Corrected error messages for CliArgs

.gitignore

@@ -21,3 +21,5 @@
 # Go workspace file
 go.work
 
+# Custom stuff
+tmp/

LICENSE

@@ -209,7 +209,7 @@ If you develop a new program, and you want it to be of the greatest possible use
 To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively state the exclusion of warranty; and each file should have at least the “copyright” line and a pointer to where the full notice is found.
 
      cpolis
-     Copyright (C) 2024  jason
+     Copyright (C) 2024  Jason Streifling
 
      This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
 
@@ -221,7 +221,7 @@ Also add information on how to contact you by electronic and paper mail.
 
 If the program does terminal interaction, make it output a short notice like this when it starts in an interactive mode:
 
-     cpolis  Copyright (C) 2024  jason
+     cpolis  Copyright (C) 2024  Jason Streifling
      This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
      This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details.
 

cmd/control/cli.go

@@ -0,0 +1,46 @@
+package control
+
+import (
+	"flag"
+	"fmt"
+	"path/filepath"
+)
+
+type CliArgs struct {
+	DBName  string
+	KeyFile string
+	LogFile string
+	PicsDir string
+	WebDir  string
+}
+
+func HandleCliArgs() (*CliArgs, error) {
+	var err error
+	cliArgs := new(CliArgs)
+
+	keyFile := flag.String("key", "/var/www/cpolis.key", "key file")
+	logFile := flag.String("log", "/var/log/cpolis.log", "log file")
+	picsDir := flag.String("pics", "/var/www/cpolis/pics", "pictures directory")
+	webDir := flag.String("web", "/var/www/cpolis/web", "web directory")
+	flag.StringVar(&cliArgs.DBName, "db", "cpolis", "DB name")
+	flag.Parse()
+
+	cliArgs.KeyFile, err = filepath.Abs(*keyFile)
+	if err != nil {
+		return nil, fmt.Errorf("error finding absolute path for KeyFile: %v", err)
+	}
+	cliArgs.LogFile, err = filepath.Abs(*logFile)
+	if err != nil {
+		return nil, fmt.Errorf("error finding absolute path for LogFile: %v", err)
+	}
+	cliArgs.PicsDir, err = filepath.Abs(*picsDir)
+	if err != nil {
+		return nil, fmt.Errorf("error finding absolute path for PicsDir: %v", err)
+	}
+	cliArgs.WebDir, err = filepath.Abs(*webDir)
+	if err != nil {
+		return nil, fmt.Errorf("error finding absolute path for WebDir: %v", err)
+	}
+
+	return cliArgs, nil
+}

cmd/control/markdown.go

@@ -0,0 +1,35 @@
+package control
+
+import (
+	"bytes"
+	"fmt"
+
+	"github.com/microcosm-cc/bluemonday"
+	"github.com/yuin/goldmark"
+)
+
+func ConvertToHTML(md string) (string, error) {
+	var buf bytes.Buffer
+
+	if err := goldmark.Convert([]byte(md), &buf); err != nil {
+		return "", fmt.Errorf("error converting markdown to html: %v", err)
+	}
+
+	p := bluemonday.UGCPolicy()
+	html := p.Sanitize(buf.String())
+
+	return html, nil
+}
+
+func ConvertToPlain(md string) (string, error) {
+	var buf bytes.Buffer
+
+	if err := goldmark.Convert([]byte(md), &buf); err != nil {
+		return "", fmt.Errorf("error converting markdown to html: %v", err)
+	}
+
+	p := bluemonday.StrictPolicy()
+	plain := p.Sanitize(buf.String())
+
+	return plain, nil
+}

cmd/control/rss.go

@@ -0,0 +1,131 @@
+package control
+
+import (
+	"fmt"
+	"io"
+	"os"
+	"time"
+
+	"git.streifling.com/jason/rss"
+	"streifling.com/jason/cpolis/cmd/model"
+)
+
+func GetChannel(db *model.DB, title, link, description string) (*rss.Channel, error) {
+	channel := &rss.Channel{
+		Title:       title,
+		Link:        link,
+		Description: description,
+		Items:       make([]*rss.Item, 0),
+	}
+
+	articles, err := db.GetCertainArticles(true, false)
+	if err != nil {
+		return nil, fmt.Errorf("error fetching published articles: %v", err)
+	}
+
+	for _, article := range articles {
+		tags, err := db.GetArticleTags(article.ID)
+		if err != nil {
+			return nil, fmt.Errorf("error fetching tags for article %v: %v", article.Title, err)
+		}
+		tagNames := make([]string, 0)
+		for _, tag := range tags {
+			tagNames = append(tagNames, tag.Name)
+		}
+
+		user, err := db.GetUser(article.AuthorID)
+		if err != nil {
+			return nil, fmt.Errorf("error finding user %v: %v", article.AuthorID, err)
+		}
+
+		channel.Items = append(channel.Items, &rss.Item{
+			Title:       article.Title,
+			Author:      user.FirstName + user.LastName,
+			PubDate:     article.Created.Format(time.RFC1123Z),
+			Description: article.Description,
+			Content:     &rss.Content{Value: article.Content},
+			Categories:  tagNames,
+		})
+	}
+
+	return channel, nil
+}
+
+func GenerateRSS(db *model.DB, title, link, desc string) (*string, error) {
+	channel := &rss.Channel{
+		Title:       title,
+		Link:        link,
+		Description: desc,
+		Items:       make([]*rss.Item, 0),
+	}
+
+	articles, err := db.GetCertainArticles(true, false)
+	if err != nil {
+		return nil, fmt.Errorf("error getting published articles for RSS feed: %v", err)
+	}
+
+	for _, article := range articles {
+		tags, err := db.GetArticleTags(article.ID)
+		if err != nil {
+			return nil, fmt.Errorf("error getting tags for articles for RSS feed: %v", err)
+		}
+		tagNames := make([]string, 0)
+		for _, tag := range tags {
+			tagNames = append(tagNames, tag.Name)
+		}
+		tagNames = append(tagNames, fmt.Sprint("Orient Express ", article.IssueID))
+
+		user, err := db.GetUser(article.AuthorID)
+		if err != nil {
+			return nil, fmt.Errorf("error getting user user info for RSS feed: %v", err)
+		}
+
+		articleTitle, err := ConvertToPlain(article.Title)
+		if err != nil {
+			return nil, fmt.Errorf("error converting title to plain text for RSS feed: %v", err)
+		}
+
+		articleDescription, err := ConvertToPlain(article.Description)
+		if err != nil {
+			return nil, fmt.Errorf("error converting description to plain text for RSS feed: %v", err)
+		}
+
+		articleContent, err := ConvertToHTML(article.Content)
+		if err != nil {
+			return nil, fmt.Errorf("error converting content to HTML for RSS feed: %v", err)
+		}
+
+		channel.Items = append(channel.Items, &rss.Item{
+			Title:       articleTitle,
+			Author:      user.FirstName + user.LastName,
+			PubDate:     article.Created.Format(time.RFC1123Z),
+			Description: articleDescription,
+			Content:     &rss.Content{Value: articleContent},
+			Categories:  tagNames,
+		})
+	}
+
+	feed := rss.NewFeed()
+	feed.Channels = append(feed.Channels, channel)
+	rss, err := feed.ToXML()
+	if err != nil {
+		return nil, fmt.Errorf("error converting RSS feed to XML: %v", err)
+	}
+
+	return &rss, nil
+}
+
+func SaveRSS(filename string, feed *string) error {
+	file, err := os.Create(filename)
+	if err != nil {
+		return fmt.Errorf("error creating file for RSS feed: %v", err)
+	}
+	defer file.Close()
+	file.Chmod(0644)
+
+	if _, err = io.WriteString(file, *feed); err != nil {
+		return fmt.Errorf("error writing to RSS file: %v", err)
+	}
+
+	return nil
+}

cmd/control/sessions.go

@@ -0,0 +1,61 @@
+package control
+
+import (
+	"crypto/rand"
+	"encoding/gob"
+	"fmt"
+	"io"
+	"os"
+
+	"github.com/gorilla/sessions"
+)
+
+type CookieStore struct {
+	sessions.CookieStore
+}
+
+func NewKey() ([]byte, error) {
+	key := make([]byte, 32)
+
+	if _, err := io.ReadFull(rand.Reader, key); err != nil {
+		return nil, fmt.Errorf("error generating key: %v", err)
+	}
+
+	return key, nil
+}
+
+func SaveKey(key []byte, filename string) error {
+	file, err := os.Create(filename)
+	if err != nil {
+		return fmt.Errorf("error creating key file: %v", err)
+	}
+	defer file.Close()
+	file.Chmod(0600)
+
+	if err = gob.NewEncoder(file).Encode(key); err != nil {
+		return fmt.Errorf("error ecoding key: %v", err)
+	}
+
+	return nil
+}
+
+func LoadKey(filename string) ([]byte, error) {
+	file, err := os.Open(filename)
+	if err != nil {
+		return nil, fmt.Errorf("error opening key file: %v", err)
+	}
+
+	key := make([]byte, 32)
+	if err = gob.NewDecoder(file).Decode(&key); err != nil {
+		return nil, fmt.Errorf("error decoding key: %v", err)
+	}
+
+	return key, nil
+}
+
+func NewCookieStore(key []byte) *CookieStore {
+	store := sessions.NewCookieStore(key)
+	store.Options.Secure = true
+	store.Options.HttpOnly = true
+	return &CookieStore{*store}
+}

cmd/main.go

@@ -0,0 +1,82 @@
+package main
+
+import (
+	"encoding/gob"
+	"log"
+	"net/http"
+	"os"
+
+	"streifling.com/jason/cpolis/cmd/control"
+	"streifling.com/jason/cpolis/cmd/model"
+	"streifling.com/jason/cpolis/cmd/view"
+)
+
+func init() {
+	gob.Register(model.User{})
+}
+
+func main() {
+	args, err := control.HandleCliArgs()
+	if err != nil {
+		log.Fatalln(err)
+	}
+
+	logFile, err := os.OpenFile(args.LogFile, os.O_WRONLY|os.O_CREATE|os.O_APPEND, 0644)
+	if err != nil {
+		log.Fatalln(err)
+	}
+	defer logFile.Close()
+	log.SetOutput(logFile)
+
+	db, err := model.OpenDB(args.DBName)
+	if err != nil {
+		log.Fatalln(err)
+	}
+	defer db.Close()
+
+	key, err := control.LoadKey(args.KeyFile)
+	if err != nil {
+		key, err = control.NewKey()
+		if err != nil {
+			log.Fatalln(err)
+		}
+		control.SaveKey(key, args.KeyFile)
+	}
+	store := control.NewCookieStore(key)
+
+	mux := http.NewServeMux()
+	mux.Handle("/web/static/", http.StripPrefix("/web/static/",
+		http.FileServer(http.Dir(args.WebDir+"/static/"))))
+	mux.HandleFunc("/", view.HomePage(args, db, store))
+
+	mux.HandleFunc("GET /create-tag/", view.CreateTag(args))
+	mux.HandleFunc("GET /create-user/", view.CreateUser(args))
+	mux.HandleFunc("GET /edit-user/", view.EditUser(args, db, store))
+	mux.HandleFunc("GET /hub/", view.ShowHub(args, db, store))
+	mux.HandleFunc("GET /logout/", view.Logout(args, store))
+	mux.HandleFunc("GET /publish-issue/", view.PublishLatestIssue(args, db, store))
+	mux.HandleFunc("GET /rejected-articles/", view.ShowRejectedArticles(args, db, store))
+	mux.HandleFunc("GET /rss/", view.ShowRSS(args,
+		db,
+		"Freimaurer Distrikt Niedersachsen und Sachsen-Anhalt",
+		"https://distrikt-ni-st.de",
+		"Freiheit, Gleichheit, Brüderlichkeit, Toleranz und Humanität",
+	))
+	mux.HandleFunc("GET /this-issue/", view.ShowCurrentArticles(args, db))
+	mux.HandleFunc("GET /unpublished-articles/", view.ShowUnpublishedArticles(args, db))
+	mux.HandleFunc("GET /write-article/", view.WriteArticle(args, db))
+
+	mux.HandleFunc("POST /add-tag/", view.AddTag(args, db, store))
+	mux.HandleFunc("POST /add-user/", view.AddUser(args, db, store))
+	mux.HandleFunc("POST /login/", view.Login(args, db, store))
+	mux.HandleFunc("POST /publish-article/", view.PublishArticle(args, db, store))
+	mux.HandleFunc("POST /reject-article/", view.RejectArticle(args, db, store))
+	mux.HandleFunc("POST /resubmit-article/", view.ResubmitArticle(args, db, store))
+	mux.HandleFunc("POST /review-rejected-article/", view.ReviewRejectedArticle(args, db, store))
+	mux.HandleFunc("POST /review-unpublished-article/", view.ReviewUnpublishedArticle(args, db, store))
+	mux.HandleFunc("POST /submit-article/", view.SubmitArticle(args, db, store))
+	mux.HandleFunc("POST /update-user/", view.UpdateUser(args, db, store))
+	mux.HandleFunc("POST /upload-image/", view.UploadImage(args))
+
+	log.Fatalln(http.ListenAndServe(":8080", mux))
+}

cmd/model/articles.go

@@ -0,0 +1,258 @@
+package model
+
+import (
+	"context"
+	"database/sql"
+	"fmt"
+	"log"
+	"time"
+)
+
+type Article struct {
+	Title       string
+	Created     time.Time
+	Description string
+	Content     string
+	Published   bool
+	Rejected    bool
+	ID          int64
+	AuthorID    int64
+	IssueID     int64
+}
+
+func (db *DB) AddArticle(a *Article) (int64, error) {
+	var id int64
+	txOptions := &sql.TxOptions{Isolation: sql.LevelSerializable}
+	selectQuery := "SELECT id FROM issues WHERE published = false"
+	insertQuery := `
+    INSERT INTO articles
+        (title, description, content, published, rejected, author_id, issue_id)
+    VALUES (?, ?, ?, ?, ?, ?, ?)
+    `
+
+	for i := 0; i < TxMaxRetries; i++ {
+		id, err := func() (int64, error) {
+			tx, err := db.BeginTx(context.Background(), txOptions)
+			if err != nil {
+				return 0, fmt.Errorf("error starting transaction: %v", err)
+			}
+
+			if err = tx.QueryRow(selectQuery).Scan(&id); err != nil {
+				if rollbackErr := tx.Rollback(); rollbackErr != nil {
+					log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+				}
+				return 0, fmt.Errorf("error getting issue ID when adding article to DB: %v", err)
+			}
+
+			result, err := tx.Exec(insertQuery, a.Title, a.Description,
+				a.Content, a.Published, a.Rejected, a.AuthorID, id)
+			if err != nil {
+				if rollbackErr := tx.Rollback(); rollbackErr != nil {
+					log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+				}
+				return 0, fmt.Errorf("error inserting article into DB: %v", err)
+			}
+
+			id, err := result.LastInsertId()
+			if err != nil {
+				if rollbackErr := tx.Rollback(); rollbackErr != nil {
+					log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+				}
+				return 0, fmt.Errorf("error retrieving ID of added article: %v", err)
+			}
+
+			if err = tx.Commit(); err != nil {
+				return 0, fmt.Errorf("error committing transaction when adding article to DB: %v", err)
+			}
+			return id, nil
+		}()
+		if err == nil {
+			return id, nil
+		}
+
+		log.Println(err)
+		wait(i)
+	}
+
+	return 0, fmt.Errorf("error: %v unsuccessful retries for DB operation, aborting", TxMaxRetries)
+}
+
+func (db *DB) GetArticle(id int64) (*Article, error) {
+	query := `
+    SELECT title, created, description, content, published, author_id
+    FROM articles
+    WHERE id = ?
+    `
+	row := db.QueryRow(query, id)
+
+	article := new(Article)
+	var created []byte
+	var err error
+
+	if err := row.Scan(&article.Title, &created, &article.Description,
+		&article.Content, &article.Published, &article.AuthorID); err != nil {
+		return nil, fmt.Errorf("error scanning article row: %v", err)
+	}
+
+	article.ID = id
+	article.Created, err = time.Parse("2006-01-02 15:04:05", string(created))
+	if err != nil {
+		return nil, fmt.Errorf("error parsing created: %v", err)
+	}
+
+	return article, nil
+}
+
+func (db *DB) GetCertainArticles(published, rejected bool) ([]*Article, error) {
+	query := `
+    SELECT id, title, created, description, content, author_id, issue_id
+    FROM articles
+    WHERE published = ?
+    AND rejected = ?
+    `
+	rows, err := db.Query(query, published, rejected)
+	if err != nil {
+		return nil, fmt.Errorf("error querying articles: %v", err)
+	}
+
+	articleList := make([]*Article, 0)
+	for rows.Next() {
+		article := new(Article)
+		var created []byte
+
+		if err = rows.Scan(&article.ID, &article.Title, &created,
+			&article.Description, &article.Content, &article.AuthorID,
+			&article.IssueID); err != nil {
+			return nil, fmt.Errorf("error scanning article row: %v", err)
+		}
+
+		article.Published = false
+		article.Created, err = time.Parse("2006-01-02 15:04:05", string(created))
+		if err != nil {
+			return nil, fmt.Errorf("error parsing created: %v", err)
+		}
+
+		articleList = append(articleList, article)
+	}
+
+	return articleList, nil
+}
+
+func (db *DB) GetCurrentIssueArticles() ([]*Article, error) {
+	var issueID int64
+	txOptions := &sql.TxOptions{Isolation: sql.LevelSerializable}
+	issueQuery := "SELECT id FROM issues WHERE published = false"
+	articlesQuery := `
+    SELECT id, title, created, description, content, author_id
+    FROM articles
+    WHERE issue_id = ? AND published = true
+    `
+
+	for i := 0; i < TxMaxRetries; i++ {
+		id, err := func() ([]*Article, error) {
+			tx, err := db.BeginTx(context.Background(), txOptions)
+			if err != nil {
+				return nil, fmt.Errorf("error starting transaction: %v", err)
+			}
+
+			row := tx.QueryRow(issueQuery)
+			if err := row.Scan(&issueID); err != nil {
+				if rollbackErr := tx.Rollback(); rollbackErr != nil {
+					log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+				}
+				return nil, fmt.Errorf("error querying DB for unpublished issue: %v", err)
+			}
+
+			rows, err := tx.Query(articlesQuery, issueID)
+			if err != nil {
+				if rollbackErr := tx.Rollback(); rollbackErr != nil {
+					log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+				}
+				return nil, fmt.Errorf("error querying DB for articles of issue %v: %v", issueID, err)
+			}
+
+			articleList := make([]*Article, 0)
+			for rows.Next() {
+				article := new(Article)
+				var created []byte
+
+				if err = rows.Scan(&article.ID, &article.Title, &created,
+					&article.Description, &article.Content, &article.AuthorID); err != nil {
+					if rollbackErr := tx.Rollback(); rollbackErr != nil {
+						log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+					}
+					return nil, fmt.Errorf("error scanning article from issue %v: %v", issueID, err)
+				}
+
+				article.Created, err = time.Parse("2006-01-02 15:04:05", string(created))
+				if err != nil {
+					if rollbackErr := tx.Rollback(); rollbackErr != nil {
+						log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+					}
+					return nil, fmt.Errorf("error parsing created: %v", err)
+				}
+
+				articleList = append(articleList, article)
+			}
+
+			if err = tx.Commit(); err != nil {
+				return nil, fmt.Errorf("error committing transaction when getting articles of issue %v: %v", issueID, err)
+			}
+
+			return articleList, nil
+		}()
+		if err == nil {
+			return id, nil
+		}
+
+		log.Println(err)
+		wait(i)
+	}
+
+	return nil, fmt.Errorf("error: %v unsuccessful retries for DB operation, aborting", TxMaxRetries)
+}
+
+func (db *DB) AddArticleToCurrentIssue(id int64) error {
+	var issueID int64
+	txOptions := &sql.TxOptions{Isolation: sql.LevelSerializable}
+	selectQuery := "SELECT id FROM issues WHERE published = false"
+	updateQuery := "UPDATE articles SET issue_id = ? WHERE id = ?"
+
+	for i := 0; i < TxMaxRetries; i++ {
+		err := func() error {
+			tx, err := db.BeginTx(context.Background(), txOptions)
+			if err != nil {
+				return fmt.Errorf("error starting transaction: %v", err)
+			}
+
+			if err = tx.QueryRow(selectQuery).Scan(&issueID); err != nil {
+				if rollbackErr := tx.Rollback(); rollbackErr != nil {
+					log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+				}
+				return fmt.Errorf("error scanning row: %v", err)
+			}
+
+			_, err = db.Exec(updateQuery, issueID, id)
+			if err != nil {
+				if rollbackErr := tx.Rollback(); rollbackErr != nil {
+					log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+				}
+				return fmt.Errorf("error updating issueID for article: %v", err)
+			}
+
+			if err = tx.Commit(); err != nil {
+				return fmt.Errorf("error committing transaction when getting articles of issue %v: %v", issueID, err)
+			}
+
+			return nil
+		}()
+		if err == nil {
+			return nil
+		}
+
+		log.Println(err)
+		wait(i)
+	}
+
+	return fmt.Errorf("error: %v unsuccessful retries for DB operation, aborting", TxMaxRetries)
+}

cmd/model/articles_tags.go

@@ -0,0 +1,107 @@
+package model
+
+import (
+	"fmt"
+	"log"
+)
+
+func (db *DB) WriteArticleTags(articleID int64, tagIDs []int64) error {
+	query := "INSERT INTO articles_tags (article_id, tag_id) VALUES (?, ?)"
+
+	for i := 0; i < TxMaxRetries; i++ {
+		err := func() error {
+			tx, err := db.Begin()
+			if err != nil {
+				return fmt.Errorf("error starting transaction: %v", err)
+			}
+
+			for _, tagID := range tagIDs {
+				if _, err := tx.Exec(query, articleID, tagID); err != nil {
+					if rollbackErr := tx.Rollback(); rollbackErr != nil {
+						log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+					}
+					return fmt.Errorf("error inserting into articles_tags: %v", err)
+				}
+			}
+
+			if err = tx.Commit(); err != nil {
+				return fmt.Errorf("error committing transaction: %v", err)
+			}
+			return nil
+		}()
+		if err == nil {
+			return nil
+		}
+
+		log.Println(err)
+		wait(i)
+	}
+	return fmt.Errorf("error: %v unsuccessful retries for DB operation, aborting", TxMaxRetries)
+}
+
+func (db *DB) GetArticleTags(articleID int64) ([]*Tag, error) {
+	query := `
+    SELECT t.id, t.name
+    FROM articles a
+    INNER JOIN articles_tags at ON a.id = at.article_id
+    INNER JOIN tags t ON at.tag_id = t.id
+    WHERE a.id = ?
+    `
+	rows, err := db.Query(query, articleID)
+	if err != nil {
+		return nil, fmt.Errorf("error querying articles_tags: %v", err)
+	}
+
+	tags := make([]*Tag, 0)
+	for rows.Next() {
+		tag := new(Tag)
+		if err = rows.Scan(&tag.ID, &tag.Name); err != nil {
+			return nil, fmt.Errorf("error scanning rows: %v", err)
+		}
+		tags = append(tags, tag)
+	}
+
+	return tags, nil
+}
+
+func (db *DB) UpdateArticleTags(articleID int64, tagIDs []int64) error {
+	deleteQuery := "DELETE FROM articles_tags WHERE article_id = ?"
+	insertQuery := "INSERT INTO articles_tags (article_id, tag_id) VALUES (?, ?)"
+
+	for i := 0; i < TxMaxRetries; i++ {
+		err := func() error {
+			tx, err := db.Begin()
+			if err != nil {
+				return fmt.Errorf("error starting transaction: %v", err)
+			}
+
+			if _, err := tx.Exec(deleteQuery, articleID); err != nil {
+				if rollbackErr := tx.Rollback(); rollbackErr != nil {
+					log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+				}
+				return fmt.Errorf("error deleting entries from articles_tags before inserting new ones: %v", err)
+			}
+
+			for _, tagID := range tagIDs {
+				if _, err := tx.Exec(insertQuery, articleID, tagID); err != nil {
+					if rollbackErr := tx.Rollback(); rollbackErr != nil {
+						log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+					}
+					return fmt.Errorf("error inserting new entries into articles_tags: %v", err)
+				}
+			}
+
+			if err = tx.Commit(); err != nil {
+				return fmt.Errorf("error committing transaction: %v", err)
+			}
+			return nil
+		}()
+		if err == nil {
+			return nil
+		}
+
+		log.Println(err)
+		wait(i)
+	}
+	return fmt.Errorf("error: %v unsuccessful retries for DB operation, aborting", TxMaxRetries)
+}

cmd/model/db.go

@@ -0,0 +1,167 @@
+package model
+
+import (
+	"bufio"
+	"database/sql"
+	"fmt"
+	"log"
+	"math"
+	"math/rand/v2"
+	"os"
+	"strings"
+	"syscall"
+	"time"
+
+	"github.com/go-sql-driver/mysql"
+	"golang.org/x/term"
+)
+
+var TxMaxRetries = 5
+
+type (
+	DB struct{ *sql.DB }
+	Tx struct{ *sql.Tx }
+
+	Attribute struct {
+		Value   any
+		Table   string
+		AttName string
+		ID      int64
+	}
+)
+
+func getUsername() (string, error) {
+	user := os.Getenv("DB_USER")
+	if user == "" {
+		var err error
+		fmt.Printf("DB Benutzer: ")
+		user, err = bufio.NewReader(os.Stdin).ReadString('\n')
+		if err != nil {
+			return "", fmt.Errorf("error reading username: %v", err)
+		}
+	}
+	return strings.TrimSpace(user), nil
+}
+
+func getPassword() (string, error) {
+	pass := os.Getenv("DB_PASS")
+	if pass == "" {
+		fmt.Printf("DB Passwort: ")
+		bytePass, err := term.ReadPassword(int(syscall.Stdin))
+		if err != nil {
+			return "", fmt.Errorf("error reading password: %v", err)
+		}
+		fmt.Println()
+		pass = strings.TrimSpace(string(bytePass))
+	}
+	return pass, nil
+}
+
+func getCredentials() (string, string, error) {
+	user, err := getUsername()
+	if err != nil {
+		return "", "", fmt.Errorf("error getting username: %v", err)
+	}
+
+	pass, err := getPassword()
+	if err != nil {
+		return "", "", fmt.Errorf("error getting password: %v", err)
+	}
+
+	return user, pass, nil
+}
+
+func wait(iteration int) {
+	waitTime := time.Duration(math.Pow(2, float64(iteration))) * 100 * time.Millisecond
+	jitter := time.Duration(rand.IntN(int(waitTime)/2)) * time.Millisecond
+	time.Sleep(waitTime + jitter)
+}
+
+func OpenDB(dbName string) (*DB, error) {
+	var err error
+	db := DB{DB: new(sql.DB)}
+
+	cfg := mysql.NewConfig()
+	cfg.DBName = dbName
+	cfg.User, cfg.Passwd, err = getCredentials()
+	if err != nil {
+		return nil, fmt.Errorf("error reading user credentials for DB: %v", err)
+	}
+
+	db.DB, err = sql.Open("mysql", cfg.FormatDSN())
+	if err != nil {
+		return nil, fmt.Errorf("error opening DB: %v", err)
+	}
+	if err = db.Ping(); err != nil {
+		return nil, fmt.Errorf("error pinging DB: %v", err)
+	}
+
+	return &db, nil
+}
+
+func (db *DB) UpdateAttributes(a ...*Attribute) error {
+	for i := 0; i < TxMaxRetries; i++ {
+		err := func() error {
+			tx, err := db.Begin()
+			if err != nil {
+				return fmt.Errorf("error starting transaction: %v", err)
+			}
+
+			for _, attribute := range a {
+				query := fmt.Sprintf(`
+                    UPDATE %s
+                    SET %s = ?
+                    WHERE id = ?
+                    `, attribute.Table, attribute.AttName)
+				if _, err := tx.Exec(query, attribute.Value, attribute.ID); err != nil {
+					if rollbackErr := tx.Rollback(); rollbackErr != nil {
+						log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+					}
+					return fmt.Errorf("error updating %v in DB: %v", attribute.AttName, err)
+				}
+			}
+
+			if err = tx.Commit(); err != nil {
+				return fmt.Errorf("error committing transaction: %v", err)
+			}
+			return nil
+		}()
+		if err == nil {
+			return nil
+		}
+
+		log.Println(err)
+		wait(i)
+	}
+	return fmt.Errorf("error: %v unsuccessful retries for DB operation, aborting", TxMaxRetries)
+}
+
+func (db *DB) CountEntries(table string) (int64, error) {
+	var count int64
+
+	query := fmt.Sprintf("SELECT COUNT(*) FROM %s", table)
+	row := db.QueryRow(query)
+	if err := row.Scan(&count); err != nil {
+		return 0, fmt.Errorf("error counting rows in user DB: %v", err)
+	}
+
+	return count, nil
+}
+
+func (tx *Tx) UpdateAttributes(a ...*Attribute) error {
+	for _, attribute := range a {
+		query := fmt.Sprintf(`
+            UPDATE %s
+            SET %s = ?
+            WHERE id = ?
+            `, attribute.Table, attribute.AttName)
+		if _, err := tx.Exec(query, attribute.Value, attribute.ID); err != nil {
+			if rollbackErr := tx.Rollback(); rollbackErr != nil {
+				log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+			}
+			return fmt.Errorf("error updating %v in DB: %v", attribute.AttName, err)
+		}
+	}
+
+	return nil
+}

cmd/model/issues.go

@@ -0,0 +1,65 @@
+package model
+
+import (
+	"context"
+	"database/sql"
+	"fmt"
+	"log"
+)
+
+func (db *DB) AddIssue() (int64, error) {
+	query := "INSERT INTO issues (published) VALUES (?)"
+	result, err := db.Exec(query, false)
+	if err != nil {
+		return 0, fmt.Errorf("error inserting issue into DB: %v", err)
+	}
+
+	id, err := result.LastInsertId()
+	if err != nil {
+		return 0, fmt.Errorf("error getting ID of added issue: %v", err)
+	}
+
+	return id, nil
+}
+
+func (db *DB) PublishLatestIssue() error {
+	txOptions := &sql.TxOptions{Isolation: sql.LevelSerializable}
+	updateQuery := "UPDATE issues SET published = true WHERE published = false"
+	insertQuery := "INSERT INTO issues (published) VALUES (?)"
+
+	for i := 0; i < TxMaxRetries; i++ {
+		err := func() error {
+			tx, err := db.BeginTx(context.Background(), txOptions)
+			if err != nil {
+				return fmt.Errorf("error starting transaction: %v", err)
+			}
+
+			if _, err := tx.Exec(updateQuery); err != nil {
+				if rollbackErr := tx.Rollback(); rollbackErr != nil {
+					log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+				}
+				return fmt.Errorf("error publishing issue: %v", err)
+			}
+
+			if _, err := tx.Exec(insertQuery, false); err != nil {
+				if rollbackErr := tx.Rollback(); rollbackErr != nil {
+					log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+				}
+				return fmt.Errorf("error inserting new issue into DB: %v", err)
+			}
+
+			if err = tx.Commit(); err != nil {
+				return fmt.Errorf("error committing transaction when publishing issue: %v", err)
+			}
+			return nil
+		}()
+		if err == nil {
+			return nil
+		}
+
+		log.Println(err)
+		wait(i)
+	}
+
+	return fmt.Errorf("error: %v unsuccessful retries for DB operation, aborting", TxMaxRetries)
+}

cmd/model/tags.go

@@ -0,0 +1,35 @@
+package model
+
+import "fmt"
+
+type Tag struct {
+	Name string
+	ID   int64
+}
+
+func (db *DB) AddTag(tagName string) error {
+	query := "INSERT INTO tags (name) VALUES (?)"
+	if _, err := db.Exec(query, tagName); err != nil {
+		return fmt.Errorf("error inserting tag into DB: %v", err)
+	}
+	return nil
+}
+
+func (db *DB) GetTagList() ([]*Tag, error) {
+	query := "SELECT id, name FROM tags"
+	rows, err := db.Query(query)
+	if err != nil {
+		return nil, fmt.Errorf("error querying tags: %v", err)
+	}
+
+	tagList := make([]*Tag, 0)
+	for rows.Next() {
+		tag := new(Tag)
+		if err = rows.Scan(&tag.ID, &tag.Name); err != nil {
+			return nil, fmt.Errorf("error scanning tag row: %v", err)
+		}
+		tagList = append(tagList, tag)
+	}
+
+	return tagList, nil
+}

cmd/model/users.go

@@ -0,0 +1,200 @@
+package model
+
+import (
+	"fmt"
+	"log"
+
+	"golang.org/x/crypto/bcrypt"
+)
+
+const (
+	Admin = iota
+	Publisher
+	Editor
+	Author
+)
+
+type User struct {
+	UserName  string
+	FirstName string
+	LastName  string
+	ID        int64
+	Role      int
+}
+
+func (db *DB) AddUser(u *User, pass string) (int64, error) {
+	hashedPass, err := bcrypt.GenerateFromPassword([]byte(pass), bcrypt.DefaultCost)
+	if err != nil {
+		return 0, fmt.Errorf("error creating password hash: %v", err)
+	}
+
+	query := `
+    INSERT INTO users (username, password, first_name, last_name, role)
+    VALUES (?, ?, ?, ?, ?)
+    `
+	result, err := db.Exec(query, u.UserName, string(hashedPass), u.FirstName, u.LastName, u.Role)
+	if err != nil {
+		return 0, fmt.Errorf("error inserting new user %v into DB: %v", u.UserName, err)
+	}
+	id, err := result.LastInsertId()
+	if err != nil {
+		return 0, fmt.Errorf("error inserting user into DB: %v", err)
+	}
+
+	return id, nil
+}
+
+func (db *DB) GetID(userName string) (int64, bool) {
+	var id int64
+
+	query := `
+    SELECT id
+    FROM users
+    WHERE username = ?
+    `
+	row := db.QueryRow(query, userName)
+	if err := row.Scan(&id); err != nil {
+		return 0, false
+	}
+
+	return id, true
+}
+
+func (db *DB) CheckPassword(id int64, pass string) error {
+	var queriedPass string
+
+	query := `
+    SELECT password
+    FROM users
+    WHERE id = ?
+    `
+	row := db.QueryRow(query, id)
+	if err := row.Scan(&queriedPass); err != nil {
+		return fmt.Errorf("error reading password from DB: %v", err)
+	}
+
+	if err := bcrypt.CompareHashAndPassword([]byte(queriedPass), []byte(pass)); err != nil {
+		return fmt.Errorf("incorrect password: %v", err)
+	}
+
+	return nil
+}
+
+func (tx *Tx) ChangePassword(id int64, oldPass, newPass string) error {
+	var queriedPass string
+	getQuery := `
+    SELECT password
+    FROM users
+    WHERE id = ?
+    `
+	row := tx.QueryRow(getQuery, id)
+	if err := row.Scan(&queriedPass); err != nil {
+		if rollbackErr := tx.Rollback(); rollbackErr != nil {
+			log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+		}
+		return fmt.Errorf("error reading password from DB: %v", err)
+	}
+
+	if err := bcrypt.CompareHashAndPassword([]byte(queriedPass), []byte(oldPass)); err != nil {
+		if rollbackErr := tx.Rollback(); rollbackErr != nil {
+			log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+		}
+		return fmt.Errorf("incorrect password: %v", err)
+	}
+
+	newHashedPass, err := bcrypt.GenerateFromPassword([]byte(newPass), bcrypt.DefaultCost)
+	if err != nil {
+		if rollbackErr := tx.Rollback(); rollbackErr != nil {
+			log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+		}
+		return fmt.Errorf("error creating password hash: %v", err)
+	}
+
+	setQuery := `
+    UPDATE users
+    SET password = ?
+    WHERE id = ?
+    `
+	if _, err = tx.Exec(setQuery, string(newHashedPass), id); err != nil {
+		if rollbackErr := tx.Rollback(); rollbackErr != nil {
+			log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+		}
+		return fmt.Errorf("error updating password in DB: %v", err)
+	}
+
+	return nil
+}
+
+// TODO: No need for ID field in general
+func (db *DB) GetUser(id int64) (*User, error) {
+	user := new(User)
+	query := `
+    SELECT id, username, first_name, last_name, role
+    FROM users
+    WHERE id = ?
+    `
+
+	row := db.QueryRow(query, id)
+	if err := row.Scan(&user.ID, &user.UserName, &user.FirstName,
+		&user.LastName, &user.Role); err != nil {
+		return nil, fmt.Errorf("error reading user information: %v", err)
+	}
+
+	return user, nil
+}
+
+func (db *DB) UpdateUserAttributes(id int64, user, first, last, oldPass, newPass, newPass2 string) error {
+	passwordEmpty := true
+	if len(newPass) > 0 || len(newPass2) > 0 {
+		if newPass != newPass2 {
+			return fmt.Errorf("error: passwords do not match")
+		}
+		passwordEmpty = false
+	}
+
+	tx := new(Tx)
+	var err error
+
+	for i := 0; i < TxMaxRetries; i++ {
+		err := func() error {
+			tx.Tx, err = db.Begin()
+			if err != nil {
+				return fmt.Errorf("error starting transaction: %v", err)
+			}
+
+			if !passwordEmpty {
+				if err = tx.ChangePassword(id, oldPass, newPass); err != nil {
+					if rollbackErr := tx.Rollback(); rollbackErr != nil {
+						log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+					}
+					return fmt.Errorf("error changing password: %v", err)
+				}
+			}
+
+			if err = tx.UpdateAttributes(
+				&Attribute{Table: "users", ID: id, AttName: "username", Value: user},
+				&Attribute{Table: "users", ID: id, AttName: "first_name", Value: first},
+				&Attribute{Table: "users", ID: id, AttName: "last_name", Value: last},
+			); err != nil {
+				if rollbackErr := tx.Rollback(); rollbackErr != nil {
+					log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+				}
+				return fmt.Errorf("error updating attributes in DB: %v", err)
+			}
+
+			if err = tx.Commit(); err != nil {
+				return fmt.Errorf("error committing transaction: %v", err)
+			}
+
+			return nil
+		}()
+		if err == nil {
+			return nil
+		}
+
+		log.Println(err)
+		wait(i)
+	}
+
+	return fmt.Errorf("error: %v unsuccessful retries for DB operation, aborting", TxMaxRetries)
+}

cmd/view/articles.go

@@ -0,0 +1,406 @@
+package view
+
+import (
+	"fmt"
+	"html/template"
+	"io"
+	"log"
+	"net/http"
+	"os"
+	"strconv"
+	"time"
+
+	"streifling.com/jason/cpolis/cmd/control"
+	"streifling.com/jason/cpolis/cmd/model"
+)
+
+func ShowHub(c *control.CliArgs, db *model.DB, s *control.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		session, err := s.Get(r, "cookie")
+		if err != nil {
+			tmpl, err := template.ParseFiles(c.WebDir + "/templates/login.html")
+			msg := "Session nicht mehr gültig. Bitte erneut anmelden."
+			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", msg)
+		}
+
+		tmpl, err := template.ParseFiles(c.WebDir + "/templates/hub.html")
+		template.Must(tmpl, err).ExecuteTemplate(w, "page-content", session.Values["role"].(int))
+	}
+}
+
+func WriteArticle(c *control.CliArgs, db *model.DB) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		tags, err := db.GetTagList()
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		tmpl, err := template.ParseFiles(c.WebDir + "/templates/editor.html")
+		template.Must(tmpl, err).ExecuteTemplate(w, "page-content", tags)
+	}
+}
+
+func SubmitArticle(c *control.CliArgs, db *model.DB, s *control.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		session, err := s.Get(r, "cookie")
+		if err != nil {
+			tmpl, err := template.ParseFiles(c.WebDir + "/templates/login.html")
+			msg := "Session nicht mehr gültig. Bitte erneut anmelden."
+			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", msg)
+		}
+
+		article := &model.Article{
+			Title:       r.PostFormValue("article-title"),
+			Description: r.PostFormValue("article-description"),
+			Content:     r.PostFormValue("article-content"),
+			Published:   false,
+			Rejected:    false,
+			AuthorID:    session.Values["id"].(int64),
+		}
+
+		article.ID, err = db.AddArticle(article)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		r.ParseForm()
+		tags := make([]int64, 0)
+		for _, tag := range r.Form["tags"] {
+			tagID, err := strconv.ParseInt(tag, 10, 64)
+			if err != nil {
+				log.Println(err)
+				http.Error(w, err.Error(), http.StatusInternalServerError)
+				return
+			}
+			tags = append(tags, tagID)
+		}
+		if err = db.WriteArticleTags(article.ID, tags); err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		tmpl, err := template.ParseFiles(c.WebDir + "/templates/hub.html")
+		tmpl = template.Must(tmpl, err)
+		tmpl.ExecuteTemplate(w, "page-content", session.Values["role"])
+	}
+}
+
+func ResubmitArticle(c *control.CliArgs, db *model.DB, s *control.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		id, err := strconv.ParseInt(r.PostFormValue("article-id"), 10, 64)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		title := r.PostFormValue("article-title")
+		description := r.PostFormValue("article-description")
+		content := r.PostFormValue("article-content")
+
+		if err = db.UpdateAttributes(
+			&model.Attribute{Table: "articles", ID: id, AttName: "title", Value: title},
+			&model.Attribute{Table: "articles", ID: id, AttName: "description", Value: description},
+			&model.Attribute{Table: "articles", ID: id, AttName: "content", Value: content},
+			&model.Attribute{Table: "articles", ID: id, AttName: "rejected", Value: false},
+		); err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		r.ParseForm()
+		tags := make([]int64, 0)
+		for _, tag := range r.Form["tags"] {
+			tagID, err := strconv.ParseInt(tag, 10, 64)
+			if err != nil {
+				log.Println(err)
+				http.Error(w, err.Error(), http.StatusInternalServerError)
+				return
+			}
+			tags = append(tags, tagID)
+		}
+		if err = db.UpdateArticleTags(id, tags); err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		session, err := s.Get(r, "cookie")
+		if err != nil {
+			tmpl, err := template.ParseFiles(c.WebDir + "/templates/login.html")
+			msg := "Session nicht mehr gültig. Bitte erneut anmelden."
+			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", msg)
+		}
+
+		tmpl, err := template.ParseFiles(c.WebDir + "/templates/hub.html")
+		tmpl = template.Must(tmpl, err)
+		tmpl.ExecuteTemplate(w, "page-content", session.Values["role"])
+	}
+}
+
+func ShowUnpublishedArticles(c *control.CliArgs, db *model.DB) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		unpublishedArticles, err := db.GetCertainArticles(false, false)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		tmpl, err := template.ParseFiles(c.WebDir + "/templates/unpublished-articles.html")
+		tmpl = template.Must(tmpl, err)
+		tmpl.ExecuteTemplate(w, "page-content", unpublishedArticles)
+	}
+}
+
+func ShowRejectedArticles(c *control.CliArgs, db *model.DB, s *control.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		type htmlData struct {
+			MyIDs            map[int64]bool
+			RejectedArticles []*model.Article
+		}
+		data := new(htmlData)
+
+		session, err := s.Get(r, "cookie")
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		data.RejectedArticles, err = db.GetCertainArticles(false, true)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		data.MyIDs = make(map[int64]bool)
+		for _, article := range data.RejectedArticles {
+			if article.AuthorID == session.Values["id"].(int64) {
+				data.MyIDs[article.ID] = true
+			}
+		}
+
+		tmpl, err := template.ParseFiles(c.WebDir + "/templates/rejected-articles.html")
+		tmpl = template.Must(tmpl, err)
+		tmpl.ExecuteTemplate(w, "page-content", data)
+	}
+}
+
+func ReviewUnpublishedArticle(c *control.CliArgs, db *model.DB, s *control.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		type htmlData struct {
+			Article *model.Article
+			Tags    []*model.Tag
+		}
+		data := new(htmlData)
+
+		id, err := strconv.ParseInt(r.PostFormValue("id"), 10, 64)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		data.Article, err = db.GetArticle(id)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		data.Tags, err = db.GetArticleTags(id)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		tmpl, err := template.ParseFiles(c.WebDir + "/templates/to-be-published.html")
+		tmpl = template.Must(tmpl, err)
+		tmpl.ExecuteTemplate(w, "page-content", data)
+	}
+}
+
+func ReviewRejectedArticle(c *control.CliArgs, db *model.DB, s *control.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		type htmlData struct {
+			Selected map[int64]bool
+			Article  *model.Article
+			Tags     []*model.Tag
+		}
+		data := new(htmlData)
+
+		id, err := strconv.ParseInt(r.PostFormValue("id"), 10, 64)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		data.Article, err = db.GetArticle(id)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		data.Tags, err = db.GetTagList()
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		selectedTags, err := db.GetArticleTags(id)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+		data.Selected = make(map[int64]bool)
+		for _, tag := range selectedTags {
+			data.Selected[tag.ID] = true
+		}
+
+		tmpl, err := template.ParseFiles(c.WebDir + "/templates/rework-article.html")
+		tmpl = template.Must(tmpl, err)
+		tmpl.ExecuteTemplate(w, "page-content", data)
+	}
+}
+
+func PublishArticle(c *control.CliArgs, db *model.DB, s *control.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		id, err := strconv.ParseInt(r.PostFormValue("id"), 10, 64)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		session, err := s.Get(r, "cookie")
+		if err != nil {
+			tmpl, err := template.ParseFiles(c.WebDir + "/templates/login.html")
+			msg := "Session nicht mehr gültig. Bitte erneut anmelden."
+			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", msg)
+		}
+
+		if err = db.AddArticleToCurrentIssue(id); err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		if err = db.UpdateAttributes(
+			&model.Attribute{Table: "articles", ID: id, AttName: "published", Value: true},
+			&model.Attribute{Table: "articles", ID: id, AttName: "rejected", Value: false},
+			&model.Attribute{Table: "articles", ID: id, AttName: "created", Value: time.Now().Format("2006-01-02 15:04:05")},
+		); err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		feed, err := control.GenerateRSS(
+			db,
+			"Freimaurer Distrikt Niedersachsen und Sachsen-Anhalt",
+			"https://distrikt-ni-st.de",
+			"Freiheit, Gleichheit, Brüderlichkeit, Toleranz und Humanität",
+		)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+		if err = control.SaveRSS("tmp/orientexpress_alle.rss", feed); err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		tmpl, err := template.ParseFiles(c.WebDir + "/templates/hub.html")
+		tmpl = template.Must(tmpl, err)
+		tmpl.ExecuteTemplate(w, "page-content", session.Values["role"])
+	}
+}
+
+func RejectArticle(c *control.CliArgs, db *model.DB, s *control.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		id, err := strconv.ParseInt(r.PostFormValue("id"), 10, 64)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		session, err := s.Get(r, "cookie")
+		if err != nil {
+			tmpl, err := template.ParseFiles(c.WebDir + "/templates/login.html")
+			msg := "Session nicht mehr gültig. Bitte erneut anmelden."
+			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", msg)
+		}
+
+		if err = db.UpdateAttributes(
+			&model.Attribute{Table: "articles", ID: id, AttName: "rejected", Value: true},
+		); err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		tmpl, err := template.ParseFiles(c.WebDir + "/templates/hub.html")
+		tmpl = template.Must(tmpl, err)
+		tmpl.ExecuteTemplate(w, "page-content", session.Values["role"])
+	}
+}
+
+func ShowCurrentArticles(c *control.CliArgs, db *model.DB) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		articles, err := db.GetCurrentIssueArticles()
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		tmpl, err := template.ParseFiles(c.WebDir + "/templates/current-articles.html")
+		template.Must(tmpl, err).ExecuteTemplate(w, "page-content", articles)
+	}
+}
+
+func UploadImage(c *control.CliArgs) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		file, header, err := r.FormFile("article-image")
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+		defer file.Close()
+
+		filename := fmt.Sprint(c.PicsDir, time.Now().Format("2006-01-02_15:04:05"), "-", header.Filename)
+		img, err := os.Create(filename)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+		defer img.Close()
+
+		if _, err = io.Copy(img, file); err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		tmpl, err := template.ParseFiles(c.WebDir + "/templates/editor.html")
+		template.Must(tmpl, err).ExecuteTemplate(w, "editor-images", fmt.Sprint("![", header.Filename, "](", filename, ")"))
+	}
+}

cmd/view/editor.go

@@ -0,0 +1,33 @@
+package view
+
+import (
+	"html/template"
+	"net/http"
+
+	"streifling.com/jason/cpolis/cmd/control"
+	"streifling.com/jason/cpolis/cmd/model"
+)
+
+func CreateTag(c *control.CliArgs) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		tmpl, err := template.ParseFiles(c.WebDir + "/templates/add-tag.html")
+		template.Must(tmpl, err).ExecuteTemplate(w, "page-content", nil)
+	}
+}
+
+func AddTag(c *control.CliArgs, db *model.DB, s *control.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		db.AddTag(r.PostFormValue("tag"))
+
+		session, err := s.Get(r, "cookie")
+		if err != nil {
+			tmpl, err := template.ParseFiles(c.WebDir + "/templates/login.html")
+			msg := "Session nicht mehr gültig. Bitte erneut anmelden."
+			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", msg)
+		}
+
+		tmpl, err := template.ParseFiles(c.WebDir + "/templates/hub.html")
+		tmpl = template.Must(tmpl, err)
+		tmpl.ExecuteTemplate(w, "page-content", session.Values["role"])
+	}
+}

cmd/view/issues.go

@@ -0,0 +1,31 @@
+package view
+
+import (
+	"html/template"
+	"log"
+	"net/http"
+
+	"streifling.com/jason/cpolis/cmd/control"
+	"streifling.com/jason/cpolis/cmd/model"
+)
+
+func PublishLatestIssue(c *control.CliArgs, db *model.DB, s *control.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		if err := db.PublishLatestIssue(); err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		session, err := s.Get(r, "cookie")
+		if err != nil {
+			tmpl, err := template.ParseFiles(c.WebDir + "/templates/login.html")
+			msg := "Session nicht mehr gültig. Bitte erneut anmelden."
+			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", msg)
+		}
+
+		tmpl, err := template.ParseFiles(c.WebDir + "/templates/hub.html")
+		tmpl = template.Must(tmpl, err)
+		tmpl.ExecuteTemplate(w, "page-content", session.Values["role"])
+	}
+}

cmd/view/rss.go

@@ -0,0 +1,95 @@
+package view
+
+import (
+	"fmt"
+	"html/template"
+	"log"
+	"net/http"
+	"time"
+
+	"git.streifling.com/jason/rss"
+	"streifling.com/jason/cpolis/cmd/control"
+	"streifling.com/jason/cpolis/cmd/model"
+)
+
+func ShowRSS(c *control.CliArgs, db *model.DB, title, link, desc string) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		channel := &rss.Channel{
+			Title:       title,
+			Link:        link,
+			Description: desc,
+			Items:       make([]*rss.Item, 0),
+		}
+
+		articles, err := db.GetCertainArticles(true, false)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		for _, article := range articles {
+			tags, err := db.GetArticleTags(article.ID)
+			if err != nil {
+				log.Println(err)
+				http.Error(w, err.Error(), http.StatusInternalServerError)
+				return
+			}
+			tagNames := make([]string, 0)
+			for _, tag := range tags {
+				tagNames = append(tagNames, tag.Name)
+			}
+			tagNames = append(tagNames, fmt.Sprint("Orient Express ", article.IssueID))
+
+			user, err := db.GetUser(article.AuthorID)
+			if err != nil {
+				log.Println(err)
+				http.Error(w, err.Error(), http.StatusInternalServerError)
+				return
+			}
+
+			articleTitle, err := control.ConvertToPlain(article.Title)
+			if err != nil {
+				log.Println(err)
+				http.Error(w, err.Error(), http.StatusInternalServerError)
+				return
+			}
+
+			articleDescription, err := control.ConvertToPlain(article.Description)
+			if err != nil {
+				log.Println(err)
+				http.Error(w, err.Error(), http.StatusInternalServerError)
+				return
+			}
+
+			articleContent, err := control.ConvertToHTML(article.Content)
+			if err != nil {
+				log.Println(err)
+				http.Error(w, err.Error(), http.StatusInternalServerError)
+				return
+			}
+
+			channel.Items = append(channel.Items, &rss.Item{
+				Title:       articleTitle,
+				Author:      user.FirstName + user.LastName,
+				PubDate:     article.Created.Format(time.RFC1123Z),
+				Description: articleDescription,
+				Content:     &rss.Content{Value: articleContent},
+				Categories:  tagNames,
+			})
+		}
+
+		feed := rss.NewFeed()
+		feed.Channels = append(feed.Channels, channel)
+		rss, err := feed.ToXML()
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		files := []string{c.WebDir + "/templates/index.html", c.WebDir + "/templates/feed.rss"}
+		tmpl, err := template.ParseFiles(files...)
+		template.Must(tmpl, err).Execute(w, rss)
+	}
+}

cmd/view/sessions.go

@@ -0,0 +1,112 @@
+package view
+
+import (
+	"fmt"
+	"html/template"
+	"log"
+	"net/http"
+
+	"streifling.com/jason/cpolis/cmd/control"
+	"streifling.com/jason/cpolis/cmd/model"
+)
+
+func saveSession(w http.ResponseWriter, r *http.Request, s *control.CookieStore, u *model.User) error {
+	session, err := s.Get(r, "cookie")
+	if err != nil {
+		return fmt.Errorf("error getting session: %v", err)
+	}
+
+	session.Values["authenticated"] = true
+	session.Values["id"] = u.ID
+	session.Values["name"] = u.FirstName + u.LastName
+	session.Values["role"] = u.Role
+	if err := session.Save(r, w); err != nil {
+		return fmt.Errorf("error saving session: %v", err)
+	}
+
+	return nil
+}
+
+func HomePage(c *control.CliArgs, db *model.DB, s *control.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		numRows, err := db.CountEntries("users")
+		if err != nil {
+			log.Fatalln(err)
+		}
+
+		files := []string{c.WebDir + "/templates/index.html"}
+		if numRows == 0 {
+			files = append(files, c.WebDir+"/templates/add-user.html")
+			tmpl, err := template.ParseFiles(files...)
+			template.Must(tmpl, err).Execute(w, nil)
+		} else {
+			session, _ := s.Get(r, "cookie")
+			if auth, ok := session.Values["authenticated"].(bool); auth && ok {
+				files = append(files, c.WebDir+"/templates/hub.html")
+				tmpl, err := template.ParseFiles(files...)
+				template.Must(tmpl, err).Execute(w, session.Values["role"])
+			} else {
+				files = append(files, c.WebDir+"/templates/login.html")
+				tmpl, err := template.ParseFiles(files...)
+				template.Must(tmpl, err).Execute(w, nil)
+			}
+		}
+	}
+}
+
+func Login(c *control.CliArgs, db *model.DB, s *control.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		userName := r.PostFormValue("username")
+		password := r.PostFormValue("password")
+
+		id, ok := db.GetID(userName)
+		if !ok {
+			http.Error(w, fmt.Sprintf("no such user: %v", userName), http.StatusInternalServerError)
+			return
+		}
+
+		if err := db.CheckPassword(id, password); err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		user, err := db.GetUser(id)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		if err := saveSession(w, r, s, user); err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		tmpl, err := template.ParseFiles(c.WebDir + "/templates/hub.html")
+		template.Must(tmpl, err).ExecuteTemplate(w, "page-content", user.Role)
+	}
+}
+
+func Logout(c *control.CliArgs, s *control.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		session, err := s.Get(r, "cookie")
+		if err != nil {
+			tmpl, err := template.ParseFiles(c.WebDir + "/templates/login.html")
+			msg := "Session nicht mehr gültig. Bitte erneut anmelden."
+			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", msg)
+		}
+
+		session.Options.MaxAge = -1
+
+		if err = session.Save(r, w); err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		tmpl, err := template.ParseFiles(c.WebDir + "/templates/login.html")
+		template.Must(tmpl, err).ExecuteTemplate(w, "page-content", nil)
+	}
+}

cmd/view/users.go

@@ -0,0 +1,216 @@
+package view
+
+import (
+	"fmt"
+	"html/template"
+	"log"
+	"net/http"
+	"strconv"
+
+	"streifling.com/jason/cpolis/cmd/control"
+	"streifling.com/jason/cpolis/cmd/model"
+)
+
+type UserData struct {
+	*model.User
+	Msg string
+}
+
+func checkUserStrings(user *model.User) (string, int, bool) {
+	userLen := 15
+	nameLen := 50
+
+	if len(user.UserName) > userLen {
+		return "Benutzername", userLen, false
+	} else if len(user.FirstName) > nameLen {
+		return "Vorname", nameLen, false
+	} else if len(user.LastName) > nameLen {
+		return "Nachname", nameLen, false
+	} else {
+		return "", 0, true
+	}
+}
+
+func CreateUser(c *control.CliArgs) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		tmpl, err := template.ParseFiles(c.WebDir + "/templates/add-user.html")
+		template.Must(tmpl, err).ExecuteTemplate(w, "page-content", nil)
+	}
+}
+
+func AddUser(c *control.CliArgs, db *model.DB, s *control.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		role, err := strconv.Atoi(r.PostFormValue("role"))
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		htmlData := UserData{
+			User: &model.User{
+				UserName:  r.PostFormValue("username"),
+				FirstName: r.PostFormValue("first-name"),
+				LastName:  r.PostFormValue("last-name"),
+				Role:      role,
+			},
+		}
+		pass := r.PostFormValue("password")
+		pass2 := r.PostFormValue("password2")
+
+		if len(htmlData.UserName) == 0 || len(htmlData.FirstName) == 0 ||
+			len(htmlData.LastName) == 0 || len(pass) == 0 || len(pass2) == 0 {
+			htmlData.Msg = "Alle Felder müssen ausgefüllt werden."
+			tmpl, err := template.ParseFiles(c.WebDir + "/templates/add-user.html")
+			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", htmlData)
+			return
+		}
+		userString, stringLen, ok := checkUserStrings(htmlData.User)
+		if !ok {
+			htmlData.Msg = fmt.Sprint(userString, " ist zu lang. Maximal ",
+				stringLen, " Zeichen erlaubt.")
+			tmpl, err := template.ParseFiles(c.WebDir + "/templates/add-user.html")
+			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", htmlData)
+			return
+		}
+		id, _ := db.GetID(htmlData.UserName)
+		if id != 0 {
+			htmlData.Msg = fmt.Sprint(htmlData.UserName,
+				" ist bereits vergeben. Bitte anderen Benutzernamen wählen.")
+			tmpl, err := template.ParseFiles(c.WebDir + "/templates/add-user.html")
+			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", htmlData)
+			return
+		}
+		if pass != pass2 {
+			htmlData.Msg = "Die Passwörter stimmen nicht überein."
+			tmpl, err := template.ParseFiles(c.WebDir + "/templates/add-user.html")
+			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", htmlData)
+			return
+		}
+
+		htmlData.ID, err = db.AddUser(htmlData.User, pass)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		if htmlData.ID == 1 {
+			htmlData.Role = model.Admin
+
+			if err = db.UpdateAttributes(
+				&model.Attribute{Table: "users", ID: id, AttName: "role", Value: htmlData.Role},
+			); err != nil {
+				log.Println(err)
+				http.Error(w, err.Error(), http.StatusInternalServerError)
+				return
+			}
+
+			if err := saveSession(w, r, s, htmlData.User); err != nil {
+				log.Println(err)
+				http.Error(w, err.Error(), http.StatusInternalServerError)
+				return
+			}
+
+			if _, err := db.AddIssue(); err != nil {
+				log.Println(err)
+				http.Error(w, err.Error(), http.StatusInternalServerError)
+				return
+			}
+		}
+
+		tmpl, err := template.ParseFiles(c.WebDir + "/templates/hub.html")
+		template.Must(tmpl, err).ExecuteTemplate(w, "page-content", 0)
+	}
+}
+
+func EditUser(c *control.CliArgs, db *model.DB, s *control.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		session, err := s.Get(r, "cookie")
+		if err != nil {
+			tmpl, err := template.ParseFiles(c.WebDir + "/templates/login.html")
+			msg := "Session nicht mehr gültig. Bitte erneut anmelden."
+			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", msg)
+		}
+
+		user, err := db.GetUser(session.Values["id"].(int64))
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		tmpl, err := template.ParseFiles(c.WebDir + "/templates/edit-user.html")
+		template.Must(tmpl, err).ExecuteTemplate(w, "page-content", user)
+	}
+}
+
+func UpdateUser(c *control.CliArgs, db *model.DB, s *control.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		session, err := s.Get(r, "cookie")
+		if err != nil {
+			tmpl, err := template.ParseFiles(c.WebDir + "/templates/login.html")
+			msg := "Session nicht mehr gültig. Bitte erneut anmelden."
+			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", msg)
+		}
+
+		userData := UserData{
+			User: &model.User{
+				ID:        session.Values["id"].(int64),
+				UserName:  r.PostFormValue("username"),
+				FirstName: r.PostFormValue("first-name"),
+				LastName:  r.PostFormValue("last-name"),
+			},
+		}
+		oldPass := r.PostFormValue("old-password")
+		newPass := r.PostFormValue("password")
+		newPass2 := r.PostFormValue("password2")
+
+		if len(userData.UserName) == 0 || len(userData.FirstName) == 0 ||
+			len(userData.LastName) == 0 {
+			userData.Msg = "Alle Felder mit * müssen ausgefüllt sein."
+			tmpl, err := template.ParseFiles(c.WebDir + "/templates/edit-user.html")
+			tmpl = template.Must(tmpl, err)
+			tmpl.ExecuteTemplate(w, "page-content", userData.Msg)
+			return
+		}
+
+		userString, stringLen, ok := checkUserStrings(userData.User)
+		if !ok {
+			userData.Msg = fmt.Sprint(userString, " ist zu lang. Maximal ",
+				stringLen, " Zeichen erlaubt.")
+			tmpl, err := template.ParseFiles(c.WebDir + "/templates/edit-user.html")
+			tmpl = template.Must(tmpl, err)
+			tmpl.ExecuteTemplate(w, "page-content", userData)
+			return
+		}
+
+		if id, ok := db.GetID(userData.UserName); ok {
+			if id != userData.ID {
+				userData.Msg = "Benutzername bereits vergeben."
+				userData.UserName = ""
+				tmpl, err := template.ParseFiles(c.WebDir + "/templates/edit-user.html")
+				tmpl = template.Must(tmpl, err)
+				tmpl.ExecuteTemplate(w, "page-content", userData)
+				return
+			}
+		}
+
+		if err = db.UpdateUserAttributes(
+			userData.ID,
+			userData.UserName,
+			userData.FirstName,
+			userData.LastName,
+			oldPass,
+			newPass,
+			newPass2); err != nil {
+			userData.Msg = "Aktualisierung der Benutzerdaten fehlgeschlagen."
+			tmpl, err := template.ParseFiles(c.WebDir + "/templates/edit-user.html")
+			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", userData)
+		}
+
+		tmpl, err := template.ParseFiles(c.WebDir + "/templates/hub.html")
+		tmpl = template.Must(tmpl, err)
+		tmpl.ExecuteTemplate(w, "page-content", session.Values["role"].(int))
+	}
+}

go.mod

@@ -1,3 +1,21 @@
 module streifling.com/jason/cpolis
 
 go 1.22.0
+
+require (
+	git.streifling.com/jason/rss v0.0.0-20240305164907-524bf9676188
+	github.com/go-sql-driver/mysql v1.7.1
+	github.com/gorilla/sessions v1.2.2
+	github.com/microcosm-cc/bluemonday v1.0.26
+	github.com/yuin/goldmark v1.7.0
+	golang.org/x/crypto v0.14.0
+	golang.org/x/term v0.17.0
+)
+
+require (
+	github.com/aymerick/douceur v0.2.0 // indirect
+	github.com/gorilla/css v1.0.0 // indirect
+	github.com/gorilla/securecookie v1.1.2 // indirect
+	golang.org/x/net v0.17.0 // indirect
+	golang.org/x/sys v0.17.0 // indirect
+)

go.sum

@@ -0,0 +1,26 @@
+git.streifling.com/jason/rss v0.0.0-20240305164907-524bf9676188 h1:C8M/j3f+cl5Y7YfGpU/ynb/SC/4tTYMDsyGFt3rswM8=
+git.streifling.com/jason/rss v0.0.0-20240305164907-524bf9676188/go.mod h1:gpZF0nZbQSstMpyHD9DTAvlQEG7v4pjO5c7aIMWM4Jg=
+github.com/aymerick/douceur v0.2.0 h1:Mv+mAeH1Q+n9Fr+oyamOlAkUNPWPlA8PPGR0QAaYuPk=
+github.com/aymerick/douceur v0.2.0/go.mod h1:wlT5vV2O3h55X9m7iVYN0TBM0NH/MmbLnd30/FjWUq4=
+github.com/go-sql-driver/mysql v1.7.1 h1:lUIinVbN1DY0xBg0eMOzmmtGoHwWBbvnWubQUrtU8EI=
+github.com/go-sql-driver/mysql v1.7.1/go.mod h1:OXbVy3sEdcQ2Doequ6Z5BW6fXNQTmx+9S1MCJN5yJMI=
+github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
+github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/gorilla/css v1.0.0 h1:BQqNyPTi50JCFMTw/b67hByjMVXZRwGha6wxVGkeihY=
+github.com/gorilla/css v1.0.0/go.mod h1:Dn721qIggHpt4+EFCcTLTU/vk5ySda2ReITrtgBl60c=
+github.com/gorilla/securecookie v1.1.2 h1:YCIWL56dvtr73r6715mJs5ZvhtnY73hBvEF8kXD8ePA=
+github.com/gorilla/securecookie v1.1.2/go.mod h1:NfCASbcHqRSY+3a8tlWJwsQap2VX5pwzwo4h3eOamfo=
+github.com/gorilla/sessions v1.2.2 h1:lqzMYz6bOfvn2WriPUjNByzeXIlVzURcPmgMczkmTjY=
+github.com/gorilla/sessions v1.2.2/go.mod h1:ePLdVu+jbEgHH+KWw8I1z2wqd0BAdAQh/8LRvBeoNcQ=
+github.com/microcosm-cc/bluemonday v1.0.26 h1:xbqSvqzQMeEHCqMi64VAs4d8uy6Mequs3rQ0k/Khz58=
+github.com/microcosm-cc/bluemonday v1.0.26/go.mod h1:JyzOCs9gkyQyjs+6h10UEVSe02CGwkhd72Xdqh78TWs=
+github.com/yuin/goldmark v1.7.0 h1:EfOIvIMZIzHdB/R/zVrikYLPPwJlfMcNczJFMs1m6sA=
+github.com/yuin/goldmark v1.7.0/go.mod h1:uzxRWxtg69N339t3louHJ7+O03ezfj6PlliRlaOzY1E=
+golang.org/x/crypto v0.14.0 h1:wBqGXzWJW6m1XrIKlAH0Hs1JJ7+9KBwnIO8v66Q9cHc=
+golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4=
+golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM=
+golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=
+golang.org/x/sys v0.17.0 h1:25cE3gD+tdBA7lp7QfhuV+rJiE9YXTcS3VG1SqssI/Y=
+golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/term v0.17.0 h1:mkTF7LCd6WGJNL3K1Ad7kwxNfYAW6a8a8QqtMblp/4U=
+golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=

main.go

@@ -1,8 +0,0 @@
-package main
-
-import "net/http"
-
-func main() {
-	mux := http.NewServeMux()
-	http.ListenAndServe(":8080", mux)
-}

web/templates/add-tag.html

@@ -0,0 +1,10 @@
+{{define "page-content"}}
+<h2>Neuer Benutzer</h2>
+
+<form>
+    <input required name="tag" placeholder="Tag" type="text" />
+    <input type="submit" value="Anlegen" hx-post="/add-tag/" hx-target="#page-content" />
+</form>
+
+<button hx-get="/hub/" hx-target="#page-content">Abbrechen</button>
+{{end}}

web/templates/add-user.html

@@ -0,0 +1,37 @@
+{{define "page-content"}}
+<h2>Neuer Benutzer</h2>
+<form>
+    <div>
+        <input required name="username" placeholder="Benutzername" type="text" value="{{.UserName}}" />
+        <input required name="password" placeholder="Passwort" type="password" />
+        <input required name="password2" placeholder="Passwort wiederholen" type="password" />
+    </div>
+
+    <div>
+        <input required name="first-name" placeholder="Vorname" type="text" value="{{.FirstName}}" />
+        <input required name="last-name" placeholder="Nachname" type="text" value="{{.LastName}}" />
+    </div>
+
+    <div>
+        <input required id="author" name="role" type="radio" value="3" {{if eq .Role 3 }}checked{{end}} />
+        <label for="author">Autor</label>
+        <input required id="editor" name="role" type="radio" value="2" {{if eq .Role 2 }}checked{{end}} />
+        <label for="editor">Redakteur</label>
+        <input required id="publisher" name="role" type="radio" value="1" {{if eq .Role 1 }}checked{{end}} />
+        <label for="publisher">Herausgeber</label>
+        <input required id="admin" name="role" type="radio" value="0" {{if eq .Role 0 }}checked{{end}} />
+        <label for="admin">Admin</label>
+    </div>
+
+    <input type="submit" value="Anlegen" hx-post="/add-user/" hx-target="#page-content" />
+</form>
+
+<button hx-get="/hub/" hx-target="#page-content">Abbrechen</button>
+
+<script>
+    var msg = "{{.Msg}}";
+    if (msg != "") {
+        alert(msg);
+    }
+</script>
+{{end}}

web/templates/current-articles.html

@@ -0,0 +1,13 @@
+{{define "page-content"}}
+<div>
+    {{range .}}
+    <div>
+        <h1>{{.Title}}</h1>
+        <p>{{.Description}}</p>
+    </div>
+    {{end}}
+</div>
+
+<button hx-get="/publish-issue/" hx-target="#page-content">Ausgabe publizieren</button>
+<button hx-get="/hub/" hx-target="#page-content">Abbrechen</button>
+{{end}}

web/templates/edit-user.html

@@ -0,0 +1,19 @@
+{{define "page-content"}}
+<form>
+    <div>
+        <input name="username" type="text" value="{{.UserName}}" />
+        <input name="first-name" type="text" value="{{.FirstName}}" />
+        <input name="last-name" type="text" value="{{.LastName}}" />
+    </div>
+
+    <div>
+        <input name="old-password" placeholder="Altes Passwort" type="password" />
+        <input name="password" placeholder="Neues Passwort" type="password" />
+        <input name="password2" placeholder="Wiederholen" type="password" />
+    </div>
+
+    <input type="submit" value="Aktualisieren" hx-post="/update-user/" hx-target="#page-content" />
+</form>
+
+<button hx-get="/hub/" hx-target="#page-content">Abbrechen</button>
+{{end}}

web/templates/editor.html

@@ -0,0 +1,57 @@
+{{define "page-content"}}
+<h2>Editor</h2>
+<form>
+    <div>
+        <input name="article-title" placeholder="Titel" type="text" />
+        <textarea name="article-description" placeholder="Beschreibung"></textarea>
+        <textarea name="article-content" placeholder="Artikel"></textarea>
+    </div>
+
+    <div>
+        {{range .}}
+        <div>
+            <input id="{{.Name}}" name="tags" type="checkbox" value="{{.ID}}" />
+            <label for="{{.Name}}">{{.Name}}</label>
+        </div>
+        {{end}}
+    </div>
+
+    <div id="editor-images">
+        <input name="article-image" type="file" hx-encoding="multipart/form-data" hx-post="/upload-image/"
+            hx-swap="beforeend" hx-target="#editor-images" />
+    </div>
+
+    <input type="submit" value="Senden" hx-post="/submit-article/" hx-target="#page-content" />
+</form>
+
+<button hx-get="/hub/" hx-target="#page-content">Abbrechen</button>
+
+<script>
+    function copyToClipboard(text) {
+        event.preventDefault(); // Get-Request verhindern
+
+        var textarea = document.createElement("textarea");
+        textarea.textContent = text;
+        document.body.appendChild(textarea);
+
+        textarea.select();
+        try {
+            document.execCommand('copy');
+        } catch (err) {
+            console.warn('Fehler beim Kopieren', err);
+        }
+
+        document.body.removeChild(textarea);
+    }
+
+</script>
+{{end}}
+
+{{define "editor-images"}}
+{{if gt (len .) 0}}
+<div>
+    {{.}}
+    <button onclick="copyToClipboard('{{.}}')">Kopieren</button>
+</div>
+{{end}}
+{{end}}

web/templates/feed.rss

@@ -0,0 +1,3 @@
+{{define "page-content"}}
+{{.}}
+{{end}}

web/templates/hub.html

@@ -0,0 +1,25 @@
+{{define "page-content"}}
+<h2>Hub</h2>
+<div>
+    <button hx-get="/write-article/" hx-target="#page-content">Artikel schreiben</button>
+    <button hx-get="/rejected-articles/" hx-target="#page-content">Abgelehnte Artikel</button>
+    <button hx-get="/rss/" hx-target="#page-content">RSS Feed</button>
+    <button hx-get="/edit-user/" hx-target="#page-content">Benutzer bearbeiten</button>
+</div>
+{{if lt . 3}}
+<div>
+    <button hx-get="/unpublished-articles/" hx-target="#page-content">Unveröffentlichte Artikel</button>
+    <button hx-get="/create-tag/" hx-target="#page-content">Neuer Tag</button>
+</div>
+{{end}}
+{{if lt . 2}}
+<div>
+    <button hx-get="/this-issue/" hx-target="#page-content">Diese Ausgabe</button>
+</div>
+{{end}}
+{{if eq . 0}}
+<div>
+    <button hx-get="/create-user/" hx-target="#page-content">Benutzer hinzufügen</button>
+</div>
+{{end}}
+{{end}}

web/templates/index.html

@@ -0,0 +1,30 @@
+<!DOCTYPE html>
+<html lang="de">
+
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1">
+    <title>Orient Editor</title>
+    <link href="web/static/css/style.css" rel="stylesheet">
+</head>
+
+<body>
+    <header>
+        <h1>Orient Editor</h1>
+        <button hx-get="logout" hx-target="#page-content">Abmelden</button>
+    </header>
+
+    <main>
+        <div id="page-content">
+            {{template "page-content" .}}
+        </div>
+
+        <script src="web/static/js/htmx.min.js"></script>
+    </main>
+
+    <footer>
+        <p>&copy; 2024 Jason Streifling. Alle Rechte vorbehalten.</p>
+    </footer>
+</body>
+
+</html>

web/templates/login.html

@@ -0,0 +1,11 @@
+{{define "page-content"}}
+<h2>Anmeldung</h2>
+<form>
+    <div>
+        <input name="username" placeholder="Benutzername" type="text" />
+        <input name="password" placeholder="Passwort" type="password" />
+    </div>
+
+    <input type="submit" value="Anmelden" hx-post="/login/" hx-target="#page-content" />
+</form>
+{{end}}

web/templates/rejected-articles.html

@@ -0,0 +1,18 @@
+{{define "page-content"}}
+<form>
+    <div>
+        {{range .RejectedArticles}}
+        <div>
+            {{if index $.MyIDs .ID}}
+            <input required id="{{.ID}}" name="id" type="radio" value="{{.ID}}" />
+            <label for="{{.ID}}">{{.Title}}</label>
+            {{end}}
+        </div>
+        {{end}}
+    </div>
+
+    <input type="submit" value="Auswählen" hx-post="/review-rejected-article/" hx-target="#page-content" />
+</form>
+
+<button hx-get="/hub/" hx-target="#page-content">Zurück</button>
+{{end}}

web/templates/rework-article.html

@@ -0,0 +1,25 @@
+{{define "page-content"}}
+<h2>Editor</h2>
+<form>
+    <div>
+        <input name="article-title" placeholder="Titel" type="text" value="{{.Article.Title}}" />
+        <textarea name="article-description" placeholder="Beschreibung">{{.Article.Description}}</textarea>
+        <textarea name="article-content" placeholder="Artikel">{{.Article.Content}}</textarea>
+        <input name="article-id" type="hidden" value="{{.Article.ID}}" />
+    </div>
+
+    <div>
+        {{range .Tags}}
+        <div>
+            <input id="tag-{{.Name}}" name="tags" type="checkbox" value="{{.ID}}" {{if index $.Selected
+                .ID}}checked{{end}} />
+            <label for="tag-{{.Name}}">{{.Name}}</label>
+        </div>
+        {{end}}
+    </div>
+
+    <input type="submit" value="Senden" hx-post="/resubmit-article/" hx-target="#page-content" />
+</form>
+
+<button hx-get="/hub/" hx-target="#page-content">Zurück</button>
+{{end}}

web/templates/to-be-published.html

@@ -0,0 +1,19 @@
+{{define "page-content"}}
+<form>
+    <h2>{{.Article.Title}}</h2>
+    <p>{{.Article.Description}}</p>
+    {{.Article.Content}}
+
+    <p>
+        {{range .Tags}}
+        {{.Name}}
+        {{end}}
+    </p>
+
+    <input name="id" type="hidden" value="{{.Article.ID}}" />
+    <input type="submit" value="Veröffentlichen" hx-post="/publish-article/" hx-target="#page-content" />
+    <input type="submit" value="Ablehnen" hx-post="/reject-article/" hx-target="#page-content" />
+</form>
+
+<button hx-get="/hub/" hx-target="#page-content">Zurück</button>
+{{end}}

web/templates/unpublished-articles.html

@@ -0,0 +1,16 @@
+{{define "page-content"}}
+<form>
+    <div>
+        {{range .}}
+        <div>
+            <input required id="{{.ID}}" name="id" type="radio" value="{{.ID}}" />
+            <label for="{{.ID}}">{{.Title}}</label>
+        </div>
+        {{end}}
+    </div>
+
+    <input type="submit" value="Auswählen" hx-post="/review-unpublished-article/" hx-target="#page-content" />
+</form>
+
+<button hx-get="/hub/" hx-target="#page-content">Zurück</button>
+{{end}}