H3ALY
e3428911b9
- Implemented `/account/messages/archive` route for soft-archiving messages - Added `is_archived` flag to `users_messages` schema and model - Topbar dropdown now reflects accurate unread message count - Fixed missing route registration for archive handler - Improved message visibility checks to prevent access violations - Placeholder for rate-limit (429) error page rendering identified
81 lines
3.1 KiB
Go
81 lines
3.1 KiB
Go
package main
|
|
|
|
import (
|
|
"database/sql"
|
|
"log"
|
|
"net/http"
|
|
"synlotto-website/handlers"
|
|
admin "synlotto-website/handlers/admin"
|
|
"synlotto-website/helpers"
|
|
"synlotto-website/middleware"
|
|
"synlotto-website/models"
|
|
"synlotto-website/storage"
|
|
|
|
"github.com/gorilla/csrf"
|
|
)
|
|
|
|
func main() {
|
|
db := storage.InitDB("synlotto.db")
|
|
models.SetDB(db)
|
|
|
|
var isProduction = false
|
|
|
|
csrfMiddleware := csrf.Protect(
|
|
[]byte("abcdefghijklmnopqrstuvwx12345678"), // TodO: Make Global
|
|
csrf.Secure(true),
|
|
csrf.Path("/"),
|
|
)
|
|
|
|
mux := http.NewServeMux()
|
|
setupAdminRoutes(mux, db)
|
|
setupAccountRoutes(mux, db)
|
|
setupResultRoutes(mux, db)
|
|
|
|
mux.Handle("/static/", http.StripPrefix("/static/", http.FileServer(http.Dir("static"))))
|
|
|
|
mux.HandleFunc("/", handlers.Home(db))
|
|
|
|
wrapped := helpers.RateLimit(csrfMiddleware(mux))
|
|
wrapped = middleware.EnforceHTTPS(wrapped, isProduction)
|
|
wrapped = middleware.SecureHeaders(wrapped)
|
|
wrapped = middleware.Recover(wrapped)
|
|
|
|
log.Println("🌐 Running on http://localhost:8080")
|
|
http.ListenAndServe(":8080", wrapped)
|
|
}
|
|
|
|
func setupAdminRoutes(mux *http.ServeMux, db *sql.DB) {
|
|
mux.HandleFunc("/admin/access", middleware.AdminOnly(db, admin.AdminAccessLogHandler(db)))
|
|
mux.HandleFunc("/admin/audit", middleware.AdminOnly(db, admin.AuditLogHandler(db)))
|
|
mux.HandleFunc("/admin/dashboard", middleware.AdminOnly(db, admin.AdminDashboardHandler(db)))
|
|
mux.HandleFunc("/admin/triggers", middleware.AdminOnly(db, admin.AdminTriggersHandler(db)))
|
|
|
|
// Draw management
|
|
mux.HandleFunc("/admin/draws", middleware.AdminOnly(db, admin.ListDrawsHandler(db)))
|
|
// mux.HandleFunc("/admin/draws/new", middleware.AdminOnly(db, admin.RenderNewDrawForm(db)))
|
|
// mux.HandleFunc("/admin/draws/submit", middleware.AdminOnly(db, admin.CreateDrawHandler(db)))
|
|
mux.HandleFunc("/admin/draws/modify", middleware.AdminOnly(db, admin.ModifyDrawHandler(db)))
|
|
mux.HandleFunc("/admin/draws/delete", middleware.AdminOnly(db, admin.DeleteDrawHandler(db)))
|
|
|
|
// Prize management
|
|
mux.HandleFunc("/admin/draws/prizes/add", middleware.AdminOnly(db, admin.AddPrizesHandler(db)))
|
|
mux.HandleFunc("/admin/draws/prizes/modify", middleware.AdminOnly(db, admin.ModifyPrizesHandler(db)))
|
|
}
|
|
|
|
func setupAccountRoutes(mux *http.ServeMux, db *sql.DB) {
|
|
mux.HandleFunc("/login", middleware.Auth(false)(handlers.Login))
|
|
mux.HandleFunc("/logout", handlers.Logout)
|
|
mux.HandleFunc("/signup", middleware.Auth(false)(handlers.Signup))
|
|
mux.HandleFunc("/account/tickets/add_ticket", handlers.AddTicket(db))
|
|
mux.HandleFunc("/account/tickets/my_tickets", handlers.GetMyTickets(db))
|
|
mux.HandleFunc("/account/messages", middleware.Auth(true)(handlers.MessagesInboxHandler(db)))
|
|
mux.HandleFunc("/account/messages/read", middleware.Auth(true)(handlers.ReadMessageHandler(db)))
|
|
mux.HandleFunc("/account/messages/archive", middleware.Auth(true)(handlers.ArchiveMessageHandler(db)))
|
|
mux.HandleFunc("/account/notifications", middleware.Auth(true)(handlers.NotificationsHandler(db)))
|
|
mux.HandleFunc("/account/notifications/read", middleware.Auth(true)(handlers.MarkNotificationReadHandler(db)))
|
|
}
|
|
|
|
func setupResultRoutes(mux *http.ServeMux, db *sql.DB) {
|
|
mux.HandleFunc("/results/thunderball", handlers.ResultsThunderball(db))
|
|
}
|