tooltips + verwaltung finish

dbmodels/template_functions.go

@@ -0,0 +1 @@
+package dbmodels

helpers/security/nonce_cache.go

@@ -139,6 +139,27 @@ func NewCSRFProtector(nonceExpiration, nonceCleanupInterval time.Duration) (*CSR
 	}, nil
 }
 
+func (p *CSRFProtector) GenerateTokenBundleWithExpiration(nonceExpiration time.Duration) (nonceB64 string, validationTokenB64 string, err error) {
+	if nonceExpiration <= 0 {
+		return "", "", errors.New("invalid nonce expiration duration")
+	}
+
+	nonceBytes := make([]byte, defaultNonceSize)
+	if _, errRand := rand.Read(nonceBytes); errRand != nil {
+		return "", "", fmt.Errorf("failed to generate nonce bytes: %w", errRand)
+	}
+	nonceB64 = base64.URLEncoding.EncodeToString(nonceBytes)
+
+	p.nonceCache.addWithExpiration(nonceB64, nonceExpiration)
+
+	mac := hmac.New(sha256.New, p.serverSecret)
+	mac.Write([]byte(nonceB64)) // Sign the base64 encoded nonce string
+	validationTokenBytes := mac.Sum(nil)
+	validationTokenB64 = base64.URLEncoding.EncodeToString(validationTokenBytes)
+
+	return nonceB64, validationTokenB64, nil
+}
+
 func (p *CSRFProtector) GenerateTokenBundle() (nonceB64 string, validationTokenB64 string, err error) {
 	nonceBytes := make([]byte, defaultNonceSize)
 	if _, errRand := rand.Read(nonceBytes); errRand != nil {
@@ -158,7 +179,7 @@ func (p *CSRFProtector) GenerateTokenBundle() (nonceB64 string, validationTokenB
 
 func (p *CSRFProtector) ValidateTokenBundle(nonceSubmittedB64 string, validationTokenSubmittedB64 string) (bool, error) {
 	if nonceSubmittedB64 == "" || validationTokenSubmittedB64 == "" {
-		return false, errors.New("submitted nonce or validation token is empty")
+		return false, errors.New("Leeres CSRF-Token oder Nonce übermittelt.")
 	}
 
 	mac := hmac.New(sha256.New, p.serverSecret)
@@ -167,15 +188,15 @@ func (p *CSRFProtector) ValidateTokenBundle(nonceSubmittedB64 string, validation
 
 	validationTokenSubmittedBytes, err := base64.URLEncoding.DecodeString(validationTokenSubmittedB64)
 	if err != nil {
-		return false, fmt.Errorf("failed to decode submitted validation token: %w", err)
+		return false, errors.New("HMAC-Dekodierung des CSRF-Tokens fehlgeschlagen,")
 	}
 
 	if !hmac.Equal(validationTokenSubmittedBytes, expectedMACTokenBytes) {
-		return false, errors.New("validation token (HMAC) mismatch")
+		return false, errors.New("CSRF-Token ungültig, HMAC-Überprüfung fehlgeschlagen")
 	}
 
 	if !p.nonceCache.Use(nonceSubmittedB64) {
-		return false, errors.New("nonce not found in cache, expired, or already used")
+		return false, errors.New("CSRF-Token ungültig, Nonce abgelaufen oder bereits verwendet.")
 	}
 
 	return true, nil

middleware/admin_or_editor.go

@@ -0,0 +1,23 @@
+package middleware
+
+import (
+	"github.com/Theodor-Springmann-Stiftung/musenalm/templating"
+	"github.com/pocketbase/pocketbase/core"
+)
+
+// INFO: Here the URL must have a path value "uid" which is the user ID of the affected user.
+func IsAdminOrEditor() func(*core.RequestEvent) error {
+	return func(e *core.RequestEvent) error {
+		req := templating.NewRequest(e)
+		user := req.User()
+		if user == nil {
+			return e.Error(401, "Unauthorized", nil)
+		}
+
+		if user.Role != "Editor" && user.Role != "Admin" {
+			return e.Error(403, "Forbidden", nil)
+		}
+
+		return e.Next()
+	}
+}

pagemodels/pagedata.go

@@ -1,6 +1,7 @@
 package pagemodels
 
 const (
+	LAYOUT_LOGIN_PAGES = "blankfooter"
 	P_KABINETT_NAME    = "lesekabinett"
 	P_BEITRAG_NAME     = "beitrag"
 	P_DATENSCHUTZ_NAME = "datenschutz"
@@ -43,4 +44,6 @@ const (
 	P_USER_EDIT_NAME = "user_edit"
 
 	P_USER_MGMT_NAME = "user_management"
+
+	P_ALMANACH_EDIT_NAME = "almanach_edit"
 )

pages/almanach_edit.go

@@ -0,0 +1,46 @@
+package pages
+
+import (
+	"github.com/Theodor-Springmann-Stiftung/musenalm/app"
+	"github.com/Theodor-Springmann-Stiftung/musenalm/middleware"
+	"github.com/Theodor-Springmann-Stiftung/musenalm/pagemodels"
+	"github.com/Theodor-Springmann-Stiftung/musenalm/templating"
+	"github.com/pocketbase/pocketbase/core"
+	"github.com/pocketbase/pocketbase/tools/router"
+)
+
+const (
+	URL_ALMANACH_EDIT      = "edit/"
+	TEMPLATE_ALMANACH_EDIT = "/almanach/edit/"
+)
+
+func init() {
+	ep := &AlmanachEditPage{
+		StaticPage: pagemodels.StaticPage{
+			Name:     pagemodels.P_ALMANACH_EDIT_NAME,
+			URL:      URL_ALMANACH_EDIT,
+			Template: TEMPLATE_ALMANACH_EDIT,
+			Layout:   pagemodels.LAYOUT_LOGIN_PAGES,
+		},
+	}
+	app.Register(ep)
+}
+
+type AlmanachEditPage struct {
+	pagemodels.StaticPage
+}
+
+func (p *AlmanachEditPage) Setup(router *router.Router[*core.RequestEvent], app core.App, engine *templating.Engine) error {
+	rg := router.Group(URL_ALMANACH)
+	rg.BindFunc(middleware.IsAdminOrEditor())
+	rg.GET(URL_ALMANACH_EDIT, p.GET(engine, app))
+	return nil
+}
+
+func (p *AlmanachEditPage) GET(engine *templating.Engine, app core.App) HandleFunc {
+	return func(e *core.RequestEvent) error {
+		data := make(map[string]any)
+
+		return engine.Response200(e, p.Template, data)
+	}
+}

pages/user_edit.go

@@ -1,7 +1,9 @@
 package pages
 
 import (
+	"fmt"
 	"log/slog"
+	"time"
 
 	"github.com/Theodor-Springmann-Stiftung/musenalm/app"
 	"github.com/Theodor-Springmann-Stiftung/musenalm/dbmodels"
@@ -27,7 +29,7 @@ func init() {
 	ump := &UserEditPage{
 		StaticPage: pagemodels.StaticPage{
 			Name:     pagemodels.P_USER_EDIT_NAME,
-			Layout:   "blankfooter",
+			Layout:   pagemodels.LAYOUT_LOGIN_PAGES,
 			Template: TEMPLATE_USER_EDIT,
 			URL:      URL_USER_EDIT,
 		},
@@ -52,31 +54,40 @@ func (p *UserEditPage) Setup(router *router.Router[*core.RequestEvent], app core
 func (p *UserEditPage) GET(engine *templating.Engine, app core.App) HandleFunc {
 	return func(e *core.RequestEvent) error {
 		data := make(map[string]any)
-
-		uid := e.Request.PathValue(UID_PATH_VALUE)
-
-		u, err := app.FindRecordById(dbmodels.USERS_TABLE, uid)
+		err := p.getData(app, data, e)
 		if err != nil {
-			return engine.Response404(e, err, nil)
+			return engine.Response500(e, err, data)
 		}
 
-		fu := dbmodels.NewUser(u).Fixed()
-
-		data["user"] = &fu
-
-		nonce, token, err := CSRF_CACHE.GenerateTokenBundle()
-		if err != nil {
-			return engine.Response500(e, err, nil)
-		}
-		data["csrf_token"] = token
-		data["csrf_nonce"] = nonce
-
-		SetRedirect(data, e)
-
 		return engine.Response200(e, TEMPLATE_USER_EDIT, data, p.Layout)
 	}
 }
 
+func (p *UserEditPage) getData(app core.App, data map[string]any, e *core.RequestEvent) error {
+	uid := e.Request.PathValue(UID_PATH_VALUE)
+	u, err := app.FindRecordById(dbmodels.USERS_TABLE, uid)
+	if err != nil {
+		return fmt.Errorf("Konnte Nutzer nicht finden: %w", err)
+	}
+
+	user := dbmodels.NewUser(u)
+	fu := user.Fixed()
+
+	data["user"] = &fu
+	data["db_user"] = user
+
+	nonce, token, err := CSRF_CACHE.GenerateTokenBundleWithExpiration(2 * time.Hour)
+	if err != nil {
+		return fmt.Errorf("Konnte CSRF-Token nicht generieren: %w", err)
+	}
+	data["csrf_token"] = token
+	data["csrf_nonce"] = nonce
+
+	SetRedirect(data, e)
+
+	return nil
+}
+
 func DeleteSessionsForUser(app core.App, uid string) error {
 	defer middleware.SESSION_CACHE.DeleteSessionByUserID(uid)
 	records := []*core.Record{}
@@ -89,7 +100,9 @@ func DeleteSessionsForUser(app core.App, uid string) error {
 
 	err = app.RunInTransaction(func(tx core.App) error {
 		for _, r := range records {
-			if err := tx.Delete(r); err != nil {
+			session := dbmodels.NewSession(r)
+			session.SetStatus(dbmodels.TOKEN_STATUS_VALUES[3])
+			if err := tx.Save(r); err != nil {
 				return err
 			}
 		}
@@ -103,19 +116,13 @@ func DeleteSessionsForUser(app core.App, uid string) error {
 	return nil
 }
 
-func (p *UserEditPage) InvalidDataResponse(engine *templating.Engine, e *core.RequestEvent, error string, user *dbmodels.FixedUser) error {
+func (p *UserEditPage) InvalidDataResponse(engine *templating.Engine, e *core.RequestEvent, error string, user dbmodels.FixedUser) error {
 	data := make(map[string]any)
-	data["error"] = error
-	data["user"] = user
-
-	nonce, token, err := CSRF_CACHE.GenerateTokenBundle()
+	err := p.getData(e.App, data, e)
 	if err != nil {
 		return engine.Response500(e, err, data)
 	}
 
-	data["csrf_nonce"] = nonce
-	data["csrf_token"] = token
-
 	str, err := engine.RenderToString(e, data, p.Template, p.Layout)
 	if err != nil {
 		return engine.Response500(e, err, data)
@@ -126,93 +133,84 @@ func (p *UserEditPage) InvalidDataResponse(engine *templating.Engine, e *core.Re
 
 func (p *UserEditPage) POSTDeactivate(engine *templating.Engine, app core.App) HandleFunc {
 	return func(e *core.RequestEvent) error {
-		uid := e.Request.PathValue(UID_PATH_VALUE)
-		req := templating.NewRequest(e)
-		user := req.User()
-
-		if user == nil {
-			return engine.Response404(e, nil, nil)
-		}
-
-		if user.Id != uid && user.Role != "Admin" {
-			return engine.Response404(e, nil, nil)
-		}
-
-		u, err := app.FindRecordById(dbmodels.USERS_TABLE, uid)
-		if err != nil {
-			return engine.Response404(e, err, nil)
-		}
-
-		user_proxy := dbmodels.NewUser(u)
-		user_proxy.SetDeactivated(true)
-
-		if err := app.Save(user_proxy); err != nil {
-			return engine.Response500(e, err, nil)
-		}
-
-		go middleware.SESSION_CACHE.DeleteSessionByUserID(user_proxy.Id)
-
-		if user_proxy.Id == user.Id {
-			// INFO: user deactivated his own account, so we log him out
-			return e.Redirect(303, "/login/")
-		}
-
 		data := make(map[string]any)
-		uf := user_proxy.Fixed()
-		data["user"] = &uf
-		data["success"] = "Benutzer " + uf.Name + " deaktiviert."
-
-		nonce, token, err := CSRF_CACHE.GenerateTokenBundle()
+		err := p.getData(app, data, e)
 		if err != nil {
 			return engine.Response500(e, err, data)
 		}
 
-		data["csrf_token"] = token
-		data["csrf_nonce"] = nonce
+		formdata := struct {
+			CSRF  string `form:"csrf_token"`
+			Nonce string `form:"csrf_nonce"`
+		}{}
 
-		return engine.Response200(e, TEMPLATE_USER_EDIT, data, p.Layout)
+		user := data["db_user"].(*dbmodels.User)
+
+		if err := e.BindBody(&formdata); err != nil {
+			return p.InvalidDataResponse(engine, e, "Formulardaten ungültig.", user.Fixed())
+		}
+
+		if _, err := CSRF_CACHE.ValidateTokenBundle(formdata.Nonce, formdata.CSRF); err != nil {
+			return p.InvalidDataResponse(engine, e, err.Error(), user.Fixed())
+		}
+
+		user.SetDeactivated(true)
+
+		if err := app.Save(user); err != nil {
+			return p.InvalidDataResponse(engine, e, "Konnte Nutzer nicht deaktivieren: "+err.Error(), user.Fixed())
+		}
+
+		DeleteSessionsForUser(app, user.Id)
+
+		req := templating.NewRequest(e)
+		if req.User() != nil && req.User().Id == user.Id {
+			return e.Redirect(303, "/login/")
+		}
+
+		fu := user.Fixed()
+		data["user"] = &fu
+		data["success"] = "Nutzer " + fu.Name + "(" + fu.Email + ") wurde deaktiviert."
+
+		e.Response.Header().Add("HX-Push-Url", "false")
+		return engine.Response200(e, p.Template, data, p.Layout)
 	}
 }
 
 func (p *UserEditPage) POSTActivate(engine *templating.Engine, app core.App) HandleFunc {
 	return func(e *core.RequestEvent) error {
-		uid := e.Request.PathValue(UID_PATH_VALUE)
-		req := templating.NewRequest(e)
-		user := req.User()
-
-		u, err := app.FindRecordById(dbmodels.USERS_TABLE, uid)
-		if err != nil {
-			return engine.Response404(e, err, nil)
-		}
-
-		user_proxy := dbmodels.NewUser(u)
-		user_proxy.SetDeactivated(false)
-
-		if err := app.Save(user_proxy); err != nil {
-			return engine.Response500(e, err, nil)
-		}
-
-		go middleware.SESSION_CACHE.DeleteSessionByUserID(user_proxy.Id)
-
-		if user_proxy.Id == user.Id {
-			// INFO: user deactivated his own account, so we log him out
-			return e.Redirect(303, "/login/")
-		}
-
 		data := make(map[string]any)
-		uf := user_proxy.Fixed()
-		data["user"] = &uf
-		data["success"] = "Benutzer " + uf.Name + " aktiviert."
-
-		nonce, token, err := CSRF_CACHE.GenerateTokenBundle()
+		err := p.getData(app, data, e)
 		if err != nil {
 			return engine.Response500(e, err, data)
 		}
 
-		data["csrf_token"] = token
-		data["csrf_nonce"] = nonce
+		user := data["db_user"].(*dbmodels.User)
 
-		return engine.Response200(e, TEMPLATE_USER_EDIT, data, p.Layout)
+		formdata := struct {
+			CSRF  string `form:"csrf_token"`
+			Nonce string `form:"csrf_nonce"`
+		}{}
+
+		if err := e.BindBody(&formdata); err != nil {
+			return p.InvalidDataResponse(engine, e, "Formulardaten ungültig.", user.Fixed())
+		}
+
+		if _, err := CSRF_CACHE.ValidateTokenBundle(formdata.Nonce, formdata.CSRF); err != nil {
+			return p.InvalidDataResponse(engine, e, err.Error(), user.Fixed())
+		}
+
+		user.SetDeactivated(false)
+
+		if err := app.Save(user); err != nil {
+			return p.InvalidDataResponse(engine, e, "Konnte Nutzer nicht aktivieren: "+err.Error(), user.Fixed())
+		}
+
+		fu := user.Fixed()
+		data["user"] = &fu
+		data["success"] = "Nutzer " + fu.Name + "(" + fu.Email + ") wurde aktiviert."
+
+		e.Response.Header().Add("HX-Push-Url", "false")
+		return engine.Response200(e, p.Template, data, p.Layout)
 	}
 }
 
@@ -224,14 +222,6 @@ func (p *UserEditPage) POST(engine *templating.Engine, app core.App) HandleFunc
 		req := templating.NewRequest(e)
 		user := req.User()
 
-		if user == nil {
-			return engine.Response404(e, nil, nil)
-		}
-
-		if user.Id != uid && user.Role != "Admin" {
-			return engine.Response404(e, nil, nil)
-		}
-
 		u, err := app.FindRecordById(dbmodels.USERS_TABLE, uid)
 		if err != nil {
 			return engine.Response404(e, err, nil)
@@ -252,19 +242,19 @@ func (p *UserEditPage) POST(engine *templating.Engine, app core.App) HandleFunc
 		}{}
 
 		if err := e.BindBody(&formdata); err != nil {
-			return p.InvalidDataResponse(engine, e, err.Error(), &fu)
+			return p.InvalidDataResponse(engine, e, err.Error(), fu)
 		}
 
 		if formdata.CsrfNonce != "" && formdata.CsrfToken != "" {
 			if _, err := CSRF_CACHE.ValidateTokenBundle(formdata.CsrfNonce, formdata.CsrfToken); err != nil {
-				return p.InvalidDataResponse(engine, e, "CSRF ungültig oder abgelaufen", &fu)
+				return p.InvalidDataResponse(engine, e, "CSRF ungültig oder abgelaufen", fu)
 			}
 		} else {
-			return p.InvalidDataResponse(engine, e, "CSRF ungültig oder abgelaufen", &fu)
+			return p.InvalidDataResponse(engine, e, "CSRF ungültig oder abgelaufen", fu)
 		}
 
 		if formdata.Email == "" || formdata.Name == "" {
-			return p.InvalidDataResponse(engine, e, "Bitte alle Felder ausfüllen", &fu)
+			return p.InvalidDataResponse(engine, e, "Bitte alle Felder ausfüllen", fu)
 		}
 
 		// INFO: at this point email and name changes are allowed
@@ -278,20 +268,20 @@ func (p *UserEditPage) POST(engine *templating.Engine, app core.App) HandleFunc
 				user_proxy.SetRole(formdata.Role)
 				rolechanged = true
 			} else {
-				return p.InvalidDataResponse(engine, e, "Rolle nicht erlaubt", &fu)
+				return p.InvalidDataResponse(engine, e, "Rolle nicht erlaubt", fu)
 			}
 		}
 
 		passwordchanged := false
 		if formdata.Password != "" || formdata.PasswordRepeat != "" || formdata.OldPassword != "" {
 			if user.Role != "Admin" && formdata.OldPassword == "" {
-				return p.InvalidDataResponse(engine, e, "Altes Passwort erforderlich", &fu)
+				return p.InvalidDataResponse(engine, e, "Altes Passwort erforderlich", fu)
 			} else if user.Role != "Admin" && !user_proxy.ValidatePassword(formdata.OldPassword) {
-				return p.InvalidDataResponse(engine, e, "Altes Passwort falsch", &fu)
+				return p.InvalidDataResponse(engine, e, "Altes Passwort falsch", fu)
 			}
 
 			if formdata.Password != formdata.PasswordRepeat {
-				return p.InvalidDataResponse(engine, e, "Passwörter stimmen nicht überein", &fu)
+				return p.InvalidDataResponse(engine, e, "Passwörter stimmen nicht überein", fu)
 			}
 
 			user_proxy.SetPassword(formdata.Password)
@@ -299,14 +289,14 @@ func (p *UserEditPage) POST(engine *templating.Engine, app core.App) HandleFunc
 		}
 
 		if err := app.Save(user_proxy); err != nil {
-			return p.InvalidDataResponse(engine, e, err.Error(), &fu)
+			return p.InvalidDataResponse(engine, e, err.Error(), fu)
 		}
 
 		slog.Info("UserEditPage: User edited", "user_id", user_proxy.Id, "role_changed", rolechanged, "password_changed", passwordchanged, "formdata", formdata)
 		if rolechanged || (passwordchanged && formdata.Logout == "on") {
 			slog.Error("UserEditPage: Deleting sessions for user", "user_id", user_proxy.Id, "role_changed", rolechanged, "password_changed", passwordchanged)
 			if err := DeleteSessionsForUser(app, user_proxy.Id); err != nil {
-				return p.InvalidDataResponse(engine, e, "Fehler beim Löschen der Sitzungen: "+err.Error(), &fu)
+				return p.InvalidDataResponse(engine, e, "Fehler beim Löschen der Sitzungen: "+err.Error(), fu)
 			}
 
 			if user_proxy.Id == user.Id {
@@ -325,7 +315,7 @@ func (p *UserEditPage) POST(engine *templating.Engine, app core.App) HandleFunc
 
 		data["success"] = "Benutzer erfolgreich bearbeitet"
 
-		nonce, token, err := CSRF_CACHE.GenerateTokenBundle()
+		nonce, token, err := CSRF_CACHE.GenerateTokenBundleWithExpiration(2 * time.Hour)
 		if err != nil {
 			return engine.Response500(e, err, nil)
 		}

pages/user_management.go

@@ -2,6 +2,7 @@ package pages
 
 import (
 	"fmt"
+	"time"
 
 	"github.com/Theodor-Springmann-Stiftung/musenalm/app"
 	"github.com/Theodor-Springmann-Stiftung/musenalm/dbmodels"
@@ -102,7 +103,7 @@ func (p *UserManagementPage) getData(app core.App, data map[string]any) error {
 	data["len"] = len(users)
 	data["session_counts"] = scmap
 
-	csrfNonce, csrfToken, err := CSRF_CACHE.GenerateTokenBundle()
+	csrfNonce, csrfToken, err := CSRF_CACHE.GenerateTokenBundleWithExpiration(2 * time.Hour)
 	if err != nil {
 		return fmt.Errorf("Konnte kein CSRF-Token generieren.")
 	}
@@ -116,15 +117,17 @@ func (p *UserManagementPage) ErrorResponse(engine *templating.Engine, e *core.Re
 	data := make(map[string]any)
 	data["error"] = err.Error()
 
-	nonce, token, err := CSRF_CACHE.GenerateTokenBundle()
+	err = p.getData(e.App, data)
 	if err != nil {
-		return engine.Response500(e, err, data)
+		engine.Response500(e, fmt.Errorf("Nutzerdaten konnten nicht geladen werden: %w", err), data)
 	}
-	data["csrf_nonce"] = nonce
-	data["csrf_token"] = token
 
 	str, err := engine.RenderToString(e, data, p.Template, p.Layout)
+	if err != nil {
+		engine.Response500(e, fmt.Errorf("Konnte Fehlerseite nicht rendern: %w", err), data)
+	}
 
+	e.Response.Header().Add("HX-Push-Url", "false")
 	return e.HTML(400, str)
 }
 
@@ -157,7 +160,7 @@ func (p *UserManagementPage) POSTDeactivate(engine *templating.Engine, app core.
 			return p.ErrorResponse(engine, e, fmt.Errorf("Konnte Nutzer nicht deaktivieren: %w", err))
 		}
 
-		go DeleteSessionsForUser(app, u.Id)
+		DeleteSessionsForUser(app, u.Id)
 
 		data := make(map[string]any)
 		data["success"] = "Nutzer " + u.Name() + "(" + u.Email() + ") wurde deaktiviert."
@@ -242,7 +245,7 @@ func (p *UserManagementPage) POSTLogout(engine *templating.Engine, app core.App)
 		}
 
 		u := dbmodels.NewUser(user)
-		go DeleteSessionsForUser(app, u.Id)
+		DeleteSessionsForUser(app, u.Id)
 
 		data := make(map[string]any)
 		data["success"] = "Nutzer " + u.Name() + "(" + u.Email() + ") wurde überall ausgeloggt."

pages/user_management_access.go

@@ -11,6 +11,7 @@ import (
 	"github.com/Theodor-Springmann-Stiftung/musenalm/templating"
 	"github.com/pocketbase/pocketbase/core"
 	"github.com/pocketbase/pocketbase/tools/router"
+	"github.com/pocketbase/pocketbase/tools/types"
 )
 
 const (
@@ -60,6 +61,10 @@ func (p *UserManagementAccessPage) GET(engine *templating.Engine, app core.App)
 			access_token = token
 		} else {
 			access_token = dbmodels.NewAccessToken(record)
+			access_token.SetExpires(types.NowDateTime().Add(7 * 24 * time.Hour))
+			if err := app.Save(access_token); err != nil {
+				return engine.Response500(e, err, nil)
+			}
 		}
 
 		// TODO: check if access token exists, if not generate

views/assets/scripts.js

@@ -318,14 +318,7 @@ class z extends HTMLElement {
     super(), this._tooltipBox = null, this._timeout = 200, this._hideTimeout = null, this._hiddenTimeout = null;
   }
   connectedCallback() {
-    this.classList.add(
-      "w-full",
-      "h-full",
-      "relative",
-      "block",
-      "leading-none",
-      "[&>*]:leading-normal"
-    );
+    this.classList.add("relative", "block", "leading-none", "[&>*]:leading-normal");
     const t = this.querySelector(".data-tip"), e = t ? t.innerHTML : "Tooltip";
     t && t.classList.add("hidden"), this._tooltipBox = document.createElement("div"), this._tooltipBox.innerHTML = e, this._tooltipBox.className = [
       "opacity-0",

views/layouts/blankfooter/root.gohtml

@@ -45,7 +45,7 @@
 
 	<body class="w-full min-h-full" hx-ext="response-targets" hx-boost="true">
 		<div class="flex flex-col min-h-screen w-full">
-			<header class="container-normal bg-slate-100 px-2 py-2" id="header">
+			<header class="container-normal bg-slate-100 " id="header">
 				{{ template "_menu" . }}
 			</header>
 

views/layouts/components/_menu.gohtml

@@ -6,9 +6,9 @@
 	<div class="flex flex-row justify-between">
 		<div class="flex flex-row gap-x-3">
 			<div class="grow-0">
-				<a href="/" class="no-underline"
-					><img class="h-14 w-14 border" src="/assets/favicon.png"
-				/></a>
+				<a href="/" class="no-underline">
+					<img class="h-14 w-14 border" src="/assets/favicon_transparent.png" />
+				</a>
 			</div>
 			<div class="flex flex-col">
 				<h1 class="font-bold text-2xl tracking-wide">

views/routes/almanach/components/entrydata.gohtml

@@ -20,6 +20,9 @@
 
 <div class="container-oversize mt-12 pb-0 mb-0">
 	<div class="pb-1.5 ml-32"><i class="ri-book-line"></i> Almanach</div>
+	{{- if $model.request.user -}}
+		DDD
+	{{- end -}}
 	<div class="pt-0 {{ if $hasContents -}}contentsentrydata{{- end -}}" id="entrydata">
 		<div class="container-normal !py-8">
 			<div class="flex flex-col">

views/routes/user/edit/body.gohtml

@@ -208,27 +208,48 @@
 
 		<div class="col-span-1 mt-12 justify-self-end self-end items-end flex flex-row justify-end">
 			{{ if not $model.user.Deactivated }}
-				<button
-					type="submit"
-					formmethod="POST"
-					formaction="/user/{{ $model.user.Id }}/deactivate"
-					type="button"
-					class="inline-flex justify-center py-2 px-3 underline decoration-dotted
-					hover:decoration-solid
-							rounded-lg text-sm font-medium text-red-800 cursor-pointer">
-					Deaktivieren
-				</button>
+				<form action="/user/{{ $model.user.Id }}/deactivate/" method="POST">
+					<input
+						type="hidden"
+						name="csrf_nonce"
+						id="csrf_nonce"
+						required
+						value="{{ $model.csrf_nonce }}" />
+					<input
+						type="hidden"
+						name="csrf_token"
+						id="csrf_token"
+						required
+						value="{{ $model.csrf_token }}" />
+					<button
+						type="submit"
+						type="button"
+						class="cursor-pointer text-red-700 hover:text-red-900 pr-4 mt-6">
+						<i class="ri-prohibited-2-line"></i>
+						Deaktivieren
+					</button>
+				</form>
 			{{ else }}
-				<button
-					type="submit"
-					formmethod="POST"
-					formaction="/user/{{ $model.user.Id }}/activate"
-					type="button"
-					class="inline-flex justify-center py-2 px-4 border border-transparent hover:border-red-800
-							rounded-lg text-sm font-medium text-red-800 bg-red-200 hover:bg-red-300 cursor-pointer
-							focus:outline-none focus:ring-2 focus:ring-offset-2 focus:ring-slate-500 no-underline">
-					<i class="ri-restart-line"></i> Aktivieren
-				</button>
+				<form action="/user/{{ $model.user.Id }}/activate/" method="POST">
+					<input
+						type="hidden"
+						name="csrf_nonce"
+						id="csrf_nonce"
+						required
+						value="{{ $model.csrf_nonce }}" />
+					<input
+						type="hidden"
+						name="csrf_token"
+						id="csrf_token"
+						required
+						value="{{ $model.csrf_token }}" />
+					<button
+						type="submit"
+						type="button"
+						class="cursor-pointer text-green-700 hover:text-green-900 pr-4 mt-6">
+						<i class="ri-restart-line"></i> Aktivieren
+					</button>
+				</form>
 			{{ end }}
 		</div>
 	</div>

views/routes/user/management/access/body.gohtml

@@ -107,26 +107,32 @@
 						value="{{ $model.access_url }}"
 						deactive
 						readonly />
-					<button
-						type="button"
-						class="ml-2 inline-flex justify-center py-2 px-3 border border-transparent
+					<tool-tip position="top">
+						<div class="data-tip font-bold hidden">Kopieren</div>
+						<button
+							type="button"
+							class="ml-2 inline-flex justify-center py-2 px-3 border border-transparent
 					rounded-xs
 					shadow-sm text-sm font-medium text-white bg-slate-700 hover:bg-slate-800 cursor-pointer
 					focus:outline-none no-underline
 					focus:ring-2 focus:ring-offset-2 focus:ring-slate-500"
-						onclick="navigator.clipboard.writeText('{{ $model.access_url }}')">
-						<i class="ri-file-copy-line"></i>
-					</button>
-					<a
-						href="{{ $model.relative_url }}"
-						target="_blank"
-						class="ml-2 inline-flex justify-center py-2 px-3 border border-transparent
+							onclick="navigator.clipboard.writeText('{{ $model.access_url }}')">
+							<i class="ri-file-copy-line"></i>
+						</button>
+					</tool-tip>
+					<tool-tip position="top">
+						<div class="data-tip font-bold hidden">In neuem Fenster öffnen</div>
+						<a
+							href="{{ $model.relative_url }}"
+							target="_blank"
+							class="ml-2 inline-flex justify-center py-2 px-3 border border-transparent
 					rounded-xs
 					shadow-sm text-sm font-medium text-white bg-slate-700 hover:bg-slate-800 cursor-pointer
 					focus:outline-none no-underline
 					focus:ring-2 focus:ring-offset-2 focus:ring-slate-500">
-						<i class="ri-external-link-line"></i>
-					</a>
+							<i class="ri-external-link-line"></i>
+						</a>
+					</tool-tip>
 					<form class="" method="POST">
 						<input
 							type="hidden"
@@ -141,15 +147,18 @@
 							required
 							value="{{ $model.csrf_token }}" />
 						<div class="col-span-9 flex flex-row items-center justify-center">
-							<button
-								type="submit"
-								class="ml-2 inline-flex justify-center py-2 px-3 border border-transparent
+							<tool-tip position="top">
+								<div class="data-tip font-bold hidden">Link invalidieren</div>
+								<button
+									type="submit"
+									class="ml-2 inline-flex justify-center py-2 px-3 border border-transparent
 					rounded-xs
 					shadow-sm text-sm font-medium text-white bg-slate-700 hover:bg-slate-800 cursor-pointer
 					focus:outline-none no-underline
 					focus:ring-2 focus:ring-offset-2 focus:ring-slate-500">
-								<i class="ri-loop-left-line"></i>
-							</button>
+									<i class="ri-loop-left-line"></i>
+								</button>
+							</tool-tip>
 						</div>
 					</form>
 				</div>

views/routes/user/management/body.gohtml

@@ -52,7 +52,13 @@
 					<tr class="{{ if $u.Deactivated }}deactivated{{ end }}">
 						<td>{{ $u.Name }}</td>
 						<td>{{ $u.Email }}</td>
-						<td>{{ $u.Role }}</td>
+						{{- if eq $u.Role "Admin" -}}
+							<td class="">Administrator</td>
+						{{- else if eq $u.Role "Editor" -}}
+							<td class="">Redakteur</td>
+						{{- else -}}
+							<td class="">Benutzer</td>
+						{{- end -}}
 						<td>{{ index $model.session_counts $u.Id }}</td>
 						<td>
 							<form class="flex flex-row gap-x-4 justify-end">
@@ -71,34 +77,43 @@
 									value="{{ $model.csrf_token }}" />
 								<!-- INFO: we dont use request.fullpath here, since this can be /logout /activate
 									or /deactivate, which would not work with the redirectTo query param -->
-								<button
-									formmethod="GET"
-									formaction="/user/{{ $u.Id }}/edit?redirectTo=/user/management">
-									<i class="ri-pencil-line"></i>
-								</button>
-								<button
-									hx-push-url="false"
-									formmethod="POST"
-									formaction="/user/management/logout/"
-									class="text-orange-800 bg-orange-200 hover:bg-orange-300">
-									<i class="ri-logout-box-r-line"></i>
-								</button>
+								<tool-tip position="top">
+									<div class="data-tip font-bold hidden">Bearbeiten</div>
+									<button
+										formmethod="GET"
+										formaction="/user/{{ $u.Id }}/edit?redirectTo=/user/management">
+										<i class="ri-pencil-line"></i>
+									</button>
+								</tool-tip>
+								<tool-tip position="top">
+									<div class="data-tip font-bold hidden">Logout</div>
+									<button
+										formmethod="POST"
+										formaction="/user/management/logout/"
+										class="text-orange-800 bg-orange-200 hover:bg-orange-300">
+										<i class="ri-logout-box-r-line"></i>
+									</button>
+								</tool-tip>
 								{{- if $u.Deactivated }}
-									<button
-										hx-push-url="false"
-										formmethod="POST"
-										formaction="/user/management/activate/"
-										class="text-blue-800 bg-blue-200 hover:bg-blue-300">
-										<i class="ri-check-line"></i>
-									</button>
+									<tool-tip position="top">
+										<div class="data-tip font-bold hidden">Reaktivieren</div>
+										<button
+											formmethod="POST"
+											formaction="/user/management/activate/"
+											class="text-green-800 bg-green-200 hover:bg-green-300">
+											<i class="ri-restart-line"></i>
+										</button>
+									</tool-tip>
 								{{- else -}}
-									<button
-										hx-push-url="false"
-										formmethod="POST"
-										formaction="/user/management/deactivate/"
-										class="text-red-800 bg-red-200 hover:bg-red-300">
-										<i class="ri-prohibited-2-line"></i>
-									</button>
+									<tool-tip position="top">
+										<div class="data-tip font-bold hidden">Deaktivieren</div>
+										<button
+											formmethod="POST"
+											formaction="/user/management/deactivate/"
+											class="text-red-800 bg-red-200 hover:bg-red-300">
+											<i class="ri-prohibited-2-line"></i>
+										</button>
+									</tool-tip>
 								{{- end -}}
 							</form>
 						</td>

views/transform/main.js

@@ -594,14 +594,7 @@ class ToolTip extends HTMLElement {
 	}
 
 	connectedCallback() {
-		this.classList.add(
-			"w-full",
-			"h-full",
-			"relative",
-			"block",
-			"leading-none",
-			"[&>*]:leading-normal",
-		);
+		this.classList.add("relative", "block", "leading-none", "[&>*]:leading-normal");
 		const dataTipElem = this.querySelector(".data-tip");
 		const tipContent = dataTipElem ? dataTipElem.innerHTML : "Tooltip";