package main import ( api "code.dlmw.ch/dlmw/qv/internal" "code.dlmw.ch/dlmw/qv/internal/validator" "database/sql" "encoding/json" "errors" "fmt" "math/rand" "net/http" "slices" "time" ) type createElectionRequestWithValidator struct { api.CreateElectionRequest validator.Validator } func (r *createElectionRequestWithValidator) isValid() bool { r.CheckField(validator.NotBlank(r.Name), "name", "must not be blank") r.CheckField(validator.GreaterThan(r.Tokens, 0), "tokens", "must be greater than 0") r.CheckField(validator.After(r.ExpiresAt, time.Now()), "expiresAt", "must expire in a future date") r.CheckField(validator.GreaterThan(len(r.Choices), 1), "choices", "there must be more than 1 choice") r.CheckField(validator.UniqueValues(r.Choices), "choices", "must not contain duplicate values") for _, choice := range r.Choices { r.CheckField(validator.NotBlank(choice), "choice", "must not be blank") } if r.AreVotersKnown { r.CheckField( validator.GreaterThan(r.MaxVoters, 0), "maxVoters", "must be greater than 0 when voters are known", ) } else { r.CheckField( validator.GreaterThanOrEquals(r.MaxVoters, 0), "maxVoters", "must be a positive number", ) } return r.Valid() } func (app *application) createElection(w http.ResponseWriter, r *http.Request) { var request createElectionRequestWithValidator if err := app.unmarshalRequest(r, &request); err != nil { app.clientError(w, http.StatusBadRequest, err.Error()) return } if !request.isValid() { app.unprocessableEntityError(w, request.Validator) return } electionId, err := app.elections.Insert( request.Name, request.Tokens, request.AreVotersKnown, request.MaxVoters, request.Choices, request.ExpiresAt, ) if err != nil { app.serverError(w, r, err) return } var res []byte if request.AreVotersKnown { voterIdentities := make([]string, 0, request.MaxVoters) for i := 0; i < request.MaxVoters; i++ { randomIdentity := randomVoterIdentity() _, err := app.voters.Insert(randomIdentity, electionId) if err != nil { app.serverError(w, r, err) } voterIdentities = append(voterIdentities, randomIdentity) } res, err = json.Marshal(api.CreateElectionResponse{VoterIdentities: &voterIdentities}) if err != nil { app.serverError(w, r, err) return } } w.Header().Set("Location", fmt.Sprintf("/election/%v", electionId)) w.Write(res) } func randomVoterIdentity() string { const charset = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789" b := make([]byte, 16) for i := range b { b[i] = charset[rand.Intn(len(charset))] } return string(b) } type createVotesRequestWithValidator struct { api.CreateVotesRequest validator.Validator } func (r *createVotesRequestWithValidator) isValid() bool { r.CheckField(validator.GreaterThan(r.ElectionId, 0), "electionId", "must be greater than 0") for _, choice := range r.Choices { r.CheckField(validator.NotBlank(choice.ChoiceText), "choiceText", "must not be blank") } return r.Valid() } func (app *application) createVotes(w http.ResponseWriter, r *http.Request) { var request createVotesRequestWithValidator if err := app.unmarshalRequest(r, &request); err != nil { app.clientError(w, http.StatusBadRequest, err.Error()) return } if !request.isValid() { app.unprocessableEntityError(w, request.Validator) return } election, err := app.elections.GetById(request.ElectionId) if err != nil { if errors.Is(err, sql.ErrNoRows) { app.unprocessableEntityErrorSingle(w, fmt.Errorf("election with id %v doesn't exist", request.ElectionId)) return } app.serverError(w, r, err) } for _, c := range request.Choices { choiceExists := slices.Contains(election.Choices, c.ChoiceText) if !choiceExists { app.unprocessableEntityErrorSingle(w, fmt.Errorf("choice %v doesn't exist", c.ChoiceText)) return } } tokensUsed := 0 for _, c := range request.Choices { tokensUsed += c.Tokens } if tokensUsed > election.Tokens { app.unprocessableEntityErrorSingle(w, fmt.Errorf("you used too many tokens; must not exceed %v tokens", election.Tokens)) return } electionHasExpired := election.ExpiresAt.Before(time.Now()) if electionHasExpired { app.unprocessableEntityErrorSingle(w, fmt.Errorf("election has expired")) return } // this snippet of code also inserts in the `voters` table voterIdentity := func() string { var voterIdentity string if election.AreVotersKnown { if request.VoterIdentity == nil || validator.Blank(*request.VoterIdentity) { app.unprocessableEntityErrorSingle(w, fmt.Errorf("election has known voters; you must provide an identity provided by the organizer")) return "" } voterIdentity = *request.VoterIdentity hasCastVotes, err := app.votes.Exists(voterIdentity, election.ID) if err != nil { app.serverError(w, r, err) return "" } if hasCastVotes { app.unprocessableEntityErrorSingle(w, fmt.Errorf("you already voted")) return "" } voterExists, err := app.voters.Exists(voterIdentity, election.ID) if err != nil { app.serverError(w, r, err) return "" } if !voterExists { app.unprocessableEntityErrorSingle(w, fmt.Errorf("invalid voter identity")) return "" } } else { voterIdentity = r.RemoteAddr // if voters are known, voter will always exist voterExists, err := app.voters.Exists(voterIdentity, election.ID) if err != nil { app.serverError(w, r, err) return "" } if voterExists { app.unprocessableEntityErrorSingle(w, fmt.Errorf("you already voted")) return "" } _, err = app.voters.Insert(voterIdentity, election.ID) if err != nil { app.serverError(w, r, err) return "" } } return voterIdentity }() if voterIdentity == "" { return } if !election.AreVotersKnown { voterCount, err := app.voters.CountByElection(election.ID) if err != nil && !errors.Is(sql.ErrNoRows, err) { app.serverError(w, r, err) return } // if voters are known, voterCount == election.MaxVoters in all cases if voterCount == election.MaxVoters { app.unprocessableEntityErrorSingle(w, fmt.Errorf("maximum voters reached")) return } } for _, c := range request.Choices { _, err := app.votes.Insert(voterIdentity, election.ID, c.ChoiceText, c.Tokens) if err != nil { app.serverError(w, r, err) } } w.WriteHeader(http.StatusCreated) }