furu04/Super-HomeworkManager
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 4 Wiki Activity

Compare commits

base: furu04:v0.2.0
Branches Tags
furu04:master
furu04:v.0.3.0 furu04:v0.2.1 furu04:v0.2.0 furu04:v0.1.1
...
compare: furu04:v.0.3.0
Branches Tags
furu04:master
furu04:v.0.3.0 furu04:v0.2.1 furu04:v0.2.0 furu04:v0.1.1

10 Commits
v0.2.0 ... v.0.3.0

Author SHA1 Message Date
furu04
1029f29033 1人で利用する際の注意点を追加 2026-03-25 14:17:10 +09:00
furu04
8ef7ded91f docker環境を修正 2026-03-25 14:05:14 +09:00
furu04
aaaecbfab4 README、ドキュメントを更新 2026-03-25 10:37:06 +09:00
furu04
2a4fac79b1 2FA適用後にCSRFエラーになる不具合を修正し、不要な処理を削除 2026-03-25 09:48:22 +09:00
furu04
1113477111 CAPTCHAと2FAを実装 2026-03-24 18:40:38 +09:00
furu04
080bd1f8d7 期限切れの繰り返し課題が停止中と表示されないバグを修正 2026-02-15 20:51:50 +09:00
furu04
45bf048c47 LINEを削除 2026-01-13 16:55:14 +09:00
furu04
fee5d7c846 安全性を向上 2026-01-13 16:23:55 +09:00
furu04
5b10b90bf5 DockerでMySQL、Caddyが利用されるよう変更したほか不具合を修正 2026-01-11 23:16:01 +09:00
furu04
b982c8acee 繰り返し課題のAPI管理UIを追加、課題一覧のUX向上 2026-01-11 14:56:15 +09:00
45 changed files with 2851 additions and 509 deletions
Expand all files Collapse all files

27
Caddyfile Normal file
View File

@@ -0,0 +1,27 @@
# Caddyfile - Reverse Proxy Configuration
#
# 使用方法:
# 本番環境で公開する場合は、以下の `:80` を実際のドメイン(例: example.comに変更してください。
# 変更して docker compose up -d を再実行すると、自動的にHTTPS証明書が取得されます。
:80 {
reverse_proxy app:8080
# ログ設定
log {
output file /data/access.log
format json
}
# セキュリティヘッダー
header {
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-XSS-Protection "1; mode=block"
Referrer-Policy strict-origin-when-cross-origin
-Server
}
# gzip 圧縮
encode gzip
}

33
Dockerfile
View File

@@ -1,12 +1,8 @@
# Builder stage
FROM golang:1.24-alpine AS builder
FROM golang:1.24-trixie AS builder
# Set working directory
WORKDIR /app
# Install git if needed for fetching dependencies (sometimes needed even with go modules)
# RUN apk add --no-cache git
# Copy go mod and sum files
COPY go.mod go.sum ./
@@ -21,12 +17,18 @@ COPY . .
RUN CGO_ENABLED=0 go build -o server ./cmd/server/main.go
# Runtime stage
FROM alpine:latest
FROM debian:trixie-slim
# Install runtime dependencies
RUN apk add --no-cache ca-certificates tzdata
RUN apt-get update && apt-get install -y --no-install-recommends \
ca-certificates \
tzdata \
curl \
&& rm -rf /var/lib/apt/lists/*
# Create non-root user
RUN useradd -r -u 1000 -s /bin/false appuser
# Set working directory
WORKDIR /app
# Copy binary from builder
@@ -35,8 +37,21 @@ COPY --from=builder /app/server .
# Copy web assets (templates, static files)
COPY --from=builder /app/web ./web
# Expose port (adjust if your app uses a different port)
# Create data directory for SQLite
RUN mkdir -p /app/data && chown -R appuser:appuser /app
# Switch to non-root user
USER appuser
# Expose port
EXPOSE 8080
# Volume for persistent data
VOLUME ["/app/data"]
# Health check
HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
CMD curl -f http://localhost:8080/ || exit 1
# Run the application
ENTRYPOINT ["./server"]

157
README.md
View File

@@ -1,101 +1,112 @@
# Homework Manager
<div align="center">
シンプルな課題管理アプリケーションです。学生の課題管理を効率化するために設計されています。
# Super Homework Manager
シンプルで高機能な課題管理アプリケーション
[![Go](https://img.shields.io/badge/Go-1.24+-00ADD8?logo=go&logoColor=white)](https://go.dev/)
[![License](https://img.shields.io/badge/License-AGPLv3-blue.svg)](LICENSE.md)
[![Docker](https://img.shields.io/badge/Docker-Compose-2496ED?logo=docker&logoColor=white)](#docker-での実行)
</div>
---
## 概要
学生の課題管理を効率化するために設計されたWebアプリケーションです。
繰り返し課題の自動生成やダッシュボードによる期限管理など、日々の課題管理をサポートします。
## スクリーンショット
| ダッシュボード | 課題一覧 | API |
|:---:|:---:|:---:|
| ![ダッシュボード](./docs/images/dashboard.png) | ![課題一覧](./docs/images/list.png) | ![API](./docs/images/api.png) |
## 特徴
- **課題管理**: 課題の登録、編集、削除、完了状況の管理
- **ダッシュボード**: 期限切れ、本日期限、今週期限の課題をひと目で確認
- **API対応**: 外部連携用のRESTful API (APIキー認証)
- **セキュリティ**:
- CSRF対策
- レート制限 (Rate Limiting)
- セキュアなセッション管理
- **ポータビリティ**: Pure Go SQLiteドライバー使用により、CGO不要でどこでも動作
| 機能 | 説明 |
|---|---|
| **課題管理** | 課題の登録・編集・削除・完了状況の管理 |
| **繰り返し課題** | 日次・週次・月次の繰り返し課題を自動生成 |
| **ダッシュボード** | 期限切れ・本日期限・今週期限の課題をひと目で確認 |
| **REST API** | 外部連携用のAPIキー認証付きRESTful API |
| **セキュリティ** | CSRF対策 / レート制限 / セキュアなセッション管理 / 2FA対応 |
| **ポータビリティ** | Pure Go SQLiteドライバー使用CGO不要 |
![ダッシュボード](./docs/images/dashboard.png)
![課題一覧](./docs/images/list.png)
![API](./docs/images/api.png)
## クイックスタート
### 前提条件
## TODO
- **Docker Desktop** または Docker / Docker Compose
- (ローカルで直接ビルドする場合のみ)**Go 1.24 以上**
- 取り組み目安時間の登録
- SNS連携もしかしたらやるかも
### 最も簡単な起動方法
## ドキュメント
初めて使う方には、**Dockerを使用した起動**をおすすめします。
詳細な仕様やAPIドキュメントは `docs/` ディレクトリを参照してください
1. このリポジトリをダウンロード(または `git clone`)し、フォルダを開きます
2. フォルダ内にある `config.ini.docker.example` というファイルをコピーし、**名前を `config.ini` に変更**します。
(※ **必須**: この作業を忘れると起動エラーになります)
3. ターミナルまたはコマンドプロンプトやPowerShellでこのフォルダを開き、以下のコマンドを実行します
```bash
docker-compose up -d --build
```
4. ブラウザを開き、**http://localhost** にアクセスしてください。
- [仕様書](docs/SPECIFICATION.md): 機能詳細、データモデル、設定項目
- [APIドキュメント](docs/API.md): APIのエンドポイント、リクエスト/レスポンス形式
> **注意**: 本番環境(外部公開するサーバー上)で使用する場合は、`Caddyfile` の `:80` を実際のドメインに変更し、`config.ini` 内の `[session] secret` 等の安全な文字列への変更を必ず行ってください。
## 前提条件
### ローカルビルド(開発者向け)
- Go 1.24 以上
開発目的で直接実行する場合の手順です。
## インストール方法
```bash
# 1. リポジトリのクローン
git clone <repository-url>
cd Homework-Manager
1. **リポジトリのクローン**
```bash
git clone <repository-url>
cd Homework-Manager
```
# 2. 依存関係のダウンロード
go mod download
2. **依存関係のダウンロード**
```bash
go mod download
```
# 3. ビルド
go build -o homework-manager cmd/server/main.go
3. **アプリケーションのビルド**
```bash
go build -o homework-manager cmd/server/main.go
```
# 4. 設定ファイルの準備
cp config.ini.example config.ini
4. **設定ファイルの準備**
サンプル設定ファイルをコピーして、`config.ini` を作成します。
# 5. 実行
./homework-manager
```
```bash
cp config.ini.example config.ini
```
※ Windows (PowerShell): `Copy-Item config.ini.example config.ini`
> **Windows (PowerShell)** の場合:
> `Copy-Item config.ini.example config.ini` → `.\homework-manager.exe`
**重要**: 本番環境で使用する場合は、必ず `[session] secret` と `[security] csrf_secret` を変更してください。
ブラウザで **http://localhost:8080** にアクセスしてください。
5. **アプリケーションの実行**
```bash
./homework-manager
```
※ Windows (PowerShell): `.\homework-manager.exe`
ブラウザで `http://localhost:8080` にアクセスしてください。
## Dockerでの実行
DockerおよびDocker Composeがインストールされている環境では、以下の手順で簡単に起動できます。
1. **設定ファイルの準備**
```bash
cp config.ini.example config.ini
```
※ 必須です。これを行わないとDockerがディレクトリとして作成してしまい起動に失敗します。
2. **コンテナの起動**
```bash
docker-compose up -d --build
```
3. **アクセスの確認**
ブラウザで `http://localhost:8080` にアクセスしてください。
## 利用時の注意点
1人でSuper Homework Managerを利用する場合は、自分のユーザを登録した後にconfigファイルの[auth]セクションのallow_registrationをfalseに変更し再起動してください。
## 更新方法
1. `git pull` で最新コードを取得
2. `go build -o homework-manager cmd/server/main.go` で再ビルド
3. アプリケーションを再起動
```bash
git pull
go build -o homework-manager cmd/server/main.go
# アプリケーションを再起動
```
## ドキュメント
| ドキュメント | 内容 |
|---|---|
| [仕様書](docs/SPECIFICATION.md) | 機能詳細・データモデル・設定項目 |
| [APIドキュメント](docs/API.md) | エンドポイント・リクエスト/レスポンス形式 |
## TODO
- [ ] 取り組み目安時間の登録
- [ ] SNS連携
## ライセンス
本ソフトウェアのライセンスはAGPLv3 (GNU Affero General Public License v3)です。
詳しくはLICENSEファイルをご覧ください。
[AGPLv3 (GNU Affero General Public License v3)](LICENSE.md)

46
config.ini.docker.example Normal file
View File

@@ -0,0 +1,46 @@
; Homework Manager 設定ファイル (Docker用)
; docker-compose.yml と一緒に使用してください
; ローカル実行する場合securityセクションのhttpsをfalseに変更するのを忘れないでください
[server]
port = 8080
debug = false
[database]
driver = mysql
host = db
port = 3306
user = homework
password = homework_password
name = homework_manager
[session]
; 本番環境では必ず変更してください
secret = CHANGE_THIS_TO_A_SECURE_RANDOM_STRING
[auth]
allow_registration = true
[security]
https = false
; こちらも本番環境では必ず変更してください
csrf_secret = CHANGE_THIS_TO_A_SECURE_RANDOM_STRING
rate_limit_enabled = true
rate_limit_requests = 100
rate_limit_window = 60
trusted_proxies = 172.16.0.0/12
[notification]
telegram_bot_token =
[captcha]
; CAPTCHAを有効にするか (true/false)
enabled = false
; CAPTCHAの種類: "image"(自前生成)または "turnstile"Cloudflare Turnstile
type = image
; Cloudflare Turnstileを使用する場合typeをturnstileに設定
; Cloudflare ダッシュボードで取得したサイトキーとシークレットキーを設定
; turnstile_site_key = 0x4AAAAAAAxxxxxxxxxxxxxxxx
; turnstile_secret_key = 0x4AAAAAAAxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

12
config.ini.example
View File

@@ -58,3 +58,15 @@ rate_limit_window = 60
; Telegram Bot Token (@BotFatherで取得)
; ユーザーはプロフィール画面でChat IDを設定します
telegram_bot_token =
[captcha]
; CAPTCHAを有効にするか (true/false)
enabled = false
; CAPTCHAの種類: "image"(自前生成)または "turnstile"Cloudflare Turnstile
type = image
; Cloudflare Turnstileを使用する場合typeをturnstileに設定
; Cloudflare ダッシュボードで取得したサイトキーとシークレットキーを設定
; turnstile_site_key = 0x4AAAAAAAxxxxxxxxxxxxxxxx
; turnstile_secret_key = 0x4AAAAAAAxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

59
docker-compose.yml
View File

@@ -1,11 +1,62 @@
services:
app:
build: .
ports:
- "8080:8080"
container_name: homework-manager
volumes:
- ./homework.db:/app/homework.db
- ./config.ini:/app/config.ini
- ./config.ini:/app/config.ini:ro
environment:
- TZ=Asia/Tokyo
restart: unless-stopped
networks:
- internal
depends_on:
db:
condition: service_healthy
db:
image: mysql:8.0
container_name: homework-db
environment:
MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PASSWORD:-rootpassword}
MYSQL_DATABASE: ${MYSQL_DATABASE:-homework_manager}
MYSQL_USER: ${MYSQL_USER:-homework}
MYSQL_PASSWORD: ${MYSQL_PASSWORD:-homework_password}
TZ: Asia/Tokyo
volumes:
- db-data:/var/lib/mysql
networks:
- internal
restart: unless-stopped
healthcheck:
test: [ "CMD", "mysqladmin", "ping", "-h", "localhost", "-u", "root", "-p${MYSQL_ROOT_PASSWORD:-rootpassword}" ]
interval: 10s
timeout: 5s
retries: 5
start_period: 30s
caddy:
image: caddy:2-alpine
container_name: homework-caddy
ports:
- "80:80"
- "443:443"
volumes:
- ./Caddyfile:/etc/caddy/Caddyfile:ro
- caddy-data:/data
- caddy-config:/config
environment:
- TZ=Asia/Tokyo
restart: unless-stopped
networks:
- internal
depends_on:
- app
networks:
internal:
driver: bridge
volumes:
db-data:
caddy-data:
caddy-config:

380
docs/API.md
View File

@@ -23,14 +23,15 @@ Super Homework Manager REST APIは、課題管理機能をプログラムから
### 認証ヘッダー
```
X-API-Key: hm_XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Authorization: Bearer hm_XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
```
### 認証エラー
| ステータスコード | レスポンス |
|------------------|------------|
| 401 Unauthorized | `{"error": "API key required"}` |
| 401 Unauthorized | `{"error": "Authorization header required"}` |
| 401 Unauthorized | `{"error": "Invalid authorization format. Use: Bearer <api_key>"}` |
| 401 Unauthorized | `{"error": "Invalid API key"}` |
---
@@ -39,13 +40,22 @@ X-API-Key: hm_XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
| メソッド | パス | 説明 |
|----------|------|------|
| GET | `/api/v1/assignments` | 課題一覧取得 |
| GET | `/api/v1/assignments` | 課題一覧取得(フィルタ・ページネーション対応) |
| GET | `/api/v1/assignments/pending` | 未完了課題一覧取得 |
| GET | `/api/v1/assignments/completed` | 完了済み課題一覧取得 |
| GET | `/api/v1/assignments/overdue` | 期限切れ課題一覧取得 |
| GET | `/api/v1/assignments/due-today` | 本日期限の課題一覧取得 |
| GET | `/api/v1/assignments/due-this-week` | 今週期限の課題一覧取得 |
| GET | `/api/v1/assignments/:id` | 課題詳細取得 |
| POST | `/api/v1/assignments` | 課題作成 |
| PUT | `/api/v1/assignments/:id` | 課題更新 |
| DELETE | `/api/v1/assignments/:id` | 課題削除 |
| PATCH | `/api/v1/assignments/:id/toggle` | 完了状態トグル |
| GET | `/api/v1/statistics` | 統計情報取得 |
| GET | `/api/v1/recurring` | 繰り返し設定一覧取得 |
| GET | `/api/v1/recurring/:id` | 繰り返し設定詳細取得 |
| PUT | `/api/v1/recurring/:id` | 繰り返し設定更新 |
| DELETE | `/api/v1/recurring/:id` | 繰り返し設定削除 |
---
@@ -59,7 +69,9 @@ GET /api/v1/assignments
| パラメータ | 型 | 説明 |
|------------|------|------|
| `filter` | string | フィルタ: `pending`, `completed`, `overdue` (省略時: 全件) |
| `filter` | string | フィルタ: `pending`, `completed`, `overdue`省略時: 全件 |
| `page` | integer | ページ番号(デフォルト: `1` |
| `page_size` | integer | 1ページあたりの件数デフォルト: `20`、最大: `100` |
### レスポンス
@@ -74,13 +86,18 @@ GET /api/v1/assignments
"title": "数学レポート",
"description": "第5章の練習問題",
"subject": "数学",
"priority": "medium",
"due_date": "2025-01-15T23:59:00+09:00",
"is_completed": false,
"created_at": "2025-01-10T10:00:00+09:00",
"updated_at": "2025-01-10T10:00:00+09:00"
}
],
"count": 1
"count": 1,
"total_count": 15,
"total_pages": 1,
"current_page": 1,
"page_size": 20
}
```
@@ -88,13 +105,45 @@ GET /api/v1/assignments
```bash
# 全件取得
curl -H "X-API-Key: hm_xxx" http://localhost:8080/api/v1/assignments
curl -H "Authorization: Bearer hm_xxx" http://localhost:8080/api/v1/assignments
# 未完了のみ取得
curl -H "X-API-Key: hm_xxx" http://localhost:8080/api/v1/assignments?filter=pending
# 未完了のみ(ページネーション付き)
curl -H "Authorization: Bearer hm_xxx" "http://localhost:8080/api/v1/assignments?filter=pending&page=1&page_size=10"
# 期限切れのみ取得
curl -H "X-API-Key: hm_xxx" http://localhost:8080/api/v1/assignments?filter=overdue
# 期限切れのみ
curl -H "Authorization: Bearer hm_xxx" "http://localhost:8080/api/v1/assignments?filter=overdue"
```
---
## 絞り込み済み課題一覧取得
専用エンドポイントでも同等の絞り込みができます(`pending` / `completed` / `overdue` はページネーション対応)。
```
GET /api/v1/assignments/pending
GET /api/v1/assignments/completed
GET /api/v1/assignments/overdue
GET /api/v1/assignments/due-today
GET /api/v1/assignments/due-this-week
```
### クエリパラメータpending / completed / overdue のみ)
| パラメータ | 型 | 説明 |
|------------|------|------|
| `page` | integer | ページ番号(デフォルト: `1` |
| `page_size` | integer | 1ページあたりの件数デフォルト: `20`、最大: `100` |
### レスポンス
`due-today` / `due-this-week``count` のみ返します(ページネーションなし)。その他は `GET /api/v1/assignments` と同形式です。
### 例
```bash
curl -H "Authorization: Bearer hm_xxx" http://localhost:8080/api/v1/assignments/due-today
curl -H "Authorization: Bearer hm_xxx" http://localhost:8080/api/v1/assignments/due-this-week
```
---
@@ -122,6 +171,7 @@ GET /api/v1/assignments/:id
"title": "数学レポート",
"description": "第5章の練習問題",
"subject": "数学",
"priority": "medium",
"due_date": "2025-01-15T23:59:00+09:00",
"is_completed": false,
"created_at": "2025-01-10T10:00:00+09:00",
@@ -140,7 +190,7 @@ GET /api/v1/assignments/:id
### 例
```bash
curl -H "X-API-Key: hm_xxx" http://localhost:8080/api/v1/assignments/1
curl -H "Authorization: Bearer hm_xxx" http://localhost:8080/api/v1/assignments/1
```
---
@@ -158,7 +208,30 @@ POST /api/v1/assignments
| `title` | string | ✅ | 課題タイトル |
| `description` | string | | 説明 |
| `subject` | string | | 教科・科目 |
| `priority` | string | | 重要度: `low`, `medium`, `high`(デフォルト: `medium` |
| `due_date` | string | ✅ | 提出期限RFC3339 または `YYYY-MM-DDTHH:MM` または `YYYY-MM-DD` |
| `reminder_enabled` | boolean | | リマインダーを有効にするか(デフォルト: `false` |
| `reminder_at` | string | | リマインダー設定時刻(形式は `due_date` と同じ) |
| `urgent_reminder_enabled` | boolean | | 督促リマインダーを有効にするか(デフォルト: `true` |
| `recurrence` | object | | 繰り返し設定(下記参照) |
### Recurrence オブジェクト
| フィールド | 型 | 説明 |
|------------|------|------|
| `type` | string | 繰り返しタイプ: `daily`, `weekly`, `monthly`(空文字で繰り返しなし) |
| `interval` | integer | 繰り返し間隔(例: `1` = 毎週、`2` = 隔週) |
| `weekday` | integer | 週次の曜日(`0`=日, `1`=月, ..., `6`=土) |
| `day` | integer | 月次の日付1-31 |
| `until` | object | 終了条件 |
#### Recurrence.Until オブジェクト
| フィールド | 型 | 説明 |
|------------|------|------|
| `type` | string | 終了タイプ: `never`, `count`, `date` |
| `count` | integer | 終了回数(`count` 指定時) |
| `date` | string | 終了日(`date` 指定時) |
### リクエスト例
@@ -167,6 +240,7 @@ POST /api/v1/assignments
"title": "英語エッセイ",
"description": "テーマ自由、1000語以上",
"subject": "英語",
"priority": "high",
"due_date": "2025-01-20T17:00"
}
```
@@ -182,6 +256,7 @@ POST /api/v1/assignments
"title": "英語エッセイ",
"description": "テーマ自由、1000語以上",
"subject": "英語",
"priority": "high",
"due_date": "2025-01-20T17:00:00+09:00",
"is_completed": false,
"created_at": "2025-01-10T11:00:00+09:00",
@@ -189,11 +264,20 @@ POST /api/v1/assignments
}
```
繰り返し設定を含む場合は `recurring_assignment` を返します:
```json
{
"message": "Recurring assignment created",
"recurring_assignment": { ... }
}
```
**400 Bad Request**
```json
{
"error": "Invalid input: title and due_date are required"
"error": "Invalid input: Key: 'title' Error:Field validation for 'title' failed on the 'required' tag"
}
```
@@ -201,9 +285,9 @@ POST /api/v1/assignments
```bash
curl -X POST \
-H "X-API-Key: hm_xxx" \
-H "Authorization: Bearer hm_xxx" \
-H "Content-Type: application/json" \
-d '{"title":"英語エッセイ","due_date":"2025-01-20"}' \
-d '{"title":"英語エッセイ","subject":"英語","due_date":"2025-01-20"}' \
http://localhost:8080/api/v1/assignments
```
@@ -230,7 +314,11 @@ PUT /api/v1/assignments/:id
| `title` | string | 課題タイトル |
| `description` | string | 説明 |
| `subject` | string | 教科・科目 |
| `priority` | string | 重要度: `low`, `medium`, `high` |
| `due_date` | string | 提出期限 |
| `reminder_enabled` | boolean | リマインダー有効/無効 |
| `reminder_at` | string | リマインダー時刻 |
| `urgent_reminder_enabled` | boolean | 督促リマインダー有効/無効 |
### リクエスト例
@@ -243,21 +331,7 @@ PUT /api/v1/assignments/:id
### レスポンス
**200 OK**
```json
{
"id": 2,
"user_id": 1,
"title": "英語エッセイ(修正版)",
"description": "テーマ自由、1000語以上",
"subject": "英語",
"due_date": "2025-01-25T17:00:00+09:00",
"is_completed": false,
"created_at": "2025-01-10T11:00:00+09:00",
"updated_at": "2025-01-10T12:00:00+09:00"
}
```
**200 OK** — 更新後の課題オブジェクト
**404 Not Found**
@@ -271,7 +345,7 @@ PUT /api/v1/assignments/:id
```bash
curl -X PUT \
-H "X-API-Key: hm_xxx" \
-H "Authorization: Bearer hm_xxx" \
-H "Content-Type: application/json" \
-d '{"title":"更新されたタイトル"}' \
http://localhost:8080/api/v1/assignments/2
@@ -291,30 +365,44 @@ DELETE /api/v1/assignments/:id
|------------|------|------|
| `id` | integer | 課題ID |
### クエリパラメータ
| パラメータ | 型 | 説明 |
|------------|------|------|
| `delete_recurring` | boolean | `true` の場合、関連する繰り返し設定も削除する |
### レスポンス
**200 OK**
```json
{
"message": "Assignment deleted"
}
{ "message": "Assignment deleted" }
```
繰り返し設定も削除した場合:
```json
{ "message": "Assignment and recurring settings deleted" }
```
**404 Not Found**
```json
{
"error": "Assignment not found"
}
{ "error": "Assignment not found" }
```
### 例
```bash
# 課題のみ削除
curl -X DELETE \
-H "X-API-Key: hm_xxx" \
-H "Authorization: Bearer hm_xxx" \
http://localhost:8080/api/v1/assignments/2
# 課題と繰り返し設定をまとめて削除
curl -X DELETE \
-H "Authorization: Bearer hm_xxx" \
"http://localhost:8080/api/v1/assignments/2?delete_recurring=true"
```
---
@@ -344,6 +432,7 @@ PATCH /api/v1/assignments/:id/toggle
"title": "数学レポート",
"description": "第5章の練習問題",
"subject": "数学",
"priority": "medium",
"due_date": "2025-01-15T23:59:00+09:00",
"is_completed": true,
"completed_at": "2025-01-12T14:30:00+09:00",
@@ -355,16 +444,14 @@ PATCH /api/v1/assignments/:id/toggle
**404 Not Found**
```json
{
"error": "Assignment not found"
}
{ "error": "Assignment not found" }
```
### 例
```bash
curl -X PATCH \
-H "X-API-Key: hm_xxx" \
-H "Authorization: Bearer hm_xxx" \
http://localhost:8080/api/v1/assignments/1/toggle
```
@@ -372,7 +459,7 @@ curl -X PATCH \
## 統計情報取得
ユーザーの課題統計を取得します。科目、日付範囲でフィルタリング可能です。
ユーザーの課題統計を取得します。
```
GET /api/v1/statistics
@@ -383,8 +470,9 @@ GET /api/v1/statistics
| パラメータ | 型 | 説明 |
|------------|------|------|
| `subject` | string | 科目で絞り込み(省略時: 全科目) |
| `from` | string | 課題登録日の開始日YYYY-MM-DD形式 |
| `to` | string | 課題登録日の終了日YYYY-MM-DD形式 |
| `from` | string | 課題登録日の開始日(`YYYY-MM-DD` |
| `to` | string | 課題登録日の終了日(`YYYY-MM-DD` |
| `include_archived` | boolean | アーカイブ済み課題を含む(デフォルト: `false` |
### レスポンス
@@ -410,50 +498,191 @@ GET /api/v1/statistics
"pending": 2,
"overdue": 1,
"on_time_completion_rate": 91.7
},
{
"subject": "英語",
"total": 10,
"completed": 8,
"pending": 2,
"overdue": 0,
"on_time_completion_rate": 87.5
}
]
}
```
### 科目別統計 (特定科目のみ)
```json
{
"total_assignments": 15,
"completed_assignments": 12,
"pending_assignments": 2,
"overdue_assignments": 1,
"on_time_completion_rate": 91.7,
"filter": {
"subject": "数学",
"from": null,
"to": null
}
}
```
### 例
```bash
# 全体統計
curl -H "X-API-Key: hm_xxx" http://localhost:8080/api/v1/statistics
curl -H "Authorization: Bearer hm_xxx" http://localhost:8080/api/v1/statistics
# 科目で絞り込み
curl -H "X-API-Key: hm_xxx" "http://localhost:8080/api/v1/statistics?subject=数学"
curl -H "Authorization: Bearer hm_xxx" "http://localhost:8080/api/v1/statistics?subject=数学"
# 日付範囲で絞り込み
curl -H "X-API-Key: hm_xxx" "http://localhost:8080/api/v1/statistics?from=2025-01-01&to=2025-03-31"
curl -H "Authorization: Bearer hm_xxx" "http://localhost:8080/api/v1/statistics?from=2025-01-01&to=2025-03-31"
```
# 科目と日付範囲の組み合わせ
curl -H "X-API-Key: hm_xxx" "http://localhost:8080/api/v1/statistics?subject=数学&from=2025-01-01&to=2025-03-31"
---
## 繰り返し設定一覧取得
```
GET /api/v1/recurring
```
### レスポンス
**200 OK**
```json
{
"recurring_assignments": [
{
"id": 1,
"user_id": 1,
"title": "週次ミーティング",
"subject": "その他",
"priority": "medium",
"recurrence_type": "weekly",
"recurrence_interval": 1,
"recurrence_weekday": 1,
"due_time": "23:59",
"end_type": "never",
"is_active": true,
"created_at": "2025-01-01T00:00:00+09:00",
"updated_at": "2025-01-01T00:00:00+09:00"
}
],
"count": 1
}
```
---
## 繰り返し設定詳細取得
```
GET /api/v1/recurring/:id
```
### パスパラメータ
| パラメータ | 型 | 説明 |
|------------|------|------|
| `id` | integer | 繰り返し設定ID |
### レスポンス
**200 OK** — 繰り返し設定オブジェクト(一覧と同形式)
**404 Not Found**
```json
{ "error": "Recurring assignment not found" }
```
---
## 繰り返し設定更新
```
PUT /api/v1/recurring/:id
```
### パスパラメータ
| パラメータ | 型 | 説明 |
|------------|------|------|
| `id` | integer | 繰り返し設定ID |
### リクエストボディ
すべてのフィールドはオプションです。省略されたフィールドは既存の値を維持します。
| フィールド | 型 | 説明 |
|------------|------|------|
| `title` | string | タイトル |
| `description` | string | 説明 |
| `subject` | string | 教科・科目 |
| `priority` | string | 重要度: `low`, `medium`, `high` |
| `recurrence_type` | string | 繰り返しタイプ: `daily`, `weekly`, `monthly` |
| `recurrence_interval` | integer | 繰り返し間隔 |
| `recurrence_weekday` | integer | 週次の曜日0-6 |
| `recurrence_day` | integer | 月次の日付1-31 |
| `due_time` | string | 締切時刻(`HH:MM` |
| `end_type` | string | 終了タイプ: `never`, `count`, `date` |
| `end_count` | integer | 終了回数 |
| `end_date` | string | 終了日(`YYYY-MM-DD` |
| `is_active` | boolean | `false` で停止、`true` で再開 |
| `reminder_enabled` | boolean | リマインダー有効/無効 |
| `reminder_offset` | integer | リマインダーのオフセット(分) |
| `urgent_reminder_enabled` | boolean | 督促リマインダー有効/無効 |
| `edit_behavior` | string | 編集範囲: `this_only`, `this_and_future`, `all`(デフォルト: `this_only` |
### リクエスト例(一時停止)
```json
{
"is_active": false
}
```
### レスポンス
**200 OK** — 更新後の繰り返し設定オブジェクト
**404 Not Found**
```json
{ "error": "Recurring assignment not found" }
```
### 例
```bash
# 一時停止
curl -X PUT \
-H "Authorization: Bearer hm_xxx" \
-H "Content-Type: application/json" \
-d '{"is_active": false}' \
http://localhost:8080/api/v1/recurring/1
# タイトルと締切時刻を変更
curl -X PUT \
-H "Authorization: Bearer hm_xxx" \
-H "Content-Type: application/json" \
-d '{"title":"更新済みタスク","due_time":"22:00"}' \
http://localhost:8080/api/v1/recurring/1
```
---
## 繰り返し設定削除
```
DELETE /api/v1/recurring/:id
```
### パスパラメータ
| パラメータ | 型 | 説明 |
|------------|------|------|
| `id` | integer | 繰り返し設定ID |
### レスポンス
**200 OK**
```json
{ "message": "Recurring assignment deleted" }
```
**404 Not Found**
```json
{ "error": "Recurring assignment not found or failed to delete" }
```
### 例
```bash
curl -X DELETE \
-H "Authorization: Bearer hm_xxx" \
http://localhost:8080/api/v1/recurring/1
```
---
@@ -475,6 +704,7 @@ curl -H "X-API-Key: hm_xxx" "http://localhost:8080/api/v1/statistics?subject=数
| 400 Bad Request | リクエストの形式が不正 |
| 401 Unauthorized | 認証エラー |
| 404 Not Found | リソースが見つからない |
| 429 Too Many Requests | レート制限超過 |
| 500 Internal Server Error | サーバー内部エラー |
---
@@ -485,7 +715,7 @@ APIは以下の日付形式を受け付けます優先度順
1. **RFC3339**: `2025-01-15T23:59:00+09:00`
2. **日時形式**: `2025-01-15T23:59`
3. **日付のみ**: `2025-01-15`時刻は23:59に設定
3. **日付のみ**: `2025-01-15`(時刻は `23:59` に設定)
レスポンスの日付はすべてRFC3339形式で返されます。

133
docs/SPECIFICATION.md
View File

@@ -8,9 +8,9 @@ Super Homework Managerは、学生の課題管理を支援するWebアプリケ
| 項目 | 技術 |
|------|------|
| 言語 | Go |
| 言語 | Go 1.24+ |
| Webフレームワーク | Gin |
| データベース | SQLite (GORM with Pure Go driver - glebarez/sqlite) |
| データベース | SQLite / MySQL / PostgreSQL (GORM、Pure Go SQLiteドライバー使用) |
| セッション管理 | gin-contrib/sessions (Cookie store) |
| テンプレートエンジン | Go html/template |
| コンテナ | Docker対応 |
@@ -27,7 +27,8 @@ homework-manager/
│ ├── middleware/ # ミドルウェア
│ ├── models/ # データモデル
│ ├── repository/ # データアクセス層
── service/ # ビジネスロジック
── service/ # ビジネスロジック
│ └── validation/ # 入力バリデーション
├── web/
│ ├── static/ # 静的ファイル (CSS, JS)
│ └── templates/ # HTMLテンプレート
@@ -50,6 +51,8 @@ homework-manager/
| PasswordHash | string | パスワードハッシュ | Not Null |
| Name | string | 表示名 | Not Null |
| Role | string | 権限 (`user` or `admin`) | Default: `user` |
| TOTPSecret | string | TOTP秘密鍵 | - |
| TOTPEnabled | bool | 2FA有効フラグ | Default: false |
| CreatedAt | time.Time | 作成日時 | 自動設定 |
| UpdatedAt | time.Time | 更新日時 | 自動更新 |
| DeletedAt | gorm.DeletedAt | 論理削除日時 | ソフトデリート |
@@ -79,7 +82,33 @@ homework-manager/
| UpdatedAt | time.Time | 更新日時 | 自動更新 |
| DeletedAt | gorm.DeletedAt | 論理削除日時 | ソフトデリート |
### 2.3 UserNotificationSettings通知設定
### 2.3 RecurringAssignment繰り返し課題
繰り返し課題の設定を管理するモデル。
| フィールド | 型 | 説明 | 制約 |
|------------|------|------|------|
| ID | uint | 設定ID | Primary Key |
| UserID | uint | 所有ユーザーID | Not Null, Index |
| Title | string | 課題タイトル | Not Null |
| Description | string | 説明 | - |
| Subject | string | 教科・科目 | - |
| Priority | string | 重要度 | Default: `medium` |
| RecurrenceType | string | 繰り返しタイプ (`daily`, `weekly`, `monthly`) | Not Null |
| RecurrenceInterval | int | 繰り返し間隔 | Default: 1 |
| RecurrenceWeekday | *int | 曜日 (0-6, 日-土) | Nullable |
| RecurrenceDay | *int | 日 (1-31) | Nullable |
| DueTime | string | 締切時刻 (HH:MM) | Not Null |
| EndType | string | 終了条件 (`never`, `count`, `date`) | Default: `never` |
| EndCount | *int | 終了回数 | Nullable |
| EndDate | *time.Time | 終了日 | Nullable |
| IsActive | bool | 有効フラグ | Default: true |
| CreatedAt | time.Time | 作成日時 | 自動設定 |
| UpdatedAt | time.Time | 更新日時 | 自動更新 |
| DeletedAt | gorm.DeletedAt | 論理削除日時 | ソフトデリート |
### 2.4 UserNotificationSettings通知設定
ユーザーの通知設定を管理するモデル。
@@ -89,13 +118,12 @@ homework-manager/
| UserID | uint | ユーザーID | Unique, Not Null |
| TelegramEnabled | bool | Telegram通知 | Default: false |
| TelegramChatID | string | Telegram Chat ID | - |
| LineEnabled | bool | LINE通知 | Default: false |
| LineNotifyToken | string | LINE Notifyトークン | - |
| NotifyOnCreate | bool | 課題追加時に通知 | Default: true |
| CreatedAt | time.Time | 作成日時 | 自動設定 |
| UpdatedAt | time.Time | 更新日時 | 自動更新 |
| DeletedAt | gorm.DeletedAt | 論理削除日時 | ソフトデリート |
### 2.4 APIKeyAPIキー
### 2.5 APIKeyAPIキー
REST API認証用のAPIキーを管理するモデル。
@@ -120,10 +148,11 @@ REST API認証用のAPIキーを管理するモデル。
- **パスワード要件**: 8文字以上
- **パスワードハッシュ**: bcryptを使用
- **CSRF対策**: 全フォームでのトークン検証
- **2段階認証 (TOTP)**: プロフィール画面からGoogle Authenticator等で設定可能。有効化後はログイン時にワンタイムパスワードの入力が必要
### 3.2 API認証
- **APIキー認証**: `X-API-Key` ヘッダーで認証
- **APIキー認証**: `Authorization: Bearer <API_KEY>` ヘッダーで認証
- **キー形式**: `hm_` プレフィックス + 32文字のランダム文字列
- **ハッシュ保存**: SHA-256でハッシュ化して保存
@@ -133,6 +162,7 @@ REST API認証用のAPIキーを管理するモデル。
|--------|------|
| `user` | 自分の課題のCRUD操作、プロフィール管理 |
| `admin` | 全ユーザー管理、APIキー管理、ユーザー権限の変更 |
※ 最初に登録されたユーザーには自動的に `admin` 権限が付与されます。2人目以降は `user` として登録されます。
---
@@ -144,8 +174,9 @@ REST API認証用のAPIキーを管理するモデル。
| 機能 | 説明 |
|------|------|
| 新規登録 | メールアドレス、パスワード、名前で登録 |
| ログイン | メールアドレスとパスワードでログイン |
| ログイン | メールアドレスとパスワードでログイン。2FA有効時は続けてTOTPコードを入力 |
| ログアウト | セッションをクリアしてログアウト |
| CAPTCHA | ログイン・登録フォームへのbot対策画像認証またはCloudflare Turnstile |
### 4.2 課題管理機能
@@ -155,22 +186,35 @@ REST API認証用のAPIキーを管理するモデル。
| 課題一覧 | フィルタ付き(未完了/今日が期限/今週が期限/完了済み/期限切れ)で課題を一覧表示 |
| 課題登録 | タイトル、説明、教科、重要度、提出期限、通知設定を入力して新規登録 |
| 課題編集 | 既存の課題情報を編集 |
| 課題削除 | 課題を論理削除 |
| 課題削除 | 課題を論理削除(繰り返し課題に関連する場合、繰り返し設定ごと削除するか選択可能) |
| 完了トグル | 課題の完了/未完了状態を切り替え |
| 統計 | 科目別の完了率、期限内完了率等を表示 |
### 4.3 通知機能
### 4.3 繰り返し課題機能
#### 4.3.1 1回リマインダー
周期的に発生する課題を自動生成する機能。
| 機能 | 説明 |
|------|------|
| 繰り返し作成 | 課題登録時に繰り返し条件(毎日/毎週/毎月)を設定して作成 |
| 自動生成 | 未完了の課題がなくなったタイミングで、設定に基づき次回の課題を自動生成 |
| 繰り返し一覧 | 登録されている繰り返し設定を一覧表示 (`/recurring`) |
| 繰り返し編集 | 繰り返し設定の内容(タイトル、条件、時刻など)を編集 |
| 停止・再開 | 繰り返し設定を一時停止、または停止中の設定を再開 |
| 繰り返し削除 | 繰り返し設定を完全に削除 |
### 4.4 通知機能
#### 4.4.1 1回リマインダー
指定した日時に1回だけ通知を送信する機能。
| 項目 | 説明 |
|------|------|
| 設定 | 課題登録・編集画面で通知日時を指定 |
| 送信 | 指定日時にTelegram/LINEで通知 |
| 送信 | 指定日時にTelegramで通知 |
#### 4.3.2 督促通知
#### 4.4.2 督促通知
課題を完了するまで繰り返し通知を送信する機能。デフォルトで有効。
@@ -182,23 +226,24 @@ REST API認証用のAPIキーを管理するモデル。
| 重要度「小」 | **60分**ごとに通知 |
| 停止条件 | 課題の完了ボタンを押すまで継続 |
#### 4.3.3 通知チャンネル
#### 4.4.3 通知チャンネル
| チャンネル | 設定方法 |
|------------|----------|
| Telegram | config.iniでBot Token設定、プロフィールでChat ID入力 |
| LINE Notify | プロフィールでアクセストークン入力 |
### 4.4 プロフィール機能
### 4.5 プロフィール機能
| 機能 | 説明 |
|------|------|
| プロフィール表示 | ユーザー情報を表示 |
| プロフィール更新 | 表示名を変更 |
| パスワード変更 | 現在のパスワードを確認後、新しいパスワードに変更 |
| 通知設定 | Telegram/LINE通知の有効化とトークン設定 |
| 通知設定 | Telegram通知の有効化とChat ID設定 |
| 2FA設定 | TOTPアプリGoogle Authenticator等でQRコードをスキャンし2FAを有効化 |
| 2FA無効化 | 有効中の2FAを無効化 |
### 4.4 管理者機能
### 4.6 管理者機能
| 機能 | 説明 |
|------|------|
@@ -240,7 +285,14 @@ rate_limit_requests = 100
rate_limit_window = 60
[notification]
telegram_bot_token = your-telegram-bot-token
telegram_bot_token = your-telegram-bot-token
[captcha]
enabled = false
type = image
# type = turnstile の場合は以下も設定
# turnstile_site_key = your-site-key
# turnstile_secret_key = your-secret-key
```
### 5.2 設定項目
@@ -249,16 +301,26 @@ rate_limit_window = 60
|------------|------|------|--------------|
| `server` | `port` | サーバーポート | `8080` |
| `server` | `debug` | デバッグモード | `true` |
| `database` | `driver` | DBドライバー (sqlite, mysql, postgres) | `sqlite` |
| `database` | `driver` | DBドライバー (`sqlite`, `mysql`, `postgres`) | `sqlite` |
| `database` | `path` | SQLiteファイルパス | `homework.db` |
| `session` | `secret` | セッション暗号化キー | (必須) |
| `database` | `host` | DBホスト (MySQL/PostgreSQL) | `localhost` |
| `database` | `port` | DBポート (MySQL/PostgreSQL) | `3306` |
| `database` | `user` | DBユーザー (MySQL/PostgreSQL) | `root` |
| `database` | `password` | DBパスワード (MySQL/PostgreSQL) | - |
| `database` | `name` | DB名 (MySQL/PostgreSQL) | `homework_manager` |
| `session` | `secret` | セッション暗号化キー | **(必須)** |
| `auth` | `allow_registration` | 新規登録許可 | `true` |
| `security` | `https` | HTTPS設定(Secure Cookie) | `false` |
| `security` | `csrf_secret` | CSRFトークン秘密鍵 | (必須) |
| `security` | `https` | HTTPS設定 (Secure Cookie) | `false` |
| `security` | `csrf_secret` | CSRFトークン秘密鍵 | **(必須)** |
| `security` | `rate_limit_enabled` | レート制限有効化 | `true` |
| `security` | `rate_limit_requests` | 期間あたりの最大リクエスト数 | `100` |
| `security` | `rate_limit_window` | 期間(秒) | `60` |
| `security` | `trusted_proxies` | 信頼するプロキシ | - |
| `notification` | `telegram_bot_token` | Telegram Bot Token | - |
| `captcha` | `enabled` | CAPTCHA有効化 | `false` |
| `captcha` | `type` | CAPTCHAタイプ (`image` or `turnstile`) | `image` |
| `captcha` | `turnstile_site_key` | Cloudflare Turnstile サイトキー | - |
| `captcha` | `turnstile_secret_key` | Cloudflare Turnstile シークレットキー | - |
### 5.3 環境変数
@@ -269,13 +331,22 @@ rate_limit_window = 60
| `PORT` | サーバーポート |
| `DATABASE_DRIVER` | データベースドライバー |
| `DATABASE_PATH` | SQLiteデータベースファイルパス |
| `DATABASE_HOST` | DBホスト |
| `DATABASE_PORT` | DBポート |
| `DATABASE_USER` | DBユーザー |
| `DATABASE_PASSWORD` | DBパスワード |
| `DATABASE_NAME` | DB名 |
| `SESSION_SECRET` | セッション暗号化キー |
| `CSRF_SECRET` | CSRFトークン秘密鍵 |
| `GIN_MODE` | `release` でリリースモードdebug=false |
| `ALLOW_REGISTRATION` | 新規登録許可 (true/false) |
| `HTTPS` | HTTPSモード (true/false) |
| `TRUSTED_PROXIES` | 信頼するプロキシのリスト |
| `GIN_MODE` | `release` でリリースモード |
| `ALLOW_REGISTRATION` | 新規登録許可 (`true`/`false`) |
| `HTTPS` | HTTPSモード (`true`/`false`) |
| `TRUSTED_PROXIES` | 信頼するプロキシ |
| `TELEGRAM_BOT_TOKEN` | Telegram Bot Token |
| `CAPTCHA_ENABLED` | CAPTCHA有効化 (`true`/`false`) |
| `CAPTCHA_TYPE` | CAPTCHAタイプ (`image`/`turnstile`) |
| `TURNSTILE_SITE_KEY` | Cloudflare Turnstile サイトキー |
| `TURNSTILE_SECRET_KEY` | Cloudflare Turnstile シークレットキー |
### 5.4 設定の優先順位
@@ -290,13 +361,16 @@ rate_limit_window = 60
### 6.1 実装済みセキュリティ機能
- **パスワードハッシュ化**: bcryptによるソルト付きハッシュ
- **2段階認証 (TOTP)**: RFC 6238準拠のTOTPによる2FA
- **CAPTCHA**: ログイン・登録時のbot対策画像認証またはCloudflare Turnstile
- **セッションセキュリティ**: HttpOnly Cookie
- **入力バリデーション**: 各ハンドラで基本的な入力検証
- **CSFR対策**: Double Submit Cookieパターンまたは同期トークンによるCSRF保護
- **CSRF対策**: Double Submit Cookieパターンによる全フォーム保護
- **レート制限**: IPベースのリクエスト制限によるDoS対策
- **論理削除**: データの完全削除を防ぐソフトデリート
- **権限チェック**: ミドルウェアによるロールベースアクセス制御
- **Secure Cookie**: HTTPS設定時のSecure属性付与
- **セキュリティヘッダー**: X-Content-Type-Options, X-Frame-Options等の設定
### 6.2 推奨される本番環境設定
@@ -304,6 +378,7 @@ rate_limit_window = 60
- HTTPSを有効化し、`HTTPS=true` を設定
- `GIN_MODE=release` を設定
- 必要に応じて `TRUSTED_PROXIES` を設定
- `CAPTCHA_ENABLED=true` を設定してbot対策を強化
---

3
go.mod
View File

@@ -17,10 +17,12 @@ require (
require (
filippo.io/edwards25519 v1.1.0 // indirect
github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc // indirect
github.com/bytedance/gopkg v0.1.3 // indirect
github.com/bytedance/sonic v1.14.2 // indirect
github.com/bytedance/sonic/loader v0.4.0 // indirect
github.com/cloudwego/base64x v0.1.6 // indirect
github.com/dchest/captcha v1.1.0 // indirect
github.com/dustin/go-humanize v1.0.1 // indirect
github.com/gabriel-vasile/mimetype v1.4.12 // indirect
github.com/gin-contrib/sse v1.1.0 // indirect
@@ -49,6 +51,7 @@ require (
github.com/modern-go/reflect2 v1.0.2 // indirect
github.com/ncruces/go-strftime v1.0.0 // indirect
github.com/pelletier/go-toml/v2 v2.2.4 // indirect
github.com/pquerna/otp v1.5.0 // indirect
github.com/quic-go/qpack v0.6.0 // indirect
github.com/quic-go/quic-go v0.58.0 // indirect
github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec // indirect

6
go.sum
View File

@@ -1,5 +1,7 @@
filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA=
filippo.io/edwards25519 v1.1.0/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4=
github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc h1:biVzkmvwrH8WK8raXaxBx6fRVTlJILwEwQGL1I/ByEI=
github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8=
github.com/bytedance/gopkg v0.1.3 h1:TPBSwH8RsouGCBcMBktLt1AymVo2TVsBVCY4b6TnZ/M=
github.com/bytedance/gopkg v0.1.3/go.mod h1:576VvJ+eJgyCzdjS+c4+77QF3p7ubbtiKARP3TxducM=
github.com/bytedance/sonic v1.14.2 h1:k1twIoe97C1DtYUo+fZQy865IuHia4PR5RPiuGPPIIE=
@@ -11,6 +13,8 @@ github.com/cloudwego/base64x v0.1.6/go.mod h1:OFcloc187FXDaYHvrNIjxSe8ncn0OOM8gE
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/dchest/captcha v1.1.0 h1:2kt47EoYUUkaISobUdTbqwx55xvKOJxyScVfw25xzhQ=
github.com/dchest/captcha v1.1.0/go.mod h1:7zoElIawLp7GUMLcj54K9kbw+jEyvz2K0FDdRRYhvWo=
github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY=
github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto=
github.com/gabriel-vasile/mimetype v1.4.12 h1:e9hWvmLYvtp846tLHam2o++qitpguFiYCKbn0w9jyqw=
@@ -87,6 +91,8 @@ github.com/pelletier/go-toml/v2 v2.2.4 h1:mye9XuhQ6gvn5h28+VilKrrPoQVanw5PMw/TB0
github.com/pelletier/go-toml/v2 v2.2.4/go.mod h1:2gIqNv+qfxSVS7cM2xJQKtLSTLUE9V8t9Stt+h56mCY=
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
github.com/pquerna/otp v1.5.0 h1:NMMR+WrmaqXU4EzdGJEE1aUUI0AMRzsp96fFFWNPwxs=
github.com/pquerna/otp v1.5.0/go.mod h1:dkJfzwRKNiegxyNb54X/3fLwhCynbMspSyWKnvi1AEg=
github.com/quic-go/qpack v0.6.0 h1:g7W+BMYynC1LbYLSqRt8PBg5Tgwxn214ZZR34VIOjz8=
github.com/quic-go/qpack v0.6.0/go.mod h1:lUpLKChi8njB4ty2bFLX2x4gzDqXwUpaO1DP9qMDZII=
github.com/quic-go/quic-go v0.58.0 h1:ggY2pvZaVdB9EyojxL1p+5mptkuHyX5MOSv4dgWF4Ug=

39
internal/config/config.go
View File

@@ -21,6 +21,13 @@ type NotificationConfig struct {
TelegramBotToken string
}
type CaptchaConfig struct {
Enabled bool
Type string // "turnstile" or "image"
TurnstileSiteKey string
TurnstileSecretKey string
}
type Config struct {
Port string
SessionSecret string
@@ -34,6 +41,7 @@ type Config struct {
TrustedProxies []string
Database DatabaseConfig
Notification NotificationConfig
Captcha CaptchaConfig
}
func Load(configPath string) *Config {
@@ -56,6 +64,10 @@ func Load(configPath string) *Config {
Password: "",
Name: "homework_manager",
},
Captcha: CaptchaConfig{
Enabled: false,
Type: "image",
},
}
if configPath == "" {
@@ -134,6 +146,21 @@ func Load(configPath string) *Config {
if section.HasKey("telegram_bot_token") {
cfg.Notification.TelegramBotToken = section.Key("telegram_bot_token").String()
}
// Captcha section
section = iniFile.Section("captcha")
if section.HasKey("enabled") {
cfg.Captcha.Enabled = section.Key("enabled").MustBool(false)
}
if section.HasKey("type") {
cfg.Captcha.Type = section.Key("type").String()
}
if section.HasKey("turnstile_site_key") {
cfg.Captcha.TurnstileSiteKey = section.Key("turnstile_site_key").String()
}
if section.HasKey("turnstile_secret_key") {
cfg.Captcha.TurnstileSecretKey = section.Key("turnstile_secret_key").String()
}
} else {
log.Println("config.ini not found, using environment variables or defaults")
}
@@ -183,6 +210,18 @@ func Load(configPath string) *Config {
if telegramToken := os.Getenv("TELEGRAM_BOT_TOKEN"); telegramToken != "" {
cfg.Notification.TelegramBotToken = telegramToken
}
if captchaEnabled := os.Getenv("CAPTCHA_ENABLED"); captchaEnabled != "" {
cfg.Captcha.Enabled = captchaEnabled == "true" || captchaEnabled == "1"
}
if captchaType := os.Getenv("CAPTCHA_TYPE"); captchaType != "" {
cfg.Captcha.Type = captchaType
}
if turnstileSiteKey := os.Getenv("TURNSTILE_SITE_KEY"); turnstileSiteKey != "" {
cfg.Captcha.TurnstileSiteKey = turnstileSiteKey
}
if turnstileSecretKey := os.Getenv("TURNSTILE_SECRET_KEY"); turnstileSecretKey != "" {
cfg.Captcha.TurnstileSecretKey = turnstileSecretKey
}
if cfg.SessionSecret == "" {
log.Fatal("FATAL: Session secret is not set. Please set it in config.ini ([session] secret) or via SESSION_SECRET environment variable.")

306
internal/handler/api_handler.go
View File

@@ -7,17 +7,20 @@ import (
"homework-manager/internal/middleware"
"homework-manager/internal/service"
"homework-manager/internal/validation"
"github.com/gin-gonic/gin"
)
type APIHandler struct {
assignmentService *service.AssignmentService
recurringService *service.RecurringAssignmentService
}
func NewAPIHandler() *APIHandler {
return &APIHandler{
assignmentService: service.NewAssignmentService(),
recurringService: service.NewRecurringAssignmentService(),
}
}
@@ -26,17 +29,12 @@ func (h *APIHandler) getUserID(c *gin.Context) uint {
return userID.(uint)
}
// ListAssignments returns all assignments for the authenticated user with pagination
// GET /api/v1/assignments?filter=pending&page=1&page_size=20
func (h *APIHandler) ListAssignments(c *gin.Context) {
userID := h.getUserID(c)
filter := c.Query("filter") // pending, completed, overdue
// Parse pagination parameters
page, _ := strconv.Atoi(c.DefaultQuery("page", "1"))
pageSize, _ := strconv.Atoi(c.DefaultQuery("page_size", "20"))
// Validate pagination parameters
if page < 1 {
page = 1
}
@@ -44,10 +42,9 @@ func (h *APIHandler) ListAssignments(c *gin.Context) {
pageSize = 20
}
if pageSize > 100 {
pageSize = 100 // Maximum page size to prevent abuse
pageSize = 100
}
// Use paginated methods for filtered queries
switch filter {
case "completed":
result, err := h.assignmentService.GetCompletedByUserPaginated(userID, page, pageSize)
@@ -56,12 +53,12 @@ func (h *APIHandler) ListAssignments(c *gin.Context) {
return
}
c.JSON(http.StatusOK, gin.H{
"assignments": result.Assignments,
"count": len(result.Assignments),
"total_count": result.TotalCount,
"total_pages": result.TotalPages,
"current_page": result.CurrentPage,
"page_size": result.PageSize,
"assignments": result.Assignments,
"count": len(result.Assignments),
"total_count": result.TotalCount,
"total_pages": result.TotalPages,
"current_page": result.CurrentPage,
"page_size": result.PageSize,
})
return
case "overdue":
@@ -71,12 +68,12 @@ func (h *APIHandler) ListAssignments(c *gin.Context) {
return
}
c.JSON(http.StatusOK, gin.H{
"assignments": result.Assignments,
"count": len(result.Assignments),
"total_count": result.TotalCount,
"total_pages": result.TotalPages,
"current_page": result.CurrentPage,
"page_size": result.PageSize,
"assignments": result.Assignments,
"count": len(result.Assignments),
"total_count": result.TotalCount,
"total_pages": result.TotalPages,
"current_page": result.CurrentPage,
"page_size": result.PageSize,
})
return
case "pending":
@@ -86,23 +83,21 @@ func (h *APIHandler) ListAssignments(c *gin.Context) {
return
}
c.JSON(http.StatusOK, gin.H{
"assignments": result.Assignments,
"count": len(result.Assignments),
"total_count": result.TotalCount,
"total_pages": result.TotalPages,
"current_page": result.CurrentPage,
"page_size": result.PageSize,
"assignments": result.Assignments,
"count": len(result.Assignments),
"total_count": result.TotalCount,
"total_pages": result.TotalPages,
"current_page": result.CurrentPage,
"page_size": result.PageSize,
})
return
default:
// For "all" filter, use simple pagination without a dedicated method
assignments, err := h.assignmentService.GetAllByUser(userID)
if err != nil {
c.JSON(http.StatusInternalServerError, gin.H{"error": "Failed to fetch assignments"})
return
}
// Manual pagination for all assignments
totalCount := len(assignments)
totalPages := (totalCount + pageSize - 1) / pageSize
start := (page - 1) * pageSize
@@ -115,18 +110,16 @@ func (h *APIHandler) ListAssignments(c *gin.Context) {
}
c.JSON(http.StatusOK, gin.H{
"assignments": assignments[start:end],
"count": end - start,
"total_count": totalCount,
"total_pages": totalPages,
"current_page": page,
"page_size": pageSize,
"assignments": assignments[start:end],
"count": end - start,
"total_count": totalCount,
"total_pages": totalPages,
"current_page": page,
"page_size": pageSize,
})
}
}
// ListPendingAssignments returns pending assignments with pagination
// GET /api/v1/assignments/pending?page=1&page_size=20
func (h *APIHandler) ListPendingAssignments(c *gin.Context) {
userID := h.getUserID(c)
page, pageSize := h.parsePagination(c)
@@ -140,8 +133,6 @@ func (h *APIHandler) ListPendingAssignments(c *gin.Context) {
h.sendPaginatedResponse(c, result)
}
// ListCompletedAssignments returns completed assignments with pagination
// GET /api/v1/assignments/completed?page=1&page_size=20
func (h *APIHandler) ListCompletedAssignments(c *gin.Context) {
userID := h.getUserID(c)
page, pageSize := h.parsePagination(c)
@@ -155,8 +146,6 @@ func (h *APIHandler) ListCompletedAssignments(c *gin.Context) {
h.sendPaginatedResponse(c, result)
}
// ListOverdueAssignments returns overdue assignments with pagination
// GET /api/v1/assignments/overdue?page=1&page_size=20
func (h *APIHandler) ListOverdueAssignments(c *gin.Context) {
userID := h.getUserID(c)
page, pageSize := h.parsePagination(c)
@@ -170,8 +159,6 @@ func (h *APIHandler) ListOverdueAssignments(c *gin.Context) {
h.sendPaginatedResponse(c, result)
}
// ListDueTodayAssignments returns assignments due today
// GET /api/v1/assignments/due-today
func (h *APIHandler) ListDueTodayAssignments(c *gin.Context) {
userID := h.getUserID(c)
@@ -187,8 +174,6 @@ func (h *APIHandler) ListDueTodayAssignments(c *gin.Context) {
})
}
// ListDueThisWeekAssignments returns assignments due within this week
// GET /api/v1/assignments/due-this-week
func (h *APIHandler) ListDueThisWeekAssignments(c *gin.Context) {
userID := h.getUserID(c)
@@ -204,7 +189,6 @@ func (h *APIHandler) ListDueThisWeekAssignments(c *gin.Context) {
})
}
// parsePagination extracts and validates pagination parameters
func (h *APIHandler) parsePagination(c *gin.Context) (page int, pageSize int) {
page, _ = strconv.Atoi(c.DefaultQuery("page", "1"))
pageSize, _ = strconv.Atoi(c.DefaultQuery("page_size", "20"))
@@ -221,7 +205,6 @@ func (h *APIHandler) parsePagination(c *gin.Context) (page int, pageSize int) {
return page, pageSize
}
// sendPaginatedResponse sends a standard paginated JSON response
func (h *APIHandler) sendPaginatedResponse(c *gin.Context, result *service.PaginatedResult) {
c.JSON(http.StatusOK, gin.H{
"assignments": result.Assignments,
@@ -233,8 +216,6 @@ func (h *APIHandler) sendPaginatedResponse(c *gin.Context, result *service.Pagin
})
}
// GetAssignment returns a single assignment by ID
// GET /api/v1/assignments/:id
func (h *APIHandler) GetAssignment(c *gin.Context) {
userID := h.getUserID(c)
id, err := strconv.ParseUint(c.Param("id"), 10, 32)
@@ -252,40 +233,126 @@ func (h *APIHandler) GetAssignment(c *gin.Context) {
c.JSON(http.StatusOK, assignment)
}
// CreateAssignmentInput represents the JSON input for creating an assignment
type CreateAssignmentInput struct {
Title string `json:"title" binding:"required"`
Description string `json:"description"`
Subject string `json:"subject"`
Priority string `json:"priority"` // low, medium, high (default: medium)
DueDate string `json:"due_date" binding:"required"` // RFC3339 or 2006-01-02T15:04
Priority string `json:"priority"`
DueDate string `json:"due_date" binding:"required"`
ReminderEnabled bool `json:"reminder_enabled"`
ReminderAt string `json:"reminder_at"`
UrgentReminderEnabled *bool `json:"urgent_reminder_enabled"`
Recurrence struct {
Type string `json:"type"`
Interval int `json:"interval"`
Weekday interface{} `json:"weekday"`
Day interface{} `json:"day"`
Until struct {
Type string `json:"type"`
Count int `json:"count"`
Date string `json:"date"`
} `json:"until"`
} `json:"recurrence"`
}
// CreateAssignment creates a new assignment
// POST /api/v1/assignments
func (h *APIHandler) CreateAssignment(c *gin.Context) {
userID := h.getUserID(c)
var input CreateAssignmentInput
if err := c.ShouldBindJSON(&input); err != nil {
c.JSON(http.StatusBadRequest, gin.H{"error": "Invalid input: title and due_date are required"})
c.JSON(http.StatusBadRequest, gin.H{"error": "Invalid input: " + err.Error()})
return
}
dueDate, err := time.Parse(time.RFC3339, input.DueDate)
if err != nil {
dueDate, err = time.ParseInLocation("2006-01-02T15:04", input.DueDate, time.Local)
if err != nil {
dueDate, err = time.ParseInLocation("2006-01-02", input.DueDate, time.Local)
if err != nil {
c.JSON(http.StatusBadRequest, gin.H{"error": "Invalid due_date format. Use RFC3339 or 2006-01-02T15:04"})
return
}
dueDate = dueDate.Add(23*time.Hour + 59*time.Minute)
}
if err := validation.ValidateAssignmentInput(input.Title, input.Description, input.Subject, input.Priority); err != nil {
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
return
}
assignment, err := h.assignmentService.Create(userID, input.Title, input.Description, input.Subject, input.Priority, dueDate, false, nil, true)
dueDate, err := parseDateString(input.DueDate)
if err != nil {
c.JSON(http.StatusBadRequest, gin.H{"error": "Invalid due_date format. Use RFC3339 or 2006-01-02T15:04"})
return
}
var reminderAt *time.Time
if input.ReminderEnabled && input.ReminderAt != "" {
reminderTime, err := parseDateString(input.ReminderAt)
if err != nil {
c.JSON(http.StatusBadRequest, gin.H{"error": "Invalid reminder_at format"})
return
}
reminderAt = &reminderTime
}
urgentReminder := true
if input.UrgentReminderEnabled != nil {
urgentReminder = *input.UrgentReminderEnabled
}
if input.Recurrence.Type != "" && input.Recurrence.Type != "none" {
serviceInput := service.CreateRecurringAssignmentInput{
Title: input.Title,
Description: input.Description,
Subject: input.Subject,
Priority: input.Priority,
FirstDueDate: dueDate,
DueTime: dueDate.Format("15:04"),
RecurrenceType: input.Recurrence.Type,
RecurrenceInterval: input.Recurrence.Interval,
ReminderEnabled: input.ReminderEnabled,
ReminderOffset: nil,
UrgentReminderEnabled: urgentReminder,
}
if serviceInput.RecurrenceInterval < 1 {
serviceInput.RecurrenceInterval = 1
}
if input.Recurrence.Weekday != nil {
if wd, ok := input.Recurrence.Weekday.(float64); ok {
wdInt := int(wd)
serviceInput.RecurrenceWeekday = &wdInt
}
}
if input.Recurrence.Day != nil {
if d, ok := input.Recurrence.Day.(float64); ok {
dInt := int(d)
serviceInput.RecurrenceDay = &dInt
}
}
serviceInput.EndType = input.Recurrence.Until.Type
if serviceInput.EndType == "" {
serviceInput.EndType = "never"
}
if serviceInput.EndType == "count" {
count := input.Recurrence.Until.Count
serviceInput.EndCount = &count
} else if serviceInput.EndType == "date" && input.Recurrence.Until.Date != "" {
endDate, err := parseDateString(input.Recurrence.Until.Date)
if err == nil {
serviceInput.EndDate = &endDate
}
}
recurring, err := h.recurringService.Create(userID, serviceInput)
if err != nil {
c.JSON(http.StatusInternalServerError, gin.H{"error": "Failed to create recurring assignment: " + err.Error()})
return
}
c.JSON(http.StatusCreated, gin.H{
"message": "Recurring assignment created",
"recurring_assignment": recurring,
})
return
}
assignment, err := h.assignmentService.Create(userID, input.Title, input.Description, input.Subject, input.Priority, dueDate, input.ReminderEnabled, reminderAt, urgentReminder)
if err != nil {
c.JSON(http.StatusInternalServerError, gin.H{"error": "Failed to create assignment"})
return
@@ -294,17 +361,17 @@ func (h *APIHandler) CreateAssignment(c *gin.Context) {
c.JSON(http.StatusCreated, assignment)
}
// UpdateAssignmentInput represents the JSON input for updating an assignment
type UpdateAssignmentInput struct {
Title string `json:"title"`
Description string `json:"description"`
Subject string `json:"subject"`
Priority string `json:"priority"`
DueDate string `json:"due_date"`
Title string `json:"title"`
Description string `json:"description"`
Subject string `json:"subject"`
Priority string `json:"priority"`
DueDate string `json:"due_date"`
ReminderEnabled *bool `json:"reminder_enabled"`
ReminderAt string `json:"reminder_at"`
UrgentReminderEnabled *bool `json:"urgent_reminder_enabled"`
}
// UpdateAssignment updates an existing assignment
// PUT /api/v1/assignments/:id
func (h *APIHandler) UpdateAssignment(c *gin.Context) {
userID := h.getUserID(c)
id, err := strconv.ParseUint(c.Param("id"), 10, 32)
@@ -313,7 +380,6 @@ func (h *APIHandler) UpdateAssignment(c *gin.Context) {
return
}
// Get existing assignment
existing, err := h.assignmentService.GetByID(userID, uint(id))
if err != nil {
c.JSON(http.StatusNotFound, gin.H{"error": "Assignment not found"})
@@ -326,14 +392,26 @@ func (h *APIHandler) UpdateAssignment(c *gin.Context) {
return
}
// Use existing values if not provided
if err := validation.ValidateAssignmentInput(input.Title, input.Description, input.Subject, input.Priority); err != nil {
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
return
}
title := input.Title
if title == "" {
title = existing.Title
}
description := input.Description
if description == "" {
description = existing.Description
}
subject := input.Subject
if subject == "" {
subject = existing.Subject
}
priority := input.Priority
if priority == "" {
priority = existing.Priority
@@ -341,18 +419,36 @@ func (h *APIHandler) UpdateAssignment(c *gin.Context) {
dueDate := existing.DueDate
if input.DueDate != "" {
dueDate, err = time.Parse(time.RFC3339, input.DueDate)
parsedDate, err := parseDateString(input.DueDate)
if err != nil {
dueDate, err = time.ParseInLocation("2006-01-02T15:04", input.DueDate, time.Local)
if err != nil {
c.JSON(http.StatusBadRequest, gin.H{"error": "Invalid due_date format"})
return
}
c.JSON(http.StatusBadRequest, gin.H{"error": "Invalid due_date format"})
return
}
dueDate = parsedDate
}
// Preserve existing reminder settings for API updates
assignment, err := h.assignmentService.Update(userID, uint(id), title, description, subject, priority, dueDate, existing.ReminderEnabled, existing.ReminderAt, existing.UrgentReminderEnabled)
reminderEnabled := existing.ReminderEnabled
if input.ReminderEnabled != nil {
reminderEnabled = *input.ReminderEnabled
}
reminderAt := existing.ReminderAt
if input.ReminderAt != "" {
parsedReminderAt, err := parseDateString(input.ReminderAt)
if err != nil {
c.JSON(http.StatusBadRequest, gin.H{"error": "Invalid reminder_at format"})
return
}
reminderAt = &parsedReminderAt
} else if input.ReminderEnabled != nil && !*input.ReminderEnabled {
}
urgentReminderEnabled := existing.UrgentReminderEnabled
if input.UrgentReminderEnabled != nil {
urgentReminderEnabled = *input.UrgentReminderEnabled
}
assignment, err := h.assignmentService.Update(userID, uint(id), title, description, subject, priority, dueDate, reminderEnabled, reminderAt, urgentReminderEnabled)
if err != nil {
c.JSON(http.StatusInternalServerError, gin.H{"error": "Failed to update assignment"})
return
@@ -361,8 +457,6 @@ func (h *APIHandler) UpdateAssignment(c *gin.Context) {
c.JSON(http.StatusOK, assignment)
}
// DeleteAssignment deletes an assignment
// DELETE /api/v1/assignments/:id
func (h *APIHandler) DeleteAssignment(c *gin.Context) {
userID := h.getUserID(c)
id, err := strconv.ParseUint(c.Param("id"), 10, 32)
@@ -371,6 +465,26 @@ func (h *APIHandler) DeleteAssignment(c *gin.Context) {
return
}
deleteRecurring := c.Query("delete_recurring") == "true"
if deleteRecurring {
assignment, err := h.assignmentService.GetByID(userID, uint(id))
if err != nil {
c.JSON(http.StatusNotFound, gin.H{"error": "Assignment not found"})
return
}
if assignment.RecurringAssignmentID != nil {
if err := h.recurringService.Delete(userID, *assignment.RecurringAssignmentID, false); err != nil {
c.JSON(http.StatusInternalServerError, gin.H{"error": "Failed to delete recurring assignment"})
return
}
c.JSON(http.StatusOK, gin.H{"message": "Assignment and recurring settings deleted"})
return
}
}
if err := h.assignmentService.Delete(userID, uint(id)); err != nil {
c.JSON(http.StatusNotFound, gin.H{"error": "Assignment not found"})
return
@@ -379,8 +493,6 @@ func (h *APIHandler) DeleteAssignment(c *gin.Context) {
c.JSON(http.StatusOK, gin.H{"message": "Assignment deleted"})
}
// ToggleAssignment toggles the completion status of an assignment
// PATCH /api/v1/assignments/:id/toggle
func (h *APIHandler) ToggleAssignment(c *gin.Context) {
userID := h.getUserID(c)
id, err := strconv.ParseUint(c.Param("id"), 10, 32)
@@ -398,18 +510,14 @@ func (h *APIHandler) ToggleAssignment(c *gin.Context) {
c.JSON(http.StatusOK, assignment)
}
// GetStatistics returns statistics for the authenticated user
// GET /api/v1/statistics?subject=数学&from=2025-01-01&to=2025-12-31&include_archived=true
func (h *APIHandler) GetStatistics(c *gin.Context) {
userID := h.getUserID(c)
// Parse filter parameters
filter := service.StatisticsFilter{
Subject: c.Query("subject"),
IncludeArchived: c.Query("include_archived") == "true",
}
// Parse from date
if fromStr := c.Query("from"); fromStr != "" {
fromDate, err := time.ParseInLocation("2006-01-02", fromStr, time.Local)
if err != nil {
@@ -419,7 +527,6 @@ func (h *APIHandler) GetStatistics(c *gin.Context) {
filter.From = &fromDate
}
// Parse to date
if toStr := c.Query("to"); toStr != "" {
toDate, err := time.ParseInLocation("2006-01-02", toStr, time.Local)
if err != nil {
@@ -438,3 +545,18 @@ func (h *APIHandler) GetStatistics(c *gin.Context) {
c.JSON(http.StatusOK, stats)
}
func parseDateString(dateStr string) (time.Time, error) {
t, err := time.Parse(time.RFC3339, dateStr)
if err == nil {
return t, nil
}
t, err = time.ParseInLocation("2006-01-02T15:04", dateStr, time.Local)
if err == nil {
return t, nil
}
t, err = time.ParseInLocation("2006-01-02", dateStr, time.Local)
if err == nil {
return t.Add(23*time.Hour + 59*time.Minute), nil
}
return time.Time{}, err
}

167
internal/handler/api_recurring_handler.go Normal file
View File

@@ -0,0 +1,167 @@
package handler
import (
"net/http"
"strconv"
"homework-manager/internal/middleware"
"homework-manager/internal/models"
"homework-manager/internal/service"
"github.com/gin-gonic/gin"
)
type APIRecurringHandler struct {
recurringService *service.RecurringAssignmentService
}
func NewAPIRecurringHandler() *APIRecurringHandler {
return &APIRecurringHandler{
recurringService: service.NewRecurringAssignmentService(),
}
}
func (h *APIRecurringHandler) getUserID(c *gin.Context) uint {
userID, _ := c.Get(middleware.UserIDKey)
return userID.(uint)
}
func (h *APIRecurringHandler) ListRecurring(c *gin.Context) {
userID := h.getUserID(c)
recurringList, err := h.recurringService.GetAllByUser(userID)
if err != nil {
c.JSON(http.StatusInternalServerError, gin.H{"error": "Failed to fetch recurring assignments"})
return
}
c.JSON(http.StatusOK, gin.H{
"recurring_assignments": recurringList,
"count": len(recurringList),
})
}
func (h *APIRecurringHandler) GetRecurring(c *gin.Context) {
userID := h.getUserID(c)
id, err := strconv.ParseUint(c.Param("id"), 10, 32)
if err != nil {
c.JSON(http.StatusBadRequest, gin.H{"error": "Invalid ID"})
return
}
recurring, err := h.recurringService.GetByID(userID, uint(id))
if err != nil {
c.JSON(http.StatusNotFound, gin.H{"error": "Recurring assignment not found"})
return
}
c.JSON(http.StatusOK, recurring)
}
type UpdateRecurringAPIInput struct {
Title *string `json:"title"`
Description *string `json:"description"`
Subject *string `json:"subject"`
Priority *string `json:"priority"`
RecurrenceType *string `json:"recurrence_type"`
RecurrenceInterval *int `json:"recurrence_interval"`
RecurrenceWeekday *int `json:"recurrence_weekday"`
RecurrenceDay *int `json:"recurrence_day"`
DueTime *string `json:"due_time"`
EndType *string `json:"end_type"`
EndCount *int `json:"end_count"`
EndDate *string `json:"end_date"` // YYYY-MM-DD
IsActive *bool `json:"is_active"` // To stop/resume
ReminderEnabled *bool `json:"reminder_enabled"`
ReminderOffset *int `json:"reminder_offset"`
UrgentReminderEnabled *bool `json:"urgent_reminder_enabled"`
EditBehavior string `json:"edit_behavior"` // this_only, this_and_future, all (default: this_only)
}
func (h *APIRecurringHandler) UpdateRecurring(c *gin.Context) {
userID := h.getUserID(c)
id, err := strconv.ParseUint(c.Param("id"), 10, 32)
if err != nil {
c.JSON(http.StatusBadRequest, gin.H{"error": "Invalid ID"})
return
}
var input UpdateRecurringAPIInput
if err := c.ShouldBindJSON(&input); err != nil {
c.JSON(http.StatusBadRequest, gin.H{"error": "Invalid input: " + err.Error()})
return
}
existing, err := h.recurringService.GetByID(userID, uint(id))
if err != nil {
c.JSON(http.StatusNotFound, gin.H{"error": "Recurring assignment not found"})
return
}
if input.IsActive != nil {
if err := h.recurringService.SetActive(userID, uint(id), *input.IsActive); err != nil {
c.JSON(http.StatusInternalServerError, gin.H{"error": "Failed to update active status"})
return
}
existing.IsActive = *input.IsActive
}
serviceInput := service.UpdateRecurringInput{
Title: input.Title,
Description: input.Description,
Subject: input.Subject,
Priority: input.Priority,
RecurrenceType: input.RecurrenceType,
RecurrenceInterval: input.RecurrenceInterval,
RecurrenceWeekday: input.RecurrenceWeekday,
RecurrenceDay: input.RecurrenceDay,
DueTime: input.DueTime,
EndType: input.EndType,
EndCount: input.EndCount,
EditBehavior: input.EditBehavior,
ReminderEnabled: input.ReminderEnabled,
ReminderOffset: input.ReminderOffset,
UrgentReminderEnabled: input.UrgentReminderEnabled,
}
if input.EndDate != nil && *input.EndDate != "" {
endDate, err := parseDateString(*input.EndDate)
if err != nil {
c.JSON(http.StatusBadRequest, gin.H{"error": "Invalid end_date format"})
return
}
serviceInput.EndDate = &endDate
}
if serviceInput.EditBehavior == "" {
serviceInput.EditBehavior = models.EditBehaviorThisOnly
}
updated, err := h.recurringService.Update(userID, uint(id), serviceInput)
if err != nil {
c.JSON(http.StatusInternalServerError, gin.H{"error": "Failed to update recurring assignment"})
return
}
updated.IsActive = existing.IsActive
c.JSON(http.StatusOK, updated)
}
func (h *APIRecurringHandler) DeleteRecurring(c *gin.Context) {
userID := h.getUserID(c)
id, err := strconv.ParseUint(c.Param("id"), 10, 32)
if err != nil {
c.JSON(http.StatusBadRequest, gin.H{"error": "Invalid ID"})
return
}
err = h.recurringService.Delete(userID, uint(id), false)
if err != nil {
c.JSON(http.StatusNotFound, gin.H{"error": "Recurring assignment not found or failed to delete"})
return
}
c.JSON(http.StatusOK, gin.H{"message": "Recurring assignment deleted"})
}

208
internal/handler/assignment_handler.go
View File

@@ -9,6 +9,7 @@ import (
"homework-manager/internal/middleware"
"homework-manager/internal/models"
"homework-manager/internal/service"
"homework-manager/internal/validation"
"github.com/gin-gonic/gin"
)
@@ -16,12 +17,14 @@ import (
type AssignmentHandler struct {
assignmentService *service.AssignmentService
notificationService *service.NotificationService
recurringService *service.RecurringAssignmentService
}
func NewAssignmentHandler(notificationService *service.NotificationService) *AssignmentHandler {
return &AssignmentHandler{
assignmentService: service.NewAssignmentService(),
notificationService: notificationService,
recurringService: service.NewRecurringAssignmentService(),
}
}
@@ -104,11 +107,14 @@ func (h *AssignmentHandler) Index(c *gin.Context) {
func (h *AssignmentHandler) New(c *gin.Context) {
role, _ := c.Get(middleware.UserRoleKey)
name, _ := c.Get(middleware.UserNameKey)
now := time.Now()
RenderHTML(c, http.StatusOK, "assignments/new.html", gin.H{
"title": "課題登録",
"isAdmin": role == "admin",
"userName": name,
"title": "課題登録",
"isAdmin": role == "admin",
"userName": name,
"currentWeekday": int(now.Weekday()),
"currentDay": now.Day(),
})
}
@@ -121,6 +127,22 @@ func (h *AssignmentHandler) Create(c *gin.Context) {
priority := c.PostForm("priority")
dueDateStr := c.PostForm("due_date")
if err := validation.ValidateAssignmentInput(title, description, subject, priority); err != nil {
role, _ := c.Get(middleware.UserRoleKey)
name, _ := c.Get(middleware.UserNameKey)
RenderHTML(c, http.StatusOK, "assignments/new.html", gin.H{
"title": "課題登録",
"error": err.Error(),
"formTitle": title,
"description": description,
"subject": subject,
"priority": priority,
"isAdmin": role == "admin",
"userName": name,
})
return
}
reminderEnabled := c.PostForm("reminder_enabled") == "on"
reminderAtStr := c.PostForm("reminder_at")
var reminderAt *time.Time
@@ -196,7 +218,7 @@ func (h *AssignmentHandler) Create(c *gin.Context) {
dueTime := dueDate.Format("15:04")
recurringService := service.NewRecurringAssignmentService()
input := service.CreateRecurringInput{
input := service.CreateRecurringAssignmentInput{
Title: title,
Description: description,
Subject: subject,
@@ -266,12 +288,18 @@ func (h *AssignmentHandler) Edit(c *gin.Context) {
return
}
var recurring *models.RecurringAssignment
if assignment.RecurringAssignmentID != nil {
recurring, _ = h.recurringService.GetByID(userID, *assignment.RecurringAssignmentID)
}
role, _ := c.Get(middleware.UserRoleKey)
name, _ := c.Get(middleware.UserNameKey)
RenderHTML(c, http.StatusOK, "assignments/edit.html", gin.H{
"title": "課題編集",
"assignment": assignment,
"recurring": recurring,
"isAdmin": role == "admin",
"userName": name,
})
@@ -287,6 +315,11 @@ func (h *AssignmentHandler) Update(c *gin.Context) {
priority := c.PostForm("priority")
dueDateStr := c.PostForm("due_date")
if err := validation.ValidateAssignmentInput(title, description, subject, priority); err != nil {
c.Redirect(http.StatusFound, "/assignments")
return
}
reminderEnabled := c.PostForm("reminder_enabled") == "on"
reminderAtStr := c.PostForm("reminder_at")
var reminderAt *time.Time
@@ -333,6 +366,14 @@ func (h *AssignmentHandler) Delete(c *gin.Context) {
userID := h.getUserID(c)
id, _ := strconv.ParseUint(c.Param("id"), 10, 32)
deleteRecurringStr := c.Query("stop_recurring")
if deleteRecurringStr != "" {
recurringID, err := strconv.ParseUint(deleteRecurringStr, 10, 32)
if err == nil {
h.recurringService.Delete(userID, uint(recurringID), false)
}
}
h.assignmentService.Delete(userID, uint(id))
c.Redirect(http.StatusFound, "/assignments")
@@ -417,3 +458,162 @@ func (h *AssignmentHandler) UnarchiveSubject(c *gin.Context) {
c.Redirect(http.StatusFound, "/statistics?include_archived=true")
}
func (h *AssignmentHandler) StopRecurring(c *gin.Context) {
userID := h.getUserID(c)
id, err := strconv.ParseUint(c.Param("id"), 10, 32)
if err != nil {
c.Redirect(http.StatusFound, "/assignments")
return
}
h.recurringService.SetActive(userID, uint(id), false)
c.Redirect(http.StatusFound, "/assignments")
}
func (h *AssignmentHandler) ResumeRecurring(c *gin.Context) {
userID := h.getUserID(c)
id, err := strconv.ParseUint(c.Param("id"), 10, 32)
if err != nil {
c.Redirect(http.StatusFound, "/assignments")
return
}
h.recurringService.SetActive(userID, uint(id), true)
referer := c.Request.Referer()
if referer == "" {
referer = "/assignments"
}
c.Redirect(http.StatusFound, referer)
}
func (h *AssignmentHandler) ListRecurring(c *gin.Context) {
userID := h.getUserID(c)
role, _ := c.Get(middleware.UserRoleKey)
name, _ := c.Get(middleware.UserNameKey)
recurrings, err := h.recurringService.GetAllByUser(userID)
if err != nil {
recurrings = []models.RecurringAssignment{}
}
RenderHTML(c, http.StatusOK, "recurring/index.html", gin.H{
"title": "繰り返し設定一覧",
"recurrings": recurrings,
"isAdmin": role == "admin",
"userName": name,
})
}
func (h *AssignmentHandler) EditRecurring(c *gin.Context) {
userID := h.getUserID(c)
id, err := strconv.ParseUint(c.Param("id"), 10, 32)
if err != nil {
c.Redirect(http.StatusFound, "/assignments")
return
}
recurring, err := h.recurringService.GetByID(userID, uint(id))
if err != nil {
c.Redirect(http.StatusFound, "/assignments")
return
}
role, _ := c.Get(middleware.UserRoleKey)
name, _ := c.Get(middleware.UserNameKey)
RenderHTML(c, http.StatusOK, "recurring/edit.html", gin.H{
"title": "繰り返し課題の編集",
"recurring": recurring,
"isAdmin": role == "admin",
"userName": name,
})
}
func (h *AssignmentHandler) UpdateRecurring(c *gin.Context) {
userID := h.getUserID(c)
id, err := strconv.ParseUint(c.Param("id"), 10, 32)
if err != nil {
c.Redirect(http.StatusFound, "/assignments")
return
}
title := c.PostForm("title")
description := c.PostForm("description")
subject := c.PostForm("subject")
priority := c.PostForm("priority")
recurrenceType := c.PostForm("recurrence_type")
dueTime := c.PostForm("due_time")
editBehavior := c.PostForm("edit_behavior")
recurrenceInterval := 1
if v, err := strconv.Atoi(c.PostForm("recurrence_interval")); err == nil && v > 0 {
recurrenceInterval = v
}
var recurrenceWeekday *int
if wd := c.PostForm("recurrence_weekday"); wd != "" {
if v, err := strconv.Atoi(wd); err == nil && v >= 0 && v <= 6 {
recurrenceWeekday = &v
}
}
var recurrenceDay *int
if d := c.PostForm("recurrence_day"); d != "" {
if v, err := strconv.Atoi(d); err == nil && v >= 1 && v <= 31 {
recurrenceDay = &v
}
}
endType := c.PostForm("end_type")
var endCount *int
if ec := c.PostForm("end_count"); ec != "" {
if v, err := strconv.Atoi(ec); err == nil && v > 0 {
endCount = &v
}
}
var endDate *time.Time
if ed := c.PostForm("end_date"); ed != "" {
if v, err := time.ParseInLocation("2006-01-02", ed, time.Local); err == nil {
endDate = &v
}
}
input := service.UpdateRecurringInput{
Title: &title,
Description: &description,
Subject: &subject,
Priority: &priority,
RecurrenceType: &recurrenceType,
RecurrenceInterval: &recurrenceInterval,
RecurrenceWeekday: recurrenceWeekday,
RecurrenceDay: recurrenceDay,
DueTime: &dueTime,
EndType: &endType,
EndCount: endCount,
EndDate: endDate,
EditBehavior: editBehavior,
}
_, err = h.recurringService.Update(userID, uint(id), input)
if err != nil {
c.Redirect(http.StatusFound, "/recurring/"+c.Param("id")+"/edit")
return
}
c.Redirect(http.StatusFound, "/assignments")
}
func (h *AssignmentHandler) DeleteRecurring(c *gin.Context) {
userID := h.getUserID(c)
id, err := strconv.ParseUint(c.Param("id"), 10, 32)
if err != nil {
c.Redirect(http.StatusFound, "/assignments")
return
}
h.recurringService.Delete(userID, uint(id), false)
c.Redirect(http.StatusFound, "/assignments")
}

175
internal/handler/auth_handler.go
View File

@@ -3,6 +3,7 @@ package handler
import (
"net/http"
"homework-manager/internal/config"
"homework-manager/internal/middleware"
"homework-manager/internal/service"
@@ -10,33 +11,96 @@ import (
"github.com/gin-gonic/gin"
)
const twoFAPendingKey = "2fa_pending_user_id"
type AuthHandler struct {
authService *service.AuthService
authService *service.AuthService
totpService *service.TOTPService
captchaService *service.CaptchaService
captchaCfg config.CaptchaConfig
}
func NewAuthHandler() *AuthHandler {
func NewAuthHandler(captchaCfg config.CaptchaConfig) *AuthHandler {
captchaSvc := service.NewCaptchaService(captchaCfg.Type, captchaCfg.TurnstileSecretKey)
return &AuthHandler{
authService: service.NewAuthService(),
authService: service.NewAuthService(),
totpService: service.NewTOTPService(),
captchaService: captchaSvc,
captchaCfg: captchaCfg,
}
}
func (h *AuthHandler) captchaData() gin.H {
data := gin.H{
"captchaEnabled": h.captchaCfg.Enabled,
"captchaType": h.captchaCfg.Type,
}
if h.captchaCfg.Enabled && h.captchaCfg.Type == "turnstile" {
data["turnstileSiteKey"] = h.captchaCfg.TurnstileSiteKey
}
if h.captchaCfg.Enabled && h.captchaCfg.Type == "image" {
data["captchaID"] = h.captchaService.NewImageCaptcha()
}
return data
}
func (h *AuthHandler) verifyCaptcha(c *gin.Context) bool {
if !h.captchaCfg.Enabled {
return true
}
switch h.captchaCfg.Type {
case "turnstile":
token := c.PostForm("cf-turnstile-response")
ok, err := h.captchaService.VerifyTurnstile(token, c.ClientIP())
return err == nil && ok
case "image":
id := c.PostForm("captcha_id")
answer := c.PostForm("captcha_answer")
return h.captchaService.VerifyImageCaptcha(id, answer)
}
return true
}
func (h *AuthHandler) ShowLogin(c *gin.Context) {
RenderHTML(c, http.StatusOK, "login.html", gin.H{
"title": "ログイン",
})
data := gin.H{"title": "ログイン"}
for k, v := range h.captchaData() {
data[k] = v
}
RenderHTML(c, http.StatusOK, "login.html", data)
}
func (h *AuthHandler) Login(c *gin.Context) {
email := c.PostForm("email")
password := c.PostForm("password")
renderLoginError := func(msg string) {
data := gin.H{
"title": "ログイン",
"error": msg,
"email": email,
}
for k, v := range h.captchaData() {
data[k] = v
}
RenderHTML(c, http.StatusOK, "login.html", data)
}
if !h.verifyCaptcha(c) {
renderLoginError("CAPTCHAの検証に失敗しました。もう一度お試しください")
return
}
user, err := h.authService.Login(email, password)
if err != nil {
RenderHTML(c, http.StatusOK, "login.html", gin.H{
"title": "ログイン",
"error": "メールアドレスまたはパスワードが正しくありません",
"email": email,
})
renderLoginError("メールアドレスまたはパスワードが正しくありません")
return
}
if user.TOTPEnabled {
session := sessions.Default(c)
session.Set(twoFAPendingKey, user.ID)
session.Save()
c.Redirect(http.StatusFound, "/login/2fa")
return
}
@@ -49,35 +113,91 @@ func (h *AuthHandler) Login(c *gin.Context) {
c.Redirect(http.StatusFound, "/")
}
func (h *AuthHandler) ShowRegister(c *gin.Context) {
RenderHTML(c, http.StatusOK, "register.html", gin.H{
"title": "新規登録",
func (h *AuthHandler) ShowLogin2FA(c *gin.Context) {
session := sessions.Default(c)
if session.Get(twoFAPendingKey) == nil {
c.Redirect(http.StatusFound, "/login")
return
}
RenderHTML(c, http.StatusOK, "login_2fa.html", gin.H{
"title": "2段階認証",
})
}
func (h *AuthHandler) Login2FA(c *gin.Context) {
session := sessions.Default(c)
pendingID := session.Get(twoFAPendingKey)
if pendingID == nil {
c.Redirect(http.StatusFound, "/login")
return
}
userID := pendingID.(uint)
user, err := h.authService.GetUserByID(userID)
if err != nil {
session.Delete(twoFAPendingKey)
session.Save()
c.Redirect(http.StatusFound, "/login")
return
}
code := c.PostForm("totp_code")
if !h.totpService.Validate(user.TOTPSecret, code) {
RenderHTML(c, http.StatusOK, "login_2fa.html", gin.H{
"title": "2段階認証",
"error": "認証コードが正しくありません",
})
return
}
session.Delete(twoFAPendingKey)
session.Set(middleware.UserIDKey, user.ID)
session.Set(middleware.UserRoleKey, user.Role)
session.Set(middleware.UserNameKey, user.Name)
session.Save()
c.Redirect(http.StatusFound, "/")
}
func (h *AuthHandler) ShowRegister(c *gin.Context) {
data := gin.H{"title": "新規登録"}
for k, v := range h.captchaData() {
data[k] = v
}
RenderHTML(c, http.StatusOK, "register.html", data)
}
func (h *AuthHandler) Register(c *gin.Context) {
email := c.PostForm("email")
password := c.PostForm("password")
passwordConfirm := c.PostForm("password_confirm")
name := c.PostForm("name")
if password != passwordConfirm {
RenderHTML(c, http.StatusOK, "register.html", gin.H{
renderRegisterError := func(msg string) {
data := gin.H{
"title": "新規登録",
"error": "パスワードが一致しません",
"error": msg,
"email": email,
"name": name,
})
}
for k, v := range h.captchaData() {
data[k] = v
}
RenderHTML(c, http.StatusOK, "register.html", data)
}
if !h.verifyCaptcha(c) {
renderRegisterError("CAPTCHAの検証に失敗しました。もう一度お試しください")
return
}
if password != passwordConfirm {
renderRegisterError("パスワードが一致しません")
return
}
if len(password) < 8 {
RenderHTML(c, http.StatusOK, "register.html", gin.H{
"title": "新規登録",
"error": "パスワードは8文字以上で入力してください",
"email": email,
"name": name,
})
renderRegisterError("パスワードは8文字以上で入力してください")
return
}
@@ -87,12 +207,7 @@ func (h *AuthHandler) Register(c *gin.Context) {
if err == service.ErrEmailAlreadyExists {
errorMsg = "このメールアドレスは既に使用されています"
}
RenderHTML(c, http.StatusOK, "register.html", gin.H{
"title": "新規登録",
"error": errorMsg,
"email": email,
"name": name,
})
renderRegisterError(errorMsg)
return
}

139
internal/handler/profile_handler.go
View File

@@ -7,18 +7,23 @@ import (
"homework-manager/internal/models"
"homework-manager/internal/service"
"github.com/gin-contrib/sessions"
"github.com/gin-gonic/gin"
)
type ProfileHandler struct {
authService *service.AuthService
totpService *service.TOTPService
notificationService *service.NotificationService
appName string
}
func NewProfileHandler(notificationService *service.NotificationService) *ProfileHandler {
return &ProfileHandler{
authService: service.NewAuthService(),
totpService: service.NewTOTPService(),
notificationService: notificationService,
appName: "Super-HomeworkManager",
}
}
@@ -143,8 +148,6 @@ func (h *ProfileHandler) UpdateNotificationSettings(c *gin.Context) {
settings := &models.UserNotificationSettings{
TelegramEnabled: c.PostForm("telegram_enabled") == "on",
TelegramChatID: c.PostForm("telegram_chat_id"),
LineEnabled: c.PostForm("line_enabled") == "on",
LineNotifyToken: c.PostForm("line_token"),
NotifyOnCreate: c.PostForm("notify_on_create") == "on",
}
@@ -173,3 +176,135 @@ func (h *ProfileHandler) UpdateNotificationSettings(c *gin.Context) {
"notifySettings": notifySettings,
})
}
const totpPendingSecretKey = "totp_pending_secret"
func (h *ProfileHandler) ShowTOTPSetup(c *gin.Context) {
userID := h.getUserID(c)
user, _ := h.authService.GetUserByID(userID)
setupData, err := h.totpService.GenerateSecret(user.Email, h.appName)
if err != nil {
RenderHTML(c, http.StatusOK, "totp_setup.html", gin.H{
"title": "2段階認証の設定",
"error": "シークレットの生成に失敗しました",
})
return
}
session := sessions.Default(c)
session.Set(totpPendingSecretKey, setupData.Secret)
session.Save()
RenderHTML(c, http.StatusOK, "totp_setup.html", gin.H{
"title": "2段階認証の設定",
"secret": setupData.Secret,
"qrCode": setupData.QRCodeB64,
"otpAuthURL": setupData.OTPAuthURL,
})
}
func (h *ProfileHandler) EnableTOTP(c *gin.Context) {
userID := h.getUserID(c)
user, _ := h.authService.GetUserByID(userID)
session := sessions.Default(c)
secret, ok := session.Get(totpPendingSecretKey).(string)
if !ok || secret == "" {
c.Redirect(http.StatusFound, "/profile/totp/setup")
return
}
renderSetupError := func(msg string) {
data := gin.H{
"title": "2段階認証の設定",
"error": msg,
"secret": secret,
}
if setupData, err := h.totpService.SetupDataFromSecret(secret, user.Email, h.appName); err == nil {
data["qrCode"] = setupData.QRCodeB64
data["otpAuthURL"] = setupData.OTPAuthURL
}
RenderHTML(c, http.StatusOK, "totp_setup.html", data)
}
password := c.PostForm("password")
if _, err := h.authService.Login(user.Email, password); err != nil {
renderSetupError("パスワードが正しくありません")
return
}
code := c.PostForm("totp_code")
if !h.totpService.Validate(secret, code) {
renderSetupError("認証コードが正しくありません。もう一度試してください")
return
}
if err := h.authService.EnableTOTP(userID, secret); err != nil {
RenderHTML(c, http.StatusOK, "totp_setup.html", gin.H{
"title": "2段階認証の設定",
"error": "2段階認証の有効化に失敗しました",
})
return
}
session.Delete(totpPendingSecretKey)
session.Save()
role, _ := c.Get(middleware.UserRoleKey)
name, _ := c.Get(middleware.UserNameKey)
notifySettings, _ := h.notificationService.GetUserSettings(userID)
user, _ = h.authService.GetUserByID(userID)
RenderHTML(c, http.StatusOK, "profile.html", gin.H{
"title": "プロフィール",
"user": user,
"totpSuccess": "2段階認証を有効化しました",
"isAdmin": role == "admin",
"userName": name,
"notifySettings": notifySettings,
})
}
func (h *ProfileHandler) DisableTOTP(c *gin.Context) {
userID := h.getUserID(c)
role, _ := c.Get(middleware.UserRoleKey)
name, _ := c.Get(middleware.UserNameKey)
user, _ := h.authService.GetUserByID(userID)
notifySettings, _ := h.notificationService.GetUserSettings(userID)
password := c.PostForm("password")
if _, err := h.authService.Login(user.Email, password); err != nil {
RenderHTML(c, http.StatusOK, "profile.html", gin.H{
"title": "プロフィール",
"user": user,
"totpError": "パスワードが正しくありません",
"isAdmin": role == "admin",
"userName": name,
"notifySettings": notifySettings,
})
return
}
if err := h.authService.DisableTOTP(userID); err != nil {
RenderHTML(c, http.StatusOK, "profile.html", gin.H{
"title": "プロフィール",
"user": user,
"totpError": "2段階認証の無効化に失敗しました",
"isAdmin": role == "admin",
"userName": name,
"notifySettings": notifySettings,
})
return
}
user, _ = h.authService.GetUserByID(userID)
RenderHTML(c, http.StatusOK, "profile.html", gin.H{
"title": "プロフィール",
"user": user,
"totpSuccess": "2段階認証を無効化しました",
"isAdmin": role == "admin",
"userName": name,
"notifySettings": notifySettings,
})
}

6
internal/middleware/csrf.go
View File

@@ -101,12 +101,6 @@ func CSRF(config CSRFConfig) gin.HandlerFunc {
}
c.Next()
newToken, err := generateCSRFToken(config.Secret)
if err == nil {
session.Set(csrfTokenKey, newToken)
session.Save()
}
}
}

18
internal/middleware/security.go
View File

@@ -7,21 +7,33 @@ import (
)
type SecurityConfig struct {
HTTPS bool
HTTPS bool
TurnstileEnabled bool
}
func SecurityHeaders(config SecurityConfig) gin.HandlerFunc {
return func(c *gin.Context) {
if config.HTTPS {
c.Header("Strict-Transport-Security", "max-age=31536000; includeSubDomains")
}
scriptSrc := "'self' 'unsafe-inline' https://cdn.jsdelivr.net"
frameSrc := "'none'"
connectSrc := "'self'"
if config.TurnstileEnabled {
scriptSrc += " https://challenges.cloudflare.com"
frameSrc = "https://challenges.cloudflare.com"
connectSrc += " https://challenges.cloudflare.com"
}
csp := []string{
"default-src 'self'",
"script-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net",
"script-src " + scriptSrc,
"style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net",
"font-src 'self' https://cdn.jsdelivr.net",
"img-src 'self' data:",
"connect-src 'self'",
"connect-src " + connectSrc,
"frame-src " + frameSrc,
"frame-ancestors 'none'",
}
c.Header("Content-Security-Policy", strings.Join(csp, "; "))

2
internal/models/api_key.go
View File

@@ -10,7 +10,7 @@ type APIKey struct {
ID uint `gorm:"primarykey" json:"id"`
UserID uint `gorm:"not null;index" json:"user_id"`
Name string `gorm:"not null" json:"name"`
KeyHash string `gorm:"not null;uniqueIndex" json:"-"`
KeyHash string `gorm:"not null;uniqueIndex;size:255" json:"-"`
LastUsed *time.Time `json:"last_used,omitempty"`
CreatedAt time.Time `json:"created_at"`
DeletedAt gorm.DeletedAt `gorm:"index" json:"-"`

19
internal/models/notification_settings.go
View File

@@ -7,16 +7,15 @@ import (
)
type UserNotificationSettings struct {
ID uint `gorm:"primarykey" json:"id"`
UserID uint `gorm:"uniqueIndex;not null" json:"user_id"`
TelegramEnabled bool `gorm:"default:false" json:"telegram_enabled"`
TelegramChatID string `json:"telegram_chat_id"`
LineEnabled bool `gorm:"default:false" json:"line_enabled"`
LineNotifyToken string `json:"-"`
NotifyOnCreate bool `gorm:"default:true" json:"notify_on_create"`
CreatedAt time.Time `json:"created_at"`
UpdatedAt time.Time `json:"updated_at"`
DeletedAt gorm.DeletedAt `gorm:"index" json:"-"`
ID uint `gorm:"primarykey" json:"id"`
UserID uint `gorm:"uniqueIndex;not null" json:"user_id"`
TelegramEnabled bool `gorm:"default:false" json:"telegram_enabled"`
TelegramChatID string `json:"telegram_chat_id"`
NotifyOnCreate bool `gorm:"default:true" json:"notify_on_create"`
CreatedAt time.Time `json:"created_at"`
UpdatedAt time.Time `json:"updated_at"`
DeletedAt gorm.DeletedAt `gorm:"index" json:"-"`
User *User `gorm:"foreignKey:UserID" json:"-"`
}

4
internal/models/user.go
View File

@@ -8,10 +8,12 @@ import (
type User struct {
ID uint `gorm:"primarykey" json:"id"`
Email string `gorm:"uniqueIndex;not null" json:"email"`
Email string `gorm:"uniqueIndex;not null;size:255" json:"email"`
PasswordHash string `gorm:"not null" json:"-"`
Name string `gorm:"not null" json:"name"`
Role string `gorm:"not null;default:user" json:"role"` // "admin" or "user"
TOTPSecret string `gorm:"size:100" json:"-"`
TOTPEnabled bool `gorm:"default:false" json:"totp_enabled"`
CreatedAt time.Time `json:"created_at"`
UpdatedAt time.Time `json:"updated_at"`
DeletedAt gorm.DeletedAt `gorm:"index" json:"-"`

56
internal/repository/assignment_repository.go
View File

@@ -346,3 +346,59 @@ func (r *AssignmentRepository) GetSubjectsByUserIDWithArchived(userID uint, incl
err := query.Distinct("subject").Pluck("subject", &subjects).Error
return subjects, err
}
func (r *AssignmentRepository) SearchWithPreload(userID uint, queryStr, priority, filter string, page, pageSize int) ([]models.Assignment, int64, error) {
var assignments []models.Assignment
var totalCount int64
dbQuery := r.db.Model(&models.Assignment{}).Where("user_id = ?", userID)
if queryStr != "" {
dbQuery = dbQuery.Where("title LIKE ? OR description LIKE ?", "%"+queryStr+"%", "%"+queryStr+"%")
}
if priority != "" {
dbQuery = dbQuery.Where("priority = ?", priority)
}
now := time.Now()
startOfDay := time.Date(now.Year(), now.Month(), now.Day(), 0, 0, 0, 0, now.Location())
endOfDay := startOfDay.AddDate(0, 0, 1)
weekLater := startOfDay.AddDate(0, 0, 7)
switch filter {
case "completed":
dbQuery = dbQuery.Where("is_completed = ?", true)
case "overdue":
dbQuery = dbQuery.Where("is_completed = ? AND due_date < ?", false, now)
case "due_today":
dbQuery = dbQuery.Where("is_completed = ? AND due_date >= ? AND due_date < ?", false, startOfDay, endOfDay)
case "due_this_week":
dbQuery = dbQuery.Where("is_completed = ? AND due_date >= ? AND due_date < ?", false, startOfDay, weekLater)
case "recurring":
dbQuery = dbQuery.Where("recurring_assignment_id IS NOT NULL")
default:
dbQuery = dbQuery.Where("is_completed = ?", false)
}
if err := dbQuery.Count(&totalCount).Error; err != nil {
return nil, 0, err
}
if filter == "completed" {
dbQuery = dbQuery.Order("completed_at DESC")
} else {
dbQuery = dbQuery.Order("due_date ASC")
}
if page < 1 {
page = 1
}
if pageSize < 1 {
pageSize = 10
}
offset := (page - 1) * pageSize
err := dbQuery.Preload("RecurringAssignment").Limit(pageSize).Offset(offset).Find(&assignments).Error
return assignments, totalCount, err
}

5
internal/repository/recurring_assignment_repository.go
View File

@@ -76,7 +76,10 @@ func (r *RecurringAssignmentRepository) FindDueForGeneration() ([]models.Recurri
}
}
if shouldGenerate {
if !shouldGenerate {
rec.IsActive = false
r.db.Save(&rec)
} else {
result = append(result, rec)
}
}

46
internal/router/router.go
View File

@@ -14,6 +14,7 @@ import (
"homework-manager/internal/middleware"
"homework-manager/internal/service"
"github.com/dchest/captcha"
"github.com/gin-contrib/sessions"
"github.com/gin-contrib/sessions/cookie"
"github.com/gin-gonic/gin"
@@ -48,6 +49,19 @@ func getFuncMap() template.FuncMap {
"recurringLabel": service.GetRecurrenceTypeLabel,
"endTypeLabel": service.GetEndTypeLabel,
"recurringSummary": service.FormatRecurringSummary,
"derefInt": func(i *int) int {
if i == nil {
return 0
}
return *i
},
"seq": func(start, end int) []int {
var result []int
for i := start; i <= end; i++ {
result = append(result, i)
}
return result
},
}
}
@@ -67,6 +81,7 @@ func loadTemplates() (*template.Template, error) {
{"web/templates/auth/*.html", ""},
{"web/templates/pages/*.html", ""},
{"web/templates/assignments/*.html", "assignments/"},
{"web/templates/recurring/*.html", "recurring/"},
{"web/templates/admin/*.html", "admin/"},
}
@@ -161,7 +176,8 @@ func Setup(cfg *config.Config) *gin.Engine {
r.Use(middleware.RequestTimer())
securityConfig := middleware.SecurityConfig{
HTTPS: cfg.HTTPS,
HTTPS: cfg.HTTPS,
TurnstileEnabled: cfg.Captcha.Enabled && cfg.Captcha.Type == "turnstile",
}
r.Use(middleware.SecurityHeaders(securityConfig))
r.Use(middleware.ForceHTTPS(securityConfig))
@@ -182,11 +198,21 @@ func Setup(cfg *config.Config) *gin.Engine {
notificationService.StartReminderScheduler()
authHandler := handler.NewAuthHandler()
authHandler := handler.NewAuthHandler(cfg.Captcha)
assignmentHandler := handler.NewAssignmentHandler(notificationService)
adminHandler := handler.NewAdminHandler()
profileHandler := handler.NewProfileHandler(notificationService)
apiHandler := handler.NewAPIHandler()
apiRecurringHandler := handler.NewAPIRecurringHandler()
r.GET("/captcha/:file", gin.WrapH(captcha.Server(captcha.StdWidth, captcha.StdHeight)))
r.GET("/captcha-new", func(c *gin.Context) {
id := captcha.New()
c.String(http.StatusOK, id)
})
r.GET("/login/2fa", csrfMiddleware, authHandler.ShowLogin2FA)
r.POST("/login/2fa", csrfMiddleware, authHandler.Login2FA)
guest := r.Group("/")
guest.Use(middleware.GuestOnly())
@@ -226,10 +252,20 @@ func Setup(cfg *config.Config) *gin.Engine {
auth.POST("/statistics/archive-subject", assignmentHandler.ArchiveSubject)
auth.POST("/statistics/unarchive-subject", assignmentHandler.UnarchiveSubject)
auth.POST("/recurring/:id/stop", assignmentHandler.StopRecurring)
auth.POST("/recurring/:id/resume", assignmentHandler.ResumeRecurring)
auth.POST("/recurring/:id/delete", assignmentHandler.DeleteRecurring)
auth.GET("/recurring", assignmentHandler.ListRecurring)
auth.GET("/recurring/:id/edit", assignmentHandler.EditRecurring)
auth.POST("/recurring/:id", assignmentHandler.UpdateRecurring)
auth.GET("/profile", profileHandler.Show)
auth.POST("/profile", profileHandler.Update)
auth.POST("/profile/password", profileHandler.ChangePassword)
auth.POST("/profile/notifications", profileHandler.UpdateNotificationSettings)
auth.GET("/profile/totp/setup", profileHandler.ShowTOTPSetup)
auth.POST("/profile/totp/setup", profileHandler.EnableTOTP)
auth.POST("/profile/totp/disable", profileHandler.DisableTOTP)
admin := auth.Group("/admin")
admin.Use(middleware.AdminRequired())
@@ -258,7 +294,13 @@ func Setup(cfg *config.Config) *gin.Engine {
api.PUT("/assignments/:id", apiHandler.UpdateAssignment)
api.DELETE("/assignments/:id", apiHandler.DeleteAssignment)
api.PATCH("/assignments/:id/toggle", apiHandler.ToggleAssignment)
api.GET("/statistics", apiHandler.GetStatistics)
api.GET("/recurring", apiRecurringHandler.ListRecurring)
api.GET("/recurring/:id", apiRecurringHandler.GetRecurring)
api.PUT("/recurring/:id", apiRecurringHandler.UpdateRecurring)
api.DELETE("/recurring/:id", apiRecurringHandler.DeleteRecurring)
}
return r

23
internal/service/assignment_service.go
View File

@@ -179,7 +179,7 @@ func (s *AssignmentService) SearchAssignments(userID uint, query, priority, filt
pageSize = 10
}
assignments, totalCount, err := s.assignmentRepo.Search(userID, query, priority, filter, page, pageSize)
assignments, totalCount, err := s.assignmentRepo.SearchWithPreload(userID, query, priority, filter, page, pageSize)
if err != nil {
return nil, err
}
@@ -255,11 +255,11 @@ func (s *AssignmentService) GetSubjectsByUser(userID uint) ([]string, error) {
}
type DashboardStats struct {
TotalPending int64
DueToday int
DueThisWeek int
Overdue int
Subjects []string
TotalPending int64
DueToday int
DueThisWeek int
Overdue int
Subjects []string
}
func (s *AssignmentService) GetDashboardStats(userID uint) (*DashboardStats, error) {
@@ -270,11 +270,11 @@ func (s *AssignmentService) GetDashboardStats(userID uint) (*DashboardStats, err
subjects, _ := s.assignmentRepo.GetSubjectsByUserID(userID)
return &DashboardStats{
TotalPending: pending,
DueToday: len(dueToday),
DueThisWeek: len(dueThisWeek),
Overdue: int(overdueCount),
Subjects: subjects,
TotalPending: pending,
DueToday: len(dueToday),
DueThisWeek: len(dueThisWeek),
Overdue: int(overdueCount),
Subjects: subjects,
}, nil
}
@@ -392,4 +392,3 @@ func (s *AssignmentService) GetSubjectsWithArchived(userID uint, includeArchived
func (s *AssignmentService) GetArchivedSubjects(userID uint) ([]string, error) {
return s.assignmentRepo.GetArchivedSubjects(userID)
}

20
internal/service/auth_service.go
View File

@@ -104,3 +104,23 @@ func (s *AuthService) UpdateProfile(userID uint, name string) error {
user.Name = name
return s.userRepo.Update(user)
}
func (s *AuthService) EnableTOTP(userID uint, secret string) error {
user, err := s.userRepo.FindByID(userID)
if err != nil {
return ErrUserNotFound
}
user.TOTPSecret = secret
user.TOTPEnabled = true
return s.userRepo.Update(user)
}
func (s *AuthService) DisableTOTP(userID uint) error {
user, err := s.userRepo.FindByID(userID)
if err != nil {
return ErrUserNotFound
}
user.TOTPSecret = ""
user.TOTPEnabled = false
return s.userRepo.Update(user)
}

75
internal/service/captcha_service.go Normal file
View File

@@ -0,0 +1,75 @@
package service
import (
"encoding/json"
"fmt"
"io"
"net/http"
"net/url"
"strings"
"github.com/dchest/captcha"
)
type CaptchaService struct {
captchaType string
turnstileSecretKey string
}
func NewCaptchaService(captchaType, turnstileSecretKey string) *CaptchaService {
return &CaptchaService{
captchaType: captchaType,
turnstileSecretKey: turnstileSecretKey,
}
}
func (s *CaptchaService) NewImageCaptcha() string {
return captcha.New()
}
func (s *CaptchaService) VerifyImageCaptcha(id, answer string) bool {
return captcha.VerifyString(id, answer)
}
type turnstileResponse struct {
Success bool `json:"success"`
Errors []string `json:"error-codes"`
}
func (s *CaptchaService) VerifyTurnstile(token, remoteIP string) (bool, error) {
if token == "" {
return false, nil
}
form := url.Values{}
form.Set("secret", s.turnstileSecretKey)
form.Set("response", token)
if remoteIP != "" {
form.Set("remoteip", remoteIP)
}
resp, err := http.Post(
"https://challenges.cloudflare.com/turnstile/v0/siteverify",
"application/x-www-form-urlencoded",
strings.NewReader(form.Encode()),
)
if err != nil {
return false, fmt.Errorf("turnstile request failed: %w", err)
}
defer resp.Body.Close()
body, err := io.ReadAll(resp.Body)
if err != nil {
return false, fmt.Errorf("reading turnstile response: %w", err)
}
var result turnstileResponse
if err := json.Unmarshal(body, &result); err != nil {
return false, fmt.Errorf("parsing turnstile response: %w", err)
}
return result.Success, nil
}
func (s *CaptchaService) Type() string {
return s.captchaType
}

53
internal/service/notification_service.go
View File

@@ -6,7 +6,6 @@ import (
"fmt"
"log"
"net/http"
"net/url"
"strings"
"time"
@@ -85,38 +84,6 @@ func (s *NotificationService) SendTelegramNotification(chatID, message string) e
return nil
}
func (s *NotificationService) SendLineNotification(token, message string) error {
if token == "" {
return fmt.Errorf("LINE Notify token is empty")
}
apiURL := "https://notify-api.line.me/api/notify"
data := url.Values{}
data.Set("message", message)
req, err := http.NewRequest("POST", apiURL, strings.NewReader(data.Encode()))
if err != nil {
return err
}
req.Header.Set("Authorization", "Bearer "+token)
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
client := &http.Client{Timeout: 10 * time.Second}
resp, err := client.Do(req)
if err != nil {
return err
}
defer resp.Body.Close()
if resp.StatusCode != http.StatusOK {
return fmt.Errorf("LINE Notify API returned status %d", resp.StatusCode)
}
return nil
}
func (s *NotificationService) SendAssignmentReminder(userID uint, assignment *models.Assignment) error {
settings, err := s.GetUserSettings(userID)
if err != nil {
@@ -139,12 +106,6 @@ func (s *NotificationService) SendAssignmentReminder(userID uint, assignment *mo
}
}
if settings.LineEnabled && settings.LineNotifyToken != "" {
if err := s.SendLineNotification(settings.LineNotifyToken, message); err != nil {
errors = append(errors, fmt.Sprintf("LINE: %v", err))
}
}
if len(errors) > 0 {
return fmt.Errorf("notification errors: %s", strings.Join(errors, "; "))
}
@@ -162,7 +123,7 @@ func (s *NotificationService) SendAssignmentCreatedNotification(userID uint, ass
return nil
}
if !settings.TelegramEnabled && !settings.LineEnabled {
if !settings.TelegramEnabled {
return nil
}
@@ -183,12 +144,6 @@ func (s *NotificationService) SendAssignmentCreatedNotification(userID uint, ass
}
}
if settings.LineEnabled && settings.LineNotifyToken != "" {
if err := s.SendLineNotification(settings.LineNotifyToken, message); err != nil {
errors = append(errors, fmt.Sprintf("LINE: %v", err))
}
}
if len(errors) > 0 {
return fmt.Errorf("notification errors: %s", strings.Join(errors, "; "))
}
@@ -252,12 +207,6 @@ func (s *NotificationService) SendUrgentReminder(userID uint, assignment *models
}
}
if settings.LineEnabled && settings.LineNotifyToken != "" {
if err := s.SendLineNotification(settings.LineNotifyToken, message); err != nil {
errors = append(errors, fmt.Sprintf("LINE: %v", err))
}
}
if len(errors) > 0 {
return fmt.Errorf("notification errors: %s", strings.Join(errors, "; "))
}

90
internal/service/recurring_assignment_service.go
View File

@@ -30,7 +30,7 @@ func NewRecurringAssignmentService() *RecurringAssignmentService {
}
}
type CreateRecurringInput struct {
type CreateRecurringAssignmentInput struct {
Title string
Description string
Subject string
@@ -50,7 +50,7 @@ type CreateRecurringInput struct {
FirstDueDate time.Time
}
func (s *RecurringAssignmentService) Create(userID uint, input CreateRecurringInput) (*models.RecurringAssignment, error) {
func (s *RecurringAssignmentService) Create(userID uint, input CreateRecurringAssignmentInput) (*models.RecurringAssignment, error) {
if !isValidRecurrenceType(input.RecurrenceType) {
return nil, ErrInvalidRecurrenceType
}
@@ -121,15 +121,22 @@ func (s *RecurringAssignmentService) GetActiveByUser(userID uint) ([]models.Recu
}
type UpdateRecurringInput struct {
Title string
Description string
Subject string
Priority string
DueTime string
Title *string
Description *string
Subject *string
Priority *string
RecurrenceType *string
RecurrenceInterval *int
RecurrenceWeekday *int
RecurrenceDay *int
DueTime *string
EndType *string
EndCount *int
EndDate *time.Time
EditBehavior string
ReminderEnabled bool
ReminderEnabled *bool
ReminderOffset *int
UrgentReminderEnabled bool
UrgentReminderEnabled *bool
}
func (s *RecurringAssignmentService) Update(userID, recurringID uint, input UpdateRecurringInput) (*models.RecurringAssignment, error) {
@@ -138,19 +145,56 @@ func (s *RecurringAssignmentService) Update(userID, recurringID uint, input Upda
return nil, err
}
recurring.Title = input.Title
recurring.Description = input.Description
recurring.Subject = input.Subject
recurring.Priority = input.Priority
if input.DueTime != "" {
recurring.DueTime = input.DueTime
if input.Title != nil {
recurring.Title = *input.Title
}
if input.Description != nil {
recurring.Description = *input.Description
}
if input.Subject != nil {
recurring.Subject = *input.Subject
}
if input.Priority != nil {
recurring.Priority = *input.Priority
}
if input.DueTime != nil {
recurring.DueTime = *input.DueTime
}
if input.EditBehavior != "" {
recurring.EditBehavior = input.EditBehavior
}
recurring.ReminderEnabled = input.ReminderEnabled
recurring.ReminderOffset = input.ReminderOffset
recurring.UrgentReminderEnabled = input.UrgentReminderEnabled
if input.ReminderEnabled != nil {
recurring.ReminderEnabled = *input.ReminderEnabled
}
if input.ReminderOffset != nil {
recurring.ReminderOffset = input.ReminderOffset
}
if input.UrgentReminderEnabled != nil {
recurring.UrgentReminderEnabled = *input.UrgentReminderEnabled
}
if input.RecurrenceType != nil && *input.RecurrenceType != "" && isValidRecurrenceType(*input.RecurrenceType) {
recurring.RecurrenceType = *input.RecurrenceType
}
if input.RecurrenceInterval != nil && *input.RecurrenceInterval > 0 {
recurring.RecurrenceInterval = *input.RecurrenceInterval
}
if input.RecurrenceWeekday != nil {
recurring.RecurrenceWeekday = input.RecurrenceWeekday
}
if input.RecurrenceDay != nil {
recurring.RecurrenceDay = input.RecurrenceDay
}
if input.EndType != nil && isValidEndType(*input.EndType) {
recurring.EndType = *input.EndType
}
if input.EndCount != nil {
recurring.EndCount = input.EndCount
}
if input.EndDate != nil {
recurring.EndDate = input.EndDate
}
if err := s.recurringRepo.Update(recurring); err != nil {
return nil, err
@@ -159,6 +203,16 @@ func (s *RecurringAssignmentService) Update(userID, recurringID uint, input Upda
return recurring, nil
}
func (s *RecurringAssignmentService) SetActive(userID, recurringID uint, isActive bool) error {
recurring, err := s.GetByID(userID, recurringID)
if err != nil {
return err
}
recurring.IsActive = isActive
return s.recurringRepo.Update(recurring)
}
func (s *RecurringAssignmentService) UpdateAssignmentWithBehavior(
userID uint,
assignment *models.Assignment,

71
internal/service/totp_service.go Normal file
View File

@@ -0,0 +1,71 @@
package service
import (
"bytes"
"encoding/base64"
"fmt"
"image/png"
"net/url"
"github.com/pquerna/otp"
totplib "github.com/pquerna/otp/totp"
)
type TOTPService struct{}
func NewTOTPService() *TOTPService {
return &TOTPService{}
}
type TOTPSetupData struct {
Secret string
QRCodeB64 string
OTPAuthURL string
}
func (s *TOTPService) GenerateSecret(email, issuer string) (*TOTPSetupData, error) {
key, err := totplib.Generate(totplib.GenerateOpts{
Issuer: issuer,
AccountName: email,
})
if err != nil {
return nil, err
}
return s.buildSetupData(key)
}
func (s *TOTPService) SetupDataFromSecret(secret, email, issuer string) (*TOTPSetupData, error) {
otpURL := fmt.Sprintf("otpauth://totp/%s:%s?secret=%s&issuer=%s",
url.PathEscape(issuer),
url.PathEscape(email),
url.QueryEscape(secret),
url.QueryEscape(issuer),
)
key, err := otp.NewKeyFromURL(otpURL)
if err != nil {
return nil, err
}
return s.buildSetupData(key)
}
func (s *TOTPService) buildSetupData(key *otp.Key) (*TOTPSetupData, error) {
img, err := key.Image(200, 200)
if err != nil {
return nil, err
}
var buf bytes.Buffer
if err := png.Encode(&buf, img); err != nil {
return nil, err
}
return &TOTPSetupData{
Secret: key.Secret(),
QRCodeB64: base64.StdEncoding.EncodeToString(buf.Bytes()),
OTPAuthURL: key.URL(),
}, nil
}
func (s *TOTPService) Validate(secret, code string) bool {
return totplib.Validate(code, secret)
}

173
internal/validation/validation.go Normal file
View File

@@ -0,0 +1,173 @@
package validation
import (
"fmt"
"regexp"
"strings"
"unicode"
)
var MaxLengths = map[string]int{
"title": 200,
"description": 5000,
"subject": 100,
"priority": 20,
}
var xssPatterns = []*regexp.Regexp{
regexp.MustCompile(`(?i)<\s*script`),
regexp.MustCompile(`(?i)</\s*script`),
regexp.MustCompile(`(?i)javascript\s*:`),
regexp.MustCompile(`(?i)on\w+\s*=`),
regexp.MustCompile(`(?i)<\s*iframe`),
regexp.MustCompile(`(?i)<\s*object`),
regexp.MustCompile(`(?i)<\s*embed`),
regexp.MustCompile(`(?i)<\s*svg[^>]*on\w+\s*=`),
regexp.MustCompile(`(?i)data\s*:\s*text/html`),
regexp.MustCompile(`(?i)<\s*img[^>]*on\w+\s*=`),
regexp.MustCompile(`(?i)expression\s*\(`),
regexp.MustCompile(`(?i)alert\s*\(`),
regexp.MustCompile(`(?i)confirm\s*\(`),
regexp.MustCompile(`(?i)prompt\s*\(`),
regexp.MustCompile(`(?i)document\s*\.\s*cookie`),
regexp.MustCompile(`(?i)document\s*\.\s*location`),
regexp.MustCompile(`(?i)window\s*\.\s*location`),
}
var sqlInjectionPatterns = []*regexp.Regexp{
regexp.MustCompile(`(?i)'\s*or\s+`),
regexp.MustCompile(`(?i)'\s*and\s+`),
regexp.MustCompile(`(?i)"\s*or\s+`),
regexp.MustCompile(`(?i)"\s*and\s+`),
regexp.MustCompile(`(?i)union\s+(all\s+)?select`),
regexp.MustCompile(`(?i);\s*(drop|delete|update|insert|alter|truncate)\s+`),
regexp.MustCompile(`(?i)--\s*$`),
regexp.MustCompile(`(?i)/\*.*\*/`),
regexp.MustCompile(`(?i)'\s*;\s*`),
regexp.MustCompile(`(?i)exec\s*\(`),
regexp.MustCompile(`(?i)xp_\w+`),
regexp.MustCompile(`(?i)load_file\s*\(`),
regexp.MustCompile(`(?i)into\s+(out|dump)file`),
regexp.MustCompile(`(?i)benchmark\s*\(`),
regexp.MustCompile(`(?i)sleep\s*\(\s*\d`),
regexp.MustCompile(`(?i)waitfor\s+delay`),
regexp.MustCompile(`(?i)1\s*=\s*1`),
regexp.MustCompile(`(?i)'1'\s*=\s*'1`),
}
var pathTraversalPatterns = []*regexp.Regexp{
regexp.MustCompile(`\.\.[\\/]`),
regexp.MustCompile(`\.\.%2[fF]`),
regexp.MustCompile(`%2e%2e[\\/]`),
regexp.MustCompile(`\.\./`),
regexp.MustCompile(`\.\.\\`),
}
var commandInjectionPatterns = []*regexp.Regexp{
regexp.MustCompile(`^\s*;`),
regexp.MustCompile(`;\s*\w+`),
regexp.MustCompile(`\|\s*\w+`),
regexp.MustCompile("`[^`]+`"),
regexp.MustCompile(`\$\([^)]+\)`),
regexp.MustCompile(`&&\s*\w+`),
regexp.MustCompile(`\|\|\s*\w+`),
}
type ValidationError struct {
Field string
Message string
}
func (e *ValidationError) Error() string {
return fmt.Sprintf("%s: %s", e.Field, e.Message)
}
func ValidateAssignmentInput(title, description, subject, priority string) error {
if err := ValidateField("title", title, true); err != nil {
return err
}
if err := ValidateField("description", description, false); err != nil {
return err
}
if err := ValidateField("subject", subject, false); err != nil {
return err
}
if err := ValidateField("priority", priority, false); err != nil {
return err
}
return nil
}
func ValidateField(fieldName, value string, required bool) error {
if required && strings.TrimSpace(value) == "" {
return &ValidationError{Field: fieldName, Message: "必須項目です"}
}
if value == "" {
return nil
}
if maxLen, ok := MaxLengths[fieldName]; ok {
if len(value) > maxLen {
return &ValidationError{
Field: fieldName,
Message: fmt.Sprintf("最大%d文字までです", maxLen),
}
}
}
if fieldName != "description" {
for _, r := range value {
if unicode.IsControl(r) && r != '\n' && r != '\r' && r != '\t' {
return &ValidationError{
Field: fieldName,
Message: "不正な制御文字が含まれています",
}
}
}
}
for _, pattern := range xssPatterns {
if pattern.MatchString(value) {
return &ValidationError{
Field: fieldName,
Message: "潜在的に危険なHTMLタグまたはスクリプトが含まれています",
}
}
}
for _, pattern := range sqlInjectionPatterns {
if pattern.MatchString(value) {
return &ValidationError{
Field: fieldName,
Message: "潜在的に危険なSQL構文が含まれています",
}
}
}
for _, pattern := range pathTraversalPatterns {
if pattern.MatchString(value) {
return &ValidationError{
Field: fieldName,
Message: "不正なパス文字列が含まれています",
}
}
}
for _, pattern := range commandInjectionPatterns {
if pattern.MatchString(value) {
return &ValidationError{
Field: fieldName,
Message: "潜在的に危険なコマンド構文が含まれています",
}
}
}
return nil
}
func SanitizeString(s string) string {
s = strings.ReplaceAll(s, "\x00", "")
s = strings.TrimSpace(s)
return s
}

50
web/static/js/app.js
View File

@@ -1,28 +1,56 @@
// Homework Manager JavaScript
const XSS = {
escapeHtml: function (str) {
if (str === null || str === undefined) return '';
const div = document.createElement('div');
div.textContent = str;
return div.innerHTML;
},
document.addEventListener('DOMContentLoaded', function() {
// Auto-dismiss alerts after 5 seconds
const alerts = document.querySelectorAll('.alert:not(.alert-danger)');
alerts.forEach(function(alert) {
setTimeout(function() {
setTextSafe: function (element, text) {
if (element) {
element.textContent = text;
}
},
sanitizeUrl: function (url) {
if (!url) return '';
const cleaned = String(url).replace(/[\x00-\x1F\x7F]/g, '').trim();
try {
const parsed = new URL(cleaned, window.location.origin);
if (parsed.protocol === 'http:' || parsed.protocol === 'https:') {
return parsed.href;
}
} catch (e) {
if (cleaned.startsWith('/') && !cleaned.startsWith('//')) {
return cleaned;
}
}
return '';
}
};
window.XSS = XSS;
document.addEventListener('DOMContentLoaded', function () {
const alerts = document.querySelectorAll('.alert:not(.alert-danger):not(.modal .alert)');
alerts.forEach(function (alert) {
setTimeout(function () {
alert.classList.add('fade');
setTimeout(function() {
setTimeout(function () {
alert.remove();
}, 150);
}, 5000);
});
// Confirm dialogs for dangerous actions
const confirmForms = document.querySelectorAll('form[data-confirm]');
confirmForms.forEach(function(form) {
form.addEventListener('submit', function(e) {
confirmForms.forEach(function (form) {
form.addEventListener('submit', function (e) {
if (!confirm(form.dataset.confirm)) {
e.preventDefault();
}
});
});
// Set default datetime to now + 1 day for new assignments
const dueDateInput = document.getElementById('due_date');
if (dueDateInput && !dueDateInput.value) {
const tomorrow = new Date();

5
web/templates/admin/api_keys.html
View File

@@ -98,6 +98,11 @@
<li><code>PUT /api/v1/assignments/:id</code> - 課題更新</li>
<li><code>DELETE /api/v1/assignments/:id</code> - 課題削除</li>
<li><code>PATCH /api/v1/assignments/:id/toggle</code> - 完了状態切替</li>
<li><code>GET /api/v1/statistics</code> - 統計情報取得</li>
<li><code>GET /api/v1/recurring</code> - 繰り返し設定一覧取得</li>
<li><code>GET /api/v1/recurring/:id</code> - 繰り返し設定詳細取得</li>
<li><code>PUT /api/v1/recurring/:id</code> - 繰り返し設定更新</li>
<li><code>DELETE /api/v1/recurring/:id</code> - 繰り返し設定削除</li>
</ul>
</div>
</div>

33
web/templates/assignments/edit.html
View File

@@ -76,6 +76,39 @@
</div>
</div>
</div>
{{if .recurring}}
<!-- 繰り返し設定 -->
<div class="card bg-light mb-3">
<div class="card-body py-2">
<div class="d-flex justify-content-between align-items-center mb-2">
<h6 class="mb-0"><i class="bi bi-arrow-repeat me-1"></i>繰り返し設定</h6>
<a href="/recurring/{{.recurring.ID}}/edit" class="btn btn-sm btn-outline-primary">
<i class="bi bi-pencil me-1"></i>編集
</a>
</div>
<div class="row">
<div class="col-6">
<small class="text-muted">タイプ</small>
<div class="fw-bold">
{{if eq .recurring.RecurrenceType "daily"}}毎日{{end}}
{{if eq .recurring.RecurrenceType "weekly"}}毎週{{end}}
{{if eq .recurring.RecurrenceType "monthly"}}毎月{{end}}
</div>
</div>
<div class="col-6">
<small class="text-muted">状態</small>
<div>
{{if .recurring.IsActive}}
<span class="badge bg-success">有効</span>
{{else}}
<span class="badge bg-secondary">停止中</span>
{{end}}
</div>
</div>
</div>
</div>
</div>
{{end}}
<div class="d-flex gap-2">
<button type="submit" class="btn btn-primary"><i class="bi bi-check-lg me-1"></i>更新</button>
<a href="/assignments" class="btn btn-outline-secondary">キャンセル</a>

156
web/templates/assignments/index.html
View File

@@ -56,6 +56,13 @@
期限切れ
</a>
</li>
<li class="nav-item">
<a class="nav-link py-2 rounded-0 border-0 text-muted"
href="/recurring">
繰り返し
</a>
</li>
</ul>
<hr class="mt-0 mb-3 text-muted" style="opacity: 0.1;">
@@ -92,9 +99,9 @@
<thead class="bg-secondary-subtle">
<tr>
<th style="width: 50px;" class="ps-3 text-center text-dark fw-bold">状態</th>
<th class="text-dark fw-bold">タイトル</th>
<th style="width: 120px;" class="text-dark fw-bold">科目</th>
<th style="width: 80px;" class="text-dark fw-bold">重要度</th>
<th class="text-dark fw-bold">タイトル</th>
<th style="width: 140px;" class="text-dark fw-bold">期限</th>
<th style="width: 120px;" class="countdown-col text-dark fw-bold">残り</th>
<th style="width: 80px;" class="text-end pe-3 text-dark fw-bold">操作</th>
@@ -125,9 +132,6 @@
</form>
{{end}}
</td>
<td>
<div class="fw-bold text-dark text-truncate" style="max-width: 300px;">{{.Title}}</div>
</td>
<td><span class="badge bg-secondary text-white border-0 fw-bold">{{.Subject}}</span></td>
<td>
{{if eq .Priority "high"}}
@@ -138,6 +142,22 @@
<span class="badge bg-dark text-white border-0 fw-bold small"></span>
{{end}}
</td>
<td>
<div class="d-flex align-items-center">
<div class="fw-bold text-dark text-truncate" style="max-width: 280px;">{{.Title}}</div>
{{if .RecurringAssignmentID}}
<button type="button" class="btn btn-link p-0 ms-2 text-info" data-bs-toggle="modal"
data-bs-target="#recurringModal" data-recurring-id="{{.RecurringAssignmentID}}"
data-assignment-id="{{.ID}}"
data-recurring-title="{{.Title}}"
data-recurring-type="{{if .RecurringAssignment}}{{.RecurringAssignment.RecurrenceType}}{{else}}unknown{{end}}"
data-recurring-active="{{if .RecurringAssignment}}{{.RecurringAssignment.IsActive}}{{else}}true{{end}}"
title="繰り返し課題">
<i class="fa-solid fa-repeat"></i>
</button>
{{end}}
</div>
</td>
<td>
<div class="small fw-bold text-dark user-select-all">{{.DueDate.Format "2006/01/02 15:04"}}
</div>
@@ -154,6 +174,12 @@
<a href="/assignments/{{.ID}}/edit" class="text-primary me-3 text-decoration-none">
<i class="bi bi-pencil-fill"></i>
</a>
{{if .RecurringAssignmentID}}
<button type="button" class="btn btn-link p-0 text-danger text-decoration-none border-0 bg-transparent"
onclick="showDeleteRecurringModal({{.ID}}, {{.RecurringAssignmentID}})">
<i class="bi bi-trash-fill"></i>
</button>
{{else}}
<form action="/assignments/{{.ID}}/delete" method="POST" class="d-inline"
onsubmit="return confirm('削除しますか?');">
<input type="hidden" name="_csrf" value="{{$.csrfToken}}">
@@ -162,6 +188,7 @@
<i class="bi bi-trash-fill"></i>
</button>
</form>
{{end}}
</div>
</td>
</tr>
@@ -290,5 +317,126 @@
const btnText = document.getElementById('countdownBtnText');
if (btnText) btnText.textContent = 'カウントダウン非表示中';
}
// Recurring modal handler - wait for DOM to be ready
document.addEventListener('DOMContentLoaded', function() {
const recurringModal = document.getElementById('recurringModal');
if (recurringModal) {
recurringModal.addEventListener('show.bs.modal', function (event) {
const button = event.relatedTarget;
const id = button.getAttribute('data-recurring-id');
const assignmentId = button.getAttribute('data-assignment-id');
const title = button.getAttribute('data-recurring-title');
const type = button.getAttribute('data-recurring-type');
const isActive = button.getAttribute('data-recurring-active') === 'true';
document.getElementById('recurringModalTitle').textContent = title;
document.getElementById('recurringStopForm').action = '/recurring/' + id + '/stop';
document.getElementById('recurringEditBtn').href = '/recurring/' + id + '/edit';
const typeLabels = {
'daily': '毎日',
'weekly': '毎週',
'monthly': '毎月',
'unknown': '(読み込み中...)'
};
document.getElementById('recurringTypeLabel').textContent = typeLabels[type] || type || '不明';
const statusEl = document.getElementById('recurringStatus');
if (isActive) {
statusEl.innerHTML = '<span class="badge bg-success">有効</span>';
document.getElementById('recurringStopBtn').style.display = 'inline-block';
} else {
statusEl.innerHTML = '<span class="badge bg-secondary">停止中</span>';
document.getElementById('recurringStopBtn').style.display = 'none';
}
});
}
});
</script>
<!-- Recurring Modal -->
<div class="modal fade" id="recurringModal" tabindex="-1">
<div class="modal-dialog">
<div class="modal-content">
<div class="modal-header">
<h5 class="modal-title"><i class="fa-solid fa-repeat me-2"></i>繰り返し課題</h5>
<button type="button" class="btn-close" data-bs-dismiss="modal"></button>
</div>
<div class="modal-body">
<h6 id="recurringModalTitle" class="mb-3 fw-bold"></h6>
<table class="table table-sm table-borderless">
<tbody>
<tr>
<th class="text-muted" style="width: 100px;">繰り返し</th>
<td id="recurringTypeLabel">読み込み中...</td>
</tr>
<tr>
<th class="text-muted">状態</th>
<td id="recurringStatus">読み込み中...</td>
</tr>
</tbody>
</table>
<div class="alert alert-info small mb-0">
<i class="bi bi-info-circle me-1"></i>
繰り返しを停止すると、今後新しい課題は自動作成されなくなります。既存の課題はそのまま残ります。
</div>
</div>
<div class="modal-footer">
<button type="button" class="btn btn-secondary" data-bs-dismiss="modal">閉じる</button>
<a id="recurringEditBtn" href="#" class="btn btn-primary">
<i class="bi bi-pencil me-1"></i>編集
</a>
<form id="recurringStopForm" method="POST" class="d-inline">
<input type="hidden" name="_csrf" value="{{.csrfToken}}">
<button type="submit" id="recurringStopBtn" class="btn btn-danger"
onclick="return confirm('繰り返しを停止しますか?');">
<i class="bi bi-stop-fill me-1"></i>停止
</button>
</form>
</div>
</div>
</div>
</div>
<!-- Delete Recurring Confirmation Modal -->
<div class="modal fade" id="deleteRecurringModal" tabindex="-1">
<div class="modal-dialog">
<div class="modal-content">
<div class="modal-header">
<h5 class="modal-title"><i class="bi bi-trash me-2"></i>繰り返し課題の削除</h5>
<button type="button" class="btn-close" data-bs-dismiss="modal"></button>
</div>
<div class="modal-body">
<p>この課題は繰り返し設定に関連付けられています。</p>
<p>繰り返し設定も停止しますか?</p>
</div>
<div class="modal-footer">
<button type="button" class="btn btn-secondary" data-bs-dismiss="modal">キャンセル</button>
<form id="deleteOnlyForm" method="POST" class="d-inline">
<input type="hidden" name="_csrf" value="{{.csrfToken}}">
<button type="submit" class="btn btn-outline-danger">
課題のみ削除
</button>
</form>
<form id="deleteAndStopForm" method="POST" class="d-inline">
<input type="hidden" name="_csrf" value="{{.csrfToken}}">
<button type="submit" class="btn btn-danger">
削除して繰り返しも削除
</button>
</form>
</div>
</div>
</div>
</div>
<script>
function showDeleteRecurringModal(assignmentId, recurringId) {
var modal = new bootstrap.Modal(document.getElementById('deleteRecurringModal'));
document.getElementById('deleteOnlyForm').action = '/assignments/' + assignmentId + '/delete';
document.getElementById('deleteAndStopForm').action = '/assignments/' + assignmentId + '/delete?stop_recurring=' + recurringId;
modal.show();
}
</script>
{{end}}

48
web/templates/assignments/new.html
View File

@@ -101,25 +101,25 @@
<label class="form-label small">曜日</label>
<div class="btn-group btn-group-sm w-100" role="group">
<input type="radio" class="btn-check" name="recurrence_weekday" id="wd0"
value="0">
value="0" {{if eq .currentWeekday 0}}checked{{end}}>
<label class="btn btn-outline-primary" for="wd0"></label>
<input type="radio" class="btn-check" name="recurrence_weekday" id="wd1"
value="1" checked>
value="1" {{if eq .currentWeekday 1}}checked{{end}}>
<label class="btn btn-outline-primary" for="wd1"></label>
<input type="radio" class="btn-check" name="recurrence_weekday" id="wd2"
value="2">
value="2" {{if eq .currentWeekday 2}}checked{{end}}>
<label class="btn btn-outline-primary" for="wd2"></label>
<input type="radio" class="btn-check" name="recurrence_weekday" id="wd3"
value="3">
value="3" {{if eq .currentWeekday 3}}checked{{end}}>
<label class="btn btn-outline-primary" for="wd3"></label>
<input type="radio" class="btn-check" name="recurrence_weekday" id="wd4"
value="4">
value="4" {{if eq .currentWeekday 4}}checked{{end}}>
<label class="btn btn-outline-primary" for="wd4"></label>
<input type="radio" class="btn-check" name="recurrence_weekday" id="wd5"
value="5">
value="5" {{if eq .currentWeekday 5}}checked{{end}}>
<label class="btn btn-outline-primary" for="wd5"></label>
<input type="radio" class="btn-check" name="recurrence_weekday" id="wd6"
value="6">
value="6" {{if eq .currentWeekday 6}}checked{{end}}>
<label class="btn btn-outline-primary" for="wd6"></label>
</div>
</div>
@@ -127,37 +127,9 @@
<label for="recurrence_day" class="form-label small"></label>
<select class="form-select form-select-sm" id="recurrence_day"
name="recurrence_day">
<option value="1">1日</option>
<option value="2">2</option>
<option value="3">3日</option>
<option value="4">4日</option>
<option value="5">5日</option>
<option value="6">6日</option>
<option value="7">7日</option>
<option value="8">8日</option>
<option value="9">9日</option>
<option value="10">10日</option>
<option value="11">11日</option>
<option value="12">12日</option>
<option value="13">13日</option>
<option value="14">14日</option>
<option value="15">15日</option>
<option value="16">16日</option>
<option value="17">17日</option>
<option value="18">18日</option>
<option value="19">19日</option>
<option value="20">20日</option>
<option value="21">21日</option>
<option value="22">22日</option>
<option value="23">23日</option>
<option value="24">24日</option>
<option value="25">25日</option>
<option value="26">26日</option>
<option value="27">27日</option>
<option value="28">28日</option>
<option value="29">29日</option>
<option value="30">30日</option>
<option value="31">31日</option>
{{range $i := seq 1 31}}
<option value="{{$i}}" {{if eq $.currentDay $i}}selected{{end}}>{{$i}}</option>
{{end}}
</select>
</div>
<div id="end_group" style="display: none;">

43
web/templates/auth/login.html
View File

@@ -1,5 +1,11 @@
{{template "base" .}}
{{define "head"}}
{{if and .captchaEnabled (eq .captchaType "turnstile")}}
<script src="https://challenges.cloudflare.com/turnstile/v0/api.js" async defer></script>
{{end}}
{{end}}
{{define "content"}}
<div class="row justify-content-center">
<div class="col-md-5 col-lg-4">
@@ -25,6 +31,28 @@
<label for="password" class="form-label">パスワード</label>
<input type="password" class="form-control" id="password" name="password" required>
</div>
{{if .captchaEnabled}}
{{if eq .captchaType "turnstile"}}
<div class="mb-3 d-flex justify-content-center">
<div class="cf-turnstile" data-sitekey="{{.turnstileSiteKey}}"></div>
</div>
{{else if eq .captchaType "image"}}
<div class="mb-3">
<label class="form-label">画像認証</label>
<div class="d-flex align-items-center gap-2 mb-2">
<img src="/captcha/{{.captchaID}}.png" alt="CAPTCHA" class="border rounded" id="captchaImg">
<button type="button" class="btn btn-sm btn-outline-secondary" onclick="reloadCaptcha()" title="更新">
<i class="bi bi-arrow-clockwise"></i>
</button>
</div>
<input type="hidden" name="captcha_id" id="captchaID" value="{{.captchaID}}">
<input type="text" class="form-control" name="captcha_answer"
placeholder="上の数字を入力" autocomplete="off" required>
</div>
{{end}}
{{end}}
<div class="d-grid">
<button type="submit" class="btn btn-primary btn-lg">ログイン</button>
</div>
@@ -41,3 +69,18 @@
</div>
</div>
{{end}}
{{define "scripts"}}
{{if and .captchaEnabled (eq .captchaType "image")}}
<script>
function reloadCaptcha() {
fetch('/captcha-new')
.then(r => r.text())
.then(id => {
document.getElementById('captchaID').value = id;
document.getElementById('captchaImg').src = '/captcha/' + id + '.png?' + Date.now();
});
}
</script>
{{end}}
{{end}}

46
web/templates/auth/login_2fa.html Normal file
View File

@@ -0,0 +1,46 @@
{{template "base" .}}
{{define "content"}}
<div class="row justify-content-center">
<div class="col-md-5 col-lg-4">
<div class="card shadow">
<div class="card-body p-4">
<div class="text-center mb-4">
<i class="bi bi-shield-lock display-4 text-primary"></i>
<h2 class="mt-2">2段階認証</h2>
<p class="text-muted small">認証アプリに表示されている6桁のコードを入力してください</p>
</div>
{{if .error}}
<div class="alert alert-danger">{{.error}}</div>
{{end}}
<form method="POST" action="/login/2fa">
{{.csrfField}}
<div class="mb-4">
<label for="totp_code" class="form-label">認証コード</label>
<input type="text" class="form-control form-control-lg text-center"
id="totp_code" name="totp_code"
placeholder="000000"
maxlength="6" pattern="[0-9]{6}"
inputmode="numeric" autocomplete="one-time-code"
autofocus required>
<div class="form-text text-center">Google Authenticator などのアプリで確認</div>
</div>
<div class="d-grid">
<button type="submit" class="btn btn-primary btn-lg">
<i class="bi bi-shield-check me-1"></i>確認
</button>
</div>
</form>
<hr class="my-4">
<div class="text-center">
<a href="/login" class="text-muted small">別のアカウントでログイン</a>
</div>
</div>
</div>
</div>
</div>
{{end}}

49
web/templates/auth/register.html
View File

@@ -1,5 +1,11 @@
{{template "base" .}}
{{define "head"}}
{{if and .captchaEnabled (eq .captchaType "turnstile")}}
<script src="https://challenges.cloudflare.com/turnstile/v0/api.js" async defer></script>
{{end}}
{{end}}
{{define "content"}}
<div class="row justify-content-center">
<div class="col-md-5 col-lg-4">
@@ -28,14 +34,36 @@
<div class="mb-3">
<label for="password" class="form-label">パスワード</label>
<input type="password" class="form-control" id="password" name="password" required
minlength="6">
<div class="form-text">6文字以上</div>
minlength="8">
<div class="form-text">8文字以上</div>
</div>
<div class="mb-3">
<label for="password_confirm" class="form-label">パスワード(確認)</label>
<input type="password" class="form-control" id="password_confirm" name="password_confirm"
required minlength="6">
required minlength="8">
</div>
{{if .captchaEnabled}}
{{if eq .captchaType "turnstile"}}
<div class="mb-3 d-flex justify-content-center">
<div class="cf-turnstile" data-sitekey="{{.turnstileSiteKey}}"></div>
</div>
{{else if eq .captchaType "image"}}
<div class="mb-3">
<label class="form-label">画像認証</label>
<div class="d-flex align-items-center gap-2 mb-2">
<img src="/captcha/{{.captchaID}}.png" alt="CAPTCHA" class="border rounded" id="captchaImg">
<button type="button" class="btn btn-sm btn-outline-secondary" onclick="reloadCaptcha()" title="更新">
<i class="bi bi-arrow-clockwise"></i>
</button>
</div>
<input type="hidden" name="captcha_id" id="captchaID" value="{{.captchaID}}">
<input type="text" class="form-control" name="captcha_answer"
placeholder="上の数字を入力" autocomplete="off" required>
</div>
{{end}}
{{end}}
<div class="d-grid">
<button type="submit" class="btn btn-primary btn-lg">登録</button>
</div>
@@ -52,3 +80,18 @@
</div>
</div>
{{end}}
{{define "scripts"}}
{{if and .captchaEnabled (eq .captchaType "image")}}
<script>
function reloadCaptcha() {
fetch('/captcha-new')
.then(r => r.text())
.then(id => {
document.getElementById('captchaID').value = id;
document.getElementById('captchaImg').src = '/captcha/' + id + '.png?' + Date.now();
});
}
</script>
{{end}}
{{end}}

1
web/templates/layouts/base.html
View File

@@ -8,6 +8,7 @@
<title>{{.title}} - Super Homework Manager</title>
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/css/bootstrap.min.css" rel="stylesheet">
<link href="https://cdn.jsdelivr.net/npm/bootstrap-icons@1.11.1/font/bootstrap-icons.css" rel="stylesheet">
<link href="https://cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free@6.5.1/css/all.min.css" rel="stylesheet">
<link href="/static/css/style.css" rel="stylesheet">
<style>
.navbar-dark .navbar-nav .nav-link,

22
web/templates/pages/dashboard.html
View File

@@ -84,7 +84,7 @@
<i class="bi bi-exclamation-octagon-fill me-2"></i>
<span id="urgentMessage"></span>
<div class="urgent-countdown mt-1">
<i class="bi bi-stopwatch"></i> あと <span id="urgentCountdown"></span>
<i class="bi bi-stopwatch"></i> <span id="urgentCountdown"></span>
</div>
</div>
</div>
@@ -164,9 +164,9 @@
<li class="list-group-item d-flex justify-content-between align-items-center"
data-priority="{{.Priority}}" data-due="{{.DueDate.UnixMilli}}">
<div>
{{if .Subject}}<span class="badge bg-secondary me-1">{{.Subject}}</span>{{end}}
{{if eq .Priority "high"}}<span class="badge bg-danger me-1">重要</span>{{end}}
<strong>{{.Title}}</strong>
{{if eq .Priority "high"}}<span class="badge bg-danger ms-1">重要</span>{{end}}
{{if .Subject}}<span class="badge bg-secondary ms-2">{{.Subject}}</span>{{end}}
<br><small class="text-danger">{{formatDateTime .DueDate}}</small>
</div>
<form action="/assignments/{{.ID}}/toggle" method="POST"><input type="hidden" name="_csrf"
@@ -187,9 +187,9 @@
<li class="list-group-item d-flex justify-content-between align-items-center"
data-priority="{{.Priority}}" data-due="{{.DueDate.UnixMilli}}">
<div>
{{if .Subject}}<span class="badge bg-secondary me-1">{{.Subject}}</span>{{end}}
{{if eq .Priority "high"}}<span class="badge bg-danger me-1">重要</span>{{end}}
<strong>{{.Title}}</strong>
{{if eq .Priority "high"}}<span class="badge bg-danger ms-1">重要</span>{{end}}
{{if .Subject}}<span class="badge bg-secondary ms-2">{{.Subject}}</span>{{end}}
<br><small class="text-muted">{{formatDateTime .DueDate}}</small>
</div>
<form action="/assignments/{{.ID}}/toggle" method="POST"><input type="hidden" name="_csrf"
@@ -210,9 +210,9 @@
<li class="list-group-item d-flex justify-content-between align-items-center"
data-priority="{{.Priority}}" data-due="{{.DueDate.UnixMilli}}">
<div>
{{if .Subject}}<span class="badge bg-secondary me-1">{{.Subject}}</span>{{end}}
{{if eq .Priority "high"}}<span class="badge bg-danger me-1">重要</span>{{end}}
<strong>{{.Title}}</strong>
{{if eq .Priority "high"}}<span class="badge bg-danger ms-1">重要</span>{{end}}
{{if .Subject}}<span class="badge bg-secondary ms-2">{{.Subject}}</span>{{end}}
<br><small class="text-muted">{{formatDateTime .DueDate}}</small>
</div>
<form action="/assignments/{{.ID}}/toggle" method="POST"><input type="hidden" name="_csrf"
@@ -306,10 +306,10 @@
var mins = Math.floor((diff % 3600000) / 60000);
var secs = Math.floor((diff % 60000) / 1000);
var text = '';
if (days > 0) text = days + '日 ' + hours + '時間 ' + mins + '分 ' + secs + '秒';
else if (hours > 0) text = hours + '時間 ' + mins + '分 ' + secs + '秒';
else text = mins + '分 ' + secs + '秒';
var text = 'あと ';
if (days > 0) text += days + '日 ' + hours + '時間 ' + mins + '分 ' + secs + '秒';
else if (hours > 0) text += hours + '時間 ' + mins + '分 ' + secs + '秒';
else text += mins + '分 ' + secs + '秒';
countdown.textContent = text;
}

53
web/templates/pages/profile.html
View File

@@ -67,6 +67,43 @@
</div>
</div>
<!-- 2段階認証設定 -->
<div class="card mt-4">
<div class="card-header">
<h5 class="mb-0"><i class="bi bi-shield-lock me-2"></i>2段階認証2FA</h5>
</div>
<div class="card-body">
{{if .totpError}}<div class="alert alert-danger">{{.totpError}}</div>{{end}}
{{if .totpSuccess}}<div class="alert alert-success">{{.totpSuccess}}</div>{{end}}
{{if .user.TOTPEnabled}}
<div class="d-flex align-items-center mb-3">
<span class="badge bg-success me-2"><i class="bi bi-check-lg me-1"></i>有効</span>
<span class="text-muted">2段階認証が有効になっています</span>
</div>
<form method="POST" action="/profile/totp/disable">
{{.csrfField}}
<div class="mb-3">
<label for="totp_disable_password" class="form-label">現在のパスワードを入力して無効化</label>
<input type="password" class="form-control" id="totp_disable_password" name="password"
placeholder="パスワード" required style="max-width:320px">
</div>
<button type="submit" class="btn btn-danger">
<i class="bi bi-shield-x me-1"></i>2段階認証を無効化
</button>
</form>
{{else}}
<div class="d-flex align-items-center mb-3">
<span class="badge bg-secondary me-2"><i class="bi bi-x-lg me-1"></i>無効</span>
<span class="text-muted">2段階認証が設定されていません</span>
</div>
<p class="text-muted small">2段階認証を有効にするとセキュリティが向上します。Google Authenticator などのアプリが必要です。</p>
<a href="/profile/totp/setup" class="btn btn-primary">
<i class="bi bi-shield-plus me-1"></i>2段階認証を設定する
</a>
{{end}}
</div>
</div>
<!-- 通知設定 -->
<div class="card mt-4">
<div class="card-header">
@@ -95,22 +132,6 @@
</div>
</div>
</div>
<div class="col-md-6">
<h6 class="mb-3"><i class="bi bi-chat-dots me-1"></i>LINE Notify</h6>
<div class="form-check form-switch mb-2">
<input class="form-check-input" type="checkbox" id="line_enabled" name="line_enabled"
{{if .notifySettings.LineEnabled}}checked{{end}}>
<label class="form-check-label" for="line_enabled">LINE通知を有効化</label>
</div>
<div class="mb-3">
<label for="line_token" class="form-label">アクセストークン</label>
<input type="password" class="form-control" id="line_token" name="line_token"
value="{{.notifySettings.LineNotifyToken}}" placeholder="トークンを入力">
<div class="form-text">
<a href="https://notify-bot.line.me/my/" target="_blank">LINE Notify</a>でトークンを発行
</div>
</div>
</div>
</div>
<hr class="my-3">
<div class="form-check form-switch mb-3">

83
web/templates/pages/totp_setup.html Normal file
View File

@@ -0,0 +1,83 @@
{{template "base" .}}
{{define "content"}}
<div class="row justify-content-center">
<div class="col-md-7 col-lg-6">
<div class="card shadow">
<div class="card-header">
<h5 class="mb-0"><i class="bi bi-shield-lock me-2"></i>2段階認証の設定</h5>
</div>
<div class="card-body p-4">
{{if .error}}
<div class="alert alert-danger">{{.error}}</div>
{{end}}
<div class="alert alert-info">
<i class="bi bi-info-circle me-1"></i>
Google Authenticator、Authy などの認証アプリを使用してください。
</div>
<h6 class="fw-bold mb-3">手順</h6>
<ol class="mb-4">
<li class="mb-2">認証アプリを開き、新しいアカウントを追加してください。</li>
<li class="mb-2">下のQRコードをスキャンするか、シークレットキーを手動で入力してください。</li>
<li class="mb-2">アプリに表示された6桁のコードを下の欄に入力して確認してください。</li>
</ol>
<div class="text-center mb-4">
<img src="data:image/png;base64,{{.qrCode}}" alt="QRコード" class="border rounded"
style="max-width:200px">
</div>
<div class="mb-4">
<label class="form-label fw-bold">シークレットキー(手動入力の場合)</label>
<div class="input-group">
<input type="text" class="form-control font-monospace" id="secretKey" value="{{.secret}}"
readonly>
<button class="btn btn-outline-secondary" type="button" onclick="copySecret()" title="コピー">
<i class="bi bi-clipboard"></i>
</button>
</div>
<div class="form-text">認証アプリで「手動入力」を選択し、このキーを入力してください。</div>
</div>
<form method="POST" action="/profile/totp/setup">
{{.csrfField}}
<div class="mb-3">
<label for="totp_password" class="form-label fw-bold">現在のパスワード</label>
<input type="password" class="form-control" id="totp_password" name="password"
placeholder="パスワードを入力" required>
</div>
<div class="mb-3">
<label for="totp_code" class="form-label fw-bold">認証コードで確認</label>
<input type="text" class="form-control form-control-lg text-center" id="totp_code"
name="totp_code" placeholder="000000" maxlength="6" pattern="[0-9]{6}" inputmode="numeric"
autocomplete="off" autofocus required>
<div class="form-text">認証アプリに表示された6桁のコードを入力してください。</div>
</div>
<div class="d-flex gap-2">
<button type="submit" class="btn btn-primary">
<i class="bi bi-shield-check me-1"></i>有効化
</button>
<a href="/profile" class="btn btn-outline-secondary">キャンセル</a>
</div>
</form>
</div>
</div>
</div>
</div>
{{end}}
{{define "scripts"}}
<script>
function copySecret() {
const el = document.getElementById('secretKey');
el.select();
navigator.clipboard.writeText(el.value).then(() => {
const btn = el.nextElementSibling;
btn.innerHTML = '<i class="bi bi-check-lg"></i>';
setTimeout(() => { btn.innerHTML = '<i class="bi bi-clipboard"></i>'; }, 2000);
});
}
</script>
{{end}}

148
web/templates/recurring/edit.html Normal file
View File

@@ -0,0 +1,148 @@
{{template "base" .}}
{{define "content"}}
<div class="row justify-content-center">
<div class="col-lg-6">
<div class="card shadow">
<div class="card-header">
<h5 class="mb-0"><i class="bi bi-arrow-repeat me-2"></i>繰り返し課題の編集</h5>
</div>
<div class="card-body">
{{if .error}}<div class="alert alert-danger">{{.error}}</div>{{end}}
<form method="POST" action="/recurring/{{.recurring.ID}}">
{{.csrfField}}
<div class="mb-3">
<label for="title" class="form-label">タイトル <span class="text-danger">*</span></label>
<input type="text" class="form-control" id="title" name="title" value="{{.recurring.Title}}" required>
</div>
<div class="mb-3">
<label for="subject" class="form-label">科目</label>
<input type="text" class="form-control" id="subject" name="subject" value="{{.recurring.Subject}}">
</div>
<div class="mb-3">
<label for="priority" class="form-label">重要度</label>
<select class="form-select" id="priority" name="priority">
<option value="low" {{if eq .recurring.Priority "low"}}selected{{end}}></option>
<option value="medium" {{if eq .recurring.Priority "medium"}}selected{{end}}></option>
<option value="high" {{if eq .recurring.Priority "high"}}selected{{end}}></option>
</select>
</div>
<div class="mb-3">
<label for="description" class="form-label">説明</label>
<textarea class="form-control" id="description" name="description" rows="3">{{.recurring.Description}}</textarea>
</div>
<div class="mb-3">
<label for="due_time" class="form-label">時刻</label>
<input type="time" class="form-control" id="due_time" name="due_time" value="{{.recurring.DueTime}}">
</div>
<div class="card bg-light mb-3">
<div class="card-body py-3">
<h6 class="mb-3"><i class="bi bi-arrow-repeat me-1"></i>繰り返し設定</h6>
<div class="row mb-3">
<div class="col-6">
<label for="recurrence_type" class="form-label small">繰り返しタイプ</label>
<select class="form-select form-select-sm" id="recurrence_type" name="recurrence_type" onchange="updateRecurrenceOptions()">
<option value="daily" {{if eq .recurring.RecurrenceType "daily"}}selected{{end}}>毎日</option>
<option value="weekly" {{if eq .recurring.RecurrenceType "weekly"}}selected{{end}}>毎週</option>
<option value="monthly" {{if eq .recurring.RecurrenceType "monthly"}}selected{{end}}>毎月</option>
</select>
</div>
<div class="col-6">
<label for="recurrence_interval" class="form-label small">間隔</label>
<div class="input-group input-group-sm">
<input type="number" class="form-control" id="recurrence_interval" name="recurrence_interval" value="{{.recurring.RecurrenceInterval}}" min="1" max="12">
<span class="input-group-text" id="interval_label">{{if eq .recurring.RecurrenceType "daily"}}日{{else if eq .recurring.RecurrenceType "weekly"}}週{{else}}月{{end}}</span>
</div>
</div>
</div>
<div id="weekday_group" class="mb-3">
<label class="form-label small">曜日</label>
<div class="btn-group btn-group-sm w-100" role="group">
<input type="radio" class="btn-check" name="recurrence_weekday" id="wd0" value="0" {{if .recurring.RecurrenceWeekday}}{{if eq (derefInt .recurring.RecurrenceWeekday) 0}}checked{{end}}{{end}}>
<label class="btn btn-outline-primary" for="wd0"></label>
<input type="radio" class="btn-check" name="recurrence_weekday" id="wd1" value="1" {{if .recurring.RecurrenceWeekday}}{{if eq (derefInt .recurring.RecurrenceWeekday) 1}}checked{{end}}{{end}}>
<label class="btn btn-outline-primary" for="wd1"></label>
<input type="radio" class="btn-check" name="recurrence_weekday" id="wd2" value="2" {{if .recurring.RecurrenceWeekday}}{{if eq (derefInt .recurring.RecurrenceWeekday) 2}}checked{{end}}{{end}}>
<label class="btn btn-outline-primary" for="wd2"></label>
<input type="radio" class="btn-check" name="recurrence_weekday" id="wd3" value="3" {{if .recurring.RecurrenceWeekday}}{{if eq (derefInt .recurring.RecurrenceWeekday) 3}}checked{{end}}{{end}}>
<label class="btn btn-outline-primary" for="wd3"></label>
<input type="radio" class="btn-check" name="recurrence_weekday" id="wd4" value="4" {{if .recurring.RecurrenceWeekday}}{{if eq (derefInt .recurring.RecurrenceWeekday) 4}}checked{{end}}{{end}}>
<label class="btn btn-outline-primary" for="wd4"></label>
<input type="radio" class="btn-check" name="recurrence_weekday" id="wd5" value="5" {{if .recurring.RecurrenceWeekday}}{{if eq (derefInt .recurring.RecurrenceWeekday) 5}}checked{{end}}{{end}}>
<label class="btn btn-outline-primary" for="wd5"></label>
<input type="radio" class="btn-check" name="recurrence_weekday" id="wd6" value="6" {{if .recurring.RecurrenceWeekday}}{{if eq (derefInt .recurring.RecurrenceWeekday) 6}}checked{{end}}{{end}}>
<label class="btn btn-outline-primary" for="wd6"></label>
</div>
</div>
<div id="day_group" class="mb-3">
<label for="recurrence_day" class="form-label small"></label>
<select class="form-select form-select-sm" id="recurrence_day" name="recurrence_day">
{{range $i := seq 1 31}}
<option value="{{$i}}" {{if $.recurring.RecurrenceDay}}{{if eq (derefInt $.recurring.RecurrenceDay) $i}}selected{{end}}{{end}}>{{$i}}日</option>
{{end}}
</select>
</div>
<hr class="my-2">
<div class="d-flex justify-content-between align-items-center">
<span class="small text-muted">状態:</span>
{{if .recurring.IsActive}}
<span class="badge bg-success">有効</span>
{{else}}
<span class="badge bg-secondary">停止中</span>
{{end}}
</div>
</div>
</div>
<div class="d-flex gap-2 flex-wrap">
<button type="submit" class="btn btn-primary"><i class="bi bi-check-lg me-1"></i>更新</button>
<a href="/assignments" class="btn btn-outline-secondary">キャンセル</a>
{{if .recurring.IsActive}}
<button type="button" class="btn btn-outline-danger" onclick="if(confirm('繰り返しを停止しますか?今後新しい課題は自動作成されなくなります。')) document.getElementById('stopForm').submit();">
<i class="bi bi-stop-fill me-1"></i>停止
</button>
{{else}}
<button type="button" class="btn btn-outline-success" onclick="document.getElementById('resumeForm').submit();">
<i class="bi bi-play-fill me-1"></i>再開
</button>
{{end}}
<button type="button" class="btn btn-outline-danger ms-auto" onclick="if(confirm('この繰り返し設定を削除しますか?この操作は取り消せません。')) document.getElementById('deleteForm').submit();">
<i class="bi bi-trash me-1"></i>削除
</button>
</div>
</form>
{{if .recurring.IsActive}}
<form id="stopForm" action="/recurring/{{.recurring.ID}}/stop" method="POST" class="d-none">
{{.csrfField}}
</form>
{{else}}
<form id="resumeForm" action="/recurring/{{.recurring.ID}}/resume" method="POST" class="d-none">
{{.csrfField}}
</form>
{{end}}
<form id="deleteForm" action="/recurring/{{.recurring.ID}}/delete" method="POST" class="d-none">
{{.csrfField}}
</form>
</div>
</div>
</div>
</div>
<script>
function updateRecurrenceOptions() {
var type = document.getElementById('recurrence_type').value;
document.getElementById('weekday_group').style.display = type === 'weekly' ? 'block' : 'none';
document.getElementById('day_group').style.display = type === 'monthly' ? 'block' : 'none';
var label = document.getElementById('interval_label');
if (type === 'daily') label.textContent = '日';
else if (type === 'weekly') label.textContent = '週';
else if (type === 'monthly') label.textContent = '月';
}
document.addEventListener('DOMContentLoaded', function() {
updateRecurrenceOptions();
});
</script>
{{end}}

68
web/templates/recurring/index.html Normal file
View File

@@ -0,0 +1,68 @@
{{template "base" .}}
{{define "content"}}
<div class="d-flex justify-content-between align-items-center mb-3">
<div class="d-flex align-items-center">
<h4 class="mb-0 fw-bold"><i class="bi bi-arrow-repeat me-2"></i>繰り返し設定一覧</h4>
</div>
<a href="/assignments" class="btn btn-sm btn-outline-secondary">
<i class="bi bi-arrow-left me-1"></i>課題一覧に戻る
</a>
</div>
<div class="card shadow-sm">
<div class="table-responsive">
<table class="table table-hover mb-0">
<thead class="table-light">
<tr>
<th class="ps-3">タイトル</th>
<th>科目</th>
<th>繰り返し</th>
<th>状態</th>
<th class="text-end pe-3">操作</th>
</tr>
</thead>
<tbody>
{{range .recurrings}}
<tr>
<td class="ps-3">
<div class="fw-bold">{{.Title}}</div>
{{if .Description}}
<div class="text-muted small text-truncate" style="max-width: 200px;">{{.Description}}</div>
{{end}}
</td>
<td>
{{if .Subject}}
<span class="badge bg-secondary">{{.Subject}}</span>
{{else}}
<span class="text-muted">-</span>
{{end}}
</td>
<td>
<span class="text-dark">{{recurringSummary .}}</span>
</td>
<td>
{{if .IsActive}}
<span class="badge bg-success">有効</span>
{{else}}
<span class="badge bg-secondary">停止中</span>
{{end}}
</td>
<td class="text-end pe-3">
<a href="/recurring/{{.ID}}/edit" class="btn btn-sm btn-outline-primary">
<i class="bi bi-pencil"></i>
</a>
</td>
</tr>
{{else}}
<tr>
<td colspan="5" class="text-center py-4 text-muted">
繰り返し設定がありません
</td>
</tr>
{{end}}
</tbody>
</table>
</div>
</div>
{{end}}