Add isTokenError() helper that detects HTTP 401/403 responses from the
Gitea API, and redirectOnTokenError() that redirects to /settings with
an error=token_expired query parameter. Update Dashboard, ListIssues,
and ListPulls handlers to check for token errors. The settings page now
displays an error banner explaining the token needs to be refreshed.
Closesleeworks-agents/gitea-mobile#192
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Move the large inline HTML template from settings.go into a separate
file at internal/templates/settings.html, matching the project convention
used by all other handlers. The template is now loaded at render time
via template.ParseFiles, consistent with dashboard, issues, etc.
Closesleeworks-agents/gitea-mobile#126
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Implement 12-factor configuration via environment variables and
token-in-cookie authentication for Gitea API access.
- internal/config/config.go: reads GITEA_URL, GITEA_TOKEN, LISTEN_ADDR,
SESSION_SECRET from environment with validation
- internal/auth/cookie.go: HMAC-signed HTTP-only cookie for storing
Gitea API tokens (Secure, SameSite=Strict)
- internal/middleware/auth.go: extracts token from cookie, injects into
request context, redirects unauthenticated users to /settings
- internal/middleware/logging.go: structured JSON request logging
- internal/handlers/settings.go: settings page for entering/removing
Gitea API token with mobile-first dark UI
- cmd/server/main.go: integrated config, auth middleware, and settings
Includes unit tests for config loading, cookie signing/verification,
and auth middleware bypass/redirect logic.
Closesleeworks-agents/gitea-mobile#2
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
agent-company