package main import ( "os" "os/exec" "net/http" "net/mail" "log" "sync" "regexp" "html/template" "database/sql" _ "github.com/go-sql-driver/mysql" "fmt" "encoding/json" "encoding/base64" "strconv" "bytes" "time" "errors" "strings" "math" "io" // pdf "github.com/SebastiaanKlippert/go-wkhtmltopdf" "github.com/golang-jwt/jwt/v4" "github.com/disintegration/gift" "github.com/brianvoe/gofakeit/v6" "github.com/dustin/go-humanize" "image" "image/png" _ "image/jpeg" ) type Config struct { DBName string DBUsername string DBPassword string } type Address struct { Id int `json:"id"` Full string `json:"full"` Street string `json:"street"` City string `json:"city"` Region string `json:"region"` Country string `json:"country"` Zip string `json:"zip"` } type Branch struct { Id int `json:"id"` Name string `json:"name"` Type string `json:"type"` Letterhead []byte `json:"letterhead"` Num string `json:"num"` Phone string `json:"phone"` Address Address `json:"address"` } type User struct { Id int `json:"id"` Email string `json:"email"` FirstName string `json:"firstName"` LastName string `json:"lastName"` Phone string `json:"phone"` Address Address `json:"address"` Branch Branch `json:"branch"` License License `json:"license"` Status string `json:"status"` Country string `json:"country"` Title string `json:"title"` Verified bool `json:"verified"` Role string `json:"role"` Password string `json:"password,omitempty"` } type License struct { Id int `json:"id"` UserId int `json:"userId"` Type string `json:"type"` Num string `json:"num"` } type UserClaims struct { Id int `json:"id"` Role string `json:"role"` Exp string `json:"exp"` } type Page struct { tpl *template.Template Title string Name string } type Borrower struct { Id int `json:"id"` Credit int `json:"credit"` Income int `json:"income"` Num int `json:"num"` } type FeeTemplate struct { Id int `json:"id"` User int `json:"user"` Branch int `json:"branch"` Amount int `json:"amount"` Perc float32 `json:"perc"` Type string `json:"type"` Notes string `json:"notes"` Name string `json:"name"` Category string `json:"category"` Auto bool `json:"auto"` } type Fee struct { Id int `json:"id"` LoanId int `json:"loan_id"` Amount int `json:"amount"` Perc float32 `json:"perc"` Type string `json:"type"` Notes string `json:"notes"` Name string `json:"name"` Category string `json:"category"` } type LoanType struct { Id int `json:"id"` User int `json:"user"` Branch int `json:"branch"` Name string `json:"name"` } type Loan struct { Id int `json:"id"` EstimateId int `json:"estimateId"` Type LoanType `json:"type"` Amount int `json:"amount"` Amortization string `json:"amortization"` Term int `json:"term"` Ltv float32 `json:"ltv"` Dti float32 `json:"dti"` Hoi int `json:"hoi"` Hazard int `json:"hazard"` Tax int `json:"tax"` Interest float32 `json:"interest"` Mi MI `json:"mi"` Fees []Fee `json:"fees"` Credits []Fee // Fees with negative amounts for internal use Name string `json:"title"` Result Result `json:"result"` } type MI struct { Type string `json:"user"` Label string `json:"label"` Lender string `json:"lender"` Rate float32 `json:"rate"` Premium int `json:"premium"` Upfront int `json:"upfront"` Monthly bool `json:"monthly"` FiveYearTotal float32 `json:"fiveYearTotal"` InitialAllInPremium float32 `json:"initialAllInPremium"` InitialAllInRate float32 `json:"initialAllInRate"` InitialAmount float32 `json:"initialAmount"` } type Result struct { Id int `json:"id"` LoanId int `json:"loanId"` LoanPayment int `json:"loanPayment"` TotalMonthly int `json:"totalMonthly"` TotalFees int `json:"totalFees"` TotalCredits int `json:"totalCredits"` CashToClose int `json:"cashToClose"` } type Estimate struct { Id int `json:"id"` User int `json:"user"` Borrower Borrower `json:"borrower"` Transaction string `json:"transaction"` Price int `json:"price"` Property string `json:"property"` Occupancy string `json:"occupancy"` Zip string `json:"zip"` Pud bool `json:"pud"` Loans []Loan `json:"loans"` } type ETemplate struct { Id int `json:"id"` Estimate Estimate `json:"estimate"` UserId int `json:"userId"` BranchId int `json:"branchId"` } type Report struct { Title string Name string Avatar string Letterhead string User User Estimate Estimate } type Password struct { Old string `json:"old"` New string `json:"new"` } type Endpoint func (http.ResponseWriter, *sql.DB, *http.Request) var ( regexen = make(map[string]*regexp.Regexp) relock sync.Mutex address = "127.0.0.1:8001" ) var paths = map[string]string { "home": "views/home.tpl", "terms": "views/terms.tpl", "app": "views/app.tpl", "comparison": "views/report/comparison.tpl", } var pages = map[string]Page { "home": cache("home", "Home"), "terms": cache("terms", "Terms and Conditions"), "report": cachePdf("comparison"), "app": cache("app", "App"), } var roles = map[string]int{ "User": 1, "Manager": 2, "Admin": 3, } var propertyTypes = []string{ "Single Detached", "Single Attached", "Condo Lo-rise", "Condo Hi-rise", } var feeTypes = []string{ "Government", "Title", "Required", "Lender", "Other", } // Used to validate claim in JWT token body. Checks if user id is greater than // zero and time format is valid func (c UserClaims) Valid() error { if c.Id < 1 { return errors.New("Invalid id") } t, err := time.Parse(time.UnixDate, c.Exp) if err != nil { return err } if t.Before(time.Now()) { return errors.New("Token expired.") } return err } func cache(name string, title string) Page { var p = []string{"views/master.tpl", paths[name]} tpl := template.Must(template.ParseFiles(p...)) return Page{tpl: tpl, Title: title, Name: name} } func cachePdf(name string) Page { // Money is stored in cents, so it must be converted to dollars in reports dollars := func(cents int) string { return humanize.Commaf(float64(cents)/100) } // For calculating down payments diff := func(a, b int) string { return humanize.Commaf(float64(b - a)/100) } sortFees := func(ftype string, fees []Fee) []Fee { result := make([]Fee, 0) for i := range fees { if fees[i].Type != ftype { continue } result = append(result, fees[i]) } return result } fm := template.FuncMap{ "dollars": dollars, "diff": diff, "sortFees": sortFees } var p = []string{"views/report/master.tpl", "views/report/header.tpl", "views/report/summary.tpl", "views/report/comparison.tpl"} tpl := template.Must(template.New("master.tpl").Funcs(fm).ParseFiles(p...)) return Page{ tpl: tpl, Title: "", Name: name } } func (page Page) Render(w http.ResponseWriter) { err := page.tpl.Execute(w, page) if err != nil { log.Print(err) } } func match(path, pattern string, args *[]string) bool { relock.Lock() defer relock.Unlock() regex := regexen[pattern] if regex == nil { regex = regexp.MustCompile("^" + pattern + "$") regexen[pattern] = regex } matches := regex.FindStringSubmatch(path) if len(matches) <= 0 { return false } *args = matches[1:] return true } func (estimate *Estimate) makeResults() []Result { var results []Result amortize := func(principle float64, rate float64, periods float64) int { exp := math.Pow(1+rate, periods) return int(principle * rate * exp / (exp - 1)) } for i := range estimate.Loans { var loan = &estimate.Loans[i] var result Result = Result{} // Monthly payments use amortized loan payment formula plus monthly MI, // plus all other recurring fees result.LoanPayment = amortize(float64(loan.Amount), float64(loan.Interest / 100 / 12), float64(loan.Term * 12)) result.TotalMonthly = result.LoanPayment + loan.Hoi + loan.Tax + loan.Hazard if loan.Mi.Monthly { result.TotalMonthly = result.TotalMonthly + int(loan.Mi.Rate/100/12*float32(loan.Amount)) } else { loan.Mi.Upfront = int(loan.Mi.Rate/100*float32(loan.Amount)) } for i := range loan.Fees { if loan.Fees[i].Amount > 0 { result.TotalFees = result.TotalFees + loan.Fees[i].Amount } else { result.TotalCredits = result.TotalCredits + loan.Fees[i].Amount } } result.CashToClose = result.TotalFees + result.TotalCredits + (estimate.Price - loan.Amount) result.LoanId = loan.Id loan.Result = result results = append(results, result) } return results } func summarize(w http.ResponseWriter, db *sql.DB, r *http.Request) { var estimate Estimate err := json.NewDecoder(r.Body).Decode(&estimate) if err != nil { http.Error(w, "Invalid estimate.", 422); return } estimate.makeResults() json.NewEncoder(w).Encode(estimate) } func getLoanType( db *sql.DB, id int) (LoanType, error) { types, err := getLoanTypes(db, id, 0, 0) if err != nil { return LoanType{Id: id}, err } if len(types) == 0 { return LoanType{Id: id}, errors.New("No type with that id") } return types[0], nil } func getLoanTypes( db *sql.DB, id int, user int, branch int ) ( []LoanType, error) { var loans []LoanType var query = `SELECT id, coalesce(user_id, 0), coalesce(branch_id, 0), name FROM loan_type WHERE loan_type.id = CASE @e := ? WHEN 0 THEN id ELSE @e END OR loan_type.user_id = CASE @e := ? WHEN 0 THEN id ELSE @e END OR loan_type.branch_id = CASE @e := ? WHEN 0 THEN id ELSE @e END` // Should be changed to specify user rows, err := db.Query(query, id, user, branch) if err != nil { return nil, fmt.Errorf("loan_type error: %v", err) } defer rows.Close() for rows.Next() { var loan LoanType if err := rows.Scan( &loan.Id, &loan.User, &loan.Branch, &loan.Name) err != nil { log.Printf("Error occured fetching loan: %v", err) return nil, fmt.Errorf("Error occured fetching loan: %v", err) } loans = append(loans, loan) } return loans, nil } func getFees(db *sql.DB, loan int) ([]Fee, error) { var fees []Fee query := `SELECT id, loan_id, amount, perc, type, notes, name, category FROM fee WHERE loan_id = ?` rows, err := db.Query(query, loan) if err != nil { return nil, fmt.Errorf("Fee query error %v", err) } defer rows.Close() for rows.Next() { var fee Fee if err := rows.Scan( &fee.Id, &fee.LoanId, &fee.Amount, &fee.Perc, &fee.Type, &fee.Notes, &fee.Name, &fee.Category, ) err != nil { return nil, fmt.Errorf("Fees scanning error: %v", err) } fees = append(fees, fee) } return fees, nil } func fetchFeesTemp(db *sql.DB, user int, branch int) ([]FeeTemplate, error) { var fees []FeeTemplate query := `SELECT id, user_id, COALESCE(branch_id, 0), amount, perc, type, notes, name, category, auto FROM fee_template WHERE user_id = ? OR branch_id = ? ` rows, err := db.Query(query, user, branch) if err != nil { return nil, fmt.Errorf("Fee template query error %v", err) } defer rows.Close() for rows.Next() { var fee FeeTemplate if err := rows.Scan( &fee.Id, &fee.User, &fee.Branch, &fee.Amount, &fee.Perc, &fee.Type, &fee.Notes, &fee.Name, &fee.Category, &fee.Auto) err != nil { return nil, fmt.Errorf("FeesTemplate scanning error: %v", err) } fees = append(fees, fee) } return fees, nil } // Fetch fees from the database func getFeesTemp(w http.ResponseWriter, db *sql.DB, r *http.Request) { var fees []FeeTemplate claims, err := getClaims(r) if err != nil { w.WriteHeader(500); return } user, err := queryUser(db, claims.Id) if err != nil { w.WriteHeader(422); return } fees, err = fetchFeesTemp(db, claims.Id, user.Branch.Id) json.NewEncoder(w).Encode(fees) } // Fetch fees from the database func createFeesTemp(w http.ResponseWriter, db *sql.DB, r *http.Request) { var fee FeeTemplate var query string var row *sql.Row var err error claims, err := getClaims(r) // var id int // Inserted estimate's id err = json.NewDecoder(r.Body).Decode(&fee) if err != nil { w.WriteHeader(422); return } query = `INSERT INTO fee_template ( user_id, branch_id, amount, perc, type, notes, name, auto ) VALUES (?, NULL, ?, ?, ?, ?, ?, ?) RETURNING id ` row = db.QueryRow(query, claims.Id, fee.Amount, fee.Perc, fee.Type, fee.Notes, fee.Name, fee.Auto, ) err = row.Scan(&fee.Id) if err != nil { w.WriteHeader(500); return } json.NewEncoder(w).Encode(fee) } // Fetch fees from the database func deleteFeeTemp(w http.ResponseWriter, db *sql.DB, r *http.Request) { var fee FeeTemplate var query string var err error // claims, err := getClaims(r) // var id int // Inserted estimate's id err = json.NewDecoder(r.Body).Decode(&fee) if err != nil { w.WriteHeader(422); return } query = `DELETE FROM fee_template WHERE id = ?` _, err = db.Exec(query, fee.Id) if err != nil { w.WriteHeader(500); return } } func deleteEstimate(w http.ResponseWriter, db *sql.DB, r *http.Request) { var estimate Estimate var err error err = json.NewDecoder(r.Body).Decode(&estimate) if err != nil { w.WriteHeader(422); return } claims, err := getClaims(r) err = estimate.del(db, claims.Id) if err != nil { http.Error(w, err.Error(), 500); return } } func deleteET(w http.ResponseWriter, db *sql.DB, r *http.Request) { var et ETemplate var err error err = json.NewDecoder(r.Body).Decode(&et) if err != nil { w.WriteHeader(422); return } claims, err := getClaims(r) err = et.del(db, claims.Id) if err != nil { http.Error(w, err.Error(), 500); return } } func getMi(db *sql.DB, loan int) (MI, error) { var mi MI query := `SELECT type, label, lender, rate, premium, upfront, five_year_total, initial_premium, initial_rate, initial_amount FROM mi WHERE loan_id = ?` rows, err := db.Query(query, loan) if err != nil { return mi, err } defer rows.Close() if (!rows.Next()) { return mi, nil } if err := rows.Scan( &mi.Type, &mi.Label, &mi.Lender, &mi.Rate, &mi.Premium, &mi.Upfront, &mi.FiveYearTotal, &mi.InitialAllInPremium, &mi.InitialAllInRate, &mi.InitialAmount, ) err != nil { return mi, err } return mi, nil } func (estimate *Estimate) getBorrower(db *sql.DB) error { query := `SELECT id, credit_score, monthly_income, num FROM borrower WHERE estimate_id = ? LIMIT 1` row := db.QueryRow(query, estimate.Id) if err := row.Scan( &estimate.Borrower.Id, &estimate.Borrower.Credit, &estimate.Borrower.Income, &estimate.Borrower.Num, ) err != nil { return fmt.Errorf("Borrower scanning error: %v", err) } return nil } // Query Lender APIs and parse responses into MI structs func fetchMi(db *sql.DB, estimate *Estimate, pos int) []MI { var loan Loan = estimate.Loans[pos] var ltv = func(l float32) string { switch { case l > 95: return "LTV97" case l > 90: return "LTV95" case l > 85: return "LTV90" default: return "LTV85" } } var term = func(t int) string { switch { case t <= 10: return "A10" case t <= 15: return "A15" case t <= 20: return "A20" case t <= 25: return "A25" case t <= 30: return "A30" default: return "A40" } } var propertyCodes = map[string]string { "Single Attached": "SFO", "Single Detached": "SFO", "Condo Lo-rise": "CON", "Condo Hi-rise": "CON", } var purposeCodes = map[string]string { "Purchase": "PUR", "Refinance": "RRT", } body, err := json.Marshal(map[string]any{ "zipCode": estimate.Zip, "stateCode": "CA", "address": "", "propertyTypeCode": propertyCodes[estimate.Property], "occupancyTypeCode": "PRS", "loanPurposeCode": purposeCodes[estimate.Transaction], "loanAmount": loan.Amount, "loanToValue": ltv(loan.Ltv), "amortizationTerm": term(loan.Term), "loanTypeCode": "FXD", "duLpDecisionCode": "DAE", "loanProgramCodes": []any{}, "debtToIncome": loan.Dti, "wholesaleLoan": 0, "coveragePercentageCode": "L30", "productCode": "BPM", "renewalTypeCode": "CON", "numberOfBorrowers": 1, "coBorrowerCreditScores": []any{}, "borrowerCreditScore": strconv.Itoa(estimate.Borrower.Credit), "masterPolicy": nil, "selfEmployedIndicator": false, "armType": "", "userId": 44504, }) /* if err != nil { log.Printf("Could not marshal NationalMI body: \n%v\n%v\n", bytes.NewBuffer(body), err) func queryAddress(db *sql.DB, id int) ( Address, error ) { var address Address = Address{Id: id} var err error row := db.QueryRow( `SELECT id, full_address, street, city, region, country, zip FROM address WHERE id = ?`, id) err = row.Scan( &address.Id, &address.Full, &address.Street, &address.City, &address.Region, &address.Country, &address.Zip, ) return address, err } } */ req, err := http.NewRequest("POST", "https://rate-gps.nationalmi.com/rates/productRateQuote", bytes.NewBuffer(body)) req.Header.Add("Content-Type", "application/json") req.AddCookie(&http.Cookie{ Name: "nmirategps_email", Value: os.Getenv("NationalMIEmail")}) resp, err := http.DefaultClient.Do(req) var res map[string]interface{} var result []MI if resp.StatusCode != 200 { log.Printf("the status: %v\nthe resp: %v\n the req: %v\n the body: %v\n", resp.Status, resp, req.Body, bytes.NewBuffer(body)) } else { json.NewDecoder(resp.Body).Decode(&res) // estimate.Loans[pos].Mi = res // Parse res into result here } log.Println(err) return result } // Make comparison PDF func generatePDF(w http.ResponseWriter, db *sql.DB, r *http.Request) { } func login(w http.ResponseWriter, db *sql.DB, r *http.Request) { var id int var role string var err error var user User json.NewDecoder(r.Body).Decode(&user) row := db.QueryRow( `SELECT id, role FROM user WHERE email = ? AND password = sha2(?, 256)`, user.Email, user.Password, ) err = row.Scan(&id, &role) if err != nil { http.Error(w, "Invalid Credentials.", http.StatusUnauthorized) return } token := jwt.NewWithClaims(jwt.SigningMethodHS256, UserClaims{ Id: id, Role: role, Exp: time.Now().Add(time.Minute * 30).Format(time.UnixDate)}) tokenStr, err := token.SignedString([]byte(os.Getenv("JWT_SECRET"))) if err != nil { log.Println("Token could not be signed: ", err, tokenStr) http.Error(w, "Token generation error.", http.StatusInternalServerError) return } cookie := http.Cookie{Name: "skouter", Value: tokenStr, Path: "/", Expires: time.Now().Add(time.Hour * 24)} http.SetCookie(w, &cookie) _, err = w.Write([]byte(tokenStr)) if err != nil { http.Error(w, "Could not complete token write.", http.StatusInternalServerError)} } func getToken(w http.ResponseWriter, db *sql.DB, r *http.Request) { claims, err := getClaims(r) // Will verify existing signature and expiry time token := jwt.NewWithClaims(jwt.SigningMethodHS256, UserClaims{ Id: claims.Id, Role: claims.Role, Exp: time.Now().Add(time.Minute * 30).Format(time.UnixDate)}) tokenStr, err := token.SignedString([]byte(os.Getenv("JWT_SECRET"))) if err != nil { log.Println("Token could not be signed: ", err, tokenStr) http.Error(w, "Token generation error.", http.StatusInternalServerError) return } cookie := http.Cookie{Name: "skouter", Value: tokenStr, Path: "/", Expires: time.Now().Add(time.Hour * 24)} http.SetCookie(w, &cookie) _, err = w.Write([]byte(tokenStr)) if err != nil { http.Error(w, "Could not complete token write.", http.StatusInternalServerError)} } func getClaims(r *http.Request) (UserClaims, error) { claims := new(UserClaims) _, tokenStr, found := strings.Cut(r.Header.Get("Authorization"), " ") if !found { return *claims, errors.New("Token not found") } // Pull token payload into UserClaims _, err := jwt.ParseWithClaims(tokenStr, claims, func(token *jwt.Token) (any, error) { return []byte(os.Getenv("JWT_SECRET")), nil }) if err != nil { return *claims, err } if err = claims.Valid(); err != nil { return *claims, err } return *claims, nil } func guard(r *http.Request, required int) bool { claims, err := getClaims(r) if err != nil { return false } if roles[claims.Role] < required { return false } return true } // Inserts an address and returns it's ID along with any errors. func insertAddress(db *sql.DB, address Address) (int, error){ var query string var row *sql.Row var err error var id int // Inserted user's id query = `INSERT INTO address ( full_address, street, city, region, country, zip ) VALUES (?, ?, ?, ?, ?, ?) RETURNING id ` row = db.QueryRow(query, address.Full, address.Street, address.City, address.Region, address.Country, address.Zip, ) err = row.Scan(&id) return id, err } // Inserts an address and returns it's ID along with any errors. func insertBranch(db *sql.DB, branch Branch) (int, error){ var query string var row *sql.Row var err error var id int // Inserted user's id query = `INSERT INTO branch ( name, type, letterhead, num, phone, address ) VALUES (?, ?, ?, ?, ?, ?) RETURNING id ` row = db.QueryRow(query, branch.Name, branch.Type, branch.Letterhead, branch.Num, branch.Phone, branch.Address.Id, ) err = row.Scan(&id) return id, err } // Inserts an address and returns it's ID along with any errors. func insertLicense(db *sql.DB, license License) (int, error) { var query string var row *sql.Row var err error var id int // Inserted license's id query = `INSERT INTO license ( user_id, type, num ) VALUES (?, ?, ?) RETURNING id ` row = db.QueryRow(query, license.UserId, license.Type, license.Num, ) err = row.Scan(&id) return id, err } func queryLicense(db *sql.DB, user int) ( License, error ) { var license License = License{UserId: user} var err error row := db.QueryRow( `SELECT id, type, num FROM license WHERE user_id = ?`, user) err = row.Scan( &license.Id, &license.Type, &license.Num, ) return license, err } func queryAddress(db *sql.DB, id int) ( Address, error ) { var address Address = Address{Id: id} var err error row := db.QueryRow( `SELECT id, full_address, street, city, region, country, zip FROM address WHERE id = ?`, id) err = row.Scan( &address.Id, &address.Full, &address.Street, &address.City, &address.Region, &address.Country, &address.Zip, ) return address, err } func queryBranch(db *sql.DB, id int) ( Branch, error ) { var branch Branch = Branch{Id: id} var err error row := db.QueryRow( `SELECT id, name, type, letterhead, num, phone, address FROM branch WHERE id = ?`, id) err = row.Scan( &branch.Id, &branch.Name, &branch.Type, &branch.Letterhead, &branch.Num, &branch.Phone, &branch.Address.Id, ) return branch, err } func queryUser(db *sql.DB, id int) (User, error ) { var user User var query string var err error query = `SELECT u.id, u.email, u.first_name, u.last_name, coalesce(u.branch_id, 0), u.country, u.title, coalesce(u.status, ''), u.verified, u.role, u.address, u.phone FROM user u WHERE u.id = CASE @e := ? WHEN 0 THEN u.id ELSE @e END ` row := db.QueryRow(query, id) if err != nil { return user, err } err = row.Scan( &user.Id, &user.Email, &user.FirstName, &user.LastName, &user.Branch.Id, &user.Country, &user.Title, &user.Status, &user.Verified, &user.Role, &user.Address.Id, &user.Phone, ) if err != nil { return user, err } user.Address, err = queryAddress(db, user.Address.Id) if err != nil { return user, err } user.Branch, err = queryBranch(db, user.Branch.Id) if err != nil { return user, err } return user, nil } // Can probably be deleted. func queryUsers(db *sql.DB, id int) ( []User, error ) { var users []User var query string var rows *sql.Rows var err error query = `SELECT u.id, u.email, u.first_name, u.last_name, coalesce(u.branch_id, 0), u.country, u.title, coalesce(u.status, ''), u.verified, u.role, u.address, u.phone FROM user u WHERE u.id = CASE @e := ? WHEN 0 THEN u.id ELSE @e END ` rows, err = db.Query(query, id) if err != nil { return users, err } defer rows.Close() for rows.Next() { var user User if err := rows.Scan( &user.Id, &user.Email, &user.FirstName, &user.LastName, &user.Branch.Id, &user.Country, &user.Title, &user.Status, &user.Verified, &user.Role, &user.Address.Id, &user.Phone, ) err != nil { return users, err } user.Address, err = queryAddress(db, user.Address.Id) if err != nil { return users, err } user.Branch, err = queryBranch(db, user.Branch.Id) if err != nil { return users, err } users = append(users, user) } // Prevents runtime panics if len(users) == 0 { return users, errors.New("User not found.") } return users, nil } func (estimate *Estimate) insertResults(db *sql.DB) (error){ var query string var row *sql.Row var err error var id int query = `INSERT INTO estimate_result ( loan_id, loan_payment, total_monthly, total_fees, total_credits, cash_to_close ) VALUES (?, ?, ?, ?, ?, ?) RETURNING id ` for i := range estimate.Loans { r := estimate.Loans[i].Result r.LoanId = estimate.Loans[i].Id row = db.QueryRow(query, r.LoanId, r.LoanPayment, r.TotalMonthly, r.TotalFees, r.TotalCredits, r.CashToClose, ) err = row.Scan(&id) if err != nil { return err } r.Id = id } return nil } func insertUser(db *sql.DB, user User) (User, error){ var query string var row *sql.Row var err error var id int // Inserted user's id user.Address.Id, err = insertAddress(db, user.Address) if err != nil { return user, err } query = `INSERT INTO user ( email, first_name, last_name, password, role, title, status, verified, address, country, branch_id, phone, created, last_login ) VALUES (?, ?, ?, sha2(?, 256), ?, ?, ?, ?, ?, ?, CASE @b := ? WHEN 0 THEN NULL ELSE @b END, ?, NOW(), NOW()) RETURNING id ` row = db.QueryRow(query, user.Email, user.FirstName, user.LastName, user.Password, user.Role, user.Title, user.Status, user.Verified, user.Address.Id, user.Country, user.Branch.Id, user.Phone, ) err = row.Scan(&id) if err != nil { return User{}, err } user, err = queryUser(db, id) if err != nil { return User{}, err } return user, nil } func updateAddress(address Address, db *sql.DB) error { query := ` UPDATE address SET full_address = CASE @e := ? WHEN '' THEN full_address ELSE @e END, street = CASE @fn := ? WHEN '' THEN street ELSE @fn END, city = CASE @ln := ? WHEN '' THEN city ELSE @ln END, region = CASE @r := ? WHEN '' THEN region ELSE @r END, country = CASE @r := ? WHEN '' THEN country ELSE @r END, zip = CASE @r := ? WHEN '' THEN zip ELSE @r END WHERE id = ? ` _, err := db.Exec(query, address.Full, address.Street, address.City, address.Region, address.Country, address.Zip, address.Id, ) return err } func updateUser(user User, db *sql.DB) error { query := ` UPDATE user SET email = CASE @e := ? WHEN '' THEN email ELSE @e END, first_name = CASE @fn := ? WHEN '' THEN first_name ELSE @fn END, last_name = CASE @ln := ? WHEN '' THEN last_name ELSE @ln END, role = CASE @r := ? WHEN '' THEN role ELSE @r END, password = CASE @p := ? WHEN '' THEN password ELSE sha2(@p, 256) END WHERE id = ? ` _, err := db.Exec(query, user.Email, user.FirstName, user.LastName, user.Role, user.Password, user.Id, ) return err } func getUser(w http.ResponseWriter, db *sql.DB, r *http.Request) { claims, err := getClaims(r) if err != nil { w.WriteHeader(500); return } user, err := queryUser(db, claims.Id) if err != nil { w.WriteHeader(422); log.Println(err); return } json.NewEncoder(w).Encode(user) } func getUsers(w http.ResponseWriter, db *sql.DB, r *http.Request) { users, err := queryUsers(db, 0) if err != nil { w.WriteHeader(http.StatusInternalServerError) return } json.NewEncoder(w).Encode(users) } // Updates a user using only specified values in the JSON body func setUser(user User, db *sql.DB) error { _, err := mail.ParseAddress(user.Email) if err != nil { return err } if roles[user.Role] == 0 { return errors.New("Invalid role") } err = updateUser(user, db) if err != nil { return err } err = updateAddress(user.Address, db) if err != nil { return err } return nil } func patchUser(w http.ResponseWriter, db *sql.DB, r *http.Request) { var user User err := json.NewDecoder(r.Body).Decode(&user) if err != nil { http.Error(w, "Invalid fields", 422); return } err = setUser(user, db) if err != nil { http.Error(w, err.Error(), 422); return } } // Update specified fields of the user specified in the claim func patchSelf(w http.ResponseWriter, db *sql.DB, r *http.Request) { claim, err := getClaims(r) var user User json.NewDecoder(r.Body).Decode(&user) // First check that the target user to be updated is the same as the claim id, and // their role is unchanged. if err != nil || claim.Id != user.Id { http.Error(w, "Target user's id does not match claim.", 401) return } if claim.Role != user.Role && user.Role != "" { http.Error(w, "Administrator required to escalate role.", 401) return } err = setUser(user, db) if err != nil { http.Error(w, err.Error(), 422); return } } func deleteUser(w http.ResponseWriter, db *sql.DB, r *http.Request) { var user User err := json.NewDecoder(r.Body).Decode(&user) if err != nil { http.Error(w, "Invalid fields.", 422) return } query := `DELETE FROM user WHERE id = ?` _, err = db.Exec(query, user.Id) if err != nil { http.Error(w, "Could not delete.", 500) } } func createUser(w http.ResponseWriter, db *sql.DB, r *http.Request) { var user User err := json.NewDecoder(r.Body).Decode(&user) if err != nil { http.Error(w, "Invalid fields.", 422); return } _, err = mail.ParseAddress(user.Email) if err != nil { http.Error(w, "Invalid email.", 422); return } if roles[user.Role] == 0 { http.Error(w, "Invalid role.", 422) } user, err = insertUser(db, user) if err != nil { http.Error(w, "Error creating user.", 422); return } json.NewEncoder(w).Encode(user) } func checkPassword(db *sql.DB, id int, pass string) bool { var p string query := `SELECT password FROM user WHERE user.id = ? AND password = sha2(?, 256) ` row := db.QueryRow(query, id, pass) err := row.Scan(&p) if err != nil { return false } return true } func setPassword(db *sql.DB, id int, pass string) error { query := `UPDATE user SET password = sha2(?, 256) WHERE user.id = ? ` _, err := db.Exec(query, pass, id) if err != nil { return errors.New("Could not insert password.") } return nil } func changePassword(w http.ResponseWriter, db *sql.DB, r *http.Request) { var pass Password claim, err := getClaims(r) err = json.NewDecoder(r.Body).Decode(&pass) if err != nil { http.Error(w, "Bad fields.", 422); return } if checkPassword(db, claim.Id, pass.Old) { err = setPassword(db, claim.Id, pass.New) } else { http.Error(w, "Incorrect old password.", 401) return } if err != nil { http.Error(w, err.Error(), 500); return } } func fetchAvatar(db *sql.DB, user int) ( []byte, error ) { var img []byte var query string var err error query = `SELECT avatar FROM user WHERE user.id = ? ` row := db.QueryRow(query, user) err = row.Scan(&img) if err != nil { return img, err } return img, nil } func insertAvatar(db *sql.DB, user int, img []byte) error { query := `UPDATE user SET avatar = ? WHERE id = ? ` _, err := db.Exec(query, img, user) if err != nil { return err } return nil } func fetchLetterhead(db *sql.DB, user int) ( []byte, error ) { var img []byte var query string var err error query = `SELECT letterhead FROM user WHERE user.id = ? ` row := db.QueryRow(query, user) err = row.Scan(&img) if err != nil { return img, err } return img, nil } func insertLetterhead(db *sql.DB, user int, img []byte) error { query := `UPDATE user SET letterhead = ? WHERE id = ? ` _, err := db.Exec(query, img, user) if err != nil { return err } return nil } func setAvatar(w http.ResponseWriter, db *sql.DB, r *http.Request) { var validTypes []string = []string{"image/png", "image/jpeg"} var isValidType bool claims, err := getClaims(r) if err != nil { http.Error(w, "Invalid token.", 422); return } img, err := io.ReadAll(r.Body) if err != nil { http.Error(w, "Invalid file.", 422); return } for _, v := range validTypes { if v == http.DetectContentType(img) { isValidType = true } } if !isValidType { http.Error(w, "Invalid file type.", 422); return } err = insertAvatar(db, claims.Id, img) if err != nil { http.Error(w, "Could not insert.", 500); return } } func getAvatar(w http.ResponseWriter, db *sql.DB, r *http.Request) { claims, err := getClaims(r) if err != nil { http.Error(w, "Invalid token.", 422); return } img, err := fetchAvatar(db, claims.Id) if err != nil { http.Error(w, "Could not retrieve.", 500); return } w.Header().Set("Content-Type", http.DetectContentType(img)) w.Write(img) } func setLetterhead(w http.ResponseWriter, db *sql.DB, r *http.Request) { var validTypes []string = []string{"image/png", "image/jpeg"} var isValidType bool claims, err := getClaims(r) if err != nil { http.Error(w, "Invalid token.", 422); return } img, err := io.ReadAll(r.Body) if err != nil { http.Error(w, "Invalid file.", 422); return } for _, v := range validTypes { if v == http.DetectContentType(img) { isValidType = true } } if !isValidType { http.Error(w, "Invalid file type.", 422); return } err = insertLetterhead(db, claims.Id, img) if err != nil { http.Error(w, "Could not insert.", 500); return } } func getLetterhead(w http.ResponseWriter, db *sql.DB, r *http.Request) { claims, err := getClaims(r) if err != nil { http.Error(w, "Invalid token.", 422); return } img, err := fetchLetterhead(db, claims.Id) if err != nil { http.Error(w, "Could not retrieve.", 500); return } w.Header().Set("Content-Type", http.DetectContentType(img)) w.Write(img) } func queryBorrower(db *sql.DB, id int) ( Borrower, error ) { var borrower Borrower var query string var err error query = `SELECT l.id, l.credit_score, l.num, l.monthly_income FROM borrower l WHERE l.id = ? ` row := db.QueryRow(query, id) err = row.Scan( borrower.Id, borrower.Credit, borrower.Num, borrower.Income, ) if err != nil { return borrower, err } return borrower, nil } // Must have an estimate ID 'e', but not necessarily a loan id 'id' func getResults(db *sql.DB, e int, id int) ( []Result, error ) { var results []Result var query string var rows *sql.Rows var err error query = `SELECT r.id, loan_id, loan_payment, total_monthly, total_fees, total_credits, cash_to_close FROM estimate_result r INNER JOIN loan ON r.loan_id = loan.id WHERE r.id = CASE @e := ? WHEN 0 THEN r.id ELSE @e END AND loan.estimate_id = ? ` rows, err = db.Query(query, id, e) if err != nil { return results, err } defer rows.Close() for rows.Next() { var result Result if err := rows.Scan( &result.Id, &result.LoanId, &result.LoanPayment, &result.TotalMonthly, &result.TotalFees, &result.TotalCredits, &result.CashToClose, ) err != nil { return results, err } results = append(results, result) } // Prevents runtime panics // if len(results) == 0 { return results, errors.New("Result not found.") } return results, nil } // Retrieve an estimate result with a specified loan id func getResult(db *sql.DB, loan int) ( Result, error ) { var result Result var query string var err error query = `SELECT r.id, loan_id, loan_payment, total_monthly, total_fees, total_credits, cash_to_close FROM estimate_result r INNER JOIN loan ON r.loan_id = loan.id WHERE loan.Id = ? ` row := db.QueryRow(query, loan) err = row.Scan( &result.Id, &result.LoanId, &result.LoanPayment, &result.TotalMonthly, &result.TotalFees, &result.TotalCredits, &result.CashToClose, ) if err != nil { return result, err } return result, nil } // Must have an estimate ID 'e', but not necessarily a loan id 'id' func getLoans(db *sql.DB, e int, id int) ( []Loan, error ) { var loans []Loan var query string var rows *sql.Rows var err error query = `SELECT l.id, l.type_id, l.estimate_id, l.amount, l.term, l.interest, l.ltv, l.dti, l.hoi, l.tax, l.name FROM loan l WHERE l.id = CASE @e := ? WHEN 0 THEN l.id ELSE @e END AND l.estimate_id = ? ` rows, err = db.Query(query, id, e) if err != nil { return loans, err } defer rows.Close() for rows.Next() { var loan Loan if err := rows.Scan( &loan.Id, &loan.Type.Id, &loan.EstimateId, &loan.Amount, &loan.Term, &loan.Interest, &loan.Ltv, &loan.Dti, &loan.Hoi, &loan.Tax, &loan.Name, ) err != nil { return loans, err } mi, err := getMi(db, loan.Id) if err != nil { return loans, err } loan.Mi = mi fees, err := getFees(db, loan.Id) if err != nil { return loans, err } loan.Fees = fees loan.Result, err = getResult(db, loan.Id) if err != nil { return loans, err } loan.Type, err = getLoanType(db, loan.Type.Id) if err != nil { return loans, err } loans = append(loans, loan) } // Prevents runtime panics if len(loans) == 0 { return loans, errors.New("Loan not found.") } return loans, nil } func getEstimate(db *sql.DB, id int) ( Estimate, error ) { estimates, err := getEstimates(db, id, 0) if err != nil { return Estimate{}, err } return estimates[0], nil } func getEstimates(db *sql.DB, id int, user int) ( []Estimate, error ) { var estimates []Estimate var query string var rows *sql.Rows var err error query = `SELECT id, user_id, transaction, price, property, occupancy, zip, pud FROM estimate WHERE id = CASE @e := ? WHEN 0 THEN id ELSE @e END AND user_id = CASE @e := ? WHEN 0 THEN user_id ELSE @e END ` rows, err = db.Query(query, id, user) if err != nil { return estimates, err } defer rows.Close() for rows.Next() { var estimate Estimate if err := rows.Scan( &estimate.Id, &estimate.User, &estimate.Transaction, &estimate.Price, &estimate.Property, &estimate.Occupancy, &estimate.Zip, &estimate.Pud, ) err != nil { return estimates, err } err := estimate.getBorrower(db) if err != nil { return estimates, err } estimates = append(estimates, estimate) } // Prevents runtime panics if len(estimates) == 0 { return estimates, errors.New("Estimate not found.") } for i := range estimates { estimates[i].Loans, err = getLoans(db, estimates[i].Id, 0) if err != nil { return estimates, err } } return estimates, nil } func queryETemplates(db *sql.DB, id int, user int) ( []ETemplate, error ) { var eTemplates []ETemplate var query string var rows *sql.Rows var err error query = `SELECT id, estimate_id, user_id, branch_id FROM estimate_template WHERE id = CASE @e := ? WHEN 0 THEN id ELSE @e END AND user_id = CASE @e := ? WHEN 0 THEN user_id ELSE @e END ` rows, err = db.Query(query, id, user) if err != nil { return eTemplates, err } defer rows.Close() for rows.Next() { var e ETemplate if err := rows.Scan( &e.Id, &e.Estimate.Id, &e.UserId, &e.BranchId, ) err != nil { return eTemplates, err } e.Estimate, err = getEstimate(db, e.Estimate.Id) if err != nil { return eTemplates, err } eTemplates = append(eTemplates, e) } return eTemplates, nil } // Accepts a borrower struct and returns the id of the inserted borrower and // any related error. func (estimate *Estimate) insertETemplate(db *sql.DB, user int, branch int) error { var query string var err error query = `INSERT INTO estimate_template ( estimate_id, user_id, branch_id ) VALUES (?, ?, ?) ` _, err = db.Exec(query, estimate.Id, user, branch, ) if err != nil { return err } return nil } // Accepts a borrower struct and returns the id of the inserted borrower and // any related error. func (estimate *Estimate) insertBorrower(db *sql.DB) error { var query string var row *sql.Row var err error query = `INSERT INTO borrower ( estimate_id, credit_score, monthly_income, num ) VALUES (?, ?, ?, ?) RETURNING id ` row = db.QueryRow(query, estimate.Id, estimate.Borrower.Credit, estimate.Borrower.Income, estimate.Borrower.Num, ) err = row.Scan(&estimate.Borrower.Id) if err != nil { return err } return nil } func insertMi(db *sql.DB, mi MI) (int, error) { var id int query := `INSERT INTO mi ( type, label, lender, rate, premium, upfront, five_year_total, initial_premium, initial_rate, initial_amount ) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?) RETURNING id` row := db.QueryRow(query, &mi.Type, &mi.Label, &mi.Lender, &mi.Rate, &mi.Premium, &mi.Upfront, &mi.FiveYearTotal, &mi.InitialAllInPremium, &mi.InitialAllInRate, &mi.InitialAmount, ) err := row.Scan(&id) if err != nil { return 0, err } return id, nil } func insertFee(db *sql.DB, fee Fee) (int, error) { var id int query := `INSERT INTO fee (loan_id, amount, perc, type, notes, name, category) VALUES (?, ?, ?, ?, ?, ?, ?) RETURNING id` row := db.QueryRow(query, fee.LoanId, fee.Amount, fee.Perc, fee.Type, fee.Notes, fee.Name, fee.Category, ) err := row.Scan(&id) if err != nil { return 0, err } return id, nil } func insertLoanType(db *sql.DB, lt LoanType) (int, error) { var id int query := `INSERT INTO loan_type (branch_id, user_id, name) VALUES (NULLIF(?, 0), NULLIF(?, 0), ?) RETURNING id` row := db.QueryRow(query, lt.Branch, lt.User, lt.Name, ) err := row.Scan(&id) if err != nil { return 0, err } return id, nil } func (loan *Loan) insertLoan(db *sql.DB) error { var query string var row *sql.Row var err error query = `INSERT INTO loan ( estimate_id, type_id, amount, term, interest, ltv, dti, hoi, tax, name ) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?) RETURNING id ` row = db.QueryRow(query, loan.EstimateId, loan.Type.Id, loan.Amount, loan.Term, loan.Interest, loan.Ltv, loan.Dti, loan.Hoi, loan.Tax, loan.Name, ) err = row.Scan(&loan.Id) if err != nil { return err } _, err = insertMi(db, loan.Mi) if err != nil { return err } for i := range loan.Fees { loan.Fees[i].LoanId = loan.Id _, err := insertFee(db, loan.Fees[i]) if err != nil { return err } } return nil } func (estimate *Estimate) insertEstimate(db *sql.DB) (error){ var query string var row *sql.Row var err error // var id int // Inserted estimate's id query = `INSERT INTO estimate ( user_id, transaction, price, property, occupancy, zip, pud ) VALUES (?, ?, ?, ?, ?, ?, ?) RETURNING id ` row = db.QueryRow(query, estimate.User, estimate.Transaction, estimate.Price, estimate.Property, estimate.Occupancy, estimate.Zip, estimate.Pud, ) err = row.Scan(&estimate.Id) if err != nil { return err } err = estimate.insertBorrower(db) if err != nil { return err } for i := range estimate.Loans { estimate.Loans[i].EstimateId = estimate.Id err = estimate.Loans[i].insertLoan(db) if err != nil { return err } } return nil } func (estimate *Estimate) del(db *sql.DB, user int) (error) { var query string var err error query = `DELETE FROM estimate WHERE id = ? AND user_id = ?` _, err = db.Exec(query, estimate.Id, user) if err != nil { return err } return nil } func (et *ETemplate) del(db *sql.DB, user int) (error) { var query string var err error query = `DELETE FROM estimate_template WHERE id = ? AND user_id = ?` _, err = db.Exec(query, et.Id, user) if err != nil { return err } return nil } func (eTemplate *ETemplate) insert(db *sql.DB) (error) { var query string var row *sql.Row var err error query = `INSERT INTO estimate_template ( user_id, branch_id, estimate_id, ) VALUES (?, ?, ?) RETURNING id ` row = db.QueryRow(query, eTemplate.UserId, eTemplate.BranchId, eTemplate.Estimate.Id, ) err = row.Scan(&eTemplate.Id) if err != nil { return err } return nil } func createEstimate(w http.ResponseWriter, db *sql.DB, r *http.Request) { var estimate Estimate err := json.NewDecoder(r.Body).Decode(&estimate) if err != nil { http.Error(w, "Invalid fields.", 422); return } claims, err := getClaims(r) estimate.User = claims.Id err = estimate.insertEstimate(db) if err != nil { http.Error(w, err.Error(), 422); return } estimate.makeResults() err = estimate.insertResults(db) if err != nil { http.Error(w, err.Error(), 500); return } e, err := getEstimates(db, estimate.Id, 0) if err != nil { http.Error(w, err.Error(), 500); return } json.NewEncoder(w).Encode(e[0]) } // Query all estimates that belong to the current user func fetchEstimate(w http.ResponseWriter, db *sql.DB, r *http.Request) { var estimates []Estimate claims, err := getClaims(r) estimates, err = getEstimates(db, 0, claims.Id) if err != nil { http.Error(w, err.Error(), 500); return } json.NewEncoder(w).Encode(estimates) } func checkConventional(l Loan, b Borrower) error { if b.Credit < 620 { return errors.New("Credit score too low for conventional loan") } // Buyer needs to put down 20% to avoid mortgage insurance if (l.Ltv > 80 && l.Mi.Rate == 0) { return errors.New(fmt.Sprintln( l.Name, "down payment must be 20% to avoid insurance", )) } return nil } func checkFHA(l Loan, b Borrower) error { if b.Credit < 500 { return errors.New("Credit score too low for FHA loan") } if (l.Ltv > 96.5) { return errors.New("FHA down payment must be at least 3.5%") } if (b.Credit < 580 && l.Ltv > 90) { return errors.New("FHA down payment must be at least 10%") } // Debt-to-income must be below 45% if credit score is below 580. if (b.Credit < 580 && l.Dti > 45) { return errors.New(fmt.Sprintln( l.Name, "debt to income is too high for credit score.", )) } return nil } // Loan option for veterans with no set rules. Mainly placeholder. func checkVA(l Loan, b Borrower) error { return nil } // Loan option for residents of rural areas with no set rules. // Mainly placeholder. func checkUSDA(l Loan, b Borrower) error { return nil } // Should also check loan amount limit maybe with an API. func checkEstimate(e Estimate) error { if e.Property == "" { return errors.New("Empty property type") } if e.Price == 0 { return errors.New("Empty property price") } if e.Borrower.Num == 0 { return errors.New("Missing number of borrowers") } if e.Borrower.Credit == 0 { return errors.New("Missing borrower credit score") } if e.Borrower.Income == 0 { return errors.New("Missing borrower credit income") } for _, l := range e.Loans { if l.Amount == 0 { return errors.New(fmt.Sprintln(l.Name, "loan amount cannot be zero")) } if l.Term == 0 { return errors.New(fmt.Sprintln(l.Name, "loan term cannot be zero")) } if l.Interest == 0 { return errors.New(fmt.Sprintln(l.Name, "loan interest cannot be zero")) } // Can be used to check rules for specific loan types var err error switch l.Type.Id { case 1: err = checkConventional(l, e.Borrower) case 2: err = checkFHA(l, e.Borrower) case 3: err = checkVA(l, e.Borrower) case 4: err = checkUSDA(l, e.Borrower) default: err = errors.New("Invalid loan type") } if err != nil { return err } } return nil } func validateEstimate(w http.ResponseWriter, db *sql.DB, r *http.Request) { var estimate Estimate err := json.NewDecoder(r.Body).Decode(&estimate) if err != nil { http.Error(w, err.Error(), 422); return } err = checkEstimate(estimate) if err != nil { http.Error(w, err.Error(), 406); return } } func checkPdf(w http.ResponseWriter, r *http.Request) { db, err := sql.Open("mysql", fmt.Sprintf("%s:%s@tcp(127.0.0.1:3306)/skouter_dev", os.Getenv("DBUser"), os.Getenv("DBPass"))) // w.Header().Set("Content-Type", "application/json; charset=UTF-8") err = db.Ping() if err != nil { fmt.Println("Bad database configuration: %v\n", err) panic(err) // maybe os.Exit(1) instead } estimates, err := getEstimates(db, 1, 0) if err != nil { w.WriteHeader(500); return } // claims, err := getClaims(r) if err != nil { w.WriteHeader(500); return } user, err := queryUser(db, 1) info := Report{ Title: "test PDF", Name: "idk-random-name", User: user, Estimate: estimates[0], } avatar, err := fetchAvatar(db, info.User.Id) letterhead, err := fetchLetterhead(db, info.User.Id) info.Avatar = base64.StdEncoding.EncodeToString(avatar) info.Letterhead = base64.StdEncoding.EncodeToString(letterhead) for l := range info.Estimate.Loans { loan := info.Estimate.Loans[l] for f := range info.Estimate.Loans[l].Fees { if info.Estimate.Loans[l].Fees[f].Amount < 0 { loan.Credits = append(loan.Credits, loan.Fees[f]) } } } err = pages["report"].tpl.ExecuteTemplate(w, "master.tpl", info) if err != nil {fmt.Println(err)} } func getETemplates(w http.ResponseWriter, db *sql.DB, r *http.Request) { claims, err := getClaims(r) et, err := queryETemplates(db, 0, claims.Id) if err != nil { http.Error(w, err.Error(), 500); return } json.NewEncoder(w).Encode(et) } func createETemplate(w http.ResponseWriter, db *sql.DB, r *http.Request) { var estimate Estimate err := json.NewDecoder(r.Body).Decode(&estimate) if err != nil { http.Error(w, err.Error(), 422); return } claims, err := getClaims(r) if err != nil { http.Error(w, err.Error(), 422); return } err = estimate.insertETemplate(db, claims.Id, 0) if err != nil { http.Error(w, err.Error(), 500); return } } func getPdf(w http.ResponseWriter, db *sql.DB, r *http.Request) { var estimate Estimate err := json.NewDecoder(r.Body).Decode(&estimate) cmd := exec.Command("wkhtmltopdf", "-", "-") stdout, err := cmd.StdoutPipe() if err != nil { w.WriteHeader(500); log.Println(err) return } stdin, err := cmd.StdinPipe() if err != nil { w.WriteHeader(500); log.Println(err) return } if err := cmd.Start(); err != nil { log.Fatal(err) } claims, err := getClaims(r) if err != nil { w.WriteHeader(500); log.Println(err) return } user, err := queryUser(db, claims.Id) info := Report{ Title: "test PDF", Name: "idk-random-name", User: user, Estimate: estimate, } avatar, err := fetchAvatar(db, info.User.Id) letterhead, err := fetchLetterhead(db, info.User.Id) if len(avatar) > 1 { info.Avatar = base64.StdEncoding.EncodeToString(avatar) } if len(letterhead) > 1 { info.Letterhead = base64.StdEncoding.EncodeToString(letterhead) } err = pages["report"].tpl.ExecuteTemplate(stdin, "master.tpl", info) if err != nil { w.WriteHeader(500); log.Println(err) return } stdin.Close() buf, err := io.ReadAll(stdout) if _, err := w.Write(buf); err != nil { w.WriteHeader(500); log.Println(err) return } if err := cmd.Wait(); err != nil { log.Println(err) return } } func clipLetterhead(w http.ResponseWriter, db *sql.DB, r *http.Request) { var validTypes []string = []string{"image/png", "image/jpeg"} var isValidType bool var err error // claims, err := getClaims(r) if err != nil { http.Error(w, "Invalid token.", 422); return } img, t, err := image.Decode(r.Body) if err != nil { http.Error(w, "Invalid file, JPEG and PNG only.", 422) return } for _, v := range validTypes { if v == "image/"+t { isValidType = true } } if !isValidType { http.Error(w, "Invalid file type.", 422); return } g := gift.New( gift.ResizeToFit(400, 200, gift.LanczosResampling), ) dst := image.NewRGBA(g.Bounds(img.Bounds())) g.Draw(dst, img) w.Header().Set("Content-Type", "image/png") err = png.Encode(w, dst) if err != nil { http.Error(w, "Error encoding.", 500); return } } func api(w http.ResponseWriter, r *http.Request) { var args []string p := r.URL.Path db, err := sql.Open("mysql", fmt.Sprintf("%s:%s@tcp(127.0.0.1:3306)/%s", os.Getenv("DBUser"), os.Getenv("DBPass"), os.Getenv("DBName"), )) w.Header().Set("Content-Type", "application/json; charset=UTF-8") err = db.Ping() if err != nil { fmt.Println("Bad database configuration: %v\n", err) panic(err) // maybe os.Exit(1) instead } switch { case match(p, "/api/login", &args) && r.Method == http.MethodPost: login(w, db, r) case match(p, "/api/token", &args) && r.Method == http.MethodGet && guard(r, 1): getToken(w, db, r) case match(p, "/api/letterhead", &args) && r.Method == http.MethodPost && guard(r, 1): clipLetterhead(w, db, r) case match(p, "/api/users", &args) && // Array of all users r.Method == http.MethodGet && guard(r, 3): getUsers(w, db, r) case match(p, "/api/user", &args) && r.Method == http.MethodGet && guard(r, 1): getUser(w, db, r) case match(p, "/api/user", &args) && r.Method == http.MethodPost && guard(r, 3): createUser(w, db, r) case match(p, "/api/user", &args) && r.Method == http.MethodPatch && guard(r, 3): // For admin to modify any user patchUser(w, db, r) case match(p, "/api/user", &args) && r.Method == http.MethodPatch && guard(r, 1): // For employees to modify own accounts patchSelf(w, db, r) case match(p, "/api/user", &args) && r.Method == http.MethodDelete && guard(r, 3): deleteUser(w, db, r) case match(p, "/api/user/avatar", &args) && r.Method == http.MethodGet && guard(r, 1): getAvatar(w, db, r) case match(p, "/api/user/avatar", &args) && r.Method == http.MethodPost && guard(r, 1): setAvatar(w, db, r) case match(p, "/api/user/letterhead", &args) && r.Method == http.MethodGet && guard(r, 1): getLetterhead(w, db, r) case match(p, "/api/user/letterhead", &args) && r.Method == http.MethodPost && guard(r, 1): setLetterhead(w, db, r) case match(p, "/api/user/password", &args) && r.Method == http.MethodPost && guard(r, 1): changePassword(w, db, r) case match(p, "/api/fees", &args) && r.Method == http.MethodGet && guard(r, 1): getFeesTemp(w, db, r) case match(p, "/api/fee", &args) && r.Method == http.MethodPost && guard(r, 1): createFeesTemp(w, db, r) case match(p, "/api/fee", &args) && r.Method == http.MethodDelete && guard(r, 1): deleteFeeTemp(w, db, r) case match(p, "/api/estimates", &args) && r.Method == http.MethodGet && guard(r, 1): fetchEstimate(w, db, r) case match(p, "/api/estimate", &args) && r.Method == http.MethodPost && guard(r, 1): createEstimate(w, db, r) case match(p, "/api/estimate", &args) && r.Method == http.MethodDelete && guard(r, 1): deleteEstimate(w, db, r) case match(p, "/api/estimate/validate", &args) && r.Method == http.MethodPost && guard(r, 1): validateEstimate(w, db, r) case match(p, "/api/estimate/summarize", &args) && r.Method == http.MethodPost && guard(r, 1): summarize(w, db, r) case match(p, "/api/templates", &args) && r.Method == http.MethodGet && guard(r, 1): getETemplates(w, db, r) case match(p, "/api/templates", &args) && r.Method == http.MethodPost && guard(r, 1): createETemplate(w, db, r) case match(p, "/api/templates", &args) && r.Method == http.MethodDelete && guard(r, 1): deleteET(w, db, r) case match(p, "/api/pdf", &args) && r.Method == http.MethodPost && guard(r, 1): getPdf(w, db, r) default: http.Error(w, "Invalid route or token", 404) } db.Close() } func route(w http.ResponseWriter, r *http.Request) { var page Page var args []string p := r.URL.Path switch { case r.Method == "GET" && match(p, "/", &args): page = pages[ "home" ] case match(p, "/terms", &args): page = pages[ "terms" ] case match(p, "/app", &args): page = pages[ "app" ] default: http.NotFound(w, r) return } page.Render(w) } func serve() { files := http.FileServer(http.Dir("")) http.Handle("/assets/", files) http.HandleFunc("/api/", api) http.HandleFunc("/", route) log.Fatal(http.ListenAndServe(address, nil)) } func dbReset(db *sql.DB) { b, err := os.ReadFile("migrations/reset.sql") if err != nil { log.Fatal(err) } _, err = db.Exec(string(b)) if err != nil { log.Fatal(err) } b, err = os.ReadFile("migrations/0_29092022_setup_tables.sql") if err != nil { log.Fatal(err) } _, err = db.Exec(string(b)) if err != nil { log.Fatal(err) } } func generateFees(loan Loan) []Fee { var fees []Fee var fee Fee p := gofakeit.Float32Range(0.5, 10) size := gofakeit.Number(1, 10) for f := 0; f < size; f++ { fee = Fee{ Amount: int(float32(loan.Amount)*p/100), Perc: p, Name: gofakeit.BuzzWord(), Type: feeTypes[gofakeit.Number(0, len(feeTypes) - 1)], } fees = append(fees, fee) } return fees } func generateCredits(loan Loan) []Fee { var fees []Fee var fee Fee p := gofakeit.Float32Range(-10, -0.5) size := gofakeit.Number(1, 10) for f := 0; f < size; f++ { fee = Fee{ Amount: int(float32(loan.Amount)*p/100), Perc: p, Name: gofakeit.BuzzWord(), Type: feeTypes[gofakeit.Number(0, len(feeTypes) - 1)], } fees = append(fees, fee) } return fees } func seedAddresses(db *sql.DB) []Address { addresses := make([]Address, 10) for i, a := range addresses { a.Street = gofakeit.Street() a.City = gofakeit.City() a.Region = gofakeit.State() a.Country = "Canada" a.Full = fmt.Sprintf("%s, %s %s", a.Street, a.City, a.Region) id, err := insertAddress(db, a) if err != nil {log.Println(err); break} addresses[i].Id = id } return addresses } func seedBranches(db *sql.DB, addresses []Address) []Branch { branches := make([]Branch, 4) for i := range branches { branches[i].Name = gofakeit.Company() branches[i].Type = "NMLS" branches[i].Letterhead = gofakeit.ImagePng(400, 200) branches[i].Num = gofakeit.HexUint8() branches[i].Phone = gofakeit.Phone() branches[i].Address.Id = gofakeit.Number(1, 5) id, err := insertBranch(db, branches[i]) if err != nil {log.Println(err); break} branches[i].Id = id } return branches } func seedUsers(db *sql.DB, addresses []Address, branches []Branch) []User { users := make([]User, 10) for i := range users { p := gofakeit.Person() users[i].FirstName = p.FirstName users[i].LastName = p.LastName users[i].Email = p.Contact.Email users[i].Phone = p.Contact.Phone users[i].Branch = branches[gofakeit.Number(0, 3)] users[i].Address = addresses[gofakeit.Number(1, 9)] // users[i].Letterhead = gofakeit.ImagePng(400, 200) // users[i].Avatar = gofakeit.ImagePng(200, 200) users[i].Country = []string{"Canada", "USA"}[gofakeit.Number(0, 1)] users[i].Password = "test123" users[i].Verified = true users[i].Title = "Loan Officer" users[i].Status = "Subscribed" users[i].Role = "User" } users[0].Email = "test@example.com" users[0].Email = "test@example.com" users[1].Email = "test2@example.com" users[1].Status = "Branch" users[1].Role = "Manager" users[2].Email = "test3@example.com" users[2].Status = "Free" users[2].Role = "Admin" for i := range users { u, err := insertUser(db, users[i]) if err != nil {log.Println(err); break} users[i].Id = u.Id } return users } func seedLicenses(db *sql.DB, users []User) []License { licenses := make([]License, len(users)) for i := range licenses { licenses[i].UserId = users[i].Id licenses[i].Type = []string{"NMLS", "FSRA"}[gofakeit.Number(0, 1)] licenses[i].Num = gofakeit.UUID() id, err := insertLicense(db, licenses[i]) if err != nil {log.Println(err); break} licenses[i].Id = id } return licenses } func seedLoanTypes(db *sql.DB) []LoanType { var loantypes []LoanType var loantype LoanType var err error loantype = LoanType{Branch: 0, User: 0, Name: "Conventional"} loantype.Id, err = insertLoanType(db, loantype) if err != nil { panic(err) } loantypes = append(loantypes, loantype) loantype = LoanType{Branch: 0, User: 0, Name: "FHA"} loantype.Id, err = insertLoanType(db, loantype) if err != nil { panic(err) } loantypes = append(loantypes, loantype) loantype = LoanType{Branch: 0, User: 0, Name: "USDA"} loantype.Id, err = insertLoanType(db, loantype) if err != nil { panic(err) } loantypes = append(loantypes, loantype) loantype = LoanType{Branch: 0, User: 0, Name: "VA"} loantype.Id, err = insertLoanType(db, loantype) if err != nil { panic(err) } loantypes = append(loantypes, loantype) return loantypes } func seedEstimates(db *sql.DB, users []User, ltypes []LoanType) []Estimate { var estimates []Estimate var estimate Estimate var l Loan var err error for i := 0; i < 15; i++ { estimate = Estimate{} estimate.User = users[gofakeit.Number(0, len(users) - 1)].Id estimate.Borrower = Borrower{ Credit: gofakeit.Number(600, 800), Income: gofakeit.Number(1000000, 15000000), Num: gofakeit.Number(1, 20), } estimate.Transaction = []string{"Purchase", "Refinance"}[gofakeit.Number(0, 1)] estimate.Price = gofakeit.Number(50000, 200000000) estimate.Property = propertyTypes[gofakeit.Number(0, len(propertyTypes) - 1)] estimate.Occupancy = []string{"Primary", "Secondary", "Investment"}[gofakeit.Number(0, 2)] estimate.Zip = gofakeit.Zip() lsize := gofakeit.Number(1, 6) for j := 0; j < lsize; j++ { l.Type = ltypes[gofakeit.Number(0, len(ltypes) - 1)] l.Amount = gofakeit.Number( int(float32(estimate.Price)*0.5), int(float32(estimate.Price)*0.93)) l.Term = gofakeit.Number(4, 30) l.Hoi = gofakeit.Number(50000, 700000) l.Hazard = gofakeit.Number(5000, 200000) l.Tax = gofakeit.Number(5000, 200000) l.Interest = gofakeit.Float32Range(0.5, 8) l.Fees = generateFees(l) l.Credits = generateCredits(l) l.Name = gofakeit.AdjectiveDescriptive() estimate.Loans = append(estimate.Loans, l) } estimates = append(estimates, estimate) } estimates[0].User = users[0].Id estimates[1].User = users[0].Id for i := range estimates { err = estimates[i].insertEstimate(db) if err != nil {log.Println(err); return estimates} } return estimates } func seedResults(db *sql.DB, estimates []Estimate) error { var err error for i := range estimates { estimates[i].makeResults() err = estimates[i].insertResults(db) if err != nil {log.Println(err); return err} } return nil } func dbSeed(db *sql.DB) { addresses := seedAddresses(db) branches := seedBranches(db, addresses) users := seedUsers(db, addresses, branches) _ = seedLicenses(db, users) loantypes := seedLoanTypes(db) estimates := seedEstimates(db, users, loantypes) _ = seedResults(db, estimates) } func dev(args []string) { os.Setenv("DBName", "skouter_dev") os.Setenv("DBUser", "tester") os.Setenv("DBPass", "test123") db, err := sql.Open("mysql", fmt.Sprintf("%s:%s@tcp(127.0.0.1:3306)/%s?multiStatements=true", os.Getenv("DBUser"), os.Getenv("DBPass"), os.Getenv("DBName"), )) err = db.Ping() if err != nil { log.Println("Bad database configuration: %v", err) panic(err) // maybe os.Exit(1) instead } if len(args) == 0 { serve() return } switch args[0] { case "seed": dbSeed(db) case "reset": dbReset(db) default: return } db.Close() } func check(args []string) { os.Setenv("DBName", "skouter_dev") os.Setenv("DBUser", "tester") os.Setenv("DBPass", "test123") files := http.FileServer(http.Dir("")) http.Handle("/assets/", files) http.HandleFunc("/", checkPdf) log.Fatal(http.ListenAndServe(address, nil)) } func main() { if len(os.Args) <= 1 { serve() return } switch os.Args[1] { case "dev": dev(os.Args[2:]) case "checkpdf": check(os.Args[2:]) default: return } }