From 5df89200d402d207218f2c361952aa080a343414 Mon Sep 17 00:00:00 2001 From: Gabriel Kaszewski Date: Mon, 4 May 2026 13:19:21 +0200 Subject: [PATCH] docs: add frontend HTML design spec --- .../specs/2026-05-04-frontend-html-design.md | 30 +++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 docs/superpowers/specs/2026-05-04-frontend-html-design.md diff --git a/docs/superpowers/specs/2026-05-04-frontend-html-design.md b/docs/superpowers/specs/2026-05-04-frontend-html-design.md new file mode 100644 index 0000000..04bfc2b --- /dev/null +++ b/docs/superpowers/specs/2026-05-04-frontend-html-design.md @@ -0,0 +1,30 @@ +# Frontend HTML/CSS Design + +**Date:** 2026-05-04 + +## Summary + +Server-rendered HTML frontend using Rust/Axum + Askama templates + HTTP-only cookie JWT auth. No JavaScript. + +## Pages + +| Route | Access | Description | +|---|---|---| +| GET / | public | Diary index | +| GET /login | public | Login form | +| POST /login | public | Set cookie → redirect / | +| GET /logout | — | Clear cookie → redirect / | +| GET /register | public | Only if ALLOW_REGISTRATION | +| POST /register | public | Set cookie → redirect / | +| GET /reviews/new | auth | New review form | +| POST /reviews | auth | Log review → redirect / | + +## Design Decisions + +- **Auth:** Cookie-based JWT (HttpOnly, SameSite=Lax). Existing Bearer auth untouched. +- **Template inheritance:** base.html owns header. Child templates use {% extends %}/{% block %}. +- **Entry layout:** Poster thumbnail (60px) + text block. Fallback to text-only when no poster. +- **Header (logged out):** [Login] [Register?] +- **Header (logged in):** [Add Review] email@example.com [Logout] +- **Form errors:** PRG → redirect back with ?error= +- **Diary visibility:** Public (anyone can read, auth required to add)