Initial sessions implementation

cmd/data/articles.go

@@ -0,0 +1,89 @@
+package data
+
+import (
+	"sync"
+	"time"
+
+	"github.com/google/uuid"
+)
+
+type Article struct {
+	Title    string
+	Author   string
+	Created  time.Time
+	Desc     string
+	Content  string
+	Tags     []string
+	UUID     uuid.UUID
+	AuthorID int64
+}
+
+type ArticleList struct {
+	addCh chan *Article
+	delCh chan uuid.UUID
+	retCh chan *Article
+	getCh chan []Article
+	list  []*Article
+	wg    sync.WaitGroup
+}
+
+func minArticleList() *ArticleList {
+	return &ArticleList{
+		addCh: make(chan *Article),
+		delCh: make(chan uuid.UUID),
+		retCh: make(chan *Article),
+		getCh: make(chan []Article),
+	}
+}
+
+func (l *ArticleList) start() {
+	l.wg.Done()
+	for {
+		select {
+		case article := <-l.addCh:
+			l.list = append(l.list, article)
+		case uuid := <-l.delCh:
+			for i, article := range l.list {
+				if article.UUID == uuid {
+					l.list = append(l.list[:i], l.list[i+1:]...)
+					l.retCh <- article
+				}
+			}
+		case l.getCh <- func() []Article {
+			var list []Article
+			for _, article := range l.list {
+				list = append(list, *article)
+			}
+			return list
+		}():
+		}
+	}
+}
+
+func NewArticleList() *ArticleList {
+	list := minArticleList()
+	list.list = []*Article{}
+
+	list.wg.Add(1)
+	go list.start()
+	list.wg.Wait()
+
+	return list
+}
+
+func (l *ArticleList) Add(a *Article) {
+	l.addCh <- a
+}
+
+func (l *ArticleList) Release(uuid uuid.UUID) (*Article, bool) {
+	l.delCh <- uuid
+	article := <-l.retCh
+	if article == nil {
+		return nil, false
+	}
+	return article, true
+}
+
+func (l *ArticleList) Get() []Article {
+	return <-l.getCh
+}

cmd/data/db.go

@@ -34,7 +34,7 @@ func OpenDB(dbName string) (*DB, error) {
 	return &db, nil
 }
 
-func (db *DB) AddUser(user, pass, first, last string, writer, editor, admin bool) error {
+func (db *DB) AddUser(user User, pass string) error {
 	hashedPass, err := bcrypt.GenerateFromPassword([]byte(pass), bcrypt.DefaultCost)
 	if err != nil {
 		return fmt.Errorf("error creating password hash: %v", err)
@@ -42,11 +42,10 @@ func (db *DB) AddUser(user, pass, first, last string, writer, editor, admin bool
 
 	query := `
     INSERT INTO users
-        (username, password, first_name, last_name, writer, editor, admin)
-    VALUES
-        (?, ?, ?, ?, ?, ?, ?)
+        (username, password, first_name, last_name, role)
+    VALUES (?, ?, ?, ?, ?)
     `
-	_, err = db.Exec(query, user, string(hashedPass), first, last, writer, editor, admin)
+	_, err = db.Exec(query, user.UserName, string(hashedPass), user.FirstName, user.LastName, user.Role)
 	if err != nil {
 		return fmt.Errorf("error inserting user into DB: %v", err)
 	}
@@ -54,16 +53,15 @@ func (db *DB) AddUser(user, pass, first, last string, writer, editor, admin bool
 	return nil
 }
 
-func (db *DB) GetID(user string) (int64, error) {
+func (db *DB) GetID(userName string) (int64, error) {
 	var id int64
 
 	query := `
-    SELECT id FROM
-        users
-    WHERE
-        username = ?
+    SELECT id
+    FROM users
+    WHERE username = ?
     `
-	row := db.QueryRow(query, user)
+	row := db.QueryRow(query, userName)
 	if err := row.Scan(&id); err != nil {
 		return 0, fmt.Errorf("user not in DB: %v", err)
 	}
@@ -75,10 +73,9 @@ func (db *DB) CheckPassword(id int64, pass string) error {
 	var queriedPass string
 
 	query := `
-    SELECT password FROM
-        users
-    WHERE
-        id = ?
+    SELECT password
+    FROM users
+    WHERE id = ?
     `
 	row := db.QueryRow(query, id)
 	if err := row.Scan(&queriedPass); err != nil {
@@ -102,16 +99,45 @@ func (db *DB) ChangePassword(id int64, oldPass, newPass string) error {
 		return fmt.Errorf("error creating password hash: %v", err)
 	}
 
-	updateQuery := `
-    UPDATE users SET
-        password = ?
-    WHERE
-        id = ?
+	query := `
+    UPDATE users
+    SET password = ?
+    WHERE id = ?
     `
-	_, err = db.Exec(updateQuery, string(newHashedPass), id)
+	_, err = db.Exec(query, string(newHashedPass), id)
 	if err != nil {
 		return fmt.Errorf("error updating password in DB: %v", err)
 	}
 
 	return nil
 }
+
+func (db *DB) CountEntries() (int64, error) {
+	var count int64
+
+	query := `SELECT COUNT(*) FROM users`
+	row := db.QueryRow(query)
+	if err := row.Scan(&count); err != nil {
+		return 0, fmt.Errorf("error counting rows in user DB: %v", err)
+	}
+
+	return count, nil
+}
+
+// TODO: No need for ID field in general
+func (db *DB) GetUser(id int64) (*User, error) {
+	user := new(User)
+	query := `
+    SELECT id, username, first_name, last_name, role
+    FROM users
+    WHERE id = ?
+    `
+
+	row := db.QueryRow(query, id)
+	if err := row.Scan(&user.ID, &user.UserName, &user.FirstName,
+		&user.LastName, &user.Role); err != nil {
+		return nil, fmt.Errorf("error reading user information: %v", err)
+	}
+
+	return user, nil
+}

cmd/data/markdown.go

@@ -20,3 +20,16 @@ func ConvertToHTML(md string) (string, error) {
 
 	return html, nil
 }
+
+func ConvertToPlain(md string) (string, error) {
+	var buf bytes.Buffer
+
+	if err := goldmark.Convert([]byte(md), &buf); err != nil {
+		return "", fmt.Errorf("error converting markdown to html: %v", err)
+	}
+
+	p := bluemonday.StrictPolicy()
+	plain := p.Sanitize(buf.String())
+
+	return plain, nil
+}

cmd/data/rss.go

@@ -0,0 +1,106 @@
+package data
+
+import (
+	"encoding/gob"
+	"fmt"
+	"os"
+	"sync"
+
+	"github.com/gorilla/feeds"
+)
+
+type Feed struct {
+	addCh chan *feeds.Item
+	setCh chan feeds.Feed
+	getCh chan feeds.Feed
+	feed  feeds.Feed
+	wg    sync.WaitGroup
+}
+
+func minFeed() *Feed {
+	return &Feed{
+		addCh: make(chan *feeds.Item),
+		setCh: make(chan feeds.Feed),
+		getCh: make(chan feeds.Feed),
+	}
+}
+
+func (f *Feed) start() {
+	f.wg.Done()
+	for {
+		select {
+		case item := <-f.addCh:
+			f.feed.Items = append(f.feed.Items, item)
+		case f.getCh <- f.feed:
+		case f.feed = <-f.setCh:
+		}
+	}
+}
+
+func NewFeed(title, link, desc string) *Feed {
+	feed := minFeed()
+	feed.feed = feeds.Feed{
+		Title:       title,
+		Link:        &feeds.Link{Href: link},
+		Description: desc,
+	}
+
+	feed.wg.Add(1)
+	go feed.start()
+	feed.wg.Wait()
+
+	return feed
+}
+
+func (f *Feed) Get() feeds.Feed {
+	return <-f.getCh
+}
+
+func (f *Feed) Set(feed feeds.Feed) {
+	f.setCh <- feed
+}
+
+func OpenFeed(filename string) (*Feed, error) {
+	file, err := os.Open(filename)
+	if err != nil {
+		return nil, fmt.Errorf("error opening file %v: %v", filename, err)
+	}
+	defer file.Close()
+
+	feed := minFeed()
+	feed.wg.Add(1)
+	go feed.start()
+	feed.wg.Wait()
+
+	decoder := gob.NewDecoder(file)
+	tmpFeed := new(feeds.Feed)
+	err = decoder.Decode(tmpFeed)
+	if err != nil {
+		return nil, fmt.Errorf("error decoding file %v: %v", filename, err)
+	}
+
+	feed.Set(*tmpFeed)
+
+	return feed, nil
+}
+
+func (f *Feed) Save(filename string) error {
+	file, err := os.Create(filename)
+	if err != nil {
+		return fmt.Errorf("error creating file %v: %v", filename, err)
+	}
+	defer file.Close()
+
+	encoder := gob.NewEncoder(file)
+	feed := f.Get()
+	err = encoder.Encode(feed)
+	if err != nil {
+		return fmt.Errorf("error encoding file %v: %v", filename, err)
+	}
+
+	return nil
+}
+
+func (f *Feed) Add(i *feeds.Item) {
+	f.addCh <- i
+}

cmd/data/sessions.go

@@ -0,0 +1,66 @@
+package data
+
+import (
+	"crypto/rand"
+	"encoding/gob"
+	"fmt"
+	"io"
+	"os"
+
+	"github.com/gorilla/sessions"
+)
+
+type CookieStore struct {
+	sessions.CookieStore
+}
+
+func NewKey() ([]byte, error) {
+	key := make([]byte, 32)
+
+	_, err := io.ReadFull(rand.Reader, key)
+	if err != nil {
+		return nil, fmt.Errorf("error generating key: %v", err)
+	}
+
+	return key, nil
+}
+
+func SaveKey(key []byte, filename string) error {
+	file, err := os.Create(filename)
+	if err != nil {
+		return fmt.Errorf("error creating key file: %v", err)
+	}
+	defer file.Close()
+	file.Chmod(0600)
+
+	encoder := gob.NewEncoder(file)
+	err = encoder.Encode(key)
+	if err != nil {
+		return fmt.Errorf("error ecoding key: %v", err)
+	}
+
+	return nil
+}
+
+func LoadKey(filename string) ([]byte, error) {
+	file, err := os.Open(filename)
+	if err != nil {
+		return nil, fmt.Errorf("error opening key file: %v", err)
+	}
+
+	key := make([]byte, 32)
+	decoder := gob.NewDecoder(file)
+	err = decoder.Decode(&key)
+	if err != nil {
+		return nil, fmt.Errorf("error decoding key: %v", err)
+	}
+
+	return key, nil
+}
+
+func NewCookieStore(key []byte) *CookieStore {
+	store := sessions.NewCookieStore(key)
+	store.Options.Secure = true
+	store.Options.HttpOnly = true
+	return &CookieStore{*store}
+}

cmd/data/user.go

@@ -0,0 +1,16 @@
+package data
+
+const (
+	Admin = iota
+	Editor
+	Writer
+)
+
+type User struct {
+	UserName         string
+	FirstName        string
+	LastName         string
+	RejectedArticles []*Article
+	ID               int64
+	Role             int
+}

cmd/feed/rss.go

@@ -1,75 +0,0 @@
-package feed
-
-import (
-	"encoding/gob"
-	"fmt"
-	"os"
-	"time"
-
-	"github.com/gorilla/feeds"
-)
-
-type Feed struct {
-	feeds.Feed
-}
-
-func NewFeed(title, link, desc string) *Feed {
-	return &Feed{
-		Feed: feeds.Feed{
-			Title:       title,
-			Link:        &feeds.Link{Href: link},
-			Description: desc,
-		},
-	}
-}
-
-func SaveFeed(feed *Feed, filename string) error {
-	file, err := os.Create(filename)
-	if err != nil {
-		return fmt.Errorf("error creating file %v: %v", filename, err)
-	}
-	defer file.Close()
-
-	encoder := gob.NewEncoder(file)
-	err = encoder.Encode(feed)
-	if err != nil {
-		return fmt.Errorf("error encoding file %v: %v", filename, err)
-	}
-
-	return nil
-}
-
-func OpenFeed(filename string) (*Feed, error) {
-	file, err := os.Open(filename)
-	if err != nil {
-		return nil, fmt.Errorf("error opening file %v: %v", filename, err)
-	}
-	defer file.Close()
-
-	feed := &Feed{}
-	decoder := gob.NewDecoder(file)
-	err = decoder.Decode(feed)
-	if err != nil {
-		return nil, fmt.Errorf("error decoding file %v: %v", filename, err)
-	}
-
-	return feed, nil
-}
-
-func AddToFeed(feed *Feed, title, desc, content string) error {
-	item := feeds.Item{
-		Title:       title,
-		Created:     time.Now(),
-		Description: desc,
-		Content:     content,
-	}
-	feed.Add(&item)
-
-	rss, err := feed.ToRss()
-	if err != nil {
-		return fmt.Errorf("error converting feed to RSS: %v", err)
-	}
-	fmt.Println(rss)
-
-	return nil
-}

cmd/ui/admin.go

@@ -0,0 +1,105 @@
+package ui
+
+import (
+	"fmt"
+	"html/template"
+	"log"
+	"net/http"
+	"strconv"
+
+	"streifling.com/jason/cpolis/cmd/data"
+)
+
+type AddUserData struct {
+	Msg string
+	data.User
+}
+
+func inputsEmpty(user data.User, pass, pass2 string) bool {
+	return len(user.UserName) == 0 ||
+		len(user.FirstName) == 0 ||
+		len(user.LastName) == 0 ||
+		len(pass) == 0 ||
+		len(pass2) == 0
+}
+
+func checkUserStrings(user data.User) (string, int, bool) {
+	userLen := 15
+	nameLen := 50
+
+	if len(user.UserName) > userLen {
+		return "Benutzername", userLen, false
+	} else if len(user.FirstName) > nameLen {
+		return "Vorname", nameLen, false
+	} else if len(user.LastName) > nameLen {
+		return "Nachname", nameLen, false
+	} else {
+		return "", 0, true
+	}
+}
+
+func CreateUser() http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		tmpl, err := template.ParseFiles("web/templates/add-user.html")
+		template.Must(tmpl, err).ExecuteTemplate(w, "page-content", nil)
+	}
+}
+
+func AddUser(db *data.DB) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		role, err := strconv.Atoi(r.PostFormValue("role"))
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		htmlData := AddUserData{
+			User: data.User{
+				UserName:  r.PostFormValue("username"),
+				FirstName: r.PostFormValue("first-name"),
+				LastName:  r.PostFormValue("last-name"),
+				Role:      role,
+			},
+		}
+		pass := r.PostFormValue("password")
+		pass2 := r.PostFormValue("password2")
+
+		if inputsEmpty(htmlData.User, pass, pass2) {
+			htmlData.Msg = "Alle Felder müssen ausgefüllt werden."
+			tmpl, err := template.ParseFiles("web/templates/add-user.html")
+			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", htmlData)
+			return
+		}
+		userString, stringLen, ok := checkUserStrings(htmlData.User)
+		if !ok {
+			htmlData.Msg = fmt.Sprint(userString, " ist zu lang. Maximal ",
+				stringLen, " Zeichen erlaubt.")
+			tmpl, err := template.ParseFiles("web/templates/add-user.html")
+			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", htmlData)
+			return
+		}
+		id, _ := db.GetID(htmlData.UserName)
+		if id != 0 {
+			htmlData.Msg = fmt.Sprint(htmlData.UserName,
+				" ist bereits vergeben. Bitte anderen Benutzernamen wählen.")
+			tmpl, err := template.ParseFiles("web/templates/add-user.html")
+			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", htmlData)
+			return
+		}
+		if pass != pass2 {
+			htmlData.Msg = "Die Passwörter stimmen nicht überein."
+			tmpl, err := template.ParseFiles("web/templates/add-user.html")
+			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", htmlData)
+			return
+		}
+
+		if err := db.AddUser(htmlData.User, pass); err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+		tmpl, err := template.ParseFiles("web/templates/hub.html")
+		template.Must(tmpl, err).ExecuteTemplate(w, "page-content", nil)
+	}
+}

cmd/ui/articles.go

@@ -0,0 +1,153 @@
+package ui
+
+import (
+	"html/template"
+	"log"
+	"net/http"
+	"time"
+
+	"github.com/google/uuid"
+	"github.com/gorilla/feeds"
+	"streifling.com/jason/cpolis/cmd/data"
+)
+
+func ShowHub(s *data.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		session, err := s.Get(r, "cookie")
+		if err != nil {
+			tmpl, err := template.ParseFiles("web/templates/login.html")
+			msg := "Session nicht mehr gültig. Bitte erneut anmelden."
+			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", msg)
+		}
+
+		tmpl, err := template.ParseFiles("web/templates/hub.html")
+		template.Must(tmpl, err).ExecuteTemplate(w, "page-content", session.Values["role"])
+	}
+}
+
+func WriteArticle(w http.ResponseWriter, r *http.Request) {
+	tmpl, err := template.ParseFiles("web/templates/editor.html")
+	template.Must(tmpl, err).ExecuteTemplate(w, "page-content", nil)
+}
+
+func FinishArticle(l *data.ArticleList, s *data.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		article := new(data.Article)
+		var err error
+
+		article.Title, err = data.ConvertToPlain(r.PostFormValue("editor-title"))
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		article.Desc, err = data.ConvertToPlain(r.PostFormValue("editor-desc"))
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		article.Content, err = data.ConvertToHTML(r.PostFormValue("editor-text"))
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		session, err := s.Get(r, "cookie")
+		if err != nil {
+			tmpl, err := template.ParseFiles("web/templates/login.html")
+			msg := "Session nicht mehr gültig. Bitte erneut anmelden."
+			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", msg)
+		}
+
+		article.UUID = uuid.New()
+		article.Author = session.Values["name"].(string)
+		article.Created = time.Now()
+		article.AuthorID = session.Values["id"].(int64)
+
+		l.Add(article)
+
+		tmpl, err := template.ParseFiles("web/templates/hub.html")
+		tmpl = template.Must(tmpl, err)
+		tmpl.ExecuteTemplate(w, "page-content", session.Values["role"])
+	}
+}
+
+func ShowUnpublishedArticles(l *data.ArticleList) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		tmpl, err := template.ParseFiles("web/templates/unpublished-articles.html")
+		template.Must(tmpl, err).ExecuteTemplate(w, "page-content", l.Get())
+	}
+}
+
+func ReviewArticle(l *data.ArticleList, s *data.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		uuid, err := uuid.Parse(r.PostFormValue("uuid"))
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		for _, article := range l.Get() {
+			if article.UUID == uuid {
+				tmpl, err := template.ParseFiles("web/templates/to-be-published.html")
+				template.Must(tmpl, err).ExecuteTemplate(w, "page-content", article)
+				return
+			}
+		}
+
+		session, err := s.Get(r, "cookie")
+		if err != nil {
+			tmpl, err := template.ParseFiles("web/templates/login.html")
+			msg := "Session nicht mehr gültig. Bitte erneut anmelden."
+			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", msg)
+		}
+
+		tmpl, err := template.ParseFiles("web/templates/hub.html")
+		tmpl = template.Must(tmpl, err)
+		tmpl.ExecuteTemplate(w, "page-content", session.Values["role"])
+	}
+}
+
+func PublishArticle(f *data.Feed, l *data.ArticleList, s *data.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		uuid, err := uuid.Parse(r.PostFormValue("uuid"))
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		article, ok := l.Release(uuid)
+		if !ok {
+			// TODO: Warnung anzeigen
+			// msg = "Alle Felder müssen ausgefüllt werden."
+			// tmpl, err := template.ParseFiles("web/templates/add-user.html")
+			// template.Must(tmpl, err).ExecuteTemplate(w, "page-content", msg)
+			return
+		}
+
+		f.Add(&feeds.Item{
+			Title:       article.Title,
+			Created:     article.Created,
+			Description: article.Desc,
+			Content:     article.Content,
+		})
+		f.Save("tmp/rss.gob")
+
+		session, err := s.Get(r, "cookie")
+		if err != nil {
+			tmpl, err := template.ParseFiles("web/templates/login.html")
+			msg := "Session nicht mehr gültig. Bitte erneut anmelden."
+			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", msg)
+		}
+
+		tmpl, err := template.ParseFiles("web/templates/hub.html")
+		tmpl = template.Must(tmpl, err)
+		tmpl.ExecuteTemplate(w, "page-content", session.Values["role"])
+	}
+}

cmd/ui/helpers.go

@@ -1,16 +0,0 @@
-package ui
-
-func checkUserStrings(user, first, last string) (string, int, bool) {
-	userLen := 15
-	nameLen := 50
-
-	if len(user) > userLen {
-		return user, userLen, false
-	} else if len(first) > nameLen {
-		return first, nameLen, false
-	} else if len(last) > nameLen {
-		return last, nameLen, false
-	} else {
-		return "", 0, true
-	}
-}

cmd/ui/htmlStructs.go

@@ -1 +0,0 @@
-package ui

cmd/ui/rss.go

@@ -0,0 +1,25 @@
+package ui
+
+import (
+	"html/template"
+	"log"
+	"net/http"
+
+	"streifling.com/jason/cpolis/cmd/data"
+)
+
+func ShowRSS(f *data.Feed) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		feed := f.Get()
+		rss, err := feed.ToRss()
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		files := []string{"web/templates/index.html", "web/templates/feed.rss"}
+		tmpl, err := template.ParseFiles(files...)
+		template.Must(tmpl, err).Execute(w, rss)
+	}
+}

cmd/ui/sessions.go

@@ -0,0 +1,83 @@
+package ui
+
+import (
+	"html/template"
+	"log"
+	"net/http"
+
+	"streifling.com/jason/cpolis/cmd/data"
+)
+
+func HomePage(db *data.DB, s *data.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		numRows, err := db.CountEntries()
+		if err != nil {
+			log.Fatalln(err)
+		}
+
+		files := []string{"web/templates/index.html"}
+		if numRows == 0 {
+			files = append(files, "web/templates/add-user.html")
+			tmpl, err := template.ParseFiles(files...)
+			template.Must(tmpl, err).Execute(w, nil)
+		} else {
+			session, _ := s.Get(r, "cookie")
+			if auth, ok := session.Values["authenticated"].(bool); auth && ok {
+				files = append(files, "web/templates/hub.html")
+				tmpl, err := template.ParseFiles(files...)
+				template.Must(tmpl, err).Execute(w, session.Values["role"])
+			} else {
+				files = append(files, "web/templates/login.html")
+				tmpl, err := template.ParseFiles(files...)
+				template.Must(tmpl, err).Execute(w, nil)
+			}
+		}
+	}
+}
+
+func Login(db *data.DB, s *data.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		userName := r.PostFormValue("username")
+		password := r.PostFormValue("password")
+
+		id, err := db.GetID(userName)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		if err := db.CheckPassword(id, password); err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		user, err := db.GetUser(id)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		session, err := s.Get(r, "cookie")
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusBadRequest)
+			return
+		}
+
+		session.Values["authenticated"] = true
+		session.Values["id"] = user.ID
+		session.Values["name"] = user.FirstName + user.LastName
+		session.Values["role"] = user.Role
+		if err := session.Save(r, w); err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		tmpl, err := template.ParseFiles("web/templates/hub.html")
+		template.Must(tmpl, err).ExecuteTemplate(w, "page-content", user.Role)
+	}
+}

cmd/ui/ui.go

@@ -1,98 +0,0 @@
-package ui
-
-import (
-	"html/template"
-	"log"
-	"net/http"
-
-	"streifling.com/jason/cpolis/cmd/data"
-	"streifling.com/jason/cpolis/cmd/feed"
-)
-
-func HandleLogin(db *data.DB) http.HandlerFunc {
-	return func(w http.ResponseWriter, r *http.Request) {
-		user := r.PostFormValue("username")
-		pass := r.PostFormValue("password")
-
-		id, err := db.GetID(user)
-		if err != nil {
-			http.Error(w, err.Error(), http.StatusInternalServerError)
-			// TODO: und nun?
-		}
-
-		if err := db.CheckPassword(id, pass); err != nil {
-			http.Error(w, err.Error(), http.StatusInternalServerError)
-		} else {
-			template.Must(template.ParseFiles("web/templates/editor.html")).ExecuteTemplate(w, "page-content", nil)
-		}
-	}
-}
-
-func HandleFinishedEdit(f *feed.Feed) http.HandlerFunc {
-	return func(w http.ResponseWriter, r *http.Request) {
-		title := r.PostFormValue("editor-title")
-		desc := r.PostFormValue("editor-desc")
-		mdContent := r.PostFormValue("editor-text")
-
-		content, err := data.ConvertToHTML(mdContent)
-		if err != nil {
-			http.Error(w, err.Error(), http.StatusInternalServerError)
-			log.Panicln(err)
-		}
-
-		feed.AddToFeed(f, title, desc, content)
-		feed.SaveFeed(f, "tmp/rss.gob")
-		// template.Must(template.ParseFiles("web/templates/editor.html")).ExecuteTemplate(w, "html-result", rssItem)
-	}
-}
-
-func HandleAddUser(db *data.DB) http.HandlerFunc {
-	return func(w http.ResponseWriter, r *http.Request) {
-		var writer, editor, admin bool
-
-		user := r.PostFormValue("username")
-		pass := r.PostFormValue("password")
-		pass2 := r.PostFormValue("password2")
-		first := r.PostFormValue("first-name")
-		last := r.PostFormValue("last-name")
-		role := r.PostFormValue("role")
-
-		_, _, ok := checkUserStrings(user, first, last)
-		if !ok {
-			log.Println("checkUserStrings")
-			template.Must(template.ParseFiles("web/templates/add-user.html")).Execute(w, nil)
-		}
-		id, _ := db.GetID(user)
-		if id != 0 {
-			log.Println("GetID")
-			template.Must(template.ParseFiles("web/templates/add-user.html")).Execute(w, nil)
-		}
-		if pass != pass2 {
-			log.Println("pass")
-			template.Must(template.ParseFiles("web/templates/add-user.html")).Execute(w, nil)
-		}
-		switch role {
-		case "writer":
-			writer = true
-			editor = false
-			admin = false
-		case "editor":
-			writer = false
-			editor = true
-			admin = false
-		case "admin":
-			writer = false
-			editor = false
-			admin = true
-		default:
-			log.Println("switch")
-			template.Must(template.ParseFiles("web/templates/add-user.html")).Execute(w, nil)
-		}
-
-		if err := db.AddUser(user, pass, first, last, writer, editor, admin); err != nil {
-			log.Println(err)
-			http.Error(w, err.Error(), http.StatusInternalServerError)
-		}
-		template.Must(template.ParseFiles("web/templates/editor.html")).Execute(w, nil)
-	}
-}

go.mod

@@ -4,7 +4,9 @@ go 1.22.0
 
 require (
 	github.com/go-sql-driver/mysql v1.7.1
+	github.com/google/uuid v1.6.0
 	github.com/gorilla/feeds v1.1.2
+	github.com/gorilla/sessions v1.2.2
 	github.com/microcosm-cc/bluemonday v1.0.26
 	github.com/yuin/goldmark v1.7.0
 	golang.org/x/crypto v0.14.0
@@ -14,6 +16,7 @@ require (
 require (
 	github.com/aymerick/douceur v0.2.0 // indirect
 	github.com/gorilla/css v1.0.0 // indirect
+	github.com/gorilla/securecookie v1.1.2 // indirect
 	golang.org/x/net v0.17.0 // indirect
 	golang.org/x/sys v0.17.0 // indirect
 )

go.sum

@@ -2,10 +2,18 @@ github.com/aymerick/douceur v0.2.0 h1:Mv+mAeH1Q+n9Fr+oyamOlAkUNPWPlA8PPGR0QAaYuP
 github.com/aymerick/douceur v0.2.0/go.mod h1:wlT5vV2O3h55X9m7iVYN0TBM0NH/MmbLnd30/FjWUq4=
 github.com/go-sql-driver/mysql v1.7.1 h1:lUIinVbN1DY0xBg0eMOzmmtGoHwWBbvnWubQUrtU8EI=
 github.com/go-sql-driver/mysql v1.7.1/go.mod h1:OXbVy3sEdcQ2Doequ6Z5BW6fXNQTmx+9S1MCJN5yJMI=
+github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
+github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
+github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/gorilla/css v1.0.0 h1:BQqNyPTi50JCFMTw/b67hByjMVXZRwGha6wxVGkeihY=
 github.com/gorilla/css v1.0.0/go.mod h1:Dn721qIggHpt4+EFCcTLTU/vk5ySda2ReITrtgBl60c=
 github.com/gorilla/feeds v1.1.2 h1:pxzZ5PD3RJdhFH2FsJJ4x6PqMqbgFk1+Vez4XWBW8Iw=
 github.com/gorilla/feeds v1.1.2/go.mod h1:WMib8uJP3BbY+X8Szd1rA5Pzhdfh+HCCAYT2z7Fza6Y=
+github.com/gorilla/securecookie v1.1.2 h1:YCIWL56dvtr73r6715mJs5ZvhtnY73hBvEF8kXD8ePA=
+github.com/gorilla/securecookie v1.1.2/go.mod h1:NfCASbcHqRSY+3a8tlWJwsQap2VX5pwzwo4h3eOamfo=
+github.com/gorilla/sessions v1.2.2 h1:lqzMYz6bOfvn2WriPUjNByzeXIlVzURcPmgMczkmTjY=
+github.com/gorilla/sessions v1.2.2/go.mod h1:ePLdVu+jbEgHH+KWw8I1z2wqd0BAdAQh/8LRvBeoNcQ=
 github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
 github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=

main.go

@@ -1,39 +1,68 @@
 package main
 
 import (
-	"html/template"
+	"encoding/gob"
 	"log"
 	"net/http"
+	"os"
 
 	"streifling.com/jason/cpolis/cmd/data"
-	"streifling.com/jason/cpolis/cmd/feed"
 	"streifling.com/jason/cpolis/cmd/ui"
 )
 
+func init() {
+	gob.Register(data.User{})
+}
+
 func main() {
+	logFile, err := os.Create("tmp/cpolis.log")
+	if err != nil {
+		log.Fatalln(err)
+	}
+	defer logFile.Close()
+	log.SetOutput(logFile)
+
 	db, err := data.OpenDB("cpolis")
 	if err != nil {
 		log.Fatalln(err)
 	}
 	defer db.Close()
 
-	rss, err := feed.OpenFeed("tmp/rss.gob")
+	feed, err := data.OpenFeed("tmp/rss.gob")
 	if err != nil {
 		log.Println(err)
-		rss = feed.NewFeed("Freimaurer Distrikt Niedersachsen und Sachsen-Anhalt",
+		feed = data.NewFeed("Freimaurer Distrikt Niedersachsen und Sachsen-Anhalt",
 			"https://distrikt-ni-st.de",
 			"Freiheit, Gleichheit, Brüderlichkeit, Toleranz und Humanität")
 	}
 
+	key, err := data.LoadKey("tmp/key.gob")
+	if err != nil {
+		key, err = data.NewKey()
+		if err != nil {
+			log.Fatalln(err)
+		}
+		data.SaveKey(key, "tmp/key.gob")
+	}
+	store := data.NewCookieStore(key)
+
+	articleList := data.NewArticleList()
+
 	mux := http.NewServeMux()
 	mux.Handle("/web/static/", http.StripPrefix("/web/static/", http.FileServer(http.Dir("web/static/"))))
-	mux.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
-		template.Must(template.ParseFiles("web/templates/index.html", "web/templates/login.html")).Execute(w, nil)
-	})
+	mux.HandleFunc("/", ui.HomePage(db, store))
 
-	mux.HandleFunc("POST /add-user/", ui.HandleAddUser(db))
-	mux.HandleFunc("POST /finished-edit/", ui.HandleFinishedEdit(rss))
-	mux.HandleFunc("POST /login/", ui.HandleLogin(db))
+	mux.HandleFunc("GET /hub/", ui.ShowHub(store))
+	mux.HandleFunc("GET /rss/", ui.ShowRSS(feed))
+
+	mux.HandleFunc("POST /add-user/", ui.AddUser(db))
+	mux.HandleFunc("POST /create-user/", ui.CreateUser())
+	mux.HandleFunc("POST /finish-article/", ui.FinishArticle(articleList, store))
+	mux.HandleFunc("POST /login/", ui.Login(db, store))
+	mux.HandleFunc("POST /review-article/", ui.ReviewArticle(articleList, store))
+	mux.HandleFunc("POST /publish-article/", ui.PublishArticle(feed, articleList, store))
+	mux.HandleFunc("POST /unpublished-articles/", ui.ShowUnpublishedArticles(articleList))
+	mux.HandleFunc("POST /write-article/", ui.WriteArticle)
 
 	log.Fatalln(http.ListenAndServe(":8080", mux))
 }

web/templates/add-user.html

@@ -1,20 +1,27 @@
 {{define "page-content"}}
 <h2>Neuer Benutzer</h2>
 <form>
-    <input name="username" placeholder="Benutzername" type="text" />
-    <input name="password" placeholder="Passwort" type="password" />
-    <input name="password2" placeholder="Passwort wiederholen" type="password" />
+    <input required name="username" placeholder="Benutzername" type="text" value="{{.UserName}}" />
+    <input required name="password" placeholder="Passwort" type="password" />
+    <input required name="password2" placeholder="Passwort wiederholen" type="password" />
 
-    <input name="first-name" placeholder="Vorname" type="text" />
-    <input name="last-name" placeholder="Nachname" type="text" />
+    <input required name="first-name" placeholder="Vorname" type="text" value="{{.FirstName}}" />
+    <input required name="last-name" placeholder="Nachname" type="text" value="{{.LastName}}" />
 
     <label for="writer">Schreiber</label>
-    <input id="writer" name="role" type="radio" value="writer" />
+    <input required id="writer" name="role" type="radio" value="2" {{if eq .Role "2" }}checked{{end}} />
     <label for="editor">Redakteur</label>
-    <input id="editor" name="role" type="radio" value="editor" />
+    <input required id="editor" name="role" type="radio" value="1" {{if eq .Role "1" }}checked{{end}} />
     <label for="admin">Admin</label>
-    <input id="admin" name="role" type="radio" value="admin" />
+    <input required id="admin" name="role" type="radio" value="0" {{if eq .Role "0" }}checked{{end}} />
 
     <input type="submit" value="Anlegen" hx-post="/add-user/" hx-target="#page-content" />
 </form>
+
+<script>
+    var msg = "{{.Msg}}";
+    if (msg != "") {
+        alert(msg);
+    }
+</script>
 {{end}}

web/templates/editor.html

@@ -4,7 +4,7 @@
     <input name="editor-title" placeholder="Titel" type="text" />
     <textarea name="editor-desc" placeholder="Beschreibung"></textarea>
     <textarea name="editor-text" placeholder="Artikel"></textarea>
-    <input type="submit" value="Senden" hx-post="/finished-edit/" hx-target="#page-content" />
+    <input type="submit" value="Senden" hx-post="/finish-article/" hx-target="#page-content" />
 </form>
 {{end}}
 

web/templates/feed.rss

@@ -0,0 +1,3 @@
+{{define "page-content"}}
+{{.}}
+{{end}}

web/templates/hub.html

@@ -0,0 +1,11 @@
+{{define "page-content"}}
+<h2>Hub</h2>
+<button hx-post="/write-article/" hx-target="#page-content">Artikel schreiben</button>
+<button hx-post="/rss/" hx-target="#page-content">RSS Feed</button>
+{{if eq . 0}}
+<button hx-post="/create-user/" hx-target="#page-content">Benutzer hinzufügen</button>
+{{end}}
+{{if lt . 2}}
+<button hx-post="/unpublished-articles/" hx-target="#page-content">Unveröffentlichte Artikel</button>
+{{end}}
+{{end}}

web/templates/to-be-published.html

@@ -0,0 +1,11 @@
+{{define "page-content"}}
+<form>
+    <input name="editor-title" type="text" value="{{.Title}}" />
+    <textarea name="editor-desc">{{.Desc}}</textarea>
+    <textarea name="editor-text">{{.Content}}</textarea>
+    <input name="uuid" type="hidden" value="{{.UUID}}" />
+    <input type="submit" value="Veröffentlichen" hx-post="/publish-article/" hx-target="#page-content" />
+    <input type="submit" value="Ablehnen" hx-post="/reject-article/" hx-target="#page-content" />
+</form>
+<button hx-get="/hub/" hx-target="#page-content">Zurück</button>
+{{end}}

web/templates/unpublished-articles.html

@@ -0,0 +1,10 @@
+{{define "page-content"}}
+<form>
+    {{range .}}
+    <input required id="{{.UUID}}" name="uuid" type="radio" value="{{.UUID}}" />
+    <label for="{{.UUID}}">{{.Title}}</label>
+    {{end}}
+    <input type="submit" value="Auswählen" hx-post="/review-article/" hx-target="#page-content" />
+</form>
+<button hx-get="/hub/" hx-target="#page-content">Zurück</button>
+{{end}}