SUrvey now works

2024-11-17 19:41:30 +01:00
parent 51b0641702
commit e75de81e39
13 changed files with 1210 additions and 201 deletions
--- a/application/controllers/advanced.go
+++ b/application/controllers/advanced.go
@@ -0,0 +1,96 @@
+package controllers
+
+import (
+	"html/template"
+	"log"
+	"net/http"
+	"net/url"
+	"os"
+	"path/filepath"
+	"risklet/db"
+)
+
+func Advanced(w http.ResponseWriter, r *http.Request) {
+	if r.Method == "GET" {
+		handleAdvancedGet(w, r)
+	} else if r.Method == "POST" {
+		handleAdvancedPost(w, r)
+	} else {
+		http.Error(w, "Method not allowed.", http.StatusMethodNotAllowed)
+		return
+	}
+}
+
+func handleAdvancedPost(w http.ResponseWriter, r *http.Request) {
+	if err := r.ParseForm(); err != nil {
+		log.Println("Error processing form: ", err)
+		handleAdvancedGet(w, r)
+	}
+	company := createCompany(r.PostForm)
+	companyId, err := db.InsertCompany(company)
+	if err != nil {
+		log.Println("Error inserting company into database ", err)
+		handleAdvancedGet(w, r)
+	}
+
+	advancedProfile := createAdvancedProfile(companyId, r.PostForm)
+
+	_, err = db.InsertAdvancedProfile(advancedProfile)
+	if err != nil {
+		log.Println("Error inserting into database ", err)
+		handleAdvancedGet(w, r)
+	}
+}
+
+func handleAdvancedGet(w http.ResponseWriter, r *http.Request) {
+	companyId := r.PathValue("companyId")
+
+	lp := filepath.Join("application", "layouts", "main.html")
+	fp := filepath.Join("application", "views", "advanced.html")
+
+	log.Println("Hitting Advanced")
+
+	// Return a 404 if the template doesn't exist
+	info, err := os.Stat(fp)
+	if err != nil {
+		if os.IsNotExist(err) {
+			http.NotFound(w, r)
+			return
+		}
+	}
+
+	// Return a 404 if the request is for a directory
+	if info.IsDir() {
+		http.NotFound(w, r)
+		return
+	}
+
+	tmpl, err := template.ParseFiles(lp, fp)
+	if err != nil {
+		// Log the detailed error
+		log.Print(err.Error())
+		// Return a generic "Internal Server Error" message
+		http.Error(w, http.StatusText(500), 500)
+		return
+	}
+
+	err = tmpl.ExecuteTemplate(w, "main.html", companyId)
+	if err != nil {
+		log.Print(err.Error())
+		http.Error(w, http.StatusText(500), 500)
+	}
+}
+
+func createAdvancedProfile(companyId int, f url.Values) db.AdvancedProfile {
+	return db.AdvancedProfile{
+		CompanyId:                   companyId,
+		GeographicDistribution:      f.Get("GeographicDistribution"),
+		CustomerConcentration:       f.Get("CustomerConcentration"),
+		ProductServicePortfolio:     f.Get("ProductServicePortfolio"),
+		OrganizationalCulture:       f.Get("OrganizationalCulture"),
+		SupplierDiversity:           f.Get("SupplierDiversity"),
+		TechnologicalInfrastructure: f.Get("TechnologicalInfrastructure"),
+		IntellectualProperty:        f.Get("IntellectualProperty"),
+		ManagementTeamExperience:    f.Get("ManagementTeamExperience"),
+	}
+}
--- a/application/controllers/signup.go
+++ b/application/controllers/signup.go
@@ -41,13 +41,15 @@ func handlePost(w http.ResponseWriter, r *http.Request) {
 		handleGet(w, r)
 	}

+	http.Redirect(w, r, "/thankyou", http.StatusSeeOther)
 }

 func handleGet(w http.ResponseWriter, r *http.Request) {
 	lp := filepath.Join("application", "layouts", "main.html")
 	fp := filepath.Join("application", "views", "signup.html")

-	log.Println("Hitting Signup")
+	// add a CSP header to allow only same-origin scripts
+	w.Header().Set("Content-Security-Policy", "script-src 'unsafe-eval' 'self'")

 	// Return a 404 if the template doesn't exist
 	info, err := os.Stat(fp)