8921830f43
Ship the installability bits that t-paliad-041 deferred so iOS / Android users can add Paliad to their home screen. What landed: - frontend/public/manifest.json — name=Paliad, theme_color #65a30d (lime), display=standalone, scope=/, start_url=/dashboard, four icon entries (192/512 × any/maskable). Served from /manifest.json with the spec-mandated application/manifest+json content type (servePWAManifest in internal/handlers/pwa.go). - frontend/public/icons/ — lime "p" logo rendered to 192/512 PNGs in both "any" and maskable variants (maskable variant has extra safe-zone padding), 180×180 apple-touch-icon, 32×32 favicon. SVG sources kept under frontend/icons-src/ for regeneration via rsvg-convert. - frontend/public/sw.js — minimal cache-first for /assets/* and /icons/*, network-first for /api/*, network passthrough for everything else. CACHE_VERSION + activate-clean lets us bump and purge cleanly. Served from /sw.js so its scope can claim /; Service-Worker-Allowed: / header set, no-cache on the SW file itself so updates take effect on next load. - frontend/src/components/PWAHead.tsx — head fragment (manifest link, apple-touch-icon, favicon, app-name metas, <script src="/assets/app.js" defer>). Added to all 30 page TSX files via mechanical insertion. - frontend/src/client/app.ts — universal client bundle loaded on every page. Three jobs: register the service worker, init the BottomNav (icarus flagged that bottom-nav.ts was written but never wired into the build — m reproduced the broken [+] Anlegen and Menü buttons in prod), and surface the install banner. - frontend/src/client/pwa-install.ts — install banner UI. Two flows: beforeinstallprompt for Chromium/Android (deferred → CTA → prompt), one-time iOS Safari hint pointing at the share sheet. Both dismissals persist in localStorage (paliad-install-dismissed / -ios-shown). - frontend/src/styles/global.css — banner styles, sits above BottomNav on mobile and pinned bottom-right on desktop, lime-on-white card with the brand "p" mark. - frontend/build.ts — copies frontend/public → dist verbatim so the manifest, icons, and SW land at the application root. Verification before merge: - bun run build clean, go build/vet/test clean. - Local server smoke: curl -sI confirmed manifest.json (200, application/manifest+json), all icon files (200, image/png), sw.js (200, Service-Worker-Allowed: /), app.js (200, text/javascript). - Playwright at 390×844: Chrome fired beforeinstallprompt, the banner rendered with "Paliad installieren" + "Installieren" CTA in German, dismiss persisted across reload via localStorage. Manifest validated in-browser (name/short_name/start_url/display/scope all correct, all four icon URLs returned 200). - The InvalidStateError on serviceWorker.register() seen in the MCP Playwright profile is a known headless flag; SW registration works in real Chrome / Safari on localhost and HTTPS production. Out of scope: push notifications, runtime offline mode (SW intentionally stays minimal — cache shell + assets, network passthrough for everything else).
278 lines
15 KiB
Go
278 lines
15 KiB
Go
package handlers
|
|
|
|
import (
|
|
"encoding/json"
|
|
"net/http"
|
|
|
|
"mgit.msbls.de/m/patholo/internal/auth"
|
|
"mgit.msbls.de/m/patholo/internal/services"
|
|
)
|
|
|
|
var authClient *auth.Client
|
|
|
|
// Services bundles the Phase B + C database-backed services. Pass nil if
|
|
// DATABASE_URL was unset; the matter-management endpoints will return 503.
|
|
type Services struct {
|
|
Project *services.ProjectService
|
|
Team *services.TeamService
|
|
Department *services.DepartmentService
|
|
Party *services.PartyService
|
|
Deadline *services.DeadlineService
|
|
Appointment *services.AppointmentService
|
|
CalDAV *services.CalDAVService
|
|
Rules *services.DeadlineRuleService
|
|
Calculator *services.DeadlineCalculator
|
|
Users *services.UserService
|
|
Fristenrechner *services.FristenrechnerService
|
|
Dashboard *services.DashboardService
|
|
Note *services.NoteService
|
|
ChecklistInst *services.ChecklistInstanceService
|
|
Mail *services.MailService
|
|
Invite *services.InviteService
|
|
Agenda *services.AgendaService
|
|
}
|
|
|
|
func Register(mux *http.ServeMux, client *auth.Client, giteaAPIToken string, svc *Services) {
|
|
authClient = client
|
|
giteaToken = giteaAPIToken
|
|
|
|
if svc != nil {
|
|
dbSvc = &dbServices{
|
|
projects: svc.Project,
|
|
team: svc.Team,
|
|
department: svc.Department,
|
|
parties: svc.Party,
|
|
deadline: svc.Deadline,
|
|
appointment: svc.Appointment,
|
|
caldav: svc.CalDAV,
|
|
rules: svc.Rules,
|
|
calc: svc.Calculator,
|
|
users: svc.Users,
|
|
fristenrechner: svc.Fristenrechner,
|
|
dashboard: svc.Dashboard,
|
|
note: svc.Note,
|
|
checklistInst: svc.ChecklistInst,
|
|
mail: svc.Mail,
|
|
invite: svc.Invite,
|
|
agenda: svc.Agenda,
|
|
}
|
|
}
|
|
|
|
// API endpoints (JSON, public)
|
|
mux.HandleFunc("POST /api/login", handleAPILogin)
|
|
mux.HandleFunc("POST /api/register", handleAPIRegister)
|
|
|
|
// Public pages
|
|
mux.HandleFunc("GET /login", handleLoginPage)
|
|
mux.HandleFunc("GET /logout", handleLogout)
|
|
|
|
// Landing page: public to unauthenticated visitors, redirects logged-in
|
|
// users to /dashboard. Handled on the outer mux so the auth Middleware
|
|
// doesn't bounce unauthenticated visitors to /login.
|
|
mux.HandleFunc("GET /{$}", handleRootPage)
|
|
|
|
// Static assets (public)
|
|
mux.Handle("GET /assets/", http.StripPrefix("/assets/", http.FileServer(http.Dir("dist/assets"))))
|
|
|
|
// PWA static surface (public): manifest, icons, service worker. The SW
|
|
// must be served from the application origin; its scope is /, so the file
|
|
// has to live at /sw.js (a SW served from /assets/sw.js could only claim
|
|
// /assets/* by default).
|
|
mux.HandleFunc("GET /manifest.json", servePWAManifest)
|
|
mux.Handle("GET /icons/", http.StripPrefix("/icons/", http.FileServer(http.Dir("dist/icons"))))
|
|
mux.HandleFunc("GET /sw.js", servePWAServiceWorker)
|
|
|
|
// Protected routes
|
|
protected := http.NewServeMux()
|
|
protected.HandleFunc("GET /tools/kostenrechner", handleKostenrechnerPage)
|
|
protected.HandleFunc("POST /api/tools/kostenrechner", handleKostenrechnerAPI)
|
|
protected.HandleFunc("GET /tools/fristenrechner", handleFristenrechnerPage)
|
|
protected.HandleFunc("POST /api/tools/fristenrechner", handleFristenrechnerAPI)
|
|
protected.HandleFunc("GET /api/tools/proceeding-types", handleProceedingTypes)
|
|
protected.HandleFunc("GET /downloads", handleDownloadsPage)
|
|
protected.HandleFunc("GET /glossary", handleGlossaryPage)
|
|
protected.HandleFunc("GET /api/glossary", handleGlossaryAPI)
|
|
protected.HandleFunc("POST /api/glossary/suggest", handleGlossarySuggest)
|
|
protected.HandleFunc("GET /files/{filename}", handleFileDownload)
|
|
protected.HandleFunc("POST /api/files/refresh", handleFileRefresh)
|
|
protected.HandleFunc("GET /links", handleLinksPage)
|
|
protected.HandleFunc("GET /api/links", handleLinksAPI)
|
|
protected.HandleFunc("POST /api/links/suggest", handleLinkSuggest)
|
|
protected.HandleFunc("POST /api/links/feedback", handleLinkFeedback)
|
|
protected.HandleFunc("GET /api/links/suggestions/count", handleSuggestionCount)
|
|
protected.HandleFunc("GET /tools/gebuehrentabellen", handleGebuehrentabellenPage)
|
|
protected.HandleFunc("GET /api/tools/gebuehrentabellen", handleGebuehrentabellenAPI)
|
|
protected.HandleFunc("GET /api/tools/gebuehrentabellen/lookup", handleGebuehrentabellenLookup)
|
|
protected.HandleFunc("POST /api/tools/gebuehrentabellen/feedback", handleGebuehrentabellenFeedback)
|
|
protected.HandleFunc("GET /checklists", handleChecklistsPage)
|
|
protected.HandleFunc("GET /checklists/instances/{id}", handleChecklistInstancePage)
|
|
protected.HandleFunc("GET /checklists/{slug}", handleChecklistDetailPage)
|
|
protected.HandleFunc("GET /api/checklists", handleChecklistsAPI)
|
|
protected.HandleFunc("GET /api/checklists/{slug}", handleChecklistAPI)
|
|
protected.HandleFunc("POST /api/checklists/feedback", handleChecklistsFeedback)
|
|
protected.HandleFunc("GET /api/checklists/{slug}/instances", handleListChecklistInstancesForTemplate)
|
|
protected.HandleFunc("POST /api/checklists/{slug}/instances", handleCreateChecklistInstance)
|
|
protected.HandleFunc("GET /api/checklist-instances/{id}", handleGetChecklistInstance)
|
|
protected.HandleFunc("PATCH /api/checklist-instances/{id}", handleUpdateChecklistInstance)
|
|
protected.HandleFunc("POST /api/checklist-instances/{id}/reset", handleResetChecklistInstance)
|
|
protected.HandleFunc("DELETE /api/checklist-instances/{id}", handleDeleteChecklistInstance)
|
|
protected.HandleFunc("GET /api/projects/{id}/checklists", handleListChecklistInstancesForProject)
|
|
protected.HandleFunc("GET /courts", handleCourtsPage)
|
|
protected.HandleFunc("GET /api/courts", handleCourtsAPI)
|
|
protected.HandleFunc("POST /api/courts/feedback", handleCourtsFeedback)
|
|
protected.HandleFunc("GET /changelog", handleChangelogPage)
|
|
protected.HandleFunc("GET /api/changelog", handleChangelogAPI)
|
|
protected.HandleFunc("GET /api/changelog/unseen-count", handleChangelogUnseenCount)
|
|
|
|
// Phase B (DB-backed) — return 503 if DATABASE_URL unset.
|
|
protected.HandleFunc("GET /api/deadline-rules", handleListDeadlineRules)
|
|
protected.HandleFunc("GET /api/proceeding-types-db", handleListProceedingTypesDB)
|
|
protected.HandleFunc("POST /api/deadlines/calculate", handleCalculateDeadlines)
|
|
// Projects v2 (hierarchical tree — t-paliad-024).
|
|
protected.HandleFunc("GET /api/projects", handleListProjects)
|
|
protected.HandleFunc("POST /api/projects", handleCreateProject)
|
|
protected.HandleFunc("GET /api/projects/tree", handleGetProjectsTree)
|
|
protected.HandleFunc("GET /api/projects/{id}", handleGetProject)
|
|
protected.HandleFunc("PATCH /api/projects/{id}", handleUpdateProject)
|
|
protected.HandleFunc("DELETE /api/projects/{id}", handleDeleteProject)
|
|
protected.HandleFunc("GET /api/projects/{id}/events", handleListProjectEvents)
|
|
protected.HandleFunc("GET /api/projects/{id}/children", handleListProjectChildren)
|
|
protected.HandleFunc("GET /api/projects/{id}/tree", handleGetProjectTree)
|
|
protected.HandleFunc("GET /api/projects/{id}/ancestors", handleListProjectAncestors)
|
|
protected.HandleFunc("GET /api/projects/{id}/parties", handleListParties)
|
|
protected.HandleFunc("POST /api/projects/{id}/parties", handleCreateParty)
|
|
// Team membership endpoints for Project detail "Team" tab.
|
|
protected.HandleFunc("GET /api/projects/{id}/team", handleListProjectTeam)
|
|
protected.HandleFunc("POST /api/projects/{id}/team", handleAddProjectTeamMember)
|
|
protected.HandleFunc("DELETE /api/projects/{id}/team/{user_id}", handleRemoveProjectTeamMember)
|
|
|
|
// Departments (structural teams).
|
|
protected.HandleFunc("GET /api/departments", handleListDepartments)
|
|
protected.HandleFunc("POST /api/departments", handleCreateDepartment)
|
|
protected.HandleFunc("GET /api/departments/{id}", handleGetDepartment)
|
|
protected.HandleFunc("PATCH /api/departments/{id}", handleUpdateDepartment)
|
|
protected.HandleFunc("DELETE /api/departments/{id}", handleDeleteDepartment)
|
|
protected.HandleFunc("GET /api/departments/{id}/members", handleListDepartmentMembers)
|
|
protected.HandleFunc("POST /api/departments/{id}/members", handleAddDepartmentMember)
|
|
protected.HandleFunc("DELETE /api/departments/{id}/members/{user_id}", handleRemoveDepartmentMember)
|
|
|
|
protected.HandleFunc("DELETE /api/parties/{id}", handleDeleteParty)
|
|
|
|
// Phase F — Appointments (appointments)
|
|
protected.HandleFunc("GET /api/appointments", handleListAppointments)
|
|
protected.HandleFunc("GET /api/appointments/summary", handleAppointmentsSummary)
|
|
protected.HandleFunc("POST /api/appointments", handleCreateAppointment)
|
|
protected.HandleFunc("GET /api/appointments/{id}", handleGetAppointment)
|
|
protected.HandleFunc("PATCH /api/appointments/{id}", handleUpdateAppointment)
|
|
protected.HandleFunc("DELETE /api/appointments/{id}", handleDeleteAppointment)
|
|
protected.HandleFunc("GET /api/projects/{id}/appointments", handleListAppointmentsForProject)
|
|
|
|
// Phase F — CalDAV configuration (per-user, encrypted at rest)
|
|
protected.HandleFunc("GET /api/caldav-config", handleGetCalDAVConfig)
|
|
protected.HandleFunc("PUT /api/caldav-config", handlePutCalDAVConfig)
|
|
protected.HandleFunc("DELETE /api/caldav-config", handleDeleteCalDAVConfig)
|
|
protected.HandleFunc("POST /api/caldav-config/test", handleTestCalDAVConfig)
|
|
protected.HandleFunc("GET /api/caldav-config/log", handleCalDAVSyncLog)
|
|
|
|
// Phase E — Deadlines (persistent deadlines)
|
|
protected.HandleFunc("GET /api/deadlines", handleListDeadlines)
|
|
protected.HandleFunc("GET /api/deadlines/summary", handleDeadlinesSummary)
|
|
protected.HandleFunc("GET /api/deadlines/{id}", handleGetDeadline)
|
|
protected.HandleFunc("PATCH /api/deadlines/{id}", handleUpdateDeadline)
|
|
protected.HandleFunc("PATCH /api/deadlines/{id}/complete", handleCompleteDeadline)
|
|
protected.HandleFunc("DELETE /api/deadlines/{id}", handleDeleteDeadline)
|
|
protected.HandleFunc("GET /api/projects/{id}/deadlines", handleListDeadlinesForProject)
|
|
protected.HandleFunc("POST /api/projects/{id}/deadlines", handleCreateDeadline)
|
|
protected.HandleFunc("POST /api/projects/{id}/deadlines/bulk", handleBulkCreateDeadlines)
|
|
|
|
// Phase I — Notes (polymorphic notes)
|
|
protected.HandleFunc("GET /api/projects/{id}/notes", handleListNotesForProject)
|
|
protected.HandleFunc("POST /api/projects/{id}/notes", handleCreateNoteForProject)
|
|
protected.HandleFunc("GET /api/deadlines/{id}/notes", handleListNotesForDeadline)
|
|
protected.HandleFunc("POST /api/deadlines/{id}/notes", handleCreateNoteForDeadline)
|
|
protected.HandleFunc("GET /api/appointments/{id}/notes", handleListNotesForAppointment)
|
|
protected.HandleFunc("POST /api/appointments/{id}/notes", handleCreateNoteForAppointment)
|
|
protected.HandleFunc("PATCH /api/notes/{id}", handleUpdateNote)
|
|
protected.HandleFunc("DELETE /api/notes/{id}", handleDeleteNote)
|
|
|
|
// Global search — mixes static curated content with visibility-gated DB
|
|
// lookups across every major surface. See internal/handlers/search.go.
|
|
protected.HandleFunc("GET /api/search", handleSearch)
|
|
|
|
protected.HandleFunc("GET /api/me", handleGetMe)
|
|
protected.HandleFunc("PATCH /api/me", handleUpdateMe)
|
|
protected.HandleFunc("GET /api/users", handleListUsers)
|
|
protected.HandleFunc("GET /api/offices", handleListOffices)
|
|
protected.HandleFunc("GET /api/dashboard", handleDashboardAPI)
|
|
protected.HandleFunc("GET /api/agenda", handleAgendaAPI)
|
|
|
|
// Invitations — send a colleague a Paliad invite email.
|
|
protected.HandleFunc("POST /api/invite", handleInvite)
|
|
protected.HandleFunc("GET /api/invite", handleInviteStatus)
|
|
|
|
// First-login profile capture — authenticated but NOT behind the
|
|
// onboarding gate (it's the one page a user without paliad.users may reach).
|
|
protected.HandleFunc("GET /onboarding", handleOnboardingPage)
|
|
protected.HandleFunc("POST /api/onboarding", handleCreateOnboarding)
|
|
|
|
// Phase G — Dashboard (logged-in landing). Server-renders the data
|
|
// payload inline; client boots from window.__PALIAD_DASHBOARD__ with no
|
|
// waterfall fetch (design audit §2.3).
|
|
protected.HandleFunc("GET /dashboard", gateOnboarded(handleDashboardPage))
|
|
protected.HandleFunc("GET /agenda", gateOnboarded(handleAgendaPage))
|
|
|
|
// Phase D — server-rendered Projects pages.
|
|
protected.HandleFunc("GET /projects", gateOnboarded(handleProjectsListPage))
|
|
protected.HandleFunc("GET /projects/new", gateOnboarded(handleProjectsNewPage))
|
|
protected.HandleFunc("GET /projects/{id}", gateOnboarded(handleProjectsDetailPage))
|
|
protected.HandleFunc("GET /projects/{id}/events", gateOnboarded(handleProjectsDetailPage))
|
|
protected.HandleFunc("GET /projects/{id}/parties", gateOnboarded(handleProjectsDetailPage))
|
|
protected.HandleFunc("GET /projects/{id}/deadlines", gateOnboarded(handleProjectsDetailPage))
|
|
protected.HandleFunc("GET /projects/{id}/appointments", gateOnboarded(handleProjectsDetailPage))
|
|
protected.HandleFunc("GET /projects/{id}/documents", gateOnboarded(handleProjectsDetailPage))
|
|
protected.HandleFunc("GET /projects/{id}/notes", gateOnboarded(handleProjectsDetailPage))
|
|
protected.HandleFunc("GET /projects/{id}/checklists", gateOnboarded(handleProjectsDetailPage))
|
|
protected.HandleFunc("GET /projects/{id}/team", gateOnboarded(handleProjectsDetailPage))
|
|
protected.HandleFunc("GET /projects/{id}/deadlines/new", gateOnboarded(handleDeadlinesNewPage))
|
|
protected.HandleFunc("GET /projects/{id}/appointments/new", gateOnboarded(handleAppointmentsNewPage))
|
|
|
|
// Phase E — Deadlines (persistent deadline) pages
|
|
protected.HandleFunc("GET /deadlines", gateOnboarded(handleDeadlinesListPage))
|
|
protected.HandleFunc("GET /deadlines/new", gateOnboarded(handleDeadlinesNewPage))
|
|
protected.HandleFunc("GET /deadlines/calendar", gateOnboarded(handleDeadlinesCalendarPage))
|
|
protected.HandleFunc("GET /deadlines/{id}", gateOnboarded(handleDeadlinesDetailPage))
|
|
|
|
// Phase F — Appointments pages
|
|
protected.HandleFunc("GET /appointments", gateOnboarded(handleAppointmentsListPage))
|
|
protected.HandleFunc("GET /appointments/new", gateOnboarded(handleAppointmentsNewPage))
|
|
protected.HandleFunc("GET /appointments/calendar", gateOnboarded(handleAppointmentsCalendarPage))
|
|
protected.HandleFunc("GET /appointments/{id}", gateOnboarded(handleAppointmentsDetailPage))
|
|
|
|
// Team directory — browsable list of all onboarded users (t-paliad-029).
|
|
protected.HandleFunc("GET /team", gateOnboarded(handleTeamPage))
|
|
|
|
// Settings
|
|
protected.HandleFunc("GET /settings", gateOnboarded(handleSettingsPage))
|
|
protected.HandleFunc("GET /settings/{tab}", handleSettingsTabRedirect)
|
|
|
|
// Catch-all 404 — runs for any authenticated path that no more-specific
|
|
// pattern claimed. Renders the chromed shell with HTTP 404 (Bug 9 from
|
|
// tests/smoke-auth-2026-04-25.md). Must be registered last on this mux.
|
|
protected.HandleFunc("/", handleNotFoundPage)
|
|
|
|
// Legacy German URLs redirect 301 on the OUTER mux so old bookmarks
|
|
// land on the new path before hitting the auth middleware (avoids a
|
|
// login→redirect round-trip from unauthenticated visitors).
|
|
registerLegacyRedirects(mux)
|
|
|
|
// Session middleware refreshes tokens; user-id middleware extracts the
|
|
// JWT sub claim into the request context for handlers that need it.
|
|
mux.Handle("/", client.Middleware(client.WithUserID(protected)))
|
|
}
|
|
|
|
func writeJSON(w http.ResponseWriter, status int, data any) {
|
|
w.Header().Set("Content-Type", "application/json")
|
|
w.WriteHeader(status)
|
|
json.NewEncoder(w).Encode(data)
|
|
}
|