jason/cpolis
1
0
Fork 1
Code Issues Pull Requests Packages Projects Releases 49 Wiki Activity

Added ability to edit user info

Browse Source
This commit is contained in:
Jason Streifling 2024-03-11 21:08:27 +01:00
parent f10220f936
commit 697939a17a
12 changed files with 337 additions and 191 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
cmd/main.go
View File

@ -47,6 +47,7 @@ func main() {
mux.HandleFunc("GET /create-tag/", view.CreateTag) mux.HandleFunc("GET /create-tag/", view.CreateTag)
mux.HandleFunc("GET /create-user/", view.CreateUser) mux.HandleFunc("GET /create-user/", view.CreateUser)
mux.HandleFunc("GET /edit-user/", view.EditUser(db, store))
mux.HandleFunc("GET /hub/", view.ShowHub(db, store)) mux.HandleFunc("GET /hub/", view.ShowHub(db, store))
mux.HandleFunc("GET /rejected-articles/", view.ShowRejectedArticles(db, store)) mux.HandleFunc("GET /rejected-articles/", view.ShowRejectedArticles(db, store))
mux.HandleFunc("GET /rss/", view.ShowRSS( mux.HandleFunc("GET /rss/", view.ShowRSS(

11
cmd/model/articles.go
View File

@ -5,6 +5,17 @@ import (
"time" "time"
) )
type Article struct {
Title string
Created time.Time
Description string
Content string
Published bool
Rejected bool
ID int64
AuthorID int64
}
func (db *DB) AddArticle(a *Article) (int64, error) { func (db *DB) AddArticle(a *Article) (int64, error) {
query := ` query := `
INSERT INTO articles INSERT INTO articles

54
cmd/model/db.go
View File

@ -17,6 +17,17 @@ type DB struct {
*sql.DB *sql.DB
} }
type Tx struct {
*sql.Tx
}
type Attribute struct {
Value interface{}
Table string
AttName string
ID int64
}
func getUsername() (string, error) { func getUsername() (string, error) {
user := os.Getenv("DB_USER") user := os.Getenv("DB_USER")
if user == "" { if user == "" {
@ -117,3 +128,46 @@ func (db *DB) CountEntries(table string) (int64, error) {
return count, nil return count, nil
} }
func (db *DB) StartTransaction() (*Tx, error) {
tx := &Tx{Tx: new(sql.Tx)}
var err error
tx.Tx, err = db.Begin()
if err != nil {
return nil, fmt.Errorf("error starting transaction: %v", err)
}
return tx, nil
}
func (tx *Tx) CommitTransaction() error {
if err := tx.Commit(); err != nil {
return fmt.Errorf("error committing transaction: %v", err)
}
return nil
}
func (tx *Tx) RollbackTransaction() {
if err := tx.Rollback(); err != nil {
log.Fatalf("error rolling back transaction: %v", err)
}
}
func (tx *Tx) UpdateAttributes(a ...*Attribute) error {
for _, attribute := range a {
query := fmt.Sprintf(`
UPDATE %s
SET %s = ?
WHERE id = ?
`, attribute.Table, attribute.AttName)
if _, err := tx.Exec(query, attribute.Value, attribute.ID); err != nil {
if rollbackErr := tx.Rollback(); rollbackErr != nil {
log.Fatalf("error: transaction error: %v, rollback error: %v", err, rollbackErr)
}
return fmt.Errorf("error updating article in DB: %v", err)
}
}
return nil
}

42
cmd/model/structs.go
View File

@ -1,42 +0,0 @@
package model
import (
"time"
)
const (
Admin = iota
Editor
Writer
)
type User struct {
UserName string
FirstName string
LastName string
ID int64
Role int
}
type Tag struct {
Name string
ID int64
}
type Article struct {
Title string
Created time.Time
Description string
Content string
Published bool
Rejected bool
ID int64
AuthorID int64
}
type Attribute struct {
Value interface{}
Table string
AttName string
ID int64
}

5
cmd/model/tags.go
View File

@ -2,6 +2,11 @@ package model
import "fmt" import "fmt"
type Tag struct {
Name string
ID int64
}
func (db *DB) AddTag(tagName string) error { func (db *DB) AddTag(tagName string) error {
query := "INSERT INTO tags (name) VALUES (?)" query := "INSERT INTO tags (name) VALUES (?)"
if _, err := db.Exec(query, tagName); err != nil { if _, err := db.Exec(query, tagName); err != nil {

31
cmd/model/users.go
View File

@ -7,6 +7,20 @@ import (
"golang.org/x/crypto/bcrypt" "golang.org/x/crypto/bcrypt"
) )
const (
Admin = iota
Editor
Writer
)
type User struct {
UserName string
FirstName string
LastName string
ID int64
Role int
}
func (db *DB) AddUser(user *User, pass string) error { func (db *DB) AddUser(user *User, pass string) error {
hashedPass, err := bcrypt.GenerateFromPassword([]byte(pass), bcrypt.DefaultCost) hashedPass, err := bcrypt.GenerateFromPassword([]byte(pass), bcrypt.DefaultCost)
if err != nil { if err != nil {
@ -25,7 +39,7 @@ func (db *DB) AddUser(user *User, pass string) error {
return nil return nil
} }
func (db *DB) GetID(userName string) (int64, error) { func (db *DB) GetID(userName string) (int64, bool) {
var id int64 var id int64
query := ` query := `
@ -35,10 +49,10 @@ func (db *DB) GetID(userName string) (int64, error) {
` `
row := db.QueryRow(query, userName) row := db.QueryRow(query, userName)
if err := row.Scan(&id); err != nil { if err := row.Scan(&id); err != nil {
return 0, fmt.Errorf("user not in DB: %v", err) return 0, false
} }
return id, nil return id, true
} }
func (db *DB) CheckPassword(id int64, pass string) error { func (db *DB) CheckPassword(id int64, pass string) error {
@ -61,12 +75,7 @@ func (db *DB) CheckPassword(id int64, pass string) error {
return nil return nil
} }
func (db *DB) ChangePassword(id int64, oldPass, newPass string) error { func (tx *Tx) ChangePassword(id int64, oldPass, newPass string) error {
tx, err := db.Begin()
if err != nil {
return fmt.Errorf("error starting transaction: %v", err)
}
var queriedPass string var queriedPass string
getQuery := ` getQuery := `
SELECT password SELECT password
@ -108,10 +117,6 @@ func (db *DB) ChangePassword(id int64, oldPass, newPass string) error {
return fmt.Errorf("error updating password in DB: %v", err) return fmt.Errorf("error updating password in DB: %v", err)
} }
if err = tx.Commit(); err != nil {
return fmt.Errorf("error committing transaction: %v", err)
}
return nil return nil
} }

128
cmd/view/admin.go
View File

@ -1,128 +0,0 @@
package view
import (
"fmt"
"html/template"
"log"
"net/http"
"strconv"
"streifling.com/jason/cpolis/cmd/control"
"streifling.com/jason/cpolis/cmd/model"
)
type AddUserData struct {
*model.User
Msg string
}
func inputsEmpty(user *model.User, pass, pass2 string) bool {
return len(user.UserName) == 0 ||
len(user.FirstName) == 0 ||
len(user.LastName) == 0 ||
len(pass) == 0 ||
len(pass2) == 0
}
func checkUserStrings(user *model.User) (string, int, bool) {
userLen := 15
nameLen := 50
if len(user.UserName) > userLen {
return "Benutzername", userLen, false
} else if len(user.FirstName) > nameLen {
return "Vorname", nameLen, false
} else if len(user.LastName) > nameLen {
return "Nachname", nameLen, false
} else {
return "", 0, true
}
}
func CreateUser(w http.ResponseWriter, r *http.Request) {
tmpl, err := template.ParseFiles("web/templates/add-user.html")
template.Must(tmpl, err).ExecuteTemplate(w, "page-content", nil)
}
func AddUser(db *model.DB, s *control.CookieStore) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
role, err := strconv.Atoi(r.PostFormValue("role"))
if err != nil {
log.Println(err)
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
htmlData := AddUserData{
User: &model.User{
UserName: r.PostFormValue("username"),
FirstName: r.PostFormValue("first-name"),
LastName: r.PostFormValue("last-name"),
Role: role,
},
}
pass := r.PostFormValue("password")
pass2 := r.PostFormValue("password2")
if inputsEmpty(htmlData.User, pass, pass2) {
htmlData.Msg = "Alle Felder müssen ausgefüllt werden."
tmpl, err := template.ParseFiles("web/templates/add-user.html")
template.Must(tmpl, err).ExecuteTemplate(w, "page-content", htmlData)
return
}
userString, stringLen, ok := checkUserStrings(htmlData.User)
if !ok {
htmlData.Msg = fmt.Sprint(userString, " ist zu lang. Maximal ",
stringLen, " Zeichen erlaubt.")
tmpl, err := template.ParseFiles("web/templates/add-user.html")
template.Must(tmpl, err).ExecuteTemplate(w, "page-content", htmlData)
return
}
id, _ := db.GetID(htmlData.UserName)
if id != 0 {
htmlData.Msg = fmt.Sprint(htmlData.UserName,
" ist bereits vergeben. Bitte anderen Benutzernamen wählen.")
tmpl, err := template.ParseFiles("web/templates/add-user.html")
template.Must(tmpl, err).ExecuteTemplate(w, "page-content", htmlData)
return
}
if pass != pass2 {
htmlData.Msg = "Die Passwörter stimmen nicht überein."
tmpl, err := template.ParseFiles("web/templates/add-user.html")
template.Must(tmpl, err).ExecuteTemplate(w, "page-content", htmlData)
return
}
num, err := db.CountEntries("users")
if err != nil {
log.Println(err)
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
if num == 0 {
if htmlData.Role != model.Admin {
htmlData.Msg = "Der erste Benutzer muss ein Administrator sein."
htmlData.Role = model.Admin
tmpl, err := template.ParseFiles("web/templates/add-user.html")
tmpl = template.Must(tmpl, err)
tmpl.ExecuteTemplate(w, "page-content", htmlData)
return
}
if err := saveSession(w, r, s, htmlData.User); err != nil {
log.Println(err)
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
}
if err := db.AddUser(htmlData.User, pass); err != nil {
log.Println(err)
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
tmpl, err := template.ParseFiles("web/templates/hub.html")
template.Must(tmpl, err).ExecuteTemplate(w, "page-content", 0)
}
}

16
cmd/view/articles.go
View File

@ -213,10 +213,14 @@ func PublishArticle(db *model.DB, s *control.CookieStore) http.HandlerFunc {
template.Must(tmpl, err).ExecuteTemplate(w, "page-content", msg) template.Must(tmpl, err).ExecuteTemplate(w, "page-content", msg)
} }
db.UpdateAttributes( if err = db.UpdateAttributes(
&model.Attribute{Table: "articles", ID: id, AttName: "published", Value: true}, &model.Attribute{Table: "articles", ID: id, AttName: "published", Value: true},
&model.Attribute{Table: "articles", ID: id, AttName: "rejected", Value: false}, &model.Attribute{Table: "articles", ID: id, AttName: "rejected", Value: false},
) ); err != nil {
log.Println(err)
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
tmpl, err := template.ParseFiles("web/templates/hub.html") tmpl, err := template.ParseFiles("web/templates/hub.html")
tmpl = template.Must(tmpl, err) tmpl = template.Must(tmpl, err)
@ -240,9 +244,13 @@ func RejectArticle(db *model.DB, s *control.CookieStore) http.HandlerFunc {
template.Must(tmpl, err).ExecuteTemplate(w, "page-content", msg) template.Must(tmpl, err).ExecuteTemplate(w, "page-content", msg)
} }
db.UpdateAttributes( if err = db.UpdateAttributes(
&model.Attribute{Table: "articles", ID: id, AttName: "rejected", Value: true}, &model.Attribute{Table: "articles", ID: id, AttName: "rejected", Value: true},
) ); err != nil {
log.Println(err)
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
tmpl, err := template.ParseFiles("web/templates/hub.html") tmpl, err := template.ParseFiles("web/templates/hub.html")
tmpl = template.Must(tmpl, err) tmpl = template.Must(tmpl, err)

7
cmd/view/sessions.go
View File

@ -59,10 +59,9 @@ func Login(db *model.DB, s *control.CookieStore) http.HandlerFunc {
userName := r.PostFormValue("username") userName := r.PostFormValue("username")
password := r.PostFormValue("password") password := r.PostFormValue("password")
id, err := db.GetID(userName) id, ok := db.GetID(userName)
if err != nil { if !ok {
log.Println(err) http.Error(w, fmt.Sprintf("no such user: %v", userName), http.StatusInternalServerError)
http.Error(w, err.Error(), http.StatusInternalServerError)
return return
} }

219
cmd/view/users.go Normal file
View File

@ -0,0 +1,219 @@
package view
import (
"fmt"
"html/template"
"log"
"net/http"
"strconv"
"streifling.com/jason/cpolis/cmd/control"
"streifling.com/jason/cpolis/cmd/model"
)
type UserData struct {
*model.User
Msg string
}
func checkUserStrings(user *model.User) (string, int, bool) {
userLen := 15
nameLen := 50
if len(user.UserName) > userLen {
return "Benutzername", userLen, false
} else if len(user.FirstName) > nameLen {
return "Vorname", nameLen, false
} else if len(user.LastName) > nameLen {
return "Nachname", nameLen, false
} else {
return "", 0, true
}
}
func CreateUser(w http.ResponseWriter, r *http.Request) {
tmpl, err := template.ParseFiles("web/templates/add-user.html")
template.Must(tmpl, err).ExecuteTemplate(w, "page-content", nil)
}
func AddUser(db *model.DB, s *control.CookieStore) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
role, err := strconv.Atoi(r.PostFormValue("role"))
if err != nil {
log.Println(err)
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
htmlData := UserData{
User: &model.User{
UserName: r.PostFormValue("username"),
FirstName: r.PostFormValue("first-name"),
LastName: r.PostFormValue("last-name"),
Role: role,
},
}
pass := r.PostFormValue("password")
pass2 := r.PostFormValue("password2")
if len(htmlData.UserName) == 0 || len(htmlData.FirstName) == 0 ||
len(htmlData.LastName) == 0 || len(pass) == 0 || len(pass2) == 0 {
htmlData.Msg = "Alle Felder müssen ausgefüllt werden."
tmpl, err := template.ParseFiles("web/templates/add-user.html")
template.Must(tmpl, err).ExecuteTemplate(w, "page-content", htmlData)
return
}
userString, stringLen, ok := checkUserStrings(htmlData.User)
if !ok {
htmlData.Msg = fmt.Sprint(userString, " ist zu lang. Maximal ",
stringLen, " Zeichen erlaubt.")
tmpl, err := template.ParseFiles("web/templates/add-user.html")
template.Must(tmpl, err).ExecuteTemplate(w, "page-content", htmlData)
return
}
id, _ := db.GetID(htmlData.UserName)
if id != 0 {
htmlData.Msg = fmt.Sprint(htmlData.UserName,
" ist bereits vergeben. Bitte anderen Benutzernamen wählen.")
tmpl, err := template.ParseFiles("web/templates/add-user.html")
template.Must(tmpl, err).ExecuteTemplate(w, "page-content", htmlData)
return
}
if pass != pass2 {
htmlData.Msg = "Die Passwörter stimmen nicht überein."
tmpl, err := template.ParseFiles("web/templates/add-user.html")
template.Must(tmpl, err).ExecuteTemplate(w, "page-content", htmlData)
return
}
num, err := db.CountEntries("users")
if err != nil {
log.Println(err)
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
if num == 0 {
if htmlData.Role != model.Admin {
htmlData.Msg = "Der erste Benutzer muss ein Administrator sein."
htmlData.Role = model.Admin
tmpl, err := template.ParseFiles("web/templates/add-user.html")
tmpl = template.Must(tmpl, err)
tmpl.ExecuteTemplate(w, "page-content", htmlData)
return
}
if err := saveSession(w, r, s, htmlData.User); err != nil {
log.Println(err)
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
}
if err := db.AddUser(htmlData.User, pass); err != nil {
log.Println(err)
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
tmpl, err := template.ParseFiles("web/templates/hub.html")
template.Must(tmpl, err).ExecuteTemplate(w, "page-content", 0)
}
}
func EditUser(db *model.DB, s *control.CookieStore) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
session, err := s.Get(r, "cookie")
if err != nil {
tmpl, err := template.ParseFiles("web/templates/login.html")
msg := "Session nicht mehr gültig. Bitte erneut anmelden."
template.Must(tmpl, err).ExecuteTemplate(w, "page-content", msg)
}
userData := UserData{
User: &model.User{
ID: session.Values["id"].(int64),
UserName: r.PostFormValue("username"),
FirstName: r.PostFormValue("first-name"),
LastName: r.PostFormValue("last-name"),
},
}
oldPass := r.PostFormValue("old-password")
newPass := r.PostFormValue("password")
newPass2 := r.PostFormValue("password2")
if len(userData.UserName) == 0 || len(userData.FirstName) == 0 ||
len(userData.LastName) == 0 {
userData.Msg = "Alle Felder mit * müssen ausgefüllt sein."
tmpl, err := template.ParseFiles("web/templates/edit-user.html")
tmpl = template.Must(tmpl, err)
tmpl.ExecuteTemplate(w, "page-content", userData.Msg)
return
}
userString, stringLen, ok := checkUserStrings(userData.User)
if !ok {
userData.Msg = fmt.Sprint(userString, " ist zu lang. Maximal ",
stringLen, " Zeichen erlaubt.")
tmpl, err := template.ParseFiles("web/templates/edit-user.html")
tmpl = template.Must(tmpl, err)
tmpl.ExecuteTemplate(w, "page-content", userData)
return
}
if _, ok := db.GetID(userData.UserName); ok {
userData.Msg = "Benutzername bereits vergeben."
userData.UserName = ""
tmpl, err := template.ParseFiles("web/templates/edit-user.html")
tmpl = template.Must(tmpl, err)
tmpl.ExecuteTemplate(w, "page-content", userData)
return
}
tx, err := db.StartTransaction()
if err != nil {
log.Println(err)
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
if len(newPass) > 0 || len(newPass2) > 0 {
if newPass != newPass2 {
tx.RollbackTransaction()
userData.Msg = "Die Passwörter stimmen nicht überein."
tmpl, err := template.ParseFiles("web/templates/edit-user.html")
tmpl = template.Must(tmpl, err)
tmpl.ExecuteTemplate(w, "page-content", userData)
return
}
if err = tx.ChangePassword(userData.ID, oldPass, newPass); err != nil {
log.Println(err)
userData.Msg = "Das alte Passwort ist nicht korrekt."
tmpl, err := template.ParseFiles("web/templates/edit-user.html")
tmpl = template.Must(tmpl, err)
tmpl.ExecuteTemplate(w, "page-content", userData)
return
}
}
if err = tx.UpdateAttributes(
&model.Attribute{Table: "users", ID: userData.ID, AttName: "username", Value: userData.UserName},
&model.Attribute{Table: "users", ID: userData.ID, AttName: "first-name", Value: userData.FirstName},
&model.Attribute{Table: "users", ID: userData.ID, AttName: "last-name", Value: userData.LastName},
); err != nil {
log.Println(err)
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
if err = tx.Commit(); err != nil {
log.Println(err)
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
tmpl, err := template.ParseFiles("web/templates/hub.html")
tmpl = template.Must(tmpl, err)
tmpl.ExecuteTemplate(w, "page-content", session.Values["Role"].(string))
}
}

13
web/templates/edit-user.html Normal file
View File

@ -0,0 +1,13 @@
{{define "page-content"}}
<form>
<input name="username" type="text" value="{{.UserName}}" />
<input name="first-name" type="text" value="{{.FirstName}}" />
<input name="last-name" type="text" value="{{.LastName}}" />
<input name="old-password" placeholder="Altes Passwort" type="password" />
<input name="password" placeholder="Neues Passwort" type="password" />
<input name="password2" placeholder="Wiederholen" type="password" />
<input type="submit" hx-post="/update-user/" hx-target="#page-content" />
</form>
{{end}}

1
web/templates/hub.html
View File

@ -3,6 +3,7 @@
<button hx-get="/write-article/" hx-target="#page-content">Artikel schreiben</button> <button hx-get="/write-article/" hx-target="#page-content">Artikel schreiben</button>
<button hx-get="/rejected-articles/" hx-target="#page-content">Abgelehnte Artikel</button> <button hx-get="/rejected-articles/" hx-target="#page-content">Abgelehnte Artikel</button>
<button hx-get="/rss/" hx-target="#page-content">RSS Feed</button> <button hx-get="/rss/" hx-target="#page-content">RSS Feed</button>
<button hx-get="/edit-user/" hx-target="#page-content">Benutzer bearbeiten</button>
{{if lt . 2}} {{if lt . 2}}
<button hx-get="/unpublished-articles/" hx-target="#page-content">Unveröffentlichte Artikel</button> <button hx-get="/unpublished-articles/" hx-target="#page-content">Unveröffentlichte Artikel</button>
<button hx-get="/create-tag/" hx-target="#page-content">Neuer Tag</button> <button hx-get="/create-tag/" hx-target="#page-content">Neuer Tag</button>