Phase 5: library & stats

- Full library home page: question list with per-user mastery stats,
  search/source filter, sort (A-Z, weakest first, most-seen), source
  breakdown in header, Take a test CTA.
- GET/POST /questions/{id}: view and edit question text, source, answers;
  radio-select correct answer; shows seen×/correct% stat.
- POST /questions/{id}/delete: hard delete (cascades to answers via FK).
- repo: ListQuestions supports SortWeakest/SortMostSeen via LEFT JOIN;
  added CountBySource, UpdateQuestion, UpdateAnswers, DeleteQuestion.
- render: added pct template func (correct*100/seen).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

internal/handlers/home.go

@@ -1,20 +1,89 @@
 package handlers
 
 import (
+	"log/slog"
 	"net/http"
 
 	"qbank/internal/auth"
+	"qbank/internal/db"
+	"qbank/internal/models"
 )
 
+// QuestionRow pairs a question with its per-user stat for the library display.
+type QuestionRow struct {
+	Q    *models.Question
+	Stat *models.UserQuestionStat // nil = never seen in a test
+}
+
 type HomeHandler struct {
 	auth   *auth.Manager
+	repo   *db.Repo
 	render *Renderer
 }
 
-func NewHomeHandler(a *auth.Manager, r *Renderer) *HomeHandler {
-	return &HomeHandler{auth: a, render: r}
+func NewHomeHandler(a *auth.Manager, repo *db.Repo, r *Renderer) *HomeHandler {
+	return &HomeHandler{auth: a, repo: repo, render: r}
 }
 
 func (h *HomeHandler) Handle(w http.ResponseWriter, r *http.Request) {
-	h.render.Render(w, http.StatusOK, "home", BaseData(h.auth, r))
+	user := auth.UserFromCtx(r.Context())
+
+	sortParam := r.URL.Query().Get("sort")
+	search := r.URL.Query().Get("q")
+	source := r.URL.Query().Get("source")
+
+	var sortOrder db.SortOrder
+	switch sortParam {
+	case "weakest":
+		sortOrder = db.SortWeakest
+	case "seen":
+		sortOrder = db.SortMostSeen
+	default:
+		sortParam = "alpha"
+		sortOrder = db.SortAlpha
+	}
+
+	questions, err := h.repo.ListQuestions(db.ListFilter{
+		Source: source,
+		Search: search,
+		Sort:   sortOrder,
+		UserID: user.ID,
+	})
+	if err != nil {
+		slog.Error("list questions", "err", err)
+		HTTPError(w, http.StatusInternalServerError)
+		return
+	}
+
+	ids := make([]string, len(questions))
+	for i, q := range questions {
+		ids[i] = q.ID
+	}
+
+	stats, err := h.repo.GetStatsForUser(user.ID, ids)
+	if err != nil {
+		slog.Error("get stats", "err", err)
+		HTTPError(w, http.StatusInternalServerError)
+		return
+	}
+
+	rows := make([]QuestionRow, len(questions))
+	for i, q := range questions {
+		rows[i] = QuestionRow{Q: q, Stat: stats[q.ID]}
+	}
+
+	totalQ, _ := h.repo.CountQuestions()
+	totalA, _ := h.repo.CountAnswers()
+	sourceCounts, _ := h.repo.CountBySource()
+
+	data := BaseData(h.auth, r)
+	data["Questions"] = rows
+	data["TotalQ"] = totalQ
+	data["TotalA"] = totalA
+	data["SourceStats"] = sourceCounts
+	data["Sort"] = sortParam
+	data["Search"] = search
+	data["SelectedSource"] = source
+
+	h.render.Render(w, http.StatusOK, "home", data)
 }

internal/handlers/question.go

@@ -0,0 +1,112 @@
+package handlers
+
+import (
+	"fmt"
+	"log/slog"
+	"net/http"
+	"strconv"
+
+	"github.com/go-chi/chi/v5"
+
+	"qbank/internal/auth"
+	"qbank/internal/db"
+)
+
+type QuestionHandler struct {
+	auth   *auth.Manager
+	repo   *db.Repo
+	render *Renderer
+}
+
+func NewQuestionHandler(a *auth.Manager, repo *db.Repo, r *Renderer) *QuestionHandler {
+	return &QuestionHandler{auth: a, repo: repo, render: r}
+}
+
+func (h *QuestionHandler) Show(w http.ResponseWriter, r *http.Request) {
+	id := chi.URLParam(r, "id")
+	user := auth.UserFromCtx(r.Context())
+
+	q, answers, err := h.repo.GetQuestion(id)
+	if err != nil {
+		HTTPError(w, http.StatusNotFound)
+		return
+	}
+
+	stats, _ := h.repo.GetStatsForUser(user.ID, []string{id})
+
+	data := BaseData(h.auth, r)
+	data["Question"] = q
+	data["Answers"] = answers
+	data["Stat"] = stats[id]
+
+	h.render.Render(w, http.StatusOK, "question", data)
+}
+
+func (h *QuestionHandler) Edit(w http.ResponseWriter, r *http.Request) {
+	id := chi.URLParam(r, "id")
+
+	if !h.auth.CheckCSRF(r) {
+		HTTPError(w, http.StatusForbidden)
+		return
+	}
+
+	r.Body = http.MaxBytesReader(w, r.Body, 1<<20)
+	if err := r.ParseForm(); err != nil {
+		HTTPError(w, http.StatusBadRequest)
+		return
+	}
+
+	_, answers, err := h.repo.GetQuestion(id)
+	if err != nil {
+		HTTPError(w, http.StatusNotFound)
+		return
+	}
+
+	text := r.FormValue("q_text")
+	source := r.FormValue("source")
+	correctIdx, _ := strconv.Atoi(r.FormValue("correct"))
+
+	if err := h.repo.UpdateQuestion(id, text, source); err != nil {
+		slog.Error("update question", "err", err)
+		HTTPError(w, http.StatusInternalServerError)
+		return
+	}
+
+	updates := make([]db.AnswerUpdate, len(answers))
+	for i, a := range answers {
+		updates[i] = db.AnswerUpdate{
+			ID:        a.ID,
+			Text:      r.FormValue(fmt.Sprintf("a_text_%d", i)),
+			IsCorrect: i == correctIdx,
+		}
+	}
+	if err := h.repo.UpdateAnswers(updates); err != nil {
+		slog.Error("update answers", "err", err)
+		HTTPError(w, http.StatusInternalServerError)
+		return
+	}
+
+	h.auth.SetFlash(r, "Question saved.")
+	http.Redirect(w, r, "/questions/"+id, http.StatusSeeOther)
+}
+
+func (h *QuestionHandler) Delete(w http.ResponseWriter, r *http.Request) {
+	id := chi.URLParam(r, "id")
+
+	if !h.auth.CheckCSRF(r) {
+		HTTPError(w, http.StatusForbidden)
+		return
+	}
+
+	r.Body = http.MaxBytesReader(w, r.Body, 4096)
+	r.ParseForm()
+
+	if err := h.repo.DeleteQuestion(id); err != nil {
+		slog.Error("delete question", "err", err)
+		HTTPError(w, http.StatusInternalServerError)
+		return
+	}
+
+	h.auth.SetFlash(r, "Question deleted.")
+	http.Redirect(w, r, "/", http.StatusSeeOther)
+}

internal/handlers/render.go

@@ -11,6 +11,12 @@ import (
 
 var tmplFuncs = template.FuncMap{
 	"inc": func(i int) int { return i + 1 },
+	"pct": func(correct, seen int) int {
+		if seen == 0 {
+			return 0
+		}
+		return correct * 100 / seen
+	},
 }
 
 // Renderer parses and executes HTML templates from a directory.