cpolis/cmd/frontend/users.go

475 lines
14 KiB
Go
Raw Normal View History

package frontend
2024-03-11 21:08:27 +01:00
import (
"fmt"
"html/template"
"log"
"net/http"
"strconv"
b "streifling.com/jason/cpolis/cmd/backend"
2024-03-11 21:08:27 +01:00
)
func checkUserStrings(user *b.User) (string, int, bool) {
2024-10-27 14:53:37 +01:00
userLen := 63 // max value for utf-8 at 255 bytes
nameLen := 56 // max value when aes encrypting utf-8 at up to 255 bytes
2024-03-11 21:08:27 +01:00
if len(user.UserName) > userLen {
return "Benutzername", userLen, false
} else if len(user.FirstName) > nameLen {
return "Vorname", nameLen, false
} else if len(user.LastName) > nameLen {
return "Nachname", nameLen, false
} else {
return "", 0, true
}
}
func CreateUser(c *b.Config, s *b.CookieStore) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
if _, err := GetSession(w, r, c, s); err != nil {
log.Println(err)
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
tmpl, err := template.ParseFiles(c.WebDir + "/templates/add-user.html")
if err = template.Must(tmpl, err).ExecuteTemplate(w, "page-content", nil); err != nil {
log.Println(err)
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
}
2024-03-11 21:08:27 +01:00
}
func AddUser(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
2024-03-11 21:08:27 +01:00
return func(w http.ResponseWriter, r *http.Request) {
session, err := GetSession(w, r, c, s)
if err != nil {
log.Println(err)
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
user := &b.User{
UserName: r.PostFormValue("username"),
FirstName: r.PostFormValue("first-name"),
LastName: r.PostFormValue("last-name"),
2024-10-27 14:43:38 +01:00
Email: r.PostFormValue("email"),
2024-03-11 21:08:27 +01:00
}
pass := r.PostFormValue("password")
pass2 := r.PostFormValue("password2")
2024-10-27 14:43:38 +01:00
email2 := r.PostFormValue("email2")
2024-03-11 21:08:27 +01:00
2024-10-27 14:43:38 +01:00
if len(user.UserName) == 0 || len(user.FirstName) == 0 || len(user.LastName) == 0 || len(user.Email) == 0 || len(email2) == 0 || len(pass) == 0 || len(pass2) == 0 {
http.Error(w, "Bitte alle Felder ausfüllen.", http.StatusBadRequest)
2024-03-11 21:08:27 +01:00
return
}
userString, stringLen, ok := checkUserStrings(user)
2024-03-11 21:08:27 +01:00
if !ok {
http.Error(w, fmt.Sprint(userString, " ist zu lang. Maximal ", stringLen, " Zeichen erlaubt."), http.StatusBadRequest)
return
}
if id := db.GetID(user.UserName); id != 0 {
http.Error(w, user.UserName+" ist bereits vergeben. Bitte anderen Benutzernamen wählen.", http.StatusBadRequest)
2024-03-11 21:08:27 +01:00
return
}
2024-10-27 14:43:38 +01:00
if user.Email != email2 {
http.Error(w, "Die Emailadressen stimmen nicht überein.", http.StatusBadRequest)
return
}
2024-03-11 21:08:27 +01:00
if pass != pass2 {
http.Error(w, "Die Passwörter stimmen nicht überein.", http.StatusBadRequest)
2024-03-11 21:08:27 +01:00
return
}
roleString := r.PostFormValue("role")
if len(roleString) == 0 {
http.Error(w, "Bitte eine Aufgabe vergeben.", http.StatusBadRequest)
return
}
user.Role, err = strconv.Atoi(roleString)
if err != nil {
log.Println(err)
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
_, err = db.AddUser(c, user, pass)
2024-03-11 21:08:27 +01:00
if err != nil {
log.Println(err)
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
2024-03-28 07:00:37 +01:00
2024-10-27 13:58:19 +01:00
data := new(struct{ Role int })
data.Role = session.Values["role"].(int)
tmpl, err := template.ParseFiles(c.WebDir + "/templates/hub.html")
2024-04-12 08:46:34 +02:00
tmpl = template.Must(tmpl, err)
2024-10-27 13:58:19 +01:00
if err = tmpl.ExecuteTemplate(w, "page-content", data); err != nil {
log.Println(err)
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
2024-03-11 21:08:27 +01:00
}
}
func EditSelf(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
2024-03-12 19:56:22 +01:00
return func(w http.ResponseWriter, r *http.Request) {
session, err := GetSession(w, r, c, s)
2024-03-12 19:56:22 +01:00
if err != nil {
log.Println(err)
http.Error(w, err.Error(), http.StatusInternalServerError)
return
2024-03-12 19:56:22 +01:00
}
user, err := db.GetUser(c, session.Values["id"].(int64))
2024-03-12 19:56:22 +01:00
if err != nil {
log.Println(err)
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
2024-04-09 19:06:29 +02:00
tmpl, err := template.ParseFiles(c.WebDir + "/templates/edit-self.html")
if err = template.Must(tmpl, err).ExecuteTemplate(w, "page-content", user); err != nil {
log.Println(err)
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
2024-03-12 19:56:22 +01:00
}
}
func UpdateSelf(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
2024-03-11 21:08:27 +01:00
return func(w http.ResponseWriter, r *http.Request) {
session, err := GetSession(w, r, c, s)
2024-03-11 21:08:27 +01:00
if err != nil {
log.Println(err)
http.Error(w, err.Error(), http.StatusInternalServerError)
return
2024-03-11 21:08:27 +01:00
}
user := &b.User{
ID: session.Values["id"].(int64),
UserName: r.PostFormValue("username"),
FirstName: r.PostFormValue("first-name"),
LastName: r.PostFormValue("last-name"),
2024-10-27 14:43:38 +01:00
Email: r.PostFormValue("email"),
2024-03-11 21:08:27 +01:00
}
2024-03-11 21:08:27 +01:00
oldPass := r.PostFormValue("old-password")
newPass := r.PostFormValue("password")
newPass2 := r.PostFormValue("password2")
2024-10-27 14:43:38 +01:00
email2 := r.PostFormValue("email2")
2024-03-11 21:08:27 +01:00
if len(user.UserName) == 0 {
http.Error(w, "Bitte den Benutzernamen ausfüllen.", http.StatusBadRequest)
2024-03-11 21:08:27 +01:00
return
}
if len(user.FirstName) == 0 || len(user.LastName) == 0 {
http.Error(w, "Bitte den vollständigen Namen ausfüllen.", http.StatusBadRequest)
return
}
2024-10-27 14:43:38 +01:00
if len(user.Email) == 0 || len(email2) == 0 {
http.Error(w, "Bitte die Emailadresse ausfüllen.", http.StatusBadRequest)
return
}
if user.Email != email2 {
http.Error(w, "Die Emailadressen stimmen nicht überein", http.StatusBadRequest)
return
}
if newPass != newPass2 {
http.Error(w, "Die Passwörter stimmen nicht überein", http.StatusBadRequest)
return
}
userString, stringLen, ok := checkUserStrings(user)
2024-03-11 21:08:27 +01:00
if !ok {
http.Error(w, fmt.Sprint(userString, " ist zu lang. Maximal ", stringLen, " Zeichen erlaubt."), http.StatusBadRequest)
return
}
if id := db.GetID(user.UserName); id != 0 && id != user.ID {
http.Error(w, user.UserName+" ist bereits vergeben. Bitte anderen Benutzernamen wählen.", http.StatusBadRequest)
return
}
2024-10-27 14:43:38 +01:00
if err = db.UpdateOwnUserAttributes(c, user.ID, user.UserName, user.FirstName, user.LastName, user.Email, oldPass, newPass); err != nil {
log.Println("error: user:", user.ID, err)
http.Error(w, "Benutzerdaten konnten nicht aktualisiert werden.", http.StatusInternalServerError)
return
2024-03-11 21:08:27 +01:00
}
2024-10-27 13:58:19 +01:00
data := new(struct{ Role int })
data.Role = session.Values["role"].(int)
tmpl, err := template.ParseFiles(c.WebDir + "/templates/hub.html")
2024-03-11 21:08:27 +01:00
tmpl = template.Must(tmpl, err)
2024-10-27 13:58:19 +01:00
if err = tmpl.ExecuteTemplate(w, "page-content", data); err != nil {
log.Println(err)
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
2024-03-11 21:08:27 +01:00
}
}
func AddFirstUser(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
var err error
user := &b.User{
UserName: r.PostFormValue("username"),
FirstName: r.PostFormValue("first-name"),
LastName: r.PostFormValue("last-name"),
2024-10-27 14:43:38 +01:00
Email: r.PostFormValue("email"),
Role: b.Admin,
}
pass := r.PostFormValue("password")
pass2 := r.PostFormValue("password2")
2024-10-27 14:43:38 +01:00
email2 := r.PostFormValue("email2")
2024-10-27 14:43:38 +01:00
if len(user.UserName) == 0 || len(user.FirstName) == 0 || len(user.LastName) == 0 || len(user.Email) == 0 || len(email2) == 0 || len(pass) == 0 || len(pass2) == 0 {
http.Error(w, "Bitte alle Felder ausfüllen.", http.StatusBadRequest)
return
}
userString, stringLen, ok := checkUserStrings(user)
if !ok {
http.Error(w, fmt.Sprint(userString, " ist zu lang. Maximal ", stringLen, " Zeichen erlaubt."), http.StatusBadRequest)
return
}
2024-10-27 14:43:38 +01:00
if user.Email != email2 {
http.Error(w, "Die Emailadressen stimmen nicht überein.", http.StatusBadRequest)
return
}
if pass != pass2 {
http.Error(w, "Die Passwörter stimmen nicht überein.", http.StatusBadRequest)
return
}
user.ID, err = db.AddFirstUser(c, user, pass)
if err != nil {
log.Println(err)
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
if user.ID == -1 {
http.Error(w, "Bitte ein Benutzerkonto von einem Administrator anlegen lassen.", http.StatusInternalServerError)
return
}
if err := saveSession(w, r, s, user); err != nil {
log.Println(err)
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
if _, err := db.AddIssue(); err != nil {
log.Println(err)
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
2024-10-27 13:58:19 +01:00
data := new(struct{ Role int })
data.Role = 0
tmpl, err := template.ParseFiles(c.WebDir + "/templates/hub.html")
2024-10-27 13:58:19 +01:00
if err = template.Must(tmpl, err).ExecuteTemplate(w, "page-content", data); err != nil {
log.Println(err)
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
}
}
2024-04-09 19:06:29 +02:00
func ShowAllUsers(c *b.Config, db *b.DB, s *b.CookieStore, action string) http.HandlerFunc {
2024-04-09 19:06:29 +02:00
return func(w http.ResponseWriter, r *http.Request) {
session, err := GetSession(w, r, c, s)
if err != nil {
log.Println(err)
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
2024-09-10 19:59:56 +02:00
data := new(struct {
Users map[int64]*b.User
2024-04-12 08:46:34 +02:00
Action string
2024-09-10 19:59:56 +02:00
})
2024-04-12 08:46:34 +02:00
2024-09-10 19:59:56 +02:00
data.Action = action
data.Users, err = db.GetAllUsers(c)
2024-04-09 19:06:29 +02:00
if err != nil {
log.Println(err)
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
2024-04-12 08:46:34 +02:00
delete(data.Users, session.Values["id"].(int64))
2024-04-09 19:06:29 +02:00
tmpl, err := template.ParseFiles(c.WebDir + "/templates/show-all-users.html")
if err = template.Must(tmpl, err).ExecuteTemplate(w, "page-content", data); err != nil {
log.Println(err)
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
2024-04-09 19:06:29 +02:00
}
}
func EditUser(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
2024-04-09 19:06:29 +02:00
return func(w http.ResponseWriter, r *http.Request) {
if _, err := GetSession(w, r, c, s); err != nil {
log.Println(err)
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
2024-04-09 19:06:29 +02:00
id, err := strconv.ParseInt(r.PathValue("id"), 10, 64)
if err != nil {
log.Println(err)
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
user, err := db.GetUser(c, id)
2024-04-09 19:06:29 +02:00
if err != nil {
log.Println(err)
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
tmpl, err := template.ParseFiles(c.WebDir + "/templates/edit-user.html")
if err = template.Must(tmpl, err).ExecuteTemplate(w, "page-content", user); err != nil {
log.Println(err)
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
2024-04-09 19:06:29 +02:00
}
}
func UpdateUser(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
2024-04-09 19:06:29 +02:00
return func(w http.ResponseWriter, r *http.Request) {
session, err := GetSession(w, r, c, s)
if err != nil {
log.Println(err)
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
user := new(b.User)
user.ID, err = strconv.ParseInt(r.PathValue("id"), 10, 64)
2024-04-09 19:06:29 +02:00
if err != nil {
log.Println(err)
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
user.Role, err = strconv.Atoi(r.PostFormValue("role"))
2024-04-09 19:06:29 +02:00
if err != nil {
log.Println(err)
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
user.UserName = r.PostFormValue("username")
if len(user.UserName) == 0 {
2024-10-27 14:43:38 +01:00
http.Error(w, "Bitte den Benutzernamen ausfüllen.", http.StatusBadRequest)
return
}
user.FirstName = r.PostFormValue("first-name")
user.LastName = r.PostFormValue("last-name")
if len(user.FirstName) == 0 || len(user.LastName) == 0 {
2024-10-27 14:43:38 +01:00
http.Error(w, "Bitte den vollständigen Namen ausfüllen.", http.StatusBadRequest)
return
}
user.Email = r.PostFormValue("email")
email2 := r.PostFormValue("email2")
if len(user.Email) == 0 || len(email2) == 0 {
http.Error(w, "Bitte die Emailadresse ausfüllen.", http.StatusBadRequest)
return
}
if user.Email != email2 {
http.Error(w, "Die Emailadressen stimmen nicht überein.", http.StatusBadRequest)
return
2024-04-09 19:06:29 +02:00
}
2024-04-09 19:06:29 +02:00
newPass := r.PostFormValue("password")
newPass2 := r.PostFormValue("password2")
2024-10-27 14:43:38 +01:00
if newPass != newPass2 {
http.Error(w, "Die Passwörter stimmen nicht überein.", http.StatusBadRequest)
return
}
2024-04-09 19:06:29 +02:00
userString, stringLen, ok := checkUserStrings(user)
if !ok {
http.Error(w, fmt.Sprint(userString, " ist zu lang. Maximal ", stringLen, " Zeichen erlaubt."), http.StatusBadRequest)
2024-04-09 19:06:29 +02:00
return
}
if id := db.GetID(user.UserName); id != 0 && id != user.ID {
http.Error(w, user.UserName+" ist bereits vergeben. Bitte anderen Benutzernamen wählen.", http.StatusBadRequest)
return
2024-04-09 19:06:29 +02:00
}
2024-10-27 14:43:38 +01:00
if err = db.UpdateUserAttributes(c, user.ID, user.UserName, user.FirstName, user.LastName, user.Email, newPass, user.Role); err != nil {
log.Println("error: user:", user.ID, err)
http.Error(w, "Benutzerdaten konnten nicht aktualisiert werden.", http.StatusInternalServerError)
return
}
2024-10-27 13:58:19 +01:00
data := new(struct{ Role int })
data.Role = session.Values["role"].(int)
tmpl := template.Must(template.ParseFiles(c.WebDir + "/templates/hub.html"))
2024-10-27 13:58:19 +01:00
if err = tmpl.ExecuteTemplate(w, "page-content", data); err != nil {
log.Println(err)
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
2024-04-12 08:46:34 +02:00
}
}
func DeleteUser(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
2024-04-12 08:46:34 +02:00
return func(w http.ResponseWriter, r *http.Request) {
session, err := GetSession(w, r, c, s)
if err != nil {
log.Println(err)
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
2024-04-12 08:46:34 +02:00
id, err := strconv.ParseInt(r.PathValue("id"), 10, 64)
if err != nil {
log.Println(err)
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
if err = db.DeleteUser(id); err != nil {
log.Println(err)
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
2024-10-27 13:58:19 +01:00
data := new(struct{ Role int })
data.Role = session.Values["role"].(int)
2024-04-12 08:46:34 +02:00
tmpl, err := template.ParseFiles(c.WebDir + "/templates/hub.html")
tmpl = template.Must(tmpl, err)
2024-10-27 13:58:19 +01:00
if err = tmpl.ExecuteTemplate(w, "page-content", data); err != nil {
log.Println(err)
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
2024-04-09 19:06:29 +02:00
}
}