tandem/camper
tandem
/
camper
2
0
Fork 0
Code Issues 7 Pull Requests Packages Projects Releases Wiki Activity
camper/pkg/app/user.go

277 lines
7.6 KiB
Go
Raw Normal View History

Add profile form, inside a user menu This is the first form that uses HTMx, and can not return a 400 error code because otherwise HTMx does not render the content. Since now there are pages that do not render the whole html, with header and body, i need a different layout for these, and moved the common code to handle forms and such a new template file that both layouts can use. I also need the request in template.MustRender to check which layout i should use. Closes #7.
2023-07-26 18:46:09 +00:00
/*
* SPDX-FileCopyrightText: 2023 jordi fita mas <jfita@peritasoft.com>
* SPDX-License-Identifier: AGPL-3.0-only
*/
Include the locale inside the User struct The locale is completely dependent on the user, as much as its email or CSRF token, so it does not make much sense to have it in a separate variable: for different users we might have to use different locales. Also, this means one less variable to pass to handlers, that most of them will need the user at some point or another (i.e., to render its profile icon). The thing is that i can not import `app.User` from the template package because it would create an import cycle. I created the `auth` package just because of that. I thought that the login code would be better moved to the auth package as well, but of course then i would reintroduce the import cycle between auth and template.
2023-07-26 10:08:59 +00:00
package app
import (
Add profile form, inside a user menu This is the first form that uses HTMx, and can not return a 400 error code because otherwise HTMx does not render the content. Since now there are pages that do not render the whole html, with header and body, i need a different layout for these, and moved the common code to handle forms and such a new template file that both layouts can use. I also need the request in template.MustRender to check which layout i should use. Closes #7.
2023-07-26 18:46:09 +00:00
"context"
Allow users to update their profile images I do not see the profile image as an “integral part” of the user (i.e., no need for constraints), hence i do not want to store it in the database, as would do for the identification image during check-in. By default, i store the avatars in /var/lib/camper/avatars, but it is a variable to allow packagers change this value using the linker. This is also served as a test bed for uploading files to the server, that now has a better interface and uses less resources that what i did to Numerus. Now the profile handler needs to keep a variable to know the path to the avatars’ directory, thus i had to change it to a struct nested in app, much like the fileHandler does. It still has to return the HandlerFunc, however, as this function needs to close over the user and connection variables. Part of #7.
2023-07-28 18:15:09 +00:00
"io"
Include the locale inside the User struct The locale is completely dependent on the user, as much as its email or CSRF token, so it does not make much sense to have it in a separate variable: for different users we might have to use different locales. Also, this means one less variable to pass to handlers, that most of them will need the user at some point or another (i.e., to render its profile icon). The thing is that i can not import `app.User` from the template package because it would create an import cycle. I created the `auth` package just because of that. I thought that the login code would be better moved to the auth package as well, but of course then i would reintroduce the import cycle between auth and template.
2023-07-26 10:08:59 +00:00
"net/http"
Allow users to update their profile images I do not see the profile image as an “integral part” of the user (i.e., no need for constraints), hence i do not want to store it in the database, as would do for the identification image during check-in. By default, i store the avatars in /var/lib/camper/avatars, but it is a variable to allow packagers change this value using the linker. This is also served as a test bed for uploading files to the server, that now has a better interface and uses less resources that what i did to Numerus. Now the profile handler needs to keep a variable to know the path to the avatars’ directory, thus i had to change it to a struct nested in app, much like the fileHandler does. It still has to return the HandlerFunc, however, as this function needs to close over the user and connection variables. Part of #7.
2023-07-28 18:15:09 +00:00
"os"
"path"
"path/filepath"
"strconv"
Include the locale inside the User struct The locale is completely dependent on the user, as much as its email or CSRF token, so it does not make much sense to have it in a separate variable: for different users we might have to use different locales. Also, this means one less variable to pass to handlers, that most of them will need the user at some point or another (i.e., to render its profile icon). The thing is that i can not import `app.User` from the template package because it would create an import cycle. I created the `auth` package just because of that. I thought that the login code would be better moved to the auth package as well, but of course then i would reintroduce the import cycle between auth and template.
2023-07-26 10:08:59 +00:00
"golang.org/x/text/language"
"dev.tandem.ws/tandem/camper/pkg/auth"
"dev.tandem.ws/tandem/camper/pkg/database"
Add profile form, inside a user menu This is the first form that uses HTMx, and can not return a 400 error code because otherwise HTMx does not render the content. Since now there are pages that do not render the whole html, with header and body, i need a different layout for these, and moved the common code to handle forms and such a new template file that both layouts can use. I also need the request in template.MustRender to check which layout i should use. Closes #7.
2023-07-26 18:46:09 +00:00
"dev.tandem.ws/tandem/camper/pkg/form"
httplib "dev.tandem.ws/tandem/camper/pkg/http"
Include the locale inside the User struct The locale is completely dependent on the user, as much as its email or CSRF token, so it does not make much sense to have it in a separate variable: for different users we might have to use different locales. Also, this means one less variable to pass to handlers, that most of them will need the user at some point or another (i.e., to render its profile icon). The thing is that i can not import `app.User` from the template package because it would create an import cycle. I created the `auth` package just because of that. I thought that the login code would be better moved to the auth package as well, but of course then i would reintroduce the import cycle between auth and template.
2023-07-26 10:08:59 +00:00
"dev.tandem.ws/tandem/camper/pkg/locale"
Add profile form, inside a user menu This is the first form that uses HTMx, and can not return a 400 error code because otherwise HTMx does not render the content. Since now there are pages that do not render the whole html, with header and body, i need a different layout for these, and moved the common code to handle forms and such a new template file that both layouts can use. I also need the request in template.MustRender to check which layout i should use. Closes #7.
2023-07-26 18:46:09 +00:00
"dev.tandem.ws/tandem/camper/pkg/template"
Include the locale inside the User struct The locale is completely dependent on the user, as much as its email or CSRF token, so it does not make much sense to have it in a separate variable: for different users we might have to use different locales. Also, this means one less variable to pass to handlers, that most of them will need the user at some point or another (i.e., to render its profile icon). The thing is that i can not import `app.User` from the template package because it would create an import cycle. I created the `auth` package just because of that. I thought that the login code would be better moved to the auth package as well, but of course then i would reintroduce the import cycle between auth and template.
2023-07-26 10:08:59 +00:00
)
func (h *App) getUser(r *http.Request, conn *database.Conn) (*auth.User, error) {
cookie := auth.GetSessionCookie(r)
if _, err := conn.Exec(r.Context(), "select set_cookie($1)", cookie); err != nil {
return nil, err
}
user := &auth.User{
Email: "",
LoggedIn: false,
Role: "guest",
}
Allow users to update their profile images I do not see the profile image as an “integral part” of the user (i.e., no need for constraints), hence i do not want to store it in the database, as would do for the identification image during check-in. By default, i store the avatars in /var/lib/camper/avatars, but it is a variable to allow packagers change this value using the linker. This is also served as a test bed for uploading files to the server, that now has a better interface and uses less resources that what i did to Numerus. Now the profile handler needs to keep a variable to know the path to the avatars’ directory, thus i had to change it to a struct nested in app, much like the fileHandler does. It still has to return the HandlerFunc, however, as this function needs to close over the user and connection variables. Part of #7.
2023-07-28 18:15:09 +00:00
row := conn.QueryRow(r.Context(), "select user_id, coalesce(email, ''), email is not null, role, lang_tag, csrf_token from user_profile")
Include the locale inside the User struct The locale is completely dependent on the user, as much as its email or CSRF token, so it does not make much sense to have it in a separate variable: for different users we might have to use different locales. Also, this means one less variable to pass to handlers, that most of them will need the user at some point or another (i.e., to render its profile icon). The thing is that i can not import `app.User` from the template package because it would create an import cycle. I created the `auth` package just because of that. I thought that the login code would be better moved to the auth package as well, but of course then i would reintroduce the import cycle between auth and template.
2023-07-26 10:08:59 +00:00
var langTag string
Allow users to update their profile images I do not see the profile image as an “integral part” of the user (i.e., no need for constraints), hence i do not want to store it in the database, as would do for the identification image during check-in. By default, i store the avatars in /var/lib/camper/avatars, but it is a variable to allow packagers change this value using the linker. This is also served as a test bed for uploading files to the server, that now has a better interface and uses less resources that what i did to Numerus. Now the profile handler needs to keep a variable to know the path to the avatars’ directory, thus i had to change it to a struct nested in app, much like the fileHandler does. It still has to return the HandlerFunc, however, as this function needs to close over the user and connection variables. Part of #7.
2023-07-28 18:15:09 +00:00
if err := row.Scan(&user.ID, &user.Email, &user.LoggedIn, &user.Role, &langTag, &user.CSRFToken); err != nil {
Include the locale inside the User struct The locale is completely dependent on the user, as much as its email or CSRF token, so it does not make much sense to have it in a separate variable: for different users we might have to use different locales. Also, this means one less variable to pass to handlers, that most of them will need the user at some point or another (i.e., to render its profile icon). The thing is that i can not import `app.User` from the template package because it would create an import cycle. I created the `auth` package just because of that. I thought that the login code would be better moved to the auth package as well, but of course then i would reintroduce the import cycle between auth and template.
2023-07-26 10:08:59 +00:00
return nil, err
}
if lang, err := language.Parse(langTag); err == nil {
user.Language = lang
} else {
return nil, err
}
user.Locale = h.locales[user.Language]
if user.Locale == nil {
user.Locale = h.matchLocale(r)
}
return user, nil
}
func (h *App) matchLocale(r *http.Request) *locale.Locale {
l := locale.Match(r.Header.Get("Accept-Language"), h.locales, h.languageMatcher)
if l == nil {
l = h.defaultLocale
}
return l
}
Add the logout button Conceptually, to logout we have to “delete the session”, thus the best HTTP verb would be `DELETE`. However, there is no way to send a `DELETE` request with a regular HTML form, and it seems that never will be[0]. I could use a POST, optionally with a “method override” technique, but i was planing to use HTMx anyway, so this was as good an opportunity to include it as any. In this application i am not concerned with people not having JavaScript enabled, because it is for a customer that has a known environment, and we do not have much time anyway. Therefore, i opted to forgo progressive enhancement in cases like this: if `DELETE` is needed, use `hx-delete`. Unfortunately, i can not use a <form> with a hidden <input> for the CSRF token, because `DELETE` requests do not have body and the value should be added as query parameters, like a form with GET method, but HTMx does the incorrect thing here: sends the values in the request’s body. That’s why i have to use a custom header and the `hx-header` directive to include the CSRF token. Then, by default HTMx targets the triggered element for swap with the response from the server, but after a logout i want to redirect the user to the login form again. I could set the hx-target to button to replace the whole body, or tell the client to redirect to the new location. I actually do not know which one is “better”. Maybe the hx-target is best because then everything is handled by the client, but in the case of logout, since it is possible that i might want to load scripts only for logged-in users in the future, i opted for the full page reload. However, HTMx does not want to reload a page that return HTTP 401, hence i had to include the GET method to /login in order to return the login form with a response of HTTP 200, which also helps when reloading in the browser after a failed login attempt. I am not worried with the HTTP 401 when attempting to load a page as guest, because this request most probably comes from the browser, not HTMx, and it will show the login form as intended—even though it is not compliant, since it does not return the WWW-Authenticate header, but this is the best i can do given that no cookie-based authentication method has been accepted[1]. [0]: https://www.w3.org/Bugs/Public/show_bug.cgi?id=10671#c16 [1]: https://datatracker.ietf.org/doc/id/draft-broyer-http-cookie-auth-00.html
2023-07-26 11:49:47 +00:00
Allow users to update their profile images I do not see the profile image as an “integral part” of the user (i.e., no need for constraints), hence i do not want to store it in the database, as would do for the identification image during check-in. By default, i store the avatars in /var/lib/camper/avatars, but it is a variable to allow packagers change this value using the linker. This is also served as a test bed for uploading files to the server, that now has a better interface and uses less resources that what i did to Numerus. Now the profile handler needs to keep a variable to know the path to the avatars’ directory, thus i had to change it to a struct nested in app, much like the fileHandler does. It still has to return the HandlerFunc, however, as this function needs to close over the user and connection variables. Part of #7.
2023-07-28 18:15:09 +00:00
type profileHandler struct {
fileHandle http.Handler
avatarHandle http.Handler
avatarsDir string
}
func newProfileHandler(static http.Handler, avatarsDir string) (*profileHandler, error) {
if err := os.MkdirAll(avatarsDir, 0755); err != nil {
return nil, err
}
handler := &profileHandler{
fileHandle: static,
avatarsDir: avatarsDir,
avatarHandle: http.FileServer(http.Dir(avatarsDir)),
}
return handler, nil
}
Instead of keeping a requestPath in app, use request.RequestURI I was keeping this variable to redirect to the requested URL when the user has no permission, is not logged in, and is shown the login form to redirect them back to the original URL. Since each handler removes a part of the path each time, i need to keep the original Path for that. However, i just found out that request.RequestURI already is that original URI requested by the client. No need for an extra variable.
2023-08-06 02:03:04 +00:00
func (h *profileHandler) Handler(user *auth.User, company *auth.Company, conn *database.Conn) http.HandlerFunc {
Add the logout button Conceptually, to logout we have to “delete the session”, thus the best HTTP verb would be `DELETE`. However, there is no way to send a `DELETE` request with a regular HTML form, and it seems that never will be[0]. I could use a POST, optionally with a “method override” technique, but i was planing to use HTMx anyway, so this was as good an opportunity to include it as any. In this application i am not concerned with people not having JavaScript enabled, because it is for a customer that has a known environment, and we do not have much time anyway. Therefore, i opted to forgo progressive enhancement in cases like this: if `DELETE` is needed, use `hx-delete`. Unfortunately, i can not use a <form> with a hidden <input> for the CSRF token, because `DELETE` requests do not have body and the value should be added as query parameters, like a form with GET method, but HTMx does the incorrect thing here: sends the values in the request’s body. That’s why i have to use a custom header and the `hx-header` directive to include the CSRF token. Then, by default HTMx targets the triggered element for swap with the response from the server, but after a logout i want to redirect the user to the login form again. I could set the hx-target to button to replace the whole body, or tell the client to redirect to the new location. I actually do not know which one is “better”. Maybe the hx-target is best because then everything is handled by the client, but in the case of logout, since it is possible that i might want to load scripts only for logged-in users in the future, i opted for the full page reload. However, HTMx does not want to reload a page that return HTTP 401, hence i had to include the GET method to /login in order to return the login form with a response of HTTP 200, which also helps when reloading in the browser after a failed login attempt. I am not worried with the HTTP 401 when attempting to load a page as guest, because this request most probably comes from the browser, not HTMx, and it will show the login form as intended—even though it is not compliant, since it does not return the WWW-Authenticate header, but this is the best i can do given that no cookie-based authentication method has been accepted[1]. [0]: https://www.w3.org/Bugs/Public/show_bug.cgi?id=10671#c16 [1]: https://datatracker.ietf.org/doc/id/draft-broyer-http-cookie-auth-00.html
2023-07-26 11:49:47 +00:00
return func(w http.ResponseWriter, r *http.Request) {
Split templates and handlers into admin and public I need to check that the user is an employee (or admin) in administration handlers, but i do not want to do it for each handler, because i am bound to forget it. Thus, i added the /admin sub-path for these resources. The public-facing web is the rest of the resources outside /admin, but for now there is only home, to test whether it works as expected or not. The public-facing web can not relay on the user’s language settings, as the guest user has no way to set that. I would be happy to just use the Accept-Language header for that, but apparently Google does not use that header[0], and they give four alternatives: a country-specific domain, a subdomain with a generic top-level domain (gTLD), subdirectories with a gTLD, or URL parameters (e.g., site.com?loc=de). Of the four, Google does not recommend URL parameters, and the customer is already using subdirectories with the current site, therefor that’s what i have chosen. Google also tells me that it is a very good idea to have links between localized version of the same resources, either with <link> elements, Link HTTP response headers, or a sitemap file[1]; they are all equivalent in the eyes of Google. I have choosen the Link response headers way, because for that i can simply “augment” ResponseHeader to automatically add these headers when the response status is 2xx, otherwise i would need to pass down the original URL path until it reaches the template. Even though Camper is supposed to be a “generic”, multi-company application, i think i will stick to the easiest route and write the templates for just the “first” customer. [0]: https://developers.google.com/search/docs/specialty/international/managing-multi-regional-sites [1]: https://developers.google.com/search/docs/specialty/international/localized-versions
2023-08-05 01:42:37 +00:00
if !user.LoggedIn {
w.WriteHeader(http.StatusUnauthorized)
Instead of keeping a requestPath in app, use request.RequestURI I was keeping this variable to redirect to the requested URL when the user has no permission, is not logged in, and is shown the login form to redirect them back to the original URL. Since each handler removes a part of the path each time, i need to keep the original Path for that. However, i just found out that request.RequestURI already is that original URI requested by the client. No need for an extra variable.
2023-08-06 02:03:04 +00:00
serveLoginForm(w, r, user, company, r.RequestURI)
Split templates and handlers into admin and public I need to check that the user is an employee (or admin) in administration handlers, but i do not want to do it for each handler, because i am bound to forget it. Thus, i added the /admin sub-path for these resources. The public-facing web is the rest of the resources outside /admin, but for now there is only home, to test whether it works as expected or not. The public-facing web can not relay on the user’s language settings, as the guest user has no way to set that. I would be happy to just use the Accept-Language header for that, but apparently Google does not use that header[0], and they give four alternatives: a country-specific domain, a subdomain with a generic top-level domain (gTLD), subdirectories with a gTLD, or URL parameters (e.g., site.com?loc=de). Of the four, Google does not recommend URL parameters, and the customer is already using subdirectories with the current site, therefor that’s what i have chosen. Google also tells me that it is a very good idea to have links between localized version of the same resources, either with <link> elements, Link HTTP response headers, or a sitemap file[1]; they are all equivalent in the eyes of Google. I have choosen the Link response headers way, because for that i can simply “augment” ResponseHeader to automatically add these headers when the response status is 2xx, otherwise i would need to pass down the original URL path until it reaches the template. Even though Camper is supposed to be a “generic”, multi-company application, i think i will stick to the easiest route and write the templates for just the “first” customer. [0]: https://developers.google.com/search/docs/specialty/international/managing-multi-regional-sites [1]: https://developers.google.com/search/docs/specialty/international/localized-versions
2023-08-05 01:42:37 +00:00
return
}
Add the logout button Conceptually, to logout we have to “delete the session”, thus the best HTTP verb would be `DELETE`. However, there is no way to send a `DELETE` request with a regular HTML form, and it seems that never will be[0]. I could use a POST, optionally with a “method override” technique, but i was planing to use HTMx anyway, so this was as good an opportunity to include it as any. In this application i am not concerned with people not having JavaScript enabled, because it is for a customer that has a known environment, and we do not have much time anyway. Therefore, i opted to forgo progressive enhancement in cases like this: if `DELETE` is needed, use `hx-delete`. Unfortunately, i can not use a <form> with a hidden <input> for the CSRF token, because `DELETE` requests do not have body and the value should be added as query parameters, like a form with GET method, but HTMx does the incorrect thing here: sends the values in the request’s body. That’s why i have to use a custom header and the `hx-header` directive to include the CSRF token. Then, by default HTMx targets the triggered element for swap with the response from the server, but after a logout i want to redirect the user to the login form again. I could set the hx-target to button to replace the whole body, or tell the client to redirect to the new location. I actually do not know which one is “better”. Maybe the hx-target is best because then everything is handled by the client, but in the case of logout, since it is possible that i might want to load scripts only for logged-in users in the future, i opted for the full page reload. However, HTMx does not want to reload a page that return HTTP 401, hence i had to include the GET method to /login in order to return the login form with a response of HTTP 200, which also helps when reloading in the browser after a failed login attempt. I am not worried with the HTTP 401 when attempting to load a page as guest, because this request most probably comes from the browser, not HTMx, and it will show the login form as intended—even though it is not compliant, since it does not return the WWW-Authenticate header, but this is the best i can do given that no cookie-based authentication method has been accepted[1]. [0]: https://www.w3.org/Bugs/Public/show_bug.cgi?id=10671#c16 [1]: https://datatracker.ietf.org/doc/id/draft-broyer-http-cookie-auth-00.html
2023-07-26 11:49:47 +00:00
var head string
Add the mock-up form for new campsite type It does nothing, but i need it to discuss with Oriol. Now there are more than a single package that requires shiftPath, so i moved it to http and an exported function, ShiftPath. Part of #25.
2023-07-31 12:22:57 +00:00
head, r.URL.Path = httplib.ShiftPath(r.URL.Path)
Add the logout button Conceptually, to logout we have to “delete the session”, thus the best HTTP verb would be `DELETE`. However, there is no way to send a `DELETE` request with a regular HTML form, and it seems that never will be[0]. I could use a POST, optionally with a “method override” technique, but i was planing to use HTMx anyway, so this was as good an opportunity to include it as any. In this application i am not concerned with people not having JavaScript enabled, because it is for a customer that has a known environment, and we do not have much time anyway. Therefore, i opted to forgo progressive enhancement in cases like this: if `DELETE` is needed, use `hx-delete`. Unfortunately, i can not use a <form> with a hidden <input> for the CSRF token, because `DELETE` requests do not have body and the value should be added as query parameters, like a form with GET method, but HTMx does the incorrect thing here: sends the values in the request’s body. That’s why i have to use a custom header and the `hx-header` directive to include the CSRF token. Then, by default HTMx targets the triggered element for swap with the response from the server, but after a logout i want to redirect the user to the login form again. I could set the hx-target to button to replace the whole body, or tell the client to redirect to the new location. I actually do not know which one is “better”. Maybe the hx-target is best because then everything is handled by the client, but in the case of logout, since it is possible that i might want to load scripts only for logged-in users in the future, i opted for the full page reload. However, HTMx does not want to reload a page that return HTTP 401, hence i had to include the GET method to /login in order to return the login form with a response of HTTP 200, which also helps when reloading in the browser after a failed login attempt. I am not worried with the HTTP 401 when attempting to load a page as guest, because this request most probably comes from the browser, not HTMx, and it will show the login form as intended—even though it is not compliant, since it does not return the WWW-Authenticate header, but this is the best i can do given that no cookie-based authentication method has been accepted[1]. [0]: https://www.w3.org/Bugs/Public/show_bug.cgi?id=10671#c16 [1]: https://datatracker.ietf.org/doc/id/draft-broyer-http-cookie-auth-00.html
2023-07-26 11:49:47 +00:00
switch head {
Allow users to update their profile images I do not see the profile image as an “integral part” of the user (i.e., no need for constraints), hence i do not want to store it in the database, as would do for the identification image during check-in. By default, i store the avatars in /var/lib/camper/avatars, but it is a variable to allow packagers change this value using the linker. This is also served as a test bed for uploading files to the server, that now has a better interface and uses less resources that what i did to Numerus. Now the profile handler needs to keep a variable to know the path to the avatars’ directory, thus i had to change it to a struct nested in app, much like the fileHandler does. It still has to return the HandlerFunc, however, as this function needs to close over the user and connection variables. Part of #7.
2023-07-28 18:15:09 +00:00
case "avatar":
switch r.Method {
case http.MethodGet:
h.serveAvatar(w, r, user)
default:
Add the company’s slug in the URL before company-dependent handlers I really doubt that they are going to use more than a single company, but the application is based on Numerus, that **does** have multiple company, and followed the same architecture and philosophy: use the URL to choose the company to manage, even if the user has a single company. The reason i use the slug instead of the ID is because i do not want to make the ID public in case the application is really used by employees of many unrelated companies: they need not need to guess how many companies there are based on the ID. I validate this slug to be a valid UUID instead of relaying on the query’s empty result because casting a string with a malformed value to UUID results in an error other than data not found. Not with that select, but it would fail with a function parameter, and i want to add that UUID check to all functions that do use slugs. I based uuid.Valid function on Parse() from Google’s uuid package[0] instead of using regular expression, as it was my first idea, because that function is an order of magnitude faster in benchmarks: goos: linux goarch: amd64 pkg: dev.tandem.ws/tandem/numerus/pkg cpu: Intel(R) Core(TM) i5-6200U CPU @ 2.30GHz BenchmarkValidUuid-4 36946050 29.37 ns/op BenchmarkValidUuid_Re-4 3633169 306.70 ns/op The regular expression used for the benchmark was: var re = regexp.MustCompile("^[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-4[a-fA-F0-9]{3}-[8|9|aA|bB][a-fA-F0-9]{3}-[a-fA-F0-9]{12}$") And the input parameter for both functions was the following valid UUID, because most of the time the passed UUID will be valid: "f47ac10b-58cc-0372-8567-0e02b2c3d479" I did not use the uuid package as is, even though it is in Debian’s repository, because i only need to check whether the value is valid, not convert it to a byte array. As far as i know, that package can not do that. Adding the Company struct into auth was not my intention, as it makes little sense name-wise, but i need to have the Company when rendering templates and the company package has templates to render, thus using the company package for the Company struct would create a dependency loop between template and company. I’ve chosen the auth package only because User is also there; User and Company are very much related in this application, but not enough to include the company inside the user, or vice versa, as the User comes from the cookie while the company from the URL. Finally, had to move methodNotAllowed to the http package, as an exported function, because it is used now from other packages, namely campsite. [0]: https://github.com/google/uuid
2023-07-31 16:51:50 +00:00
httplib.MethodNotAllowed(w, r, http.MethodGet)
Allow users to update their profile images I do not see the profile image as an “integral part” of the user (i.e., no need for constraints), hence i do not want to store it in the database, as would do for the identification image during check-in. By default, i store the avatars in /var/lib/camper/avatars, but it is a variable to allow packagers change this value using the linker. This is also served as a test bed for uploading files to the server, that now has a better interface and uses less resources that what i did to Numerus. Now the profile handler needs to keep a variable to know the path to the avatars’ directory, thus i had to change it to a struct nested in app, much like the fileHandler does. It still has to return the HandlerFunc, however, as this function needs to close over the user and connection variables. Part of #7.
2023-07-28 18:15:09 +00:00
}
Add the logout button Conceptually, to logout we have to “delete the session”, thus the best HTTP verb would be `DELETE`. However, there is no way to send a `DELETE` request with a regular HTML form, and it seems that never will be[0]. I could use a POST, optionally with a “method override” technique, but i was planing to use HTMx anyway, so this was as good an opportunity to include it as any. In this application i am not concerned with people not having JavaScript enabled, because it is for a customer that has a known environment, and we do not have much time anyway. Therefore, i opted to forgo progressive enhancement in cases like this: if `DELETE` is needed, use `hx-delete`. Unfortunately, i can not use a <form> with a hidden <input> for the CSRF token, because `DELETE` requests do not have body and the value should be added as query parameters, like a form with GET method, but HTMx does the incorrect thing here: sends the values in the request’s body. That’s why i have to use a custom header and the `hx-header` directive to include the CSRF token. Then, by default HTMx targets the triggered element for swap with the response from the server, but after a logout i want to redirect the user to the login form again. I could set the hx-target to button to replace the whole body, or tell the client to redirect to the new location. I actually do not know which one is “better”. Maybe the hx-target is best because then everything is handled by the client, but in the case of logout, since it is possible that i might want to load scripts only for logged-in users in the future, i opted for the full page reload. However, HTMx does not want to reload a page that return HTTP 401, hence i had to include the GET method to /login in order to return the login form with a response of HTTP 200, which also helps when reloading in the browser after a failed login attempt. I am not worried with the HTTP 401 when attempting to load a page as guest, because this request most probably comes from the browser, not HTMx, and it will show the login form as intended—even though it is not compliant, since it does not return the WWW-Authenticate header, but this is the best i can do given that no cookie-based authentication method has been accepted[1]. [0]: https://www.w3.org/Bugs/Public/show_bug.cgi?id=10671#c16 [1]: https://datatracker.ietf.org/doc/id/draft-broyer-http-cookie-auth-00.html
2023-07-26 11:49:47 +00:00
case "session":
switch r.Method {
case http.MethodDelete:
handleLogout(w, r, user, conn)
default:
Add the company’s slug in the URL before company-dependent handlers I really doubt that they are going to use more than a single company, but the application is based on Numerus, that **does** have multiple company, and followed the same architecture and philosophy: use the URL to choose the company to manage, even if the user has a single company. The reason i use the slug instead of the ID is because i do not want to make the ID public in case the application is really used by employees of many unrelated companies: they need not need to guess how many companies there are based on the ID. I validate this slug to be a valid UUID instead of relaying on the query’s empty result because casting a string with a malformed value to UUID results in an error other than data not found. Not with that select, but it would fail with a function parameter, and i want to add that UUID check to all functions that do use slugs. I based uuid.Valid function on Parse() from Google’s uuid package[0] instead of using regular expression, as it was my first idea, because that function is an order of magnitude faster in benchmarks: goos: linux goarch: amd64 pkg: dev.tandem.ws/tandem/numerus/pkg cpu: Intel(R) Core(TM) i5-6200U CPU @ 2.30GHz BenchmarkValidUuid-4 36946050 29.37 ns/op BenchmarkValidUuid_Re-4 3633169 306.70 ns/op The regular expression used for the benchmark was: var re = regexp.MustCompile("^[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-4[a-fA-F0-9]{3}-[8|9|aA|bB][a-fA-F0-9]{3}-[a-fA-F0-9]{12}$") And the input parameter for both functions was the following valid UUID, because most of the time the passed UUID will be valid: "f47ac10b-58cc-0372-8567-0e02b2c3d479" I did not use the uuid package as is, even though it is in Debian’s repository, because i only need to check whether the value is valid, not convert it to a byte array. As far as i know, that package can not do that. Adding the Company struct into auth was not my intention, as it makes little sense name-wise, but i need to have the Company when rendering templates and the company package has templates to render, thus using the company package for the Company struct would create a dependency loop between template and company. I’ve chosen the auth package only because User is also there; User and Company are very much related in this application, but not enough to include the company inside the user, or vice versa, as the User comes from the cookie while the company from the URL. Finally, had to move methodNotAllowed to the http package, as an exported function, because it is used now from other packages, namely campsite. [0]: https://github.com/google/uuid
2023-07-31 16:51:50 +00:00
httplib.MethodNotAllowed(w, r, http.MethodDelete)
Add the logout button Conceptually, to logout we have to “delete the session”, thus the best HTTP verb would be `DELETE`. However, there is no way to send a `DELETE` request with a regular HTML form, and it seems that never will be[0]. I could use a POST, optionally with a “method override” technique, but i was planing to use HTMx anyway, so this was as good an opportunity to include it as any. In this application i am not concerned with people not having JavaScript enabled, because it is for a customer that has a known environment, and we do not have much time anyway. Therefore, i opted to forgo progressive enhancement in cases like this: if `DELETE` is needed, use `hx-delete`. Unfortunately, i can not use a <form> with a hidden <input> for the CSRF token, because `DELETE` requests do not have body and the value should be added as query parameters, like a form with GET method, but HTMx does the incorrect thing here: sends the values in the request’s body. That’s why i have to use a custom header and the `hx-header` directive to include the CSRF token. Then, by default HTMx targets the triggered element for swap with the response from the server, but after a logout i want to redirect the user to the login form again. I could set the hx-target to button to replace the whole body, or tell the client to redirect to the new location. I actually do not know which one is “better”. Maybe the hx-target is best because then everything is handled by the client, but in the case of logout, since it is possible that i might want to load scripts only for logged-in users in the future, i opted for the full page reload. However, HTMx does not want to reload a page that return HTTP 401, hence i had to include the GET method to /login in order to return the login form with a response of HTTP 200, which also helps when reloading in the browser after a failed login attempt. I am not worried with the HTTP 401 when attempting to load a page as guest, because this request most probably comes from the browser, not HTMx, and it will show the login form as intended—even though it is not compliant, since it does not return the WWW-Authenticate header, but this is the best i can do given that no cookie-based authentication method has been accepted[1]. [0]: https://www.w3.org/Bugs/Public/show_bug.cgi?id=10671#c16 [1]: https://datatracker.ietf.org/doc/id/draft-broyer-http-cookie-auth-00.html
2023-07-26 11:49:47 +00:00
}
Add profile form, inside a user menu This is the first form that uses HTMx, and can not return a 400 error code because otherwise HTMx does not render the content. Since now there are pages that do not render the whole html, with header and body, i need a different layout for these, and moved the common code to handle forms and such a new template file that both layouts can use. I also need the request in template.MustRender to check which layout i should use. Closes #7.
2023-07-26 18:46:09 +00:00
case "":
switch r.Method {
case http.MethodGet:
Use HTTP Host to establish the request’s company We made the decision that this application will also serve the public pages to guests and customers, to avoid the overhead of having to synchronize all data between this application and a bespoke WordPress plugin. That means that i no longer can have a /company/slug in the URL to know which company the request is for, not only because it looks ugly but because guest users do not have a “main company”—or any company whatsoever. Since the public-facing web is going to be served through a valid DNS domain, and all companies are going to have a different domain, i realized this is enough: i only had to add a relation of company and their hosts. The same company can have many hosts for staging servers or to separate the administration and public parts, for instance. With change, the company is already known from the first handler, and can pass it down to all the others, not only the handlers under /company/slug/whatever. And i no longer need the companyURL function, as there is no more explicit company in the URL. Even though template technically does not need the template, as it only contains the ID —the rest of the data is in a relation inaccessible to guests for now—, but i left the parameter just in case later on i need the decimal digits or currency symbol for whatever reason.
2023-08-03 18:21:21 +00:00
serveProfileForm(w, r, user, company, conn)
Add profile form, inside a user menu This is the first form that uses HTMx, and can not return a 400 error code because otherwise HTMx does not render the content. Since now there are pages that do not render the whole html, with header and body, i need a different layout for these, and moved the common code to handle forms and such a new template file that both layouts can use. I also need the request in template.MustRender to check which layout i should use. Closes #7.
2023-07-26 18:46:09 +00:00
case http.MethodPut:
Use HTTP Host to establish the request’s company We made the decision that this application will also serve the public pages to guests and customers, to avoid the overhead of having to synchronize all data between this application and a bespoke WordPress plugin. That means that i no longer can have a /company/slug in the URL to know which company the request is for, not only because it looks ugly but because guest users do not have a “main company”—or any company whatsoever. Since the public-facing web is going to be served through a valid DNS domain, and all companies are going to have a different domain, i realized this is enough: i only had to add a relation of company and their hosts. The same company can have many hosts for staging servers or to separate the administration and public parts, for instance. With change, the company is already known from the first handler, and can pass it down to all the others, not only the handlers under /company/slug/whatever. And i no longer need the companyURL function, as there is no more explicit company in the URL. Even though template technically does not need the template, as it only contains the ID —the rest of the data is in a relation inaccessible to guests for now—, but i left the parameter just in case later on i need the decimal digits or currency symbol for whatever reason.
2023-08-03 18:21:21 +00:00
h.updateProfile(w, r, user, company, conn)
Add profile form, inside a user menu This is the first form that uses HTMx, and can not return a 400 error code because otherwise HTMx does not render the content. Since now there are pages that do not render the whole html, with header and body, i need a different layout for these, and moved the common code to handle forms and such a new template file that both layouts can use. I also need the request in template.MustRender to check which layout i should use. Closes #7.
2023-07-26 18:46:09 +00:00
default:
Add the company’s slug in the URL before company-dependent handlers I really doubt that they are going to use more than a single company, but the application is based on Numerus, that **does** have multiple company, and followed the same architecture and philosophy: use the URL to choose the company to manage, even if the user has a single company. The reason i use the slug instead of the ID is because i do not want to make the ID public in case the application is really used by employees of many unrelated companies: they need not need to guess how many companies there are based on the ID. I validate this slug to be a valid UUID instead of relaying on the query’s empty result because casting a string with a malformed value to UUID results in an error other than data not found. Not with that select, but it would fail with a function parameter, and i want to add that UUID check to all functions that do use slugs. I based uuid.Valid function on Parse() from Google’s uuid package[0] instead of using regular expression, as it was my first idea, because that function is an order of magnitude faster in benchmarks: goos: linux goarch: amd64 pkg: dev.tandem.ws/tandem/numerus/pkg cpu: Intel(R) Core(TM) i5-6200U CPU @ 2.30GHz BenchmarkValidUuid-4 36946050 29.37 ns/op BenchmarkValidUuid_Re-4 3633169 306.70 ns/op The regular expression used for the benchmark was: var re = regexp.MustCompile("^[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-4[a-fA-F0-9]{3}-[8|9|aA|bB][a-fA-F0-9]{3}-[a-fA-F0-9]{12}$") And the input parameter for both functions was the following valid UUID, because most of the time the passed UUID will be valid: "f47ac10b-58cc-0372-8567-0e02b2c3d479" I did not use the uuid package as is, even though it is in Debian’s repository, because i only need to check whether the value is valid, not convert it to a byte array. As far as i know, that package can not do that. Adding the Company struct into auth was not my intention, as it makes little sense name-wise, but i need to have the Company when rendering templates and the company package has templates to render, thus using the company package for the Company struct would create a dependency loop between template and company. I’ve chosen the auth package only because User is also there; User and Company are very much related in this application, but not enough to include the company inside the user, or vice versa, as the User comes from the cookie while the company from the URL. Finally, had to move methodNotAllowed to the http package, as an exported function, because it is used now from other packages, namely campsite. [0]: https://github.com/google/uuid
2023-07-31 16:51:50 +00:00
httplib.MethodNotAllowed(w, r, http.MethodGet, http.MethodPut)
Add profile form, inside a user menu This is the first form that uses HTMx, and can not return a 400 error code because otherwise HTMx does not render the content. Since now there are pages that do not render the whole html, with header and body, i need a different layout for these, and moved the common code to handle forms and such a new template file that both layouts can use. I also need the request in template.MustRender to check which layout i should use. Closes #7.
2023-07-26 18:46:09 +00:00
}
Add the logout button Conceptually, to logout we have to “delete the session”, thus the best HTTP verb would be `DELETE`. However, there is no way to send a `DELETE` request with a regular HTML form, and it seems that never will be[0]. I could use a POST, optionally with a “method override” technique, but i was planing to use HTMx anyway, so this was as good an opportunity to include it as any. In this application i am not concerned with people not having JavaScript enabled, because it is for a customer that has a known environment, and we do not have much time anyway. Therefore, i opted to forgo progressive enhancement in cases like this: if `DELETE` is needed, use `hx-delete`. Unfortunately, i can not use a <form> with a hidden <input> for the CSRF token, because `DELETE` requests do not have body and the value should be added as query parameters, like a form with GET method, but HTMx does the incorrect thing here: sends the values in the request’s body. That’s why i have to use a custom header and the `hx-header` directive to include the CSRF token. Then, by default HTMx targets the triggered element for swap with the response from the server, but after a logout i want to redirect the user to the login form again. I could set the hx-target to button to replace the whole body, or tell the client to redirect to the new location. I actually do not know which one is “better”. Maybe the hx-target is best because then everything is handled by the client, but in the case of logout, since it is possible that i might want to load scripts only for logged-in users in the future, i opted for the full page reload. However, HTMx does not want to reload a page that return HTTP 401, hence i had to include the GET method to /login in order to return the login form with a response of HTTP 200, which also helps when reloading in the browser after a failed login attempt. I am not worried with the HTTP 401 when attempting to load a page as guest, because this request most probably comes from the browser, not HTMx, and it will show the login form as intended—even though it is not compliant, since it does not return the WWW-Authenticate header, but this is the best i can do given that no cookie-based authentication method has been accepted[1]. [0]: https://www.w3.org/Bugs/Public/show_bug.cgi?id=10671#c16 [1]: https://datatracker.ietf.org/doc/id/draft-broyer-http-cookie-auth-00.html
2023-07-26 11:49:47 +00:00
default:
http.NotFound(w, r)
}
}
}
Add profile form, inside a user menu This is the first form that uses HTMx, and can not return a 400 error code because otherwise HTMx does not render the content. Since now there are pages that do not render the whole html, with header and body, i need a different layout for these, and moved the common code to handle forms and such a new template file that both layouts can use. I also need the request in template.MustRender to check which layout i should use. Closes #7.
2023-07-26 18:46:09 +00:00
Allow users to update their profile images I do not see the profile image as an “integral part” of the user (i.e., no need for constraints), hence i do not want to store it in the database, as would do for the identification image during check-in. By default, i store the avatars in /var/lib/camper/avatars, but it is a variable to allow packagers change this value using the linker. This is also served as a test bed for uploading files to the server, that now has a better interface and uses less resources that what i did to Numerus. Now the profile handler needs to keep a variable to know the path to the avatars’ directory, thus i had to change it to a struct nested in app, much like the fileHandler does. It still has to return the HandlerFunc, however, as this function needs to close over the user and connection variables. Part of #7.
2023-07-28 18:15:09 +00:00
func (h *profileHandler) serveAvatar(w http.ResponseWriter, r *http.Request, user *auth.User) {
avatarPath := h.avatarPath(user)
if _, err := os.Stat(avatarPath); err == nil {
r.URL.Path = path.Base(avatarPath)
h.avatarHandle.ServeHTTP(w, r)
} else {
r.URL.Path = "default_avatar.svg"
h.fileHandle.ServeHTTP(w, r)
}
}
func (h *profileHandler) avatarPath(user *auth.User) string {
return filepath.Join(h.avatarsDir, strconv.Itoa(user.ID))
}
Use HTTP Host to establish the request’s company We made the decision that this application will also serve the public pages to guests and customers, to avoid the overhead of having to synchronize all data between this application and a bespoke WordPress plugin. That means that i no longer can have a /company/slug in the URL to know which company the request is for, not only because it looks ugly but because guest users do not have a “main company”—or any company whatsoever. Since the public-facing web is going to be served through a valid DNS domain, and all companies are going to have a different domain, i realized this is enough: i only had to add a relation of company and their hosts. The same company can have many hosts for staging servers or to separate the administration and public parts, for instance. With change, the company is already known from the first handler, and can pass it down to all the others, not only the handlers under /company/slug/whatever. And i no longer need the companyURL function, as there is no more explicit company in the URL. Even though template technically does not need the template, as it only contains the ID —the rest of the data is in a relation inaccessible to guests for now—, but i left the parameter just in case later on i need the decimal digits or currency symbol for whatever reason.
2023-08-03 18:21:21 +00:00
func serveProfileForm(w http.ResponseWriter, r *http.Request, user *auth.User, company *auth.Company, conn *database.Conn) {
Add profile form, inside a user menu This is the first form that uses HTMx, and can not return a 400 error code because otherwise HTMx does not render the content. Since now there are pages that do not render the whole html, with header and body, i need a different layout for these, and moved the common code to handle forms and such a new template file that both layouts can use. I also need the request in template.MustRender to check which layout i should use. Closes #7.
2023-07-26 18:46:09 +00:00
profile := newProfileForm(r.Context(), user.Locale, conn)
profile.Name.Val = conn.MustGetText(r.Context(), "select name from user_profile")
profile.Email.Val = user.Email
profile.Language.Selected = []string{user.Language.String()}
Use HTTP Host to establish the request’s company We made the decision that this application will also serve the public pages to guests and customers, to avoid the overhead of having to synchronize all data between this application and a bespoke WordPress plugin. That means that i no longer can have a /company/slug in the URL to know which company the request is for, not only because it looks ugly but because guest users do not have a “main company”—or any company whatsoever. Since the public-facing web is going to be served through a valid DNS domain, and all companies are going to have a different domain, i realized this is enough: i only had to add a relation of company and their hosts. The same company can have many hosts for staging servers or to separate the administration and public parts, for instance. With change, the company is already known from the first handler, and can pass it down to all the others, not only the handlers under /company/slug/whatever. And i no longer need the companyURL function, as there is no more explicit company in the URL. Even though template technically does not need the template, as it only contains the ID —the rest of the data is in a relation inaccessible to guests for now—, but i left the parameter just in case later on i need the decimal digits or currency symbol for whatever reason.
2023-08-03 18:21:21 +00:00
profile.MustRender(w, r, user, company)
Add profile form, inside a user menu This is the first form that uses HTMx, and can not return a 400 error code because otherwise HTMx does not render the content. Since now there are pages that do not render the whole html, with header and body, i need a different layout for these, and moved the common code to handle forms and such a new template file that both layouts can use. I also need the request in template.MustRender to check which layout i should use. Closes #7.
2023-07-26 18:46:09 +00:00
}
Use HTTP Host to establish the request’s company We made the decision that this application will also serve the public pages to guests and customers, to avoid the overhead of having to synchronize all data between this application and a bespoke WordPress plugin. That means that i no longer can have a /company/slug in the URL to know which company the request is for, not only because it looks ugly but because guest users do not have a “main company”—or any company whatsoever. Since the public-facing web is going to be served through a valid DNS domain, and all companies are going to have a different domain, i realized this is enough: i only had to add a relation of company and their hosts. The same company can have many hosts for staging servers or to separate the administration and public parts, for instance. With change, the company is already known from the first handler, and can pass it down to all the others, not only the handlers under /company/slug/whatever. And i no longer need the companyURL function, as there is no more explicit company in the URL. Even though template technically does not need the template, as it only contains the ID —the rest of the data is in a relation inaccessible to guests for now—, but i left the parameter just in case later on i need the decimal digits or currency symbol for whatever reason.
2023-08-03 18:21:21 +00:00
func (h *profileHandler) updateProfile(w http.ResponseWriter, r *http.Request, user *auth.User, company *auth.Company, conn *database.Conn) {
Add profile form, inside a user menu This is the first form that uses HTMx, and can not return a 400 error code because otherwise HTMx does not render the content. Since now there are pages that do not render the whole html, with header and body, i need a different layout for these, and moved the common code to handle forms and such a new template file that both layouts can use. I also need the request in template.MustRender to check which layout i should use. Closes #7.
2023-07-26 18:46:09 +00:00
profile := newProfileForm(r.Context(), user.Locale, conn)
Allow users to update their profile images I do not see the profile image as an “integral part” of the user (i.e., no need for constraints), hence i do not want to store it in the database, as would do for the identification image during check-in. By default, i store the avatars in /var/lib/camper/avatars, but it is a variable to allow packagers change this value using the linker. This is also served as a test bed for uploading files to the server, that now has a better interface and uses less resources that what i did to Numerus. Now the profile handler needs to keep a variable to know the path to the avatars’ directory, thus i had to change it to a struct nested in app, much like the fileHandler does. It still has to return the HandlerFunc, however, as this function needs to close over the user and connection variables. Part of #7.
2023-07-28 18:15:09 +00:00
if err := profile.Parse(w, r); err != nil {
Add profile form, inside a user menu This is the first form that uses HTMx, and can not return a 400 error code because otherwise HTMx does not render the content. Since now there are pages that do not render the whole html, with header and body, i need a different layout for these, and moved the common code to handle forms and such a new template file that both layouts can use. I also need the request in template.MustRender to check which layout i should use. Closes #7.
2023-07-26 18:46:09 +00:00
http.Error(w, err.Error(), http.StatusBadRequest)
return
}
Allow users to update their profile images I do not see the profile image as an “integral part” of the user (i.e., no need for constraints), hence i do not want to store it in the database, as would do for the identification image during check-in. By default, i store the avatars in /var/lib/camper/avatars, but it is a variable to allow packagers change this value using the linker. This is also served as a test bed for uploading files to the server, that now has a better interface and uses less resources that what i did to Numerus. Now the profile handler needs to keep a variable to know the path to the avatars’ directory, thus i had to change it to a struct nested in app, much like the fileHandler does. It still has to return the HandlerFunc, however, as this function needs to close over the user and connection variables. Part of #7.
2023-07-28 18:15:09 +00:00
defer profile.Close()
Add profile form, inside a user menu This is the first form that uses HTMx, and can not return a 400 error code because otherwise HTMx does not render the content. Since now there are pages that do not render the whole html, with header and body, i need a different layout for these, and moved the common code to handle forms and such a new template file that both layouts can use. I also need the request in template.MustRender to check which layout i should use. Closes #7.
2023-07-26 18:46:09 +00:00
if err := user.VerifyCSRFToken(r); err != nil {
http.Error(w, err.Error(), http.StatusForbidden)
return
}
if !profile.Valid(user.Locale) {
if !httplib.IsHTMxRequest(r) {
w.WriteHeader(http.StatusUnprocessableEntity)
}
Use HTTP Host to establish the request’s company We made the decision that this application will also serve the public pages to guests and customers, to avoid the overhead of having to synchronize all data between this application and a bespoke WordPress plugin. That means that i no longer can have a /company/slug in the URL to know which company the request is for, not only because it looks ugly but because guest users do not have a “main company”—or any company whatsoever. Since the public-facing web is going to be served through a valid DNS domain, and all companies are going to have a different domain, i realized this is enough: i only had to add a relation of company and their hosts. The same company can have many hosts for staging servers or to separate the administration and public parts, for instance. With change, the company is already known from the first handler, and can pass it down to all the others, not only the handlers under /company/slug/whatever. And i no longer need the companyURL function, as there is no more explicit company in the URL. Even though template technically does not need the template, as it only contains the ID —the rest of the data is in a relation inaccessible to guests for now—, but i left the parameter just in case later on i need the decimal digits or currency symbol for whatever reason.
2023-08-03 18:21:21 +00:00
profile.MustRender(w, r, user, company)
Add profile form, inside a user menu This is the first form that uses HTMx, and can not return a 400 error code because otherwise HTMx does not render the content. Since now there are pages that do not render the whole html, with header and body, i need a different layout for these, and moved the common code to handle forms and such a new template file that both layouts can use. I also need the request in template.MustRender to check which layout i should use. Closes #7.
2023-07-26 18:46:09 +00:00
return
}
//goland:noinspection SqlWithoutWhere
cookie := conn.MustGetText(r.Context(), "update user_profile set name = $1, email = $2, lang_tag = $3 returning build_cookie()", profile.Name, profile.Email, profile.Language)
auth.SetSessionCookie(w, cookie)
if profile.Password.Val != "" {
conn.MustExec(r.Context(), "select change_password($1)", profile.Password)
}
Allow users to update their profile images I do not see the profile image as an “integral part” of the user (i.e., no need for constraints), hence i do not want to store it in the database, as would do for the identification image during check-in. By default, i store the avatars in /var/lib/camper/avatars, but it is a variable to allow packagers change this value using the linker. This is also served as a test bed for uploading files to the server, that now has a better interface and uses less resources that what i did to Numerus. Now the profile handler needs to keep a variable to know the path to the avatars’ directory, thus i had to change it to a struct nested in app, much like the fileHandler does. It still has to return the HandlerFunc, however, as this function needs to close over the user and connection variables. Part of #7.
2023-07-28 18:15:09 +00:00
redirect := user.Language.String() != profile.Language.String()
if profile.HasAvatarFile() {
redirect = true
if err := profile.SaveAvatarTo(h.avatarPath(user)); err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
}
if redirect {
Add profile form, inside a user menu This is the first form that uses HTMx, and can not return a 400 error code because otherwise HTMx does not render the content. Since now there are pages that do not render the whole html, with header and body, i need a different layout for these, and moved the common code to handle forms and such a new template file that both layouts can use. I also need the request in template.MustRender to check which layout i should use. Closes #7.
2023-07-26 18:46:09 +00:00
httplib.Redirect(w, r, "/me", http.StatusSeeOther)
Allow users to update their profile images I do not see the profile image as an “integral part” of the user (i.e., no need for constraints), hence i do not want to store it in the database, as would do for the identification image during check-in. By default, i store the avatars in /var/lib/camper/avatars, but it is a variable to allow packagers change this value using the linker. This is also served as a test bed for uploading files to the server, that now has a better interface and uses less resources that what i did to Numerus. Now the profile handler needs to keep a variable to know the path to the avatars’ directory, thus i had to change it to a struct nested in app, much like the fileHandler does. It still has to return the HandlerFunc, however, as this function needs to close over the user and connection variables. Part of #7.
2023-07-28 18:15:09 +00:00
} else {
httplib.Relocate(w, r, "/me", http.StatusSeeOther)
Add profile form, inside a user menu This is the first form that uses HTMx, and can not return a 400 error code because otherwise HTMx does not render the content. Since now there are pages that do not render the whole html, with header and body, i need a different layout for these, and moved the common code to handle forms and such a new template file that both layouts can use. I also need the request in template.MustRender to check which layout i should use. Closes #7.
2023-07-26 18:46:09 +00:00
}
}
type profileForm struct {
Name *form.Input
Email *form.Input
Password *form.Input
PasswordConfirm *form.Input
Language *form.Select
Allow users to update their profile images I do not see the profile image as an “integral part” of the user (i.e., no need for constraints), hence i do not want to store it in the database, as would do for the identification image during check-in. By default, i store the avatars in /var/lib/camper/avatars, but it is a variable to allow packagers change this value using the linker. This is also served as a test bed for uploading files to the server, that now has a better interface and uses less resources that what i did to Numerus. Now the profile handler needs to keep a variable to know the path to the avatars’ directory, thus i had to change it to a struct nested in app, much like the fileHandler does. It still has to return the HandlerFunc, however, as this function needs to close over the user and connection variables. Part of #7.
2023-07-28 18:15:09 +00:00
Avatar *form.File
Add profile form, inside a user menu This is the first form that uses HTMx, and can not return a 400 error code because otherwise HTMx does not render the content. Since now there are pages that do not render the whole html, with header and body, i need a different layout for these, and moved the common code to handle forms and such a new template file that both layouts can use. I also need the request in template.MustRender to check which layout i should use. Closes #7.
2023-07-26 18:46:09 +00:00
}
func newProfileForm(ctx context.Context, l *locale.Locale, conn *database.Conn) *profileForm {
automaticOption := l.Pgettext("Automatic", "language option")
languages := form.MustGetOptions(ctx, conn, "select 'und', $1 union all select lang_tag, endonym from language where selectable", automaticOption)
return &profileForm{
Name: &form.Input{
Name: "name",
},
Email: &form.Input{
Name: "email",
},
Password: &form.Input{
Name: "password",
},
PasswordConfirm: &form.Input{
Name: "password_confirm",
},
Language: &form.Select{
Name: "language",
Options: languages,
},
Allow users to update their profile images I do not see the profile image as an “integral part” of the user (i.e., no need for constraints), hence i do not want to store it in the database, as would do for the identification image during check-in. By default, i store the avatars in /var/lib/camper/avatars, but it is a variable to allow packagers change this value using the linker. This is also served as a test bed for uploading files to the server, that now has a better interface and uses less resources that what i did to Numerus. Now the profile handler needs to keep a variable to know the path to the avatars’ directory, thus i had to change it to a struct nested in app, much like the fileHandler does. It still has to return the HandlerFunc, however, as this function needs to close over the user and connection variables. Part of #7.
2023-07-28 18:15:09 +00:00
Avatar: &form.File{
Name: "avatar",
MaxSize: 1 << 20,
},
Add profile form, inside a user menu This is the first form that uses HTMx, and can not return a 400 error code because otherwise HTMx does not render the content. Since now there are pages that do not render the whole html, with header and body, i need a different layout for these, and moved the common code to handle forms and such a new template file that both layouts can use. I also need the request in template.MustRender to check which layout i should use. Closes #7.
2023-07-26 18:46:09 +00:00
}
}
Allow users to update their profile images I do not see the profile image as an “integral part” of the user (i.e., no need for constraints), hence i do not want to store it in the database, as would do for the identification image during check-in. By default, i store the avatars in /var/lib/camper/avatars, but it is a variable to allow packagers change this value using the linker. This is also served as a test bed for uploading files to the server, that now has a better interface and uses less resources that what i did to Numerus. Now the profile handler needs to keep a variable to know the path to the avatars’ directory, thus i had to change it to a struct nested in app, much like the fileHandler does. It still has to return the HandlerFunc, however, as this function needs to close over the user and connection variables. Part of #7.
2023-07-28 18:15:09 +00:00
func (f *profileForm) Parse(w http.ResponseWriter, r *http.Request) error {
maxSize := f.Avatar.MaxSize + 1024
r.Body = http.MaxBytesReader(w, r.Body, maxSize)
if err := r.ParseMultipartForm(maxSize); err != nil {
Add profile form, inside a user menu This is the first form that uses HTMx, and can not return a 400 error code because otherwise HTMx does not render the content. Since now there are pages that do not render the whole html, with header and body, i need a different layout for these, and moved the common code to handle forms and such a new template file that both layouts can use. I also need the request in template.MustRender to check which layout i should use. Closes #7.
2023-07-26 18:46:09 +00:00
return err
}
f.Email.FillValue(r)
f.Name.FillValue(r)
f.Password.FillValue(r)
f.PasswordConfirm.FillValue(r)
f.Language.FillValue(r)
Allow users to update their profile images I do not see the profile image as an “integral part” of the user (i.e., no need for constraints), hence i do not want to store it in the database, as would do for the identification image during check-in. By default, i store the avatars in /var/lib/camper/avatars, but it is a variable to allow packagers change this value using the linker. This is also served as a test bed for uploading files to the server, that now has a better interface and uses less resources that what i did to Numerus. Now the profile handler needs to keep a variable to know the path to the avatars’ directory, thus i had to change it to a struct nested in app, much like the fileHandler does. It still has to return the HandlerFunc, however, as this function needs to close over the user and connection variables. Part of #7.
2023-07-28 18:15:09 +00:00
if err := f.Avatar.FillValue(r); err != nil {
return err
}
Add profile form, inside a user menu This is the first form that uses HTMx, and can not return a 400 error code because otherwise HTMx does not render the content. Since now there are pages that do not render the whole html, with header and body, i need a different layout for these, and moved the common code to handle forms and such a new template file that both layouts can use. I also need the request in template.MustRender to check which layout i should use. Closes #7.
2023-07-26 18:46:09 +00:00
return nil
}
Allow users to update their profile images I do not see the profile image as an “integral part” of the user (i.e., no need for constraints), hence i do not want to store it in the database, as would do for the identification image during check-in. By default, i store the avatars in /var/lib/camper/avatars, but it is a variable to allow packagers change this value using the linker. This is also served as a test bed for uploading files to the server, that now has a better interface and uses less resources that what i did to Numerus. Now the profile handler needs to keep a variable to know the path to the avatars’ directory, thus i had to change it to a struct nested in app, much like the fileHandler does. It still has to return the HandlerFunc, however, as this function needs to close over the user and connection variables. Part of #7.
2023-07-28 18:15:09 +00:00
func (f *profileForm) Close() error {
return f.Avatar.Close()
}
Add profile form, inside a user menu This is the first form that uses HTMx, and can not return a 400 error code because otherwise HTMx does not render the content. Since now there are pages that do not render the whole html, with header and body, i need a different layout for these, and moved the common code to handle forms and such a new template file that both layouts can use. I also need the request in template.MustRender to check which layout i should use. Closes #7.
2023-07-26 18:46:09 +00:00
func (f *profileForm) Valid(l *locale.Locale) bool {
v := form.NewValidator(l)
if v.CheckRequired(f.Email, l.GettextNoop("Email can not be empty.")) {
v.CheckValidEmail(f.Email, l.GettextNoop("This email is not valid. It should be like name@domain.com."))
}
v.CheckRequired(f.Name, l.GettextNoop("Name can not be empty."))
v.CheckPasswordConfirmation(f.Password, f.PasswordConfirm, l.GettextNoop("Confirmation does not match password."))
v.CheckSelectedOptions(f.Language, l.GettextNoop("Selected language is not valid."))
Allow users to update their profile images I do not see the profile image as an “integral part” of the user (i.e., no need for constraints), hence i do not want to store it in the database, as would do for the identification image during check-in. By default, i store the avatars in /var/lib/camper/avatars, but it is a variable to allow packagers change this value using the linker. This is also served as a test bed for uploading files to the server, that now has a better interface and uses less resources that what i did to Numerus. Now the profile handler needs to keep a variable to know the path to the avatars’ directory, thus i had to change it to a struct nested in app, much like the fileHandler does. It still has to return the HandlerFunc, however, as this function needs to close over the user and connection variables. Part of #7.
2023-07-28 18:15:09 +00:00
if f.HasAvatarFile() {
v.CheckImageFile(f.Avatar, l.GettextNoop("File must be a valid PNG or JPEG image."))
}
Add profile form, inside a user menu This is the first form that uses HTMx, and can not return a 400 error code because otherwise HTMx does not render the content. Since now there are pages that do not render the whole html, with header and body, i need a different layout for these, and moved the common code to handle forms and such a new template file that both layouts can use. I also need the request in template.MustRender to check which layout i should use. Closes #7.
2023-07-26 18:46:09 +00:00
return v.AllOK
}
Use HTTP Host to establish the request’s company We made the decision that this application will also serve the public pages to guests and customers, to avoid the overhead of having to synchronize all data between this application and a bespoke WordPress plugin. That means that i no longer can have a /company/slug in the URL to know which company the request is for, not only because it looks ugly but because guest users do not have a “main company”—or any company whatsoever. Since the public-facing web is going to be served through a valid DNS domain, and all companies are going to have a different domain, i realized this is enough: i only had to add a relation of company and their hosts. The same company can have many hosts for staging servers or to separate the administration and public parts, for instance. With change, the company is already known from the first handler, and can pass it down to all the others, not only the handlers under /company/slug/whatever. And i no longer need the companyURL function, as there is no more explicit company in the URL. Even though template technically does not need the template, as it only contains the ID —the rest of the data is in a relation inaccessible to guests for now—, but i left the parameter just in case later on i need the decimal digits or currency symbol for whatever reason.
2023-08-03 18:21:21 +00:00
func (f *profileForm) MustRender(w http.ResponseWriter, r *http.Request, user *auth.User, company *auth.Company) {
Split templates and handlers into admin and public I need to check that the user is an employee (or admin) in administration handlers, but i do not want to do it for each handler, because i am bound to forget it. Thus, i added the /admin sub-path for these resources. The public-facing web is the rest of the resources outside /admin, but for now there is only home, to test whether it works as expected or not. The public-facing web can not relay on the user’s language settings, as the guest user has no way to set that. I would be happy to just use the Accept-Language header for that, but apparently Google does not use that header[0], and they give four alternatives: a country-specific domain, a subdomain with a generic top-level domain (gTLD), subdirectories with a gTLD, or URL parameters (e.g., site.com?loc=de). Of the four, Google does not recommend URL parameters, and the customer is already using subdirectories with the current site, therefor that’s what i have chosen. Google also tells me that it is a very good idea to have links between localized version of the same resources, either with <link> elements, Link HTTP response headers, or a sitemap file[1]; they are all equivalent in the eyes of Google. I have choosen the Link response headers way, because for that i can simply “augment” ResponseHeader to automatically add these headers when the response status is 2xx, otherwise i would need to pass down the original URL path until it reaches the template. Even though Camper is supposed to be a “generic”, multi-company application, i think i will stick to the easiest route and write the templates for just the “first” customer. [0]: https://developers.google.com/search/docs/specialty/international/managing-multi-regional-sites [1]: https://developers.google.com/search/docs/specialty/international/localized-versions
2023-08-05 01:42:37 +00:00
template.MustRenderAdmin(w, r, user, company, "profile.gohtml", f)
Add profile form, inside a user menu This is the first form that uses HTMx, and can not return a 400 error code because otherwise HTMx does not render the content. Since now there are pages that do not render the whole html, with header and body, i need a different layout for these, and moved the common code to handle forms and such a new template file that both layouts can use. I also need the request in template.MustRender to check which layout i should use. Closes #7.
2023-07-26 18:46:09 +00:00
}
Allow users to update their profile images I do not see the profile image as an “integral part” of the user (i.e., no need for constraints), hence i do not want to store it in the database, as would do for the identification image during check-in. By default, i store the avatars in /var/lib/camper/avatars, but it is a variable to allow packagers change this value using the linker. This is also served as a test bed for uploading files to the server, that now has a better interface and uses less resources that what i did to Numerus. Now the profile handler needs to keep a variable to know the path to the avatars’ directory, thus i had to change it to a struct nested in app, much like the fileHandler does. It still has to return the HandlerFunc, however, as this function needs to close over the user and connection variables. Part of #7.
2023-07-28 18:15:09 +00:00
func (f *profileForm) HasAvatarFile() bool {
return f.Avatar.HasData()
}
func (f *profileForm) SaveAvatarTo(avatarPath string) error {
if !f.HasAvatarFile() {
return nil
}
avatar, err := os.OpenFile(avatarPath, os.O_WRONLY|os.O_CREATE, 0644)
if err != nil {
return err
}
defer avatar.Close()
_, err = io.Copy(avatar, f.Avatar)
return err
}