Reduce clicks on google login

compose.yaml

@@ -1,33 +1,5 @@
 # Production compose stack for hamprint.
 #
-# What changed from the previous bind-mount / pip-at-runtime version:
-#   - `web` is now BUILT from the Containerfile in this repo. Everything
-#     (Python deps, the Tailwind CLI binary, the built CSS, collectstatic
-#     output) bakes into the image; nothing is installed at container start.
-#   - No host source bind-mount: the container ships its own /app. Code
-#     changes require a `podman-compose up -d --build web`.
-#   - `DJANGO_SETTINGS_MODULE=hamprint.settings.prod` (DEBUG off, secure
-#     cookies, HSTS). DEBUG=True traffic should run from the host venv,
-#     not from this stack.
-#   - Uploaded STLs persist in a named `media` volume so they survive
-#     `podman-compose down` / image rebuilds. Drop with `down -v`.
-#
-# Bring it up:        podman-compose up -d --build
-# Rebuild only web:   podman-compose up -d --build web
-# Logs:               podman-compose logs -f web
-# Tear down:          podman-compose down       # keeps pgdata + media
-#                     podman-compose down -v    # nukes both volumes too
-#
-# `.env` keys you'll want set (see `.env.example` for the full list):
-#   SECRET_KEY            - long random string
-#   ALLOWED_HOSTS         - e.g. "print.hamlab.lt,localhost"
-#   SITE_URL              - e.g. "https://print.hamlab.lt"   (for emails)
-#   POSTGRES_DB / _USER / _PASSWORD
-#   MAILTRAP_API_TOKEN          (+ MAILTRAP_TEST_INBOX_ID for sandbox)
-#   GOOGLE_CLIENT_ID / _SECRET (optional; only if Google sign-in is wanted)
-#
-# TLS termination is the upstream proxy's job -- the `web` container speaks
-# plain HTTP on its mapped host port (default 8000).
 
 services:
   db:
@@ -59,6 +31,17 @@ services:
       - "8000:8000"
     volumes:
       - media:/app/media
+    labels:
+      traefik.enable: "true"
+      traefik.http.routers.hamprint.rule: "Host(`print.hamlab.lt`)"
+      traefik.http.middlewares.hamprint-https-redirect.redirectscheme.scheme: "https"
+      traefik.http.routers.hamprint.middlewares: "hamprint-https-redirect"
+      traefik.http.routers.hamprint-secure.entrypoints: "https"
+      traefik.http.routers.hamprint-secure.rule: "Host(`print.hamlab.lt`)"
+      traefik.http.routers.hamprint-secure.tls: "true"
+      traefik.http.routers.hamprint-secure.tls.certresolver: "lets-encrypt"
+      traefik.http.services.hamprint.loadbalancer.server.port: "8000"
+
     depends_on:
       db:
         condition: service_healthy

templates/account/login.html

@@ -14,13 +14,11 @@
       </p>
     </div>
 
-    {% comment %}
-      The button is a GET to allauth's google_login view -- not a POST form --
-      because the actual OAuth handshake happens via a 302 redirect to Google.
-      The `?next=` from `/accounts/login/?next=/wherever/` is forwarded so the
-      user lands back on the page they were trying to reach.
-    {% endcomment %}
-    <a href="{% url 'google_login' %}{% if request.GET.next %}?next={{ request.GET.next|urlencode }}{% endif %}"
+    {# POST (not GET) so allauth's LoginView skips its intermediate confirm page and 302s straight to Google. #}
+    <form method="post" action="{% url 'google_login' %}">
+      {% csrf_token %}
+      {% if request.GET.next %}<input type="hidden" name="next" value="{{ request.GET.next }}">{% endif %}
+      <button type="submit"
               class="flex items-center justify-center gap-3 w-full px-4 py-3 rounded-md border border-slate-300 bg-white hover:bg-slate-50 text-slate-900 font-medium shadow-sm">
         <svg class="w-5 h-5" viewBox="0 0 24 24" aria-hidden="true">
           <path fill="#4285F4" d="M22.56 12.25c0-.78-.07-1.53-.2-2.25H12v4.26h5.92c-.26 1.37-1.04 2.53-2.21 3.31v2.75h3.57c2.08-1.92 3.28-4.74 3.28-8.07z"/>
@@ -29,7 +27,8 @@
           <path fill="#EA4335" d="M12 5.38c1.62 0 3.06.56 4.21 1.64l3.15-3.15C17.45 2.09 14.97 1 12 1 7.7 1 3.99 3.47 2.18 7.04l3.66 2.84C6.71 7.31 9.14 5.38 12 5.38z"/>
         </svg>
         Continue with Google
-    </a>
+      </button>
+    </form>
 
     <div class="mt-6 text-center">
       <a href="{% url 'submissions:create' %}" class="text-sm text-slate-600 hover:underline">No thanks, just submit as a guest →</a>