From 0620afc98fdc0f764e82807bb0090b78618ddb1d Mon Sep 17 00:00:00 2001
From: Peter Stone <thepeterstone@gmail.com>
Date: Sat, 7 Feb 2026 13:47:13 -1000
Subject: Fix timeline task completion replacing view, fix passkey registration
 CSRF

- Fix checkboxes in timeline calendar grid targeting #tab-content (replaced
  entire view). Now target closest .untimed-item/.calendar-event with outerHTML
- Fix passkey registration 403 by passing CSRFToken from settings handler
  and exposing it via meta tag for JS to read
- Add TDD workflow requirement to CLAUDE.md
- Tests written first (red-green): template content assertions for checkbox
  targets and CSRF token presence, handler data struct verification

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 internal/handlers/settings.go | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

(limited to 'internal/handlers/settings.go')

diff --git a/internal/handlers/settings.go b/internal/handlers/settings.go
index fa1acee..60fc6be 100644
--- a/internal/handlers/settings.go
+++ b/internal/handlers/settings.go
@@ -6,6 +6,7 @@ import (
 
 	"github.com/go-chi/chi/v5"
 
+	"task-dashboard/internal/auth"
 	"task-dashboard/internal/models"
 )
 
@@ -21,13 +22,15 @@ func (h *Handler) HandleSettingsPage(w http.ResponseWriter, r *http.Request) {
 	}
 
 	data := struct {
-		Configs  map[string][]models.SourceConfig
-		Sources  []string
-		Toggles  []models.FeatureToggle
+		Configs   map[string][]models.SourceConfig
+		Sources   []string
+		Toggles   []models.FeatureToggle
+		CSRFToken string
 	}{
-		Configs: bySource,
-		Sources: []string{"trello", "todoist", "gcal", "gtasks"},
-		Toggles: toggles,
+		Configs:   bySource,
+		Sources:   []string{"trello", "todoist", "gcal", "gtasks"},
+		Toggles:   toggles,
+		CSRFToken: auth.GetCSRFTokenFromContext(r.Context()),
 	}
 
 	if err := h.renderer.Render(w, "settings.html", data); err != nil {
-- 
cgit v1.2.3