md documents the API and schema
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>