Immanuel
/
skouter
1
0
複製 0
程式碼 問題 0 合併請求 0 版本發佈 0 Wiki 活動
Skouter mortgage estimates. Web application with view written in PHP and Vue, but controller and models in Go.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
151 提交
1 分支
11 MiB
 
 
 
 
 
 
目錄樹: 10b88f12bc
分支列表 標籤
${ item.name }
建立分支 ${ searchTerm }
從 '10b88f12bc'
${ noResults }
skouter/skouter.go

3676 line
73 KiB
原始文件 Blame 歷史記錄 

  1. package main

  2. 

  3. import (

  4. 	"bytes"

  5. 	"database/sql"

  6. 	"encoding/base64"

  7. 	"encoding/json"

  8. 	"errors"

  9. 	"fmt"

  10. 	_ "github.com/go-sql-driver/mysql"

  11. 	"html/template"

  12. 	"io"

  13. 	"log"

  14. 	"math"

  15. 	"net/http"

  16. 	"net/http/httputil"

  17. 	"net/mail"

  18. 	"net/url"

  19. 	"os"

  20. 	"os/exec"

  21. 	"regexp"

  22. 	"strconv"

  23. 	"strings"

  24. 	"sync"

  25. 	"time"

  26. 	// pdf "github.com/SebastiaanKlippert/go-wkhtmltopdf"

  27. 	"github.com/brianvoe/gofakeit/v6"

  28. 	"github.com/disintegration/gift"

  29. 	"github.com/dustin/go-humanize"

  30. 	"github.com/golang-jwt/jwt/v4"

  31. 	"github.com/stripe/stripe-go/v76"

  32. 	"github.com/stripe/stripe-go/v76/customer"

  33. 	"github.com/stripe/stripe-go/v76/subscription"

  34. 	"github.com/stripe/stripe-go/v76/invoice"

  35. 	"github.com/stripe/stripe-go/v76/paymentintent"

  36. 	"github.com/stripe/stripe-go/v76/webhook"

  37. 	"image"

  38. 	_ "image/jpeg"

  39. 	"image/png"

  40. )

  41. 

  42. type Config struct {

  43. 	DBName     string

  44. 	DBUsername string

  45. 	DBPassword string

  46. }

  47. 

  48. type Address struct {

  49. 	Id      int    `json:"id"`

  50. 	Full    string `json:"full"`

  51. 	Street  string `json:"street"`

  52. 	City    string `json:"city"`

  53. 	Region  string `json:"region"`

  54. 	Country string `json:"country"`

  55. 	Zip     string `json:"zip"`

  56. }

  57. 

  58. type Branch struct {

  59. 	Id         int     `json:"id"`

  60. 	Name       string  `json:"name"`

  61. 	Type       string  `json:"type"`

  62. 	Letterhead []byte  `json:"letterhead"`

  63. 	Num        string  `json:"num"`

  64. 	Phone      string  `json:"phone"`

  65. 	Address    Address `json:"address"`

  66. }

  67. 

  68. type Subscription struct {

  69. 	Id	int     `json:"id"`

  70. 	UserId	int     `json:"userId"`

  71. 	StripeId	string  `json:"stripeId"`

  72. 	CustomerId	string  `json:"customerId"`

  73. 	PriceId	string  `json:"priceId"`

  74. 	Start	int     `json:"start"`

  75. 	End	int     `json:"end"`

  76. 	ClientSecret	string  `json:"clientSecret,omitempty"`

  77. 	PaymentStatus	string  `json:"paymentStatus"`

  78. }

  79. 

  80. type User struct {

  81. 	Id        int     `json:"id"`

  82. 	Email     string  `json:"email"`

  83. 	FirstName string  `json:"firstName"`

  84. 	LastName  string  `json:"lastName"`

  85. 	Phone     string  `json:"phone"`

  86. 	Address   Address `json:"address"`

  87. 	Branch    Branch  `json:"branch"`

  88. 	License   License `json:"license"`

  89. 	Sub   Subscription `json:"sub"`

  90. 	Status    string  `json:"status"`

  91. 	Country   string  `json:"country"`

  92. 	Title     string  `json:"title"`

  93. 	Verified  bool    `json:"verified"`

  94. 	Role      string  `json:"role"`

  95. 	Password  string  `json:"password,omitempty"`

  96. 	CustomerId  string  `json:"customerId"`

  97. }

  98. 

  99. type License struct {

  100. 	Id     int    `json:"id"`

  101. 	UserId int    `json:"userId"`

  102. 	Type   string `json:"type"`

  103. 	Num    string `json:"num"`

  104. }

  105. 

  106. type UserClaims struct {

  107. 	Id   int    `json:"id"`

  108. 	Role string `json:"role"`

  109. 	Exp  string `json:"exp"`

  110. }

  111. 

  112. type Page struct {

  113. 	tpl   *template.Template

  114. 	Title string

  115. 	Name  string

  116. }

  117. 

  118. type Borrower struct {

  119. 	Id     int `json:"id"`

  120. 	Credit int `json:"credit"`

  121. 	Income int `json:"income"`

  122. 	Num    int `json:"num"`

  123. }

  124. 

  125. type FeeTemplate struct {

  126. 	Id       int     `json:"id"`

  127. 	User     int     `json:"user"`

  128. 	Branch   int     `json:"branch"`

  129. 	Amount   int     `json:"amount"`

  130. 	Perc     float32 `json:"perc"`

  131. 	Type     string  `json:"type"`

  132. 	Notes    string  `json:"notes"`

  133. 	Name     string  `json:"name"`

  134. 	Category string  `json:"category"`

  135. 	Auto     bool    `json:"auto"`

  136. }

  137. 

  138. type Fee struct {

  139. 	Id       int     `json:"id"`

  140. 	LoanId   int     `json:"loan_id"`

  141. 	Amount   int     `json:"amount"`

  142. 	Perc     float32 `json:"perc"`

  143. 	Type     string  `json:"type"`

  144. 	Notes    string  `json:"notes"`

  145. 	Name     string  `json:"name"`

  146. 	Category string  `json:"category"`

  147. }

  148. 

  149. type LoanType struct {

  150. 	Id     int    `json:"id"`

  151. 	User   int    `json:"user"`

  152. 	Branch int    `json:"branch"`

  153. 	Name   string `json:"name"`

  154. }

  155. 

  156. type Loan struct {

  157. 	Id           int      `json:"id"`

  158. 	EstimateId   int      `json:"estimateId"`

  159. 	Type         LoanType `json:"type"`

  160. 	Amount       int      `json:"amount"`

  161. 	Amortization string   `json:"amortization"`

  162. 	Term         int      `json:"term"`

  163. 	Ltv          float32  `json:"ltv"`

  164. 	Dti          float32  `json:"dti"`

  165. 	Hoi          int      `json:"hoi"`

  166. 	Hazard       int      `json:"hazard"`

  167. 	Tax          int      `json:"tax"`

  168. 	Interest     float32  `json:"interest"`

  169. 	Mi           MI       `json:"mi"`

  170. 	Fees         []Fee    `json:"fees"`

  171. 	Credits      []Fee    // Fees with negative amounts for internal use

  172. 	Name         string   `json:"title"`

  173. 	Result       Result   `json:"result"`

  174. }

  175. 

  176. type MI struct {

  177. 	Type                string  `json:"user"`

  178. 	Label               string  `json:"label"`

  179. 	Lender              string  `json:"lender"`

  180. 	Rate                float32 `json:"rate"`

  181. 	Premium             int     `json:"premium"`

  182. 	Upfront             int     `json:"upfront"`

  183. 	Monthly             bool    `json:"monthly"`

  184. 	FiveYearTotal       float32 `json:"fiveYearTotal"`

  185. 	InitialAllInPremium float32 `json:"initialAllInPremium"`

  186. 	InitialAllInRate    float32 `json:"initialAllInRate"`

  187. 	InitialAmount       float32 `json:"initialAmount"`

  188. }

  189. 

  190. type Result struct {

  191. 	Id           int `json:"id"`

  192. 	LoanId       int `json:"loanId"`

  193. 	LoanPayment  int `json:"loanPayment"`

  194. 	TotalMonthly int `json:"totalMonthly"`

  195. 	TotalFees    int `json:"totalFees"`

  196. 	TotalCredits int `json:"totalCredits"`

  197. 	CashToClose  int `json:"cashToClose"`

  198. }

  199. 

  200. type Estimate struct {

  201. 	Id          int      `json:"id"`

  202. 	User        int      `json:"user"`

  203. 	Borrower    Borrower `json:"borrower"`

  204. 	Transaction string   `json:"transaction"`

  205. 	Price       int      `json:"price"`

  206. 	Property    string   `json:"property"`

  207. 	Occupancy   string   `json:"occupancy"`

  208. 	Zip         string   `json:"zip"`

  209. 	Pud         bool     `json:"pud"`

  210. 	Loans       []Loan   `json:"loans"`

  211. }

  212. 

  213. type ETemplate struct {

  214. 	Id       int      `json:"id"`

  215. 	Estimate Estimate `json:"estimate"`

  216. 	UserId   int      `json:"userId"`

  217. 	BranchId int      `json:"branchId"`

  218. }

  219. 

  220. type Report struct {

  221. 	Title      string

  222. 	Name       string

  223. 	Avatar     string

  224. 	Letterhead string

  225. 	User       User

  226. 	Estimate   Estimate

  227. }

  228. 

  229. type Password struct {

  230. 	Old string `json:"old"`

  231. 	New string `json:"new"`

  232. }

  233. 

  234. type Endpoint func(http.ResponseWriter, *sql.DB, *http.Request)

  235. 

  236. type HookKeys struct {

  237. 	InvoicePaid	string

  238. 	InvoiceFailed	string

  239. }

  240. 

  241. var (

  242. 	regexen     = make(map[string]*regexp.Regexp)

  243. 	relock      sync.Mutex

  244. 	address     = "localhost:8001"

  245. 	mainAddress = "localhost:8002"

  246. )

  247. 

  248. var paths = map[string]string{

  249. 	"home":       "views/home.tpl",

  250. 	"terms":      "views/terms.tpl",

  251. 	"app":        "views/app.tpl",

  252. 	"comparison": "views/report/comparison.tpl",

  253. }

  254. 

  255. var pages = map[string]Page{

  256. 	"home":   cache("home", "Home"),

  257. 	"terms":  cache("terms", "Terms and Conditions"),

  258. 	"report": cachePdf("comparison"),

  259. 	"app":    cache("app", "App"),

  260. }

  261. 

  262. var roles = map[string]int{

  263. 	"User":    1,

  264. 	"Manager": 2,

  265. 	"Admin":   3,

  266. }

  267. 

  268. var propertyTypes = []string{

  269. 	"Single Detached",

  270. 	"Single Attached",

  271. 	"Condo Lo-rise",

  272. 	"Condo Hi-rise",

  273. }

  274. 

  275. var feeTypes = []string{

  276. 	"Government",

  277. 	"Title",

  278. 	"Required",

  279. 	"Lender",

  280. 	"Other",

  281. }

  282. 

  283. var hookKeys = HookKeys{

  284. 	InvoicePaid: "",

  285. 	InvoiceFailed: "",

  286. }

  287. 

  288. var standardPriceId = "price_1OZLK9BPMoXn2pf9kuTAf8rs"

  289. 

  290. // Used to validate claim in JWT token body. Checks if user id is greater than

  291. // zero and time format is valid

  292. func (c UserClaims) Valid() error {

  293. 	if c.Id < 1 {

  294. 		return errors.New("Invalid id")

  295. 	}

  296. 	t, err := time.Parse(time.UnixDate, c.Exp)

  297. 	if err != nil {

  298. 		return err

  299. 	}

  300. 	if t.Before(time.Now()) {

  301. 		return errors.New("Token expired.")

  302. 	}

  303. 	return err

  304. }

  305. 

  306. func cache(name string, title string) Page {

  307. 	var p = []string{"views/master.tpl", paths[name]}

  308. 	tpl := template.Must(template.ParseFiles(p...))

  309. 	return Page{tpl: tpl, Title: title, Name: name}

  310. }

  311. 

  312. func cachePdf(name string) Page {

  313. 	// Money is stored in cents, so it must be converted to dollars in reports

  314. 	dollars := func(cents int) string {

  315. 		return humanize.Commaf(float64(cents) / 100)

  316. 	}

  317. 

  318. 	// For calculating down payments

  319. 	diff := func(a, b int) string {

  320. 		return humanize.Commaf(float64(b-a) / 100)

  321. 	}

  322. 

  323. 	sortFees := func(ftype string, fees []Fee) []Fee {

  324. 		result := make([]Fee, 0)

  325. 		for i := range fees {

  326. 			if fees[i].Type != ftype {

  327. 				continue

  328. 			}

  329. 			result = append(result, fees[i])

  330. 		}

  331. 		return result

  332. 	}

  333. 

  334. 	fm := template.FuncMap{

  335. 		"dollars":  dollars,

  336. 		"diff":     diff,

  337. 		"sortFees": sortFees}

  338. 

  339. 	var p = []string{"views/report/master.tpl",

  340. 		"views/report/header.tpl",

  341. 		"views/report/summary.tpl",

  342. 		"views/report/comparison.tpl"}

  343. 

  344. 	tpl := template.Must(template.New("master.tpl").Funcs(fm).ParseFiles(p...))

  345. 	return Page{tpl: tpl, Title: "", Name: name}

  346. }

  347. 

  348. func (page Page) Render(w http.ResponseWriter) {

  349. 	err := page.tpl.Execute(w, page)

  350. 	if err != nil {

  351. 		log.Print(err)

  352. 	}

  353. }

  354. 

  355. func match(path, pattern string, args *[]string) bool {

  356. 	relock.Lock()

  357. 	defer relock.Unlock()

  358. 	regex := regexen[pattern]

  359. 

  360. 	if regex == nil {

  361. 		regex = regexp.MustCompile("^" + pattern + "$")

  362. 		regexen[pattern] = regex

  363. 	}

  364. 

  365. 	matches := regex.FindStringSubmatch(path)

  366. 	if len(matches) <= 0 {

  367. 		return false

  368. 	}

  369. 

  370. 	*args = matches[1:]

  371. 	return true

  372. }

  373. 

  374. func (estimate *Estimate) makeResults() []Result {

  375. 	var results []Result

  376. 	amortize := func(principle float64, rate float64, periods float64) int {

  377. 		exp := math.Pow(1+rate, periods)

  378. 		return int(principle * rate * exp / (exp - 1))

  379. 	}

  380. 

  381. 	for i := range estimate.Loans {

  382. 		var loan = &estimate.Loans[i]

  383. 		var result Result = Result{}

  384. 		// Monthly payments use amortized loan payment formula plus monthly MI,

  385. 		// plus all other recurring fees

  386. 		result.LoanPayment = amortize(float64(loan.Amount),

  387. 			float64(loan.Interest/100/12),

  388. 			float64(loan.Term*12))

  389. 		result.TotalMonthly = result.LoanPayment + loan.Hoi + loan.Tax + loan.Hazard

  390. 		if loan.Mi.Monthly {

  391. 			result.TotalMonthly = result.TotalMonthly +

  392. 				int(loan.Mi.Rate/100/12*float32(loan.Amount))

  393. 		} else {

  394. 			loan.Mi.Upfront = int(loan.Mi.Rate / 100 * float32(loan.Amount))

  395. 		}

  396. 

  397. 		for i := range loan.Fees {

  398. 			if loan.Fees[i].Amount > 0 {

  399. 				result.TotalFees = result.TotalFees + loan.Fees[i].Amount

  400. 			} else {

  401. 				result.TotalCredits = result.TotalCredits + loan.Fees[i].Amount

  402. 			}

  403. 		}

  404. 

  405. 		result.CashToClose =

  406. 			result.TotalFees + result.TotalCredits + (estimate.Price - loan.Amount)

  407. 		result.LoanId = loan.Id

  408. 

  409. 		loan.Result = result

  410. 		results = append(results, result)

  411. 	}

  412. 

  413. 	return results

  414. }

  415. 

  416. func summarize(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  417. 	var estimate Estimate

  418. 	err := json.NewDecoder(r.Body).Decode(&estimate)

  419. 	if err != nil {

  420. 		http.Error(w, "Invalid estimate.", 422)

  421. 		return

  422. 	}

  423. 	estimate.makeResults()

  424. 

  425. 	json.NewEncoder(w).Encode(estimate)

  426. }

  427. 

  428. func getLoanType(db *sql.DB, id int) (LoanType, error) {

  429. 	types, err := getLoanTypes(db, id, 0, 0)

  430. 	if err != nil {

  431. 		return LoanType{Id: id}, err

  432. 	}

  433. 	if len(types) == 0 {

  434. 		return LoanType{Id: id}, errors.New("No type with that id")

  435. 	}

  436. 

  437. 	return types[0], nil

  438. }

  439. 

  440. func getLoanTypes(db *sql.DB, id int, user int, branch int) (

  441. 	[]LoanType, error) {

  442. 	var loans []LoanType

  443. 	var query = `SELECT

  444. 	id,

  445. 	coalesce(user_id, 0),

  446. 	coalesce(branch_id, 0),

  447. 	name

  448. 	FROM loan_type WHERE loan_type.id = CASE @e := ? WHEN 0 THEN id ELSE @e END

  449. 	OR

  450. 	loan_type.user_id = CASE @e := ? WHEN 0 THEN id ELSE @e END

  451. 	OR

  452. 	loan_type.branch_id = CASE @e := ? WHEN 0 THEN id ELSE @e END`

  453. 

  454. 	// Should be changed to specify user

  455. 	rows, err := db.Query(query, id, user, branch)

  456. 

  457. 	if err != nil {

  458. 		return nil, fmt.Errorf("loan_type error: %v", err)

  459. 	}

  460. 

  461. 	defer rows.Close()

  462. 

  463. 	for rows.Next() {

  464. 		var loan LoanType

  465. 

  466. 		if err := rows.Scan(

  467. 			&loan.Id,

  468. 			&loan.User,

  469. 			&loan.Branch,

  470. 			&loan.Name); err != nil {

  471. 			log.Printf("Error occured fetching loan: %v", err)

  472. 			return nil, fmt.Errorf("Error occured fetching loan: %v", err)

  473. 		}

  474. 

  475. 		loans = append(loans, loan)

  476. 	}

  477. 

  478. 	return loans, nil

  479. }

  480. 

  481. func getFees(db *sql.DB, loan int) ([]Fee, error) {

  482. 	var fees []Fee

  483. 

  484. 	query := `SELECT id, loan_id, amount, perc, type, notes, name, category

  485. 	FROM fee

  486. 	WHERE loan_id = ?`

  487. 

  488. 	rows, err := db.Query(query, loan)

  489. 

  490. 	if err != nil {

  491. 		return nil, fmt.Errorf("Fee query error %v", err)

  492. 	}

  493. 

  494. 	defer rows.Close()

  495. 

  496. 	for rows.Next() {

  497. 		var fee Fee

  498. 

  499. 		if err := rows.Scan(

  500. 			&fee.Id,

  501. 			&fee.LoanId,

  502. 			&fee.Amount,

  503. 			&fee.Perc,

  504. 			&fee.Type,

  505. 			&fee.Notes,

  506. 			&fee.Name,

  507. 			&fee.Category,

  508. 		); err != nil {

  509. 			return nil, fmt.Errorf("Fees scanning error: %v", err)

  510. 		}

  511. 

  512. 		fees = append(fees, fee)

  513. 	}

  514. 

  515. 	return fees, nil

  516. }

  517. 

  518. func fetchFeesTemp(db *sql.DB, user int, branch int) ([]FeeTemplate, error) {

  519. 	var fees []FeeTemplate

  520. 	query := `SELECT

  521. 	id, user_id, COALESCE(branch_id, 0), amount, perc, type, notes, name,

  522. 	category, auto

  523. 	FROM fee_template

  524. 	WHERE user_id = ? OR branch_id = ?

  525. 	`

  526. 

  527. 	rows, err := db.Query(query, user, branch)

  528. 

  529. 	if err != nil {

  530. 		return nil, fmt.Errorf("Fee template query error %v", err)

  531. 	}

  532. 

  533. 	defer rows.Close()

  534. 

  535. 	for rows.Next() {

  536. 		var fee FeeTemplate

  537. 

  538. 		if err := rows.Scan(

  539. 			&fee.Id,

  540. 			&fee.User,

  541. 			&fee.Branch,

  542. 			&fee.Amount,

  543. 			&fee.Perc,

  544. 			&fee.Type,

  545. 			&fee.Notes,

  546. 			&fee.Name,

  547. 			&fee.Category,

  548. 			&fee.Auto); err != nil {

  549. 			return nil, fmt.Errorf("FeesTemplate scanning error: %v", err)

  550. 		}

  551. 

  552. 		fees = append(fees, fee)

  553. 	}

  554. 

  555. 	return fees, nil

  556. }

  557. 

  558. // Fetch fees from the database

  559. func getFeesTemp(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  560. 	var fees []FeeTemplate

  561. 	claims, err := getClaims(r)

  562. 	if err != nil {

  563. 		w.WriteHeader(500)

  564. 		return

  565. 	}

  566. 	user, err := queryUser(db, claims.Id)

  567. 	if err != nil {

  568. 		w.WriteHeader(422)

  569. 		return

  570. 	}

  571. 

  572. 	fees, err = fetchFeesTemp(db, claims.Id, user.Branch.Id)

  573. 	json.NewEncoder(w).Encode(fees)

  574. }

  575. 

  576. // Fetch fees from the database

  577. func createFeesTemp(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  578. 	var fee FeeTemplate

  579. 	var query string

  580. 	var row *sql.Row

  581. 	var err error

  582. 

  583. 	claims, err := getClaims(r)

  584. 	// var id int // Inserted estimate's id

  585. 	err = json.NewDecoder(r.Body).Decode(&fee)

  586. 	if err != nil {

  587. 		w.WriteHeader(422)

  588. 		return

  589. 	}

  590. 

  591. 	query = `INSERT INTO fee_template

  592. 	(

  593. 		user_id,

  594. 		branch_id,

  595. 		amount,

  596. 		perc,

  597. 		type,

  598. 		notes,

  599. 		name,

  600. 		auto

  601. 	)

  602. 	VALUES (?, NULL, ?, ?, ?, ?, ?, ?)

  603. 	RETURNING id

  604. 	`

  605. 	row = db.QueryRow(query,

  606. 		claims.Id,

  607. 		fee.Amount,

  608. 		fee.Perc,

  609. 		fee.Type,

  610. 		fee.Notes,

  611. 		fee.Name,

  612. 		fee.Auto,

  613. 	)

  614. 

  615. 	err = row.Scan(&fee.Id)

  616. 	if err != nil {

  617. 		w.WriteHeader(500)

  618. 		return

  619. 	}

  620. 

  621. 	json.NewEncoder(w).Encode(fee)

  622. }

  623. 

  624. // Fetch fees from the database

  625. func deleteFeeTemp(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  626. 	var fee FeeTemplate

  627. 	var query string

  628. 	var err error

  629. 

  630. 	// claims, err := getClaims(r)

  631. 	// var id int // Inserted estimate's id

  632. 	err = json.NewDecoder(r.Body).Decode(&fee)

  633. 	if err != nil {

  634. 		w.WriteHeader(422)

  635. 		return

  636. 	}

  637. 

  638. 	query = `DELETE FROM fee_template WHERE id = ?`

  639. 	_, err = db.Exec(query, fee.Id)

  640. 	if err != nil {

  641. 		w.WriteHeader(500)

  642. 		return

  643. 	}

  644. }

  645. 

  646. func deleteEstimate(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  647. 	var estimate Estimate

  648. 	var err error

  649. 

  650. 	err = json.NewDecoder(r.Body).Decode(&estimate)

  651. 	if err != nil {

  652. 		w.WriteHeader(422)

  653. 		return

  654. 	}

  655. 

  656. 	claims, err := getClaims(r)

  657. 	err = estimate.del(db, claims.Id)

  658. 	if err != nil {

  659. 		http.Error(w, err.Error(), 500)

  660. 		return

  661. 	}

  662. }

  663. 

  664. func deleteET(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  665. 	var et ETemplate

  666. 	var err error

  667. 

  668. 	err = json.NewDecoder(r.Body).Decode(&et)

  669. 	if err != nil {

  670. 		w.WriteHeader(422)

  671. 		return

  672. 	}

  673. 

  674. 	claims, err := getClaims(r)

  675. 	err = et.del(db, claims.Id)

  676. 	if err != nil {

  677. 		http.Error(w, err.Error(), 500)

  678. 		return

  679. 	}

  680. }

  681. 

  682. func getMi(db *sql.DB, loan int) (MI, error) {

  683. 	var mi MI

  684. 

  685. 	query := `SELECT

  686. 	type, label, lender, rate, premium, upfront, five_year_total,

  687. 	initial_premium, initial_rate, initial_amount

  688. 	FROM mi WHERE loan_id = ?`

  689. 

  690. 	rows, err := db.Query(query, loan)

  691. 	if err != nil {

  692. 		return mi, err

  693. 	}

  694. 

  695. 	defer rows.Close()

  696. 

  697. 	if !rows.Next() {

  698. 		return mi, nil

  699. 	}

  700. 

  701. 	if err := rows.Scan(

  702. 		&mi.Type,

  703. 		&mi.Label,

  704. 		&mi.Lender,

  705. 		&mi.Rate,

  706. 		&mi.Premium,

  707. 		&mi.Upfront,

  708. 		&mi.FiveYearTotal,

  709. 		&mi.InitialAllInPremium,

  710. 		&mi.InitialAllInRate,

  711. 		&mi.InitialAmount,

  712. 	); err != nil {

  713. 		return mi, err

  714. 	}

  715. 

  716. 	return mi, nil

  717. }

  718. 

  719. func (estimate *Estimate) getBorrower(db *sql.DB) error {

  720. 	query := `SELECT id, credit_score, monthly_income, num FROM borrower

  721. 		WHERE estimate_id = ? LIMIT 1`

  722. 

  723. 	row := db.QueryRow(query, estimate.Id)

  724. 

  725. 	if err := row.Scan(

  726. 		&estimate.Borrower.Id,

  727. 		&estimate.Borrower.Credit,

  728. 		&estimate.Borrower.Income,

  729. 		&estimate.Borrower.Num,

  730. 	); err != nil {

  731. 		return fmt.Errorf("Borrower scanning error: %v", err)

  732. 	}

  733. 

  734. 	return nil

  735. }

  736. 

  737. // Query Lender APIs and parse responses into MI structs

  738. func fetchMi(db *sql.DB, estimate *Estimate, pos int) []MI {

  739. 	var loan Loan = estimate.Loans[pos]

  740. 

  741. 	var ltv = func(l float32) string {

  742. 		switch {

  743. 		case l > 95:

  744. 			return "LTV97"

  745. 		case l > 90:

  746. 			return "LTV95"

  747. 		case l > 85:

  748. 			return "LTV90"

  749. 		default:

  750. 			return "LTV85"

  751. 		}

  752. 	}

  753. 

  754. 	var term = func(t int) string {

  755. 		switch {

  756. 		case t <= 10:

  757. 			return "A10"

  758. 		case t <= 15:

  759. 			return "A15"

  760. 		case t <= 20:

  761. 			return "A20"

  762. 		case t <= 25:

  763. 			return "A25"

  764. 		case t <= 30:

  765. 			return "A30"

  766. 		default:

  767. 			return "A40"

  768. 		}

  769. 	}

  770. 

  771. 	var propertyCodes = map[string]string{

  772. 		"Single Attached": "SFO",

  773. 		"Single Detached": "SFO",

  774. 		"Condo Lo-rise":   "CON",

  775. 		"Condo Hi-rise":   "CON",

  776. 	}

  777. 

  778. 	var purposeCodes = map[string]string{

  779. 		"Purchase":  "PUR",

  780. 		"Refinance": "RRT",

  781. 	}

  782. 

  783. 	body, err := json.Marshal(map[string]any{

  784. 		"zipCode":                estimate.Zip,

  785. 		"stateCode":              "CA",

  786. 		"address":                "",

  787. 		"propertyTypeCode":       propertyCodes[estimate.Property],

  788. 		"occupancyTypeCode":      "PRS",

  789. 		"loanPurposeCode":        purposeCodes[estimate.Transaction],

  790. 		"loanAmount":             loan.Amount,

  791. 		"loanToValue":            ltv(loan.Ltv),

  792. 		"amortizationTerm":       term(loan.Term),

  793. 		"loanTypeCode":           "FXD",

  794. 		"duLpDecisionCode":       "DAE",

  795. 		"loanProgramCodes":       []any{},

  796. 		"debtToIncome":           loan.Dti,

  797. 		"wholesaleLoan":          0,

  798. 		"coveragePercentageCode": "L30",

  799. 		"productCode":            "BPM",

  800. 		"renewalTypeCode":        "CON",

  801. 		"numberOfBorrowers":      1,

  802. 		"coBorrowerCreditScores": []any{},

  803. 		"borrowerCreditScore":    strconv.Itoa(estimate.Borrower.Credit),

  804. 		"masterPolicy":           nil,

  805. 		"selfEmployedIndicator":  false,

  806. 		"armType":                "",

  807. 		"userId":                 44504,

  808. 	})

  809. 	/*

  810. 		if err != nil {

  811. 			log.Printf("Could not marshal NationalMI body: \n%v\n%v\n",

  812. 			bytes.NewBuffer(body), err)

  813. 			func queryAddress(db *sql.DB, id int) ( Address, error ) {

  814. 				var address Address = Address{Id: id}

  815. 				var err error

  816. 

  817. 				row := db.QueryRow(

  818. 					`SELECT id, full_address, street, city, region, country, zip

  819. 					FROM address WHERE id = ?`, id)

  820. 

  821. 				err = row.Scan(

  822. 					&address.Id,

  823. 					&address.Full,

  824. 					&address.Street,

  825. 					&address.City,

  826. 					&address.Region,

  827. 					&address.Country,

  828. 					&address.Zip,

  829. 					)

  830. 

  831. 				return address, err

  832. 		}

  833. 		}

  834. 	*/

  835. 

  836. 	req, err := http.NewRequest("POST",

  837. 		"https://rate-gps.nationalmi.com/rates/productRateQuote",

  838. 		bytes.NewBuffer(body))

  839. 	req.Header.Add("Content-Type", "application/json")

  840. 

  841. 	req.AddCookie(&http.Cookie{

  842. 		Name:  "nmirategps_email",

  843. 		Value: os.Getenv("NationalMIEmail")})

  844. 

  845. 	resp, err := http.DefaultClient.Do(req)

  846. 	var res map[string]interface{}

  847. 	var result []MI

  848. 

  849. 	if resp.StatusCode != 200 {

  850. 		log.Printf("the status: %v\nthe resp: %v\n the req: %v\n the body: %v\n",

  851. 			resp.Status, resp, req.Body, bytes.NewBuffer(body))

  852. 	} else {

  853. 		json.NewDecoder(resp.Body).Decode(&res)

  854. 		// estimate.Loans[pos].Mi = res

  855. 		// Parse res into result here

  856. 	}

  857. 

  858. 	log.Println(err)

  859. 

  860. 	return result

  861. }

  862. 

  863. // Make comparison PDF

  864. func generatePDF(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  865. }

  866. 

  867. func login(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  868. 	var id int

  869. 	var role string

  870. 	var err error

  871. 	var user User

  872. 	json.NewDecoder(r.Body).Decode(&user)

  873. 

  874. 	row := db.QueryRow(

  875. 		`SELECT id, role FROM user WHERE email = ? AND password = sha2(?, 256)`,

  876. 		user.Email, user.Password,

  877. 	)

  878. 

  879. 	err = row.Scan(&id, &role)

  880. 	if err != nil {

  881. 		http.Error(w, "Invalid Credentials.", http.StatusUnauthorized)

  882. 		return

  883. 	}

  884. 

  885. 	err = setTokenCookie(id, role, w)

  886. 	if err != nil {

  887. 		http.Error(w, err.Error(), 500)

  888. 	}

  889. }

  890. 

  891. func setTokenCookie(id int, role string, w http.ResponseWriter) error {

  892. 	token := jwt.NewWithClaims(jwt.SigningMethodHS256,

  893. 		UserClaims{Id: id, Role: role,

  894. 			Exp: time.Now().Add(time.Minute * 30).Format(time.UnixDate)})

  895. 

  896. 	tokenStr, err := token.SignedString([]byte(os.Getenv("JWT_SECRET")))

  897. 	if err != nil {

  898. 		log.Println("Token could not be signed: ", err, tokenStr)

  899. 		return err

  900. 	}

  901. 	

  902. 	cookie := http.Cookie{Name: "skouter",

  903. 	Value:   tokenStr,

  904. 	Path:    "/",

  905. 	Expires: time.Now().Add(time.Hour * 1)}

  906. 	http.SetCookie(w, &cookie)

  907. 	

  908. 	return nil

  909. }

  910. 

  911. func getToken(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  912. 	claims, _ := getClaims(r)

  913. 	

  914. 	err := setTokenCookie(claims.Id, claims.Role, w)

  915. 

  916. 	if err != nil {

  917. 		http.Error(w,

  918. 			"Token generation error",

  919. 			http.StatusInternalServerError)

  920. 	}

  921. }

  922. 

  923. func getClaims(r *http.Request) (UserClaims, error) {

  924. 	claims := new(UserClaims)

  925. 	_, tokenStr, found := strings.Cut(r.Header.Get("Authorization"), " ")

  926. 

  927. 	if !found {

  928. 		return *claims, errors.New("Token not found")

  929. 	}

  930. 

  931. 	// Pull token payload into UserClaims

  932. 	_, err := jwt.ParseWithClaims(tokenStr, claims,

  933. 		func(token *jwt.Token) (any, error) {

  934. 			return []byte(os.Getenv("JWT_SECRET")), nil

  935. 		})

  936. 

  937. 	if err != nil {

  938. 		return *claims, err

  939. 	}

  940. 

  941. 	if err = claims.Valid(); err != nil {

  942. 		return *claims, err

  943. 	}

  944. 

  945. 	return *claims, nil

  946. }

  947. 

  948. func guard(r *http.Request, required int) bool {

  949. 	claims, err := getClaims(r)

  950. 	if err != nil {

  951. 		return false

  952. 	}

  953. 	if roles[claims.Role] < required {

  954. 		return false

  955. 	}

  956. 	

  957. 

  958. 	return true

  959. }

  960. 

  961. // Inserts an address and returns it's ID along with any errors.

  962. func insertAddress(db *sql.DB, address Address) (int, error) {

  963. 	var query string

  964. 	var row *sql.Row

  965. 	var err error

  966. 	var id int // Inserted user's id

  967. 

  968. 	query = `INSERT INTO address

  969. 	(

  970. 		full_address,

  971. 		street,

  972. 		city,

  973. 		region,

  974. 		country,

  975. 		zip

  976. 	)

  977. 	VALUES (?, ?, ?, ?, ?, ?)

  978. 	RETURNING id 

  979. 	`

  980. 

  981. 	row = db.QueryRow(query,

  982. 		address.Full,

  983. 		address.Street,

  984. 		address.City,

  985. 		address.Region,

  986. 		address.Country,

  987. 		address.Zip,

  988. 	)

  989. 

  990. 	err = row.Scan(&id)

  991. 

  992. 	return id, err

  993. }

  994. 

  995. // Inserts an address and returns it's ID along with any errors.

  996. func insertBranch(db *sql.DB, branch Branch) (int, error) {

  997. 	var query string

  998. 	var row *sql.Row

  999. 	var err error

  1000. 	var id int // Inserted user's id

  1001. 

  1002. 	query = `INSERT INTO branch

  1003. 	(

  1004. 		name,

  1005. 		type,

  1006. 		letterhead,

  1007. 		num,

  1008. 		phone,

  1009. 		address

  1010. 	)

  1011. 	VALUES (?, ?, ?, ?, ?, ?)

  1012. 	RETURNING id 

  1013. 	`

  1014. 

  1015. 	row = db.QueryRow(query,

  1016. 		branch.Name,

  1017. 		branch.Type,

  1018. 		branch.Letterhead,

  1019. 		branch.Num,

  1020. 		branch.Phone,

  1021. 		branch.Address.Id,

  1022. 	)

  1023. 

  1024. 	err = row.Scan(&id)

  1025. 

  1026. 	return id, err

  1027. }

  1028. 

  1029. // Inserts an address and returns it's ID along with any errors.

  1030. func insertLicense(db *sql.DB, license License) (int, error) {

  1031. 	var query string

  1032. 	var row *sql.Row

  1033. 	var err error

  1034. 	var id int // Inserted license's id

  1035. 

  1036. 	query = `INSERT INTO license

  1037. 	(

  1038. 		user_id,

  1039. 		type,

  1040. 		num

  1041. 	)

  1042. 	VALUES (?, ?, ?)

  1043. 	RETURNING id 

  1044. 	`

  1045. 

  1046. 	row = db.QueryRow(query,

  1047. 		license.UserId,

  1048. 		license.Type,

  1049. 		license.Num,

  1050. 	)

  1051. 

  1052. 	err = row.Scan(&id)

  1053. 

  1054. 	return id, err

  1055. }

  1056. 

  1057. func queryLicense(db *sql.DB, user int) (License, error) {

  1058. 	var license License = License{UserId: user}

  1059. 	var err error

  1060. 

  1061. 	row := db.QueryRow(

  1062. 		`SELECT id, type, num FROM license WHERE user_id = ?`,

  1063. 		user)

  1064. 

  1065. 	err = row.Scan(

  1066. 		&license.Id,

  1067. 		&license.Type,

  1068. 		&license.Num,

  1069. 	)

  1070. 

  1071. 	return license, err

  1072. }

  1073. 

  1074. func queryAddress(db *sql.DB, id int) (Address, error) {

  1075. 	var address Address = Address{Id: id}

  1076. 	var err error

  1077. 

  1078. 	row := db.QueryRow(

  1079. 		`SELECT id, full_address, street, city, region, country, zip

  1080. 		FROM address WHERE id = ?`, id)

  1081. 

  1082. 	err = row.Scan(

  1083. 		&address.Id,

  1084. 		&address.Full,

  1085. 		&address.Street,

  1086. 		&address.City,

  1087. 		&address.Region,

  1088. 		&address.Country,

  1089. 		&address.Zip,

  1090. 	)

  1091. 

  1092. 	return address, err

  1093. }

  1094. 

  1095. func queryBranch(db *sql.DB, id int) (Branch, error) {

  1096. 	var branch Branch = Branch{Id: id}

  1097. 	var err error

  1098. 

  1099. 	row := db.QueryRow(

  1100. 		`SELECT id, name, type, letterhead, num, phone, address

  1101. 		FROM branch WHERE id = ?`, id)

  1102. 

  1103. 	err = row.Scan(

  1104. 		&branch.Id,

  1105. 		&branch.Name,

  1106. 		&branch.Type,

  1107. 		&branch.Letterhead,

  1108. 		&branch.Num,

  1109. 		&branch.Phone,

  1110. 		&branch.Address.Id,

  1111. 	)

  1112. 

  1113. 	return branch, err

  1114. }

  1115. 

  1116. func queryUser(db *sql.DB, id int) (User, error) {

  1117. 	var user User

  1118. 	var query string

  1119. 	var err error

  1120. 

  1121. 	query = `SELECT

  1122. 	u.id,

  1123. 	u.email,

  1124. 	u.first_name,

  1125. 	u.last_name,

  1126. 	coalesce(u.branch_id, 0),

  1127. 	u.country,

  1128. 	u.title,

  1129. 	coalesce(u.status, ''),

  1130. 	coalesce(u.customer_id, ''),

  1131. 	u.verified,

  1132. 	u.role,

  1133. 	u.address,

  1134. 	u.phone

  1135. 	FROM user u WHERE u.id = ?

  1136. 	`

  1137. 	row := db.QueryRow(query, id)

  1138. 

  1139. 	if err != nil {

  1140. 		return user, err

  1141. 	}

  1142. 

  1143. 	err = row.Scan(

  1144. 		&user.Id,

  1145. 		&user.Email,

  1146. 		&user.FirstName,

  1147. 		&user.LastName,

  1148. 		&user.Branch.Id,

  1149. 		&user.Country,

  1150. 		&user.Title,

  1151. 		&user.Status,

  1152. 		&user.CustomerId,

  1153. 		&user.Verified,

  1154. 		&user.Role,

  1155. 		&user.Address.Id,

  1156. 		&user.Phone,

  1157. 	)

  1158. 

  1159. 	if err != nil {

  1160. 		return user, err

  1161. 	}

  1162. 

  1163. 	user.Address, err = queryAddress(db, user.Address.Id)

  1164. 	if err != nil {

  1165. 		return user, err

  1166. 	}

  1167. 

  1168. 	if user.Branch.Id > 0 {

  1169. 		user.Branch, err = queryBranch(db, user.Branch.Id)

  1170. 		if err != nil {

  1171. 			return user, err

  1172. 		}

  1173. 	}

  1174. 

  1175. 	return user, nil

  1176. }

  1177. 

  1178. func queryCustomer(db *sql.DB, id string) (User, error) {

  1179. 	var user User

  1180. 	var query string

  1181. 	var err error

  1182. 

  1183. 	query = `SELECT

  1184. 	u.id,

  1185. 	u.email,

  1186. 	u.first_name,

  1187. 	u.last_name,

  1188. 	coalesce(u.branch_id, 0),

  1189. 	u.country,

  1190. 	u.title,

  1191. 	coalesce(u.status, ''),

  1192. 	coalesce(u.customer_id, ''),

  1193. 	u.verified,

  1194. 	u.role,

  1195. 	u.address,

  1196. 	u.phone

  1197. 	FROM user u WHERE u.customer_id = ?

  1198. 	`

  1199. 	row := db.QueryRow(query, id)

  1200. 

  1201. 	if err != nil {

  1202. 		return user, err

  1203. 	}

  1204. 

  1205. 	err = row.Scan(

  1206. 		&user.Id,

  1207. 		&user.Email,

  1208. 		&user.FirstName,

  1209. 		&user.LastName,

  1210. 		&user.Branch.Id,

  1211. 		&user.Country,

  1212. 		&user.Title,

  1213. 		&user.Status,

  1214. 		&user.CustomerId,

  1215. 		&user.Verified,

  1216. 		&user.Role,

  1217. 		&user.Address.Id,

  1218. 		&user.Phone,

  1219. 	)

  1220. 

  1221. 	if err != nil {

  1222. 		return user, err

  1223. 	}

  1224. 

  1225. 	user.Address, err = queryAddress(db, user.Address.Id)

  1226. 	if err != nil {

  1227. 		return user, err

  1228. 	}

  1229. 

  1230. 	user.Branch, err = queryBranch(db, user.Branch.Id)

  1231. 	if err != nil {

  1232. 		return user, err

  1233. 	}

  1234. 

  1235. 	return user, nil

  1236. }

  1237. 

  1238. // Can probably be deleted.

  1239. func queryUsers(db *sql.DB, id int) ([]User, error) {

  1240. 	var users []User

  1241. 	var query string

  1242. 	var rows *sql.Rows

  1243. 	var err error

  1244. 

  1245. 	query = `SELECT

  1246. 	u.id,

  1247. 	u.email,

  1248. 	u.first_name,

  1249. 	u.last_name,

  1250. 	coalesce(u.branch_id, 0),

  1251. 	u.country,

  1252. 	u.title,

  1253. 	coalesce(u.status, ''),

  1254. 	u.verified,

  1255. 	u.role,

  1256. 	u.address,

  1257. 	u.phone

  1258. 	FROM user u WHERE u.id = CASE @e := ? WHEN 0 THEN u.id ELSE @e END

  1259. 	`

  1260. 	rows, err = db.Query(query, id)

  1261. 

  1262. 	if err != nil {

  1263. 		return users, err

  1264. 	}

  1265. 

  1266. 	defer rows.Close()

  1267. 

  1268. 	for rows.Next() {

  1269. 		var user User

  1270. 

  1271. 		if err := rows.Scan(

  1272. 			&user.Id,

  1273. 			&user.Email,

  1274. 			&user.FirstName,

  1275. 			&user.LastName,

  1276. 			&user.Branch.Id,

  1277. 			&user.Country,

  1278. 			&user.Title,

  1279. 			&user.Status,

  1280. 			&user.Verified,

  1281. 			&user.Role,

  1282. 			&user.Address.Id,

  1283. 			&user.Phone,

  1284. 		); err != nil {

  1285. 			return users, err

  1286. 		}

  1287. 

  1288. 		user.Address, err = queryAddress(db, user.Address.Id)

  1289. 		if err != nil {

  1290. 			return users, err

  1291. 		}

  1292. 

  1293. 		user.Branch, err = queryBranch(db, user.Branch.Id)

  1294. 		if err != nil {

  1295. 			return users, err

  1296. 		}

  1297. 

  1298. 		users = append(users, user)

  1299. 	}

  1300. 

  1301. 	// Prevents runtime panics

  1302. 	if len(users) == 0 {

  1303. 		return users, errors.New("User not found.")

  1304. 	}

  1305. 

  1306. 	return users, nil

  1307. }

  1308. 

  1309. func querySub(db *sql.DB, id int) (Subscription, error) {

  1310. 	var query string

  1311. 	var err error

  1312. 	var s Subscription

  1313. 

  1314. 	query = `SELECT

  1315. 	id,

  1316. 	stripe_id,

  1317. 	user_id,

  1318. 	customer_id,

  1319. 	current_period_end,

  1320. 	current_period_start,

  1321. 	client_secret,

  1322. 	payment_status

  1323. 	FROM subscription WHERE id = ?

  1324. 	`

  1325. 	row := db.QueryRow(query, id)

  1326. 

  1327. 	err = row.Scan(

  1328. 		&s.Id,

  1329. 		&s.StripeId,

  1330. 		&s.CustomerId,

  1331. 		&s.End,

  1332. 		&s.Start,

  1333. 		&s.ClientSecret,

  1334. 		&s.PaymentStatus,

  1335. 	)

  1336. 

  1337. 	return s, err

  1338. }

  1339. 

  1340. func (user *User) querySub(db *sql.DB) error {

  1341. 	var query string

  1342. 	var err error

  1343. 

  1344. 	query = `SELECT

  1345. 	id,

  1346. 	stripe_id,

  1347. 	user_id,

  1348. 	customer_id,

  1349. 	price_id,

  1350. 	current_period_end,

  1351. 	current_period_start,

  1352. 	client_secret,

  1353. 	payment_status

  1354. 	FROM subscription WHERE user_id = ?

  1355. 	`

  1356. 	row := db.QueryRow(query, user.Id)

  1357. 

  1358. 	err = row.Scan(

  1359. 		&user.Sub.Id,

  1360. 		&user.Sub.StripeId,

  1361. 		&user.Sub.UserId,

  1362. 		&user.Sub.CustomerId,

  1363. 		&user.Sub.PriceId,

  1364. 		&user.Sub.End,

  1365. 		&user.Sub.Start,

  1366. 		&user.Sub.ClientSecret,

  1367. 		&user.Sub.PaymentStatus,

  1368. 	)

  1369. 

  1370. 	return err

  1371. }

  1372. 

  1373. func (estimate *Estimate) insertResults(db *sql.DB) error {

  1374. 	var query string

  1375. 	var row *sql.Row

  1376. 	var err error

  1377. 	var id int

  1378. 

  1379. 	query = `INSERT INTO estimate_result

  1380. 	(

  1381. 		loan_id,

  1382. 		loan_payment,

  1383. 		total_monthly,

  1384. 		total_fees,

  1385. 		total_credits,

  1386. 		cash_to_close

  1387. 	)

  1388. 	VALUES (?, ?, ?, ?, ?, ?)

  1389. 	RETURNING id

  1390. 	`

  1391. 	for i := range estimate.Loans {

  1392. 		r := estimate.Loans[i].Result

  1393. 		r.LoanId = estimate.Loans[i].Id

  1394. 

  1395. 		row = db.QueryRow(query,

  1396. 			r.LoanId,

  1397. 			r.LoanPayment,

  1398. 			r.TotalMonthly,

  1399. 			r.TotalFees,

  1400. 			r.TotalCredits,

  1401. 			r.CashToClose,

  1402. 		)

  1403. 		err = row.Scan(&id)

  1404. 		if err != nil {

  1405. 			return err

  1406. 		}

  1407. 		r.Id = id

  1408. 	}

  1409. 

  1410. 	return nil

  1411. }

  1412. 

  1413. // Insert user returning it's ID or any error

  1414. func insertUser(db *sql.DB, user User) (int, error) {

  1415. 	var query string

  1416. 	var row *sql.Row

  1417. 	var err error

  1418. 	var id int // Inserted user's id

  1419. 

  1420. 	user.Address.Id, err = insertAddress(db, user.Address)

  1421. 	if err != nil {

  1422. 		return 0, err

  1423. 	}

  1424. 

  1425. 	query = `INSERT INTO user

  1426. 	(

  1427. 		email,

  1428. 		first_name,

  1429. 		last_name,

  1430. 		password,

  1431. 		role,

  1432. 		title,

  1433. 		status,

  1434. 		verified,

  1435. 		address,

  1436. 		country,

  1437. 		branch_id,

  1438. 		phone,

  1439. 		created,

  1440. 		last_login

  1441. 	)

  1442. 	VALUES (?, ?, ?, sha2(?, 256), ?, ?, ?, ?, ?, ?,

  1443. 	CASE @b := ? WHEN 0 THEN NULL ELSE @b END,

  1444. 	?, NOW(), NOW())

  1445. 	RETURNING id 

  1446. 	`

  1447. 

  1448. 	row = db.QueryRow(query,

  1449. 		user.Email,

  1450. 		user.FirstName,

  1451. 		user.LastName,

  1452. 		user.Password,

  1453. 		user.Role,

  1454. 		user.Title,

  1455. 		user.Status,

  1456. 		user.Verified,

  1457. 		user.Address.Id,

  1458. 		user.Country,

  1459. 		user.Branch.Id,

  1460. 		user.Phone,

  1461. 	)

  1462. 

  1463. 	err = row.Scan(&id)

  1464. 	if err != nil {

  1465. 		return 0, err

  1466. 	}

  1467. 

  1468. 	user.Id = id

  1469. 

  1470. 	return id, nil

  1471. }

  1472. 

  1473. // Insert user returning it's ID or any error

  1474. func (sub *Subscription) insertSub(db *sql.DB) (error) {

  1475. 	var query string

  1476. 	var row *sql.Row

  1477. 	var err error

  1478. 

  1479. 	query = `INSERT INTO subscription

  1480. 	(

  1481. 		stripe_id,

  1482. 		user_id,

  1483. 		customer_id,

  1484. 		price_id,

  1485. 		current_period_end,

  1486. 		current_period_start,

  1487. 		client_secret,

  1488. 		payment_status

  1489. 	)

  1490. 	VALUES (?, ?, ?, ?, ?, ?, ?, ?)

  1491. 	RETURNING id

  1492. 	`

  1493. 	

  1494. 	row = db.QueryRow(query,

  1495. 		sub.StripeId,

  1496. 		sub.UserId,

  1497. 		sub.CustomerId,

  1498. 		sub.PriceId,

  1499. 		sub.End,

  1500. 		sub.Start,

  1501. 		sub.ClientSecret,

  1502. 		sub.PaymentStatus,

  1503. 	)

  1504. 

  1505. 	err = row.Scan(&sub.Id)

  1506. 	return err

  1507. }

  1508. 

  1509. func (sub *Subscription) updateSub(db *sql.DB) error {

  1510. 	var query string

  1511. 	var err error

  1512. 

  1513. 	query = `UPDATE subscription

  1514. 	SET client_secret = ?, payment_status = ?

  1515. 	WHERE id = ?

  1516. 	`

  1517. 	

  1518. 	s, err := subscription.Get(sub.StripeId, &stripe.SubscriptionParams{})

  1519. 	if err != nil { return err }

  1520. 	

  1521. 	i, err := invoice.Get(s.LatestInvoice.ID, &stripe.InvoiceParams{})

  1522. 	if err != nil { return err }

  1523. 	

  1524. 	p, err := paymentintent.Get(i.PaymentIntent.ID,

  1525. 	&stripe.PaymentIntentParams{})

  1526. 	if err != nil { return err }

  1527. 	

  1528. 	_, err = db.Exec(query,

  1529. 		p.ClientSecret,

  1530. 		p.Status,

  1531. 		sub.Id,

  1532. 	)

  1533. 	if err != nil { return err }

  1534. 	

  1535. 	sub.ClientSecret = p.ClientSecret

  1536. 	sub.PaymentStatus = string(p.Status)

  1537. 

  1538. 	return err

  1539. }

  1540. 

  1541. 

  1542. // Updates a user's stripe customer ID.

  1543. func (user *User) updateCustomerId(db *sql.DB, cid string) (error) {

  1544. 	var query string

  1545. 	var err error

  1546. 

  1547. 	query = `UPDATE user SET

  1548. 	customer_id = ?

  1549. 	WHERE id = ?

  1550. 	`

  1551. 	_, err = db.Exec(query,

  1552. 		cid,

  1553. 		user.Id,

  1554. 	)

  1555. 	if err != nil { return err }

  1556. 	

  1557. 	user.CustomerId = cid

  1558. 

  1559. 	return nil

  1560. }

  1561. 

  1562. func updateAddress(address Address, db *sql.DB) error {

  1563. 	query := `

  1564. 	UPDATE address

  1565. 	SET

  1566. 	full_address = CASE @e := ? WHEN '' THEN full_address ELSE @e END,

  1567. 	street = CASE @fn := ? WHEN '' THEN street ELSE @fn END,

  1568. 	city = CASE @ln := ? WHEN '' THEN city ELSE @ln END,

  1569. 	region = CASE @r := ? WHEN '' THEN region ELSE @r END,

  1570. 	country = CASE @r := ? WHEN '' THEN country ELSE @r END,

  1571. 	zip = CASE @r := ? WHEN '' THEN zip ELSE @r END

  1572. 	WHERE id = ?

  1573. 	`

  1574. 

  1575. 	_, err := db.Exec(query,

  1576. 		address.Full,

  1577. 		address.Street,

  1578. 		address.City,

  1579. 		address.Region,

  1580. 		address.Country,

  1581. 		address.Zip,

  1582. 		address.Id,

  1583. 	)

  1584. 

  1585. 	return err

  1586. }

  1587. 

  1588. func updateUser(user User, db *sql.DB) error {

  1589. 	query := `

  1590. 	UPDATE user

  1591. 	SET

  1592. 	email = CASE @e := ? WHEN '' THEN email ELSE @e END,

  1593. 	first_name = CASE @fn := ? WHEN '' THEN first_name ELSE @fn END,

  1594. 	last_name = CASE @ln := ? WHEN '' THEN last_name ELSE @ln END,

  1595. 	role = CASE @r := ? WHEN '' THEN role ELSE @r END,

  1596. 	password = CASE @p := ? WHEN '' THEN password ELSE sha2(@p, 256) END

  1597. 	WHERE id = ?

  1598. 	`

  1599. 

  1600. 	_, err := db.Exec(query,

  1601. 		user.Email,

  1602. 		user.FirstName,

  1603. 		user.LastName,

  1604. 		user.Role,

  1605. 		user.Password,

  1606. 		user.Id,

  1607. 	)

  1608. 

  1609. 	return err

  1610. }

  1611. 

  1612. func getUser(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  1613. 	claims, err := getClaims(r)

  1614. 	if err != nil {

  1615. 		w.WriteHeader(500)

  1616. 		return

  1617. 	}

  1618. 	

  1619. 	user, err := queryUser(db, claims.Id)

  1620. 	if err != nil {

  1621. 		w.WriteHeader(422)

  1622. 		log.Println(err)

  1623. 		return

  1624. 	}

  1625. 	

  1626. 	json.NewEncoder(w).Encode(user)

  1627. }

  1628. 

  1629. func getUsers(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  1630. 	users, err := queryUsers(db, 0)

  1631. 	if err != nil {

  1632. 		w.WriteHeader(http.StatusInternalServerError)

  1633. 		return

  1634. 	}

  1635. 

  1636. 	json.NewEncoder(w).Encode(users)

  1637. }

  1638. 

  1639. // Updates a user using only specified values in the JSON body

  1640. func setUser(user User, db *sql.DB) error {

  1641. 	_, err := mail.ParseAddress(user.Email)

  1642. 	if err != nil {

  1643. 		return err

  1644. 	}

  1645. 

  1646. 	if roles[user.Role] == 0 {

  1647. 		return errors.New("Invalid role")

  1648. 	}

  1649. 

  1650. 	err = updateUser(user, db)

  1651. 	if err != nil {

  1652. 		return err

  1653. 	}

  1654. 	err = updateAddress(user.Address, db)

  1655. 	if err != nil {

  1656. 		return err

  1657. 	}

  1658. 

  1659. 	return nil

  1660. }

  1661. 

  1662. func patchUser(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  1663. 	var user User

  1664. 	err := json.NewDecoder(r.Body).Decode(&user)

  1665. 	if err != nil {

  1666. 		http.Error(w, "Invalid fields", 422)

  1667. 		return

  1668. 	}

  1669. 

  1670. 	err = setUser(user, db)

  1671. 	if err != nil {

  1672. 		http.Error(w, err.Error(), 422)

  1673. 		return

  1674. 	}

  1675. }

  1676. 

  1677. // Update specified fields of the user specified in the claim

  1678. func patchSelf(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  1679. 	claim, err := getClaims(r)

  1680. 	var user User

  1681. 	json.NewDecoder(r.Body).Decode(&user)

  1682. 

  1683. 	// First check that the target user to be updated is the same as the claim id, and

  1684. 	// their role is unchanged.

  1685. 	if err != nil || claim.Id != user.Id {

  1686. 		http.Error(w, "Target user's id does not match claim.", 401)

  1687. 		return

  1688. 	}

  1689. 

  1690. 	if claim.Role != user.Role && user.Role != "" {

  1691. 		http.Error(w, "Administrator required to escalate role.", 401)

  1692. 		return

  1693. 	}

  1694. 

  1695. 	err = setUser(user, db)

  1696. 	if err != nil {

  1697. 		http.Error(w, err.Error(), 422)

  1698. 		return

  1699. 	}

  1700. }

  1701. 

  1702. func deleteUser(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  1703. 	var user User

  1704. 	err := json.NewDecoder(r.Body).Decode(&user)

  1705. 	if err != nil {

  1706. 		http.Error(w, "Invalid fields.", 422)

  1707. 		return

  1708. 	}

  1709. 

  1710. 	query := `DELETE FROM user WHERE id = ?`

  1711. 	_, err = db.Exec(query, user.Id)

  1712. 

  1713. 	if err != nil {

  1714. 		http.Error(w, "Could not delete.", 500)

  1715. 	}

  1716. }

  1717. 

  1718. // Checks if a user's entries are reasonable before database insertion.

  1719. // This function is very important because it is the only thing preventing

  1720. // anyone from creating an admin user. These error messages are displayed to

  1721. // the user.

  1722. func (user *User) validate() error {

  1723. 	_, err := mail.ParseAddress(user.Email)

  1724. 	if err != nil {

  1725. 		return errors.New("Invalid email.")

  1726. 	}

  1727. 

  1728. 	if roles[user.Role] == 0 {

  1729. 		return errors.New("Invalid role.")

  1730. 	}

  1731. 

  1732. 	if roles[user.Role] == roles["Admin"] {

  1733. 		return errors.New("New user cannot be an Admin.")

  1734. 	}

  1735. 

  1736. 	if user.FirstName == "" {

  1737. 		return errors.New("Given name cannot be empty.")

  1738. 	}

  1739. 

  1740. 	if user.LastName == "" {

  1741. 		return errors.New("Surname cannot be empty.")

  1742. 	}

  1743. 

  1744. 	if user.Password == "" {

  1745. 		return errors.New("Empty password")

  1746. 	}

  1747. 

  1748. 	return nil

  1749. }

  1750. 

  1751. func createUser(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  1752. 	var user User

  1753. 	err := json.NewDecoder(r.Body).Decode(&user)

  1754. 	if err != nil {

  1755. 		http.Error(w, "Invalid fields.", 422)

  1756. 		return

  1757. 	}

  1758. 

  1759. 	user.Role = "User"

  1760. 	user.Status = "Trial"

  1761. 	err = user.validate()

  1762. 	if err != nil {

  1763. 		http.Error(w, err.Error(), 422)

  1764. 		return

  1765. 	}

  1766. 

  1767. 	user.Id, err = insertUser(db, user)

  1768. 	if err != nil {

  1769. 		http.Error(w, err.Error(), 422)

  1770. 		return

  1771. 	}

  1772. 	

  1773. 	err = setTokenCookie(user.Id, user.Role, w)

  1774. 	if err != nil {

  1775. 		http.Error(w, err.Error(), 500)

  1776. 		return

  1777. 	}

  1778. 

  1779. 	json.NewEncoder(w).Encode(user)

  1780. }

  1781. 

  1782. func checkPassword(db *sql.DB, id int, pass string) bool {

  1783. 	var p string

  1784. 	query := `SELECT

  1785. 	password

  1786. 	FROM user WHERE user.id = ? AND password = sha2(?, 256)

  1787. 	`

  1788. 	row := db.QueryRow(query, id, pass)

  1789. 	err := row.Scan(&p)

  1790. 	if err != nil {

  1791. 		return false

  1792. 	}

  1793. 

  1794. 	return true

  1795. }

  1796. 

  1797. func setPassword(db *sql.DB, id int, pass string) error {

  1798. 	query := `UPDATE user

  1799. 	SET password = sha2(?, 256)

  1800. 	WHERE user.id = ?

  1801. 	`

  1802. 	_, err := db.Exec(query, pass, id)

  1803. 	if err != nil {

  1804. 		return errors.New("Could not insert password.")

  1805. 	}

  1806. 

  1807. 	return nil

  1808. }

  1809. 

  1810. func changePassword(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  1811. 	var pass Password

  1812. 	claim, err := getClaims(r)

  1813. 	err = json.NewDecoder(r.Body).Decode(&pass)

  1814. 	if err != nil {

  1815. 		http.Error(w, "Bad fields.", 422)

  1816. 		return

  1817. 	}

  1818. 

  1819. 	if checkPassword(db, claim.Id, pass.Old) {

  1820. 		err = setPassword(db, claim.Id, pass.New)

  1821. 	} else {

  1822. 		http.Error(w, "Incorrect old password.", 401)

  1823. 		return

  1824. 	}

  1825. 

  1826. 	if err != nil {

  1827. 		http.Error(w, err.Error(), 500)

  1828. 		return

  1829. 	}

  1830. }

  1831. 

  1832. func fetchAvatar(db *sql.DB, user int) ([]byte, error) {

  1833. 	var img []byte

  1834. 	var query string

  1835. 	var err error

  1836. 

  1837. 	query = `SELECT

  1838. 	avatar

  1839. 	FROM user WHERE user.id = ?

  1840. 	`

  1841. 	row := db.QueryRow(query, user)

  1842. 	err = row.Scan(&img)

  1843. 

  1844. 	if err != nil {

  1845. 		return img, err

  1846. 	}

  1847. 

  1848. 	return img, nil

  1849. }

  1850. 

  1851. func insertAvatar(db *sql.DB, user int, img []byte) error {

  1852. 	query := `UPDATE user

  1853. 	SET avatar = ?

  1854. 	WHERE id = ?

  1855. 	`

  1856. 	_, err := db.Exec(query, img, user)

  1857. 	if err != nil {

  1858. 		return err

  1859. 	}

  1860. 

  1861. 	return nil

  1862. }

  1863. 

  1864. func fetchLetterhead(db *sql.DB, user int) ([]byte, error) {

  1865. 	var img []byte

  1866. 	var query string

  1867. 	var err error

  1868. 

  1869. 	query = `SELECT

  1870. 	letterhead

  1871. 	FROM user WHERE user.id = ?

  1872. 	`

  1873. 	row := db.QueryRow(query, user)

  1874. 	err = row.Scan(&img)

  1875. 

  1876. 	if err != nil {

  1877. 		return img, err

  1878. 	}

  1879. 

  1880. 	return img, nil

  1881. }

  1882. 

  1883. func insertLetterhead(db *sql.DB, user int, img []byte) error {

  1884. 	query := `UPDATE user

  1885. 	SET letterhead = ?

  1886. 	WHERE id = ?

  1887. 	`

  1888. 	_, err := db.Exec(query, img, user)

  1889. 	if err != nil {

  1890. 		return err

  1891. 	}

  1892. 

  1893. 	return nil

  1894. }

  1895. 

  1896. func setAvatar(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  1897. 	var validTypes []string = []string{"image/png", "image/jpeg"}

  1898. 	var isValidType bool

  1899. 

  1900. 	claims, err := getClaims(r)

  1901. 	if err != nil {

  1902. 		http.Error(w, "Invalid token.", 422)

  1903. 		return

  1904. 	}

  1905. 	img, err := io.ReadAll(r.Body)

  1906. 	if err != nil {

  1907. 		http.Error(w, "Invalid file.", 422)

  1908. 		return

  1909. 	}

  1910. 	for _, v := range validTypes {

  1911. 		if v == http.DetectContentType(img) {

  1912. 			isValidType = true

  1913. 		}

  1914. 	}

  1915. 	if !isValidType {

  1916. 		http.Error(w, "Invalid file type.", 422)

  1917. 		return

  1918. 	}

  1919. 

  1920. 	err = insertAvatar(db, claims.Id, img)

  1921. 	if err != nil {

  1922. 		http.Error(w, "Could not insert.", 500)

  1923. 		return

  1924. 	}

  1925. }

  1926. 

  1927. func getAvatar(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  1928. 	claims, err := getClaims(r)

  1929. 	if err != nil {

  1930. 		http.Error(w, "Invalid token.", 422)

  1931. 		return

  1932. 	}

  1933. 	img, err := fetchAvatar(db, claims.Id)

  1934. 	if err != nil {

  1935. 		http.Error(w, "Could not retrieve.", 500)

  1936. 		return

  1937. 	}

  1938. 

  1939. 	w.Header().Set("Content-Type", http.DetectContentType(img))

  1940. 	w.Write(img)

  1941. }

  1942. 

  1943. func setLetterhead(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  1944. 	var validTypes []string = []string{"image/png", "image/jpeg"}

  1945. 	var isValidType bool

  1946. 

  1947. 	claims, err := getClaims(r)

  1948. 	if err != nil {

  1949. 		http.Error(w, "Invalid token.", 422)

  1950. 		return

  1951. 	}

  1952. 	img, err := io.ReadAll(r.Body)

  1953. 	if err != nil {

  1954. 		http.Error(w, "Invalid file.", 422)

  1955. 		return

  1956. 	}

  1957. 	for _, v := range validTypes {

  1958. 		if v == http.DetectContentType(img) {

  1959. 			isValidType = true

  1960. 		}

  1961. 	}

  1962. 	if !isValidType {

  1963. 		http.Error(w, "Invalid file type.", 422)

  1964. 		return

  1965. 	}

  1966. 

  1967. 	err = insertLetterhead(db, claims.Id, img)

  1968. 	if err != nil {

  1969. 		http.Error(w, "Could not insert.", 500)

  1970. 		return

  1971. 	}

  1972. }

  1973. 

  1974. func getLetterhead(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  1975. 	claims, err := getClaims(r)

  1976. 	if err != nil {

  1977. 		http.Error(w, "Invalid token.", 422)

  1978. 		return

  1979. 	}

  1980. 	img, err := fetchLetterhead(db, claims.Id)

  1981. 	if err != nil {

  1982. 		http.Error(w, "Could not retrieve.", 500)

  1983. 		return

  1984. 	}

  1985. 

  1986. 	w.Header().Set("Content-Type", http.DetectContentType(img))

  1987. 	w.Write(img)

  1988. }

  1989. 

  1990. func queryBorrower(db *sql.DB, id int) (Borrower, error) {

  1991. 	var borrower Borrower

  1992. 	var query string

  1993. 	var err error

  1994. 

  1995. 	query = `SELECT

  1996. 	l.id,

  1997. 	l.credit_score,

  1998. 	l.num,

  1999. 	l.monthly_income

  2000. 	FROM borrower l WHERE l.id = ?

  2001. 	`

  2002. 	row := db.QueryRow(query, id)

  2003. 	err = row.Scan(

  2004. 		borrower.Id,

  2005. 		borrower.Credit,

  2006. 		borrower.Num,

  2007. 		borrower.Income,

  2008. 	)

  2009. 

  2010. 	if err != nil {

  2011. 		return borrower, err

  2012. 	}

  2013. 

  2014. 	return borrower, nil

  2015. }

  2016. 

  2017. // Must have an estimate ID 'e', but not necessarily a loan id 'id'

  2018. func getResults(db *sql.DB, e int, id int) ([]Result, error) {

  2019. 	var results []Result

  2020. 	var query string

  2021. 	var rows *sql.Rows

  2022. 	var err error

  2023. 

  2024. 	query = `SELECT

  2025. 	r.id,

  2026. 	loan_id,

  2027. 	loan_payment,

  2028. 	total_monthly,

  2029. 	total_fees,

  2030. 	total_credits,

  2031. 	cash_to_close

  2032. 	FROM estimate_result r

  2033. 	INNER JOIN loan

  2034. 	ON r.loan_id = loan.id

  2035. 	WHERE r.id = CASE @e := ? WHEN 0 THEN r.id ELSE @e END

  2036. 	AND loan.estimate_id = ?

  2037. 	`

  2038. 	rows, err = db.Query(query, id, e)

  2039. 

  2040. 	if err != nil {

  2041. 		return results, err

  2042. 	}

  2043. 

  2044. 	defer rows.Close()

  2045. 

  2046. 	for rows.Next() {

  2047. 		var result Result

  2048. 

  2049. 		if err := rows.Scan(

  2050. 			&result.Id,

  2051. 			&result.LoanId,

  2052. 			&result.LoanPayment,

  2053. 			&result.TotalMonthly,

  2054. 			&result.TotalFees,

  2055. 			&result.TotalCredits,

  2056. 			&result.CashToClose,

  2057. 		); err != nil {

  2058. 			return results, err

  2059. 		}

  2060. 

  2061. 		results = append(results, result)

  2062. 	}

  2063. 

  2064. 	// Prevents runtime panics

  2065. 	// if len(results) == 0 { return results, errors.New("Result not found.") }

  2066. 

  2067. 	return results, nil

  2068. }

  2069. 

  2070. // Retrieve an estimate result with a specified loan id

  2071. func getResult(db *sql.DB, loan int) (Result, error) {

  2072. 	var result Result

  2073. 	var query string

  2074. 	var err error

  2075. 

  2076. 	query = `SELECT

  2077. 	r.id,

  2078. 	loan_id,

  2079. 	loan_payment,

  2080. 	total_monthly,

  2081. 	total_fees,

  2082. 	total_credits,

  2083. 	cash_to_close

  2084. 	FROM estimate_result r

  2085. 	INNER JOIN loan

  2086. 	ON r.loan_id = loan.id

  2087. 	WHERE loan.Id = ?

  2088. 	`

  2089. 	row := db.QueryRow(query, loan)

  2090. 

  2091. 	err = row.Scan(

  2092. 		&result.Id,

  2093. 		&result.LoanId,

  2094. 		&result.LoanPayment,

  2095. 		&result.TotalMonthly,

  2096. 		&result.TotalFees,

  2097. 		&result.TotalCredits,

  2098. 		&result.CashToClose,

  2099. 	)

  2100. 

  2101. 	if err != nil {

  2102. 		return result, err

  2103. 	}

  2104. 

  2105. 	return result, nil

  2106. }

  2107. 

  2108. // Must have an estimate ID 'e', but not necessarily a loan id 'id'

  2109. func getLoans(db *sql.DB, e int, id int) ([]Loan, error) {

  2110. 	var loans []Loan

  2111. 	var query string

  2112. 	var rows *sql.Rows

  2113. 	var err error

  2114. 

  2115. 	query = `SELECT

  2116. 	l.id,

  2117. 	l.type_id,

  2118. 	l.estimate_id,

  2119. 	l.amount,

  2120. 	l.term,

  2121. 	l.interest,

  2122. 	l.ltv,

  2123. 	l.dti,

  2124. 	l.hoi,

  2125. 	l.tax,

  2126. 	l.name

  2127. 	FROM loan l WHERE l.id = CASE @e := ? WHEN 0 THEN l.id ELSE @e END AND

  2128. 	l.estimate_id = ?

  2129. 	`

  2130. 	rows, err = db.Query(query, id, e)

  2131. 

  2132. 	if err != nil {

  2133. 		return loans, err

  2134. 	}

  2135. 

  2136. 	defer rows.Close()

  2137. 

  2138. 	for rows.Next() {

  2139. 		var loan Loan

  2140. 

  2141. 		if err := rows.Scan(

  2142. 			&loan.Id,

  2143. 			&loan.Type.Id,

  2144. 			&loan.EstimateId,

  2145. 			&loan.Amount,

  2146. 			&loan.Term,

  2147. 			&loan.Interest,

  2148. 			&loan.Ltv,

  2149. 			&loan.Dti,

  2150. 			&loan.Hoi,

  2151. 			&loan.Tax,

  2152. 			&loan.Name,

  2153. 		); err != nil {

  2154. 			return loans, err

  2155. 		}

  2156. 

  2157. 		mi, err := getMi(db, loan.Id)

  2158. 		if err != nil {

  2159. 			return loans, err

  2160. 		}

  2161. 		loan.Mi = mi

  2162. 		fees, err := getFees(db, loan.Id)

  2163. 		if err != nil {

  2164. 			return loans, err

  2165. 		}

  2166. 		loan.Fees = fees

  2167. 

  2168. 		loan.Result, err = getResult(db, loan.Id)

  2169. 		if err != nil {

  2170. 			return loans, err

  2171. 		}

  2172. 

  2173. 		loan.Type, err = getLoanType(db, loan.Type.Id)

  2174. 		if err != nil {

  2175. 			return loans, err

  2176. 		}

  2177. 

  2178. 		loans = append(loans, loan)

  2179. 	}

  2180. 

  2181. 	// Prevents runtime panics

  2182. 	if len(loans) == 0 {

  2183. 		return loans, errors.New("Loan not found.")

  2184. 	}

  2185. 

  2186. 	return loans, nil

  2187. }

  2188. 

  2189. func getEstimate(db *sql.DB, id int) (Estimate, error) {

  2190. 	estimates, err := getEstimates(db, id, 0)

  2191. 

  2192. 	if err != nil {

  2193. 		return Estimate{}, err

  2194. 	}

  2195. 

  2196. 	return estimates[0], nil

  2197. }

  2198. 

  2199. func getEstimates(db *sql.DB, id int, user int) ([]Estimate, error) {

  2200. 	var estimates []Estimate

  2201. 	var query string

  2202. 	var rows *sql.Rows

  2203. 	var err error

  2204. 

  2205. 	query = `SELECT

  2206. 	id,

  2207. 	user_id,

  2208. 	transaction,

  2209. 	price,

  2210. 	property,

  2211. 	occupancy,

  2212. 	zip,

  2213. 	pud

  2214. 	FROM estimate WHERE id = CASE @e := ? WHEN 0 THEN id ELSE @e END AND

  2215. 	user_id = CASE @e := ? WHEN 0 THEN user_id ELSE @e END

  2216. 	`

  2217. 	rows, err = db.Query(query, id, user)

  2218. 

  2219. 	if err != nil {

  2220. 		return estimates, err

  2221. 	}

  2222. 

  2223. 	defer rows.Close()

  2224. 

  2225. 	for rows.Next() {

  2226. 		var estimate Estimate

  2227. 

  2228. 		if err := rows.Scan(

  2229. 			&estimate.Id,

  2230. 			&estimate.User,

  2231. 			&estimate.Transaction,

  2232. 			&estimate.Price,

  2233. 			&estimate.Property,

  2234. 			&estimate.Occupancy,

  2235. 			&estimate.Zip,

  2236. 			&estimate.Pud,

  2237. 		); err != nil {

  2238. 			return estimates, err

  2239. 		}

  2240. 

  2241. 		err := estimate.getBorrower(db)

  2242. 		if err != nil {

  2243. 			return estimates, err

  2244. 		}

  2245. 		estimates = append(estimates, estimate)

  2246. 	}

  2247. 

  2248. 	// Prevents runtime panics

  2249. 	if len(estimates) == 0 {

  2250. 		return estimates, errors.New("Estimate not found.")

  2251. 	}

  2252. 

  2253. 	for i := range estimates {

  2254. 		estimates[i].Loans, err = getLoans(db, estimates[i].Id, 0)

  2255. 		if err != nil {

  2256. 			return estimates, err

  2257. 		}

  2258. 	}

  2259. 

  2260. 	return estimates, nil

  2261. }

  2262. 

  2263. func queryETemplates(db *sql.DB, id int, user int) ([]ETemplate, error) {

  2264. 	var eTemplates []ETemplate

  2265. 	var query string

  2266. 	var rows *sql.Rows

  2267. 	var err error

  2268. 

  2269. 	query = `SELECT

  2270. 	id,

  2271. 	estimate_id,

  2272. 	user_id,

  2273. 	branch_id

  2274. 	FROM estimate_template WHERE id = CASE @e := ? WHEN 0 THEN id ELSE @e END AND

  2275. 	user_id = CASE @e := ? WHEN 0 THEN user_id ELSE @e END

  2276. 	`

  2277. 	rows, err = db.Query(query, id, user)

  2278. 

  2279. 	if err != nil {

  2280. 		return eTemplates, err

  2281. 	}

  2282. 

  2283. 	defer rows.Close()

  2284. 

  2285. 	for rows.Next() {

  2286. 		var e ETemplate

  2287. 

  2288. 		if err := rows.Scan(

  2289. 			&e.Id,

  2290. 			&e.Estimate.Id,

  2291. 			&e.UserId,

  2292. 			&e.BranchId,

  2293. 		); err != nil {

  2294. 			return eTemplates, err

  2295. 		}

  2296. 

  2297. 		e.Estimate, err = getEstimate(db, e.Estimate.Id)

  2298. 		if err != nil {

  2299. 			return eTemplates, err

  2300. 		}

  2301. 

  2302. 		eTemplates = append(eTemplates, e)

  2303. 	}

  2304. 

  2305. 	return eTemplates, nil

  2306. }

  2307. 

  2308. // Accepts a borrower struct and returns the id of the inserted borrower and

  2309. // any related error.

  2310. func (estimate *Estimate) insertETemplate(db *sql.DB, user int, branch int) error {

  2311. 	var query string

  2312. 	var err error

  2313. 

  2314. 	query = `INSERT INTO estimate_template

  2315. 	(

  2316. 		estimate_id,

  2317. 		user_id,

  2318. 		branch_id

  2319. 	)

  2320. 	VALUES (?, ?, ?)

  2321. 	`

  2322. 	_, err = db.Exec(query,

  2323. 		estimate.Id,

  2324. 		user,

  2325. 		branch,

  2326. 	)

  2327. 	if err != nil {

  2328. 		return err

  2329. 	}

  2330. 

  2331. 	return nil

  2332. }

  2333. 

  2334. // Accepts a borrower struct and returns the id of the inserted borrower and

  2335. // any related error.

  2336. func (estimate *Estimate) insertBorrower(db *sql.DB) error {

  2337. 	var query string

  2338. 	var row *sql.Row

  2339. 	var err error

  2340. 

  2341. 	query = `INSERT INTO borrower

  2342. 	(

  2343. 		estimate_id,

  2344. 		credit_score,

  2345. 		monthly_income,

  2346. 		num

  2347. 	)

  2348. 	VALUES (?, ?, ?, ?)

  2349. 	RETURNING id

  2350. 	`

  2351. 	row = db.QueryRow(query,

  2352. 		estimate.Id,

  2353. 		estimate.Borrower.Credit,

  2354. 		estimate.Borrower.Income,

  2355. 		estimate.Borrower.Num,

  2356. 	)

  2357. 

  2358. 	err = row.Scan(&estimate.Borrower.Id)

  2359. 	if err != nil {

  2360. 		return err

  2361. 	}

  2362. 

  2363. 	return nil

  2364. }

  2365. 

  2366. func insertMi(db *sql.DB, mi MI) (int, error) {

  2367. 	var id int

  2368. 

  2369. 	query := `INSERT INTO mi 

  2370. 		(

  2371. 			type,

  2372. 			label,

  2373. 			lender,

  2374. 			rate,

  2375. 			premium,

  2376. 			upfront,

  2377. 			five_year_total,

  2378. 			initial_premium,

  2379. 			initial_rate,

  2380. 			initial_amount

  2381. 		)

  2382. 		VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)

  2383. 		RETURNING id`

  2384. 

  2385. 	row := db.QueryRow(query,

  2386. 		&mi.Type,

  2387. 		&mi.Label,

  2388. 		&mi.Lender,

  2389. 		&mi.Rate,

  2390. 		&mi.Premium,

  2391. 		&mi.Upfront,

  2392. 		&mi.FiveYearTotal,

  2393. 		&mi.InitialAllInPremium,

  2394. 		&mi.InitialAllInRate,

  2395. 		&mi.InitialAmount,

  2396. 	)

  2397. 

  2398. 	err := row.Scan(&id)

  2399. 	if err != nil {

  2400. 		return 0, err

  2401. 	}

  2402. 

  2403. 	return id, nil

  2404. }

  2405. 

  2406. func insertFee(db *sql.DB, fee Fee) (int, error) {

  2407. 	var id int

  2408. 

  2409. 	query := `INSERT INTO fee 

  2410. 		(loan_id, amount, perc, type, notes, name, category)

  2411. 		VALUES (?, ?, ?, ?, ?, ?, ?)

  2412. 		RETURNING id`

  2413. 

  2414. 	row := db.QueryRow(query,

  2415. 		fee.LoanId,

  2416. 		fee.Amount,

  2417. 		fee.Perc,

  2418. 		fee.Type,

  2419. 		fee.Notes,

  2420. 		fee.Name,

  2421. 		fee.Category,

  2422. 	)

  2423. 

  2424. 	err := row.Scan(&id)

  2425. 	if err != nil {

  2426. 		return 0, err

  2427. 	}

  2428. 

  2429. 	return id, nil

  2430. }

  2431. 

  2432. func insertLoanType(db *sql.DB, lt LoanType) (int, error) {

  2433. 	var id int

  2434. 

  2435. 	query := `INSERT INTO loan_type (branch_id, user_id, name)

  2436. 		VALUES (NULLIF(?, 0), NULLIF(?, 0), ?)

  2437. 		RETURNING id`

  2438. 

  2439. 	row := db.QueryRow(query,

  2440. 		lt.Branch,

  2441. 		lt.User,

  2442. 		lt.Name,

  2443. 	)

  2444. 

  2445. 	err := row.Scan(&id)

  2446. 	if err != nil {

  2447. 		return 0, err

  2448. 	}

  2449. 

  2450. 	return id, nil

  2451. }

  2452. 

  2453. func (loan *Loan) insertLoan(db *sql.DB) error {

  2454. 	var query string

  2455. 	var row *sql.Row

  2456. 	var err error

  2457. 

  2458. 	query = `INSERT INTO loan

  2459. 	(

  2460. 		estimate_id,

  2461. 		type_id,

  2462. 		amount,

  2463. 		term,

  2464. 		interest,

  2465. 		ltv,

  2466. 		dti,

  2467. 		hoi,

  2468. 		tax,

  2469. 		name

  2470. 	)

  2471. 	VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)

  2472. 	RETURNING id

  2473. 	`

  2474. 	row = db.QueryRow(query,

  2475. 		loan.EstimateId,

  2476. 		loan.Type.Id,

  2477. 		loan.Amount,

  2478. 		loan.Term,

  2479. 		loan.Interest,

  2480. 		loan.Ltv,

  2481. 		loan.Dti,

  2482. 		loan.Hoi,

  2483. 		loan.Tax,

  2484. 		loan.Name,

  2485. 	)

  2486. 

  2487. 	err = row.Scan(&loan.Id)

  2488. 	if err != nil {

  2489. 		return err

  2490. 	}

  2491. 	_, err = insertMi(db, loan.Mi)

  2492. 	if err != nil {

  2493. 		return err

  2494. 	}

  2495. 	for i := range loan.Fees {

  2496. 		loan.Fees[i].LoanId = loan.Id

  2497. 		_, err := insertFee(db, loan.Fees[i])

  2498. 		if err != nil {

  2499. 			return err

  2500. 		}

  2501. 	}

  2502. 

  2503. 	return nil

  2504. }

  2505. 

  2506. func (estimate *Estimate) insertEstimate(db *sql.DB) error {

  2507. 	var query string

  2508. 	var row *sql.Row

  2509. 	var err error

  2510. 	// var id int // Inserted estimate's id

  2511. 

  2512. 	query = `INSERT INTO estimate

  2513. 	(

  2514. 		user_id,

  2515. 		transaction,

  2516. 		price,

  2517. 		property,

  2518. 		occupancy,

  2519. 		zip,

  2520. 		pud

  2521. 	)

  2522. 	VALUES (?, ?, ?, ?, ?, ?, ?)

  2523. 	RETURNING id

  2524. 	`

  2525. 	row = db.QueryRow(query,

  2526. 		estimate.User,

  2527. 		estimate.Transaction,

  2528. 		estimate.Price,

  2529. 		estimate.Property,

  2530. 		estimate.Occupancy,

  2531. 		estimate.Zip,

  2532. 		estimate.Pud,

  2533. 	)

  2534. 

  2535. 	err = row.Scan(&estimate.Id)

  2536. 	if err != nil {

  2537. 		return err

  2538. 	}

  2539. 

  2540. 	err = estimate.insertBorrower(db)

  2541. 	if err != nil {

  2542. 		return err

  2543. 	}

  2544. 

  2545. 	for i := range estimate.Loans {

  2546. 		estimate.Loans[i].EstimateId = estimate.Id

  2547. 		err = estimate.Loans[i].insertLoan(db)

  2548. 		if err != nil {

  2549. 			return err

  2550. 		}

  2551. 	}

  2552. 

  2553. 	return nil

  2554. }

  2555. 

  2556. func (estimate *Estimate) del(db *sql.DB, user int) error {

  2557. 	var query string

  2558. 	var err error

  2559. 

  2560. 	query = `DELETE FROM estimate WHERE id = ? AND user_id = ?`

  2561. 

  2562. 	_, err = db.Exec(query, estimate.Id, user)

  2563. 	if err != nil {

  2564. 		return err

  2565. 	}

  2566. 

  2567. 	return nil

  2568. }

  2569. 

  2570. func (et *ETemplate) del(db *sql.DB, user int) error {

  2571. 	var query string

  2572. 	var err error

  2573. 

  2574. 	query = `DELETE FROM estimate_template WHERE id = ? AND user_id = ?`

  2575. 

  2576. 	_, err = db.Exec(query, et.Id, user)

  2577. 	if err != nil {

  2578. 		return err

  2579. 	}

  2580. 

  2581. 	return nil

  2582. }

  2583. 

  2584. func (eTemplate *ETemplate) insert(db *sql.DB) error {

  2585. 	var query string

  2586. 	var row *sql.Row

  2587. 	var err error

  2588. 

  2589. 	query = `INSERT INTO estimate_template

  2590. 	(

  2591. 		user_id,

  2592. 		branch_id,

  2593. 		estimate_id,

  2594. 	)

  2595. 	VALUES (?, ?, ?)

  2596. 	RETURNING id

  2597. 	`

  2598. 	row = db.QueryRow(query,

  2599. 		eTemplate.UserId,

  2600. 		eTemplate.BranchId,

  2601. 		eTemplate.Estimate.Id,

  2602. 	)

  2603. 

  2604. 	err = row.Scan(&eTemplate.Id)

  2605. 	if err != nil {

  2606. 		return err

  2607. 	}

  2608. 

  2609. 	return nil

  2610. }

  2611. 

  2612. func createEstimate(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  2613. 	var estimate Estimate

  2614. 	err := json.NewDecoder(r.Body).Decode(&estimate)

  2615. 	if err != nil {

  2616. 		http.Error(w, "Invalid fields.", 422)

  2617. 		return

  2618. 	}

  2619. 	claims, err := getClaims(r)

  2620. 	estimate.User = claims.Id

  2621. 

  2622. 	err = estimate.insertEstimate(db)

  2623. 	if err != nil {

  2624. 		http.Error(w, err.Error(), 422)

  2625. 		return

  2626. 	}

  2627. 	estimate.makeResults()

  2628. 	err = estimate.insertResults(db)

  2629. 	if err != nil {

  2630. 		http.Error(w, err.Error(), 500)

  2631. 		return

  2632. 	}

  2633. 	e, err := getEstimates(db, estimate.Id, 0)

  2634. 	if err != nil {

  2635. 		http.Error(w, err.Error(), 500)

  2636. 		return

  2637. 	}

  2638. 

  2639. 	json.NewEncoder(w).Encode(e[0])

  2640. }

  2641. 

  2642. // Query all estimates that belong to the current user

  2643. func fetchEstimate(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  2644. 	var estimates []Estimate

  2645. 	claims, err := getClaims(r)

  2646. 

  2647. 	estimates, err = getEstimates(db, 0, claims.Id)

  2648. 	if err != nil {

  2649. 		http.Error(w, err.Error(), 500)

  2650. 		return

  2651. 	}

  2652. 

  2653. 	json.NewEncoder(w).Encode(estimates)

  2654. }

  2655. 

  2656. func checkConventional(l Loan, b Borrower) error {

  2657. 	if b.Credit < 620 {

  2658. 		return errors.New("Credit score too low for conventional loan")

  2659. 	}

  2660. 

  2661. 	// Buyer needs to put down 20% to avoid mortgage insurance

  2662. 	if l.Ltv > 80 && l.Mi.Rate == 0 {

  2663. 		return errors.New(fmt.Sprintln(

  2664. 			l.Name,

  2665. 			"down payment must be 20% to avoid insurance",

  2666. 		))

  2667. 	}

  2668. 

  2669. 	return nil

  2670. }

  2671. 

  2672. func checkFHA(l Loan, b Borrower) error {

  2673. 	if b.Credit < 500 {

  2674. 		return errors.New("Credit score too low for FHA loan")

  2675. 	}

  2676. 

  2677. 	if l.Ltv > 96.5 {

  2678. 		return errors.New("FHA down payment must be at least 3.5%")

  2679. 	}

  2680. 

  2681. 	if b.Credit < 580 && l.Ltv > 90 {

  2682. 		return errors.New("FHA down payment must be at least 10%")

  2683. 	}

  2684. 

  2685. 	// Debt-to-income must be below 45% if credit score is below 580.

  2686. 	if b.Credit < 580 && l.Dti > 45 {

  2687. 		return errors.New(fmt.Sprintln(

  2688. 			l.Name, "debt to income is too high for credit score.",

  2689. 		))

  2690. 	}

  2691. 

  2692. 	return nil

  2693. }

  2694. 

  2695. // Loan option for veterans with no set rules. Mainly placeholder.

  2696. func checkVA(l Loan, b Borrower) error {

  2697. 	return nil

  2698. }

  2699. 

  2700. // Loan option for residents of rural areas with no set rules.

  2701. // Mainly placeholder.

  2702. func checkUSDA(l Loan, b Borrower) error {

  2703. 	return nil

  2704. }

  2705. 

  2706. // Should also check loan amount limit maybe with an API.

  2707. func checkEstimate(e Estimate) error {

  2708. 	if e.Property == "" {

  2709. 		return errors.New("Empty property type")

  2710. 	}

  2711. 	if e.Price == 0 {

  2712. 		return errors.New("Empty property price")

  2713. 	}

  2714. 

  2715. 	if e.Borrower.Num == 0 {

  2716. 		return errors.New("Missing number of borrowers")

  2717. 	}

  2718. 

  2719. 	if e.Borrower.Credit == 0 {

  2720. 		return errors.New("Missing borrower credit score")

  2721. 	}

  2722. 

  2723. 	if e.Borrower.Income == 0 {

  2724. 		return errors.New("Missing borrower credit income")

  2725. 	}

  2726. 

  2727. 	for _, l := range e.Loans {

  2728. 		if l.Amount == 0 {

  2729. 			return errors.New(fmt.Sprintln(l.Name, "loan amount cannot be zero"))

  2730. 		}

  2731. 		if l.Term == 0 {

  2732. 			return errors.New(fmt.Sprintln(l.Name, "loan term cannot be zero"))

  2733. 		}

  2734. 		if l.Interest == 0 {

  2735. 			return errors.New(fmt.Sprintln(l.Name, "loan interest cannot be zero"))

  2736. 		}

  2737. 

  2738. 		// Can be used to check rules for specific loan types

  2739. 		var err error

  2740. 		switch l.Type.Id {

  2741. 		case 1:

  2742. 			err = checkConventional(l, e.Borrower)

  2743. 		case 2:

  2744. 			err = checkFHA(l, e.Borrower)

  2745. 		case 3:

  2746. 			err = checkVA(l, e.Borrower)

  2747. 		case 4:

  2748. 			err = checkUSDA(l, e.Borrower)

  2749. 		default:

  2750. 			err = errors.New("Invalid loan type")

  2751. 		}

  2752. 

  2753. 		if err != nil {

  2754. 			return err

  2755. 		}

  2756. 	}

  2757. 

  2758. 	return nil

  2759. 

  2760. }

  2761. 

  2762. func validateEstimate(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  2763. 	var estimate Estimate

  2764. 	err := json.NewDecoder(r.Body).Decode(&estimate)

  2765. 

  2766. 	if err != nil {

  2767. 		http.Error(w, err.Error(), 422)

  2768. 		return

  2769. 	}

  2770. 

  2771. 	err = checkEstimate(estimate)

  2772. 	if err != nil {

  2773. 		http.Error(w, err.Error(), 406)

  2774. 		return

  2775. 	}

  2776. }

  2777. 

  2778. func checkPdf(w http.ResponseWriter, r *http.Request) {

  2779. 	db, err := sql.Open("mysql",

  2780. 		fmt.Sprintf("%s:%s@tcp(127.0.0.1:3306)/skouter_dev",

  2781. 			os.Getenv("DBUser"),

  2782. 			os.Getenv("DBPass")))

  2783. 

  2784. 	// w.Header().Set("Content-Type", "application/json; charset=UTF-8")

  2785. 	err = db.Ping()

  2786. 	if err != nil {

  2787. 		fmt.Println("Bad database configuration: %v\n", err)

  2788. 		panic(err)

  2789. 		// maybe os.Exit(1) instead

  2790. 	}

  2791. 

  2792. 	estimates, err := getEstimates(db, 1, 0)

  2793. 	if err != nil {

  2794. 		w.WriteHeader(500)

  2795. 		return

  2796. 	}

  2797. 

  2798. 	// claims, err := getClaims(r)

  2799. 	if err != nil {

  2800. 		w.WriteHeader(500)

  2801. 		return

  2802. 	}

  2803. 	user, err := queryUser(db, 1)

  2804. 

  2805. 	info := Report{

  2806. 		Title:    "test PDF",

  2807. 		Name:     "idk-random-name",

  2808. 		User:     user,

  2809. 		Estimate: estimates[0],

  2810. 	}

  2811. 	avatar, err := fetchAvatar(db, info.User.Id)

  2812. 	letterhead, err := fetchLetterhead(db, info.User.Id)

  2813. 	info.Avatar =

  2814. 		base64.StdEncoding.EncodeToString(avatar)

  2815. 	info.Letterhead =

  2816. 		base64.StdEncoding.EncodeToString(letterhead)

  2817. 

  2818. 	for l := range info.Estimate.Loans {

  2819. 		loan := info.Estimate.Loans[l]

  2820. 		for f := range info.Estimate.Loans[l].Fees {

  2821. 			if info.Estimate.Loans[l].Fees[f].Amount < 0 {

  2822. 				loan.Credits = append(loan.Credits, loan.Fees[f])

  2823. 			}

  2824. 		}

  2825. 	}

  2826. 

  2827. 	err = pages["report"].tpl.ExecuteTemplate(w, "master.tpl", info)

  2828. 	if err != nil {

  2829. 		fmt.Println(err)

  2830. 	}

  2831. 

  2832. }

  2833. 

  2834. func getETemplates(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  2835. 	claims, err := getClaims(r)

  2836. 

  2837. 	et, err := queryETemplates(db, 0, claims.Id)

  2838. 	if err != nil {

  2839. 		http.Error(w, err.Error(), 500)

  2840. 		return

  2841. 	}

  2842. 

  2843. 	json.NewEncoder(w).Encode(et)

  2844. }

  2845. 

  2846. func createETemplate(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  2847. 	var estimate Estimate

  2848. 	err := json.NewDecoder(r.Body).Decode(&estimate)

  2849. 

  2850. 	if err != nil {

  2851. 		http.Error(w, err.Error(), 422)

  2852. 		return

  2853. 	}

  2854. 	claims, err := getClaims(r)

  2855. 	if err != nil {

  2856. 		http.Error(w, err.Error(), 422)

  2857. 		return

  2858. 	}

  2859. 

  2860. 	err = estimate.insertETemplate(db, claims.Id, 0)

  2861. 	if err != nil {

  2862. 		http.Error(w, err.Error(), 500)

  2863. 		return

  2864. 	}

  2865. }

  2866. 

  2867. func getPdf(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  2868. 	var estimate Estimate

  2869. 	err := json.NewDecoder(r.Body).Decode(&estimate)

  2870. 	cmd := exec.Command("wkhtmltopdf", "-", "-")

  2871. 

  2872. 	stdout, err := cmd.StdoutPipe()

  2873. 	if err != nil {

  2874. 		w.WriteHeader(500)

  2875. 		log.Println(err)

  2876. 		return

  2877. 	}

  2878. 

  2879. 	stdin, err := cmd.StdinPipe()

  2880. 	if err != nil {

  2881. 		w.WriteHeader(500)

  2882. 		log.Println(err)

  2883. 		return

  2884. 	}

  2885. 

  2886. 	if err := cmd.Start(); err != nil {

  2887. 		log.Fatal(err)

  2888. 	}

  2889. 

  2890. 	claims, err := getClaims(r)

  2891. 	if err != nil {

  2892. 		w.WriteHeader(500)

  2893. 		log.Println(err)

  2894. 		return

  2895. 	}

  2896. 	user, err := queryUser(db, claims.Id)

  2897. 

  2898. 	info := Report{

  2899. 		Title:    "test PDF",

  2900. 		Name:     "idk-random-name",

  2901. 		User:     user,

  2902. 		Estimate: estimate,

  2903. 	}

  2904. 	avatar, err := fetchAvatar(db, info.User.Id)

  2905. 	letterhead, err := fetchLetterhead(db, info.User.Id)

  2906. 

  2907. 	if len(avatar) > 1 {

  2908. 		info.Avatar =

  2909. 			base64.StdEncoding.EncodeToString(avatar)

  2910. 	}

  2911. 

  2912. 	if len(letterhead) > 1 {

  2913. 		info.Letterhead =

  2914. 			base64.StdEncoding.EncodeToString(letterhead)

  2915. 	}

  2916. 

  2917. 	err = pages["report"].tpl.ExecuteTemplate(stdin, "master.tpl", info)

  2918. 	if err != nil {

  2919. 		w.WriteHeader(500)

  2920. 		log.Println(err)

  2921. 		return

  2922. 	}

  2923. 	stdin.Close()

  2924. 

  2925. 	buf, err := io.ReadAll(stdout)

  2926. 

  2927. 	if _, err := w.Write(buf); err != nil {

  2928. 		w.WriteHeader(500)

  2929. 		log.Println(err)

  2930. 		return

  2931. 	}

  2932. 

  2933. 	if err := cmd.Wait(); err != nil {

  2934. 		log.Println(err)

  2935. 		return

  2936. 	}

  2937. 

  2938. }

  2939. 

  2940. func clipLetterhead(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  2941. 	var validTypes []string = []string{"image/png", "image/jpeg"}

  2942. 	var isValidType bool

  2943. 	var err error

  2944. 

  2945. 	// claims, err := getClaims(r)

  2946. 	if err != nil {

  2947. 		http.Error(w, "Invalid token.", 422)

  2948. 		return

  2949. 	}

  2950. 	img, t, err := image.Decode(r.Body)

  2951. 	if err != nil {

  2952. 		http.Error(w, "Invalid file, JPEG and PNG only.", 422)

  2953. 		return

  2954. 	}

  2955. 	for _, v := range validTypes {

  2956. 		if v == "image/"+t {

  2957. 			isValidType = true

  2958. 		}

  2959. 	}

  2960. 	if !isValidType {

  2961. 		http.Error(w, "Invalid file type.", 422)

  2962. 		return

  2963. 	}

  2964. 

  2965. 	g := gift.New(

  2966. 		gift.ResizeToFit(400, 200, gift.LanczosResampling),

  2967. 	)

  2968. 	dst := image.NewRGBA(g.Bounds(img.Bounds()))

  2969. 	g.Draw(dst, img)

  2970. 

  2971. 	w.Header().Set("Content-Type", "image/png")

  2972. 	err = png.Encode(w, dst)

  2973. 	if err != nil {

  2974. 		http.Error(w, "Error encoding.", 500)

  2975. 		return

  2976. 	}

  2977. }

  2978. 

  2979. func createCustomer(name string, email string, address Address) (

  2980. stripe.Customer, error) {

  2981. 

  2982. 	params := &stripe.CustomerParams{

  2983. 		Email: stripe.String(email),

  2984. 		Name: stripe.String(name),

  2985. 		Address: &stripe.AddressParams{

  2986. 			City: stripe.String(address.City),

  2987. 			Country: stripe.String(address.Country),

  2988. 			Line1: stripe.String(address.Street),

  2989. 			PostalCode: stripe.String(address.Zip),

  2990. 			State: stripe.String(address.Region),

  2991. 		},

  2992. 	};

  2993. 	

  2994. 	result, err := customer.New(params)

  2995. 	return *result, err

  2996. }

  2997. 

  2998. // Initiates a new standard subscription using a given customer ID

  2999. func createSubscription(cid string) (*stripe.Subscription, error) {

  3000. 

  3001. 	// Automatically save the payment method to the subscription

  3002.     // when the first payment is successful.

  3003.     paymentSettings := &stripe.SubscriptionPaymentSettingsParams{

  3004. 		    SaveDefaultPaymentMethod: stripe.String("on_subscription"),

  3005.   	}

  3006.   	

  3007.   	// Create the subscription. Note we're expanding the Subscription's

  3008.     // latest invoice and that invoice's payment_intent

  3009.     // so we can pass it to the front end to confirm the payment

  3010.     subscriptionParams := &stripe.SubscriptionParams{

  3011.         Customer: stripe.String(cid),

  3012.         Items: []*stripe.SubscriptionItemsParams{

  3013.             {

  3014.                 Price: stripe.String(standardPriceId),

  3015.             },

  3016.         },

  3017.         PaymentSettings: paymentSettings,

  3018.         PaymentBehavior: stripe.String("default_incomplete"),

  3019.     }

  3020.     subscriptionParams.AddExpand("latest_invoice.payment_intent")

  3021.     s, err := subscription.New(subscriptionParams)

  3022.     

  3023.     return s, err

  3024. }

  3025. 

  3026. // Creates a new subscription instance for a new user or retrieves the

  3027. // existing instance if possible. It's main purpose is to supply a

  3028. // client secret used for sending billing information to stripe.

  3029. func subscribe(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  3030. 	claims, err := getClaims(r)

  3031. 	user, err := queryUser(db, claims.Id)

  3032. 

  3033. 	if err != nil {

  3034. 		w.WriteHeader(422)

  3035. 		return

  3036. 	}

  3037. 	

  3038. 	user.querySub(db)

  3039. 	

  3040. 	var name string = user.FirstName + " " + user.LastName

  3041. 	

  3042. 	if user.CustomerId == "" {

  3043. 		c, err := createCustomer(name, user.Email, user.Address)

  3044. 		if err != nil {

  3045. 			http.Error(w, err.Error(), 500)

  3046. 			return

  3047. 		}

  3048. 	

  3049. 		err = user.updateCustomerId(db, c.ID)

  3050. 		if err != nil {

  3051. 			http.Error(w, err.Error(), 500)

  3052. 			return

  3053. 		}

  3054. 	}

  3055. 

  3056. 	if user.Sub.Id == 0 {

  3057. 		s, err := createSubscription(user.CustomerId)

  3058. 		if err != nil {

  3059. 			http.Error(w, err.Error(), 500)

  3060. 			return

  3061. 		}

  3062. 		

  3063. 		user.Sub.UserId = user.Id

  3064. 		user.Sub.StripeId = s.ID

  3065. 		user.Sub.CustomerId = user.CustomerId

  3066. 		user.Sub.PriceId = standardPriceId

  3067. 		user.Sub.End = int(s.CurrentPeriodEnd)

  3068. 		user.Sub.Start = int(s.CurrentPeriodStart)

  3069. 		user.Sub.ClientSecret = s.LatestInvoice.PaymentIntent.ClientSecret

  3070. 		user.Sub.PaymentStatus = string(s.LatestInvoice.PaymentIntent.Status)

  3071. 		

  3072. 		err = user.Sub.insertSub(db)

  3073. 		if err != nil {

  3074. 			http.Error(w, err.Error(), 500)

  3075. 			return

  3076. 		}

  3077. 		json.NewEncoder(w).Encode(user.Sub)

  3078. 	} else {

  3079. 		err = user.Sub.updateSub(db)

  3080. 		if err != nil {

  3081. 			http.Error(w, err.Error(), 500)

  3082. 			return

  3083. 		}

  3084. 		json.NewEncoder(w).Encode(user.Sub)

  3085. 	}

  3086. 	

  3087. 	// Should check that subscription is still valid and has payment intent

  3088. 	// here

  3089. 	

  3090. }

  3091. 

  3092. // A successful subscription payment should be confirmed by Stripe and

  3093. // Updated through this hook.

  3094. func invoicePaid(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  3095. 	var invoice stripe.Invoice

  3096. 	b, err := io.ReadAll(r.Body)

  3097. 	if err != nil {

  3098. 		http.Error(w, err.Error(), http.StatusBadRequest)

  3099. 		log.Printf("io.ReadAll: %v", err)

  3100. 		return

  3101. 	}

  3102. 	

  3103. 	event, err := webhook.ConstructEvent(b,

  3104. 	r.Header.Get("Stripe-Signature"),

  3105. 	hookKeys.InvoicePaid)

  3106. 	if err != nil {

  3107. 		http.Error(w, err.Error(), http.StatusBadRequest)

  3108. 		log.Printf("webhook.ConstructEvent: %v", err)

  3109. 		return

  3110. 	}

  3111. 	

  3112. 	// OK should be sent before any processing to confirm with Stripe that

  3113. 	// the hook was received

  3114. 	w.WriteHeader(http.StatusOK)

  3115. 	if event.Type != "invoice.paid" {

  3116. 		log.Println("Invalid event type sent to invoice-paid.")

  3117. 		return

  3118. 	}

  3119. 	

  3120. 	json.Unmarshal(event.Data.Raw, &invoice)

  3121. 	log.Println(event.Type, invoice.ID, invoice.Customer.ID)

  3122. 	

  3123. 	user, err := queryCustomer(db, invoice.Customer.ID)

  3124. 	if err != nil {

  3125. 		log.Printf("Could not query customer: %v", err)

  3126. 		return

  3127. 	}

  3128. 	s, err := subscription.Get(invoice.Subscription.ID, nil)

  3129. 	if err != nil {

  3130. 		log.Printf("Could not fetch subscription: %v", err)

  3131. 		return

  3132. 	}

  3133. 	

  3134. 	log.Println(user.Id, s.ID)

  3135. 	

  3136. }

  3137. 

  3138. func invoiceFailed(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  3139. 	b, err := io.ReadAll(r.Body)

  3140. 	if err != nil {

  3141. 		http.Error(w, err.Error(), http.StatusBadRequest)

  3142. 		log.Printf("io.ReadAll: %v", err)

  3143. 		return

  3144. 	}

  3145. 	

  3146. 	event, err := webhook.ConstructEvent(b, r.Header.Get("Stripe-Signature"),

  3147. 	os.Getenv("STRIPE_SECRET_KEY"))

  3148. 	if err != nil {

  3149. 		http.Error(w, err.Error(), http.StatusBadRequest)

  3150. 		log.Printf("webhook.ConstructEvent: %v", err)

  3151. 		return

  3152. 	}

  3153. 

  3154. 	log.Println(event.Data)

  3155. }

  3156. 

  3157. func api(w http.ResponseWriter, r *http.Request) {

  3158. 	var args []string

  3159. 

  3160. 	p := r.URL.Path

  3161. 	db, err := sql.Open("mysql", fmt.Sprintf("%s:%s@tcp(127.0.0.1:3306)/%s",

  3162. 		os.Getenv("DBUser"),

  3163. 		os.Getenv("DBPass"),

  3164. 		os.Getenv("DBName"),

  3165. 	))

  3166. 

  3167. 	w.Header().Set("Content-Type", "application/json; charset=UTF-8")

  3168. 

  3169. 	err = db.Ping()

  3170. 	if err != nil {

  3171. 		fmt.Println("Bad database configuration: %v\n", err)

  3172. 		panic(err)

  3173. 		// maybe os.Exit(1) instead

  3174. 	}

  3175. 

  3176. 	switch {

  3177. 	case match(p, "/api/login", &args) &&

  3178. 		r.Method == http.MethodPost:

  3179. 		login(w, db, r)

  3180. 	case match(p, "/api/token", &args) &&

  3181. 		r.Method == http.MethodGet && guard(r, 1):

  3182. 		getToken(w, db, r)

  3183. 	case match(p, "/api/letterhead", &args) &&

  3184. 		r.Method == http.MethodPost && guard(r, 1):

  3185. 		clipLetterhead(w, db, r)

  3186. 	case match(p, "/api/users", &args) && // Array of all users

  3187. 		r.Method == http.MethodGet && guard(r, 3):

  3188. 		getUsers(w, db, r)

  3189. 	case match(p, "/api/user", &args) &&

  3190. 		r.Method == http.MethodGet && guard(r, 1):

  3191. 		getUser(w, db, r)

  3192. 	case match(p, "/api/user", &args) &&

  3193. 		r.Method == http.MethodPost:

  3194. 		createUser(w, db, r)

  3195. 	case match(p, "/api/user", &args) &&

  3196. 		r.Method == http.MethodPatch &&

  3197. 		guard(r, 3): // For admin to modify any user

  3198. 		patchUser(w, db, r)

  3199. 	case match(p, "/api/user", &args) &&

  3200. 		r.Method == http.MethodPatch &&

  3201. 		guard(r, 1): // For employees to modify own accounts

  3202. 		patchSelf(w, db, r)

  3203. 	case match(p, "/api/user", &args) &&

  3204. 		r.Method == http.MethodDelete &&

  3205. 		guard(r, 3):

  3206. 		deleteUser(w, db, r)

  3207. 	case match(p, "/api/user/avatar", &args) &&

  3208. 		r.Method == http.MethodGet &&

  3209. 		guard(r, 1):

  3210. 		getAvatar(w, db, r)

  3211. 	case match(p, "/api/user/avatar", &args) &&

  3212. 		r.Method == http.MethodPost &&

  3213. 		guard(r, 1):

  3214. 		setAvatar(w, db, r)

  3215. 	case match(p, "/api/user/letterhead", &args) &&

  3216. 		r.Method == http.MethodGet &&

  3217. 		guard(r, 1):

  3218. 		getLetterhead(w, db, r)

  3219. 	case match(p, "/api/user/letterhead", &args) &&

  3220. 		r.Method == http.MethodPost &&

  3221. 		guard(r, 1):

  3222. 		setLetterhead(w, db, r)

  3223. 	case match(p, "/api/user/password", &args) &&

  3224. 		r.Method == http.MethodPost &&

  3225. 		guard(r, 1):

  3226. 		changePassword(w, db, r)

  3227. 	case match(p, "/api/user/subscribe", &args) &&

  3228. 		r.Method == http.MethodPost &&

  3229. 		guard(r, 1):

  3230. 		subscribe(w, db, r)

  3231. 	case match(p, "/api/fees", &args) &&

  3232. 		r.Method == http.MethodGet &&

  3233. 		guard(r, 1):

  3234. 		getFeesTemp(w, db, r)

  3235. 	case match(p, "/api/fee", &args) &&

  3236. 		r.Method == http.MethodPost &&

  3237. 		guard(r, 1):

  3238. 		createFeesTemp(w, db, r)

  3239. 	case match(p, "/api/fee", &args) &&

  3240. 		r.Method == http.MethodDelete &&

  3241. 		guard(r, 1):

  3242. 		deleteFeeTemp(w, db, r)

  3243. 	case match(p, "/api/estimates", &args) &&

  3244. 		r.Method == http.MethodGet &&

  3245. 		guard(r, 1):

  3246. 		fetchEstimate(w, db, r)

  3247. 	case match(p, "/api/estimate", &args) &&

  3248. 		r.Method == http.MethodPost &&

  3249. 		guard(r, 1):

  3250. 		createEstimate(w, db, r)

  3251. 	case match(p, "/api/estimate", &args) &&

  3252. 		r.Method == http.MethodDelete &&

  3253. 		guard(r, 1):

  3254. 		deleteEstimate(w, db, r)

  3255. 	case match(p, "/api/estimate/validate", &args) &&

  3256. 		r.Method == http.MethodPost &&

  3257. 		guard(r, 1):

  3258. 		validateEstimate(w, db, r)

  3259. 	case match(p, "/api/estimate/summarize", &args) &&

  3260. 		r.Method == http.MethodPost &&

  3261. 		guard(r, 1):

  3262. 		summarize(w, db, r)

  3263. 	case match(p, "/api/templates", &args) &&

  3264. 		r.Method == http.MethodGet &&

  3265. 		guard(r, 1):

  3266. 		getETemplates(w, db, r)

  3267. 	case match(p, "/api/templates", &args) &&

  3268. 		r.Method == http.MethodPost &&

  3269. 		guard(r, 1):

  3270. 		createETemplate(w, db, r)

  3271. 	case match(p, "/api/templates", &args) &&

  3272. 		r.Method == http.MethodDelete &&

  3273. 		guard(r, 1):

  3274. 		deleteET(w, db, r)

  3275. 	case match(p, "/api/pdf", &args) &&

  3276. 		r.Method == http.MethodPost &&

  3277. 		guard(r, 1):

  3278. 		getPdf(w, db, r)

  3279. 	case match(p, "/api/stripe/invoice-paid", &args) &&

  3280. 		r.Method == http.MethodPost:

  3281. 		invoicePaid(w, db, r)

  3282. 	case match(p, "/api/stripe/invoice-payment-failed", &args) &&

  3283. 		r.Method == http.MethodPost:

  3284. 		invoiceFailed(w, db, r)

  3285. 	default:

  3286. 		http.Error(w, "Invalid route or token", 404)

  3287. 	}

  3288. 

  3289. 	db.Close()

  3290. }

  3291. 

  3292. func route(w http.ResponseWriter, r *http.Request) {

  3293. 	var page Page

  3294. 	var args []string

  3295. 	p := r.URL.Path

  3296. 

  3297. 	switch {

  3298. 	case r.Method == "GET" && match(p, "/", &args):

  3299. 		page = pages["home"]

  3300. 	case match(p, "/terms", &args):

  3301. 		page = pages["terms"]

  3302. 	case match(p, "/app", &args):

  3303. 		page = pages["app"]

  3304. 	default:

  3305. 		http.NotFound(w, r)

  3306. 		return

  3307. 	}

  3308. 

  3309. 	page.Render(w)

  3310. }

  3311. 

  3312. func serve() {

  3313. 

  3314. 	files := http.FileServer(http.Dir(""))

  3315. 

  3316. 	proxy, err := url.Parse("http://localhost:8002")

  3317. 	if err != nil {

  3318. 		log.Fatal("invalid origin server URL")

  3319. 	}

  3320. 

  3321. 	http.Handle("/assets/", files)

  3322. 	http.HandleFunc("/api/", api)

  3323. 	http.HandleFunc("/app", route)

  3324. 	http.Handle("/", httputil.NewSingleHostReverseProxy(proxy))

  3325. 	log.Fatal(http.ListenAndServe(address, nil))

  3326. }

  3327. 

  3328. func dbReset(db *sql.DB) {

  3329. 	b, err := os.ReadFile("migrations/reset.sql")

  3330. 	if err != nil {

  3331. 		log.Fatal(err)

  3332. 	}

  3333. 

  3334. 	_, err = db.Exec(string(b))

  3335. 	if err != nil {

  3336. 		log.Fatal(err)

  3337. 	}

  3338. 

  3339. 	b, err = os.ReadFile("migrations/0_29092022_setup_tables.sql")

  3340. 	if err != nil {

  3341. 		log.Fatal(err)

  3342. 	}

  3343. 

  3344. 	_, err = db.Exec(string(b))

  3345. 	if err != nil {

  3346. 		log.Fatal(err)

  3347. 	}

  3348. }

  3349. 

  3350. func generateFees(loan Loan) []Fee {

  3351. 	var fees []Fee

  3352. 	var fee Fee

  3353. 	p := gofakeit.Float32Range(0.5, 10)

  3354. 	size := gofakeit.Number(1, 10)

  3355. 

  3356. 	for f := 0; f < size; f++ {

  3357. 		fee = Fee{

  3358. 			Amount: int(float32(loan.Amount) * p / 100),

  3359. 			Perc:   p,

  3360. 			Name:   gofakeit.BuzzWord(),

  3361. 			Type:   feeTypes[gofakeit.Number(0, len(feeTypes)-1)],

  3362. 		}

  3363. 		fees = append(fees, fee)

  3364. 	}

  3365. 

  3366. 	return fees

  3367. }

  3368. 

  3369. func generateCredits(loan Loan) []Fee {

  3370. 	var fees []Fee

  3371. 	var fee Fee

  3372. 	p := gofakeit.Float32Range(-10, -0.5)

  3373. 	size := gofakeit.Number(1, 10)

  3374. 

  3375. 	for f := 0; f < size; f++ {

  3376. 		fee = Fee{

  3377. 			Amount: int(float32(loan.Amount) * p / 100),

  3378. 			Perc:   p,

  3379. 			Name:   gofakeit.BuzzWord(),

  3380. 			Type:   feeTypes[gofakeit.Number(0, len(feeTypes)-1)],

  3381. 		}

  3382. 		fees = append(fees, fee)

  3383. 	}

  3384. 

  3385. 	return fees

  3386. }

  3387. 

  3388. func seedAddresses(db *sql.DB) []Address {

  3389. 	addresses := make([]Address, 10)

  3390. 

  3391. 	for i, a := range addresses {

  3392. 		a.Street = gofakeit.Street()

  3393. 		a.City = gofakeit.City()

  3394. 		a.Region = gofakeit.State()

  3395. 		a.Country = "Canada"

  3396. 		a.Full = fmt.Sprintf("%s, %s %s", a.Street, a.City, a.Region)

  3397. 		id, err := insertAddress(db, a)

  3398. 		if err != nil {

  3399. 			log.Println(err)

  3400. 			break

  3401. 		}

  3402. 		addresses[i].Id = id

  3403. 	}

  3404. 

  3405. 	return addresses

  3406. }

  3407. 

  3408. func seedBranches(db *sql.DB, addresses []Address) []Branch {

  3409. 	branches := make([]Branch, 4)

  3410. 

  3411. 	for i := range branches {

  3412. 		branches[i].Name = gofakeit.Company()

  3413. 		branches[i].Type = "NMLS"

  3414. 		branches[i].Letterhead = gofakeit.ImagePng(400, 200)

  3415. 		branches[i].Num = gofakeit.HexUint8()

  3416. 		branches[i].Phone = gofakeit.Phone()

  3417. 		branches[i].Address.Id = gofakeit.Number(1, 5)

  3418. 		id, err := insertBranch(db, branches[i])

  3419. 		if err != nil {

  3420. 			log.Println(err)

  3421. 			break

  3422. 		}

  3423. 		branches[i].Id = id

  3424. 	}

  3425. 

  3426. 	return branches

  3427. }

  3428. 

  3429. func seedUsers(db *sql.DB, addresses []Address, branches []Branch) []User {

  3430. 	users := make([]User, 10)

  3431. 

  3432. 	for i := range users {

  3433. 		p := gofakeit.Person()

  3434. 		users[i].FirstName = p.FirstName

  3435. 		users[i].LastName = p.LastName

  3436. 		users[i].Email = p.Contact.Email

  3437. 		users[i].Phone = p.Contact.Phone

  3438. 		users[i].Branch = branches[gofakeit.Number(0, 3)]

  3439. 		users[i].Address = addresses[gofakeit.Number(1, 9)]

  3440. 		// users[i].Letterhead = gofakeit.ImagePng(400, 200)

  3441. 		// users[i].Avatar = gofakeit.ImagePng(200, 200)

  3442. 		users[i].Country = []string{"Canada", "USA"}[gofakeit.Number(0, 1)]

  3443. 		users[i].Password = "test123"

  3444. 		users[i].Verified = true

  3445. 		users[i].Title = "Loan Officer"

  3446. 		users[i].Status = "Subscribed"

  3447. 		users[i].Role = "User"

  3448. 	}

  3449. 

  3450. 	users[0].Email = "test@example.com"

  3451. 	users[0].Email = "test@example.com"

  3452. 

  3453. 	users[1].Email = "test2@example.com"

  3454. 	users[1].Status = "Branch"

  3455. 	users[1].Role = "Manager"

  3456. 

  3457. 	users[2].Email = "test3@example.com"

  3458. 	users[2].Status = "Free"

  3459. 	users[2].Role = "Admin"

  3460. 

  3461. 	for i := range users {

  3462. 		var err error

  3463. 		users[i].Id, err = insertUser(db, users[i])

  3464. 		if err != nil {

  3465. 			log.Println(err)

  3466. 			break

  3467. 		}

  3468. 	}

  3469. 

  3470. 	return users

  3471. }

  3472. 

  3473. func seedLicenses(db *sql.DB, users []User) []License {

  3474. 	licenses := make([]License, len(users))

  3475. 

  3476. 	for i := range licenses {

  3477. 		licenses[i].UserId = users[i].Id

  3478. 		licenses[i].Type = []string{"NMLS", "FSRA"}[gofakeit.Number(0, 1)]

  3479. 		licenses[i].Num = gofakeit.UUID()

  3480. 		id, err := insertLicense(db, licenses[i])

  3481. 		if err != nil {

  3482. 			log.Println(err)

  3483. 			break

  3484. 		}

  3485. 		licenses[i].Id = id

  3486. 	}

  3487. 

  3488. 	return licenses

  3489. }

  3490. 

  3491. func seedLoanTypes(db *sql.DB) []LoanType {

  3492. 	var loantypes []LoanType

  3493. 	var loantype LoanType

  3494. 	var err error

  3495. 

  3496. 	loantype = LoanType{Branch: 0, User: 0, Name: "Conventional"}

  3497. 	loantype.Id, err = insertLoanType(db, loantype)

  3498. 	if err != nil {

  3499. 		panic(err)

  3500. 	}

  3501. 	loantypes = append(loantypes, loantype)

  3502. 

  3503. 	loantype = LoanType{Branch: 0, User: 0, Name: "FHA"}

  3504. 	loantype.Id, err = insertLoanType(db, loantype)

  3505. 	if err != nil {

  3506. 		panic(err)

  3507. 	}

  3508. 	loantypes = append(loantypes, loantype)

  3509. 

  3510. 	loantype = LoanType{Branch: 0, User: 0, Name: "USDA"}

  3511. 	loantype.Id, err = insertLoanType(db, loantype)

  3512. 	if err != nil {

  3513. 		panic(err)

  3514. 	}

  3515. 	loantypes = append(loantypes, loantype)

  3516. 

  3517. 	loantype = LoanType{Branch: 0, User: 0, Name: "VA"}

  3518. 	loantype.Id, err = insertLoanType(db, loantype)

  3519. 	if err != nil {

  3520. 		panic(err)

  3521. 	}

  3522. 	loantypes = append(loantypes, loantype)

  3523. 

  3524. 	return loantypes

  3525. }

  3526. 

  3527. func seedEstimates(db *sql.DB, users []User, ltypes []LoanType) []Estimate {

  3528. 	var estimates []Estimate

  3529. 	var estimate Estimate

  3530. 	var l Loan

  3531. 	var err error

  3532. 

  3533. 	for i := 0; i < 15; i++ {

  3534. 		estimate = Estimate{}

  3535. 		estimate.User = users[gofakeit.Number(0, len(users)-1)].Id

  3536. 		estimate.Borrower = Borrower{

  3537. 			Credit: gofakeit.Number(600, 800),

  3538. 			Income: gofakeit.Number(1000000, 15000000),

  3539. 			Num:    gofakeit.Number(1, 20),

  3540. 		}

  3541. 		estimate.Transaction = []string{"Purchase", "Refinance"}[gofakeit.Number(0, 1)]

  3542. 		estimate.Price = gofakeit.Number(50000, 200000000)

  3543. 		estimate.Property =

  3544. 			propertyTypes[gofakeit.Number(0, len(propertyTypes)-1)]

  3545. 		estimate.Occupancy =

  3546. 			[]string{"Primary", "Secondary", "Investment"}[gofakeit.Number(0, 2)]

  3547. 		estimate.Zip = gofakeit.Zip()

  3548. 

  3549. 		lsize := gofakeit.Number(1, 6)

  3550. 		for j := 0; j < lsize; j++ {

  3551. 			l.Type = ltypes[gofakeit.Number(0, len(ltypes)-1)]

  3552. 			l.Amount = gofakeit.Number(

  3553. 				int(float32(estimate.Price)*0.5),

  3554. 				int(float32(estimate.Price)*0.93))

  3555. 			l.Term = gofakeit.Number(4, 30)

  3556. 			l.Hoi = gofakeit.Number(50000, 700000)

  3557. 			l.Hazard = gofakeit.Number(5000, 200000)

  3558. 			l.Tax = gofakeit.Number(5000, 200000)

  3559. 			l.Interest = gofakeit.Float32Range(0.5, 8)

  3560. 			l.Fees = generateFees(l)

  3561. 			l.Credits = generateCredits(l)

  3562. 			l.Name = gofakeit.AdjectiveDescriptive()

  3563. 			estimate.Loans = append(estimate.Loans, l)

  3564. 		}

  3565. 

  3566. 		estimates = append(estimates, estimate)

  3567. 	}

  3568. 

  3569. 	estimates[0].User = users[0].Id

  3570. 	estimates[1].User = users[0].Id

  3571. 

  3572. 	for i := range estimates {

  3573. 		err = estimates[i].insertEstimate(db)

  3574. 		if err != nil {

  3575. 			log.Println(err)

  3576. 			return estimates

  3577. 		}

  3578. 	}

  3579. 

  3580. 	return estimates

  3581. }

  3582. 

  3583. func seedResults(db *sql.DB, estimates []Estimate) error {

  3584. 	var err error

  3585. 

  3586. 	for i := range estimates {

  3587. 		estimates[i].makeResults()

  3588. 		err = estimates[i].insertResults(db)

  3589. 		if err != nil {

  3590. 			log.Println(err)

  3591. 			return err

  3592. 		}

  3593. 	}

  3594. 

  3595. 	return nil

  3596. }

  3597. 

  3598. func dbSeed(db *sql.DB) {

  3599. 	addresses := seedAddresses(db)

  3600. 	branches := seedBranches(db, addresses)

  3601. 	users := seedUsers(db, addresses, branches)

  3602. 	_ = seedLicenses(db, users)

  3603. 	loantypes := seedLoanTypes(db)

  3604. 	estimates := seedEstimates(db, users, loantypes)

  3605. 	_ = seedResults(db, estimates)

  3606. }

  3607. 

  3608. func dev(args []string) {

  3609. 	os.Setenv("DBName", "skouter_dev")

  3610. 	os.Setenv("DBUser", "tester")

  3611. 	os.Setenv("DBPass", "test123")

  3612. 	stripe.Key = os.Getenv("STRIPE_SECRET_KEY")

  3613. 	standardPriceId = "price_1OZLK9BPMoXn2pf9kuTAf8rs"

  3614. 	hookKeys = HookKeys{

  3615. 		InvoicePaid: os.Getenv("DEV_WEBHOOK_KEY"),

  3616. 		InvoiceFailed: os.Getenv("DEV_WEBHOOK_KEY"),

  3617. 	}

  3618. 

  3619. 	db, err := sql.Open("mysql",

  3620. 		fmt.Sprintf("%s:%s@tcp(127.0.0.1:3306)/%s?multiStatements=true",

  3621. 			os.Getenv("DBUser"),

  3622. 			os.Getenv("DBPass"),

  3623. 			os.Getenv("DBName"),

  3624. 		))

  3625. 

  3626. 	err = db.Ping()

  3627. 	if err != nil {

  3628. 		log.Println("Bad database configuration: %v", err)

  3629. 		panic(err)

  3630. 		// maybe os.Exit(1) instead

  3631. 	}

  3632. 

  3633. 	if len(args) == 0 {

  3634. 		serve()

  3635. 		return

  3636. 	}

  3637. 

  3638. 	switch args[0] {

  3639. 	case "seed":

  3640. 		dbSeed(db)

  3641. 	case "reset":

  3642. 		dbReset(db)

  3643. 	default:

  3644. 		return

  3645. 	}

  3646. 

  3647. 	db.Close()

  3648. }

  3649. 

  3650. func check(args []string) {

  3651. 	os.Setenv("DBName", "skouter_dev")

  3652. 	os.Setenv("DBUser", "tester")

  3653. 	os.Setenv("DBPass", "test123")

  3654. 	files := http.FileServer(http.Dir(""))

  3655. 

  3656. 	http.Handle("/assets/", files)

  3657. 	http.HandleFunc("/", checkPdf)

  3658. 	log.Fatal(http.ListenAndServe(address, nil))

  3659. }

  3660. 

  3661. func main() {

  3662. 	if len(os.Args) <= 1 {

  3663. 		serve()

  3664. 		return

  3665. 	}

  3666. 

  3667. 	switch os.Args[1] {

  3668. 	case "dev":

  3669. 		dev(os.Args[2:])

  3670. 	case "checkpdf":

  3671. 		check(os.Args[2:])

  3672. 	default:

  3673. 		return

  3674. 	}

  3675. }