Immanuel
/
skouter
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Skouter mortgage estimates. Web application with view written in PHP and Vue, but controller and models in Go.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
73 Commits
1 Branch
11 MiB
 
 
 
 
 
 
Tree: 26cd32c82a
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '26cd32c82a'
${ noResults }
skouter/skouter.go

1338 lines
28 KiB
Raw Blame History 

  1. package main

  2. 

  3. import (

  4. 		"net/http"

  5. 		"net/mail"

  6. 		"log"

  7. 		"sync"

  8. 		"regexp"

  9. 		"html/template"

  10. 		"database/sql"

  11. 		_ "github.com/go-sql-driver/mysql"

  12. 		"fmt"

  13. 		"encoding/json"

  14. 		"strconv"

  15. 		"bytes"

  16. 		"time"

  17. 		"errors"

  18. 		"strings"

  19. 		// pdf "github.com/SebastiaanKlippert/go-wkhtmltopdf"

  20. 		"github.com/golang-jwt/jwt/v4"

  21. )

  22. 

  23. type User struct {

  24. 	Id		int 	`json:"id"`

  25. 	Email 	string 	`json:"email"`

  26. 	FirstName 	string 	`json:"firstName"`

  27. 	LastName 	string 	`json:"lastName"`

  28. 	BranchId 	int 	`json:"branchId"`

  29. 	Status 	string 	`json:"status"`

  30. 	Country 	string 	`json:"country"`

  31. 	Title 	string 	`json:"title"`

  32. 	Verified 	bool 	`json:"verified"`

  33. 	Role 	string 	`json:"role"`

  34. 	Password 	string 	`json:"password,omitempty"`

  35. }

  36. 

  37. type UserClaims struct {

  38. 	Id 	int 	`json:"id"`

  39. 	Role 	string 	`json:"role"`

  40. 	Exp 	string 	`json:"exp"`

  41. }

  42. 

  43. type Page struct {

  44. 	tpl *template.Template

  45. 	Title string

  46. 	Name string

  47. }

  48. 

  49. type Borrower struct {

  50. 	Id	int	`json:"id"`

  51. 	Credit	int 	`json:"credit"`

  52. 	Income	int 	`json:"income"`

  53. 	Num	int	`json:"num"`

  54. }

  55. 

  56. type FeeTemplate struct {

  57. 	Id		int 	`json:"id"`

  58. 	User	int 	`json:"user"`

  59. 	Branch	int 	`json:"branch"`

  60. 	Amount	int 	`json:"amount"`

  61. 	Perc	int 	`json:"perc"`

  62. 	Type	string 	`json:"type"`

  63. 	Notes	string 	`json:"notes"`

  64. 	Name	string 	`json:"name"`

  65. 	Category	string 	`json:"category"`

  66. 	Auto	bool 	`json:"auto"`

  67. }

  68. 

  69. type Fee struct {

  70. 	Id		int 	`json:"id"`

  71. 	LoanId	int 	`json:"loan_id"`

  72. 	Amount	int 	`json:"amount"`

  73. 	Perc	float32 	`json:"perc"`

  74. 	Type	string 	`json:"type"`

  75. 	Notes	string 	`json:"notes"`

  76. 	Name	string 	`json:"name"`

  77. 	Category	string 	`json:"category"`

  78. }

  79. 

  80. type LoanType struct {

  81. 	Id 	int 	`json:"id"`

  82. 	User 	int 	`json:"user"`

  83. 	Branch 	int 	`json:"branch"`

  84. 	Name 	string 	`json:"name"`

  85. }

  86. 

  87. type Loan struct {

  88. 	Id 	int	`json:id`

  89. 	EstimateId	int	`json:estimate_id`

  90. 	Type	LoanType	`json:"type"`

  91. 	Amount	int 	`json:"amount"`

  92. 	Amortization	string	`json:"amortization"`

  93. 	Term		int 	`json:"term"`

  94. 	Ltv 	float32 	`json:"ltv"`

  95. 	Dti 	float32 	`json:"dti"`

  96. 	Hoi		int 	`json:"hoi"`

  97. 	Tax		int 	`json:"hoi"`

  98. 	Interest	float32 	`json:"interest"`

  99. 	Mi 	MI 	`json:"mi"`

  100. 	Fees		[]Fee 	`json:"fees"`

  101. 	Name		string 	`json:"title"`

  102. }

  103. 

  104. type MI struct {

  105. 	Type	string	`json:"user"`

  106. 	Label	string	`json:"label"`

  107. 	Lender	string	`json:"lender"`

  108. 	Rate	float32	`json:"rate"`

  109. 	Premium	float32	`json:"premium"`

  110. 	Upfront	float32	`json:"upfront"`

  111. 	Monthly	bool	`json:"monthly"`

  112. 	FiveYearTotal	float32	`json:"fiveYearTotal"`

  113. 	InitialAllInPremium	float32	`json:"initialAllInPremium"`

  114. 	InitialAllInRate	float32	`json:"initialAllInRate"`

  115. 	InitialAmount	float32	`json:"initialAmount"`

  116. }

  117. 

  118. type Result struct {

  119. 	User		int 	`json:"user"`

  120. 	Borrower	Borrower 	`json:"borrower"`

  121. 	Transaction	string 	`json:"transaction"`

  122. 	Price		int 	`json:"price"`

  123. 	Property	string 	`json:"property"`

  124. 	Occupancy	string	`json:"occupancy"`

  125. 	Zip		string 	`json:"zip"`

  126. 	Pud		bool 	`json:"pud"`

  127. 	Loans 	[]Loan 	`json:"loans"`

  128. }

  129. 

  130. type Estimate struct {

  131. 	Id		int 	`json:"id"`

  132. 	User		int 	`json:"user"`

  133. 	Borrower	Borrower 	`json:"borrower"`

  134. 	Transaction	string 	`json:"transaction"`

  135. 	Price		int 	`json:"price"`

  136. 	Property	string 	`json:"property"`

  137. 	Occupancy	string	`json:"occupancy"`

  138. 	Zip		string 	`json:"zip"`

  139. 	Pud		bool 	`json:"pud"`

  140. 	Loans 	[]Loan 	`json:"loans"`

  141. }

  142. 

  143. var (

  144.     regexen = make(map[string]*regexp.Regexp)

  145.     relock  sync.Mutex

  146. 	address = "127.0.0.1:8001"

  147. )

  148. 

  149. var paths = map[string]string {

  150. 	"home": "home.tpl",

  151. 	"terms": "terms.tpl",

  152. 	"app": "app.tpl",

  153. }

  154. 

  155. var pages = map[string]Page {

  156. 	"home": cache("home", "Home"),

  157. 	"terms": cache("terms", "Terms and Conditions"),

  158. 	"app": cache("app", "App"),

  159. }

  160. 

  161. var roles = map[string]int{

  162. 	"User": 1,

  163. 	"Manager": 2,

  164. 	"Admin": 3,

  165. }

  166. 

  167. // Used to validate claim in JWT token body. Checks if user id is greater than

  168. // zero and time format is valid

  169. func (c UserClaims) Valid() error {

  170. 	if c.Id < 1 { return errors.New("Invalid id") }

  171. 	t, err := time.Parse(time.UnixDate, c.Exp)

  172. 	if err != nil { return err }

  173. 	if t.Before(time.Now()) { return errors.New("Token expired.") }

  174. 	return err

  175. }

  176. 

  177. func cache(name string, title string) Page {

  178. 	var p = []string{"master.tpl", paths[name]}

  179. 	tpl := template.Must(template.ParseFiles(p...))

  180. 	return Page{tpl: tpl,

  181. 				Title: title,

  182. 				Name: name,

  183. 				}

  184. }

  185. 

  186. func (page Page) Render(w http.ResponseWriter) {

  187. 	err := page.tpl.Execute(w, page)

  188. 	if err != nil {

  189. 		log.Print(err)

  190. 	}

  191. }

  192. 

  193. func match(path, pattern string, args *[]string) bool {

  194. 	relock.Lock()

  195. 	defer relock.Unlock()

  196. 	regex := regexen[pattern]

  197. 

  198. 	if regex == nil {

  199. 		regex = regexp.MustCompile("^" + pattern + "$")

  200. 		regexen[pattern] = regex

  201. 	}

  202. 

  203. 	matches := regex.FindStringSubmatch(path)

  204. 	if len(matches) <= 0 {

  205. 		return false

  206. 	}

  207. 

  208. 	*args = matches[1:]

  209. 	return true

  210. }

  211. 

  212. func getLoanType(

  213. 	db *sql.DB,

  214. 	user int,

  215. 	branch int,

  216. 	isUser bool) ([]LoanType, error) {

  217. 	var loans []LoanType

  218. 

  219. 	// Should be changed to specify user

  220. 	rows, err :=

  221. 	db.Query(`SELECT * FROM loan_type WHERE user_id = ? AND branch_id = ? ` +

  222. 	"OR (user_id = 0 AND branch_id = 0)", user, branch)

  223. 

  224. 	if err != nil {

  225. 		return nil, fmt.Errorf("loan_type error: %v", err)

  226. 	}

  227. 

  228. 	defer rows.Close()

  229. 

  230. 	for rows.Next() {

  231. 		var loan LoanType

  232. 

  233. 		if err := rows.Scan(

  234. 			&loan.Id,

  235. 			&loan.User,

  236. 			&loan.Branch,

  237. 			&loan.Name)

  238. 		err != nil {

  239. 			log.Printf("Error occured fetching loan: %v", err)

  240. 			return nil, fmt.Errorf("Error occured fetching loan: %v", err)

  241.         }

  242. 

  243. 		loans = append(loans, loan)

  244. 	}

  245. 

  246. 	return loans, nil

  247. }

  248. 

  249. func getFees(db *sql.DB, loan int) ([]Fee, error) {

  250. 	var fees []Fee

  251. 

  252. 	rows, err := db.Query(

  253. 		"SELECT * FROM fees " +

  254. 		"WHERE loan_id = ?",

  255. 	loan)

  256. 	

  257. 	if err != nil {

  258. 		return nil, fmt.Errorf("Fee query error %v", err)

  259. 	}

  260. 

  261. 	defer rows.Close()

  262. 

  263. 	for rows.Next() {

  264. 		var fee Fee

  265. 

  266. 		if err := rows.Scan(

  267. 			&fee.Id,

  268. 			&fee.LoanId,

  269. 			&fee.Amount,

  270. 			&fee.Perc,

  271. 			&fee.Type,

  272. 			&fee.Notes,

  273. 			&fee.Name,

  274. 			&fee.Category,

  275. 			)

  276. 		err != nil {

  277. 			return nil, fmt.Errorf("Fees scanning error: %v", err)

  278.         }

  279. 

  280. 		fees = append(fees, fee)

  281. 	}

  282. 	

  283. 	return fees, nil

  284. }

  285. 

  286. func fetchFeesTemp(db *sql.DB, user int, branch int) ([]FeeTemplate, error) {

  287. 	var fees []FeeTemplate

  288. 	rows, err := db.Query(

  289. 		"SELECT * FROM fee_template " +

  290. 		"WHERE user_id = ? OR branch_id = ?",

  291. 	user, branch)

  292. 	

  293. 	if err != nil {

  294. 		return nil, fmt.Errorf("Fee template query error %v", err)

  295. 	}

  296. 

  297. 	defer rows.Close()

  298. 

  299. 	for rows.Next() {

  300. 		var fee FeeTemplate

  301. 

  302. 		if err := rows.Scan(

  303. 			&fee.Id,

  304. 			&fee.User,

  305. 			&fee.Branch,

  306. 			&fee.Amount,

  307. 			&fee.Perc,

  308. 			&fee.Type,

  309. 			&fee.Notes,

  310. 			&fee.Name,

  311. 			&fee.Category,

  312. 			&fee.Auto)

  313. 		err != nil {

  314. 			return nil, fmt.Errorf("FeesTemplate scanning error: %v", err)

  315.         }

  316. 

  317. 		fees = append(fees, fee)

  318. 	}

  319. 	

  320. 	return fees, nil

  321. }

  322. 

  323. // Fetch fees from the database

  324. func getFeesTemp(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  325. 	var fees []FeeTemplate

  326. 	claims, err := getClaims(r)

  327. 	if err != nil { w.WriteHeader(500); return }

  328. 	users, err := queryUsers(db, claims.Id)

  329. 	if err != nil { w.WriteHeader(422); return }

  330. 

  331. 	fees, err = fetchFeesTemp(db, claims.Id, users[0].BranchId)

  332. 	json.NewEncoder(w).Encode(fees)

  333. }

  334. 

  335. func getMi(db *sql.DB, loan int) (MI, error) {

  336. 	var mi MI

  337. 

  338. 	query := `SELECT

  339. 	type, label, lender, rate, premium, upfront, five_year_total,

  340. 	initial_premium, initial_rate, initial_amount

  341. 	FROM mi WHERE loan_id = ?`

  342. 

  343. 	row := db.QueryRow(query, loan)

  344. 

  345. 	if err := row.Scan(

  346. 		&mi.Type,

  347. 		&mi.Label,

  348. 		&mi.Lender,

  349. 		&mi.Rate,

  350. 		&mi.Premium,

  351. 		&mi.Upfront,

  352. 		&mi.FiveYearTotal,

  353. 		&mi.InitialAllInPremium,

  354. 		&mi.InitialAllInRate,

  355. 		&mi.InitialAmount,

  356. 		)

  357. 	err != nil {

  358. 		return mi, err

  359. 	}

  360. 

  361. 	return mi, nil

  362. }

  363. 

  364. func getLoans(db *sql.DB, estimate int) ([]Loan, error) {

  365. 	var loans []Loan

  366. 

  367. 	query := `SELECT

  368. 	l.id, l.amount, l.term, l.interest, l.ltv, l.dti, l.hoi,

  369. 	lt.id, lt.user_id, lt.branch_id, lt.name

  370. 	FROM loan l INNER JOIN loan_type lt ON l.type_id = lt.id

  371. 	WHERE l.estimate_id = ?

  372. 	`

  373. 	rows, err := db.Query(query, estimate)

  374. 	

  375. 	if err != nil {

  376. 		return nil, fmt.Errorf("Loan query error %v", err)

  377. 	}

  378. 

  379. 	defer rows.Close()

  380. 

  381. 	for rows.Next() {

  382. 		var loan Loan

  383. 

  384. 		if err := rows.Scan(

  385. 			&loan.Id,

  386. 			&loan.Amount,

  387. 			&loan.Term,

  388. 			&loan.Interest,

  389. 			&loan.Ltv,

  390. 			&loan.Dti,

  391. 			&loan.Hoi,

  392. 			&loan.Type.Id,

  393. 			&loan.Type.User,

  394. 			&loan.Type.Branch,

  395. 			&loan.Type.Name,

  396. 			)

  397. 		err != nil {

  398. 			return loans, fmt.Errorf("Loans scanning error: %v", err)

  399.         }

  400. 		mi, err := getMi(db, loan.Id)

  401. 		if err != nil {

  402. 			return loans, err

  403.         }

  404. 		loan.Mi = mi

  405. 		loans = append(loans, loan)

  406. 	}

  407. 	

  408. 	return loans, nil

  409. }

  410. 

  411. func getBorrower(db *sql.DB, id int) (Borrower, error) {

  412. 	var borrower Borrower

  413. 

  414. 	row := db.QueryRow(

  415. 		"SELECT * FROM borrower " +

  416. 		"WHERE id = ? LIMIT 1",

  417. 	id)

  418. 

  419. 	if err := row.Scan(

  420. 		&borrower.Id,

  421. 		&borrower.Credit,

  422. 		&borrower.Income,

  423. 		&borrower.Num,

  424. 		)

  425. 	err != nil {

  426. 		return borrower, fmt.Errorf("Borrower scanning error: %v", err)

  427.         }

  428. 

  429. 	return borrower, nil

  430. }

  431. 

  432. // Query Lender APIs and parse responses into MI structs

  433. func fetchMi(db *sql.DB, estimate *Estimate, pos int) []MI {

  434. 	var err error

  435. 	var loan Loan = estimate.Loans[pos]

  436. 

  437. 	var ltv = func(l float32) string {

  438. 		switch {

  439. 		case l > 95: return "LTV97"

  440. 		case l > 90: return "LTV95"

  441. 		case l > 85: return "LTV90"

  442. 		default: return "LTV85"

  443. 		}

  444. 	}

  445. 

  446. 	var term = func(t int) string {

  447. 		switch {

  448. 		case t <= 10: return "A10"

  449. 		case t <= 15: return "A15"

  450. 		case t <= 20: return "A20"

  451. 		case t <= 25: return "A25"

  452. 		case t <= 30: return "A30"

  453. 		default: return "A40"

  454. 		}

  455. 	}

  456. 

  457. 	var propertyCodes = map[string]string {

  458. 		"Single Attached": "SFO",

  459. 		"Single Detached": "SFO",

  460. 		"Condo Lo-rise": "CON",

  461. 		"Condo Hi-rise": "CON",

  462. 	}

  463. 

  464. 	var purposeCodes = map[string]string {

  465. 		"Purchase": "PUR",

  466. 		"Refinance": "RRT",

  467. 	}

  468. 

  469. 	body, err := json.Marshal(map[string]any{

  470. 		"zipCode": estimate.Zip,

  471. 		"stateCode": "CA",

  472. 		"address": "",

  473. 		"propertyTypeCode": propertyCodes[estimate.Property],

  474. 		"occupancyTypeCode": "PRS",

  475. 		"loanPurposeCode": purposeCodes[estimate.Transaction],

  476. 		"loanAmount": loan.Amount,

  477. 		"loanToValue": ltv(loan.Ltv),

  478. 		"amortizationTerm": term(loan.Term),

  479. 		"loanTypeCode": "FXD",

  480. 		"duLpDecisionCode": "DAE",

  481. 		"loanProgramCodes": []any{},

  482. 		"debtToIncome": loan.Dti,

  483. 		"wholesaleLoan": 0,

  484. 		"coveragePercentageCode": "L30",

  485. 		"productCode": "BPM",

  486. 		"renewalTypeCode": "CON",

  487. 		"numberOfBorrowers": 1,

  488. 		"coBorrowerCreditScores": []any{},

  489. 		"borrowerCreditScore": strconv.Itoa(estimate.Borrower.Credit),

  490. 		"masterPolicy": nil,

  491. 		"selfEmployedIndicator": false,

  492. 		"armType": "",

  493. 		"userId": 44504,

  494. 	})

  495. 	

  496. 	if err != nil {

  497. 		log.Printf("Could not marshal NationalMI body: \n%v\n%v\n",

  498. 		bytes.NewBuffer(body), err)

  499. 	}

  500. 

  501. 	req, err := http.NewRequest("POST",

  502. 	"https://rate-gps.nationalmi.com/rates/productRateQuote",

  503. 	bytes.NewBuffer(body))

  504. 	req.Header.Add("Content-Type", "application/json")

  505. 

  506. 	req.AddCookie(&http.Cookie{

  507. 		Name: "nmirategps_email",

  508. 		Value: config["NationalMIEmail"]})

  509. 

  510. 	resp, err := http.DefaultClient.Do(req)

  511. 	var res map[string]interface{}

  512. 	var result []MI

  513. 

  514. 	if resp.StatusCode != 200 {

  515. 		log.Printf("the status: %v\nthe resp: %v\n the req: %v\n the body: %v\n",

  516. 		resp.Status, resp, req.Body, bytes.NewBuffer(body))

  517. 	} else {

  518. 		json.NewDecoder(resp.Body).Decode(&res)

  519. 		// estimate.Loans[pos].Mi = res

  520. 		// Parse res into result here

  521. 	}

  522. 

  523. 	return result

  524. }

  525. 

  526. // Make comparison PDF

  527. func generatePDF(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  528. }

  529. 

  530. func login(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  531. 	var id int

  532. 	var role string

  533. 	var err error

  534. 	var user User

  535. 	json.NewDecoder(r.Body).Decode(&user)

  536. 

  537. 	row := db.QueryRow(

  538. 		`SELECT id, role FROM user WHERE email = ? AND password = sha2(?, 256)`,

  539. 		user.Email, user.Password,

  540. 		)

  541. 

  542. 	err = row.Scan(&id, &role)

  543. 	if err != nil {

  544. 		http.Error(w, "Invalid Credentials.", http.StatusUnauthorized)

  545. 		return

  546. 	}

  547. 

  548. 	token := jwt.NewWithClaims(jwt.SigningMethodHS256,

  549. 	UserClaims{ Id: id, Role: role,

  550. 		Exp: time.Now().Add(time.Minute * 30).Format(time.UnixDate)})

  551. 

  552. 	tokenStr, err := token.SignedString([]byte(config["JWT_SECRET"]))

  553. 	if err != nil {

  554. 		log.Println("Token could not be signed: ", err, tokenStr)

  555. 		http.Error(w, "Token generation error.", http.StatusInternalServerError)

  556. 		return

  557. 	}

  558. 

  559. 	cookie := http.Cookie{Name: "skouter",

  560. 	Value: tokenStr,

  561. 	Path: "/",

  562. 	Expires: time.Now().Add(time.Hour * 24)}

  563. 	http.SetCookie(w, &cookie)

  564. 	_, err = w.Write([]byte(tokenStr))

  565. 	if err != nil {

  566. 		http.Error(w,

  567. 		"Could not complete token write.",

  568. 		http.StatusInternalServerError)}

  569. }

  570. 

  571. func getToken(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  572. 	claims, err := getClaims(r)

  573. 	// Will verify existing signature and expiry time

  574. 	token := jwt.NewWithClaims(jwt.SigningMethodHS256,

  575. 	UserClaims{ Id: claims.Id, Role: claims.Role,

  576. 		Exp: time.Now().Add(time.Minute * 30).Format(time.UnixDate)})

  577. 

  578. 	tokenStr, err := token.SignedString([]byte(config["JWT_SECRET"]))

  579. 	if err != nil {

  580. 		log.Println("Token could not be signed: ", err, tokenStr)

  581. 		http.Error(w, "Token generation error.", http.StatusInternalServerError)

  582. 		return

  583. 	}

  584. 

  585. 	cookie := http.Cookie{Name: "skouter",

  586. 	Value: tokenStr,

  587. 	Path: "/",

  588. 	Expires: time.Now().Add(time.Hour * 24)}

  589. 	http.SetCookie(w, &cookie)

  590. 	_, err = w.Write([]byte(tokenStr))

  591. 	if err != nil {

  592. 		http.Error(w,

  593. 		"Could not complete token write.",

  594. 		http.StatusInternalServerError)}

  595. }

  596. 

  597. func getClaims(r *http.Request) (UserClaims, error) {

  598. 	claims := new(UserClaims)

  599. 	_, tokenStr, found := strings.Cut(r.Header.Get("Authorization"), " ")

  600. 

  601. 	if !found {

  602. 		return *claims, errors.New("Token not found")

  603. 	}

  604. 

  605. 	// Pull token payload into UserClaims

  606. 	_, err := jwt.ParseWithClaims(tokenStr, claims,

  607. 	func(token *jwt.Token) (any, error) {

  608. 		return []byte(config["JWT_SECRET"]), nil

  609. 	})

  610. 

  611. 	if err != nil {

  612. 		return *claims, err

  613. 	}

  614. 

  615. 	if err = claims.Valid(); err != nil {

  616. 		return *claims, err

  617. 	}

  618. 

  619. 	return *claims, nil

  620. }

  621. 

  622. func guard(r *http.Request, required int) bool {

  623. 	claims, err := getClaims(r)

  624. 	if err != nil { return false }

  625. 	if roles[claims.Role] < required { return false }

  626. 

  627. 	return true

  628. }

  629. 

  630. func queryUsers(db *sql.DB, id int) ( []User, error ) {

  631. 	var users []User

  632. 	var query string

  633. 	var rows *sql.Rows

  634. 	var err error

  635. 

  636. 	query = `SELECT

  637. 	u.id,

  638. 	u.email,

  639. 	u.first_name,

  640. 	u.last_name,

  641. 	u.branch_id,

  642. 	u.country,

  643. 	u.title,

  644. 	u.status,

  645. 	u.verified,

  646. 	u.role

  647. 	FROM user u WHERE u.id = CASE @e := ? WHEN 0 THEN u.id ELSE @e END

  648. 	`

  649. 	rows, err = db.Query(query, id)

  650. 

  651. 

  652. 	if err != nil {

  653. 		return users, err

  654. 	}

  655. 

  656. 	defer rows.Close()

  657. 

  658. 	for rows.Next() {

  659. 		var user User

  660. 

  661. 		if err := rows.Scan(

  662. 			&user.Id,

  663. 			&user.Email,

  664. 			&user.FirstName,

  665. 			&user.LastName,

  666. 			&user.BranchId,

  667. 			&user.Country,

  668. 			&user.Title,

  669. 			&user.Status,

  670. 			&user.Verified,

  671. 			&user.Role,

  672. 			)

  673. 		err != nil {

  674. 			return users, err

  675.         }

  676. 		users = append(users, user)

  677. 	}

  678. 

  679. 	// Prevents runtime panics

  680. 	if len(users) == 0 { return users, errors.New("User not found.") }

  681. 

  682. 	return users, nil

  683. }

  684. 

  685. func insertUser(db *sql.DB, user User) (User, error){

  686. 	var query string

  687. 	var row *sql.Row

  688. 	var err error

  689. 	var id int // Inserted user's id

  690. 

  691. 	query = `INSERT INTO user

  692. 	(

  693. 		email,

  694. 		first_name,

  695. 		last_name,

  696. 		password,

  697. 		created,

  698. 		role,

  699. 		verified,

  700. 		last_login

  701. 	)

  702. 	VALUES (?, ?, ?, sha2(?, 256), NOW(), ?, ?, NOW())

  703. 	RETURNING id 

  704. 	`

  705. 	row = db.QueryRow(query,

  706. 		user.Email,

  707. 		user.FirstName,

  708. 		user.LastName,

  709. 		user.Password,

  710. 		user.Role,

  711. 		user.Verified,

  712. 	)

  713. 

  714. 	err = row.Scan(&id)

  715. 	if err != nil { return User{}, err }

  716. 

  717. 	users, err := queryUsers(db, id)

  718. 	if err != nil { return User{}, err }

  719. 

  720. 	return users[0], nil

  721. }

  722. 

  723. func updateUser(user User, db *sql.DB) error {

  724. 	query := `

  725. 	UPDATE user

  726. 	SET

  727. 	email = CASE @e := ? WHEN '' THEN email ELSE @e END,

  728. 	first_name = CASE @fn := ? WHEN '' THEN first_name ELSE @fn END,

  729. 	last_name = CASE @ln := ? WHEN '' THEN last_name ELSE @ln END,

  730. 	role = CASE @r := ? WHEN '' THEN role ELSE @r END,

  731. 	password = CASE @p := ? WHEN '' THEN password ELSE sha2(@p, 256) END

  732. 	WHERE id = ?

  733. 	`

  734. 

  735. 	_, err := db.Exec(query,

  736. 	user.Email,

  737. 	user.FirstName,

  738. 	user.LastName,

  739. 	user.Role,

  740. 	user.Password,

  741. 	user.Id,

  742. 	)

  743. 

  744. 	return err

  745. }

  746. 

  747. 

  748. func getUser(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  749. 	claims, err := getClaims(r)

  750. 	if err != nil { w.WriteHeader(500); return }

  751. 	users, err := queryUsers(db, claims.Id)

  752. 	if err != nil { w.WriteHeader(422); log.Println(err); return }

  753. 	json.NewEncoder(w).Encode(users)

  754. }

  755. 

  756. func getUsers(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  757. 	users, err := queryUsers(db, 0)

  758. 	if err != nil {

  759. 		w.WriteHeader(http.StatusInternalServerError)

  760. 		return

  761. 	}

  762. 

  763. 	json.NewEncoder(w).Encode(users)

  764. }

  765. 

  766. // Updates a user using only specified values in the JSON body

  767. func patchUser(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  768. 	var user User

  769. 	err := json.NewDecoder(r.Body).Decode(&user)

  770. 

  771. 	_, err = mail.ParseAddress(user.Email)

  772. 	if err != nil { http.Error(w, "Invalid email.", 422); return }

  773. 

  774. 	if roles[user.Role] == 0 {

  775. 		http.Error(w, "Invalid role.", 422)

  776. 		return

  777. 	}

  778. 

  779. 	err = updateUser(user, db)

  780. 	if err != nil { http.Error(w, "Bad form values.", 422); return }

  781. 

  782. 	users, err := queryUsers(db, user.Id)

  783. 	if err != nil { http.Error(w, "Bad form values.", 422); return }

  784. 	json.NewEncoder(w).Encode(users[0])

  785. }

  786. 

  787. // Update specified fields of the user specified in the claim

  788. func patchSelf(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  789. 	claim, err := getClaims(r)

  790. 	var user User

  791. 	json.NewDecoder(r.Body).Decode(&user)

  792. 

  793. 	// First check that the target user to be updated is the same as the claim id, and

  794. 	// their role is unchanged.

  795. 	if err != nil || claim.Id != user.Id {

  796. 		http.Error(w, "Target user's id does not match claim.", 401)

  797. 		return

  798. 	}

  799. 

  800. 	if claim.Role != user.Role && user.Role != "" {

  801. 		http.Error(w, "Administrator required to escalate role.", 401)

  802. 		return

  803. 	}

  804. 

  805. 	patchUser(w, db, r)

  806. }

  807. 

  808. func deleteUser(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  809. 	var user User

  810. 	err := json.NewDecoder(r.Body).Decode(&user)

  811. 	if err != nil {

  812. 		http.Error(w, "Invalid fields.", 422)

  813. 		return

  814. 	}

  815. 

  816. 	query := `DELETE FROM user WHERE id = ?`

  817. 	_, err = db.Exec(query, user.Id)

  818. 

  819. 	if err != nil {

  820. 		http.Error(w, "Could not delete.", 500)

  821. 	}

  822. }

  823. 

  824. func createUser(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  825. 	var user User

  826. 	err := json.NewDecoder(r.Body).Decode(&user)

  827. 	if err != nil { http.Error(w, "Invalid fields.", 422); return }

  828. 

  829. 	_, err = mail.ParseAddress(user.Email)

  830. 	if err != nil { http.Error(w, "Invalid email.", 422); return }

  831. 

  832. 	if roles[user.Role] == 0 {

  833. 		http.Error(w, "Invalid role.", 422)

  834. 	}

  835. 

  836. 	user, err = insertUser(db, user)

  837. 	if err != nil { http.Error(w, "Error creating user.", 422); return }

  838. 

  839. 	json.NewEncoder(w).Encode(user)

  840. }

  841. 

  842. func queryBorrower(db *sql.DB, id int) ( Borrower, error ) {

  843. 	var borrower Borrower

  844. 	var query string

  845. 	var err error

  846. 

  847. 	query = `SELECT

  848. 	l.id,

  849. 	l.credit_score,

  850. 	l.num,

  851. 	l.monthly_income

  852. 	FROM borrower l WHERE l.id = ?

  853. 	`

  854. 	row := db.QueryRow(query, id)

  855. 	err = row.Scan(

  856. 			borrower.Id,

  857. 			borrower.Credit,

  858. 			borrower.Num,

  859. 			borrower.Income,

  860. 		)

  861. 

  862. 	if err != nil {

  863. 		return borrower, err

  864. 	}

  865. 

  866. 	return borrower, nil

  867. }

  868. 

  869. // Must have an estimate ID 'e', but not necessarily a loan id 'id'

  870. func queryLoan(db *sql.DB, e int, id int) ( []Loan, error ) {

  871. 	var loans []Loan

  872. 	var query string

  873. 	var rows *sql.Rows

  874. 	var err error

  875. 

  876. 	query = `SELECT

  877. 	l.id,

  878. 	l.estimate_id,

  879. 	l.amount,

  880. 	l.term,

  881. 	l.interest,

  882. 	l.ltv,

  883. 	l.dti,

  884. 	l.hoi,

  885. 	l.tax,

  886. 	l.name

  887. 	FROM loan l WHERE l.id = CASE @e := ? WHEN 0 THEN l.id ELSE @e END AND

  888. 	l.estimate_id = ?

  889. 	`

  890. 	rows, err = db.Query(query, id, e)

  891. 

  892. 	if err != nil {

  893. 		return loans, err

  894. 	}

  895. 

  896. 	defer rows.Close()

  897. 

  898. 	for rows.Next() {

  899. 		var loan Loan

  900. 

  901. 		if err := rows.Scan(

  902. 			&loan.Id,

  903. 			&loan.EstimateId,

  904. 			&loan.Amount,

  905. 			&loan.Term,

  906. 			&loan.Interest,

  907. 			&loan.Ltv,

  908. 			&loan.Dti,

  909. 			&loan.Hoi,

  910. 			&loan.Tax,

  911. 			&loan.Name,

  912. 			)

  913. 		err != nil {

  914. 			return loans, err

  915.         }

  916. 		loans = append(loans, loan)

  917. 	}

  918. 	

  919. 	// Prevents runtime panics

  920. 	if len(loans) == 0 { return loans, errors.New("Loan not found.") }

  921. 

  922. 	return loans, nil

  923. }

  924. 

  925. func queryEstimate(db *sql.DB, id int, user int) ( []Estimate, error ) {

  926. 	var estimates []Estimate

  927. 	var query string

  928. 	var rows *sql.Rows

  929. 	var err error

  930. 

  931. 	query = `SELECT

  932. 	id,

  933. 	user_id,

  934. 	borrower_id,

  935. 	transaction,

  936. 	price,

  937. 	property,

  938. 	occupancy,

  939. 	zip,

  940. 	pud

  941. 	FROM estimate WHERE id = CASE @e := ? WHEN 0 THEN id ELSE @e END AND

  942. 	user_id = CASE @e := ? WHEN 0 THEN user_id ELSE @e END

  943. 	`

  944. 	rows, err = db.Query(query, id, user)

  945. 

  946. 

  947. 	if err != nil {

  948. 		return estimates, err

  949. 	}

  950. 

  951. 	defer rows.Close()

  952. 

  953. 	for rows.Next() {

  954. 		var estimate Estimate

  955. 

  956. 		if err := rows.Scan(

  957. 			&estimate.Id,

  958. 			&estimate.User,

  959. 			&estimate.Borrower.Id,

  960. 			&estimate.Transaction,

  961. 			&estimate.Price,

  962. 			&estimate.Property,

  963. 			&estimate.Occupancy,

  964. 			&estimate.Zip,

  965. 			&estimate.Pud,

  966. 			)

  967. 		err != nil {

  968. 			return estimates, err

  969.         }

  970. 		estimates = append(estimates, estimate)

  971. 	}

  972. 

  973. 	// Prevents runtime panics

  974. 	if len(estimates) == 0 { return estimates, errors.New("Estimate not found.") }

  975. 	

  976. 	for _, e := range estimates {

  977. 		e.Loans, err = queryLoan(db, e.Id, 0)

  978. 		if err != nil { return estimates, err }

  979. 	}

  980. 	

  981. 	return estimates, nil

  982. }

  983. 

  984. // Accepts a borrower struct and returns the id of the inserted borrower and

  985. // any related error.

  986. func insertBorrower(db *sql.DB, borrower Borrower) (int, error) {

  987. 	var query string

  988. 	var row *sql.Row

  989. 	var err error

  990. 	var id int // Inserted loan's id

  991. 

  992. 	query = `INSERT INTO borrower

  993. 	(

  994. 		credit_score,

  995. 		monthly_income,

  996. 		num

  997. 	)

  998. 	VALUES (?, ?, ?)

  999. 	RETURNING id

  1000. 	`

  1001. 	row = db.QueryRow(query,

  1002. 		borrower.Credit,

  1003. 		borrower.Income,

  1004. 		borrower.Num,

  1005. 	)

  1006. 

  1007. 	err = row.Scan(&id)

  1008. 	if err != nil { return 0, err }

  1009. 

  1010. 	return id, nil

  1011. }

  1012. 

  1013. func insertLoan(db *sql.DB, loan Loan) (Loan, error){

  1014. 	var query string

  1015. 	var row *sql.Row

  1016. 	var err error

  1017. 	var id int // Inserted loan's id

  1018. 

  1019. 	query = `INSERT INTO loan

  1020. 	(

  1021. 		estimate_id,

  1022. 		type_id,

  1023. 		amount,

  1024. 		term,

  1025. 		interest,

  1026. 		ltv,

  1027. 		dti,

  1028. 		hoi,

  1029. 		tax,

  1030. 		name

  1031. 	)

  1032. 	VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)

  1033. 	RETURNING id

  1034. 	`

  1035. 	row = db.QueryRow(query,

  1036. 		loan.EstimateId,

  1037. 		loan.Type.Id,

  1038. 		loan.Amount,

  1039. 		loan.Term,

  1040. 		loan.Interest,

  1041. 		loan.Ltv,

  1042. 		loan.Dti,

  1043. 		loan.Hoi,

  1044. 		loan.Tax,

  1045. 		loan.Name,

  1046. 	)

  1047. 

  1048. 	err = row.Scan(&id)

  1049. 	if err != nil { return Loan{}, err }

  1050. 

  1051. 	loans, err := queryLoan(db, id, 0)

  1052. 	if err != nil { return Loan{}, err }

  1053. 

  1054. 	return loans[0], nil

  1055. }

  1056. 

  1057. 

  1058. func insertEstimate(db *sql.DB, estimate Estimate) (Estimate, error){

  1059. 	var query string

  1060. 	var row *sql.Row

  1061. 	var err error

  1062. 	// var id int // Inserted estimate's id

  1063. 	

  1064. 	estimate.Borrower.Id, err = insertBorrower(db, estimate.Borrower)

  1065. 	if err != nil { return Estimate{}, err }

  1066. 

  1067. 	query = `INSERT INTO estimate

  1068. 	(

  1069. 		user_id,

  1070. 		borrower_id,

  1071. 		transaction,

  1072. 		price,

  1073. 		property,

  1074. 		occupancy,

  1075. 		zip,

  1076. 		pud

  1077. 	)

  1078. 	VALUES (?, ?, ?, ?, ?, ?, ?, ?)

  1079. 	RETURNING id

  1080. 	`

  1081. 	row = db.QueryRow(query,

  1082. 		estimate.User,

  1083. 		estimate.Borrower.Id,

  1084. 		estimate.Transaction,

  1085. 		estimate.Price,

  1086. 		estimate.Property,

  1087. 		estimate.Occupancy,

  1088. 		estimate.Zip,

  1089. 		estimate.Pud,

  1090. 	)

  1091. 

  1092. 	err = row.Scan(&estimate.Id)

  1093. 	if err != nil { return Estimate{}, err }

  1094. 

  1095. 	for _, l := range estimate.Loans {

  1096. 		l.EstimateId = estimate.Id

  1097. 		_, err = insertLoan(db, l)

  1098. 		if err != nil { return estimate, err }

  1099. 	}

  1100. 	

  1101. 	estimates, err := queryEstimate(db, estimate.Id, 0)

  1102. 	if err != nil { return Estimate{}, err }

  1103. 

  1104. 	return estimates[0], nil

  1105. }

  1106. 

  1107. func createEstimate(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  1108. 	var estimate Estimate

  1109. 	err := json.NewDecoder(r.Body).Decode(&estimate)

  1110. 	if err != nil { http.Error(w, "Invalid fields.", 422); return }

  1111. 	claims, err := getClaims(r)

  1112. 	estimate.User = claims.Id

  1113. 

  1114. 	estimate, err = insertEstimate(db, estimate)

  1115. 	if err != nil { http.Error(w, err.Error(), 422); return }

  1116. 	

  1117. 	json.NewEncoder(w).Encode(estimate)

  1118. }

  1119. 

  1120. // Query all estimates that belong to the current user

  1121. func fetchEstimate(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  1122. 	var estimates []Estimate

  1123. 	claims, err := getClaims(r)

  1124. 

  1125. 	estimates, err = queryEstimate(db, 0, claims.Id)

  1126. 	if err != nil { http.Error(w, err.Error(), 500); return }

  1127. 	

  1128. 	json.NewEncoder(w).Encode(estimates)

  1129. }

  1130. 

  1131. func checkConventional(l Loan, b Borrower) error {

  1132. 	if b.Credit < 620 {

  1133. 		return errors.New("Credit score too low for conventional loan")

  1134. 	}

  1135. 	

  1136. 	// Buyer needs to put down 20% to avoid mortgage insurance

  1137. 	if (l.Ltv > 80 && l.Mi.Rate == 0) {

  1138. 		return errors.New(fmt.Sprintln(

  1139. 			l.Name,

  1140. 			"down payment must be 20% to avoid insurance",

  1141. 			))

  1142. 	}

  1143. 	

  1144. 	return nil

  1145. }

  1146. 

  1147. func checkFHA(l Loan, b Borrower) error {

  1148. 	if b.Credit < 500 {

  1149. 		return errors.New("Credit score too low for FHA loan")

  1150. 	}

  1151. 	

  1152. 	if (l.Ltv > 96.5) {

  1153. 		return errors.New("FHA down payment must be at least 3.5%")

  1154. 	}

  1155. 	

  1156. 	if (b.Credit < 580 && l.Ltv > 90) {

  1157. 		return errors.New("FHA down payment must be at least 10%")

  1158. 	}

  1159. 	

  1160. 	// Debt-to-income must be below 45% if credit score is below 580.

  1161. 	if (b.Credit < 580 && l.Dti > 45) {

  1162. 		return errors.New(fmt.Sprintln(

  1163. 			l.Name, "debt to income is too high for credit score.",

  1164. 		))

  1165. 	}

  1166. 	

  1167. 	return nil

  1168. }

  1169. 

  1170. // Loan option for veterans with no set rules

  1171. func checkVA(l Loan, b Borrower) error {

  1172. 	return nil

  1173. }

  1174. 

  1175. // Loan option for residents of rural areas with no set rules

  1176. func checkUSDA(l Loan, b Borrower) error {

  1177. 	return nil

  1178. }

  1179. 

  1180. // Should also check loan amount limit maybe with an API.

  1181. func checkEstimate(e Estimate) error {

  1182. 	if e.Property == "" { return errors.New("Empty property type") }

  1183. 	if e.Price == 0 { return errors.New("Empty property price") }

  1184. 	

  1185. 	if e.Borrower.Num == 0 {

  1186. 		return errors.New("Missing number of borrowers")

  1187. 	}

  1188. 	

  1189. 	if e.Borrower.Credit == 0 {

  1190. 		return errors.New("Missing borrower credit score")

  1191. 	}

  1192. 	

  1193. 	if e.Borrower.Income == 0 {

  1194. 		return errors.New("Missing borrower credit income")

  1195. 	}

  1196. 	

  1197. 	for _, l := range e.Loans {

  1198. 		if l.Amount == 0 {

  1199. 			return errors.New(fmt.Sprintln(l.Name, "loan amount cannot be zero"))

  1200. 		}

  1201. 		if l.Term == 0 {

  1202. 			return errors.New(fmt.Sprintln(l.Name, "loan term cannot be zero"))

  1203. 		}

  1204. 		if l.Interest == 0 {

  1205. 			return errors.New(fmt.Sprintln(l.Name, "loan interest cannot be zero"))

  1206. 		}

  1207. 		

  1208. 		// Can be used to check rules for specific loan types

  1209. 		var err error

  1210. 		switch l.Type.Id {

  1211. 		case 1:

  1212. 			err = checkConventional(l, e.Borrower)

  1213. 		case 2:

  1214. 			err = checkFHA(l, e.Borrower)

  1215. 		case 3:

  1216. 			err = checkVA(l, e.Borrower)

  1217. 		case 4:

  1218. 			err = checkUSDA(l, e.Borrower)

  1219. 		default:

  1220. 			err = errors.New("Invalid loan type")

  1221. 		}

  1222. 		

  1223. 		if err != nil { return err }

  1224. 	}

  1225. 	

  1226. 	return nil

  1227. 	

  1228. }

  1229. 

  1230. func validateEstimate(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  1231. 	var estimate Estimate

  1232. 	err := json.NewDecoder(r.Body).Decode(&estimate)

  1233. 

  1234. 	if err != nil { http.Error(w, err.Error(), 422); return }

  1235. 	

  1236. 	err = checkEstimate(estimate)

  1237. 	if err != nil { http.Error(w, err.Error(), 406); return }

  1238. }

  1239. 

  1240. func api(w http.ResponseWriter, r *http.Request) {

  1241. 	var args []string

  1242. 

  1243. 	p := r.URL.Path

  1244. 	db, err := sql.Open("mysql",

  1245. 		fmt.Sprintf("%s:%s@tcp(127.0.0.1:3306)/skouter",

  1246. 			config["DBUser"],

  1247. 			config["DBPass"]))

  1248. 

  1249. 	w.Header().Set("Content-Type", "application/json; charset=UTF-8")

  1250. 

  1251. 	err = db.Ping()

  1252. 	if err != nil {

  1253. 		fmt.Println("Bad database configuration: %v\n", err)

  1254. 		panic(err)

  1255. 		// maybe os.Exit(1) instead

  1256. 	}

  1257. 	

  1258. 	switch {

  1259. 	case match(p, "/api/login", &args) &&

  1260. 	r.Method == http.MethodPost:

  1261. 		login(w, db, r)

  1262. 	case match(p, "/api/token", &args) &&

  1263. 	r.Method == http.MethodGet && guard(r, 1):

  1264. 		getToken(w, db, r)

  1265. 	case match(p, "/api/users", &args) && // Array of all users

  1266. 	r.Method == http.MethodGet && guard(r, 3):

  1267. 		getUsers(w, db, r)

  1268. 	case match(p, "/api/user", &args) &&

  1269. 	r.Method == http.MethodGet && guard(r, 1):

  1270. 		getUser(w, db, r)

  1271. 	case match(p, "/api/user", &args) &&

  1272. 	r.Method == http.MethodPost &&

  1273. 	guard(r, 3):

  1274. 		createUser(w, db, r)

  1275. 	case match(p, "/api/user", &args) &&

  1276. 	r.Method == http.MethodPatch &&

  1277. 	guard(r, 3): // For admin to modify any user

  1278. 		patchUser(w, db, r)

  1279. 	case match(p, "/api/user", &args) &&

  1280. 	r.Method == http.MethodPatch &&

  1281. 	guard(r, 2): // For employees to modify own accounts

  1282. 		patchSelf(w, db, r)

  1283. 	case match(p, "/api/user", &args) &&

  1284. 	r.Method == http.MethodDelete &&

  1285. 	guard(r, 3):

  1286. 		deleteUser(w, db, r)

  1287. 	case match(p, "/api/fees", &args) &&

  1288. 	r.Method == http.MethodGet &&

  1289. 	guard(r, 1):

  1290. 		getFeesTemp(w, db, r)

  1291. 	case match(p, "/api/estimates", &args) &&

  1292. 	r.Method == http.MethodGet &&

  1293. 	guard(r, 1):

  1294. 		fetchEstimate(w, db, r)

  1295. 	case match(p, "/api/estimate", &args) &&

  1296. 	r.Method == http.MethodPost &&

  1297. 	guard(r, 1):

  1298. 		createEstimate(w, db, r)

  1299. 	case match(p, "/api/estimate/validate", &args) &&

  1300. 	r.Method == http.MethodPost &&

  1301. 	guard(r, 1):

  1302. 		validateEstimate(w, db, r)

  1303. 	default:

  1304. 		http.Error(w, "Invalid route or token", 404)

  1305. 	}

  1306. 

  1307. 	db.Close()

  1308. }

  1309. 

  1310. func route(w http.ResponseWriter, r *http.Request) {

  1311.     var page Page

  1312. 	var args []string

  1313.     p := r.URL.Path

  1314. 

  1315.     switch {

  1316.     case r.Method == "GET" && match(p, "/", &args):

  1317.         page = pages[ "home" ]

  1318.     case match(p, "/terms", &args):

  1319.         page = pages[ "terms" ]

  1320.     case match(p, "/app", &args):

  1321.         page = pages[ "app" ]

  1322.     default:

  1323.         http.NotFound(w, r)

  1324.         return

  1325.     }

  1326. 

  1327.     page.Render(w)

  1328. }

  1329. 

  1330. func main() {

  1331. 	files := http.FileServer(http.Dir(""))

  1332. 

  1333. 	http.Handle("/assets/", files)

  1334. 	http.HandleFunc("/api/", api)

  1335. 	http.HandleFunc("/", route)

  1336. 	log.Fatal(http.ListenAndServe(address, nil))

  1337. }