From 384579ee5e0a45daf98d53432e3ec3d057a7f009 Mon Sep 17 00:00:00 2001 From: ari melody Date: Tue, 21 Jan 2025 14:53:18 +0000 Subject: [PATCH 01/99] refactored out `global`. long live `AppState` --- .gitignore | 1 + admin/accounthttp.go | 48 ++++---- admin/artisthttp.go | 7 +- admin/http.go | 30 +++-- admin/releasehttp.go | 29 +++-- admin/trackhttp.go | 7 +- api/account.go | 25 ++--- api/api.go | 41 ++++--- api/artist.go | 25 ++--- api/release.go | 51 +++++---- api/track.go | 21 ++-- api/uploads.go | 6 +- controller/account.go | 3 +- controller/artist.go | 1 + {global => controller}/config.go | 47 ++------ controller/release.go | 1 + controller/track.go | 1 + discord/discord.go | 43 +++----- global/const.go | 3 - global/funcs.go | 101 ----------------- main.go | 182 +++++++++++++++++++++++-------- model/account.go | 2 + model/appstate.go | 32 ++++++ view/music.go | 18 ++- 24 files changed, 350 insertions(+), 375 deletions(-) rename {global => controller}/config.go (65%) delete mode 100644 global/const.go delete mode 100644 global/funcs.go create mode 100644 model/appstate.go diff --git a/.gitignore b/.gitignore index cccde2b..9bdf788 100644 --- a/.gitignore +++ b/.gitignore @@ -7,3 +7,4 @@ uploads/ docker-compose*.yml !docker-compose.example.yml config*.toml +arimelody-web diff --git a/admin/accounthttp.go b/admin/accounthttp.go index f0990df..b2cf18a 100644 --- a/admin/accounthttp.go +++ b/admin/accounthttp.go @@ -8,10 +8,8 @@ import ( "time" "arimelody-web/controller" - "arimelody-web/global" "arimelody-web/model" - "github.com/jmoiron/sqlx" "golang.org/x/crypto/bcrypt" ) @@ -21,11 +19,11 @@ type TemplateData struct { Token string } -func AccountHandler(db *sqlx.DB) http.Handler { +func AccountHandler(app *model.AppState) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { account := r.Context().Value("account").(*model.Account) - totps, err := controller.GetTOTPsForAccount(db, account.ID) + totps, err := controller.GetTOTPsForAccount(app.DB, account.ID) if err != nil { fmt.Printf("WARN: Failed to fetch TOTPs: %v\n", err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) @@ -47,10 +45,10 @@ func AccountHandler(db *sqlx.DB) http.Handler { }) } -func LoginHandler(db *sqlx.DB) http.Handler { +func LoginHandler(app *model.AppState) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { if r.Method == http.MethodGet { - account, err := controller.GetAccountByRequest(db, r) + account, err := controller.GetAccountByRequest(app.DB, r) if err != nil { http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) fmt.Fprintf(os.Stderr, "WARN: Failed to fetch account: %v\n", err) @@ -107,7 +105,7 @@ func LoginHandler(db *sqlx.DB) http.Handler { TOTP: r.Form.Get("totp"), } - account, err := controller.GetAccount(db, credentials.Username) + account, err := controller.GetAccount(app.DB, credentials.Username) if err != nil { render(LoginResponse{ Message: "Invalid username or password" }) return @@ -123,7 +121,7 @@ func LoginHandler(db *sqlx.DB) http.Handler { return } - totps, err := controller.GetTOTPsForAccount(db, account.ID) + totps, err := controller.GetTOTPsForAccount(app.DB, account.ID) if err != nil { fmt.Fprintf(os.Stderr, "WARN: Failed to fetch TOTPs: %v\n", err) render(LoginResponse{ Message: "Something went wrong. Please try again." }) @@ -147,7 +145,7 @@ func LoginHandler(db *sqlx.DB) http.Handler { } // login success! - token, err := controller.CreateToken(db, account.ID, r.UserAgent()) + token, err := controller.CreateToken(app.DB, account.ID, r.UserAgent()) if err != nil { fmt.Fprintf(os.Stderr, "WARN: Failed to create token: %v\n", err) render(LoginResponse{ Message: "Something went wrong. Please try again." }) @@ -155,10 +153,10 @@ func LoginHandler(db *sqlx.DB) http.Handler { } cookie := http.Cookie{} - cookie.Name = global.COOKIE_TOKEN + cookie.Name = model.COOKIE_TOKEN cookie.Value = token.Token cookie.Expires = token.ExpiresAt - if strings.HasPrefix(global.Config.BaseUrl, "https") { + if strings.HasPrefix(app.Config.BaseUrl, "https") { cookie.Secure = true } cookie.HttpOnly = true @@ -169,17 +167,17 @@ func LoginHandler(db *sqlx.DB) http.Handler { }) } -func LogoutHandler(db *sqlx.DB) http.Handler { +func LogoutHandler(app *model.AppState) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { if r.Method != http.MethodGet { http.NotFound(w, r) return } - tokenStr := controller.GetTokenFromRequest(db, r) + tokenStr := controller.GetTokenFromRequest(app.DB, r) if len(tokenStr) > 0 { - err := controller.DeleteToken(db, tokenStr) + err := controller.DeleteToken(app.DB, tokenStr) if err != nil { fmt.Fprintf(os.Stderr, "WARN: Failed to revoke token: %v\n", err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) @@ -188,10 +186,10 @@ func LogoutHandler(db *sqlx.DB) http.Handler { } cookie := http.Cookie{} - cookie.Name = global.COOKIE_TOKEN + cookie.Name = model.COOKIE_TOKEN cookie.Value = "" cookie.Expires = time.Now() - if strings.HasPrefix(global.Config.BaseUrl, "https") { + if strings.HasPrefix(app.Config.BaseUrl, "https") { cookie.Secure = true } cookie.HttpOnly = true @@ -201,9 +199,9 @@ func LogoutHandler(db *sqlx.DB) http.Handler { }) } -func createAccountHandler(db *sqlx.DB) http.Handler { +func createAccountHandler(app *model.AppState) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - checkAccount, err := controller.GetAccountByRequest(db, r) + checkAccount, err := controller.GetAccountByRequest(app.DB, r) if err != nil { fmt.Printf("WARN: Failed to fetch account: %s\n", err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) @@ -260,7 +258,7 @@ func createAccountHandler(db *sqlx.DB) http.Handler { } // make sure code exists in DB - invite, err := controller.GetInvite(db, credentials.Invite) + invite, err := controller.GetInvite(app.DB, credentials.Invite) if err != nil { fmt.Fprintf(os.Stderr, "WARN: Failed to retrieve invite: %v\n", err) render(CreateAccountResponse{ @@ -270,7 +268,7 @@ func createAccountHandler(db *sqlx.DB) http.Handler { } if invite == nil || time.Now().After(invite.ExpiresAt) { if invite != nil { - err := controller.DeleteInvite(db, invite.Code) + err := controller.DeleteInvite(app.DB, invite.Code) if err != nil { fmt.Fprintf(os.Stderr, "WARN: Failed to delete expired invite: %v\n", err) } } render(CreateAccountResponse{ @@ -294,7 +292,7 @@ func createAccountHandler(db *sqlx.DB) http.Handler { Email: credentials.Email, AvatarURL: "/img/default-avatar.png", } - err = controller.CreateAccount(db, &account) + err = controller.CreateAccount(app.DB, &account) if err != nil { if strings.HasPrefix(err.Error(), "pq: duplicate key") { render(CreateAccountResponse{ @@ -309,11 +307,11 @@ func createAccountHandler(db *sqlx.DB) http.Handler { return } - err = controller.DeleteInvite(db, invite.Code) + err = controller.DeleteInvite(app.DB, invite.Code) if err != nil { fmt.Fprintf(os.Stderr, "WARN: Failed to delete expired invite: %v\n", err) } // registration success! - token, err := controller.CreateToken(db, account.ID, r.UserAgent()) + token, err := controller.CreateToken(app.DB, account.ID, r.UserAgent()) if err != nil { fmt.Fprintf(os.Stderr, "WARN: Failed to create token: %v\n", err) // gracefully redirect user to login page @@ -322,10 +320,10 @@ func createAccountHandler(db *sqlx.DB) http.Handler { } cookie := http.Cookie{} - cookie.Name = global.COOKIE_TOKEN + cookie.Name = model.COOKIE_TOKEN cookie.Value = token.Token cookie.Expires = token.ExpiresAt - if strings.HasPrefix(global.Config.BaseUrl, "https") { + if strings.HasPrefix(app.Config.BaseUrl, "https") { cookie.Secure = true } cookie.HttpOnly = true diff --git a/admin/artisthttp.go b/admin/artisthttp.go index af42cb1..d6a5e76 100644 --- a/admin/artisthttp.go +++ b/admin/artisthttp.go @@ -5,16 +5,15 @@ import ( "net/http" "strings" - "arimelody-web/global" "arimelody-web/model" "arimelody-web/controller" ) -func serveArtist() http.Handler { +func serveArtist(app *model.AppState) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { slices := strings.Split(r.URL.Path[1:], "/") id := slices[0] - artist, err := controller.GetArtist(global.DB, id) + artist, err := controller.GetArtist(app.DB, id) if err != nil { if artist == nil { http.NotFound(w, r) @@ -25,7 +24,7 @@ func serveArtist() http.Handler { return } - credits, err := controller.GetArtistCredits(global.DB, artist.ID, true) + credits, err := controller.GetArtistCredits(app.DB, artist.ID, true) if err != nil { fmt.Printf("Error rendering admin track page for %s: %s\n", id, err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) diff --git a/admin/http.go b/admin/http.go index d118647..b44cfa9 100644 --- a/admin/http.go +++ b/admin/http.go @@ -9,28 +9,26 @@ import ( "arimelody-web/controller" "arimelody-web/model" - - "github.com/jmoiron/sqlx" ) -func Handler(db *sqlx.DB) http.Handler { +func Handler(app *model.AppState) http.Handler { mux := http.NewServeMux() - mux.Handle("/login", LoginHandler(db)) - mux.Handle("/register", createAccountHandler(db)) - mux.Handle("/logout", RequireAccount(db, LogoutHandler(db))) - mux.Handle("/account", RequireAccount(db, AccountHandler(db))) + mux.Handle("/login", LoginHandler(app)) + mux.Handle("/register", createAccountHandler(app)) + mux.Handle("/logout", RequireAccount(app, LogoutHandler(app))) + mux.Handle("/account", RequireAccount(app, AccountHandler(app))) mux.Handle("/static/", http.StripPrefix("/static", staticHandler())) - mux.Handle("/release/", RequireAccount(db, http.StripPrefix("/release", serveRelease()))) - mux.Handle("/artist/", RequireAccount(db, http.StripPrefix("/artist", serveArtist()))) - mux.Handle("/track/", RequireAccount(db, http.StripPrefix("/track", serveTrack()))) + mux.Handle("/release/", RequireAccount(app, http.StripPrefix("/release", serveRelease(app)))) + mux.Handle("/artist/", RequireAccount(app, http.StripPrefix("/artist", serveArtist(app)))) + mux.Handle("/track/", RequireAccount(app, http.StripPrefix("/track", serveTrack(app)))) mux.Handle("/", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { if r.URL.Path != "/" { http.NotFound(w, r) return } - account, err := controller.GetAccountByRequest(db, r) + account, err := controller.GetAccountByRequest(app.DB, r) if err != nil { fmt.Fprintf(os.Stderr, "WARN: Failed to fetch account: %s\n", err) } @@ -39,21 +37,21 @@ func Handler(db *sqlx.DB) http.Handler { return } - releases, err := controller.GetAllReleases(db, false, 0, true) + releases, err := controller.GetAllReleases(app.DB, false, 0, true) if err != nil { fmt.Fprintf(os.Stderr, "WARN: Failed to pull releases: %s\n", err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) return } - artists, err := controller.GetAllArtists(db) + artists, err := controller.GetAllArtists(app.DB) if err != nil { fmt.Fprintf(os.Stderr, "WARN: Failed to pull artists: %s\n", err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) return } - tracks, err := controller.GetOrphanTracks(db) + tracks, err := controller.GetOrphanTracks(app.DB) if err != nil { fmt.Fprintf(os.Stderr, "WARN: Failed to pull orphan tracks: %s\n", err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) @@ -83,9 +81,9 @@ func Handler(db *sqlx.DB) http.Handler { return mux } -func RequireAccount(db *sqlx.DB, next http.Handler) http.HandlerFunc { +func RequireAccount(app *model.AppState, next http.Handler) http.HandlerFunc { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - account, err := controller.GetAccountByRequest(db, r) + account, err := controller.GetAccountByRequest(app.DB, r) if err != nil { http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) fmt.Fprintf(os.Stderr, "WARN: Failed to fetch account: %v\n", err) diff --git a/admin/releasehttp.go b/admin/releasehttp.go index 9132fe8..503166b 100644 --- a/admin/releasehttp.go +++ b/admin/releasehttp.go @@ -5,19 +5,18 @@ import ( "net/http" "strings" - "arimelody-web/global" "arimelody-web/controller" "arimelody-web/model" ) -func serveRelease() http.Handler { +func serveRelease(app *model.AppState) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { slices := strings.Split(r.URL.Path[1:], "/") releaseID := slices[0] account := r.Context().Value("account").(*model.Account) - release, err := controller.GetRelease(global.DB, releaseID, true) + release, err := controller.GetRelease(app.DB, releaseID, true) if err != nil { if strings.Contains(err.Error(), "no rows") { http.NotFound(w, r) @@ -34,10 +33,10 @@ func serveRelease() http.Handler { serveEditCredits(release).ServeHTTP(w, r) return case "addcredit": - serveAddCredit(release).ServeHTTP(w, r) + serveAddCredit(app, release).ServeHTTP(w, r) return case "newcredit": - serveNewCredit().ServeHTTP(w, r) + serveNewCredit(app).ServeHTTP(w, r) return case "editlinks": serveEditLinks(release).ServeHTTP(w, r) @@ -46,10 +45,10 @@ func serveRelease() http.Handler { serveEditTracks(release).ServeHTTP(w, r) return case "addtrack": - serveAddTrack(release).ServeHTTP(w, r) + serveAddTrack(app, release).ServeHTTP(w, r) return case "newtrack": - serveNewTrack().ServeHTTP(w, r) + serveNewTrack(app).ServeHTTP(w, r) return } http.NotFound(w, r) @@ -83,9 +82,9 @@ func serveEditCredits(release *model.Release) http.Handler { }) } -func serveAddCredit(release *model.Release) http.Handler { +func serveAddCredit(app *model.AppState, release *model.Release) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - artists, err := controller.GetArtistsNotOnRelease(global.DB, release.ID) + artists, err := controller.GetArtistsNotOnRelease(app.DB, release.ID) if err != nil { fmt.Printf("FATAL: Failed to pull artists not on %s: %s\n", release.ID, err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) @@ -109,10 +108,10 @@ func serveAddCredit(release *model.Release) http.Handler { }) } -func serveNewCredit() http.Handler { +func serveNewCredit(app *model.AppState) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { artistID := strings.Split(r.URL.Path, "/")[3] - artist, err := controller.GetArtist(global.DB, artistID) + artist, err := controller.GetArtist(app.DB, artistID) if err != nil { fmt.Printf("FATAL: Failed to pull artists %s: %s\n", artistID, err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) @@ -154,9 +153,9 @@ func serveEditTracks(release *model.Release) http.Handler { }) } -func serveAddTrack(release *model.Release) http.Handler { +func serveAddTrack(app *model.AppState, release *model.Release) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - tracks, err := controller.GetTracksNotOnRelease(global.DB, release.ID) + tracks, err := controller.GetTracksNotOnRelease(app.DB, release.ID) if err != nil { fmt.Printf("FATAL: Failed to pull tracks not on %s: %s\n", release.ID, err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) @@ -181,10 +180,10 @@ func serveAddTrack(release *model.Release) http.Handler { }) } -func serveNewTrack() http.Handler { +func serveNewTrack(app *model.AppState) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { trackID := strings.Split(r.URL.Path, "/")[3] - track, err := controller.GetTrack(global.DB, trackID) + track, err := controller.GetTrack(app.DB, trackID) if err != nil { fmt.Printf("Error rendering new track component for %s: %s\n", trackID, err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) diff --git a/admin/trackhttp.go b/admin/trackhttp.go index 2cea123..fa49b53 100644 --- a/admin/trackhttp.go +++ b/admin/trackhttp.go @@ -5,16 +5,15 @@ import ( "net/http" "strings" - "arimelody-web/global" "arimelody-web/model" "arimelody-web/controller" ) -func serveTrack() http.Handler { +func serveTrack(app *model.AppState) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { slices := strings.Split(r.URL.Path[1:], "/") id := slices[0] - track, err := controller.GetTrack(global.DB, id) + track, err := controller.GetTrack(app.DB, id) if err != nil { fmt.Printf("Error rendering admin track page for %s: %s\n", id, err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) @@ -25,7 +24,7 @@ func serveTrack() http.Handler { return } - releases, err := controller.GetTrackReleases(global.DB, track.ID, true) + releases, err := controller.GetTrackReleases(app.DB, track.ID, true) if err != nil { fmt.Printf("FATAL: Failed to pull releases for %s: %s\n", id, err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) diff --git a/api/account.go b/api/account.go index 3ce52c8..0a9a7f9 100644 --- a/api/account.go +++ b/api/account.go @@ -3,7 +3,6 @@ package api import ( "arimelody-web/controller" "arimelody-web/model" - "arimelody-web/global" "encoding/json" "fmt" "net/http" @@ -14,7 +13,7 @@ import ( "golang.org/x/crypto/bcrypt" ) -func handleLogin() http.HandlerFunc { +func handleLogin(app *model.AppState) http.HandlerFunc { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { if r.Method != http.MethodPost { http.NotFound(w, r) @@ -33,7 +32,7 @@ func handleLogin() http.HandlerFunc { return } - account, err := controller.GetAccount(global.DB, credentials.Username) + account, err := controller.GetAccount(app.DB, credentials.Username) if err != nil { fmt.Fprintf(os.Stderr, "WARN: Failed to retrieve account: %v\n", err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) @@ -50,7 +49,7 @@ func handleLogin() http.HandlerFunc { return } - token, err := controller.CreateToken(global.DB, account.ID, r.UserAgent()) + token, err := controller.CreateToken(app.DB, account.ID, r.UserAgent()) type LoginResponse struct { Token string `json:"token"` ExpiresAt time.Time `json:"expires_at"` @@ -67,7 +66,7 @@ func handleLogin() http.HandlerFunc { }) } -func handleAccountRegistration() http.HandlerFunc { +func handleAccountRegistration(app *model.AppState) http.HandlerFunc { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { if r.Method != http.MethodPost { http.NotFound(w, r) @@ -89,7 +88,7 @@ func handleAccountRegistration() http.HandlerFunc { } // make sure code exists in DB - invite, err := controller.GetInvite(global.DB, credentials.Invite) + invite, err := controller.GetInvite(app.DB, credentials.Invite) if err != nil { fmt.Fprintf(os.Stderr, "WARN: Failed to retrieve invite: %v\n", err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) @@ -101,7 +100,7 @@ func handleAccountRegistration() http.HandlerFunc { } if time.Now().After(invite.ExpiresAt) { - err := controller.DeleteInvite(global.DB, invite.Code) + err := controller.DeleteInvite(app.DB, invite.Code) if err != nil { fmt.Fprintf(os.Stderr, "WARN: Failed to delete expired invite: %v\n", err) } http.Error(w, "Invalid invite code", http.StatusBadRequest) return @@ -120,7 +119,7 @@ func handleAccountRegistration() http.HandlerFunc { Email: credentials.Email, AvatarURL: "/img/default-avatar.png", } - err = controller.CreateAccount(global.DB, &account) + err = controller.CreateAccount(app.DB, &account) if err != nil { if strings.HasPrefix(err.Error(), "pq: duplicate key") { http.Error(w, "An account with that username already exists", http.StatusBadRequest) @@ -131,10 +130,10 @@ func handleAccountRegistration() http.HandlerFunc { return } - err = controller.DeleteInvite(global.DB, invite.Code) + err = controller.DeleteInvite(app.DB, invite.Code) if err != nil { fmt.Fprintf(os.Stderr, "WARN: Failed to delete expired invite: %v\n", err) } - token, err := controller.CreateToken(global.DB, account.ID, r.UserAgent()) + token, err := controller.CreateToken(app.DB, account.ID, r.UserAgent()) type LoginResponse struct { Token string `json:"token"` ExpiresAt time.Time `json:"expires_at"` @@ -151,7 +150,7 @@ func handleAccountRegistration() http.HandlerFunc { }) } -func handleDeleteAccount() http.HandlerFunc { +func handleDeleteAccount(app *model.AppState) http.HandlerFunc { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { if r.Method != http.MethodPost { http.NotFound(w, r) @@ -170,7 +169,7 @@ func handleDeleteAccount() http.HandlerFunc { return } - account, err := controller.GetAccount(global.DB, credentials.Username) + account, err := controller.GetAccount(app.DB, credentials.Username) if err != nil { if strings.Contains(err.Error(), "no rows") { http.Error(w, "Invalid username or password", http.StatusBadRequest) @@ -189,7 +188,7 @@ func handleDeleteAccount() http.HandlerFunc { // TODO: check TOTP - err = controller.DeleteAccount(global.DB, account.Username) + err = controller.DeleteAccount(app.DB, account.Username) if err != nil { fmt.Fprintf(os.Stderr, "WARN: Failed to delete account: %v\n", err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) diff --git a/api/api.go b/api/api.go index 26e2255..b16d45d 100644 --- a/api/api.go +++ b/api/api.go @@ -7,11 +7,10 @@ import ( "arimelody-web/admin" "arimelody-web/controller" - - "github.com/jmoiron/sqlx" + "arimelody-web/model" ) -func Handler(db *sqlx.DB) http.Handler { +func Handler(app *model.AppState) http.Handler { mux := http.NewServeMux() // ACCOUNT ENDPOINTS @@ -32,7 +31,7 @@ func Handler(db *sqlx.DB) http.Handler { mux.Handle("/v1/artist/", http.StripPrefix("/v1/artist", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { var artistID = strings.Split(r.URL.Path[1:], "/")[0] - artist, err := controller.GetArtist(db, artistID) + artist, err := controller.GetArtist(app.DB, artistID) if err != nil { if strings.Contains(err.Error(), "no rows") { http.NotFound(w, r) @@ -46,13 +45,13 @@ func Handler(db *sqlx.DB) http.Handler { switch r.Method { case http.MethodGet: // GET /api/v1/artist/{id} - ServeArtist(artist).ServeHTTP(w, r) + ServeArtist(app, artist).ServeHTTP(w, r) case http.MethodPut: // PUT /api/v1/artist/{id} (admin) - admin.RequireAccount(db, UpdateArtist(artist)).ServeHTTP(w, r) + admin.RequireAccount(app, UpdateArtist(app, artist)).ServeHTTP(w, r) case http.MethodDelete: // DELETE /api/v1/artist/{id} (admin) - admin.RequireAccount(db, DeleteArtist(artist)).ServeHTTP(w, r) + admin.RequireAccount(app, DeleteArtist(app, artist)).ServeHTTP(w, r) default: http.NotFound(w, r) } @@ -61,10 +60,10 @@ func Handler(db *sqlx.DB) http.Handler { switch r.Method { case http.MethodGet: // GET /api/v1/artist - ServeAllArtists().ServeHTTP(w, r) + ServeAllArtists(app).ServeHTTP(w, r) case http.MethodPost: // POST /api/v1/artist (admin) - admin.RequireAccount(db, CreateArtist()).ServeHTTP(w, r) + admin.RequireAccount(app, CreateArtist(app)).ServeHTTP(w, r) default: http.NotFound(w, r) } @@ -74,7 +73,7 @@ func Handler(db *sqlx.DB) http.Handler { mux.Handle("/v1/music/", http.StripPrefix("/v1/music", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { var releaseID = strings.Split(r.URL.Path[1:], "/")[0] - release, err := controller.GetRelease(db, releaseID, true) + release, err := controller.GetRelease(app.DB, releaseID, true) if err != nil { if strings.Contains(err.Error(), "no rows") { http.NotFound(w, r) @@ -88,13 +87,13 @@ func Handler(db *sqlx.DB) http.Handler { switch r.Method { case http.MethodGet: // GET /api/v1/music/{id} - ServeRelease(release).ServeHTTP(w, r) + ServeRelease(app, release).ServeHTTP(w, r) case http.MethodPut: // PUT /api/v1/music/{id} (admin) - admin.RequireAccount(db, UpdateRelease(release)).ServeHTTP(w, r) + admin.RequireAccount(app, UpdateRelease(app, release)).ServeHTTP(w, r) case http.MethodDelete: // DELETE /api/v1/music/{id} (admin) - admin.RequireAccount(db, DeleteRelease(release)).ServeHTTP(w, r) + admin.RequireAccount(app, DeleteRelease(app, release)).ServeHTTP(w, r) default: http.NotFound(w, r) } @@ -103,10 +102,10 @@ func Handler(db *sqlx.DB) http.Handler { switch r.Method { case http.MethodGet: // GET /api/v1/music - ServeCatalog().ServeHTTP(w, r) + ServeCatalog(app).ServeHTTP(w, r) case http.MethodPost: // POST /api/v1/music (admin) - admin.RequireAccount(db, CreateRelease()).ServeHTTP(w, r) + admin.RequireAccount(app, CreateRelease(app)).ServeHTTP(w, r) default: http.NotFound(w, r) } @@ -116,7 +115,7 @@ func Handler(db *sqlx.DB) http.Handler { mux.Handle("/v1/track/", http.StripPrefix("/v1/track", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { var trackID = strings.Split(r.URL.Path[1:], "/")[0] - track, err := controller.GetTrack(db, trackID) + track, err := controller.GetTrack(app.DB, trackID) if err != nil { if strings.Contains(err.Error(), "no rows") { http.NotFound(w, r) @@ -130,13 +129,13 @@ func Handler(db *sqlx.DB) http.Handler { switch r.Method { case http.MethodGet: // GET /api/v1/track/{id} (admin) - admin.RequireAccount(db, ServeTrack(track)).ServeHTTP(w, r) + admin.RequireAccount(app, ServeTrack(app, track)).ServeHTTP(w, r) case http.MethodPut: // PUT /api/v1/track/{id} (admin) - admin.RequireAccount(db, UpdateTrack(track)).ServeHTTP(w, r) + admin.RequireAccount(app, UpdateTrack(app, track)).ServeHTTP(w, r) case http.MethodDelete: // DELETE /api/v1/track/{id} (admin) - admin.RequireAccount(db, DeleteTrack(track)).ServeHTTP(w, r) + admin.RequireAccount(app, DeleteTrack(app, track)).ServeHTTP(w, r) default: http.NotFound(w, r) } @@ -145,10 +144,10 @@ func Handler(db *sqlx.DB) http.Handler { switch r.Method { case http.MethodGet: // GET /api/v1/track (admin) - admin.RequireAccount(db, ServeAllTracks()).ServeHTTP(w, r) + admin.RequireAccount(app, ServeAllTracks(app)).ServeHTTP(w, r) case http.MethodPost: // POST /api/v1/track (admin) - admin.RequireAccount(db, CreateTrack()).ServeHTTP(w, r) + admin.RequireAccount(app, CreateTrack(app)).ServeHTTP(w, r) default: http.NotFound(w, r) } diff --git a/api/artist.go b/api/artist.go index c46db59..a9676b1 100644 --- a/api/artist.go +++ b/api/artist.go @@ -10,15 +10,14 @@ import ( "strings" "time" - "arimelody-web/global" "arimelody-web/controller" "arimelody-web/model" ) -func ServeAllArtists() http.Handler { +func ServeAllArtists(app *model.AppState) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { var artists = []*model.Artist{} - artists, err := controller.GetAllArtists(global.DB) + artists, err := controller.GetAllArtists(app.DB) if err != nil { fmt.Printf("WARN: Failed to serve all artists: %s\n", err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) @@ -35,7 +34,7 @@ func ServeAllArtists() http.Handler { }) } -func ServeArtist(artist *model.Artist) http.Handler { +func ServeArtist(app *model.AppState, artist *model.Artist) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { type ( creditJSON struct { @@ -52,7 +51,7 @@ func ServeArtist(artist *model.Artist) http.Handler { } ) - account, err := controller.GetAccountByRequest(global.DB, r) + account, err := controller.GetAccountByRequest(app.DB, r) if err != nil { fmt.Fprintf(os.Stderr, "WARN: Failed to fetch account: %v\n", err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) @@ -60,7 +59,7 @@ func ServeArtist(artist *model.Artist) http.Handler { } show_hidden_releases := account != nil - dbCredits, err := controller.GetArtistCredits(global.DB, artist.ID, show_hidden_releases) + dbCredits, err := controller.GetArtistCredits(app.DB, artist.ID, show_hidden_releases) if err != nil { fmt.Printf("WARN: Failed to retrieve artist credits for %s: %v\n", artist.ID, err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) @@ -92,7 +91,7 @@ func ServeArtist(artist *model.Artist) http.Handler { }) } -func CreateArtist() http.Handler { +func CreateArtist(app *model.AppState) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { var artist model.Artist err := json.NewDecoder(r.Body).Decode(&artist) @@ -107,7 +106,7 @@ func CreateArtist() http.Handler { } if artist.Name == "" { artist.Name = artist.ID } - err = controller.CreateArtist(global.DB, &artist) + err = controller.CreateArtist(app.DB, &artist) if err != nil { if strings.Contains(err.Error(), "duplicate key") { http.Error(w, fmt.Sprintf("Artist %s already exists\n", artist.ID), http.StatusBadRequest) @@ -122,7 +121,7 @@ func CreateArtist() http.Handler { }) } -func UpdateArtist(artist *model.Artist) http.Handler { +func UpdateArtist(app *model.AppState, artist *model.Artist) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { err := json.NewDecoder(r.Body).Decode(&artist) if err != nil { @@ -136,7 +135,7 @@ func UpdateArtist(artist *model.Artist) http.Handler { } else { if strings.Contains(artist.Avatar, ";base64,") { var artworkDirectory = filepath.Join("uploads", "avatar") - filename, err := HandleImageUpload(&artist.Avatar, artworkDirectory, artist.ID) + filename, err := HandleImageUpload(app, &artist.Avatar, artworkDirectory, artist.ID) // clean up files with this ID and different extensions err = filepath.Walk(artworkDirectory, func(path string, info fs.FileInfo, err error) error { @@ -155,7 +154,7 @@ func UpdateArtist(artist *model.Artist) http.Handler { } } - err = controller.UpdateArtist(global.DB, artist) + err = controller.UpdateArtist(app.DB, artist) if err != nil { if strings.Contains(err.Error(), "no rows") { http.NotFound(w, r) @@ -167,9 +166,9 @@ func UpdateArtist(artist *model.Artist) http.Handler { }) } -func DeleteArtist(artist *model.Artist) http.Handler { +func DeleteArtist(app *model.AppState, artist *model.Artist) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - err := controller.DeleteArtist(global.DB, artist.ID) + err := controller.DeleteArtist(app.DB, artist.ID) if err != nil { if strings.Contains(err.Error(), "no rows") { http.NotFound(w, r) diff --git a/api/release.go b/api/release.go index d17fb5f..c71043e 100644 --- a/api/release.go +++ b/api/release.go @@ -10,17 +10,16 @@ import ( "strings" "time" - "arimelody-web/global" "arimelody-web/controller" "arimelody-web/model" ) -func ServeRelease(release *model.Release) http.Handler { +func ServeRelease(app *model.AppState, release *model.Release) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { // only allow authorised users to view hidden releases privileged := false if !release.Visible { - account, err := controller.GetAccountByRequest(global.DB, r) + account, err := controller.GetAccountByRequest(app.DB, r) if err != nil { fmt.Fprintf(os.Stderr, "WARN: Failed to fetch account: %v\n", err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) @@ -67,14 +66,14 @@ func ServeRelease(release *model.Release) http.Handler { if release.IsReleased() || privileged { // get credits - credits, err := controller.GetReleaseCredits(global.DB, release.ID) + credits, err := controller.GetReleaseCredits(app.DB, release.ID) if err != nil { fmt.Printf("WARN: Failed to serve release %s: Credits: %s\n", release.ID, err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) return } for _, credit := range credits { - artist, err := controller.GetArtist(global.DB, credit.Artist.ID) + artist, err := controller.GetArtist(app.DB, credit.Artist.ID) if err != nil { fmt.Printf("WARN: Failed to serve release %s: Artists: %s\n", release.ID, err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) @@ -89,7 +88,7 @@ func ServeRelease(release *model.Release) http.Handler { } // get tracks - tracks, err := controller.GetReleaseTracks(global.DB, release.ID) + tracks, err := controller.GetReleaseTracks(app.DB, release.ID) if err != nil { fmt.Printf("WARN: Failed to serve release %s: Tracks: %s\n", release.ID, err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) @@ -104,7 +103,7 @@ func ServeRelease(release *model.Release) http.Handler { } // get links - links, err := controller.GetReleaseLinks(global.DB, release.ID) + links, err := controller.GetReleaseLinks(app.DB, release.ID) if err != nil { fmt.Printf("WARN: Failed to serve release %s: Links: %s\n", release.ID, err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) @@ -126,9 +125,9 @@ func ServeRelease(release *model.Release) http.Handler { }) } -func ServeCatalog() http.Handler { +func ServeCatalog(app *model.AppState) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - releases, err := controller.GetAllReleases(global.DB, false, 0, true) + releases, err := controller.GetAllReleases(app.DB, false, 0, true) if err != nil { http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) return @@ -146,7 +145,7 @@ func ServeCatalog() http.Handler { } catalog := []Release{} - account, err := controller.GetAccountByRequest(global.DB, r) + account, err := controller.GetAccountByRequest(app.DB, r) if err != nil { fmt.Fprintf(os.Stderr, "WARN: Failed to fetch account: %v\n", err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) @@ -192,7 +191,7 @@ func ServeCatalog() http.Handler { }) } -func CreateRelease() http.Handler { +func CreateRelease(app *model.AppState) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { if r.Method != http.MethodPost { http.NotFound(w, r) @@ -220,7 +219,7 @@ func CreateRelease() http.Handler { if release.Artwork == "" { release.Artwork = "/img/default-cover-art.png" } - err = controller.CreateRelease(global.DB, &release) + err = controller.CreateRelease(app.DB, &release) if err != nil { if strings.Contains(err.Error(), "duplicate key") { http.Error(w, fmt.Sprintf("Release %s already exists\n", release.ID), http.StatusBadRequest) @@ -243,7 +242,7 @@ func CreateRelease() http.Handler { }) } -func UpdateRelease(release *model.Release) http.Handler { +func UpdateRelease(app *model.AppState, release *model.Release) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { if r.URL.Path == "/" { http.NotFound(w, r) @@ -255,11 +254,11 @@ func UpdateRelease(release *model.Release) http.Handler { if len(segments) == 2 { switch segments[1] { case "tracks": - UpdateReleaseTracks(release).ServeHTTP(w, r) + UpdateReleaseTracks(app, release).ServeHTTP(w, r) case "credits": - UpdateReleaseCredits(release).ServeHTTP(w, r) + UpdateReleaseCredits(app, release).ServeHTTP(w, r) case "links": - UpdateReleaseLinks(release).ServeHTTP(w, r) + UpdateReleaseLinks(app, release).ServeHTTP(w, r) } return } @@ -281,7 +280,7 @@ func UpdateRelease(release *model.Release) http.Handler { } else { if strings.Contains(release.Artwork, ";base64,") { var artworkDirectory = filepath.Join("uploads", "musicart") - filename, err := HandleImageUpload(&release.Artwork, artworkDirectory, release.ID) + filename, err := HandleImageUpload(app, &release.Artwork, artworkDirectory, release.ID) // clean up files with this ID and different extensions err = filepath.Walk(artworkDirectory, func(path string, info fs.FileInfo, err error) error { @@ -300,7 +299,7 @@ func UpdateRelease(release *model.Release) http.Handler { } } - err = controller.UpdateRelease(global.DB, release) + err = controller.UpdateRelease(app.DB, release) if err != nil { if strings.Contains(err.Error(), "no rows") { http.NotFound(w, r) @@ -312,7 +311,7 @@ func UpdateRelease(release *model.Release) http.Handler { }) } -func UpdateReleaseTracks(release *model.Release) http.Handler { +func UpdateReleaseTracks(app *model.AppState, release *model.Release) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { var trackIDs = []string{} err := json.NewDecoder(r.Body).Decode(&trackIDs) @@ -321,7 +320,7 @@ func UpdateReleaseTracks(release *model.Release) http.Handler { return } - err = controller.UpdateReleaseTracks(global.DB, release.ID, trackIDs) + err = controller.UpdateReleaseTracks(app.DB, release.ID, trackIDs) if err != nil { if strings.Contains(err.Error(), "no rows") { http.NotFound(w, r) @@ -333,7 +332,7 @@ func UpdateReleaseTracks(release *model.Release) http.Handler { }) } -func UpdateReleaseCredits(release *model.Release) http.Handler { +func UpdateReleaseCredits(app *model.AppState, release *model.Release) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { type creditJSON struct { Artist string @@ -358,7 +357,7 @@ func UpdateReleaseCredits(release *model.Release) http.Handler { }) } - err = controller.UpdateReleaseCredits(global.DB, release.ID, credits) + err = controller.UpdateReleaseCredits(app.DB, release.ID, credits) if err != nil { if strings.Contains(err.Error(), "duplicate key") { http.Error(w, "Artists may only be credited once\n", http.StatusBadRequest) @@ -374,7 +373,7 @@ func UpdateReleaseCredits(release *model.Release) http.Handler { }) } -func UpdateReleaseLinks(release *model.Release) http.Handler { +func UpdateReleaseLinks(app *model.AppState, release *model.Release) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { if r.Method != http.MethodPut { http.NotFound(w, r) @@ -388,7 +387,7 @@ func UpdateReleaseLinks(release *model.Release) http.Handler { return } - err = controller.UpdateReleaseLinks(global.DB, release.ID, links) + err = controller.UpdateReleaseLinks(app.DB, release.ID, links) if err != nil { if strings.Contains(err.Error(), "no rows") { http.NotFound(w, r) @@ -400,9 +399,9 @@ func UpdateReleaseLinks(release *model.Release) http.Handler { }) } -func DeleteRelease(release *model.Release) http.Handler { +func DeleteRelease(app *model.AppState, release *model.Release) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - err := controller.DeleteRelease(global.DB, release.ID) + err := controller.DeleteRelease(app.DB, release.ID) if err != nil { if strings.Contains(err.Error(), "no rows") { http.NotFound(w, r) diff --git a/api/track.go b/api/track.go index 8727b4f..c342e08 100644 --- a/api/track.go +++ b/api/track.go @@ -5,7 +5,6 @@ import ( "fmt" "net/http" - "arimelody-web/global" "arimelody-web/controller" "arimelody-web/model" ) @@ -17,7 +16,7 @@ type ( } ) -func ServeAllTracks() http.Handler { +func ServeAllTracks(app *model.AppState) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { type Track struct { ID string `json:"id"` @@ -26,7 +25,7 @@ func ServeAllTracks() http.Handler { var tracks = []Track{} var dbTracks = []*model.Track{} - dbTracks, err := controller.GetAllTracks(global.DB) + dbTracks, err := controller.GetAllTracks(app.DB) if err != nil { fmt.Printf("WARN: Failed to pull tracks from DB: %s\n", err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) @@ -50,9 +49,9 @@ func ServeAllTracks() http.Handler { }) } -func ServeTrack(track *model.Track) http.Handler { +func ServeTrack(app *model.AppState, track *model.Track) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - dbReleases, err := controller.GetTrackReleases(global.DB, track.ID, false) + dbReleases, err := controller.GetTrackReleases(app.DB, track.ID, false) if err != nil { fmt.Printf("WARN: Failed to pull track releases for %s from DB: %s\n", track.ID, err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) @@ -74,7 +73,7 @@ func ServeTrack(track *model.Track) http.Handler { }) } -func CreateTrack() http.Handler { +func CreateTrack(app *model.AppState) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { if r.Method != http.MethodPost { http.NotFound(w, r) @@ -93,7 +92,7 @@ func CreateTrack() http.Handler { return } - id, err := controller.CreateTrack(global.DB, &track) + id, err := controller.CreateTrack(app.DB, &track) if err != nil { fmt.Printf("WARN: Failed to create track: %s\n", err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) @@ -106,7 +105,7 @@ func CreateTrack() http.Handler { }) } -func UpdateTrack(track *model.Track) http.Handler { +func UpdateTrack(app *model.AppState, track *model.Track) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { if r.Method != http.MethodPut || r.URL.Path == "/" { http.NotFound(w, r) @@ -124,7 +123,7 @@ func UpdateTrack(track *model.Track) http.Handler { return } - err = controller.UpdateTrack(global.DB, track) + err = controller.UpdateTrack(app.DB, track) if err != nil { fmt.Printf("WARN: Failed to update track %s: %s\n", track.ID, err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) @@ -141,7 +140,7 @@ func UpdateTrack(track *model.Track) http.Handler { }) } -func DeleteTrack(track *model.Track) http.Handler { +func DeleteTrack(app *model.AppState, track *model.Track) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { if r.Method != http.MethodDelete || r.URL.Path == "/" { http.NotFound(w, r) @@ -149,7 +148,7 @@ func DeleteTrack(track *model.Track) http.Handler { } var trackID = r.URL.Path[1:] - err := controller.DeleteTrack(global.DB, trackID) + err := controller.DeleteTrack(app.DB, trackID) if err != nil { fmt.Printf("WARN: Failed to delete track %s: %s\n", trackID, err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) diff --git a/api/uploads.go b/api/uploads.go index 6b1c496..ddcf6ee 100644 --- a/api/uploads.go +++ b/api/uploads.go @@ -1,7 +1,7 @@ package api import ( - "arimelody-web/global" + "arimelody-web/model" "bufio" "encoding/base64" "errors" @@ -11,12 +11,12 @@ import ( "strings" ) -func HandleImageUpload(data *string, directory string, filename string) (string, error) { +func HandleImageUpload(app *model.AppState, data *string, directory string, filename string) (string, error) { split := strings.Split(*data, ";base64,") header := split[0] imageData, err := base64.StdEncoding.DecodeString(split[1]) ext, _ := strings.CutPrefix(header, "data:image/") - directory = filepath.Join(global.Config.DataDirectory, directory) + directory = filepath.Join(app.Config.DataDirectory, directory) switch ext { case "png": diff --git a/controller/account.go b/controller/account.go index 3547d35..044faec 100644 --- a/controller/account.go +++ b/controller/account.go @@ -1,7 +1,6 @@ package controller import ( - "arimelody-web/global" "arimelody-web/model" "errors" "fmt" @@ -72,7 +71,7 @@ func GetTokenFromRequest(db *sqlx.DB, r *http.Request) string { return tokenStr } - cookie, err := r.Cookie(global.COOKIE_TOKEN) + cookie, err := r.Cookie(model.COOKIE_TOKEN) if err != nil { return "" } diff --git a/controller/artist.go b/controller/artist.go index c52b78d..1a613aa 100644 --- a/controller/artist.go +++ b/controller/artist.go @@ -2,6 +2,7 @@ package controller import ( "arimelody-web/model" + "github.com/jmoiron/sqlx" ) diff --git a/global/config.go b/controller/config.go similarity index 65% rename from global/config.go rename to controller/config.go index 20e152f..28d4be4 100644 --- a/global/config.go +++ b/controller/config.go @@ -1,4 +1,4 @@ -package global +package controller import ( "errors" @@ -6,44 +6,21 @@ import ( "os" "strconv" - "github.com/jmoiron/sqlx" + "arimelody-web/model" + "github.com/pelletier/go-toml/v2" ) -type ( - dbConfig struct { - Host string `toml:"host"` - Port int64 `toml:"port"` - Name string `toml:"name"` - User string `toml:"user"` - Pass string `toml:"pass"` - } - - discordConfig struct { - AdminID string `toml:"admin_id" comment:"NOTE: admin_id to be deprecated in favour of local accounts and SSO."` - ClientID string `toml:"client_id"` - Secret string `toml:"secret"` - } - - config struct { - BaseUrl string `toml:"base_url" comment:"Used for OAuth redirects."` - Port int64 `toml:"port"` - DataDirectory string `toml:"data_dir"` - DB dbConfig `toml:"db"` - Discord discordConfig `toml:"discord"` - } -) - -var Config = func() config { +func GetConfig() model.Config { configFile := os.Getenv("ARIMELODY_CONFIG") if configFile == "" { configFile = "config.toml" } - config := config{ + config := model.Config{ BaseUrl: "https://arimelody.me", Port: 8080, - DB: dbConfig{ + DB: model.DBConfig{ Host: "127.0.0.1", Port: 5432, User: "arimelody", @@ -63,20 +40,18 @@ var Config = func() config { err = toml.Unmarshal([]byte(data), &config) if err != nil { - fmt.Fprintf(os.Stderr, "FATAL: Failed to parse configuration file: %v\n", err) - os.Exit(1) + panic(fmt.Sprintf("FATAL: Failed to parse configuration file: %v\n", err)) } err = handleConfigOverrides(&config) if err != nil { - fmt.Fprintf(os.Stderr, "FATAL: Failed to parse environment variable %v\n", err) - os.Exit(1) + panic(fmt.Sprintf("FATAL: Failed to parse environment variable %v\n", err)) } return config -}() +} -func handleConfigOverrides(config *config) error { +func handleConfigOverrides(config *model.Config) error { var err error if env, has := os.LookupEnv("ARIMELODY_BASE_URL"); has { config.BaseUrl = env } @@ -101,5 +76,3 @@ func handleConfigOverrides(config *config) error { return nil } - -var DB *sqlx.DB diff --git a/controller/release.go b/controller/release.go index c9791ac..362669a 100644 --- a/controller/release.go +++ b/controller/release.go @@ -5,6 +5,7 @@ import ( "fmt" "arimelody-web/model" + "github.com/jmoiron/sqlx" ) diff --git a/controller/track.go b/controller/track.go index d302045..fa4efc1 100644 --- a/controller/track.go +++ b/controller/track.go @@ -2,6 +2,7 @@ package controller import ( "arimelody-web/model" + "github.com/jmoiron/sqlx" ) diff --git a/discord/discord.go b/discord/discord.go index 8952c85..d46f32d 100644 --- a/discord/discord.go +++ b/discord/discord.go @@ -1,38 +1,17 @@ package discord import ( + "arimelody-web/model" "encoding/json" "errors" "fmt" "net/http" "net/url" "strings" - - "arimelody-web/global" ) const API_ENDPOINT = "https://discord.com/api/v10" -var CREDENTIALS_PROVIDED = true -var CLIENT_ID = func() string { - id := global.Config.Discord.ClientID - if id == "" { - // fmt.Printf("WARN: Discord client ID (DISCORD_CLIENT) was not provided.\n") - CREDENTIALS_PROVIDED = false - } - return id -}() -var CLIENT_SECRET = func() string { - secret := global.Config.Discord.Secret - if secret == "" { - // fmt.Printf("WARN: Discord secret (DISCORD_SECRET) was not provided.\n") - CREDENTIALS_PROVIDED = false - } - return secret -}() -var OAUTH_CALLBACK_URI = fmt.Sprintf("%s/admin/login", global.Config.BaseUrl) -var REDIRECT_URI = fmt.Sprintf("https://discord.com/oauth2/authorize?client_id=%s&response_type=code&redirect_uri=%s&scope=identify", CLIENT_ID, OAUTH_CALLBACK_URI) - type ( AccessTokenResponse struct { AccessToken string `json:"access_token"` @@ -68,15 +47,15 @@ type ( } ) -func GetOAuthTokenFromCode(code string) (string, error) { +func GetOAuthTokenFromCode(app *model.AppState, code string) (string, error) { // let's get an oauth token! req, err := http.NewRequest(http.MethodPost, fmt.Sprintf("%s/oauth2/token", API_ENDPOINT), strings.NewReader(url.Values{ - "client_id": {CLIENT_ID}, - "client_secret": {CLIENT_SECRET}, + "client_id": {app.Config.Discord.ClientID}, + "client_secret": {app.Config.Discord.Secret}, "grant_type": {"authorization_code"}, "code": {code}, - "redirect_uri": {OAUTH_CALLBACK_URI}, + "redirect_uri": {GetOAuthCallbackURI(app.Config.BaseUrl)}, }.Encode())) req.Header.Add("Content-Type", "application/x-www-form-urlencoded") @@ -115,3 +94,15 @@ func GetDiscordUserFromAuth(token string) (DiscordUser, error) { return auth_info.User, nil } + +func GetOAuthCallbackURI(baseURL string) string { + return fmt.Sprintf("%s/admin/login", baseURL) +} + +func GetRedirectURI(app *model.AppState) string { + return fmt.Sprintf( + "https://discord.com/oauth2/authorize?client_id=%s&response_type=code&redirect_uri=%s&scope=identify", + app.Config.Discord.ClientID, + GetOAuthCallbackURI(app.Config.BaseUrl), + ) +} diff --git a/global/const.go b/global/const.go deleted file mode 100644 index 157668d..0000000 --- a/global/const.go +++ /dev/null @@ -1,3 +0,0 @@ -package global - -const COOKIE_TOKEN string = "AM_TOKEN" diff --git a/global/funcs.go b/global/funcs.go deleted file mode 100644 index 49edb01..0000000 --- a/global/funcs.go +++ /dev/null @@ -1,101 +0,0 @@ -package global - -import ( - "fmt" - "math/rand" - "net/http" - "strconv" - "time" - - "arimelody-web/colour" -) - -var PoweredByStrings = []string{ - "nerd rage", - "estrogen", - "your mother", - "awesome powers beyond comprehension", - "jared", - "the weight of my sins", - "the arc reactor", - "AA batteries", - "15 euro solar panel from ebay", - "magnets, how do they work", - "a fax machine", - "dell optiplex", - "a trans girl's nintendo wii", - "BASS", - "electricity, duh", - "seven hamsters in a big wheel", - "girls", - "mzungu hosting", - "golang", - "the state of the world right now", - "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)", - "the good folks at aperture science", - "free2play CDs", - "aridoodle", - "the love of creating", - "not for the sake of art; not for the sake of money; we like painting naked people", - "30 billion dollars in VC funding", -} - -func DefaultHeaders(next http.Handler) http.Handler { - return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - w.Header().Add("Server", "arimelody.me") - w.Header().Add("Do-Not-Stab", "1") - w.Header().Add("X-Clacks-Overhead", "GNU Terry Pratchett") - w.Header().Add("X-Hacker", "spare me please") - w.Header().Add("X-Robots-TXT", "'; DROP TABLE pages;") - w.Header().Add("X-Thinking-With", "Portals") - w.Header().Add( - "X-Powered-By", - PoweredByStrings[rand.Intn(len(PoweredByStrings))], - ) - next.ServeHTTP(w, r) - }) -} - -type LoggingResponseWriter struct { - http.ResponseWriter - Status int -} - -func (lrw *LoggingResponseWriter) WriteHeader(status int) { - lrw.Status = status - lrw.ResponseWriter.WriteHeader(status) -} - -func HTTPLog(next http.Handler) http.Handler { - return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - start := time.Now() - - lrw := LoggingResponseWriter{w, http.StatusOK} - - next.ServeHTTP(&lrw, r) - - after := time.Now() - difference := (after.Nanosecond() - start.Nanosecond()) / 1_000_000 - elapsed := "<1" - if difference >= 1 { - elapsed = strconv.Itoa(difference) - } - - statusColour := colour.Reset - - if lrw.Status - 600 <= 0 { statusColour = colour.Red } - if lrw.Status - 500 <= 0 { statusColour = colour.Yellow } - if lrw.Status - 400 <= 0 { statusColour = colour.White } - if lrw.Status - 300 <= 0 { statusColour = colour.Green } - - fmt.Printf("[%s] %s %s - %s%d%s (%sms) (%s)\n", - after.Format(time.UnixDate), - r.Method, - r.URL.Path, - statusColour, - lrw.Status, - colour.Reset, - elapsed, - r.Header["User-Agent"][0]) - }) -} diff --git a/main.go b/main.go index cbda0a7..23fc997 100644 --- a/main.go +++ b/main.go @@ -4,16 +4,18 @@ import ( "errors" "fmt" "log" + "math/rand" "net/http" "os" "path/filepath" + "strconv" "strings" "time" "arimelody-web/admin" "arimelody-web/api" + "arimelody-web/colour" "arimelody-web/controller" - "arimelody-web/global" "arimelody-web/model" "arimelody-web/templates" "arimelody-web/view" @@ -30,48 +32,48 @@ const DEFAULT_PORT int64 = 8080 func main() { fmt.Printf("made with <3 by ari melody\n\n") - // TODO: refactor `global` to `AppState` - // this should contain `Config` and `DB`, and be passed through to all - // handlers that need it. it's better than weird static globals everywhere! + app := model.AppState{ + Config: controller.GetConfig(), + } // initialise database connection - if global.Config.DB.Host == "" { + if app.Config.DB.Host == "" { fmt.Fprintf(os.Stderr, "FATAL: db.host not provided! Exiting...\n") os.Exit(1) } - if global.Config.DB.Name == "" { + if app.Config.DB.Name == "" { fmt.Fprintf(os.Stderr, "FATAL: db.name not provided! Exiting...\n") os.Exit(1) } - if global.Config.DB.User == "" { + if app.Config.DB.User == "" { fmt.Fprintf(os.Stderr, "FATAL: db.user not provided! Exiting...\n") os.Exit(1) } - if global.Config.DB.Pass == "" { + if app.Config.DB.Pass == "" { fmt.Fprintf(os.Stderr, "FATAL: db.pass not provided! Exiting...\n") os.Exit(1) } var err error - global.DB, err = sqlx.Connect( + app.DB, err = sqlx.Connect( "postgres", fmt.Sprintf( "host=%s port=%d user=%s dbname=%s password='%s' sslmode=disable", - global.Config.DB.Host, - global.Config.DB.Port, - global.Config.DB.User, - global.Config.DB.Name, - global.Config.DB.Pass, + app.Config.DB.Host, + app.Config.DB.Port, + app.Config.DB.User, + app.Config.DB.Name, + app.Config.DB.Pass, ), ) if err != nil { fmt.Fprintf(os.Stderr, "FATAL: Unable to initialise database: %v\n", err) os.Exit(1) } - global.DB.SetConnMaxLifetime(time.Minute * 3) - global.DB.SetMaxOpenConns(10) - global.DB.SetMaxIdleConns(10) - defer global.DB.Close() + app.DB.SetConnMaxLifetime(time.Minute * 3) + app.DB.SetMaxOpenConns(10) + app.DB.SetMaxIdleConns(10) + defer app.DB.Close() // handle command arguments if len(os.Args) > 1 { @@ -87,7 +89,7 @@ func main() { totpName := os.Args[3] secret := controller.GenerateTOTPSecret(controller.TOTP_SECRET_LENGTH) - account, err := controller.GetAccount(global.DB, username) + account, err := controller.GetAccount(app.DB, username) if err != nil { fmt.Fprintf(os.Stderr, "Failed to fetch account \"%s\": %v\n", username, err) os.Exit(1) @@ -104,7 +106,7 @@ func main() { Secret: string(secret), } - err = controller.CreateTOTP(global.DB, &totp) + err = controller.CreateTOTP(app.DB, &totp) if err != nil { fmt.Fprintf(os.Stderr, "Failed to create TOTP method: %v\n", err) os.Exit(1) @@ -122,7 +124,7 @@ func main() { username := os.Args[2] totpName := os.Args[3] - account, err := controller.GetAccount(global.DB, username) + account, err := controller.GetAccount(app.DB, username) if err != nil { fmt.Fprintf(os.Stderr, "Failed to fetch account \"%s\": %v\n", username, err) os.Exit(1) @@ -133,7 +135,7 @@ func main() { os.Exit(1) } - err = controller.DeleteTOTP(global.DB, account.ID, totpName) + err = controller.DeleteTOTP(app.DB, account.ID, totpName) if err != nil { fmt.Fprintf(os.Stderr, "Failed to create TOTP method: %v\n", err) os.Exit(1) @@ -149,7 +151,7 @@ func main() { } username := os.Args[2] - account, err := controller.GetAccount(global.DB, username) + account, err := controller.GetAccount(app.DB, username) if err != nil { fmt.Fprintf(os.Stderr, "Failed to fetch account \"%s\": %v\n", username, err) os.Exit(1) @@ -160,7 +162,7 @@ func main() { os.Exit(1) } - totps, err := controller.GetTOTPsForAccount(global.DB, account.ID) + totps, err := controller.GetTOTPsForAccount(app.DB, account.ID) if err != nil { fmt.Fprintf(os.Stderr, "Failed to create TOTP methods: %v\n", err) os.Exit(1) @@ -182,7 +184,7 @@ func main() { username := os.Args[2] totpName := os.Args[3] - account, err := controller.GetAccount(global.DB, username) + account, err := controller.GetAccount(app.DB, username) if err != nil { fmt.Fprintf(os.Stderr, "Failed to fetch account \"%s\": %v\n", username, err) os.Exit(1) @@ -193,7 +195,7 @@ func main() { os.Exit(1) } - totp, err := controller.GetTOTP(global.DB, account.ID, totpName) + totp, err := controller.GetTOTP(app.DB, account.ID, totpName) if err != nil { fmt.Fprintf(os.Stderr, "Failed to fetch TOTP method \"%s\": %v\n", totpName, err) os.Exit(1) @@ -210,7 +212,7 @@ func main() { case "createInvite": fmt.Printf("Creating invite...\n") - invite, err := controller.CreateInvite(global.DB, 16, time.Hour * 24) + invite, err := controller.CreateInvite(app.DB, 16, time.Hour * 24) if err != nil { fmt.Fprintf(os.Stderr, "Failed to create invite code: %v\n", err) os.Exit(1) @@ -221,7 +223,7 @@ func main() { case "purgeInvites": fmt.Printf("Deleting all invites...\n") - err := controller.DeleteAllInvites(global.DB) + err := controller.DeleteAllInvites(app.DB) if err != nil { fmt.Fprintf(os.Stderr, "Failed to delete invites: %v\n", err) os.Exit(1) @@ -231,7 +233,7 @@ func main() { return case "listAccounts": - accounts, err := controller.GetAllAccounts(global.DB) + accounts, err := controller.GetAllAccounts(app.DB) if err != nil { fmt.Fprintf(os.Stderr, "Failed to fetch accounts: %v\n", err) os.Exit(1) @@ -259,7 +261,7 @@ func main() { username := os.Args[2] fmt.Printf("Deleting account \"%s\"...\n", username) - account, err := controller.GetAccount(global.DB, username) + account, err := controller.GetAccount(app.DB, username) if err != nil { fmt.Fprintf(os.Stderr, "Failed to fetch account \"%s\": %v\n", username, err) os.Exit(1) @@ -277,7 +279,7 @@ func main() { return } - err = controller.DeleteAccount(global.DB, username) + err = controller.DeleteAccount(app.DB, username) if err != nil { fmt.Fprintf(os.Stderr, "Failed to delete account: %v\n", err) os.Exit(1) @@ -305,20 +307,20 @@ func main() { } // handle DB migrations - controller.CheckDBVersionAndMigrate(global.DB) + controller.CheckDBVersionAndMigrate(app.DB) // initial invite code accountsCount := 0 - err = global.DB.Get(&accountsCount, "SELECT count(*) FROM account") + err = app.DB.Get(&accountsCount, "SELECT count(*) FROM account") if err != nil { panic(err) } if accountsCount == 0 { - _, err := global.DB.Exec("DELETE FROM invite") + _, err := app.DB.Exec("DELETE FROM invite") if err != nil { fmt.Fprintf(os.Stderr, "FATAL: Failed to clear existing invite codes: %v\n", err) os.Exit(1) } - invite, err := controller.CreateInvite(global.DB, 16, time.Hour * 24) + invite, err := controller.CreateInvite(app.DB, 16, time.Hour * 24) if err != nil { fmt.Fprintf(os.Stderr, "FATAL: Failed to create invite code: %v\n", err) os.Exit(1) @@ -328,28 +330,28 @@ func main() { } // delete expired invites - err = controller.DeleteExpiredInvites(global.DB) + err = controller.DeleteExpiredInvites(app.DB) if err != nil { fmt.Fprintf(os.Stderr, "FATAL: Failed to clear expired invite codes: %v\n", err) os.Exit(1) } // start the web server! - mux := createServeMux() - fmt.Printf("Now serving at %s:%d\n", global.Config.BaseUrl, global.Config.Port) + mux := createServeMux(&app) + fmt.Printf("Now serving at %s:%d\n", app.Config.BaseUrl, app.Config.Port) log.Fatal( - http.ListenAndServe(fmt.Sprintf(":%d", global.Config.Port), - global.HTTPLog(global.DefaultHeaders(mux)), + http.ListenAndServe(fmt.Sprintf(":%d", app.Config.Port), + HTTPLog(DefaultHeaders(mux)), )) } -func createServeMux() *http.ServeMux { +func createServeMux(app *model.AppState) *http.ServeMux { mux := http.NewServeMux() - mux.Handle("/admin/", http.StripPrefix("/admin", admin.Handler(global.DB))) - mux.Handle("/api/", http.StripPrefix("/api", api.Handler(global.DB))) - mux.Handle("/music/", http.StripPrefix("/music", view.MusicHandler(global.DB))) - mux.Handle("/uploads/", http.StripPrefix("/uploads", staticHandler(filepath.Join(global.Config.DataDirectory, "uploads")))) + mux.Handle("/admin/", http.StripPrefix("/admin", admin.Handler(app))) + mux.Handle("/api/", http.StripPrefix("/api", api.Handler(app))) + mux.Handle("/music/", http.StripPrefix("/music", view.MusicHandler(app))) + mux.Handle("/uploads/", http.StripPrefix("/uploads", staticHandler(filepath.Join(app.Config.DataDirectory, "uploads")))) mux.Handle("/", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { if r.Method == http.MethodHead { w.WriteHeader(http.StatusOK) @@ -390,3 +392,93 @@ func staticHandler(directory string) http.Handler { http.FileServer(http.Dir(directory)).ServeHTTP(w, r) }) } + +var PoweredByStrings = []string{ + "nerd rage", + "estrogen", + "your mother", + "awesome powers beyond comprehension", + "jared", + "the weight of my sins", + "the arc reactor", + "AA batteries", + "15 euro solar panel from ebay", + "magnets, how do they work", + "a fax machine", + "dell optiplex", + "a trans girl's nintendo wii", + "BASS", + "electricity, duh", + "seven hamsters in a big wheel", + "girls", + "mzungu hosting", + "golang", + "the state of the world right now", + "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)", + "the good folks at aperture science", + "free2play CDs", + "aridoodle", + "the love of creating", + "not for the sake of art; not for the sake of money; we like painting naked people", + "30 billion dollars in VC funding", +} + +func DefaultHeaders(next http.Handler) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + w.Header().Add("Server", "arimelody.me") + w.Header().Add("Do-Not-Stab", "1") + w.Header().Add("X-Clacks-Overhead", "GNU Terry Pratchett") + w.Header().Add("X-Hacker", "spare me please") + w.Header().Add("X-Robots-TXT", "'; DROP TABLE pages;") + w.Header().Add("X-Thinking-With", "Portals") + w.Header().Add( + "X-Powered-By", + PoweredByStrings[rand.Intn(len(PoweredByStrings))], + ) + next.ServeHTTP(w, r) + }) +} + +type LoggingResponseWriter struct { + http.ResponseWriter + Status int +} + +func (lrw *LoggingResponseWriter) WriteHeader(status int) { + lrw.Status = status + lrw.ResponseWriter.WriteHeader(status) +} + +func HTTPLog(next http.Handler) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + start := time.Now() + + lrw := LoggingResponseWriter{w, http.StatusOK} + + next.ServeHTTP(&lrw, r) + + after := time.Now() + difference := (after.Nanosecond() - start.Nanosecond()) / 1_000_000 + elapsed := "<1" + if difference >= 1 { + elapsed = strconv.Itoa(difference) + } + + statusColour := colour.Reset + + if lrw.Status - 600 <= 0 { statusColour = colour.Red } + if lrw.Status - 500 <= 0 { statusColour = colour.Yellow } + if lrw.Status - 400 <= 0 { statusColour = colour.White } + if lrw.Status - 300 <= 0 { statusColour = colour.Green } + + fmt.Printf("[%s] %s %s - %s%d%s (%sms) (%s)\n", + after.Format(time.UnixDate), + r.Method, + r.URL.Path, + statusColour, + lrw.Status, + colour.Reset, + elapsed, + r.Header["User-Agent"][0]) + }) +} diff --git a/model/account.go b/model/account.go index 031cae9..72720a0 100644 --- a/model/account.go +++ b/model/account.go @@ -2,6 +2,8 @@ package model import "time" +const COOKIE_TOKEN string = "AM_TOKEN" + type ( Account struct { ID string `json:"id" db:"id"` diff --git a/model/appstate.go b/model/appstate.go new file mode 100644 index 0000000..08016b7 --- /dev/null +++ b/model/appstate.go @@ -0,0 +1,32 @@ +package model + +import "github.com/jmoiron/sqlx" + +type ( + DBConfig struct { + Host string `toml:"host"` + Port int64 `toml:"port"` + Name string `toml:"name"` + User string `toml:"user"` + Pass string `toml:"pass"` + } + + DiscordConfig struct { + AdminID string `toml:"admin_id" comment:"NOTE: admin_id to be deprecated in favour of local accounts and SSO."` + ClientID string `toml:"client_id"` + Secret string `toml:"secret"` + } + + Config struct { + BaseUrl string `toml:"base_url" comment:"Used for OAuth redirects."` + Port int64 `toml:"port"` + DataDirectory string `toml:"data_dir"` + DB DBConfig `toml:"db"` + Discord DiscordConfig `toml:"discord"` + } + + AppState struct { + DB *sqlx.DB + Config Config + } +) diff --git a/view/music.go b/view/music.go index 227aa5c..cae325f 100644 --- a/view/music.go +++ b/view/music.go @@ -8,36 +8,34 @@ import ( "arimelody-web/controller" "arimelody-web/model" "arimelody-web/templates" - - "github.com/jmoiron/sqlx" ) // HTTP HANDLER METHODS -func MusicHandler(db *sqlx.DB) http.Handler { +func MusicHandler(app *model.AppState) http.Handler { mux := http.NewServeMux() mux.Handle("/", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { if r.URL.Path == "/" { - ServeCatalog(db).ServeHTTP(w, r) + ServeCatalog(app).ServeHTTP(w, r) return } - release, err := controller.GetRelease(db, r.URL.Path[1:], true) + release, err := controller.GetRelease(app.DB, r.URL.Path[1:], true) if err != nil { http.NotFound(w, r) return } - ServeGateway(db, release).ServeHTTP(w, r) + ServeGateway(app, release).ServeHTTP(w, r) })) return mux } -func ServeCatalog(db *sqlx.DB) http.Handler { +func ServeCatalog(app *model.AppState) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - releases, err := controller.GetAllReleases(db, true, 0, true) + releases, err := controller.GetAllReleases(app.DB, true, 0, true) if err != nil { fmt.Printf("FATAL: Failed to pull releases for catalog: %s\n", err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) @@ -57,12 +55,12 @@ func ServeCatalog(db *sqlx.DB) http.Handler { }) } -func ServeGateway(db *sqlx.DB, release *model.Release) http.Handler { +func ServeGateway(app *model.AppState, release *model.Release) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { // only allow authorised users to view hidden releases privileged := false if !release.Visible { - account, err := controller.GetAccountByRequest(db, r) + account, err := controller.GetAccountByRequest(app.DB, r) if err != nil { fmt.Fprintf(os.Stderr, "WARN: Failed to fetch account: %v\n", err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) From 5531ef6bab6b55bed292705ebe60e7fb794f907f Mon Sep 17 00:00:00 2001 From: ari melody Date: Tue, 21 Jan 2025 15:08:59 +0000 Subject: [PATCH 02/99] remove account API endpoints account management should be done on the frontend. some work will need to be done to generate API keys for external clients, but notably some API endpoints are currently used by the frontend using session tokens. --- api/account.go | 201 ------------------------------------------------- api/api.go | 12 --- 2 files changed, 213 deletions(-) delete mode 100644 api/account.go diff --git a/api/account.go b/api/account.go deleted file mode 100644 index 0a9a7f9..0000000 --- a/api/account.go +++ /dev/null @@ -1,201 +0,0 @@ -package api - -import ( - "arimelody-web/controller" - "arimelody-web/model" - "encoding/json" - "fmt" - "net/http" - "os" - "strings" - "time" - - "golang.org/x/crypto/bcrypt" -) - -func handleLogin(app *model.AppState) http.HandlerFunc { - return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - if r.Method != http.MethodPost { - http.NotFound(w, r) - return - } - - type LoginRequest struct { - Username string `json:"username"` - Password string `json:"password"` - } - - credentials := LoginRequest{} - err := json.NewDecoder(r.Body).Decode(&credentials) - if err != nil { - http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest) - return - } - - account, err := controller.GetAccount(app.DB, credentials.Username) - if err != nil { - fmt.Fprintf(os.Stderr, "WARN: Failed to retrieve account: %v\n", err) - http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) - return - } - if account == nil { - http.Error(w, "Invalid username or password", http.StatusBadRequest) - return - } - - err = bcrypt.CompareHashAndPassword([]byte(account.Password), []byte(credentials.Password)) - if err != nil { - http.Error(w, "Invalid username or password", http.StatusBadRequest) - return - } - - token, err := controller.CreateToken(app.DB, account.ID, r.UserAgent()) - type LoginResponse struct { - Token string `json:"token"` - ExpiresAt time.Time `json:"expires_at"` - } - - err = json.NewEncoder(w).Encode(LoginResponse{ - Token: token.Token, - ExpiresAt: token.ExpiresAt, - }) - if err != nil { - fmt.Fprintf(os.Stderr, "WARN: Failed to return session token: %v\n", err) - http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) - } - }) -} - -func handleAccountRegistration(app *model.AppState) http.HandlerFunc { - return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - if r.Method != http.MethodPost { - http.NotFound(w, r) - return - } - - type RegisterRequest struct { - Username string `json:"username"` - Email string `json:"email"` - Password string `json:"password"` - Invite string `json:"invite"` - } - - credentials := RegisterRequest{} - err := json.NewDecoder(r.Body).Decode(&credentials) - if err != nil { - http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest) - return - } - - // make sure code exists in DB - invite, err := controller.GetInvite(app.DB, credentials.Invite) - if err != nil { - fmt.Fprintf(os.Stderr, "WARN: Failed to retrieve invite: %v\n", err) - http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) - return - } - if invite == nil { - http.Error(w, "Invalid invite code", http.StatusBadRequest) - return - } - - if time.Now().After(invite.ExpiresAt) { - err := controller.DeleteInvite(app.DB, invite.Code) - if err != nil { fmt.Fprintf(os.Stderr, "WARN: Failed to delete expired invite: %v\n", err) } - http.Error(w, "Invalid invite code", http.StatusBadRequest) - return - } - - hashedPassword, err := bcrypt.GenerateFromPassword([]byte(credentials.Password), bcrypt.DefaultCost) - if err != nil { - fmt.Fprintf(os.Stderr, "WARN: Failed to generate password hash: %v\n", err) - http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) - return - } - - account := model.Account{ - Username: credentials.Username, - Password: string(hashedPassword), - Email: credentials.Email, - AvatarURL: "/img/default-avatar.png", - } - err = controller.CreateAccount(app.DB, &account) - if err != nil { - if strings.HasPrefix(err.Error(), "pq: duplicate key") { - http.Error(w, "An account with that username already exists", http.StatusBadRequest) - return - } - fmt.Fprintf(os.Stderr, "WARN: Failed to create account: %v\n", err) - http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) - return - } - - err = controller.DeleteInvite(app.DB, invite.Code) - if err != nil { fmt.Fprintf(os.Stderr, "WARN: Failed to delete expired invite: %v\n", err) } - - token, err := controller.CreateToken(app.DB, account.ID, r.UserAgent()) - type LoginResponse struct { - Token string `json:"token"` - ExpiresAt time.Time `json:"expires_at"` - } - - err = json.NewEncoder(w).Encode(LoginResponse{ - Token: token.Token, - ExpiresAt: token.ExpiresAt, - }) - if err != nil { - fmt.Fprintf(os.Stderr, "WARN: Failed to return session token: %v\n", err) - http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) - } - }) -} - -func handleDeleteAccount(app *model.AppState) http.HandlerFunc { - return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - if r.Method != http.MethodPost { - http.NotFound(w, r) - return - } - - type LoginRequest struct { - Username string `json:"username"` - Password string `json:"password"` - } - - credentials := LoginRequest{} - err := json.NewDecoder(r.Body).Decode(&credentials) - if err != nil { - http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest) - return - } - - account, err := controller.GetAccount(app.DB, credentials.Username) - if err != nil { - if strings.Contains(err.Error(), "no rows") { - http.Error(w, "Invalid username or password", http.StatusBadRequest) - return - } - fmt.Fprintf(os.Stderr, "WARN: Failed to retrieve account: %v\n", err) - http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) - return - } - - err = bcrypt.CompareHashAndPassword([]byte(account.Password), []byte(credentials.Password)) - if err != nil { - http.Error(w, "Invalid password", http.StatusBadRequest) - return - } - - // TODO: check TOTP - - err = controller.DeleteAccount(app.DB, account.Username) - if err != nil { - fmt.Fprintf(os.Stderr, "WARN: Failed to delete account: %v\n", err) - http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) - return - } - - w.WriteHeader(http.StatusOK) - w.Write([]byte("Account deleted successfully\n")) - }) -} diff --git a/api/api.go b/api/api.go index b16d45d..9489126 100644 --- a/api/api.go +++ b/api/api.go @@ -13,20 +13,8 @@ import ( func Handler(app *model.AppState) http.Handler { mux := http.NewServeMux() - // ACCOUNT ENDPOINTS - - /* - // temporarily disabling these - // accounts should really be handled via the frontend rn, and juggling - // two different token bearer methods kinda sucks!! - // i'll look into generating API tokens on the frontend in the future // TODO: generate API keys on the frontend - mux.Handle("/v1/login", handleLogin()) - mux.Handle("/v1/register", handleAccountRegistration()) - mux.Handle("/v1/delete-account", handleDeleteAccount()) - */ - // ARTIST ENDPOINTS mux.Handle("/v1/artist/", http.StripPrefix("/v1/artist", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { From 0052c470f94fffc72357a83bbf9669f5e6726ed6 Mon Sep 17 00:00:00 2001 From: ari melody Date: Tue, 21 Jan 2025 17:13:06 +0000 Subject: [PATCH 03/99] (incomplete) change password feature --- admin/accounthttp.go | 71 +++++++++++++++++++++++++++-------- admin/http.go | 2 +- admin/views/edit-account.html | 14 +++++-- admin/views/layout.html | 5 ++- controller/config.go | 2 + main.go | 4 +- model/appstate.go | 1 + schema_migration/000-init.sql | 2 - 8 files changed, 76 insertions(+), 25 deletions(-) diff --git a/admin/accounthttp.go b/admin/accounthttp.go index b2cf18a..b354fd5 100644 --- a/admin/accounthttp.go +++ b/admin/accounthttp.go @@ -3,6 +3,7 @@ package admin import ( "fmt" "net/http" + "net/url" "os" "strings" "time" @@ -13,13 +14,22 @@ import ( "golang.org/x/crypto/bcrypt" ) -type TemplateData struct { +type loginRegisterResponse struct { Account *model.Account Message string Token string } func AccountHandler(app *model.AppState) http.Handler { + mux := http.NewServeMux() + + mux.Handle("/password", changePasswordHandler(app)) + mux.Handle("/", accountIndexHandler(app)) + + return mux +} + +func accountIndexHandler(app *model.AppState) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { account := r.Context().Value("account").(*model.Account) @@ -29,14 +39,18 @@ func AccountHandler(app *model.AppState) http.Handler { http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) } - type AccountResponse struct { + type accountResponse struct { Account *model.Account TOTPs []model.TOTP + Message string + Error string } - err = pages["account"].Execute(w, AccountResponse{ + err = pages["account"].Execute(w, accountResponse{ Account: account, TOTPs: totps, + Message: r.URL.Query().Get("message"), + Error: r.URL.Query().Get("error"), }) if err != nil { fmt.Printf("WARN: Failed to render admin account page: %v\n", err) @@ -59,7 +73,7 @@ func LoginHandler(app *model.AppState) http.Handler { return } - err = pages["login"].Execute(w, TemplateData{}) + err = pages["login"].Execute(w, loginRegisterResponse{}) if err != nil { fmt.Fprintf(os.Stderr, "WARN: Error rendering admin login page: %s\n", err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) @@ -213,12 +227,12 @@ func createAccountHandler(app *model.AppState) http.Handler { return } - type CreateAccountResponse struct { + type CreateaccountResponse struct { Account *model.Account Message string } - render := func(data CreateAccountResponse) { + render := func(data CreateaccountResponse) { err := pages["create-account"].Execute(w, data) if err != nil { fmt.Printf("WARN: Error rendering create account page: %s\n", err) @@ -227,7 +241,7 @@ func createAccountHandler(app *model.AppState) http.Handler { } if r.Method == http.MethodGet { - render(CreateAccountResponse{}) + render(CreateaccountResponse{}) return } @@ -238,7 +252,7 @@ func createAccountHandler(app *model.AppState) http.Handler { err = r.ParseForm() if err != nil { - render(CreateAccountResponse{ + render(CreateaccountResponse{ Message: "Malformed data.", }) return @@ -261,7 +275,7 @@ func createAccountHandler(app *model.AppState) http.Handler { invite, err := controller.GetInvite(app.DB, credentials.Invite) if err != nil { fmt.Fprintf(os.Stderr, "WARN: Failed to retrieve invite: %v\n", err) - render(CreateAccountResponse{ + render(CreateaccountResponse{ Message: "Something went wrong. Please try again.", }) return @@ -271,7 +285,7 @@ func createAccountHandler(app *model.AppState) http.Handler { err := controller.DeleteInvite(app.DB, invite.Code) if err != nil { fmt.Fprintf(os.Stderr, "WARN: Failed to delete expired invite: %v\n", err) } } - render(CreateAccountResponse{ + render(CreateaccountResponse{ Message: "Invalid invite code.", }) return @@ -280,7 +294,7 @@ func createAccountHandler(app *model.AppState) http.Handler { hashedPassword, err := bcrypt.GenerateFromPassword([]byte(credentials.Password), bcrypt.DefaultCost) if err != nil { fmt.Fprintf(os.Stderr, "WARN: Failed to generate password hash: %v\n", err) - render(CreateAccountResponse{ + render(CreateaccountResponse{ Message: "Something went wrong. Please try again.", }) return @@ -295,13 +309,13 @@ func createAccountHandler(app *model.AppState) http.Handler { err = controller.CreateAccount(app.DB, &account) if err != nil { if strings.HasPrefix(err.Error(), "pq: duplicate key") { - render(CreateAccountResponse{ + render(CreateaccountResponse{ Message: "An account with that username already exists.", }) return } fmt.Fprintf(os.Stderr, "WARN: Failed to create account: %v\n", err) - render(CreateAccountResponse{ + render(CreateaccountResponse{ Message: "Something went wrong. Please try again.", }) return @@ -330,14 +344,41 @@ func createAccountHandler(app *model.AppState) http.Handler { cookie.Path = "/" http.SetCookie(w, &cookie) - err = pages["login"].Execute(w, TemplateData{ + err = pages["login"].Execute(w, loginRegisterResponse{ Account: &account, Token: token.Token, }) if err != nil { fmt.Fprintf(os.Stderr, "WARN: Failed to render login page: %v\n", err) - http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) + http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) return } }) } + +func changePasswordHandler(app *model.AppState) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + if r.Method != http.MethodPost { + http.NotFound(w, r) + return + } + + account := r.Context().Value("account").(*model.Account) + + r.ParseForm() + + currentPassword := r.Form.Get("current-password") + if err := bcrypt.CompareHashAndPassword([]byte(account.Password), []byte(currentPassword)); err != nil { + http.Redirect(w, r, "/admin/account?error=" + url.PathEscape("Incorrect password."), http.StatusFound) + return + } + + newPassword := r.Form.Get("new-password") + + http.Redirect( + w, r, "/admin/account?message=" + + url.PathEscape(fmt.Sprintf("Updating password to %s", newPassword)), + http.StatusFound, + ) + }) +} diff --git a/admin/http.go b/admin/http.go index b44cfa9..763537a 100644 --- a/admin/http.go +++ b/admin/http.go @@ -17,7 +17,7 @@ func Handler(app *model.AppState) http.Handler { mux.Handle("/login", LoginHandler(app)) mux.Handle("/register", createAccountHandler(app)) mux.Handle("/logout", RequireAccount(app, LogoutHandler(app))) - mux.Handle("/account", RequireAccount(app, AccountHandler(app))) + mux.Handle("/account/", RequireAccount(app, http.StripPrefix("/account", AccountHandler(app)))) mux.Handle("/static/", http.StripPrefix("/static", staticHandler())) mux.Handle("/release/", RequireAccount(app, http.StripPrefix("/release", serveRelease(app)))) mux.Handle("/artist/", RequireAccount(app, http.StripPrefix("/artist", serveArtist(app)))) diff --git a/admin/views/edit-account.html b/admin/views/edit-account.html index 4d89052..fd527b4 100644 --- a/admin/views/edit-account.html +++ b/admin/views/edit-account.html @@ -6,22 +6,28 @@ {{define "content"}}
+ {{if .Message}} +

{{.Message}}

+ {{end}} + {{if .Error}} +

{{.Error}}

+ {{end}}

Account Settings ({{.Account.Username}})

Change Password

-
+
- + - + - +
diff --git a/admin/views/layout.html b/admin/views/layout.html index 0a33b72..bacf014 100644 --- a/admin/views/layout.html +++ b/admin/views/layout.html @@ -26,7 +26,10 @@
{{if .Account}}
- logged in as {{.Account.Username}}. log out + account ({{.Account.Username}}) +
+
+ log out
{{else}}
diff --git a/controller/config.go b/controller/config.go index 28d4be4..8772b6b 100644 --- a/controller/config.go +++ b/controller/config.go @@ -19,6 +19,7 @@ func GetConfig() model.Config { config := model.Config{ BaseUrl: "https://arimelody.me", + Host: "0.0.0.0", Port: 8080, DB: model.DBConfig{ Host: "127.0.0.1", @@ -55,6 +56,7 @@ func handleConfigOverrides(config *model.Config) error { var err error if env, has := os.LookupEnv("ARIMELODY_BASE_URL"); has { config.BaseUrl = env } + if env, has := os.LookupEnv("ARIMELODY_HOST"); has { config.Host = env } if env, has := os.LookupEnv("ARIMELODY_PORT"); has { config.Port, err = strconv.ParseInt(env, 10, 0) if err != nil { return errors.New("ARIMELODY_PORT: " + err.Error()) } diff --git a/main.go b/main.go index 23fc997..5693252 100644 --- a/main.go +++ b/main.go @@ -338,9 +338,9 @@ func main() { // start the web server! mux := createServeMux(&app) - fmt.Printf("Now serving at %s:%d\n", app.Config.BaseUrl, app.Config.Port) + fmt.Printf("Now serving at http://%s:%d\n", app.Config.Host, app.Config.Port) log.Fatal( - http.ListenAndServe(fmt.Sprintf(":%d", app.Config.Port), + http.ListenAndServe(fmt.Sprintf("%s:%d", app.Config.Host, app.Config.Port), HTTPLog(DefaultHeaders(mux)), )) } diff --git a/model/appstate.go b/model/appstate.go index 08016b7..6a965d5 100644 --- a/model/appstate.go +++ b/model/appstate.go @@ -19,6 +19,7 @@ type ( Config struct { BaseUrl string `toml:"base_url" comment:"Used for OAuth redirects."` + Host string `toml:"host"` Port int64 `toml:"port"` DataDirectory string `toml:"data_dir"` DB DBConfig `toml:"db"` diff --git a/schema_migration/000-init.sql b/schema_migration/000-init.sql index 3f4c723..e11b45f 100644 --- a/schema_migration/000-init.sql +++ b/schema_migration/000-init.sql @@ -1,5 +1,3 @@ -CREATE SCHEMA IF NOT EXISTS arimelody; - -- -- Tables -- From c6afc274c2b9d789453314241621976cc8225be8 Mon Sep 17 00:00:00 2001 From: ari melody Date: Wed, 22 Jan 2025 11:39:15 +0000 Subject: [PATCH 04/99] light theme! crt now disabled by default --- public/script/config.js | 63 ++++----- public/script/index.js | 16 +++ public/style/colours.css | 29 +++- public/style/header.css | 242 +++++++++++++++++---------------- public/style/index.css | 122 ++++++++--------- public/style/main.css | 35 ++++- public/style/music-gateway.css | 6 +- public/style/music.css | 149 +++++++++----------- views/index.html | 8 +- 9 files changed, 355 insertions(+), 315 deletions(-) create mode 100644 public/script/index.js diff --git a/public/script/config.js b/public/script/config.js index b3dd135..2bb33a6 100644 --- a/public/script/config.js +++ b/public/script/config.js @@ -1,42 +1,33 @@ -function toggle_config_setting(config, name) { - if (config[name]) { - delete config[name]; - update_config(config); - return true; - } - config[name] = true; - update_config(config); - return true; -} +const DEFAULT_CONFIG = { + crt: false +}; +const config = (() => { + let saved = localStorage.getItem("config"); + if (saved) { + const config = JSON.parse(saved); + setCRT(config.crt || DEFAULT_CONFIG.crt); + return config; + } -function set_config_setting(config, name, value) { - config[name] = value; - update_config(config); - return true; -} + localStorage.setItem("config", JSON.stringify(DEFAULT_CONFIG)); + return DEFAULT_CONFIG; +})(); -function clear_config_setting(config, name) { - if (!config[name]) return false; - delete config[name]; - update_config(config); - return true; -} - -function update_config(config) { - localStorage.setItem("config", JSON.stringify(config)); -} - -const config = JSON.parse(localStorage.getItem("config")) || {}; -if (config) { - if (config.disable_crt) { - document.querySelector('div#overlay').setAttribute("hidden", true); - document.body.style.textShadow = "none"; - document.getElementById('toggle-crt').classList.add("disabled"); - } +function saveConfig() { + localStorage.setItem("config", JSON.stringify(config)); } document.getElementById("toggle-crt").addEventListener("click", () => { - toggle_config_setting(config, "disable_crt"); - document.querySelector('div#overlay').toggleAttribute("hidden"); - document.getElementById('toggle-crt').className = config.disable_crt ? "disabled" : ""; + config.crt = !config.crt; + setCRT(config.crt); + saveConfig(); }); + +function setCRT(/** @type boolean */ enabled) { + if (enabled) { + document.body.classList.add("crt"); + } else { + document.body.classList.remove("crt"); + } + document.getElementById('toggle-crt').className = enabled ? "" : "disabled"; +} diff --git a/public/script/index.js b/public/script/index.js new file mode 100644 index 0000000..512ed8f --- /dev/null +++ b/public/script/index.js @@ -0,0 +1,16 @@ +const hexPrimary = document.getElementById("hex-primary"); +const hexSecondary = document.getElementById("hex-secondary"); +const hexTertiary = document.getElementById("hex-tertiary"); + +function updateHexColours() { + const style = getComputedStyle(document.body); + hexPrimary.textContent = style.getPropertyValue('--primary'); + hexSecondary.textContent = style.getPropertyValue('--secondary'); + hexTertiary.textContent = style.getPropertyValue('--tertiary'); +} + +updateHexColours(); + +window.matchMedia("(prefers-color-scheme: dark)").addEventListener("change", () => { + updateHexColours(); +}); diff --git a/public/style/colours.css b/public/style/colours.css index e45d964..2bf607d 100644 --- a/public/style/colours.css +++ b/public/style/colours.css @@ -1,19 +1,34 @@ :root { - --primary: #b7fd49; - --secondary: #f8e05b; - --tertiary: #f788fe; - --links: #5eb2ff; + --background: #080808; + --on-background: #f0f0f0; + + --primary: #b7fd49; + --secondary: #f8e05b; + --tertiary: #f788fe; + --links: #5eb2ff; +} + +@media (prefers-color-scheme: light) { + :root { + --background: #ffffff; + --on-background: #101010; + + --primary: #6d9e23; + --secondary: #a5911e; + --tertiary: #a92cb1; + --links: #3ba1ff; + } } .col-primary { - color: var(--primary); + color: var(--primary); } .col-secondary { - color: var(--secondary); + color: var(--secondary); } .col-tertiary { - color: var(--tertiary); + color: var(--tertiary); } diff --git a/public/style/header.css b/public/style/header.css index 21b9109..48971b5 100644 --- a/public/style/header.css +++ b/public/style/header.css @@ -1,187 +1,189 @@ header { - position: fixed; - top: 0; - left: 0; - width: 100vw; - border-bottom: 1px solid #888; - background-color: #080808; - z-index: 1; + position: fixed; + top: 0; + left: 0; + width: 100vw; + border-bottom: 1px solid #8888; + background-color: var(--background); + z-index: 1; + + transition: color .2s, background-color .2s; } nav { - width: min(calc(100% - 4rem), 720px); - height: 3em; - margin: auto; - padding: 0 1em; - display: flex; - flex-direction: row; - gap: .8em; - align-items: center; + width: min(calc(100% - 4rem), 720px); + height: 3em; + margin: auto; + padding: 0 1em; + display: flex; + flex-direction: row; + gap: .8em; + align-items: center; } #header-home { - flex-grow: 1; - display: flex; - gap: .5em; - cursor: pointer; + flex-grow: 1; + display: flex; + gap: .5em; + cursor: pointer; } img#header-icon { - width: 2em; - height: 2em; - margin: .5em; - display: block; + width: 2em; + height: 2em; + margin: .5em; + display: block; } #header-text { - width: 11em; - display: flex; - flex-direction: column; - justify-content: center; - flex-grow: 1; + width: 11em; + display: flex; + flex-direction: column; + justify-content: center; + flex-grow: 1; } #header-text h1 { - margin: 0; - font-size: 1em; + margin: 0; + font-size: 1em; } #header-text h2 { - height: 1.2em; - line-height: 1.2em; - margin: 0; - font-size: .7em; - color: #bbb; + height: 1.2em; + line-height: 1.2em; + margin: 0; + font-size: .7em; + color: #bbb; } #header-links-toggle { - width: 3em; - height: 3em; - display: none; - justify-content: center; - align-items: center; - transition: background-color .2s; + width: 3em; + height: 3em; + display: none; + justify-content: center; + align-items: center; + transition: background-color .2s; } #header-links-toggle:hover { - background-color: #fff2; + background-color: #fff2; } header ul#header-links { - margin: 0; - padding: 0; - display: flex; - flex-direction: row; - gap: .5em; - align-items: center; + margin: 0; + padding: 0; + display: flex; + flex-direction: row; + gap: .5em; + align-items: center; } header ul li { - list-style: none; + list-style: none; } header ul li a, header ul li span { - padding: .4em .5em; - border: 1px solid var(--links); - color: var(--links); - border-radius: 2px; - background-color: transparent; - transition-property: color, border-color, background-color; - transition-duration: .2s; - animation-delay: 0s; - animation: list-item-fadein .2s forwards; - opacity: 0; - text-decoration: none; + padding: .4em .5em; + border: 1px solid var(--links); + color: var(--links); + border-radius: 2px; + background-color: transparent; + transition-property: color, border-color, background-color; + transition-duration: .2s; + animation-delay: 0s; + animation: list-item-fadein .2s forwards; + opacity: 0; + text-decoration: none; } header ul li span { - color: #aaa; - border-color: #aaa; - cursor: default; - text-decoration: none; + color: #aaa; + border-color: #aaa; + cursor: default; + text-decoration: none; } header ul li a:hover { - color: #eee; - border-color: #eee; - background-color: var(--links) !important; - text-decoration: none; + color: #eee; + border-color: #eee; + background-color: var(--links) !important; + text-decoration: none; } #toggle-crt a { - color: var(--primary); - border-color: var(--primary); - opacity: 1; + color: var(--primary); + border-color: var(--primary); + opacity: 1; } #toggle-crt a:hover { - color: #111; - background-color: var(--primary) !important; + color: #111; + background-color: var(--primary) !important; } #toggle-crt.disabled a { - opacity: .5 !important; + opacity: .5 !important; } @media screen and (max-width: 780px) { - header { - font-size: 14px; - } + header { + font-size: 14px; + } - nav { - width: calc(100vw - 2rem); - margin: 0; - } + nav { + width: calc(100vw - 2rem); + margin: 0; + } - div#header-text { - flex-grow: 1; - } + div#header-text { + flex-grow: 1; + } - a#header-links-toggle { - display: flex; - } + a#header-links-toggle { + display: flex; + } - header ul#header-links { - position: fixed; - left: 0; - top: 2.7rem; - width: calc(100vw - 2rem); - padding: 1rem; - flex-direction: column; - gap: 1rem; - border-bottom: 1px solid #888; - background: #080808; - display: none; - } + header ul#header-links { + position: fixed; + left: 0; + top: 2.7rem; + width: calc(100vw - 2rem); + padding: 1rem; + flex-direction: column; + gap: 1rem; + border-bottom: 1px solid #888; + background: #080808; + display: none; + } - header ul#header-links.open { - display: flex; - } + header ul#header-links.open { + display: flex; + } - ul#header-links li { - width: 100%; - } + ul#header-links li { + width: 100%; + } - ul#header-links li a, - ul#header-links li span { - margin: 0; - display: block; - font-size: 1em; - text-align: center; - } + ul#header-links li a, + ul#header-links li span { + margin: 0; + display: block; + font-size: 1em; + text-align: center; + } } @keyframes list-item-fadein { - from { - opacity: 1; - background: #fff8; - } + from { + opacity: 1; + background: #fff8; + } - to { - opacity: 1; - background: transparent; - } + to { + opacity: 1; + background: transparent; + } } diff --git a/public/style/index.css b/public/style/index.css index 6e04a37..363c381 100644 --- a/public/style/index.css +++ b/public/style/index.css @@ -1,43 +1,43 @@ main { - width: min(calc(100% - 4rem), 720px); - min-height: calc(100vh - 10.3rem); - margin: 0 auto 2rem auto; - padding-top: 4rem; + width: min(calc(100% - 4rem), 720px); + min-height: calc(100vh - 10.3rem); + margin: 0 auto 2rem auto; + padding-top: 4rem; } main h1 { - line-height: 3rem; - color: var(--primary); + line-height: 3rem; + color: var(--primary); } main h2 { - color: var(--secondary); + color: var(--secondary); } main h3 { - color: var(--tertiary); + color: var(--tertiary); } div#me_irl { - width: fit-content; - height: fit-content; - border: 2px solid white; + width: fit-content; + height: fit-content; + border: 2px solid white; } div#me_irl img { - display: block; + display: block; } div#me_irl::before { - content: ""; - position: absolute; - width: 104px; - height: 104px; - transform: translate(2px, 2px); - background-image: linear-gradient(to top right, - var(--primary), - var(--secondary)); - z-index: -1; + content: ""; + position: absolute; + width: 104px; + height: 104px; + transform: translate(2px, 2px); + background-image: linear-gradient(to top right, + var(--primary), + var(--secondary)); + z-index: -1; } h1, @@ -49,7 +49,7 @@ h6, p, small, blockquote { - transition: background-color 0.1s; + transition: background-color 0.1s; } h1 a, @@ -58,7 +58,7 @@ h3 a, h4 a, h5 a, h6 a { - color: inherit; + color: inherit; } h1 a:hover, @@ -67,7 +67,7 @@ h3 a:hover, h4 a:hover, h5 a:hover, h6 a:hover { - text-decoration: none; + text-decoration: none; } main h1:hover, @@ -79,72 +79,72 @@ main h6:hover, main p:hover, main small:hover, main blockquote:hover { - background-color: #fff1; + background-color: #fff1; } blockquote { - margin: 1rem 0; - padding: 0 2.5rem; + margin: 1rem 0; + padding: 0 2.5rem; } hr { - text-align: center; - line-height: 0px; - border-width: 1px 0 0 0; - border-color: #888f; - margin: 1.5em 0; - overflow: visible; + text-align: center; + line-height: 0px; + border-width: 1px 0 0 0; + border-color: #888f; + margin: 1.5em 0; + overflow: visible; } ul.links { - display: flex; - gap: 1em .5em; - flex-wrap: wrap; + display: flex; + gap: 1em .5em; + flex-wrap: wrap; } ul.links li { - list-style: none; + list-style: none; } ul.links li a { - padding: .4em .5em; - border: 1px solid var(--links); - color: var(--links); - border-radius: 2px; - background-color: transparent; - transition-property: color, border-color, background-color; - transition-duration: .2s; - animation-delay: 0s; - animation: list-item-fadein .2s forwards; - opacity: 0; + padding: .4em .5em; + border: 1px solid var(--links); + color: var(--links); + border-radius: 2px; + background-color: transparent; + transition-property: color, border-color, background-color; + transition-duration: .2s; + animation-delay: 0s; + animation: list-item-fadein .2s forwards; + opacity: 0; } ul.links li a:hover { - color: #eee; - border-color: #eee; - background-color: var(--links) !important; - text-decoration: none; - box-shadow: 0 0 1em var(--links); + color: #eee; + border-color: #eee; + background-color: var(--links) !important; + text-decoration: none; + box-shadow: 0 0 1em var(--links); } div#web-buttons { - margin: 2rem 0; + margin: 2rem 0; } #web-buttons a { - text-decoration: none; + text-decoration: none; } #web-buttons img { - image-rendering: auto; - image-rendering: crisp-edges; - image-rendering: pixelated; + image-rendering: auto; + image-rendering: crisp-edges; + image-rendering: pixelated; } #web-buttons img:hover { - margin: -1px; - border: 1px solid #eee; - transform: translate(-2px, -2px); - box-shadow: 1px 1px 0 #eee, 2px 2px 0 #eee; + margin: -1px; + border: 1px solid #eee; + transform: translate(-2px, -2px); + box-shadow: 1px 1px 0 #eee, 2px 2px 0 #eee; } diff --git a/public/style/main.css b/public/style/main.css index 1e71673..f7f2131 100644 --- a/public/style/main.css +++ b/public/style/main.css @@ -14,15 +14,17 @@ body { margin: 0; padding: 0; - background: #080808; - color: #eee; + background: var(--background); + color: var(--on-background); font-family: "Monaspace Argon", monospace; font-size: 18px; - text-shadow: 0 0 3em; scroll-behavior: smooth; + + transition: color .2s, background-color .2s; } -main { +body.crt #overlay { + display: block; } a { @@ -118,6 +120,7 @@ a#backtotop:hover { left: 0; width: 100vw; height: 100vh; + display: none; background-image: linear-gradient(180deg, rgba(0,0,0,0) 15%, rgb(0, 0, 0) 40%, rgb(0, 0, 0) 60%, rgba(0,0,0,0) 85%); background-size: 100vw .2em; background-repeat: repeat; @@ -136,3 +139,27 @@ a#backtotop:hover { } } + +@media (prefers-color-scheme: light) { + a.link-button:hover { + box-shadow: none; + } + + @keyframes list-item-fadein { + from { + opacity: 1; + background: var(--links); + } + + to { + opacity: 1; + background: transparent; + } + } +} + +@media (prefers-color-scheme: dark) { + body.crt { + text-shadow: 0 0 3em; + } +} diff --git a/public/style/music-gateway.css b/public/style/music-gateway.css index 6790828..0bb7232 100644 --- a/public/style/music-gateway.css +++ b/public/style/music-gateway.css @@ -17,6 +17,10 @@ body { font-family: "Monaspace Argon", monospace; } +header { + background-color: #111; +} + #background { position: fixed; top: 0; @@ -258,7 +262,7 @@ div#info p { #title, #artist { - text-shadow: 0 .05em 2px #0004 + text-shadow: 0 .05em 2px #0004; } #type { diff --git a/public/style/music.css b/public/style/music.css index 9700526..4973e44 100644 --- a/public/style/music.css +++ b/public/style/music.css @@ -1,146 +1,129 @@ main { - width: min(calc(100% - 4rem), 720px); - min-height: calc(100vh - 10.3rem); - margin: 0 auto 2rem auto; - padding-top: 4rem; + width: min(calc(100% - 4rem), 720px); + min-height: calc(100vh - 10.3rem); + margin: 0 auto 2rem auto; + padding-top: 4rem; } main nav { - margin: -1rem .5rem 1rem .5rem; + margin: -1rem .5rem 1rem .5rem; } div.music { - margin-bottom: 1rem; - padding: 1.5rem; - display: flex; - flex-direction: row; - gap: 1.5em; - border: 1px solid #222; - border-radius: 4px; - background-color: #ffffff08; - transition: background-color .1s; - text-decoration: none; - cursor: pointer; + margin-bottom: 1rem; + padding: 1.5rem; + display: flex; + flex-direction: row; + gap: 1.5em; + border: 1px solid #8882; + border-radius: 4px; + background-color: #ffffff08; + transition: background-color .1s; + text-decoration: none; + cursor: pointer; } div.music:hover { - background-color: #fff1; + background-color: #fff1; } div.music a { - text-decoration: none; + text-decoration: none; } .music h1:hover, .music h2:hover, .music h3:hover { - background: initial; + background: initial; } .music-artwork img { - border: 1px solid #888; + border: 1px solid #8888; } .music-title { - margin: 0; - color: #eee; - font-size: 1.6em; - line-height: 1.6em; + margin: 0; + color: var(--on-background); + font-size: 1.6em; + line-height: 1.6em; +} +.music-title a { + color: inherit; + transition: color .2s; } .music-year { - color: #888; + color: #888; } .music-artist { - margin: -.5rem 0 0 0; - font-size: 1em; - color: #aaa; + margin: -.5rem 0 0 0; + font-size: 1em; + color: #aaa; } h3[class^=music-type] { - margin: 0 0 1rem 0; - font-size: .8em; - color: #eee; + margin: 0 0 1rem 0; + font-size: .8em; + color: #eee; + transition: color .2s; } h3.music-type-single { - color: var(--tertiary); + color: var(--tertiary); } h3.music-type-compilation { - color: var(--secondary); + color: var(--secondary); } h3.music-type-album { - color: var(--primary); + color: var(--primary); } h3.music-type-upcoming { - color: #f47070; + color: #f47070; } .music-links { - width: fit-content; - margin: .5em 0; - padding: 0; - display: flex; - gap: .5rem; - flex-wrap: wrap; - line-height: 1.7em; - justify-content: center; + width: fit-content; + margin: .5em 0; + padding: 0; + display: flex; + gap: .5rem; + flex-wrap: wrap; + line-height: 1.7em; + justify-content: center; } .music-links li { - list-style: none; + list-style: none; } -/* -.music-links li a { - padding: .2em .5em; - border: 1px solid #65b4fd; - color: #65b4fd; - border-radius: 2px; - background-color: transparent; - transition-property: color, border-color, background-color; - transition-duration: .2s; - animation: list-item-fadein .2s forwards; - animation-delay: 0s; - opacity: 0; -} - -.music-links li a:hover { - color: #eee; - border-color: #eee; - background-color: var(--links) !important; - text-decoration: none; -} -*/ - h2.question { - margin: 1rem 0; - padding: 1rem 1.5rem; - border-radius: 4px; - cursor: pointer; + margin: 1rem 0; + padding: 1rem 1.5rem; + border-radius: 4px; + cursor: pointer; } div.answer { - margin: -1rem 0 1rem 0; - padding: .5em 1.5em; - border-radius: 4px; + margin: -1rem 0 1rem 0; + padding: .5em 1.5em; + border-radius: 4px; } @media screen and (max-width: 740px) { - div.music { - flex-direction: column; - } + div.music { + flex-direction: column; + } - .music-artwork, - .music-details { - text-align: center; - align-items: center; - display: flex; - flex-direction: column; - } + .music-artwork, + .music-details { + text-align: center; + align-items: center; + display: flex; + flex-direction: column; + } } diff --git a/views/index.html b/views/index.html index 6a598c9..636c369 100644 --- a/views/index.html +++ b/views/index.html @@ -16,6 +16,8 @@ + + {{end}} {{define "content"}} @@ -66,9 +68,9 @@ my colours 🌈

    -
  • primary: #b7fd49
    • -
  • secondary: #f8e05b
    • -
  • tertiary: #f788fe
    • +
  • primary: #b7fd49
    • +
  • secondary: #f8e05b
    • +
  • tertiary: #f788fe

From 45f33b8b463f4c8d918cb56bbdd92b76b85d541b Mon Sep 17 00:00:00 2001 From: ari melody Date: Thu, 23 Jan 2025 00:37:19 +0000 Subject: [PATCH 05/99] terrible no good massive refactor commit (oh yeah and built generic sessions for admin panel) --- admin/accounthttp.go | 403 ++++-------------- admin/artisthttp.go | 6 +- admin/http.go | 370 ++++++++++++++-- admin/releasehttp.go | 6 +- admin/static/admin.css | 39 +- admin/static/edit-account.css | 22 +- admin/static/edit-artist.css | 2 +- admin/static/edit-release.css | 12 +- admin/static/edit-track.css | 2 +- admin/static/index.css | 22 +- admin/static/release-list-item.css | 6 +- admin/templates.go | 4 +- admin/trackhttp.go | 6 +- admin/views/edit-account.html | 36 +- admin/views/edit-artist.html | 10 +- admin/views/index.html | 6 +- admin/views/layout.html | 4 +- admin/views/login.html | 25 +- admin/views/logout.html | 7 +- .../{create-account.html => register.html} | 12 +- api/artist.go | 9 +- api/release.go | 18 +- controller/account.go | 49 +-- controller/session.go | 128 ++++++ controller/token.go | 61 --- controller/totp.go | 20 +- main.go | 18 +- model/account.go | 19 +- model/{token.go => session.go} | 12 +- public/style/footer.css | 10 +- public/style/index.css | 2 +- schema_migration/000-init.sql | 14 +- schema_migration/001-pre-versioning.sql | 24 +- view/music.go | 10 +- 34 files changed, 740 insertions(+), 654 deletions(-) rename admin/views/{create-account.html => register.html} (73%) create mode 100644 controller/session.go delete mode 100644 controller/token.go rename model/{token.go => session.go} (54%) diff --git a/admin/accounthttp.go b/admin/accounthttp.go index b354fd5..fc701e7 100644 --- a/admin/accounthttp.go +++ b/admin/accounthttp.go @@ -3,9 +3,7 @@ package admin import ( "fmt" "net/http" - "net/url" "os" - "strings" "time" "arimelody-web/controller" @@ -14,16 +12,11 @@ import ( "golang.org/x/crypto/bcrypt" ) -type loginRegisterResponse struct { - Account *model.Account - Message string - Token string -} - -func AccountHandler(app *model.AppState) http.Handler { +func accountHandler(app *model.AppState) http.Handler { mux := http.NewServeMux() mux.Handle("/password", changePasswordHandler(app)) + mux.Handle("/delete", deleteAccountHandler(app)) mux.Handle("/", accountIndexHandler(app)) return mux @@ -31,26 +24,22 @@ func AccountHandler(app *model.AppState) http.Handler { func accountIndexHandler(app *model.AppState) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - account := r.Context().Value("account").(*model.Account) + session := r.Context().Value("session").(*model.Session) - totps, err := controller.GetTOTPsForAccount(app.DB, account.ID) + totps, err := controller.GetTOTPsForAccount(app.DB, session.Account.ID) if err != nil { fmt.Printf("WARN: Failed to fetch TOTPs: %v\n", err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) } type accountResponse struct { - Account *model.Account + Session *model.Session TOTPs []model.TOTP - Message string - Error string } err = pages["account"].Execute(w, accountResponse{ - Account: account, + Session: session, TOTPs: totps, - Message: r.URL.Query().Get("message"), - Error: r.URL.Query().Get("error"), }) if err != nil { fmt.Printf("WARN: Failed to render admin account page: %v\n", err) @@ -59,303 +48,6 @@ func accountIndexHandler(app *model.AppState) http.Handler { }) } -func LoginHandler(app *model.AppState) http.Handler { - return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - if r.Method == http.MethodGet { - account, err := controller.GetAccountByRequest(app.DB, r) - if err != nil { - http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) - fmt.Fprintf(os.Stderr, "WARN: Failed to fetch account: %v\n", err) - return - } - if account != nil { - http.Redirect(w, r, "/admin", http.StatusFound) - return - } - - err = pages["login"].Execute(w, loginRegisterResponse{}) - if err != nil { - fmt.Fprintf(os.Stderr, "WARN: Error rendering admin login page: %s\n", err) - http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) - return - } - return - } - - type LoginResponse struct { - Account *model.Account - Token string - Message string - } - - render := func(data LoginResponse) { - err := pages["login"].Execute(w, data) - if err != nil { - fmt.Fprintf(os.Stderr, "WARN: Error rendering admin login page: %s\n", err) - http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) - return - } - } - - if r.Method != http.MethodPost { - http.NotFound(w, r); - return - } - - err := r.ParseForm() - if err != nil { - render(LoginResponse{ Message: "Malformed request." }) - return - } - - type LoginRequest struct { - Username string `json:"username"` - Password string `json:"password"` - TOTP string `json:"totp"` - } - credentials := LoginRequest{ - Username: r.Form.Get("username"), - Password: r.Form.Get("password"), - TOTP: r.Form.Get("totp"), - } - - account, err := controller.GetAccount(app.DB, credentials.Username) - if err != nil { - render(LoginResponse{ Message: "Invalid username or password" }) - return - } - if account == nil { - render(LoginResponse{ Message: "Invalid username or password" }) - return - } - - err = bcrypt.CompareHashAndPassword([]byte(account.Password), []byte(credentials.Password)) - if err != nil { - render(LoginResponse{ Message: "Invalid username or password" }) - return - } - - totps, err := controller.GetTOTPsForAccount(app.DB, account.ID) - if err != nil { - fmt.Fprintf(os.Stderr, "WARN: Failed to fetch TOTPs: %v\n", err) - render(LoginResponse{ Message: "Something went wrong. Please try again." }) - return - } - if len(totps) > 0 { - success := false - for _, totp := range totps { - check := controller.GenerateTOTP(totp.Secret, 0) - if check == credentials.TOTP { - success = true - break - } - } - if !success { - render(LoginResponse{ Message: "Invalid TOTP" }) - return - } - } else { - // TODO: user should be prompted to add 2FA method - } - - // login success! - token, err := controller.CreateToken(app.DB, account.ID, r.UserAgent()) - if err != nil { - fmt.Fprintf(os.Stderr, "WARN: Failed to create token: %v\n", err) - render(LoginResponse{ Message: "Something went wrong. Please try again." }) - return - } - - cookie := http.Cookie{} - cookie.Name = model.COOKIE_TOKEN - cookie.Value = token.Token - cookie.Expires = token.ExpiresAt - if strings.HasPrefix(app.Config.BaseUrl, "https") { - cookie.Secure = true - } - cookie.HttpOnly = true - cookie.Path = "/" - http.SetCookie(w, &cookie) - - render(LoginResponse{ Account: account, Token: token.Token }) - }) -} - -func LogoutHandler(app *model.AppState) http.Handler { - return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - if r.Method != http.MethodGet { - http.NotFound(w, r) - return - } - - tokenStr := controller.GetTokenFromRequest(app.DB, r) - - if len(tokenStr) > 0 { - err := controller.DeleteToken(app.DB, tokenStr) - if err != nil { - fmt.Fprintf(os.Stderr, "WARN: Failed to revoke token: %v\n", err) - http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) - return - } - } - - cookie := http.Cookie{} - cookie.Name = model.COOKIE_TOKEN - cookie.Value = "" - cookie.Expires = time.Now() - if strings.HasPrefix(app.Config.BaseUrl, "https") { - cookie.Secure = true - } - cookie.HttpOnly = true - cookie.Path = "/" - http.SetCookie(w, &cookie) - http.Redirect(w, r, "/admin/login", http.StatusFound) - }) -} - -func createAccountHandler(app *model.AppState) http.Handler { - return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - checkAccount, err := controller.GetAccountByRequest(app.DB, r) - if err != nil { - fmt.Printf("WARN: Failed to fetch account: %s\n", err) - http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) - return - } - if checkAccount != nil { - // user is already logged in - http.Redirect(w, r, "/admin", http.StatusFound) - return - } - - type CreateaccountResponse struct { - Account *model.Account - Message string - } - - render := func(data CreateaccountResponse) { - err := pages["create-account"].Execute(w, data) - if err != nil { - fmt.Printf("WARN: Error rendering create account page: %s\n", err) - http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) - } - } - - if r.Method == http.MethodGet { - render(CreateaccountResponse{}) - return - } - - if r.Method != http.MethodPost { - http.NotFound(w, r) - return - } - - err = r.ParseForm() - if err != nil { - render(CreateaccountResponse{ - Message: "Malformed data.", - }) - return - } - - type RegisterRequest struct { - Username string `json:"username"` - Email string `json:"email"` - Password string `json:"password"` - Invite string `json:"invite"` - } - credentials := RegisterRequest{ - Username: r.Form.Get("username"), - Email: r.Form.Get("email"), - Password: r.Form.Get("password"), - Invite: r.Form.Get("invite"), - } - - // make sure code exists in DB - invite, err := controller.GetInvite(app.DB, credentials.Invite) - if err != nil { - fmt.Fprintf(os.Stderr, "WARN: Failed to retrieve invite: %v\n", err) - render(CreateaccountResponse{ - Message: "Something went wrong. Please try again.", - }) - return - } - if invite == nil || time.Now().After(invite.ExpiresAt) { - if invite != nil { - err := controller.DeleteInvite(app.DB, invite.Code) - if err != nil { fmt.Fprintf(os.Stderr, "WARN: Failed to delete expired invite: %v\n", err) } - } - render(CreateaccountResponse{ - Message: "Invalid invite code.", - }) - return - } - - hashedPassword, err := bcrypt.GenerateFromPassword([]byte(credentials.Password), bcrypt.DefaultCost) - if err != nil { - fmt.Fprintf(os.Stderr, "WARN: Failed to generate password hash: %v\n", err) - render(CreateaccountResponse{ - Message: "Something went wrong. Please try again.", - }) - return - } - - account := model.Account{ - Username: credentials.Username, - Password: string(hashedPassword), - Email: credentials.Email, - AvatarURL: "/img/default-avatar.png", - } - err = controller.CreateAccount(app.DB, &account) - if err != nil { - if strings.HasPrefix(err.Error(), "pq: duplicate key") { - render(CreateaccountResponse{ - Message: "An account with that username already exists.", - }) - return - } - fmt.Fprintf(os.Stderr, "WARN: Failed to create account: %v\n", err) - render(CreateaccountResponse{ - Message: "Something went wrong. Please try again.", - }) - return - } - - err = controller.DeleteInvite(app.DB, invite.Code) - if err != nil { fmt.Fprintf(os.Stderr, "WARN: Failed to delete expired invite: %v\n", err) } - - // registration success! - token, err := controller.CreateToken(app.DB, account.ID, r.UserAgent()) - if err != nil { - fmt.Fprintf(os.Stderr, "WARN: Failed to create token: %v\n", err) - // gracefully redirect user to login page - http.Redirect(w, r, "/admin/login", http.StatusFound) - return - } - - cookie := http.Cookie{} - cookie.Name = model.COOKIE_TOKEN - cookie.Value = token.Token - cookie.Expires = token.ExpiresAt - if strings.HasPrefix(app.Config.BaseUrl, "https") { - cookie.Secure = true - } - cookie.HttpOnly = true - cookie.Path = "/" - http.SetCookie(w, &cookie) - - err = pages["login"].Execute(w, loginRegisterResponse{ - Account: &account, - Token: token.Token, - }) - if err != nil { - fmt.Fprintf(os.Stderr, "WARN: Failed to render login page: %v\n", err) - http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) - return - } - }) -} - func changePasswordHandler(app *model.AppState) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { if r.Method != http.MethodPost { @@ -363,22 +55,89 @@ func changePasswordHandler(app *model.AppState) http.Handler { return } - account := r.Context().Value("account").(*model.Account) + session := r.Context().Value("session").(*model.Session) r.ParseForm() currentPassword := r.Form.Get("current-password") - if err := bcrypt.CompareHashAndPassword([]byte(account.Password), []byte(currentPassword)); err != nil { - http.Redirect(w, r, "/admin/account?error=" + url.PathEscape("Incorrect password."), http.StatusFound) + if err := bcrypt.CompareHashAndPassword([]byte(session.Account.Password), []byte(currentPassword)); err != nil { + controller.SetSessionMessage(app.DB, session, "Incorrect password.") + http.Redirect(w, r, "/admin/account", http.StatusFound) return } newPassword := r.Form.Get("new-password") - http.Redirect( - w, r, "/admin/account?message=" + - url.PathEscape(fmt.Sprintf("Updating password to %s", newPassword)), - http.StatusFound, - ) + controller.SetSessionMessage(app.DB, session, fmt.Sprintf("Updating password to %s", newPassword)) + http.Redirect(w, r, "/admin/account", http.StatusFound) + }) +} + +func deleteAccountHandler(app *model.AppState) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + if r.Method != http.MethodPost { + http.NotFound(w, r) + return + } + + err := r.ParseForm() + if err != nil { + http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest) + return + } + + if !r.Form.Has("password") || !r.Form.Has("totp") { + http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest) + return + } + + session := r.Context().Value("session").(*model.Session) + + // check password + if err := bcrypt.CompareHashAndPassword([]byte(session.Account.Password), []byte(r.Form.Get("password"))); err != nil { + fmt.Printf( + "[%s] WARN: Account \"%s\" attempted account deletion with incorrect password.\n", + time.Now().Format("2006-02-01 15:04:05"), + session.Account.Username, + ) + controller.SetSessionMessage(app.DB, session, "Incorrect password.") + http.Redirect(w, r, "/admin/account", http.StatusFound) + return + } + + totpMethod, err := controller.CheckTOTPForAccount(app.DB, session.Account.ID, r.Form.Get("totp")) + if err != nil { + fmt.Fprintf(os.Stderr, "Failed to fetch account: %v\n", err) + controller.SetSessionMessage(app.DB, session, "Something went wrong. Please try again.") + http.Redirect(w, r, "/admin/account", http.StatusFound) + return + } + if totpMethod == nil { + fmt.Printf( + "[%s] WARN: Account \"%s\" attempted account deletion with incorrect TOTP.\n", + time.Now().Format("2006-02-01 15:04:05"), + session.Account.Username, + ) + controller.SetSessionMessage(app.DB, session, "Incorrect TOTP.") + http.Redirect(w, r, "/admin/account", http.StatusFound) + } + + err = controller.DeleteAccount(app.DB, session.Account.ID) + if err != nil { + fmt.Fprintf(os.Stderr, "Failed to delete account: %v\n", err) + controller.SetSessionMessage(app.DB, session, "Something went wrong. Please try again.") + http.Redirect(w, r, "/admin/account", http.StatusFound) + return + } + + fmt.Printf( + "[%s] INFO: Account \"%s\" deleted by user request.\n", + time.Now().Format("2006-02-01 15:04:05"), + session.Account.Username, + ) + + session.Account = nil + controller.SetSessionMessage(app.DB, session, "Account deleted successfully.") + http.Redirect(w, r, "/admin/login", http.StatusFound) }) } diff --git a/admin/artisthttp.go b/admin/artisthttp.go index d6a5e76..5979493 100644 --- a/admin/artisthttp.go +++ b/admin/artisthttp.go @@ -32,15 +32,15 @@ func serveArtist(app *model.AppState) http.Handler { } type ArtistResponse struct { - Account *model.Account + Session *model.Session Artist *model.Artist Credits []*model.Credit } - account := r.Context().Value("account").(*model.Account) + session := r.Context().Value("session").(*model.Session) err = pages["artist"].Execute(w, ArtistResponse{ - Account: account, + Session: session, Artist: artist, Credits: credits, }) diff --git a/admin/http.go b/admin/http.go index 763537a..ad0d44e 100644 --- a/admin/http.go +++ b/admin/http.go @@ -2,40 +2,51 @@ package admin import ( "context" + "database/sql" "fmt" "net/http" "os" "path/filepath" + "strings" + "time" "arimelody-web/controller" "arimelody-web/model" + + "golang.org/x/crypto/bcrypt" ) func Handler(app *model.AppState) http.Handler { mux := http.NewServeMux() - mux.Handle("/login", LoginHandler(app)) - mux.Handle("/register", createAccountHandler(app)) - mux.Handle("/logout", RequireAccount(app, LogoutHandler(app))) - mux.Handle("/account/", RequireAccount(app, http.StripPrefix("/account", AccountHandler(app)))) - mux.Handle("/static/", http.StripPrefix("/static", staticHandler())) + mux.Handle("/login", loginHandler(app)) + mux.Handle("/logout", RequireAccount(app, logoutHandler(app))) + + mux.Handle("/register", registerAccountHandler(app)) + + mux.Handle("/account", RequireAccount(app, accountIndexHandler(app))) + mux.Handle("/account/", RequireAccount(app, http.StripPrefix("/account", accountHandler(app)))) + mux.Handle("/release/", RequireAccount(app, http.StripPrefix("/release", serveRelease(app)))) mux.Handle("/artist/", RequireAccount(app, http.StripPrefix("/artist", serveArtist(app)))) mux.Handle("/track/", RequireAccount(app, http.StripPrefix("/track", serveTrack(app)))) - mux.Handle("/", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + + mux.Handle("/static/", http.StripPrefix("/static", staticHandler())) + + mux.Handle("/", RequireAccount(app, AdminIndexHandler(app))) + + // response wrapper to make sure a session cookie exists + return enforceSession(app, mux) +} + +func AdminIndexHandler(app *model.AppState) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { if r.URL.Path != "/" { http.NotFound(w, r) return } - account, err := controller.GetAccountByRequest(app.DB, r) - if err != nil { - fmt.Fprintf(os.Stderr, "WARN: Failed to fetch account: %s\n", err) - } - if account == nil { - http.Redirect(w, r, "/admin/login", http.StatusFound) - return - } + session := r.Context().Value("session").(*model.Session) releases, err := controller.GetAllReleases(app.DB, false, 0, true) if err != nil { @@ -52,52 +63,283 @@ func Handler(app *model.AppState) http.Handler { } tracks, err := controller.GetOrphanTracks(app.DB) - if err != nil { + if err != nil { fmt.Fprintf(os.Stderr, "WARN: Failed to pull orphan tracks: %s\n", err) - http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) - return - } + http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) + return + } type IndexData struct { - Account *model.Account + Session *model.Session Releases []*model.Release Artists []*model.Artist Tracks []*model.Track } err = pages["index"].Execute(w, IndexData{ - Account: account, + Session: session, Releases: releases, Artists: artists, Tracks: tracks, }) - if err != nil { + if err != nil { fmt.Fprintf(os.Stderr, "WARN: Failed to render admin index: %s\n", err) - http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) - return - } - })) + http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) + return + } + }) +} - return mux +func registerAccountHandler(app *model.AppState) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + session := r.Context().Value("session").(*model.Session) + session.Error = sql.NullString{} + session.Message = sql.NullString{} + + if session.Account != nil { + // user is already logged in + http.Redirect(w, r, "/admin", http.StatusFound) + return + } + + render := func() { + err := pages["register"].Execute(w, session) + if err != nil { + fmt.Printf("WARN: Error rendering create account page: %s\n", err) + http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) + } + } + + if r.Method == http.MethodGet { + render() + return + } + + if r.Method != http.MethodPost { + http.NotFound(w, r) + return + } + + err := r.ParseForm() + if err != nil { + session.Error = sql.NullString{ String: "Malformed data.", Valid: true } + render() + return + } + + type RegisterRequest struct { + Username string `json:"username"` + Email string `json:"email"` + Password string `json:"password"` + Invite string `json:"invite"` + } + credentials := RegisterRequest{ + Username: r.Form.Get("username"), + Email: r.Form.Get("email"), + Password: r.Form.Get("password"), + Invite: r.Form.Get("invite"), + } + + // make sure invite code exists in DB + invite, err := controller.GetInvite(app.DB, credentials.Invite) + if err != nil { + fmt.Fprintf(os.Stderr, "WARN: Failed to retrieve invite: %v\n", err) + session.Error = sql.NullString{ String: "Something went wrong. Please try again.", Valid: true } + render() + return + } + if invite == nil || time.Now().After(invite.ExpiresAt) { + if invite != nil { + err := controller.DeleteInvite(app.DB, invite.Code) + if err != nil { fmt.Fprintf(os.Stderr, "WARN: Failed to delete expired invite: %v\n", err) } + } + session.Error = sql.NullString{ String: "Invalid invite code.", Valid: true } + render() + return + } + + hashedPassword, err := bcrypt.GenerateFromPassword([]byte(credentials.Password), bcrypt.DefaultCost) + if err != nil { + fmt.Fprintf(os.Stderr, "WARN: Failed to generate password hash: %v\n", err) + session.Error = sql.NullString{ String: "Something went wrong. Please try again.", Valid: true } + render() + return + } + + account := model.Account{ + Username: credentials.Username, + Password: string(hashedPassword), + Email: sql.NullString{ String: credentials.Email, Valid: true }, + AvatarURL: sql.NullString{ String: "/img/default-avatar.png", Valid: true }, + } + err = controller.CreateAccount(app.DB, &account) + if err != nil { + if strings.HasPrefix(err.Error(), "pq: duplicate key") { + session.Error = sql.NullString{ String: "An account with that username already exists.", Valid: true } + render() + return + } + fmt.Fprintf(os.Stderr, "WARN: Failed to create account: %v\n", err) + session.Error = sql.NullString{ String: "Something went wrong. Please try again.", Valid: true } + render() + return + } + + err = controller.DeleteInvite(app.DB, invite.Code) + if err != nil { fmt.Fprintf(os.Stderr, "WARN: Failed to delete expired invite: %v\n", err) } + + // registration success! + controller.SetSessionAccount(app.DB, session, &account) + http.Redirect(w, r, "/admin", http.StatusFound) + }) +} + +func loginHandler(app *model.AppState) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + if r.Method != http.MethodGet && r.Method != http.MethodPost { + http.NotFound(w, r) + return + } + + session := r.Context().Value("session").(*model.Session) + + type loginData struct { + Session *model.Session + } + + render := func() { + err := pages["login"].Execute(w, loginData{ Session: session }) + if err != nil { + fmt.Fprintf(os.Stderr, "WARN: Error rendering admin login page: %s\n", err) + http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) + return + } + } + + if r.Method == http.MethodGet { + if session.Account != nil { + // user is already logged in + http.Redirect(w, r, "/admin", http.StatusFound) + return + } + + render() + return + } + + err := r.ParseForm() + if err != nil { + session.Error = sql.NullString{ String: "Malformed data.", Valid: true } + render() + return + } + + // new accounts won't have TOTP methods at first. there should be a + // second phase of login that prompts the user for a TOTP *only* + // if that account has a TOTP method. + // TODO: login phases (username & password -> TOTP) + + type LoginRequest struct { + Username string `json:"username"` + Password string `json:"password"` + TOTP string `json:"totp"` + } + credentials := LoginRequest{ + Username: r.Form.Get("username"), + Password: r.Form.Get("password"), + TOTP: r.Form.Get("totp"), + } + + account, err := controller.GetAccountByUsername(app.DB, credentials.Username) + if err != nil { + fmt.Fprintf(os.Stderr, "WARN: Failed to fetch account for login: %v\n", err) + session.Error = sql.NullString{ String: "Invalid username or password.", Valid: true } + render() + return + } + if account == nil { + session.Error = sql.NullString{ String: "Invalid username or password.", Valid: true } + render() + return + } + + err = bcrypt.CompareHashAndPassword([]byte(account.Password), []byte(credentials.Password)) + if err != nil { + fmt.Printf( + "[%s] INFO: Account \"%s\" attempted login with incorrect password.\n", + time.Now().Format("2006-02-01 15:04:05"), + account.Username, + ) + session.Error = sql.NullString{ String: "Invalid username or password.", Valid: true } + render() + return + } + + totpMethod, err := controller.CheckTOTPForAccount(app.DB, account.ID, credentials.TOTP) + if err != nil { + fmt.Fprintf(os.Stderr, "WARN: Failed to fetch TOTPs: %v\n", err) + session.Error = sql.NullString{ String: "Something went wrong. Please try again.", Valid: true } + render() + return + } + if totpMethod == nil { + session.Error = sql.NullString{ String: "Invalid TOTP.", Valid: true } + render() + return + } + + // TODO: log login activity to user + fmt.Printf( + "[%s] INFO: Account \"%s\" logged in with method \"%s\"\n", + time.Now().Format("2006-02-01 15:04:05"), + account.Username, + totpMethod.Name, + ) + + // login success! + controller.SetSessionAccount(app.DB, session, account) + http.Redirect(w, r, "/admin", http.StatusFound) + }) +} + +func logoutHandler(app *model.AppState) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + if r.Method != http.MethodGet { + http.NotFound(w, r) + return + } + + session := r.Context().Value("session").(*model.Session) + err := controller.DeleteSession(app.DB, session.Token) + if err != nil { + fmt.Fprintf(os.Stderr, "WARN: Failed to delete session: %v\n", err) + http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) + return + } + + http.SetCookie(w, &http.Cookie{ + Name: model.COOKIE_TOKEN, + Expires: time.Now(), + Path: "/", + }) + + err = pages["logout"].Execute(w, nil) + if err != nil { + fmt.Fprintf(os.Stderr, "WARN: Failed to render logout page: %v\n", err) + http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) + } + }) } func RequireAccount(app *model.AppState, next http.Handler) http.HandlerFunc { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - account, err := controller.GetAccountByRequest(app.DB, r) - if err != nil { - http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) - fmt.Fprintf(os.Stderr, "WARN: Failed to fetch account: %v\n", err) - return - } - if account == nil { + session := r.Context().Value("session").(*model.Session) + if session.Account == nil { // TODO: include context in redirect http.Redirect(w, r, "/admin/login", http.StatusFound) return } - - ctx := context.WithValue(r.Context(), "account", account) - - next.ServeHTTP(w, r.WithContext(ctx)) + next.ServeHTTP(w, r) }) } @@ -121,3 +363,57 @@ func staticHandler() http.Handler { http.FileServer(http.Dir(filepath.Join("admin", "static"))).ServeHTTP(w, r) }) } + +func enforceSession(app *model.AppState, next http.Handler) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + sessionCookie, err := r.Cookie(model.COOKIE_TOKEN) + if err != nil && err != http.ErrNoCookie { + fmt.Fprintf(os.Stderr, "WARN: Failed to retrieve session cookie: %v\n", err) + http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) + return + } + + var session *model.Session + + if sessionCookie != nil { + // fetch existing session + session, err = controller.GetSession(app.DB, sessionCookie.Value) + + if err != nil { + if strings.Contains(err.Error(), "no rows") { + http.Error(w, "Invalid session. Please try clearing your cookies and refresh.", http.StatusBadRequest) + return + } + fmt.Fprintf(os.Stderr, "WARN: Failed to retrieve session: %v\n", err) + http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) + return + } + + if session != nil { + // TODO: consider running security checks here (i.e. user agent mismatches) + } + } + + if session == nil { + // create a new session + session, err = controller.CreateSession(app.DB, r.UserAgent()) + if err != nil { + fmt.Fprintf(os.Stderr, "WARN: Failed to create session: %v\n", err) + http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) + return + } + + http.SetCookie(w, &http.Cookie{ + Name: model.COOKIE_TOKEN, + Value: session.Token, + Expires: session.ExpiresAt, + Secure: strings.HasPrefix(app.Config.BaseUrl, "https"), + HttpOnly: true, + Path: "/", + }) + } + + ctx := context.WithValue(r.Context(), "session", session) + next.ServeHTTP(w, r.WithContext(ctx)) + }) +} diff --git a/admin/releasehttp.go b/admin/releasehttp.go index 503166b..7d098e6 100644 --- a/admin/releasehttp.go +++ b/admin/releasehttp.go @@ -14,7 +14,7 @@ func serveRelease(app *model.AppState) http.Handler { slices := strings.Split(r.URL.Path[1:], "/") releaseID := slices[0] - account := r.Context().Value("account").(*model.Account) + session := r.Context().Value("session").(*model.Session) release, err := controller.GetRelease(app.DB, releaseID, true) if err != nil { @@ -56,12 +56,12 @@ func serveRelease(app *model.AppState) http.Handler { } type ReleaseResponse struct { - Account *model.Account + Session *model.Session Release *model.Release } err = pages["release"].Execute(w, ReleaseResponse{ - Account: account, + Session: session, Release: release, }) if err != nil { diff --git a/admin/static/admin.css b/admin/static/admin.css index 32f69bb..45d67a4 100644 --- a/admin/static/admin.css +++ b/admin/static/admin.css @@ -24,7 +24,7 @@ nav { justify-content: left; background: #f8f8f8; - border-radius: .5em; + border-radius: 4px; border: 1px solid #808080; } nav .icon { @@ -127,20 +127,34 @@ a img.icon { +#message, #error { - background: #ffa9b8; - border: 1px solid #dc5959; + margin: 0 0 1em 0; padding: 1em; border-radius: 4px; + background: #ffffff; + border: 1px solid #888; +} +#message { + background: #a9dfff; + border-color: #599fdc; +} +#error { + background: #ffa9b8; + border-color: #dc5959; } +a.delete { + color: #d22828; +} + button, .button { padding: .5em .8em; font-family: inherit; font-size: inherit; - border-radius: .5em; + border-radius: 4px; border: 1px solid #a0a0a0; background: #f0f0f0; color: inherit; @@ -154,35 +168,32 @@ button:active, .button:active { border-color: #808080; } -button { +.button, button { color: inherit; } -button.new { +.button.new, button.new { background: #c4ff6a; border-color: #84b141; } -button.save { +.button.save, button.save { background: #6fd7ff; border-color: #6f9eb0; } -button.delete { +.button.delete, button.delete { background: #ff7171; border-color: #7d3535; } -button:hover { +.button:hover, button:hover { background: #fff; border-color: #d0d0d0; } -button:active { +.button:active, button:active { background: #d0d0d0; border-color: #808080; } -button[disabled] { +.button[disabled], button[disabled] { background: #d0d0d0 !important; border-color: #808080 !important; opacity: .5; cursor: not-allowed !important; } -a.delete { - color: #d22828; -} diff --git a/admin/static/edit-account.css b/admin/static/edit-account.css index 625db13..52fb756 100644 --- a/admin/static/edit-account.css +++ b/admin/static/edit-account.css @@ -1,14 +1,7 @@ @import url("/admin/static/index.css"); -form#change-password { - width: 100%; - display: flex; - flex-direction: column; - align-items: start; -} - -form div { - width: 20rem; +div.card { + margin-bottom: 2rem; } form button { @@ -22,7 +15,7 @@ label { color: #10101080; } input { - width: 100%; + width: min(20rem, calc(100% - 1rem)); margin: .5rem 0; padding: .3rem .5rem; display: block; @@ -33,18 +26,11 @@ input { color: inherit; } -#error { - background: #ffa9b8; - border: 1px solid #dc5959; - padding: 1em; - border-radius: 4px; -} - .mfa-device { padding: .75em; background: #f8f8f8f8; border: 1px solid #808080; - border-radius: .5em; + border-radius: 8px; margin-bottom: .5em; display: flex; justify-content: space-between; diff --git a/admin/static/edit-artist.css b/admin/static/edit-artist.css index 793b989..5627e64 100644 --- a/admin/static/edit-artist.css +++ b/admin/static/edit-artist.css @@ -9,7 +9,7 @@ h1 { flex-direction: row; gap: 1.2em; - border-radius: .5em; + border-radius: 8px; background: #f8f8f8f8; border: 1px solid #808080; } diff --git a/admin/static/edit-release.css b/admin/static/edit-release.css index 10eada3..63d399e 100644 --- a/admin/static/edit-release.css +++ b/admin/static/edit-release.css @@ -11,7 +11,7 @@ input[type="text"] { flex-direction: row; gap: 1.2em; - border-radius: .5em; + border-radius: 8px; background: #f8f8f8f8; border: 1px solid #808080; } @@ -160,7 +160,7 @@ dialog div.dialog-actions { align-items: center; gap: 1em; - border-radius: .5em; + border-radius: 8px; background: #f8f8f8f8; border: 1px solid #808080; } @@ -170,7 +170,7 @@ dialog div.dialog-actions { } .card.credits .credit .artist-avatar { - border-radius: .5em; + border-radius: 8px; } .card.credits .credit .artist-name { @@ -196,7 +196,7 @@ dialog div.dialog-actions { align-items: center; gap: 1em; - border-radius: .5em; + border-radius: 8px; background: #f8f8f8f8; border: 1px solid #808080; } @@ -215,7 +215,7 @@ dialog div.dialog-actions { } #editcredits .credit .artist-avatar { - border-radius: .5em; + border-radius: 8px; } #editcredits .credit .credit-info { @@ -393,7 +393,7 @@ dialog div.dialog-actions { flex-direction: column; gap: .5em; - border-radius: .5em; + border-radius: 8px; background: #f8f8f8f8; border: 1px solid #808080; } diff --git a/admin/static/edit-track.css b/admin/static/edit-track.css index 8a05089..600b680 100644 --- a/admin/static/edit-track.css +++ b/admin/static/edit-track.css @@ -11,7 +11,7 @@ h1 { flex-direction: row; gap: 1.2em; - border-radius: .5em; + border-radius: 8px; background: #f8f8f8f8; border: 1px solid #808080; } diff --git a/admin/static/index.css b/admin/static/index.css index 9d38940..9fcd731 100644 --- a/admin/static/index.css +++ b/admin/static/index.css @@ -1,23 +1,5 @@ @import url("/admin/static/release-list-item.css"); -.create-btn { - background: #c4ff6a; - padding: .5em .8em; - border-radius: .5em; - border: 1px solid #84b141; - text-decoration: none; -} -.create-btn:hover { - background: #fff; - border-color: #d0d0d0; - text-decoration: inherit; -} -.create-btn:active { - background: #d0d0d0; - border-color: #808080; - text-decoration: inherit; -} - .artist { margin-bottom: .5em; padding: .5em; @@ -26,7 +8,7 @@ align-items: center; gap: .5em; - border-radius: .5em; + border-radius: 8px; background: #f8f8f8f8; border: 1px solid #808080; } @@ -49,7 +31,7 @@ flex-direction: column; gap: .5em; - border-radius: .5em; + border-radius: 8px; background: #f8f8f8f8; border: 1px solid #808080; } diff --git a/admin/static/release-list-item.css b/admin/static/release-list-item.css index ee67de7..638eac0 100644 --- a/admin/static/release-list-item.css +++ b/admin/static/release-list-item.css @@ -5,7 +5,7 @@ flex-direction: row; gap: 1em; - border-radius: .5em; + border-radius: 8px; background: #f8f8f8f8; border: 1px solid #808080; } @@ -50,7 +50,7 @@ padding: .5em; display: block; - border-radius: .5em; + border-radius: 8px; text-decoration: none; color: #f0f0f0; background: #303030; @@ -73,7 +73,7 @@ padding: .3em .5em; display: inline-block; - border-radius: .3em; + border-radius: 4px; background: #e0e0e0; transition: color .1s, background .1s; diff --git a/admin/templates.go b/admin/templates.go index 1fa7a65..1021832 100644 --- a/admin/templates.go +++ b/admin/templates.go @@ -18,10 +18,10 @@ var pages = map[string]*template.Template{ filepath.Join("views", "prideflag.html"), filepath.Join("admin", "views", "login.html"), )), - "create-account": template.Must(template.ParseFiles( + "register": template.Must(template.ParseFiles( filepath.Join("admin", "views", "layout.html"), filepath.Join("views", "prideflag.html"), - filepath.Join("admin", "views", "create-account.html"), + filepath.Join("admin", "views", "register.html"), )), "logout": template.Must(template.ParseFiles( filepath.Join("admin", "views", "layout.html"), diff --git a/admin/trackhttp.go b/admin/trackhttp.go index fa49b53..9436671 100644 --- a/admin/trackhttp.go +++ b/admin/trackhttp.go @@ -32,15 +32,15 @@ func serveTrack(app *model.AppState) http.Handler { } type TrackResponse struct { - Account *model.Account + Session *model.Session Track *model.Track Releases []*model.Release } - account := r.Context().Value("account").(*model.Account) + session := r.Context().Value("session").(*model.Session) err = pages["track"].Execute(w, TrackResponse{ - Account: account, + Session: session, Track: track, Releases: releases, }) diff --git a/admin/views/edit-account.html b/admin/views/edit-account.html index fd527b4..0acfaf5 100644 --- a/admin/views/edit-account.html +++ b/admin/views/edit-account.html @@ -6,29 +6,27 @@ {{define "content"}}

- {{if .Message}} -

{{.Message}}

+ {{if .Session.Message.Valid}} +

{{html .Session.Message.String}}

{{end}} - {{if .Error}} -

{{.Error}}

+ {{if .Session.Error.Valid}} +

{{html .Session.Error.String}}

{{end}} -

Account Settings ({{.Account.Username}})

+

Account Settings ({{.Session.Account.Username}})

Change Password

-
- - + + - - + + - - -
+ + @@ -64,9 +62,17 @@

Clicking the button below will delete your account. This action is irreversible. - You will be prompted to confirm this decision. + You will need to enter your password and TOTP below.

- +
+ + + + + + + +
diff --git a/admin/views/edit-artist.html b/admin/views/edit-artist.html index ccb3a45..b0cfb41 100644 --- a/admin/views/edit-artist.html +++ b/admin/views/edit-artist.html @@ -36,13 +36,13 @@ {{if .Credits}} {{range .Credits}}
- +
-

{{.Artist.Release.Title}}

-

{{.Artist.Release.PrintArtists true true}}

+

{{.Release.Title}}

+

{{.Release.PrintArtists true true}}

- Role: {{.Artist.Role}} - {{if .Artist.Primary}} + Role: {{.Role}} + {{if .Primary}} (Primary) {{end}}

diff --git a/admin/views/index.html b/admin/views/index.html index 8f42e0e..2b9c897 100644 --- a/admin/views/index.html +++ b/admin/views/index.html @@ -9,7 +9,7 @@

Releases

- Create New + Create New
{{range .Releases}} @@ -22,7 +22,7 @@

Artists

- Create New + Create New
{{range $Artist := .Artists}} @@ -38,7 +38,7 @@

Tracks

- Create New + Create New

"Orphaned" tracks that have not yet been bound to a release.

diff --git a/admin/views/layout.html b/admin/views/layout.html index bacf014..8c34c8e 100644 --- a/admin/views/layout.html +++ b/admin/views/layout.html @@ -24,9 +24,9 @@ home
- {{if .Account}} + {{if .Session.Account}}
- account ({{.Account.Username}}) + account ({{.Session.Account.Username}})
log out diff --git a/admin/views/login.html b/admin/views/login.html index 7744e91..e8581e8 100644 --- a/admin/views/login.html +++ b/admin/views/login.html @@ -52,35 +52,26 @@ input[disabled] { {{define "content"}}
- {{if .Message}} -

{{.Message}}

+ {{if .Session.Message.Valid}} +

{{html .Session.Message.String}}

+ {{end}} + {{if .Session.Error.Valid}} +

{{html .Session.Error.String}}

{{end}} - - {{if .Token}} - - -

- Logged in successfully. - You should be redirected to /admin soon. -

- - {{else}}
- + - + - +
- - {{end}}
{{end}} diff --git a/admin/views/logout.html b/admin/views/logout.html index 1999377..f127fd6 100644 --- a/admin/views/logout.html +++ b/admin/views/logout.html @@ -12,13 +12,10 @@ p a { {{define "content"}}
- +

Logged out successfully. - You should be redirected to / in 5 seconds. - + You should be redirected to /admin/login shortly.

diff --git a/admin/views/create-account.html b/admin/views/register.html similarity index 73% rename from admin/views/create-account.html rename to admin/views/register.html index 8d59c0f..8899fd9 100644 --- a/admin/views/create-account.html +++ b/admin/views/register.html @@ -48,23 +48,23 @@ input { {{define "content"}}
- {{if .Message}} -

{{.Message}}

+ {{if .Session.Error.Valid}} +

{{html .Session.Error.String}}

{{end}}
- + - + - + - +
diff --git a/api/artist.go b/api/artist.go index a9676b1..51c9d62 100644 --- a/api/artist.go +++ b/api/artist.go @@ -51,13 +51,8 @@ func ServeArtist(app *model.AppState, artist *model.Artist) http.Handler { } ) - account, err := controller.GetAccountByRequest(app.DB, r) - if err != nil { - fmt.Fprintf(os.Stderr, "WARN: Failed to fetch account: %v\n", err) - http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) - return - } - show_hidden_releases := account != nil + session := r.Context().Value("session").(*model.Session) + show_hidden_releases := session != nil && session.Account != nil dbCredits, err := controller.GetArtistCredits(app.DB, artist.ID, show_hidden_releases) if err != nil { diff --git a/api/release.go b/api/release.go index c71043e..4e7372f 100644 --- a/api/release.go +++ b/api/release.go @@ -19,13 +19,8 @@ func ServeRelease(app *model.AppState, release *model.Release) http.Handler { // only allow authorised users to view hidden releases privileged := false if !release.Visible { - account, err := controller.GetAccountByRequest(app.DB, r) - if err != nil { - fmt.Fprintf(os.Stderr, "WARN: Failed to fetch account: %v\n", err) - http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) - return - } - if account != nil { + session := r.Context().Value("session").(*model.Session) + if session != nil && session.Account != nil { // TODO: check privilege on release privileged = true } @@ -145,16 +140,11 @@ func ServeCatalog(app *model.AppState) http.Handler { } catalog := []Release{} - account, err := controller.GetAccountByRequest(app.DB, r) - if err != nil { - fmt.Fprintf(os.Stderr, "WARN: Failed to fetch account: %v\n", err) - http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) - return - } + session := r.Context().Value("session").(*model.Session) for _, release := range releases { if !release.Visible { privileged := false - if account != nil { + if session != nil && session.Account != nil { // TODO: check privilege on release privileged = true } diff --git a/controller/account.go b/controller/account.go index 044faec..8272bad 100644 --- a/controller/account.go +++ b/controller/account.go @@ -2,8 +2,6 @@ package controller import ( "arimelody-web/model" - "errors" - "fmt" "net/http" "strings" @@ -21,7 +19,21 @@ func GetAllAccounts(db *sqlx.DB) ([]model.Account, error) { return accounts, nil } -func GetAccount(db *sqlx.DB, username string) (*model.Account, error) { +func GetAccountByID(db *sqlx.DB, id string) (*model.Account, error) { + var account = model.Account{} + + err := db.Get(&account, "SELECT * FROM account WHERE id=$1", id) + if err != nil { + if strings.Contains(err.Error(), "no rows") { + return nil, nil + } + return nil, err + } + + return &account, nil +} + +func GetAccountByUsername(db *sqlx.DB, username string) (*model.Account, error) { var account = model.Account{} err := db.Get(&account, "SELECT * FROM account WHERE username=$1", username) @@ -49,12 +61,12 @@ func GetAccountByEmail(db *sqlx.DB, email string) (*model.Account, error) { return &account, nil } -func GetAccountByToken(db *sqlx.DB, token string) (*model.Account, error) { - if token == "" { return nil, nil } +func GetAccountBySession(db *sqlx.DB, sessionToken string) (*model.Account, error) { + if sessionToken == "" { return nil, nil } account := model.Account{} - err := db.Get(&account, "SELECT account.* FROM account JOIN token ON id=account WHERE token=$1", token) + err := db.Get(&account, "SELECT account.* FROM account JOIN token ON id=account WHERE token=$1", sessionToken) if err != nil { if strings.Contains(err.Error(), "no rows") { return nil, nil @@ -65,7 +77,7 @@ func GetAccountByToken(db *sqlx.DB, token string) (*model.Account, error) { return &account, nil } -func GetTokenFromRequest(db *sqlx.DB, r *http.Request) string { +func GetSessionFromRequest(db *sqlx.DB, r *http.Request) string { tokenStr := strings.TrimPrefix(r.Header.Get("Authorization"), "Bearer ") if len(tokenStr) > 0 { return tokenStr @@ -78,29 +90,6 @@ func GetTokenFromRequest(db *sqlx.DB, r *http.Request) string { return cookie.Value } -func GetAccountByRequest(db *sqlx.DB, r *http.Request) (*model.Account, error) { - tokenStr := GetTokenFromRequest(db, r) - - token, err := GetToken(db, tokenStr) - if err != nil { - if strings.Contains(err.Error(), "no rows") { - return nil, nil - } - return nil, errors.New("GetToken: " + err.Error()) - } - - // does user-agent match the token? - if r.UserAgent() != token.UserAgent { - // invalidate the token - DeleteToken(db, tokenStr) - fmt.Printf("WARN: Attempted use of token by unauthorised User-Agent (Expected `%s`, got `%s`)\n", token.UserAgent, r.UserAgent()) - // TODO: log unauthorised activity to the user - return nil, errors.New("User agent mismatch") - } - - return GetAccountByToken(db, tokenStr) -} - func CreateAccount(db *sqlx.DB, account *model.Account) error { err := db.Get( &account.ID, diff --git a/controller/session.go b/controller/session.go new file mode 100644 index 0000000..2a2a19e --- /dev/null +++ b/controller/session.go @@ -0,0 +1,128 @@ +package controller + +import ( + "database/sql" + "time" + + "arimelody-web/model" + + "github.com/jmoiron/sqlx" +) + +const TOKEN_LEN = 64 + +func CreateSession(db *sqlx.DB, userAgent string) (*model.Session, error) { + tokenString := GenerateAlnumString(TOKEN_LEN) + + session := model.Session{ + Token: string(tokenString), + UserAgent: userAgent, + CreatedAt: time.Now(), + ExpiresAt: time.Now().Add(time.Hour * 24), + } + + _, err := db.Exec("INSERT INTO session " + + "(token, user_agent, created_at, expires_at) VALUES " + + "($1, $2, $3, $4)", + session.Token, + session.UserAgent, + session.CreatedAt, + session.ExpiresAt, + ) + if err != nil { + return nil, err + } + + return &session, nil +} + +// func WriteSession(db *sqlx.DB, session *model.Session) error { +// _, err := db.Exec( +// "UPDATE session " + +// "SET account=$2,message=$3,error=$4 " + +// "WHERE token=$1", +// session.Token, +// session.Account.ID, +// session.Message, +// session.Error, +// ) +// return err +// } + +func SetSessionAccount(db *sqlx.DB, session *model.Session, account *model.Account) error { + var err error + session.Account = account + if account == nil { + _, err = db.Exec("UPDATE session SET account=NULL WHERE token=$1", session.Token) + } else { + _, err = db.Exec("UPDATE session SET account=$2 WHERE token=$1", session.Token, account.ID) + } + return err +} + +func SetSessionMessage(db *sqlx.DB, session *model.Session, message string) error { + var err error + if message == "" { + session.Message = sql.NullString{ } + _, err = db.Exec("UPDATE session SET message=NULL WHERE token=$1", session.Token) + } else { + session.Message = sql.NullString{ String: message, Valid: true } + _, err = db.Exec("UPDATE session SET message=$2 WHERE token=$1", session.Token, message) + } + return err +} + +func SetSessionError(db *sqlx.DB, session *model.Session, message string) error { + var err error + if message == "" { + session.Message = sql.NullString{ } + _, err = db.Exec("UPDATE session SET error=NULL WHERE token=$1", session.Token) + } else { + session.Message = sql.NullString{ String: message, Valid: true } + _, err = db.Exec("UPDATE session SET error=$2 WHERE token=$1", session.Token, message) + } + return err +} + +func GetSession(db *sqlx.DB, token string) (*model.Session, error) { + type dbSession struct { + model.Session + AccountID sql.NullString `db:"account"` + } + + session := dbSession{} + err := db.Get( + &session, + "SELECT * FROM session WHERE token=$1", + token, + ) + if err != nil { + return nil, err + } + + if session.AccountID.Valid { + session.Account, err = GetAccountByID(db, session.AccountID.String) + if err != nil { + return nil, err + } + } + + return &session.Session, err +} + +// func GetAllSessionsForAccount(db *sqlx.DB, accountID string) ([]model.Session, error) { +// sessions := []model.Session{} +// err := db.Select(&sessions, "SELECT * FROM session WHERE account=$1 AND expires_at>current_timestamp", accountID) +// return sessions, err +// } + +func DeleteAllSessionsForAccount(db *sqlx.DB, accountID string) error { + _, err := db.Exec("DELETE FROM session WHERE account=$1", accountID) + return err +} + +func DeleteSession(db *sqlx.DB, token string) error { + _, err := db.Exec("DELETE FROM session WHERE token=$1", token) + return err +} + diff --git a/controller/token.go b/controller/token.go deleted file mode 100644 index 12982bd..0000000 --- a/controller/token.go +++ /dev/null @@ -1,61 +0,0 @@ -package controller - -import ( - "time" - - "arimelody-web/model" - - "github.com/jmoiron/sqlx" -) - -const TOKEN_LEN = 32 - -func CreateToken(db *sqlx.DB, accountID string, userAgent string) (*model.Token, error) { - tokenString := GenerateAlnumString(TOKEN_LEN) - - token := model.Token{ - Token: string(tokenString), - AccountID: accountID, - UserAgent: userAgent, - CreatedAt: time.Now(), - ExpiresAt: time.Now().Add(time.Hour * 24), - } - - _, err := db.Exec("INSERT INTO token " + - "(token, account, user_agent, created_at, expires_at) VALUES " + - "($1, $2, $3, $4, $5)", - token.Token, - token.AccountID, - token.UserAgent, - token.CreatedAt, - token.ExpiresAt, - ) - if err != nil { - return nil, err - } - - return &token, nil -} - -func GetToken(db *sqlx.DB, token_str string) (*model.Token, error) { - token := model.Token{} - err := db.Get(&token, "SELECT * FROM token WHERE token=$1", token_str) - return &token, err -} - -func GetAllTokensForAccount(db *sqlx.DB, accountID string) ([]model.Token, error) { - tokens := []model.Token{} - err := db.Select(&tokens, "SELECT * FROM token WHERE account=$1 AND expires_at>current_timestamp", accountID) - return tokens, err -} - -func DeleteAllTokensForAccount(db *sqlx.DB, accountID string) error { - _, err := db.Exec("DELETE FROM token WHERE account=$1", accountID) - return err -} - -func DeleteToken(db *sqlx.DB, token string) error { - _, err := db.Exec("DELETE FROM token WHERE token=$1", token) - return err -} - diff --git a/controller/totp.go b/controller/totp.go index 18616da..83a5b1c 100644 --- a/controller/totp.go +++ b/controller/totp.go @@ -17,7 +17,7 @@ import ( "github.com/jmoiron/sqlx" ) -const TOTP_SECRET_LENGTH = 32 +const TOTP_SECRET_LENGTH = 64 const TIME_STEP int64 = 30 const CODE_LENGTH = 6 @@ -89,6 +89,24 @@ func GetTOTPsForAccount(db *sqlx.DB, accountID string) ([]model.TOTP, error) { return totps, nil } +func CheckTOTPForAccount(db *sqlx.DB, accountID string, totp string) (*model.TOTP, error) { + totps, err := GetTOTPsForAccount(db, accountID) + if err != nil { + // user has no TOTP methods + return nil, err + } + for _, method := range totps { + check := GenerateTOTP(method.Secret, 0) + if check == totp { + // return the whole TOTP method as it may be useful for logging + return &method, nil + } + } + // user failed all TOTP checks + // note: this state will still occur even if the account has no TOTP methods. + return nil, nil +} + func GetTOTP(db *sqlx.DB, accountID string, name string) (*model.TOTP, error) { totp := model.TOTP{} diff --git a/main.go b/main.go index 5693252..9c5b38a 100644 --- a/main.go +++ b/main.go @@ -89,7 +89,7 @@ func main() { totpName := os.Args[3] secret := controller.GenerateTOTPSecret(controller.TOTP_SECRET_LENGTH) - account, err := controller.GetAccount(app.DB, username) + account, err := controller.GetAccountByUsername(app.DB, username) if err != nil { fmt.Fprintf(os.Stderr, "Failed to fetch account \"%s\": %v\n", username, err) os.Exit(1) @@ -108,6 +108,10 @@ func main() { err = controller.CreateTOTP(app.DB, &totp) if err != nil { + if strings.HasPrefix(err.Error(), "pq: duplicate key") { + fmt.Fprintf(os.Stderr, "Account \"%s\" already has a TOTP method named \"%s\"!\n", account.Username, totp.Name) + os.Exit(1) + } fmt.Fprintf(os.Stderr, "Failed to create TOTP method: %v\n", err) os.Exit(1) } @@ -124,7 +128,7 @@ func main() { username := os.Args[2] totpName := os.Args[3] - account, err := controller.GetAccount(app.DB, username) + account, err := controller.GetAccountByUsername(app.DB, username) if err != nil { fmt.Fprintf(os.Stderr, "Failed to fetch account \"%s\": %v\n", username, err) os.Exit(1) @@ -151,7 +155,7 @@ func main() { } username := os.Args[2] - account, err := controller.GetAccount(app.DB, username) + account, err := controller.GetAccountByUsername(app.DB, username) if err != nil { fmt.Fprintf(os.Stderr, "Failed to fetch account \"%s\": %v\n", username, err) os.Exit(1) @@ -184,7 +188,7 @@ func main() { username := os.Args[2] totpName := os.Args[3] - account, err := controller.GetAccount(app.DB, username) + account, err := controller.GetAccountByUsername(app.DB, username) if err != nil { fmt.Fprintf(os.Stderr, "Failed to fetch account \"%s\": %v\n", username, err) os.Exit(1) @@ -240,6 +244,8 @@ func main() { } for _, account := range accounts { + email := "" + if account.Email.Valid { email = account.Email.String } fmt.Printf( "User: %s\n" + "\tID: %s\n" + @@ -247,7 +253,7 @@ func main() { "\tCreated: %s\n", account.Username, account.ID, - account.Email, + email, account.CreatedAt, ) } @@ -261,7 +267,7 @@ func main() { username := os.Args[2] fmt.Printf("Deleting account \"%s\"...\n", username) - account, err := controller.GetAccount(app.DB, username) + account, err := controller.GetAccountByUsername(app.DB, username) if err != nil { fmt.Fprintf(os.Stderr, "Failed to fetch account \"%s\": %v\n", username, err) os.Exit(1) diff --git a/model/account.go b/model/account.go index 72720a0..166e880 100644 --- a/model/account.go +++ b/model/account.go @@ -1,17 +1,20 @@ package model -import "time" +import ( + "database/sql" + "time" +) -const COOKIE_TOKEN string = "AM_TOKEN" +const COOKIE_TOKEN string = "AM_SESSION" type ( Account struct { - ID string `json:"id" db:"id"` - Username string `json:"username" db:"username"` - Password string `json:"password" db:"password"` - Email string `json:"email" db:"email"` - AvatarURL string `json:"avatar_url" db:"avatar_url"` - CreatedAt time.Time `json:"created_at" db:"created_at"` + ID string `json:"id" db:"id"` + Username string `json:"username" db:"username"` + Password string `json:"password" db:"password"` + Email sql.NullString `json:"email" db:"email"` + AvatarURL sql.NullString `json:"avatar_url" db:"avatar_url"` + CreatedAt time.Time `json:"created_at" db:"created_at"` Privileges []AccountPrivilege `json:"privileges"` } diff --git a/model/token.go b/model/session.go similarity index 54% rename from model/token.go rename to model/session.go index 31beb72..c1983a1 100644 --- a/model/token.go +++ b/model/session.go @@ -1,11 +1,17 @@ package model -import "time" +import ( + "database/sql" + "time" +) -type Token struct { +type Session struct { Token string `json:"token" db:"token"` - AccountID string `json:"-" db:"account"` UserAgent string `json:"user_agent" db:"user_agent"` CreatedAt time.Time `json:"created_at" db:"created_at"` ExpiresAt time.Time `json:"expires_at" db:"expires_at"` + + Account *Account `json:"-" db:"account"` + Message sql.NullString `json:"-" db:"message"` + Error sql.NullString `json:"-" db:"error"` } diff --git a/public/style/footer.css b/public/style/footer.css index 72cdebb..d9682b1 100644 --- a/public/style/footer.css +++ b/public/style/footer.css @@ -1,11 +1,11 @@ footer { - border-top: 1px solid #888; + border-top: 1px solid #8888; } #footer { - width: min(calc(100% - 4rem), 720px); - margin: auto; - padding: 2rem 0; - color: #aaa; + width: min(calc(100% - 4rem), 720px); + margin: auto; + padding: 2rem 0; + color: #aaa; } diff --git a/public/style/index.css b/public/style/index.css index 363c381..f3cb761 100644 --- a/public/style/index.css +++ b/public/style/index.css @@ -91,7 +91,7 @@ hr { text-align: center; line-height: 0px; border-width: 1px 0 0 0; - border-color: #888f; + border-color: #888; margin: 1.5em 0; overflow: visible; } diff --git a/schema_migration/000-init.sql b/schema_migration/000-init.sql index e11b45f..48b8fbe 100644 --- a/schema_migration/000-init.sql +++ b/schema_migration/000-init.sql @@ -7,7 +7,7 @@ CREATE TABLE arimelody.account ( id uuid DEFAULT gen_random_uuid(), username text NOT NULL UNIQUE, password text NOT NULL, - email text, + email text, avatar_url text, created_at TIMESTAMP DEFAULT current_timestamp ); @@ -28,15 +28,17 @@ CREATE TABLE arimelody.invite ( ); ALTER TABLE arimelody.invite ADD CONSTRAINT invite_pk PRIMARY KEY (code); --- Tokens -CREATE TABLE arimelody.token ( +-- Session +CREATE TABLE arimelody.session ( token TEXT, - account UUID NOT NULL, user_agent TEXT NOT NULL, created_at TIMESTAMP NOT NULL DEFAULT current_timestamp, expires_at TIMESTAMP DEFAULT NULL + account UUID, + message TEXT, + error TEXT, ); -ALTER TABLE arimelody.token ADD CONSTRAINT token_pk PRIMARY KEY (token); +ALTER TABLE arimelody.session ADD CONSTRAINT session_pk PRIMARY KEY (session); -- TOTPs CREATE TABLE arimelody.totp ( @@ -116,7 +118,7 @@ ALTER TABLE arimelody.musicreleasetrack ADD CONSTRAINT musicreleasetrack_pk PRIM -- ALTER TABLE arimelody.privilege ADD CONSTRAINT privilege_account_fk FOREIGN KEY (account) REFERENCES account(id) ON DELETE CASCADE; -ALTER TABLE arimelody.token ADD CONSTRAINT token_account_fk FOREIGN KEY (account) REFERENCES account(id) ON DELETE CASCADE; +ALTER TABLE arimelody.session ADD CONSTRAINT session_account_fk FOREIGN KEY (account) REFERENCES account(id) ON DELETE CASCADE; ALTER TABLE arimelody.totp ADD CONSTRAINT totp_account_fk FOREIGN KEY (account) REFERENCES account(id) ON DELETE CASCADE; ALTER TABLE arimelody.musiccredit ADD CONSTRAINT musiccredit_artist_fk FOREIGN KEY (artist) REFERENCES artist(id) ON DELETE CASCADE ON UPDATE CASCADE; diff --git a/schema_migration/001-pre-versioning.sql b/schema_migration/001-pre-versioning.sql index 62bc15b..76fb1b8 100644 --- a/schema_migration/001-pre-versioning.sql +++ b/schema_migration/001-pre-versioning.sql @@ -1,17 +1,3 @@ --- --- Migration --- - --- Move existing tables to new schema -ALTER TABLE public.artist SET SCHEMA arimelody; -ALTER TABLE public.musicrelease SET SCHEMA arimelody; -ALTER TABLE public.musiclink SET SCHEMA arimelody; -ALTER TABLE public.musiccredit SET SCHEMA arimelody; -ALTER TABLE public.musictrack SET SCHEMA arimelody; -ALTER TABLE public.musicreleasetrack SET SCHEMA arimelody; - - - -- -- New items -- @@ -42,15 +28,17 @@ CREATE TABLE arimelody.invite ( ); ALTER TABLE arimelody.invite ADD CONSTRAINT invite_pk PRIMARY KEY (code); --- Tokens -CREATE TABLE arimelody.token ( +-- Session +CREATE TABLE arimelody.session ( token TEXT, - account UUID NOT NULL, user_agent TEXT NOT NULL, created_at TIMESTAMP NOT NULL DEFAULT current_timestamp, expires_at TIMESTAMP DEFAULT NULL + account UUID, + message TEXT, + error TEXT, ); -ALTER TABLE arimelody.token ADD CONSTRAINT token_pk PRIMARY KEY (token); +ALTER TABLE arimelody.session ADD CONSTRAINT session_pk PRIMARY KEY (session); -- TOTPs CREATE TABLE arimelody.totp ( diff --git a/view/music.go b/view/music.go index cae325f..e3eb449 100644 --- a/view/music.go +++ b/view/music.go @@ -3,7 +3,6 @@ package view import ( "fmt" "net/http" - "os" "arimelody-web/controller" "arimelody-web/model" @@ -60,13 +59,8 @@ func ServeGateway(app *model.AppState, release *model.Release) http.Handler { // only allow authorised users to view hidden releases privileged := false if !release.Visible { - account, err := controller.GetAccountByRequest(app.DB, r) - if err != nil { - fmt.Fprintf(os.Stderr, "WARN: Failed to fetch account: %v\n", err) - http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) - return - } - if account != nil { + session := r.Context().Value("session").(*model.Session) + if session != nil && session.Account != nil { // TODO: check privilege on release privileged = true } From e457e979ff042ca8871ae21404f1c3e5c384e08c Mon Sep 17 00:00:00 2001 From: ari melody Date: Thu, 23 Jan 2025 09:39:40 +0000 Subject: [PATCH 06/99] tidying some things up session message handling is pretty annoying; should look into a better method of doing this --- admin/accounthttp.go | 50 +++++++++++---- admin/http.go | 51 ++++++++------- admin/views/edit-account.html | 5 +- controller/account.go | 6 +- controller/session.go | 6 +- main.go | 83 ++++++++++++++++++------- schema_migration/000-init.sql | 20 +++--- schema_migration/001-pre-versioning.sql | 22 +++---- 8 files changed, 161 insertions(+), 82 deletions(-) diff --git a/admin/accounthttp.go b/admin/accounthttp.go index fc701e7..fc4fed1 100644 --- a/admin/accounthttp.go +++ b/admin/accounthttp.go @@ -17,7 +17,6 @@ func accountHandler(app *model.AppState) http.Handler { mux.Handle("/password", changePasswordHandler(app)) mux.Handle("/delete", deleteAccountHandler(app)) - mux.Handle("/", accountIndexHandler(app)) return mux } @@ -37,6 +36,13 @@ func accountIndexHandler(app *model.AppState) http.Handler { TOTPs []model.TOTP } + sessionMessage := session.Message + sessionError := session.Error + controller.SetSessionMessage(app.DB, session, "") + controller.SetSessionError(app.DB, session, "") + session.Message = sessionMessage + session.Error = sessionError + err = pages["account"].Execute(w, accountResponse{ Session: session, TOTPs: totps, @@ -57,18 +63,39 @@ func changePasswordHandler(app *model.AppState) http.Handler { session := r.Context().Value("session").(*model.Session) + controller.SetSessionMessage(app.DB, session, "") + controller.SetSessionError(app.DB, session, "") + r.ParseForm() currentPassword := r.Form.Get("current-password") if err := bcrypt.CompareHashAndPassword([]byte(session.Account.Password), []byte(currentPassword)); err != nil { - controller.SetSessionMessage(app.DB, session, "Incorrect password.") + controller.SetSessionError(app.DB, session, "Incorrect password.") http.Redirect(w, r, "/admin/account", http.StatusFound) return } newPassword := r.Form.Get("new-password") - controller.SetSessionMessage(app.DB, session, fmt.Sprintf("Updating password to %s", newPassword)) + hashedPassword, err := bcrypt.GenerateFromPassword([]byte(newPassword), bcrypt.DefaultCost) + if err != nil { + fmt.Fprintf(os.Stderr, "WARN: Failed to generate password hash: %v\n", err) + controller.SetSessionError(app.DB, session, "Something went wrong. Please try again.") + http.Redirect(w, r, "/admin/account", http.StatusFound) + return + } + + session.Account.Password = string(hashedPassword) + err = controller.UpdateAccount(app.DB, session.Account) + if err != nil { + fmt.Fprintf(os.Stderr, "WARN: Failed to update account password: %v\n", err) + controller.SetSessionError(app.DB, session, "Something went wrong. Please try again.") + http.Redirect(w, r, "/admin/account", http.StatusFound) + return + } + + controller.SetSessionError(app.DB, session, "") + controller.SetSessionMessage(app.DB, session, "Password updated successfully.") http.Redirect(w, r, "/admin/account", http.StatusFound) }) } @@ -97,10 +124,10 @@ func deleteAccountHandler(app *model.AppState) http.Handler { if err := bcrypt.CompareHashAndPassword([]byte(session.Account.Password), []byte(r.Form.Get("password"))); err != nil { fmt.Printf( "[%s] WARN: Account \"%s\" attempted account deletion with incorrect password.\n", - time.Now().Format("2006-02-01 15:04:05"), + time.Now().Format(time.UnixDate), session.Account.Username, ) - controller.SetSessionMessage(app.DB, session, "Incorrect password.") + controller.SetSessionError(app.DB, session, "Incorrect password.") http.Redirect(w, r, "/admin/account", http.StatusFound) return } @@ -108,35 +135,36 @@ func deleteAccountHandler(app *model.AppState) http.Handler { totpMethod, err := controller.CheckTOTPForAccount(app.DB, session.Account.ID, r.Form.Get("totp")) if err != nil { fmt.Fprintf(os.Stderr, "Failed to fetch account: %v\n", err) - controller.SetSessionMessage(app.DB, session, "Something went wrong. Please try again.") + controller.SetSessionError(app.DB, session, "Something went wrong. Please try again.") http.Redirect(w, r, "/admin/account", http.StatusFound) return } if totpMethod == nil { fmt.Printf( "[%s] WARN: Account \"%s\" attempted account deletion with incorrect TOTP.\n", - time.Now().Format("2006-02-01 15:04:05"), + time.Now().Format(time.UnixDate), session.Account.Username, ) - controller.SetSessionMessage(app.DB, session, "Incorrect TOTP.") + controller.SetSessionError(app.DB, session, "Incorrect TOTP.") http.Redirect(w, r, "/admin/account", http.StatusFound) } err = controller.DeleteAccount(app.DB, session.Account.ID) if err != nil { fmt.Fprintf(os.Stderr, "Failed to delete account: %v\n", err) - controller.SetSessionMessage(app.DB, session, "Something went wrong. Please try again.") + controller.SetSessionError(app.DB, session, "Something went wrong. Please try again.") http.Redirect(w, r, "/admin/account", http.StatusFound) return } fmt.Printf( "[%s] INFO: Account \"%s\" deleted by user request.\n", - time.Now().Format("2006-02-01 15:04:05"), + time.Now().Format(time.UnixDate), session.Account.Username, ) - session.Account = nil + controller.SetSessionAccount(app.DB, session, nil) + controller.SetSessionError(app.DB, session, "") controller.SetSessionMessage(app.DB, session, "Account deleted successfully.") http.Redirect(w, r, "/admin/login", http.StatusFound) }) diff --git a/admin/http.go b/admin/http.go index ad0d44e..5fcce01 100644 --- a/admin/http.go +++ b/admin/http.go @@ -93,8 +93,8 @@ func AdminIndexHandler(app *model.AppState) http.Handler { func registerAccountHandler(app *model.AppState) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { session := r.Context().Value("session").(*model.Session) - session.Error = sql.NullString{} - session.Message = sql.NullString{} + controller.SetSessionError(app.DB, session, "") + controller.SetSessionMessage(app.DB, session, "") if session.Account != nil { // user is already logged in @@ -102,8 +102,12 @@ func registerAccountHandler(app *model.AppState) http.Handler { return } + type registerData struct { + Session *model.Session + } + render := func() { - err := pages["register"].Execute(w, session) + err := pages["register"].Execute(w, registerData{ Session: session }) if err != nil { fmt.Printf("WARN: Error rendering create account page: %s\n", err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) @@ -122,7 +126,7 @@ func registerAccountHandler(app *model.AppState) http.Handler { err := r.ParseForm() if err != nil { - session.Error = sql.NullString{ String: "Malformed data.", Valid: true } + controller.SetSessionError(app.DB, session, "Malformed data.") render() return } @@ -144,7 +148,7 @@ func registerAccountHandler(app *model.AppState) http.Handler { invite, err := controller.GetInvite(app.DB, credentials.Invite) if err != nil { fmt.Fprintf(os.Stderr, "WARN: Failed to retrieve invite: %v\n", err) - session.Error = sql.NullString{ String: "Something went wrong. Please try again.", Valid: true } + controller.SetSessionError(app.DB, session, "Something went wrong. Please try again.") render() return } @@ -153,7 +157,7 @@ func registerAccountHandler(app *model.AppState) http.Handler { err := controller.DeleteInvite(app.DB, invite.Code) if err != nil { fmt.Fprintf(os.Stderr, "WARN: Failed to delete expired invite: %v\n", err) } } - session.Error = sql.NullString{ String: "Invalid invite code.", Valid: true } + controller.SetSessionError(app.DB, session, "Invalid invite code.") render() return } @@ -161,7 +165,7 @@ func registerAccountHandler(app *model.AppState) http.Handler { hashedPassword, err := bcrypt.GenerateFromPassword([]byte(credentials.Password), bcrypt.DefaultCost) if err != nil { fmt.Fprintf(os.Stderr, "WARN: Failed to generate password hash: %v\n", err) - session.Error = sql.NullString{ String: "Something went wrong. Please try again.", Valid: true } + controller.SetSessionError(app.DB, session, "Something went wrong. Please try again.") render() return } @@ -175,16 +179,23 @@ func registerAccountHandler(app *model.AppState) http.Handler { err = controller.CreateAccount(app.DB, &account) if err != nil { if strings.HasPrefix(err.Error(), "pq: duplicate key") { - session.Error = sql.NullString{ String: "An account with that username already exists.", Valid: true } + controller.SetSessionError(app.DB, session, "An account with that username already exists.") render() return } fmt.Fprintf(os.Stderr, "WARN: Failed to create account: %v\n", err) - session.Error = sql.NullString{ String: "Something went wrong. Please try again.", Valid: true } + controller.SetSessionError(app.DB, session, "Something went wrong. Please try again.") render() return } + fmt.Printf( + "[%s]: Account registered: %s (%s)\n", + time.Now().Format(time.UnixDate), + account.Username, + account.ID, + ) + err = controller.DeleteInvite(app.DB, invite.Code) if err != nil { fmt.Fprintf(os.Stderr, "WARN: Failed to delete expired invite: %v\n", err) } @@ -229,7 +240,7 @@ func loginHandler(app *model.AppState) http.Handler { err := r.ParseForm() if err != nil { - session.Error = sql.NullString{ String: "Malformed data.", Valid: true } + controller.SetSessionError(app.DB, session, "Malformed data.") render() return } @@ -253,12 +264,12 @@ func loginHandler(app *model.AppState) http.Handler { account, err := controller.GetAccountByUsername(app.DB, credentials.Username) if err != nil { fmt.Fprintf(os.Stderr, "WARN: Failed to fetch account for login: %v\n", err) - session.Error = sql.NullString{ String: "Invalid username or password.", Valid: true } + controller.SetSessionError(app.DB, session, "Invalid username or password.") render() return } if account == nil { - session.Error = sql.NullString{ String: "Invalid username or password.", Valid: true } + controller.SetSessionError(app.DB, session, "Invalid username or password.") render() return } @@ -267,10 +278,10 @@ func loginHandler(app *model.AppState) http.Handler { if err != nil { fmt.Printf( "[%s] INFO: Account \"%s\" attempted login with incorrect password.\n", - time.Now().Format("2006-02-01 15:04:05"), + time.Now().Format(time.UnixDate), account.Username, ) - session.Error = sql.NullString{ String: "Invalid username or password.", Valid: true } + controller.SetSessionError(app.DB, session, "Invalid username or password.") render() return } @@ -278,12 +289,12 @@ func loginHandler(app *model.AppState) http.Handler { totpMethod, err := controller.CheckTOTPForAccount(app.DB, account.ID, credentials.TOTP) if err != nil { fmt.Fprintf(os.Stderr, "WARN: Failed to fetch TOTPs: %v\n", err) - session.Error = sql.NullString{ String: "Something went wrong. Please try again.", Valid: true } + controller.SetSessionError(app.DB, session, "Something went wrong. Please try again.") render() return } if totpMethod == nil { - session.Error = sql.NullString{ String: "Invalid TOTP.", Valid: true } + controller.SetSessionError(app.DB, session, "Invalid TOTP.") render() return } @@ -291,7 +302,7 @@ func loginHandler(app *model.AppState) http.Handler { // TODO: log login activity to user fmt.Printf( "[%s] INFO: Account \"%s\" logged in with method \"%s\"\n", - time.Now().Format("2006-02-01 15:04:05"), + time.Now().Format(time.UnixDate), account.Username, totpMethod.Name, ) @@ -379,11 +390,7 @@ func enforceSession(app *model.AppState, next http.Handler) http.Handler { // fetch existing session session, err = controller.GetSession(app.DB, sessionCookie.Value) - if err != nil { - if strings.Contains(err.Error(), "no rows") { - http.Error(w, "Invalid session. Please try clearing your cookies and refresh.", http.StatusBadRequest) - return - } + if err != nil && !strings.Contains(err.Error(), "no rows") { fmt.Fprintf(os.Stderr, "WARN: Failed to retrieve session: %v\n", err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) return diff --git a/admin/views/edit-account.html b/admin/views/edit-account.html index 0acfaf5..18a6dca 100644 --- a/admin/views/edit-account.html +++ b/admin/views/edit-account.html @@ -52,7 +52,10 @@

You have no MFA devices.

{{end}} - +
+ + Add TOTP Device +
diff --git a/controller/account.go b/controller/account.go index 8272bad..0cf3364 100644 --- a/controller/account.go +++ b/controller/account.go @@ -108,7 +108,7 @@ func CreateAccount(db *sqlx.DB, account *model.Account) error { func UpdateAccount(db *sqlx.DB, account *model.Account) error { _, err := db.Exec( "UPDATE account " + - "SET username=$2, password=$3, email=$4, avatar_url=$5) " + + "SET username=$2,password=$3,email=$4,avatar_url=$5 " + "WHERE id=$1", account.ID, account.Username, @@ -120,7 +120,7 @@ func UpdateAccount(db *sqlx.DB, account *model.Account) error { return err } -func DeleteAccount(db *sqlx.DB, username string) error { - _, err := db.Exec("DELETE FROM account WHERE username=$1", username) +func DeleteAccount(db *sqlx.DB, accountID string) error { + _, err := db.Exec("DELETE FROM account WHERE id=$1", accountID) return err } diff --git a/controller/session.go b/controller/session.go index 2a2a19e..c9c4cbb 100644 --- a/controller/session.go +++ b/controller/session.go @@ -63,6 +63,7 @@ func SetSessionAccount(db *sqlx.DB, session *model.Session, account *model.Accou func SetSessionMessage(db *sqlx.DB, session *model.Session, message string) error { var err error if message == "" { + if !session.Message.Valid { return nil } session.Message = sql.NullString{ } _, err = db.Exec("UPDATE session SET message=NULL WHERE token=$1", session.Token) } else { @@ -75,10 +76,11 @@ func SetSessionMessage(db *sqlx.DB, session *model.Session, message string) erro func SetSessionError(db *sqlx.DB, session *model.Session, message string) error { var err error if message == "" { - session.Message = sql.NullString{ } + if !session.Error.Valid { return nil } + session.Error = sql.NullString{ } _, err = db.Exec("UPDATE session SET error=NULL WHERE token=$1", session.Token) } else { - session.Message = sql.NullString{ String: message, Valid: true } + session.Error = sql.NullString{ String: message, Valid: true } _, err = db.Exec("UPDATE session SET error=$2 WHERE token=$1", session.Token, message) } return err diff --git a/main.go b/main.go index 9c5b38a..251d9a9 100644 --- a/main.go +++ b/main.go @@ -4,6 +4,7 @@ import ( "errors" "fmt" "log" + "math" "math/rand" "net/http" "os" @@ -22,6 +23,7 @@ import ( "github.com/jmoiron/sqlx" _ "github.com/lib/pq" + "golang.org/x/crypto/bcrypt" ) // used for database migrations @@ -91,12 +93,12 @@ func main() { account, err := controller.GetAccountByUsername(app.DB, username) if err != nil { - fmt.Fprintf(os.Stderr, "Failed to fetch account \"%s\": %v\n", username, err) + fmt.Fprintf(os.Stderr, "FATAL: Failed to fetch account \"%s\": %v\n", username, err) os.Exit(1) } if account == nil { - fmt.Fprintf(os.Stderr, "Account \"%s\" does not exist.\n", username) + fmt.Fprintf(os.Stderr, "FATAL: Account \"%s\" does not exist.\n", username) os.Exit(1) } @@ -109,10 +111,10 @@ func main() { err = controller.CreateTOTP(app.DB, &totp) if err != nil { if strings.HasPrefix(err.Error(), "pq: duplicate key") { - fmt.Fprintf(os.Stderr, "Account \"%s\" already has a TOTP method named \"%s\"!\n", account.Username, totp.Name) + fmt.Fprintf(os.Stderr, "FATAL: Account \"%s\" already has a TOTP method named \"%s\"!\n", account.Username, totp.Name) os.Exit(1) } - fmt.Fprintf(os.Stderr, "Failed to create TOTP method: %v\n", err) + fmt.Fprintf(os.Stderr, "FATAL: Failed to create TOTP method: %v\n", err) os.Exit(1) } @@ -130,18 +132,18 @@ func main() { account, err := controller.GetAccountByUsername(app.DB, username) if err != nil { - fmt.Fprintf(os.Stderr, "Failed to fetch account \"%s\": %v\n", username, err) + fmt.Fprintf(os.Stderr, "FATAL: Failed to fetch account \"%s\": %v\n", username, err) os.Exit(1) } if account == nil { - fmt.Fprintf(os.Stderr, "Account \"%s\" does not exist.\n", username) + fmt.Fprintf(os.Stderr, "FATAL: Account \"%s\" does not exist.\n", username) os.Exit(1) } err = controller.DeleteTOTP(app.DB, account.ID, totpName) if err != nil { - fmt.Fprintf(os.Stderr, "Failed to create TOTP method: %v\n", err) + fmt.Fprintf(os.Stderr, "FATAL: Failed to create TOTP method: %v\n", err) os.Exit(1) } @@ -157,18 +159,18 @@ func main() { account, err := controller.GetAccountByUsername(app.DB, username) if err != nil { - fmt.Fprintf(os.Stderr, "Failed to fetch account \"%s\": %v\n", username, err) + fmt.Fprintf(os.Stderr, "FATAL: Failed to fetch account \"%s\": %v\n", username, err) os.Exit(1) } if account == nil { - fmt.Fprintf(os.Stderr, "Account \"%s\" does not exist.\n", username) + fmt.Fprintf(os.Stderr, "FATAL: Account \"%s\" does not exist.\n", username) os.Exit(1) } totps, err := controller.GetTOTPsForAccount(app.DB, account.ID) if err != nil { - fmt.Fprintf(os.Stderr, "Failed to create TOTP methods: %v\n", err) + fmt.Fprintf(os.Stderr, "FATAL: Failed to create TOTP methods: %v\n", err) os.Exit(1) } @@ -190,23 +192,23 @@ func main() { account, err := controller.GetAccountByUsername(app.DB, username) if err != nil { - fmt.Fprintf(os.Stderr, "Failed to fetch account \"%s\": %v\n", username, err) + fmt.Fprintf(os.Stderr, "FATAL: Failed to fetch account \"%s\": %v\n", username, err) os.Exit(1) } if account == nil { - fmt.Fprintf(os.Stderr, "Account \"%s\" does not exist.\n", username) + fmt.Fprintf(os.Stderr, "FATAL: Account \"%s\" does not exist.\n", username) os.Exit(1) } totp, err := controller.GetTOTP(app.DB, account.ID, totpName) if err != nil { - fmt.Fprintf(os.Stderr, "Failed to fetch TOTP method \"%s\": %v\n", totpName, err) + fmt.Fprintf(os.Stderr, "FATAL: Failed to fetch TOTP method \"%s\": %v\n", totpName, err) os.Exit(1) } if totp == nil { - fmt.Fprintf(os.Stderr, "TOTP method \"%s\" does not exist for account \"%s\"\n", totpName, username) + fmt.Fprintf(os.Stderr, "FATAL: TOTP method \"%s\" does not exist for account \"%s\"\n", totpName, username) os.Exit(1) } @@ -218,18 +220,22 @@ func main() { fmt.Printf("Creating invite...\n") invite, err := controller.CreateInvite(app.DB, 16, time.Hour * 24) if err != nil { - fmt.Fprintf(os.Stderr, "Failed to create invite code: %v\n", err) + fmt.Fprintf(os.Stderr, "FATAL: Failed to create invite code: %v\n", err) os.Exit(1) } - fmt.Printf("Here you go! This code expires in 24 hours: %s\n", invite.Code) + fmt.Printf( + "Here you go! This code expires in %d hours: %s\n", + int(math.Ceil(invite.ExpiresAt.Sub(invite.CreatedAt).Hours())), + invite.Code, + ) return case "purgeInvites": fmt.Printf("Deleting all invites...\n") err := controller.DeleteAllInvites(app.DB) if err != nil { - fmt.Fprintf(os.Stderr, "Failed to delete invites: %v\n", err) + fmt.Fprintf(os.Stderr, "FATAL: Failed to delete invites: %v\n", err) os.Exit(1) } @@ -239,7 +245,7 @@ func main() { case "listAccounts": accounts, err := controller.GetAllAccounts(app.DB) if err != nil { - fmt.Fprintf(os.Stderr, "Failed to fetch accounts: %v\n", err) + fmt.Fprintf(os.Stderr, "FATAL: Failed to fetch accounts: %v\n", err) os.Exit(1) } @@ -259,6 +265,39 @@ func main() { } return + case "changePassword": + if len(os.Args) < 4 { + fmt.Fprintf(os.Stderr, "FATAL: `username` and `password` must be specified for changePassword\n") + os.Exit(1) + } + + username := os.Args[2] + password := os.Args[3] + account, err := controller.GetAccountByUsername(app.DB, username) + if err != nil { + fmt.Fprintf(os.Stderr, "FATAL: Failed to fetch account \"%s\": %v\n", username, err) + os.Exit(1) + } + if account == nil { + fmt.Fprintf(os.Stderr, "FATAL: Account \"%s\" does not exist.\n", username) + os.Exit(1) + } + + hashedPassword, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost) + if err != nil { + fmt.Fprintf(os.Stderr, "FATAL: Failed to update password: %v\n", err) + os.Exit(1) + } + account.Password = string(hashedPassword) + err = controller.UpdateAccount(app.DB, account) + if err != nil { + fmt.Fprintf(os.Stderr, "FATAL: Failed to delete account: %v\n", err) + os.Exit(1) + } + + fmt.Printf("Account \"%s\" deleted successfully.\n", account.Username) + return + case "deleteAccount": if len(os.Args) < 3 { fmt.Fprintf(os.Stderr, "FATAL: `username` must be specified for deleteAccount\n") @@ -269,12 +308,12 @@ func main() { account, err := controller.GetAccountByUsername(app.DB, username) if err != nil { - fmt.Fprintf(os.Stderr, "Failed to fetch account \"%s\": %v\n", username, err) + fmt.Fprintf(os.Stderr, "FATAL: Failed to fetch account \"%s\": %v\n", username, err) os.Exit(1) } if account == nil { - fmt.Fprintf(os.Stderr, "Account \"%s\" does not exist.\n", username) + fmt.Fprintf(os.Stderr, "FATAL: Account \"%s\" does not exist.\n", username) os.Exit(1) } @@ -285,9 +324,9 @@ func main() { return } - err = controller.DeleteAccount(app.DB, username) + err = controller.DeleteAccount(app.DB, account.ID) if err != nil { - fmt.Fprintf(os.Stderr, "Failed to delete account: %v\n", err) + fmt.Fprintf(os.Stderr, "FATAL: Failed to delete account: %v\n", err) os.Exit(1) } diff --git a/schema_migration/000-init.sql b/schema_migration/000-init.sql index 48b8fbe..ff5c1af 100644 --- a/schema_migration/000-init.sql +++ b/schema_migration/000-init.sql @@ -4,19 +4,19 @@ -- Accounts CREATE TABLE arimelody.account ( - id uuid DEFAULT gen_random_uuid(), - username text NOT NULL UNIQUE, - password text NOT NULL, - email text, - avatar_url text, + id UUID DEFAULT gen_random_uuid(), + username TEXT NOT NULL UNIQUE, + password TEXT NOT NULL, + email TEXT, + avatar_url TEXT, created_at TIMESTAMP DEFAULT current_timestamp ); ALTER TABLE arimelody.account ADD CONSTRAINT account_pk PRIMARY KEY (id); -- Privilege CREATE TABLE arimelody.privilege ( - account uuid NOT NULL, - privilege text NOT NULL + account UUID NOT NULL, + privilege TEXT NOT NULL ); ALTER TABLE arimelody.privilege ADD CONSTRAINT privilege_pk PRIMARY KEY (account, privilege); @@ -33,12 +33,12 @@ CREATE TABLE arimelody.session ( token TEXT, user_agent TEXT NOT NULL, created_at TIMESTAMP NOT NULL DEFAULT current_timestamp, - expires_at TIMESTAMP DEFAULT NULL + expires_at TIMESTAMP DEFAULT NULL, account UUID, message TEXT, - error TEXT, + error TEXT ); -ALTER TABLE arimelody.session ADD CONSTRAINT session_pk PRIMARY KEY (session); +ALTER TABLE arimelody.session ADD CONSTRAINT session_pk PRIMARY KEY (token); -- TOTPs CREATE TABLE arimelody.totp ( diff --git a/schema_migration/001-pre-versioning.sql b/schema_migration/001-pre-versioning.sql index 76fb1b8..cd0c061 100644 --- a/schema_migration/001-pre-versioning.sql +++ b/schema_migration/001-pre-versioning.sql @@ -2,21 +2,21 @@ -- New items -- --- Acounts +-- Accounts CREATE TABLE arimelody.account ( - id uuid DEFAULT gen_random_uuid(), - username text NOT NULL UNIQUE, - password text NOT NULL, - email text, - avatar_url text, + id UUID DEFAULT gen_random_uuid(), + username TEXT NOT NULL UNIQUE, + password TEXT NOT NULL, + email TEXT, + avatar_url TEXT, created_at TIMESTAMP DEFAULT current_timestamp ); ALTER TABLE arimelody.account ADD CONSTRAINT account_pk PRIMARY KEY (id); -- Privilege CREATE TABLE arimelody.privilege ( - account uuid NOT NULL, - privilege text NOT NULL + account UUID NOT NULL, + privilege TEXT NOT NULL ); ALTER TABLE arimelody.privilege ADD CONSTRAINT privilege_pk PRIMARY KEY (account, privilege); @@ -33,12 +33,12 @@ CREATE TABLE arimelody.session ( token TEXT, user_agent TEXT NOT NULL, created_at TIMESTAMP NOT NULL DEFAULT current_timestamp, - expires_at TIMESTAMP DEFAULT NULL + expires_at TIMESTAMP DEFAULT NULL, account UUID, message TEXT, - error TEXT, + error TEXT ); -ALTER TABLE arimelody.session ADD CONSTRAINT session_pk PRIMARY KEY (session); +ALTER TABLE arimelody.session ADD CONSTRAINT session_pk PRIMARY KEY (token); -- TOTPs CREATE TABLE arimelody.totp ( From 50cbce92fcde5ada0eae1e0fa8b2072737ffdc5d Mon Sep 17 00:00:00 2001 From: ari melody Date: Thu, 23 Jan 2025 12:09:33 +0000 Subject: [PATCH 07/99] TOTP methods can now be created on the frontend! --- admin/accounthttp.go | 180 ++++++++++++++++++++++++++++++++++ admin/http.go | 12 +-- admin/static/admin.css | 29 +++++- admin/static/edit-account.css | 4 - admin/templates.go | 10 ++ admin/views/edit-account.html | 2 +- admin/views/login.html | 20 +--- admin/views/register.html | 18 +--- admin/views/totp-confirm.html | 34 +++++++ admin/views/totp-setup.html | 20 ++++ controller/totp.go | 22 +++-- 11 files changed, 295 insertions(+), 56 deletions(-) create mode 100644 admin/views/totp-confirm.html create mode 100644 admin/views/totp-setup.html diff --git a/admin/accounthttp.go b/admin/accounthttp.go index fc4fed1..b5deca2 100644 --- a/admin/accounthttp.go +++ b/admin/accounthttp.go @@ -3,6 +3,7 @@ package admin import ( "fmt" "net/http" + "net/url" "os" "time" @@ -15,6 +16,10 @@ import ( func accountHandler(app *model.AppState) http.Handler { mux := http.NewServeMux() + mux.Handle("/totp-setup", totpSetupHandler(app)) + mux.Handle("/totp-confirm", totpConfirmHandler(app)) + mux.Handle("/totp-delete/", http.StripPrefix("/totp-delete", totpDeleteHandler(app))) + mux.Handle("/password", changePasswordHandler(app)) mux.Handle("/delete", deleteAccountHandler(app)) @@ -169,3 +174,178 @@ func deleteAccountHandler(app *model.AppState) http.Handler { http.Redirect(w, r, "/admin/login", http.StatusFound) }) } + +func totpSetupHandler(app *model.AppState) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + if r.Method == http.MethodGet { + type totpSetupData struct { + Session *model.Session + } + + session := r.Context().Value("session").(*model.Session) + + err := pages["totp-setup"].Execute(w, totpSetupData{ Session: session }) + if err != nil { + fmt.Printf("WARN: Failed to render TOTP setup page: %s\n", err) + http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) + } + return + } + + if r.Method != http.MethodPost { + http.NotFound(w, r) + return + } + + type totpSetupData struct { + Session *model.Session + TOTP *model.TOTP + NameEscaped string + } + + err := r.ParseForm() + if err != nil { + http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest) + return + } + + name := r.FormValue("totp-name") + if len(name) == 0 { + http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest) + return + } + + session := r.Context().Value("session").(*model.Session) + + secret := controller.GenerateTOTPSecret(controller.TOTP_SECRET_LENGTH) + totp := model.TOTP { + AccountID: session.Account.ID, + Name: name, + Secret: string(secret), + } + err = controller.CreateTOTP(app.DB, &totp) + if err != nil { + fmt.Printf("WARN: Failed to create TOTP method: %s\n", err) + controller.SetSessionError(app.DB, session, "Something went wrong. Please try again.") + err := pages["totp-setup"].Execute(w, totpSetupData{ Session: session }) + if err != nil { + fmt.Printf("WARN: Failed to render TOTP setup page: %s\n", err) + http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) + } + return + } + + err = pages["totp-confirm"].Execute(w, totpSetupData{ + Session: session, + TOTP: &totp, + NameEscaped: url.PathEscape(totp.Name), + }) + if err != nil { + fmt.Printf("WARN: Failed to render TOTP confirm page: %s\n", err) + http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) + } + }) +} + +func totpConfirmHandler(app *model.AppState) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + if r.Method != http.MethodPost { + http.NotFound(w, r) + return + } + + type totpConfirmData struct { + Session *model.Session + TOTP *model.TOTP + } + + session := r.Context().Value("session").(*model.Session) + + err := r.ParseForm() + if err != nil { + http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest) + return + } + name := r.FormValue("totp-name") + if len(name) == 0 { + http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest) + return + } + code := r.FormValue("totp") + if len(code) != controller.TOTP_CODE_LENGTH { + http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest) + return + } + + totp, err := controller.GetTOTP(app.DB, session.Account.ID, name) + if err != nil { + fmt.Printf("WARN: Failed to fetch TOTP method: %s\n", err) + controller.SetSessionError(app.DB, session, "Something went wrong. Please try again.") + http.Redirect(w, r, "/admin/account", http.StatusFound) + return + } + if totp == nil { + http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest) + return + } + + confirmCode := controller.GenerateTOTP(totp.Secret, 0) + if code != confirmCode { + confirmCodeOffset := controller.GenerateTOTP(totp.Secret, 1) + if code != confirmCodeOffset { + controller.SetSessionError(app.DB, session, "Incorrect TOTP code. Please try again.") + err = pages["totp-confirm"].Execute(w, totpConfirmData{ + Session: session, + TOTP: totp, + }) + return + } + } + + controller.SetSessionError(app.DB, session, "") + controller.SetSessionMessage(app.DB, session, fmt.Sprintf("TOTP method \"%s\" created successfully.", totp.Name)) + http.Redirect(w, r, "/admin/account", http.StatusFound) + }) +} + +func totpDeleteHandler(app *model.AppState) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + if r.Method != http.MethodGet { + http.NotFound(w, r) + return + } + + name := r.URL.Path + fmt.Printf("%s\n", name); + if len(name) == 0 { + http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest) + return + } + + session := r.Context().Value("session").(*model.Session) + + totp, err := controller.GetTOTP(app.DB, session.Account.ID, name) + if err != nil { + fmt.Printf("WARN: Failed to fetch TOTP method: %s\n", err) + controller.SetSessionError(app.DB, session, "Something went wrong. Please try again.") + http.Redirect(w, r, "/admin/account", http.StatusFound) + return + } + if totp == nil { + http.NotFound(w, r) + return + } + + err = controller.DeleteTOTP(app.DB, session.Account.ID, totp.Name) + if err != nil { + fmt.Printf("WARN: Failed to delete TOTP method: %s\n", err) + controller.SetSessionError(app.DB, session, "Something went wrong. Please try again.") + http.Redirect(w, r, "/admin/account", http.StatusFound) + return + } + + controller.SetSessionError(app.DB, session, "") + controller.SetSessionMessage(app.DB, session, fmt.Sprintf("TOTP method \"%s\" deleted successfully.", totp.Name)) + http.Redirect(w, r, "/admin/account", http.StatusFound) + }) +} diff --git a/admin/http.go b/admin/http.go index 5fcce01..7dd5207 100644 --- a/admin/http.go +++ b/admin/http.go @@ -93,8 +93,6 @@ func AdminIndexHandler(app *model.AppState) http.Handler { func registerAccountHandler(app *model.AppState) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { session := r.Context().Value("session").(*model.Session) - controller.SetSessionError(app.DB, session, "") - controller.SetSessionMessage(app.DB, session, "") if session.Account != nil { // user is already logged in @@ -126,8 +124,7 @@ func registerAccountHandler(app *model.AppState) http.Handler { err := r.ParseForm() if err != nil { - controller.SetSessionError(app.DB, session, "Malformed data.") - render() + http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest) return } @@ -201,6 +198,8 @@ func registerAccountHandler(app *model.AppState) http.Handler { // registration success! controller.SetSessionAccount(app.DB, session, &account) + controller.SetSessionMessage(app.DB, session, "") + controller.SetSessionError(app.DB, session, "") http.Redirect(w, r, "/admin", http.StatusFound) }) } @@ -240,8 +239,7 @@ func loginHandler(app *model.AppState) http.Handler { err := r.ParseForm() if err != nil { - controller.SetSessionError(app.DB, session, "Malformed data.") - render() + http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest) return } @@ -309,6 +307,8 @@ func loginHandler(app *model.AppState) http.Handler { // login success! controller.SetSessionAccount(app.DB, session, account) + controller.SetSessionMessage(app.DB, session, "") + controller.SetSessionError(app.DB, session, "") http.Redirect(w, r, "/admin", http.StatusFound) }) } diff --git a/admin/static/admin.css b/admin/static/admin.css index 45d67a4..cbb827e 100644 --- a/admin/static/admin.css +++ b/admin/static/admin.css @@ -146,7 +146,7 @@ a img.icon { -a.delete { +a.delete:not(.button) { color: #d22828; } @@ -197,3 +197,30 @@ button:active, .button:active { opacity: .5; cursor: not-allowed !important; } + + + +form { + width: 100%; + display: block; +} +label { + width: 100%; + margin: 1rem 0 .5rem 0; + display: block; + color: #10101080; +} +input { + margin: .5rem 0; + padding: .3rem .5rem; + display: block; + border-radius: 4px; + border: 1px solid #808080; + font-size: inherit; + font-family: inherit; + color: inherit; +} +input[disabled] { + opacity: .5; + cursor: not-allowed; +} diff --git a/admin/static/edit-account.css b/admin/static/edit-account.css index 52fb756..37351b2 100644 --- a/admin/static/edit-account.css +++ b/admin/static/edit-account.css @@ -4,10 +4,6 @@ div.card { margin-bottom: 2rem; } -form button { - margin-top: 1rem; -} - label { width: 100%; margin: 1rem 0 .5rem 0; diff --git a/admin/templates.go b/admin/templates.go index 1021832..3bae106 100644 --- a/admin/templates.go +++ b/admin/templates.go @@ -33,6 +33,16 @@ var pages = map[string]*template.Template{ filepath.Join("views", "prideflag.html"), filepath.Join("admin", "views", "edit-account.html"), )), + "totp-setup": template.Must(template.ParseFiles( + filepath.Join("admin", "views", "layout.html"), + filepath.Join("views", "prideflag.html"), + filepath.Join("admin", "views", "totp-setup.html"), + )), + "totp-confirm": template.Must(template.ParseFiles( + filepath.Join("admin", "views", "layout.html"), + filepath.Join("views", "prideflag.html"), + filepath.Join("admin", "views", "totp-confirm.html"), + )), "release": template.Must(template.ParseFiles( filepath.Join("admin", "views", "layout.html"), diff --git a/admin/views/edit-account.html b/admin/views/edit-account.html index 18a6dca..b1d083a 100644 --- a/admin/views/edit-account.html +++ b/admin/views/edit-account.html @@ -44,7 +44,7 @@

Added: {{.CreatedAt}}

{{end}} diff --git a/admin/views/login.html b/admin/views/login.html index e8581e8..b77af83 100644 --- a/admin/views/login.html +++ b/admin/views/login.html @@ -11,7 +11,7 @@ a.discord { color: #5865F2; } -form { +form#login { width: 100%; display: flex; flex-direction: column; @@ -26,26 +26,8 @@ form button { margin-top: 1rem; } -label { - width: 100%; - margin: 1rem 0 .5rem 0; - display: block; - color: #10101080; -} input { width: 100%; - margin: .5rem 0; - padding: .3rem .5rem; - display: block; - border-radius: 4px; - border: 1px solid #808080; - font-size: inherit; - font-family: inherit; - color: inherit; -} -input[disabled] { - opacity: .5; - cursor: not-allowed; } {{end}} diff --git a/admin/views/register.html b/admin/views/register.html index 8899fd9..94170c9 100644 --- a/admin/views/register.html +++ b/admin/views/register.html @@ -11,7 +11,7 @@ a.discord { color: #5865F2; } -form { +form#register { width: 100%; display: flex; flex-direction: column; @@ -26,22 +26,8 @@ form button { margin-top: 1rem; } -label { - width: 100%; - margin: 1rem 0 .5rem 0; - display: block; - color: #10101080; -} input { width: 100%; - margin: .5rem 0; - padding: .3rem .5rem; - display: block; - border-radius: 4px; - border: 1px solid #808080; - font-size: inherit; - font-family: inherit; - color: inherit; } {{end}} @@ -52,7 +38,7 @@ input {

{{html .Session.Error.String}}

{{end}} - +
diff --git a/admin/views/totp-confirm.html b/admin/views/totp-confirm.html new file mode 100644 index 0000000..af6b6e1 --- /dev/null +++ b/admin/views/totp-confirm.html @@ -0,0 +1,34 @@ +{{define "head"}} +TOTP Confirmation - ari melody 💫 + + + +{{end}} + +{{define "content"}} +
+ {{if .Session.Error.Valid}} +

{{html .Session.Error.String}}

+ {{end}} + + +

Your TOTP secret: {{.TOTP.Secret}}

+ + + +

+ Please store this into your two-factor authentication app or + password manager, then enter your code below: +

+ + + + + + +
+{{end}} diff --git a/admin/views/totp-setup.html b/admin/views/totp-setup.html new file mode 100644 index 0000000..62b9daf --- /dev/null +++ b/admin/views/totp-setup.html @@ -0,0 +1,20 @@ +{{define "head"}} +TOTP Setup - ari melody 💫 + + +{{end}} + +{{define "content"}} +
+ {{if .Session.Error.Valid}} +

{{html .Session.Error.String}}

+ {{end}} + +
+ + + + +
+
+{{end}} diff --git a/controller/totp.go b/controller/totp.go index 83a5b1c..02f1c4b 100644 --- a/controller/totp.go +++ b/controller/totp.go @@ -17,9 +17,9 @@ import ( "github.com/jmoiron/sqlx" ) -const TOTP_SECRET_LENGTH = 64 -const TIME_STEP int64 = 30 -const CODE_LENGTH = 6 +const TOTP_SECRET_LENGTH = 32 +const TOTP_TIME_STEP int64 = 30 +const TOTP_CODE_LENGTH = 6 func GenerateTOTP(secret string, timeStepOffset int) string { decodedSecret, err := base32.StdEncoding.WithPadding(base32.NoPadding).DecodeString(secret) @@ -27,7 +27,7 @@ func GenerateTOTP(secret string, timeStepOffset int) string { fmt.Fprintf(os.Stderr, "WARN: Invalid Base32 secret\n") } - counter := time.Now().Unix() / TIME_STEP - int64(timeStepOffset) + counter := time.Now().Unix() / TOTP_TIME_STEP - int64(timeStepOffset) counterBytes := make([]byte, 8) binary.BigEndian.PutUint64(counterBytes, uint64(counter)) @@ -37,9 +37,9 @@ func GenerateTOTP(secret string, timeStepOffset int) string { offset := hash[len(hash) - 1] & 0x0f binaryCode := int32(binary.BigEndian.Uint32(hash[offset : offset + 4]) & 0x7FFFFFFF) - code := binaryCode % int32(math.Pow10(CODE_LENGTH)) + code := binaryCode % int32(math.Pow10(TOTP_CODE_LENGTH)) - return fmt.Sprintf(fmt.Sprintf("%%0%dd", CODE_LENGTH), code) + return fmt.Sprintf(fmt.Sprintf("%%0%dd", TOTP_CODE_LENGTH), code) } func GenerateTOTPSecret(length int) string { @@ -65,8 +65,8 @@ func GenerateTOTPURI(username string, secret string) string { query.Set("secret", secret) query.Set("issuer", "arimelody.me") query.Set("algorithm", "SHA1") - query.Set("digits", fmt.Sprintf("%d", CODE_LENGTH)) - query.Set("period", fmt.Sprintf("%d", TIME_STEP)) + query.Set("digits", fmt.Sprintf("%d", TOTP_CODE_LENGTH)) + query.Set("period", fmt.Sprintf("%d", TOTP_TIME_STEP)) url.RawQuery = query.Encode() return url.String() @@ -98,7 +98,11 @@ func CheckTOTPForAccount(db *sqlx.DB, accountID string, totp string) (*model.TOT for _, method := range totps { check := GenerateTOTP(method.Secret, 0) if check == totp { - // return the whole TOTP method as it may be useful for logging + return &method, nil + } + // try again with offset- maybe user input the code late? + check = GenerateTOTP(method.Secret, 1) + if check == totp { return &method, nil } } From e004491b553f041b9f59a453fd94e1377b9cb419 Mon Sep 17 00:00:00 2001 From: ari melody Date: Thu, 23 Jan 2025 13:53:06 +0000 Subject: [PATCH 08/99] TOTP fully functioning, account settings done! --- admin/accounthttp.go | 23 ++++++++++-- admin/http.go | 71 +++++++++++++++++++++++++++-------- admin/static/admin.css | 16 ++++---- admin/templates.go | 5 +++ admin/views/edit-account.html | 6 +-- admin/views/login-totp.html | 42 +++++++++++++++++++++ admin/views/login.html | 17 ++------- admin/views/register.html | 6 ++- admin/views/totp-confirm.html | 2 +- admin/views/totp-setup.html | 2 +- controller/totp.go | 1 - 11 files changed, 143 insertions(+), 48 deletions(-) create mode 100644 admin/views/login-totp.html diff --git a/admin/accounthttp.go b/admin/accounthttp.go index b5deca2..9402410 100644 --- a/admin/accounthttp.go +++ b/admin/accounthttp.go @@ -30,15 +30,30 @@ func accountIndexHandler(app *model.AppState) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { session := r.Context().Value("session").(*model.Session) - totps, err := controller.GetTOTPsForAccount(app.DB, session.Account.ID) + dbTOTPs, err := controller.GetTOTPsForAccount(app.DB, session.Account.ID) if err != nil { fmt.Printf("WARN: Failed to fetch TOTPs: %v\n", err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) } - type accountResponse struct { - Session *model.Session - TOTPs []model.TOTP + type ( + TOTP struct { + model.TOTP + CreatedAtString string + } + + accountResponse struct { + Session *model.Session + TOTPs []TOTP + } + ) + + totps := []TOTP{} + for _, totp := range dbTOTPs { + totps = append(totps, TOTP{ + TOTP: totp, + CreatedAtString: totp.CreatedAt.Format("02 Jan 2006, 15:04:05"), + }) } sessionMessage := session.Message diff --git a/admin/http.go b/admin/http.go index 7dd5207..4d32aa9 100644 --- a/admin/http.go +++ b/admin/http.go @@ -284,26 +284,65 @@ func loginHandler(app *model.AppState) http.Handler { return } - totpMethod, err := controller.CheckTOTPForAccount(app.DB, account.ID, credentials.TOTP) - if err != nil { - fmt.Fprintf(os.Stderr, "WARN: Failed to fetch TOTPs: %v\n", err) - controller.SetSessionError(app.DB, session, "Something went wrong. Please try again.") - render() - return + var totpMethod *model.TOTP + if len(credentials.TOTP) == 0 { + // check if user has TOTP + totps, err := controller.GetTOTPsForAccount(app.DB, account.ID) + if err != nil { + fmt.Fprintf(os.Stderr, "WARN: Failed to fetch TOTPs: %v\n", err) + controller.SetSessionError(app.DB, session, "Something went wrong. Please try again.") + render() + return + } + + if len(totps) > 0 { + type loginTOTPData struct { + Session *model.Session + Username string + Password string + } + err = pages["login-totp"].Execute(w, loginTOTPData{ + Session: session, + Username: credentials.Username, + Password: credentials.Password, + }) + if err != nil { + fmt.Fprintf(os.Stderr, "WARN: Failed to render login TOTP page: %v\n", err) + http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) + return + } + } + } else { + totpMethod, err = controller.CheckTOTPForAccount(app.DB, account.ID, credentials.TOTP) + if err != nil { + fmt.Fprintf(os.Stderr, "WARN: Failed to fetch TOTPs: %v\n", err) + controller.SetSessionError(app.DB, session, "Something went wrong. Please try again.") + render() + return + } + if totpMethod == nil { + controller.SetSessionError(app.DB, session, "Invalid TOTP.") + render() + return + } } - if totpMethod == nil { - controller.SetSessionError(app.DB, session, "Invalid TOTP.") - render() - return + + if totpMethod != nil { + fmt.Printf( + "[%s] INFO: Account \"%s\" logged in with method \"%s\"\n", + time.Now().Format(time.UnixDate), + account.Username, + totpMethod.Name, + ) + } else { + fmt.Printf( + "[%s] INFO: Account \"%s\" logged in\n", + time.Now().Format(time.UnixDate), + account.Username, + ) } // TODO: log login activity to user - fmt.Printf( - "[%s] INFO: Account \"%s\" logged in with method \"%s\"\n", - time.Now().Format(time.UnixDate), - account.Username, - totpMethod.Name, - ) // login success! controller.SetSessionAccount(app.DB, session, account) diff --git a/admin/static/admin.css b/admin/static/admin.css index cbb827e..a6e0bc2 100644 --- a/admin/static/admin.css +++ b/admin/static/admin.css @@ -85,6 +85,15 @@ a img.icon { height: .8em; } +code { + background: #303030; + color: #f0f0f0; + padding: .23em .3em; + border-radius: 4px; +} + + + .card { margin-bottom: 1em; } @@ -93,13 +102,6 @@ a img.icon { margin: 0 0 .5em 0; } -/* -.card h3, -.card p { - margin: 0; -} -*/ - .card-title { margin-bottom: 1em; display: flex; diff --git a/admin/templates.go b/admin/templates.go index 3bae106..d9a74ca 100644 --- a/admin/templates.go +++ b/admin/templates.go @@ -18,6 +18,11 @@ var pages = map[string]*template.Template{ filepath.Join("views", "prideflag.html"), filepath.Join("admin", "views", "login.html"), )), + "login-totp": template.Must(template.ParseFiles( + filepath.Join("admin", "views", "layout.html"), + filepath.Join("views", "prideflag.html"), + filepath.Join("admin", "views", "login-totp.html"), + )), "register": template.Must(template.ParseFiles( filepath.Join("admin", "views", "layout.html"), filepath.Join("views", "prideflag.html"), diff --git a/admin/views/edit-account.html b/admin/views/edit-account.html index b1d083a..6c17088 100644 --- a/admin/views/edit-account.html +++ b/admin/views/edit-account.html @@ -40,11 +40,11 @@ {{range .TOTPs}}
-

{{.Name}}

-

Added: {{.CreatedAt}}

+

{{.TOTP.Name}}

+

Added: {{.CreatedAtString}}

{{end}} diff --git a/admin/views/login-totp.html b/admin/views/login-totp.html new file mode 100644 index 0000000..d959e3c --- /dev/null +++ b/admin/views/login-totp.html @@ -0,0 +1,42 @@ +{{define "head"}} +Login - ari melody 💫 + + + +{{end}} + +{{define "content"}} +
+
+

Two-Factor Authentication

+ +
+ + + + +
+ + +
+
+{{end}} diff --git a/admin/views/login.html b/admin/views/login.html index b77af83..fbb7294 100644 --- a/admin/views/login.html +++ b/admin/views/login.html @@ -3,14 +3,6 @@ {{end}} @@ -42,15 +34,14 @@ input { {{end}}
+

Log In

+
- + - - -
diff --git a/admin/views/register.html b/admin/views/register.html index 94170c9..37f0947 100644 --- a/admin/views/register.html +++ b/admin/views/register.html @@ -27,7 +27,7 @@ form button { } input { - width: 100%; + width: calc(100% - 1rem - 2px); } {{end}} @@ -39,9 +39,11 @@ input { {{end}} +

Create Account

+
- + diff --git a/admin/views/totp-confirm.html b/admin/views/totp-confirm.html index af6b6e1..ac39e52 100644 --- a/admin/views/totp-confirm.html +++ b/admin/views/totp-confirm.html @@ -26,7 +26,7 @@ code {

- + diff --git a/admin/views/totp-setup.html b/admin/views/totp-setup.html index 62b9daf..e74c970 100644 --- a/admin/views/totp-setup.html +++ b/admin/views/totp-setup.html @@ -12,7 +12,7 @@
- +
diff --git a/controller/totp.go b/controller/totp.go index 02f1c4b..bc71747 100644 --- a/controller/totp.go +++ b/controller/totp.go @@ -92,7 +92,6 @@ func GetTOTPsForAccount(db *sqlx.DB, accountID string) ([]model.TOTP, error) { func CheckTOTPForAccount(db *sqlx.DB, accountID string, totp string) (*model.TOTP, error) { totps, err := GetTOTPsForAccount(db, accountID) if err != nil { - // user has no TOTP methods return nil, err } for _, method := range totps { From 9a27dbdc3716be63389a8b551867c09e556bdc12 Mon Sep 17 00:00:00 2001 From: ari melody Date: Fri, 24 Jan 2025 01:04:57 +0000 Subject: [PATCH 09/99] fixed style of inputs on release edit page (whoops!) --- admin/static/admin.css | 4 ++-- admin/static/edit-account.css | 9 +++++---- admin/static/edit-release.css | 9 ++++++++- 3 files changed, 15 insertions(+), 7 deletions(-) diff --git a/admin/static/admin.css b/admin/static/admin.css index a6e0bc2..877b5da 100644 --- a/admin/static/admin.css +++ b/admin/static/admin.css @@ -206,13 +206,13 @@ form { width: 100%; display: block; } -label { +form label { width: 100%; margin: 1rem 0 .5rem 0; display: block; color: #10101080; } -input { +form input { margin: .5rem 0; padding: .3rem .5rem; display: block; diff --git a/admin/static/edit-account.css b/admin/static/edit-account.css index 37351b2..7a4d34a 100644 --- a/admin/static/edit-account.css +++ b/admin/static/edit-account.css @@ -5,10 +5,11 @@ div.card { } label { - width: 100%; - margin: 1rem 0 .5rem 0; - display: block; - color: #10101080; + width: auto; + margin: 0; + display: flex; + align-items: center; + color: inherit; } input { width: min(20rem, calc(100% - 1rem)); diff --git a/admin/static/edit-release.css b/admin/static/edit-release.css index 63d399e..aa70e34 100644 --- a/admin/static/edit-release.css +++ b/admin/static/edit-release.css @@ -228,12 +228,14 @@ dialog div.dialog-actions { } #editcredits .credit .credit-info .credit-attribute label { + width: auto; + margin: 0; display: flex; align-items: center; } #editcredits .credit .credit-info .credit-attribute input[type="text"] { - margin-left: .25em; + margin: 0 0 0 .25em; padding: .2em .4em; flex-grow: 1; font-family: inherit; @@ -241,6 +243,9 @@ dialog div.dialog-actions { border-radius: 4px; color: inherit; } +#editcredits .credit .credit-info .credit-attribute input[type="checkbox"] { + margin: 0 .3em; +} #editcredits .credit .artist-name { font-weight: bold; @@ -369,8 +374,10 @@ dialog div.dialog-actions { #editlinks td input[type="text"] { width: calc(100% - .6em); height: 100%; + margin: 0; padding: 0 .3em; border: none; + border-radius: 0; outline: none; cursor: pointer; background: none; From 090de0554bbfd64ab68fb560e8ad1559dd9ee312 Mon Sep 17 00:00:00 2001 From: ari melody Date: Fri, 24 Jan 2025 01:33:14 +0000 Subject: [PATCH 10/99] fix bug causing edit tracks component to crash --- admin/components/tracks/edittracks.html | 10 +++++----- admin/releasehttp.go | 11 ++++++++++- model/track.go | 2 ++ 3 files changed, 17 insertions(+), 6 deletions(-) diff --git a/admin/components/tracks/edittracks.html b/admin/components/tracks/edittracks.html index 0500532..d03f80a 100644 --- a/admin/components/tracks/edittracks.html +++ b/admin/components/tracks/edittracks.html @@ -3,20 +3,20 @@

Editing: Tracks

Add -
+
    - {{range $i, $track := .Tracks}} + {{range $i, $track := .Release.Tracks}}

  • - {{$track.Add $i 1}} + {{.Add $i 1}} {{$track.Title}}

    Delete diff --git a/admin/releasehttp.go b/admin/releasehttp.go index 7d098e6..cd73e98 100644 --- a/admin/releasehttp.go +++ b/admin/releasehttp.go @@ -145,7 +145,16 @@ func serveEditLinks(release *model.Release) http.Handler { func serveEditTracks(release *model.Release) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { w.Header().Set("Content-Type", "text/html") - err := components["edittracks"].Execute(w, release) + + type editTracksData struct { + Release *model.Release + Add func(a int, b int) int + } + + err := components["edittracks"].Execute(w, editTracksData{ + Release: release, + Add: func(a, b int) int { return a + b }, + }) if err != nil { fmt.Printf("Error rendering edit tracks component for %s: %s\n", release.ID, err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) diff --git a/model/track.go b/model/track.go index d44c224..ca54ddd 100644 --- a/model/track.go +++ b/model/track.go @@ -12,6 +12,8 @@ type ( Description string `json:"description"` Lyrics string `json:"lyrics" db:"lyrics"` PreviewURL string `json:"previewURL" db:"preview_url"` + + Number int } ) From ad39e68cd651176211e98d3e7b9cf1e25ec925e1 Mon Sep 17 00:00:00 2001 From: ari melody Date: Fri, 24 Jan 2025 18:49:04 +0000 Subject: [PATCH 11/99] fix API endpoints which require account authorisation --- admin/http.go | 16 +++++------ api/api.go | 74 ++++++++++++++++++++++++++++++++++++++++++--------- 2 files changed, 70 insertions(+), 20 deletions(-) diff --git a/admin/http.go b/admin/http.go index 4d32aa9..b6a71ee 100644 --- a/admin/http.go +++ b/admin/http.go @@ -20,20 +20,20 @@ func Handler(app *model.AppState) http.Handler { mux := http.NewServeMux() mux.Handle("/login", loginHandler(app)) - mux.Handle("/logout", RequireAccount(app, logoutHandler(app))) + mux.Handle("/logout", requireAccount(app, logoutHandler(app))) mux.Handle("/register", registerAccountHandler(app)) - mux.Handle("/account", RequireAccount(app, accountIndexHandler(app))) - mux.Handle("/account/", RequireAccount(app, http.StripPrefix("/account", accountHandler(app)))) + mux.Handle("/account", requireAccount(app, accountIndexHandler(app))) + mux.Handle("/account/", requireAccount(app, http.StripPrefix("/account", accountHandler(app)))) - mux.Handle("/release/", RequireAccount(app, http.StripPrefix("/release", serveRelease(app)))) - mux.Handle("/artist/", RequireAccount(app, http.StripPrefix("/artist", serveArtist(app)))) - mux.Handle("/track/", RequireAccount(app, http.StripPrefix("/track", serveTrack(app)))) + mux.Handle("/release/", requireAccount(app, http.StripPrefix("/release", serveRelease(app)))) + mux.Handle("/artist/", requireAccount(app, http.StripPrefix("/artist", serveArtist(app)))) + mux.Handle("/track/", requireAccount(app, http.StripPrefix("/track", serveTrack(app)))) mux.Handle("/static/", http.StripPrefix("/static", staticHandler())) - mux.Handle("/", RequireAccount(app, AdminIndexHandler(app))) + mux.Handle("/", requireAccount(app, AdminIndexHandler(app))) // response wrapper to make sure a session cookie exists return enforceSession(app, mux) @@ -381,7 +381,7 @@ func logoutHandler(app *model.AppState) http.Handler { }) } -func RequireAccount(app *model.AppState, next http.Handler) http.HandlerFunc { +func requireAccount(app *model.AppState, next http.Handler) http.HandlerFunc { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { session := r.Context().Value("session").(*model.Session) if session.Account == nil { diff --git a/api/api.go b/api/api.go index 9489126..50b1c63 100644 --- a/api/api.go +++ b/api/api.go @@ -1,11 +1,13 @@ package api import ( + "context" + "errors" "fmt" "net/http" + "os" "strings" - "arimelody-web/admin" "arimelody-web/controller" "arimelody-web/model" ) @@ -36,10 +38,10 @@ func Handler(app *model.AppState) http.Handler { ServeArtist(app, artist).ServeHTTP(w, r) case http.MethodPut: // PUT /api/v1/artist/{id} (admin) - admin.RequireAccount(app, UpdateArtist(app, artist)).ServeHTTP(w, r) + requireAccount(app, UpdateArtist(app, artist)).ServeHTTP(w, r) case http.MethodDelete: // DELETE /api/v1/artist/{id} (admin) - admin.RequireAccount(app, DeleteArtist(app, artist)).ServeHTTP(w, r) + requireAccount(app, DeleteArtist(app, artist)).ServeHTTP(w, r) default: http.NotFound(w, r) } @@ -51,7 +53,7 @@ func Handler(app *model.AppState) http.Handler { ServeAllArtists(app).ServeHTTP(w, r) case http.MethodPost: // POST /api/v1/artist (admin) - admin.RequireAccount(app, CreateArtist(app)).ServeHTTP(w, r) + requireAccount(app, CreateArtist(app)).ServeHTTP(w, r) default: http.NotFound(w, r) } @@ -78,10 +80,10 @@ func Handler(app *model.AppState) http.Handler { ServeRelease(app, release).ServeHTTP(w, r) case http.MethodPut: // PUT /api/v1/music/{id} (admin) - admin.RequireAccount(app, UpdateRelease(app, release)).ServeHTTP(w, r) + requireAccount(app, UpdateRelease(app, release)).ServeHTTP(w, r) case http.MethodDelete: // DELETE /api/v1/music/{id} (admin) - admin.RequireAccount(app, DeleteRelease(app, release)).ServeHTTP(w, r) + requireAccount(app, DeleteRelease(app, release)).ServeHTTP(w, r) default: http.NotFound(w, r) } @@ -93,7 +95,7 @@ func Handler(app *model.AppState) http.Handler { ServeCatalog(app).ServeHTTP(w, r) case http.MethodPost: // POST /api/v1/music (admin) - admin.RequireAccount(app, CreateRelease(app)).ServeHTTP(w, r) + requireAccount(app, CreateRelease(app)).ServeHTTP(w, r) default: http.NotFound(w, r) } @@ -117,13 +119,13 @@ func Handler(app *model.AppState) http.Handler { switch r.Method { case http.MethodGet: // GET /api/v1/track/{id} (admin) - admin.RequireAccount(app, ServeTrack(app, track)).ServeHTTP(w, r) + requireAccount(app, ServeTrack(app, track)).ServeHTTP(w, r) case http.MethodPut: // PUT /api/v1/track/{id} (admin) - admin.RequireAccount(app, UpdateTrack(app, track)).ServeHTTP(w, r) + requireAccount(app, UpdateTrack(app, track)).ServeHTTP(w, r) case http.MethodDelete: // DELETE /api/v1/track/{id} (admin) - admin.RequireAccount(app, DeleteTrack(app, track)).ServeHTTP(w, r) + requireAccount(app, DeleteTrack(app, track)).ServeHTTP(w, r) default: http.NotFound(w, r) } @@ -132,10 +134,10 @@ func Handler(app *model.AppState) http.Handler { switch r.Method { case http.MethodGet: // GET /api/v1/track (admin) - admin.RequireAccount(app, ServeAllTracks(app)).ServeHTTP(w, r) + requireAccount(app, ServeAllTracks(app)).ServeHTTP(w, r) case http.MethodPost: // POST /api/v1/track (admin) - admin.RequireAccount(app, CreateTrack(app)).ServeHTTP(w, r) + requireAccount(app, CreateTrack(app)).ServeHTTP(w, r) default: http.NotFound(w, r) } @@ -143,3 +145,51 @@ func Handler(app *model.AppState) http.Handler { return mux } + +func requireAccount(app *model.AppState, next http.Handler) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + session, err := getSession(app, r) + if err != nil { + fmt.Fprintf(os.Stderr, "WARN: Failed to get session: %v\n", err) + http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) + return + } + if session.Account == nil { + http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized) + return + } + ctx := context.WithValue(r.Context(), "session", session) + next.ServeHTTP(w, r.WithContext(ctx)) + }) +} + +func getSession(app *model.AppState, r *http.Request) (*model.Session, error) { + var token string + + // check cookies first + sessionCookie, err := r.Cookie(model.COOKIE_TOKEN) + if err != nil && err != http.ErrNoCookie { + return nil, errors.New(fmt.Sprintf("Failed to retrieve session cookie: %v\n", err)) + } + if sessionCookie != nil { + token = sessionCookie.Value + } else { + // check Authorization header + token = strings.TrimPrefix(r.Header.Get("Authorization"), "Bearer ") + } + + if token == "" { return nil, nil } + + // fetch existing session + session, err := controller.GetSession(app.DB, token) + + if err != nil && !strings.Contains(err.Error(), "no rows") { + return nil, errors.New(fmt.Sprintf("Failed to retrieve session: %v\n", err)) + } + + if session != nil { + // TODO: consider running security checks here (i.e. user agent mismatches) + } + + return session, nil +} From 1edc051ae21f8cc64d2d00796ad04dc8305d8dec Mon Sep 17 00:00:00 2001 From: ari melody Date: Sun, 26 Jan 2025 00:48:19 +0000 Subject: [PATCH 12/99] fixed GetTOTP, started rough QR code implementation GetTOTP handles TOTP method retrieval for confirmation and deletion. QR code implementation looks like it's gonna suck, so might end up using a library for this later. --- admin/accounthttp.go | 11 +++-- admin/http.go | 16 +++++-- controller/qr.go | 107 +++++++++++++++++++++++++++++++++++++++++++ controller/totp.go | 9 ++-- main.go | 2 +- 5 files changed, 132 insertions(+), 13 deletions(-) create mode 100644 controller/qr.go diff --git a/admin/accounthttp.go b/admin/accounthttp.go index 9402410..aa1e042 100644 --- a/admin/accounthttp.go +++ b/admin/accounthttp.go @@ -304,6 +304,12 @@ func totpConfirmHandler(app *model.AppState) http.Handler { return } + fmt.Printf( + "TOTP:\n\tName: %s\n\tSecret: %s\n", + totp.Name, + totp.Secret, + ) + confirmCode := controller.GenerateTOTP(totp.Secret, 0) if code != confirmCode { confirmCodeOffset := controller.GenerateTOTP(totp.Secret, 1) @@ -330,12 +336,11 @@ func totpDeleteHandler(app *model.AppState) http.Handler { return } - name := r.URL.Path - fmt.Printf("%s\n", name); - if len(name) == 0 { + if len(r.URL.Path) < 2 { http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest) return } + name := r.URL.Path[1:] session := r.Context().Value("session").(*model.Session) diff --git a/admin/http.go b/admin/http.go index b6a71ee..42b7e46 100644 --- a/admin/http.go +++ b/admin/http.go @@ -19,6 +19,17 @@ import ( func Handler(app *model.AppState) http.Handler { mux := http.NewServeMux() + mux.Handle("/qr-test", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + qrB64Img, err := controller.GenerateQRCode([]byte("super epic mega gaming test message. be sure to buy free2play on bandcamp so i can put food on my family")) + if err != nil { + fmt.Fprintf(os.Stderr, "WARN: Failed to generate QR code: %v\n", err) + http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) + return + } + + w.Write([]byte("")) + })) + mux.Handle("/login", loginHandler(app)) mux.Handle("/logout", requireAccount(app, logoutHandler(app))) @@ -243,11 +254,6 @@ func loginHandler(app *model.AppState) http.Handler { return } - // new accounts won't have TOTP methods at first. there should be a - // second phase of login that prompts the user for a TOTP *only* - // if that account has a TOTP method. - // TODO: login phases (username & password -> TOTP) - type LoginRequest struct { Username string `json:"username"` Password string `json:"password"` diff --git a/controller/qr.go b/controller/qr.go new file mode 100644 index 0000000..c4c2520 --- /dev/null +++ b/controller/qr.go @@ -0,0 +1,107 @@ +package controller + +import ( + "bytes" + "encoding/base64" + "errors" + "fmt" + "image" + "image/color" + "image/png" +) + +const margin = 4 + +type QRCodeECCLevel int64 +const ( + LOW QRCodeECCLevel = iota + MEDIUM + QUARTILE + HIGH +) + +func GenerateQRCode(data []byte) (string, error) { + version := 1 + + size := 0 + size = 21 + version * 4 + if version > 10 { + return "", errors.New(fmt.Sprintf("QR version %d not supported", version)) + } + + img := image.NewGray(image.Rect(0, 0, size + margin * 2, size + margin * 2)) + + // fill white + for y := range size + margin * 2 { + for x := range size + margin * 2 { + img.Set(x, y, color.White) + } + } + + // draw alignment squares + drawLargeAlignmentSquare(margin, margin, img) + drawLargeAlignmentSquare(margin, margin + size - 7, img) + drawLargeAlignmentSquare(margin + size - 7, margin, img) + drawSmallAlignmentSquare(size - 5, size - 5, img) + /* + if version > 4 { + space := version * 3 - 2 + end := size / space + for y := range size / space + 1 { + for x := range size / space + 1 { + if x == 0 && y == 0 { continue } + if x == 0 && y == end { continue } + if x == end && y == 0 { continue } + if x == end && y == end { continue } + drawSmallAlignmentSquare( + x * space + margin + 4, + y * space + margin + 4, + img, + ) + } + } + } + */ + + // draw timing bits + for i := margin + 6; i < size - 4; i++ { + if (i % 2 == 0) { + img.Set(i, margin + 6, color.Black) + img.Set(margin + 6, i, color.Black) + } + } + img.Set(margin + 8, size - 4, color.Black) + + var imgBuf bytes.Buffer + err := png.Encode(&imgBuf, img) + if err != nil { + return "", err + } + + base64Img := base64.StdEncoding.EncodeToString(imgBuf.Bytes()) + + return "data:image/png;base64," + base64Img, nil +} + +func drawLargeAlignmentSquare(x int, y int, img *image.Gray) { + for yi := range 7 { + for xi := range 7 { + if (xi == 0 || xi == 6) || (yi == 0 || yi == 6) { + img.Set(x + xi, y + yi, color.Black) + } else if (xi > 1 && xi < 5) && (yi > 1 && yi < 5) { + img.Set(x + xi, y + yi, color.Black) + } + } + } +} + +func drawSmallAlignmentSquare(x int, y int, img *image.Gray) { + for yi := range 5 { + for xi := range 5 { + if (xi == 0 || xi == 4) || (yi == 0 || yi == 4) { + img.Set(x + xi, y + yi, color.Black) + } + } + } + img.Set(x + 2, y + 2, color.Black) +} diff --git a/controller/totp.go b/controller/totp.go index bc71747..dbbeec7 100644 --- a/controller/totp.go +++ b/controller/totp.go @@ -64,9 +64,9 @@ func GenerateTOTPURI(username string, secret string) string { query := url.Query() query.Set("secret", secret) query.Set("issuer", "arimelody.me") - query.Set("algorithm", "SHA1") - query.Set("digits", fmt.Sprintf("%d", TOTP_CODE_LENGTH)) - query.Set("period", fmt.Sprintf("%d", TOTP_TIME_STEP)) + // query.Set("algorithm", "SHA1") + // query.Set("digits", fmt.Sprintf("%d", TOTP_CODE_LENGTH)) + // query.Set("period", fmt.Sprintf("%d", TOTP_TIME_STEP)) url.RawQuery = query.Encode() return url.String() @@ -116,8 +116,9 @@ func GetTOTP(db *sqlx.DB, accountID string, name string) (*model.TOTP, error) { err := db.Get( &totp, "SELECT * FROM totp " + - "WHERE account=$1", + "WHERE account=$1 AND name=$2", accountID, + name, ) if err != nil { if strings.Contains(err.Error(), "no rows") { diff --git a/main.go b/main.go index 251d9a9..ac1de59 100644 --- a/main.go +++ b/main.go @@ -89,7 +89,6 @@ func main() { } username := os.Args[2] totpName := os.Args[3] - secret := controller.GenerateTOTPSecret(controller.TOTP_SECRET_LENGTH) account, err := controller.GetAccountByUsername(app.DB, username) if err != nil { @@ -102,6 +101,7 @@ func main() { os.Exit(1) } + secret := controller.GenerateTOTPSecret(controller.TOTP_SECRET_LENGTH) totp := model.TOTP { AccountID: account.ID, Name: totpName, From 3450d879acd0662f8bfae1d010f6e02ee9441e06 Mon Sep 17 00:00:00 2001 From: ari melody Date: Sun, 26 Jan 2025 20:09:18 +0000 Subject: [PATCH 13/99] QR codes complete, account settings finished! + refactored templates a little; this might need more work! --- admin/accounthttp.go | 31 ++++--- admin/artisthttp.go | 2 +- admin/http.go | 12 +-- admin/releasehttp.go | 16 ++-- admin/templates.go | 150 ++++++++++++++++++---------------- admin/trackhttp.go | 2 +- admin/views/totp-confirm.html | 17 ++-- controller/qr.go | 15 +++- go.mod | 6 +- go.sum | 6 +- main.go | 2 +- templates/templates.go | 47 +++++------ view/music.go | 4 +- 13 files changed, 175 insertions(+), 135 deletions(-) diff --git a/admin/accounthttp.go b/admin/accounthttp.go index aa1e042..408b4c5 100644 --- a/admin/accounthttp.go +++ b/admin/accounthttp.go @@ -63,7 +63,7 @@ func accountIndexHandler(app *model.AppState) http.Handler { session.Message = sessionMessage session.Error = sessionError - err = pages["account"].Execute(w, accountResponse{ + err = accountTemplate.Execute(w, accountResponse{ Session: session, TOTPs: totps, }) @@ -199,7 +199,7 @@ func totpSetupHandler(app *model.AppState) http.Handler { session := r.Context().Value("session").(*model.Session) - err := pages["totp-setup"].Execute(w, totpSetupData{ Session: session }) + err := totpSetupTemplate.Execute(w, totpSetupData{ Session: session }) if err != nil { fmt.Printf("WARN: Failed to render TOTP setup page: %s\n", err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) @@ -216,6 +216,7 @@ func totpSetupHandler(app *model.AppState) http.Handler { Session *model.Session TOTP *model.TOTP NameEscaped string + QRBase64Image string } err := r.ParseForm() @@ -242,7 +243,7 @@ func totpSetupHandler(app *model.AppState) http.Handler { if err != nil { fmt.Printf("WARN: Failed to create TOTP method: %s\n", err) controller.SetSessionError(app.DB, session, "Something went wrong. Please try again.") - err := pages["totp-setup"].Execute(w, totpSetupData{ Session: session }) + err := totpSetupTemplate.Execute(w, totpSetupData{ Session: session }) if err != nil { fmt.Printf("WARN: Failed to render TOTP setup page: %s\n", err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) @@ -250,10 +251,24 @@ func totpSetupHandler(app *model.AppState) http.Handler { return } - err = pages["totp-confirm"].Execute(w, totpSetupData{ + qrBase64Image, err := controller.GenerateQRCode( + controller.GenerateTOTPURI(session.Account.Username, totp.Secret)) + if err != nil { + fmt.Printf("WARN: Failed to generate TOTP setup QR code: %s\n", err) + controller.SetSessionError(app.DB, session, "Something went wrong. Please try again.") + err := totpSetupTemplate.Execute(w, totpSetupData{ Session: session }) + if err != nil { + fmt.Printf("WARN: Failed to render TOTP setup page: %s\n", err) + http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) + } + return + } + + err = totpConfirmTemplate.Execute(w, totpSetupData{ Session: session, TOTP: &totp, NameEscaped: url.PathEscape(totp.Name), + QRBase64Image: qrBase64Image, }) if err != nil { fmt.Printf("WARN: Failed to render TOTP confirm page: %s\n", err) @@ -304,18 +319,12 @@ func totpConfirmHandler(app *model.AppState) http.Handler { return } - fmt.Printf( - "TOTP:\n\tName: %s\n\tSecret: %s\n", - totp.Name, - totp.Secret, - ) - confirmCode := controller.GenerateTOTP(totp.Secret, 0) if code != confirmCode { confirmCodeOffset := controller.GenerateTOTP(totp.Secret, 1) if code != confirmCodeOffset { controller.SetSessionError(app.DB, session, "Incorrect TOTP code. Please try again.") - err = pages["totp-confirm"].Execute(w, totpConfirmData{ + err = totpConfirmTemplate.Execute(w, totpConfirmData{ Session: session, TOTP: totp, }) diff --git a/admin/artisthttp.go b/admin/artisthttp.go index 5979493..6dfbbfd 100644 --- a/admin/artisthttp.go +++ b/admin/artisthttp.go @@ -39,7 +39,7 @@ func serveArtist(app *model.AppState) http.Handler { session := r.Context().Value("session").(*model.Session) - err = pages["artist"].Execute(w, ArtistResponse{ + err = artistTemplate.Execute(w, ArtistResponse{ Session: session, Artist: artist, Credits: credits, diff --git a/admin/http.go b/admin/http.go index 42b7e46..6fd8f59 100644 --- a/admin/http.go +++ b/admin/http.go @@ -20,7 +20,7 @@ func Handler(app *model.AppState) http.Handler { mux := http.NewServeMux() mux.Handle("/qr-test", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - qrB64Img, err := controller.GenerateQRCode([]byte("super epic mega gaming test message. be sure to buy free2play on bandcamp so i can put food on my family")) + qrB64Img, err := controller.GenerateQRCode("super epic mega gaming test message. be sure to buy free2play on bandcamp so i can put food on my family") if err != nil { fmt.Fprintf(os.Stderr, "WARN: Failed to generate QR code: %v\n", err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) @@ -87,7 +87,7 @@ func AdminIndexHandler(app *model.AppState) http.Handler { Tracks []*model.Track } - err = pages["index"].Execute(w, IndexData{ + err = indexTemplate.Execute(w, IndexData{ Session: session, Releases: releases, Artists: artists, @@ -116,7 +116,7 @@ func registerAccountHandler(app *model.AppState) http.Handler { } render := func() { - err := pages["register"].Execute(w, registerData{ Session: session }) + err := registerTemplate.Execute(w, registerData{ Session: session }) if err != nil { fmt.Printf("WARN: Error rendering create account page: %s\n", err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) @@ -229,7 +229,7 @@ func loginHandler(app *model.AppState) http.Handler { } render := func() { - err := pages["login"].Execute(w, loginData{ Session: session }) + err := loginTemplate.Execute(w, loginData{ Session: session }) if err != nil { fmt.Fprintf(os.Stderr, "WARN: Error rendering admin login page: %s\n", err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) @@ -307,7 +307,7 @@ func loginHandler(app *model.AppState) http.Handler { Username string Password string } - err = pages["login-totp"].Execute(w, loginTOTPData{ + err = loginTOTPTemplate.Execute(w, loginTOTPData{ Session: session, Username: credentials.Username, Password: credentials.Password, @@ -379,7 +379,7 @@ func logoutHandler(app *model.AppState) http.Handler { Path: "/", }) - err = pages["logout"].Execute(w, nil) + err = logoutTemplate.Execute(w, nil) if err != nil { fmt.Fprintf(os.Stderr, "WARN: Failed to render logout page: %v\n", err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) diff --git a/admin/releasehttp.go b/admin/releasehttp.go index cd73e98..be5052b 100644 --- a/admin/releasehttp.go +++ b/admin/releasehttp.go @@ -60,7 +60,7 @@ func serveRelease(app *model.AppState) http.Handler { Release *model.Release } - err = pages["release"].Execute(w, ReleaseResponse{ + err = releaseTemplate.Execute(w, ReleaseResponse{ Session: session, Release: release, }) @@ -74,7 +74,7 @@ func serveRelease(app *model.AppState) http.Handler { func serveEditCredits(release *model.Release) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { w.Header().Set("Content-Type", "text/html") - err := components["editcredits"].Execute(w, release) + err := editCreditsTemplate.Execute(w, release) if err != nil { fmt.Printf("Error rendering edit credits component for %s: %s\n", release.ID, err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) @@ -97,7 +97,7 @@ func serveAddCredit(app *model.AppState, release *model.Release) http.Handler { } w.Header().Set("Content-Type", "text/html") - err = components["addcredit"].Execute(w, response{ + err = addCreditTemplate.Execute(w, response{ ReleaseID: release.ID, Artists: artists, }) @@ -123,7 +123,7 @@ func serveNewCredit(app *model.AppState) http.Handler { } w.Header().Set("Content-Type", "text/html") - err = components["newcredit"].Execute(w, artist) + err = newCreditTemplate.Execute(w, artist) if err != nil { fmt.Printf("Error rendering new credit component for %s: %s\n", artist.ID, err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) @@ -134,7 +134,7 @@ func serveNewCredit(app *model.AppState) http.Handler { func serveEditLinks(release *model.Release) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { w.Header().Set("Content-Type", "text/html") - err := components["editlinks"].Execute(w, release) + err := editLinksTemplate.Execute(w, release) if err != nil { fmt.Printf("Error rendering edit links component for %s: %s\n", release.ID, err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) @@ -151,7 +151,7 @@ func serveEditTracks(release *model.Release) http.Handler { Add func(a int, b int) int } - err := components["edittracks"].Execute(w, editTracksData{ + err := editTracksTemplate.Execute(w, editTracksData{ Release: release, Add: func(a, b int) int { return a + b }, }) @@ -177,7 +177,7 @@ func serveAddTrack(app *model.AppState, release *model.Release) http.Handler { } w.Header().Set("Content-Type", "text/html") - err = components["addtrack"].Execute(w, response{ + err = addTrackTemplate.Execute(w, response{ ReleaseID: release.ID, Tracks: tracks, }) @@ -204,7 +204,7 @@ func serveNewTrack(app *model.AppState) http.Handler { } w.Header().Set("Content-Type", "text/html") - err = components["newtrack"].Execute(w, track) + err = newTrackTemplate.Execute(w, track) if err != nil { fmt.Printf("Error rendering new track component for %s: %s\n", track.ID, err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) diff --git a/admin/templates.go b/admin/templates.go index d9a74ca..49c118b 100644 --- a/admin/templates.go +++ b/admin/templates.go @@ -1,80 +1,90 @@ package admin import ( - "html/template" - "path/filepath" + "html/template" + "path/filepath" ) -var pages = map[string]*template.Template{ - "index": template.Must(template.ParseFiles( - filepath.Join("admin", "views", "layout.html"), - filepath.Join("views", "prideflag.html"), - filepath.Join("admin", "components", "release", "release-list-item.html"), - filepath.Join("admin", "views", "index.html"), - )), +var indexTemplate = template.Must(template.ParseFiles( + filepath.Join("admin", "views", "layout.html"), + filepath.Join("views", "prideflag.html"), + filepath.Join("admin", "components", "release", "release-list-item.html"), + filepath.Join("admin", "views", "index.html"), +)) - "login": template.Must(template.ParseFiles( - filepath.Join("admin", "views", "layout.html"), - filepath.Join("views", "prideflag.html"), - filepath.Join("admin", "views", "login.html"), - )), - "login-totp": template.Must(template.ParseFiles( - filepath.Join("admin", "views", "layout.html"), - filepath.Join("views", "prideflag.html"), - filepath.Join("admin", "views", "login-totp.html"), - )), - "register": template.Must(template.ParseFiles( - filepath.Join("admin", "views", "layout.html"), - filepath.Join("views", "prideflag.html"), - filepath.Join("admin", "views", "register.html"), - )), - "logout": template.Must(template.ParseFiles( - filepath.Join("admin", "views", "layout.html"), - filepath.Join("views", "prideflag.html"), - filepath.Join("admin", "views", "logout.html"), - )), - "account": template.Must(template.ParseFiles( - filepath.Join("admin", "views", "layout.html"), - filepath.Join("views", "prideflag.html"), - filepath.Join("admin", "views", "edit-account.html"), - )), - "totp-setup": template.Must(template.ParseFiles( - filepath.Join("admin", "views", "layout.html"), - filepath.Join("views", "prideflag.html"), - filepath.Join("admin", "views", "totp-setup.html"), - )), - "totp-confirm": template.Must(template.ParseFiles( - filepath.Join("admin", "views", "layout.html"), - filepath.Join("views", "prideflag.html"), - filepath.Join("admin", "views", "totp-confirm.html"), - )), +var loginTemplate = template.Must(template.ParseFiles( + filepath.Join("admin", "views", "layout.html"), + filepath.Join("views", "prideflag.html"), + filepath.Join("admin", "views", "login.html"), +)) +var loginTOTPTemplate = template.Must(template.ParseFiles( + filepath.Join("admin", "views", "layout.html"), + filepath.Join("views", "prideflag.html"), + filepath.Join("admin", "views", "login-totp.html"), +)) +var registerTemplate = template.Must(template.ParseFiles( + filepath.Join("admin", "views", "layout.html"), + filepath.Join("views", "prideflag.html"), + filepath.Join("admin", "views", "register.html"), +)) +var logoutTemplate = template.Must(template.ParseFiles( + filepath.Join("admin", "views", "layout.html"), + filepath.Join("views", "prideflag.html"), + filepath.Join("admin", "views", "logout.html"), +)) +var accountTemplate = template.Must(template.ParseFiles( + filepath.Join("admin", "views", "layout.html"), + filepath.Join("views", "prideflag.html"), + filepath.Join("admin", "views", "edit-account.html"), +)) +var totpSetupTemplate = template.Must(template.ParseFiles( + filepath.Join("admin", "views", "layout.html"), + filepath.Join("views", "prideflag.html"), + filepath.Join("admin", "views", "totp-setup.html"), +)) +var totpConfirmTemplate = template.Must(template.ParseFiles( + filepath.Join("admin", "views", "layout.html"), + filepath.Join("views", "prideflag.html"), + filepath.Join("admin", "views", "totp-confirm.html"), +)) - "release": template.Must(template.ParseFiles( - filepath.Join("admin", "views", "layout.html"), - filepath.Join("views", "prideflag.html"), - filepath.Join("admin", "views", "edit-release.html"), - )), - "artist": template.Must(template.ParseFiles( - filepath.Join("admin", "views", "layout.html"), - filepath.Join("views", "prideflag.html"), - filepath.Join("admin", "views", "edit-artist.html"), - )), - "track": template.Must(template.ParseFiles( - filepath.Join("admin", "views", "layout.html"), - filepath.Join("views", "prideflag.html"), - filepath.Join("admin", "components", "release", "release-list-item.html"), - filepath.Join("admin", "views", "edit-track.html"), - )), -} +var releaseTemplate = template.Must(template.ParseFiles( + filepath.Join("admin", "views", "layout.html"), + filepath.Join("views", "prideflag.html"), + filepath.Join("admin", "views", "edit-release.html"), +)) +var artistTemplate = template.Must(template.ParseFiles( + filepath.Join("admin", "views", "layout.html"), + filepath.Join("views", "prideflag.html"), + filepath.Join("admin", "views", "edit-artist.html"), +)) +var trackTemplate = template.Must(template.ParseFiles( + filepath.Join("admin", "views", "layout.html"), + filepath.Join("views", "prideflag.html"), + filepath.Join("admin", "components", "release", "release-list-item.html"), + filepath.Join("admin", "views", "edit-track.html"), +)) -var components = map[string]*template.Template{ - "editcredits": template.Must(template.ParseFiles(filepath.Join("admin", "components", "credits", "editcredits.html"))), - "addcredit": template.Must(template.ParseFiles(filepath.Join("admin", "components", "credits", "addcredit.html"))), - "newcredit": template.Must(template.ParseFiles(filepath.Join("admin", "components", "credits", "newcredit.html"))), +var editCreditsTemplate = template.Must(template.ParseFiles( + filepath.Join("admin", "components", "credits", "editcredits.html"), +)) +var addCreditTemplate = template.Must(template.ParseFiles( + filepath.Join("admin", "components", "credits", "addcredit.html"), +)) +var newCreditTemplate = template.Must(template.ParseFiles( + filepath.Join("admin", "components", "credits", "newcredit.html"), +)) - "editlinks": template.Must(template.ParseFiles(filepath.Join("admin", "components", "links", "editlinks.html"))), +var editLinksTemplate = template.Must(template.ParseFiles( + filepath.Join("admin", "components", "links", "editlinks.html"), +)) - "edittracks": template.Must(template.ParseFiles(filepath.Join("admin", "components", "tracks", "edittracks.html"))), - "addtrack": template.Must(template.ParseFiles(filepath.Join("admin", "components", "tracks", "addtrack.html"))), - "newtrack": template.Must(template.ParseFiles(filepath.Join("admin", "components", "tracks", "newtrack.html"))), -} +var editTracksTemplate = template.Must(template.ParseFiles( + filepath.Join("admin", "components", "tracks", "edittracks.html"), +)) +var addTrackTemplate = template.Must(template.ParseFiles( + filepath.Join("admin", "components", "tracks", "addtrack.html"), +)) +var newTrackTemplate = template.Must(template.ParseFiles( + filepath.Join("admin", "components", "tracks", "newtrack.html"), +)) diff --git a/admin/trackhttp.go b/admin/trackhttp.go index 9436671..a92f81a 100644 --- a/admin/trackhttp.go +++ b/admin/trackhttp.go @@ -39,7 +39,7 @@ func serveTrack(app *model.AppState) http.Handler { session := r.Context().Value("session").(*model.Session) - err = pages["track"].Execute(w, TrackResponse{ + err = trackTemplate.Execute(w, TrackResponse{ Session: session, Track: track, Releases: releases, diff --git a/admin/views/totp-confirm.html b/admin/views/totp-confirm.html index ac39e52..b0810e2 100644 --- a/admin/views/totp-confirm.html +++ b/admin/views/totp-confirm.html @@ -3,6 +3,9 @@ \ No newline at end of file diff --git a/public/img/brand/twitch.svg b/public/img/brand/twitch.svg new file mode 100644 index 0000000..3120fea --- /dev/null +++ b/public/img/brand/twitch.svg @@ -0,0 +1,21 @@ + + + + +Asset 2 + + + + + + + + + + + diff --git a/public/img/brand/youtube.svg b/public/img/brand/youtube.svg new file mode 100644 index 0000000..3286071 --- /dev/null +++ b/public/img/brand/youtube.svg @@ -0,0 +1,10 @@ + + + + + + + + + + diff --git a/public/script/index.js b/public/script/index.js index 512ed8f..2197bd4 100644 --- a/public/script/index.js +++ b/public/script/index.js @@ -1,3 +1,5 @@ +import { hijackClickEvent } from "./main.js"; + const hexPrimary = document.getElementById("hex-primary"); const hexSecondary = document.getElementById("hex-secondary"); const hexTertiary = document.getElementById("hex-tertiary"); @@ -14,3 +16,8 @@ updateHexColours(); window.matchMedia("(prefers-color-scheme: dark)").addEventListener("change", () => { updateHexColours(); }); + +document.querySelectorAll("ul#projects li.project-item").forEach(projectItem => { + const link = projectItem.querySelector('a'); + hijackClickEvent(projectItem, link); +}); diff --git a/public/script/main.js b/public/script/main.js index c1d5101..19eddc2 100644 --- a/public/script/main.js +++ b/public/script/main.js @@ -45,6 +45,23 @@ function fill_list(list) { }); } +export function hijackClickEvent(container, link) { + container.addEventListener('click', event => { + if (event.target.tagName.toLowerCase() === 'a') return; + event.preventDefault(); + link.dispatchEvent(new MouseEvent('click', { + bubbles: true, + cancelable: true, + view: window, + ctrlKey: event.ctrlKey, + metaKey: event.metaKey, + shiftKey: event.shiftKey, + altKey: event.altKey, + button: event.button, + })); + }); +} + document.addEventListener("DOMContentLoaded", () => { [...document.querySelectorAll(".typeout")] .filter((e) => e.innerText != "") diff --git a/public/script/music.js b/public/script/music.js index 273ce2b..91f34ab 100644 --- a/public/script/music.js +++ b/public/script/music.js @@ -1,12 +1,6 @@ -import "./main.js"; +import { hijackClickEvent } from "./main.js"; document.querySelectorAll("div.music").forEach(container => { - const link = container.querySelector(".music-title a").href - - container.addEventListener("click", event => { - if (event.target.href) return; - - event.preventDefault(); - location = link; - }); + const link = container.querySelector(".music-title a") + hijackClickEvent(container, link); }); diff --git a/public/style/index.css b/public/style/index.css index f3cb761..6edb362 100644 --- a/public/style/index.css +++ b/public/style/index.css @@ -96,30 +96,36 @@ hr { overflow: visible; } -ul.links { +ul.platform-links { + padding-left: 1em; display: flex; - gap: 1em .5em; + gap: .5em; flex-wrap: wrap; } -ul.links li { +ul.platform-links li { list-style: none; } -ul.links li a { +ul.platform-links li a { padding: .4em .5em; + display: flex; + flex-direction: row; + justify-content: center; + align-items: center; + gap: .5em; border: 1px solid var(--links); color: var(--links); border-radius: 2px; background-color: transparent; - transition-property: color, border-color, background-color; + transition-property: color, border-color, background-color, box-shadow; transition-duration: .2s; animation-delay: 0s; animation: list-item-fadein .2s forwards; opacity: 0; } -ul.links li a:hover { +ul.platform-links li a:hover { color: #eee; border-color: #eee; background-color: var(--links) !important; @@ -127,6 +133,75 @@ ul.links li a:hover { box-shadow: 0 0 1em var(--links); } +ul.platform-links li a img { + height: 1em; + width: 1em; +} + +ul#projects { + padding: 0; + list-style: none; +} + +li.project-item { + padding: .5em; + border: 1px solid var(--links); + margin: 1em 0; + display: flex; + flex-direction: row; + gap: .5em; + border-radius: 2px; + transition-property: color, border-color, background-color, box-shadow; + transition-duration: .2s; + cursor: pointer; +} +li.project-item a { + transition: color .2s linear; +} + +li.project-item:hover { + color: #eee; + border-color: #eee; + background-color: var(--links) !important; + text-decoration: none; + box-shadow: 0 0 1em var(--links); +} +li.project-item:hover a { + color: #eee; +} + +li.project-item .project-info { + display: flex; + flex-direction: column; + justify-content: center; +} + +li.project-item img.project-icon { + width: 2.5em; + height: 2.5em; + object-fit: cover; + border-radius: 2px; +} + +li.project-item span.project-icon { + font-size: 2em; + display: block; + width: 45px; + height: 45px; + text-align: center; + /* background: #0004; */ + /* border: 1px solid var(--on-background); */ + border-radius: 2px; +} + +li.project-item a { + text-decoration: none; +} + +li.project-item p { + margin: 0; +} + div#web-buttons { margin: 2rem 0; } @@ -147,4 +222,3 @@ div#web-buttons { transform: translate(-2px, -2px); box-shadow: 1px 1px 0 #eee, 2px 2px 0 #eee; } - diff --git a/views/index.html b/views/index.html index 070d648..f639c55 100644 --- a/views/index.html +++ b/views/index.html @@ -17,7 +17,7 @@ - + {{end}} {{define "content"}} @@ -33,7 +33,7 @@

    - i'm a musician, developer, + i'm a musician, developer, streamer, youtuber, and probably a bunch of other things i forgot to mention!

    @@ -44,7 +44,7 @@

    if you're looking to support me financially, that's so cool of you!! if you like, you can buy some of my music over on - bandcamp + bandcamp so you can at least get something for your money. thank you very much either way!! 💕

    @@ -84,65 +84,119 @@

    where to find me 🛰️

    + +

    projects i've worked on 🛠️

    -
      -
    • - - mcstatusface - + @@ -156,40 +210,40 @@ ari melody web button - + zaire web button - + vimae web button - - thermia web button + + thermia web button - + elke web button - + InvoxiPlayGames web button - + ioletsgo web button - + notnite web button - + retr0id web button - + aikoyori web button - + xenia web button - + stardust web button - + isabel roses web button @@ -205,16 +259,16 @@ sprunk go straight to hell virus alert! click here - + wii www get mandatory internet explorer HTML - learn it today! - + high on SMOKE - + epic blazed closeup anime blink From f7b3faf8e89b240ca1e65eb698734039fcae9ce3 Mon Sep 17 00:00:00 2001 From: ari melody Date: Mon, 16 Jun 2025 22:41:54 +0100 Subject: [PATCH 56/99] move source link from header to footer --- public/style/header.css | 5 ++--- views/footer.html | 7 ++++++- views/header.html | 3 --- 3 files changed, 8 insertions(+), 7 deletions(-) diff --git a/public/style/header.css b/public/style/header.css index 531649a..f399d4d 100644 --- a/public/style/header.css +++ b/public/style/header.css @@ -25,7 +25,6 @@ nav { flex-grow: 1; display: flex; gap: .5em; - cursor: pointer; } img#header-icon { @@ -36,19 +35,19 @@ img#header-icon { } #header-text { - width: 11em; display: flex; flex-direction: column; justify-content: center; - flex-grow: 1; } #header-text h1 { + width: fit-content; margin: 0; font-size: 1em; } #header-text h2 { + width: fit-content; height: 1.2em; line-height: 1.2em; margin: 0; diff --git a/views/footer.html b/views/footer.html index 217c4b5..eccf125 100644 --- a/views/footer.html +++ b/views/footer.html @@ -2,7 +2,12 @@
      diff --git a/views/header.html b/views/header.html index 291b8ac..03a8384 100644 --- a/views/header.html +++ b/views/header.html @@ -23,9 +23,6 @@
    • music
      • -
    • - source -
    • blog From 9274796729a56290d788106e0ed5327643103e4a Mon Sep 17 00:00:00 2001 From: ari melody Date: Tue, 17 Jun 2025 01:15:08 +0100 Subject: [PATCH 57/99] early implementation of ari melody LIVE tracker --- controller/config.go | 4 ++ controller/twitch.go | 97 ++++++++++++++++++++++++++++++++++++++++ main.go | 47 ++++--------------- model/appstate.go | 8 ++++ model/twitch.go | 43 ++++++++++++++++++ public/style/colours.css | 1 + public/style/index.css | 81 +++++++++++++++++++++++++++++++++ view/index.go | 45 +++++++++++++++++++ view/static.go | 31 +++++++++++++ views/index.html | 17 +++++++ 10 files changed, 335 insertions(+), 39 deletions(-) create mode 100644 controller/twitch.go create mode 100644 model/twitch.go create mode 100644 view/index.go create mode 100644 view/static.go diff --git a/controller/config.go b/controller/config.go index 1d3cbbb..fdfa756 100644 --- a/controller/config.go +++ b/controller/config.go @@ -77,5 +77,9 @@ func handleConfigOverrides(config *model.Config) error { if env, has := os.LookupEnv("ARIMELODY_DISCORD_CLIENT_ID"); has { config.Discord.ClientID = env } if env, has := os.LookupEnv("ARIMELODY_DISCORD_SECRET"); has { config.Discord.Secret = env } + if env, has := os.LookupEnv("ARIMELODY_TWITCH_BROADCASTER"); has { config.Twitch.Broadcaster = env } + if env, has := os.LookupEnv("ARIMELODY_TWITCH_CLIENT_ID"); has { config.Twitch.ClientID = env } + if env, has := os.LookupEnv("ARIMELODY_TWITCH_SECRET"); has { config.Twitch.Secret = env } + return nil } diff --git a/controller/twitch.go b/controller/twitch.go new file mode 100644 index 0000000..f7dc509 --- /dev/null +++ b/controller/twitch.go @@ -0,0 +1,97 @@ +package controller + +import ( + "arimelody-web/model" + "bytes" + "encoding/json" + "fmt" + "net/http" + "net/url" + "time" +) + +const TWITCH_API_BASE = "https://api.twitch.tv/helix/" + +func TwitchSetup(app *model.AppState) error { + app.Twitch = &model.TwitchState{} + err := RefreshTwitchToken(app) + return err +} + +func RefreshTwitchToken(app *model.AppState) error { + if app.Twitch != nil && app.Twitch.Token != nil && time.Now().UTC().After(app.Twitch.Token.ExpiresAt) { + return nil + } + + requestUrl, _ := url.Parse("https://id.twitch.tv/oauth2/token") + req, _ := http.NewRequest(http.MethodPost, requestUrl.String(), bytes.NewBuffer([]byte(url.Values{ + "client_id": []string{ app.Config.Twitch.ClientID }, + "client_secret": []string{ app.Config.Twitch.Secret }, + "grant_type": []string{ "client_credentials" }, + }.Encode()))) + + res, err := http.DefaultClient.Do(req) + if err != nil { + return err + } + + type TwitchOAuthToken struct { + AccessToken string `json:"access_token"` + ExpiresIn int `json:"expires_in"` + TokenType string `json:"token_type"` + } + oauthResponse := TwitchOAuthToken{} + err = json.NewDecoder(res.Body).Decode(&oauthResponse) + if err != nil { + return err + } + + app.Twitch.Token = &model.TwitchOAuthToken{ + AccessToken: oauthResponse.AccessToken, + ExpiresAt: time.Now().UTC().Add(time.Second * time.Duration(oauthResponse.ExpiresIn)).UTC(), + TokenType: oauthResponse.TokenType, + } + + return nil +} + +var lastStreamState *model.TwitchStreamInfo +var lastStreamStateAt time.Time + +func GetTwitchStatus(app *model.AppState, broadcaster string) (*model.TwitchStreamInfo, error) { + if lastStreamState != nil && time.Now().UTC().Before(lastStreamStateAt.Add(time.Minute)) { + return lastStreamState, nil + } + + fmt.Print("MAKING COSTLY REQUEST TO TWITCH.TV API...\n") + + requestUrl, _ := url.Parse(TWITCH_API_BASE + "streams") + requestUrl.RawQuery = url.Values{ + "user_login": []string{ broadcaster }, + }.Encode() + req, _ := http.NewRequest(http.MethodGet, requestUrl.String(), nil) + req.Header.Set("Client-Id", app.Config.Twitch.ClientID) + req.Header.Set("Authorization", "Bearer " + app.Twitch.Token.AccessToken) + + res, err := http.DefaultClient.Do(req) + if err != nil { + return nil, err + } + + type StreamsResponse struct { + Data []model.TwitchStreamInfo `json:"data"` + } + streamInfo := StreamsResponse{} + err = json.NewDecoder(res.Body).Decode(&streamInfo) + if err != nil { + return nil, err + } + + if len(streamInfo.Data) == 0 { + return nil, nil + } + + lastStreamState = &streamInfo.Data[0] + lastStreamStateAt = time.Now().UTC() + return lastStreamState, nil +} diff --git a/main.go b/main.go index 29539ac..8f37639 100644 --- a/main.go +++ b/main.go @@ -22,7 +22,6 @@ import ( "arimelody-web/cursor" "arimelody-web/log" "arimelody-web/model" - "arimelody-web/templates" "arimelody-web/view" "github.com/jmoiron/sqlx" @@ -40,6 +39,7 @@ func main() { app := model.AppState{ Config: controller.GetConfig(), + Twitch: nil, } // initialise database connection @@ -460,6 +460,11 @@ func main() { // handle DB migrations controller.CheckDBVersionAndMigrate(app.DB) + err = controller.TwitchSetup(&app) + if err != nil { + fmt.Fprintf(os.Stderr, "WARN: Failed to set up Twitch integration: %v\n", err) + } + // initial invite code accountsCount := 0 err = app.DB.Get(&accountsCount, "SELECT count(*) FROM account") @@ -511,49 +516,13 @@ func createServeMux(app *model.AppState) *http.ServeMux { mux.Handle("/admin/", http.StripPrefix("/admin", admin.Handler(app))) mux.Handle("/api/", http.StripPrefix("/api", api.Handler(app))) mux.Handle("/music/", http.StripPrefix("/music", view.MusicHandler(app))) - mux.Handle("/uploads/", http.StripPrefix("/uploads", staticHandler(filepath.Join(app.Config.DataDirectory, "uploads")))) + mux.Handle("/uploads/", http.StripPrefix("/uploads", view.StaticHandler(filepath.Join(app.Config.DataDirectory, "uploads")))) mux.Handle("/cursor-ws", cursor.Handler(app)) - mux.Handle("/", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - if r.Method == http.MethodHead { - w.WriteHeader(http.StatusOK) - return - } - - if r.URL.Path == "/" || r.URL.Path == "/index.html" { - err := templates.IndexTemplate.Execute(w, nil) - if err != nil { - http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) - } - return - } - staticHandler("public").ServeHTTP(w, r) - })) + mux.Handle("/", view.IndexHandler(app)) return mux } -func staticHandler(directory string) http.Handler { - return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - info, err := os.Stat(filepath.Join(directory, filepath.Clean(r.URL.Path))) - - // does the file exist? - if err != nil { - if errors.Is(err, os.ErrNotExist) { - http.NotFound(w, r) - return - } - } - - // is thjs a directory? (forbidden) - if info.IsDir() { - http.NotFound(w, r) - return - } - - http.FileServer(http.Dir(directory)).ServeHTTP(w, r) - }) -} - var PoweredByStrings = []string{ "nerd rage", "estrogen", diff --git a/model/appstate.go b/model/appstate.go index a910a29..861a991 100644 --- a/model/appstate.go +++ b/model/appstate.go @@ -21,6 +21,12 @@ type ( Secret string `toml:"secret"` } + TwitchConfig struct { + Broadcaster string `toml:"broadcaster"` + ClientID string `toml:"client_id"` + Secret string `toml:"secret"` + } + Config struct { BaseUrl string `toml:"base_url" comment:"Used for OAuth redirects."` Host string `toml:"host"` @@ -29,11 +35,13 @@ type ( TrustedProxies []string `toml:"trusted_proxies"` DB DBConfig `toml:"db"` Discord DiscordConfig `toml:"discord"` + Twitch TwitchConfig `toml:"twitch"` } AppState struct { DB *sqlx.DB Config Config Log log.Logger + Twitch *TwitchState } ) diff --git a/model/twitch.go b/model/twitch.go new file mode 100644 index 0000000..6bca17d --- /dev/null +++ b/model/twitch.go @@ -0,0 +1,43 @@ +package model + +import ( + "fmt" + "strings" + "time" +) + +type ( + TwitchOAuthToken struct { + AccessToken string + ExpiresAt time.Time + TokenType string + } + + TwitchState struct { + Token *TwitchOAuthToken + } + + TwitchStreamInfo struct { + ID string `json:"id"` + UserID string `json:"user_id"` + UserLogin string `json:"user_login"` + UserName string `json:"user_name"` + GameID string `json:"game_id"` + GameName string `json:"game_name"` + Type string `json:"type"` + Title string `json:"title"` + ViewerCount int `json:"viewer_count"` + StartedAt string `json:"started_at"` + Language string `json:"language"` + ThumbnailURL string `json:"thumbnail_url"` + TagIDs []string `json:"tag_ids"` + Tags []string `json:"tags"` + IsMature bool `json:"is_mature"` + } +) + +func (info *TwitchStreamInfo) Thumbnail(width int, height int) string { + res := strings.Replace(info.ThumbnailURL, "{width}", fmt.Sprintf("%d", width), 1) + res = strings.Replace(res, "{height}", fmt.Sprintf("%d", height), 1) + return res +} diff --git a/public/style/colours.css b/public/style/colours.css index 2bf607d..de63198 100644 --- a/public/style/colours.css +++ b/public/style/colours.css @@ -6,6 +6,7 @@ --secondary: #f8e05b; --tertiary: #f788fe; --links: #5eb2ff; + --live: #fd3737; } @media (prefers-color-scheme: light) { diff --git a/public/style/index.css b/public/style/index.css index 6edb362..f60fdb7 100644 --- a/public/style/index.css +++ b/public/style/index.css @@ -222,3 +222,84 @@ div#web-buttons { transform: translate(-2px, -2px); box-shadow: 1px 1px 0 #eee, 2px 2px 0 #eee; } + +#live-banner { + margin: 1em 0 2em 0; + padding: 1em; + border-radius: 4px; + border: 1px solid var(--primary); + box-shadow: 0 0 8px var(--primary); +} + +#live-banner h2 { + margin: 0 0 .4em 0; + color: var(--on-background); +} + +#live-banner p { + margin: 0; +} + +.live-highlight { + color: var(--primary); +} + +.live-preview { + display: flex; + flex-direction: row; + justify-content: center; + gap: 1em; +} + +.live-preview div:first-of-type { + text-align: center; +} + +.live-thumbnail { + border-radius: 4px; +} + +.live-button { + margin: .2em; + padding: .4em .5em; + display: inline-block; + color: var(--primary); + border: 1px solid var(--primary); + border-radius: 4px; + transition: color .1s linear, background-color .1s linear, box-shadow .1s linear; +} + +.live-button:hover { + color: var(--background); + background-color: var(--primary); + box-shadow: 0 0 8px var(--primary); + text-decoration: none; +} + +.live-info { + display: flex; + flex-direction: column; + gap: .3em; + overflow-x: hidden; +} + +.live-game { + overflow: hidden; + text-wrap: nowrap; + text-overflow: ellipsis; +} + +.live-game .live-game-prefix { + opacity: .8; +} + +.live-title { + display: -webkit-box; + -webkit-line-clamp: 2; + -webkit-box-orient: vertical; + overflow: hidden; +} + +.live-viewers { + opacity: .5; +} diff --git a/view/index.go b/view/index.go new file mode 100644 index 0000000..995de44 --- /dev/null +++ b/view/index.go @@ -0,0 +1,45 @@ +package view + +import ( + "arimelody-web/controller" + "arimelody-web/model" + "arimelody-web/templates" + "fmt" + "net/http" + "os" +) + +func IndexHandler(app *model.AppState) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + if r.Method == http.MethodHead { + w.WriteHeader(http.StatusOK) + return + } + + type IndexData struct { + TwitchStatus *model.TwitchStreamInfo + } + + var err error + var twitchStatus *model.TwitchStreamInfo = nil + if len(app.Config.Twitch.Broadcaster) > 0 { + twitchStatus, err = controller.GetTwitchStatus(app, app.Config.Twitch.Broadcaster) + if err != nil { + fmt.Fprintf(os.Stderr, "WARN: Failed to get Twitch status for %s: %v\n", app.Config.Twitch.Broadcaster, err) + } + } + + if r.URL.Path == "/" || r.URL.Path == "/index.html" { + err := templates.IndexTemplate.Execute(w, IndexData{ + TwitchStatus: twitchStatus, + }) + if err != nil { + fmt.Fprintf(os.Stderr, "WARN: Failed to render index page: %v\n", err) + http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) + } + return + } + + StaticHandler("public").ServeHTTP(w, r) + }) +} diff --git a/view/static.go b/view/static.go new file mode 100644 index 0000000..52263a2 --- /dev/null +++ b/view/static.go @@ -0,0 +1,31 @@ +package view + +import ( + "errors" + "net/http" + "os" + "path/filepath" +) + +func StaticHandler(directory string) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + info, err := os.Stat(filepath.Join(directory, filepath.Clean(r.URL.Path))) + + // does the file exist? + if err != nil { + if errors.Is(err, os.ErrNotExist) { + http.NotFound(w, r) + return + } + } + + // is thjs a directory? (forbidden) + if info.IsDir() { + http.NotFound(w, r) + return + } + + http.FileServer(http.Dir(directory)).ServeHTTP(w, r) + }) +} + diff --git a/views/index.html b/views/index.html index f639c55..98a862c 100644 --- a/views/index.html +++ b/views/index.html @@ -22,6 +22,23 @@ {{define "content"}}
      + {{if .TwitchStatus}} +
      +

      ari is LIVE right now!

      +
      +
      + livestream thumbnail + join in! +
      +
      +

      streaming: {{.TwitchStatus.GameName}}

      +

      {{.TwitchStatus.Title}}

      +

      {{.TwitchStatus.ViewerCount}} viewers

      +
      +
      +
      + {{end}} +

      # hello, world!

      From 581273370de2029c8258564ab2a180eea93f0a0d Mon Sep 17 00:00:00 2001 From: ari melody Date: Tue, 17 Jun 2025 02:01:06 +0100 Subject: [PATCH 58/99] improvements to LIVE tracker --- controller/twitch.go | 3 --- main.go | 8 +++++--- model/appstate.go | 4 ++-- public/style/index.css | 41 +++++++++++++++++++++++++++++++++++------ public/style/main.css | 1 + view/index.go | 2 +- views/index.html | 2 +- 7 files changed, 45 insertions(+), 16 deletions(-) diff --git a/controller/twitch.go b/controller/twitch.go index f7dc509..98d3b9a 100644 --- a/controller/twitch.go +++ b/controller/twitch.go @@ -4,7 +4,6 @@ import ( "arimelody-web/model" "bytes" "encoding/json" - "fmt" "net/http" "net/url" "time" @@ -63,8 +62,6 @@ func GetTwitchStatus(app *model.AppState, broadcaster string) (*model.TwitchStre return lastStreamState, nil } - fmt.Print("MAKING COSTLY REQUEST TO TWITCH.TV API...\n") - requestUrl, _ := url.Parse(TWITCH_API_BASE + "streams") requestUrl.RawQuery = url.Values{ "user_login": []string{ broadcaster }, diff --git a/main.go b/main.go index 8f37639..0234d79 100644 --- a/main.go +++ b/main.go @@ -460,9 +460,11 @@ func main() { // handle DB migrations controller.CheckDBVersionAndMigrate(app.DB) - err = controller.TwitchSetup(&app) - if err != nil { - fmt.Fprintf(os.Stderr, "WARN: Failed to set up Twitch integration: %v\n", err) + if app.Config.Twitch != nil { + err = controller.TwitchSetup(&app) + if err != nil { + fmt.Fprintf(os.Stderr, "WARN: Failed to set up Twitch integration: %v\n", err) + } } // initial invite code diff --git a/model/appstate.go b/model/appstate.go index 861a991..3a1c230 100644 --- a/model/appstate.go +++ b/model/appstate.go @@ -34,8 +34,8 @@ type ( DataDirectory string `toml:"data_dir"` TrustedProxies []string `toml:"trusted_proxies"` DB DBConfig `toml:"db"` - Discord DiscordConfig `toml:"discord"` - Twitch TwitchConfig `toml:"twitch"` + Discord *DiscordConfig `toml:"discord"` + Twitch *TwitchConfig `toml:"twitch"` } AppState struct { diff --git a/public/style/index.css b/public/style/index.css index f60fdb7..6efe241 100644 --- a/public/style/index.css +++ b/public/style/index.css @@ -231,11 +231,6 @@ div#web-buttons { box-shadow: 0 0 8px var(--primary); } -#live-banner h2 { - margin: 0 0 .4em 0; - color: var(--on-background); -} - #live-banner p { margin: 0; } @@ -252,7 +247,11 @@ div#web-buttons { } .live-preview div:first-of-type { - text-align: center; + display: flex; + flex-direction: column; + justify-content: space-between; + align-items: center; + gap: .3em; } .live-thumbnail { @@ -283,6 +282,36 @@ div#web-buttons { overflow-x: hidden; } +#live-banner h2 { + margin: 0; + color: var(--on-background); + font-family: 'Inter', sans-serif; + font-weight: 800; + font-style: italic; +} + +.live-pinger { + width: .5em; + height: .5em; + margin: .1em .2em; + display: inline-block; + border-radius: 100%; + background-color: var(--primary); + box-shadow: 0 0 4px var(--primary); + animation: live-pinger-pulse 1s infinite alternate ease-in-out; +} + +@keyframes live-pinger-pulse { + from { + opacity: .8; + transform: scale(1.0); + } + to { + opacity: 1; + transform: scale(1.1); + } +} + .live-game { overflow: hidden; text-wrap: nowrap; diff --git a/public/style/main.css b/public/style/main.css index 4e9e113..680ee2b 100644 --- a/public/style/main.css +++ b/public/style/main.css @@ -3,6 +3,7 @@ @import url("/style/footer.css"); @import url("/style/prideflag.css"); @import url("/style/cursor.css"); +@import url("/font/inter/inter.css"); @font-face { font-family: "Monaspace Argon"; diff --git a/view/index.go b/view/index.go index 995de44..b6e3891 100644 --- a/view/index.go +++ b/view/index.go @@ -22,7 +22,7 @@ func IndexHandler(app *model.AppState) http.Handler { var err error var twitchStatus *model.TwitchStreamInfo = nil - if len(app.Config.Twitch.Broadcaster) > 0 { + if app.Twitch != nil && len(app.Config.Twitch.Broadcaster) > 0 { twitchStatus, err = controller.GetTwitchStatus(app, app.Config.Twitch.Broadcaster) if err != nil { fmt.Fprintf(os.Stderr, "WARN: Failed to get Twitch status for %s: %v\n", app.Config.Twitch.Broadcaster, err) diff --git a/views/index.html b/views/index.html index 98a862c..6985f6c 100644 --- a/views/index.html +++ b/views/index.html @@ -24,13 +24,13 @@
      {{if .TwitchStatus}}
      -

      ari is LIVE right now!

      +

      ari melody LIVE

      streaming: {{.TwitchStatus.GameName}}

      {{.TwitchStatus.Title}}

      {{.TwitchStatus.ViewerCount}} viewers

      From 375ae84ae33d352421dffcfbe44bbbdff32a3b11 Mon Sep 17 00:00:00 2001 From: ari melody Date: Sun, 22 Jun 2025 18:00:08 +0100 Subject: [PATCH 59/99] update some arimelody.me references to .space --- views/index.html | 30 ++++-------------------------- 1 file changed, 4 insertions(+), 26 deletions(-) diff --git a/views/index.html b/views/index.html index 6985f6c..37bd2a3 100644 --- a/views/index.html +++ b/views/index.html @@ -6,8 +6,8 @@ - - + + @@ -101,28 +101,6 @@

      where to find me 🛰️

      -
    • - +
      pride flag

      progressive pride flag widget for websites

      From 7a354cddf520e5673f347f911c2951401a53da35 Mon Sep 17 00:00:00 2001 From: ari melody Date: Sun, 22 Jun 2025 18:05:21 +0100 Subject: [PATCH 60/99] update some more links! --- views/index.html | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/views/index.html b/views/index.html index 37bd2a3..0e09475 100644 --- a/views/index.html +++ b/views/index.html @@ -133,7 +133,7 @@
    • - + discord discord @@ -202,7 +202,7 @@
      - + ari melody web button From 05ab207a1f365d3a6c0742bda79431a2e3803742 Mon Sep 17 00:00:00 2001 From: ari melody Date: Sat, 5 Jul 2025 18:53:57 +0100 Subject: [PATCH 61/99] live banner: fix horizontal alignment --- public/style/index.css | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/public/style/index.css b/public/style/index.css index 6efe241..b970c17 100644 --- a/public/style/index.css +++ b/public/style/index.css @@ -242,7 +242,7 @@ div#web-buttons { .live-preview { display: flex; flex-direction: row; - justify-content: center; + justify-content: start; gap: 1em; } From 1896633fd18ebf4580e19a2810eb717d8b38e39a Mon Sep 17 00:00:00 2001 From: ari melody Date: Fri, 18 Jul 2025 23:38:01 +0100 Subject: [PATCH 62/99] clear expired sessions on server start why wasn't i doing this before?? :sob: --- controller/session.go | 4 ++++ main.go | 7 +++++++ 2 files changed, 11 insertions(+) diff --git a/controller/session.go b/controller/session.go index b037575..5028789 100644 --- a/controller/session.go +++ b/controller/session.go @@ -188,3 +188,7 @@ func DeleteSession(db *sqlx.DB, token string) error { return err } +func DeleteExpiredSessions(db *sqlx.DB) error { + _, err := db.Exec("DELETE FROM session WHERE expires_at Date: Fri, 1 Aug 2025 00:29:47 +0100 Subject: [PATCH 63/99] update web buttons --- public/img/buttons/girlonthemoon.png | Bin 0 -> 1556 bytes views/index.html | 3 +++ 2 files changed, 3 insertions(+) create mode 100644 public/img/buttons/girlonthemoon.png diff --git a/public/img/buttons/girlonthemoon.png b/public/img/buttons/girlonthemoon.png new file mode 100644 index 0000000000000000000000000000000000000000..4e98a12226a4ae1f958336c54d46413e5cdb5bee GIT binary patch literal 1556 zcmV+v2J88WP)EX>4Tx04R}tkv&MmKpe$iTeVUv3U&~2$k003MMWHI6^c+H)C#RSm|XfHG-*gu zTpR`0f`cE6RRe3JS*_Gq>z@3D;exij#C4jZNMQks5FtQD4I8MyLY!8O6cZWRPkQ)A9KT2|nOqxS z{&ffk#)9UXBXg+eHe!)YF00009a7bBm001r{001r{0eGc9b^rhX2XskI zMF;5y3lJ+H^yciE0000PbVXQnLvL+uWo~o;Lvm$dbY)~9cWHEJAV*0}P*;Ht7XSbQ z{z*hZRA}Dqnoo!uRUF4Z@6BYBm~3{Fb=B6gySA{d_>UrM3m!bQD0u2Y@fOyDhrJaK zMYbX+xQBu_p;+(_+M@>rp?DEg7Q3zpR)qzj(n7m6TQ}R?r1>+M84uae>Ez91CY!8D z%@+d6d-Hqm_xrx@d%xcsA`ZU(x6J@bEH6s7OYp`8gIuM(F?4{rtTtd%37ao|skKcm zfb6%BPt7JdHJc3lyIsuB*sSF(zP!4-4K90`y#E?Ym+vOG`p;ELYpdaph zH7)r1FB1>|7`N6~Kc59)^u+rlCZ7pUuu46R02+O&fK+|XvD`MQKKC{cN?a%Xavl#? zZrbDx;b;|YZG71cRk#CllhNygVhj)KO zbZhJN^6@c0W3ySb`S_yAce&=|Hk3Y~v>O|Zk{%u+9@V&Au5m3_qFgnb73^GDzho0M z8MPW?FOp`M_EOd67oFf&74^Bh?C|7Orw_$zD=K7{h(UKHojC4{b6SLXaF!|`Wx?R~Yd2+PK z(S4E+SCiyx0$r2g%Cv?eypEE4;mkg}+FUiv&)7UQ(P*pee4zS(&BZJ5$5y?kW`Qnk zp3RtilhZLw%l`~kk>>T=tKF|cXjMIUEtp>g5VoobB8s!CLirie1q;U_ytrR55r?ti z`htu`O)Sf1bE{fkrgwk1X@B~e*);H8yq{3b>xaF3XX5s)F?XYkb7H#$!}0p}l^geQ z?$-*rjj}(%-3Tfyp?gJk7{9)KTk`o&HI7aSo;aYPJKU(5@Xq&=OE)UPugZ&B0O|x!C*k3Q;L-a9(+^6f#s!+JCrEvu z$2Q-#?TGjB6r4U5ArZUN*AU5ER%<4>p(MAO+zRtjoR@vjey?X+&E`#E}Jytgb2brBg5{6DBL27mtRGX4b;&mcd6GW2Z#0000 isabel roses web button + + sweet like bubblegum web button +
      From ab07554716a2ea0feba7fa4d09275549d1c32158 Mon Sep 17 00:00:00 2001 From: ari melody Date: Wed, 13 Aug 2025 23:26:23 +0100 Subject: [PATCH 64/99] update fediverse rel --- views/index.html | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/views/index.html b/views/index.html index df4d341..05388f8 100644 --- a/views/index.html +++ b/views/index.html @@ -14,8 +14,7 @@ - - + {{end}} From c49084afb05abdccbbc25a2bf79412085bc7864d Mon Sep 17 00:00:00 2001 From: ari melody Date: Thu, 14 Aug 2025 01:07:53 +0100 Subject: [PATCH 65/99] replace straggler arimelody.me mentions with .space email notwithstanding --- README.md | 4 +-- admin/views/layout.html | 2 +- controller/config.go | 2 +- controller/totp.go | 4 +-- docker-compose.example.yml | 2 +- main.go | 2 +- public/img/prideflag.svg | 64 +++++++++++++++++++------------------- public/script/config.js | 2 +- public/script/prideflag.js | 6 ++-- views/footer.html | 2 +- views/index.html | 14 ++++----- views/music-gateway.html | 12 +++---- views/music.html | 6 ++-- 13 files changed, 61 insertions(+), 61 deletions(-) diff --git a/README.md b/README.md index 464379e..75b2095 100644 --- a/README.md +++ b/README.md @@ -1,10 +1,10 @@ -# arimelody.me +# ari melody website home to your local SPACEGIRL! 💫 --- -built up from the initial [static](https://git.arimelody.me/ari/arimelody.me-static) +built up from the initial [static](https://forge.arimelody.space/ari/arimelody.me-static) branch, this powerful, server-side rendered version comes complete with live updates, powered by a new database and handy admin panel! diff --git a/admin/views/layout.html b/admin/views/layout.html index 52b0620..fdeda9b 100644 --- a/admin/views/layout.html +++ b/admin/views/layout.html @@ -18,7 +18,7 @@
    • - +
      - catdance + catdance

      watch the cat dance 🐱

    • - +
      - pride flag + pride flag

      progressive pride flag widget for websites

      • @@ -172,16 +172,16 @@
  • - +
    - impact meme + impact meme

    impact meme generator

  • - OpenTerminal + OpenTerminal

    communal online text buffer

    • diff --git a/views/music-gateway.html b/views/music-gateway.html index 0f4441c..9007c02 100644 --- a/views/music-gateway.html +++ b/views/music-gateway.html @@ -6,22 +6,22 @@ - + - + - - + + - + @@ -34,7 +34,7 @@
    - < + <

    diff --git a/views/music.html b/views/music.html index 6f84672..51f712d 100644 --- a/views/music.html +++ b/views/music.html @@ -6,8 +6,8 @@ - - + + @@ -72,7 +72,7 @@

    music used: ari melody - free2play
    - https://arimelody.me/music/free2play
    + https://arimelody.space/music/free2play
    licensed under CC BY-SA 4.0.

    From c63a090569d6ef8d12743f802b0361e22c4422cd Mon Sep 17 00:00:00 2001 From: ari melody Date: Sat, 16 Aug 2025 22:35:49 +0100 Subject: [PATCH 66/99] fix HTTPLog panic with no User-Agent --- main.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.go b/main.go index 53f2883..edd4c87 100644 --- a/main.go +++ b/main.go @@ -626,6 +626,6 @@ func HTTPLog(next http.Handler) http.Handler { lrw.Status, colour.Reset, elapsed, - r.Header["User-Agent"][0]) + r.Header.Get("User-Agent")) }) } From 5a330ad7fa631ea331dbf02846262acabbd9ab3e Mon Sep 17 00:00:00 2001 From: ari melody Date: Tue, 19 Aug 2025 15:22:59 +0100 Subject: [PATCH 67/99] fix some opengraph --- views/index.html | 2 +- views/music-gateway.html | 6 +++--- views/music.html | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/views/index.html b/views/index.html index 23f40ea..23764e1 100644 --- a/views/index.html +++ b/views/index.html @@ -8,7 +8,7 @@ - + diff --git a/views/music-gateway.html b/views/music-gateway.html index 9007c02..febef4d 100644 --- a/views/music-gateway.html +++ b/views/music-gateway.html @@ -9,8 +9,8 @@ - - + + @@ -19,7 +19,7 @@ - + diff --git a/views/music.html b/views/music.html index 51f712d..e0a5110 100644 --- a/views/music.html +++ b/views/music.html @@ -8,7 +8,7 @@ - + From c82709084b32837956a86d2aa0ccdc4031f4dabf Mon Sep 17 00:00:00 2001 From: ari melody Date: Wed, 20 Aug 2025 12:41:55 +0100 Subject: [PATCH 68/99] add quick security check to requests --- main.go | 33 ++++++++++++++++++++++++++++++++- 1 file changed, 32 insertions(+), 1 deletion(-) diff --git a/main.go b/main.go index edd4c87..9133958 100644 --- a/main.go +++ b/main.go @@ -515,7 +515,7 @@ func main() { fmt.Printf("Now serving at http://%s:%d\n", app.Config.Host, app.Config.Port) stdLog.Fatal( http.ListenAndServe(fmt.Sprintf("%s:%d", app.Config.Host, app.Config.Port), - HTTPLog(DefaultHeaders(mux)), + CheckRequest(&app, HTTPLog(DefaultHeaders(mux))), )) } @@ -562,6 +562,37 @@ var PoweredByStrings = []string{ "30 billion dollars in VC funding", } +func CheckRequest(app *model.AppState, next http.Handler) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + // requests with empty user agents are considered suspicious. + // every browser supplies them; hell, even curl supplies them. + // i only ever see null user-agents paired with malicious requests, + // so i'm canning them altogether. + if len(r.Header.Get("User-Agent")) == 0 { + http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest) + return + } + + // same with .php and awkward double-slash requests. + // obviously these don't affect me, but these tend to be lazy intrusion + // attempts. if that's what you're about, i don't want you on my site. + if strings.HasPrefix(r.URL.Path, "//") || + strings.HasSuffix(r.URL.Path, ".php") || + strings.HasSuffix(r.URL.Path, ".php7") { + http.NotFound(w, r) + fmt.Fprintf( + os.Stderr, + "WARN: Suspicious activity blocked: {\"path\":\"%s\",\"address\":\"%s\"}\n", + r.URL.Path, + r.RemoteAddr, + ) + return + } + + next.ServeHTTP(w, r) + }) +} + func DefaultHeaders(next http.Handler) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { w.Header().Add("Server", "ari melody webbed site") From d13cfc74ad7c1f8d68c11adeeaf633fae38f9f4e Mon Sep 17 00:00:00 2001 From: ari melody Date: Fri, 22 Aug 2025 01:06:37 +0100 Subject: [PATCH 69/99] =?UTF-8?q?complete=20arimelody.space=20migration!?= =?UTF-8?q?=20=F0=9F=8E=89?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- README.md | 11 +--- docker-compose.example.yml | 2 +- public/keys/ari melody_0x92678188_public.asc | 26 -------- public/keys/ari@arimelody.space_public.asc | 66 ++++++++++++++++++++ views/index.html | 4 +- views/music.html | 2 +- 6 files changed, 73 insertions(+), 38 deletions(-) delete mode 100644 public/keys/ari melody_0x92678188_public.asc create mode 100644 public/keys/ari@arimelody.space_public.asc diff --git a/README.md b/README.md index 75b2095..f1fd392 100644 --- a/README.md +++ b/README.md @@ -4,14 +4,9 @@ home to your local SPACEGIRL! 💫 --- -built up from the initial [static](https://forge.arimelody.space/ari/arimelody.me-static) -branch, this powerful, server-side rendered version comes complete with live -updates, powered by a new database and handy admin panel! - -the admin panel currently facilitates live updating of my music discography, -though i plan to expand it towards art portfolio and blog posts in the future. -if all goes well, i'd like to later separate these components into their own -library for others to use in their own sites. exciting stuff! +a slightly-overcomplicated webserver built to show off everything i've worked +on, and then some! this server comes complete with twitch live status tracking, +a portfolio database, and a full-fledged admin CMS panel to manage it all! ## build diff --git a/docker-compose.example.yml b/docker-compose.example.yml index 62843b9..5ba8cfa 100644 --- a/docker-compose.example.yml +++ b/docker-compose.example.yml @@ -1,6 +1,6 @@ services: web: - image: docker.arimelody.space/arimelody.me:latest + image: docker.arimelody.space/arimelody-web:latest build: . ports: - 8080:8080 diff --git a/public/keys/ari melody_0x92678188_public.asc b/public/keys/ari melody_0x92678188_public.asc deleted file mode 100644 index 80a4676..0000000 --- a/public/keys/ari melody_0x92678188_public.asc +++ /dev/null @@ -1,26 +0,0 @@ ------BEGIN PGP PUBLIC KEY BLOCK----- - -mDMEZNW03RYJKwYBBAHaRw8BAQdAuMUNVjXT7m/YisePPnSYY6lc1Xmm3oS79ZEO -JriRCZy0HWFyaSBtZWxvZHkgPGFyaUBhcmltZWxvZHkubWU+iJkEExYKAEECGwMF -CwkIBwICIgIGFQoJCAsCBBYCAwECHgcCF4AWIQTujeuNYocuegkeKt/PmYKckmeB -iAUCZ7UqUAUJCIMP8wAKCRDPmYKckmeBiO/NAP0SoJL4aKZqCeYiSoDF/Uw6nMmZ -+oR1Uig41wQ/IDbhCAEApP2vbjSIu6pcp0AQlL7qcoyPWv+XkqPSFqW9KEZZVwqI -kwQTFgoAOxYhBO6N641ihy56CR4q38+ZgpySZ4GIBQJk1bTdAhsDBQsJCAcCAiIC -BhUKCQgLAgQWAgMBAh4HAheAAAoJEM+ZgpySZ4GIYJsA/jBNwsJTlmV9JMmsW0aF -ApYDoPG1Q7sJ6CRW7xKCRjcqAQDX9iqNnW9Jqo8M3jXfu+aGSF926hg6M3SKm02P -f27bAbgzBGe1JooWCSsGAQQB2kcPAQEHQJbfh5iLHEpZndMgekqYzqTrUoAJ8ZIL -d4WH0dcw9tOaiPUEGBYKACYCGwIWIQTujeuNYocuegkeKt/PmYKckmeBiAUCZ7Uq -VgUJBaOeTACBdiAEGRYKAB0WIQQlu5dWmBR/P3ZxngxgtfA4bj3bfgUCZ7UmigAK -CRBgtfA4bj3bfux+AP4y5ydrjnGBMX7GuB2nh55SRdscSiXsZ66ntnjXyQcbWgEA -pDuu7FqXzXcnluuZxNFDT740Rnzs60tTeplDqGGWcAQJEM+ZgpySZ4GIc0kA/iSw -Nw+r3FC75omwrPpJF13B5fq93FweFx+oSaES6qzkAQDvgCK77qKKbvCju0g8zSsK -EZnv6xR4uvtGdVkvLpBdC7gzBGe1JpkWCSsGAQQB2kcPAQEHQGnU4lXFLchhKYkC -PshP+jvuRsNoedaDOK2p4dkQC8JuiH4EGBYKACYCGyAWIQTujeuNYocuegkeKt/P -mYKckmeBiAUCZ7UqXgUJBaOeRQAKCRDPmYKckmeBiL9KAQCJZIBhuSsoYa61I0XZ -cKzGZbB0h9pD6eg1VRswNIgHtQEAwu9Hgs1rs9cySvKbO7WgK6Qh6EfrvGgGOXCO -m3wVsg24OARntSo5EgorBgEEAZdVAQUBAQdA+/k586W1OHxndzDJNpbd+wqjyjr0 -D5IXxfDs00advB0DAQgHiH4EGBYKACYWIQTujeuNYocuegkeKt/PmYKckmeBiAUC -Z7UqOQIbDAUJBaOagAAKCRDPmYKckmeBiEFxAQCgziQt2l3u7jnZVij4zop+K2Lv -TVFtkbG61tf6brRzBgD/X6c6X5BRyQC51JV1I1RFRBdeMAIXzcLFg2v3WUMccQs= -=YmHI ------END PGP PUBLIC KEY BLOCK----- diff --git a/public/keys/ari@arimelody.space_public.asc b/public/keys/ari@arimelody.space_public.asc new file mode 100644 index 0000000..4323eba --- /dev/null +++ b/public/keys/ari@arimelody.space_public.asc @@ -0,0 +1,66 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mDMEZNW03RYJKwYBBAHaRw8BAQdAuMUNVjXT7m/YisePPnSYY6lc1Xmm3oS79ZEO +JriRCZy0IGFyaSBtZWxvZHkgPGFyaUBhcmltZWxvZHkuc3BhY2U+iQJJBBMWCgHx +AhsDBQkIgw/zBQsJCAcCAiICBhUKCQgLAgQWAgMBAh4HAheAAhkBFiEE7o3rjWKH +LnoJHirfz5mCnJJngYgFAmino5w1FIAAAAAAEAAccHJvb2ZAYXJpYWRuZS5pZGRu +czphcmltZWxvZHkuc3BhY2U/dHlwZT1UWFQ6FIAAAAAAEAAhcHJvb2ZAYXJpYWRu +ZS5pZGh0dHBzOi8vZmVkaS5hcmltZWxvZHkuc3BhY2UvQGFyaUQUgAAAAAAQACtw +cm9vZkBhcmlhZG5lLmlkaHR0cHM6Ly9mb3JnZS5ibGlzcy50b3duL2FyaS9rZXlv +eGlkZS1wcm9vZkkUgAAAAAAQADBwcm9vZkBhcmlhZG5lLmlkaHR0cHM6Ly9mb3Jn +ZS5hcmltZWxvZHkuc3BhY2UvYXJpL2tleW94aWRlLXByb29mRhSAAAAAABAALXBy +b29mQGFyaWFkbmUuaWRodHRwczovL2NvZGViZXJnLm9yZy9hcmltZWxvZHkva2V5 +b3hpZGUtcHJvb2ZlFIAAAAAAEABMcHJvb2ZAYXJpYWRuZS5pZGh0dHBzOi8vYnNr +eS5hcHAvcHJvZmlsZS9kaWQ6cGxjOnljdDZjdmdmaXBuZ2l6cnk1dW16a3hyMy9w +b3N0LzNsaWlucW90cXRjMjIACgkQz5mCnJJngYjDpQEAgFn3bXcxw3xF0dwrSURh +qpciMY31bkQy9eDMSKcbloIA/1hX1MnUKETdiAtrrK08z4udIXaJr52E5D7IAZk1 +pZwBtB1hcmkgbWVsb2R5IDxhcmlAYXJpbWVsb2R5Lm1lPoiTBBMWCgA7FiEE7o3r +jWKHLnoJHirfz5mCnJJngYgFAmTVtN0CGwMFCwkIBwICIgIGFQoJCAsCBBYCAwEC +HgcCF4AACgkQz5mCnJJngYhgmwD+ME3CwlOWZX0kyaxbRoUClgOg8bVDuwnoJFbv +EoJGNyoBANf2Ko2db0mqjwzeNd+75oZIX3bqGDozdIqbTY9/btsBiQIKBBMWCgGy +AhsDBQsJCAcCAiICBhUKCQgLAgQWAgMBAh4HAheABQkIgw/zFiEE7o3rjWKHLnoJ +Hirfz5mCnJJngYgFAme1wUA2FIAAAAAAEAAdcHJvb2ZAYXJpYWRuZS5pZGh0dHBz +Oi8vaWNlLmFyaW1lbG9keS5tZS9AYXJpWxSAAAAAABAAQnByb29mQGFyaWFkbmUu +aWRodHRwczovL2dpc3QuZ2l0aHViLmNvbS9hcmltZWxvZHkvMzY2ZGMyYjZhYWVk +ZWMxOWU2MTRiN2NlY2U5Yzg2OWQyFIAAAAAAEAAZcHJvb2ZAYXJpYWRuZS5pZGRu +czphcmltZWxvZHkubWU/dHlwZT1UWFRlFIAAAAAAEABMcHJvb2ZAYXJpYWRuZS5p +ZGh0dHBzOi8vYnNreS5hcHAvcHJvZmlsZS9kaWQ6cGxjOnljdDZjdmdmaXBuZ2l6 +cnk1dW16a3hyMy9wb3N0LzNsaWlucW90cXRjMjJEFIAAAAAAEAArcHJvb2ZAYXJp +YWRuZS5pZGh0dHBzOi8vZ2l0LmFyaW1lbG9keS5tZS9hcmkva2V5b3hpZGVfcHJv +b2YACgkQz5mCnJJngYh3+QD+Pbo3bM4oWtUicGUGEp4jiFoBqSNlyl9rFPY0ODDS +DxEBANaXz/No/Hn3mEwNdrFigj/YPm7TH/4UBbHAxN6hDggPiQJGBBMWCgHuAhsD +BQsJCAcCAiICBhUKCQgLAgQWAgMBAh4HAheABQkIgw/zFiEE7o3rjWKHLnoJHirf +z5mCnJJngYgFAmino5VJFIAAAAAAEAAwcHJvb2ZAYXJpYWRuZS5pZGh0dHBzOi8v +Zm9yZ2UuYXJpbWVsb2R5LnNwYWNlL2FyaS9rZXlveGlkZS1wcm9vZkYUgAAAAAAQ +AC1wcm9vZkBhcmlhZG5lLmlkaHR0cHM6Ly9jb2RlYmVyZy5vcmcvYXJpbWVsb2R5 +L2tleW94aWRlLXByb29mOhSAAAAAABAAIXByb29mQGFyaWFkbmUuaWRodHRwczov +L2ZlZGkuYXJpbWVsb2R5LnNwYWNlL0BhcmllFIAAAAAAEABMcHJvb2ZAYXJpYWRu +ZS5pZGh0dHBzOi8vYnNreS5hcHAvcHJvZmlsZS9kaWQ6cGxjOnljdDZjdmdmaXBu +Z2l6cnk1dW16a3hyMy9wb3N0LzNsaWlucW90cXRjMjI1FIAAAAAAEAAccHJvb2ZA +YXJpYWRuZS5pZGRuczphcmltZWxvZHkuc3BhY2U/dHlwZT1UWFREFIAAAAAAEAAr +cHJvb2ZAYXJpYWRuZS5pZGh0dHBzOi8vZm9yZ2UuYmxpc3MudG93bi9hcmkva2V5 +b3hpZGUtcHJvb2YACgkQz5mCnJJngYgKNQD/UA2THttICUvz2p5cbPlJIm/QStRE +6crttsTeFSsyocgBAPDXpkdssPNNnxxVvCNATTTxiS08Cy+xxQVrjWztjlUCuDME +Z7UmihYJKwYBBAHaRw8BAQdAlt+HmIscSlmd0yB6SpjOpOtSgAnxkgt3hYfR1zD2 +05qI9QQYFgoAJgIbAhYhBO6N641ihy56CR4q38+ZgpySZ4GIBQJntSpWBQkFo55M +AIF2IAQZFgoAHRYhBCW7l1aYFH8/dnGeDGC18DhuPdt+BQJntSaKAAoJEGC18Dhu +Pdt+7H4A/jLnJ2uOcYExfsa4HaeHnlJF2xxKJexnrqe2eNfJBxtaAQCkO67sWpfN +dyeW65nE0UNPvjRGfOzrS1N6mUOoYZZwBAkQz5mCnJJngYhzSQD+JLA3D6vcULvm +ibCs+kkXXcHl+r3cXB4XH6hJoRLqrOQBAO+AIrvuoopu8KO7SDzNKwoRme/rFHi6 ++0Z1WS8ukF0LuDMEZ7UmmRYJKwYBBAHaRw8BAQdAadTiVcUtyGEpiQI+yE/6O+5G +w2h51oM4ranh2RALwm6IfgQYFgoAJgIbIBYhBO6N641ihy56CR4q38+ZgpySZ4GI +BQJntSpeBQkFo55FAAoJEM+ZgpySZ4GIv0oBAIlkgGG5KyhhrrUjRdlwrMZlsHSH +2kPp6DVVGzA0iAe1AQDC70eCzWuz1zJK8ps7taArpCHoR+u8aAY5cI6bfBWyDbg4 +BGe1KjkSCisGAQQBl1UBBQEBB0D7+TnzpbU4fGd3MMk2lt37CqPKOvQPkhfF8OzT +Rp28HQMBCAeIfgQYFgoAJhYhBO6N641ihy56CR4q38+ZgpySZ4GIBQJntSo5AhsM +BQkFo5qAAAoJEM+ZgpySZ4GIQXEBAKDOJC3aXe7uOdlWKPjOin4rYu9NUW2RsbrW +1/putHMGAP9fpzpfkFHJALnUlXUjVEVEF14wAhfNwsWDa/dZQxxxC7g4BGTVtN0S +CisGAQQBl1UBBQEBB0CcDZ2s/NAGhc13AisWei+4XQKNf7z7xBK6AIXhrlkRcQMB +CAeIeAQoFgoAIBYhBO6N641ihy56CR4q38+ZgpySZ4GIBQJntT6fAh0DAAoJEM+Z +gpySZ4GIgX8A/1d8CZFSRB0TRU8h6ijTS1+O2bKJ0uwydfQHL5b3fA4OAQDOU6eG +Ml82IKGhbFoJl7wm5X4+l5+lNqwZymNoZjVhBIh4BBgWCgAgFiEE7o3rjWKHLnoJ +Hirfz5mCnJJngYgFAmTVtN0CGwwACgkQz5mCnJJngYgv8QEA9YbuFnLLUeNJZFMT +KoWeOMJos6wwPnhgnYexntxsu/cBAMd/ORp2KDaZTEwOAUxrO6K1eFkn0pKAcdPq +cdVDnsIL +=Mzcq +-----END PGP PUBLIC KEY BLOCK----- diff --git a/views/index.html b/views/index.html index 23764e1..6d0af2c 100644 --- a/views/index.html +++ b/views/index.html @@ -66,7 +66,7 @@

    for anything else, you can reach me for any and all communications through - ari@arimelody.me. if your message + ari@arimelody.space. if your message contains anything beyond a silly gag, i strongly recommend encrypting your message using my public pgp key, listed below!

    @@ -93,7 +93,7 @@ my keys 🔑

    diff --git a/views/music.html b/views/music.html index e0a5110..e7b4bd9 100644 --- a/views/music.html +++ b/views/music.html @@ -84,7 +84,7 @@ if you do happen to use my work in something you're particularly proud of, feel free to send it my way!

    - > ari@arimelody.me + > ari@arimelody.space

From 6bd0b5ec0e853d13af0f4b8ed7827d7944ee0efc Mon Sep 17 00:00:00 2001 From: ari melody Date: Wed, 27 Aug 2025 18:42:30 +0100 Subject: [PATCH 70/99] update pgp key --- public/keys/ari@arimelody.space_public.asc | 77 ++++++++++------------ 1 file changed, 35 insertions(+), 42 deletions(-) diff --git a/public/keys/ari@arimelody.space_public.asc b/public/keys/ari@arimelody.space_public.asc index 4323eba..9e6fea2 100644 --- a/public/keys/ari@arimelody.space_public.asc +++ b/public/keys/ari@arimelody.space_public.asc @@ -2,19 +2,19 @@ mDMEZNW03RYJKwYBBAHaRw8BAQdAuMUNVjXT7m/YisePPnSYY6lc1Xmm3oS79ZEO JriRCZy0IGFyaSBtZWxvZHkgPGFyaUBhcmltZWxvZHkuc3BhY2U+iQJJBBMWCgHx -AhsDBQkIgw/zBQsJCAcCAiICBhUKCQgLAgQWAgMBAh4HAheAAhkBFiEE7o3rjWKH -LnoJHirfz5mCnJJngYgFAmino5w1FIAAAAAAEAAccHJvb2ZAYXJpYWRuZS5pZGRu -czphcmltZWxvZHkuc3BhY2U/dHlwZT1UWFQ6FIAAAAAAEAAhcHJvb2ZAYXJpYWRu -ZS5pZGh0dHBzOi8vZmVkaS5hcmltZWxvZHkuc3BhY2UvQGFyaUQUgAAAAAAQACtw -cm9vZkBhcmlhZG5lLmlkaHR0cHM6Ly9mb3JnZS5ibGlzcy50b3duL2FyaS9rZXlv -eGlkZS1wcm9vZkkUgAAAAAAQADBwcm9vZkBhcmlhZG5lLmlkaHR0cHM6Ly9mb3Jn -ZS5hcmltZWxvZHkuc3BhY2UvYXJpL2tleW94aWRlLXByb29mRhSAAAAAABAALXBy -b29mQGFyaWFkbmUuaWRodHRwczovL2NvZGViZXJnLm9yZy9hcmltZWxvZHkva2V5 -b3hpZGUtcHJvb2ZlFIAAAAAAEABMcHJvb2ZAYXJpYWRuZS5pZGh0dHBzOi8vYnNr -eS5hcHAvcHJvZmlsZS9kaWQ6cGxjOnljdDZjdmdmaXBuZ2l6cnk1dW16a3hyMy9w -b3N0LzNsaWlucW90cXRjMjIACgkQz5mCnJJngYjDpQEAgFn3bXcxw3xF0dwrSURh -qpciMY31bkQy9eDMSKcbloIA/1hX1MnUKETdiAtrrK08z4udIXaJr52E5D7IAZk1 -pZwBtB1hcmkgbWVsb2R5IDxhcmlAYXJpbWVsb2R5Lm1lPoiTBBMWCgA7FiEE7o3r +AhsDBQsJCAcCAiICBhUKCQgLAgQWAgMBAh4HAheAAhkBNRSAAAAAABAAHHByb29m +QGFyaWFkbmUuaWRkbnM6YXJpbWVsb2R5LnNwYWNlP3R5cGU9VFhUOhSAAAAAABAA +IXByb29mQGFyaWFkbmUuaWRodHRwczovL2ZlZGkuYXJpbWVsb2R5LnNwYWNlL0Bh +cmlEFIAAAAAAEAArcHJvb2ZAYXJpYWRuZS5pZGh0dHBzOi8vZm9yZ2UuYmxpc3Mu +dG93bi9hcmkva2V5b3hpZGUtcHJvb2ZJFIAAAAAAEAAwcHJvb2ZAYXJpYWRuZS5p +ZGh0dHBzOi8vZm9yZ2UuYXJpbWVsb2R5LnNwYWNlL2FyaS9rZXlveGlkZS1wcm9v +ZkYUgAAAAAAQAC1wcm9vZkBhcmlhZG5lLmlkaHR0cHM6Ly9jb2RlYmVyZy5vcmcv +YXJpbWVsb2R5L2tleW94aWRlLXByb29mZRSAAAAAABAATHByb29mQGFyaWFkbmUu +aWRodHRwczovL2Jza3kuYXBwL3Byb2ZpbGUvZGlkOnBsYzp5Y3Q2Y3ZnZmlwbmdp +enJ5NXVtemt4cjMvcG9zdC8zbGlpbnFvdHF0YzIyFiEE7o3rjWKHLnoJHirfz5mC +nJJngYgFAmivQJsFCQ0/jT4ACgkQz5mCnJJngYgdtQD+K8AMkLvR1ZKxl0tw8/FO +vwS9HknEW13GajSAY/W1/NoA/17mnVnlTFhepKo1ETnxe2BpdOaKR85K0n2qffzC +8SAAtB1hcmkgbWVsb2R5IDxhcmlAYXJpbWVsb2R5Lm1lPoiTBBMWCgA7FiEE7o3r jWKHLnoJHirfz5mCnJJngYgFAmTVtN0CGwMFCwkIBwICIgIGFQoJCAsCBBYCAwEC HgcCF4AACgkQz5mCnJJngYhgmwD+ME3CwlOWZX0kyaxbRoUClgOg8bVDuwnoJFbv EoJGNyoBANf2Ko2db0mqjwzeNd+75oZIX3bqGDozdIqbTY9/btsBiQIKBBMWCgGy @@ -29,38 +29,31 @@ cnk1dW16a3hyMy9wb3N0LzNsaWlucW90cXRjMjJEFIAAAAAAEAArcHJvb2ZAYXJp YWRuZS5pZGh0dHBzOi8vZ2l0LmFyaW1lbG9keS5tZS9hcmkva2V5b3hpZGVfcHJv b2YACgkQz5mCnJJngYh3+QD+Pbo3bM4oWtUicGUGEp4jiFoBqSNlyl9rFPY0ODDS DxEBANaXz/No/Hn3mEwNdrFigj/YPm7TH/4UBbHAxN6hDggPiQJGBBMWCgHuAhsD -BQsJCAcCAiICBhUKCQgLAgQWAgMBAh4HAheABQkIgw/zFiEE7o3rjWKHLnoJHirf -z5mCnJJngYgFAmino5VJFIAAAAAAEAAwcHJvb2ZAYXJpYWRuZS5pZGh0dHBzOi8v -Zm9yZ2UuYXJpbWVsb2R5LnNwYWNlL2FyaS9rZXlveGlkZS1wcm9vZkYUgAAAAAAQ -AC1wcm9vZkBhcmlhZG5lLmlkaHR0cHM6Ly9jb2RlYmVyZy5vcmcvYXJpbWVsb2R5 -L2tleW94aWRlLXByb29mOhSAAAAAABAAIXByb29mQGFyaWFkbmUuaWRodHRwczov -L2ZlZGkuYXJpbWVsb2R5LnNwYWNlL0BhcmllFIAAAAAAEABMcHJvb2ZAYXJpYWRu -ZS5pZGh0dHBzOi8vYnNreS5hcHAvcHJvZmlsZS9kaWQ6cGxjOnljdDZjdmdmaXBu -Z2l6cnk1dW16a3hyMy9wb3N0LzNsaWlucW90cXRjMjI1FIAAAAAAEAAccHJvb2ZA -YXJpYWRuZS5pZGRuczphcmltZWxvZHkuc3BhY2U/dHlwZT1UWFREFIAAAAAAEAAr -cHJvb2ZAYXJpYWRuZS5pZGh0dHBzOi8vZm9yZ2UuYmxpc3MudG93bi9hcmkva2V5 -b3hpZGUtcHJvb2YACgkQz5mCnJJngYgKNQD/UA2THttICUvz2p5cbPlJIm/QStRE -6crttsTeFSsyocgBAPDXpkdssPNNnxxVvCNATTTxiS08Cy+xxQVrjWztjlUCuDME +BQsJCAcCAiICBhUKCQgLAgQWAgMBAh4HAheASRSAAAAAABAAMHByb29mQGFyaWFk +bmUuaWRodHRwczovL2ZvcmdlLmFyaW1lbG9keS5zcGFjZS9hcmkva2V5b3hpZGUt +cHJvb2ZGFIAAAAAAEAAtcHJvb2ZAYXJpYWRuZS5pZGh0dHBzOi8vY29kZWJlcmcu +b3JnL2FyaW1lbG9keS9rZXlveGlkZS1wcm9vZjoUgAAAAAAQACFwcm9vZkBhcmlh +ZG5lLmlkaHR0cHM6Ly9mZWRpLmFyaW1lbG9keS5zcGFjZS9AYXJpZRSAAAAAABAA +THByb29mQGFyaWFkbmUuaWRodHRwczovL2Jza3kuYXBwL3Byb2ZpbGUvZGlkOnBs +Yzp5Y3Q2Y3ZnZmlwbmdpenJ5NXVtemt4cjMvcG9zdC8zbGlpbnFvdHF0YzIyNRSA +AAAAABAAHHByb29mQGFyaWFkbmUuaWRkbnM6YXJpbWVsb2R5LnNwYWNlP3R5cGU9 +VFhURBSAAAAAABAAK3Byb29mQGFyaWFkbmUuaWRodHRwczovL2ZvcmdlLmJsaXNz +LnRvd24vYXJpL2tleW94aWRlLXByb29mFiEE7o3rjWKHLnoJHirfz5mCnJJngYgF +AmivQJsFCQ0/jT4ACgkQz5mCnJJngYhk/wEAuQMYpUgyLqcYvOh1A+7f/t+DUXjz +YjQtLYw37oAESREA/074iJNi9GHGIjxYfp5lBkZxqGew1GAFIKx7Yzp64WQFuDME Z7UmihYJKwYBBAHaRw8BAQdAlt+HmIscSlmd0yB6SpjOpOtSgAnxkgt3hYfR1zD2 -05qI9QQYFgoAJgIbAhYhBO6N641ihy56CR4q38+ZgpySZ4GIBQJntSpWBQkFo55M +05qI9QQYFgoAJgIbAhYhBO6N641ihy56CR4q38+ZgpySZ4GIBQJor0AjBQkKYBsZ AIF2IAQZFgoAHRYhBCW7l1aYFH8/dnGeDGC18DhuPdt+BQJntSaKAAoJEGC18Dhu Pdt+7H4A/jLnJ2uOcYExfsa4HaeHnlJF2xxKJexnrqe2eNfJBxtaAQCkO67sWpfN -dyeW65nE0UNPvjRGfOzrS1N6mUOoYZZwBAkQz5mCnJJngYhzSQD+JLA3D6vcULvm -ibCs+kkXXcHl+r3cXB4XH6hJoRLqrOQBAO+AIrvuoopu8KO7SDzNKwoRme/rFHi6 -+0Z1WS8ukF0LuDMEZ7UmmRYJKwYBBAHaRw8BAQdAadTiVcUtyGEpiQI+yE/6O+5G +dyeW65nE0UNPvjRGfOzrS1N6mUOoYZZwBAkQz5mCnJJngYgc2gD/cFhjrwPdex9g +ZYk7jH29wQ9RpR9dEhf0C20nFZJLawgBAOBbzw4/O7OslSoIjhGs4pw9hJIBK7ds +PI6g3CeX0DUFuDMEZ7UmmRYJKwYBBAHaRw8BAQdAadTiVcUtyGEpiQI+yE/6O+5G w2h51oM4ranh2RALwm6IfgQYFgoAJgIbIBYhBO6N641ihy56CR4q38+ZgpySZ4GI -BQJntSpeBQkFo55FAAoJEM+ZgpySZ4GIv0oBAIlkgGG5KyhhrrUjRdlwrMZlsHSH -2kPp6DVVGzA0iAe1AQDC70eCzWuz1zJK8ps7taArpCHoR+u8aAY5cI6bfBWyDbg4 +BQJor0AjBQkKYBsKAAoJEM+ZgpySZ4GIoMAA/jB/exnjGvsMKuNW09bI29bsKHNW +SQLjEnuuByN6Spq6AP9yPUumsSEHr0W71iefMuNFJZnF+8qSk+uywQ/5ET+PBbg4 BGe1KjkSCisGAQQBl1UBBQEBB0D7+TnzpbU4fGd3MMk2lt37CqPKOvQPkhfF8OzT -Rp28HQMBCAeIfgQYFgoAJhYhBO6N641ihy56CR4q38+ZgpySZ4GIBQJntSo5AhsM -BQkFo5qAAAoJEM+ZgpySZ4GIQXEBAKDOJC3aXe7uOdlWKPjOin4rYu9NUW2RsbrW -1/putHMGAP9fpzpfkFHJALnUlXUjVEVEF14wAhfNwsWDa/dZQxxxC7g4BGTVtN0S -CisGAQQBl1UBBQEBB0CcDZ2s/NAGhc13AisWei+4XQKNf7z7xBK6AIXhrlkRcQMB -CAeIeAQoFgoAIBYhBO6N641ihy56CR4q38+ZgpySZ4GIBQJntT6fAh0DAAoJEM+Z -gpySZ4GIgX8A/1d8CZFSRB0TRU8h6ijTS1+O2bKJ0uwydfQHL5b3fA4OAQDOU6eG -Ml82IKGhbFoJl7wm5X4+l5+lNqwZymNoZjVhBIh4BBgWCgAgFiEE7o3rjWKHLnoJ -Hirfz5mCnJJngYgFAmTVtN0CGwwACgkQz5mCnJJngYgv8QEA9YbuFnLLUeNJZFMT -KoWeOMJos6wwPnhgnYexntxsu/cBAMd/ORp2KDaZTEwOAUxrO6K1eFkn0pKAcdPq -cdVDnsIL -=Mzcq +Rp28HQMBCAeIfgQYFgoAJgIbDBYhBO6N641ihy56CR4q38+ZgpySZ4GIBQJor0Ak +BQkKYBdqAAoJEM+ZgpySZ4GIlIoA/0fv2UQyhixu7Vkq7IeQ+NxUuEVCIGmrAu6k +ScT13ikjAQCPpIubU848yXcDUvxgcGAS7yNADU1dAWAZOi34WxajAQ== +=caf3 -----END PGP PUBLIC KEY BLOCK----- From 89bb46c49e434bcb97d0d799252d30bec71bb034 Mon Sep 17 00:00:00 2001 From: ari melody Date: Fri, 29 Aug 2025 16:29:28 +0100 Subject: [PATCH 71/99] day 1 patch --- main.go | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/main.go b/main.go index 9133958..f3c9f66 100644 --- a/main.go +++ b/main.go @@ -33,6 +33,7 @@ import ( const DB_VERSION = 1 const DEFAULT_PORT int64 = 8080 +const HRT_DATE int64 = 1756478697 func main() { fmt.Printf("made with <3 by ari melody\n\n") @@ -605,6 +606,10 @@ func DefaultHeaders(next http.Handler) http.Handler { "X-Powered-By", PoweredByStrings[rand.Intn(len(PoweredByStrings))], ) + w.Header().Add( + "X-Days-Since-HRT", + fmt.Sprint(math.Round(time.Since(time.Unix(HRT_DATE, 0)).Hours() / 24)), + ) next.ServeHTTP(w, r) }) } From fd4335ced470306fe7263e45ca5505a857680042 Mon Sep 17 00:00:00 2001 From: ari melody Date: Sun, 7 Sep 2025 16:18:20 +0100 Subject: [PATCH 72/99] update security checks --- main.go | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/main.go b/main.go index f3c9f66..eaed7c6 100644 --- a/main.go +++ b/main.go @@ -574,11 +574,10 @@ func CheckRequest(app *model.AppState, next http.Handler) http.Handler { return } - // same with .php and awkward double-slash requests. - // obviously these don't affect me, but these tend to be lazy intrusion - // attempts. if that's what you're about, i don't want you on my site. - if strings.HasPrefix(r.URL.Path, "//") || - strings.HasSuffix(r.URL.Path, ".php") || + // obviously .php requests these don't affect me, but these tend to be + // lazy wordpress intrusion attempts. if that's what you're about, i + // don't want you on my site. + if strings.HasSuffix(r.URL.Path, ".php") || strings.HasSuffix(r.URL.Path, ".php7") { http.NotFound(w, r) fmt.Fprintf( From b150fa491cf668174e6f41bc579b8e08a18cc786 Mon Sep 17 00:00:00 2001 From: ari melody Date: Wed, 10 Sep 2025 13:50:46 +0100 Subject: [PATCH 73/99] update web buttons --- public/img/buttons/wangleline.png | Bin 0 -> 6479 bytes views/index.html | 3 +++ 2 files changed, 3 insertions(+) create mode 100644 public/img/buttons/wangleline.png diff --git a/public/img/buttons/wangleline.png b/public/img/buttons/wangleline.png new file mode 100644 index 0000000000000000000000000000000000000000..b26ea3f59c6185ff6d8a1008316b4b03706c71db GIT binary patch literal 6479 zcmV-V8L;MwP)7huTF@#| z1zhUSTA|gtwOZr#c7F_FwfCvQvL6J=$7=%DF+4s!8&%NjO#~{^K3#~oR zljlB}d+xpG{k-q_p7$(L``T<_w*Uf=06++kr1bUpFMx#fPxtxi{_)?Xl!QD~V&{q& z)9;LM$AZONyZA~%i4^^Z4da=mk8;QF?_t@G7BPF=*|hd`V(0>4fNE1H8(a!P;rd6G zv8MKYp1)h=+@GjmlUcIB%Nv_=S@!Z%R1PX9;P+#5yXjX^!OG`e;J({#;+1P3WI$0r z{E-ksfDi&hH>eytn2$Dp%7xF}&nvenTzIt^+9kvZo4$UP5C{+;gn}S%hMJdkg5pWazpp0*sKtWrFAZki5#qA5ujKAWZl|%a9anJ)7Mq=x zdJpIZC9ZrlS-~usFeHP#eomYNOWD8kF!SzzoVa5*+h57xv^gsH1vme=n-@PSW6Q=j z7&dkQM{5q@uB^o5a$&VtNyL*R;z=APJ0?j*LqQ-gQi1`epN6Nth4Y^NBR`)S;*v$# zh{gnl^d07j6WG2HJpWSnyKsoFy~Bv0M&c4S^Ql7q?ji#e$lN{8OO`s0Wh)<~y|oj` zZb!A4iR%fP8=G(g#o2iTLt#`^q3rbjU?h3y*_U~B+lySaD8w!IWkQC4BSEgZJi&(j zV_3ibS={B>Y+1Jr)oLSX4x{u%NfyDoZ>$EuAu@>c#xY46CQT!^Fq18x@8Ob1AL1ud zJ9uhk4s;tBaX|UrCZDtzk`?uT^)fjFq6Z@E*l*&Y2X00n2*(m+<`sahgCXc@X~%_y z94&*~d>3+-i8Wh3;?_Sui$}Ec+lBCh;qdCxAU#1VM{4Z6yVu3S3y1LO`d4|q-h)X~ zG21MdEM`oaie@p&I3z{9pWr9$; zS>GC=|EnTNNP$h+;(JA~07V6cz?Un$-0|#mo_+f-__|s!<>a7cW>Q*IM8lyv`VSq% zqQPhLr#pYo=IxtU`Pql8uGvOju7fLQjlx-whu@b?R(?KCXAXG<84MXi!Y8at9lx)n8622pP+#rKJn}ze`p?OjvhvtJ0I1S31$meW$^jaAMks@nF$s< zNnZ#(nZnR@^pt@xzFi0d$?{(SPJxmqK^`34(#PxXLU*(uC8blzDk$ZxKd<8a`STew zaXj8gn7yBT#)oge#t65Y$8NrfR3Wsc+88vf5)=!<7b2ESp-U2pXdEdN!In&M<1Zh_ zQqYfS6Niy$iZJrbDzZ!5#FG$9>YzwSk_-rhArOWELZnCXZ|RV-Bw?|bFlS|gWT&Mu z%IBXSrFQ?vcxvC`oU?<>x!MJO3B5yr_Wc3t{}JHh0i#sPBpQ?a;_d*4J!PDA_QlMe zJ(*Esi@|AP`zx#YbjM*ThYTXv+eI=NX42%*3>r5YJ<>}s62_!!#G^@&Krx%Z5QKZY zn3GAe9U0tw$DjD)h8=AD`=>Y^8SHrbO|)<)8Co2-JA?iMOUNrOKr&f~>jE7KNs*B? z1xZ$rWa%5-U6v$_<4zDF?GR0s$tZAv*~NzU4)dEuOX)ZG0B=3xf=tkx_}-9p%>Myk z9h3@*quWzVo*SU5>U>^$^_LV@A@9MsII`>u-OYcfP3S-B;gX*4!Tvh(=H}GYwxh;BRY31iB&AL#(fr zRJaGL8Qg`rWank0S*=K_M$!-%l0;5k7D|R4bb*md(&q~y$uhF49M5Ib`ES;ca#Dxd z$s4+u0mb#~Sf7Ke8yEq;moBF;Aq6+Ng!N>A1t|Ft?2;&**vA=zrm^|(AE2j~-j*I@ z^%Qd+A&^xSSyPFJA|(3!B)Zhw`6bad6A{9%Z2SVh?5`jdL#*Gs(iAq9gq&z$S@c_bqMo@j^oL<*K_OdtjKnO9{I1> z0_oYV6#U2~tfqfoQOSZ>FZ7?{Wk}%|Htv6rs5e9`kva)j0kVv2QjrXSRX5O*369p( zv1ZF&_SE+fHy1E!Vl|h|y_l>l2fMdzq2t&gQi&wGt|JM7)!`(+{4}x)3vf8I$aCkT zX&N1^Z6GVyGVG|Dil&*6Wd+>;Mb$_~L&!!7Uq?6lckkwl-MdLdLgo)J@P*;@Ru#77&mt4D_y{lHUarp}B>S_p)B1;{H zq?nOp1;uP5;5$T=F3uSOeUN+gO;8cKfikgFTS&b3(q-|V!4FnE1MaA zm4+;TW9ayg%Si#t5+K30ok>7r8P55q(U+-c;(uG9Ie~O zgDajxGO4sTw~&a((M;)~Ue|SO8Fun>^UwiTPBzVr&8+);I|abVAKr_zax}$N)%2g> zWXltOWz|dbxo_@8{9)GlJpbg2Ja^Y^oYud9sUr$_e%Dcc^{#~h7f5jMR7ib0jgvkm zsX!QN4kpOLMNvsEgks-XSJhNx3Hn-l*i-AFX5Udlx?tCl2CO*)d1vce->5(Dr&lxY zr&j}@S!DF*mg6W<=-vG?ac>{tV3@MO1JO~)$+u%s41^+4T2V%(!$Be*$1n^WPA6HJ znH<`GkZWdM%+Qe|D9+Ahpgos1vx{SKFTT2sbnktUjxB>ZykQif<|7oAmS8Ap1V3GL z6`3Z96)T^jy{j7?!37I^e0ewrr9_~&i2n+*6#B>|EdNG>6&sL*Nz?pv2g}*E??GIy z3<80FRsUpCr>Cu(z78)j-N5Y3;LJ%Q(5xD>$KA-qx8FwPfC>&BI6zoWQCw7rNk~YB z#KfsnXgbz_%LvgE4k2Y_u>Q4o=;`QU+|+6YO`OP(VWW^0iAXepW-^gVCh_+4a`e!b z9Nc$+x0kOZ5)N_qpB|;yl1XRHVGcJp;@1o&PM?CisF<#%V{Ce76wriT`Mk$dF8@0N4SMZWwj8mn_Fn zHtkx9s;WdH-;81*1o2n`-4Hl)9Ar3b7>N|2Kp4m1emt@G32u63B~L!^2l@@Hp!@Sf zeDK^#CXYA+MHhHOA>yedCHVzh`QROxM-Rd4?c?LsA5u_UMA@JLbo=_~>*yjD3=;{5 zNhIRL<1r%9D9M!0*h$q?PpJM*TiUxiFli=oT-kU7ei~P-rg6^!x_bNY`TPtXF`U(V zc5$q=hK-&NF}&RrWG`gmz@xmgBOBTUsXmZSH7k`&NTJP6VbQ*Ouu^iM^9WR3=w)>O z(X82WKk;ascs%*9b(QpRtLxt!7VH^TBvq!ebSBr{cqdDqydNSd{{HIU@O!B;u~|ToSvcup zwrqQwog1DZZ~AzG^}Xa*Ud_DmE&S!f9Pk*V0;dL9$l58WiW$0lp%-xH+EHv~^vJhs z@IQn7s)PbzvWJxM;F24;;@+i9JaZ%y=Uu?q1wX>1S_mYgTyfDf{IL*2EH?T&y9oLM zxbkusHKm&Khfg58Gsvyi{)|W2S{#N#x#b#dtEXRJSbh&sCICY@0!Koa=Hj~7x| zbsB!3m!TtuGx?lp6qofQ6bu3o^at?Ckm1NASFy47oz=Xw?QMQNb2=Gj6OF4rrtHFM zYCruW{U=;S$wDvpyy!wcVqhfUBuNwi>WMmP1(Ne3Ncj-H<;PtBxPD382?GbMq|BWG zfe>nD5wb3k47MZm#L2%R$%Gp^_{ndtRFQ^nE+J@mYx{EIpGBXJ^uFrjTV zR7{-6+mGJHoL?ybM8kRmZeFoH;=&{HWAsU!)>K$tb=+;b}h z#YL=re+|?qd4^b1oFlHr~cn}DXQeh58D zGSrSatC(O|C2Mdd>t0yOl&kM#)UO}nwm;rWPis4oK!8{vfYoFo=Jk?FrLZ_0Q0S(& zr-wQJH=mZyPP)3fuqqld5}{C-UcVR3Y{r%2qM*2lNF>7Pqs|}}jbXA{D08}yfS7LZ z#i1i~w6(E!#~%K+>}4kX;4F&lNfyl>!R0qR111Z{wtYl0nWCu3MQdw>9BkN^lau@U_e?;yd;=^dP$y;>xXH=Z;SpcV;zZxekg)52QO; zh#gq{$_j2-I0H-BR1}l_#G}#91Ehi;6l)Q-;xTl$9>Y~J2-ThkKq}nLaIBtevxV{@!%)ba zwd(*FQ(eX9JN)F8R&e0J0S08mQTtCMk&?LLvWt1-_Yb52OL;`Py&P@s1wgaAShZ#y zk3RBH+N1V7BK2+j{IR>Z=9+7$udnBtg$r2pv+HnXI|117@g{a{`G`O`4fw#mTDEN5 ziRQ>6o=9@tHP)&4kz_GeI9$s`4%kKFdYoC7x&$bUSS`RX~ zC=-j-ipS$&@$FZTU09NKketDD%U7~w$&z&YT!qvek+|#0&scEd6*PE`v0(lWng5e{ zSZy|bbMp`Td-pGhV>S*>bZ$u+8Y}g#xpkxwCY9xxQ0622^FmL|;aW22*76t=r*SyD* zcmIMjPCxHN``+95EZ6_`2>`mg>bR(SA_v;ivX@`tM)HzgWjlpbP2IB{I=jHr+Q1d} zcTrSa!At8Fv0%KNw_baVspE$LAj@GUO`SqdPZvAhx`n#(>-qCbZy|(1Ur#qCiw%IF zuaEx4dH4&8(*E*waAv6+Ejuj{jg20nO|8gz;{kB!ef<5U`*`f>_sGf3BODH6Z(hrd zmsF6KpHCzb=C-qA^bJVsyu)FqVC--N647`9kH^EIeS4U8*(CskI$N1C)=hh7lvK(~ zEZ#*>Pa+C`2tdNuNu=!{`6cN9sNH{%%7QbQII;qOhK713jQSj_!wtZ|0V63d8_8s| zL{n2e9c^_KOd>Z;<0CzVz=9A^fWMY<}A9L6%4ec|3B6gXXvZ}0KBzgIV+xi zkdzKKvx3E>aQ&ItIIq7JfZV_i4tZjLgb*6Ctl@A=407w|MRuJpWVzDqHFei8?}DM^=H=7mY2ccfDz=P5JkEXqh)5S> zhb3w9G|;cSg1t<*FJ*}C0NLiowd401-5!HmgPlyU`H zzLF4uZ1_NLOKR9gETZknj9Q?C;sRjq}Df;`7&Ys5U()R?oQ?o4bHD zt6v3R`o#-qRtf;<>gXUReiVm)4|(}608)KT46=Lp!@W!B?&_kvY9#snD`{zI1fZ|I zh2q2>Mh;I$lu++R-Z~r=z*A3*D^YkLpO)w1fq^TZx5}y!^~kdb+#F zthx}#5ALEnl;p98?`HI%AoFMCv*@xx+;HJ2&K^3Rq<17MUMu60>m(k&H$+Qs7^OIY zQXr60+g&F%x$k;5N=;iOTIvXYdmsaVU_@}mL&fRn7+B98S6b4M`&a}u|6-0E+fQ{> z14rw0_Ik=`sc&G`m|{F}2P1L=JbuFnP!#T8`6Zt;nprg6%z0x9XjaFwY;7I8cJHIq z*28a~{(zFoVZ8mw4g4VY2+wY4VRMs}8T}K?9^)nuPVvZ^V;FhE$2EhPXO^2^ul$mMqi4|9*F&{z#BNbfoOKWaI(lOSqbUXy*%5|;9ygE_iR4$4{;!{j5RjE+0!bnmN?@}n zC+>%$DKf0;al0k-l#XT?Jn&Q thermia web button + + WangleLine button + elke web button From e5dcc4b8847b08f0fb6efb8587660a16da5955cd Mon Sep 17 00:00:00 2001 From: ari melody Date: Tue, 30 Sep 2025 19:03:35 +0100 Subject: [PATCH 74/99] embed html template and static files --- Makefile | 4 +- admin/accounthttp.go | 29 ++-- admin/artisthttp.go | 13 +- admin/http.go | 57 ++++---- admin/logshttp.go | 15 +- admin/releasehttp.go | 29 ++-- admin/templates.go | 125 ----------------- .../html}/components/credits/addcredit.html | 0 .../html}/components/credits/editcredits.html | 0 .../html}/components/credits/newcredit.html | 0 .../html}/components/links/editlinks.html | 0 .../components/release/release-list-item.html | 0 .../html}/components/tracks/addtrack.html | 0 .../html}/components/tracks/edittracks.html | 0 .../html}/components/tracks/newtrack.html | 0 .../html}/edit-account.html | 0 .../html}/edit-artist.html | 0 .../html}/edit-release.html | 0 .../{views => templates/html}/edit-track.html | 0 admin/{views => templates/html}/index.html | 0 admin/{views => templates/html}/layout.html | 0 .../{views => templates/html}/login-totp.html | 0 admin/{views => templates/html}/login.html | 0 admin/{views => templates/html}/logout.html | 0 admin/{views => templates/html}/logs.html | 0 .../templates/html}/prideflag.html | 0 admin/{views => templates/html}/register.html | 0 .../html}/totp-confirm.html | 0 .../{views => templates/html}/totp-setup.html | 0 admin/templates/templates.go | 128 ++++++++++++++++++ admin/trackhttp.go | 13 +- main.go | 55 ++++---- model/appstate.go | 7 +- {views => templates/html}/404.html | 0 {views => templates/html}/footer.html | 0 {views => templates/html}/header.html | 0 {views => templates/html}/index.html | 0 {views => templates/html}/layout.html | 0 {views => templates/html}/music-gateway.html | 0 {views => templates/html}/music.html | 0 templates/html/prideflag.html | 21 +++ templates/templates.go | 52 ++++--- view/{static.go => files.go} | 21 ++- view/index.go | 2 +- 44 files changed, 316 insertions(+), 255 deletions(-) delete mode 100644 admin/templates.go rename admin/{ => templates/html}/components/credits/addcredit.html (100%) rename admin/{ => templates/html}/components/credits/editcredits.html (100%) rename admin/{ => templates/html}/components/credits/newcredit.html (100%) rename admin/{ => templates/html}/components/links/editlinks.html (100%) rename admin/{ => templates/html}/components/release/release-list-item.html (100%) rename admin/{ => templates/html}/components/tracks/addtrack.html (100%) rename admin/{ => templates/html}/components/tracks/edittracks.html (100%) rename admin/{ => templates/html}/components/tracks/newtrack.html (100%) rename admin/{views => templates/html}/edit-account.html (100%) rename admin/{views => templates/html}/edit-artist.html (100%) rename admin/{views => templates/html}/edit-release.html (100%) rename admin/{views => templates/html}/edit-track.html (100%) rename admin/{views => templates/html}/index.html (100%) rename admin/{views => templates/html}/layout.html (100%) rename admin/{views => templates/html}/login-totp.html (100%) rename admin/{views => templates/html}/login.html (100%) rename admin/{views => templates/html}/logout.html (100%) rename admin/{views => templates/html}/logs.html (100%) rename {views => admin/templates/html}/prideflag.html (100%) rename admin/{views => templates/html}/register.html (100%) rename admin/{views => templates/html}/totp-confirm.html (100%) rename admin/{views => templates/html}/totp-setup.html (100%) create mode 100644 admin/templates/templates.go rename {views => templates/html}/404.html (100%) rename {views => templates/html}/footer.html (100%) rename {views => templates/html}/header.html (100%) rename {views => templates/html}/index.html (100%) rename {views => templates/html}/layout.html (100%) rename {views => templates/html}/music-gateway.html (100%) rename {views => templates/html}/music.html (100%) create mode 100644 templates/html/prideflag.html rename view/{static.go => files.go} (54%) diff --git a/Makefile b/Makefile index 11e565a..f96321c 100644 --- a/Makefile +++ b/Makefile @@ -2,10 +2,10 @@ EXEC = arimelody-web .PHONY: $(EXEC) -$(EXEC): +build: GOOS=linux GOARCH=amd64 go build -o $(EXEC) -bundle: $(EXEC) +bundle: build tar czf $(EXEC).tar.gz $(EXEC) admin/components/ admin/views/ admin/static/ views/ public/ schema-migration/ clean: diff --git a/admin/accounthttp.go b/admin/accounthttp.go index 945a507..b2c3b0d 100644 --- a/admin/accounthttp.go +++ b/admin/accounthttp.go @@ -1,17 +1,18 @@ package admin import ( - "database/sql" - "fmt" - "net/http" - "net/url" - "os" + "database/sql" + "fmt" + "net/http" + "net/url" + "os" - "arimelody-web/controller" - "arimelody-web/log" - "arimelody-web/model" + "arimelody-web/admin/templates" + "arimelody-web/controller" + "arimelody-web/log" + "arimelody-web/model" - "golang.org/x/crypto/bcrypt" + "golang.org/x/crypto/bcrypt" ) func accountHandler(app *model.AppState) http.Handler { @@ -64,7 +65,7 @@ func accountIndexHandler(app *model.AppState) http.Handler { session.Message = sessionMessage session.Error = sessionError - err = accountTemplate.Execute(w, accountResponse{ + err = templates.AccountTemplate.Execute(w, accountResponse{ Session: session, TOTPs: totps, }) @@ -184,7 +185,7 @@ func totpSetupHandler(app *model.AppState) http.Handler { session := r.Context().Value("session").(*model.Session) - err := totpSetupTemplate.Execute(w, totpSetupData{ Session: session }) + err := templates.TOTPSetupTemplate.Execute(w, totpSetupData{ Session: session }) if err != nil { fmt.Printf("WARN: Failed to render TOTP setup page: %s\n", err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) @@ -221,7 +222,7 @@ func totpSetupHandler(app *model.AppState) http.Handler { if err != nil { fmt.Printf("WARN: Failed to create TOTP method: %s\n", err) controller.SetSessionError(app.DB, session, "Something went wrong. Please try again.") - err := totpSetupTemplate.Execute(w, totpConfirmData{ Session: session }) + err := templates.TOTPSetupTemplate.Execute(w, totpConfirmData{ Session: session }) if err != nil { fmt.Printf("WARN: Failed to render TOTP setup page: %s\n", err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) @@ -235,7 +236,7 @@ func totpSetupHandler(app *model.AppState) http.Handler { fmt.Fprintf(os.Stderr, "WARN: Failed to generate TOTP QR code: %v\n", err) } - err = totpConfirmTemplate.Execute(w, totpConfirmData{ + err = templates.TOTPConfirmTemplate.Execute(w, totpConfirmData{ Session: session, TOTP: &totp, NameEscaped: url.PathEscape(totp.Name), @@ -296,7 +297,7 @@ func totpConfirmHandler(app *model.AppState) http.Handler { confirmCodeOffset := controller.GenerateTOTP(totp.Secret, 1) if code != confirmCodeOffset { session.Error = sql.NullString{ Valid: true, String: "Incorrect TOTP code. Please try again." } - err = totpConfirmTemplate.Execute(w, totpConfirmData{ + err = templates.TOTPConfirmTemplate.Execute(w, totpConfirmData{ Session: session, TOTP: totp, NameEscaped: url.PathEscape(totp.Name), diff --git a/admin/artisthttp.go b/admin/artisthttp.go index 9fa6bb2..67ea7d2 100644 --- a/admin/artisthttp.go +++ b/admin/artisthttp.go @@ -1,12 +1,13 @@ package admin import ( - "fmt" - "net/http" - "strings" + "fmt" + "net/http" + "strings" - "arimelody-web/model" - "arimelody-web/controller" + "arimelody-web/admin/templates" + "arimelody-web/controller" + "arimelody-web/model" ) func serveArtist(app *model.AppState) http.Handler { @@ -39,7 +40,7 @@ func serveArtist(app *model.AppState) http.Handler { session := r.Context().Value("session").(*model.Session) - err = artistTemplate.Execute(w, ArtistResponse{ + err = templates.EditArtistTemplate.Execute(w, ArtistResponse{ Session: session, Artist: artist, Credits: credits, diff --git a/admin/http.go b/admin/http.go index 245a152..05e181d 100644 --- a/admin/http.go +++ b/admin/http.go @@ -1,20 +1,24 @@ package admin import ( - "context" - "database/sql" - "fmt" - "net/http" - "os" - "path/filepath" - "strings" - "time" + "context" + "database/sql" + "embed" + "fmt" + "mime" + "net/http" + "os" + "path" + "path/filepath" + "strings" + "time" - "arimelody-web/controller" - "arimelody-web/log" - "arimelody-web/model" + "arimelody-web/admin/templates" + "arimelody-web/controller" + "arimelody-web/log" + "arimelody-web/model" - "golang.org/x/crypto/bcrypt" + "golang.org/x/crypto/bcrypt" ) func Handler(app *model.AppState) http.Handler { @@ -91,7 +95,7 @@ func AdminIndexHandler(app *model.AppState) http.Handler { Tracks []*model.Track } - err = indexTemplate.Execute(w, IndexData{ + err = templates.IndexTemplate.Execute(w, IndexData{ Session: session, Releases: releases, Artists: artists, @@ -120,7 +124,7 @@ func registerAccountHandler(app *model.AppState) http.Handler { } render := func() { - err := registerTemplate.Execute(w, registerData{ Session: session }) + err := templates.RegisterTemplate.Execute(w, registerData{ Session: session }) if err != nil { fmt.Printf("WARN: Error rendering create account page: %s\n", err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) @@ -230,7 +234,7 @@ func loginHandler(app *model.AppState) http.Handler { } render := func() { - err := loginTemplate.Execute(w, loginData{ Session: session }) + err := templates.LoginTemplate.Execute(w, loginData{ Session: session }) if err != nil { fmt.Fprintf(os.Stderr, "WARN: Error rendering admin login page: %s\n", err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) @@ -346,7 +350,7 @@ func loginTOTPHandler(app *model.AppState) http.Handler { } render := func() { - err := loginTOTPTemplate.Execute(w, loginTOTPData{ Session: session }) + err := templates.LoginTOTPTemplate.Execute(w, loginTOTPData{ Session: session }) if err != nil { fmt.Fprintf(os.Stderr, "WARN: Failed to render login TOTP page: %v\n", err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) @@ -440,7 +444,7 @@ func logoutHandler(app *model.AppState) http.Handler { Path: "/", }) - err = logoutTemplate.Execute(w, nil) + err = templates.LogoutTemplate.Execute(w, nil) if err != nil { fmt.Fprintf(os.Stderr, "WARN: Failed to render logout page: %v\n", err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) @@ -460,24 +464,21 @@ func requireAccount(next http.Handler) http.HandlerFunc { }) } +//go:embed "static" +var staticFS embed.FS + func staticHandler() http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - info, err := os.Stat(filepath.Join("admin", "static", filepath.Clean(r.URL.Path))) - // does the file exist? + file, err := staticFS.ReadFile(filepath.Join("static", filepath.Clean(r.URL.Path))) if err != nil { - if os.IsNotExist(err) { - http.NotFound(w, r) - return - } - } - - // is thjs a directory? (forbidden) - if info.IsDir() { http.NotFound(w, r) return } - http.FileServer(http.Dir(filepath.Join("admin", "static"))).ServeHTTP(w, r) + w.Header().Set("Content-Type", mime.TypeByExtension(path.Ext(r.URL.Path))) + w.WriteHeader(http.StatusOK) + + w.Write(file) }) } diff --git a/admin/logshttp.go b/admin/logshttp.go index 7249b16..99f0ef1 100644 --- a/admin/logshttp.go +++ b/admin/logshttp.go @@ -1,12 +1,13 @@ package admin import ( - "arimelody-web/log" - "arimelody-web/model" - "fmt" - "net/http" - "os" - "strings" + "arimelody-web/admin/templates" + "arimelody-web/log" + "arimelody-web/model" + "fmt" + "net/http" + "os" + "strings" ) func logsHandler(app *model.AppState) http.Handler { @@ -54,7 +55,7 @@ func logsHandler(app *model.AppState) http.Handler { Logs []*log.Log } - err = logsTemplate.Execute(w, LogsResponse{ + err = templates.LogsTemplate.Execute(w, LogsResponse{ Session: session, Logs: logs, }) diff --git a/admin/releasehttp.go b/admin/releasehttp.go index c6b68ab..30c967b 100644 --- a/admin/releasehttp.go +++ b/admin/releasehttp.go @@ -1,12 +1,13 @@ package admin import ( - "fmt" - "net/http" - "strings" + "fmt" + "net/http" + "strings" - "arimelody-web/controller" - "arimelody-web/model" + "arimelody-web/admin/templates" + "arimelody-web/controller" + "arimelody-web/model" ) func serveRelease(app *model.AppState) http.Handler { @@ -60,7 +61,7 @@ func serveRelease(app *model.AppState) http.Handler { Release *model.Release } - err = releaseTemplate.Execute(w, ReleaseResponse{ + err = templates.EditReleaseTemplate.Execute(w, ReleaseResponse{ Session: session, Release: release, }) @@ -74,7 +75,7 @@ func serveRelease(app *model.AppState) http.Handler { func serveEditCredits(release *model.Release) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { w.Header().Set("Content-Type", "text/html") - err := editCreditsTemplate.Execute(w, release) + err := templates.EditCreditsTemplate.Execute(w, release) if err != nil { fmt.Printf("Error rendering edit credits component for %s: %s\n", release.ID, err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) @@ -97,7 +98,7 @@ func serveAddCredit(app *model.AppState, release *model.Release) http.Handler { } w.Header().Set("Content-Type", "text/html") - err = addCreditTemplate.Execute(w, response{ + err = templates.AddCreditTemplate.Execute(w, response{ ReleaseID: release.ID, Artists: artists, }) @@ -123,7 +124,7 @@ func serveNewCredit(app *model.AppState) http.Handler { } w.Header().Set("Content-Type", "text/html") - err = newCreditTemplate.Execute(w, artist) + err = templates.NewCreditTemplate.Execute(w, artist) if err != nil { fmt.Printf("Error rendering new credit component for %s: %s\n", artist.ID, err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) @@ -134,7 +135,7 @@ func serveNewCredit(app *model.AppState) http.Handler { func serveEditLinks(release *model.Release) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { w.Header().Set("Content-Type", "text/html") - err := editLinksTemplate.Execute(w, release) + err := templates.EditCreditsTemplate.Execute(w, release) if err != nil { fmt.Printf("Error rendering edit links component for %s: %s\n", release.ID, err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) @@ -151,7 +152,7 @@ func serveEditTracks(release *model.Release) http.Handler { Add func(a int, b int) int } - err := editTracksTemplate.Execute(w, editTracksData{ + err := templates.EditTracksTemplate.Execute(w, editTracksData{ Release: release, Add: func(a, b int) int { return a + b }, }) @@ -177,7 +178,7 @@ func serveAddTrack(app *model.AppState, release *model.Release) http.Handler { } w.Header().Set("Content-Type", "text/html") - err = addTrackTemplate.Execute(w, response{ + err = templates.AddTrackTemplate.Execute(w, response{ ReleaseID: release.ID, Tracks: tracks, }) @@ -185,7 +186,6 @@ func serveAddTrack(app *model.AppState, release *model.Release) http.Handler { fmt.Printf("Error rendering add tracks component for %s: %s\n", release.ID, err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) } - return }) } @@ -204,11 +204,10 @@ func serveNewTrack(app *model.AppState) http.Handler { } w.Header().Set("Content-Type", "text/html") - err = newTrackTemplate.Execute(w, track) + err = templates.NewTrackTemplate.Execute(w, track) if err != nil { fmt.Printf("Error rendering new track component for %s: %s\n", track.ID, err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) } - return }) } diff --git a/admin/templates.go b/admin/templates.go deleted file mode 100644 index 606d569..0000000 --- a/admin/templates.go +++ /dev/null @@ -1,125 +0,0 @@ -package admin - -import ( - "arimelody-web/log" - "fmt" - "html/template" - "path/filepath" - "strings" - "time" -) - -var indexTemplate = template.Must(template.ParseFiles( - filepath.Join("admin", "views", "layout.html"), - filepath.Join("views", "prideflag.html"), - filepath.Join("admin", "components", "release", "release-list-item.html"), - filepath.Join("admin", "views", "index.html"), -)) - -var loginTemplate = template.Must(template.ParseFiles( - filepath.Join("admin", "views", "layout.html"), - filepath.Join("views", "prideflag.html"), - filepath.Join("admin", "views", "login.html"), -)) -var loginTOTPTemplate = template.Must(template.ParseFiles( - filepath.Join("admin", "views", "layout.html"), - filepath.Join("views", "prideflag.html"), - filepath.Join("admin", "views", "login-totp.html"), -)) -var registerTemplate = template.Must(template.ParseFiles( - filepath.Join("admin", "views", "layout.html"), - filepath.Join("views", "prideflag.html"), - filepath.Join("admin", "views", "register.html"), -)) -var logoutTemplate = template.Must(template.ParseFiles( - filepath.Join("admin", "views", "layout.html"), - filepath.Join("views", "prideflag.html"), - filepath.Join("admin", "views", "logout.html"), -)) -var accountTemplate = template.Must(template.ParseFiles( - filepath.Join("admin", "views", "layout.html"), - filepath.Join("views", "prideflag.html"), - filepath.Join("admin", "views", "edit-account.html"), -)) -var totpSetupTemplate = template.Must(template.ParseFiles( - filepath.Join("admin", "views", "layout.html"), - filepath.Join("views", "prideflag.html"), - filepath.Join("admin", "views", "totp-setup.html"), -)) -var totpConfirmTemplate = template.Must(template.ParseFiles( - filepath.Join("admin", "views", "layout.html"), - filepath.Join("views", "prideflag.html"), - filepath.Join("admin", "views", "totp-confirm.html"), -)) - -var logsTemplate = template.Must(template.New("layout.html").Funcs(template.FuncMap{ - "parseLevel": func(level log.LogLevel) string { - switch level { - case log.LEVEL_INFO: - return "INFO" - case log.LEVEL_WARN: - return "WARN" - } - return fmt.Sprintf("%d?", level) - }, - "titleCase": func(logType string) string { - runes := []rune(logType) - for i, r := range runes { - if (i == 0 || runes[i - 1] == ' ') && r >= 'a' && r <= 'z' { - runes[i] = r + ('A' - 'a') - } - } - return string(runes) - }, - "lower": func(str string) string { return strings.ToLower(str) }, - "prettyTime": func(t time.Time) string { - // return t.Format("2006-01-02 15:04:05") - // return t.Format("15:04:05, 2 Jan 2006") - return t.Format("02 Jan 2006, 15:04:05") - }, -}).ParseFiles( - filepath.Join("admin", "views", "layout.html"), - filepath.Join("views", "prideflag.html"), - filepath.Join("admin", "views", "logs.html"), -)) - -var releaseTemplate = template.Must(template.ParseFiles( - filepath.Join("admin", "views", "layout.html"), - filepath.Join("views", "prideflag.html"), - filepath.Join("admin", "views", "edit-release.html"), -)) -var artistTemplate = template.Must(template.ParseFiles( - filepath.Join("admin", "views", "layout.html"), - filepath.Join("views", "prideflag.html"), - filepath.Join("admin", "views", "edit-artist.html"), -)) -var trackTemplate = template.Must(template.ParseFiles( - filepath.Join("admin", "views", "layout.html"), - filepath.Join("views", "prideflag.html"), - filepath.Join("admin", "components", "release", "release-list-item.html"), - filepath.Join("admin", "views", "edit-track.html"), -)) - -var editCreditsTemplate = template.Must(template.ParseFiles( - filepath.Join("admin", "components", "credits", "editcredits.html"), -)) -var addCreditTemplate = template.Must(template.ParseFiles( - filepath.Join("admin", "components", "credits", "addcredit.html"), -)) -var newCreditTemplate = template.Must(template.ParseFiles( - filepath.Join("admin", "components", "credits", "newcredit.html"), -)) - -var editLinksTemplate = template.Must(template.ParseFiles( - filepath.Join("admin", "components", "links", "editlinks.html"), -)) - -var editTracksTemplate = template.Must(template.ParseFiles( - filepath.Join("admin", "components", "tracks", "edittracks.html"), -)) -var addTrackTemplate = template.Must(template.ParseFiles( - filepath.Join("admin", "components", "tracks", "addtrack.html"), -)) -var newTrackTemplate = template.Must(template.ParseFiles( - filepath.Join("admin", "components", "tracks", "newtrack.html"), -)) diff --git a/admin/components/credits/addcredit.html b/admin/templates/html/components/credits/addcredit.html similarity index 100% rename from admin/components/credits/addcredit.html rename to admin/templates/html/components/credits/addcredit.html diff --git a/admin/components/credits/editcredits.html b/admin/templates/html/components/credits/editcredits.html similarity index 100% rename from admin/components/credits/editcredits.html rename to admin/templates/html/components/credits/editcredits.html diff --git a/admin/components/credits/newcredit.html b/admin/templates/html/components/credits/newcredit.html similarity index 100% rename from admin/components/credits/newcredit.html rename to admin/templates/html/components/credits/newcredit.html diff --git a/admin/components/links/editlinks.html b/admin/templates/html/components/links/editlinks.html similarity index 100% rename from admin/components/links/editlinks.html rename to admin/templates/html/components/links/editlinks.html diff --git a/admin/components/release/release-list-item.html b/admin/templates/html/components/release/release-list-item.html similarity index 100% rename from admin/components/release/release-list-item.html rename to admin/templates/html/components/release/release-list-item.html diff --git a/admin/components/tracks/addtrack.html b/admin/templates/html/components/tracks/addtrack.html similarity index 100% rename from admin/components/tracks/addtrack.html rename to admin/templates/html/components/tracks/addtrack.html diff --git a/admin/components/tracks/edittracks.html b/admin/templates/html/components/tracks/edittracks.html similarity index 100% rename from admin/components/tracks/edittracks.html rename to admin/templates/html/components/tracks/edittracks.html diff --git a/admin/components/tracks/newtrack.html b/admin/templates/html/components/tracks/newtrack.html similarity index 100% rename from admin/components/tracks/newtrack.html rename to admin/templates/html/components/tracks/newtrack.html diff --git a/admin/views/edit-account.html b/admin/templates/html/edit-account.html similarity index 100% rename from admin/views/edit-account.html rename to admin/templates/html/edit-account.html diff --git a/admin/views/edit-artist.html b/admin/templates/html/edit-artist.html similarity index 100% rename from admin/views/edit-artist.html rename to admin/templates/html/edit-artist.html diff --git a/admin/views/edit-release.html b/admin/templates/html/edit-release.html similarity index 100% rename from admin/views/edit-release.html rename to admin/templates/html/edit-release.html diff --git a/admin/views/edit-track.html b/admin/templates/html/edit-track.html similarity index 100% rename from admin/views/edit-track.html rename to admin/templates/html/edit-track.html diff --git a/admin/views/index.html b/admin/templates/html/index.html similarity index 100% rename from admin/views/index.html rename to admin/templates/html/index.html diff --git a/admin/views/layout.html b/admin/templates/html/layout.html similarity index 100% rename from admin/views/layout.html rename to admin/templates/html/layout.html diff --git a/admin/views/login-totp.html b/admin/templates/html/login-totp.html similarity index 100% rename from admin/views/login-totp.html rename to admin/templates/html/login-totp.html diff --git a/admin/views/login.html b/admin/templates/html/login.html similarity index 100% rename from admin/views/login.html rename to admin/templates/html/login.html diff --git a/admin/views/logout.html b/admin/templates/html/logout.html similarity index 100% rename from admin/views/logout.html rename to admin/templates/html/logout.html diff --git a/admin/views/logs.html b/admin/templates/html/logs.html similarity index 100% rename from admin/views/logs.html rename to admin/templates/html/logs.html diff --git a/views/prideflag.html b/admin/templates/html/prideflag.html similarity index 100% rename from views/prideflag.html rename to admin/templates/html/prideflag.html diff --git a/admin/views/register.html b/admin/templates/html/register.html similarity index 100% rename from admin/views/register.html rename to admin/templates/html/register.html diff --git a/admin/views/totp-confirm.html b/admin/templates/html/totp-confirm.html similarity index 100% rename from admin/views/totp-confirm.html rename to admin/templates/html/totp-confirm.html diff --git a/admin/views/totp-setup.html b/admin/templates/html/totp-setup.html similarity index 100% rename from admin/views/totp-setup.html rename to admin/templates/html/totp-setup.html diff --git a/admin/templates/templates.go b/admin/templates/templates.go new file mode 100644 index 0000000..58cd1d0 --- /dev/null +++ b/admin/templates/templates.go @@ -0,0 +1,128 @@ +package templates + +import ( + "arimelody-web/log" + "fmt" + "html/template" + "strings" + "time" + _ "embed" +) + +//go:embed "html/layout.html" +var layoutHTML string +//go:embed "html/prideflag.html" +var prideflagHTML string + +//go:embed "html/index.html" +var indexHTML string + +//go:embed "html/register.html" +var registerHTML string +//go:embed "html/login.html" +var loginHTML string +//go:embed "html/login-totp.html" +var loginTotpHTML string +//go:embed "html/totp-confirm.html" +var totpConfirmHTML string +//go:embed "html/totp-setup.html" +var totpSetupHTML string +//go:embed "html/logout.html" +var logoutHTML string + +//go:embed "html/logs.html" +var logsHTML string + +//go:embed "html/edit-account.html" +var editAccountHTML string +//go:embed "html/edit-artist.html" +var editArtistHTML string +//go:embed "html/edit-release.html" +var editReleaseHTML string +//go:embed "html/edit-track.html" +var editTrackHTML string + +//go:embed "html/components/credits/newcredit.html" +var componentNewCreditHTML string +//go:embed "html/components/credits/addcredit.html" +var componentAddCreditHTML string +//go:embed "html/components/credits/editcredits.html" +var componentEditCreditsHTML string + +//go:embed "html/components/links/editlinks.html" +var componentEditLinksHTML string + +//go:embed "html/components/release/release-list-item.html" +var componentReleaseListItemHTML string + +//go:embed "html/components/tracks/newtrack.html" +var componentNewTrackHTML string +//go:embed "html/components/tracks/addtrack.html" +var componentAddTrackHTML string +//go:embed "html/components/tracks/edittracks.html" +var componentEditTracksHTML string + +var BaseTemplate = template.Must(template.New("base").Parse( + strings.Join([]string{ layoutHTML, prideflagHTML }, "\n"), +)) + +var IndexTemplate = template.Must(template.Must(BaseTemplate.Clone()).Parse( + strings.Join([]string{ + indexHTML, + componentReleaseListItemHTML, + }, "\n"), +)) + +var LoginTemplate = template.Must(template.Must(BaseTemplate.Clone()).Parse(loginHTML)) +var LoginTOTPTemplate = template.Must(template.Must(BaseTemplate.Clone()).Parse(loginTotpHTML)) +var RegisterTemplate = template.Must(template.Must(BaseTemplate.Clone()).Parse(registerHTML)) +var LogoutTemplate = template.Must(template.Must(BaseTemplate.Clone()).Parse(logoutHTML)) +var AccountTemplate = template.Must(template.Must(BaseTemplate.Clone()).Parse(editAccountHTML)) +var TOTPSetupTemplate = template.Must(template.Must(BaseTemplate.Clone()).Parse(totpSetupHTML)) +var TOTPConfirmTemplate = template.Must(template.Must(BaseTemplate.Clone()).Parse(totpConfirmHTML)) + +var LogsTemplate = template.Must(template.Must(BaseTemplate.Clone()).Funcs(template.FuncMap{ + "parseLevel": func(level log.LogLevel) string { + switch level { + case log.LEVEL_INFO: + return "INFO" + case log.LEVEL_WARN: + return "WARN" + } + return fmt.Sprintf("%d?", level) + }, + "titleCase": func(logType string) string { + runes := []rune(logType) + for i, r := range runes { + if (i == 0 || runes[i - 1] == ' ') && r >= 'a' && r <= 'z' { + runes[i] = r + ('A' - 'a') + } + } + return string(runes) + }, + "lower": func(str string) string { return strings.ToLower(str) }, + "prettyTime": func(t time.Time) string { + // return t.Format("2006-01-02 15:04:05") + // return t.Format("15:04:05, 2 Jan 2006") + return t.Format("02 Jan 2006, 15:04:05") + }, +}).Parse(logsHTML)) + +var EditReleaseTemplate = template.Must(template.Must(BaseTemplate.Clone()).Parse(editReleaseHTML)) +var EditArtistTemplate = template.Must(template.Must(BaseTemplate.Clone()).Parse(editArtistHTML)) +var EditTrackTemplate = template.Must(template.Must(BaseTemplate.Clone()).Parse( + strings.Join([]string{ + editTrackHTML, + componentReleaseListItemHTML, + }, "\n"), +)) + +var EditCreditsTemplate = template.Must(template.Must(BaseTemplate.Clone()).Parse(componentEditCreditsHTML)) +var AddCreditTemplate = template.Must(template.Must(BaseTemplate.Clone()).Parse(componentAddCreditHTML)) +var NewCreditTemplate = template.Must(template.Must(BaseTemplate.Clone()).Parse(componentNewCreditHTML)) + +var EditLinksTemplate = template.Must(template.Must(BaseTemplate.Clone()).Parse(componentEditLinksHTML)) + +var EditTracksTemplate = template.Must(template.Must(BaseTemplate.Clone()).Parse(componentEditTracksHTML)) +var AddTrackTemplate = template.Must(template.Must(BaseTemplate.Clone()).Parse(componentAddTrackHTML)) +var NewTrackTemplate = template.Must(template.Must(BaseTemplate.Clone()).Parse(componentNewTrackHTML)) diff --git a/admin/trackhttp.go b/admin/trackhttp.go index 93eacdb..e93d1bb 100644 --- a/admin/trackhttp.go +++ b/admin/trackhttp.go @@ -1,12 +1,13 @@ package admin import ( - "fmt" - "net/http" - "strings" + "fmt" + "net/http" + "strings" - "arimelody-web/model" - "arimelody-web/controller" + "arimelody-web/admin/templates" + "arimelody-web/controller" + "arimelody-web/model" ) func serveTrack(app *model.AppState) http.Handler { @@ -39,7 +40,7 @@ func serveTrack(app *model.AppState) http.Handler { session := r.Context().Value("session").(*model.Session) - err = trackTemplate.Execute(w, TrackResponse{ + err = templates.EditTrackTemplate.Execute(w, TrackResponse{ Session: session, Track: track, Releases: releases, diff --git a/main.go b/main.go index eaed7c6..553f109 100644 --- a/main.go +++ b/main.go @@ -1,32 +1,33 @@ package main import ( - "bufio" - "errors" - "fmt" - stdLog "log" - "math" - "math/rand" - "net" - "net/http" - "os" - "path/filepath" - "strconv" - "strings" - "time" + "bufio" + "embed" + "errors" + "fmt" + stdLog "log" + "math" + "math/rand" + "net" + "net/http" + "os" + "path/filepath" + "strconv" + "strings" + "time" - "arimelody-web/admin" - "arimelody-web/api" - "arimelody-web/colour" - "arimelody-web/controller" - "arimelody-web/cursor" - "arimelody-web/log" - "arimelody-web/model" - "arimelody-web/view" + "arimelody-web/admin" + "arimelody-web/api" + "arimelody-web/colour" + "arimelody-web/controller" + "arimelody-web/cursor" + "arimelody-web/log" + "arimelody-web/model" + "arimelody-web/view" - "github.com/jmoiron/sqlx" - _ "github.com/lib/pq" - "golang.org/x/crypto/bcrypt" + "github.com/jmoiron/sqlx" + _ "github.com/lib/pq" + "golang.org/x/crypto/bcrypt" ) // used for database migrations @@ -35,12 +36,16 @@ const DB_VERSION = 1 const DEFAULT_PORT int64 = 8080 const HRT_DATE int64 = 1756478697 +//go:embed "public" +var publicFS embed.FS + func main() { fmt.Printf("made with <3 by ari melody\n\n") app := model.AppState{ Config: controller.GetConfig(), Twitch: nil, + PublicFS: publicFS, } // initialise database connection @@ -526,7 +531,7 @@ func createServeMux(app *model.AppState) *http.ServeMux { mux.Handle("/admin/", http.StripPrefix("/admin", admin.Handler(app))) mux.Handle("/api/", http.StripPrefix("/api", api.Handler(app))) mux.Handle("/music/", http.StripPrefix("/music", view.MusicHandler(app))) - mux.Handle("/uploads/", http.StripPrefix("/uploads", view.StaticHandler(filepath.Join(app.Config.DataDirectory, "uploads")))) + mux.Handle("/uploads/", http.StripPrefix("/uploads", view.ServeFiles(filepath.Join(app.Config.DataDirectory, "uploads")))) mux.Handle("/cursor-ws", cursor.Handler(app)) mux.Handle("/", view.IndexHandler(app)) diff --git a/model/appstate.go b/model/appstate.go index 3a1c230..1a13be9 100644 --- a/model/appstate.go +++ b/model/appstate.go @@ -1,9 +1,11 @@ package model import ( - "github.com/jmoiron/sqlx" + "embed" - "arimelody-web/log" + "github.com/jmoiron/sqlx" + + "arimelody-web/log" ) type ( @@ -43,5 +45,6 @@ type ( Config Config Log log.Logger Twitch *TwitchState + PublicFS embed.FS } ) diff --git a/views/404.html b/templates/html/404.html similarity index 100% rename from views/404.html rename to templates/html/404.html diff --git a/views/footer.html b/templates/html/footer.html similarity index 100% rename from views/footer.html rename to templates/html/footer.html diff --git a/views/header.html b/templates/html/header.html similarity index 100% rename from views/header.html rename to templates/html/header.html diff --git a/views/index.html b/templates/html/index.html similarity index 100% rename from views/index.html rename to templates/html/index.html diff --git a/views/layout.html b/templates/html/layout.html similarity index 100% rename from views/layout.html rename to templates/html/layout.html diff --git a/views/music-gateway.html b/templates/html/music-gateway.html similarity index 100% rename from views/music-gateway.html rename to templates/html/music-gateway.html diff --git a/views/music.html b/templates/html/music.html similarity index 100% rename from views/music.html rename to templates/html/music.html diff --git a/templates/html/prideflag.html b/templates/html/prideflag.html new file mode 100644 index 0000000..47ce4c7 --- /dev/null +++ b/templates/html/prideflag.html @@ -0,0 +1,21 @@ +{{define "prideflag"}} + + + + + + + + + + + + + + + + + + + +{{end}} diff --git a/templates/templates.go b/templates/templates.go index 752c78d..c6ab41e 100644 --- a/templates/templates.go +++ b/templates/templates.go @@ -1,28 +1,36 @@ package templates import ( - "html/template" - "path/filepath" + _ "embed" + "html/template" + "strings" ) -var IndexTemplate = template.Must(template.ParseFiles( - filepath.Join("views", "layout.html"), - filepath.Join("views", "header.html"), - filepath.Join("views", "footer.html"), - filepath.Join("views", "prideflag.html"), - filepath.Join("views", "index.html"), -)) -var MusicTemplate = template.Must(template.ParseFiles( - filepath.Join("views", "layout.html"), - filepath.Join("views", "header.html"), - filepath.Join("views", "footer.html"), - filepath.Join("views", "prideflag.html"), - filepath.Join("views", "music.html"), -)) -var MusicGatewayTemplate = template.Must(template.ParseFiles( - filepath.Join("views", "layout.html"), - filepath.Join("views", "header.html"), - filepath.Join("views", "footer.html"), - filepath.Join("views", "prideflag.html"), - filepath.Join("views", "music-gateway.html"), +//go:embed "html/layout.html" +var layoutHTML string +//go:embed "html/header.html" +var headerHTML string +//go:embed "html/footer.html" +var footerHTML string +//go:embed "html/prideflag.html" +var prideflagHTML string +//go:embed "html/index.html" +var indexHTML string +//go:embed "html/music.html" +var musicHTML string +//go:embed "html/music-gateway.html" +var musicGatewayHTML string +// //go:embed "html/404.html" +// var error404HTML string + +var BaseTemplate = template.Must(template.New("base").Parse( + strings.Join([]string{ + layoutHTML, + headerHTML, + footerHTML, + prideflagHTML, + }, "\n"), )) +var IndexTemplate = template.Must(template.Must(BaseTemplate.Clone()).Parse(indexHTML)) +var MusicTemplate = template.Must(template.Must(BaseTemplate.Clone()).Parse(musicHTML)) +var MusicGatewayTemplate = template.Must(template.Must(BaseTemplate.Clone()).Parse(musicGatewayHTML)) diff --git a/view/static.go b/view/files.go similarity index 54% rename from view/static.go rename to view/files.go index 52263a2..c1b0e29 100644 --- a/view/static.go +++ b/view/files.go @@ -1,13 +1,31 @@ package view import ( + "embed" "errors" + "mime" "net/http" "os" + "path" "path/filepath" ) -func StaticHandler(directory string) http.Handler { +func ServeEmbedFS(fs embed.FS, dir string) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + file, err := fs.ReadFile(filepath.Join(dir, filepath.Clean(r.URL.Path))) + if err != nil { + http.NotFound(w, r) + return + } + + w.Header().Set("Content-Type", mime.TypeByExtension(path.Ext(r.URL.Path))) + w.WriteHeader(http.StatusOK) + + w.Write(file) + }) +} + +func ServeFiles(directory string) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { info, err := os.Stat(filepath.Join(directory, filepath.Clean(r.URL.Path))) @@ -28,4 +46,3 @@ func StaticHandler(directory string) http.Handler { http.FileServer(http.Dir(directory)).ServeHTTP(w, r) }) } - diff --git a/view/index.go b/view/index.go index b6e3891..bcd0d06 100644 --- a/view/index.go +++ b/view/index.go @@ -40,6 +40,6 @@ func IndexHandler(app *model.AppState) http.Handler { return } - StaticHandler("public").ServeHTTP(w, r) + ServeEmbedFS(app.PublicFS, "public").ServeHTTP(w, r) }) } From 1999ab7d2c493f9440f5b50950e665059d33f6a2 Mon Sep 17 00:00:00 2001 From: ari melody Date: Tue, 30 Sep 2025 22:29:37 +0100 Subject: [PATCH 75/99] embed schema migration scripts --- controller/migrator.go | 20 +++++++++++++------ .../schema-migration}/000-init.sql | 0 .../schema-migration}/001-pre-versioning.sql | 0 .../schema-migration}/002-audit-logs.sql | 0 .../schema-migration}/003-fail-lock.sql | 0 controller/schema-migration/004-test.sql | 1 + 6 files changed, 15 insertions(+), 6 deletions(-) rename {schema-migration => controller/schema-migration}/000-init.sql (100%) rename {schema-migration => controller/schema-migration}/001-pre-versioning.sql (100%) rename {schema-migration => controller/schema-migration}/002-audit-logs.sql (100%) rename {schema-migration => controller/schema-migration}/003-fail-lock.sql (100%) create mode 100644 controller/schema-migration/004-test.sql diff --git a/controller/migrator.go b/controller/migrator.go index 4b99b9c..1a70e62 100644 --- a/controller/migrator.go +++ b/controller/migrator.go @@ -1,14 +1,15 @@ package controller import ( - "fmt" - "os" - "time" + "embed" + "fmt" + "os" + "time" - "github.com/jmoiron/sqlx" + "github.com/jmoiron/sqlx" ) -const DB_VERSION int = 4 +const DB_VERSION int = 5 func CheckDBVersionAndMigrate(db *sqlx.DB) { db.MustExec("CREATE SCHEMA IF NOT EXISTS arimelody") @@ -49,16 +50,23 @@ func CheckDBVersionAndMigrate(db *sqlx.DB) { ApplyMigration(db, "003-fail-lock") oldDBVersion = 4 + case 4: + ApplyMigration(db, "004-test") + oldDBVersion = 5 + } } fmt.Printf("Database schema up to date.\n") } +//go:embed "schema-migration" +var schemaFS embed.FS + func ApplyMigration(db *sqlx.DB, scriptFile string) { fmt.Printf("Applying schema migration %s...\n", scriptFile) - bytes, err := os.ReadFile("schema-migration/" + scriptFile + ".sql") + bytes, err := schemaFS.ReadFile("schema-migration/" + scriptFile + ".sql") if err != nil { fmt.Fprintf(os.Stderr, "FATAL: Failed to open schema file \"%s\": %v\n", scriptFile, err) os.Exit(1) diff --git a/schema-migration/000-init.sql b/controller/schema-migration/000-init.sql similarity index 100% rename from schema-migration/000-init.sql rename to controller/schema-migration/000-init.sql diff --git a/schema-migration/001-pre-versioning.sql b/controller/schema-migration/001-pre-versioning.sql similarity index 100% rename from schema-migration/001-pre-versioning.sql rename to controller/schema-migration/001-pre-versioning.sql diff --git a/schema-migration/002-audit-logs.sql b/controller/schema-migration/002-audit-logs.sql similarity index 100% rename from schema-migration/002-audit-logs.sql rename to controller/schema-migration/002-audit-logs.sql diff --git a/schema-migration/003-fail-lock.sql b/controller/schema-migration/003-fail-lock.sql similarity index 100% rename from schema-migration/003-fail-lock.sql rename to controller/schema-migration/003-fail-lock.sql diff --git a/controller/schema-migration/004-test.sql b/controller/schema-migration/004-test.sql new file mode 100644 index 0000000..3733de2 --- /dev/null +++ b/controller/schema-migration/004-test.sql @@ -0,0 +1 @@ +INSERT INTO arimelody.auditlog (level, type, content) VALUES (0, "test", "this is a db schema migration test!"); From 42c6540ac3adbed4ab889d60bedf5805fd22ab7d Mon Sep 17 00:00:00 2001 From: ari melody Date: Tue, 30 Sep 2025 22:30:06 +0100 Subject: [PATCH 76/99] fix upload info log line --- api/uploads.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/api/uploads.go b/api/uploads.go index 4678f22..3c3c58a 100644 --- a/api/uploads.go +++ b/api/uploads.go @@ -50,7 +50,7 @@ func HandleImageUpload(app *model.AppState, data *string, directory string, file return "", nil } - app.Log.Info(log.TYPE_FILES, "\"%s/%s.%s\" created.", directory, filename, ext) + app.Log.Info(log.TYPE_FILES, "\"%s\" created.", imagePath) return filename, nil } From ef655744bb36e2b93c315accdf7e8b15824b06ea Mon Sep 17 00:00:00 2001 From: ari melody Date: Tue, 30 Sep 2025 22:30:31 +0100 Subject: [PATCH 77/99] comment out deprecated QR code. uh. code --- controller/qr.go | 69 ++++++++++++++++++++++++------------------------ 1 file changed, 34 insertions(+), 35 deletions(-) diff --git a/controller/qr.go b/controller/qr.go index dd08637..21ed3e6 100644 --- a/controller/qr.go +++ b/controller/qr.go @@ -2,8 +2,8 @@ package controller import ( "encoding/base64" - "image" - "image/color" + // "image" + // "image/color" "github.com/skip2/go-qrcode" ) @@ -18,36 +18,35 @@ func GenerateQRCode(data string) (string, error) { } // vvv DEPRECATED vvv - -const margin = 4 - -type QRCodeECCLevel int64 -const ( - LOW QRCodeECCLevel = iota - MEDIUM - QUARTILE - HIGH -) - -func drawLargeAlignmentSquare(x int, y int, img *image.Gray) { - for yi := range 7 { - for xi := range 7 { - if (xi == 0 || xi == 6) || (yi == 0 || yi == 6) { - img.Set(x + xi, y + yi, color.Black) - } else if (xi > 1 && xi < 5) && (yi > 1 && yi < 5) { - img.Set(x + xi, y + yi, color.Black) - } - } - } -} - -func drawSmallAlignmentSquare(x int, y int, img *image.Gray) { - for yi := range 5 { - for xi := range 5 { - if (xi == 0 || xi == 4) || (yi == 0 || yi == 4) { - img.Set(x + xi, y + yi, color.Black) - } - } - } - img.Set(x + 2, y + 2, color.Black) -} +// const margin = 4 +// +// type QRCodeECCLevel int64 +// const ( +// LOW QRCodeECCLevel = iota +// MEDIUM +// QUARTILE +// HIGH +// ) +// +// func drawLargeAlignmentSquare(x int, y int, img *image.Gray) { +// for yi := range 7 { +// for xi := range 7 { +// if (xi == 0 || xi == 6) || (yi == 0 || yi == 6) { +// img.Set(x + xi, y + yi, color.Black) +// } else if (xi > 1 && xi < 5) && (yi > 1 && yi < 5) { +// img.Set(x + xi, y + yi, color.Black) +// } +// } +// } +// } +// +// func drawSmallAlignmentSquare(x int, y int, img *image.Gray) { +// for yi := range 5 { +// for xi := range 5 { +// if (xi == 0 || xi == 4) || (yi == 0 || yi == 4) { +// img.Set(x + xi, y + yi, color.Black) +// } +// } +// } +// img.Set(x + 2, y + 2, color.Black) +// } From 419781988aede87258eb06cb702db88c7c591dec Mon Sep 17 00:00:00 2001 From: ari melody Date: Tue, 30 Sep 2025 22:30:52 +0100 Subject: [PATCH 78/99] refactor errors.New to fmt.Errorf --- api/api.go | 5 ++--- controller/release.go | 13 ++++++------- controller/session.go | 5 ++--- 3 files changed, 10 insertions(+), 13 deletions(-) diff --git a/api/api.go b/api/api.go index 398db4b..c5156c2 100644 --- a/api/api.go +++ b/api/api.go @@ -2,7 +2,6 @@ package api import ( "context" - "errors" "fmt" "net/http" "os" @@ -173,7 +172,7 @@ func getSession(app *model.AppState, r *http.Request) (*model.Session, error) { // check cookies first sessionCookie, err := r.Cookie(model.COOKIE_TOKEN) if err != nil && err != http.ErrNoCookie { - return nil, errors.New(fmt.Sprintf("Failed to retrieve session cookie: %v\n", err)) + return nil, fmt.Errorf("Failed to retrieve session cookie: %v\n", err) } if sessionCookie != nil { token = sessionCookie.Value @@ -188,7 +187,7 @@ func getSession(app *model.AppState, r *http.Request) (*model.Session, error) { session, err := controller.GetSession(app.DB, token) if err != nil && !strings.Contains(err.Error(), "no rows") { - return nil, errors.New(fmt.Sprintf("Failed to retrieve session: %v\n", err)) + return nil, fmt.Errorf("Failed to retrieve session: %v\n", err) } if session != nil { diff --git a/controller/release.go b/controller/release.go index 3dcad26..afd09fb 100644 --- a/controller/release.go +++ b/controller/release.go @@ -1,7 +1,6 @@ package controller import ( - "errors" "fmt" "arimelody-web/model" @@ -21,7 +20,7 @@ func GetRelease(db *sqlx.DB, id string, full bool) (*model.Release, error) { // get credits credits, err := GetReleaseCredits(db, id) if err != nil { - return nil, errors.New(fmt.Sprintf("Credits: %s", err)) + return nil, fmt.Errorf("Credits: %s", err) } for _, credit := range credits { release.Credits = append(release.Credits, credit) @@ -30,7 +29,7 @@ func GetRelease(db *sqlx.DB, id string, full bool) (*model.Release, error) { // get tracks tracks, err := GetReleaseTracks(db, id) if err != nil { - return nil, errors.New(fmt.Sprintf("Tracks: %s", err)) + return nil, fmt.Errorf("Tracks: %s", err) } for _, track := range tracks { release.Tracks = append(release.Tracks, track) @@ -39,7 +38,7 @@ func GetRelease(db *sqlx.DB, id string, full bool) (*model.Release, error) { // get links links, err := GetReleaseLinks(db, id) if err != nil { - return nil, errors.New(fmt.Sprintf("Links: %s", err)) + return nil, fmt.Errorf("Links: %s", err) } for _, link := range links { release.Links = append(release.Links, link) @@ -71,7 +70,7 @@ func GetAllReleases(db *sqlx.DB, onlyVisible bool, limit int, full bool) ([]*mod // get credits credits, err := GetReleaseCredits(db, release.ID) if err != nil { - return nil, errors.New(fmt.Sprintf("Credits: %s", err)) + return nil, fmt.Errorf("Credits: %s", err) } for _, credit := range credits { release.Credits = append(release.Credits, credit) @@ -81,7 +80,7 @@ func GetAllReleases(db *sqlx.DB, onlyVisible bool, limit int, full bool) ([]*mod // get tracks tracks, err := GetReleaseTracks(db, release.ID) if err != nil { - return nil, errors.New(fmt.Sprintf("Tracks: %s", err)) + return nil, fmt.Errorf("Tracks: %s", err) } for _, track := range tracks { release.Tracks = append(release.Tracks, track) @@ -90,7 +89,7 @@ func GetAllReleases(db *sqlx.DB, onlyVisible bool, limit int, full bool) ([]*mod // get links links, err := GetReleaseLinks(db, release.ID) if err != nil { - return nil, errors.New(fmt.Sprintf("Links: %s", err)) + return nil, fmt.Errorf("Links: %s", err) } for _, link := range links { release.Links = append(release.Links, link) diff --git a/controller/session.go b/controller/session.go index 5028789..dfae551 100644 --- a/controller/session.go +++ b/controller/session.go @@ -2,7 +2,6 @@ package controller import ( "database/sql" - "errors" "fmt" "net/http" "strings" @@ -19,7 +18,7 @@ const TOKEN_LEN = 64 func GetSessionFromRequest(app *model.AppState, r *http.Request) (*model.Session, error) { sessionCookie, err := r.Cookie(model.COOKIE_TOKEN) if err != nil && err != http.ErrNoCookie { - return nil, errors.New(fmt.Sprintf("Failed to retrieve session cookie: %v", err)) + return nil, fmt.Errorf("Failed to retrieve session cookie: %v", err) } var session *model.Session @@ -29,7 +28,7 @@ func GetSessionFromRequest(app *model.AppState, r *http.Request) (*model.Session session, err = GetSession(app.DB, sessionCookie.Value) if err != nil && !strings.Contains(err.Error(), "no rows") { - return nil, errors.New(fmt.Sprintf("Failed to retrieve session: %v", err)) + return nil, fmt.Errorf("Failed to retrieve session: %v", err) } if session != nil { From 028ed6029354a394e68b602aac8635dd3f24702c Mon Sep 17 00:00:00 2001 From: ari melody Date: Tue, 30 Sep 2025 22:34:46 +0100 Subject: [PATCH 79/99] oops --- controller/controller.go | 2 +- controller/migrator.go | 6 +----- controller/schema-migration/004-test.sql | 1 - 3 files changed, 2 insertions(+), 7 deletions(-) delete mode 100644 controller/schema-migration/004-test.sql diff --git a/controller/controller.go b/controller/controller.go index 44194e4..95615fb 100644 --- a/controller/controller.go +++ b/controller/controller.go @@ -5,7 +5,7 @@ import "math/rand" func GenerateAlnumString(length int) []byte { const CHARS = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789" res := []byte{} - for i := 0; i < length; i++ { + for range length { res = append(res, CHARS[rand.Intn(len(CHARS))]) } return res diff --git a/controller/migrator.go b/controller/migrator.go index 1a70e62..3be8c21 100644 --- a/controller/migrator.go +++ b/controller/migrator.go @@ -9,7 +9,7 @@ import ( "github.com/jmoiron/sqlx" ) -const DB_VERSION int = 5 +const DB_VERSION int = 4 func CheckDBVersionAndMigrate(db *sqlx.DB) { db.MustExec("CREATE SCHEMA IF NOT EXISTS arimelody") @@ -50,10 +50,6 @@ func CheckDBVersionAndMigrate(db *sqlx.DB) { ApplyMigration(db, "003-fail-lock") oldDBVersion = 4 - case 4: - ApplyMigration(db, "004-test") - oldDBVersion = 5 - } } diff --git a/controller/schema-migration/004-test.sql b/controller/schema-migration/004-test.sql deleted file mode 100644 index 3733de2..0000000 --- a/controller/schema-migration/004-test.sql +++ /dev/null @@ -1 +0,0 @@ -INSERT INTO arimelody.auditlog (level, type, content) VALUES (0, "test", "this is a db schema migration test!"); From 13a84f7f25b8208bcccf40faf1208e27a964c5cd Mon Sep 17 00:00:00 2001 From: ari melody Date: Sun, 19 Oct 2025 05:01:55 +0100 Subject: [PATCH 80/99] admin dashboard early UI refresh --- .air.toml | 4 +- admin/static/admin.css | 160 ++++++++++++++++++++--------- admin/static/admin.js | 17 +++ admin/static/edit-artist.css | 18 ++-- admin/static/edit-release.css | 67 +++++++----- admin/static/edit-track.css | 9 +- admin/static/index.css | 11 +- admin/static/index.js | 8 ++ admin/static/logs.css | 42 +++++--- admin/static/release-list-item.css | 43 +++----- admin/templates/html/layout.html | 7 +- admin/templates/html/logs.html | 2 +- 12 files changed, 249 insertions(+), 139 deletions(-) diff --git a/.air.toml b/.air.toml index 070166a..c6d499b 100644 --- a/.air.toml +++ b/.air.toml @@ -7,14 +7,14 @@ tmp_dir = "tmp" bin = "./tmp/main" cmd = "go build -o ./tmp/main ." delay = 1000 - exclude_dir = ["admin/static", "admin\\static", "public", "uploads", "test", "db", "res"] + exclude_dir = ["uploads", "test", "db", "res"] exclude_file = [] exclude_regex = ["_test.go"] exclude_unchanged = false follow_symlink = false full_bin = "" include_dir = [] - include_ext = ["go", "tpl", "tmpl", "html"] + include_ext = ["go", "tpl", "tmpl", "html", "css"] include_file = [] kill_delay = "0s" log = "build-errors.log" diff --git a/admin/static/admin.css b/admin/static/admin.css index 877b5da..1f5a1fb 100644 --- a/admin/static/admin.css +++ b/admin/static/admin.css @@ -1,6 +1,71 @@ @import url("/style/prideflag.css"); @import url("/font/inter/inter.css"); +:root { + --bg-0: #101010; + --bg-1: #141414; + --bg-2: #181818; + --bg-3: #202020; + + --fg-0: #b0b0b0; + --fg-1: #c0c0c0; + --fg-2: #d0d0d0; + --fg-3: #e0e0e0; + + --col-shadow-0: #0002; + --col-shadow-1: #0004; + --col-shadow-2: #0006; + --col-highlight-0: #ffffff08; + --col-highlight-1: #fff1; + --col-highlight-2: #fff2; + + --col-new: #b3ee5b; + --col-on-new: #1b2013; + --col-save: #6fd7ff; + --col-on-save: #283f48; + --col-delete: #ff7171; + --col-on-delete: #371919; + + --col-warn: #ffe86a; + --col-on-warn: var(--bg-0); + --col-warn-hover: #ffec81; + + --shadow-sm: + 0 1px 2px var(--col-shadow-2), + inset 0 1px 1px var(--col-highlight-2); + --shadow-md: + 0 2px 4px var(--col-shadow-1), + inset 0 2px 2px var(--col-highlight-1); + --shadow-lg: + 0 4px 8px var(--col-shadow-0), + inset 0 4px 4px var(--col-highlight-0); +} + +@media (prefers-color-scheme: light) { + :root { + --bg-0: #e8e8e8; + --bg-1: #f0f0f0; + --bg-2: #f8f8f8; + --bg-3: #ffffff; + + --fg-0: #606060; + --fg-1: #404040; + --fg-2: #303030; + --fg-3: #202020; + + --col-shadow-0: #0002; + --col-shadow-1: #0004; + --col-shadow-2: #0008; + --col-highlight-0: #fff2; + --col-highlight-1: #fff4; + --col-highlight-2: #fff8; + + --col-warn: #ffe86a; + --col-on-warn: var(--fg-3); + --col-warn-hover: #ffec81; + } +} + body { width: 100%; height: calc(100vh - 1em); @@ -11,8 +76,12 @@ body { font-family: "Inter", sans-serif; font-size: 16px; - color: #303030; - background: #f0f0f0; + color: var(--fg-0); + background: var(--bg-0); +} + +h1, h2, h3, h4, h5, h6 { + color: var(--fg-3); } nav { @@ -22,40 +91,35 @@ nav { display: flex; flex-direction: row; justify-content: left; - - background: #f8f8f8; - border-radius: 4px; - border: 1px solid #808080; + gap: .5em; + user-select: none; } nav .icon { height: 100%; + border-radius: 100%; + box-shadow: var(--shadow-sm); + overflow: hidden; } -nav .title { - width: auto; +nav .icon img { + width: 100%; height: 100%; - - margin: 0 1em 0 0; - - display: flex; - - line-height: 2em; - text-decoration: none; - - color: inherit; } .nav-item { width: auto; height: 100%; - - margin: 0px; padding: 0 1em; - display: flex; + color: var(--fg-2); + background: var(--bg-2); + border-radius: 10em; + box-shadow: var(--shadow-sm); + line-height: 2em; + font-weight: 500; } .nav-item:hover { - background: #00000010; + background: var(--bg-1); text-decoration: none; } nav a { @@ -77,9 +141,11 @@ a { text-decoration: none; } +/* a:hover { text-decoration: underline; } +*/ a img.icon { height: .8em; @@ -133,17 +199,14 @@ code { #error { margin: 0 0 1em 0; padding: 1em; - border-radius: 4px; + border-radius: 8px; background: #ffffff; - border: 1px solid #888; } #message { background: #a9dfff; - border-color: #599fdc; } #error { background: #ffa9b8; - border-color: #dc5959; } @@ -152,52 +215,54 @@ a.delete:not(.button) { color: #d22828; } -button, .button { +.button, button { padding: .5em .8em; font-family: inherit; font-size: inherit; - border-radius: 4px; - border: 1px solid #a0a0a0; - background: #f0f0f0; + color: inherit; + background: var(--bg-2); + border: none; + border-radius: 10em; + box-shadow: var(--shadow-sm); + font-weight: 500; + transition: background .1s ease-out, color .1s ease-out; + + cursor: pointer; + user-select: none; } button:hover, .button:hover { background: #fff; - border-color: #d0d0d0; } button:active, .button:active { background: #d0d0d0; - border-color: #808080; } -.button, button { - color: inherit; -} .button.new, button.new { - background: #c4ff6a; - border-color: #84b141; + color: var(--col-on-new); + background: var(--col-new); } .button.save, button.save { - background: #6fd7ff; - border-color: #6f9eb0; + color: var(--col-on-save); + background: var(--col-save); } .button.delete, button.delete { - background: #ff7171; - border-color: #7d3535; + color: var(--col-on-delete); + background: var(--col-delete); } .button:hover, button:hover { - background: #fff; - border-color: #d0d0d0; + color: var(--bg-3); + background: var(--fg-3); } .button:active, button:active { - background: #d0d0d0; - border-color: #808080; + color: var(--bg-2); + background: var(--fg-0); } .button[disabled], button[disabled] { - background: #d0d0d0 !important; - border-color: #808080 !important; + color: var(--fg-0) !important; + background: var(--bg-3) !important; opacity: .5; - cursor: not-allowed !important; + cursor: default !important; } @@ -217,7 +282,6 @@ form input { padding: .3rem .5rem; display: block; border-radius: 4px; - border: 1px solid #808080; font-size: inherit; font-family: inherit; color: inherit; diff --git a/admin/static/admin.js b/admin/static/admin.js index 0763ab7..140efe0 100644 --- a/admin/static/admin.js +++ b/admin/static/admin.js @@ -69,3 +69,20 @@ export function makeMagicList(container, itemSelector, callback) { if (callback) callback(); }); } + +export function hijackClickEvent(container, link) { + container.addEventListener('click', event => { + if (event.target.tagName.toLowerCase() === 'a') return; + event.preventDefault(); + link.dispatchEvent(new MouseEvent('click', { + bubbles: true, + cancelable: true, + view: window, + ctrlKey: event.ctrlKey, + metaKey: event.metaKey, + shiftKey: event.shiftKey, + altKey: event.altKey, + button: event.button, + })); + }); +} diff --git a/admin/static/edit-artist.css b/admin/static/edit-artist.css index 5627e64..1bab082 100644 --- a/admin/static/edit-artist.css +++ b/admin/static/edit-artist.css @@ -9,9 +9,9 @@ h1 { flex-direction: row; gap: 1.2em; - border-radius: 8px; - background: #f8f8f8f8; - border: 1px solid #808080; + border-radius: 16px; + background: var(--bg-2); + box-shadow: var(--shadow-md); } .artist-avatar { @@ -27,6 +27,7 @@ h1 { cursor: pointer; } .artist-avatar #remove-avatar { + margin-top: .5em; padding: .3em .4em; } @@ -53,8 +54,8 @@ input[type="text"] { font-family: inherit; font-weight: inherit; color: inherit; - background: #ffffff; - border: 1px solid transparent; + background: var(--bg-0); + border: none; border-radius: 4px; outline: none; } @@ -85,9 +86,10 @@ input[type="text"]:focus { flex-direction: row; gap: 1em; align-items: center; - background: #f8f8f8; - border-radius: 8px; - border: 1px solid #808080; + + border-radius: 16px; + background: var(--bg-2); + box-shadow: var(--shadow-md); } .release-artwork { diff --git a/admin/static/edit-release.css b/admin/static/edit-release.css index aa70e34..d30db84 100644 --- a/admin/static/edit-release.css +++ b/admin/static/edit-release.css @@ -12,8 +12,8 @@ input[type="text"] { gap: 1.2em; border-radius: 8px; - background: #f8f8f8f8; - border: 1px solid #808080; + background: var(--bg-2); + box-shadow: var(--shadow-md); } .release-artwork { @@ -29,7 +29,8 @@ input[type="text"] { cursor: pointer; } .release-artwork #remove-artwork { - padding: .3em .4em; + margin-top: .5em; + padding: .3em .6em; } .release-info { @@ -54,17 +55,17 @@ input[type="text"] { background: transparent; outline: none; cursor: pointer; + transition: background .1s ease-out, border-color .1s ease-out; } #title:hover { - background: #ffffff; - border-color: #80808080; + background: var(--bg-3); + border-color: var(--fg-0); } #title:active, #title:focus { - background: #ffffff; - border-color: #808080; + background: var(--bg-3); } .release-title small { @@ -75,19 +76,21 @@ input[type="text"] { width: 100%; margin: .5em 0; border-collapse: collapse; + color: var(--fg-2); } .release-info table td { padding: .2em; - border-bottom: 1px solid #d0d0d0; + border-bottom: 1px solid color-mix(in srgb, var(--fg-0) 25%, transparent); + transition: background .1s ease-out, border-color .1s ease-out; } .release-info table tr td:first-child { vertical-align: top; - opacity: .66; + opacity: .5; } .release-info table tr td:not(:first-child) select:hover, .release-info table tr td:not(:first-child) input:hover, .release-info table tr td:not(:first-child) textarea:hover { - background: #e8e8e8; + background: var(--bg-3); cursor: pointer; } .release-info table td select, @@ -117,11 +120,19 @@ input[type="text"] { justify-content: right; } +.release-actions button, +.release-actions .button { + color: var(--fg-2); + background: var(--bg-3); +} + dialog { width: min(720px, calc(100% - 2em)); padding: 2em; border: 1px solid #101010; - border-radius: 8px; + border-radius: 16px; + color: var(--fg-0); + background: var(--bg-0); } dialog header { @@ -160,9 +171,9 @@ dialog div.dialog-actions { align-items: center; gap: 1em; - border-radius: 8px; - background: #f8f8f8f8; - border: 1px solid #808080; + border-radius: 16px; + background: var(--bg-2); + box-shadow: var(--shadow-md); } .card.credits .credit p { @@ -170,10 +181,11 @@ dialog div.dialog-actions { } .card.credits .credit .artist-avatar { - border-radius: 8px; + border-radius: 12px; } .card.credits .credit .artist-name { + color: var(--fg-3); font-weight: bold; } @@ -197,8 +209,8 @@ dialog div.dialog-actions { gap: 1em; border-radius: 8px; - background: #f8f8f8f8; - border: 1px solid #808080; + background: var(--bg-2); + box-shadow: var(--shadow-md); } #editcredits .credit { @@ -232,6 +244,7 @@ dialog div.dialog-actions { margin: 0; display: flex; align-items: center; + color: inherit; } #editcredits .credit .credit-info .credit-attribute input[type="text"] { @@ -239,15 +252,17 @@ dialog div.dialog-actions { padding: .2em .4em; flex-grow: 1; font-family: inherit; - border: 1px solid #8888; + border: none; border-radius: 4px; - color: inherit; + color: var(--fg-2); + background: var(--bg-0); } #editcredits .credit .credit-info .credit-attribute input[type="checkbox"] { margin: 0 .3em; } #editcredits .credit .artist-name { + color: var(--fg-2); font-weight: bold; } @@ -256,8 +271,12 @@ dialog div.dialog-actions { opacity: .66; } -#editcredits .credit button.delete { - margin-left: auto; +#editcredits .credit .delete { + margin-right: .5em; + cursor: pointer; +} +#editcredits .credit .delete:hover { + text-decoration: underline; } #addcredit ul { @@ -400,9 +419,9 @@ dialog div.dialog-actions { flex-direction: column; gap: .5em; - border-radius: 8px; - background: #f8f8f8f8; - border: 1px solid #808080; + border-radius: 16px; + background: var(--bg-2); + box-shadow: var(--shadow-md); } .card.tracks .track h3, diff --git a/admin/static/edit-track.css b/admin/static/edit-track.css index 600b680..1a9323f 100644 --- a/admin/static/edit-track.css +++ b/admin/static/edit-track.css @@ -11,9 +11,9 @@ h1 { flex-direction: row; gap: 1.2em; - border-radius: 8px; - background: #f8f8f8f8; - border: 1px solid #808080; + border-radius: 16px; + background: var(--bg-2); + box-shadow: var(--shadow-md); } .track-info { @@ -49,7 +49,8 @@ h1 { font-weight: inherit; font-family: inherit; font-size: inherit; - border: 1px solid transparent; + background: var(--bg-0); + border: none; border-radius: 4px; outline: none; color: inherit; diff --git a/admin/static/index.css b/admin/static/index.css index 9fcd731..278224e 100644 --- a/admin/static/index.css +++ b/admin/static/index.css @@ -7,13 +7,18 @@ flex-direction: row; align-items: center; gap: .5em; + color: var(--fg-3); - border-radius: 8px; - background: #f8f8f8f8; - border: 1px solid #808080; + border-radius: 16px; + background: var(--bg-2); + box-shadow: var(--shadow-md); + + transition: background .1s ease-out; + cursor: pointer; } .artist:hover { + background: var(--bg-1); text-decoration: hover; } diff --git a/admin/static/index.js b/admin/static/index.js index e251802..0091fa4 100644 --- a/admin/static/index.js +++ b/admin/static/index.js @@ -1,3 +1,5 @@ +import { hijackClickEvent } from "./admin.js"; + const newReleaseBtn = document.getElementById("create-release"); const newArtistBtn = document.getElementById("create-artist"); const newTrackBtn = document.getElementById("create-track"); @@ -72,3 +74,9 @@ newTrackBtn.addEventListener("click", event => { console.error(err); }); }); + +document.addEventListener("readystatechange", () => { + document.querySelectorAll(".card.artists .artist").forEach(el => { + hijackClickEvent(el, el.querySelector("a.artist-name")) + }); +}); diff --git a/admin/static/logs.css b/admin/static/logs.css index f0df299..4a66038 100644 --- a/admin/static/logs.css +++ b/admin/static/logs.css @@ -2,8 +2,14 @@ main { width: min(1080px, calc(100% - 2em))!important } -form { +form#search-form { + width: calc(100% - 2em); margin: 1em 0; + padding: 1em; + border-radius: 16px; + color: var(--fg-0); + background: var(--bg-2); + box-shadow: var(--shadow-md); } div#search { @@ -12,24 +18,25 @@ div#search { #search input { margin: 0; + padding: .3em .8em; flex-grow: 1; - - border-right: none; - border-top-right-radius: 0; - border-bottom-right-radius: 0; + border: none; + border-radius: 16px; + color: var(--fg-1); + background: var(--bg-0); + box-shadow: var(--shadow-sm); } #search button { - padding: 0 .5em; - - border-top-left-radius: 0; - border-bottom-left-radius: 0; + margin-left: .5em; + padding: 0 .8em; } form #filters p { margin: .5em 0 0 0; } form #filters label { + color: inherit; display: inline; } form #filters input { @@ -57,6 +64,10 @@ form #filters input { padding: .4em .8em; } +#logs .log { + color: var(--fg-2); +} + td, th { width: 1%; text-align: left; @@ -74,13 +85,14 @@ td.log-content { white-space: collapse; } -.log:hover { - background: #fff8; +#logs .log:hover { + background: color-mix(in srgb, var(--fg-3) 10%, transparent); } -.log.warn { - background: #ffe86a; +#logs .log.warn { + color: var(--col-on-warn); + background: var(--col-warn); } -.log.warn:hover { - background: #ffec81; +#logs .log.warn:hover { + background: var(--col-warn-hover); } diff --git a/admin/static/release-list-item.css b/admin/static/release-list-item.css index 638eac0..fb5d2d4 100644 --- a/admin/static/release-list-item.css +++ b/admin/static/release-list-item.css @@ -5,9 +5,9 @@ flex-direction: row; gap: 1em; - border-radius: 8px; - background: #f8f8f8f8; - border: 1px solid #808080; + border-radius: 16px; + background: var(--bg-2); + box-shadow: var(--shadow-md); } .release h3, @@ -16,11 +16,15 @@ } .release-artwork { + margin: auto 0; width: 96px; display: flex; justify-content: center; align-items: center; + border-radius: 4px; + overflow: hidden; + box-shadow: var(--shadow-sm); } .release-artwork img { @@ -42,30 +46,9 @@ gap: .5em; } -.release-links li { - flex-grow: 1; -} - -.release-links a { - padding: .5em; - display: block; - - border-radius: 8px; - text-decoration: none; - color: #f0f0f0; - background: #303030; - text-align: center; - - transition: color .1s, background .1s; -} - -.release-links a:hover { - color: #303030; - background: #f0f0f0; -} - .release-actions { margin-top: .5em; + user-select: none; } .release-actions a { @@ -74,14 +57,14 @@ display: inline-block; border-radius: 4px; - background: #e0e0e0; + background: var(--bg-3); + box-shadow: var(--shadow-sm); - transition: color .1s, background .1s; + transition: color .1s ease-out, background .1s ease-out; } .release-actions a:hover { - color: #303030; - background: #f0f0f0; - + background: var(--bg-0); + color: var(--fg-3); text-decoration: none; } diff --git a/admin/templates/html/layout.html b/admin/templates/html/layout.html index fdeda9b..4925ce9 100644 --- a/admin/templates/html/layout.html +++ b/admin/templates/html/layout.html @@ -16,10 +16,9 @@