Compare commits
5 Commits
7e7de28b14
...
c74bdeba72
| Author | SHA1 | Date | |
|---|---|---|---|
| c74bdeba72 | |||
| 717f1c813b | |||
| 52797760bb | |||
| 8711ba0629 | |||
| ed51d28c65 |
28
cmd/main.go
28
cmd/main.go
@ -54,34 +54,28 @@ func main() {
|
||||
mux.HandleFunc("GET /edit-user/", view.EditUser(args, db, store))
|
||||
mux.HandleFunc("GET /hub/", view.ShowHub(args, db, store))
|
||||
mux.HandleFunc("GET /logout/", view.Logout(args, store))
|
||||
mux.HandleFunc("GET /publish-issue/",
|
||||
view.PublishLatestIssue(args, db, store))
|
||||
mux.HandleFunc("GET /rejected-articles/",
|
||||
view.ShowRejectedArticles(args, db, store))
|
||||
mux.HandleFunc("GET /review-rejected-article/{id}/",
|
||||
view.ReviewRejectedArticle(args, db, store))
|
||||
mux.HandleFunc("GET /review-unpublished-article/{id}/",
|
||||
view.ReviewUnpublishedArticle(args, db, store))
|
||||
mux.HandleFunc("GET /rss/", view.ShowRSS(args,
|
||||
mux.HandleFunc("GET /publish-issue/", view.PublishLatestIssue(args, db, store))
|
||||
mux.HandleFunc("GET /rejected-articles/", view.ShowRejectedArticles(args, db, store))
|
||||
mux.HandleFunc("GET /review-rejected-article/{id}/", view.ReviewRejectedArticle(args, db, store))
|
||||
mux.HandleFunc("GET /review-unpublished-article/{id}/", view.ReviewUnpublishedArticle(args, db, store))
|
||||
mux.HandleFunc("GET /rss/", view.ShowRSS(
|
||||
args,
|
||||
db,
|
||||
"Freimaurer Distrikt Niedersachsen und Sachsen-Anhalt",
|
||||
"https://distrikt-ni-st.de",
|
||||
"Freiheit, Gleichheit, Brüderlichkeit, Toleranz und Humanität",
|
||||
))
|
||||
mux.HandleFunc("GET /this-issue/", view.ShowCurrentArticles(args, db))
|
||||
mux.HandleFunc("GET /unpublished-articles/",
|
||||
view.ShowUnpublishedArticles(args, db))
|
||||
mux.HandleFunc("GET /unpublished-articles/", view.ShowUnpublishedArticles(args, db))
|
||||
mux.HandleFunc("GET /write-article/", view.WriteArticle(args, db))
|
||||
|
||||
mux.HandleFunc("POST /add-first-user/", view.AddFirstUser(args, db, store))
|
||||
mux.HandleFunc("POST /add-tag/", view.AddTag(args, db, store))
|
||||
mux.HandleFunc("POST /add-user/", view.AddUser(args, db, store))
|
||||
mux.HandleFunc("POST /login/", view.Login(args, db, store))
|
||||
mux.HandleFunc("POST /publish-article/{id}/",
|
||||
view.PublishArticle(args, db, store))
|
||||
mux.HandleFunc("POST /reject-article/{id}/",
|
||||
view.RejectArticle(args, db, store))
|
||||
mux.HandleFunc("POST /resubmit-article/{id}/",
|
||||
view.ResubmitArticle(args, db, store))
|
||||
mux.HandleFunc("POST /publish-article/{id}/", view.PublishArticle(args, db, store))
|
||||
mux.HandleFunc("POST /reject-article/{id}/", view.RejectArticle(args, db, store))
|
||||
mux.HandleFunc("POST /resubmit-article/{id}/", view.ResubmitArticle(args, db, store))
|
||||
mux.HandleFunc("POST /submit-article/", view.SubmitArticle(args, db, store))
|
||||
mux.HandleFunc("POST /update-user/", view.UpdateUser(args, db, store))
|
||||
mux.HandleFunc("POST /upload-image/", view.UploadImage(args))
|
||||
|
||||
@ -1,6 +1,8 @@
|
||||
package model
|
||||
|
||||
import (
|
||||
"context"
|
||||
"database/sql"
|
||||
"fmt"
|
||||
"log"
|
||||
|
||||
@ -198,3 +200,71 @@ func (db *DB) UpdateUserAttributes(id int64, user, first, last, oldPass, newPass
|
||||
|
||||
return fmt.Errorf("error: %v unsuccessful retries for DB operation, aborting", TxMaxRetries)
|
||||
}
|
||||
|
||||
func (db *DB) AddFirstUser(u *User, pass string) (int64, error) {
|
||||
var numUsers int64
|
||||
txOptions := &sql.TxOptions{Isolation: sql.LevelSerializable}
|
||||
selectQuery := "SELECT COUNT(*) FROM users"
|
||||
insertQuery := `
|
||||
INSERT INTO users (username, password, first_name, last_name, role)
|
||||
VALUES (?, ?, ?, ?, ?)
|
||||
`
|
||||
|
||||
for i := 0; i < TxMaxRetries; i++ {
|
||||
id, err := func() (int64, error) {
|
||||
tx, err := db.BeginTx(context.Background(), txOptions)
|
||||
if err != nil {
|
||||
return 0, fmt.Errorf("error starting transaction: %v", err)
|
||||
}
|
||||
|
||||
if err := tx.QueryRow(selectQuery).Scan(&numUsers); err != nil {
|
||||
if rollbackErr := tx.Rollback(); rollbackErr != nil {
|
||||
log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
|
||||
}
|
||||
return 0, fmt.Errorf("error getting ID of %v: %v", u.UserName, err)
|
||||
}
|
||||
if numUsers != 0 {
|
||||
if err = tx.Commit(); err != nil {
|
||||
return 0, fmt.Errorf("error committing transaction: %v", err)
|
||||
}
|
||||
return 2, nil
|
||||
}
|
||||
|
||||
hashedPass, err := bcrypt.GenerateFromPassword([]byte(pass), bcrypt.DefaultCost)
|
||||
if err != nil {
|
||||
if rollbackErr := tx.Rollback(); rollbackErr != nil {
|
||||
log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
|
||||
}
|
||||
return 0, fmt.Errorf("error creating password hash: %v", err)
|
||||
}
|
||||
|
||||
result, err := tx.Exec(insertQuery, u.UserName, string(hashedPass), u.FirstName, u.LastName, u.Role)
|
||||
if err != nil {
|
||||
if rollbackErr := tx.Rollback(); rollbackErr != nil {
|
||||
log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
|
||||
}
|
||||
return 0, fmt.Errorf("error inserting new user %v into DB: %v", u.UserName, err)
|
||||
}
|
||||
|
||||
id, err := result.LastInsertId()
|
||||
if err != nil {
|
||||
if rollbackErr := tx.Rollback(); rollbackErr != nil {
|
||||
log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
|
||||
}
|
||||
return 0, fmt.Errorf("error inserting user into DB: %v", err)
|
||||
}
|
||||
|
||||
if err = tx.Commit(); err != nil {
|
||||
return 0, fmt.Errorf("error committing transaction: %v", err)
|
||||
}
|
||||
return id, nil
|
||||
}()
|
||||
if err == nil {
|
||||
return id, nil
|
||||
}
|
||||
|
||||
log.Println(err)
|
||||
wait(i)
|
||||
}
|
||||
return 0, fmt.Errorf("error: %v unsuccessful retries for DB operation, aborting", TxMaxRetries)
|
||||
}
|
||||
|
||||
@ -36,7 +36,7 @@ func HomePage(c *control.CliArgs, db *model.DB, s *control.CookieStore) http.Han
|
||||
|
||||
files := []string{c.WebDir + "/templates/index.html"}
|
||||
if numRows == 0 {
|
||||
files = append(files, c.WebDir+"/templates/add-user.html")
|
||||
files = append(files, c.WebDir+"/templates/first-user.html")
|
||||
tmpl, err := template.ParseFiles(files...)
|
||||
template.Must(tmpl, err).Execute(w, nil)
|
||||
} else {
|
||||
|
||||
@ -88,37 +88,13 @@ func AddUser(c *control.CliArgs, db *model.DB, s *control.CookieStore) http.Hand
|
||||
return
|
||||
}
|
||||
|
||||
htmlData.ID, err = db.AddUser(htmlData.User, pass)
|
||||
_, err = db.AddUser(htmlData.User, pass)
|
||||
if err != nil {
|
||||
log.Println(err)
|
||||
http.Error(w, err.Error(), http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
|
||||
if htmlData.ID == 1 {
|
||||
htmlData.Role = model.Admin
|
||||
|
||||
if err = db.UpdateAttributes(
|
||||
&model.Attribute{Table: "users", ID: id, AttName: "role", Value: htmlData.Role},
|
||||
); err != nil {
|
||||
log.Println(err)
|
||||
http.Error(w, err.Error(), http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
|
||||
if err := saveSession(w, r, s, htmlData.User); err != nil {
|
||||
log.Println(err)
|
||||
http.Error(w, err.Error(), http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
|
||||
if _, err := db.AddIssue(); err != nil {
|
||||
log.Println(err)
|
||||
http.Error(w, err.Error(), http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
tmpl, err := template.ParseFiles(c.WebDir + "/templates/hub.html")
|
||||
template.Must(tmpl, err).ExecuteTemplate(w, "page-content", 0)
|
||||
}
|
||||
@ -214,3 +190,78 @@ func UpdateUser(c *control.CliArgs, db *model.DB, s *control.CookieStore) http.H
|
||||
tmpl.ExecuteTemplate(w, "page-content", session.Values["role"].(int))
|
||||
}
|
||||
}
|
||||
|
||||
func AddFirstUser(c *control.CliArgs, db *model.DB, s *control.CookieStore) http.HandlerFunc {
|
||||
return func(w http.ResponseWriter, r *http.Request) {
|
||||
var err error
|
||||
|
||||
htmlData := UserData{
|
||||
User: &model.User{
|
||||
UserName: r.PostFormValue("username"),
|
||||
FirstName: r.PostFormValue("first-name"),
|
||||
LastName: r.PostFormValue("last-name"),
|
||||
Role: model.Admin,
|
||||
},
|
||||
}
|
||||
pass := r.PostFormValue("password")
|
||||
pass2 := r.PostFormValue("password2")
|
||||
|
||||
if len(htmlData.UserName) == 0 || len(htmlData.FirstName) == 0 ||
|
||||
len(htmlData.LastName) == 0 || len(pass) == 0 || len(pass2) == 0 {
|
||||
htmlData.Msg = "Alle Felder müssen ausgefüllt werden."
|
||||
tmpl, err := template.ParseFiles(c.WebDir + "/templates/add-user.html")
|
||||
template.Must(tmpl, err).ExecuteTemplate(w, "page-content", htmlData)
|
||||
return
|
||||
}
|
||||
userString, stringLen, ok := checkUserStrings(htmlData.User)
|
||||
if !ok {
|
||||
htmlData.Msg = fmt.Sprint(userString, " ist zu lang. Maximal ",
|
||||
stringLen, " Zeichen erlaubt.")
|
||||
tmpl, err := template.ParseFiles(c.WebDir + "/templates/add-user.html")
|
||||
template.Must(tmpl, err).ExecuteTemplate(w, "page-content", htmlData)
|
||||
return
|
||||
}
|
||||
id, _ := db.GetID(htmlData.UserName)
|
||||
if id != 0 {
|
||||
htmlData.Msg = fmt.Sprint(htmlData.UserName,
|
||||
" ist bereits vergeben. Bitte anderen Benutzernamen wählen.")
|
||||
tmpl, err := template.ParseFiles(c.WebDir + "/templates/add-user.html")
|
||||
template.Must(tmpl, err).ExecuteTemplate(w, "page-content", htmlData)
|
||||
return
|
||||
}
|
||||
if pass != pass2 {
|
||||
htmlData.Msg = "Die Passwörter stimmen nicht überein."
|
||||
tmpl, err := template.ParseFiles(c.WebDir + "/templates/add-user.html")
|
||||
template.Must(tmpl, err).ExecuteTemplate(w, "page-content", htmlData)
|
||||
return
|
||||
}
|
||||
|
||||
htmlData.ID, err = db.AddFirstUser(htmlData.User, pass)
|
||||
if err != nil {
|
||||
log.Println(err)
|
||||
http.Error(w, err.Error(), http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
if htmlData.ID > 1 {
|
||||
errString := "error: there is already a first user"
|
||||
log.Println(errString)
|
||||
http.Error(w, errString, http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
|
||||
if err := saveSession(w, r, s, htmlData.User); err != nil {
|
||||
log.Println(err)
|
||||
http.Error(w, err.Error(), http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
|
||||
if _, err := db.AddIssue(); err != nil {
|
||||
log.Println(err)
|
||||
http.Error(w, err.Error(), http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
|
||||
tmpl, err := template.ParseFiles(c.WebDir + "/templates/hub.html")
|
||||
template.Must(tmpl, err).ExecuteTemplate(w, "page-content", 0)
|
||||
}
|
||||
}
|
||||
|
||||
50
create_db.sql
Normal file
50
create_db.sql
Normal file
@ -0,0 +1,50 @@
|
||||
DROP TABLE IF EXISTS articles_tags;
|
||||
DROP TABLE IF EXISTS tags;
|
||||
DROP TABLE IF EXISTS articles;
|
||||
DROP TABLE IF EXISTS issues;
|
||||
DROP TABLE IF EXISTS users;
|
||||
|
||||
CREATE TABLE users (
|
||||
id INT AUTO_INCREMENT,
|
||||
username VARCHAR(15) NOT NULL UNIQUE,
|
||||
password VARCHAR(60) NOT NULL,
|
||||
first_name VARCHAR(50) NOT NULL,
|
||||
last_name VARCHAR(50) NOT NULL,
|
||||
role INT NOT NULL,
|
||||
PRIMARY KEY(id)
|
||||
);
|
||||
|
||||
CREATE TABLE issues (
|
||||
id INT AUTO_INCREMENT,
|
||||
published BOOL NOT NULL,
|
||||
PRIMARY KEY(id)
|
||||
);
|
||||
|
||||
CREATE TABLE articles (
|
||||
id INT AUTO_INCREMENT,
|
||||
title VARCHAR(255) NOT NULL,
|
||||
created TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
|
||||
description TEXT NOT NULL,
|
||||
content TEXT NOT NULL,
|
||||
published BOOL NOT NULL,
|
||||
rejected BOOL NOT NULL,
|
||||
author_id INT NOT NULL,
|
||||
issue_id INT NOT NULL,
|
||||
PRIMARY KEY(id),
|
||||
FOREIGN KEY(author_id) REFERENCES users(id),
|
||||
FOREIGN KEY(issue_id) REFERENCES issues(id)
|
||||
);
|
||||
|
||||
CREATE TABLE tags (
|
||||
id INT AUTO_INCREMENT,
|
||||
name VARCHAR(15) NOT NULL UNIQUE,
|
||||
PRIMARY KEY(id)
|
||||
);
|
||||
|
||||
CREATE TABLE articles_tags (
|
||||
article_id INT,
|
||||
tag_id INT,
|
||||
PRIMARY KEY(article_id, tag_id),
|
||||
FOREIGN KEY(article_id) REFERENCES articles(id),
|
||||
FOREIGN KEY(tag_id) REFERENCES tags(id)
|
||||
);
|
||||
39
web/templates/first-user.html
Normal file
39
web/templates/first-user.html
Normal file
@ -0,0 +1,39 @@
|
||||
{{define "page-content"}}
|
||||
<h2>Erster Benutzer (Administrator)</h2>
|
||||
|
||||
<form>
|
||||
<div class="grid grid-cols-3 gap-4">
|
||||
<div>
|
||||
<label for="username">Benutzername</label>
|
||||
<input class="w-full" required name="username" type="text" value="{{.UserName}}" />
|
||||
</div>
|
||||
<div>
|
||||
<label for="password">Passwort</label>
|
||||
<input class="w-full" required name="password" placeholder="***" type="password" />
|
||||
</div>
|
||||
<div>
|
||||
<label for="password2">Passwort wiederholen</label>
|
||||
<input class="w-full" required name="password2" placeholder="***" type="password" />
|
||||
</div>
|
||||
<div>
|
||||
<label for="first-name">Vorname</label>
|
||||
<input class="w-full" required name="first-name" type="text" value="{{.FirstName}}" />
|
||||
</div>
|
||||
<div>
|
||||
<label for="last-name">Nachname</label>
|
||||
<input class="w-full" required name="last-name" type="text" value="{{.LastName}}" />
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="btn-area">
|
||||
<input class="action-btn" type="submit" value="Anlegen" hx-post="/add-first-user/" hx-target="#page-content" />
|
||||
</div>
|
||||
</form>
|
||||
|
||||
<script>
|
||||
var msg = "{{.Msg}}";
|
||||
if (msg != "") {
|
||||
alert(msg);
|
||||
}
|
||||
</script>
|
||||
{{end}}
|
||||
@ -1,5 +1,7 @@
|
||||
{{define "page-content"}}
|
||||
<div class="flex flex-col gap-4">
|
||||
<button class="btn" hx-get="/logout/" hx-target="#page-content">Abmelden</button>
|
||||
|
||||
<div class="mb-3">
|
||||
<h2>Autor</h2>
|
||||
<div class="grid grid-cols-2 gap-x-4 gap-y-2">
|
||||
@ -9,6 +11,7 @@
|
||||
<button class="btn" hx-get="/edit-user/" hx-target="#page-content">Benutzer bearbeiten</button>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
{{if lt . 3}}
|
||||
<div class="mb-3">
|
||||
<h2>Redakteur</h2>
|
||||
@ -20,6 +23,7 @@
|
||||
</div>
|
||||
</div>
|
||||
{{end}}
|
||||
|
||||
{{if lt . 2}}
|
||||
<div class="mb-3">
|
||||
<h2>Herausgeber</h2>
|
||||
@ -28,6 +32,7 @@
|
||||
</div>
|
||||
</div>
|
||||
{{end}}
|
||||
|
||||
{{if eq . 0}}
|
||||
<div class="mb-3">
|
||||
<h2>Administrator</h2>
|
||||
|
||||
@ -11,15 +11,12 @@
|
||||
<body class="flex flex-col justify-between min-h-[100dvh] bg-slate-50">
|
||||
<header class="my-8">
|
||||
<h1 class="font-bold text-4xl text-center">Orient Editor</h1>
|
||||
<button class="btn" hx-get="logout" hx-target="#page-content">Abmelden</button>
|
||||
</header>
|
||||
|
||||
<main>
|
||||
<main class="mx-4">
|
||||
<div id="page-content">
|
||||
{{template "page-content" .}}
|
||||
</div>
|
||||
|
||||
<script src="/web/static/js/htmx.min.js"></script>
|
||||
</main>
|
||||
|
||||
<footer class="my-8">
|
||||
@ -27,6 +24,8 @@
|
||||
© 2024 Jason Streifling. Alle Rechte vorbehalten.
|
||||
</p>
|
||||
</footer>
|
||||
|
||||
<script src="/web/static/js/htmx.min.js"></script>
|
||||
</body>
|
||||
|
||||
</html>
|
||||
|
||||
@ -6,6 +6,6 @@
|
||||
<p>{{.Description}}</p>
|
||||
</button>
|
||||
{{end}}
|
||||
<button class="btn" hx-get="/hub/" hx-target="#page-content">Zurück</button>
|
||||
<button class="action-btn" hx-get="/hub/" hx-target="#page-content">Zurück</button>
|
||||
</div>
|
||||
{{end}}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user