Immanuel
/
skouter
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Skouter mortgage estimates. Web application with view written in PHP and Vue, but controller and models in Go.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
49 Commits
1 Branch
11 MiB
 
 
 
 
 
 
Tree: 9b9d0a54fb
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '9b9d0a54fb'
${ noResults }
skouter/skouter.go

852 lines
18 KiB
Raw Blame History 

  1. package main

  2. 

  3. import (

  4. 		"net/http"

  5. 		"log"

  6. 		"sync"

  7. 		"regexp"

  8. 		"html/template"

  9. 		"database/sql"

  10. 		_ "github.com/go-sql-driver/mysql"

  11. 		"fmt"

  12. 		"encoding/json"

  13. 		"strconv"

  14. 		"bytes"

  15. 		"time"

  16. 		"errors"

  17. 		"strings"

  18. 		pdf "github.com/SebastiaanKlippert/go-wkhtmltopdf"

  19. 		"github.com/golang-jwt/jwt/v4"

  20. )

  21. 

  22. type UserClaims struct {

  23. 	Id 	int 	`json:"id"`

  24. 	Role 	string 	`json:"role"`

  25. 	Exp 	string 	`json:"exp"`

  26. }

  27. 

  28. type Page struct {

  29. 	tpl *template.Template

  30. 	Title string

  31. 	Name string

  32. }

  33. 

  34. type Borrower struct {

  35. 	Id	int	`json:"id"`

  36. 	Credit	int 	`json:"credit"`

  37. 	Income	int 	`json:"income"`

  38. 	Num	int	`json:"num"`

  39. }

  40. 

  41. type FeeTemplate struct {

  42. 	Id		int 	`json:"id"`

  43. 	User	int 	`json:"user"`

  44. 	Branch	int 	`json:"branch"`

  45. 	Amount	int 	`json:"amount"`

  46. 	Perc	int 	`json:"perc"`

  47. 	Type	string 	`json:"type"`

  48. 	Notes	string 	`json:"notes"`

  49. 	Name	string 	`json:"name"`

  50. 	Category	string 	`json:"category"`

  51. 	Auto	bool 	`json:"auto"`

  52. }

  53. 

  54. type Fee struct {

  55. 	Id		int 	`json:"id"`

  56. 	LoanId	int 	`json:"loan_id"`

  57. 	Amount	int 	`json:"amount"`

  58. 	Perc	int 	`json:"perc"`

  59. 	Type	string 	`json:"type"`

  60. 	Notes	string 	`json:"notes"`

  61. 	Name	string 	`json:"name"`

  62. 	Category	string 	`json:"category"`

  63. }

  64. 

  65. type LoanType struct {

  66. 	Id 	int 	`json:"id"`

  67. 	User 	int 	`json:"user"`

  68. 	Branch 	int 	`json:"branch"`

  69. 	Name 	string 	`json:"name"`

  70. }

  71. 

  72. type Loan struct {

  73. 	Id  	int 	`json:id`

  74. 	EstimateId  	int 	`json:estimate_id`

  75. 	Type	LoanType 	`json:"loanType"`

  76. 	Amount	int 	`json:"loanAmount"`

  77. 	Term		int 	`json:"term"`

  78. 	Ltv 	float32 	`json:"ltv"`

  79. 	Dti 	float32 	`json:"dti"`

  80. 	Hoi		int 	`json:"hoi"`

  81. 	Interest	int 	`json:"interest"`

  82. 	Mi 	MI 	`json:"mi"`

  83. 	Fees		[]Fee 	`json:"fees"`

  84. 	Name		string 	`json:"name"`

  85. }

  86. 

  87. type MI struct {

  88. 	Type	string

  89. 	Label	string

  90. 	Lender	string

  91. 	Rate	float32

  92. 	Premium	float32

  93. 	Upfront	float32

  94. 	FiveYearTotal	float32

  95. 	InitialAllInPremium	float32

  96. 	InitialAllInRate	float32

  97. 	InitialAmount	float32

  98. }

  99. 

  100. type Estimate struct {

  101. 	Id		int 	`json:"id"`

  102. 	User		int 	`json:"user"`

  103. 	Borrower	Borrower 	`json:"borrower"`

  104. 	Transaction	string 	`json:"transaction"`

  105. 	Price		int 	`json:"price"`

  106. 	Property	string 	`json:"property"`

  107. 	Occupancy	string	`json:"occupancy"`

  108. 	Zip		string 	`json:"zip"`

  109. 	Pud		bool 	`json:"pud"`

  110. 	Loans 	[]Loan 	`json:"loans"`

  111. }

  112. 

  113. var (

  114.     regexen = make(map[string]*regexp.Regexp)

  115.     relock  sync.Mutex

  116. 	address = "127.0.0.1:8001"

  117. )

  118. 

  119. var paths = map[string]string {

  120. 	"home": "home.tpl",

  121. 	"terms": "terms.tpl",

  122. 	"app": "app.tpl",

  123. }

  124. 

  125. var pages = map[string]Page {

  126. 	"home": cache("home", "Home"),

  127. 	"terms": cache("terms", "Terms and Conditions"),

  128. 	"app": cache("app", "App"),

  129. }

  130. 

  131. var roles = map[string]int{

  132. 	"User": 1,

  133. 	"Manager": 2,

  134. 	"Admin": 3,

  135. }

  136. 

  137. // Used to validate claim in JWT token body. Checks if user id is greater than

  138. // zero and time format is valid

  139. func (c UserClaims) Valid() error {

  140. 	if c.Id < 1 { return errors.New("Invalid id") }

  141. 	t, err := time.Parse(time.UnixDate, c.Exp)

  142. 	if err != nil { return err }

  143. 	if t.Before(time.Now()) { return errors.New("Token expired.") }

  144. 	return err

  145. }

  146. 

  147. func cache(name string, title string) Page {

  148. 	var p = []string{"master.tpl", paths[name]}

  149. 	tpl := template.Must(template.ParseFiles(p...))

  150. 	return Page{tpl: tpl,

  151. 				Title: title,

  152. 				Name: name,

  153. 				}

  154. }

  155. 

  156. func (page Page) Render(w http.ResponseWriter) {

  157. 	err := page.tpl.Execute(w, page)

  158. 	if err != nil {

  159. 		log.Print(err)

  160. 	}

  161. }

  162. 

  163. func match(path, pattern string, args *[]string) bool {

  164. 	relock.Lock()

  165. 	defer relock.Unlock()

  166. 	regex := regexen[pattern]

  167. 

  168. 	if regex == nil {

  169. 		regex = regexp.MustCompile("^" + pattern + "$")

  170. 		regexen[pattern] = regex

  171. 	}

  172. 

  173. 	matches := regex.FindStringSubmatch(path)

  174. 	if len(matches) <= 0 {

  175. 		return false

  176. 	}

  177. 

  178. 	*args = matches[1:]

  179. 	return true

  180. }

  181. 

  182. func getLoanType(

  183. 	db *sql.DB,

  184. 	user int,

  185. 	branch int,

  186. 	isUser bool) ([]LoanType, error) {

  187. 	var loans []LoanType

  188. 

  189. 	// Should be changed to specify user

  190. 	rows, err :=

  191. 	db.Query(`SELECT * FROM loan_type WHERE user_id = ? AND branch_id = ? ` +

  192. 	"OR (user_id = 0 AND branch_id = 0)", user, branch)

  193. 

  194. 	if err != nil {

  195. 		return nil, fmt.Errorf("loan_type error: %v", err)

  196. 	}

  197. 

  198. 	defer rows.Close()

  199. 

  200. 	for rows.Next() {

  201. 		var loan LoanType

  202. 

  203. 		if err := rows.Scan(

  204. 			&loan.Id,

  205. 			&loan.User,

  206. 			&loan.Branch,

  207. 			&loan.Name)

  208. 		err != nil {

  209. 			log.Printf("Error occured fetching loan: %v", err)

  210. 			return nil, fmt.Errorf("Error occured fetching loan: %v", err)

  211.         }

  212. 

  213. 		loans = append(loans, loan)

  214. 	}

  215. 

  216. 	log.Printf("The loans: %v", loans)

  217. 	return loans, nil

  218. }

  219. 

  220. func getEstimate(db *sql.DB, id int) (Estimate, error) {

  221. 	var estimate Estimate

  222. 	var err error

  223. 

  224. 	query := `SELECT e.id, e.user_id, e.transaction,

  225. 	e.price, e.property, e.occupancy, e.zip, e.pud,

  226. 	b.id, b.credit_score, b.monthly_income, b.num

  227. 	FROM estimate e

  228. 	INNER JOIN borrower b ON e.borrower_id = b.id

  229. 	WHERE e.id = ?

  230. 	`

  231. 	// Inner join should always be valid because a borrower is a required

  232. 	// foreign key.

  233. 	row := db.QueryRow(query, id)

  234. 	

  235. 	if err = row.Scan(

  236. 		&estimate.Id,

  237. 		&estimate.User,

  238. 		&estimate.Transaction,

  239. 		&estimate.Price,

  240. 		&estimate.Property,

  241. 		&estimate.Occupancy,

  242. 		&estimate.Zip,

  243. 		&estimate.Pud,

  244. 		&estimate.Borrower.Id,

  245. 		&estimate.Borrower.Credit,

  246. 		&estimate.Borrower.Income,

  247. 		&estimate.Borrower.Num,

  248. 		)

  249. 	err != nil {

  250. 		return estimate, fmt.Errorf("Estimate scanning error: %v", err)

  251.         }

  252. 

  253. 	estimate.Loans, err = getLoans(db, estimate.Id)

  254. 

  255. 	return estimate, err

  256. }

  257. 

  258. func getFees(db *sql.DB, loan int) ([]Fee, error) {

  259. 	var fees []Fee

  260. 

  261. 	rows, err := db.Query(

  262. 		"SELECT * FROM fees " +

  263. 		"WHERE loan_id = ?",

  264. 	loan)

  265. 	

  266. 	if err != nil {

  267. 		return nil, fmt.Errorf("Fee query error %v", err)

  268. 	}

  269. 

  270. 	defer rows.Close()

  271. 

  272. 	for rows.Next() {

  273. 		var fee Fee

  274. 

  275. 		if err := rows.Scan(

  276. 			&fee.Id,

  277. 			&fee.LoanId,

  278. 			&fee.Amount,

  279. 			&fee.Perc,

  280. 			&fee.Type,

  281. 			&fee.Notes,

  282. 			&fee.Name,

  283. 			&fee.Category,

  284. 			)

  285. 		err != nil {

  286. 			return nil, fmt.Errorf("Fees scanning error: %v", err)

  287.         }

  288. 

  289. 		fees = append(fees, fee)

  290. 	}

  291. 	

  292. 	return fees, nil

  293. }

  294. 

  295. // Fetch fees from the database

  296. func getFeesTemp(db *sql.DB, user int) ([]FeeTemplate, error) {

  297. 	var fees []FeeTemplate

  298. 

  299. 	rows, err := db.Query(

  300. 		"SELECT * FROM fee_template " +

  301. 		"WHERE user_id = ? OR user_id = 0",

  302. 	user)

  303. 	

  304. 	if err != nil {

  305. 		return nil, fmt.Errorf("Fee template query error %v", err)

  306. 	}

  307. 

  308. 	defer rows.Close()

  309. 

  310. 	for rows.Next() {

  311. 		var fee FeeTemplate

  312. 

  313. 		if err := rows.Scan(

  314. 			&fee.Id,

  315. 			&fee.User,

  316. 			&fee.Branch,

  317. 			&fee.Amount,

  318. 			&fee.Perc,

  319. 			&fee.Type,

  320. 			&fee.Notes,

  321. 			&fee.Name,

  322. 			&fee.Category,

  323. 			&fee.Auto)

  324. 		err != nil {

  325. 			return nil, fmt.Errorf("FeesTemplate scanning error: %v", err)

  326.         }

  327. 

  328. 		fees = append(fees, fee)

  329. 	}

  330. 	

  331. 	return fees, nil

  332. }

  333. 

  334. func getMi(db *sql.DB, loan int) (MI, error) {

  335. 	var mi MI

  336. 

  337. 	query := `SELECT

  338. 	type, label, lender, rate, premium, upfront, five_year_total,

  339. 	initial_premium, initial_rate, initial_amount

  340. 	FROM mi WHERE loan_id = ?`

  341. 

  342. 	row := db.QueryRow(query, loan)

  343. 

  344. 	if err := row.Scan(

  345. 		&mi.Type,

  346. 		&mi.Label,

  347. 		&mi.Lender,

  348. 		&mi.Rate,

  349. 		&mi.Premium,

  350. 		&mi.Upfront,

  351. 		&mi.FiveYearTotal,

  352. 		&mi.InitialAllInPremium,

  353. 		&mi.InitialAllInRate,

  354. 		&mi.InitialAmount,

  355. 		)

  356. 	err != nil {

  357. 		return mi, err

  358. 	}

  359. 

  360. 	return mi, nil

  361. }

  362. 

  363. func getLoans(db *sql.DB, estimate int) ([]Loan, error) {

  364. 	var loans []Loan

  365. 

  366. 	query := `SELECT

  367. 	l.id, l.amount, l.term, l.interest, l.ltv, l.dti, l.hoi,

  368. 	lt.id, lt.user_id, lt.branch_id, lt.name

  369. 	FROM loan l INNER JOIN loan_type lt ON l.type_id = lt.id

  370. 	WHERE l.estimate_id = ?

  371. 	`

  372. 	rows, err := db.Query(query, estimate)

  373. 	

  374. 	if err != nil {

  375. 		return nil, fmt.Errorf("Loan query error %v", err)

  376. 	}

  377. 

  378. 	defer rows.Close()

  379. 

  380. 	for rows.Next() {

  381. 		var loan Loan

  382. 

  383. 		if err := rows.Scan(

  384. 			&loan.Id,

  385. 			&loan.Amount,

  386. 			&loan.Term,

  387. 			&loan.Interest,

  388. 			&loan.Ltv,

  389. 			&loan.Dti,

  390. 			&loan.Hoi,

  391. 			&loan.Type.Id,

  392. 			&loan.Type.User,

  393. 			&loan.Type.Branch,

  394. 			&loan.Type.Name,

  395. 			)

  396. 		err != nil {

  397. 			return loans, fmt.Errorf("Loans scanning error: %v", err)

  398.         }

  399. 		mi, err := getMi(db, loan.Id)

  400. 		if err != nil {

  401. 			return loans, err

  402.         }

  403. 		loan.Mi = mi

  404. 		loans = append(loans, loan)

  405. 	}

  406. 	

  407. 	return loans, nil

  408. }

  409. 

  410. func getBorrower(db *sql.DB, id int) (Borrower, error) {

  411. 	var borrower Borrower

  412. 

  413. 	row := db.QueryRow(

  414. 		"SELECT * FROM borrower " +

  415. 		"WHERE id = ? LIMIT 1",

  416. 	id)

  417. 

  418. 	if err := row.Scan(

  419. 		&borrower.Id,

  420. 		&borrower.Credit,

  421. 		&borrower.Income,

  422. 		&borrower.Num,

  423. 		)

  424. 	err != nil {

  425. 		return borrower, fmt.Errorf("Borrower scanning error: %v", err)

  426.         }

  427. 

  428. 	return borrower, nil

  429. }

  430. 

  431. // Query Lender APIs and parse responses into MI structs

  432. func fetchMi(db *sql.DB, estimate *Estimate, pos int) []MI {

  433. 	var err error

  434. 	var loan Loan = estimate.Loans[pos]

  435. 

  436. 	var ltv = func(l float32) string {

  437. 		switch {

  438. 		case l > 95: return "LTV97"

  439. 		case l > 90: return "LTV95"

  440. 		case l > 85: return "LTV90"

  441. 		default: return "LTV85"

  442. 		}

  443. 	}

  444. 

  445. 	var term = func(t int) string {

  446. 		switch {

  447. 		case t <= 10: return "A10"

  448. 		case t <= 15: return "A15"

  449. 		case t <= 20: return "A20"

  450. 		case t <= 25: return "A25"

  451. 		case t <= 30: return "A30"

  452. 		default: return "A40"

  453. 		}

  454. 	}

  455. 

  456. 	var propertyCodes = map[string]string {

  457. 		"Single Attached": "SFO",

  458. 		"Single Detached": "SFO",

  459. 		"Condo Lo-rise": "CON",

  460. 		"Condo Hi-rise": "CON",

  461. 	}

  462. 

  463. 	var purposeCodes = map[string]string {

  464. 		"Purchase": "PUR",

  465. 		"Refinance": "RRT",

  466. 	}

  467. 

  468. 	body, err := json.Marshal(map[string]any{

  469. 		"zipCode": estimate.Zip,

  470. 		"stateCode": "CA",

  471. 		"address": "",

  472. 		"propertyTypeCode": propertyCodes[estimate.Property],

  473. 		"occupancyTypeCode": "PRS",

  474. 		"loanPurposeCode": purposeCodes[estimate.Transaction],

  475. 		"loanAmount": loan.Amount,

  476. 		"loanToValue": ltv(loan.Ltv),

  477. 		"amortizationTerm": term(loan.Term),

  478. 		"loanTypeCode": "FXD",

  479. 		"duLpDecisionCode": "DAE",

  480. 		"loanProgramCodes": []any{},

  481. 		"debtToIncome": loan.Dti,

  482. 		"wholesaleLoan": 0,

  483. 		"coveragePercentageCode": "L30",

  484. 		"productCode": "BPM",

  485. 		"renewalTypeCode": "CON",

  486. 		"numberOfBorrowers": 1,

  487. 		"coBorrowerCreditScores": []any{},

  488. 		"borrowerCreditScore": strconv.Itoa(estimate.Borrower.Credit),

  489. 		"masterPolicy": nil,

  490. 		"selfEmployedIndicator": false,

  491. 		"armType": "",

  492. 		"userId": 44504,

  493. 	})

  494. 	

  495. 	if err != nil {

  496. 		log.Printf("Could not marshal NationalMI body: \n%v\n%v\n",

  497. 		bytes.NewBuffer(body), err)

  498. 	}

  499. 

  500. 	req, err := http.NewRequest("POST",

  501. 	"https://rate-gps.nationalmi.com/rates/productRateQuote",

  502. 	bytes.NewBuffer(body))

  503. 	req.Header.Add("Content-Type", "application/json")

  504. 

  505. 	req.AddCookie(&http.Cookie{

  506. 		Name: "nmirategps_email",

  507. 		Value: config["NationalMIEmail"]})

  508. 

  509. 	resp, err := http.DefaultClient.Do(req)

  510. 	var res map[string]interface{}

  511. 	var result []MI

  512. 

  513. 	if resp.StatusCode != 200 {

  514. 		log.Printf("the status: %v\nthe resp: %v\n the req: %v\n the body: %v\n",

  515. 		resp.Status, resp, req.Body, bytes.NewBuffer(body))

  516. 	} else {

  517. 		json.NewDecoder(resp.Body).Decode(&res)

  518. 		// estimate.Loans[pos].Mi = res

  519. 		// Parse res into result here

  520. 	}

  521. 

  522. 	return result

  523. }

  524. 

  525. func login(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  526. 	var id int

  527. 	var role string

  528. 	var err error

  529. 	r.ParseForm()

  530. 

  531. 	row := db.QueryRow(

  532. 		`SELECT id, role FROM user WHERE email = ? AND password = sha2(?, 256)`,

  533. 	r.PostFormValue("email"), r.PostFormValue("password"))

  534. 

  535. 	err = row.Scan(&id, &role)

  536. 	if err != nil {

  537. 		http.Error(w, "Invalid Credentials.", http.StatusUnauthorized)

  538. 		return

  539. 	}

  540. 

  541. 	token := jwt.NewWithClaims(jwt.SigningMethodHS256,

  542. 	UserClaims{ Id: id, Role: role,

  543. 		Exp: time.Now().Add(time.Minute * 30).Format(time.UnixDate)})

  544. 

  545. 	tokenStr, err := token.SignedString([]byte(config["JWT_SECRET"]))

  546. 	if err != nil {

  547. 		log.Println("Token could not be signed: ", err, tokenStr)

  548. 		http.Error(w, "Token generation error.", http.StatusInternalServerError)

  549. 		return

  550. 	}

  551. 

  552. 	cookie := http.Cookie{Name: "hound",

  553. 	Value: tokenStr,

  554. 	Path: "/",

  555. 	Expires: time.Now().Add(time.Hour * 24)}

  556. 	http.SetCookie(w, &cookie)

  557. 	_, err = w.Write([]byte(tokenStr))

  558. 	if err != nil {

  559. 		http.Error(w,

  560. 		"Could not complete token write.",

  561. 		http.StatusInternalServerError)}

  562. }

  563. 

  564. func getToken(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  565. 	claims, err := getClaims(r)

  566. 	// Will verify existing signature and expiry time

  567. 	token := jwt.NewWithClaims(jwt.SigningMethodHS256,

  568. 	UserClaims{ Id: claims.Id, Role: claims.Role,

  569. 		Exp: time.Now().Add(time.Minute * 30).Format(time.UnixDate)})

  570. 

  571. 	tokenStr, err := token.SignedString([]byte(config["JWT_SECRET"]))

  572. 	if err != nil {

  573. 		log.Println("Token could not be signed: ", err, tokenStr)

  574. 		http.Error(w, "Token generation error.", http.StatusInternalServerError)

  575. 		return

  576. 	}

  577. 

  578. 	cookie := http.Cookie{Name: "hound",

  579. 	Value: tokenStr,

  580. 	Path: "/",

  581. 	Expires: time.Now().Add(time.Hour * 24)}

  582. 	http.SetCookie(w, &cookie)

  583. 	_, err = w.Write([]byte(tokenStr))

  584. 	if err != nil {

  585. 		http.Error(w,

  586. 		"Could not complete token write.",

  587. 		http.StatusInternalServerError)}

  588. }

  589. 

  590. func validateEstimate() {

  591. 	return

  592. }

  593. 

  594. func getClaims(r *http.Request) (UserClaims, error) {

  595. 	claims := new(UserClaims)

  596. 	_, tokenStr, found := strings.Cut(r.Header.Get("Authorization"), " ")

  597. 

  598. 	if !found {

  599. 		return *claims, errors.New("Token not found")

  600. 	}

  601. 

  602. 	// Pull token payload into UserClaims

  603. 	_, err := jwt.ParseWithClaims(tokenStr, claims,

  604. 	func(token *jwt.Token) (any, error) {

  605. 		return []byte(config["JWT_SECRET"]), nil

  606. 	})

  607. 

  608. 	if err != nil {

  609. 		return *claims, err

  610. 	}

  611. 

  612. 	if err = claims.Valid(); err != nil {

  613. 		return *claims, err

  614. 	}

  615. 

  616. 	return *claims, nil

  617. }

  618. 

  619. func guard(r *http.Request, required int) bool {

  620. 	claims, err := getClaims(r)

  621. 	if err != nil { return false }

  622. 	if roles[claims.Role] < required { return false }

  623. 

  624. 	return true

  625. }

  626. 

  627. func queryUsers(db *sql.DB, id int) ( []User, error ) {

  628. 	var users []User

  629. 	var query string

  630. 	var rows *sql.Rows

  631. 	var err error

  632. 

  633. 	query = `SELECT

  634. 	u.id,

  635. 	u.email,

  636. 	u.first_name,

  637. 	u.last_name,

  638. 	u.branch_id,

  639. 	u.country,

  640. 	u.title,

  641. 	u.status,

  642. 	u.verified,

  643. 	u.last_login,

  644. 	u.role

  645. 	FROM user u WHERE u.id = CASE @e := ? WHEN 0 THEN u.id ELSE @e END

  646. 	`

  647. 	rows, err = db.Query(query, id)

  648. 

  649. 

  650. 	if err != nil {

  651. 		return users, err

  652. 	}

  653. 

  654. 	defer rows.Close()

  655. 

  656. 	for rows.Next() {

  657. 		var user User

  658. 

  659. 		if err := rows.Scan(

  660. 			&user.Id,

  661. 			&user.Email,

  662. 			&user.FirstName,

  663. 			&user.LastName,

  664. 			&user.BranchId,

  665. 			&user.Country,

  666. 			&user.Title,

  667. 			&user.Status,

  668. 			&user.Verified,

  669. 			&user.LastLogin,

  670. 			&user.Role,

  671. 			)

  672. 		err != nil {

  673. 			return users, err

  674.         }

  675. 		users = append(users, user)

  676. 	}

  677. 

  678. 	// Prevents runtime panics

  679. 	if len(users) == 0 { return users, errors.New("User not found.") }

  680. 

  681. 	return users, nil

  682. }

  683. 

  684. func insertUser(db *sql.DB, user User) (User, error){

  685. 	var query string

  686. 	var row *sql.Row

  687. 	var err error

  688. 	var id int // Inserted user's id

  689. 

  690. 	query = `INSERT INTO user

  691. 	(

  692. 		email,

  693. 		first_name,

  694. 		last_name,

  695. 		password,

  696. 		created,

  697. 		role,

  698. 		verified,

  699. 		last_login

  700. 	)

  701. 	VALUES (?, ?, ?, sha2(?, 256), NOW(), ?, ?, NOW())

  702. 	RETURNING id 

  703. 	`

  704. 	row = db.QueryRow(query,

  705. 		user.Email,

  706. 		user.FirstName,

  707. 		user.LastName,

  708. 		user.Password,

  709. 		user.Role,

  710. 		user.Verified,

  711. 	)

  712. 

  713. 	err = row.Scan(&id)

  714. 	if err != nil { return User{}, err }

  715. 

  716. 	users, err := queryUsers(db, id)

  717. 	if err != nil { return User{}, err }

  718. 

  719. 	return users[0], nil

  720. }

  721. 

  722. func updateUser(user User, db *sql.DB) error {

  723. 	query := `

  724. 	UPDATE user

  725. 	SET

  726. 	email = CASE @e := ? WHEN '' THEN email ELSE @e END,

  727. 	first_name = CASE @fn := ? WHEN '' THEN first_name ELSE @fn END,

  728. 	last_name = CASE @ln := ? WHEN '' THEN last_name ELSE @ln END,

  729. 	role = CASE @r := ? WHEN '' THEN role ELSE @r END,

  730. 	password = CASE @p := ? WHEN '' THEN password ELSE sha2(@p, 256) END

  731. 	WHERE id = ?

  732. 	`

  733. 

  734. 	_, err := db.Exec(query,

  735. 	user.Email,

  736. 	user.FirstName,

  737. 	user.LastName,

  738. 	user.Role,

  739. 	user.Password,

  740. 	user.Id,

  741. 	)

  742. 

  743. 	return err

  744. }

  745. 

  746. 

  747. func getUser(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  748. 	claims, err := getClaims(r)

  749. 	if err != nil { w.WriteHeader(500); return }

  750. 	users, err := queryUsers(db, claims.Id)

  751. 	if err != nil { w.WriteHeader(422); return }

  752. 	json.NewEncoder(w).Encode(users)

  753. }

  754. 

  755. func createUser(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  756. 	var user User

  757. 	err := json.NewDecoder(r.Body).Decode(&user)

  758. 	if err != nil { http.Error(w, "Invalid fields.", 422); return }

  759. 

  760. 	_, err = mail.ParseAddress(user.Email)

  761. 	if err != nil { http.Error(w, "Invalid email.", 422); return }

  762. 

  763. 	if roles[user.Role] == 0 {

  764. 		http.Error(w, "Invalid role.", 422)

  765. 	}

  766. 

  767. 	user, err = insertUser(db, user)

  768. 	if err != nil { http.Error(w, "Error creating user.", 422); return }

  769. 

  770. 	json.NewEncoder(w).Encode(user)

  771. }

  772. 

  773. func api(w http.ResponseWriter, r *http.Request) {

  774. 	var args []string

  775. 

  776. 	p := r.URL.Path

  777. 	db, err := sql.Open("mysql",

  778. 		fmt.Sprintf("%s:%s@tcp(127.0.0.1:3306)/skouter",

  779. 			config["DBUser"],

  780. 			config["DBPass"]))

  781. 

  782. 	w.Header().Set("Content-Type", "application/json; charset=UTF-8")

  783. 

  784. 	err = db.Ping()

  785. 	if err != nil {

  786. 		fmt.Println("Bad database configuration: %v\n", err)

  787. 		panic(err)

  788. 		// maybe os.Exit(1) instead

  789. 	}

  790. 	switch {

  791. 	case match(p, "/api/login", &args) &&

  792. 	r.Method == http.MethodPost:

  793. 		login(w, db, r)

  794. 	case match(p, "/api/token", &args) &&

  795. 	r.Method == http.MethodGet && guard(r, 1):

  796. 		getToken(w, db, r)

  797. 	case match(p, "/api/users", &args) && // Array of all users

  798. 	r.Method == http.MethodGet && guard(r, 3):

  799. 		getUsers(w, db, r)

  800. 	case match(p, "/api/user", &args) &&

  801. 	r.Method == http.MethodGet && guard(r, 1):

  802. 		getUser(w, db, r)

  803. 	case match(p, "/api/user", &args) &&

  804. 	r.Method == http.MethodPost &&

  805. 	guard(r, 3):

  806. 		createUser(w, db, r)

  807. 	case match(p, "/api/user", &args) &&

  808. 	r.Method == http.MethodPatch &&

  809. 	guard(r, 3): // For admin to modify any user

  810. 		patchUser(w, db, r)

  811. 	case match(p, "/api/user", &args) &&

  812. 	r.Method == http.MethodPatch &&

  813. 	guard(r, 2): // For employees to modify own accounts

  814. 		patchSelf(w, db, r)

  815. 	case match(p, "/api/user", &args) &&

  816. 	r.Method == http.MethodDelete &&

  817. 	guard(r, 3):

  818. 		deleteUser(w, db, r)

  819. 	}

  820. 

  821. 	db.Close()

  822. }

  823. 

  824. func route(w http.ResponseWriter, r *http.Request) {

  825.     var page Page

  826. 	var args []string

  827.     p := r.URL.Path

  828. 

  829.     switch {

  830.     case r.Method == "GET" && match(p, "/", &args):

  831.         page = pages[ "home" ]

  832.     case match(p, "/terms", &args):

  833.         page = pages[ "terms" ]

  834.     case match(p, "/app", &args):

  835.         page = pages[ "app" ]

  836.     default:

  837.         http.NotFound(w, r)

  838.         return

  839.     }

  840. 

  841.     page.Render(w)

  842. }

  843. 

  844. func main() {

  845. 	files := http.FileServer(http.Dir(""))

  846. 

  847. 	http.Handle("/assets/", files)

  848. 	http.HandleFunc("/api/", api)

  849. 	http.HandleFunc("/", route)

  850. 	log.Fatal(http.ListenAndServe(address, nil))

  851. }