Fixed a bug that let users get around verification.

.air.toml

@@ -0,0 +1,55 @@
+root = "."
+testdata_dir = "testdata"
+tmp_dir = "tmp"
+
+[build]
+args_bin = [
+    "-desc 'Freiheit, Gleichheit, Brüderlichkeit, Toleranz und Humanität'",
+    "-domain localhost",
+    "-key tmp/key.gob",
+    "-link https://distrikt-ni-st.de",
+    "-log tmp/cpolis.log",
+    "-pdfs tmp/pdfs",
+    "-pics tmp/pics",
+    "-rss tmp/orientexpress_alle.rss",
+    "-title 'Freimaurer Distrikt Niedersachsen und Sachsen-Anhalt'",
+    "-web web",
+]
+bin = "./tmp/main"
+cmd = "go build -o ./tmp/main ./cmd/main.go"
+delay = 0
+exclude_dir = ["assets", "tmp", "vendor", "testdata"]
+exclude_file = []
+exclude_regex = ["_test.go"]
+exclude_unchanged = false
+follow_symlink = false
+full_bin = ""
+include_dir = []
+include_ext = ["go", "tpl", "tmpl", "html", "css"]
+include_file = []
+kill_delay = "0s"
+log = "build-errors.log"
+poll = false
+poll_interval = 0
+rerun = false
+rerun_delay = 500
+send_interrupt = false
+stop_on_error = false
+
+[color]
+app = ""
+build = "yellow"
+main = "magenta"
+runner = "green"
+watcher = "cyan"
+
+[log]
+main_only = false
+time = false
+
+[misc]
+clean_on_exit = false
+
+[screen]
+clear_on_rebuild = false
+keep_scroll = true

.gitignore

@@ -23,3 +23,4 @@ go.work
 
 # Custom stuff
 tmp/
+style.css

LICENSE

@@ -209,7 +209,7 @@ If you develop a new program, and you want it to be of the greatest possible use
 To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively state the exclusion of warranty; and each file should have at least the “copyright” line and a pointer to where the full notice is found.
 
      cpolis
-     Copyright (C) 2024  jason
+     Copyright (C) 2024  Jason Streifling
 
      This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
 
@@ -221,7 +221,7 @@ Also add information on how to contact you by electronic and paper mail.
 
 If the program does terminal interaction, make it output a short notice like this when it starts in an interactive mode:
 
-     cpolis  Copyright (C) 2024  jason
+     cpolis  Copyright (C) 2024  Jason Streifling
      This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
      This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details.
 

README.md

@@ -1,3 +1,18 @@
 # cpolis
 
-cpolis is an application written in Go to serve as the backend of the Orient Express magazine.
+cpolis is an application written in Go to serve as the backend of the Orient
+Express magazine.
+
+## Installation
+
+You should have the following packages installed:
+
+- Go >= 1.22
+- MariaDB
+
+Enable and start the MariaDB service.
+
+    sudo systemctl enable --now mariadb.service
+
+Set up a dedicated MariaDB user for cpolis.
+

cmd/backend/articles.go

@@ -0,0 +1,258 @@
+package backend
+
+import (
+	"context"
+	"database/sql"
+	"fmt"
+	"log"
+	"time"
+)
+
+type Article struct {
+	Title       string
+	Created     time.Time
+	Description string
+	Content     string
+	Published   bool
+	Rejected    bool
+	ID          int64
+	AuthorID    int64
+	IssueID     int64
+}
+
+func (db *DB) AddArticle(a *Article) (int64, error) {
+	var id int64
+	txOptions := &sql.TxOptions{Isolation: sql.LevelSerializable}
+	selectQuery := "SELECT id FROM issues WHERE published = false"
+	insertQuery := `
+    INSERT INTO articles
+        (title, description, content, published, rejected, author_id, issue_id)
+    VALUES (?, ?, ?, ?, ?, ?, ?)
+    `
+
+	for i := 0; i < TxMaxRetries; i++ {
+		id, err := func() (int64, error) {
+			tx, err := db.BeginTx(context.Background(), txOptions)
+			if err != nil {
+				return 0, fmt.Errorf("error starting transaction: %v", err)
+			}
+
+			if err = tx.QueryRow(selectQuery).Scan(&id); err != nil {
+				if rollbackErr := tx.Rollback(); rollbackErr != nil {
+					log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+				}
+				return 0, fmt.Errorf("error getting issue ID when adding article to DB: %v", err)
+			}
+
+			result, err := tx.Exec(insertQuery, a.Title, a.Description,
+				a.Content, a.Published, a.Rejected, a.AuthorID, id)
+			if err != nil {
+				if rollbackErr := tx.Rollback(); rollbackErr != nil {
+					log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+				}
+				return 0, fmt.Errorf("error inserting article into DB: %v", err)
+			}
+
+			id, err := result.LastInsertId()
+			if err != nil {
+				if rollbackErr := tx.Rollback(); rollbackErr != nil {
+					log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+				}
+				return 0, fmt.Errorf("error retrieving ID of added article: %v", err)
+			}
+
+			if err = tx.Commit(); err != nil {
+				return 0, fmt.Errorf("error committing transaction when adding article to DB: %v", err)
+			}
+			return id, nil
+		}()
+		if err == nil {
+			return id, nil
+		}
+
+		log.Println(err)
+		wait(i)
+	}
+
+	return 0, fmt.Errorf("error: %v unsuccessful retries for DB operation, aborting", TxMaxRetries)
+}
+
+func (db *DB) GetArticle(id int64) (*Article, error) {
+	query := `
+    SELECT title, created, description, content, published, author_id
+    FROM articles
+    WHERE id = ?
+    `
+	row := db.QueryRow(query, id)
+
+	article := new(Article)
+	var created []byte
+	var err error
+
+	if err := row.Scan(&article.Title, &created, &article.Description,
+		&article.Content, &article.Published, &article.AuthorID); err != nil {
+		return nil, fmt.Errorf("error scanning article row: %v", err)
+	}
+
+	article.ID = id
+	article.Created, err = time.Parse("2006-01-02 15:04:05", string(created))
+	if err != nil {
+		return nil, fmt.Errorf("error parsing created: %v", err)
+	}
+
+	return article, nil
+}
+
+func (db *DB) GetCertainArticles(published, rejected bool) ([]*Article, error) {
+	query := `
+    SELECT id, title, created, description, content, author_id, issue_id
+    FROM articles
+    WHERE published = ?
+    AND rejected = ?
+    `
+	rows, err := db.Query(query, published, rejected)
+	if err != nil {
+		return nil, fmt.Errorf("error querying articles: %v", err)
+	}
+
+	articleList := make([]*Article, 0)
+	for rows.Next() {
+		article := new(Article)
+		var created []byte
+
+		if err = rows.Scan(&article.ID, &article.Title, &created,
+			&article.Description, &article.Content, &article.AuthorID,
+			&article.IssueID); err != nil {
+			return nil, fmt.Errorf("error scanning article row: %v", err)
+		}
+
+		article.Published = false
+		article.Created, err = time.Parse("2006-01-02 15:04:05", string(created))
+		if err != nil {
+			return nil, fmt.Errorf("error parsing created: %v", err)
+		}
+
+		articleList = append(articleList, article)
+	}
+
+	return articleList, nil
+}
+
+func (db *DB) GetCurrentIssueArticles() ([]*Article, error) {
+	var issueID int64
+	txOptions := &sql.TxOptions{Isolation: sql.LevelSerializable}
+	issueQuery := "SELECT id FROM issues WHERE published = false"
+	articlesQuery := `
+    SELECT id, title, created, description, content, author_id
+    FROM articles
+    WHERE issue_id = ? AND published = true
+    `
+
+	for i := 0; i < TxMaxRetries; i++ {
+		id, err := func() ([]*Article, error) {
+			tx, err := db.BeginTx(context.Background(), txOptions)
+			if err != nil {
+				return nil, fmt.Errorf("error starting transaction: %v", err)
+			}
+
+			row := tx.QueryRow(issueQuery)
+			if err := row.Scan(&issueID); err != nil {
+				if rollbackErr := tx.Rollback(); rollbackErr != nil {
+					log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+				}
+				return nil, fmt.Errorf("error querying DB for unpublished issue: %v", err)
+			}
+
+			rows, err := tx.Query(articlesQuery, issueID)
+			if err != nil {
+				if rollbackErr := tx.Rollback(); rollbackErr != nil {
+					log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+				}
+				return nil, fmt.Errorf("error querying DB for articles of issue %v: %v", issueID, err)
+			}
+
+			articleList := make([]*Article, 0)
+			for rows.Next() {
+				article := new(Article)
+				var created []byte
+
+				if err = rows.Scan(&article.ID, &article.Title, &created,
+					&article.Description, &article.Content, &article.AuthorID); err != nil {
+					if rollbackErr := tx.Rollback(); rollbackErr != nil {
+						log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+					}
+					return nil, fmt.Errorf("error scanning article from issue %v: %v", issueID, err)
+				}
+
+				article.Created, err = time.Parse("2006-01-02 15:04:05", string(created))
+				if err != nil {
+					if rollbackErr := tx.Rollback(); rollbackErr != nil {
+						log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+					}
+					return nil, fmt.Errorf("error parsing created: %v", err)
+				}
+
+				articleList = append(articleList, article)
+			}
+
+			if err = tx.Commit(); err != nil {
+				return nil, fmt.Errorf("error committing transaction when getting articles of issue %v: %v", issueID, err)
+			}
+
+			return articleList, nil
+		}()
+		if err == nil {
+			return id, nil
+		}
+
+		log.Println(err)
+		wait(i)
+	}
+
+	return nil, fmt.Errorf("error: %v unsuccessful retries for DB operation, aborting", TxMaxRetries)
+}
+
+func (db *DB) AddArticleToCurrentIssue(id int64) error {
+	var issueID int64
+	txOptions := &sql.TxOptions{Isolation: sql.LevelSerializable}
+	selectQuery := "SELECT id FROM issues WHERE published = false"
+	updateQuery := "UPDATE articles SET issue_id = ? WHERE id = ?"
+
+	for i := 0; i < TxMaxRetries; i++ {
+		err := func() error {
+			tx, err := db.BeginTx(context.Background(), txOptions)
+			if err != nil {
+				return fmt.Errorf("error starting transaction: %v", err)
+			}
+
+			if err = tx.QueryRow(selectQuery).Scan(&issueID); err != nil {
+				if rollbackErr := tx.Rollback(); rollbackErr != nil {
+					log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+				}
+				return fmt.Errorf("error scanning row: %v", err)
+			}
+
+			_, err = db.Exec(updateQuery, issueID, id)
+			if err != nil {
+				if rollbackErr := tx.Rollback(); rollbackErr != nil {
+					log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+				}
+				return fmt.Errorf("error updating issueID for article: %v", err)
+			}
+
+			if err = tx.Commit(); err != nil {
+				return fmt.Errorf("error committing transaction when getting articles of issue %v: %v", issueID, err)
+			}
+
+			return nil
+		}()
+		if err == nil {
+			return nil
+		}
+
+		log.Println(err)
+		wait(i)
+	}
+
+	return fmt.Errorf("error: %v unsuccessful retries for DB operation, aborting", TxMaxRetries)
+}

cmd/backend/articles_tags.go

@@ -0,0 +1,107 @@
+package backend
+
+import (
+	"fmt"
+	"log"
+)
+
+func (db *DB) WriteArticleTags(articleID int64, tagIDs []int64) error {
+	query := "INSERT INTO articles_tags (article_id, tag_id) VALUES (?, ?)"
+
+	for i := 0; i < TxMaxRetries; i++ {
+		err := func() error {
+			tx, err := db.Begin()
+			if err != nil {
+				return fmt.Errorf("error starting transaction: %v", err)
+			}
+
+			for _, tagID := range tagIDs {
+				if _, err := tx.Exec(query, articleID, tagID); err != nil {
+					if rollbackErr := tx.Rollback(); rollbackErr != nil {
+						log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+					}
+					return fmt.Errorf("error inserting into articles_tags: %v", err)
+				}
+			}
+
+			if err = tx.Commit(); err != nil {
+				return fmt.Errorf("error committing transaction: %v", err)
+			}
+			return nil
+		}()
+		if err == nil {
+			return nil
+		}
+
+		log.Println(err)
+		wait(i)
+	}
+	return fmt.Errorf("error: %v unsuccessful retries for DB operation, aborting", TxMaxRetries)
+}
+
+func (db *DB) GetArticleTags(articleID int64) ([]*Tag, error) {
+	query := `
+    SELECT t.id, t.name
+    FROM articles a
+    INNER JOIN articles_tags at ON a.id = at.article_id
+    INNER JOIN tags t ON at.tag_id = t.id
+    WHERE a.id = ?
+    `
+	rows, err := db.Query(query, articleID)
+	if err != nil {
+		return nil, fmt.Errorf("error querying articles_tags: %v", err)
+	}
+
+	tags := make([]*Tag, 0)
+	for rows.Next() {
+		tag := new(Tag)
+		if err = rows.Scan(&tag.ID, &tag.Name); err != nil {
+			return nil, fmt.Errorf("error scanning rows: %v", err)
+		}
+		tags = append(tags, tag)
+	}
+
+	return tags, nil
+}
+
+func (db *DB) UpdateArticleTags(articleID int64, tagIDs []int64) error {
+	deleteQuery := "DELETE FROM articles_tags WHERE article_id = ?"
+	insertQuery := "INSERT INTO articles_tags (article_id, tag_id) VALUES (?, ?)"
+
+	for i := 0; i < TxMaxRetries; i++ {
+		err := func() error {
+			tx, err := db.Begin()
+			if err != nil {
+				return fmt.Errorf("error starting transaction: %v", err)
+			}
+
+			if _, err := tx.Exec(deleteQuery, articleID); err != nil {
+				if rollbackErr := tx.Rollback(); rollbackErr != nil {
+					log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+				}
+				return fmt.Errorf("error deleting entries from articles_tags before inserting new ones: %v", err)
+			}
+
+			for _, tagID := range tagIDs {
+				if _, err := tx.Exec(insertQuery, articleID, tagID); err != nil {
+					if rollbackErr := tx.Rollback(); rollbackErr != nil {
+						log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+					}
+					return fmt.Errorf("error inserting new entries into articles_tags: %v", err)
+				}
+			}
+
+			if err = tx.Commit(); err != nil {
+				return fmt.Errorf("error committing transaction: %v", err)
+			}
+			return nil
+		}()
+		if err == nil {
+			return nil
+		}
+
+		log.Println(err)
+		wait(i)
+	}
+	return fmt.Errorf("error: %v unsuccessful retries for DB operation, aborting", TxMaxRetries)
+}

cmd/backend/config.go

@@ -0,0 +1,139 @@
+package backend
+
+import (
+	"flag"
+	"fmt"
+	"os"
+	"path/filepath"
+	"strings"
+
+	"github.com/BurntSushi/toml"
+)
+
+type Config struct {
+	DBName      string
+	Description string
+	Domain      string
+	KeyFile     string
+	Link        string
+	LogFile     string
+	PDFDir      string
+	PicsDir     string
+	Port        string
+	RSSFile     string
+	Title       string
+	WebDir      string
+}
+
+func newConfig() *Config {
+	return &Config{
+		DBName:  "cpolis",
+		KeyFile: "/var/www/cpolis/cpolis.key",
+		LogFile: "/var/log/cpolis.log",
+		PDFDir:  "/var/www/cpolis/pdfs",
+		PicsDir: "/var/www/cpolis/pics",
+		RSSFile: "/var/www/cpolis/cpolis.rss",
+		WebDir:  "/var/www/cpolis/web",
+	}
+}
+
+func (c *Config) readFile() error {
+	cfgFile, err := filepath.Abs(os.Getenv("HOME") + "/.config/cpolis/config.toml")
+	if err != nil {
+		return fmt.Errorf("error getting absolute path for config file: %v", err)
+	}
+
+	_, err = os.Stat(cfgFile)
+	if os.IsNotExist(err) {
+		fileStrings := strings.Split(cfgFile, "/")
+
+		dir := strings.Join(fileStrings[0:len(fileStrings)-1], "/")
+		if err = os.MkdirAll(dir, 0755); err != nil {
+			return fmt.Errorf("error creating config directory: %v", err)
+		}
+
+		fileName := fileStrings[len(fileStrings)-1]
+		file, err := os.Create(dir + "/" + fileName)
+		if err != nil {
+			return fmt.Errorf("error creating config file: %v", err)
+		}
+		defer file.Close()
+		if err = file.Chmod(0644); err != nil {
+			return fmt.Errorf("error setting permissions for config file: %v", err)
+		}
+	} else {
+		_, err = toml.DecodeFile(cfgFile, c)
+		if err != nil {
+			return fmt.Errorf("error reading config file: %v", err)
+		}
+	}
+
+	return nil
+}
+
+func (c *Config) handleCliArgs() error {
+	var err error
+	port := 8080
+
+	flag.StringVar(&c.DBName, "db", c.DBName, "DB name")
+	flag.StringVar(&c.Description, "desc", c.Description, "Channel description")
+	flag.StringVar(&c.Domain, "domain", c.Domain, "domain name")
+	flag.StringVar(&c.KeyFile, "key", c.KeyFile, "key file")
+	flag.StringVar(&c.Link, "link", c.Link, "Channel Link")
+	flag.StringVar(&c.LogFile, "log", c.LogFile, "log file")
+	flag.StringVar(&c.PDFDir, "pdfs", c.PDFDir, "pdf directory")
+	flag.StringVar(&c.PicsDir, "pics", c.PicsDir, "pictures directory")
+	flag.StringVar(&c.RSSFile, "rss", c.RSSFile, "RSS file")
+	flag.StringVar(&c.Title, "title", c.Title, "Channel title")
+	flag.StringVar(&c.WebDir, "web", c.WebDir, "web directory")
+	flag.IntVar(&port, "port", port, "port")
+	flag.Parse()
+
+	c.KeyFile, err = filepath.Abs(c.KeyFile)
+	if err != nil {
+		return fmt.Errorf("error finding absolute path for key file: %v", err)
+	}
+
+	c.LogFile, err = filepath.Abs(c.LogFile)
+	if err != nil {
+		return fmt.Errorf("error finding absolute path for log file: %v", err)
+	}
+
+	c.PDFDir, err = filepath.Abs(c.PDFDir)
+	if err != nil {
+		return fmt.Errorf("error finding absolute path for pdfs dir: %v", err)
+	}
+
+	c.PicsDir, err = filepath.Abs(c.PicsDir)
+	if err != nil {
+		return fmt.Errorf("error finding absolute path for pics dir: %v", err)
+	}
+
+	c.Port = fmt.Sprint(":", port)
+
+	c.RSSFile, err = filepath.Abs(c.RSSFile)
+	if err != nil {
+		return fmt.Errorf("error finding absolute path for RSS file: %v", err)
+	}
+
+	c.WebDir, err = filepath.Abs(c.WebDir)
+	if err != nil {
+		return fmt.Errorf("error finding absolute path for web dir: %v", err)
+	}
+
+	return nil
+}
+
+func HandleConfig() (*Config, error) {
+	config := newConfig()
+
+	if err := config.readFile(); err != nil {
+		return nil, fmt.Errorf("error reading config file: %v", err)
+	}
+
+	if err := config.handleCliArgs(); err != nil {
+		return nil, fmt.Errorf("error handling cli arguments: %v", err)
+	}
+
+	return config, nil
+}

cmd/backend/db.go

@@ -0,0 +1,167 @@
+package backend
+
+import (
+	"bufio"
+	"database/sql"
+	"fmt"
+	"log"
+	"math"
+	"math/rand/v2"
+	"os"
+	"strings"
+	"syscall"
+	"time"
+
+	"github.com/go-sql-driver/mysql"
+	"golang.org/x/term"
+)
+
+var TxMaxRetries = 5
+
+type (
+	DB struct{ *sql.DB }
+	Tx struct{ *sql.Tx }
+
+	Attribute struct {
+		Value   any
+		Table   string
+		AttName string
+		ID      int64
+	}
+)
+
+func getUsername() (string, error) {
+	user := os.Getenv("DB_USER")
+	if user == "" {
+		var err error
+		fmt.Printf("DB Benutzer: ")
+		user, err = bufio.NewReader(os.Stdin).ReadString('\n')
+		if err != nil {
+			return "", fmt.Errorf("error reading username: %v", err)
+		}
+	}
+	return strings.TrimSpace(user), nil
+}
+
+func getPassword() (string, error) {
+	pass := os.Getenv("DB_PASS")
+	if pass == "" {
+		fmt.Printf("DB Passwort: ")
+		bytePass, err := term.ReadPassword(int(syscall.Stdin))
+		if err != nil {
+			return "", fmt.Errorf("error reading password: %v", err)
+		}
+		fmt.Println()
+		pass = strings.TrimSpace(string(bytePass))
+	}
+	return pass, nil
+}
+
+func getCredentials() (string, string, error) {
+	user, err := getUsername()
+	if err != nil {
+		return "", "", fmt.Errorf("error getting username: %v", err)
+	}
+
+	pass, err := getPassword()
+	if err != nil {
+		return "", "", fmt.Errorf("error getting password: %v", err)
+	}
+
+	return user, pass, nil
+}
+
+func wait(iteration int) {
+	waitTime := time.Duration(math.Pow(2, float64(iteration))) * 100 * time.Millisecond
+	jitter := time.Duration(rand.IntN(int(waitTime)/2)) * time.Millisecond
+	time.Sleep(waitTime + jitter)
+}
+
+func OpenDB(dbName string) (*DB, error) {
+	var err error
+	db := DB{DB: new(sql.DB)}
+
+	cfg := mysql.NewConfig()
+	cfg.DBName = dbName
+	cfg.User, cfg.Passwd, err = getCredentials()
+	if err != nil {
+		return nil, fmt.Errorf("error reading user credentials for DB: %v", err)
+	}
+
+	db.DB, err = sql.Open("mysql", cfg.FormatDSN())
+	if err != nil {
+		return nil, fmt.Errorf("error opening DB: %v", err)
+	}
+	if err = db.Ping(); err != nil {
+		return nil, fmt.Errorf("error pinging DB: %v", err)
+	}
+
+	return &db, nil
+}
+
+func (db *DB) UpdateAttributes(a ...*Attribute) error {
+	for i := 0; i < TxMaxRetries; i++ {
+		err := func() error {
+			tx, err := db.Begin()
+			if err != nil {
+				return fmt.Errorf("error starting transaction: %v", err)
+			}
+
+			for _, attribute := range a {
+				query := fmt.Sprintf(`
+                    UPDATE %s
+                    SET %s = ?
+                    WHERE id = ?
+                    `, attribute.Table, attribute.AttName)
+				if _, err := tx.Exec(query, attribute.Value, attribute.ID); err != nil {
+					if rollbackErr := tx.Rollback(); rollbackErr != nil {
+						log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+					}
+					return fmt.Errorf("error updating %v in DB: %v", attribute.AttName, err)
+				}
+			}
+
+			if err = tx.Commit(); err != nil {
+				return fmt.Errorf("error committing transaction: %v", err)
+			}
+			return nil
+		}()
+		if err == nil {
+			return nil
+		}
+
+		log.Println(err)
+		wait(i)
+	}
+	return fmt.Errorf("error: %v unsuccessful retries for DB operation, aborting", TxMaxRetries)
+}
+
+func (db *DB) CountEntries(table string) (int64, error) {
+	var count int64
+
+	query := fmt.Sprintf("SELECT COUNT(*) FROM %s", table)
+	row := db.QueryRow(query)
+	if err := row.Scan(&count); err != nil {
+		return 0, fmt.Errorf("error counting rows in user DB: %v", err)
+	}
+
+	return count, nil
+}
+
+func (tx *Tx) UpdateAttributes(a ...*Attribute) error {
+	for _, attribute := range a {
+		query := fmt.Sprintf(`
+            UPDATE %s
+            SET %s = ?
+            WHERE id = ?
+            `, attribute.Table, attribute.AttName)
+		if _, err := tx.Exec(query, attribute.Value, attribute.ID); err != nil {
+			if rollbackErr := tx.Rollback(); rollbackErr != nil {
+				log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+			}
+			return fmt.Errorf("error updating %v in DB: %v", attribute.AttName, err)
+		}
+	}
+
+	return nil
+}

cmd/backend/firebase.go

@@ -0,0 +1,44 @@
+package backend
+
+import (
+	"context"
+
+	firebase "firebase.google.com/go/v4"
+	"firebase.google.com/go/v4/auth"
+	"google.golang.org/api/option"
+)
+
+type Client struct {
+	*auth.Client
+}
+
+func NewClient() (*Client, error) {
+	var err error
+	client := new(Client)
+
+	ctx := context.Background()
+	opt := option.WithCredentialsFile("path/to/serviceAccountKey.json")
+
+	app, err := firebase.NewApp(ctx, nil, opt)
+	if err != nil {
+		return nil, err
+	}
+
+	client.Client, err = app.Auth(ctx)
+	if err != nil {
+		return nil, err
+	}
+
+	return client, nil
+}
+
+func (c *Client) Verify(idToken string) (*auth.Token, error) {
+	ctx := context.Background()
+
+	token, err := c.VerifyIDTokenAndCheckRevoked(ctx, idToken)
+	if err != nil {
+		return nil, err
+	}
+
+	return token, nil
+}

cmd/backend/issues.go

@@ -0,0 +1,65 @@
+package backend
+
+import (
+	"context"
+	"database/sql"
+	"fmt"
+	"log"
+)
+
+func (db *DB) AddIssue() (int64, error) {
+	query := "INSERT INTO issues (published) VALUES (?)"
+	result, err := db.Exec(query, false)
+	if err != nil {
+		return 0, fmt.Errorf("error inserting issue into DB: %v", err)
+	}
+
+	id, err := result.LastInsertId()
+	if err != nil {
+		return 0, fmt.Errorf("error getting ID of added issue: %v", err)
+	}
+
+	return id, nil
+}
+
+func (db *DB) PublishLatestIssue() error {
+	txOptions := &sql.TxOptions{Isolation: sql.LevelSerializable}
+	updateQuery := "UPDATE issues SET published = true WHERE published = false"
+	insertQuery := "INSERT INTO issues (published) VALUES (?)"
+
+	for i := 0; i < TxMaxRetries; i++ {
+		err := func() error {
+			tx, err := db.BeginTx(context.Background(), txOptions)
+			if err != nil {
+				return fmt.Errorf("error starting transaction: %v", err)
+			}
+
+			if _, err := tx.Exec(updateQuery); err != nil {
+				if rollbackErr := tx.Rollback(); rollbackErr != nil {
+					log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+				}
+				return fmt.Errorf("error publishing issue: %v", err)
+			}
+
+			if _, err := tx.Exec(insertQuery, false); err != nil {
+				if rollbackErr := tx.Rollback(); rollbackErr != nil {
+					log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+				}
+				return fmt.Errorf("error inserting new issue into DB: %v", err)
+			}
+
+			if err = tx.Commit(); err != nil {
+				return fmt.Errorf("error committing transaction when publishing issue: %v", err)
+			}
+			return nil
+		}()
+		if err == nil {
+			return nil
+		}
+
+		log.Println(err)
+		wait(i)
+	}
+
+	return fmt.Errorf("error: %v unsuccessful retries for DB operation, aborting", TxMaxRetries)
+}

cmd/backend/markdown.go

@@ -1,4 +1,4 @@
-package data
+package backend
 
 import (
 	"bytes"

cmd/backend/rss.go

@@ -0,0 +1,132 @@
+package backend
+
+import (
+	"fmt"
+	"io"
+	"os"
+	"time"
+
+	"git.streifling.com/jason/rss"
+)
+
+func GetChannel(db *DB, title, link, description string) (*rss.Channel, error) {
+	channel := &rss.Channel{
+		Title:       title,
+		Link:        link,
+		Description: description,
+		Items:       make([]*rss.Item, 0),
+	}
+
+	articles, err := db.GetCertainArticles(true, false)
+	if err != nil {
+		return nil, fmt.Errorf("error fetching published articles: %v", err)
+	}
+
+	for _, article := range articles {
+		tags, err := db.GetArticleTags(article.ID)
+		if err != nil {
+			return nil, fmt.Errorf("error fetching tags for article %v: %v", article.Title, err)
+		}
+		tagNames := make([]string, 0)
+		for _, tag := range tags {
+			tagNames = append(tagNames, tag.Name)
+		}
+
+		user, err := db.GetUser(article.AuthorID)
+		if err != nil {
+			return nil, fmt.Errorf("error finding user %v: %v", article.AuthorID, err)
+		}
+
+		channel.Items = append(channel.Items, &rss.Item{
+			Title:       article.Title,
+			Author:      user.FirstName + user.LastName,
+			PubDate:     article.Created.Format(time.RFC1123Z),
+			Description: article.Description,
+			Content:     &rss.Content{Value: article.Content},
+			Categories:  tagNames,
+		})
+	}
+
+	return channel, nil
+}
+
+func GenerateRSS(db *DB, title, link, desc string) (*string, error) {
+	channel := &rss.Channel{
+		Title:       title,
+		Link:        link,
+		Description: desc,
+		Items:       make([]*rss.Item, 0),
+	}
+
+	articles, err := db.GetCertainArticles(true, false)
+	if err != nil {
+		return nil, fmt.Errorf("error getting published articles for RSS feed: %v", err)
+	}
+
+	for _, article := range articles {
+		tags, err := db.GetArticleTags(article.ID)
+		if err != nil {
+			return nil, fmt.Errorf("error getting tags for articles for RSS feed: %v", err)
+		}
+		tagNames := make([]string, 0)
+		for _, tag := range tags {
+			tagNames = append(tagNames, tag.Name)
+		}
+		tagNames = append(tagNames, fmt.Sprint("Orient Express ", article.IssueID))
+
+		user, err := db.GetUser(article.AuthorID)
+		if err != nil {
+			return nil, fmt.Errorf("error getting user user info for RSS feed: %v", err)
+		}
+
+		articleTitle, err := ConvertToPlain(article.Title)
+		if err != nil {
+			return nil, fmt.Errorf("error converting title to plain text for RSS feed: %v", err)
+		}
+
+		articleDescription, err := ConvertToPlain(article.Description)
+		if err != nil {
+			return nil, fmt.Errorf("error converting description to plain text for RSS feed: %v", err)
+		}
+
+		articleContent, err := ConvertToHTML(article.Content)
+		if err != nil {
+			return nil, fmt.Errorf("error converting content to HTML for RSS feed: %v", err)
+		}
+
+		channel.Items = append(channel.Items, &rss.Item{
+			Title:       articleTitle,
+			Author:      user.FirstName + " " + user.LastName,
+			PubDate:     article.Created.Format(time.RFC1123Z),
+			Description: articleDescription,
+			Content:     &rss.Content{Value: articleContent},
+			Categories:  tagNames,
+		})
+	}
+
+	feed := rss.NewFeed()
+	feed.Channels = append(feed.Channels, channel)
+	rss, err := feed.ToXML("UTF-8")
+	if err != nil {
+		return nil, fmt.Errorf("error converting RSS feed to XML: %v", err)
+	}
+
+	return &rss, nil
+}
+
+func SaveRSS(filename string, feed *string) error {
+	file, err := os.Create(filename)
+	if err != nil {
+		return fmt.Errorf("error creating file for RSS feed: %v", err)
+	}
+	defer file.Close()
+	if err = file.Chmod(0644); err != nil {
+		return fmt.Errorf("error setting permissions for RSS file: %v", err)
+	}
+
+	if _, err = io.WriteString(file, *feed); err != nil {
+		return fmt.Errorf("error writing to RSS file: %v", err)
+	}
+
+	return nil
+}

cmd/backend/sessions.go

@@ -1,4 +1,4 @@
-package data
+package backend
 
 import (
 	"crypto/rand"
@@ -17,8 +17,7 @@ type CookieStore struct {
 func NewKey() ([]byte, error) {
 	key := make([]byte, 32)
 
-	_, err := io.ReadFull(rand.Reader, key)
+	if _, err := io.ReadFull(rand.Reader, key); err != nil {
-	if err != nil {
 		return nil, fmt.Errorf("error generating key: %v", err)
 	}
 
@@ -33,9 +32,7 @@ func SaveKey(key []byte, filename string) error {
 	defer file.Close()
 	file.Chmod(0600)
 
-	encoder := gob.NewEncoder(file)
+	if err = gob.NewEncoder(file).Encode(key); err != nil {
-	err = encoder.Encode(key)
-	if err != nil {
 		return fmt.Errorf("error ecoding key: %v", err)
 	}
 
@@ -49,9 +46,7 @@ func LoadKey(filename string) ([]byte, error) {
 	}
 
 	key := make([]byte, 32)
-	decoder := gob.NewDecoder(file)
+	if err = gob.NewDecoder(file).Decode(&key); err != nil {
-	err = decoder.Decode(&key)
-	if err != nil {
 		return nil, fmt.Errorf("error decoding key: %v", err)
 	}
 

cmd/backend/tags.go

@@ -0,0 +1,35 @@
+package backend
+
+import "fmt"
+
+type Tag struct {
+	Name string
+	ID   int64
+}
+
+func (db *DB) AddTag(tagName string) error {
+	query := "INSERT INTO tags (name) VALUES (?)"
+	if _, err := db.Exec(query, tagName); err != nil {
+		return fmt.Errorf("error inserting tag into DB: %v", err)
+	}
+	return nil
+}
+
+func (db *DB) GetTagList() ([]*Tag, error) {
+	query := "SELECT id, name FROM tags"
+	rows, err := db.Query(query)
+	if err != nil {
+		return nil, fmt.Errorf("error querying tags: %v", err)
+	}
+
+	tagList := make([]*Tag, 0)
+	for rows.Next() {
+		tag := new(Tag)
+		if err = rows.Scan(&tag.ID, &tag.Name); err != nil {
+			return nil, fmt.Errorf("error scanning tag row: %v", err)
+		}
+		tagList = append(tagList, tag)
+	}
+
+	return tagList, nil
+}

cmd/backend/users.go

@@ -0,0 +1,380 @@
+package backend
+
+import (
+	"context"
+	"database/sql"
+	"fmt"
+	"log"
+
+	"golang.org/x/crypto/bcrypt"
+)
+
+const (
+	Admin = iota
+	Publisher
+	Editor
+	Author
+	NonExistent
+)
+
+type User struct {
+	UserName  string
+	FirstName string
+	LastName  string
+	ID        int64
+	Role      int
+}
+
+func (db *DB) AddUser(u *User, pass string) (int64, error) {
+	hashedPass, err := bcrypt.GenerateFromPassword([]byte(pass), bcrypt.DefaultCost)
+	if err != nil {
+		return 0, fmt.Errorf("error creating password hash: %v", err)
+	}
+
+	query := `
+    INSERT INTO users (username, password, first_name, last_name, role)
+    VALUES (?, ?, ?, ?, ?)
+    `
+	result, err := db.Exec(query, u.UserName, string(hashedPass), u.FirstName, u.LastName, u.Role)
+	if err != nil {
+		return 0, fmt.Errorf("error inserting new user %v into DB: %v", u.UserName, err)
+	}
+	id, err := result.LastInsertId()
+	if err != nil {
+		return 0, fmt.Errorf("error inserting user into DB: %v", err)
+	}
+
+	return id, nil
+}
+
+func (db *DB) GetID(userName string) (int64, bool) {
+	var id int64
+
+	query := `
+    SELECT id
+    FROM users
+    WHERE username = ?
+    `
+	row := db.QueryRow(query, userName)
+	if err := row.Scan(&id); err != nil {
+		return 0, false
+	}
+
+	return id, true
+}
+
+func (db *DB) CheckPassword(id int64, pass string) error {
+	var queriedPass string
+
+	query := `
+    SELECT password
+    FROM users
+    WHERE id = ?
+    `
+	row := db.QueryRow(query, id)
+	if err := row.Scan(&queriedPass); err != nil {
+		return fmt.Errorf("error reading password from DB: %v", err)
+	}
+
+	if err := bcrypt.CompareHashAndPassword([]byte(queriedPass), []byte(pass)); err != nil {
+		return fmt.Errorf("incorrect password: %v", err)
+	}
+
+	return nil
+}
+
+func (tx *Tx) ChangePassword(id int64, oldPass, newPass string) error {
+	var queriedPass string
+	getQuery := `
+    SELECT password
+    FROM users
+    WHERE id = ?
+    `
+	row := tx.QueryRow(getQuery, id)
+	if err := row.Scan(&queriedPass); err != nil {
+		if rollbackErr := tx.Rollback(); rollbackErr != nil {
+			log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+		}
+		return fmt.Errorf("error reading password from DB: %v", err)
+	}
+
+	if err := bcrypt.CompareHashAndPassword([]byte(queriedPass), []byte(oldPass)); err != nil {
+		if rollbackErr := tx.Rollback(); rollbackErr != nil {
+			log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+		}
+		return fmt.Errorf("incorrect password: %v", err)
+	}
+
+	newHashedPass, err := bcrypt.GenerateFromPassword([]byte(newPass), bcrypt.DefaultCost)
+	if err != nil {
+		if rollbackErr := tx.Rollback(); rollbackErr != nil {
+			log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+		}
+		return fmt.Errorf("error creating password hash: %v", err)
+	}
+
+	setQuery := `
+    UPDATE users
+    SET password = ?
+    WHERE id = ?
+    `
+	if _, err = tx.Exec(setQuery, string(newHashedPass), id); err != nil {
+		if rollbackErr := tx.Rollback(); rollbackErr != nil {
+			log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+		}
+		return fmt.Errorf("error updating password in DB: %v", err)
+	}
+
+	return nil
+}
+
+// TODO: No need for ID field in general
+func (db *DB) GetUser(id int64) (*User, error) {
+	user := new(User)
+	query := `
+    SELECT id, username, first_name, last_name, role
+    FROM users
+    WHERE id = ?
+    `
+
+	row := db.QueryRow(query, id)
+	if err := row.Scan(&user.ID, &user.UserName, &user.FirstName,
+		&user.LastName, &user.Role); err != nil {
+		return nil, fmt.Errorf("error reading user information: %v", err)
+	}
+
+	return user, nil
+}
+
+func (db *DB) UpdateOwnAttributes(id int64, user, first, last, oldPass, newPass, newPass2 string) error {
+	passwordEmpty := true
+	if len(newPass) > 0 || len(newPass2) > 0 {
+		if newPass != newPass2 {
+			return fmt.Errorf("error: passwords do not match")
+		}
+		passwordEmpty = false
+	}
+
+	tx := new(Tx)
+	var err error
+
+	for i := 0; i < TxMaxRetries; i++ {
+		err := func() error {
+			tx.Tx, err = db.Begin()
+			if err != nil {
+				return fmt.Errorf("error starting transaction: %v", err)
+			}
+
+			if !passwordEmpty {
+				if err = tx.ChangePassword(id, oldPass, newPass); err != nil {
+					if rollbackErr := tx.Rollback(); rollbackErr != nil {
+						log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+					}
+					return fmt.Errorf("error changing password: %v", err)
+				}
+			}
+
+			if err = tx.UpdateAttributes(
+				&Attribute{Table: "users", ID: id, AttName: "username", Value: user},
+				&Attribute{Table: "users", ID: id, AttName: "first_name", Value: first},
+				&Attribute{Table: "users", ID: id, AttName: "last_name", Value: last},
+			); err != nil {
+				if rollbackErr := tx.Rollback(); rollbackErr != nil {
+					log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+				}
+				return fmt.Errorf("error updating attributes in DB: %v", err)
+			}
+
+			if err = tx.Commit(); err != nil {
+				return fmt.Errorf("error committing transaction: %v", err)
+			}
+
+			return nil
+		}()
+		if err == nil {
+			return nil
+		}
+
+		log.Println(err)
+		wait(i)
+	}
+
+	return fmt.Errorf("error: %v unsuccessful retries for DB operation, aborting", TxMaxRetries)
+}
+
+func (db *DB) AddFirstUser(u *User, pass string) (int64, error) {
+	var numUsers int64
+	txOptions := &sql.TxOptions{Isolation: sql.LevelSerializable}
+	selectQuery := "SELECT COUNT(*) FROM users"
+	insertQuery := `
+    INSERT INTO users (username, password, first_name, last_name, role)
+    VALUES (?, ?, ?, ?, ?)
+    `
+
+	for i := 0; i < TxMaxRetries; i++ {
+		id, err := func() (int64, error) {
+			tx, err := db.BeginTx(context.Background(), txOptions)
+			if err != nil {
+				return 0, fmt.Errorf("error starting transaction: %v", err)
+			}
+
+			if err := tx.QueryRow(selectQuery).Scan(&numUsers); err != nil {
+				if rollbackErr := tx.Rollback(); rollbackErr != nil {
+					log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+				}
+				return 0, fmt.Errorf("error getting ID of %v: %v", u.UserName, err)
+			}
+			if numUsers != 0 {
+				if err = tx.Commit(); err != nil {
+					return 0, fmt.Errorf("error committing transaction: %v", err)
+				}
+				return 2, nil
+			}
+
+			hashedPass, err := bcrypt.GenerateFromPassword([]byte(pass), bcrypt.DefaultCost)
+			if err != nil {
+				if rollbackErr := tx.Rollback(); rollbackErr != nil {
+					log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+				}
+				return 0, fmt.Errorf("error creating password hash: %v", err)
+			}
+
+			result, err := tx.Exec(insertQuery, u.UserName, string(hashedPass), u.FirstName, u.LastName, u.Role)
+			if err != nil {
+				if rollbackErr := tx.Rollback(); rollbackErr != nil {
+					log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+				}
+				return 0, fmt.Errorf("error inserting new user %v into DB: %v", u.UserName, err)
+			}
+
+			id, err := result.LastInsertId()
+			if err != nil {
+				if rollbackErr := tx.Rollback(); rollbackErr != nil {
+					log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+				}
+				return 0, fmt.Errorf("error inserting user into DB: %v", err)
+			}
+
+			if err = tx.Commit(); err != nil {
+				return 0, fmt.Errorf("error committing transaction: %v", err)
+			}
+			return id, nil
+		}()
+		if err == nil {
+			return id, nil
+		}
+
+		log.Println(err)
+		wait(i)
+	}
+	return 0, fmt.Errorf("error: %v unsuccessful retries for DB operation, aborting", TxMaxRetries)
+}
+
+func (db *DB) GetAllUsers() (map[int64]*User, error) {
+	query := "SELECT id, username, first_name, last_name, role FROM users"
+
+	rows, err := db.Query(query)
+	if err != nil {
+		return nil, fmt.Errorf("error getting all users from DB: %v", err)
+	}
+
+	users := make(map[int64]*User, 0)
+	for rows.Next() {
+		user := new(User)
+		if err = rows.Scan(&user.ID, &user.UserName, &user.FirstName,
+			&user.LastName, &user.Role); err != nil {
+			return nil, fmt.Errorf("error getting user info: %v", err)
+		}
+		users[user.ID] = user
+	}
+
+	return users, nil
+}
+
+func (tx *Tx) SetPassword(id int64, newPass string) error {
+	hashedPass, err := bcrypt.GenerateFromPassword([]byte(newPass), bcrypt.DefaultCost)
+	if err != nil {
+		if rollbackErr := tx.Rollback(); rollbackErr != nil {
+			log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+		}
+		return fmt.Errorf("error creating password hash: %v", err)
+	}
+
+	setQuery := "UPDATE users SET password = ? WHERE id = ?"
+	if _, err = tx.Exec(setQuery, string(hashedPass), id); err != nil {
+		if rollbackErr := tx.Rollback(); rollbackErr != nil {
+			log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+		}
+		return fmt.Errorf("error updating password in DB: %v", err)
+	}
+
+	return nil
+}
+
+func (db *DB) UpdateUserAttributes(id int64, user, first, last, newPass, newPass2 string, role int) error {
+	passwordEmpty := true
+	if len(newPass) > 0 || len(newPass2) > 0 {
+		if newPass != newPass2 {
+			return fmt.Errorf("error: passwords do not match")
+		}
+		passwordEmpty = false
+	}
+
+	tx := new(Tx)
+	var err error
+
+	for i := 0; i < TxMaxRetries; i++ {
+		err := func() error {
+			tx.Tx, err = db.Begin()
+			if err != nil {
+				return fmt.Errorf("error starting transaction: %v", err)
+			}
+
+			if !passwordEmpty {
+				if err = tx.SetPassword(id, newPass); err != nil {
+					if rollbackErr := tx.Rollback(); rollbackErr != nil {
+						log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+					}
+					return fmt.Errorf("error changing password: %v", err)
+				}
+			}
+
+			if err = tx.UpdateAttributes(
+				&Attribute{Table: "users", ID: id, AttName: "username", Value: user},
+				&Attribute{Table: "users", ID: id, AttName: "first_name", Value: first},
+				&Attribute{Table: "users", ID: id, AttName: "last_name", Value: last},
+				&Attribute{Table: "users", ID: id, AttName: "role", Value: role},
+			); err != nil {
+				if rollbackErr := tx.Rollback(); rollbackErr != nil {
+					log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+				}
+				return fmt.Errorf("error updating attributes in DB: %v", err)
+			}
+
+			if err = tx.Commit(); err != nil {
+				return fmt.Errorf("error committing transaction: %v", err)
+			}
+
+			return nil
+		}()
+		if err == nil {
+			return nil
+		}
+
+		log.Println(err)
+		wait(i)
+	}
+
+	return fmt.Errorf("error: %v unsuccessful retries for DB operation, aborting", TxMaxRetries)
+}
+
+func (db *DB) DeleteUser(id int64) error {
+	query := "DELETE FROM users WHERE id = ?"
+
+	_, err := db.Exec(query, id)
+	if err != nil {
+		return fmt.Errorf("error deleting user %v from DB: %v", id, err)
+	}
+
+	return nil
+}

cmd/calls/pdf.go

@@ -0,0 +1,44 @@
+package calls
+
+import (
+	"encoding/json"
+	"fmt"
+	"log"
+	"net/http"
+	"os"
+
+	b "streifling.com/jason/cpolis/cmd/backend"
+)
+
+func ServePDFList(c *b.Config) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		if tokenIsVerified(w, r) {
+			files, err := os.ReadDir(c.PDFDir)
+			if err != nil {
+				log.Println(err)
+				http.Error(w, err.Error(), http.StatusInternalServerError)
+				return
+			}
+
+			fileNames := make([]string, 0)
+			for _, file := range files {
+				fileNames = append(fileNames, file.Name())
+			}
+
+			w.Header().Set("Content-Type", "application/json")
+			if err = json.NewEncoder(w).Encode(fileNames); err != nil {
+				log.Println(err)
+				http.Error(w, err.Error(), http.StatusInternalServerError)
+				return
+			}
+		}
+	}
+}
+
+func ServePDF(c *b.Config) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		if tokenIsVerified(w, r) {
+			http.ServeFile(w, r, fmt.Sprint(c.PDFDir, "/", r.PathValue("id")))
+		}
+	}
+}

cmd/calls/rss.go

@@ -0,0 +1,15 @@
+package calls
+
+import (
+	"net/http"
+
+	b "streifling.com/jason/cpolis/cmd/backend"
+)
+
+func ServeRSS(c *b.Config) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		if tokenIsVerified(w, r) {
+			http.ServeFile(w, r, c.RSSFile)
+		}
+	}
+}

cmd/calls/verification.go

@@ -0,0 +1,34 @@
+package calls
+
+import (
+	"log"
+	"net/http"
+
+	b "streifling.com/jason/cpolis/cmd/backend"
+)
+
+// tokenIsVerified verifies that a request is authorized. It returns a bool.
+func tokenIsVerified(w http.ResponseWriter, r *http.Request) bool {
+	idToken := r.Header.Get("Authorization")
+	if idToken == "" {
+		log.Println("Authorization header missing")
+		http.Error(w, "Authorization header missing", http.StatusUnauthorized)
+		return false
+	}
+
+	client, err := b.NewClient()
+	if err != nil {
+		log.Println(err)
+		http.Error(w, err.Error(), http.StatusInternalServerError)
+		return false
+	}
+
+	_, err = client.Verify(idToken)
+	if err != nil {
+		log.Println(err)
+		http.Error(w, err.Error(), http.StatusUnauthorized)
+		return false
+	}
+
+	return true
+}

cmd/data/articles.go

@@ -1,89 +0,0 @@
-package data
-
-import (
-	"sync"
-	"time"
-
-	"github.com/google/uuid"
-)
-
-type Article struct {
-	Title    string
-	Author   string
-	Created  time.Time
-	Desc     string
-	Content  string
-	Tags     []string
-	UUID     uuid.UUID
-	AuthorID int64
-}
-
-type ArticleList struct {
-	addCh chan *Article
-	delCh chan uuid.UUID
-	retCh chan *Article
-	getCh chan []Article
-	list  []*Article
-	wg    sync.WaitGroup
-}
-
-func minArticleList() *ArticleList {
-	return &ArticleList{
-		addCh: make(chan *Article),
-		delCh: make(chan uuid.UUID),
-		retCh: make(chan *Article),
-		getCh: make(chan []Article),
-	}
-}
-
-func (l *ArticleList) start() {
-	l.wg.Done()
-	for {
-		select {
-		case article := <-l.addCh:
-			l.list = append(l.list, article)
-		case uuid := <-l.delCh:
-			for i, article := range l.list {
-				if article.UUID == uuid {
-					l.list = append(l.list[:i], l.list[i+1:]...)
-					l.retCh <- article
-				}
-			}
-		case l.getCh <- func() []Article {
-			var list []Article
-			for _, article := range l.list {
-				list = append(list, *article)
-			}
-			return list
-		}():
-		}
-	}
-}
-
-func NewArticleList() *ArticleList {
-	list := minArticleList()
-	list.list = []*Article{}
-
-	list.wg.Add(1)
-	go list.start()
-	list.wg.Wait()
-
-	return list
-}
-
-func (l *ArticleList) Add(a *Article) {
-	l.addCh <- a
-}
-
-func (l *ArticleList) Release(uuid uuid.UUID) (*Article, bool) {
-	l.delCh <- uuid
-	article := <-l.retCh
-	if article == nil {
-		return nil, false
-	}
-	return article, true
-}
-
-func (l *ArticleList) Get() []Article {
-	return <-l.getCh
-}

cmd/data/db.go

@@ -1,143 +0,0 @@
-package data
-
-import (
-	"database/sql"
-	"fmt"
-
-	"github.com/go-sql-driver/mysql"
-	"golang.org/x/crypto/bcrypt"
-)
-
-type DB struct {
-	*sql.DB
-}
-
-func OpenDB(dbName string) (*DB, error) {
-	var err error
-	db := DB{DB: &sql.DB{}}
-
-	cfg := mysql.NewConfig()
-	cfg.DBName = dbName
-	cfg.User, cfg.Passwd, err = getCredentials()
-	if err != nil {
-		return nil, fmt.Errorf("error reading user credentials for DB: %v", err)
-	}
-
-	db.DB, err = sql.Open("mysql", cfg.FormatDSN())
-	if err != nil {
-		return nil, fmt.Errorf("error opening DB: %v", err)
-	}
-	if err = db.Ping(); err != nil {
-		return nil, fmt.Errorf("error pinging DB: %v", err)
-	}
-
-	return &db, nil
-}
-
-func (db *DB) AddUser(user User, pass string) error {
-	hashedPass, err := bcrypt.GenerateFromPassword([]byte(pass), bcrypt.DefaultCost)
-	if err != nil {
-		return fmt.Errorf("error creating password hash: %v", err)
-	}
-
-	query := `
-    INSERT INTO users
-        (username, password, first_name, last_name, role)
-    VALUES (?, ?, ?, ?, ?)
-    `
-	_, err = db.Exec(query, user.UserName, string(hashedPass), user.FirstName, user.LastName, user.Role)
-	if err != nil {
-		return fmt.Errorf("error inserting user into DB: %v", err)
-	}
-
-	return nil
-}
-
-func (db *DB) GetID(userName string) (int64, error) {
-	var id int64
-
-	query := `
-    SELECT id
-    FROM users
-    WHERE username = ?
-    `
-	row := db.QueryRow(query, userName)
-	if err := row.Scan(&id); err != nil {
-		return 0, fmt.Errorf("user not in DB: %v", err)
-	}
-
-	return id, nil
-}
-
-func (db *DB) CheckPassword(id int64, pass string) error {
-	var queriedPass string
-
-	query := `
-    SELECT password
-    FROM users
-    WHERE id = ?
-    `
-	row := db.QueryRow(query, id)
-	if err := row.Scan(&queriedPass); err != nil {
-		return fmt.Errorf("error reading password from DB: %v", err)
-	}
-
-	if err := bcrypt.CompareHashAndPassword([]byte(queriedPass), []byte(pass)); err != nil {
-		return fmt.Errorf("incorrect password: %v", err)
-	}
-
-	return nil
-}
-
-func (db *DB) ChangePassword(id int64, oldPass, newPass string) error {
-	if err := db.CheckPassword(id, oldPass); err != nil {
-		return fmt.Errorf("error checking password: %v", err)
-	}
-
-	newHashedPass, err := bcrypt.GenerateFromPassword([]byte(newPass), bcrypt.DefaultCost)
-	if err != nil {
-		return fmt.Errorf("error creating password hash: %v", err)
-	}
-
-	query := `
-    UPDATE users
-    SET password = ?
-    WHERE id = ?
-    `
-	_, err = db.Exec(query, string(newHashedPass), id)
-	if err != nil {
-		return fmt.Errorf("error updating password in DB: %v", err)
-	}
-
-	return nil
-}
-
-func (db *DB) CountEntries() (int64, error) {
-	var count int64
-
-	query := `SELECT COUNT(*) FROM users`
-	row := db.QueryRow(query)
-	if err := row.Scan(&count); err != nil {
-		return 0, fmt.Errorf("error counting rows in user DB: %v", err)
-	}
-
-	return count, nil
-}
-
-// TODO: No need for ID field in general
-func (db *DB) GetUser(id int64) (*User, error) {
-	user := new(User)
-	query := `
-    SELECT id, username, first_name, last_name, role
-    FROM users
-    WHERE id = ?
-    `
-
-	row := db.QueryRow(query, id)
-	if err := row.Scan(&user.ID, &user.UserName, &user.FirstName,
-		&user.LastName, &user.Role); err != nil {
-		return nil, fmt.Errorf("error reading user information: %v", err)
-	}
-
-	return user, nil
-}

cmd/data/helpers.go

@@ -1,52 +0,0 @@
-package data
-
-import (
-	"bufio"
-	"fmt"
-	"os"
-	"strings"
-	"syscall"
-
-	"golang.org/x/term"
-)
-
-func getUsername() (string, error) {
-	user := os.Getenv("DB_USER")
-	if user == "" {
-		var err error
-		fmt.Printf("DB Benutzer: ")
-		user, err = bufio.NewReader(os.Stdin).ReadString('\n')
-		if err != nil {
-			return "", fmt.Errorf("error reading username: %v", err)
-		}
-	}
-	return strings.TrimSpace(user), nil
-}
-
-func getPassword() (string, error) {
-	pass := os.Getenv("DB_PASS")
-	if pass == "" {
-		fmt.Printf("DB Passwort: ")
-		bytePass, err := term.ReadPassword(int(syscall.Stdin))
-		if err != nil {
-			return "", fmt.Errorf("error reading password: %v", err)
-		}
-		fmt.Println()
-		pass = strings.TrimSpace(string(bytePass))
-	}
-	return pass, nil
-}
-
-func getCredentials() (string, string, error) {
-	user, err := getUsername()
-	if err != nil {
-		return "", "", fmt.Errorf("error getting username: %v", err)
-	}
-
-	pass, err := getPassword()
-	if err != nil {
-		return "", "", fmt.Errorf("error getting password: %v", err)
-	}
-
-	return user, pass, nil
-}

cmd/data/rss.go

@@ -1,106 +0,0 @@
-package data
-
-import (
-	"encoding/gob"
-	"fmt"
-	"os"
-	"sync"
-
-	"github.com/gorilla/feeds"
-)
-
-type Feed struct {
-	addCh chan *feeds.Item
-	setCh chan feeds.Feed
-	getCh chan feeds.Feed
-	feed  feeds.Feed
-	wg    sync.WaitGroup
-}
-
-func minFeed() *Feed {
-	return &Feed{
-		addCh: make(chan *feeds.Item),
-		setCh: make(chan feeds.Feed),
-		getCh: make(chan feeds.Feed),
-	}
-}
-
-func (f *Feed) start() {
-	f.wg.Done()
-	for {
-		select {
-		case item := <-f.addCh:
-			f.feed.Items = append(f.feed.Items, item)
-		case f.getCh <- f.feed:
-		case f.feed = <-f.setCh:
-		}
-	}
-}
-
-func NewFeed(title, link, desc string) *Feed {
-	feed := minFeed()
-	feed.feed = feeds.Feed{
-		Title:       title,
-		Link:        &feeds.Link{Href: link},
-		Description: desc,
-	}
-
-	feed.wg.Add(1)
-	go feed.start()
-	feed.wg.Wait()
-
-	return feed
-}
-
-func (f *Feed) Get() feeds.Feed {
-	return <-f.getCh
-}
-
-func (f *Feed) Set(feed feeds.Feed) {
-	f.setCh <- feed
-}
-
-func OpenFeed(filename string) (*Feed, error) {
-	file, err := os.Open(filename)
-	if err != nil {
-		return nil, fmt.Errorf("error opening file %v: %v", filename, err)
-	}
-	defer file.Close()
-
-	feed := minFeed()
-	feed.wg.Add(1)
-	go feed.start()
-	feed.wg.Wait()
-
-	decoder := gob.NewDecoder(file)
-	tmpFeed := new(feeds.Feed)
-	err = decoder.Decode(tmpFeed)
-	if err != nil {
-		return nil, fmt.Errorf("error decoding file %v: %v", filename, err)
-	}
-
-	feed.Set(*tmpFeed)
-
-	return feed, nil
-}
-
-func (f *Feed) Save(filename string) error {
-	file, err := os.Create(filename)
-	if err != nil {
-		return fmt.Errorf("error creating file %v: %v", filename, err)
-	}
-	defer file.Close()
-
-	encoder := gob.NewEncoder(file)
-	feed := f.Get()
-	err = encoder.Encode(feed)
-	if err != nil {
-		return fmt.Errorf("error encoding file %v: %v", filename, err)
-	}
-
-	return nil
-}
-
-func (f *Feed) Add(i *feeds.Item) {
-	f.addCh <- i
-}

cmd/data/user.go

@@ -1,16 +0,0 @@
-package data
-
-const (
-	Admin = iota
-	Editor
-	Writer
-)
-
-type User struct {
-	UserName         string
-	FirstName        string
-	LastName         string
-	RejectedArticles []*Article
-	ID               int64
-	Role             int
-}

cmd/frontend/articles.go

@@ -0,0 +1,497 @@
+package frontend
+
+import (
+	"encoding/json"
+	"fmt"
+	"html/template"
+	"io"
+	"io/fs"
+	"log"
+	"net/http"
+	"os"
+	"path/filepath"
+	"strconv"
+	"strings"
+	"time"
+
+	"github.com/google/uuid"
+	b "streifling.com/jason/cpolis/cmd/backend"
+)
+
+const (
+	EditMode = iota
+	PreviewMode
+)
+
+func ShowHub(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		session, err := getSession(w, r, c, s)
+		if err != nil {
+			return
+		}
+
+		session.Values["article"] = nil
+		if err = session.Save(r, w); err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		tmpl, err := template.ParseFiles(c.WebDir + "/templates/hub.html")
+		template.Must(tmpl, err).ExecuteTemplate(w, "page-content", session.Values["role"].(int))
+	}
+}
+
+func WriteArticle(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		session, err := getSession(w, r, c, s)
+		if err != nil {
+			return
+		}
+
+		type editorHTMLData struct {
+			Title       string
+			Description string
+			Content     string
+			HTMLContent template.HTML
+			Tags        []*b.Tag
+			Mode        int
+		}
+
+		var data editorHTMLData
+		if session.Values["article"] == nil {
+			data = editorHTMLData{}
+		} else {
+			data = session.Values["article"].(editorHTMLData)
+		}
+		data.Mode = EditMode
+
+		data.Tags, err = db.GetTagList()
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		tmpl, err := template.ParseFiles(c.WebDir + "/templates/editor.html")
+		template.Must(tmpl, err).ExecuteTemplate(w, "page-content", data)
+	}
+}
+
+func SubmitArticle(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		session, err := getSession(w, r, c, s)
+		if err != nil {
+			return
+		}
+
+		session.Values["article"] = nil
+		if err = session.Save(r, w); err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		article := &b.Article{
+			Title:       r.PostFormValue("article-title"),
+			Description: r.PostFormValue("article-description"),
+			Content:     r.PostFormValue("article-content"),
+			Published:   false,
+			Rejected:    false,
+			AuthorID:    session.Values["id"].(int64),
+		}
+
+		article.ID, err = db.AddArticle(article)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		r.ParseForm()
+		tags := make([]int64, 0)
+		for _, tag := range r.Form["tags"] {
+			tagID, err := strconv.ParseInt(tag, 10, 64)
+			if err != nil {
+				log.Println(err)
+				http.Error(w, err.Error(), http.StatusInternalServerError)
+				return
+			}
+			tags = append(tags, tagID)
+		}
+		if err = db.WriteArticleTags(article.ID, tags); err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		tmpl, err := template.ParseFiles(c.WebDir + "/templates/hub.html")
+		tmpl = template.Must(tmpl, err)
+		tmpl.ExecuteTemplate(w, "page-content", session.Values["role"])
+	}
+}
+
+func ResubmitArticle(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		session, err := getSession(w, r, c, s)
+		if err != nil {
+			return
+		}
+
+		id, err := strconv.ParseInt(r.PathValue("id"), 10, 64)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		title := r.PostFormValue("article-title")
+		description := r.PostFormValue("article-description")
+		content := r.PostFormValue("article-content")
+
+		if err = db.UpdateAttributes(
+			&b.Attribute{Table: "articles", ID: id, AttName: "title", Value: title},
+			&b.Attribute{Table: "articles", ID: id, AttName: "description", Value: description},
+			&b.Attribute{Table: "articles", ID: id, AttName: "content", Value: content},
+			&b.Attribute{Table: "articles", ID: id, AttName: "rejected", Value: false},
+		); err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		r.ParseForm()
+		tags := make([]int64, 0)
+		for _, tag := range r.Form["tags"] {
+			tagID, err := strconv.ParseInt(tag, 10, 64)
+			if err != nil {
+				log.Println(err)
+				http.Error(w, err.Error(), http.StatusInternalServerError)
+				return
+			}
+			tags = append(tags, tagID)
+		}
+		if err = db.UpdateArticleTags(id, tags); err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		tmpl, err := template.ParseFiles(c.WebDir + "/templates/hub.html")
+		tmpl = template.Must(tmpl, err)
+		tmpl.ExecuteTemplate(w, "page-content", session.Values["role"])
+	}
+}
+
+func ShowUnpublishedArticles(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		if _, err := getSession(w, r, c, s); err != nil {
+			return
+		}
+
+		unpublishedArticles, err := db.GetCertainArticles(false, false)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		tmpl, err := template.ParseFiles(c.WebDir + "/templates/unpublished-articles.html")
+		tmpl = template.Must(tmpl, err)
+		tmpl.ExecuteTemplate(w, "page-content", unpublishedArticles)
+	}
+}
+
+func ShowRejectedArticles(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		session, err := getSession(w, r, c, s)
+		if err != nil {
+			return
+		}
+
+		type htmlData struct {
+			MyIDs            map[int64]bool
+			RejectedArticles []*b.Article
+		}
+		data := new(htmlData)
+
+		data.RejectedArticles, err = db.GetCertainArticles(false, true)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		data.MyIDs = make(map[int64]bool)
+		for _, article := range data.RejectedArticles {
+			if article.AuthorID == session.Values["id"].(int64) {
+				data.MyIDs[article.ID] = true
+			}
+		}
+
+		tmpl, err := template.ParseFiles(c.WebDir + "/templates/rejected-articles.html")
+		tmpl = template.Must(tmpl, err)
+		tmpl.ExecuteTemplate(w, "page-content", data)
+	}
+}
+
+func ReviewUnpublishedArticle(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		if _, err := getSession(w, r, c, s); err != nil {
+			return
+		}
+
+		type htmlData struct {
+			Title       string
+			Description string
+			Content     template.HTML
+			Tags        []*b.Tag
+			ID          int64
+		}
+
+		var err error
+		data := new(htmlData)
+
+		data.ID, err = strconv.ParseInt(r.PathValue("id"), 10, 64)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		article, err := db.GetArticle(data.ID)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		data.Title, err = b.ConvertToPlain(article.Title)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		data.Description, err = b.ConvertToPlain(article.Description)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		content, err := b.ConvertToHTML(article.Content)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+		data.Content = template.HTML(content)
+
+		data.Tags, err = db.GetArticleTags(data.ID)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		tmpl, err := template.ParseFiles(c.WebDir + "/templates/to-be-published.html")
+		tmpl = template.Must(tmpl, err)
+		tmpl.ExecuteTemplate(w, "page-content", data)
+	}
+}
+
+func ReviewRejectedArticle(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		if _, err := getSession(w, r, c, s); err != nil {
+			return
+		}
+
+		type htmlData struct {
+			Selected map[int64]bool
+			Article  *b.Article
+			Tags     []*b.Tag
+		}
+		data := new(htmlData)
+
+		id, err := strconv.ParseInt(r.PathValue("id"), 10, 64)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		data.Article, err = db.GetArticle(id)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		data.Tags, err = db.GetTagList()
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		selectedTags, err := db.GetArticleTags(id)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+		data.Selected = make(map[int64]bool)
+		for _, tag := range selectedTags {
+			data.Selected[tag.ID] = true
+		}
+
+		tmpl, err := template.ParseFiles(c.WebDir + "/templates/rework-article.html")
+		tmpl = template.Must(tmpl, err)
+		tmpl.ExecuteTemplate(w, "page-content", data)
+	}
+}
+
+func PublishArticle(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		session, err := getSession(w, r, c, s)
+		if err != nil {
+			return
+		}
+
+		id, err := strconv.ParseInt(r.PathValue("id"), 10, 64)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		if err = db.AddArticleToCurrentIssue(id); err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		if err = db.UpdateAttributes(
+			&b.Attribute{Table: "articles", ID: id, AttName: "published", Value: true},
+			&b.Attribute{Table: "articles", ID: id, AttName: "rejected", Value: false},
+			&b.Attribute{Table: "articles", ID: id, AttName: "created", Value: time.Now().Format("2006-01-02 15:04:05")},
+		); err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		feed, err := b.GenerateRSS(db, c.Title, c.Link, c.Description)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+		if err = b.SaveRSS(c.RSSFile, feed); err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		tmpl, err := template.ParseFiles(c.WebDir + "/templates/hub.html")
+		tmpl = template.Must(tmpl, err)
+		tmpl.ExecuteTemplate(w, "page-content", session.Values["role"])
+	}
+}
+
+func RejectArticle(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		session, err := getSession(w, r, c, s)
+		if err != nil {
+			return
+		}
+
+		id, err := strconv.ParseInt(r.PathValue("id"), 10, 64)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		if err = db.UpdateAttributes(
+			&b.Attribute{Table: "articles", ID: id, AttName: "rejected", Value: true},
+		); err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		tmpl, err := template.ParseFiles(c.WebDir + "/templates/hub.html")
+		tmpl = template.Must(tmpl, err)
+		tmpl.ExecuteTemplate(w, "page-content", session.Values["role"])
+	}
+}
+
+func ShowCurrentArticles(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		if _, err := getSession(w, r, c, s); err != nil {
+			return
+		}
+
+		articles, err := db.GetCurrentIssueArticles()
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		tmpl, err := template.ParseFiles(c.WebDir + "/templates/current-articles.html")
+		template.Must(tmpl, err).ExecuteTemplate(w, "page-content", articles)
+	}
+}
+
+func UploadImage(c *b.Config, s *b.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		if _, err := getSession(w, r, c, s); err != nil {
+			return
+		}
+
+		file, header, err := r.FormFile("article-image")
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+		defer file.Close()
+
+		nameStrings := strings.Split(header.Filename, ".")
+		extension := "." + nameStrings[len(nameStrings)-1]
+		filename := fmt.Sprint(uuid.New(), extension)
+		absFilepath, err := filepath.Abs(fmt.Sprint(c.PicsDir, "/", filename))
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		if err = os.MkdirAll(fmt.Sprint(c.PicsDir, "/"), fs.FileMode(0755)); err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		img, err := os.Create(absFilepath)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+		defer img.Close()
+
+		if _, err = io.Copy(img, file); err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		url := fmt.Sprint(c.Domain, "/pics/", filename)
+		w.Header().Set("Content-Type", "application/json")
+		json.NewEncoder(w).Encode(url)
+	}
+}

cmd/frontend/editor.go

@@ -0,0 +1,34 @@
+package frontend
+
+import (
+	"html/template"
+	"net/http"
+
+	b "streifling.com/jason/cpolis/cmd/backend"
+)
+
+func CreateTag(c *b.Config, s *b.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		if _, err := getSession(w, r, c, s); err != nil {
+			return
+		}
+
+		tmpl, err := template.ParseFiles(c.WebDir + "/templates/add-tag.html")
+		template.Must(tmpl, err).ExecuteTemplate(w, "page-content", nil)
+	}
+}
+
+func AddTag(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		session, err := getSession(w, r, c, s)
+		if err != nil {
+			return
+		}
+
+		db.AddTag(r.PostFormValue("tag"))
+
+		tmpl, err := template.ParseFiles(c.WebDir + "/templates/hub.html")
+		tmpl = template.Must(tmpl, err)
+		tmpl.ExecuteTemplate(w, "page-content", session.Values["role"])
+	}
+}

cmd/frontend/images.go

@@ -0,0 +1,26 @@
+package frontend
+
+import (
+	"log"
+	"net/http"
+	"path/filepath"
+
+	b "streifling.com/jason/cpolis/cmd/backend"
+)
+
+func ServeImage(c *b.Config, s *b.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		if _, err := getSession(w, r, c, s); err != nil {
+			return
+		}
+
+		absFilepath, err := filepath.Abs(c.PicsDir)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		http.ServeFile(w, r, absFilepath+"/"+r.PathValue("pic"))
+	}
+}

cmd/frontend/issues.go

@@ -0,0 +1,28 @@
+package frontend
+
+import (
+	"html/template"
+	"log"
+	"net/http"
+
+	b "streifling.com/jason/cpolis/cmd/backend"
+)
+
+func PublishLatestIssue(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		session, err := getSession(w, r, c, s)
+		if err != nil {
+			return
+		}
+
+		if err := db.PublishLatestIssue(); err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		tmpl, err := template.ParseFiles(c.WebDir + "/templates/hub.html")
+		tmpl = template.Must(tmpl, err)
+		tmpl.ExecuteTemplate(w, "page-content", session.Values["role"])
+	}
+}

cmd/frontend/sessions.go

@@ -0,0 +1,109 @@
+package frontend
+
+import (
+	"fmt"
+	"html/template"
+	"log"
+	"net/http"
+
+	b "streifling.com/jason/cpolis/cmd/backend"
+)
+
+func saveSession(w http.ResponseWriter, r *http.Request, s *b.CookieStore, u *b.User) error {
+	session, err := s.Get(r, "cookie")
+	if err != nil {
+		return fmt.Errorf("error getting session: %v", err)
+	}
+
+	session.Values["authenticated"] = true
+	session.Values["id"] = u.ID
+	session.Values["name"] = u.FirstName + u.LastName
+	session.Values["role"] = u.Role
+	if err := session.Save(r, w); err != nil {
+		return fmt.Errorf("error saving session: %v", err)
+	}
+
+	return nil
+}
+
+func HomePage(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		numRows, err := db.CountEntries("users")
+		if err != nil {
+			log.Fatalln(err)
+		}
+
+		files := []string{c.WebDir + "/templates/index.html"}
+		if numRows == 0 {
+			files = append(files, c.WebDir+"/templates/first-user.html")
+			tmpl, err := template.ParseFiles(files...)
+			template.Must(tmpl, err).Execute(w, nil)
+		} else {
+			session, _ := s.Get(r, "cookie")
+			if auth, ok := session.Values["authenticated"].(bool); auth && ok {
+				files = append(files, c.WebDir+"/templates/hub.html")
+				tmpl, err := template.ParseFiles(files...)
+				template.Must(tmpl, err).Execute(w, session.Values["role"])
+			} else {
+				files = append(files, c.WebDir+"/templates/login.html")
+				tmpl, err := template.ParseFiles(files...)
+				template.Must(tmpl, err).Execute(w, nil)
+			}
+		}
+	}
+}
+
+func Login(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		userName := r.PostFormValue("username")
+		password := r.PostFormValue("password")
+
+		id, ok := db.GetID(userName)
+		if !ok {
+			http.Error(w, fmt.Sprintf("no such user: %v", userName), http.StatusInternalServerError)
+			return
+		}
+
+		if err := db.CheckPassword(id, password); err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		user, err := db.GetUser(id)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		if err := saveSession(w, r, s, user); err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		tmpl, err := template.ParseFiles(c.WebDir + "/templates/hub.html")
+		template.Must(tmpl, err).ExecuteTemplate(w, "page-content", user.Role)
+	}
+}
+
+func Logout(c *b.Config, s *b.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		session, err := getSession(w, r, c, s)
+		if err != nil {
+			return
+		}
+
+		session.Options.MaxAge = -1
+
+		if err = session.Save(r, w); err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		tmpl, err := template.ParseFiles(c.WebDir + "/templates/login.html")
+		template.Must(tmpl, err).ExecuteTemplate(w, "page-content", nil)
+	}
+}

cmd/frontend/users.go

@@ -0,0 +1,434 @@
+package frontend
+
+import (
+	"fmt"
+	"html/template"
+	"log"
+	"net/http"
+	"strconv"
+
+	b "streifling.com/jason/cpolis/cmd/backend"
+)
+
+type UserData struct {
+	*b.User
+	Msg string
+}
+
+func checkUserStrings(user *b.User) (string, int, bool) {
+	userLen := 15
+	nameLen := 50
+
+	if len(user.UserName) > userLen {
+		return "Benutzername", userLen, false
+	} else if len(user.FirstName) > nameLen {
+		return "Vorname", nameLen, false
+	} else if len(user.LastName) > nameLen {
+		return "Nachname", nameLen, false
+	} else {
+		return "", 0, true
+	}
+}
+
+func CreateUser(c *b.Config, s *b.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		if _, err := getSession(w, r, c, s); err != nil {
+			return
+		}
+
+		tmpl, err := template.ParseFiles(c.WebDir + "/templates/add-user.html")
+		template.Must(tmpl, err).ExecuteTemplate(w, "page-content", nil)
+	}
+}
+
+func AddUser(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		session, err := getSession(w, r, c, s)
+		if err != nil {
+			return
+		}
+
+		role, err := strconv.Atoi(r.PostFormValue("role"))
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		htmlData := UserData{
+			User: &b.User{
+				UserName:  r.PostFormValue("username"),
+				FirstName: r.PostFormValue("first-name"),
+				LastName:  r.PostFormValue("last-name"),
+				Role:      role,
+			},
+		}
+		pass := r.PostFormValue("password")
+		pass2 := r.PostFormValue("password2")
+
+		if len(htmlData.UserName) == 0 || len(htmlData.FirstName) == 0 ||
+			len(htmlData.LastName) == 0 || len(pass) == 0 || len(pass2) == 0 {
+			htmlData.Msg = "Alle Felder müssen ausgefüllt werden."
+			tmpl, err := template.ParseFiles(c.WebDir + "/templates/add-user.html")
+			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", htmlData)
+			return
+		}
+		userString, stringLen, ok := checkUserStrings(htmlData.User)
+		if !ok {
+			htmlData.Msg = fmt.Sprint(userString, " ist zu lang. Maximal ",
+				stringLen, " Zeichen erlaubt.")
+			tmpl, err := template.ParseFiles(c.WebDir + "/templates/add-user.html")
+			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", htmlData)
+			return
+		}
+		id, _ := db.GetID(htmlData.UserName)
+		if id != 0 {
+			htmlData.Msg = fmt.Sprint(htmlData.UserName,
+				" ist bereits vergeben. Bitte anderen Benutzernamen wählen.")
+			tmpl, err := template.ParseFiles(c.WebDir + "/templates/add-user.html")
+			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", htmlData)
+			return
+		}
+		if pass != pass2 {
+			htmlData.Msg = "Die Passwörter stimmen nicht überein."
+			tmpl, err := template.ParseFiles(c.WebDir + "/templates/add-user.html")
+			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", htmlData)
+			return
+		}
+
+		_, err = db.AddUser(htmlData.User, pass)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		tmpl, err := template.ParseFiles(c.WebDir + "/templates/hub.html")
+		tmpl = template.Must(tmpl, err)
+		tmpl.ExecuteTemplate(w, "page-content", session.Values["role"].(int))
+	}
+}
+
+func EditSelf(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		session, err := getSession(w, r, c, s)
+		if err != nil {
+			return
+		}
+
+		user, err := db.GetUser(session.Values["id"].(int64))
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		tmpl, err := template.ParseFiles(c.WebDir + "/templates/edit-self.html")
+		template.Must(tmpl, err).ExecuteTemplate(w, "page-content", user)
+	}
+}
+
+func UpdateSelf(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		session, err := getSession(w, r, c, s)
+		if err != nil {
+			return
+		}
+
+		userData := UserData{
+			User: &b.User{
+				ID:        session.Values["id"].(int64),
+				UserName:  r.PostFormValue("username"),
+				FirstName: r.PostFormValue("first-name"),
+				LastName:  r.PostFormValue("last-name"),
+			},
+		}
+		oldPass := r.PostFormValue("old-password")
+		newPass := r.PostFormValue("password")
+		newPass2 := r.PostFormValue("password2")
+
+		if len(userData.UserName) == 0 || len(userData.FirstName) == 0 ||
+			len(userData.LastName) == 0 {
+			userData.Msg = "Alle Felder mit * müssen ausgefüllt sein."
+			tmpl, err := template.ParseFiles(c.WebDir + "/templates/edit-user.html")
+			tmpl = template.Must(tmpl, err)
+			tmpl.ExecuteTemplate(w, "page-content", userData.Msg)
+			return
+		}
+
+		userString, stringLen, ok := checkUserStrings(userData.User)
+		if !ok {
+			userData.Msg = fmt.Sprint(userString, " ist zu lang. Maximal ",
+				stringLen, " Zeichen erlaubt.")
+			tmpl, err := template.ParseFiles(c.WebDir + "/templates/edit-user.html")
+			tmpl = template.Must(tmpl, err)
+			tmpl.ExecuteTemplate(w, "page-content", userData)
+			return
+		}
+
+		if id, ok := db.GetID(userData.UserName); ok {
+			if id != userData.ID {
+				userData.Msg = "Benutzername bereits vergeben."
+				userData.UserName = ""
+				tmpl, err := template.ParseFiles(c.WebDir + "/templates/edit-user.html")
+				tmpl = template.Must(tmpl, err)
+				tmpl.ExecuteTemplate(w, "page-content", userData)
+				return
+			}
+		}
+
+		if err = db.UpdateOwnAttributes(
+			userData.ID,
+			userData.UserName,
+			userData.FirstName,
+			userData.LastName,
+			oldPass,
+			newPass,
+			newPass2); err != nil {
+			userData.Msg = "Aktualisierung der Benutzerdaten fehlgeschlagen."
+			tmpl, err := template.ParseFiles(c.WebDir + "/templates/edit-user.html")
+			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", userData)
+		}
+
+		tmpl, err := template.ParseFiles(c.WebDir + "/templates/hub.html")
+		tmpl = template.Must(tmpl, err)
+		tmpl.ExecuteTemplate(w, "page-content", session.Values["role"].(int))
+	}
+}
+
+func AddFirstUser(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		if _, err := getSession(w, r, c, s); err != nil {
+			return
+		}
+
+		var err error
+		htmlData := UserData{
+			User: &b.User{
+				UserName:  r.PostFormValue("username"),
+				FirstName: r.PostFormValue("first-name"),
+				LastName:  r.PostFormValue("last-name"),
+				Role:      b.Admin,
+			},
+		}
+		pass := r.PostFormValue("password")
+		pass2 := r.PostFormValue("password2")
+
+		if len(htmlData.UserName) == 0 || len(htmlData.FirstName) == 0 ||
+			len(htmlData.LastName) == 0 || len(pass) == 0 || len(pass2) == 0 {
+			htmlData.Msg = "Alle Felder müssen ausgefüllt werden."
+			tmpl, err := template.ParseFiles(c.WebDir + "/templates/add-user.html")
+			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", htmlData)
+			return
+		}
+		userString, stringLen, ok := checkUserStrings(htmlData.User)
+		if !ok {
+			htmlData.Msg = fmt.Sprint(userString, " ist zu lang. Maximal ",
+				stringLen, " Zeichen erlaubt.")
+			tmpl, err := template.ParseFiles(c.WebDir + "/templates/add-user.html")
+			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", htmlData)
+			return
+		}
+		id, _ := db.GetID(htmlData.UserName)
+		if id != 0 {
+			htmlData.Msg = fmt.Sprint(htmlData.UserName,
+				" ist bereits vergeben. Bitte anderen Benutzernamen wählen.")
+			tmpl, err := template.ParseFiles(c.WebDir + "/templates/add-user.html")
+			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", htmlData)
+			return
+		}
+		if pass != pass2 {
+			htmlData.Msg = "Die Passwörter stimmen nicht überein."
+			tmpl, err := template.ParseFiles(c.WebDir + "/templates/add-user.html")
+			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", htmlData)
+			return
+		}
+
+		htmlData.ID, err = db.AddFirstUser(htmlData.User, pass)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+		if htmlData.ID > 1 {
+			errString := "error: there is already a first user"
+			log.Println(errString)
+			http.Error(w, errString, http.StatusInternalServerError)
+			return
+		}
+
+		if err := saveSession(w, r, s, htmlData.User); err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		if _, err := db.AddIssue(); err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		tmpl, err := template.ParseFiles(c.WebDir + "/templates/hub.html")
+		template.Must(tmpl, err).ExecuteTemplate(w, "page-content", 0)
+	}
+}
+
+func ShowAllUsers(c *b.Config, db *b.DB, s *b.CookieStore, action string) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		session, err := getSession(w, r, c, s)
+		if err != nil {
+			return
+		}
+
+		type htmlData struct {
+			Users  map[int64]*b.User
+			Action string
+		}
+
+		data := &htmlData{Action: action}
+		data.Users, err = db.GetAllUsers()
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		delete(data.Users, session.Values["id"].(int64))
+		tmpl, err := template.ParseFiles(c.WebDir + "/templates/show-all-users.html")
+		template.Must(tmpl, err).ExecuteTemplate(w, "page-content", data)
+	}
+}
+
+func EditUser(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		if _, err := getSession(w, r, c, s); err != nil {
+			return
+		}
+
+		id, err := strconv.ParseInt(r.PathValue("id"), 10, 64)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		user, err := db.GetUser(id)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		tmpl, err := template.ParseFiles(c.WebDir + "/templates/edit-user.html")
+		template.Must(tmpl, err).ExecuteTemplate(w, "page-content", user)
+	}
+}
+
+func UpdateUser(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		session, err := getSession(w, r, c, s)
+		if err != nil {
+			return
+		}
+
+		id, err := strconv.ParseInt(r.PathValue("id"), 10, 64)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		role, err := strconv.Atoi(r.PostFormValue("role"))
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		userData := UserData{
+			User: &b.User{
+				ID:        id,
+				UserName:  r.PostFormValue("username"),
+				FirstName: r.PostFormValue("first-name"),
+				LastName:  r.PostFormValue("last-name"),
+				Role:      role,
+			},
+		}
+		newPass := r.PostFormValue("password")
+		newPass2 := r.PostFormValue("password2")
+
+		if len(userData.UserName) == 0 || len(userData.FirstName) == 0 ||
+			len(userData.LastName) == 0 {
+			userData.Msg = "Alle Felder mit * müssen ausgefüllt sein."
+			tmpl, err := template.ParseFiles(c.WebDir + "/templates/edit-user.html")
+			tmpl = template.Must(tmpl, err)
+			tmpl.ExecuteTemplate(w, "page-content", userData.Msg)
+			return
+		}
+
+		userString, stringLen, ok := checkUserStrings(userData.User)
+		if !ok {
+			userData.Msg = fmt.Sprint(userString, " ist zu lang. Maximal ",
+				stringLen, " Zeichen erlaubt.")
+			tmpl, err := template.ParseFiles(c.WebDir + "/templates/edit-user.html")
+			tmpl = template.Must(tmpl, err)
+			tmpl.ExecuteTemplate(w, "page-content", userData)
+			return
+		}
+
+		if id, ok := db.GetID(userData.UserName); ok {
+			if id != userData.ID {
+				userData.Msg = "Benutzername bereits vergeben."
+				userData.UserName = ""
+				tmpl, err := template.ParseFiles(c.WebDir + "/templates/edit-user.html")
+				tmpl = template.Must(tmpl, err)
+				tmpl.ExecuteTemplate(w, "page-content", userData)
+				return
+			}
+		}
+
+		if err = db.UpdateUserAttributes(
+			userData.ID,
+			userData.UserName,
+			userData.FirstName,
+			userData.LastName,
+			newPass,
+			newPass2,
+			userData.Role); err != nil {
+			userData.Msg = "Aktualisierung der Benutzerdaten fehlgeschlagen."
+			tmpl, err := template.ParseFiles(c.WebDir + "/templates/edit-user.html")
+			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", userData)
+		}
+
+		tmpl, err := template.ParseFiles(c.WebDir + "/templates/hub.html")
+		tmpl = template.Must(tmpl, err)
+		tmpl.ExecuteTemplate(w, "page-content", session.Values["role"].(int))
+	}
+}
+
+func DeleteUser(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		session, err := getSession(w, r, c, s)
+		if err != nil {
+			return
+		}
+
+		id, err := strconv.ParseInt(r.PathValue("id"), 10, 64)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		if err = db.DeleteUser(id); err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		tmpl, err := template.ParseFiles(c.WebDir + "/templates/hub.html")
+		tmpl = template.Must(tmpl, err)
+		tmpl.ExecuteTemplate(w, "page-content", session.Values["role"].(int))
+	}
+}

cmd/frontend/verification.go

@@ -0,0 +1,29 @@
+package frontend
+
+import (
+	"errors"
+	"html/template"
+	"net/http"
+
+	"github.com/gorilla/sessions"
+	b "streifling.com/jason/cpolis/cmd/backend"
+)
+
+// getSession is used for verifying that the user is logged in and returns their session and an error.
+func getSession(w http.ResponseWriter, r *http.Request, c *b.Config, s *b.CookieStore) (*sessions.Session, error) {
+	msg := "Keine gültige Session. Bitte erneut anmelden."
+	tmpl, tmplErr := template.ParseFiles(c.WebDir+"/templates/index.html", c.WebDir+"/templates/login.html")
+
+	session, err := s.Get(r, "cookie")
+	if err != nil {
+		template.Must(tmpl, tmplErr).ExecuteTemplate(w, "page-content", msg)
+		return nil, err
+	}
+
+	if session.IsNew {
+		template.Must(tmpl, tmplErr).ExecuteTemplate(w, "page-content", msg)
+		return session, errors.New("error: no existing session")
+	}
+
+	return session, nil
+}

cmd/main.go

@@ -0,0 +1,86 @@
+package main
+
+import (
+	"encoding/gob"
+	"log"
+	"net/http"
+	"os"
+
+	b "streifling.com/jason/cpolis/cmd/backend"
+	c "streifling.com/jason/cpolis/cmd/calls"
+	f "streifling.com/jason/cpolis/cmd/frontend"
+)
+
+func init() {
+	gob.Register(b.User{})
+}
+
+func main() {
+	config, err := b.HandleConfig()
+	if err != nil {
+		log.Fatalln(err)
+	}
+
+	logFile, err := os.OpenFile(config.LogFile, os.O_WRONLY|os.O_CREATE|os.O_APPEND, 0644)
+	if err != nil {
+		log.Fatalln(err)
+	}
+	defer logFile.Close()
+	log.SetOutput(logFile)
+
+	db, err := b.OpenDB(config.DBName)
+	if err != nil {
+		log.Fatalln(err)
+	}
+	defer db.Close()
+
+	key, err := b.LoadKey(config.KeyFile)
+	if err != nil {
+		key, err = b.NewKey()
+		if err != nil {
+			log.Fatalln(err)
+		}
+		b.SaveKey(key, config.KeyFile)
+	}
+	store := b.NewCookieStore(key)
+
+	mux := http.NewServeMux()
+	mux.Handle("/web/static/", http.StripPrefix("/web/static/",
+		http.FileServer(http.Dir(config.WebDir+"/static/"))))
+	mux.HandleFunc("/", f.HomePage(config, db, store))
+
+	mux.HandleFunc("GET /create-tag", f.CreateTag(config, store))
+	mux.HandleFunc("GET /create-user", f.CreateUser(config, store))
+	mux.HandleFunc("GET /edit-self", f.EditSelf(config, db, store))
+	mux.HandleFunc("GET /edit-user/{id}", f.EditUser(config, db, store))
+	mux.HandleFunc("GET /delete-user/{id}", f.DeleteUser(config, db, store))
+	mux.HandleFunc("GET /hub", f.ShowHub(config, db, store))
+	mux.HandleFunc("GET /logout", f.Logout(config, store))
+	mux.HandleFunc("GET /pdf/get-list", c.ServePDFList(config))
+	mux.HandleFunc("GET /pdf/{id}", c.ServePDF(config))
+	mux.HandleFunc("GET /pics/{pic}", f.ServeImage(config, store))
+	mux.HandleFunc("GET /publish-article/{id}", f.PublishArticle(config, db, store))
+	mux.HandleFunc("GET /publish-issue", f.PublishLatestIssue(config, db, store))
+	mux.HandleFunc("GET /reject-article/{id}", f.RejectArticle(config, db, store))
+	mux.HandleFunc("GET /rejected-articles", f.ShowRejectedArticles(config, db, store))
+	mux.HandleFunc("GET /review-rejected-article/{id}", f.ReviewRejectedArticle(config, db, store))
+	mux.HandleFunc("GET /review-unpublished-article/{id}", f.ReviewUnpublishedArticle(config, db, store))
+	mux.HandleFunc("GET /rss", c.ServeRSS(config))
+	mux.HandleFunc("GET /show-all-users-edit", f.ShowAllUsers(config, db, store, "edit-user"))
+	mux.HandleFunc("GET /show-all-users-delete", f.ShowAllUsers(config, db, store, "delete-user"))
+	mux.HandleFunc("GET /this-issue", f.ShowCurrentArticles(config, db, store))
+	mux.HandleFunc("GET /unpublished-articles", f.ShowUnpublishedArticles(config, db, store))
+	mux.HandleFunc("GET /write-article", f.WriteArticle(config, db, store))
+
+	mux.HandleFunc("POST /add-first-user", f.AddFirstUser(config, db, store))
+	mux.HandleFunc("POST /add-tag", f.AddTag(config, db, store))
+	mux.HandleFunc("POST /add-user", f.AddUser(config, db, store))
+	mux.HandleFunc("POST /login", f.Login(config, db, store))
+	mux.HandleFunc("POST /resubmit-article/{id}", f.ResubmitArticle(config, db, store))
+	mux.HandleFunc("POST /submit-article", f.SubmitArticle(config, db, store))
+	mux.HandleFunc("POST /update-self", f.UpdateSelf(config, db, store))
+	mux.HandleFunc("POST /update-user/{id}", f.UpdateUser(config, db, store))
+	mux.HandleFunc("POST /upload-image", f.UploadImage(config, store))
+
+	log.Fatalln(http.ListenAndServe(config.Port, mux))
+}

cmd/ui/admin.go

@@ -1,105 +0,0 @@
-package ui
-
-import (
-	"fmt"
-	"html/template"
-	"log"
-	"net/http"
-	"strconv"
-
-	"streifling.com/jason/cpolis/cmd/data"
-)
-
-type AddUserData struct {
-	Msg string
-	data.User
-}
-
-func inputsEmpty(user data.User, pass, pass2 string) bool {
-	return len(user.UserName) == 0 ||
-		len(user.FirstName) == 0 ||
-		len(user.LastName) == 0 ||
-		len(pass) == 0 ||
-		len(pass2) == 0
-}
-
-func checkUserStrings(user data.User) (string, int, bool) {
-	userLen := 15
-	nameLen := 50
-
-	if len(user.UserName) > userLen {
-		return "Benutzername", userLen, false
-	} else if len(user.FirstName) > nameLen {
-		return "Vorname", nameLen, false
-	} else if len(user.LastName) > nameLen {
-		return "Nachname", nameLen, false
-	} else {
-		return "", 0, true
-	}
-}
-
-func CreateUser() http.HandlerFunc {
-	return func(w http.ResponseWriter, r *http.Request) {
-		tmpl, err := template.ParseFiles("web/templates/add-user.html")
-		template.Must(tmpl, err).ExecuteTemplate(w, "page-content", nil)
-	}
-}
-
-func AddUser(db *data.DB) http.HandlerFunc {
-	return func(w http.ResponseWriter, r *http.Request) {
-		role, err := strconv.Atoi(r.PostFormValue("role"))
-		if err != nil {
-			log.Println(err)
-			http.Error(w, err.Error(), http.StatusInternalServerError)
-			return
-		}
-
-		htmlData := AddUserData{
-			User: data.User{
-				UserName:  r.PostFormValue("username"),
-				FirstName: r.PostFormValue("first-name"),
-				LastName:  r.PostFormValue("last-name"),
-				Role:      role,
-			},
-		}
-		pass := r.PostFormValue("password")
-		pass2 := r.PostFormValue("password2")
-
-		if inputsEmpty(htmlData.User, pass, pass2) {
-			htmlData.Msg = "Alle Felder müssen ausgefüllt werden."
-			tmpl, err := template.ParseFiles("web/templates/add-user.html")
-			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", htmlData)
-			return
-		}
-		userString, stringLen, ok := checkUserStrings(htmlData.User)
-		if !ok {
-			htmlData.Msg = fmt.Sprint(userString, " ist zu lang. Maximal ",
-				stringLen, " Zeichen erlaubt.")
-			tmpl, err := template.ParseFiles("web/templates/add-user.html")
-			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", htmlData)
-			return
-		}
-		id, _ := db.GetID(htmlData.UserName)
-		if id != 0 {
-			htmlData.Msg = fmt.Sprint(htmlData.UserName,
-				" ist bereits vergeben. Bitte anderen Benutzernamen wählen.")
-			tmpl, err := template.ParseFiles("web/templates/add-user.html")
-			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", htmlData)
-			return
-		}
-		if pass != pass2 {
-			htmlData.Msg = "Die Passwörter stimmen nicht überein."
-			tmpl, err := template.ParseFiles("web/templates/add-user.html")
-			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", htmlData)
-			return
-		}
-
-		if err := db.AddUser(htmlData.User, pass); err != nil {
-			log.Println(err)
-			http.Error(w, err.Error(), http.StatusInternalServerError)
-			return
-		}
-		tmpl, err := template.ParseFiles("web/templates/hub.html")
-		template.Must(tmpl, err).ExecuteTemplate(w, "page-content", nil)
-	}
-}

cmd/ui/articles.go

@@ -1,153 +0,0 @@
-package ui
-
-import (
-	"html/template"
-	"log"
-	"net/http"
-	"time"
-
-	"github.com/google/uuid"
-	"github.com/gorilla/feeds"
-	"streifling.com/jason/cpolis/cmd/data"
-)
-
-func ShowHub(s *data.CookieStore) http.HandlerFunc {
-	return func(w http.ResponseWriter, r *http.Request) {
-		session, err := s.Get(r, "cookie")
-		if err != nil {
-			tmpl, err := template.ParseFiles("web/templates/login.html")
-			msg := "Session nicht mehr gültig. Bitte erneut anmelden."
-			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", msg)
-		}
-
-		tmpl, err := template.ParseFiles("web/templates/hub.html")
-		template.Must(tmpl, err).ExecuteTemplate(w, "page-content", session.Values["role"])
-	}
-}
-
-func WriteArticle(w http.ResponseWriter, r *http.Request) {
-	tmpl, err := template.ParseFiles("web/templates/editor.html")
-	template.Must(tmpl, err).ExecuteTemplate(w, "page-content", nil)
-}
-
-func FinishArticle(l *data.ArticleList, s *data.CookieStore) http.HandlerFunc {
-	return func(w http.ResponseWriter, r *http.Request) {
-		article := new(data.Article)
-		var err error
-
-		article.Title, err = data.ConvertToPlain(r.PostFormValue("editor-title"))
-		if err != nil {
-			log.Println(err)
-			http.Error(w, err.Error(), http.StatusInternalServerError)
-			return
-		}
-
-		article.Desc, err = data.ConvertToPlain(r.PostFormValue("editor-desc"))
-		if err != nil {
-			log.Println(err)
-			http.Error(w, err.Error(), http.StatusInternalServerError)
-			return
-		}
-
-		article.Content, err = data.ConvertToHTML(r.PostFormValue("editor-text"))
-		if err != nil {
-			log.Println(err)
-			http.Error(w, err.Error(), http.StatusInternalServerError)
-			return
-		}
-
-		session, err := s.Get(r, "cookie")
-		if err != nil {
-			tmpl, err := template.ParseFiles("web/templates/login.html")
-			msg := "Session nicht mehr gültig. Bitte erneut anmelden."
-			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", msg)
-		}
-
-		article.UUID = uuid.New()
-		article.Author = session.Values["name"].(string)
-		article.Created = time.Now()
-		article.AuthorID = session.Values["id"].(int64)
-
-		l.Add(article)
-
-		tmpl, err := template.ParseFiles("web/templates/hub.html")
-		tmpl = template.Must(tmpl, err)
-		tmpl.ExecuteTemplate(w, "page-content", session.Values["role"])
-	}
-}
-
-func ShowUnpublishedArticles(l *data.ArticleList) http.HandlerFunc {
-	return func(w http.ResponseWriter, r *http.Request) {
-		tmpl, err := template.ParseFiles("web/templates/unpublished-articles.html")
-		template.Must(tmpl, err).ExecuteTemplate(w, "page-content", l.Get())
-	}
-}
-
-func ReviewArticle(l *data.ArticleList, s *data.CookieStore) http.HandlerFunc {
-	return func(w http.ResponseWriter, r *http.Request) {
-		uuid, err := uuid.Parse(r.PostFormValue("uuid"))
-		if err != nil {
-			log.Println(err)
-			http.Error(w, err.Error(), http.StatusInternalServerError)
-			return
-		}
-
-		for _, article := range l.Get() {
-			if article.UUID == uuid {
-				tmpl, err := template.ParseFiles("web/templates/to-be-published.html")
-				template.Must(tmpl, err).ExecuteTemplate(w, "page-content", article)
-				return
-			}
-		}
-
-		session, err := s.Get(r, "cookie")
-		if err != nil {
-			tmpl, err := template.ParseFiles("web/templates/login.html")
-			msg := "Session nicht mehr gültig. Bitte erneut anmelden."
-			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", msg)
-		}
-
-		tmpl, err := template.ParseFiles("web/templates/hub.html")
-		tmpl = template.Must(tmpl, err)
-		tmpl.ExecuteTemplate(w, "page-content", session.Values["role"])
-	}
-}
-
-func PublishArticle(f *data.Feed, l *data.ArticleList, s *data.CookieStore) http.HandlerFunc {
-	return func(w http.ResponseWriter, r *http.Request) {
-		uuid, err := uuid.Parse(r.PostFormValue("uuid"))
-		if err != nil {
-			log.Println(err)
-			http.Error(w, err.Error(), http.StatusInternalServerError)
-			return
-		}
-
-		article, ok := l.Release(uuid)
-		if !ok {
-			// TODO: Warnung anzeigen
-			// msg = "Alle Felder müssen ausgefüllt werden."
-			// tmpl, err := template.ParseFiles("web/templates/add-user.html")
-			// template.Must(tmpl, err).ExecuteTemplate(w, "page-content", msg)
-			return
-		}
-
-		f.Add(&feeds.Item{
-			Title:       article.Title,
-			Created:     article.Created,
-			Description: article.Desc,
-			Content:     article.Content,
-		})
-		f.Save("tmp/rss.gob")
-
-		session, err := s.Get(r, "cookie")
-		if err != nil {
-			tmpl, err := template.ParseFiles("web/templates/login.html")
-			msg := "Session nicht mehr gültig. Bitte erneut anmelden."
-			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", msg)
-		}
-
-		tmpl, err := template.ParseFiles("web/templates/hub.html")
-		tmpl = template.Must(tmpl, err)
-		tmpl.ExecuteTemplate(w, "page-content", session.Values["role"])
-	}
-}

cmd/ui/rss.go

@@ -1,25 +0,0 @@
-package ui
-
-import (
-	"html/template"
-	"log"
-	"net/http"
-
-	"streifling.com/jason/cpolis/cmd/data"
-)
-
-func ShowRSS(f *data.Feed) http.HandlerFunc {
-	return func(w http.ResponseWriter, r *http.Request) {
-		feed := f.Get()
-		rss, err := feed.ToRss()
-		if err != nil {
-			log.Println(err)
-			http.Error(w, err.Error(), http.StatusInternalServerError)
-			return
-		}
-
-		files := []string{"web/templates/index.html", "web/templates/feed.rss"}
-		tmpl, err := template.ParseFiles(files...)
-		template.Must(tmpl, err).Execute(w, rss)
-	}
-}

cmd/ui/sessions.go

@@ -1,83 +0,0 @@
-package ui
-
-import (
-	"html/template"
-	"log"
-	"net/http"
-
-	"streifling.com/jason/cpolis/cmd/data"
-)
-
-func HomePage(db *data.DB, s *data.CookieStore) http.HandlerFunc {
-	return func(w http.ResponseWriter, r *http.Request) {
-		numRows, err := db.CountEntries()
-		if err != nil {
-			log.Fatalln(err)
-		}
-
-		files := []string{"web/templates/index.html"}
-		if numRows == 0 {
-			files = append(files, "web/templates/add-user.html")
-			tmpl, err := template.ParseFiles(files...)
-			template.Must(tmpl, err).Execute(w, nil)
-		} else {
-			session, _ := s.Get(r, "cookie")
-			if auth, ok := session.Values["authenticated"].(bool); auth && ok {
-				files = append(files, "web/templates/hub.html")
-				tmpl, err := template.ParseFiles(files...)
-				template.Must(tmpl, err).Execute(w, session.Values["role"])
-			} else {
-				files = append(files, "web/templates/login.html")
-				tmpl, err := template.ParseFiles(files...)
-				template.Must(tmpl, err).Execute(w, nil)
-			}
-		}
-	}
-}
-
-func Login(db *data.DB, s *data.CookieStore) http.HandlerFunc {
-	return func(w http.ResponseWriter, r *http.Request) {
-		userName := r.PostFormValue("username")
-		password := r.PostFormValue("password")
-
-		id, err := db.GetID(userName)
-		if err != nil {
-			log.Println(err)
-			http.Error(w, err.Error(), http.StatusInternalServerError)
-			return
-		}
-
-		if err := db.CheckPassword(id, password); err != nil {
-			log.Println(err)
-			http.Error(w, err.Error(), http.StatusInternalServerError)
-			return
-		}
-
-		user, err := db.GetUser(id)
-		if err != nil {
-			log.Println(err)
-			http.Error(w, err.Error(), http.StatusInternalServerError)
-			return
-		}
-
-		session, err := s.Get(r, "cookie")
-		if err != nil {
-			log.Println(err)
-			http.Error(w, err.Error(), http.StatusBadRequest)
-			return
-		}
-
-		session.Values["authenticated"] = true
-		session.Values["id"] = user.ID
-		session.Values["name"] = user.FirstName + user.LastName
-		session.Values["role"] = user.Role
-		if err := session.Save(r, w); err != nil {
-			log.Println(err)
-			http.Error(w, err.Error(), http.StatusInternalServerError)
-			return
-		}
-
-		tmpl, err := template.ParseFiles("web/templates/hub.html")
-		template.Must(tmpl, err).ExecuteTemplate(w, "page-content", user.Role)
-	}
-}

create_db.sql

@@ -0,0 +1,50 @@
+DROP TABLE IF EXISTS articles_tags;
+DROP TABLE IF EXISTS tags;
+DROP TABLE IF EXISTS articles;
+DROP TABLE IF EXISTS issues;
+DROP TABLE IF EXISTS users;
+
+CREATE TABLE users (
+    id          INT         AUTO_INCREMENT,
+    username    VARCHAR(15) NOT NULL UNIQUE,
+    password    VARCHAR(60) NOT NULL,
+    first_name  VARCHAR(50) NOT NULL,
+    last_name   VARCHAR(50) NOT NULL,
+    role        INT         NOT NULL,
+    PRIMARY KEY(id)
+);
+
+CREATE TABLE issues (
+    id          INT     AUTO_INCREMENT,
+    published   BOOL    NOT NULL,
+    PRIMARY KEY(id)
+);
+
+CREATE TABLE articles (
+    id          INT             AUTO_INCREMENT,
+    title       VARCHAR(255)    NOT NULL,
+    created     TIMESTAMP       DEFAULT CURRENT_TIMESTAMP,
+    description TEXT            NOT NULL,
+    content     TEXT            NOT NULL,
+    published   BOOL            NOT NULL,
+    rejected    BOOL            NOT NULL,
+    author_id   INT             NOT NULL,
+    issue_id    INT             NOT NULL,
+    PRIMARY KEY(id),
+    FOREIGN KEY(author_id) REFERENCES users(id),
+    FOREIGN KEY(issue_id) REFERENCES issues(id)
+);
+
+CREATE TABLE tags (
+    id      INT         AUTO_INCREMENT,
+    name    VARCHAR(50) NOT NULL UNIQUE,
+    PRIMARY KEY(id)
+);
+
+CREATE TABLE articles_tags (
+    article_id  INT,
+    tag_id      INT,
+    PRIMARY KEY(article_id, tag_id),
+    FOREIGN KEY(article_id) REFERENCES articles(id),
+    FOREIGN KEY(tag_id) REFERENCES tags(id)
+);

go.mod

@@ -3,20 +3,57 @@ module streifling.com/jason/cpolis
 go 1.22.0
 
 require (
+	firebase.google.com/go/v4 v4.14.1
+	git.streifling.com/jason/rss v0.1.2
+	github.com/BurntSushi/toml v1.3.2
 	github.com/go-sql-driver/mysql v1.7.1
 	github.com/google/uuid v1.6.0
-	github.com/gorilla/feeds v1.1.2
 	github.com/gorilla/sessions v1.2.2
 	github.com/microcosm-cc/bluemonday v1.0.26
 	github.com/yuin/goldmark v1.7.0
-	golang.org/x/crypto v0.14.0
+	golang.org/x/crypto v0.21.0
-	golang.org/x/term v0.17.0
+	golang.org/x/term v0.18.0
+	google.golang.org/api v0.170.0
 )
 
 require (
+	cloud.google.com/go v0.112.1 // indirect
+	cloud.google.com/go/compute v1.24.0 // indirect
+	cloud.google.com/go/compute/metadata v0.2.3 // indirect
+	cloud.google.com/go/firestore v1.15.0 // indirect
+	cloud.google.com/go/iam v1.1.7 // indirect
+	cloud.google.com/go/longrunning v0.5.5 // indirect
+	cloud.google.com/go/storage v1.40.0 // indirect
+	github.com/MicahParks/keyfunc v1.9.0 // indirect
 	github.com/aymerick/douceur v0.2.0 // indirect
+	github.com/felixge/httpsnoop v1.0.4 // indirect
+	github.com/go-logr/logr v1.4.1 // indirect
+	github.com/go-logr/stdr v1.2.2 // indirect
+	github.com/golang-jwt/jwt/v4 v4.5.0 // indirect
+	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
+	github.com/golang/protobuf v1.5.4 // indirect
+	github.com/google/s2a-go v0.1.7 // indirect
+	github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect
+	github.com/googleapis/gax-go/v2 v2.12.3 // indirect
 	github.com/gorilla/css v1.0.0 // indirect
 	github.com/gorilla/securecookie v1.1.2 // indirect
-	golang.org/x/net v0.17.0 // indirect
+	go.opencensus.io v0.24.0 // indirect
-	golang.org/x/sys v0.17.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.49.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0 // indirect
+	go.opentelemetry.io/otel v1.24.0 // indirect
+	go.opentelemetry.io/otel/metric v1.24.0 // indirect
+	go.opentelemetry.io/otel/trace v1.24.0 // indirect
+	golang.org/x/net v0.23.0 // indirect
+	golang.org/x/oauth2 v0.18.0 // indirect
+	golang.org/x/sync v0.6.0 // indirect
+	golang.org/x/sys v0.18.0 // indirect
+	golang.org/x/text v0.14.0 // indirect
+	golang.org/x/time v0.5.0 // indirect
+	google.golang.org/appengine v1.6.8 // indirect
+	google.golang.org/appengine/v2 v2.0.2 // indirect
+	google.golang.org/genproto v0.0.0-20240213162025-012b6fc9bca9 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20240314234333-6e1732d8331c // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20240311132316-a219d84964c2 // indirect
+	google.golang.org/grpc v1.62.1 // indirect
+	google.golang.org/protobuf v1.33.0 // indirect
 )

go.sum

@@ -1,34 +1,232 @@
+cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
+cloud.google.com/go v0.112.1 h1:uJSeirPke5UNZHIb4SxfZklVSiWWVqW4oXlETwZziwM=
+cloud.google.com/go v0.112.1/go.mod h1:+Vbu+Y1UU+I1rjmzeMOb/8RfkKJK2Gyxi1X6jJCZLo4=
+cloud.google.com/go/compute v1.24.0 h1:phWcR2eWzRJaL/kOiJwfFsPs4BaKq1j6vnpZrc1YlVg=
+cloud.google.com/go/compute v1.24.0/go.mod h1:kw1/T+h/+tK2LJK0wiPPx1intgdAM3j/g3hFDlscY40=
+cloud.google.com/go/compute/metadata v0.2.3 h1:mg4jlk7mCAj6xXp9UJ4fjI9VUI5rubuGBW5aJ7UnBMY=
+cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2AawlZn8kiOGuCv6gTkwuA=
+cloud.google.com/go/firestore v1.15.0 h1:/k8ppuWOtNuDHt2tsRV42yI21uaGnKDEQnRFeBpbFF8=
+cloud.google.com/go/firestore v1.15.0/go.mod h1:GWOxFXcv8GZUtYpWHw/w6IuYNux/BtmeVTMmjrm4yhk=
+cloud.google.com/go/iam v1.1.7 h1:z4VHOhwKLF/+UYXAJDFwGtNF0b6gjsW1Pk9Ml0U/IoM=
+cloud.google.com/go/iam v1.1.7/go.mod h1:J4PMPg8TtyurAUvSmPj8FF3EDgY1SPRZxcUGrn7WXGA=
+cloud.google.com/go/longrunning v0.5.5 h1:GOE6pZFdSrTb4KAiKnXsJBtlE6mEyaW44oKyMILWnOg=
+cloud.google.com/go/longrunning v0.5.5/go.mod h1:WV2LAxD8/rg5Z1cNW6FJ/ZpX4E4VnDnoTk0yawPBB7s=
+cloud.google.com/go/storage v1.40.0 h1:VEpDQV5CJxFmJ6ueWNsKxcr1QAYOXEgxDa+sBbJahPw=
+cloud.google.com/go/storage v1.40.0/go.mod h1:Rrj7/hKlG87BLqDJYtwR0fbPld8uJPbQ2ucUMY7Ir0g=
+firebase.google.com/go/v4 v4.14.1 h1:4qiUETaFRWoFGE1XP5VbcEdtPX93Qs+8B/7KvP2825g=
+firebase.google.com/go/v4 v4.14.1/go.mod h1:fgk2XshgNDEKaioKco+AouiegSI9oTWVqRaBdTTGBoM=
+git.streifling.com/jason/rss v0.1.2 h1:UB3UHJXMt5WDDh9y8n0Z6nS1XortbPXjEr7QZTdovY4=
+git.streifling.com/jason/rss v0.1.2/go.mod h1:gpZF0nZbQSstMpyHD9DTAvlQEG7v4pjO5c7aIMWM4Jg=
+github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
+github.com/BurntSushi/toml v1.3.2 h1:o7IhLm0Msx3BaB+n3Ag7L8EVlByGnpq14C4YWiu/gL8=
+github.com/BurntSushi/toml v1.3.2/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
+github.com/MicahParks/keyfunc v1.9.0 h1:lhKd5xrFHLNOWrDc4Tyb/Q1AJ4LCzQ48GVJyVIID3+o=
+github.com/MicahParks/keyfunc v1.9.0/go.mod h1:IdnCilugA0O/99dW+/MkvlyrsX8+L8+x95xuVNtM5jw=
 github.com/aymerick/douceur v0.2.0 h1:Mv+mAeH1Q+n9Fr+oyamOlAkUNPWPlA8PPGR0QAaYuPk=
 github.com/aymerick/douceur v0.2.0/go.mod h1:wlT5vV2O3h55X9m7iVYN0TBM0NH/MmbLnd30/FjWUq4=
+github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
+github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
+github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
+github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
+github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
+github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
+github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg=
+github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
+github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
+github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ=
+github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
+github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
+github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
 github.com/go-sql-driver/mysql v1.7.1 h1:lUIinVbN1DY0xBg0eMOzmmtGoHwWBbvnWubQUrtU8EI=
 github.com/go-sql-driver/mysql v1.7.1/go.mod h1:OXbVy3sEdcQ2Doequ6Z5BW6fXNQTmx+9S1MCJN5yJMI=
+github.com/golang-jwt/jwt/v4 v4.4.2/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
+github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg=
+github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
+github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
+github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
+github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE=
+github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
+github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
+github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=
+github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA=
+github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs=
+github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w=
+github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
+github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8=
+github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
+github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
+github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
+github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
+github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
+github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
+github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
+github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
+github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
+github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
 github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/google/martian/v3 v3.3.2 h1:IqNFLAmvJOgVlpdEBiQbDc2EwKW77amAycfTuWKdfvw=
+github.com/google/martian/v3 v3.3.2/go.mod h1:oBOf6HBosgwRXnUGWUB05QECsc6uvmMiJ3+6W4l/CUk=
+github.com/google/s2a-go v0.1.7 h1:60BLSyTrOV4/haCDW4zb1guZItoSq8foHCXrAnjBo/o=
+github.com/google/s2a-go v0.1.7/go.mod h1:50CgR4k1jNlWBu4UfS4AcfhVe1r6pdZPygJ3R8F0Qdw=
+github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/googleapis/enterprise-certificate-proxy v0.3.2 h1:Vie5ybvEvT75RniqhfFxPRy3Bf7vr3h0cechB90XaQs=
+github.com/googleapis/enterprise-certificate-proxy v0.3.2/go.mod h1:VLSiSSBs/ksPL8kq3OBOQ6WRI2QnaFynd1DCjZ62+V0=
+github.com/googleapis/gax-go/v2 v2.12.3 h1:5/zPPDvw8Q1SuXjrqrZslrqT7dL/uJT2CQii/cLCKqA=
+github.com/googleapis/gax-go/v2 v2.12.3/go.mod h1:AKloxT6GtNbaLm8QTNSidHUVsHYcBHwWRvkNFJUQcS4=
 github.com/gorilla/css v1.0.0 h1:BQqNyPTi50JCFMTw/b67hByjMVXZRwGha6wxVGkeihY=
 github.com/gorilla/css v1.0.0/go.mod h1:Dn721qIggHpt4+EFCcTLTU/vk5ySda2ReITrtgBl60c=
-github.com/gorilla/feeds v1.1.2 h1:pxzZ5PD3RJdhFH2FsJJ4x6PqMqbgFk1+Vez4XWBW8Iw=
-github.com/gorilla/feeds v1.1.2/go.mod h1:WMib8uJP3BbY+X8Szd1rA5Pzhdfh+HCCAYT2z7Fza6Y=
 github.com/gorilla/securecookie v1.1.2 h1:YCIWL56dvtr73r6715mJs5ZvhtnY73hBvEF8kXD8ePA=
 github.com/gorilla/securecookie v1.1.2/go.mod h1:NfCASbcHqRSY+3a8tlWJwsQap2VX5pwzwo4h3eOamfo=
 github.com/gorilla/sessions v1.2.2 h1:lqzMYz6bOfvn2WriPUjNByzeXIlVzURcPmgMczkmTjY=
 github.com/gorilla/sessions v1.2.2/go.mod h1:ePLdVu+jbEgHH+KWw8I1z2wqd0BAdAQh/8LRvBeoNcQ=
-github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
-github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
-github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
-github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/microcosm-cc/bluemonday v1.0.26 h1:xbqSvqzQMeEHCqMi64VAs4d8uy6Mequs3rQ0k/Khz58=
 github.com/microcosm-cc/bluemonday v1.0.26/go.mod h1:JyzOCs9gkyQyjs+6h10UEVSe02CGwkhd72Xdqh78TWs=
-github.com/rogpeppe/go-internal v1.9.0 h1:73kH8U+JUqXU8lRuOHeVHaa/SZPifC7BkcraZVejAe8=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
-github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
+github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
+github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
+github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
+github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
+github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
+github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
 github.com/yuin/goldmark v1.7.0 h1:EfOIvIMZIzHdB/R/zVrikYLPPwJlfMcNczJFMs1m6sA=
 github.com/yuin/goldmark v1.7.0/go.mod h1:uzxRWxtg69N339t3louHJ7+O03ezfj6PlliRlaOzY1E=
-golang.org/x/crypto v0.14.0 h1:wBqGXzWJW6m1XrIKlAH0Hs1JJ7+9KBwnIO8v66Q9cHc=
+go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0=
-golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4=
+go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo=
-golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM=
+go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.49.0 h1:4Pp6oUg3+e/6M4C0A/3kJ2VYa++dsWVTtGgLVj5xtHg=
-golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=
+go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.49.0/go.mod h1:Mjt1i1INqiaoZOMGR1RIUJN+i3ChKoFRqzrRQhlkbs0=
-golang.org/x/sys v0.17.0 h1:25cE3gD+tdBA7lp7QfhuV+rJiE9YXTcS3VG1SqssI/Y=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0 h1:jq9TW8u3so/bN+JPT166wjOI6/vQPF6Xe7nMNIltagk=
-golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0/go.mod h1:p8pYQP+m5XfbZm9fxtSKAbM6oIllS7s2AfxrChvc7iw=
-golang.org/x/term v0.17.0 h1:mkTF7LCd6WGJNL3K1Ad7kwxNfYAW6a8a8QqtMblp/4U=
+go.opentelemetry.io/otel v1.24.0 h1:0LAOdjNmQeSTzGBzduGe/rU4tZhMwL5rWgtp9Ku5Jfo=
-golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=
+go.opentelemetry.io/otel v1.24.0/go.mod h1:W7b9Ozg4nkF5tWI5zsXkaKKDjdVjpD4oAt9Qi/MArHo=
+go.opentelemetry.io/otel/metric v1.24.0 h1:6EhoGWWK28x1fbpA4tYTOWBkPefTDQnb8WSGXlc88kI=
+go.opentelemetry.io/otel/metric v1.24.0/go.mod h1:VYhLe1rFfxuTXLgj4CBiyz+9WYBA8pNGJgDcSFRKBco=
+go.opentelemetry.io/otel/sdk v1.22.0 h1:6coWHw9xw7EfClIC/+O31R8IY3/+EiRFHevmHafB2Gw=
+go.opentelemetry.io/otel/sdk v1.22.0/go.mod h1:iu7luyVGYovrRpe2fmj3CVKouQNdTOkxtLzPvPz1DOc=
+go.opentelemetry.io/otel/trace v1.24.0 h1:CsKnnL4dUAr/0llH9FKuc698G04IrpWV0MQA/Y1YELI=
+go.opentelemetry.io/otel/trace v1.24.0/go.mod h1:HPc3Xr/cOApsBI154IU0OI0HJexz+aw5uPdbs3UCjNU=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
+golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA=
+golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs=
+golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
+golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
+golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
+golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
+golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
+golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
+golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/net v0.0.0-20220708220712-1185a9018129/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
+golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
+golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs=
+golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg=
+golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
+golang.org/x/oauth2 v0.18.0 h1:09qnuIAgzdx1XplqJvW6CQqMCtGZykZWcXzPMPUusvI=
+golang.org/x/oauth2 v0.18.0/go.mod h1:Wf7knwG0MPoWIMMBgFlEaSUDaKskp0dCfrlJRJXbBi8=
+golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.6.0 h1:5BMeUDZ7vkXGfEr1x9B4bRcTH4lpkTkpdh0T/J+qjbQ=
+golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4=
+golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
+golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
+golang.org/x/term v0.18.0 h1:FcHjZXDMxI8mM3nwhX9HlKop4C0YQvCVCdwYl2wOtE8=
+golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
+golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ=
+golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
+golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
+golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk=
+golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
+golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
+golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
+golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
+golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
+golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 h1:+cNy6SZtPcJQH3LJVLOSmiC7MMxXNOb3PU/VUEz+EhU=
+golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028/go.mod h1:NDW/Ps6MPRej6fsCIbMTohpP40sJ/P/vI1MoTEGwX90=
+google.golang.org/api v0.170.0 h1:zMaruDePM88zxZBG+NG8+reALO2rfLhe/JShitLyT48=
+google.golang.org/api v0.170.0/go.mod h1:/xql9M2btF85xac/VAm4PsLMTLVGUOpq4BE9R8jyNy8=
+google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
+google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
+google.golang.org/appengine v1.6.8 h1:IhEN5q69dyKagZPYMSdIjS2HqprW324FRQZJcGqPAsM=
+google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJffLiz/Ds=
+google.golang.org/appengine/v2 v2.0.2 h1:MSqyWy2shDLwG7chbwBJ5uMyw6SNqJzhJHNDwYB0Akk=
+google.golang.org/appengine/v2 v2.0.2/go.mod h1:PkgRUWz4o1XOvbqtWTkBtCitEJ5Tp4HoVEdMMYQR/8E=
+google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
+google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
+google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
+google.golang.org/genproto v0.0.0-20240213162025-012b6fc9bca9 h1:9+tzLLstTlPTRyJTh+ah5wIMsBW5c4tQwGTN3thOW9Y=
+google.golang.org/genproto v0.0.0-20240213162025-012b6fc9bca9/go.mod h1:mqHbVIp48Muh7Ywss/AD6I5kNVKZMmAa/QEW58Gxp2s=
+google.golang.org/genproto/googleapis/api v0.0.0-20240314234333-6e1732d8331c h1:kaI7oewGK5YnVwj+Y+EJBO/YN1ht8iTL9XkFHtVZLsc=
+google.golang.org/genproto/googleapis/api v0.0.0-20240314234333-6e1732d8331c/go.mod h1:VQW3tUculP/D4B+xVCo+VgSq8As6wA9ZjHl//pmk+6s=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240311132316-a219d84964c2 h1:9IZDv+/GcI6u+a4jRFRLxQs0RUCfavGfoOgEW6jpkI0=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240311132316-a219d84964c2/go.mod h1:UCOku4NytXMJuLQE5VuqA5lX3PcHCBo8pxNyvkf4xBs=
+google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
+google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
+google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
+google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
+google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
+google.golang.org/grpc v1.62.1 h1:B4n+nfKzOICUXMgyrNd19h/I9oH0L1pizfk1d4zSgTk=
+google.golang.org/grpc v1.62.1/go.mod h1:IWTG0VlJLCh1SkC58F7np9ka9mx/WNkjl4PGJaiq+QE=
+google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
+google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
+google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
+google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE=
+google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo=
+google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
+google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
+google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
+google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
+google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
+google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
+google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI=
+google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=

main.go

@@ -1,68 +0,0 @@
-package main
-
-import (
-	"encoding/gob"
-	"log"
-	"net/http"
-	"os"
-
-	"streifling.com/jason/cpolis/cmd/data"
-	"streifling.com/jason/cpolis/cmd/ui"
-)
-
-func init() {
-	gob.Register(data.User{})
-}
-
-func main() {
-	logFile, err := os.Create("tmp/cpolis.log")
-	if err != nil {
-		log.Fatalln(err)
-	}
-	defer logFile.Close()
-	log.SetOutput(logFile)
-
-	db, err := data.OpenDB("cpolis")
-	if err != nil {
-		log.Fatalln(err)
-	}
-	defer db.Close()
-
-	feed, err := data.OpenFeed("tmp/rss.gob")
-	if err != nil {
-		log.Println(err)
-		feed = data.NewFeed("Freimaurer Distrikt Niedersachsen und Sachsen-Anhalt",
-			"https://distrikt-ni-st.de",
-			"Freiheit, Gleichheit, Brüderlichkeit, Toleranz und Humanität")
-	}
-
-	key, err := data.LoadKey("tmp/key.gob")
-	if err != nil {
-		key, err = data.NewKey()
-		if err != nil {
-			log.Fatalln(err)
-		}
-		data.SaveKey(key, "tmp/key.gob")
-	}
-	store := data.NewCookieStore(key)
-
-	articleList := data.NewArticleList()
-
-	mux := http.NewServeMux()
-	mux.Handle("/web/static/", http.StripPrefix("/web/static/", http.FileServer(http.Dir("web/static/"))))
-	mux.HandleFunc("/", ui.HomePage(db, store))
-
-	mux.HandleFunc("GET /hub/", ui.ShowHub(store))
-	mux.HandleFunc("GET /rss/", ui.ShowRSS(feed))
-
-	mux.HandleFunc("POST /add-user/", ui.AddUser(db))
-	mux.HandleFunc("POST /create-user/", ui.CreateUser())
-	mux.HandleFunc("POST /finish-article/", ui.FinishArticle(articleList, store))
-	mux.HandleFunc("POST /login/", ui.Login(db, store))
-	mux.HandleFunc("POST /review-article/", ui.ReviewArticle(articleList, store))
-	mux.HandleFunc("POST /publish-article/", ui.PublishArticle(feed, articleList, store))
-	mux.HandleFunc("POST /unpublished-articles/", ui.ShowUnpublishedArticles(articleList))
-	mux.HandleFunc("POST /write-article/", ui.WriteArticle)
-
-	log.Fatalln(http.ListenAndServe(":8080", mux))
-}

tailwind.config.js

@@ -0,0 +1,10 @@
+/** @type {import('tailwindcss').Config} */
+module.exports = {
+    content: ["./web/templates/*.html"],
+    theme: {
+        extend: {}
+    },
+    plugins: [
+        require('@tailwindcss/typography')
+    ],
+}

web/static/css/input.css

@@ -0,0 +1,41 @@
+@tailwind base;
+@tailwind components;
+@tailwind utilities;
+
+body {
+    width: 800px;
+    @apply mx-auto text-slate-900;
+}
+
+h2 {
+    @apply font-bold mb-2 text-2xl;
+}
+
+form {
+    @apply flex flex-col gap-y-3;
+}
+
+input[type="file"] {
+    @apply border rounded-md w-full;
+}
+
+input[type="password"],
+input[type="text"] {
+    @apply border h-8 rounded-md;
+}
+
+textarea {
+    @apply border h-32 rounded-md;
+}
+
+.btn-area {
+    @apply flex gap-4 mt-4;
+}
+
+.btn {
+    @apply bg-slate-200 border my-2 px-3 py-2 rounded-md w-full hover:bg-slate-100;
+}
+
+.action-btn {
+    @apply bg-slate-800 border my-2 px-3 py-2 rounded-md text-slate-50 w-full hover:bg-slate-700;
+}

web/templates/add-tag.html

@@ -0,0 +1,12 @@
+{{define "page-content"}}
+<h2>Neuer Tag</h2>
+
+<form>
+    <input required name="tag" placeholder="Tag eingeben" type="text" />
+    <div class="btn-area">
+        <input class="action-btn" type="submit" value="Anlegen" hx-post="/add-tag" hx-target="#page-content" />
+        <button class="btn" hx-get="/hub" hx-target="#page-content">Abbrechen</button>
+    </div>
+</form>
+
+{{end}}

web/templates/add-user.html

@@ -1,21 +1,53 @@
 {{define "page-content"}}
 <h2>Neuer Benutzer</h2>
+
 <form>
-    <input required name="username" placeholder="Benutzername" type="text" value="{{.UserName}}" />
+    <div class="grid grid-cols-3 gap-4">
-    <input required name="password" placeholder="Passwort" type="password" />
+        <div>
-    <input required name="password2" placeholder="Passwort wiederholen" type="password" />
+            <label for="username">Benutzername</label>
+            <input class="w-full" required name="username" type="text" value="{{.UserName}}" />
+        </div>
+        <div>
+            <label for="password">Passwort</label>
+            <input class="w-full" required name="password" placeholder="***" type="password" />
+        </div>
+        <div>
+            <label for="password2">Passwort wiederholen</label>
+            <input class="w-full" required name="password2" placeholder="***" type="password" />
+        </div>
+        <div>
+            <label for="first-name">Vorname</label>
+            <input class="w-full" required name="first-name" type="text" value="{{.FirstName}}" />
+        </div>
+        <div>
+            <label for="last-name">Nachname</label>
+            <input class="w-full" required name="last-name" type="text" value="{{.LastName}}" />
+        </div>
+    </div>
 
-    <input required name="first-name" placeholder="Vorname" type="text" value="{{.FirstName}}" />
+    <div class="flex gap-4">
-    <input required name="last-name" placeholder="Nachname" type="text" value="{{.LastName}}" />
+        <div>
+            <input required id="author" name="role" type="radio" value="3" {{if eq .Role 3 }}checked{{end}} />
+            <label for="author">Autor</label>
+        </div>
+        <div>
+            <input required id="editor" name="role" type="radio" value="2" {{if eq .Role 2 }}checked{{end}} />
+            <label for="editor">Redakteur</label>
+        </div>
+        <div>
+            <input required id="publisher" name="role" type="radio" value="1" {{if eq .Role 1 }}checked{{end}} />
+            <label for="publisher">Herausgeber</label>
+        </div>
+        <div>
+            <input required id="admin" name="role" type="radio" value="0" {{if eq .Role 0 }}checked{{end}} />
+            <label for="admin">Administrator</label>
+        </div>
+    </div>
 
-    <label for="writer">Schreiber</label>
+    <div class="btn-area">
-    <input required id="writer" name="role" type="radio" value="2" {{if eq .Role "2" }}checked{{end}} />
+        <input class="action-btn" type="submit" value="Anlegen" hx-post="/add-user" hx-target="#page-content" />
-    <label for="editor">Redakteur</label>
+        <button class="btn" hx-get="/hub" hx-target="#page-content">Abbrechen</button>
-    <input required id="editor" name="role" type="radio" value="1" {{if eq .Role "1" }}checked{{end}} />
+    </div>
-    <label for="admin">Admin</label>
-    <input required id="admin" name="role" type="radio" value="0" {{if eq .Role "0" }}checked{{end}} />
-
-    <input type="submit" value="Anlegen" hx-post="/add-user/" hx-target="#page-content" />
 </form>
 
 <script>

web/templates/current-articles.html

@@ -0,0 +1,17 @@
+{{define "page-content"}}
+<h2>Aktuelle Artikel</h2>
+
+<div class="flex flex-col gap-4">
+    {{range .}}
+    <div class="border px-2 py-1 rounded-md">
+        <h1 class="font-bold text-2xl">{{.Title}}</h1>
+        <p>{{.Description}}</p>
+    </div>
+    {{end}}
+</div>
+
+<div class="btn-area">
+    <button class="action-btn" hx-get="/publish-issue" hx-target="#page-content">Ausgabe publizieren</button>
+    <button class="btn" hx-get="/hub" hx-target="#page-content">Abbrechen</button>
+</div>
+{{end}}

web/templates/edit-self.html

@@ -0,0 +1,43 @@
+{{define "page-content"}}
+<h2>Profil bearbeiten</h2>
+
+<form>
+    <div class="grid grid-cols-3 gap-4">
+        <div>
+            <label for="username">Benutzername</label>
+            <input class="w-full" name="username" type="text" value="{{.UserName}}" />
+        </div>
+
+        <div>
+            <label for="first-name">Vorname</label>
+            <input class="w-full" name="first-name" type="text" value="{{.FirstName}}" />
+        </div>
+
+        <div>
+            <label for="last-name">Nachname</label>
+            <input class="w-full" name="last-name" type="text" value="{{.LastName}}" />
+        </div>
+
+        <div>
+            <label for="old-password">Altes Passwort</label>
+            <input class="w-full" name="old-password" placeholder="***" type="password" />
+        </div>
+
+        <div>
+            <label for="password">Passwort</label>
+            <input class="w-full" name="password" placeholder="***" type="password" />
+        </div>
+
+        <div>
+            <label for="password2">Passwort wiederholen</label>
+            <input class="w-full" name="password2" placeholder="***" type="password" />
+        </div>
+    </div>
+
+    <div class="btn-area">
+        <input class="action-btn" type="submit" value="Aktualisieren" hx-post="/update-self"
+            hx-target="#page-content" />
+        <button class="btn" hx-get="/hub" hx-target="#page-content">Abbrechen</button>
+    </div>
+</form>
+{{end}}

web/templates/edit-user.html

@@ -0,0 +1,57 @@
+{{define "page-content"}}
+<h2>Profil von {{.FirstName}} {{.LastName}} bearbeiten</h2>
+
+<form>
+    <div class="grid grid-cols-3 gap-4">
+        <div>
+            <label for="username">Benutzername</label>
+            <input class="w-full" name="username" type="text" value="{{.UserName}}" />
+        </div>
+
+        <div>
+            <label for="first-name">Vorname</label>
+            <input class="w-full" name="first-name" type="text" value="{{.FirstName}}" />
+        </div>
+
+        <div>
+            <label for="last-name">Nachname</label>
+            <input class="w-full" name="last-name" type="text" value="{{.LastName}}" />
+        </div>
+
+        <div>
+            <label for="password">Passwort</label>
+            <input class="w-full" name="password" placeholder="***" type="password" />
+        </div>
+
+        <div>
+            <label for="password2">Passwort wiederholen</label>
+            <input class="w-full" name="password2" placeholder="***" type="password" />
+        </div>
+    </div>
+
+    <div class="flex gap-4">
+        <div>
+            <input required id="author" name="role" type="radio" value="3" {{if eq .Role 3 }}checked{{end}} />
+            <label for="author">Autor</label>
+        </div>
+        <div>
+            <input required id="editor" name="role" type="radio" value="2" {{if eq .Role 2 }}checked{{end}} />
+            <label for="editor">Redakteur</label>
+        </div>
+        <div>
+            <input required id="publisher" name="role" type="radio" value="1" {{if eq .Role 1 }}checked{{end}} />
+            <label for="publisher">Herausgeber</label>
+        </div>
+        <div>
+            <input required id="admin" name="role" type="radio" value="0" {{if eq .Role 0 }}checked{{end}} />
+            <label for="admin">Administrator</label>
+        </div>
+    </div>
+
+    <div class="btn-area">
+        <input class="action-btn" type="submit" value="Aktualisieren" hx-post="/update-user/{{.ID}}"
+            hx-target="#page-content" />
+        <button class="btn" hx-get="/hub" hx-target="#page-content">Abbrechen</button>
+    </div>
+</form>
+{{end}}

web/templates/editor.html

@@ -1,13 +1,67 @@
 {{define "page-content"}}
 <h2>Editor</h2>
-<form>
-    <input name="editor-title" placeholder="Titel" type="text" />
-    <textarea name="editor-desc" placeholder="Beschreibung"></textarea>
-    <textarea name="editor-text" placeholder="Artikel"></textarea>
-    <input type="submit" value="Senden" hx-post="/finish-article/" hx-target="#page-content" />
-</form>
-{{end}}
 
-{{define "html-result"}}
+<form id="edit-area">
-{{.}}
+    <div class="flex flex-col gap-y-1">
+        <label for="article-title">Titel</label>
+        <input name="article-title" type="text" value="{{.Title}}" />
+    </div>
+    <div class="flex flex-col">
+        <label for="article-description">Beschreibung</label>
+        <textarea name="article-description">{{.Description}}</textarea>
+    </div>
+    <div class="flex flex-col">
+        <label for="article-content">Artikel</label>
+        <textarea id="easyMDE">{{.Content}}</textarea>
+    </div>
+    <input id="article-content" name="article-content" type="hidden" />
+
+    <div>
+        <span>Tags</span>
+        <div class="flex flex-wrap gap-x-4">
+            {{range .Tags}}
+            <div>
+                <input id="{{.Name}}" name="tags" type="checkbox" value="{{.ID}}" />
+                <label for="{{.Name}}">{{.Name}}</label>
+            </div>
+            {{end}}
+        </div>
+    </div>
+
+    <div class="btn-area">
+        <input class="action-btn" type="submit" value="Senden" hx-post="/submit-article" hx-target="#page-content" />
+        <button class="btn" hx-get="/hub" hx-target="#page-content">Abbrechen</button>
+    </div>
+</form>
+
+<script>
+    var easyMDE = new EasyMDE({
+        element: document.getElementById('easyMDE'),
+        hideIcons: ['image'],
+        imageTexts: {sbInit: ''},
+        showIcons: ["code", "table", "upload-image"],
+        uploadImage: true,
+
+        imageUploadFunction: function (file, onSuccess, onError) {
+            var formData = new FormData();
+            formData.append('article-image', file);
+
+            fetch('/upload-image', {
+                method: 'POST',
+                body: formData
+            })
+                .then(response => response.json())
+                .then(data => {
+                    onSuccess(data);
+                })
+                .catch(error => {
+                    onError(error);
+                });
+        },
+    });
+
+    easyMDE.codemirror.on("change", () => {
+        document.getElementById('article-content').value = easyMDE.value();
+    });
+</script>
 {{end}}

web/templates/feed.rss

@@ -1,3 +0,0 @@
-{{define "page-content"}}
-{{.}}
-{{end}}

web/templates/first-user.html

@@ -0,0 +1,39 @@
+{{define "page-content"}}
+<h2>Erster Benutzer (Administrator)</h2>
+
+<form>
+    <div class="grid grid-cols-3 gap-4">
+        <div>
+            <label for="username">Benutzername</label>
+            <input class="w-full" required name="username" type="text" value="{{.UserName}}" />
+        </div>
+        <div>
+            <label for="password">Passwort</label>
+            <input class="w-full" required name="password" placeholder="***" type="password" />
+        </div>
+        <div>
+            <label for="password2">Passwort wiederholen</label>
+            <input class="w-full" required name="password2" placeholder="***" type="password" />
+        </div>
+        <div>
+            <label for="first-name">Vorname</label>
+            <input class="w-full" required name="first-name" type="text" value="{{.FirstName}}" />
+        </div>
+        <div>
+            <label for="last-name">Nachname</label>
+            <input class="w-full" required name="last-name" type="text" value="{{.LastName}}" />
+        </div>
+    </div>
+
+    <div class="btn-area">
+        <input class="action-btn" type="submit" value="Anlegen" hx-post="/add-first-user" hx-target="#page-content" />
+    </div>
+</form>
+
+<script>
+    var msg = "{{.Msg}}";
+    if (msg != "") {
+        alert(msg);
+    }
+</script>
+{{end}}

web/templates/hub.html

@@ -1,11 +1,49 @@
 {{define "page-content"}}
-<h2>Hub</h2>
+<div class="flex flex-col gap-4">
-<button hx-post="/write-article/" hx-target="#page-content">Artikel schreiben</button>
+    <button class="btn" hx-get="/logout" hx-target="#page-content">Abmelden</button>
-<button hx-post="/rss/" hx-target="#page-content">RSS Feed</button>
+
-{{if eq . 0}}
+    {{if lt . 4}}
-<button hx-post="/create-user/" hx-target="#page-content">Benutzer hinzufügen</button>
+    <div class="mb-3">
-{{end}}
+        <h2>Autor</h2>
-{{if lt . 2}}
+        <div class="grid grid-cols-2 gap-x-4 gap-y-2">
-<button hx-post="/unpublished-articles/" hx-target="#page-content">Unveröffentlichte Artikel</button>
+            <button class="btn" hx-get="/write-article" hx-target="#page-content">Artikel schreiben</button>
-{{end}}
+            <button class="btn" hx-get="/rejected-articles" hx-target="#page-content">Abgelehnte Artikel</button>
+            <a class="btn text-center" href="/rss">RSS Feed</a>
+            <button class="btn" hx-get="/edit-self" hx-target="#page-content">Profil bearbeiten</button>
+        </div>
+    </div>
+    {{end}}
+
+    {{if lt . 3}}
+    <div class="mb-3">
+        <h2>Redakteur</h2>
+        <div class="grid grid-cols-2 gap-4">
+            <button class="btn" hx-get="/unpublished-articles" hx-target="#page-content">
+                Unveröffentlichte Artikel
+            </button>
+            <button class="btn" hx-get="/create-tag" hx-target="#page-content">Neuer Tag</button>
+        </div>
+    </div>
+    {{end}}
+
+    {{if lt . 2}}
+    <div class="mb-3">
+        <h2>Herausgeber</h2>
+        <div class="grid grid-cols-2 gap-4">
+            <button class="btn" hx-get="/this-issue" hx-target="#page-content">Diese Ausgabe</button>
+        </div>
+    </div>
+    {{end}}
+
+    {{if eq . 0}}
+    <div class="mb-3">
+        <h2>Administrator</h2>
+        <div class="grid grid-cols-3 gap-4">
+            <button class="btn" hx-get="/create-user" hx-target="#page-content">Benutzer hinzufügen</button>
+            <button class="btn" hx-get="/show-all-users-edit" hx-target="#page-content">Benutzer bearbeiten</button>
+            <button class="btn" hx-get="/show-all-users-delete" hx-target="#page-content">Benutzer löschen</button>
+        </div>
+    </div>
+    {{end}}
+</div>
 {{end}}

web/templates/index.html

@@ -5,17 +5,29 @@
     <meta charset="UTF-8">
     <meta name="viewport" content="width=device-width, initial-scale=1">
     <title>Orient Editor</title>
-    <link href="web/static/css/style.css" rel="stylesheet">
+    <link href="/web/static/css/style.css" rel="stylesheet">
+    <link rel="stylesheet" href="https://unpkg.com/easymde/dist/easymde.min.css">
 </head>
 
-<body>
+<body class="flex flex-col justify-between min-h-screen bg-slate-50">
-    <h1>Orient Editor</h1>
+    <header class="my-8">
+        <h1 class="font-bold text-4xl text-center">Orient Editor</h1>
+    </header>
 
-    <div id="page-content">
+    <main class="mx-4">
-        {{template "page-content" .}}
+        <div id="page-content">
-    </div>
+            {{template "page-content" .}}
+        </div>
+    </main>
 
-    <script src="web/static/js/htmx.min.js"></script>
+    <footer class="my-8">
+        <p class="text-center text-gray-500 dark:text-gray-400">
+            &copy; 2024 Jason Streifling. Alle Rechte vorbehalten.
+        </p>
+    </footer>
+
+    <script src="https://unpkg.com/htmx.org@2.0.1"></script>
+    <script src="https://unpkg.com/easymde/dist/easymde.min.js"></script>
 </body>
 
 </html>

web/templates/login.html

@@ -1,8 +1,12 @@
 {{define "page-content"}}
 <h2>Anmeldung</h2>
+
 <form>
-    <input name="username" placeholder="Benutzername" type="text" />
+    <div class="btn-area">
-    <input name="password" placeholder="Passwort" type="password" />
+        <input class="w-full" name="username" placeholder="Benutzername" type="text" />
-    <input type="submit" value="Anmelden" hx-post="/login/" hx-target="#page-content" />
+        <input class="w-full" name="password" placeholder="Passwort" type="password" />
+    </div>
+
+    <input class="action-btn" type="submit" value="Anmelden" hx-post="/login" hx-target="#page-content" />
 </form>
 {{end}}

web/templates/rejected-articles.html

@@ -0,0 +1,16 @@
+{{define "page-content"}}
+<h2>Abgelehnte Artikel</h2>
+
+<div class="flex flex-col gap-4">
+    {{range .RejectedArticles}}
+    {{if index $.MyIDs .ID}}
+    <button class="btn" hx-get="/review-rejected-article/{{.ID}}" hx-target="#page-content">
+        <h1 class="font-bold text-2xl">{{.Title}}</h1>
+        <p>{{.Description}}</p>
+    </button>
+    {{end}}
+    {{end}}
+
+    <button class="action-btn" hx-get="/hub" hx-target="#page-content">Zurück</button>
+</div>
+{{end}}

web/templates/rework-article.html

@@ -0,0 +1,69 @@
+{{define "page-content"}}
+<h2>Editor</h2>
+
+<form>
+    <div class="flex flex-col gap-y-1">
+        <label for="article-title">Titel</label>
+        <input name="article-title" type="text" value="{{.Article.Title}}" />
+    </div>
+    <div class="flex flex-col">
+        <label for="article-description">Beschreibung</label>
+        <textarea name="article-description">{{.Article.Description}}</textarea>
+    </div>
+    <div class="flex flex-col">
+        <label for="article-content">Artikel</label>
+        <textarea name="article-content" placeholder="Artikel">{{.Article.Content}}</textarea>
+    </div>
+    <input id="article-content" name="article-content" type="hidden" />
+
+    <div>
+        <span>Tags</span>
+        <div class="flex flex-wrap gap-x-4">
+            {{range .Tags}}
+            <div>
+                <input id="tag-{{.Name}}" name="tags" type="checkbox" value="{{.ID}}" {{if index $.Selected
+                    .ID}}checked{{end}} />
+                <label for="tag-{{.Name}}">{{.Name}}</label>
+            </div>
+            {{end}}
+        </div>
+    </div>
+
+    <div class="btn-area">
+        <input class="action-btn" type="submit" value="Senden" hx-post="/resubmit-article/{{.Article.ID}}"
+            hx-target="#page-content" />
+        <button class="btn" hx-get="/hub" hx-target="#page-content">Zurück</button>
+    </div>
+</form>
+
+<script>
+    var easyMDE = new EasyMDE({
+        element: document.getElementById('easyMDE'),
+        hideIcons: ['image'],
+        imageTexts: {sbInit: ''},
+        showIcons: ["code", "table", "upload-image"],
+        uploadImage: true,
+
+        imageUploadFunction: function (file, onSuccess, onError) {
+            var formData = new FormData();
+            formData.append('article-image', file);
+
+            fetch('/upload-image', {
+                method: 'POST',
+                body: formData
+            })
+                .then(response => response.json())
+                .then(data => {
+                    onSuccess(data);
+                })
+                .catch(error => {
+                    onError(error);
+                });
+        },
+    });
+
+    easyMDE.codemirror.on("change", () => {
+        document.getElementById('article-content').value = easyMDE.value();
+    });
+</script>
+{{end}}

web/templates/show-all-users.html

@@ -0,0 +1,24 @@
+{{define "page-content"}}
+<h2>Alle Benutzer</h2>
+
+<div class="flex flex-col gap-4">
+    {{range .Users}}
+    <button class="btn" hx-get="/{{$.Action}}/{{.ID}}" hx-target="#page-content">
+        <h1 class="font-bold text-2xl">
+            {{.UserName}}
+            ({{if eq .Role 0}}
+            Administrator
+            {{else if eq .Role 1}}
+            Herausgeber
+            {{else if eq .Role 2}}
+            Redakteur
+            {{else}}
+            Autor
+            {{end}})
+        </h1>
+        <p>{{.FirstName}} {{.LastName}}</p>
+    </button>
+    {{end}}
+    <button class="action-btn" hx-get="/hub" hx-target="#page-content">Zurück</button>
+</div>
+{{end}}

web/templates/to-be-published.html

@@ -1,11 +1,37 @@
 {{define "page-content"}}
-<form>
+<h2>Artikel veröffentlichen</h2>
-    <input name="editor-title" type="text" value="{{.Title}}" />
+
-    <textarea name="editor-desc">{{.Desc}}</textarea>
+<div>
-    <textarea name="editor-text">{{.Content}}</textarea>
+    <span>Titel</span>
-    <input name="uuid" type="hidden" value="{{.UUID}}" />
+    <div class="bg-white border mb-3 px-2 py-2 rounded-md w-full">
-    <input type="submit" value="Veröffentlichen" hx-post="/publish-article/" hx-target="#page-content" />
+        {{.Title}}
-    <input type="submit" value="Ablehnen" hx-post="/reject-article/" hx-target="#page-content" />
+    </div>
-</form>
+
-<button hx-get="/hub/" hx-target="#page-content">Zurück</button>
+    <span>Beschreibung</span>
+    <div class="bg-white border mb-3 px-2 py-2 rounded-md w-full">
+        {{.Description}}
+    </div>
+
+    <span>Artikel</span>
+    <div class="bg-white border mb-3 px-2 py-2 rounded-md w-full">
+        <div class="prose">
+            {{.Content}}
+        </div>
+    </div>
+
+    <span>Tags</span>
+    <div class="bg-white border mb-3 px-2 py-2 rounded-md w-full">
+        {{range .Tags}}
+        {{.Name}}
+        <br>
+        {{end}}
+    </div>
+
+    <div class="btn-area">
+        <input class="action-btn" type="submit" value="Veröffentlichen" hx-get="/publish-article/{{.ID}}"
+            hx-target="#page-content" />
+        <input class="btn" type="submit" value="Ablehnen" hx-get="/reject-article/{{.ID}}" hx-target="#page-content" />
+        <button class="btn" hx-get="/hub" hx-target="#page-content">Zurück</button>
+    </div>
+</div>
 {{end}}

web/templates/unpublished-articles.html

@@ -1,10 +1,13 @@
 {{define "page-content"}}
-<form>
+<h2>Unveröffentlichte Artikel</h2>
+
+<div class="flex flex-col gap-4">
     {{range .}}
-    <input required id="{{.UUID}}" name="uuid" type="radio" value="{{.UUID}}" />
+    <button class="btn" hx-get="/review-unpublished-article/{{.ID}}" hx-target="#page-content">
-    <label for="{{.UUID}}">{{.Title}}</label>
+        <h1 class="font-bold text-2xl">{{.Title}}</h1>
+        <p>{{.Description}}</p>
+    </button>
     {{end}}
-    <input type="submit" value="Auswählen" hx-post="/review-article/" hx-target="#page-content" />
+    <button class="action-btn" hx-get="/hub" hx-target="#page-content">Zurück</button>
-</form>
+</div>
-<button hx-get="/hub/" hx-target="#page-content">Zurück</button>
 {{end}}