Refactor: Centralize template loading and improve error handling

- Introduced helpers.LoadTemplateFiles() for consistent layout + topbar rendering - Replaced repeated template.ParseFiles() calls across handlers - Created generic RenderError(w, r, statusCode) helper - Replaced old Render403 with flexible RenderError - Updated AdminOnly middleware to render 403 errors with context - Added 500.html template for graceful panic fallback - Prepared structure for future error codes (404, 429, etc.)
2025-04-02 09:12:13 +01:00
parent f5653f737d
commit 2498b33a9c
16 changed files with 69 additions and 106 deletions
--- a/handlers/account.go
+++ b/handlers/account.go
@@ -1,7 +1,6 @@
 package handlers

 import (
-	"html/template"
 	"log"
 	"net/http"
 	"synlotto-website/helpers"
@@ -18,12 +17,7 @@ func Login(w http.ResponseWriter, r *http.Request) {
 			http.Redirect(w, r, "/", http.StatusSeeOther)
 			return
 		}
-
-		tmpl := template.Must(template.New("login.html").Funcs(helpers.TemplateFuncs()).ParseFiles(
-			"templates/layout.html",
-			"templates/topbar.html",
-			"templates/account/login.html",
-		))
+		tmpl := helpers.LoadTemplateFiles("login.html", "templates/account/login.html")

 		context := helpers.TemplateContext(w, r, models.TemplateData{})
 		context["csrfField"] = csrf.TemplateField(r)
@@ -101,10 +95,7 @@ func Logout(w http.ResponseWriter, r *http.Request) {

 func Signup(w http.ResponseWriter, r *http.Request) {
 	if r.Method == http.MethodGet {
-		tmpl := template.Must(template.ParseFiles(
-			"templates/layout.html",
-			"templates/account/signup.html",
-		))
+		tmpl := helpers.LoadTemplateFiles("signup.html", "templates/account/signup.html")

 		tmpl.ExecuteTemplate(w, "layout", map[string]interface{}{
 			"csrfField": csrf.TemplateField(r),
--- a/handlers/admin/audit.go
+++ b/handlers/admin/audit.go
@@ -2,7 +2,6 @@ package handlers

 import (
 	"database/sql"
-	"html/template"
 	"log"
 	"net/http"
 	"synlotto-website/helpers"
@@ -46,10 +45,8 @@ func AdminAccessLogHandler(db *sql.DB) http.HandlerFunc {
 		}
 		context["AuditLogs"] = logs

-		tmpl := template.Must(template.New("").Funcs(helpers.TemplateFuncs()).ParseFiles(
-			"templates/layout.html",
-			"templates/admin/logs/access_log.html",
-		))
+		tmpl := helpers.LoadTemplateFiles("access_log.html", "templates/admin/logs/access_log.html")
+
 		_ = tmpl.ExecuteTemplate(w, "layout", context)
 	})
 }
@@ -84,10 +81,7 @@ func AuditLogHandler(db *sql.DB) http.HandlerFunc {

 		context["AuditLogs"] = logs

-		tmpl := template.Must(template.New("").Funcs(helpers.TemplateFuncs()).ParseFiles(
-			"templates/layout.html",
-			"templates/admin/logs/audit.html",
-		))
+		tmpl := helpers.LoadTemplateFiles("audit.html", "templates/admin/logs/audit.html")

 		err = tmpl.ExecuteTemplate(w, "layout", context)
 		if err != nil {
--- a/handlers/admin/dashboard.go
+++ b/handlers/admin/dashboard.go
@@ -2,7 +2,6 @@ package handlers

 import (
 	"database/sql"
-	"html/template"
 	"log"
 	"net/http"

@@ -55,10 +54,7 @@ func AdminDashboardHandler(db *sql.DB) http.HandlerFunc {
 		}
 		context["MatchLogs"] = logs

-		tmpl := template.Must(template.New("").Funcs(helpers.TemplateFuncs()).ParseFiles(
-			"templates/layout.html",
-			"templates/admin/dashboard.html",
-		))
+		tmpl := helpers.LoadTemplateFiles("dashboard.html", "templates/admin/dashboard.html")

 		err = tmpl.ExecuteTemplate(w, "layout", context)
 		if err != nil {
--- a/handlers/admin/draws.go
+++ b/handlers/admin/draws.go
@@ -2,7 +2,6 @@ package handlers

 import (
 	"database/sql"
-	"html/template"
 	"log"
 	"net/http"

@@ -31,10 +30,8 @@ func NewDrawHandler(db *sql.DB) http.HandlerFunc {
 			return
 		}

-		tmpl := template.Must(template.New("new_draw").Funcs(helpers.TemplateFuncs()).ParseFiles(
-			"templates/layout.html",
-			"templates/admin/draws/new_draw.html",
-		))
+		tmpl := helpers.LoadTemplateFiles("new_draw", "templates/admin/draws/new_draw.html")
+
 		tmpl.ExecuteTemplate(w, "layout", context)
 	})
 }
@@ -103,10 +100,8 @@ func ListDrawsHandler(db *sql.DB) http.HandlerFunc {

 		context["Draws"] = draws

-		tmpl := template.Must(template.New("draw_list").Funcs(helpers.TemplateFuncs()).ParseFiles(
-			"templates/layout.html",
-			"templates/admin/draws/list.html",
-		))
+		tmpl := helpers.LoadTemplateFiles("list.html", "templates/admin/draws/list.html")
+
 		tmpl.ExecuteTemplate(w, "layout", context)
 	})
 }
--- a/handlers/admin/manualtriggers.go
+++ b/handlers/admin/manualtriggers.go
@@ -3,7 +3,6 @@ package handlers
 import (
 	"database/sql"
 	"fmt"
-	"html/template"
 	"log"
 	"net/http"
 	"net/url"
@@ -18,7 +17,6 @@ func AdminTriggersHandler(db *sql.DB) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		context := helpers.TemplateContext(w, r, models.TemplateData{})

-		// Inject flash message if available
 		if flash := r.URL.Query().Get("flash"); flash != "" {
 			context["Flash"] = flash
 		}
@@ -69,16 +67,11 @@ func AdminTriggersHandler(db *sql.DB) http.HandlerFunc {
 				flashMsg = "⚠️ Unknown action."
 			}

-			// Redirect back with flash message
 			http.Redirect(w, r, "/admin/triggers?flash="+url.QueryEscape(flashMsg), http.StatusSeeOther)
 			return
 		}

-		// Render the admin trigger page
-		tmpl := template.Must(template.New("").Funcs(helpers.TemplateFuncs()).ParseFiles(
-			"templates/layout.html",
-			"templates/admin/triggers.html",
-		))
+		tmpl := helpers.LoadTemplateFiles("triggers.html", "templates/admin/triggers.html")

 		err := tmpl.ExecuteTemplate(w, "layout", context)
 		if err != nil {
--- a/handlers/admin/prizes.go
+++ b/handlers/admin/prizes.go
@@ -3,7 +3,6 @@ package handlers
 import (
 	"database/sql"
 	"fmt"
-	"html/template"
 	"net/http"
 	"strconv"
 	"synlotto-website/helpers"
@@ -13,10 +12,8 @@ import (
 func AddPrizesHandler(db *sql.DB) http.HandlerFunc {
 	return helpers.AuthMiddleware(func(w http.ResponseWriter, r *http.Request) {
 		if r.Method == http.MethodGet {
-			tmpl := template.Must(template.New("").Funcs(helpers.TemplateFuncs()).ParseFiles(
-				"templates/layout.html",
-				"templates/admin/draws/prizes/add_prizes.html",
-			))
+			tmpl := helpers.LoadTemplateFiles("add_prizes.html", "templates/admin/draws/prizes/add_prizes.html")
+
 			tmpl.ExecuteTemplate(w, "layout", helpers.TemplateContext(w, r, models.TemplateData{}))
 			return
 		}
@@ -47,10 +44,8 @@ func AddPrizesHandler(db *sql.DB) http.HandlerFunc {
 func ModifyPrizesHandler(db *sql.DB) http.HandlerFunc {
 	return helpers.AuthMiddleware(func(w http.ResponseWriter, r *http.Request) {
 		if r.Method == http.MethodGet {
-			tmpl := template.Must(template.New("").Funcs(helpers.TemplateFuncs()).ParseFiles(
-				"templates/layout.html",
-				"templates/admin/draws/prizes/modify_prizes.html",
-			))
+			tmpl := helpers.LoadTemplateFiles("modify_prizes.html", "templates/admin/draws/prizes/modify_prizes.html")
+
 			tmpl.ExecuteTemplate(w, "layout", helpers.TemplateContext(w, r, models.TemplateData{}))
 			return
 		}
--- a/handlers/draw_handler.go
+++ b/handlers/draw_handler.go
@@ -2,7 +2,6 @@ package handlers

 import (
 	"database/sql"
-	"html/template"
 	"log"
 	"net/http"

@@ -18,11 +17,7 @@ func NewDraw(db *sql.DB) http.HandlerFunc {
 		context["Page"] = "new_draw"
 		context["Data"] = nil

-		tmpl := template.Must(template.New("").Funcs(helpers.TemplateFuncs()).ParseFiles(
-			"templates/layout.html",
-			"templates/topbar.html",
-			"templates/new_draw.html",
-		))
+		tmpl := helpers.LoadTemplateFiles("new_draw.html", "templates/new_draw.html") // ToDo: may need removing or moving add draw should be admin functionality and only when manually required. Potential live drawing of numbers in the future.

 		err := tmpl.ExecuteTemplate(w, "layout", context)
 		if err != nil {
@@ -48,7 +43,6 @@ func Submit(w http.ResponseWriter, r *http.Request) {
 		Thunderball: helpers.Atoi(r.FormValue("thunderball")),
 	}

-	// For now you're appending to memory - can replace with DB insert later
 	Draws = append(Draws, draw)

 	log.Printf("📅 %s | 🛠 %s | 🎱 %d | 🔢 %d,%d,%d,%d,%d | ⚡ %d\n",
--- a/handlers/home.go
+++ b/handlers/home.go
@@ -2,7 +2,6 @@ package handlers

 import (
 	"database/sql"
-	"html/template"
 	"log"
 	"net/http"
 	"synlotto-website/helpers"
@@ -13,11 +12,7 @@ func Home(db *sql.DB) http.HandlerFunc {
 		data := BuildTemplateData(db, w, r)
 		context := helpers.TemplateContext(w, r, data)

-		tmpl := template.Must(template.New("index.html").Funcs(helpers.TemplateFuncs()).ParseFiles(
-			"templates/layout.html",
-			"templates/topbar.html",
-			"templates/index.html",
-		))
+		tmpl := helpers.LoadTemplateFiles("index.html", "templates/index.html")

 		err := tmpl.ExecuteTemplate(w, "layout", context)
 		if err != nil {
--- a/handlers/notifications.go
+++ b/handlers/notifications.go
@@ -5,7 +5,6 @@ import (
 	"log"
 	"net/http"
 	"strconv"
-	"text/template"

 	"synlotto-website/helpers"
 	"synlotto-website/storage"
@@ -16,13 +15,7 @@ func NotificationsHandler(db *sql.DB) http.HandlerFunc {
 		data := BuildTemplateData(db, w, r)
 		context := helpers.TemplateContext(w, r, data)

-		tmpl := template.Must(template.New("notifications.html").
-			Funcs(helpers.TemplateFuncs()).
-			ParseFiles(
-				"templates/layout.html",
-				"templates/topbar.html",
-				"templates/account/notifications.html",
-			))
+		tmpl := helpers.LoadTemplateFiles("notifications.html", "templates/account/notifications.html")

 		err := tmpl.ExecuteTemplate(w, "layout", context)
 		if err != nil {
@@ -63,13 +56,7 @@ func MarkNotificationReadHandler(db *sql.DB) http.HandlerFunc {
 		context := helpers.TemplateContext(w, r, data)
 		context["Notification"] = notification

-		tmpl := template.Must(template.New("read.html").
-			Funcs(helpers.TemplateFuncs()).
-			ParseFiles(
-				"templates/layout.html",
-				"templates/topbar.html",
-				"templates/account/notifications/read.html",
-			))
+		tmpl := helpers.LoadTemplateFiles("read.html", "templates/account/notifications/read.html")

 		err = tmpl.ExecuteTemplate(w, "layout", context)
 		if err != nil {
--- a/handlers/results.go
+++ b/handlers/results.go
@@ -2,7 +2,6 @@ package handlers

 import (
 	"database/sql"
-	"html/template"
 	"log"
 	"net"
 	"net/http"
@@ -110,10 +109,7 @@ func ResultsThunderball(db *sql.DB) http.HandlerFunc {
 			noResultsMsg = "No results found for \"" + query + "\""
 		}

-		tmpl := template.Must(template.New("").Funcs(helpers.TemplateFuncs()).ParseFiles(
-			"templates/layout.html",
-			"templates/results/thunderball.html",
-		))
+		tmpl := helpers.LoadTemplateFiles("thunderball.html", "templates/results/thunderball.html")

 		err = tmpl.ExecuteTemplate(w, "layout", map[string]interface{}{
 			"Results":       results,
--- a/handlers/ticket_handler.go
+++ b/handlers/ticket_handler.go
@@ -3,7 +3,6 @@ package handlers
 import (
 	"database/sql"
 	"fmt"
-	"html/template"
 	"io"
 	"log"
 	"net/http"
@@ -44,10 +43,7 @@ func AddTicket(db *sql.DB) http.HandlerFunc {
 			context["csrfField"] = csrf.TemplateField(r)
 			context["DrawDates"] = drawDates

-			tmpl := template.Must(template.New("").Funcs(helpers.TemplateFuncs()).ParseFiles(
-				"templates/layout.html",
-				"templates/account/tickets/add_ticket.html",
-			))
+			tmpl := helpers.LoadTemplateFiles("add_ticket.html", "templates/account/tickets/add_ticket.html")

 			err = tmpl.ExecuteTemplate(w, "layout", context)
 			if err != nil {
@@ -362,10 +358,7 @@ func GetMyTickets(db *sql.DB) http.HandlerFunc {
 		context := helpers.TemplateContext(w, r, models.TemplateData{})
 		context["Tickets"] = tickets

-		tmpl := template.Must(template.New("").Funcs(helpers.TemplateFuncs()).ParseFiles(
-			"templates/layout.html",
-			"templates/account/tickets/my_tickets.html",
-		))
+		tmpl := helpers.LoadTemplateFiles("my_tickets.html", "templates/account/tickets/my_tickets.html")

 		err = tmpl.ExecuteTemplate(w, "layout", context)
 		if err != nil {
--- a/helpers/pages.go
+++ b/helpers/pages.go
@@ -2,18 +2,23 @@ package helpers

 // ToDo should be a handler?
 import (
-	"html/template"
+	"fmt"
+	"log"
 	"net/http"

 	"synlotto-website/models"
 )

-func Render403(w http.ResponseWriter, r *http.Request) {
+func RenderError(w http.ResponseWriter, r *http.Request, statusCode int) {
 	context := TemplateContext(w, r, models.TemplateData{})
-	tmpl := template.Must(template.New("").Funcs(TemplateFuncs()).ParseFiles(
-		"templates/layout.html",
-		"templates/error/403.html",
-	))

-	tmpl.ExecuteTemplate(w, "layout", context)
+	page := fmt.Sprintf("templates/error/%d.html", statusCode)
+	tmpl := LoadTemplateFiles(fmt.Sprintf("%d.html", statusCode), page)
+
+	w.WriteHeader(statusCode)
+	err := tmpl.ExecuteTemplate(w, "layout", context)
+	if err != nil {
+		log.Printf("❌ Failed to render error page for %d: %v", statusCode, err)
+		http.Error(w, http.StatusText(statusCode), statusCode)
+	}
 }
--- a/helpers/template.go
+++ b/helpers/template.go
@@ -32,7 +32,6 @@ func TemplateContext(w http.ResponseWriter, r *http.Request, data models.Templat
 	}
 }

-// TemplateFuncs provides helper functions to be used in templates.
 func TemplateFuncs() template.FuncMap {
 	return template.FuncMap{
 		"plus1": func(i int) int { return i + 1 },
@@ -63,7 +62,16 @@ func TemplateFuncs() template.FuncMap {
 	}
 }

-// SetFlash sets a flash message in session.
+func LoadTemplateFiles(name string, files ...string) *template.Template {
+	shared := []string{
+		"templates/layout.html",
+		"templates/topbar.html",
+	}
+	all := append(shared, files...)
+
+	return template.Must(template.New(name).Funcs(TemplateFuncs()).ParseFiles(all...))
+}
+
 func SetFlash(w http.ResponseWriter, r *http.Request, message string) {
 	session, _ := GetSession(w, r)
 	session.Values["flash"] = message
--- a/middleware/admin.go
+++ b/middleware/admin.go
@@ -7,12 +7,12 @@ import (
 	"synlotto-website/helpers"
 )

-// Wraps an existing handler but checks is_admin before executing
 func AdminOnly(db *sql.DB, next http.HandlerFunc) http.HandlerFunc {
 	return Auth(true)(func(w http.ResponseWriter, r *http.Request) {
 		userID, ok := helpers.GetCurrentUserID(r)
 		if !ok || !helpers.IsAdmin(db, userID) {
-			http.Redirect(w, r, "/", http.StatusSeeOther)
+			log.Printf("⛔️ Unauthorized admin attempt: user_id=%v, IP=%s, Path=%s", userID, r.RemoteAddr, r.URL.Path)
+			helpers.RenderError(w, r, http.StatusForbidden)
 			return
 		}

@@ -20,7 +20,6 @@ func AdminOnly(db *sql.DB, next http.HandlerFunc) http.HandlerFunc {
 		ua := r.UserAgent()
 		path := r.URL.Path

-		// Store log entry in DB
 		_, err := db.Exec(`
 			INSERT INTO admin_access_log (user_id, path, ip, user_agent)
 			VALUES (?, ?, ?, ?)`,
@@ -30,9 +29,10 @@ func AdminOnly(db *sql.DB, next http.HandlerFunc) http.HandlerFunc {
 			log.Printf("⚠️ Failed to log admin access: %v", err)
 		}

-		// Optional: still log to console
 		log.Printf("🛡️ Admin access: user_id=%d IP=%s Path=%s", userID, ip, path)

 		next(w, r)
 	})
 }
+
+// ToDo need to look into audit/access log tables and consolidate
--- a/templates/error/429.html
+++ b/templates/error/429.html
@@ -0,0 +1,7 @@
+{{ define "content" }}
+<div class="container py-5 text-center">
+  <h1 class="text-danger">🚫 Too Many Requests</h1>
+  <p>Whoa there! You're making requests too quickly. Please slow down and try again in a moment.</p>
+  <a href="/" class="btn btn-primary mt-3">Back to home</a>
+</div>
+{{ end }}
--- a/templates/error/500.html
+++ b/templates/error/500.html
@@ -0,0 +1,14 @@
+{{ define "content" }}
+<div class="container py-5 text-center">
+  <h1 class="display-4 text-danger">500 - Server Error</h1>
+  <p class="lead">Something went wrong on our end. We're working to fix it.</p>
+
+  <div class="mt-4">
+    <i class="bi bi-exclamation-triangle-fill text-warning" style="font-size: 3rem;"></i>
+  </div>
+
+  <p class="mt-4 text-muted">Please try again later or contact support if the issue persists.</p>
+
+  <a href="/" class="btn btn-primary mt-3">Return to Homepage</a>
+</div>
+{{ end }}