Initial commit

2022-10-15 15:32:57 +02:00 · 2022-10-15 15:32:57 +02:00 · 980a85d41b
commit 980a85d41b
15 changed files with 3969 additions and 0 deletions
--- a/src/cli.rs
+++ b/src/cli.rs
@ -0,0 +1,70 @@
+use clap::Parser;
+use std::{
+	ffi::OsStr,
+	path::{Path, PathBuf},
+};
+
+#[derive(Clone, Debug)]
+pub struct ConfigPath(pub PathBuf);
+
+impl Default for ConfigPath {
+	fn default() -> ConfigPath {
+		ConfigPath(
+			directories::ProjectDirs::from("tk", "txmn", "webcomment").map_or_else(
+				|| Path::new(".config").to_path_buf(),
+				|o| o.config_dir().into(),
+			),
+		)
+	}
+}
+
+impl From<&OsStr> for ConfigPath {
+	fn from(v: &OsStr) -> ConfigPath {
+		ConfigPath(PathBuf::from(v))
+	}
+}
+
+impl ToString for ConfigPath {
+	fn to_string(&self) -> String {
+		String::from(
+			self.0
+				.as_path()
+				.to_str()
+				.expect("Error: Config dir is not UTF-8!"),
+		)
+	}
+}
+
+#[derive(Clone, Debug, Parser)]
+#[clap(name = "webcomment")]
+pub struct MainOpt {
+	#[clap(flatten)]
+	pub opt: MainCommonOpt,
+
+	/// Subcommand
+	#[clap(subcommand)]
+	pub cmd: MainSubcommand,
+}
+
+#[derive(Clone, Debug, Parser)]
+pub enum MainSubcommand {
+	/// Initialize config & db
+	Init,
+
+	/// Start server
+	Start(StartOpt),
+}
+
+#[derive(Clone, Debug, Parser)]
+pub struct MainCommonOpt {
+	/// Directory
+	#[clap(short, long, default_value_t=ConfigPath::default())]
+	pub dir: ConfigPath,
+}
+
+#[derive(Clone, Debug, Parser)]
+pub struct StartOpt {
+	/// Temporary database
+	#[clap(short, long)]
+	pub tmp: bool,
+}
--- a/src/config.rs
+++ b/src/config.rs
@ -0,0 +1,112 @@
+use serde::{Deserialize, Serialize};
+use std::{
+	net::{IpAddr, Ipv4Addr, SocketAddr},
+	path::Path,
+};
+
+const CONFIG_FILE: &str = "config.toml";
+
+#[derive(Deserialize, Serialize)]
+pub struct Config {
+	//#[serde(default = "Config::default_admin_emails")]
+	//pub admin_emails: Vec<String>,
+	#[serde(default = "Config::default_admin_passwords")]
+	pub admin_passwords: Vec<String>,
+	/// New or edited comments need admin's approval before being public
+	#[serde(default = "Config::default_comment_approve")]
+	pub comment_approve: bool,
+	/// Duration for which a comment can be edited
+	#[serde(default = "Config::default_comment_edit_timeout")]
+	pub comment_edit_timeout: u64,
+	#[serde(default = "Config::default_comment_author_max_len")]
+	pub comment_author_max_len: usize,
+	#[serde(default = "Config::default_comment_email_max_len")]
+	pub comment_email_max_len: usize,
+	#[serde(default = "Config::default_comment_text_max_len")]
+	pub comment_text_max_len: usize,
+	#[serde(default = "Config::default_cookies_https_only")]
+	pub cookies_https_only: bool,
+	#[serde(default = "Config::default_cookies_domain")]
+	pub cookies_domain: Option<String>,
+	#[serde(default = "Config::default_lang")]
+	pub lang: String,
+	#[serde(default = "Config::default_listen")]
+	pub listen: SocketAddr,
+	#[serde(default = "Config::default_root_url")]
+	pub root_url: String,
+}
+
+impl Config {
+	/*fn default_admin_emails() -> Vec<String> {
+		vec![]
+	}*/
+	fn default_admin_passwords() -> Vec<String> {
+		vec![]
+	}
+	fn default_comment_approve() -> bool {
+		true
+	}
+	fn default_comment_edit_timeout() -> u64 {
+		7 * 86400
+	}
+	fn default_comment_author_max_len() -> usize {
+		64
+	}
+	fn default_comment_email_max_len() -> usize {
+		128
+	}
+	fn default_comment_text_max_len() -> usize {
+		128 * 1024
+	}
+	fn default_cookies_https_only() -> bool {
+		false
+	}
+	fn default_cookies_domain() -> Option<String> {
+		None
+	}
+	fn default_lang() -> String {
+		"en_GB".into()
+	}
+	fn default_listen() -> SocketAddr {
+		SocketAddr::new(IpAddr::V4(Ipv4Addr::new(127, 0, 0, 1)), 31720)
+	}
+	fn default_root_url() -> String {
+		"/".into()
+	}
+}
+
+impl Default for Config {
+	fn default() -> Self {
+		Self {
+			//admin_emails: Self::default_admin_emails(),
+			admin_passwords: Self::default_admin_passwords(),
+			comment_approve: Self::default_comment_approve(),
+			comment_edit_timeout: Self::default_comment_edit_timeout(),
+			comment_author_max_len: Self::default_comment_author_max_len(),
+			comment_email_max_len: Self::default_comment_email_max_len(),
+			comment_text_max_len: Self::default_comment_text_max_len(),
+			cookies_https_only: Self::default_cookies_https_only(),
+			cookies_domain: Self::default_cookies_domain(),
+			lang: Self::default_lang(),
+			listen: Self::default_listen(),
+			root_url: Self::default_root_url(),
+		}
+	}
+}
+
+pub fn read_config(dir: &Path) -> Config {
+	let path = dir.join(CONFIG_FILE);
+
+	if !path.is_file() {
+		let config = Config::default();
+		std::fs::write(path, toml_edit::easy::to_string_pretty(&config).unwrap())
+			.expect("Cannot write config file");
+		config
+	} else {
+		toml_edit::easy::from_str(
+			std::str::from_utf8(&std::fs::read(path).expect("Cannot read config file"))
+				.expect("Bad encoding in config file"),
+		)
+		.expect("Bad JSON in config file")
+	}
+}
--- a/src/db.rs
+++ b/src/db.rs
@ -0,0 +1,105 @@
+use serde::{Deserialize, Serialize};
+use sha2::{Digest, Sha256};
+use std::path::Path;
+pub use typed_sled::Tree;
+
+const DB_DIR: &str = "db";
+
+pub type Time = u64;
+
+#[derive(Clone)]
+pub struct Dbs {
+	pub comment: Tree<CommentId, Comment>,
+	pub comment_approved: Tree<(TopicHash, Time, CommentId), ()>,
+	pub comment_pending: Tree<(TopicHash, Time, CommentId), ()>,
+}
+
+pub fn load_dbs(path: Option<&Path>) -> Dbs {
+	let db = sled::Config::new();
+	let db = if let Some(path) = path {
+		db.path(path.join(DB_DIR))
+	} else {
+		db.temporary(true)
+	}
+	.open()
+	.expect("Cannot open db");
+
+	Dbs {
+		comment: Tree::open(&db, "comment"),
+		comment_approved: Tree::open(&db, "comment_approved"),
+		comment_pending: Tree::open(&db, "comment_pending"),
+	}
+}
+
+#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
+pub struct Comment {
+	pub topic_hash: TopicHash,
+	pub author: String,
+	pub email: Option<String>,
+	pub last_edit_time: Option<u64>,
+	pub post_time: u64,
+	pub text: String,
+}
+
+#[derive(Clone, Debug, Deserialize, Eq, Hash, PartialEq, Serialize)]
+pub struct TopicHash(pub [u8; 32]);
+
+impl TopicHash {
+	pub fn from_topic(topic: &str) -> Self {
+		let mut hasher = Sha256::new();
+		hasher.update(topic.as_bytes());
+		Self(hasher.finalize().into())
+	}
+}
+
+impl AsRef<[u8]> for TopicHash {
+	fn as_ref(&self) -> &[u8] {
+		&self.0
+	}
+}
+
+#[derive(Clone, Debug, Deserialize, Eq, Hash, PartialEq, Serialize)]
+pub struct CommentId(pub [u8; 16]);
+
+impl CommentId {
+	pub fn new() -> Self {
+		Self(rand::random())
+	}
+
+	pub fn zero() -> Self {
+		Self([0; 16])
+	}
+
+	pub fn max() -> Self {
+		Self([255; 16])
+	}
+
+	pub fn to_base64(&self) -> String {
+		base64::encode_config(self.0, base64::URL_SAFE_NO_PAD)
+	}
+
+	pub fn from_base64(s: &str) -> Result<Self, base64::DecodeError> {
+		let mut buf = [0; 16];
+		base64::decode_config_slice(s, base64::URL_SAFE_NO_PAD, &mut buf).map(|_| Self(buf))
+	}
+}
+
+impl AsRef<[u8]> for CommentId {
+	fn as_ref(&self) -> &[u8] {
+		&self.0
+	}
+}
+
+#[cfg(test)]
+mod test {
+	#[test]
+	fn test_typed_sled() {
+		let db = sled::Config::new().temporary(true).open().unwrap();
+		let tree = typed_sled::Tree::<(u32, u32), ()>::open(&db, "test");
+		tree.insert(&(123, 456), &()).unwrap();
+		tree.flush().unwrap();
+		let mut iter = tree.range((123, 0)..(124, 0));
+		//let mut iter = tree.iter();
+		assert_eq!(iter.next(), Some(Ok(((123, 456), ()))));
+	}
+}
--- a/src/helpers.rs
+++ b/src/helpers.rs
@ -0,0 +1,140 @@
+use crate::db::*;
+
+use log::error;
+
+pub fn new_pending_comment(comment: &Comment, dbs: &Dbs) -> Result<CommentId, sled::Error> {
+	let comment_id = CommentId::new();
+	dbs.comment.insert(&comment_id, comment)?;
+	dbs.comment_pending.insert(
+		&(
+			comment.topic_hash.clone(),
+			comment.post_time,
+			comment_id.clone(),
+		),
+		&(),
+	)?;
+	Ok(comment_id)
+}
+
+pub fn approve_comment(comment_id: CommentId, dbs: &Dbs) -> Result<(), sled::Error> {
+	if let Some(comment) = dbs.comment.get(&comment_id)? {
+		dbs.comment_pending.remove(&(
+			comment.topic_hash.clone(),
+			comment.post_time,
+			comment_id.clone(),
+		))?;
+		dbs.comment_approved
+			.insert(&(comment.topic_hash, comment.post_time, comment_id), &())?;
+	}
+	Ok(())
+}
+
+pub fn remove_pending_comment(
+	comment_id: CommentId,
+	dbs: &Dbs,
+) -> Result<Option<Comment>, sled::Error> {
+	if let Some(comment) = dbs.comment.remove(&comment_id)? {
+		dbs.comment_pending
+			.remove(&(comment.topic_hash.clone(), comment.post_time, comment_id))?;
+		return Ok(Some(comment));
+	}
+	Ok(None)
+}
+
+pub fn iter_comments_by_topic<'a>(
+	topic_hash: TopicHash,
+	tree: &'a Tree<(TopicHash, Time, CommentId), ()>,
+	dbs: &'a Dbs,
+) -> impl Iterator<Item = (CommentId, Comment)> + 'a {
+	tree.range(
+		(topic_hash.clone(), 0, CommentId::zero())..=(topic_hash, Time::MAX, CommentId::max()),
+	)
+	.filter_map(|entry| {
+		let ((_topic_hash, _time, comment_id), ()) = entry
+			.map_err(|e| error!("Reading comment_by_topic_and_time: {:?}", e))
+			.ok()?;
+		let comment = dbs
+			.comment
+			.get(&comment_id)
+			.map_err(|e| error!("Reading comment: {:?}", e))
+			.ok()?
+			.or_else(|| {
+				error!("Comment not found");
+				None
+			})?;
+		Some((comment_id, comment))
+	})
+}
+
+pub fn iter_approved_comments_by_topic(
+	topic_hash: TopicHash,
+	dbs: &Dbs,
+) -> impl Iterator<Item = (CommentId, Comment)> + '_ {
+	iter_comments_by_topic(topic_hash, &dbs.comment_approved, dbs)
+}
+
+pub fn iter_pending_comments_by_topic(
+	topic_hash: TopicHash,
+	dbs: &Dbs,
+) -> impl Iterator<Item = (CommentId, Comment)> + '_ {
+	iter_comments_by_topic(topic_hash, &dbs.comment_pending, dbs)
+}
+
+//pub enum DbHelperError {}
+
+#[cfg(test)]
+mod test {
+	use super::*;
+
+	#[test]
+	fn test_comment() {
+		let comment = Comment {
+			topic_hash: TopicHash::from_topic("test"),
+			author: String::from("Emmanuel Goldstein"),
+			email: None,
+			last_edit_time: None,
+			post_time: 42,
+			text: String::from("Hello world!"),
+		};
+
+		let dbs = load_dbs(None);
+		let comment_id = new_pending_comment(&comment, &dbs).unwrap();
+
+		let mut iter = dbs.comment.iter();
+		assert_eq!(iter.next(), Some(Ok((comment_id.clone(), comment.clone()))));
+		assert_eq!(iter.next(), None);
+
+		let mut iter = dbs.comment_pending.iter();
+		assert_eq!(
+			iter.next(),
+			Some(Ok((
+				(
+					comment.topic_hash.clone(),
+					comment.post_time,
+					comment_id.clone()
+				),
+				()
+			)))
+		);
+		assert_eq!(iter.next(), None);
+
+		approve_comment(comment_id.clone(), &dbs).unwrap();
+
+		let mut iter = dbs.comment_pending.iter();
+		assert_eq!(iter.next(), None);
+
+		let mut iter = dbs.comment_approved.iter();
+		assert_eq!(
+			iter.next(),
+			Some(Ok((
+				(
+					comment.topic_hash.clone(),
+					comment.post_time,
+					comment_id.clone()
+				),
+				()
+			)))
+		);
+		assert_eq!(iter.next(), None);
+	}
+}
--- a/src/main.rs
+++ b/src/main.rs
@ -0,0 +1,38 @@
+mod cli;
+mod config;
+mod db;
+mod helpers;
+mod queries;
+mod server;
+mod templates;
+
+use clap::Parser;
+
+#[async_std::main]
+async fn main() {
+	let opt = cli::MainOpt::parse();
+
+	match opt.cmd {
+		cli::MainSubcommand::Init => {
+			init_all(opt.opt, cli::StartOpt { tmp: false });
+		}
+		cli::MainSubcommand::Start(subopt) => {
+			let (config, dbs, templates) = init_all(opt.opt, subopt);
+			server::start_server(config, dbs, templates).await
+		}
+	}
+}
+
+fn init_all(
+	opt: cli::MainCommonOpt,
+	subopt: cli::StartOpt,
+) -> (config::Config, db::Dbs, templates::Templates) {
+	std::fs::create_dir_all(&opt.dir.0).expect("Cannot create dir");
+	let dbs = db::load_dbs((!subopt.tmp).then_some(&opt.dir.0));
+
+	(
+		config::read_config(&opt.dir.0),
+		dbs,
+		templates::Templates::new(&opt.dir.0),
+	)
+}
--- a/src/queries.rs
+++ b/src/queries.rs
@ -0,0 +1,73 @@
+use serde::{Deserialize, Serialize};
+
+#[derive(Clone, Debug, Deserialize)]
+pub struct AdminLoginQuery {
+	pub psw: String,
+}
+
+#[derive(Clone, Debug, Deserialize)]
+pub struct AdminEditCommentQuery {
+	pub author: String,
+	pub comment_id: String,
+	pub email: String,
+	pub text: String,
+}
+
+#[derive(Clone, Debug, Deserialize)]
+pub struct AdminRmCommentQuery {
+	pub comment_id: String,
+}
+
+#[derive(Clone, Debug, Deserialize, Serialize)]
+pub struct NewCommentQuery {
+	pub author: String,
+	pub email: String,
+	pub text: String,
+}
+
+#[derive(Clone, Debug, Deserialize)]
+pub struct EditCommentQuery {
+	pub author: String,
+	pub comment_id: String,
+	pub email: String,
+	pub text: String,
+	pub token: String,
+}
+
+#[derive(Clone, Debug, Deserialize)]
+pub struct RmCommentQuery {
+	pub comment_id: String,
+	pub token: String,
+}
+
+#[derive(Clone, Debug, Deserialize)]
+#[serde(tag = "a")]
+pub enum CommentQuery {
+	#[serde(rename = "new_comment")]
+	NewComment(NewCommentQuery),
+	#[serde(rename = "edit_comment")]
+	EditComment(EditCommentQuery),
+	#[serde(rename = "rm_comment")]
+	RmComment(RmCommentQuery),
+}
+
+#[derive(Clone, Debug, Deserialize)]
+#[serde(tag = "a")]
+pub enum AdminQuery {
+	#[serde(rename = "login")]
+	Login(AdminLoginQuery),
+	#[serde(rename = "edit_comment")]
+	EditComment(AdminEditCommentQuery),
+	#[serde(rename = "rm_comment")]
+	RmComment(AdminRmCommentQuery),
+}
+
+#[derive(Clone, Debug, Deserialize)]
+pub struct ApproveQuery {
+	pub approve: String,
+}
+
+#[derive(Clone, Debug, Deserialize)]
+pub struct RemoveQuery {
+	pub remove: String,
+}
--- a/src/server.rs
+++ b/src/server.rs
@ -0,0 +1,260 @@
+use crate::{config::*, db::*, helpers, queries::*, templates::*};
+
+use log::error;
+use std::sync::Arc;
+use tera::Context;
+
+pub async fn start_server(config: Config, dbs: Dbs, templates: Templates) {
+	tide::log::start();
+
+	let templates = Arc::new(templates);
+	let config = Arc::new(config);
+
+	let mut app = tide::new();
+	app.at(&format!("{}t/:topic", config.root_url)).get({
+		let config = config.clone();
+		let templates = templates.clone();
+		let dbs = dbs.clone();
+		move |req: tide::Request<()>| {
+			serve_comments(req, config.clone(), templates.clone(), dbs.clone())
+		}
+	});
+	app.at(&format!("{}t/:topic", config.root_url)).post({
+		let config = config.clone();
+		let templates = templates.clone();
+		let dbs = dbs.clone();
+		move |req: tide::Request<()>| {
+			handle_post_comments(req, config.clone(), templates.clone(), dbs.clone())
+		}
+	});
+	app.at(&format!("{}admin", config.root_url)).get({
+		let config = config.clone();
+		let templates = templates.clone();
+		move |req: tide::Request<()>| serve_admin_login(req, config.clone(), templates.clone())
+	});
+	app.at(&format!("{}admin", config.root_url)).post({
+		let config = config.clone();
+		let templates = templates.clone();
+		let dbs = dbs.clone();
+		move |req: tide::Request<()>| {
+			handle_post_admin(req, config.clone(), templates.clone(), dbs.clone())
+		}
+	});
+	app.listen(config.listen).await.unwrap();
+}
+
+async fn serve_comments<'a>(
+	req: tide::Request<()>,
+	config: Arc<Config>,
+	templates: Arc<Templates>,
+	dbs: Dbs,
+) -> tide::Result<tide::Response> {
+	let Ok(topic) = req.param("topic") else {
+		return Err(tide::Error::from_str(404, "No topic"))
+	};
+
+	let admin = req.cookie("admin").map_or(false, |psw| {
+		config.admin_passwords.contains(&String::from(psw.value()))
+	});
+
+	let topic_hash = TopicHash::from_topic(topic);
+
+	let mut context = Context::new();
+	context.insert("config", &config);
+	context.insert("admin", &admin);
+
+	if admin {
+		if let Ok(query) = req.query::<ApproveQuery>() {
+			if let Ok(comment_id) = CommentId::from_base64(&query.approve) {
+				helpers::approve_comment(comment_id, &dbs)
+					.map_err(|e| error!("Approving comment: {:?}", e))
+					.ok();
+			}
+		}
+		if let Ok(query) = req.query::<RemoveQuery>() {
+			if let Ok(comment_id) = CommentId::from_base64(&query.remove) {
+				helpers::remove_pending_comment(comment_id, &dbs)
+					.map_err(|e| error!("Removing comment: {:?}", e))
+					.ok();
+			}
+		}
+
+		context.insert(
+			"comments_pending",
+			&helpers::iter_pending_comments_by_topic(topic_hash.clone(), &dbs)
+				.map(|(comment_id, comment)| CommentWithId {
+					author: comment.author,
+					id: comment_id.to_base64(),
+					needs_approval: true,
+					post_time: comment.post_time,
+					text: comment.text,
+				})
+				.collect::<Vec<CommentWithId>>(),
+		);
+	}
+
+	context.insert(
+		"comments",
+		&helpers::iter_approved_comments_by_topic(topic_hash, &dbs)
+			.map(|(comment_id, comment)| CommentWithId {
+				author: comment.author,
+				id: comment_id.to_base64(),
+				needs_approval: false,
+				post_time: comment.post_time,
+				text: comment.text,
+			})
+			.collect::<Vec<CommentWithId>>(),
+	);
+
+	Ok(tide::Response::builder(200)
+		.content_type(tide::http::mime::HTML)
+		.body(templates.tera.render("comments.html", &context)?)
+		.build())
+}
+
+async fn serve_admin<'a>(
+	_req: tide::Request<()>,
+	config: Arc<Config>,
+	templates: Arc<Templates>,
+	dbs: Dbs,
+) -> tide::Result<tide::Response> {
+	let mut context = Context::new();
+	context.insert("config", &config);
+	context.insert("admin", &true);
+
+	context.insert(
+		"comments",
+		&dbs.comment_pending
+			.iter()
+			.filter_map(|entry| {
+				let ((_topic_hash, _time, comment_id), ()) = dbg!(entry
+					.map_err(|e| error!("Reading comment_pending: {:?}", e))
+					.ok()?);
+				let comment = dbs
+					.comment
+					.get(&comment_id)
+					.map_err(|e| error!("Reading comment: {:?}", e))
+					.ok()?
+					.or_else(|| {
+						error!("Comment not found");
+						None
+					})?;
+				Some(CommentWithId {
+					author: comment.author,
+					id: comment_id.to_base64(),
+					needs_approval: true,
+					post_time: comment.post_time,
+					text: comment.text,
+				})
+			})
+			.collect::<Vec<CommentWithId>>(),
+	);
+
+	Ok(tide::Response::builder(200)
+		.content_type(tide::http::mime::HTML)
+		.body(templates.tera.render("comments.html", &context)?)
+		.build())
+}
+
+async fn serve_admin_login(
+	_req: tide::Request<()>,
+	config: Arc<Config>,
+	templates: Arc<Templates>,
+) -> tide::Result<tide::Response> {
+	let mut context = Context::new();
+	context.insert("config", &config);
+
+	Ok(tide::Response::builder(200)
+		.content_type(tide::http::mime::HTML)
+		.body(templates.tera.render("admin_login.html", &context)?)
+		.build())
+}
+
+async fn handle_post_comments(
+	mut req: tide::Request<()>,
+	config: Arc<Config>,
+	templates: Arc<Templates>,
+	dbs: Dbs,
+) -> tide::Result<tide::Response> {
+	match req.body_form::<CommentQuery>().await? {
+		CommentQuery::NewComment(query) => {
+			let Ok(topic) = req.param("topic") else {
+				return Err(tide::Error::from_str(404, "No topic"))
+			};
+
+			if query.author.len() > config.comment_author_max_len {
+				return Err(tide::Error::from_str(400, "Too long"));
+			}
+			if query.email.len() > config.comment_email_max_len {
+				return Err(tide::Error::from_str(400, "Too long"));
+			}
+			if query.text.len() > config.comment_text_max_len {
+				return Err(tide::Error::from_str(400, "Too long"));
+			}
+
+			let topic_hash = TopicHash::from_topic(topic);
+
+			let time = std::time::SystemTime::now()
+				.duration_since(std::time::UNIX_EPOCH)
+				.unwrap()
+				.as_secs();
+
+			let comment = Comment {
+				topic_hash,
+				author: query.author,
+				email: if query.email.is_empty() {
+					None
+				} else {
+					Some(query.email)
+				},
+				last_edit_time: None,
+				post_time: time,
+				text: query.text,
+			};
+			helpers::new_pending_comment(&comment, &dbs)
+				.map_err(|e| error!("Adding pending comment: {:?}", e))
+				.ok();
+		}
+		_ => todo!(),
+	}
+	serve_comments(req, config, templates, dbs).await
+}
+
+async fn handle_post_admin(
+	mut req: tide::Request<()>,
+	config: Arc<Config>,
+	templates: Arc<Templates>,
+	dbs: Dbs,
+) -> tide::Result<tide::Response> {
+	if let Some(psw) = req.cookie("admin") {
+		if config.admin_passwords.contains(&String::from(psw.value())) {
+			match req.body_form::<AdminQuery>().await? {
+				_ => serve_admin(req, config, templates, dbs).await,
+			}
+		} else {
+			serve_admin_login(req, config, templates).await
+		}
+	} else if let AdminQuery::Login(query) = req.body_form::<AdminQuery>().await? {
+		if config.admin_passwords.contains(&query.psw) {
+			serve_admin(req, config.clone(), templates, dbs)
+				.await
+				.map(|mut r| {
+					let mut cookie = tide::http::Cookie::new("admin", query.psw);
+					cookie.set_http_only(Some(true));
+					cookie.set_path(config.root_url.clone());
+					if let Some(domain) = &config.cookies_domain {
+						cookie.set_domain(domain.clone());
+					}
+					if config.cookies_https_only {
+						cookie.set_secure(Some(true));
+					}
+					r.insert_cookie(cookie);
+					r
+				})
+		} else {
+			serve_admin_login(req, config, templates).await
+		}
+	} else {
+		serve_admin_login(req, config, templates).await
+	}
+}
--- a/src/templates.rs
+++ b/src/templates.rs
@ -0,0 +1,45 @@
+use crate::db::*;
+
+use serde::Serialize;
+use std::path::Path;
+use tera::Tera;
+
+static TEMPLATE_FILES: &[(&str, &str)] = &[
+	("comments.html", include_str!("../templates/comments.html")),
+	(
+		"admin_login.html",
+		include_str!("../templates/admin_login.html"),
+	),
+];
+
+pub struct Templates {
+	pub tera: Tera,
+}
+
+impl Templates {
+	pub fn new(dir: &Path) -> Self {
+		let dir = dir.join("templates");
+		std::fs::create_dir_all(&dir).expect("Cannot create templates dir");
+
+		for &(file, default) in TEMPLATE_FILES {
+			let file_path = dir.join(file);
+			if !file_path.is_file() {
+				std::fs::write(file_path, default)
+					.unwrap_or_else(|_| panic!("Cannot write template file {}", file));
+			}
+		}
+
+		Self {
+			tera: Tera::new(dir.join("**/*").to_str().unwrap()).expect("Failed to parse templates"),
+		}
+	}
+}
+
+#[derive(Clone, Debug, Serialize)]
+pub struct CommentWithId {
+	pub author: String,
+	pub id: String,
+	pub needs_approval: bool,
+	pub post_time: Time,
+	pub text: String,
+}