From 8711ba0629624904e61bca8a2dd92aafeac61093 Mon Sep 17 00:00:00 2001
From: Jason Streifling <jason@streifling.com>
Date: Mon, 1 Apr 2024 19:26:18 +0200
Subject: [PATCH] Handle first user differently from the rest

---
 cmd/main.go                   | 28 ++++-------
 cmd/view/sessions.go          |  2 +-
 cmd/view/users.go             | 95 ++++++++++++++++++++++++++---------
 web/templates/first-user.html | 38 ++++++++++++++
 web/templates/index.html      |  6 +--
 5 files changed, 123 insertions(+), 46 deletions(-)
 create mode 100644 web/templates/first-user.html

diff --git a/cmd/main.go b/cmd/main.go
index e152ecf..886e518 100644
--- a/cmd/main.go
+++ b/cmd/main.go
@@ -54,34 +54,28 @@ func main() {
 	mux.HandleFunc("GET /edit-user/", view.EditUser(args, db, store))
 	mux.HandleFunc("GET /hub/", view.ShowHub(args, db, store))
 	mux.HandleFunc("GET /logout/", view.Logout(args, store))
-	mux.HandleFunc("GET /publish-issue/",
-		view.PublishLatestIssue(args, db, store))
-	mux.HandleFunc("GET /rejected-articles/",
-		view.ShowRejectedArticles(args, db, store))
-	mux.HandleFunc("GET /review-rejected-article/{id}/",
-		view.ReviewRejectedArticle(args, db, store))
-	mux.HandleFunc("GET /review-unpublished-article/{id}/",
-		view.ReviewUnpublishedArticle(args, db, store))
-	mux.HandleFunc("GET /rss/", view.ShowRSS(args,
+	mux.HandleFunc("GET /publish-issue/", view.PublishLatestIssue(args, db, store))
+	mux.HandleFunc("GET /rejected-articles/", view.ShowRejectedArticles(args, db, store))
+	mux.HandleFunc("GET /review-rejected-article/{id}/", view.ReviewRejectedArticle(args, db, store))
+	mux.HandleFunc("GET /review-unpublished-article/{id}/", view.ReviewUnpublishedArticle(args, db, store))
+	mux.HandleFunc("GET /rss/", view.ShowRSS(
+		args,
 		db,
 		"Freimaurer Distrikt Niedersachsen und Sachsen-Anhalt",
 		"https://distrikt-ni-st.de",
 		"Freiheit, Gleichheit, Brüderlichkeit, Toleranz und Humanität",
 	))
 	mux.HandleFunc("GET /this-issue/", view.ShowCurrentArticles(args, db))
-	mux.HandleFunc("GET /unpublished-articles/",
-		view.ShowUnpublishedArticles(args, db))
+	mux.HandleFunc("GET /unpublished-articles/", view.ShowUnpublishedArticles(args, db))
 	mux.HandleFunc("GET /write-article/", view.WriteArticle(args, db))
 
+	mux.HandleFunc("POST /add-first-user/", view.AddFirstUser(args, db, store))
 	mux.HandleFunc("POST /add-tag/", view.AddTag(args, db, store))
 	mux.HandleFunc("POST /add-user/", view.AddUser(args, db, store))
 	mux.HandleFunc("POST /login/", view.Login(args, db, store))
-	mux.HandleFunc("POST /publish-article/{id}/",
-		view.PublishArticle(args, db, store))
-	mux.HandleFunc("POST /reject-article/{id}/",
-		view.RejectArticle(args, db, store))
-	mux.HandleFunc("POST /resubmit-article/{id}/",
-		view.ResubmitArticle(args, db, store))
+	mux.HandleFunc("POST /publish-article/{id}/", view.PublishArticle(args, db, store))
+	mux.HandleFunc("POST /reject-article/{id}/", view.RejectArticle(args, db, store))
+	mux.HandleFunc("POST /resubmit-article/{id}/", view.ResubmitArticle(args, db, store))
 	mux.HandleFunc("POST /submit-article/", view.SubmitArticle(args, db, store))
 	mux.HandleFunc("POST /update-user/", view.UpdateUser(args, db, store))
 	mux.HandleFunc("POST /upload-image/", view.UploadImage(args))
diff --git a/cmd/view/sessions.go b/cmd/view/sessions.go
index ed20eda..2bb42d8 100644
--- a/cmd/view/sessions.go
+++ b/cmd/view/sessions.go
@@ -36,7 +36,7 @@ func HomePage(c *control.CliArgs, db *model.DB, s *control.CookieStore) http.Han
 
 		files := []string{c.WebDir + "/templates/index.html"}
 		if numRows == 0 {
-			files = append(files, c.WebDir+"/templates/add-user.html")
+			files = append(files, c.WebDir+"/templates/first-user.html")
 			tmpl, err := template.ParseFiles(files...)
 			template.Must(tmpl, err).Execute(w, nil)
 		} else {
diff --git a/cmd/view/users.go b/cmd/view/users.go
index e5c6cc1..bf5b8bf 100644
--- a/cmd/view/users.go
+++ b/cmd/view/users.go
@@ -88,37 +88,13 @@ func AddUser(c *control.CliArgs, db *model.DB, s *control.CookieStore) http.Hand
 			return
 		}
 
-		htmlData.ID, err = db.AddUser(htmlData.User, pass)
+		_, err = db.AddUser(htmlData.User, pass)
 		if err != nil {
 			log.Println(err)
 			http.Error(w, err.Error(), http.StatusInternalServerError)
 			return
 		}
 
-		if htmlData.ID == 1 {
-			htmlData.Role = model.Admin
-
-			if err = db.UpdateAttributes(
-				&model.Attribute{Table: "users", ID: id, AttName: "role", Value: htmlData.Role},
-			); err != nil {
-				log.Println(err)
-				http.Error(w, err.Error(), http.StatusInternalServerError)
-				return
-			}
-
-			if err := saveSession(w, r, s, htmlData.User); err != nil {
-				log.Println(err)
-				http.Error(w, err.Error(), http.StatusInternalServerError)
-				return
-			}
-
-			if _, err := db.AddIssue(); err != nil {
-				log.Println(err)
-				http.Error(w, err.Error(), http.StatusInternalServerError)
-				return
-			}
-		}
-
 		tmpl, err := template.ParseFiles(c.WebDir + "/templates/hub.html")
 		template.Must(tmpl, err).ExecuteTemplate(w, "page-content", 0)
 	}
@@ -214,3 +190,72 @@ func UpdateUser(c *control.CliArgs, db *model.DB, s *control.CookieStore) http.H
 		tmpl.ExecuteTemplate(w, "page-content", session.Values["role"].(int))
 	}
 }
+
+func AddFirstUser(c *control.CliArgs, db *model.DB, s *control.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		var err error
+
+		htmlData := UserData{
+			User: &model.User{
+				UserName:  r.PostFormValue("username"),
+				FirstName: r.PostFormValue("first-name"),
+				LastName:  r.PostFormValue("last-name"),
+				Role:      model.Admin,
+			},
+		}
+		pass := r.PostFormValue("password")
+		pass2 := r.PostFormValue("password2")
+
+		if len(htmlData.UserName) == 0 || len(htmlData.FirstName) == 0 ||
+			len(htmlData.LastName) == 0 || len(pass) == 0 || len(pass2) == 0 {
+			htmlData.Msg = "Alle Felder müssen ausgefüllt werden."
+			tmpl, err := template.ParseFiles(c.WebDir + "/templates/add-user.html")
+			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", htmlData)
+			return
+		}
+		userString, stringLen, ok := checkUserStrings(htmlData.User)
+		if !ok {
+			htmlData.Msg = fmt.Sprint(userString, " ist zu lang. Maximal ",
+				stringLen, " Zeichen erlaubt.")
+			tmpl, err := template.ParseFiles(c.WebDir + "/templates/add-user.html")
+			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", htmlData)
+			return
+		}
+		id, _ := db.GetID(htmlData.UserName)
+		if id != 0 {
+			htmlData.Msg = fmt.Sprint(htmlData.UserName,
+				" ist bereits vergeben. Bitte anderen Benutzernamen wählen.")
+			tmpl, err := template.ParseFiles(c.WebDir + "/templates/add-user.html")
+			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", htmlData)
+			return
+		}
+		if pass != pass2 {
+			htmlData.Msg = "Die Passwörter stimmen nicht überein."
+			tmpl, err := template.ParseFiles(c.WebDir + "/templates/add-user.html")
+			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", htmlData)
+			return
+		}
+
+		htmlData.ID, err = db.AddUser(htmlData.User, pass)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		if err := saveSession(w, r, s, htmlData.User); err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		if _, err := db.AddIssue(); err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		tmpl, err := template.ParseFiles(c.WebDir + "/templates/hub.html")
+		template.Must(tmpl, err).ExecuteTemplate(w, "page-content", 0)
+	}
+}
diff --git a/web/templates/first-user.html b/web/templates/first-user.html
new file mode 100644
index 0000000..be50608
--- /dev/null
+++ b/web/templates/first-user.html
@@ -0,0 +1,38 @@
+{{define "page-content"}}
+<h2>Neuer Benutzer</h2>
+<form>
+    <div class="grid grid-cols-3 gap-4">
+        <div>
+            <label for="username">Benutzername</label>
+            <input class="w-full" required name="username" type="text" value="{{.UserName}}" />
+        </div>
+        <div>
+            <label for="password">Passwort</label>
+            <input class="w-full" required name="password" placeholder="***" type="password" />
+        </div>
+        <div>
+            <label for="password2">Passwort wiederholen</label>
+            <input class="w-full" required name="password2" placeholder="***" type="password" />
+        </div>
+        <div>
+            <label for="first-name">Vorname</label>
+            <input class="w-full" required name="first-name" type="text" value="{{.FirstName}}" />
+        </div>
+        <div>
+            <label for="last-name">Nachname</label>
+            <input class="w-full" required name="last-name" type="text" value="{{.LastName}}" />
+        </div>
+    </div>
+
+    <div class="btn-area">
+        <input class="action-btn" type="submit" value="Anlegen" hx-post="/add-first-user/" hx-target="#page-content" />
+    </div>
+</form>
+
+<script>
+    var msg = "{{.Msg}}";
+    if (msg != "") {
+        alert(msg);
+    }
+</script>
+{{end}}
diff --git a/web/templates/index.html b/web/templates/index.html
index 507f4a0..46f815f 100644
--- a/web/templates/index.html
+++ b/web/templates/index.html
@@ -14,12 +14,10 @@
         <button class="btn" hx-get="logout" hx-target="#page-content">Abmelden</button>
     </header>
 
-    <main>
+    <main class="mx-4">
         <div id="page-content">
             {{template "page-content" .}}
         </div>
-
-        <script src="/web/static/js/htmx.min.js"></script>
     </main>
 
     <footer class="my-8">
@@ -27,6 +25,8 @@
             &copy; 2024 Jason Streifling. Alle Rechte vorbehalten.
         </p>
     </footer>
+
+    <script src="/web/static/js/htmx.min.js"></script>
 </body>
 
 </html>