expand on admin functionality, hardening still needs to be implemented.

2025-03-31 10:52:12 +01:00
parent b466c351da
commit c3a7480c65
15 changed files with 447 additions and 13 deletions
--- a/handlers/admin/prizes.go
+++ b/handlers/admin/prizes.go
@@ -0,0 +1,70 @@
+package handlers
+
+import (
+	"database/sql"
+	"fmt"
+	"html/template"
+	"net/http"
+	"strconv"
+	"synlotto-website/helpers"
+)
+
+func AddPrizesHandler(db *sql.DB) http.HandlerFunc {
+	return helpers.AuthMiddleware(func(w http.ResponseWriter, r *http.Request) {
+		if r.Method == http.MethodGet {
+			tmpl := template.Must(template.New("").Funcs(helpers.TemplateFuncs()).ParseFiles(
+				"templates/layout.html",
+				"templates/admin/draws/prizes/add_prizes.html",
+			))
+			tmpl.ExecuteTemplate(w, "layout", helpers.TemplateContext(w, r))
+			return
+		}
+
+		drawDate := r.FormValue("draw_date")
+		values := make([]interface{}, 0)
+		for i := 1; i <= 9; i++ {
+			val, _ := strconv.Atoi(r.FormValue(fmt.Sprintf("prize%d_per_winner", i)))
+			values = append(values, val)
+		}
+
+		stmt := `INSERT INTO prizes_thunderball (
+			draw_date, prize1_per_winner, prize2_per_winner, prize3_per_winner,
+			prize4_per_winner, prize5_per_winner, prize6_per_winner,
+			prize7_per_winner, prize8_per_winner, prize9_per_winner
+		) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`
+
+		_, err := db.Exec(stmt, append([]interface{}{drawDate}, values...)...)
+		if err != nil {
+			http.Error(w, "Insert failed: "+err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		http.Redirect(w, r, "/admin/draws", http.StatusSeeOther)
+	})
+}
+
+func ModifyPrizesHandler(db *sql.DB) http.HandlerFunc {
+	return helpers.AuthMiddleware(func(w http.ResponseWriter, r *http.Request) {
+		if r.Method == http.MethodGet {
+			tmpl := template.Must(template.New("").Funcs(helpers.TemplateFuncs()).ParseFiles(
+				"templates/layout.html",
+				"templates/admin/draws/prizes/modify_prizes.html",
+			))
+			tmpl.ExecuteTemplate(w, "layout", helpers.TemplateContext(w, r))
+			return
+		}
+
+		drawDate := r.FormValue("draw_date")
+		for i := 1; i <= 9; i++ {
+			key := fmt.Sprintf("prize%d_per_winner", i)
+			val, _ := strconv.Atoi(r.FormValue(key))
+			_, err := db.Exec("UPDATE prizes_thunderball SET "+key+" = ? WHERE draw_date = ?", val, drawDate)
+			if err != nil {
+				http.Error(w, "Update failed: "+err.Error(), http.StatusInternalServerError)
+				return
+			}
+		}
+
+		http.Redirect(w, r, "/admin/draws", http.StatusSeeOther)
+	})
+}