gitea-mobile/internal/handlers/settings.go

package handlers

import (
	"html/template"
	"net/http"
	"strings"

	"gitea.leeworks.dev/0xwheatyz/gitea-mobile/internal/auth"
	"gitea.leeworks.dev/0xwheatyz/gitea-mobile/internal/middleware"
)

var settingsTemplate = template.Must(template.New("settings").Parse(`<!DOCTYPE html>
<html lang="en">
<head>
  <meta charset="UTF-8">
  <meta name="viewport" content="width=device-width, initial-scale=1.0, viewport-fit=cover">
  <title>Settings — Gitea Mobile</title>
  <style>
    * { box-sizing: border-box; margin: 0; padding: 0; }
    body {
      font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, sans-serif;
      background: #0d1117; color: #e6edf3;
      padding: 1rem;
      padding-top: max(1rem, env(safe-area-inset-top));
    }
    h1 { font-size: 1.5rem; margin-bottom: 1rem; }
    .card {
      background: #161b22; border: 1px solid #30363d; border-radius: 8px;
      padding: 1rem; margin-bottom: 1rem;
    }
    label { display: block; font-size: 0.875rem; color: #8b949e; margin-bottom: 0.5rem; }
    input[type="text"], input[type="password"] {
      width: 100%; padding: 0.5rem; font-size: 1rem;
      background: #0d1117; border: 1px solid #30363d; border-radius: 6px;
      color: #e6edf3; margin-bottom: 1rem;
    }
    input:focus { outline: none; border-color: #58a6ff; }
    button {
      width: 100%; padding: 0.75rem; font-size: 1rem; font-weight: 600;
      background: #238636; color: #fff; border: none; border-radius: 6px;
      cursor: pointer;
    }
    button:active { background: #2ea043; }
    .message {
      padding: 0.75rem; border-radius: 6px; margin-bottom: 1rem;
      font-size: 0.875rem;
    }
    .message.success { background: #0d2818; border: 1px solid #238636; color: #3fb950; }
    .message.error { background: #2d1117; border: 1px solid #da3633; color: #f85149; }
    .message.info { background: #0c1d2e; border: 1px solid #1f6feb; color: #58a6ff; }
    .hint { font-size: 0.75rem; color: #8b949e; margin-top: 0.25rem; margin-bottom: 1rem; }
    .status { font-size: 0.875rem; color: #8b949e; }
    .status .connected { color: #3fb950; }
    .logout-btn {
      background: #21262d; border: 1px solid #30363d; margin-top: 0.5rem;
    }
    .logout-btn:active { background: #30363d; }
  </style>
</head>
<body>
  <h1>Settings</h1>

  {{if .Message}}
  <div class="message {{.MessageType}}">{{.Message}}</div>
  {{end}}

  {{if .HasToken}}
  <div class="card">
    <p class="status">Status: <span class="connected">Connected</span></p>
    <p class="hint">A Gitea API token is configured.</p>
    <form method="POST" action="/settings">
      <input type="hidden" name="action" value="logout">
      <button type="submit" class="logout-btn">Remove Token</button>
    </form>
  </div>
  {{end}}

  <div class="card">
    <form method="POST" action="/settings">
      <input type="hidden" name="action" value="save">
      <label for="token">Gitea API Token</label>
      <input type="password" id="token" name="token" placeholder="Enter your Gitea API token" required>
      <p class="hint">Generate a token at your Gitea instance under Settings &rarr; Applications.</p>
      <button type="submit">{{if .HasToken}}Update Token{{else}}Save Token{{end}}</button>
    </form>
  </div>

  {{if .HasToken}}
  <p style="text-align:center; margin-top:1rem;">
    <a href="/" style="color:#58a6ff; text-decoration:none;">Back to Dashboard</a>
  </p>
  {{end}}
</body>
</html>`))

// SettingsHandler handles GET and POST requests for the settings page.
type SettingsHandler struct {
	SessionSecret string
	SecureCookies bool
}

type settingsData struct {
	HasToken    bool
	Message     string
	MessageType string // "success", "error", "info"
}

// ServeHTTP handles the settings page.
func (h *SettingsHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
	switch r.Method {
	case http.MethodGet:
		h.handleGet(w, r)
	case http.MethodPost:
		h.handlePost(w, r)
	default:
		http.Error(w, "method not allowed", http.StatusMethodNotAllowed)
	}
}

func (h *SettingsHandler) handleGet(w http.ResponseWriter, r *http.Request) {
	hasToken := false
	if token := middleware.TokenFromContext(r.Context()); token != "" {
		hasToken = true
	} else if _, err := auth.GetToken(r, h.SessionSecret); err == nil {
		hasToken = true
	}

	data := settingsData{HasToken: hasToken}
	w.Header().Set("Content-Type", "text/html; charset=utf-8")
	settingsTemplate.Execute(w, data)
}

func (h *SettingsHandler) handlePost(w http.ResponseWriter, r *http.Request) {
	if err := r.ParseForm(); err != nil {
		h.renderWithMessage(w, r, "Failed to parse form.", "error")
		return
	}

	action := r.FormValue("action")

	switch action {
	case "logout":
		auth.ClearTokenCookie(w, h.SecureCookies)
		h.renderWithMessage(w, r, "Token removed successfully.", "success")
		return

	case "save":
		token := strings.TrimSpace(r.FormValue("token"))
		if token == "" {
			h.renderWithMessage(w, r, "Token cannot be empty.", "error")
			return
		}

		auth.SetTokenCookie(w, token, h.SessionSecret, h.SecureCookies)
		// After saving, redirect to dashboard.
		http.Redirect(w, r, "/", http.StatusSeeOther)
		return

	default:
		h.renderWithMessage(w, r, "Unknown action.", "error")
	}
}

func (h *SettingsHandler) renderWithMessage(w http.ResponseWriter, r *http.Request, msg, msgType string) {
	hasToken := false
	if _, err := auth.GetToken(r, h.SessionSecret); err == nil {
		hasToken = true
	}

	data := settingsData{
		HasToken:    hasToken,
		Message:     msg,
		MessageType: msgType,
	}
	w.Header().Set("Content-Type", "text/html; charset=utf-8")
	settingsTemplate.Execute(w, data)
}