Stripped all CSRF token generation, injection, and validation since it
breaks behind Apache reverse proxy. Removed handlers/csrf.go, stripped
CSRFToken from PageData, removed validateCSRFToken from all POST handlers,
and cleaned up hidden inputs and JS CSRF references.
Added self-service password change at /password/ with current-password
verification and bcrypt update. New Password link in navbar.
Extended admin panel with user management: lists all users with join dates
and allows admins to delete other users (self-deletion blocked). Added
GetAllUsers() and DeleteUser() to models.
- Breadcrumb navigation on board and thread pages (Home › Boards › Board › Thread)
- Back buttons to return to parent page (with arrow icon and hover effects)
- Scroll-to-top button appears after scrolling 300px (smooth animation)
- Keyboard shortcuts: Ctrl+Enter submits forms from textarea, Esc clears focus and closes notifications
- Optimistic UI for like/dislike buttons (immediate visual feedback with checkmark)
- Updated thread handler to pass board data for breadcrumb context
- Add loading spinners and disabled states for form submissions
- Implement client-side form validation with inline error messages
- Add Enter-to-submit functionality for single-line forms
- Implement relative timestamps (e.g., '2 hours ago')
- Add character counters for textareas
- Auto-resize textareas as users type
- Add toast notifications for success/error messages
- Improve form accessibility with autocomplete and max lengths
- Add password confirmation field to signup form
- Better error styling throughout the application
Joca