fix: buffer template execution to prevent corrupt HTML responses (closes #42)

Add renderTemplate helper method on Handlers that renders templates to a bytes.Buffer first, then writes to the ResponseWriter only on success. This prevents partial/corrupt HTML when template execution fails partway through. Applied to all template rendering call sites in: - setup.go (HandleSetupGET, renderSetupError) - auth.go (HandleLoginGET, HandleLoginPOST error paths) - dashboard.go (HandleDashboard) - app.go (HandleAppNew, HandleAppCreate, HandleAppDetail, HandleAppEdit, HandleAppUpdate, HandleAppDeployments)
2026-02-15 22:04:09 -08:00
parent e9bf63d18b
commit af9ffddf84
6 changed files with 111 additions and 42 deletions
--- a/internal/handlers/app.go
+++ b/internal/handlers/app.go
@@ -32,11 +32,7 @@ func (h *Handlers) HandleAppNew() http.HandlerFunc {
 	return func(writer http.ResponseWriter, request *http.Request) {
 		data := h.addGlobals(map[string]any{}, request)

-		err := tmpl.ExecuteTemplate(writer, "app_new.html", data)
-		if err != nil {
-			h.log.Error("template execution failed", "error", err)
-			http.Error(writer, "Internal Server Error", http.StatusInternalServerError)
-		}
+		h.renderTemplate(writer, tmpl, "app_new.html", data)
 	}
 }

@@ -66,7 +62,7 @@ func (h *Handlers) HandleAppCreate() http.HandlerFunc {

 		if name == "" || repoURL == "" {
 			data["Error"] = "Name and repository URL are required"
-			_ = tmpl.ExecuteTemplate(writer, "app_new.html", data)
+			h.renderTemplate(writer, tmpl, "app_new.html", data)

 			return
 		}
@@ -91,7 +87,7 @@ func (h *Handlers) HandleAppCreate() http.HandlerFunc {
 		if createErr != nil {
 			h.log.Error("failed to create app", "error", createErr)
 			data["Error"] = "Failed to create app: " + createErr.Error()
-			_ = tmpl.ExecuteTemplate(writer, "app_new.html", data)
+			h.renderTemplate(writer, tmpl, "app_new.html", data)

 			return
 		}
@@ -152,11 +148,7 @@ func (h *Handlers) HandleAppDetail() http.HandlerFunc {
 			"Success":          request.URL.Query().Get("success"),
 		}, request)

-		err := tmpl.ExecuteTemplate(writer, "app_detail.html", data)
-		if err != nil {
-			h.log.Error("template execution failed", "error", err)
-			http.Error(writer, "Internal Server Error", http.StatusInternalServerError)
-		}
+		h.renderTemplate(writer, tmpl, "app_detail.html", data)
 	}
 }

@@ -185,11 +177,7 @@ func (h *Handlers) HandleAppEdit() http.HandlerFunc {
 			"App": application,
 		}, request)

-		err := tmpl.ExecuteTemplate(writer, "app_edit.html", data)
-		if err != nil {
-			h.log.Error("template execution failed", "error", err)
-			http.Error(writer, "Internal Server Error", http.StatusInternalServerError)
-		}
+		h.renderTemplate(writer, tmpl, "app_edit.html", data)
 	}
 }

@@ -245,7 +233,7 @@ func (h *Handlers) HandleAppUpdate() http.HandlerFunc {
 				"App":   application,
 				"Error": "Failed to update app",
 			}, request)
-			_ = tmpl.ExecuteTemplate(writer, "app_edit.html", data)
+			h.renderTemplate(writer, tmpl, "app_edit.html", data)

 			return
 		}
@@ -369,11 +357,7 @@ func (h *Handlers) HandleAppDeployments() http.HandlerFunc {
 			"Deployments": deployments,
 		}, request)

-		err := tmpl.ExecuteTemplate(writer, "deployments.html", data)
-		if err != nil {
-			h.log.Error("template execution failed", "error", err)
-			http.Error(writer, "Internal Server Error", http.StatusInternalServerError)
-		}
+		h.renderTemplate(writer, tmpl, "deployments.html", data)
 	}
 }