refactor: remove recovery auth surface

This commit is contained in:
2026-04-19 19:40:18 +02:00
parent 4eaa6542ff
commit 1e1a3e8205
11 changed files with 70 additions and 291 deletions

View File

@@ -33,7 +33,9 @@ Technically, I also wanted to prove that a small, server-rendered Go app could s
## What the application offers
For my own workflow, MyAnimeList combines catalog browsing, seasonal discovery, quick search, detail pages with recommendations and relations, and full watchlist management in one server-rendered interface. It also includes account flows such as registration, login, recovery, and recovery-key rotation. The notifications area is tuned for practical tracking, including sequel visibility derived from watchlist context.
For my own workflow, MyAnimeList combines catalog browsing, seasonal discovery, quick search, detail pages with recommendations and relations, full watchlist management, continue-watching, and in-app playback in one server-rendered interface.
Authentication in the web UI is login-only.
## Technical approach
@@ -49,19 +51,24 @@ Instead of treating the repository as one flat service, the codebase is organize
| --- | --- |
| `cmd/server` | Application entrypoint and process lifecycle setup |
| `internal/server` | Route registration and middleware composition |
| `internal/features/anime` | Anime browsing, discovery, search, detail, and notifications logic |
| `internal/features/watchlist` | Watchlist updates, retrieval, import, and export |
| `internal/features/auth` | Authentication, sessions, account recovery, and account settings |
| `internal/features/anime` | Catalog, discovery, search, details, recommendations, and relations |
| `internal/features/watchlist` | Watchlist updates, retrieval, import/export, and continue-watching |
| `internal/features/playback` | Watch page, stream/subtitle proxying, and watch progress APIs |
| `internal/features/auth` | Login/session handling and auth service logic |
| `internal/jikan` | Upstream API client, caching, and retry-aware fetch behavior |
| `internal/worker` | Background relation sync, retry processing, and cache cleanup |
| `internal/database` | Migration runner, generated query layer, and DB models |
| `internal/templates` | Server-rendered page and partial templates |
| `internal/watchorder` | Watch-order scraping and parsing helpers |
| `migrations` | Schema evolution and operational DB changes |
| `static` | CSS, JavaScript, and static assets |
| `static` | Source CSS, TypeScript, and static assets |
| `dist` | Built frontend assets served at `/dist/*` |
## Runtime behavior
On startup, the server opens SQLite using `DATABASE_FILE` (defaulting to `mal.db`), runs migrations automatically, initializes core services, starts the background worker, and then serves HTTP traffic on `PORT` (defaulting to `3000`). A request enters the router, passes through global middleware for origin and authentication boundaries, reaches a feature handler, and then resolves through service logic that combines database access with upstream data where needed before rendering HTML.
On startup, the server opens SQLite using `DATABASE_FILE` (defaulting to `mal.db`), runs migrations automatically, initializes core services, starts the background worker, and then serves HTTP traffic on `PORT` (defaulting to `3000`). A request enters the router, passes through global middleware for origin and auth boundaries, reaches a feature handler, and then resolves through service logic that combines database access with upstream data where needed before rendering HTML.
Public access is intentionally limited. `/`, `/login`, `/search`, `/api/search`, `/api/search-quick`, and static asset routes are available without auth; most other routes require a valid session.
The background worker continuously maintains relation data for sequel awareness, processes queued retryable anime fetches, and periodically removes expired cache records. This keeps user-facing pages stable even when data collection has to happen in multiple phases.
@@ -73,7 +80,7 @@ There are still honest limits. Metadata quality still depends partly on external
## Getting started
For local development, install Go `1.24+`, SQLite, Bun, and the `templ` CLI, then generate templates, build frontend assets, and run the server.
For local development, install Go `1.24+`, Bun, and the `templ` CLI, then generate templates, build frontend assets, and run the server.
```bash
go install github.com/a-h/templ/cmd/templ@latest
@@ -87,13 +94,27 @@ The frontend pipeline uses a single source stylesheet (`static/style.css`) and T
When the server starts, the app is available at `http://localhost:3000`.
For containerized usage, the included `Dockerfile` uses a multi-stage build that generates templates, compiles `cmd/server`, and ships a slim runtime image with SQLite support.
Important notes:
- Environment variables are read directly from the process environment (`PORT`, `DATABASE_FILE`, `ENV`); `.env` is not auto-loaded.
- The web app currently exposes a login route only. If your database has no users yet, create the first user outside the web UI.
For containerized usage, the included `Dockerfile` uses a multi-stage build that installs Bun + templ, builds assets, generates templates, compiles `cmd/server`, and ships a slim runtime image with SQLite support.
```bash
docker build -t myanimelist .
docker run --rm -p 3000:3000 myanimelist
```
For persistent data in containers, set `DATABASE_FILE` to `/app/data/mal.db` and mount a volume:
```bash
docker run --rm \
-p 3000:3000 \
-e DATABASE_FILE=/app/data/mal.db \
-v "$(pwd)/data:/app/data" \
myanimelist
```
## Configuration
| Variable | Default | Description |
@@ -104,14 +125,16 @@ docker run --rm -p 3000:3000 myanimelist
## Database and testing
Migrations run at startup, so schema changes are applied automatically before the server begins accepting traffic. Migration history includes the initial auth and watchlist schema, anime metadata expansion, relation tracking, Jikan cache persistence, indexing updates, recovery key support, and retry-queue support for failed fetches.
Migrations run at startup, so schema changes are applied automatically before the server begins accepting traffic. Migration history includes the initial auth and watchlist schema, anime metadata expansion, relation tracking, Jikan cache persistence, indexing updates, and retry-queue support for failed fetches.
Tests are available for watchlist behavior, relation helpers, auth middleware boundaries, and watch-order parsing. Run the full test suite with:
Current automated tests are unit-focused and cover watchlist behavior, relation helpers, auth middleware boundaries, and watch-order parsing. Run the full test suite with:
```bash
go test ./...
```
There is currently no CI workflow in this repository, so validation is local.
## Contributing
This is primarily a personal project, so development priorities are driven by my own use and preferences. That said, if you spot a bug or have a focused improvement, feel free to open an issue or pull request. Please read `CONTRIBUTING.md` first so expectations around scope, validation, and security handling are clear.