Incorporated issues

LICENSE

@@ -209,7 +209,7 @@ If you develop a new program, and you want it to be of the greatest possible use
 To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively state the exclusion of warranty; and each file should have at least the “copyright” line and a pointer to where the full notice is found.
 
      cpolis
-     Copyright (C) 2024  jason
+     Copyright (C) 2024  Jason Streifling
 
      This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
 
@@ -221,7 +221,7 @@ Also add information on how to contact you by electronic and paper mail.
 
 If the program does terminal interaction, make it output a short notice like this when it starts in an interactive mode:
 
-     cpolis  Copyright (C) 2024  jason
+     cpolis  Copyright (C) 2024  Jason Streifling
      This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
      This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details.
 

cmd/control/rss.go

@@ -8,15 +8,15 @@ import (
 	"streifling.com/jason/cpolis/cmd/model"
 )
 
-func GetChannel(db *model.DB, title, link, desc string) (*rss.Channel, error) {
+func GetChannel(db *model.DB, title, link, description string) (*rss.Channel, error) {
 	channel := &rss.Channel{
 		Title:       title,
 		Link:        link,
-		Description: desc,
+		Description: description,
 		Items:       make([]*rss.Item, 0),
 	}
 
-	articles, err := db.GetCertainArticles(true)
+	articles, err := db.GetCertainArticles(true, false)
 	if err != nil {
 		return nil, fmt.Errorf("error fetching published articles: %v", err)
 	}
@@ -40,7 +40,7 @@ func GetChannel(db *model.DB, title, link, desc string) (*rss.Channel, error) {
 			Title:       article.Title,
 			Author:      user.FirstName + user.LastName,
 			PubDate:     article.Created.Format(time.RFC1123Z),
-			Description: article.Desc,
+			Description: article.Description,
 			Content:     &rss.Content{Value: article.Content},
 			Categories:  tagNames,
 		})

cmd/main.go

@@ -47,22 +47,31 @@ func main() {
 
 	mux.HandleFunc("GET /create-tag/", view.CreateTag)
 	mux.HandleFunc("GET /create-user/", view.CreateUser)
-	mux.HandleFunc("GET /hub/", view.ShowHub(store))
+	mux.HandleFunc("GET /edit-user/", view.EditUser(db, store))
+	mux.HandleFunc("GET /hub/", view.ShowHub(db, store))
+	mux.HandleFunc("GET /logout/", view.Logout(store))
+	mux.HandleFunc("GET /publish-issue/", view.PublishLatestIssue(db))
+	mux.HandleFunc("GET /rejected-articles/", view.ShowRejectedArticles(db, store))
 	mux.HandleFunc("GET /rss/", view.ShowRSS(
 		db,
 		"Freimaurer Distrikt Niedersachsen und Sachsen-Anhalt",
 		"https://distrikt-ni-st.de",
 		"Freiheit, Gleichheit, Brüderlichkeit, Toleranz und Humanität",
 	))
+	mux.HandleFunc("GET /this-issue/", view.ShowCurrentArticles(db))
 	mux.HandleFunc("GET /unpublished-articles/", view.ShowUnpublishedArticles(db))
 	mux.HandleFunc("GET /write-article/", view.WriteArticle(db))
 
 	mux.HandleFunc("POST /add-tag/", view.AddTag(db, store))
 	mux.HandleFunc("POST /add-user/", view.AddUser(db, store))
-	mux.HandleFunc("POST /finish-article/", view.FinishArticle(db, store))
 	mux.HandleFunc("POST /login/", view.Login(db, store))
-	mux.HandleFunc("POST /review-article/", view.ReviewArticle(db, store))
 	mux.HandleFunc("POST /publish-article/", view.PublishArticle(db, store))
+	mux.HandleFunc("POST /reject-article/", view.RejectArticle(db, store))
+	mux.HandleFunc("POST /resubmit-article/", view.ResubmitArticle(db, store))
+	mux.HandleFunc("POST /review-rejected-article/", view.ReviewRejectedArticle(db, store))
+	mux.HandleFunc("POST /review-unpublished-article/", view.ReviewUnpublishedArticle(db, store))
+	mux.HandleFunc("POST /submit-article/", view.SubmitArticle(db, store))
+	mux.HandleFunc("POST /update-user/", view.UpdateUser(db, store))
 
 	log.Fatalln(http.ListenAndServe(":8080", mux))
 }

cmd/model/articles.go

@@ -0,0 +1,257 @@
+package model
+
+import (
+	"context"
+	"database/sql"
+	"fmt"
+	"log"
+	"time"
+)
+
+type Article struct {
+	Title       string
+	Created     time.Time
+	Description string
+	Content     string
+	Published   bool
+	Rejected    bool
+	ID          int64
+	AuthorID    int64
+	IssueID     int64
+}
+
+func (db *DB) AddArticle(a *Article) (int64, error) {
+	var id int64
+	txOptions := &sql.TxOptions{Isolation: sql.LevelSerializable}
+	selectQuery := "SELECT id FROM issues WHERE published = false"
+	insertQuery := `
+    INSERT INTO articles
+        (title, description, content, published, rejected, author_id, issue_id)
+    VALUES (?, ?, ?, ?, ?, ?, ?)
+    `
+
+	for i := 0; i < TxMaxRetries; i++ {
+		id, err := func() (int64, error) {
+			tx, err := db.BeginTx(context.Background(), txOptions)
+			if err != nil {
+				return 0, fmt.Errorf("error starting transaction: %v", err)
+			}
+
+			if err = tx.QueryRow(selectQuery).Scan(&id); err != nil {
+				if rollbackErr := tx.Rollback(); rollbackErr != nil {
+					log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+				}
+				return 0, fmt.Errorf("error getting issue ID when adding article to DB: %v", err)
+			}
+
+			result, err := tx.Exec(insertQuery, a.Title, a.Description,
+				a.Content, a.Published, a.Rejected, a.AuthorID, id)
+			if err != nil {
+				if rollbackErr := tx.Rollback(); rollbackErr != nil {
+					log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+				}
+				return 0, fmt.Errorf("error inserting article into DB: %v", err)
+			}
+
+			id, err := result.LastInsertId()
+			if err != nil {
+				if rollbackErr := tx.Rollback(); rollbackErr != nil {
+					log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+				}
+				return 0, fmt.Errorf("error retrieving ID of added article: %v", err)
+			}
+
+			if err = tx.Commit(); err != nil {
+				return 0, fmt.Errorf("error committing transaction when adding article to DB: %v", err)
+			}
+			return id, nil
+		}()
+		if err == nil {
+			return id, nil
+		}
+
+		log.Println(err)
+		wait(i)
+	}
+
+	return 0, fmt.Errorf("error: %v unsuccessful retries for DB operation, aborting", TxMaxRetries)
+}
+
+func (db *DB) GetArticle(id int64) (*Article, error) {
+	query := `
+    SELECT title, created, description, content, published, author_id
+    FROM articles
+    WHERE id = ?
+    `
+	row := db.QueryRow(query, id)
+
+	article := new(Article)
+	var created []byte
+	var err error
+
+	if err := row.Scan(&article.Title, &created, &article.Description,
+		&article.Content, &article.Published, &article.AuthorID); err != nil {
+		return nil, fmt.Errorf("error scanning article row: %v", err)
+	}
+
+	article.ID = id
+	article.Created, err = time.Parse("2006-01-02 15:04:05", string(created))
+	if err != nil {
+		return nil, fmt.Errorf("error parsing created: %v", err)
+	}
+
+	return article, nil
+}
+
+func (db *DB) GetCertainArticles(published, rejected bool) ([]*Article, error) {
+	query := `
+    SELECT id, title, created, description, content, author_id
+    FROM articles
+    WHERE published = ?
+    AND rejected = ?
+    `
+	rows, err := db.Query(query, published, rejected)
+	if err != nil {
+		return nil, fmt.Errorf("error querying articles: %v", err)
+	}
+
+	articleList := make([]*Article, 0)
+	for rows.Next() {
+		article := new(Article)
+		var created []byte
+
+		if err = rows.Scan(&article.ID, &article.Title, &created,
+			&article.Description, &article.Content, &article.AuthorID); err != nil {
+			return nil, fmt.Errorf("error scanning article row: %v", err)
+		}
+
+		article.Published = false
+		article.Created, err = time.Parse("2006-01-02 15:04:05", string(created))
+		if err != nil {
+			return nil, fmt.Errorf("error parsing created: %v", err)
+		}
+
+		articleList = append(articleList, article)
+	}
+
+	return articleList, nil
+}
+
+func (db *DB) GetCurrentIssueArticles() ([]*Article, error) {
+	var issueID int64
+	txOptions := &sql.TxOptions{Isolation: sql.LevelSerializable}
+	issueQuery := "SELECT id FROM issues WHERE published = false"
+	articlesQuery := `
+    SELECT id, title, created, description, content, author_id
+    FROM articles
+    WHERE issue_id = ? AND published = true
+    `
+
+	for i := 0; i < TxMaxRetries; i++ {
+		id, err := func() ([]*Article, error) {
+			tx, err := db.BeginTx(context.Background(), txOptions)
+			if err != nil {
+				return nil, fmt.Errorf("error starting transaction: %v", err)
+			}
+
+			row := tx.QueryRow(issueQuery)
+			if err := row.Scan(&issueID); err != nil {
+				if rollbackErr := tx.Rollback(); rollbackErr != nil {
+					log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+				}
+				return nil, fmt.Errorf("error querying DB for unpublished issue: %v", err)
+			}
+
+			rows, err := tx.Query(articlesQuery, issueID)
+			if err != nil {
+				if rollbackErr := tx.Rollback(); rollbackErr != nil {
+					log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+				}
+				return nil, fmt.Errorf("error querying DB for articles of issue %v: %v", issueID, err)
+			}
+
+			articleList := make([]*Article, 0)
+			for rows.Next() {
+				article := new(Article)
+				var created []byte
+
+				if err = rows.Scan(&article.ID, &article.Title, &created,
+					&article.Description, &article.Content, &article.AuthorID); err != nil {
+					if rollbackErr := tx.Rollback(); rollbackErr != nil {
+						log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+					}
+					return nil, fmt.Errorf("error scanning article from issue %v: %v", issueID, err)
+				}
+
+				article.Created, err = time.Parse("2006-01-02 15:04:05", string(created))
+				if err != nil {
+					if rollbackErr := tx.Rollback(); rollbackErr != nil {
+						log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+					}
+					return nil, fmt.Errorf("error parsing created: %v", err)
+				}
+
+				articleList = append(articleList, article)
+			}
+
+			if err = tx.Commit(); err != nil {
+				return nil, fmt.Errorf("error committing transaction when getting articles of issue %v: %v", issueID, err)
+			}
+
+			return articleList, nil
+		}()
+		if err == nil {
+			return id, nil
+		}
+
+		log.Println(err)
+		wait(i)
+	}
+
+	return nil, fmt.Errorf("error: %v unsuccessful retries for DB operation, aborting", TxMaxRetries)
+}
+
+func (db *DB) AddArticleToCurrentIssue(id int64) error {
+	var issueID int64
+	txOptions := &sql.TxOptions{Isolation: sql.LevelSerializable}
+	selectQuery := "SELECT id FROM issues WHERE published = false"
+	updateQuery := "UPDATE articles SET issue_id = ? WHERE id = ?"
+
+	for i := 0; i < TxMaxRetries; i++ {
+		err := func() error {
+			tx, err := db.BeginTx(context.Background(), txOptions)
+			if err != nil {
+				return fmt.Errorf("error starting transaction: %v", err)
+			}
+
+			if err = tx.QueryRow(selectQuery).Scan(&issueID); err != nil {
+				if rollbackErr := tx.Rollback(); rollbackErr != nil {
+					log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+				}
+				return fmt.Errorf("error scanning row: %v", err)
+			}
+
+			_, err = db.Exec(updateQuery, issueID, id)
+			if err != nil {
+				if rollbackErr := tx.Rollback(); rollbackErr != nil {
+					log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+				}
+				return fmt.Errorf("error updating issueID for article: %v", err)
+			}
+
+			if err = tx.Commit(); err != nil {
+				return fmt.Errorf("error committing transaction when getting articles of issue %v: %v", issueID, err)
+			}
+
+			return nil
+		}()
+		if err == nil {
+			return nil
+		}
+
+		log.Println(err)
+		wait(i)
+	}
+
+	return fmt.Errorf("error: %v unsuccessful retries for DB operation, aborting", TxMaxRetries)
+}

cmd/model/articles_tags.go

@@ -0,0 +1,94 @@
+package model
+
+import (
+	"fmt"
+	"log"
+)
+
+func (db *DB) WriteArticleTags(articleID int64, tagIDs []int64) error {
+	query := `
+    INSERT INTO articles_tags (article_id, tag_id)
+    VALUES (?, ?)
+    `
+
+	for i := 0; i < TxMaxRetries; i++ {
+		err := func() error {
+			tx, err := db.Begin()
+			if err != nil {
+				return fmt.Errorf("error starting transaction: %v", err)
+			}
+
+			for _, tagID := range tagIDs {
+				if _, err := tx.Exec(query, articleID, tagID); err != nil {
+					if rollbackErr := tx.Rollback(); rollbackErr != nil {
+						log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+					}
+					return fmt.Errorf("error inserting into articles_tags: %v", err)
+				}
+			}
+
+			if err = tx.Commit(); err != nil {
+				return fmt.Errorf("error committing transaction: %v", err)
+			}
+			return nil
+		}()
+		if err == nil {
+			return nil
+		}
+
+		log.Println(err)
+		wait(i)
+	}
+	return fmt.Errorf("error: %v unsuccessful retries for DB operation, aborting", TxMaxRetries)
+}
+
+func (db *DB) GetArticleTags(articleID int64) ([]*Tag, error) {
+	query := `
+    SELECT t.id, t.name
+    FROM articles a
+    INNER JOIN articles_tags at ON a.id = at.article_id
+    INNER JOIN tags t ON at.tag_id = t.id
+    WHERE a.id = ?
+    `
+	rows, err := db.Query(query, articleID)
+	if err != nil {
+		return nil, fmt.Errorf("error querying articles_tags: %v", err)
+	}
+
+	tags := make([]*Tag, 0)
+	for rows.Next() {
+		tag := new(Tag)
+		if err = rows.Scan(&tag.ID, &tag.Name); err != nil {
+			return nil, fmt.Errorf("error scanning rows: %v", err)
+		}
+		tags = append(tags, tag)
+	}
+
+	return tags, nil
+}
+
+func (db *DB) UpdateArticleTags(articleID int64, tagIDs []int64) error {
+	query := `
+    `
+
+	for i := 0; i < TxMaxRetries; i++ {
+		err := func() error {
+			tx, err := db.Begin()
+			if err != nil {
+				return fmt.Errorf("error starting transaction: %v", err)
+			}
+
+			if err = tx.Commit(); err != nil {
+				return fmt.Errorf("error committing transaction: %v", err)
+			}
+			return nil
+		}()
+		if err == nil {
+			return nil
+		}
+
+		log.Println(err)
+		wait(i)
+	}
+	return fmt.Errorf("error: %v unsuccessful retries for DB operation, aborting", TxMaxRetries)
+}

cmd/model/db.go

@@ -1,22 +1,85 @@
 package model
 
 import (
+	"bufio"
 	"database/sql"
 	"fmt"
 	"log"
+	"math"
+	"math/rand/v2"
+	"os"
+	"strings"
+	"syscall"
 	"time"
 
 	"github.com/go-sql-driver/mysql"
-	"golang.org/x/crypto/bcrypt"
+	"golang.org/x/term"
 )
 
-type DB struct {
+var TxMaxRetries = 5
-	*sql.DB
+
+type (
+	DB struct{ *sql.DB }
+	Tx struct{ *sql.Tx }
+
+	Attribute struct {
+		Value   any
+		Table   string
+		AttName string
+		ID      int64
+	}
+)
+
+func getUsername() (string, error) {
+	user := os.Getenv("DB_USER")
+	if user == "" {
+		var err error
+		fmt.Printf("DB Benutzer: ")
+		user, err = bufio.NewReader(os.Stdin).ReadString('\n')
+		if err != nil {
+			return "", fmt.Errorf("error reading username: %v", err)
+		}
+	}
+	return strings.TrimSpace(user), nil
+}
+
+func getPassword() (string, error) {
+	pass := os.Getenv("DB_PASS")
+	if pass == "" {
+		fmt.Printf("DB Passwort: ")
+		bytePass, err := term.ReadPassword(int(syscall.Stdin))
+		if err != nil {
+			return "", fmt.Errorf("error reading password: %v", err)
+		}
+		fmt.Println()
+		pass = strings.TrimSpace(string(bytePass))
+	}
+	return pass, nil
+}
+
+func getCredentials() (string, string, error) {
+	user, err := getUsername()
+	if err != nil {
+		return "", "", fmt.Errorf("error getting username: %v", err)
+	}
+
+	pass, err := getPassword()
+	if err != nil {
+		return "", "", fmt.Errorf("error getting password: %v", err)
+	}
+
+	return user, pass, nil
+}
+
+func wait(iteration int) {
+	waitTime := time.Duration(math.Pow(2, float64(iteration))) * 100 * time.Millisecond
+	jitter := time.Duration(rand.IntN(int(waitTime)/2)) * time.Millisecond
+	time.Sleep(waitTime + jitter)
 }
 
 func OpenDB(dbName string) (*DB, error) {
 	var err error
-	db := DB{DB: &sql.DB{}}
+	db := DB{DB: new(sql.DB)}
 
 	cfg := mysql.NewConfig()
 	cfg.DBName = dbName
@@ -36,130 +99,47 @@ func OpenDB(dbName string) (*DB, error) {
 	return &db, nil
 }
 
-func (db *DB) UpdateAttribute(table string, id int64, attribute string, val interface{}) error {
+func (db *DB) UpdateAttributes(a ...*Attribute) error {
-	query := fmt.Sprintf(`
+	for i := 0; i < TxMaxRetries; i++ {
-    UPDATE %s
+		err := func() error {
-    SET %s = ?
-    WHERE id = ?
-    `, table, attribute)
-	if _, err := db.Exec(query, val, id); err != nil {
-		return fmt.Errorf("error updating article in DB: %v", err)
-	}
-	return nil
-}
-
-func (db *DB) AddUser(user *User, pass string) error {
-	hashedPass, err := bcrypt.GenerateFromPassword([]byte(pass), bcrypt.DefaultCost)
-	if err != nil {
-		return fmt.Errorf("error creating password hash: %v", err)
-	}
-
-	query := `
-    INSERT INTO users
-        (username, password, first_name, last_name, role)
-    VALUES (?, ?, ?, ?, ?)
-    `
-	if _, err = db.Exec(query, user.UserName, string(hashedPass), user.FirstName, user.LastName, user.Role); err != nil {
-		return fmt.Errorf("error inserting user into DB: %v", err)
-	}
-
-	return nil
-}
-
-func (db *DB) GetID(userName string) (int64, error) {
-	var id int64
-
-	query := `
-    SELECT id
-    FROM users
-    WHERE username = ?
-    `
-	row := db.QueryRow(query, userName)
-	if err := row.Scan(&id); err != nil {
-		return 0, fmt.Errorf("user not in DB: %v", err)
-	}
-
-	return id, nil
-}
-
-func (db *DB) CheckPassword(id int64, pass string) error {
-	var queriedPass string
-
-	query := `
-    SELECT password
-    FROM users
-    WHERE id = ?
-    `
-	row := db.QueryRow(query, id)
-	if err := row.Scan(&queriedPass); err != nil {
-		return fmt.Errorf("error reading password from DB: %v", err)
-	}
-
-	if err := bcrypt.CompareHashAndPassword([]byte(queriedPass), []byte(pass)); err != nil {
-		return fmt.Errorf("incorrect password: %v", err)
-	}
-
-	return nil
-}
-
-func (db *DB) ChangePassword(id int64, oldPass, newPass string) error {
 			tx, err := db.Begin()
 			if err != nil {
 				return fmt.Errorf("error starting transaction: %v", err)
 			}
 
-	var queriedPass string
+			for _, attribute := range a {
-	getQuery := `
+				query := fmt.Sprintf(`
-    SELECT password
+                    UPDATE %s
-    FROM users
+                    SET %s = ?
                     WHERE id = ?
-    `
+                    `, attribute.Table, attribute.AttName)
-	row := tx.QueryRow(getQuery, id)
+				if _, err := tx.Exec(query, attribute.Value, attribute.ID); err != nil {
-	if err := row.Scan(&queriedPass); err != nil {
 					if rollbackErr := tx.Rollback(); rollbackErr != nil {
-			log.Fatalf("error: transaction error: %v, rollback error: %v", err, rollbackErr)
+						log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
 					}
-		return fmt.Errorf("error reading password from DB: %v", err)
+					return fmt.Errorf("error updating %v in DB: %v", attribute.AttName, err)
 				}
-
-	if err := bcrypt.CompareHashAndPassword([]byte(queriedPass), []byte(oldPass)); err != nil {
-		if rollbackErr := tx.Rollback(); rollbackErr != nil {
-			log.Fatalf("error: transaction error: %v, rollback error: %v", err, rollbackErr)
-		}
-		return fmt.Errorf("incorrect password: %v", err)
-	}
-
-	newHashedPass, err := bcrypt.GenerateFromPassword([]byte(newPass), bcrypt.DefaultCost)
-	if err != nil {
-		if rollbackErr := tx.Rollback(); rollbackErr != nil {
-			log.Fatalf("error: transaction error: %v, rollback error: %v", err, rollbackErr)
-		}
-		return fmt.Errorf("error creating password hash: %v", err)
-	}
-
-	setQuery := `
-    UPDATE users
-    SET password = ?
-    WHERE id = ?
-    `
-	if _, err = tx.Exec(setQuery, string(newHashedPass), id); err != nil {
-		if rollbackErr := tx.Rollback(); rollbackErr != nil {
-			log.Fatalf("error: transaction error: %v, rollback error: %v", err, rollbackErr)
-		}
-		return fmt.Errorf("error updating password in DB: %v", err)
 			}
 
 			if err = tx.Commit(); err != nil {
 				return fmt.Errorf("error committing transaction: %v", err)
 			}
-
 			return nil
+		}()
+		if err == nil {
+			return nil
+		}
+
+		log.Println(err)
+		wait(i)
+	}
+	return fmt.Errorf("error: %v unsuccessful retries for DB operation, aborting", TxMaxRetries)
 }
 
-func (db *DB) CountEntries() (int64, error) {
+func (db *DB) CountEntries(table string) (int64, error) {
 	var count int64
 
-	query := `SELECT COUNT(*) FROM users`
+	query := fmt.Sprintf("SELECT COUNT(*) FROM %s", table)
 	row := db.QueryRow(query)
 	if err := row.Scan(&count); err != nil {
 		return 0, fmt.Errorf("error counting rows in user DB: %v", err)
@@ -168,175 +148,20 @@ func (db *DB) CountEntries() (int64, error) {
 	return count, nil
 }
 
-// TODO: No need for ID field in general
+func (tx *Tx) UpdateAttributes(a ...*Attribute) error {
-func (db *DB) GetUser(id int64) (*User, error) {
+	for _, attribute := range a {
-	user := new(User)
+		query := fmt.Sprintf(`
-	query := `
+            UPDATE %s
-    SELECT id, username, first_name, last_name, role
+            SET %s = ?
-    FROM users
             WHERE id = ?
-    `
+            `, attribute.Table, attribute.AttName)
-
+		if _, err := tx.Exec(query, attribute.Value, attribute.ID); err != nil {
-	row := db.QueryRow(query, id)
-	if err := row.Scan(&user.ID, &user.UserName, &user.FirstName, &user.LastName, &user.Role); err != nil {
-		return nil, fmt.Errorf("error reading user information: %v", err)
-	}
-
-	return user, nil
-}
-
-func (db *DB) AddTag(tagName string) error {
-	query := "INSERT INTO tags (name) VALUES (?)"
-	if _, err := db.Exec(query, tagName); err != nil {
-		return fmt.Errorf("error inserting tag into DB: %v", err)
-	}
-	return nil
-}
-
-func (db *DB) GetTagList() ([]*Tag, error) {
-	query := "SELECT id, name FROM tags"
-	rows, err := db.Query(query)
-	if err != nil {
-		return nil, fmt.Errorf("error querying tags: %v", err)
-	}
-
-	tagList := make([]*Tag, 0)
-	for rows.Next() {
-		tag := new(Tag)
-		if err = rows.Scan(&tag.ID, &tag.Name); err != nil {
-			return nil, fmt.Errorf("error scanning tag row: %v", err)
-		}
-		tagList = append(tagList, tag)
-	}
-
-	return tagList, nil
-}
-
-func (db *DB) AddArticle(a *Article) (int64, error) {
-	query := `
-    INSERT INTO articles
-        (title, description, content, published, author_id)
-    VALUES
-        (?, ?, ?, ?, ?)
-    `
-
-	result, err := db.Exec(query, a.Title, a.Desc, a.Content, a.Published, a.AuthorID)
-	if err != nil {
-		return 0, fmt.Errorf("error inserting article into DB: %v", err)
-	}
-	id, err := result.LastInsertId()
-	if err != nil {
-		return 0, fmt.Errorf("error retrieving last ID: %v", err)
-	}
-
-	return id, nil
-}
-
-func (db *DB) GetArticle(id int64) (*Article, error) {
-	query := `
-    SELECT title, created, description, content, published, author_id
-    FROM articles
-    WHERE id = ?
-    `
-	row := db.QueryRow(query, id)
-
-	article := new(Article)
-	var created []byte
-	var err error
-
-	if err := row.Scan(&article.Title, &created, &article.Desc,
-		&article.Content, &article.Published, &article.AuthorID); err != nil {
-		return nil, fmt.Errorf("error scanning article row: %v", err)
-	}
-
-	article.ID = id
-	article.Created, err = time.Parse("2006-01-02 15:04:05", string(created))
-	if err != nil {
-		return nil, fmt.Errorf("error parsing created: %v", err)
-	}
-
-	return article, nil
-}
-
-func (db *DB) GetCertainArticles(published bool) ([]*Article, error) {
-	query := `
-    SELECT id, title, created, description, content, author_id
-    FROM articles
-    WHERE published = ?
-    `
-	rows, err := db.Query(query, published)
-	if err != nil {
-		return nil, fmt.Errorf("error querying articles: %v", err)
-	}
-
-	articleList := make([]*Article, 0)
-	for rows.Next() {
-		article := new(Article)
-		var created []byte
-
-		if err = rows.Scan(&article.ID, &article.Title, &created, &article.Desc,
-			&article.Content, &article.AuthorID); err != nil {
-			return nil, fmt.Errorf("error scanning article row: %v", err)
-		}
-
-		article.Published = false
-		article.Created, err = time.Parse("2006-01-02 15:04:05", string(created))
-		if err != nil {
-			return nil, fmt.Errorf("error parsing created: %v", err)
-		}
-
-		articleList = append(articleList, article)
-	}
-
-	return articleList, nil
-}
-
-func (db *DB) WriteArticleTags(articleID int64, tagIDs []int64) error {
-	tx, err := db.Begin()
-	if err != nil {
-		return fmt.Errorf("error starting transaction: %v", err)
-	}
-
-	for _, tagID := range tagIDs {
-		query := `
-        INSERT INTO articles_tags (article_id, tag_id)
-        VALUES (?, ?)
-        `
-		if _, err := tx.Exec(query, articleID, tagID); err != nil {
 			if rollbackErr := tx.Rollback(); rollbackErr != nil {
-				log.Fatalf("error: transaction error: %v, rollback error: %v", err, rollbackErr)
+				log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
 			}
-			return fmt.Errorf("error inserting into articles_tags: %v", err)
+			return fmt.Errorf("error updating %v in DB: %v", attribute.AttName, err)
 		}
 	}
 
-	if err = tx.Commit(); err != nil {
-		return fmt.Errorf("error committing transaction: %v", err)
-	}
 	return nil
 }
-
-func (db *DB) GetArticleTags(articleID int64) ([]*Tag, error) {
-	query := `
-    SELECT t.id, t.name
-    FROM articles a
-    INNER JOIN articles_tags at ON a.id = at.article_id
-    INNER JOIN tags t ON at.tag_id = t.id
-    WHERE a.id = ?
-    `
-	rows, err := db.Query(query, articleID)
-	if err != nil {
-		return nil, fmt.Errorf("error querying articles_tags: %v", err)
-	}
-
-	tags := make([]*Tag, 0)
-	for rows.Next() {
-		tag := new(Tag)
-		if err = rows.Scan(&tag.ID, &tag.Name); err != nil {
-			return nil, fmt.Errorf("error scanning rows: %v", err)
-		}
-		tags = append(tags, tag)
-	}
-
-	return tags, nil
-}

cmd/model/helpers.go

@@ -1,52 +0,0 @@
-package model
-
-import (
-	"bufio"
-	"fmt"
-	"os"
-	"strings"
-	"syscall"
-
-	"golang.org/x/term"
-)
-
-func getUsername() (string, error) {
-	user := os.Getenv("DB_USER")
-	if user == "" {
-		var err error
-		fmt.Printf("DB Benutzer: ")
-		user, err = bufio.NewReader(os.Stdin).ReadString('\n')
-		if err != nil {
-			return "", fmt.Errorf("error reading username: %v", err)
-		}
-	}
-	return strings.TrimSpace(user), nil
-}
-
-func getPassword() (string, error) {
-	pass := os.Getenv("DB_PASS")
-	if pass == "" {
-		fmt.Printf("DB Passwort: ")
-		bytePass, err := term.ReadPassword(int(syscall.Stdin))
-		if err != nil {
-			return "", fmt.Errorf("error reading password: %v", err)
-		}
-		fmt.Println()
-		pass = strings.TrimSpace(string(bytePass))
-	}
-	return pass, nil
-}
-
-func getCredentials() (string, string, error) {
-	user, err := getUsername()
-	if err != nil {
-		return "", "", fmt.Errorf("error getting username: %v", err)
-	}
-
-	pass, err := getPassword()
-	if err != nil {
-		return "", "", fmt.Errorf("error getting password: %v", err)
-	}
-
-	return user, pass, nil
-}

cmd/model/issues.go

@@ -0,0 +1,66 @@
+package model
+
+import (
+	"context"
+	"database/sql"
+	"fmt"
+	"log"
+)
+
+func (db *DB) AddIssue() (int64, error) {
+	query := "INSERT INTO issues (published) VALUES (?)"
+	result, err := db.Exec(query, false)
+	if err != nil {
+		return 0, fmt.Errorf("error inserting issue into DB: %v", err)
+	}
+
+	id, err := result.LastInsertId()
+	if err != nil {
+		return 0, fmt.Errorf("error getting ID of added issue: %v", err)
+	}
+
+	return id, nil
+}
+
+func (db *DB) PublishLatestIssue() error {
+	var id int64
+	txOptions := &sql.TxOptions{Isolation: sql.LevelSerializable}
+	updateQuery := "UPDATE issues SET published = true WHERE published = false"
+	insertQuery := "INSERT INTO issues (published) VALUES (?)"
+
+	for i := 0; i < TxMaxRetries; i++ {
+		err := func() error {
+			tx, err := db.BeginTx(context.Background(), txOptions)
+			if err != nil {
+				return fmt.Errorf("error starting transaction: %v", err)
+			}
+
+			if _, err := tx.Exec(updateQuery, id); err != nil {
+				if rollbackErr := tx.Rollback(); rollbackErr != nil {
+					log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+				}
+				return fmt.Errorf("error publishing issue: %v", err)
+			}
+
+			if _, err := tx.Exec(insertQuery, false); err != nil {
+				if rollbackErr := tx.Rollback(); rollbackErr != nil {
+					log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+				}
+				return fmt.Errorf("error inserting new issue into DB: %v", err)
+			}
+
+			if err = tx.Commit(); err != nil {
+				return fmt.Errorf("error committing transaction when publishing issue: %v", err)
+			}
+			return nil
+		}()
+		if err == nil {
+			return nil
+		}
+
+		log.Println(err)
+		wait(i)
+	}
+
+	return fmt.Errorf("error: %v unsuccessful retries for DB operation, aborting", TxMaxRetries)
+}

cmd/model/structs.go

@@ -1,35 +0,0 @@
-package model
-
-import (
-	"time"
-)
-
-const (
-	Admin = iota
-	Editor
-	Writer
-)
-
-type User struct {
-	UserName         string
-	FirstName        string
-	LastName         string
-	RejectedArticles []*Article
-	ID               int64
-	Role             int
-}
-
-type Tag struct {
-	Name string
-	ID   int64
-}
-
-type Article struct {
-	Title     string
-	Created   time.Time
-	Desc      string
-	Content   string
-	Published bool
-	ID        int64
-	AuthorID  int64
-}

cmd/model/tags.go

@@ -0,0 +1,35 @@
+package model
+
+import "fmt"
+
+type Tag struct {
+	Name string
+	ID   int64
+}
+
+func (db *DB) AddTag(tagName string) error {
+	query := "INSERT INTO tags (name) VALUES (?)"
+	if _, err := db.Exec(query, tagName); err != nil {
+		return fmt.Errorf("error inserting tag into DB: %v", err)
+	}
+	return nil
+}
+
+func (db *DB) GetTagList() ([]*Tag, error) {
+	query := "SELECT id, name FROM tags"
+	rows, err := db.Query(query)
+	if err != nil {
+		return nil, fmt.Errorf("error querying tags: %v", err)
+	}
+
+	tagList := make([]*Tag, 0)
+	for rows.Next() {
+		tag := new(Tag)
+		if err = rows.Scan(&tag.ID, &tag.Name); err != nil {
+			return nil, fmt.Errorf("error scanning tag row: %v", err)
+		}
+		tagList = append(tagList, tag)
+	}
+
+	return tagList, nil
+}

cmd/model/users.go

@@ -0,0 +1,200 @@
+package model
+
+import (
+	"fmt"
+	"log"
+
+	"golang.org/x/crypto/bcrypt"
+)
+
+const (
+	Admin = iota
+	Publisher
+	Editor
+	Author
+)
+
+type User struct {
+	UserName  string
+	FirstName string
+	LastName  string
+	ID        int64
+	Role      int
+}
+
+func (db *DB) AddUser(u *User, pass string) (int64, error) {
+	hashedPass, err := bcrypt.GenerateFromPassword([]byte(pass), bcrypt.DefaultCost)
+	if err != nil {
+		return 0, fmt.Errorf("error creating password hash: %v", err)
+	}
+
+	query := `
+    INSERT INTO users (username, password, first_name, last_name, role)
+    VALUES (?, ?, ?, ?, ?)
+    `
+	result, err := db.Exec(query, u.UserName, string(hashedPass), u.FirstName, u.LastName, u.Role)
+	if err != nil {
+		return 0, fmt.Errorf("error inserting new user %v into DB: %v", u.UserName, err)
+	}
+	id, err := result.LastInsertId()
+	if err != nil {
+		return 0, fmt.Errorf("error inserting user into DB: %v", err)
+	}
+
+	return id, nil
+}
+
+func (db *DB) GetID(userName string) (int64, bool) {
+	var id int64
+
+	query := `
+    SELECT id
+    FROM users
+    WHERE username = ?
+    `
+	row := db.QueryRow(query, userName)
+	if err := row.Scan(&id); err != nil {
+		return 0, false
+	}
+
+	return id, true
+}
+
+func (db *DB) CheckPassword(id int64, pass string) error {
+	var queriedPass string
+
+	query := `
+    SELECT password
+    FROM users
+    WHERE id = ?
+    `
+	row := db.QueryRow(query, id)
+	if err := row.Scan(&queriedPass); err != nil {
+		return fmt.Errorf("error reading password from DB: %v", err)
+	}
+
+	if err := bcrypt.CompareHashAndPassword([]byte(queriedPass), []byte(pass)); err != nil {
+		return fmt.Errorf("incorrect password: %v", err)
+	}
+
+	return nil
+}
+
+func (tx *Tx) ChangePassword(id int64, oldPass, newPass string) error {
+	var queriedPass string
+	getQuery := `
+    SELECT password
+    FROM users
+    WHERE id = ?
+    `
+	row := tx.QueryRow(getQuery, id)
+	if err := row.Scan(&queriedPass); err != nil {
+		if rollbackErr := tx.Rollback(); rollbackErr != nil {
+			log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+		}
+		return fmt.Errorf("error reading password from DB: %v", err)
+	}
+
+	if err := bcrypt.CompareHashAndPassword([]byte(queriedPass), []byte(oldPass)); err != nil {
+		if rollbackErr := tx.Rollback(); rollbackErr != nil {
+			log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+		}
+		return fmt.Errorf("incorrect password: %v", err)
+	}
+
+	newHashedPass, err := bcrypt.GenerateFromPassword([]byte(newPass), bcrypt.DefaultCost)
+	if err != nil {
+		if rollbackErr := tx.Rollback(); rollbackErr != nil {
+			log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+		}
+		return fmt.Errorf("error creating password hash: %v", err)
+	}
+
+	setQuery := `
+    UPDATE users
+    SET password = ?
+    WHERE id = ?
+    `
+	if _, err = tx.Exec(setQuery, string(newHashedPass), id); err != nil {
+		if rollbackErr := tx.Rollback(); rollbackErr != nil {
+			log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+		}
+		return fmt.Errorf("error updating password in DB: %v", err)
+	}
+
+	return nil
+}
+
+// TODO: No need for ID field in general
+func (db *DB) GetUser(id int64) (*User, error) {
+	user := new(User)
+	query := `
+    SELECT id, username, first_name, last_name, role
+    FROM users
+    WHERE id = ?
+    `
+
+	row := db.QueryRow(query, id)
+	if err := row.Scan(&user.ID, &user.UserName, &user.FirstName,
+		&user.LastName, &user.Role); err != nil {
+		return nil, fmt.Errorf("error reading user information: %v", err)
+	}
+
+	return user, nil
+}
+
+func (db *DB) UpdateUserAttributes(id int64, user, first, last, oldPass, newPass, newPass2 string) error {
+	passwordEmpty := true
+	if len(newPass) > 0 || len(newPass2) > 0 {
+		if newPass != newPass2 {
+			return fmt.Errorf("error: passwords do not match")
+		}
+		passwordEmpty = false
+	}
+
+	tx := new(Tx)
+	var err error
+
+	for i := 0; i < TxMaxRetries; i++ {
+		err := func() error {
+			tx.Tx, err = db.Begin()
+			if err != nil {
+				return fmt.Errorf("error starting transaction: %v", err)
+			}
+
+			if !passwordEmpty {
+				if err = tx.ChangePassword(id, oldPass, newPass); err != nil {
+					if rollbackErr := tx.Rollback(); rollbackErr != nil {
+						log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+					}
+					return fmt.Errorf("error changing password: %v", err)
+				}
+			}
+
+			if err = tx.UpdateAttributes(
+				&Attribute{Table: "users", ID: id, AttName: "username", Value: user},
+				&Attribute{Table: "users", ID: id, AttName: "first_name", Value: first},
+				&Attribute{Table: "users", ID: id, AttName: "last_name", Value: last},
+			); err != nil {
+				if rollbackErr := tx.Rollback(); rollbackErr != nil {
+					log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+				}
+				return fmt.Errorf("error updating attributes in DB: %v", err)
+			}
+
+			if err = tx.Commit(); err != nil {
+				return fmt.Errorf("error committing transaction: %v", err)
+			}
+
+			return nil
+		}()
+		if err == nil {
+			return nil
+		}
+
+		log.Println(err)
+		wait(i)
+	}
+
+	return fmt.Errorf("error: %v unsuccessful retries for DB operation, aborting", TxMaxRetries)
+}

cmd/view/admin.go

@@ -1,128 +0,0 @@
-package view
-
-import (
-	"fmt"
-	"html/template"
-	"log"
-	"net/http"
-	"strconv"
-
-	"streifling.com/jason/cpolis/cmd/control"
-	"streifling.com/jason/cpolis/cmd/model"
-)
-
-type AddUserData struct {
-	*model.User
-	Msg string
-}
-
-func inputsEmpty(user *model.User, pass, pass2 string) bool {
-	return len(user.UserName) == 0 ||
-		len(user.FirstName) == 0 ||
-		len(user.LastName) == 0 ||
-		len(pass) == 0 ||
-		len(pass2) == 0
-}
-
-func checkUserStrings(user *model.User) (string, int, bool) {
-	userLen := 15
-	nameLen := 50
-
-	if len(user.UserName) > userLen {
-		return "Benutzername", userLen, false
-	} else if len(user.FirstName) > nameLen {
-		return "Vorname", nameLen, false
-	} else if len(user.LastName) > nameLen {
-		return "Nachname", nameLen, false
-	} else {
-		return "", 0, true
-	}
-}
-
-func CreateUser(w http.ResponseWriter, r *http.Request) {
-	tmpl, err := template.ParseFiles("web/templates/add-user.html")
-	template.Must(tmpl, err).ExecuteTemplate(w, "page-content", nil)
-}
-
-func AddUser(db *model.DB, s *control.CookieStore) http.HandlerFunc {
-	return func(w http.ResponseWriter, r *http.Request) {
-		role, err := strconv.Atoi(r.PostFormValue("role"))
-		if err != nil {
-			log.Println(err)
-			http.Error(w, err.Error(), http.StatusInternalServerError)
-			return
-		}
-
-		htmlData := AddUserData{
-			User: &model.User{
-				UserName:  r.PostFormValue("username"),
-				FirstName: r.PostFormValue("first-name"),
-				LastName:  r.PostFormValue("last-name"),
-				Role:      role,
-			},
-		}
-		pass := r.PostFormValue("password")
-		pass2 := r.PostFormValue("password2")
-
-		if inputsEmpty(htmlData.User, pass, pass2) {
-			htmlData.Msg = "Alle Felder müssen ausgefüllt werden."
-			tmpl, err := template.ParseFiles("web/templates/add-user.html")
-			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", htmlData)
-			return
-		}
-		userString, stringLen, ok := checkUserStrings(htmlData.User)
-		if !ok {
-			htmlData.Msg = fmt.Sprint(userString, " ist zu lang. Maximal ",
-				stringLen, " Zeichen erlaubt.")
-			tmpl, err := template.ParseFiles("web/templates/add-user.html")
-			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", htmlData)
-			return
-		}
-		id, _ := db.GetID(htmlData.UserName)
-		if id != 0 {
-			htmlData.Msg = fmt.Sprint(htmlData.UserName,
-				" ist bereits vergeben. Bitte anderen Benutzernamen wählen.")
-			tmpl, err := template.ParseFiles("web/templates/add-user.html")
-			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", htmlData)
-			return
-		}
-		if pass != pass2 {
-			htmlData.Msg = "Die Passwörter stimmen nicht überein."
-			tmpl, err := template.ParseFiles("web/templates/add-user.html")
-			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", htmlData)
-			return
-		}
-
-		num, err := db.CountEntries()
-		if err != nil {
-			log.Println(err)
-			http.Error(w, err.Error(), http.StatusInternalServerError)
-			return
-		}
-		if num == 0 {
-			if htmlData.Role != model.Admin {
-				htmlData.Msg = "Der erste Benutzer muss ein Administrator sein."
-				htmlData.Role = model.Admin
-				tmpl, err := template.ParseFiles("web/templates/add-user.html")
-				tmpl = template.Must(tmpl, err)
-				tmpl.ExecuteTemplate(w, "page-content", htmlData)
-				return
-			}
-
-			if err := saveSession(w, r, s, htmlData.User); err != nil {
-				log.Println(err)
-				http.Error(w, err.Error(), http.StatusInternalServerError)
-				return
-			}
-		}
-
-		if err := db.AddUser(htmlData.User, pass); err != nil {
-			log.Println(err)
-			http.Error(w, err.Error(), http.StatusInternalServerError)
-			return
-		}
-
-		tmpl, err := template.ParseFiles("web/templates/hub.html")
-		template.Must(tmpl, err).ExecuteTemplate(w, "page-content", 0)
-	}
-}

cmd/view/articles.go

@@ -5,12 +5,13 @@ import (
 	"log"
 	"net/http"
 	"strconv"
+	"time"
 
 	"streifling.com/jason/cpolis/cmd/control"
 	"streifling.com/jason/cpolis/cmd/model"
 )
 
-func ShowHub(s *control.CookieStore) http.HandlerFunc {
+func ShowHub(db *model.DB, s *control.CookieStore) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		session, err := s.Get(r, "cookie")
 		if err != nil {
@@ -20,7 +21,7 @@ func ShowHub(s *control.CookieStore) http.HandlerFunc {
 		}
 
 		tmpl, err := template.ParseFiles("web/templates/hub.html")
-		template.Must(tmpl, err).ExecuteTemplate(w, "page-content", session.Values["role"])
+		template.Must(tmpl, err).ExecuteTemplate(w, "page-content", session.Values["role"].(int))
 	}
 }
 
@@ -38,32 +39,8 @@ func WriteArticle(db *model.DB) http.HandlerFunc {
 	}
 }
 
-func FinishArticle(db *model.DB, s *control.CookieStore) http.HandlerFunc {
+func SubmitArticle(db *model.DB, s *control.CookieStore) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-		article := new(model.Article)
-		var err error
-
-		article.Title, err = control.ConvertToPlain(r.PostFormValue("editor-title"))
-		if err != nil {
-			log.Println(err)
-			http.Error(w, err.Error(), http.StatusInternalServerError)
-			return
-		}
-
-		article.Desc, err = control.ConvertToPlain(r.PostFormValue("editor-desc"))
-		if err != nil {
-			log.Println(err)
-			http.Error(w, err.Error(), http.StatusInternalServerError)
-			return
-		}
-
-		article.Content, err = control.ConvertToHTML(r.PostFormValue("editor-text"))
-		if err != nil {
-			log.Println(err)
-			http.Error(w, err.Error(), http.StatusInternalServerError)
-			return
-		}
-
 		session, err := s.Get(r, "cookie")
 		if err != nil {
 			tmpl, err := template.ParseFiles("web/templates/login.html")
@@ -71,7 +48,15 @@ func FinishArticle(db *model.DB, s *control.CookieStore) http.HandlerFunc {
 			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", msg)
 		}
 
-		article.AuthorID = session.Values["id"].(int64)
+		article := &model.Article{
+			Title:       r.PostFormValue("article-title"),
+			Description: r.PostFormValue("article-description"),
+			Content:     r.PostFormValue("article-content"),
+			Published:   false,
+			Rejected:    false,
+			AuthorID:    session.Values["id"].(int64),
+		}
+
 		article.ID, err = db.AddArticle(article)
 		if err != nil {
 			log.Println(err)
@@ -102,21 +87,101 @@ func FinishArticle(db *model.DB, s *control.CookieStore) http.HandlerFunc {
 	}
 }
 
-func ShowUnpublishedArticles(db *model.DB) http.HandlerFunc {
+func ResubmitArticle(db *model.DB, s *control.CookieStore) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-		articles, err := db.GetCertainArticles(false)
+		id, err := strconv.ParseInt(r.PostFormValue("article-id"), 10, 64)
 		if err != nil {
 			log.Println(err)
 			http.Error(w, err.Error(), http.StatusInternalServerError)
 			return
 		}
-		tmpl, err := template.ParseFiles("web/templates/unpublished-articles.html")
+
-		template.Must(tmpl, err).ExecuteTemplate(w, "page-content", articles)
+		title := r.PostFormValue("article-title")
+		description := r.PostFormValue("article-description")
+		content := r.PostFormValue("article-content")
+
+		if err := db.UpdateAttributes(
+			&model.Attribute{Table: "articles", ID: id, AttName: "title", Value: title},
+			&model.Attribute{Table: "articles", ID: id, AttName: "description", Value: description},
+			&model.Attribute{Table: "articles", ID: id, AttName: "content", Value: content},
+			&model.Attribute{Table: "articles", ID: id, AttName: "rejected", Value: false},
+		); err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		session, err := s.Get(r, "cookie")
+		if err != nil {
+			tmpl, err := template.ParseFiles("web/templates/login.html")
+			msg := "Session nicht mehr gültig. Bitte erneut anmelden."
+			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", msg)
+		}
+
+		tmpl, err := template.ParseFiles("web/templates/hub.html")
+		tmpl = template.Must(tmpl, err)
+		tmpl.ExecuteTemplate(w, "page-content", session.Values["role"])
 	}
 }
 
-func ReviewArticle(db *model.DB, s *control.CookieStore) http.HandlerFunc {
+func ShowUnpublishedArticles(db *model.DB) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
+		unpublishedArticles, err := db.GetCertainArticles(false, false)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		tmpl, err := template.ParseFiles("web/templates/unpublished-articles.html")
+		tmpl = template.Must(tmpl, err)
+		tmpl.ExecuteTemplate(w, "page-content", unpublishedArticles)
+	}
+}
+
+func ShowRejectedArticles(db *model.DB, s *control.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		type htmlData struct {
+			MyIDs            map[int64]bool
+			RejectedArticles []*model.Article
+		}
+		data := new(htmlData)
+
+		session, err := s.Get(r, "cookie")
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		data.RejectedArticles, err = db.GetCertainArticles(false, true)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		data.MyIDs = make(map[int64]bool)
+		for _, article := range data.RejectedArticles {
+			if article.AuthorID == session.Values["id"].(int64) {
+				data.MyIDs[article.ID] = true
+			}
+		}
+
+		tmpl, err := template.ParseFiles("web/templates/rejected-articles.html")
+		tmpl = template.Must(tmpl, err)
+		tmpl.ExecuteTemplate(w, "page-content", data)
+	}
+}
+
+func ReviewUnpublishedArticle(db *model.DB, s *control.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		type htmlData struct {
+			Article *model.Article
+			Tags    []*model.Tag
+		}
+		data := new(htmlData)
+
 		id, err := strconv.ParseInt(r.PostFormValue("id"), 10, 64)
 		if err != nil {
 			log.Println(err)
@@ -124,23 +189,70 @@ func ReviewArticle(db *model.DB, s *control.CookieStore) http.HandlerFunc {
 			return
 		}
 
-		article, err := db.GetArticle(id)
+		data.Article, err = db.GetArticle(id)
 		if err != nil {
-			tmpl, err := template.ParseFiles("web/templates/to-be-published.html")
+			log.Println(err)
-			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", article)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
 			return
 		}
 
-		// session, err := s.Get(r, "cookie")
+		data.Tags, err = db.GetArticleTags(id)
-		// if err != nil {
+		if err != nil {
-		// 	tmpl, err := template.ParseFiles("web/templates/login.html")
+			log.Println(err)
-		// 	msg := "Session nicht mehr gültig. Bitte erneut anmelden."
+			http.Error(w, err.Error(), http.StatusInternalServerError)
-		// 	template.Must(tmpl, err).ExecuteTemplate(w, "page-content", msg)
+			return
-		// }
+		}
 
 		tmpl, err := template.ParseFiles("web/templates/to-be-published.html")
 		tmpl = template.Must(tmpl, err)
-		tmpl.ExecuteTemplate(w, "page-content", article)
+		tmpl.ExecuteTemplate(w, "page-content", data)
+	}
+}
+
+func ReviewRejectedArticle(db *model.DB, s *control.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		type htmlData struct {
+			Selected map[int64]bool
+			Article  *model.Article
+			Tags     []*model.Tag
+		}
+		data := new(htmlData)
+
+		id, err := strconv.ParseInt(r.PostFormValue("id"), 10, 64)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		data.Article, err = db.GetArticle(id)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		data.Tags, err = db.GetTagList()
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		selectedTags, err := db.GetArticleTags(id)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+		data.Selected = make(map[int64]bool)
+		for _, tag := range selectedTags {
+			data.Selected[tag.ID] = true
+		}
+
+		tmpl, err := template.ParseFiles("web/templates/rework-article.html")
+		tmpl = template.Must(tmpl, err)
+		tmpl.ExecuteTemplate(w, "page-content", data)
 	}
 }
 
@@ -160,10 +272,81 @@ func PublishArticle(db *model.DB, s *control.CookieStore) http.HandlerFunc {
 			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", msg)
 		}
 
-		db.UpdateAttribute("articles", id, "published", true)
+		if err = db.AddArticleToCurrentIssue(id); err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		if err = db.UpdateAttributes(
+			&model.Attribute{Table: "articles", ID: id, AttName: "published", Value: true},
+			&model.Attribute{Table: "articles", ID: id, AttName: "rejected", Value: false},
+			&model.Attribute{Table: "articles", ID: id, AttName: "created", Value: time.Now().Format("2006-01-02 15:04:05")},
+		); err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
 
 		tmpl, err := template.ParseFiles("web/templates/hub.html")
 		tmpl = template.Must(tmpl, err)
 		tmpl.ExecuteTemplate(w, "page-content", session.Values["role"])
 	}
 }
+
+func RejectArticle(db *model.DB, s *control.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		id, err := strconv.ParseInt(r.PostFormValue("id"), 10, 64)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		session, err := s.Get(r, "cookie")
+		if err != nil {
+			tmpl, err := template.ParseFiles("web/templates/login.html")
+			msg := "Session nicht mehr gültig. Bitte erneut anmelden."
+			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", msg)
+		}
+
+		if err = db.UpdateAttributes(
+			&model.Attribute{Table: "articles", ID: id, AttName: "rejected", Value: true},
+		); err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		tmpl, err := template.ParseFiles("web/templates/hub.html")
+		tmpl = template.Must(tmpl, err)
+		tmpl.ExecuteTemplate(w, "page-content", session.Values["role"])
+	}
+}
+
+func ShowCurrentArticles(db *model.DB) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		articles, err := db.GetCurrentIssueArticles()
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		tmpl, err := template.ParseFiles("web/templates/current-articles.html")
+		template.Must(tmpl, err).ExecuteTemplate(w, "page-content", articles)
+	}
+}
+
+func PublishLatestIssue(db *model.DB) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		if err := db.PublishLatestIssue(); err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		tmpl, err := template.ParseFiles("web/templates/hub.html")
+		template.Must(tmpl, err).ExecuteTemplate(w, "page-content", nil)
+	}
+}

cmd/view/rss.go

@@ -1,12 +1,14 @@
 package view
 
 import (
+	"fmt"
 	"html/template"
 	"log"
 	"net/http"
 	"time"
 
 	"git.streifling.com/jason/rss"
+	"streifling.com/jason/cpolis/cmd/control"
 	"streifling.com/jason/cpolis/cmd/model"
 )
 
@@ -19,7 +21,7 @@ func ShowRSS(db *model.DB, title, link, desc string) http.HandlerFunc {
 			Items:       make([]*rss.Item, 0),
 		}
 
-		articles, err := db.GetCertainArticles(true)
+		articles, err := db.GetCertainArticles(true, false)
 		if err != nil {
 			log.Println(err)
 			http.Error(w, err.Error(), http.StatusInternalServerError)
@@ -37,6 +39,7 @@ func ShowRSS(db *model.DB, title, link, desc string) http.HandlerFunc {
 			for _, tag := range tags {
 				tagNames = append(tagNames, tag.Name)
 			}
+			tagNames = append(tagNames, fmt.Sprint("Orient Express ", article.IssueID))
 
 			user, err := db.GetUser(article.AuthorID)
 			if err != nil {
@@ -45,12 +48,33 @@ func ShowRSS(db *model.DB, title, link, desc string) http.HandlerFunc {
 				return
 			}
 
+			articleTitle, err := control.ConvertToPlain(article.Title)
+			if err != nil {
+				log.Println(err)
+				http.Error(w, err.Error(), http.StatusInternalServerError)
+				return
+			}
+
+			articleDescription, err := control.ConvertToPlain(article.Description)
+			if err != nil {
+				log.Println(err)
+				http.Error(w, err.Error(), http.StatusInternalServerError)
+				return
+			}
+
+			articleContent, err := control.ConvertToHTML(article.Content)
+			if err != nil {
+				log.Println(err)
+				http.Error(w, err.Error(), http.StatusInternalServerError)
+				return
+			}
+
 			channel.Items = append(channel.Items, &rss.Item{
-				Title:       article.Title,
+				Title:       articleTitle,
 				Author:      user.FirstName + user.LastName,
 				PubDate:     article.Created.Format(time.RFC1123Z),
-				Description: article.Desc,
+				Description: articleDescription,
-				Content:     &rss.Content{Value: article.Content},
+				Content:     &rss.Content{Value: articleContent},
 				Categories:  tagNames,
 			})
 		}

cmd/view/sessions.go

@@ -29,7 +29,7 @@ func saveSession(w http.ResponseWriter, r *http.Request, s *control.CookieStore,
 
 func HomePage(db *model.DB, s *control.CookieStore) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-		numRows, err := db.CountEntries()
+		numRows, err := db.CountEntries("users")
 		if err != nil {
 			log.Fatalln(err)
 		}
@@ -59,10 +59,9 @@ func Login(db *model.DB, s *control.CookieStore) http.HandlerFunc {
 		userName := r.PostFormValue("username")
 		password := r.PostFormValue("password")
 
-		id, err := db.GetID(userName)
+		id, ok := db.GetID(userName)
-		if err != nil {
+		if !ok {
-			log.Println(err)
+			http.Error(w, fmt.Sprintf("no such user: %v", userName), http.StatusInternalServerError)
-			http.Error(w, err.Error(), http.StatusInternalServerError)
 			return
 		}
 
@@ -89,3 +88,25 @@ func Login(db *model.DB, s *control.CookieStore) http.HandlerFunc {
 		template.Must(tmpl, err).ExecuteTemplate(w, "page-content", user.Role)
 	}
 }
+
+func Logout(s *control.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		session, err := s.Get(r, "cookie")
+		if err != nil {
+			tmpl, err := template.ParseFiles("web/templates/login.html")
+			msg := "Session nicht mehr gültig. Bitte erneut anmelden."
+			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", msg)
+		}
+
+		session.Options.MaxAge = -1
+
+		if err = session.Save(r, w); err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		tmpl, err := template.ParseFiles("web/templates/login.html")
+		template.Must(tmpl, err).ExecuteTemplate(w, "page-content", nil)
+	}
+}

cmd/view/users.go

@@ -0,0 +1,214 @@
+package view
+
+import (
+	"fmt"
+	"html/template"
+	"log"
+	"net/http"
+	"strconv"
+
+	"streifling.com/jason/cpolis/cmd/control"
+	"streifling.com/jason/cpolis/cmd/model"
+)
+
+type UserData struct {
+	*model.User
+	Msg string
+}
+
+func checkUserStrings(user *model.User) (string, int, bool) {
+	userLen := 15
+	nameLen := 50
+
+	if len(user.UserName) > userLen {
+		return "Benutzername", userLen, false
+	} else if len(user.FirstName) > nameLen {
+		return "Vorname", nameLen, false
+	} else if len(user.LastName) > nameLen {
+		return "Nachname", nameLen, false
+	} else {
+		return "", 0, true
+	}
+}
+
+func CreateUser(w http.ResponseWriter, r *http.Request) {
+	tmpl, err := template.ParseFiles("web/templates/add-user.html")
+	template.Must(tmpl, err).ExecuteTemplate(w, "page-content", nil)
+}
+
+func AddUser(db *model.DB, s *control.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		role, err := strconv.Atoi(r.PostFormValue("role"))
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		htmlData := UserData{
+			User: &model.User{
+				UserName:  r.PostFormValue("username"),
+				FirstName: r.PostFormValue("first-name"),
+				LastName:  r.PostFormValue("last-name"),
+				Role:      role,
+			},
+		}
+		pass := r.PostFormValue("password")
+		pass2 := r.PostFormValue("password2")
+
+		if len(htmlData.UserName) == 0 || len(htmlData.FirstName) == 0 ||
+			len(htmlData.LastName) == 0 || len(pass) == 0 || len(pass2) == 0 {
+			htmlData.Msg = "Alle Felder müssen ausgefüllt werden."
+			tmpl, err := template.ParseFiles("web/templates/add-user.html")
+			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", htmlData)
+			return
+		}
+		userString, stringLen, ok := checkUserStrings(htmlData.User)
+		if !ok {
+			htmlData.Msg = fmt.Sprint(userString, " ist zu lang. Maximal ",
+				stringLen, " Zeichen erlaubt.")
+			tmpl, err := template.ParseFiles("web/templates/add-user.html")
+			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", htmlData)
+			return
+		}
+		id, _ := db.GetID(htmlData.UserName)
+		if id != 0 {
+			htmlData.Msg = fmt.Sprint(htmlData.UserName,
+				" ist bereits vergeben. Bitte anderen Benutzernamen wählen.")
+			tmpl, err := template.ParseFiles("web/templates/add-user.html")
+			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", htmlData)
+			return
+		}
+		if pass != pass2 {
+			htmlData.Msg = "Die Passwörter stimmen nicht überein."
+			tmpl, err := template.ParseFiles("web/templates/add-user.html")
+			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", htmlData)
+			return
+		}
+
+		htmlData.ID, err = db.AddUser(htmlData.User, pass)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		if htmlData.ID == 1 {
+			htmlData.Role = model.Admin
+
+			if err = db.UpdateAttributes(
+				&model.Attribute{Table: "users", ID: id, AttName: "role", Value: htmlData.Role},
+			); err != nil {
+				log.Println(err)
+				http.Error(w, err.Error(), http.StatusInternalServerError)
+				return
+			}
+
+			if err := saveSession(w, r, s, htmlData.User); err != nil {
+				log.Println(err)
+				http.Error(w, err.Error(), http.StatusInternalServerError)
+				return
+			}
+
+			if _, err := db.AddIssue(); err != nil {
+				log.Println(err)
+				http.Error(w, err.Error(), http.StatusInternalServerError)
+				return
+			}
+		}
+
+		tmpl, err := template.ParseFiles("web/templates/hub.html")
+		template.Must(tmpl, err).ExecuteTemplate(w, "page-content", 0)
+	}
+}
+
+func EditUser(db *model.DB, s *control.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		session, err := s.Get(r, "cookie")
+		if err != nil {
+			tmpl, err := template.ParseFiles("web/templates/login.html")
+			msg := "Session nicht mehr gültig. Bitte erneut anmelden."
+			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", msg)
+		}
+
+		user, err := db.GetUser(session.Values["id"].(int64))
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		tmpl, err := template.ParseFiles("web/templates/edit-user.html")
+		template.Must(tmpl, err).ExecuteTemplate(w, "page-content", user)
+	}
+}
+
+func UpdateUser(db *model.DB, s *control.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		session, err := s.Get(r, "cookie")
+		if err != nil {
+			tmpl, err := template.ParseFiles("web/templates/login.html")
+			msg := "Session nicht mehr gültig. Bitte erneut anmelden."
+			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", msg)
+		}
+
+		userData := UserData{
+			User: &model.User{
+				ID:        session.Values["id"].(int64),
+				UserName:  r.PostFormValue("username"),
+				FirstName: r.PostFormValue("first-name"),
+				LastName:  r.PostFormValue("last-name"),
+			},
+		}
+		oldPass := r.PostFormValue("old-password")
+		newPass := r.PostFormValue("password")
+		newPass2 := r.PostFormValue("password2")
+
+		if len(userData.UserName) == 0 || len(userData.FirstName) == 0 ||
+			len(userData.LastName) == 0 {
+			userData.Msg = "Alle Felder mit * müssen ausgefüllt sein."
+			tmpl, err := template.ParseFiles("web/templates/edit-user.html")
+			tmpl = template.Must(tmpl, err)
+			tmpl.ExecuteTemplate(w, "page-content", userData.Msg)
+			return
+		}
+
+		userString, stringLen, ok := checkUserStrings(userData.User)
+		if !ok {
+			userData.Msg = fmt.Sprint(userString, " ist zu lang. Maximal ",
+				stringLen, " Zeichen erlaubt.")
+			tmpl, err := template.ParseFiles("web/templates/edit-user.html")
+			tmpl = template.Must(tmpl, err)
+			tmpl.ExecuteTemplate(w, "page-content", userData)
+			return
+		}
+
+		if id, ok := db.GetID(userData.UserName); ok {
+			if id != userData.ID {
+				userData.Msg = "Benutzername bereits vergeben."
+				userData.UserName = ""
+				tmpl, err := template.ParseFiles("web/templates/edit-user.html")
+				tmpl = template.Must(tmpl, err)
+				tmpl.ExecuteTemplate(w, "page-content", userData)
+				return
+			}
+		}
+
+		if err = db.UpdateUserAttributes(
+			userData.ID,
+			userData.UserName,
+			userData.FirstName,
+			userData.LastName,
+			oldPass,
+			newPass,
+			newPass2); err != nil {
+			userData.Msg = "Aktualisierung der Benutzerdaten fehlgeschlagen."
+			tmpl, err := template.ParseFiles("web/templates/edit-user.html")
+			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", userData)
+		}
+
+		tmpl, err := template.ParseFiles("web/templates/hub.html")
+		tmpl = template.Must(tmpl, err)
+		tmpl.ExecuteTemplate(w, "page-content", session.Values["role"].(int))
+	}
+}

web/templates/add-user.html

@@ -8,10 +8,12 @@
     <input required name="first-name" placeholder="Vorname" type="text" value="{{.FirstName}}" />
     <input required name="last-name" placeholder="Nachname" type="text" value="{{.LastName}}" />
 
-    <input required id="writer" name="role" type="radio" value="2" {{if eq .Role 2 }}checked{{end}} />
+    <input required id="author" name="role" type="radio" value="3" {{if eq .Role 3 }}checked{{end}} />
-    <label for="writer">Schreiber</label>
+    <label for="author">Autor</label>
-    <input required id="editor" name="role" type="radio" value="1" {{if eq .Role 1 }}checked{{end}} />
+    <input required id="editor" name="role" type="radio" value="2" {{if eq .Role 2 }}checked{{end}} />
     <label for="editor">Redakteur</label>
+    <input required id="publisher" name="role" type="radio" value="1" {{if eq .Role 1 }}checked{{end}} />
+    <label for="publisher">Herausgeber</label>
     <input required id="admin" name="role" type="radio" value="0" {{if eq .Role 0 }}checked{{end}} />
     <label for="admin">Admin</label>
 

web/templates/current-articles.html

@@ -0,0 +1,10 @@
+{{define "page-content"}}
+{{range .}}
+<div>
+    <h1>{{.Title}}</h1>
+    <p>{{.Description}}</p>
+</div>
+{{end}}
+<button hx-get="/publish-issue/" hx-target="#page-content">Ausgabe publizieren</button>
+<button hx-get="/hub/" hx-target="#page-content">Abbrechen</button>
+{{end}}

web/templates/edit-user.html

@@ -0,0 +1,13 @@
+{{define "page-content"}}
+<form>
+    <input name="username" type="text" value="{{.UserName}}" />
+    <input name="first-name" type="text" value="{{.FirstName}}" />
+    <input name="last-name" type="text" value="{{.LastName}}" />
+
+    <input name="old-password" placeholder="Altes Passwort" type="password" />
+    <input name="password" placeholder="Neues Passwort" type="password" />
+    <input name="password2" placeholder="Wiederholen" type="password" />
+
+    <input type="submit" value="Aktualisieren" hx-post="/update-user/" hx-target="#page-content" />
+</form>
+{{end}}

web/templates/editor.html

@@ -1,17 +1,13 @@
 {{define "page-content"}}
 <h2>Editor</h2>
 <form>
-    <input name="editor-title" placeholder="Titel" type="text" />
+    <input name="article-title" placeholder="Titel" type="text" />
-    <textarea name="editor-desc" placeholder="Beschreibung"></textarea>
+    <textarea name="article-description" placeholder="Beschreibung"></textarea>
-    <textarea name="editor-text" placeholder="Artikel"></textarea>
+    <textarea name="article-content" placeholder="Artikel"></textarea>
     {{range .}}
     <input id="{{.Name}}" name="tags" type="checkbox" value="{{.ID}}" />
     <label for="{{.Name}}">{{.Name}}</label>
     {{end}}
-    <input type="submit" value="Senden" hx-post="/finish-article/" hx-target="#page-content" />
+    <input type="submit" value="Senden" hx-post="/submit-article/" hx-target="#page-content" />
 </form>
 {{end}}
-
-{{define "html-result"}}
-{{.}}
-{{end}}

web/templates/hub.html

@@ -1,11 +1,16 @@
 {{define "page-content"}}
 <h2>Hub</h2>
 <button hx-get="/write-article/" hx-target="#page-content">Artikel schreiben</button>
+<button hx-get="/rejected-articles/" hx-target="#page-content">Abgelehnte Artikel</button>
 <button hx-get="/rss/" hx-target="#page-content">RSS Feed</button>
-{{if lt . 2}}
+<button hx-get="/edit-user/" hx-target="#page-content">Benutzer bearbeiten</button>
+{{if lt . 3}}
 <button hx-get="/unpublished-articles/" hx-target="#page-content">Unveröffentlichte Artikel</button>
 <button hx-get="/create-tag/" hx-target="#page-content">Neuer Tag</button>
 {{end}}
+{{if lt . 2}}
+<button hx-get="/this-issue/" hx-target="#page-content">Diese Ausgabe</button>
+{{end}}
 {{if eq . 0}}
 <button hx-get="/create-user/" hx-target="#page-content">Benutzer hinzufügen</button>
 {{end}}

web/templates/index.html

@@ -9,13 +9,22 @@
 </head>
 
 <body>
+    <header>
         <h1>Orient Editor</h1>
+        <button hx-get="logout" hx-target="#page-content">Abmelden</button>
+    </header>
 
+    <main>
         <div id="page-content">
             {{template "page-content" .}}
         </div>
 
         <script src="web/static/js/htmx.min.js"></script>
+    </main>
+
+    <footer>
+        <p>&copy; 2024 Jason Streifling. Alle Rechte vorbehalten.</p>
+    </footer>
 </body>
 
 </html>

web/templates/rejected-articles.html

@@ -0,0 +1,12 @@
+{{define "page-content"}}
+<form>
+    {{range .RejectedArticles}}
+    {{if index $.MyIDs .ID}}
+    <input required id="{{.ID}}" name="id" type="radio" value="{{.ID}}" />
+    <label for="{{.ID}}">{{.Title}}</label>
+    {{end}}
+    {{end}}
+    <input type="submit" value="Auswählen" hx-post="/review-rejected-article/" hx-target="#page-content" />
+</form>
+<button hx-get="/hub/" hx-target="#page-content">Zurück</button>
+{{end}}

web/templates/rework-article.html

@@ -0,0 +1,16 @@
+{{define "page-content"}}
+<h2>Editor</h2>
+<form>
+    <input name="article-title" placeholder="Titel" type="text" value="{{.Article.Title}}" />
+    <textarea name="article-description" placeholder="Beschreibung">{{.Article.Description}}</textarea>
+    <textarea name="article-content" placeholder="Artikel">{{.Article.Content}}</textarea>
+    <input name="article-id" type="hidden" value="{{.Article.ID}}" />
+
+    {{range .Tags}}
+    <input id="tag-{{.Name}}" name="tags" type="checkbox" value="{{.ID}}" {{if index $.Selected .ID}}checked{{end}} />
+    <label for="tag-{{.Name}}">{{.Name}}</label>
+    {{end}}
+
+    <input type="submit" value="Senden" hx-post="/resubmit-article/" hx-target="#page-content" />
+</form>
+{{end}}

web/templates/to-be-published.html

@@ -1,11 +1,19 @@
 {{define "page-content"}}
 <form>
-    <h2>{{.Title}}</h2>
+    <h2>{{.Article.Title}}</h2>
-    <p>{{.Desc}}</p>
+    <p>{{.Article.Description}}</p>
-    <span>{{.Content}}</span>
+    {{.Article.Content}}
-    <input name="id" type="hidden" value="{{.ID}}" />
+
+    <p>
+    {{range .Tags}}
+    {{.Name}}
+    {{end}}
+    </p>
+
+    <input name="id" type="hidden" value="{{.Article.ID}}" />
     <input type="submit" value="Veröffentlichen" hx-post="/publish-article/" hx-target="#page-content" />
     <input type="submit" value="Ablehnen" hx-post="/reject-article/" hx-target="#page-content" />
 </form>
+
 <button hx-get="/hub/" hx-target="#page-content">Zurück</button>
 {{end}}

web/templates/unpublished-articles.html

@@ -4,7 +4,7 @@
     <input required id="{{.ID}}" name="id" type="radio" value="{{.ID}}" />
     <label for="{{.ID}}">{{.Title}}</label>
     {{end}}
-    <input type="submit" value="Auswählen" hx-post="/review-article/" hx-target="#page-content" />
+    <input type="submit" value="Auswählen" hx-post="/review-unpublished-article/" hx-target="#page-content" />
 </form>
 <button hx-get="/hub/" hx-target="#page-content">Zurück</button>
 {{end}}