package main import ( "os" "net/http" "net/mail" "log" "sync" "regexp" "html/template" "database/sql" _ "github.com/go-sql-driver/mysql" "fmt" "encoding/json" "strconv" "bytes" "time" "errors" "strings" "math" "io" // pdf "github.com/SebastiaanKlippert/go-wkhtmltopdf" "github.com/golang-jwt/jwt/v4" "github.com/disintegration/gift" "image" "image/png" _ "image/jpeg" ) type Address struct { Id int `json:"id"` Full string `json:"full"` Street string `json:"street"` City string `json:"city"` Region string `json:"region"` Country string `json:"country"` Zip string `json:"zip"` } type User struct { Id int `json:"id"` Email string `json:"email"` FirstName string `json:"firstName"` LastName string `json:"lastName"` Phone string `json:"phone"` Address Address `json:"address"` BranchId int `json:"branchId"` Status string `json:"status"` Country string `json:"country"` Title string `json:"title"` Verified bool `json:"verified"` Role string `json:"role"` Password string `json:"password,omitempty"` } type UserClaims struct { Id int `json:"id"` Role string `json:"role"` Exp string `json:"exp"` } type Page struct { tpl *template.Template Title string Name string } type Borrower struct { Id int `json:"id"` Credit int `json:"credit"` Income int `json:"income"` Num int `json:"num"` } type FeeTemplate struct { Id int `json:"id"` User int `json:"user"` Branch int `json:"branch"` Amount int `json:"amount"` Perc float32 `json:"perc"` Type string `json:"type"` Notes string `json:"notes"` Name string `json:"name"` Category string `json:"category"` Auto bool `json:"auto"` } type Fee struct { Id int `json:"id"` LoanId int `json:"loan_id"` Amount int `json:"amount"` Perc float32 `json:"perc"` Type string `json:"type"` Notes string `json:"notes"` Name string `json:"name"` Category string `json:"category"` } type LoanType struct { Id int `json:"id"` User int `json:"user"` Branch int `json:"branch"` Name string `json:"name"` } type Loan struct { Id int `json:"id"` EstimateId int `json:"estimateId"` Type LoanType `json:"type"` Amount int `json:"amount"` Amortization string `json:"amortization"` Term int `json:"term"` Ltv float32 `json:"ltv"` Dti float32 `json:"dti"` Hoi int `json:"hoi"` Hazard int `json:"hazard"` Tax int `json:"tax"` Interest float32 `json:"interest"` Mi MI `json:"mi"` Fees []Fee `json:"fees"` Name string `json:"title"` } type MI struct { Type string `json:"user"` Label string `json:"label"` Lender string `json:"lender"` Rate float32 `json:"rate"` Premium float32 `json:"premium"` Upfront float32 `json:"upfront"` Monthly bool `json:"monthly"` FiveYearTotal float32 `json:"fiveYearTotal"` InitialAllInPremium float32 `json:"initialAllInPremium"` InitialAllInRate float32 `json:"initialAllInRate"` InitialAmount float32 `json:"initialAmount"` } type Result struct { Id int `json:"id"` LoanId int `json:"loanId"` LoanPayment int `json:"loanPayment"` TotalMonthly int `json:"totalMonthly"` TotalFees int `json:"totalFees"` TotalCredits int `json:"totalCredits"` CashToClose int `json:"cashToClose"` } type Estimate struct { Id int `json:"id"` User int `json:"user"` Borrower Borrower `json:"borrower"` Transaction string `json:"transaction"` Price int `json:"price"` Property string `json:"property"` Occupancy string `json:"occupancy"` Zip string `json:"zip"` Pud bool `json:"pud"` Loans []Loan `json:"loans"` Results []Result `json:"results"` } type Password struct { Old string `json:"old"` New string `json:"new"` } type Endpoint func (http.ResponseWriter, *sql.DB, *http.Request) var ( regexen = make(map[string]*regexp.Regexp) relock sync.Mutex address = "127.0.0.1:8001" ) var paths = map[string]string { "home": "views/home.tpl", "terms": "views/terms.tpl", "app": "views/app.tpl", "test": "views/test.tpl", } var pages = map[string]Page { "home": cache("home", "Home"), "terms": cache("terms", "Terms and Conditions"), "test": cache("test", "PDF test"), "app": cache("app", "App"), } var roles = map[string]int{ "User": 1, "Manager": 2, "Admin": 3, } // Used to validate claim in JWT token body. Checks if user id is greater than // zero and time format is valid func (c UserClaims) Valid() error { if c.Id < 1 { return errors.New("Invalid id") } t, err := time.Parse(time.UnixDate, c.Exp) if err != nil { return err } if t.Before(time.Now()) { return errors.New("Token expired.") } return err } func cache(name string, title string) Page { var p = []string{"views/master.tpl", paths[name]} tpl := template.Must(template.ParseFiles(p...)) return Page{tpl: tpl, Title: title, Name: name, } } func (page Page) Render(w http.ResponseWriter) { err := page.tpl.Execute(w, page) if err != nil { log.Print(err) } } func match(path, pattern string, args *[]string) bool { relock.Lock() defer relock.Unlock() regex := regexen[pattern] if regex == nil { regex = regexp.MustCompile("^" + pattern + "$") regexen[pattern] = regex } matches := regex.FindStringSubmatch(path) if len(matches) <= 0 { return false } *args = matches[1:] return true } func makeResults(estimate Estimate) ([]Result) { var results []Result amortize := func(principle float64, rate float64, periods float64) int { exp := math.Pow(1+rate, periods) return int(principle * rate * exp / (exp - 1)) } for _, loan := range estimate.Loans { var result Result // Monthly payments use amortized loan payment formula plus monthly MI, // plus all other recurring fees result.LoanPayment = amortize(float64(loan.Amount), float64(loan.Interest / 100 / 12), float64(loan.Term * 12)) result.TotalMonthly = result.LoanPayment + loan.Hoi + loan.Tax + loan.Hazard if loan.Mi.Monthly { result.TotalMonthly = result.TotalMonthly + int(loan.Mi.Rate/100*float32(loan.Amount)) } for i := range loan.Fees { if loan.Fees[i].Amount > 0 { result.TotalFees = result.TotalFees + loan.Fees[i].Amount } else { result.TotalCredits = result.TotalCredits + loan.Fees[i].Amount } } result.CashToClose = result.TotalFees + result.TotalCredits + (estimate.Price - loan.Amount) result.LoanId = loan.Id results = append(results, result) } return results } func summarize(w http.ResponseWriter, db *sql.DB, r *http.Request) { var estimate Estimate err := json.NewDecoder(r.Body).Decode(&estimate) if err != nil { http.Error(w, "Invalid estimate.", 422); return } results := makeResults(estimate) json.NewEncoder(w).Encode(results) } func getLoanType( db *sql.DB, id int) (LoanType, error) { types, err := getLoanTypes(db, id, 0, 0) if err != nil { return LoanType{Id: id}, err } if len(types) == 0 { return LoanType{Id: id}, errors.New("No type with that id") } return types[0], nil } func getLoanTypes( db *sql.DB, id int, user int, branch int ) ( []LoanType, error) { var loans []LoanType var query = `SELECT id, user_id, branch_id, name FROM loan_type WHERE loan_type.id = CASE @e := ? WHEN 0 THEN id ELSE @e END OR loan_type.user_id = CASE @e := ? WHEN 0 THEN id ELSE @e END OR loan_type.branch_id = CASE @e := ? WHEN 0 THEN id ELSE @e END` // Should be changed to specify user rows, err := db.Query(query, id, user, branch) if err != nil { return nil, fmt.Errorf("loan_type error: %v", err) } defer rows.Close() for rows.Next() { var loan LoanType if err := rows.Scan( &loan.Id, &loan.User, &loan.Branch, &loan.Name) err != nil { log.Printf("Error occured fetching loan: %v", err) return nil, fmt.Errorf("Error occured fetching loan: %v", err) } loans = append(loans, loan) } return loans, nil } func getFees(db *sql.DB, loan int) ([]Fee, error) { var fees []Fee query := `SELECT id, loan_id, amount, perc, type, notes, name, category FROM fee WHERE loan_id = ?` rows, err := db.Query(query, loan) if err != nil { return nil, fmt.Errorf("Fee query error %v", err) } defer rows.Close() for rows.Next() { var fee Fee if err := rows.Scan( &fee.Id, &fee.LoanId, &fee.Amount, &fee.Perc, &fee.Type, &fee.Notes, &fee.Name, &fee.Category, ) err != nil { return nil, fmt.Errorf("Fees scanning error: %v", err) } fees = append(fees, fee) } return fees, nil } func fetchFeesTemp(db *sql.DB, user int, branch int) ([]FeeTemplate, error) { var fees []FeeTemplate query := `SELECT id, user_id, COALESCE(branch_id, 0), amount, perc, type, notes, name, category, auto FROM fee_template WHERE user_id = ? OR branch_id = ? ` rows, err := db.Query(query, user, branch) if err != nil { return nil, fmt.Errorf("Fee template query error %v", err) } defer rows.Close() for rows.Next() { var fee FeeTemplate if err := rows.Scan( &fee.Id, &fee.User, &fee.Branch, &fee.Amount, &fee.Perc, &fee.Type, &fee.Notes, &fee.Name, &fee.Category, &fee.Auto) err != nil { return nil, fmt.Errorf("FeesTemplate scanning error: %v", err) } fees = append(fees, fee) } return fees, nil } // Fetch fees from the database func getFeesTemp(w http.ResponseWriter, db *sql.DB, r *http.Request) { var fees []FeeTemplate claims, err := getClaims(r) if err != nil { w.WriteHeader(500); return } users, err := queryUsers(db, claims.Id) if err != nil { w.WriteHeader(422); return } fees, err = fetchFeesTemp(db, claims.Id, users[0].BranchId) json.NewEncoder(w).Encode(fees) } // Fetch fees from the database func createFeesTemp(w http.ResponseWriter, db *sql.DB, r *http.Request) { var fee FeeTemplate var query string var row *sql.Row var err error claims, err := getClaims(r) // var id int // Inserted estimate's id err = json.NewDecoder(r.Body).Decode(&fee) if err != nil { w.WriteHeader(422); return } query = `INSERT INTO fee_template ( user_id, branch_id, amount, perc, type, notes, name, auto ) VALUES (?, NULL, ?, ?, ?, ?, ?, ?) RETURNING id ` row = db.QueryRow(query, claims.Id, fee.Amount, fee.Perc, fee.Type, fee.Notes, fee.Name, fee.Auto, ) err = row.Scan(&fee.Id) if err != nil { w.WriteHeader(500); return } json.NewEncoder(w).Encode(fee) } // Fetch fees from the database func deleteFeeTemp(w http.ResponseWriter, db *sql.DB, r *http.Request) { var fee FeeTemplate var query string var err error // claims, err := getClaims(r) // var id int // Inserted estimate's id err = json.NewDecoder(r.Body).Decode(&fee) if err != nil { w.WriteHeader(422); return } query = `DELETE FROM fee_template WHERE id = ?` _, err = db.Exec(query, fee.Id) if err != nil { w.WriteHeader(500); return } } func getMi(db *sql.DB, loan int) (MI, error) { var mi MI query := `SELECT type, label, lender, rate, premium, upfront, five_year_total, initial_premium, initial_rate, initial_amount FROM mi WHERE loan_id = ?` rows, err := db.Query(query, loan) if err != nil { return mi, err } defer rows.Close() if (!rows.Next()) { return mi, nil } if err := rows.Scan( &mi.Type, &mi.Label, &mi.Lender, &mi.Rate, &mi.Premium, &mi.Upfront, &mi.FiveYearTotal, &mi.InitialAllInPremium, &mi.InitialAllInRate, &mi.InitialAmount, ) err != nil { return mi, err } return mi, nil } func getBorrower(db *sql.DB, id int) (Borrower, error) { var borrower Borrower row := db.QueryRow( "SELECT * FROM borrower " + "WHERE id = ? LIMIT 1", id) if err := row.Scan( &borrower.Id, &borrower.Credit, &borrower.Income, &borrower.Num, ) err != nil { return borrower, fmt.Errorf("Borrower scanning error: %v", err) } return borrower, nil } // Query Lender APIs and parse responses into MI structs func fetchMi(db *sql.DB, estimate *Estimate, pos int) []MI { var err error var loan Loan = estimate.Loans[pos] var ltv = func(l float32) string { switch { case l > 95: return "LTV97" case l > 90: return "LTV95" case l > 85: return "LTV90" default: return "LTV85" } } var term = func(t int) string { switch { case t <= 10: return "A10" case t <= 15: return "A15" case t <= 20: return "A20" case t <= 25: return "A25" case t <= 30: return "A30" default: return "A40" } } var propertyCodes = map[string]string { "Single Attached": "SFO", "Single Detached": "SFO", "Condo Lo-rise": "CON", "Condo Hi-rise": "CON", } var purposeCodes = map[string]string { "Purchase": "PUR", "Refinance": "RRT", } body, err := json.Marshal(map[string]any{ "zipCode": estimate.Zip, "stateCode": "CA", "address": "", "propertyTypeCode": propertyCodes[estimate.Property], "occupancyTypeCode": "PRS", "loanPurposeCode": purposeCodes[estimate.Transaction], "loanAmount": loan.Amount, "loanToValue": ltv(loan.Ltv), "amortizationTerm": term(loan.Term), "loanTypeCode": "FXD", "duLpDecisionCode": "DAE", "loanProgramCodes": []any{}, "debtToIncome": loan.Dti, "wholesaleLoan": 0, "coveragePercentageCode": "L30", "productCode": "BPM", "renewalTypeCode": "CON", "numberOfBorrowers": 1, "coBorrowerCreditScores": []any{}, "borrowerCreditScore": strconv.Itoa(estimate.Borrower.Credit), "masterPolicy": nil, "selfEmployedIndicator": false, "armType": "", "userId": 44504, }) if err != nil { log.Printf("Could not marshal NationalMI body: \n%v\n%v\n", bytes.NewBuffer(body), err) } req, err := http.NewRequest("POST", "https://rate-gps.nationalmi.com/rates/productRateQuote", bytes.NewBuffer(body)) req.Header.Add("Content-Type", "application/json") req.AddCookie(&http.Cookie{ Name: "nmirategps_email", Value: os.Getenv("NationalMIEmail")}) resp, err := http.DefaultClient.Do(req) var res map[string]interface{} var result []MI if resp.StatusCode != 200 { log.Printf("the status: %v\nthe resp: %v\n the req: %v\n the body: %v\n", resp.Status, resp, req.Body, bytes.NewBuffer(body)) } else { json.NewDecoder(resp.Body).Decode(&res) // estimate.Loans[pos].Mi = res // Parse res into result here } return result } // Make comparison PDF func generatePDF(w http.ResponseWriter, db *sql.DB, r *http.Request) { } func login(w http.ResponseWriter, db *sql.DB, r *http.Request) { var id int var role string var err error var user User json.NewDecoder(r.Body).Decode(&user) row := db.QueryRow( `SELECT id, role FROM user WHERE email = ? AND password = sha2(?, 256)`, user.Email, user.Password, ) err = row.Scan(&id, &role) if err != nil { http.Error(w, "Invalid Credentials.", http.StatusUnauthorized) return } token := jwt.NewWithClaims(jwt.SigningMethodHS256, UserClaims{ Id: id, Role: role, Exp: time.Now().Add(time.Minute * 30).Format(time.UnixDate)}) tokenStr, err := token.SignedString([]byte(os.Getenv("JWT_SECRET"))) if err != nil { log.Println("Token could not be signed: ", err, tokenStr) http.Error(w, "Token generation error.", http.StatusInternalServerError) return } cookie := http.Cookie{Name: "skouter", Value: tokenStr, Path: "/", Expires: time.Now().Add(time.Hour * 24)} http.SetCookie(w, &cookie) _, err = w.Write([]byte(tokenStr)) if err != nil { http.Error(w, "Could not complete token write.", http.StatusInternalServerError)} } func getToken(w http.ResponseWriter, db *sql.DB, r *http.Request) { claims, err := getClaims(r) // Will verify existing signature and expiry time token := jwt.NewWithClaims(jwt.SigningMethodHS256, UserClaims{ Id: claims.Id, Role: claims.Role, Exp: time.Now().Add(time.Minute * 30).Format(time.UnixDate)}) tokenStr, err := token.SignedString([]byte(os.Getenv("JWT_SECRET"))) if err != nil { log.Println("Token could not be signed: ", err, tokenStr) http.Error(w, "Token generation error.", http.StatusInternalServerError) return } cookie := http.Cookie{Name: "skouter", Value: tokenStr, Path: "/", Expires: time.Now().Add(time.Hour * 24)} http.SetCookie(w, &cookie) _, err = w.Write([]byte(tokenStr)) if err != nil { http.Error(w, "Could not complete token write.", http.StatusInternalServerError)} } func getClaims(r *http.Request) (UserClaims, error) { claims := new(UserClaims) _, tokenStr, found := strings.Cut(r.Header.Get("Authorization"), " ") if !found { return *claims, errors.New("Token not found") } // Pull token payload into UserClaims _, err := jwt.ParseWithClaims(tokenStr, claims, func(token *jwt.Token) (any, error) { return []byte(os.Getenv("JWT_SECRET")), nil }) if err != nil { return *claims, err } if err = claims.Valid(); err != nil { return *claims, err } return *claims, nil } func guard(r *http.Request, required int) bool { claims, err := getClaims(r) if err != nil { return false } if roles[claims.Role] < required { return false } return true } func queryUsers(db *sql.DB, id int) ( []User, error ) { var users []User var query string var rows *sql.Rows var err error query = `SELECT u.id, u.email, u.first_name, u.last_name, u.branch_id, u.country, u.title, u.status, u.verified, u.role FROM user u WHERE u.id = CASE @e := ? WHEN 0 THEN u.id ELSE @e END ` rows, err = db.Query(query, id) if err != nil { return users, err } defer rows.Close() for rows.Next() { var user User if err := rows.Scan( &user.Id, &user.Email, &user.FirstName, &user.LastName, &user.BranchId, &user.Country, &user.Title, &user.Status, &user.Verified, &user.Role, ) err != nil { return users, err } users = append(users, user) } // Prevents runtime panics if len(users) == 0 { return users, errors.New("User not found.") } return users, nil } func insertResults(db *sql.DB, results []Result) (error){ var query string var row *sql.Row var err error query = `INSERT INTO estimate_result ( loan_id, loan_payment, total_monthly, total_fees, total_credits, cash_to_close ) VALUES (?, ?, ?, ?, ?, ?, ?) RETURNING id ` for i := range results { db.QueryRow(query, results[i].LoanId, results[i].LoanPayment, results[i].TotalMonthly, results[i].TotalFees, results[i].TotalCredits, results[i].CashToClose, ) err = row.Scan(&results[i].Id) if err != nil { return err } } return nil } func insertUser(db *sql.DB, user User) (User, error){ var query string var row *sql.Row var err error var id int // Inserted user's id query = `INSERT INTO user ( email, first_name, last_name, password, created, role, verified, last_login ) VALUES (?, ?, ?, sha2(?, 256), NOW(), ?, ?, NOW()) RETURNING id ` row = db.QueryRow(query, user.Email, user.FirstName, user.LastName, user.Password, user.Role, user.Verified, ) err = row.Scan(&id) if err != nil { return User{}, err } users, err := queryUsers(db, id) if err != nil { return User{}, err } return users[0], nil } func updateUser(user User, db *sql.DB) error { query := ` UPDATE user SET email = CASE @e := ? WHEN '' THEN email ELSE @e END, first_name = CASE @fn := ? WHEN '' THEN first_name ELSE @fn END, last_name = CASE @ln := ? WHEN '' THEN last_name ELSE @ln END, role = CASE @r := ? WHEN '' THEN role ELSE @r END, password = CASE @p := ? WHEN '' THEN password ELSE sha2(@p, 256) END WHERE id = ? ` _, err := db.Exec(query, user.Email, user.FirstName, user.LastName, user.Role, user.Password, user.Id, ) return err } func getUser(w http.ResponseWriter, db *sql.DB, r *http.Request) { claims, err := getClaims(r) if err != nil { w.WriteHeader(500); return } users, err := queryUsers(db, claims.Id) if err != nil { w.WriteHeader(422); log.Println(err); return } json.NewEncoder(w).Encode(users) } func getUsers(w http.ResponseWriter, db *sql.DB, r *http.Request) { users, err := queryUsers(db, 0) if err != nil { w.WriteHeader(http.StatusInternalServerError) return } json.NewEncoder(w).Encode(users) } // Updates a user using only specified values in the JSON body func setUser(user User, db *sql.DB) error { _, err := mail.ParseAddress(user.Email) if err != nil { return err } if roles[user.Role] == 0 { return errors.New("Invalid role") } err = updateUser(user, db) if err != nil { return err } return nil } func patchUser(w http.ResponseWriter, db *sql.DB, r *http.Request) { var user User err := json.NewDecoder(r.Body).Decode(&user) if err != nil { http.Error(w, "Invalid fields", 422); return } err = setUser(user, db) if err != nil { http.Error(w, err.Error(), 422); return } } // Update specified fields of the user specified in the claim func patchSelf(w http.ResponseWriter, db *sql.DB, r *http.Request) { claim, err := getClaims(r) var user User json.NewDecoder(r.Body).Decode(&user) // First check that the target user to be updated is the same as the claim id, and // their role is unchanged. if err != nil || claim.Id != user.Id { http.Error(w, "Target user's id does not match claim.", 401) return } if claim.Role != user.Role && user.Role != "" { http.Error(w, "Administrator required to escalate role.", 401) return } err = setUser(user, db) if err != nil { http.Error(w, err.Error(), 422); return } } func deleteUser(w http.ResponseWriter, db *sql.DB, r *http.Request) { var user User err := json.NewDecoder(r.Body).Decode(&user) if err != nil { http.Error(w, "Invalid fields.", 422) return } query := `DELETE FROM user WHERE id = ?` _, err = db.Exec(query, user.Id) if err != nil { http.Error(w, "Could not delete.", 500) } } func createUser(w http.ResponseWriter, db *sql.DB, r *http.Request) { var user User err := json.NewDecoder(r.Body).Decode(&user) if err != nil { http.Error(w, "Invalid fields.", 422); return } _, err = mail.ParseAddress(user.Email) if err != nil { http.Error(w, "Invalid email.", 422); return } if roles[user.Role] == 0 { http.Error(w, "Invalid role.", 422) } user, err = insertUser(db, user) if err != nil { http.Error(w, "Error creating user.", 422); return } json.NewEncoder(w).Encode(user) } func checkPassword(db *sql.DB, id int, pass string) bool { var p string query := `SELECT password FROM user WHERE user.id = ? AND password = sha2(?, 256) ` row := db.QueryRow(query, id, pass) err := row.Scan(&p) if err != nil { return false } return true } func setPassword(db *sql.DB, id int, pass string) error { query := `UPDATE user SET password = sha2(?, 256) WHERE user.id = ? ` _, err := db.Exec(query, pass, id) if err != nil { return errors.New("Could not insert password.") } return nil } func changePassword(w http.ResponseWriter, db *sql.DB, r *http.Request) { var pass Password claim, err := getClaims(r) err = json.NewDecoder(r.Body).Decode(&pass) if err != nil { http.Error(w, "Bad fields.", 422); return } if checkPassword(db, claim.Id, pass.Old) { err = setPassword(db, claim.Id, pass.New) } else { http.Error(w, "Incorrect old password.", 401) return } if err != nil { http.Error(w, err.Error(), 500); return } } func fetchAvatar(db *sql.DB, user int) ( []byte, error ) { var img []byte var query string var err error query = `SELECT avatar FROM user WHERE user.id = ? ` row := db.QueryRow(query, user) err = row.Scan(&img) if err != nil { return img, err } return img, nil } func insertAvatar(db *sql.DB, user int, img []byte) error { query := `UPDATE user SET avatar = ? WHERE id = ? ` _, err := db.Exec(query, img, user) if err != nil { return err } return nil } func fetchLetterhead(db *sql.DB, user int) ( []byte, error ) { var img []byte var query string var err error query = `SELECT letterhead FROM user WHERE user.id = ? ` row := db.QueryRow(query, user) err = row.Scan(&img) if err != nil { return img, err } return img, nil } func insertLetterhead(db *sql.DB, user int, img []byte) error { query := `UPDATE user SET letterhead = ? WHERE id = ? ` _, err := db.Exec(query, img, user) if err != nil { return err } return nil } func setAvatar(w http.ResponseWriter, db *sql.DB, r *http.Request) { var validTypes []string = []string{"image/png", "image/jpeg"} var isValidType bool claims, err := getClaims(r) if err != nil { http.Error(w, "Invalid token.", 422); return } img, err := io.ReadAll(r.Body) if err != nil { http.Error(w, "Invalid file.", 422); return } for _, v := range validTypes { if v == http.DetectContentType(img) { isValidType = true } } if !isValidType { http.Error(w, "Invalid file type.", 422); return } err = insertAvatar(db, claims.Id, img) if err != nil { http.Error(w, "Could not insert.", 500); return } } func getAvatar(w http.ResponseWriter, db *sql.DB, r *http.Request) { claims, err := getClaims(r) if err != nil { http.Error(w, "Invalid token.", 422); return } img, err := fetchAvatar(db, claims.Id) if err != nil { http.Error(w, "Could not retrieve.", 500); return } w.Header().Set("Content-Type", http.DetectContentType(img)) w.Write(img) } func setLetterhead(w http.ResponseWriter, db *sql.DB, r *http.Request) { var validTypes []string = []string{"image/png", "image/jpeg"} var isValidType bool claims, err := getClaims(r) if err != nil { http.Error(w, "Invalid token.", 422); return } img, err := io.ReadAll(r.Body) if err != nil { http.Error(w, "Invalid file.", 422); return } for _, v := range validTypes { if v == http.DetectContentType(img) { isValidType = true } } if !isValidType { http.Error(w, "Invalid file type.", 422); return } err = insertLetterhead(db, claims.Id, img) if err != nil { http.Error(w, "Could not insert.", 500); return } } func getLetterhead(w http.ResponseWriter, db *sql.DB, r *http.Request) { claims, err := getClaims(r) if err != nil { http.Error(w, "Invalid token.", 422); return } img, err := fetchLetterhead(db, claims.Id) if err != nil { http.Error(w, "Could not retrieve.", 500); return } w.Header().Set("Content-Type", http.DetectContentType(img)) w.Write(img) } func queryBorrower(db *sql.DB, id int) ( Borrower, error ) { var borrower Borrower var query string var err error query = `SELECT l.id, l.credit_score, l.num, l.monthly_income FROM borrower l WHERE l.id = ? ` row := db.QueryRow(query, id) err = row.Scan( borrower.Id, borrower.Credit, borrower.Num, borrower.Income, ) if err != nil { return borrower, err } return borrower, nil } // Must have an estimate ID 'e', but not necessarily a loan id 'id' func getResults(db *sql.DB, e int, id int) ( []Result, error ) { var results []Result var query string var rows *sql.Rows var err error query = `SELECT r.id, loan_id, loan_payment, total_monthly, total_fees, total_credits, cash_to_close FROM estimate_result r INNER JOIN loan ON r.loan_id = loan.id WHERE r.id = CASE @e := ? WHEN 0 THEN r.id ELSE @e END AND loan.estimate_id = ? ` rows, err = db.Query(query, id, e) if err != nil { return results, err } defer rows.Close() for rows.Next() { var result Result if err := rows.Scan( &result.Id, &result.LoanId, &result.LoanPayment, &result.TotalMonthly, &result.TotalFees, &result.TotalCredits, &result.CashToClose, ) err != nil { return results, err } results = append(results, result) } // Prevents runtime panics // if len(results) == 0 { return results, errors.New("Result not found.") } return results, nil } // Must have an estimate ID 'e', but not necessarily a loan id 'id' func getLoans(db *sql.DB, e int, id int) ( []Loan, error ) { var loans []Loan var query string var rows *sql.Rows var err error query = `SELECT l.id, l.type_id, l.estimate_id, l.amount, l.term, l.interest, l.ltv, l.dti, l.hoi, l.tax, l.name FROM loan l WHERE l.id = CASE @e := ? WHEN 0 THEN l.id ELSE @e END AND l.estimate_id = ? ` rows, err = db.Query(query, id, e) if err != nil { return loans, err } defer rows.Close() for rows.Next() { var loan Loan if err := rows.Scan( &loan.Id, &loan.Type.Id, &loan.EstimateId, &loan.Amount, &loan.Term, &loan.Interest, &loan.Ltv, &loan.Dti, &loan.Hoi, &loan.Tax, &loan.Name, ) err != nil { return loans, err } mi, err := getMi(db, loan.Id) if err != nil { return loans, err } loan.Mi = mi fees, err := getFees(db, loan.Id) if err != nil { return loans, err } loan.Fees = fees loan.Type, err = getLoanType(db, loan.Type.Id) if err != nil { return loans, err } loans = append(loans, loan) } // Prevents runtime panics if len(loans) == 0 { return loans, errors.New("Loan not found.") } return loans, nil } func getEstimates(db *sql.DB, id int, user int) ( []Estimate, error ) { var estimates []Estimate var query string var rows *sql.Rows var err error query = `SELECT id, user_id, borrower_id, transaction, price, property, occupancy, zip, pud FROM estimate WHERE id = CASE @e := ? WHEN 0 THEN id ELSE @e END AND user_id = CASE @e := ? WHEN 0 THEN user_id ELSE @e END ` rows, err = db.Query(query, id, user) if err != nil { return estimates, err } defer rows.Close() for rows.Next() { var estimate Estimate if err := rows.Scan( &estimate.Id, &estimate.User, &estimate.Borrower.Id, &estimate.Transaction, &estimate.Price, &estimate.Property, &estimate.Occupancy, &estimate.Zip, &estimate.Pud, ) err != nil { return estimates, err } borrower, err := getBorrower(db, estimate.Borrower.Id) if err != nil { return estimates, err } estimate.Borrower = borrower estimate.Results, err = getResults(db, estimate.Id, 0) if err != nil { return estimates, err } estimates = append(estimates, estimate) } // Prevents runtime panics if len(estimates) == 0 { return estimates, errors.New("Estimate not found.") } for i := range estimates { estimates[i].Loans, err = getLoans(db, estimates[i].Id, 0) if err != nil { return estimates, err } } return estimates, nil } // Accepts a borrower struct and returns the id of the inserted borrower and // any related error. func insertBorrower(db *sql.DB, borrower Borrower) (int, error) { var query string var row *sql.Row var err error var id int // Inserted loan's id query = `INSERT INTO borrower ( credit_score, monthly_income, num ) VALUES (?, ?, ?) RETURNING id ` row = db.QueryRow(query, borrower.Credit, borrower.Income, borrower.Num, ) err = row.Scan(&id) if err != nil { return 0, err } return id, nil } func insertMi(db *sql.DB, mi MI) (int, error) { var id int query := `INSERT INTO mi ( type, label, lender, rate, premium, upfront, five_year_total, initial_premium, initial_rate, initial_amount ) VALUES (?, ?, ?, ?, ?, ?, ?) RETURNING id` row := db.QueryRow(query, &mi.Type, &mi.Label, &mi.Lender, &mi.Rate, &mi.Premium, &mi.Upfront, &mi.FiveYearTotal, &mi.InitialAllInPremium, &mi.InitialAllInRate, &mi.InitialAmount, ) err := row.Scan(&id) if err != nil { return 0, err } return id, nil } func insertFee(db *sql.DB, fee Fee) (int, error) { var id int query := `INSERT INTO fee (loan_id, amount, perc, type, notes, name, category) VALUES (?, ?, ?, ?, ?, ?, ?) RETURNING id` row := db.QueryRow(query, fee.LoanId, fee.Amount, fee.Perc, fee.Type, fee.Notes, fee.Name, fee.Category, ) err := row.Scan(&id) if err != nil { return 0, err } return id, nil } func insertLoan(db *sql.DB, loan Loan) (Loan, error){ var query string var row *sql.Row var err error var id int // Inserted loan's id query = `INSERT INTO loan ( estimate_id, type_id, amount, term, interest, ltv, dti, hoi, tax, name ) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?) RETURNING id ` row = db.QueryRow(query, loan.EstimateId, loan.Type.Id, loan.Amount, loan.Term, loan.Interest, loan.Ltv, loan.Dti, loan.Hoi, loan.Tax, loan.Name, ) err = row.Scan(&id) if err != nil { return loan, err } _, err = insertMi(db, loan.Mi) if err != nil { return loan, err } for i := range loan.Fees { _, err := insertFee(db, loan.Fees[i]) if err != nil { return loan, err } } loans, err := getLoans(db, id, 0) if err != nil { return Loan{}, err } return loans[0], nil } func insertEstimate(db *sql.DB, estimate Estimate) (Estimate, error){ var query string var row *sql.Row var err error // var id int // Inserted estimate's id estimate.Borrower.Id, err = insertBorrower(db, estimate.Borrower) if err != nil { return Estimate{}, err } query = `INSERT INTO estimate ( user_id, borrower_id, transaction, price, property, occupancy, zip, pud ) VALUES (?, ?, ?, ?, ?, ?, ?, ?) RETURNING id ` row = db.QueryRow(query, estimate.User, estimate.Borrower.Id, estimate.Transaction, estimate.Price, estimate.Property, estimate.Occupancy, estimate.Zip, estimate.Pud, ) err = row.Scan(&estimate.Id) if err != nil { return Estimate{}, err } for _, l := range estimate.Loans { l.EstimateId = estimate.Id _, err = insertLoan(db, l) if err != nil { return estimate, err } } estimates, err := getEstimates(db, estimate.Id, 0) if err != nil { return Estimate{}, err } return estimates[0], nil } func createEstimate(w http.ResponseWriter, db *sql.DB, r *http.Request) { var estimate Estimate err := json.NewDecoder(r.Body).Decode(&estimate) if err != nil { http.Error(w, "Invalid fields.", 422); return } claims, err := getClaims(r) estimate.User = claims.Id estimate, err = insertEstimate(db, estimate) if err != nil { http.Error(w, err.Error(), 422); return } estimate.Results = makeResults(estimate) err = insertResults(db, estimate.Results) if err != nil { http.Error(w, err.Error(), 500); return } e, err := getEstimates(db, estimate.Id, 0) if err != nil { http.Error(w, err.Error(), 500); return } json.NewEncoder(w).Encode(e[0]) } // Query all estimates that belong to the current user func fetchEstimate(w http.ResponseWriter, db *sql.DB, r *http.Request) { var estimates []Estimate claims, err := getClaims(r) estimates, err = getEstimates(db, 0, claims.Id) if err != nil { http.Error(w, err.Error(), 500); return } json.NewEncoder(w).Encode(estimates) } func checkConventional(l Loan, b Borrower) error { if b.Credit < 620 { return errors.New("Credit score too low for conventional loan") } // Buyer needs to put down 20% to avoid mortgage insurance if (l.Ltv > 80 && l.Mi.Rate == 0) { return errors.New(fmt.Sprintln( l.Name, "down payment must be 20% to avoid insurance", )) } return nil } func checkFHA(l Loan, b Borrower) error { if b.Credit < 500 { return errors.New("Credit score too low for FHA loan") } if (l.Ltv > 96.5) { return errors.New("FHA down payment must be at least 3.5%") } if (b.Credit < 580 && l.Ltv > 90) { return errors.New("FHA down payment must be at least 10%") } // Debt-to-income must be below 45% if credit score is below 580. if (b.Credit < 580 && l.Dti > 45) { return errors.New(fmt.Sprintln( l.Name, "debt to income is too high for credit score.", )) } return nil } // Loan option for veterans with no set rules. Mainly placeholder. func checkVA(l Loan, b Borrower) error { return nil } // Loan option for residents of rural areas with no set rules. // Mainly placeholder. func checkUSDA(l Loan, b Borrower) error { return nil } // Should also check loan amount limit maybe with an API. func checkEstimate(e Estimate) error { if e.Property == "" { return errors.New("Empty property type") } if e.Price == 0 { return errors.New("Empty property price") } if e.Borrower.Num == 0 { return errors.New("Missing number of borrowers") } if e.Borrower.Credit == 0 { return errors.New("Missing borrower credit score") } if e.Borrower.Income == 0 { return errors.New("Missing borrower credit income") } for _, l := range e.Loans { if l.Amount == 0 { return errors.New(fmt.Sprintln(l.Name, "loan amount cannot be zero")) } if l.Term == 0 { return errors.New(fmt.Sprintln(l.Name, "loan term cannot be zero")) } if l.Interest == 0 { return errors.New(fmt.Sprintln(l.Name, "loan interest cannot be zero")) } // Can be used to check rules for specific loan types var err error switch l.Type.Id { case 1: err = checkConventional(l, e.Borrower) case 2: err = checkFHA(l, e.Borrower) case 3: err = checkVA(l, e.Borrower) case 4: err = checkUSDA(l, e.Borrower) default: err = errors.New("Invalid loan type") } if err != nil { return err } } return nil } func validateEstimate(w http.ResponseWriter, db *sql.DB, r *http.Request) { var estimate Estimate err := json.NewDecoder(r.Body).Decode(&estimate) if err != nil { http.Error(w, err.Error(), 422); return } err = checkEstimate(estimate) if err != nil { http.Error(w, err.Error(), 406); return } } func showPDF(w http.ResponseWriter, r *http.Request) { // var args []string // p := r.URL.Path db, err := sql.Open("mysql", fmt.Sprintf("%s:%s@tcp(127.0.0.1:3306)/skouter", os.Getenv("DBUser"), os.Getenv("DBPass"))) // w.Header().Set("Content-Type", "application/json; charset=UTF-8") err = db.Ping() if err != nil { fmt.Println("Bad database configuration: %v\n", err) panic(err) // maybe os.Exit(1) instead } var pa = template.Must(template.ParseFiles("views/master.tpl", "views/test.tpl")) // claims, err := getClaims(r) if err != nil { w.WriteHeader(500); return } users, err := queryUsers(db, 1) info := struct { Title string Name string User User }{ Title: "test PDF", Name: "idk-random-name", User: users[0], } // fmt.Println(info) err = pa.Execute(w, info) if err != nil {fmt.Println(err)} } func clipLetterhead(w http.ResponseWriter, db *sql.DB, r *http.Request) { var validTypes []string = []string{"image/png", "image/jpeg"} var isValidType bool var err error // claims, err := getClaims(r) if err != nil { http.Error(w, "Invalid token.", 422); return } img, t, err := image.Decode(r.Body) if err != nil { http.Error(w, "Invalid file.", 422); return } for _, v := range validTypes { if v == "image/"+t { isValidType = true } } if !isValidType { http.Error(w, "Invalid file type.", 422); return } g := gift.New( gift.ResizeToFit(400, 200, gift.LanczosResampling), ) dst := image.NewRGBA(g.Bounds(img.Bounds())) g.Draw(dst, img) w.Header().Set("Content-Type", "image/png") err = png.Encode(w, dst) if err != nil { http.Error(w, "Error encoding.", 500); return } } func api(w http.ResponseWriter, r *http.Request) { var args []string p := r.URL.Path db, err := sql.Open("mysql", fmt.Sprintf("%s:%s@tcp(127.0.0.1:3306)/%s", os.Getenv("DBUser"), os.Getenv("DBPass"), os.Getenv("DBName"), )) w.Header().Set("Content-Type", "application/json; charset=UTF-8") err = db.Ping() if err != nil { fmt.Println("Bad database configuration: %v\n", err) panic(err) // maybe os.Exit(1) instead } switch { case match(p, "/api/login", &args) && r.Method == http.MethodPost: login(w, db, r) case match(p, "/api/token", &args) && r.Method == http.MethodGet && guard(r, 1): getToken(w, db, r) case match(p, "/api/letterhead", &args) && r.Method == http.MethodPost && guard(r, 1): clipLetterhead(w, db, r) case match(p, "/api/users", &args) && // Array of all users r.Method == http.MethodGet && guard(r, 3): getUsers(w, db, r) case match(p, "/api/user", &args) && r.Method == http.MethodGet && guard(r, 1): getUser(w, db, r) case match(p, "/api/user", &args) && r.Method == http.MethodPost && guard(r, 3): createUser(w, db, r) case match(p, "/api/user", &args) && r.Method == http.MethodPatch && guard(r, 3): // For admin to modify any user patchUser(w, db, r) case match(p, "/api/user", &args) && r.Method == http.MethodPatch && guard(r, 1): // For employees to modify own accounts patchSelf(w, db, r) case match(p, "/api/user", &args) && r.Method == http.MethodDelete && guard(r, 3): deleteUser(w, db, r) case match(p, "/api/user/avatar", &args) && r.Method == http.MethodGet && guard(r, 1): getAvatar(w, db, r) case match(p, "/api/user/avatar", &args) && r.Method == http.MethodPost && guard(r, 1): setAvatar(w, db, r) case match(p, "/api/user/letterhead", &args) && r.Method == http.MethodGet && guard(r, 1): getLetterhead(w, db, r) case match(p, "/api/user/letterhead", &args) && r.Method == http.MethodPost && guard(r, 1): setLetterhead(w, db, r) case match(p, "/api/user/password", &args) && r.Method == http.MethodPost && guard(r, 1): changePassword(w, db, r) case match(p, "/api/fees", &args) && r.Method == http.MethodGet && guard(r, 1): getFeesTemp(w, db, r) case match(p, "/api/fee", &args) && r.Method == http.MethodPost && guard(r, 1): createFeesTemp(w, db, r) case match(p, "/api/fee", &args) && r.Method == http.MethodDelete && guard(r, 1): deleteFeeTemp(w, db, r) case match(p, "/api/estimates", &args) && r.Method == http.MethodGet && guard(r, 1): fetchEstimate(w, db, r) case match(p, "/api/estimate", &args) && r.Method == http.MethodPost && guard(r, 1): createEstimate(w, db, r) case match(p, "/api/estimate/validate", &args) && r.Method == http.MethodPost && guard(r, 1): validateEstimate(w, db, r) case match(p, "/api/estimate/summarize", &args) && r.Method == http.MethodPost && guard(r, 1): summarize(w, db, r) default: http.Error(w, "Invalid route or token", 404) } db.Close() } func route(w http.ResponseWriter, r *http.Request) { var page Page var args []string p := r.URL.Path switch { case r.Method == "GET" && match(p, "/", &args): page = pages[ "home" ] case match(p, "/terms", &args): page = pages[ "terms" ] case match(p, "/app", &args): page = pages[ "app" ] case match(p, "/test", &args): showPDF(w, r) return default: http.NotFound(w, r) return } page.Render(w) } func serve() { files := http.FileServer(http.Dir("")) http.Handle("/assets/", files) http.HandleFunc("/api/", api) http.HandleFunc("/", route) log.Fatal(http.ListenAndServe(address, nil)) } func dev(args []string) { if len(args) == 0 { os.Setenv("DBName", "skouter_dev") os.Setenv("DBUser", "tester") os.Setenv("DBPass", "test123") serve() } } func main() { if len(os.Args) <= 1 { serve() } if os.Args[1] == "dev" { dev(os.Args[2:]) } }