Changed visual layout for to-be-published articles

Slightly changed button color and changed body height to be min-100vh
Only show logout button in hub
2024-04-03 18:12:28 +02:00 · 2024-04-03 04:50:25 +02:00 · 2024-04-02 21:35:34 +02:00 · 2024-04-02 19:38:16 +02:00 · 2024-04-02 19:37:53 +02:00 · 2024-04-01 19:26:18 +02:00
49 changed files with 2624 additions and 1040 deletions
--- a/.air.toml
+++ b/.air.toml
@ -0,0 +1,44 @@
+root = "."
+testdata_dir = "testdata"
+tmp_dir = "tmp"
+
+[build]
+  args_bin = []
+  bin = "./tmp/main -key tmp/key.gob -log tmp/cpolis.log -pics tmp/pics -rss tmp/orientexpress_alle.rss -web web"
+  cmd = "go build -o ./tmp/main ./cmd/main.go"
+  delay = 0
+  exclude_dir = ["assets", "tmp", "vendor", "testdata"]
+  exclude_file = []
+  exclude_regex = ["_test.go"]
+  exclude_unchanged = false
+  follow_symlink = false
+  full_bin = ""
+  include_dir = []
+  include_ext = ["go", "tpl", "tmpl", "html", "css"]
+  include_file = []
+  kill_delay = "0s"
+  log = "build-errors.log"
+  poll = false
+  poll_interval = 0
+  rerun = false
+  rerun_delay = 500
+  send_interrupt = false
+  stop_on_error = false
+
+[color]
+  app = ""
+  build = "yellow"
+  main = "magenta"
+  runner = "green"
+  watcher = "cyan"
+
+[log]
+  main_only = false
+  time = false
+
+[misc]
+  clean_on_exit = false
+
+[screen]
+  clear_on_rebuild = false
+  keep_scroll = true
--- a/.gitignore
+++ b/.gitignore
@ -23,3 +23,4 @@ go.work

 # Custom stuff
 tmp/
+style.css
--- a/4
+++ b/4
@ -209,7 +209,7 @@ If you develop a new program, and you want it to be of the greatest possible use
 To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively state the exclusion of warranty; and each file should have at least the “copyright” line and a pointer to where the full notice is found.

     cpolis
-     Copyright (C) 2024  jason
+     Copyright (C) 2024  Jason Streifling

     This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

@ -221,7 +221,7 @@ Also add information on how to contact you by electronic and paper mail.

 If the program does terminal interaction, make it output a short notice like this when it starts in an interactive mode:

-     cpolis  Copyright (C) 2024  jason
+     cpolis  Copyright (C) 2024  Jason Streifling
     This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
     This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details.

--- a/cmd/control/cli.go
+++ b/cmd/control/cli.go
@ -0,0 +1,60 @@
+package control
+
+import (
+	"flag"
+	"fmt"
+	"path/filepath"
+)
+
+type CliArgs struct {
+	DBName  string
+	KeyFile string
+	LogFile string
+	Port    string
+	PicsDir string
+	RSSFile string
+	WebDir  string
+}
+
+func HandleCliArgs() (*CliArgs, error) {
+	var err error
+	cliArgs := new(CliArgs)
+
+	keyFile := flag.String("key", "/var/www/cpolis/cpolis.key", "key file")
+	logFile := flag.String("log", "/var/log/cpolis.log", "log file")
+	picsDir := flag.String("pics", "/var/www/cpolis/pics", "pictures directory")
+	port := flag.Int("port", 8080, "port")
+	rssFile := flag.String("rss", "/var/www/cpolis/cpolis.rss", "RSS file")
+	webDir := flag.String("web", "/var/www/cpolis/web", "web directory")
+	flag.StringVar(&cliArgs.DBName, "db", "cpolis", "DB name")
+	flag.Parse()
+
+	cliArgs.KeyFile, err = filepath.Abs(*keyFile)
+	if err != nil {
+		return nil, fmt.Errorf("error finding absolute path for KeyFile: %v", err)
+	}
+
+	cliArgs.LogFile, err = filepath.Abs(*logFile)
+	if err != nil {
+		return nil, fmt.Errorf("error finding absolute path for LogFile: %v", err)
+	}
+
+	cliArgs.PicsDir, err = filepath.Abs(*picsDir)
+	if err != nil {
+		return nil, fmt.Errorf("error finding absolute path for PicsDir: %v", err)
+	}
+
+	cliArgs.Port = fmt.Sprint(":", *port)
+
+	cliArgs.RSSFile, err = filepath.Abs(*rssFile)
+	if err != nil {
+		return nil, fmt.Errorf("error finding absolute path for RSSFile: %v", err)
+	}
+
+	cliArgs.WebDir, err = filepath.Abs(*webDir)
+	if err != nil {
+		return nil, fmt.Errorf("error finding absolute path for WebDir: %v", err)
+	}
+
+	return cliArgs, nil
+}
--- a/cmd/control/markdown.go
+++ b/cmd/control/markdown.go
@ -1,4 +1,4 @@
-package data
+package control

 import (
 	"bytes"
--- a/cmd/control/rss.go
+++ b/cmd/control/rss.go
@ -0,0 +1,131 @@
+package control
+
+import (
+	"fmt"
+	"io"
+	"os"
+	"time"
+
+	"git.streifling.com/jason/rss"
+	"streifling.com/jason/cpolis/cmd/model"
+)
+
+func GetChannel(db *model.DB, title, link, description string) (*rss.Channel, error) {
+	channel := &rss.Channel{
+		Title:       title,
+		Link:        link,
+		Description: description,
+		Items:       make([]*rss.Item, 0),
+	}
+
+	articles, err := db.GetCertainArticles(true, false)
+	if err != nil {
+		return nil, fmt.Errorf("error fetching published articles: %v", err)
+	}
+
+	for _, article := range articles {
+		tags, err := db.GetArticleTags(article.ID)
+		if err != nil {
+			return nil, fmt.Errorf("error fetching tags for article %v: %v", article.Title, err)
+		}
+		tagNames := make([]string, 0)
+		for _, tag := range tags {
+			tagNames = append(tagNames, tag.Name)
+		}
+
+		user, err := db.GetUser(article.AuthorID)
+		if err != nil {
+			return nil, fmt.Errorf("error finding user %v: %v", article.AuthorID, err)
+		}
+
+		channel.Items = append(channel.Items, &rss.Item{
+			Title:       article.Title,
+			Author:      user.FirstName + user.LastName,
+			PubDate:     article.Created.Format(time.RFC1123Z),
+			Description: article.Description,
+			Content:     &rss.Content{Value: article.Content},
+			Categories:  tagNames,
+		})
+	}
+
+	return channel, nil
+}
+
+func GenerateRSS(db *model.DB, title, link, desc string) (*string, error) {
+	channel := &rss.Channel{
+		Title:       title,
+		Link:        link,
+		Description: desc,
+		Items:       make([]*rss.Item, 0),
+	}
+
+	articles, err := db.GetCertainArticles(true, false)
+	if err != nil {
+		return nil, fmt.Errorf("error getting published articles for RSS feed: %v", err)
+	}
+
+	for _, article := range articles {
+		tags, err := db.GetArticleTags(article.ID)
+		if err != nil {
+			return nil, fmt.Errorf("error getting tags for articles for RSS feed: %v", err)
+		}
+		tagNames := make([]string, 0)
+		for _, tag := range tags {
+			tagNames = append(tagNames, tag.Name)
+		}
+		tagNames = append(tagNames, fmt.Sprint("Orient Express ", article.IssueID))
+
+		user, err := db.GetUser(article.AuthorID)
+		if err != nil {
+			return nil, fmt.Errorf("error getting user user info for RSS feed: %v", err)
+		}
+
+		articleTitle, err := ConvertToPlain(article.Title)
+		if err != nil {
+			return nil, fmt.Errorf("error converting title to plain text for RSS feed: %v", err)
+		}
+
+		articleDescription, err := ConvertToPlain(article.Description)
+		if err != nil {
+			return nil, fmt.Errorf("error converting description to plain text for RSS feed: %v", err)
+		}
+
+		articleContent, err := ConvertToHTML(article.Content)
+		if err != nil {
+			return nil, fmt.Errorf("error converting content to HTML for RSS feed: %v", err)
+		}
+
+		channel.Items = append(channel.Items, &rss.Item{
+			Title:       articleTitle,
+			Author:      user.FirstName + user.LastName,
+			PubDate:     article.Created.Format(time.RFC1123Z),
+			Description: articleDescription,
+			Content:     &rss.Content{Value: articleContent},
+			Categories:  tagNames,
+		})
+	}
+
+	feed := rss.NewFeed()
+	feed.Channels = append(feed.Channels, channel)
+	rss, err := feed.ToXML()
+	if err != nil {
+		return nil, fmt.Errorf("error converting RSS feed to XML: %v", err)
+	}
+
+	return &rss, nil
+}
+
+func SaveRSS(filename string, feed *string) error {
+	file, err := os.Create(filename)
+	if err != nil {
+		return fmt.Errorf("error creating file for RSS feed: %v", err)
+	}
+	defer file.Close()
+	file.Chmod(0644)
+
+	if _, err = io.WriteString(file, *feed); err != nil {
+		return fmt.Errorf("error writing to RSS file: %v", err)
+	}
+
+	return nil
+}
--- a/cmd/control/sessions.go
+++ b/cmd/control/sessions.go
@ -1,4 +1,4 @@
-package data
+package control

 import (
 	"crypto/rand"
@ -17,8 +17,7 @@ type CookieStore struct {
 func NewKey() ([]byte, error) {
 	key := make([]byte, 32)

-	_, err := io.ReadFull(rand.Reader, key)
-	if err != nil {
+	if _, err := io.ReadFull(rand.Reader, key); err != nil {
 		return nil, fmt.Errorf("error generating key: %v", err)
 	}

@ -33,9 +32,7 @@ func SaveKey(key []byte, filename string) error {
 	defer file.Close()
 	file.Chmod(0600)

-	encoder := gob.NewEncoder(file)
-	err = encoder.Encode(key)
-	if err != nil {
+	if err = gob.NewEncoder(file).Encode(key); err != nil {
 		return fmt.Errorf("error ecoding key: %v", err)
 	}

@ -49,9 +46,7 @@ func LoadKey(filename string) ([]byte, error) {
 	}

 	key := make([]byte, 32)
-	decoder := gob.NewDecoder(file)
-	err = decoder.Decode(&key)
-	if err != nil {
+	if err = gob.NewDecoder(file).Decode(&key); err != nil {
 		return nil, fmt.Errorf("error decoding key: %v", err)
 	}

--- a/cmd/data/articles.go
+++ b/cmd/data/articles.go
@ -1,202 +0,0 @@
-package data
-
-import (
-	"encoding/gob"
-	"fmt"
-	"os"
-	"sync"
-	"time"
-
-	"github.com/google/uuid"
-)
-
-type Article struct {
-	Title    string
-	Author   string
-	Created  time.Time
-	Desc     string
-	Content  string
-	Tags     []string
-	UUID     uuid.UUID
-	AuthorID int64
-}
-
-type ArticleList struct {
-	addCh    chan *Article
-	delCh    chan uuid.UUID
-	retCh    chan *Article
-	getCh    chan []Article
-	articles []*Article
-	wg       sync.WaitGroup
-}
-
-type TagList struct {
-	addCh chan string
-	getCh chan []string
-	tags  []string
-	wg    sync.WaitGroup
-}
-
-func minArticleList() *ArticleList {
-	return &ArticleList{
-		addCh: make(chan *Article),
-		delCh: make(chan uuid.UUID),
-		retCh: make(chan *Article),
-		getCh: make(chan []Article),
-	}
-}
-
-func minTagList() *TagList {
-	return &TagList{
-		addCh: make(chan string),
-		getCh: make(chan []string),
-	}
-}
-
-func (al *ArticleList) start() {
-	al.wg.Done()
-	for {
-		select {
-		case article := <-al.addCh:
-			al.articles = append(al.articles, article)
-		case uuid := <-al.delCh:
-			for i, article := range al.articles {
-				if article.UUID == uuid {
-					al.articles = append(al.articles[:i], al.articles[i+1:]...)
-					al.retCh <- article
-				}
-			}
-		case al.getCh <- func() []Article {
-			var list []Article
-			for _, article := range al.articles {
-				list = append(list, *article)
-			}
-			return list
-		}():
-		}
-	}
-}
-
-func (tl *TagList) start() {
-	tl.wg.Done()
-	for {
-		select {
-		case tag := <-tl.addCh:
-			tl.tags = append(tl.tags, tag)
-		case tl.getCh <- tl.tags:
-		}
-	}
-}
-
-func NewArticleList() *ArticleList {
-	list := minArticleList()
-	list.articles = []*Article{}
-
-	list.wg.Add(1)
-	go list.start()
-	list.wg.Wait()
-
-	return list
-}
-
-func (al *ArticleList) Add(a *Article) {
-	al.addCh <- a
-}
-
-func (al *ArticleList) Release(uuid uuid.UUID) (*Article, bool) {
-	al.delCh <- uuid
-	article := <-al.retCh
-	if article == nil {
-		return nil, false
-	}
-	return article, true
-}
-
-func (al *ArticleList) Get() []Article {
-	return <-al.getCh
-}
-
-func (al *ArticleList) Save(filename string) error {
-	file, err := os.Create(filename)
-	if err != nil {
-		return fmt.Errorf("error creating key file: %v", err)
-	}
-	defer file.Close()
-
-	encoder := gob.NewEncoder(file)
-	articles := al.Get()
-	err = encoder.Encode(articles)
-	if err != nil {
-		return fmt.Errorf("error ecoding key: %v", err)
-	}
-
-	return nil
-}
-
-func LoadArticleList(filename string) (*ArticleList, error) {
-	file, err := os.Open(filename)
-	if err != nil {
-		return nil, fmt.Errorf("error opening key file: %v", err)
-	}
-
-	decoder := gob.NewDecoder(file)
-	articleList := NewArticleList()
-	err = decoder.Decode(&articleList.articles)
-	if err != nil {
-		return nil, fmt.Errorf("error decoding key: %v", err)
-	}
-
-	return articleList, nil
-}
-
-func NewTagList() *TagList {
-	list := minTagList()
-	list.tags = []string{}
-
-	list.wg.Add(1)
-	go list.start()
-	list.wg.Wait()
-
-	return list
-}
-
-func (tl *TagList) Add(tag string) {
-	tl.addCh <- tag
-}
-
-func (tl *TagList) Get() []string {
-	return <-tl.getCh
-}
-
-func (tl *TagList) Save(filename string) error {
-	file, err := os.Create(filename)
-	if err != nil {
-		return fmt.Errorf("error creating key file: %v", err)
-	}
-	defer file.Close()
-
-	encoder := gob.NewEncoder(file)
-	tags := tl.Get()
-	err = encoder.Encode(tags)
-	if err != nil {
-		return fmt.Errorf("error ecoding key: %v", err)
-	}
-
-	return nil
-}
-
-func LoadTagList(filename string) (*TagList, error) {
-	file, err := os.Open(filename)
-	if err != nil {
-		return nil, fmt.Errorf("error opening key file: %v", err)
-	}
-
-	decoder := gob.NewDecoder(file)
-	tagList := NewTagList()
-	err = decoder.Decode(&tagList.tags)
-	if err != nil {
-		return nil, fmt.Errorf("error decoding key: %v", err)
-	}
-
-	return tagList, nil
-}
--- a/cmd/data/db.go
+++ b/cmd/data/db.go
@ -1,143 +0,0 @@
-package data
-
-import (
-	"database/sql"
-	"fmt"
-
-	"github.com/go-sql-driver/mysql"
-	"golang.org/x/crypto/bcrypt"
-)
-
-type DB struct {
-	*sql.DB
-}
-
-func OpenDB(dbName string) (*DB, error) {
-	var err error
-	db := DB{DB: &sql.DB{}}
-
-	cfg := mysql.NewConfig()
-	cfg.DBName = dbName
-	cfg.User, cfg.Passwd, err = getCredentials()
-	if err != nil {
-		return nil, fmt.Errorf("error reading user credentials for DB: %v", err)
-	}
-
-	db.DB, err = sql.Open("mysql", cfg.FormatDSN())
-	if err != nil {
-		return nil, fmt.Errorf("error opening DB: %v", err)
-	}
-	if err = db.Ping(); err != nil {
-		return nil, fmt.Errorf("error pinging DB: %v", err)
-	}
-
-	return &db, nil
-}
-
-func (db *DB) AddUser(user *User, pass string) error {
-	hashedPass, err := bcrypt.GenerateFromPassword([]byte(pass), bcrypt.DefaultCost)
-	if err != nil {
-		return fmt.Errorf("error creating password hash: %v", err)
-	}
-
-	query := `
-    INSERT INTO users
-        (username, password, first_name, last_name, role)
-    VALUES (?, ?, ?, ?, ?)
-    `
-	_, err = db.Exec(query, user.UserName, string(hashedPass), user.FirstName, user.LastName, user.Role)
-	if err != nil {
-		return fmt.Errorf("error inserting user into DB: %v", err)
-	}
-
-	return nil
-}
-
-func (db *DB) GetID(userName string) (int64, error) {
-	var id int64
-
-	query := `
-    SELECT id
-    FROM users
-    WHERE username = ?
-    `
-	row := db.QueryRow(query, userName)
-	if err := row.Scan(&id); err != nil {
-		return 0, fmt.Errorf("user not in DB: %v", err)
-	}
-
-	return id, nil
-}
-
-func (db *DB) CheckPassword(id int64, pass string) error {
-	var queriedPass string
-
-	query := `
-    SELECT password
-    FROM users
-    WHERE id = ?
-    `
-	row := db.QueryRow(query, id)
-	if err := row.Scan(&queriedPass); err != nil {
-		return fmt.Errorf("error reading password from DB: %v", err)
-	}
-
-	if err := bcrypt.CompareHashAndPassword([]byte(queriedPass), []byte(pass)); err != nil {
-		return fmt.Errorf("incorrect password: %v", err)
-	}
-
-	return nil
-}
-
-func (db *DB) ChangePassword(id int64, oldPass, newPass string) error {
-	if err := db.CheckPassword(id, oldPass); err != nil {
-		return fmt.Errorf("error checking password: %v", err)
-	}
-
-	newHashedPass, err := bcrypt.GenerateFromPassword([]byte(newPass), bcrypt.DefaultCost)
-	if err != nil {
-		return fmt.Errorf("error creating password hash: %v", err)
-	}
-
-	query := `
-    UPDATE users
-    SET password = ?
-    WHERE id = ?
-    `
-	_, err = db.Exec(query, string(newHashedPass), id)
-	if err != nil {
-		return fmt.Errorf("error updating password in DB: %v", err)
-	}
-
-	return nil
-}
-
-func (db *DB) CountEntries() (int64, error) {
-	var count int64
-
-	query := `SELECT COUNT(*) FROM users`
-	row := db.QueryRow(query)
-	if err := row.Scan(&count); err != nil {
-		return 0, fmt.Errorf("error counting rows in user DB: %v", err)
-	}
-
-	return count, nil
-}
-
-// TODO: No need for ID field in general
-func (db *DB) GetUser(id int64) (*User, error) {
-	user := new(User)
-	query := `
-    SELECT id, username, first_name, last_name, role
-    FROM users
-    WHERE id = ?
-    `
-
-	row := db.QueryRow(query, id)
-	if err := row.Scan(&user.ID, &user.UserName, &user.FirstName,
-		&user.LastName, &user.Role); err != nil {
-		return nil, fmt.Errorf("error reading user information: %v", err)
-	}
-
-	return user, nil
-}
--- a/cmd/data/helpers.go
+++ b/cmd/data/helpers.go
@ -1,52 +0,0 @@
-package data
-
-import (
-	"bufio"
-	"fmt"
-	"os"
-	"strings"
-	"syscall"
-
-	"golang.org/x/term"
-)
-
-func getUsername() (string, error) {
-	user := os.Getenv("DB_USER")
-	if user == "" {
-		var err error
-		fmt.Printf("DB Benutzer: ")
-		user, err = bufio.NewReader(os.Stdin).ReadString('\n')
-		if err != nil {
-			return "", fmt.Errorf("error reading username: %v", err)
-		}
-	}
-	return strings.TrimSpace(user), nil
-}
-
-func getPassword() (string, error) {
-	pass := os.Getenv("DB_PASS")
-	if pass == "" {
-		fmt.Printf("DB Passwort: ")
-		bytePass, err := term.ReadPassword(int(syscall.Stdin))
-		if err != nil {
-			return "", fmt.Errorf("error reading password: %v", err)
-		}
-		fmt.Println()
-		pass = strings.TrimSpace(string(bytePass))
-	}
-	return pass, nil
-}
-
-func getCredentials() (string, string, error) {
-	user, err := getUsername()
-	if err != nil {
-		return "", "", fmt.Errorf("error getting username: %v", err)
-	}
-
-	pass, err := getPassword()
-	if err != nil {
-		return "", "", fmt.Errorf("error getting password: %v", err)
-	}
-
-	return user, pass, nil
-}
--- a/cmd/data/rss.go
+++ b/cmd/data/rss.go
@ -1,106 +0,0 @@
-package data
-
-import (
-	"encoding/gob"
-	"fmt"
-	"os"
-	"sync"
-
-	"github.com/gorilla/feeds"
-)
-
-type Feed struct {
-	addCh chan *feeds.Item
-	setCh chan feeds.Feed
-	getCh chan feeds.Feed
-	feed  feeds.Feed
-	wg    sync.WaitGroup
-}
-
-func minFeed() *Feed {
-	return &Feed{
-		addCh: make(chan *feeds.Item),
-		setCh: make(chan feeds.Feed),
-		getCh: make(chan feeds.Feed),
-	}
-}
-
-func (f *Feed) start() {
-	f.wg.Done()
-	for {
-		select {
-		case item := <-f.addCh:
-			f.feed.Items = append(f.feed.Items, item)
-		case f.getCh <- f.feed:
-		case f.feed = <-f.setCh:
-		}
-	}
-}
-
-func NewFeed(title, link, desc string) *Feed {
-	feed := minFeed()
-	feed.feed = feeds.Feed{
-		Title:       title,
-		Link:        &feeds.Link{Href: link},
-		Description: desc,
-	}
-
-	feed.wg.Add(1)
-	go feed.start()
-	feed.wg.Wait()
-
-	return feed
-}
-
-func (f *Feed) Get() feeds.Feed {
-	return <-f.getCh
-}
-
-func (f *Feed) Set(feed feeds.Feed) {
-	f.setCh <- feed
-}
-
-func OpenFeed(filename string) (*Feed, error) {
-	file, err := os.Open(filename)
-	if err != nil {
-		return nil, fmt.Errorf("error opening file %v: %v", filename, err)
-	}
-	defer file.Close()
-
-	feed := minFeed()
-	feed.wg.Add(1)
-	go feed.start()
-	feed.wg.Wait()
-
-	decoder := gob.NewDecoder(file)
-	tmpFeed := new(feeds.Feed)
-	err = decoder.Decode(tmpFeed)
-	if err != nil {
-		return nil, fmt.Errorf("error decoding file %v: %v", filename, err)
-	}
-
-	feed.Set(*tmpFeed)
-
-	return feed, nil
-}
-
-func (f *Feed) Save(filename string) error {
-	file, err := os.Create(filename)
-	if err != nil {
-		return fmt.Errorf("error creating file %v: %v", filename, err)
-	}
-	defer file.Close()
-
-	encoder := gob.NewEncoder(file)
-	feed := f.Get()
-	err = encoder.Encode(feed)
-	if err != nil {
-		return fmt.Errorf("error encoding file %v: %v", filename, err)
-	}
-
-	return nil
-}
-
-func (f *Feed) Add(i *feeds.Item) {
-	f.addCh <- i
-}
--- a/cmd/data/user.go
+++ b/cmd/data/user.go
@ -1,16 +0,0 @@
-package data
-
-const (
-	Admin = iota
-	Editor
-	Writer
-)
-
-type User struct {
-	UserName         string
-	FirstName        string
-	LastName         string
-	RejectedArticles []*Article
-	ID               int64
-	Role             int
-}
--- a/cmd/main.go
+++ b/cmd/main.go
@ -0,0 +1,84 @@
+package main
+
+import (
+	"encoding/gob"
+	"log"
+	"net/http"
+	"os"
+
+	"streifling.com/jason/cpolis/cmd/control"
+	"streifling.com/jason/cpolis/cmd/model"
+	"streifling.com/jason/cpolis/cmd/view"
+)
+
+func init() {
+	gob.Register(model.User{})
+}
+
+func main() {
+	args, err := control.HandleCliArgs()
+	if err != nil {
+		log.Fatalln(err)
+	}
+
+	logFile, err := os.OpenFile(args.LogFile, os.O_WRONLY|os.O_CREATE|os.O_APPEND, 0644)
+	if err != nil {
+		log.Fatalln(err)
+	}
+	defer logFile.Close()
+	log.SetOutput(logFile)
+
+	db, err := model.OpenDB(args.DBName)
+	if err != nil {
+		log.Fatalln(err)
+	}
+	defer db.Close()
+
+	key, err := control.LoadKey(args.KeyFile)
+	if err != nil {
+		key, err = control.NewKey()
+		if err != nil {
+			log.Fatalln(err)
+		}
+		control.SaveKey(key, args.KeyFile)
+	}
+	store := control.NewCookieStore(key)
+
+	mux := http.NewServeMux()
+	mux.Handle("/web/static/", http.StripPrefix("/web/static/",
+		http.FileServer(http.Dir(args.WebDir+"/static/"))))
+	mux.HandleFunc("/", view.HomePage(args, db, store))
+
+	mux.HandleFunc("GET /create-tag/", view.CreateTag(args))
+	mux.HandleFunc("GET /create-user/", view.CreateUser(args))
+	mux.HandleFunc("GET /edit-user/", view.EditUser(args, db, store))
+	mux.HandleFunc("GET /hub/", view.ShowHub(args, db, store))
+	mux.HandleFunc("GET /logout/", view.Logout(args, store))
+	mux.HandleFunc("GET /publish-article/{id}/", view.PublishArticle(args, db, store))
+	mux.HandleFunc("GET /publish-issue/", view.PublishLatestIssue(args, db, store))
+	mux.HandleFunc("GET /reject-article/{id}/", view.RejectArticle(args, db, store))
+	mux.HandleFunc("GET /rejected-articles/", view.ShowRejectedArticles(args, db, store))
+	mux.HandleFunc("GET /review-rejected-article/{id}/", view.ReviewRejectedArticle(args, db, store))
+	mux.HandleFunc("GET /review-unpublished-article/{id}/", view.ReviewUnpublishedArticle(args, db, store))
+	mux.HandleFunc("GET /rss/", view.ShowRSS(
+		args,
+		db,
+		"Freimaurer Distrikt Niedersachsen und Sachsen-Anhalt",
+		"https://distrikt-ni-st.de",
+		"Freiheit, Gleichheit, Brüderlichkeit, Toleranz und Humanität",
+	))
+	mux.HandleFunc("GET /this-issue/", view.ShowCurrentArticles(args, db))
+	mux.HandleFunc("GET /unpublished-articles/", view.ShowUnpublishedArticles(args, db))
+	mux.HandleFunc("GET /write-article/", view.WriteArticle(args, db))
+
+	mux.HandleFunc("POST /add-first-user/", view.AddFirstUser(args, db, store))
+	mux.HandleFunc("POST /add-tag/", view.AddTag(args, db, store))
+	mux.HandleFunc("POST /add-user/", view.AddUser(args, db, store))
+	mux.HandleFunc("POST /login/", view.Login(args, db, store))
+	mux.HandleFunc("POST /resubmit-article/{id}/", view.ResubmitArticle(args, db, store))
+	mux.HandleFunc("POST /submit-article/", view.SubmitArticle(args, db, store))
+	mux.HandleFunc("POST /update-user/", view.UpdateUser(args, db, store))
+	mux.HandleFunc("POST /upload-image/", view.UploadImage(args))
+
+	log.Fatalln(http.ListenAndServe(args.Port, mux))
+}
--- a/cmd/model/articles.go
+++ b/cmd/model/articles.go
@ -0,0 +1,258 @@
+package model
+
+import (
+	"context"
+	"database/sql"
+	"fmt"
+	"log"
+	"time"
+)
+
+type Article struct {
+	Title       string
+	Created     time.Time
+	Description string
+	Content     string
+	Published   bool
+	Rejected    bool
+	ID          int64
+	AuthorID    int64
+	IssueID     int64
+}
+
+func (db *DB) AddArticle(a *Article) (int64, error) {
+	var id int64
+	txOptions := &sql.TxOptions{Isolation: sql.LevelSerializable}
+	selectQuery := "SELECT id FROM issues WHERE published = false"
+	insertQuery := `
+    INSERT INTO articles
+        (title, description, content, published, rejected, author_id, issue_id)
+    VALUES (?, ?, ?, ?, ?, ?, ?)
+    `
+
+	for i := 0; i < TxMaxRetries; i++ {
+		id, err := func() (int64, error) {
+			tx, err := db.BeginTx(context.Background(), txOptions)
+			if err != nil {
+				return 0, fmt.Errorf("error starting transaction: %v", err)
+			}
+
+			if err = tx.QueryRow(selectQuery).Scan(&id); err != nil {
+				if rollbackErr := tx.Rollback(); rollbackErr != nil {
+					log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+				}
+				return 0, fmt.Errorf("error getting issue ID when adding article to DB: %v", err)
+			}
+
+			result, err := tx.Exec(insertQuery, a.Title, a.Description,
+				a.Content, a.Published, a.Rejected, a.AuthorID, id)
+			if err != nil {
+				if rollbackErr := tx.Rollback(); rollbackErr != nil {
+					log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+				}
+				return 0, fmt.Errorf("error inserting article into DB: %v", err)
+			}
+
+			id, err := result.LastInsertId()
+			if err != nil {
+				if rollbackErr := tx.Rollback(); rollbackErr != nil {
+					log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+				}
+				return 0, fmt.Errorf("error retrieving ID of added article: %v", err)
+			}
+
+			if err = tx.Commit(); err != nil {
+				return 0, fmt.Errorf("error committing transaction when adding article to DB: %v", err)
+			}
+			return id, nil
+		}()
+		if err == nil {
+			return id, nil
+		}
+
+		log.Println(err)
+		wait(i)
+	}
+
+	return 0, fmt.Errorf("error: %v unsuccessful retries for DB operation, aborting", TxMaxRetries)
+}
+
+func (db *DB) GetArticle(id int64) (*Article, error) {
+	query := `
+    SELECT title, created, description, content, published, author_id
+    FROM articles
+    WHERE id = ?
+    `
+	row := db.QueryRow(query, id)
+
+	article := new(Article)
+	var created []byte
+	var err error
+
+	if err := row.Scan(&article.Title, &created, &article.Description,
+		&article.Content, &article.Published, &article.AuthorID); err != nil {
+		return nil, fmt.Errorf("error scanning article row: %v", err)
+	}
+
+	article.ID = id
+	article.Created, err = time.Parse("2006-01-02 15:04:05", string(created))
+	if err != nil {
+		return nil, fmt.Errorf("error parsing created: %v", err)
+	}
+
+	return article, nil
+}
+
+func (db *DB) GetCertainArticles(published, rejected bool) ([]*Article, error) {
+	query := `
+    SELECT id, title, created, description, content, author_id, issue_id
+    FROM articles
+    WHERE published = ?
+    AND rejected = ?
+    `
+	rows, err := db.Query(query, published, rejected)
+	if err != nil {
+		return nil, fmt.Errorf("error querying articles: %v", err)
+	}
+
+	articleList := make([]*Article, 0)
+	for rows.Next() {
+		article := new(Article)
+		var created []byte
+
+		if err = rows.Scan(&article.ID, &article.Title, &created,
+			&article.Description, &article.Content, &article.AuthorID,
+			&article.IssueID); err != nil {
+			return nil, fmt.Errorf("error scanning article row: %v", err)
+		}
+
+		article.Published = false
+		article.Created, err = time.Parse("2006-01-02 15:04:05", string(created))
+		if err != nil {
+			return nil, fmt.Errorf("error parsing created: %v", err)
+		}
+
+		articleList = append(articleList, article)
+	}
+
+	return articleList, nil
+}
+
+func (db *DB) GetCurrentIssueArticles() ([]*Article, error) {
+	var issueID int64
+	txOptions := &sql.TxOptions{Isolation: sql.LevelSerializable}
+	issueQuery := "SELECT id FROM issues WHERE published = false"
+	articlesQuery := `
+    SELECT id, title, created, description, content, author_id
+    FROM articles
+    WHERE issue_id = ? AND published = true
+    `
+
+	for i := 0; i < TxMaxRetries; i++ {
+		id, err := func() ([]*Article, error) {
+			tx, err := db.BeginTx(context.Background(), txOptions)
+			if err != nil {
+				return nil, fmt.Errorf("error starting transaction: %v", err)
+			}
+
+			row := tx.QueryRow(issueQuery)
+			if err := row.Scan(&issueID); err != nil {
+				if rollbackErr := tx.Rollback(); rollbackErr != nil {
+					log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+				}
+				return nil, fmt.Errorf("error querying DB for unpublished issue: %v", err)
+			}
+
+			rows, err := tx.Query(articlesQuery, issueID)
+			if err != nil {
+				if rollbackErr := tx.Rollback(); rollbackErr != nil {
+					log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+				}
+				return nil, fmt.Errorf("error querying DB for articles of issue %v: %v", issueID, err)
+			}
+
+			articleList := make([]*Article, 0)
+			for rows.Next() {
+				article := new(Article)
+				var created []byte
+
+				if err = rows.Scan(&article.ID, &article.Title, &created,
+					&article.Description, &article.Content, &article.AuthorID); err != nil {
+					if rollbackErr := tx.Rollback(); rollbackErr != nil {
+						log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+					}
+					return nil, fmt.Errorf("error scanning article from issue %v: %v", issueID, err)
+				}
+
+				article.Created, err = time.Parse("2006-01-02 15:04:05", string(created))
+				if err != nil {
+					if rollbackErr := tx.Rollback(); rollbackErr != nil {
+						log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+					}
+					return nil, fmt.Errorf("error parsing created: %v", err)
+				}
+
+				articleList = append(articleList, article)
+			}
+
+			if err = tx.Commit(); err != nil {
+				return nil, fmt.Errorf("error committing transaction when getting articles of issue %v: %v", issueID, err)
+			}
+
+			return articleList, nil
+		}()
+		if err == nil {
+			return id, nil
+		}
+
+		log.Println(err)
+		wait(i)
+	}
+
+	return nil, fmt.Errorf("error: %v unsuccessful retries for DB operation, aborting", TxMaxRetries)
+}
+
+func (db *DB) AddArticleToCurrentIssue(id int64) error {
+	var issueID int64
+	txOptions := &sql.TxOptions{Isolation: sql.LevelSerializable}
+	selectQuery := "SELECT id FROM issues WHERE published = false"
+	updateQuery := "UPDATE articles SET issue_id = ? WHERE id = ?"
+
+	for i := 0; i < TxMaxRetries; i++ {
+		err := func() error {
+			tx, err := db.BeginTx(context.Background(), txOptions)
+			if err != nil {
+				return fmt.Errorf("error starting transaction: %v", err)
+			}
+
+			if err = tx.QueryRow(selectQuery).Scan(&issueID); err != nil {
+				if rollbackErr := tx.Rollback(); rollbackErr != nil {
+					log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+				}
+				return fmt.Errorf("error scanning row: %v", err)
+			}
+
+			_, err = db.Exec(updateQuery, issueID, id)
+			if err != nil {
+				if rollbackErr := tx.Rollback(); rollbackErr != nil {
+					log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+				}
+				return fmt.Errorf("error updating issueID for article: %v", err)
+			}
+
+			if err = tx.Commit(); err != nil {
+				return fmt.Errorf("error committing transaction when getting articles of issue %v: %v", issueID, err)
+			}
+
+			return nil
+		}()
+		if err == nil {
+			return nil
+		}
+
+		log.Println(err)
+		wait(i)
+	}
+
+	return fmt.Errorf("error: %v unsuccessful retries for DB operation, aborting", TxMaxRetries)
+}
--- a/cmd/model/articles_tags.go
+++ b/cmd/model/articles_tags.go
@ -0,0 +1,107 @@
+package model
+
+import (
+	"fmt"
+	"log"
+)
+
+func (db *DB) WriteArticleTags(articleID int64, tagIDs []int64) error {
+	query := "INSERT INTO articles_tags (article_id, tag_id) VALUES (?, ?)"
+
+	for i := 0; i < TxMaxRetries; i++ {
+		err := func() error {
+			tx, err := db.Begin()
+			if err != nil {
+				return fmt.Errorf("error starting transaction: %v", err)
+			}
+
+			for _, tagID := range tagIDs {
+				if _, err := tx.Exec(query, articleID, tagID); err != nil {
+					if rollbackErr := tx.Rollback(); rollbackErr != nil {
+						log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+					}
+					return fmt.Errorf("error inserting into articles_tags: %v", err)
+				}
+			}
+
+			if err = tx.Commit(); err != nil {
+				return fmt.Errorf("error committing transaction: %v", err)
+			}
+			return nil
+		}()
+		if err == nil {
+			return nil
+		}
+
+		log.Println(err)
+		wait(i)
+	}
+	return fmt.Errorf("error: %v unsuccessful retries for DB operation, aborting", TxMaxRetries)
+}
+
+func (db *DB) GetArticleTags(articleID int64) ([]*Tag, error) {
+	query := `
+    SELECT t.id, t.name
+    FROM articles a
+    INNER JOIN articles_tags at ON a.id = at.article_id
+    INNER JOIN tags t ON at.tag_id = t.id
+    WHERE a.id = ?
+    `
+	rows, err := db.Query(query, articleID)
+	if err != nil {
+		return nil, fmt.Errorf("error querying articles_tags: %v", err)
+	}
+
+	tags := make([]*Tag, 0)
+	for rows.Next() {
+		tag := new(Tag)
+		if err = rows.Scan(&tag.ID, &tag.Name); err != nil {
+			return nil, fmt.Errorf("error scanning rows: %v", err)
+		}
+		tags = append(tags, tag)
+	}
+
+	return tags, nil
+}
+
+func (db *DB) UpdateArticleTags(articleID int64, tagIDs []int64) error {
+	deleteQuery := "DELETE FROM articles_tags WHERE article_id = ?"
+	insertQuery := "INSERT INTO articles_tags (article_id, tag_id) VALUES (?, ?)"
+
+	for i := 0; i < TxMaxRetries; i++ {
+		err := func() error {
+			tx, err := db.Begin()
+			if err != nil {
+				return fmt.Errorf("error starting transaction: %v", err)
+			}
+
+			if _, err := tx.Exec(deleteQuery, articleID); err != nil {
+				if rollbackErr := tx.Rollback(); rollbackErr != nil {
+					log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+				}
+				return fmt.Errorf("error deleting entries from articles_tags before inserting new ones: %v", err)
+			}
+
+			for _, tagID := range tagIDs {
+				if _, err := tx.Exec(insertQuery, articleID, tagID); err != nil {
+					if rollbackErr := tx.Rollback(); rollbackErr != nil {
+						log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+					}
+					return fmt.Errorf("error inserting new entries into articles_tags: %v", err)
+				}
+			}
+
+			if err = tx.Commit(); err != nil {
+				return fmt.Errorf("error committing transaction: %v", err)
+			}
+			return nil
+		}()
+		if err == nil {
+			return nil
+		}
+
+		log.Println(err)
+		wait(i)
+	}
+	return fmt.Errorf("error: %v unsuccessful retries for DB operation, aborting", TxMaxRetries)
+}
--- a/cmd/model/db.go
+++ b/cmd/model/db.go
@ -0,0 +1,167 @@
+package model
+
+import (
+	"bufio"
+	"database/sql"
+	"fmt"
+	"log"
+	"math"
+	"math/rand/v2"
+	"os"
+	"strings"
+	"syscall"
+	"time"
+
+	"github.com/go-sql-driver/mysql"
+	"golang.org/x/term"
+)
+
+var TxMaxRetries = 5
+
+type (
+	DB struct{ *sql.DB }
+	Tx struct{ *sql.Tx }
+
+	Attribute struct {
+		Value   any
+		Table   string
+		AttName string
+		ID      int64
+	}
+)
+
+func getUsername() (string, error) {
+	user := os.Getenv("DB_USER")
+	if user == "" {
+		var err error
+		fmt.Printf("DB Benutzer: ")
+		user, err = bufio.NewReader(os.Stdin).ReadString('\n')
+		if err != nil {
+			return "", fmt.Errorf("error reading username: %v", err)
+		}
+	}
+	return strings.TrimSpace(user), nil
+}
+
+func getPassword() (string, error) {
+	pass := os.Getenv("DB_PASS")
+	if pass == "" {
+		fmt.Printf("DB Passwort: ")
+		bytePass, err := term.ReadPassword(int(syscall.Stdin))
+		if err != nil {
+			return "", fmt.Errorf("error reading password: %v", err)
+		}
+		fmt.Println()
+		pass = strings.TrimSpace(string(bytePass))
+	}
+	return pass, nil
+}
+
+func getCredentials() (string, string, error) {
+	user, err := getUsername()
+	if err != nil {
+		return "", "", fmt.Errorf("error getting username: %v", err)
+	}
+
+	pass, err := getPassword()
+	if err != nil {
+		return "", "", fmt.Errorf("error getting password: %v", err)
+	}
+
+	return user, pass, nil
+}
+
+func wait(iteration int) {
+	waitTime := time.Duration(math.Pow(2, float64(iteration))) * 100 * time.Millisecond
+	jitter := time.Duration(rand.IntN(int(waitTime)/2)) * time.Millisecond
+	time.Sleep(waitTime + jitter)
+}
+
+func OpenDB(dbName string) (*DB, error) {
+	var err error
+	db := DB{DB: new(sql.DB)}
+
+	cfg := mysql.NewConfig()
+	cfg.DBName = dbName
+	cfg.User, cfg.Passwd, err = getCredentials()
+	if err != nil {
+		return nil, fmt.Errorf("error reading user credentials for DB: %v", err)
+	}
+
+	db.DB, err = sql.Open("mysql", cfg.FormatDSN())
+	if err != nil {
+		return nil, fmt.Errorf("error opening DB: %v", err)
+	}
+	if err = db.Ping(); err != nil {
+		return nil, fmt.Errorf("error pinging DB: %v", err)
+	}
+
+	return &db, nil
+}
+
+func (db *DB) UpdateAttributes(a ...*Attribute) error {
+	for i := 0; i < TxMaxRetries; i++ {
+		err := func() error {
+			tx, err := db.Begin()
+			if err != nil {
+				return fmt.Errorf("error starting transaction: %v", err)
+			}
+
+			for _, attribute := range a {
+				query := fmt.Sprintf(`
+                    UPDATE %s
+                    SET %s = ?
+                    WHERE id = ?
+                    `, attribute.Table, attribute.AttName)
+				if _, err := tx.Exec(query, attribute.Value, attribute.ID); err != nil {
+					if rollbackErr := tx.Rollback(); rollbackErr != nil {
+						log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+					}
+					return fmt.Errorf("error updating %v in DB: %v", attribute.AttName, err)
+				}
+			}
+
+			if err = tx.Commit(); err != nil {
+				return fmt.Errorf("error committing transaction: %v", err)
+			}
+			return nil
+		}()
+		if err == nil {
+			return nil
+		}
+
+		log.Println(err)
+		wait(i)
+	}
+	return fmt.Errorf("error: %v unsuccessful retries for DB operation, aborting", TxMaxRetries)
+}
+
+func (db *DB) CountEntries(table string) (int64, error) {
+	var count int64
+
+	query := fmt.Sprintf("SELECT COUNT(*) FROM %s", table)
+	row := db.QueryRow(query)
+	if err := row.Scan(&count); err != nil {
+		return 0, fmt.Errorf("error counting rows in user DB: %v", err)
+	}
+
+	return count, nil
+}
+
+func (tx *Tx) UpdateAttributes(a ...*Attribute) error {
+	for _, attribute := range a {
+		query := fmt.Sprintf(`
+            UPDATE %s
+            SET %s = ?
+            WHERE id = ?
+            `, attribute.Table, attribute.AttName)
+		if _, err := tx.Exec(query, attribute.Value, attribute.ID); err != nil {
+			if rollbackErr := tx.Rollback(); rollbackErr != nil {
+				log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+			}
+			return fmt.Errorf("error updating %v in DB: %v", attribute.AttName, err)
+		}
+	}
+
+	return nil
+}
--- a/cmd/model/issues.go
+++ b/cmd/model/issues.go
@ -0,0 +1,65 @@
+package model
+
+import (
+	"context"
+	"database/sql"
+	"fmt"
+	"log"
+)
+
+func (db *DB) AddIssue() (int64, error) {
+	query := "INSERT INTO issues (published) VALUES (?)"
+	result, err := db.Exec(query, false)
+	if err != nil {
+		return 0, fmt.Errorf("error inserting issue into DB: %v", err)
+	}
+
+	id, err := result.LastInsertId()
+	if err != nil {
+		return 0, fmt.Errorf("error getting ID of added issue: %v", err)
+	}
+
+	return id, nil
+}
+
+func (db *DB) PublishLatestIssue() error {
+	txOptions := &sql.TxOptions{Isolation: sql.LevelSerializable}
+	updateQuery := "UPDATE issues SET published = true WHERE published = false"
+	insertQuery := "INSERT INTO issues (published) VALUES (?)"
+
+	for i := 0; i < TxMaxRetries; i++ {
+		err := func() error {
+			tx, err := db.BeginTx(context.Background(), txOptions)
+			if err != nil {
+				return fmt.Errorf("error starting transaction: %v", err)
+			}
+
+			if _, err := tx.Exec(updateQuery); err != nil {
+				if rollbackErr := tx.Rollback(); rollbackErr != nil {
+					log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+				}
+				return fmt.Errorf("error publishing issue: %v", err)
+			}
+
+			if _, err := tx.Exec(insertQuery, false); err != nil {
+				if rollbackErr := tx.Rollback(); rollbackErr != nil {
+					log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+				}
+				return fmt.Errorf("error inserting new issue into DB: %v", err)
+			}
+
+			if err = tx.Commit(); err != nil {
+				return fmt.Errorf("error committing transaction when publishing issue: %v", err)
+			}
+			return nil
+		}()
+		if err == nil {
+			return nil
+		}
+
+		log.Println(err)
+		wait(i)
+	}
+
+	return fmt.Errorf("error: %v unsuccessful retries for DB operation, aborting", TxMaxRetries)
+}
--- a/cmd/model/tags.go
+++ b/cmd/model/tags.go
@ -0,0 +1,35 @@
+package model
+
+import "fmt"
+
+type Tag struct {
+	Name string
+	ID   int64
+}
+
+func (db *DB) AddTag(tagName string) error {
+	query := "INSERT INTO tags (name) VALUES (?)"
+	if _, err := db.Exec(query, tagName); err != nil {
+		return fmt.Errorf("error inserting tag into DB: %v", err)
+	}
+	return nil
+}
+
+func (db *DB) GetTagList() ([]*Tag, error) {
+	query := "SELECT id, name FROM tags"
+	rows, err := db.Query(query)
+	if err != nil {
+		return nil, fmt.Errorf("error querying tags: %v", err)
+	}
+
+	tagList := make([]*Tag, 0)
+	for rows.Next() {
+		tag := new(Tag)
+		if err = rows.Scan(&tag.ID, &tag.Name); err != nil {
+			return nil, fmt.Errorf("error scanning tag row: %v", err)
+		}
+		tagList = append(tagList, tag)
+	}
+
+	return tagList, nil
+}
--- a/cmd/model/users.go
+++ b/cmd/model/users.go
@ -0,0 +1,270 @@
+package model
+
+import (
+	"context"
+	"database/sql"
+	"fmt"
+	"log"
+
+	"golang.org/x/crypto/bcrypt"
+)
+
+const (
+	Admin = iota
+	Publisher
+	Editor
+	Author
+)
+
+type User struct {
+	UserName  string
+	FirstName string
+	LastName  string
+	ID        int64
+	Role      int
+}
+
+func (db *DB) AddUser(u *User, pass string) (int64, error) {
+	hashedPass, err := bcrypt.GenerateFromPassword([]byte(pass), bcrypt.DefaultCost)
+	if err != nil {
+		return 0, fmt.Errorf("error creating password hash: %v", err)
+	}
+
+	query := `
+    INSERT INTO users (username, password, first_name, last_name, role)
+    VALUES (?, ?, ?, ?, ?)
+    `
+	result, err := db.Exec(query, u.UserName, string(hashedPass), u.FirstName, u.LastName, u.Role)
+	if err != nil {
+		return 0, fmt.Errorf("error inserting new user %v into DB: %v", u.UserName, err)
+	}
+	id, err := result.LastInsertId()
+	if err != nil {
+		return 0, fmt.Errorf("error inserting user into DB: %v", err)
+	}
+
+	return id, nil
+}
+
+func (db *DB) GetID(userName string) (int64, bool) {
+	var id int64
+
+	query := `
+    SELECT id
+    FROM users
+    WHERE username = ?
+    `
+	row := db.QueryRow(query, userName)
+	if err := row.Scan(&id); err != nil {
+		return 0, false
+	}
+
+	return id, true
+}
+
+func (db *DB) CheckPassword(id int64, pass string) error {
+	var queriedPass string
+
+	query := `
+    SELECT password
+    FROM users
+    WHERE id = ?
+    `
+	row := db.QueryRow(query, id)
+	if err := row.Scan(&queriedPass); err != nil {
+		return fmt.Errorf("error reading password from DB: %v", err)
+	}
+
+	if err := bcrypt.CompareHashAndPassword([]byte(queriedPass), []byte(pass)); err != nil {
+		return fmt.Errorf("incorrect password: %v", err)
+	}
+
+	return nil
+}
+
+func (tx *Tx) ChangePassword(id int64, oldPass, newPass string) error {
+	var queriedPass string
+	getQuery := `
+    SELECT password
+    FROM users
+    WHERE id = ?
+    `
+	row := tx.QueryRow(getQuery, id)
+	if err := row.Scan(&queriedPass); err != nil {
+		if rollbackErr := tx.Rollback(); rollbackErr != nil {
+			log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+		}
+		return fmt.Errorf("error reading password from DB: %v", err)
+	}
+
+	if err := bcrypt.CompareHashAndPassword([]byte(queriedPass), []byte(oldPass)); err != nil {
+		if rollbackErr := tx.Rollback(); rollbackErr != nil {
+			log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+		}
+		return fmt.Errorf("incorrect password: %v", err)
+	}
+
+	newHashedPass, err := bcrypt.GenerateFromPassword([]byte(newPass), bcrypt.DefaultCost)
+	if err != nil {
+		if rollbackErr := tx.Rollback(); rollbackErr != nil {
+			log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+		}
+		return fmt.Errorf("error creating password hash: %v", err)
+	}
+
+	setQuery := `
+    UPDATE users
+    SET password = ?
+    WHERE id = ?
+    `
+	if _, err = tx.Exec(setQuery, string(newHashedPass), id); err != nil {
+		if rollbackErr := tx.Rollback(); rollbackErr != nil {
+			log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+		}
+		return fmt.Errorf("error updating password in DB: %v", err)
+	}
+
+	return nil
+}
+
+// TODO: No need for ID field in general
+func (db *DB) GetUser(id int64) (*User, error) {
+	user := new(User)
+	query := `
+    SELECT id, username, first_name, last_name, role
+    FROM users
+    WHERE id = ?
+    `
+
+	row := db.QueryRow(query, id)
+	if err := row.Scan(&user.ID, &user.UserName, &user.FirstName,
+		&user.LastName, &user.Role); err != nil {
+		return nil, fmt.Errorf("error reading user information: %v", err)
+	}
+
+	return user, nil
+}
+
+func (db *DB) UpdateUserAttributes(id int64, user, first, last, oldPass, newPass, newPass2 string) error {
+	passwordEmpty := true
+	if len(newPass) > 0 || len(newPass2) > 0 {
+		if newPass != newPass2 {
+			return fmt.Errorf("error: passwords do not match")
+		}
+		passwordEmpty = false
+	}
+
+	tx := new(Tx)
+	var err error
+
+	for i := 0; i < TxMaxRetries; i++ {
+		err := func() error {
+			tx.Tx, err = db.Begin()
+			if err != nil {
+				return fmt.Errorf("error starting transaction: %v", err)
+			}
+
+			if !passwordEmpty {
+				if err = tx.ChangePassword(id, oldPass, newPass); err != nil {
+					if rollbackErr := tx.Rollback(); rollbackErr != nil {
+						log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+					}
+					return fmt.Errorf("error changing password: %v", err)
+				}
+			}
+
+			if err = tx.UpdateAttributes(
+				&Attribute{Table: "users", ID: id, AttName: "username", Value: user},
+				&Attribute{Table: "users", ID: id, AttName: "first_name", Value: first},
+				&Attribute{Table: "users", ID: id, AttName: "last_name", Value: last},
+			); err != nil {
+				if rollbackErr := tx.Rollback(); rollbackErr != nil {
+					log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+				}
+				return fmt.Errorf("error updating attributes in DB: %v", err)
+			}
+
+			if err = tx.Commit(); err != nil {
+				return fmt.Errorf("error committing transaction: %v", err)
+			}
+
+			return nil
+		}()
+		if err == nil {
+			return nil
+		}
+
+		log.Println(err)
+		wait(i)
+	}
+
+	return fmt.Errorf("error: %v unsuccessful retries for DB operation, aborting", TxMaxRetries)
+}
+
+func (db *DB) AddFirstUser(u *User, pass string) (int64, error) {
+	var numUsers int64
+	txOptions := &sql.TxOptions{Isolation: sql.LevelSerializable}
+	selectQuery := "SELECT COUNT(*) FROM users"
+	insertQuery := `
+    INSERT INTO users (username, password, first_name, last_name, role)
+    VALUES (?, ?, ?, ?, ?)
+    `
+
+	for i := 0; i < TxMaxRetries; i++ {
+		id, err := func() (int64, error) {
+			tx, err := db.BeginTx(context.Background(), txOptions)
+			if err != nil {
+				return 0, fmt.Errorf("error starting transaction: %v", err)
+			}
+
+			if err := tx.QueryRow(selectQuery).Scan(&numUsers); err != nil {
+				if rollbackErr := tx.Rollback(); rollbackErr != nil {
+					log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+				}
+				return 0, fmt.Errorf("error getting ID of %v: %v", u.UserName, err)
+			}
+			if numUsers != 0 {
+				if err = tx.Commit(); err != nil {
+					return 0, fmt.Errorf("error committing transaction: %v", err)
+				}
+				return 2, nil
+			}
+
+			hashedPass, err := bcrypt.GenerateFromPassword([]byte(pass), bcrypt.DefaultCost)
+			if err != nil {
+				if rollbackErr := tx.Rollback(); rollbackErr != nil {
+					log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+				}
+				return 0, fmt.Errorf("error creating password hash: %v", err)
+			}
+
+			result, err := tx.Exec(insertQuery, u.UserName, string(hashedPass), u.FirstName, u.LastName, u.Role)
+			if err != nil {
+				if rollbackErr := tx.Rollback(); rollbackErr != nil {
+					log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+				}
+				return 0, fmt.Errorf("error inserting new user %v into DB: %v", u.UserName, err)
+			}
+
+			id, err := result.LastInsertId()
+			if err != nil {
+				if rollbackErr := tx.Rollback(); rollbackErr != nil {
+					log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+				}
+				return 0, fmt.Errorf("error inserting user into DB: %v", err)
+			}
+
+			if err = tx.Commit(); err != nil {
+				return 0, fmt.Errorf("error committing transaction: %v", err)
+			}
+			return id, nil
+		}()
+		if err == nil {
+			return id, nil
+		}
+
+		log.Println(err)
+		wait(i)
+	}
+	return 0, fmt.Errorf("error: %v unsuccessful retries for DB operation, aborting", TxMaxRetries)
+}
--- a/cmd/ui/admin.go
+++ b/cmd/ui/admin.go
@ -1,127 +0,0 @@
-package ui
-
-import (
-	"fmt"
-	"html/template"
-	"log"
-	"net/http"
-	"strconv"
-
-	"streifling.com/jason/cpolis/cmd/data"
-)
-
-type AddUserData struct {
-	*data.User
-	Msg string
-}
-
-func inputsEmpty(user *data.User, pass, pass2 string) bool {
-	return len(user.UserName) == 0 ||
-		len(user.FirstName) == 0 ||
-		len(user.LastName) == 0 ||
-		len(pass) == 0 ||
-		len(pass2) == 0
-}
-
-func checkUserStrings(user *data.User) (string, int, bool) {
-	userLen := 15
-	nameLen := 50
-
-	if len(user.UserName) > userLen {
-		return "Benutzername", userLen, false
-	} else if len(user.FirstName) > nameLen {
-		return "Vorname", nameLen, false
-	} else if len(user.LastName) > nameLen {
-		return "Nachname", nameLen, false
-	} else {
-		return "", 0, true
-	}
-}
-
-func CreateUser(w http.ResponseWriter, r *http.Request) {
-	tmpl, err := template.ParseFiles("web/templates/add-user.html")
-	template.Must(tmpl, err).ExecuteTemplate(w, "page-content", nil)
-}
-
-func AddUser(db *data.DB, s *data.CookieStore) http.HandlerFunc {
-	return func(w http.ResponseWriter, r *http.Request) {
-		role, err := strconv.Atoi(r.PostFormValue("role"))
-		if err != nil {
-			log.Println(err)
-			http.Error(w, err.Error(), http.StatusInternalServerError)
-			return
-		}
-
-		htmlData := AddUserData{
-			User: &data.User{
-				UserName:  r.PostFormValue("username"),
-				FirstName: r.PostFormValue("first-name"),
-				LastName:  r.PostFormValue("last-name"),
-				Role:      role,
-			},
-		}
-		pass := r.PostFormValue("password")
-		pass2 := r.PostFormValue("password2")
-
-		if inputsEmpty(htmlData.User, pass, pass2) {
-			htmlData.Msg = "Alle Felder müssen ausgefüllt werden."
-			tmpl, err := template.ParseFiles("web/templates/add-user.html")
-			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", htmlData)
-			return
-		}
-		userString, stringLen, ok := checkUserStrings(htmlData.User)
-		if !ok {
-			htmlData.Msg = fmt.Sprint(userString, " ist zu lang. Maximal ",
-				stringLen, " Zeichen erlaubt.")
-			tmpl, err := template.ParseFiles("web/templates/add-user.html")
-			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", htmlData)
-			return
-		}
-		id, _ := db.GetID(htmlData.UserName)
-		if id != 0 {
-			htmlData.Msg = fmt.Sprint(htmlData.UserName,
-				" ist bereits vergeben. Bitte anderen Benutzernamen wählen.")
-			tmpl, err := template.ParseFiles("web/templates/add-user.html")
-			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", htmlData)
-			return
-		}
-		if pass != pass2 {
-			htmlData.Msg = "Die Passwörter stimmen nicht überein."
-			tmpl, err := template.ParseFiles("web/templates/add-user.html")
-			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", htmlData)
-			return
-		}
-
-		num, err := db.CountEntries()
-		if err != nil {
-			log.Println(err)
-			http.Error(w, err.Error(), http.StatusInternalServerError)
-			return
-		}
-		if num == 0 {
-			if htmlData.Role != data.Admin {
-				htmlData.Msg = "Der erste Benutzer muss ein Administrator sein."
-				htmlData.Role = data.Admin
-				tmpl, err := template.ParseFiles("web/templates/add-user.html")
-				tmpl = template.Must(tmpl, err)
-				tmpl.ExecuteTemplate(w, "page-content", htmlData)
-				return
-			}
-
-			if err := saveSession(w, r, s, htmlData.User); err != nil {
-				log.Println(err)
-				http.Error(w, err.Error(), http.StatusInternalServerError)
-				return
-			}
-		}
-
-		if err := db.AddUser(htmlData.User, pass); err != nil {
-			log.Println(err)
-			http.Error(w, err.Error(), http.StatusInternalServerError)
-			return
-		}
-
-		tmpl, err := template.ParseFiles("web/templates/hub.html")
-		template.Must(tmpl, err).ExecuteTemplate(w, "page-content", 0)
-	}
-}
--- a/cmd/ui/articles.go
+++ b/cmd/ui/articles.go
@ -1,157 +0,0 @@
-package ui
-
-import (
-	"html/template"
-	"log"
-	"net/http"
-	"time"
-
-	"github.com/google/uuid"
-	"github.com/gorilla/feeds"
-	"streifling.com/jason/cpolis/cmd/data"
-)
-
-func ShowHub(s *data.CookieStore) http.HandlerFunc {
-	return func(w http.ResponseWriter, r *http.Request) {
-		session, err := s.Get(r, "cookie")
-		if err != nil {
-			tmpl, err := template.ParseFiles("web/templates/login.html")
-			msg := "Session nicht mehr gültig. Bitte erneut anmelden."
-			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", msg)
-		}
-
-		tmpl, err := template.ParseFiles("web/templates/hub.html")
-		template.Must(tmpl, err).ExecuteTemplate(w, "page-content", session.Values["role"])
-	}
-}
-
-func WriteArticle(tl *data.TagList) http.HandlerFunc {
-	return func(w http.ResponseWriter, r *http.Request) {
-		tmpl, err := template.ParseFiles("web/templates/editor.html")
-		template.Must(tmpl, err).ExecuteTemplate(w, "page-content", tl.Get())
-	}
-}
-
-func FinishArticle(al *data.ArticleList, s *data.CookieStore) http.HandlerFunc {
-	return func(w http.ResponseWriter, r *http.Request) {
-		article := new(data.Article)
-		var err error
-
-		article.Title, err = data.ConvertToPlain(r.PostFormValue("editor-title"))
-		if err != nil {
-			log.Println(err)
-			http.Error(w, err.Error(), http.StatusInternalServerError)
-			return
-		}
-
-		article.Desc, err = data.ConvertToPlain(r.PostFormValue("editor-desc"))
-		if err != nil {
-			log.Println(err)
-			http.Error(w, err.Error(), http.StatusInternalServerError)
-			return
-		}
-
-		article.Content, err = data.ConvertToHTML(r.PostFormValue("editor-text"))
-		if err != nil {
-			log.Println(err)
-			http.Error(w, err.Error(), http.StatusInternalServerError)
-			return
-		}
-
-		session, err := s.Get(r, "cookie")
-		if err != nil {
-			tmpl, err := template.ParseFiles("web/templates/login.html")
-			msg := "Session nicht mehr gültig. Bitte erneut anmelden."
-			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", msg)
-		}
-
-		article.UUID = uuid.New()
-		article.Author = session.Values["name"].(string)
-		article.Created = time.Now()
-		article.AuthorID = session.Values["id"].(int64)
-
-		al.Add(article)
-		al.Save("tmp/articles.gob")
-
-		tmpl, err := template.ParseFiles("web/templates/hub.html")
-		tmpl = template.Must(tmpl, err)
-		tmpl.ExecuteTemplate(w, "page-content", session.Values["role"])
-	}
-}
-
-func ShowUnpublishedArticles(al *data.ArticleList) http.HandlerFunc {
-	return func(w http.ResponseWriter, r *http.Request) {
-		tmpl, err := template.ParseFiles("web/templates/unpublished-articles.html")
-		template.Must(tmpl, err).ExecuteTemplate(w, "page-content", al.Get())
-	}
-}
-
-func ReviewArticle(al *data.ArticleList, s *data.CookieStore) http.HandlerFunc {
-	return func(w http.ResponseWriter, r *http.Request) {
-		uuid, err := uuid.Parse(r.PostFormValue("uuid"))
-		if err != nil {
-			log.Println(err)
-			http.Error(w, err.Error(), http.StatusInternalServerError)
-			return
-		}
-
-		for _, article := range al.Get() {
-			if article.UUID == uuid {
-				tmpl, err := template.ParseFiles("web/templates/to-be-published.html")
-				template.Must(tmpl, err).ExecuteTemplate(w, "page-content", article)
-				return
-			}
-		}
-
-		session, err := s.Get(r, "cookie")
-		if err != nil {
-			tmpl, err := template.ParseFiles("web/templates/login.html")
-			msg := "Session nicht mehr gültig. Bitte erneut anmelden."
-			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", msg)
-		}
-
-		tmpl, err := template.ParseFiles("web/templates/hub.html")
-		tmpl = template.Must(tmpl, err)
-		tmpl.ExecuteTemplate(w, "page-content", session.Values["role"])
-	}
-}
-
-func PublishArticle(f *data.Feed, al *data.ArticleList, s *data.CookieStore) http.HandlerFunc {
-	return func(w http.ResponseWriter, r *http.Request) {
-		uuid, err := uuid.Parse(r.PostFormValue("uuid"))
-		if err != nil {
-			log.Println(err)
-			http.Error(w, err.Error(), http.StatusInternalServerError)
-			return
-		}
-
-		article, ok := al.Release(uuid)
-		if !ok {
-			// TODO: Warnung anzeigen
-			// msg = "Alle Felder müssen ausgefüllt werden."
-			// tmpl, err := template.ParseFiles("web/templates/add-user.html")
-			// template.Must(tmpl, err).ExecuteTemplate(w, "page-content", msg)
-			return
-		}
-
-		session, err := s.Get(r, "cookie")
-		if err != nil {
-			tmpl, err := template.ParseFiles("web/templates/login.html")
-			msg := "Session nicht mehr gültig. Bitte erneut anmelden."
-			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", msg)
-		}
-
-		f.Add(&feeds.Item{
-			Title:       article.Title,
-			Author:      &feeds.Author{Name: session.Values["name"].(string)},
-			Created:     article.Created,
-			Description: article.Desc,
-			Content:     article.Content,
-		})
-		f.Save("tmp/rss.gob")
-
-		tmpl, err := template.ParseFiles("web/templates/hub.html")
-		tmpl = template.Must(tmpl, err)
-		tmpl.ExecuteTemplate(w, "page-content", session.Values["role"])
-	}
-}
--- a/cmd/ui/editor.go
+++ b/cmd/ui/editor.go
@ -1,31 +0,0 @@
-package ui
-
-import (
-	"html/template"
-	"net/http"
-
-	"streifling.com/jason/cpolis/cmd/data"
-)
-
-func CreateTag(w http.ResponseWriter, r *http.Request) {
-	tmpl, err := template.ParseFiles("web/templates/add-tag.html")
-	template.Must(tmpl, err).ExecuteTemplate(w, "page-content", nil)
-}
-
-func AddTag(tl *data.TagList, s *data.CookieStore) http.HandlerFunc {
-	return func(w http.ResponseWriter, r *http.Request) {
-		tl.Add(r.PostFormValue("tag"))
-		tl.Save("tmp/tags.gob")
-
-		session, err := s.Get(r, "cookie")
-		if err != nil {
-			tmpl, err := template.ParseFiles("web/templates/login.html")
-			msg := "Session nicht mehr gültig. Bitte erneut anmelden."
-			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", msg)
-		}
-
-		tmpl, err := template.ParseFiles("web/templates/hub.html")
-		tmpl = template.Must(tmpl, err)
-		tmpl.ExecuteTemplate(w, "page-content", session.Values["role"])
-	}
-}
--- a/cmd/ui/rss.go
+++ b/cmd/ui/rss.go
@ -1,25 +0,0 @@
-package ui
-
-import (
-	"html/template"
-	"log"
-	"net/http"
-
-	"streifling.com/jason/cpolis/cmd/data"
-)
-
-func ShowRSS(f *data.Feed) http.HandlerFunc {
-	return func(w http.ResponseWriter, r *http.Request) {
-		feed := f.Get()
-		rss, err := feed.ToRss()
-		if err != nil {
-			log.Println(err)
-			http.Error(w, err.Error(), http.StatusInternalServerError)
-			return
-		}
-
-		files := []string{"web/templates/index.html", "web/templates/feed.rss"}
-		tmpl, err := template.ParseFiles(files...)
-		template.Must(tmpl, err).Execute(w, rss)
-	}
-}
--- a/cmd/view/articles.go
+++ b/cmd/view/articles.go
@ -0,0 +1,433 @@
+package view
+
+import (
+	"fmt"
+	"html/template"
+	"io"
+	"log"
+	"net/http"
+	"os"
+	"strconv"
+	"time"
+
+	"streifling.com/jason/cpolis/cmd/control"
+	"streifling.com/jason/cpolis/cmd/model"
+)
+
+func ShowHub(c *control.CliArgs, db *model.DB, s *control.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		session, err := s.Get(r, "cookie")
+		if err != nil {
+			tmpl, err := template.ParseFiles(c.WebDir + "/templates/login.html")
+			msg := "Session nicht mehr gültig. Bitte erneut anmelden."
+			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", msg)
+		}
+
+		tmpl, err := template.ParseFiles(c.WebDir + "/templates/hub.html")
+		template.Must(tmpl, err).ExecuteTemplate(w, "page-content", session.Values["role"].(int))
+	}
+}
+
+func WriteArticle(c *control.CliArgs, db *model.DB) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		tags, err := db.GetTagList()
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		tmpl, err := template.ParseFiles(c.WebDir + "/templates/editor.html")
+		template.Must(tmpl, err).ExecuteTemplate(w, "page-content", tags)
+	}
+}
+
+func SubmitArticle(c *control.CliArgs, db *model.DB, s *control.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		session, err := s.Get(r, "cookie")
+		if err != nil {
+			tmpl, err := template.ParseFiles(c.WebDir + "/templates/login.html")
+			msg := "Session nicht mehr gültig. Bitte erneut anmelden."
+			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", msg)
+		}
+
+		article := &model.Article{
+			Title:       r.PostFormValue("article-title"),
+			Description: r.PostFormValue("article-description"),
+			Content:     r.PostFormValue("article-content"),
+			Published:   false,
+			Rejected:    false,
+			AuthorID:    session.Values["id"].(int64),
+		}
+
+		article.ID, err = db.AddArticle(article)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		r.ParseForm()
+		tags := make([]int64, 0)
+		for _, tag := range r.Form["tags"] {
+			tagID, err := strconv.ParseInt(tag, 10, 64)
+			if err != nil {
+				log.Println(err)
+				http.Error(w, err.Error(), http.StatusInternalServerError)
+				return
+			}
+			tags = append(tags, tagID)
+		}
+		if err = db.WriteArticleTags(article.ID, tags); err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		tmpl, err := template.ParseFiles(c.WebDir + "/templates/hub.html")
+		tmpl = template.Must(tmpl, err)
+		tmpl.ExecuteTemplate(w, "page-content", session.Values["role"])
+	}
+}
+
+func ResubmitArticle(c *control.CliArgs, db *model.DB, s *control.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		id, err := strconv.ParseInt(r.PathValue("id"), 10, 64)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		title := r.PostFormValue("article-title")
+		description := r.PostFormValue("article-description")
+		content := r.PostFormValue("article-content")
+
+		if err = db.UpdateAttributes(
+			&model.Attribute{Table: "articles", ID: id, AttName: "title", Value: title},
+			&model.Attribute{Table: "articles", ID: id, AttName: "description", Value: description},
+			&model.Attribute{Table: "articles", ID: id, AttName: "content", Value: content},
+			&model.Attribute{Table: "articles", ID: id, AttName: "rejected", Value: false},
+		); err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		r.ParseForm()
+		tags := make([]int64, 0)
+		for _, tag := range r.Form["tags"] {
+			tagID, err := strconv.ParseInt(tag, 10, 64)
+			if err != nil {
+				log.Println(err)
+				http.Error(w, err.Error(), http.StatusInternalServerError)
+				return
+			}
+			tags = append(tags, tagID)
+		}
+		if err = db.UpdateArticleTags(id, tags); err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		session, err := s.Get(r, "cookie")
+		if err != nil {
+			tmpl, err := template.ParseFiles(c.WebDir + "/templates/login.html")
+			msg := "Session nicht mehr gültig. Bitte erneut anmelden."
+			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", msg)
+		}
+
+		tmpl, err := template.ParseFiles(c.WebDir + "/templates/hub.html")
+		tmpl = template.Must(tmpl, err)
+		tmpl.ExecuteTemplate(w, "page-content", session.Values["role"])
+	}
+}
+
+func ShowUnpublishedArticles(c *control.CliArgs, db *model.DB) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		unpublishedArticles, err := db.GetCertainArticles(false, false)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		tmpl, err := template.ParseFiles(c.WebDir + "/templates/unpublished-articles.html")
+		tmpl = template.Must(tmpl, err)
+		tmpl.ExecuteTemplate(w, "page-content", unpublishedArticles)
+	}
+}
+
+func ShowRejectedArticles(c *control.CliArgs, db *model.DB, s *control.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		type htmlData struct {
+			MyIDs            map[int64]bool
+			RejectedArticles []*model.Article
+		}
+		data := new(htmlData)
+
+		session, err := s.Get(r, "cookie")
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		data.RejectedArticles, err = db.GetCertainArticles(false, true)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		data.MyIDs = make(map[int64]bool)
+		for _, article := range data.RejectedArticles {
+			if article.AuthorID == session.Values["id"].(int64) {
+				data.MyIDs[article.ID] = true
+			}
+		}
+
+		tmpl, err := template.ParseFiles(c.WebDir + "/templates/rejected-articles.html")
+		tmpl = template.Must(tmpl, err)
+		tmpl.ExecuteTemplate(w, "page-content", data)
+	}
+}
+
+func ReviewUnpublishedArticle(c *control.CliArgs, db *model.DB, s *control.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		type htmlData struct {
+			Title       string
+			Description string
+			Content     template.HTML
+			Tags        []*model.Tag
+			ID          int64
+		}
+
+		var err error
+		data := new(htmlData)
+
+		data.ID, err = strconv.ParseInt(r.PathValue("id"), 10, 64)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		article, err := db.GetArticle(data.ID)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		data.Title, err = control.ConvertToPlain(article.Title)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		data.Description, err = control.ConvertToPlain(article.Description)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		content, err := control.ConvertToHTML(article.Content)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+		data.Content = template.HTML(content)
+
+		data.Tags, err = db.GetArticleTags(data.ID)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		tmpl, err := template.ParseFiles(c.WebDir + "/templates/to-be-published.html")
+		tmpl = template.Must(tmpl, err)
+		tmpl.ExecuteTemplate(w, "page-content", data)
+	}
+}
+
+func ReviewRejectedArticle(c *control.CliArgs, db *model.DB, s *control.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		type htmlData struct {
+			Selected map[int64]bool
+			Article  *model.Article
+			Tags     []*model.Tag
+		}
+		data := new(htmlData)
+
+		id, err := strconv.ParseInt(r.PathValue("id"), 10, 64)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		data.Article, err = db.GetArticle(id)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		data.Tags, err = db.GetTagList()
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		selectedTags, err := db.GetArticleTags(id)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+		data.Selected = make(map[int64]bool)
+		for _, tag := range selectedTags {
+			data.Selected[tag.ID] = true
+		}
+
+		tmpl, err := template.ParseFiles(c.WebDir + "/templates/rework-article.html")
+		tmpl = template.Must(tmpl, err)
+		tmpl.ExecuteTemplate(w, "page-content", data)
+	}
+}
+
+func PublishArticle(c *control.CliArgs, db *model.DB, s *control.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		id, err := strconv.ParseInt(r.PathValue("id"), 10, 64)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		session, err := s.Get(r, "cookie")
+		if err != nil {
+			tmpl, err := template.ParseFiles(c.WebDir + "/templates/login.html")
+			msg := "Session nicht mehr gültig. Bitte erneut anmelden."
+			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", msg)
+		}
+
+		if err = db.AddArticleToCurrentIssue(id); err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		if err = db.UpdateAttributes(
+			&model.Attribute{Table: "articles", ID: id, AttName: "published", Value: true},
+			&model.Attribute{Table: "articles", ID: id, AttName: "rejected", Value: false},
+			&model.Attribute{Table: "articles", ID: id, AttName: "created", Value: time.Now().Format("2006-01-02 15:04:05")},
+		); err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		feed, err := control.GenerateRSS(
+			db,
+			"Freimaurer Distrikt Niedersachsen und Sachsen-Anhalt",
+			"https://distrikt-ni-st.de",
+			"Freiheit, Gleichheit, Brüderlichkeit, Toleranz und Humanität",
+		)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+		if err = control.SaveRSS(c.RSSFile, feed); err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		tmpl, err := template.ParseFiles(c.WebDir + "/templates/hub.html")
+		tmpl = template.Must(tmpl, err)
+		tmpl.ExecuteTemplate(w, "page-content", session.Values["role"])
+	}
+}
+
+func RejectArticle(c *control.CliArgs, db *model.DB, s *control.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		id, err := strconv.ParseInt(r.PathValue("id"), 10, 64)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		session, err := s.Get(r, "cookie")
+		if err != nil {
+			tmpl, err := template.ParseFiles(c.WebDir + "/templates/login.html")
+			msg := "Session nicht mehr gültig. Bitte erneut anmelden."
+			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", msg)
+		}
+
+		if err = db.UpdateAttributes(
+			&model.Attribute{Table: "articles", ID: id, AttName: "rejected", Value: true},
+		); err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		tmpl, err := template.ParseFiles(c.WebDir + "/templates/hub.html")
+		tmpl = template.Must(tmpl, err)
+		tmpl.ExecuteTemplate(w, "page-content", session.Values["role"])
+	}
+}
+
+func ShowCurrentArticles(c *control.CliArgs, db *model.DB) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		articles, err := db.GetCurrentIssueArticles()
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		tmpl, err := template.ParseFiles(c.WebDir + "/templates/current-articles.html")
+		template.Must(tmpl, err).ExecuteTemplate(w, "page-content", articles)
+	}
+}
+
+func UploadImage(c *control.CliArgs) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		file, header, err := r.FormFile("article-image")
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+		defer file.Close()
+
+		filename := fmt.Sprint(c.PicsDir, time.Now().Format("2006-01-02_15:04:05"), "-", header.Filename)
+		img, err := os.Create(filename)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+		defer img.Close()
+
+		if _, err = io.Copy(img, file); err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		tmpl, err := template.ParseFiles(c.WebDir + "/templates/editor.html")
+		template.Must(tmpl, err).ExecuteTemplate(w, "editor-images", fmt.Sprint("![", header.Filename, "](", filename, ")"))
+	}
+}
--- a/cmd/view/editor.go
+++ b/cmd/view/editor.go
@ -0,0 +1,33 @@
+package view
+
+import (
+	"html/template"
+	"net/http"
+
+	"streifling.com/jason/cpolis/cmd/control"
+	"streifling.com/jason/cpolis/cmd/model"
+)
+
+func CreateTag(c *control.CliArgs) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		tmpl, err := template.ParseFiles(c.WebDir + "/templates/add-tag.html")
+		template.Must(tmpl, err).ExecuteTemplate(w, "page-content", nil)
+	}
+}
+
+func AddTag(c *control.CliArgs, db *model.DB, s *control.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		db.AddTag(r.PostFormValue("tag"))
+
+		session, err := s.Get(r, "cookie")
+		if err != nil {
+			tmpl, err := template.ParseFiles(c.WebDir + "/templates/login.html")
+			msg := "Session nicht mehr gültig. Bitte erneut anmelden."
+			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", msg)
+		}
+
+		tmpl, err := template.ParseFiles(c.WebDir + "/templates/hub.html")
+		tmpl = template.Must(tmpl, err)
+		tmpl.ExecuteTemplate(w, "page-content", session.Values["role"])
+	}
+}
--- a/cmd/view/issues.go
+++ b/cmd/view/issues.go
@ -0,0 +1,31 @@
+package view
+
+import (
+	"html/template"
+	"log"
+	"net/http"
+
+	"streifling.com/jason/cpolis/cmd/control"
+	"streifling.com/jason/cpolis/cmd/model"
+)
+
+func PublishLatestIssue(c *control.CliArgs, db *model.DB, s *control.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		if err := db.PublishLatestIssue(); err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		session, err := s.Get(r, "cookie")
+		if err != nil {
+			tmpl, err := template.ParseFiles(c.WebDir + "/templates/login.html")
+			msg := "Session nicht mehr gültig. Bitte erneut anmelden."
+			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", msg)
+		}
+
+		tmpl, err := template.ParseFiles(c.WebDir + "/templates/hub.html")
+		tmpl = template.Must(tmpl, err)
+		tmpl.ExecuteTemplate(w, "page-content", session.Values["role"])
+	}
+}
--- a/cmd/view/rss.go
+++ b/cmd/view/rss.go
@ -0,0 +1,95 @@
+package view
+
+import (
+	"fmt"
+	"html/template"
+	"log"
+	"net/http"
+	"time"
+
+	"git.streifling.com/jason/rss"
+	"streifling.com/jason/cpolis/cmd/control"
+	"streifling.com/jason/cpolis/cmd/model"
+)
+
+func ShowRSS(c *control.CliArgs, db *model.DB, title, link, desc string) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		channel := &rss.Channel{
+			Title:       title,
+			Link:        link,
+			Description: desc,
+			Items:       make([]*rss.Item, 0),
+		}
+
+		articles, err := db.GetCertainArticles(true, false)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		for _, article := range articles {
+			tags, err := db.GetArticleTags(article.ID)
+			if err != nil {
+				log.Println(err)
+				http.Error(w, err.Error(), http.StatusInternalServerError)
+				return
+			}
+			tagNames := make([]string, 0)
+			for _, tag := range tags {
+				tagNames = append(tagNames, tag.Name)
+			}
+			tagNames = append(tagNames, fmt.Sprint("Orient Express ", article.IssueID))
+
+			user, err := db.GetUser(article.AuthorID)
+			if err != nil {
+				log.Println(err)
+				http.Error(w, err.Error(), http.StatusInternalServerError)
+				return
+			}
+
+			articleTitle, err := control.ConvertToPlain(article.Title)
+			if err != nil {
+				log.Println(err)
+				http.Error(w, err.Error(), http.StatusInternalServerError)
+				return
+			}
+
+			articleDescription, err := control.ConvertToPlain(article.Description)
+			if err != nil {
+				log.Println(err)
+				http.Error(w, err.Error(), http.StatusInternalServerError)
+				return
+			}
+
+			articleContent, err := control.ConvertToHTML(article.Content)
+			if err != nil {
+				log.Println(err)
+				http.Error(w, err.Error(), http.StatusInternalServerError)
+				return
+			}
+
+			channel.Items = append(channel.Items, &rss.Item{
+				Title:       articleTitle,
+				Author:      user.FirstName + user.LastName,
+				PubDate:     article.Created.Format(time.RFC1123Z),
+				Description: articleDescription,
+				Content:     &rss.Content{Value: articleContent},
+				Categories:  tagNames,
+			})
+		}
+
+		feed := rss.NewFeed()
+		feed.Channels = append(feed.Channels, channel)
+		rss, err := feed.ToXML()
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		files := []string{c.WebDir + "/templates/index.html", c.WebDir + "/templates/feed.rss"}
+		tmpl, err := template.ParseFiles(files...)
+		template.Must(tmpl, err).Execute(w, rss)
+	}
+}
--- a/cmd/view/sessions.go
+++ b/cmd/view/sessions.go
@ -1,4 +1,4 @@
-package ui
+package view

 import (
 	"fmt"
@ -6,10 +6,11 @@ import (
 	"log"
 	"net/http"

-	"streifling.com/jason/cpolis/cmd/data"
+	"streifling.com/jason/cpolis/cmd/control"
+	"streifling.com/jason/cpolis/cmd/model"
 )

-func saveSession(w http.ResponseWriter, r *http.Request, s *data.CookieStore, u *data.User) error {
+func saveSession(w http.ResponseWriter, r *http.Request, s *control.CookieStore, u *model.User) error {
 	session, err := s.Get(r, "cookie")
 	if err != nil {
 		return fmt.Errorf("error getting session: %v", err)
@ -26,26 +27,26 @@ func saveSession(w http.ResponseWriter, r *http.Request, s *data.CookieStore, u
 	return nil
 }

-func HomePage(db *data.DB, s *data.CookieStore) http.HandlerFunc {
+func HomePage(c *control.CliArgs, db *model.DB, s *control.CookieStore) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-		numRows, err := db.CountEntries()
+		numRows, err := db.CountEntries("users")
 		if err != nil {
 			log.Fatalln(err)
 		}

-		files := []string{"web/templates/index.html"}
+		files := []string{c.WebDir + "/templates/index.html"}
 		if numRows == 0 {
-			files = append(files, "web/templates/add-user.html")
+			files = append(files, c.WebDir+"/templates/first-user.html")
 			tmpl, err := template.ParseFiles(files...)
 			template.Must(tmpl, err).Execute(w, nil)
 		} else {
 			session, _ := s.Get(r, "cookie")
 			if auth, ok := session.Values["authenticated"].(bool); auth && ok {
-				files = append(files, "web/templates/hub.html")
+				files = append(files, c.WebDir+"/templates/hub.html")
 				tmpl, err := template.ParseFiles(files...)
 				template.Must(tmpl, err).Execute(w, session.Values["role"])
 			} else {
-				files = append(files, "web/templates/login.html")
+				files = append(files, c.WebDir+"/templates/login.html")
 				tmpl, err := template.ParseFiles(files...)
 				template.Must(tmpl, err).Execute(w, nil)
 			}
@ -53,15 +54,14 @@ func HomePage(db *data.DB, s *data.CookieStore) http.HandlerFunc {
 	}
 }

-func Login(db *data.DB, s *data.CookieStore) http.HandlerFunc {
+func Login(c *control.CliArgs, db *model.DB, s *control.CookieStore) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		userName := r.PostFormValue("username")
 		password := r.PostFormValue("password")

-		id, err := db.GetID(userName)
-		if err != nil {
-			log.Println(err)
-			http.Error(w, err.Error(), http.StatusInternalServerError)
+		id, ok := db.GetID(userName)
+		if !ok {
+			http.Error(w, fmt.Sprintf("no such user: %v", userName), http.StatusInternalServerError)
 			return
 		}

@ -84,7 +84,29 @@ func Login(db *data.DB, s *data.CookieStore) http.HandlerFunc {
 			return
 		}

-		tmpl, err := template.ParseFiles("web/templates/hub.html")
+		tmpl, err := template.ParseFiles(c.WebDir + "/templates/hub.html")
 		template.Must(tmpl, err).ExecuteTemplate(w, "page-content", user.Role)
 	}
 }
+
+func Logout(c *control.CliArgs, s *control.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		session, err := s.Get(r, "cookie")
+		if err != nil {
+			tmpl, err := template.ParseFiles(c.WebDir + "/templates/login.html")
+			msg := "Session nicht mehr gültig. Bitte erneut anmelden."
+			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", msg)
+		}
+
+		session.Options.MaxAge = -1
+
+		if err = session.Save(r, w); err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		tmpl, err := template.ParseFiles(c.WebDir + "/templates/login.html")
+		template.Must(tmpl, err).ExecuteTemplate(w, "page-content", nil)
+	}
+}
--- a/cmd/view/users.go
+++ b/cmd/view/users.go
@ -0,0 +1,267 @@
+package view
+
+import (
+	"fmt"
+	"html/template"
+	"log"
+	"net/http"
+	"strconv"
+
+	"streifling.com/jason/cpolis/cmd/control"
+	"streifling.com/jason/cpolis/cmd/model"
+)
+
+type UserData struct {
+	*model.User
+	Msg string
+}
+
+func checkUserStrings(user *model.User) (string, int, bool) {
+	userLen := 15
+	nameLen := 50
+
+	if len(user.UserName) > userLen {
+		return "Benutzername", userLen, false
+	} else if len(user.FirstName) > nameLen {
+		return "Vorname", nameLen, false
+	} else if len(user.LastName) > nameLen {
+		return "Nachname", nameLen, false
+	} else {
+		return "", 0, true
+	}
+}
+
+func CreateUser(c *control.CliArgs) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		tmpl, err := template.ParseFiles(c.WebDir + "/templates/add-user.html")
+		template.Must(tmpl, err).ExecuteTemplate(w, "page-content", nil)
+	}
+}
+
+func AddUser(c *control.CliArgs, db *model.DB, s *control.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		role, err := strconv.Atoi(r.PostFormValue("role"))
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		htmlData := UserData{
+			User: &model.User{
+				UserName:  r.PostFormValue("username"),
+				FirstName: r.PostFormValue("first-name"),
+				LastName:  r.PostFormValue("last-name"),
+				Role:      role,
+			},
+		}
+		pass := r.PostFormValue("password")
+		pass2 := r.PostFormValue("password2")
+
+		if len(htmlData.UserName) == 0 || len(htmlData.FirstName) == 0 ||
+			len(htmlData.LastName) == 0 || len(pass) == 0 || len(pass2) == 0 {
+			htmlData.Msg = "Alle Felder müssen ausgefüllt werden."
+			tmpl, err := template.ParseFiles(c.WebDir + "/templates/add-user.html")
+			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", htmlData)
+			return
+		}
+		userString, stringLen, ok := checkUserStrings(htmlData.User)
+		if !ok {
+			htmlData.Msg = fmt.Sprint(userString, " ist zu lang. Maximal ",
+				stringLen, " Zeichen erlaubt.")
+			tmpl, err := template.ParseFiles(c.WebDir + "/templates/add-user.html")
+			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", htmlData)
+			return
+		}
+		id, _ := db.GetID(htmlData.UserName)
+		if id != 0 {
+			htmlData.Msg = fmt.Sprint(htmlData.UserName,
+				" ist bereits vergeben. Bitte anderen Benutzernamen wählen.")
+			tmpl, err := template.ParseFiles(c.WebDir + "/templates/add-user.html")
+			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", htmlData)
+			return
+		}
+		if pass != pass2 {
+			htmlData.Msg = "Die Passwörter stimmen nicht überein."
+			tmpl, err := template.ParseFiles(c.WebDir + "/templates/add-user.html")
+			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", htmlData)
+			return
+		}
+
+		_, err = db.AddUser(htmlData.User, pass)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		tmpl, err := template.ParseFiles(c.WebDir + "/templates/hub.html")
+		template.Must(tmpl, err).ExecuteTemplate(w, "page-content", 0)
+	}
+}
+
+func EditUser(c *control.CliArgs, db *model.DB, s *control.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		session, err := s.Get(r, "cookie")
+		if err != nil {
+			tmpl, err := template.ParseFiles(c.WebDir + "/templates/login.html")
+			msg := "Session nicht mehr gültig. Bitte erneut anmelden."
+			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", msg)
+		}
+
+		user, err := db.GetUser(session.Values["id"].(int64))
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		tmpl, err := template.ParseFiles(c.WebDir + "/templates/edit-user.html")
+		template.Must(tmpl, err).ExecuteTemplate(w, "page-content", user)
+	}
+}
+
+func UpdateUser(c *control.CliArgs, db *model.DB, s *control.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		session, err := s.Get(r, "cookie")
+		if err != nil {
+			tmpl, err := template.ParseFiles(c.WebDir + "/templates/login.html")
+			msg := "Session nicht mehr gültig. Bitte erneut anmelden."
+			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", msg)
+		}
+
+		userData := UserData{
+			User: &model.User{
+				ID:        session.Values["id"].(int64),
+				UserName:  r.PostFormValue("username"),
+				FirstName: r.PostFormValue("first-name"),
+				LastName:  r.PostFormValue("last-name"),
+			},
+		}
+		oldPass := r.PostFormValue("old-password")
+		newPass := r.PostFormValue("password")
+		newPass2 := r.PostFormValue("password2")
+
+		if len(userData.UserName) == 0 || len(userData.FirstName) == 0 ||
+			len(userData.LastName) == 0 {
+			userData.Msg = "Alle Felder mit * müssen ausgefüllt sein."
+			tmpl, err := template.ParseFiles(c.WebDir + "/templates/edit-user.html")
+			tmpl = template.Must(tmpl, err)
+			tmpl.ExecuteTemplate(w, "page-content", userData.Msg)
+			return
+		}
+
+		userString, stringLen, ok := checkUserStrings(userData.User)
+		if !ok {
+			userData.Msg = fmt.Sprint(userString, " ist zu lang. Maximal ",
+				stringLen, " Zeichen erlaubt.")
+			tmpl, err := template.ParseFiles(c.WebDir + "/templates/edit-user.html")
+			tmpl = template.Must(tmpl, err)
+			tmpl.ExecuteTemplate(w, "page-content", userData)
+			return
+		}
+
+		if id, ok := db.GetID(userData.UserName); ok {
+			if id != userData.ID {
+				userData.Msg = "Benutzername bereits vergeben."
+				userData.UserName = ""
+				tmpl, err := template.ParseFiles(c.WebDir + "/templates/edit-user.html")
+				tmpl = template.Must(tmpl, err)
+				tmpl.ExecuteTemplate(w, "page-content", userData)
+				return
+			}
+		}
+
+		if err = db.UpdateUserAttributes(
+			userData.ID,
+			userData.UserName,
+			userData.FirstName,
+			userData.LastName,
+			oldPass,
+			newPass,
+			newPass2); err != nil {
+			userData.Msg = "Aktualisierung der Benutzerdaten fehlgeschlagen."
+			tmpl, err := template.ParseFiles(c.WebDir + "/templates/edit-user.html")
+			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", userData)
+		}
+
+		tmpl, err := template.ParseFiles(c.WebDir + "/templates/hub.html")
+		tmpl = template.Must(tmpl, err)
+		tmpl.ExecuteTemplate(w, "page-content", session.Values["role"].(int))
+	}
+}
+
+func AddFirstUser(c *control.CliArgs, db *model.DB, s *control.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		var err error
+
+		htmlData := UserData{
+			User: &model.User{
+				UserName:  r.PostFormValue("username"),
+				FirstName: r.PostFormValue("first-name"),
+				LastName:  r.PostFormValue("last-name"),
+				Role:      model.Admin,
+			},
+		}
+		pass := r.PostFormValue("password")
+		pass2 := r.PostFormValue("password2")
+
+		if len(htmlData.UserName) == 0 || len(htmlData.FirstName) == 0 ||
+			len(htmlData.LastName) == 0 || len(pass) == 0 || len(pass2) == 0 {
+			htmlData.Msg = "Alle Felder müssen ausgefüllt werden."
+			tmpl, err := template.ParseFiles(c.WebDir + "/templates/add-user.html")
+			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", htmlData)
+			return
+		}
+		userString, stringLen, ok := checkUserStrings(htmlData.User)
+		if !ok {
+			htmlData.Msg = fmt.Sprint(userString, " ist zu lang. Maximal ",
+				stringLen, " Zeichen erlaubt.")
+			tmpl, err := template.ParseFiles(c.WebDir + "/templates/add-user.html")
+			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", htmlData)
+			return
+		}
+		id, _ := db.GetID(htmlData.UserName)
+		if id != 0 {
+			htmlData.Msg = fmt.Sprint(htmlData.UserName,
+				" ist bereits vergeben. Bitte anderen Benutzernamen wählen.")
+			tmpl, err := template.ParseFiles(c.WebDir + "/templates/add-user.html")
+			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", htmlData)
+			return
+		}
+		if pass != pass2 {
+			htmlData.Msg = "Die Passwörter stimmen nicht überein."
+			tmpl, err := template.ParseFiles(c.WebDir + "/templates/add-user.html")
+			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", htmlData)
+			return
+		}
+
+		htmlData.ID, err = db.AddFirstUser(htmlData.User, pass)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+		if htmlData.ID > 1 {
+			errString := "error: there is already a first user"
+			log.Println(errString)
+			http.Error(w, errString, http.StatusInternalServerError)
+			return
+		}
+
+		if err := saveSession(w, r, s, htmlData.User); err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		if _, err := db.AddIssue(); err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		tmpl, err := template.ParseFiles(c.WebDir + "/templates/hub.html")
+		template.Must(tmpl, err).ExecuteTemplate(w, "page-content", 0)
+	}
+}
--- a/create_db.sql
+++ b/create_db.sql
@ -0,0 +1,50 @@
+DROP TABLE IF EXISTS articles_tags;
+DROP TABLE IF EXISTS tags;
+DROP TABLE IF EXISTS articles;
+DROP TABLE IF EXISTS issues;
+DROP TABLE IF EXISTS users;
+
+CREATE TABLE users (
+    id          INT         AUTO_INCREMENT,
+    username    VARCHAR(15) NOT NULL UNIQUE,
+    password    VARCHAR(60) NOT NULL,
+    first_name  VARCHAR(50) NOT NULL,
+    last_name   VARCHAR(50) NOT NULL,
+    role        INT         NOT NULL,
+    PRIMARY KEY(id)
+);
+
+CREATE TABLE issues (
+    id          INT     AUTO_INCREMENT,
+    published   BOOL    NOT NULL,
+    PRIMARY KEY(id)
+);
+
+CREATE TABLE articles (
+    id          INT             AUTO_INCREMENT,
+    title       VARCHAR(255)    NOT NULL,
+    created     TIMESTAMP       DEFAULT CURRENT_TIMESTAMP,
+    description TEXT            NOT NULL,
+    content     TEXT            NOT NULL,
+    published   BOOL            NOT NULL,
+    rejected    BOOL            NOT NULL,
+    author_id   INT             NOT NULL,
+    issue_id    INT             NOT NULL,
+    PRIMARY KEY(id),
+    FOREIGN KEY(author_id) REFERENCES users(id),
+    FOREIGN KEY(issue_id) REFERENCES issues(id)
+);
+
+CREATE TABLE tags (
+    id      INT         AUTO_INCREMENT,
+    name    VARCHAR(15) NOT NULL UNIQUE,
+    PRIMARY KEY(id)
+);
+
+CREATE TABLE articles_tags (
+    article_id  INT,
+    tag_id      INT,
+    PRIMARY KEY(article_id, tag_id),
+    FOREIGN KEY(article_id) REFERENCES articles(id),
+    FOREIGN KEY(tag_id) REFERENCES tags(id)
+);
--- a/go.mod
+++ b/go.mod
@ -3,9 +3,8 @@ module streifling.com/jason/cpolis
 go 1.22.0

 require (
+	git.streifling.com/jason/rss v0.0.0-20240305164907-524bf9676188
 	github.com/go-sql-driver/mysql v1.7.1
-	github.com/google/uuid v1.6.0
-	github.com/gorilla/feeds v1.1.2
 	github.com/gorilla/sessions v1.2.2
 	github.com/microcosm-cc/bluemonday v1.0.26
 	github.com/yuin/goldmark v1.7.0
--- a/go.sum
+++ b/go.sum
@ -1,27 +1,19 @@
+git.streifling.com/jason/rss v0.0.0-20240305164907-524bf9676188 h1:C8M/j3f+cl5Y7YfGpU/ynb/SC/4tTYMDsyGFt3rswM8=
+git.streifling.com/jason/rss v0.0.0-20240305164907-524bf9676188/go.mod h1:gpZF0nZbQSstMpyHD9DTAvlQEG7v4pjO5c7aIMWM4Jg=
 github.com/aymerick/douceur v0.2.0 h1:Mv+mAeH1Q+n9Fr+oyamOlAkUNPWPlA8PPGR0QAaYuPk=
 github.com/aymerick/douceur v0.2.0/go.mod h1:wlT5vV2O3h55X9m7iVYN0TBM0NH/MmbLnd30/FjWUq4=
 github.com/go-sql-driver/mysql v1.7.1 h1:lUIinVbN1DY0xBg0eMOzmmtGoHwWBbvnWubQUrtU8EI=
 github.com/go-sql-driver/mysql v1.7.1/go.mod h1:OXbVy3sEdcQ2Doequ6Z5BW6fXNQTmx+9S1MCJN5yJMI=
 github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
 github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
-github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
-github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/gorilla/css v1.0.0 h1:BQqNyPTi50JCFMTw/b67hByjMVXZRwGha6wxVGkeihY=
 github.com/gorilla/css v1.0.0/go.mod h1:Dn721qIggHpt4+EFCcTLTU/vk5ySda2ReITrtgBl60c=
-github.com/gorilla/feeds v1.1.2 h1:pxzZ5PD3RJdhFH2FsJJ4x6PqMqbgFk1+Vez4XWBW8Iw=
-github.com/gorilla/feeds v1.1.2/go.mod h1:WMib8uJP3BbY+X8Szd1rA5Pzhdfh+HCCAYT2z7Fza6Y=
 github.com/gorilla/securecookie v1.1.2 h1:YCIWL56dvtr73r6715mJs5ZvhtnY73hBvEF8kXD8ePA=
 github.com/gorilla/securecookie v1.1.2/go.mod h1:NfCASbcHqRSY+3a8tlWJwsQap2VX5pwzwo4h3eOamfo=
 github.com/gorilla/sessions v1.2.2 h1:lqzMYz6bOfvn2WriPUjNByzeXIlVzURcPmgMczkmTjY=
 github.com/gorilla/sessions v1.2.2/go.mod h1:ePLdVu+jbEgHH+KWw8I1z2wqd0BAdAQh/8LRvBeoNcQ=
-github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
-github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
-github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
-github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/microcosm-cc/bluemonday v1.0.26 h1:xbqSvqzQMeEHCqMi64VAs4d8uy6Mequs3rQ0k/Khz58=
 github.com/microcosm-cc/bluemonday v1.0.26/go.mod h1:JyzOCs9gkyQyjs+6h10UEVSe02CGwkhd72Xdqh78TWs=
-github.com/rogpeppe/go-internal v1.9.0 h1:73kH8U+JUqXU8lRuOHeVHaa/SZPifC7BkcraZVejAe8=
-github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs=
 github.com/yuin/goldmark v1.7.0 h1:EfOIvIMZIzHdB/R/zVrikYLPPwJlfMcNczJFMs1m6sA=
 github.com/yuin/goldmark v1.7.0/go.mod h1:uzxRWxtg69N339t3louHJ7+O03ezfj6PlliRlaOzY1E=
 golang.org/x/crypto v0.14.0 h1:wBqGXzWJW6m1XrIKlAH0Hs1JJ7+9KBwnIO8v66Q9cHc=
--- a/main.go
+++ b/main.go
@ -1,79 +0,0 @@
-package main
-
-import (
-	"encoding/gob"
-	"log"
-	"net/http"
-	"os"
-
-	"streifling.com/jason/cpolis/cmd/data"
-	"streifling.com/jason/cpolis/cmd/ui"
-)
-
-func init() {
-	gob.Register(data.User{})
-}
-
-func main() {
-	logFile, err := os.OpenFile("tmp/cpolis.log",
-		os.O_WRONLY|os.O_CREATE|os.O_APPEND, 0644)
-	if err != nil {
-		log.Fatalln(err)
-	}
-	defer logFile.Close()
-	log.SetOutput(logFile)
-
-	db, err := data.OpenDB("cpolis")
-	if err != nil {
-		log.Fatalln(err)
-	}
-	defer db.Close()
-
-	feed, err := data.OpenFeed("tmp/rss.gob")
-	if err != nil {
-		log.Println(err)
-		feed = data.NewFeed("Freimaurer Distrikt Niedersachsen und Sachsen-Anhalt",
-			"https://distrikt-ni-st.de",
-			"Freiheit, Gleichheit, Brüderlichkeit, Toleranz und Humanität")
-	}
-
-	key, err := data.LoadKey("tmp/key.gob")
-	if err != nil {
-		key, err = data.NewKey()
-		if err != nil {
-			log.Fatalln(err)
-		}
-		data.SaveKey(key, "tmp/key.gob")
-	}
-	store := data.NewCookieStore(key)
-
-	articleList, err := data.LoadArticleList("tmp/articles.gob")
-	if err != nil {
-		articleList = data.NewArticleList()
-	}
-
-	tagList, err := data.LoadTagList("tmp/tags.gob")
-	if err != nil {
-		tagList = data.NewTagList()
-	}
-
-	mux := http.NewServeMux()
-	mux.Handle("/web/static/", http.StripPrefix("/web/static/", http.FileServer(http.Dir("web/static/"))))
-	mux.HandleFunc("/", ui.HomePage(db, store))
-
-	mux.HandleFunc("GET /create-tag/", ui.CreateTag)
-	mux.HandleFunc("GET /create-user/", ui.CreateUser)
-	mux.HandleFunc("GET /hub/", ui.ShowHub(store))
-	mux.HandleFunc("GET /rss/", ui.ShowRSS(feed))
-	mux.HandleFunc("GET /unpublished-articles/", ui.ShowUnpublishedArticles(articleList))
-	mux.HandleFunc("GET /write-article/", ui.WriteArticle(tagList))
-
-	mux.HandleFunc("POST /add-tag/", ui.AddTag(tagList, store))
-	mux.HandleFunc("POST /add-user/", ui.AddUser(db, store))
-	mux.HandleFunc("POST /finish-article/", ui.FinishArticle(articleList, store))
-	mux.HandleFunc("POST /login/", ui.Login(db, store))
-	mux.HandleFunc("POST /review-article/", ui.ReviewArticle(articleList, store))
-	mux.HandleFunc("POST /publish-article/", ui.PublishArticle(feed, articleList, store))
-
-	log.Fatalln(http.ListenAndServe(":8080", mux))
-}
--- a/tailwind.config.js
+++ b/tailwind.config.js
@ -0,0 +1,10 @@
+/** @type {import('tailwindcss').Config} */
+module.exports = {
+    content: ["./web/templates/*.html"],
+    theme: {
+        extend: {}
+    },
+    plugins: [
+        require('@tailwindcss/typography')
+    ],
+}
--- a/web/static/css/input.css
+++ b/web/static/css/input.css
@ -0,0 +1,41 @@
+@tailwind base;
+@tailwind components;
+@tailwind utilities;
+
+body {
+    width: 800px;
+    @apply mx-auto text-slate-900;
+}
+
+h2 {
+    @apply font-bold mb-2 text-2xl;
+}
+
+form {
+    @apply flex flex-col gap-y-3;
+}
+
+input[type="file"] {
+    @apply border rounded-md w-full;
+}
+
+input[type="password"],
+input[type="text"] {
+    @apply border h-8 rounded-md;
+}
+
+textarea {
+    @apply border h-32 rounded-md;
+}
+
+.btn-area {
+    @apply flex gap-4 mt-4;
+}
+
+.btn {
+    @apply bg-slate-200 border my-2 px-3 py-2 rounded-md w-full hover:bg-slate-100;
+}
+
+.action-btn {
+    @apply bg-slate-800 border my-2 px-3 py-2 rounded-md text-slate-50 w-full hover:bg-slate-700;
+}
--- a/web/static/css/style.css
+++ b/web/static/css/style.css
--- a/web/templates/add-tag.html
+++ b/web/templates/add-tag.html
@ -1,8 +1,12 @@
 {{define "page-content"}}
-<h2>Neuer Benutzer</h2>
+<h2>Neuer Tag</h2>
+
 <form>
-    <input required name="tag" placeholder="Tag" type="text" />
-    <input type="submit" value="Anlegen" hx-post="/add-tag/" hx-target="#page-content" />
+    <input required name="tag" placeholder="Tag eingeben" type="text" />
+    <div class="btn-area">
+        <input class="action-btn" type="submit" value="Anlegen" hx-post="/add-tag/" hx-target="#page-content" />
+        <button class="btn" hx-get="/hub/" hx-target="#page-content">Abbrechen</button>
+    </div>
 </form>
-<button hx-get="/hub/" hx-target="#page-content">Abbrechen</button>
+
 {{end}}
--- a/web/templates/add-user.html
+++ b/web/templates/add-user.html
@ -1,23 +1,53 @@
 {{define "page-content"}}
 <h2>Neuer Benutzer</h2>
 <form>
-    <input required name="username" placeholder="Benutzername" type="text" value="{{.UserName}}" />
-    <input required name="password" placeholder="Passwort" type="password" />
-    <input required name="password2" placeholder="Passwort wiederholen" type="password" />
+    <div class="grid grid-cols-3 gap-4">
+        <div>
+            <label for="username">Benutzername</label>
+            <input class="w-full" required name="username" type="text" value="{{.UserName}}" />
+        </div>
+        <div>
+            <label for="password">Passwort</label>
+            <input class="w-full" required name="password" placeholder="***" type="password" />
+        </div>
+        <div>
+            <label for="password2">Passwort wiederholen</label>
+            <input class="w-full" required name="password2" placeholder="***" type="password" />
+        </div>
+        <div>
+            <label for="first-name">Vorname</label>
+            <input class="w-full" required name="first-name" type="text" value="{{.FirstName}}" />
+        </div>
+        <div>
+            <label for="last-name">Nachname</label>
+            <input class="w-full" required name="last-name" type="text" value="{{.LastName}}" />
+        </div>
+    </div>

-    <input required name="first-name" placeholder="Vorname" type="text" value="{{.FirstName}}" />
-    <input required name="last-name" placeholder="Nachname" type="text" value="{{.LastName}}" />
-
-    <input required id="writer" name="role" type="radio" value="2" {{if eq .Role 2 }}checked{{end}} />
-    <label for="writer">Schreiber</label>
-    <input required id="editor" name="role" type="radio" value="1" {{if eq .Role 1 }}checked{{end}} />
+    <div class="flex gap-4">
+        <div>
+            <input required id="author" name="role" type="radio" value="3" {{if eq .Role 3 }}checked{{end}} />
+            <label for="author">Autor</label>
+        </div>
+        <div>
+            <input required id="editor" name="role" type="radio" value="2" {{if eq .Role 2 }}checked{{end}} />
            <label for="editor">Redakteur</label>
+        </div>
+        <div>
+            <input required id="publisher" name="role" type="radio" value="1" {{if eq .Role 1 }}checked{{end}} />
+            <label for="publisher">Herausgeber</label>
+        </div>
+        <div>
            <input required id="admin" name="role" type="radio" value="0" {{if eq .Role 0 }}checked{{end}} />
            <label for="admin">Admin</label>
+        </div>
+    </div>

-    <input type="submit" value="Anlegen" hx-post="/add-user/" hx-target="#page-content" />
+    <div class="btn-area">
+        <input class="action-btn" type="submit" value="Anlegen" hx-post="/add-user/" hx-target="#page-content" />
+        <button class="btn" hx-get="/hub/" hx-target="#page-content">Abbrechen</button>
+    </div>
 </form>
-<button hx-get="/hub/" hx-target="#page-content">Abbrechen</button>

 <script>
    var msg = "{{.Msg}}";
--- a/web/templates/current-articles.html
+++ b/web/templates/current-articles.html
@ -0,0 +1,15 @@
+{{define "page-content"}}
+<div class="flex flex-col gap-4">
+    {{range .}}
+    <div class="border px-2 py-1 rounded-md">
+        <h1 class="font-bold text-2xl">{{.Title}}</h1>
+        <p>{{.Description}}</p>
+    </div>
+    {{end}}
+</div>
+
+<div class="btn-area">
+    <button class="action-btn" hx-get="/publish-issue/" hx-target="#page-content">Ausgabe publizieren</button>
+    <button class="btn" hx-get="/hub/" hx-target="#page-content">Abbrechen</button>
+</div>
+{{end}}
--- a/web/templates/edit-user.html
+++ b/web/templates/edit-user.html
@ -0,0 +1,36 @@
+{{define "page-content"}}
+<form>
+    <div class="grid grid-cols-3 gap-4">
+        <div>
+            <label for="username">Benutzername</label>
+            <input class="w-full" name="username" type="text" value="{{.UserName}}" />
+        </div>
+        <div>
+            <label for="first-name">Vorname</label>
+            <input class="w-full" name="first-name" type="text" value="{{.FirstName}}" />
+        </div>
+        <div>
+            <label for="last-name">Nachname</label>
+            <input class="w-full" name="last-name" type="text" value="{{.LastName}}" />
+        </div>
+        <div>
+            <label for="old-password">Altes Passwort</label>
+            <input class="w-full" name="old-password" placeholder="***" type="password" />
+        </div>
+        <div>
+            <label for="password">Passwort</label>
+            <input class="w-full" name="password" placeholder="***" type="password" />
+        </div>
+        <div>
+            <label for="password2">Passwort wiederholen</label>
+            <input class="w-full" name="password2" placeholder="***" type="password" />
+        </div>
+    </div>
+
+    <div class="btn-area">
+        <input class="action-btn" type="submit" value="Aktualisieren" hx-post="/update-user/"
+            hx-target="#page-content" />
+        <button class="btn" hx-get="/hub/" hx-target="#page-content">Abbrechen</button>
+    </div>
+</form>
+{{end}}
--- a/web/templates/editor.html
+++ b/web/templates/editor.html
@ -1,17 +1,69 @@
 {{define "page-content"}}
 <h2>Editor</h2>
 <form>
-    <input name="editor-title" placeholder="Titel" type="text" />
-    <textarea name="editor-desc" placeholder="Beschreibung"></textarea>
-    <textarea name="editor-text" placeholder="Artikel"></textarea>
+    <div class="flex flex-col gap-y-1">
+        <label for="article-title">Titel</label>
+        <input name="article-title" type="text" />
+    </div>
+    <div class="flex flex-col">
+        <label for="article-description">Beschreibung</label>
+        <textarea name="article-description"></textarea>
+    </div>
+    <div class="flex flex-col">
+        <label for="article-content">Artikel</label>
+        <textarea name="article-content"></textarea>
+    </div>
+
+    <div>
+        <span>Tags</span>
+        <div class="flex gap-4">
            {{range .}}
-    <input id="{{.}}" name="tags" type="checkbox" value="{{.}}" />
-    <label for="{{.}}">{{.}}</label>
+            <div>
+                <input id="{{.Name}}" name="tags" type="checkbox" value="{{.ID}}" />
+                <label for="{{.Name}}">{{.Name}}</label>
+            </div>
            {{end}}
-    <input type="submit" value="Senden" hx-post="/finish-article/" hx-target="#page-content" />
+        </div>
+    </div>
+
+    <div id="editor-images">
+        <input class="mb-2" name="article-image" type="file" hx-encoding="multipart/form-data" hx-post="/upload-image/"
+            hx-swap="beforeend" hx-target="#editor-images" />
+    </div>
+
+    <div class="btn-area">
+        <input class="action-btn" type="submit" value="Senden" hx-post="/submit-article/" hx-target="#page-content" />
+        <button class="btn" hx-get="/hub/" hx-target="#page-content">Abbrechen</button>
+    </div>
 </form>
+
+<script>
+    function copyToClipboard(text) {
+        event.preventDefault(); // Get-Request verhindern
+
+        var textarea = document.createElement("textarea");
+        textarea.textContent = text;
+        document.body.appendChild(textarea);
+
+        textarea.select();
+        try {
+            document.execCommand('copy');
+        } catch (err) {
+            console.warn('Fehler beim Kopieren', err);
+        }
+
+        document.body.removeChild(textarea);
+    }
+
+</script>
 {{end}}

-{{define "html-result"}}
-{{.}}
+{{define "editor-images"}}
+{{if gt (len .) 0}}
+<div class="border px-2 py-1 rounded-md flex gap-4 justify-between">
+    <div class="self-center">{{.}}</div>
+    <button class="bg-slate-50 border my-2 px-3 py-2 rounded-md w-32 hover:bg-slate-100"
+        onclick="copyToClipboard('{{.}}')">Kopieren</button>
+</div>
+{{end}}
 {{end}}
--- a/web/templates/first-user.html
+++ b/web/templates/first-user.html
@ -0,0 +1,39 @@
+{{define "page-content"}}
+<h2>Erster Benutzer (Administrator)</h2>
+
+<form>
+    <div class="grid grid-cols-3 gap-4">
+        <div>
+            <label for="username">Benutzername</label>
+            <input class="w-full" required name="username" type="text" value="{{.UserName}}" />
+        </div>
+        <div>
+            <label for="password">Passwort</label>
+            <input class="w-full" required name="password" placeholder="***" type="password" />
+        </div>
+        <div>
+            <label for="password2">Passwort wiederholen</label>
+            <input class="w-full" required name="password2" placeholder="***" type="password" />
+        </div>
+        <div>
+            <label for="first-name">Vorname</label>
+            <input class="w-full" required name="first-name" type="text" value="{{.FirstName}}" />
+        </div>
+        <div>
+            <label for="last-name">Nachname</label>
+            <input class="w-full" required name="last-name" type="text" value="{{.LastName}}" />
+        </div>
+    </div>
+
+    <div class="btn-area">
+        <input class="action-btn" type="submit" value="Anlegen" hx-post="/add-first-user/" hx-target="#page-content" />
+    </div>
+</form>
+
+<script>
+    var msg = "{{.Msg}}";
+    if (msg != "") {
+        alert(msg);
+    }
+</script>
+{{end}}
--- a/web/templates/hub.html
+++ b/web/templates/hub.html
@ -1,12 +1,45 @@
 {{define "page-content"}}
-<h2>Hub</h2>
-<button hx-get="/write-article/" hx-target="#page-content">Artikel schreiben</button>
-<button hx-get="/rss/" hx-target="#page-content">RSS Feed</button>
-{{if lt . 2}}
-<button hx-get="/unpublished-articles/" hx-target="#page-content">Unveröffentlichte Artikel</button>
-<button hx-get="/create-tag/" hx-target="#page-content">Neuer Tag</button>
-{{end}}
-{{if eq . 0}}
-<button hx-get="/create-user/" hx-target="#page-content">Benutzer hinzufügen</button>
-{{end}}
+<div class="flex flex-col gap-4">
+    <button class="btn" hx-get="/logout/" hx-target="#page-content">Abmelden</button>
+
+    <div class="mb-3">
+        <h2>Autor</h2>
+        <div class="grid grid-cols-2 gap-x-4 gap-y-2">
+            <button class="btn" hx-get="/write-article/" hx-target="#page-content">Artikel schreiben</button>
+            <button class="btn" hx-get="/rejected-articles/" hx-target="#page-content">Abgelehnte Artikel</button>
+            <button class="btn" hx-get="/rss/" hx-target="#page-content">RSS Feed</button>
+            <button class="btn" hx-get="/edit-user/" hx-target="#page-content">Benutzer bearbeiten</button>
+        </div>
+    </div>
+
+    {{if lt . 3}}
+    <div class="mb-3">
+        <h2>Redakteur</h2>
+        <div class="grid grid-cols-2 gap-4">
+            <button class="btn" hx-get="/unpublished-articles/" hx-target="#page-content">
+                Unveröffentlichte Artikel
+            </button>
+            <button class="btn" hx-get="/create-tag/" hx-target="#page-content">Neuer Tag</button>
+        </div>
+    </div>
+    {{end}}
+
+    {{if lt . 2}}
+    <div class="mb-3">
+        <h2>Herausgeber</h2>
+        <div class="grid grid-cols-2 gap-4">
+            <button class="btn" hx-get="/this-issue/" hx-target="#page-content">Diese Ausgabe</button>
+        </div>
+    </div>
+    {{end}}
+
+    {{if eq . 0}}
+    <div class="mb-3">
+        <h2>Administrator</h2>
+        <div class="grid grid-cols-2 gap-4">
+            <button class="btn" hx-get="/create-user/" hx-target="#page-content">Benutzer hinzufügen</button>
+        </div>
+    </div>
+    {{end}}
+</div>
 {{end}}
--- a/web/templates/index.html
+++ b/web/templates/index.html
@ -5,17 +5,27 @@
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <title>Orient Editor</title>
-    <link href="web/static/css/style.css" rel="stylesheet">
+    <link href="/web/static/css/style.css" rel="stylesheet">
 </head>

-<body>
-    <h1>Orient Editor</h1>
+<body class="flex flex-col justify-between min-h-screen bg-slate-50">
+    <header class="my-8">
+        <h1 class="font-bold text-4xl text-center">Orient Editor</h1>
+    </header>

+    <main class="mx-4">
        <div id="page-content">
            {{template "page-content" .}}
        </div>
+    </main>

-    <script src="web/static/js/htmx.min.js"></script>
+    <footer class="my-8">
+        <p class="text-center text-gray-500 dark:text-gray-400">
+            &copy; 2024 Jason Streifling. Alle Rechte vorbehalten.
+        </p>
+    </footer>
+
+    <script src="/web/static/js/htmx.min.js"></script>
 </body>

 </html>
--- a/web/templates/login.html
+++ b/web/templates/login.html
@ -1,8 +1,11 @@
 {{define "page-content"}}
 <h2>Anmeldung</h2>
 <form>
-    <input name="username" placeholder="Benutzername" type="text" />
-    <input name="password" placeholder="Passwort" type="password" />
-    <input type="submit" value="Anmelden" hx-post="/login/" hx-target="#page-content" />
+    <div class="btn-area">
+        <input class="w-full" name="username" placeholder="Benutzername" type="text" />
+        <input class="w-full" name="password" placeholder="Passwort" type="password" />
+    </div>
+
+    <input class="action-btn" type="submit" value="Anmelden" hx-post="/login/" hx-target="#page-content" />
 </form>
 {{end}}
--- a/web/templates/rejected-articles.html
+++ b/web/templates/rejected-articles.html
@ -0,0 +1,14 @@
+{{define "page-content"}}
+<div class="flex flex-col gap-4">
+    {{range .RejectedArticles}}
+    {{if index $.MyIDs .ID}}
+    <button class="btn" hx-get="/review-rejected-article/{{.ID}}/" hx-target="#page-content">
+        <h1 class="font-bold text-2xl">{{.Title}}</h1>
+        <p>{{.Description}}</p>
+    </button>
+    {{end}}
+    {{end}}
+
+    <button class="action-btn" hx-get="/hub/" hx-target="#page-content">Zurück</button>
+</div>
+{{end}}
--- a/web/templates/rework-article.html
+++ b/web/templates/rework-article.html
@ -0,0 +1,71 @@
+{{define "page-content"}}
+<h2>Editor</h2>
+<form>
+    <div class="flex flex-col gap-y-1">
+        <label for="article-title">Titel</label>
+        <input name="article-title" type="text" value="{{.Article.Title}}" />
+    </div>
+    <div class="flex flex-col">
+        <label for="article-description">Beschreibung</label>
+        <textarea name="article-description">{{.Article.Description}}</textarea>
+    </div>
+    <div class="flex flex-col">
+        <label for="article-content">Artikel</label>
+        <textarea name="article-content" placeholder="Artikel">{{.Article.Content}}</textarea>
+    </div>
+
+    <div>
+        <span>Tags</span>
+        <div class="flex gap-4">
+            {{range .Tags}}
+            <div>
+                <input id="tag-{{.Name}}" name="tags" type="checkbox" value="{{.ID}}" {{if index $.Selected
+                    .ID}}checked{{end}} />
+                <label for="tag-{{.Name}}">{{.Name}}</label>
+            </div>
+            {{end}}
+        </div>
+    </div>
+
+    <div id="editor-images">
+        <input class="mb-2" name="article-image" type="file" hx-encoding="multipart/form-data" hx-post="/upload-image/"
+            hx-swap="beforeend" hx-target="#editor-images" />
+    </div>
+
+    <div class="btn-area">
+        <input class="action-btn" type="submit" value="Senden" hx-post="/resubmit-article/{{.Article.ID}}/"
+            hx-target="#page-content" />
+        <button class="btn" hx-get="/hub/" hx-target="#page-content">Zurück</button>
+    </div>
+</form>
+
+<script>
+    function copyToClipboard(text) {
+        event.preventDefault(); // Get-Request verhindern
+
+        var textarea = document.createElement("textarea");
+        textarea.textContent = text;
+        document.body.appendChild(textarea);
+
+        textarea.select();
+        try {
+            document.execCommand('copy');
+        } catch (err) {
+            console.warn('Fehler beim Kopieren', err);
+        }
+
+        document.body.removeChild(textarea);
+    }
+
+</script>
+{{end}}
+
+{{define "editor-images"}}
+{{if gt (len .) 0}}
+<div class="border px-2 py-1 rounded-md flex gap-4 justify-between">
+    <div class="self-center">{{.}}</div>
+    <button class="bg-slate-50 border my-2 px-3 py-2 rounded-md w-32 hover:bg-slate-100"
+        onclick="copyToClipboard('{{.}}')">Kopieren</button>
+</div>
+{{end}}
+{{end}}
--- a/web/templates/to-be-published.html
+++ b/web/templates/to-be-published.html
@ -1,11 +1,35 @@
 {{define "page-content"}}
-<form>
-    <input name="editor-title" type="text" value="{{.Title}}" />
-    <textarea name="editor-desc">{{.Desc}}</textarea>
-    <textarea name="editor-text">{{.Content}}</textarea>
-    <input name="uuid" type="hidden" value="{{.UUID}}" />
-    <input type="submit" value="Veröffentlichen" hx-post="/publish-article/" hx-target="#page-content" />
-    <input type="submit" value="Ablehnen" hx-post="/reject-article/" hx-target="#page-content" />
-</form>
-<button hx-get="/hub/" hx-target="#page-content">Zurück</button>
+<div>
+    <span>Titel</span>
+    <div class="bg-white border mb-3 px-2 py-2 rounded-md w-full">
+        {{.Title}}
+    </div>
+
+    <span>Beschreibung</span>
+    <div class="bg-white border mb-3 px-2 py-2 rounded-md w-full">
+        {{.Description}}
+    </div>
+
+    <span>Artikel</span>
+    <div class="bg-white border mb-3 px-2 py-2 rounded-md w-full">
+        <div class="prose">
+            {{.Content}}
+        </div>
+    </div>
+
+    <span>Tags</span>
+    <div class="bg-white border mb-3 px-2 py-2 rounded-md w-full">
+        {{range .Tags}}
+        {{.Name}}
+        <br>
+        {{end}}
+    </div>
+
+    <div class="btn-area">
+        <input class="action-btn" type="submit" value="Veröffentlichen" hx-get="/publish-article/{{.ID}}/"
+            hx-target="#page-content" />
+        <input class="btn" type="submit" value="Ablehnen" hx-get="/reject-article/{{.ID}}/" hx-target="#page-content" />
+        <button class="btn" hx-get="/hub/" hx-target="#page-content">Zurück</button>
+    </div>
+</div>
 {{end}}
--- a/web/templates/unpublished-articles.html
+++ b/web/templates/unpublished-articles.html
@ -1,10 +1,11 @@
 {{define "page-content"}}
-<form>
+<div class="flex flex-col gap-4">
    {{range .}}
-    <input required id="{{.UUID}}" name="uuid" type="radio" value="{{.UUID}}" />
-    <label for="{{.UUID}}">{{.Title}}</label>
+    <button class="btn" hx-get="/review-unpublished-article/{{.ID}}/" hx-target="#page-content">
+        <h1 class="font-bold text-2xl">{{.Title}}</h1>
+        <p>{{.Description}}</p>
+    </button>
    {{end}}
-    <input type="submit" value="Auswählen" hx-post="/review-article/" hx-target="#page-content" />
-</form>
-<button hx-get="/hub/" hx-target="#page-content">Zurück</button>
+    <button class="action-btn" hx-get="/hub/" hx-target="#page-content">Zurück</button>
+</div>
 {{end}}
Author	SHA1	Message	Date
Jason Streifling	d62c5a4078	Changed visual layout for to-be-published articles	2024-04-03 18:12:28 +02:00
Jason Streifling	803c5bbdbd	Slightly changed button color and changed body height to be min-100vh	2024-04-03 04:50:25 +02:00
Jason Streifling	c74bdeba72	Only show logout button in hub	2024-04-02 21:35:34 +02:00
Jason Streifling	717f1c813b	Add setup script for DB	2024-04-02 19:38:16 +02:00
Jason Streifling	52797760bb	Also, handle first user differently under the hood	2024-04-02 19:37:53 +02:00
Jason Streifling	8711ba0629	Handle first user differently from the rest	2024-04-01 19:26:18 +02:00
Jason Streifling	ed51d28c65	Corrected back button class for unpublished articles	2024-04-01 15:58:36 +02:00
Jason Streifling	7e7de28b14	Streamlined selection of rejected and unpublished articles	2024-04-01 15:42:51 +02:00
Jason Streifling	0139f7ab9a	Use ID in path rather than an invisible input when publishing, rejecting or resubmitting an article	2024-04-01 15:30:24 +02:00
Jason Streifling	7fc115bcc3	Refined look of rejected and unpublished articles	2024-04-01 14:38:31 +02:00
Jason Streifling	ae90f693f6	no more style.css	2024-04-01 14:27:42 +02:00
Jason Streifling	a730e11b4a	Styled with tailwind css	2024-04-01 14:22:59 +02:00
Jason Streifling	959e1e96b3	Fix typo	2024-03-31 05:00:57 +02:00
Jason Streifling	68b052625f	Fixed bug with specifying port	2024-03-30 10:22:51 +01:00
Jason Streifling	a0fe0024f2	Allow uploading pictures when editing once rejected articles	2024-03-30 09:56:22 +01:00
Jason Streifling	6e3c4bf647	Added ability to specify port and RSS file as command line arguments	2024-03-30 09:55:37 +01:00
Jason Streifling	26988ecf6a	Corrected error messages for CliArgs	2024-03-29 09:48:03 +01:00
Jason Streifling	9408ce99e3	Added DBName into CliArgs	2024-03-29 09:16:41 +01:00
Jason Streifling	af036b4909	Added ability to upload media and parse cli arguments	2024-03-29 09:07:17 +01:00
Jason Streifling	e60e6114bd	Generate RSS to file	2024-03-28 12:51:33 +01:00
Jason Streifling	600044c621	Cleaned up templates	2024-03-28 08:41:38 +01:00
Jason Streifling	77a90cb4f1	Fixed bug not showing correct issue in RSS feed	2024-03-28 07:41:11 +01:00
Jason Streifling	34e9e9edd5	Fixed bug in publishing issue	2024-03-28 07:34:36 +01:00
Jason Streifling	4d1faf3d4a	Add ability to update tags when resubmitting article	2024-03-28 07:29:49 +01:00
Jason Streifling	78addbd8e3	Incorporated issues	2024-03-28 07:00:37 +01:00
Jason Streifling	304d3aa2e0	Corrected copyright	2024-03-28 06:59:39 +01:00
Jason Streifling	f44291e278	Disabled option to do transaction from view	2024-03-28 06:58:59 +01:00
Jason Streifling	3be16781e7	Added copyright	2024-03-17 15:29:12 +01:00
Jason Streifling	4fffc1c696	Set pubDate to published time and date	2024-03-17 09:41:09 +01:00
Jason Streifling	ceab7281e9	Now everyone only sees their own rejected articles	2024-03-17 09:15:37 +01:00
Jason Streifling	450dd79e51	Added ability to view tags when rejecting and change tags when reworking articles	2024-03-17 08:46:49 +01:00
Jason Streifling	c45df4bf1a	Implemented retry logic on all transactions	2024-03-15 18:37:24 +01:00
Jason Streifling	6d3a28a6ce	Implement retry logic for UpdateAttributes	2024-03-15 15:18:02 +01:00
Jason Streifling	3d3fb3c826	Added logout	2024-03-12 20:27:39 +01:00
Jason Streifling	f52674b179	Fixed dumb routing mistake	2024-03-12 19:56:22 +01:00
Jason Streifling	697939a17a	Added ability to edit user info	2024-03-11 21:08:27 +01:00
Jason Streifling	f10220f936	Added ability to reject and rework article	2024-03-10 15:03:46 +01:00
Jason Streifling	a1a6b6c29f	Split up db.go into multiple files	2024-03-09 11:06:03 +01:00
Jason Streifling	42596756de	Also missed rss.go	2024-03-09 10:27:55 +01:00
Jason Streifling	8530c76f2d	Missed main when converting to MVC	2024-03-09 10:27:04 +01:00
Jason Streifling	c6b2a17220	Changed everything to MVC	2024-03-09 10:25:20 +01:00
Jason Streifling	88e0d5086c	Converted RSS feed to be DB based	2024-03-09 10:12:46 +01:00
Jason Streifling	fa5f189cda	Reachieve basic functionality	2024-03-07 20:11:28 +01:00
Jason Streifling	4d65be195b	Articles and tags are now inserted into DB correctly	2024-03-07 15:31:00 +01:00
Jason Streifling	582f25bec7	Converted articles and tags to DB base	2024-03-06 20:53:17 +01:00
Jason Streifling	052d36b01b	Handle rollbackError with log.Fatalf()	2024-03-06 16:58:41 +01:00
Jason Streifling	ea45da66b7	Corrected transaction for ChangePassword()	2024-03-06 16:51:08 +01:00
Jason Streifling	3822a3f30e	Use transaction when necessary	2024-03-06 15:37:59 +01:00
Jason Streifling	f1abb9d353	Load ArticleList, Taglist and *Channel correctly	2024-03-06 15:37:42 +01:00
Jason Streifling	6baaec5b33	Moved main.go into cmd	2024-03-05 18:26:50 +01:00
Jason Streifling	4aa4fff5e8	Added Tags to RSS feed as categories	2024-03-05 18:20:34 +01:00
Jason Streifling	a9c61c5a11	Converted RSS package to git.streifling.com/jason/rss	2024-03-05 17:13:59 +01:00
Jason Streifling	dd50c4f385	A bit of cleaning up	2024-03-05 16:38:18 +01:00