Merge branch 'devel'

.air.toml

@@ -3,25 +3,7 @@ testdata_dir = "testdata"
 tmp_dir = "tmp"
 
 [build]
-args_bin = [
-    "-aes tmp/cpolis.aes",
-    "-articles tmp/articles",
-    "-banner-width 512",
-    "-config tmp/config.toml",
-    "-desc 'Freiheit, Gleichheit, Brüderlichkeit, Toleranz und Humanität'",
-    "-domain localhost",
-    "-feed tmp/cpolis.atom",
-    "-firebase tmp/firebase.json",
-    "-gob tmp/cpolis.gob",
-    "-img-width 256",
-    "-link https://distrikt-ni-st.de",
-    "-log tmp/cpolis.log",
-    "-pdfs tmp/pdfs",
-    "-pics tmp/pics",
-    "-port 8080",
-    "-title 'Freimaurer Distrikt Niedersachsen und Sachsen-Anhalt'",
-    "-web web",
-]
+args_bin = ["-config tmp/config.toml"]
 bin = "./tmp/main"
 cmd = "go build -o ./tmp/main ./cmd/main.go"
 delay = 0

cmd/backend/articles.go

@@ -6,7 +6,10 @@ import (
 	"fmt"
 	"log"
 	"os"
+	"path/filepath"
 	"time"
+
+	"github.com/google/uuid"
 )
 
 type Article struct {
@@ -14,6 +17,7 @@ type Article struct {
 	Title         string
 	BannerLink    string
 	Summary       string
+	UUID          uuid.UUID
 	ID            int64
 	CreatorID     int64
 	IssueID       int64
@@ -31,8 +35,8 @@ func (db *DB) AddArticle(a *Article) (int64, error) {
 	selectQuery := "SELECT id FROM issues WHERE published = false"
 	insertQuery := `
     INSERT INTO articles
-        (title, banner_link, summary, published, rejected, creator_id, issue_id, edited_id, clicks, is_in_issue, auto_generated)
-    VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
+        (title, banner_link, summary, published, rejected, creator_id, issue_id, edited_id, clicks, is_in_issue, auto_generated, uuid)
+    VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
     `
 
 	for i := 0; i < TxMaxRetries; i++ {
@@ -49,7 +53,7 @@ func (db *DB) AddArticle(a *Article) (int64, error) {
 				return 0, fmt.Errorf("error getting issue ID when adding article to DB: %v", err)
 			}
 
-			result, err := tx.Exec(insertQuery, a.Title, a.BannerLink, a.Summary, a.Published, a.Rejected, a.CreatorID, id, a.EditedID, 0, a.IsInIssue, a.AutoGenerated)
+			result, err := tx.Exec(insertQuery, a.Title, a.BannerLink, a.Summary, a.Published, a.Rejected, a.CreatorID, id, a.EditedID, 0, a.IsInIssue, a.AutoGenerated, a.UUID.String())
 			if err != nil {
 				if rollbackErr := tx.Rollback(); rollbackErr != nil {
 					log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
@@ -83,7 +87,7 @@ func (db *DB) AddArticle(a *Article) (int64, error) {
 
 func (db *DB) GetArticle(id int64) (*Article, error) {
 	query := `
-    SELECT title, created, banner_link, summary, published, creator_id, issue_id, edited_id, clicks, is_in_issue, auto_generated
+    SELECT title, created, banner_link, summary, published, creator_id, issue_id, edited_id, clicks, is_in_issue, auto_generated, uuid
     FROM articles
     WHERE id = ?
     `
@@ -91,9 +95,10 @@ func (db *DB) GetArticle(id int64) (*Article, error) {
 
 	article := new(Article)
 	var created []byte
+	var uuidString string
 	var err error
 
-	if err := row.Scan(&article.Title, &created, &article.BannerLink, &article.Summary, &article.Published, &article.CreatorID, &article.IssueID, &article.EditedID, &article.Clicks, &article.IsInIssue, &article.AutoGenerated); err != nil {
+	if err := row.Scan(&article.Title, &created, &article.BannerLink, &article.Summary, &article.Published, &article.CreatorID, &article.IssueID, &article.EditedID, &article.Clicks, &article.IsInIssue, &article.AutoGenerated, &uuidString); err != nil {
 		return nil, fmt.Errorf("error scanning article row: %v", err)
 	}
 
@@ -103,12 +108,42 @@ func (db *DB) GetArticle(id int64) (*Article, error) {
 		return nil, fmt.Errorf("error parsing created: %v", err)
 	}
 
+	article.UUID, err = uuid.Parse(uuidString)
+	if err != nil {
+		return nil, fmt.Errorf("error parsing uuid: %v", err)
+	}
+
+	return article, nil
+}
+
+func (db *DB) GetArticleByUUID(u uuid.UUID) (*Article, error) {
+	query := `
+    SELECT id, title, created, banner_link, summary, published, creator_id, issue_id, edited_id, clicks, is_in_issue, auto_generated
+    FROM articles
+    WHERE uuid = ?
+    `
+	row := db.QueryRow(query, u.String())
+
+	article := new(Article)
+	var created []byte
+	var err error
+
+	if err := row.Scan(&article.ID, &article.Title, &created, &article.BannerLink, &article.Summary, &article.Published, &article.CreatorID, &article.IssueID, &article.EditedID, &article.Clicks, &article.IsInIssue, &article.AutoGenerated); err != nil {
+		return nil, fmt.Errorf("error scanning article row: %v", err)
+	}
+
+	article.UUID = u
+	article.Created, err = time.Parse("2006-01-02 15:04:05", string(created))
+	if err != nil {
+		return nil, fmt.Errorf("error parsing created: %v", err)
+	}
+
 	return article, nil
 }
 
 func (db *DB) GetCertainArticles(attribute string, value bool) ([]*Article, error) {
 	query := fmt.Sprintf(`
-    SELECT id, title, created, banner_link, summary, creator_id, issue_id, clicks, published, rejected, is_in_issue, auto_generated
+    SELECT id, title, created, banner_link, summary, creator_id, issue_id, clicks, published, rejected, is_in_issue, auto_generated, uuid
     FROM articles
     WHERE %s = ?
     `, attribute)
@@ -121,8 +156,9 @@ func (db *DB) GetCertainArticles(attribute string, value bool) ([]*Article, erro
 	for rows.Next() {
 		article := new(Article)
 		var created []byte
+		var uuidString string
 
-		if err = rows.Scan(&article.ID, &article.Title, &created, &article.BannerLink, &article.Summary, &article.CreatorID, &article.IssueID, &article.Clicks, &article.Published, &article.Rejected, &article.IsInIssue, &article.AutoGenerated); err != nil {
+		if err = rows.Scan(&article.ID, &article.Title, &created, &article.BannerLink, &article.Summary, &article.CreatorID, &article.IssueID, &article.Clicks, &article.Published, &article.Rejected, &article.IsInIssue, &article.AutoGenerated, &uuidString); err != nil {
 			return nil, fmt.Errorf("error scanning article row: %v", err)
 		}
 
@@ -131,9 +167,18 @@ func (db *DB) GetCertainArticles(attribute string, value bool) ([]*Article, erro
 			return nil, fmt.Errorf("error parsing created: %v", err)
 		}
 
+		article.UUID, err = uuid.Parse(uuidString)
+		if err != nil {
+			return nil, fmt.Errorf("error parsing uuid: %v", err)
+		}
+
 		articleList = append(articleList, article)
 	}
 
+	if err = rows.Err(); err != nil {
+		return nil, fmt.Errorf("error iterating over rows: %v", err)
+	}
+
 	return articleList, nil
 }
 
@@ -142,7 +187,7 @@ func (db *DB) GetCurrentIssueArticles() ([]*Article, error) {
 	txOptions := &sql.TxOptions{Isolation: sql.LevelSerializable}
 	issueQuery := "SELECT id FROM issues WHERE published = false"
 	articlesQuery := `
-    SELECT id, title, created, banner_link, summary, clicks, auto_generated
+    SELECT id, title, created, banner_link, summary, clicks, auto_generated, uuid
     FROM articles
     WHERE issue_id = ? AND published = true AND is_in_issue = true
     `
@@ -174,8 +219,9 @@ func (db *DB) GetCurrentIssueArticles() ([]*Article, error) {
 			for rows.Next() {
 				article := new(Article)
 				var created []byte
+				var uuidString string
 
-				if err = rows.Scan(&article.ID, &article.Title, &created, &article.BannerLink, &article.Summary, &article.Clicks, &article.AutoGenerated); err != nil {
+				if err = rows.Scan(&article.ID, &article.Title, &created, &article.BannerLink, &article.Summary, &article.Clicks, &article.AutoGenerated, &uuidString); err != nil {
 					if rollbackErr := tx.Rollback(); rollbackErr != nil {
 						log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
 					}
@@ -190,9 +236,24 @@ func (db *DB) GetCurrentIssueArticles() ([]*Article, error) {
 					return nil, fmt.Errorf("error parsing created: %v", err)
 				}
 
+				article.UUID, err = uuid.Parse(uuidString)
+				if err != nil {
+					if rollbackErr := tx.Rollback(); rollbackErr != nil {
+						log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+					}
+					return nil, fmt.Errorf("error parsing uuid: %v", err)
+				}
+
 				articleList = append(articleList, article)
 			}
 
+			if err = rows.Err(); err != nil {
+				if rollbackErr := tx.Rollback(); rollbackErr != nil {
+					log.Fatalf("transaction error: %v, rollback error: %v", err, rollbackErr)
+				}
+				return nil, fmt.Errorf("error iterating over rows: %v", err)
+			}
+
 			if err = tx.Commit(); err != nil {
 				return nil, fmt.Errorf("error committing transaction when getting articles of issue %v: %v", issueID, err)
 			}
@@ -284,11 +345,38 @@ func (db *DB) DeleteArticle(id int64) error {
 	return nil
 }
 
-func WriteArticleToFile(c *Config, articleID int64, content []byte) error {
-	articleAbsName := fmt.Sprint(c.ArticleDir, "/", articleID, ".md")
+func (db *DB) GetAllArticles() ([]*Article, error) {
+	query := `
+    SELECT title, created, banner_link, summary, published, creator_id, issue_id, edited_id, clicks, is_in_issue, auto_generated, uuid
+    FROM articles
+    `
 
-	if err := os.WriteFile(articleAbsName, content, 0644); err != nil {
-		return fmt.Errorf("error writing article %v to file: %v", articleID, err)
+	rows, err := db.Query(query)
+	if err != nil {
+		return nil, fmt.Errorf("error querying DB: %v", err)
+	}
+
+	articles := make([]*Article, 0)
+	for rows.Next() {
+		article := new(Article)
+		if err = rows.Scan(&article.Title, &article.Created, &article.BannerLink, &article.Summary, &article.Published, &article.CreatorID, &article.IssueID, &article.EditedID, &article.Clicks, &article.IsInIssue, &article.AutoGenerated, &article.UUID); err != nil {
+			return nil, fmt.Errorf("error scanning rows: %v", err)
+		}
+		articles = append(articles, article)
+	}
+
+	if err := rows.Err(); err != nil {
+		return nil, fmt.Errorf("error iterating over rows: %v", err)
+	}
+
+	return articles, nil
+}
+
+func WriteArticleToFile(c *Config, articleUUID uuid.UUID, content []byte) error {
+	articlePath := filepath.Join(c.ArticleDir, fmt.Sprint(articleUUID, ".md"))
+
+	if err := os.WriteFile(articlePath, content, 0644); err != nil {
+		return fmt.Errorf("error writing article %v to file: %v", articleUUID, err)
 	}
 
 	return nil

cmd/backend/articles_authors.go

@@ -68,6 +68,10 @@ func (db *DB) GetArticleAuthors(c *Config, articleID int64) ([]*User, error) {
 		authors = append(authors, author)
 	}
 
+	if err = rows.Err(); err != nil {
+		return nil, fmt.Errorf("error iterating over rows: %v", err)
+	}
+
 	return authors, nil
 }
 

cmd/backend/articles_contributors.go

@@ -68,6 +68,10 @@ func (db *DB) GetArticleContributors(c *Config, articleID int64) ([]*User, error
 		contributors = append(contributors, contributor)
 	}
 
+	if err = rows.Err(); err != nil {
+		return nil, fmt.Errorf("error iterating over rows: %v", err)
+	}
+
 	return contributors, nil
 }
 

cmd/backend/articles_tags.go

@@ -61,6 +61,10 @@ func (db *DB) GetArticleTags(articleID int64) ([]*Tag, error) {
 		tags = append(tags, tag)
 	}
 
+	if err = rows.Err(); err != nil {
+		return nil, fmt.Errorf("error iterating over rows: %v", err)
+	}
+
 	return tags, nil
 }
 

cmd/backend/atom.go

@@ -1,6 +1,7 @@
 package backend
 
 import (
+	"errors"
 	"fmt"
 	"io"
 	"os"
@@ -12,6 +13,9 @@ func GenerateAtomFeed(c *Config, db *DB) (*string, error) {
 	feed := atom.NewFeed(c.Title)
 	feed.ID = atom.NewID("urn:feed:1")
 	feed.Subtitle = atom.NewText("text", c.Description)
+	if feed.Subtitle == nil {
+		return nil, errors.New("feed subtitle was not created")
+	}
 
 	linkID := feed.AddLink(atom.NewLink(c.Link))
 	feed.Links[linkID].Rel = "self"
@@ -33,16 +37,25 @@ func GenerateAtomFeed(c *Config, db *DB) (*string, error) {
 		entry := atom.NewEntry(articleTitle)
 		entry.ID = atom.NewID(fmt.Sprint("urn:entry:", article.ID))
 		entry.Published = atom.NewDate(article.Created)
-		entry.Content = atom.NewContent(atom.OutOfLine, "text/hmtl", fmt.Sprint(c.Domain, "/article/serve/", article.ID))
+		entry.Content = atom.NewContent(atom.OutOfLine, "text/html", fmt.Sprint(c.Domain, "/article/serve/", article.UUID))
+		if entry.Content == nil {
+			return nil, errors.New("entry content was not created")
+		}
 
 		if article.AutoGenerated {
 			entry.Summary = atom.NewText("text", "automatically generated")
+			if entry.Summary == nil {
+				return nil, errors.New("entry summary was not created")
+			}
 		} else {
 			articleSummary, err := ConvertToPlain(article.Summary)
 			if err != nil {
 				return nil, fmt.Errorf("error converting description to plain text for Atom feed: %v", err)
 			}
 			entry.Summary = atom.NewText("text", articleSummary)
+			if entry.Summary == nil {
+				return nil, errors.New("entry summary was not created")
+			}
 		}
 
 		if len(article.BannerLink) > 0 {

cmd/backend/config.go

@@ -12,58 +12,58 @@ import (
 )
 
 type Config struct {
-	AESKeyFile      string
-	ArticleDir      string
-	ConfigFile      string
-	DBName          string
-	Description     string
-	Domain          string
-	AtomFile        string
-	FirebaseKey     string
-	GOBKeyFile      string
-	Link            string
-	LogFile         string
-	PDFDir          string
-	PicsDir         string
-	Port            string
-	Title           string
-	Version         string
-	WebDir          string
-	MaxBannerHeight int
-	MaxBannerWidth  int
-	MaxImgHeight    int
-	MaxImgWidth     int
+	AESKeyFile        string
+	ArticleDir        string
+	AtomFile          string
+	ConfigFile        string
+	DBName            string
+	DBPass            string
+	DBUser            string
+	Description       string
+	Domain            string
+	FirebaseKey       string
+	ImgDir            string
+	Link              string
+	LogFile           string
+	PDFDir            string
+	Port              string
+	Title             string
+	Version           string
+	WebDir            string
+	CookieExpiryHours int
+	MaxBannerHeight   int
+	MaxBannerWidth    int
+	MaxImgHeight      int
+	MaxImgWidth       int
 }
 
 func newConfig() *Config {
 	return &Config{
-		AESKeyFile:      "/var/www/cpolis/aes.key",
-		ArticleDir:      "/var/www/cpolis/articles",
-		AtomFile:        "/var/www/cpolis/cpolis.atom",
-		ConfigFile:      "/etc/cpolis/config.toml",
-		DBName:          "cpolis",
-		FirebaseKey:     "/var/www/cpolis/serviceAccountKey.json",
-		GOBKeyFile:      "/var/www/cpolis/gob.key",
-		LogFile:         "/var/log/cpolis.log",
-		MaxBannerHeight: 1080,
-		MaxBannerWidth:  1920,
-		MaxImgHeight:    1080,
-		MaxImgWidth:     1920,
-		PDFDir:          "/var/www/cpolis/pdfs",
-		PicsDir:         "/var/www/cpolis/pics",
-		Port:            ":8080",
-		Version:         "v0.14.1",
-		WebDir:          "/var/www/cpolis/web",
+		AESKeyFile:        "/var/www/cpolis/aes.key",
+		ArticleDir:        "/var/www/cpolis/articles",
+		AtomFile:          "/var/www/cpolis/cpolis.atom",
+		ConfigFile:        "/etc/cpolis/config.toml",
+		CookieExpiryHours: 24 * 30,
+		DBName:            "cpolis",
+		DBUser:            "cpolis",
+		FirebaseKey:       "/etc/cpolis/serviceAccountKey.json",
+		ImgDir:            "/var/www/cpolis/images",
+		LogFile:           "/var/log/cpolis.log",
+		MaxBannerHeight:   1080,
+		MaxBannerWidth:    1920,
+		MaxImgHeight:      1080,
+		MaxImgWidth:       1920,
+		PDFDir:            "/var/www/cpolis/pdfs",
+		Port:              ":1664",
+		Version:           "v0.16.1",
+		WebDir:            "/var/www/cpolis/web",
 	}
 }
 
 func mkDir(path string, perm fs.FileMode) (string, error) {
-	var err error
+	name := filepath.Base(path)
 
-	stringSlice := strings.Split(path, "/")
-	name := stringSlice[len(stringSlice)-1]
-
-	path, err = filepath.Abs(path)
+	path, err := filepath.Abs(path)
 	if err != nil {
 		return "", fmt.Errorf("error finding absolute path for %v directory: %v", name, err)
 	}
@@ -82,20 +82,20 @@ func mkFile(path string, filePerm, dirPerm fs.FileMode) (string, error) {
 		return "", fmt.Errorf("error finding absolute path for %v: %v", path, err)
 	}
 
-	stringSlice := strings.Split(path, "/")
 	_, err = os.Stat(path)
 	if os.IsNotExist(err) {
-		dir := strings.Join(stringSlice[:len(stringSlice)-1], "/")
+		dir := filepath.Dir(path)
 		if err = os.MkdirAll(dir, dirPerm); err != nil {
 			return "", fmt.Errorf("error creating %v: %v", dir, err)
 		}
 
-		fileName := stringSlice[len(stringSlice)-1]
-		file, err := os.Create(dir + "/" + fileName)
+		fileName := filepath.Base(path)
+		file, err := os.Create(filepath.Join(dir, fileName))
 		if err != nil {
 			return "", fmt.Errorf("error creating %v: %v", fileName, err)
 		}
 		defer file.Close()
+
 		if err = file.Chmod(filePerm); err != nil {
 			return "", fmt.Errorf("error setting permissions for %v: %v", fileName, err)
 		}
@@ -113,16 +113,18 @@ func (c *Config) handleCliArgs() error {
 	flag.StringVar(&c.AtomFile, "feed", c.AtomFile, "atom feed file")
 	flag.StringVar(&c.ConfigFile, "config", c.ConfigFile, "config file")
 	flag.StringVar(&c.DBName, "db", c.DBName, "DB name")
+	flag.StringVar(&c.DBPass, "db-pass", c.DBPass, "DB password")
+	flag.StringVar(&c.DBUser, "db-user", c.DBUser, "DB username")
 	flag.StringVar(&c.Description, "desc", c.Description, "channel description")
 	flag.StringVar(&c.Domain, "domain", c.Domain, "domain name")
 	flag.StringVar(&c.FirebaseKey, "firebase", c.FirebaseKey, "Firebase service account key file")
-	flag.StringVar(&c.GOBKeyFile, "gob", c.GOBKeyFile, "gob key file")
+	flag.StringVar(&c.ImgDir, "images", c.ImgDir, "images directory")
 	flag.StringVar(&c.Link, "link", c.Link, "channel Link")
 	flag.StringVar(&c.LogFile, "log", c.LogFile, "log file")
 	flag.StringVar(&c.PDFDir, "pdfs", c.PDFDir, "pdf directory")
-	flag.StringVar(&c.PicsDir, "pics", c.PicsDir, "pictures directory")
 	flag.StringVar(&c.Title, "title", c.Title, "channel title")
 	flag.StringVar(&c.WebDir, "web", c.WebDir, "web directory")
+	flag.IntVar(&c.CookieExpiryHours, "cookie-expiry-hours", c.CookieExpiryHours, "cookies expire after this amount of hours")
 	flag.IntVar(&c.MaxBannerHeight, "banner-height", c.MaxBannerHeight, "maximum banner height")
 	flag.IntVar(&c.MaxBannerWidth, "banner-width", c.MaxBannerWidth, "maximum banner width")
 	flag.IntVar(&c.MaxImgHeight, "img-height", c.MaxImgHeight, "maximum image height")
@@ -158,6 +160,10 @@ func (c *Config) setupConfig(cliConfig *Config) error {
 	if cliConfig.AESKeyFile != defaultConfig.AESKeyFile {
 		c.AESKeyFile = cliConfig.AESKeyFile
 	}
+	c.AESKeyFile, err = filepath.Abs(c.AESKeyFile)
+	if err != nil {
+		return fmt.Errorf("error setting absolute filepath for AESKeyFile: %v", err)
+	}
 	c.AESKeyFile, err = mkFile(c.AESKeyFile, 0600, 0700)
 	if err != nil {
 		return fmt.Errorf("error setting up file: %v", err)
@@ -166,15 +172,43 @@ func (c *Config) setupConfig(cliConfig *Config) error {
 	if cliConfig.ArticleDir != defaultConfig.ArticleDir {
 		c.ArticleDir = cliConfig.ArticleDir
 	}
+	c.ArticleDir, err = filepath.Abs(c.ArticleDir)
+	if err != nil {
+		return fmt.Errorf("error setting absolute filepath for ArticleDir: %v", err)
+	}
 	c.ArticleDir, err = mkDir(c.ArticleDir, 0700)
 	if err != nil {
 		return fmt.Errorf("error setting up directory: %v", err)
 	}
 
+	if cliConfig.AtomFile != defaultConfig.AtomFile {
+		c.AtomFile = cliConfig.AtomFile
+	}
+	c.AtomFile, err = filepath.Abs(c.AtomFile)
+	if err != nil {
+		return fmt.Errorf("error setting absolute filepath for AtomFile: %v", err)
+	}
+	c.AtomFile, err = mkFile(c.AtomFile, 0644, 0744)
+	if err != nil {
+		return fmt.Errorf("error setting up file: %v", err)
+	}
+
+	if cliConfig.CookieExpiryHours != defaultConfig.CookieExpiryHours {
+		c.CookieExpiryHours = cliConfig.CookieExpiryHours
+	}
+
 	if cliConfig.DBName != defaultConfig.DBName {
 		c.DBName = cliConfig.DBName
 	}
 
+	if cliConfig.DBPass != defaultConfig.DBPass {
+		c.DBPass = cliConfig.DBPass
+	}
+
+	if cliConfig.DBUser != defaultConfig.DBUser {
+		c.DBUser = cliConfig.DBUser
+	}
+
 	if cliConfig.Description != defaultConfig.Description {
 		c.Description = cliConfig.Description
 	}
@@ -182,33 +216,33 @@ func (c *Config) setupConfig(cliConfig *Config) error {
 	if cliConfig.Domain != defaultConfig.Domain {
 		c.Domain = cliConfig.Domain
 	}
-	domainStrings := strings.Split(c.Domain, "/")
-	if domainStrings[0] != "http:" && domainStrings[0] != "https:" {
+	domainStrings := strings.Split(c.Domain, ":")
+	if domainStrings[0] != "http" && domainStrings[0] != "https" {
 		c.Domain = "https://" + c.Domain
 	}
 
-	if cliConfig.AtomFile != defaultConfig.AtomFile {
-		c.AtomFile = cliConfig.AtomFile
-	}
-	c.AtomFile, err = mkFile(c.AtomFile, 0644, 0744)
-	if err != nil {
-		return fmt.Errorf("error setting up file: %v", err)
-	}
-
 	if cliConfig.FirebaseKey != defaultConfig.FirebaseKey {
 		c.FirebaseKey = cliConfig.FirebaseKey
 	}
+	c.FirebaseKey, err = filepath.Abs(c.FirebaseKey)
+	if err != nil {
+		return fmt.Errorf("error setting absolute filepath for FirebaseKey: %v", err)
+	}
 	c.FirebaseKey, err = mkFile(c.FirebaseKey, 0600, 0700)
 	if err != nil {
 		return fmt.Errorf("error setting up file: %v", err)
 	}
 
-	if cliConfig.GOBKeyFile != defaultConfig.GOBKeyFile {
-		c.GOBKeyFile = cliConfig.GOBKeyFile
+	if cliConfig.ImgDir != defaultConfig.ImgDir {
+		c.ImgDir = cliConfig.ImgDir
 	}
-	c.GOBKeyFile, err = mkFile(c.GOBKeyFile, 0600, 0700)
+	c.ImgDir, err = filepath.Abs(c.ImgDir)
 	if err != nil {
-		return fmt.Errorf("error setting up file: %v", err)
+		return fmt.Errorf("error setting absolute filepath for PicsDir: %v", err)
+	}
+	c.ImgDir, err = mkDir(c.ImgDir, 0700)
+	if err != nil {
+		return fmt.Errorf("error setting up directory: %v", err)
 	}
 
 	if cliConfig.Link != defaultConfig.Link {
@@ -218,6 +252,10 @@ func (c *Config) setupConfig(cliConfig *Config) error {
 	if cliConfig.LogFile != defaultConfig.LogFile {
 		c.LogFile = cliConfig.LogFile
 	}
+	c.LogFile, err = filepath.Abs(c.LogFile)
+	if err != nil {
+		return fmt.Errorf("error setting absolute filepath for LogFile: %v", err)
+	}
 	c.LogFile, err = mkFile(c.LogFile, 0600, 0700)
 	if err != nil {
 		return fmt.Errorf("error setting up file: %v", err)
@@ -242,15 +280,11 @@ func (c *Config) setupConfig(cliConfig *Config) error {
 	if cliConfig.PDFDir != defaultConfig.PDFDir {
 		c.PDFDir = cliConfig.PDFDir
 	}
-	c.PDFDir, err = mkDir(c.PDFDir, 0700)
+	c.PDFDir, err = filepath.Abs(c.PDFDir)
 	if err != nil {
-		return fmt.Errorf("error setting up directory: %v", err)
+		return fmt.Errorf("error setting absolute filepath for PDFDir: %v", err)
 	}
-
-	if cliConfig.PicsDir != defaultConfig.PicsDir {
-		c.PicsDir = cliConfig.PicsDir
-	}
-	c.PicsDir, err = mkDir(c.PicsDir, 0700)
+	c.PDFDir, err = mkDir(c.PDFDir, 0700)
 	if err != nil {
 		return fmt.Errorf("error setting up directory: %v", err)
 	}
@@ -266,6 +300,10 @@ func (c *Config) setupConfig(cliConfig *Config) error {
 	if cliConfig.WebDir != defaultConfig.WebDir {
 		c.WebDir = cliConfig.WebDir
 	}
+	c.WebDir, err = filepath.Abs(c.WebDir)
+	if err != nil {
+		return fmt.Errorf("error setting absolute filepath for WebDir: %v", err)
+	}
 	c.WebDir, err = mkDir(c.WebDir, 0700)
 	if err != nil {
 		return fmt.Errorf("error setting up directory: %v", err)

cmd/backend/db.go

@@ -30,45 +30,32 @@ type (
 	}
 )
 
-func getUsername() (string, error) {
-	user := os.Getenv("DB_USER")
-	if user == "" {
+func getDBUsername(c *Config) error {
+	if c.DBUser == "" {
 		var err error
+
 		fmt.Printf("DB Benutzer: ")
-		user, err = bufio.NewReader(os.Stdin).ReadString('\n')
+		c.DBUser, err = bufio.NewReader(os.Stdin).ReadString('\n')
 		if err != nil {
-			return "", fmt.Errorf("error reading username: %v", err)
+			return fmt.Errorf("error reading username: %v", err)
 		}
 	}
-	return strings.TrimSpace(user), nil
+
+	return nil
 }
 
-func getPassword() (string, error) {
-	pass := os.Getenv("DB_PASS")
-	if pass == "" {
+func getDBPassword(c *Config) error {
+	if c.DBPass == "" {
 		fmt.Printf("DB Passwort: ")
 		bytePass, err := term.ReadPassword(int(syscall.Stdin))
 		if err != nil {
-			return "", fmt.Errorf("error reading password: %v", err)
+			return fmt.Errorf("error reading password: %v", err)
 		}
+
 		fmt.Println()
-		pass = strings.TrimSpace(string(bytePass))
+		c.DBPass = strings.TrimSpace(string(bytePass))
 	}
-	return pass, nil
-}
-
-func getCredentials() (string, string, error) {
-	user, err := getUsername()
-	if err != nil {
-		return "", "", fmt.Errorf("error getting username: %v", err)
-	}
-
-	pass, err := getPassword()
-	if err != nil {
-		return "", "", fmt.Errorf("error getting password: %v", err)
-	}
-
-	return user, pass, nil
+	return nil
 }
 
 func wait(iteration int) {
@@ -77,26 +64,33 @@ func wait(iteration int) {
 	time.Sleep(waitTime + jitter)
 }
 
-func OpenDB(dbName string) (*DB, error) {
+func OpenDB(c *Config) (*DB, error) {
 	var err error
-	db := DB{DB: new(sql.DB)}
+	db := new(DB)
+
+	if err := getDBUsername(c); err != nil {
+		return nil, fmt.Errorf("error getting DB username: %v", err)
+	}
+
+	if err := getDBPassword(c); err != nil {
+		return nil, fmt.Errorf("error getting DB password: %v", err)
+	}
 
 	cfg := mysql.NewConfig()
-	cfg.DBName = dbName
-	cfg.User, cfg.Passwd, err = getCredentials()
-	if err != nil {
-		return nil, fmt.Errorf("error reading user credentials for DB: %v", err)
-	}
+	cfg.DBName = c.DBName
+	cfg.User = c.DBUser
+	cfg.Passwd = c.DBPass
 
 	db.DB, err = sql.Open("mysql", cfg.FormatDSN())
 	if err != nil {
 		return nil, fmt.Errorf("error opening DB: %v", err)
 	}
+
 	if err = db.Ping(); err != nil {
 		return nil, fmt.Errorf("error pinging DB: %v", err)
 	}
 
-	return &db, nil
+	return db, nil
 }
 
 func (db *DB) UpdateAttributes(a ...*Attribute) error {

cmd/backend/docx.go

@@ -0,0 +1,60 @@
+package backend
+
+import (
+	"bytes"
+	"fmt"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"regexp"
+
+	"github.com/google/uuid"
+)
+
+func ConvertToMarkdown(c *Config, filename string) ([]byte, error) {
+	var stderr bytes.Buffer
+
+	tmpDir, err := os.MkdirTemp(os.TempDir(), "cpolis_images")
+	if err != nil {
+		return nil, fmt.Errorf("error creating temporary directory: %v", err)
+	}
+	defer os.RemoveAll(tmpDir)
+
+	articleFileName := filepath.Join(os.TempDir(), fmt.Sprint(uuid.New(), ".md"))
+	cmd := exec.Command("pandoc", "-s", "-L", filepath.Join("scripts", "create_toc.lua"), "-f", "docx", "-t", "commonmark_x", "-o", articleFileName, "--extract-media", tmpDir, filename) // TODO: Is writing to a file necessary?
+	cmd.Stderr = &stderr
+	if err = cmd.Run(); err != nil {
+		return nil, fmt.Errorf("error converting docx to markdown: %v: %v", err, stderr.String())
+	}
+	defer os.Remove(articleFileName)
+
+	articleContent, err := os.ReadFile(articleFileName)
+	if err != nil {
+		return nil, fmt.Errorf("error reading markdown file: %v", err)
+	}
+
+	re := regexp.MustCompile(`\{width=[^}]+height=[^}]+\}`)
+	articleContent = re.ReplaceAll(articleContent, []byte(""))
+
+	imageNames, err := filepath.Glob(filepath.Join(tmpDir, "media", "*"))
+	if err != nil {
+		return nil, fmt.Errorf("error getting docx images from temporary directory: %v", err)
+	}
+
+	for _, name := range imageNames {
+		image, err := os.Open(name)
+		if err != nil {
+			return nil, fmt.Errorf("error opening image file %v: %v", name, err)
+		}
+		defer image.Close()
+
+		newImageName, err := SaveImage(image, c.MaxImgHeight, c.MaxImgWidth, c.ImgDir)
+		if err != nil {
+			return nil, fmt.Errorf("error saving image %v: %v", name, err)
+		}
+
+		articleContent = regexp.MustCompile(name).ReplaceAll(articleContent, []byte(c.Domain+"/image/serve/"+newImageName))
+	}
+
+	return articleContent, nil
+}

cmd/backend/images.go

@@ -1,10 +1,14 @@
 package backend
 
 import (
+	"bufio"
 	"fmt"
 	"image"
 	"io"
+	"io/fs"
 	"os"
+	"path/filepath"
+	"strings"
 
 	"github.com/chai2010/webp"
 	"github.com/disintegration/imaging"
@@ -13,6 +17,66 @@ import (
 
 var ErrUnsupportedFormat error = image.ErrFormat // used internally by imaging
 
+func checkImageUsage(c *Config, db *DB, name string) (bool, error) {
+	imageWasFound := false
+
+	if err := filepath.Walk(c.ArticleDir, func(path string, info fs.FileInfo, err error) error {
+		if err != nil {
+			return fmt.Errorf("error walking articles filepath: %v", err)
+		}
+
+		if !info.IsDir() {
+			mdFile, err := os.Open(path)
+			if err != nil {
+				return fmt.Errorf("error opening article %v: %v", info.Name(), err)
+			}
+			defer mdFile.Close()
+
+			scanner := bufio.NewScanner(mdFile)
+			for scanner.Scan() {
+				if strings.Contains(scanner.Text(), name) {
+					imageWasFound = true
+					return nil
+				}
+			}
+
+			return scanner.Err()
+		}
+
+		return nil
+	}); err != nil {
+		return false, fmt.Errorf("error walking articles filepath: %v", err)
+	}
+
+	if !imageWasFound {
+		users, err := db.GetAllUsers(c)
+		if err != nil {
+			return false, fmt.Errorf("error getting all users: %v", err)
+		}
+
+		for _, user := range users {
+			if name == user.ProfilePicLink {
+				imageWasFound = true
+			}
+		}
+	}
+
+	if !imageWasFound {
+		articles, err := db.GetAllArticles()
+		if err != nil {
+			return false, fmt.Errorf("error getting all articles: %v", err)
+		}
+
+		for _, article := range articles {
+			if name == article.BannerLink {
+				imageWasFound = true
+			}
+		}
+	}
+
+	return imageWasFound, nil
+}
+
 func SaveImage(src io.Reader, maxHeight, maxWidth int, path string) (string, error) {
 	img, err := imaging.Decode(src, imaging.AutoOrientation(true))
 	if err != nil {
@@ -30,7 +94,7 @@ func SaveImage(src io.Reader, maxHeight, maxWidth int, path string) (string, err
 	}
 
 	filename := fmt.Sprint(uuid.New(), ".webp")
-	file, err := os.Create(path + filename)
+	file, err := os.Create(filepath.Join(path, filename))
 	if err != nil {
 		return "", fmt.Errorf("error creating new image file: %v", err)
 	}
@@ -42,3 +106,33 @@ func SaveImage(src io.Reader, maxHeight, maxWidth int, path string) (string, err
 
 	return filename, nil
 }
+
+func CleanUpImages(c *Config, db *DB) error {
+	if err := filepath.Walk(c.ImgDir, func(path string, info fs.FileInfo, err error) error {
+		if err != nil {
+			return fmt.Errorf("error walking images filepath: %v", err)
+		}
+
+		if !info.IsDir() {
+			imageName := info.Name()
+			imagePath := path
+
+			imageWasFound, err := checkImageUsage(c, db, imageName)
+			if err != nil {
+				return fmt.Errorf("error checking image usage: %v", err)
+			}
+
+			if !imageWasFound {
+				if err = os.Remove(imagePath); err != nil {
+					return fmt.Errorf("error removing unused image: %v", err)
+				}
+			}
+		}
+
+		return nil
+	}); err != nil {
+		return fmt.Errorf("error cleaning up: %v", err)
+	}
+
+	return nil
+}

cmd/backend/sessions.go

@@ -1,63 +0,0 @@
-package backend
-
-import (
-	"crypto/rand"
-	"encoding/gob"
-	"fmt"
-	"io"
-	"os"
-
-	"github.com/gorilla/sessions"
-)
-
-type (
-	CookieStore struct{ sessions.CookieStore }
-	Session     struct{ sessions.Session }
-)
-
-func NewKey() ([]byte, error) {
-	key := make([]byte, 32)
-
-	if _, err := io.ReadFull(rand.Reader, key); err != nil {
-		return nil, fmt.Errorf("error generating key: %v", err)
-	}
-
-	return key, nil
-}
-
-func SaveKey(key []byte, filename string) error {
-	file, err := os.Create(filename)
-	if err != nil {
-		return fmt.Errorf("error creating key file: %v", err)
-	}
-	defer file.Close()
-	file.Chmod(0600)
-
-	if err = gob.NewEncoder(file).Encode(key); err != nil {
-		return fmt.Errorf("error ecoding key: %v", err)
-	}
-
-	return nil
-}
-
-func LoadKey(filename string) ([]byte, error) {
-	file, err := os.Open(filename)
-	if err != nil {
-		return nil, fmt.Errorf("error opening key file: %v", err)
-	}
-	defer file.Close()
-
-	key := make([]byte, 32)
-	if err = gob.NewDecoder(file).Decode(&key); err != nil {
-		return nil, fmt.Errorf("error decoding key: %v", err)
-	}
-
-	return key, nil
-}
-
-func NewCookieStore(key []byte) *CookieStore {
-	store := sessions.NewCookieStore(key)
-	store.Options.Secure = true
-	store.Options.HttpOnly = true
-	return &CookieStore{*store}
-}

cmd/backend/tags.go

@@ -31,5 +31,9 @@ func (db *DB) GetTagList() ([]*Tag, error) {
 		tagList = append(tagList, tag)
 	}
 
+	if err = rows.Err(); err != nil {
+		return nil, fmt.Errorf("error iterating over rows: %v", err)
+	}
+
 	return tagList, nil
 }

cmd/backend/users.go

@@ -117,6 +117,9 @@ func aesDecrypt(c *Config, ciphertext string) (string, error) {
 	}
 
 	nonceSize := gcm.NonceSize()
+	if len(data) < nonceSize {
+		return "", errors.New("ciphertext too short")
+	}
 	nonce, cipherText := data[:nonceSize], data[nonceSize:]
 
 	plaintext, err := gcm.Open(nil, nonce, cipherText, nil)
@@ -450,8 +453,6 @@ func (db *DB) AddFirstUser(c *Config, u *User, pass string) (int64, error) {
 
 func (db *DB) GetAllUsers(c *Config) ([]*User, error) {
 	var aesFirstName, aesLastName, aesEmail string
-	var err error
-
 	query := "SELECT id, username, first_name, last_name, email, profile_pic_link, role FROM users"
 
 	rows, err := db.Query(query)
@@ -484,6 +485,10 @@ func (db *DB) GetAllUsers(c *Config) ([]*User, error) {
 		users = append(users, user)
 	}
 
+	if err = rows.Err(); err != nil {
+		return nil, fmt.Errorf("error iterating over rows: %v", err)
+	}
+
 	return users, nil
 }
 
@@ -523,6 +528,10 @@ func (db *DB) GetAllUsersMap(c *Config) (map[int64]*User, error) {
 		users[user.ID] = user
 	}
 
+	if err = rows.Err(); err != nil {
+		return nil, fmt.Errorf("error iterating over rows: %v", err)
+	}
+
 	return users, nil
 }
 

cmd/calls/articles.go

@@ -5,8 +5,9 @@ import (
 	"log"
 	"net/http"
 	"os"
-	"strconv"
+	"path/filepath"
 
+	"github.com/google/uuid"
 	b "streifling.com/jason/cpolis/cmd/backend"
 )
 
@@ -37,15 +38,15 @@ func ServeArticle(c *b.Config, db *b.DB) http.HandlerFunc {
 			return
 		}
 
-		idString := r.PathValue("id")
-		id, err := strconv.ParseInt(idString, 10, 64)
+		uuidString := r.PathValue("uuid")
+		uuid, err := uuid.Parse(uuidString)
 		if err != nil {
 			log.Println(err)
 			http.Error(w, err.Error(), http.StatusInternalServerError)
 			return
 		}
 
-		article, err := db.GetArticle(id)
+		article, err := db.GetArticleByUUID(uuid)
 		if err != nil {
 			log.Println(err)
 			http.Error(w, err.Error(), http.StatusInternalServerError)
@@ -56,8 +57,8 @@ func ServeArticle(c *b.Config, db *b.DB) http.HandlerFunc {
 			return
 		}
 
-		articleAbsName := fmt.Sprint(c.ArticleDir, "/", article.ID, ".md")
-		contentBytes, err := os.ReadFile(articleAbsName)
+		articlePath := filepath.Join(c.ArticleDir, fmt.Sprint(article.UUID, ".md"))
+		contentBytes, err := os.ReadFile(articlePath)
 		if err != nil {
 			log.Println(err)
 			http.Error(w, err.Error(), http.StatusInternalServerError)
@@ -87,15 +88,14 @@ func ServeArticle(c *b.Config, db *b.DB) http.HandlerFunc {
 
 func ServeClicks(db *b.DB) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-		idString := r.PathValue("id")
-		id, err := strconv.ParseInt(idString, 10, 64)
+		uuid, err := uuid.Parse(r.PathValue("uuid"))
 		if err != nil {
 			log.Println(err)
 			http.Error(w, err.Error(), http.StatusInternalServerError)
 			return
 		}
 
-		article, err := db.GetArticle(id)
+		article, err := db.GetArticleByUUID(uuid)
 		if err != nil {
 			log.Println(err)
 			http.Error(w, err.Error(), http.StatusInternalServerError)

cmd/calls/atom.go

@@ -1,9 +1,7 @@
 package calls
 
 import (
-	"log"
 	"net/http"
-	"path/filepath"
 
 	b "streifling.com/jason/cpolis/cmd/backend"
 )
@@ -14,13 +12,6 @@ func ServeAtomFeed(c *b.Config) http.HandlerFunc {
 			return
 		}
 
-		absFilepath, err := filepath.Abs(c.AtomFile)
-		if err != nil {
-			log.Println(err)
-			http.Error(w, err.Error(), http.StatusInternalServerError)
-			return
-		}
-
-		http.ServeFile(w, r, absFilepath)
+		http.ServeFile(w, r, c.AtomFile)
 	}
 }

cmd/calls/images.go

@@ -1,7 +1,6 @@
 package calls
 
 import (
-	"log"
 	"net/http"
 	"path/filepath"
 
@@ -9,21 +8,14 @@ import (
 	f "streifling.com/jason/cpolis/cmd/frontend"
 )
 
-func ServeImage(c *b.Config, s *b.CookieStore) http.HandlerFunc {
+func ServeImage(c *b.Config, s map[string]*f.Session) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-		if _, err := f.GetSession(w, r, c, s); err != nil {
+		if !f.SessionIsActive(r, s) {
 			if !tokenIsVerified(w, r, c) {
 				return
 			}
 		}
 
-		absFilepath, err := filepath.Abs(c.PicsDir)
-		if err != nil {
-			log.Println(err)
-			http.Error(w, err.Error(), http.StatusInternalServerError)
-			return
-		}
-
-		http.ServeFile(w, r, absFilepath+"/"+r.PathValue("pic"))
+		http.ServeFile(w, r, filepath.Join(c.ImgDir, r.PathValue("pic")))
 	}
 }

cmd/calls/pdf.go

@@ -5,6 +5,7 @@ import (
 	"log"
 	"net/http"
 	"os"
+	"path/filepath"
 
 	b "streifling.com/jason/cpolis/cmd/backend"
 )
@@ -42,6 +43,6 @@ func ServePDF(c *b.Config) http.HandlerFunc {
 			return
 		}
 
-		http.ServeFile(w, r, c.PDFDir+"/"+r.PathValue("id"))
+		http.ServeFile(w, r, filepath.Join(c.PDFDir, r.PathValue("id")))
 	}
 }

cmd/frontend/articles.go

@@ -6,10 +6,12 @@ import (
 	"log"
 	"net/http"
 	"os"
+	"path/filepath"
 	"strconv"
 	"strings"
 	"time"
 
+	"github.com/google/uuid"
 	b "streifling.com/jason/cpolis/cmd/backend"
 )
 
@@ -45,33 +47,27 @@ type EditorHTMLData struct {
 	Contributors []*b.User
 }
 
-func WriteArticle(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
+func WriteArticle(c *b.Config, db *b.DB, s map[string]*Session) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-		session, err := GetSession(w, r, c, s)
+		session, err := ManageSession(w, r, c, s)
 		if err != nil {
-			log.Println(err)
-			http.Error(w, err.Error(), http.StatusInternalServerError)
+			http.Error(w, "Die Session ist abgelaufen. Bitte erneut anmelden.", http.StatusUnauthorized)
 			return
 		}
 
-		var data *EditorHTMLData
-		if session.Values["article"] == nil {
-			data = &EditorHTMLData{Action: "submit", Article: new(b.Article), ArticleUsers: make(map[string]*ArticleUser)}
-		} else {
-			data = session.Values["article"].(*EditorHTMLData)
-		}
-
 		users, err := db.GetAllUsers(c)
 		if err != nil {
 			log.Println(err)
 			http.Error(w, err.Error(), http.StatusInternalServerError)
 			return
 		}
+
+		data := &EditorHTMLData{Action: "submit", Article: new(b.Article), ArticleUsers: make(map[string]*ArticleUser)}
 		for _, user := range users {
 			data.ArticleUsers[fmt.Sprint(user.LastName, user.FirstName, user.ID)] = &ArticleUser{User: user, ArticleRole: None}
 		}
 
-		creator, err := db.GetUser(c, session.Values["id"].(int64))
+		creator, err := db.GetUser(c, session.User.ID)
 		if err != nil {
 			log.Println(err)
 			http.Error(w, err.Error(), http.StatusInternalServerError)
@@ -88,7 +84,7 @@ func WriteArticle(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
 			return
 		}
 
-		tmpl, err := template.ParseFiles(c.WebDir + "/templates/editor.html")
+		tmpl, err := template.ParseFiles(filepath.Join(c.WebDir, "templates", "editor.html"))
 		if err = template.Must(tmpl, err).ExecuteTemplate(w, "page-content", data); err != nil {
 			log.Println(err)
 			http.Error(w, err.Error(), http.StatusInternalServerError)
@@ -97,19 +93,11 @@ func WriteArticle(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
 	}
 }
 
-func SubmitArticle(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
+func SubmitArticle(c *b.Config, db *b.DB, s map[string]*Session) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-		session, err := GetSession(w, r, c, s)
+		session, err := ManageSession(w, r, c, s)
 		if err != nil {
-			log.Println(err)
-			http.Error(w, err.Error(), http.StatusInternalServerError)
-			return
-		}
-
-		session.Values["article"] = nil
-		if err = session.Save(r, w); err != nil {
-			log.Println(err)
-			http.Error(w, err.Error(), http.StatusInternalServerError)
+			http.Error(w, "Die Session ist abgelaufen. Bitte erneut anmelden.", http.StatusUnauthorized)
 			return
 		}
 
@@ -117,12 +105,13 @@ func SubmitArticle(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
 			Title:         r.PostFormValue("article-title"),
 			BannerLink:    r.PostFormValue("article-banner-url"),
 			Summary:       r.PostFormValue("article-summary"),
-			CreatorID:     session.Values["id"].(int64),
+			CreatorID:     session.User.ID,
 			Published:     false,
 			Rejected:      false,
 			IsInIssue:     r.PostFormValue("issue") == "on",
 			AutoGenerated: false,
 			EditedID:      0,
+			UUID:          uuid.New(),
 		}
 
 		if len(article.Title) == 0 {
@@ -178,7 +167,7 @@ func SubmitArticle(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
 			http.Error(w, "Bitte den Artikel eingeben.", http.StatusBadRequest)
 			return
 		}
-		if err := b.WriteArticleToFile(c, article.ID, content); err != nil {
+		if err := b.WriteArticleToFile(c, article.UUID, content); err != nil {
 			log.Println(err)
 			http.Error(w, err.Error(), http.StatusInternalServerError)
 			return
@@ -215,9 +204,9 @@ func SubmitArticle(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
 		}
 
 		data := new(struct{ Role int })
-		data.Role = session.Values["role"].(int)
+		data.Role = session.User.Role
 
-		tmpl, err := template.ParseFiles(c.WebDir + "/templates/hub.html")
+		tmpl, err := template.ParseFiles(filepath.Join(c.WebDir, "templates", "hub.html"))
 		tmpl = template.Must(tmpl, err)
 		if err = tmpl.ExecuteTemplate(w, "page-content", data); err != nil {
 			log.Println(err)
@@ -227,23 +216,34 @@ func SubmitArticle(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
 	}
 }
 
-func ResubmitArticle(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
+func ResubmitArticle(c *b.Config, db *b.DB, s map[string]*Session) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-		session, err := GetSession(w, r, c, s)
+		session, err := ManageSession(w, r, c, s)
+		if err != nil {
+			http.Error(w, "Die Session ist abgelaufen. Bitte erneut anmelden.", http.StatusUnauthorized)
+			return
+		}
+
+		id, err := strconv.ParseInt(r.PathValue("id"), 10, 64)
 		if err != nil {
 			log.Println(err)
 			http.Error(w, err.Error(), http.StatusInternalServerError)
 			return
 		}
 
-		article := &b.Article{
-			Title:      r.PostFormValue("article-title"),
-			BannerLink: r.PostFormValue("article-banner-url"),
-			Summary:    r.PostFormValue("article-summary"),
-			CreatorID:  session.Values["id"].(int64),
-			IsInIssue:  r.PostFormValue("issue") == "on",
+		article, err := db.GetArticle(id)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
 		}
 
+		article.Title = r.PostFormValue("article-title")
+		article.BannerLink = r.PostFormValue("article-banner-url")
+		article.Summary = r.PostFormValue("article-summary")
+		article.CreatorID = session.User.ID
+		article.IsInIssue = r.PostFormValue("issue") == "on"
+
 		if len(article.Title) == 0 {
 			http.Error(w, "Bitte den Titel eingeben.", http.StatusBadRequest)
 			return
@@ -285,20 +285,13 @@ func ResubmitArticle(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
 			return
 		}
 
-		article.ID, err = strconv.ParseInt(r.PathValue("id"), 10, 64)
-		if err != nil {
-			log.Println(err)
-			http.Error(w, err.Error(), http.StatusInternalServerError)
-			return
-		}
-
 		content := r.PostFormValue("article-content")
 		if len(content) == 0 {
 			http.Error(w, "Bitte den Artikel eingeben.", http.StatusBadRequest)
 			return
 		}
-		contentLink := fmt.Sprint(c.ArticleDir, "/", article.ID, ".md")
-		if err = os.WriteFile(contentLink, []byte(content), 0644); err != nil {
+
+		if err = b.WriteArticleToFile(c, article.UUID, []byte(content)); err != nil {
 			log.Println(err)
 			http.Error(w, err.Error(), http.StatusInternalServerError)
 			return
@@ -346,9 +339,9 @@ func ResubmitArticle(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
 		}
 
 		data := new(struct{ Role int })
-		data.Role = session.Values["role"].(int)
+		data.Role = session.User.Role
 
-		tmpl, err := template.ParseFiles(c.WebDir + "/templates/hub.html")
+		tmpl, err := template.ParseFiles(filepath.Join(c.WebDir, "templates", "hub.html"))
 		tmpl = template.Must(tmpl, err)
 		if err = tmpl.ExecuteTemplate(w, "page-content", data); err != nil {
 			log.Println(err)
@@ -358,11 +351,10 @@ func ResubmitArticle(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
 	}
 }
 
-func ShowUnpublishedUnrejectedAndPublishedRejectedArticles(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
+func ShowUnpublishedUnrejectedAndPublishedRejectedArticles(c *b.Config, db *b.DB, s map[string]*Session) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-		if _, err := GetSession(w, r, c, s); err != nil {
-			log.Println(err)
-			http.Error(w, err.Error(), http.StatusInternalServerError)
+		if _, err := ManageSession(w, r, c, s); err != nil {
+			http.Error(w, "Die Session ist abgelaufen. Bitte erneut anmelden.", http.StatusUnauthorized)
 			return
 		}
 
@@ -393,7 +385,7 @@ func ShowUnpublishedUnrejectedAndPublishedRejectedArticles(c *b.Config, db *b.DB
 			}
 		}
 
-		tmpl, err := template.ParseFiles(c.WebDir + "/templates/unpublished-articles.html")
+		tmpl, err := template.ParseFiles(filepath.Join(c.WebDir, "templates", "unpublished-articles.html"))
 		if err = template.Must(tmpl, err).ExecuteTemplate(w, "page-content", articles); err != nil {
 			log.Println(err)
 			http.Error(w, err.Error(), http.StatusInternalServerError)
@@ -402,12 +394,11 @@ func ShowUnpublishedUnrejectedAndPublishedRejectedArticles(c *b.Config, db *b.DB
 	}
 }
 
-func ShowRejectedArticles(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
+func ShowRejectedArticles(c *b.Config, db *b.DB, s map[string]*Session) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-		session, err := GetSession(w, r, c, s)
+		session, err := ManageSession(w, r, c, s)
 		if err != nil {
-			log.Println(err)
-			http.Error(w, err.Error(), http.StatusInternalServerError)
+			http.Error(w, "Die Session ist abgelaufen. Bitte erneut anmelden.", http.StatusUnauthorized)
 			return
 		}
 
@@ -425,12 +416,12 @@ func ShowRejectedArticles(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerF
 
 		data.MyIDs = make(map[int64]bool)
 		for _, article := range data.RejectedArticles {
-			if article.CreatorID == session.Values["id"].(int64) {
+			if article.CreatorID == session.User.ID {
 				data.MyIDs[article.ID] = true
 			}
 		}
 
-		tmpl, err := template.ParseFiles(c.WebDir + "/templates/rejected-articles.html")
+		tmpl, err := template.ParseFiles(filepath.Join(c.WebDir, "templates", "rejected-articles.html"))
 		tmpl = template.Must(tmpl, err)
 		if err = tmpl.ExecuteTemplate(w, "page-content", data); err != nil {
 			log.Println(err)
@@ -440,12 +431,11 @@ func ShowRejectedArticles(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerF
 	}
 }
 
-func ReviewRejectedArticle(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
+func ReviewRejectedArticle(c *b.Config, db *b.DB, s map[string]*Session) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-		session, err := GetSession(w, r, c, s)
+		session, err := ManageSession(w, r, c, s)
 		if err != nil {
-			log.Println(err)
-			http.Error(w, err.Error(), http.StatusInternalServerError)
+			http.Error(w, "Die Session ist abgelaufen. Bitte erneut anmelden.", http.StatusUnauthorized)
 			return
 		}
 
@@ -466,8 +456,8 @@ func ReviewRejectedArticle(c *b.Config, db *b.DB, s *b.CookieStore) http.Handler
 
 		data.Image = data.Article.BannerLink
 
-		articleAbsName := fmt.Sprint(c.ArticleDir, "/", data.Article.ID, ".md")
-		content, err := os.ReadFile(articleAbsName)
+		articlePath := filepath.Join(c.ArticleDir, fmt.Sprint(data.Article.UUID, ".md"))
+		content, err := os.ReadFile(articlePath)
 		if err != nil {
 			log.Println(err)
 			http.Error(w, err.Error(), http.StatusInternalServerError)
@@ -513,7 +503,7 @@ func ReviewRejectedArticle(c *b.Config, db *b.DB, s *b.CookieStore) http.Handler
 			data.ArticleUsers[fmt.Sprint(contributor.LastName, contributor.FirstName, contributor.ID)].ArticleRole = Contributor
 		}
 
-		creator, err := db.GetUser(c, session.Values["id"].(int64))
+		creator, err := db.GetUser(c, session.User.ID)
 		if err != nil {
 			log.Println(err)
 			http.Error(w, err.Error(), http.StatusInternalServerError)
@@ -535,7 +525,7 @@ func ReviewRejectedArticle(c *b.Config, db *b.DB, s *b.CookieStore) http.Handler
 
 		data.Action = fmt.Sprint("resubmit/", data.Article.ID)
 
-		tmpl, err := template.ParseFiles(c.WebDir + "/templates/editor.html")
+		tmpl, err := template.ParseFiles(filepath.Join(c.WebDir, "templates", "editor.html"))
 		tmpl = template.Must(tmpl, err)
 		if err = tmpl.ExecuteTemplate(w, "page-content", data); err != nil {
 			log.Println(err)
@@ -545,12 +535,11 @@ func ReviewRejectedArticle(c *b.Config, db *b.DB, s *b.CookieStore) http.Handler
 	}
 }
 
-func PublishArticle(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
+func PublishArticle(c *b.Config, db *b.DB, s map[string]*Session) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-		session, err := GetSession(w, r, c, s)
+		session, err := ManageSession(w, r, c, s)
 		if err != nil {
-			log.Println(err)
-			http.Error(w, err.Error(), http.StatusInternalServerError)
+			http.Error(w, "Die Session ist abgelaufen. Bitte erneut anmelden.", http.StatusUnauthorized)
 			return
 		}
 
@@ -598,7 +587,7 @@ func PublishArticle(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
 				return
 			}
 
-			if err = os.Remove(fmt.Sprint(c.ArticleDir, "/", oldArticle.ID, ".md")); err != nil {
+			if err = os.Remove(filepath.Join(c.ArticleDir, fmt.Sprint(oldArticle.UUID, ".md"))); err != nil {
 				log.Println(err)
 				http.Error(w, err.Error(), http.StatusInternalServerError)
 				return
@@ -624,9 +613,9 @@ func PublishArticle(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
 		}
 
 		data := new(struct{ Role int })
-		data.Role = session.Values["role"].(int)
+		data.Role = session.User.Role
 
-		tmpl, err := template.ParseFiles(c.WebDir + "/templates/hub.html")
+		tmpl, err := template.ParseFiles(filepath.Join(c.WebDir, "templates", "hub.html"))
 		tmpl = template.Must(tmpl, err)
 		if err = tmpl.ExecuteTemplate(w, "page-content", data); err != nil {
 			log.Println(err)
@@ -636,12 +625,11 @@ func PublishArticle(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
 	}
 }
 
-func RejectArticle(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
+func RejectArticle(c *b.Config, db *b.DB, s map[string]*Session) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-		session, err := GetSession(w, r, c, s)
+		session, err := ManageSession(w, r, c, s)
 		if err != nil {
-			log.Println(err)
-			http.Error(w, err.Error(), http.StatusInternalServerError)
+			http.Error(w, "Die Session ist abgelaufen. Bitte erneut anmelden.", http.StatusUnauthorized)
 			return
 		}
 
@@ -659,9 +647,9 @@ func RejectArticle(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
 		}
 
 		data := new(struct{ Role int })
-		data.Role = session.Values["role"].(int)
+		data.Role = session.User.Role
 
-		tmpl, err := template.ParseFiles(c.WebDir + "/templates/hub.html")
+		tmpl, err := template.ParseFiles(filepath.Join(c.WebDir, "templates", "hub.html"))
 		tmpl = template.Must(tmpl, err)
 		if err = tmpl.ExecuteTemplate(w, "page-content", data); err != nil {
 			log.Println(err)
@@ -671,11 +659,10 @@ func RejectArticle(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
 	}
 }
 
-func ShowCurrentIssue(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
+func ShowCurrentIssue(c *b.Config, db *b.DB, s map[string]*Session) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-		if _, err := GetSession(w, r, c, s); err != nil {
-			log.Println(err)
-			http.Error(w, err.Error(), http.StatusInternalServerError)
+		if _, err := ManageSession(w, r, c, s); err != nil {
+			http.Error(w, "Die Session ist abgelaufen. Bitte erneut anmelden.", http.StatusUnauthorized)
 			return
 		}
 
@@ -686,7 +673,7 @@ func ShowCurrentIssue(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc
 			return
 		}
 
-		tmpl, err := template.ParseFiles(c.WebDir + "/templates/current-issue.html")
+		tmpl, err := template.ParseFiles(filepath.Join(c.WebDir, "templates", "current-issue.html"))
 		if err = template.Must(tmpl, err).ExecuteTemplate(w, "page-content", articles); err != nil {
 			log.Println(err)
 			http.Error(w, err.Error(), http.StatusInternalServerError)
@@ -695,11 +682,10 @@ func ShowCurrentIssue(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc
 	}
 }
 
-func ShowPublishedArticles(c *b.Config, db *b.DB, s *b.CookieStore, action string) http.HandlerFunc {
+func ShowPublishedArticles(c *b.Config, db *b.DB, s map[string]*Session, action string) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-		if _, err := GetSession(w, r, c, s); err != nil {
-			log.Println(err)
-			http.Error(w, err.Error(), http.StatusInternalServerError)
+		if _, err := ManageSession(w, r, c, s); err != nil {
+			http.Error(w, "Die Session ist abgelaufen. Bitte erneut anmelden.", http.StatusUnauthorized)
 			return
 		}
 
@@ -722,7 +708,7 @@ func ShowPublishedArticles(c *b.Config, db *b.DB, s *b.CookieStore, action strin
 			}
 		}
 
-		tmpl, err := template.ParseFiles(c.WebDir + "/templates/published-articles.html")
+		tmpl, err := template.ParseFiles(filepath.Join(c.WebDir, "templates", "published-articles.html"))
 		tmpl = template.Must(tmpl, err)
 		if err = tmpl.ExecuteTemplate(w, "page-content", data); err != nil {
 			log.Println(err)
@@ -732,11 +718,10 @@ func ShowPublishedArticles(c *b.Config, db *b.DB, s *b.CookieStore, action strin
 	}
 }
 
-func ReviewArticle(c *b.Config, db *b.DB, s *b.CookieStore, action, title, button string) http.HandlerFunc {
+func ReviewArticle(c *b.Config, db *b.DB, s map[string]*Session, action, title, button string) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-		if _, err := GetSession(w, r, c, s); err != nil {
-			log.Println(err)
-			http.Error(w, err.Error(), http.StatusInternalServerError)
+		if _, err := ManageSession(w, r, c, s); err != nil {
+			http.Error(w, "Die Session ist abgelaufen. Bitte erneut anmelden.", http.StatusUnauthorized)
 			return
 		}
 
@@ -780,8 +765,8 @@ func ReviewArticle(c *b.Config, db *b.DB, s *b.CookieStore, action, title, butto
 			return
 		}
 
-		articleAbsName := fmt.Sprint(c.ArticleDir, "/", article.ID, ".md")
-		content, err := os.ReadFile(articleAbsName)
+		articlePath := filepath.Join(c.ArticleDir, fmt.Sprint(article.UUID, ".md"))
+		content, err := os.ReadFile(articlePath)
 		if err != nil {
 			log.Println(err)
 			http.Error(w, err.Error(), http.StatusInternalServerError)
@@ -818,7 +803,7 @@ func ReviewArticle(c *b.Config, db *b.DB, s *b.CookieStore, action, title, butto
 			return
 		}
 
-		tmpl, err := template.ParseFiles(c.WebDir + "/templates/review-article.html")
+		tmpl, err := template.ParseFiles(filepath.Join(c.WebDir, "templates", "review-article.html"))
 		if err = template.Must(tmpl, err).ExecuteTemplate(w, "page-content", data); err != nil {
 			log.Println(err)
 			http.Error(w, err.Error(), http.StatusInternalServerError)
@@ -827,16 +812,22 @@ func ReviewArticle(c *b.Config, db *b.DB, s *b.CookieStore, action, title, butto
 	}
 }
 
-func DeleteArticle(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
+func DeleteArticle(c *b.Config, db *b.DB, s map[string]*Session) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-		session, err := GetSession(w, r, c, s)
+		session, err := ManageSession(w, r, c, s)
+		if err != nil {
+			http.Error(w, "Die Session ist abgelaufen. Bitte erneut anmelden.", http.StatusUnauthorized)
+			return
+		}
+
+		id, err := strconv.ParseInt(r.PathValue("id"), 10, 64)
 		if err != nil {
 			log.Println(err)
 			http.Error(w, err.Error(), http.StatusInternalServerError)
 			return
 		}
 
-		id, err := strconv.ParseInt(r.PathValue("id"), 10, 64)
+		article, err := db.GetArticle(id)
 		if err != nil {
 			log.Println(err)
 			http.Error(w, err.Error(), http.StatusInternalServerError)
@@ -849,12 +840,19 @@ func DeleteArticle(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
 			return
 		}
 
-		if err = os.Remove(fmt.Sprint(c.ArticleDir, "/", id, ".md")); err != nil {
+		if err = os.Remove(filepath.Join(c.ArticleDir, fmt.Sprint(article.UUID, ".md"))); err != nil {
 			log.Println(err)
 			http.Error(w, err.Error(), http.StatusInternalServerError)
 			return
 		}
 
+		go func(c *b.Config, db *b.DB) {
+			if err = b.CleanUpImages(c, db); err != nil {
+				log.Println(err)
+				http.Error(w, err.Error(), http.StatusInternalServerError)
+			}
+		}(c, db)
+
 		feed, err := b.GenerateAtomFeed(c, db)
 		if err != nil {
 			log.Println(err)
@@ -868,9 +866,9 @@ func DeleteArticle(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
 		}
 
 		data := new(struct{ Role int })
-		data.Role = session.Values["role"].(int)
+		data.Role = session.User.Role
 
-		tmpl, err := template.ParseFiles(c.WebDir + "/templates/hub.html")
+		tmpl, err := template.ParseFiles(filepath.Join(c.WebDir, "templates", "hub.html"))
 		tmpl = template.Must(tmpl, err)
 		if err = tmpl.ExecuteTemplate(w, "page-content", data); err != nil {
 			log.Println(err)
@@ -880,12 +878,11 @@ func DeleteArticle(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
 	}
 }
 
-func AllowEditArticle(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
+func AllowEditArticle(c *b.Config, db *b.DB, s map[string]*Session) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-		session, err := GetSession(w, r, c, s)
+		session, err := ManageSession(w, r, c, s)
 		if err != nil {
-			log.Println(err)
-			http.Error(w, err.Error(), http.StatusInternalServerError)
+			http.Error(w, "Die Session ist abgelaufen. Bitte erneut anmelden.", http.StatusUnauthorized)
 			return
 		}
 
@@ -904,6 +901,7 @@ func AllowEditArticle(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc
 		}
 
 		newArticle := *oldArticle
+		newArticle.UUID = uuid.New()
 		newArticle.Published = false
 		newArticle.Rejected = true
 		newArticle.EditedID = oldArticle.ID
@@ -921,8 +919,8 @@ func AllowEditArticle(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc
 			return
 		}
 
-		src := fmt.Sprint(c.ArticleDir, "/", oldArticle.ID, ".md")
-		dst := fmt.Sprint(c.ArticleDir, "/", newArticle.ID, ".md")
+		src := filepath.Join(c.ArticleDir, fmt.Sprint(oldArticle.UUID, ".md"))
+		dst := filepath.Join(c.ArticleDir, fmt.Sprint(newArticle.UUID, ".md"))
 		if err = b.CopyFile(src, dst); err != nil {
 			log.Println(err)
 			http.Error(w, err.Error(), http.StatusInternalServerError)
@@ -962,9 +960,9 @@ func AllowEditArticle(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc
 		}
 
 		data := new(struct{ Role int })
-		data.Role = session.Values["role"].(int)
+		data.Role = session.User.Role
 
-		tmpl := template.Must(template.ParseFiles(c.WebDir + "/templates/hub.html"))
+		tmpl := template.Must(template.ParseFiles(filepath.Join(c.WebDir, "templates", "hub.html")))
 		if err = tmpl.ExecuteTemplate(w, "page-content", data); err != nil {
 			log.Println(err)
 			http.Error(w, err.Error(), http.StatusInternalServerError)
@@ -973,11 +971,10 @@ func AllowEditArticle(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc
 	}
 }
 
-func EditArticle(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
+func EditArticle(c *b.Config, db *b.DB, s map[string]*Session) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-		if _, err := GetSession(w, r, c, s); err != nil {
-			log.Println(err)
-			http.Error(w, err.Error(), http.StatusInternalServerError)
+		if _, err := ManageSession(w, r, c, s); err != nil {
+			http.Error(w, "Die Session ist abgelaufen. Bitte erneut anmelden.", http.StatusUnauthorized)
 			return
 		}
 
@@ -999,7 +996,7 @@ func EditArticle(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
 
 		data.Image = data.Article.BannerLink
 
-		content, err := os.ReadFile(fmt.Sprint(c.ArticleDir, "/", data.Article.ID, ".md"))
+		content, err := os.ReadFile(filepath.Join(c.ArticleDir, fmt.Sprint(data.Article.UUID, ".md")))
 		if err != nil {
 			log.Println(err)
 			http.Error(w, err.Error(), http.StatusInternalServerError)
@@ -1027,7 +1024,7 @@ func EditArticle(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
 
 		data.Action = fmt.Sprint("save/", data.Article.ID)
 
-		tmpl, err := template.ParseFiles(c.WebDir + "/templates/editor.html")
+		tmpl, err := template.ParseFiles(filepath.Join(c.WebDir, "templates", "editor.html"))
 		if err = template.Must(tmpl, err).ExecuteTemplate(w, "page-content", data); err != nil {
 			log.Println(err)
 			http.Error(w, err.Error(), http.StatusInternalServerError)

cmd/frontend/docx.go

@@ -0,0 +1,93 @@
+package frontend
+
+import (
+	"bytes"
+	"fmt"
+	"io"
+	"log"
+	"net/http"
+	"os"
+	"path/filepath"
+	"time"
+
+	"github.com/gabriel-vasile/mimetype"
+	"github.com/google/uuid"
+	b "streifling.com/jason/cpolis/cmd/backend"
+)
+
+func UploadDocx(c *b.Config, db *b.DB, s map[string]*Session) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		session, err := ManageSession(w, r, c, s)
+		if err != nil {
+			http.Error(w, "Die Session ist abgelaufen. Bitte erneut anmelden.", http.StatusUnauthorized)
+			return
+		}
+
+		file, fileHeader, err := r.FormFile("docx-upload")
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+		defer file.Close()
+
+		var buf bytes.Buffer
+		if _, err = io.Copy(&buf, file); err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		mime := mimetype.Detect(buf.Bytes())
+		if !mime.Is("application/vnd.openxmlformats-officedocument.wordprocessingml.document") {
+			http.Error(w, "Die Datei ist kein DOCX Worddokument.", http.StatusBadRequest)
+			return
+		}
+
+		docxFilepath := filepath.Join(os.TempDir(), fmt.Sprint(uuid.New(), ".docx"))
+		if err = os.WriteFile(docxFilepath, buf.Bytes(), 0644); err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+		defer os.Remove(docxFilepath)
+
+		mdString, err := b.ConvertToMarkdown(c, docxFilepath)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		uuidName := uuid.New()
+		mdFilepath := filepath.Join(c.ArticleDir, fmt.Sprint(uuidName, ".md"))
+		if err = os.WriteFile(mdFilepath, mdString, 0644); err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		article := &b.Article{
+			Created:   time.Now(),
+			UUID:      uuidName,
+			CreatorID: session.User.ID,
+			Rejected:  true,
+		}
+		article.Title = fmt.Sprint(fileHeader.Filename, "-", article.UUID)
+
+		id, err := db.AddArticle(article)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		if err = db.WriteArticleAuthors(id, []int64{session.User.ID}); err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		w.WriteHeader(http.StatusOK)
+	}
+}

cmd/frontend/homepage.go

@@ -0,0 +1,100 @@
+package frontend
+
+import (
+	"html/template"
+	"log"
+	"net/http"
+	"path/filepath"
+	"time"
+
+	b "streifling.com/jason/cpolis/cmd/backend"
+)
+
+func HomePage(c *b.Config, db *b.DB, s map[string]*Session) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		numRows, err := db.CountEntries("users")
+		if err != nil {
+			log.Fatalln(err)
+		}
+
+		data := new(struct {
+			*UserHTMLData
+			Version string
+		})
+		data.UserHTMLData = &UserHTMLData{User: new(b.User)}
+		data.Version = c.Version
+
+		files := make([]string, 2)
+		files[0] = filepath.Join(c.WebDir, "templates", "index.html")
+		if numRows == 0 {
+			data.Role = b.NonExistent
+			data.Title = "Erster Benutzer (Administrator)"
+			data.ButtonText = "Anlegen"
+			data.URL = "/user/add-first"
+
+			files[1] = filepath.Join(c.WebDir, "templates", "edit-user.html")
+			tmpl, err := template.ParseFiles(files...)
+			if err = template.Must(tmpl, err).Execute(w, data); err != nil {
+				log.Println(err)
+				http.Error(w, err.Error(), http.StatusInternalServerError)
+				return
+			}
+		} else {
+			cookie, err := r.Cookie("cpolis_session")
+			if err != nil {
+				files[1] = filepath.Join(c.WebDir, "templates", "login.html")
+				tmpl, err := template.ParseFiles(files...)
+				if err = template.Must(tmpl, err).Execute(w, data); err != nil {
+					log.Println(err)
+					http.Error(w, err.Error(), http.StatusInternalServerError)
+					return
+				}
+				return
+			}
+
+			session, ok := s[cookie.Value]
+			if !ok {
+				cookie.Expires = time.Now()
+				http.SetCookie(w, cookie)
+
+				files[1] = filepath.Join(c.WebDir, "templates", "login.html")
+				tmpl, err := template.ParseFiles(files...)
+				if err = template.Must(tmpl, err).Execute(w, data); err != nil {
+					log.Println(err)
+					http.Error(w, err.Error(), http.StatusInternalServerError)
+					return
+				}
+				return
+			}
+
+			data.Role = session.User.Role
+			files[1] = filepath.Join(c.WebDir, "templates", "hub.html")
+			tmpl, err := template.ParseFiles(files...)
+			if err = template.Must(tmpl, err).Execute(w, data); err != nil {
+				log.Println(err)
+				http.Error(w, err.Error(), http.StatusInternalServerError)
+				return
+			}
+		}
+	}
+}
+
+func ShowHub(c *b.Config, db *b.DB, s map[string]*Session) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		session, err := ManageSession(w, r, c, s)
+		if err != nil {
+			http.Error(w, "Die Session ist abgelaufen. Bitte erneut anmelden.", http.StatusUnauthorized)
+			return
+		}
+
+		data := new(struct{ Role int })
+		data.Role = session.User.Role
+
+		tmpl, err := template.ParseFiles(filepath.Join(c.WebDir, "templates", "hub.html"))
+		if err = template.Must(tmpl, err).ExecuteTemplate(w, "page-content", data); err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+	}
+}

cmd/frontend/images.go

@@ -5,15 +5,15 @@ import (
 	"html/template"
 	"log"
 	"net/http"
+	"path/filepath"
 
 	b "streifling.com/jason/cpolis/cmd/backend"
 )
 
-func UploadEasyMDEImage(c *b.Config, s *b.CookieStore) http.HandlerFunc {
+func UploadEasyMDEImage(c *b.Config, s map[string]*Session) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-		if _, err := GetSession(w, r, c, s); err != nil {
-			log.Println(err)
-			http.Error(w, err.Error(), http.StatusInternalServerError)
+		if _, err := ManageSession(w, r, c, s); err != nil {
+			http.Error(w, "Die Session ist abgelaufen. Bitte erneut anmelden.", http.StatusUnauthorized)
 			return
 		}
 
@@ -25,7 +25,7 @@ func UploadEasyMDEImage(c *b.Config, s *b.CookieStore) http.HandlerFunc {
 		}
 		defer file.Close()
 
-		filename, err := b.SaveImage(file, c.MaxImgHeight, c.MaxImgWidth, c.PicsDir+"/")
+		filename, err := b.SaveImage(file, c.MaxImgHeight, c.MaxImgWidth, c.ImgDir)
 		if err != nil {
 			if err == b.ErrUnsupportedFormat {
 				http.Error(w, "Das Dateiformat wird nicht unterstützt.", http.StatusBadRequest)
@@ -42,11 +42,10 @@ func UploadEasyMDEImage(c *b.Config, s *b.CookieStore) http.HandlerFunc {
 	}
 }
 
-func UploadImage(c *b.Config, s *b.CookieStore, fileKey, htmlFile, htmlTemplate string) http.HandlerFunc {
+func UploadImage(c *b.Config, s map[string]*Session, fileKey, htmlFile, htmlTemplate string) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-		if _, err := GetSession(w, r, c, s); err != nil {
-			log.Println(err)
-			http.Error(w, err.Error(), http.StatusInternalServerError)
+		if _, err := ManageSession(w, r, c, s); err != nil {
+			http.Error(w, "Die Session ist abgelaufen. Bitte erneut anmelden.", http.StatusUnauthorized)
 			return
 		}
 
@@ -58,7 +57,7 @@ func UploadImage(c *b.Config, s *b.CookieStore, fileKey, htmlFile, htmlTemplate
 		}
 		defer file.Close()
 
-		filename, err := b.SaveImage(file, c.MaxBannerHeight, c.MaxBannerWidth, c.PicsDir+"/")
+		filename, err := b.SaveImage(file, c.MaxBannerHeight, c.MaxBannerWidth, c.ImgDir)
 		if err != nil {
 			if err == b.ErrUnsupportedFormat {
 				http.Error(w, "Das Dateiformat wird nicht unterstützt.", http.StatusBadRequest)
@@ -72,7 +71,7 @@ func UploadImage(c *b.Config, s *b.CookieStore, fileKey, htmlFile, htmlTemplate
 		data := new(struct{ Image string })
 		data.Image = filename
 
-		tmpl, err := template.ParseFiles(c.WebDir + "/templates/" + htmlFile)
+		tmpl, err := template.ParseFiles(filepath.Join(c.WebDir, "templates", htmlFile))
 		if err = template.Must(tmpl, err).ExecuteTemplate(w, htmlTemplate, data); err != nil {
 			log.Println(err)
 			http.Error(w, err.Error(), http.StatusInternalServerError)

cmd/frontend/issues.go

@@ -6,24 +6,18 @@ import (
 	"log"
 	"net/http"
 	"os"
+	"path/filepath"
 	"time"
 
+	"github.com/google/uuid"
 	b "streifling.com/jason/cpolis/cmd/backend"
 )
 
-func PublishLatestIssue(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
+func PublishLatestIssue(c *b.Config, db *b.DB, s map[string]*Session) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-		session, err := GetSession(w, r, c, s)
+		session, err := ManageSession(w, r, c, s)
 		if err != nil {
-			log.Println(err)
-			http.Error(w, err.Error(), http.StatusInternalServerError)
-			return
-		}
-
-		session.Values["article"] = nil
-		if err = session.Save(r, w); err != nil {
-			log.Println(err)
-			http.Error(w, err.Error(), http.StatusInternalServerError)
+			http.Error(w, "Die Session ist abgelaufen. Bitte erneut anmelden.", http.StatusUnauthorized)
 			return
 		}
 
@@ -34,6 +28,7 @@ func PublishLatestIssue(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFun
 			Rejected:      false,
 			Created:       time.Now(),
 			AutoGenerated: true,
+			UUID:          uuid.New(),
 		}
 
 		if len(article.Title) == 0 {
@@ -49,14 +44,7 @@ func PublishLatestIssue(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFun
 		}
 
 		authorIDs := make([]int64, 1)
-		var ok bool
-
-		if authorIDs[0], ok = session.Values["id"].(int64); !ok {
-			msg := "fälschlicherweise session.Values[\"id\"].(int64) für authorIDs[0] angenommen"
-			log.Println(msg)
-			http.Error(w, msg, http.StatusInternalServerError)
-			return
-		}
+		authorIDs[0] = session.User.ID
 
 		if err = db.WriteArticleAuthors(article.ID, authorIDs); err != nil {
 			log.Println(err)
@@ -70,8 +58,8 @@ func PublishLatestIssue(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFun
 			return
 		}
 
-		articleAbsName := fmt.Sprint(c.ArticleDir, "/", article.ID, ".md")
-		if err = os.WriteFile(articleAbsName, content, 0644); err != nil {
+		articlePath := filepath.Join(c.ArticleDir, fmt.Sprint(article.UUID, ".md"))
+		if err = os.WriteFile(articlePath, content, 0644); err != nil {
 			log.Println(err)
 			http.Error(w, err.Error(), http.StatusInternalServerError)
 			return
@@ -101,17 +89,10 @@ func PublishLatestIssue(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFun
 			return
 		}
 
-		session.Values["issue-image"] = nil
-		if err = session.Save(r, w); err != nil {
-			log.Println(err)
-			http.Error(w, err.Error(), http.StatusInternalServerError)
-			return
-		}
-
 		data := new(struct{ Role int })
-		data.Role = session.Values["role"].(int)
+		data.Role = session.User.Role
 
-		tmpl, err := template.ParseFiles(c.WebDir + "/templates/hub.html")
+		tmpl, err := template.ParseFiles(filepath.Join(c.WebDir, "templates", "hub.html"))
 		tmpl = template.Must(tmpl, err)
 		if err = tmpl.ExecuteTemplate(w, "page-content", data); err != nil {
 			log.Println(err)

cmd/frontend/pdf.go

@@ -5,20 +5,20 @@ import (
 	"log"
 	"net/http"
 	"path/filepath"
+	"strings"
 
 	"github.com/google/uuid"
 	b "streifling.com/jason/cpolis/cmd/backend"
 )
 
-func UploadPDF(c *b.Config, s *b.CookieStore) http.HandlerFunc {
+func UploadPDF(c *b.Config, s map[string]*Session) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-		if _, err := GetSession(w, r, c, s); err != nil {
-			log.Println(err)
-			http.Error(w, err.Error(), http.StatusInternalServerError)
+		if _, err := ManageSession(w, r, c, s); err != nil {
+			http.Error(w, "Die Session ist abgelaufen. Bitte erneut anmelden.", http.StatusUnauthorized)
 			return
 		}
 
-		file, _, err := r.FormFile("pdf-upload")
+		file, header, err := r.FormFile("pdf-upload")
 		if err != nil {
 			log.Println(err)
 			http.Error(w, err.Error(), http.StatusInternalServerError)
@@ -44,15 +44,11 @@ func UploadPDF(c *b.Config, s *b.CookieStore) http.HandlerFunc {
 			return
 		}
 
-		filename := fmt.Sprint(uuid.New(), ".pdf")
-		absFilepath, err := filepath.Abs(c.PDFDir + "/" + filename)
-		if err != nil {
-			log.Println(err)
-			http.Error(w, err.Error(), http.StatusInternalServerError)
-			return
-		}
+		oldFilename := strings.Join(strings.Split(header.Filename, ".")[:len(header.Filename)-1], ".")
+		filename := fmt.Sprint(oldFilename, ".", uuid.New(), ".pdf")
+		filepath := filepath.Join(c.PDFDir, filename)
 
-		if err = b.WriteFile(absFilepath, file); err != nil {
+		if err = b.WriteFile(filepath, file); err != nil {
 			log.Println(err)
 			http.Error(w, err.Error(), http.StatusInternalServerError)
 			return

cmd/frontend/sessions.go

@@ -1,115 +1,115 @@
 package frontend
 
 import (
+	"context"
+	"errors"
 	"fmt"
 	"html/template"
 	"log"
 	"net/http"
+	"path/filepath"
+	"time"
 
+	"github.com/google/uuid"
 	b "streifling.com/jason/cpolis/cmd/backend"
 )
 
-func saveSession(w http.ResponseWriter, r *http.Request, s *b.CookieStore, u *b.User) error {
-	session, err := s.Get(r, "cookie")
-	if err != nil {
-		return fmt.Errorf("error getting session: %v", err)
-	}
-
-	session.Values["authenticated"] = true
-	session.Values["id"] = u.ID
-	session.Values["name"] = u.FirstName + u.LastName
-	session.Values["role"] = u.Role
-	if err := session.Save(r, w); err != nil {
-		return fmt.Errorf("error saving session: %v", err)
-	}
-
-	return nil
+type Session struct {
+	ctx    context.Context
+	cancel context.CancelFunc
+	cookie *http.Cookie
+	User   *b.User
 }
 
-// GetSession is used for verifying that the user is logged in and returns their session and an error.
-func GetSession(w http.ResponseWriter, r *http.Request, c *b.Config, s *b.CookieStore) (*b.Session, error) {
-	msg := "Keine gültige Session. Bitte erneut anmelden."
-	tmpl, tmplErr := template.ParseFiles(c.WebDir+"/templates/index.html", c.WebDir+"/templates/login.html")
+func newSession(w http.ResponseWriter, c *b.Config, sessionExpiryChan chan<- string, user *b.User) *Session {
+	sessionID := uuid.New().String()
+	expires := time.Now().Add(time.Hour * time.Duration(c.CookieExpiryHours))
+	ctx, cancel := context.WithDeadline(context.Background(), expires)
 
-	tmpSession, err := s.Get(r, "cookie")
+	session := &Session{
+		ctx:    ctx,
+		cancel: cancel,
+		cookie: &http.Cookie{
+			Name:     "cpolis_session",
+			Value:    sessionID,
+			Expires:  expires,
+			Path:     "/",
+			HttpOnly: true,
+			Secure:   true,
+			SameSite: http.SameSiteStrictMode,
+		},
+		User: user,
+	}
+
+	go func() {
+		<-session.ctx.Done()
+		sessionExpiryChan <- session.cookie.Value
+		session.cookie.Expires = time.Now()
+		http.SetCookie(w, session.cookie)
+	}()
+
+	return session
+}
+
+func StartSessions() (map[string]*Session, chan string) {
+	sessions := make(map[string]*Session)
+	sessionExpiryChan := make(chan string)
+
+	go func() {
+		for sessionID := range sessionExpiryChan {
+			delete(sessions, sessionID)
+		}
+	}()
+
+	return sessions, sessionExpiryChan
+}
+
+// SessionIsActive is used for verifying that the user is logged in and returns
+// a bool.
+func SessionIsActive(r *http.Request, s map[string]*Session) bool {
+	cookie, err := r.Cookie("cpolis_session")
 	if err != nil {
-		if err = template.Must(tmpl, tmplErr).ExecuteTemplate(w, "page-content", msg); err != nil {
-			return nil, fmt.Errorf("error executing template: %v", err)
-		}
-		return nil, fmt.Errorf("error getting session: %v", err)
+		return false
 	}
 
-	session := &b.Session{Session: *tmpSession}
-	if session.IsNew {
-		if err = template.Must(tmpl, tmplErr).ExecuteTemplate(w, "page-content", msg); err != nil {
+	_, ok := s[cookie.Value]
+	return ok
+}
+
+// ManageSession is used for verifying that the user is logged in and returns
+// their session and an error. It also handles cases where the user is not
+// logged in.
+func ManageSession(w http.ResponseWriter, r *http.Request, c *b.Config, s map[string]*Session) (*Session, error) {
+	tmpl, tmplErr := template.ParseFiles(filepath.Join(c.WebDir, "templates", "index.html"), filepath.Join(c.WebDir, "templates", "login.html"))
+
+	cookie, err := r.Cookie("cpolis_session")
+	if err != nil {
+		if err = template.Must(tmpl, tmplErr).ExecuteTemplate(w, "page-content", nil); err != nil {
 			return nil, fmt.Errorf("error executing template: %v", err)
 		}
+
+		return nil, errors.New("no cookie set")
 	}
 
+	session, ok := s[cookie.Value]
+	if !ok {
+		cookie.Expires = time.Now()
+		http.SetCookie(w, cookie)
+
+		if err = template.Must(tmpl, tmplErr).ExecuteTemplate(w, "page-content", nil); err != nil {
+			return nil, fmt.Errorf("error executing template: %v", err)
+		}
+
+		return nil, errors.New("session does not exist")
+	}
+
+	session.cookie.Expires = time.Now().Add(time.Hour * time.Duration(c.CookieExpiryHours))
+	http.SetCookie(w, session.cookie)
+
 	return session, nil
 }
 
-func HomePage(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
-	return func(w http.ResponseWriter, r *http.Request) {
-		numRows, err := db.CountEntries("users")
-		if err != nil {
-			log.Fatalln(err)
-		}
-
-		data := new(struct {
-			*UserHTMLData
-			Version string
-		})
-		data.UserHTMLData = &UserHTMLData{User: new(b.User)}
-		data.Version = c.Version
-
-		files := make([]string, 2)
-		files[0] = c.WebDir + "/templates/index.html"
-		if numRows == 0 {
-			data.Role = b.NonExistent
-			data.Title = "Erster Benutzer (Administrator)"
-			data.ButtonText = "Anlegen"
-			data.URL = "/user/add-first"
-
-			files[1] = c.WebDir + "/templates/edit-user.html"
-			tmpl, err := template.ParseFiles(files...)
-			if err = template.Must(tmpl, err).Execute(w, data); err != nil {
-				log.Println(err)
-				http.Error(w, err.Error(), http.StatusInternalServerError)
-				return
-			}
-		} else {
-			session, err := s.Get(r, "cookie")
-			if err != nil {
-				log.Println(err)
-				http.Error(w, err.Error(), http.StatusInternalServerError)
-				return
-			}
-
-			if auth, ok := session.Values["authenticated"].(bool); auth && ok {
-				data.Role = session.Values["role"].(int)
-				files[1] = c.WebDir + "/templates/hub.html"
-				tmpl, err := template.ParseFiles(files...)
-				if err = template.Must(tmpl, err).Execute(w, data); err != nil {
-					log.Println(err)
-					http.Error(w, err.Error(), http.StatusInternalServerError)
-					return
-				}
-			} else {
-				data.Role = b.Author
-				files[1] = c.WebDir + "/templates/login.html"
-				tmpl, err := template.ParseFiles(files...)
-				if err = template.Must(tmpl, err).Execute(w, data); err != nil {
-					log.Println(err)
-					http.Error(w, err.Error(), http.StatusInternalServerError)
-					return
-				}
-			}
-		}
-	}
-}
-
-func Login(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
+func Login(c *b.Config, db *b.DB, s map[string]*Session, sessionExpiryChan chan string) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		userName := r.PostFormValue("username")
 		password := r.PostFormValue("password")
@@ -133,13 +133,11 @@ func Login(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
 			return
 		}
 
-		if err := saveSession(w, r, s, user); err != nil {
-			log.Println(err)
-			http.Error(w, err.Error(), http.StatusInternalServerError)
-			return
-		}
+		session := newSession(w, c, sessionExpiryChan, user)
+		s[session.cookie.Value] = session
+		http.SetCookie(w, session.cookie)
 
-		tmpl, err := template.ParseFiles(c.WebDir + "/templates/hub.html")
+		tmpl, err := template.ParseFiles(filepath.Join(c.WebDir, "templates", "hub.html"))
 		if err = template.Must(tmpl, err).ExecuteTemplate(w, "page-content", user); err != nil {
 			log.Println(err)
 			http.Error(w, err.Error(), http.StatusInternalServerError)
@@ -148,52 +146,32 @@ func Login(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
 	}
 }
 
-func Logout(c *b.Config, s *b.CookieStore) http.HandlerFunc {
+func Logout(c *b.Config, s map[string]*Session) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-		session, err := GetSession(w, r, c, s)
+		tmpl, tmplErr := template.ParseFiles(filepath.Join(c.WebDir, "templates", "login.html"))
+
+		cookie, err := r.Cookie("cpolis_session")
 		if err != nil {
-			log.Println(err)
-			http.Error(w, err.Error(), http.StatusInternalServerError)
-			return
+			if err = template.Must(tmpl, tmplErr).ExecuteTemplate(w, "page-content", nil); err != nil {
+				log.Println(err)
+				http.Error(w, err.Error(), http.StatusInternalServerError)
+				return
+			}
 		}
+		cookie.Expires = time.Now()
+		http.SetCookie(w, cookie)
 
-		session.Options.MaxAge = -1
-		if err = session.Save(r, w); err != nil {
-			log.Println(err)
-			http.Error(w, err.Error(), http.StatusInternalServerError)
-			return
+		session, ok := s[cookie.Value]
+		if !ok {
+			if err = template.Must(tmpl, tmplErr).ExecuteTemplate(w, "page-content", nil); err != nil {
+				log.Println(err)
+				http.Error(w, err.Error(), http.StatusInternalServerError)
+				return
+			}
 		}
+		session.cancel()
 
-		tmpl, err := template.ParseFiles(c.WebDir + "/templates/login.html")
-		if err = template.Must(tmpl, err).ExecuteTemplate(w, "page-content", nil); err != nil {
-			log.Println(err)
-			http.Error(w, err.Error(), http.StatusInternalServerError)
-			return
-		}
-	}
-}
-
-func ShowHub(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
-	return func(w http.ResponseWriter, r *http.Request) {
-		session, err := GetSession(w, r, c, s)
-		if err != nil {
-			log.Println(err)
-			http.Error(w, err.Error(), http.StatusInternalServerError)
-			return
-		}
-
-		session.Values["article"] = nil
-		if err = session.Save(r, w); err != nil {
-			log.Println(err)
-			http.Error(w, err.Error(), http.StatusInternalServerError)
-			return
-		}
-
-		data := new(struct{ Role int })
-		data.Role = session.Values["role"].(int)
-
-		tmpl, err := template.ParseFiles(c.WebDir + "/templates/hub.html")
-		if err = template.Must(tmpl, err).ExecuteTemplate(w, "page-content", data); err != nil {
+		if err = template.Must(tmpl, tmplErr).ExecuteTemplate(w, "page-content", nil); err != nil {
 			log.Println(err)
 			http.Error(w, err.Error(), http.StatusInternalServerError)
 			return

cmd/frontend/tags.go

@@ -4,19 +4,19 @@ import (
 	"html/template"
 	"log"
 	"net/http"
+	"path/filepath"
 
 	b "streifling.com/jason/cpolis/cmd/backend"
 )
 
-func CreateTag(c *b.Config, s *b.CookieStore) http.HandlerFunc {
+func CreateTag(c *b.Config, s map[string]*Session) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-		if _, err := GetSession(w, r, c, s); err != nil {
-			log.Println(err)
-			http.Error(w, err.Error(), http.StatusInternalServerError)
+		if _, err := ManageSession(w, r, c, s); err != nil {
+			http.Error(w, "Die Session ist abgelaufen. Bitte erneut anmelden.", http.StatusUnauthorized)
 			return
 		}
 
-		tmpl, err := template.ParseFiles(c.WebDir + "/templates/add-tag.html")
+		tmpl, err := template.ParseFiles(filepath.Join(c.WebDir, "templates", "add-tag.html"))
 		if err = template.Must(tmpl, err).ExecuteTemplate(w, "page-content", nil); err != nil {
 			log.Println(err)
 			http.Error(w, err.Error(), http.StatusInternalServerError)
@@ -25,12 +25,11 @@ func CreateTag(c *b.Config, s *b.CookieStore) http.HandlerFunc {
 	}
 }
 
-func AddTag(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
+func AddTag(c *b.Config, db *b.DB, s map[string]*Session) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-		session, err := GetSession(w, r, c, s)
+		session, err := ManageSession(w, r, c, s)
 		if err != nil {
-			log.Println(err)
-			http.Error(w, err.Error(), http.StatusInternalServerError)
+			http.Error(w, "Die Session ist abgelaufen. Bitte erneut anmelden.", http.StatusUnauthorized)
 			return
 		}
 
@@ -42,9 +41,9 @@ func AddTag(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
 		db.AddTag(tag)
 
 		data := new(struct{ Role int })
-		data.Role = session.Values["role"].(int)
+		data.Role = session.User.Role
 
-		tmpl, err := template.ParseFiles(c.WebDir + "/templates/hub.html")
+		tmpl, err := template.ParseFiles(filepath.Join(c.WebDir, "templates", "hub.html"))
 		tmpl = template.Must(tmpl, err)
 		if err = tmpl.ExecuteTemplate(w, "page-content", data); err != nil {
 			log.Println(err)

cmd/frontend/users.go

@@ -5,6 +5,7 @@ import (
 	"html/template"
 	"log"
 	"net/http"
+	"path/filepath"
 	"sort"
 	"strconv"
 
@@ -43,11 +44,10 @@ func sortUsersByName(users []*b.User) {
 	})
 }
 
-func CreateUser(c *b.Config, s *b.CookieStore) http.HandlerFunc {
+func CreateUser(c *b.Config, s map[string]*Session) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-		if _, err := GetSession(w, r, c, s); err != nil {
-			log.Println(err)
-			http.Error(w, err.Error(), http.StatusInternalServerError)
+		if _, err := ManageSession(w, r, c, s); err != nil {
+			http.Error(w, "Die Session ist abgelaufen. Bitte erneut anmelden.", http.StatusUnauthorized)
 			return
 		}
 
@@ -58,7 +58,7 @@ func CreateUser(c *b.Config, s *b.CookieStore) http.HandlerFunc {
 			URL:        "/user/add",
 		}
 
-		tmpl, err := template.ParseFiles(c.WebDir + "/templates/edit-user.html")
+		tmpl, err := template.ParseFiles(filepath.Join(c.WebDir, "templates", "edit-user.html"))
 		if err = template.Must(tmpl, err).ExecuteTemplate(w, "page-content", data); err != nil {
 			log.Println(err)
 			http.Error(w, err.Error(), http.StatusInternalServerError)
@@ -67,12 +67,11 @@ func CreateUser(c *b.Config, s *b.CookieStore) http.HandlerFunc {
 	}
 }
 
-func AddUser(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
+func AddUser(c *b.Config, db *b.DB, s map[string]*Session) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-		session, err := GetSession(w, r, c, s)
+		session, err := ManageSession(w, r, c, s)
 		if err != nil {
-			log.Println(err)
-			http.Error(w, err.Error(), http.StatusInternalServerError)
+			http.Error(w, "Die Session ist abgelaufen. Bitte erneut anmelden.", http.StatusUnauthorized)
 			return
 		}
 
@@ -134,9 +133,9 @@ func AddUser(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
 		}
 
 		data := new(struct{ Role int })
-		data.Role = session.Values["role"].(int)
+		data.Role = session.User.Role
 
-		tmpl, err := template.ParseFiles(c.WebDir + "/templates/hub.html")
+		tmpl, err := template.ParseFiles(filepath.Join(c.WebDir, "templates", "hub.html"))
 		tmpl = template.Must(tmpl, err)
 		if err = tmpl.ExecuteTemplate(w, "page-content", data); err != nil {
 			log.Println(err)
@@ -146,16 +145,15 @@ func AddUser(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
 	}
 }
 
-func EditSelf(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
+func EditSelf(c *b.Config, db *b.DB, s map[string]*Session) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-		session, err := GetSession(w, r, c, s)
+		session, err := ManageSession(w, r, c, s)
 		if err != nil {
-			log.Println(err)
-			http.Error(w, err.Error(), http.StatusInternalServerError)
+			http.Error(w, "Die Session ist abgelaufen. Bitte erneut anmelden.", http.StatusUnauthorized)
 			return
 		}
 
-		user, err := db.GetUser(c, session.Values["id"].(int64))
+		user, err := db.GetUser(c, session.User.ID)
 		if err != nil {
 			log.Println(err)
 			http.Error(w, err.Error(), http.StatusInternalServerError)
@@ -170,7 +168,7 @@ func EditSelf(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
 			Image:      user.ProfilePicLink,
 		}
 
-		tmpl, err := template.ParseFiles(c.WebDir + "/templates/edit-user.html")
+		tmpl, err := template.ParseFiles(filepath.Join(c.WebDir, "templates", "edit-user.html"))
 		if err = template.Must(tmpl, err).ExecuteTemplate(w, "page-content", data); err != nil {
 			log.Println(err)
 			http.Error(w, err.Error(), http.StatusInternalServerError)
@@ -179,17 +177,16 @@ func EditSelf(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
 	}
 }
 
-func UpdateSelf(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
+func UpdateSelf(c *b.Config, db *b.DB, s map[string]*Session) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-		session, err := GetSession(w, r, c, s)
+		session, err := ManageSession(w, r, c, s)
 		if err != nil {
-			log.Println(err)
-			http.Error(w, err.Error(), http.StatusInternalServerError)
+			http.Error(w, "Die Session ist abgelaufen. Bitte erneut anmelden.", http.StatusUnauthorized)
 			return
 		}
 
 		user := &b.User{
-			ID:             session.Values["id"].(int64),
+			ID:             session.User.ID,
 			UserName:       r.PostFormValue("username"),
 			FirstName:      r.PostFormValue("first-name"),
 			LastName:       r.PostFormValue("last-name"),
@@ -244,9 +241,9 @@ func UpdateSelf(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
 		}
 
 		data := new(struct{ Role int })
-		data.Role = session.Values["role"].(int)
+		data.Role = session.User.Role
 
-		tmpl, err := template.ParseFiles(c.WebDir + "/templates/hub.html")
+		tmpl, err := template.ParseFiles(filepath.Join(c.WebDir, "templates", "hub.html"))
 		tmpl = template.Must(tmpl, err)
 		if err = tmpl.ExecuteTemplate(w, "page-content", data); err != nil {
 			log.Println(err)
@@ -256,7 +253,7 @@ func UpdateSelf(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
 	}
 }
 
-func AddFirstUser(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
+func AddFirstUser(c *b.Config, db *b.DB, s map[string]*Session, sessionExpiryChan chan string) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		var err error
 		user := &b.User{
@@ -303,22 +300,20 @@ func AddFirstUser(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
 			return
 		}
 
-		if err := saveSession(w, r, s, user); err != nil {
-			log.Println(err)
-			http.Error(w, err.Error(), http.StatusInternalServerError)
-			return
-		}
-
 		if _, err := db.AddIssue(); err != nil {
 			log.Println(err)
 			http.Error(w, err.Error(), http.StatusInternalServerError)
 			return
 		}
 
-		data := new(struct{ Role int })
-		data.Role = 0
+		session := newSession(w, c, sessionExpiryChan, user)
+		s[session.cookie.Value] = session
+		http.SetCookie(w, session.cookie)
 
-		tmpl, err := template.ParseFiles(c.WebDir + "/templates/hub.html")
+		data := new(struct{ Role int })
+		data.Role = user.Role
+
+		tmpl, err := template.ParseFiles(filepath.Join(c.WebDir, "templates", "hub.html"))
 		if err = template.Must(tmpl, err).ExecuteTemplate(w, "page-content", data); err != nil {
 			log.Println(err)
 			http.Error(w, err.Error(), http.StatusInternalServerError)
@@ -327,12 +322,11 @@ func AddFirstUser(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
 	}
 }
 
-func ShowAllUsers(c *b.Config, db *b.DB, s *b.CookieStore, action string) http.HandlerFunc {
+func ShowAllUsers(c *b.Config, db *b.DB, s map[string]*Session, action string) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-		session, err := GetSession(w, r, c, s)
+		session, err := ManageSession(w, r, c, s)
 		if err != nil {
-			log.Println(err)
-			http.Error(w, err.Error(), http.StatusInternalServerError)
+			http.Error(w, "Die Session ist abgelaufen. Bitte erneut anmelden.", http.StatusUnauthorized)
 			return
 		}
 
@@ -348,9 +342,9 @@ func ShowAllUsers(c *b.Config, db *b.DB, s *b.CookieStore, action string) http.H
 			http.Error(w, err.Error(), http.StatusInternalServerError)
 			return
 		}
-		delete(data.Users, session.Values["id"].(int64))
+		delete(data.Users, session.User.ID)
 
-		tmpl, err := template.ParseFiles(c.WebDir + "/templates/show-all-users.html")
+		tmpl, err := template.ParseFiles(filepath.Join(c.WebDir, "templates", "show-all-users.html"))
 		if err = template.Must(tmpl, err).ExecuteTemplate(w, "page-content", data); err != nil {
 			log.Println(err)
 			http.Error(w, err.Error(), http.StatusInternalServerError)
@@ -359,11 +353,10 @@ func ShowAllUsers(c *b.Config, db *b.DB, s *b.CookieStore, action string) http.H
 	}
 }
 
-func EditUser(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
+func EditUser(c *b.Config, db *b.DB, s map[string]*Session) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-		if _, err := GetSession(w, r, c, s); err != nil {
-			log.Println(err)
-			http.Error(w, err.Error(), http.StatusInternalServerError)
+		if _, err := ManageSession(w, r, c, s); err != nil {
+			http.Error(w, "Die Session ist abgelaufen. Bitte erneut anmelden.", http.StatusUnauthorized)
 			return
 		}
 
@@ -389,7 +382,7 @@ func EditUser(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
 			Image:      user.ProfilePicLink,
 		}
 
-		tmpl, err := template.ParseFiles(c.WebDir + "/templates/edit-user.html")
+		tmpl, err := template.ParseFiles(filepath.Join(c.WebDir, "templates", "edit-user.html"))
 		if err = template.Must(tmpl, err).ExecuteTemplate(w, "page-content", data); err != nil {
 			log.Println(err)
 			http.Error(w, err.Error(), http.StatusInternalServerError)
@@ -398,12 +391,11 @@ func EditUser(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
 	}
 }
 
-func UpdateUser(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
+func UpdateUser(c *b.Config, db *b.DB, s map[string]*Session) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-		session, err := GetSession(w, r, c, s)
+		session, err := ManageSession(w, r, c, s)
 		if err != nil {
-			log.Println(err)
-			http.Error(w, err.Error(), http.StatusInternalServerError)
+			http.Error(w, "Die Session ist abgelaufen. Bitte erneut anmelden.", http.StatusUnauthorized)
 			return
 		}
 
@@ -473,9 +465,9 @@ func UpdateUser(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
 		}
 
 		data := new(struct{ Role int })
-		data.Role = session.Values["role"].(int)
+		data.Role = session.User.Role
 
-		tmpl := template.Must(template.ParseFiles(c.WebDir + "/templates/hub.html"))
+		tmpl := template.Must(template.ParseFiles(filepath.Join(c.WebDir, "templates", "hub.html")))
 		if err = tmpl.ExecuteTemplate(w, "page-content", data); err != nil {
 			log.Println(err)
 			http.Error(w, err.Error(), http.StatusInternalServerError)
@@ -484,12 +476,11 @@ func UpdateUser(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
 	}
 }
 
-func DeleteUser(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
+func DeleteUser(c *b.Config, db *b.DB, s map[string]*Session) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-		session, err := GetSession(w, r, c, s)
+		session, err := ManageSession(w, r, c, s)
 		if err != nil {
-			log.Println(err)
-			http.Error(w, err.Error(), http.StatusInternalServerError)
+			http.Error(w, "Die Session ist abgelaufen. Bitte erneut anmelden.", http.StatusUnauthorized)
 			return
 		}
 
@@ -507,9 +498,9 @@ func DeleteUser(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
 		}
 
 		data := new(struct{ Role int })
-		data.Role = session.Values["role"].(int)
+		data.Role = session.User.Role
 
-		tmpl, err := template.ParseFiles(c.WebDir + "/templates/hub.html")
+		tmpl, err := template.ParseFiles(filepath.Join(c.WebDir, "templates", "hub.html"))
 		tmpl = template.Must(tmpl, err)
 		if err = tmpl.ExecuteTemplate(w, "page-content", data); err != nil {
 			log.Println(err)

cmd/main.go

@@ -1,20 +1,16 @@
 package main
 
 import (
-	"encoding/gob"
 	"log"
 	"net/http"
 	"os"
+	"time"
 
 	b "streifling.com/jason/cpolis/cmd/backend"
 	c "streifling.com/jason/cpolis/cmd/calls"
 	f "streifling.com/jason/cpolis/cmd/frontend"
 )
 
-func init() {
-	gob.Register(b.User{})
-}
-
 func main() {
 	config, err := b.HandleConfig()
 	if err != nil {
@@ -28,74 +24,75 @@ func main() {
 	defer logFile.Close()
 	log.SetOutput(logFile)
 
-	db, err := b.OpenDB(config.DBName)
+	db, err := b.OpenDB(config)
 	if err != nil {
 		log.Fatalln(err)
 	}
 	defer db.Close()
 
-	key, err := b.LoadKey(config.GOBKeyFile)
-	if err != nil {
-		key, err = b.NewKey()
-		if err != nil {
-			log.Fatalln(err)
+	sessions, sessionExpiryChan := f.StartSessions()
+	defer close(sessionExpiryChan)
+
+	go func(c *b.Config, db *b.DB) {
+		for {
+			if err = b.CleanUpImages(c, db); err != nil {
+				log.Println(err)
+			}
+			time.Sleep(time.Hour * 24)
 		}
-		if err = b.SaveKey(key, config.GOBKeyFile); err != nil {
-			log.Fatalln(err)
-		}
-	}
-	store := b.NewCookieStore(key)
+	}(config, db)
 
 	mux := http.NewServeMux()
 	mux.Handle("/web/static/", http.StripPrefix("/web/static/",
 		http.FileServer(http.Dir(config.WebDir+"/static/"))))
-	mux.HandleFunc("/", f.HomePage(config, db, store))
+	mux.HandleFunc("/", f.HomePage(config, db, sessions))
 
-	mux.HandleFunc("GET /article/allow-edit/{id}", f.AllowEditArticle(config, db, store))
-	mux.HandleFunc("GET /article/all-published/review-edit", f.ShowPublishedArticles(config, db, store, "review-edit"))
-	mux.HandleFunc("GET /article/all-published/delete", f.ShowPublishedArticles(config, db, store, "review-delete"))
-	mux.HandleFunc("GET /article/all-rejected", f.ShowRejectedArticles(config, db, store))
-	mux.HandleFunc("GET /article/all-unpublished-unrejected-and-published-rejected", f.ShowUnpublishedUnrejectedAndPublishedRejectedArticles(config, db, store))
-	mux.HandleFunc("GET /article/delete/{id}", f.DeleteArticle(config, db, store))
-	mux.HandleFunc("GET /article/edit/{id}", f.EditArticle(config, db, store))
-	mux.HandleFunc("GET /article/publish/{id}", f.PublishArticle(config, db, store))
-	mux.HandleFunc("GET /article/reject/{id}", f.RejectArticle(config, db, store))
-	mux.HandleFunc("GET /article/review-delete/{id}", f.ReviewArticle(config, db, store, "delete", "Artikel löschen", "Löschen"))
-	mux.HandleFunc("GET /article/review-edit/{id}", f.ReviewArticle(config, db, store, "allow-edit", "Artikel bearbeiten", "Bearbeiten erlauben"))
-	mux.HandleFunc("GET /article/review-rejected/{id}", f.ReviewRejectedArticle(config, db, store))
-	mux.HandleFunc("GET /article/review-unpublished/{id}", f.ReviewArticle(config, db, store, "publish", "Artikel veröffentlichen", "Veröffentlichen"))
-	mux.HandleFunc("GET /article/serve/{id}", c.ServeArticle(config, db))
-	mux.HandleFunc("GET /article/serve/{id}/clicks", c.ServeClicks(db))
-	mux.HandleFunc("GET /article/write", f.WriteArticle(config, db, store))
+	mux.HandleFunc("GET /article/allow-edit/{id}", f.AllowEditArticle(config, db, sessions))
+	mux.HandleFunc("GET /article/all-published/review-edit", f.ShowPublishedArticles(config, db, sessions, "review-edit"))
+	mux.HandleFunc("GET /article/all-published/delete", f.ShowPublishedArticles(config, db, sessions, "review-delete"))
+	mux.HandleFunc("GET /article/all-rejected", f.ShowRejectedArticles(config, db, sessions))
+	mux.HandleFunc("GET /article/all-unpublished-unrejected-and-published-rejected", f.ShowUnpublishedUnrejectedAndPublishedRejectedArticles(config, db, sessions))
+	mux.HandleFunc("GET /article/delete/{id}", f.DeleteArticle(config, db, sessions))
+	mux.HandleFunc("GET /article/edit/{id}", f.EditArticle(config, db, sessions))
+	mux.HandleFunc("GET /article/publish/{id}", f.PublishArticle(config, db, sessions))
+	mux.HandleFunc("GET /article/reject/{id}", f.RejectArticle(config, db, sessions))
+	mux.HandleFunc("GET /article/review-delete/{id}", f.ReviewArticle(config, db, sessions, "delete", "Artikel löschen", "Löschen"))
+	mux.HandleFunc("GET /article/review-edit/{id}", f.ReviewArticle(config, db, sessions, "allow-edit", "Artikel bearbeiten", "Bearbeiten erlauben"))
+	mux.HandleFunc("GET /article/review-rejected/{id}", f.ReviewRejectedArticle(config, db, sessions))
+	mux.HandleFunc("GET /article/review-unpublished/{id}", f.ReviewArticle(config, db, sessions, "publish", "Artikel veröffentlichen", "Veröffentlichen"))
+	mux.HandleFunc("GET /article/serve/{uuid}", c.ServeArticle(config, db))
+	mux.HandleFunc("GET /article/serve/{uuid}/clicks", c.ServeClicks(db))
+	mux.HandleFunc("GET /article/write", f.WriteArticle(config, db, sessions))
 	mux.HandleFunc("GET /atom/serve", c.ServeAtomFeed(config))
-	mux.HandleFunc("GET /hub", f.ShowHub(config, db, store))
-	mux.HandleFunc("GET /image/serve/{pic}", c.ServeImage(config, store))
-	mux.HandleFunc("GET /issue/this", f.ShowCurrentIssue(config, db, store))
-	mux.HandleFunc("GET /logout", f.Logout(config, store))
+	mux.HandleFunc("GET /hub", f.ShowHub(config, db, sessions))
+	mux.HandleFunc("GET /image/serve/{pic}", c.ServeImage(config, sessions))
+	mux.HandleFunc("GET /issue/this", f.ShowCurrentIssue(config, db, sessions))
+	mux.HandleFunc("GET /logout", f.Logout(config, sessions))
 	mux.HandleFunc("GET /pdf/get-list", c.ServePDFList(config))
 	mux.HandleFunc("GET /pdf/serve/{id}", c.ServePDF(config))
-	mux.HandleFunc("GET /tag/create", f.CreateTag(config, store))
-	mux.HandleFunc("GET /user/create", f.CreateUser(config, store))
-	mux.HandleFunc("GET /user/delete/{id}", f.DeleteUser(config, db, store))
-	mux.HandleFunc("GET /user/edit/{id}", f.EditUser(config, db, store))
-	mux.HandleFunc("GET /user/edit/self", f.EditSelf(config, db, store))
-	mux.HandleFunc("GET /user/show-all/delete", f.ShowAllUsers(config, db, store, "delete"))
-	mux.HandleFunc("GET /user/show-all/edit", f.ShowAllUsers(config, db, store, "edit"))
+	mux.HandleFunc("GET /tag/create", f.CreateTag(config, sessions))
+	mux.HandleFunc("GET /user/create", f.CreateUser(config, sessions))
+	mux.HandleFunc("GET /user/delete/{id}", f.DeleteUser(config, db, sessions))
+	mux.HandleFunc("GET /user/edit/{id}", f.EditUser(config, db, sessions))
+	mux.HandleFunc("GET /user/edit/self", f.EditSelf(config, db, sessions))
+	mux.HandleFunc("GET /user/show-all/delete", f.ShowAllUsers(config, db, sessions, "delete"))
+	mux.HandleFunc("GET /user/show-all/edit", f.ShowAllUsers(config, db, sessions, "edit"))
 
-	mux.HandleFunc("POST /article/resubmit/{id}", f.ResubmitArticle(config, db, store))
-	mux.HandleFunc("POST /article/submit", f.SubmitArticle(config, db, store))
-	mux.HandleFunc("POST /article/upload-banner", f.UploadImage(config, store, "article-banner", "editor.html", "article-banner-template"))
-	mux.HandleFunc("POST /article/upload-image", f.UploadEasyMDEImage(config, store))
-	mux.HandleFunc("POST /issue/publish", f.PublishLatestIssue(config, db, store))
-	mux.HandleFunc("POST /issue/upload-banner", f.UploadImage(config, store, "issue-banner", "current-issue.html", "issue-banner-template"))
-	mux.HandleFunc("POST /login", f.Login(config, db, store))
-	mux.HandleFunc("POST /pdf/upload", f.UploadPDF(config, store))
-	mux.HandleFunc("POST /tag/add", f.AddTag(config, db, store))
-	mux.HandleFunc("POST /user/add", f.AddUser(config, db, store))
-	mux.HandleFunc("POST /user/add-first", f.AddFirstUser(config, db, store))
-	mux.HandleFunc("POST /user/update/{id}", f.UpdateUser(config, db, store))
-	mux.HandleFunc("POST /user/update/self", f.UpdateSelf(config, db, store))
-	mux.HandleFunc("POST /user/upload-profile-pic", f.UploadImage(config, store, "upload-profile-pic", "edit-user.html", "profile-pic-template"))
+	mux.HandleFunc("POST /article/resubmit/{id}", f.ResubmitArticle(config, db, sessions))
+	mux.HandleFunc("POST /article/submit", f.SubmitArticle(config, db, sessions))
+	mux.HandleFunc("POST /article/upload-banner", f.UploadImage(config, sessions, "article-banner", "editor.html", "article-banner-template"))
+	mux.HandleFunc("POST /article/upload-image", f.UploadEasyMDEImage(config, sessions))
+	mux.HandleFunc("POST /docx/upload", f.UploadDocx(config, db, sessions))
+	mux.HandleFunc("POST /issue/publish", f.PublishLatestIssue(config, db, sessions))
+	mux.HandleFunc("POST /issue/upload-banner", f.UploadImage(config, sessions, "issue-banner", "current-issue.html", "issue-banner-template"))
+	mux.HandleFunc("POST /login", f.Login(config, db, sessions, sessionExpiryChan))
+	mux.HandleFunc("POST /pdf/upload", f.UploadPDF(config, sessions))
+	mux.HandleFunc("POST /tag/add", f.AddTag(config, db, sessions))
+	mux.HandleFunc("POST /user/add", f.AddUser(config, db, sessions))
+	mux.HandleFunc("POST /user/add-first", f.AddFirstUser(config, db, sessions, sessionExpiryChan))
+	mux.HandleFunc("POST /user/update/{id}", f.UpdateUser(config, db, sessions))
+	mux.HandleFunc("POST /user/update/self", f.UpdateSelf(config, db, sessions))
+	mux.HandleFunc("POST /user/upload-profile-pic", f.UploadImage(config, sessions, "upload-profile-pic", "edit-user.html", "profile-pic-template"))
 
 	log.Fatalln(http.ListenAndServe(config.Port, mux))
 }

go.mod

@@ -4,41 +4,41 @@ go 1.23.2
 
 require (
 	firebase.google.com/go/v4 v4.15.1
-	git.streifling.com/jason/atom v1.0.0
+	git.streifling.com/jason/atom v1.0.1
 	github.com/BurntSushi/toml v1.4.0
 	github.com/chai2010/webp v1.1.1
 	github.com/disintegration/imaging v1.6.2
+	github.com/gabriel-vasile/mimetype v1.4.8
 	github.com/go-sql-driver/mysql v1.8.1
 	github.com/google/uuid v1.6.0
-	github.com/gorilla/sessions v1.4.0
 	github.com/microcosm-cc/bluemonday v1.0.27
 	github.com/yuin/goldmark v1.7.8
 	golang.org/x/crypto v0.32.0
-	golang.org/x/term v0.28.0
-	google.golang.org/api v0.216.0
+	golang.org/x/term v0.29.0
+	google.golang.org/api v0.220.0
 )
 
 require (
-	cel.dev/expr v0.19.1 // indirect
-	cloud.google.com/go v0.118.0 // indirect
-	cloud.google.com/go/auth v0.14.0 // indirect
+	cel.dev/expr v0.19.2 // indirect
+	cloud.google.com/go v0.118.2 // indirect
+	cloud.google.com/go/auth v0.14.1 // indirect
 	cloud.google.com/go/auth/oauth2adapt v0.2.7 // indirect
 	cloud.google.com/go/compute/metadata v0.6.0 // indirect
 	cloud.google.com/go/firestore v1.18.0 // indirect
 	cloud.google.com/go/iam v1.3.1 // indirect
 	cloud.google.com/go/longrunning v0.6.4 // indirect
-	cloud.google.com/go/monitoring v1.22.1 // indirect
+	cloud.google.com/go/monitoring v1.24.0 // indirect
 	cloud.google.com/go/storage v1.50.0 // indirect
 	filippo.io/edwards25519 v1.1.0 // indirect
-	github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.25.0 // indirect
-	github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.49.0 // indirect
-	github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.49.0 // indirect
+	github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.26.0 // indirect
+	github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.50.0 // indirect
+	github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.50.0 // indirect
 	github.com/MicahParks/keyfunc v1.9.0 // indirect
 	github.com/aymerick/douceur v0.2.0 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
-	github.com/cncf/xds/go v0.0.0-20241223141626-cff3c89139a3 // indirect
-	github.com/envoyproxy/go-control-plane/envoy v1.32.3 // indirect
-	github.com/envoyproxy/protoc-gen-validate v1.1.0 // indirect
+	github.com/cncf/xds/go v0.0.0-20250121191232-2f005788dc42 // indirect
+	github.com/envoyproxy/go-control-plane/envoy v1.32.4 // indirect
+	github.com/envoyproxy/protoc-gen-validate v1.2.1 // indirect
 	github.com/felixge/httpsnoop v1.0.4 // indirect
 	github.com/go-logr/logr v1.4.2 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
@@ -49,28 +49,27 @@ require (
 	github.com/googleapis/enterprise-certificate-proxy v0.3.4 // indirect
 	github.com/googleapis/gax-go/v2 v2.14.1 // indirect
 	github.com/gorilla/css v1.0.1 // indirect
-	github.com/gorilla/securecookie v1.1.2 // indirect
 	github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10 // indirect
 	go.opentelemetry.io/auto/sdk v1.1.0 // indirect
-	go.opentelemetry.io/contrib/detectors/gcp v1.33.0 // indirect
-	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.58.0 // indirect
-	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.58.0 // indirect
-	go.opentelemetry.io/otel v1.33.0 // indirect
-	go.opentelemetry.io/otel/metric v1.33.0 // indirect
-	go.opentelemetry.io/otel/sdk v1.33.0 // indirect
-	go.opentelemetry.io/otel/sdk/metric v1.33.0 // indirect
-	go.opentelemetry.io/otel/trace v1.33.0 // indirect
-	golang.org/x/image v0.23.0 // indirect
+	go.opentelemetry.io/contrib/detectors/gcp v1.34.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.59.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.59.0 // indirect
+	go.opentelemetry.io/otel v1.34.0 // indirect
+	go.opentelemetry.io/otel/metric v1.34.0 // indirect
+	go.opentelemetry.io/otel/sdk v1.34.0 // indirect
+	go.opentelemetry.io/otel/sdk/metric v1.34.0 // indirect
+	go.opentelemetry.io/otel/trace v1.34.0 // indirect
+	golang.org/x/image v0.24.0 // indirect
 	golang.org/x/net v0.34.0 // indirect
-	golang.org/x/oauth2 v0.25.0 // indirect
-	golang.org/x/sync v0.10.0 // indirect
-	golang.org/x/sys v0.29.0 // indirect
-	golang.org/x/text v0.21.0 // indirect
-	golang.org/x/time v0.9.0 // indirect
+	golang.org/x/oauth2 v0.26.0 // indirect
+	golang.org/x/sync v0.11.0 // indirect
+	golang.org/x/sys v0.30.0 // indirect
+	golang.org/x/text v0.22.0 // indirect
+	golang.org/x/time v0.10.0 // indirect
 	google.golang.org/appengine/v2 v2.0.6 // indirect
-	google.golang.org/genproto v0.0.0-20250106144421-5f5ef82da422 // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20250106144421-5f5ef82da422 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20250106144421-5f5ef82da422 // indirect
-	google.golang.org/grpc v1.69.2 // indirect
-	google.golang.org/protobuf v1.36.2 // indirect
+	google.golang.org/genproto v0.0.0-20250204164813-702378808489 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20250204164813-702378808489 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20250204164813-702378808489 // indirect
+	google.golang.org/grpc v1.70.0 // indirect
+	google.golang.org/protobuf v1.36.5 // indirect
 )

go.sum

@@ -1,9 +1,15 @@
 cel.dev/expr v0.19.1 h1:NciYrtDRIR0lNCnH1LFJegdjspNx9fI59O7TWcua/W4=
 cel.dev/expr v0.19.1/go.mod h1:MrpN08Q+lEBs+bGYdLxxHkZoUSsCp0nSKTs0nTymJgw=
+cel.dev/expr v0.19.2 h1:V354PbqIXr9IQdwy4SYA4xa0HXaWq1BUPAGzugBY5V4=
+cel.dev/expr v0.19.2/go.mod h1:MrpN08Q+lEBs+bGYdLxxHkZoUSsCp0nSKTs0nTymJgw=
 cloud.google.com/go v0.118.0 h1:tvZe1mgqRxpiVa3XlIGMiPcEUbP1gNXELgD4y/IXmeQ=
 cloud.google.com/go v0.118.0/go.mod h1:zIt2pkedt/mo+DQjcT4/L3NDxzHPR29j5HcclNH+9PM=
+cloud.google.com/go v0.118.2 h1:bKXO7RXMFDkniAAvvuMrAPtQ/VHrs9e7J5UT3yrGdTY=
+cloud.google.com/go v0.118.2/go.mod h1:CFO4UPEPi8oV21xoezZCrd3d81K4fFkDTEJu4R8K+9M=
 cloud.google.com/go/auth v0.14.0 h1:A5C4dKV/Spdvxcl0ggWwWEzzP7AZMJSEIgrkngwhGYM=
 cloud.google.com/go/auth v0.14.0/go.mod h1:CYsoRL1PdiDuqeQpZE0bP2pnPrGqFcOkI0nldEQis+A=
+cloud.google.com/go/auth v0.14.1 h1:AwoJbzUdxA/whv1qj3TLKwh3XX5sikny2fc40wUl+h0=
+cloud.google.com/go/auth v0.14.1/go.mod h1:4JHUxlGXisL0AW8kXPtUF6ztuOksyfUQNFjfsOCXkPM=
 cloud.google.com/go/auth/oauth2adapt v0.2.7 h1:/Lc7xODdqcEw8IrZ9SvwnlLX6j9FHQM74z6cBk9Rw6M=
 cloud.google.com/go/auth/oauth2adapt v0.2.7/go.mod h1:NTbTTzfvPl1Y3V1nPpOgl2w6d/FjO7NNUQaWSox6ZMc=
 cloud.google.com/go/compute/metadata v0.6.0 h1:A6hENjEsCDtC1k8byVsgwvVcioamEHvZ4j01OwKxG9I=
@@ -16,8 +22,10 @@ cloud.google.com/go/logging v1.13.0 h1:7j0HgAp0B94o1YRDqiqm26w4q1rDMH7XNRU34lJXH
 cloud.google.com/go/logging v1.13.0/go.mod h1:36CoKh6KA/M0PbhPKMq6/qety2DCAErbhXT62TuXALA=
 cloud.google.com/go/longrunning v0.6.4 h1:3tyw9rO3E2XVXzSApn1gyEEnH2K9SynNQjMlBi3uHLg=
 cloud.google.com/go/longrunning v0.6.4/go.mod h1:ttZpLCe6e7EXvn9OxpBRx7kZEB0efv8yBO6YnVMfhJs=
-cloud.google.com/go/monitoring v1.22.1 h1:KQbnAC4IAH+5x3iWuPZT5iN9VXqKMzzOgqcYB6fqPDE=
-cloud.google.com/go/monitoring v1.22.1/go.mod h1:AuZZXAoN0WWWfsSvET1Cpc4/1D8LXq8KRDU87fMS6XY=
+cloud.google.com/go/monitoring v1.23.0 h1:M3nXww2gn9oZ/qWN2bZ35CjolnVHM3qnSbu6srCPgjk=
+cloud.google.com/go/monitoring v1.23.0/go.mod h1:034NnlQPDzrQ64G2Gavhl0LUHZs9H3rRmhtnp7jiJgg=
+cloud.google.com/go/monitoring v1.24.0 h1:csSKiCJ+WVRgNkRzzz3BPoGjFhjPY23ZTcaenToJxMM=
+cloud.google.com/go/monitoring v1.24.0/go.mod h1:Bd1PRK5bmQBQNnuGwHBfUamAV1ys9049oEPHnn4pcsc=
 cloud.google.com/go/storage v1.50.0 h1:3TbVkzTooBvnZsk7WaAQfOsNrdoM8QHusXA1cpk6QJs=
 cloud.google.com/go/storage v1.50.0/go.mod h1:l7XeiD//vx5lfqE3RavfmU9yvk5Pp0Zhcv482poyafY=
 cloud.google.com/go/trace v1.11.3 h1:c+I4YFjxRQjvAhRmSsmjpASUKq88chOX854ied0K/pE=
@@ -26,18 +34,25 @@ filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA=
 filippo.io/edwards25519 v1.1.0/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4=
 firebase.google.com/go/v4 v4.15.1 h1:tR2dzKw1MIfCfG2bhAyxa5KQ57zcE7iFKmeYClET6ZM=
 firebase.google.com/go/v4 v4.15.1/go.mod h1:eunxbsh4UXI2rA8po3sOiebvWYuW0DVxAdZFO0I6wdY=
-git.streifling.com/jason/atom v1.0.0 h1:E88z4S7JeT6T+WuAaJWnGwCWTx+vzSJ6giUL51MdptI=
-git.streifling.com/jason/atom v1.0.0/go.mod h1:FNTYJfatYaIOQn4OKy8y+Mtohqm3MeyEGZUu4bMtZ9E=
+git.streifling.com/jason/atom v1.0.1 h1:G1PtNt1+qlzxpwjlD6iDeseFmzoac1IYxdq9twofTFY=
+git.streifling.com/jason/atom v1.0.1/go.mod h1:FNTYJfatYaIOQn4OKy8y+Mtohqm3MeyEGZUu4bMtZ9E=
 github.com/BurntSushi/toml v1.4.0 h1:kuoIxZQy2WRRk1pttg9asf+WVv6tWQuBNVmK8+nqPr0=
 github.com/BurntSushi/toml v1.4.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho=
 github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.25.0 h1:3c8yed4lgqTt+oTQ+JNMDo+F4xprBf+O/il4ZC0nRLw=
 github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.25.0/go.mod h1:obipzmGjfSjam60XLwGfqUkJsfiheAl+TUjG+4yzyPM=
+github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.26.0 h1:f2Qw/Ehhimh5uO1fayV0QIW7DShEQqhtUfhYc+cBPlw=
+github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.26.0/go.mod h1:2bIszWvQRlJVmJLiuLhukLImRjKPcYdzzsx6darK02A=
 github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.49.0 h1:o90wcURuxekmXrtxmYWTyNla0+ZEHhud6DI1ZTxd1vI=
 github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.49.0/go.mod h1:6fTWu4m3jocfUZLYF5KsZC1TUfRvEjs7lM4crme/irw=
+github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.50.0 h1:5IT7xOdq17MtcdtL/vtl6mGfzhaq4m4vpollPRmlsBQ=
+github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.50.0/go.mod h1:ZV4VOm0/eHR06JLrXWe09068dHpr3TRpY9Uo7T+anuA=
 github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/cloudmock v0.49.0 h1:jJKWl98inONJAr/IZrdFQUWcwUO95DLY1XMD1ZIut+g=
 github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/cloudmock v0.49.0/go.mod h1:l2fIqmwB+FKSfvn3bAD/0i+AXAxhIZjTK2svT/mgUXs=
+github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/cloudmock v0.50.0 h1:nNMpRpnkWDAaqcpxMJvxa/Ud98gjbYwayJY4/9bdjiU=
 github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.49.0 h1:GYUJLfvd++4DMuMhCFLgLXvFwofIxh/qOwoGuS/LTew=
 github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.49.0/go.mod h1:wRbFgBQUVm1YXrvWKofAEmq9HNJTDphbAaJSSX01KUI=
+github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.50.0 h1:ig/FpDD2JofP/NExKQUbn7uOSZzJAQqogfqluZK4ed4=
+github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.50.0/go.mod h1:otE2jQekW/PqXk1Awf5lmfokJx4uwuqcj1ab5SpGeW0=
 github.com/MicahParks/keyfunc v1.9.0 h1:lhKd5xrFHLNOWrDc4Tyb/Q1AJ4LCzQ48GVJyVIID3+o=
 github.com/MicahParks/keyfunc v1.9.0/go.mod h1:IdnCilugA0O/99dW+/MkvlyrsX8+L8+x95xuVNtM5jw=
 github.com/aymerick/douceur v0.2.0 h1:Mv+mAeH1Q+n9Fr+oyamOlAkUNPWPlA8PPGR0QAaYuPk=
@@ -46,8 +61,8 @@ github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UF
 github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/chai2010/webp v1.1.1 h1:jTRmEccAJ4MGrhFOrPMpNGIJ/eybIgwKpcACsrTEapk=
 github.com/chai2010/webp v1.1.1/go.mod h1:0XVwvZWdjjdxpUEIf7b9g9VkHFnInUSYujwqTLEuldU=
-github.com/cncf/xds/go v0.0.0-20241223141626-cff3c89139a3 h1:boJj011Hh+874zpIySeApCX4GeOjPl9qhRF3QuIZq+Q=
-github.com/cncf/xds/go v0.0.0-20241223141626-cff3c89139a3/go.mod h1:W+zGtBO5Y1IgJhy4+A9GOqVhqLpfZi+vwmdNXUehLA8=
+github.com/cncf/xds/go v0.0.0-20250121191232-2f005788dc42 h1:Om6kYQYDUk5wWbT0t0q6pvyM49i9XZAv9dDrkDA7gjk=
+github.com/cncf/xds/go v0.0.0-20250121191232-2f005788dc42/go.mod h1:W+zGtBO5Y1IgJhy4+A9GOqVhqLpfZi+vwmdNXUehLA8=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/disintegration/imaging v1.6.2 h1:w1LecBlG2Lnp8B3jk5zSuNqd7b4DXhcjwek1ei82L+c=
@@ -56,12 +71,16 @@ github.com/envoyproxy/go-control-plane v0.13.4 h1:zEqyPVyku6IvWCFwux4x9RxkLOMUL+
 github.com/envoyproxy/go-control-plane v0.13.4/go.mod h1:kDfuBlDVsSj2MjrLEtRWtHlsWIFcGyB2RMO44Dc5GZA=
 github.com/envoyproxy/go-control-plane/envoy v1.32.3 h1:hVEaommgvzTjTd4xCaFd+kEQ2iYBtGxP6luyLrx6uOk=
 github.com/envoyproxy/go-control-plane/envoy v1.32.3/go.mod h1:F6hWupPfh75TBXGKA++MCT/CZHFq5r9/uwt/kQYkZfE=
+github.com/envoyproxy/go-control-plane/envoy v1.32.4 h1:jb83lalDRZSpPWW2Z7Mck/8kXZ5CQAFYVjQcdVIr83A=
+github.com/envoyproxy/go-control-plane/envoy v1.32.4/go.mod h1:Gzjc5k8JcJswLjAx1Zm+wSYE20UrLtt7JZMWiWQXQEw=
 github.com/envoyproxy/go-control-plane/ratelimit v0.1.0 h1:/G9QYbddjL25KvtKTv3an9lx6VBE2cnb8wp1vEGNYGI=
 github.com/envoyproxy/go-control-plane/ratelimit v0.1.0/go.mod h1:Wk+tMFAFbCXaJPzVVHnPgRKdUdwW/KdbRt94AzgRee4=
-github.com/envoyproxy/protoc-gen-validate v1.1.0 h1:tntQDh69XqOCOZsDz0lVJQez/2L6Uu2PdjCQwWCJ3bM=
-github.com/envoyproxy/protoc-gen-validate v1.1.0/go.mod h1:sXRDRVmzEbkM7CVcM06s9shE/m23dg3wzjl0UWqJ2q4=
+github.com/envoyproxy/protoc-gen-validate v1.2.1 h1:DEo3O99U8j4hBFwbJfrz9VtgcDfUKS7KJ7spH3d86P8=
+github.com/envoyproxy/protoc-gen-validate v1.2.1/go.mod h1:d/C80l/jxXLdfEIhX1W2TmLfsJ31lvEjwamM4DxlWXU=
 github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg=
 github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
+github.com/gabriel-vasile/mimetype v1.4.8 h1:FfZ3gj38NjllZIeJAmMhr+qKL8Wu+nOoI3GqacKw1NM=
+github.com/gabriel-vasile/mimetype v1.4.8/go.mod h1:ByKUIKGjh1ODkGM1asKUbQZOLGrPjydw3hYPU2YU9t8=
 github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
 github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY=
 github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
@@ -80,8 +99,6 @@ github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
 github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
-github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
-github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/martian/v3 v3.3.3 h1:DIhPTQrbPkgs2yJYdXU/eNACCG5DVQjySNRNlflZ9Fc=
 github.com/google/martian/v3 v3.3.3/go.mod h1:iEPrYcgCF7jA9OtScMFQyAlZZ4YXTKEtJ1E6RWzmBA0=
 github.com/google/s2a-go v0.1.9 h1:LGD7gtMgezd8a/Xak7mEWL0PjoTQFvpRudN895yqKW0=
@@ -94,10 +111,6 @@ github.com/googleapis/gax-go/v2 v2.14.1 h1:hb0FFeiPaQskmvakKu5EbCbpntQn48jyHuvrk
 github.com/googleapis/gax-go/v2 v2.14.1/go.mod h1:Hb/NubMaVM88SrNkvl8X/o8XWwDJEPqouaLeN2IUxoA=
 github.com/gorilla/css v1.0.1 h1:ntNaBIghp6JmvWnxbZKANoLyuXTPZ4cAMlo6RyhlbO8=
 github.com/gorilla/css v1.0.1/go.mod h1:BvnYkspnSzMmwRK+b8/xgNPLiIuNZr6vbZBTPQ2A3b0=
-github.com/gorilla/securecookie v1.1.2 h1:YCIWL56dvtr73r6715mJs5ZvhtnY73hBvEF8kXD8ePA=
-github.com/gorilla/securecookie v1.1.2/go.mod h1:NfCASbcHqRSY+3a8tlWJwsQap2VX5pwzwo4h3eOamfo=
-github.com/gorilla/sessions v1.4.0 h1:kpIYOp/oi6MG/p5PgxApU8srsSw9tuFbt46Lt7auzqQ=
-github.com/gorilla/sessions v1.4.0/go.mod h1:FLWm50oby91+hl7p/wRxDth9bWSuk0qVL2emc7lT5ik=
 github.com/microcosm-cc/bluemonday v1.0.27 h1:MpEUotklkwCSLeH+Qdx1VJgNqLlpY2KXwXFM08ygZfk=
 github.com/microcosm-cc/bluemonday v1.0.27/go.mod h1:jFi9vgW+H7c3V0lb6nR74Ib/DIB5OBs92Dimizgw2cA=
 github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10 h1:GFCKgmp0tecUJ0sJuv4pzYCqS9+RGSn52M3FUwPs+uo=
@@ -113,24 +126,24 @@ go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0=
 go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo=
 go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA=
 go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A=
-go.opentelemetry.io/contrib/detectors/gcp v1.33.0 h1:FVPoXEoILwgbZUu4X7YSgsESsAmGRgoYcnXkzgQPhP4=
-go.opentelemetry.io/contrib/detectors/gcp v1.33.0/go.mod h1:ZHrLmr4ikK2AwRj9QL+c9s2SOlgoSRyMpNVzUj2fZqI=
-go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.58.0 h1:PS8wXpbyaDJQ2VDHHncMe9Vct0Zn1fEjpsjrLxGJoSc=
-go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.58.0/go.mod h1:HDBUsEjOuRC0EzKZ1bSaRGZWUBAzo+MhAcUUORSr4D0=
-go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.58.0 h1:yd02MEjBdJkG3uabWP9apV+OuWRIXGDuJEUJbOHmCFU=
-go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.58.0/go.mod h1:umTcuxiv1n/s/S6/c2AT/g2CQ7u5C59sHDNmfSwgz7Q=
-go.opentelemetry.io/otel v1.33.0 h1:/FerN9bax5LoK51X/sI0SVYrjSE0/yUL7DpxW4K3FWw=
-go.opentelemetry.io/otel v1.33.0/go.mod h1:SUUkR6csvUQl+yjReHu5uM3EtVV7MBm5FHKRlNx4I8I=
+go.opentelemetry.io/contrib/detectors/gcp v1.34.0 h1:JRxssobiPg23otYU5SbWtQC//snGVIM3Tx6QRzlQBao=
+go.opentelemetry.io/contrib/detectors/gcp v1.34.0/go.mod h1:cV4BMFcscUR/ckqLkbfQmF0PRsq8w/lMGzdbCSveBHo=
+go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.59.0 h1:rgMkmiGfix9vFJDcDi1PK8WEQP4FLQwLDfhp5ZLpFeE=
+go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.59.0/go.mod h1:ijPqXp5P6IRRByFVVg9DY8P5HkxkHE5ARIa+86aXPf4=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.59.0 h1:CV7UdSGJt/Ao6Gp4CXckLxVRRsRgDHoI8XjbL3PDl8s=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.59.0/go.mod h1:FRmFuRJfag1IZ2dPkHnEoSFVgTVPUd2qf5Vi69hLb8I=
+go.opentelemetry.io/otel v1.34.0 h1:zRLXxLCgL1WyKsPVrgbSdMN4c0FMkDAskSTQP+0hdUY=
+go.opentelemetry.io/otel v1.34.0/go.mod h1:OWFPOQ+h4G8xpyjgqo4SxJYdDQ/qmRH+wivy7zzx9oI=
 go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.29.0 h1:WDdP9acbMYjbKIyJUhTvtzj601sVJOqgWdUxSdR/Ysc=
 go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.29.0/go.mod h1:BLbf7zbNIONBLPwvFnwNHGj4zge8uTCM/UPIVW1Mq2I=
-go.opentelemetry.io/otel/metric v1.33.0 h1:r+JOocAyeRVXD8lZpjdQjzMadVZp2M4WmQ+5WtEnklQ=
-go.opentelemetry.io/otel/metric v1.33.0/go.mod h1:L9+Fyctbp6HFTddIxClbQkjtubW6O9QS3Ann/M82u6M=
-go.opentelemetry.io/otel/sdk v1.33.0 h1:iax7M131HuAm9QkZotNHEfstof92xM+N8sr3uHXc2IM=
-go.opentelemetry.io/otel/sdk v1.33.0/go.mod h1:A1Q5oi7/9XaMlIWzPSxLRWOI8nG3FnzHJNbiENQuihM=
-go.opentelemetry.io/otel/sdk/metric v1.33.0 h1:Gs5VK9/WUJhNXZgn8MR6ITatvAmKeIuCtNbsP3JkNqU=
-go.opentelemetry.io/otel/sdk/metric v1.33.0/go.mod h1:dL5ykHZmm1B1nVRk9dDjChwDmt81MjVp3gLkQRwKf/Q=
-go.opentelemetry.io/otel/trace v1.33.0 h1:cCJuF7LRjUFso9LPnEAHJDB2pqzp+hbO8eu1qqW2d/s=
-go.opentelemetry.io/otel/trace v1.33.0/go.mod h1:uIcdVUZMpTAmz0tI1z04GoVSezK37CbGV4fr1f2nBck=
+go.opentelemetry.io/otel/metric v1.34.0 h1:+eTR3U0MyfWjRDhmFMxe2SsW64QrZ84AOhvqS7Y+PoQ=
+go.opentelemetry.io/otel/metric v1.34.0/go.mod h1:CEDrp0fy2D0MvkXE+dPV7cMi8tWZwX3dmaIhwPOaqHE=
+go.opentelemetry.io/otel/sdk v1.34.0 h1:95zS4k/2GOy069d321O8jWgYsW3MzVV+KuSPKp7Wr1A=
+go.opentelemetry.io/otel/sdk v1.34.0/go.mod h1:0e/pNiaMAqaykJGKbi+tSjWfNNHMTxoC9qANsCzbyxU=
+go.opentelemetry.io/otel/sdk/metric v1.34.0 h1:5CeK9ujjbFVL5c1PhLuStg1wxA7vQv7ce1EK0Gyvahk=
+go.opentelemetry.io/otel/sdk/metric v1.34.0/go.mod h1:jQ/r8Ze28zRKoNRdkjCZxfs6YvBTG1+YIqyFVFYec5w=
+go.opentelemetry.io/otel/trace v1.34.0 h1:+ouXS2V8Rd4hp4580a8q23bg0azF2nI8cqLYnC8mh/k=
+go.opentelemetry.io/otel/trace v1.34.0/go.mod h1:Svm7lSjQD7kG7KJ/MUHPVXSDGz2OX4h0M2jHBhmSfRE=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.32.0 h1:euUpcYgM8WcP71gNpTqQCn6rC2t6ULUPiOzfWaXVVfc=
@@ -138,6 +151,8 @@ golang.org/x/crypto v0.32.0/go.mod h1:ZnnJkOaASj8g0AjIduWNlq2NRxL0PlBrbKVyZ6V/Ug
 golang.org/x/image v0.0.0-20191009234506-e7c1f5e7dbb8/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
 golang.org/x/image v0.23.0 h1:HseQ7c2OpPKTPVzNjG5fwJsOTCiiwS4QdsYi5XU6H68=
 golang.org/x/image v0.23.0/go.mod h1:wJJBTdLfCCf3tiHa1fNxpZmUI4mmoZvwMCPP0ddoNKY=
+golang.org/x/image v0.24.0 h1:AN7zRgVsbvmTfNyqIbbOraYL8mSwcKncEj8ofjgzcMQ=
+golang.org/x/image v0.24.0/go.mod h1:4b/ITuLfqYq1hqZcjofwctIhi7sZh2WaCjvsBNjjya8=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
@@ -146,10 +161,14 @@ golang.org/x/net v0.34.0 h1:Mb7Mrk043xzHgnRM88suvJFwzVrRfHEHJEl5/71CKw0=
 golang.org/x/net v0.34.0/go.mod h1:di0qlW3YNM5oh6GqDGQr92MyTozJPmybPK4Ev/Gm31k=
 golang.org/x/oauth2 v0.25.0 h1:CY4y7XT9v0cRI9oupztF8AgiIu99L/ksR/Xp/6jrZ70=
 golang.org/x/oauth2 v0.25.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
+golang.org/x/oauth2 v0.26.0 h1:afQXWNNaeC4nvZ0Ed9XvCCzXM6UHJG7iCg0W4fPqSBE=
+golang.org/x/oauth2 v0.26.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ=
 golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sync v0.11.0 h1:GGz8+XQP4FvTTrjZPzNKTMFtSXH80RAzG+5ghFPgK9w=
+golang.org/x/sync v0.11.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
@@ -157,38 +176,57 @@ golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.29.0 h1:TPYlXGxvx1MGTn2GiZDhnjPA9wZzZeGKHHmKhHYvgaU=
 golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.30.0 h1:QjkSwP/36a20jFYWkSue1YwXzLmsV5Gfq7Eiy72C1uc=
+golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.28.0 h1:/Ts8HFuMR2E6IP/jlo7QVLZHggjKQbhu/7H0LJFr3Gg=
 golang.org/x/term v0.28.0/go.mod h1:Sw/lC2IAUZ92udQNf3WodGtn4k/XoLyZoh8v/8uiwek=
+golang.org/x/term v0.29.0 h1:L6pJp37ocefwRRtYPKSWOWzOtWSxVajvz2ldH/xi3iU=
+golang.org/x/term v0.29.0/go.mod h1:6bl4lRlvVuDgSf3179VpIxBF0o10JUpXWOnI7nErv7s=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ=
 golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo=
 golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
+golang.org/x/text v0.22.0 h1:bofq7m3/HAFvbF51jz3Q9wLg3jkvSPuiZu/pD1XwgtM=
+golang.org/x/text v0.22.0/go.mod h1:YRoo4H8PVmsu+E3Ou7cqLVH8oXWIHVoX0jqUWALQhfY=
 golang.org/x/time v0.9.0 h1:EsRrnYcQiGH+5FfbgvV4AP7qEZstoyrHB0DzarOQ4ZY=
 golang.org/x/time v0.9.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
+golang.org/x/time v0.10.0 h1:3usCWA8tQn0L8+hFJQNgzpWbd89begxN66o1Ojdn5L4=
+golang.org/x/time v0.10.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/api v0.216.0 h1:xnEHy+xWFrtYInWPy8OdGFsyIfWJjtVnO39g7pz2BFY=
-google.golang.org/api v0.216.0/go.mod h1:K9wzQMvWi47Z9IU7OgdOofvZuw75Ge3PPITImZR/UyI=
+google.golang.org/api v0.218.0 h1:x6JCjEWeZ9PFCRe9z0FBrNwj7pB7DOAqT35N+IPnAUA=
+google.golang.org/api v0.218.0/go.mod h1:5VGHBAkxrA/8EFjLVEYmMUJ8/8+gWWQ3s4cFH0FxG2M=
+google.golang.org/api v0.220.0 h1:3oMI4gdBgB72WFVwE1nerDD8W3HUOS4kypK6rRLbGns=
+google.golang.org/api v0.220.0/go.mod h1:26ZAlY6aN/8WgpCzjPNy18QpYaz7Zgg1h0qe1GkZEmY=
+google.golang.org/appengine v1.6.8 h1:IhEN5q69dyKagZPYMSdIjS2HqprW324FRQZJcGqPAsM=
 google.golang.org/appengine/v2 v2.0.6 h1:LvPZLGuchSBslPBp+LAhihBeGSiRh1myRoYK4NtuBIw=
 google.golang.org/appengine/v2 v2.0.6/go.mod h1:WoEXGoXNfa0mLvaH5sV3ZSGXwVmy8yf7Z1JKf3J3wLI=
-google.golang.org/genproto v0.0.0-20250106144421-5f5ef82da422 h1:6GUHKGv2huWOHKmDXLMNE94q3fBDlEHI+oTRIZSebK0=
-google.golang.org/genproto v0.0.0-20250106144421-5f5ef82da422/go.mod h1:1NPAxoesyw/SgLPqaUp9u1f9PWCLAk/jVmhx7gJZStg=
-google.golang.org/genproto/googleapis/api v0.0.0-20250106144421-5f5ef82da422 h1:GVIKPyP/kLIyVOgOnTwFOrvQaQUzOzGMCxgFUOEmm24=
-google.golang.org/genproto/googleapis/api v0.0.0-20250106144421-5f5ef82da422/go.mod h1:b6h1vNKhxaSoEI+5jc3PJUCustfli/mRab7295pY7rw=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20250106144421-5f5ef82da422 h1:3UsHvIr4Wc2aW4brOaSCmcxh9ksica6fHEr8P1XhkYw=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20250106144421-5f5ef82da422/go.mod h1:3ENsm/5D1mzDyhpzeRi1NR784I0BcofWBoSc5QqqMK4=
-google.golang.org/grpc v1.69.2 h1:U3S9QEtbXC0bYNvRtcoklF3xGtLViumSYxWykJS+7AU=
-google.golang.org/grpc v1.69.2/go.mod h1:vyjdE6jLBI76dgpDojsFGNaHlxdjXN9ghpnd2o7JGZ4=
+google.golang.org/genproto v0.0.0-20250124145028-65684f501c47 h1:SI8Hf7K4+uVYchXqZiMfP44PZ83xomMWovbcFfm0P8Q=
+google.golang.org/genproto v0.0.0-20250124145028-65684f501c47/go.mod h1:qbZzneIOXSq+KFAFut9krLfRLZiFLzZL5u2t8SV83EE=
+google.golang.org/genproto v0.0.0-20250204164813-702378808489 h1:nQcbCCOg2h2CQ0yA8SY3AHqriNKDvsetuq9mE/HFjtc=
+google.golang.org/genproto v0.0.0-20250204164813-702378808489/go.mod h1:wkQ2Aj/xvshAUDtO/JHvu9y+AaN9cqs28QuSVSHtZSY=
+google.golang.org/genproto/googleapis/api v0.0.0-20250124145028-65684f501c47 h1:5iw9XJTD4thFidQmFVvx0wi4g5yOHk76rNRUxz1ZG5g=
+google.golang.org/genproto/googleapis/api v0.0.0-20250124145028-65684f501c47/go.mod h1:AfA77qWLcidQWywD0YgqfpJzf50w2VjzBml3TybHeJU=
+google.golang.org/genproto/googleapis/api v0.0.0-20250204164813-702378808489 h1:fCuMM4fowGzigT89NCIsW57Pk9k2D12MMi2ODn+Nk+o=
+google.golang.org/genproto/googleapis/api v0.0.0-20250204164813-702378808489/go.mod h1:iYONQfRdizDB8JJBybql13nArx91jcUk7zCXEsOofM4=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20250124145028-65684f501c47 h1:91mG8dNTpkC0uChJUQ9zCiRqx3GEEFOWaRZ0mI6Oj2I=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20250124145028-65684f501c47/go.mod h1:+2Yz8+CLJbIfL9z73EW45avw8Lmge3xVElCP9zEKi50=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20250204164813-702378808489 h1:5bKytslY8ViY0Cj/ewmRtrWHW64bNF03cAatUUFCdFI=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20250204164813-702378808489/go.mod h1:8BS3B93F/U1juMFq9+EDk+qOT5CO1R9IzXxG3PTqiRk=
+google.golang.org/grpc v1.70.0 h1:pWFv03aZoHzlRKHWicjsZytKAiYCtNS0dHbXnIdq7jQ=
+google.golang.org/grpc v1.70.0/go.mod h1:ofIJqVKDXx/JiXrwr2IG4/zwdH9txy3IlF40RmcJSQw=
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
 google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
-google.golang.org/protobuf v1.36.2 h1:R8FeyR1/eLmkutZOM5CWghmo5itiG9z0ktFlTVLuTmU=
-google.golang.org/protobuf v1.36.2/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
+google.golang.org/protobuf v1.36.4 h1:6A3ZDJHn/eNqc1i+IdefRzy/9PokBTPvcqMySR7NNIM=
+google.golang.org/protobuf v1.36.4/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
+google.golang.org/protobuf v1.36.5 h1:tPhr+woSbjfYvY6/GPufUoYizxw1cF/yFoxJ2fmpwlM=
+google.golang.org/protobuf v1.36.5/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=

scripts/create_db.sql

@@ -38,6 +38,7 @@ CREATE TABLE articles (
     clicks INT NOT NULL,
     is_in_issue BOOL NOT NULL,
     auto_generated BOOL NOT NULL,
+    uuid VARCHAR(36) NOT NULL,
     PRIMARY KEY (id),
     FOREIGN KEY (creator_id) REFERENCES users (id),
     FOREIGN KEY (issue_id) REFERENCES issues (id)

scripts/create_toc.lua

@@ -0,0 +1,33 @@
+-- Helper function: remove all image inlines from a list of inlines.
+local function remove_images(inlines)
+	local result = {}
+	for _, item in ipairs(inlines) do
+		if item.t ~= "Image" then
+			table.insert(result, item)
+		end
+	end
+	return result
+end
+
+-- Build a bullet list representing the table of contents.
+local function build_toc(doc)
+	local toc_items = {}
+	for _, block in ipairs(doc.blocks) do
+		if block.t == "Header" then
+			local clean_inlines = remove_images(block.content)
+			local header_text = pandoc.utils.stringify(clean_inlines)
+			if header_text ~= "" then
+				local link = pandoc.Link(clean_inlines, "#" .. block.identifier)
+				table.insert(toc_items, { link })
+			end
+		end
+	end
+	return pandoc.BulletList(toc_items)
+end
+
+-- The Pandoc function runs after the document is fully constructed.
+function Pandoc(doc)
+	local toc = build_toc(doc)
+	table.insert(doc.blocks, 1, toc) -- Insert the TOC at the very beginning of the document.
+	return doc
+end

update.sh

@@ -1,58 +0,0 @@
-#! /bin/sh -
-
-CPOLIS_REPO_URL="https://git.streifling.com/api/v1/repos/jason/cpolis/releases"
-EXTRACTION_DIR=$HOME
-CPOLIS_DIR=$EXTRACTION_DIR/cpolis
-TAILWINDCSS_REPO_URL=https://api.github.com/repos/tailwindlabs/tailwindcss/releases/latest
-TMP_DIR=/tmp
-BIN_DIR=/usr/local/bin
-SYSTEMD_DIR=/etc/systemd/system
-
-check_dependency() {
-    if ! which $1 >/dev/null 2>&1; then
-        echo "$1 needs to be installed" >&2
-        exit 1
-    fi
-}
-
-if ! groups | grep -E 'root|wheel|sudo' >/dev/null; then
-    echo "You need administrative privileges for this script" >&2
-    exit 1
-fi
-
-check_dependency curl
-check_dependency go
-check_dependency jq
-check_dependency tar
-check_dependency xargs
-
-echo '\nDownloading cpolis...' >&2
-rm -fr $CPOLIS_DIR/*
-latest_release=$(curl -s $CPOLIS_REPO_URL | jq -r '.[0].tag_name')
-curl -Lo $TMP_DIR/cpolis.tar.gz https://git.streifling.com/jason/cpolis/archive/$latest_release.tar.gz
-tar -xzf $TMP_DIR/cpolis.tar.gz -C $EXTRACTION_DIR
-rm $TMP_DIR/cpolis.tar.gz
-
-echo '\nDownloading TailwindCSS...' >&2
-curl -s $TAILWINDCSS_REPO_URL |
-    grep -F browser_download_url |
-    grep -F linux-x64 |
-    cut -d'"' -f4 |
-    xargs -r curl -Lo $CPOLIS_DIR/tailwindcss
-chmod +x $CPOLIS_DIR/tailwindcss
-$CPOLIS_DIR/tailwindcss -i $CPOLIS_DIR/web/static/css/input.css -o $CPOLIS_DIR/web/static/css/style.css
-
-echo '\nBuilding cpolis...' >&2
-cd $CPOLIS_DIR
-go build -o $BIN_DIR/cpolis cmd/main.go
-cd
-
-echo '\nSetting up system files...' >&2
-sudo chown root:root $BIN_DIR/cpolis
-chmod +x $BIN_DIR/cpolis
-
-echo '\nSetting up service...' >&2
-sudo mv $CPOLIS_DIR/cpolis.service $SYSTEMD_DIR
-sudo chown root:root $SYSTEMD_DIR/cpolis.service
-sudo systemctl daemon-reload
-sudo systemctl is-active --quiet cpolis.service && sudo systemctl restart cpolis.service

web/templates/hub.html

@@ -7,6 +7,11 @@
         <h2>Artikel</h2>
         <div class="grid grid-cols-1 md:grid-cols-2 gap-x-4 gap-y-2">
             <button class="btn" hx-get="/article/write" hx-target="#page-content">Artikel schreiben</button>
+            <form class="flex" hx-encoding="multipart/form-data">
+                <label class="btn text-center" for="docx-upload">Word-Dokument hochladen</label>
+                <input accept=".docx" class="hidden" id="docx-upload" name="docx-upload" type="file"
+                    hx-post="/docx/upload" />
+            </form>
             <button class="btn" hx-get="/article/all-rejected" hx-target="#page-content">Artikel bearbeiten</button>
             {{if lt .Role 3}}<button class="btn" hx-get="/article/all-unpublished-unrejected-and-published-rejected"
                 hx-target="#page-content">Artikel veröffentlichen</button>{{end}}

web/templates/index.html

@@ -38,11 +38,11 @@
     </main>
 
     <footer class="text-center text-gray-500 my-8">
-        <p>&copy; 2024 Jason Streifling. Alle Rechte vorbehalten.</p>
+        <p>&copy; 2025 Jason Streifling. Alle Rechte vorbehalten.</p>
         <p>{{.Version}} - <strong>Alpha: Drastische Änderungen und Fehler vorbehalten.</strong></p>
     </footer>
 
-    <script src="https://unpkg.com/htmx.org@2.0.3"></script>
+    <script src="https://unpkg.com/htmx.org@2.0.4"></script>
     <script src="https://unpkg.com/easymde/dist/easymde.min.js"></script>
     <script>
         document.addEventListener('DOMContentLoaded', () => {