91be18c100
- internal/auth/jwt.go: JWTValidator via lestrrat-go/jwx/v2, JWKS auto-refresh - internal/auth/bearer.go: replace Gitea PAT validation with JWT->static->default chain - internal/gitea/client.go: always use service PAT; remove TokenFromContext lookup - internal/config/config.go: add DexIssuerURL, MCPAudience, MCPResourceURL, StaticToken - cmd/gitea-mcp/main.go: wire validator, fix /.well-known to return real AS list - bearer_test.go: rewrite for new API
1.0 KiB
1.0 KiB
name, description
| name | description |
|---|---|
| htmx-patterns | HTMX conventions — default attributes, form patterns, validation errors, hypermedia-first API design. Use when writing HTMX templates or Go handlers that return HTML fragments. |
HTMX patterns
Default attributes
Always include on interactive elements:
hx-indicatorfor loading stateshx-swap="innerHTML"as default (explicit over implicit)hx-targetpointing to a specific ID, neverthisin production
Form pattern
<form hx-post="/items" hx-target="#item-list" hx-swap="beforeend" hx-indicator="#spinner">
<input type="text" name="title" required>
<button type="submit">Add</button>
<span id="spinner" class="htmx-indicator">...</span>
</form>
Server-sent validation errors
Return 422 with the error fragment, swap into the form's error container:
hx-target-422="#form-errors"
Prefer hypermedia over JSON
If the endpoint returns data for display, return an HTML fragment. Only use JSON for machine-to-machine APIs or when a non-browser client needs it.