Better feedback when logging in with wrong email

Also set favicon for error pages to static.goatcounter.com for now,
solves CSP errors

go.mod

@@ -2,7 +2,7 @@ module zgo.at/goatcounter
 
 go 1.12
 
-//replace zgo.at/zhttp => ../zhttp
+// replace zgo.at/zhttp => ../zhttp
 
 // This fork doesn't depend on the github.com/teamwork/mailaddress package and
 // its transient dependencies. Hard to update to upstream due to compatibility.

handlers/backend.go

@@ -84,7 +84,7 @@ func (h Backend) Mount(r chi.Router, db *sqlx.DB) {
 			"X-Content-Type-Options":    []string{"nosniff"},
 			"Content-Security-Policy": {header.CSP{
 				header.CSPDefaultSrc: {header.CSPSourceNone},
-				header.CSPImgSrc:     {cfg.DomainStatic},
+				header.CSPImgSrc:     {cfg.DomainStatic, "https://static.goatcounter.com"},
 				header.CSPScriptSrc:  {cfg.DomainStatic},
 				header.CSPStyleSrc:   {cfg.DomainStatic, header.CSPSourceUnsafeInline}, // style="height: " on the charts.
 				header.CSPFontSrc:    {cfg.DomainStatic},

handlers/user.go

@@ -9,6 +9,7 @@ import (
 	"database/sql"
 	"fmt"
 	"net/http"
+	"net/url"
 
 	"github.com/go-chi/chi"
 	"github.com/pkg/errors"
@@ -37,7 +38,8 @@ func (h user) mount(r chi.Router) {
 func (h user) new(w http.ResponseWriter, r *http.Request) error {
 	return zhttp.Template(w, "user.gohtml", struct {
 		Globals
-	}{newGlobals(w, r)})
+		Email string
+	}{newGlobals(w, r), r.URL.Query().Get("email")})
 }
 
 func (h user) requestLogin(w http.ResponseWriter, r *http.Request) error {
@@ -52,10 +54,12 @@ func (h user) requestLogin(w http.ResponseWriter, r *http.Request) error {
 	var u goatcounter.User
 	err = u.ByEmail(r.Context(), args.Email)
 	if err != nil {
-		if errors.Cause(err) != sql.ErrNoRows {
-			zlog.Error(err)
+		if errors.Cause(err) == sql.ErrNoRows {
+			zhttp.FlashError(w, "Not an account on this site: %q", args.Email)
+			return zhttp.SeeOther(w, fmt.Sprintf("/user/new?email=%s", url.QueryEscape(args.Email)))
 		}
-		return guru.New(http.StatusForbidden, "Can't log you in. Sorry :-(")
+
+		return err
 	}
 
 	err = u.RequestLogin(r.Context())

tpl/_backend_signin.gohtml

@@ -1,5 +1,5 @@
 <form method="post" action="/user/requestlogin" id="request-login">
 	<label for="email">Email address</label>
-	<input type="email" name="email" id="email" required>
+	<input type="email" name="email" id="email" value="{{.Email}}" required>
 	<button>Sign in</button>
 </form>

tpl/error.gohtml

@@ -4,7 +4,7 @@
 	<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
 	<meta name="viewport" content="width=device-width, initial-scale=1">
 	<title>GoatCounter – Error!</title>
-	<style>h1 { text-align: left; }</style>
+	<link rel="shortcut icon" href="https://static.goatcounter.com/favicon.ico">
 </head>
 
 <body>