alphonse/zero2prod
1
0
Fork 0
Code Issues 6 Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: alphonse:da590fb7c69f87fca662a3466e9c908ced5fda5c
Branches Tags
alphonse:main
..
compare: alphonse:main
Branches Tags
alphonse:main

15 Commits
da590fb7c6 ... main

Author SHA1 Message Date
Alphonse Paix
be69a54fd1 queries
All checks were successful
Rust / Test (push) Successful in 5m51s
Details
Rust / Rustfmt (push) Successful in 22s
Details
Rust / Clippy (push) Successful in 1m38s
Details
Rust / Code coverage (push) Successful in 5m6s
Details
2025-10-11 00:06:08 +02:00
Alphonse Paix
90aa4f8185 Templates update
Some checks failed
Rust / Rustfmt (push) Has been cancelled
Details
Rust / Clippy (push) Has been cancelled
Details
Rust / Code coverage (push) Has been cancelled
Details
Rust / Test (push) Has been cancelled
Details
2025-10-11 00:02:05 +02:00
Alphonse Paix
5d5f9ec765 Database worker 
Worker used to clean up pending subscriptions and old idempotency
records
 2025-10-11 00:02:05 +02:00
Alphonse Paix
7affe88d50 Queries
All checks were successful
Rust / Test (push) Successful in 5m43s
Details
Rust / Rustfmt (push) Successful in 21s
Details
Rust / Clippy (push) Successful in 1m38s
Details
Rust / Code coverage (push) Successful in 5m3s
Details
2025-10-09 23:48:10 +02:00
Alphonse Paix
e02139ff44 Record login for users
Some checks failed
Rust / Test (push) Failing after 4m54s
Details
Rust / Rustfmt (push) Successful in 21s
Details
Rust / Clippy (push) Failing after 1m36s
Details
Rust / Code coverage (push) Successful in 5m4s
Details
2025-10-09 21:05:48 +02:00
Alphonse Paix
45f529902d Moved logging for task worker inside task execution logic 2025-10-09 19:27:50 +02:00
Alphonse Paix
ef9f860da2 User comments
All checks were successful
Rust / Test (push) Successful in 6m17s
Details
Rust / Rustfmt (push) Successful in 21s
Details
Rust / Clippy (push) Successful in 1m37s
Details
Rust / Code coverage (push) Successful in 5m5s
Details
2025-10-08 14:23:43 +02:00
Alphonse Paix
8a5605812c Posts editing tests
All checks were successful
Rust / Test (push) Successful in 6m17s
Details
Rust / Rustfmt (push) Successful in 24s
Details
Rust / Clippy (push) Successful in 1m35s
Details
Rust / Code coverage (push) Successful in 5m9s
Details
2025-10-08 00:13:56 +02:00
Alphonse Paix
d27196d7e5 Merge branch 'tests' 2025-10-07 23:27:15 +02:00
Alphonse Paix
9cbcdc533e Update templates 2025-10-07 23:25:43 +02:00
Alphonse Paix
f18899b1a6 Update banner message 2025-10-07 23:10:52 +02:00
Alphonse Paix
3bfac6d012 Profile update tests 2025-10-07 23:07:16 +02:00
Alphonse Paix
0b402c6259 Warning banner 2025-10-07 19:43:31 +02:00
Alphonse Paix
8b5f55db6f Edit posts
All checks were successful
Rust / Test (push) Successful in 5m43s
Details
Rust / Rustfmt (push) Successful in 22s
Details
Rust / Clippy (push) Successful in 1m37s
Details
Rust / Code coverage (push) Successful in 4m49s
Details 
Use fix routes for user profile edit handles to make it easier when user decides to change his username
 2025-10-06 22:33:05 +02:00
Alphonse Paix
b252216709 Edit profile and templates update
All checks were successful
Rust / Test (push) Successful in 6m6s
Details
Rust / Rustfmt (push) Successful in 22s
Details
Rust / Clippy (push) Successful in 1m36s
Details
Rust / Code coverage (push) Successful in 4m47s
Details
2025-10-06 19:23:57 +02:00
67 changed files with 1931 additions and 3013 deletions
Expand all files Collapse all files

18
.sqlx/query-02fff619c0ff8cb4f9946991be0ce795385b9e6697dcaa52f915acdbb1460e65.json generated Normal file
View File

@@ -0,0 +1,18 @@
{
"db_name": "PostgreSQL",
"query": "\n INSERT INTO comments (user_id, comment_id, post_id, author, content)\n VALUES ($1, $2, $3, $4, $5)\n ",
"describe": {
"columns": [],
"parameters": {
"Left": [
"Uuid",
"Uuid",
"Uuid",
"Text",
"Text"
]
},
"nullable": []
},
"hash": "02fff619c0ff8cb4f9946991be0ce795385b9e6697dcaa52f915acdbb1460e65"
}

64
.sqlx/query-059162eba48cf5f519d0d8b6ce63575ced91941b8c55c986b8c5591c7d9b09e4.json generated Normal file
View File

@@ -0,0 +1,64 @@
{
"db_name": "PostgreSQL",
"query": "\n SELECT p.post_id, p.author_id, u.username AS author, u.full_name,\n p.title, p.content, p.published_at, last_modified\n FROM posts p\n LEFT JOIN users u ON p.author_id = u.user_id\n WHERE p.post_id = $1\n ",
"describe": {
"columns": [
{
"ordinal": 0,
"name": "post_id",
"type_info": "Uuid"
},
{
"ordinal": 1,
"name": "author_id",
"type_info": "Uuid"
},
{
"ordinal": 2,
"name": "author",
"type_info": "Text"
},
{
"ordinal": 3,
"name": "full_name",
"type_info": "Text"
},
{
"ordinal": 4,
"name": "title",
"type_info": "Text"
},
{
"ordinal": 5,
"name": "content",
"type_info": "Text"
},
{
"ordinal": 6,
"name": "published_at",
"type_info": "Timestamptz"
},
{
"ordinal": 7,
"name": "last_modified",
"type_info": "Timestamptz"
}
],
"parameters": {
"Left": [
"Uuid"
]
},
"nullable": [
false,
false,
false,
true,
false,
false,
false,
true
]
},
"hash": "059162eba48cf5f519d0d8b6ce63575ced91941b8c55c986b8c5591c7d9b09e4"
}

47
.sqlx/query-1778ace39189532c2c69850ad7366bb36c8b5fe7491064a53190a324485f0e53.json generated
View File

@@ -1,47 +0,0 @@
{
"db_name": "PostgreSQL",
"query": "\n SELECT p.post_id, u.username AS author, p.title, p.content, p.published_at\n FROM posts p\n LEFT JOIN users u ON p.author_id = u.user_id\n ORDER BY p.published_at DESC\n LIMIT $1\n OFFSET $2\n ",
"describe": {
"columns": [
{
"ordinal": 0,
"name": "post_id",
"type_info": "Uuid"
},
{
"ordinal": 1,
"name": "author",
"type_info": "Text"
},
{
"ordinal": 2,
"name": "title",
"type_info": "Text"
},
{
"ordinal": 3,
"name": "content",
"type_info": "Text"
},
{
"ordinal": 4,
"name": "published_at",
"type_info": "Timestamptz"
}
],
"parameters": {
"Left": [
"Int8",
"Int8"
]
},
"nullable": [
false,
false,
false,
false,
false
]
},
"hash": "1778ace39189532c2c69850ad7366bb36c8b5fe7491064a53190a324485f0e53"
}

12
.sqlx/query-1e1a90042e89bd8662df3bae15bc7506146cff102034664c77ab0fc68b9480f5.json generated Normal file
View File

@@ -0,0 +1,12 @@
{
"db_name": "PostgreSQL",
"query": "\n DELETE FROM idempotency\n WHERE created_at < NOW() - INTERVAL '1 hour'\n ",
"describe": {
"columns": [],
"parameters": {
"Left": []
},
"nullable": []
},
"hash": "1e1a90042e89bd8662df3bae15bc7506146cff102034664c77ab0fc68b9480f5"
}

64
.sqlx/query-1fc92c14786c21d24951341e3a8149964533b7627d2d073eeac7b7d3230513ce.json generated Normal file
View File

@@ -0,0 +1,64 @@
{
"db_name": "PostgreSQL",
"query": "\n SELECT p.author_id, u.username as author, u.full_name,\n p.post_id, p.title, p.content, p.published_at, p.last_modified\n FROM posts p\n INNER JOIN users u ON p.author_id = u.user_id\n WHERE p.author_id = $1\n ORDER BY p.published_at DESC\n ",
"describe": {
"columns": [
{
"ordinal": 0,
"name": "author_id",
"type_info": "Uuid"
},
{
"ordinal": 1,
"name": "author",
"type_info": "Text"
},
{
"ordinal": 2,
"name": "full_name",
"type_info": "Text"
},
{
"ordinal": 3,
"name": "post_id",
"type_info": "Uuid"
},
{
"ordinal": 4,
"name": "title",
"type_info": "Text"
},
{
"ordinal": 5,
"name": "content",
"type_info": "Text"
},
{
"ordinal": 6,
"name": "published_at",
"type_info": "Timestamptz"
},
{
"ordinal": 7,
"name": "last_modified",
"type_info": "Timestamptz"
}
],
"parameters": {
"Left": [
"Uuid"
]
},
"nullable": [
false,
false,
true,
false,
false,
false,
false,
true
]
},
"hash": "1fc92c14786c21d24951341e3a8149964533b7627d2d073eeac7b7d3230513ce"
}

62
.sqlx/query-601884180bc841dc0762008a819218620fc05169fe3bb80b7635fbe9e227056b.json generated Normal file
View File

@@ -0,0 +1,62 @@
{
"db_name": "PostgreSQL",
"query": "\n SELECT user_id, username, role as \"role: Role\", full_name, bio, member_since\n FROM users\n WHERE user_id = $1\n ",
"describe": {
"columns": [
{
"ordinal": 0,
"name": "user_id",
"type_info": "Uuid"
},
{
"ordinal": 1,
"name": "username",
"type_info": "Text"
},
{
"ordinal": 2,
"name": "role: Role",
"type_info": {
"Custom": {
"name": "user_role",
"kind": {
"Enum": [
"admin",
"writer"
]
}
}
}
},
{
"ordinal": 3,
"name": "full_name",
"type_info": "Text"
},
{
"ordinal": 4,
"name": "bio",
"type_info": "Text"
},
{
"ordinal": 5,
"name": "member_since",
"type_info": "Timestamptz"
}
],
"parameters": {
"Left": [
"Uuid"
]
},
"nullable": [
false,
false,
false,
true,
true,
false
]
},
"hash": "601884180bc841dc0762008a819218620fc05169fe3bb80b7635fbe9e227056b"
}

17
.sqlx/query-767386497874bbf3988938d62112be9479d5dc7eb523246ac98816ff3e8d2754.json generated
View File

@@ -1,17 +0,0 @@
{
"db_name": "PostgreSQL",
"query": "\n INSERT INTO comments (comment_id, post_id, author, content)\n VALUES ($1, $2, $3, $4)\n ",
"describe": {
"columns": [],
"parameters": {
"Left": [
"Uuid",
"Uuid",
"Text",
"Text"
]
},
"nullable": []
},
"hash": "767386497874bbf3988938d62112be9479d5dc7eb523246ac98816ff3e8d2754"
}

22
.sqlx/query-769e8762bd2173c088d85fc132326b05a08e67092eac4c3a7aff8a49d086b5a0.json generated Normal file
View File

@@ -0,0 +1,22 @@
{
"db_name": "PostgreSQL",
"query": "\n SELECT login_time FROM user_logins\n WHERE user_id = $1\n ORDER BY login_time DESC\n ",
"describe": {
"columns": [
{
"ordinal": 0,
"name": "login_time",
"type_info": "Timestamptz"
}
],
"parameters": {
"Left": [
"Uuid"
]
},
"nullable": [
false
]
},
"hash": "769e8762bd2173c088d85fc132326b05a08e67092eac4c3a7aff8a49d086b5a0"
}

12
.sqlx/query-7eccf0027753bc1c42897aef12c9350eca023f3be52e24530127d06c3c449104.json generated Normal file
View File

@@ -0,0 +1,12 @@
{
"db_name": "PostgreSQL",
"query": "\n DELETE FROM subscriptions\n WHERE status = 'pending_confirmation'\n AND subscribed_at < NOW() - INTERVAL '24 hours'\n ",
"describe": {
"columns": [],
"parameters": {
"Left": []
},
"nullable": []
},
"hash": "7eccf0027753bc1c42897aef12c9350eca023f3be52e24530127d06c3c449104"
}

22
.sqlx/query-84fcada696e1be5db55ef276e120ffef9adf7f5a4f5c4d5975b85e008e15620b.json generated Normal file
View File

@@ -0,0 +1,22 @@
{
"db_name": "PostgreSQL",
"query": "SELECT author_id FROM posts WHERE post_id = $1",
"describe": {
"columns": [
{
"ordinal": 0,
"name": "author_id",
"type_info": "Uuid"
}
],
"parameters": {
"Left": [
"Uuid"
]
},
"nullable": [
false
]
},
"hash": "84fcada696e1be5db55ef276e120ffef9adf7f5a4f5c4d5975b85e008e15620b"
}

25
.sqlx/query-0b5951c4e52f86101b33606abf65cdb411578eea4e0635a2b0ea14600e6d5031.json → .sqlx/query-886de678764ebf7f96fe683d3b685d176f0a41043c7ade8b659a9bd167a2d063.json generated
View File

@@ -1,42 +1,53 @@
{
"db_name": "PostgreSQL",
"query": "\n SELECT comment_id, post_id, author, content, published_at\n FROM comments\n WHERE post_id = $1\n ORDER BY published_at DESC\n LIMIT $2\n OFFSET $3\n ",
"query": "\n SELECT c.user_id as \"user_id?\", u.username as \"username?\", c.comment_id, c.post_id, c.author, c.content, c.published_at\n FROM comments c\n LEFT JOIN users u ON c.user_id = u.user_id AND c.user_id IS NOT NULL\n ORDER BY published_at DESC\n LIMIT $1\n OFFSET $2\n ",
"describe": {
"columns": [
{
"ordinal": 0,
"name": "comment_id",
"name": "user_id?",
"type_info": "Uuid"
},
{
"ordinal": 1,
"name": "username?",
"type_info": "Text"
},
{
"ordinal": 2,
"name": "comment_id",
"type_info": "Uuid"
},
{
"ordinal": 3,
"name": "post_id",
"type_info": "Uuid"
},
{
"ordinal": 2,
"ordinal": 4,
"name": "author",
"type_info": "Text"
},
{
"ordinal": 3,
"ordinal": 5,
"name": "content",
"type_info": "Text"
},
{
"ordinal": 4,
"ordinal": 6,
"name": "published_at",
"type_info": "Timestamptz"
}
],
"parameters": {
"Left": [
"Uuid",
"Int8",
"Int8"
]
},
"nullable": [
true,
false,
false,
false,
true,
@@ -44,5 +55,5 @@
false
]
},
"hash": "0b5951c4e52f86101b33606abf65cdb411578eea4e0635a2b0ea14600e6d5031"
"hash": "886de678764ebf7f96fe683d3b685d176f0a41043c7ade8b659a9bd167a2d063"
}

17
.sqlx/query-8dc27ae224c7ae3c99c396302357514d66e843dc4b3ee4ab58c628b6c9797fdd.json generated Normal file
View File

@@ -0,0 +1,17 @@
{
"db_name": "PostgreSQL",
"query": "\n UPDATE users\n SET username = $1, full_name = $2, bio = $3\n WHERE user_id = $4\n ",
"describe": {
"columns": [],
"parameters": {
"Left": [
"Text",
"Text",
"Text",
"Uuid"
]
},
"nullable": []
},
"hash": "8dc27ae224c7ae3c99c396302357514d66e843dc4b3ee4ab58c628b6c9797fdd"
}

17
.sqlx/query-aef1e780d14be61aa66ae8771309751741068694b291499ee1371de693c6a654.json generated Normal file
View File

@@ -0,0 +1,17 @@
{
"db_name": "PostgreSQL",
"query": "\n UPDATE posts\n SET title = $1, content = $2, last_modified = $3 WHERE post_id = $4\n ",
"describe": {
"columns": [],
"parameters": {
"Left": [
"Text",
"Text",
"Timestamptz",
"Uuid"
]
},
"nullable": []
},
"hash": "aef1e780d14be61aa66ae8771309751741068694b291499ee1371de693c6a654"
}

46
.sqlx/query-bccf441e3c1c29ddf6f7f13f7a333adf733abc527da03b12c91422b9b20f3a6f.json generated
View File

@@ -1,46 +0,0 @@
{
"db_name": "PostgreSQL",
"query": "\n SELECT p.post_id, u.username AS author, p.title, p.content, p.published_at\n FROM posts p\n LEFT JOIN users u ON p.author_id = u.user_id\n WHERE p.post_id = $1\n ",
"describe": {
"columns": [
{
"ordinal": 0,
"name": "post_id",
"type_info": "Uuid"
},
{
"ordinal": 1,
"name": "author",
"type_info": "Text"
},
{
"ordinal": 2,
"name": "title",
"type_info": "Text"
},
{
"ordinal": 3,
"name": "content",
"type_info": "Text"
},
{
"ordinal": 4,
"name": "published_at",
"type_info": "Timestamptz"
}
],
"parameters": {
"Left": [
"Uuid"
]
},
"nullable": [
false,
false,
false,
false,
false
]
},
"hash": "bccf441e3c1c29ddf6f7f13f7a333adf733abc527da03b12c91422b9b20f3a6f"
}

28
.sqlx/query-bfd02c92fb5e0c8748b172bf59a77a477b432ada1f41090571f4fe0e685b1b1b.json generated Normal file
View File

@@ -0,0 +1,28 @@
{
"db_name": "PostgreSQL",
"query": "SELECT username, full_name FROM users WHERE user_id = $1",
"describe": {
"columns": [
{
"ordinal": 0,
"name": "username",
"type_info": "Text"
},
{
"ordinal": 1,
"name": "full_name",
"type_info": "Text"
}
],
"parameters": {
"Left": [
"Uuid"
]
},
"nullable": [
false,
true
]
},
"hash": "bfd02c92fb5e0c8748b172bf59a77a477b432ada1f41090571f4fe0e685b1b1b"
}

65
.sqlx/query-dc3c1b786b4f4bd65f625922ce05eab4cb161f3de6c6e676af778f7749af5710.json generated Normal file
View File

@@ -0,0 +1,65 @@
{
"db_name": "PostgreSQL",
"query": "\n SELECT p.post_id, p.author_id, u.username AS author, u.full_name,\n p.title, p.content, p.published_at, p.last_modified\n FROM posts p\n LEFT JOIN users u ON p.author_id = u.user_id\n ORDER BY p.published_at DESC\n LIMIT $1\n OFFSET $2\n ",
"describe": {
"columns": [
{
"ordinal": 0,
"name": "post_id",
"type_info": "Uuid"
},
{
"ordinal": 1,
"name": "author_id",
"type_info": "Uuid"
},
{
"ordinal": 2,
"name": "author",
"type_info": "Text"
},
{
"ordinal": 3,
"name": "full_name",
"type_info": "Text"
},
{
"ordinal": 4,
"name": "title",
"type_info": "Text"
},
{
"ordinal": 5,
"name": "content",
"type_info": "Text"
},
{
"ordinal": 6,
"name": "published_at",
"type_info": "Timestamptz"
},
{
"ordinal": 7,
"name": "last_modified",
"type_info": "Timestamptz"
}
],
"parameters": {
"Left": [
"Int8",
"Int8"
]
},
"nullable": [
false,
false,
false,
true,
false,
false,
false,
true
]
},
"hash": "dc3c1b786b4f4bd65f625922ce05eab4cb161f3de6c6e676af778f7749af5710"
}

22
.sqlx/query-f4ea2ad9ba4f26093152e4a0e008ef6c3114fbe9e51301611c5633e1cc944c05.json generated Normal file
View File

@@ -0,0 +1,22 @@
{
"db_name": "PostgreSQL",
"query": "SELECT user_id FROM users WHERE username = $1",
"describe": {
"columns": [
{
"ordinal": 0,
"name": "user_id",
"type_info": "Uuid"
}
],
"parameters": {
"Left": [
"Text"
]
},
"nullable": [
false
]
},
"hash": "f4ea2ad9ba4f26093152e4a0e008ef6c3114fbe9e51301611c5633e1cc944c05"
}

25
.sqlx/query-dcfd46faa2f2e590bcea3ade11d48cc632d8e0027faa95142f0a698f6b06a378.json → .sqlx/query-fb280849a8a1fce21ec52cd9df73492d965357c9a410eb3b43b1a2e1cc8a0259.json generated
View File

@@ -1,41 +1,54 @@
{
"db_name": "PostgreSQL",
"query": "\n SELECT comment_id, post_id, author, content, published_at\n FROM comments\n ORDER BY published_at DESC\n LIMIT $1\n OFFSET $2\n ",
"query": "\n SELECT c.user_id as \"user_id?\", u.username as \"username?\", c.comment_id, c.post_id, c.author, c.content, c.published_at\n FROM comments c\n LEFT JOIN users u ON c.user_id = u.user_id AND c.user_id IS NOT NULL\n WHERE c.post_id = $1\n ORDER BY c.published_at DESC\n LIMIT $2\n OFFSET $3\n ",
"describe": {
"columns": [
{
"ordinal": 0,
"name": "comment_id",
"name": "user_id?",
"type_info": "Uuid"
},
{
"ordinal": 1,
"name": "username?",
"type_info": "Text"
},
{
"ordinal": 2,
"name": "comment_id",
"type_info": "Uuid"
},
{
"ordinal": 3,
"name": "post_id",
"type_info": "Uuid"
},
{
"ordinal": 2,
"ordinal": 4,
"name": "author",
"type_info": "Text"
},
{
"ordinal": 3,
"ordinal": 5,
"name": "content",
"type_info": "Text"
},
{
"ordinal": 4,
"ordinal": 6,
"name": "published_at",
"type_info": "Timestamptz"
}
],
"parameters": {
"Left": [
"Uuid",
"Int8",
"Int8"
]
},
"nullable": [
true,
false,
false,
false,
true,
@@ -43,5 +56,5 @@
false
]
},
"hash": "dcfd46faa2f2e590bcea3ade11d48cc632d8e0027faa95142f0a698f6b06a378"
"hash": "fb280849a8a1fce21ec52cd9df73492d965357c9a410eb3b43b1a2e1cc8a0259"
}

46
.sqlx/query-fba37bafbf190369575b92c91d32f57336e8c7d42d5698e2b22e2b5c0427de75.json generated
View File

@@ -1,46 +0,0 @@
{
"db_name": "PostgreSQL",
"query": "\n SELECT u.username as author, p.post_id, p.title, p.content, p.published_at\n FROM posts p\n INNER JOIN users u ON p.author_id = u.user_id\n WHERE p.author_id = $1\n ORDER BY p.published_at DESC\n ",
"describe": {
"columns": [
{
"ordinal": 0,
"name": "author",
"type_info": "Text"
},
{
"ordinal": 1,
"name": "post_id",
"type_info": "Uuid"
},
{
"ordinal": 2,
"name": "title",
"type_info": "Text"
},
{
"ordinal": 3,
"name": "content",
"type_info": "Text"
},
{
"ordinal": 4,
"name": "published_at",
"type_info": "Timestamptz"
}
],
"parameters": {
"Left": [
"Uuid"
]
},
"nullable": [
false,
false,
false,
false,
false
]
},
"hash": "fba37bafbf190369575b92c91d32f57336e8c7d42d5698e2b22e2b5c0427de75"
}

14
.sqlx/query-fc383671ada951baa611ab7dd00efcc7f4f2aea7c22e4c0865e5c766ed7f99b3.json generated Normal file
View File

@@ -0,0 +1,14 @@
{
"db_name": "PostgreSQL",
"query": "INSERT INTO user_logins (user_id) VALUES ($1)",
"describe": {
"columns": [],
"parameters": {
"Left": [
"Uuid"
]
},
"nullable": []
},
"hash": "fc383671ada951baa611ab7dd00efcc7f4f2aea7c22e4c0865e5c766ed7f99b3"
}

4
Cargo.lock generated
View File

@@ -4070,7 +4070,6 @@ dependencies = [
"argon2",
"askama",
"axum",
"base64 0.22.1",
"chrono",
"claims",
"config",
@@ -4087,7 +4086,6 @@ dependencies = [
"serde",
"serde-aux",
"serde_json",
"serde_urlencoded",
"sqlx",
"thiserror",
"tokio",
@@ -4096,8 +4094,6 @@ dependencies = [
"tower-sessions-redis-store",
"tracing",
"tracing-subscriber",
"unicode-segmentation",
"urlencoding",
"uuid",
"validator",
"wiremock",

4
Cargo.toml
View File

@@ -28,7 +28,6 @@ anyhow = "1.0.99"
argon2 = { version = "0.5.3", features = ["std"] }
askama = "0.14.0"
axum = { version = "0.8.4", features = ["macros"] }
base64 = "0.22.1"
chrono = { version = "0.4.41", default-features = false, features = ["clock"] }
config = "0.15.14"
markdown = "1.0.0"
@@ -56,8 +55,6 @@ tower-sessions = "0.14.0"
tower-sessions-redis-store = "0.16.0"
tracing = "0.1.41"
tracing-subscriber = { version = "0.3.19", features = ["env-filter"] }
unicode-segmentation = "1.12.0"
urlencoding = "2.1.3"
uuid = { version = "1.18.0", features = ["v4", "serde"] }
validator = { version = "0.20.0", features = ["derive"] }
@@ -70,5 +67,4 @@ quickcheck = "1.0.3"
quickcheck_macros = "1.1.0"
scraper = "0.24.0"
serde_json = "1.0.143"
serde_urlencoded = "0.7.1"
wiremock = "0.6.4"

2315
assets/css/main.css
View File

File diff suppressed because one or more lines are too long

3
migrations/20251008112745_add_user_id_to_comments.sql Normal file
View File

@@ -0,0 +1,3 @@
ALTER TABLE comments
ADD COLUMN user_id UUID
REFERENCES users (user_id) ON DELETE SET NULL;

2
migrations/20251009173005_add_last_modified_to_posts.sql Normal file
View File

@@ -0,0 +1,2 @@
ALTER TABLE posts
ADD COLUMN last_modified TIMESTAMPTZ;

5
migrations/20251009180347_create_user_logins_table.sql Normal file
View File

@@ -0,0 +1,5 @@
CREATE TABLE user_logins (
id BIGSERIAL PRIMARY KEY,
user_id UUID NOT NULL REFERENCES users (user_id) ON DELETE CASCADE,
login_time TIMESTAMPTZ NOT NULL DEFAULT NOW()
);

3
package-lock.json generated
View File

@@ -1123,7 +1123,8 @@
"version": "4.1.13",
"resolved": "https://registry.npmjs.org/tailwindcss/-/tailwindcss-4.1.13.tgz",
"integrity": "sha512-i+zidfmTqtwquj4hMEwdjshYYgMbOrPzb9a0M3ZgNa0JMoZeFC6bxZvO8yr8ozS6ix2SDz0+mvryPeBs2TFE+w==",
"license": "MIT"
"license": "MIT",
"peer": true
},
"node_modules/tapable": {
"version": "2.2.3",

58
src/database_worker.rs Normal file
View File

@@ -0,0 +1,58 @@
use anyhow::Context;
use sqlx::{
PgPool,
postgres::{PgConnectOptions, PgPoolOptions},
};
use std::time::Duration;
pub async fn run_until_stopped(configuration: PgConnectOptions) -> Result<(), anyhow::Error> {
let connection_pool = PgPoolOptions::new().connect_lazy_with(configuration);
worker_loop(connection_pool).await
}
async fn worker_loop(connection_pool: PgPool) -> Result<(), anyhow::Error> {
loop {
if let Err(e) = clean_pending_subscriptions(&connection_pool).await {
tracing::error!("{:?}", e);
}
if let Err(e) = clean_idempotency_keys(&connection_pool).await {
tracing::error!("{:?}", e);
}
tokio::time::sleep(Duration::from_secs(60)).await;
}
}
async fn clean_pending_subscriptions(connection_pool: &PgPool) -> Result<(), anyhow::Error> {
let result = sqlx::query!(
"
DELETE FROM subscriptions
WHERE status = 'pending_confirmation'
AND subscribed_at < NOW() - INTERVAL '24 hours'
"
)
.execute(connection_pool)
.await
.context("Failed to clean up subscriptions table.")?;
match result.rows_affected() {
n if n > 0 => tracing::info!("Cleaned up {} expired subscriptions.", n),
_ => (),
}
Ok(())
}
async fn clean_idempotency_keys(connection_pool: &PgPool) -> Result<(), anyhow::Error> {
let result = sqlx::query!(
"
DELETE FROM idempotency
WHERE created_at < NOW() - INTERVAL '1 hour'
"
)
.execute(connection_pool)
.await
.context("Failed to clean up idempontency table.")?;
match result.rows_affected() {
n if n > 0 => tracing::info!("Cleaned up {} old idempotency records.", n),
_ => (),
}
Ok(())
}

4
src/domain/comment.rs
View File

@@ -2,6 +2,8 @@ use chrono::{DateTime, Utc};
use uuid::Uuid;
pub struct CommentEntry {
pub user_id: Option<Uuid>,
pub username: Option<String>,
pub comment_id: Uuid,
pub post_id: Uuid,
pub author: Option<String>,
@@ -11,6 +13,6 @@ pub struct CommentEntry {
impl CommentEntry {
pub fn formatted_date(&self) -> String {
self.published_at.format("%B %d, %Y").to_string()
self.published_at.format("%B %d, %Y %H:%M").to_string()
}
}

13
src/domain/post.rs
View File

@@ -3,24 +3,23 @@ use uuid::Uuid;
pub struct PostEntry {
pub post_id: Uuid,
pub author_id: Uuid,
pub author: String,
pub full_name: Option<String>,
pub title: String,
pub content: String,
pub published_at: DateTime<Utc>,
pub last_modified: Option<DateTime<Utc>>,
}
impl PostEntry {
pub fn formatted_date(&self) -> String {
self.published_at.format("%B %d, %Y").to_string()
self.published_at.format("%B %d, %Y %H:%M").to_string()
}
pub fn to_html(self) -> Result<Self, anyhow::Error> {
pub fn to_html(&self) -> anyhow::Result<String> {
match markdown::to_html_with_options(&self.content, &markdown::Options::gfm()) {
Ok(mut content) => {
content = content.replace("<table>", r#"<div class="table-wrapper"><table>"#);
content = content.replace("</table>", r#"</table></div>"#);
Ok(Self { content, ..self })
}
Ok(content) => Ok(content),
Err(e) => anyhow::bail!(e),
}
}

8
src/domain/subscriber_email.rs
View File

@@ -1,3 +1,5 @@
use std::fmt::Display;
use validator::Validate;
#[derive(Debug, Validate)]
@@ -22,6 +24,12 @@ impl AsRef<str> for SubscriberEmail {
}
}
impl Display for SubscriberEmail {
fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
write!(f, "{}", self.email)
}
}
#[cfg(test)]
mod tests {
use super::SubscriberEmail;

66
src/issue_delivery_worker.rs
View File

@@ -7,7 +7,7 @@ use std::time::Duration;
use tracing::{Span, field::display};
use uuid::Uuid;
pub async fn run_worker_until_stopped(configuration: Settings) -> Result<(), anyhow::Error> {
pub async fn run_until_stopped(configuration: Settings) -> Result<(), anyhow::Error> {
let connection_pool = PgPoolOptions::new().connect_lazy_with(configuration.database.with_db());
let email_client = EmailClient::build(configuration.email_client).unwrap();
worker_loop(connection_pool, email_client).await
@@ -31,14 +31,6 @@ pub enum ExecutionOutcome {
EmptyQueue,
}
#[tracing::instrument(
skip_all,
fields(
newsletter_issue_id=tracing::field::Empty,
subscriber_email=tracing::field::Empty
),
err
)]
pub async fn try_execute_task(
connection_pool: &PgPool,
email_client: &EmailClient,
@@ -53,25 +45,14 @@ pub async fn try_execute_task(
.record("subscriber_email", display(&task.subscriber_email));
match SubscriberEmail::parse(task.subscriber_email.clone()) {
Ok(email) => {
let mut issue = get_issue(connection_pool, task.newsletter_issue_id).await?;
issue.inject_unsubscribe_token(&task.unsubscribe_token);
if task.kind == EmailType::NewPost.to_string() {
issue.inject_tracking_info(&mut transaction).await?;
}
if let Err(e) = email_client
.send_email(
&email,
&issue.title,
&issue.html_content,
&issue.text_content,
)
.await
{
tracing::error!(
error = %e,
"Failed to deliver issue to confirmed subscriber. Skipping."
);
}
execute_task(
connection_pool,
&mut transaction,
&task,
email,
email_client,
)
.await?;
}
Err(e) => {
tracing::error!(
@@ -178,6 +159,35 @@ async fn dequeue_task(
}
}
#[tracing::instrument(
name = "Executing task",
skip_all,
fields(email = %email),
)]
async fn execute_task(
connection_pool: &PgPool,
transaction: &mut Transaction<'static, Postgres>,
task: &Task,
email: SubscriberEmail,
email_client: &EmailClient,
) -> Result<(), anyhow::Error> {
let mut issue = get_issue(connection_pool, task.newsletter_issue_id).await?;
issue.inject_unsubscribe_token(&task.unsubscribe_token);
if task.kind == EmailType::NewPost.to_string() {
issue.inject_tracking_info(transaction).await?;
}
email_client
.send_email(
&email,
&issue.title,
&issue.html_content,
&issue.text_content,
)
.await
.context("Failed to deliver newsletter issue to subscriber..")?;
Ok(())
}
async fn delete_task(
mut transaction: Transaction<'static, Postgres>,
issue_id: Uuid,

1
src/lib.rs
View File

@@ -1,5 +1,6 @@
pub mod authentication;
pub mod configuration;
pub mod database_worker;
pub mod domain;
pub mod email_client;
pub mod idempotency;

13
src/main.rs
View File

@@ -1,6 +1,6 @@
use zero2prod::{
configuration::get_configuration, issue_delivery_worker::run_worker_until_stopped,
startup::Application, telemetry::init_subscriber,
configuration::get_configuration, database_worker, issue_delivery_worker, startup::Application,
telemetry::init_subscriber,
};
#[tokio::main]
@@ -11,11 +11,16 @@ async fn main() -> Result<(), anyhow::Error> {
let application = Application::build(configuration.clone()).await?;
let application_task = tokio::spawn(application.run_until_stopped());
let worker_task = tokio::spawn(run_worker_until_stopped(configuration));
let database_worker_task = tokio::spawn(database_worker::run_until_stopped(
configuration.database.with_db(),
));
let delivery_worker_task =
tokio::spawn(issue_delivery_worker::run_until_stopped(configuration));
tokio::select! {
_ = application_task => {},
_ = worker_task => {},
_ = database_worker_task => {},
_ = delivery_worker_task => {},
};
Ok(())

19
src/routes.rs
View File

@@ -28,6 +28,7 @@ pub use subscriptions::*;
pub use subscriptions_confirm::*;
pub use unsubscribe::*;
pub use users::*;
use validator::ValidationErrors;
use crate::{
authentication::AuthError,
@@ -161,6 +162,7 @@ impl From<AuthError> for AppError {
}
pub async fn not_found() -> Response {
tracing::error!("Not found.");
not_found_html()
}
@@ -208,3 +210,20 @@ where
}
}
}
pub fn join_error_messages(e: ValidationErrors) -> String {
let error_messages: Vec<_> = e
.field_errors()
.iter()
.flat_map(|(field, errors)| {
errors.iter().map(move |error| {
error
.message
.as_ref()
.map(|msg| msg.to_string())
.unwrap_or(format!("Invalid field: {}", field))
})
})
.collect();
error_messages.join("\n")
}

11
src/routes/admin.rs
View File

@@ -12,6 +12,7 @@ use crate::{
templates::{HtmlTemplate, MessageTemplate},
};
use anyhow::Context;
use axum::response::Redirect;
use axum::{
extract::Request,
middleware::Next,
@@ -49,11 +50,17 @@ pub async fn require_auth(
mut request: Request,
next: Next,
) -> Result<Response, AppError> {
let user_id = session
let user_id = match session
.get_user_id()
.await
.map_err(|e| AdminError::UnexpectedError(e.into()))?
.ok_or(AdminError::NotAuthenticated)?;
{
None => {
tracing::error!("Not authenticated. Redirecting to /login.");
return Ok(Redirect::to("/login").into_response());
}
Some(user_id) => user_id,
};
let username = session
.get_username()
.await

66
src/routes/comments.rs
View File

@@ -27,6 +27,7 @@ pub struct CommentForm {
pub author: Option<String>,
pub content: String,
pub idempotency_key: String,
pub user_id: Option<Uuid>,
}
#[tracing::instrument(name = "Posting new comment", skip_all, fields(post_id = %post_id))]
@@ -51,9 +52,15 @@ pub async fn post_comment(
}
};
insert_comment(&mut transaction, post_id, form.author, form.content)
.await
.context("Could not insert comment into database.")?;
insert_comment(
&mut transaction,
post_id,
form.author,
form.user_id,
form.content,
)
.await
.context("Could not insert comment into database.")?;
let template = HtmlTemplate(MessageTemplate::success(
"Your comment has been posted.".into(),
@@ -75,20 +82,25 @@ async fn insert_comment(
transaction: &mut Transaction<'static, Postgres>,
post_id: Uuid,
author: Option<String>,
user_id: Option<Uuid>,
content: String,
) -> Result<Uuid, sqlx::Error> {
let author = author
.filter(|s| !s.trim().is_empty())
.map(|s| s.trim().to_string());
let author = if user_id.is_some() {
None
} else {
author
.filter(|s| !s.trim().is_empty())
.map(|s| s.trim().to_string())
};
let content = content.trim();
let comment_id = Uuid::new_v4();
tracing::Span::current().record("comment_id", comment_id.to_string());
let query = sqlx::query!(
"
INSERT INTO comments (comment_id, post_id, author, content)
VALUES ($1, $2, $3, $4)
INSERT INTO comments (user_id, comment_id, post_id, author, content)
VALUES ($1, $2, $3, $4, $5)
",
user_id,
comment_id,
post_id,
author,
@@ -177,22 +189,35 @@ pub async fn get_comments_page_for_post(
page: i64,
) -> Result<Vec<CommentEntry>, sqlx::Error> {
let offset = (page - 1) * COMMENTS_PER_PAGE;
let comments = sqlx::query_as!(
let mut comments = sqlx::query_as!(
CommentEntry,
"
SELECT comment_id, post_id, author, content, published_at
FROM comments
WHERE post_id = $1
ORDER BY published_at DESC
r#"
SELECT c.user_id as "user_id?", u.username as "username?", c.comment_id, c.post_id, c.author, c.content, c.published_at
FROM comments c
LEFT JOIN users u ON c.user_id = u.user_id AND c.user_id IS NOT NULL
WHERE c.post_id = $1
ORDER BY c.published_at DESC
LIMIT $2
OFFSET $3
",
"#,
post_id,
COMMENTS_PER_PAGE,
offset
)
.fetch_all(connection_pool)
.await?;
for comment in comments.iter_mut() {
if let Some(user_id) = comment.user_id {
let record = sqlx::query!(
"SELECT username, full_name FROM users WHERE user_id = $1",
user_id
)
.fetch_one(connection_pool)
.await?;
let author = record.full_name.unwrap_or(record.username);
comment.author = Some(author);
}
}
Ok(comments)
}
@@ -214,13 +239,14 @@ pub async fn get_comments_page(
let offset = (page - 1) * COMMENTS_PER_PAGE;
let comments = sqlx::query_as!(
CommentEntry,
"
SELECT comment_id, post_id, author, content, published_at
FROM comments
r#"
SELECT c.user_id as "user_id?", u.username as "username?", c.comment_id, c.post_id, c.author, c.content, c.published_at
FROM comments c
LEFT JOIN users u ON c.user_id = u.user_id AND c.user_id IS NOT NULL
ORDER BY published_at DESC
LIMIT $1
OFFSET $2
",
"#,
COMMENTS_PER_PAGE,
offset
)

17
src/routes/login.rs
View File

@@ -15,6 +15,8 @@ use axum::{
};
use axum::{http::StatusCode, response::Redirect};
use secrecy::SecretString;
use sqlx::PgPool;
use uuid::Uuid;
#[derive(serde::Deserialize)]
pub struct LoginFormData {
@@ -29,7 +31,7 @@ pub async fn get_login(session: TypedSession) -> Result<Response, AppError> {
.context("Failed to retrieve user id from data store.")?
.is_some()
{
Ok(Redirect::to("/admin/dashboard").into_response())
Ok(Redirect::to("dashboard").into_response())
} else {
Ok(Html(LoginTemplate.render().unwrap()).into_response())
}
@@ -50,6 +52,9 @@ pub async fn post_login(
tracing::Span::current().record("username", tracing::field::display(&credentials.username));
let (user_id, role) = validate_credentials(credentials, &connection_pool).await?;
tracing::Span::current().record("user_id", tracing::field::display(&user_id));
record_login(&connection_pool, &user_id)
.await
.context("Failed to register new login event.")?;
session.renew().await.context("Failed to renew session.")?;
session
@@ -66,6 +71,14 @@ pub async fn post_login(
.context("Failed to insert role in session data store.")?;
let mut headers = HeaderMap::new();
headers.insert("HX-Redirect", "/admin/dashboard".parse().unwrap());
headers.insert("HX-Redirect", "/dashboard".parse().unwrap());
Ok((StatusCode::OK, headers).into_response())
}
#[tracing::instrument(name = "Recording new login event", skip_all, fields(user_id = %user_id))]
async fn record_login(connection_pool: &PgPool, user_id: &Uuid) -> Result<(), sqlx::Error> {
sqlx::query!("INSERT INTO user_logins (user_id) VALUES ($1)", user_id)
.execute(connection_pool)
.await?;
Ok(())
}

104
src/routes/posts.rs
View File

@@ -1,10 +1,11 @@
use crate::routes::{COMMENTS_PER_PAGE, get_max_page};
use crate::templates::PostsPageDashboardTemplate;
use crate::authentication::AuthenticatedUser;
use crate::routes::{COMMENTS_PER_PAGE, Query, get_max_page, join_error_messages};
use crate::session_state::TypedSession;
use crate::templates::{ErrorTemplate, MessageTemplate, PostsPageDashboardTemplate};
use crate::{
domain::PostEntry,
routes::{
AppError, Path, Query, get_comments_count_for_post, get_comments_page_for_post,
not_found_html,
AppError, Path, get_comments_count_for_post, get_comments_page_for_post, not_found_html,
},
startup::AppState,
templates::{HtmlTemplate, PostListTemplate, PostTemplate, PostsTemplate},
@@ -12,11 +13,14 @@ use crate::{
use anyhow::Context;
use askama::Template;
use axum::{
Extension, Form,
extract::State,
response::{Html, IntoResponse, Redirect, Response},
};
use chrono::Utc;
use sqlx::PgPool;
use uuid::Uuid;
use validator::Validate;
pub const POSTS_PER_PAGE: i64 = 3;
@@ -74,7 +78,8 @@ async fn get_posts(
sqlx::query_as!(
PostEntry,
r#"
SELECT p.post_id, u.username AS author, p.title, p.content, p.published_at
SELECT p.post_id, p.author_id, u.username AS author, u.full_name,
p.title, p.content, p.published_at, p.last_modified
FROM posts p
LEFT JOIN users u ON p.author_id = u.user_id
ORDER BY p.published_at DESC
@@ -96,7 +101,8 @@ pub async fn get_posts_page(
sqlx::query_as!(
PostEntry,
r#"
SELECT p.post_id, u.username AS author, p.title, p.content, p.published_at
SELECT p.post_id, p.author_id, u.username AS author, u.full_name,
p.title, p.content, p.published_at, p.last_modified
FROM posts p
LEFT JOIN users u ON p.author_id = u.user_id
ORDER BY p.published_at DESC
@@ -117,18 +123,76 @@ pub async fn get_posts_count(connection_pool: &PgPool) -> Result<i64, sqlx::Erro
.map(|r| r.count.unwrap())
}
#[derive(Validate, serde::Deserialize)]
pub struct EditPostForm {
#[validate(length(min = 1, message = "Title must be at least one character."))]
pub title: String,
#[validate(length(min = 1, message = "Content must be at least one character."))]
pub content: String,
}
#[tracing::instrument(name = "Editing post", skip_all, fields(post_id = %post_id))]
pub async fn update_post(
State(AppState {
connection_pool, ..
}): State<AppState>,
Extension(AuthenticatedUser { user_id, .. }): Extension<AuthenticatedUser>,
Path(post_id): Path<Uuid>,
Form(form): Form<EditPostForm>,
) -> Result<Response, AppError> {
let record = sqlx::query!("SELECT author_id FROM posts WHERE post_id = $1", post_id)
.fetch_optional(&connection_pool)
.await
.context("Could not fetch post author.")?;
match record {
None => Ok(HtmlTemplate(ErrorTemplate::NotFound).into_response()),
Some(record) if record.author_id == user_id => {
if let Err(e) = form.validate().map_err(join_error_messages) {
let template = HtmlTemplate(MessageTemplate::error(e));
return Ok(template.into_response());
}
sqlx::query!(
"
UPDATE posts
SET title = $1, content = $2, last_modified = $3 WHERE post_id = $4
",
form.title,
form.content,
Utc::now(),
post_id
)
.execute(&connection_pool)
.await
.context("Could not update post")?;
Ok(HtmlTemplate(MessageTemplate::success(
"Your changes have been saved.".into(),
))
.into_response())
}
_ => Ok(HtmlTemplate(MessageTemplate::error(
"You are not authorized. Only the author can edit his post.".into(),
))
.into_response()),
}
}
#[derive(serde::Deserialize)]
pub struct PostParams {
pub struct OriginQueryParam {
origin: Option<Uuid>,
}
#[tracing::instrument(name = "Fetching post from database", skip(connection_pool, origin))]
#[tracing::instrument(
name = "Fetching post from database",
skip(connection_pool, origin, session)
)]
pub async fn see_post(
session: TypedSession,
State(AppState {
connection_pool, ..
}): State<AppState>,
Path(post_id): Path<Uuid>,
Query(PostParams { origin }): Query<PostParams>,
Query(OriginQueryParam { origin }): Query<OriginQueryParam>,
) -> Result<Response, AppError> {
if let Some(origin) = origin {
mark_email_as_opened(&connection_pool, origin).await?;
@@ -137,28 +201,39 @@ pub async fn see_post(
if let Some(post) = get_post_data(&connection_pool, post_id)
.await
.context(format!("Failed to fetch post #{}", post_id))
.context(format!("Failed to fetch post #{}.", post_id))
.map_err(AppError::unexpected_page)?
{
let post = post
let post_html = post
.to_html()
.context("Could not render markdown with extension.")?;
let current_page = 1;
let comments_count = get_comments_count_for_post(&connection_pool, post_id)
.await
.context("Could not fetch comment count")?;
.context("Could not fetch comment count.")?;
let max_page = get_max_page(comments_count, COMMENTS_PER_PAGE);
let comments = get_comments_page_for_post(&connection_pool, post_id, 1)
.await
.context("Failed to fetch latest comments")?;
.context("Failed to fetch latest comments.")?;
let idempotency_key = Uuid::new_v4().to_string();
let session_user_id = session
.get_user_id()
.await
.context("Could not check for session user id.")?;
let session_username = session
.get_username()
.await
.context("Could not check for session username.")?;
let template = HtmlTemplate(PostTemplate {
post,
post_html,
comments,
idempotency_key,
current_page,
max_page,
comments_count,
session_user_id,
session_username,
});
Ok(template.into_response())
} else {
@@ -186,7 +261,8 @@ async fn get_post_data(
sqlx::query_as!(
PostEntry,
r#"
SELECT p.post_id, u.username AS author, p.title, p.content, p.published_at
SELECT p.post_id, p.author_id, u.username AS author, u.full_name,
p.title, p.content, p.published_at, last_modified
FROM posts p
LEFT JOIN users u ON p.author_id = u.user_id
WHERE p.post_id = $1

146
src/routes/users.rs
View File

@@ -1,5 +1,7 @@
use crate::routes::verify_password;
use crate::templates::MessageTemplate;
use crate::authentication::AuthenticatedUser;
use crate::routes::{join_error_messages, verify_password};
use crate::session_state::TypedSession;
use crate::templates::{MessageTemplate, UserEditTemplate};
use crate::{
authentication::Role,
domain::{PostEntry, UserEntry},
@@ -9,17 +11,114 @@ use crate::{
};
use anyhow::Context;
use axum::{
Form,
Extension, Form,
extract::{Path, State},
response::{IntoResponse, Response},
};
use secrecy::{ExposeSecret, SecretString};
use sqlx::PgPool;
use uuid::Uuid;
use validator::Validate;
#[derive(serde::Deserialize)]
pub struct ProfilePath {
pub async fn user_edit_form(
Extension(AuthenticatedUser { user_id, .. }): Extension<AuthenticatedUser>,
State(AppState {
connection_pool, ..
}): State<AppState>,
) -> Result<Response, AppError> {
let user = sqlx::query_as!(
UserEntry,
r#"
SELECT user_id, username, role as "role: Role", full_name, bio, member_since
FROM users
WHERE user_id = $1
"#,
user_id
)
.fetch_one(&connection_pool)
.await
.context("Could not fetch user in database.")?;
let template = HtmlTemplate(UserEditTemplate { user });
Ok(template.into_response())
}
#[derive(Debug, Validate, serde::Deserialize)]
pub struct EditProfileForm {
user_id: Uuid,
#[validate(length(min = 3, message = "Username must be at least 3 characters."))]
username: String,
full_name: String,
bio: String,
}
#[tracing::instrument(name = "Updating user profile", skip_all, fields(user_id = %form.user_id))]
pub async fn update_user(
State(AppState {
connection_pool, ..
}): State<AppState>,
session: TypedSession,
Extension(AuthenticatedUser {
user_id: session_user_id,
username: session_username,
..
}): Extension<AuthenticatedUser>,
Form(form): Form<EditProfileForm>,
) -> Result<Response, AppError> {
if let Err(e) = form.validate().map_err(join_error_messages) {
let template = HtmlTemplate(MessageTemplate::error(e));
return Ok(template.into_response());
}
if form.user_id != session_user_id {
let template = HtmlTemplate(MessageTemplate::error(
"You are not authorized. Refresh the page and try again.".into(),
));
return Ok(template.into_response());
}
let updated_username = form.username.trim();
if updated_username != session_username
&& sqlx::query!(
"SELECT user_id FROM users WHERE username = $1",
updated_username
)
.fetch_optional(&connection_pool)
.await
.context("Could not fetch users table.")?
.is_some()
{
let template = HtmlTemplate(MessageTemplate::error(
"This username is already taken.".into(),
));
return Ok(template.into_response());
}
let updated_full_name = form.full_name.trim();
let bio = {
let bio = form.bio.trim();
if bio.is_empty() { None } else { Some(bio) }
};
sqlx::query!(
"
UPDATE users
SET username = $1, full_name = $2, bio = $3
WHERE user_id = $4
",
updated_username,
updated_full_name,
bio,
form.user_id
)
.execute(&connection_pool)
.await
.context("Failed to apply changes.")
.map_err(AppError::FormError)?;
session
.insert_username(updated_username.to_owned())
.await
.context("Could not update session username.")?;
let template = HtmlTemplate(MessageTemplate::success(
"Your profile has been updated.".into(),
));
Ok(template.into_response())
}
#[tracing::instrument(name = "Get users from database", skip(connection_pool))]
@@ -144,12 +243,13 @@ pub async fn delete_user(
Ok(template.into_response())
}
#[tracing::instrument(name = "Fetching user data", skip(connection_pool))]
#[tracing::instrument(name = "Fetching user data", skip(connection_pool, session))]
pub async fn user_profile(
session: TypedSession,
State(AppState {
connection_pool, ..
}): State<AppState>,
Path(ProfilePath { username }): Path<ProfilePath>,
Path(username): Path<String>,
) -> Result<Response, AppError> {
match fetch_user_data(&connection_pool, &username)
.await
@@ -159,7 +259,34 @@ pub async fn user_profile(
let posts = fetch_user_posts(&connection_pool, &user.user_id)
.await
.context("Could not fetch user posts.")?;
let template = HtmlTemplate(UserTemplate { user, posts });
let session_user_id = session
.get_user_id()
.await
.context("Could not fetch session username.")?;
let profile_user_id =
sqlx::query!("SELECT user_id FROM users WHERE username = $1", username)
.fetch_one(&connection_pool)
.await
.context("Could not fetch profile user id.")?
.user_id;
let last_seen = sqlx::query!(
"
SELECT login_time FROM user_logins
WHERE user_id = $1
ORDER BY login_time DESC
",
profile_user_id
)
.fetch_optional(&connection_pool)
.await
.context("Failed to fetch last user login")?
.map(|r| r.login_time);
let template = HtmlTemplate(UserTemplate {
user,
session_user_id,
last_seen,
posts,
});
Ok(template.into_response())
}
None => {
@@ -195,7 +322,8 @@ async fn fetch_user_posts(
sqlx::query_as!(
PostEntry,
r#"
SELECT u.username as author, p.post_id, p.title, p.content, p.published_at
SELECT p.author_id, u.username as author, u.full_name,
p.post_id, p.title, p.content, p.published_at, p.last_modified
FROM posts p
INNER JOIN users u ON p.author_id = u.user_id
WHERE p.author_id = $1

8
src/startup.rs
View File

@@ -7,7 +7,7 @@ use axum::{
http::Request,
middleware,
response::{IntoResponse, Response},
routing::{delete, get, post},
routing::{delete, get, post, put},
};
use reqwest::{StatusCode, header};
use sqlx::{PgPool, postgres::PgPoolOptions};
@@ -99,8 +99,10 @@ pub fn app(
.route("/password", post(change_password))
.route("/newsletters", post(publish_newsletter))
.route("/posts", post(create_post))
.route("/posts/{post_id}", put(update_post))
.route("/logout", get(logout))
.merge(admin_routes)
.route("/users/edit", get(user_edit_form).put(update_user))
.nest("/admin", admin_routes)
.layer(middleware::from_fn(require_auth));
Router::new()
.route("/", get(home))
@@ -119,7 +121,7 @@ pub fn app(
)
.route("/users/{username}", get(user_profile))
.route("/favicon.ico", get(favicon))
.nest("/admin", auth_routes)
.merge(auth_routes)
.nest_service("/assets", ServeDir::new("assets"))
.layer(
TraceLayer::new_for_http().make_span_with(|request: &Request<_>| {

2
src/telemetry.rs
View File

@@ -21,7 +21,7 @@ where
)
.with(
tracing_subscriber::fmt::layer()
.compact()
.pretty()
.with_writer(sink)
.with_span_events(FmtSpan::NEW | FmtSpan::CLOSE),
)

14
src/templates.rs
View File

@@ -5,6 +5,7 @@ use crate::{
};
use askama::Template;
use axum::response::{Html, IntoResponse};
use chrono::{DateTime, Utc};
use uuid::Uuid;
pub struct HtmlTemplate<T>(pub T);
@@ -25,7 +26,15 @@ where
#[template(path = "user/profile.html")]
pub struct UserTemplate {
pub user: UserEntry,
pub session_user_id: Option<Uuid>,
pub posts: Vec<PostEntry>,
pub last_seen: Option<DateTime<Utc>>,
}
#[derive(Template)]
#[template(path = "user/edit.html")]
pub struct UserEditTemplate {
pub user: UserEntry,
}
#[derive(Template)]
@@ -114,11 +123,14 @@ pub struct PostListTemplate {
#[template(path = "posts/page.html")]
pub struct PostTemplate {
pub post: PostEntry,
pub post_html: String,
pub idempotency_key: String,
pub comments: Vec<CommentEntry>,
pub current_page: i64,
pub max_page: i64,
pub comments_count: i64,
pub session_user_id: Option<Uuid>,
pub session_username: Option<String>,
}
#[derive(Template)]
@@ -147,6 +159,8 @@ pub enum ErrorTemplate {
NotFound,
#[template(path = "error/500.html")]
InternalServer,
#[template(path = "error/403.html")]
Forbidden,
}
#[derive(Template)]

221
templates/base.html
View File

@@ -1,110 +1,125 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta name="description" content="zero2prod newsletter" />
<meta name="keywords" content="newsletter, rust, axum, htmx" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<title>
{% block title %}{% endblock %}
- zero2prod
</title>
<link href="/assets/css/main.css" rel="stylesheet" />
<script src="/assets/js/htmx.min.js"></script>
</head>
<body class="bg-gray-50 min-h-screen flex flex-col">
<header class="sticky top-0 bg-white/95 backdrop-blur-md shadow-sm border-b border-gray-200 z-40">
<div class="max-w-7xl mx-auto px-4 sm:px-6 lg:px-8">
<div class="flex justify-between items-center h-16">
<div class="flex items-center space-x-4">
<a href="/" class="flex items-center space-x-2 group">
<div class="w-6 h-6 bg-gradient-to-br from-blue-500 to-indigo-600 rounded-xl flex items-center justify-center shadow-lg group-hover:shadow-xl transition-all duration-200">
<svg class="w-4 h-4 text-white group-hover:scale-110 transition-transform duration-200"
fill="none"
viewBox="0 0 24 24"
stroke="currentColor">
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M13 10V3L4 14h7v7l9-11h-7z" />
</svg>
</div>
<span class="text-sm font-bold bg-gradient-to-r from-blue-600 to-indigo-600 bg-clip-text text-transparent">
zero2prod
</span>
</a>
<nav class="hidden md:flex items-center">
<a href="/posts"
class="text-gray-700 hover:text-blue-600 px-4 py-2 rounded-lg text-sm font-medium transition-all duration-200 relative group">
Posts
<span class="absolute inset-x-4 bottom-0 h-0.5 bg-blue-600 scale-x-0 group-hover:scale-x-100 transition-transform duration-200"></span>
</a>
</nav>
</div>
<div class="flex items-center space-x-4">
<a href="/admin/dashboard"
hx-boost="true"
class="hidden md:flex bg-gradient-to-r from-blue-600 to-blue-700 hover:from-blue-700 hover:to-blue-800 text-white px-4 py-2 rounded-lg text-sm font-medium transition-all duration-200 shadow-md hover:shadow-lg transform hover:scale-105">
Dashboard
</a>
<button class="md:hidden p-2 text-gray-700 hover:text-blue-600 hover:bg-blue-50 rounded-lg transition-colors duration-200"
onclick="toggleMobileMenu()">
<svg class="w-5 h-5" fill="none" viewBox="0 0 24 24" stroke="currentColor">
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M4 6h16M4 12h16M4 18h16" />
</svg>
</button>
</div>
</div>
<div id="mobile-menu"
class="hidden md:hidden border-t border-gray-100 pb-4 pt-4">
<nav class="flex flex-col space-y-2">
<a href="/posts"
class="text-gray-700 hover:text-blue-600 hover:bg-blue-50 px-4 py-2 rounded-lg text-sm font-medium transition-colors duration-200">
Posts
</a>
<a href="/admin/dashboard"
hx-boost="true"
class="text-gray-700 hover:text-blue-600 hover:bg-blue-50 px-4 py-2 rounded-lg text-sm font-medium transition-colors duration-200">
Dashboard
</a>
</nav>
</div>
</div>
</header>
<div class="flex flex-1">
<main class="flex-1 lg:ml-0 flex flex-col py-8 px-4 sm:px-6 lg:px-8">
{% block content %}{% endblock %}
</main>
</div>
<footer class="bg-white border-t border-gray-200 mt-auto">
<div class="max-w-7xl mx-auto py-6 px-4 sm:px-6 lg:px-8">
<div class="flex flex-col md:flex-row justify-between items-center">
<div class="flex flex-col md:flex-row items-center space-y-2 md:space-y-0 md:space-x-6">
<div class="flex items-center space-x-4">
<a href="https://gitea.alphonsepaix.xyz/alphonse/zero2prod"
target="_blank"
class="text-sm text-gray-500 hover:text-gray-900 transition-colors flex items-center">
Gitea
<svg class="ml-1 h-3 w-3"
fill="none"
viewBox="0 0 24 24"
stroke="currentColor">
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M10 6H6a2 2 0 00-2 2v10a2 2 0 002 2h10a2 2 0 002-2v-4M14 4h6m0 0v6m0-6L10 14" />
</svg>
</a>
<span class="text-gray-300"></span>
<a href="/unsubscribe"
class="text-sm text-gray-500 hover:text-gray-900 transition-colors">Unsubscribe</a>
<head>
<meta charset="utf-8" />
<meta name="description" content="zero2prod newsletter" />
<meta name="keywords" content="newsletter, rust, axum, htmx" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<title>
{% block title %}{% endblock %}
- zero2prod
</title>
<link href="/assets/css/main.css" rel="stylesheet" />
<script src="/assets/js/htmx.min.js"></script>
</head>
<body class="bg-gray-50 min-h-screen flex flex-col">
<div class="bg-yellow-50 border-b-2 border-yellow-200">
<div class="max-w-7xl mx-auto px-4 sm:px-6 lg:px-8 py-3">
<div class="flex items-center justify-center text-center">
<svg class="w-5 h-5 text-yellow-600 mr-2 flex-shrink-0"
fill="none"
viewBox="0 0 24 24"
stroke="currentColor">
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M13 16h-1v-4h-1m1-4h.01M21 12a9 9 0 11-18 0 9 9 0 0118 0z" />
</svg>
<p class="text-sm text-yellow-800">
This is a personal project, <span class="font-semibold">not</span> a real website. Database is cleared periodically.
</p>
</div>
</div>
</div>
<div class="mt-4 md:mt-0">
<p class="text-xs text-gray-500">Built with ❤️ using Rust, axum & htmx</p>
</div>
</div>
</div>
</footer>
</body>
<header class="sticky top-0 bg-white/95 backdrop-blur-md shadow-sm border-b border-gray-200 z-40">
<div class="max-w-7xl mx-auto px-4 sm:px-6 lg:px-8">
<div class="flex justify-between items-center h-16">
<div class="flex items-center space-x-4">
<a href="/" class="flex items-center space-x-2 group">
<div class="w-6 h-6 bg-gradient-to-br from-blue-500 to-indigo-600 rounded-xl flex items-center justify-center shadow-lg group-hover:shadow-xl transition-all duration-200">
<svg class="w-4 h-4 text-white group-hover:scale-110 transition-transform duration-200"
fill="none"
viewBox="0 0 24 24"
stroke="currentColor">
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M13 10V3L4 14h7v7l9-11h-7z" />
</svg>
</div>
<span class="text-sm font-bold bg-gradient-to-r from-blue-600 to-indigo-600 bg-clip-text text-transparent">
zero2prod
</span>
</a>
<nav class="hidden md:flex items-center">
<a href="/posts"
class="text-gray-700 hover:text-blue-600 px-4 py-2 rounded-lg text-sm font-medium transition-all duration-200 relative group">
Posts
<span class="absolute inset-x-4 bottom-0 h-0.5 bg-blue-600 scale-x-0 group-hover:scale-x-100 transition-transform duration-200"></span>
</a>
</nav>
</div>
<div class="flex items-center space-x-4">
<a href="/dashboard"
hx-boost="true"
class="hidden md:flex bg-gradient-to-r from-blue-600 to-blue-700 hover:from-blue-700 hover:to-blue-800 text-white px-4 py-2 rounded-lg text-sm font-medium transition-all duration-200 shadow-md hover:shadow-lg transform hover:scale-105">
Dashboard
</a>
<button class="md:hidden p-2 text-gray-700 hover:text-blue-600 hover:bg-blue-50 rounded-lg transition-colors duration-200"
onclick="toggleMobileMenu()">
<svg class="w-5 h-5" fill="none" viewBox="0 0 24 24" stroke="currentColor">
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M4 6h16M4 12h16M4 18h16" />
</svg>
</button>
</div>
</div>
<div id="mobile-menu"
class="hidden md:hidden border-t border-gray-100 pb-4 pt-4">
<nav class="flex flex-col space-y-2">
<a href="/posts"
class="text-gray-700 hover:text-blue-600 hover:bg-blue-50 px-4 py-2 rounded-lg text-sm font-medium transition-colors duration-200">
Posts
</a>
<a href="/dashboard"
hx-boost="true"
class="text-gray-700 hover:text-blue-600 hover:bg-blue-50 px-4 py-2 rounded-lg text-sm font-medium transition-colors duration-200">
Dashboard
</a>
</nav>
</div>
</div>
</header>
<div class="flex flex-1">
<main class="flex-1 lg:ml-0 flex flex-col py-8 px-4 sm:px-6 lg:px-8">
{% block content %}{% endblock %}
</main>
</div>
<footer class="bg-white border-t border-gray-200 mt-auto">
<div class="max-w-7xl mx-auto py-6 px-4 sm:px-6 lg:px-8">
<div class="flex flex-col md:flex-row justify-between items-center">
<div class="flex flex-col md:flex-row items-center space-y-2 md:space-y-0 md:space-x-6">
<div class="flex items-center space-x-4">
<a href="https://gitea.alphonsepaix.xyz/alphonse/zero2prod"
target="_blank"
class="text-sm text-gray-500 hover:text-gray-900 transition-colors flex items-center">
Gitea
<svg class="ml-1 h-3 w-3"
fill="none"
viewBox="0 0 24 24"
stroke="currentColor">
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M10 6H6a2 2 0 00-2 2v10a2 2 0 002 2h10a2 2 0 002-2v-4M14 4h6m0 0v6m0-6L10 14" />
</svg>
</a>
<span class="text-gray-300"></span>
<a href="/unsubscribe"
class="text-sm text-gray-500 hover:text-gray-900 transition-colors">Unsubscribe</a>
</div>
</div>
<div class="mt-4 md:mt-0">
<p class="text-xs text-gray-500">Built with ❤️ using Rust, axum & htmx</p>
</div>
</div>
</div>
</footer>
</body>
</html>
<script>
function toggleMobileMenu() {
const menu = document.getElementById('mobile-menu');
menu.classList.toggle('hidden');
}
function toggleMobileMenu() {
const menu = document.getElementById('mobile-menu');
menu.classList.toggle('hidden');
}
</script>

59
templates/dashboard/change_password.html
View File

@@ -1,59 +0,0 @@
<div class="bg-white rounded-lg shadow-md border border-gray-200 lg:col-span-2">
<div class="p-6 border-b border-gray-200">
<h2 class="text-xl font-semibold text-gray-900 flex items-center">
<svg class="w-5 h-5 text-green-600 mr-2"
fill="none"
viewBox="0 0 24 24"
stroke="currentColor">
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M12 15v2m-6 4h12a2 2 0 002-2v-6a2 2 0 00-2-2H6a2 2 0 00-2 2v6a2 2 0 002 2zm10-10V7a4 4 0 00-8 0v4h8z" />
</svg>
Change your password
</h2>
<p class="text-sm text-gray-600 mt-1">Set a new password for your account.</p>
</div>
<div class="p-6">
<form hx-post="/admin/password"
hx-target="#password-messages"
hx-swap="innerHTML"
class="space-y-4">
<div>
<label for="current_password"
class="block text-sm font-medium text-gray-700 mb-2">Current password</label>
<input type="password"
id="current_password"
name="current_password"
required
class="w-full px-3 py-2 border border-gray-300 rounded-md focus:outline-none focus:ring-2 focus:ring-green-500 focus:border-green-500" />
</div>
<div>
<label for="new_password"
class="block text-sm font-medium text-gray-700 mb-2">New password</label>
<input type="password"
id="new_password"
name="new_password"
required
class="w-full px-3 py-2 border border-gray-300 rounded-md focus:outline-none focus:ring-2 focus:ring-green-500 focus:border-green-500" />
</div>
<div>
<label for="new_password_check"
class="block text-sm font-medium text-gray-700 mb-2">Confirm new password</label>
<input type="password"
id="new_password_check"
name="new_password_check"
required
class="w-full px-3 py-2 border border-gray-300 rounded-md focus:outline-none focus:ring-2 focus:ring-green-500 focus:border-green-500" />
</div>
<button type="submit"
class="w-full bg-green-600 text-white hover:bg-green-700 font-medium py-3 px-4 rounded-md transition-colors flex items-center justify-center">
<svg class="w-4 h-4 mr-2"
fill="none"
viewBox="0 0 24 24"
stroke="currentColor">
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M4 4v5h.582m15.356 2A8.001 8.001 0 004.582 9m0 0H9m11 11v-5h-.581m0 0a8.003 8.003 0 01-15.357-2m15.357 2H15" />
</svg>
Update password
</button>
<div id="password-messages" class="mt-4"></div>
</form>
</div>
</div>

32
templates/dashboard/comments/card.html
View File

@@ -3,13 +3,20 @@
<div class="flex items-start justify-between">
<div class="flex-1 min-w-0">
<div class="mb-1">
<span class="text-sm font-medium text-gray-900">
{% if let Some(name) = comment.author %}
{{ name }}
{% else %}
Anonymous
{% endif %}
</span>
{% if let Some(user_id) = comment.user_id %}
<a href="/users/{{ comment.username.as_ref().unwrap() }}"
class="font-semibold text-blue-800 hover:text-blue-600 hover:underline">
{{ comment.username.as_ref().unwrap() }}
</a>
{% else %}
<span class="font-medium text-gray-600">
{% if let Some(name) = comment.author %}
{{ name }}
{% else %}
Anonymous
{% endif %}
</span>
{% endif %}
</div>
<p class="text-sm text-gray-700 mb-2 line-clamp-2">{{ comment.content }}</p>
<div class="flex items-center text-xs text-gray-500 mb-1">
@@ -17,8 +24,7 @@
fill="none"
viewBox="0 0 24 24"
stroke="currentColor">
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2"
d="M8 7V3m8 4V3m-9 8h10M5 21h14a2 2 0 002-2V7a2 2 0 00-2-2H5a2 2 0 00-2 2v12a2 2 0 002 2z"/>
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M8 7V3m8 4V3m-9 8h10M5 21h14a2 2 0 002-2V7a2 2 0 00-2-2H5a2 2 0 00-2 2v12a2 2 0 002 2z" />
</svg>
<time datetime="{{ comment.published_at }}">
{{ comment.formatted_date() }}
@@ -26,9 +32,8 @@
</div>
<div class="flex items-center text-xs text-gray-500">
<span class="mr-1">on</span>
<a href="/posts/{{ comment.post_id }}" class="text-blue-600 hover:underline truncate">
#{{ comment.post_id }}
</a>
<a href="/posts/{{ comment.post_id }}"
class="text-blue-600 hover:underline truncate">#{{ comment.post_id }}</a>
</div>
</div>
<button hx-delete="/admin/comments/{{ comment.comment_id }}"
@@ -40,8 +45,7 @@
fill="none"
viewBox="0 0 24 24"
stroke="currentColor">
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2"
d="M19 7l-.867 12.142A2 2 0 0116.138 21H7.862a2 2 0 01-1.995-1.858L5 7m5 4v6m4-6v6m1-10V4a1 1 0 00-1-1h-4a1 1 0 00-1 1v3M4 7h16"/>
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M19 7l-.867 12.142A2 2 0 0116.138 21H7.862a2 2 0 01-1.995-1.858L5 7m5 4v6m4-6v6m1-10V4a1 1 0 00-1-1h-4a1 1 0 00-1 1v3M4 7h16" />
</svg>
</button>
</div>

3
templates/dashboard/dashboard.html
View File

@@ -14,7 +14,7 @@
</span>
{% endif %}
</p>
<button hx-get="/admin/logout"
<button hx-get="/logout"
type="submit"
class="flex items-center text-sm text-gray-500 hover:text-red-600 transition-colors cursor-pointer gap-1 mt-2">
<svg class="w-4 h-4" fill="none" viewBox="0 0 24 24" stroke="currentColor">
@@ -29,7 +29,6 @@
<div class="grid grid-cols-1 lg:grid-cols-2 gap-8 mb-8">
{% include "publish.html" %}
{% include "send_email.html" %}
{% include "change_password.html" %}
</div>
{% if user.is_admin() %}

12
templates/dashboard/publish.html
View File

@@ -5,25 +5,26 @@
fill="none"
viewBox="0 0 24 24"
stroke="currentColor">
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M12 20h9M12 4h9M5 4h.01M5 20h.01M5 12h.01M9 16h6M9 8h6" />
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2"
d="M12 20h9M12 4h9M5 4h.01M5 20h.01M5 12h.01M9 16h6M9 8h6"/>
</svg>
Write a new post
</h2>
<p class="text-sm text-gray-600 mt-1">Publish a new post online. Subscribers will be notified.</p>
</div>
<div class="p-6">
<form hx-post="/admin/posts"
<form hx-post="/posts"
hx-target="#post-messages"
hx-swap="innerHTML"
class="space-y-4">
<input type="hidden" name="idempotency_key" value="{{ idempotency_key_1 }}" />
<input type="hidden" name="idempotency_key" value="{{ idempotency_key_1 }}"/>
<div>
<label for="post-title" class="block text-sm font-medium text-gray-700 mb-2">Title</label>
<input type="text"
id="post-title"
name="title"
required
class="w-full px-3 py-2 border border-gray-300 rounded-md focus:outline-none focus:ring-2 focus:ring-purple-500 focus:border-purple-500" />
class="w-full px-3 py-2 border border-gray-300 rounded-md focus:outline-none focus:ring-2 focus:ring-purple-500 focus:border-purple-500"/>
</div>
<div>
<label for="post-content"
@@ -40,7 +41,8 @@
fill="none"
viewBox="0 0 24 24"
stroke="currentColor">
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M12 20h9M12 4h9M5 4h.01M5 20h.01M5 12h.01M9 16h6M9 8h6" />
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2"
d="M12 20h9M12 4h9M5 4h.01M5 20h.01M5 12h.01M9 16h6M9 8h6"/>
</svg>
Publish
</button>

12
templates/dashboard/send_email.html
View File

@@ -5,18 +5,19 @@
fill="none"
viewBox="0 0 24 24"
stroke="currentColor">
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M11 5.882V19.24a1.76 1.76 0 01-3.417.592l-2.147-6.15M18 13a3 3 0 100-6M5.436 13.683A4.001 4.001 0 017 6h1.832c4.1 0 7.625-1.234 9.168-3v14c-1.543-1.766-5.067-3-9.168-3H7a3.988 3.988 0 01-1.564-.317z" />
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2"
d="M11 5.882V19.24a1.76 1.76 0 01-3.417.592l-2.147-6.15M18 13a3 3 0 100-6M5.436 13.683A4.001 4.001 0 017 6h1.832c4.1 0 7.625-1.234 9.168-3v14c-1.543-1.766-5.067-3-9.168-3H7a3.988 3.988 0 01-1.564-.317z"/>
</svg>
Send an email
</h2>
<p class="text-sm text-gray-600 mt-1">Contact your subscribers directly.</p>
</div>
<div class="p-6">
<form hx-post="/admin/newsletters"
<form hx-post="/newsletters"
hx-target="#newsletter-messages"
hx-swap="innerHTML"
class="space-y-4">
<input type="hidden" name="idempotency_key" value="{{ idempotency_key_2 }}" />
<input type="hidden" name="idempotency_key" value="{{ idempotency_key_2 }}"/>
<div>
<label for="newsletter-title"
class="block text-sm font-medium text-gray-700 mb-2">Subject</label>
@@ -24,7 +25,7 @@
id="newsletter-title"
name="title"
required
class="w-full px-3 py-2 border border-gray-300 rounded-md focus:outline-none focus:ring-2 focus:ring-blue-500 focus:border-blue-500" />
class="w-full px-3 py-2 border border-gray-300 rounded-md focus:outline-none focus:ring-2 focus:ring-blue-500 focus:border-blue-500"/>
</div>
<div>
<label for="newsletter-html"
@@ -50,7 +51,8 @@
fill="none"
viewBox="0 0 24 24"
stroke="currentColor">
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M12 19l9 2-9-18-9 18 9-2zm0 0v-8" />
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2"
d="M12 19l9 2-9-18-9 18 9-2zm0 0v-8"/>
</svg>
Send
</button>

39
templates/error/403.html Normal file
View File

@@ -0,0 +1,39 @@
{% extends "base.html" %}
{% block title %}403{% endblock %}
{% block content %}
<div class="flex-1 flex items-center justify-center">
<div class="max-w-4xl mx-auto text-center">
<div class="mb-8">
<h1 class="text-4xl font-semibold text-gray-700 mb-4">403</h1>
<h2 class="text-2xl font-semibold text-gray-500 mb-6">Forbidden</h2>
<p class="text-gray-600 mb-8 max-w-2xl mx-auto">
You don't have permission to access this page.
</p>
<div class="flex flex-col sm:flex-row gap-4 justify-center items-center">
<a href="/"
class="bg-blue-600 text-white hover:bg-blue-700 px-6 py-3 rounded-md font-medium transition-colors flex items-center">
<svg class="w-4 h-4 mr-2"
fill="none"
viewBox="0 0 24 24"
stroke="currentColor">
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2"
d="M3 12l2-2m0 0l7-7 7 7M5 10v10a1 1 0 001 1h3m10-11l2 2m-2-2v10a1 1 0 01-1 1h-3m-6 0a1 1 0 001-1v-4a1 1 0 011-1h2a1 1 0 011 1v4a1 1 0 001 1m-6 0h6"/>
</svg>
Home
</a>
<a href="/dashboard"
class="bg-white text-gray-700 hover:text-blue-600 hover:bg-blue-50 border border-gray-300 px-6 py-3 rounded-md font-medium transition-colors flex items-center">
<svg class="w-4 h-4 mr-2"
fill="none"
viewBox="0 0 24 24"
stroke="currentColor">
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2"
d="M11 16l-4-4m0 0l4-4m-4 4h14m-5 4v1a3 3 0 01-3 3H6a3 3 0 01-3-3V7a3 3 0 013-3h7a3 3 0 013 3v1"/>
</svg>
Dashboard
</a>
</div>
</div>
</div>
</div>
{% endblock %}

233
templates/input.css
View File

@@ -1,150 +1,151 @@
@import "tailwindcss";
@plugin "@tailwindcss/typography";
@layer utilities {
.htmx-indicator {
@apply hidden;
}
.htmx-indicator {
@apply hidden;
}
.htmx-request .htmx-indicator {
@apply inline-flex items-center ml-2;
}
.htmx-request .htmx-indicator {
@apply inline-flex items-center ml-2;
}
#load-more .htmx-indicator {
@apply block;
}
#load-more .htmx-indicator {
@apply block;
}
.htmx-request .continue-text {
@apply hidden;
}
.htmx-request .continue-text {
@apply hidden;
}
}
@layer components {
.prose-compact {
@apply prose prose-slate max-w-none;
.prose-compact {
@apply prose prose-slate max-w-none;
--tw-prose-body: theme(colors.gray.700);
--tw-prose-headings: theme(colors.gray.900);
--tw-prose-links: theme(colors.blue.600);
--tw-prose-code: theme(colors.gray.800);
}
--tw-prose-body: theme(colors.gray.700);
--tw-prose-headings: theme(colors.gray.900);
--tw-prose-links: theme(colors.blue.600);
--tw-prose-code: theme(colors.gray.800);
}
.prose-compact p {
@apply mb-2 mt-0;
}
.prose-compact p {
@apply mb-2 mt-0;
}
.prose-compact h1 {
@apply pb-2 mb-3 border-b-2 border-gray-100;
}
.prose-compact h1 {
@apply pb-2 mb-3 border-b-2 border-gray-200;
}
.prose-compact h2 {
@apply mt-4 pb-2 mb-3 border-b-2 border-gray-100 font-semibold;
}
.prose-compact h2 {
@apply mt-4 pb-2 mb-3 border-b-2 border-gray-200 font-semibold;
}
.prose-compact h3 {
@apply mt-3 mb-1;
}
.prose-compact h3 {
@apply mt-3 mb-1;
}
.prose-compact h4,
.prose-compact h5,
.prose-compact h6 {
@apply mt-2 mb-1;
}
.prose-compact h4,
.prose-compact h5,
.prose-compact h6 {
@apply mt-2 mb-1;
}
.prose-compact ul,
.prose-compact ol {
@apply my-2 space-y-0;
}
.prose-compact ul,
.prose-compact ol {
@apply my-2 space-y-0;
}
.prose-compact li {
@apply my-0;
}
.prose-compact li {
@apply my-0;
}
.prose-compact blockquote {
@apply my-3 py-2;
}
.prose-compact blockquote {
@apply my-3 py-2;
}
.prose-compact img {
@apply m-0 align-top;
}
.prose-compact img {
@apply m-0 align-top;
}
.prose-compact a:has(img) {
@apply no-underline border-0 inline-block align-top;
}
.prose-compact a:has(img) {
@apply no-underline border-0 inline-block align-top;
}
.prose-compact a img {
@apply inline-block align-top;
}
.prose-compact a img {
@apply inline-block align-top;
}
.prose-compact :not(pre) > code {
@apply bg-gray-100 text-gray-800 px-1.5 py-0.5 rounded text-sm font-mono font-normal;
}
.prose-compact :not(pre) > code {
@apply bg-gray-100 text-gray-800 px-1.5 py-0.5 rounded text-sm font-mono font-normal;
}
.prose-compact :not(pre) > code::before,
.prose-compact :not(pre) > code::after {
content: none !important;
}
.prose-compact :not(pre) > code::before,
.prose-compact :not(pre) > code::after {
content: none !important;
}
.prose-compact pre {
@apply my-3 p-4 bg-gray-100 text-gray-800 rounded-sm overflow-x-auto border border-gray-200;
overflow-x: auto;
max-width: 100%;
width: 0;
min-width: 100%;
}
.prose-compact pre {
@apply my-3 p-4 bg-gray-100 text-gray-800 rounded-sm overflow-x-auto border border-gray-200;
overflow-x: auto;
max-width: 100%;
width: 0;
min-width: 100%;
}
.prose-compact pre code {
@apply bg-transparent text-gray-800 p-0 rounded-none;
}
.prose-compact pre code {
@apply bg-transparent text-gray-800 p-0 rounded-none;
}
.prose-compact pre code::before,
.prose-compact pre code::after {
content: none !important;
}
.prose-compact pre code::before,
.prose-compact pre code::after {
content: none !important;
}
.prose-compact table {
border-collapse: collapse;
border-spacing: 0;
@apply my-6;
font-size: 14px;
line-height: 1.45;
display: block;
overflow-x: auto;
width: 100%;
min-width: 100%;
max-width: 100%;
}
.prose-compact table {
border-collapse: collapse;
border-spacing: 0;
@apply my-6;
font-size: 14px;
line-height: 1.45;
display: block;
overflow-x: auto;
width: 100%;
min-width: 100%;
max-width: 100%;
}
.prose-compact table thead,
.prose-compact table tbody {
display: table;
width: 100%;
table-layout: fixed;
}
.prose-compact table thead,
.prose-compact table tbody {
display: table;
width: 100%;
table-layout: fixed;
}
.prose-compact table tr {
display: table-row;
background-color: #fff;
border-top: 1px solid #c6cbd1;
}
.prose-compact table tr {
display: table-row;
background-color: #fff;
border-top: 1px solid #c6cbd1;
}
.prose-compact table tr:nth-child(2n) {
background-color: #f6f8fa;
}
.prose-compact table tr:nth-child(2n) {
background-color: #f6f8fa;
}
.prose-compact table th,
.prose-compact table td {
display: table-cell;
padding: 6px 13px;
border: 1px solid #dfe2e5;
white-space: normal;
word-wrap: break-word;
overflow-wrap: break-word;
min-width: 0;
}
.prose-compact table th,
.prose-compact table td {
display: table-cell;
padding: 6px 13px;
border: 1px solid #dfe2e5;
white-space: normal;
word-wrap: break-word;
overflow-wrap: break-word;
min-width: 0;
}
.prose-compact table th {
font-weight: 600;
background-color: #f6f8fa;
}
.prose-compact table th {
font-weight: 600;
background-color: #f6f8fa;
}
}

22
templates/posts/card.html
View File

@@ -3,16 +3,17 @@
<div class="flex items-start justify-between">
<div class="flex-1 min-w-0">
<a href="/posts/{{ post.post_id }}">
<h2 class="text-xl font-semibold text-gray-900 mb-3 hover:text-blue-600 transition-colors">{{
post.title }}</h2>
<h2 class="text-xl font-semibold text-gray-900 mb-3 hover:text-blue-600 transition-colors">
{{
post.title }}
</h2>
</a>
<div class="flex items-center text-sm text-gray-500 mb-1">
<svg class="w-4 h-4 mr-1"
fill="none"
viewBox="0 0 24 24"
stroke="currentColor">
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2"
d="M8 7V3m8 4V3m-9 8h10M5 21h14a2 2 0 002-2V7a2 2 0 00-2-2H5a2 2 0 00-2 2v12a2 2 0 002 2z"/>
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M8 7V3m8 4V3m-9 8h10M5 21h14a2 2 0 002-2V7a2 2 0 00-2-2H5a2 2 0 00-2 2v12a2 2 0 002 2z" />
</svg>
<time datetime="{{ post.published_at }}">
{{ post.formatted_date() }}
@@ -23,11 +24,16 @@
fill="none"
viewBox="0 0 24 24"
stroke="currentColor">
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2"
d="M16 7a4 4 0 11-8 0 4 4 0 018 0zM12 14a7 7 0 00-7 7h14a7 7 0 00-7-7z"/>
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M16 7a4 4 0 11-8 0 4 4 0 018 0zM12 14a7 7 0 00-7 7h14a7 7 0 00-7-7z" />
</svg>
<a href="/users/{{ post.author }}"
class="hover:text-blue-600 hover:underline">{{ post.author }}</a>
class="hover:text-blue-600 hover:underline">
{% if let Some(full_name) = post.full_name %}
{{ full_name }}
{% else %}
{{ post.author }}
{% endif %}
</a>
</div>
</div>
<a href="/posts/{{ post.post_id }}" class="flex-shrink-0 ml-4">
@@ -35,7 +41,7 @@
fill="none"
viewBox="0 0 24 24"
stroke="currentColor">
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M9 5l7 7-7 7"/>
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M9 5l7 7-7 7" />
</svg>
</a>
</div>

27
templates/posts/comments/card.html
View File

@@ -1,5 +1,5 @@
<div class="bg-white rounded-lg p-4 border border-gray-200">
<div class="flex items-start space-x-3">
<div class="flex items-center space-x-3">
<div class="flex-shrink-0">
<div class="w-10 h-10 bg-gray-200 rounded-full flex items-center justify-center">
<svg class="w-5 h-5 text-gray-500"
@@ -11,20 +11,29 @@
</div>
</div>
<div class="flex-1 min-w-0">
<div class="flex items-center space-x-2 mb-1">
<span class="font-medium text-gray-900">
{% if let Some(user_id) = comment.user_id %}
<a href="/users/{{ comment.username.as_ref().unwrap() }}"
class="font-semibold text-blue-600 hover:text-blue-800 hover:underline">
{% if let Some(name) = comment.author %}
{{ name }}
{% else %}
{{ comment.username.as_ref().unwrap() }}
{% endif %}
</a>
{% else %}
<span class="font-medium text-gray-600">
{% if let Some(name) = comment.author %}
{{ name }}
{% else %}
Anonymous
{% endif %}
</span>
<span class="text-gray-400"></span>
<time class="text-sm text-gray-500" datetime="{{ comment.published_at }}">
{{ comment.formatted_date() }}
</time>
</div>
<p class="text-gray-700 whitespace-pre-line">{{ comment.content }}</p>
{% endif %}
<time class="block text-sm text-gray-500 mt-0.5"
datetime="{{ comment.published_at }}">
{{ comment.formatted_date() }}
</time>
</div>
</div>
<p class="text-gray-700 whitespace-pre-line mt-2">{{ comment.content }}</p>
</div>

94
templates/posts/comments/list.html
View File

@@ -7,12 +7,27 @@
hx-target="#form-messages"
hx-swap="innerHTML"
class="space-y-4">
<input type="hidden" name="idempotency_key" value="{{ idempotency_key }}"/>
<input type="hidden" name="idempotency_key" value="{{ idempotency_key }}" />
{% if session_user_id.is_some() %}
<input type="hidden"
name="user_id"
value="{{ session_user_id.as_ref().unwrap() }}" />
{% endif %}
<div>
<input type="text"
name="author"
placeholder="Your name (optional)"
class="w-full px-4 py-2 border border-gray-300 rounded-md focus:outline-none focus:ring-2 focus:ring-blue-500 focus:border-blue-500">
{% if session_username.is_none() %}
<input type="text"
name="author"
placeholder="Your name (optional)"
class="w-full px-4 py-2 border border-gray-300 rounded-md focus:outline-none focus:ring-2 focus:ring-blue-500 focus:border-blue-500">
{% else %}
<input type="text"
name="author"
value="{{ session_username.as_ref().unwrap() }}"
readonly
disabled
class="w-full px-4 py-2 border border-gray-200 rounded-md bg-gray-50 text-gray-600 cursor-not-allowed">
<p class="text-sm text-gray-500 mt-1">You are authenticated.</p>
{% endif %}
</div>
<div>
<textarea name="content"
@@ -29,42 +44,41 @@
</form>
</div>
{% block comments %}
{% if comments.is_empty() %}
<div id="comments-list" class="text-center py-8 text-gray-500">
<svg class="w-12 h-12 mx-auto mb-3 text-gray-400"
fill="none"
viewBox="0 0 24 24"
stroke="currentColor">
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2"
d="M8 12h.01M12 12h.01M16 12h.01M21 12c0 4.418-4.03 8-9 8a9.863 9.863 0 01-4.255-.949L3 20l1.395-3.72C3.512 15.042 3 13.574 3 12c0-4.418 4.03-8 9-8s9 3.582 9 8z"/>
</svg>
<p>No comments yet. Be the first to comment!</p>
</div>
{% else %}
{% let post_id = comments[0].post_id %}
<div id="comments-list" class="space-y-4">
{% for comment in comments %}
{% include "posts/comments/card.html" %}
{% endfor %}
<div id="load-more-comments" class="text-center mt-6">
{% if current_page < max_page %}
<div class="flex flex-col items-center space-y-6">
<button hx-get="/posts/{{ post_id }}/comments?page={{ current_page + 1 }}"
hx-target="#load-more-comments"
hx-swap="outerHTML"
hx-indicator="#comment-indicator"
class="text-center bg-gray-200 text-gray-700 hover:bg-gray-300 font-medium py-2 px-6 rounded-md transition-colors">
Load more comments
</button>
<span id="comment-indicator" class="htmx-indicator">
{% if comments.is_empty() %}
<div id="comments-list" class="text-center py-8 text-gray-500">
<svg class="w-12 h-12 mx-auto mb-3 text-gray-400"
fill="none"
viewBox="0 0 24 24"
stroke="currentColor">
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M8 12h.01M12 12h.01M16 12h.01M21 12c0 4.418-4.03 8-9 8a9.863 9.863 0 01-4.255-.949L3 20l1.395-3.72C3.512 15.042 3 13.574 3 12c0-4.418 4.03-8 9-8s9 3.582 9 8z" />
</svg>
<p>No comments yet. Be the first to comment!</p>
</div>
{% else %}
{% let post_id = comments[0].post_id %}
<div id="comments-list" class="space-y-4">
{% for comment in comments %}
{% include "posts/comments/card.html" %}
{% endfor %}
<div id="load-more-comments" class="text-center mt-6">
{% if current_page < max_page %}
<div class="flex flex-col items-center space-y-6">
<button hx-get="/posts/{{ post_id }}/comments?page={{ current_page + 1 }}"
hx-target="#load-more-comments"
hx-swap="outerHTML"
hx-indicator="#comment-indicator"
class="text-center bg-gray-200 text-gray-700 hover:bg-gray-300 font-medium py-2 px-6 rounded-md transition-colors">
Load more comments
</button>
<span id="comment-indicator" class="htmx-indicator">
{% call macros::spinner(class="text-gray-300 w-6 h-6", highlight_class="text-gray-700", size=24) %}
</span>
</div>
{% else %}
<p class="text-gray-600">No more comments. Check back later for more!</p>
</div>
{% else %}
<p class="text-gray-600">No more comments. Check back later for more!</p>
{% endif %}
</div>
</div>
{% endif %}
</div>
</div>
{% endif %}
</div>
{% endblock %}
{% endblock %}

78
templates/posts/page.html
View File

@@ -3,8 +3,8 @@
{% block content %}
<div class="max-w-3xl mx-auto">
<article>
<header class="pb-4 mb-2 border-b-2 border-gray-300 border-dashed">
<h1 class="text-3xl md:text-4xl font-bold text-gray-900 mb-4 leading-tight">{{ post.title }}</h1>
<header class="mb-4 space-y-4">
<h1 class="text-4xl font-bold text-gray-900 leading-tight">{{ post.title }}</h1>
<div class="flex flex-col sm:flex-row sm:items-center sm:justify-between text-sm text-gray-600">
<div class="flex items-center space-x-4">
<div class="flex items-center">
@@ -17,7 +17,13 @@
</svg>
</div>
<a href="/users/{{ post.author }}"
class="hover:text-blue-600 hover:underline font-medium">{{ post.author }}</a>
class="hover:text-blue-600 hover:underline font-medium">
{% if let Some(full_name) = post.full_name %}
{{ full_name }}
{% else %}
{{ post.author }}
{% endif %}
</a>
</div>
<div class="flex items-center">
<svg class="w-4 h-4 mr-1 text-gray-400"
@@ -31,11 +37,73 @@
</time>
</div>
</div>
{% if session_user_id.as_ref() == Some(post.author_id) %}
<div class="mt-4 sm:mt-0">
<button onclick="document.getElementById('edit-form').classList.toggle('hidden')"
class="inline-flex items-center px-3 py-1.5 bg-blue-600 hover:bg-blue-700 text-white text-sm font-medium rounded-md transition-colors">
<svg class="w-4 h-4 mr-1"
fill="none"
viewBox="0 0 24 24"
stroke="currentColor">
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M11 5H6a2 2 0 00-2 2v11a2 2 0 002 2h11a2 2 0 002-2v-5m-1.414-9.414a2 2 0 112.828 2.828L11.828 15H9v-2.828l8.586-8.586z" />
</svg>
Edit
</button>
</div>
{% endif %}
</div>
{% if let Some(modified) = post.last_modified %}
<span class="text-sm italic text-gray-500">Last modified on {{ modified.format("%B %d, %Y") }} at {{ modified.format("%H:%M") }}</span>
{% endif %}
</header>
<div class="prose-compact">{{ post.content | safe }}</div>
{% if session_user_id.as_ref() == Some(post.author_id) %}
<div id="edit-form"
class="hidden bg-gray-50 border border-gray-200 rounded-lg p-6">
<h2 class="text-xl font-bold text-gray-900 mb-4">Edit post</h2>
<form hx-put="/posts/{{ post.post_id }}"
hx-target="#edit-messages"
hx-swap="innerHTML">
<div class="mb-4">
<label for="title" class="block text-sm font-medium text-gray-700 mb-2">Title</label>
<input type="text"
id="title"
name="title"
value="{{ post.title }}"
required
class="w-full px-3 py-2 border border-gray-300 rounded-md shadow-sm focus:outline-none focus:ring-2 focus:ring-blue-500 focus:border-blue-500">
</div>
<div class="mb-4">
<label for="content" class="block text-sm font-medium text-gray-700 mb-2">Content (markdown)</label>
<textarea id="content"
name="content"
rows="12"
required
class="w-full px-3 py-2 border border-gray-300 rounded-md shadow-sm focus:outline-none focus:ring-2 focus:ring-blue-500 focus:border-blue-500 font-mono text-sm">{{ post.content }}</textarea>
</div>
<div class="flex items-center space-x-3">
<button type="submit"
class="inline-flex items-center px-4 py-2 bg-blue-600 hover:bg-blue-700 text-white font-medium rounded-md transition-colors">
<svg class="w-4 h-4 mr-2"
fill="none"
viewBox="0 0 24 24"
stroke="currentColor">
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M5 13l4 4L19 7" />
</svg>
Save changes
</button>
<button type="button"
onclick="document.getElementById('edit-form').classList.add('hidden')"
class="inline-flex items-center px-4 py-2 bg-gray-200 hover:bg-gray-300 text-gray-700 font-medium rounded-md transition-colors">
Cancel
</button>
</div>
</form>
<div id="edit-messages" class="mt-6"></div>
</div>
{% endif %}
<div id="content-display" class="prose-compact">{{ post_html | safe }}</div>
</article>
<div class="mt-12">{% include "posts/comments/list.html" %}</div>
<div class="mt-8">{% include "posts/comments/list.html" %}</div>
<div class="mt-8 bg-gradient-to-r from-blue-600 to-indigo-700 rounded-lg shadow-lg text-white p-8 text-center">
<h3 class="text-2xl font-bold mb-2">Enjoyed this post?</h3>
<p class="text-blue-100 mb-4">Subscribe to my newsletter for more insights on Rust backend development.</p>

74
templates/user/activity.html
View File

@@ -1,47 +1,47 @@
<div class="bg-white rounded-lg shadow-md border border-gray-200">
<h2 class="text-xl font-semibold text-gray-900 pb-4 pt-8 px-8">Activity</h2>
<h2 class="text-xl font-semibold text-gray-900 px-8 py-6 border-b border-gray-200">Activity</h2>
{% if posts.is_empty() %}
<div class="text-center text-gray-500 p-8">
<svg class="w-12 h-12 mx-auto mb-3 text-gray-400"
fill="none"
viewBox="0 0 24 24"
stroke="currentColor">
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2"
d="M9 12h6m-6 4h6m2 5H7a2 2 0 01-2-2V5a2 2 0 012-2h5.586a1 1 0 01.707.293l5.414 5.414a1 1 0 01.293.707V19a2 2 0 01-2 2z"/>
</svg>
<p>No posts yet</p>
</div>
<div class="text-center text-gray-500 p-8">
<svg class="w-12 h-12 mx-auto mb-3 text-gray-400"
fill="none"
viewBox="0 0 24 24"
stroke="currentColor">
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M9 12h6m-6 4h6m2 5H7a2 2 0 01-2-2V5a2 2 0 012-2h5.586a1 1 0 01.707.293l5.414 5.414a1 1 0 01.293.707V19a2 2 0 01-2 2z" />
</svg>
<p>No posts yet</p>
</div>
{% else %}
<div class="divide-y divide-gray-200 pb-8">
{% for post in posts %}
<a href="/posts/{{ post.post_id }}"
class="block py-4 hover:bg-gray-50 px-8 transition-colors group">
<div class="flex items-start justify-between">
<div class="flex-1 min-w-0">
<h3 class="text-base font-medium text-gray-900 group-hover:text-blue-600 transition-colors mb-1">{{
post.title }}</h3>
<div class="flex items-center text-sm text-gray-500">
<svg class="w-4 h-4 mr-1.5"
<div class="divide-y divide-gray-200">
{% for post in posts %}
<a href="/posts/{{ post.post_id }}"
class="block hover:bg-gray-50 px-8 py-5 transition-colors group">
<div class="flex items-start justify-between">
<div class="flex-1 min-w-0">
<h3 class="text-base font-medium text-gray-900 group-hover:text-blue-600 transition-colors mb-1">
{{
post.title }}
</h3>
<div class="flex items-center text-sm text-gray-500">
<svg class="w-4 h-4 mr-1.5"
fill="none"
viewBox="0 0 24 24"
stroke="currentColor">
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M8 7V3m8 4V3m-9 8h10M5 21h14a2 2 0 002-2V7a2 2 0 00-2-2H5a2 2 0 00-2 2v12a2 2 0 002 2z" />
</svg>
<time datetime="{{ post.published_at }}">
{{ post.formatted_date() }}
</time>
</div>
</div>
<svg class="w-5 h-5 text-gray-400 group-hover:text-blue-600 transition-colors flex-shrink-0 ml-4"
fill="none"
viewBox="0 0 24 24"
stroke="currentColor">
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2"
d="M8 7V3m8 4V3m-9 8h10M5 21h14a2 2 0 002-2V7a2 2 0 00-2-2H5a2 2 0 00-2 2v12a2 2 0 002 2z"/>
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M9 5l7 7-7 7" />
</svg>
<time datetime="{{ post.published_at }}">
{{ post.formatted_date() }}
</time>
</div>
</div>
<svg class="w-5 h-5 text-gray-400 group-hover:text-blue-600 transition-colors flex-shrink-0 ml-4"
fill="none"
viewBox="0 0 24 24"
stroke="currentColor">
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M9 5l7 7-7 7"/>
</svg>
</div>
</a>
{% endfor %}
</div>
</a>
{% endfor %}
</div>
{% endif %}
</div>

14
templates/user/edit.html Normal file
View File

@@ -0,0 +1,14 @@
{% extends "base.html" %}
{% block title %}Edit profile{% endblock %}
{% block content %}
<div class="max-w-5xl mx-auto p-4 sm:p-6">
<div class="mb-8">
<h1 class="text-3xl font-bold text-gray-900">Edit your profile</h1>
<p class="mt-2 text-gray-600">Manage your profile and account settings.</p>
</div>
<div class="grid grid-cols-1 lg:grid-cols-2 gap-8">
{% include "edit/update_profile.html" %}
{% include "edit/change_password.html" %}
</div>
</div>
{% endblock %}

46
templates/user/edit/change_password.html Normal file
View File

@@ -0,0 +1,46 @@
<div class="bg-white rounded-lg shadow-md border border-gray-200 p-8">
<h2 class="text-xl font-semibold text-gray-900 mb-6">Password</h2>
<form hx-post="/password"
hx-target="#password-messages"
hx-swap="innerHTML"
class="space-y-4">
<div>
<label for="current_password"
class="block text-sm font-medium text-gray-700 mb-2">Current password</label>
<input type="password"
id="current_password"
name="current_password"
required
class="w-full px-3 py-2 border border-gray-300 rounded-md focus:outline-none focus:ring-2 focus:ring-green-500 focus:border-green-500" />
</div>
<div>
<label for="new_password"
class="block text-sm font-medium text-gray-700 mb-2">New password</label>
<input type="password"
id="new_password"
name="new_password"
required
class="w-full px-3 py-2 border border-gray-300 rounded-md focus:outline-none focus:ring-2 focus:ring-green-500 focus:border-green-500" />
</div>
<div>
<label for="new_password_check"
class="block text-sm font-medium text-gray-700 mb-2">Confirm new password</label>
<input type="password"
id="new_password_check"
name="new_password_check"
required
class="w-full px-3 py-2 border border-gray-300 rounded-md focus:outline-none focus:ring-2 focus:ring-green-500 focus:border-green-500" />
</div>
<button type="submit"
class="w-full bg-green-600 text-white hover:bg-green-700 font-medium py-3 px-4 rounded-md transition-colors flex items-center justify-center">
<svg class="w-4 h-4 mr-2"
fill="none"
viewBox="0 0 24 24"
stroke="currentColor">
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M4 4v5h.582m15.356 2A8.001 8.001 0 004.582 9m0 0H9m11 11v-5h-.581m0 0a8.003 8.003 0 01-15.357-2m15.357 2H15" />
</svg>
Update
</button>
<div id="password-messages" class="mt-4"></div>
</form>
</div>

42
templates/user/edit/update_profile.html Normal file
View File

@@ -0,0 +1,42 @@
<div class="bg-white rounded-lg shadow-md border border-gray-200 p-8">
<h2 class="text-xl font-semibold text-gray-900 mb-6">Profile settings</h2>
<form hx-put="/users/edit"
hx-target="#edit-messages"
hx-swap="innerHTML"
class="space-y-6">
<input type="hidden" name="user_id" value="{{ user.user_id }}" />
<div>
<label for="username" class="block text-sm font-medium text-gray-700 mb-1">Username</label>
<input type="text"
name="username"
id="username"
value="{{ user.username }}"
class="w-full px-3 py-2 border border-gray-300 rounded-md focus:outline-none focus:ring-2 focus:ring-blue-500 focus:border-blue-500">
</div>
<div>
<label for="full_name" class="block text-sm font-medium text-gray-700 mb-1">Full Name</label>
<input type="text"
id="full_name"
name="full_name"
value="{{ user.full_name.as_deref().unwrap_or("") }}"
placeholder="John Doe"
class="w-full px-3 py-2 border border-gray-300 rounded-md focus:outline-none focus:ring-2 focus:ring-blue-500 focus:border-blue-500">
<p class="mt-1 text-xs text-gray-500">Your real name (optional)</p>
</div>
<div>
<label for="bio" class="block text-sm font-medium text-gray-700 mb-1">Bio</label>
<textarea id="bio"
name="bio"
rows="4"
maxlength="500"
placeholder="Tell us about yourself..."
class="w-full px-3 py-2 border border-gray-300 rounded-md focus:outline-none focus:ring-2 focus:ring-blue-500 focus:border-blue-500">{{ user.bio.as_deref().unwrap_or("") }}</textarea>
<p class="mt-1 text-xs text-gray-500">Maximum 500 characters</p>
</div>
<button type="submit"
class="w-full bg-blue-600 text-white hover:bg-blue-700 font-medium py-2 px-4 rounded-md transition-colors">
Save changes
</button>
<div id="edit-messages"></div>
</form>
</div>

40
templates/user/profile.html
View File

@@ -2,25 +2,39 @@
{% block title %}{{ user.username }}{% endblock %}
{% block content %}
<div class="max-w-4xl mx-auto p-4 sm:p-6">
<div class="bg-white rounded-lg shadow-md border border-gray-200 p-8 mb-6">
<div class="bg-white rounded-2xl shadow-sm border border-gray-200 p-6 sm:p-8 space-y-6">
<div class="flex flex-col sm:flex-row items-center sm:items-start gap-6">
<div class="flex-shrink-0">
<div class="w-24 h-24 bg-gradient-to-br from-blue-500 to-indigo-600 rounded-full flex items-center justify-center text-white text-3xl font-bold shadow-lg">
<div class="w-24 h-24 rounded-full bg-gradient-to-br from-blue-500 to-indigo-600 flex items-center justify-center text-white text-3xl font-bold shadow-md">
{{ user.username }}
</div>
</div>
<div class="flex-1 text-center sm:text-left">
<div class="flex flex-col sm:flex-row sm:items-center gap-2 mb-2">
<h1 class="text-3xl font-bold text-gray-900">{{ user.full_name.as_deref().unwrap_or(user.username) }}</h1>
<div class="flex-1 text-center sm:text-left space-y-2">
<div class="flex flex-col sm:flex-row sm:items-center gap-2">
<h1 class="text-3xl font-semibold text-gray-900 tracking-tight">
{{ user.full_name.as_deref().unwrap_or(user.username) }}
</h1>
{% if user.is_admin() %}
<svg class="w-6 h-6 text-blue-600 flex-shrink-0 mx-auto sm:mx-0"
<svg class="w-5 h-5 text-blue-600 flex-shrink-0 mx-auto sm:mx-0"
fill="currentColor"
viewBox="0 0 24 24">
<path d="M12 1L3 5v6c0 5.55 3.84 10.74 9 12 5.16-1.26 9-6.45 9-12V5l-9-4zm0 10.99h7c-.53 4.12-3.28 7.79-7 8.94V12H5V6.3l7-3.11v8.8z" />
</svg>
{% endif %}
</div>
<p class="text-gray-500 text-lg mb-3">@{{ user.username }}</p>
{% if session_user_id.as_ref() == Some(user.user_id) %}
<a href="/users/edit"
class="inline-flex items-center text-sm font-medium text-blue-600 hover:text-blue-700 transition-colors">
<svg class="w-4 h-4 mr-1.5"
fill="none"
viewBox="0 0 24 24"
stroke="currentColor">
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M11 5H6a2 2 0 00-2 2v11a2 2 0 002 2h11a2 2 0 002-2v-5m-1.414-9.414a2 2 0 112.828 2.828L11.828 15H9v-2.828l8.586-8.586z" />
</svg>
Edit
</a>
{% endif %}
<p class="text-gray-500 text-lg">@{{ user.username }}</p>
<div class="flex items-center justify-center sm:justify-start text-sm text-gray-500">
<svg class="w-4 h-4 mr-1.5"
fill="none"
@@ -30,14 +44,20 @@
</svg>
{{ user.formatted_date() }}
</div>
{% if let Some(last_seen) = last_seen %}
<p class="text-sm italic text-gray-400">
Last seen on {{ last_seen.format("%h %d, %Y") }} at {{ last_seen.format("%H:%M") }}
</p>
{% endif %}
</div>
</div>
{% if user.bio.is_some() %}
<div class="mt-6 pt-6 border-t border-gray-200">
<p class="text-gray-700 whitespace-pre-line">{{ user.bio.as_deref().unwrap() }}</p>
<div class="border-t border-gray-100 pt-6">
<p class="text-gray-700 leading-relaxed whitespace-pre-line">{{ user.bio.as_deref().unwrap() }}</p>
</div>
{% endif %}
</div>
{% include "activity.html" %}
<!-- Activity -->
<div class="mt-8">{% include "activity.html" %}</div>
</div>
{% endblock %}

2
tests/api/admin_dashboard.rs
View File

@@ -21,7 +21,7 @@ async fn logout_clears_session_state(connection_pool: PgPool) {
"password": &app.test_user.password,
});
let response = app.post_login(&login_body).await;
assert_is_redirect_to(&response, "/admin/dashboard");
assert_is_redirect_to(&response, "/dashboard");
let html_page = app.get_admin_dashboard_html().await;
assert!(html_page.contains("Connected as"));

2
tests/api/change_password.rs
View File

@@ -85,5 +85,5 @@ async fn changing_password_works(connection_pool: PgPool) {
"password": new_password,
});
let response = app.post_login(login_body).await;
assert_is_redirect_to(&response, "/admin/dashboard");
assert_is_redirect_to(&response, "/dashboard");
}

4
tests/api/comments.rs
View File

@@ -21,7 +21,7 @@ async fn visitor_can_leave_a_comment(connection_pool: PgPool) {
"idempotency_key": "key",
});
app.post_comment(&post_id, &comment_body).await;
let post = app.get_post_html(post_id).await;
let post = app.get_post_html(&post_id).await;
assert!(post.contains(comment_author));
assert!(post.contains(comment_content));
}
@@ -44,7 +44,7 @@ async fn visitor_can_comment_anonymously(connection_pool: PgPool) {
"idempotency_key": "key",
});
app.post_comment(&post_id, &comment_body).await;
let post = app.get_post_html(post_id).await;
let post = app.get_post_html(&post_id).await;
assert!(post.contains("Anonymous"));
assert!(post.contains(comment_content));
}

58
tests/api/helpers.rs
View File

@@ -279,7 +279,7 @@ impl TestApp {
pub async fn get_admin_dashboard(&self) -> reqwest::Response {
self.api_client
.get(format!("{}/admin/dashboard", &self.address))
.get(format!("{}/dashboard", &self.address))
.send()
.await
.expect("Failed to execute request")
@@ -289,6 +289,18 @@ impl TestApp {
self.get_admin_dashboard().await.text().await.unwrap()
}
pub async fn edit_post<Body>(&self, body: &Body, post_id: &Uuid) -> reqwest::Response
where
Body: serde::Serialize,
{
self.api_client
.put(format!("{}/posts/{}", self.address, post_id))
.form(body)
.send()
.await
.expect("Failed to execute request")
}
pub async fn get_posts(&self) -> reqwest::Response {
self.api_client
.get(format!("{}/posts", &self.address))
@@ -301,7 +313,7 @@ impl TestApp {
self.get_posts().await.text().await.unwrap()
}
pub async fn get_post(&self, post_id: Uuid) -> reqwest::Response {
pub async fn get_post(&self, post_id: &Uuid) -> reqwest::Response {
self.api_client
.get(format!("{}/posts/{}", &self.address, post_id))
.send()
@@ -309,7 +321,7 @@ impl TestApp {
.expect("Failed to execute request")
}
pub async fn get_post_html(&self, post_id: Uuid) -> String {
pub async fn get_post_html(&self, post_id: &Uuid) -> String {
self.get_post(post_id).await.text().await.unwrap()
}
@@ -328,7 +340,7 @@ impl TestApp {
Body: serde::Serialize,
{
self.api_client
.post(format!("{}/admin/newsletters", self.address))
.post(format!("{}/newsletters", self.address))
.form(body)
.send()
.await
@@ -357,7 +369,7 @@ impl TestApp {
pub async fn logout(&self) -> reqwest::Response {
self.api_client
.get(format!("{}/admin/logout", self.address))
.get(format!("{}/logout", self.address))
.send()
.await
.expect("Failed to execute request")
@@ -368,19 +380,43 @@ impl TestApp {
Body: serde::Serialize,
{
self.api_client
.post(format!("{}/admin/password", self.address))
.post(format!("{}/password", self.address))
.form(body)
.send()
.await
.expect("Failed to execute request")
}
pub async fn edit_profile<Body>(&self, body: &Body) -> reqwest::Response
where
Body: serde::Serialize,
{
self.api_client
.put(format!("{}/users/edit", self.address))
.form(body)
.send()
.await
.expect("Failed to execute request")
}
pub async fn get_profile(&self, username: &str) -> reqwest::Response {
self.api_client
.get(format!("{}/users/{}", self.address, username))
.send()
.await
.expect("Failed to execute request")
}
pub async fn get_profile_html(&self, username: &str) -> String {
self.get_profile(username).await.text().await.unwrap()
}
pub async fn post_create_post<Body>(&self, body: &Body) -> reqwest::Response
where
Body: serde::Serialize,
{
self.api_client
.post(format!("{}/admin/posts", self.address))
.post(format!("{}/posts", self.address))
.form(body)
.send()
.await
@@ -426,6 +462,14 @@ impl TestApp {
.await
.expect("Failed to execute request")
}
pub async fn get_user_id(&self, username: &str) -> Uuid {
let record = sqlx::query!("SELECT user_id FROM users WHERE username = $1", username)
.fetch_one(&self.connection_pool)
.await
.unwrap();
record.user_id
}
}
pub fn assert_is_redirect_to(response: &reqwest::Response, location: &str) {

2
tests/api/login.rs
View File

@@ -28,7 +28,7 @@ async fn login_redirects_to_admin_dashboard_after_login_success(connection_pool:
});
let response = app.post_login(&login_body).await;
assert_is_redirect_to(&response, "/admin/dashboard");
assert_is_redirect_to(&response, "/dashboard");
let html_page = app.get_admin_dashboard_html().await;
assert!(html_page.contains("Connected as"));

112
tests/api/posts.rs
View File

@@ -144,7 +144,7 @@ async fn new_posts_are_visible_on_the_website(connection_pool: PgPool) {
.fetch_one(&app.connection_pool)
.await
.unwrap();
let html = app.get_post_html(post.post_id).await;
let html = app.get_post_html(&post.post_id).await;
assert!(html.contains(&title));
}
@@ -171,7 +171,7 @@ async fn visitor_can_read_a_blog_post(connection_pool: PgPool) {
.fetch_one(&app.connection_pool)
.await
.unwrap();
let html = app.get_post_html(post.post_id).await;
let html = app.get_post_html(&post.post_id).await;
assert!(html.contains(&title));
}
@@ -197,7 +197,7 @@ async fn a_deleted_blog_post_returns_404(connection_pool: PgPool) {
app.delete_post(post.post_id).await;
let html = app.get_post_html(post.post_id).await;
let html = app.get_post_html(&post.post_id).await;
assert!(html.contains("Not Found"));
}
@@ -234,3 +234,109 @@ async fn clicking_the_notification_link_marks_the_email_as_opened(connection_poo
.opened
);
}
#[sqlx::test]
async fn only_post_author_can_access_the_edit_form(connection_pool: PgPool) {
let app = TestApp::spawn(connection_pool).await;
app.admin_login().await;
let username = "alphonse";
let password = "123456789abc";
app.create_user(username, password, false).await;
let login_body = serde_json::json!({
"username": username,
"password": password
});
app.post_login(&login_body).await;
app.post_create_post(&fake_post_body()).await;
let post_id = sqlx::query!("SELECT post_id FROM posts")
.fetch_one(&app.connection_pool)
.await
.unwrap()
.post_id;
let html = app.get_post_html(&post_id).await;
assert!(html.contains("Edit"));
app.logout().await;
app.admin_login().await;
let html = app.get_post_html(&post_id).await;
assert!(!html.contains("Edit"));
}
#[sqlx::test]
async fn only_post_author_can_edit_post(connection_pool: PgPool) {
let app = TestApp::spawn(connection_pool).await;
app.admin_login().await;
let username = "alphonse";
let password = "123456789abc";
app.create_user(username, password, false).await;
let login_body = serde_json::json!({
"username": username,
"password": password
});
app.post_login(&login_body).await;
app.post_create_post(&fake_post_body()).await;
let post_id = sqlx::query!("SELECT post_id FROM posts")
.fetch_one(&app.connection_pool)
.await
.unwrap()
.post_id;
let new_title = "Stunning new title";
let new_content = "Astonishing content";
let edit_body = serde_json::json!({
"title": new_title,
"content": new_content,
});
let response = app.edit_post(&edit_body, &post_id).await;
let text = response.text().await.unwrap();
assert!(text.contains("Your changes have been saved"));
let text = app.get_post_html(&post_id).await;
assert!(text.contains(new_title));
assert!(text.contains(new_content));
app.logout().await;
app.admin_login().await;
let response = app.edit_post(&edit_body, &post_id).await;
let text = response.text().await.unwrap();
assert!(text.contains("You are not authorized."));
}
#[sqlx::test]
async fn invalid_fields_are_rejected(connection_pool: PgPool) {
let app = TestApp::spawn(connection_pool).await;
app.admin_login().await;
app.post_create_post(&fake_post_body()).await;
let post_id = sqlx::query!("SELECT post_id FROM posts")
.fetch_one(&app.connection_pool)
.await
.unwrap()
.post_id;
let test_cases = [
(
serde_json::json!({
"title": "",
"content": "content"
}),
"Title must be at least one character",
"title was empty",
),
(
serde_json::json!({
"title": "Title",
"content": ""
}),
"Content must be at least one character",
"content was empty",
),
];
for (invalid_body, expected_error_message, explaination) in test_cases {
let response = app.edit_post(&invalid_body, &post_id).await;
let text = response.text().await.unwrap();
assert!(
text.contains(expected_error_message),
"The API did not reject the changes when the {}",
explaination
);
}
}

181
tests/api/users.rs
View File

@@ -344,3 +344,184 @@ async fn writers_cannot_perform_admin_functions(connection_pool: PgPool) {
.unwrap();
assert!(record.is_none());
}
#[sqlx::test]
async fn user_can_change_his_display_name(connection_pool: PgPool) {
let app = TestApp::spawn(connection_pool).await;
app.admin_login().await;
let username = "alphonse";
let password = "123456789abc";
app.create_user(username, password, false).await;
let user_id = app.get_user_id(username).await;
let login_body = serde_json::json!({
"username": username,
"password": password
});
app.post_login(&login_body).await;
let full_name = "Alphonse Paix";
let edit_body = serde_json::json!( {
"user_id": user_id,
"username": username,
"full_name": full_name,
"bio": "",
});
let html = app.get_profile_html(username).await;
assert!(!html.contains(full_name));
let response = app.edit_profile(&edit_body).await;
assert!(dbg!(response.text().await.unwrap()).contains("Your profile has been updated"));
let html = app.get_profile_html(username).await;
assert!(html.contains(full_name));
}
#[sqlx::test]
async fn user_can_change_his_bio(connection_pool: PgPool) {
let app = TestApp::spawn(connection_pool).await;
app.admin_login().await;
let username = "alphonse";
let password = "123456789abc";
app.create_user(username, password, false).await;
let user_id = app.get_user_id(username).await;
let login_body = serde_json::json!({
"username": username,
"password": password
});
app.post_login(&login_body).await;
let bio = "This is me";
let edit_body = serde_json::json!( {
"user_id": user_id,
"username": username,
"full_name": "",
"bio": bio,
});
let html = app.get_profile_html(username).await;
assert!(!html.contains(bio));
let response = app.edit_profile(&edit_body).await;
assert!(dbg!(response.text().await.unwrap()).contains("Your profile has been updated"));
let html = app.get_profile_html(username).await;
assert!(html.contains(bio));
}
#[sqlx::test]
async fn user_can_change_his_username(connection_pool: PgPool) {
let app = TestApp::spawn(connection_pool).await;
app.admin_login().await;
let username = "alphonse";
let password = "123456789abc";
app.create_user(username, password, false).await;
let user_id = app.get_user_id(username).await;
let login_body = serde_json::json!({
"username": username,
"password": password
});
app.post_login(&login_body).await;
let new_username = "alphonsepaix";
let edit_body = serde_json::json!( {
"user_id": user_id,
"username": new_username,
"full_name": "",
"bio": "",
});
let html = app.get_profile_html(username).await;
assert!(html.contains(username));
let response = app.edit_profile(&edit_body).await;
assert!(dbg!(response.text().await.unwrap()).contains("Your profile has been updated"));
let html = app.get_profile_html(username).await;
assert!(html.contains("404"));
let html = app.get_profile_html(new_username).await;
assert!(html.contains(new_username));
}
#[sqlx::test]
async fn user_cannot_change_other_profiles(connection_pool: PgPool) {
let app = TestApp::spawn(connection_pool).await;
app.admin_login().await;
let username = "alphonse";
let password = "123456789abc";
app.create_user(username, password, false).await;
let other_user_id = app.get_user_id("admin").await;
let login_body = serde_json::json!({
"username": username,
"password": password
});
app.post_login(&login_body).await;
let new_username = "alphonsepaix";
let edit_body = serde_json::json!( {
"user_id": other_user_id,
"username": new_username,
"full_name": "",
"bio": "",
});
let response = app.edit_profile(&edit_body).await;
assert!(
response
.text()
.await
.unwrap()
.contains("You are not authorized")
);
}
#[sqlx::test]
async fn user_cannot_take_an_existing_username(connection_pool: PgPool) {
let app = TestApp::spawn(connection_pool).await;
app.admin_login().await;
let username = "alphonse";
let password = "123456789abc";
app.create_user(username, password, false).await;
let user_id = app.get_user_id(username).await;
let login_body = serde_json::json!({
"username": username,
"password": password
});
app.post_login(&login_body).await;
let edit_body = serde_json::json!( {
"user_id": user_id,
"username": "admin",
"full_name": "",
"bio": "",
});
let response = app.edit_profile(&edit_body).await;
assert!(
response
.text()
.await
.unwrap()
.contains("This username is already taken")
);
let html = app.get_profile_html(username).await;
assert!(html.contains(username));
}
#[sqlx::test]
async fn invalid_fields_are_rejected(connection_pool: PgPool) {
let app = TestApp::spawn(connection_pool).await;
app.admin_login().await;
let username = "alphonse";
let password = "123456789abc";
app.create_user(username, password, false).await;
let user_id = app.get_user_id(username).await;
let login_body = serde_json::json!({
"username": username,
"password": password
});
app.post_login(&login_body).await;
let test_cases = [(
serde_json::json!({
"user_id": user_id,
"username": "ab",
"full_name": "",
"bio": "",
}),
"Username must be at least 3 characters",
"the username was too short",
)];
for (invalid_body, expected_error_message, explaination) in test_cases {
let html = app.edit_profile(&invalid_body).await;
assert!(
html.text().await.unwrap().contains(expected_error_message),
"The API did not reject the changes when {}",
explaination
);
}
}