Stripped all CSRF token generation, injection, and validation since it
breaks behind Apache reverse proxy. Removed handlers/csrf.go, stripped
CSRFToken from PageData, removed validateCSRFToken from all POST handlers,
and cleaned up hidden inputs and JS CSRF references.
Added self-service password change at /password/ with current-password
verification and bcrypt update. New Password link in navbar.
Extended admin panel with user management: lists all users with join dates
and allows admins to delete other users (self-deletion blocked). Added
GetAllUsers() and DeleteUser() to models.
Co-authored-by: CommandCodeBot <noreply@commandcode.ai>
- Remove markdown_preview_default field from UserPreferences model
- Remove markdown_preview_default column from user_preferences table schema
- Simplify preferences form to only show draft auto-save checkbox
- Update handler to only process auto_save_drafts preference
- Clean up unused form fields and validation logic
Only the draft auto-save preference remains.
- Add user_preferences table to store per-user settings (auto_save_drafts, markdown_preview_default)
- Create UserPreferences model with GetUserPreferences, CreateDefaultPreferences, and UpdateUserPreferences functions
- Add PreferencesHandler for GET/POST requests to display and save user preferences
- Create preferences.html template with checkbox for draft auto-save and radio buttons for markdown preview default
- Add "Preferences" link to navbar for logged-in users
- Register /preferences/ route with login requirement
This establishes the foundation for advanced features like draft auto-save and markdown preview toggle, allowing users to customize their experience.
Joca