Added ability to add user

cmd/data/db.go

@@ -35,16 +35,6 @@ func OpenDB(dbName string) (*DB, error) {
 }
 
 func (db *DB) AddUser(user, pass, first, last string, writer, editor, admin bool) error {
-	userString, stringLen, ok := checkUserStrings(user, first, last)
-	if !ok {
-		return fmt.Errorf("error: %v is longer than %v characters", userString, stringLen)
-	}
-
-	if !permissionsOK(writer, editor, admin) {
-		return fmt.Errorf("error: permissions must be mutually exclusive: writer = %v, editor = %v, admin = %v",
-			writer, editor, admin)
-	}
-
 	hashedPass, err := bcrypt.GenerateFromPassword([]byte(pass), bcrypt.DefaultCost)
 	if err != nil {
 		return fmt.Errorf("error creating password hash: %v", err)
@@ -64,21 +54,46 @@ func (db *DB) AddUser(user, pass, first, last string, writer, editor, admin bool
 	return nil
 }
 
-func (db *DB) ChangePassword(id int64, oldPass, newPass string) error {
+func (db *DB) GetID(user string) (int64, error) {
-	var oldHashedPass string
+	var id int64
 
-	selectQuery := `
+	query := `
+    SELECT id FROM
+        users
+    WHERE
+        username = ?
+    `
+	row := db.QueryRow(query, user)
+	if err := row.Scan(&id); err != nil {
+		return 0, fmt.Errorf("user not in DB: %v", err)
+	}
+
+	return id, nil
+}
+
+func (db *DB) CheckPassword(id int64, pass string) error {
+	var queriedPass string
+
+	query := `
     SELECT password FROM
         users
     WHERE
         id = ?
     `
-	row := db.QueryRow(selectQuery, id)
+	row := db.QueryRow(query, id)
-	if err := row.Scan(&oldHashedPass); err != nil {
+	if err := row.Scan(&queriedPass); err != nil {
 		return fmt.Errorf("error reading password from DB: %v", err)
 	}
 
-	if err := bcrypt.CompareHashAndPassword([]byte(oldHashedPass), []byte(oldPass)); err != nil {
+	if err := bcrypt.CompareHashAndPassword([]byte(queriedPass), []byte(pass)); err != nil {
+		return fmt.Errorf("incorrect password: %v", err)
+	}
+
+	return nil
+}
+
+func (db *DB) ChangePassword(id int64, oldPass, newPass string) error {
+	if err := db.CheckPassword(id, oldPass); err != nil {
 		return fmt.Errorf("error checking password: %v", err)
 	}
 
@@ -88,9 +103,10 @@ func (db *DB) ChangePassword(id int64, oldPass, newPass string) error {
 	}
 
 	updateQuery := `
-    UPDATE users
+    UPDATE users SET
-    SET password = ?
+        password = ?
-    WHERE id = ?
+    WHERE
+        id = ?
     `
 	_, err = db.Exec(updateQuery, string(newHashedPass), id)
 	if err != nil {

cmd/data/helpers.go

@@ -50,24 +50,3 @@ func getCredentials() (string, string, error) {
 
 	return user, pass, nil
 }
-
-func checkUserStrings(user, first, last string) (string, int, bool) {
-	userLen := 15
-	nameLen := 50
-
-	if len(user) > userLen {
-		return user, userLen, false
-	} else if len(first) > nameLen {
-		return first, nameLen, false
-	} else if len(last) > nameLen {
-		return last, nameLen, false
-	} else {
-		return "", 0, true
-	}
-}
-
-func permissionsOK(writer, editor, admin bool) bool {
-	return writer && !editor && !admin ||
-		!writer && editor && !admin ||
-		!writer && !editor && admin
-}

cmd/data/markdown.go

@@ -1,4 +1,4 @@
-package articles
+package data
 
 import (
 	"bytes"

cmd/handlers/editor.go

@@ -1,27 +0,0 @@
-package handlers
-
-import (
-	"log"
-	"net/http"
-
-	"streifling.com/jason/cpolis/cmd/articles"
-	"streifling.com/jason/cpolis/cmd/feed"
-)
-
-func HandleFinishedEdit(f *feed.Feed) http.HandlerFunc {
-	return func(w http.ResponseWriter, r *http.Request) {
-		title := r.PostFormValue("editor-title")
-		desc := r.PostFormValue("editor-desc")
-		mdContent := r.PostFormValue("editor-text")
-
-		content, err := articles.ConvertToHTML(mdContent)
-		if err != nil {
-			http.Error(w, err.Error(), http.StatusInternalServerError)
-			log.Panicln(err)
-		}
-
-		feed.AddToFeed(f, title, desc, content)
-		feed.SaveFeed(f, "tmp/rss.gob")
-		// template.Must(template.ParseFiles("web/templates/editor.html")).ExecuteTemplate(w, "html-result", rssItem)
-	}
-}

cmd/ui/helpers.go

@@ -0,0 +1,16 @@
+package ui
+
+func checkUserStrings(user, first, last string) (string, int, bool) {
+	userLen := 15
+	nameLen := 50
+
+	if len(user) > userLen {
+		return user, userLen, false
+	} else if len(first) > nameLen {
+		return first, nameLen, false
+	} else if len(last) > nameLen {
+		return last, nameLen, false
+	} else {
+		return "", 0, true
+	}
+}

cmd/ui/htmlStructs.go

@@ -0,0 +1 @@
+package ui

cmd/ui/ui.go

@@ -0,0 +1,87 @@
+package ui
+
+import (
+	"html/template"
+	"log"
+	"net/http"
+
+	"streifling.com/jason/cpolis/cmd/data"
+	"streifling.com/jason/cpolis/cmd/feed"
+)
+
+func HandleLogin(db *data.DB) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		user := r.PostFormValue("username")
+		pass := r.PostFormValue("password")
+
+		id, err := db.GetID(user)
+		if err != nil {
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			// TODO: und nun?
+		}
+
+		if err := db.CheckPassword(id, pass); err != nil {
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+		} else {
+			template.Must(template.ParseFiles("web/templates/editor.html")).ExecuteTemplate(w, "page-content", nil)
+		}
+	}
+}
+
+func HandleFinishedEdit(f *feed.Feed) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		title := r.PostFormValue("editor-title")
+		desc := r.PostFormValue("editor-desc")
+		mdContent := r.PostFormValue("editor-text")
+
+		content, err := data.ConvertToHTML(mdContent)
+		if err != nil {
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			log.Panicln(err)
+		}
+
+		feed.AddToFeed(f, title, desc, content)
+		feed.SaveFeed(f, "tmp/rss.gob")
+		// template.Must(template.ParseFiles("web/templates/editor.html")).ExecuteTemplate(w, "html-result", rssItem)
+	}
+}
+
+func HandleAddUser(db *data.DB) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		var writer, editor, admin bool
+
+		user := r.PostFormValue("username")
+		pass := r.PostFormValue("password")
+		pass2 := r.PostFormValue("password2")
+		first := r.PostFormValue("first-name")
+		last := r.PostFormValue("last-name")
+		role := r.PostFormValue("role")
+
+		_, _, ok := checkUserStrings(user, first, last)
+		if !ok {
+			template.Must(template.ParseFiles("web/templates/add-user.html")).Execute(w, nil)
+		}
+		if pass != pass2 {
+			template.Must(template.ParseFiles("web/templates/add-user.html")).Execute(w, nil)
+		}
+		switch role {
+		case "writer":
+			writer = true
+			editor = false
+			admin = false
+		case "editor":
+			writer = false
+			editor = true
+			admin = false
+		case "admin":
+			writer = false
+			editor = false
+			admin = true
+		default:
+			template.Must(template.ParseFiles("web/templates/add-user.html")).Execute(w, nil)
+		}
+
+		db.AddUser(user, pass, first, last, writer, editor, admin)
+		template.Must(template.ParseFiles("web/templates/editor.html")).Execute(w, nil)
+	}
+}

main.go

@@ -7,7 +7,7 @@ import (
 
 	"streifling.com/jason/cpolis/cmd/data"
 	"streifling.com/jason/cpolis/cmd/feed"
-	"streifling.com/jason/cpolis/cmd/handlers"
+	"streifling.com/jason/cpolis/cmd/ui"
 )
 
 func main() {
@@ -17,10 +17,10 @@ func main() {
 	}
 	defer db.Close()
 
-	f, err := feed.OpenFeed("tmp/rss.gob")
+	rss, err := feed.OpenFeed("tmp/rss.gob")
 	if err != nil {
 		log.Println(err)
-		f = feed.NewFeed("Freimaurer Distrikt Niedersachsen und Sachsen-Anhalt",
+		rss = feed.NewFeed("Freimaurer Distrikt Niedersachsen und Sachsen-Anhalt",
 			"https://distrikt-ni-st.de",
 			"Freiheit, Gleichheit, Brüderlichkeit, Toleranz und Humanität")
 	}
@@ -28,9 +28,10 @@ func main() {
 	mux := http.NewServeMux()
 	mux.Handle("/web/static/", http.StripPrefix("/web/static/", http.FileServer(http.Dir("web/static/"))))
 	mux.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
-		template.Must(template.ParseFiles("web/templates/index.html", "web/templates/editor.html")).Execute(w, nil)
+		template.Must(template.ParseFiles("web/templates/index.html", "web/templates/login.html")).Execute(w, nil)
 	})
-	mux.HandleFunc("POST /finished-edit/", handlers.HandleFinishedEdit(f))
+	mux.HandleFunc("POST /login/", ui.HandleLogin(db))
+	mux.HandleFunc("POST /finished-edit/", ui.HandleFinishedEdit(rss))
 
 	log.Fatalln(http.ListenAndServe(":8080", mux))
 }

web/templates/add-user.html

@@ -0,0 +1,19 @@
+{{define "page-content"}}
+<form>
+    <input name="username" placeholder="Benutzername" type="text" />
+    <input name="password" placeholder="Passwort" type="password" />
+    <input name="password2" placeholder="Passwort wiederholen" type="password" />
+
+    <input name="first-name" placeholder="Vorname" type="text" />
+    <input name="last-name" placeholder="Nachname" type="text" />
+
+    <label for="writer">Schreiber</label>
+    <input id="writer" name="role" type="radio" value="writer" />
+    <label for="editor">Redakteur</label>
+    <input id="editor" name="role" type="radio" value="editor" />
+    <label for="admin">Admin</label>
+    <input id="admin" name="role" type="radio" value="admin" />
+
+    <input type="submit" value="Anlegen" hx-post="/add-user/" hx-target="#page-content" />
+</form>
+{{end}}

web/templates/editor.html

@@ -1,9 +1,10 @@
 {{define "page-content"}}
+<h2>Editor</h2>
 <form>
-    <input type="text" name="editor-title" value="Titel">
+    <input name="editor-title" placeholder="Titel" type="text" />
-    <textarea name="editor-desc"></textarea>
+    <textarea name="editor-desc" placeholder="Beschreibung"></textarea>
-    <textarea name="editor-text"></textarea>
+    <textarea name="editor-text" placeholder="Artikel"></textarea>
-    <input type="submit" value="Senden" hx-post="/finished-edit/" hx-target="#page-content">
+    <input type="submit" value="Senden" hx-post="/finished-edit/" hx-target="#page-content" />
 </form>
 {{end}}
 

web/templates/login.html

@@ -0,0 +1,8 @@
+{{define "page-content"}}
+<h2>Anmeldung</h2>
+<form>
+    <input name="username" placeholder="Benutzername" type="text" />
+    <input name="password" placeholder="Passwort" type="password" />
+    <input type="submit" value="Anmelden" hx-post="/login/" hx-target="#page-content" />
+</form>
+{{end}}