Immanuel
/
skouter
1
0
派生 0
代码 工单 0 合并请求 0 版本发布 0 百科 动态
Skouter mortgage estimates. Web application with view written in PHP and Vue, but controller and models in Go.
您最多选择25个主题 主题必须以字母或数字开头,可以包含连字符 (-),并且长度不得超过35个字符
93 提交
1 分支
11 MiB
 
 
 
 
 
 
目录树: 268227203f
分支列表 标签列表
${ item.name }
创建分支 ${ searchTerm }
从 '268227203f'
${ noResults }
skouter/skouter.go

1846 行
40 KiB
原始文件 Blame 文件历史 

  1. package main

  2. 

  3. import (

  4. 		"net/http"

  5. 		"net/mail"

  6. 		"log"

  7. 		"sync"

  8. 		"regexp"

  9. 		"html/template"

  10. 		"database/sql"

  11. 		_ "github.com/go-sql-driver/mysql"

  12. 		"fmt"

  13. 		"encoding/json"

  14. 		"strconv"

  15. 		"bytes"

  16. 		"time"

  17. 		"errors"

  18. 		"strings"

  19. 		"math"

  20. 		"io"

  21. 		// pdf "github.com/SebastiaanKlippert/go-wkhtmltopdf"

  22. 		"github.com/golang-jwt/jwt/v4"

  23. 		"github.com/disintegration/gift"

  24. 		"image"

  25. 		"image/png"

  26. 		_ "image/jpeg"

  27. )

  28. 

  29. type User struct {

  30. 	Id		int 	`json:"id"`

  31. 	Email 	string 	`json:"email"`

  32. 	FirstName 	string 	`json:"firstName"`

  33. 	LastName 	string 	`json:"lastName"`

  34. 	BranchId 	int 	`json:"branchId"`

  35. 	Status 	string 	`json:"status"`

  36. 	Country 	string 	`json:"country"`

  37. 	Title 	string 	`json:"title"`

  38. 	Verified 	bool 	`json:"verified"`

  39. 	Role 	string 	`json:"role"`

  40. 	Password 	string 	`json:"password,omitempty"`

  41. }

  42. 

  43. type UserClaims struct {

  44. 	Id 	int 	`json:"id"`

  45. 	Role 	string 	`json:"role"`

  46. 	Exp 	string 	`json:"exp"`

  47. }

  48. 

  49. type Page struct {

  50. 	tpl *template.Template

  51. 	Title string

  52. 	Name string

  53. }

  54. 

  55. type Borrower struct {

  56. 	Id	int	`json:"id"`

  57. 	Credit	int 	`json:"credit"`

  58. 	Income	int 	`json:"income"`

  59. 	Num	int	`json:"num"`

  60. }

  61. 

  62. type FeeTemplate struct {

  63. 	Id		int 	`json:"id"`

  64. 	User	int 	`json:"user"`

  65. 	Branch	int 	`json:"branch"`

  66. 	Amount	int 	`json:"amount"`

  67. 	Perc	float32 	`json:"perc"`

  68. 	Type	string 	`json:"type"`

  69. 	Notes	string 	`json:"notes"`

  70. 	Name	string 	`json:"name"`

  71. 	Category	string 	`json:"category"`

  72. 	Auto	bool 	`json:"auto"`

  73. }

  74. 

  75. type Fee struct {

  76. 	Id		int 	`json:"id"`

  77. 	LoanId	int 	`json:"loan_id"`

  78. 	Amount	int 	`json:"amount"`

  79. 	Perc	float32 	`json:"perc"`

  80. 	Type	string 	`json:"type"`

  81. 	Notes	string 	`json:"notes"`

  82. 	Name	string 	`json:"name"`

  83. 	Category	string 	`json:"category"`

  84. }

  85. 

  86. type LoanType struct {

  87. 	Id 	int 	`json:"id"`

  88. 	User 	int 	`json:"user"`

  89. 	Branch 	int 	`json:"branch"`

  90. 	Name 	string 	`json:"name"`

  91. }

  92. 

  93. type Loan struct {

  94. 	Id 	int	`json:"id"`

  95. 	EstimateId	int 	`json:"estimateId"`

  96. 	Type	LoanType	`json:"type"`

  97. 	Amount	int 	`json:"amount"`

  98. 	Amortization	string	`json:"amortization"`

  99. 	Term		int 	`json:"term"`

  100. 	Ltv 	float32 	`json:"ltv"`

  101. 	Dti 	float32 	`json:"dti"`

  102. 	Hoi		int 	`json:"hoi"`

  103. 	Hazard		int 	`json:"hazard"`

  104. 	Tax		int 	`json:"tax"`

  105. 	Interest	float32 	`json:"interest"`

  106. 	Mi 	MI 	`json:"mi"`

  107. 	Fees		[]Fee 	`json:"fees"`

  108. 	Name		string 	`json:"title"`

  109. }

  110. 

  111. type MI struct {

  112. 	Type	string	`json:"user"`

  113. 	Label	string	`json:"label"`

  114. 	Lender	string	`json:"lender"`

  115. 	Rate	float32	`json:"rate"`

  116. 	Premium	float32	`json:"premium"`

  117. 	Upfront	float32	`json:"upfront"`

  118. 	Monthly	bool	`json:"monthly"`

  119. 	FiveYearTotal	float32	`json:"fiveYearTotal"`

  120. 	InitialAllInPremium	float32	`json:"initialAllInPremium"`

  121. 	InitialAllInRate	float32	`json:"initialAllInRate"`

  122. 	InitialAmount	float32	`json:"initialAmount"`

  123. }

  124. 

  125. type Result struct {

  126. 	Id	int 	`json:"id"`

  127. 	LoanId		int 	`json:"loanId"`

  128. 	LoanPayment	int 	`json:"loanPayment"`

  129. 	TotalMonthly	int 	`json:"totalMonthly"`

  130. 	TotalFees	int 	`json:"totalFees"`

  131. 	TotalCredits	int 	`json:"totalCredits"`

  132. 	CashToClose	int 	`json:"cashToClose"`

  133. }

  134. 

  135. type Estimate struct {

  136. 	Id		int 	`json:"id"`

  137. 	User		int 	`json:"user"`

  138. 	Borrower	Borrower 	`json:"borrower"`

  139. 	Transaction	string 	`json:"transaction"`

  140. 	Price		int 	`json:"price"`

  141. 	Property	string 	`json:"property"`

  142. 	Occupancy	string	`json:"occupancy"`

  143. 	Zip		string 	`json:"zip"`

  144. 	Pud		bool 	`json:"pud"`

  145. 	Loans 	[]Loan 	`json:"loans"`

  146. 	Results 	[]Result 	`json:"results"`

  147. }

  148. 

  149. var (

  150.     regexen = make(map[string]*regexp.Regexp)

  151.     relock  sync.Mutex

  152. 	address = "127.0.0.1:8001"

  153. )

  154. 

  155. var paths = map[string]string {

  156. 	"home": "views/home.tpl",

  157. 	"terms": "views/terms.tpl",

  158. 	"app": "views/app.tpl",

  159. 	"test": "views/test.tpl",

  160. }

  161. 

  162. var pages = map[string]Page {

  163. 	"home": cache("home", "Home"),

  164. 	"terms": cache("terms", "Terms and Conditions"),

  165. 	"test": cache("test", "PDF test"),

  166. 	"app": cache("app", "App"),

  167. }

  168. 

  169. var roles = map[string]int{

  170. 	"User": 1,

  171. 	"Manager": 2,

  172. 	"Admin": 3,

  173. }

  174. 

  175. // Used to validate claim in JWT token body. Checks if user id is greater than

  176. // zero and time format is valid

  177. func (c UserClaims) Valid() error {

  178. 	if c.Id < 1 { return errors.New("Invalid id") }

  179. 	t, err := time.Parse(time.UnixDate, c.Exp)

  180. 	if err != nil { return err }

  181. 	if t.Before(time.Now()) { return errors.New("Token expired.") }

  182. 	return err

  183. }

  184. 

  185. func cache(name string, title string) Page {

  186. 	var p = []string{"views/master.tpl", paths[name]}

  187. 	tpl := template.Must(template.ParseFiles(p...))

  188. 	return Page{tpl: tpl,

  189. 				Title: title,

  190. 				Name: name,

  191. 				}

  192. }

  193. 

  194. func (page Page) Render(w http.ResponseWriter) {

  195. 	err := page.tpl.Execute(w, page)

  196. 	if err != nil {

  197. 		log.Print(err)

  198. 	}

  199. }

  200. 

  201. func match(path, pattern string, args *[]string) bool {

  202. 	relock.Lock()

  203. 	defer relock.Unlock()

  204. 	regex := regexen[pattern]

  205. 

  206. 	if regex == nil {

  207. 		regex = regexp.MustCompile("^" + pattern + "$")

  208. 		regexen[pattern] = regex

  209. 	}

  210. 

  211. 	matches := regex.FindStringSubmatch(path)

  212. 	if len(matches) <= 0 {

  213. 		return false

  214. 	}

  215. 

  216. 	*args = matches[1:]

  217. 	return true

  218. }

  219. 

  220. func makeResults(estimate Estimate) ([]Result) {

  221. 	var results []Result

  222. 	amortize := func(principle float64, rate float64, periods float64) int {

  223. 		exp := math.Pow(1+rate, periods)

  224. 		return int(principle * rate * exp / (exp - 1))

  225. 	}

  226. 	

  227. 	for _, loan := range estimate.Loans {

  228. 		var result Result

  229. 		// Monthly payments use amortized loan payment formula plus monthly MI,

  230. 		// plus all other recurring fees

  231. 		result.LoanPayment = amortize(float64(loan.Amount),

  232. 		float64(loan.Interest / 100 / 12),

  233. 		float64(loan.Term * 12))

  234. 		result.TotalMonthly = result.LoanPayment + loan.Hoi + loan.Tax + loan.Hazard

  235. 		if loan.Mi.Monthly {

  236. 			result.TotalMonthly = result.TotalMonthly +

  237. 			int(loan.Mi.Rate/100*float32(loan.Amount))

  238. 		}

  239. 		

  240. 		for i := range loan.Fees {

  241. 			if loan.Fees[i].Amount > 0 {

  242. 				result.TotalFees = result.TotalFees + loan.Fees[i].Amount

  243. 			} else {

  244. 				result.TotalCredits = result.TotalCredits + loan.Fees[i].Amount

  245. 			}

  246. 		}

  247. 		

  248. 		result.CashToClose =

  249. 		result.TotalFees + result.TotalCredits + (estimate.Price - loan.Amount)

  250. 		result.LoanId = loan.Id

  251. 		

  252. 		results = append(results, result)

  253. 	}

  254. 	

  255. 	return results

  256. }

  257. 

  258. func summarize(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  259. 	var estimate Estimate

  260. 	err := json.NewDecoder(r.Body).Decode(&estimate)

  261. 	if err != nil { http.Error(w, "Invalid estimate.", 422); return }

  262. 	results := makeResults(estimate)

  263. 	

  264. 	json.NewEncoder(w).Encode(results)

  265. }

  266. 

  267. func getLoanType( db *sql.DB, id int) (LoanType, error) {

  268. 	types, err := getLoanTypes(db, id, 0, 0)

  269. 	if err != nil { return LoanType{Id: id}, err }

  270. 	if len(types) == 0 {

  271. 		return LoanType{Id: id}, errors.New("No type with that id")

  272. 	}

  273. 	

  274. 	return types[0], nil

  275. }

  276. 

  277. func getLoanTypes( db *sql.DB, id int, user int, branch int ) (

  278. []LoanType, error) {

  279. 	var loans []LoanType

  280. 	var query = `SELECT

  281. 	id,

  282. 	user_id,

  283. 	branch_id,

  284. 	name

  285. 	FROM loan_type WHERE loan_type.id = CASE @e := ? WHEN 0 THEN id ELSE @e END

  286. 	OR

  287. 	loan_type.user_id = CASE @e := ? WHEN 0 THEN id ELSE @e END

  288. 	OR

  289. 	loan_type.branch_id = CASE @e := ? WHEN 0 THEN id ELSE @e END`

  290. 

  291. 	// Should be changed to specify user

  292. 	rows, err := db.Query(query, id, user, branch)

  293. 

  294. 	if err != nil {

  295. 		return nil, fmt.Errorf("loan_type error: %v", err)

  296. 	}

  297. 

  298. 	defer rows.Close()

  299. 

  300. 	for rows.Next() {

  301. 		var loan LoanType

  302. 

  303. 		if err := rows.Scan(

  304. 			&loan.Id,

  305. 			&loan.User,

  306. 			&loan.Branch,

  307. 			&loan.Name)

  308. 		err != nil {

  309. 			log.Printf("Error occured fetching loan: %v", err)

  310. 			return nil, fmt.Errorf("Error occured fetching loan: %v", err)

  311.         }

  312. 

  313. 		loans = append(loans, loan)

  314. 	}

  315. 

  316. 	return loans, nil

  317. }

  318. 

  319. func getFees(db *sql.DB, loan int) ([]Fee, error) {

  320. 	var fees []Fee

  321. 

  322. 	query := `SELECT id, loan_id, amount, perc, type, notes, name, category

  323. 	FROM fee

  324. 	WHERE loan_id = ?`

  325. 	

  326. 	rows, err := db.Query(query, loan)

  327. 	

  328. 	if err != nil {

  329. 		return nil, fmt.Errorf("Fee query error %v", err)

  330. 	}

  331. 

  332. 	defer rows.Close()

  333. 

  334. 	for rows.Next() {

  335. 		var fee Fee

  336. 

  337. 		if err := rows.Scan(

  338. 			&fee.Id,

  339. 			&fee.LoanId,

  340. 			&fee.Amount,

  341. 			&fee.Perc,

  342. 			&fee.Type,

  343. 			&fee.Notes,

  344. 			&fee.Name,

  345. 			&fee.Category,

  346. 			)

  347. 		err != nil {

  348. 			return nil, fmt.Errorf("Fees scanning error: %v", err)

  349.         }

  350. 

  351. 		fees = append(fees, fee)

  352. 	}

  353. 	

  354. 	return fees, nil

  355. }

  356. 

  357. func fetchFeesTemp(db *sql.DB, user int, branch int) ([]FeeTemplate, error) {

  358. 	var fees []FeeTemplate

  359. 	query := `SELECT

  360. 	id, user_id, COALESCE(branch_id, 0), amount, perc, type, notes, name,

  361. 	category, auto

  362. 	FROM fee_template

  363. 	WHERE user_id = ? OR branch_id = ?

  364. 	`

  365. 	

  366. 	rows, err := db.Query(query, user, branch)

  367. 	

  368. 	if err != nil {

  369. 		return nil, fmt.Errorf("Fee template query error %v", err)

  370. 	}

  371. 

  372. 	defer rows.Close()

  373. 

  374. 	for rows.Next() {

  375. 		var fee FeeTemplate

  376. 

  377. 		if err := rows.Scan(

  378. 			&fee.Id,

  379. 			&fee.User,

  380. 			&fee.Branch,

  381. 			&fee.Amount,

  382. 			&fee.Perc,

  383. 			&fee.Type,

  384. 			&fee.Notes,

  385. 			&fee.Name,

  386. 			&fee.Category,

  387. 			&fee.Auto)

  388. 		err != nil {

  389. 			return nil, fmt.Errorf("FeesTemplate scanning error: %v", err)

  390.         }

  391. 

  392. 		fees = append(fees, fee)

  393. 	}

  394. 	

  395. 	return fees, nil

  396. }

  397. 

  398. // Fetch fees from the database

  399. func getFeesTemp(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  400. 	var fees []FeeTemplate

  401. 	claims, err := getClaims(r)

  402. 	if err != nil { w.WriteHeader(500); return }

  403. 	users, err := queryUsers(db, claims.Id)

  404. 	if err != nil { w.WriteHeader(422); return }

  405. 

  406. 	fees, err = fetchFeesTemp(db, claims.Id, users[0].BranchId)

  407. 	json.NewEncoder(w).Encode(fees)

  408. }

  409. 

  410. // Fetch fees from the database

  411. func createFeesTemp(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  412. 	var fee FeeTemplate

  413. 	var query string

  414. 	var row *sql.Row

  415. 	var err error

  416. 	

  417. 	claims, err := getClaims(r)

  418. 	// var id int // Inserted estimate's id

  419. 	err = json.NewDecoder(r.Body).Decode(&fee)

  420. 	if err != nil { w.WriteHeader(422); return }

  421. 

  422. 	query = `INSERT INTO fee_template

  423. 	(

  424. 		user_id,

  425. 		branch_id,

  426. 		amount,

  427. 		perc,

  428. 		type,

  429. 		notes,

  430. 		name,

  431. 		auto

  432. 	)

  433. 	VALUES (?, NULL, ?, ?, ?, ?, ?, ?)

  434. 	RETURNING id

  435. 	`

  436. 	row = db.QueryRow(query,

  437. 		claims.Id,

  438. 		fee.Amount,

  439. 		fee.Perc,

  440. 		fee.Type,

  441. 		fee.Notes,

  442. 		fee.Name,

  443. 		fee.Auto,

  444. 	)

  445. 

  446. 	err = row.Scan(&fee.Id)

  447. 	if err != nil { w.WriteHeader(500); return }

  448. 	

  449. 	json.NewEncoder(w).Encode(fee)	

  450. }

  451. 

  452. // Fetch fees from the database

  453. func deleteFeeTemp(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  454. 	var fee FeeTemplate

  455. 	var query string

  456. 	var err error

  457. 	

  458. 	// claims, err := getClaims(r)

  459. 	// var id int // Inserted estimate's id

  460. 	err = json.NewDecoder(r.Body).Decode(&fee)

  461. 	if err != nil { w.WriteHeader(422); return }

  462. 

  463. 	query = `DELETE FROM fee_template WHERE id = ?`

  464. 	_, err = db.Exec(query, fee.Id)

  465. 	if err != nil { w.WriteHeader(500); return }

  466. }

  467. 

  468. func getMi(db *sql.DB, loan int) (MI, error) {

  469. 	var mi MI

  470. 

  471. 	query := `SELECT

  472. 	type, label, lender, rate, premium, upfront, five_year_total,

  473. 	initial_premium, initial_rate, initial_amount

  474. 	FROM mi WHERE loan_id = ?`

  475. 

  476. 	rows, err := db.Query(query, loan)

  477. 	if err != nil { return mi, err }

  478. 	

  479. 	defer rows.Close()

  480. 

  481. 	if (!rows.Next()) { return mi, nil }

  482. 	

  483. 	if err := rows.Scan(

  484. 		&mi.Type,

  485. 		&mi.Label,

  486. 		&mi.Lender,

  487. 		&mi.Rate,

  488. 		&mi.Premium,

  489. 		&mi.Upfront,

  490. 		&mi.FiveYearTotal,

  491. 		&mi.InitialAllInPremium,

  492. 		&mi.InitialAllInRate,

  493. 		&mi.InitialAmount,

  494. 		)

  495. 	err != nil {

  496. 		return mi, err

  497. 	}

  498. 

  499. 	return mi, nil

  500. }

  501. 

  502. func getBorrower(db *sql.DB, id int) (Borrower, error) {

  503. 	var borrower Borrower

  504. 

  505. 	row := db.QueryRow(

  506. 		"SELECT * FROM borrower " +

  507. 		"WHERE id = ? LIMIT 1",

  508. 	id)

  509. 

  510. 	if err := row.Scan(

  511. 		&borrower.Id,

  512. 		&borrower.Credit,

  513. 		&borrower.Income,

  514. 		&borrower.Num,

  515. 		)

  516. 	err != nil {

  517. 		return borrower, fmt.Errorf("Borrower scanning error: %v", err)

  518.         }

  519. 

  520. 	return borrower, nil

  521. }

  522. 

  523. // Query Lender APIs and parse responses into MI structs

  524. func fetchMi(db *sql.DB, estimate *Estimate, pos int) []MI {

  525. 	var err error

  526. 	var loan Loan = estimate.Loans[pos]

  527. 

  528. 	var ltv = func(l float32) string {

  529. 		switch {

  530. 		case l > 95: return "LTV97"

  531. 		case l > 90: return "LTV95"

  532. 		case l > 85: return "LTV90"

  533. 		default: return "LTV85"

  534. 		}

  535. 	}

  536. 

  537. 	var term = func(t int) string {

  538. 		switch {

  539. 		case t <= 10: return "A10"

  540. 		case t <= 15: return "A15"

  541. 		case t <= 20: return "A20"

  542. 		case t <= 25: return "A25"

  543. 		case t <= 30: return "A30"

  544. 		default: return "A40"

  545. 		}

  546. 	}

  547. 

  548. 	var propertyCodes = map[string]string {

  549. 		"Single Attached": "SFO",

  550. 		"Single Detached": "SFO",

  551. 		"Condo Lo-rise": "CON",

  552. 		"Condo Hi-rise": "CON",

  553. 	}

  554. 

  555. 	var purposeCodes = map[string]string {

  556. 		"Purchase": "PUR",

  557. 		"Refinance": "RRT",

  558. 	}

  559. 

  560. 	body, err := json.Marshal(map[string]any{

  561. 		"zipCode": estimate.Zip,

  562. 		"stateCode": "CA",

  563. 		"address": "",

  564. 		"propertyTypeCode": propertyCodes[estimate.Property],

  565. 		"occupancyTypeCode": "PRS",

  566. 		"loanPurposeCode": purposeCodes[estimate.Transaction],

  567. 		"loanAmount": loan.Amount,

  568. 		"loanToValue": ltv(loan.Ltv),

  569. 		"amortizationTerm": term(loan.Term),

  570. 		"loanTypeCode": "FXD",

  571. 		"duLpDecisionCode": "DAE",

  572. 		"loanProgramCodes": []any{},

  573. 		"debtToIncome": loan.Dti,

  574. 		"wholesaleLoan": 0,

  575. 		"coveragePercentageCode": "L30",

  576. 		"productCode": "BPM",

  577. 		"renewalTypeCode": "CON",

  578. 		"numberOfBorrowers": 1,

  579. 		"coBorrowerCreditScores": []any{},

  580. 		"borrowerCreditScore": strconv.Itoa(estimate.Borrower.Credit),

  581. 		"masterPolicy": nil,

  582. 		"selfEmployedIndicator": false,

  583. 		"armType": "",

  584. 		"userId": 44504,

  585. 	})

  586. 	

  587. 	if err != nil {

  588. 		log.Printf("Could not marshal NationalMI body: \n%v\n%v\n",

  589. 		bytes.NewBuffer(body), err)

  590. 	}

  591. 

  592. 	req, err := http.NewRequest("POST",

  593. 	"https://rate-gps.nationalmi.com/rates/productRateQuote",

  594. 	bytes.NewBuffer(body))

  595. 	req.Header.Add("Content-Type", "application/json")

  596. 

  597. 	req.AddCookie(&http.Cookie{

  598. 		Name: "nmirategps_email",

  599. 		Value: config["NationalMIEmail"]})

  600. 

  601. 	resp, err := http.DefaultClient.Do(req)

  602. 	var res map[string]interface{}

  603. 	var result []MI

  604. 

  605. 	if resp.StatusCode != 200 {

  606. 		log.Printf("the status: %v\nthe resp: %v\n the req: %v\n the body: %v\n",

  607. 		resp.Status, resp, req.Body, bytes.NewBuffer(body))

  608. 	} else {

  609. 		json.NewDecoder(resp.Body).Decode(&res)

  610. 		// estimate.Loans[pos].Mi = res

  611. 		// Parse res into result here

  612. 	}

  613. 

  614. 	return result

  615. }

  616. 

  617. // Make comparison PDF

  618. func generatePDF(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  619. }

  620. 

  621. func login(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  622. 	var id int

  623. 	var role string

  624. 	var err error

  625. 	var user User

  626. 	json.NewDecoder(r.Body).Decode(&user)

  627. 

  628. 	row := db.QueryRow(

  629. 		`SELECT id, role FROM user WHERE email = ? AND password = sha2(?, 256)`,

  630. 		user.Email, user.Password,

  631. 		)

  632. 

  633. 	err = row.Scan(&id, &role)

  634. 	if err != nil {

  635. 		http.Error(w, "Invalid Credentials.", http.StatusUnauthorized)

  636. 		return

  637. 	}

  638. 

  639. 	token := jwt.NewWithClaims(jwt.SigningMethodHS256,

  640. 	UserClaims{ Id: id, Role: role,

  641. 		Exp: time.Now().Add(time.Minute * 30).Format(time.UnixDate)})

  642. 

  643. 	tokenStr, err := token.SignedString([]byte(config["JWT_SECRET"]))

  644. 	if err != nil {

  645. 		log.Println("Token could not be signed: ", err, tokenStr)

  646. 		http.Error(w, "Token generation error.", http.StatusInternalServerError)

  647. 		return

  648. 	}

  649. 

  650. 	cookie := http.Cookie{Name: "skouter",

  651. 	Value: tokenStr,

  652. 	Path: "/",

  653. 	Expires: time.Now().Add(time.Hour * 24)}

  654. 	http.SetCookie(w, &cookie)

  655. 	_, err = w.Write([]byte(tokenStr))

  656. 	if err != nil {

  657. 		http.Error(w,

  658. 		"Could not complete token write.",

  659. 		http.StatusInternalServerError)}

  660. }

  661. 

  662. func getToken(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  663. 	claims, err := getClaims(r)

  664. 	// Will verify existing signature and expiry time

  665. 	token := jwt.NewWithClaims(jwt.SigningMethodHS256,

  666. 	UserClaims{ Id: claims.Id, Role: claims.Role,

  667. 		Exp: time.Now().Add(time.Minute * 30).Format(time.UnixDate)})

  668. 

  669. 	tokenStr, err := token.SignedString([]byte(config["JWT_SECRET"]))

  670. 	if err != nil {

  671. 		log.Println("Token could not be signed: ", err, tokenStr)

  672. 		http.Error(w, "Token generation error.", http.StatusInternalServerError)

  673. 		return

  674. 	}

  675. 

  676. 	cookie := http.Cookie{Name: "skouter",

  677. 	Value: tokenStr,

  678. 	Path: "/",

  679. 	Expires: time.Now().Add(time.Hour * 24)}

  680. 	http.SetCookie(w, &cookie)

  681. 	_, err = w.Write([]byte(tokenStr))

  682. 	if err != nil {

  683. 		http.Error(w,

  684. 		"Could not complete token write.",

  685. 		http.StatusInternalServerError)}

  686. }

  687. 

  688. func getClaims(r *http.Request) (UserClaims, error) {

  689. 	claims := new(UserClaims)

  690. 	_, tokenStr, found := strings.Cut(r.Header.Get("Authorization"), " ")

  691. 

  692. 	if !found {

  693. 		return *claims, errors.New("Token not found")

  694. 	}

  695. 

  696. 	// Pull token payload into UserClaims

  697. 	_, err := jwt.ParseWithClaims(tokenStr, claims,

  698. 	func(token *jwt.Token) (any, error) {

  699. 		return []byte(config["JWT_SECRET"]), nil

  700. 	})

  701. 

  702. 	if err != nil {

  703. 		return *claims, err

  704. 	}

  705. 

  706. 	if err = claims.Valid(); err != nil {

  707. 		return *claims, err

  708. 	}

  709. 

  710. 	return *claims, nil

  711. }

  712. 

  713. func guard(r *http.Request, required int) bool {

  714. 	claims, err := getClaims(r)

  715. 	if err != nil { return false }

  716. 	if roles[claims.Role] < required { return false }

  717. 

  718. 	return true

  719. }

  720. 

  721. func queryUsers(db *sql.DB, id int) ( []User, error ) {

  722. 	var users []User

  723. 	var query string

  724. 	var rows *sql.Rows

  725. 	var err error

  726. 

  727. 	query = `SELECT

  728. 	u.id,

  729. 	u.email,

  730. 	u.first_name,

  731. 	u.last_name,

  732. 	u.branch_id,

  733. 	u.country,

  734. 	u.title,

  735. 	u.status,

  736. 	u.verified,

  737. 	u.role

  738. 	FROM user u WHERE u.id = CASE @e := ? WHEN 0 THEN u.id ELSE @e END

  739. 	`

  740. 	rows, err = db.Query(query, id)

  741. 

  742. 

  743. 	if err != nil {

  744. 		return users, err

  745. 	}

  746. 

  747. 	defer rows.Close()

  748. 

  749. 	for rows.Next() {

  750. 		var user User

  751. 

  752. 		if err := rows.Scan(

  753. 			&user.Id,

  754. 			&user.Email,

  755. 			&user.FirstName,

  756. 			&user.LastName,

  757. 			&user.BranchId,

  758. 			&user.Country,

  759. 			&user.Title,

  760. 			&user.Status,

  761. 			&user.Verified,

  762. 			&user.Role,

  763. 			)

  764. 		err != nil {

  765. 			return users, err

  766.         }

  767. 		users = append(users, user)

  768. 	}

  769. 

  770. 	// Prevents runtime panics

  771. 	if len(users) == 0 { return users, errors.New("User not found.") }

  772. 

  773. 	return users, nil

  774. }

  775. 

  776. func insertResults(db *sql.DB, results []Result) (error){

  777. 	var query string

  778. 	var row *sql.Row

  779. 	var err error

  780. 

  781. 	query = `INSERT INTO estimate_result

  782. 	(

  783. 		loan_id,

  784. 		loan_payment,

  785. 		total_monthly,

  786. 		total_fees,

  787. 		total_credits,

  788. 		cash_to_close

  789. 	)

  790. 	VALUES (?, ?, ?, ?, ?, ?, ?)

  791. 	RETURNING id

  792. 	`

  793. 	for i := range results {

  794. 		db.QueryRow(query,

  795. 			results[i].LoanId,

  796. 			results[i].LoanPayment,

  797. 			results[i].TotalMonthly,

  798. 			results[i].TotalFees,

  799. 			results[i].TotalCredits,

  800. 			results[i].CashToClose,

  801. 		)

  802. 		err = row.Scan(&results[i].Id)

  803. 		if err != nil { return err }

  804. 	}

  805. 	

  806. 	return nil

  807. }

  808. 

  809. 

  810. func insertUser(db *sql.DB, user User) (User, error){

  811. 	var query string

  812. 	var row *sql.Row

  813. 	var err error

  814. 	var id int // Inserted user's id

  815. 

  816. 	query = `INSERT INTO user

  817. 	(

  818. 		email,

  819. 		first_name,

  820. 		last_name,

  821. 		password,

  822. 		created,

  823. 		role,

  824. 		verified,

  825. 		last_login

  826. 	)

  827. 	VALUES (?, ?, ?, sha2(?, 256), NOW(), ?, ?, NOW())

  828. 	RETURNING id 

  829. 	`

  830. 	row = db.QueryRow(query,

  831. 		user.Email,

  832. 		user.FirstName,

  833. 		user.LastName,

  834. 		user.Password,

  835. 		user.Role,

  836. 		user.Verified,

  837. 	)

  838. 

  839. 	err = row.Scan(&id)

  840. 	if err != nil { return User{}, err }

  841. 

  842. 	users, err := queryUsers(db, id)

  843. 	if err != nil { return User{}, err }

  844. 

  845. 	return users[0], nil

  846. }

  847. 

  848. func updateUser(user User, db *sql.DB) error {

  849. 	query := `

  850. 	UPDATE user

  851. 	SET

  852. 	email = CASE @e := ? WHEN '' THEN email ELSE @e END,

  853. 	first_name = CASE @fn := ? WHEN '' THEN first_name ELSE @fn END,

  854. 	last_name = CASE @ln := ? WHEN '' THEN last_name ELSE @ln END,

  855. 	role = CASE @r := ? WHEN '' THEN role ELSE @r END,

  856. 	password = CASE @p := ? WHEN '' THEN password ELSE sha2(@p, 256) END

  857. 	WHERE id = ?

  858. 	`

  859. 

  860. 	_, err := db.Exec(query,

  861. 	user.Email,

  862. 	user.FirstName,

  863. 	user.LastName,

  864. 	user.Role,

  865. 	user.Password,

  866. 	user.Id,

  867. 	)

  868. 

  869. 	return err

  870. }

  871. 

  872. 

  873. func getUser(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  874. 	claims, err := getClaims(r)

  875. 	if err != nil { w.WriteHeader(500); return }

  876. 	users, err := queryUsers(db, claims.Id)

  877. 	if err != nil { w.WriteHeader(422); log.Println(err); return }

  878. 	json.NewEncoder(w).Encode(users)

  879. }

  880. 

  881. func getUsers(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  882. 	users, err := queryUsers(db, 0)

  883. 	if err != nil {

  884. 		w.WriteHeader(http.StatusInternalServerError)

  885. 		return

  886. 	}

  887. 

  888. 	json.NewEncoder(w).Encode(users)

  889. }

  890. 

  891. // Updates a user using only specified values in the JSON body

  892. func setUser(user User, db *sql.DB) error {

  893. 	_, err := mail.ParseAddress(user.Email)

  894. 	if err != nil { return err }

  895. 

  896. 	if roles[user.Role] == 0 {

  897. 		return errors.New("Invalid role")

  898. 	}

  899. 

  900. 	err = updateUser(user, db)

  901. 	if err != nil { return err }

  902. 	

  903. 	return nil

  904. }

  905. 

  906. func patchUser(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  907. 	var user User

  908. 	err := json.NewDecoder(r.Body).Decode(&user)

  909. 	if err != nil { http.Error(w, "Invalid fields", 422); return }

  910. 

  911. 	err = setUser(user, db)

  912. 	if err != nil { http.Error(w, err.Error(), 422); return }

  913. }

  914. 

  915. // Update specified fields of the user specified in the claim

  916. func patchSelf(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  917. 	claim, err := getClaims(r)

  918. 	var user User

  919. 	json.NewDecoder(r.Body).Decode(&user)

  920. 

  921. 	// First check that the target user to be updated is the same as the claim id, and

  922. 	// their role is unchanged.

  923. 	if err != nil || claim.Id != user.Id {

  924. 		http.Error(w, "Target user's id does not match claim.", 401)

  925. 		return

  926. 	}

  927. 

  928. 	if claim.Role != user.Role && user.Role != "" {

  929. 		http.Error(w, "Administrator required to escalate role.", 401)

  930. 		return

  931. 	}

  932. 

  933. 	err = setUser(user, db)

  934. 	if err != nil { http.Error(w, err.Error(), 422); return }

  935. }

  936. 

  937. func deleteUser(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  938. 	var user User

  939. 	err := json.NewDecoder(r.Body).Decode(&user)

  940. 	if err != nil {

  941. 		http.Error(w, "Invalid fields.", 422)

  942. 		return

  943. 	}

  944. 

  945. 	query := `DELETE FROM user WHERE id = ?`

  946. 	_, err = db.Exec(query, user.Id)

  947. 

  948. 	if err != nil {

  949. 		http.Error(w, "Could not delete.", 500)

  950. 	}

  951. }

  952. 

  953. func createUser(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  954. 	var user User

  955. 	err := json.NewDecoder(r.Body).Decode(&user)

  956. 	if err != nil { http.Error(w, "Invalid fields.", 422); return }

  957. 

  958. 	_, err = mail.ParseAddress(user.Email)

  959. 	if err != nil { http.Error(w, "Invalid email.", 422); return }

  960. 

  961. 	if roles[user.Role] == 0 {

  962. 		http.Error(w, "Invalid role.", 422)

  963. 	}

  964. 

  965. 	user, err = insertUser(db, user)

  966. 	if err != nil { http.Error(w, "Error creating user.", 422); return }

  967. 

  968. 	json.NewEncoder(w).Encode(user)

  969. }

  970. 

  971. func fetchAvatar(db *sql.DB, user int) ( []byte, error ) {

  972. 	var img []byte

  973. 	var query string

  974. 	var err error

  975. 

  976. 	query = `SELECT

  977. 	avatar

  978. 	FROM user WHERE user.id = ?

  979. 	`

  980. 	row := db.QueryRow(query, user)

  981. 	err = row.Scan(&img)

  982. 

  983. 	if err != nil {

  984. 		return img, err

  985. 	}

  986. 

  987. 	return img, nil

  988. }

  989. 

  990. 

  991. func insertAvatar(db *sql.DB, user int, img []byte) error {

  992. 	query := `UPDATE user

  993. 	SET avatar = ?

  994. 	WHERE id = ?

  995. 	`

  996. 	_, err := db.Exec(query, img, user)

  997. 	if err != nil {

  998. 		return err

  999. 	}

  1000. 

  1001. 	return nil

  1002. }

  1003. 

  1004. func fetchLetterhead(db *sql.DB, user int) ( []byte, error ) {

  1005. 	var img []byte

  1006. 	var query string

  1007. 	var err error

  1008. 

  1009. 	query = `SELECT

  1010. 	letterhead

  1011. 	FROM user WHERE user.id = ?

  1012. 	`

  1013. 	row := db.QueryRow(query, user)

  1014. 	err = row.Scan(&img)

  1015. 

  1016. 	if err != nil {

  1017. 		return img, err

  1018. 	}

  1019. 

  1020. 	return img, nil

  1021. }

  1022. 

  1023. 

  1024. func insertLetterhead(db *sql.DB, user int, img []byte) error {

  1025. 	query := `UPDATE user

  1026. 	SET letterhead = ?

  1027. 	WHERE id = ?

  1028. 	`

  1029. 	_, err := db.Exec(query, img, user)

  1030. 	if err != nil {

  1031. 		return err

  1032. 	}

  1033. 

  1034. 	return nil

  1035. }

  1036. 

  1037. 

  1038. func setAvatar(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  1039. 	var validTypes []string = []string{"image/png", "image/jpeg"}

  1040. 	var isValidType bool

  1041. 	

  1042. 	claims, err := getClaims(r)

  1043. 	if err != nil { http.Error(w, "Invalid token.", 422); return }

  1044. 	img, err := io.ReadAll(r.Body)

  1045. 	if err != nil { http.Error(w, "Invalid file.", 422); return }

  1046. 	for _, v := range validTypes {

  1047. 		if v == http.DetectContentType(img) { isValidType = true }

  1048. 	}

  1049. 	if !isValidType { http.Error(w, "Invalid file type.", 422); return }

  1050. 

  1051. 	err = insertAvatar(db, claims.Id, img)

  1052. 	if err != nil { http.Error(w, "Could not insert.", 500); return }

  1053. }

  1054. 

  1055. func getAvatar(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  1056. 	claims, err := getClaims(r)

  1057. 	if err != nil { http.Error(w, "Invalid token.", 422); return }

  1058. 	img, err := fetchAvatar(db, claims.Id)

  1059. 	if err != nil { http.Error(w, "Could not retrieve.", 500); return }

  1060. 	

  1061. 	w.Header().Set("Content-Type", http.DetectContentType(img))

  1062. 	w.Write(img)

  1063. }

  1064. 

  1065. func setLetterhead(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  1066. 	var validTypes []string = []string{"image/png", "image/jpeg"}

  1067. 	var isValidType bool

  1068. 	

  1069. 	claims, err := getClaims(r)

  1070. 	if err != nil { http.Error(w, "Invalid token.", 422); return }

  1071. 	img, err := io.ReadAll(r.Body)

  1072. 	if err != nil { http.Error(w, "Invalid file.", 422); return }

  1073. 	for _, v := range validTypes {

  1074. 		if v == http.DetectContentType(img) { isValidType = true }

  1075. 	}

  1076. 	if !isValidType { http.Error(w, "Invalid file type.", 422); return }

  1077. 

  1078. 	err = insertLetterhead(db, claims.Id, img)

  1079. 	if err != nil { http.Error(w, "Could not insert.", 500); return }

  1080. }

  1081. 

  1082. func getLetterhead(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  1083. 	claims, err := getClaims(r)

  1084. 	if err != nil { http.Error(w, "Invalid token.", 422); return }

  1085. 	img, err := fetchLetterhead(db, claims.Id)

  1086. 	if err != nil { http.Error(w, "Could not retrieve.", 500); return }

  1087. 	

  1088. 	w.Header().Set("Content-Type", http.DetectContentType(img))

  1089. 	w.Write(img)

  1090. }

  1091. 

  1092. func queryBorrower(db *sql.DB, id int) ( Borrower, error ) {

  1093. 	var borrower Borrower

  1094. 	var query string

  1095. 	var err error

  1096. 

  1097. 	query = `SELECT

  1098. 	l.id,

  1099. 	l.credit_score,

  1100. 	l.num,

  1101. 	l.monthly_income

  1102. 	FROM borrower l WHERE l.id = ?

  1103. 	`

  1104. 	row := db.QueryRow(query, id)

  1105. 	err = row.Scan(

  1106. 			borrower.Id,

  1107. 			borrower.Credit,

  1108. 			borrower.Num,

  1109. 			borrower.Income,

  1110. 		)

  1111. 

  1112. 	if err != nil {

  1113. 		return borrower, err

  1114. 	}

  1115. 

  1116. 	return borrower, nil

  1117. }

  1118. 

  1119. // Must have an estimate ID 'e', but not necessarily a loan id 'id'

  1120. func getResults(db *sql.DB, e int, id int) ( []Result, error ) {

  1121. 	var results []Result

  1122. 	var query string

  1123. 	var rows *sql.Rows

  1124. 	var err error

  1125. 

  1126. 	query = `SELECT

  1127. 	r.id,

  1128. 	loan_id,

  1129. 	loan_payment,

  1130. 	total_monthly,

  1131. 	total_fees,

  1132. 	total_credits,

  1133. 	cash_to_close

  1134. 	FROM estimate_result r

  1135. 	INNER JOIN loan

  1136. 	ON r.loan_id = loan.id

  1137. 	WHERE r.id = CASE @e := ? WHEN 0 THEN r.id ELSE @e END

  1138. 	AND loan.estimate_id = ?

  1139. 	`

  1140. 	rows, err = db.Query(query, id, e)

  1141. 

  1142. 	if err != nil {

  1143. 		return results, err

  1144. 	}

  1145. 

  1146. 	defer rows.Close()

  1147. 

  1148. 	for rows.Next() {

  1149. 		var result Result

  1150. 

  1151. 		if err := rows.Scan(

  1152. 			&result.Id,

  1153. 			&result.LoanId,

  1154. 			&result.LoanPayment,

  1155. 			&result.TotalMonthly,

  1156. 			&result.TotalFees,

  1157. 			&result.TotalCredits,

  1158. 			&result.CashToClose,

  1159. 			)

  1160. 		err != nil {

  1161. 			return results, err

  1162.         }

  1163.         

  1164. 		results = append(results, result)

  1165. 	}

  1166. 	

  1167. 	// Prevents runtime panics

  1168. 	// if len(results) == 0 { return results, errors.New("Result not found.") }

  1169. 

  1170. 	return results, nil

  1171. }

  1172. 

  1173. // Must have an estimate ID 'e', but not necessarily a loan id 'id'

  1174. func getLoans(db *sql.DB, e int, id int) ( []Loan, error ) {

  1175. 	var loans []Loan

  1176. 	var query string

  1177. 	var rows *sql.Rows

  1178. 	var err error

  1179. 

  1180. 	query = `SELECT

  1181. 	l.id,

  1182. 	l.type_id,

  1183. 	l.estimate_id,

  1184. 	l.amount,

  1185. 	l.term,

  1186. 	l.interest,

  1187. 	l.ltv,

  1188. 	l.dti,

  1189. 	l.hoi,

  1190. 	l.tax,

  1191. 	l.name

  1192. 	FROM loan l WHERE l.id = CASE @e := ? WHEN 0 THEN l.id ELSE @e END AND

  1193. 	l.estimate_id = ?

  1194. 	`

  1195. 	rows, err = db.Query(query, id, e)

  1196. 

  1197. 	if err != nil {

  1198. 		return loans, err

  1199. 	}

  1200. 

  1201. 	defer rows.Close()

  1202. 

  1203. 	for rows.Next() {

  1204. 		var loan Loan

  1205. 

  1206. 		if err := rows.Scan(

  1207. 			&loan.Id,

  1208. 			&loan.Type.Id,

  1209. 			&loan.EstimateId,

  1210. 			&loan.Amount,

  1211. 			&loan.Term,

  1212. 			&loan.Interest,

  1213. 			&loan.Ltv,

  1214. 			&loan.Dti,

  1215. 			&loan.Hoi,

  1216. 			&loan.Tax,

  1217. 			&loan.Name,

  1218. 			)

  1219. 		err != nil {

  1220. 			return loans, err

  1221.         }

  1222.         

  1223.         mi, err := getMi(db, loan.Id)

  1224. 		if err != nil {

  1225. 			return loans, err

  1226.         }

  1227. 		loan.Mi = mi

  1228. 		fees, err := getFees(db, loan.Id)

  1229. 		if err != nil {

  1230. 			return loans, err

  1231.         }

  1232. 		loan.Fees = fees

  1233. 		

  1234. 		loan.Type, err = getLoanType(db, loan.Type.Id)

  1235. 		if err != nil {

  1236. 			return loans, err

  1237.         }

  1238. 		

  1239. 		loans = append(loans, loan)

  1240. 	}

  1241. 	

  1242. 	// Prevents runtime panics

  1243. 	if len(loans) == 0 { return loans, errors.New("Loan not found.") }

  1244. 

  1245. 	return loans, nil

  1246. }

  1247. 

  1248. func getEstimates(db *sql.DB, id int, user int) ( []Estimate, error ) {

  1249. 	var estimates []Estimate

  1250. 	var query string

  1251. 	var rows *sql.Rows

  1252. 	var err error

  1253. 

  1254. 	query = `SELECT

  1255. 	id,

  1256. 	user_id,

  1257. 	borrower_id,

  1258. 	transaction,

  1259. 	price,

  1260. 	property,

  1261. 	occupancy,

  1262. 	zip,

  1263. 	pud

  1264. 	FROM estimate WHERE id = CASE @e := ? WHEN 0 THEN id ELSE @e END AND

  1265. 	user_id = CASE @e := ? WHEN 0 THEN user_id ELSE @e END

  1266. 	`

  1267. 	rows, err = db.Query(query, id, user)

  1268. 

  1269. 	if err != nil {

  1270. 		return estimates, err

  1271. 	}

  1272. 

  1273. 	defer rows.Close()

  1274. 

  1275. 	for rows.Next() {

  1276. 		var estimate Estimate

  1277. 

  1278. 		if err := rows.Scan(

  1279. 			&estimate.Id,

  1280. 			&estimate.User,

  1281. 			&estimate.Borrower.Id,

  1282. 			&estimate.Transaction,

  1283. 			&estimate.Price,

  1284. 			&estimate.Property,

  1285. 			&estimate.Occupancy,

  1286. 			&estimate.Zip,

  1287. 			&estimate.Pud,

  1288. 			)

  1289. 		err != nil {

  1290. 			return estimates, err

  1291.         }

  1292.         

  1293. 		borrower, err := getBorrower(db, estimate.Borrower.Id)

  1294. 		if err != nil {

  1295. 			return estimates, err

  1296.         }

  1297.         estimate.Borrower = borrower

  1298.         

  1299. 		estimate.Results, err = getResults(db, estimate.Id, 0)

  1300. 		if err != nil {

  1301. 			return estimates, err

  1302.         }

  1303.         

  1304. 		estimates = append(estimates, estimate)

  1305. 	}

  1306. 

  1307. 	// Prevents runtime panics

  1308. 	if len(estimates) == 0 { return estimates, errors.New("Estimate not found.") }

  1309. 	

  1310. 	for i := range estimates {

  1311. 		estimates[i].Loans, err = getLoans(db, estimates[i].Id, 0)

  1312. 		if err != nil { return estimates, err }

  1313. 	}

  1314. 	

  1315. 	return estimates, nil

  1316. }

  1317. 

  1318. // Accepts a borrower struct and returns the id of the inserted borrower and

  1319. // any related error.

  1320. func insertBorrower(db *sql.DB, borrower Borrower) (int, error) {

  1321. 	var query string

  1322. 	var row *sql.Row

  1323. 	var err error

  1324. 	var id int // Inserted loan's id

  1325. 

  1326. 	query = `INSERT INTO borrower

  1327. 	(

  1328. 		credit_score,

  1329. 		monthly_income,

  1330. 		num

  1331. 	)

  1332. 	VALUES (?, ?, ?)

  1333. 	RETURNING id

  1334. 	`

  1335. 	row = db.QueryRow(query,

  1336. 		borrower.Credit,

  1337. 		borrower.Income,

  1338. 		borrower.Num,

  1339. 	)

  1340. 

  1341. 	err = row.Scan(&id)

  1342. 	if err != nil { return 0, err }

  1343. 

  1344. 	return id, nil

  1345. }

  1346. 

  1347. func insertMi(db *sql.DB, mi MI) (int, error) {

  1348. 	var id int

  1349. 	

  1350. 	query := `INSERT INTO mi 

  1351. 		(

  1352. 			type,

  1353. 			label,

  1354. 			lender,

  1355. 			rate,

  1356. 			premium,

  1357. 			upfront,

  1358. 			five_year_total,

  1359. 			initial_premium,

  1360. 			initial_rate,

  1361. 			initial_amount

  1362. 		)

  1363. 		VALUES (?, ?, ?, ?, ?, ?, ?)

  1364. 		RETURNING id`

  1365. 	

  1366. 	row := db.QueryRow(query,

  1367. 		&mi.Type,

  1368. 		&mi.Label,

  1369. 		&mi.Lender,

  1370. 		&mi.Rate,

  1371. 		&mi.Premium,

  1372. 		&mi.Upfront,

  1373. 		&mi.FiveYearTotal,

  1374. 		&mi.InitialAllInPremium,

  1375. 		&mi.InitialAllInRate,

  1376. 		&mi.InitialAmount,

  1377. 	)

  1378. 	

  1379. 	err := row.Scan(&id)

  1380. 	if err != nil { return 0, err }

  1381. 	

  1382. 	return id, nil

  1383. }

  1384. 

  1385. func insertFee(db *sql.DB, fee Fee) (int, error) {

  1386. 	var id int

  1387. 	

  1388. 	query := `INSERT INTO fee 

  1389. 		(loan_id, amount, perc, type, notes, name, category)

  1390. 		VALUES (?, ?, ?, ?, ?, ?, ?)

  1391. 		RETURNING id`

  1392. 	

  1393. 	row := db.QueryRow(query,

  1394. 		fee.LoanId,

  1395. 		fee.Amount,

  1396. 		fee.Perc,

  1397. 		fee.Type,

  1398. 		fee.Notes,

  1399. 		fee.Name,

  1400. 		fee.Category,

  1401. 	)

  1402. 	

  1403. 	err := row.Scan(&id)

  1404. 	if err != nil { return 0, err }

  1405. 	

  1406. 	return id, nil

  1407. }

  1408. 

  1409. func insertLoan(db *sql.DB, loan Loan) (Loan, error){

  1410. 	var query string

  1411. 	var row *sql.Row

  1412. 	var err error

  1413. 	var id int // Inserted loan's id

  1414. 

  1415. 	query = `INSERT INTO loan

  1416. 	(

  1417. 		estimate_id,

  1418. 		type_id,

  1419. 		amount,

  1420. 		term,

  1421. 		interest,

  1422. 		ltv,

  1423. 		dti,

  1424. 		hoi,

  1425. 		tax,

  1426. 		name

  1427. 	)

  1428. 	VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)

  1429. 	RETURNING id

  1430. 	`

  1431. 	row = db.QueryRow(query,

  1432. 		loan.EstimateId,

  1433. 		loan.Type.Id,

  1434. 		loan.Amount,

  1435. 		loan.Term,

  1436. 		loan.Interest,

  1437. 		loan.Ltv,

  1438. 		loan.Dti,

  1439. 		loan.Hoi,

  1440. 		loan.Tax,

  1441. 		loan.Name,

  1442. 	)

  1443. 

  1444. 	err = row.Scan(&id)

  1445. 	if err != nil { return loan, err }

  1446. 	_, err = insertMi(db, loan.Mi)

  1447. 	if err != nil { return loan, err }

  1448. 	for i := range loan.Fees {

  1449. 		_, err := insertFee(db, loan.Fees[i])

  1450. 		if err != nil { return loan, err }

  1451. 	}

  1452. 

  1453. 	loans, err := getLoans(db, id, 0)

  1454. 	if err != nil { return Loan{}, err }

  1455. 

  1456. 	return loans[0], nil

  1457. }

  1458. 

  1459. 

  1460. func insertEstimate(db *sql.DB, estimate Estimate) (Estimate, error){

  1461. 	var query string

  1462. 	var row *sql.Row

  1463. 	var err error

  1464. 	// var id int // Inserted estimate's id

  1465. 	

  1466. 	estimate.Borrower.Id, err = insertBorrower(db, estimate.Borrower)

  1467. 	if err != nil { return Estimate{}, err }

  1468. 

  1469. 	query = `INSERT INTO estimate

  1470. 	(

  1471. 		user_id,

  1472. 		borrower_id,

  1473. 		transaction,

  1474. 		price,

  1475. 		property,

  1476. 		occupancy,

  1477. 		zip,

  1478. 		pud

  1479. 	)

  1480. 	VALUES (?, ?, ?, ?, ?, ?, ?, ?)

  1481. 	RETURNING id

  1482. 	`

  1483. 	row = db.QueryRow(query,

  1484. 		estimate.User,

  1485. 		estimate.Borrower.Id,

  1486. 		estimate.Transaction,

  1487. 		estimate.Price,

  1488. 		estimate.Property,

  1489. 		estimate.Occupancy,

  1490. 		estimate.Zip,

  1491. 		estimate.Pud,

  1492. 	)

  1493. 

  1494. 	err = row.Scan(&estimate.Id)

  1495. 	if err != nil { return Estimate{}, err }

  1496. 

  1497. 	for _, l := range estimate.Loans {

  1498. 		l.EstimateId = estimate.Id

  1499. 		_, err = insertLoan(db, l)

  1500. 		if err != nil { return estimate, err }

  1501. 	}

  1502. 	

  1503. 	estimates, err := getEstimates(db, estimate.Id, 0)

  1504. 	if err != nil { return Estimate{}, err }

  1505. 

  1506. 	return estimates[0], nil

  1507. }

  1508. 

  1509. func createEstimate(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  1510. 	var estimate Estimate

  1511. 	err := json.NewDecoder(r.Body).Decode(&estimate)

  1512. 	if err != nil { http.Error(w, "Invalid fields.", 422); return }

  1513. 	claims, err := getClaims(r)

  1514. 	estimate.User = claims.Id

  1515. 

  1516. 	estimate, err = insertEstimate(db, estimate)

  1517. 	if err != nil { http.Error(w, err.Error(), 422); return }

  1518. 	estimate.Results = makeResults(estimate)

  1519. 	err = insertResults(db, estimate.Results)

  1520. 	if err != nil { http.Error(w, err.Error(), 500); return }

  1521. 	e, err := getEstimates(db, estimate.Id, 0)

  1522. 	if err != nil { http.Error(w, err.Error(), 500); return }

  1523. 	

  1524. 	json.NewEncoder(w).Encode(e[0])

  1525. }

  1526. 

  1527. // Query all estimates that belong to the current user

  1528. func fetchEstimate(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  1529. 	var estimates []Estimate

  1530. 	claims, err := getClaims(r)

  1531. 

  1532. 	estimates, err = getEstimates(db, 0, claims.Id)

  1533. 	if err != nil { http.Error(w, err.Error(), 500); return }

  1534. 	

  1535. 	json.NewEncoder(w).Encode(estimates)

  1536. }

  1537. 

  1538. func checkConventional(l Loan, b Borrower) error {

  1539. 	if b.Credit < 620 {

  1540. 		return errors.New("Credit score too low for conventional loan")

  1541. 	}

  1542. 	

  1543. 	// Buyer needs to put down 20% to avoid mortgage insurance

  1544. 	if (l.Ltv > 80 && l.Mi.Rate == 0) {

  1545. 		return errors.New(fmt.Sprintln(

  1546. 			l.Name,

  1547. 			"down payment must be 20% to avoid insurance",

  1548. 			))

  1549. 	}

  1550. 	

  1551. 	return nil

  1552. }

  1553. 

  1554. func checkFHA(l Loan, b Borrower) error {

  1555. 	if b.Credit < 500 {

  1556. 		return errors.New("Credit score too low for FHA loan")

  1557. 	}

  1558. 	

  1559. 	if (l.Ltv > 96.5) {

  1560. 		return errors.New("FHA down payment must be at least 3.5%")

  1561. 	}

  1562. 	

  1563. 	if (b.Credit < 580 && l.Ltv > 90) {

  1564. 		return errors.New("FHA down payment must be at least 10%")

  1565. 	}

  1566. 	

  1567. 	// Debt-to-income must be below 45% if credit score is below 580.

  1568. 	if (b.Credit < 580 && l.Dti > 45) {

  1569. 		return errors.New(fmt.Sprintln(

  1570. 			l.Name, "debt to income is too high for credit score.",

  1571. 		))

  1572. 	}

  1573. 	

  1574. 	return nil

  1575. }

  1576. 

  1577. // Loan option for veterans with no set rules. Mainly placeholder.

  1578. func checkVA(l Loan, b Borrower) error {

  1579. 	return nil

  1580. }

  1581. 

  1582. // Loan option for residents of rural areas with no set rules.

  1583. // Mainly placeholder.

  1584. func checkUSDA(l Loan, b Borrower) error {

  1585. 	return nil

  1586. }

  1587. 

  1588. // Should also check loan amount limit maybe with an API.

  1589. func checkEstimate(e Estimate) error {

  1590. 	if e.Property == "" { return errors.New("Empty property type") }

  1591. 	if e.Price == 0 { return errors.New("Empty property price") }

  1592. 	

  1593. 	if e.Borrower.Num == 0 {

  1594. 		return errors.New("Missing number of borrowers")

  1595. 	}

  1596. 	

  1597. 	if e.Borrower.Credit == 0 {

  1598. 		return errors.New("Missing borrower credit score")

  1599. 	}

  1600. 	

  1601. 	if e.Borrower.Income == 0 {

  1602. 		return errors.New("Missing borrower credit income")

  1603. 	}

  1604. 	

  1605. 	for _, l := range e.Loans {

  1606. 		if l.Amount == 0 {

  1607. 			return errors.New(fmt.Sprintln(l.Name, "loan amount cannot be zero"))

  1608. 		}

  1609. 		if l.Term == 0 {

  1610. 			return errors.New(fmt.Sprintln(l.Name, "loan term cannot be zero"))

  1611. 		}

  1612. 		if l.Interest == 0 {

  1613. 			return errors.New(fmt.Sprintln(l.Name, "loan interest cannot be zero"))

  1614. 		}

  1615. 		

  1616. 		// Can be used to check rules for specific loan types

  1617. 		var err error

  1618. 		switch l.Type.Id {

  1619. 		case 1:

  1620. 			err = checkConventional(l, e.Borrower)

  1621. 		case 2:

  1622. 			err = checkFHA(l, e.Borrower)

  1623. 		case 3:

  1624. 			err = checkVA(l, e.Borrower)

  1625. 		case 4:

  1626. 			err = checkUSDA(l, e.Borrower)

  1627. 		default:

  1628. 			err = errors.New("Invalid loan type")

  1629. 		}

  1630. 		

  1631. 		if err != nil { return err }

  1632. 	}

  1633. 	

  1634. 	return nil

  1635. 	

  1636. }

  1637. 

  1638. func validateEstimate(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  1639. 	var estimate Estimate

  1640. 	err := json.NewDecoder(r.Body).Decode(&estimate)

  1641. 

  1642. 	if err != nil { http.Error(w, err.Error(), 422); return }

  1643. 	

  1644. 	err = checkEstimate(estimate)

  1645. 	if err != nil { http.Error(w, err.Error(), 406); return }

  1646. }

  1647. 

  1648. func showPDF(w http.ResponseWriter, r *http.Request) {

  1649. 	// var args []string

  1650. 

  1651. 	// p := r.URL.Path

  1652. 	db, err := sql.Open("mysql",

  1653. 		fmt.Sprintf("%s:%s@tcp(127.0.0.1:3306)/skouter",

  1654. 			config["DBUser"],

  1655. 			config["DBPass"]))

  1656. 

  1657. 	// w.Header().Set("Content-Type", "application/json; charset=UTF-8")

  1658. 	err = db.Ping()

  1659. 	if err != nil {

  1660. 		fmt.Println("Bad database configuration: %v\n", err)

  1661. 		panic(err)

  1662. 		// maybe os.Exit(1) instead

  1663. 	}

  1664. 	

  1665. 	var pa = template.Must(template.ParseFiles("views/master.tpl",

  1666. 	"views/test.tpl"))

  1667. 	

  1668. 	// claims, err := getClaims(r)

  1669. 	if err != nil { w.WriteHeader(500); return }

  1670. 	users, err := queryUsers(db, 1)

  1671. 	

  1672. 	info := struct {

  1673. 		Title string

  1674. 		Name string

  1675. 		User User

  1676. 	}{

  1677. 		Title: "test PDF",

  1678. 		Name: "idk-random-name",

  1679. 		User: users[0],

  1680. 	}

  1681. 	

  1682. 	// fmt.Println(info)

  1683. 	

  1684. 	err = pa.Execute(w, info)

  1685. 	if err != nil {fmt.Println(err)}

  1686. 

  1687. }

  1688. 

  1689. func clipLetterhead(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  1690. 	var validTypes []string = []string{"image/png", "image/jpeg"}

  1691. 	var isValidType bool

  1692. 	var err error

  1693. 	

  1694. 	// claims, err := getClaims(r)

  1695. 	if err != nil { http.Error(w, "Invalid token.", 422); return }

  1696. 	img, t, err := image.Decode(r.Body)

  1697. 	if err != nil { http.Error(w, "Invalid file.", 422); return }

  1698. 	for _, v := range validTypes {

  1699. 		if v == "image/"+t { isValidType = true }

  1700. 	}

  1701. 	if !isValidType { http.Error(w, "Invalid file type.", 422); return }

  1702. 	

  1703. 	g := gift.New(

  1704. 		gift.ResizeToFit(400, 200, gift.LanczosResampling),

  1705. 	)

  1706. 	dst := image.NewRGBA(g.Bounds(img.Bounds()))

  1707. 	g.Draw(dst, img)

  1708. 	

  1709. 	w.Header().Set("Content-Type", "image/png")

  1710. 	err = png.Encode(w, dst)

  1711. 	if err != nil { http.Error(w, "Error encoding.", 500); return }

  1712. }

  1713. 

  1714. func api(w http.ResponseWriter, r *http.Request) {

  1715. 	var args []string

  1716. 

  1717. 	p := r.URL.Path

  1718. 	db, err := sql.Open("mysql",

  1719. 		fmt.Sprintf("%s:%s@tcp(127.0.0.1:3306)/skouter",

  1720. 			config["DBUser"],

  1721. 			config["DBPass"]))

  1722. 

  1723. 	w.Header().Set("Content-Type", "application/json; charset=UTF-8")

  1724. 

  1725. 	err = db.Ping()

  1726. 	if err != nil {

  1727. 		fmt.Println("Bad database configuration: %v\n", err)

  1728. 		panic(err)

  1729. 		// maybe os.Exit(1) instead

  1730. 	}

  1731. 	

  1732. 	switch {

  1733. 	case match(p, "/api/login", &args) &&

  1734. 	r.Method == http.MethodPost:

  1735. 		login(w, db, r)

  1736. 	case match(p, "/api/token", &args) &&

  1737. 	r.Method == http.MethodGet && guard(r, 1):

  1738. 		getToken(w, db, r)

  1739. 	case match(p, "/api/letterhead", &args) &&

  1740. 	r.Method == http.MethodPost && guard(r, 1):

  1741. 		clipLetterhead(w, db, r)

  1742. 	case match(p, "/api/users", &args) && // Array of all users

  1743. 	r.Method == http.MethodGet && guard(r, 3):

  1744. 		getUsers(w, db, r)

  1745. 	case match(p, "/api/user", &args) &&

  1746. 	r.Method == http.MethodGet && guard(r, 1):

  1747. 		getUser(w, db, r)

  1748. 	case match(p, "/api/user", &args) &&

  1749. 	r.Method == http.MethodPost &&

  1750. 	guard(r, 3):

  1751. 		createUser(w, db, r)

  1752. 	case match(p, "/api/user", &args) &&

  1753. 	r.Method == http.MethodPatch &&

  1754. 	guard(r, 3): // For admin to modify any user

  1755. 		patchUser(w, db, r)

  1756. 	case match(p, "/api/user", &args) &&

  1757. 	r.Method == http.MethodPatch &&

  1758. 	guard(r, 1): // For employees to modify own accounts

  1759. 		patchSelf(w, db, r)

  1760. 	case match(p, "/api/user", &args) &&

  1761. 	r.Method == http.MethodDelete &&

  1762. 	guard(r, 3):

  1763. 		deleteUser(w, db, r)

  1764. 	case match(p, "/api/user/avatar", &args) &&

  1765. 	r.Method == http.MethodGet &&

  1766. 	guard(r, 1):

  1767. 		getAvatar(w, db, r)

  1768. 	case match(p, "/api/user/avatar", &args) &&

  1769. 	r.Method == http.MethodPost &&

  1770. 	guard(r, 1):

  1771. 		setAvatar(w, db, r)

  1772. 	case match(p, "/api/user/letterhead", &args) &&

  1773. 	r.Method == http.MethodGet &&

  1774. 	guard(r, 1):

  1775. 		getLetterhead(w, db, r)

  1776. 	case match(p, "/api/user/letterhead", &args) &&

  1777. 	r.Method == http.MethodPost &&

  1778. 	guard(r, 1):

  1779. 		setLetterhead(w, db, r)

  1780. 	case match(p, "/api/fees", &args) &&

  1781. 	r.Method == http.MethodGet &&

  1782. 	guard(r, 1):

  1783. 		getFeesTemp(w, db, r)

  1784. 	case match(p, "/api/fee", &args) &&

  1785. 	r.Method == http.MethodPost &&

  1786. 	guard(r, 1):

  1787. 		createFeesTemp(w, db, r)

  1788. 	case match(p, "/api/fee", &args) &&

  1789. 	r.Method == http.MethodDelete &&

  1790. 	guard(r, 1):

  1791. 		deleteFeeTemp(w, db, r)

  1792. 	case match(p, "/api/estimates", &args) &&

  1793. 	r.Method == http.MethodGet &&

  1794. 	guard(r, 1):

  1795. 		fetchEstimate(w, db, r)

  1796. 	case match(p, "/api/estimate", &args) &&

  1797. 	r.Method == http.MethodPost &&

  1798. 	guard(r, 1):

  1799. 		createEstimate(w, db, r)

  1800. 	case match(p, "/api/estimate/validate", &args) &&

  1801. 	r.Method == http.MethodPost &&

  1802. 	guard(r, 1):

  1803. 		validateEstimate(w, db, r)

  1804. 	case match(p, "/api/estimate/summarize", &args) &&

  1805. 	r.Method == http.MethodPost &&

  1806. 	guard(r, 1):

  1807. 		summarize(w, db, r)

  1808. 	default:

  1809. 		http.Error(w, "Invalid route or token", 404)

  1810. 	}

  1811. 

  1812. 	db.Close()

  1813. }

  1814. 

  1815. func route(w http.ResponseWriter, r *http.Request) {

  1816. 	var page Page

  1817. 	var args []string

  1818. 	p := r.URL.Path

  1819. 

  1820.     switch {

  1821.     case r.Method == "GET" && match(p, "/", &args):

  1822.         page = pages[ "home" ]

  1823.     case match(p, "/terms", &args):

  1824.         page = pages[ "terms" ]

  1825.     case match(p, "/app", &args):

  1826.         page = pages[ "app" ]

  1827.     case match(p, "/test", &args):

  1828. 		showPDF(w, r)

  1829. 		return

  1830.     default:

  1831.         http.NotFound(w, r)

  1832.         return

  1833.     }

  1834. 

  1835.     page.Render(w)

  1836. }

  1837. 

  1838. func main() {

  1839. 	files := http.FileServer(http.Dir(""))

  1840. 

  1841. 	http.Handle("/assets/", files)

  1842. 	http.HandleFunc("/api/", api)

  1843. 	http.HandleFunc("/", route)

  1844. 	log.Fatal(http.ListenAndServe(address, nil))

  1845. }