Get rid of github.com/go-chi/render use

Replace go-chi/render with go-pkgz/rest for JSON responses and custom
helpers for HTML/plain text responses.

Key changes:
- Replace render.JSON/render.Status with rest.RenderJSON and explicit
  w.WriteHeader() calls
- Replace render.DecodeJSON with json.NewDecoder().Decode()
- Add SendErrorJSON helper that sets Content-Type header before
  WriteHeader (required since rest.RenderJSON can't set headers after
  WriteHeader is called)
- Add HTMLResponse and PlainTextResponse helpers

Fix export double-execution in migrator.go:
The original code called Export twice - once to io.Discard to check for
errors, then again to actually write. This was wasteful and had a race
condition risk. Now file mode buffers to memory first for atomic
success/failure, while stream mode writes directly with proper error
handling.

Author: paskal

backend/app/rest/api/admin.go

@@ -7,7 +7,6 @@ import (
 	"time"
 
 	"github.com/go-chi/chi/v5"
-	"github.com/go-chi/render"
 	"github.com/go-pkgz/auth/v2"
 	cache "github.com/go-pkgz/lcw/v2"
 	log "github.com/go-pkgz/lgr"
@@ -54,8 +53,7 @@ func (a *admin) deleteCommentCtrl(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 	a.cache.Flush(cache.Flusher(locator.SiteID).Scopes(locator.SiteID, locator.URL, lastCommentsScope))
-	render.Status(r, http.StatusOK)
-	render.JSON(w, r, R.JSON{"id": id, "locator": locator})
+	R.RenderJSON(w, R.JSON{"id": id, "locator": locator})
 }
 
 // DELETE /user/{userid}?site=side-id - delete all user comments for requested userid
@@ -69,8 +67,7 @@ func (a *admin) deleteUserCtrl(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 	a.cache.Flush(cache.Flusher(siteID).Scopes(userID, siteID, lastCommentsScope))
-	render.Status(r, http.StatusOK)
-	render.JSON(w, r, R.JSON{"user_id": userID, "site_id": siteID})
+	R.RenderJSON(w, R.JSON{"user_id": userID, "site_id": siteID})
 }
 
 // GET /user/{userid}?site=side-id - get user info for requested userid
@@ -84,8 +81,7 @@ func (a *admin) getUserInfoCtrl(w http.ResponseWriter, r *http.Request) {
 		rest.SendErrorJSON(w, r, http.StatusBadRequest, err, "can't get user info", rest.ErrInternal)
 		return
 	}
-	render.Status(r, http.StatusOK)
-	render.JSON(w, r, ucomments[0].User)
+	R.RenderJSON(w, ucomments[0].User)
 }
 
 // GET /deleteme?token=jwt - delete all user comments and details by user's request. Gets info about deleted used from provided token
@@ -135,8 +131,7 @@ func (a *admin) deleteMeRequestCtrl(w http.ResponseWriter, r *http.Request) {
 	}
 
 	a.cache.Flush(cache.Flusher(audience).Scopes(audience, claims.User.ID, lastCommentsScope))
-	render.Status(r, http.StatusOK)
-	render.JSON(w, r, R.JSON{"user_id": claims.User.ID, "site_id": claims.Audience})
+	R.RenderJSON(w, R.JSON{"user_id": claims.User.ID, "site_id": claims.Audience})
 }
 
 // PUT /user/{userid}?site=side-id&block=1&ttl=7d - block or unblock user
@@ -164,7 +159,7 @@ func (a *admin) setBlockCtrl(w http.ResponseWriter, r *http.Request) {
 		}
 	}
 	a.cache.Flush(cache.Flusher(siteID).Scopes(userID, siteID, lastCommentsScope))
-	render.JSON(w, r, R.JSON{"user_id": userID, "site_id": siteID, "block": blockStatus})
+	R.RenderJSON(w, R.JSON{"user_id": userID, "site_id": siteID, "block": blockStatus})
 }
 
 // GET /blocked?site=siteID - list blocked users
@@ -175,7 +170,7 @@ func (a *admin) blockedUsersCtrl(w http.ResponseWriter, r *http.Request) {
 		rest.SendErrorJSON(w, r, http.StatusBadRequest, err, "can't get blocked users", rest.ErrSiteNotFound)
 		return
 	}
-	render.JSON(w, r, users)
+	R.RenderJSON(w, users)
 }
 
 // PUT /readonly?site=siteID&url=post-url&ro=1 - set or reset read-only status for the post
@@ -202,7 +197,7 @@ func (a *admin) setReadOnlyCtrl(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 	a.cache.Flush(cache.Flusher(locator.SiteID).Scopes(locator.URL, locator.SiteID))
-	render.JSON(w, r, R.JSON{"locator": locator, "read-only": roStatus})
+	R.RenderJSON(w, R.JSON{"locator": locator, "read-only": roStatus})
 }
 
 // PUT /title/{id}?site=siteID&url=post-url - set comment PostTitle to page's title
@@ -218,8 +213,7 @@ func (a *admin) setTitleCtrl(w http.ResponseWriter, r *http.Request) {
 	log.Printf("[INFO] set comment's title %s to %q", id, c.PostTitle)
 
 	a.cache.Flush(cache.Flusher(locator.SiteID).Scopes(locator.URL, lastCommentsScope))
-	render.Status(r, http.StatusOK)
-	render.JSON(w, r, R.JSON{"id": id, "locator": locator})
+	R.RenderJSON(w, R.JSON{"id": id, "locator": locator})
 }
 
 // PUT /verify?site=siteID&url=post-url&ro=1 - set or reset read-only status for the post
@@ -233,7 +227,7 @@ func (a *admin) setVerifyCtrl(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 	a.cache.Flush(cache.Flusher(siteID).Scopes(siteID, userID))
-	render.JSON(w, r, R.JSON{"user": userID, "verified": verifyStatus})
+	R.RenderJSON(w, R.JSON{"user": userID, "verified": verifyStatus})
 }
 
 // PUT /pin/{id}?site=siteID&url=post-url&pin=1
@@ -248,5 +242,5 @@ func (a *admin) setPinCtrl(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 	a.cache.Flush(cache.Flusher(locator.SiteID).Scopes(locator.URL))
-	render.JSON(w, r, R.JSON{"id": commentID, "locator": locator, "pin": pinStatus})
+	R.RenderJSON(w, R.JSON{"id": commentID, "locator": locator, "pin": pinStatus})
 }

backend/app/rest/api/migrator.go

@@ -1,16 +1,17 @@
 package api
 
 import (
+	"bytes"
 	"compress/gzip"
 	"context"
 	"fmt"
 	"io"
 	"net/http"
 	"os"
+	"strconv"
 	"sync"
 	"time"
 
-	"github.com/go-chi/render"
 	cache "github.com/go-pkgz/lcw/v2"
 	log "github.com/go-pkgz/lgr"
 	R "github.com/go-pkgz/rest"
@@ -58,8 +59,8 @@ func (m *Migrator) importCtrl(w http.ResponseWriter, r *http.Request) {
 
 	go m.runImport(siteID, r.URL.Query().Get("provider"), tmpfile) // import runs in background and sets busy flag for site
 
-	render.Status(r, http.StatusAccepted)
-	render.JSON(w, r, R.JSON{"status": "import request accepted"})
+	w.WriteHeader(http.StatusAccepted)
+	R.RenderJSON(w, R.JSON{"status": "import request accepted"})
 }
 
 // POST /import/form?secret=key&site=site-id&provider=disqus|remark|wordpress
@@ -93,8 +94,8 @@ func (m *Migrator) importFormCtrl(w http.ResponseWriter, r *http.Request) {
 
 	go m.runImport(siteID, r.URL.Query().Get("provider"), tmpfile) // import runs in background and sets busy flag for site
 
-	render.Status(r, http.StatusAccepted)
-	render.JSON(w, r, R.JSON{"status": "import request accepted"})
+	w.WriteHeader(http.StatusAccepted)
+	R.RenderJSON(w, R.JSON{"status": "import request accepted"})
 }
 
 // GET /wait?site=site-id
@@ -114,38 +115,46 @@ func (m *Migrator) waitCtrl(w http.ResponseWriter, r *http.Request) {
 
 		select {
 		case <-ctx.Done():
-			render.Status(r, http.StatusGatewayTimeout)
-			render.JSON(w, r, R.JSON{"status": "timeout expired", "site_id": siteID})
+			w.WriteHeader(http.StatusGatewayTimeout)
+			R.RenderJSON(w, R.JSON{"status": "timeout expired", "site_id": siteID})
 			return
 		case <-time.After(100 * time.Millisecond):
 		}
 	}
-	render.Status(r, http.StatusOK)
-	render.JSON(w, r, R.JSON{"status": "completed", "site_id": siteID})
+	R.RenderJSON(w, R.JSON{"status": "completed", "site_id": siteID})
 }
 
 // GET /export?site=site-id&secret=12345&?mode=file|stream
 // exports all comments for siteID as gz file
 func (m *Migrator) exportCtrl(w http.ResponseWriter, r *http.Request) {
 	siteID := r.URL.Query().Get("site")
 
-	var writer io.Writer = w
 	if r.URL.Query().Get("mode") == "file" {
+		// buffer to memory to handle errors before committing to response
+		var buf bytes.Buffer
+		gzWriter := gzip.NewWriter(&buf)
+		if _, err := m.NativeExporter.Export(gzWriter, siteID); err != nil {
+			rest.SendErrorJSON(w, r, http.StatusInternalServerError, err, "export failed", rest.ErrInternal)
+			return
+		}
+		if err := gzWriter.Close(); err != nil {
+			rest.SendErrorJSON(w, r, http.StatusInternalServerError, err, "export failed", rest.ErrInternal)
+			return
+		}
+
 		exportFile := fmt.Sprintf("%s-%s.json.gz", siteID, time.Now().Format("20060102"))
 		w.Header().Set("Content-Type", "application/gzip")
 		w.Header().Set("Content-Disposition", "attachment;filename="+exportFile)
-		gzWriter := gzip.NewWriter(w)
-		defer func() {
-			if e := gzWriter.Close(); e != nil {
-				log.Printf("[WARN] can't close gzip writer, %s", e)
-			}
-		}()
-		writer = gzWriter
+		w.Header().Set("Content-Length", strconv.Itoa(buf.Len()))
+		if _, err := io.Copy(w, &buf); err != nil {
+			log.Printf("[WARN] failed to write export response: %v", err)
+		}
+		return
 	}
 
-	if _, err := m.NativeExporter.Export(writer, siteID); err != nil {
+	// stream mode - write directly to response
+	if _, err := m.NativeExporter.Export(w, siteID); err != nil {
 		rest.SendErrorJSON(w, r, http.StatusInternalServerError, err, "export failed", rest.ErrInternal)
-		return
 	}
 }
 
@@ -201,8 +210,8 @@ func (m *Migrator) remapCtrl(w http.ResponseWriter, r *http.Request) {
 		log.Printf("[DEBUG] convert request completed. site=%s, comments=%d", siteID, size)
 	}()
 
-	render.Status(r, http.StatusAccepted)
-	render.JSON(w, r, R.JSON{"status": "convert request accepted"})
+	w.WriteHeader(http.StatusAccepted)
+	R.RenderJSON(w, R.JSON{"status": "convert request accepted"})
 }
 
 // runImport reads from tmpfile and import for given siteID and provider

backend/app/rest/api/rest.go

@@ -20,7 +20,6 @@ import (
 	"github.com/go-chi/chi/v5"
 	"github.com/go-chi/chi/v5/middleware"
 	"github.com/go-chi/cors"
-	"github.com/go-chi/render"
 	"github.com/go-pkgz/auth/v2"
 	"github.com/go-pkgz/lcw/v2"
 	log "github.com/go-pkgz/lgr"
@@ -473,8 +472,7 @@ func (s *Rest) configCtrl(w http.ResponseWriter, r *http.Request) {
 	if cnf.Admins == nil { // prevent json serialization to nil
 		cnf.Admins = []string{}
 	}
-	render.Status(r, http.StatusOK)
-	render.JSON(w, r, cnf)
+	R.RenderJSON(w, cnf)
 }
 
 // serves static files from the webRoot directory or files embedded into the compiled binary if that directory is absent