Check user credentials before adding user

.gitignore

@@ -21,3 +21,5 @@
 # Go workspace file
 go.work
 
+# Custom stuff
+tmp/

cmd/articles/markdown.go

@@ -0,0 +1,22 @@
+package articles
+
+import (
+	"bytes"
+	"fmt"
+
+	"github.com/microcosm-cc/bluemonday"
+	"github.com/yuin/goldmark"
+)
+
+func ConvertToHTML(md string) (string, error) {
+	var buf bytes.Buffer
+
+	if err := goldmark.Convert([]byte(md), &buf); err != nil {
+		return "", fmt.Errorf("error converting markdown to html: %v", err)
+	}
+
+	p := bluemonday.UGCPolicy()
+	html := p.Sanitize(buf.String())
+
+	return html, nil
+}

cmd/data/db.go

@@ -0,0 +1,101 @@
+package data
+
+import (
+	"database/sql"
+	"fmt"
+
+	"github.com/go-sql-driver/mysql"
+	"golang.org/x/crypto/bcrypt"
+)
+
+type DB struct {
+	*sql.DB
+}
+
+func OpenDB(dbName string) (*DB, error) {
+	var err error
+	db := DB{DB: &sql.DB{}}
+
+	cfg := mysql.NewConfig()
+	cfg.DBName = dbName
+	cfg.User, cfg.Passwd, err = getCredentials()
+	if err != nil {
+		return nil, fmt.Errorf("error reading user credentials for DB: %v", err)
+	}
+
+	db.DB, err = sql.Open("mysql", cfg.FormatDSN())
+	if err != nil {
+		return nil, fmt.Errorf("error opening DB: %v", err)
+	}
+	if err = db.Ping(); err != nil {
+		return nil, fmt.Errorf("error pinging DB: %v", err)
+	}
+
+	return &db, nil
+}
+
+func (db *DB) AddUser(user, pass, first, last string, writer, editor, admin bool) error {
+	userString, stringLen, ok := checkUserStrings(user, first, last)
+	if !ok {
+		return fmt.Errorf("error: %v is longer than %v characters", userString, stringLen)
+	}
+
+	if !permissionsOK(writer, editor, admin) {
+		return fmt.Errorf("error: permissions must be mutually exclusive: writer = %v, editor = %v, admin = %v",
+			writer, editor, admin)
+	}
+
+	hashedPass, err := bcrypt.GenerateFromPassword([]byte(pass), bcrypt.DefaultCost)
+	if err != nil {
+		return fmt.Errorf("error creating password hash: %v", err)
+	}
+
+	query := `
+    INSERT INTO users
+        (username, password, first_name, last_name, writer, editor, admin)
+    VALUES
+        (?, ?, ?, ?, ?, ?)
+    `
+	_, err = db.Exec(query, user, string(hashedPass), first, last, writer, editor, admin)
+	if err != nil {
+		return fmt.Errorf("error inserting user into DB: %v", err)
+	}
+
+	return nil
+}
+
+func (db *DB) ChangePassword(id int64, oldPass, newPass string) error {
+	var oldHashedPass string
+
+	selectQuery := `
+    SELECT password FROM
+        users
+    WHERE
+        id = ?
+    `
+	row := db.QueryRow(selectQuery, id)
+	if err := row.Scan(&oldHashedPass); err != nil {
+		return fmt.Errorf("error reading password from DB: %v", err)
+	}
+
+	if err := bcrypt.CompareHashAndPassword([]byte(oldHashedPass), []byte(oldPass)); err != nil {
+		return fmt.Errorf("error checking password: %v", err)
+	}
+
+	newHashedPass, err := bcrypt.GenerateFromPassword([]byte(newPass), bcrypt.DefaultCost)
+	if err != nil {
+		return fmt.Errorf("error creating password hash: %v", err)
+	}
+
+	updateQuery := `
+    UPDATE users
+    SET password = ?
+    WHERE id = ?
+    `
+	_, err = db.Exec(updateQuery, string(newHashedPass), id)
+	if err != nil {
+		return fmt.Errorf("error updating password in DB: %v", err)
+	}
+
+	return nil
+}

cmd/data/helpers.go

@@ -0,0 +1,73 @@
+package data
+
+import (
+	"bufio"
+	"fmt"
+	"os"
+	"strings"
+	"syscall"
+
+	"golang.org/x/term"
+)
+
+func getUsername() (string, error) {
+	user := os.Getenv("DB_USER")
+	if user == "" {
+		var err error
+		fmt.Printf("DB Benutzer: ")
+		user, err = bufio.NewReader(os.Stdin).ReadString('\n')
+		if err != nil {
+			return "", fmt.Errorf("error reading username: %v", err)
+		}
+	}
+	return strings.TrimSpace(user), nil
+}
+
+func getPassword() (string, error) {
+	pass := os.Getenv("DB_PASS")
+	if pass == "" {
+		fmt.Printf("DB Passwort: ")
+		bytePass, err := term.ReadPassword(int(syscall.Stdin))
+		if err != nil {
+			return "", fmt.Errorf("error reading password: %v", err)
+		}
+		fmt.Println()
+		pass = strings.TrimSpace(string(bytePass))
+	}
+	return pass, nil
+}
+
+func getCredentials() (string, string, error) {
+	user, err := getUsername()
+	if err != nil {
+		return "", "", fmt.Errorf("error getting username: %v", err)
+	}
+
+	pass, err := getPassword()
+	if err != nil {
+		return "", "", fmt.Errorf("error getting password: %v", err)
+	}
+
+	return user, pass, nil
+}
+
+func checkUserStrings(user, first, last string) (string, int, bool) {
+	userLen := 15
+	nameLen := 50
+
+	if len(user) > userLen {
+		return user, userLen, false
+	} else if len(first) > nameLen {
+		return first, nameLen, false
+	} else if len(last) > nameLen {
+		return last, nameLen, false
+	} else {
+		return "", 0, true
+	}
+}
+
+func permissionsOK(writer, editor, admin bool) bool {
+	return writer && !editor && !admin ||
+		!writer && editor && !admin ||
+		!writer && !editor && admin
+}

cmd/feed/rss.go

@@ -0,0 +1,75 @@
+package feed
+
+import (
+	"encoding/gob"
+	"fmt"
+	"os"
+	"time"
+
+	"github.com/gorilla/feeds"
+)
+
+type Feed struct {
+	feeds.Feed
+}
+
+func NewFeed(title, link, desc string) *Feed {
+	return &Feed{
+		Feed: feeds.Feed{
+			Title:       title,
+			Link:        &feeds.Link{Href: link},
+			Description: desc,
+		},
+	}
+}
+
+func SaveFeed(feed *Feed, filename string) error {
+	file, err := os.Create(filename)
+	if err != nil {
+		return fmt.Errorf("error creating file %v: %v", filename, err)
+	}
+	defer file.Close()
+
+	encoder := gob.NewEncoder(file)
+	err = encoder.Encode(feed)
+	if err != nil {
+		return fmt.Errorf("error encoding file %v: %v", filename, err)
+	}
+
+	return nil
+}
+
+func OpenFeed(filename string) (*Feed, error) {
+	file, err := os.Open(filename)
+	if err != nil {
+		return nil, fmt.Errorf("error opening file %v: %v", filename, err)
+	}
+	defer file.Close()
+
+	feed := &Feed{}
+	decoder := gob.NewDecoder(file)
+	err = decoder.Decode(feed)
+	if err != nil {
+		return nil, fmt.Errorf("error decoding file %v: %v", filename, err)
+	}
+
+	return feed, nil
+}
+
+func AddToFeed(feed *Feed, title, desc, content string) error {
+	item := feeds.Item{
+		Title:       title,
+		Created:     time.Now(),
+		Description: desc,
+		Content:     content,
+	}
+	feed.Add(&item)
+
+	rss, err := feed.ToRss()
+	if err != nil {
+		return fmt.Errorf("error converting feed to RSS: %v", err)
+	}
+	fmt.Println(rss)
+
+	return nil
+}

cmd/handlers/editor.go

@@ -0,0 +1,27 @@
+package handlers
+
+import (
+	"log"
+	"net/http"
+
+	"streifling.com/jason/cpolis/cmd/articles"
+	"streifling.com/jason/cpolis/cmd/feed"
+)
+
+func HandleFinishedEdit(f *feed.Feed) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		title := r.PostFormValue("editor-title")
+		desc := r.PostFormValue("editor-desc")
+		mdContent := r.PostFormValue("editor-text")
+
+		content, err := articles.ConvertToHTML(mdContent)
+		if err != nil {
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			log.Panicln(err)
+		}
+
+		feed.AddToFeed(f, title, desc, content)
+		feed.SaveFeed(f, "tmp/rss.gob")
+		// template.Must(template.ParseFiles("web/templates/editor.html")).ExecuteTemplate(w, "html-result", rssItem)
+	}
+}

go.mod

@@ -1,3 +1,19 @@
 module streifling.com/jason/cpolis
 
 go 1.22.0
+
+require (
+	github.com/go-sql-driver/mysql v1.7.1
+	github.com/gorilla/feeds v1.1.2
+	github.com/microcosm-cc/bluemonday v1.0.26
+	github.com/yuin/goldmark v1.7.0
+	golang.org/x/crypto v0.14.0
+	golang.org/x/term v0.17.0
+)
+
+require (
+	github.com/aymerick/douceur v0.2.0 // indirect
+	github.com/gorilla/css v1.0.0 // indirect
+	golang.org/x/net v0.17.0 // indirect
+	golang.org/x/sys v0.17.0 // indirect
+)

go.sum

@@ -0,0 +1,26 @@
+github.com/aymerick/douceur v0.2.0 h1:Mv+mAeH1Q+n9Fr+oyamOlAkUNPWPlA8PPGR0QAaYuPk=
+github.com/aymerick/douceur v0.2.0/go.mod h1:wlT5vV2O3h55X9m7iVYN0TBM0NH/MmbLnd30/FjWUq4=
+github.com/go-sql-driver/mysql v1.7.1 h1:lUIinVbN1DY0xBg0eMOzmmtGoHwWBbvnWubQUrtU8EI=
+github.com/go-sql-driver/mysql v1.7.1/go.mod h1:OXbVy3sEdcQ2Doequ6Z5BW6fXNQTmx+9S1MCJN5yJMI=
+github.com/gorilla/css v1.0.0 h1:BQqNyPTi50JCFMTw/b67hByjMVXZRwGha6wxVGkeihY=
+github.com/gorilla/css v1.0.0/go.mod h1:Dn721qIggHpt4+EFCcTLTU/vk5ySda2ReITrtgBl60c=
+github.com/gorilla/feeds v1.1.2 h1:pxzZ5PD3RJdhFH2FsJJ4x6PqMqbgFk1+Vez4XWBW8Iw=
+github.com/gorilla/feeds v1.1.2/go.mod h1:WMib8uJP3BbY+X8Szd1rA5Pzhdfh+HCCAYT2z7Fza6Y=
+github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
+github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
+github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
+github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
+github.com/microcosm-cc/bluemonday v1.0.26 h1:xbqSvqzQMeEHCqMi64VAs4d8uy6Mequs3rQ0k/Khz58=
+github.com/microcosm-cc/bluemonday v1.0.26/go.mod h1:JyzOCs9gkyQyjs+6h10UEVSe02CGwkhd72Xdqh78TWs=
+github.com/rogpeppe/go-internal v1.9.0 h1:73kH8U+JUqXU8lRuOHeVHaa/SZPifC7BkcraZVejAe8=
+github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs=
+github.com/yuin/goldmark v1.7.0 h1:EfOIvIMZIzHdB/R/zVrikYLPPwJlfMcNczJFMs1m6sA=
+github.com/yuin/goldmark v1.7.0/go.mod h1:uzxRWxtg69N339t3louHJ7+O03ezfj6PlliRlaOzY1E=
+golang.org/x/crypto v0.14.0 h1:wBqGXzWJW6m1XrIKlAH0Hs1JJ7+9KBwnIO8v66Q9cHc=
+golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4=
+golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM=
+golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=
+golang.org/x/sys v0.17.0 h1:25cE3gD+tdBA7lp7QfhuV+rJiE9YXTcS3VG1SqssI/Y=
+golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/term v0.17.0 h1:mkTF7LCd6WGJNL3K1Ad7kwxNfYAW6a8a8QqtMblp/4U=
+golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=

main.go

@@ -1,8 +1,36 @@
 package main
 
-import "net/http"
+import (
+	"html/template"
+	"log"
+	"net/http"
+
+	"streifling.com/jason/cpolis/cmd/data"
+	"streifling.com/jason/cpolis/cmd/feed"
+	"streifling.com/jason/cpolis/cmd/handlers"
+)
 
 func main() {
-	mux := http.NewServeMux()
+	db, err := data.OpenDB("cpolis")
-	http.ListenAndServe(":8080", mux)
+	if err != nil {
+		log.Fatalln(err)
+	}
+	defer db.Close()
+
+	f, err := feed.OpenFeed("tmp/rss.gob")
+	if err != nil {
+		log.Println(err)
+		f = feed.NewFeed("Freimaurer Distrikt Niedersachsen und Sachsen-Anhalt",
+			"https://distrikt-ni-st.de",
+			"Freiheit, Gleichheit, Brüderlichkeit, Toleranz und Humanität")
+	}
+
+	mux := http.NewServeMux()
+	mux.Handle("/web/static/", http.StripPrefix("/web/static/", http.FileServer(http.Dir("web/static/"))))
+	mux.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
+		template.Must(template.ParseFiles("web/templates/index.html", "web/templates/editor.html")).Execute(w, nil)
+	})
+	mux.HandleFunc("POST /finished-edit/", handlers.HandleFinishedEdit(f))
+
+	log.Fatalln(http.ListenAndServe(":8080", mux))
 }

web/templates/editor.html

@@ -0,0 +1,12 @@
+{{define "page-content"}}
+<form>
+    <input type="text" name="editor-title" value="Titel">
+    <textarea name="editor-desc"></textarea>
+    <textarea name="editor-text"></textarea>
+    <input type="submit" value="Senden" hx-post="/finished-edit/" hx-target="#page-content">
+</form>
+{{end}}
+
+{{define "html-result"}}
+{{.}}
+{{end}}

web/templates/index.html

@@ -0,0 +1,21 @@
+<!DOCTYPE html>
+<html lang="de">
+
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1">
+    <title>Orient Editor</title>
+    <link href="web/static/css/style.css" rel="stylesheet">
+</head>
+
+<body>
+    <h1>Orient Editor</h1>
+
+    <div id="page-content">
+        {{template "page-content" .}}
+    </div>
+
+    <script src="web/static/js/htmx.min.js"></script>
+</body>
+
+</html>