Merge pull request #1 from sycofly/UNO-861-acc-man

Uno 861 acc man

Author: sycofly

.env.example

@@ -0,0 +1,12 @@
+# Database Configuration
+DB_HOST=localhost
+DB_PORT=5432
+DB_USER=postgres
+DB_PASSWORD=postgres
+DB_NAME=unixify
+DB_SSLMODE=disable
+
+# Server Configuration
+SERVER_PORT=8080
+GIN_MODE=debug
+JWT_SECRET=default_secret_change_me_in_production

.gitignore

@@ -0,0 +1,37 @@
+# Binaries for programs and plugins
+*.exe
+*.exe~
+*.dll
+*.so
+*.dylib
+unixify
+
+# Test binary, built with `go test -c`
+*.test
+
+# Output of the go coverage tool, specifically when used with LiteIDE
+*.out
+
+# Dependency directories (remove the comment below to include it)
+# vendor/
+
+# Environment variables
+.env
+
+# IDE specific files
+.idea/
+.vscode/
+*.swp
+*.swo
+
+# OS specific files
+.DS_Store
+Thumbs.db
+
+# Application logs
+*.log
+
+# Database dumps and backups
+*.sql
+*.dump
+*.bak

CLAUDE.md

@@ -0,0 +1,137 @@
+# Unixify - UNIX Account/Group Registry
+
+Unixify is a Go application that serves as a registry for UNIX account UIDs and Group GIDs.
+
+## Project Overview
+
+The application provides a web interface for managing UNIX accounts and groups with the following features:
+
+1. PostgreSQL database backend
+2. Web interface with four sections: People, System, Database, and Service
+3. Complete audit log system for all operations
+4. Full RESTful API for all operations
+5. JWT-based authentication with optional TOTP 2FA
+6. Light/dark mode theme switching with auto-detection
+7. Read-only guest mode with visual indicators
+8. Gradient text and consistent button styling
+
+## Account/Group Types and UID/GID Ranges
+
+| Type     | Account UID Range | Group GID Range |
+|----------|-------------------|-----------------|
+| People   | 5000-6000         | 1000-3000       |
+| System   | 1000-2000         | 3000-5000       |
+| Database | 2000-7999         | 2000-7500       |
+| Service  | 8000-8999         | 4000-5000       |
+
+## Key Operations
+
+- Add/edit/delete accounts and groups
+- Assign/remove users from groups
+- View detailed audit logs of all system events
+- Search by UID, GID, username, or groupname
+- User authentication with optional TOTP 2FA
+- Theme switching (light/dark mode)
+- Guest read-only access with registration for edit permissions
+
+## Development Commands
+
+```bash
+# Run the application locally
+go run cmd/unixify/main.go
+
+# Build the application
+go build -o unixify cmd/unixify/main.go
+
+# Run database migrations
+go run cmd/migrate/main.go
+```
+
+## Deployment Commands
+
+```bash
+# Start the application with Podman
+podman-compose up -d
+
+# Stop the application
+podman-compose down
+
+# View application logs
+podman logs uno-861-acc-man_unixify_1
+
+# View specific log entries
+podman logs uno-861-acc-man_unixify_1 | grep "ERROR"
+
+# Run a standalone frontend with Caddy (for testing UI changes)
+podman build -t unixify-caddy -f Dockerfile.caddy .
+podman run -d -p 8081:80 --name unixify-caddy unixify-caddy
+```
+
+## Container Notes
+
+- The main application runs on port 8080
+- The frontend-only container runs on port 8081
+- Templates are stored in `/app/web/templates/`
+- Static assets are in `/app/web/static/`
+- Do NOT use volume mounts that override the container's web directory
+- Use custom frontend container with Caddy for UI-only changes
+
+## Tech Stack
+
+- Go with Gin web framework
+- PostgreSQL database
+- HTML/CSS/JavaScript frontend
+- RESTful API backend
+- JWT-based authentication
+- Google Authenticator TOTP support
+- Theme switching with CSS variables
+- Audit logging for all operations
+
+## Authentication System
+
+The application includes a comprehensive authentication system:
+- JWT token-based authentication
+- Password hashing with bcrypt
+- Optional TOTP second factor with Google Authenticator
+- Protected API routes with middleware
+- User profiles and password management
+- Self-registration with email verification and admin approval
+- Automatic guest mode with clear visual indicators
+- Proper separation between regular users and guest accounts
+
+## Theming System
+
+The application supports light and dark themes:
+- CSS variables for comprehensive theme support
+- Theme toggle button integrated in the navigation bar
+- Theme preference stored in localStorage for persistence
+- System preference detection via `prefers-color-scheme`
+- Dark mode for all UI components including forms, tables, and alerts
+- Light grey text in tables for better dark mode readability
+- Gradient text effects for headings and descriptions
+- Consistent color palette for buttons and interactive elements
+- Custom colored badges with theme-appropriate styling
+
+## Access Control
+
+The application implements a role-based access control system:
+- Guests have automatic read-only access to view data
+- "Guest Account (Read-Only)" indicator clearly shows status
+- Registration is required to request edit permissions
+- New registrations require admin approval
+- Authenticated users can perform edits based on their role
+- UI dynamically adapts to show/hide edit controls based on permissions
+- Clear visual indicators show current access mode
+- Proper user dropdown menu visibility control for guest vs regular users
+
+## UI Enhancements
+
+The application features a modern and user-friendly interface:
+- Clean, responsive layout with Bootstrap 5
+- Soft purple and green accent colors for key UI elements
+- Blue-to-purple gradient text for headings and descriptions
+- Consistent button styling across the application
+- Card-based UI with subtle shadows and animations
+- Interactive hover effects for better user feedback
+- Custom document viewer for application documentation
+- UID/GID Range Reference card with optimized dark mode display

Caddyfile

@@ -0,0 +1,10 @@
+:80
+
+root * /srv
+file_server
+
+header {
+    X-Content-Type-Options nosniff
+    X-Frame-Options DENY
+    Referrer-Policy no-referrer-when-downgrade
+}

Containerfile

@@ -0,0 +1,43 @@
+# Build stage
+FROM docker.io/library/golang:1.22-alpine AS builder
+
+# Set working directory
+WORKDIR /app
+
+# Copy go mod and sum files
+COPY go.mod go.sum ./
+
+# Download dependencies
+RUN go mod download
+
+# Copy source code
+COPY . .
+
+# Build the application
+RUN CGO_ENABLED=0 GOOS=linux go build -o unixify ./cmd/unixify
+
+# Final stage
+FROM docker.io/library/alpine:latest
+
+# Add necessary packages
+RUN apk --no-cache add ca-certificates tzdata
+
+# Set working directory
+WORKDIR /app
+
+# Copy binary from build stage
+COPY --from=builder /app/unixify /app/unixify
+
+# Copy web templates and static files from the actual source directory
+COPY ./web /app/web
+
+# No email configuration needed here since we're using MailHog as a separate service
+
+# Expose port
+EXPOSE 8080
+
+# Set environment variables
+ENV GIN_MODE=release
+
+# Command to run
+CMD ["/app/unixify"]

Dockerfile.caddy

@@ -0,0 +1,8 @@
+FROM docker.io/library/caddy:2-alpine
+
+COPY Caddyfile /etc/caddy/Caddyfile
+COPY web-build /srv
+
+EXPOSE 80
+
+CMD ["caddy", "run", "--config", "/etc/caddy/Caddyfile"]

Dockerfile.nginx

@@ -0,0 +1,4 @@
+FROM docker.io/library/nginx:alpine
+COPY web-build /usr/share/nginx/html
+EXPOSE 80
+CMD ["nginx", "-g", "daemon off;"]

GUEST_ACCOUNT.md

@@ -0,0 +1,93 @@
+# Guest Account Implementation
+
+This document explains the implementation of the guest account feature in the Unixify application.
+
+## Overview
+
+The application now automatically logs in users as a "guest" account when they access the system without authentication. This provides a unified experience where:
+
+1. All users are technically "authenticated" but with different permission levels
+2. Guest users are clearly identified in the UI
+3. A consistent navigation experience is maintained for all users
+
+## How It Works
+
+### 1. Automatic Guest Login
+
+When a user accesses the application without a valid authentication token, the system:
+
+1. Automatically creates a guest token in localStorage
+2. Sets up a guest user profile with username "guest"
+3. Displays the guest account in the navigation bar
+4. Applies read-only permissions to all UI elements
+
+### 2. Guest User Interface
+
+The guest user experience includes:
+
+- A yellow "Guest Account (Read-Only)" indicator in the navbar
+- A special yellow dashed avatar with "G" (for Guest)
+- A user dropdown menu showing the guest username and role
+- Disabled edit buttons throughout the interface
+- A "Register Now" banner encouraging account creation
+
+### 3. Authentication Flow
+
+The authentication system manages three states:
+
+1. **Not Authenticated**: No token of any kind (redirects to login)
+2. **Guest User**: Has a guest token (read-only access)
+3. **Authenticated User**: Has a regular auth token (permissions based on role)
+
+### 4. Technical Implementation
+
+The guest account is implemented through:
+
+- A `guest_token` in localStorage that identifies guest sessions
+- A `isGuestUser()` function that differentiates between guest and regular users
+- Special CSS styling for guest UI elements
+- Modified permission checking to recognize and handle guest accounts
+- Updated templates to display guest-specific UI elements
+
+## Testing the Guest Account
+
+### Using the Simplified Server
+
+1. Run the simplified server:
+```bash
+cd /home/pfrederi/code/github.com/home/unixify/feature/UNO-861-acc-man
+PORT=8083 go run cmd/simplified/main.go
+```
+
+2. Access the application at http://localhost:8083
+3. You'll be automatically logged in as the guest user
+4. To test regular authentication, use the login page with:
+   - Username: admin
+   - Password: admin
+
+### Using the Login API
+
+The application provides a mock login API that accepts:
+
+- Guest login: username "guest" with any password
+- Admin login: username "admin" with password "admin"
+
+Example:
+```javascript
+// Guest login
+fetch('/api/auth/login', {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/json' },
+    body: JSON.stringify({ username: 'guest', password: 'anything' })
+})
+```
+
+## Benefits
+
+The guest account approach provides several benefits:
+
+1. **Unified Code Path**: The code can treat all users as authenticated, simplifying logic
+2. **Clear Visual Indicators**: Users always know their current access level
+3. **Smoother UX**: No jarring transitions between authenticated and non-authenticated states
+4. **Easy Registration Path**: Clear path for users to upgrade from guest to registered user
+5. **Permission Management**: Centralized permission system that works for all user types