normalize urls, fix website creation

embed static files
remove hard tls requirement

.gitignore

@@ -21,3 +21,14 @@
 # Go workspace file
 go.work
 
+# sqlite3 databases
+*.db
+
+# air config
+.air.toml
+/tmp
+tls/
+test.db.old
+.gitignore
+.nvim/session
+*templ.txt

cmd/web/context.go

@@ -0,0 +1,6 @@
+package main
+
+type contextKey string
+
+const isAuthenticatedContextKey = contextKey("isAuthenticated")
+const userNameContextKey = contextKey("username")

cmd/web/handlers.go

@@ -0,0 +1,23 @@
+package main
+
+import (
+	"net/http"
+
+	"git.32bit.cafe/32bitcafe/guestbook/ui/views"
+)
+
+func (app *application) home(w http.ResponseWriter, r *http.Request) {
+	if app.isAuthenticated(r) {
+		http.Redirect(w, r, "/websites", http.StatusSeeOther)
+		return
+	}
+	views.Home("Home", app.newCommonData(r)).Render(r.Context(), w)
+}
+
+func (app *application) notImplemented(w http.ResponseWriter, r *http.Request) {
+	views.ComingSoon("Coming Soon", app.newCommonData(r)).Render(r.Context(), w)
+}
+
+func ping(w http.ResponseWriter, r *http.Request) {
+	w.Write([]byte("OK"))
+}

cmd/web/handlers_guestbook.go

@@ -0,0 +1,432 @@
+package main
+
+import (
+	"encoding/json"
+	"errors"
+	"fmt"
+	"net/http"
+	"strconv"
+	"time"
+
+	"git.32bit.cafe/32bitcafe/guestbook/internal/forms"
+	"git.32bit.cafe/32bitcafe/guestbook/internal/models"
+	"git.32bit.cafe/32bitcafe/guestbook/internal/validator"
+	"git.32bit.cafe/32bitcafe/guestbook/ui/views"
+)
+
+func (app *application) getGuestbook(w http.ResponseWriter, r *http.Request) {
+	slug := r.PathValue("id")
+	website, err := app.websites.Get(slugToShortId(slug))
+	if err != nil {
+		if errors.Is(err, models.ErrNoRecord) {
+			http.NotFound(w, r)
+		} else {
+			app.serverError(w, r, err)
+		}
+		return
+	}
+	if !website.Guestbook.Settings.IsVisible {
+		u := app.getCurrentUser(r)
+		if u == nil {
+			app.clientError(w, http.StatusForbidden)
+			return
+		}
+		if u.ID != website.UserId {
+			app.clientError(w, http.StatusForbidden)
+			return
+		}
+	}
+	comments, err := app.guestbookComments.GetAll(website.Guestbook.ID)
+	if err != nil {
+		app.serverError(w, r, err)
+		return
+	}
+	data := app.newCommonData(r)
+	views.GuestbookView("Guestbook", data, website, website.Guestbook, comments, forms.CommentCreateForm{}).Render(r.Context(), w)
+}
+
+func (app *application) getGuestbookSettings(w http.ResponseWriter, r *http.Request) {
+	slug := r.PathValue("id")
+	website, err := app.websites.Get(slugToShortId(slug))
+	if err != nil {
+		if errors.Is(err, models.ErrNoRecord) {
+			http.NotFound(w, r)
+		} else {
+			app.serverError(w, r, err)
+		}
+	}
+	data := app.newCommonData(r)
+	views.GuestbookSettingsView(data, website).Render(r.Context(), w)
+}
+
+func (app *application) putGuestbookSettings(w http.ResponseWriter, r *http.Request) {
+	slug := r.PathValue("id")
+	website, err := app.websites.Get(slugToShortId(slug))
+	if err != nil {
+		if errors.Is(err, models.ErrNoRecord) {
+			http.NotFound(w, r)
+		} else {
+			app.serverError(w, r, err)
+		}
+	}
+
+	var form forms.GuestbookSettingsForm
+	err = app.decodePostForm(r, &form)
+	if err != nil {
+		app.clientError(w, http.StatusBadRequest)
+		app.serverError(w, r, err)
+		return
+	}
+	form.CheckField(validator.PermittedValue(form.Visibility, "true", "false"), "gb_visible", "Invalid value")
+	form.CheckField(validator.PermittedValue(form.CommentingEnabled, models.ValidDisableDurations...), "gb_visible", "Invalid value")
+	form.CheckField(validator.PermittedValue(form.WidgetsEnabled, "true", "false"), "gb_remote", "Invalid value")
+	if !form.Valid() {
+		// TODO: rerender template with errors
+		app.clientError(w, http.StatusUnprocessableEntity)
+	}
+
+	c, err := strconv.ParseBool(form.CommentingEnabled)
+	if err != nil {
+		website.Guestbook.Settings.IsCommentingEnabled = false
+		website.Guestbook.Settings.ReenableCommenting, err = app.durationToTime(form.CommentingEnabled)
+		if err != nil {
+			app.serverError(w, r, err)
+		}
+	} else {
+		website.Guestbook.Settings.IsCommentingEnabled = c
+	}
+
+	// can skip error checking for these two since we verify valid values above
+	website.Guestbook.Settings.IsVisible, err = strconv.ParseBool(form.Visibility)
+	if err != nil {
+		app.serverError(w, r, err)
+	}
+	website.Guestbook.Settings.AllowRemoteHostAccess, err = strconv.ParseBool(form.WidgetsEnabled)
+	if err != nil {
+		app.serverError(w, r, err)
+	}
+	err = app.websites.UpdateGuestbookSettings(website.Guestbook.ID, website.Guestbook.Settings)
+	if err != nil {
+		app.serverError(w, r, err)
+		return
+	}
+	app.sessionManager.Put(r.Context(), "flash", "Settings changed successfully")
+	data := app.newCommonData(r)
+	w.Header().Add("HX-Refresh", "true")
+	views.GuestbookSettingsView(data, website).Render(r.Context(), w)
+
+}
+
+func (app *application) getGuestbookComments(w http.ResponseWriter, r *http.Request) {
+	slug := r.PathValue("id")
+	website, err := app.websites.Get(slugToShortId(slug))
+	if err != nil {
+		if errors.Is(err, models.ErrNoRecord) {
+			http.NotFound(w, r)
+		} else {
+			app.serverError(w, r, err)
+		}
+		return
+	}
+	comments, err := app.guestbookComments.GetAll(website.Guestbook.ID)
+	if err != nil {
+		app.serverError(w, r, err)
+		return
+	}
+	data := app.newCommonData(r)
+	views.GuestbookDashboardCommentsView("Comments", data, website, website.Guestbook, comments).Render(r.Context(), w)
+}
+
+func (app *application) getGuestbookCommentsSerialized(w http.ResponseWriter, r *http.Request) {
+	slug := r.PathValue("id")
+	website, err := app.websites.Get(slugToShortId(slug))
+	if err != nil {
+		if errors.Is(err, models.ErrNoRecord) {
+			http.NotFound(w, r)
+		} else {
+			app.serverError(w, r, err)
+		}
+		return
+	}
+	if !website.Guestbook.Settings.IsVisible || !website.Guestbook.Settings.AllowRemoteHostAccess {
+		app.clientError(w, http.StatusForbidden)
+	}
+	comments, err := app.guestbookComments.GetAllSerialized(website.Guestbook.ID)
+	if err != nil {
+		app.serverError(w, r, err)
+		return
+	}
+
+	b, err := json.Marshal(comments)
+	w.Write(b)
+}
+
+func (app *application) getGuestbookCommentCreate(w http.ResponseWriter, r *http.Request) {
+	// TODO: This will be the embeddable form
+	slug := r.PathValue("id")
+	website, err := app.websites.Get(slugToShortId(slug))
+	if err != nil {
+		if errors.Is(err, models.ErrNoRecord) {
+			http.NotFound(w, r)
+		} else {
+			app.serverError(w, r, err)
+		}
+		return
+	}
+	s := website.Guestbook.Settings
+	if !s.IsVisible || !s.AllowRemoteHostAccess || !website.Guestbook.CanComment() {
+		app.clientError(w, http.StatusForbidden)
+	}
+	data := app.newCommonData(r)
+	form := forms.CommentCreateForm{}
+	views.EmbeddableGuestbookCommentForm(data, website, form).Render(r.Context(), w)
+}
+
+func (app *application) postGuestbookCommentCreate(w http.ResponseWriter, r *http.Request) {
+	slug := r.PathValue("id")
+	headless, err := strconv.ParseBool(r.URL.Query().Get("headless"))
+	if err != nil {
+		headless = false
+	}
+	website, err := app.websites.Get(slugToShortId(slug))
+	if err != nil {
+		if errors.Is(err, models.ErrNoRecord) {
+			http.NotFound(w, r)
+		} else {
+			app.serverError(w, r, err)
+		}
+		return
+	}
+
+	if !website.Guestbook.CanComment() {
+		app.clientError(w, http.StatusForbidden)
+		return
+	}
+
+	var form forms.CommentCreateForm
+	err = app.decodePostForm(r, &form)
+	if err != nil {
+		app.clientError(w, http.StatusBadRequest)
+		return
+	}
+
+	form.CheckField(validator.NotBlank(form.AuthorName), "authorName", "This field cannot be blank")
+	form.CheckField(validator.MaxChars(form.AuthorName, 256), "authorName", "This field cannot be more than 256 characters long")
+	form.CheckField(validator.MaxChars(form.AuthorEmail, 256), "authorEmail", "This field cannot be more than 256 characters long")
+	form.CheckField(validator.MaxChars(form.AuthorSite, 256), "authorSite", "This field cannot be more than 256 characters long")
+	form.CheckField(validator.NotBlank(form.Content), "content", "This field cannot be blank")
+
+	if !form.Valid() {
+		data := app.newCommonData(r)
+		w.WriteHeader(http.StatusUnprocessableEntity)
+		if headless {
+			views.EmbeddableGuestbookCommentForm(data, website, form).Render(r.Context(), w)
+		}
+		// TODO: use htmx to avoid getting comments again
+		comments, err := app.guestbookComments.GetAll(website.Guestbook.ID)
+		if err != nil {
+			app.serverError(w, r, err)
+			return
+		}
+		views.GuestbookView("Guestbook", data, website, website.Guestbook, comments, form).Render(r.Context(), w)
+		return
+	}
+
+	shortId := app.createShortId()
+	_, err = app.guestbookComments.Insert(shortId, website.Guestbook.ID, 0, form.AuthorName, form.AuthorEmail, form.AuthorSite, form.Content, "", true)
+	if err != nil {
+		app.serverError(w, r, err)
+		return
+	}
+	app.sessionManager.Put(r.Context(), "flash", "Comment successfully posted!")
+	if headless {
+		http.Redirect(w, r, fmt.Sprintf("/websites/%s/guestbook/comments/create", slug), http.StatusSeeOther)
+	}
+	http.Redirect(w, r, fmt.Sprintf("/websites/%s/guestbook", slug), http.StatusSeeOther)
+}
+
+func (app *application) postGuestbookCommentCreateRemote(w http.ResponseWriter, r *http.Request) {
+	slug := r.PathValue("id")
+	website, err := app.websites.Get(slugToShortId(slug))
+	if err != nil {
+		if errors.Is(err, models.ErrNoRecord) {
+			http.NotFound(w, r)
+		} else {
+			app.serverError(w, r, err)
+		}
+		return
+	}
+
+	if !matchOrigin(r.Header.Get("Origin"), website.Url) {
+		app.clientError(w, http.StatusForbidden)
+		return
+	}
+	if !website.Guestbook.CanComment() {
+		app.clientError(w, http.StatusForbidden)
+		return
+	}
+
+	var form forms.CommentCreateForm
+	err = app.decodePostForm(r, &form)
+	if err != nil {
+		app.clientError(w, http.StatusBadRequest)
+		return
+	}
+
+	form.CheckField(validator.NotBlank(form.AuthorName), "authorName", "This field cannot be blank")
+	form.CheckField(validator.MaxChars(form.AuthorName, 256), "authorName", "This field cannot be more than 256 characters long")
+	form.CheckField(validator.MaxChars(form.AuthorEmail, 256), "authorEmail", "This field cannot be more than 256 characters long")
+	form.CheckField(validator.MaxChars(form.AuthorSite, 256), "authorSite", "This field cannot be more than 256 characters long")
+	form.CheckField(validator.NotBlank(form.Content), "content", "This field cannot be blank")
+
+	// if redirect path is filled out, redirect to that path on the website host
+	// otherwise redirect to the guestbook by default
+	redirectUrl := fmt.Sprintf("/websites/%s/guestbook", shortIdToSlug(website.ShortId))
+	if form.Redirect != "" {
+		u, err := website.Url.Parse(form.Redirect)
+		if err == nil {
+			redirectUrl = u.String()
+		}
+	}
+
+	if !form.Valid() {
+		views.GuestbookCommentCreateRemoteErrorView(redirectUrl, "Invalid Input").Render(r.Context(), w)
+		return
+	}
+
+	shortId := app.createShortId()
+	_, err = app.guestbookComments.Insert(shortId, website.Guestbook.ID, 0, form.AuthorName, form.AuthorEmail, form.AuthorSite, form.Content, "", true)
+	if err != nil {
+		app.serverError(w, r, err)
+		return
+	}
+	views.GuestbookCommentCreateRemoteSuccessView(redirectUrl).Render(r.Context(), w)
+}
+
+func (app *application) getCommentQueue(w http.ResponseWriter, r *http.Request) {
+	slug := r.PathValue("id")
+	website, err := app.websites.Get(slugToShortId(slug))
+	if err != nil {
+		if errors.Is(err, models.ErrNoRecord) {
+			http.NotFound(w, r)
+		} else {
+			app.serverError(w, r, err)
+		}
+		return
+	}
+
+	comments, err := app.guestbookComments.GetUnpublished(website.Guestbook.ID)
+	if err != nil {
+		if errors.Is(err, models.ErrNoRecord) {
+			http.NotFound(w, r)
+		} else {
+			app.serverError(w, r, err)
+		}
+		return
+	}
+
+	data := app.newCommonData(r)
+	views.GuestbookDashboardCommentsView("Message Queue", data, website, website.Guestbook, comments).Render(r.Context(), w)
+}
+
+func (app *application) getCommentTrash(w http.ResponseWriter, r *http.Request) {
+	slug := r.PathValue("id")
+	website, err := app.websites.Get(slugToShortId(slug))
+	if err != nil {
+		if errors.Is(err, models.ErrNoRecord) {
+			http.NotFound(w, r)
+		} else {
+			app.serverError(w, r, err)
+		}
+		return
+	}
+
+	comments, err := app.guestbookComments.GetDeleted(website.Guestbook.ID)
+	if err != nil {
+		if errors.Is(err, models.ErrNoRecord) {
+			http.NotFound(w, r)
+		} else {
+			app.serverError(w, r, err)
+		}
+		return
+	}
+
+	data := app.newCommonData(r)
+	views.GuestbookDashboardCommentsView("Trash", data, website, website.Guestbook, comments).Render(r.Context(), w)
+}
+
+func (app *application) putHideGuestbookComment(w http.ResponseWriter, r *http.Request) {
+	user := app.getCurrentUser(r)
+	wSlug := r.PathValue("id")
+	website, err := app.websites.Get(slugToShortId(wSlug))
+	if err != nil {
+		app.logger.Info("website 404")
+		if errors.Is(err, models.ErrNoRecord) {
+			http.NotFound(w, r)
+		} else {
+			app.serverError(w, r, err)
+		}
+		return
+	}
+	if user.ID != website.UserId {
+		app.clientError(w, http.StatusUnauthorized)
+	}
+	cSlug := r.PathValue("commentId")
+	comment, err := app.guestbookComments.Get(slugToShortId(cSlug))
+	if err != nil {
+		app.logger.Info("comment 404")
+		if errors.Is(err, models.ErrNoRecord) {
+			http.NotFound(w, r)
+		} else {
+			app.serverError(w, r, err)
+		}
+		return
+	}
+	comment.IsPublished = !comment.IsPublished
+	err = app.guestbookComments.UpdateComment(&comment)
+	if err != nil {
+		app.serverError(w, r, err)
+	}
+}
+
+func (app *application) deleteGuestbookComment(w http.ResponseWriter, r *http.Request) {
+	user := app.getCurrentUser(r)
+	wSlug := r.PathValue("id")
+	website, err := app.websites.Get(slugToShortId(wSlug))
+	if err != nil {
+		app.logger.Info("website 404")
+		if errors.Is(err, models.ErrNoRecord) {
+			http.NotFound(w, r)
+		} else {
+			app.serverError(w, r, err)
+		}
+		return
+	}
+	if user.ID != website.UserId {
+		app.clientError(w, http.StatusUnauthorized)
+	}
+	cSlug := r.PathValue("commentId")
+	comment, err := app.guestbookComments.Get(slugToShortId(cSlug))
+	if err != nil {
+		app.logger.Info("comment 404")
+		if errors.Is(err, models.ErrNoRecord) {
+			http.NotFound(w, r)
+		} else {
+			app.serverError(w, r, err)
+		}
+		return
+	}
+	comment.Deleted = time.Now().UTC()
+	err = app.guestbookComments.UpdateComment(&comment)
+	if err != nil {
+		app.serverError(w, r, err)
+	}
+}
+
+func (app *application) getAllGuestbooks(w http.ResponseWriter, r *http.Request) {
+	websites, err := app.websites.GetAll()
+	if err != nil {
+		app.serverError(w, r, err)
+	}
+	views.AllGuestbooksView(app.newCommonData(r), websites).Render(r.Context(), w)
+}

cmd/web/handlers_guestbook_test.go

@@ -0,0 +1,231 @@
+package main
+
+import (
+	"fmt"
+	"net/http"
+	"net/url"
+	"testing"
+
+	"git.32bit.cafe/32bitcafe/guestbook/internal/assert"
+)
+
+func TestPing(t *testing.T) {
+	app := newTestApplication(t)
+	ts := newTestServer(t, app.routes())
+	defer ts.Close()
+
+	code, _, body := ts.get(t, "/ping")
+
+	assert.Equal(t, code, http.StatusOK)
+	assert.Equal(t, body, "OK")
+}
+
+func TestGetGuestbookView(t *testing.T) {
+	app := newTestApplication(t)
+	ts := newTestServer(t, app.routes())
+	defer ts.Close()
+
+	tests := []struct {
+		name     string
+		urlPath  string
+		wantCode int
+		wantBody string
+	}{
+		{
+			name:     "Valid id",
+			urlPath:  fmt.Sprintf("/websites/%s/guestbook", shortIdToSlug(1)),
+			wantCode: http.StatusOK,
+			wantBody: "Guestbook for Example",
+		},
+		{
+			name:     "Non-existent ID",
+			urlPath:  fmt.Sprintf("/websites/%s/guestbook", shortIdToSlug(2)),
+			wantCode: http.StatusNotFound,
+		},
+		{
+			name:     "String ID",
+			urlPath:  "/websites/abcd/guestbook",
+			wantCode: http.StatusNotFound,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			code, _, body := ts.get(t, tt.urlPath)
+			assert.Equal(t, code, tt.wantCode)
+			if tt.wantBody != "" {
+				assert.StringContains(t, body, tt.wantBody)
+			}
+		})
+	}
+}
+
+func TestPostGuestbookCommentCreate(t *testing.T) {
+	app := newTestApplication(t)
+	ts := newTestServer(t, app.routes())
+	defer ts.Close()
+
+	_, _, body := ts.get(t, fmt.Sprintf("/websites/%s/guestbook", shortIdToSlug(1)))
+	validCSRFToken := extractCSRFToken(t, body)
+
+	const (
+		validAuthorName  = "John Test"
+		validAuthorEmail = "test@example.com"
+		validAuthorSite  = "example.com"
+		validContent     = "This is a comment"
+	)
+
+	tests := []struct {
+		name        string
+		authorName  string
+		authorEmail string
+		authorSite  string
+		content     string
+		csrfToken   string
+		wantCode    int
+	}{
+		{
+			name:        "Valid input",
+			authorName:  validAuthorName,
+			authorEmail: validAuthorEmail,
+			authorSite:  validAuthorSite,
+			content:     validContent,
+			csrfToken:   validCSRFToken,
+			wantCode:    http.StatusSeeOther,
+		},
+		{
+			name:        "Blank name",
+			authorName:  "",
+			authorEmail: validAuthorEmail,
+			authorSite:  validAuthorSite,
+			content:     validContent,
+			csrfToken:   validCSRFToken,
+			wantCode:    http.StatusUnprocessableEntity,
+		},
+		{
+			name:        "Blank email",
+			authorName:  validAuthorName,
+			authorEmail: "",
+			authorSite:  validAuthorSite,
+			content:     validContent,
+			csrfToken:   validCSRFToken,
+			wantCode:    http.StatusSeeOther,
+		},
+		{
+			name:        "Blank site",
+			authorName:  validAuthorName,
+			authorEmail: validAuthorEmail,
+			authorSite:  "",
+			content:     validContent,
+			csrfToken:   validCSRFToken,
+			wantCode:    http.StatusSeeOther,
+		},
+		{
+			name:        "Blank content",
+			authorName:  validAuthorName,
+			authorEmail: validAuthorEmail,
+			authorSite:  validAuthorSite,
+			content:     "",
+			csrfToken:   validCSRFToken,
+			wantCode:    http.StatusUnprocessableEntity,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			form := url.Values{}
+			form.Add("authorname", tt.authorName)
+			form.Add("authoremail", tt.authorEmail)
+			form.Add("authorsite", tt.authorSite)
+			form.Add("content", tt.content)
+			form.Add("csrf_token", tt.csrfToken)
+			code, _, body := ts.postForm(t, fmt.Sprintf("/websites/%s/guestbook/comments/create", shortIdToSlug(1)), form)
+			assert.Equal(t, code, tt.wantCode)
+			assert.Equal(t, body, body)
+		})
+	}
+}
+
+func TestPostGuestbookCommentCreateRemote(t *testing.T) {
+	app := newTestApplication(t)
+	ts := newTestServer(t, app.routes())
+	defer ts.Close()
+
+	_, _, body := ts.get(t, fmt.Sprintf("/websites/%s/guestbook", shortIdToSlug(1)))
+	validCSRFToken := extractCSRFToken(t, body)
+
+	const (
+		validAuthorName  = "John Test"
+		validAuthorEmail = "test@example.com"
+		validAuthorSite  = "example.com"
+		validContent     = "This is a comment"
+	)
+
+	tests := []struct {
+		name        string
+		authorName  string
+		authorEmail string
+		authorSite  string
+		content     string
+		csrfToken   string
+		wantCode    int
+	}{
+		{
+			name:        "Valid input",
+			authorName:  validAuthorName,
+			authorEmail: validAuthorEmail,
+			authorSite:  validAuthorSite,
+			content:     validContent,
+			csrfToken:   validCSRFToken,
+			wantCode:    http.StatusSeeOther,
+		},
+		{
+			name:        "Blank name",
+			authorName:  "",
+			authorEmail: validAuthorEmail,
+			authorSite:  validAuthorSite,
+			content:     validContent,
+			csrfToken:   validCSRFToken,
+			wantCode:    http.StatusUnprocessableEntity,
+		},
+		{
+			name:        "Blank email",
+			authorName:  validAuthorName,
+			authorEmail: "",
+			authorSite:  validAuthorSite,
+			content:     validContent,
+			csrfToken:   validCSRFToken,
+			wantCode:    http.StatusSeeOther,
+		},
+		{
+			name:        "Blank site",
+			authorName:  validAuthorName,
+			authorEmail: validAuthorEmail,
+			authorSite:  "",
+			content:     validContent,
+			csrfToken:   validCSRFToken,
+			wantCode:    http.StatusSeeOther,
+		},
+		{
+			name:        "Blank content",
+			authorName:  validAuthorName,
+			authorEmail: validAuthorEmail,
+			authorSite:  validAuthorSite,
+			content:     "",
+			csrfToken:   validCSRFToken,
+			wantCode:    http.StatusUnprocessableEntity,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			form := url.Values{}
+			form.Add("authorname", tt.authorName)
+			form.Add("authoremail", tt.authorEmail)
+			form.Add("authorsite", tt.authorSite)
+			form.Add("content", tt.content)
+			form.Add("csrf_token", tt.csrfToken)
+			code, _, body := ts.postForm(t, fmt.Sprintf("/websites/%s/guestbook/comments/create/remote", shortIdToSlug(1)), form)
+			assert.Equal(t, code, tt.wantCode)
+			assert.Equal(t, body, body)
+		})
+	}
+}

cmd/web/handlers_user.go

@@ -0,0 +1,169 @@
+package main
+
+import (
+	"errors"
+	"net/http"
+	"time"
+
+	"git.32bit.cafe/32bitcafe/guestbook/internal/forms"
+	"git.32bit.cafe/32bitcafe/guestbook/internal/models"
+	"git.32bit.cafe/32bitcafe/guestbook/internal/validator"
+	"git.32bit.cafe/32bitcafe/guestbook/ui/views"
+)
+
+func (app *application) getUserRegister(w http.ResponseWriter, r *http.Request) {
+	form := forms.UserRegistrationForm{}
+	data := app.newCommonData(r)
+	views.UserRegistration("User Registration", data, form).Render(r.Context(), w)
+}
+
+func (app *application) getUserLogin(w http.ResponseWriter, r *http.Request) {
+	views.UserLogin("Login", app.newCommonData(r), forms.UserLoginForm{}).Render(r.Context(), w)
+}
+
+func (app *application) postUserRegister(w http.ResponseWriter, r *http.Request) {
+	var form forms.UserRegistrationForm
+	err := app.decodePostForm(r, &form)
+	if err != nil {
+		app.clientError(w, http.StatusBadRequest)
+		return
+	}
+	form.CheckField(validator.NotBlank(form.Name), "name", "This field cannot be blank")
+	form.CheckField(validator.NotBlank(form.Email), "email", "This field cannot be blank")
+	form.CheckField(validator.Matches(form.Email, validator.EmailRX), "email", "This field must be a valid email address")
+	form.CheckField(validator.NotBlank(form.Password), "password", "This field cannot be blank")
+	form.CheckField(validator.MinChars(form.Password, 8), "password", "This field must be at least 8 characters long")
+	if !form.Valid() {
+		data := app.newCommonData(r)
+		w.WriteHeader(http.StatusUnprocessableEntity)
+		views.UserRegistration("User Registration", data, form).Render(r.Context(), w)
+		return
+	}
+	shortId := app.createShortId()
+	settings := DefaultUserSettings()
+	err = app.users.Insert(shortId, form.Name, form.Email, form.Password, settings)
+	if err != nil {
+		if errors.Is(err, models.ErrDuplicateEmail) {
+			form.AddFieldError("email", "Email address is already in use")
+			data := app.newCommonData(r)
+			w.WriteHeader(http.StatusUnprocessableEntity)
+			views.UserRegistration("User Registration", data, form).Render(r.Context(), w)
+		} else {
+			app.serverError(w, r, err)
+		}
+		return
+	}
+	app.sessionManager.Put(r.Context(), "flash", "Registration successful. Please log in.")
+	http.Redirect(w, r, "/users/login", http.StatusSeeOther)
+}
+
+func (app *application) postUserLogin(w http.ResponseWriter, r *http.Request) {
+	var form forms.UserLoginForm
+	err := app.decodePostForm(r, &form)
+	if err != nil {
+		app.clientError(w, http.StatusBadRequest)
+	}
+	form.CheckField(validator.NotBlank(form.Email), "email", "This field cannot be blank")
+	form.CheckField(validator.Matches(form.Email, validator.EmailRX), "email", "This field must be a valid email address")
+	form.CheckField(validator.NotBlank(form.Password), "password", "This field cannot be blank")
+	if !form.Valid() {
+		data := app.newCommonData(r)
+		w.WriteHeader(http.StatusUnprocessableEntity)
+		views.UserLogin("Login", data, form).Render(r.Context(), w)
+		return
+	}
+	id, err := app.users.Authenticate(form.Email, form.Password)
+	if err != nil {
+		if errors.Is(err, models.ErrInvalidCredentials) {
+			form.AddNonFieldError("Email or password is incorrect")
+			data := app.newCommonData(r)
+			views.UserLogin("Login", data, form).Render(r.Context(), w)
+		} else {
+			app.serverError(w, r, err)
+		}
+		return
+	}
+	err = app.sessionManager.RenewToken(r.Context())
+	if err != nil {
+		app.serverError(w, r, err)
+		return
+	}
+	app.sessionManager.Put(r.Context(), "authenticatedUserId", id)
+	http.Redirect(w, r, "/", http.StatusSeeOther)
+}
+
+func (app *application) postUserLogout(w http.ResponseWriter, r *http.Request) {
+	err := app.sessionManager.RenewToken(r.Context())
+	if err != nil {
+		app.serverError(w, r, err)
+		return
+	}
+	app.sessionManager.Remove(r.Context(), "authenticatedUserId")
+	app.sessionManager.Put(r.Context(), "flash", "You've been logged out successfully!")
+	w.Header().Add("HX-Redirect", "/")
+	// http.Redirect(w, r, "/", http.StatusSeeOther)
+}
+
+// func (app *application) getUsersList(w http.ResponseWriter, r *http.Request) {
+//     // skip templ conversion for this view, which will not be available in the final app
+//     // something similar will be available in the admin panel
+//     users, err := app.users.GetAll()
+//     if err != nil {
+//         app.serverError(w, r, err)
+//         return
+//     }
+//     data := app.newTemplateData(r)
+//     data.Users = users
+//     app.render(w, r, http.StatusOK, "userlist.view.tmpl.html", data)
+// }
+
+func (app *application) getUser(w http.ResponseWriter, r *http.Request) {
+	slug := r.PathValue("id")
+	user, err := app.users.Get(slugToShortId(slug))
+	if err != nil {
+		if errors.Is(err, models.ErrNoRecord) {
+			http.NotFound(w, r)
+		} else {
+			app.serverError(w, r, err)
+		}
+		return
+	}
+	data := app.newCommonData(r)
+	views.UserProfile(user.Username, data, user).Render(r.Context(), w)
+}
+
+func (app *application) getUserSettings(w http.ResponseWriter, r *http.Request) {
+	data := app.newCommonData(r)
+	views.UserSettingsView(data, app.timezones).Render(r.Context(), w)
+}
+
+func (app *application) putUserSettings(w http.ResponseWriter, r *http.Request) {
+	user := app.getCurrentUser(r)
+	var form forms.UserSettingsForm
+	err := app.decodePostForm(r, &form)
+	if err != nil {
+		app.clientError(w, http.StatusBadRequest)
+		app.serverError(w, r, err)
+		return
+	}
+	form.CheckField(validator.PermittedValue(form.LocalTimezone, app.timezones...), "timezone", "Invalid value")
+	if !form.Valid() {
+		// TODO: rerender template with errors
+		app.clientError(w, http.StatusUnprocessableEntity)
+	}
+	user.Settings.LocalTimezone, err = time.LoadLocation(form.LocalTimezone)
+	if err != nil {
+		app.serverError(w, r, err)
+		return
+	}
+	err = app.users.UpdateUserSettings(user.ID, user.Settings)
+	if err != nil {
+		app.serverError(w, r, err)
+		return
+	}
+	app.sessionManager.Put(r.Context(), "flash", "Settings changed successfully")
+	data := app.newCommonData(r)
+	w.Header().Add("HX-Refresh", "true")
+	views.UserSettingsView(data, app.timezones).Render(r.Context(), w)
+
+}

cmd/web/handlers_user_test.go

@@ -0,0 +1,121 @@
+package main
+
+import (
+	"net/http"
+	"net/url"
+	"testing"
+
+	"git.32bit.cafe/32bitcafe/guestbook/internal/assert"
+)
+
+func TestUserSignup(t *testing.T) {
+	app := newTestApplication(t)
+	ts := newTestServer(t, app.routes())
+	defer ts.Close()
+
+	_, _, body := ts.get(t, "/users/register")
+	validCSRFToken := extractCSRFToken(t, body)
+
+	const (
+		validName     = "John"
+		validPassword = "validPassword"
+		validEmail    = "john@example.com"
+		formTag       = `<form action="/users/register" method="post">`
+	)
+
+	tests := []struct {
+		name         string
+		userName     string
+		userEmail    string
+		userPassword string
+		csrfToken    string
+		wantCode     int
+		wantFormTag  string
+	}{
+		{
+			name:         "Valid submission",
+			userName:     validName,
+			userEmail:    validEmail,
+			userPassword: validPassword,
+			csrfToken:    validCSRFToken,
+			wantCode:     http.StatusSeeOther,
+		},
+		{
+			name:         "Missing token",
+			userName:     validName,
+			userEmail:    validEmail,
+			userPassword: validPassword,
+			wantCode:     http.StatusBadRequest,
+		},
+		{
+			name:         "Empty name",
+			userName:     "",
+			userEmail:    validEmail,
+			userPassword: validPassword,
+			csrfToken:    validCSRFToken,
+			wantCode:     http.StatusUnprocessableEntity,
+			wantFormTag:  formTag,
+		},
+		{
+			name:         "Empty email",
+			userName:     validName,
+			userEmail:    "",
+			userPassword: validPassword,
+			csrfToken:    validCSRFToken,
+			wantCode:     http.StatusUnprocessableEntity,
+			wantFormTag:  formTag,
+		},
+		{
+			name:         "Empty password",
+			userName:     validName,
+			userEmail:    validEmail,
+			userPassword: "",
+			csrfToken:    validCSRFToken,
+			wantCode:     http.StatusUnprocessableEntity,
+			wantFormTag:  formTag,
+		},
+		{
+			name:         "Invalid email",
+			userName:     validName,
+			userEmail:    "asdfasdf",
+			userPassword: validPassword,
+			csrfToken:    validCSRFToken,
+			wantCode:     http.StatusUnprocessableEntity,
+			wantFormTag:  formTag,
+		},
+		{
+			name:         "Invalid password",
+			userName:     validName,
+			userEmail:    validEmail,
+			userPassword: "asdfasd",
+			csrfToken:    validCSRFToken,
+			wantCode:     http.StatusUnprocessableEntity,
+			wantFormTag:  formTag,
+		},
+		{
+			name:         "Duplicate email",
+			userName:     validName,
+			userEmail:    "dupe@example.com",
+			userPassword: validPassword,
+			csrfToken:    validCSRFToken,
+			wantCode:     http.StatusUnprocessableEntity,
+			wantFormTag:  formTag,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(*testing.T) {
+			form := url.Values{}
+			form.Add("username", tt.userName)
+			form.Add("email", tt.userEmail)
+			form.Add("password", tt.userPassword)
+			form.Add("csrf_token", tt.csrfToken)
+			code, _, body := ts.postForm(t, "/users/register", form)
+			assert.Equal(t, code, tt.wantCode)
+			if tt.wantFormTag != "" {
+				assert.StringContains(t, body, tt.wantFormTag)
+			}
+		})
+	}
+
+}

cmd/web/handlers_website.go

@@ -0,0 +1,105 @@
+package main
+
+import (
+	"errors"
+	"fmt"
+	"net/http"
+	"net/url"
+
+	"git.32bit.cafe/32bitcafe/guestbook/internal/forms"
+	"git.32bit.cafe/32bitcafe/guestbook/internal/models"
+	"git.32bit.cafe/32bitcafe/guestbook/internal/validator"
+	"git.32bit.cafe/32bitcafe/guestbook/ui/views"
+)
+
+func (app *application) getWebsiteCreate(w http.ResponseWriter, r *http.Request) {
+	form := forms.WebsiteCreateForm{}
+	data := app.newCommonData(r)
+	views.WebsiteCreate("Add Website", data, form).Render(r.Context(), w)
+}
+
+func (app *application) postWebsiteCreate(w http.ResponseWriter, r *http.Request) {
+	userId := app.sessionManager.GetInt64(r.Context(), "authenticatedUserId")
+	var form forms.WebsiteCreateForm
+	err := app.decodePostForm(r, &form)
+	if err != nil {
+		app.clientError(w, http.StatusBadRequest)
+		return
+	}
+
+	form.CheckField(validator.NotBlank(form.AuthorName), "authorName", "This field cannot be blank")
+	form.CheckField(validator.MaxChars(form.AuthorName, 256), "authorName", "This field cannot exceed 256 characters")
+	form.CheckField(validator.NotBlank(form.Name), "sitename", "This field cannot be blank")
+	form.CheckField(validator.MaxChars(form.Name, 256), "sitename", "This field cannot exceed 256 characters")
+	form.CheckField(validator.NotBlank(form.SiteUrl), "siteurl", "This field cannot be blank")
+	form.CheckField(validator.MaxChars(form.SiteUrl, 512), "siteurl", "This field cannot exceed 512 characters")
+	form.CheckField(validator.Matches(form.SiteUrl, validator.WebRX), "siteurl", "This field must be a valid URL (including http:// or https://)")
+
+	u, err := url.Parse(form.SiteUrl)
+	if err != nil {
+		form.CheckField(false, "siteurl", "This field must be a valid URL")
+	}
+	if !form.Valid() {
+		data := app.newCommonData(r)
+		w.WriteHeader(http.StatusUnprocessableEntity)
+		views.WebsiteCreate("Add a Website", data, form).Render(r.Context(), w)
+		return
+	}
+	websiteShortID := app.createShortId()
+	_, err = app.websites.Insert(websiteShortID, userId, form.Name, u.String(), form.AuthorName)
+	if err != nil {
+		app.serverError(w, r, err)
+		return
+	}
+	app.sessionManager.Put(r.Context(), "flash", "Website successfully registered!")
+	http.Redirect(w, r, fmt.Sprintf("/websites/%s/dashboard", shortIdToSlug(websiteShortID)), http.StatusSeeOther)
+}
+
+func (app *application) getWebsiteDashboard(w http.ResponseWriter, r *http.Request) {
+	slug := r.PathValue("id")
+	user := app.getCurrentUser(r)
+	website, err := app.websites.Get(slugToShortId(slug))
+	if err != nil {
+		if errors.Is(err, models.ErrNoRecord) {
+			http.NotFound(w, r)
+		} else {
+			app.serverError(w, r, err)
+		}
+		return
+	}
+	if user.ID != website.UserId {
+		app.clientError(w, http.StatusUnauthorized)
+	}
+	data := app.newCommonData(r)
+	views.WebsiteDashboard("Guestbook", data, website).Render(r.Context(), w)
+}
+
+func (app *application) getWebsiteList(w http.ResponseWriter, r *http.Request) {
+
+	userId := app.sessionManager.GetInt64(r.Context(), "authenticatedUserId")
+	websites, err := app.websites.GetAllUser(userId)
+	if err != nil {
+		app.serverError(w, r, err)
+		return
+	}
+	data := app.newCommonData(r)
+	views.WebsiteList("My Websites", data, websites).Render(r.Context(), w)
+}
+
+func (app *application) getComingSoon(w http.ResponseWriter, r *http.Request) {
+	slug := r.PathValue("id")
+	user := app.getCurrentUser(r)
+	website, err := app.websites.Get(slugToShortId(slug))
+	if err != nil {
+		if errors.Is(err, models.ErrNoRecord) {
+			http.NotFound(w, r)
+		} else {
+			app.serverError(w, r, err)
+		}
+		return
+	}
+	if website.UserId != user.ID {
+		app.clientError(w, http.StatusForbidden)
+	}
+	views.WebsiteDashboardComingSoon("Coming Soon", app.newCommonData(r), website).Render(r.Context(), w)
+}

cmd/web/helpers.go

@@ -0,0 +1,142 @@
+package main
+
+import (
+	"errors"
+	"fmt"
+	"math"
+	"net/http"
+	"net/url"
+	"runtime/debug"
+	"strconv"
+	"time"
+
+	"git.32bit.cafe/32bitcafe/guestbook/internal/models"
+	"git.32bit.cafe/32bitcafe/guestbook/ui/views"
+	"github.com/gorilla/schema"
+	"github.com/justinas/nosurf"
+)
+
+func (app *application) serverError(w http.ResponseWriter, r *http.Request, err error) {
+	var (
+		method = r.Method
+		uri    = r.URL.RequestURI()
+	)
+
+	app.logger.Error(err.Error(), "method", method, "uri", uri)
+	if app.debug {
+		http.Error(w, err.Error()+"\n"+string(debug.Stack()), http.StatusInternalServerError)
+	}
+	http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
+}
+
+func (app *application) clientError(w http.ResponseWriter, status int) {
+	http.Error(w, http.StatusText(status), status)
+}
+
+func (app *application) nextSequence() uint16 {
+	val := app.sequence
+	if app.sequence == math.MaxUint16 {
+		app.sequence = 0
+	} else {
+		app.sequence += 1
+	}
+	return val
+}
+
+func (app *application) createShortId() uint64 {
+	now := time.Now().UTC()
+	epoch, err := time.Parse(time.RFC822Z, "01 Jan 20 00:00 -0000")
+	if err != nil {
+		fmt.Println(err)
+		return 0
+	}
+	d := now.Sub(epoch)
+	ms := d.Milliseconds()
+	seq := app.nextSequence()
+	return (uint64(ms) & 0x0FFFFFFFFFFFFFFF) | (uint64(seq) << 48)
+}
+
+func shortIdToSlug(id uint64) string {
+	slug := strconv.FormatUint(id, 36)
+	return slug
+}
+
+func slugToShortId(slug string) uint64 {
+	id, _ := strconv.ParseUint(slug, 36, 64)
+	return id
+}
+
+func (app *application) decodePostForm(r *http.Request, dst any) error {
+	err := r.ParseForm()
+	if err != nil {
+		return err
+	}
+
+	err = app.formDecoder.Decode(dst, r.PostForm)
+	if err != nil {
+		var multiErrors *schema.MultiError
+		if !errors.As(err, &multiErrors) {
+			panic(err)
+		}
+		return err
+	}
+	return nil
+}
+
+func (app *application) isAuthenticated(r *http.Request) bool {
+	isAuthenticated, ok := r.Context().Value(isAuthenticatedContextKey).(bool)
+	if !ok {
+		return false
+	}
+	return isAuthenticated
+}
+
+func (app *application) getCurrentUser(r *http.Request) *models.User {
+	if !app.isAuthenticated(r) {
+		return nil
+	}
+	user, ok := r.Context().Value(userNameContextKey).(models.User)
+	if !ok {
+		return nil
+	}
+	return &user
+}
+
+func (app *application) newCommonData(r *http.Request) views.CommonData {
+	return views.CommonData{
+		CurrentYear:     time.Now().Year(),
+		Flash:           app.sessionManager.PopString(r.Context(), "flash"),
+		IsAuthenticated: app.isAuthenticated(r),
+		CSRFToken:       nosurf.Token(r),
+		CurrentUser:     app.getCurrentUser(r),
+		IsHtmx:          r.Header.Get("Hx-Request") == "true",
+		RootUrl:         app.rootUrl,
+	}
+}
+
+func DefaultUserSettings() models.UserSettings {
+	return models.UserSettings{
+		LocalTimezone: time.Now().UTC().Location(),
+	}
+}
+
+func (app *application) durationToTime(duration string) (time.Time, error) {
+	var result time.Time
+	offset, err := time.ParseDuration(duration)
+	if err != nil {
+		return result, nil
+	}
+	result = time.Now().UTC().Add(offset)
+	return result, nil
+}
+
+func matchOrigin(origin string, u *url.URL) bool {
+	o, err := url.Parse(origin)
+	if err != nil {
+		return false
+	}
+	if o.Host != u.Host {
+		return false
+	}
+	return true
+}

cmd/web/main.go

@@ -0,0 +1,162 @@
+package main
+
+import (
+	"crypto/tls"
+	"database/sql"
+	"flag"
+	"log/slog"
+	"net/http"
+	"os"
+	"strings"
+	"time"
+	"unicode"
+
+	"git.32bit.cafe/32bitcafe/guestbook/internal/models"
+	"github.com/alexedwards/scs/sqlite3store"
+	"github.com/alexedwards/scs/v2"
+	"github.com/gorilla/schema"
+	_ "github.com/mattn/go-sqlite3"
+)
+
+type application struct {
+	sequence          uint16
+	logger            *slog.Logger
+	websites          models.WebsiteModelInterface
+	users             models.UserModelInterface
+	guestbookComments models.GuestbookCommentModelInterface
+	sessionManager    *scs.SessionManager
+	formDecoder       *schema.Decoder
+	debug             bool
+	timezones         []string
+	rootUrl           string
+}
+
+func main() {
+	addr := flag.String("addr", ":3000", "HTTP network address")
+	dsn := flag.String("dsn", "guestbook.db", "data source name")
+	debug := flag.Bool("debug", false, "enable debug mode")
+	root := flag.String("root", "localhost:3000", "root URL of application")
+	flag.Parse()
+
+	logger := slog.New(slog.NewTextHandler(os.Stdout, &slog.HandlerOptions{Level: slog.LevelDebug}))
+
+	db, err := openDB(*dsn)
+	if err != nil {
+		logger.Error(err.Error())
+		os.Exit(1)
+	}
+	defer db.Close()
+
+	sessionManager := scs.New()
+	sessionManager.Store = sqlite3store.New(db)
+	sessionManager.Lifetime = 12 * time.Hour
+
+	formDecoder := schema.NewDecoder()
+	formDecoder.IgnoreUnknownKeys(true)
+
+	app := &application{
+		sequence:          0,
+		logger:            logger,
+		sessionManager:    sessionManager,
+		websites:          &models.WebsiteModel{DB: db},
+		users:             &models.UserModel{DB: db, Settings: make(map[string]models.Setting)},
+		guestbookComments: &models.GuestbookCommentModel{DB: db},
+		formDecoder:       formDecoder,
+		debug:             *debug,
+		timezones:         getAvailableTimezones(),
+		rootUrl:           *root,
+	}
+
+	err = app.users.InitializeSettingsMap()
+	if err != nil {
+		logger.Error(err.Error())
+		os.Exit(1)
+	}
+	err = app.websites.InitializeSettingsMap()
+	if err != nil {
+		logger.Error(err.Error())
+		os.Exit(1)
+	}
+
+	tlsConfig := &tls.Config{
+		CurvePreferences: []tls.CurveID{tls.X25519, tls.CurveP256},
+	}
+
+	srv := &http.Server{
+		Addr:         *addr,
+		Handler:      app.routes(),
+		ErrorLog:     slog.NewLogLogger(logger.Handler(), slog.LevelError),
+		TLSConfig:    tlsConfig,
+		IdleTimeout:  time.Minute,
+		ReadTimeout:  5 * time.Second,
+		WriteTimeout: 10 * time.Second,
+	}
+
+	logger.Info("Starting server", slog.Any("addr", *addr))
+
+	if app.debug {
+		err = srv.ListenAndServeTLS("./tls/cert.pem", "./tls/key.pem")
+	} else {
+		err = srv.ListenAndServe()
+	}
+	logger.Error(err.Error())
+	os.Exit(1)
+}
+
+func openDB(dsn string) (*sql.DB, error) {
+	db, err := sql.Open("sqlite3", dsn)
+	if err != nil {
+		return nil, err
+	}
+	if err = db.Ping(); err != nil {
+		return nil, err
+	}
+	return db, nil
+}
+
+func getAvailableTimezones() []string {
+	var zones []string
+	var zoneDirs = []string{
+		"/usr/share/zoneinfo/",
+		"/usr/share/lib/zoneinfo/",
+		"/usr/lib/locale/TZ/",
+	}
+	for _, zd := range zoneDirs {
+		zones = walkTzDir(zd, zones)
+		for idx, zone := range zones {
+			zones[idx] = strings.ReplaceAll(zone, zd+"/", "")
+		}
+	}
+	return zones
+}
+
+func walkTzDir(path string, zones []string) []string {
+	fileInfos, err := os.ReadDir(path)
+	if err != nil {
+		return zones
+	}
+	isAlpha := func(s string) bool {
+		for _, r := range s {
+			if !unicode.IsLetter(r) {
+				return false
+			}
+		}
+		return true
+	}
+	for _, info := range fileInfos {
+		if info.Name() != strings.ToUpper(info.Name()[:1])+info.Name()[1:] {
+			continue
+		}
+		if !isAlpha(info.Name()[:1]) {
+			continue
+		}
+		newPath := path + "/" + info.Name()
+		if info.IsDir() {
+			zones = walkTzDir(newPath, zones)
+		} else {
+			zones = append(zones, newPath)
+		}
+	}
+	return zones
+
+}

cmd/web/middleware.go

@@ -0,0 +1,101 @@
+package main
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+
+	"github.com/justinas/nosurf"
+)
+
+func (app *application) logRequest(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		var (
+			ip     = r.RemoteAddr
+			proto  = r.Proto
+			method = r.Method
+			uri    = r.URL.RequestURI()
+		)
+		app.logger.Info("received request", "ip", ip, "proto", proto, "method", method, "uri", uri)
+		next.ServeHTTP(w, r)
+	})
+}
+
+func commonHeaders(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Content-Security-Policy", "default-src 'self'; style-src 'self' fonts.googleapis.com; font-src fonts.gstatic.com")
+		w.Header().Set("Referrer-Policy", "origin-when-cross-origin")
+		w.Header().Set("X-Content-Type-Options", "nosniff")
+		// w.Header().Set("X-Frame-Options", "deny")
+		w.Header().Set("X-XSS-Protection", "0")
+		next.ServeHTTP(w, r)
+	})
+}
+
+func (app *application) recoverPanic(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		defer func() {
+			if err := recover(); err != nil {
+				w.Header().Set("Connection", "close")
+				app.serverError(w, r, fmt.Errorf("%s", err))
+			}
+		}()
+
+		next.ServeHTTP(w, r)
+	})
+}
+
+func (app *application) requireAuthentication(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if !app.isAuthenticated(r) {
+			http.Redirect(w, r, "/users/login", http.StatusSeeOther)
+			return
+		}
+		w.Header().Add("Cache-Control", "no-store")
+		next.ServeHTTP(w, r)
+	})
+}
+
+func noSurf(next http.Handler) http.Handler {
+	csrfHandler := nosurf.New(next)
+	csrfHandler.SetBaseCookie(http.Cookie{
+		HttpOnly: true,
+		Path:     "/",
+		Secure:   true,
+	})
+
+	return csrfHandler
+}
+
+func (app *application) authenticate(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		id := app.sessionManager.GetInt64(r.Context(), "authenticatedUserId")
+		if id == 0 {
+			next.ServeHTTP(w, r)
+			return
+		}
+		exists, err := app.users.Exists(id)
+		if err != nil {
+			app.serverError(w, r, err)
+			return
+		}
+		user, err := app.users.GetById(id)
+		if err != nil {
+			app.serverError(w, r, err)
+			return
+		}
+		if exists {
+			ctx := context.WithValue(r.Context(), isAuthenticatedContextKey, true)
+			ctx = context.WithValue(ctx, userNameContextKey, user)
+			r = r.WithContext(ctx)
+		}
+		next.ServeHTTP(w, r)
+	})
+}
+
+func (app *application) enableCors(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Access-Control-Allow-Origin", "*")
+		next.ServeHTTP(w, r)
+	})
+}

cmd/web/routes.go

@@ -0,0 +1,57 @@
+package main
+
+import (
+	"net/http"
+
+	"git.32bit.cafe/32bitcafe/guestbook/ui"
+	"github.com/justinas/alice"
+)
+
+func (app *application) routes() http.Handler {
+	mux := http.NewServeMux()
+	mux.Handle("GET /static/", http.FileServerFS(ui.Files))
+
+	mux.HandleFunc("GET /ping", ping)
+
+	dynamic := alice.New(app.sessionManager.LoadAndSave, noSurf, app.authenticate)
+	standard := alice.New(app.recoverPanic, app.logRequest, commonHeaders)
+	withCors := standard.Append(app.enableCors)
+
+	mux.Handle("/{$}", dynamic.ThenFunc(app.home))
+	mux.Handle("GET /websites/{id}/guestbook", dynamic.ThenFunc(app.getGuestbook))
+	mux.Handle("GET /websites/{id}/guestbook/comments", withCors.ThenFunc(app.getGuestbookCommentsSerialized))
+	mux.Handle("POST /websites/{id}/guestbook/comments/create/remote", standard.ThenFunc(app.postGuestbookCommentCreateRemote))
+	mux.Handle("GET /websites/{id}/guestbook/comments/create", dynamic.ThenFunc(app.getGuestbookCommentCreate))
+	mux.Handle("POST /websites/{id}/guestbook/comments/create", dynamic.ThenFunc(app.postGuestbookCommentCreate))
+	mux.Handle("GET /users/register", dynamic.ThenFunc(app.getUserRegister))
+	mux.Handle("POST /users/register", dynamic.ThenFunc(app.postUserRegister))
+	mux.Handle("GET /users/login", dynamic.ThenFunc(app.getUserLogin))
+	mux.Handle("POST /users/login", dynamic.ThenFunc(app.postUserLogin))
+	mux.Handle("GET /help", dynamic.ThenFunc(app.notImplemented))
+
+	protected := dynamic.Append(app.requireAuthentication)
+
+	// mux.Handle("GET /users", protected.ThenFunc(app.getUsersList))
+	mux.Handle("GET /users/{id}", protected.ThenFunc(app.getUser))
+	mux.Handle("POST /users/logout", protected.ThenFunc(app.postUserLogout))
+	mux.Handle("GET /users/settings", protected.ThenFunc(app.getUserSettings))
+	mux.Handle("PUT /users/settings", protected.ThenFunc(app.putUserSettings))
+	mux.Handle("GET /users/privacy", protected.ThenFunc(app.notImplemented))
+	mux.Handle("GET /guestbooks", protected.ThenFunc(app.getAllGuestbooks))
+
+	mux.Handle("GET /websites", protected.ThenFunc(app.getWebsiteList))
+	mux.Handle("GET /websites/create", protected.ThenFunc(app.getWebsiteCreate))
+	mux.Handle("POST /websites/create", protected.ThenFunc(app.postWebsiteCreate))
+	mux.Handle("GET /websites/{id}/dashboard", protected.ThenFunc(app.getWebsiteDashboard))
+	mux.Handle("GET /websites/{id}/dashboard/guestbook/comments", protected.ThenFunc(app.getGuestbookComments))
+	mux.Handle("GET /websites/{id}/dashboard/guestbook/comments/queue", protected.ThenFunc(app.getCommentQueue))
+	mux.Handle("DELETE /websites/{id}/dashboard/guestbook/comments/{commentId}", protected.ThenFunc(app.deleteGuestbookComment))
+	mux.Handle("PUT /websites/{id}/dashboard/guestbook/comments/{commentId}", protected.ThenFunc(app.putHideGuestbookComment))
+	mux.Handle("GET /websites/{id}/dashboard/guestbook/settings", protected.ThenFunc(app.getGuestbookSettings))
+	mux.Handle("PUT /websites/{id}/dashboard/guestbook/settings", protected.ThenFunc(app.putGuestbookSettings))
+	mux.Handle("GET /websites/{id}/dashboard/guestbook/comments/trash", protected.ThenFunc(app.getCommentTrash))
+	mux.Handle("GET /websites/{id}/dashboard/guestbook/themes", protected.ThenFunc(app.getComingSoon))
+	mux.Handle("GET /websites/{id}/dashboard/guestbook/customize", protected.ThenFunc(app.getComingSoon))
+
+	return standard.Then(mux)
+}

cmd/web/testutils_test.go

@@ -0,0 +1,96 @@
+package main
+
+import (
+	"bytes"
+	"html"
+	"io"
+	"log/slog"
+	"net/http"
+	"net/http/cookiejar"
+	"net/http/httptest"
+	"net/url"
+	"regexp"
+	"testing"
+	"time"
+
+	"git.32bit.cafe/32bitcafe/guestbook/internal/models/mocks"
+	"github.com/alexedwards/scs/v2"
+	"github.com/gorilla/schema"
+)
+
+func newTestApplication(t *testing.T) *application {
+	formDecoder := schema.NewDecoder()
+	formDecoder.IgnoreUnknownKeys(true)
+
+	sessionManager := scs.New()
+	sessionManager.Lifetime = 12 * time.Hour
+	sessionManager.Cookie.Secure = true
+
+	return &application{
+		logger:            slog.New(slog.NewTextHandler(io.Discard, nil)),
+		sessionManager:    sessionManager,
+		websites:          &mocks.WebsiteModel{},
+		users:             &mocks.UserModel{},
+		guestbookComments: &mocks.GuestbookCommentModel{},
+		formDecoder:       formDecoder,
+		timezones:         getAvailableTimezones(),
+	}
+}
+
+type testServer struct {
+	*httptest.Server
+}
+
+func newTestServer(t *testing.T, h http.Handler) *testServer {
+	ts := httptest.NewTLSServer(h)
+	jar, err := cookiejar.New(nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+	ts.Client().Jar = jar
+	ts.Client().CheckRedirect = func(req *http.Request, via []*http.Request) error {
+		return http.ErrUseLastResponse
+	}
+	return &testServer{ts}
+}
+
+func (ts *testServer) get(t *testing.T, urlPath string) (int, http.Header, string) {
+	rs, err := ts.Client().Get(ts.URL + urlPath)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	defer rs.Body.Close()
+	body, err := io.ReadAll(rs.Body)
+	if err != nil {
+		t.Fatal(err)
+	}
+	body = bytes.TrimSpace(body)
+
+	return rs.StatusCode, rs.Header, string(body)
+}
+
+func (ts *testServer) postForm(t *testing.T, urlPath string, form url.Values) (int, http.Header, string) {
+	rs, err := ts.Client().PostForm(ts.URL+urlPath, form)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	defer rs.Body.Close()
+	body, err := io.ReadAll(rs.Body)
+	if err != nil {
+		t.Fatal(err)
+	}
+	body = bytes.TrimSpace(body)
+	return rs.StatusCode, rs.Header, string(body)
+}
+
+var csrfTokenRX = regexp.MustCompile(`<input type="hidden" name="csrf_token" value="(.+?)">`)
+
+func extractCSRFToken(t *testing.T, body string) string {
+	matches := csrfTokenRX.FindStringSubmatch(body)
+	if len(matches) < 2 {
+		t.Fatal("no csrf token found in body")
+	}
+	return html.UnescapeString(matches[1])
+}

go.mod

@@ -0,0 +1,14 @@
+module git.32bit.cafe/32bitcafe/guestbook
+
+go 1.23.1
+
+require (
+	github.com/a-h/templ v0.3.833
+	github.com/alexedwards/scs/sqlite3store v0.0.0-20250212122300-421ef1d8611c
+	github.com/alexedwards/scs/v2 v2.8.0
+	github.com/gorilla/schema v1.4.1
+	github.com/justinas/alice v1.2.0
+	github.com/justinas/nosurf v1.1.1
+	github.com/mattn/go-sqlite3 v1.14.24
+	golang.org/x/crypto v0.36.0
+)

go.sum

@@ -0,0 +1,24 @@
+github.com/a-h/templ v0.3.833 h1:L/KOk/0VvVTBegtE0fp2RJQiBm7/52Zxv5fqlEHiQUU=
+github.com/a-h/templ v0.3.833/go.mod h1:cAu4AiZhtJfBjMY0HASlyzvkrtjnHWPeEsyGK2YYmfk=
+github.com/alexedwards/scs/sqlite3store v0.0.0-20240316134038-7e11d57e8885 h1:+DCxWg/ojncqS+TGAuRUoV7OfG/S4doh0pcpAwEcow0=
+github.com/alexedwards/scs/sqlite3store v0.0.0-20240316134038-7e11d57e8885/go.mod h1:Iyk7S76cxGaiEX/mSYmTZzYehp4KfyylcLaV3OnToss=
+github.com/alexedwards/scs/sqlite3store v0.0.0-20250212122300-421ef1d8611c h1:0gBCIsmH3+aaWK55APhhY7/Z+uv5IdbMqekI97V9shU=
+github.com/alexedwards/scs/sqlite3store v0.0.0-20250212122300-421ef1d8611c/go.mod h1:Iyk7S76cxGaiEX/mSYmTZzYehp4KfyylcLaV3OnToss=
+github.com/alexedwards/scs/v2 v2.8.0 h1:h31yUYoycPuL0zt14c0gd+oqxfRwIj6SOjHdKRZxhEw=
+github.com/alexedwards/scs/v2 v2.8.0/go.mod h1:ToaROZxyKukJKT/xLcVQAChi5k6+Pn1Gvmdl7h3RRj8=
+github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
+github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/gorilla/schema v1.4.1 h1:jUg5hUjCSDZpNGLuXQOgIWGdlgrIdYvgQ0wZtdK1M3E=
+github.com/gorilla/schema v1.4.1/go.mod h1:Dg5SSm5PV60mhF2NFaTV1xuYYj8tV8NOPRo4FggUMnM=
+github.com/justinas/alice v1.2.0 h1:+MHSA/vccVCF4Uq37S42jwlkvI2Xzl7zTPCN5BnZNVo=
+github.com/justinas/alice v1.2.0/go.mod h1:fN5HRH/reO/zrUflLfTN43t3vXvKzvZIENsNEe7i7qA=
+github.com/justinas/nosurf v1.1.1 h1:92Aw44hjSK4MxJeMSyDa7jwuI9GR2J/JCQiaKvXXSlk=
+github.com/justinas/nosurf v1.1.1/go.mod h1:ALpWdSbuNGy2lZWtyXdjkYv4edL23oSEgfBT1gPJ5BQ=
+github.com/mattn/go-sqlite3 v1.14.6 h1:dNPt6NO46WmLVt2DLNpwczCmdV5boIZ6g/tlDrlRUbg=
+github.com/mattn/go-sqlite3 v1.14.6/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU=
+github.com/mattn/go-sqlite3 v1.14.24 h1:tpSp2G2KyMnnQu99ngJ47EIkWVmliIizyZBfPrBWDRM=
+github.com/mattn/go-sqlite3 v1.14.24/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y=
+golang.org/x/crypto v0.29.0 h1:L5SG1JTTXupVV3n6sUqMTeWbjAyfPwoda2DLX8J8FrQ=
+golang.org/x/crypto v0.29.0/go.mod h1:+F4F4N5hv6v38hfeYwTdx20oUvLLc+QfrE9Ax9HtgRg=
+golang.org/x/crypto v0.36.0 h1:AnAEvhDddvBdpY+uR+MyHmuZzzNqXSe/GvuDeob5L34=
+golang.org/x/crypto v0.36.0/go.mod h1:Y4J0ReaxCR1IMaabaSMugxJES1EpwhBHhv2bDHklZvc=

internal/assert/assert.go

@@ -0,0 +1,22 @@
+package assert
+
+import (
+	"strings"
+	"testing"
+)
+
+func Equal[T comparable](t *testing.T, actual, expected T) {
+	t.Helper()
+
+	if actual != expected {
+		t.Errorf("got: %v; want %v", actual, expected)
+	}
+}
+
+func StringContains(t *testing.T, actual, expectedSubstring string) {
+	t.Helper()
+
+	if !strings.Contains(actual, expectedSubstring) {
+		t.Errorf("got: %q; expected to contain: %q", actual, expectedSubstring)
+	}
+}

internal/forms/forms.go

@@ -0,0 +1,44 @@
+package forms
+
+import "git.32bit.cafe/32bitcafe/guestbook/internal/validator"
+
+type UserRegistrationForm struct {
+	Name                string `schema:"username"`
+	Email               string `schema:"email"`
+	Password            string `schema:"password"`
+	validator.Validator `schema:"-"`
+}
+
+type UserLoginForm struct {
+	Email               string `schema:"email"`
+	Password            string `schema:"password"`
+	validator.Validator `schema:"-"`
+}
+
+type CommentCreateForm struct {
+	AuthorName          string `schema:"authorname"`
+	AuthorEmail         string `schema:"authoremail"`
+	AuthorSite          string `schema:"authorsite"`
+	Content             string `schema:"content"`
+	Redirect            string `schema:"redirect"`
+	validator.Validator `schema:"-"`
+}
+
+type WebsiteCreateForm struct {
+	Name                string `schema:"sitename"`
+	SiteUrl             string `schema:"siteurl"`
+	AuthorName          string `schema:"authorname"`
+	validator.Validator `schema:"-"`
+}
+
+type UserSettingsForm struct {
+	LocalTimezone       string `schema:"timezones"`
+	validator.Validator `schema:"-"`
+}
+
+type GuestbookSettingsForm struct {
+	Visibility          string `schema:"gb_visible"`
+	CommentingEnabled   string `schema:"gb_commenting"`
+	WidgetsEnabled      string `schema:"gb_remote"`
+	validator.Validator `schema:"-"`
+}

internal/models/errors.go

@@ -0,0 +1,13 @@
+package models
+
+import "errors"
+
+var (
+	ErrNoRecord = errors.New("models: no matching record found")
+
+	ErrInvalidCredentials = errors.New("models: invalid credentials")
+
+	ErrDuplicateEmail = errors.New("models: duplicate email")
+
+	ErrInvalidSettingValue = errors.New("models: invalid setting value")
+)

internal/models/guestbookcomment.go

@@ -0,0 +1,200 @@
+package models
+
+import (
+	"database/sql"
+	"time"
+)
+
+type GuestbookComment struct {
+	ID          int64
+	ShortId     uint64
+	GuestbookId int64
+	ParentId    int64
+	AuthorName  string
+	AuthorEmail string
+	AuthorSite  string
+	CommentText string
+	PageUrl     string
+	Created     time.Time
+	Deleted     time.Time
+	IsPublished bool
+}
+
+type GuestbookCommentSerialized struct {
+	AuthorName  string
+	CommentText string
+	Created     string
+}
+
+type GuestbookCommentModel struct {
+	DB *sql.DB
+}
+
+type GuestbookCommentModelInterface interface {
+	Insert(shortId uint64, guestbookId, parentId int64, authorName, authorEmail, authorSite, commentText, pageUrl string, isPublished bool) (int64, error)
+	Get(shortId uint64) (GuestbookComment, error)
+	GetAll(guestbookId int64) ([]GuestbookComment, error)
+	GetAllSerialized(guestbookId int64) ([]GuestbookCommentSerialized, error)
+	GetDeleted(guestbookId int64) ([]GuestbookComment, error)
+	GetUnpublished(guestbookId int64) ([]GuestbookComment, error)
+	UpdateComment(comment *GuestbookComment) error
+}
+
+func (m *GuestbookCommentModel) Insert(shortId uint64, guestbookId, parentId int64, authorName,
+	authorEmail, authorSite, commentText, pageUrl string, isPublished bool) (int64, error) {
+	stmt := `INSERT INTO guestbook_comments (ShortId, GuestbookId, ParentId, AuthorName,
+    AuthorEmail, AuthorSite, CommentText, PageUrl, Created, IsPublished)
+    VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`
+	result, err := m.DB.Exec(stmt, shortId, guestbookId, parentId, authorName, authorEmail,
+		authorSite, commentText, pageUrl, time.Now().UTC(), isPublished)
+	if err != nil {
+		return -1, err
+	}
+	id, err := result.LastInsertId()
+	if err != nil {
+		return -1, err
+	}
+	return id, nil
+}
+
+func (m *GuestbookCommentModel) Get(shortId uint64) (GuestbookComment, error) {
+	stmt := `SELECT Id, ShortId, GuestbookId, ParentId, AuthorName, AuthorEmail, AuthorSite,
+    CommentText, PageUrl, Created, IsPublished, Deleted FROM guestbook_comments WHERE ShortId = ?`
+	row := m.DB.QueryRow(stmt, shortId)
+	var c GuestbookComment
+	var t sql.NullTime
+	err := row.Scan(&c.ID, &c.ShortId, &c.GuestbookId, &c.ParentId, &c.AuthorName, &c.AuthorEmail, &c.AuthorSite,
+		&c.CommentText, &c.PageUrl, &c.Created, &c.IsPublished, &t)
+	if err != nil {
+		return GuestbookComment{}, err
+	}
+	if t.Valid {
+		c.Deleted = t.Time
+	}
+	return c, nil
+}
+
+func (m *GuestbookCommentModel) GetAll(guestbookId int64) ([]GuestbookComment, error) {
+	stmt := `SELECT Id, ShortId, GuestbookId, ParentId, AuthorName, AuthorEmail, AuthorSite,
+    CommentText, PageUrl, Created, IsPublished 
+	    FROM guestbook_comments 
+	    WHERE GuestbookId = ? AND IsPublished = TRUE AND DELETED IS NULL
+	    ORDER BY Created DESC`
+	rows, err := m.DB.Query(stmt, guestbookId)
+	if err != nil {
+		return nil, err
+	}
+	var comments []GuestbookComment
+	for rows.Next() {
+		var c GuestbookComment
+		err = rows.Scan(&c.ID, &c.ShortId, &c.GuestbookId, &c.ParentId, &c.AuthorName, &c.AuthorEmail, &c.AuthorSite,
+			&c.CommentText, &c.PageUrl, &c.Created, &c.IsPublished)
+		if err != nil {
+			return nil, err
+		}
+		comments = append(comments, c)
+	}
+	if err = rows.Err(); err != nil {
+		return nil, err
+	}
+	return comments, nil
+}
+
+func (m *GuestbookCommentModel) GetAllSerialized(guestbookId int64) ([]GuestbookCommentSerialized, error) {
+	stmt := `SELECT AuthorName, CommentText, Created
+	    FROM guestbook_comments 
+	    WHERE GuestbookId = ? AND IsPublished = TRUE AND DELETED IS NULL
+	    ORDER BY Created DESC`
+	rows, err := m.DB.Query(stmt, guestbookId)
+	if err != nil {
+		return nil, err
+	}
+	var comments []GuestbookCommentSerialized
+	for rows.Next() {
+		var c GuestbookCommentSerialized
+		err = rows.Scan(&c.AuthorName, &c.CommentText, &c.Created)
+		if err != nil {
+			return nil, err
+		}
+		comments = append(comments, c)
+	}
+	if err = rows.Err(); err != nil {
+		return nil, err
+	}
+	return comments, nil
+}
+
+func (m *GuestbookCommentModel) GetDeleted(guestbookId int64) ([]GuestbookComment, error) {
+	stmt := `SELECT Id, ShortId, GuestbookId, ParentId, AuthorName, AuthorEmail, AuthorSite,
+    CommentText, PageUrl, Created, IsPublished, Deleted
+	    FROM guestbook_comments 
+	    WHERE GuestbookId = ? AND Deleted IS NOT NULL
+	    ORDER BY Created DESC`
+	rows, err := m.DB.Query(stmt, guestbookId)
+	if err != nil {
+		return nil, err
+	}
+	var comments []GuestbookComment
+	for rows.Next() {
+		var c GuestbookComment
+		var t sql.NullTime
+		err = rows.Scan(&c.ID, &c.ShortId, &c.GuestbookId, &c.ParentId, &c.AuthorName, &c.AuthorEmail, &c.AuthorSite,
+			&c.CommentText, &c.PageUrl, &c.Created, &c.IsPublished, &t)
+		if err != nil {
+			return nil, err
+		}
+		if t.Valid {
+			c.Deleted = t.Time
+		}
+		comments = append(comments, c)
+	}
+	if err = rows.Err(); err != nil {
+		return nil, err
+	}
+	return comments, nil
+}
+
+func (m *GuestbookCommentModel) GetUnpublished(guestbookId int64) ([]GuestbookComment, error) {
+	stmt := `SELECT Id, ShortId, GuestbookId, ParentId, AuthorName, AuthorEmail, AuthorSite,
+    CommentText, PageUrl, Created, IsPublished 
+	    FROM guestbook_comments 
+	    WHERE GuestbookId = ? AND Deleted IS NULL AND IsPublished = FALSE
+	    ORDER BY Created DESC`
+	rows, err := m.DB.Query(stmt, guestbookId)
+	if err != nil {
+		return nil, err
+	}
+	var comments []GuestbookComment
+	for rows.Next() {
+		var c GuestbookComment
+		err = rows.Scan(&c.ID, &c.ShortId, &c.GuestbookId, &c.ParentId, &c.AuthorName, &c.AuthorEmail, &c.AuthorSite,
+			&c.CommentText, &c.PageUrl, &c.Created, &c.IsPublished)
+		if err != nil {
+			return nil, err
+		}
+		comments = append(comments, c)
+	}
+	if err = rows.Err(); err != nil {
+		return nil, err
+	}
+	return comments, nil
+}
+
+func (m *GuestbookCommentModel) UpdateComment(comment *GuestbookComment) error {
+	stmt := `UPDATE guestbook_comments
+			SET CommentText = ?,
+				PageUrl = ?,
+				IsPublished = ?,
+				Deleted = ?
+		WHERE Id = ?`
+	var err error
+	if comment.Deleted.IsZero() {
+		_, err = m.DB.Exec(stmt, comment.CommentText, comment.PageUrl, comment.IsPublished, nil, comment.ID)
+	} else {
+		_, err = m.DB.Exec(stmt, comment.CommentText, comment.PageUrl, comment.IsPublished, comment.Deleted, comment.ID)
+	}
+	if err != nil {
+		return err
+	}
+	return nil
+}

internal/models/mocks/guestbookcomment.go

@@ -0,0 +1,81 @@
+package mocks
+
+import (
+	"time"
+
+	"git.32bit.cafe/32bitcafe/guestbook/internal/models"
+)
+
+var mockGuestbookComment = models.GuestbookComment{
+	ID:          1,
+	ShortId:     1,
+	GuestbookId: 1,
+	AuthorName:  "John Test",
+	AuthorEmail: "test@example.com",
+	AuthorSite:  "example.com",
+	CommentText: "Hello, world",
+	Created:     time.Now(),
+	IsPublished: true,
+}
+
+var mockSerializedGuestbookComment = models.GuestbookCommentSerialized{
+	AuthorName:  "John Test",
+	CommentText: "Hello, world",
+	Created:     time.Now().Format(time.RFC3339),
+}
+
+type GuestbookCommentModel struct{}
+
+func (m *GuestbookCommentModel) Insert(shortId uint64, guestbookId, parentId int64, authorName,
+	authorEmail, authorSite, commentText, pageUrl string, isPublished bool) (int64, error) {
+	return 2, nil
+}
+
+func (m *GuestbookCommentModel) Get(shortId uint64) (models.GuestbookComment, error) {
+	switch shortId {
+	case 1:
+		return mockGuestbookComment, nil
+	default:
+		return models.GuestbookComment{}, models.ErrNoRecord
+	}
+}
+
+func (m *GuestbookCommentModel) GetAll(guestbookId int64) ([]models.GuestbookComment, error) {
+	switch guestbookId {
+	case 1:
+		return []models.GuestbookComment{mockGuestbookComment}, nil
+	case 2:
+		return []models.GuestbookComment{}, nil
+	default:
+		return []models.GuestbookComment{}, models.ErrNoRecord
+	}
+}
+
+func (m *GuestbookCommentModel) GetAllSerialized(guestbookId int64) ([]models.GuestbookCommentSerialized, error) {
+	switch guestbookId {
+	case 1:
+		return []models.GuestbookCommentSerialized{mockSerializedGuestbookComment}, nil
+	case 2:
+		return []models.GuestbookCommentSerialized{}, nil
+	default:
+		return []models.GuestbookCommentSerialized{}, models.ErrNoRecord
+	}
+}
+
+func (m *GuestbookCommentModel) GetDeleted(guestbookId int64) ([]models.GuestbookComment, error) {
+	switch guestbookId {
+	default:
+		return []models.GuestbookComment{}, models.ErrNoRecord
+	}
+}
+
+func (m *GuestbookCommentModel) GetUnpublished(guestbookId int64) ([]models.GuestbookComment, error) {
+	switch guestbookId {
+	default:
+		return []models.GuestbookComment{}, models.ErrNoRecord
+	}
+}
+
+func (m *GuestbookCommentModel) UpdateComment(comment *models.GuestbookComment) error {
+	return nil
+}

internal/models/mocks/users.go

@@ -0,0 +1,89 @@
+package mocks
+
+import (
+	"time"
+
+	"git.32bit.cafe/32bitcafe/guestbook/internal/models"
+)
+
+var mockUser = models.User{
+	ID:       1,
+	ShortId:  1,
+	Username: "tester",
+	Email:    "test@example.com",
+	Deleted:  false,
+	IsBanned: false,
+	Created:  time.Now(),
+	Settings: mockUserSettings,
+}
+
+var mockUserSettings = models.UserSettings{
+	LocalTimezone: time.UTC,
+}
+
+type UserModel struct {
+	Settings map[string]models.Setting
+}
+
+func (m *UserModel) InitializeSettingsMap() error {
+	return nil
+}
+
+func (m *UserModel) Insert(shortId uint64, username string, email string, password string, settings models.UserSettings) error {
+	switch email {
+	case "dupe@example.com":
+		return models.ErrDuplicateEmail
+	default:
+		return nil
+	}
+}
+
+func (m *UserModel) Get(shortId uint64) (models.User, error) {
+	switch shortId {
+	case 1:
+		return mockUser, nil
+	default:
+		return models.User{}, models.ErrNoRecord
+	}
+}
+
+func (m *UserModel) GetById(id int64) (models.User, error) {
+	switch id {
+	case 1:
+		return mockUser, nil
+	default:
+		return models.User{}, models.ErrNoRecord
+	}
+}
+
+func (m *UserModel) GetAll() ([]models.User, error) {
+	return []models.User{mockUser}, nil
+}
+
+func (m *UserModel) Authenticate(email, password string) (int64, error) {
+	if email == "test@example.com" && password == "password" {
+		return 1, nil
+	}
+	return 0, models.ErrInvalidCredentials
+}
+
+func (m *UserModel) Exists(id int64) (bool, error) {
+	switch id {
+	case 1:
+		return true, nil
+	default:
+		return false, nil
+	}
+}
+
+func (m *UserModel) GetSettings(userId int64) (models.UserSettings, error) {
+	return mockUserSettings, nil
+}
+
+func (m *UserModel) UpdateUserSettings(userId int64, settings models.UserSettings) error {
+	return nil
+}
+
+func (m *UserModel) UpdateSetting(userId int64, setting models.Setting, value string) error {
+	return nil
+}

internal/models/mocks/website.go

@@ -0,0 +1,82 @@
+package mocks
+
+import (
+	"net/url"
+	"time"
+
+	"git.32bit.cafe/32bitcafe/guestbook/internal/models"
+)
+
+var mockGuestbook = models.Guestbook{
+	ID:        1,
+	ShortId:   1,
+	UserId:    1,
+	WebsiteId: 1,
+	Created:   time.Now(),
+	IsActive:  true,
+	Settings: models.GuestbookSettings{
+		IsCommentingEnabled:   true,
+		IsVisible:             true,
+		FilteredWords:         make([]string, 0),
+		AllowRemoteHostAccess: true,
+	},
+}
+
+var mockWebsite = models.Website{
+	ID:      1,
+	ShortId: 1,
+	Name:    "Example",
+	// SiteUrl:    "example.com",
+	Url: &url.URL{
+		Scheme: "http",
+		Host:   "example.com",
+	},
+	AuthorName: "John Test",
+	UserId:     1,
+	Created:    time.Now(),
+	Guestbook:  mockGuestbook,
+}
+
+type WebsiteModel struct{}
+
+func (m *WebsiteModel) Insert(shortId uint64, userId int64, siteName, siteUrl, authorName string) (int64, error) {
+	return 2, nil
+}
+
+func (m *WebsiteModel) Get(shortId uint64) (models.Website, error) {
+	switch shortId {
+	case 1:
+		return mockWebsite, nil
+	default:
+		return models.Website{}, models.ErrNoRecord
+	}
+}
+
+func (m *WebsiteModel) GetAllUser(userId int64) ([]models.Website, error) {
+	return []models.Website{mockWebsite}, nil
+}
+
+func (m *WebsiteModel) GetById(id int64) (models.Website, error) {
+	switch id {
+	case 1:
+		return mockWebsite, nil
+	default:
+		return models.Website{}, models.ErrNoRecord
+	}
+}
+
+func (m *WebsiteModel) GetAll() ([]models.Website, error) {
+	return []models.Website{mockWebsite}, nil
+}
+
+func (m *WebsiteModel) InitializeSettingsMap() error {
+	return nil
+}
+
+func (m *WebsiteModel) UpdateGuestbookSettings(guestbookId int64, settings models.GuestbookSettings) error {
+	return nil
+}
+
+func (m *WebsiteModel) UpdateSetting(guestbookId int64, setting models.Setting, value string) error {
+	return nil
+}

internal/models/settings.go

@@ -0,0 +1,165 @@
+package models
+
+import (
+	"strconv"
+	"time"
+)
+
+type SettingGroup struct {
+	id          int
+	description string
+}
+
+func (g *SettingGroup) Id() int {
+	return g.id
+}
+
+func (g *SettingGroup) Description() string {
+	return g.description
+}
+
+const (
+	SETTING_GROUP_USER      = "user"
+	SETTING_GROUP_GUESTBOOK = "guestbook"
+)
+
+type SettingDataType struct {
+	id          int
+	description string
+}
+
+func (d *SettingDataType) Id() int {
+	return d.id
+}
+
+func (d *SettingDataType) Description() string {
+	return d.description
+}
+
+const (
+	SETTING_TYPE_INTEGER = "integer"
+	SETTING_TYPE_STRING  = "alphanumeric"
+	SETTING_TYPE_DATE    = "datetime"
+	SETTING_TYPE_BOOL    = "boolean"
+)
+
+type Setting struct {
+	id           int
+	description  string
+	constrained  bool
+	dataType     SettingDataType
+	settingGroup SettingGroup
+	minValue     string
+	maxValue     string
+}
+
+func (s *Setting) Id() int {
+	return s.id
+}
+
+func (s *Setting) Description() string {
+	return s.description
+}
+
+func (s *Setting) Constrained() bool {
+	return s.constrained
+}
+
+func (s *Setting) DataType() SettingDataType {
+	return s.dataType
+}
+
+func (s *Setting) SettingGroup() SettingGroup {
+	return s.settingGroup
+}
+
+func (s *Setting) MinValue() string {
+	return s.minValue
+}
+
+func (s *Setting) MaxValue() string {
+	return s.maxValue
+}
+
+func (s *Setting) Validate(value string) bool {
+	switch s.dataType.description {
+	case SETTING_TYPE_INTEGER:
+		return s.validateInt(value)
+	case SETTING_TYPE_STRING:
+		return s.validateAlphanum(value)
+	case SETTING_TYPE_DATE:
+		return s.validateDatetime(value)
+	case SETTING_TYPE_BOOL:
+		return s.validateBool(value)
+	}
+	return false
+}
+
+func (s *Setting) validateInt(value string) bool {
+	v, err := strconv.ParseInt(value, 10, 0)
+	if err != nil {
+		return false
+	}
+	var min int64
+	var max int64
+	if len(s.minValue) > 0 {
+		min, err = strconv.ParseInt(s.minValue, 10, 0)
+		if err != nil {
+			return false
+		}
+		if v < min {
+			return false
+		}
+	}
+	if len(s.maxValue) > 0 {
+		max, err = strconv.ParseInt(s.maxValue, 10, 0)
+		if err != nil {
+			return false
+		}
+		if v < max {
+			return false
+		}
+	}
+	return true
+}
+
+func (s *Setting) validateDatetime(value string) bool {
+	v, err := time.Parse(time.RFC3339, value)
+	if err != nil {
+		return false
+	}
+	var min time.Time
+	var max time.Time
+
+	if len(s.minValue) > 0 {
+		min, err = time.Parse(time.RFC3339, s.minValue)
+		if err != nil {
+			return false
+		}
+		if v.Before(min) {
+			return false
+		}
+	}
+	if len(s.maxValue) > 0 {
+		max, err = time.Parse(time.RFC3339, s.maxValue)
+		if err != nil {
+			return false
+		}
+		if v.After(max) {
+			return false
+		}
+	}
+	return false
+}
+
+func (s *Setting) validateAlphanum(value string) bool {
+	return len(value) >= 0
+}
+
+func (s *Setting) validateBool(value string) bool {
+	_, err := strconv.ParseBool(value)
+	if err != nil {
+		return false
+	}
+	return true
+}

internal/models/user.go

@@ -0,0 +1,309 @@
+package models
+
+import (
+	"database/sql"
+	"errors"
+	"strings"
+	"time"
+
+	"github.com/mattn/go-sqlite3"
+	"golang.org/x/crypto/bcrypt"
+)
+
+type UserSettings struct {
+	LocalTimezone *time.Location
+}
+
+const (
+	SettingUserTimezone = "local_timezone"
+)
+
+type User struct {
+	ID             int64
+	ShortId        uint64
+	Username       string
+	Email          string
+	Deleted        bool
+	IsBanned       bool
+	HashedPassword []byte
+	Created        time.Time
+	Settings       UserSettings
+}
+
+type UserModel struct {
+	DB       *sql.DB
+	Settings map[string]Setting
+}
+
+type UserModelInterface interface {
+	InitializeSettingsMap() error
+	Insert(shortId uint64, username string, email string, password string, settings UserSettings) error
+	Get(shortId uint64) (User, error)
+	GetById(id int64) (User, error)
+	GetAll() ([]User, error)
+	Authenticate(email, password string) (int64, error)
+	Exists(id int64) (bool, error)
+	UpdateUserSettings(userId int64, settings UserSettings) error
+	UpdateSetting(userId int64, setting Setting, value string) error
+}
+
+func (m *UserModel) InitializeSettingsMap() error {
+	if m.Settings == nil {
+		m.Settings = make(map[string]Setting)
+	}
+	stmt := `SELECT settings.Id, settings.Description, Constrained, d.Id, d.Description, g.Id, g.Description, MinValue, MaxValue
+        FROM settings
+        LEFT JOIN setting_data_types d ON settings.DataType = d.Id
+        LEFT JOIN setting_groups g ON settings.SettingGroup = g.Id
+        WHERE SettingGroup = (SELECT Id FROM setting_groups WHERE Description = 'user' LIMIT 1)`
+	result, err := m.DB.Query(stmt)
+	if err != nil {
+		return err
+	}
+	for result.Next() {
+		var s Setting
+		var mn sql.NullString
+		var mx sql.NullString
+		err := result.Scan(&s.id, &s.description, &s.constrained, &s.dataType.id, &s.dataType.description, &s.settingGroup.id, &s.settingGroup.description, &mn, &mx)
+		if mn.Valid {
+			s.minValue = mn.String
+		}
+		if mx.Valid {
+			s.maxValue = mx.String
+		}
+		if err != nil {
+			return err
+		}
+		m.Settings[s.description] = s
+	}
+	return nil
+}
+
+func (m *UserModel) Insert(shortId uint64, username string, email string, password string, settings UserSettings) error {
+	hashedPassword, err := bcrypt.GenerateFromPassword([]byte(password), 12)
+	if err != nil {
+		return err
+	}
+	stmt := `INSERT INTO users (ShortId, Username, Email, IsBanned, HashedPassword, Created)
+    VALUES (?, ?, ?, FALSE, ?, ?)`
+	tx, err := m.DB.Begin()
+	if err != nil {
+		return err
+	}
+	result, err := tx.Exec(stmt, shortId, username, email, hashedPassword, time.Now().UTC())
+	if err != nil {
+		if rollbackErr := tx.Rollback(); rollbackErr != nil {
+			return err
+		}
+		if sqliteError, ok := err.(sqlite3.Error); ok {
+			if sqliteError.ExtendedCode == 2067 && strings.Contains(sqliteError.Error(), "Email") {
+				return ErrDuplicateEmail
+			}
+		}
+		return err
+	}
+	id, err := result.LastInsertId()
+	if err != nil {
+		if rollbackErr := tx.Rollback(); rollbackErr != nil {
+			return err
+		}
+		return err
+	}
+	stmt = `INSERT INTO user_settings (UserId, SettingId, AllowedSettingValueId, UnconstrainedValue) 
+		VALUES (?, ?, ?, ?)`
+	_, err = tx.Exec(stmt, id, m.Settings[SettingUserTimezone].id, nil, settings.LocalTimezone.String())
+	if err != nil {
+		if rollbackErr := tx.Rollback(); rollbackErr != nil {
+			return err
+		}
+		return err
+	}
+	err = tx.Commit()
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (m *UserModel) Get(shortId uint64) (User, error) {
+	stmt := `SELECT Id, ShortId, Username, Email, Created FROM users WHERE ShortId = ? AND Deleted IS NULL`
+	tx, err := m.DB.Begin()
+	if err != nil {
+		return User{}, err
+	}
+	row := tx.QueryRow(stmt, shortId)
+	var u User
+	err = row.Scan(&u.ID, &u.ShortId, &u.Username, &u.Email, &u.Created)
+	if err != nil {
+		if rollbackErr := tx.Rollback(); rollbackErr != nil {
+			return User{}, err
+		}
+		if errors.Is(err, sql.ErrNoRows) {
+			return User{}, ErrNoRecord
+		}
+		return User{}, err
+	}
+	settings, err := m.getSettings(tx, u.ID)
+	if err != nil {
+		if rollbackErr := tx.Rollback(); rollbackErr != nil {
+			return User{}, err
+		}
+		return User{}, err
+	}
+	u.Settings = settings
+	err = tx.Commit()
+	if err != nil {
+		return User{}, err
+	}
+	return u, nil
+}
+
+func (m *UserModel) GetById(id int64) (User, error) {
+	stmt := `SELECT Id, ShortId, Username, Email, Created FROM users WHERE Id = ? AND Deleted IS NULL`
+	tx, err := m.DB.Begin()
+	if err != nil {
+		return User{}, err
+	}
+	row := tx.QueryRow(stmt, id)
+	var u User
+	err = row.Scan(&u.ID, &u.ShortId, &u.Username, &u.Email, &u.Created)
+	if err != nil {
+		if rollbackErr := tx.Rollback(); rollbackErr != nil {
+			return User{}, err
+		}
+		if errors.Is(err, sql.ErrNoRows) {
+			return User{}, ErrNoRecord
+		}
+		return User{}, err
+	}
+	settings, err := m.getSettings(tx, u.ID)
+	if err != nil {
+		if rollbackErr := tx.Rollback(); rollbackErr != nil {
+			return User{}, err
+		}
+		return User{}, err
+	}
+	u.Settings = settings
+	err = tx.Commit()
+	if err != nil {
+		return User{}, err
+	}
+	return u, nil
+}
+
+func (m *UserModel) GetAll() ([]User, error) {
+	stmt := `SELECT Id, ShortId, Username, Email, Created FROM users WHERE DELETED IS NULL`
+	rows, err := m.DB.Query(stmt)
+	if err != nil {
+		return nil, err
+	}
+	var users []User
+	for rows.Next() {
+		var u User
+		err = rows.Scan(&u.ID, &u.ShortId, &u.Username, &u.Email, &u.Created)
+		if err != nil {
+			return nil, err
+		}
+		users = append(users, u)
+	}
+	if err = rows.Err(); err != nil {
+		return nil, err
+	}
+	return users, nil
+}
+
+func (m *UserModel) Authenticate(email, password string) (int64, error) {
+	var id int64
+	var hashedPassword []byte
+
+	stmt := `SELECT Id, HashedPassword FROM users WHERE Email = ?`
+	err := m.DB.QueryRow(stmt, email).Scan(&id, &hashedPassword)
+	if err != nil {
+		if errors.Is(err, sql.ErrNoRows) {
+			return 0, ErrInvalidCredentials
+		} else {
+			return 0, err
+		}
+	}
+
+	err = bcrypt.CompareHashAndPassword(hashedPassword, []byte(password))
+	if err != nil {
+		if errors.Is(err, bcrypt.ErrMismatchedHashAndPassword) {
+			return 0, ErrInvalidCredentials
+		} else {
+			return 0, err
+		}
+	}
+
+	return id, nil
+}
+
+func (m *UserModel) Exists(id int64) (bool, error) {
+	var exists bool
+	stmt := `SELECT EXISTS(SELECT true FROM users WHERE Id = ? AND DELETED IS NULL)`
+	err := m.DB.QueryRow(stmt, id).Scan(&exists)
+	return exists, err
+}
+
+func (m *UserModel) getSettings(tx *sql.Tx, userId int64) (UserSettings, error) {
+	stmt := `SELECT u.SettingId, a.ItemValue, u.UnconstrainedValue FROM user_settings AS u
+			LEFT JOIN allowed_setting_values AS a ON u.AllowedSettingValueId = a.Id
+			WHERE UserId = ?`
+	var settings UserSettings
+	rows, err := tx.Query(stmt, userId)
+	if err != nil {
+		return settings, err
+	}
+	for rows.Next() {
+		var id int
+		var itemValue sql.NullString
+		var unconstrainedValue sql.NullString
+		err = rows.Scan(&id, &itemValue, &unconstrainedValue)
+		if err != nil {
+			return settings, err
+		}
+		switch id {
+		case m.Settings[SettingUserTimezone].id:
+			settings.LocalTimezone, err = time.LoadLocation(unconstrainedValue.String)
+			if err != nil {
+				panic(err)
+			}
+		}
+	}
+	return settings, err
+}
+
+func (m *UserModel) UpdateUserSettings(userId int64, settings UserSettings) error {
+	err := m.UpdateSetting(userId, m.Settings[SettingUserTimezone], settings.LocalTimezone.String())
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+func (m *UserModel) UpdateSetting(userId int64, setting Setting, value string) error {
+	valid := setting.Validate(value)
+	if !valid {
+		return ErrInvalidSettingValue
+	}
+	stmt := `UPDATE user_settings SET
+				AllowedSettingValueId=IFNULL(
+					(SELECT Id FROM allowed_setting_values WHERE SettingId = user_settings.SettingId AND ItemValue = ?), AllowedSettingValueId
+				),
+				UnconstrainedValue=(SELECT ? FROM settings WHERE settings.Id = user_settings.SettingId AND settings.Constrained=0)
+			WHERE userId = ?
+			AND SettingId = (SELECT Id from Settings WHERE Description=?);`
+	result, err := m.DB.Exec(stmt, value, value, userId, setting.description)
+	if err != nil {
+		return err
+	}
+	rows, err := result.RowsAffected()
+	if err != nil {
+		return err
+	}
+	if rows != 1 {
+		return ErrInvalidSettingValue
+	}
+	return nil
+}

internal/models/website.go

@@ -0,0 +1,388 @@
+package models
+
+import (
+	"database/sql"
+	"errors"
+	"net/url"
+	"strconv"
+	"time"
+)
+
+type Website struct {
+	ID      int64
+	ShortId uint64
+	Name    string
+	// SiteUrl    string
+	Url        *url.URL
+	AuthorName string
+	UserId     int64
+	Created    time.Time
+	Deleted    time.Time
+	Guestbook  Guestbook
+}
+
+type GuestbookSettings struct {
+	IsCommentingEnabled   bool
+	ReenableCommenting    time.Time
+	IsVisible             bool
+	FilteredWords         []string
+	AllowRemoteHostAccess bool
+}
+
+var ValidDisableDurations = []string{"true", "false", "1h", "4h", "8h", "24h", "72h", "168h"}
+
+const (
+	SettingGbCommentingEnabled = "commenting_enabled"
+	SettingGbReenableComments  = "reenable_comments"
+	SettingGbVisible           = "is_visible"
+	SettingGbFilteredWords     = "filtered_words"
+	SettingGbAllowRemote       = "remote_enabled"
+)
+
+type Guestbook struct {
+	ID        int64
+	ShortId   uint64
+	UserId    int64
+	WebsiteId int64
+	Created   time.Time
+	Deleted   time.Time
+	IsActive  bool
+	Settings  GuestbookSettings
+}
+
+func (g Guestbook) CanComment() bool {
+	now := time.Now().UTC()
+	return g.Settings.IsCommentingEnabled && g.Settings.ReenableCommenting.Before(now)
+}
+
+type WebsiteModel struct {
+	DB       *sql.DB
+	Settings map[string]Setting
+}
+
+func (m *WebsiteModel) InitializeSettingsMap() error {
+	if m.Settings == nil {
+		m.Settings = make(map[string]Setting)
+	}
+	stmt := `SELECT settings.Id, settings.Description, Constrained, d.Id, d.Description, g.Id, g.Description, MinValue, MaxValue
+        FROM settings
+        LEFT JOIN setting_data_types d ON settings.DataType = d.Id
+        LEFT JOIN setting_groups g ON settings.SettingGroup = g.Id
+        WHERE SettingGroup = (SELECT Id FROM setting_groups WHERE Description = 'guestbook' LIMIT 1)`
+	result, err := m.DB.Query(stmt)
+	if err != nil {
+		return err
+	}
+	for result.Next() {
+		var s Setting
+		var mn sql.NullString
+		var mx sql.NullString
+		err := result.Scan(&s.id, &s.description, &s.constrained, &s.dataType.id, &s.dataType.description, &s.settingGroup.id, &s.settingGroup.description, &mn, &mx)
+		if mn.Valid {
+			s.minValue = mn.String
+		}
+		if mx.Valid {
+			s.maxValue = mx.String
+		}
+		if err != nil {
+			return err
+		}
+		m.Settings[s.description] = s
+	}
+	return nil
+}
+
+type WebsiteModelInterface interface {
+	Insert(shortId uint64, userId int64, siteName, siteUrl, authorName string) (int64, error)
+	Get(shortId uint64) (Website, error)
+	GetAllUser(userId int64) ([]Website, error)
+	GetAll() ([]Website, error)
+	InitializeSettingsMap() error
+	UpdateGuestbookSettings(guestbookId int64, settings GuestbookSettings) error
+	UpdateSetting(guestbookId int64, setting Setting, value string) error
+}
+
+func (m *WebsiteModel) Insert(shortId uint64, userId int64, siteName, siteUrl, authorName string) (int64, error) {
+	stmt := `INSERT INTO websites (ShortId, Name, SiteUrl, AuthorName, UserId, Created)
+			VALUES (?, ?, ?, ?, ?, ?)`
+	tx, err := m.DB.Begin()
+	if err != nil {
+		return -1, err
+	}
+
+	result, err := tx.Exec(stmt, shortId, siteName, siteUrl, authorName, userId, time.Now().UTC())
+	// result, err := m.DB.Exec(stmt, shortId, siteName, siteUrl, authorName, userId, time.Now().UTC())
+	if err != nil {
+		if rollbackError := tx.Rollback(); rollbackError != nil {
+			return -1, err
+		}
+		return -1, err
+	}
+	websiteId, err := result.LastInsertId()
+	if err != nil {
+		if rollbackError := tx.Rollback(); rollbackError != nil {
+			return -1, err
+		}
+		return -1, err
+	}
+
+	stmt = `INSERT INTO guestbooks (ShortId, UserId, WebsiteId, Created, IsActive)
+    VALUES(?, ?, ?, ?, TRUE)`
+	result, err = tx.Exec(stmt, shortId, userId, websiteId, time.Now().UTC())
+	if err != nil {
+		if rollbackError := tx.Rollback(); rollbackError != nil {
+			return -1, err
+		}
+		return -1, err
+	}
+	guestbookId, err := result.LastInsertId()
+	if err != nil {
+		if rollbackError := tx.Rollback(); rollbackError != nil {
+			return -1, err
+		}
+		return -1, err
+	}
+
+	settings := GuestbookSettings{
+		IsCommentingEnabled:   true,
+		IsVisible:             true,
+		AllowRemoteHostAccess: true,
+	}
+	stmt = `INSERT INTO guestbook_settings (GuestbookId, SettingId, AllowedSettingValueId, UnconstrainedValue) VALUES 
+	(?, ?, ?, ?),
+	(?, ?, ?, ?),
+	(?, ?, ?, ?),
+	(?, ?, ?, ?)`
+	_, err = tx.Exec(stmt,
+		guestbookId, m.Settings[SettingGbCommentingEnabled].id, settings.IsCommentingEnabled, nil,
+		guestbookId, m.Settings[SettingGbReenableComments].id, nil, settings.ReenableCommenting.Format(time.RFC3339),
+		guestbookId, m.Settings[SettingGbVisible].id, settings.IsVisible, nil,
+		guestbookId, m.Settings[SettingGbAllowRemote].id, settings.AllowRemoteHostAccess, nil)
+	if err != nil {
+		if rollbackError := tx.Rollback(); rollbackError != nil {
+			return -1, err
+		}
+		return -1, err
+	}
+
+	if err := tx.Commit(); err != nil {
+		return -1, err
+	}
+	return websiteId, nil
+}
+
+func (m *WebsiteModel) Get(shortId uint64) (Website, error) {
+	stmt := `SELECT w.Id, w.ShortId, w.Name, w.SiteUrl, w.AuthorName, w.UserId, w.Created
+	FROM websites AS w
+	WHERE w.ShortId = ? AND w.DELETED IS NULL`
+	tx, err := m.DB.Begin()
+	if err != nil {
+		return Website{}, nil
+	}
+	row := tx.QueryRow(stmt, shortId)
+	var w Website
+	var u string
+	err = row.Scan(&w.ID, &w.ShortId, &w.Name, &u, &w.AuthorName, &w.UserId, &w.Created)
+	if err != nil {
+		if errors.Is(err, sql.ErrNoRows) {
+			err = ErrNoRecord
+		}
+		if rollbackErr := tx.Rollback(); rollbackErr != nil {
+			return Website{}, err
+		}
+		return Website{}, err
+	}
+	w.Url, err = url.Parse(u)
+	if err != nil {
+		return Website{}, err
+	}
+
+	stmt = `SELECT Id, ShortId, UserId, WebsiteId, Created, IsActive FROM guestbooks
+    WHERE WebsiteId = ? AND Deleted IS NULL`
+	row = tx.QueryRow(stmt, w.ID)
+	var g Guestbook
+	err = row.Scan(&g.ID, &g.ShortId, &g.UserId, &g.WebsiteId, &g.Created, &g.IsActive)
+	if err != nil {
+		if errors.Is(err, sql.ErrNoRows) {
+			err = ErrNoRecord
+		}
+		if rollbackErr := tx.Rollback(); rollbackErr != nil {
+			return Website{}, err
+		}
+		return Website{}, err
+	}
+
+	gbSettings, err := m.getGuestbookSettings(tx, g.ID)
+	if err != nil {
+		if errors.Is(err, sql.ErrNoRows) {
+			err = ErrNoRecord
+		}
+		if rollbackErr := tx.Rollback(); rollbackErr != nil {
+			return Website{}, err
+		}
+		return Website{}, err
+	}
+
+	err = tx.Commit()
+	if err != nil {
+		return Website{}, nil
+	}
+
+	// if comment disable setting has expired, enable commenting
+	commentingReenabled := time.Now().UTC().After(gbSettings.ReenableCommenting)
+	if commentingReenabled {
+		gbSettings.IsCommentingEnabled = true
+	}
+
+	g.Settings = gbSettings
+	w.Guestbook = g
+	return w, nil
+}
+
+func (m *WebsiteModel) GetAllUser(userId int64) ([]Website, error) {
+	stmt := `SELECT w.Id, w.ShortId, w.Name, w.SiteUrl, w.AuthorName, w.UserId, w.Created, 
+	g.Id, g.ShortId, g.Created, g.IsActive
+	FROM websites AS w INNER JOIN guestbooks AS g ON w.Id = g.WebsiteId
+	WHERE w.UserId = ?`
+	rows, err := m.DB.Query(stmt, userId)
+	if err != nil {
+		return nil, err
+	}
+	var websites []Website
+	for rows.Next() {
+		var w Website
+		var u string
+		err := rows.Scan(&w.ID, &w.ShortId, &w.Name, &u, &w.AuthorName, &w.UserId, &w.Created,
+			&w.Guestbook.ID, &w.Guestbook.ShortId, &w.Guestbook.Created, &w.Guestbook.IsActive)
+		if err != nil {
+			return nil, err
+		}
+		w.Url, err = url.Parse(u)
+		if err != nil {
+			return nil, err
+		}
+		websites = append(websites, w)
+	}
+	if err = rows.Err(); err != nil {
+		return nil, err
+	}
+	return websites, nil
+}
+
+func (m *WebsiteModel) GetAll() ([]Website, error) {
+	stmt := `SELECT w.Id, w.ShortId, w.Name, w.SiteUrl, w.AuthorName, w.UserId, w.Created, 
+	g.Id, g.ShortId, g.Created, g.IsActive
+	FROM websites AS w INNER JOIN guestbooks AS g ON w.Id = g.WebsiteId`
+	rows, err := m.DB.Query(stmt)
+	if err != nil {
+		return nil, err
+	}
+	var websites []Website
+	for rows.Next() {
+		var w Website
+		var u string
+		err := rows.Scan(&w.ID, &w.ShortId, &w.Name, &u, &w.AuthorName, &w.UserId, &w.Created,
+			&w.Guestbook.ID, &w.Guestbook.ShortId, &w.Guestbook.Created, &w.Guestbook.IsActive)
+		if err != nil {
+			return nil, err
+		}
+		w.Url, err = url.Parse(u)
+		if err != nil {
+			return nil, err
+		}
+		websites = append(websites, w)
+	}
+	if err = rows.Err(); err != nil {
+		return nil, err
+	}
+	return websites, nil
+}
+
+func (m *WebsiteModel) getGuestbookSettings(tx *sql.Tx, guestbookId int64) (GuestbookSettings, error) {
+	stmt := `SELECT g.SettingId, a.ItemValue, g.UnconstrainedValue FROM guestbook_settings AS g
+			LEFT JOIN allowed_setting_values AS a ON g.AllowedSettingValueId = a.Id
+			WHERE GuestbookId = ?`
+	var settings GuestbookSettings
+	rows, err := tx.Query(stmt, guestbookId)
+	if err != nil {
+		return settings, err
+	}
+	for rows.Next() {
+		var id int
+		var itemValue sql.NullString
+		var unconstrainedValue sql.NullString
+		err = rows.Scan(&id, &itemValue, &unconstrainedValue)
+		if err != nil {
+			return settings, err
+		}
+		switch id {
+		case m.Settings[SettingGbCommentingEnabled].id:
+			settings.IsCommentingEnabled, err = strconv.ParseBool(itemValue.String)
+			if err != nil {
+				return settings, err
+			}
+			break
+		case m.Settings[SettingGbReenableComments].id:
+			settings.ReenableCommenting, err = time.Parse(time.RFC3339, unconstrainedValue.String)
+			if err != nil {
+				return settings, err
+			}
+			break
+		case m.Settings[SettingGbVisible].id:
+			settings.IsVisible, err = strconv.ParseBool(itemValue.String)
+			if err != nil {
+				return settings, err
+			}
+			break
+		case m.Settings[SettingGbAllowRemote].id:
+			settings.AllowRemoteHostAccess, err = strconv.ParseBool(itemValue.String)
+			if err != nil {
+				return settings, err
+			}
+			break
+		}
+	}
+	return settings, nil
+}
+
+func (m *WebsiteModel) UpdateGuestbookSettings(guestbookId int64, settings GuestbookSettings) error {
+	err := m.UpdateSetting(guestbookId, m.Settings[SettingGbVisible], strconv.FormatBool(settings.IsVisible))
+	if err != nil {
+		return err
+	}
+	err = m.UpdateSetting(guestbookId, m.Settings[SettingGbAllowRemote], strconv.FormatBool(settings.AllowRemoteHostAccess))
+	if err != nil {
+		return err
+	}
+	err = m.UpdateSetting(guestbookId, m.Settings[SettingGbCommentingEnabled], strconv.FormatBool(settings.IsCommentingEnabled))
+	if err != nil {
+		return err
+	}
+	err = m.UpdateSetting(guestbookId, m.Settings[SettingGbReenableComments], settings.ReenableCommenting.Format(time.RFC3339))
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+func (m *WebsiteModel) UpdateSetting(guestbookId int64, setting Setting, value string) error {
+	stmt := `UPDATE guestbook_settings SET
+				AllowedSettingValueId=IFNULL(
+					(SELECT Id FROM allowed_setting_values WHERE SettingId = guestbook_settings.SettingId AND ItemValue = ?), AllowedSettingValueId
+				), 
+				UnconstrainedValue=(SELECT ? FROM settings WHERE settings.Id = guestbook_settings.SettingId AND settings.Constrained=0)
+			WHERE GuestbookId = ?
+			AND SettingId = (SELECT Id from Settings WHERE Description=?);`
+	result, err := m.DB.Exec(stmt, value, value, guestbookId, setting.description)
+	if err != nil {
+		return err
+	}
+	rows, err := result.RowsAffected()
+	if err != nil {
+		return err
+	}
+	if rows != 1 {
+		return ErrInvalidSettingValue
+	}
+	return nil
+}

internal/validator/validator.go

@@ -0,0 +1,59 @@
+package validator
+
+import (
+	"regexp"
+	"slices"
+	"strings"
+	"unicode/utf8"
+)
+
+var EmailRX = regexp.MustCompile("^[a-zA-Z0-9.!#$%&'*+/=?^_`{|}~-]+@[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(?:\\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*$")
+var WebRX = regexp.MustCompile("^https?:\\/\\/")
+
+type Validator struct {
+	NonFieldErrors []string
+	FieldErrors    map[string]string
+}
+
+func (v *Validator) Valid() bool {
+	return len(v.FieldErrors) == 0 && len(v.NonFieldErrors) == 0
+}
+
+func (v *Validator) AddFieldError(key, message string) {
+	if v.FieldErrors == nil {
+		v.FieldErrors = make(map[string]string)
+	}
+	if _, exists := v.FieldErrors[key]; !exists {
+		v.FieldErrors[key] = message
+	}
+}
+
+func (v *Validator) AddNonFieldError(message string) {
+	v.NonFieldErrors = append(v.NonFieldErrors, message)
+}
+
+func (v *Validator) CheckField(ok bool, key, message string) {
+	if !ok {
+		v.AddFieldError(key, message)
+	}
+}
+
+func NotBlank(value string) bool {
+	return strings.TrimSpace(value) != ""
+}
+
+func MaxChars(value string, n int) bool {
+	return utf8.RuneCountInString(value) <= n
+}
+
+func PermittedValue[T comparable](value T, permittedValues ...T) bool {
+	return slices.Contains(permittedValues, value)
+}
+
+func MinChars(value string, n int) bool {
+	return utf8.RuneCountInString(value) >= n
+}
+
+func Matches(value string, rx *regexp.Regexp) bool {
+	return rx.MatchString(value)
+}

migrations/000001_create_users_table.down.sql

@@ -0,0 +1,2 @@
+DROP TABLE users;
+DROP TABLE sessions;

migrations/000001_create_users_table.up.sql

@@ -0,0 +1,16 @@
+CREATE TABLE users (
+    Id integer primary key autoincrement,
+    ShortId integer UNIQUE NOT NULL,
+    Username varchar(32) NOT NULL,
+    Email varchar(256) UNIQUE NOT NULL,
+    Deleted datetime,
+    IsBanned boolean NOT NULL DEFAULT FALSE,
+    HashedPassword char(60) NOT NULL,
+    Created datetime NOT NULL
+);
+
+CREATE TABLE sessions (
+    token CHAR(43) primary key,
+    data BLOB NOT NULL,
+    expiry TEXT NOT NULL
+);

migrations/000002_create_websites_table.down.sql

@@ -0,0 +1,3 @@
+DROP TABLE IF EXISTS guestbook_comments;
+DROP TABLE IF EXISTS guestbooks;
+DROP TABLE IF EXISTS websites;

migrations/000002_create_websites_table.up.sql

@@ -0,0 +1,52 @@
+CREATE TABLE websites (
+    Id integer primary key autoincrement,
+    ShortId integer UNIQUE NOT NULL,
+    Name varchar(256) NOT NULL,
+    SiteUrl varchar(512) NOT NULL,
+    AuthorName varchar(512) NOT NULL,
+    UserId integer NOT NULL,
+    Created datetime NOT NULL,
+    Deleted datetime,
+    FOREIGN KEY (UserId) REFERENCES users(Id)
+        ON DELETE RESTRICT
+        ON UPDATE RESTRICT
+);
+
+CREATE TABLE guestbooks (
+    Id integer primary key autoincrement,
+    ShortId integer UNIQUE NOT NULL,
+    WebsiteId integer UNIQUE NOT NULL,
+    UserId integer NOT NULL,
+    Created datetime NOT NULL,
+    Deleted datetime,
+    IsActive boolean NOT NULL DEFAULT TRUE,
+    FOREIGN KEY (UserId) REFERENCES users(Id)
+        ON DELETE RESTRICT
+        ON UPDATE RESTRICT
+    FOREIGN KEY (WebsiteId) REFERENCES websites(Id)
+        ON DELETE RESTRICT
+        ON UPDATE RESTRICT
+);
+
+CREATE TABLE guestbook_comments (
+    Id integer primary key autoincrement,
+    ShortId integer UNIQUE NOT NULL,
+    GuestbookId integer NOT NULL,
+    ParentId integer,
+    AuthorName varchar(256) NOT NULL,
+    AuthorEmail varchar(256) NOT NULL,
+    AuthorSite varchar(256),
+    CommentText text NOT NULL,
+    PageUrl varchar(256),
+    Created datetime NOT NULL,
+    IsPublished boolean NOT NULL DEFAULT TRUE,
+    Deleted datetime,
+    FOREIGN KEY (GuestbookId) 
+        REFERENCES guestbooks(Id)
+        ON DELETE RESTRICT
+        ON UPDATE RESTRICT,
+    FOREIGN KEY (ParentId)
+        REFERENCES guestbook_comments(Id)
+        ON DELETE RESTRICT
+        ON UPDATE RESTRICT
+);

migrations/000003_create_settings_tables.down.sql

@@ -0,0 +1,6 @@
+DROP TABLE IF EXISTS guestbook_settings;
+DROP TABLE IF EXISTS user_settings;
+DROP TABLE IF EXISTS allowed_setting_values;
+DROP TABLE IF EXISTS settings;
+DROP TABLE IF EXISTS setting_data_types;
+DROP TABLE IF EXISTS setting_groups;

migrations/000003_create_settings_tables.up.sql

@@ -0,0 +1,70 @@
+CREATE TABLE setting_groups (
+    Id integer primary key autoincrement,
+    Description varchar(256) NOT NULL
+);
+
+CREATE TABLE setting_data_types (
+    Id integer primary key autoincrement,
+    Description varchar(64) NOT NULL
+);
+
+CREATE TABLE settings (
+    Id integer primary key autoincrement,
+    Description varchar(256) NOT NULL,
+    Constrained boolean NOT NULL,
+    DataType integer NOT NULL,
+    SettingGroup int NOT NULL,
+    MinValue varchar(6),
+    MaxValue varchar(6),
+    FOREIGN KEY (DataType) REFERENCES setting_data_types(Id)
+        ON DELETE RESTRICT
+        ON UPDATE RESTRICT,
+    FOREIGN KEY (SettingGroup) REFERENCES setting_groups(Id)
+        ON DELETE RESTRICT
+        ON UPDATE RESTRICT
+);
+
+CREATE TABLE allowed_setting_values (
+    Id integer primary key autoincrement,
+    SettingId integer NOT NULL,
+    ItemValue varchar(256),
+    Caption varchar(256),
+    FOREIGN KEY (SettingId) REFERENCES settings(Id)
+        ON DELETE RESTRICT
+        ON UPDATE RESTRICT
+);
+
+CREATE TABLE user_settings (
+    Id integer primary key autoincrement,
+    UserId integer NOT NULL,
+    SettingId integer NOT NULL,
+    AllowedSettingValueId integer,
+    UnconstrainedValue varchar(256),
+    FOREIGN KEY (UserId) REFERENCES users(Id)
+        ON DELETE RESTRICT
+        ON UPDATE RESTRICT,
+    FOREIGN KEY (SettingId) REFERENCES settings(Id)
+        ON DELETE RESTRICT
+        ON UPDATE RESTRICT,
+    FOREIGN KEY (AllowedSettingValueId) REFERENCES allowed_setting_values(Id)
+        ON DELETE RESTRICT
+        ON UPDATE RESTRICT
+);
+
+CREATE TABLE guestbook_settings (
+    Id integer primary key autoincrement,
+    GuestbookId integer NOT NULL,
+    SettingId integer NOT NULL,
+    AllowedSettingValueId integer,
+    UnconstrainedValue varchar(256),
+    FOREIGN KEY (GuestbookId) REFERENCES guestbooks(Id)
+        ON DELETE RESTRICT
+        ON UPDATE RESTRICT,
+    FOREIGN KEY (SettingId) REFERENCES settings(Id)
+        ON DELETE RESTRICT
+        ON UPDATE RESTRICT,
+    FOREIGN KEY (AllowedSettingValueId) REFERENCES allowed_setting_values(Id)
+        ON DELETE RESTRICT
+        ON UPDATE RESTRICT
+);
+

migrations/000004_insert_settings_info.down.sql

@@ -0,0 +1,20 @@
+DELETE FROM settings WHERE Description='remote_enabled';
+DELETE FROM settings WHERE Description='is_visible';
+DELETE FROM settings WHERE Description='reenable_comments';
+DELETE FROM settings WHERE Description='commenting_enabled';
+DELETE FROM settings WHERE Description='local_timezone';
+
+DELETE FROM setting_data_types WHERE Description='boolean';
+DELETE FROM setting_data_types WHERE Description='datetime';
+DELETE FROM setting_data_types WHERE Description='integer';
+DELETE FROM setting_data_types WHERE Description='alphanumeric';
+
+DELETE FROM setting_groups WHERE Description='user';
+DELETE FROM setting_groups WHERE Description='guestbook';
+
+DELETE FROM allowed_setting_values WHERE Caption='commenting_enabled';
+DELETE FROM allowed_setting_values WHERE Caption='commenting_disabled';
+DELETE FROM allowed_setting_values WHERE Caption='guestbook_visible';
+DELETE FROM allowed_setting_values WHERE Caption='guestbook_invisible';
+DELETE FROM allowed_setting_values WHERE Caption='remote_enabled';
+DELETE FROM allowed_setting_values WHERE Caption='remote_disabled';

migrations/000004_insert_settings_info.up.sql

@@ -0,0 +1,40 @@
+INSERT INTO setting_groups (Description) VALUES ('guestbook');
+INSERT INTO setting_groups (Description) VALUES ('user');
+
+INSERT INTO setting_data_types (Description) VALUES ('alphanumeric');
+INSERT INTO setting_data_types (Description) VALUES ('integer');
+INSERT INTO setting_data_types (Description) VALUES ('datetime');
+INSERT INTO setting_data_types (Description) VALUES ('boolean');
+
+INSERT INTO settings (Description, Constrained, DataType, SettingGroup)
+    SELECT 'local_timezone', 0, t.id, g.id FROM setting_data_types as t INNER JOIN setting_groups AS g WHERE g.Description='user' AND t.Description='alphanumeric';
+
+INSERT INTO settings (Description, Constrained, DataType, SettingGroup)
+    SELECT 'commenting_enabled', 1, t.id, g.id FROM setting_data_types as t INNER JOIN setting_groups AS g WHERE g.Description='guestbook' AND t.Description='boolean';
+
+INSERT INTO allowed_setting_values (SettingId, ItemValue, Caption)
+    SELECT settings.id, 'true', 'commenting_enabled' FROM settings WHERE settings.Description='commenting_enabled';
+
+INSERT INTO allowed_setting_values (SettingId, ItemValue, Caption)
+    SELECT settings.id, 'false', 'commenting_disabled' FROM settings WHERE settings.Description='commenting_enabled';
+
+INSERT INTO settings (Description, Constrained, DataType, SettingGroup)
+    SELECT 'reenable_comments', 0, t.id, g.id FROM setting_data_types as t INNER JOIN setting_groups as g WHERE g.Description='guestbook' AND t.Description='alphanumeric';
+
+INSERT INTO settings (Description, Constrained, DataType, SettingGroup)
+    SELECT 'is_visible', 1, t.id, g.id FROM setting_data_types as t INNER JOIN setting_groups as g WHERE g.Description='guestbook' AND t.Description='boolean';
+
+INSERT INTO allowed_setting_values (SettingId, ItemValue, Caption)
+    SELECT settings.id, 'true', 'guestbook_visible' FROM settings WHERE settings.Description='is_visible';
+
+INSERT INTO allowed_setting_values (SettingId, ItemValue, Caption)
+    SELECT settings.id, 'false', 'guestbook_invisible' FROM settings WHERE settings.Description='is_visible';
+
+INSERT INTO settings (Description, Constrained, DataType, SettingGroup)
+    SELECT 'remote_enabled', 1, t.id, g.id FROM setting_data_types as t INNER JOIN setting_groups as g WHERE g.Description='guestbook' AND t.Description='boolean';
+
+INSERT INTO allowed_setting_values (SettingId, ItemValue, Caption)
+    SELECT settings.id, 'true', 'remote_enabled' FROM settings WHERE settings.Description='remote_enabled';
+
+INSERT INTO allowed_setting_values (SettingId, ItemValue, Caption)
+    SELECT settings.id, 'false', 'remote_disabled' FROM settings WHERE settings.Description='remote_enabled';

migrations/000005_normalize_site_urls.down.sql

@@ -0,0 +1 @@
+UPDATE websites SET SiteUrl = substr(SiteUrl, 8) WHERE substr(SiteUrl, 1, 4) = 'http';

migrations/000005_normalize_site_urls.up.sql

@@ -0,0 +1 @@
+UPDATE websites SET SiteUrl = 'http://' || SiteUrl WHERE substr(SiteUrl, 1, 4) <> 'http';

ui/efs.go

@@ -0,0 +1,6 @@
+package ui
+
+import "embed"
+
+//go:embed "static"
+var Files embed.FS

ui/static/css/style.css

@@ -0,0 +1,86 @@
+/* html {
+  background: lightgray;
+} */
+
+body {
+  max-width: 1024px;
+  margin: 1rem auto;
+  padding: 1rem;
+  /* background: white; */
+  font-size: 1.2rem;
+  line-height: 1.5;
+  font-family: Arial, Helvetica, sans-serif;
+}
+
+header {
+  text-align: center;
+}
+
+body > nav {
+  display: flex;
+  justify-content: space-between;
+}
+
+body > nav ul {
+  list-style: none;
+  margin: 0 1rem;
+  padding: 0;
+}
+
+body > nav li {
+  display: inline-block;
+  padding: 0 0.5rem;
+}
+
+nav form {
+  display: inline-block;
+}
+
+nav button {
+  border: none;
+  background: none;
+  font-family: unset;
+  font-size: unset;
+  /* color: blue; */
+  /* text-decoration: underline; */
+  cursor: pointer;
+}
+
+main {
+  padding: 1rem;
+}
+
+div#dashboard {
+  display: flex;
+  flex-flow: row wrap;
+}
+
+div#dashboard nav {
+  flex: 1 1 25%;
+  margin-top: 2rem;
+  min-width: 0;
+}
+
+div#dashboard > div {
+  flex: 10 1 40%;
+  min-width: 0;
+}
+
+div > pre {
+    max-width: 100%;
+    overflow: auto;
+}
+
+main nav ul {
+  list-style: none;
+  margin: 1rem;
+  padding: 0;
+}
+
+footer {
+  text-align: center;
+}
+
+a {
+  /* color: blue; */
+}

ui/static/js/guestbook.js

@@ -0,0 +1,177 @@
+class GuestbookForm extends HTMLElement {
+    static get observedAttributes() {
+        return ['guestbook'];
+    }
+
+    constructor() {
+        super();
+        this.attachShadow({ mode: 'open' });
+        this._guestbook = this.getAttribute('guestbook') || '';
+        this._postUrl = `${this._guestbook}/comments/create/remote`
+        this.render();
+    }
+
+    attributeChangedCallback(name, oldValue, newValue) {
+        if (name === 'guestbook') {
+            this._guestbook = newValue;
+            this.render();
+        }
+    }
+
+    render() {
+        this.shadowRoot.innerHTML = `
+      <style>
+        form div {
+          margin-bottom: 0.75em;
+        }
+        label {
+          display: block;
+          font-weight: bold;
+          margin-bottom: 0.25em;
+        }
+        input[type="text"], textarea {
+          width: 100%;
+          box-sizing: border-box;
+        }
+        input[type="submit"] {
+          font-size: 1em;
+          padding: 0.5em 1em;
+        }
+      </style>
+      <form action="${this._postUrl}" method="post">
+        <div>
+          <label for="authorname">Name</label>
+          <input type="text" name="authorname" id="authorname"/>
+        </div>
+        <div>
+          <label for="authoremail">Email (Optional)</label>
+          <input type="text" name="authoremail" id="authoremail"/>
+        </div>
+        <div>
+          <label for="authorsite">Site Url (Optional)</label>
+          <input type="text" name="authorsite" id="authorsite"/>
+        </div>
+        <div>
+          <label for="content">Comment</label>
+          <textarea name="content" id="content"></textarea>
+        </div>
+        <div>
+          <input type="hidden" value="${window.location.pathname}" name="redirect" id="redirect" />
+        </div>
+        <div>
+          <input type="submit" value="Submit"/>
+        </div>
+      </form>
+    `;
+    }
+}
+
+class CommentList extends HTMLElement {
+    static get observedAttributes() {
+        return ['guestbook'];
+    }
+
+    constructor() {
+        super();
+        this.attachShadow({ mode: 'open' });
+        this.comments = [];
+        this.loading = false;
+        this.error = null;
+    }
+
+    connectedCallback() {
+        if (this.hasAttribute('guestbook')) {
+            this.fetchComments();
+        }
+    }
+
+    attributeChangedCallback(name, oldValue, newValue) {
+        if (name === 'guestbook' && oldValue !== newValue) {
+            this.fetchComments();
+        }
+    }
+
+    async fetchComments() {
+        const guestbook = this.getAttribute('guestbook');
+        if (!guestbook) return;
+        this.loading = true;
+        this.error = null;
+        this.render();
+
+        const commentsUrl = `${guestbook}/comments`
+
+        try {
+            const response = await fetch(commentsUrl);
+            if (!response.ok) throw new Error(`HTTP error: ${response.status}`);
+            const data = await response.json();
+            this.comments = Array.isArray(data) ? data : [];
+            this.loading = false;
+            this.render();
+        } catch (err) {
+            this.error = err.message;
+            this.loading = false;
+            this.render();
+        }
+    }
+
+    formatDate(isoString) {
+        if (!isoString) return '';
+        const date = new Date(isoString);
+        return date.toLocaleString();
+    }
+
+    render() {
+        this.shadowRoot.innerHTML = `
+      <style>
+        .comment-list {
+          font-family: Arial, sans-serif;
+          border: 1px solid #ddd;
+          border-radius: 6px;
+          padding: 1em;
+          background: #fafafa;
+        }
+        .comment {
+          border-bottom: 1px solid #eee;
+          padding: 0.7em 0;
+        }
+        .comment:last-child {
+          border-bottom: none;
+        }
+        .author {
+          font-weight: bold;
+          margin-right: 1em;
+        }
+        .timestamp {
+          color: #888;
+          font-size: 0.85em;
+        }
+        .text {
+          margin: 0.2em 0 0 0;
+        }
+        .error {
+          color: red;
+        }
+      </style>
+      <div class="comment-list">
+        ${this.loading
+                ? `<div>Loading comments...</div>`
+                : this.error
+                    ? `<div class="error">Error: ${this.error}</div>`
+                    : this.comments.length === 0
+                        ? `<div>No comments found.</div>`
+                        : this.comments.map(comment => `
+                  <div class="comment">
+                    <span class="author">${comment.AuthorName || 'Unknown Author'}</span>
+                    <span class="timestamp">${this.formatDate(comment.Created)}</span>
+                    <div class="text">${comment.CommentText || ''}</div>
+                  </div>
+                `).join('')
+            }
+      </div>
+    `;
+    }
+}
+
+customElements.define('guestbook-form', GuestbookForm);
+customElements.define('guestbook-comments', CommentList);
+

ui/static/js/main.js

@@ -0,0 +1,13 @@
+
+const convertDates = () => {
+    const dates = document.getElementsByTagName("time")
+    for (let i = 0; i < dates.length; i++) {
+        const e = dates.item(i)
+        const d = e.attributes.getNamedItem("datetime").value
+        const dt = new Date(Date.parse(d))
+        const localtime = dt.toLocaleString("en-US", { "year": "numeric", "month": "short", "day": "numeric", "hour": "numeric", "minute": "numeric", "timeZoneName": "short"})
+        e.innerText = localtime
+    }
+}
+
+convertDates()

ui/views/common.templ

@@ -0,0 +1,90 @@
+package views
+
+import "git.32bit.cafe/32bitcafe/guestbook/internal/models"
+import "strconv"
+import "fmt"
+import "strings"
+
+type CommonData struct {
+	CurrentYear     int
+	Flash           string
+	IsAuthenticated bool
+	CSRFToken       string
+	CurrentUser     *models.User
+	IsHtmx          bool
+}
+
+func shortIdToSlug(shortId uint64) string {
+	return strconv.FormatUint(shortId, 36)
+}
+
+func slugToShortId(slug string) uint64 {
+	id, _ := strconv.ParseUint(slug, 36, 64)
+	return id
+}
+
+func externalUrl(url string) string {
+	if !strings.HasPrefix(url, "http") {
+		return "http://" + url
+	}
+	return url
+}
+
+templ commonHeader() {
+	<header>
+		<h1><a href="/">webweav.ing</a></h1>
+	</header>
+}
+
+templ topNav(data CommonData) {
+	{{ hxHeaders := fmt.Sprintf("{\"X-CSRF-Token\": \"%s\"}", data.CSRFToken) }}
+	<nav>
+		<div>
+			if data.IsAuthenticated {
+				Welcome, { data.CurrentUser.Username }
+			}
+		</div>
+		<div>
+			if data.IsAuthenticated {
+				<a href="/guestbooks">All Guestbooks</a> |
+				<a href="/websites">My Websites</a> | 
+				<a href="/users/settings">Settings</a> | 
+				<a href="#" hx-post="/users/logout" hx-headers={ hxHeaders }>Logout</a>
+			} else {
+				<a href="/users/register">Create an Account</a> | 
+				<a href="/users/login">Login</a>
+			}
+		</div>
+	</nav>
+}
+
+templ commonFooter() {
+	<footer>
+		<p>A <a href="https://32bit.cafe">32bit.cafe</a> Project</p>
+	</footer>
+}
+
+templ base(title string, data CommonData) {
+	<!DOCTYPE html>
+	<html lang="en">
+		<head>
+			<title>{ title } - webweav.ing</title>
+			<meta charset="UTF-8"/>
+			<meta name="viewport" content="width=device-width, initial-scale=1"/>
+			<link href="/static/css/classless.min.css" rel="stylesheet"/>
+			<link href="/static/css/style.css" rel="stylesheet"/>
+			<script src="/static/js/htmx.min.js"></script>
+		</head>
+		<body>
+			@commonHeader()
+			@topNav(data)
+			<main>
+				if data.Flash != "" {
+					<div class="flash">{ data.Flash }</div>
+				}
+				{ children... }
+			</main>
+			@commonFooter()
+		</body>
+	</html>
+}

ui/views/common_templ.go

@@ -0,0 +1,266 @@
+// Code generated by templ - DO NOT EDIT.
+
+// templ: version: v0.3.833
+package views
+
+//lint:file-ignore SA4006 This context is only used if a nested component is present.
+
+import "github.com/a-h/templ"
+import templruntime "github.com/a-h/templ/runtime"
+
+import "git.32bit.cafe/32bitcafe/guestbook/internal/models"
+import "strconv"
+import "fmt"
+import "strings"
+
+type CommonData struct {
+	CurrentYear     int
+	Flash           string
+	IsAuthenticated bool
+	CSRFToken       string
+	CurrentUser     *models.User
+	IsHtmx          bool
+	RootUrl         string
+}
+
+func shortIdToSlug(shortId uint64) string {
+	return strconv.FormatUint(shortId, 36)
+}
+
+func slugToShortId(slug string) uint64 {
+	id, _ := strconv.ParseUint(slug, 36, 64)
+	return id
+}
+
+func externalUrl(url string) string {
+	if !strings.HasPrefix(url, "http") {
+		return "http://" + url
+	}
+	return url
+}
+
+func commonHeader() templ.Component {
+	return templruntime.GeneratedTemplate(func(templ_7745c5c3_Input templruntime.GeneratedComponentInput) (templ_7745c5c3_Err error) {
+		templ_7745c5c3_W, ctx := templ_7745c5c3_Input.Writer, templ_7745c5c3_Input.Context
+		if templ_7745c5c3_CtxErr := ctx.Err(); templ_7745c5c3_CtxErr != nil {
+			return templ_7745c5c3_CtxErr
+		}
+		templ_7745c5c3_Buffer, templ_7745c5c3_IsBuffer := templruntime.GetBuffer(templ_7745c5c3_W)
+		if !templ_7745c5c3_IsBuffer {
+			defer func() {
+				templ_7745c5c3_BufErr := templruntime.ReleaseBuffer(templ_7745c5c3_Buffer)
+				if templ_7745c5c3_Err == nil {
+					templ_7745c5c3_Err = templ_7745c5c3_BufErr
+				}
+			}()
+		}
+		ctx = templ.InitializeContext(ctx)
+		templ_7745c5c3_Var1 := templ.GetChildren(ctx)
+		if templ_7745c5c3_Var1 == nil {
+			templ_7745c5c3_Var1 = templ.NopComponent
+		}
+		ctx = templ.ClearChildren(ctx)
+		templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 1, "<header><h1><a href=\"/\">webweav.ing</a></h1></header>")
+		if templ_7745c5c3_Err != nil {
+			return templ_7745c5c3_Err
+		}
+		return nil
+	})
+}
+
+func topNav(data CommonData) templ.Component {
+	return templruntime.GeneratedTemplate(func(templ_7745c5c3_Input templruntime.GeneratedComponentInput) (templ_7745c5c3_Err error) {
+		templ_7745c5c3_W, ctx := templ_7745c5c3_Input.Writer, templ_7745c5c3_Input.Context
+		if templ_7745c5c3_CtxErr := ctx.Err(); templ_7745c5c3_CtxErr != nil {
+			return templ_7745c5c3_CtxErr
+		}
+		templ_7745c5c3_Buffer, templ_7745c5c3_IsBuffer := templruntime.GetBuffer(templ_7745c5c3_W)
+		if !templ_7745c5c3_IsBuffer {
+			defer func() {
+				templ_7745c5c3_BufErr := templruntime.ReleaseBuffer(templ_7745c5c3_Buffer)
+				if templ_7745c5c3_Err == nil {
+					templ_7745c5c3_Err = templ_7745c5c3_BufErr
+				}
+			}()
+		}
+		ctx = templ.InitializeContext(ctx)
+		templ_7745c5c3_Var2 := templ.GetChildren(ctx)
+		if templ_7745c5c3_Var2 == nil {
+			templ_7745c5c3_Var2 = templ.NopComponent
+		}
+		ctx = templ.ClearChildren(ctx)
+		hxHeaders := fmt.Sprintf("{\"X-CSRF-Token\": \"%s\"}", data.CSRFToken)
+		templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 2, "<nav><div>")
+		if templ_7745c5c3_Err != nil {
+			return templ_7745c5c3_Err
+		}
+		if data.IsAuthenticated {
+			templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 3, "Welcome, ")
+			if templ_7745c5c3_Err != nil {
+				return templ_7745c5c3_Err
+			}
+			var templ_7745c5c3_Var3 string
+			templ_7745c5c3_Var3, templ_7745c5c3_Err = templ.JoinStringErrs(data.CurrentUser.Username)
+			if templ_7745c5c3_Err != nil {
+				return templ.Error{Err: templ_7745c5c3_Err, FileName: `ui/views/common.templ`, Line: 44, Col: 40}
+			}
+			_, templ_7745c5c3_Err = templ_7745c5c3_Buffer.WriteString(templ.EscapeString(templ_7745c5c3_Var3))
+			if templ_7745c5c3_Err != nil {
+				return templ_7745c5c3_Err
+			}
+		}
+		templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 4, "</div><div>")
+		if templ_7745c5c3_Err != nil {
+			return templ_7745c5c3_Err
+		}
+		if data.IsAuthenticated {
+			templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 5, "<a href=\"/guestbooks\">All Guestbooks</a> | <a href=\"/websites\">My Websites</a> |  <a href=\"/users/settings\">Settings</a> |  <a href=\"#\" hx-post=\"/users/logout\" hx-headers=\"")
+			if templ_7745c5c3_Err != nil {
+				return templ_7745c5c3_Err
+			}
+			var templ_7745c5c3_Var4 string
+			templ_7745c5c3_Var4, templ_7745c5c3_Err = templ.JoinStringErrs(hxHeaders)
+			if templ_7745c5c3_Err != nil {
+				return templ.Error{Err: templ_7745c5c3_Err, FileName: `ui/views/common.templ`, Line: 52, Col: 62}
+			}
+			_, templ_7745c5c3_Err = templ_7745c5c3_Buffer.WriteString(templ.EscapeString(templ_7745c5c3_Var4))
+			if templ_7745c5c3_Err != nil {
+				return templ_7745c5c3_Err
+			}
+			templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 6, "\">Logout</a>")
+			if templ_7745c5c3_Err != nil {
+				return templ_7745c5c3_Err
+			}
+		} else {
+			templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 7, "<a href=\"/users/register\">Create an Account</a> |  <a href=\"/users/login\">Login</a>")
+			if templ_7745c5c3_Err != nil {
+				return templ_7745c5c3_Err
+			}
+		}
+		templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 8, "</div></nav>")
+		if templ_7745c5c3_Err != nil {
+			return templ_7745c5c3_Err
+		}
+		return nil
+	})
+}
+
+func commonFooter() templ.Component {
+	return templruntime.GeneratedTemplate(func(templ_7745c5c3_Input templruntime.GeneratedComponentInput) (templ_7745c5c3_Err error) {
+		templ_7745c5c3_W, ctx := templ_7745c5c3_Input.Writer, templ_7745c5c3_Input.Context
+		if templ_7745c5c3_CtxErr := ctx.Err(); templ_7745c5c3_CtxErr != nil {
+			return templ_7745c5c3_CtxErr
+		}
+		templ_7745c5c3_Buffer, templ_7745c5c3_IsBuffer := templruntime.GetBuffer(templ_7745c5c3_W)
+		if !templ_7745c5c3_IsBuffer {
+			defer func() {
+				templ_7745c5c3_BufErr := templruntime.ReleaseBuffer(templ_7745c5c3_Buffer)
+				if templ_7745c5c3_Err == nil {
+					templ_7745c5c3_Err = templ_7745c5c3_BufErr
+				}
+			}()
+		}
+		ctx = templ.InitializeContext(ctx)
+		templ_7745c5c3_Var5 := templ.GetChildren(ctx)
+		if templ_7745c5c3_Var5 == nil {
+			templ_7745c5c3_Var5 = templ.NopComponent
+		}
+		ctx = templ.ClearChildren(ctx)
+		templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 9, "<footer><p>A <a href=\"https://32bit.cafe\">32bit.cafe</a> Project</p></footer>")
+		if templ_7745c5c3_Err != nil {
+			return templ_7745c5c3_Err
+		}
+		return nil
+	})
+}
+
+func base(title string, data CommonData) templ.Component {
+	return templruntime.GeneratedTemplate(func(templ_7745c5c3_Input templruntime.GeneratedComponentInput) (templ_7745c5c3_Err error) {
+		templ_7745c5c3_W, ctx := templ_7745c5c3_Input.Writer, templ_7745c5c3_Input.Context
+		if templ_7745c5c3_CtxErr := ctx.Err(); templ_7745c5c3_CtxErr != nil {
+			return templ_7745c5c3_CtxErr
+		}
+		templ_7745c5c3_Buffer, templ_7745c5c3_IsBuffer := templruntime.GetBuffer(templ_7745c5c3_W)
+		if !templ_7745c5c3_IsBuffer {
+			defer func() {
+				templ_7745c5c3_BufErr := templruntime.ReleaseBuffer(templ_7745c5c3_Buffer)
+				if templ_7745c5c3_Err == nil {
+					templ_7745c5c3_Err = templ_7745c5c3_BufErr
+				}
+			}()
+		}
+		ctx = templ.InitializeContext(ctx)
+		templ_7745c5c3_Var6 := templ.GetChildren(ctx)
+		if templ_7745c5c3_Var6 == nil {
+			templ_7745c5c3_Var6 = templ.NopComponent
+		}
+		ctx = templ.ClearChildren(ctx)
+		templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 10, "<!doctype html><html lang=\"en\"><head><title>")
+		if templ_7745c5c3_Err != nil {
+			return templ_7745c5c3_Err
+		}
+		var templ_7745c5c3_Var7 string
+		templ_7745c5c3_Var7, templ_7745c5c3_Err = templ.JoinStringErrs(title)
+		if templ_7745c5c3_Err != nil {
+			return templ.Error{Err: templ_7745c5c3_Err, FileName: `ui/views/common.templ`, Line: 71, Col: 17}
+		}
+		_, templ_7745c5c3_Err = templ_7745c5c3_Buffer.WriteString(templ.EscapeString(templ_7745c5c3_Var7))
+		if templ_7745c5c3_Err != nil {
+			return templ_7745c5c3_Err
+		}
+		templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 11, " - webweav.ing</title><meta charset=\"UTF-8\"><meta name=\"viewport\" content=\"width=device-width, initial-scale=1\"><link href=\"/static/css/classless.min.css\" rel=\"stylesheet\"><link href=\"/static/css/style.css\" rel=\"stylesheet\"><script src=\"/static/js/htmx.min.js\"></script></head><body>")
+		if templ_7745c5c3_Err != nil {
+			return templ_7745c5c3_Err
+		}
+		templ_7745c5c3_Err = commonHeader().Render(ctx, templ_7745c5c3_Buffer)
+		if templ_7745c5c3_Err != nil {
+			return templ_7745c5c3_Err
+		}
+		templ_7745c5c3_Err = topNav(data).Render(ctx, templ_7745c5c3_Buffer)
+		if templ_7745c5c3_Err != nil {
+			return templ_7745c5c3_Err
+		}
+		templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 12, "<main>")
+		if templ_7745c5c3_Err != nil {
+			return templ_7745c5c3_Err
+		}
+		if data.Flash != "" {
+			templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 13, "<div class=\"flash\">")
+			if templ_7745c5c3_Err != nil {
+				return templ_7745c5c3_Err
+			}
+			var templ_7745c5c3_Var8 string
+			templ_7745c5c3_Var8, templ_7745c5c3_Err = templ.JoinStringErrs(data.Flash)
+			if templ_7745c5c3_Err != nil {
+				return templ.Error{Err: templ_7745c5c3_Err, FileName: `ui/views/common.templ`, Line: 83, Col: 36}
+			}
+			_, templ_7745c5c3_Err = templ_7745c5c3_Buffer.WriteString(templ.EscapeString(templ_7745c5c3_Var8))
+			if templ_7745c5c3_Err != nil {
+				return templ_7745c5c3_Err
+			}
+			templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 14, "</div>")
+			if templ_7745c5c3_Err != nil {
+				return templ_7745c5c3_Err
+			}
+		}
+		templ_7745c5c3_Err = templ_7745c5c3_Var6.Render(ctx, templ_7745c5c3_Buffer)
+		if templ_7745c5c3_Err != nil {
+			return templ_7745c5c3_Err
+		}
+		templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 15, "</main>")
+		if templ_7745c5c3_Err != nil {
+			return templ_7745c5c3_Err
+		}
+		templ_7745c5c3_Err = commonFooter().Render(ctx, templ_7745c5c3_Buffer)
+		if templ_7745c5c3_Err != nil {
+			return templ_7745c5c3_Err
+		}
+		templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 16, "</body></html>")
+		if templ_7745c5c3_Err != nil {
+			return templ_7745c5c3_Err
+		}
+		return nil
+	})
+}
+
+var _ = templruntime.GeneratedTemplate

ui/views/guestbooks.templ

@@ -0,0 +1,272 @@
+package views
+
+import "fmt"
+import "git.32bit.cafe/32bitcafe/guestbook/internal/models"
+import "git.32bit.cafe/32bitcafe/guestbook/internal/forms"
+import "time"
+
+templ GuestbookDashboardCommentsView(title string, data CommonData, website models.Website, guestbook models.Guestbook, comments []models.GuestbookComment) {
+	@base(title, data) {
+		<div id="dashboard">
+			@wSidebar(website)
+			<div>
+				<h1>Comments on { website.Name }</h1>
+				<hr/>
+				if len(comments) == 0 {
+					<p>No comments yet!</p>
+				}
+				for  _, c := range comments {
+					@GuestbookDashboardCommentView(data, website, c)
+				}
+			</div>
+		</div>
+	}
+}
+
+templ GuestbookDashboardCommentView(data CommonData, w models.Website, c models.GuestbookComment) {
+	{{ commentUrl := fmt.Sprintf("%s/dashboard/guestbook/comments/%s", wUrl(w), shortIdToSlug(c.ShortId)) }}
+	{{ hxHeaders := fmt.Sprintf("{\"X-CSRF-Token\": \"%s\"}", data.CSRFToken) }}
+	<div class="comment">
+		<div>
+			if c.Deleted.IsZero() {
+				<button class="danger" hx-delete={ commentUrl } hx-target="closest div.comment" hx-headers={ hxHeaders }>Delete</button>
+				<button class="outline" hx-put={ commentUrl } hx-target="closest div.comment" hx-headers={ hxHeaders }>
+					if !c.IsPublished {
+						Publish
+					} else {
+						Hide
+					}
+				</button>
+			}
+		</div>
+		<div>
+			<strong>{ c.AuthorName }</strong>
+			if len(c.AuthorEmail) > 0 {
+				{{ email := "mailto:" + c.AuthorEmail }}
+				| <a href={ templ.URL(email) } target="_blank">{ c.AuthorEmail }</a>
+			}
+			if len(c.AuthorSite) > 0 {
+				| <a href={ templ.URL(externalUrl(c.AuthorSite)) } target="_blank">{ c.AuthorSite }</a>
+			}
+			<p>
+				{ c.Created.In(data.CurrentUser.Settings.LocalTimezone).Format("01-02-2006 03:04PM") }
+			</p>
+		</div>
+		<p>
+			{ c.CommentText }
+		</p>
+		<hr/>
+	</div>
+}
+
+templ commentForm(form forms.CommentCreateForm) {
+	<div>
+		<label for="authorname">Name</label>
+		{{ error, exists := form.FieldErrors["authorName"] }}
+		if exists {
+			<label class="error">{ error }</label>
+		}
+		<input type="text" name="authorname" id="authorname"/>
+	</div>
+	<div>
+		<label for="authoremail">Email (Optional) </label>
+		{{ error, exists = form.FieldErrors["authorEmail"] }}
+		if exists {
+			<label class="error">{ error }</label>
+		}
+		<input type="text" name="authoremail" id="authoremail"/>
+	</div>
+	<div>
+		<label for="authorsite">Site Url (Optional) </label>
+		{{ error, exists = form.FieldErrors["authorSite"] }}
+		if exists {
+			<label class="error">{ error }</label>
+		}
+		<input type="text" name="authorsite" id="authorsite"/>
+	</div>
+	<div>
+		<label for="content">Comment</label>
+		{{ error, exists = form.FieldErrors["content"] }}
+		if exists {
+			<label class="error">{ error }</label>
+		}
+		<textarea name="content" id="content"></textarea>
+	</div>
+	<div>
+		<input type="submit" value="Submit"/>
+	</div>
+}
+
+templ GuestbookView(title string, data CommonData, website models.Website, guestbook models.Guestbook, comments []models.GuestbookComment, form forms.CommentCreateForm) {
+	{{ postUrl := fmt.Sprintf("/websites/%s/guestbook/comments/create", shortIdToSlug(website.ShortId)) }}
+	if data.IsHtmx {
+		@commentForm(form)
+	} else {
+		<html>
+			<head>
+				<title>{ title }</title>
+				<link href="/static/css/classless.min.css" rel="stylesheet"/>
+				<script src="/static/js/main.js" defer></script>
+			</head>
+			<body>
+				<main>
+					<div>
+						<h1>Guestbook for { website.Name }</h1>
+						{ data.Flash }
+						<form action={ templ.URL(postUrl) } method="post">
+							<input type="hidden" name="csrf_token" value={ data.CSRFToken }/>
+							@commentForm(form)
+						</form>
+					</div>
+					<div id="comments">
+						if len(comments) == 0 {
+							<p>No comments yet!</p>
+						}
+						for _, c := range comments {
+							<div>
+								<h3>
+									if c.AuthorSite != "" {
+										<a href={ templ.URL(externalUrl(c.AuthorSite)) } target="_blank">{ c.AuthorName }</a>
+									} else {
+										{ c.AuthorName }
+									}
+								</h3>
+								<time datetime={ c.Created.Format(time.RFC3339) }>{ c.Created.Format("01-02-2006 03:04PM") }</time>
+								<p>
+									{ c.CommentText }
+								</p>
+							</div>
+						}
+					</div>
+				</main>
+			</body>
+		</html>
+	}
+}
+
+templ settingRadio(selected bool, name, id, value string) {
+	<input type="radio" name={ name } id={ id } value={ value } selected?={ selected }/>
+}
+
+templ GuestbookSettingsView(data CommonData, website models.Website) {
+	{{ putUrl := fmt.Sprintf("/websites/%s/dashboard/guestbook/settings", shortIdToSlug(website.ShortId)) }}
+	{{ gb := website.Guestbook }}
+	@base("Guestbook Settings", data) {
+		<div id="dashboard">
+			@wSidebar(website)
+			<div>
+				<h1>Guestbook Settings</h1>
+				<form hx-put={ putUrl }>
+					<input type="hidden" name="csrf_token" value={ data.CSRFToken }/>
+					<div>
+						<label>Guestbook Visibility</label>
+						<label for="gb_visible_true">
+							<input type="radio" name="gb_visible" id="gb_visible_true" value="true" checked?={ gb.Settings.IsVisible }/>
+							Public
+						</label>
+						<label for="gb_visible_false">
+							<input type="radio" name="gb_visible" id="gb_visible_false" value="false" checked?={ !gb.Settings.IsVisible }/>
+							Private
+						</label>
+					</div>
+					<div>
+						<label>Guestbook Commenting</label>
+						<select name="gb_commenting" id="gb-commenting">
+							<option value="true" selected?={ gb.Settings.IsCommentingEnabled }>Enabled</option>
+							<option value="1h">Disabled for 1 Hour</option>
+							<option value="4h">Disabled for 4 Hours</option>
+							<option value="8h">Disabled for 8 Hours</option>
+							<option value="24h">Disabled for 1 Day</option>
+							<option value="72h">Disabled for 3 Days</option>
+							<option value="168h">Disabled for 7 Days</option>
+							<option value="false" selected?={ !gb.Settings.IsCommentingEnabled }>Disabled</option>
+						</select>
+						if !website.Guestbook.CanComment() {
+							{{ localtime := gb.Settings.ReenableCommenting.In(data.CurrentUser.Settings.LocalTimezone) }}
+							<label>Commenting re-enabled on <time value={ localtime.Format(time.RFC3339) }>{ localtime.Format("2 January 2006") } at { localtime.Format("3:04PM MST") }</time></label>
+						}
+					</div>
+					<div>
+						<label>Enable Widgets</label>
+						<label for="gb_remote_true">
+							<input type="radio" name="gb_remote" id="gb_remote_true" value="true" checked?={ gb.Settings.AllowRemoteHostAccess }/>
+							Yes
+						</label>
+						<label for="gb_remote_false">
+							<input type="radio" name="gb_remote" id="gb_remote_false" value="false" checked?={ !gb.Settings.AllowRemoteHostAccess }/>
+							No
+						</label>
+					</div>
+					<input type="submit" value="Submit"/>
+				</form>
+			</div>
+		</div>
+	}
+}
+
+templ EmbeddableGuestbookCommentForm(data CommonData, w models.Website, f forms.CommentCreateForm) {
+	{{ postUrl := fmt.Sprintf("/websites/%s/guestbook/comments/create?headless=true", shortIdToSlug(w.ShortId)) }}
+	<html>
+		<head>
+			<link href="/static/css/classless.min.css" rel="stylesheet"/>
+		</head>
+		<body>
+			{ data.Flash }
+			<form action={ templ.URL(postUrl) } method="post">
+				<input type="hidden" name="csrf_token" value={ data.CSRFToken }/>
+				@commentForm(f)
+			</form>
+		</body>
+	</html>
+}
+
+templ AllGuestbooksView(data CommonData, websites []models.Website) {
+	@base("All Guestbooks", data) {
+		<div>
+			<h1>All Guestbooks</h1>
+			<p>
+				This page exists only for testing the service.
+			</p>
+			<ul>
+				for _, w := range websites {
+					<li>
+						{{ gbUrl := fmt.Sprintf("/websites/%s/guestbook", shortIdToSlug(w.ShortId)) }}
+						<a href={ templ.URL(gbUrl) } target="_blank">{ w.Name }</a>
+					</li>
+				}
+			</ul>
+		</div>
+	}
+}
+
+templ GuestbookCommentCreateRemoteErrorView(url, err string) {
+	<html>
+		<head>
+			<meta http-equiv="refresh" content={ fmt.Sprintf("3; url='%s'", templ.URL(externalUrl(url))) }/>
+		</head>
+		<body>
+			<p>
+				An error occurred while posting comment. { err }. Redirecting.
+			</p>
+			<p>
+				<a href={ templ.URL(url) }>Redirect</a>
+			</p>
+		</body>
+	</html>
+}
+
+templ GuestbookCommentCreateRemoteSuccessView(url string) {
+	<html>
+		<head>
+			<meta http-equiv="refresh" content={ fmt.Sprintf("3; url='%s'", templ.URL(externalUrl(url))) }/>
+		</head>
+		<body>
+			<p>
+				Comment successfully posted. Redirecting.
+			</p>
+			<p>
+				<a href={ templ.URL(url) }>Redirect</a>
+			</p>
+		</body>
+	</html>
+}

ui/views/home.templ

@@ -0,0 +1,19 @@
+package views
+
+templ Home(title string, data CommonData) {
+	@base(title, data) {
+		<h2>Welcome</h2>
+		<p>
+			Welcome to webweav.ing, a collection of webmastery tools created by the <a href="https://32bit.cafe">32-Bit Cafe</a>.
+		</p>
+		<p>
+			Note this service is in a pre-alpha state. Your account and data can disappear at any time. 
+		</p>
+	}
+}
+
+templ ComingSoon(title string, data CommonData) {
+	@base(title, data) {
+		<h2>Coming Soon</h2>
+	}
+}

ui/views/home_templ.go

@@ -0,0 +1,105 @@
+// Code generated by templ - DO NOT EDIT.
+
+// templ: version: v0.3.833
+package views
+
+//lint:file-ignore SA4006 This context is only used if a nested component is present.
+
+import "github.com/a-h/templ"
+import templruntime "github.com/a-h/templ/runtime"
+
+func Home(title string, data CommonData) templ.Component {
+	return templruntime.GeneratedTemplate(func(templ_7745c5c3_Input templruntime.GeneratedComponentInput) (templ_7745c5c3_Err error) {
+		templ_7745c5c3_W, ctx := templ_7745c5c3_Input.Writer, templ_7745c5c3_Input.Context
+		if templ_7745c5c3_CtxErr := ctx.Err(); templ_7745c5c3_CtxErr != nil {
+			return templ_7745c5c3_CtxErr
+		}
+		templ_7745c5c3_Buffer, templ_7745c5c3_IsBuffer := templruntime.GetBuffer(templ_7745c5c3_W)
+		if !templ_7745c5c3_IsBuffer {
+			defer func() {
+				templ_7745c5c3_BufErr := templruntime.ReleaseBuffer(templ_7745c5c3_Buffer)
+				if templ_7745c5c3_Err == nil {
+					templ_7745c5c3_Err = templ_7745c5c3_BufErr
+				}
+			}()
+		}
+		ctx = templ.InitializeContext(ctx)
+		templ_7745c5c3_Var1 := templ.GetChildren(ctx)
+		if templ_7745c5c3_Var1 == nil {
+			templ_7745c5c3_Var1 = templ.NopComponent
+		}
+		ctx = templ.ClearChildren(ctx)
+		templ_7745c5c3_Var2 := templruntime.GeneratedTemplate(func(templ_7745c5c3_Input templruntime.GeneratedComponentInput) (templ_7745c5c3_Err error) {
+			templ_7745c5c3_W, ctx := templ_7745c5c3_Input.Writer, templ_7745c5c3_Input.Context
+			templ_7745c5c3_Buffer, templ_7745c5c3_IsBuffer := templruntime.GetBuffer(templ_7745c5c3_W)
+			if !templ_7745c5c3_IsBuffer {
+				defer func() {
+					templ_7745c5c3_BufErr := templruntime.ReleaseBuffer(templ_7745c5c3_Buffer)
+					if templ_7745c5c3_Err == nil {
+						templ_7745c5c3_Err = templ_7745c5c3_BufErr
+					}
+				}()
+			}
+			ctx = templ.InitializeContext(ctx)
+			templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 1, "<h2>Welcome</h2><p>Welcome to webweav.ing, a collection of webmastery tools created by the <a href=\"https://32bit.cafe\">32-Bit Cafe</a>.</p><p>Note this service is in a pre-alpha state. Your account and data can disappear at any time. </p>")
+			if templ_7745c5c3_Err != nil {
+				return templ_7745c5c3_Err
+			}
+			return nil
+		})
+		templ_7745c5c3_Err = base(title, data).Render(templ.WithChildren(ctx, templ_7745c5c3_Var2), templ_7745c5c3_Buffer)
+		if templ_7745c5c3_Err != nil {
+			return templ_7745c5c3_Err
+		}
+		return nil
+	})
+}
+
+func ComingSoon(title string, data CommonData) templ.Component {
+	return templruntime.GeneratedTemplate(func(templ_7745c5c3_Input templruntime.GeneratedComponentInput) (templ_7745c5c3_Err error) {
+		templ_7745c5c3_W, ctx := templ_7745c5c3_Input.Writer, templ_7745c5c3_Input.Context
+		if templ_7745c5c3_CtxErr := ctx.Err(); templ_7745c5c3_CtxErr != nil {
+			return templ_7745c5c3_CtxErr
+		}
+		templ_7745c5c3_Buffer, templ_7745c5c3_IsBuffer := templruntime.GetBuffer(templ_7745c5c3_W)
+		if !templ_7745c5c3_IsBuffer {
+			defer func() {
+				templ_7745c5c3_BufErr := templruntime.ReleaseBuffer(templ_7745c5c3_Buffer)
+				if templ_7745c5c3_Err == nil {
+					templ_7745c5c3_Err = templ_7745c5c3_BufErr
+				}
+			}()
+		}
+		ctx = templ.InitializeContext(ctx)
+		templ_7745c5c3_Var3 := templ.GetChildren(ctx)
+		if templ_7745c5c3_Var3 == nil {
+			templ_7745c5c3_Var3 = templ.NopComponent
+		}
+		ctx = templ.ClearChildren(ctx)
+		templ_7745c5c3_Var4 := templruntime.GeneratedTemplate(func(templ_7745c5c3_Input templruntime.GeneratedComponentInput) (templ_7745c5c3_Err error) {
+			templ_7745c5c3_W, ctx := templ_7745c5c3_Input.Writer, templ_7745c5c3_Input.Context
+			templ_7745c5c3_Buffer, templ_7745c5c3_IsBuffer := templruntime.GetBuffer(templ_7745c5c3_W)
+			if !templ_7745c5c3_IsBuffer {
+				defer func() {
+					templ_7745c5c3_BufErr := templruntime.ReleaseBuffer(templ_7745c5c3_Buffer)
+					if templ_7745c5c3_Err == nil {
+						templ_7745c5c3_Err = templ_7745c5c3_BufErr
+					}
+				}()
+			}
+			ctx = templ.InitializeContext(ctx)
+			templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 2, "<h2>Coming Soon</h2>")
+			if templ_7745c5c3_Err != nil {
+				return templ_7745c5c3_Err
+			}
+			return nil
+		})
+		templ_7745c5c3_Err = base(title, data).Render(templ.WithChildren(ctx, templ_7745c5c3_Var4), templ_7745c5c3_Buffer)
+		if templ_7745c5c3_Err != nil {
+			return templ_7745c5c3_Err
+		}
+		return nil
+	})
+}
+
+var _ = templruntime.GeneratedTemplate

ui/views/users.templ

@@ -0,0 +1,103 @@
+package views
+
+import (
+	"git.32bit.cafe/32bitcafe/guestbook/internal/forms"
+	"git.32bit.cafe/32bitcafe/guestbook/internal/models"
+)
+
+templ UserLogin(title string, data CommonData, form forms.UserLoginForm) {
+	@base(title, data) {
+		<h1>Login</h1>
+		<form action="/users/login" method="POST" novalidate>
+			<input type="hidden" name="csrf_token" value={ data.CSRFToken }/>
+			for _, error := range form.NonFieldErrors {
+				<div class="error">{ error }</div>
+			}
+			<div>
+				<label>Email: </label>
+				{{ error, exists := form.FieldErrors["email"] }}
+				if exists {
+					<label class="error">{ error }</label>
+				}
+				<input type="email" name="email" value={ form.Email }/>
+			</div>
+			<div>
+				<label>Password: </label>
+				{{ error, exists = form.FieldErrors["password"] }}
+				if exists {
+					<label class="error">{ error }</label>
+				}
+				<input type="password" name="password"/>
+			</div>
+			<div>
+				<input type="submit" value="login"/>
+			</div>
+		</form>
+	}
+}
+
+templ UserRegistration(title string, data CommonData, form forms.UserRegistrationForm) {
+	@base(title, data) {
+		<h1>User Registration</h1>
+		<form action="/users/register" method="post">
+			<input type="hidden" name="csrf_token" value={ data.CSRFToken }/>
+			<div>
+				{{ error, exists := form.FieldErrors["name"] }}
+				<label for="username">Username: </label>
+				if exists {
+					<label class="error">{ error }</label>
+				}
+				<input type="text" name="username" id="username" value={ form.Name } required/>
+			</div>
+			<div>
+				{{ error, exists = form.FieldErrors["email"] }}
+				<label for="email">Email: </label>
+				if exists {
+					<label class="error">{ error }</label>
+				}
+				<input type="text" name="email" id="email" value={ form.Email } required/>
+			</div>
+			<div>
+				{{ error, exists = form.FieldErrors["password"] }}
+				<label for="password">Password: </label>
+				if exists {
+					<label class="error">{ error }</label>
+				}
+				<input type="password" name="password" id="password"/>
+			</div>
+			<div>
+				<input type="submit" value="Register"/>
+			</div>
+		</form>
+	}
+}
+
+templ UserProfile(title string, data CommonData, user models.User) {
+	@base(title, data) {
+		<h1>{ user.Username }</h1>
+		<p>{ user.Email }</p>
+	}
+}
+
+templ UserSettingsView(data CommonData, timezones []string) {
+	{{ user := data.CurrentUser }}
+	@base("User Settings", data) {
+		<div>
+			<h1>User Settings</h1>
+			<form hx-put="/users/settings">
+				<input type="hidden" name="csrf_token" value={ data.CSRFToken }/>
+				<label>Local Timezone</label>
+				<select name="timezones" id="timezone-select">
+					for _, tz := range timezones {
+						if tz == user.Settings.LocalTimezone.String() {
+							<option value={ tz } selected="true">{ tz }</option>
+						} else {
+							<option value={ tz }>{ tz }</option>
+						}
+					}
+				</select>
+				<input type="submit" value="Submit"/>
+			</form>
+		</div>
+	}
+}

ui/views/users_templ.go

@@ -0,0 +1,533 @@
+// Code generated by templ - DO NOT EDIT.
+
+// templ: version: v0.3.833
+package views
+
+//lint:file-ignore SA4006 This context is only used if a nested component is present.
+
+import "github.com/a-h/templ"
+import templruntime "github.com/a-h/templ/runtime"
+
+import (
+	"git.32bit.cafe/32bitcafe/guestbook/internal/forms"
+	"git.32bit.cafe/32bitcafe/guestbook/internal/models"
+)
+
+func UserLogin(title string, data CommonData, form forms.UserLoginForm) templ.Component {
+	return templruntime.GeneratedTemplate(func(templ_7745c5c3_Input templruntime.GeneratedComponentInput) (templ_7745c5c3_Err error) {
+		templ_7745c5c3_W, ctx := templ_7745c5c3_Input.Writer, templ_7745c5c3_Input.Context
+		if templ_7745c5c3_CtxErr := ctx.Err(); templ_7745c5c3_CtxErr != nil {
+			return templ_7745c5c3_CtxErr
+		}
+		templ_7745c5c3_Buffer, templ_7745c5c3_IsBuffer := templruntime.GetBuffer(templ_7745c5c3_W)
+		if !templ_7745c5c3_IsBuffer {
+			defer func() {
+				templ_7745c5c3_BufErr := templruntime.ReleaseBuffer(templ_7745c5c3_Buffer)
+				if templ_7745c5c3_Err == nil {
+					templ_7745c5c3_Err = templ_7745c5c3_BufErr
+				}
+			}()
+		}
+		ctx = templ.InitializeContext(ctx)
+		templ_7745c5c3_Var1 := templ.GetChildren(ctx)
+		if templ_7745c5c3_Var1 == nil {
+			templ_7745c5c3_Var1 = templ.NopComponent
+		}
+		ctx = templ.ClearChildren(ctx)
+		templ_7745c5c3_Var2 := templruntime.GeneratedTemplate(func(templ_7745c5c3_Input templruntime.GeneratedComponentInput) (templ_7745c5c3_Err error) {
+			templ_7745c5c3_W, ctx := templ_7745c5c3_Input.Writer, templ_7745c5c3_Input.Context
+			templ_7745c5c3_Buffer, templ_7745c5c3_IsBuffer := templruntime.GetBuffer(templ_7745c5c3_W)
+			if !templ_7745c5c3_IsBuffer {
+				defer func() {
+					templ_7745c5c3_BufErr := templruntime.ReleaseBuffer(templ_7745c5c3_Buffer)
+					if templ_7745c5c3_Err == nil {
+						templ_7745c5c3_Err = templ_7745c5c3_BufErr
+					}
+				}()
+			}
+			ctx = templ.InitializeContext(ctx)
+			templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 1, "<h1>Login</h1><form action=\"/users/login\" method=\"POST\" novalidate><input type=\"hidden\" name=\"csrf_token\" value=\"")
+			if templ_7745c5c3_Err != nil {
+				return templ_7745c5c3_Err
+			}
+			var templ_7745c5c3_Var3 string
+			templ_7745c5c3_Var3, templ_7745c5c3_Err = templ.JoinStringErrs(data.CSRFToken)
+			if templ_7745c5c3_Err != nil {
+				return templ.Error{Err: templ_7745c5c3_Err, FileName: `ui/views/users.templ`, Line: 12, Col: 64}
+			}
+			_, templ_7745c5c3_Err = templ_7745c5c3_Buffer.WriteString(templ.EscapeString(templ_7745c5c3_Var3))
+			if templ_7745c5c3_Err != nil {
+				return templ_7745c5c3_Err
+			}
+			templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 2, "\"> ")
+			if templ_7745c5c3_Err != nil {
+				return templ_7745c5c3_Err
+			}
+			for _, error := range form.NonFieldErrors {
+				templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 3, "<div class=\"error\">")
+				if templ_7745c5c3_Err != nil {
+					return templ_7745c5c3_Err
+				}
+				var templ_7745c5c3_Var4 string
+				templ_7745c5c3_Var4, templ_7745c5c3_Err = templ.JoinStringErrs(error)
+				if templ_7745c5c3_Err != nil {
+					return templ.Error{Err: templ_7745c5c3_Err, FileName: `ui/views/users.templ`, Line: 14, Col: 30}
+				}
+				_, templ_7745c5c3_Err = templ_7745c5c3_Buffer.WriteString(templ.EscapeString(templ_7745c5c3_Var4))
+				if templ_7745c5c3_Err != nil {
+					return templ_7745c5c3_Err
+				}
+				templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 4, "</div>")
+				if templ_7745c5c3_Err != nil {
+					return templ_7745c5c3_Err
+				}
+			}
+			templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 5, "<div><label>Email: </label>")
+			if templ_7745c5c3_Err != nil {
+				return templ_7745c5c3_Err
+			}
+			error, exists := form.FieldErrors["email"]
+			if exists {
+				templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 6, "<label class=\"error\">")
+				if templ_7745c5c3_Err != nil {
+					return templ_7745c5c3_Err
+				}
+				var templ_7745c5c3_Var5 string
+				templ_7745c5c3_Var5, templ_7745c5c3_Err = templ.JoinStringErrs(error)
+				if templ_7745c5c3_Err != nil {
+					return templ.Error{Err: templ_7745c5c3_Err, FileName: `ui/views/users.templ`, Line: 20, Col: 33}
+				}
+				_, templ_7745c5c3_Err = templ_7745c5c3_Buffer.WriteString(templ.EscapeString(templ_7745c5c3_Var5))
+				if templ_7745c5c3_Err != nil {
+					return templ_7745c5c3_Err
+				}
+				templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 7, "</label> ")
+				if templ_7745c5c3_Err != nil {
+					return templ_7745c5c3_Err
+				}
+			}
+			templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 8, "<input type=\"email\" name=\"email\" value=\"")
+			if templ_7745c5c3_Err != nil {
+				return templ_7745c5c3_Err
+			}
+			var templ_7745c5c3_Var6 string
+			templ_7745c5c3_Var6, templ_7745c5c3_Err = templ.JoinStringErrs(form.Email)
+			if templ_7745c5c3_Err != nil {
+				return templ.Error{Err: templ_7745c5c3_Err, FileName: `ui/views/users.templ`, Line: 22, Col: 55}
+			}
+			_, templ_7745c5c3_Err = templ_7745c5c3_Buffer.WriteString(templ.EscapeString(templ_7745c5c3_Var6))
+			if templ_7745c5c3_Err != nil {
+				return templ_7745c5c3_Err
+			}
+			templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 9, "\"></div><div><label>Password: </label>")
+			if templ_7745c5c3_Err != nil {
+				return templ_7745c5c3_Err
+			}
+			error, exists = form.FieldErrors["password"]
+			if exists {
+				templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 10, "<label class=\"error\">")
+				if templ_7745c5c3_Err != nil {
+					return templ_7745c5c3_Err
+				}
+				var templ_7745c5c3_Var7 string
+				templ_7745c5c3_Var7, templ_7745c5c3_Err = templ.JoinStringErrs(error)
+				if templ_7745c5c3_Err != nil {
+					return templ.Error{Err: templ_7745c5c3_Err, FileName: `ui/views/users.templ`, Line: 28, Col: 33}
+				}
+				_, templ_7745c5c3_Err = templ_7745c5c3_Buffer.WriteString(templ.EscapeString(templ_7745c5c3_Var7))
+				if templ_7745c5c3_Err != nil {
+					return templ_7745c5c3_Err
+				}
+				templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 11, "</label> ")
+				if templ_7745c5c3_Err != nil {
+					return templ_7745c5c3_Err
+				}
+			}
+			templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 12, "<input type=\"password\" name=\"password\"></div><div><input type=\"submit\" value=\"login\"></div></form>")
+			if templ_7745c5c3_Err != nil {
+				return templ_7745c5c3_Err
+			}
+			return nil
+		})
+		templ_7745c5c3_Err = base(title, data).Render(templ.WithChildren(ctx, templ_7745c5c3_Var2), templ_7745c5c3_Buffer)
+		if templ_7745c5c3_Err != nil {
+			return templ_7745c5c3_Err
+		}
+		return nil
+	})
+}
+
+func UserRegistration(title string, data CommonData, form forms.UserRegistrationForm) templ.Component {
+	return templruntime.GeneratedTemplate(func(templ_7745c5c3_Input templruntime.GeneratedComponentInput) (templ_7745c5c3_Err error) {
+		templ_7745c5c3_W, ctx := templ_7745c5c3_Input.Writer, templ_7745c5c3_Input.Context
+		if templ_7745c5c3_CtxErr := ctx.Err(); templ_7745c5c3_CtxErr != nil {
+			return templ_7745c5c3_CtxErr
+		}
+		templ_7745c5c3_Buffer, templ_7745c5c3_IsBuffer := templruntime.GetBuffer(templ_7745c5c3_W)
+		if !templ_7745c5c3_IsBuffer {
+			defer func() {
+				templ_7745c5c3_BufErr := templruntime.ReleaseBuffer(templ_7745c5c3_Buffer)
+				if templ_7745c5c3_Err == nil {
+					templ_7745c5c3_Err = templ_7745c5c3_BufErr
+				}
+			}()
+		}
+		ctx = templ.InitializeContext(ctx)
+		templ_7745c5c3_Var8 := templ.GetChildren(ctx)
+		if templ_7745c5c3_Var8 == nil {
+			templ_7745c5c3_Var8 = templ.NopComponent
+		}
+		ctx = templ.ClearChildren(ctx)
+		templ_7745c5c3_Var9 := templruntime.GeneratedTemplate(func(templ_7745c5c3_Input templruntime.GeneratedComponentInput) (templ_7745c5c3_Err error) {
+			templ_7745c5c3_W, ctx := templ_7745c5c3_Input.Writer, templ_7745c5c3_Input.Context
+			templ_7745c5c3_Buffer, templ_7745c5c3_IsBuffer := templruntime.GetBuffer(templ_7745c5c3_W)
+			if !templ_7745c5c3_IsBuffer {
+				defer func() {
+					templ_7745c5c3_BufErr := templruntime.ReleaseBuffer(templ_7745c5c3_Buffer)
+					if templ_7745c5c3_Err == nil {
+						templ_7745c5c3_Err = templ_7745c5c3_BufErr
+					}
+				}()
+			}
+			ctx = templ.InitializeContext(ctx)
+			templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 13, "<h1>User Registration</h1><form action=\"/users/register\" method=\"post\"><input type=\"hidden\" name=\"csrf_token\" value=\"")
+			if templ_7745c5c3_Err != nil {
+				return templ_7745c5c3_Err
+			}
+			var templ_7745c5c3_Var10 string
+			templ_7745c5c3_Var10, templ_7745c5c3_Err = templ.JoinStringErrs(data.CSRFToken)
+			if templ_7745c5c3_Err != nil {
+				return templ.Error{Err: templ_7745c5c3_Err, FileName: `ui/views/users.templ`, Line: 43, Col: 64}
+			}
+			_, templ_7745c5c3_Err = templ_7745c5c3_Buffer.WriteString(templ.EscapeString(templ_7745c5c3_Var10))
+			if templ_7745c5c3_Err != nil {
+				return templ_7745c5c3_Err
+			}
+			templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 14, "\"><div>")
+			if templ_7745c5c3_Err != nil {
+				return templ_7745c5c3_Err
+			}
+			error, exists := form.FieldErrors["name"]
+			templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 15, "<label for=\"username\">Username: </label> ")
+			if templ_7745c5c3_Err != nil {
+				return templ_7745c5c3_Err
+			}
+			if exists {
+				templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 16, "<label class=\"error\">")
+				if templ_7745c5c3_Err != nil {
+					return templ_7745c5c3_Err
+				}
+				var templ_7745c5c3_Var11 string
+				templ_7745c5c3_Var11, templ_7745c5c3_Err = templ.JoinStringErrs(error)
+				if templ_7745c5c3_Err != nil {
+					return templ.Error{Err: templ_7745c5c3_Err, FileName: `ui/views/users.templ`, Line: 48, Col: 33}
+				}
+				_, templ_7745c5c3_Err = templ_7745c5c3_Buffer.WriteString(templ.EscapeString(templ_7745c5c3_Var11))
+				if templ_7745c5c3_Err != nil {
+					return templ_7745c5c3_Err
+				}
+				templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 17, "</label> ")
+				if templ_7745c5c3_Err != nil {
+					return templ_7745c5c3_Err
+				}
+			}
+			templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 18, "<input type=\"text\" name=\"username\" id=\"username\" value=\"")
+			if templ_7745c5c3_Err != nil {
+				return templ_7745c5c3_Err
+			}
+			var templ_7745c5c3_Var12 string
+			templ_7745c5c3_Var12, templ_7745c5c3_Err = templ.JoinStringErrs(form.Name)
+			if templ_7745c5c3_Err != nil {
+				return templ.Error{Err: templ_7745c5c3_Err, FileName: `ui/views/users.templ`, Line: 50, Col: 70}
+			}
+			_, templ_7745c5c3_Err = templ_7745c5c3_Buffer.WriteString(templ.EscapeString(templ_7745c5c3_Var12))
+			if templ_7745c5c3_Err != nil {
+				return templ_7745c5c3_Err
+			}
+			templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 19, "\" required></div><div>")
+			if templ_7745c5c3_Err != nil {
+				return templ_7745c5c3_Err
+			}
+			error, exists = form.FieldErrors["email"]
+			templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 20, "<label for=\"email\">Email: </label> ")
+			if templ_7745c5c3_Err != nil {
+				return templ_7745c5c3_Err
+			}
+			if exists {
+				templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 21, "<label class=\"error\">")
+				if templ_7745c5c3_Err != nil {
+					return templ_7745c5c3_Err
+				}
+				var templ_7745c5c3_Var13 string
+				templ_7745c5c3_Var13, templ_7745c5c3_Err = templ.JoinStringErrs(error)
+				if templ_7745c5c3_Err != nil {
+					return templ.Error{Err: templ_7745c5c3_Err, FileName: `ui/views/users.templ`, Line: 56, Col: 33}
+				}
+				_, templ_7745c5c3_Err = templ_7745c5c3_Buffer.WriteString(templ.EscapeString(templ_7745c5c3_Var13))
+				if templ_7745c5c3_Err != nil {
+					return templ_7745c5c3_Err
+				}
+				templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 22, "</label> ")
+				if templ_7745c5c3_Err != nil {
+					return templ_7745c5c3_Err
+				}
+			}
+			templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 23, "<input type=\"text\" name=\"email\" id=\"email\" value=\"")
+			if templ_7745c5c3_Err != nil {
+				return templ_7745c5c3_Err
+			}
+			var templ_7745c5c3_Var14 string
+			templ_7745c5c3_Var14, templ_7745c5c3_Err = templ.JoinStringErrs(form.Email)
+			if templ_7745c5c3_Err != nil {
+				return templ.Error{Err: templ_7745c5c3_Err, FileName: `ui/views/users.templ`, Line: 58, Col: 65}
+			}
+			_, templ_7745c5c3_Err = templ_7745c5c3_Buffer.WriteString(templ.EscapeString(templ_7745c5c3_Var14))
+			if templ_7745c5c3_Err != nil {
+				return templ_7745c5c3_Err
+			}
+			templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 24, "\" required></div><div>")
+			if templ_7745c5c3_Err != nil {
+				return templ_7745c5c3_Err
+			}
+			error, exists = form.FieldErrors["password"]
+			templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 25, "<label for=\"password\">Password: </label> ")
+			if templ_7745c5c3_Err != nil {
+				return templ_7745c5c3_Err
+			}
+			if exists {
+				templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 26, "<label class=\"error\">")
+				if templ_7745c5c3_Err != nil {
+					return templ_7745c5c3_Err
+				}
+				var templ_7745c5c3_Var15 string
+				templ_7745c5c3_Var15, templ_7745c5c3_Err = templ.JoinStringErrs(error)
+				if templ_7745c5c3_Err != nil {
+					return templ.Error{Err: templ_7745c5c3_Err, FileName: `ui/views/users.templ`, Line: 64, Col: 33}
+				}
+				_, templ_7745c5c3_Err = templ_7745c5c3_Buffer.WriteString(templ.EscapeString(templ_7745c5c3_Var15))
+				if templ_7745c5c3_Err != nil {
+					return templ_7745c5c3_Err
+				}
+				templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 27, "</label> ")
+				if templ_7745c5c3_Err != nil {
+					return templ_7745c5c3_Err
+				}
+			}
+			templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 28, "<input type=\"password\" name=\"password\" id=\"password\"></div><div><input type=\"submit\" value=\"Register\"></div></form>")
+			if templ_7745c5c3_Err != nil {
+				return templ_7745c5c3_Err
+			}
+			return nil
+		})
+		templ_7745c5c3_Err = base(title, data).Render(templ.WithChildren(ctx, templ_7745c5c3_Var9), templ_7745c5c3_Buffer)
+		if templ_7745c5c3_Err != nil {
+			return templ_7745c5c3_Err
+		}
+		return nil
+	})
+}
+
+func UserProfile(title string, data CommonData, user models.User) templ.Component {
+	return templruntime.GeneratedTemplate(func(templ_7745c5c3_Input templruntime.GeneratedComponentInput) (templ_7745c5c3_Err error) {
+		templ_7745c5c3_W, ctx := templ_7745c5c3_Input.Writer, templ_7745c5c3_Input.Context
+		if templ_7745c5c3_CtxErr := ctx.Err(); templ_7745c5c3_CtxErr != nil {
+			return templ_7745c5c3_CtxErr
+		}
+		templ_7745c5c3_Buffer, templ_7745c5c3_IsBuffer := templruntime.GetBuffer(templ_7745c5c3_W)
+		if !templ_7745c5c3_IsBuffer {
+			defer func() {
+				templ_7745c5c3_BufErr := templruntime.ReleaseBuffer(templ_7745c5c3_Buffer)
+				if templ_7745c5c3_Err == nil {
+					templ_7745c5c3_Err = templ_7745c5c3_BufErr
+				}
+			}()
+		}
+		ctx = templ.InitializeContext(ctx)
+		templ_7745c5c3_Var16 := templ.GetChildren(ctx)
+		if templ_7745c5c3_Var16 == nil {
+			templ_7745c5c3_Var16 = templ.NopComponent
+		}
+		ctx = templ.ClearChildren(ctx)
+		templ_7745c5c3_Var17 := templruntime.GeneratedTemplate(func(templ_7745c5c3_Input templruntime.GeneratedComponentInput) (templ_7745c5c3_Err error) {
+			templ_7745c5c3_W, ctx := templ_7745c5c3_Input.Writer, templ_7745c5c3_Input.Context
+			templ_7745c5c3_Buffer, templ_7745c5c3_IsBuffer := templruntime.GetBuffer(templ_7745c5c3_W)
+			if !templ_7745c5c3_IsBuffer {
+				defer func() {
+					templ_7745c5c3_BufErr := templruntime.ReleaseBuffer(templ_7745c5c3_Buffer)
+					if templ_7745c5c3_Err == nil {
+						templ_7745c5c3_Err = templ_7745c5c3_BufErr
+					}
+				}()
+			}
+			ctx = templ.InitializeContext(ctx)
+			templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 29, "<h1>")
+			if templ_7745c5c3_Err != nil {
+				return templ_7745c5c3_Err
+			}
+			var templ_7745c5c3_Var18 string
+			templ_7745c5c3_Var18, templ_7745c5c3_Err = templ.JoinStringErrs(user.Username)
+			if templ_7745c5c3_Err != nil {
+				return templ.Error{Err: templ_7745c5c3_Err, FileName: `ui/views/users.templ`, Line: 77, Col: 21}
+			}
+			_, templ_7745c5c3_Err = templ_7745c5c3_Buffer.WriteString(templ.EscapeString(templ_7745c5c3_Var18))
+			if templ_7745c5c3_Err != nil {
+				return templ_7745c5c3_Err
+			}
+			templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 30, "</h1><p>")
+			if templ_7745c5c3_Err != nil {
+				return templ_7745c5c3_Err
+			}
+			var templ_7745c5c3_Var19 string
+			templ_7745c5c3_Var19, templ_7745c5c3_Err = templ.JoinStringErrs(user.Email)
+			if templ_7745c5c3_Err != nil {
+				return templ.Error{Err: templ_7745c5c3_Err, FileName: `ui/views/users.templ`, Line: 78, Col: 17}
+			}
+			_, templ_7745c5c3_Err = templ_7745c5c3_Buffer.WriteString(templ.EscapeString(templ_7745c5c3_Var19))
+			if templ_7745c5c3_Err != nil {
+				return templ_7745c5c3_Err
+			}
+			templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 31, "</p>")
+			if templ_7745c5c3_Err != nil {
+				return templ_7745c5c3_Err
+			}
+			return nil
+		})
+		templ_7745c5c3_Err = base(title, data).Render(templ.WithChildren(ctx, templ_7745c5c3_Var17), templ_7745c5c3_Buffer)
+		if templ_7745c5c3_Err != nil {
+			return templ_7745c5c3_Err
+		}
+		return nil
+	})
+}
+
+func UserSettingsView(data CommonData, timezones []string) templ.Component {
+	return templruntime.GeneratedTemplate(func(templ_7745c5c3_Input templruntime.GeneratedComponentInput) (templ_7745c5c3_Err error) {
+		templ_7745c5c3_W, ctx := templ_7745c5c3_Input.Writer, templ_7745c5c3_Input.Context
+		if templ_7745c5c3_CtxErr := ctx.Err(); templ_7745c5c3_CtxErr != nil {
+			return templ_7745c5c3_CtxErr
+		}
+		templ_7745c5c3_Buffer, templ_7745c5c3_IsBuffer := templruntime.GetBuffer(templ_7745c5c3_W)
+		if !templ_7745c5c3_IsBuffer {
+			defer func() {
+				templ_7745c5c3_BufErr := templruntime.ReleaseBuffer(templ_7745c5c3_Buffer)
+				if templ_7745c5c3_Err == nil {
+					templ_7745c5c3_Err = templ_7745c5c3_BufErr
+				}
+			}()
+		}
+		ctx = templ.InitializeContext(ctx)
+		templ_7745c5c3_Var20 := templ.GetChildren(ctx)
+		if templ_7745c5c3_Var20 == nil {
+			templ_7745c5c3_Var20 = templ.NopComponent
+		}
+		ctx = templ.ClearChildren(ctx)
+		user := data.CurrentUser
+		templ_7745c5c3_Var21 := templruntime.GeneratedTemplate(func(templ_7745c5c3_Input templruntime.GeneratedComponentInput) (templ_7745c5c3_Err error) {
+			templ_7745c5c3_W, ctx := templ_7745c5c3_Input.Writer, templ_7745c5c3_Input.Context
+			templ_7745c5c3_Buffer, templ_7745c5c3_IsBuffer := templruntime.GetBuffer(templ_7745c5c3_W)
+			if !templ_7745c5c3_IsBuffer {
+				defer func() {
+					templ_7745c5c3_BufErr := templruntime.ReleaseBuffer(templ_7745c5c3_Buffer)
+					if templ_7745c5c3_Err == nil {
+						templ_7745c5c3_Err = templ_7745c5c3_BufErr
+					}
+				}()
+			}
+			ctx = templ.InitializeContext(ctx)
+			templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 32, "<div><h1>User Settings</h1><form hx-put=\"/users/settings\"><input type=\"hidden\" name=\"csrf_token\" value=\"")
+			if templ_7745c5c3_Err != nil {
+				return templ_7745c5c3_Err
+			}
+			var templ_7745c5c3_Var22 string
+			templ_7745c5c3_Var22, templ_7745c5c3_Err = templ.JoinStringErrs(data.CSRFToken)
+			if templ_7745c5c3_Err != nil {
+				return templ.Error{Err: templ_7745c5c3_Err, FileName: `ui/views/users.templ`, Line: 88, Col: 65}
+			}
+			_, templ_7745c5c3_Err = templ_7745c5c3_Buffer.WriteString(templ.EscapeString(templ_7745c5c3_Var22))
+			if templ_7745c5c3_Err != nil {
+				return templ_7745c5c3_Err
+			}
+			templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 33, "\"> <label>Local Timezone</label> <select name=\"timezones\" id=\"timezone-select\">")
+			if templ_7745c5c3_Err != nil {
+				return templ_7745c5c3_Err
+			}
+			for _, tz := range timezones {
+				if tz == user.Settings.LocalTimezone.String() {
+					templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 34, "<option value=\"")
+					if templ_7745c5c3_Err != nil {
+						return templ_7745c5c3_Err
+					}
+					var templ_7745c5c3_Var23 string
+					templ_7745c5c3_Var23, templ_7745c5c3_Err = templ.JoinStringErrs(tz)
+					if templ_7745c5c3_Err != nil {
+						return templ.Error{Err: templ_7745c5c3_Err, FileName: `ui/views/users.templ`, Line: 93, Col: 25}
+					}
+					_, templ_7745c5c3_Err = templ_7745c5c3_Buffer.WriteString(templ.EscapeString(templ_7745c5c3_Var23))
+					if templ_7745c5c3_Err != nil {
+						return templ_7745c5c3_Err
+					}
+					templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 35, "\" selected=\"true\">")
+					if templ_7745c5c3_Err != nil {
+						return templ_7745c5c3_Err
+					}
+					var templ_7745c5c3_Var24 string
+					templ_7745c5c3_Var24, templ_7745c5c3_Err = templ.JoinStringErrs(tz)
+					if templ_7745c5c3_Err != nil {
+						return templ.Error{Err: templ_7745c5c3_Err, FileName: `ui/views/users.templ`, Line: 93, Col: 48}
+					}
+					_, templ_7745c5c3_Err = templ_7745c5c3_Buffer.WriteString(templ.EscapeString(templ_7745c5c3_Var24))
+					if templ_7745c5c3_Err != nil {
+						return templ_7745c5c3_Err
+					}
+					templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 36, "</option>")
+					if templ_7745c5c3_Err != nil {
+						return templ_7745c5c3_Err
+					}
+				} else {
+					templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 37, "<option value=\"")
+					if templ_7745c5c3_Err != nil {
+						return templ_7745c5c3_Err
+					}
+					var templ_7745c5c3_Var25 string
+					templ_7745c5c3_Var25, templ_7745c5c3_Err = templ.JoinStringErrs(tz)
+					if templ_7745c5c3_Err != nil {
+						return templ.Error{Err: templ_7745c5c3_Err, FileName: `ui/views/users.templ`, Line: 95, Col: 25}
+					}
+					_, templ_7745c5c3_Err = templ_7745c5c3_Buffer.WriteString(templ.EscapeString(templ_7745c5c3_Var25))
+					if templ_7745c5c3_Err != nil {
+						return templ_7745c5c3_Err
+					}
+					templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 38, "\">")
+					if templ_7745c5c3_Err != nil {
+						return templ_7745c5c3_Err
+					}
+					var templ_7745c5c3_Var26 string
+					templ_7745c5c3_Var26, templ_7745c5c3_Err = templ.JoinStringErrs(tz)
+					if templ_7745c5c3_Err != nil {
+						return templ.Error{Err: templ_7745c5c3_Err, FileName: `ui/views/users.templ`, Line: 95, Col: 32}
+					}
+					_, templ_7745c5c3_Err = templ_7745c5c3_Buffer.WriteString(templ.EscapeString(templ_7745c5c3_Var26))
+					if templ_7745c5c3_Err != nil {
+						return templ_7745c5c3_Err
+					}
+					templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 39, "</option>")
+					if templ_7745c5c3_Err != nil {
+						return templ_7745c5c3_Err
+					}
+				}
+			}
+			templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 40, "</select> <input type=\"submit\" value=\"Submit\"></form></div>")
+			if templ_7745c5c3_Err != nil {
+				return templ_7745c5c3_Err
+			}
+			return nil
+		})
+		templ_7745c5c3_Err = base("User Settings", data).Render(templ.WithChildren(ctx, templ_7745c5c3_Var21), templ_7745c5c3_Buffer)
+		if templ_7745c5c3_Err != nil {
+			return templ_7745c5c3_Err
+		}
+		return nil
+	})
+}
+
+var _ = templruntime.GeneratedTemplate

ui/views/websites.templ

@@ -0,0 +1,175 @@
+package views
+
+import "fmt"
+import "git.32bit.cafe/32bitcafe/guestbook/internal/models"
+import "git.32bit.cafe/32bitcafe/guestbook/internal/forms"
+
+func wUrl(w models.Website) string {
+	return fmt.Sprintf("/websites/%s", shortIdToSlug(w.ShortId))
+}
+
+templ wSidebar(website models.Website) {
+	{{ dashUrl := wUrl(website) + "/dashboard" }}
+	{{ gbUrl := wUrl(website) + "/guestbook" }}
+	<nav>
+		<div>
+			<h2>{ website.Name }</h2>
+			<ul>
+				<li><a href={ templ.URL(dashUrl) }>Dashboard</a></li>
+				<li><a href={ templ.URL(externalUrl(website.Url.String())) } target="_blank">View Website</a></li>
+			</ul>
+			<h3>Guestbook</h3>
+			<ul>
+				<li><a href={ templ.URL(gbUrl) } target="_blank">View Guestbook</a></li>
+			</ul>
+			<ul>
+				<li><a href={ templ.URL(dashUrl + "/guestbook/comments") }>Manage messages</a></li>
+				<li><a href={ templ.URL(dashUrl + "/guestbook/comments/queue") }>Review message queue</a></li>
+				<li><a href={ templ.URL(dashUrl + "/guestbook/comments/trash") }>Trash</a></li>
+				<li><a href={ templ.URL(dashUrl + "/guestbook/settings") }>Settings</a></li>
+			</ul>
+			<ul>
+				<li><a href={ templ.URL(dashUrl + "/guestbook/themes") }>Themes</a></li>
+				<li><a href={ templ.URL(dashUrl + "/guestbook/customize") }>Custom CSS</a></li>
+			</ul>
+		</div>
+		<div>
+			<h3>Feeds</h3>
+			<p>Coming Soon</p>
+		</div>
+		<div>
+			<h3>Account</h3>
+			<ul>
+				<li><a href="/users/settings">Settings</a></li>
+				<li><a href="/users/privacy">Privacy</a></li>
+				<li><a href="/help">Help</a></li>
+			</ul>
+		</div>
+	</nav>
+}
+
+templ displayWebsites(websites []models.Website) {
+	if len(websites) == 0 {
+		<p>No Websites yet. <a href="">Register a website.</a></p>
+	} else {
+		<ul id="websites" hx-get="/websites" hx-trigger="newWebsite from:body" hx-swap="outerHTML">
+			for _, w := range websites {
+				<li>
+					<a href={ templ.URL(wUrl(w) + "/dashboard") }>{ w.Name }</a>
+				</li>
+			}
+		</ul>
+	}
+}
+
+templ websiteCreateForm(csrfToken string, form forms.WebsiteCreateForm) {
+	<input type="hidden" name="csrf_token" value={ csrfToken }/>
+	<div>
+		{{ err, exists := form.FieldErrors["sitename"] }}
+		<label for="sitename">Site Name: </label>
+		if exists {
+			<label class="error">{ err }</label>
+		}
+		<input type="text" name="sitename" id="sitename" value={ form.Name } required/>
+	</div>
+	<div>
+		{{ err, exists = form.FieldErrors["siteurl"] }}
+		<label for="siteurl">Site URL: </label>
+		if exists {
+			<label class="error">{ err }</label>
+		}
+		<input type="text" name="siteurl" id="siteurl" value={ form.SiteUrl } required/>
+	</div>
+	<div>
+		{{ err, exists = form.FieldErrors["authorname"] }}
+		<label for="authorname">Site Author: </label>
+		if exists {
+			<label class="error">{ err }</label>
+		}
+		<input type="text" name="authorname" id="authorname" value={ form.AuthorName } required/>
+	</div>
+	<div>
+		<button type="submit">Submit</button>
+	</div>
+}
+
+templ WebsiteList(title string, data CommonData, websites []models.Website) {
+	@base(title, data) {
+		<h1>My Websites</h1>
+		<div>
+			<a href="/websites/create">Add Website</a>
+		</div>
+		<div>
+			@displayWebsites(websites)
+		</div>
+	}
+}
+
+templ WebsiteDashboard(title string, data CommonData, website models.Website) {
+	@base(title, data) {
+		<div id="dashboard">
+			@wSidebar(website)
+			<div>
+				<h1>{ website.Name }</h1>
+				<h2>Embed your Guestbook</h2>
+				<p>
+					Upload <a href="/static/js/guestbook.js" download>this JavaScript WebComponent</a> to your site and include it in your <code>{ `<head>` }</code> tag.
+				</p>
+				<div>
+					//<button>Copy to Clipboard</button>
+					<pre>
+						<code id="guestbookSnippet">
+							{ 
+`<head>
+    <script type="module" src="js/guestbook.js"></script>
+</head>` }
+						</code>
+					</pre>
+					<p>
+						Then add the custom elements where you want your form and comments to show up
+					</p>
+					{{ gbUrl := fmt.Sprintf("https://%s/websites/%s/guestbook", data.RootUrl, shortIdToSlug(website.ShortId)) }}
+					//<button>Copy to Clipboard</button>
+					<pre>
+						<code>
+							{ fmt.Sprintf(`<guestbook-form guestbook="%s"></guestbook-form>
+<guestbook-comments guestbook="%s"></guestbook-comments>`, gbUrl, gbUrl) }
+						</code>
+					</pre>
+				</div>
+				<p>
+					If your web host does not allow CORS requests, use an iframe instead
+				</p>
+				<div>
+					<pre>
+						<code>
+							{ fmt.Sprintf(`<iframe src="%s" title="Guestbook"></iframe>`, gbUrl) }
+						</code>
+					</pre>
+				</div>
+			</div>
+		</div>
+	}
+}
+
+templ WebsiteDashboardComingSoon(title string, data CommonData, website models.Website) {
+	@base(title, data) {
+		<div id="dashboard">
+			@wSidebar(website)
+			<div>
+				<h1>{ website.Name }</h1>
+				<p>
+					Coming Soon
+				</p>
+			</div>
+		</div>
+	}
+}
+
+templ WebsiteCreate(title string, data CommonData, form forms.WebsiteCreateForm) {
+	@base(title, data) {
+		<form action="/websites/create" method="post">
+			@websiteCreateForm(data.CSRFToken, form)
+		</form>
+	}
+}

ui/views/websites_hx.templ

@@ -0,0 +1,7 @@
+package views
+
+import "git.32bit.cafe/32bitcafe/guestbook/internal/models"
+
+templ HxWebsiteList(websites []models.Website) {
+	@displayWebsites(websites)
+}

ui/views/websites_hx_templ.go

@@ -0,0 +1,42 @@
+// Code generated by templ - DO NOT EDIT.
+
+// templ: version: v0.3.833
+package views
+
+//lint:file-ignore SA4006 This context is only used if a nested component is present.
+
+import "github.com/a-h/templ"
+import templruntime "github.com/a-h/templ/runtime"
+
+import "git.32bit.cafe/32bitcafe/guestbook/internal/models"
+
+func HxWebsiteList(websites []models.Website) templ.Component {
+	return templruntime.GeneratedTemplate(func(templ_7745c5c3_Input templruntime.GeneratedComponentInput) (templ_7745c5c3_Err error) {
+		templ_7745c5c3_W, ctx := templ_7745c5c3_Input.Writer, templ_7745c5c3_Input.Context
+		if templ_7745c5c3_CtxErr := ctx.Err(); templ_7745c5c3_CtxErr != nil {
+			return templ_7745c5c3_CtxErr
+		}
+		templ_7745c5c3_Buffer, templ_7745c5c3_IsBuffer := templruntime.GetBuffer(templ_7745c5c3_W)
+		if !templ_7745c5c3_IsBuffer {
+			defer func() {
+				templ_7745c5c3_BufErr := templruntime.ReleaseBuffer(templ_7745c5c3_Buffer)
+				if templ_7745c5c3_Err == nil {
+					templ_7745c5c3_Err = templ_7745c5c3_BufErr
+				}
+			}()
+		}
+		ctx = templ.InitializeContext(ctx)
+		templ_7745c5c3_Var1 := templ.GetChildren(ctx)
+		if templ_7745c5c3_Var1 == nil {
+			templ_7745c5c3_Var1 = templ.NopComponent
+		}
+		ctx = templ.ClearChildren(ctx)
+		templ_7745c5c3_Err = displayWebsites(websites).Render(ctx, templ_7745c5c3_Buffer)
+		if templ_7745c5c3_Err != nil {
+			return templ_7745c5c3_Err
+		}
+		return nil
+	})
+}
+
+var _ = templruntime.GeneratedTemplate

ui/views/websites_templ.go

@@ -0,0 +1,684 @@
+// Code generated by templ - DO NOT EDIT.
+
+// templ: version: v0.3.833
+package views
+
+//lint:file-ignore SA4006 This context is only used if a nested component is present.
+
+import "github.com/a-h/templ"
+import templruntime "github.com/a-h/templ/runtime"
+
+import "fmt"
+import "git.32bit.cafe/32bitcafe/guestbook/internal/models"
+import "git.32bit.cafe/32bitcafe/guestbook/internal/forms"
+
+func wUrl(w models.Website) string {
+	return fmt.Sprintf("/websites/%s", shortIdToSlug(w.ShortId))
+}
+
+func wSidebar(website models.Website) templ.Component {
+	return templruntime.GeneratedTemplate(func(templ_7745c5c3_Input templruntime.GeneratedComponentInput) (templ_7745c5c3_Err error) {
+		templ_7745c5c3_W, ctx := templ_7745c5c3_Input.Writer, templ_7745c5c3_Input.Context
+		if templ_7745c5c3_CtxErr := ctx.Err(); templ_7745c5c3_CtxErr != nil {
+			return templ_7745c5c3_CtxErr
+		}
+		templ_7745c5c3_Buffer, templ_7745c5c3_IsBuffer := templruntime.GetBuffer(templ_7745c5c3_W)
+		if !templ_7745c5c3_IsBuffer {
+			defer func() {
+				templ_7745c5c3_BufErr := templruntime.ReleaseBuffer(templ_7745c5c3_Buffer)
+				if templ_7745c5c3_Err == nil {
+					templ_7745c5c3_Err = templ_7745c5c3_BufErr
+				}
+			}()
+		}
+		ctx = templ.InitializeContext(ctx)
+		templ_7745c5c3_Var1 := templ.GetChildren(ctx)
+		if templ_7745c5c3_Var1 == nil {
+			templ_7745c5c3_Var1 = templ.NopComponent
+		}
+		ctx = templ.ClearChildren(ctx)
+		dashUrl := wUrl(website) + "/dashboard"
+		gbUrl := wUrl(website) + "/guestbook"
+		templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 1, "<nav><div><h2>")
+		if templ_7745c5c3_Err != nil {
+			return templ_7745c5c3_Err
+		}
+		var templ_7745c5c3_Var2 string
+		templ_7745c5c3_Var2, templ_7745c5c3_Err = templ.JoinStringErrs(website.Name)
+		if templ_7745c5c3_Err != nil {
+			return templ.Error{Err: templ_7745c5c3_Err, FileName: `ui/views/websites.templ`, Line: 16, Col: 21}
+		}
+		_, templ_7745c5c3_Err = templ_7745c5c3_Buffer.WriteString(templ.EscapeString(templ_7745c5c3_Var2))
+		if templ_7745c5c3_Err != nil {
+			return templ_7745c5c3_Err
+		}
+		templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 2, "</h2><ul><li><a href=\"")
+		if templ_7745c5c3_Err != nil {
+			return templ_7745c5c3_Err
+		}
+		var templ_7745c5c3_Var3 templ.SafeURL = templ.URL(dashUrl)
+		_, templ_7745c5c3_Err = templ_7745c5c3_Buffer.WriteString(templ.EscapeString(string(templ_7745c5c3_Var3)))
+		if templ_7745c5c3_Err != nil {
+			return templ_7745c5c3_Err
+		}
+		templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 3, "\">Dashboard</a></li><li><a href=\"")
+		if templ_7745c5c3_Err != nil {
+			return templ_7745c5c3_Err
+		}
+		var templ_7745c5c3_Var4 templ.SafeURL = templ.URL(externalUrl(website.Url.String()))
+		_, templ_7745c5c3_Err = templ_7745c5c3_Buffer.WriteString(templ.EscapeString(string(templ_7745c5c3_Var4)))
+		if templ_7745c5c3_Err != nil {
+			return templ_7745c5c3_Err
+		}
+		templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 4, "\" target=\"_blank\">View Website</a></li></ul><h3>Guestbook</h3><ul><li><a href=\"")
+		if templ_7745c5c3_Err != nil {
+			return templ_7745c5c3_Err
+		}
+		var templ_7745c5c3_Var5 templ.SafeURL = templ.URL(gbUrl)
+		_, templ_7745c5c3_Err = templ_7745c5c3_Buffer.WriteString(templ.EscapeString(string(templ_7745c5c3_Var5)))
+		if templ_7745c5c3_Err != nil {
+			return templ_7745c5c3_Err
+		}
+		templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 5, "\" target=\"_blank\">View Guestbook</a></li></ul><ul><li><a href=\"")
+		if templ_7745c5c3_Err != nil {
+			return templ_7745c5c3_Err
+		}
+		var templ_7745c5c3_Var6 templ.SafeURL = templ.URL(dashUrl + "/guestbook/comments")
+		_, templ_7745c5c3_Err = templ_7745c5c3_Buffer.WriteString(templ.EscapeString(string(templ_7745c5c3_Var6)))
+		if templ_7745c5c3_Err != nil {
+			return templ_7745c5c3_Err
+		}
+		templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 6, "\">Manage messages</a></li><li><a href=\"")
+		if templ_7745c5c3_Err != nil {
+			return templ_7745c5c3_Err
+		}
+		var templ_7745c5c3_Var7 templ.SafeURL = templ.URL(dashUrl + "/guestbook/comments/queue")
+		_, templ_7745c5c3_Err = templ_7745c5c3_Buffer.WriteString(templ.EscapeString(string(templ_7745c5c3_Var7)))
+		if templ_7745c5c3_Err != nil {
+			return templ_7745c5c3_Err
+		}
+		templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 7, "\">Review message queue</a></li><li><a href=\"")
+		if templ_7745c5c3_Err != nil {
+			return templ_7745c5c3_Err
+		}
+		var templ_7745c5c3_Var8 templ.SafeURL = templ.URL(dashUrl + "/guestbook/comments/trash")
+		_, templ_7745c5c3_Err = templ_7745c5c3_Buffer.WriteString(templ.EscapeString(string(templ_7745c5c3_Var8)))
+		if templ_7745c5c3_Err != nil {
+			return templ_7745c5c3_Err
+		}
+		templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 8, "\">Trash</a></li><li><a href=\"")
+		if templ_7745c5c3_Err != nil {
+			return templ_7745c5c3_Err
+		}
+		var templ_7745c5c3_Var9 templ.SafeURL = templ.URL(dashUrl + "/guestbook/settings")
+		_, templ_7745c5c3_Err = templ_7745c5c3_Buffer.WriteString(templ.EscapeString(string(templ_7745c5c3_Var9)))
+		if templ_7745c5c3_Err != nil {
+			return templ_7745c5c3_Err
+		}
+		templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 9, "\">Settings</a></li></ul><ul><li><a href=\"")
+		if templ_7745c5c3_Err != nil {
+			return templ_7745c5c3_Err
+		}
+		var templ_7745c5c3_Var10 templ.SafeURL = templ.URL(dashUrl + "/guestbook/themes")
+		_, templ_7745c5c3_Err = templ_7745c5c3_Buffer.WriteString(templ.EscapeString(string(templ_7745c5c3_Var10)))
+		if templ_7745c5c3_Err != nil {
+			return templ_7745c5c3_Err
+		}
+		templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 10, "\">Themes</a></li><li><a href=\"")
+		if templ_7745c5c3_Err != nil {
+			return templ_7745c5c3_Err
+		}
+		var templ_7745c5c3_Var11 templ.SafeURL = templ.URL(dashUrl + "/guestbook/customize")
+		_, templ_7745c5c3_Err = templ_7745c5c3_Buffer.WriteString(templ.EscapeString(string(templ_7745c5c3_Var11)))
+		if templ_7745c5c3_Err != nil {
+			return templ_7745c5c3_Err
+		}
+		templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 11, "\">Custom CSS</a></li></ul></div><div><h3>Feeds</h3><p>Coming Soon</p></div><div><h3>Account</h3><ul><li><a href=\"/users/settings\">Settings</a></li><li><a href=\"/users/privacy\">Privacy</a></li><li><a href=\"/help\">Help</a></li></ul></div></nav>")
+		if templ_7745c5c3_Err != nil {
+			return templ_7745c5c3_Err
+		}
+		return nil
+	})
+}
+
+func displayWebsites(websites []models.Website) templ.Component {
+	return templruntime.GeneratedTemplate(func(templ_7745c5c3_Input templruntime.GeneratedComponentInput) (templ_7745c5c3_Err error) {
+		templ_7745c5c3_W, ctx := templ_7745c5c3_Input.Writer, templ_7745c5c3_Input.Context
+		if templ_7745c5c3_CtxErr := ctx.Err(); templ_7745c5c3_CtxErr != nil {
+			return templ_7745c5c3_CtxErr
+		}
+		templ_7745c5c3_Buffer, templ_7745c5c3_IsBuffer := templruntime.GetBuffer(templ_7745c5c3_W)
+		if !templ_7745c5c3_IsBuffer {
+			defer func() {
+				templ_7745c5c3_BufErr := templruntime.ReleaseBuffer(templ_7745c5c3_Buffer)
+				if templ_7745c5c3_Err == nil {
+					templ_7745c5c3_Err = templ_7745c5c3_BufErr
+				}
+			}()
+		}
+		ctx = templ.InitializeContext(ctx)
+		templ_7745c5c3_Var12 := templ.GetChildren(ctx)
+		if templ_7745c5c3_Var12 == nil {
+			templ_7745c5c3_Var12 = templ.NopComponent
+		}
+		ctx = templ.ClearChildren(ctx)
+		if len(websites) == 0 {
+			templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 12, "<p>No Websites yet. <a href=\"\">Register a website.</a></p>")
+			if templ_7745c5c3_Err != nil {
+				return templ_7745c5c3_Err
+			}
+		} else {
+			templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 13, "<ul id=\"websites\" hx-get=\"/websites\" hx-trigger=\"newWebsite from:body\" hx-swap=\"outerHTML\">")
+			if templ_7745c5c3_Err != nil {
+				return templ_7745c5c3_Err
+			}
+			for _, w := range websites {
+				templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 14, "<li><a href=\"")
+				if templ_7745c5c3_Err != nil {
+					return templ_7745c5c3_Err
+				}
+				var templ_7745c5c3_Var13 templ.SafeURL = templ.URL(wUrl(w) + "/dashboard")
+				_, templ_7745c5c3_Err = templ_7745c5c3_Buffer.WriteString(templ.EscapeString(string(templ_7745c5c3_Var13)))
+				if templ_7745c5c3_Err != nil {
+					return templ_7745c5c3_Err
+				}
+				templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 15, "\">")
+				if templ_7745c5c3_Err != nil {
+					return templ_7745c5c3_Err
+				}
+				var templ_7745c5c3_Var14 string
+				templ_7745c5c3_Var14, templ_7745c5c3_Err = templ.JoinStringErrs(w.Name)
+				if templ_7745c5c3_Err != nil {
+					return templ.Error{Err: templ_7745c5c3_Err, FileName: `ui/views/websites.templ`, Line: 58, Col: 59}
+				}
+				_, templ_7745c5c3_Err = templ_7745c5c3_Buffer.WriteString(templ.EscapeString(templ_7745c5c3_Var14))
+				if templ_7745c5c3_Err != nil {
+					return templ_7745c5c3_Err
+				}
+				templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 16, "</a></li>")
+				if templ_7745c5c3_Err != nil {
+					return templ_7745c5c3_Err
+				}
+			}
+			templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 17, "</ul>")
+			if templ_7745c5c3_Err != nil {
+				return templ_7745c5c3_Err
+			}
+		}
+		return nil
+	})
+}
+
+func websiteCreateForm(csrfToken string, form forms.WebsiteCreateForm) templ.Component {
+	return templruntime.GeneratedTemplate(func(templ_7745c5c3_Input templruntime.GeneratedComponentInput) (templ_7745c5c3_Err error) {
+		templ_7745c5c3_W, ctx := templ_7745c5c3_Input.Writer, templ_7745c5c3_Input.Context
+		if templ_7745c5c3_CtxErr := ctx.Err(); templ_7745c5c3_CtxErr != nil {
+			return templ_7745c5c3_CtxErr
+		}
+		templ_7745c5c3_Buffer, templ_7745c5c3_IsBuffer := templruntime.GetBuffer(templ_7745c5c3_W)
+		if !templ_7745c5c3_IsBuffer {
+			defer func() {
+				templ_7745c5c3_BufErr := templruntime.ReleaseBuffer(templ_7745c5c3_Buffer)
+				if templ_7745c5c3_Err == nil {
+					templ_7745c5c3_Err = templ_7745c5c3_BufErr
+				}
+			}()
+		}
+		ctx = templ.InitializeContext(ctx)
+		templ_7745c5c3_Var15 := templ.GetChildren(ctx)
+		if templ_7745c5c3_Var15 == nil {
+			templ_7745c5c3_Var15 = templ.NopComponent
+		}
+		ctx = templ.ClearChildren(ctx)
+		templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 18, "<input type=\"hidden\" name=\"csrf_token\" value=\"")
+		if templ_7745c5c3_Err != nil {
+			return templ_7745c5c3_Err
+		}
+		var templ_7745c5c3_Var16 string
+		templ_7745c5c3_Var16, templ_7745c5c3_Err = templ.JoinStringErrs(csrfToken)
+		if templ_7745c5c3_Err != nil {
+			return templ.Error{Err: templ_7745c5c3_Err, FileName: `ui/views/websites.templ`, Line: 66, Col: 57}
+		}
+		_, templ_7745c5c3_Err = templ_7745c5c3_Buffer.WriteString(templ.EscapeString(templ_7745c5c3_Var16))
+		if templ_7745c5c3_Err != nil {
+			return templ_7745c5c3_Err
+		}
+		templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 19, "\"><div>")
+		if templ_7745c5c3_Err != nil {
+			return templ_7745c5c3_Err
+		}
+		err, exists := form.FieldErrors["sitename"]
+		templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 20, "<label for=\"sitename\">Site Name: </label> ")
+		if templ_7745c5c3_Err != nil {
+			return templ_7745c5c3_Err
+		}
+		if exists {
+			templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 21, "<label class=\"error\">")
+			if templ_7745c5c3_Err != nil {
+				return templ_7745c5c3_Err
+			}
+			var templ_7745c5c3_Var17 string
+			templ_7745c5c3_Var17, templ_7745c5c3_Err = templ.JoinStringErrs(err)
+			if templ_7745c5c3_Err != nil {
+				return templ.Error{Err: templ_7745c5c3_Err, FileName: `ui/views/websites.templ`, Line: 71, Col: 29}
+			}
+			_, templ_7745c5c3_Err = templ_7745c5c3_Buffer.WriteString(templ.EscapeString(templ_7745c5c3_Var17))
+			if templ_7745c5c3_Err != nil {
+				return templ_7745c5c3_Err
+			}
+			templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 22, "</label> ")
+			if templ_7745c5c3_Err != nil {
+				return templ_7745c5c3_Err
+			}
+		}
+		templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 23, "<input type=\"text\" name=\"sitename\" id=\"sitename\" value=\"")
+		if templ_7745c5c3_Err != nil {
+			return templ_7745c5c3_Err
+		}
+		var templ_7745c5c3_Var18 string
+		templ_7745c5c3_Var18, templ_7745c5c3_Err = templ.JoinStringErrs(form.Name)
+		if templ_7745c5c3_Err != nil {
+			return templ.Error{Err: templ_7745c5c3_Err, FileName: `ui/views/websites.templ`, Line: 73, Col: 68}
+		}
+		_, templ_7745c5c3_Err = templ_7745c5c3_Buffer.WriteString(templ.EscapeString(templ_7745c5c3_Var18))
+		if templ_7745c5c3_Err != nil {
+			return templ_7745c5c3_Err
+		}
+		templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 24, "\" required></div><div>")
+		if templ_7745c5c3_Err != nil {
+			return templ_7745c5c3_Err
+		}
+		err, exists = form.FieldErrors["siteurl"]
+		templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 25, "<label for=\"siteurl\">Site URL: </label> ")
+		if templ_7745c5c3_Err != nil {
+			return templ_7745c5c3_Err
+		}
+		if exists {
+			templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 26, "<label class=\"error\">")
+			if templ_7745c5c3_Err != nil {
+				return templ_7745c5c3_Err
+			}
+			var templ_7745c5c3_Var19 string
+			templ_7745c5c3_Var19, templ_7745c5c3_Err = templ.JoinStringErrs(err)
+			if templ_7745c5c3_Err != nil {
+				return templ.Error{Err: templ_7745c5c3_Err, FileName: `ui/views/websites.templ`, Line: 79, Col: 29}
+			}
+			_, templ_7745c5c3_Err = templ_7745c5c3_Buffer.WriteString(templ.EscapeString(templ_7745c5c3_Var19))
+			if templ_7745c5c3_Err != nil {
+				return templ_7745c5c3_Err
+			}
+			templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 27, "</label> ")
+			if templ_7745c5c3_Err != nil {
+				return templ_7745c5c3_Err
+			}
+		}
+		templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 28, "<input type=\"text\" name=\"siteurl\" id=\"siteurl\" value=\"")
+		if templ_7745c5c3_Err != nil {
+			return templ_7745c5c3_Err
+		}
+		var templ_7745c5c3_Var20 string
+		templ_7745c5c3_Var20, templ_7745c5c3_Err = templ.JoinStringErrs(form.SiteUrl)
+		if templ_7745c5c3_Err != nil {
+			return templ.Error{Err: templ_7745c5c3_Err, FileName: `ui/views/websites.templ`, Line: 81, Col: 69}
+		}
+		_, templ_7745c5c3_Err = templ_7745c5c3_Buffer.WriteString(templ.EscapeString(templ_7745c5c3_Var20))
+		if templ_7745c5c3_Err != nil {
+			return templ_7745c5c3_Err
+		}
+		templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 29, "\" required></div><div>")
+		if templ_7745c5c3_Err != nil {
+			return templ_7745c5c3_Err
+		}
+		err, exists = form.FieldErrors["authorname"]
+		templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 30, "<label for=\"authorname\">Site Author: </label> ")
+		if templ_7745c5c3_Err != nil {
+			return templ_7745c5c3_Err
+		}
+		if exists {
+			templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 31, "<label class=\"error\">")
+			if templ_7745c5c3_Err != nil {
+				return templ_7745c5c3_Err
+			}
+			var templ_7745c5c3_Var21 string
+			templ_7745c5c3_Var21, templ_7745c5c3_Err = templ.JoinStringErrs(err)
+			if templ_7745c5c3_Err != nil {
+				return templ.Error{Err: templ_7745c5c3_Err, FileName: `ui/views/websites.templ`, Line: 87, Col: 29}
+			}
+			_, templ_7745c5c3_Err = templ_7745c5c3_Buffer.WriteString(templ.EscapeString(templ_7745c5c3_Var21))
+			if templ_7745c5c3_Err != nil {
+				return templ_7745c5c3_Err
+			}
+			templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 32, "</label> ")
+			if templ_7745c5c3_Err != nil {
+				return templ_7745c5c3_Err
+			}
+		}
+		templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 33, "<input type=\"text\" name=\"authorname\" id=\"authorname\" value=\"")
+		if templ_7745c5c3_Err != nil {
+			return templ_7745c5c3_Err
+		}
+		var templ_7745c5c3_Var22 string
+		templ_7745c5c3_Var22, templ_7745c5c3_Err = templ.JoinStringErrs(form.AuthorName)
+		if templ_7745c5c3_Err != nil {
+			return templ.Error{Err: templ_7745c5c3_Err, FileName: `ui/views/websites.templ`, Line: 89, Col: 78}
+		}
+		_, templ_7745c5c3_Err = templ_7745c5c3_Buffer.WriteString(templ.EscapeString(templ_7745c5c3_Var22))
+		if templ_7745c5c3_Err != nil {
+			return templ_7745c5c3_Err
+		}
+		templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 34, "\" required></div><div><button type=\"submit\">Submit</button></div>")
+		if templ_7745c5c3_Err != nil {
+			return templ_7745c5c3_Err
+		}
+		return nil
+	})
+}
+
+func WebsiteList(title string, data CommonData, websites []models.Website) templ.Component {
+	return templruntime.GeneratedTemplate(func(templ_7745c5c3_Input templruntime.GeneratedComponentInput) (templ_7745c5c3_Err error) {
+		templ_7745c5c3_W, ctx := templ_7745c5c3_Input.Writer, templ_7745c5c3_Input.Context
+		if templ_7745c5c3_CtxErr := ctx.Err(); templ_7745c5c3_CtxErr != nil {
+			return templ_7745c5c3_CtxErr
+		}
+		templ_7745c5c3_Buffer, templ_7745c5c3_IsBuffer := templruntime.GetBuffer(templ_7745c5c3_W)
+		if !templ_7745c5c3_IsBuffer {
+			defer func() {
+				templ_7745c5c3_BufErr := templruntime.ReleaseBuffer(templ_7745c5c3_Buffer)
+				if templ_7745c5c3_Err == nil {
+					templ_7745c5c3_Err = templ_7745c5c3_BufErr
+				}
+			}()
+		}
+		ctx = templ.InitializeContext(ctx)
+		templ_7745c5c3_Var23 := templ.GetChildren(ctx)
+		if templ_7745c5c3_Var23 == nil {
+			templ_7745c5c3_Var23 = templ.NopComponent
+		}
+		ctx = templ.ClearChildren(ctx)
+		templ_7745c5c3_Var24 := templruntime.GeneratedTemplate(func(templ_7745c5c3_Input templruntime.GeneratedComponentInput) (templ_7745c5c3_Err error) {
+			templ_7745c5c3_W, ctx := templ_7745c5c3_Input.Writer, templ_7745c5c3_Input.Context
+			templ_7745c5c3_Buffer, templ_7745c5c3_IsBuffer := templruntime.GetBuffer(templ_7745c5c3_W)
+			if !templ_7745c5c3_IsBuffer {
+				defer func() {
+					templ_7745c5c3_BufErr := templruntime.ReleaseBuffer(templ_7745c5c3_Buffer)
+					if templ_7745c5c3_Err == nil {
+						templ_7745c5c3_Err = templ_7745c5c3_BufErr
+					}
+				}()
+			}
+			ctx = templ.InitializeContext(ctx)
+			templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 35, "<h1>My Websites</h1><div><a href=\"/websites/create\">Add Website</a></div><div>")
+			if templ_7745c5c3_Err != nil {
+				return templ_7745c5c3_Err
+			}
+			templ_7745c5c3_Err = displayWebsites(websites).Render(ctx, templ_7745c5c3_Buffer)
+			if templ_7745c5c3_Err != nil {
+				return templ_7745c5c3_Err
+			}
+			templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 36, "</div>")
+			if templ_7745c5c3_Err != nil {
+				return templ_7745c5c3_Err
+			}
+			return nil
+		})
+		templ_7745c5c3_Err = base(title, data).Render(templ.WithChildren(ctx, templ_7745c5c3_Var24), templ_7745c5c3_Buffer)
+		if templ_7745c5c3_Err != nil {
+			return templ_7745c5c3_Err
+		}
+		return nil
+	})
+}
+
+func WebsiteDashboard(title string, data CommonData, website models.Website) templ.Component {
+	return templruntime.GeneratedTemplate(func(templ_7745c5c3_Input templruntime.GeneratedComponentInput) (templ_7745c5c3_Err error) {
+		templ_7745c5c3_W, ctx := templ_7745c5c3_Input.Writer, templ_7745c5c3_Input.Context
+		if templ_7745c5c3_CtxErr := ctx.Err(); templ_7745c5c3_CtxErr != nil {
+			return templ_7745c5c3_CtxErr
+		}
+		templ_7745c5c3_Buffer, templ_7745c5c3_IsBuffer := templruntime.GetBuffer(templ_7745c5c3_W)
+		if !templ_7745c5c3_IsBuffer {
+			defer func() {
+				templ_7745c5c3_BufErr := templruntime.ReleaseBuffer(templ_7745c5c3_Buffer)
+				if templ_7745c5c3_Err == nil {
+					templ_7745c5c3_Err = templ_7745c5c3_BufErr
+				}
+			}()
+		}
+		ctx = templ.InitializeContext(ctx)
+		templ_7745c5c3_Var25 := templ.GetChildren(ctx)
+		if templ_7745c5c3_Var25 == nil {
+			templ_7745c5c3_Var25 = templ.NopComponent
+		}
+		ctx = templ.ClearChildren(ctx)
+		templ_7745c5c3_Var26 := templruntime.GeneratedTemplate(func(templ_7745c5c3_Input templruntime.GeneratedComponentInput) (templ_7745c5c3_Err error) {
+			templ_7745c5c3_W, ctx := templ_7745c5c3_Input.Writer, templ_7745c5c3_Input.Context
+			templ_7745c5c3_Buffer, templ_7745c5c3_IsBuffer := templruntime.GetBuffer(templ_7745c5c3_W)
+			if !templ_7745c5c3_IsBuffer {
+				defer func() {
+					templ_7745c5c3_BufErr := templruntime.ReleaseBuffer(templ_7745c5c3_Buffer)
+					if templ_7745c5c3_Err == nil {
+						templ_7745c5c3_Err = templ_7745c5c3_BufErr
+					}
+				}()
+			}
+			ctx = templ.InitializeContext(ctx)
+			templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 37, "<div id=\"dashboard\">")
+			if templ_7745c5c3_Err != nil {
+				return templ_7745c5c3_Err
+			}
+			templ_7745c5c3_Err = wSidebar(website).Render(ctx, templ_7745c5c3_Buffer)
+			if templ_7745c5c3_Err != nil {
+				return templ_7745c5c3_Err
+			}
+			templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 38, "<div><h1>")
+			if templ_7745c5c3_Err != nil {
+				return templ_7745c5c3_Err
+			}
+			var templ_7745c5c3_Var27 string
+			templ_7745c5c3_Var27, templ_7745c5c3_Err = templ.JoinStringErrs(website.Name)
+			if templ_7745c5c3_Err != nil {
+				return templ.Error{Err: templ_7745c5c3_Err, FileName: `ui/views/websites.templ`, Line: 113, Col: 22}
+			}
+			_, templ_7745c5c3_Err = templ_7745c5c3_Buffer.WriteString(templ.EscapeString(templ_7745c5c3_Var27))
+			if templ_7745c5c3_Err != nil {
+				return templ_7745c5c3_Err
+			}
+			templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 39, "</h1><h2>Embed your Guestbook</h2><p>Upload <a href=\"/static/js/guestbook.js\" download>this JavaScript WebComponent</a> to your site and include it in your <code>")
+			if templ_7745c5c3_Err != nil {
+				return templ_7745c5c3_Err
+			}
+			var templ_7745c5c3_Var28 string
+			templ_7745c5c3_Var28, templ_7745c5c3_Err = templ.JoinStringErrs(`<head>`)
+			if templ_7745c5c3_Err != nil {
+				return templ.Error{Err: templ_7745c5c3_Err, FileName: `ui/views/websites.templ`, Line: 116, Col: 140}
+			}
+			_, templ_7745c5c3_Err = templ_7745c5c3_Buffer.WriteString(templ.EscapeString(templ_7745c5c3_Var28))
+			if templ_7745c5c3_Err != nil {
+				return templ_7745c5c3_Err
+			}
+			templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 40, "</code> tag.</p><div><pre><code id=\"guestbookSnippet\">")
+			if templ_7745c5c3_Err != nil {
+				return templ_7745c5c3_Err
+			}
+			var templ_7745c5c3_Var29 string
+			templ_7745c5c3_Var29, templ_7745c5c3_Err = templ.JoinStringErrs(
+				`<head>
+    <script type="module" src="js/guestbook.js"></script>
+</head>`)
+			if templ_7745c5c3_Err != nil {
+				return templ.Error{Err: templ_7745c5c3_Err, FileName: `ui/views/websites.templ`, Line: 125, Col: 8}
+			}
+			_, templ_7745c5c3_Err = templ_7745c5c3_Buffer.WriteString(templ.EscapeString(templ_7745c5c3_Var29))
+			if templ_7745c5c3_Err != nil {
+				return templ_7745c5c3_Err
+			}
+			templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 41, "</code></pre><p>Then add the custom elements where you want your form and comments to show up</p>")
+			if templ_7745c5c3_Err != nil {
+				return templ_7745c5c3_Err
+			}
+			gbUrl := fmt.Sprintf("https://%s/websites/%s/guestbook", data.RootUrl, shortIdToSlug(website.ShortId))
+			templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 42, "<pre><code>")
+			if templ_7745c5c3_Err != nil {
+				return templ_7745c5c3_Err
+			}
+			var templ_7745c5c3_Var30 string
+			templ_7745c5c3_Var30, templ_7745c5c3_Err = templ.JoinStringErrs(fmt.Sprintf(`<guestbook-form guestbook="%s"></guestbook-form>
+<guestbook-comments guestbook="%s"></guestbook-comments>`, gbUrl, gbUrl))
+			if templ_7745c5c3_Err != nil {
+				return templ.Error{Err: templ_7745c5c3_Err, FileName: `ui/views/websites.templ`, Line: 136, Col: 72}
+			}
+			_, templ_7745c5c3_Err = templ_7745c5c3_Buffer.WriteString(templ.EscapeString(templ_7745c5c3_Var30))
+			if templ_7745c5c3_Err != nil {
+				return templ_7745c5c3_Err
+			}
+			templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 43, "</code></pre></div><p>If your web host does not allow CORS requests, use an iframe instead</p><div><pre><code>")
+			if templ_7745c5c3_Err != nil {
+				return templ_7745c5c3_Err
+			}
+			var templ_7745c5c3_Var31 string
+			templ_7745c5c3_Var31, templ_7745c5c3_Err = templ.JoinStringErrs(fmt.Sprintf(`<iframe src="%s" title="Guestbook"></iframe>`, gbUrl))
+			if templ_7745c5c3_Err != nil {
+				return templ.Error{Err: templ_7745c5c3_Err, FileName: `ui/views/websites.templ`, Line: 146, Col: 75}
+			}
+			_, templ_7745c5c3_Err = templ_7745c5c3_Buffer.WriteString(templ.EscapeString(templ_7745c5c3_Var31))
+			if templ_7745c5c3_Err != nil {
+				return templ_7745c5c3_Err
+			}
+			templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 44, "</code></pre></div></div></div>")
+			if templ_7745c5c3_Err != nil {
+				return templ_7745c5c3_Err
+			}
+			return nil
+		})
+		templ_7745c5c3_Err = base(title, data).Render(templ.WithChildren(ctx, templ_7745c5c3_Var26), templ_7745c5c3_Buffer)
+		if templ_7745c5c3_Err != nil {
+			return templ_7745c5c3_Err
+		}
+		return nil
+	})
+}
+
+func WebsiteDashboardComingSoon(title string, data CommonData, website models.Website) templ.Component {
+	return templruntime.GeneratedTemplate(func(templ_7745c5c3_Input templruntime.GeneratedComponentInput) (templ_7745c5c3_Err error) {
+		templ_7745c5c3_W, ctx := templ_7745c5c3_Input.Writer, templ_7745c5c3_Input.Context
+		if templ_7745c5c3_CtxErr := ctx.Err(); templ_7745c5c3_CtxErr != nil {
+			return templ_7745c5c3_CtxErr
+		}
+		templ_7745c5c3_Buffer, templ_7745c5c3_IsBuffer := templruntime.GetBuffer(templ_7745c5c3_W)
+		if !templ_7745c5c3_IsBuffer {
+			defer func() {
+				templ_7745c5c3_BufErr := templruntime.ReleaseBuffer(templ_7745c5c3_Buffer)
+				if templ_7745c5c3_Err == nil {
+					templ_7745c5c3_Err = templ_7745c5c3_BufErr
+				}
+			}()
+		}
+		ctx = templ.InitializeContext(ctx)
+		templ_7745c5c3_Var32 := templ.GetChildren(ctx)
+		if templ_7745c5c3_Var32 == nil {
+			templ_7745c5c3_Var32 = templ.NopComponent
+		}
+		ctx = templ.ClearChildren(ctx)
+		templ_7745c5c3_Var33 := templruntime.GeneratedTemplate(func(templ_7745c5c3_Input templruntime.GeneratedComponentInput) (templ_7745c5c3_Err error) {
+			templ_7745c5c3_W, ctx := templ_7745c5c3_Input.Writer, templ_7745c5c3_Input.Context
+			templ_7745c5c3_Buffer, templ_7745c5c3_IsBuffer := templruntime.GetBuffer(templ_7745c5c3_W)
+			if !templ_7745c5c3_IsBuffer {
+				defer func() {
+					templ_7745c5c3_BufErr := templruntime.ReleaseBuffer(templ_7745c5c3_Buffer)
+					if templ_7745c5c3_Err == nil {
+						templ_7745c5c3_Err = templ_7745c5c3_BufErr
+					}
+				}()
+			}
+			ctx = templ.InitializeContext(ctx)
+			templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 45, "<div id=\"dashboard\">")
+			if templ_7745c5c3_Err != nil {
+				return templ_7745c5c3_Err
+			}
+			templ_7745c5c3_Err = wSidebar(website).Render(ctx, templ_7745c5c3_Buffer)
+			if templ_7745c5c3_Err != nil {
+				return templ_7745c5c3_Err
+			}
+			templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 46, "<div><h1>")
+			if templ_7745c5c3_Err != nil {
+				return templ_7745c5c3_Err
+			}
+			var templ_7745c5c3_Var34 string
+			templ_7745c5c3_Var34, templ_7745c5c3_Err = templ.JoinStringErrs(website.Name)
+			if templ_7745c5c3_Err != nil {
+				return templ.Error{Err: templ_7745c5c3_Err, FileName: `ui/views/websites.templ`, Line: 160, Col: 22}
+			}
+			_, templ_7745c5c3_Err = templ_7745c5c3_Buffer.WriteString(templ.EscapeString(templ_7745c5c3_Var34))
+			if templ_7745c5c3_Err != nil {
+				return templ_7745c5c3_Err
+			}
+			templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 47, "</h1><p>Coming Soon</p></div></div>")
+			if templ_7745c5c3_Err != nil {
+				return templ_7745c5c3_Err
+			}
+			return nil
+		})
+		templ_7745c5c3_Err = base(title, data).Render(templ.WithChildren(ctx, templ_7745c5c3_Var33), templ_7745c5c3_Buffer)
+		if templ_7745c5c3_Err != nil {
+			return templ_7745c5c3_Err
+		}
+		return nil
+	})
+}
+
+func WebsiteCreate(title string, data CommonData, form forms.WebsiteCreateForm) templ.Component {
+	return templruntime.GeneratedTemplate(func(templ_7745c5c3_Input templruntime.GeneratedComponentInput) (templ_7745c5c3_Err error) {
+		templ_7745c5c3_W, ctx := templ_7745c5c3_Input.Writer, templ_7745c5c3_Input.Context
+		if templ_7745c5c3_CtxErr := ctx.Err(); templ_7745c5c3_CtxErr != nil {
+			return templ_7745c5c3_CtxErr
+		}
+		templ_7745c5c3_Buffer, templ_7745c5c3_IsBuffer := templruntime.GetBuffer(templ_7745c5c3_W)
+		if !templ_7745c5c3_IsBuffer {
+			defer func() {
+				templ_7745c5c3_BufErr := templruntime.ReleaseBuffer(templ_7745c5c3_Buffer)
+				if templ_7745c5c3_Err == nil {
+					templ_7745c5c3_Err = templ_7745c5c3_BufErr
+				}
+			}()
+		}
+		ctx = templ.InitializeContext(ctx)
+		templ_7745c5c3_Var35 := templ.GetChildren(ctx)
+		if templ_7745c5c3_Var35 == nil {
+			templ_7745c5c3_Var35 = templ.NopComponent
+		}
+		ctx = templ.ClearChildren(ctx)
+		templ_7745c5c3_Var36 := templruntime.GeneratedTemplate(func(templ_7745c5c3_Input templruntime.GeneratedComponentInput) (templ_7745c5c3_Err error) {
+			templ_7745c5c3_W, ctx := templ_7745c5c3_Input.Writer, templ_7745c5c3_Input.Context
+			templ_7745c5c3_Buffer, templ_7745c5c3_IsBuffer := templruntime.GetBuffer(templ_7745c5c3_W)
+			if !templ_7745c5c3_IsBuffer {
+				defer func() {
+					templ_7745c5c3_BufErr := templruntime.ReleaseBuffer(templ_7745c5c3_Buffer)
+					if templ_7745c5c3_Err == nil {
+						templ_7745c5c3_Err = templ_7745c5c3_BufErr
+					}
+				}()
+			}
+			ctx = templ.InitializeContext(ctx)
+			templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 48, "<form action=\"/websites/create\" method=\"post\">")
+			if templ_7745c5c3_Err != nil {
+				return templ_7745c5c3_Err
+			}
+			templ_7745c5c3_Err = websiteCreateForm(data.CSRFToken, form).Render(ctx, templ_7745c5c3_Buffer)
+			if templ_7745c5c3_Err != nil {
+				return templ_7745c5c3_Err
+			}
+			templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 49, "</form>")
+			if templ_7745c5c3_Err != nil {
+				return templ_7745c5c3_Err
+			}
+			return nil
+		})
+		templ_7745c5c3_Err = base(title, data).Render(templ.WithChildren(ctx, templ_7745c5c3_Var36), templ_7745c5c3_Buffer)
+		if templ_7745c5c3_Err != nil {
+			return templ_7745c5c3_Err
+		}
+		return nil
+	})
+}
+
+var _ = templruntime.GeneratedTemplate