cacert-boardvoting/boardvoting.go

574 lines
12 KiB
Go
Raw Normal View History

2017-04-15 17:23:40 +00:00
package main
import (
"crypto/tls"
"crypto/x509"
"database/sql"
2017-04-15 17:23:40 +00:00
"fmt"
"github.com/Masterminds/sprig"
"github.com/jmoiron/sqlx"
2017-04-15 17:23:40 +00:00
_ "github.com/mattn/go-sqlite3"
"gopkg.in/yaml.v2"
"html/template"
"io/ioutil"
"log"
"net/http"
"os"
"strconv"
"strings"
"time"
2017-04-15 17:23:40 +00:00
)
const (
sqlGetDecisions = `
2017-04-15 17:23:40 +00:00
SELECT decisions.id, decisions.tag, decisions.proponent,
voters.name AS proposer, decisions.proposed, decisions.title,
decisions.content, decisions.votetype, decisions.status, decisions.due,
decisions.modified
FROM decisions
JOIN voters ON decisions.proponent=voters.id
ORDER BY proposed DESC
LIMIT 10 OFFSET 10 * $1`
sqlGetDecision = `
2017-04-15 17:23:40 +00:00
SELECT decisions.id, decisions.tag, decisions.proponent,
voters.name AS proposer, decisions.proposed, decisions.title,
decisions.content, decisions.votetype, decisions.status, decisions.due,
decisions.modified
FROM decisions
JOIN voters ON decisions.proponent=voters.id
WHERE decisions.tag=$1;`
sqlGetVoter = `
2017-04-15 17:23:40 +00:00
SELECT voters.id, voters.name
FROM voters
JOIN emails ON voters.id=emails.voter
WHERE emails.address=$1 AND voters.enabled=1`
sqlVoteCount = `
2017-04-15 17:23:40 +00:00
SELECT vote, COUNT(vote)
FROM votes
WHERE decision=$1 GROUP BY vote`
sqlCountNewerOlderThanMotion = `
SELECT "newer" AS label, COUNT(*) AS value FROM decisions WHERE proposed > $1
UNION
SELECT "older", COUNT(*) FROM decisions WHERE proposed < $2`
2017-04-15 17:23:40 +00:00
)
var db *sqlx.DB
var logger *log.Logger
const (
voteAye = 1
voteNaye = -1
2017-04-15 17:23:40 +00:00
voteAbstain = 0
)
const (
voteTypeMotion = 0
voteTypeVeto = 1
2017-04-15 17:23:40 +00:00
)
type VoteType int
func (v VoteType) String() string {
switch v {
case voteTypeMotion:
return "motion"
case voteTypeVeto:
return "veto"
default:
return "unknown"
2017-04-15 17:23:40 +00:00
}
}
func (v VoteType) QuorumAndMajority() (int, int) {
switch v {
case voteTypeMotion:
return 3, 50
default:
return 1, 99
2017-04-15 17:23:40 +00:00
}
}
type VoteSums struct {
Ayes int
Nayes int
Abstains int
}
func (v *VoteSums) voteCount() int {
return v.Ayes + v.Nayes + v.Abstains
}
type VoteStatus int
func (v VoteStatus) String() string {
switch v {
case -1:
return "declined"
case 0:
return "pending"
case 1:
return "approved"
case -2:
return "withdrawn"
default:
return "unknown"
2017-04-15 17:23:40 +00:00
}
}
type VoteKind int
func (v VoteKind) String() string {
switch v {
case voteAye:
return "Aye"
case voteNaye:
return "Naye"
case voteAbstain:
return "Abstain"
default:
return "unknown"
2017-04-15 17:23:40 +00:00
}
}
type Vote struct {
Name string
Vote VoteKind
}
type Decision struct {
Id int
Tag string
Proponent int
Proposer string
Proposed time.Time
Title string
Content string
Majority int
Quorum int
VoteType VoteType
Status VoteStatus
Due time.Time
Modified time.Time
VoteSums
Votes []Vote
2017-04-15 17:23:40 +00:00
}
func (d *Decision) parseVote(vote int, count int) {
switch vote {
case voteAye:
d.Ayes = count
case voteAbstain:
d.Abstains = count
case voteNaye:
d.Nayes = count
}
}
type Voter struct {
Id int
Name string
}
func withDrawMotion(tag string, voter *Voter, config *Config) {
2017-04-15 17:23:40 +00:00
err := db.Ping()
if err != nil {
logger.Fatal(err)
}
decision_stmt, err := db.Preparex(sqlGetDecision)
2017-04-15 17:23:40 +00:00
if err != nil {
logger.Fatal(err)
}
defer decision_stmt.Close()
var d Decision
err = decision_stmt.Get(&d, tag)
2017-04-15 17:23:40 +00:00
if err == nil {
logger.Println(d)
}
type MailContext struct {
Decision
Name string
Sender string
Recipient string
}
context := MailContext{d, voter.Name, config.NoticeSenderAddress, config.BoardMailAddress}
// TODO: implement
// fill withdraw_mail.txt
t, err := template.New("withdraw_mail.txt").Funcs(sprig.FuncMap()).ParseFiles("templates/withdraw_mail.txt")
if err != nil {
logger.Fatal(err)
}
t.Execute(os.Stdout, context)
}
func authenticateVoter(emailAddress string) *Voter {
if err := db.Ping(); err != nil {
logger.Fatal(err)
}
auth_stmt, err := db.Preparex(sqlGetVoter)
if err != nil {
logger.Println("Problem getting voter", err)
return nil
}
defer auth_stmt.Close()
var voter = &Voter{}
if err = auth_stmt.Get(voter, emailAddress); err != nil {
2017-04-15 17:23:40 +00:00
if err != sql.ErrNoRows {
logger.Println("Problem getting voter", err)
2017-04-15 17:23:40 +00:00
}
return nil
2017-04-15 17:23:40 +00:00
}
return voter
2017-04-15 17:23:40 +00:00
}
func redirectToMotionsHandler(w http.ResponseWriter, _ *http.Request) {
w.Header().Set("Location", "/motions/")
2017-04-15 17:23:40 +00:00
w.WriteHeader(http.StatusMovedPermanently)
}
func renderTemplate(w http.ResponseWriter, tmpl string, context interface{}) {
t, err := template.New(fmt.Sprintf("%s.html", tmpl)).Funcs(sprig.FuncMap()).ParseFiles(fmt.Sprintf("templates/%s.html", tmpl))
2017-04-15 17:23:40 +00:00
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
}
if err := t.Execute(w, context); err != nil {
2017-04-15 17:23:40 +00:00
http.Error(w, err.Error(), http.StatusInternalServerError)
}
}
func authenticateRequest(w http.ResponseWriter, r *http.Request, authRequired bool, handler func(http.ResponseWriter, *http.Request, *Voter)) {
for _, cert := range r.TLS.PeerCertificates {
2017-04-15 17:23:40 +00:00
for _, extKeyUsage := range cert.ExtKeyUsage {
if extKeyUsage == x509.ExtKeyUsageClientAuth {
for _, emailAddress := range cert.EmailAddresses {
if voter := authenticateVoter(emailAddress); voter != nil {
handler(w, r, voter)
return
}
}
2017-04-15 17:23:40 +00:00
}
}
}
if authRequired {
2017-04-15 17:23:40 +00:00
w.WriteHeader(http.StatusForbidden)
renderTemplate(w, "denied", nil)
return
}
handler(w, r, nil)
2017-04-15 17:23:40 +00:00
}
type motionParameters struct {
ShowVotes bool
}
type motionListParameters struct {
Page int64
Flags struct {
Confirmed, Withdraw, Unvoted bool
2017-04-15 17:23:40 +00:00
}
}
2017-04-15 17:23:40 +00:00
func parseMotionParameters(r *http.Request) motionParameters {
var m = motionParameters{}
m.ShowVotes, _ = strconv.ParseBool(r.URL.Query().Get("showvotes"))
logger.Printf("parsed parameters: %+v\n", m)
return m
}
2017-04-15 17:23:40 +00:00
func parseMotionListParameters(r *http.Request) motionListParameters {
var m = motionListParameters{}
if page, err := strconv.ParseInt(r.URL.Query().Get("page"), 10, 0); err != nil {
m.Page = 1
} else {
m.Page = page
}
m.Flags.Withdraw, _ = strconv.ParseBool(r.URL.Query().Get("withdraw"))
m.Flags.Unvoted, _ = strconv.ParseBool(r.URL.Query().Get("unvoted"))
if r.Method == http.MethodPost {
m.Flags.Confirmed, _ = strconv.ParseBool(r.PostFormValue("confirm"))
}
logger.Printf("parsed parameters: %+v\n", m)
return m
}
func motionListHandler(w http.ResponseWriter, r *http.Request, voter *Voter) {
params := parseMotionListParameters(r)
votes_stmt, err := db.Preparex(sqlVoteCount)
2017-04-15 17:23:40 +00:00
if err != nil {
logger.Fatal(err)
}
defer votes_stmt.Close()
beforeAfterStmt, err := db.Preparex(sqlCountNewerOlderThanMotion)
2017-04-15 17:23:40 +00:00
if err != nil {
logger.Fatal(err)
}
defer beforeAfterStmt.Close()
2017-04-15 17:23:40 +00:00
var context struct {
Decisions []Decision
Voter *Voter
Params *motionListParameters
PrevPage, NextPage int64
2017-04-15 17:23:40 +00:00
}
context.Voter = voter
context.Params = &params
2017-04-15 17:23:40 +00:00
motion_stmt, err := db.Preparex(sqlGetDecisions)
if err != nil {
logger.Fatal(err)
}
defer motion_stmt.Close()
rows, err := motion_stmt.Queryx(params.Page - 1)
if err != nil {
logger.Fatal(err)
}
2017-04-15 17:23:40 +00:00
for rows.Next() {
var d Decision
err := rows.StructScan(&d)
if err != nil {
rows.Close()
2017-04-15 17:23:40 +00:00
logger.Fatal(err)
}
voteRows, err := votes_stmt.Queryx(d.Id)
if err != nil {
rows.Close()
2017-04-15 17:23:40 +00:00
logger.Fatal(err)
}
for voteRows.Next() {
var vote int
var count int
if err := voteRows.Scan(&vote, &count); err != nil {
2017-04-15 17:23:40 +00:00
voteRows.Close()
logger.Fatalf("Error fetching counts for motion %s: %s", d.Tag, err)
2017-04-15 17:23:40 +00:00
}
d.parseVote(vote, count)
}
context.Decisions = append(context.Decisions, d)
2017-04-15 17:23:40 +00:00
voteRows.Close()
}
rows.Close()
rows, err = beforeAfterStmt.Queryx(
context.Decisions[0].Proposed,
context.Decisions[len(context.Decisions)-1].Proposed)
if err != nil {
logger.Fatal(err)
}
defer rows.Close()
for rows.Next() {
var key string
var value int
if err := rows.Scan(&key, &value); err != nil {
rows.Close()
logger.Fatal(err)
}
if key == "older" && value > 0 {
context.NextPage = params.Page + 1
}
}
if params.Page > 1 {
context.PrevPage = params.Page - 1
}
2017-04-15 17:23:40 +00:00
renderTemplate(w, "motions", context)
}
func motionHandler(w http.ResponseWriter, r *http.Request, voter *Voter, decision *Decision) {
params := parseMotionParameters(r)
var context struct {
Decisions []Decision
Voter *Voter
Params *motionParameters
PrevPage, NextPage int64
}
context.Voter = voter
context.Params = &params
context.Decisions = append(context.Decisions, *decision)
renderTemplate(w, "motions", context)
}
func singleDecisionHandler(w http.ResponseWriter, r *http.Request, v *Voter, tag string, handler func(http.ResponseWriter, *http.Request, *Voter, *Decision)) {
votes_stmt, err := db.Preparex(sqlVoteCount)
if err != nil {
logger.Fatal(err)
}
defer votes_stmt.Close()
motion_stmt, err := db.Preparex(sqlGetDecision)
if err != nil {
logger.Fatal(err)
}
defer motion_stmt.Close()
var d *Decision = &Decision{}
err = motion_stmt.Get(d, tag)
if err != nil {
logger.Fatal(err)
}
voteRows, err := votes_stmt.Queryx(d.Id)
if err != nil {
logger.Fatal(err)
}
for voteRows.Next() {
var vote, count int
err = voteRows.Scan(&vote, &count)
if err != nil {
voteRows.Close()
logger.Fatal(err)
}
d.parseVote(vote, count)
}
voteRows.Close()
handler(w, r, v, d)
}
func motionsHandler(w http.ResponseWriter, r *http.Request) {
if err := db.Ping(); err != nil {
logger.Fatal(err)
}
subURL := r.URL.Path[len("/motions/"):]
switch {
case subURL == "":
authenticateRequest(w, r, false, motionListHandler)
return
case strings.Count(subURL, "/") == 1:
parts := strings.Split(subURL, "/")
logger.Printf("handle %v\n", parts)
fmt.Fprintf(w, "No handler for '%s'", subURL)
motionTag := parts[0]
action := parts[1]
logger.Printf("motion: %s, action: %s\n", motionTag, action)
return
case strings.Count(subURL, "/") == 0:
authenticateRequest(w, r, false, func(w http.ResponseWriter, r *http.Request, v *Voter) {
singleDecisionHandler(w, r, v, subURL, motionHandler)
})
return
default:
fmt.Fprintf(w, "No handler for '%s'", subURL)
return
}
2017-04-15 17:23:40 +00:00
}
func votersHandler(w http.ResponseWriter, _ *http.Request, voter *Voter) {
err := db.Ping()
if err != nil {
logger.Fatal(err)
}
fmt.Fprintln(w, "Hello", voter.Name)
sqlStmt := "SELECT name, reminder FROM voters WHERE enabled=1"
rows, err := db.Query(sqlStmt)
if err != nil {
logger.Fatal(err)
}
defer rows.Close()
fmt.Print("Enabled voters\n\n")
fmt.Printf("%-30s %-30s\n", "Name", "Reminder E-Mail address")
fmt.Printf("%s %s\n", strings.Repeat("-", 30), strings.Repeat("-", 30))
for rows.Next() {
var name string
var reminder string
err = rows.Scan(&name, &reminder)
if err != nil {
logger.Fatal(err)
}
fmt.Printf("%-30s %s\n", name, reminder)
}
err = rows.Err()
if err != nil {
logger.Fatal(err)
}
}
type Config struct {
BoardMailAddress string `yaml:"board_mail_address"`
NoticeSenderAddress string `yaml:"notice_sender_address"`
DatabaseFile string `yaml:"database_file"`
ClientCACertificates string `yaml:"client_ca_certificates"`
ServerCert string `yaml:"server_certificate"`
ServerKey string `yaml:"server_key"`
}
func main() {
logger = log.New(os.Stderr, "boardvoting: ", log.LstdFlags|log.LUTC|log.Lshortfile)
2017-04-15 17:23:40 +00:00
var filename = "config.yaml"
if len(os.Args) == 2 {
filename = os.Args[1]
}
var err error
var config Config
var source []byte
source, err = ioutil.ReadFile(filename)
if err != nil {
logger.Fatal(err)
}
err = yaml.Unmarshal(source, &config)
if err != nil {
logger.Fatal(err)
}
logger.Printf("read configuration %v", config)
db, err = sqlx.Open("sqlite3", config.DatabaseFile)
if err != nil {
logger.Fatal(err)
}
http.HandleFunc("/motions/", motionsHandler)
http.HandleFunc("/voters/", func(w http.ResponseWriter, r *http.Request) {
authenticateRequest(w, r, true, votersHandler)
2017-04-15 17:23:40 +00:00
})
http.Handle("/static/", http.FileServer(http.Dir(".")))
2017-04-15 17:23:40 +00:00
http.HandleFunc("/", redirectToMotionsHandler)
// load CA certificates for client authentication
caCert, err := ioutil.ReadFile(config.ClientCACertificates)
if err != nil {
logger.Fatal(err)
}
caCertPool := x509.NewCertPool()
if !caCertPool.AppendCertsFromPEM(caCert) {
logger.Fatal("could not initialize client CA certificate pool")
}
// setup HTTPS server
tlsConfig := &tls.Config{
ClientCAs: caCertPool,
ClientAuth: tls.RequireAndVerifyClientCert,
2017-04-15 17:23:40 +00:00
}
tlsConfig.BuildNameToCertificate()
server := &http.Server{
Addr: ":8443",
TLSConfig: tlsConfig,
2017-04-15 17:23:40 +00:00
}
err = server.ListenAndServeTLS(config.ServerCert, config.ServerKey)
if err != nil {
logger.Fatal("ListenAndServerTLS: ", err)
}
defer db.Close()
}