Require all fields to be filled out when creating a new user

.gitignore

@@ -21,3 +21,5 @@
 # Go workspace file
 go.work
 
+# Custom stuff
+tmp/

cmd/data/db.go

@@ -0,0 +1,117 @@
+package data
+
+import (
+	"database/sql"
+	"fmt"
+
+	"github.com/go-sql-driver/mysql"
+	"golang.org/x/crypto/bcrypt"
+)
+
+type DB struct {
+	*sql.DB
+}
+
+func OpenDB(dbName string) (*DB, error) {
+	var err error
+	db := DB{DB: &sql.DB{}}
+
+	cfg := mysql.NewConfig()
+	cfg.DBName = dbName
+	cfg.User, cfg.Passwd, err = getCredentials()
+	if err != nil {
+		return nil, fmt.Errorf("error reading user credentials for DB: %v", err)
+	}
+
+	db.DB, err = sql.Open("mysql", cfg.FormatDSN())
+	if err != nil {
+		return nil, fmt.Errorf("error opening DB: %v", err)
+	}
+	if err = db.Ping(); err != nil {
+		return nil, fmt.Errorf("error pinging DB: %v", err)
+	}
+
+	return &db, nil
+}
+
+func (db *DB) AddUser(user, pass, first, last string, writer, editor, admin bool) error {
+	hashedPass, err := bcrypt.GenerateFromPassword([]byte(pass), bcrypt.DefaultCost)
+	if err != nil {
+		return fmt.Errorf("error creating password hash: %v", err)
+	}
+
+	query := `
+    INSERT INTO users
+        (username, password, first_name, last_name, writer, editor, admin)
+    VALUES
+        (?, ?, ?, ?, ?, ?, ?)
+    `
+	_, err = db.Exec(query, user, string(hashedPass), first, last, writer, editor, admin)
+	if err != nil {
+		return fmt.Errorf("error inserting user into DB: %v", err)
+	}
+
+	return nil
+}
+
+func (db *DB) GetID(user string) (int64, error) {
+	var id int64
+
+	query := `
+    SELECT id FROM
+        users
+    WHERE
+        username = ?
+    `
+	row := db.QueryRow(query, user)
+	if err := row.Scan(&id); err != nil {
+		return 0, fmt.Errorf("user not in DB: %v", err)
+	}
+
+	return id, nil
+}
+
+func (db *DB) CheckPassword(id int64, pass string) error {
+	var queriedPass string
+
+	query := `
+    SELECT password FROM
+        users
+    WHERE
+        id = ?
+    `
+	row := db.QueryRow(query, id)
+	if err := row.Scan(&queriedPass); err != nil {
+		return fmt.Errorf("error reading password from DB: %v", err)
+	}
+
+	if err := bcrypt.CompareHashAndPassword([]byte(queriedPass), []byte(pass)); err != nil {
+		return fmt.Errorf("incorrect password: %v", err)
+	}
+
+	return nil
+}
+
+func (db *DB) ChangePassword(id int64, oldPass, newPass string) error {
+	if err := db.CheckPassword(id, oldPass); err != nil {
+		return fmt.Errorf("error checking password: %v", err)
+	}
+
+	newHashedPass, err := bcrypt.GenerateFromPassword([]byte(newPass), bcrypt.DefaultCost)
+	if err != nil {
+		return fmt.Errorf("error creating password hash: %v", err)
+	}
+
+	updateQuery := `
+    UPDATE users SET
+        password = ?
+    WHERE
+        id = ?
+    `
+	_, err = db.Exec(updateQuery, string(newHashedPass), id)
+	if err != nil {
+		return fmt.Errorf("error updating password in DB: %v", err)
+	}
+
+	return nil
+}

cmd/data/helpers.go

@@ -0,0 +1,52 @@
+package data
+
+import (
+	"bufio"
+	"fmt"
+	"os"
+	"strings"
+	"syscall"
+
+	"golang.org/x/term"
+)
+
+func getUsername() (string, error) {
+	user := os.Getenv("DB_USER")
+	if user == "" {
+		var err error
+		fmt.Printf("DB Benutzer: ")
+		user, err = bufio.NewReader(os.Stdin).ReadString('\n')
+		if err != nil {
+			return "", fmt.Errorf("error reading username: %v", err)
+		}
+	}
+	return strings.TrimSpace(user), nil
+}
+
+func getPassword() (string, error) {
+	pass := os.Getenv("DB_PASS")
+	if pass == "" {
+		fmt.Printf("DB Passwort: ")
+		bytePass, err := term.ReadPassword(int(syscall.Stdin))
+		if err != nil {
+			return "", fmt.Errorf("error reading password: %v", err)
+		}
+		fmt.Println()
+		pass = strings.TrimSpace(string(bytePass))
+	}
+	return pass, nil
+}
+
+func getCredentials() (string, string, error) {
+	user, err := getUsername()
+	if err != nil {
+		return "", "", fmt.Errorf("error getting username: %v", err)
+	}
+
+	pass, err := getPassword()
+	if err != nil {
+		return "", "", fmt.Errorf("error getting password: %v", err)
+	}
+
+	return user, pass, nil
+}

cmd/data/markdown.go

@@ -0,0 +1,22 @@
+package data
+
+import (
+	"bytes"
+	"fmt"
+
+	"github.com/microcosm-cc/bluemonday"
+	"github.com/yuin/goldmark"
+)
+
+func ConvertToHTML(md string) (string, error) {
+	var buf bytes.Buffer
+
+	if err := goldmark.Convert([]byte(md), &buf); err != nil {
+		return "", fmt.Errorf("error converting markdown to html: %v", err)
+	}
+
+	p := bluemonday.UGCPolicy()
+	html := p.Sanitize(buf.String())
+
+	return html, nil
+}

cmd/feed/rss.go

@@ -0,0 +1,75 @@
+package feed
+
+import (
+	"encoding/gob"
+	"fmt"
+	"os"
+	"time"
+
+	"github.com/gorilla/feeds"
+)
+
+type Feed struct {
+	feeds.Feed
+}
+
+func NewFeed(title, link, desc string) *Feed {
+	return &Feed{
+		Feed: feeds.Feed{
+			Title:       title,
+			Link:        &feeds.Link{Href: link},
+			Description: desc,
+		},
+	}
+}
+
+func SaveFeed(feed *Feed, filename string) error {
+	file, err := os.Create(filename)
+	if err != nil {
+		return fmt.Errorf("error creating file %v: %v", filename, err)
+	}
+	defer file.Close()
+
+	encoder := gob.NewEncoder(file)
+	err = encoder.Encode(feed)
+	if err != nil {
+		return fmt.Errorf("error encoding file %v: %v", filename, err)
+	}
+
+	return nil
+}
+
+func OpenFeed(filename string) (*Feed, error) {
+	file, err := os.Open(filename)
+	if err != nil {
+		return nil, fmt.Errorf("error opening file %v: %v", filename, err)
+	}
+	defer file.Close()
+
+	feed := &Feed{}
+	decoder := gob.NewDecoder(file)
+	err = decoder.Decode(feed)
+	if err != nil {
+		return nil, fmt.Errorf("error decoding file %v: %v", filename, err)
+	}
+
+	return feed, nil
+}
+
+func AddToFeed(feed *Feed, title, desc, content string) error {
+	item := feeds.Item{
+		Title:       title,
+		Created:     time.Now(),
+		Description: desc,
+		Content:     content,
+	}
+	feed.Add(&item)
+
+	rss, err := feed.ToRss()
+	if err != nil {
+		return fmt.Errorf("error converting feed to RSS: %v", err)
+	}
+	fmt.Println(rss)
+
+	return nil
+}

cmd/ui/handlers.go

@@ -0,0 +1,107 @@
+package ui
+
+import (
+	"html/template"
+	"log"
+	"net/http"
+
+	"streifling.com/jason/cpolis/cmd/data"
+	"streifling.com/jason/cpolis/cmd/feed"
+)
+
+func HandleLogin(db *data.DB) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		user := r.PostFormValue("username")
+		pass := r.PostFormValue("password")
+
+		id, err := db.GetID(user)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		if err := db.CheckPassword(id, pass); err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		} else {
+			template.Must(template.ParseFiles("web/templates/editor.html")).ExecuteTemplate(w, "page-content", nil)
+		}
+	}
+}
+
+func HandleFinishedEdit(f *feed.Feed) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		title := r.PostFormValue("editor-title")
+		desc := r.PostFormValue("editor-desc")
+		mdContent := r.PostFormValue("editor-text")
+
+		content, err := data.ConvertToHTML(mdContent)
+		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		feed.AddToFeed(f, title, desc, content)
+		feed.SaveFeed(f, "tmp/rss.gob")
+		// template.Must(template.ParseFiles("web/templates/editor.html")).ExecuteTemplate(w, "html-result", rssItem)
+	}
+}
+
+func HandleAddUser(db *data.DB) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		var writer, editor, admin bool
+
+		user := r.PostFormValue("username")
+		pass := r.PostFormValue("password")
+		pass2 := r.PostFormValue("password2")
+		first := r.PostFormValue("first-name")
+		last := r.PostFormValue("last-name")
+		role := r.PostFormValue("role")
+
+		if inputsEmpty(user, pass, pass2, first, last, role) {
+			log.Println("inputsEmpty")
+			template.Must(template.ParseFiles("web/templates/add-user.html")).Execute(w, nil)
+		}
+		_, _, ok := checkUserStrings(user, first, last)
+		if !ok {
+			log.Println("checkUserStrings")
+			template.Must(template.ParseFiles("web/templates/add-user.html")).Execute(w, nil)
+		}
+		id, _ := db.GetID(user)
+		if id != 0 {
+			log.Println("GetID")
+			template.Must(template.ParseFiles("web/templates/add-user.html")).Execute(w, nil)
+		}
+		if pass != pass2 {
+			log.Println("pass")
+			template.Must(template.ParseFiles("web/templates/add-user.html")).Execute(w, nil)
+		}
+		switch role {
+		case "writer":
+			writer = true
+			editor = false
+			admin = false
+		case "editor":
+			writer = false
+			editor = true
+			admin = false
+		case "admin":
+			writer = false
+			editor = false
+			admin = true
+		default:
+			log.Println("switch")
+			template.Must(template.ParseFiles("web/templates/add-user.html")).Execute(w, nil)
+		}
+
+		if err := db.AddUser(user, pass, first, last, writer, editor, admin); err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+		template.Must(template.ParseFiles("web/templates/editor.html")).Execute(w, nil)
+	}
+}

cmd/ui/helpers.go

@@ -0,0 +1,25 @@
+package ui
+
+func inputsEmpty(user, pass, pass2, first, last, role string) bool {
+	return len(user) == 0 ||
+		len(pass) == 0 ||
+		len(pass2) == 0 ||
+		len(first) == 0 ||
+		len(last) == 0 ||
+		len(role) == 0
+}
+
+func checkUserStrings(user, first, last string) (string, int, bool) {
+	userLen := 15
+	nameLen := 50
+
+	if len(user) > userLen {
+		return user, userLen, false
+	} else if len(first) > nameLen {
+		return first, nameLen, false
+	} else if len(last) > nameLen {
+		return last, nameLen, false
+	} else {
+		return "", 0, true
+	}
+}

cmd/ui/htmlStructs.go

@@ -0,0 +1 @@
+package ui

go.mod

@@ -1,3 +1,19 @@
 module streifling.com/jason/cpolis
 
 go 1.22.0
+
+require (
+	github.com/go-sql-driver/mysql v1.7.1
+	github.com/gorilla/feeds v1.1.2
+	github.com/microcosm-cc/bluemonday v1.0.26
+	github.com/yuin/goldmark v1.7.0
+	golang.org/x/crypto v0.14.0
+	golang.org/x/term v0.17.0
+)
+
+require (
+	github.com/aymerick/douceur v0.2.0 // indirect
+	github.com/gorilla/css v1.0.0 // indirect
+	golang.org/x/net v0.17.0 // indirect
+	golang.org/x/sys v0.17.0 // indirect
+)

go.sum

@@ -0,0 +1,26 @@
+github.com/aymerick/douceur v0.2.0 h1:Mv+mAeH1Q+n9Fr+oyamOlAkUNPWPlA8PPGR0QAaYuPk=
+github.com/aymerick/douceur v0.2.0/go.mod h1:wlT5vV2O3h55X9m7iVYN0TBM0NH/MmbLnd30/FjWUq4=
+github.com/go-sql-driver/mysql v1.7.1 h1:lUIinVbN1DY0xBg0eMOzmmtGoHwWBbvnWubQUrtU8EI=
+github.com/go-sql-driver/mysql v1.7.1/go.mod h1:OXbVy3sEdcQ2Doequ6Z5BW6fXNQTmx+9S1MCJN5yJMI=
+github.com/gorilla/css v1.0.0 h1:BQqNyPTi50JCFMTw/b67hByjMVXZRwGha6wxVGkeihY=
+github.com/gorilla/css v1.0.0/go.mod h1:Dn721qIggHpt4+EFCcTLTU/vk5ySda2ReITrtgBl60c=
+github.com/gorilla/feeds v1.1.2 h1:pxzZ5PD3RJdhFH2FsJJ4x6PqMqbgFk1+Vez4XWBW8Iw=
+github.com/gorilla/feeds v1.1.2/go.mod h1:WMib8uJP3BbY+X8Szd1rA5Pzhdfh+HCCAYT2z7Fza6Y=
+github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
+github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
+github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
+github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
+github.com/microcosm-cc/bluemonday v1.0.26 h1:xbqSvqzQMeEHCqMi64VAs4d8uy6Mequs3rQ0k/Khz58=
+github.com/microcosm-cc/bluemonday v1.0.26/go.mod h1:JyzOCs9gkyQyjs+6h10UEVSe02CGwkhd72Xdqh78TWs=
+github.com/rogpeppe/go-internal v1.9.0 h1:73kH8U+JUqXU8lRuOHeVHaa/SZPifC7BkcraZVejAe8=
+github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs=
+github.com/yuin/goldmark v1.7.0 h1:EfOIvIMZIzHdB/R/zVrikYLPPwJlfMcNczJFMs1m6sA=
+github.com/yuin/goldmark v1.7.0/go.mod h1:uzxRWxtg69N339t3louHJ7+O03ezfj6PlliRlaOzY1E=
+golang.org/x/crypto v0.14.0 h1:wBqGXzWJW6m1XrIKlAH0Hs1JJ7+9KBwnIO8v66Q9cHc=
+golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4=
+golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM=
+golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=
+golang.org/x/sys v0.17.0 h1:25cE3gD+tdBA7lp7QfhuV+rJiE9YXTcS3VG1SqssI/Y=
+golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/term v0.17.0 h1:mkTF7LCd6WGJNL3K1Ad7kwxNfYAW6a8a8QqtMblp/4U=
+golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=

main.go

@@ -1,8 +1,47 @@
 package main
 
-import "net/http"
+import (
+	"html/template"
+	"log"
+	"net/http"
+	"os"
+
+	"streifling.com/jason/cpolis/cmd/data"
+	"streifling.com/jason/cpolis/cmd/feed"
+	"streifling.com/jason/cpolis/cmd/ui"
+)
 
 func main() {
+	logFile, err := os.Create("tmp/cpolis.log")
+	if err != nil {
+		log.Fatalln(err)
+	}
+	defer logFile.Close()
+	log.SetOutput(logFile)
+
+	db, err := data.OpenDB("cpolis")
+	if err != nil {
+		log.Fatalln(err)
+	}
+	defer db.Close()
+
+	rss, err := feed.OpenFeed("tmp/rss.gob")
+	if err != nil {
+		log.Println(err)
+		rss = feed.NewFeed("Freimaurer Distrikt Niedersachsen und Sachsen-Anhalt",
+			"https://distrikt-ni-st.de",
+			"Freiheit, Gleichheit, Brüderlichkeit, Toleranz und Humanität")
+	}
+
 	mux := http.NewServeMux()
-	http.ListenAndServe(":8080", mux)
+	mux.Handle("/web/static/", http.StripPrefix("/web/static/", http.FileServer(http.Dir("web/static/"))))
+	mux.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
+		template.Must(template.ParseFiles("web/templates/index.html", "web/templates/login.html")).Execute(w, nil)
+	})
+
+	mux.HandleFunc("POST /add-user/", ui.HandleAddUser(db))
+	mux.HandleFunc("POST /finished-edit/", ui.HandleFinishedEdit(rss))
+	mux.HandleFunc("POST /login/", ui.HandleLogin(db))
+
+	log.Fatalln(http.ListenAndServe(":8080", mux))
 }

web/templates/add-user.html

@@ -0,0 +1,20 @@
+{{define "page-content"}}
+<h2>Neuer Benutzer</h2>
+<form>
+    <input required name="username" placeholder="Benutzername" type="text" />
+    <input required name="password" placeholder="Passwort" type="password" />
+    <input required name="password2" placeholder="Passwort wiederholen" type="password" />
+
+    <input required name="first-name" placeholder="Vorname" type="text" />
+    <input required name="last-name" placeholder="Nachname" type="text" />
+
+    <label for="writer">Schreiber</label>
+    <input required id="writer" name="role" type="radio" value="writer" />
+    <label for="editor">Redakteur</label>
+    <input required id="editor" name="role" type="radio" value="editor" />
+    <label for="admin">Admin</label>
+    <input required id="admin" name="role" type="radio" value="admin" />
+
+    <input type="submit" value="Anlegen" hx-post="/add-user/" hx-target="#page-content" />
+</form>
+{{end}}

web/templates/editor.html

@@ -0,0 +1,13 @@
+{{define "page-content"}}
+<h2>Editor</h2>
+<form>
+    <input name="editor-title" placeholder="Titel" type="text" />
+    <textarea name="editor-desc" placeholder="Beschreibung"></textarea>
+    <textarea name="editor-text" placeholder="Artikel"></textarea>
+    <input type="submit" value="Senden" hx-post="/finished-edit/" hx-target="#page-content" />
+</form>
+{{end}}
+
+{{define "html-result"}}
+{{.}}
+{{end}}

web/templates/index.html

@@ -0,0 +1,21 @@
+<!DOCTYPE html>
+<html lang="de">
+
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1">
+    <title>Orient Editor</title>
+    <link href="web/static/css/style.css" rel="stylesheet">
+</head>
+
+<body>
+    <h1>Orient Editor</h1>
+
+    <div id="page-content">
+        {{template "page-content" .}}
+    </div>
+
+    <script src="web/static/js/htmx.min.js"></script>
+</body>
+
+</html>

web/templates/login.html

@@ -0,0 +1,8 @@
+{{define "page-content"}}
+<h2>Anmeldung</h2>
+<form>
+    <input name="username" placeholder="Benutzername" type="text" />
+    <input name="password" placeholder="Passwort" type="password" />
+    <input type="submit" value="Anmelden" hx-post="/login/" hx-target="#page-content" />
+</form>
+{{end}}