Merge branch 'devel'

.air.toml

@@ -0,0 +1,54 @@
+root = "."
+testdata_dir = "testdata"
+tmp_dir = "tmp"
+
+[build]
+args_bin = [
+    "-desc 'Freiheit, Gleichheit, Brüderlichkeit, Toleranz und Humanität'",
+    "-domain localhost",
+    "-key tmp/key.gob",
+    "-link https://distrikt-ni-st.de",
+    "-log tmp/cpolis.log",
+    "-pics tmp/pics",
+    "-rss tmp/orientexpress_alle.rss",
+    "-title 'Freimaurer Distrikt Niedersachsen und Sachsen-Anhalt'",
+    "-web web"
+]
+bin = "./tmp/main"
+cmd = "go build -o ./tmp/main ./cmd/main.go"
+delay = 0
+exclude_dir = ["assets", "tmp", "vendor", "testdata"]
+exclude_file = []
+exclude_regex = ["_test.go"]
+exclude_unchanged = false
+follow_symlink = false
+full_bin = ""
+include_dir = []
+include_ext = ["go", "tpl", "tmpl", "html", "css"]
+include_file = []
+kill_delay = "0s"
+log = "build-errors.log"
+poll = false
+poll_interval = 0
+rerun = false
+rerun_delay = 500
+send_interrupt = false
+stop_on_error = false
+
+[color]
+app = ""
+build = "yellow"
+main = "magenta"
+runner = "green"
+watcher = "cyan"
+
+[log]
+main_only = false
+time = false
+
+[misc]
+clean_on_exit = false
+
+[screen]
+clear_on_rebuild = false
+keep_scroll = true

.gitignore

@@ -23,3 +23,4 @@ go.work
 
 # Custom stuff
 tmp/
+style.css

cmd/backend/articles.go

@@ -1,4 +1,4 @@
-package model
+package backend
 
 import (
 	"context"

cmd/backend/articles_tags.go

@@ -1,4 +1,4 @@
-package model
+package backend
 
 import (
 	"fmt"

cmd/backend/config.go

@@ -0,0 +1,131 @@
+package backend
+
+import (
+	"flag"
+	"fmt"
+	"os"
+	"path/filepath"
+	"strings"
+
+	"github.com/BurntSushi/toml"
+)
+
+type Config struct {
+	DBName      string
+	Description string
+	Domain      string
+	KeyFile     string
+	Link        string
+	LogFile     string
+	PicsDir     string
+	Port        string
+	RSSFile     string
+	Title       string
+	WebDir      string
+}
+
+func newConfig() *Config {
+	return &Config{
+		DBName:  "cpolis",
+		KeyFile: "/var/www/cpolis/cpolis.key",
+		LogFile: "/var/log/cpolis.log",
+		PicsDir: "/var/www/cpolis/pics",
+		RSSFile: "/var/www/cpolis/cpolis.rss",
+		WebDir:  "/var/www/cpolis/web",
+	}
+}
+
+func (c *Config) readFile() error {
+	cfgFile, err := filepath.Abs(os.Getenv("HOME") + "/.config/cpolis/config.toml")
+	if err != nil {
+		return fmt.Errorf("error getting absolute path for config file: %v", err)
+	}
+
+	_, err = os.Stat(cfgFile)
+	if os.IsNotExist(err) {
+		fileStrings := strings.Split(cfgFile, "/")
+
+		dir := strings.Join(fileStrings[0:len(fileStrings)-1], "/")
+		if err = os.MkdirAll(dir, 0755); err != nil {
+			return fmt.Errorf("error creating config directory: %v", err)
+		}
+
+		fileName := fileStrings[len(fileStrings)-1]
+		file, err := os.Create(dir + "/" + fileName)
+		if err != nil {
+			return fmt.Errorf("error creating config file: %v", err)
+		}
+		defer file.Close()
+		if err = file.Chmod(0644); err != nil {
+			return fmt.Errorf("error setting permissions for config file: %v", err)
+		}
+	} else {
+		_, err = toml.DecodeFile(cfgFile, c)
+		if err != nil {
+			return fmt.Errorf("error reading config file: %v", err)
+		}
+	}
+
+	return nil
+}
+
+func (c *Config) handleCliArgs() error {
+	var err error
+	port := 8080
+
+	flag.StringVar(&c.DBName, "db", c.DBName, "DB name")
+	flag.StringVar(&c.Description, "desc", c.Description, "Channel description")
+	flag.StringVar(&c.Domain, "domain", c.Domain, "domain name")
+	flag.StringVar(&c.KeyFile, "key", c.KeyFile, "key file")
+	flag.StringVar(&c.Link, "link", c.Link, "Channel Link")
+	flag.StringVar(&c.LogFile, "log", c.LogFile, "log file")
+	flag.StringVar(&c.PicsDir, "pics", c.PicsDir, "pictures directory")
+	flag.StringVar(&c.RSSFile, "rss", c.RSSFile, "RSS file")
+	flag.StringVar(&c.Title, "title", c.Title, "Channel title")
+	flag.StringVar(&c.WebDir, "web", c.WebDir, "web directory")
+	flag.IntVar(&port, "port", port, "port")
+	flag.Parse()
+
+	c.KeyFile, err = filepath.Abs(c.KeyFile)
+	if err != nil {
+		return fmt.Errorf("error finding absolute path for key file: %v", err)
+	}
+
+	c.LogFile, err = filepath.Abs(c.LogFile)
+	if err != nil {
+		return fmt.Errorf("error finding absolute path for log file: %v", err)
+	}
+
+	c.PicsDir, err = filepath.Abs(c.PicsDir)
+	if err != nil {
+		return fmt.Errorf("error finding absolute path for pics dir: %v", err)
+	}
+
+	c.Port = fmt.Sprint(":", port)
+
+	c.RSSFile, err = filepath.Abs(c.RSSFile)
+	if err != nil {
+		return fmt.Errorf("error finding absolute path for RSS file: %v", err)
+	}
+
+	c.WebDir, err = filepath.Abs(c.WebDir)
+	if err != nil {
+		return fmt.Errorf("error finding absolute path for web dir: %v", err)
+	}
+
+	return nil
+}
+
+func HandleConfig() (*Config, error) {
+	config := newConfig()
+
+	if err := config.readFile(); err != nil {
+		return nil, fmt.Errorf("error reading config file: %v", err)
+	}
+
+	if err := config.handleCliArgs(); err != nil {
+		return nil, fmt.Errorf("error handling cli arguments: %v", err)
+	}
+
+	return config, nil
+}

cmd/backend/db.go

@@ -1,4 +1,4 @@
-package model
+package backend
 
 import (
 	"bufio"

cmd/backend/issues.go

@@ -1,4 +1,4 @@
-package model
+package backend
 
 import (
 	"context"

cmd/backend/markdown.go

@@ -1,4 +1,4 @@
-package control
+package backend
 
 import (
 	"bytes"

cmd/backend/rss.go

@@ -1,4 +1,4 @@
-package control
+package backend
 
 import (
 	"fmt"
@@ -7,10 +7,9 @@ import (
 	"time"
 
 	"git.streifling.com/jason/rss"
-	"streifling.com/jason/cpolis/cmd/model"
 )
 
-func GetChannel(db *model.DB, title, link, description string) (*rss.Channel, error) {
+func GetChannel(db *DB, title, link, description string) (*rss.Channel, error) {
 	channel := &rss.Channel{
 		Title:       title,
 		Link:        link,
@@ -51,7 +50,7 @@ func GetChannel(db *model.DB, title, link, description string) (*rss.Channel, er
 	return channel, nil
 }
 
-func GenerateRSS(db *model.DB, title, link, desc string) (*string, error) {
+func GenerateRSS(db *DB, title, link, desc string) (*string, error) {
 	channel := &rss.Channel{
 		Title:       title,
 		Link:        link,
@@ -97,7 +96,7 @@ func GenerateRSS(db *model.DB, title, link, desc string) (*string, error) {
 
 		channel.Items = append(channel.Items, &rss.Item{
 			Title:       articleTitle,
-			Author:      user.FirstName + user.LastName,
+			Author:      user.FirstName + " " + user.LastName,
 			PubDate:     article.Created.Format(time.RFC1123Z),
 			Description: articleDescription,
 			Content:     &rss.Content{Value: articleContent},
@@ -107,7 +106,7 @@ func GenerateRSS(db *model.DB, title, link, desc string) (*string, error) {
 
 	feed := rss.NewFeed()
 	feed.Channels = append(feed.Channels, channel)
-	rss, err := feed.ToXML()
+	rss, err := feed.ToXML("UTF-8")
 	if err != nil {
 		return nil, fmt.Errorf("error converting RSS feed to XML: %v", err)
 	}
@@ -121,7 +120,9 @@ func SaveRSS(filename string, feed *string) error {
 		return fmt.Errorf("error creating file for RSS feed: %v", err)
 	}
 	defer file.Close()
-	file.Chmod(0644)
+	if err = file.Chmod(0644); err != nil {
+		return fmt.Errorf("error setting permissions for RSS file: %v", err)
+	}
 
 	if _, err = io.WriteString(file, *feed); err != nil {
 		return fmt.Errorf("error writing to RSS file: %v", err)

cmd/backend/sessions.go

@@ -1,4 +1,4 @@
-package control
+package backend
 
 import (
 	"crypto/rand"

cmd/backend/tags.go

@@ -1,4 +1,4 @@
-package model
+package backend
 
 import "fmt"
 

cmd/backend/users.go

@@ -0,0 +1,380 @@
+package backend
+
+import (
+	"context"
+	"database/sql"
+	"fmt"
+	"log"
+
+	"golang.org/x/crypto/bcrypt"
+)
+
+const (
+	Admin = iota
+	Publisher
+	Editor
+	Author
+	NonExistent
+)
+
+type User struct {
+	UserName  string
+	FirstName string
+	LastName  string
+	ID        int64
+	Role      int
+}
+
+func (db *DB) AddUser(u *User, pass string) (int64, error) {
+	hashedPass, err := bcrypt.GenerateFromPassword([]byte(pass), bcrypt.DefaultCost)
+	if err != nil {
+		return 0, fmt.Errorf("error creating password hash: %v", err)
+	}
+
+	query := `
+    INSERT INTO users (username, password, first_name, last_name, role)
+    VALUES (?, ?, ?, ?, ?)
+    `
+	result, err := db.Exec(query, u.UserName, string(hashedPass), u.FirstName, u.LastName, u.Role)
+	if err != nil {
+		return 0, fmt.Errorf("error inserting new user %v into DB: %v", u.UserName, err)
+	}
+	id, err := result.LastInsertId()
+	if err != nil {
+		return 0, fmt.Errorf("error inserting user into DB: %v", err)
+	}
+
+	return id, nil
+}
+
+func (db *DB) GetID(userName string) (int64, bool) {
+	var id int64
+
+	query := `
+    SELECT id
+    FROM users
+    WHERE username = ?
+    `
+	row := db.QueryRow(query, userName)
+	if err := row.Scan(&id); err != nil {
+		return 0, false
+	}
+
+	return id, true
+}
+
+func (db *DB) CheckPassword(id int64, pass string) error {
+	var queriedPass string
+
+	query := `
+    SELECT password
+    FROM users
+    WHERE id = ?
+    `
+	row := db.QueryRow(query, id)
+	if err := row.Scan(&queriedPass); err != nil {
+		return fmt.Errorf("error reading password from DB: %v", err)
+	}
+
+	if err := bcrypt.CompareHashAndPassword([]byte(queriedPass), []byte(pass)); err != nil {
+		return fmt.Errorf("incorrect password: %v", err)
+	}
+
+	return nil
+}
+
+func (tx *Tx) ChangePassword(id int64, oldPass, newPass string) error {
+	var queriedPass string
+	getQuery := `
+    SELECT password
+    FROM users
+    WHERE id = ?
+    `
+	row := tx.QueryRow(getQuery, id)
+	if err := row.Scan(&queriedPass); err != nil {
+		if rollbackErr := tx.Rollback(); rollbackErr != nil {
+			log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+		}
+		return fmt.Errorf("error reading password from DB: %v", err)
+	}
+
+	if err := bcrypt.CompareHashAndPassword([]byte(queriedPass), []byte(oldPass)); err != nil {
+		if rollbackErr := tx.Rollback(); rollbackErr != nil {
+			log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+		}
+		return fmt.Errorf("incorrect password: %v", err)
+	}
+
+	newHashedPass, err := bcrypt.GenerateFromPassword([]byte(newPass), bcrypt.DefaultCost)
+	if err != nil {
+		if rollbackErr := tx.Rollback(); rollbackErr != nil {
+			log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+		}
+		return fmt.Errorf("error creating password hash: %v", err)
+	}
+
+	setQuery := `
+    UPDATE users
+    SET password = ?
+    WHERE id = ?
+    `
+	if _, err = tx.Exec(setQuery, string(newHashedPass), id); err != nil {
+		if rollbackErr := tx.Rollback(); rollbackErr != nil {
+			log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+		}
+		return fmt.Errorf("error updating password in DB: %v", err)
+	}
+
+	return nil
+}
+
+// TODO: No need for ID field in general
+func (db *DB) GetUser(id int64) (*User, error) {
+	user := new(User)
+	query := `
+    SELECT id, username, first_name, last_name, role
+    FROM users
+    WHERE id = ?
+    `
+
+	row := db.QueryRow(query, id)
+	if err := row.Scan(&user.ID, &user.UserName, &user.FirstName,
+		&user.LastName, &user.Role); err != nil {
+		return nil, fmt.Errorf("error reading user information: %v", err)
+	}
+
+	return user, nil
+}
+
+func (db *DB) UpdateOwnAttributes(id int64, user, first, last, oldPass, newPass, newPass2 string) error {
+	passwordEmpty := true
+	if len(newPass) > 0 || len(newPass2) > 0 {
+		if newPass != newPass2 {
+			return fmt.Errorf("error: passwords do not match")
+		}
+		passwordEmpty = false
+	}
+
+	tx := new(Tx)
+	var err error
+
+	for i := 0; i < TxMaxRetries; i++ {
+		err := func() error {
+			tx.Tx, err = db.Begin()
+			if err != nil {
+				return fmt.Errorf("error starting transaction: %v", err)
+			}
+
+			if !passwordEmpty {
+				if err = tx.ChangePassword(id, oldPass, newPass); err != nil {
+					if rollbackErr := tx.Rollback(); rollbackErr != nil {
+						log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+					}
+					return fmt.Errorf("error changing password: %v", err)
+				}
+			}
+
+			if err = tx.UpdateAttributes(
+				&Attribute{Table: "users", ID: id, AttName: "username", Value: user},
+				&Attribute{Table: "users", ID: id, AttName: "first_name", Value: first},
+				&Attribute{Table: "users", ID: id, AttName: "last_name", Value: last},
+			); err != nil {
+				if rollbackErr := tx.Rollback(); rollbackErr != nil {
+					log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+				}
+				return fmt.Errorf("error updating attributes in DB: %v", err)
+			}
+
+			if err = tx.Commit(); err != nil {
+				return fmt.Errorf("error committing transaction: %v", err)
+			}
+
+			return nil
+		}()
+		if err == nil {
+			return nil
+		}
+
+		log.Println(err)
+		wait(i)
+	}
+
+	return fmt.Errorf("error: %v unsuccessful retries for DB operation, aborting", TxMaxRetries)
+}
+
+func (db *DB) AddFirstUser(u *User, pass string) (int64, error) {
+	var numUsers int64
+	txOptions := &sql.TxOptions{Isolation: sql.LevelSerializable}
+	selectQuery := "SELECT COUNT(*) FROM users"
+	insertQuery := `
+    INSERT INTO users (username, password, first_name, last_name, role)
+    VALUES (?, ?, ?, ?, ?)
+    `
+
+	for i := 0; i < TxMaxRetries; i++ {
+		id, err := func() (int64, error) {
+			tx, err := db.BeginTx(context.Background(), txOptions)
+			if err != nil {
+				return 0, fmt.Errorf("error starting transaction: %v", err)
+			}
+
+			if err := tx.QueryRow(selectQuery).Scan(&numUsers); err != nil {
+				if rollbackErr := tx.Rollback(); rollbackErr != nil {
+					log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+				}
+				return 0, fmt.Errorf("error getting ID of %v: %v", u.UserName, err)
+			}
+			if numUsers != 0 {
+				if err = tx.Commit(); err != nil {
+					return 0, fmt.Errorf("error committing transaction: %v", err)
+				}
+				return 2, nil
+			}
+
+			hashedPass, err := bcrypt.GenerateFromPassword([]byte(pass), bcrypt.DefaultCost)
+			if err != nil {
+				if rollbackErr := tx.Rollback(); rollbackErr != nil {
+					log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+				}
+				return 0, fmt.Errorf("error creating password hash: %v", err)
+			}
+
+			result, err := tx.Exec(insertQuery, u.UserName, string(hashedPass), u.FirstName, u.LastName, u.Role)
+			if err != nil {
+				if rollbackErr := tx.Rollback(); rollbackErr != nil {
+					log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+				}
+				return 0, fmt.Errorf("error inserting new user %v into DB: %v", u.UserName, err)
+			}
+
+			id, err := result.LastInsertId()
+			if err != nil {
+				if rollbackErr := tx.Rollback(); rollbackErr != nil {
+					log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+				}
+				return 0, fmt.Errorf("error inserting user into DB: %v", err)
+			}
+
+			if err = tx.Commit(); err != nil {
+				return 0, fmt.Errorf("error committing transaction: %v", err)
+			}
+			return id, nil
+		}()
+		if err == nil {
+			return id, nil
+		}
+
+		log.Println(err)
+		wait(i)
+	}
+	return 0, fmt.Errorf("error: %v unsuccessful retries for DB operation, aborting", TxMaxRetries)
+}
+
+func (db *DB) GetAllUsers() (map[int64]*User, error) {
+	query := "SELECT id, username, first_name, last_name, role FROM users"
+
+	rows, err := db.Query(query)
+	if err != nil {
+		return nil, fmt.Errorf("error getting all users from DB: %v", err)
+	}
+
+	users := make(map[int64]*User, 0)
+	for rows.Next() {
+		user := new(User)
+		if err = rows.Scan(&user.ID, &user.UserName, &user.FirstName,
+			&user.LastName, &user.Role); err != nil {
+			return nil, fmt.Errorf("error getting user info: %v", err)
+		}
+		users[user.ID] = user
+	}
+
+	return users, nil
+}
+
+func (tx *Tx) SetPassword(id int64, newPass string) error {
+	hashedPass, err := bcrypt.GenerateFromPassword([]byte(newPass), bcrypt.DefaultCost)
+	if err != nil {
+		if rollbackErr := tx.Rollback(); rollbackErr != nil {
+			log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+		}
+		return fmt.Errorf("error creating password hash: %v", err)
+	}
+
+	setQuery := "UPDATE users SET password = ? WHERE id = ?"
+	if _, err = tx.Exec(setQuery, string(hashedPass), id); err != nil {
+		if rollbackErr := tx.Rollback(); rollbackErr != nil {
+			log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+		}
+		return fmt.Errorf("error updating password in DB: %v", err)
+	}
+
+	return nil
+}
+
+func (db *DB) UpdateUserAttributes(id int64, user, first, last, newPass, newPass2 string, role int) error {
+	passwordEmpty := true
+	if len(newPass) > 0 || len(newPass2) > 0 {
+		if newPass != newPass2 {
+			return fmt.Errorf("error: passwords do not match")
+		}
+		passwordEmpty = false
+	}
+
+	tx := new(Tx)
+	var err error
+
+	for i := 0; i < TxMaxRetries; i++ {
+		err := func() error {
+			tx.Tx, err = db.Begin()
+			if err != nil {
+				return fmt.Errorf("error starting transaction: %v", err)
+			}
+
+			if !passwordEmpty {
+				if err = tx.SetPassword(id, newPass); err != nil {
+					if rollbackErr := tx.Rollback(); rollbackErr != nil {
+						log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+					}
+					return fmt.Errorf("error changing password: %v", err)
+				}
+			}
+
+			if err = tx.UpdateAttributes(
+				&Attribute{Table: "users", ID: id, AttName: "username", Value: user},
+				&Attribute{Table: "users", ID: id, AttName: "first_name", Value: first},
+				&Attribute{Table: "users", ID: id, AttName: "last_name", Value: last},
+				&Attribute{Table: "users", ID: id, AttName: "role", Value: role},
+			); err != nil {
+				if rollbackErr := tx.Rollback(); rollbackErr != nil {
+					log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+				}
+				return fmt.Errorf("error updating attributes in DB: %v", err)
+			}
+
+			if err = tx.Commit(); err != nil {
+				return fmt.Errorf("error committing transaction: %v", err)
+			}
+
+			return nil
+		}()
+		if err == nil {
+			return nil
+		}
+
+		log.Println(err)
+		wait(i)
+	}
+
+	return fmt.Errorf("error: %v unsuccessful retries for DB operation, aborting", TxMaxRetries)
+}
+
+func (db *DB) DeleteUser(id int64) error {
+	query := "DELETE FROM users WHERE id = ?"
+
+	_, err := db.Exec(query, id)
+	if err != nil {
+		return fmt.Errorf("error deleting user %v from DB: %v", id, err)
+	}
+
+	return nil
+}

cmd/control/cli.go

@@ -1,46 +0,0 @@
-package control
-
-import (
-	"flag"
-	"fmt"
-	"path/filepath"
-)
-
-type CliArgs struct {
-	DBName  string
-	KeyFile string
-	LogFile string
-	PicsDir string
-	WebDir  string
-}
-
-func HandleCliArgs() (*CliArgs, error) {
-	var err error
-	cliArgs := new(CliArgs)
-
-	keyFile := flag.String("key", "/var/www/cpolis.key", "key file")
-	logFile := flag.String("log", "/var/log/cpolis.log", "log file")
-	picsDir := flag.String("pics", "/var/www/cpolis/pics", "pictures directory")
-	webDir := flag.String("web", "/var/www/cpolis/web", "web directory")
-	flag.StringVar(&cliArgs.DBName, "db", "cpolis", "DB name")
-	flag.Parse()
-
-	cliArgs.KeyFile, err = filepath.Abs(*keyFile)
-	if err != nil {
-		return nil, fmt.Errorf("error finding absolute path for KeyFile: %v", err)
-	}
-	cliArgs.LogFile, err = filepath.Abs(*logFile)
-	if err != nil {
-		return nil, fmt.Errorf("error finding absolute path for LogFile: %v", err)
-	}
-	cliArgs.PicsDir, err = filepath.Abs(*picsDir)
-	if err != nil {
-		return nil, fmt.Errorf("error finding absolute path for PicsDir: %v", err)
-	}
-	cliArgs.WebDir, err = filepath.Abs(*webDir)
-	if err != nil {
-		return nil, fmt.Errorf("error finding absolute path for WebDir: %v", err)
-	}
-
-	return cliArgs, nil
-}

cmd/frontend/articles.go

@@ -1,20 +1,29 @@
-package view
+package frontend
 
 import (
+	"encoding/json"
 	"fmt"
 	"html/template"
 	"io"
+	"io/fs"
 	"log"
 	"net/http"
 	"os"
+	"path/filepath"
 	"strconv"
+	"strings"
 	"time"
 
-	"streifling.com/jason/cpolis/cmd/control"
+	"github.com/google/uuid"
-	"streifling.com/jason/cpolis/cmd/model"
+	b "streifling.com/jason/cpolis/cmd/backend"
 )
 
-func ShowHub(c *control.CliArgs, db *model.DB, s *control.CookieStore) http.HandlerFunc {
+const (
+	EditMode = iota
+	PreviewMode
+)
+
+func ShowHub(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		session, err := s.Get(r, "cookie")
 		if err != nil {
@@ -23,14 +32,45 @@ func ShowHub(c *control.CliArgs, db *model.DB, s *control.CookieStore) http.Hand
 			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", msg)
 		}
 
+		session.Values["article"] = nil
+		if err = session.Save(r, w); err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
 		tmpl, err := template.ParseFiles(c.WebDir + "/templates/hub.html")
 		template.Must(tmpl, err).ExecuteTemplate(w, "page-content", session.Values["role"].(int))
 	}
 }
 
-func WriteArticle(c *control.CliArgs, db *model.DB) http.HandlerFunc {
+func WriteArticle(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-		tags, err := db.GetTagList()
+		type editorHTMLData struct {
+			Title       string
+			Description string
+			Content     string
+			HTMLContent template.HTML
+			Tags        []*b.Tag
+			Mode        int
+		}
+
+		session, err := s.Get(r, "cookie")
+		if err != nil {
+			tmpl, err := template.ParseFiles(c.WebDir + "/templates/login.html")
+			msg := "Session nicht mehr gültig. Bitte erneut anmelden."
+			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", msg)
+		}
+
+		var data editorHTMLData
+		if session.Values["article"] == nil {
+			data = editorHTMLData{}
+		} else {
+			data = session.Values["article"].(editorHTMLData)
+		}
+		data.Mode = EditMode
+
+		data.Tags, err = db.GetTagList()
 		if err != nil {
 			log.Println(err)
 			http.Error(w, err.Error(), http.StatusInternalServerError)
@@ -38,11 +78,11 @@ func WriteArticle(c *control.CliArgs, db *model.DB) http.HandlerFunc {
 		}
 
 		tmpl, err := template.ParseFiles(c.WebDir + "/templates/editor.html")
-		template.Must(tmpl, err).ExecuteTemplate(w, "page-content", tags)
+		template.Must(tmpl, err).ExecuteTemplate(w, "page-content", data)
 	}
 }
 
-func SubmitArticle(c *control.CliArgs, db *model.DB, s *control.CookieStore) http.HandlerFunc {
+func SubmitArticle(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		session, err := s.Get(r, "cookie")
 		if err != nil {
@@ -51,7 +91,14 @@ func SubmitArticle(c *control.CliArgs, db *model.DB, s *control.CookieStore) htt
 			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", msg)
 		}
 
-		article := &model.Article{
+		session.Values["article"] = nil
+		if err = session.Save(r, w); err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		article := &b.Article{
 			Title:       r.PostFormValue("article-title"),
 			Description: r.PostFormValue("article-description"),
 			Content:     r.PostFormValue("article-content"),
@@ -90,9 +137,9 @@ func SubmitArticle(c *control.CliArgs, db *model.DB, s *control.CookieStore) htt
 	}
 }
 
-func ResubmitArticle(c *control.CliArgs, db *model.DB, s *control.CookieStore) http.HandlerFunc {
+func ResubmitArticle(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-		id, err := strconv.ParseInt(r.PostFormValue("article-id"), 10, 64)
+		id, err := strconv.ParseInt(r.PathValue("id"), 10, 64)
 		if err != nil {
 			log.Println(err)
 			http.Error(w, err.Error(), http.StatusInternalServerError)
@@ -104,10 +151,10 @@ func ResubmitArticle(c *control.CliArgs, db *model.DB, s *control.CookieStore) h
 		content := r.PostFormValue("article-content")
 
 		if err = db.UpdateAttributes(
-			&model.Attribute{Table: "articles", ID: id, AttName: "title", Value: title},
+			&b.Attribute{Table: "articles", ID: id, AttName: "title", Value: title},
-			&model.Attribute{Table: "articles", ID: id, AttName: "description", Value: description},
+			&b.Attribute{Table: "articles", ID: id, AttName: "description", Value: description},
-			&model.Attribute{Table: "articles", ID: id, AttName: "content", Value: content},
+			&b.Attribute{Table: "articles", ID: id, AttName: "content", Value: content},
-			&model.Attribute{Table: "articles", ID: id, AttName: "rejected", Value: false},
+			&b.Attribute{Table: "articles", ID: id, AttName: "rejected", Value: false},
 		); err != nil {
 			log.Println(err)
 			http.Error(w, err.Error(), http.StatusInternalServerError)
@@ -144,7 +191,7 @@ func ResubmitArticle(c *control.CliArgs, db *model.DB, s *control.CookieStore) h
 	}
 }
 
-func ShowUnpublishedArticles(c *control.CliArgs, db *model.DB) http.HandlerFunc {
+func ShowUnpublishedArticles(c *b.Config, db *b.DB) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		unpublishedArticles, err := db.GetCertainArticles(false, false)
 		if err != nil {
@@ -159,11 +206,11 @@ func ShowUnpublishedArticles(c *control.CliArgs, db *model.DB) http.HandlerFunc
 	}
 }
 
-func ShowRejectedArticles(c *control.CliArgs, db *model.DB, s *control.CookieStore) http.HandlerFunc {
+func ShowRejectedArticles(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		type htmlData struct {
 			MyIDs            map[int64]bool
-			RejectedArticles []*model.Article
+			RejectedArticles []*b.Article
 		}
 		data := new(htmlData)
 
@@ -194,29 +241,56 @@ func ShowRejectedArticles(c *control.CliArgs, db *model.DB, s *control.CookieSto
 	}
 }
 
-func ReviewUnpublishedArticle(c *control.CliArgs, db *model.DB, s *control.CookieStore) http.HandlerFunc {
+func ReviewUnpublishedArticle(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		type htmlData struct {
-			Article *model.Article
+			Title       string
-			Tags    []*model.Tag
+			Description string
+			Content     template.HTML
+			Tags        []*b.Tag
+			ID          int64
 		}
+
+		var err error
 		data := new(htmlData)
 
-		id, err := strconv.ParseInt(r.PostFormValue("id"), 10, 64)
+		data.ID, err = strconv.ParseInt(r.PathValue("id"), 10, 64)
 		if err != nil {
 			log.Println(err)
 			http.Error(w, err.Error(), http.StatusInternalServerError)
 			return
 		}
 
-		data.Article, err = db.GetArticle(id)
+		article, err := db.GetArticle(data.ID)
 		if err != nil {
 			log.Println(err)
 			http.Error(w, err.Error(), http.StatusInternalServerError)
 			return
 		}
 
-		data.Tags, err = db.GetArticleTags(id)
+		data.Title, err = b.ConvertToPlain(article.Title)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		data.Description, err = b.ConvertToPlain(article.Description)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		content, err := b.ConvertToHTML(article.Content)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+		data.Content = template.HTML(content)
+
+		data.Tags, err = db.GetArticleTags(data.ID)
 		if err != nil {
 			log.Println(err)
 			http.Error(w, err.Error(), http.StatusInternalServerError)
@@ -229,16 +303,16 @@ func ReviewUnpublishedArticle(c *control.CliArgs, db *model.DB, s *control.Cooki
 	}
 }
 
-func ReviewRejectedArticle(c *control.CliArgs, db *model.DB, s *control.CookieStore) http.HandlerFunc {
+func ReviewRejectedArticle(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		type htmlData struct {
 			Selected map[int64]bool
-			Article  *model.Article
+			Article  *b.Article
-			Tags     []*model.Tag
+			Tags     []*b.Tag
 		}
 		data := new(htmlData)
 
-		id, err := strconv.ParseInt(r.PostFormValue("id"), 10, 64)
+		id, err := strconv.ParseInt(r.PathValue("id"), 10, 64)
 		if err != nil {
 			log.Println(err)
 			http.Error(w, err.Error(), http.StatusInternalServerError)
@@ -276,9 +350,9 @@ func ReviewRejectedArticle(c *control.CliArgs, db *model.DB, s *control.CookieSt
 	}
 }
 
-func PublishArticle(c *control.CliArgs, db *model.DB, s *control.CookieStore) http.HandlerFunc {
+func PublishArticle(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-		id, err := strconv.ParseInt(r.PostFormValue("id"), 10, 64)
+		id, err := strconv.ParseInt(r.PathValue("id"), 10, 64)
 		if err != nil {
 			log.Println(err)
 			http.Error(w, err.Error(), http.StatusInternalServerError)
@@ -299,27 +373,22 @@ func PublishArticle(c *control.CliArgs, db *model.DB, s *control.CookieStore) ht
 		}
 
 		if err = db.UpdateAttributes(
-			&model.Attribute{Table: "articles", ID: id, AttName: "published", Value: true},
+			&b.Attribute{Table: "articles", ID: id, AttName: "published", Value: true},
-			&model.Attribute{Table: "articles", ID: id, AttName: "rejected", Value: false},
+			&b.Attribute{Table: "articles", ID: id, AttName: "rejected", Value: false},
-			&model.Attribute{Table: "articles", ID: id, AttName: "created", Value: time.Now().Format("2006-01-02 15:04:05")},
+			&b.Attribute{Table: "articles", ID: id, AttName: "created", Value: time.Now().Format("2006-01-02 15:04:05")},
 		); err != nil {
 			log.Println(err)
 			http.Error(w, err.Error(), http.StatusInternalServerError)
 			return
 		}
 
-		feed, err := control.GenerateRSS(
+		feed, err := b.GenerateRSS(db, c.Title, c.Link, c.Description)
-			db,
-			"Freimaurer Distrikt Niedersachsen und Sachsen-Anhalt",
-			"https://distrikt-ni-st.de",
-			"Freiheit, Gleichheit, Brüderlichkeit, Toleranz und Humanität",
-		)
 		if err != nil {
 			log.Println(err)
 			http.Error(w, err.Error(), http.StatusInternalServerError)
 			return
 		}
-		if err = control.SaveRSS("tmp/orientexpress_alle.rss", feed); err != nil {
+		if err = b.SaveRSS(c.RSSFile, feed); err != nil {
 			log.Println(err)
 			http.Error(w, err.Error(), http.StatusInternalServerError)
 			return
@@ -331,9 +400,9 @@ func PublishArticle(c *control.CliArgs, db *model.DB, s *control.CookieStore) ht
 	}
 }
 
-func RejectArticle(c *control.CliArgs, db *model.DB, s *control.CookieStore) http.HandlerFunc {
+func RejectArticle(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-		id, err := strconv.ParseInt(r.PostFormValue("id"), 10, 64)
+		id, err := strconv.ParseInt(r.PathValue("id"), 10, 64)
 		if err != nil {
 			log.Println(err)
 			http.Error(w, err.Error(), http.StatusInternalServerError)
@@ -348,7 +417,7 @@ func RejectArticle(c *control.CliArgs, db *model.DB, s *control.CookieStore) htt
 		}
 
 		if err = db.UpdateAttributes(
-			&model.Attribute{Table: "articles", ID: id, AttName: "rejected", Value: true},
+			&b.Attribute{Table: "articles", ID: id, AttName: "rejected", Value: true},
 		); err != nil {
 			log.Println(err)
 			http.Error(w, err.Error(), http.StatusInternalServerError)
@@ -361,7 +430,7 @@ func RejectArticle(c *control.CliArgs, db *model.DB, s *control.CookieStore) htt
 	}
 }
 
-func ShowCurrentArticles(c *control.CliArgs, db *model.DB) http.HandlerFunc {
+func ShowCurrentArticles(c *b.Config, db *b.DB) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		articles, err := db.GetCurrentIssueArticles()
 		if err != nil {
@@ -375,7 +444,7 @@ func ShowCurrentArticles(c *control.CliArgs, db *model.DB) http.HandlerFunc {
 	}
 }
 
-func UploadImage(c *control.CliArgs) http.HandlerFunc {
+func UploadImage(c *b.Config) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		file, header, err := r.FormFile("article-image")
 		if err != nil {
@@ -385,8 +454,23 @@ func UploadImage(c *control.CliArgs) http.HandlerFunc {
 		}
 		defer file.Close()
 
-		filename := fmt.Sprint(c.PicsDir, time.Now().Format("2006-01-02_15:04:05"), "-", header.Filename)
+		nameStrings := strings.Split(header.Filename, ".")
-		img, err := os.Create(filename)
+		extension := "." + nameStrings[len(nameStrings)-1]
+		filename := fmt.Sprint(uuid.New(), extension)
+		absFilepath, err := filepath.Abs(fmt.Sprint(c.PicsDir, "/", filename))
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		if err = os.MkdirAll(fmt.Sprint(c.PicsDir, "/"), fs.FileMode(0755)); err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		img, err := os.Create(absFilepath)
 		if err != nil {
 			log.Println(err)
 			http.Error(w, err.Error(), http.StatusInternalServerError)
@@ -400,7 +484,8 @@ func UploadImage(c *control.CliArgs) http.HandlerFunc {
 			return
 		}
 
-		tmpl, err := template.ParseFiles(c.WebDir + "/templates/editor.html")
+		url := fmt.Sprint(c.Domain, "/pics/", filename)
-		template.Must(tmpl, err).ExecuteTemplate(w, "editor-images", fmt.Sprint("![", header.Filename, "](", filename, ")"))
+		w.Header().Set("Content-Type", "application/json")
+		json.NewEncoder(w).Encode(url)
 	}
 }

cmd/frontend/editor.go

@@ -1,21 +1,20 @@
-package view
+package frontend
 
 import (
 	"html/template"
 	"net/http"
 
-	"streifling.com/jason/cpolis/cmd/control"
+	b "streifling.com/jason/cpolis/cmd/backend"
-	"streifling.com/jason/cpolis/cmd/model"
 )
 
-func CreateTag(c *control.CliArgs) http.HandlerFunc {
+func CreateTag(c *b.Config) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		tmpl, err := template.ParseFiles(c.WebDir + "/templates/add-tag.html")
 		template.Must(tmpl, err).ExecuteTemplate(w, "page-content", nil)
 	}
 }
 
-func AddTag(c *control.CliArgs, db *model.DB, s *control.CookieStore) http.HandlerFunc {
+func AddTag(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		db.AddTag(r.PostFormValue("tag"))
 

cmd/frontend/images.go

@@ -0,0 +1,22 @@
+package frontend
+
+import (
+	"log"
+	"net/http"
+	"path/filepath"
+
+	b "streifling.com/jason/cpolis/cmd/backend"
+)
+
+func ServeImage(c *b.Config, s *b.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		absFilepath, err := filepath.Abs(c.PicsDir)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		http.ServeFile(w, r, absFilepath+"/"+r.PathValue("pic"))
+	}
+}

cmd/frontend/issues.go

@@ -1,15 +1,14 @@
-package view
+package frontend
 
 import (
 	"html/template"
 	"log"
 	"net/http"
 
-	"streifling.com/jason/cpolis/cmd/control"
+	b "streifling.com/jason/cpolis/cmd/backend"
-	"streifling.com/jason/cpolis/cmd/model"
 )
 
-func PublishLatestIssue(c *control.CliArgs, db *model.DB, s *control.CookieStore) http.HandlerFunc {
+func PublishLatestIssue(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		if err := db.PublishLatestIssue(); err != nil {
 			log.Println(err)

cmd/frontend/sessions.go

@@ -1,4 +1,4 @@
-package view
+package frontend
 
 import (
 	"fmt"
@@ -6,11 +6,10 @@ import (
 	"log"
 	"net/http"
 
-	"streifling.com/jason/cpolis/cmd/control"
+	b "streifling.com/jason/cpolis/cmd/backend"
-	"streifling.com/jason/cpolis/cmd/model"
 )
 
-func saveSession(w http.ResponseWriter, r *http.Request, s *control.CookieStore, u *model.User) error {
+func saveSession(w http.ResponseWriter, r *http.Request, s *b.CookieStore, u *b.User) error {
 	session, err := s.Get(r, "cookie")
 	if err != nil {
 		return fmt.Errorf("error getting session: %v", err)
@@ -27,7 +26,7 @@ func saveSession(w http.ResponseWriter, r *http.Request, s *control.CookieStore,
 	return nil
 }
 
-func HomePage(c *control.CliArgs, db *model.DB, s *control.CookieStore) http.HandlerFunc {
+func HomePage(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		numRows, err := db.CountEntries("users")
 		if err != nil {
@@ -36,7 +35,7 @@ func HomePage(c *control.CliArgs, db *model.DB, s *control.CookieStore) http.Han
 
 		files := []string{c.WebDir + "/templates/index.html"}
 		if numRows == 0 {
-			files = append(files, c.WebDir+"/templates/add-user.html")
+			files = append(files, c.WebDir+"/templates/first-user.html")
 			tmpl, err := template.ParseFiles(files...)
 			template.Must(tmpl, err).Execute(w, nil)
 		} else {
@@ -54,7 +53,7 @@ func HomePage(c *control.CliArgs, db *model.DB, s *control.CookieStore) http.Han
 	}
 }
 
-func Login(c *control.CliArgs, db *model.DB, s *control.CookieStore) http.HandlerFunc {
+func Login(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		userName := r.PostFormValue("username")
 		password := r.PostFormValue("password")
@@ -89,7 +88,7 @@ func Login(c *control.CliArgs, db *model.DB, s *control.CookieStore) http.Handle
 	}
 }
 
-func Logout(c *control.CliArgs, s *control.CookieStore) http.HandlerFunc {
+func Logout(c *b.Config, s *b.CookieStore) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		session, err := s.Get(r, "cookie")
 		if err != nil {

cmd/frontend/users.go

@@ -0,0 +1,436 @@
+package frontend
+
+import (
+	"fmt"
+	"html/template"
+	"log"
+	"net/http"
+	"strconv"
+
+	b "streifling.com/jason/cpolis/cmd/backend"
+)
+
+type UserData struct {
+	*b.User
+	Msg string
+}
+
+func checkUserStrings(user *b.User) (string, int, bool) {
+	userLen := 15
+	nameLen := 50
+
+	if len(user.UserName) > userLen {
+		return "Benutzername", userLen, false
+	} else if len(user.FirstName) > nameLen {
+		return "Vorname", nameLen, false
+	} else if len(user.LastName) > nameLen {
+		return "Nachname", nameLen, false
+	} else {
+		return "", 0, true
+	}
+}
+
+func CreateUser(c *b.Config) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		tmpl, err := template.ParseFiles(c.WebDir + "/templates/add-user.html")
+		template.Must(tmpl, err).ExecuteTemplate(w, "page-content", nil)
+	}
+}
+
+func AddUser(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		role, err := strconv.Atoi(r.PostFormValue("role"))
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		htmlData := UserData{
+			User: &b.User{
+				UserName:  r.PostFormValue("username"),
+				FirstName: r.PostFormValue("first-name"),
+				LastName:  r.PostFormValue("last-name"),
+				Role:      role,
+			},
+		}
+		pass := r.PostFormValue("password")
+		pass2 := r.PostFormValue("password2")
+
+		if len(htmlData.UserName) == 0 || len(htmlData.FirstName) == 0 ||
+			len(htmlData.LastName) == 0 || len(pass) == 0 || len(pass2) == 0 {
+			htmlData.Msg = "Alle Felder müssen ausgefüllt werden."
+			tmpl, err := template.ParseFiles(c.WebDir + "/templates/add-user.html")
+			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", htmlData)
+			return
+		}
+		userString, stringLen, ok := checkUserStrings(htmlData.User)
+		if !ok {
+			htmlData.Msg = fmt.Sprint(userString, " ist zu lang. Maximal ",
+				stringLen, " Zeichen erlaubt.")
+			tmpl, err := template.ParseFiles(c.WebDir + "/templates/add-user.html")
+			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", htmlData)
+			return
+		}
+		id, _ := db.GetID(htmlData.UserName)
+		if id != 0 {
+			htmlData.Msg = fmt.Sprint(htmlData.UserName,
+				" ist bereits vergeben. Bitte anderen Benutzernamen wählen.")
+			tmpl, err := template.ParseFiles(c.WebDir + "/templates/add-user.html")
+			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", htmlData)
+			return
+		}
+		if pass != pass2 {
+			htmlData.Msg = "Die Passwörter stimmen nicht überein."
+			tmpl, err := template.ParseFiles(c.WebDir + "/templates/add-user.html")
+			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", htmlData)
+			return
+		}
+
+		_, err = db.AddUser(htmlData.User, pass)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		session, err := s.Get(r, "cookie")
+		if err != nil {
+			tmpl, err := template.ParseFiles(c.WebDir + "/templates/login.html")
+			msg := "Session nicht mehr gültig. Bitte erneut anmelden."
+			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", msg)
+		}
+
+		tmpl, err := template.ParseFiles(c.WebDir + "/templates/hub.html")
+		tmpl = template.Must(tmpl, err)
+		tmpl.ExecuteTemplate(w, "page-content", session.Values["role"].(int))
+	}
+}
+
+func EditSelf(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		session, err := s.Get(r, "cookie")
+		if err != nil {
+			tmpl, err := template.ParseFiles(c.WebDir + "/templates/login.html")
+			msg := "Session nicht mehr gültig. Bitte erneut anmelden."
+			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", msg)
+		}
+
+		user, err := db.GetUser(session.Values["id"].(int64))
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		tmpl, err := template.ParseFiles(c.WebDir + "/templates/edit-self.html")
+		template.Must(tmpl, err).ExecuteTemplate(w, "page-content", user)
+	}
+}
+
+func UpdateSelf(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		session, err := s.Get(r, "cookie")
+		if err != nil {
+			tmpl, err := template.ParseFiles(c.WebDir + "/templates/login.html")
+			msg := "Session nicht mehr gültig. Bitte erneut anmelden."
+			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", msg)
+		}
+
+		userData := UserData{
+			User: &b.User{
+				ID:        session.Values["id"].(int64),
+				UserName:  r.PostFormValue("username"),
+				FirstName: r.PostFormValue("first-name"),
+				LastName:  r.PostFormValue("last-name"),
+			},
+		}
+		oldPass := r.PostFormValue("old-password")
+		newPass := r.PostFormValue("password")
+		newPass2 := r.PostFormValue("password2")
+
+		if len(userData.UserName) == 0 || len(userData.FirstName) == 0 ||
+			len(userData.LastName) == 0 {
+			userData.Msg = "Alle Felder mit * müssen ausgefüllt sein."
+			tmpl, err := template.ParseFiles(c.WebDir + "/templates/edit-user.html")
+			tmpl = template.Must(tmpl, err)
+			tmpl.ExecuteTemplate(w, "page-content", userData.Msg)
+			return
+		}
+
+		userString, stringLen, ok := checkUserStrings(userData.User)
+		if !ok {
+			userData.Msg = fmt.Sprint(userString, " ist zu lang. Maximal ",
+				stringLen, " Zeichen erlaubt.")
+			tmpl, err := template.ParseFiles(c.WebDir + "/templates/edit-user.html")
+			tmpl = template.Must(tmpl, err)
+			tmpl.ExecuteTemplate(w, "page-content", userData)
+			return
+		}
+
+		if id, ok := db.GetID(userData.UserName); ok {
+			if id != userData.ID {
+				userData.Msg = "Benutzername bereits vergeben."
+				userData.UserName = ""
+				tmpl, err := template.ParseFiles(c.WebDir + "/templates/edit-user.html")
+				tmpl = template.Must(tmpl, err)
+				tmpl.ExecuteTemplate(w, "page-content", userData)
+				return
+			}
+		}
+
+		if err = db.UpdateOwnAttributes(
+			userData.ID,
+			userData.UserName,
+			userData.FirstName,
+			userData.LastName,
+			oldPass,
+			newPass,
+			newPass2); err != nil {
+			userData.Msg = "Aktualisierung der Benutzerdaten fehlgeschlagen."
+			tmpl, err := template.ParseFiles(c.WebDir + "/templates/edit-user.html")
+			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", userData)
+		}
+
+		tmpl, err := template.ParseFiles(c.WebDir + "/templates/hub.html")
+		tmpl = template.Must(tmpl, err)
+		tmpl.ExecuteTemplate(w, "page-content", session.Values["role"].(int))
+	}
+}
+
+func AddFirstUser(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		var err error
+
+		htmlData := UserData{
+			User: &b.User{
+				UserName:  r.PostFormValue("username"),
+				FirstName: r.PostFormValue("first-name"),
+				LastName:  r.PostFormValue("last-name"),
+				Role:      b.Admin,
+			},
+		}
+		pass := r.PostFormValue("password")
+		pass2 := r.PostFormValue("password2")
+
+		if len(htmlData.UserName) == 0 || len(htmlData.FirstName) == 0 ||
+			len(htmlData.LastName) == 0 || len(pass) == 0 || len(pass2) == 0 {
+			htmlData.Msg = "Alle Felder müssen ausgefüllt werden."
+			tmpl, err := template.ParseFiles(c.WebDir + "/templates/add-user.html")
+			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", htmlData)
+			return
+		}
+		userString, stringLen, ok := checkUserStrings(htmlData.User)
+		if !ok {
+			htmlData.Msg = fmt.Sprint(userString, " ist zu lang. Maximal ",
+				stringLen, " Zeichen erlaubt.")
+			tmpl, err := template.ParseFiles(c.WebDir + "/templates/add-user.html")
+			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", htmlData)
+			return
+		}
+		id, _ := db.GetID(htmlData.UserName)
+		if id != 0 {
+			htmlData.Msg = fmt.Sprint(htmlData.UserName,
+				" ist bereits vergeben. Bitte anderen Benutzernamen wählen.")
+			tmpl, err := template.ParseFiles(c.WebDir + "/templates/add-user.html")
+			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", htmlData)
+			return
+		}
+		if pass != pass2 {
+			htmlData.Msg = "Die Passwörter stimmen nicht überein."
+			tmpl, err := template.ParseFiles(c.WebDir + "/templates/add-user.html")
+			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", htmlData)
+			return
+		}
+
+		htmlData.ID, err = db.AddFirstUser(htmlData.User, pass)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+		if htmlData.ID > 1 {
+			errString := "error: there is already a first user"
+			log.Println(errString)
+			http.Error(w, errString, http.StatusInternalServerError)
+			return
+		}
+
+		if err := saveSession(w, r, s, htmlData.User); err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		if _, err := db.AddIssue(); err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		tmpl, err := template.ParseFiles(c.WebDir + "/templates/hub.html")
+		template.Must(tmpl, err).ExecuteTemplate(w, "page-content", 0)
+	}
+}
+
+func ShowAllUsers(c *b.Config, db *b.DB, s *b.CookieStore, action string) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		var err error
+		type htmlData struct {
+			Users  map[int64]*b.User
+			Action string
+		}
+
+		data := &htmlData{Action: action}
+		data.Users, err = db.GetAllUsers()
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		session, err := s.Get(r, "cookie")
+		if err != nil {
+			tmpl, err := template.ParseFiles(c.WebDir + "/templates/login.html")
+			msg := "Session nicht mehr gültig. Bitte erneut anmelden."
+			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", msg)
+		}
+
+		delete(data.Users, session.Values["id"].(int64))
+		tmpl, err := template.ParseFiles(c.WebDir + "/templates/show-all-users.html")
+		template.Must(tmpl, err).ExecuteTemplate(w, "page-content", data)
+	}
+}
+
+func EditUser(c *b.Config, db *b.DB) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		id, err := strconv.ParseInt(r.PathValue("id"), 10, 64)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		user, err := db.GetUser(id)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		tmpl, err := template.ParseFiles(c.WebDir + "/templates/edit-user.html")
+		template.Must(tmpl, err).ExecuteTemplate(w, "page-content", user)
+	}
+}
+
+func UpdateUser(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		id, err := strconv.ParseInt(r.PathValue("id"), 10, 64)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		role, err := strconv.Atoi(r.PostFormValue("role"))
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		userData := UserData{
+			User: &b.User{
+				ID:        id,
+				UserName:  r.PostFormValue("username"),
+				FirstName: r.PostFormValue("first-name"),
+				LastName:  r.PostFormValue("last-name"),
+				Role:      role,
+			},
+		}
+		newPass := r.PostFormValue("password")
+		newPass2 := r.PostFormValue("password2")
+
+		if len(userData.UserName) == 0 || len(userData.FirstName) == 0 ||
+			len(userData.LastName) == 0 {
+			userData.Msg = "Alle Felder mit * müssen ausgefüllt sein."
+			tmpl, err := template.ParseFiles(c.WebDir + "/templates/edit-user.html")
+			tmpl = template.Must(tmpl, err)
+			tmpl.ExecuteTemplate(w, "page-content", userData.Msg)
+			return
+		}
+
+		userString, stringLen, ok := checkUserStrings(userData.User)
+		if !ok {
+			userData.Msg = fmt.Sprint(userString, " ist zu lang. Maximal ",
+				stringLen, " Zeichen erlaubt.")
+			tmpl, err := template.ParseFiles(c.WebDir + "/templates/edit-user.html")
+			tmpl = template.Must(tmpl, err)
+			tmpl.ExecuteTemplate(w, "page-content", userData)
+			return
+		}
+
+		if id, ok := db.GetID(userData.UserName); ok {
+			if id != userData.ID {
+				userData.Msg = "Benutzername bereits vergeben."
+				userData.UserName = ""
+				tmpl, err := template.ParseFiles(c.WebDir + "/templates/edit-user.html")
+				tmpl = template.Must(tmpl, err)
+				tmpl.ExecuteTemplate(w, "page-content", userData)
+				return
+			}
+		}
+
+		if err = db.UpdateUserAttributes(
+			userData.ID,
+			userData.UserName,
+			userData.FirstName,
+			userData.LastName,
+			newPass,
+			newPass2,
+			userData.Role); err != nil {
+			userData.Msg = "Aktualisierung der Benutzerdaten fehlgeschlagen."
+			tmpl, err := template.ParseFiles(c.WebDir + "/templates/edit-user.html")
+			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", userData)
+		}
+
+		session, err := s.Get(r, "cookie")
+		if err != nil {
+			tmpl, err := template.ParseFiles(c.WebDir + "/templates/login.html")
+			msg := "Session nicht mehr gültig. Bitte erneut anmelden."
+			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", msg)
+		}
+
+		tmpl, err := template.ParseFiles(c.WebDir + "/templates/hub.html")
+		tmpl = template.Must(tmpl, err)
+		tmpl.ExecuteTemplate(w, "page-content", session.Values["role"].(int))
+	}
+}
+
+func DeleteUser(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		id, err := strconv.ParseInt(r.PathValue("id"), 10, 64)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		if err = db.DeleteUser(id); err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		session, err := s.Get(r, "cookie")
+		if err != nil {
+			tmpl, err := template.ParseFiles(c.WebDir + "/templates/login.html")
+			msg := "Session nicht mehr gültig. Bitte erneut anmelden."
+			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", msg)
+		}
+
+		tmpl, err := template.ParseFiles(c.WebDir + "/templates/hub.html")
+		tmpl = template.Must(tmpl, err)
+		tmpl.ExecuteTemplate(w, "page-content", session.Values["role"].(int))
+	}
+}

cmd/main.go

@@ -6,77 +6,78 @@ import (
 	"net/http"
 	"os"
 
-	"streifling.com/jason/cpolis/cmd/control"
+	b "streifling.com/jason/cpolis/cmd/backend"
-	"streifling.com/jason/cpolis/cmd/model"
+	f "streifling.com/jason/cpolis/cmd/frontend"
-	"streifling.com/jason/cpolis/cmd/view"
 )
 
 func init() {
-	gob.Register(model.User{})
+	gob.Register(b.User{})
 }
 
 func main() {
-	args, err := control.HandleCliArgs()
+	config, err := b.HandleConfig()
 	if err != nil {
 		log.Fatalln(err)
 	}
 
-	logFile, err := os.OpenFile(args.LogFile, os.O_WRONLY|os.O_CREATE|os.O_APPEND, 0644)
+	logFile, err := os.OpenFile(config.LogFile, os.O_WRONLY|os.O_CREATE|os.O_APPEND, 0644)
 	if err != nil {
 		log.Fatalln(err)
 	}
 	defer logFile.Close()
 	log.SetOutput(logFile)
 
-	db, err := model.OpenDB(args.DBName)
+	db, err := b.OpenDB(config.DBName)
 	if err != nil {
 		log.Fatalln(err)
 	}
 	defer db.Close()
 
-	key, err := control.LoadKey(args.KeyFile)
+	key, err := b.LoadKey(config.KeyFile)
 	if err != nil {
-		key, err = control.NewKey()
+		key, err = b.NewKey()
 		if err != nil {
 			log.Fatalln(err)
 		}
-		control.SaveKey(key, args.KeyFile)
+		b.SaveKey(key, config.KeyFile)
 	}
-	store := control.NewCookieStore(key)
+	store := b.NewCookieStore(key)
 
 	mux := http.NewServeMux()
 	mux.Handle("/web/static/", http.StripPrefix("/web/static/",
-		http.FileServer(http.Dir(args.WebDir+"/static/"))))
+		http.FileServer(http.Dir(config.WebDir+"/static/"))))
-	mux.HandleFunc("/", view.HomePage(args, db, store))
+	mux.HandleFunc("/", f.HomePage(config, db, store))
 
-	mux.HandleFunc("GET /create-tag/", view.CreateTag(args))
+	mux.HandleFunc("GET /create-tag", f.CreateTag(config))
-	mux.HandleFunc("GET /create-user/", view.CreateUser(args))
+	mux.HandleFunc("GET /create-user", f.CreateUser(config))
-	mux.HandleFunc("GET /edit-user/", view.EditUser(args, db, store))
+	mux.HandleFunc("GET /edit-self", f.EditSelf(config, db, store))
-	mux.HandleFunc("GET /hub/", view.ShowHub(args, db, store))
+	mux.HandleFunc("GET /edit-user/{id}", f.EditUser(config, db))
-	mux.HandleFunc("GET /logout/", view.Logout(args, store))
+	mux.HandleFunc("GET /delete-user/{id}", f.DeleteUser(config, db, store))
-	mux.HandleFunc("GET /publish-issue/", view.PublishLatestIssue(args, db, store))
+	mux.HandleFunc("GET /hub", f.ShowHub(config, db, store))
-	mux.HandleFunc("GET /rejected-articles/", view.ShowRejectedArticles(args, db, store))
+	mux.HandleFunc("GET /logout", f.Logout(config, store))
-	mux.HandleFunc("GET /rss/", view.ShowRSS(args,
+	mux.HandleFunc("GET /pics/{pic}", f.ServeImage(config, store))
-		db,
+	mux.HandleFunc("GET /publish-article/{id}", f.PublishArticle(config, db, store))
-		"Freimaurer Distrikt Niedersachsen und Sachsen-Anhalt",
+	mux.HandleFunc("GET /publish-issue", f.PublishLatestIssue(config, db, store))
-		"https://distrikt-ni-st.de",
+	mux.HandleFunc("GET /reject-article/{id}", f.RejectArticle(config, db, store))
-		"Freiheit, Gleichheit, Brüderlichkeit, Toleranz und Humanität",
+	mux.HandleFunc("GET /rejected-articles", f.ShowRejectedArticles(config, db, store))
-	))
+	mux.HandleFunc("GET /review-rejected-article/{id}", f.ReviewRejectedArticle(config, db, store))
-	mux.HandleFunc("GET /this-issue/", view.ShowCurrentArticles(args, db))
+	mux.HandleFunc("GET /review-unpublished-article/{id}", f.ReviewUnpublishedArticle(config, db, store))
-	mux.HandleFunc("GET /unpublished-articles/", view.ShowUnpublishedArticles(args, db))
+	mux.HandleFunc("GET /rss", func(w http.ResponseWriter, r *http.Request) { http.ServeFile(w, r, config.RSSFile) })
-	mux.HandleFunc("GET /write-article/", view.WriteArticle(args, db))
+	mux.HandleFunc("GET /show-all-users-edit", f.ShowAllUsers(config, db, store, "edit-user"))
+	mux.HandleFunc("GET /show-all-users-delete", f.ShowAllUsers(config, db, store, "delete-user"))
+	mux.HandleFunc("GET /this-issue", f.ShowCurrentArticles(config, db))
+	mux.HandleFunc("GET /unpublished-articles", f.ShowUnpublishedArticles(config, db))
+	mux.HandleFunc("GET /write-article", f.WriteArticle(config, db, store))
 
-	mux.HandleFunc("POST /add-tag/", view.AddTag(args, db, store))
+	mux.HandleFunc("POST /add-first-user", f.AddFirstUser(config, db, store))
-	mux.HandleFunc("POST /add-user/", view.AddUser(args, db, store))
+	mux.HandleFunc("POST /add-tag", f.AddTag(config, db, store))
-	mux.HandleFunc("POST /login/", view.Login(args, db, store))
+	mux.HandleFunc("POST /add-user", f.AddUser(config, db, store))
-	mux.HandleFunc("POST /publish-article/", view.PublishArticle(args, db, store))
+	mux.HandleFunc("POST /login", f.Login(config, db, store))
-	mux.HandleFunc("POST /reject-article/", view.RejectArticle(args, db, store))
+	mux.HandleFunc("POST /resubmit-article/{id}", f.ResubmitArticle(config, db, store))
-	mux.HandleFunc("POST /resubmit-article/", view.ResubmitArticle(args, db, store))
+	mux.HandleFunc("POST /submit-article", f.SubmitArticle(config, db, store))
-	mux.HandleFunc("POST /review-rejected-article/", view.ReviewRejectedArticle(args, db, store))
+	mux.HandleFunc("POST /update-self", f.UpdateSelf(config, db, store))
-	mux.HandleFunc("POST /review-unpublished-article/", view.ReviewUnpublishedArticle(args, db, store))
+	mux.HandleFunc("POST /update-user/{id}", f.UpdateUser(config, db, store))
-	mux.HandleFunc("POST /submit-article/", view.SubmitArticle(args, db, store))
+	mux.HandleFunc("POST /upload-image", f.UploadImage(config))
-	mux.HandleFunc("POST /update-user/", view.UpdateUser(args, db, store))
-	mux.HandleFunc("POST /upload-image/", view.UploadImage(args))
 
-	log.Fatalln(http.ListenAndServe(":8080", mux))
+	log.Fatalln(http.ListenAndServe(config.Port, mux))
 }

cmd/model/users.go

@@ -1,200 +0,0 @@
-package model
-
-import (
-	"fmt"
-	"log"
-
-	"golang.org/x/crypto/bcrypt"
-)
-
-const (
-	Admin = iota
-	Publisher
-	Editor
-	Author
-)
-
-type User struct {
-	UserName  string
-	FirstName string
-	LastName  string
-	ID        int64
-	Role      int
-}
-
-func (db *DB) AddUser(u *User, pass string) (int64, error) {
-	hashedPass, err := bcrypt.GenerateFromPassword([]byte(pass), bcrypt.DefaultCost)
-	if err != nil {
-		return 0, fmt.Errorf("error creating password hash: %v", err)
-	}
-
-	query := `
-    INSERT INTO users (username, password, first_name, last_name, role)
-    VALUES (?, ?, ?, ?, ?)
-    `
-	result, err := db.Exec(query, u.UserName, string(hashedPass), u.FirstName, u.LastName, u.Role)
-	if err != nil {
-		return 0, fmt.Errorf("error inserting new user %v into DB: %v", u.UserName, err)
-	}
-	id, err := result.LastInsertId()
-	if err != nil {
-		return 0, fmt.Errorf("error inserting user into DB: %v", err)
-	}
-
-	return id, nil
-}
-
-func (db *DB) GetID(userName string) (int64, bool) {
-	var id int64
-
-	query := `
-    SELECT id
-    FROM users
-    WHERE username = ?
-    `
-	row := db.QueryRow(query, userName)
-	if err := row.Scan(&id); err != nil {
-		return 0, false
-	}
-
-	return id, true
-}
-
-func (db *DB) CheckPassword(id int64, pass string) error {
-	var queriedPass string
-
-	query := `
-    SELECT password
-    FROM users
-    WHERE id = ?
-    `
-	row := db.QueryRow(query, id)
-	if err := row.Scan(&queriedPass); err != nil {
-		return fmt.Errorf("error reading password from DB: %v", err)
-	}
-
-	if err := bcrypt.CompareHashAndPassword([]byte(queriedPass), []byte(pass)); err != nil {
-		return fmt.Errorf("incorrect password: %v", err)
-	}
-
-	return nil
-}
-
-func (tx *Tx) ChangePassword(id int64, oldPass, newPass string) error {
-	var queriedPass string
-	getQuery := `
-    SELECT password
-    FROM users
-    WHERE id = ?
-    `
-	row := tx.QueryRow(getQuery, id)
-	if err := row.Scan(&queriedPass); err != nil {
-		if rollbackErr := tx.Rollback(); rollbackErr != nil {
-			log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
-		}
-		return fmt.Errorf("error reading password from DB: %v", err)
-	}
-
-	if err := bcrypt.CompareHashAndPassword([]byte(queriedPass), []byte(oldPass)); err != nil {
-		if rollbackErr := tx.Rollback(); rollbackErr != nil {
-			log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
-		}
-		return fmt.Errorf("incorrect password: %v", err)
-	}
-
-	newHashedPass, err := bcrypt.GenerateFromPassword([]byte(newPass), bcrypt.DefaultCost)
-	if err != nil {
-		if rollbackErr := tx.Rollback(); rollbackErr != nil {
-			log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
-		}
-		return fmt.Errorf("error creating password hash: %v", err)
-	}
-
-	setQuery := `
-    UPDATE users
-    SET password = ?
-    WHERE id = ?
-    `
-	if _, err = tx.Exec(setQuery, string(newHashedPass), id); err != nil {
-		if rollbackErr := tx.Rollback(); rollbackErr != nil {
-			log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
-		}
-		return fmt.Errorf("error updating password in DB: %v", err)
-	}
-
-	return nil
-}
-
-// TODO: No need for ID field in general
-func (db *DB) GetUser(id int64) (*User, error) {
-	user := new(User)
-	query := `
-    SELECT id, username, first_name, last_name, role
-    FROM users
-    WHERE id = ?
-    `
-
-	row := db.QueryRow(query, id)
-	if err := row.Scan(&user.ID, &user.UserName, &user.FirstName,
-		&user.LastName, &user.Role); err != nil {
-		return nil, fmt.Errorf("error reading user information: %v", err)
-	}
-
-	return user, nil
-}
-
-func (db *DB) UpdateUserAttributes(id int64, user, first, last, oldPass, newPass, newPass2 string) error {
-	passwordEmpty := true
-	if len(newPass) > 0 || len(newPass2) > 0 {
-		if newPass != newPass2 {
-			return fmt.Errorf("error: passwords do not match")
-		}
-		passwordEmpty = false
-	}
-
-	tx := new(Tx)
-	var err error
-
-	for i := 0; i < TxMaxRetries; i++ {
-		err := func() error {
-			tx.Tx, err = db.Begin()
-			if err != nil {
-				return fmt.Errorf("error starting transaction: %v", err)
-			}
-
-			if !passwordEmpty {
-				if err = tx.ChangePassword(id, oldPass, newPass); err != nil {
-					if rollbackErr := tx.Rollback(); rollbackErr != nil {
-						log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
-					}
-					return fmt.Errorf("error changing password: %v", err)
-				}
-			}
-
-			if err = tx.UpdateAttributes(
-				&Attribute{Table: "users", ID: id, AttName: "username", Value: user},
-				&Attribute{Table: "users", ID: id, AttName: "first_name", Value: first},
-				&Attribute{Table: "users", ID: id, AttName: "last_name", Value: last},
-			); err != nil {
-				if rollbackErr := tx.Rollback(); rollbackErr != nil {
-					log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
-				}
-				return fmt.Errorf("error updating attributes in DB: %v", err)
-			}
-
-			if err = tx.Commit(); err != nil {
-				return fmt.Errorf("error committing transaction: %v", err)
-			}
-
-			return nil
-		}()
-		if err == nil {
-			return nil
-		}
-
-		log.Println(err)
-		wait(i)
-	}
-
-	return fmt.Errorf("error: %v unsuccessful retries for DB operation, aborting", TxMaxRetries)
-}

cmd/view/rss.go

@@ -1,95 +0,0 @@
-package view
-
-import (
-	"fmt"
-	"html/template"
-	"log"
-	"net/http"
-	"time"
-
-	"git.streifling.com/jason/rss"
-	"streifling.com/jason/cpolis/cmd/control"
-	"streifling.com/jason/cpolis/cmd/model"
-)
-
-func ShowRSS(c *control.CliArgs, db *model.DB, title, link, desc string) http.HandlerFunc {
-	return func(w http.ResponseWriter, r *http.Request) {
-		channel := &rss.Channel{
-			Title:       title,
-			Link:        link,
-			Description: desc,
-			Items:       make([]*rss.Item, 0),
-		}
-
-		articles, err := db.GetCertainArticles(true, false)
-		if err != nil {
-			log.Println(err)
-			http.Error(w, err.Error(), http.StatusInternalServerError)
-			return
-		}
-
-		for _, article := range articles {
-			tags, err := db.GetArticleTags(article.ID)
-			if err != nil {
-				log.Println(err)
-				http.Error(w, err.Error(), http.StatusInternalServerError)
-				return
-			}
-			tagNames := make([]string, 0)
-			for _, tag := range tags {
-				tagNames = append(tagNames, tag.Name)
-			}
-			tagNames = append(tagNames, fmt.Sprint("Orient Express ", article.IssueID))
-
-			user, err := db.GetUser(article.AuthorID)
-			if err != nil {
-				log.Println(err)
-				http.Error(w, err.Error(), http.StatusInternalServerError)
-				return
-			}
-
-			articleTitle, err := control.ConvertToPlain(article.Title)
-			if err != nil {
-				log.Println(err)
-				http.Error(w, err.Error(), http.StatusInternalServerError)
-				return
-			}
-
-			articleDescription, err := control.ConvertToPlain(article.Description)
-			if err != nil {
-				log.Println(err)
-				http.Error(w, err.Error(), http.StatusInternalServerError)
-				return
-			}
-
-			articleContent, err := control.ConvertToHTML(article.Content)
-			if err != nil {
-				log.Println(err)
-				http.Error(w, err.Error(), http.StatusInternalServerError)
-				return
-			}
-
-			channel.Items = append(channel.Items, &rss.Item{
-				Title:       articleTitle,
-				Author:      user.FirstName + user.LastName,
-				PubDate:     article.Created.Format(time.RFC1123Z),
-				Description: articleDescription,
-				Content:     &rss.Content{Value: articleContent},
-				Categories:  tagNames,
-			})
-		}
-
-		feed := rss.NewFeed()
-		feed.Channels = append(feed.Channels, channel)
-		rss, err := feed.ToXML()
-		if err != nil {
-			log.Println(err)
-			http.Error(w, err.Error(), http.StatusInternalServerError)
-			return
-		}
-
-		files := []string{c.WebDir + "/templates/index.html", c.WebDir + "/templates/feed.rss"}
-		tmpl, err := template.ParseFiles(files...)
-		template.Must(tmpl, err).Execute(w, rss)
-	}
-}

cmd/view/users.go

@@ -1,216 +0,0 @@
-package view
-
-import (
-	"fmt"
-	"html/template"
-	"log"
-	"net/http"
-	"strconv"
-
-	"streifling.com/jason/cpolis/cmd/control"
-	"streifling.com/jason/cpolis/cmd/model"
-)
-
-type UserData struct {
-	*model.User
-	Msg string
-}
-
-func checkUserStrings(user *model.User) (string, int, bool) {
-	userLen := 15
-	nameLen := 50
-
-	if len(user.UserName) > userLen {
-		return "Benutzername", userLen, false
-	} else if len(user.FirstName) > nameLen {
-		return "Vorname", nameLen, false
-	} else if len(user.LastName) > nameLen {
-		return "Nachname", nameLen, false
-	} else {
-		return "", 0, true
-	}
-}
-
-func CreateUser(c *control.CliArgs) http.HandlerFunc {
-	return func(w http.ResponseWriter, r *http.Request) {
-		tmpl, err := template.ParseFiles(c.WebDir + "/templates/add-user.html")
-		template.Must(tmpl, err).ExecuteTemplate(w, "page-content", nil)
-	}
-}
-
-func AddUser(c *control.CliArgs, db *model.DB, s *control.CookieStore) http.HandlerFunc {
-	return func(w http.ResponseWriter, r *http.Request) {
-		role, err := strconv.Atoi(r.PostFormValue("role"))
-		if err != nil {
-			log.Println(err)
-			http.Error(w, err.Error(), http.StatusInternalServerError)
-			return
-		}
-
-		htmlData := UserData{
-			User: &model.User{
-				UserName:  r.PostFormValue("username"),
-				FirstName: r.PostFormValue("first-name"),
-				LastName:  r.PostFormValue("last-name"),
-				Role:      role,
-			},
-		}
-		pass := r.PostFormValue("password")
-		pass2 := r.PostFormValue("password2")
-
-		if len(htmlData.UserName) == 0 || len(htmlData.FirstName) == 0 ||
-			len(htmlData.LastName) == 0 || len(pass) == 0 || len(pass2) == 0 {
-			htmlData.Msg = "Alle Felder müssen ausgefüllt werden."
-			tmpl, err := template.ParseFiles(c.WebDir + "/templates/add-user.html")
-			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", htmlData)
-			return
-		}
-		userString, stringLen, ok := checkUserStrings(htmlData.User)
-		if !ok {
-			htmlData.Msg = fmt.Sprint(userString, " ist zu lang. Maximal ",
-				stringLen, " Zeichen erlaubt.")
-			tmpl, err := template.ParseFiles(c.WebDir + "/templates/add-user.html")
-			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", htmlData)
-			return
-		}
-		id, _ := db.GetID(htmlData.UserName)
-		if id != 0 {
-			htmlData.Msg = fmt.Sprint(htmlData.UserName,
-				" ist bereits vergeben. Bitte anderen Benutzernamen wählen.")
-			tmpl, err := template.ParseFiles(c.WebDir + "/templates/add-user.html")
-			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", htmlData)
-			return
-		}
-		if pass != pass2 {
-			htmlData.Msg = "Die Passwörter stimmen nicht überein."
-			tmpl, err := template.ParseFiles(c.WebDir + "/templates/add-user.html")
-			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", htmlData)
-			return
-		}
-
-		htmlData.ID, err = db.AddUser(htmlData.User, pass)
-		if err != nil {
-			log.Println(err)
-			http.Error(w, err.Error(), http.StatusInternalServerError)
-			return
-		}
-
-		if htmlData.ID == 1 {
-			htmlData.Role = model.Admin
-
-			if err = db.UpdateAttributes(
-				&model.Attribute{Table: "users", ID: id, AttName: "role", Value: htmlData.Role},
-			); err != nil {
-				log.Println(err)
-				http.Error(w, err.Error(), http.StatusInternalServerError)
-				return
-			}
-
-			if err := saveSession(w, r, s, htmlData.User); err != nil {
-				log.Println(err)
-				http.Error(w, err.Error(), http.StatusInternalServerError)
-				return
-			}
-
-			if _, err := db.AddIssue(); err != nil {
-				log.Println(err)
-				http.Error(w, err.Error(), http.StatusInternalServerError)
-				return
-			}
-		}
-
-		tmpl, err := template.ParseFiles(c.WebDir + "/templates/hub.html")
-		template.Must(tmpl, err).ExecuteTemplate(w, "page-content", 0)
-	}
-}
-
-func EditUser(c *control.CliArgs, db *model.DB, s *control.CookieStore) http.HandlerFunc {
-	return func(w http.ResponseWriter, r *http.Request) {
-		session, err := s.Get(r, "cookie")
-		if err != nil {
-			tmpl, err := template.ParseFiles(c.WebDir + "/templates/login.html")
-			msg := "Session nicht mehr gültig. Bitte erneut anmelden."
-			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", msg)
-		}
-
-		user, err := db.GetUser(session.Values["id"].(int64))
-		if err != nil {
-			log.Println(err)
-			http.Error(w, err.Error(), http.StatusInternalServerError)
-			return
-		}
-
-		tmpl, err := template.ParseFiles(c.WebDir + "/templates/edit-user.html")
-		template.Must(tmpl, err).ExecuteTemplate(w, "page-content", user)
-	}
-}
-
-func UpdateUser(c *control.CliArgs, db *model.DB, s *control.CookieStore) http.HandlerFunc {
-	return func(w http.ResponseWriter, r *http.Request) {
-		session, err := s.Get(r, "cookie")
-		if err != nil {
-			tmpl, err := template.ParseFiles(c.WebDir + "/templates/login.html")
-			msg := "Session nicht mehr gültig. Bitte erneut anmelden."
-			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", msg)
-		}
-
-		userData := UserData{
-			User: &model.User{
-				ID:        session.Values["id"].(int64),
-				UserName:  r.PostFormValue("username"),
-				FirstName: r.PostFormValue("first-name"),
-				LastName:  r.PostFormValue("last-name"),
-			},
-		}
-		oldPass := r.PostFormValue("old-password")
-		newPass := r.PostFormValue("password")
-		newPass2 := r.PostFormValue("password2")
-
-		if len(userData.UserName) == 0 || len(userData.FirstName) == 0 ||
-			len(userData.LastName) == 0 {
-			userData.Msg = "Alle Felder mit * müssen ausgefüllt sein."
-			tmpl, err := template.ParseFiles(c.WebDir + "/templates/edit-user.html")
-			tmpl = template.Must(tmpl, err)
-			tmpl.ExecuteTemplate(w, "page-content", userData.Msg)
-			return
-		}
-
-		userString, stringLen, ok := checkUserStrings(userData.User)
-		if !ok {
-			userData.Msg = fmt.Sprint(userString, " ist zu lang. Maximal ",
-				stringLen, " Zeichen erlaubt.")
-			tmpl, err := template.ParseFiles(c.WebDir + "/templates/edit-user.html")
-			tmpl = template.Must(tmpl, err)
-			tmpl.ExecuteTemplate(w, "page-content", userData)
-			return
-		}
-
-		if id, ok := db.GetID(userData.UserName); ok {
-			if id != userData.ID {
-				userData.Msg = "Benutzername bereits vergeben."
-				userData.UserName = ""
-				tmpl, err := template.ParseFiles(c.WebDir + "/templates/edit-user.html")
-				tmpl = template.Must(tmpl, err)
-				tmpl.ExecuteTemplate(w, "page-content", userData)
-				return
-			}
-		}
-
-		if err = db.UpdateUserAttributes(
-			userData.ID,
-			userData.UserName,
-			userData.FirstName,
-			userData.LastName,
-			oldPass,
-			newPass,
-			newPass2); err != nil {
-			userData.Msg = "Aktualisierung der Benutzerdaten fehlgeschlagen."
-			tmpl, err := template.ParseFiles(c.WebDir + "/templates/edit-user.html")
-			template.Must(tmpl, err).ExecuteTemplate(w, "page-content", userData)
-		}
-
-		tmpl, err := template.ParseFiles(c.WebDir + "/templates/hub.html")
-		tmpl = template.Must(tmpl, err)
-		tmpl.ExecuteTemplate(w, "page-content", session.Values["role"].(int))
-	}
-}

create_db.sql

@@ -0,0 +1,50 @@
+DROP TABLE IF EXISTS articles_tags;
+DROP TABLE IF EXISTS tags;
+DROP TABLE IF EXISTS articles;
+DROP TABLE IF EXISTS issues;
+DROP TABLE IF EXISTS users;
+
+CREATE TABLE users (
+    id          INT         AUTO_INCREMENT,
+    username    VARCHAR(15) NOT NULL UNIQUE,
+    password    VARCHAR(60) NOT NULL,
+    first_name  VARCHAR(50) NOT NULL,
+    last_name   VARCHAR(50) NOT NULL,
+    role        INT         NOT NULL,
+    PRIMARY KEY(id)
+);
+
+CREATE TABLE issues (
+    id          INT     AUTO_INCREMENT,
+    published   BOOL    NOT NULL,
+    PRIMARY KEY(id)
+);
+
+CREATE TABLE articles (
+    id          INT             AUTO_INCREMENT,
+    title       VARCHAR(255)    NOT NULL,
+    created     TIMESTAMP       DEFAULT CURRENT_TIMESTAMP,
+    description TEXT            NOT NULL,
+    content     TEXT            NOT NULL,
+    published   BOOL            NOT NULL,
+    rejected    BOOL            NOT NULL,
+    author_id   INT             NOT NULL,
+    issue_id    INT             NOT NULL,
+    PRIMARY KEY(id),
+    FOREIGN KEY(author_id) REFERENCES users(id),
+    FOREIGN KEY(issue_id) REFERENCES issues(id)
+);
+
+CREATE TABLE tags (
+    id      INT         AUTO_INCREMENT,
+    name    VARCHAR(50) NOT NULL UNIQUE,
+    PRIMARY KEY(id)
+);
+
+CREATE TABLE articles_tags (
+    article_id  INT,
+    tag_id      INT,
+    PRIMARY KEY(article_id, tag_id),
+    FOREIGN KEY(article_id) REFERENCES articles(id),
+    FOREIGN KEY(tag_id) REFERENCES tags(id)
+);

go.mod

@@ -3,8 +3,10 @@ module streifling.com/jason/cpolis
 go 1.22.0
 
 require (
-	git.streifling.com/jason/rss v0.0.0-20240305164907-524bf9676188
+	git.streifling.com/jason/rss v0.1.2
+	github.com/BurntSushi/toml v1.3.2
 	github.com/go-sql-driver/mysql v1.7.1
+	github.com/google/uuid v1.6.0
 	github.com/gorilla/sessions v1.2.2
 	github.com/microcosm-cc/bluemonday v1.0.26
 	github.com/yuin/goldmark v1.7.0

go.sum

@@ -1,11 +1,15 @@
-git.streifling.com/jason/rss v0.0.0-20240305164907-524bf9676188 h1:C8M/j3f+cl5Y7YfGpU/ynb/SC/4tTYMDsyGFt3rswM8=
+git.streifling.com/jason/rss v0.1.2 h1:UB3UHJXMt5WDDh9y8n0Z6nS1XortbPXjEr7QZTdovY4=
-git.streifling.com/jason/rss v0.0.0-20240305164907-524bf9676188/go.mod h1:gpZF0nZbQSstMpyHD9DTAvlQEG7v4pjO5c7aIMWM4Jg=
+git.streifling.com/jason/rss v0.1.2/go.mod h1:gpZF0nZbQSstMpyHD9DTAvlQEG7v4pjO5c7aIMWM4Jg=
+github.com/BurntSushi/toml v1.3.2 h1:o7IhLm0Msx3BaB+n3Ag7L8EVlByGnpq14C4YWiu/gL8=
+github.com/BurntSushi/toml v1.3.2/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
 github.com/aymerick/douceur v0.2.0 h1:Mv+mAeH1Q+n9Fr+oyamOlAkUNPWPlA8PPGR0QAaYuPk=
 github.com/aymerick/douceur v0.2.0/go.mod h1:wlT5vV2O3h55X9m7iVYN0TBM0NH/MmbLnd30/FjWUq4=
 github.com/go-sql-driver/mysql v1.7.1 h1:lUIinVbN1DY0xBg0eMOzmmtGoHwWBbvnWubQUrtU8EI=
 github.com/go-sql-driver/mysql v1.7.1/go.mod h1:OXbVy3sEdcQ2Doequ6Z5BW6fXNQTmx+9S1MCJN5yJMI=
 github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
 github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
+github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/gorilla/css v1.0.0 h1:BQqNyPTi50JCFMTw/b67hByjMVXZRwGha6wxVGkeihY=
 github.com/gorilla/css v1.0.0/go.mod h1:Dn721qIggHpt4+EFCcTLTU/vk5ySda2ReITrtgBl60c=
 github.com/gorilla/securecookie v1.1.2 h1:YCIWL56dvtr73r6715mJs5ZvhtnY73hBvEF8kXD8ePA=

tailwind.config.js

@@ -0,0 +1,10 @@
+/** @type {import('tailwindcss').Config} */
+module.exports = {
+    content: ["./web/templates/*.html"],
+    theme: {
+        extend: {}
+    },
+    plugins: [
+        require('@tailwindcss/typography')
+    ],
+}

web/static/css/input.css

@@ -0,0 +1,41 @@
+@tailwind base;
+@tailwind components;
+@tailwind utilities;
+
+body {
+    width: 800px;
+    @apply mx-auto text-slate-900;
+}
+
+h2 {
+    @apply font-bold mb-2 text-2xl;
+}
+
+form {
+    @apply flex flex-col gap-y-3;
+}
+
+input[type="file"] {
+    @apply border rounded-md w-full;
+}
+
+input[type="password"],
+input[type="text"] {
+    @apply border h-8 rounded-md;
+}
+
+textarea {
+    @apply border h-32 rounded-md;
+}
+
+.btn-area {
+    @apply flex gap-4 mt-4;
+}
+
+.btn {
+    @apply bg-slate-200 border my-2 px-3 py-2 rounded-md w-full hover:bg-slate-100;
+}
+
+.action-btn {
+    @apply bg-slate-800 border my-2 px-3 py-2 rounded-md text-slate-50 w-full hover:bg-slate-700;
+}

web/templates/add-tag.html

@@ -1,10 +1,12 @@
 {{define "page-content"}}
-<h2>Neuer Benutzer</h2>
+<h2>Neuer Tag</h2>
 
 <form>
-    <input required name="tag" placeholder="Tag" type="text" />
+    <input required name="tag" placeholder="Tag eingeben" type="text" />
-    <input type="submit" value="Anlegen" hx-post="/add-tag/" hx-target="#page-content" />
+    <div class="btn-area">
+        <input class="action-btn" type="submit" value="Anlegen" hx-post="/add-tag" hx-target="#page-content" />
+        <button class="btn" hx-get="/hub" hx-target="#page-content">Abbrechen</button>
+    </div>
 </form>
 
-<button hx-get="/hub/" hx-target="#page-content">Abbrechen</button>
 {{end}}

web/templates/add-user.html

@@ -1,33 +1,55 @@
 {{define "page-content"}}
 <h2>Neuer Benutzer</h2>
+
 <form>
+    <div class="grid grid-cols-3 gap-4">
         <div>
-        <input required name="username" placeholder="Benutzername" type="text" value="{{.UserName}}" />
+            <label for="username">Benutzername</label>
-        <input required name="password" placeholder="Passwort" type="password" />
+            <input class="w-full" required name="username" type="text" value="{{.UserName}}" />
-        <input required name="password2" placeholder="Passwort wiederholen" type="password" />
+        </div>
-    </div>
+        <div>
-
+            <label for="password">Passwort</label>
-    <div>
+            <input class="w-full" required name="password" placeholder="***" type="password" />
-        <input required name="first-name" placeholder="Vorname" type="text" value="{{.FirstName}}" />
+        </div>
-        <input required name="last-name" placeholder="Nachname" type="text" value="{{.LastName}}" />
+        <div>
+            <label for="password2">Passwort wiederholen</label>
+            <input class="w-full" required name="password2" placeholder="***" type="password" />
+        </div>
+        <div>
+            <label for="first-name">Vorname</label>
+            <input class="w-full" required name="first-name" type="text" value="{{.FirstName}}" />
+        </div>
+        <div>
+            <label for="last-name">Nachname</label>
+            <input class="w-full" required name="last-name" type="text" value="{{.LastName}}" />
+        </div>
     </div>
 
+    <div class="flex gap-4">
         <div>
             <input required id="author" name="role" type="radio" value="3" {{if eq .Role 3 }}checked{{end}} />
             <label for="author">Autor</label>
+        </div>
+        <div>
             <input required id="editor" name="role" type="radio" value="2" {{if eq .Role 2 }}checked{{end}} />
             <label for="editor">Redakteur</label>
+        </div>
+        <div>
             <input required id="publisher" name="role" type="radio" value="1" {{if eq .Role 1 }}checked{{end}} />
             <label for="publisher">Herausgeber</label>
+        </div>
+        <div>
             <input required id="admin" name="role" type="radio" value="0" {{if eq .Role 0 }}checked{{end}} />
-        <label for="admin">Admin</label>
+            <label for="admin">Administrator</label>
+        </div>
     </div>
 
-    <input type="submit" value="Anlegen" hx-post="/add-user/" hx-target="#page-content" />
+    <div class="btn-area">
+        <input class="action-btn" type="submit" value="Anlegen" hx-post="/add-user" hx-target="#page-content" />
+        <button class="btn" hx-get="/hub" hx-target="#page-content">Abbrechen</button>
+    </div>
 </form>
 
-<button hx-get="/hub/" hx-target="#page-content">Abbrechen</button>
-
 <script>
     var msg = "{{.Msg}}";
     if (msg != "") {

web/templates/current-articles.html

@@ -1,13 +1,17 @@
 {{define "page-content"}}
-<div>
+<h2>Aktuelle Artikel</h2>
+
+<div class="flex flex-col gap-4">
     {{range .}}
-    <div>
+    <div class="border px-2 py-1 rounded-md">
-        <h1>{{.Title}}</h1>
+        <h1 class="font-bold text-2xl">{{.Title}}</h1>
         <p>{{.Description}}</p>
     </div>
     {{end}}
 </div>
 
-<button hx-get="/publish-issue/" hx-target="#page-content">Ausgabe publizieren</button>
+<div class="btn-area">
-<button hx-get="/hub/" hx-target="#page-content">Abbrechen</button>
+    <button class="action-btn" hx-get="/publish-issue" hx-target="#page-content">Ausgabe publizieren</button>
+    <button class="btn" hx-get="/hub" hx-target="#page-content">Abbrechen</button>
+</div>
 {{end}}

web/templates/edit-self.html

@@ -0,0 +1,43 @@
+{{define "page-content"}}
+<h2>Profil bearbeiten</h2>
+
+<form>
+    <div class="grid grid-cols-3 gap-4">
+        <div>
+            <label for="username">Benutzername</label>
+            <input class="w-full" name="username" type="text" value="{{.UserName}}" />
+        </div>
+
+        <div>
+            <label for="first-name">Vorname</label>
+            <input class="w-full" name="first-name" type="text" value="{{.FirstName}}" />
+        </div>
+
+        <div>
+            <label for="last-name">Nachname</label>
+            <input class="w-full" name="last-name" type="text" value="{{.LastName}}" />
+        </div>
+
+        <div>
+            <label for="old-password">Altes Passwort</label>
+            <input class="w-full" name="old-password" placeholder="***" type="password" />
+        </div>
+
+        <div>
+            <label for="password">Passwort</label>
+            <input class="w-full" name="password" placeholder="***" type="password" />
+        </div>
+
+        <div>
+            <label for="password2">Passwort wiederholen</label>
+            <input class="w-full" name="password2" placeholder="***" type="password" />
+        </div>
+    </div>
+
+    <div class="btn-area">
+        <input class="action-btn" type="submit" value="Aktualisieren" hx-post="/update-self"
+            hx-target="#page-content" />
+        <button class="btn" hx-get="/hub" hx-target="#page-content">Abbrechen</button>
+    </div>
+</form>
+{{end}}

web/templates/edit-user.html

@@ -1,19 +1,57 @@
 {{define "page-content"}}
+<h2>Profil von {{.FirstName}} {{.LastName}} bearbeiten</h2>
+
 <form>
+    <div class="grid grid-cols-3 gap-4">
         <div>
-        <input name="username" type="text" value="{{.UserName}}" />
+            <label for="username">Benutzername</label>
-        <input name="first-name" type="text" value="{{.FirstName}}" />
+            <input class="w-full" name="username" type="text" value="{{.UserName}}" />
-        <input name="last-name" type="text" value="{{.LastName}}" />
         </div>
 
         <div>
-        <input name="old-password" placeholder="Altes Passwort" type="password" />
+            <label for="first-name">Vorname</label>
-        <input name="password" placeholder="Neues Passwort" type="password" />
+            <input class="w-full" name="first-name" type="text" value="{{.FirstName}}" />
-        <input name="password2" placeholder="Wiederholen" type="password" />
         </div>
 
-    <input type="submit" value="Aktualisieren" hx-post="/update-user/" hx-target="#page-content" />
+        <div>
+            <label for="last-name">Nachname</label>
+            <input class="w-full" name="last-name" type="text" value="{{.LastName}}" />
+        </div>
+
+        <div>
+            <label for="password">Passwort</label>
+            <input class="w-full" name="password" placeholder="***" type="password" />
+        </div>
+
+        <div>
+            <label for="password2">Passwort wiederholen</label>
+            <input class="w-full" name="password2" placeholder="***" type="password" />
+        </div>
+    </div>
+
+    <div class="flex gap-4">
+        <div>
+            <input required id="author" name="role" type="radio" value="3" {{if eq .Role 3 }}checked{{end}} />
+            <label for="author">Autor</label>
+        </div>
+        <div>
+            <input required id="editor" name="role" type="radio" value="2" {{if eq .Role 2 }}checked{{end}} />
+            <label for="editor">Redakteur</label>
+        </div>
+        <div>
+            <input required id="publisher" name="role" type="radio" value="1" {{if eq .Role 1 }}checked{{end}} />
+            <label for="publisher">Herausgeber</label>
+        </div>
+        <div>
+            <input required id="admin" name="role" type="radio" value="0" {{if eq .Role 0 }}checked{{end}} />
+            <label for="admin">Administrator</label>
+        </div>
+    </div>
+
+    <div class="btn-area">
+        <input class="action-btn" type="submit" value="Aktualisieren" hx-post="/update-user/{{.ID}}"
+            hx-target="#page-content" />
+        <button class="btn" hx-get="/hub" hx-target="#page-content">Abbrechen</button>
+    </div>
 </form>
-
-<button hx-get="/hub/" hx-target="#page-content">Abbrechen</button>
 {{end}}

web/templates/editor.html

@@ -1,57 +1,67 @@
 {{define "page-content"}}
 <h2>Editor</h2>
-<form>
+
-    <div>
+<form id="edit-area">
-        <input name="article-title" placeholder="Titel" type="text" />
+    <div class="flex flex-col gap-y-1">
-        <textarea name="article-description" placeholder="Beschreibung"></textarea>
+        <label for="article-title">Titel</label>
-        <textarea name="article-content" placeholder="Artikel"></textarea>
+        <input name="article-title" type="text" value="{{.Title}}" />
     </div>
+    <div class="flex flex-col">
+        <label for="article-description">Beschreibung</label>
+        <textarea name="article-description">{{.Description}}</textarea>
+    </div>
+    <div class="flex flex-col">
+        <label for="article-content">Artikel</label>
+        <textarea id="easyMDE">{{.Content}}</textarea>
+    </div>
+    <input id="article-content" name="article-content" type="hidden" />
 
     <div>
-        {{range .}}
+        <span>Tags</span>
+        <div class="flex flex-wrap gap-x-4">
+            {{range .Tags}}
             <div>
                 <input id="{{.Name}}" name="tags" type="checkbox" value="{{.ID}}" />
                 <label for="{{.Name}}">{{.Name}}</label>
             </div>
             {{end}}
         </div>
-
-    <div id="editor-images">
-        <input name="article-image" type="file" hx-encoding="multipart/form-data" hx-post="/upload-image/"
-            hx-swap="beforeend" hx-target="#editor-images" />
     </div>
 
-    <input type="submit" value="Senden" hx-post="/submit-article/" hx-target="#page-content" />
+    <div class="btn-area">
+        <input class="action-btn" type="submit" value="Senden" hx-post="/submit-article" hx-target="#page-content" />
+        <button class="btn" hx-get="/hub" hx-target="#page-content">Abbrechen</button>
+    </div>
 </form>
 
-<button hx-get="/hub/" hx-target="#page-content">Abbrechen</button>
-
 <script>
-    function copyToClipboard(text) {
+    var easyMDE = new EasyMDE({
-        event.preventDefault(); // Get-Request verhindern
+        element: document.getElementById('easyMDE'),
+        hideIcons: ['image'],
+        imageTexts: {sbInit: ''},
+        showIcons: ["code", "table", "upload-image"],
+        uploadImage: true,
 
-        var textarea = document.createElement("textarea");
+        imageUploadFunction: function (file, onSuccess, onError) {
-        textarea.textContent = text;
+            var formData = new FormData();
-        document.body.appendChild(textarea);
+            formData.append('article-image', file);
 
-        textarea.select();
+            fetch('/upload-image', {
-        try {
+                method: 'POST',
-            document.execCommand('copy');
+                body: formData
-        } catch (err) {
+            })
-            console.warn('Fehler beim Kopieren', err);
+                .then(response => response.json())
-        }
+                .then(data => {
-
+                    onSuccess(data);
-        document.body.removeChild(textarea);
+                })
-    }
+                .catch(error => {
+                    onError(error);
+                });
+        },
+    });
 
+    easyMDE.codemirror.on("change", () => {
+        document.getElementById('article-content').value = easyMDE.value();
+    });
 </script>
 {{end}}
-
-{{define "editor-images"}}
-{{if gt (len .) 0}}
-<div>
-    {{.}}
-    <button onclick="copyToClipboard('{{.}}')">Kopieren</button>
-</div>
-{{end}}
-{{end}}

web/templates/feed.rss

@@ -1,3 +0,0 @@
-{{define "page-content"}}
-{{.}}
-{{end}}

web/templates/first-user.html

@@ -0,0 +1,39 @@
+{{define "page-content"}}
+<h2>Erster Benutzer (Administrator)</h2>
+
+<form>
+    <div class="grid grid-cols-3 gap-4">
+        <div>
+            <label for="username">Benutzername</label>
+            <input class="w-full" required name="username" type="text" value="{{.UserName}}" />
+        </div>
+        <div>
+            <label for="password">Passwort</label>
+            <input class="w-full" required name="password" placeholder="***" type="password" />
+        </div>
+        <div>
+            <label for="password2">Passwort wiederholen</label>
+            <input class="w-full" required name="password2" placeholder="***" type="password" />
+        </div>
+        <div>
+            <label for="first-name">Vorname</label>
+            <input class="w-full" required name="first-name" type="text" value="{{.FirstName}}" />
+        </div>
+        <div>
+            <label for="last-name">Nachname</label>
+            <input class="w-full" required name="last-name" type="text" value="{{.LastName}}" />
+        </div>
+    </div>
+
+    <div class="btn-area">
+        <input class="action-btn" type="submit" value="Anlegen" hx-post="/add-first-user" hx-target="#page-content" />
+    </div>
+</form>
+
+<script>
+    var msg = "{{.Msg}}";
+    if (msg != "") {
+        alert(msg);
+    }
+</script>
+{{end}}

web/templates/hub.html

@@ -1,25 +1,49 @@
 {{define "page-content"}}
-<h2>Hub</h2>
+<div class="flex flex-col gap-4">
-<div>
+    <button class="btn" hx-get="/logout" hx-target="#page-content">Abmelden</button>
-    <button hx-get="/write-article/" hx-target="#page-content">Artikel schreiben</button>
+
-    <button hx-get="/rejected-articles/" hx-target="#page-content">Abgelehnte Artikel</button>
+    {{if lt . 4}}
-    <button hx-get="/rss/" hx-target="#page-content">RSS Feed</button>
+    <div class="mb-3">
-    <button hx-get="/edit-user/" hx-target="#page-content">Benutzer bearbeiten</button>
+        <h2>Autor</h2>
-</div>
+        <div class="grid grid-cols-2 gap-x-4 gap-y-2">
-{{if lt . 3}}
+            <button class="btn" hx-get="/write-article" hx-target="#page-content">Artikel schreiben</button>
-<div>
+            <button class="btn" hx-get="/rejected-articles" hx-target="#page-content">Abgelehnte Artikel</button>
-    <button hx-get="/unpublished-articles/" hx-target="#page-content">Unveröffentlichte Artikel</button>
+            <a class="btn text-center" href="/rss">RSS Feed</a>
-    <button hx-get="/create-tag/" hx-target="#page-content">Neuer Tag</button>
+            <button class="btn" hx-get="/edit-self" hx-target="#page-content">Profil bearbeiten</button>
+        </div>
+    </div>
+    {{end}}
+
+    {{if lt . 3}}
+    <div class="mb-3">
+        <h2>Redakteur</h2>
+        <div class="grid grid-cols-2 gap-4">
+            <button class="btn" hx-get="/unpublished-articles" hx-target="#page-content">
+                Unveröffentlichte Artikel
+            </button>
+            <button class="btn" hx-get="/create-tag" hx-target="#page-content">Neuer Tag</button>
+        </div>
+    </div>
+    {{end}}
+
+    {{if lt . 2}}
+    <div class="mb-3">
+        <h2>Herausgeber</h2>
+        <div class="grid grid-cols-2 gap-4">
+            <button class="btn" hx-get="/this-issue" hx-target="#page-content">Diese Ausgabe</button>
+        </div>
+    </div>
+    {{end}}
+
+    {{if eq . 0}}
+    <div class="mb-3">
+        <h2>Administrator</h2>
+        <div class="grid grid-cols-3 gap-4">
+            <button class="btn" hx-get="/create-user" hx-target="#page-content">Benutzer hinzufügen</button>
+            <button class="btn" hx-get="/show-all-users-edit" hx-target="#page-content">Benutzer bearbeiten</button>
+            <button class="btn" hx-get="/show-all-users-delete" hx-target="#page-content">Benutzer löschen</button>
+        </div>
+    </div>
+    {{end}}
 </div>
 {{end}}
-{{if lt . 2}}
-<div>
-    <button hx-get="/this-issue/" hx-target="#page-content">Diese Ausgabe</button>
-</div>
-{{end}}
-{{if eq . 0}}
-<div>
-    <button hx-get="/create-user/" hx-target="#page-content">Benutzer hinzufügen</button>
-</div>
-{{end}}
-{{end}}

web/templates/index.html

@@ -5,26 +5,29 @@
     <meta charset="UTF-8">
     <meta name="viewport" content="width=device-width, initial-scale=1">
     <title>Orient Editor</title>
-    <link href="web/static/css/style.css" rel="stylesheet">
+    <link href="/web/static/css/style.css" rel="stylesheet">
+    <link rel="stylesheet" href="https://unpkg.com/easymde/dist/easymde.min.css">
 </head>
 
-<body>
+<body class="flex flex-col justify-between min-h-screen bg-slate-50">
-    <header>
+    <header class="my-8">
-        <h1>Orient Editor</h1>
+        <h1 class="font-bold text-4xl text-center">Orient Editor</h1>
-        <button hx-get="logout" hx-target="#page-content">Abmelden</button>
     </header>
 
-    <main>
+    <main class="mx-4">
         <div id="page-content">
             {{template "page-content" .}}
         </div>
-
-        <script src="web/static/js/htmx.min.js"></script>
     </main>
 
-    <footer>
+    <footer class="my-8">
-        <p>&copy; 2024 Jason Streifling. Alle Rechte vorbehalten.</p>
+        <p class="text-center text-gray-500 dark:text-gray-400">
+            &copy; 2024 Jason Streifling. Alle Rechte vorbehalten.
+        </p>
     </footer>
+
+    <script src="https://unpkg.com/htmx.org@2.0.1"></script>
+    <script src="https://unpkg.com/easymde/dist/easymde.min.js"></script>
 </body>
 
 </html>

web/templates/login.html

@@ -1,11 +1,12 @@
 {{define "page-content"}}
 <h2>Anmeldung</h2>
+
 <form>
-    <div>
+    <div class="btn-area">
-        <input name="username" placeholder="Benutzername" type="text" />
+        <input class="w-full" name="username" placeholder="Benutzername" type="text" />
-        <input name="password" placeholder="Passwort" type="password" />
+        <input class="w-full" name="password" placeholder="Passwort" type="password" />
     </div>
 
-    <input type="submit" value="Anmelden" hx-post="/login/" hx-target="#page-content" />
+    <input class="action-btn" type="submit" value="Anmelden" hx-post="/login" hx-target="#page-content" />
 </form>
 {{end}}

web/templates/rejected-articles.html

@@ -1,18 +1,16 @@
 {{define "page-content"}}
-<form>
+<h2>Abgelehnte Artikel</h2>
-    <div>
+
+<div class="flex flex-col gap-4">
     {{range .RejectedArticles}}
-        <div>
     {{if index $.MyIDs .ID}}
-            <input required id="{{.ID}}" name="id" type="radio" value="{{.ID}}" />
+    <button class="btn" hx-get="/review-rejected-article/{{.ID}}" hx-target="#page-content">
-            <label for="{{.ID}}">{{.Title}}</label>
+        <h1 class="font-bold text-2xl">{{.Title}}</h1>
+        <p>{{.Description}}</p>
+    </button>
     {{end}}
-        </div>
     {{end}}
-    </div>
 
-    <input type="submit" value="Auswählen" hx-post="/review-rejected-article/" hx-target="#page-content" />
+    <button class="action-btn" hx-get="/hub" hx-target="#page-content">Zurück</button>
-</form>
+</div>
-
-<button hx-get="/hub/" hx-target="#page-content">Zurück</button>
 {{end}}

web/templates/rework-article.html

@@ -1,14 +1,24 @@
 {{define "page-content"}}
 <h2>Editor</h2>
+
 <form>
-    <div>
+    <div class="flex flex-col gap-y-1">
-        <input name="article-title" placeholder="Titel" type="text" value="{{.Article.Title}}" />
+        <label for="article-title">Titel</label>
-        <textarea name="article-description" placeholder="Beschreibung">{{.Article.Description}}</textarea>
+        <input name="article-title" type="text" value="{{.Article.Title}}" />
-        <textarea name="article-content" placeholder="Artikel">{{.Article.Content}}</textarea>
-        <input name="article-id" type="hidden" value="{{.Article.ID}}" />
     </div>
+    <div class="flex flex-col">
+        <label for="article-description">Beschreibung</label>
+        <textarea name="article-description">{{.Article.Description}}</textarea>
+    </div>
+    <div class="flex flex-col">
+        <label for="article-content">Artikel</label>
+        <textarea name="article-content" placeholder="Artikel">{{.Article.Content}}</textarea>
+    </div>
+    <input id="article-content" name="article-content" type="hidden" />
 
     <div>
+        <span>Tags</span>
+        <div class="flex flex-wrap gap-x-4">
             {{range .Tags}}
             <div>
                 <input id="tag-{{.Name}}" name="tags" type="checkbox" value="{{.ID}}" {{if index $.Selected
@@ -17,9 +27,43 @@
             </div>
             {{end}}
         </div>
+    </div>
 
-    <input type="submit" value="Senden" hx-post="/resubmit-article/" hx-target="#page-content" />
+    <div class="btn-area">
+        <input class="action-btn" type="submit" value="Senden" hx-post="/resubmit-article/{{.Article.ID}}"
+            hx-target="#page-content" />
+        <button class="btn" hx-get="/hub" hx-target="#page-content">Zurück</button>
+    </div>
 </form>
 
-<button hx-get="/hub/" hx-target="#page-content">Zurück</button>
+<script>
+    var easyMDE = new EasyMDE({
+        element: document.getElementById('easyMDE'),
+        hideIcons: ['image'],
+        imageTexts: {sbInit: ''},
+        showIcons: ["code", "table", "upload-image"],
+        uploadImage: true,
+
+        imageUploadFunction: function (file, onSuccess, onError) {
+            var formData = new FormData();
+            formData.append('article-image', file);
+
+            fetch('/upload-image', {
+                method: 'POST',
+                body: formData
+            })
+                .then(response => response.json())
+                .then(data => {
+                    onSuccess(data);
+                })
+                .catch(error => {
+                    onError(error);
+                });
+        },
+    });
+
+    easyMDE.codemirror.on("change", () => {
+        document.getElementById('article-content').value = easyMDE.value();
+    });
+</script>
 {{end}}

web/templates/show-all-users.html

@@ -0,0 +1,24 @@
+{{define "page-content"}}
+<h2>Alle Benutzer</h2>
+
+<div class="flex flex-col gap-4">
+    {{range .Users}}
+    <button class="btn" hx-get="/{{$.Action}}/{{.ID}}" hx-target="#page-content">
+        <h1 class="font-bold text-2xl">
+            {{.UserName}}
+            ({{if eq .Role 0}}
+            Administrator
+            {{else if eq .Role 1}}
+            Herausgeber
+            {{else if eq .Role 2}}
+            Redakteur
+            {{else}}
+            Autor
+            {{end}})
+        </h1>
+        <p>{{.FirstName}} {{.LastName}}</p>
+    </button>
+    {{end}}
+    <button class="action-btn" hx-get="/hub" hx-target="#page-content">Zurück</button>
+</div>
+{{end}}

web/templates/to-be-published.html

@@ -1,19 +1,37 @@
 {{define "page-content"}}
-<form>
+<h2>Artikel veröffentlichen</h2>
-    <h2>{{.Article.Title}}</h2>
-    <p>{{.Article.Description}}</p>
-    {{.Article.Content}}
 
-    <p>
+<div>
+    <span>Titel</span>
+    <div class="bg-white border mb-3 px-2 py-2 rounded-md w-full">
+        {{.Title}}
+    </div>
+
+    <span>Beschreibung</span>
+    <div class="bg-white border mb-3 px-2 py-2 rounded-md w-full">
+        {{.Description}}
+    </div>
+
+    <span>Artikel</span>
+    <div class="bg-white border mb-3 px-2 py-2 rounded-md w-full">
+        <div class="prose">
+            {{.Content}}
+        </div>
+    </div>
+
+    <span>Tags</span>
+    <div class="bg-white border mb-3 px-2 py-2 rounded-md w-full">
         {{range .Tags}}
         {{.Name}}
+        <br>
         {{end}}
-    </p>
+    </div>
 
-    <input name="id" type="hidden" value="{{.Article.ID}}" />
+    <div class="btn-area">
-    <input type="submit" value="Veröffentlichen" hx-post="/publish-article/" hx-target="#page-content" />
+        <input class="action-btn" type="submit" value="Veröffentlichen" hx-get="/publish-article/{{.ID}}"
-    <input type="submit" value="Ablehnen" hx-post="/reject-article/" hx-target="#page-content" />
+            hx-target="#page-content" />
-</form>
+        <input class="btn" type="submit" value="Ablehnen" hx-get="/reject-article/{{.ID}}" hx-target="#page-content" />
-
+        <button class="btn" hx-get="/hub" hx-target="#page-content">Zurück</button>
-<button hx-get="/hub/" hx-target="#page-content">Zurück</button>
+    </div>
+</div>
 {{end}}

web/templates/unpublished-articles.html

@@ -1,16 +1,13 @@
 {{define "page-content"}}
-<form>
+<h2>Unveröffentlichte Artikel</h2>
-    <div>
+
+<div class="flex flex-col gap-4">
     {{range .}}
-        <div>
+    <button class="btn" hx-get="/review-unpublished-article/{{.ID}}" hx-target="#page-content">
-            <input required id="{{.ID}}" name="id" type="radio" value="{{.ID}}" />
+        <h1 class="font-bold text-2xl">{{.Title}}</h1>
-            <label for="{{.ID}}">{{.Title}}</label>
+        <p>{{.Description}}</p>
-        </div>
+    </button>
     {{end}}
-    </div>
+    <button class="action-btn" hx-get="/hub" hx-target="#page-content">Zurück</button>
-
+</div>
-    <input type="submit" value="Auswählen" hx-post="/review-unpublished-article/" hx-target="#page-content" />
-</form>
-
-<button hx-get="/hub/" hx-target="#page-content">Zurück</button>
 {{end}}