Some browsers were not accepting cookies without an explicit SameSite attribute.
Added SameSite=Lax to the login cookie to ensure it works across all modern browsers.
This fixes login issues where the cookie was being set by the server but not
accepted/sent by the browser on subsequent requests.
Users can now create a new context directly from the todo creation modal
without having to navigate away to the contexts page.
Changes:
- Added "Create new context..." option to context dropdown in todo modal
- Added inline form that appears when user selects "Create new context"
- Added JavaScript to show/hide the new context input field dynamically
- Added form validation to ensure either an existing context is selected
or a new context name is provided
- Updated HandleCreateTodo to detect when user wants to create a new context
(context_id == "__new__") and create it before creating the todo
- New contexts are created with proper position ordering
UX Flow:
1. User clicks "New Todo"
2. User selects "Create new context..." from dropdown
3. Input field appears below for entering context name
4. User enters context name (e.g., "@home", "@work")
5. When form is submitted, context is created first, then todo is created
with the new context automatically assigned
6. User is redirected back to todos page with both new context and todo visible
This streamlines the workflow and eliminates context switching when users
need to quickly add a todo with a new context.
Implemented complete CRUD (Create, Read, Update, Delete) operations for the web UI:
## Context CRUD:
- Added HandleCreateContext and HandleDeleteContext handlers
- Created modal form for context creation in contexts.html
- Added delete buttons with confirmation dialogs
- Added POST /contexts and POST /contexts/:id/delete routes
- Contexts now support proper position-based ordering
## Todo CRUD:
- Added HandleCreateTodo and HandleDeleteTodo handlers
- Created modal form for todo creation with context selection in todos.html
- Context selection is required (aligned with GTD methodology)
- Added delete buttons for todos with confirmation dialogs
- Added POST /todos and POST /todos/:id/delete routes
- Updated ShowTodos to pass available contexts to template
## RSS Feed:
- Implemented HandleContextFeed handler with RSS 2.0 XML generation
- Added GET /contexts/:id/feed.rss route
- Feed includes all todos for a specific context
- Feed contains todo description, notes, project, and due date info
## Testing:
- Created comprehensive Playwright test suite (test-tracks-crud.js)
- Tests cover: login, context creation, todo creation with context assignment,
todo deletion, context deletion, and RSS feed validation
All code compiles successfully. Ready for end-to-end testing.
- Created todos.html template showing user's todos with state badges
- Created projects.html template showing project cards in grid layout
- Created contexts.html template showing context cards
- Added ShowTodos, ShowProjects, ShowContexts handlers to web_handler.go
- Added routes for /todos, /projects, /contexts to main.go
- All pages show empty state when no data exists
- Navigation menu links now work without 404 errors
All pages are functional and display user-specific data from the database.
Features:
- Single binary deployment with embedded HTML templates
- Dark and light mode theme switcher with localStorage persistence
- Server-side rendered Go templates
- Clean, modern UI with CSS variables for theming
- Login page with default admin credentials hint
- Dashboard with statistics and quick actions
- Admin user management page
- Session management via HTTP-only cookies
Implementation:
- Created web templates in cmd/tracks/web/templates/
- base.html: Main layout with navigation and theme toggle
- login.html: Login form with first-time user hint
- dashboard.html: Main dashboard with stats cards and recent todos
- admin_users.html: User management with create user modal
- Added web_handler.go for serving web UI
- ShowLogin: Renders login page
- HandleLogin: Processes login form, sets cookie, redirects to dashboard
- HandleLogout: Clears cookie, redirects to login
- ShowDashboard: Shows personalized dashboard with stats
- ShowAdminUsers: Admin-only user management page
- HandleCreateUser: Processes user creation form
- Updated main.go to embed templates using //go:embed
- Added web routes before API routes:
- GET/POST /login (public)
- GET /logout (public)
- GET / and /dashboard (authenticated)
- GET/POST /admin/users (authenticated + admin)
UI Features:
- Responsive design with mobile support
- Theme persistence across sessions
- Clean card-based layout
- Statistics dashboard (active todos, projects, contexts, completed today)
- Quick action buttons
- Admin badge for admin users
- Navigation menu with conditional admin links
Security:
- HttpOnly cookies for session tokens
- Admin middleware for protected routes
- CSRF protection via form POST
- Password fields properly masked
No external dependencies - all CSS and JS inline in templates.
Everything compiles into single binary.
Tested:
- Login page renders correctly ✓
- Login form submits and creates session ✓
- Dashboard displays with user info ✓
- Theme toggle functionality included ✓
- Admin user sees admin links ✓
Features added:
- Automatic creation of default admin user on first startup (login: admin, password: admin)
- Admin-only endpoint POST /api/admin/users for creating new users
- Admin users can set is_admin flag when creating users
- Non-admin users are blocked from accessing admin endpoints
Implementation:
- Added CreateDefaultAdmin() function in internal/database/database.go
- Checks if any users exist, creates admin only if database is empty
- Admin user: login "admin", password "admin", is_admin true
- Added CreateUser() method to auth service for admin user creation
- Added CreateUser() handler to auth handler
- Added /api/admin/users endpoint with AuthMiddleware + AdminMiddleware
- Updated README_GOLANG.md with:
- Default admin credentials
- Instructions for creating additional users
- Admin API documentation
Security:
- Default admin password should be changed after first login
- AdminMiddleware ensures only users with is_admin=true can access admin routes
- Non-admin users receive 403 Forbidden when accessing admin endpoints
Tested:
- Default admin creation on startup ✓
- Admin login with default credentials ✓
- Admin can create new users ✓
- New users can login ✓
- Non-admin users blocked from admin endpoints ✓
This commit introduces a complete rewrite of the Tracks GTD application
in Go (Golang), providing a modern, performant alternative to the Ruby
on Rails implementation.
## Architecture & Technology Stack
- Language: Go 1.21+
- Web Framework: Gin
- ORM: GORM with SQLite/MySQL/PostgreSQL support
- Authentication: JWT with bcrypt password hashing
- Clean Architecture: Separated models, services, handlers, and middleware
## Implemented Features
### Core Models
- User: Authentication and user management
- Context: GTD contexts (@home, @work, etc.)
- Project: Project grouping and tracking
- Todo: Task management with state machine (active, completed, deferred, pending)
- Tag: Flexible tagging system with polymorphic associations
- Dependency: Todo dependencies with circular dependency detection
- Preference: User preferences and settings
- Note: Project notes
- Attachment: File attachment support (model only)
- RecurringTodo: Recurring task template (model only)
### API Endpoints
**Authentication:**
- POST /api/auth/login - User login
- POST /api/auth/register - User registration
- POST /api/auth/logout - User logout
- GET /api/me - Get current user
**Todos:**
- GET /api/todos - List todos with filtering
- POST /api/todos - Create todo
- GET /api/todos/:id - Get todo details
- PUT /api/todos/:id - Update todo
- DELETE /api/todos/:id - Delete todo
- POST /api/todos/:id/complete - Mark as completed
- POST /api/todos/:id/activate - Mark as active
- POST /api/todos/:id/defer - Defer to future date
- POST /api/todos/:id/dependencies - Add dependency
- DELETE /api/todos/:id/dependencies/:successor_id - Remove dependency
**Projects:**
- GET /api/projects - List projects
- POST /api/projects - Create project
- GET /api/projects/:id - Get project details
- PUT /api/projects/:id - Update project
- DELETE /api/projects/:id - Delete project
- POST /api/projects/:id/complete - Complete project
- POST /api/projects/:id/activate - Activate project
- POST /api/projects/:id/hide - Hide project
- POST /api/projects/:id/review - Mark as reviewed
- GET /api/projects/:id/stats - Get project statistics
**Contexts:**
- GET /api/contexts - List contexts
- POST /api/contexts - Create context
- GET /api/contexts/:id - Get context details
- PUT /api/contexts/:id - Update context
- DELETE /api/contexts/:id - Delete context
- POST /api/contexts/:id/hide - Hide context
- POST /api/contexts/:id/activate - Activate context
- POST /api/contexts/:id/close - Close context
- GET /api/contexts/:id/stats - Get context statistics
### Business Logic
**Todo State Management:**
- Active: Ready to work on
- Completed: Finished tasks
- Deferred: Future actions (show_from date)
- Pending: Blocked by dependencies
**Dependency Management:**
- Create blocking relationships between todos
- Automatic state transitions when blocking todos complete
- Circular dependency detection
- Automatic unblocking when prerequisites complete
**Tag System:**
- Polymorphic tagging for todos and recurring todos
- Automatic tag creation on first use
- Tag cloud support
**Project & Context Tracking:**
- State management (active, hidden, closed/completed)
- Statistics and health indicators
- Review tracking for projects
### Infrastructure
**Configuration:**
- Environment-based configuration
- Support for SQLite, MySQL, and PostgreSQL
- Configurable JWT secrets and token expiry
- Flexible server settings
**Database:**
- GORM for ORM
- Automatic migrations
- Connection pooling
- Multi-database support
**Authentication & Security:**
- JWT-based authentication
- Bcrypt password hashing
- Secure cookie support
- Token refresh mechanism
**Docker Support:**
- Multi-stage Dockerfile for optimized builds
- Docker Compose with PostgreSQL
- Volume mounting for data persistence
- Production-ready configuration
## Project Structure
```
cmd/tracks/ # Application entry point
internal/
config/ # Configuration management
database/ # Database setup and migrations
handlers/ # HTTP request handlers
middleware/ # Authentication middleware
models/ # Database models
services/ # Business logic layer
```
## Documentation
- README_GOLANG.md: Comprehensive documentation
- .env.example: Configuration template
- API documentation included in README
- Code comments for complex logic
## Future Work
The following features from the original Rails app are not yet implemented:
- Recurring todo instantiation logic
- Email integration (Mailgun/CloudMailin)
- Advanced statistics and analytics
- Import/Export functionality (CSV, YAML, XML)
- File upload handling for attachments
- Mobile views
- RSS/Atom feeds
- iCalendar export
## Benefits Over Rails Version
- Performance: Compiled binary, lower resource usage
- Deployment: Single binary, no runtime dependencies
- Type Safety: Compile-time type checking
- Concurrency: Better handling of concurrent requests
- Memory: Lower memory footprint
- Portability: Easy cross-platform compilation
## Testing
The code structure supports testing, though tests are not yet implemented.
Future work includes adding unit and integration tests.
