Try out different rss package

.gitignore

@@ -21,3 +21,5 @@
 # Go workspace file
 go.work
 
+# Custom stuff
+tmp/

cmd/data/articles.go

@@ -0,0 +1,202 @@
+package data
+
+import (
+	"encoding/gob"
+	"fmt"
+	"os"
+	"sync"
+	"time"
+
+	"github.com/google/uuid"
+)
+
+type Article struct {
+	Tags     *TagList
+	Title    string
+	Author   string
+	Created  time.Time
+	Desc     string
+	Content  string
+	UUID     uuid.UUID
+	AuthorID int64
+}
+
+type ArticleList struct {
+	addCh    chan *Article
+	delCh    chan uuid.UUID
+	retCh    chan *Article
+	getCh    chan []Article
+	articles []*Article
+	wg       sync.WaitGroup
+}
+
+type TagList struct {
+	addCh chan string
+	getCh chan []string
+	tags  []string
+	wg    sync.WaitGroup
+}
+
+func minArticleList() *ArticleList {
+	return &ArticleList{
+		addCh: make(chan *Article),
+		delCh: make(chan uuid.UUID),
+		retCh: make(chan *Article),
+		getCh: make(chan []Article),
+	}
+}
+
+func minTagList() *TagList {
+	return &TagList{
+		addCh: make(chan string),
+		getCh: make(chan []string),
+	}
+}
+
+func (al *ArticleList) start() {
+	al.wg.Done()
+	for {
+		select {
+		case article := <-al.addCh:
+			al.articles = append(al.articles, article)
+		case uuid := <-al.delCh:
+			for i, article := range al.articles {
+				if article.UUID == uuid {
+					al.articles = append(al.articles[:i], al.articles[i+1:]...)
+					al.retCh <- article
+				}
+			}
+		case al.getCh <- func() []Article {
+			var list []Article
+			for _, article := range al.articles {
+				list = append(list, *article)
+			}
+			return list
+		}():
+		}
+	}
+}
+
+func (tl *TagList) start() {
+	tl.wg.Done()
+	for {
+		select {
+		case tag := <-tl.addCh:
+			tl.tags = append(tl.tags, tag)
+		case tl.getCh <- tl.tags:
+		}
+	}
+}
+
+func NewArticleList() *ArticleList {
+	list := minArticleList()
+	list.articles = []*Article{}
+
+	list.wg.Add(1)
+	go list.start()
+	list.wg.Wait()
+
+	return list
+}
+
+func (al *ArticleList) Add(a *Article) {
+	al.addCh <- a
+}
+
+func (al *ArticleList) Release(uuid uuid.UUID) (*Article, bool) {
+	al.delCh <- uuid
+	article := <-al.retCh
+	if article == nil {
+		return nil, false
+	}
+	return article, true
+}
+
+func (al *ArticleList) Get() []Article {
+	return <-al.getCh
+}
+
+func (al *ArticleList) Save(filename string) error {
+	file, err := os.Create(filename)
+	if err != nil {
+		return fmt.Errorf("error creating key file: %v", err)
+	}
+	defer file.Close()
+
+	encoder := gob.NewEncoder(file)
+	articles := al.Get()
+	err = encoder.Encode(articles)
+	if err != nil {
+		return fmt.Errorf("error ecoding key: %v", err)
+	}
+
+	return nil
+}
+
+func LoadArticleList(filename string) (*ArticleList, error) {
+	file, err := os.Open(filename)
+	if err != nil {
+		return nil, fmt.Errorf("error opening key file: %v", err)
+	}
+
+	decoder := gob.NewDecoder(file)
+	articleList := NewArticleList()
+	err = decoder.Decode(&articleList.articles)
+	if err != nil {
+		return nil, fmt.Errorf("error decoding key: %v", err)
+	}
+
+	return articleList, nil
+}
+
+func NewTagList() *TagList {
+	list := minTagList()
+	list.tags = []string{}
+
+	list.wg.Add(1)
+	go list.start()
+	list.wg.Wait()
+
+	return list
+}
+
+func (tl *TagList) Add(tag string) {
+	tl.addCh <- tag
+}
+
+func (tl *TagList) Get() []string {
+	return <-tl.getCh
+}
+
+func (tl *TagList) Save(filename string) error {
+	file, err := os.Create(filename)
+	if err != nil {
+		return fmt.Errorf("error creating key file: %v", err)
+	}
+	defer file.Close()
+
+	encoder := gob.NewEncoder(file)
+	tags := tl.Get()
+	err = encoder.Encode(tags)
+	if err != nil {
+		return fmt.Errorf("error ecoding key: %v", err)
+	}
+
+	return nil
+}
+
+func LoadTagList(filename string) (*TagList, error) {
+	file, err := os.Open(filename)
+	if err != nil {
+		return nil, fmt.Errorf("error opening key file: %v", err)
+	}
+
+	decoder := gob.NewDecoder(file)
+	tagList := NewTagList()
+	err = decoder.Decode(&tagList.tags)
+	if err != nil {
+		return nil, fmt.Errorf("error decoding key: %v", err)
+	}
+
+	return tagList, nil
+}

cmd/data/db.go

@@ -0,0 +1,143 @@
+package data
+
+import (
+	"database/sql"
+	"fmt"
+
+	"github.com/go-sql-driver/mysql"
+	"golang.org/x/crypto/bcrypt"
+)
+
+type DB struct {
+	*sql.DB
+}
+
+func OpenDB(dbName string) (*DB, error) {
+	var err error
+	db := DB{DB: &sql.DB{}}
+
+	cfg := mysql.NewConfig()
+	cfg.DBName = dbName
+	cfg.User, cfg.Passwd, err = getCredentials()
+	if err != nil {
+		return nil, fmt.Errorf("error reading user credentials for DB: %v", err)
+	}
+
+	db.DB, err = sql.Open("mysql", cfg.FormatDSN())
+	if err != nil {
+		return nil, fmt.Errorf("error opening DB: %v", err)
+	}
+	if err = db.Ping(); err != nil {
+		return nil, fmt.Errorf("error pinging DB: %v", err)
+	}
+
+	return &db, nil
+}
+
+func (db *DB) AddUser(user *User, pass string) error {
+	hashedPass, err := bcrypt.GenerateFromPassword([]byte(pass), bcrypt.DefaultCost)
+	if err != nil {
+		return fmt.Errorf("error creating password hash: %v", err)
+	}
+
+	query := `
+    INSERT INTO users
+        (username, password, first_name, last_name, role)
+    VALUES (?, ?, ?, ?, ?)
+    `
+	_, err = db.Exec(query, user.UserName, string(hashedPass), user.FirstName, user.LastName, user.Role)
+	if err != nil {
+		return fmt.Errorf("error inserting user into DB: %v", err)
+	}
+
+	return nil
+}
+
+func (db *DB) GetID(userName string) (int64, error) {
+	var id int64
+
+	query := `
+    SELECT id
+    FROM users
+    WHERE username = ?
+    `
+	row := db.QueryRow(query, userName)
+	if err := row.Scan(&id); err != nil {
+		return 0, fmt.Errorf("user not in DB: %v", err)
+	}
+
+	return id, nil
+}
+
+func (db *DB) CheckPassword(id int64, pass string) error {
+	var queriedPass string
+
+	query := `
+    SELECT password
+    FROM users
+    WHERE id = ?
+    `
+	row := db.QueryRow(query, id)
+	if err := row.Scan(&queriedPass); err != nil {
+		return fmt.Errorf("error reading password from DB: %v", err)
+	}
+
+	if err := bcrypt.CompareHashAndPassword([]byte(queriedPass), []byte(pass)); err != nil {
+		return fmt.Errorf("incorrect password: %v", err)
+	}
+
+	return nil
+}
+
+func (db *DB) ChangePassword(id int64, oldPass, newPass string) error {
+	if err := db.CheckPassword(id, oldPass); err != nil {
+		return fmt.Errorf("error checking password: %v", err)
+	}
+
+	newHashedPass, err := bcrypt.GenerateFromPassword([]byte(newPass), bcrypt.DefaultCost)
+	if err != nil {
+		return fmt.Errorf("error creating password hash: %v", err)
+	}
+
+	query := `
+    UPDATE users
+    SET password = ?
+    WHERE id = ?
+    `
+	_, err = db.Exec(query, string(newHashedPass), id)
+	if err != nil {
+		return fmt.Errorf("error updating password in DB: %v", err)
+	}
+
+	return nil
+}
+
+func (db *DB) CountEntries() (int64, error) {
+	var count int64
+
+	query := `SELECT COUNT(*) FROM users`
+	row := db.QueryRow(query)
+	if err := row.Scan(&count); err != nil {
+		return 0, fmt.Errorf("error counting rows in user DB: %v", err)
+	}
+
+	return count, nil
+}
+
+// TODO: No need for ID field in general
+func (db *DB) GetUser(id int64) (*User, error) {
+	user := new(User)
+	query := `
+    SELECT id, username, first_name, last_name, role
+    FROM users
+    WHERE id = ?
+    `
+
+	row := db.QueryRow(query, id)
+	if err := row.Scan(&user.ID, &user.UserName, &user.FirstName,
+		&user.LastName, &user.Role); err != nil {
+		return nil, fmt.Errorf("error reading user information: %v", err)
+	}
+
+	return user, nil
+}

cmd/data/helpers.go

@@ -0,0 +1,52 @@
+package data
+
+import (
+	"bufio"
+	"fmt"
+	"os"
+	"strings"
+	"syscall"
+
+	"golang.org/x/term"
+)
+
+func getUsername() (string, error) {
+	user := os.Getenv("DB_USER")
+	if user == "" {
+		var err error
+		fmt.Printf("DB Benutzer: ")
+		user, err = bufio.NewReader(os.Stdin).ReadString('\n')
+		if err != nil {
+			return "", fmt.Errorf("error reading username: %v", err)
+		}
+	}
+	return strings.TrimSpace(user), nil
+}
+
+func getPassword() (string, error) {
+	pass := os.Getenv("DB_PASS")
+	if pass == "" {
+		fmt.Printf("DB Passwort: ")
+		bytePass, err := term.ReadPassword(int(syscall.Stdin))
+		if err != nil {
+			return "", fmt.Errorf("error reading password: %v", err)
+		}
+		fmt.Println()
+		pass = strings.TrimSpace(string(bytePass))
+	}
+	return pass, nil
+}
+
+func getCredentials() (string, string, error) {
+	user, err := getUsername()
+	if err != nil {
+		return "", "", fmt.Errorf("error getting username: %v", err)
+	}
+
+	pass, err := getPassword()
+	if err != nil {
+		return "", "", fmt.Errorf("error getting password: %v", err)
+	}
+
+	return user, pass, nil
+}

cmd/data/markdown.go

@@ -0,0 +1,35 @@
+package data
+
+import (
+	"bytes"
+	"fmt"
+
+	"github.com/microcosm-cc/bluemonday"
+	"github.com/yuin/goldmark"
+)
+
+func ConvertToHTML(md string) (string, error) {
+	var buf bytes.Buffer
+
+	if err := goldmark.Convert([]byte(md), &buf); err != nil {
+		return "", fmt.Errorf("error converting markdown to html: %v", err)
+	}
+
+	p := bluemonday.UGCPolicy()
+	html := p.Sanitize(buf.String())
+
+	return html, nil
+}
+
+func ConvertToPlain(md string) (string, error) {
+	var buf bytes.Buffer
+
+	if err := goldmark.Convert([]byte(md), &buf); err != nil {
+		return "", fmt.Errorf("error converting markdown to html: %v", err)
+	}
+
+	p := bluemonday.StrictPolicy()
+	plain := p.Sanitize(buf.String())
+
+	return plain, nil
+}

cmd/data/sessions.go

@@ -0,0 +1,66 @@
+package data
+
+import (
+	"crypto/rand"
+	"encoding/gob"
+	"fmt"
+	"io"
+	"os"
+
+	"github.com/gorilla/sessions"
+)
+
+type CookieStore struct {
+	sessions.CookieStore
+}
+
+func NewKey() ([]byte, error) {
+	key := make([]byte, 32)
+
+	_, err := io.ReadFull(rand.Reader, key)
+	if err != nil {
+		return nil, fmt.Errorf("error generating key: %v", err)
+	}
+
+	return key, nil
+}
+
+func SaveKey(key []byte, filename string) error {
+	file, err := os.Create(filename)
+	if err != nil {
+		return fmt.Errorf("error creating key file: %v", err)
+	}
+	defer file.Close()
+	file.Chmod(0600)
+
+	encoder := gob.NewEncoder(file)
+	err = encoder.Encode(key)
+	if err != nil {
+		return fmt.Errorf("error ecoding key: %v", err)
+	}
+
+	return nil
+}
+
+func LoadKey(filename string) ([]byte, error) {
+	file, err := os.Open(filename)
+	if err != nil {
+		return nil, fmt.Errorf("error opening key file: %v", err)
+	}
+
+	key := make([]byte, 32)
+	decoder := gob.NewDecoder(file)
+	err = decoder.Decode(&key)
+	if err != nil {
+		return nil, fmt.Errorf("error decoding key: %v", err)
+	}
+
+	return key, nil
+}
+
+func NewCookieStore(key []byte) *CookieStore {
+	store := sessions.NewCookieStore(key)
+	store.Options.Secure = true
+	store.Options.HttpOnly = true
+	return &CookieStore{*store}
+}

cmd/data/user.go

@@ -0,0 +1,16 @@
+package data
+
+const (
+	Admin = iota
+	Editor
+	Writer
+)
+
+type User struct {
+	UserName         string
+	FirstName        string
+	LastName         string
+	RejectedArticles []*Article
+	ID               int64
+	Role             int
+}

cmd/ui/admin.go

@@ -0,0 +1,127 @@
+package ui
+
+import (
+	"fmt"
+	"html/template"
+	"log"
+	"net/http"
+	"strconv"
+
+	"streifling.com/jason/cpolis/cmd/data"
+)
+
+type AddUserData struct {
+	*data.User
+	Msg string
+}
+
+func inputsEmpty(user *data.User, pass, pass2 string) bool {
+	return len(user.UserName) == 0 ||
+		len(user.FirstName) == 0 ||
+		len(user.LastName) == 0 ||
+		len(pass) == 0 ||
+		len(pass2) == 0
+}
+
+func checkUserStrings(user *data.User) (string, int, bool) {
+	userLen := 15
+	nameLen := 50
+
+	if len(user.UserName) > userLen {
+		return "Benutzername", userLen, false
+	} else if len(user.FirstName) > nameLen {
+		return "Vorname", nameLen, false
+	} else if len(user.LastName) > nameLen {
+		return "Nachname", nameLen, false
+	} else {
+		return "", 0, true
+	}
+}
+
+func CreateUser(w http.ResponseWriter, r *http.Request) {
+	tmpl, err := template.ParseFiles("web/templates/add-user.html")
+	template.Must(tmpl, err).ExecuteTemplate(w, "page-content", nil)
+}
+
+func AddUser(db *data.DB, s *data.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		role, err := strconv.Atoi(r.PostFormValue("role"))
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		htmlData := AddUserData{
+			User: &data.User{
+				UserName:  r.PostFormValue("username"),
+				FirstName: r.PostFormValue("first-name"),
+				LastName:  r.PostFormValue("last-name"),
+				Role:      role,
+			},
+		}
+		pass := r.PostFormValue("password")
+		pass2 := r.PostFormValue("password2")
+
+		if inputsEmpty(htmlData.User, pass, pass2) {
+			htmlData.Msg = "Alle Felder müssen ausgefüllt werden."
+			tmpl, err := template.ParseFiles("web/templates/add-user.html")
+			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", htmlData)
+			return
+		}
+		userString, stringLen, ok := checkUserStrings(htmlData.User)
+		if !ok {
+			htmlData.Msg = fmt.Sprint(userString, " ist zu lang. Maximal ",
+				stringLen, " Zeichen erlaubt.")
+			tmpl, err := template.ParseFiles("web/templates/add-user.html")
+			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", htmlData)
+			return
+		}
+		id, _ := db.GetID(htmlData.UserName)
+		if id != 0 {
+			htmlData.Msg = fmt.Sprint(htmlData.UserName,
+				" ist bereits vergeben. Bitte anderen Benutzernamen wählen.")
+			tmpl, err := template.ParseFiles("web/templates/add-user.html")
+			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", htmlData)
+			return
+		}
+		if pass != pass2 {
+			htmlData.Msg = "Die Passwörter stimmen nicht überein."
+			tmpl, err := template.ParseFiles("web/templates/add-user.html")
+			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", htmlData)
+			return
+		}
+
+		num, err := db.CountEntries()
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+		if num == 0 {
+			if htmlData.Role != data.Admin {
+				htmlData.Msg = "Der erste Benutzer muss ein Administrator sein."
+				htmlData.Role = data.Admin
+				tmpl, err := template.ParseFiles("web/templates/add-user.html")
+				tmpl = template.Must(tmpl, err)
+				tmpl.ExecuteTemplate(w, "page-content", htmlData)
+				return
+			}
+
+			if err := saveSession(w, r, s, htmlData.User); err != nil {
+				log.Println(err)
+				http.Error(w, err.Error(), http.StatusInternalServerError)
+				return
+			}
+		}
+
+		if err := db.AddUser(htmlData.User, pass); err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		tmpl, err := template.ParseFiles("web/templates/hub.html")
+		template.Must(tmpl, err).ExecuteTemplate(w, "page-content", 0)
+	}
+}

cmd/ui/articles.go

@@ -0,0 +1,156 @@
+package ui
+
+import (
+	"html/template"
+	"log"
+	"net/http"
+	"time"
+
+	"git.streifling.com/jason/rss"
+	"github.com/google/uuid"
+	"streifling.com/jason/cpolis/cmd/data"
+)
+
+func ShowHub(s *data.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		session, err := s.Get(r, "cookie")
+		if err != nil {
+			tmpl, err := template.ParseFiles("web/templates/login.html")
+			msg := "Session nicht mehr gültig. Bitte erneut anmelden."
+			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", msg)
+		}
+
+		tmpl, err := template.ParseFiles("web/templates/hub.html")
+		template.Must(tmpl, err).ExecuteTemplate(w, "page-content", session.Values["role"])
+	}
+}
+
+func WriteArticle(tl *data.TagList) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		tmpl, err := template.ParseFiles("web/templates/editor.html")
+		template.Must(tmpl, err).ExecuteTemplate(w, "page-content", tl.Get())
+	}
+}
+
+func FinishArticle(al *data.ArticleList, s *data.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		article := new(data.Article)
+		var err error
+
+		article.Title, err = data.ConvertToPlain(r.PostFormValue("editor-title"))
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		article.Desc, err = data.ConvertToPlain(r.PostFormValue("editor-desc"))
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		article.Content, err = data.ConvertToHTML(r.PostFormValue("editor-text"))
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		session, err := s.Get(r, "cookie")
+		if err != nil {
+			tmpl, err := template.ParseFiles("web/templates/login.html")
+			msg := "Session nicht mehr gültig. Bitte erneut anmelden."
+			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", msg)
+		}
+
+		article.UUID = uuid.New()
+		article.Author = session.Values["name"].(string)
+		article.Created = time.Now()
+		article.AuthorID = session.Values["id"].(int64)
+
+		al.Add(article)
+		al.Save("tmp/articles.gob")
+
+		tmpl, err := template.ParseFiles("web/templates/hub.html")
+		tmpl = template.Must(tmpl, err)
+		tmpl.ExecuteTemplate(w, "page-content", session.Values["role"])
+	}
+}
+
+func ShowUnpublishedArticles(al *data.ArticleList) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		tmpl, err := template.ParseFiles("web/templates/unpublished-articles.html")
+		template.Must(tmpl, err).ExecuteTemplate(w, "page-content", al.Get())
+	}
+}
+
+func ReviewArticle(al *data.ArticleList, s *data.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		uuid, err := uuid.Parse(r.PostFormValue("uuid"))
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		for _, article := range al.Get() {
+			if article.UUID == uuid {
+				tmpl, err := template.ParseFiles("web/templates/to-be-published.html")
+				template.Must(tmpl, err).ExecuteTemplate(w, "page-content", article)
+				return
+			}
+		}
+
+		session, err := s.Get(r, "cookie")
+		if err != nil {
+			tmpl, err := template.ParseFiles("web/templates/login.html")
+			msg := "Session nicht mehr gültig. Bitte erneut anmelden."
+			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", msg)
+		}
+
+		tmpl, err := template.ParseFiles("web/templates/hub.html")
+		tmpl = template.Must(tmpl, err)
+		tmpl.ExecuteTemplate(w, "page-content", session.Values["role"])
+	}
+}
+
+func PublishArticle(f *rss.Feed, al *data.ArticleList, s *data.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		uuid, err := uuid.Parse(r.PostFormValue("uuid"))
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		article, ok := al.Release(uuid)
+		if !ok {
+			// TODO: Warnung anzeigen
+			// msg = "Alle Felder müssen ausgefüllt werden."
+			// tmpl, err := template.ParseFiles("web/templates/add-user.html")
+			// template.Must(tmpl, err).ExecuteTemplate(w, "page-content", msg)
+			return
+		}
+
+		session, err := s.Get(r, "cookie")
+		if err != nil {
+			tmpl, err := template.ParseFiles("web/templates/login.html")
+			msg := "Session nicht mehr gültig. Bitte erneut anmelden."
+			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", msg)
+		}
+
+		item := rss.NewItem()
+		item.Title = article.Title
+		item.Author = article.Author
+		item.Description = article.Desc
+		item.Content = &rss.Content{Value: article.Content}
+		f.Channels[0].AddItem(item)
+		f.Save("tmp/rss.gob")
+
+		tmpl, err := template.ParseFiles("web/templates/hub.html")
+		tmpl = template.Must(tmpl, err)
+		tmpl.ExecuteTemplate(w, "page-content", session.Values["role"])
+	}
+}

cmd/ui/editor.go

@@ -0,0 +1,31 @@
+package ui
+
+import (
+	"html/template"
+	"net/http"
+
+	"streifling.com/jason/cpolis/cmd/data"
+)
+
+func CreateTag(w http.ResponseWriter, r *http.Request) {
+	tmpl, err := template.ParseFiles("web/templates/add-tag.html")
+	template.Must(tmpl, err).ExecuteTemplate(w, "page-content", nil)
+}
+
+func AddTag(tl *data.TagList, s *data.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		tl.Add(r.PostFormValue("tag"))
+		tl.Save("tmp/tags.gob")
+
+		session, err := s.Get(r, "cookie")
+		if err != nil {
+			tmpl, err := template.ParseFiles("web/templates/login.html")
+			msg := "Session nicht mehr gültig. Bitte erneut anmelden."
+			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", msg)
+		}
+
+		tmpl, err := template.ParseFiles("web/templates/hub.html")
+		tmpl = template.Must(tmpl, err)
+		tmpl.ExecuteTemplate(w, "page-content", session.Values["role"])
+	}
+}

cmd/ui/rss.go

@@ -0,0 +1,24 @@
+package ui
+
+import (
+	"html/template"
+	"log"
+	"net/http"
+
+	"git.streifling.com/jason/rss"
+)
+
+func ShowRSS(f *rss.Feed) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		rss, err := f.ToXML()
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		files := []string{"web/templates/index.html", "web/templates/feed.rss"}
+		tmpl, err := template.ParseFiles(files...)
+		template.Must(tmpl, err).Execute(w, rss)
+	}
+}

cmd/ui/sessions.go

@@ -0,0 +1,90 @@
+package ui
+
+import (
+	"fmt"
+	"html/template"
+	"log"
+	"net/http"
+
+	"streifling.com/jason/cpolis/cmd/data"
+)
+
+func saveSession(w http.ResponseWriter, r *http.Request, s *data.CookieStore, u *data.User) error {
+	session, err := s.Get(r, "cookie")
+	if err != nil {
+		return fmt.Errorf("error getting session: %v", err)
+	}
+
+	session.Values["authenticated"] = true
+	session.Values["id"] = u.ID
+	session.Values["name"] = u.FirstName + u.LastName
+	session.Values["role"] = u.Role
+	if err := session.Save(r, w); err != nil {
+		return fmt.Errorf("error saving session: %v", err)
+	}
+
+	return nil
+}
+
+func HomePage(db *data.DB, s *data.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		numRows, err := db.CountEntries()
+		if err != nil {
+			log.Fatalln(err)
+		}
+
+		files := []string{"web/templates/index.html"}
+		if numRows == 0 {
+			files = append(files, "web/templates/add-user.html")
+			tmpl, err := template.ParseFiles(files...)
+			template.Must(tmpl, err).Execute(w, nil)
+		} else {
+			session, _ := s.Get(r, "cookie")
+			if auth, ok := session.Values["authenticated"].(bool); auth && ok {
+				files = append(files, "web/templates/hub.html")
+				tmpl, err := template.ParseFiles(files...)
+				template.Must(tmpl, err).Execute(w, session.Values["role"])
+			} else {
+				files = append(files, "web/templates/login.html")
+				tmpl, err := template.ParseFiles(files...)
+				template.Must(tmpl, err).Execute(w, nil)
+			}
+		}
+	}
+}
+
+func Login(db *data.DB, s *data.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		userName := r.PostFormValue("username")
+		password := r.PostFormValue("password")
+
+		id, err := db.GetID(userName)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		if err := db.CheckPassword(id, password); err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		user, err := db.GetUser(id)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		if err := saveSession(w, r, s, user); err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		tmpl, err := template.ParseFiles("web/templates/hub.html")
+		template.Must(tmpl, err).ExecuteTemplate(w, "page-content", user.Role)
+	}
+}

go.mod

@@ -1,3 +1,22 @@
 module streifling.com/jason/cpolis
 
 go 1.22.0
+
+require (
+	git.streifling.com/jason/rss v0.0.0-20240305145359-7d49b2cb25fc
+	github.com/go-sql-driver/mysql v1.7.1
+	github.com/google/uuid v1.6.0
+	github.com/gorilla/sessions v1.2.2
+	github.com/microcosm-cc/bluemonday v1.0.26
+	github.com/yuin/goldmark v1.7.0
+	golang.org/x/crypto v0.14.0
+	golang.org/x/term v0.17.0
+)
+
+require (
+	github.com/aymerick/douceur v0.2.0 // indirect
+	github.com/gorilla/css v1.0.0 // indirect
+	github.com/gorilla/securecookie v1.1.2 // indirect
+	golang.org/x/net v0.17.0 // indirect
+	golang.org/x/sys v0.17.0 // indirect
+)

go.sum

@@ -0,0 +1,30 @@
+git.streifling.com/jason/rss v0.0.0-20240305140009-a59d3f112892 h1:miU3U9H8zSoYprEaG7xaGLMb4CcGLjGt7McC8Wrf+Vs=
+git.streifling.com/jason/rss v0.0.0-20240305140009-a59d3f112892/go.mod h1:gpZF0nZbQSstMpyHD9DTAvlQEG7v4pjO5c7aIMWM4Jg=
+git.streifling.com/jason/rss v0.0.0-20240305145359-7d49b2cb25fc h1:vJ36ouI2wTK+jFktnqyAfFHoYnoznAgAo1nUzvMzCvQ=
+git.streifling.com/jason/rss v0.0.0-20240305145359-7d49b2cb25fc/go.mod h1:gpZF0nZbQSstMpyHD9DTAvlQEG7v4pjO5c7aIMWM4Jg=
+github.com/aymerick/douceur v0.2.0 h1:Mv+mAeH1Q+n9Fr+oyamOlAkUNPWPlA8PPGR0QAaYuPk=
+github.com/aymerick/douceur v0.2.0/go.mod h1:wlT5vV2O3h55X9m7iVYN0TBM0NH/MmbLnd30/FjWUq4=
+github.com/go-sql-driver/mysql v1.7.1 h1:lUIinVbN1DY0xBg0eMOzmmtGoHwWBbvnWubQUrtU8EI=
+github.com/go-sql-driver/mysql v1.7.1/go.mod h1:OXbVy3sEdcQ2Doequ6Z5BW6fXNQTmx+9S1MCJN5yJMI=
+github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
+github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
+github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/gorilla/css v1.0.0 h1:BQqNyPTi50JCFMTw/b67hByjMVXZRwGha6wxVGkeihY=
+github.com/gorilla/css v1.0.0/go.mod h1:Dn721qIggHpt4+EFCcTLTU/vk5ySda2ReITrtgBl60c=
+github.com/gorilla/securecookie v1.1.2 h1:YCIWL56dvtr73r6715mJs5ZvhtnY73hBvEF8kXD8ePA=
+github.com/gorilla/securecookie v1.1.2/go.mod h1:NfCASbcHqRSY+3a8tlWJwsQap2VX5pwzwo4h3eOamfo=
+github.com/gorilla/sessions v1.2.2 h1:lqzMYz6bOfvn2WriPUjNByzeXIlVzURcPmgMczkmTjY=
+github.com/gorilla/sessions v1.2.2/go.mod h1:ePLdVu+jbEgHH+KWw8I1z2wqd0BAdAQh/8LRvBeoNcQ=
+github.com/microcosm-cc/bluemonday v1.0.26 h1:xbqSvqzQMeEHCqMi64VAs4d8uy6Mequs3rQ0k/Khz58=
+github.com/microcosm-cc/bluemonday v1.0.26/go.mod h1:JyzOCs9gkyQyjs+6h10UEVSe02CGwkhd72Xdqh78TWs=
+github.com/yuin/goldmark v1.7.0 h1:EfOIvIMZIzHdB/R/zVrikYLPPwJlfMcNczJFMs1m6sA=
+github.com/yuin/goldmark v1.7.0/go.mod h1:uzxRWxtg69N339t3louHJ7+O03ezfj6PlliRlaOzY1E=
+golang.org/x/crypto v0.14.0 h1:wBqGXzWJW6m1XrIKlAH0Hs1JJ7+9KBwnIO8v66Q9cHc=
+golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4=
+golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM=
+golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=
+golang.org/x/sys v0.17.0 h1:25cE3gD+tdBA7lp7QfhuV+rJiE9YXTcS3VG1SqssI/Y=
+golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/term v0.17.0 h1:mkTF7LCd6WGJNL3K1Ad7kwxNfYAW6a8a8QqtMblp/4U=
+golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=

main.go

@@ -1,8 +1,79 @@
 package main
 
-import "net/http"
+import (
+	"encoding/gob"
+	"log"
+	"net/http"
+	"os"
+
+	"streifling.com/jason/cpolis/cmd/data"
+	"streifling.com/jason/cpolis/cmd/ui"
+)
+
+func init() {
+	gob.Register(data.User{})
+}
 
 func main() {
-	mux := http.NewServeMux()
+	logFile, err := os.OpenFile("tmp/cpolis.log",
-	http.ListenAndServe(":8080", mux)
+		os.O_WRONLY|os.O_CREATE|os.O_APPEND, 0644)
+	if err != nil {
+		log.Fatalln(err)
+	}
+	defer logFile.Close()
+	log.SetOutput(logFile)
+
+	db, err := data.OpenDB("cpolis")
+	if err != nil {
+		log.Fatalln(err)
+	}
+	defer db.Close()
+
+	feed, err := data.OpenFeed("tmp/rss.gob")
+	if err != nil {
+		log.Println(err)
+		feed = data.NewFeed("Freimaurer Distrikt Niedersachsen und Sachsen-Anhalt",
+			"https://distrikt-ni-st.de",
+			"Freiheit, Gleichheit, Brüderlichkeit, Toleranz und Humanität")
+	}
+
+	key, err := data.LoadKey("tmp/key.gob")
+	if err != nil {
+		key, err = data.NewKey()
+		if err != nil {
+			log.Fatalln(err)
+		}
+		data.SaveKey(key, "tmp/key.gob")
+	}
+	store := data.NewCookieStore(key)
+
+	articleList, err := data.LoadArticleList("tmp/articles.gob")
+	if err != nil {
+		articleList = data.NewArticleList()
+	}
+
+	tagList, err := data.LoadTagList("tmp/tags.gob")
+	if err != nil {
+		tagList = data.NewTagList()
+	}
+
+	mux := http.NewServeMux()
+	mux.Handle("/web/static/", http.StripPrefix("/web/static/", http.FileServer(http.Dir("web/static/"))))
+	mux.HandleFunc("/", ui.HomePage(db, store))
+
+	mux.HandleFunc("GET /create-tag/", ui.CreateTag)
+	mux.HandleFunc("GET /create-user/", ui.CreateUser)
+	mux.HandleFunc("GET /hub/", ui.ShowHub(store))
+	mux.HandleFunc("GET /rss/", ui.ShowRSS(feed))
+	mux.HandleFunc("GET /unpublished-articles/", ui.ShowUnpublishedArticles(articleList))
+	mux.HandleFunc("GET /write-article/", ui.WriteArticle(tagList))
+
+	mux.HandleFunc("POST /add-tag/", ui.AddTag(tagList, store))
+	mux.HandleFunc("POST /add-user/", ui.AddUser(db, store))
+	mux.HandleFunc("POST /finish-article/", ui.FinishArticle(articleList, store))
+	mux.HandleFunc("POST /login/", ui.Login(db, store))
+	mux.HandleFunc("POST /review-article/", ui.ReviewArticle(articleList, store))
+	mux.HandleFunc("POST /publish-article/", ui.PublishArticle(feed, articleList, store))
+
+	log.Fatalln(http.ListenAndServe(":8080", mux))
 }

web/templates/add-tag.html

@@ -0,0 +1,8 @@
+{{define "page-content"}}
+<h2>Neuer Benutzer</h2>
+<form>
+    <input required name="tag" placeholder="Tag" type="text" />
+    <input type="submit" value="Anlegen" hx-post="/add-tag/" hx-target="#page-content" />
+</form>
+<button hx-get="/hub/" hx-target="#page-content">Abbrechen</button>
+{{end}}

web/templates/add-user.html

@@ -0,0 +1,28 @@
+{{define "page-content"}}
+<h2>Neuer Benutzer</h2>
+<form>
+    <input required name="username" placeholder="Benutzername" type="text" value="{{.UserName}}" />
+    <input required name="password" placeholder="Passwort" type="password" />
+    <input required name="password2" placeholder="Passwort wiederholen" type="password" />
+
+    <input required name="first-name" placeholder="Vorname" type="text" value="{{.FirstName}}" />
+    <input required name="last-name" placeholder="Nachname" type="text" value="{{.LastName}}" />
+
+    <input required id="writer" name="role" type="radio" value="2" {{if eq .Role 2 }}checked{{end}} />
+    <label for="writer">Schreiber</label>
+    <input required id="editor" name="role" type="radio" value="1" {{if eq .Role 1 }}checked{{end}} />
+    <label for="editor">Redakteur</label>
+    <input required id="admin" name="role" type="radio" value="0" {{if eq .Role 0 }}checked{{end}} />
+    <label for="admin">Admin</label>
+
+    <input type="submit" value="Anlegen" hx-post="/add-user/" hx-target="#page-content" />
+</form>
+<button hx-get="/hub/" hx-target="#page-content">Abbrechen</button>
+
+<script>
+    var msg = "{{.Msg}}";
+    if (msg != "") {
+        alert(msg);
+    }
+</script>
+{{end}}

web/templates/editor.html

@@ -0,0 +1,17 @@
+{{define "page-content"}}
+<h2>Editor</h2>
+<form>
+    <input name="editor-title" placeholder="Titel" type="text" />
+    <textarea name="editor-desc" placeholder="Beschreibung"></textarea>
+    <textarea name="editor-text" placeholder="Artikel"></textarea>
+    {{range .}}
+    <input id="{{.}}" name="tags" type="checkbox" value="{{.}}" />
+    <label for="{{.}}">{{.}}</label>
+    {{end}}
+    <input type="submit" value="Senden" hx-post="/finish-article/" hx-target="#page-content" />
+</form>
+{{end}}
+
+{{define "html-result"}}
+{{.}}
+{{end}}

web/templates/feed.rss

@@ -0,0 +1,3 @@
+{{define "page-content"}}
+{{.}}
+{{end}}

web/templates/hub.html

@@ -0,0 +1,12 @@
+{{define "page-content"}}
+<h2>Hub</h2>
+<button hx-get="/write-article/" hx-target="#page-content">Artikel schreiben</button>
+<button hx-get="/rss/" hx-target="#page-content">RSS Feed</button>
+{{if lt . 2}}
+<button hx-get="/unpublished-articles/" hx-target="#page-content">Unveröffentlichte Artikel</button>
+<button hx-get="/create-tag/" hx-target="#page-content">Neuer Tag</button>
+{{end}}
+{{if eq . 0}}
+<button hx-get="/create-user/" hx-target="#page-content">Benutzer hinzufügen</button>
+{{end}}
+{{end}}

web/templates/index.html

@@ -0,0 +1,21 @@
+<!DOCTYPE html>
+<html lang="de">
+
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1">
+    <title>Orient Editor</title>
+    <link href="web/static/css/style.css" rel="stylesheet">
+</head>
+
+<body>
+    <h1>Orient Editor</h1>
+
+    <div id="page-content">
+        {{template "page-content" .}}
+    </div>
+
+    <script src="web/static/js/htmx.min.js"></script>
+</body>
+
+</html>

web/templates/login.html

@@ -0,0 +1,8 @@
+{{define "page-content"}}
+<h2>Anmeldung</h2>
+<form>
+    <input name="username" placeholder="Benutzername" type="text" />
+    <input name="password" placeholder="Passwort" type="password" />
+    <input type="submit" value="Anmelden" hx-post="/login/" hx-target="#page-content" />
+</form>
+{{end}}

web/templates/to-be-published.html

@@ -0,0 +1,11 @@
+{{define "page-content"}}
+<form>
+    <input name="editor-title" type="text" value="{{.Title}}" />
+    <textarea name="editor-desc">{{.Desc}}</textarea>
+    <textarea name="editor-text">{{.Content}}</textarea>
+    <input name="uuid" type="hidden" value="{{.UUID}}" />
+    <input type="submit" value="Veröffentlichen" hx-post="/publish-article/" hx-target="#page-content" />
+    <input type="submit" value="Ablehnen" hx-post="/reject-article/" hx-target="#page-content" />
+</form>
+<button hx-get="/hub/" hx-target="#page-content">Zurück</button>
+{{end}}

web/templates/unpublished-articles.html

@@ -0,0 +1,10 @@
+{{define "page-content"}}
+<form>
+    {{range .}}
+    <input required id="{{.UUID}}" name="uuid" type="radio" value="{{.UUID}}" />
+    <label for="{{.UUID}}">{{.Title}}</label>
+    {{end}}
+    <input type="submit" value="Auswählen" hx-post="/review-article/" hx-target="#page-content" />
+</form>
+<button hx-get="/hub/" hx-target="#page-content">Zurück</button>
+{{end}}