From 4da9792b0f9fb5de9049bf0d167edd196c7fc5a4 Mon Sep 17 00:00:00 2001 From: Jason Streifling Date: Sun, 12 Jan 2025 15:29:32 +0100 Subject: [PATCH 01/10] Minor cleanup --- cmd/backend/config.go | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/cmd/backend/config.go b/cmd/backend/config.go index 53a5ea1..4df4c24 100644 --- a/cmd/backend/config.go +++ b/cmd/backend/config.go @@ -14,11 +14,11 @@ import ( type Config struct { AESKeyFile string ArticleDir string + AtomFile string ConfigFile string DBName string Description string Domain string - AtomFile string FirebaseKey string GOBKeyFile string Link string @@ -52,7 +52,7 @@ func newConfig() *Config { PDFDir: "/var/www/cpolis/pdfs", PicsDir: "/var/www/cpolis/pics", Port: ":8080", - Version: "v0.14.1", + Version: "v0.15.0", WebDir: "/var/www/cpolis/web", } } @@ -171,6 +171,14 @@ func (c *Config) setupConfig(cliConfig *Config) error { return fmt.Errorf("error setting up directory: %v", err) } + if cliConfig.AtomFile != defaultConfig.AtomFile { + c.AtomFile = cliConfig.AtomFile + } + c.AtomFile, err = mkFile(c.AtomFile, 0644, 0744) + if err != nil { + return fmt.Errorf("error setting up file: %v", err) + } + if cliConfig.DBName != defaultConfig.DBName { c.DBName = cliConfig.DBName } @@ -182,19 +190,11 @@ func (c *Config) setupConfig(cliConfig *Config) error { if cliConfig.Domain != defaultConfig.Domain { c.Domain = cliConfig.Domain } - domainStrings := strings.Split(c.Domain, "/") - if domainStrings[0] != "http:" && domainStrings[0] != "https:" { + domainStrings := strings.Split(c.Domain, ":") + if domainStrings[0] != "http" && domainStrings[0] != "https" { c.Domain = "https://" + c.Domain } - if cliConfig.AtomFile != defaultConfig.AtomFile { - c.AtomFile = cliConfig.AtomFile - } - c.AtomFile, err = mkFile(c.AtomFile, 0644, 0744) - if err != nil { - return fmt.Errorf("error setting up file: %v", err) - } - if cliConfig.FirebaseKey != defaultConfig.FirebaseKey { c.FirebaseKey = cliConfig.FirebaseKey } From d953b4135c2b64497c30458d09a66ac8a744dfab Mon Sep 17 00:00:00 2001 From: Jason Streifling Date: Tue, 14 Jan 2025 20:53:49 +0100 Subject: [PATCH 02/10] Initial version of native session management --- .air.toml | 1 - cmd/backend/config.go | 90 ++++++++-------- cmd/backend/sessions.go | 63 ----------- cmd/calls/images.go | 4 +- cmd/frontend/articles.go | 137 ++++++++++-------------- cmd/frontend/homepage.go | 101 +++++++++++++++++ cmd/frontend/images.go | 14 ++- cmd/frontend/issues.go | 33 ++---- cmd/frontend/pdf.go | 7 +- cmd/frontend/sessions.go | 226 +++++++++++++++++---------------------- cmd/frontend/tags.go | 16 ++- cmd/frontend/users.go | 78 ++++++-------- cmd/main.go | 98 ++++++++--------- go.mod | 2 - go.sum | 6 -- 15 files changed, 397 insertions(+), 479 deletions(-) delete mode 100644 cmd/backend/sessions.go create mode 100644 cmd/frontend/homepage.go diff --git a/.air.toml b/.air.toml index de3b9a9..5bb1f10 100644 --- a/.air.toml +++ b/.air.toml @@ -12,7 +12,6 @@ args_bin = [ "-domain localhost", "-feed tmp/cpolis.atom", "-firebase tmp/firebase.json", - "-gob tmp/cpolis.gob", "-img-width 256", "-link https://distrikt-ni-st.de", "-log tmp/cpolis.log", diff --git a/cmd/backend/config.go b/cmd/backend/config.go index 4df4c24..5fcb0f3 100644 --- a/cmd/backend/config.go +++ b/cmd/backend/config.go @@ -12,48 +12,48 @@ import ( ) type Config struct { - AESKeyFile string - ArticleDir string - AtomFile string - ConfigFile string - DBName string - Description string - Domain string - FirebaseKey string - GOBKeyFile string - Link string - LogFile string - PDFDir string - PicsDir string - Port string - Title string - Version string - WebDir string - MaxBannerHeight int - MaxBannerWidth int - MaxImgHeight int - MaxImgWidth int + AESKeyFile string + ArticleDir string + AtomFile string + ConfigFile string + DBName string + Description string + Domain string + FirebaseKey string + Link string + LogFile string + PDFDir string + PicsDir string + Port string + Title string + Version string + WebDir string + CookieExpiryHours int + MaxBannerHeight int + MaxBannerWidth int + MaxImgHeight int + MaxImgWidth int } func newConfig() *Config { return &Config{ - AESKeyFile: "/var/www/cpolis/aes.key", - ArticleDir: "/var/www/cpolis/articles", - AtomFile: "/var/www/cpolis/cpolis.atom", - ConfigFile: "/etc/cpolis/config.toml", - DBName: "cpolis", - FirebaseKey: "/var/www/cpolis/serviceAccountKey.json", - GOBKeyFile: "/var/www/cpolis/gob.key", - LogFile: "/var/log/cpolis.log", - MaxBannerHeight: 1080, - MaxBannerWidth: 1920, - MaxImgHeight: 1080, - MaxImgWidth: 1920, - PDFDir: "/var/www/cpolis/pdfs", - PicsDir: "/var/www/cpolis/pics", - Port: ":8080", - Version: "v0.15.0", - WebDir: "/var/www/cpolis/web", + AESKeyFile: "/var/www/cpolis/aes.key", + ArticleDir: "/var/www/cpolis/articles", + AtomFile: "/var/www/cpolis/cpolis.atom", + ConfigFile: "/etc/cpolis/config.toml", + CookieExpiryHours: 24 * 30, + DBName: "cpolis", + FirebaseKey: "/var/www/cpolis/serviceAccountKey.json", + LogFile: "/var/log/cpolis.log", + MaxBannerHeight: 1080, + MaxBannerWidth: 1920, + MaxImgHeight: 1080, + MaxImgWidth: 1920, + PDFDir: "/var/www/cpolis/pdfs", + PicsDir: "/var/www/cpolis/pics", + Port: ":8080", + Version: "v0.15.0", + WebDir: "/var/www/cpolis/web", } } @@ -116,13 +116,13 @@ func (c *Config) handleCliArgs() error { flag.StringVar(&c.Description, "desc", c.Description, "channel description") flag.StringVar(&c.Domain, "domain", c.Domain, "domain name") flag.StringVar(&c.FirebaseKey, "firebase", c.FirebaseKey, "Firebase service account key file") - flag.StringVar(&c.GOBKeyFile, "gob", c.GOBKeyFile, "gob key file") flag.StringVar(&c.Link, "link", c.Link, "channel Link") flag.StringVar(&c.LogFile, "log", c.LogFile, "log file") flag.StringVar(&c.PDFDir, "pdfs", c.PDFDir, "pdf directory") flag.StringVar(&c.PicsDir, "pics", c.PicsDir, "pictures directory") flag.StringVar(&c.Title, "title", c.Title, "channel title") flag.StringVar(&c.WebDir, "web", c.WebDir, "web directory") + flag.IntVar(&c.CookieExpiryHours, "cookie-expiry-hours", c.CookieExpiryHours, "cookies expire after this amount of hours") flag.IntVar(&c.MaxBannerHeight, "banner-height", c.MaxBannerHeight, "maximum banner height") flag.IntVar(&c.MaxBannerWidth, "banner-width", c.MaxBannerWidth, "maximum banner width") flag.IntVar(&c.MaxImgHeight, "img-height", c.MaxImgHeight, "maximum image height") @@ -179,6 +179,10 @@ func (c *Config) setupConfig(cliConfig *Config) error { return fmt.Errorf("error setting up file: %v", err) } + if cliConfig.CookieExpiryHours != defaultConfig.CookieExpiryHours { + c.CookieExpiryHours = cliConfig.CookieExpiryHours + } + if cliConfig.DBName != defaultConfig.DBName { c.DBName = cliConfig.DBName } @@ -203,14 +207,6 @@ func (c *Config) setupConfig(cliConfig *Config) error { return fmt.Errorf("error setting up file: %v", err) } - if cliConfig.GOBKeyFile != defaultConfig.GOBKeyFile { - c.GOBKeyFile = cliConfig.GOBKeyFile - } - c.GOBKeyFile, err = mkFile(c.GOBKeyFile, 0600, 0700) - if err != nil { - return fmt.Errorf("error setting up file: %v", err) - } - if cliConfig.Link != defaultConfig.Link { c.Link = cliConfig.Link } diff --git a/cmd/backend/sessions.go b/cmd/backend/sessions.go deleted file mode 100644 index 4fc8f29..0000000 --- a/cmd/backend/sessions.go +++ /dev/null @@ -1,63 +0,0 @@ -package backend - -import ( - "crypto/rand" - "encoding/gob" - "fmt" - "io" - "os" - - "github.com/gorilla/sessions" -) - -type ( - CookieStore struct{ sessions.CookieStore } - Session struct{ sessions.Session } -) - -func NewKey() ([]byte, error) { - key := make([]byte, 32) - - if _, err := io.ReadFull(rand.Reader, key); err != nil { - return nil, fmt.Errorf("error generating key: %v", err) - } - - return key, nil -} - -func SaveKey(key []byte, filename string) error { - file, err := os.Create(filename) - if err != nil { - return fmt.Errorf("error creating key file: %v", err) - } - defer file.Close() - file.Chmod(0600) - - if err = gob.NewEncoder(file).Encode(key); err != nil { - return fmt.Errorf("error ecoding key: %v", err) - } - - return nil -} - -func LoadKey(filename string) ([]byte, error) { - file, err := os.Open(filename) - if err != nil { - return nil, fmt.Errorf("error opening key file: %v", err) - } - defer file.Close() - - key := make([]byte, 32) - if err = gob.NewDecoder(file).Decode(&key); err != nil { - return nil, fmt.Errorf("error decoding key: %v", err) - } - - return key, nil -} - -func NewCookieStore(key []byte) *CookieStore { - store := sessions.NewCookieStore(key) - store.Options.Secure = true - store.Options.HttpOnly = true - return &CookieStore{*store} -} diff --git a/cmd/calls/images.go b/cmd/calls/images.go index 9fb4d42..7dae6a4 100644 --- a/cmd/calls/images.go +++ b/cmd/calls/images.go @@ -9,9 +9,9 @@ import ( f "streifling.com/jason/cpolis/cmd/frontend" ) -func ServeImage(c *b.Config, s *b.CookieStore) http.HandlerFunc { +func ServeImage(c *b.Config, s map[string]*f.Session) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { - if _, err := f.GetSession(w, r, c, s); err != nil { + if _, err := f.ManageSession(w, r, c, s); err != nil { if !tokenIsVerified(w, r, c) { return } diff --git a/cmd/frontend/articles.go b/cmd/frontend/articles.go index 8bf5088..b32e835 100644 --- a/cmd/frontend/articles.go +++ b/cmd/frontend/articles.go @@ -45,20 +45,20 @@ type EditorHTMLData struct { Contributors []*b.User } -func WriteArticle(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc { +func WriteArticle(c *b.Config, db *b.DB, s map[string]*Session) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { - session, err := GetSession(w, r, c, s) + session, err := ManageSession(w, r, c, s) if err != nil { - log.Println(err) - http.Error(w, err.Error(), http.StatusInternalServerError) + http.Error(w, "Die Session ist abgelaufen. Bitte erneut anmelden.", http.StatusUnauthorized) return } - var data *EditorHTMLData - if session.Values["article"] == nil { - data = &EditorHTMLData{Action: "submit", Article: new(b.Article), ArticleUsers: make(map[string]*ArticleUser)} + data := &EditorHTMLData{Action: "submit", ArticleUsers: make(map[string]*ArticleUser)} + if session.Article == nil { + data.Article = new(b.Article) } else { - data = session.Values["article"].(*EditorHTMLData) + // data = session.Values["article"].(*EditorHTMLData) + data.Article = session.Article } users, err := db.GetAllUsers(c) @@ -71,7 +71,7 @@ func WriteArticle(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc { data.ArticleUsers[fmt.Sprint(user.LastName, user.FirstName, user.ID)] = &ArticleUser{User: user, ArticleRole: None} } - creator, err := db.GetUser(c, session.Values["id"].(int64)) + creator, err := db.GetUser(c, session.User.ID) if err != nil { log.Println(err) http.Error(w, err.Error(), http.StatusInternalServerError) @@ -97,27 +97,20 @@ func WriteArticle(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc { } } -func SubmitArticle(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc { +func SubmitArticle(c *b.Config, db *b.DB, s map[string]*Session) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { - session, err := GetSession(w, r, c, s) + session, err := ManageSession(w, r, c, s) if err != nil { - log.Println(err) - http.Error(w, err.Error(), http.StatusInternalServerError) - return - } - - session.Values["article"] = nil - if err = session.Save(r, w); err != nil { - log.Println(err) - http.Error(w, err.Error(), http.StatusInternalServerError) + http.Error(w, "Die Session ist abgelaufen. Bitte erneut anmelden.", http.StatusUnauthorized) return } + session.Article = nil article := &b.Article{ Title: r.PostFormValue("article-title"), BannerLink: r.PostFormValue("article-banner-url"), Summary: r.PostFormValue("article-summary"), - CreatorID: session.Values["id"].(int64), + CreatorID: session.User.ID, Published: false, Rejected: false, IsInIssue: r.PostFormValue("issue") == "on", @@ -215,7 +208,7 @@ func SubmitArticle(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc { } data := new(struct{ Role int }) - data.Role = session.Values["role"].(int) + data.Role = session.User.Role tmpl, err := template.ParseFiles(c.WebDir + "/templates/hub.html") tmpl = template.Must(tmpl, err) @@ -227,12 +220,11 @@ func SubmitArticle(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc { } } -func ResubmitArticle(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc { +func ResubmitArticle(c *b.Config, db *b.DB, s map[string]*Session) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { - session, err := GetSession(w, r, c, s) + session, err := ManageSession(w, r, c, s) if err != nil { - log.Println(err) - http.Error(w, err.Error(), http.StatusInternalServerError) + http.Error(w, "Die Session ist abgelaufen. Bitte erneut anmelden.", http.StatusUnauthorized) return } @@ -240,7 +232,7 @@ func ResubmitArticle(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc { Title: r.PostFormValue("article-title"), BannerLink: r.PostFormValue("article-banner-url"), Summary: r.PostFormValue("article-summary"), - CreatorID: session.Values["id"].(int64), + CreatorID: session.User.ID, IsInIssue: r.PostFormValue("issue") == "on", } @@ -346,7 +338,7 @@ func ResubmitArticle(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc { } data := new(struct{ Role int }) - data.Role = session.Values["role"].(int) + data.Role = session.User.Role tmpl, err := template.ParseFiles(c.WebDir + "/templates/hub.html") tmpl = template.Must(tmpl, err) @@ -358,11 +350,10 @@ func ResubmitArticle(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc { } } -func ShowUnpublishedUnrejectedAndPublishedRejectedArticles(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc { +func ShowUnpublishedUnrejectedAndPublishedRejectedArticles(c *b.Config, db *b.DB, s map[string]*Session) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { - if _, err := GetSession(w, r, c, s); err != nil { - log.Println(err) - http.Error(w, err.Error(), http.StatusInternalServerError) + if _, err := ManageSession(w, r, c, s); err != nil { + http.Error(w, "Die Session ist abgelaufen. Bitte erneut anmelden.", http.StatusUnauthorized) return } @@ -402,12 +393,11 @@ func ShowUnpublishedUnrejectedAndPublishedRejectedArticles(c *b.Config, db *b.DB } } -func ShowRejectedArticles(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc { +func ShowRejectedArticles(c *b.Config, db *b.DB, s map[string]*Session) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { - session, err := GetSession(w, r, c, s) + session, err := ManageSession(w, r, c, s) if err != nil { - log.Println(err) - http.Error(w, err.Error(), http.StatusInternalServerError) + http.Error(w, "Die Session ist abgelaufen. Bitte erneut anmelden.", http.StatusUnauthorized) return } @@ -425,7 +415,7 @@ func ShowRejectedArticles(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerF data.MyIDs = make(map[int64]bool) for _, article := range data.RejectedArticles { - if article.CreatorID == session.Values["id"].(int64) { + if article.CreatorID == session.User.ID { data.MyIDs[article.ID] = true } } @@ -440,12 +430,11 @@ func ShowRejectedArticles(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerF } } -func ReviewRejectedArticle(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc { +func ReviewRejectedArticle(c *b.Config, db *b.DB, s map[string]*Session) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { - session, err := GetSession(w, r, c, s) + session, err := ManageSession(w, r, c, s) if err != nil { - log.Println(err) - http.Error(w, err.Error(), http.StatusInternalServerError) + http.Error(w, "Die Session ist abgelaufen. Bitte erneut anmelden.", http.StatusUnauthorized) return } @@ -513,7 +502,7 @@ func ReviewRejectedArticle(c *b.Config, db *b.DB, s *b.CookieStore) http.Handler data.ArticleUsers[fmt.Sprint(contributor.LastName, contributor.FirstName, contributor.ID)].ArticleRole = Contributor } - creator, err := db.GetUser(c, session.Values["id"].(int64)) + creator, err := db.GetUser(c, session.User.ID) if err != nil { log.Println(err) http.Error(w, err.Error(), http.StatusInternalServerError) @@ -545,12 +534,11 @@ func ReviewRejectedArticle(c *b.Config, db *b.DB, s *b.CookieStore) http.Handler } } -func PublishArticle(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc { +func PublishArticle(c *b.Config, db *b.DB, s map[string]*Session) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { - session, err := GetSession(w, r, c, s) + session, err := ManageSession(w, r, c, s) if err != nil { - log.Println(err) - http.Error(w, err.Error(), http.StatusInternalServerError) + http.Error(w, "Die Session ist abgelaufen. Bitte erneut anmelden.", http.StatusUnauthorized) return } @@ -624,7 +612,7 @@ func PublishArticle(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc { } data := new(struct{ Role int }) - data.Role = session.Values["role"].(int) + data.Role = session.User.Role tmpl, err := template.ParseFiles(c.WebDir + "/templates/hub.html") tmpl = template.Must(tmpl, err) @@ -636,12 +624,11 @@ func PublishArticle(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc { } } -func RejectArticle(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc { +func RejectArticle(c *b.Config, db *b.DB, s map[string]*Session) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { - session, err := GetSession(w, r, c, s) + session, err := ManageSession(w, r, c, s) if err != nil { - log.Println(err) - http.Error(w, err.Error(), http.StatusInternalServerError) + http.Error(w, "Die Session ist abgelaufen. Bitte erneut anmelden.", http.StatusUnauthorized) return } @@ -659,7 +646,7 @@ func RejectArticle(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc { } data := new(struct{ Role int }) - data.Role = session.Values["role"].(int) + data.Role = session.User.Role tmpl, err := template.ParseFiles(c.WebDir + "/templates/hub.html") tmpl = template.Must(tmpl, err) @@ -671,11 +658,10 @@ func RejectArticle(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc { } } -func ShowCurrentIssue(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc { +func ShowCurrentIssue(c *b.Config, db *b.DB, s map[string]*Session) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { - if _, err := GetSession(w, r, c, s); err != nil { - log.Println(err) - http.Error(w, err.Error(), http.StatusInternalServerError) + if _, err := ManageSession(w, r, c, s); err != nil { + http.Error(w, "Die Session ist abgelaufen. Bitte erneut anmelden.", http.StatusUnauthorized) return } @@ -695,11 +681,10 @@ func ShowCurrentIssue(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc } } -func ShowPublishedArticles(c *b.Config, db *b.DB, s *b.CookieStore, action string) http.HandlerFunc { +func ShowPublishedArticles(c *b.Config, db *b.DB, s map[string]*Session, action string) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { - if _, err := GetSession(w, r, c, s); err != nil { - log.Println(err) - http.Error(w, err.Error(), http.StatusInternalServerError) + if _, err := ManageSession(w, r, c, s); err != nil { + http.Error(w, "Die Session ist abgelaufen. Bitte erneut anmelden.", http.StatusUnauthorized) return } @@ -732,11 +717,10 @@ func ShowPublishedArticles(c *b.Config, db *b.DB, s *b.CookieStore, action strin } } -func ReviewArticle(c *b.Config, db *b.DB, s *b.CookieStore, action, title, button string) http.HandlerFunc { +func ReviewArticle(c *b.Config, db *b.DB, s map[string]*Session, action, title, button string) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { - if _, err := GetSession(w, r, c, s); err != nil { - log.Println(err) - http.Error(w, err.Error(), http.StatusInternalServerError) + if _, err := ManageSession(w, r, c, s); err != nil { + http.Error(w, "Die Session ist abgelaufen. Bitte erneut anmelden.", http.StatusUnauthorized) return } @@ -827,12 +811,11 @@ func ReviewArticle(c *b.Config, db *b.DB, s *b.CookieStore, action, title, butto } } -func DeleteArticle(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc { +func DeleteArticle(c *b.Config, db *b.DB, s map[string]*Session) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { - session, err := GetSession(w, r, c, s) + session, err := ManageSession(w, r, c, s) if err != nil { - log.Println(err) - http.Error(w, err.Error(), http.StatusInternalServerError) + http.Error(w, "Die Session ist abgelaufen. Bitte erneut anmelden.", http.StatusUnauthorized) return } @@ -868,7 +851,7 @@ func DeleteArticle(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc { } data := new(struct{ Role int }) - data.Role = session.Values["role"].(int) + data.Role = session.User.Role tmpl, err := template.ParseFiles(c.WebDir + "/templates/hub.html") tmpl = template.Must(tmpl, err) @@ -880,12 +863,11 @@ func DeleteArticle(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc { } } -func AllowEditArticle(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc { +func AllowEditArticle(c *b.Config, db *b.DB, s map[string]*Session) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { - session, err := GetSession(w, r, c, s) + session, err := ManageSession(w, r, c, s) if err != nil { - log.Println(err) - http.Error(w, err.Error(), http.StatusInternalServerError) + http.Error(w, "Die Session ist abgelaufen. Bitte erneut anmelden.", http.StatusUnauthorized) return } @@ -962,7 +944,7 @@ func AllowEditArticle(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc } data := new(struct{ Role int }) - data.Role = session.Values["role"].(int) + data.Role = session.User.Role tmpl := template.Must(template.ParseFiles(c.WebDir + "/templates/hub.html")) if err = tmpl.ExecuteTemplate(w, "page-content", data); err != nil { @@ -973,11 +955,10 @@ func AllowEditArticle(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc } } -func EditArticle(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc { +func EditArticle(c *b.Config, db *b.DB, s map[string]*Session) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { - if _, err := GetSession(w, r, c, s); err != nil { - log.Println(err) - http.Error(w, err.Error(), http.StatusInternalServerError) + if _, err := ManageSession(w, r, c, s); err != nil { + http.Error(w, "Die Session ist abgelaufen. Bitte erneut anmelden.", http.StatusUnauthorized) return } diff --git a/cmd/frontend/homepage.go b/cmd/frontend/homepage.go new file mode 100644 index 0000000..d74c1ff --- /dev/null +++ b/cmd/frontend/homepage.go @@ -0,0 +1,101 @@ +package frontend + +import ( + "html/template" + "log" + "net/http" + "time" + + b "streifling.com/jason/cpolis/cmd/backend" +) + +func HomePage(c *b.Config, db *b.DB, s map[string]*Session) http.HandlerFunc { + return func(w http.ResponseWriter, r *http.Request) { + numRows, err := db.CountEntries("users") + if err != nil { + log.Fatalln(err) + } + + data := new(struct { + *UserHTMLData + Version string + }) + data.UserHTMLData = &UserHTMLData{User: new(b.User)} + data.Version = c.Version + + files := make([]string, 2) + files[0] = c.WebDir + "/templates/index.html" + if numRows == 0 { + data.Role = b.NonExistent + data.Title = "Erster Benutzer (Administrator)" + data.ButtonText = "Anlegen" + data.URL = "/user/add-first" + + files[1] = c.WebDir + "/templates/edit-user.html" + tmpl, err := template.ParseFiles(files...) + if err = template.Must(tmpl, err).Execute(w, data); err != nil { + log.Println(err) + http.Error(w, err.Error(), http.StatusInternalServerError) + return + } + } else { + cookie, err := r.Cookie("session_id") + if err != nil { + files[1] = c.WebDir + "/templates/login.html" + tmpl, err := template.ParseFiles(files...) + if err = template.Must(tmpl, err).Execute(w, data); err != nil { + log.Println(err) + http.Error(w, err.Error(), http.StatusInternalServerError) + return + } + return + } + + session, ok := s[cookie.Value] + if !ok { + cookie.Expires = time.Now() + http.SetCookie(w, cookie) + + files[1] = c.WebDir + "/templates/login.html" + tmpl, err := template.ParseFiles(files...) + if err = template.Must(tmpl, err).Execute(w, data); err != nil { + log.Println(err) + http.Error(w, err.Error(), http.StatusInternalServerError) + return + } + return + } + + data.Role = session.User.Role + files[1] = c.WebDir + "/templates/hub.html" + tmpl, err := template.ParseFiles(files...) + if err = template.Must(tmpl, err).Execute(w, data); err != nil { + log.Println(err) + http.Error(w, err.Error(), http.StatusInternalServerError) + return + } + } + } +} + +func ShowHub(c *b.Config, db *b.DB, s map[string]*Session) http.HandlerFunc { + return func(w http.ResponseWriter, r *http.Request) { + session, err := ManageSession(w, r, c, s) + if err != nil { + http.Error(w, "Die Session ist abgelaufen. Bitte erneut anmelden.", http.StatusUnauthorized) + return + } + + session.Article = nil + + data := new(struct{ Role int }) + data.Role = session.User.Role + + tmpl, err := template.ParseFiles(c.WebDir + "/templates/hub.html") + if err = template.Must(tmpl, err).ExecuteTemplate(w, "page-content", data); err != nil { + log.Println(err) + http.Error(w, err.Error(), http.StatusInternalServerError) + return + } + } +} diff --git a/cmd/frontend/images.go b/cmd/frontend/images.go index 079929c..870b46a 100644 --- a/cmd/frontend/images.go +++ b/cmd/frontend/images.go @@ -9,11 +9,10 @@ import ( b "streifling.com/jason/cpolis/cmd/backend" ) -func UploadEasyMDEImage(c *b.Config, s *b.CookieStore) http.HandlerFunc { +func UploadEasyMDEImage(c *b.Config, s map[string]*Session) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { - if _, err := GetSession(w, r, c, s); err != nil { - log.Println(err) - http.Error(w, err.Error(), http.StatusInternalServerError) + if _, err := ManageSession(w, r, c, s); err != nil { + http.Error(w, "Die Session ist abgelaufen. Bitte erneut anmelden.", http.StatusUnauthorized) return } @@ -42,11 +41,10 @@ func UploadEasyMDEImage(c *b.Config, s *b.CookieStore) http.HandlerFunc { } } -func UploadImage(c *b.Config, s *b.CookieStore, fileKey, htmlFile, htmlTemplate string) http.HandlerFunc { +func UploadImage(c *b.Config, s map[string]*Session, fileKey, htmlFile, htmlTemplate string) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { - if _, err := GetSession(w, r, c, s); err != nil { - log.Println(err) - http.Error(w, err.Error(), http.StatusInternalServerError) + if _, err := ManageSession(w, r, c, s); err != nil { + http.Error(w, "Die Session ist abgelaufen. Bitte erneut anmelden.", http.StatusUnauthorized) return } diff --git a/cmd/frontend/issues.go b/cmd/frontend/issues.go index 171ac9d..430e6b9 100644 --- a/cmd/frontend/issues.go +++ b/cmd/frontend/issues.go @@ -11,21 +11,14 @@ import ( b "streifling.com/jason/cpolis/cmd/backend" ) -func PublishLatestIssue(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc { +func PublishLatestIssue(c *b.Config, db *b.DB, s map[string]*Session) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { - session, err := GetSession(w, r, c, s) + session, err := ManageSession(w, r, c, s) if err != nil { - log.Println(err) - http.Error(w, err.Error(), http.StatusInternalServerError) - return - } - - session.Values["article"] = nil - if err = session.Save(r, w); err != nil { - log.Println(err) - http.Error(w, err.Error(), http.StatusInternalServerError) + http.Error(w, "Die Session ist abgelaufen. Bitte erneut anmelden.", http.StatusUnauthorized) return } + session.Article = nil article := &b.Article{ Title: r.PostFormValue("issue-title"), @@ -49,14 +42,7 @@ func PublishLatestIssue(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFun } authorIDs := make([]int64, 1) - var ok bool - - if authorIDs[0], ok = session.Values["id"].(int64); !ok { - msg := "fälschlicherweise session.Values[\"id\"].(int64) für authorIDs[0] angenommen" - log.Println(msg) - http.Error(w, msg, http.StatusInternalServerError) - return - } + authorIDs[0] = session.User.ID if err = db.WriteArticleAuthors(article.ID, authorIDs); err != nil { log.Println(err) @@ -101,15 +87,8 @@ func PublishLatestIssue(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFun return } - session.Values["issue-image"] = nil - if err = session.Save(r, w); err != nil { - log.Println(err) - http.Error(w, err.Error(), http.StatusInternalServerError) - return - } - data := new(struct{ Role int }) - data.Role = session.Values["role"].(int) + data.Role = session.User.Role tmpl, err := template.ParseFiles(c.WebDir + "/templates/hub.html") tmpl = template.Must(tmpl, err) diff --git a/cmd/frontend/pdf.go b/cmd/frontend/pdf.go index ada1eec..9ee59d6 100644 --- a/cmd/frontend/pdf.go +++ b/cmd/frontend/pdf.go @@ -10,11 +10,10 @@ import ( b "streifling.com/jason/cpolis/cmd/backend" ) -func UploadPDF(c *b.Config, s *b.CookieStore) http.HandlerFunc { +func UploadPDF(c *b.Config, s map[string]*Session) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { - if _, err := GetSession(w, r, c, s); err != nil { - log.Println(err) - http.Error(w, err.Error(), http.StatusInternalServerError) + if _, err := ManageSession(w, r, c, s); err != nil { + http.Error(w, "Die Session ist abgelaufen. Bitte erneut anmelden.", http.StatusUnauthorized) return } diff --git a/cmd/frontend/sessions.go b/cmd/frontend/sessions.go index 788a484..f1ab633 100644 --- a/cmd/frontend/sessions.go +++ b/cmd/frontend/sessions.go @@ -1,115 +1,103 @@ package frontend import ( + "context" + "errors" "fmt" "html/template" "log" "net/http" + "time" + "github.com/google/uuid" b "streifling.com/jason/cpolis/cmd/backend" ) -func saveSession(w http.ResponseWriter, r *http.Request, s *b.CookieStore, u *b.User) error { - session, err := s.Get(r, "cookie") - if err != nil { - return fmt.Errorf("error getting session: %v", err) - } - - session.Values["authenticated"] = true - session.Values["id"] = u.ID - session.Values["name"] = u.FirstName + u.LastName - session.Values["role"] = u.Role - if err := session.Save(r, w); err != nil { - return fmt.Errorf("error saving session: %v", err) - } - - return nil +type Session struct { + ctx context.Context + cancel context.CancelFunc + cookie *http.Cookie + User *b.User + Article *b.Article } -// GetSession is used for verifying that the user is logged in and returns their session and an error. -func GetSession(w http.ResponseWriter, r *http.Request, c *b.Config, s *b.CookieStore) (*b.Session, error) { - msg := "Keine gültige Session. Bitte erneut anmelden." +func newSession(w http.ResponseWriter, c *b.Config, sessionExpiryChan chan<- string, user *b.User) *Session { + sessionID := uuid.New().String() + expires := time.Now().Add(time.Hour * time.Duration(c.CookieExpiryHours)) + ctx, cancel := context.WithDeadline(context.Background(), expires) + + session := &Session{ + ctx: ctx, + cancel: cancel, + cookie: &http.Cookie{ + Name: "cpolis_session", + Value: sessionID, + Expires: expires, + Path: "/", + HttpOnly: true, + Secure: true, + SameSite: http.SameSiteStrictMode, + }, + User: user, + } + + go func() { + <-session.ctx.Done() + sessionExpiryChan <- session.cookie.Value + session.cookie.Expires = time.Now() + http.SetCookie(w, session.cookie) + }() + + return session +} + +func StartSessions() (map[string]*Session, chan string) { + sessions := make(map[string]*Session) + sessionExpiryChan := make(chan string) + + go func() { + for sessionID := range sessionExpiryChan { + delete(sessions, sessionID) + } + }() + + return sessions, sessionExpiryChan +} + +// ManageSession is used for verifying that the user is logged in and returns +// their session and an error. It also handles cases where the user is not +// logged in. +func ManageSession(w http.ResponseWriter, r *http.Request, c *b.Config, s map[string]*Session) (*Session, error) { tmpl, tmplErr := template.ParseFiles(c.WebDir+"/templates/index.html", c.WebDir+"/templates/login.html") - tmpSession, err := s.Get(r, "cookie") + cookie, err := r.Cookie("session_id") if err != nil { - if err = template.Must(tmpl, tmplErr).ExecuteTemplate(w, "page-content", msg); err != nil { + if err = template.Must(tmpl, tmplErr).ExecuteTemplate(w, "page-content", nil); err != nil { return nil, fmt.Errorf("error executing template: %v", err) } - return nil, fmt.Errorf("error getting session: %v", err) + + return nil, errors.New("no cookie set") } - session := &b.Session{Session: *tmpSession} - if session.IsNew { - if err = template.Must(tmpl, tmplErr).ExecuteTemplate(w, "page-content", msg); err != nil { + session, ok := s[cookie.Value] + if !ok { + cookie.Expires = time.Now() + http.SetCookie(w, cookie) + + if err = template.Must(tmpl, tmplErr).ExecuteTemplate(w, "page-content", nil); err != nil { return nil, fmt.Errorf("error executing template: %v", err) } + + return nil, errors.New("session does not exist") } + session.cookie.Expires = time.Now().Add(time.Hour * time.Duration(c.CookieExpiryHours)) + http.SetCookie(w, cookie) + return session, nil } -func HomePage(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc { - return func(w http.ResponseWriter, r *http.Request) { - numRows, err := db.CountEntries("users") - if err != nil { - log.Fatalln(err) - } - - data := new(struct { - *UserHTMLData - Version string - }) - data.UserHTMLData = &UserHTMLData{User: new(b.User)} - data.Version = c.Version - - files := make([]string, 2) - files[0] = c.WebDir + "/templates/index.html" - if numRows == 0 { - data.Role = b.NonExistent - data.Title = "Erster Benutzer (Administrator)" - data.ButtonText = "Anlegen" - data.URL = "/user/add-first" - - files[1] = c.WebDir + "/templates/edit-user.html" - tmpl, err := template.ParseFiles(files...) - if err = template.Must(tmpl, err).Execute(w, data); err != nil { - log.Println(err) - http.Error(w, err.Error(), http.StatusInternalServerError) - return - } - } else { - session, err := s.Get(r, "cookie") - if err != nil { - log.Println(err) - http.Error(w, err.Error(), http.StatusInternalServerError) - return - } - - if auth, ok := session.Values["authenticated"].(bool); auth && ok { - data.Role = session.Values["role"].(int) - files[1] = c.WebDir + "/templates/hub.html" - tmpl, err := template.ParseFiles(files...) - if err = template.Must(tmpl, err).Execute(w, data); err != nil { - log.Println(err) - http.Error(w, err.Error(), http.StatusInternalServerError) - return - } - } else { - data.Role = b.Author - files[1] = c.WebDir + "/templates/login.html" - tmpl, err := template.ParseFiles(files...) - if err = template.Must(tmpl, err).Execute(w, data); err != nil { - log.Println(err) - http.Error(w, err.Error(), http.StatusInternalServerError) - return - } - } - } - } -} - -func Login(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc { +func Login(c *b.Config, db *b.DB, s map[string]*Session, sessionExpiryChan chan string) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { userName := r.PostFormValue("username") password := r.PostFormValue("password") @@ -133,11 +121,9 @@ func Login(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc { return } - if err := saveSession(w, r, s, user); err != nil { - log.Println(err) - http.Error(w, err.Error(), http.StatusInternalServerError) - return - } + session := newSession(w, c, sessionExpiryChan, user) + s[session.cookie.Value] = session + http.SetCookie(w, session.cookie) tmpl, err := template.ParseFiles(c.WebDir + "/templates/hub.html") if err = template.Must(tmpl, err).ExecuteTemplate(w, "page-content", user); err != nil { @@ -148,52 +134,32 @@ func Login(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc { } } -func Logout(c *b.Config, s *b.CookieStore) http.HandlerFunc { +func Logout(c *b.Config, s map[string]*Session) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { - session, err := GetSession(w, r, c, s) + tmpl, tmplErr := template.ParseFiles(c.WebDir + "/templates/login.html") + + cookie, err := r.Cookie("session_id") if err != nil { - log.Println(err) - http.Error(w, err.Error(), http.StatusInternalServerError) - return + if err = template.Must(tmpl, tmplErr).ExecuteTemplate(w, "page-content", nil); err != nil { + log.Println(err) + http.Error(w, err.Error(), http.StatusInternalServerError) + return + } } + cookie.Expires = time.Now() + http.SetCookie(w, cookie) - session.Options.MaxAge = -1 - if err = session.Save(r, w); err != nil { - log.Println(err) - http.Error(w, err.Error(), http.StatusInternalServerError) - return + session, ok := s[cookie.Value] + if !ok { + if err = template.Must(tmpl, tmplErr).ExecuteTemplate(w, "page-content", nil); err != nil { + log.Println(err) + http.Error(w, err.Error(), http.StatusInternalServerError) + return + } } + session.cancel() - tmpl, err := template.ParseFiles(c.WebDir + "/templates/login.html") - if err = template.Must(tmpl, err).ExecuteTemplate(w, "page-content", nil); err != nil { - log.Println(err) - http.Error(w, err.Error(), http.StatusInternalServerError) - return - } - } -} - -func ShowHub(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc { - return func(w http.ResponseWriter, r *http.Request) { - session, err := GetSession(w, r, c, s) - if err != nil { - log.Println(err) - http.Error(w, err.Error(), http.StatusInternalServerError) - return - } - - session.Values["article"] = nil - if err = session.Save(r, w); err != nil { - log.Println(err) - http.Error(w, err.Error(), http.StatusInternalServerError) - return - } - - data := new(struct{ Role int }) - data.Role = session.Values["role"].(int) - - tmpl, err := template.ParseFiles(c.WebDir + "/templates/hub.html") - if err = template.Must(tmpl, err).ExecuteTemplate(w, "page-content", data); err != nil { + if err = template.Must(tmpl, tmplErr).ExecuteTemplate(w, "page-content", nil); err != nil { log.Println(err) http.Error(w, err.Error(), http.StatusInternalServerError) return diff --git a/cmd/frontend/tags.go b/cmd/frontend/tags.go index 290c815..aa2762a 100644 --- a/cmd/frontend/tags.go +++ b/cmd/frontend/tags.go @@ -8,11 +8,10 @@ import ( b "streifling.com/jason/cpolis/cmd/backend" ) -func CreateTag(c *b.Config, s *b.CookieStore) http.HandlerFunc { +func CreateTag(c *b.Config, s map[string]*Session) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { - if _, err := GetSession(w, r, c, s); err != nil { - log.Println(err) - http.Error(w, err.Error(), http.StatusInternalServerError) + if _, err := ManageSession(w, r, c, s); err != nil { + http.Error(w, "Die Session ist abgelaufen. Bitte erneut anmelden.", http.StatusUnauthorized) return } @@ -25,12 +24,11 @@ func CreateTag(c *b.Config, s *b.CookieStore) http.HandlerFunc { } } -func AddTag(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc { +func AddTag(c *b.Config, db *b.DB, s map[string]*Session) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { - session, err := GetSession(w, r, c, s) + session, err := ManageSession(w, r, c, s) if err != nil { - log.Println(err) - http.Error(w, err.Error(), http.StatusInternalServerError) + http.Error(w, "Die Session ist abgelaufen. Bitte erneut anmelden.", http.StatusUnauthorized) return } @@ -42,7 +40,7 @@ func AddTag(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc { db.AddTag(tag) data := new(struct{ Role int }) - data.Role = session.Values["role"].(int) + data.Role = session.User.Role tmpl, err := template.ParseFiles(c.WebDir + "/templates/hub.html") tmpl = template.Must(tmpl, err) diff --git a/cmd/frontend/users.go b/cmd/frontend/users.go index 39447a5..2565989 100644 --- a/cmd/frontend/users.go +++ b/cmd/frontend/users.go @@ -43,11 +43,10 @@ func sortUsersByName(users []*b.User) { }) } -func CreateUser(c *b.Config, s *b.CookieStore) http.HandlerFunc { +func CreateUser(c *b.Config, s map[string]*Session) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { - if _, err := GetSession(w, r, c, s); err != nil { - log.Println(err) - http.Error(w, err.Error(), http.StatusInternalServerError) + if _, err := ManageSession(w, r, c, s); err != nil { + http.Error(w, "Die Session ist abgelaufen. Bitte erneut anmelden.", http.StatusUnauthorized) return } @@ -67,12 +66,11 @@ func CreateUser(c *b.Config, s *b.CookieStore) http.HandlerFunc { } } -func AddUser(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc { +func AddUser(c *b.Config, db *b.DB, s map[string]*Session) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { - session, err := GetSession(w, r, c, s) + session, err := ManageSession(w, r, c, s) if err != nil { - log.Println(err) - http.Error(w, err.Error(), http.StatusInternalServerError) + http.Error(w, "Die Session ist abgelaufen. Bitte erneut anmelden.", http.StatusUnauthorized) return } @@ -134,7 +132,7 @@ func AddUser(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc { } data := new(struct{ Role int }) - data.Role = session.Values["role"].(int) + data.Role = session.User.Role tmpl, err := template.ParseFiles(c.WebDir + "/templates/hub.html") tmpl = template.Must(tmpl, err) @@ -146,16 +144,15 @@ func AddUser(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc { } } -func EditSelf(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc { +func EditSelf(c *b.Config, db *b.DB, s map[string]*Session) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { - session, err := GetSession(w, r, c, s) + session, err := ManageSession(w, r, c, s) if err != nil { - log.Println(err) - http.Error(w, err.Error(), http.StatusInternalServerError) + http.Error(w, "Die Session ist abgelaufen. Bitte erneut anmelden.", http.StatusUnauthorized) return } - user, err := db.GetUser(c, session.Values["id"].(int64)) + user, err := db.GetUser(c, session.User.ID) if err != nil { log.Println(err) http.Error(w, err.Error(), http.StatusInternalServerError) @@ -179,17 +176,16 @@ func EditSelf(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc { } } -func UpdateSelf(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc { +func UpdateSelf(c *b.Config, db *b.DB, s map[string]*Session) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { - session, err := GetSession(w, r, c, s) + session, err := ManageSession(w, r, c, s) if err != nil { - log.Println(err) - http.Error(w, err.Error(), http.StatusInternalServerError) + http.Error(w, "Die Session ist abgelaufen. Bitte erneut anmelden.", http.StatusUnauthorized) return } user := &b.User{ - ID: session.Values["id"].(int64), + ID: session.User.ID, UserName: r.PostFormValue("username"), FirstName: r.PostFormValue("first-name"), LastName: r.PostFormValue("last-name"), @@ -244,7 +240,7 @@ func UpdateSelf(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc { } data := new(struct{ Role int }) - data.Role = session.Values["role"].(int) + data.Role = session.User.Role tmpl, err := template.ParseFiles(c.WebDir + "/templates/hub.html") tmpl = template.Must(tmpl, err) @@ -256,7 +252,7 @@ func UpdateSelf(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc { } } -func AddFirstUser(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc { +func AddFirstUser(c *b.Config, db *b.DB, s map[string]*Session) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { var err error user := &b.User{ @@ -303,12 +299,6 @@ func AddFirstUser(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc { return } - if err := saveSession(w, r, s, user); err != nil { - log.Println(err) - http.Error(w, err.Error(), http.StatusInternalServerError) - return - } - if _, err := db.AddIssue(); err != nil { log.Println(err) http.Error(w, err.Error(), http.StatusInternalServerError) @@ -327,12 +317,11 @@ func AddFirstUser(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc { } } -func ShowAllUsers(c *b.Config, db *b.DB, s *b.CookieStore, action string) http.HandlerFunc { +func ShowAllUsers(c *b.Config, db *b.DB, s map[string]*Session, action string) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { - session, err := GetSession(w, r, c, s) + session, err := ManageSession(w, r, c, s) if err != nil { - log.Println(err) - http.Error(w, err.Error(), http.StatusInternalServerError) + http.Error(w, "Die Session ist abgelaufen. Bitte erneut anmelden.", http.StatusUnauthorized) return } @@ -348,7 +337,7 @@ func ShowAllUsers(c *b.Config, db *b.DB, s *b.CookieStore, action string) http.H http.Error(w, err.Error(), http.StatusInternalServerError) return } - delete(data.Users, session.Values["id"].(int64)) + delete(data.Users, session.User.ID) tmpl, err := template.ParseFiles(c.WebDir + "/templates/show-all-users.html") if err = template.Must(tmpl, err).ExecuteTemplate(w, "page-content", data); err != nil { @@ -359,11 +348,10 @@ func ShowAllUsers(c *b.Config, db *b.DB, s *b.CookieStore, action string) http.H } } -func EditUser(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc { +func EditUser(c *b.Config, db *b.DB, s map[string]*Session) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { - if _, err := GetSession(w, r, c, s); err != nil { - log.Println(err) - http.Error(w, err.Error(), http.StatusInternalServerError) + if _, err := ManageSession(w, r, c, s); err != nil { + http.Error(w, "Die Session ist abgelaufen. Bitte erneut anmelden.", http.StatusUnauthorized) return } @@ -398,12 +386,11 @@ func EditUser(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc { } } -func UpdateUser(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc { +func UpdateUser(c *b.Config, db *b.DB, s map[string]*Session) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { - session, err := GetSession(w, r, c, s) + session, err := ManageSession(w, r, c, s) if err != nil { - log.Println(err) - http.Error(w, err.Error(), http.StatusInternalServerError) + http.Error(w, "Die Session ist abgelaufen. Bitte erneut anmelden.", http.StatusUnauthorized) return } @@ -473,7 +460,7 @@ func UpdateUser(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc { } data := new(struct{ Role int }) - data.Role = session.Values["role"].(int) + data.Role = session.User.Role tmpl := template.Must(template.ParseFiles(c.WebDir + "/templates/hub.html")) if err = tmpl.ExecuteTemplate(w, "page-content", data); err != nil { @@ -484,12 +471,11 @@ func UpdateUser(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc { } } -func DeleteUser(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc { +func DeleteUser(c *b.Config, db *b.DB, s map[string]*Session) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { - session, err := GetSession(w, r, c, s) + session, err := ManageSession(w, r, c, s) if err != nil { - log.Println(err) - http.Error(w, err.Error(), http.StatusInternalServerError) + http.Error(w, "Die Session ist abgelaufen. Bitte erneut anmelden.", http.StatusUnauthorized) return } @@ -507,7 +493,7 @@ func DeleteUser(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc { } data := new(struct{ Role int }) - data.Role = session.Values["role"].(int) + data.Role = session.User.Role tmpl, err := template.ParseFiles(c.WebDir + "/templates/hub.html") tmpl = template.Must(tmpl, err) diff --git a/cmd/main.go b/cmd/main.go index c10ae2f..89980f1 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -1,7 +1,6 @@ package main import ( - "encoding/gob" "log" "net/http" "os" @@ -11,10 +10,6 @@ import ( f "streifling.com/jason/cpolis/cmd/frontend" ) -func init() { - gob.Register(b.User{}) -} - func main() { config, err := b.HandleConfig() if err != nil { @@ -34,68 +29,59 @@ func main() { } defer db.Close() - key, err := b.LoadKey(config.GOBKeyFile) - if err != nil { - key, err = b.NewKey() - if err != nil { - log.Fatalln(err) - } - if err = b.SaveKey(key, config.GOBKeyFile); err != nil { - log.Fatalln(err) - } - } - store := b.NewCookieStore(key) + sessions, sessionExpiryChan := f.StartSessions() + defer close(sessionExpiryChan) mux := http.NewServeMux() mux.Handle("/web/static/", http.StripPrefix("/web/static/", http.FileServer(http.Dir(config.WebDir+"/static/")))) - mux.HandleFunc("/", f.HomePage(config, db, store)) + mux.HandleFunc("/", f.HomePage(config, db, sessions)) - mux.HandleFunc("GET /article/allow-edit/{id}", f.AllowEditArticle(config, db, store)) - mux.HandleFunc("GET /article/all-published/review-edit", f.ShowPublishedArticles(config, db, store, "review-edit")) - mux.HandleFunc("GET /article/all-published/delete", f.ShowPublishedArticles(config, db, store, "review-delete")) - mux.HandleFunc("GET /article/all-rejected", f.ShowRejectedArticles(config, db, store)) - mux.HandleFunc("GET /article/all-unpublished-unrejected-and-published-rejected", f.ShowUnpublishedUnrejectedAndPublishedRejectedArticles(config, db, store)) - mux.HandleFunc("GET /article/delete/{id}", f.DeleteArticle(config, db, store)) - mux.HandleFunc("GET /article/edit/{id}", f.EditArticle(config, db, store)) - mux.HandleFunc("GET /article/publish/{id}", f.PublishArticle(config, db, store)) - mux.HandleFunc("GET /article/reject/{id}", f.RejectArticle(config, db, store)) - mux.HandleFunc("GET /article/review-delete/{id}", f.ReviewArticle(config, db, store, "delete", "Artikel löschen", "Löschen")) - mux.HandleFunc("GET /article/review-edit/{id}", f.ReviewArticle(config, db, store, "allow-edit", "Artikel bearbeiten", "Bearbeiten erlauben")) - mux.HandleFunc("GET /article/review-rejected/{id}", f.ReviewRejectedArticle(config, db, store)) - mux.HandleFunc("GET /article/review-unpublished/{id}", f.ReviewArticle(config, db, store, "publish", "Artikel veröffentlichen", "Veröffentlichen")) + mux.HandleFunc("GET /article/allow-edit/{id}", f.AllowEditArticle(config, db, sessions)) + mux.HandleFunc("GET /article/all-published/review-edit", f.ShowPublishedArticles(config, db, sessions, "review-edit")) + mux.HandleFunc("GET /article/all-published/delete", f.ShowPublishedArticles(config, db, sessions, "review-delete")) + mux.HandleFunc("GET /article/all-rejected", f.ShowRejectedArticles(config, db, sessions)) + mux.HandleFunc("GET /article/all-unpublished-unrejected-and-published-rejected", f.ShowUnpublishedUnrejectedAndPublishedRejectedArticles(config, db, sessions)) + mux.HandleFunc("GET /article/delete/{id}", f.DeleteArticle(config, db, sessions)) + mux.HandleFunc("GET /article/edit/{id}", f.EditArticle(config, db, sessions)) + mux.HandleFunc("GET /article/publish/{id}", f.PublishArticle(config, db, sessions)) + mux.HandleFunc("GET /article/reject/{id}", f.RejectArticle(config, db, sessions)) + mux.HandleFunc("GET /article/review-delete/{id}", f.ReviewArticle(config, db, sessions, "delete", "Artikel löschen", "Löschen")) + mux.HandleFunc("GET /article/review-edit/{id}", f.ReviewArticle(config, db, sessions, "allow-edit", "Artikel bearbeiten", "Bearbeiten erlauben")) + mux.HandleFunc("GET /article/review-rejected/{id}", f.ReviewRejectedArticle(config, db, sessions)) + mux.HandleFunc("GET /article/review-unpublished/{id}", f.ReviewArticle(config, db, sessions, "publish", "Artikel veröffentlichen", "Veröffentlichen")) mux.HandleFunc("GET /article/serve/{id}", c.ServeArticle(config, db)) mux.HandleFunc("GET /article/serve/{id}/clicks", c.ServeClicks(db)) - mux.HandleFunc("GET /article/write", f.WriteArticle(config, db, store)) + mux.HandleFunc("GET /article/write", f.WriteArticle(config, db, sessions)) mux.HandleFunc("GET /atom/serve", c.ServeAtomFeed(config)) - mux.HandleFunc("GET /hub", f.ShowHub(config, db, store)) - mux.HandleFunc("GET /image/serve/{pic}", c.ServeImage(config, store)) - mux.HandleFunc("GET /issue/this", f.ShowCurrentIssue(config, db, store)) - mux.HandleFunc("GET /logout", f.Logout(config, store)) + mux.HandleFunc("GET /hub", f.ShowHub(config, db, sessions)) + mux.HandleFunc("GET /image/serve/{pic}", c.ServeImage(config, sessions)) + mux.HandleFunc("GET /issue/this", f.ShowCurrentIssue(config, db, sessions)) + mux.HandleFunc("GET /logout", f.Logout(config, sessions)) mux.HandleFunc("GET /pdf/get-list", c.ServePDFList(config)) mux.HandleFunc("GET /pdf/serve/{id}", c.ServePDF(config)) - mux.HandleFunc("GET /tag/create", f.CreateTag(config, store)) - mux.HandleFunc("GET /user/create", f.CreateUser(config, store)) - mux.HandleFunc("GET /user/delete/{id}", f.DeleteUser(config, db, store)) - mux.HandleFunc("GET /user/edit/{id}", f.EditUser(config, db, store)) - mux.HandleFunc("GET /user/edit/self", f.EditSelf(config, db, store)) - mux.HandleFunc("GET /user/show-all/delete", f.ShowAllUsers(config, db, store, "delete")) - mux.HandleFunc("GET /user/show-all/edit", f.ShowAllUsers(config, db, store, "edit")) + mux.HandleFunc("GET /tag/create", f.CreateTag(config, sessions)) + mux.HandleFunc("GET /user/create", f.CreateUser(config, sessions)) + mux.HandleFunc("GET /user/delete/{id}", f.DeleteUser(config, db, sessions)) + mux.HandleFunc("GET /user/edit/{id}", f.EditUser(config, db, sessions)) + mux.HandleFunc("GET /user/edit/self", f.EditSelf(config, db, sessions)) + mux.HandleFunc("GET /user/show-all/delete", f.ShowAllUsers(config, db, sessions, "delete")) + mux.HandleFunc("GET /user/show-all/edit", f.ShowAllUsers(config, db, sessions, "edit")) - mux.HandleFunc("POST /article/resubmit/{id}", f.ResubmitArticle(config, db, store)) - mux.HandleFunc("POST /article/submit", f.SubmitArticle(config, db, store)) - mux.HandleFunc("POST /article/upload-banner", f.UploadImage(config, store, "article-banner", "editor.html", "article-banner-template")) - mux.HandleFunc("POST /article/upload-image", f.UploadEasyMDEImage(config, store)) - mux.HandleFunc("POST /issue/publish", f.PublishLatestIssue(config, db, store)) - mux.HandleFunc("POST /issue/upload-banner", f.UploadImage(config, store, "issue-banner", "current-issue.html", "issue-banner-template")) - mux.HandleFunc("POST /login", f.Login(config, db, store)) - mux.HandleFunc("POST /pdf/upload", f.UploadPDF(config, store)) - mux.HandleFunc("POST /tag/add", f.AddTag(config, db, store)) - mux.HandleFunc("POST /user/add", f.AddUser(config, db, store)) - mux.HandleFunc("POST /user/add-first", f.AddFirstUser(config, db, store)) - mux.HandleFunc("POST /user/update/{id}", f.UpdateUser(config, db, store)) - mux.HandleFunc("POST /user/update/self", f.UpdateSelf(config, db, store)) - mux.HandleFunc("POST /user/upload-profile-pic", f.UploadImage(config, store, "upload-profile-pic", "edit-user.html", "profile-pic-template")) + mux.HandleFunc("POST /article/resubmit/{id}", f.ResubmitArticle(config, db, sessions)) + mux.HandleFunc("POST /article/submit", f.SubmitArticle(config, db, sessions)) + mux.HandleFunc("POST /article/upload-banner", f.UploadImage(config, sessions, "article-banner", "editor.html", "article-banner-template")) + mux.HandleFunc("POST /article/upload-image", f.UploadEasyMDEImage(config, sessions)) + mux.HandleFunc("POST /issue/publish", f.PublishLatestIssue(config, db, sessions)) + mux.HandleFunc("POST /issue/upload-banner", f.UploadImage(config, sessions, "issue-banner", "current-issue.html", "issue-banner-template")) + mux.HandleFunc("POST /login", f.Login(config, db, sessions, sessionExpiryChan)) + mux.HandleFunc("POST /pdf/upload", f.UploadPDF(config, sessions)) + mux.HandleFunc("POST /tag/add", f.AddTag(config, db, sessions)) + mux.HandleFunc("POST /user/add", f.AddUser(config, db, sessions)) + mux.HandleFunc("POST /user/add-first", f.AddFirstUser(config, db, sessions)) + mux.HandleFunc("POST /user/update/{id}", f.UpdateUser(config, db, sessions)) + mux.HandleFunc("POST /user/update/self", f.UpdateSelf(config, db, sessions)) + mux.HandleFunc("POST /user/upload-profile-pic", f.UploadImage(config, sessions, "upload-profile-pic", "edit-user.html", "profile-pic-template")) log.Fatalln(http.ListenAndServe(config.Port, mux)) } diff --git a/go.mod b/go.mod index a59de0f..15a8364 100644 --- a/go.mod +++ b/go.mod @@ -10,7 +10,6 @@ require ( github.com/disintegration/imaging v1.6.2 github.com/go-sql-driver/mysql v1.8.1 github.com/google/uuid v1.6.0 - github.com/gorilla/sessions v1.4.0 github.com/microcosm-cc/bluemonday v1.0.27 github.com/yuin/goldmark v1.7.8 golang.org/x/crypto v0.32.0 @@ -49,7 +48,6 @@ require ( github.com/googleapis/enterprise-certificate-proxy v0.3.4 // indirect github.com/googleapis/gax-go/v2 v2.14.1 // indirect github.com/gorilla/css v1.0.1 // indirect - github.com/gorilla/securecookie v1.1.2 // indirect github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10 // indirect go.opentelemetry.io/auto/sdk v1.1.0 // indirect go.opentelemetry.io/contrib/detectors/gcp v1.33.0 // indirect diff --git a/go.sum b/go.sum index 982a1ff..1c91977 100644 --- a/go.sum +++ b/go.sum @@ -80,8 +80,6 @@ github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= -github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= -github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/martian/v3 v3.3.3 h1:DIhPTQrbPkgs2yJYdXU/eNACCG5DVQjySNRNlflZ9Fc= github.com/google/martian/v3 v3.3.3/go.mod h1:iEPrYcgCF7jA9OtScMFQyAlZZ4YXTKEtJ1E6RWzmBA0= github.com/google/s2a-go v0.1.9 h1:LGD7gtMgezd8a/Xak7mEWL0PjoTQFvpRudN895yqKW0= @@ -94,10 +92,6 @@ github.com/googleapis/gax-go/v2 v2.14.1 h1:hb0FFeiPaQskmvakKu5EbCbpntQn48jyHuvrk github.com/googleapis/gax-go/v2 v2.14.1/go.mod h1:Hb/NubMaVM88SrNkvl8X/o8XWwDJEPqouaLeN2IUxoA= github.com/gorilla/css v1.0.1 h1:ntNaBIghp6JmvWnxbZKANoLyuXTPZ4cAMlo6RyhlbO8= github.com/gorilla/css v1.0.1/go.mod h1:BvnYkspnSzMmwRK+b8/xgNPLiIuNZr6vbZBTPQ2A3b0= -github.com/gorilla/securecookie v1.1.2 h1:YCIWL56dvtr73r6715mJs5ZvhtnY73hBvEF8kXD8ePA= -github.com/gorilla/securecookie v1.1.2/go.mod h1:NfCASbcHqRSY+3a8tlWJwsQap2VX5pwzwo4h3eOamfo= -github.com/gorilla/sessions v1.4.0 h1:kpIYOp/oi6MG/p5PgxApU8srsSw9tuFbt46Lt7auzqQ= -github.com/gorilla/sessions v1.4.0/go.mod h1:FLWm50oby91+hl7p/wRxDth9bWSuk0qVL2emc7lT5ik= github.com/microcosm-cc/bluemonday v1.0.27 h1:MpEUotklkwCSLeH+Qdx1VJgNqLlpY2KXwXFM08ygZfk= github.com/microcosm-cc/bluemonday v1.0.27/go.mod h1:jFi9vgW+H7c3V0lb6nR74Ib/DIB5OBs92Dimizgw2cA= github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10 h1:GFCKgmp0tecUJ0sJuv4pzYCqS9+RGSn52M3FUwPs+uo= From 13a60394906430002ba67bb85c18f121a42be82e Mon Sep 17 00:00:00 2001 From: Jason Streifling Date: Tue, 14 Jan 2025 21:27:24 +0100 Subject: [PATCH 03/10] Bug fix --- cmd/frontend/articles.go | 1 - cmd/frontend/homepage.go | 2 +- cmd/frontend/sessions.go | 6 +++--- 3 files changed, 4 insertions(+), 5 deletions(-) diff --git a/cmd/frontend/articles.go b/cmd/frontend/articles.go index b32e835..9a7292d 100644 --- a/cmd/frontend/articles.go +++ b/cmd/frontend/articles.go @@ -57,7 +57,6 @@ func WriteArticle(c *b.Config, db *b.DB, s map[string]*Session) http.HandlerFunc if session.Article == nil { data.Article = new(b.Article) } else { - // data = session.Values["article"].(*EditorHTMLData) data.Article = session.Article } diff --git a/cmd/frontend/homepage.go b/cmd/frontend/homepage.go index d74c1ff..9245b8d 100644 --- a/cmd/frontend/homepage.go +++ b/cmd/frontend/homepage.go @@ -39,7 +39,7 @@ func HomePage(c *b.Config, db *b.DB, s map[string]*Session) http.HandlerFunc { return } } else { - cookie, err := r.Cookie("session_id") + cookie, err := r.Cookie("cpolis_session") if err != nil { files[1] = c.WebDir + "/templates/login.html" tmpl, err := template.ParseFiles(files...) diff --git a/cmd/frontend/sessions.go b/cmd/frontend/sessions.go index f1ab633..105b5d3 100644 --- a/cmd/frontend/sessions.go +++ b/cmd/frontend/sessions.go @@ -70,7 +70,7 @@ func StartSessions() (map[string]*Session, chan string) { func ManageSession(w http.ResponseWriter, r *http.Request, c *b.Config, s map[string]*Session) (*Session, error) { tmpl, tmplErr := template.ParseFiles(c.WebDir+"/templates/index.html", c.WebDir+"/templates/login.html") - cookie, err := r.Cookie("session_id") + cookie, err := r.Cookie("cpolis_session") if err != nil { if err = template.Must(tmpl, tmplErr).ExecuteTemplate(w, "page-content", nil); err != nil { return nil, fmt.Errorf("error executing template: %v", err) @@ -92,7 +92,7 @@ func ManageSession(w http.ResponseWriter, r *http.Request, c *b.Config, s map[st } session.cookie.Expires = time.Now().Add(time.Hour * time.Duration(c.CookieExpiryHours)) - http.SetCookie(w, cookie) + http.SetCookie(w, session.cookie) return session, nil } @@ -138,7 +138,7 @@ func Logout(c *b.Config, s map[string]*Session) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { tmpl, tmplErr := template.ParseFiles(c.WebDir + "/templates/login.html") - cookie, err := r.Cookie("session_id") + cookie, err := r.Cookie("cpolis_session") if err != nil { if err = template.Must(tmpl, tmplErr).ExecuteTemplate(w, "page-content", nil); err != nil { log.Println(err) From 60e09175dae701cb6ad50be2ddb28455deb114fb Mon Sep 17 00:00:00 2001 From: Jason Streifling Date: Tue, 14 Jan 2025 21:31:57 +0100 Subject: [PATCH 04/10] Remove unused session.Article attribute --- cmd/frontend/articles.go | 6 ------ cmd/frontend/homepage.go | 2 -- cmd/frontend/issues.go | 1 - cmd/frontend/sessions.go | 9 ++++----- 4 files changed, 4 insertions(+), 14 deletions(-) diff --git a/cmd/frontend/articles.go b/cmd/frontend/articles.go index 9a7292d..d88bf33 100644 --- a/cmd/frontend/articles.go +++ b/cmd/frontend/articles.go @@ -54,11 +54,6 @@ func WriteArticle(c *b.Config, db *b.DB, s map[string]*Session) http.HandlerFunc } data := &EditorHTMLData{Action: "submit", ArticleUsers: make(map[string]*ArticleUser)} - if session.Article == nil { - data.Article = new(b.Article) - } else { - data.Article = session.Article - } users, err := db.GetAllUsers(c) if err != nil { @@ -103,7 +98,6 @@ func SubmitArticle(c *b.Config, db *b.DB, s map[string]*Session) http.HandlerFun http.Error(w, "Die Session ist abgelaufen. Bitte erneut anmelden.", http.StatusUnauthorized) return } - session.Article = nil article := &b.Article{ Title: r.PostFormValue("article-title"), diff --git a/cmd/frontend/homepage.go b/cmd/frontend/homepage.go index 9245b8d..3e41905 100644 --- a/cmd/frontend/homepage.go +++ b/cmd/frontend/homepage.go @@ -86,8 +86,6 @@ func ShowHub(c *b.Config, db *b.DB, s map[string]*Session) http.HandlerFunc { return } - session.Article = nil - data := new(struct{ Role int }) data.Role = session.User.Role diff --git a/cmd/frontend/issues.go b/cmd/frontend/issues.go index 430e6b9..f40450d 100644 --- a/cmd/frontend/issues.go +++ b/cmd/frontend/issues.go @@ -18,7 +18,6 @@ func PublishLatestIssue(c *b.Config, db *b.DB, s map[string]*Session) http.Handl http.Error(w, "Die Session ist abgelaufen. Bitte erneut anmelden.", http.StatusUnauthorized) return } - session.Article = nil article := &b.Article{ Title: r.PostFormValue("issue-title"), diff --git a/cmd/frontend/sessions.go b/cmd/frontend/sessions.go index 105b5d3..4b1dcc8 100644 --- a/cmd/frontend/sessions.go +++ b/cmd/frontend/sessions.go @@ -14,11 +14,10 @@ import ( ) type Session struct { - ctx context.Context - cancel context.CancelFunc - cookie *http.Cookie - User *b.User - Article *b.Article + ctx context.Context + cancel context.CancelFunc + cookie *http.Cookie + User *b.User } func newSession(w http.ResponseWriter, c *b.Config, sessionExpiryChan chan<- string, user *b.User) *Session { From f8691eb1809ca61deb99759f0b6ec644596db410 Mon Sep 17 00:00:00 2001 From: Jason Streifling Date: Tue, 14 Jan 2025 21:48:09 +0100 Subject: [PATCH 05/10] Cleanup --- cmd/frontend/articles.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cmd/frontend/articles.go b/cmd/frontend/articles.go index d88bf33..8f6edd8 100644 --- a/cmd/frontend/articles.go +++ b/cmd/frontend/articles.go @@ -53,14 +53,14 @@ func WriteArticle(c *b.Config, db *b.DB, s map[string]*Session) http.HandlerFunc return } - data := &EditorHTMLData{Action: "submit", ArticleUsers: make(map[string]*ArticleUser)} - users, err := db.GetAllUsers(c) if err != nil { log.Println(err) http.Error(w, err.Error(), http.StatusInternalServerError) return } + + data := &EditorHTMLData{Action: "submit", ArticleUsers: make(map[string]*ArticleUser)} for _, user := range users { data.ArticleUsers[fmt.Sprint(user.LastName, user.FirstName, user.ID)] = &ArticleUser{User: user, ArticleRole: None} } From 88776337e43c546b5bb139232bc8f7d7bbeaff1a Mon Sep 17 00:00:00 2001 From: Jason Streifling Date: Tue, 14 Jan 2025 22:20:46 +0100 Subject: [PATCH 06/10] Bug fix --- cmd/frontend/articles.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/frontend/articles.go b/cmd/frontend/articles.go index 8f6edd8..e313b79 100644 --- a/cmd/frontend/articles.go +++ b/cmd/frontend/articles.go @@ -60,7 +60,7 @@ func WriteArticle(c *b.Config, db *b.DB, s map[string]*Session) http.HandlerFunc return } - data := &EditorHTMLData{Action: "submit", ArticleUsers: make(map[string]*ArticleUser)} + data := &EditorHTMLData{Action: "submit", Article: new(b.Article), ArticleUsers: make(map[string]*ArticleUser)} for _, user := range users { data.ArticleUsers[fmt.Sprint(user.LastName, user.FirstName, user.ID)] = &ArticleUser{User: user, ArticleRole: None} } From 0e825a55e5e7a568441427307aa1acedbc387da4 Mon Sep 17 00:00:00 2001 From: Jason Streifling Date: Fri, 17 Jan 2025 05:01:09 +0100 Subject: [PATCH 07/10] Fix bug not letting the first user have a session after user creation --- cmd/frontend/users.go | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/cmd/frontend/users.go b/cmd/frontend/users.go index 2565989..12a1faf 100644 --- a/cmd/frontend/users.go +++ b/cmd/frontend/users.go @@ -252,7 +252,7 @@ func UpdateSelf(c *b.Config, db *b.DB, s map[string]*Session) http.HandlerFunc { } } -func AddFirstUser(c *b.Config, db *b.DB, s map[string]*Session) http.HandlerFunc { +func AddFirstUser(c *b.Config, db *b.DB, s map[string]*Session, sessionExpiryChan chan string) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { var err error user := &b.User{ @@ -305,8 +305,12 @@ func AddFirstUser(c *b.Config, db *b.DB, s map[string]*Session) http.HandlerFunc return } + session := newSession(w, c, sessionExpiryChan, user) + s[session.cookie.Value] = session + http.SetCookie(w, session.cookie) + data := new(struct{ Role int }) - data.Role = 0 + data.Role = user.Role tmpl, err := template.ParseFiles(c.WebDir + "/templates/hub.html") if err = template.Must(tmpl, err).ExecuteTemplate(w, "page-content", data); err != nil { From 3d3cda319df5b04739543450110886c63b372947 Mon Sep 17 00:00:00 2001 From: Jason Streifling Date: Fri, 17 Jan 2025 05:02:31 +0100 Subject: [PATCH 08/10] Initial version of .docx upload support --- cmd/backend/articles.go | 48 +++++++++++++----- cmd/backend/atom.go | 2 +- cmd/backend/docx.go | 59 +++++++++++++++++++++ cmd/frontend/articles.go | 60 +++++++++++++--------- cmd/frontend/docx.go | 107 +++++++++++++++++++++++++++++++++++++++ cmd/frontend/issues.go | 4 +- cmd/main.go | 5 +- create_db.sql | 1 + go.mod | 1 + go.sum | 2 + web/templates/hub.html | 5 ++ 11 files changed, 256 insertions(+), 38 deletions(-) create mode 100644 cmd/backend/docx.go create mode 100644 cmd/frontend/docx.go diff --git a/cmd/backend/articles.go b/cmd/backend/articles.go index e8c5802..23a4e0b 100644 --- a/cmd/backend/articles.go +++ b/cmd/backend/articles.go @@ -7,6 +7,8 @@ import ( "log" "os" "time" + + "github.com/google/uuid" ) type Article struct { @@ -14,6 +16,7 @@ type Article struct { Title string BannerLink string Summary string + UUID uuid.UUID ID int64 CreatorID int64 IssueID int64 @@ -31,8 +34,8 @@ func (db *DB) AddArticle(a *Article) (int64, error) { selectQuery := "SELECT id FROM issues WHERE published = false" insertQuery := ` INSERT INTO articles - (title, banner_link, summary, published, rejected, creator_id, issue_id, edited_id, clicks, is_in_issue, auto_generated) - VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?) + (title, banner_link, summary, published, rejected, creator_id, issue_id, edited_id, clicks, is_in_issue, auto_generated, uuid) + VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?) ` for i := 0; i < TxMaxRetries; i++ { @@ -49,7 +52,7 @@ func (db *DB) AddArticle(a *Article) (int64, error) { return 0, fmt.Errorf("error getting issue ID when adding article to DB: %v", err) } - result, err := tx.Exec(insertQuery, a.Title, a.BannerLink, a.Summary, a.Published, a.Rejected, a.CreatorID, id, a.EditedID, 0, a.IsInIssue, a.AutoGenerated) + result, err := tx.Exec(insertQuery, a.Title, a.BannerLink, a.Summary, a.Published, a.Rejected, a.CreatorID, id, a.EditedID, 0, a.IsInIssue, a.AutoGenerated, a.UUID.String()) if err != nil { if rollbackErr := tx.Rollback(); rollbackErr != nil { log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr) @@ -83,7 +86,7 @@ func (db *DB) AddArticle(a *Article) (int64, error) { func (db *DB) GetArticle(id int64) (*Article, error) { query := ` - SELECT title, created, banner_link, summary, published, creator_id, issue_id, edited_id, clicks, is_in_issue, auto_generated + SELECT title, created, banner_link, summary, published, creator_id, issue_id, edited_id, clicks, is_in_issue, auto_generated, uuid FROM articles WHERE id = ? ` @@ -91,9 +94,10 @@ func (db *DB) GetArticle(id int64) (*Article, error) { article := new(Article) var created []byte + var uuidString string var err error - if err := row.Scan(&article.Title, &created, &article.BannerLink, &article.Summary, &article.Published, &article.CreatorID, &article.IssueID, &article.EditedID, &article.Clicks, &article.IsInIssue, &article.AutoGenerated); err != nil { + if err := row.Scan(&article.Title, &created, &article.BannerLink, &article.Summary, &article.Published, &article.CreatorID, &article.IssueID, &article.EditedID, &article.Clicks, &article.IsInIssue, &article.AutoGenerated, &uuidString); err != nil { return nil, fmt.Errorf("error scanning article row: %v", err) } @@ -103,12 +107,17 @@ func (db *DB) GetArticle(id int64) (*Article, error) { return nil, fmt.Errorf("error parsing created: %v", err) } + article.UUID, err = uuid.Parse(uuidString) + if err != nil { + return nil, fmt.Errorf("error parsing uuid: %v", err) + } + return article, nil } func (db *DB) GetCertainArticles(attribute string, value bool) ([]*Article, error) { query := fmt.Sprintf(` - SELECT id, title, created, banner_link, summary, creator_id, issue_id, clicks, published, rejected, is_in_issue, auto_generated + SELECT id, title, created, banner_link, summary, creator_id, issue_id, clicks, published, rejected, is_in_issue, auto_generated, uuid FROM articles WHERE %s = ? `, attribute) @@ -121,8 +130,9 @@ func (db *DB) GetCertainArticles(attribute string, value bool) ([]*Article, erro for rows.Next() { article := new(Article) var created []byte + var uuidString string - if err = rows.Scan(&article.ID, &article.Title, &created, &article.BannerLink, &article.Summary, &article.CreatorID, &article.IssueID, &article.Clicks, &article.Published, &article.Rejected, &article.IsInIssue, &article.AutoGenerated); err != nil { + if err = rows.Scan(&article.ID, &article.Title, &created, &article.BannerLink, &article.Summary, &article.CreatorID, &article.IssueID, &article.Clicks, &article.Published, &article.Rejected, &article.IsInIssue, &article.AutoGenerated, &uuidString); err != nil { return nil, fmt.Errorf("error scanning article row: %v", err) } @@ -131,6 +141,11 @@ func (db *DB) GetCertainArticles(attribute string, value bool) ([]*Article, erro return nil, fmt.Errorf("error parsing created: %v", err) } + article.UUID, err = uuid.Parse(uuidString) + if err != nil { + return nil, fmt.Errorf("error parsing uuid: %v", err) + } + articleList = append(articleList, article) } @@ -142,7 +157,7 @@ func (db *DB) GetCurrentIssueArticles() ([]*Article, error) { txOptions := &sql.TxOptions{Isolation: sql.LevelSerializable} issueQuery := "SELECT id FROM issues WHERE published = false" articlesQuery := ` - SELECT id, title, created, banner_link, summary, clicks, auto_generated + SELECT id, title, created, banner_link, summary, clicks, auto_generated, uuid FROM articles WHERE issue_id = ? AND published = true AND is_in_issue = true ` @@ -174,8 +189,9 @@ func (db *DB) GetCurrentIssueArticles() ([]*Article, error) { for rows.Next() { article := new(Article) var created []byte + var uuidString string - if err = rows.Scan(&article.ID, &article.Title, &created, &article.BannerLink, &article.Summary, &article.Clicks, &article.AutoGenerated); err != nil { + if err = rows.Scan(&article.ID, &article.Title, &created, &article.BannerLink, &article.Summary, &article.Clicks, &article.AutoGenerated, &uuidString); err != nil { if rollbackErr := tx.Rollback(); rollbackErr != nil { log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr) } @@ -190,6 +206,14 @@ func (db *DB) GetCurrentIssueArticles() ([]*Article, error) { return nil, fmt.Errorf("error parsing created: %v", err) } + article.UUID, err = uuid.Parse(uuidString) + if err != nil { + if rollbackErr := tx.Rollback(); rollbackErr != nil { + log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr) + } + return nil, fmt.Errorf("error parsing uuid: %v", err) + } + articleList = append(articleList, article) } @@ -284,11 +308,11 @@ func (db *DB) DeleteArticle(id int64) error { return nil } -func WriteArticleToFile(c *Config, articleID int64, content []byte) error { - articleAbsName := fmt.Sprint(c.ArticleDir, "/", articleID, ".md") +func WriteArticleToFile(c *Config, articleUUID uuid.UUID, content []byte) error { + articleAbsName := fmt.Sprint(c.ArticleDir, "/", articleUUID, ".md") if err := os.WriteFile(articleAbsName, content, 0644); err != nil { - return fmt.Errorf("error writing article %v to file: %v", articleID, err) + return fmt.Errorf("error writing article %v to file: %v", articleUUID, err) } return nil diff --git a/cmd/backend/atom.go b/cmd/backend/atom.go index f3ec0c5..0f344c7 100644 --- a/cmd/backend/atom.go +++ b/cmd/backend/atom.go @@ -33,7 +33,7 @@ func GenerateAtomFeed(c *Config, db *DB) (*string, error) { entry := atom.NewEntry(articleTitle) entry.ID = atom.NewID(fmt.Sprint("urn:entry:", article.ID)) entry.Published = atom.NewDate(article.Created) - entry.Content = atom.NewContent(atom.OutOfLine, "text/hmtl", fmt.Sprint(c.Domain, "/article/serve/", article.ID)) + entry.Content = atom.NewContent(atom.OutOfLine, "text/html", fmt.Sprint(c.Domain, "/article/serve/", article.UUID)) if article.AutoGenerated { entry.Summary = atom.NewText("text", "automatically generated") diff --git a/cmd/backend/docx.go b/cmd/backend/docx.go new file mode 100644 index 0000000..c44ee73 --- /dev/null +++ b/cmd/backend/docx.go @@ -0,0 +1,59 @@ +package backend + +import ( + "bytes" + "fmt" + "os" + "os/exec" + "path/filepath" + "regexp" + + "github.com/google/uuid" +) + +func ConvertToMarkdown(c *Config, filename string) ([]byte, error) { + var stderr bytes.Buffer + + articleID := uuid.New() + articleFileName := fmt.Sprint("/tmp/", articleID, ".md") + + tmpDir, err := os.MkdirTemp("/tmp", "cpolis_images") + if err != nil { + return nil, fmt.Errorf("error creating temporary directory: %v", err) + } + defer os.RemoveAll(tmpDir) + + cmd := exec.Command("pandoc", "-s", "-f", "docx", "-t", "commonmark_x", "-o", articleFileName, "--extract-media", tmpDir, filename) // TODO: Is writing to a file necessary? + cmd.Stderr = &stderr + if err = cmd.Run(); err != nil { + return nil, fmt.Errorf("error converting docx to markdown: %v: %v", err, stderr.String()) + } + defer os.Remove(articleFileName) + + articleContent, err := os.ReadFile(articleFileName) + if err != nil { + return nil, fmt.Errorf("error reading markdown file: %v", err) + } + + imageNames, err := filepath.Glob(filepath.Join(tmpDir, "/media/*")) + if err != nil { + return nil, fmt.Errorf("error getting docx images from temporary directory: %v", err) + } + + for _, name := range imageNames { + image, err := os.Open(name) + if err != nil { + return nil, fmt.Errorf("error opening image file %v: %v", name, err) + } + defer image.Close() + + newImageName, err := SaveImage(image, c.MaxImgHeight, c.MaxImgWidth, c.PicsDir) + if err != nil { + return nil, fmt.Errorf("error saving image %v: %v", name, err) + } + + articleContent = regexp.MustCompile(name).ReplaceAll(articleContent, []byte(c.PicsDir+"/"+newImageName)) + } + + return articleContent, nil +} diff --git a/cmd/frontend/articles.go b/cmd/frontend/articles.go index e313b79..f112600 100644 --- a/cmd/frontend/articles.go +++ b/cmd/frontend/articles.go @@ -10,6 +10,7 @@ import ( "strings" "time" + "github.com/google/uuid" b "streifling.com/jason/cpolis/cmd/backend" ) @@ -109,6 +110,7 @@ func SubmitArticle(c *b.Config, db *b.DB, s map[string]*Session) http.HandlerFun IsInIssue: r.PostFormValue("issue") == "on", AutoGenerated: false, EditedID: 0, + UUID: uuid.New(), } if len(article.Title) == 0 { @@ -164,7 +166,7 @@ func SubmitArticle(c *b.Config, db *b.DB, s map[string]*Session) http.HandlerFun http.Error(w, "Bitte den Artikel eingeben.", http.StatusBadRequest) return } - if err := b.WriteArticleToFile(c, article.ID, content); err != nil { + if err := b.WriteArticleToFile(c, article.UUID, content); err != nil { log.Println(err) http.Error(w, err.Error(), http.StatusInternalServerError) return @@ -221,14 +223,26 @@ func ResubmitArticle(c *b.Config, db *b.DB, s map[string]*Session) http.HandlerF return } - article := &b.Article{ - Title: r.PostFormValue("article-title"), - BannerLink: r.PostFormValue("article-banner-url"), - Summary: r.PostFormValue("article-summary"), - CreatorID: session.User.ID, - IsInIssue: r.PostFormValue("issue") == "on", + id, err := strconv.ParseInt(r.PathValue("id"), 10, 64) + if err != nil { + log.Println(err) + http.Error(w, err.Error(), http.StatusInternalServerError) + return } + article, err := db.GetArticle(id) + if err != nil { + log.Println(err) + http.Error(w, err.Error(), http.StatusInternalServerError) + return + } + + article.Title = r.PostFormValue("article-title") + article.BannerLink = r.PostFormValue("article-banner-url") + article.Summary = r.PostFormValue("article-summary") + article.CreatorID = session.User.ID + article.IsInIssue = r.PostFormValue("issue") == "on" + if len(article.Title) == 0 { http.Error(w, "Bitte den Titel eingeben.", http.StatusBadRequest) return @@ -270,20 +284,13 @@ func ResubmitArticle(c *b.Config, db *b.DB, s map[string]*Session) http.HandlerF return } - article.ID, err = strconv.ParseInt(r.PathValue("id"), 10, 64) - if err != nil { - log.Println(err) - http.Error(w, err.Error(), http.StatusInternalServerError) - return - } - content := r.PostFormValue("article-content") if len(content) == 0 { http.Error(w, "Bitte den Artikel eingeben.", http.StatusBadRequest) return } - contentLink := fmt.Sprint(c.ArticleDir, "/", article.ID, ".md") - if err = os.WriteFile(contentLink, []byte(content), 0644); err != nil { + + if err = b.WriteArticleToFile(c, article.UUID, []byte(content)); err != nil { log.Println(err) http.Error(w, err.Error(), http.StatusInternalServerError) return @@ -448,7 +455,7 @@ func ReviewRejectedArticle(c *b.Config, db *b.DB, s map[string]*Session) http.Ha data.Image = data.Article.BannerLink - articleAbsName := fmt.Sprint(c.ArticleDir, "/", data.Article.ID, ".md") + articleAbsName := fmt.Sprint(c.ArticleDir, "/", data.Article.UUID, ".md") content, err := os.ReadFile(articleAbsName) if err != nil { log.Println(err) @@ -579,7 +586,7 @@ func PublishArticle(c *b.Config, db *b.DB, s map[string]*Session) http.HandlerFu return } - if err = os.Remove(fmt.Sprint(c.ArticleDir, "/", oldArticle.ID, ".md")); err != nil { + if err = os.Remove(fmt.Sprint(c.ArticleDir, "/", oldArticle.UUID, ".md")); err != nil { log.Println(err) http.Error(w, err.Error(), http.StatusInternalServerError) return @@ -757,7 +764,7 @@ func ReviewArticle(c *b.Config, db *b.DB, s map[string]*Session, action, title, return } - articleAbsName := fmt.Sprint(c.ArticleDir, "/", article.ID, ".md") + articleAbsName := fmt.Sprint(c.ArticleDir, "/", article.UUID, ".md") content, err := os.ReadFile(articleAbsName) if err != nil { log.Println(err) @@ -819,13 +826,20 @@ func DeleteArticle(c *b.Config, db *b.DB, s map[string]*Session) http.HandlerFun return } + article, err := db.GetArticle(id) + if err != nil { + log.Println(err) + http.Error(w, err.Error(), http.StatusInternalServerError) + return + } + if err = db.DeleteArticle(id); err != nil { log.Println(err) http.Error(w, err.Error(), http.StatusInternalServerError) return } - if err = os.Remove(fmt.Sprint(c.ArticleDir, "/", id, ".md")); err != nil { + if err = os.Remove(fmt.Sprint(c.ArticleDir, "/", article.UUID, ".md")); err != nil { log.Println(err) http.Error(w, err.Error(), http.StatusInternalServerError) return @@ -896,8 +910,8 @@ func AllowEditArticle(c *b.Config, db *b.DB, s map[string]*Session) http.Handler return } - src := fmt.Sprint(c.ArticleDir, "/", oldArticle.ID, ".md") - dst := fmt.Sprint(c.ArticleDir, "/", newArticle.ID, ".md") + src := fmt.Sprint(c.ArticleDir, "/", oldArticle.UUID, ".md") + dst := fmt.Sprint(c.ArticleDir, "/", newArticle.UUID, ".md") if err = b.CopyFile(src, dst); err != nil { log.Println(err) http.Error(w, err.Error(), http.StatusInternalServerError) @@ -973,7 +987,7 @@ func EditArticle(c *b.Config, db *b.DB, s map[string]*Session) http.HandlerFunc data.Image = data.Article.BannerLink - content, err := os.ReadFile(fmt.Sprint(c.ArticleDir, "/", data.Article.ID, ".md")) + content, err := os.ReadFile(fmt.Sprint(c.ArticleDir, "/", data.Article.UUID, ".md")) if err != nil { log.Println(err) http.Error(w, err.Error(), http.StatusInternalServerError) diff --git a/cmd/frontend/docx.go b/cmd/frontend/docx.go new file mode 100644 index 0000000..9cf4712 --- /dev/null +++ b/cmd/frontend/docx.go @@ -0,0 +1,107 @@ +package frontend + +import ( + "bytes" + "fmt" + "io" + "log" + "net/http" + "os" + "path/filepath" + "time" + + "github.com/gabriel-vasile/mimetype" + "github.com/google/uuid" + b "streifling.com/jason/cpolis/cmd/backend" +) + +func UploadDocx(c *b.Config, db *b.DB, s map[string]*Session) http.HandlerFunc { + return func(w http.ResponseWriter, r *http.Request) { + session, err := ManageSession(w, r, c, s) + if err != nil { + http.Error(w, "Die Session ist abgelaufen. Bitte erneut anmelden.", http.StatusUnauthorized) + return + } + + file, fileHeader, err := r.FormFile("docx-upload") + if err != nil { + log.Println(err) + http.Error(w, err.Error(), http.StatusInternalServerError) + return + } + defer file.Close() + + var buf bytes.Buffer + if _, err = io.Copy(&buf, file); err != nil { + log.Println(err) + http.Error(w, err.Error(), http.StatusInternalServerError) + return + } + + mime := mimetype.Detect(buf.Bytes()) + if !mime.Is("application/vnd.openxmlformats-officedocument.wordprocessingml.document") { + http.Error(w, "Die Datei ist kein DOCX Worddokument.", http.StatusBadRequest) + return + } + + docxFilename := fmt.Sprint(uuid.New(), ".docx") + absDocxFilepath, err := filepath.Abs("/tmp/" + docxFilename) + if err != nil { + log.Println(err) + http.Error(w, err.Error(), http.StatusInternalServerError) + return + } + + if err = os.WriteFile(absDocxFilepath, buf.Bytes(), 0644); err != nil { + log.Println(err) + http.Error(w, err.Error(), http.StatusInternalServerError) + return + } + defer os.Remove(absDocxFilepath) + + mdString, err := b.ConvertToMarkdown(c, absDocxFilepath) + if err != nil { + log.Println(err) + http.Error(w, err.Error(), http.StatusInternalServerError) + return + } + + uuidName := uuid.New() + mdFilename := fmt.Sprint(uuidName, ".md") + absMdFilepath, err := filepath.Abs(c.ArticleDir + "/" + mdFilename) + if err != nil { + log.Println(err) + http.Error(w, err.Error(), http.StatusInternalServerError) + return + } + + if err = os.WriteFile(absMdFilepath, mdString, 0644); err != nil { + log.Println(err) + http.Error(w, err.Error(), http.StatusInternalServerError) + return + } + + article := &b.Article{ + Created: time.Now(), + UUID: uuidName, + CreatorID: session.User.ID, + Rejected: true, + } + article.Title = fmt.Sprint(fileHeader.Filename, "-", article.UUID) + + id, err := db.AddArticle(article) + if err != nil { + log.Println(err) + http.Error(w, err.Error(), http.StatusInternalServerError) + return + } + + if err = db.WriteArticleAuthors(id, []int64{session.User.ID}); err != nil { + log.Println(err) + http.Error(w, err.Error(), http.StatusInternalServerError) + return + } + + w.WriteHeader(http.StatusOK) + } +} diff --git a/cmd/frontend/issues.go b/cmd/frontend/issues.go index f40450d..ee663af 100644 --- a/cmd/frontend/issues.go +++ b/cmd/frontend/issues.go @@ -8,6 +8,7 @@ import ( "os" "time" + "github.com/google/uuid" b "streifling.com/jason/cpolis/cmd/backend" ) @@ -26,6 +27,7 @@ func PublishLatestIssue(c *b.Config, db *b.DB, s map[string]*Session) http.Handl Rejected: false, Created: time.Now(), AutoGenerated: true, + UUID: uuid.New(), } if len(article.Title) == 0 { @@ -55,7 +57,7 @@ func PublishLatestIssue(c *b.Config, db *b.DB, s map[string]*Session) http.Handl return } - articleAbsName := fmt.Sprint(c.ArticleDir, "/", article.ID, ".md") + articleAbsName := fmt.Sprint(c.ArticleDir, "/", article.UUID, ".md") if err = os.WriteFile(articleAbsName, content, 0644); err != nil { log.Println(err) http.Error(w, err.Error(), http.StatusInternalServerError) diff --git a/cmd/main.go b/cmd/main.go index 89980f1..0dcc0f0 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -32,6 +32,8 @@ func main() { sessions, sessionExpiryChan := f.StartSessions() defer close(sessionExpiryChan) + go b.CleanUpImages(config) + mux := http.NewServeMux() mux.Handle("/web/static/", http.StripPrefix("/web/static/", http.FileServer(http.Dir(config.WebDir+"/static/")))) @@ -72,13 +74,14 @@ func main() { mux.HandleFunc("POST /article/submit", f.SubmitArticle(config, db, sessions)) mux.HandleFunc("POST /article/upload-banner", f.UploadImage(config, sessions, "article-banner", "editor.html", "article-banner-template")) mux.HandleFunc("POST /article/upload-image", f.UploadEasyMDEImage(config, sessions)) + mux.HandleFunc("POST /docx/upload", f.UploadDocx(config, db, sessions)) mux.HandleFunc("POST /issue/publish", f.PublishLatestIssue(config, db, sessions)) mux.HandleFunc("POST /issue/upload-banner", f.UploadImage(config, sessions, "issue-banner", "current-issue.html", "issue-banner-template")) mux.HandleFunc("POST /login", f.Login(config, db, sessions, sessionExpiryChan)) mux.HandleFunc("POST /pdf/upload", f.UploadPDF(config, sessions)) mux.HandleFunc("POST /tag/add", f.AddTag(config, db, sessions)) mux.HandleFunc("POST /user/add", f.AddUser(config, db, sessions)) - mux.HandleFunc("POST /user/add-first", f.AddFirstUser(config, db, sessions)) + mux.HandleFunc("POST /user/add-first", f.AddFirstUser(config, db, sessions, sessionExpiryChan)) mux.HandleFunc("POST /user/update/{id}", f.UpdateUser(config, db, sessions)) mux.HandleFunc("POST /user/update/self", f.UpdateSelf(config, db, sessions)) mux.HandleFunc("POST /user/upload-profile-pic", f.UploadImage(config, sessions, "upload-profile-pic", "edit-user.html", "profile-pic-template")) diff --git a/create_db.sql b/create_db.sql index a79e89c..f246a8d 100644 --- a/create_db.sql +++ b/create_db.sql @@ -38,6 +38,7 @@ CREATE TABLE articles ( clicks INT NOT NULL, is_in_issue BOOL NOT NULL, auto_generated BOOL NOT NULL, + uuid VARCHAR(36) NOT NULL, PRIMARY KEY (id), FOREIGN KEY (creator_id) REFERENCES users (id), FOREIGN KEY (issue_id) REFERENCES issues (id) diff --git a/go.mod b/go.mod index 15a8364..ee15862 100644 --- a/go.mod +++ b/go.mod @@ -8,6 +8,7 @@ require ( github.com/BurntSushi/toml v1.4.0 github.com/chai2010/webp v1.1.1 github.com/disintegration/imaging v1.6.2 + github.com/gabriel-vasile/mimetype v1.4.8 github.com/go-sql-driver/mysql v1.8.1 github.com/google/uuid v1.6.0 github.com/microcosm-cc/bluemonday v1.0.27 diff --git a/go.sum b/go.sum index 1c91977..eb8e52d 100644 --- a/go.sum +++ b/go.sum @@ -62,6 +62,8 @@ github.com/envoyproxy/protoc-gen-validate v1.1.0 h1:tntQDh69XqOCOZsDz0lVJQez/2L6 github.com/envoyproxy/protoc-gen-validate v1.1.0/go.mod h1:sXRDRVmzEbkM7CVcM06s9shE/m23dg3wzjl0UWqJ2q4= github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg= github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= +github.com/gabriel-vasile/mimetype v1.4.8 h1:FfZ3gj38NjllZIeJAmMhr+qKL8Wu+nOoI3GqacKw1NM= +github.com/gabriel-vasile/mimetype v1.4.8/go.mod h1:ByKUIKGjh1ODkGM1asKUbQZOLGrPjydw3hYPU2YU9t8= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY= github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= diff --git a/web/templates/hub.html b/web/templates/hub.html index 39803b1..b96cc8c 100644 --- a/web/templates/hub.html +++ b/web/templates/hub.html @@ -7,6 +7,11 @@

Artikel

+
+ + +
{{if lt .Role 3}}{{end}} From ff36d65cc33cb52f683b5ef71ddc3ebf0f692454 Mon Sep 17 00:00:00 2001 From: Jason Streifling Date: Fri, 17 Jan 2025 05:04:03 +0100 Subject: [PATCH 09/10] Add ability to clean up unused images --- cmd/backend/images.go | 64 ++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 63 insertions(+), 1 deletion(-) diff --git a/cmd/backend/images.go b/cmd/backend/images.go index 6a2619c..398e201 100644 --- a/cmd/backend/images.go +++ b/cmd/backend/images.go @@ -1,10 +1,16 @@ package backend import ( + "bufio" "fmt" "image" "io" + "io/fs" + "log" "os" + "path/filepath" + "strings" + "time" "github.com/chai2010/webp" "github.com/disintegration/imaging" @@ -30,7 +36,7 @@ func SaveImage(src io.Reader, maxHeight, maxWidth int, path string) (string, err } filename := fmt.Sprint(uuid.New(), ".webp") - file, err := os.Create(path + filename) + file, err := os.Create(filepath.Join(path, filename)) if err != nil { return "", fmt.Errorf("error creating new image file: %v", err) } @@ -42,3 +48,59 @@ func SaveImage(src io.Reader, maxHeight, maxWidth int, path string) (string, err return filename, nil } + +func CleanUpImages(c *Config) { + for { + if err := filepath.Walk(c.PicsDir, func(path string, info fs.FileInfo, err error) error { + if err != nil { + return err + } + + if !info.IsDir() { + imageName := info.Name() + absImageName := path + + if err = filepath.Walk(c.ArticleDir, func(path string, info fs.FileInfo, err error) error { + if err != nil { + return err + } + + if !info.IsDir() { + mdFile, err := os.Open(path) + if err != nil { + return err + } + defer mdFile.Close() + + scanner := bufio.NewScanner(mdFile) + imageWasFound := false + + for scanner.Scan() { + if strings.Contains(scanner.Text(), imageName) { + imageWasFound = true + } + } + + if !imageWasFound { + if err = os.Remove(absImageName); err != nil { + return err + } + } + + return scanner.Err() + } + + return nil + }); err != nil { + return err + } + } + + return nil + }); err != nil { + log.Println(err) + } + + time.Sleep(time.Hour) + } +} From 7b9438233e0d2ba25a218d711fc957c0b76b5b6f Mon Sep 17 00:00:00 2001 From: Jason Streifling Date: Fri, 17 Jan 2025 17:52:35 +0100 Subject: [PATCH 10/10] Comment out not ready image cleanup function --- cmd/main.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/main.go b/cmd/main.go index 0dcc0f0..1ce834f 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -32,7 +32,7 @@ func main() { sessions, sessionExpiryChan := f.StartSessions() defer close(sessionExpiryChan) - go b.CleanUpImages(config) + // go b.CleanUpImages(config) mux := http.NewServeMux() mux.Handle("/web/static/", http.StripPrefix("/web/static/",