Merge branch 'devel'

Use directories that require administrative privileges
Create $EXTRACTION_PATH
2024-08-18 17:31:00 +02:00 · 2024-08-18 17:30:43 +02:00 · 2024-08-18 17:10:10 +02:00 · 2024-08-18 17:06:49 +02:00 · 2024-08-18 17:03:31 +02:00 · 2024-08-18 16:59:49 +02:00
61 changed files with 3650 additions and 934 deletions
--- a/.air.toml
+++ b/.air.toml
@ -0,0 +1,55 @@
+root = "."
+testdata_dir = "testdata"
+tmp_dir = "tmp"
+
+[build]
+args_bin = [
+    "-desc 'Freiheit, Gleichheit, Brüderlichkeit, Toleranz und Humanität'",
+    "-domain localhost",
+    "-key tmp/key.gob",
+    "-link https://distrikt-ni-st.de",
+    "-log tmp/cpolis.log",
+    "-pdfs tmp/pdfs",
+    "-pics tmp/pics",
+    "-rss tmp/orientexpress_alle.rss",
+    "-title 'Freimaurer Distrikt Niedersachsen und Sachsen-Anhalt'",
+    "-web web",
+]
+bin = "./tmp/main"
+cmd = "go build -o ./tmp/main ./cmd/main.go"
+delay = 0
+exclude_dir = ["assets", "tmp", "vendor", "testdata"]
+exclude_file = []
+exclude_regex = ["_test.go"]
+exclude_unchanged = false
+follow_symlink = false
+full_bin = ""
+include_dir = []
+include_ext = ["go", "tpl", "tmpl", "html", "css"]
+include_file = []
+kill_delay = "0s"
+log = "build-errors.log"
+poll = false
+poll_interval = 0
+rerun = false
+rerun_delay = 500
+send_interrupt = false
+stop_on_error = false
+
+[color]
+app = ""
+build = "yellow"
+main = "magenta"
+runner = "green"
+watcher = "cyan"
+
+[log]
+main_only = false
+time = false
+
+[misc]
+clean_on_exit = false
+
+[screen]
+clear_on_rebuild = false
+keep_scroll = true
--- a/.gitignore
+++ b/.gitignore
@ -23,3 +23,4 @@ go.work

 # Custom stuff
 tmp/
+style.css
--- a/4
+++ b/4
@ -209,7 +209,7 @@ If you develop a new program, and you want it to be of the greatest possible use
 To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively state the exclusion of warranty; and each file should have at least the “copyright” line and a pointer to where the full notice is found.

     cpolis
-     Copyright (C) 2024  jason
+     Copyright (C) 2024  Jason Streifling

     This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

@ -221,7 +221,7 @@ Also add information on how to contact you by electronic and paper mail.

 If the program does terminal interaction, make it output a short notice like this when it starts in an interactive mode:

-     cpolis  Copyright (C) 2024  jason
+     cpolis  Copyright (C) 2024  Jason Streifling
     This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
     This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details.

--- a/README.md
+++ b/README.md
@ -1,3 +1,18 @@
 # cpolis

-cpolis is an application written in Go to serve as the backend of the Orient Express magazine.
+cpolis is an application written in Go to serve as the backend of the Orient
+Express magazine.
+
+## Installation
+
+You should have the following packages installed:
+
+- Go >= 1.22
+- MariaDB
+
+Enable and start the MariaDB service.
+
+    sudo systemctl enable --now mariadb.service
+
+Set up a dedicated MariaDB user for cpolis.
+
--- a/cmd/backend/articles.go
+++ b/cmd/backend/articles.go
@ -0,0 +1,258 @@
+package backend
+
+import (
+	"context"
+	"database/sql"
+	"fmt"
+	"log"
+	"time"
+)
+
+type Article struct {
+	Title       string
+	Created     time.Time
+	Description string
+	Content     string
+	Published   bool
+	Rejected    bool
+	ID          int64
+	AuthorID    int64
+	IssueID     int64
+}
+
+func (db *DB) AddArticle(a *Article) (int64, error) {
+	var id int64
+	txOptions := &sql.TxOptions{Isolation: sql.LevelSerializable}
+	selectQuery := "SELECT id FROM issues WHERE published = false"
+	insertQuery := `
+    INSERT INTO articles
+        (title, description, content, published, rejected, author_id, issue_id)
+    VALUES (?, ?, ?, ?, ?, ?, ?)
+    `
+
+	for i := 0; i < TxMaxRetries; i++ {
+		id, err := func() (int64, error) {
+			tx, err := db.BeginTx(context.Background(), txOptions)
+			if err != nil {
+				return 0, fmt.Errorf("error starting transaction: %v", err)
+			}
+
+			if err = tx.QueryRow(selectQuery).Scan(&id); err != nil {
+				if rollbackErr := tx.Rollback(); rollbackErr != nil {
+					log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+				}
+				return 0, fmt.Errorf("error getting issue ID when adding article to DB: %v", err)
+			}
+
+			result, err := tx.Exec(insertQuery, a.Title, a.Description,
+				a.Content, a.Published, a.Rejected, a.AuthorID, id)
+			if err != nil {
+				if rollbackErr := tx.Rollback(); rollbackErr != nil {
+					log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+				}
+				return 0, fmt.Errorf("error inserting article into DB: %v", err)
+			}
+
+			id, err := result.LastInsertId()
+			if err != nil {
+				if rollbackErr := tx.Rollback(); rollbackErr != nil {
+					log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+				}
+				return 0, fmt.Errorf("error retrieving ID of added article: %v", err)
+			}
+
+			if err = tx.Commit(); err != nil {
+				return 0, fmt.Errorf("error committing transaction when adding article to DB: %v", err)
+			}
+			return id, nil
+		}()
+		if err == nil {
+			return id, nil
+		}
+
+		log.Println(err)
+		wait(i)
+	}
+
+	return 0, fmt.Errorf("error: %v unsuccessful retries for DB operation, aborting", TxMaxRetries)
+}
+
+func (db *DB) GetArticle(id int64) (*Article, error) {
+	query := `
+    SELECT title, created, description, content, published, author_id
+    FROM articles
+    WHERE id = ?
+    `
+	row := db.QueryRow(query, id)
+
+	article := new(Article)
+	var created []byte
+	var err error
+
+	if err := row.Scan(&article.Title, &created, &article.Description,
+		&article.Content, &article.Published, &article.AuthorID); err != nil {
+		return nil, fmt.Errorf("error scanning article row: %v", err)
+	}
+
+	article.ID = id
+	article.Created, err = time.Parse("2006-01-02 15:04:05", string(created))
+	if err != nil {
+		return nil, fmt.Errorf("error parsing created: %v", err)
+	}
+
+	return article, nil
+}
+
+func (db *DB) GetCertainArticles(published, rejected bool) ([]*Article, error) {
+	query := `
+    SELECT id, title, created, description, content, author_id, issue_id
+    FROM articles
+    WHERE published = ?
+    AND rejected = ?
+    `
+	rows, err := db.Query(query, published, rejected)
+	if err != nil {
+		return nil, fmt.Errorf("error querying articles: %v", err)
+	}
+
+	articleList := make([]*Article, 0)
+	for rows.Next() {
+		article := new(Article)
+		var created []byte
+
+		if err = rows.Scan(&article.ID, &article.Title, &created,
+			&article.Description, &article.Content, &article.AuthorID,
+			&article.IssueID); err != nil {
+			return nil, fmt.Errorf("error scanning article row: %v", err)
+		}
+
+		article.Published = false
+		article.Created, err = time.Parse("2006-01-02 15:04:05", string(created))
+		if err != nil {
+			return nil, fmt.Errorf("error parsing created: %v", err)
+		}
+
+		articleList = append(articleList, article)
+	}
+
+	return articleList, nil
+}
+
+func (db *DB) GetCurrentIssueArticles() ([]*Article, error) {
+	var issueID int64
+	txOptions := &sql.TxOptions{Isolation: sql.LevelSerializable}
+	issueQuery := "SELECT id FROM issues WHERE published = false"
+	articlesQuery := `
+    SELECT id, title, created, description, content, author_id
+    FROM articles
+    WHERE issue_id = ? AND published = true
+    `
+
+	for i := 0; i < TxMaxRetries; i++ {
+		id, err := func() ([]*Article, error) {
+			tx, err := db.BeginTx(context.Background(), txOptions)
+			if err != nil {
+				return nil, fmt.Errorf("error starting transaction: %v", err)
+			}
+
+			row := tx.QueryRow(issueQuery)
+			if err := row.Scan(&issueID); err != nil {
+				if rollbackErr := tx.Rollback(); rollbackErr != nil {
+					log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+				}
+				return nil, fmt.Errorf("error querying DB for unpublished issue: %v", err)
+			}
+
+			rows, err := tx.Query(articlesQuery, issueID)
+			if err != nil {
+				if rollbackErr := tx.Rollback(); rollbackErr != nil {
+					log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+				}
+				return nil, fmt.Errorf("error querying DB for articles of issue %v: %v", issueID, err)
+			}
+
+			articleList := make([]*Article, 0)
+			for rows.Next() {
+				article := new(Article)
+				var created []byte
+
+				if err = rows.Scan(&article.ID, &article.Title, &created,
+					&article.Description, &article.Content, &article.AuthorID); err != nil {
+					if rollbackErr := tx.Rollback(); rollbackErr != nil {
+						log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+					}
+					return nil, fmt.Errorf("error scanning article from issue %v: %v", issueID, err)
+				}
+
+				article.Created, err = time.Parse("2006-01-02 15:04:05", string(created))
+				if err != nil {
+					if rollbackErr := tx.Rollback(); rollbackErr != nil {
+						log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+					}
+					return nil, fmt.Errorf("error parsing created: %v", err)
+				}
+
+				articleList = append(articleList, article)
+			}
+
+			if err = tx.Commit(); err != nil {
+				return nil, fmt.Errorf("error committing transaction when getting articles of issue %v: %v", issueID, err)
+			}
+
+			return articleList, nil
+		}()
+		if err == nil {
+			return id, nil
+		}
+
+		log.Println(err)
+		wait(i)
+	}
+
+	return nil, fmt.Errorf("error: %v unsuccessful retries for DB operation, aborting", TxMaxRetries)
+}
+
+func (db *DB) AddArticleToCurrentIssue(id int64) error {
+	var issueID int64
+	txOptions := &sql.TxOptions{Isolation: sql.LevelSerializable}
+	selectQuery := "SELECT id FROM issues WHERE published = false"
+	updateQuery := "UPDATE articles SET issue_id = ? WHERE id = ?"
+
+	for i := 0; i < TxMaxRetries; i++ {
+		err := func() error {
+			tx, err := db.BeginTx(context.Background(), txOptions)
+			if err != nil {
+				return fmt.Errorf("error starting transaction: %v", err)
+			}
+
+			if err = tx.QueryRow(selectQuery).Scan(&issueID); err != nil {
+				if rollbackErr := tx.Rollback(); rollbackErr != nil {
+					log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+				}
+				return fmt.Errorf("error scanning row: %v", err)
+			}
+
+			_, err = db.Exec(updateQuery, issueID, id)
+			if err != nil {
+				if rollbackErr := tx.Rollback(); rollbackErr != nil {
+					log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+				}
+				return fmt.Errorf("error updating issueID for article: %v", err)
+			}
+
+			if err = tx.Commit(); err != nil {
+				return fmt.Errorf("error committing transaction when getting articles of issue %v: %v", issueID, err)
+			}
+
+			return nil
+		}()
+		if err == nil {
+			return nil
+		}
+
+		log.Println(err)
+		wait(i)
+	}
+
+	return fmt.Errorf("error: %v unsuccessful retries for DB operation, aborting", TxMaxRetries)
+}
--- a/cmd/backend/articles_tags.go
+++ b/cmd/backend/articles_tags.go
@ -0,0 +1,107 @@
+package backend
+
+import (
+	"fmt"
+	"log"
+)
+
+func (db *DB) WriteArticleTags(articleID int64, tagIDs []int64) error {
+	query := "INSERT INTO articles_tags (article_id, tag_id) VALUES (?, ?)"
+
+	for i := 0; i < TxMaxRetries; i++ {
+		err := func() error {
+			tx, err := db.Begin()
+			if err != nil {
+				return fmt.Errorf("error starting transaction: %v", err)
+			}
+
+			for _, tagID := range tagIDs {
+				if _, err := tx.Exec(query, articleID, tagID); err != nil {
+					if rollbackErr := tx.Rollback(); rollbackErr != nil {
+						log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+					}
+					return fmt.Errorf("error inserting into articles_tags: %v", err)
+				}
+			}
+
+			if err = tx.Commit(); err != nil {
+				return fmt.Errorf("error committing transaction: %v", err)
+			}
+			return nil
+		}()
+		if err == nil {
+			return nil
+		}
+
+		log.Println(err)
+		wait(i)
+	}
+	return fmt.Errorf("error: %v unsuccessful retries for DB operation, aborting", TxMaxRetries)
+}
+
+func (db *DB) GetArticleTags(articleID int64) ([]*Tag, error) {
+	query := `
+    SELECT t.id, t.name
+    FROM articles a
+    INNER JOIN articles_tags at ON a.id = at.article_id
+    INNER JOIN tags t ON at.tag_id = t.id
+    WHERE a.id = ?
+    `
+	rows, err := db.Query(query, articleID)
+	if err != nil {
+		return nil, fmt.Errorf("error querying articles_tags: %v", err)
+	}
+
+	tags := make([]*Tag, 0)
+	for rows.Next() {
+		tag := new(Tag)
+		if err = rows.Scan(&tag.ID, &tag.Name); err != nil {
+			return nil, fmt.Errorf("error scanning rows: %v", err)
+		}
+		tags = append(tags, tag)
+	}
+
+	return tags, nil
+}
+
+func (db *DB) UpdateArticleTags(articleID int64, tagIDs []int64) error {
+	deleteQuery := "DELETE FROM articles_tags WHERE article_id = ?"
+	insertQuery := "INSERT INTO articles_tags (article_id, tag_id) VALUES (?, ?)"
+
+	for i := 0; i < TxMaxRetries; i++ {
+		err := func() error {
+			tx, err := db.Begin()
+			if err != nil {
+				return fmt.Errorf("error starting transaction: %v", err)
+			}
+
+			if _, err := tx.Exec(deleteQuery, articleID); err != nil {
+				if rollbackErr := tx.Rollback(); rollbackErr != nil {
+					log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+				}
+				return fmt.Errorf("error deleting entries from articles_tags before inserting new ones: %v", err)
+			}
+
+			for _, tagID := range tagIDs {
+				if _, err := tx.Exec(insertQuery, articleID, tagID); err != nil {
+					if rollbackErr := tx.Rollback(); rollbackErr != nil {
+						log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+					}
+					return fmt.Errorf("error inserting new entries into articles_tags: %v", err)
+				}
+			}
+
+			if err = tx.Commit(); err != nil {
+				return fmt.Errorf("error committing transaction: %v", err)
+			}
+			return nil
+		}()
+		if err == nil {
+			return nil
+		}
+
+		log.Println(err)
+		wait(i)
+	}
+	return fmt.Errorf("error: %v unsuccessful retries for DB operation, aborting", TxMaxRetries)
+}
--- a/cmd/backend/config.go
+++ b/cmd/backend/config.go
@ -0,0 +1,139 @@
+package backend
+
+import (
+	"flag"
+	"fmt"
+	"os"
+	"path/filepath"
+	"strings"
+
+	"github.com/BurntSushi/toml"
+)
+
+type Config struct {
+	DBName      string
+	Description string
+	Domain      string
+	KeyFile     string
+	Link        string
+	LogFile     string
+	PDFDir      string
+	PicsDir     string
+	Port        string
+	RSSFile     string
+	Title       string
+	WebDir      string
+}
+
+func newConfig() *Config {
+	return &Config{
+		DBName:  "cpolis",
+		KeyFile: "/var/www/cpolis/cpolis.key",
+		LogFile: "/var/log/cpolis.log",
+		PDFDir:  "/var/www/cpolis/pdfs",
+		PicsDir: "/var/www/cpolis/pics",
+		RSSFile: "/var/www/cpolis/cpolis.rss",
+		WebDir:  "/var/www/cpolis/web",
+	}
+}
+
+func (c *Config) readFile() error {
+	cfgFile, err := filepath.Abs(os.Getenv("HOME") + "/.config/cpolis/config.toml")
+	if err != nil {
+		return fmt.Errorf("error getting absolute path for config file: %v", err)
+	}
+
+	_, err = os.Stat(cfgFile)
+	if os.IsNotExist(err) {
+		fileStrings := strings.Split(cfgFile, "/")
+
+		dir := strings.Join(fileStrings[0:len(fileStrings)-1], "/")
+		if err = os.MkdirAll(dir, 0755); err != nil {
+			return fmt.Errorf("error creating config directory: %v", err)
+		}
+
+		fileName := fileStrings[len(fileStrings)-1]
+		file, err := os.Create(dir + "/" + fileName)
+		if err != nil {
+			return fmt.Errorf("error creating config file: %v", err)
+		}
+		defer file.Close()
+		if err = file.Chmod(0644); err != nil {
+			return fmt.Errorf("error setting permissions for config file: %v", err)
+		}
+	} else {
+		_, err = toml.DecodeFile(cfgFile, c)
+		if err != nil {
+			return fmt.Errorf("error reading config file: %v", err)
+		}
+	}
+
+	return nil
+}
+
+func (c *Config) handleCliArgs() error {
+	var err error
+	port := 8080
+
+	flag.StringVar(&c.DBName, "db", c.DBName, "DB name")
+	flag.StringVar(&c.Description, "desc", c.Description, "Channel description")
+	flag.StringVar(&c.Domain, "domain", c.Domain, "domain name")
+	flag.StringVar(&c.KeyFile, "key", c.KeyFile, "key file")
+	flag.StringVar(&c.Link, "link", c.Link, "Channel Link")
+	flag.StringVar(&c.LogFile, "log", c.LogFile, "log file")
+	flag.StringVar(&c.PDFDir, "pdfs", c.PDFDir, "pdf directory")
+	flag.StringVar(&c.PicsDir, "pics", c.PicsDir, "pictures directory")
+	flag.StringVar(&c.RSSFile, "rss", c.RSSFile, "RSS file")
+	flag.StringVar(&c.Title, "title", c.Title, "Channel title")
+	flag.StringVar(&c.WebDir, "web", c.WebDir, "web directory")
+	flag.IntVar(&port, "port", port, "port")
+	flag.Parse()
+
+	c.KeyFile, err = filepath.Abs(c.KeyFile)
+	if err != nil {
+		return fmt.Errorf("error finding absolute path for key file: %v", err)
+	}
+
+	c.LogFile, err = filepath.Abs(c.LogFile)
+	if err != nil {
+		return fmt.Errorf("error finding absolute path for log file: %v", err)
+	}
+
+	c.PDFDir, err = filepath.Abs(c.PDFDir)
+	if err != nil {
+		return fmt.Errorf("error finding absolute path for pdfs dir: %v", err)
+	}
+
+	c.PicsDir, err = filepath.Abs(c.PicsDir)
+	if err != nil {
+		return fmt.Errorf("error finding absolute path for pics dir: %v", err)
+	}
+
+	c.Port = fmt.Sprint(":", port)
+
+	c.RSSFile, err = filepath.Abs(c.RSSFile)
+	if err != nil {
+		return fmt.Errorf("error finding absolute path for RSS file: %v", err)
+	}
+
+	c.WebDir, err = filepath.Abs(c.WebDir)
+	if err != nil {
+		return fmt.Errorf("error finding absolute path for web dir: %v", err)
+	}
+
+	return nil
+}
+
+func HandleConfig() (*Config, error) {
+	config := newConfig()
+
+	if err := config.readFile(); err != nil {
+		return nil, fmt.Errorf("error reading config file: %v", err)
+	}
+
+	if err := config.handleCliArgs(); err != nil {
+		return nil, fmt.Errorf("error handling cli arguments: %v", err)
+	}
+
+	return config, nil
+}
--- a/cmd/backend/db.go
+++ b/cmd/backend/db.go
@ -0,0 +1,167 @@
+package backend
+
+import (
+	"bufio"
+	"database/sql"
+	"fmt"
+	"log"
+	"math"
+	"math/rand/v2"
+	"os"
+	"strings"
+	"syscall"
+	"time"
+
+	"github.com/go-sql-driver/mysql"
+	"golang.org/x/term"
+)
+
+var TxMaxRetries = 5
+
+type (
+	DB struct{ *sql.DB }
+	Tx struct{ *sql.Tx }
+
+	Attribute struct {
+		Value   any
+		Table   string
+		AttName string
+		ID      int64
+	}
+)
+
+func getUsername() (string, error) {
+	user := os.Getenv("DB_USER")
+	if user == "" {
+		var err error
+		fmt.Printf("DB Benutzer: ")
+		user, err = bufio.NewReader(os.Stdin).ReadString('\n')
+		if err != nil {
+			return "", fmt.Errorf("error reading username: %v", err)
+		}
+	}
+	return strings.TrimSpace(user), nil
+}
+
+func getPassword() (string, error) {
+	pass := os.Getenv("DB_PASS")
+	if pass == "" {
+		fmt.Printf("DB Passwort: ")
+		bytePass, err := term.ReadPassword(int(syscall.Stdin))
+		if err != nil {
+			return "", fmt.Errorf("error reading password: %v", err)
+		}
+		fmt.Println()
+		pass = strings.TrimSpace(string(bytePass))
+	}
+	return pass, nil
+}
+
+func getCredentials() (string, string, error) {
+	user, err := getUsername()
+	if err != nil {
+		return "", "", fmt.Errorf("error getting username: %v", err)
+	}
+
+	pass, err := getPassword()
+	if err != nil {
+		return "", "", fmt.Errorf("error getting password: %v", err)
+	}
+
+	return user, pass, nil
+}
+
+func wait(iteration int) {
+	waitTime := time.Duration(math.Pow(2, float64(iteration))) * 100 * time.Millisecond
+	jitter := time.Duration(rand.IntN(int(waitTime)/2)) * time.Millisecond
+	time.Sleep(waitTime + jitter)
+}
+
+func OpenDB(dbName string) (*DB, error) {
+	var err error
+	db := DB{DB: new(sql.DB)}
+
+	cfg := mysql.NewConfig()
+	cfg.DBName = dbName
+	cfg.User, cfg.Passwd, err = getCredentials()
+	if err != nil {
+		return nil, fmt.Errorf("error reading user credentials for DB: %v", err)
+	}
+
+	db.DB, err = sql.Open("mysql", cfg.FormatDSN())
+	if err != nil {
+		return nil, fmt.Errorf("error opening DB: %v", err)
+	}
+	if err = db.Ping(); err != nil {
+		return nil, fmt.Errorf("error pinging DB: %v", err)
+	}
+
+	return &db, nil
+}
+
+func (db *DB) UpdateAttributes(a ...*Attribute) error {
+	for i := 0; i < TxMaxRetries; i++ {
+		err := func() error {
+			tx, err := db.Begin()
+			if err != nil {
+				return fmt.Errorf("error starting transaction: %v", err)
+			}
+
+			for _, attribute := range a {
+				query := fmt.Sprintf(`
+                    UPDATE %s
+                    SET %s = ?
+                    WHERE id = ?
+                    `, attribute.Table, attribute.AttName)
+				if _, err := tx.Exec(query, attribute.Value, attribute.ID); err != nil {
+					if rollbackErr := tx.Rollback(); rollbackErr != nil {
+						log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+					}
+					return fmt.Errorf("error updating %v in DB: %v", attribute.AttName, err)
+				}
+			}
+
+			if err = tx.Commit(); err != nil {
+				return fmt.Errorf("error committing transaction: %v", err)
+			}
+			return nil
+		}()
+		if err == nil {
+			return nil
+		}
+
+		log.Println(err)
+		wait(i)
+	}
+	return fmt.Errorf("error: %v unsuccessful retries for DB operation, aborting", TxMaxRetries)
+}
+
+func (db *DB) CountEntries(table string) (int64, error) {
+	var count int64
+
+	query := fmt.Sprintf("SELECT COUNT(*) FROM %s", table)
+	row := db.QueryRow(query)
+	if err := row.Scan(&count); err != nil {
+		return 0, fmt.Errorf("error counting rows in user DB: %v", err)
+	}
+
+	return count, nil
+}
+
+func (tx *Tx) UpdateAttributes(a ...*Attribute) error {
+	for _, attribute := range a {
+		query := fmt.Sprintf(`
+            UPDATE %s
+            SET %s = ?
+            WHERE id = ?
+            `, attribute.Table, attribute.AttName)
+		if _, err := tx.Exec(query, attribute.Value, attribute.ID); err != nil {
+			if rollbackErr := tx.Rollback(); rollbackErr != nil {
+				log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+			}
+			return fmt.Errorf("error updating %v in DB: %v", attribute.AttName, err)
+		}
+	}
+
+	return nil
+}
--- a/cmd/backend/firebase.go
+++ b/cmd/backend/firebase.go
@ -0,0 +1,44 @@
+package backend
+
+import (
+	"context"
+
+	firebase "firebase.google.com/go/v4"
+	"firebase.google.com/go/v4/auth"
+	"google.golang.org/api/option"
+)
+
+type Client struct {
+	*auth.Client
+}
+
+func NewClient() (*Client, error) {
+	var err error
+	client := new(Client)
+
+	ctx := context.Background()
+	opt := option.WithCredentialsFile("path/to/serviceAccountKey.json")
+
+	app, err := firebase.NewApp(ctx, nil, opt)
+	if err != nil {
+		return nil, err
+	}
+
+	client.Client, err = app.Auth(ctx)
+	if err != nil {
+		return nil, err
+	}
+
+	return client, nil
+}
+
+func (c *Client) Verify(idToken string) (*auth.Token, error) {
+	ctx := context.Background()
+
+	token, err := c.VerifyIDTokenAndCheckRevoked(ctx, idToken)
+	if err != nil {
+		return nil, err
+	}
+
+	return token, nil
+}
--- a/cmd/backend/issues.go
+++ b/cmd/backend/issues.go
@ -0,0 +1,65 @@
+package backend
+
+import (
+	"context"
+	"database/sql"
+	"fmt"
+	"log"
+)
+
+func (db *DB) AddIssue() (int64, error) {
+	query := "INSERT INTO issues (published) VALUES (?)"
+	result, err := db.Exec(query, false)
+	if err != nil {
+		return 0, fmt.Errorf("error inserting issue into DB: %v", err)
+	}
+
+	id, err := result.LastInsertId()
+	if err != nil {
+		return 0, fmt.Errorf("error getting ID of added issue: %v", err)
+	}
+
+	return id, nil
+}
+
+func (db *DB) PublishLatestIssue() error {
+	txOptions := &sql.TxOptions{Isolation: sql.LevelSerializable}
+	updateQuery := "UPDATE issues SET published = true WHERE published = false"
+	insertQuery := "INSERT INTO issues (published) VALUES (?)"
+
+	for i := 0; i < TxMaxRetries; i++ {
+		err := func() error {
+			tx, err := db.BeginTx(context.Background(), txOptions)
+			if err != nil {
+				return fmt.Errorf("error starting transaction: %v", err)
+			}
+
+			if _, err := tx.Exec(updateQuery); err != nil {
+				if rollbackErr := tx.Rollback(); rollbackErr != nil {
+					log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+				}
+				return fmt.Errorf("error publishing issue: %v", err)
+			}
+
+			if _, err := tx.Exec(insertQuery, false); err != nil {
+				if rollbackErr := tx.Rollback(); rollbackErr != nil {
+					log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+				}
+				return fmt.Errorf("error inserting new issue into DB: %v", err)
+			}
+
+			if err = tx.Commit(); err != nil {
+				return fmt.Errorf("error committing transaction when publishing issue: %v", err)
+			}
+			return nil
+		}()
+		if err == nil {
+			return nil
+		}
+
+		log.Println(err)
+		wait(i)
+	}
+
+	return fmt.Errorf("error: %v unsuccessful retries for DB operation, aborting", TxMaxRetries)
+}
--- a/cmd/backend/markdown.go
+++ b/cmd/backend/markdown.go
@ -1,4 +1,4 @@
-package data
+package backend

 import (
 	"bytes"
--- a/cmd/backend/rss.go
+++ b/cmd/backend/rss.go
@ -0,0 +1,132 @@
+package backend
+
+import (
+	"fmt"
+	"io"
+	"os"
+	"time"
+
+	"git.streifling.com/jason/rss"
+)
+
+func GetChannel(db *DB, title, link, description string) (*rss.Channel, error) {
+	channel := &rss.Channel{
+		Title:       title,
+		Link:        link,
+		Description: description,
+		Items:       make([]*rss.Item, 0),
+	}
+
+	articles, err := db.GetCertainArticles(true, false)
+	if err != nil {
+		return nil, fmt.Errorf("error fetching published articles: %v", err)
+	}
+
+	for _, article := range articles {
+		tags, err := db.GetArticleTags(article.ID)
+		if err != nil {
+			return nil, fmt.Errorf("error fetching tags for article %v: %v", article.Title, err)
+		}
+		tagNames := make([]string, 0)
+		for _, tag := range tags {
+			tagNames = append(tagNames, tag.Name)
+		}
+
+		user, err := db.GetUser(article.AuthorID)
+		if err != nil {
+			return nil, fmt.Errorf("error finding user %v: %v", article.AuthorID, err)
+		}
+
+		channel.Items = append(channel.Items, &rss.Item{
+			Title:       article.Title,
+			Author:      user.FirstName + user.LastName,
+			PubDate:     article.Created.Format(time.RFC1123Z),
+			Description: article.Description,
+			Content:     &rss.Content{Value: article.Content},
+			Categories:  tagNames,
+		})
+	}
+
+	return channel, nil
+}
+
+func GenerateRSS(db *DB, title, link, desc string) (*string, error) {
+	channel := &rss.Channel{
+		Title:       title,
+		Link:        link,
+		Description: desc,
+		Items:       make([]*rss.Item, 0),
+	}
+
+	articles, err := db.GetCertainArticles(true, false)
+	if err != nil {
+		return nil, fmt.Errorf("error getting published articles for RSS feed: %v", err)
+	}
+
+	for _, article := range articles {
+		tags, err := db.GetArticleTags(article.ID)
+		if err != nil {
+			return nil, fmt.Errorf("error getting tags for articles for RSS feed: %v", err)
+		}
+		tagNames := make([]string, 0)
+		for _, tag := range tags {
+			tagNames = append(tagNames, tag.Name)
+		}
+		tagNames = append(tagNames, fmt.Sprint("Orient Express ", article.IssueID))
+
+		user, err := db.GetUser(article.AuthorID)
+		if err != nil {
+			return nil, fmt.Errorf("error getting user user info for RSS feed: %v", err)
+		}
+
+		articleTitle, err := ConvertToPlain(article.Title)
+		if err != nil {
+			return nil, fmt.Errorf("error converting title to plain text for RSS feed: %v", err)
+		}
+
+		articleDescription, err := ConvertToPlain(article.Description)
+		if err != nil {
+			return nil, fmt.Errorf("error converting description to plain text for RSS feed: %v", err)
+		}
+
+		articleContent, err := ConvertToHTML(article.Content)
+		if err != nil {
+			return nil, fmt.Errorf("error converting content to HTML for RSS feed: %v", err)
+		}
+
+		channel.Items = append(channel.Items, &rss.Item{
+			Title:       articleTitle,
+			Author:      user.FirstName + " " + user.LastName,
+			PubDate:     article.Created.Format(time.RFC1123Z),
+			Description: articleDescription,
+			Content:     &rss.Content{Value: articleContent},
+			Categories:  tagNames,
+		})
+	}
+
+	feed := rss.NewFeed()
+	feed.Channels = append(feed.Channels, channel)
+	rss, err := feed.ToXML("UTF-8")
+	if err != nil {
+		return nil, fmt.Errorf("error converting RSS feed to XML: %v", err)
+	}
+
+	return &rss, nil
+}
+
+func SaveRSS(filename string, feed *string) error {
+	file, err := os.Create(filename)
+	if err != nil {
+		return fmt.Errorf("error creating file for RSS feed: %v", err)
+	}
+	defer file.Close()
+	if err = file.Chmod(0644); err != nil {
+		return fmt.Errorf("error setting permissions for RSS file: %v", err)
+	}
+
+	if _, err = io.WriteString(file, *feed); err != nil {
+		return fmt.Errorf("error writing to RSS file: %v", err)
+	}
+
+	return nil
+}
--- a/cmd/backend/sessions.go
+++ b/cmd/backend/sessions.go
@ -1,4 +1,4 @@
-package data
+package backend

 import (
 	"crypto/rand"
@ -17,8 +17,7 @@ type CookieStore struct {
 func NewKey() ([]byte, error) {
 	key := make([]byte, 32)

-	_, err := io.ReadFull(rand.Reader, key)
-	if err != nil {
+	if _, err := io.ReadFull(rand.Reader, key); err != nil {
 		return nil, fmt.Errorf("error generating key: %v", err)
 	}

@ -33,9 +32,7 @@ func SaveKey(key []byte, filename string) error {
 	defer file.Close()
 	file.Chmod(0600)

-	encoder := gob.NewEncoder(file)
-	err = encoder.Encode(key)
-	if err != nil {
+	if err = gob.NewEncoder(file).Encode(key); err != nil {
 		return fmt.Errorf("error ecoding key: %v", err)
 	}

@ -49,9 +46,7 @@ func LoadKey(filename string) ([]byte, error) {
 	}

 	key := make([]byte, 32)
-	decoder := gob.NewDecoder(file)
-	err = decoder.Decode(&key)
-	if err != nil {
+	if err = gob.NewDecoder(file).Decode(&key); err != nil {
 		return nil, fmt.Errorf("error decoding key: %v", err)
 	}

--- a/cmd/backend/tags.go
+++ b/cmd/backend/tags.go
@ -0,0 +1,35 @@
+package backend
+
+import "fmt"
+
+type Tag struct {
+	Name string
+	ID   int64
+}
+
+func (db *DB) AddTag(tagName string) error {
+	query := "INSERT INTO tags (name) VALUES (?)"
+	if _, err := db.Exec(query, tagName); err != nil {
+		return fmt.Errorf("error inserting tag into DB: %v", err)
+	}
+	return nil
+}
+
+func (db *DB) GetTagList() ([]*Tag, error) {
+	query := "SELECT id, name FROM tags"
+	rows, err := db.Query(query)
+	if err != nil {
+		return nil, fmt.Errorf("error querying tags: %v", err)
+	}
+
+	tagList := make([]*Tag, 0)
+	for rows.Next() {
+		tag := new(Tag)
+		if err = rows.Scan(&tag.ID, &tag.Name); err != nil {
+			return nil, fmt.Errorf("error scanning tag row: %v", err)
+		}
+		tagList = append(tagList, tag)
+	}
+
+	return tagList, nil
+}
--- a/cmd/backend/users.go
+++ b/cmd/backend/users.go
@ -0,0 +1,380 @@
+package backend
+
+import (
+	"context"
+	"database/sql"
+	"fmt"
+	"log"
+
+	"golang.org/x/crypto/bcrypt"
+)
+
+const (
+	Admin = iota
+	Publisher
+	Editor
+	Author
+	NonExistent
+)
+
+type User struct {
+	UserName  string
+	FirstName string
+	LastName  string
+	ID        int64
+	Role      int
+}
+
+func (db *DB) AddUser(u *User, pass string) (int64, error) {
+	hashedPass, err := bcrypt.GenerateFromPassword([]byte(pass), bcrypt.DefaultCost)
+	if err != nil {
+		return 0, fmt.Errorf("error creating password hash: %v", err)
+	}
+
+	query := `
+    INSERT INTO users (username, password, first_name, last_name, role)
+    VALUES (?, ?, ?, ?, ?)
+    `
+	result, err := db.Exec(query, u.UserName, string(hashedPass), u.FirstName, u.LastName, u.Role)
+	if err != nil {
+		return 0, fmt.Errorf("error inserting new user %v into DB: %v", u.UserName, err)
+	}
+	id, err := result.LastInsertId()
+	if err != nil {
+		return 0, fmt.Errorf("error inserting user into DB: %v", err)
+	}
+
+	return id, nil
+}
+
+func (db *DB) GetID(userName string) (int64, bool) {
+	var id int64
+
+	query := `
+    SELECT id
+    FROM users
+    WHERE username = ?
+    `
+	row := db.QueryRow(query, userName)
+	if err := row.Scan(&id); err != nil {
+		return 0, false
+	}
+
+	return id, true
+}
+
+func (db *DB) CheckPassword(id int64, pass string) error {
+	var queriedPass string
+
+	query := `
+    SELECT password
+    FROM users
+    WHERE id = ?
+    `
+	row := db.QueryRow(query, id)
+	if err := row.Scan(&queriedPass); err != nil {
+		return fmt.Errorf("error reading password from DB: %v", err)
+	}
+
+	if err := bcrypt.CompareHashAndPassword([]byte(queriedPass), []byte(pass)); err != nil {
+		return fmt.Errorf("incorrect password: %v", err)
+	}
+
+	return nil
+}
+
+func (tx *Tx) ChangePassword(id int64, oldPass, newPass string) error {
+	var queriedPass string
+	getQuery := `
+    SELECT password
+    FROM users
+    WHERE id = ?
+    `
+	row := tx.QueryRow(getQuery, id)
+	if err := row.Scan(&queriedPass); err != nil {
+		if rollbackErr := tx.Rollback(); rollbackErr != nil {
+			log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+		}
+		return fmt.Errorf("error reading password from DB: %v", err)
+	}
+
+	if err := bcrypt.CompareHashAndPassword([]byte(queriedPass), []byte(oldPass)); err != nil {
+		if rollbackErr := tx.Rollback(); rollbackErr != nil {
+			log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+		}
+		return fmt.Errorf("incorrect password: %v", err)
+	}
+
+	newHashedPass, err := bcrypt.GenerateFromPassword([]byte(newPass), bcrypt.DefaultCost)
+	if err != nil {
+		if rollbackErr := tx.Rollback(); rollbackErr != nil {
+			log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+		}
+		return fmt.Errorf("error creating password hash: %v", err)
+	}
+
+	setQuery := `
+    UPDATE users
+    SET password = ?
+    WHERE id = ?
+    `
+	if _, err = tx.Exec(setQuery, string(newHashedPass), id); err != nil {
+		if rollbackErr := tx.Rollback(); rollbackErr != nil {
+			log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+		}
+		return fmt.Errorf("error updating password in DB: %v", err)
+	}
+
+	return nil
+}
+
+// TODO: No need for ID field in general
+func (db *DB) GetUser(id int64) (*User, error) {
+	user := new(User)
+	query := `
+    SELECT id, username, first_name, last_name, role
+    FROM users
+    WHERE id = ?
+    `
+
+	row := db.QueryRow(query, id)
+	if err := row.Scan(&user.ID, &user.UserName, &user.FirstName,
+		&user.LastName, &user.Role); err != nil {
+		return nil, fmt.Errorf("error reading user information: %v", err)
+	}
+
+	return user, nil
+}
+
+func (db *DB) UpdateOwnAttributes(id int64, user, first, last, oldPass, newPass, newPass2 string) error {
+	passwordEmpty := true
+	if len(newPass) > 0 || len(newPass2) > 0 {
+		if newPass != newPass2 {
+			return fmt.Errorf("error: passwords do not match")
+		}
+		passwordEmpty = false
+	}
+
+	tx := new(Tx)
+	var err error
+
+	for i := 0; i < TxMaxRetries; i++ {
+		err := func() error {
+			tx.Tx, err = db.Begin()
+			if err != nil {
+				return fmt.Errorf("error starting transaction: %v", err)
+			}
+
+			if !passwordEmpty {
+				if err = tx.ChangePassword(id, oldPass, newPass); err != nil {
+					if rollbackErr := tx.Rollback(); rollbackErr != nil {
+						log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+					}
+					return fmt.Errorf("error changing password: %v", err)
+				}
+			}
+
+			if err = tx.UpdateAttributes(
+				&Attribute{Table: "users", ID: id, AttName: "username", Value: user},
+				&Attribute{Table: "users", ID: id, AttName: "first_name", Value: first},
+				&Attribute{Table: "users", ID: id, AttName: "last_name", Value: last},
+			); err != nil {
+				if rollbackErr := tx.Rollback(); rollbackErr != nil {
+					log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+				}
+				return fmt.Errorf("error updating attributes in DB: %v", err)
+			}
+
+			if err = tx.Commit(); err != nil {
+				return fmt.Errorf("error committing transaction: %v", err)
+			}
+
+			return nil
+		}()
+		if err == nil {
+			return nil
+		}
+
+		log.Println(err)
+		wait(i)
+	}
+
+	return fmt.Errorf("error: %v unsuccessful retries for DB operation, aborting", TxMaxRetries)
+}
+
+func (db *DB) AddFirstUser(u *User, pass string) (int64, error) {
+	var numUsers int64
+	txOptions := &sql.TxOptions{Isolation: sql.LevelSerializable}
+	selectQuery := "SELECT COUNT(*) FROM users"
+	insertQuery := `
+    INSERT INTO users (username, password, first_name, last_name, role)
+    VALUES (?, ?, ?, ?, ?)
+    `
+
+	for i := 0; i < TxMaxRetries; i++ {
+		id, err := func() (int64, error) {
+			tx, err := db.BeginTx(context.Background(), txOptions)
+			if err != nil {
+				return 0, fmt.Errorf("error starting transaction: %v", err)
+			}
+
+			if err := tx.QueryRow(selectQuery).Scan(&numUsers); err != nil {
+				if rollbackErr := tx.Rollback(); rollbackErr != nil {
+					log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+				}
+				return 0, fmt.Errorf("error getting ID of %v: %v", u.UserName, err)
+			}
+			if numUsers != 0 {
+				if err = tx.Commit(); err != nil {
+					return 0, fmt.Errorf("error committing transaction: %v", err)
+				}
+				return 2, nil
+			}
+
+			hashedPass, err := bcrypt.GenerateFromPassword([]byte(pass), bcrypt.DefaultCost)
+			if err != nil {
+				if rollbackErr := tx.Rollback(); rollbackErr != nil {
+					log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+				}
+				return 0, fmt.Errorf("error creating password hash: %v", err)
+			}
+
+			result, err := tx.Exec(insertQuery, u.UserName, string(hashedPass), u.FirstName, u.LastName, u.Role)
+			if err != nil {
+				if rollbackErr := tx.Rollback(); rollbackErr != nil {
+					log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+				}
+				return 0, fmt.Errorf("error inserting new user %v into DB: %v", u.UserName, err)
+			}
+
+			id, err := result.LastInsertId()
+			if err != nil {
+				if rollbackErr := tx.Rollback(); rollbackErr != nil {
+					log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+				}
+				return 0, fmt.Errorf("error inserting user into DB: %v", err)
+			}
+
+			if err = tx.Commit(); err != nil {
+				return 0, fmt.Errorf("error committing transaction: %v", err)
+			}
+			return id, nil
+		}()
+		if err == nil {
+			return id, nil
+		}
+
+		log.Println(err)
+		wait(i)
+	}
+	return 0, fmt.Errorf("error: %v unsuccessful retries for DB operation, aborting", TxMaxRetries)
+}
+
+func (db *DB) GetAllUsers() (map[int64]*User, error) {
+	query := "SELECT id, username, first_name, last_name, role FROM users"
+
+	rows, err := db.Query(query)
+	if err != nil {
+		return nil, fmt.Errorf("error getting all users from DB: %v", err)
+	}
+
+	users := make(map[int64]*User, 0)
+	for rows.Next() {
+		user := new(User)
+		if err = rows.Scan(&user.ID, &user.UserName, &user.FirstName,
+			&user.LastName, &user.Role); err != nil {
+			return nil, fmt.Errorf("error getting user info: %v", err)
+		}
+		users[user.ID] = user
+	}
+
+	return users, nil
+}
+
+func (tx *Tx) SetPassword(id int64, newPass string) error {
+	hashedPass, err := bcrypt.GenerateFromPassword([]byte(newPass), bcrypt.DefaultCost)
+	if err != nil {
+		if rollbackErr := tx.Rollback(); rollbackErr != nil {
+			log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+		}
+		return fmt.Errorf("error creating password hash: %v", err)
+	}
+
+	setQuery := "UPDATE users SET password = ? WHERE id = ?"
+	if _, err = tx.Exec(setQuery, string(hashedPass), id); err != nil {
+		if rollbackErr := tx.Rollback(); rollbackErr != nil {
+			log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+		}
+		return fmt.Errorf("error updating password in DB: %v", err)
+	}
+
+	return nil
+}
+
+func (db *DB) UpdateUserAttributes(id int64, user, first, last, newPass, newPass2 string, role int) error {
+	passwordEmpty := true
+	if len(newPass) > 0 || len(newPass2) > 0 {
+		if newPass != newPass2 {
+			return fmt.Errorf("error: passwords do not match")
+		}
+		passwordEmpty = false
+	}
+
+	tx := new(Tx)
+	var err error
+
+	for i := 0; i < TxMaxRetries; i++ {
+		err := func() error {
+			tx.Tx, err = db.Begin()
+			if err != nil {
+				return fmt.Errorf("error starting transaction: %v", err)
+			}
+
+			if !passwordEmpty {
+				if err = tx.SetPassword(id, newPass); err != nil {
+					if rollbackErr := tx.Rollback(); rollbackErr != nil {
+						log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+					}
+					return fmt.Errorf("error changing password: %v", err)
+				}
+			}
+
+			if err = tx.UpdateAttributes(
+				&Attribute{Table: "users", ID: id, AttName: "username", Value: user},
+				&Attribute{Table: "users", ID: id, AttName: "first_name", Value: first},
+				&Attribute{Table: "users", ID: id, AttName: "last_name", Value: last},
+				&Attribute{Table: "users", ID: id, AttName: "role", Value: role},
+			); err != nil {
+				if rollbackErr := tx.Rollback(); rollbackErr != nil {
+					log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+				}
+				return fmt.Errorf("error updating attributes in DB: %v", err)
+			}
+
+			if err = tx.Commit(); err != nil {
+				return fmt.Errorf("error committing transaction: %v", err)
+			}
+
+			return nil
+		}()
+		if err == nil {
+			return nil
+		}
+
+		log.Println(err)
+		wait(i)
+	}
+
+	return fmt.Errorf("error: %v unsuccessful retries for DB operation, aborting", TxMaxRetries)
+}
+
+func (db *DB) DeleteUser(id int64) error {
+	query := "DELETE FROM users WHERE id = ?"
+
+	_, err := db.Exec(query, id)
+	if err != nil {
+		return fmt.Errorf("error deleting user %v from DB: %v", id, err)
+	}
+
+	return nil
+}
--- a/cmd/calls/pdf.go
+++ b/cmd/calls/pdf.go
@ -0,0 +1,44 @@
+package calls
+
+import (
+	"encoding/json"
+	"fmt"
+	"log"
+	"net/http"
+	"os"
+
+	b "streifling.com/jason/cpolis/cmd/backend"
+)
+
+func ServePDFList(c *b.Config) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		if tokenIsVerified(w, r) {
+			files, err := os.ReadDir(c.PDFDir)
+			if err != nil {
+				log.Println(err)
+				http.Error(w, err.Error(), http.StatusInternalServerError)
+				return
+			}
+
+			fileNames := make([]string, 0)
+			for _, file := range files {
+				fileNames = append(fileNames, file.Name())
+			}
+
+			w.Header().Set("Content-Type", "application/json")
+			if err = json.NewEncoder(w).Encode(fileNames); err != nil {
+				log.Println(err)
+				http.Error(w, err.Error(), http.StatusInternalServerError)
+				return
+			}
+		}
+	}
+}
+
+func ServePDF(c *b.Config) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		if tokenIsVerified(w, r) {
+			http.ServeFile(w, r, fmt.Sprint(c.PDFDir, "/", r.PathValue("id")))
+		}
+	}
+}
--- a/cmd/calls/rss.go
+++ b/cmd/calls/rss.go
@ -0,0 +1,15 @@
+package calls
+
+import (
+	"net/http"
+
+	b "streifling.com/jason/cpolis/cmd/backend"
+)
+
+func ServeRSS(c *b.Config) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		if tokenIsVerified(w, r) {
+			http.ServeFile(w, r, c.RSSFile)
+		}
+	}
+}
--- a/cmd/calls/verification.go
+++ b/cmd/calls/verification.go
@ -0,0 +1,34 @@
+package calls
+
+import (
+	"log"
+	"net/http"
+
+	b "streifling.com/jason/cpolis/cmd/backend"
+)
+
+// tokenIsVerified verifies that a request is authorized. It returns a bool.
+func tokenIsVerified(w http.ResponseWriter, r *http.Request) bool {
+	idToken := r.Header.Get("Authorization")
+	if idToken == "" {
+		log.Println("Authorization header missing")
+		http.Error(w, "Authorization header missing", http.StatusUnauthorized)
+		return false
+	}
+
+	client, err := b.NewClient()
+	if err != nil {
+		log.Println(err)
+		http.Error(w, err.Error(), http.StatusInternalServerError)
+		return false
+	}
+
+	_, err = client.Verify(idToken)
+	if err != nil {
+		log.Println(err)
+		http.Error(w, err.Error(), http.StatusUnauthorized)
+		return false
+	}
+
+	return true
+}
--- a/cmd/data/articles.go
+++ b/cmd/data/articles.go
@ -1,89 +0,0 @@
-package data
-
-import (
-	"sync"
-	"time"
-
-	"github.com/google/uuid"
-)
-
-type Article struct {
-	Title    string
-	Author   string
-	Created  time.Time
-	Desc     string
-	Content  string
-	Tags     []string
-	UUID     uuid.UUID
-	AuthorID int64
-}
-
-type ArticleList struct {
-	addCh chan *Article
-	delCh chan uuid.UUID
-	retCh chan *Article
-	getCh chan []Article
-	list  []*Article
-	wg    sync.WaitGroup
-}
-
-func minArticleList() *ArticleList {
-	return &ArticleList{
-		addCh: make(chan *Article),
-		delCh: make(chan uuid.UUID),
-		retCh: make(chan *Article),
-		getCh: make(chan []Article),
-	}
-}
-
-func (l *ArticleList) start() {
-	l.wg.Done()
-	for {
-		select {
-		case article := <-l.addCh:
-			l.list = append(l.list, article)
-		case uuid := <-l.delCh:
-			for i, article := range l.list {
-				if article.UUID == uuid {
-					l.list = append(l.list[:i], l.list[i+1:]...)
-					l.retCh <- article
-				}
-			}
-		case l.getCh <- func() []Article {
-			var list []Article
-			for _, article := range l.list {
-				list = append(list, *article)
-			}
-			return list
-		}():
-		}
-	}
-}
-
-func NewArticleList() *ArticleList {
-	list := minArticleList()
-	list.list = []*Article{}
-
-	list.wg.Add(1)
-	go list.start()
-	list.wg.Wait()
-
-	return list
-}
-
-func (l *ArticleList) Add(a *Article) {
-	l.addCh <- a
-}
-
-func (l *ArticleList) Release(uuid uuid.UUID) (*Article, bool) {
-	l.delCh <- uuid
-	article := <-l.retCh
-	if article == nil {
-		return nil, false
-	}
-	return article, true
-}
-
-func (l *ArticleList) Get() []Article {
-	return <-l.getCh
-}
--- a/cmd/data/db.go
+++ b/cmd/data/db.go
@ -1,143 +0,0 @@
-package data
-
-import (
-	"database/sql"
-	"fmt"
-
-	"github.com/go-sql-driver/mysql"
-	"golang.org/x/crypto/bcrypt"
-)
-
-type DB struct {
-	*sql.DB
-}
-
-func OpenDB(dbName string) (*DB, error) {
-	var err error
-	db := DB{DB: &sql.DB{}}
-
-	cfg := mysql.NewConfig()
-	cfg.DBName = dbName
-	cfg.User, cfg.Passwd, err = getCredentials()
-	if err != nil {
-		return nil, fmt.Errorf("error reading user credentials for DB: %v", err)
-	}
-
-	db.DB, err = sql.Open("mysql", cfg.FormatDSN())
-	if err != nil {
-		return nil, fmt.Errorf("error opening DB: %v", err)
-	}
-	if err = db.Ping(); err != nil {
-		return nil, fmt.Errorf("error pinging DB: %v", err)
-	}
-
-	return &db, nil
-}
-
-func (db *DB) AddUser(user User, pass string) error {
-	hashedPass, err := bcrypt.GenerateFromPassword([]byte(pass), bcrypt.DefaultCost)
-	if err != nil {
-		return fmt.Errorf("error creating password hash: %v", err)
-	}
-
-	query := `
-    INSERT INTO users
-        (username, password, first_name, last_name, role)
-    VALUES (?, ?, ?, ?, ?)
-    `
-	_, err = db.Exec(query, user.UserName, string(hashedPass), user.FirstName, user.LastName, user.Role)
-	if err != nil {
-		return fmt.Errorf("error inserting user into DB: %v", err)
-	}
-
-	return nil
-}
-
-func (db *DB) GetID(userName string) (int64, error) {
-	var id int64
-
-	query := `
-    SELECT id
-    FROM users
-    WHERE username = ?
-    `
-	row := db.QueryRow(query, userName)
-	if err := row.Scan(&id); err != nil {
-		return 0, fmt.Errorf("user not in DB: %v", err)
-	}
-
-	return id, nil
-}
-
-func (db *DB) CheckPassword(id int64, pass string) error {
-	var queriedPass string
-
-	query := `
-    SELECT password
-    FROM users
-    WHERE id = ?
-    `
-	row := db.QueryRow(query, id)
-	if err := row.Scan(&queriedPass); err != nil {
-		return fmt.Errorf("error reading password from DB: %v", err)
-	}
-
-	if err := bcrypt.CompareHashAndPassword([]byte(queriedPass), []byte(pass)); err != nil {
-		return fmt.Errorf("incorrect password: %v", err)
-	}
-
-	return nil
-}
-
-func (db *DB) ChangePassword(id int64, oldPass, newPass string) error {
-	if err := db.CheckPassword(id, oldPass); err != nil {
-		return fmt.Errorf("error checking password: %v", err)
-	}
-
-	newHashedPass, err := bcrypt.GenerateFromPassword([]byte(newPass), bcrypt.DefaultCost)
-	if err != nil {
-		return fmt.Errorf("error creating password hash: %v", err)
-	}
-
-	query := `
-    UPDATE users
-    SET password = ?
-    WHERE id = ?
-    `
-	_, err = db.Exec(query, string(newHashedPass), id)
-	if err != nil {
-		return fmt.Errorf("error updating password in DB: %v", err)
-	}
-
-	return nil
-}
-
-func (db *DB) CountEntries() (int64, error) {
-	var count int64
-
-	query := `SELECT COUNT(*) FROM users`
-	row := db.QueryRow(query)
-	if err := row.Scan(&count); err != nil {
-		return 0, fmt.Errorf("error counting rows in user DB: %v", err)
-	}
-
-	return count, nil
-}
-
-// TODO: No need for ID field in general
-func (db *DB) GetUser(id int64) (*User, error) {
-	user := new(User)
-	query := `
-    SELECT id, username, first_name, last_name, role
-    FROM users
-    WHERE id = ?
-    `
-
-	row := db.QueryRow(query, id)
-	if err := row.Scan(&user.ID, &user.UserName, &user.FirstName,
-		&user.LastName, &user.Role); err != nil {
-		return nil, fmt.Errorf("error reading user information: %v", err)
-	}
-
-	return user, nil
-}
--- a/cmd/data/helpers.go
+++ b/cmd/data/helpers.go
@ -1,52 +0,0 @@
-package data
-
-import (
-	"bufio"
-	"fmt"
-	"os"
-	"strings"
-	"syscall"
-
-	"golang.org/x/term"
-)
-
-func getUsername() (string, error) {
-	user := os.Getenv("DB_USER")
-	if user == "" {
-		var err error
-		fmt.Printf("DB Benutzer: ")
-		user, err = bufio.NewReader(os.Stdin).ReadString('\n')
-		if err != nil {
-			return "", fmt.Errorf("error reading username: %v", err)
-		}
-	}
-	return strings.TrimSpace(user), nil
-}
-
-func getPassword() (string, error) {
-	pass := os.Getenv("DB_PASS")
-	if pass == "" {
-		fmt.Printf("DB Passwort: ")
-		bytePass, err := term.ReadPassword(int(syscall.Stdin))
-		if err != nil {
-			return "", fmt.Errorf("error reading password: %v", err)
-		}
-		fmt.Println()
-		pass = strings.TrimSpace(string(bytePass))
-	}
-	return pass, nil
-}
-
-func getCredentials() (string, string, error) {
-	user, err := getUsername()
-	if err != nil {
-		return "", "", fmt.Errorf("error getting username: %v", err)
-	}
-
-	pass, err := getPassword()
-	if err != nil {
-		return "", "", fmt.Errorf("error getting password: %v", err)
-	}
-
-	return user, pass, nil
-}
--- a/cmd/data/rss.go
+++ b/cmd/data/rss.go
@ -1,106 +0,0 @@
-package data
-
-import (
-	"encoding/gob"
-	"fmt"
-	"os"
-	"sync"
-
-	"github.com/gorilla/feeds"
-)
-
-type Feed struct {
-	addCh chan *feeds.Item
-	setCh chan feeds.Feed
-	getCh chan feeds.Feed
-	feed  feeds.Feed
-	wg    sync.WaitGroup
-}
-
-func minFeed() *Feed {
-	return &Feed{
-		addCh: make(chan *feeds.Item),
-		setCh: make(chan feeds.Feed),
-		getCh: make(chan feeds.Feed),
-	}
-}
-
-func (f *Feed) start() {
-	f.wg.Done()
-	for {
-		select {
-		case item := <-f.addCh:
-			f.feed.Items = append(f.feed.Items, item)
-		case f.getCh <- f.feed:
-		case f.feed = <-f.setCh:
-		}
-	}
-}
-
-func NewFeed(title, link, desc string) *Feed {
-	feed := minFeed()
-	feed.feed = feeds.Feed{
-		Title:       title,
-		Link:        &feeds.Link{Href: link},
-		Description: desc,
-	}
-
-	feed.wg.Add(1)
-	go feed.start()
-	feed.wg.Wait()
-
-	return feed
-}
-
-func (f *Feed) Get() feeds.Feed {
-	return <-f.getCh
-}
-
-func (f *Feed) Set(feed feeds.Feed) {
-	f.setCh <- feed
-}
-
-func OpenFeed(filename string) (*Feed, error) {
-	file, err := os.Open(filename)
-	if err != nil {
-		return nil, fmt.Errorf("error opening file %v: %v", filename, err)
-	}
-	defer file.Close()
-
-	feed := minFeed()
-	feed.wg.Add(1)
-	go feed.start()
-	feed.wg.Wait()
-
-	decoder := gob.NewDecoder(file)
-	tmpFeed := new(feeds.Feed)
-	err = decoder.Decode(tmpFeed)
-	if err != nil {
-		return nil, fmt.Errorf("error decoding file %v: %v", filename, err)
-	}
-
-	feed.Set(*tmpFeed)
-
-	return feed, nil
-}
-
-func (f *Feed) Save(filename string) error {
-	file, err := os.Create(filename)
-	if err != nil {
-		return fmt.Errorf("error creating file %v: %v", filename, err)
-	}
-	defer file.Close()
-
-	encoder := gob.NewEncoder(file)
-	feed := f.Get()
-	err = encoder.Encode(feed)
-	if err != nil {
-		return fmt.Errorf("error encoding file %v: %v", filename, err)
-	}
-
-	return nil
-}
-
-func (f *Feed) Add(i *feeds.Item) {
-	f.addCh <- i
-}
--- a/cmd/data/user.go
+++ b/cmd/data/user.go
@ -1,16 +0,0 @@
-package data
-
-const (
-	Admin = iota
-	Editor
-	Writer
-)
-
-type User struct {
-	UserName         string
-	FirstName        string
-	LastName         string
-	RejectedArticles []*Article
-	ID               int64
-	Role             int
-}
--- a/cmd/frontend/articles.go
+++ b/cmd/frontend/articles.go
@ -0,0 +1,478 @@
+package frontend
+
+import (
+	"encoding/json"
+	"fmt"
+	"html/template"
+	"io"
+	"io/fs"
+	"log"
+	"net/http"
+	"os"
+	"path/filepath"
+	"strconv"
+	"strings"
+	"time"
+
+	"github.com/google/uuid"
+	b "streifling.com/jason/cpolis/cmd/backend"
+)
+
+const (
+	EditMode = iota
+	PreviewMode
+)
+
+func WriteArticle(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		session, err := getSession(w, r, c, s)
+		if err != nil {
+			return
+		}
+
+		type editorHTMLData struct {
+			Title       string
+			Description string
+			Content     string
+			HTMLContent template.HTML
+			Tags        []*b.Tag
+			Mode        int
+		}
+
+		var data editorHTMLData
+		if session.Values["article"] == nil {
+			data = editorHTMLData{}
+		} else {
+			data = session.Values["article"].(editorHTMLData)
+		}
+		data.Mode = EditMode
+
+		data.Tags, err = db.GetTagList()
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		tmpl, err := template.ParseFiles(c.WebDir + "/templates/editor.html")
+		template.Must(tmpl, err).ExecuteTemplate(w, "page-content", data)
+	}
+}
+
+func SubmitArticle(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		session, err := getSession(w, r, c, s)
+		if err != nil {
+			return
+		}
+
+		session.Values["article"] = nil
+		if err = session.Save(r, w); err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		article := &b.Article{
+			Title:       r.PostFormValue("article-title"),
+			Description: r.PostFormValue("article-description"),
+			Content:     r.PostFormValue("article-content"),
+			Published:   false,
+			Rejected:    false,
+			AuthorID:    session.Values["id"].(int64),
+		}
+
+		article.ID, err = db.AddArticle(article)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		r.ParseForm()
+		tags := make([]int64, 0)
+		for _, tag := range r.Form["tags"] {
+			tagID, err := strconv.ParseInt(tag, 10, 64)
+			if err != nil {
+				log.Println(err)
+				http.Error(w, err.Error(), http.StatusInternalServerError)
+				return
+			}
+			tags = append(tags, tagID)
+		}
+		if err = db.WriteArticleTags(article.ID, tags); err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		tmpl, err := template.ParseFiles(c.WebDir + "/templates/hub.html")
+		tmpl = template.Must(tmpl, err)
+		tmpl.ExecuteTemplate(w, "page-content", session.Values["role"])
+	}
+}
+
+func ResubmitArticle(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		session, err := getSession(w, r, c, s)
+		if err != nil {
+			return
+		}
+
+		id, err := strconv.ParseInt(r.PathValue("id"), 10, 64)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		title := r.PostFormValue("article-title")
+		description := r.PostFormValue("article-description")
+		content := r.PostFormValue("article-content")
+
+		if err = db.UpdateAttributes(
+			&b.Attribute{Table: "articles", ID: id, AttName: "title", Value: title},
+			&b.Attribute{Table: "articles", ID: id, AttName: "description", Value: description},
+			&b.Attribute{Table: "articles", ID: id, AttName: "content", Value: content},
+			&b.Attribute{Table: "articles", ID: id, AttName: "rejected", Value: false},
+		); err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		r.ParseForm()
+		tags := make([]int64, 0)
+		for _, tag := range r.Form["tags"] {
+			tagID, err := strconv.ParseInt(tag, 10, 64)
+			if err != nil {
+				log.Println(err)
+				http.Error(w, err.Error(), http.StatusInternalServerError)
+				return
+			}
+			tags = append(tags, tagID)
+		}
+		if err = db.UpdateArticleTags(id, tags); err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		tmpl, err := template.ParseFiles(c.WebDir + "/templates/hub.html")
+		tmpl = template.Must(tmpl, err)
+		tmpl.ExecuteTemplate(w, "page-content", session.Values["role"])
+	}
+}
+
+func ShowUnpublishedArticles(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		if _, err := getSession(w, r, c, s); err != nil {
+			return
+		}
+
+		unpublishedArticles, err := db.GetCertainArticles(false, false)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		tmpl, err := template.ParseFiles(c.WebDir + "/templates/unpublished-articles.html")
+		tmpl = template.Must(tmpl, err)
+		tmpl.ExecuteTemplate(w, "page-content", unpublishedArticles)
+	}
+}
+
+func ShowRejectedArticles(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		session, err := getSession(w, r, c, s)
+		if err != nil {
+			return
+		}
+
+		type htmlData struct {
+			MyIDs            map[int64]bool
+			RejectedArticles []*b.Article
+		}
+		data := new(htmlData)
+
+		data.RejectedArticles, err = db.GetCertainArticles(false, true)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		data.MyIDs = make(map[int64]bool)
+		for _, article := range data.RejectedArticles {
+			if article.AuthorID == session.Values["id"].(int64) {
+				data.MyIDs[article.ID] = true
+			}
+		}
+
+		tmpl, err := template.ParseFiles(c.WebDir + "/templates/rejected-articles.html")
+		tmpl = template.Must(tmpl, err)
+		tmpl.ExecuteTemplate(w, "page-content", data)
+	}
+}
+
+func ReviewUnpublishedArticle(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		if _, err := getSession(w, r, c, s); err != nil {
+			return
+		}
+
+		type htmlData struct {
+			Title       string
+			Description string
+			Content     template.HTML
+			Tags        []*b.Tag
+			ID          int64
+		}
+
+		var err error
+		data := new(htmlData)
+
+		data.ID, err = strconv.ParseInt(r.PathValue("id"), 10, 64)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		article, err := db.GetArticle(data.ID)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		data.Title, err = b.ConvertToPlain(article.Title)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		data.Description, err = b.ConvertToPlain(article.Description)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		content, err := b.ConvertToHTML(article.Content)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+		data.Content = template.HTML(content)
+
+		data.Tags, err = db.GetArticleTags(data.ID)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		tmpl, err := template.ParseFiles(c.WebDir + "/templates/to-be-published.html")
+		tmpl = template.Must(tmpl, err)
+		tmpl.ExecuteTemplate(w, "page-content", data)
+	}
+}
+
+func ReviewRejectedArticle(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		if _, err := getSession(w, r, c, s); err != nil {
+			return
+		}
+
+		type htmlData struct {
+			Selected map[int64]bool
+			Article  *b.Article
+			Tags     []*b.Tag
+		}
+		data := new(htmlData)
+
+		id, err := strconv.ParseInt(r.PathValue("id"), 10, 64)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		data.Article, err = db.GetArticle(id)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		data.Tags, err = db.GetTagList()
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		selectedTags, err := db.GetArticleTags(id)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+		data.Selected = make(map[int64]bool)
+		for _, tag := range selectedTags {
+			data.Selected[tag.ID] = true
+		}
+
+		tmpl, err := template.ParseFiles(c.WebDir + "/templates/rework-article.html")
+		tmpl = template.Must(tmpl, err)
+		tmpl.ExecuteTemplate(w, "page-content", data)
+	}
+}
+
+func PublishArticle(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		session, err := getSession(w, r, c, s)
+		if err != nil {
+			return
+		}
+
+		id, err := strconv.ParseInt(r.PathValue("id"), 10, 64)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		if err = db.AddArticleToCurrentIssue(id); err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		if err = db.UpdateAttributes(
+			&b.Attribute{Table: "articles", ID: id, AttName: "published", Value: true},
+			&b.Attribute{Table: "articles", ID: id, AttName: "rejected", Value: false},
+			&b.Attribute{Table: "articles", ID: id, AttName: "created", Value: time.Now().Format("2006-01-02 15:04:05")},
+		); err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		feed, err := b.GenerateRSS(db, c.Title, c.Link, c.Description)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+		if err = b.SaveRSS(c.RSSFile, feed); err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		tmpl, err := template.ParseFiles(c.WebDir + "/templates/hub.html")
+		tmpl = template.Must(tmpl, err)
+		tmpl.ExecuteTemplate(w, "page-content", session.Values["role"])
+	}
+}
+
+func RejectArticle(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		session, err := getSession(w, r, c, s)
+		if err != nil {
+			return
+		}
+
+		id, err := strconv.ParseInt(r.PathValue("id"), 10, 64)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		if err = db.UpdateAttributes(
+			&b.Attribute{Table: "articles", ID: id, AttName: "rejected", Value: true},
+		); err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		tmpl, err := template.ParseFiles(c.WebDir + "/templates/hub.html")
+		tmpl = template.Must(tmpl, err)
+		tmpl.ExecuteTemplate(w, "page-content", session.Values["role"])
+	}
+}
+
+func ShowCurrentArticles(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		if _, err := getSession(w, r, c, s); err != nil {
+			return
+		}
+
+		articles, err := db.GetCurrentIssueArticles()
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		tmpl, err := template.ParseFiles(c.WebDir + "/templates/current-articles.html")
+		template.Must(tmpl, err).ExecuteTemplate(w, "page-content", articles)
+	}
+}
+
+func UploadImage(c *b.Config, s *b.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		if _, err := getSession(w, r, c, s); err != nil {
+			return
+		}
+
+		file, header, err := r.FormFile("article-image")
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+		defer file.Close()
+
+		nameStrings := strings.Split(header.Filename, ".")
+		extension := "." + nameStrings[len(nameStrings)-1]
+		filename := fmt.Sprint(uuid.New(), extension)
+		absFilepath, err := filepath.Abs(fmt.Sprint(c.PicsDir, "/", filename))
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		if err = os.MkdirAll(fmt.Sprint(c.PicsDir, "/"), fs.FileMode(0755)); err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		img, err := os.Create(absFilepath)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+		defer img.Close()
+
+		if _, err = io.Copy(img, file); err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		url := fmt.Sprint(c.Domain, "/pics/", filename)
+		w.Header().Set("Content-Type", "application/json")
+		json.NewEncoder(w).Encode(url)
+	}
+}
--- a/cmd/frontend/editor.go
+++ b/cmd/frontend/editor.go
@ -0,0 +1,34 @@
+package frontend
+
+import (
+	"html/template"
+	"net/http"
+
+	b "streifling.com/jason/cpolis/cmd/backend"
+)
+
+func CreateTag(c *b.Config, s *b.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		if _, err := getSession(w, r, c, s); err != nil {
+			return
+		}
+
+		tmpl, err := template.ParseFiles(c.WebDir + "/templates/add-tag.html")
+		template.Must(tmpl, err).ExecuteTemplate(w, "page-content", nil)
+	}
+}
+
+func AddTag(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		session, err := getSession(w, r, c, s)
+		if err != nil {
+			return
+		}
+
+		db.AddTag(r.PostFormValue("tag"))
+
+		tmpl, err := template.ParseFiles(c.WebDir + "/templates/hub.html")
+		tmpl = template.Must(tmpl, err)
+		tmpl.ExecuteTemplate(w, "page-content", session.Values["role"])
+	}
+}
--- a/cmd/frontend/images.go
+++ b/cmd/frontend/images.go
@ -0,0 +1,26 @@
+package frontend
+
+import (
+	"log"
+	"net/http"
+	"path/filepath"
+
+	b "streifling.com/jason/cpolis/cmd/backend"
+)
+
+func ServeImage(c *b.Config, s *b.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		if _, err := getSession(w, r, c, s); err != nil {
+			return
+		}
+
+		absFilepath, err := filepath.Abs(c.PicsDir)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		http.ServeFile(w, r, absFilepath+"/"+r.PathValue("pic"))
+	}
+}
--- a/cmd/frontend/issues.go
+++ b/cmd/frontend/issues.go
@ -0,0 +1,28 @@
+package frontend
+
+import (
+	"html/template"
+	"log"
+	"net/http"
+
+	b "streifling.com/jason/cpolis/cmd/backend"
+)
+
+func PublishLatestIssue(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		session, err := getSession(w, r, c, s)
+		if err != nil {
+			return
+		}
+
+		if err := db.PublishLatestIssue(); err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		tmpl, err := template.ParseFiles(c.WebDir + "/templates/hub.html")
+		tmpl = template.Must(tmpl, err)
+		tmpl.ExecuteTemplate(w, "page-content", session.Values["role"])
+	}
+}
--- a/cmd/frontend/sessions.go
+++ b/cmd/frontend/sessions.go
@ -0,0 +1,128 @@
+package frontend
+
+import (
+	"fmt"
+	"html/template"
+	"log"
+	"net/http"
+
+	b "streifling.com/jason/cpolis/cmd/backend"
+)
+
+func saveSession(w http.ResponseWriter, r *http.Request, s *b.CookieStore, u *b.User) error {
+	session, err := s.Get(r, "cookie")
+	if err != nil {
+		return fmt.Errorf("error getting session: %v", err)
+	}
+
+	session.Values["authenticated"] = true
+	session.Values["id"] = u.ID
+	session.Values["name"] = u.FirstName + u.LastName
+	session.Values["role"] = u.Role
+	if err := session.Save(r, w); err != nil {
+		return fmt.Errorf("error saving session: %v", err)
+	}
+
+	return nil
+}
+
+func HomePage(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		numRows, err := db.CountEntries("users")
+		if err != nil {
+			log.Fatalln(err)
+		}
+
+		files := []string{c.WebDir + "/templates/index.html"}
+		if numRows == 0 {
+			files = append(files, c.WebDir+"/templates/first-user.html")
+			tmpl, err := template.ParseFiles(files...)
+			template.Must(tmpl, err).Execute(w, nil)
+		} else {
+			session, _ := s.Get(r, "cookie")
+			if auth, ok := session.Values["authenticated"].(bool); auth && ok {
+				files = append(files, c.WebDir+"/templates/hub.html")
+				tmpl, err := template.ParseFiles(files...)
+				template.Must(tmpl, err).Execute(w, session.Values["role"])
+			} else {
+				files = append(files, c.WebDir+"/templates/login.html")
+				tmpl, err := template.ParseFiles(files...)
+				template.Must(tmpl, err).Execute(w, nil)
+			}
+		}
+	}
+}
+
+func Login(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		userName := r.PostFormValue("username")
+		password := r.PostFormValue("password")
+
+		id, ok := db.GetID(userName)
+		if !ok {
+			http.Error(w, fmt.Sprintf("no such user: %v", userName), http.StatusInternalServerError)
+			return
+		}
+
+		if err := db.CheckPassword(id, password); err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		user, err := db.GetUser(id)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		if err := saveSession(w, r, s, user); err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		tmpl, err := template.ParseFiles(c.WebDir + "/templates/hub.html")
+		template.Must(tmpl, err).ExecuteTemplate(w, "page-content", user.Role)
+	}
+}
+
+func Logout(c *b.Config, s *b.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		session, err := getSession(w, r, c, s)
+		if err != nil {
+			return
+		}
+
+		session.Options.MaxAge = -1
+
+		if err = session.Save(r, w); err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		tmpl, err := template.ParseFiles(c.WebDir + "/templates/login.html")
+		template.Must(tmpl, err).ExecuteTemplate(w, "page-content", nil)
+	}
+}
+
+func ShowHub(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		session, err := getSession(w, r, c, s)
+		if err != nil {
+			return
+		}
+
+		session.Values["article"] = nil
+		if err = session.Save(r, w); err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		tmpl, err := template.ParseFiles(c.WebDir + "/templates/hub.html")
+		template.Must(tmpl, err).ExecuteTemplate(w, "page-content", session.Values["role"].(int))
+	}
+}
--- a/cmd/frontend/users.go
+++ b/cmd/frontend/users.go
@ -0,0 +1,434 @@
+package frontend
+
+import (
+	"fmt"
+	"html/template"
+	"log"
+	"net/http"
+	"strconv"
+
+	b "streifling.com/jason/cpolis/cmd/backend"
+)
+
+type UserData struct {
+	*b.User
+	Msg string
+}
+
+func checkUserStrings(user *b.User) (string, int, bool) {
+	userLen := 15
+	nameLen := 50
+
+	if len(user.UserName) > userLen {
+		return "Benutzername", userLen, false
+	} else if len(user.FirstName) > nameLen {
+		return "Vorname", nameLen, false
+	} else if len(user.LastName) > nameLen {
+		return "Nachname", nameLen, false
+	} else {
+		return "", 0, true
+	}
+}
+
+func CreateUser(c *b.Config, s *b.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		if _, err := getSession(w, r, c, s); err != nil {
+			return
+		}
+
+		tmpl, err := template.ParseFiles(c.WebDir + "/templates/add-user.html")
+		template.Must(tmpl, err).ExecuteTemplate(w, "page-content", nil)
+	}
+}
+
+func AddUser(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		session, err := getSession(w, r, c, s)
+		if err != nil {
+			return
+		}
+
+		role, err := strconv.Atoi(r.PostFormValue("role"))
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		htmlData := UserData{
+			User: &b.User{
+				UserName:  r.PostFormValue("username"),
+				FirstName: r.PostFormValue("first-name"),
+				LastName:  r.PostFormValue("last-name"),
+				Role:      role,
+			},
+		}
+		pass := r.PostFormValue("password")
+		pass2 := r.PostFormValue("password2")
+
+		if len(htmlData.UserName) == 0 || len(htmlData.FirstName) == 0 ||
+			len(htmlData.LastName) == 0 || len(pass) == 0 || len(pass2) == 0 {
+			htmlData.Msg = "Alle Felder müssen ausgefüllt werden."
+			tmpl, err := template.ParseFiles(c.WebDir + "/templates/add-user.html")
+			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", htmlData)
+			return
+		}
+		userString, stringLen, ok := checkUserStrings(htmlData.User)
+		if !ok {
+			htmlData.Msg = fmt.Sprint(userString, " ist zu lang. Maximal ",
+				stringLen, " Zeichen erlaubt.")
+			tmpl, err := template.ParseFiles(c.WebDir + "/templates/add-user.html")
+			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", htmlData)
+			return
+		}
+		id, _ := db.GetID(htmlData.UserName)
+		if id != 0 {
+			htmlData.Msg = fmt.Sprint(htmlData.UserName,
+				" ist bereits vergeben. Bitte anderen Benutzernamen wählen.")
+			tmpl, err := template.ParseFiles(c.WebDir + "/templates/add-user.html")
+			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", htmlData)
+			return
+		}
+		if pass != pass2 {
+			htmlData.Msg = "Die Passwörter stimmen nicht überein."
+			tmpl, err := template.ParseFiles(c.WebDir + "/templates/add-user.html")
+			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", htmlData)
+			return
+		}
+
+		_, err = db.AddUser(htmlData.User, pass)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		tmpl, err := template.ParseFiles(c.WebDir + "/templates/hub.html")
+		tmpl = template.Must(tmpl, err)
+		tmpl.ExecuteTemplate(w, "page-content", session.Values["role"].(int))
+	}
+}
+
+func EditSelf(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		session, err := getSession(w, r, c, s)
+		if err != nil {
+			return
+		}
+
+		user, err := db.GetUser(session.Values["id"].(int64))
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		tmpl, err := template.ParseFiles(c.WebDir + "/templates/edit-self.html")
+		template.Must(tmpl, err).ExecuteTemplate(w, "page-content", user)
+	}
+}
+
+func UpdateSelf(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		session, err := getSession(w, r, c, s)
+		if err != nil {
+			return
+		}
+
+		userData := UserData{
+			User: &b.User{
+				ID:        session.Values["id"].(int64),
+				UserName:  r.PostFormValue("username"),
+				FirstName: r.PostFormValue("first-name"),
+				LastName:  r.PostFormValue("last-name"),
+			},
+		}
+		oldPass := r.PostFormValue("old-password")
+		newPass := r.PostFormValue("password")
+		newPass2 := r.PostFormValue("password2")
+
+		if len(userData.UserName) == 0 || len(userData.FirstName) == 0 ||
+			len(userData.LastName) == 0 {
+			userData.Msg = "Alle Felder mit * müssen ausgefüllt sein."
+			tmpl, err := template.ParseFiles(c.WebDir + "/templates/edit-user.html")
+			tmpl = template.Must(tmpl, err)
+			tmpl.ExecuteTemplate(w, "page-content", userData.Msg)
+			return
+		}
+
+		userString, stringLen, ok := checkUserStrings(userData.User)
+		if !ok {
+			userData.Msg = fmt.Sprint(userString, " ist zu lang. Maximal ",
+				stringLen, " Zeichen erlaubt.")
+			tmpl, err := template.ParseFiles(c.WebDir + "/templates/edit-user.html")
+			tmpl = template.Must(tmpl, err)
+			tmpl.ExecuteTemplate(w, "page-content", userData)
+			return
+		}
+
+		if id, ok := db.GetID(userData.UserName); ok {
+			if id != userData.ID {
+				userData.Msg = "Benutzername bereits vergeben."
+				userData.UserName = ""
+				tmpl, err := template.ParseFiles(c.WebDir + "/templates/edit-user.html")
+				tmpl = template.Must(tmpl, err)
+				tmpl.ExecuteTemplate(w, "page-content", userData)
+				return
+			}
+		}
+
+		if err = db.UpdateOwnAttributes(
+			userData.ID,
+			userData.UserName,
+			userData.FirstName,
+			userData.LastName,
+			oldPass,
+			newPass,
+			newPass2); err != nil {
+			userData.Msg = "Aktualisierung der Benutzerdaten fehlgeschlagen."
+			tmpl, err := template.ParseFiles(c.WebDir + "/templates/edit-user.html")
+			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", userData)
+		}
+
+		tmpl, err := template.ParseFiles(c.WebDir + "/templates/hub.html")
+		tmpl = template.Must(tmpl, err)
+		tmpl.ExecuteTemplate(w, "page-content", session.Values["role"].(int))
+	}
+}
+
+func AddFirstUser(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		if _, err := getSession(w, r, c, s); err != nil {
+			return
+		}
+
+		var err error
+		htmlData := UserData{
+			User: &b.User{
+				UserName:  r.PostFormValue("username"),
+				FirstName: r.PostFormValue("first-name"),
+				LastName:  r.PostFormValue("last-name"),
+				Role:      b.Admin,
+			},
+		}
+		pass := r.PostFormValue("password")
+		pass2 := r.PostFormValue("password2")
+
+		if len(htmlData.UserName) == 0 || len(htmlData.FirstName) == 0 ||
+			len(htmlData.LastName) == 0 || len(pass) == 0 || len(pass2) == 0 {
+			htmlData.Msg = "Alle Felder müssen ausgefüllt werden."
+			tmpl, err := template.ParseFiles(c.WebDir + "/templates/add-user.html")
+			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", htmlData)
+			return
+		}
+		userString, stringLen, ok := checkUserStrings(htmlData.User)
+		if !ok {
+			htmlData.Msg = fmt.Sprint(userString, " ist zu lang. Maximal ",
+				stringLen, " Zeichen erlaubt.")
+			tmpl, err := template.ParseFiles(c.WebDir + "/templates/add-user.html")
+			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", htmlData)
+			return
+		}
+		id, _ := db.GetID(htmlData.UserName)
+		if id != 0 {
+			htmlData.Msg = fmt.Sprint(htmlData.UserName,
+				" ist bereits vergeben. Bitte anderen Benutzernamen wählen.")
+			tmpl, err := template.ParseFiles(c.WebDir + "/templates/add-user.html")
+			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", htmlData)
+			return
+		}
+		if pass != pass2 {
+			htmlData.Msg = "Die Passwörter stimmen nicht überein."
+			tmpl, err := template.ParseFiles(c.WebDir + "/templates/add-user.html")
+			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", htmlData)
+			return
+		}
+
+		htmlData.ID, err = db.AddFirstUser(htmlData.User, pass)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+		if htmlData.ID > 1 {
+			errString := "error: there is already a first user"
+			log.Println(errString)
+			http.Error(w, errString, http.StatusInternalServerError)
+			return
+		}
+
+		if err := saveSession(w, r, s, htmlData.User); err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		if _, err := db.AddIssue(); err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		tmpl, err := template.ParseFiles(c.WebDir + "/templates/hub.html")
+		template.Must(tmpl, err).ExecuteTemplate(w, "page-content", 0)
+	}
+}
+
+func ShowAllUsers(c *b.Config, db *b.DB, s *b.CookieStore, action string) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		session, err := getSession(w, r, c, s)
+		if err != nil {
+			return
+		}
+
+		type htmlData struct {
+			Users  map[int64]*b.User
+			Action string
+		}
+
+		data := &htmlData{Action: action}
+		data.Users, err = db.GetAllUsers()
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		delete(data.Users, session.Values["id"].(int64))
+		tmpl, err := template.ParseFiles(c.WebDir + "/templates/show-all-users.html")
+		template.Must(tmpl, err).ExecuteTemplate(w, "page-content", data)
+	}
+}
+
+func EditUser(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		if _, err := getSession(w, r, c, s); err != nil {
+			return
+		}
+
+		id, err := strconv.ParseInt(r.PathValue("id"), 10, 64)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		user, err := db.GetUser(id)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		tmpl, err := template.ParseFiles(c.WebDir + "/templates/edit-user.html")
+		template.Must(tmpl, err).ExecuteTemplate(w, "page-content", user)
+	}
+}
+
+func UpdateUser(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		session, err := getSession(w, r, c, s)
+		if err != nil {
+			return
+		}
+
+		id, err := strconv.ParseInt(r.PathValue("id"), 10, 64)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		role, err := strconv.Atoi(r.PostFormValue("role"))
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		userData := UserData{
+			User: &b.User{
+				ID:        id,
+				UserName:  r.PostFormValue("username"),
+				FirstName: r.PostFormValue("first-name"),
+				LastName:  r.PostFormValue("last-name"),
+				Role:      role,
+			},
+		}
+		newPass := r.PostFormValue("password")
+		newPass2 := r.PostFormValue("password2")
+
+		if len(userData.UserName) == 0 || len(userData.FirstName) == 0 ||
+			len(userData.LastName) == 0 {
+			userData.Msg = "Alle Felder mit * müssen ausgefüllt sein."
+			tmpl, err := template.ParseFiles(c.WebDir + "/templates/edit-user.html")
+			tmpl = template.Must(tmpl, err)
+			tmpl.ExecuteTemplate(w, "page-content", userData.Msg)
+			return
+		}
+
+		userString, stringLen, ok := checkUserStrings(userData.User)
+		if !ok {
+			userData.Msg = fmt.Sprint(userString, " ist zu lang. Maximal ",
+				stringLen, " Zeichen erlaubt.")
+			tmpl, err := template.ParseFiles(c.WebDir + "/templates/edit-user.html")
+			tmpl = template.Must(tmpl, err)
+			tmpl.ExecuteTemplate(w, "page-content", userData)
+			return
+		}
+
+		if id, ok := db.GetID(userData.UserName); ok {
+			if id != userData.ID {
+				userData.Msg = "Benutzername bereits vergeben."
+				userData.UserName = ""
+				tmpl, err := template.ParseFiles(c.WebDir + "/templates/edit-user.html")
+				tmpl = template.Must(tmpl, err)
+				tmpl.ExecuteTemplate(w, "page-content", userData)
+				return
+			}
+		}
+
+		if err = db.UpdateUserAttributes(
+			userData.ID,
+			userData.UserName,
+			userData.FirstName,
+			userData.LastName,
+			newPass,
+			newPass2,
+			userData.Role); err != nil {
+			userData.Msg = "Aktualisierung der Benutzerdaten fehlgeschlagen."
+			tmpl, err := template.ParseFiles(c.WebDir + "/templates/edit-user.html")
+			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", userData)
+		}
+
+		tmpl, err := template.ParseFiles(c.WebDir + "/templates/hub.html")
+		tmpl = template.Must(tmpl, err)
+		tmpl.ExecuteTemplate(w, "page-content", session.Values["role"].(int))
+	}
+}
+
+func DeleteUser(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		session, err := getSession(w, r, c, s)
+		if err != nil {
+			return
+		}
+
+		id, err := strconv.ParseInt(r.PathValue("id"), 10, 64)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		if err = db.DeleteUser(id); err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		tmpl, err := template.ParseFiles(c.WebDir + "/templates/hub.html")
+		tmpl = template.Must(tmpl, err)
+		tmpl.ExecuteTemplate(w, "page-content", session.Values["role"].(int))
+	}
+}
--- a/cmd/frontend/verification.go
+++ b/cmd/frontend/verification.go
@ -0,0 +1,29 @@
+package frontend
+
+import (
+	"errors"
+	"html/template"
+	"net/http"
+
+	"github.com/gorilla/sessions"
+	b "streifling.com/jason/cpolis/cmd/backend"
+)
+
+// getSession is used for verifying that the user is logged in and returns their session and an error.
+func getSession(w http.ResponseWriter, r *http.Request, c *b.Config, s *b.CookieStore) (*sessions.Session, error) {
+	msg := "Keine gültige Session. Bitte erneut anmelden."
+	tmpl, tmplErr := template.ParseFiles(c.WebDir+"/templates/index.html", c.WebDir+"/templates/login.html")
+
+	session, err := s.Get(r, "cookie")
+	if err != nil {
+		template.Must(tmpl, tmplErr).ExecuteTemplate(w, "page-content", msg)
+		return nil, err
+	}
+
+	if session.IsNew {
+		template.Must(tmpl, tmplErr).ExecuteTemplate(w, "page-content", msg)
+		return session, errors.New("error: no existing session")
+	}
+
+	return session, nil
+}
--- a/cmd/main.go
+++ b/cmd/main.go
@ -0,0 +1,86 @@
+package main
+
+import (
+	"encoding/gob"
+	"log"
+	"net/http"
+	"os"
+
+	b "streifling.com/jason/cpolis/cmd/backend"
+	c "streifling.com/jason/cpolis/cmd/calls"
+	f "streifling.com/jason/cpolis/cmd/frontend"
+)
+
+func init() {
+	gob.Register(b.User{})
+}
+
+func main() {
+	config, err := b.HandleConfig()
+	if err != nil {
+		log.Fatalln(err)
+	}
+
+	logFile, err := os.OpenFile(config.LogFile, os.O_WRONLY|os.O_CREATE|os.O_APPEND, 0644)
+	if err != nil {
+		log.Fatalln(err)
+	}
+	defer logFile.Close()
+	log.SetOutput(logFile)
+
+	db, err := b.OpenDB(config.DBName)
+	if err != nil {
+		log.Fatalln(err)
+	}
+	defer db.Close()
+
+	key, err := b.LoadKey(config.KeyFile)
+	if err != nil {
+		key, err = b.NewKey()
+		if err != nil {
+			log.Fatalln(err)
+		}
+		b.SaveKey(key, config.KeyFile)
+	}
+	store := b.NewCookieStore(key)
+
+	mux := http.NewServeMux()
+	mux.Handle("/web/static/", http.StripPrefix("/web/static/",
+		http.FileServer(http.Dir(config.WebDir+"/static/"))))
+	mux.HandleFunc("/", f.HomePage(config, db, store))
+
+	mux.HandleFunc("GET /create-tag", f.CreateTag(config, store))
+	mux.HandleFunc("GET /create-user", f.CreateUser(config, store))
+	mux.HandleFunc("GET /edit-self", f.EditSelf(config, db, store))
+	mux.HandleFunc("GET /edit-user/{id}", f.EditUser(config, db, store))
+	mux.HandleFunc("GET /delete-user/{id}", f.DeleteUser(config, db, store))
+	mux.HandleFunc("GET /hub", f.ShowHub(config, db, store))
+	mux.HandleFunc("GET /logout", f.Logout(config, store))
+	mux.HandleFunc("GET /pdf/get-list", c.ServePDFList(config))
+	mux.HandleFunc("GET /pdf/{id}", c.ServePDF(config))
+	mux.HandleFunc("GET /pics/{pic}", f.ServeImage(config, store))
+	mux.HandleFunc("GET /publish-article/{id}", f.PublishArticle(config, db, store))
+	mux.HandleFunc("GET /publish-issue", f.PublishLatestIssue(config, db, store))
+	mux.HandleFunc("GET /reject-article/{id}", f.RejectArticle(config, db, store))
+	mux.HandleFunc("GET /rejected-articles", f.ShowRejectedArticles(config, db, store))
+	mux.HandleFunc("GET /review-rejected-article/{id}", f.ReviewRejectedArticle(config, db, store))
+	mux.HandleFunc("GET /review-unpublished-article/{id}", f.ReviewUnpublishedArticle(config, db, store))
+	mux.HandleFunc("GET /rss", c.ServeRSS(config))
+	mux.HandleFunc("GET /show-all-users-edit", f.ShowAllUsers(config, db, store, "edit-user"))
+	mux.HandleFunc("GET /show-all-users-delete", f.ShowAllUsers(config, db, store, "delete-user"))
+	mux.HandleFunc("GET /this-issue", f.ShowCurrentArticles(config, db, store))
+	mux.HandleFunc("GET /unpublished-articles", f.ShowUnpublishedArticles(config, db, store))
+	mux.HandleFunc("GET /write-article", f.WriteArticle(config, db, store))
+
+	mux.HandleFunc("POST /add-first-user", f.AddFirstUser(config, db, store))
+	mux.HandleFunc("POST /add-tag", f.AddTag(config, db, store))
+	mux.HandleFunc("POST /add-user", f.AddUser(config, db, store))
+	mux.HandleFunc("POST /login", f.Login(config, db, store))
+	mux.HandleFunc("POST /resubmit-article/{id}", f.ResubmitArticle(config, db, store))
+	mux.HandleFunc("POST /submit-article", f.SubmitArticle(config, db, store))
+	mux.HandleFunc("POST /update-self", f.UpdateSelf(config, db, store))
+	mux.HandleFunc("POST /update-user/{id}", f.UpdateUser(config, db, store))
+	mux.HandleFunc("POST /upload-image", f.UploadImage(config, store))
+
+	log.Fatalln(http.ListenAndServe(config.Port, mux))
+}
--- a/cmd/ui/admin.go
+++ b/cmd/ui/admin.go
@ -1,105 +0,0 @@
-package ui
-
-import (
-	"fmt"
-	"html/template"
-	"log"
-	"net/http"
-	"strconv"
-
-	"streifling.com/jason/cpolis/cmd/data"
-)
-
-type AddUserData struct {
-	Msg string
-	data.User
-}
-
-func inputsEmpty(user data.User, pass, pass2 string) bool {
-	return len(user.UserName) == 0 ||
-		len(user.FirstName) == 0 ||
-		len(user.LastName) == 0 ||
-		len(pass) == 0 ||
-		len(pass2) == 0
-}
-
-func checkUserStrings(user data.User) (string, int, bool) {
-	userLen := 15
-	nameLen := 50
-
-	if len(user.UserName) > userLen {
-		return "Benutzername", userLen, false
-	} else if len(user.FirstName) > nameLen {
-		return "Vorname", nameLen, false
-	} else if len(user.LastName) > nameLen {
-		return "Nachname", nameLen, false
-	} else {
-		return "", 0, true
-	}
-}
-
-func CreateUser() http.HandlerFunc {
-	return func(w http.ResponseWriter, r *http.Request) {
-		tmpl, err := template.ParseFiles("web/templates/add-user.html")
-		template.Must(tmpl, err).ExecuteTemplate(w, "page-content", nil)
-	}
-}
-
-func AddUser(db *data.DB) http.HandlerFunc {
-	return func(w http.ResponseWriter, r *http.Request) {
-		role, err := strconv.Atoi(r.PostFormValue("role"))
-		if err != nil {
-			log.Println(err)
-			http.Error(w, err.Error(), http.StatusInternalServerError)
-			return
-		}
-
-		htmlData := AddUserData{
-			User: data.User{
-				UserName:  r.PostFormValue("username"),
-				FirstName: r.PostFormValue("first-name"),
-				LastName:  r.PostFormValue("last-name"),
-				Role:      role,
-			},
-		}
-		pass := r.PostFormValue("password")
-		pass2 := r.PostFormValue("password2")
-
-		if inputsEmpty(htmlData.User, pass, pass2) {
-			htmlData.Msg = "Alle Felder müssen ausgefüllt werden."
-			tmpl, err := template.ParseFiles("web/templates/add-user.html")
-			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", htmlData)
-			return
-		}
-		userString, stringLen, ok := checkUserStrings(htmlData.User)
-		if !ok {
-			htmlData.Msg = fmt.Sprint(userString, " ist zu lang. Maximal ",
-				stringLen, " Zeichen erlaubt.")
-			tmpl, err := template.ParseFiles("web/templates/add-user.html")
-			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", htmlData)
-			return
-		}
-		id, _ := db.GetID(htmlData.UserName)
-		if id != 0 {
-			htmlData.Msg = fmt.Sprint(htmlData.UserName,
-				" ist bereits vergeben. Bitte anderen Benutzernamen wählen.")
-			tmpl, err := template.ParseFiles("web/templates/add-user.html")
-			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", htmlData)
-			return
-		}
-		if pass != pass2 {
-			htmlData.Msg = "Die Passwörter stimmen nicht überein."
-			tmpl, err := template.ParseFiles("web/templates/add-user.html")
-			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", htmlData)
-			return
-		}
-
-		if err := db.AddUser(htmlData.User, pass); err != nil {
-			log.Println(err)
-			http.Error(w, err.Error(), http.StatusInternalServerError)
-			return
-		}
-		tmpl, err := template.ParseFiles("web/templates/hub.html")
-		template.Must(tmpl, err).ExecuteTemplate(w, "page-content", nil)
-	}
-}
--- a/cmd/ui/articles.go
+++ b/cmd/ui/articles.go
@ -1,153 +0,0 @@
-package ui
-
-import (
-	"html/template"
-	"log"
-	"net/http"
-	"time"
-
-	"github.com/google/uuid"
-	"github.com/gorilla/feeds"
-	"streifling.com/jason/cpolis/cmd/data"
-)
-
-func ShowHub(s *data.CookieStore) http.HandlerFunc {
-	return func(w http.ResponseWriter, r *http.Request) {
-		session, err := s.Get(r, "cookie")
-		if err != nil {
-			tmpl, err := template.ParseFiles("web/templates/login.html")
-			msg := "Session nicht mehr gültig. Bitte erneut anmelden."
-			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", msg)
-		}
-
-		tmpl, err := template.ParseFiles("web/templates/hub.html")
-		template.Must(tmpl, err).ExecuteTemplate(w, "page-content", session.Values["role"])
-	}
-}
-
-func WriteArticle(w http.ResponseWriter, r *http.Request) {
-	tmpl, err := template.ParseFiles("web/templates/editor.html")
-	template.Must(tmpl, err).ExecuteTemplate(w, "page-content", nil)
-}
-
-func FinishArticle(l *data.ArticleList, s *data.CookieStore) http.HandlerFunc {
-	return func(w http.ResponseWriter, r *http.Request) {
-		article := new(data.Article)
-		var err error
-
-		article.Title, err = data.ConvertToPlain(r.PostFormValue("editor-title"))
-		if err != nil {
-			log.Println(err)
-			http.Error(w, err.Error(), http.StatusInternalServerError)
-			return
-		}
-
-		article.Desc, err = data.ConvertToPlain(r.PostFormValue("editor-desc"))
-		if err != nil {
-			log.Println(err)
-			http.Error(w, err.Error(), http.StatusInternalServerError)
-			return
-		}
-
-		article.Content, err = data.ConvertToHTML(r.PostFormValue("editor-text"))
-		if err != nil {
-			log.Println(err)
-			http.Error(w, err.Error(), http.StatusInternalServerError)
-			return
-		}
-
-		session, err := s.Get(r, "cookie")
-		if err != nil {
-			tmpl, err := template.ParseFiles("web/templates/login.html")
-			msg := "Session nicht mehr gültig. Bitte erneut anmelden."
-			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", msg)
-		}
-
-		article.UUID = uuid.New()
-		article.Author = session.Values["name"].(string)
-		article.Created = time.Now()
-		article.AuthorID = session.Values["id"].(int64)
-
-		l.Add(article)
-
-		tmpl, err := template.ParseFiles("web/templates/hub.html")
-		tmpl = template.Must(tmpl, err)
-		tmpl.ExecuteTemplate(w, "page-content", session.Values["role"])
-	}
-}
-
-func ShowUnpublishedArticles(l *data.ArticleList) http.HandlerFunc {
-	return func(w http.ResponseWriter, r *http.Request) {
-		tmpl, err := template.ParseFiles("web/templates/unpublished-articles.html")
-		template.Must(tmpl, err).ExecuteTemplate(w, "page-content", l.Get())
-	}
-}
-
-func ReviewArticle(l *data.ArticleList, s *data.CookieStore) http.HandlerFunc {
-	return func(w http.ResponseWriter, r *http.Request) {
-		uuid, err := uuid.Parse(r.PostFormValue("uuid"))
-		if err != nil {
-			log.Println(err)
-			http.Error(w, err.Error(), http.StatusInternalServerError)
-			return
-		}
-
-		for _, article := range l.Get() {
-			if article.UUID == uuid {
-				tmpl, err := template.ParseFiles("web/templates/to-be-published.html")
-				template.Must(tmpl, err).ExecuteTemplate(w, "page-content", article)
-				return
-			}
-		}
-
-		session, err := s.Get(r, "cookie")
-		if err != nil {
-			tmpl, err := template.ParseFiles("web/templates/login.html")
-			msg := "Session nicht mehr gültig. Bitte erneut anmelden."
-			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", msg)
-		}
-
-		tmpl, err := template.ParseFiles("web/templates/hub.html")
-		tmpl = template.Must(tmpl, err)
-		tmpl.ExecuteTemplate(w, "page-content", session.Values["role"])
-	}
-}
-
-func PublishArticle(f *data.Feed, l *data.ArticleList, s *data.CookieStore) http.HandlerFunc {
-	return func(w http.ResponseWriter, r *http.Request) {
-		uuid, err := uuid.Parse(r.PostFormValue("uuid"))
-		if err != nil {
-			log.Println(err)
-			http.Error(w, err.Error(), http.StatusInternalServerError)
-			return
-		}
-
-		article, ok := l.Release(uuid)
-		if !ok {
-			// TODO: Warnung anzeigen
-			// msg = "Alle Felder müssen ausgefüllt werden."
-			// tmpl, err := template.ParseFiles("web/templates/add-user.html")
-			// template.Must(tmpl, err).ExecuteTemplate(w, "page-content", msg)
-			return
-		}
-
-		f.Add(&feeds.Item{
-			Title:       article.Title,
-			Created:     article.Created,
-			Description: article.Desc,
-			Content:     article.Content,
-		})
-		f.Save("tmp/rss.gob")
-
-		session, err := s.Get(r, "cookie")
-		if err != nil {
-			tmpl, err := template.ParseFiles("web/templates/login.html")
-			msg := "Session nicht mehr gültig. Bitte erneut anmelden."
-			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", msg)
-		}
-
-		tmpl, err := template.ParseFiles("web/templates/hub.html")
-		tmpl = template.Must(tmpl, err)
-		tmpl.ExecuteTemplate(w, "page-content", session.Values["role"])
-	}
-}
--- a/cmd/ui/rss.go
+++ b/cmd/ui/rss.go
@ -1,25 +0,0 @@
-package ui
-
-import (
-	"html/template"
-	"log"
-	"net/http"
-
-	"streifling.com/jason/cpolis/cmd/data"
-)
-
-func ShowRSS(f *data.Feed) http.HandlerFunc {
-	return func(w http.ResponseWriter, r *http.Request) {
-		feed := f.Get()
-		rss, err := feed.ToRss()
-		if err != nil {
-			log.Println(err)
-			http.Error(w, err.Error(), http.StatusInternalServerError)
-			return
-		}
-
-		files := []string{"web/templates/index.html", "web/templates/feed.rss"}
-		tmpl, err := template.ParseFiles(files...)
-		template.Must(tmpl, err).Execute(w, rss)
-	}
-}
--- a/cmd/ui/sessions.go
+++ b/cmd/ui/sessions.go
@ -1,83 +0,0 @@
-package ui
-
-import (
-	"html/template"
-	"log"
-	"net/http"
-
-	"streifling.com/jason/cpolis/cmd/data"
-)
-
-func HomePage(db *data.DB, s *data.CookieStore) http.HandlerFunc {
-	return func(w http.ResponseWriter, r *http.Request) {
-		numRows, err := db.CountEntries()
-		if err != nil {
-			log.Fatalln(err)
-		}
-
-		files := []string{"web/templates/index.html"}
-		if numRows == 0 {
-			files = append(files, "web/templates/add-user.html")
-			tmpl, err := template.ParseFiles(files...)
-			template.Must(tmpl, err).Execute(w, nil)
-		} else {
-			session, _ := s.Get(r, "cookie")
-			if auth, ok := session.Values["authenticated"].(bool); auth && ok {
-				files = append(files, "web/templates/hub.html")
-				tmpl, err := template.ParseFiles(files...)
-				template.Must(tmpl, err).Execute(w, session.Values["role"])
-			} else {
-				files = append(files, "web/templates/login.html")
-				tmpl, err := template.ParseFiles(files...)
-				template.Must(tmpl, err).Execute(w, nil)
-			}
-		}
-	}
-}
-
-func Login(db *data.DB, s *data.CookieStore) http.HandlerFunc {
-	return func(w http.ResponseWriter, r *http.Request) {
-		userName := r.PostFormValue("username")
-		password := r.PostFormValue("password")
-
-		id, err := db.GetID(userName)
-		if err != nil {
-			log.Println(err)
-			http.Error(w, err.Error(), http.StatusInternalServerError)
-			return
-		}
-
-		if err := db.CheckPassword(id, password); err != nil {
-			log.Println(err)
-			http.Error(w, err.Error(), http.StatusInternalServerError)
-			return
-		}
-
-		user, err := db.GetUser(id)
-		if err != nil {
-			log.Println(err)
-			http.Error(w, err.Error(), http.StatusInternalServerError)
-			return
-		}
-
-		session, err := s.Get(r, "cookie")
-		if err != nil {
-			log.Println(err)
-			http.Error(w, err.Error(), http.StatusBadRequest)
-			return
-		}
-
-		session.Values["authenticated"] = true
-		session.Values["id"] = user.ID
-		session.Values["name"] = user.FirstName + user.LastName
-		session.Values["role"] = user.Role
-		if err := session.Save(r, w); err != nil {
-			log.Println(err)
-			http.Error(w, err.Error(), http.StatusInternalServerError)
-			return
-		}
-
-		tmpl, err := template.ParseFiles("web/templates/hub.html")
-		template.Must(tmpl, err).ExecuteTemplate(w, "page-content", user.Role)
-	}
-}
--- a/cpolis.service
+++ b/cpolis.service
@ -0,0 +1,9 @@
+[Unit]
+Description=cpolis
+
+[Service]
+ExecStart=/usr/local/bin/cpolis
+Restart=on-failure
+
+[Install]
+WantedBy=default.target
--- a/create_db.sql
+++ b/create_db.sql
@ -0,0 +1,50 @@
+DROP TABLE IF EXISTS articles_tags;
+DROP TABLE IF EXISTS tags;
+DROP TABLE IF EXISTS articles;
+DROP TABLE IF EXISTS issues;
+DROP TABLE IF EXISTS users;
+
+CREATE TABLE users (
+    id          INT         AUTO_INCREMENT,
+    username    VARCHAR(15) NOT NULL UNIQUE,
+    password    VARCHAR(60) NOT NULL,
+    first_name  VARCHAR(50) NOT NULL,
+    last_name   VARCHAR(50) NOT NULL,
+    role        INT         NOT NULL,
+    PRIMARY KEY(id)
+);
+
+CREATE TABLE issues (
+    id          INT     AUTO_INCREMENT,
+    published   BOOL    NOT NULL,
+    PRIMARY KEY(id)
+);
+
+CREATE TABLE articles (
+    id          INT             AUTO_INCREMENT,
+    title       VARCHAR(255)    NOT NULL,
+    created     TIMESTAMP       DEFAULT CURRENT_TIMESTAMP,
+    description TEXT            NOT NULL,
+    content     TEXT            NOT NULL,
+    published   BOOL            NOT NULL,
+    rejected    BOOL            NOT NULL,
+    author_id   INT             NOT NULL,
+    issue_id    INT             NOT NULL,
+    PRIMARY KEY(id),
+    FOREIGN KEY(author_id) REFERENCES users(id),
+    FOREIGN KEY(issue_id) REFERENCES issues(id)
+);
+
+CREATE TABLE tags (
+    id      INT         AUTO_INCREMENT,
+    name    VARCHAR(50) NOT NULL UNIQUE,
+    PRIMARY KEY(id)
+);
+
+CREATE TABLE articles_tags (
+    article_id  INT,
+    tag_id      INT,
+    PRIMARY KEY(article_id, tag_id),
+    FOREIGN KEY(article_id) REFERENCES articles(id),
+    FOREIGN KEY(tag_id) REFERENCES tags(id)
+);
--- a/go.mod
+++ b/go.mod
@ -3,20 +3,57 @@ module streifling.com/jason/cpolis
 go 1.22.0

 require (
+	firebase.google.com/go/v4 v4.14.1
+	git.streifling.com/jason/rss v0.1.2
+	github.com/BurntSushi/toml v1.3.2
 	github.com/go-sql-driver/mysql v1.7.1
 	github.com/google/uuid v1.6.0
-	github.com/gorilla/feeds v1.1.2
 	github.com/gorilla/sessions v1.2.2
 	github.com/microcosm-cc/bluemonday v1.0.26
 	github.com/yuin/goldmark v1.7.0
-	golang.org/x/crypto v0.14.0
-	golang.org/x/term v0.17.0
+	golang.org/x/crypto v0.21.0
+	golang.org/x/term v0.18.0
+	google.golang.org/api v0.170.0
 )

 require (
+	cloud.google.com/go v0.112.1 // indirect
+	cloud.google.com/go/compute v1.24.0 // indirect
+	cloud.google.com/go/compute/metadata v0.2.3 // indirect
+	cloud.google.com/go/firestore v1.15.0 // indirect
+	cloud.google.com/go/iam v1.1.7 // indirect
+	cloud.google.com/go/longrunning v0.5.5 // indirect
+	cloud.google.com/go/storage v1.40.0 // indirect
+	github.com/MicahParks/keyfunc v1.9.0 // indirect
 	github.com/aymerick/douceur v0.2.0 // indirect
+	github.com/felixge/httpsnoop v1.0.4 // indirect
+	github.com/go-logr/logr v1.4.1 // indirect
+	github.com/go-logr/stdr v1.2.2 // indirect
+	github.com/golang-jwt/jwt/v4 v4.5.0 // indirect
+	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
+	github.com/golang/protobuf v1.5.4 // indirect
+	github.com/google/s2a-go v0.1.7 // indirect
+	github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect
+	github.com/googleapis/gax-go/v2 v2.12.3 // indirect
 	github.com/gorilla/css v1.0.0 // indirect
 	github.com/gorilla/securecookie v1.1.2 // indirect
-	golang.org/x/net v0.17.0 // indirect
-	golang.org/x/sys v0.17.0 // indirect
+	go.opencensus.io v0.24.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.49.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0 // indirect
+	go.opentelemetry.io/otel v1.24.0 // indirect
+	go.opentelemetry.io/otel/metric v1.24.0 // indirect
+	go.opentelemetry.io/otel/trace v1.24.0 // indirect
+	golang.org/x/net v0.23.0 // indirect
+	golang.org/x/oauth2 v0.18.0 // indirect
+	golang.org/x/sync v0.6.0 // indirect
+	golang.org/x/sys v0.18.0 // indirect
+	golang.org/x/text v0.14.0 // indirect
+	golang.org/x/time v0.5.0 // indirect
+	google.golang.org/appengine v1.6.8 // indirect
+	google.golang.org/appengine/v2 v2.0.2 // indirect
+	google.golang.org/genproto v0.0.0-20240213162025-012b6fc9bca9 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20240314234333-6e1732d8331c // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20240311132316-a219d84964c2 // indirect
+	google.golang.org/grpc v1.62.1 // indirect
+	google.golang.org/protobuf v1.33.0 // indirect
 )
--- a/go.sum
+++ b/go.sum
@ -1,34 +1,232 @@
+cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
+cloud.google.com/go v0.112.1 h1:uJSeirPke5UNZHIb4SxfZklVSiWWVqW4oXlETwZziwM=
+cloud.google.com/go v0.112.1/go.mod h1:+Vbu+Y1UU+I1rjmzeMOb/8RfkKJK2Gyxi1X6jJCZLo4=
+cloud.google.com/go/compute v1.24.0 h1:phWcR2eWzRJaL/kOiJwfFsPs4BaKq1j6vnpZrc1YlVg=
+cloud.google.com/go/compute v1.24.0/go.mod h1:kw1/T+h/+tK2LJK0wiPPx1intgdAM3j/g3hFDlscY40=
+cloud.google.com/go/compute/metadata v0.2.3 h1:mg4jlk7mCAj6xXp9UJ4fjI9VUI5rubuGBW5aJ7UnBMY=
+cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2AawlZn8kiOGuCv6gTkwuA=
+cloud.google.com/go/firestore v1.15.0 h1:/k8ppuWOtNuDHt2tsRV42yI21uaGnKDEQnRFeBpbFF8=
+cloud.google.com/go/firestore v1.15.0/go.mod h1:GWOxFXcv8GZUtYpWHw/w6IuYNux/BtmeVTMmjrm4yhk=
+cloud.google.com/go/iam v1.1.7 h1:z4VHOhwKLF/+UYXAJDFwGtNF0b6gjsW1Pk9Ml0U/IoM=
+cloud.google.com/go/iam v1.1.7/go.mod h1:J4PMPg8TtyurAUvSmPj8FF3EDgY1SPRZxcUGrn7WXGA=
+cloud.google.com/go/longrunning v0.5.5 h1:GOE6pZFdSrTb4KAiKnXsJBtlE6mEyaW44oKyMILWnOg=
+cloud.google.com/go/longrunning v0.5.5/go.mod h1:WV2LAxD8/rg5Z1cNW6FJ/ZpX4E4VnDnoTk0yawPBB7s=
+cloud.google.com/go/storage v1.40.0 h1:VEpDQV5CJxFmJ6ueWNsKxcr1QAYOXEgxDa+sBbJahPw=
+cloud.google.com/go/storage v1.40.0/go.mod h1:Rrj7/hKlG87BLqDJYtwR0fbPld8uJPbQ2ucUMY7Ir0g=
+firebase.google.com/go/v4 v4.14.1 h1:4qiUETaFRWoFGE1XP5VbcEdtPX93Qs+8B/7KvP2825g=
+firebase.google.com/go/v4 v4.14.1/go.mod h1:fgk2XshgNDEKaioKco+AouiegSI9oTWVqRaBdTTGBoM=
+git.streifling.com/jason/rss v0.1.2 h1:UB3UHJXMt5WDDh9y8n0Z6nS1XortbPXjEr7QZTdovY4=
+git.streifling.com/jason/rss v0.1.2/go.mod h1:gpZF0nZbQSstMpyHD9DTAvlQEG7v4pjO5c7aIMWM4Jg=
+github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
+github.com/BurntSushi/toml v1.3.2 h1:o7IhLm0Msx3BaB+n3Ag7L8EVlByGnpq14C4YWiu/gL8=
+github.com/BurntSushi/toml v1.3.2/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
+github.com/MicahParks/keyfunc v1.9.0 h1:lhKd5xrFHLNOWrDc4Tyb/Q1AJ4LCzQ48GVJyVIID3+o=
+github.com/MicahParks/keyfunc v1.9.0/go.mod h1:IdnCilugA0O/99dW+/MkvlyrsX8+L8+x95xuVNtM5jw=
 github.com/aymerick/douceur v0.2.0 h1:Mv+mAeH1Q+n9Fr+oyamOlAkUNPWPlA8PPGR0QAaYuPk=
 github.com/aymerick/douceur v0.2.0/go.mod h1:wlT5vV2O3h55X9m7iVYN0TBM0NH/MmbLnd30/FjWUq4=
+github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
+github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
+github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
+github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
+github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
+github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
+github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg=
+github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
+github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
+github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ=
+github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
+github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
+github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
 github.com/go-sql-driver/mysql v1.7.1 h1:lUIinVbN1DY0xBg0eMOzmmtGoHwWBbvnWubQUrtU8EI=
 github.com/go-sql-driver/mysql v1.7.1/go.mod h1:OXbVy3sEdcQ2Doequ6Z5BW6fXNQTmx+9S1MCJN5yJMI=
+github.com/golang-jwt/jwt/v4 v4.4.2/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
+github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg=
+github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
+github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
+github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
+github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE=
+github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
+github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
+github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=
+github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA=
+github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs=
+github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w=
+github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
+github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8=
+github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
+github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
+github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
+github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
+github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
+github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
+github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
+github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
+github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
+github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
 github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/google/martian/v3 v3.3.2 h1:IqNFLAmvJOgVlpdEBiQbDc2EwKW77amAycfTuWKdfvw=
+github.com/google/martian/v3 v3.3.2/go.mod h1:oBOf6HBosgwRXnUGWUB05QECsc6uvmMiJ3+6W4l/CUk=
+github.com/google/s2a-go v0.1.7 h1:60BLSyTrOV4/haCDW4zb1guZItoSq8foHCXrAnjBo/o=
+github.com/google/s2a-go v0.1.7/go.mod h1:50CgR4k1jNlWBu4UfS4AcfhVe1r6pdZPygJ3R8F0Qdw=
+github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/googleapis/enterprise-certificate-proxy v0.3.2 h1:Vie5ybvEvT75RniqhfFxPRy3Bf7vr3h0cechB90XaQs=
+github.com/googleapis/enterprise-certificate-proxy v0.3.2/go.mod h1:VLSiSSBs/ksPL8kq3OBOQ6WRI2QnaFynd1DCjZ62+V0=
+github.com/googleapis/gax-go/v2 v2.12.3 h1:5/zPPDvw8Q1SuXjrqrZslrqT7dL/uJT2CQii/cLCKqA=
+github.com/googleapis/gax-go/v2 v2.12.3/go.mod h1:AKloxT6GtNbaLm8QTNSidHUVsHYcBHwWRvkNFJUQcS4=
 github.com/gorilla/css v1.0.0 h1:BQqNyPTi50JCFMTw/b67hByjMVXZRwGha6wxVGkeihY=
 github.com/gorilla/css v1.0.0/go.mod h1:Dn721qIggHpt4+EFCcTLTU/vk5ySda2ReITrtgBl60c=
-github.com/gorilla/feeds v1.1.2 h1:pxzZ5PD3RJdhFH2FsJJ4x6PqMqbgFk1+Vez4XWBW8Iw=
-github.com/gorilla/feeds v1.1.2/go.mod h1:WMib8uJP3BbY+X8Szd1rA5Pzhdfh+HCCAYT2z7Fza6Y=
 github.com/gorilla/securecookie v1.1.2 h1:YCIWL56dvtr73r6715mJs5ZvhtnY73hBvEF8kXD8ePA=
 github.com/gorilla/securecookie v1.1.2/go.mod h1:NfCASbcHqRSY+3a8tlWJwsQap2VX5pwzwo4h3eOamfo=
 github.com/gorilla/sessions v1.2.2 h1:lqzMYz6bOfvn2WriPUjNByzeXIlVzURcPmgMczkmTjY=
 github.com/gorilla/sessions v1.2.2/go.mod h1:ePLdVu+jbEgHH+KWw8I1z2wqd0BAdAQh/8LRvBeoNcQ=
-github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
-github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
-github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
-github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/microcosm-cc/bluemonday v1.0.26 h1:xbqSvqzQMeEHCqMi64VAs4d8uy6Mequs3rQ0k/Khz58=
 github.com/microcosm-cc/bluemonday v1.0.26/go.mod h1:JyzOCs9gkyQyjs+6h10UEVSe02CGwkhd72Xdqh78TWs=
-github.com/rogpeppe/go-internal v1.9.0 h1:73kH8U+JUqXU8lRuOHeVHaa/SZPifC7BkcraZVejAe8=
-github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
+github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
+github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
+github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
+github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
+github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
+github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
 github.com/yuin/goldmark v1.7.0 h1:EfOIvIMZIzHdB/R/zVrikYLPPwJlfMcNczJFMs1m6sA=
 github.com/yuin/goldmark v1.7.0/go.mod h1:uzxRWxtg69N339t3louHJ7+O03ezfj6PlliRlaOzY1E=
-golang.org/x/crypto v0.14.0 h1:wBqGXzWJW6m1XrIKlAH0Hs1JJ7+9KBwnIO8v66Q9cHc=
-golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4=
-golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM=
-golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=
-golang.org/x/sys v0.17.0 h1:25cE3gD+tdBA7lp7QfhuV+rJiE9YXTcS3VG1SqssI/Y=
-golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/term v0.17.0 h1:mkTF7LCd6WGJNL3K1Ad7kwxNfYAW6a8a8QqtMblp/4U=
-golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=
+go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0=
+go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo=
+go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.49.0 h1:4Pp6oUg3+e/6M4C0A/3kJ2VYa++dsWVTtGgLVj5xtHg=
+go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.49.0/go.mod h1:Mjt1i1INqiaoZOMGR1RIUJN+i3ChKoFRqzrRQhlkbs0=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0 h1:jq9TW8u3so/bN+JPT166wjOI6/vQPF6Xe7nMNIltagk=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0/go.mod h1:p8pYQP+m5XfbZm9fxtSKAbM6oIllS7s2AfxrChvc7iw=
+go.opentelemetry.io/otel v1.24.0 h1:0LAOdjNmQeSTzGBzduGe/rU4tZhMwL5rWgtp9Ku5Jfo=
+go.opentelemetry.io/otel v1.24.0/go.mod h1:W7b9Ozg4nkF5tWI5zsXkaKKDjdVjpD4oAt9Qi/MArHo=
+go.opentelemetry.io/otel/metric v1.24.0 h1:6EhoGWWK28x1fbpA4tYTOWBkPefTDQnb8WSGXlc88kI=
+go.opentelemetry.io/otel/metric v1.24.0/go.mod h1:VYhLe1rFfxuTXLgj4CBiyz+9WYBA8pNGJgDcSFRKBco=
+go.opentelemetry.io/otel/sdk v1.22.0 h1:6coWHw9xw7EfClIC/+O31R8IY3/+EiRFHevmHafB2Gw=
+go.opentelemetry.io/otel/sdk v1.22.0/go.mod h1:iu7luyVGYovrRpe2fmj3CVKouQNdTOkxtLzPvPz1DOc=
+go.opentelemetry.io/otel/trace v1.24.0 h1:CsKnnL4dUAr/0llH9FKuc698G04IrpWV0MQA/Y1YELI=
+go.opentelemetry.io/otel/trace v1.24.0/go.mod h1:HPc3Xr/cOApsBI154IU0OI0HJexz+aw5uPdbs3UCjNU=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
+golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA=
+golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs=
+golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
+golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
+golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
+golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
+golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
+golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
+golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/net v0.0.0-20220708220712-1185a9018129/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
+golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
+golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs=
+golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg=
+golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
+golang.org/x/oauth2 v0.18.0 h1:09qnuIAgzdx1XplqJvW6CQqMCtGZykZWcXzPMPUusvI=
+golang.org/x/oauth2 v0.18.0/go.mod h1:Wf7knwG0MPoWIMMBgFlEaSUDaKskp0dCfrlJRJXbBi8=
+golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.6.0 h1:5BMeUDZ7vkXGfEr1x9B4bRcTH4lpkTkpdh0T/J+qjbQ=
+golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4=
+golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
+golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
+golang.org/x/term v0.18.0 h1:FcHjZXDMxI8mM3nwhX9HlKop4C0YQvCVCdwYl2wOtE8=
+golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
+golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ=
+golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
+golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
+golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk=
+golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
+golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
+golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
+golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
+golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
+golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 h1:+cNy6SZtPcJQH3LJVLOSmiC7MMxXNOb3PU/VUEz+EhU=
+golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028/go.mod h1:NDW/Ps6MPRej6fsCIbMTohpP40sJ/P/vI1MoTEGwX90=
+google.golang.org/api v0.170.0 h1:zMaruDePM88zxZBG+NG8+reALO2rfLhe/JShitLyT48=
+google.golang.org/api v0.170.0/go.mod h1:/xql9M2btF85xac/VAm4PsLMTLVGUOpq4BE9R8jyNy8=
+google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
+google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
+google.golang.org/appengine v1.6.8 h1:IhEN5q69dyKagZPYMSdIjS2HqprW324FRQZJcGqPAsM=
+google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJffLiz/Ds=
+google.golang.org/appengine/v2 v2.0.2 h1:MSqyWy2shDLwG7chbwBJ5uMyw6SNqJzhJHNDwYB0Akk=
+google.golang.org/appengine/v2 v2.0.2/go.mod h1:PkgRUWz4o1XOvbqtWTkBtCitEJ5Tp4HoVEdMMYQR/8E=
+google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
+google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
+google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
+google.golang.org/genproto v0.0.0-20240213162025-012b6fc9bca9 h1:9+tzLLstTlPTRyJTh+ah5wIMsBW5c4tQwGTN3thOW9Y=
+google.golang.org/genproto v0.0.0-20240213162025-012b6fc9bca9/go.mod h1:mqHbVIp48Muh7Ywss/AD6I5kNVKZMmAa/QEW58Gxp2s=
+google.golang.org/genproto/googleapis/api v0.0.0-20240314234333-6e1732d8331c h1:kaI7oewGK5YnVwj+Y+EJBO/YN1ht8iTL9XkFHtVZLsc=
+google.golang.org/genproto/googleapis/api v0.0.0-20240314234333-6e1732d8331c/go.mod h1:VQW3tUculP/D4B+xVCo+VgSq8As6wA9ZjHl//pmk+6s=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240311132316-a219d84964c2 h1:9IZDv+/GcI6u+a4jRFRLxQs0RUCfavGfoOgEW6jpkI0=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240311132316-a219d84964c2/go.mod h1:UCOku4NytXMJuLQE5VuqA5lX3PcHCBo8pxNyvkf4xBs=
+google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
+google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
+google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
+google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
+google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
+google.golang.org/grpc v1.62.1 h1:B4n+nfKzOICUXMgyrNd19h/I9oH0L1pizfk1d4zSgTk=
+google.golang.org/grpc v1.62.1/go.mod h1:IWTG0VlJLCh1SkC58F7np9ka9mx/WNkjl4PGJaiq+QE=
+google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
+google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
+google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
+google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE=
+google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo=
+google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
+google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
+google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
+google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
+google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
+google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
+google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI=
+google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
--- a/main.go
+++ b/main.go
@ -1,68 +0,0 @@
-package main
-
-import (
-	"encoding/gob"
-	"log"
-	"net/http"
-	"os"
-
-	"streifling.com/jason/cpolis/cmd/data"
-	"streifling.com/jason/cpolis/cmd/ui"
-)
-
-func init() {
-	gob.Register(data.User{})
-}
-
-func main() {
-	logFile, err := os.Create("tmp/cpolis.log")
-	if err != nil {
-		log.Fatalln(err)
-	}
-	defer logFile.Close()
-	log.SetOutput(logFile)
-
-	db, err := data.OpenDB("cpolis")
-	if err != nil {
-		log.Fatalln(err)
-	}
-	defer db.Close()
-
-	feed, err := data.OpenFeed("tmp/rss.gob")
-	if err != nil {
-		log.Println(err)
-		feed = data.NewFeed("Freimaurer Distrikt Niedersachsen und Sachsen-Anhalt",
-			"https://distrikt-ni-st.de",
-			"Freiheit, Gleichheit, Brüderlichkeit, Toleranz und Humanität")
-	}
-
-	key, err := data.LoadKey("tmp/key.gob")
-	if err != nil {
-		key, err = data.NewKey()
-		if err != nil {
-			log.Fatalln(err)
-		}
-		data.SaveKey(key, "tmp/key.gob")
-	}
-	store := data.NewCookieStore(key)
-
-	articleList := data.NewArticleList()
-
-	mux := http.NewServeMux()
-	mux.Handle("/web/static/", http.StripPrefix("/web/static/", http.FileServer(http.Dir("web/static/"))))
-	mux.HandleFunc("/", ui.HomePage(db, store))
-
-	mux.HandleFunc("GET /hub/", ui.ShowHub(store))
-	mux.HandleFunc("GET /rss/", ui.ShowRSS(feed))
-
-	mux.HandleFunc("POST /add-user/", ui.AddUser(db))
-	mux.HandleFunc("POST /create-user/", ui.CreateUser())
-	mux.HandleFunc("POST /finish-article/", ui.FinishArticle(articleList, store))
-	mux.HandleFunc("POST /login/", ui.Login(db, store))
-	mux.HandleFunc("POST /review-article/", ui.ReviewArticle(articleList, store))
-	mux.HandleFunc("POST /publish-article/", ui.PublishArticle(feed, articleList, store))
-	mux.HandleFunc("POST /unpublished-articles/", ui.ShowUnpublishedArticles(articleList))
-	mux.HandleFunc("POST /write-article/", ui.WriteArticle)
-
-	log.Fatalln(http.ListenAndServe(":8080", mux))
-}
--- a/tailwind.config.js
+++ b/tailwind.config.js
@ -0,0 +1,10 @@
+/** @type {import('tailwindcss').Config} */
+module.exports = {
+    content: ["./web/templates/*.html"],
+    theme: {
+        extend: {}
+    },
+    plugins: [
+        require('@tailwindcss/typography')
+    ],
+}
--- a/update.sh
+++ b/update.sh
@ -0,0 +1,40 @@
+#! /bin/sh -
+
+CPOLIS_REPO_URL="https://git.streifling.com/api/v1/repos/jason/cpolis/releases"
+EXTRACTION_DIR=$HOME
+CPOLIS_DIR=$EXTRACTION_DIR/cpolis
+TAILWINDCSS_REPO_URL=https://api.github.com/repos/tailwindlabs/tailwindcss/releases/latest
+TMP_DIR=/tmp
+BIN_DIR=/usr/local/bin
+SYSTEMD_DIR=/lib/systemd/system
+
+! groups | grep -E 'root|wheel|sudo' && echo "You need administrative privileges for this script" && exit 1
+
+! which curl >/dev/null 2>&1 && echo "curl needs to be installed" >&2 && exit 1
+! which go >/dev/null 2>&1 && echo "go needs to be installed" >&2 && exit 1
+! which jq >/dev/null 2>&1 && echo "jq needs to be installed" >&2 && exit 1
+! which tar >/dev/null 2>&1 && echo "tar needs to be installed" >&2 && exit 1
+! which xargs >/dev/null 2>&1 && echo "xargs needs to be installed" >&2 && exit 1
+
+rm -fr $CPOLIS_DIR/*
+latest_release=$(curl -s $CPOLIS_REPO_URL | jq -r '.[0].tag_name')
+curl -Lo $TMP_DIR/cpolis.tar.gz https://git.streifling.com/jason/cpolis/archive/$latest_release.tar.gz
+tar -xzf $TMP_DIR/cpolis.tar.gz -C $EXTRACTION_DIR
+rm $TMP_DIR/cpolis.tar.gz
+
+curl -s $TAILWINDCSS_REPO_URL |
+    grep -F browser_download_url |
+    grep -F linux-x64 |
+    cut -d'"' -f4 |
+    xargs -r curl -Lo $CPOLIS_DIR/tailwindcss
+chmod +x $CPOLIS_DIR/tailwindcss
+$CPOLIS_DIR/tailwindcss -i web/static/css/input.css -o web/static/css/style.css
+
+go build -o $TMP_DIR/cpolis $CPOLIS_DIR/cmd/main.go
+sudo mv $TMP_DIR/cpolis $BIN_DIR/cpolis
+chmod +x $BIN_DIR/cpolis
+
+[ ! -f $SYSTEMD_DIR ] && mkdir -p $SYSTEMD_DIR
+sudo mv $CPOLIS_DIR/cpolis.service $SYSTEMD_DIR
+sudo systemctl daemon-reload
+sudo systemctl is-active --quiet cpolis.service && sudo systemctl restart cpolis.service
--- a/web/static/css/input.css
+++ b/web/static/css/input.css
@ -0,0 +1,41 @@
+@tailwind base;
+@tailwind components;
+@tailwind utilities;
+
+body {
+    width: 800px;
+    @apply mx-auto text-slate-900;
+}
+
+h2 {
+    @apply font-bold mb-2 text-2xl;
+}
+
+form {
+    @apply flex flex-col gap-y-3;
+}
+
+input[type="file"] {
+    @apply border rounded-md w-full;
+}
+
+input[type="password"],
+input[type="text"] {
+    @apply border h-8 rounded-md;
+}
+
+textarea {
+    @apply border h-32 rounded-md;
+}
+
+.btn-area {
+    @apply flex gap-4 mt-4;
+}
+
+.btn {
+    @apply bg-slate-200 border my-2 px-3 py-2 rounded-md w-full hover:bg-slate-100;
+}
+
+.action-btn {
+    @apply bg-slate-800 border my-2 px-3 py-2 rounded-md text-slate-50 w-full hover:bg-slate-700;
+}
--- a/web/static/css/style.css
+++ b/web/static/css/style.css
--- a/web/static/js/htmx.min.js
+++ b/web/static/js/htmx.min.js
--- a/web/templates/add-tag.html
+++ b/web/templates/add-tag.html
@ -0,0 +1,12 @@
+{{define "page-content"}}
+<h2>Neuer Tag</h2>
+
+<form>
+    <input required name="tag" placeholder="Tag eingeben" type="text" />
+    <div class="btn-area">
+        <input class="action-btn" type="submit" value="Anlegen" hx-post="/add-tag" hx-target="#page-content" />
+        <button class="btn" hx-get="/hub" hx-target="#page-content">Abbrechen</button>
+    </div>
+</form>
+
+{{end}}
--- a/web/templates/add-user.html
+++ b/web/templates/add-user.html
@ -1,21 +1,53 @@
 {{define "page-content"}}
 <h2>Neuer Benutzer</h2>
+
 <form>
-    <input required name="username" placeholder="Benutzername" type="text" value="{{.UserName}}" />
-    <input required name="password" placeholder="Passwort" type="password" />
-    <input required name="password2" placeholder="Passwort wiederholen" type="password" />
+    <div class="grid grid-cols-3 gap-4">
+        <div>
+            <label for="username">Benutzername</label>
+            <input class="w-full" required name="username" type="text" value="{{.UserName}}" />
+        </div>
+        <div>
+            <label for="password">Passwort</label>
+            <input class="w-full" required name="password" placeholder="***" type="password" />
+        </div>
+        <div>
+            <label for="password2">Passwort wiederholen</label>
+            <input class="w-full" required name="password2" placeholder="***" type="password" />
+        </div>
+        <div>
+            <label for="first-name">Vorname</label>
+            <input class="w-full" required name="first-name" type="text" value="{{.FirstName}}" />
+        </div>
+        <div>
+            <label for="last-name">Nachname</label>
+            <input class="w-full" required name="last-name" type="text" value="{{.LastName}}" />
+        </div>
+    </div>

-    <input required name="first-name" placeholder="Vorname" type="text" value="{{.FirstName}}" />
-    <input required name="last-name" placeholder="Nachname" type="text" value="{{.LastName}}" />
-
-    <label for="writer">Schreiber</label>
-    <input required id="writer" name="role" type="radio" value="2" {{if eq .Role "2" }}checked{{end}} />
+    <div class="flex gap-4">
+        <div>
+            <input required id="author" name="role" type="radio" value="3" {{if eq .Role 3 }}checked{{end}} />
+            <label for="author">Autor</label>
+        </div>
+        <div>
+            <input required id="editor" name="role" type="radio" value="2" {{if eq .Role 2 }}checked{{end}} />
            <label for="editor">Redakteur</label>
-    <input required id="editor" name="role" type="radio" value="1" {{if eq .Role "1" }}checked{{end}} />
-    <label for="admin">Admin</label>
-    <input required id="admin" name="role" type="radio" value="0" {{if eq .Role "0" }}checked{{end}} />
+        </div>
+        <div>
+            <input required id="publisher" name="role" type="radio" value="1" {{if eq .Role 1 }}checked{{end}} />
+            <label for="publisher">Herausgeber</label>
+        </div>
+        <div>
+            <input required id="admin" name="role" type="radio" value="0" {{if eq .Role 0 }}checked{{end}} />
+            <label for="admin">Administrator</label>
+        </div>
+    </div>

-    <input type="submit" value="Anlegen" hx-post="/add-user/" hx-target="#page-content" />
+    <div class="btn-area">
+        <input class="action-btn" type="submit" value="Anlegen" hx-post="/add-user" hx-target="#page-content" />
+        <button class="btn" hx-get="/hub" hx-target="#page-content">Abbrechen</button>
+    </div>
 </form>

 <script>
--- a/web/templates/current-articles.html
+++ b/web/templates/current-articles.html
@ -0,0 +1,17 @@
+{{define "page-content"}}
+<h2>Aktuelle Artikel</h2>
+
+<div class="flex flex-col gap-4">
+    {{range .}}
+    <div class="border px-2 py-1 rounded-md">
+        <h1 class="font-bold text-2xl">{{.Title}}</h1>
+        <p>{{.Description}}</p>
+    </div>
+    {{end}}
+</div>
+
+<div class="btn-area">
+    <button class="action-btn" hx-get="/publish-issue" hx-target="#page-content">Ausgabe publizieren</button>
+    <button class="btn" hx-get="/hub" hx-target="#page-content">Abbrechen</button>
+</div>
+{{end}}
--- a/web/templates/edit-self.html
+++ b/web/templates/edit-self.html
@ -0,0 +1,43 @@
+{{define "page-content"}}
+<h2>Profil bearbeiten</h2>
+
+<form>
+    <div class="grid grid-cols-3 gap-4">
+        <div>
+            <label for="username">Benutzername</label>
+            <input class="w-full" name="username" type="text" value="{{.UserName}}" />
+        </div>
+
+        <div>
+            <label for="first-name">Vorname</label>
+            <input class="w-full" name="first-name" type="text" value="{{.FirstName}}" />
+        </div>
+
+        <div>
+            <label for="last-name">Nachname</label>
+            <input class="w-full" name="last-name" type="text" value="{{.LastName}}" />
+        </div>
+
+        <div>
+            <label for="old-password">Altes Passwort</label>
+            <input class="w-full" name="old-password" placeholder="***" type="password" />
+        </div>
+
+        <div>
+            <label for="password">Passwort</label>
+            <input class="w-full" name="password" placeholder="***" type="password" />
+        </div>
+
+        <div>
+            <label for="password2">Passwort wiederholen</label>
+            <input class="w-full" name="password2" placeholder="***" type="password" />
+        </div>
+    </div>
+
+    <div class="btn-area">
+        <input class="action-btn" type="submit" value="Aktualisieren" hx-post="/update-self"
+            hx-target="#page-content" />
+        <button class="btn" hx-get="/hub" hx-target="#page-content">Abbrechen</button>
+    </div>
+</form>
+{{end}}
--- a/web/templates/edit-user.html
+++ b/web/templates/edit-user.html
@ -0,0 +1,57 @@
+{{define "page-content"}}
+<h2>Profil von {{.FirstName}} {{.LastName}} bearbeiten</h2>
+
+<form>
+    <div class="grid grid-cols-3 gap-4">
+        <div>
+            <label for="username">Benutzername</label>
+            <input class="w-full" name="username" type="text" value="{{.UserName}}" />
+        </div>
+
+        <div>
+            <label for="first-name">Vorname</label>
+            <input class="w-full" name="first-name" type="text" value="{{.FirstName}}" />
+        </div>
+
+        <div>
+            <label for="last-name">Nachname</label>
+            <input class="w-full" name="last-name" type="text" value="{{.LastName}}" />
+        </div>
+
+        <div>
+            <label for="password">Passwort</label>
+            <input class="w-full" name="password" placeholder="***" type="password" />
+        </div>
+
+        <div>
+            <label for="password2">Passwort wiederholen</label>
+            <input class="w-full" name="password2" placeholder="***" type="password" />
+        </div>
+    </div>
+
+    <div class="flex gap-4">
+        <div>
+            <input required id="author" name="role" type="radio" value="3" {{if eq .Role 3 }}checked{{end}} />
+            <label for="author">Autor</label>
+        </div>
+        <div>
+            <input required id="editor" name="role" type="radio" value="2" {{if eq .Role 2 }}checked{{end}} />
+            <label for="editor">Redakteur</label>
+        </div>
+        <div>
+            <input required id="publisher" name="role" type="radio" value="1" {{if eq .Role 1 }}checked{{end}} />
+            <label for="publisher">Herausgeber</label>
+        </div>
+        <div>
+            <input required id="admin" name="role" type="radio" value="0" {{if eq .Role 0 }}checked{{end}} />
+            <label for="admin">Administrator</label>
+        </div>
+    </div>
+
+    <div class="btn-area">
+        <input class="action-btn" type="submit" value="Aktualisieren" hx-post="/update-user/{{.ID}}"
+            hx-target="#page-content" />
+        <button class="btn" hx-get="/hub" hx-target="#page-content">Abbrechen</button>
+    </div>
+</form>
+{{end}}
--- a/web/templates/editor.html
+++ b/web/templates/editor.html
@ -1,13 +1,67 @@
 {{define "page-content"}}
 <h2>Editor</h2>
-<form>
-    <input name="editor-title" placeholder="Titel" type="text" />
-    <textarea name="editor-desc" placeholder="Beschreibung"></textarea>
-    <textarea name="editor-text" placeholder="Artikel"></textarea>
-    <input type="submit" value="Senden" hx-post="/finish-article/" hx-target="#page-content" />
-</form>
-{{end}}

-{{define "html-result"}}
-{{.}}
+<form id="edit-area">
+    <div class="flex flex-col gap-y-1">
+        <label for="article-title">Titel</label>
+        <input name="article-title" type="text" value="{{.Title}}" />
+    </div>
+    <div class="flex flex-col">
+        <label for="article-description">Beschreibung</label>
+        <textarea name="article-description">{{.Description}}</textarea>
+    </div>
+    <div class="flex flex-col">
+        <label for="article-content">Artikel</label>
+        <textarea id="easyMDE">{{.Content}}</textarea>
+    </div>
+    <input id="article-content" name="article-content" type="hidden" />
+
+    <div>
+        <span>Tags</span>
+        <div class="flex flex-wrap gap-x-4">
+            {{range .Tags}}
+            <div>
+                <input id="{{.Name}}" name="tags" type="checkbox" value="{{.ID}}" />
+                <label for="{{.Name}}">{{.Name}}</label>
+            </div>
+            {{end}}
+        </div>
+    </div>
+
+    <div class="btn-area">
+        <input class="action-btn" type="submit" value="Senden" hx-post="/submit-article" hx-target="#page-content" />
+        <button class="btn" hx-get="/hub" hx-target="#page-content">Abbrechen</button>
+    </div>
+</form>
+
+<script>
+    var easyMDE = new EasyMDE({
+        element: document.getElementById('easyMDE'),
+        hideIcons: ['image'],
+        imageTexts: {sbInit: ''},
+        showIcons: ["code", "table", "upload-image"],
+        uploadImage: true,
+
+        imageUploadFunction: function (file, onSuccess, onError) {
+            var formData = new FormData();
+            formData.append('article-image', file);
+
+            fetch('/upload-image', {
+                method: 'POST',
+                body: formData
+            })
+                .then(response => response.json())
+                .then(data => {
+                    onSuccess(data);
+                })
+                .catch(error => {
+                    onError(error);
+                });
+        },
+    });
+
+    easyMDE.codemirror.on("change", () => {
+        document.getElementById('article-content').value = easyMDE.value();
+    });
+</script>
 {{end}}
--- a/web/templates/feed.rss
+++ b/web/templates/feed.rss
@ -1,3 +0,0 @@
-{{define "page-content"}}
-{{.}}
-{{end}}
--- a/web/templates/first-user.html
+++ b/web/templates/first-user.html
@ -0,0 +1,39 @@
+{{define "page-content"}}
+<h2>Erster Benutzer (Administrator)</h2>
+
+<form>
+    <div class="grid grid-cols-3 gap-4">
+        <div>
+            <label for="username">Benutzername</label>
+            <input class="w-full" required name="username" type="text" value="{{.UserName}}" />
+        </div>
+        <div>
+            <label for="password">Passwort</label>
+            <input class="w-full" required name="password" placeholder="***" type="password" />
+        </div>
+        <div>
+            <label for="password2">Passwort wiederholen</label>
+            <input class="w-full" required name="password2" placeholder="***" type="password" />
+        </div>
+        <div>
+            <label for="first-name">Vorname</label>
+            <input class="w-full" required name="first-name" type="text" value="{{.FirstName}}" />
+        </div>
+        <div>
+            <label for="last-name">Nachname</label>
+            <input class="w-full" required name="last-name" type="text" value="{{.LastName}}" />
+        </div>
+    </div>
+
+    <div class="btn-area">
+        <input class="action-btn" type="submit" value="Anlegen" hx-post="/add-first-user" hx-target="#page-content" />
+    </div>
+</form>
+
+<script>
+    var msg = "{{.Msg}}";
+    if (msg != "") {
+        alert(msg);
+    }
+</script>
+{{end}}
--- a/web/templates/hub.html
+++ b/web/templates/hub.html
@ -1,11 +1,49 @@
 {{define "page-content"}}
-<h2>Hub</h2>
-<button hx-post="/write-article/" hx-target="#page-content">Artikel schreiben</button>
-<button hx-post="/rss/" hx-target="#page-content">RSS Feed</button>
-{{if eq . 0}}
-<button hx-post="/create-user/" hx-target="#page-content">Benutzer hinzufügen</button>
+<div class="flex flex-col gap-4">
+    <button class="btn" hx-get="/logout" hx-target="#page-content">Abmelden</button>
+
+    {{if lt . 4}}
+    <div class="mb-3">
+        <h2>Autor</h2>
+        <div class="grid grid-cols-2 gap-x-4 gap-y-2">
+            <button class="btn" hx-get="/write-article" hx-target="#page-content">Artikel schreiben</button>
+            <button class="btn" hx-get="/rejected-articles" hx-target="#page-content">Abgelehnte Artikel</button>
+            <a class="btn text-center" href="/rss">RSS Feed</a>
+            <button class="btn" hx-get="/edit-self" hx-target="#page-content">Profil bearbeiten</button>
+        </div>
+    </div>
    {{end}}
+
+    {{if lt . 3}}
+    <div class="mb-3">
+        <h2>Redakteur</h2>
+        <div class="grid grid-cols-2 gap-4">
+            <button class="btn" hx-get="/unpublished-articles" hx-target="#page-content">
+                Unveröffentlichte Artikel
+            </button>
+            <button class="btn" hx-get="/create-tag" hx-target="#page-content">Neuer Tag</button>
+        </div>
+    </div>
+    {{end}}
+
    {{if lt . 2}}
-<button hx-post="/unpublished-articles/" hx-target="#page-content">Unveröffentlichte Artikel</button>
+    <div class="mb-3">
+        <h2>Herausgeber</h2>
+        <div class="grid grid-cols-2 gap-4">
+            <button class="btn" hx-get="/this-issue" hx-target="#page-content">Diese Ausgabe</button>
+        </div>
+    </div>
    {{end}}
+
+    {{if eq . 0}}
+    <div class="mb-3">
+        <h2>Administrator</h2>
+        <div class="grid grid-cols-3 gap-4">
+            <button class="btn" hx-get="/create-user" hx-target="#page-content">Benutzer hinzufügen</button>
+            <button class="btn" hx-get="/show-all-users-edit" hx-target="#page-content">Benutzer bearbeiten</button>
+            <button class="btn" hx-get="/show-all-users-delete" hx-target="#page-content">Benutzer löschen</button>
+        </div>
+    </div>
+    {{end}}
+</div>
 {{end}}
--- a/web/templates/index.html
+++ b/web/templates/index.html
@ -5,17 +5,29 @@
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <title>Orient Editor</title>
-    <link href="web/static/css/style.css" rel="stylesheet">
+    <link href="/web/static/css/style.css" rel="stylesheet">
+    <link rel="stylesheet" href="https://unpkg.com/easymde/dist/easymde.min.css">
 </head>

-<body>
-    <h1>Orient Editor</h1>
+<body class="flex flex-col justify-between min-h-screen bg-slate-50">
+    <header class="my-8">
+        <h1 class="font-bold text-4xl text-center">Orient Editor</h1>
+    </header>

+    <main class="mx-4">
        <div id="page-content">
            {{template "page-content" .}}
        </div>
+    </main>

-    <script src="web/static/js/htmx.min.js"></script>
+    <footer class="my-8">
+        <p class="text-center text-gray-500 dark:text-gray-400">
+            &copy; 2024 Jason Streifling. Alle Rechte vorbehalten.
+        </p>
+    </footer>
+
+    <script src="https://unpkg.com/htmx.org@2.0.1"></script>
+    <script src="https://unpkg.com/easymde/dist/easymde.min.js"></script>
 </body>

 </html>
--- a/web/templates/login.html
+++ b/web/templates/login.html
@ -1,8 +1,12 @@
 {{define "page-content"}}
 <h2>Anmeldung</h2>
+
 <form>
-    <input name="username" placeholder="Benutzername" type="text" />
-    <input name="password" placeholder="Passwort" type="password" />
-    <input type="submit" value="Anmelden" hx-post="/login/" hx-target="#page-content" />
+    <div class="btn-area">
+        <input class="w-full" name="username" placeholder="Benutzername" type="text" />
+        <input class="w-full" name="password" placeholder="Passwort" type="password" />
+    </div>
+
+    <input class="action-btn" type="submit" value="Anmelden" hx-post="/login" hx-target="#page-content" />
 </form>
 {{end}}
--- a/web/templates/rejected-articles.html
+++ b/web/templates/rejected-articles.html
@ -0,0 +1,16 @@
+{{define "page-content"}}
+<h2>Abgelehnte Artikel</h2>
+
+<div class="flex flex-col gap-4">
+    {{range .RejectedArticles}}
+    {{if index $.MyIDs .ID}}
+    <button class="btn" hx-get="/review-rejected-article/{{.ID}}" hx-target="#page-content">
+        <h1 class="font-bold text-2xl">{{.Title}}</h1>
+        <p>{{.Description}}</p>
+    </button>
+    {{end}}
+    {{end}}
+
+    <button class="action-btn" hx-get="/hub" hx-target="#page-content">Zurück</button>
+</div>
+{{end}}
--- a/web/templates/rework-article.html
+++ b/web/templates/rework-article.html
@ -0,0 +1,69 @@
+{{define "page-content"}}
+<h2>Editor</h2>
+
+<form>
+    <div class="flex flex-col gap-y-1">
+        <label for="article-title">Titel</label>
+        <input name="article-title" type="text" value="{{.Article.Title}}" />
+    </div>
+    <div class="flex flex-col">
+        <label for="article-description">Beschreibung</label>
+        <textarea name="article-description">{{.Article.Description}}</textarea>
+    </div>
+    <div class="flex flex-col">
+        <label for="article-content">Artikel</label>
+        <textarea name="article-content" placeholder="Artikel">{{.Article.Content}}</textarea>
+    </div>
+    <input id="article-content" name="article-content" type="hidden" />
+
+    <div>
+        <span>Tags</span>
+        <div class="flex flex-wrap gap-x-4">
+            {{range .Tags}}
+            <div>
+                <input id="tag-{{.Name}}" name="tags" type="checkbox" value="{{.ID}}" {{if index $.Selected
+                    .ID}}checked{{end}} />
+                <label for="tag-{{.Name}}">{{.Name}}</label>
+            </div>
+            {{end}}
+        </div>
+    </div>
+
+    <div class="btn-area">
+        <input class="action-btn" type="submit" value="Senden" hx-post="/resubmit-article/{{.Article.ID}}"
+            hx-target="#page-content" />
+        <button class="btn" hx-get="/hub" hx-target="#page-content">Zurück</button>
+    </div>
+</form>
+
+<script>
+    var easyMDE = new EasyMDE({
+        element: document.getElementById('easyMDE'),
+        hideIcons: ['image'],
+        imageTexts: {sbInit: ''},
+        showIcons: ["code", "table", "upload-image"],
+        uploadImage: true,
+
+        imageUploadFunction: function (file, onSuccess, onError) {
+            var formData = new FormData();
+            formData.append('article-image', file);
+
+            fetch('/upload-image', {
+                method: 'POST',
+                body: formData
+            })
+                .then(response => response.json())
+                .then(data => {
+                    onSuccess(data);
+                })
+                .catch(error => {
+                    onError(error);
+                });
+        },
+    });
+
+    easyMDE.codemirror.on("change", () => {
+        document.getElementById('article-content').value = easyMDE.value();
+    });
+</script>
+{{end}}
--- a/web/templates/show-all-users.html
+++ b/web/templates/show-all-users.html
@ -0,0 +1,24 @@
+{{define "page-content"}}
+<h2>Alle Benutzer</h2>
+
+<div class="flex flex-col gap-4">
+    {{range .Users}}
+    <button class="btn" hx-get="/{{$.Action}}/{{.ID}}" hx-target="#page-content">
+        <h1 class="font-bold text-2xl">
+            {{.UserName}}
+            ({{if eq .Role 0}}
+            Administrator
+            {{else if eq .Role 1}}
+            Herausgeber
+            {{else if eq .Role 2}}
+            Redakteur
+            {{else}}
+            Autor
+            {{end}})
+        </h1>
+        <p>{{.FirstName}} {{.LastName}}</p>
+    </button>
+    {{end}}
+    <button class="action-btn" hx-get="/hub" hx-target="#page-content">Zurück</button>
+</div>
+{{end}}
--- a/web/templates/to-be-published.html
+++ b/web/templates/to-be-published.html
@ -1,11 +1,37 @@
 {{define "page-content"}}
-<form>
-    <input name="editor-title" type="text" value="{{.Title}}" />
-    <textarea name="editor-desc">{{.Desc}}</textarea>
-    <textarea name="editor-text">{{.Content}}</textarea>
-    <input name="uuid" type="hidden" value="{{.UUID}}" />
-    <input type="submit" value="Veröffentlichen" hx-post="/publish-article/" hx-target="#page-content" />
-    <input type="submit" value="Ablehnen" hx-post="/reject-article/" hx-target="#page-content" />
-</form>
-<button hx-get="/hub/" hx-target="#page-content">Zurück</button>
+<h2>Artikel veröffentlichen</h2>
+
+<div>
+    <span>Titel</span>
+    <div class="bg-white border mb-3 px-2 py-2 rounded-md w-full">
+        {{.Title}}
+    </div>
+
+    <span>Beschreibung</span>
+    <div class="bg-white border mb-3 px-2 py-2 rounded-md w-full">
+        {{.Description}}
+    </div>
+
+    <span>Artikel</span>
+    <div class="bg-white border mb-3 px-2 py-2 rounded-md w-full">
+        <div class="prose">
+            {{.Content}}
+        </div>
+    </div>
+
+    <span>Tags</span>
+    <div class="bg-white border mb-3 px-2 py-2 rounded-md w-full">
+        {{range .Tags}}
+        {{.Name}}
+        <br>
+        {{end}}
+    </div>
+
+    <div class="btn-area">
+        <input class="action-btn" type="submit" value="Veröffentlichen" hx-get="/publish-article/{{.ID}}"
+            hx-target="#page-content" />
+        <input class="btn" type="submit" value="Ablehnen" hx-get="/reject-article/{{.ID}}" hx-target="#page-content" />
+        <button class="btn" hx-get="/hub" hx-target="#page-content">Zurück</button>
+    </div>
+</div>
 {{end}}
--- a/web/templates/unpublished-articles.html
+++ b/web/templates/unpublished-articles.html
@ -1,10 +1,13 @@
 {{define "page-content"}}
-<form>
+<h2>Unveröffentlichte Artikel</h2>
+
+<div class="flex flex-col gap-4">
    {{range .}}
-    <input required id="{{.UUID}}" name="uuid" type="radio" value="{{.UUID}}" />
-    <label for="{{.UUID}}">{{.Title}}</label>
+    <button class="btn" hx-get="/review-unpublished-article/{{.ID}}" hx-target="#page-content">
+        <h1 class="font-bold text-2xl">{{.Title}}</h1>
+        <p>{{.Description}}</p>
+    </button>
    {{end}}
-    <input type="submit" value="Auswählen" hx-post="/review-article/" hx-target="#page-content" />
-</form>
-<button hx-get="/hub/" hx-target="#page-content">Zurück</button>
+    <button class="action-btn" hx-get="/hub" hx-target="#page-content">Zurück</button>
+</div>
 {{end}}
Author	SHA1	Message	Date
Jason Streifling	d7c8c7a43a	Merge branch 'devel'	2024-08-18 17:31:00 +02:00
Jason Streifling	d56cdc78eb	Use directories that require administrative privileges	2024-08-18 17:30:43 +02:00
Jason Streifling	151d89d9f0	Create $EXTRACTION_PATH	2024-08-18 17:10:10 +02:00
Jason Streifling	8d2944d00c	Only delete contents of $CPOLIS_PATH	2024-08-18 17:06:49 +02:00
Jason Streifling	9ddd8198ee	Use /tmp directory for downloading .tar.gz archive	2024-08-18 17:03:31 +02:00
Jason Streifling	ff6c7a66d7	Fixed a typo	2024-08-18 16:59:49 +02:00
Jason Streifling	129c85929c	Small cleanup	2024-08-18 13:56:41 +02:00
Jason Streifling	b1a6359473	Exit update script if any requirement is not met	2024-08-18 13:53:37 +02:00
Jason Streifling	b5d979dbf8	Created update script and systemd service	2024-08-18 13:49:31 +02:00
Jason Streifling	1cd3edc90c	Merge branch 'devel'	2024-08-18 12:06:29 +02:00
Jason Streifling	77e8edbe16	Relocated ShowHub from articles.go to sessions.go because it has even less to do with articles than with sessions	2024-08-18 11:46:23 +02:00
Jason Streifling	8115c50974	Fixed a bug that let users get around verification.	2024-08-18 11:40:03 +02:00
Jason Streifling	61bfa85b13	Some cleaning up	2024-08-18 11:21:42 +02:00
Jason Streifling	cd27349d04	Created package "calls" and verification for frontend and calls	2024-08-18 11:20:06 +02:00
Jason Streifling	5b41892dff	Renamed frontend/firebase.go to frontend/pdf.go	2024-08-17 21:00:00 +02:00
Jason Streifling	c7add76a12	Deleted ServePDFs() and added ServePDF()	2024-08-17 20:56:45 +02:00
Jason Streifling	f4ae2f9c04	Added rout for pdf list	2024-08-17 20:41:39 +02:00
Jason Streifling	64f85a34cb	Added pdf directory to air config	2024-08-17 20:20:16 +02:00
Jason Streifling	0c87d91df1	Small error correction	2024-08-17 20:18:53 +02:00
Jason Streifling	472f00a107	Extracted verification logic for frontend into seperate function tokenIsVerified() and created ServePDFListe()	2024-08-17 20:15:35 +02:00
Jason Streifling	bebfe994ae	First implementation of firebase auth	2024-08-17 18:21:56 +02:00
Jason Streifling	46bfd23b2a	A bit of testing with firebase	2024-08-09 17:07:27 +02:00
Jason Streifling	0afbdde077	Change to remote htmx	2024-08-09 16:20:57 +02:00
Jason Streifling	0e768c9f61	Merge branch 'devel'	2024-08-08 21:27:07 +02:00
Jason Streifling	ce43e45a6c	Deleted hints of custom preview function	2024-08-08 21:26:59 +02:00
Jason Streifling	1fcd775cc5	Merge branch 'devel'	2024-08-08 21:14:24 +02:00
Jason Streifling	203a1ed147	Implemented EasyMDE	2024-08-08 21:13:25 +02:00
Jason Streifling	ef1914ee5c	Implemented article preview	2024-08-08 21:13:25 +02:00
Jason Streifling	084b101e31	Register f.ArticlePreviewHtmlData in init()	2024-08-08 21:13:25 +02:00
Jason Streifling	b2db128aa9	Shorten lines by referencing frontend as f and backend as b	2024-08-08 21:13:25 +02:00
Jason Streifling	081e880fb6	Change structure of code tor frontend and backend one	2024-08-08 21:13:25 +02:00
Jason Streifling	32f11f57b5	Implemented EasyMDE	2024-08-08 21:09:38 +02:00
Jason Streifling	46a0cec6df	Implemented article preview	2024-07-17 23:25:57 +02:00
Jason Streifling	4e0bce37a2	Register f.ArticlePreviewHtmlData in init()	2024-07-13 14:17:40 +02:00
Jason Streifling	85e2f8b4ad	Shorten lines by referencing frontend as f and backend as b	2024-07-13 14:09:11 +02:00
Jason Streifling	d0c1e525d2	Change structure of code tor frontend and backend one	2024-07-13 13:58:36 +02:00
Jason Streifling	21fd3403b2	Added ability to delete other users	2024-04-12 08:46:34 +02:00
Jason Streifling	0f0471b84c	Read config file in addition to cli arguments	2024-04-12 07:17:13 +02:00
Jason Streifling	4b90ec9652	Let admins edit other user's profiles	2024-04-09 19:06:29 +02:00
Jason Streifling	783d59805b	Fixed small bug	2024-04-07 19:33:51 +02:00
Jason Streifling	b5f0fe8985	Added title, link and description to cli args.	2024-04-07 19:29:35 +02:00
Jason Streifling	d9bf79d5f8	Add space between first and last name	2024-04-07 19:01:21 +02:00
Jason Streifling	f98ab149a2	Added headings to all templates	2024-04-07 18:57:03 +02:00
Jason Streifling	822ca2b8ab	Use UUID as filename and strip alt off of extension	2024-04-07 18:43:09 +02:00
Jason Streifling	af65180893	Reflect new cli arg in .air.toml	2024-04-07 11:36:34 +02:00
Jason Streifling	5615210be5	Add cli arg for domain	2024-04-07 11:32:38 +02:00
Jason Streifling	b88fb1643c	Fixed bug	2024-04-07 11:12:07 +02:00
Jason Streifling	92189a4a51	Pictures are now handeled correctly	2024-04-07 10:58:07 +02:00
Jason Streifling	8dc8f02504	Changed rss package to tagged version	2024-04-04 17:17:55 +02:00
Jason Streifling	e3ce1d7b55	Simply provide RSS feed when GET request is received	2024-04-04 17:13:42 +02:00
Jason Streifling	532bc6490a	Added XML encoding	2024-04-04 17:09:29 +02:00
Jason Streifling	84fa828b38	Provide RSS feed as file when pressing the button or typing the URL	2024-04-03 21:05:12 +02:00
Jason Streifling	a3c53b1b20	Changed URL patterns to be more specific	2024-04-03 20:24:54 +02:00
Jason Streifling	ca70fa6d4d	Applied changes also to rework-article.html	2024-04-03 19:52:16 +02:00
Jason Streifling	972b8cac19	Corrected vertical gap size for tags when wrapping onto the next line	2024-04-03 19:51:27 +02:00
Jason Streifling	d0605660f7	Made tags wrap onto the next line when overflowing parent container	2024-04-03 19:48:42 +02:00
Jason Streifling	5d2d841aba	Changed tag length to 50 characters	2024-04-03 19:47:27 +02:00
Jason Streifling	d62c5a4078	Changed visual layout for to-be-published articles	2024-04-03 18:12:28 +02:00
Jason Streifling	803c5bbdbd	Slightly changed button color and changed body height to be min-100vh	2024-04-03 04:50:25 +02:00
Jason Streifling	c74bdeba72	Only show logout button in hub	2024-04-02 21:35:34 +02:00
Jason Streifling	717f1c813b	Add setup script for DB	2024-04-02 19:38:16 +02:00
Jason Streifling	52797760bb	Also, handle first user differently under the hood	2024-04-02 19:37:53 +02:00
Jason Streifling	8711ba0629	Handle first user differently from the rest	2024-04-01 19:26:18 +02:00
Jason Streifling	ed51d28c65	Corrected back button class for unpublished articles	2024-04-01 15:58:36 +02:00
Jason Streifling	7e7de28b14	Streamlined selection of rejected and unpublished articles	2024-04-01 15:42:51 +02:00
Jason Streifling	0139f7ab9a	Use ID in path rather than an invisible input when publishing, rejecting or resubmitting an article	2024-04-01 15:30:24 +02:00
Jason Streifling	7fc115bcc3	Refined look of rejected and unpublished articles	2024-04-01 14:38:31 +02:00
Jason Streifling	ae90f693f6	no more style.css	2024-04-01 14:27:42 +02:00
Jason Streifling	a730e11b4a	Styled with tailwind css	2024-04-01 14:22:59 +02:00
Jason Streifling	959e1e96b3	Fix typo	2024-03-31 05:00:57 +02:00
Jason Streifling	68b052625f	Fixed bug with specifying port	2024-03-30 10:22:51 +01:00
Jason Streifling	a0fe0024f2	Allow uploading pictures when editing once rejected articles	2024-03-30 09:56:22 +01:00
Jason Streifling	6e3c4bf647	Added ability to specify port and RSS file as command line arguments	2024-03-30 09:55:37 +01:00
Jason Streifling	26988ecf6a	Corrected error messages for CliArgs	2024-03-29 09:48:03 +01:00
Jason Streifling	9408ce99e3	Added DBName into CliArgs	2024-03-29 09:16:41 +01:00
Jason Streifling	af036b4909	Added ability to upload media and parse cli arguments	2024-03-29 09:07:17 +01:00
Jason Streifling	e60e6114bd	Generate RSS to file	2024-03-28 12:51:33 +01:00
Jason Streifling	600044c621	Cleaned up templates	2024-03-28 08:41:38 +01:00
Jason Streifling	77a90cb4f1	Fixed bug not showing correct issue in RSS feed	2024-03-28 07:41:11 +01:00
Jason Streifling	34e9e9edd5	Fixed bug in publishing issue	2024-03-28 07:34:36 +01:00
Jason Streifling	4d1faf3d4a	Add ability to update tags when resubmitting article	2024-03-28 07:29:49 +01:00
Jason Streifling	78addbd8e3	Incorporated issues	2024-03-28 07:00:37 +01:00
Jason Streifling	304d3aa2e0	Corrected copyright	2024-03-28 06:59:39 +01:00
Jason Streifling	f44291e278	Disabled option to do transaction from view	2024-03-28 06:58:59 +01:00
Jason Streifling	3be16781e7	Added copyright	2024-03-17 15:29:12 +01:00
Jason Streifling	4fffc1c696	Set pubDate to published time and date	2024-03-17 09:41:09 +01:00
Jason Streifling	ceab7281e9	Now everyone only sees their own rejected articles	2024-03-17 09:15:37 +01:00
Jason Streifling	450dd79e51	Added ability to view tags when rejecting and change tags when reworking articles	2024-03-17 08:46:49 +01:00
Jason Streifling	c45df4bf1a	Implemented retry logic on all transactions	2024-03-15 18:37:24 +01:00
Jason Streifling	6d3a28a6ce	Implement retry logic for UpdateAttributes	2024-03-15 15:18:02 +01:00
Jason Streifling	3d3fb3c826	Added logout	2024-03-12 20:27:39 +01:00
Jason Streifling	f52674b179	Fixed dumb routing mistake	2024-03-12 19:56:22 +01:00
Jason Streifling	697939a17a	Added ability to edit user info	2024-03-11 21:08:27 +01:00
Jason Streifling	f10220f936	Added ability to reject and rework article	2024-03-10 15:03:46 +01:00
Jason Streifling	a1a6b6c29f	Split up db.go into multiple files	2024-03-09 11:06:03 +01:00
Jason Streifling	42596756de	Also missed rss.go	2024-03-09 10:27:55 +01:00
Jason Streifling	8530c76f2d	Missed main when converting to MVC	2024-03-09 10:27:04 +01:00
Jason Streifling	c6b2a17220	Changed everything to MVC	2024-03-09 10:25:20 +01:00
Jason Streifling	88e0d5086c	Converted RSS feed to be DB based	2024-03-09 10:12:46 +01:00
Jason Streifling	fa5f189cda	Reachieve basic functionality	2024-03-07 20:11:28 +01:00
Jason Streifling	4d65be195b	Articles and tags are now inserted into DB correctly	2024-03-07 15:31:00 +01:00
Jason Streifling	582f25bec7	Converted articles and tags to DB base	2024-03-06 20:53:17 +01:00
Jason Streifling	052d36b01b	Handle rollbackError with log.Fatalf()	2024-03-06 16:58:41 +01:00
Jason Streifling	ea45da66b7	Corrected transaction for ChangePassword()	2024-03-06 16:51:08 +01:00
Jason Streifling	3822a3f30e	Use transaction when necessary	2024-03-06 15:37:59 +01:00
Jason Streifling	f1abb9d353	Load ArticleList, Taglist and *Channel correctly	2024-03-06 15:37:42 +01:00
Jason Streifling	6baaec5b33	Moved main.go into cmd	2024-03-05 18:26:50 +01:00
Jason Streifling	4aa4fff5e8	Added Tags to RSS feed as categories	2024-03-05 18:20:34 +01:00
Jason Streifling	a9c61c5a11	Converted RSS package to git.streifling.com/jason/rss	2024-03-05 17:13:59 +01:00
Jason Streifling	dd50c4f385	A bit of cleaning up	2024-03-05 16:38:18 +01:00
Jason Streifling	b74036343f	Added partial support for tags	2024-03-03 13:56:49 +01:00