Add commenting system

2 files changed, 134 insertions, 0 deletions

diff --git a/cmd/web/handlers/blog.go b/cmd/web/handlers/blog.go
index 4c81669..472b270 100644
--- a/cmd/web/handlers/blog.go
+++ b/cmd/web/handlers/blog.go
@@ -3,6 +3,7 @@ package handlers
 import (
 	"bytes"
 	"database/sql"
+	"html"
 	"html/template"
 	"io"
 	"log"
@@ -21,16 +22,113 @@ type blogContext struct {
 
 	Post          models.Post
 	Rows          []models.Post
+	Comments      []models.Comment
 	Name          string
 	IsAuth        bool
 	PagePopulated bool
 	Offset        int
 }
 
+func (ctx *blogContext) comment(w http.ResponseWriter, r *http.Request) {
+	if r.Method != "POST" {
+		w.WriteHeader(http.StatusMethodNotAllowed)
+		w.Write([]byte("Method Not Allowed"))
+		return
+	}
+
+	postId := r.URL.Query().Get("id")
+
+	err := r.ParseForm()
+	if err != nil {
+		w.WriteHeader(http.StatusInternalServerError)
+		w.Write([]byte("Internal Error"))
+		ctx.err.Printf("Failed to retrieve form data: %v\n", err)
+		return
+	}
+
+	name := r.PostForm.Get("name")
+	content := html.EscapeString(r.PostForm.Get("comment"))
+
+	insertStmt, err := ctx.db.Prepare("INSERT INTO comments (verified, name, post_id, content) VALUES (FALSE, $1, $2, $3);")
+	if err != nil {
+		w.WriteHeader(http.StatusInternalServerError)
+		w.Write([]byte("Internal Error"))
+		ctx.err.Printf("Could not prepare insert statement to DB: %v\n", err)
+		return
+	}
+	defer insertStmt.Close()
+
+	_, err = insertStmt.Exec(name, postId, content)
+	if err != nil {
+		w.WriteHeader(http.StatusInternalServerError)
+		w.Write([]byte("Internal Error"))
+		ctx.err.Printf("Could not execute comment into DB: %v\n", err)
+		return
+	}
+
+	http.Redirect(w, r, r.Header.Get("Referer"), http.StatusFound)
+	return
+}
+
+func (ctx *blogContext) verifyComment(w http.ResponseWriter, r *http.Request) {
+	commentId := r.URL.Query().Get("id")
+
+	updateStmt, err := ctx.db.Prepare("UPDATE comments SET verified = TRUE WHERE id = $1;")
+	if err != nil {
+		w.WriteHeader(http.StatusInternalServerError)
+		w.Write([]byte("Internal Error"))
+		ctx.err.Printf("Could not prepare update statement to DB: %v\n", err)
+		return
+	}
+	defer updateStmt.Close()
+
+	_, err = updateStmt.Exec(commentId)
+	if err != nil {
+		w.WriteHeader(http.StatusInternalServerError)
+		w.Write([]byte("Internal Error"))
+		ctx.err.Printf("Could not execute to DB: %v\n", err)
+		return
+	}
+
+	http.Redirect(w, r, r.Header.Get("Referer"), http.StatusFound)
+	return
+}
+
+func (ctx *blogContext) deleteComment(w http.ResponseWriter, r *http.Request) {
+	commentId := r.URL.Query().Get("id")
+
+	updateStmt, err := ctx.db.Prepare("DELETE FROM comments WHERE id = $1;")
+	if err != nil {
+		w.WriteHeader(http.StatusInternalServerError)
+		w.Write([]byte("Internal Error"))
+		ctx.err.Printf("Could not prepare update statement to DB: %v\n", err)
+		return
+	}
+	defer updateStmt.Close()
+
+	_, err = updateStmt.Exec(commentId)
+	if err != nil {
+		w.WriteHeader(http.StatusInternalServerError)
+		w.Write([]byte("Internal Error"))
+		ctx.err.Printf("Could not execute to DB: %v\n", err)
+		return
+	}
+
+	http.Redirect(w, r, r.Header.Get("Referer"), http.StatusFound)
+	return
+}
+
 func (ctx *blogContext) viewPost(w http.ResponseWriter, r *http.Request) {
 	ctx.Rows = []models.Post{}
+	ctx.Comments = []models.Comment{}
+	ctx.IsAuth = false
 	postId := r.URL.Query().Get("id")
 
+	_, err := r.Cookie("paterissa_session_token")
+	if err == nil {
+		ctx.IsAuth = true
+	}
+
 	stmt, err := ctx.db.Prepare("SELECT p.id, u.name, p.time, p.brief, p.content FROM posts p INNER JOIN logins u ON p.user_id = u.id WHERE p.id = $1;")
 	if err != nil {
 		w.WriteHeader(http.StatusInternalServerError)
@@ -60,6 +158,39 @@ func (ctx *blogContext) viewPost(w http.ResponseWriter, r *http.Request) {
 	p.FormattedTime = p.Time.Format(time.ANSIC)
 	ctx.Post = p
 
+	commentStmt, err := ctx.db.Prepare("SELECT id, verified, time, name, content FROM comments WHERE post_id = $1;")
+	if err != nil {
+		w.WriteHeader(http.StatusInternalServerError)
+		w.Write([]byte("Internal Error"))
+		ctx.err.Printf("Could not prepare statement for DB: %v\n", err)
+		return
+	}
+	defer commentStmt.Close()
+
+	commentRows, err := commentStmt.Query(p.Id)
+	if err != nil {
+		w.WriteHeader(http.StatusInternalServerError)
+		w.Write([]byte("Internal Error"))
+		ctx.err.Printf("Could not prepare statement for DB: %v\n", err)
+		return
+	}
+	defer commentRows.Close()
+
+	for commentRows.Next() {
+		var c models.Comment
+
+		if err = commentRows.Scan(&c.Id, &c.IsVerified, &c.Time, &c.Name, &c.Content); err != nil {
+			w.WriteHeader(http.StatusInternalServerError)
+			w.Write([]byte("Internal Error"))
+			ctx.err.Printf("Could not load row: %v\n", err)
+			return
+		}
+
+		c.FormattedTime = c.Time.Format(time.ANSIC)
+
+		ctx.Comments = append(ctx.Comments, c)
+	}
+
 	files := []string{
 		"ui/html/base.tmpl.html",
 		"ui/html/music_player.tmpl.html",
diff --git a/cmd/web/handlers/routes.go b/cmd/web/handlers/routes.go
index 1c14705..f6d8dc3 100644
--- a/cmd/web/handlers/routes.go
+++ b/cmd/web/handlers/routes.go
@@ -47,6 +47,9 @@ func RegisterEndpoints(app types.Application, db *sql.DB) *http.ServeMux {
 	blogRouter.HandleFunc("/", auth.CheckAndInvalidate(blog.index))
 	blogRouter.HandleFunc("/post/new", auth.Resolve(blog.post))
 	blogRouter.HandleFunc("/post", blog.viewPost)
+	blogRouter.HandleFunc("/comments/verify", auth.Resolve(blog.verifyComment))
+	blogRouter.HandleFunc("/comments/delete", auth.Resolve(blog.deleteComment))
+	blogRouter.HandleFunc("/comments/post", blog.comment)
 
 	blogRouter.HandleFunc("/login", login.handle)
 	blogRouter.HandleFunc("/logout", auth.Resolve(login.logout))