15ef7db5f7
- user.avatar-Spalte (Schema, migrate.sh, Migrationsdoku)
- POST /user/avatar (geschützt): Upload via storeImage, ersetzt/löscht altes Bild
- avatar in /u/{name}/info, /user/info und im entrySelect-Join (Feed-Karten)
- Account-Löschung entfernt auch das Avatar-File
- Frontend: Avatar im Profilkopf + Byline der Karten (50px), Upload-Form,
Platzhalterbild no_profile_pic.jpg als Fallback
- .card img per :not(.avatar) von Beitragsbildern getrennt
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
86 lines
2.3 KiB
Go
86 lines
2.3 KiB
Go
package main
|
|
|
|
import (
|
|
"encoding/json"
|
|
"log"
|
|
"net/http"
|
|
"time"
|
|
|
|
"github.com/go-chi/chi/v5"
|
|
"github.com/go-chi/chi/v5/middleware"
|
|
"github.com/go-chi/httprate"
|
|
)
|
|
|
|
func main() {
|
|
if err := initDB("kver.db"); err != nil {
|
|
log.Fatalf("db init: %v", err)
|
|
}
|
|
defer db.Close()
|
|
|
|
const addr = ":8080"
|
|
log.Printf("kver listening on %s", addr)
|
|
log.Fatal(http.ListenAndServe(addr, routes()))
|
|
}
|
|
|
|
// routes baut den HTTP-Handler mit allen Endpunkten. In main() und in den
|
|
// Tests identisch verwendet.
|
|
func routes() http.Handler {
|
|
r := chi.NewRouter()
|
|
r.Use(middleware.Logger)
|
|
r.Use(middleware.Recoverer)
|
|
|
|
// --- Auth (öffentlich) ---
|
|
// Login und Registrierung pro IP drosseln (Brute-Force-Bremse). bcrypt bremst
|
|
// zusätzlich, aber das Limit kappt automatisiertes Durchprobieren früh.
|
|
r.Group(func(r chi.Router) {
|
|
r.Use(httprate.LimitByIP(20, time.Minute))
|
|
r.Post("/auth/login", handleLogin)
|
|
r.Post("/auth/newuser", handleNewUser)
|
|
})
|
|
r.Get("/auth/logout", handleLogout)
|
|
r.Get("/auth/sessioninfo", handleSessionInfo)
|
|
r.Get("/auth/headerbar", handleHeaderbar)
|
|
|
|
// --- Entries ---
|
|
r.Get("/entry/feed/{page}", handleFeed)
|
|
r.Get("/entry/{pid}/votes", handleVotes)
|
|
r.Get("/entry/{pid}/thread", handleThread)
|
|
r.Get("/e/{pid}", serveEntryPage)
|
|
|
|
// --- User (öffentlich) ---
|
|
r.Get("/u/{username}", serveUserPage)
|
|
r.Get("/u/{username}/info", handleUserPage)
|
|
r.Get("/u/{username}/feed/{page}", handleUserFeed)
|
|
|
|
// --- Geschützt (Session erforderlich) ---
|
|
r.Group(func(r chi.Router) {
|
|
r.Use(requireAuth)
|
|
r.Post("/entry/create", handleCreateEntry)
|
|
r.Post("/entry/{pid}/vote", handleVote)
|
|
r.Post("/entry/{pid}/edit", handleEditEntry)
|
|
r.Post("/entry/{pid}/delete", handleDeleteEntry)
|
|
r.Get("/user/info", handleUserInfo)
|
|
r.Post("/user/rename", handleUserRename)
|
|
r.Post("/user/avatar", handleSetAvatar)
|
|
r.Post("/user/delete", handleUserDelete)
|
|
})
|
|
|
|
// Hochgeladene Medien + alte statische Assets
|
|
r.Handle("/static/*", http.StripPrefix("/static/", http.FileServer(http.Dir("static"))))
|
|
|
|
// Neues JS-Frontend
|
|
r.Handle("/*", http.FileServer(http.Dir("web")))
|
|
|
|
return r
|
|
}
|
|
|
|
func writeJSON(w http.ResponseWriter, status int, v any) {
|
|
w.Header().Set("Content-Type", "application/json")
|
|
w.WriteHeader(status)
|
|
_ = json.NewEncoder(w).Encode(v)
|
|
}
|
|
|
|
func writeError(w http.ResponseWriter, status int, msg string) {
|
|
writeJSON(w, status, map[string]string{"error": msg})
|
|
}
|