Immanuel
/
skouter


			
							package main

import (
		"net/http"
		"log"
		"sync"
		"regexp"
		"html/template"
		"database/sql"
		_ "github.com/go-sql-driver/mysql"
		"fmt"
		"encoding/json"
		"strconv"
		"bytes"
		"time"
		"errors"
		"strings"
		pdf "github.com/SebastiaanKlippert/go-wkhtmltopdf"
		"github.com/golang-jwt/jwt/v4"
)

type UserClaims struct {
	Id 	int 	`json:"id"`
	Role 	string 	`json:"role"`
	Exp 	string 	`json:"exp"`
}

type Page struct {
	tpl *template.Template
	Title string
	Name string
}

type Borrower struct {
	Id	int	`json:"id"`
	Credit	int 	`json:"credit"`
	Income	int 	`json:"income"`
	Num	int	`json:"num"`
}

type FeeTemplate struct {
	Id		int 	`json:"id"`
	User	int 	`json:"user"`
	Branch	int 	`json:"branch"`
	Amount	int 	`json:"amount"`
	Perc	int 	`json:"perc"`
	Type	string 	`json:"type"`
	Notes	string 	`json:"notes"`
	Name	string 	`json:"name"`
	Category	string 	`json:"category"`
	Auto	bool 	`json:"auto"`
}

type Fee struct {
	Id		int 	`json:"id"`
	LoanId	int 	`json:"loan_id"`
	Amount	int 	`json:"amount"`
	Perc	int 	`json:"perc"`
	Type	string 	`json:"type"`
	Notes	string 	`json:"notes"`
	Name	string 	`json:"name"`
	Category	string 	`json:"category"`
}

type LoanType struct {
	Id 	int 	`json:"id"`
	User 	int 	`json:"user"`
	Branch 	int 	`json:"branch"`
	Name 	string 	`json:"name"`
}

type Loan struct {
	Id  	int 	`json:id`
	EstimateId  	int 	`json:estimate_id`
	Type	LoanType 	`json:"loanType"`
	Amount	int 	`json:"loanAmount"`
	Term		int 	`json:"term"`
	Ltv 	float32 	`json:"ltv"`
	Dti 	float32 	`json:"dti"`
	Hoi		int 	`json:"hoi"`
	Interest	int 	`json:"interest"`
	Mi 	MI 	`json:"mi"`
	Fees		[]Fee 	`json:"fees"`
	Name		string 	`json:"name"`
}

type MI struct {
	Type	string
	Label	string
	Lender	string
	Rate	float32
	Premium	float32
	Upfront	float32
	FiveYearTotal	float32
	InitialAllInPremium	float32
	InitialAllInRate	float32
	InitialAmount	float32
}

type Estimate struct {
	Id		int 	`json:"id"`
	User		int 	`json:"user"`
	Borrower	Borrower 	`json:"borrower"`
	Transaction	string 	`json:"transaction"`
	Price		int 	`json:"price"`
	Property	string 	`json:"property"`
	Occupancy	string	`json:"occupancy"`
	Zip		string 	`json:"zip"`
	Pud		bool 	`json:"pud"`
	Loans 	[]Loan 	`json:"loans"`
}

var (
    regexen = make(map[string]*regexp.Regexp)
    relock  sync.Mutex
	address = "127.0.0.1:8001"
)

var paths = map[string]string {
	"home": "home.tpl",
	"terms": "terms.tpl",
	"app": "app.tpl",
}

var pages = map[string]Page {
	"home": cache("home", "Home"),
	"terms": cache("terms", "Terms and Conditions"),
	"app": cache("app", "App"),
}

var roles = map[string]int{
	"User": 1,
	"Manager": 2,
	"Admin": 3,
}

// Used to validate claim in JWT token body. Checks if user id is greater than
// zero and time format is valid
func (c UserClaims) Valid() error {
	if c.Id < 1 { return errors.New("Invalid id") }
	t, err := time.Parse(time.UnixDate, c.Exp)
	if err != nil { return err }
	if t.Before(time.Now()) { return errors.New("Token expired.") }
	return err
}

func cache(name string, title string) Page {
	var p = []string{"master.tpl", paths[name]}
	tpl := template.Must(template.ParseFiles(p...))
	return Page{tpl: tpl,
				Title: title,
				Name: name,
				}
}

func (page Page) Render(w http.ResponseWriter) {
	err := page.tpl.Execute(w, page)
	if err != nil {
		log.Print(err)
	}
}

func match(path, pattern string, args *[]string) bool {
	relock.Lock()
	defer relock.Unlock()
	regex := regexen[pattern]

	if regex == nil {
		regex = regexp.MustCompile("^" + pattern + "$")
		regexen[pattern] = regex
	}

	matches := regex.FindStringSubmatch(path)
	if len(matches) <= 0 {
		return false
	}

	*args = matches[1:]
	return true
}

func getLoanType(
	db *sql.DB,
	user int,
	branch int,
	isUser bool) ([]LoanType, error) {
	var loans []LoanType

	// Should be changed to specify user
	rows, err :=
	db.Query(`SELECT * FROM loan_type WHERE user_id = ? AND branch_id = ? ` +
	"OR (user_id = 0 AND branch_id = 0)", user, branch)

	if err != nil {
		return nil, fmt.Errorf("loan_type error: %v", err)
	}

	defer rows.Close()

	for rows.Next() {
		var loan LoanType

		if err := rows.Scan(
			&loan.Id,
			&loan.User,
			&loan.Branch,
			&loan.Name)
		err != nil {
			log.Printf("Error occured fetching loan: %v", err)
			return nil, fmt.Errorf("Error occured fetching loan: %v", err)
        }

		loans = append(loans, loan)
	}

	log.Printf("The loans: %v", loans)
	return loans, nil
}

func getEstimate(db *sql.DB, id int) (Estimate, error) {
	var estimate Estimate
	var err error

	query := `SELECT e.id, e.user_id, e.transaction,
	e.price, e.property, e.occupancy, e.zip, e.pud,
	b.id, b.credit_score, b.monthly_income, b.num
	FROM estimate e
	INNER JOIN borrower b ON e.borrower_id = b.id
	WHERE e.id = ?
	`
	// Inner join should always be valid because a borrower is a required
	// foreign key.
	row := db.QueryRow(query, id)
	
	if err = row.Scan(
		&estimate.Id,
		&estimate.User,
		&estimate.Transaction,
		&estimate.Price,
		&estimate.Property,
		&estimate.Occupancy,
		&estimate.Zip,
		&estimate.Pud,
		&estimate.Borrower.Id,
		&estimate.Borrower.Credit,
		&estimate.Borrower.Income,
		&estimate.Borrower.Num,
		)
	err != nil {
		return estimate, fmt.Errorf("Estimate scanning error: %v", err)
        }

	estimate.Loans, err = getLoans(db, estimate.Id)

	return estimate, err
}

func getFees(db *sql.DB, loan int) ([]Fee, error) {
	var fees []Fee

	rows, err := db.Query(
		"SELECT * FROM fees " +
		"WHERE loan_id = ?",
	loan)
	
	if err != nil {
		return nil, fmt.Errorf("Fee query error %v", err)
	}

	defer rows.Close()

	for rows.Next() {
		var fee Fee

		if err := rows.Scan(
			&fee.Id,
			&fee.LoanId,
			&fee.Amount,
			&fee.Perc,
			&fee.Type,
			&fee.Notes,
			&fee.Name,
			&fee.Category,
			)
		err != nil {
			return nil, fmt.Errorf("Fees scanning error: %v", err)
        }

		fees = append(fees, fee)
	}
	
	return fees, nil
}

// Fetch fees from the database
func getFeesTemp(db *sql.DB, user int) ([]FeeTemplate, error) {
	var fees []FeeTemplate

	rows, err := db.Query(
		"SELECT * FROM fee_template " +
		"WHERE user_id = ? OR user_id = 0",
	user)
	
	if err != nil {
		return nil, fmt.Errorf("Fee template query error %v", err)
	}

	defer rows.Close()

	for rows.Next() {
		var fee FeeTemplate

		if err := rows.Scan(
			&fee.Id,
			&fee.User,
			&fee.Branch,
			&fee.Amount,
			&fee.Perc,
			&fee.Type,
			&fee.Notes,
			&fee.Name,
			&fee.Category,
			&fee.Auto)
		err != nil {
			return nil, fmt.Errorf("FeesTemplate scanning error: %v", err)
        }

		fees = append(fees, fee)
	}
	
	return fees, nil
}

func getMi(db *sql.DB, loan int) (MI, error) {
	var mi MI

	query := `SELECT
	type, label, lender, rate, premium, upfront, five_year_total,
	initial_premium, initial_rate, initial_amount
	FROM mi WHERE loan_id = ?`

	row := db.QueryRow(query, loan)

	if err := row.Scan(
		&mi.Type,
		&mi.Label,
		&mi.Lender,
		&mi.Rate,
		&mi.Premium,
		&mi.Upfront,
		&mi.FiveYearTotal,
		&mi.InitialAllInPremium,
		&mi.InitialAllInRate,
		&mi.InitialAmount,
		)
	err != nil {
		return mi, err
	}

	return mi, nil
}

func getLoans(db *sql.DB, estimate int) ([]Loan, error) {
	var loans []Loan

	query := `SELECT
	l.id, l.amount, l.term, l.interest, l.ltv, l.dti, l.hoi,
	lt.id, lt.user_id, lt.branch_id, lt.name
	FROM loan l INNER JOIN loan_type lt ON l.type_id = lt.id
	WHERE l.estimate_id = ?
	`
	rows, err := db.Query(query, estimate)
	
	if err != nil {
		return nil, fmt.Errorf("Loan query error %v", err)
	}

	defer rows.Close()

	for rows.Next() {
		var loan Loan

		if err := rows.Scan(
			&loan.Id,
			&loan.Amount,
			&loan.Term,
			&loan.Interest,
			&loan.Ltv,
			&loan.Dti,
			&loan.Hoi,
			&loan.Type.Id,
			&loan.Type.User,
			&loan.Type.Branch,
			&loan.Type.Name,
			)
		err != nil {
			return loans, fmt.Errorf("Loans scanning error: %v", err)
        }
		mi, err := getMi(db, loan.Id)
		if err != nil {
			return loans, err
        }
		loan.Mi = mi
		loans = append(loans, loan)
	}
	
	return loans, nil
}

func getBorrower(db *sql.DB, id int) (Borrower, error) {
	var borrower Borrower

	row := db.QueryRow(
		"SELECT * FROM borrower " +
		"WHERE id = ? LIMIT 1",
	id)

	if err := row.Scan(
		&borrower.Id,
		&borrower.Credit,
		&borrower.Income,
		&borrower.Num,
		)
	err != nil {
		return borrower, fmt.Errorf("Borrower scanning error: %v", err)
        }

	return borrower, nil
}

// Query Lender APIs and parse responses into MI structs
func fetchMi(db *sql.DB, estimate *Estimate, pos int) []MI {
	var err error
	var loan Loan = estimate.Loans[pos]

	var ltv = func(l float32) string {
		switch {
		case l > 95: return "LTV97"
		case l > 90: return "LTV95"
		case l > 85: return "LTV90"
		default: return "LTV85"
		}
	}

	var term = func(t int) string {
		switch {
		case t <= 10: return "A10"
		case t <= 15: return "A15"
		case t <= 20: return "A20"
		case t <= 25: return "A25"
		case t <= 30: return "A30"
		default: return "A40"
		}
	}

	var propertyCodes = map[string]string {
		"Single Attached": "SFO",
		"Single Detached": "SFO",
		"Condo Lo-rise": "CON",
		"Condo Hi-rise": "CON",
	}

	var purposeCodes = map[string]string {
		"Purchase": "PUR",
		"Refinance": "RRT",
	}

	body, err := json.Marshal(map[string]any{
		"zipCode": estimate.Zip,
		"stateCode": "CA",
		"address": "",
		"propertyTypeCode": propertyCodes[estimate.Property],
		"occupancyTypeCode": "PRS",
		"loanPurposeCode": purposeCodes[estimate.Transaction],
		"loanAmount": loan.Amount,
		"loanToValue": ltv(loan.Ltv),
		"amortizationTerm": term(loan.Term),
		"loanTypeCode": "FXD",
		"duLpDecisionCode": "DAE",
		"loanProgramCodes": []any{},
		"debtToIncome": loan.Dti,
		"wholesaleLoan": 0,
		"coveragePercentageCode": "L30",
		"productCode": "BPM",
		"renewalTypeCode": "CON",
		"numberOfBorrowers": 1,
		"coBorrowerCreditScores": []any{},
		"borrowerCreditScore": strconv.Itoa(estimate.Borrower.Credit),
		"masterPolicy": nil,
		"selfEmployedIndicator": false,
		"armType": "",
		"userId": 44504,
	})
	
	if err != nil {
		log.Printf("Could not marshal NationalMI body: \n%v\n%v\n",
		bytes.NewBuffer(body), err)
	}

	req, err := http.NewRequest("POST",
	"https://rate-gps.nationalmi.com/rates/productRateQuote",
	bytes.NewBuffer(body))
	req.Header.Add("Content-Type", "application/json")

	req.AddCookie(&http.Cookie{
		Name: "nmirategps_email",
		Value: config["NationalMIEmail"]})

	resp, err := http.DefaultClient.Do(req)
	var res map[string]interface{}
	var result []MI

	if resp.StatusCode != 200 {
		log.Printf("the status: %v\nthe resp: %v\n the req: %v\n the body: %v\n",
		resp.Status, resp, req.Body, bytes.NewBuffer(body))
	} else {
		json.NewDecoder(resp.Body).Decode(&res)
		// estimate.Loans[pos].Mi = res
		// Parse res into result here
	}

	return result
}

func login(w http.ResponseWriter, db *sql.DB, r *http.Request) {
	var id int
	var role string
	var err error
	r.ParseForm()

	row := db.QueryRow(
		`SELECT id, role FROM user WHERE email = ? AND password = sha2(?, 256)`,
	r.PostFormValue("email"), r.PostFormValue("password"))

	err = row.Scan(&id, &role)
	if err != nil {
		http.Error(w, "Invalid Credentials.", http.StatusUnauthorized)
		return
	}

	token := jwt.NewWithClaims(jwt.SigningMethodHS256,
	UserClaims{ Id: id, Role: role,
		Exp: time.Now().Add(time.Minute * 30).Format(time.UnixDate)})

	tokenStr, err := token.SignedString([]byte(config["JWT_SECRET"]))
	if err != nil {
		log.Println("Token could not be signed: ", err, tokenStr)
		http.Error(w, "Token generation error.", http.StatusInternalServerError)
		return
	}

	cookie := http.Cookie{Name: "hound",
	Value: tokenStr,
	Path: "/",
	Expires: time.Now().Add(time.Hour * 24)}
	http.SetCookie(w, &cookie)
	_, err = w.Write([]byte(tokenStr))
	if err != nil {
		http.Error(w,
		"Could not complete token write.",
		http.StatusInternalServerError)}
}

func getToken(w http.ResponseWriter, db *sql.DB, r *http.Request) {
	claims, err := getClaims(r)
	// Will verify existing signature and expiry time
	token := jwt.NewWithClaims(jwt.SigningMethodHS256,
	UserClaims{ Id: claims.Id, Role: claims.Role,
		Exp: time.Now().Add(time.Minute * 30).Format(time.UnixDate)})

	tokenStr, err := token.SignedString([]byte(config["JWT_SECRET"]))
	if err != nil {
		log.Println("Token could not be signed: ", err, tokenStr)
		http.Error(w, "Token generation error.", http.StatusInternalServerError)
		return
	}

	cookie := http.Cookie{Name: "hound",
	Value: tokenStr,
	Path: "/",
	Expires: time.Now().Add(time.Hour * 24)}
	http.SetCookie(w, &cookie)
	_, err = w.Write([]byte(tokenStr))
	if err != nil {
		http.Error(w,
		"Could not complete token write.",
		http.StatusInternalServerError)}
}

func validateEstimate() {
	return
}

func getClaims(r *http.Request) (UserClaims, error) {
	claims := new(UserClaims)
	_, tokenStr, found := strings.Cut(r.Header.Get("Authorization"), " ")

	if !found {
		return *claims, errors.New("Token not found")
	}

	// Pull token payload into UserClaims
	_, err := jwt.ParseWithClaims(tokenStr, claims,
	func(token *jwt.Token) (any, error) {
		return []byte(config["JWT_SECRET"]), nil
	})

	if err != nil {
		return *claims, err
	}

	if err = claims.Valid(); err != nil {
		return *claims, err
	}

	return *claims, nil
}

func guard(r *http.Request, required int) bool {
	claims, err := getClaims(r)
	if err != nil { return false }
	if roles[claims.Role] < required { return false }

	return true
}

func queryUsers(db *sql.DB, id int) ( []User, error ) {
	var users []User
	var query string
	var rows *sql.Rows
	var err error

	query = `SELECT
	u.id,
	u.email,
	u.first_name,
	u.last_name,
	u.branch_id,
	u.country,
	u.title,
	u.status,
	u.verified,
	u.last_login,
	u.role
	FROM user u WHERE u.id = CASE @e := ? WHEN 0 THEN u.id ELSE @e END
	`
	rows, err = db.Query(query, id)


	if err != nil {
		return users, err
	}

	defer rows.Close()

	for rows.Next() {
		var user User

		if err := rows.Scan(
			&user.Id,
			&user.Email,
			&user.FirstName,
			&user.LastName,
			&user.BranchId,
			&user.Country,
			&user.Title,
			&user.Status,
			&user.Verified,
			&user.LastLogin,
			&user.Role,
			)
		err != nil {
			return users, err
        }
		users = append(users, user)
	}

	// Prevents runtime panics
	if len(users) == 0 { return users, errors.New("User not found.") }

	return users, nil
}

func insertUser(db *sql.DB, user User) (User, error){
	var query string
	var row *sql.Row
	var err error
	var id int // Inserted user's id

	query = `INSERT INTO user
	(
		email,
		first_name,
		last_name,
		password,
		created,
		role,
		verified,
		last_login
	)
	VALUES (?, ?, ?, sha2(?, 256), NOW(), ?, ?, NOW())
	RETURNING id 
	`
	row = db.QueryRow(query,
		user.Email,
		user.FirstName,
		user.LastName,
		user.Password,
		user.Role,
		user.Verified,
	)

	err = row.Scan(&id)
	if err != nil { return User{}, err }

	users, err := queryUsers(db, id)
	if err != nil { return User{}, err }

	return users[0], nil
}

func updateUser(user User, db *sql.DB) error {
	query := `
	UPDATE user
	SET
	email = CASE @e := ? WHEN '' THEN email ELSE @e END,
	first_name = CASE @fn := ? WHEN '' THEN first_name ELSE @fn END,
	last_name = CASE @ln := ? WHEN '' THEN last_name ELSE @ln END,
	role = CASE @r := ? WHEN '' THEN role ELSE @r END,
	password = CASE @p := ? WHEN '' THEN password ELSE sha2(@p, 256) END
	WHERE id = ?
	`

	_, err := db.Exec(query,
	user.Email,
	user.FirstName,
	user.LastName,
	user.Role,
	user.Password,
	user.Id,
	)

	return err
}


func getUser(w http.ResponseWriter, db *sql.DB, r *http.Request) {
	claims, err := getClaims(r)
	if err != nil { w.WriteHeader(500); return }
	users, err := queryUsers(db, claims.Id)
	if err != nil { w.WriteHeader(422); return }
	json.NewEncoder(w).Encode(users)
}

func createUser(w http.ResponseWriter, db *sql.DB, r *http.Request) {
	var user User
	err := json.NewDecoder(r.Body).Decode(&user)
	if err != nil { http.Error(w, "Invalid fields.", 422); return }

	_, err = mail.ParseAddress(user.Email)
	if err != nil { http.Error(w, "Invalid email.", 422); return }

	if roles[user.Role] == 0 {
		http.Error(w, "Invalid role.", 422)
	}

	user, err = insertUser(db, user)
	if err != nil { http.Error(w, "Error creating user.", 422); return }

	json.NewEncoder(w).Encode(user)
}

func api(w http.ResponseWriter, r *http.Request) {
	var args []string

	p := r.URL.Path
	db, err := sql.Open("mysql",
		fmt.Sprintf("%s:%s@tcp(127.0.0.1:3306)/skouter",
			config["DBUser"],
			config["DBPass"]))

	w.Header().Set("Content-Type", "application/json; charset=UTF-8")

	err = db.Ping()
	if err != nil {
		fmt.Println("Bad database configuration: %v\n", err)
		panic(err)
		// maybe os.Exit(1) instead
	}
	switch {
	case match(p, "/api/login", &args) &&
	r.Method == http.MethodPost:
		login(w, db, r)
	case match(p, "/api/token", &args) &&
	r.Method == http.MethodGet && guard(r, 1):
		getToken(w, db, r)
	case match(p, "/api/users", &args) && // Array of all users
	r.Method == http.MethodGet && guard(r, 3):
		getUsers(w, db, r)
	case match(p, "/api/user", &args) &&
	r.Method == http.MethodGet && guard(r, 1):
		getUser(w, db, r)
	case match(p, "/api/user", &args) &&
	r.Method == http.MethodPost &&
	guard(r, 3):
		createUser(w, db, r)
	case match(p, "/api/user", &args) &&
	r.Method == http.MethodPatch &&
	guard(r, 3): // For admin to modify any user
		patchUser(w, db, r)
	case match(p, "/api/user", &args) &&
	r.Method == http.MethodPatch &&
	guard(r, 2): // For employees to modify own accounts
		patchSelf(w, db, r)
	case match(p, "/api/user", &args) &&
	r.Method == http.MethodDelete &&
	guard(r, 3):
		deleteUser(w, db, r)
	}

	db.Close()
}

func route(w http.ResponseWriter, r *http.Request) {
    var page Page
	var args []string
    p := r.URL.Path

    switch {
    case r.Method == "GET" && match(p, "/", &args):
        page = pages[ "home" ]
    case match(p, "/terms", &args):
        page = pages[ "terms" ]
    case match(p, "/app", &args):
        page = pages[ "app" ]
    default:
        http.NotFound(w, r)
        return
    }

    page.Render(w)
}

func main() {
	files := http.FileServer(http.Dir(""))

	http.Handle("/assets/", files)
	http.HandleFunc("/api/", api)
	http.HandleFunc("/", route)
	log.Fatal(http.ListenAndServe(address, nil))
}