controllers/cartItemController.go

@@ -1,8 +1,6 @@
 package controllers
 
 import (
-	"crypto/rand"
-	"encoding/hex"
 	"errors"
 	"fmt"
 	"net/http"
@@ -15,6 +13,7 @@ import (
 	"git.dynamicdiscord.de/kalipso/zineshop/models"
 	//"git.dynamicdiscord.de/kalipso/zineshop/services"
 	"git.dynamicdiscord.de/kalipso/zineshop/repositories"
+	"git.dynamicdiscord.de/kalipso/zineshop/utils"
 )
 
 type CartItemController interface {
@@ -53,15 +52,6 @@ func getSetCookieValue(c *gin.Context, cookieName string) string {
 	return "" // Return empty string if cookie is not found
 }
 
-func generateSessionId(length int) string {
-	bytes := make([]byte, length) // 16 bytes = 128 bits
-	_, err := rand.Read(bytes)
-	if err != nil {
-		panic("failed to generate session ID")
-	}
-	return hex.EncodeToString(bytes)
-}
-
 func GetSessionId(ctx *gin.Context) string {
 	sessionId, err := ctx.Cookie("session_id")
 
@@ -73,17 +63,13 @@ func GetSessionId(ctx *gin.Context) string {
 			return responseCookie
 		}
 
-		sessionId = generateSessionId(16)
+		sessionId = utils.GenerateSessionId(16)
 		ctx.SetCookie("session_id", sessionId, 3600, "/", "", false, true)
 	}
 
 	return sessionId
 }
 
-func GenerateToken() string {
-	return generateSessionId(16)
-}
-
 func (rc *cartItemController) NewCartItemFromForm(ctx *gin.Context) (models.CartItem, error) {
 	sessionId := GetSessionId(ctx)
 	shopItemIdStr := ctx.PostForm("ShopItemId")
@@ -162,7 +148,7 @@ func (rc *cartItemController) NewAddressFromForm(ctx *gin.Context) (models.Addre
 func (rc *cartItemController) NewOrderFromForm(ctx *gin.Context) (models.Order, error) {
 	sessionId := GetSessionId(ctx)
 	status := models.OrderStatus("AwaitingConfirmation")
-	token := GenerateToken()
+	token := utils.GenerateToken()
 	email := ctx.PostForm("email")
 	comment := ctx.PostForm("comment")
 	firstName := ctx.PostForm("firstName")

controllers/userController.go

@@ -1,11 +1,12 @@
 package controllers
 
 import (
+	"errors"
 	"fmt"
-	"math/rand"
 	"net/http"
 
 	"github.com/gin-gonic/gin"
+	"gorm.io/gorm"
 
 	"git.dynamicdiscord.de/kalipso/zineshop/models"
 	"git.dynamicdiscord.de/kalipso/zineshop/repositories"
@@ -36,7 +37,7 @@ func (uc *UserController) Register(c *gin.Context) {
 		return
 	}
 
-	_, err = services.Users.Register(body.Name, body.Email, body.Password)
+	_, err = services.Users.Register(body.Name, body.Email, body.Password, false)
 
 	if err != nil {
 		fmt.Println("Error: ", err)
@@ -140,10 +141,12 @@ func (rc *UserController) LoginHandler(c *gin.Context) {
 }
 
 func CreateSessionData(c *gin.Context, extra any) gin.H {
-	_, exists := c.Get("user")
+	user, exists := c.Get("user")
+	userImpl, _ := user.(models.User)
 
 	return gin.H{
 		"loggedIn": exists,
+		"isAdmin":  userImpl.IsAdmin,
 		"data":     extra,
 	}
 }
@@ -153,11 +156,45 @@ func (rc *UserController) RegisterHandler(c *gin.Context) {
 	email := c.PostForm("email")
 	password := c.PostForm("password")
 
-	_, err := services.Users.Register(name, email, password)
+	//first registered user is admin
+	isEmpty, _ := repositories.Users.IsEmpty()
+	if isEmpty {
+		_, err := services.Users.Register(name, email, password, true)
+		if err != nil {
+			data := gin.H{
+				"error":   "Registering Failed.",
+				"success": "",
+			}
+			c.HTML(http.StatusOK, "register.html", data)
+			return
+		}
 
-	if err != nil {
 		data := gin.H{
-			"error":   "Registering Failed.",
+			"error":   "",
+			"success": "You successfully registered as Admin. Try logging in.",
+		}
+
+		c.HTML(http.StatusOK, "register.html", data)
+		return
+	}
+
+	//for any other user token is required
+	token := c.PostForm("token")
+
+	if token == "" {
+		data := gin.H{
+			"error":   "No token. No register.",
+			"success": "",
+		}
+
+		c.HTML(http.StatusOK, "register.html", data)
+	}
+
+	tokenExists, err := repositories.Tokens.Exists(token)
+
+	if err != nil && !errors.Is(err, gorm.ErrRecordNotFound) {
+		data := gin.H{
+			"error":   err,
 			"success": "",
 		}
 
@@ -165,6 +202,31 @@ func (rc *UserController) RegisterHandler(c *gin.Context) {
 		return
 	}
 
+	if !tokenExists {
+		data := gin.H{
+			"error":   "Invalid Token.",
+			"success": "",
+		}
+		c.HTML(http.StatusOK, "register.html", data)
+		return
+	}
+
+	_, err = services.Users.Register(name, email, password, false)
+	if err != nil {
+		data := gin.H{
+			"error":   "Registering Failed.",
+			"success": "",
+		}
+		c.HTML(http.StatusOK, "register.html", data)
+		return
+	}
+
+	err = repositories.Tokens.Delete(token)
+
+	if err != nil {
+		fmt.Println("Could not delete RegisterToken: ", err)
+	}
+
 	data := gin.H{
 		"error":   "",
 		"success": "You successfully registered. Try logging in.",
@@ -174,6 +236,39 @@ func (rc *UserController) RegisterHandler(c *gin.Context) {
 }
 
 func (rc *UserController) RegisterView(c *gin.Context) {
+	data := gin.H{
+		"error":   "",
+		"success": "",
+		"token":   c.Param("token"),
+	}
+
+	c.HTML(http.StatusOK, "registertoken.html", data)
+}
+
+func (rc *UserController) InitAdmin(c *gin.Context) {
+	isEmpty, err := repositories.Users.IsEmpty()
+
+	if err != nil {
+		data := gin.H{
+			"error":   err,
+			"success": "",
+		}
+
+		c.HTML(http.StatusInternalServerError, "error.html", data)
+		return
+	}
+
+	if !isEmpty {
+		data := gin.H{
+			"error":   "Registration is closed",
+			"success": "",
+		}
+
+		c.HTML(http.StatusInternalServerError, "error.html", data)
+		return
+
+	}
+
 	data := gin.H{
 		"error":   "",
 		"success": "",
@@ -204,6 +299,38 @@ func (rc *UserController) ResetHandler(c *gin.Context) {
 	c.HTML(http.StatusOK, "passwordreset.html", data)
 }
 
+func (rc *UserController) InviteView(c *gin.Context) {
+	tokens, _ := repositories.Tokens.GetAll()
+	fmt.Println(tokens)
+
+	data := gin.H{
+		"tokens": tokens,
+	}
+
+	c.HTML(http.StatusOK, "invites.html", data)
+}
+
+func (rc *UserController) InviteHandler(c *gin.Context) {
+	action := c.PostForm("action")
+
+	if action == "create" {
+		_, err := repositories.Tokens.Create()
+
+		if err != nil {
+			fmt.Println(err)
+			c.HTML(http.StatusBadRequest, "error.html", gin.H{"error": err})
+			return
+		}
+	}
+
+	if action == "delete" {
+		token := c.PostForm("token")
+		repositories.Tokens.Delete(token)
+	}
+
+	rc.InviteView(c)
+}
+
 func (rc *UserController) MainView(c *gin.Context) {
 	shopItems, _ := repositories.ShopItems.GetAll()
 	fmt.Println(len(shopItems))
@@ -227,68 +354,6 @@ func (rc *UserController) TagView(c *gin.Context) {
 	c.HTML(http.StatusOK, "index.html", data)
 }
 
-type booking struct {
-	Booked bool
-}
-
-type calendarbooking struct {
-	Time     string
-	Bookings []booking
-}
-
-func (rc *UserController) CalendarView(c *gin.Context) {
-	shopItems, _ := repositories.ShopItems.GetAll()
-	fmt.Println(len(shopItems))
-
-	generateBookings := func(amountShopItems int) []calendarbooking {
-		var result []calendarbooking
-		time := 6
-		for _ = range 18 {
-			book := calendarbooking{
-				Time:     fmt.Sprintf("%d:00", time),
-				Bookings: []booking{},
-			}
-			for _ = range amountShopItems {
-				book.Bookings = append(book.Bookings, booking{Booked: rand.Float32() < 0.5})
-			}
-
-			time += 1
-			result = append(result, book)
-		}
-
-		return result
-	}
-
-	bookings := gin.H{
-		"head": []string{
-			"malobeo",
-			"hole of fame",
-			"BK",
-			"AZ Conni",
-		},
-		"bookings": generateBookings(4),
-		//"bookings": []calendarbooking{
-		//	{
-		//		Time: "10:00",
-		//		Bookings: []booking{
-		//			{ Booked: true },
-		//			{ Booked: false },
-		//		},
-		//	},
-		//},
-	}
-
-	data := CreateSessionData(c, gin.H{
-		"title":         "shopItem Page",
-		"bookings":      bookings,
-		"shopItemcount": len(bookings["head"].([]string)) + 1,
-	})
-
-	fmt.Println(data)
-
-	c.HTML(http.StatusOK, "calendar.html", data)
-}
-
 func (rc *UserController) Logout(c *gin.Context) {
 	c.SetCookie("Authorization", "", -1, "", "", false, true)
 	c.HTML(http.StatusOK, "index.html", gin.H{})

main.go

@@ -55,66 +55,50 @@ func main() {
 	server.Static("/static", os.Getenv("STATIC"))
 	server.LoadHTMLGlob(fmt.Sprintf("%s/*.html", os.Getenv("VIEWS")))
 
-	apiRoutes := server.Group("/api")
-	//apiRoutes.Use(middlewares.BasicAuth())
-	{
-		apiRoutes.POST("/tags", authValidator.RequireAuth, shopItemController.CreateTag)
-		apiRoutes.GET("/tags", authValidator.OptionalAuth, shopItemController.GetAllTags)
-		apiRoutes.POST("/shopitems", authValidator.RequireAuth, shopItemController.Create)
-		apiRoutes.GET("/shopitems", authValidator.OptionalAuth, shopItemController.GetAll)
-		apiRoutes.GET("/shopitems/:id", authValidator.OptionalAuth, shopItemController.GetById)
-		apiRoutes.PUT("/shopitems/:id", authValidator.RequireAuth, shopItemController.Update)
-		apiRoutes.DELETE("/shopitems/:id", authValidator.RequireAuth, shopItemController.Delete)
-
-		//apiRoutes.GET("/rooms/:id/users", authValidator.RequireAuth, authValidator.RequireRoomAdmin, shopItemController.GetUsers)
-		//apiRoutes.POST("/rooms/:id/users", authValidator.RequireAuth, shopItemController.AddUser)
-
-		apiRoutes.POST("/users/register", userController.Register)
-		apiRoutes.POST("/users/login", userController.Login)
-		apiRoutes.GET("/users/validate", authValidator.OptionalAuth, userController.Validate)
-	}
-
 	viewRoutes := server.Group("/", authValidator.OptionalAuth)
 	{
 		viewRoutes.GET("/", userController.MainView)
 		viewRoutes.GET("/shopitems/:id", shopItemController.ShopItemView)
-		viewRoutes.GET("/shopitems/:id/edit", authValidator.RequireAuth, shopItemController.EditItemView)
+		viewRoutes.GET("/shopitems/:id/edit", authValidator.RequireAdmin, shopItemController.EditItemView)
-		viewRoutes.POST("/shopitems/:id/edit", authValidator.RequireAuth, shopItemController.EditItemHandler)
+		viewRoutes.POST("/shopitems/:id/edit", authValidator.RequireAdmin, shopItemController.EditItemHandler)
-		viewRoutes.GET("/shopitems/:id/delete", authValidator.RequireAuth, shopItemController.DeleteItemView)
+		viewRoutes.GET("/shopitems/:id/delete", authValidator.RequireAdmin, shopItemController.DeleteItemView)
-		viewRoutes.POST("/shopitems/:id/delete", authValidator.RequireAuth, shopItemController.DeleteItemHandler)
+		viewRoutes.POST("/shopitems/:id/delete", authValidator.RequireAdmin, shopItemController.DeleteItemHandler)
-		viewRoutes.GET("/variant/:id/print", authValidator.RequireAuth, printController.PrintVariantView)
+		viewRoutes.GET("/variant/:id/print", authValidator.RequireAdmin, printController.PrintVariantView)
-		viewRoutes.GET("/cart/print", authValidator.RequireAuth, printController.PrintCartView)
+		viewRoutes.GET("/cart/print", authValidator.RequireAdmin, printController.PrintCartView)
-		viewRoutes.POST("/print", authValidator.RequireAuth, printController.PrintHandler)
+		viewRoutes.POST("/print", authValidator.RequireAdmin, printController.PrintHandler)
 
-		viewRoutes.GET("/tags", authValidator.RequireAuth, shopItemController.TagView)
+		viewRoutes.GET("/tags", authValidator.RequireAdmin, shopItemController.TagView)
-		viewRoutes.POST("/tags/:id", authValidator.RequireAuth, shopItemController.TagHandler)
+		viewRoutes.POST("/tags/:id", authValidator.RequireAdmin, shopItemController.TagHandler)
 		viewRoutes.GET("/tags/:id", userController.TagView)
-		viewRoutes.POST("/tags", authValidator.RequireAuth, shopItemController.AddTagHandler)
+		viewRoutes.POST("/tags", authValidator.RequireAdmin, shopItemController.AddTagHandler)
-		viewRoutes.GET("/cart", cartItemController.CartItemView)
+		viewRoutes.GET("/cart", authValidator.RequireAuth, cartItemController.CartItemView)
-		viewRoutes.POST("/cart", cartItemController.AddItemHandler)
+		viewRoutes.POST("/cart", authValidator.RequireAuth, cartItemController.AddItemHandler)
-		viewRoutes.POST("/cart/delete", cartItemController.DeleteItemHandler)
+		viewRoutes.POST("/cart/delete", authValidator.RequireAuth, cartItemController.DeleteItemHandler)
-		viewRoutes.POST("/cart/edit", cartItemController.EditItemHandler)
+		viewRoutes.POST("/cart/edit", authValidator.RequireAuth, cartItemController.EditItemHandler)
-		viewRoutes.GET("/checkout", cartItemController.CheckoutView)
+		viewRoutes.GET("/checkout", authValidator.RequireAuth, cartItemController.CheckoutView)
-		viewRoutes.POST("/checkout", cartItemController.CheckoutHandler)
+		viewRoutes.POST("/checkout", authValidator.RequireAuth, cartItemController.CheckoutHandler)
-		viewRoutes.POST("/order", cartItemController.OrderHandler)
+		viewRoutes.POST("/order", authValidator.RequireAuth, cartItemController.OrderHandler)
-		viewRoutes.GET("/order/:token", cartItemController.OrderView)
+		viewRoutes.GET("/order/:token", authValidator.RequireAuth, cartItemController.OrderView)
 		viewRoutes.GET("/order/:token/print", authValidator.RequireAuth, printController.PrintOrderView)
 
-		viewRoutes.GET("/orders", authValidator.RequireAuth, cartItemController.OrdersView)
+		viewRoutes.GET("/orders", authValidator.RequireAdmin, cartItemController.OrdersView)
-		viewRoutes.POST("/order/:token/edit", authValidator.RequireAuth, cartItemController.OrdersHandler)
+		viewRoutes.POST("/order/:token/edit", authValidator.RequireAdmin, cartItemController.OrdersHandler)
 
 		//write middleware that redirects to homescreen on register/login/reset for logged in users
 		viewRoutes.GET("/login", userController.LoginView)
 		viewRoutes.GET("/logout", userController.Logout)
-		viewRoutes.GET("/register", userController.RegisterView)
+		viewRoutes.GET("/register", userController.InitAdmin)
-		viewRoutes.GET("/passwordreset", userController.ResetView)
+		viewRoutes.GET("/register/:token", userController.RegisterView)
-		viewRoutes.GET("/additem", authValidator.RequireAuth, shopItemController.AddItemView)
+		viewRoutes.GET("/invites", authValidator.RequireAdmin, userController.InviteView)
-		viewRoutes.GET("/batchupload", authValidator.RequireAuth, shopItemController.AddItemsView)
+		viewRoutes.POST("/invites", authValidator.RequireAdmin, userController.InviteHandler)
+		viewRoutes.GET("/passwordreset", authValidator.RequireAuth, userController.ResetView)
+		viewRoutes.GET("/additem", authValidator.RequireAdmin, shopItemController.AddItemView)
+		viewRoutes.GET("/batchupload", authValidator.RequireAdmin, shopItemController.AddItemsView)
 		viewRoutes.POST("/login", userController.LoginHandler)
 		viewRoutes.POST("/register", userController.RegisterHandler)
-		viewRoutes.POST("/additem", authValidator.RequireAuth, shopItemController.AddItemHandler)
+		viewRoutes.POST("/additem", authValidator.RequireAdmin, shopItemController.AddItemHandler)
-		viewRoutes.POST("/batchupload", authValidator.RequireAuth, shopItemController.AddItemsHandler)
+		viewRoutes.POST("/batchupload", authValidator.RequireAdmin, shopItemController.AddItemsHandler)
-		viewRoutes.POST("/passwordreset", userController.ResetHandler)
+		viewRoutes.POST("/passwordreset", authValidator.RequireAuth, userController.ResetHandler)
 	}
 
 	server.Run(":" + os.Getenv("PORT"))

middlewares/requireAuth.go

@@ -1,13 +1,13 @@
 package middlewares
 
-import(
+import (
-	"os"
 	"fmt"
+	"os"
 	"time"
 	//"strconv"
-	"net/http"
 	"github.com/gin-gonic/gin"
 	"github.com/golang-jwt/jwt/v5"
+	"net/http"
 
 	//"git.dynamicdiscord.de/kalipso/zineshop/models"
 	"git.dynamicdiscord.de/kalipso/zineshop/repositories"
@@ -70,7 +70,7 @@ func (av *AuthValidator) RequireAuth(c *gin.Context) {
 		c.AbortWithStatus(http.StatusUnauthorized)
 		return
 	}
-	
+
 	if claims, ok := token.Claims.(jwt.MapClaims); ok {
 		//Check Expiration
 		if float64(time.Now().Unix()) > claims["exp"].(float64) {
@@ -78,7 +78,7 @@ func (av *AuthValidator) RequireAuth(c *gin.Context) {
 			c.AbortWithStatus(http.StatusUnauthorized)
 			return
 		}
-		
+
 		//Find user
 		user, err := repositories.Users.GetById(claims["sub"])
 
@@ -86,15 +86,72 @@ func (av *AuthValidator) RequireAuth(c *gin.Context) {
 			c.AbortWithStatus(http.StatusUnauthorized)
 			return
 		}
-	
+
 		//Attach to req
 		c.Set("user", user)
-	
+
 		// Coninue
 		c.Next()
 		return
 	}
-	
+
+	c.AbortWithStatus(http.StatusUnauthorized)
+}
+
+func (av *AuthValidator) RequireAdmin(c *gin.Context) {
+	// Get Cookie
+	tokenString, err := c.Cookie("Authorization")
+
+	if err != nil {
+		c.AbortWithStatus(http.StatusUnauthorized)
+		return
+	}
+
+	//Validate
+	token, err := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) {
+		// Don't forget to validate the alg is what you expect:
+		if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
+			return nil, fmt.Errorf("Unexpected signing method: %v", token.Header["alg"])
+		}
+
+		// hmacSampleSecret is a []byte containing your secret, e.g. []byte("my_secret_key")
+		return []byte(os.Getenv("SECRET")), nil
+	})
+
+	if err != nil {
+		c.AbortWithStatus(http.StatusUnauthorized)
+		return
+	}
+
+	if claims, ok := token.Claims.(jwt.MapClaims); ok {
+		//Check Expiration
+		if float64(time.Now().Unix()) > claims["exp"].(float64) {
+			//expired
+			c.AbortWithStatus(http.StatusUnauthorized)
+			return
+		}
+
+		//Find user
+		user, err := repositories.Users.GetById(claims["sub"])
+
+		if err != nil {
+			c.AbortWithStatus(http.StatusUnauthorized)
+			return
+		}
+
+		if !user.IsAdmin {
+			c.AbortWithStatus(http.StatusUnauthorized)
+			return
+		}
+
+		//Attach to req
+		c.Set("user", user)
+
+		// Coninue
+		c.Next()
+		return
+	}
+
 	c.AbortWithStatus(http.StatusUnauthorized)
 }
 
@@ -119,19 +176,19 @@ func (av *AuthValidator) OptionalAuth(c *gin.Context) {
 	if err != nil {
 		return
 	}
-	
+
 	if claims, ok := token.Claims.(jwt.MapClaims); ok {
 		if float64(time.Now().Unix()) > claims["exp"].(float64) {
 			return
 		}
-		
+
 		//Find user
 		user, err := repositories.Users.GetById(claims["sub"])
 
 		if err != nil {
 			return
 		}
-	
+
 		//Attach to req
 		c.Set("user", user)
 	}

models/user.go

@@ -4,9 +4,15 @@ import (
 	"gorm.io/gorm"
 )
 
+type RegisterToken struct {
+	gorm.Model
+	Token string `json:"token" binding:"required" gorm:"unique;not null"`
+}
+
 type User struct {
 	gorm.Model
-	Name string `json:"name" binding:"required" gorm:"unique;not null"`
+	Name     string `json:"name" binding:"required" gorm:"unique;not null"`
 	Password string `json:"password" binding:"required" gorm:"not null"`
-	Email string `json:"email" binding:"required,email" gorm:"unique;not null"`
+	Email    string `json:"email" binding:"required,email" gorm:"unique;not null"`
+	IsAdmin  bool   `json:"isAdmin" gorm:"default:false;not null"`
 }

repositories/registerTokenRepository.go

@@ -0,0 +1,86 @@
+package repositories
+
+import (
+	"errors"
+	"fmt"
+
+	"gorm.io/gorm"
+
+	"git.dynamicdiscord.de/kalipso/zineshop/models"
+	"git.dynamicdiscord.de/kalipso/zineshop/utils"
+)
+
+type RegisterTokenRepository interface {
+	Create() (models.RegisterToken, error)
+	GetAll() ([]models.RegisterToken, error)
+	Exists(string) (bool, error)
+	Delete(string) error
+}
+
+type GORMRegisterTokenRepository struct {
+	DB *gorm.DB
+}
+
+func NewGORMRegisterTokenRepository(db *gorm.DB) RegisterTokenRepository {
+	return &GORMRegisterTokenRepository{
+		DB: db,
+	}
+}
+
+func (t *GORMRegisterTokenRepository) Create() (models.RegisterToken, error) {
+	token := utils.GenerateToken()
+
+	exists, err := t.Exists(token)
+	if err != nil {
+		return models.RegisterToken{}, err
+	}
+
+	if exists {
+		return t.Create()
+	}
+
+	newToken := models.RegisterToken{
+		Token: token,
+	}
+	result := t.DB.Create(&newToken)
+
+	if result.Error != nil {
+		return models.RegisterToken{}, result.Error
+	}
+
+	return newToken, nil
+}
+
+func (t *GORMRegisterTokenRepository) GetAll() ([]models.RegisterToken, error) {
+	var tokens []models.RegisterToken
+	result := t.DB.Find(&tokens)
+
+	return tokens, result.Error
+}
+
+func (t *GORMRegisterTokenRepository) Exists(tokenString string) (bool, error) {
+	var token models.RegisterToken
+	result := t.DB.First(&token, "token = ?", tokenString)
+
+	if result.Error != nil {
+		if errors.Is(result.Error, gorm.ErrRecordNotFound) {
+			return false, nil
+		}
+
+		return false, result.Error
+	}
+
+	return true, nil
+}
+
+func (t *GORMRegisterTokenRepository) Delete(token string) error {
+	result := t.DB.Where("token = ?", token).Delete(&models.RegisterToken{})
+
+	if result.Error != nil {
+		return result.Error
+	} else if result.RowsAffected == 0 {
+		return fmt.Errorf("Token not found, could not be deleted")
+	}
+
+	return nil
+}

repositories/repository.go

@@ -14,6 +14,7 @@ var (
 	Tags      TagRepository
 	CartItems CartItemRepository
 	Orders    OrderRepository
+	Tokens    RegisterTokenRepository
 )
 
 func InitRepositories() {
@@ -27,7 +28,8 @@ func InitRepositories() {
 		&models.User{},
 		&models.Tag{},
 		&models.CartItem{},
-		&models.Order{})
+		&models.Order{},
+		&models.RegisterToken{})
 
 	if err != nil {
 		panic("failed to migrate database")
@@ -38,4 +40,5 @@ func InitRepositories() {
 	Tags = NewGORMTagRepository(db)
 	CartItems = NewGORMCartItemRepository(db)
 	Orders = NewGORMOrderRepository(db)
+	Tokens = NewGORMRegisterTokenRepository(db)
 }

repositories/userRepository.go

@@ -1,15 +1,16 @@
 package repositories
 
-import(
+import (
 	"gorm.io/gorm"
 
 	"git.dynamicdiscord.de/kalipso/zineshop/models"
-)	
+)
 
 type UserRepository interface {
-	Create(models.User) (models.User, error)	
+	Create(models.User) (models.User, error)
 	GetByEmail(string) (models.User, error)
 	GetById(interface{}) (models.User, error)
+	IsEmpty() (bool, error)
 }
 
 type GORMUserRepository struct {
@@ -22,7 +23,7 @@ func NewGORMUserRepository(db *gorm.DB) UserRepository {
 	}
 }
 
-func (u *GORMUserRepository) Create(user models.User) (models.User, error)	{
+func (u *GORMUserRepository) Create(user models.User) (models.User, error) {
 	result := u.DB.Create(&user)
 
 	if result.Error != nil {
@@ -53,3 +54,18 @@ func (u *GORMUserRepository) GetById(id interface{}) (models.User, error) {
 
 	return user, nil
 }
+
+func (u *GORMUserRepository) IsEmpty() (bool, error) {
+	var user models.User
+	result := u.DB.First(&user)
+
+	if result.Error != nil {
+		if result.Error == gorm.ErrRecordNotFound {
+			return true, nil
+		} else {
+			return false, result.Error
+		}
+	}
+
+	return false, nil
+}

services/userService.go

@@ -1,9 +1,9 @@
 package services
 
-import(
+import (
+	"golang.org/x/crypto/bcrypt"
 	"os"
 	"time"
-	"golang.org/x/crypto/bcrypt"
 
 	"github.com/golang-jwt/jwt/v5"
 
@@ -11,13 +11,13 @@ import(
 	"git.dynamicdiscord.de/kalipso/zineshop/repositories"
 )
 
-var(
+var (
 	Users UserService = UserService{}
 )
 
-type UserService struct {}
+type UserService struct{}
 
-func (u *UserService) Register(name string, email string, password string) (models.User, error) {
+func (u *UserService) Register(name string, email string, password string, isAdmin bool) (models.User, error) {
 	//hash pw
 	hash, err := bcrypt.GenerateFromPassword([]byte(password), 10)
 
@@ -25,7 +25,7 @@ func (u *UserService) Register(name string, email string, password string) (mode
 		return models.User{}, err
 	}
 
-	user := models.User{Name: name, Email: email, Password: string(hash)}
+	user := models.User{Name: name, Email: email, Password: string(hash), IsAdmin: isAdmin}
 	_, err = repositories.Users.Create(user)
 
 	if err != nil {
@@ -35,7 +35,7 @@ func (u *UserService) Register(name string, email string, password string) (mode
 	return user, nil
 }
 
-//return jwt tokenstring on success
+// return jwt tokenstring on success
 func (u *UserService) Login(email string, password string) (string, error) {
 	//lookup requested user
 	user, err := repositories.Users.GetByEmail(email)

static/output.css

@@ -650,10 +650,6 @@ video {
   margin-right: 1rem;
 }
 
-.ms-2 {
-  margin-inline-start: 0.5rem;
-}
-
 .mt-1 {
   margin-top: 0.25rem;
 }
@@ -814,10 +810,6 @@ video {
   flex-direction: column;
 }
 
-.items-start {
-  align-items: flex-start;
-}
-
 .items-center {
   align-items: center;
 }
@@ -929,11 +921,6 @@ video {
   border-bottom-left-radius: 0.375rem;
 }
 
-.rounded-l {
-  border-top-left-radius: 0.25rem;
-  border-bottom-left-radius: 0.25rem;
-}
-
 .border {
   border-width: 1px;
 }
@@ -1069,9 +1056,9 @@ video {
   background-color: rgb(224 231 255 / var(--tw-bg-opacity, 1));
 }
 
-.bg-indigo-300 {
+.bg-indigo-500 {
   --tw-bg-opacity: 1;
-  background-color: rgb(165 180 252 / var(--tw-bg-opacity, 1));
+  background-color: rgb(99 102 241 / var(--tw-bg-opacity, 1));
 }
 
 .bg-indigo-600 {
@@ -1234,46 +1221,6 @@ video {
   background-color: rgb(24 24 27 / var(--tw-bg-opacity, 1));
 }
 
-.bg-indigo-400 {
-  --tw-bg-opacity: 1;
-  background-color: rgb(129 140 248 / var(--tw-bg-opacity, 1));
-}
-
-.bg-indigo-500 {
-  --tw-bg-opacity: 1;
-  background-color: rgb(99 102 241 / var(--tw-bg-opacity, 1));
-}
-
-.bg-pink-200 {
-  --tw-bg-opacity: 1;
-  background-color: rgb(251 207 232 / var(--tw-bg-opacity, 1));
-}
-
-.bg-pink-300 {
-  --tw-bg-opacity: 1;
-  background-color: rgb(249 168 212 / var(--tw-bg-opacity, 1));
-}
-
-.bg-pink-700 {
-  --tw-bg-opacity: 1;
-  background-color: rgb(190 24 93 / var(--tw-bg-opacity, 1));
-}
-
-.bg-pink-500 {
-  --tw-bg-opacity: 1;
-  background-color: rgb(236 72 153 / var(--tw-bg-opacity, 1));
-}
-
-.bg-fuchsia-500 {
-  --tw-bg-opacity: 1;
-  background-color: rgb(217 70 239 / var(--tw-bg-opacity, 1));
-}
-
-.bg-blue-700 {
-  --tw-bg-opacity: 1;
-  background-color: rgb(29 78 216 / var(--tw-bg-opacity, 1));
-}
-
 .fill-red-50 {
   fill: #fef2f2;
 }
@@ -1299,10 +1246,6 @@ video {
   padding: 1rem;
 }
 
-.p-8 {
-  padding: 2rem;
-}
-
 .px-2 {
   padding-left: 0.5rem;
   padding-right: 0.5rem;
@@ -1402,10 +1345,6 @@ video {
   padding-top: 1.25rem;
 }
 
-.pt-8 {
-  padding-top: 2rem;
-}
-
 .text-left {
   text-align: left;
 }
@@ -1770,10 +1709,6 @@ video {
   color: rgb(39 39 42 / var(--tw-text-opacity, 1));
 }
 
-.underline {
-  text-decoration-line: underline;
-}
-
 .antialiased {
   -webkit-font-smoothing: antialiased;
   -moz-osx-font-smoothing: grayscale;
@@ -1908,10 +1843,6 @@ video {
   text-decoration-line: underline;
 }
 
-.hover\:no-underline:hover {
-  text-decoration-line: none;
-}
-
 .focus\:z-10:focus {
   z-index: 10;
 }
@@ -1948,12 +1879,6 @@ video {
   box-shadow: var(--tw-ring-offset-shadow), var(--tw-ring-shadow), var(--tw-shadow, 0 0 #0000);
 }
 
-.focus\:ring-2:focus {
-  --tw-ring-offset-shadow: var(--tw-ring-inset) 0 0 0 var(--tw-ring-offset-width) var(--tw-ring-offset-color);
-  --tw-ring-shadow: var(--tw-ring-inset) 0 0 0 calc(2px + var(--tw-ring-offset-width)) var(--tw-ring-color);
-  box-shadow: var(--tw-ring-offset-shadow), var(--tw-ring-shadow), var(--tw-shadow, 0 0 #0000);
-}
-
 .focus\:ring-4:focus {
   --tw-ring-offset-shadow: var(--tw-ring-inset) 0 0 0 var(--tw-ring-offset-width) var(--tw-ring-offset-color);
   --tw-ring-shadow: var(--tw-ring-inset) 0 0 0 calc(4px + var(--tw-ring-offset-width)) var(--tw-ring-color);
@@ -2065,10 +1990,6 @@ video {
     max-width: 24rem;
   }
 
-  .sm\:grid-cols-2 {
-    grid-template-columns: repeat(2, minmax(0, 1fr));
-  }
-
   .sm\:items-center {
     align-items: center;
   }
@@ -2156,26 +2077,10 @@ video {
     max-width: 80rem;
   }
 
-  .lg\:max-w-4xl {
-    max-width: 56rem;
-  }
-
-  .lg\:max-w-6xl {
-    max-width: 72rem;
-  }
-
   .lg\:grid-cols-3 {
     grid-template-columns: repeat(3, minmax(0, 1fr));
   }
 
-  .lg\:grid-cols-4 {
-    grid-template-columns: repeat(4, minmax(0, 1fr));
-  }
-
-  .lg\:grid-cols-2 {
-    grid-template-columns: repeat(2, minmax(0, 1fr));
-  }
-
   .lg\:p-8 {
     padding: 2rem;
   }
@@ -2199,26 +2104,9 @@ video {
   .xl\:grid-cols-4 {
     grid-template-columns: repeat(4, minmax(0, 1fr));
   }
-
-  .xl\:grid-cols-8 {
-    grid-template-columns: repeat(8, minmax(0, 1fr));
-  }
-
-  .xl\:gap-x-8 {
-    -moz-column-gap: 2rem;
-         column-gap: 2rem;
-  }
 }
 
 @media (min-width: 1536px) {
-  .\32xl\:grid-cols-8 {
-    grid-template-columns: repeat(8, minmax(0, 1fr));
-  }
-
-  .\32xl\:grid-cols-6 {
-    grid-template-columns: repeat(6, minmax(0, 1fr));
-  }
-
   .\32xl\:px-0 {
     padding-left: 0px;
     padding-right: 0px;
@@ -2305,10 +2193,6 @@ video {
     color: rgb(156 163 175 / var(--tw-placeholder-opacity, 1));
   }
 
-  .dark\:ring-offset-gray-800 {
-    --tw-ring-offset-color: #1f2937;
-  }
-
   .dark\:hover\:bg-gray-600:hover {
     --tw-bg-opacity: 1;
     background-color: rgb(75 85 99 / var(--tw-bg-opacity, 1));

utils/utils.go

@@ -0,0 +1,19 @@
+package utils
+
+import (
+	"crypto/rand"
+	"encoding/hex"
+)
+
+func GenerateSessionId(length int) string {
+	bytes := make([]byte, length) // 16 bytes = 128 bits
+	_, err := rand.Read(bytes)
+	if err != nil {
+		panic("failed to generate session ID")
+	}
+	return hex.EncodeToString(bytes)
+}
+
+func GenerateToken() string {
+	return GenerateSessionId(16)
+}

views/deleteitem.html

@@ -5,7 +5,7 @@
     <h3 class="text-lg">{{ .data.shopItem.Name }}</h3>
     <i class="text-xs">{{ .data.shopItem.Description }}</i>
     <p class="">Price: {{ .data.shopItem.BasePrice }}</p>
-    {{ if .loggedIn }}
+    {{ if .isAdmin }}
 
     <p class="mt-10 text-center text-sm/6 text-red-500">
       Do you really want to delete this item??

views/header.html

@@ -25,7 +25,7 @@
         {{ end }}
         -->
       </div>
-      {{ if .loggedIn }}
+      {{ if .isAdmin }}
       <div class="absolute inset-y-0 right-0 flex items-center pr-2 sm:static sm:inset-auto sm:ml-6 sm:pr-0 px-4 sm:px-8">
         <a href="/additem" class="rounded-md bg-gray-900 m-2 px-3 py-2 text-sm font-medium text-gray-300 hover:bg-gray-700 hover:text-white">Add Item</a>
         <a href="/batchupload" class="rounded-md bg-gray-900 m-2 px-3 py-2 text-sm font-medium text-gray-300
@@ -33,13 +33,15 @@
         <a href="/orders" class="rounded-md bg-gray-900 m-2 px-3 py-2 text-sm font-medium text-gray-300
           hover:bg-gray-700 hover:text-white">Orders</a>
         <a href="/tags" class="rounded-md bg-gray-900 m-2 px-3 py-2 text-sm font-medium text-gray-300 hover:bg-gray-700 hover:text-white">Tags</a>
+        <a href="/invites" class="rounded-md bg-gray-900 m-2 px-3 py-2 text-sm font-medium text-gray-300 hover:bg-gray-700 hover:text-white">Invites</a>
         <a href="/cart/print" class="rounded-md bg-gray-900 m-2 px-3 py-2 text-sm font-medium text-gray-300 hover:bg-gray-700
           hover:text-white">Print</a>
         <a href="/cart" class="rounded-md bg-gray-900 m-2 px-3 py-2 text-sm font-medium text-gray-300 hover:bg-gray-700
           hover:text-white">Cart</a>
         <a href="/logout" class="rounded-md  bg-gray-900 m-2 px-3 py-2 text-sm font-medium text-red-300 hover:bg-gray-700 hover:text-white">Logout</a>
       </div>
-      {{ else }}
+      {{ end }}
+      {{ if .loggedIn }}
       <div class="absolute inset-y-0 right-0 flex items-center pr-2 sm:static sm:inset-auto sm:ml-6 sm:pr-0 px-4 sm:px-8">
         <a href="/cart" class="rounded-md bg-gray-900 m-2 px-3 py-2 text-sm font-medium text-gray-300 hover:bg-gray-700 hover:text-white">&#128722; Cart</a>
       </div>

views/invites.html

@@ -0,0 +1,28 @@
+{{ template "header.html" . }}
+
+
+<div class="flex min-h-full flex-col justify-center px-6 py-12 lg:px-8">
+  <div class="sm:mx-auto sm:w-full sm:max-w-sm">
+    <img class="mx-auto h-10 w-auto" src="/static/img/logo-black.png" alt="Your Company">
+    <h2 class="mt-10 text-center text-2xl/9 font-bold tracking-tight text-gray-900">Create/Delete Invites</h2>
+  </div>
+
+  <div class="mt-10 sm:mx-auto sm:w-full sm:max-w-sm">
+  {{ range .tokens }}
+    <form action="/invites" method="POST">
+      <div class="max-w-md mx-auto mt-4">
+        <div class="flex">
+          <input type="text" id="token" name="token" value="{{ .Token }}" readonly="readonly" class="flex-grow border border-gray-300 rounded-md p-2 focus:outline-none focus:ring focus:ring-blue-500">
+          <button type="submit" name="action" value="delete" class="bg-red-800 text-white rounded px-4 hover:bg-red-900">Delete</button>
+        </div>
+    </form>
+  {{ end }}
+    <form action="/invites" method="POST">
+      <div class="max-w-md mx-auto mt-4">
+        <div class="flex">
+            <button type="submit" name="action" value="create" class="bg-green-600 text-white ml-4 mr-4 rounded px-4 hover:bg-green-700">Create</button>
+        </div>
+    </div>
+    </form>
+  </div>
+{{ template "footer.html" . }}

views/registertoken.html

@@ -0,0 +1,59 @@
+{{ template "header.html" . }}
+
+<div class="flex min-h-full flex-col justify-center px-6 py-12 lg:px-8">
+  <div class="sm:mx-auto sm:w-full sm:max-w-sm">
+    <img class="mx-auto h-10 w-auto" src="/static/img/logo-black.png" alt="Logo">
+    <h2 class="mt-10 text-center text-2xl/9 font-bold tracking-tight text-gray-900">Register your account</h2>
+  </div>
+
+  <div class="mt-10 sm:mx-auto sm:w-full sm:max-w-sm">
+    <form class="space-y-6" action="/register" method="POST">
+      <div>
+        <label for="token" class="block text-sm/6 font-medium text-gray-900">Token</label>
+        <div class="mt-2">
+          <input type="text" name="token" id="token" value="{{ .token }}" required class="block w-full rounded-md bg-white px-3 py-1.5 text-base text-gray-900 outline outline-1 -outline-offset-1 outline-gray-300 placeholder:text-gray-400 focus:outline focus:outline-2 focus:-outline-offset-2 focus:outline-indigo-600 sm:text-sm/6">
+        </div>
+      </div>
+
+
+      <div>
+        <label for="name" class="block text-sm/6 font-medium text-gray-900">Username</label>
+        <div class="mt-2">
+          <input type="text" name="name" id="name" required class="block w-full rounded-md bg-white px-3 py-1.5 text-base text-gray-900 outline outline-1 -outline-offset-1 outline-gray-300 placeholder:text-gray-400 focus:outline focus:outline-2 focus:-outline-offset-2 focus:outline-indigo-600 sm:text-sm/6">
+        </div>
+      </div>
+
+      <div>
+        <label for="email" class="block text-sm/6 font-medium text-gray-900">Email address</label>
+        <div class="mt-2">
+          <input type="email" name="email" id="email" autocomplete="email" required class="block w-full rounded-md bg-white px-3 py-1.5 text-base text-gray-900 outline outline-1 -outline-offset-1 outline-gray-300 placeholder:text-gray-400 focus:outline focus:outline-2 focus:-outline-offset-2 focus:outline-indigo-600 sm:text-sm/6">
+        </div>
+      </div>
+
+      <div>
+        <div class="flex items-center justify-between">
+          <label for="password" class="block text-sm/6 font-medium text-gray-900">Password</label>
+        </div>
+        <div class="mt-2">
+          <input type="password" name="password" id="password" autocomplete="current-password" required class="block w-full rounded-md bg-white px-3 py-1.5 text-base text-gray-900 outline outline-1 -outline-offset-1 outline-gray-300 placeholder:text-gray-400 focus:outline focus:outline-2 focus:-outline-offset-2 focus:outline-indigo-600 sm:text-sm/6">
+        </div>
+      </div>
+
+      <p class="mt-10 text-center text-sm/6 text-red-500">
+      {{ .error }}
+      </p>
+      <p class="mt-10 text-center text-sm/6 text-green-500">
+      {{ .success }}
+      </p>
+
+
+
+      <div>
+        <button type="submit" class="flex w-full justify-center rounded-md bg-indigo-600 px-3 py-1.5 text-sm/6 font-semibold text-white shadow-sm hover:bg-indigo-500 focus-visible:outline focus-visible:outline-2 focus-visible:outline-offset-2 focus-visible:outline-indigo-600">Register</button>
+      </div>
+    </form>
+  </div>
+</div>
+
+
+{{ template "footer.html" . }}

views/shopitem.html

@@ -9,15 +9,18 @@
                   <img class="w-full h-full object-cover" src="/{{ .data.shopItem.Image}}" alt="Product Image">
                 </div>
                 <div class="flex -mx-2 mb-4">
+    {{ if .loggedIn }}
                   <input type="hidden" id="{{ .data.shopItem.ID}}" name="ShopItemId" value="{{ .data.shopItem.ID }}">
                     <div class="w-1/3 px-2">
                         <button type="submit" class="w-full bg-gray-900 dark:bg-gray-600 text-white py-2 px-4 rounded-lg font-bold hover:bg-gray-800 dark:hover:bg-gray-700">Add to Cart</button>
                     </div>
+    {{ end }}
 
                     <div class="w-1/3 px-2">
                       <button type="button" class="w-full bg-blue-900 dark:bg-gray-600 text-white py-2 px-4 rounded-lg font-bold hover:bg-gray-800 dark:hover:bg-gray-700"><a href="/{{ .data.shopItem.Pdf }}">View</a></button>
                     </div>
-    {{ if .loggedIn }}
+
+    {{ if .isAdmin }}
                     <div class="w-1/3 px-2">
                       <button type="button" class="w-full bg-blue-900 dark:bg-gray-600 text-white py-2 px-4 rounded-lg font-bold hover:bg-gray-800 dark:hover:bg-gray-700"><a href="{{ .data.shopItem.ID }}/edit">Edit</a></button>
                     </div>
@@ -34,6 +37,7 @@
                   {{ .data.shopItem.Abstract }}
                 </p>
 
+    {{ if .loggedIn }}
                 <div class="flex mb-4">
                     <label for="ItemVariantId" class="block mb-2 text-sm font-medium text-gray-900 dark:text-white"></label>
                       <select name="ItemVariantId" id="ItemVariantId" required class="bg-gray-50 border border-gray-300 text-gray-900 text-sm rounded-lg focus:ring-blue-500 focus:border-blue-500 block w-full p-2.5 dark:bg-gray-700 dark:border-gray-600 dark:placeholder-gray-400 dark:text-white dark:focus:ring-blue-500 dark:focus:border-blue-500">
@@ -43,6 +47,7 @@
                   {{ end }}
                       </select>
                 </div>
+    {{ end }}
 
                 <div class="flex mb-4">
                     <div class="mr-4">

views/shopitems.html

@@ -25,7 +25,9 @@
             {{ end }}
           </p>
         </div>
-        <p class="text-sm font-medium text-gray-900">{{ .BasePrice }}€</p>
+        {{ if $.loggedIn }}
+          <p class="text-sm font-medium text-gray-900">{{ .BasePrice }}€</p>
+        {{ end }}
       </div>
     </div>