From 2e08600814593569de4cf70bb42da0d7fad85501 Mon Sep 17 00:00:00 2001
From: Jason Streifling <jason@streifling.com>
Date: Sat, 24 Feb 2024 09:54:25 +0100
Subject: [PATCH] Added ability to login

---
 cmd/data/db.go                     | 44 ++++++++++++++++++++++------
 cmd/{articles => data}/markdown.go |  2 +-
 cmd/handlers/editor.go             | 27 -----------------
 cmd/ui/ui.go                       | 47 ++++++++++++++++++++++++++++++
 main.go                            | 11 +++----
 web/templates/editor.html          |  9 +++---
 web/templates/login.html           |  8 +++++
 7 files changed, 102 insertions(+), 46 deletions(-)
 rename cmd/{articles => data}/markdown.go (95%)
 delete mode 100644 cmd/handlers/editor.go
 create mode 100644 cmd/ui/ui.go
 create mode 100644 web/templates/login.html

diff --git a/cmd/data/db.go b/cmd/data/db.go
index 4ac8921..7bd7392 100644
--- a/cmd/data/db.go
+++ b/cmd/data/db.go
@@ -64,21 +64,46 @@ func (db *DB) AddUser(user, pass, first, last string, writer, editor, admin bool
 	return nil
 }
 
-func (db *DB) ChangePassword(id int64, oldPass, newPass string) error {
-	var oldHashedPass string
+func (db *DB) GetID(user string) (int64, error) {
+	var id int64
 
-	selectQuery := `
+	query := `
+    SELECT id FROM
+        users
+    WHERE
+        username = ?
+    `
+	row := db.QueryRow(query, user)
+	if err := row.Scan(&id); err != nil {
+		return 0, fmt.Errorf("user not in DB: %v", err)
+	}
+
+	return id, nil
+}
+
+func (db *DB) CheckPassword(id int64, pass string) error {
+	var queriedPass string
+
+	query := `
     SELECT password FROM
         users
     WHERE
         id = ?
     `
-	row := db.QueryRow(selectQuery, id)
-	if err := row.Scan(&oldHashedPass); err != nil {
+	row := db.QueryRow(query, id)
+	if err := row.Scan(&queriedPass); err != nil {
 		return fmt.Errorf("error reading password from DB: %v", err)
 	}
 
-	if err := bcrypt.CompareHashAndPassword([]byte(oldHashedPass), []byte(oldPass)); err != nil {
+	if err := bcrypt.CompareHashAndPassword([]byte(queriedPass), []byte(pass)); err != nil {
+		return fmt.Errorf("incorrect password: %v", err)
+	}
+
+	return nil
+}
+
+func (db *DB) ChangePassword(id int64, oldPass, newPass string) error {
+	if err := db.CheckPassword(id, oldPass); err != nil {
 		return fmt.Errorf("error checking password: %v", err)
 	}
 
@@ -88,9 +113,10 @@ func (db *DB) ChangePassword(id int64, oldPass, newPass string) error {
 	}
 
 	updateQuery := `
-    UPDATE users
-    SET password = ?
-    WHERE id = ?
+    UPDATE users SET
+        password = ?
+    WHERE
+        id = ?
     `
 	_, err = db.Exec(updateQuery, string(newHashedPass), id)
 	if err != nil {
diff --git a/cmd/articles/markdown.go b/cmd/data/markdown.go
similarity index 95%
rename from cmd/articles/markdown.go
rename to cmd/data/markdown.go
index e358f5f..d083f24 100644
--- a/cmd/articles/markdown.go
+++ b/cmd/data/markdown.go
@@ -1,4 +1,4 @@
-package articles
+package data
 
 import (
 	"bytes"
diff --git a/cmd/handlers/editor.go b/cmd/handlers/editor.go
deleted file mode 100644
index bee5b75..0000000
--- a/cmd/handlers/editor.go
+++ /dev/null
@@ -1,27 +0,0 @@
-package handlers
-
-import (
-	"log"
-	"net/http"
-
-	"streifling.com/jason/cpolis/cmd/articles"
-	"streifling.com/jason/cpolis/cmd/feed"
-)
-
-func HandleFinishedEdit(f *feed.Feed) http.HandlerFunc {
-	return func(w http.ResponseWriter, r *http.Request) {
-		title := r.PostFormValue("editor-title")
-		desc := r.PostFormValue("editor-desc")
-		mdContent := r.PostFormValue("editor-text")
-
-		content, err := articles.ConvertToHTML(mdContent)
-		if err != nil {
-			http.Error(w, err.Error(), http.StatusInternalServerError)
-			log.Panicln(err)
-		}
-
-		feed.AddToFeed(f, title, desc, content)
-		feed.SaveFeed(f, "tmp/rss.gob")
-		// template.Must(template.ParseFiles("web/templates/editor.html")).ExecuteTemplate(w, "html-result", rssItem)
-	}
-}
diff --git a/cmd/ui/ui.go b/cmd/ui/ui.go
new file mode 100644
index 0000000..6a1681a
--- /dev/null
+++ b/cmd/ui/ui.go
@@ -0,0 +1,47 @@
+package ui
+
+import (
+	"html/template"
+	"log"
+	"net/http"
+
+	"streifling.com/jason/cpolis/cmd/data"
+	"streifling.com/jason/cpolis/cmd/feed"
+)
+
+func HandleLogin(db *data.DB) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		user := r.PostFormValue("username")
+		pass := r.PostFormValue("password")
+
+		id, err := db.GetID(user)
+		if err != nil {
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			// TODO: und nun?
+		}
+
+		if err := db.CheckPassword(id, pass); err != nil {
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+		} else {
+			template.Must(template.ParseFiles("web/templates/editor.html")).ExecuteTemplate(w, "page-content", nil)
+		}
+	}
+}
+
+func HandleFinishedEdit(f *feed.Feed) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		title := r.PostFormValue("editor-title")
+		desc := r.PostFormValue("editor-desc")
+		mdContent := r.PostFormValue("editor-text")
+
+		content, err := data.ConvertToHTML(mdContent)
+		if err != nil {
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			log.Panicln(err)
+		}
+
+		feed.AddToFeed(f, title, desc, content)
+		feed.SaveFeed(f, "tmp/rss.gob")
+		// template.Must(template.ParseFiles("web/templates/editor.html")).ExecuteTemplate(w, "html-result", rssItem)
+	}
+}
diff --git a/main.go b/main.go
index 23d9187..6e9b8d8 100644
--- a/main.go
+++ b/main.go
@@ -7,7 +7,7 @@ import (
 
 	"streifling.com/jason/cpolis/cmd/data"
 	"streifling.com/jason/cpolis/cmd/feed"
-	"streifling.com/jason/cpolis/cmd/handlers"
+	"streifling.com/jason/cpolis/cmd/ui"
 )
 
 func main() {
@@ -17,10 +17,10 @@ func main() {
 	}
 	defer db.Close()
 
-	f, err := feed.OpenFeed("tmp/rss.gob")
+	rss, err := feed.OpenFeed("tmp/rss.gob")
 	if err != nil {
 		log.Println(err)
-		f = feed.NewFeed("Freimaurer Distrikt Niedersachsen und Sachsen-Anhalt",
+		rss = feed.NewFeed("Freimaurer Distrikt Niedersachsen und Sachsen-Anhalt",
 			"https://distrikt-ni-st.de",
 			"Freiheit, Gleichheit, Brüderlichkeit, Toleranz und Humanität")
 	}
@@ -28,9 +28,10 @@ func main() {
 	mux := http.NewServeMux()
 	mux.Handle("/web/static/", http.StripPrefix("/web/static/", http.FileServer(http.Dir("web/static/"))))
 	mux.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
-		template.Must(template.ParseFiles("web/templates/index.html", "web/templates/editor.html")).Execute(w, nil)
+		template.Must(template.ParseFiles("web/templates/index.html", "web/templates/login.html")).Execute(w, nil)
 	})
-	mux.HandleFunc("POST /finished-edit/", handlers.HandleFinishedEdit(f))
+	mux.HandleFunc("POST /login/", ui.HandleLogin(db))
+	mux.HandleFunc("POST /finished-edit/", ui.HandleFinishedEdit(rss))
 
 	log.Fatalln(http.ListenAndServe(":8080", mux))
 }
diff --git a/web/templates/editor.html b/web/templates/editor.html
index 0cf807d..976cdb0 100644
--- a/web/templates/editor.html
+++ b/web/templates/editor.html
@@ -1,9 +1,10 @@
 {{define "page-content"}}
+<h2>Editor</h2>
 <form>
-    <input type="text" name="editor-title" value="Titel">
-    <textarea name="editor-desc"></textarea>
-    <textarea name="editor-text"></textarea>
-    <input type="submit" value="Senden" hx-post="/finished-edit/" hx-target="#page-content">
+    <input name="editor-title" placeholder="Titel" type="text" />
+    <textarea name="editor-desc" placeholder="Beschreibung"></textarea>
+    <textarea name="editor-text" placeholder="Artikel"></textarea>
+    <input type="submit" value="Senden" hx-post="/finished-edit/" hx-target="#page-content" />
 </form>
 {{end}}
 
diff --git a/web/templates/login.html b/web/templates/login.html
new file mode 100644
index 0000000..9469601
--- /dev/null
+++ b/web/templates/login.html
@@ -0,0 +1,8 @@
+{{define "page-content"}}
+<h2>Anmeldung</h2>
+<form>
+    <input name="username" placeholder="Benutzername" type="text" />
+    <input name="password" placeholder="Passwort" type="password" />
+    <input type="submit" value="Anmelden" hx-post="/login/" hx-target="#page-content" />
+</form>
+{{end}}