Reduce clicks on google login

Add traefik labels
2026-05-15 00:52:26 +03:00 · 2026-05-15 00:29:23 +03:00
2 changed files with 26 additions and 44 deletions
--- a/compose.yaml
+++ b/compose.yaml
@@ -1,33 +1,5 @@
 # Production compose stack for hamprint.
 #
-# What changed from the previous bind-mount / pip-at-runtime version:
-#   - `web` is now BUILT from the Containerfile in this repo. Everything
-#     (Python deps, the Tailwind CLI binary, the built CSS, collectstatic
-#     output) bakes into the image; nothing is installed at container start.
-#   - No host source bind-mount: the container ships its own /app. Code
-#     changes require a `podman-compose up -d --build web`.
-#   - `DJANGO_SETTINGS_MODULE=hamprint.settings.prod` (DEBUG off, secure
-#     cookies, HSTS). DEBUG=True traffic should run from the host venv,
-#     not from this stack.
-#   - Uploaded STLs persist in a named `media` volume so they survive
-#     `podman-compose down` / image rebuilds. Drop with `down -v`.
-#
-# Bring it up:        podman-compose up -d --build
-# Rebuild only web:   podman-compose up -d --build web
-# Logs:               podman-compose logs -f web
-# Tear down:          podman-compose down       # keeps pgdata + media
-#                     podman-compose down -v    # nukes both volumes too
-#
-# `.env` keys you'll want set (see `.env.example` for the full list):
-#   SECRET_KEY            - long random string
-#   ALLOWED_HOSTS         - e.g. "print.hamlab.lt,localhost"
-#   SITE_URL              - e.g. "https://print.hamlab.lt"   (for emails)
-#   POSTGRES_DB / _USER / _PASSWORD
-#   MAILTRAP_API_TOKEN          (+ MAILTRAP_TEST_INBOX_ID for sandbox)
-#   GOOGLE_CLIENT_ID / _SECRET (optional; only if Google sign-in is wanted)
-#
-# TLS termination is the upstream proxy's job -- the `web` container speaks
-# plain HTTP on its mapped host port (default 8000).

 services:
  db:
@@ -59,6 +31,17 @@ services:
      - "8000:8000"
    volumes:
      - media:/app/media
+    labels:
+      traefik.enable: "true"
+      traefik.http.routers.hamprint.rule: "Host(`print.hamlab.lt`)"
+      traefik.http.middlewares.hamprint-https-redirect.redirectscheme.scheme: "https"
+      traefik.http.routers.hamprint.middlewares: "hamprint-https-redirect"
+      traefik.http.routers.hamprint-secure.entrypoints: "https"
+      traefik.http.routers.hamprint-secure.rule: "Host(`print.hamlab.lt`)"
+      traefik.http.routers.hamprint-secure.tls: "true"
+      traefik.http.routers.hamprint-secure.tls.certresolver: "lets-encrypt"
+      traefik.http.services.hamprint.loadbalancer.server.port: "8000"
+
    depends_on:
      db:
        condition: service_healthy
--- a/templates/account/login.html
+++ b/templates/account/login.html
@@ -14,22 +14,21 @@
      </p>
    </div>

-    {% comment %}
-      The button is a GET to allauth's google_login view -- not a POST form --
-      because the actual OAuth handshake happens via a 302 redirect to Google.
-      The `?next=` from `/accounts/login/?next=/wherever/` is forwarded so the
-      user lands back on the page they were trying to reach.
-    {% endcomment %}
-    <a href="{% url 'google_login' %}{% if request.GET.next %}?next={{ request.GET.next|urlencode }}{% endif %}"
-       class="flex items-center justify-center gap-3 w-full px-4 py-3 rounded-md border border-slate-300 bg-white hover:bg-slate-50 text-slate-900 font-medium shadow-sm">
-      <svg class="w-5 h-5" viewBox="0 0 24 24" aria-hidden="true">
-        <path fill="#4285F4" d="M22.56 12.25c0-.78-.07-1.53-.2-2.25H12v4.26h5.92c-.26 1.37-1.04 2.53-2.21 3.31v2.75h3.57c2.08-1.92 3.28-4.74 3.28-8.07z"/>
-        <path fill="#34A853" d="M12 23c2.97 0 5.46-.98 7.28-2.66l-3.57-2.75c-.99.66-2.23 1.06-3.71 1.06-2.86 0-5.29-1.93-6.16-4.53H2.18v2.84C3.99 20.53 7.7 23 12 23z"/>
-        <path fill="#FBBC05" d="M5.84 14.12A6.97 6.97 0 015.46 12c0-.74.13-1.45.36-2.12V7.04H2.18A10.99 10.99 0 001 12c0 1.77.42 3.45 1.18 4.96l3.66-2.84z"/>
-        <path fill="#EA4335" d="M12 5.38c1.62 0 3.06.56 4.21 1.64l3.15-3.15C17.45 2.09 14.97 1 12 1 7.7 1 3.99 3.47 2.18 7.04l3.66 2.84C6.71 7.31 9.14 5.38 12 5.38z"/>
-      </svg>
-      Continue with Google
-    </a>
+    {# POST (not GET) so allauth's LoginView skips its intermediate confirm page and 302s straight to Google. #}
+    <form method="post" action="{% url 'google_login' %}">
+      {% csrf_token %}
+      {% if request.GET.next %}<input type="hidden" name="next" value="{{ request.GET.next }}">{% endif %}
+      <button type="submit"
+              class="flex items-center justify-center gap-3 w-full px-4 py-3 rounded-md border border-slate-300 bg-white hover:bg-slate-50 text-slate-900 font-medium shadow-sm">
+        <svg class="w-5 h-5" viewBox="0 0 24 24" aria-hidden="true">
+          <path fill="#4285F4" d="M22.56 12.25c0-.78-.07-1.53-.2-2.25H12v4.26h5.92c-.26 1.37-1.04 2.53-2.21 3.31v2.75h3.57c2.08-1.92 3.28-4.74 3.28-8.07z"/>
+          <path fill="#34A853" d="M12 23c2.97 0 5.46-.98 7.28-2.66l-3.57-2.75c-.99.66-2.23 1.06-3.71 1.06-2.86 0-5.29-1.93-6.16-4.53H2.18v2.84C3.99 20.53 7.7 23 12 23z"/>
+          <path fill="#FBBC05" d="M5.84 14.12A6.97 6.97 0 015.46 12c0-.74.13-1.45.36-2.12V7.04H2.18A10.99 10.99 0 001 12c0 1.77.42 3.45 1.18 4.96l3.66-2.84z"/>
+          <path fill="#EA4335" d="M12 5.38c1.62 0 3.06.56 4.21 1.64l3.15-3.15C17.45 2.09 14.97 1 12 1 7.7 1 3.99 3.47 2.18 7.04l3.66 2.84C6.71 7.31 9.14 5.38 12 5.38z"/>
+        </svg>
+        Continue with Google
+      </button>
+    </form>

    <div class="mt-6 text-center">
      <a href="{% url 'submissions:create' %}" class="text-sm text-slate-600 hover:underline">No thanks, just submit as a guest →</a>
Author	SHA1	Message	Date
Simonas Kareiva	24624cc4d1	Reduce clicks on google login	2026-05-15 00:52:26 +03:00
Simonas Kareiva	526fec314d	Add traefik labels	2026-05-15 00:29:23 +03:00