Immanuel
/
skouter
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Skouter mortgage estimates. Web application with view written in PHP and Vue, but controller and models in Go.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
104 Commits
1 Branch
11 MiB
 
 
 
 
 
 
Tree: e77294f777
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'e77294f777'
${ noResults }
skouter/skouter.go

2026 lines
44 KiB
Raw Blame History 

  1. package main

  2. 

  3. import (

  4. 		"os"

  5. 		"net/http"

  6. 		"net/mail"

  7. 		"log"

  8. 		"sync"

  9. 		"regexp"

  10. 		"html/template"

  11. 		"database/sql"

  12. 		_ "github.com/go-sql-driver/mysql"

  13. 		"fmt"

  14. 		"encoding/json"

  15. 		"strconv"

  16. 		"bytes"

  17. 		"time"

  18. 		"errors"

  19. 		"strings"

  20. 		"math"

  21. 		"io"

  22. 		// pdf "github.com/SebastiaanKlippert/go-wkhtmltopdf"

  23. 		"github.com/golang-jwt/jwt/v4"

  24. 		"github.com/disintegration/gift"

  25. 		"image"

  26. 		"image/png"

  27. 		_ "image/jpeg"

  28. )

  29. 

  30. type Address struct {

  31. 	Id		int 	`json:"id"`

  32. 	Full 	string 	`json:"full"`

  33. 	Street 	string 	`json:"street"`

  34. 	City	string 	`json:"city"`

  35. 	Region	string 	`json:"region"`

  36. 	Country	string 	`json:"country"`

  37. 	Zip	string 	`json:"zip"`

  38. }

  39. 

  40. 

  41. type User struct {

  42. 	Id		int	`json:"id"`

  43. 	Email 	string	`json:"email"`

  44. 	FirstName 	string 	`json:"firstName"`

  45. 	LastName 	string	`json:"lastName"`

  46. 	Phone 	string	`json:"phone"`

  47. 	Address 	Address	`json:"address"`

  48. 	BranchId 	int	`json:"branchId"`

  49. 	Status 	string 	`json:"status"`

  50. 	Country 	string 	`json:"country"`

  51. 	Title 	string 	`json:"title"`

  52. 	Verified 	bool	`json:"verified"`

  53. 	Role 	string 	`json:"role"`

  54. 	Password 	string 	`json:"password,omitempty"`

  55. }

  56. 

  57. type UserClaims struct {

  58. 	Id 	int 	`json:"id"`

  59. 	Role 	string 	`json:"role"`

  60. 	Exp 	string 	`json:"exp"`

  61. }

  62. 

  63. type Page struct {

  64. 	tpl *template.Template

  65. 	Title string

  66. 	Name string

  67. }

  68. 

  69. type Borrower struct {

  70. 	Id	int	`json:"id"`

  71. 	Credit	int 	`json:"credit"`

  72. 	Income	int 	`json:"income"`

  73. 	Num	int	`json:"num"`

  74. }

  75. 

  76. type FeeTemplate struct {

  77. 	Id		int 	`json:"id"`

  78. 	User	int 	`json:"user"`

  79. 	Branch	int 	`json:"branch"`

  80. 	Amount	int 	`json:"amount"`

  81. 	Perc	float32 	`json:"perc"`

  82. 	Type	string 	`json:"type"`

  83. 	Notes	string 	`json:"notes"`

  84. 	Name	string 	`json:"name"`

  85. 	Category	string 	`json:"category"`

  86. 	Auto	bool 	`json:"auto"`

  87. }

  88. 

  89. type Fee struct {

  90. 	Id		int 	`json:"id"`

  91. 	LoanId	int 	`json:"loan_id"`

  92. 	Amount	int 	`json:"amount"`

  93. 	Perc	float32 	`json:"perc"`

  94. 	Type	string 	`json:"type"`

  95. 	Notes	string 	`json:"notes"`

  96. 	Name	string 	`json:"name"`

  97. 	Category	string 	`json:"category"`

  98. }

  99. 

  100. type LoanType struct {

  101. 	Id 	int 	`json:"id"`

  102. 	User 	int 	`json:"user"`

  103. 	Branch 	int 	`json:"branch"`

  104. 	Name 	string 	`json:"name"`

  105. }

  106. 

  107. type Loan struct {

  108. 	Id 	int	`json:"id"`

  109. 	EstimateId	int 	`json:"estimateId"`

  110. 	Type	LoanType	`json:"type"`

  111. 	Amount	int 	`json:"amount"`

  112. 	Amortization	string	`json:"amortization"`

  113. 	Term		int 	`json:"term"`

  114. 	Ltv 	float32 	`json:"ltv"`

  115. 	Dti 	float32 	`json:"dti"`

  116. 	Hoi		int 	`json:"hoi"`

  117. 	Hazard		int 	`json:"hazard"`

  118. 	Tax		int 	`json:"tax"`

  119. 	Interest	float32 	`json:"interest"`

  120. 	Mi 	MI 	`json:"mi"`

  121. 	Fees		[]Fee 	`json:"fees"`

  122. 	Name		string 	`json:"title"`

  123. }

  124. 

  125. type MI struct {

  126. 	Type	string	`json:"user"`

  127. 	Label	string	`json:"label"`

  128. 	Lender	string	`json:"lender"`

  129. 	Rate	float32	`json:"rate"`

  130. 	Premium	float32	`json:"premium"`

  131. 	Upfront	float32	`json:"upfront"`

  132. 	Monthly	bool	`json:"monthly"`

  133. 	FiveYearTotal	float32	`json:"fiveYearTotal"`

  134. 	InitialAllInPremium	float32	`json:"initialAllInPremium"`

  135. 	InitialAllInRate	float32	`json:"initialAllInRate"`

  136. 	InitialAmount	float32	`json:"initialAmount"`

  137. }

  138. 

  139. type Result struct {

  140. 	Id	int 	`json:"id"`

  141. 	LoanId		int 	`json:"loanId"`

  142. 	LoanPayment	int 	`json:"loanPayment"`

  143. 	TotalMonthly	int 	`json:"totalMonthly"`

  144. 	TotalFees	int 	`json:"totalFees"`

  145. 	TotalCredits	int 	`json:"totalCredits"`

  146. 	CashToClose	int 	`json:"cashToClose"`

  147. }

  148. 

  149. type Estimate struct {

  150. 	Id	int 	`json:"id"`

  151. 	User	int 	`json:"user"`

  152. 	Borrower	Borrower 	`json:"borrower"`

  153. 	Transaction	string 	`json:"transaction"`

  154. 	Price		int 	`json:"price"`

  155. 	Property	string 	`json:"property"`

  156. 	Occupancy	string	`json:"occupancy"`

  157. 	Zip		string 	`json:"zip"`

  158. 	Pud		bool 	`json:"pud"`

  159. 	Loans 	[]Loan 	`json:"loans"`

  160. 	Results 	[]Result 	`json:"results"`

  161. }

  162. 

  163. type Password struct {

  164. 	Old	string	`json:"old"`

  165. 	New	string	`json:"new"`

  166. }

  167. 

  168. type Endpoint func (http.ResponseWriter, *sql.DB, *http.Request)

  169. 

  170. var (

  171.     regexen = make(map[string]*regexp.Regexp)

  172.     relock  sync.Mutex

  173. 	address = "127.0.0.1:8001"

  174. )

  175. 

  176. var paths = map[string]string {

  177. 	"home": "views/home.tpl",

  178. 	"terms": "views/terms.tpl",

  179. 	"app": "views/app.tpl",

  180. 	"test": "views/test.tpl",

  181. }

  182. 

  183. var pages = map[string]Page {

  184. 	"home": cache("home", "Home"),

  185. 	"terms": cache("terms", "Terms and Conditions"),

  186. 	"test": cache("test", "PDF test"),

  187. 	"app": cache("app", "App"),

  188. }

  189. 

  190. var roles = map[string]int{

  191. 	"User": 1,

  192. 	"Manager": 2,

  193. 	"Admin": 3,

  194. }

  195. 

  196. // Used to validate claim in JWT token body. Checks if user id is greater than

  197. // zero and time format is valid

  198. func (c UserClaims) Valid() error {

  199. 	if c.Id < 1 { return errors.New("Invalid id") }

  200. 	t, err := time.Parse(time.UnixDate, c.Exp)

  201. 	if err != nil { return err }

  202. 	if t.Before(time.Now()) { return errors.New("Token expired.") }

  203. 	return err

  204. }

  205. 

  206. func cache(name string, title string) Page {

  207. 	var p = []string{"views/master.tpl", paths[name]}

  208. 	tpl := template.Must(template.ParseFiles(p...))

  209. 	return Page{tpl: tpl,

  210. 				Title: title,

  211. 				Name: name,

  212. 				}

  213. }

  214. 

  215. func (page Page) Render(w http.ResponseWriter) {

  216. 	err := page.tpl.Execute(w, page)

  217. 	if err != nil {

  218. 		log.Print(err)

  219. 	}

  220. }

  221. 

  222. func match(path, pattern string, args *[]string) bool {

  223. 	relock.Lock()

  224. 	defer relock.Unlock()

  225. 	regex := regexen[pattern]

  226. 

  227. 	if regex == nil {

  228. 		regex = regexp.MustCompile("^" + pattern + "$")

  229. 		regexen[pattern] = regex

  230. 	}

  231. 

  232. 	matches := regex.FindStringSubmatch(path)

  233. 	if len(matches) <= 0 {

  234. 		return false

  235. 	}

  236. 

  237. 	*args = matches[1:]

  238. 	return true

  239. }

  240. 

  241. func makeResults(estimate Estimate) ([]Result) {

  242. 	var results []Result

  243. 	amortize := func(principle float64, rate float64, periods float64) int {

  244. 		exp := math.Pow(1+rate, periods)

  245. 		return int(principle * rate * exp / (exp - 1))

  246. 	}

  247. 	

  248. 	for _, loan := range estimate.Loans {

  249. 		var result Result

  250. 		// Monthly payments use amortized loan payment formula plus monthly MI,

  251. 		// plus all other recurring fees

  252. 		result.LoanPayment = amortize(float64(loan.Amount),

  253. 		float64(loan.Interest / 100 / 12),

  254. 		float64(loan.Term * 12))

  255. 		result.TotalMonthly = result.LoanPayment + loan.Hoi + loan.Tax + loan.Hazard

  256. 		if loan.Mi.Monthly {

  257. 			result.TotalMonthly = result.TotalMonthly +

  258. 			int(loan.Mi.Rate/100*float32(loan.Amount))

  259. 		}

  260. 		

  261. 		for i := range loan.Fees {

  262. 			if loan.Fees[i].Amount > 0 {

  263. 				result.TotalFees = result.TotalFees + loan.Fees[i].Amount

  264. 			} else {

  265. 				result.TotalCredits = result.TotalCredits + loan.Fees[i].Amount

  266. 			}

  267. 		}

  268. 		

  269. 		result.CashToClose =

  270. 		result.TotalFees + result.TotalCredits + (estimate.Price - loan.Amount)

  271. 		result.LoanId = loan.Id

  272. 		

  273. 		results = append(results, result)

  274. 	}

  275. 	

  276. 	return results

  277. }

  278. 

  279. func summarize(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  280. 	var estimate Estimate

  281. 	err := json.NewDecoder(r.Body).Decode(&estimate)

  282. 	if err != nil { http.Error(w, "Invalid estimate.", 422); return }

  283. 	results := makeResults(estimate)

  284. 	

  285. 	json.NewEncoder(w).Encode(results)

  286. }

  287. 

  288. func getLoanType( db *sql.DB, id int) (LoanType, error) {

  289. 	types, err := getLoanTypes(db, id, 0, 0)

  290. 	if err != nil { return LoanType{Id: id}, err }

  291. 	if len(types) == 0 {

  292. 		return LoanType{Id: id}, errors.New("No type with that id")

  293. 	}

  294. 	

  295. 	return types[0], nil

  296. }

  297. 

  298. func getLoanTypes( db *sql.DB, id int, user int, branch int ) (

  299. []LoanType, error) {

  300. 	var loans []LoanType

  301. 	var query = `SELECT

  302. 	id,

  303. 	user_id,

  304. 	branch_id,

  305. 	name

  306. 	FROM loan_type WHERE loan_type.id = CASE @e := ? WHEN 0 THEN id ELSE @e END

  307. 	OR

  308. 	loan_type.user_id = CASE @e := ? WHEN 0 THEN id ELSE @e END

  309. 	OR

  310. 	loan_type.branch_id = CASE @e := ? WHEN 0 THEN id ELSE @e END`

  311. 

  312. 	// Should be changed to specify user

  313. 	rows, err := db.Query(query, id, user, branch)

  314. 

  315. 	if err != nil {

  316. 		return nil, fmt.Errorf("loan_type error: %v", err)

  317. 	}

  318. 

  319. 	defer rows.Close()

  320. 

  321. 	for rows.Next() {

  322. 		var loan LoanType

  323. 

  324. 		if err := rows.Scan(

  325. 			&loan.Id,

  326. 			&loan.User,

  327. 			&loan.Branch,

  328. 			&loan.Name)

  329. 		err != nil {

  330. 			log.Printf("Error occured fetching loan: %v", err)

  331. 			return nil, fmt.Errorf("Error occured fetching loan: %v", err)

  332.         }

  333. 

  334. 		loans = append(loans, loan)

  335. 	}

  336. 

  337. 	return loans, nil

  338. }

  339. 

  340. func getFees(db *sql.DB, loan int) ([]Fee, error) {

  341. 	var fees []Fee

  342. 

  343. 	query := `SELECT id, loan_id, amount, perc, type, notes, name, category

  344. 	FROM fee

  345. 	WHERE loan_id = ?`

  346. 	

  347. 	rows, err := db.Query(query, loan)

  348. 	

  349. 	if err != nil {

  350. 		return nil, fmt.Errorf("Fee query error %v", err)

  351. 	}

  352. 

  353. 	defer rows.Close()

  354. 

  355. 	for rows.Next() {

  356. 		var fee Fee

  357. 

  358. 		if err := rows.Scan(

  359. 			&fee.Id,

  360. 			&fee.LoanId,

  361. 			&fee.Amount,

  362. 			&fee.Perc,

  363. 			&fee.Type,

  364. 			&fee.Notes,

  365. 			&fee.Name,

  366. 			&fee.Category,

  367. 			)

  368. 		err != nil {

  369. 			return nil, fmt.Errorf("Fees scanning error: %v", err)

  370.         }

  371. 

  372. 		fees = append(fees, fee)

  373. 	}

  374. 	

  375. 	return fees, nil

  376. }

  377. 

  378. func fetchFeesTemp(db *sql.DB, user int, branch int) ([]FeeTemplate, error) {

  379. 	var fees []FeeTemplate

  380. 	query := `SELECT

  381. 	id, user_id, COALESCE(branch_id, 0), amount, perc, type, notes, name,

  382. 	category, auto

  383. 	FROM fee_template

  384. 	WHERE user_id = ? OR branch_id = ?

  385. 	`

  386. 	

  387. 	rows, err := db.Query(query, user, branch)

  388. 	

  389. 	if err != nil {

  390. 		return nil, fmt.Errorf("Fee template query error %v", err)

  391. 	}

  392. 

  393. 	defer rows.Close()

  394. 

  395. 	for rows.Next() {

  396. 		var fee FeeTemplate

  397. 

  398. 		if err := rows.Scan(

  399. 			&fee.Id,

  400. 			&fee.User,

  401. 			&fee.Branch,

  402. 			&fee.Amount,

  403. 			&fee.Perc,

  404. 			&fee.Type,

  405. 			&fee.Notes,

  406. 			&fee.Name,

  407. 			&fee.Category,

  408. 			&fee.Auto)

  409. 		err != nil {

  410. 			return nil, fmt.Errorf("FeesTemplate scanning error: %v", err)

  411.         }

  412. 

  413. 		fees = append(fees, fee)

  414. 	}

  415. 	

  416. 	return fees, nil

  417. }

  418. 

  419. // Fetch fees from the database

  420. func getFeesTemp(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  421. 	var fees []FeeTemplate

  422. 	claims, err := getClaims(r)

  423. 	if err != nil { w.WriteHeader(500); return }

  424. 	users, err := queryUsers(db, claims.Id)

  425. 	if err != nil { w.WriteHeader(422); return }

  426. 

  427. 	fees, err = fetchFeesTemp(db, claims.Id, users[0].BranchId)

  428. 	json.NewEncoder(w).Encode(fees)

  429. }

  430. 

  431. // Fetch fees from the database

  432. func createFeesTemp(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  433. 	var fee FeeTemplate

  434. 	var query string

  435. 	var row *sql.Row

  436. 	var err error

  437. 	

  438. 	claims, err := getClaims(r)

  439. 	// var id int // Inserted estimate's id

  440. 	err = json.NewDecoder(r.Body).Decode(&fee)

  441. 	if err != nil { w.WriteHeader(422); return }

  442. 

  443. 	query = `INSERT INTO fee_template

  444. 	(

  445. 		user_id,

  446. 		branch_id,

  447. 		amount,

  448. 		perc,

  449. 		type,

  450. 		notes,

  451. 		name,

  452. 		auto

  453. 	)

  454. 	VALUES (?, NULL, ?, ?, ?, ?, ?, ?)

  455. 	RETURNING id

  456. 	`

  457. 	row = db.QueryRow(query,

  458. 		claims.Id,

  459. 		fee.Amount,

  460. 		fee.Perc,

  461. 		fee.Type,

  462. 		fee.Notes,

  463. 		fee.Name,

  464. 		fee.Auto,

  465. 	)

  466. 

  467. 	err = row.Scan(&fee.Id)

  468. 	if err != nil { w.WriteHeader(500); return }

  469. 	

  470. 	json.NewEncoder(w).Encode(fee)	

  471. }

  472. 

  473. // Fetch fees from the database

  474. func deleteFeeTemp(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  475. 	var fee FeeTemplate

  476. 	var query string

  477. 	var err error

  478. 	

  479. 	// claims, err := getClaims(r)

  480. 	// var id int // Inserted estimate's id

  481. 	err = json.NewDecoder(r.Body).Decode(&fee)

  482. 	if err != nil { w.WriteHeader(422); return }

  483. 

  484. 	query = `DELETE FROM fee_template WHERE id = ?`

  485. 	_, err = db.Exec(query, fee.Id)

  486. 	if err != nil { w.WriteHeader(500); return }

  487. }

  488. 

  489. func getMi(db *sql.DB, loan int) (MI, error) {

  490. 	var mi MI

  491. 

  492. 	query := `SELECT

  493. 	type, label, lender, rate, premium, upfront, five_year_total,

  494. 	initial_premium, initial_rate, initial_amount

  495. 	FROM mi WHERE loan_id = ?`

  496. 

  497. 	rows, err := db.Query(query, loan)

  498. 	if err != nil { return mi, err }

  499. 	

  500. 	defer rows.Close()

  501. 

  502. 	if (!rows.Next()) { return mi, nil }

  503. 	

  504. 	if err := rows.Scan(

  505. 		&mi.Type,

  506. 		&mi.Label,

  507. 		&mi.Lender,

  508. 		&mi.Rate,

  509. 		&mi.Premium,

  510. 		&mi.Upfront,

  511. 		&mi.FiveYearTotal,

  512. 		&mi.InitialAllInPremium,

  513. 		&mi.InitialAllInRate,

  514. 		&mi.InitialAmount,

  515. 		)

  516. 	err != nil {

  517. 		return mi, err

  518. 	}

  519. 

  520. 	return mi, nil

  521. }

  522. 

  523. func getBorrower(db *sql.DB, id int) (Borrower, error) {

  524. 	var borrower Borrower

  525. 

  526. 	row := db.QueryRow(

  527. 		"SELECT * FROM borrower " +

  528. 		"WHERE id = ? LIMIT 1",

  529. 	id)

  530. 

  531. 	if err := row.Scan(

  532. 		&borrower.Id,

  533. 		&borrower.Credit,

  534. 		&borrower.Income,

  535. 		&borrower.Num,

  536. 		)

  537. 	err != nil {

  538. 		return borrower, fmt.Errorf("Borrower scanning error: %v", err)

  539.         }

  540. 

  541. 	return borrower, nil

  542. }

  543. 

  544. // Query Lender APIs and parse responses into MI structs

  545. func fetchMi(db *sql.DB, estimate *Estimate, pos int) []MI {

  546. 	var err error

  547. 	var loan Loan = estimate.Loans[pos]

  548. 

  549. 	var ltv = func(l float32) string {

  550. 		switch {

  551. 		case l > 95: return "LTV97"

  552. 		case l > 90: return "LTV95"

  553. 		case l > 85: return "LTV90"

  554. 		default: return "LTV85"

  555. 		}

  556. 	}

  557. 

  558. 	var term = func(t int) string {

  559. 		switch {

  560. 		case t <= 10: return "A10"

  561. 		case t <= 15: return "A15"

  562. 		case t <= 20: return "A20"

  563. 		case t <= 25: return "A25"

  564. 		case t <= 30: return "A30"

  565. 		default: return "A40"

  566. 		}

  567. 	}

  568. 

  569. 	var propertyCodes = map[string]string {

  570. 		"Single Attached": "SFO",

  571. 		"Single Detached": "SFO",

  572. 		"Condo Lo-rise": "CON",

  573. 		"Condo Hi-rise": "CON",

  574. 	}

  575. 

  576. 	var purposeCodes = map[string]string {

  577. 		"Purchase": "PUR",

  578. 		"Refinance": "RRT",

  579. 	}

  580. 

  581. 	body, err := json.Marshal(map[string]any{

  582. 		"zipCode": estimate.Zip,

  583. 		"stateCode": "CA",

  584. 		"address": "",

  585. 		"propertyTypeCode": propertyCodes[estimate.Property],

  586. 		"occupancyTypeCode": "PRS",

  587. 		"loanPurposeCode": purposeCodes[estimate.Transaction],

  588. 		"loanAmount": loan.Amount,

  589. 		"loanToValue": ltv(loan.Ltv),

  590. 		"amortizationTerm": term(loan.Term),

  591. 		"loanTypeCode": "FXD",

  592. 		"duLpDecisionCode": "DAE",

  593. 		"loanProgramCodes": []any{},

  594. 		"debtToIncome": loan.Dti,

  595. 		"wholesaleLoan": 0,

  596. 		"coveragePercentageCode": "L30",

  597. 		"productCode": "BPM",

  598. 		"renewalTypeCode": "CON",

  599. 		"numberOfBorrowers": 1,

  600. 		"coBorrowerCreditScores": []any{},

  601. 		"borrowerCreditScore": strconv.Itoa(estimate.Borrower.Credit),

  602. 		"masterPolicy": nil,

  603. 		"selfEmployedIndicator": false,

  604. 		"armType": "",

  605. 		"userId": 44504,

  606. 	})

  607. 	

  608. 	if err != nil {

  609. 		log.Printf("Could not marshal NationalMI body: \n%v\n%v\n",

  610. 		bytes.NewBuffer(body), err)

  611. 	}

  612. 

  613. 	req, err := http.NewRequest("POST",

  614. 	"https://rate-gps.nationalmi.com/rates/productRateQuote",

  615. 	bytes.NewBuffer(body))

  616. 	req.Header.Add("Content-Type", "application/json")

  617. 

  618. 	req.AddCookie(&http.Cookie{

  619. 		Name: "nmirategps_email",

  620. 		Value: os.Getenv("NationalMIEmail")})

  621. 

  622. 	resp, err := http.DefaultClient.Do(req)

  623. 	var res map[string]interface{}

  624. 	var result []MI

  625. 

  626. 	if resp.StatusCode != 200 {

  627. 		log.Printf("the status: %v\nthe resp: %v\n the req: %v\n the body: %v\n",

  628. 		resp.Status, resp, req.Body, bytes.NewBuffer(body))

  629. 	} else {

  630. 		json.NewDecoder(resp.Body).Decode(&res)

  631. 		// estimate.Loans[pos].Mi = res

  632. 		// Parse res into result here

  633. 	}

  634. 

  635. 	return result

  636. }

  637. 

  638. // Make comparison PDF

  639. func generatePDF(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  640. }

  641. 

  642. func login(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  643. 	var id int

  644. 	var role string

  645. 	var err error

  646. 	var user User

  647. 	json.NewDecoder(r.Body).Decode(&user)

  648. 

  649. 	row := db.QueryRow(

  650. 		`SELECT id, role FROM user WHERE email = ? AND password = sha2(?, 256)`,

  651. 		user.Email, user.Password,

  652. 		)

  653. 

  654. 	err = row.Scan(&id, &role)

  655. 	if err != nil {

  656. 		http.Error(w, "Invalid Credentials.", http.StatusUnauthorized)

  657. 		return

  658. 	}

  659. 

  660. 	token := jwt.NewWithClaims(jwt.SigningMethodHS256,

  661. 	UserClaims{ Id: id, Role: role,

  662. 		Exp: time.Now().Add(time.Minute * 30).Format(time.UnixDate)})

  663. 

  664. 	tokenStr, err := token.SignedString([]byte(os.Getenv("JWT_SECRET")))

  665. 	if err != nil {

  666. 		log.Println("Token could not be signed: ", err, tokenStr)

  667. 		http.Error(w, "Token generation error.", http.StatusInternalServerError)

  668. 		return

  669. 	}

  670. 

  671. 	cookie := http.Cookie{Name: "skouter",

  672. 	Value: tokenStr,

  673. 	Path: "/",

  674. 	Expires: time.Now().Add(time.Hour * 24)}

  675. 	http.SetCookie(w, &cookie)

  676. 	_, err = w.Write([]byte(tokenStr))

  677. 	if err != nil {

  678. 		http.Error(w,

  679. 		"Could not complete token write.",

  680. 		http.StatusInternalServerError)}

  681. }

  682. 

  683. func getToken(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  684. 	claims, err := getClaims(r)

  685. 	// Will verify existing signature and expiry time

  686. 	token := jwt.NewWithClaims(jwt.SigningMethodHS256,

  687. 	UserClaims{ Id: claims.Id, Role: claims.Role,

  688. 		Exp: time.Now().Add(time.Minute * 30).Format(time.UnixDate)})

  689. 

  690. 	tokenStr, err := token.SignedString([]byte(os.Getenv("JWT_SECRET")))

  691. 	if err != nil {

  692. 		log.Println("Token could not be signed: ", err, tokenStr)

  693. 		http.Error(w, "Token generation error.", http.StatusInternalServerError)

  694. 		return

  695. 	}

  696. 

  697. 	cookie := http.Cookie{Name: "skouter",

  698. 	Value: tokenStr,

  699. 	Path: "/",

  700. 	Expires: time.Now().Add(time.Hour * 24)}

  701. 	http.SetCookie(w, &cookie)

  702. 	_, err = w.Write([]byte(tokenStr))

  703. 	if err != nil {

  704. 		http.Error(w,

  705. 		"Could not complete token write.",

  706. 		http.StatusInternalServerError)}

  707. }

  708. 

  709. func getClaims(r *http.Request) (UserClaims, error) {

  710. 	claims := new(UserClaims)

  711. 	_, tokenStr, found := strings.Cut(r.Header.Get("Authorization"), " ")

  712. 

  713. 	if !found {

  714. 		return *claims, errors.New("Token not found")

  715. 	}

  716. 

  717. 	// Pull token payload into UserClaims

  718. 	_, err := jwt.ParseWithClaims(tokenStr, claims,

  719. 	func(token *jwt.Token) (any, error) {

  720. 		return []byte(os.Getenv("JWT_SECRET")), nil

  721. 	})

  722. 

  723. 	if err != nil {

  724. 		return *claims, err

  725. 	}

  726. 

  727. 	if err = claims.Valid(); err != nil {

  728. 		return *claims, err

  729. 	}

  730. 

  731. 	return *claims, nil

  732. }

  733. 

  734. func guard(r *http.Request, required int) bool {

  735. 	claims, err := getClaims(r)

  736. 	if err != nil { return false }

  737. 	if roles[claims.Role] < required { return false }

  738. 

  739. 	return true

  740. }

  741. 

  742. // Inserts an address and returns it's ID along with any errors.

  743. func insertAddress(db *sql.DB, address Address) (int, error){

  744. 	var query string

  745. 	var row *sql.Row

  746. 	var err error

  747. 	var id int // Inserted user's id

  748. 

  749. 	query = `INSERT INTO address

  750. 	(

  751. 		full,

  752. 		street,

  753. 		city,

  754. 		region,

  755. 		country,

  756. 		zip

  757. 	)

  758. 	VALUES (?, ?, ?, ?, ?, ?)

  759. 	RETURNING id 

  760. 	`

  761. 	

  762. 	row = db.QueryRow(query,

  763. 		address.Full,

  764. 		address.Street,

  765. 		address.City,

  766. 		address.Region,

  767. 		address.Country,

  768. 		address.Zip,

  769. 	)

  770. 

  771. 	err = row.Scan(&id)

  772. 	

  773. 	return id, err

  774. }

  775. 

  776. func queryAddress(db *sql.DB, id int) ( Address, error ) {

  777. 	var address Address = Address{Id: id}

  778. 	var err error

  779. 

  780. 	row := db.QueryRow(

  781. 		`SELECT id, full_address, street, city, region, country, zip

  782. 		FROM address WHERE id = ?`, id)

  783. 

  784. 	err = row.Scan(

  785. 		&address.Id, 

  786. 		&address.Full,

  787. 		&address.Street,

  788. 		&address.City,

  789. 		&address.Region,

  790. 		&address.Country,

  791. 		&address.Zip,

  792. 		)

  793. 		

  794. 	return address, err

  795. }

  796. 

  797. func queryUsers(db *sql.DB, id int) ( []User, error ) {

  798. 	var users []User

  799. 	var query string

  800. 	var rows *sql.Rows

  801. 	var err error

  802. 

  803. 	query = `SELECT

  804. 	u.id,

  805. 	u.email,

  806. 	u.first_name,

  807. 	u.last_name,

  808. 	u.branch_id,

  809. 	u.country,

  810. 	u.title,

  811. 	u.status,

  812. 	u.verified,

  813. 	u.role,

  814. 	u.address

  815. 	FROM user u WHERE u.id = CASE @e := ? WHEN 0 THEN u.id ELSE @e END

  816. 	`

  817. 	rows, err = db.Query(query, id)

  818. 

  819. 

  820. 	if err != nil {

  821. 		return users, err

  822. 	}

  823. 

  824. 	defer rows.Close()

  825. 

  826. 	for rows.Next() {

  827. 		var user User

  828. 

  829. 		if err := rows.Scan(

  830. 			&user.Id,

  831. 			&user.Email,

  832. 			&user.FirstName,

  833. 			&user.LastName,

  834. 			&user.BranchId,

  835. 			&user.Country,

  836. 			&user.Title,

  837. 			&user.Status,

  838. 			&user.Verified,

  839. 			&user.Role,

  840. 			&user.Address.Id,

  841. 			)

  842. 		err != nil {

  843. 			return users, err

  844.         }

  845.         

  846.         user.Address, err = queryAddress(db, user.Address.Id)

  847.         if err != nil {

  848. 			return users, err

  849.         }

  850.         

  851. 		users = append(users, user)

  852. 	}

  853. 

  854. 	// Prevents runtime panics

  855. 	if len(users) == 0 { return users, errors.New("User not found.") }

  856. 

  857. 	return users, nil

  858. }

  859. 

  860. func insertResults(db *sql.DB, results []Result) (error){

  861. 	var query string

  862. 	var row *sql.Row

  863. 	var err error

  864. 

  865. 	query = `INSERT INTO estimate_result

  866. 	(

  867. 		loan_id,

  868. 		loan_payment,

  869. 		total_monthly,

  870. 		total_fees,

  871. 		total_credits,

  872. 		cash_to_close

  873. 	)

  874. 	VALUES (?, ?, ?, ?, ?, ?, ?)

  875. 	RETURNING id

  876. 	`

  877. 	for i := range results {

  878. 		db.QueryRow(query,

  879. 			results[i].LoanId,

  880. 			results[i].LoanPayment,

  881. 			results[i].TotalMonthly,

  882. 			results[i].TotalFees,

  883. 			results[i].TotalCredits,

  884. 			results[i].CashToClose,

  885. 		)

  886. 		err = row.Scan(&results[i].Id)

  887. 		if err != nil { return err }

  888. 	}

  889. 	

  890. 	return nil

  891. }

  892. 

  893. 

  894. func insertUser(db *sql.DB, user User) (User, error){

  895. 	var query string

  896. 	var row *sql.Row

  897. 	var err error

  898. 	var id int // Inserted user's id

  899. 	

  900. 	user.Address.Id, err = insertAddress(db, user.Address)

  901. 	if err != nil { return user, err }

  902. 

  903. 	query = `INSERT INTO user

  904. 	(

  905. 		email,

  906. 		first_name,

  907. 		last_name,

  908. 		password,

  909. 		created,

  910. 		role,

  911. 		verified,

  912. 		address,

  913. 		last_login

  914. 	)

  915. 	VALUES (?, ?, ?, sha2(?, 256), NOW(), ?, ?, ?, NOW())

  916. 	RETURNING id 

  917. 	`

  918. 	row = db.QueryRow(query,

  919. 		user.Email,

  920. 		user.FirstName,

  921. 		user.LastName,

  922. 		user.Password,

  923. 		user.Role,

  924. 		user.Verified,

  925. 		user.Address.Id,

  926. 	)

  927. 

  928. 	err = row.Scan(&id)

  929. 	if err != nil { return User{}, err }

  930. 

  931. 	users, err := queryUsers(db, id)

  932. 	if err != nil { return User{}, err }

  933. 

  934. 	return users[0], nil

  935. }

  936. 

  937. func updateAddress(address Address, db *sql.DB) error {

  938. 	query := `

  939. 	UPDATE address

  940. 	SET

  941. 	full_address = CASE @e := ? WHEN '' THEN full_address ELSE @e END,

  942. 	street = CASE @fn := ? WHEN '' THEN street ELSE @fn END,

  943. 	city = CASE @ln := ? WHEN '' THEN city ELSE @ln END,

  944. 	region = CASE @r := ? WHEN '' THEN region ELSE @r END,

  945. 	country = CASE @r := ? WHEN '' THEN country ELSE @r END,

  946. 	zip = CASE @r := ? WHEN '' THEN zip ELSE @r END

  947. 	WHERE id = ?

  948. 	`

  949. 

  950. 	_, err := db.Exec(query,

  951. 	address.Full,

  952. 	address.Street,

  953. 	address.City,

  954. 	address.Region,

  955. 	address.Country,

  956. 	address.Zip,

  957. 	address.Id,

  958. 	)

  959. 

  960. 	return err

  961. }

  962. 

  963. func updateUser(user User, db *sql.DB) error {

  964. 	query := `

  965. 	UPDATE user

  966. 	SET

  967. 	email = CASE @e := ? WHEN '' THEN email ELSE @e END,

  968. 	first_name = CASE @fn := ? WHEN '' THEN first_name ELSE @fn END,

  969. 	last_name = CASE @ln := ? WHEN '' THEN last_name ELSE @ln END,

  970. 	role = CASE @r := ? WHEN '' THEN role ELSE @r END,

  971. 	password = CASE @p := ? WHEN '' THEN password ELSE sha2(@p, 256) END

  972. 	WHERE id = ?

  973. 	`

  974. 

  975. 	_, err := db.Exec(query,

  976. 	user.Email,

  977. 	user.FirstName,

  978. 	user.LastName,

  979. 	user.Role,

  980. 	user.Password,

  981. 	user.Id,

  982. 	)

  983. 

  984. 	return err

  985. }

  986. 

  987. 

  988. func getUser(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  989. 	claims, err := getClaims(r)

  990. 	if err != nil { w.WriteHeader(500); return }

  991. 	users, err := queryUsers(db, claims.Id)

  992. 	if err != nil { w.WriteHeader(422); log.Println(err); return }

  993. 	json.NewEncoder(w).Encode(users)

  994. }

  995. 

  996. func getUsers(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  997. 	users, err := queryUsers(db, 0)

  998. 	if err != nil {

  999. 		w.WriteHeader(http.StatusInternalServerError)

  1000. 		return

  1001. 	}

  1002. 

  1003. 	json.NewEncoder(w).Encode(users)

  1004. }

  1005. 

  1006. // Updates a user using only specified values in the JSON body

  1007. func setUser(user User, db *sql.DB) error {

  1008. 	_, err := mail.ParseAddress(user.Email)

  1009. 	if err != nil { return err }

  1010. 

  1011. 	if roles[user.Role] == 0 {

  1012. 		return errors.New("Invalid role")

  1013. 	}

  1014. 

  1015. 	err = updateUser(user, db)

  1016. 	if err != nil { return err }

  1017. 	err = updateAddress(user.Address, db)

  1018. 	if err != nil { return err }

  1019. 	

  1020. 	return nil

  1021. }

  1022. 

  1023. func patchUser(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  1024. 	var user User

  1025. 	err := json.NewDecoder(r.Body).Decode(&user)

  1026. 	if err != nil { http.Error(w, "Invalid fields", 422); return }

  1027. 

  1028. 	err = setUser(user, db)

  1029. 	if err != nil { http.Error(w, err.Error(), 422); return }

  1030. }

  1031. 

  1032. // Update specified fields of the user specified in the claim

  1033. func patchSelf(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  1034. 	claim, err := getClaims(r)

  1035. 	var user User

  1036. 	json.NewDecoder(r.Body).Decode(&user)

  1037. 

  1038. 	// First check that the target user to be updated is the same as the claim id, and

  1039. 	// their role is unchanged.

  1040. 	if err != nil || claim.Id != user.Id {

  1041. 		http.Error(w, "Target user's id does not match claim.", 401)

  1042. 		return

  1043. 	}

  1044. 

  1045. 	if claim.Role != user.Role && user.Role != "" {

  1046. 		http.Error(w, "Administrator required to escalate role.", 401)

  1047. 		return

  1048. 	}

  1049. 

  1050. 	err = setUser(user, db)

  1051. 	if err != nil { http.Error(w, err.Error(), 422); return }

  1052. }

  1053. 

  1054. func deleteUser(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  1055. 	var user User

  1056. 	err := json.NewDecoder(r.Body).Decode(&user)

  1057. 	if err != nil {

  1058. 		http.Error(w, "Invalid fields.", 422)

  1059. 		return

  1060. 	}

  1061. 

  1062. 	query := `DELETE FROM user WHERE id = ?`

  1063. 	_, err = db.Exec(query, user.Id)

  1064. 

  1065. 	if err != nil {

  1066. 		http.Error(w, "Could not delete.", 500)

  1067. 	}

  1068. }

  1069. 

  1070. func createUser(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  1071. 	var user User

  1072. 	err := json.NewDecoder(r.Body).Decode(&user)

  1073. 	if err != nil { http.Error(w, "Invalid fields.", 422); return }

  1074. 

  1075. 	_, err = mail.ParseAddress(user.Email)

  1076. 	if err != nil { http.Error(w, "Invalid email.", 422); return }

  1077. 

  1078. 	if roles[user.Role] == 0 {

  1079. 		http.Error(w, "Invalid role.", 422)

  1080. 	}

  1081. 

  1082. 	user, err = insertUser(db, user)

  1083. 	if err != nil { http.Error(w, "Error creating user.", 422); return }

  1084. 

  1085. 	json.NewEncoder(w).Encode(user)

  1086. }

  1087. 

  1088. func checkPassword(db *sql.DB, id int, pass string) bool {

  1089. 	var p string

  1090. 	query := `SELECT

  1091. 	password

  1092. 	FROM user WHERE user.id = ? AND password = sha2(?, 256)

  1093. 	`

  1094. 	row := db.QueryRow(query, id, pass)

  1095. 	err := row.Scan(&p)

  1096. 	if err != nil { return false }

  1097. 	

  1098. 	return true

  1099. }

  1100. 

  1101. func setPassword(db *sql.DB, id int, pass string) error {

  1102. 	query := `UPDATE user

  1103. 	SET password = sha2(?, 256)

  1104. 	WHERE user.id = ?

  1105. 	`

  1106. 	_, err := db.Exec(query, pass, id)

  1107. 	if err != nil { return errors.New("Could not insert password.") }

  1108. 	

  1109. 	return nil

  1110. }

  1111. 

  1112. func changePassword(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  1113. 		var pass Password

  1114. 		claim, err := getClaims(r)

  1115. 		err = json.NewDecoder(r.Body).Decode(&pass)

  1116. 		if err != nil { http.Error(w, "Bad fields.", 422); return }

  1117. 		

  1118. 		if checkPassword(db, claim.Id, pass.Old) {

  1119. 			err = setPassword(db, claim.Id, pass.New)

  1120. 		} else {

  1121. 			http.Error(w, "Incorrect old password.", 401)

  1122. 			return

  1123. 		}

  1124. 		

  1125. 		if err != nil { http.Error(w, err.Error(), 500); return }

  1126. }

  1127. 

  1128. func fetchAvatar(db *sql.DB, user int) ( []byte, error ) {

  1129. 	var img []byte

  1130. 	var query string

  1131. 	var err error

  1132. 

  1133. 	query = `SELECT

  1134. 	avatar

  1135. 	FROM user WHERE user.id = ?

  1136. 	`

  1137. 	row := db.QueryRow(query, user)

  1138. 	err = row.Scan(&img)

  1139. 

  1140. 	if err != nil {

  1141. 		return img, err

  1142. 	}

  1143. 

  1144. 	return img, nil

  1145. }

  1146. 

  1147. 

  1148. func insertAvatar(db *sql.DB, user int, img []byte) error {

  1149. 	query := `UPDATE user

  1150. 	SET avatar = ?

  1151. 	WHERE id = ?

  1152. 	`

  1153. 	_, err := db.Exec(query, img, user)

  1154. 	if err != nil {

  1155. 		return err

  1156. 	}

  1157. 

  1158. 	return nil

  1159. }

  1160. 

  1161. func fetchLetterhead(db *sql.DB, user int) ( []byte, error ) {

  1162. 	var img []byte

  1163. 	var query string

  1164. 	var err error

  1165. 

  1166. 	query = `SELECT

  1167. 	letterhead

  1168. 	FROM user WHERE user.id = ?

  1169. 	`

  1170. 	row := db.QueryRow(query, user)

  1171. 	err = row.Scan(&img)

  1172. 

  1173. 	if err != nil {

  1174. 		return img, err

  1175. 	}

  1176. 

  1177. 	return img, nil

  1178. }

  1179. 

  1180. 

  1181. func insertLetterhead(db *sql.DB, user int, img []byte) error {

  1182. 	query := `UPDATE user

  1183. 	SET letterhead = ?

  1184. 	WHERE id = ?

  1185. 	`

  1186. 	_, err := db.Exec(query, img, user)

  1187. 	if err != nil {

  1188. 		return err

  1189. 	}

  1190. 

  1191. 	return nil

  1192. }

  1193. 

  1194. 

  1195. func setAvatar(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  1196. 	var validTypes []string = []string{"image/png", "image/jpeg"}

  1197. 	var isValidType bool

  1198. 	

  1199. 	claims, err := getClaims(r)

  1200. 	if err != nil { http.Error(w, "Invalid token.", 422); return }

  1201. 	img, err := io.ReadAll(r.Body)

  1202. 	if err != nil { http.Error(w, "Invalid file.", 422); return }

  1203. 	for _, v := range validTypes {

  1204. 		if v == http.DetectContentType(img) { isValidType = true }

  1205. 	}

  1206. 	if !isValidType { http.Error(w, "Invalid file type.", 422); return }

  1207. 

  1208. 	err = insertAvatar(db, claims.Id, img)

  1209. 	if err != nil { http.Error(w, "Could not insert.", 500); return }

  1210. }

  1211. 

  1212. func getAvatar(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  1213. 	claims, err := getClaims(r)

  1214. 	if err != nil { http.Error(w, "Invalid token.", 422); return }

  1215. 	img, err := fetchAvatar(db, claims.Id)

  1216. 	if err != nil { http.Error(w, "Could not retrieve.", 500); return }

  1217. 	

  1218. 	w.Header().Set("Content-Type", http.DetectContentType(img))

  1219. 	w.Write(img)

  1220. }

  1221. 

  1222. func setLetterhead(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  1223. 	var validTypes []string = []string{"image/png", "image/jpeg"}

  1224. 	var isValidType bool

  1225. 	

  1226. 	claims, err := getClaims(r)

  1227. 	if err != nil { http.Error(w, "Invalid token.", 422); return }

  1228. 	img, err := io.ReadAll(r.Body)

  1229. 	if err != nil { http.Error(w, "Invalid file.", 422); return }

  1230. 	for _, v := range validTypes {

  1231. 		if v == http.DetectContentType(img) { isValidType = true }

  1232. 	}

  1233. 	if !isValidType { http.Error(w, "Invalid file type.", 422); return }

  1234. 

  1235. 	err = insertLetterhead(db, claims.Id, img)

  1236. 	if err != nil { http.Error(w, "Could not insert.", 500); return }

  1237. }

  1238. 

  1239. func getLetterhead(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  1240. 	claims, err := getClaims(r)

  1241. 	if err != nil { http.Error(w, "Invalid token.", 422); return }

  1242. 	img, err := fetchLetterhead(db, claims.Id)

  1243. 	if err != nil { http.Error(w, "Could not retrieve.", 500); return }

  1244. 	

  1245. 	w.Header().Set("Content-Type", http.DetectContentType(img))

  1246. 	w.Write(img)

  1247. }

  1248. 

  1249. func queryBorrower(db *sql.DB, id int) ( Borrower, error ) {

  1250. 	var borrower Borrower

  1251. 	var query string

  1252. 	var err error

  1253. 

  1254. 	query = `SELECT

  1255. 	l.id,

  1256. 	l.credit_score,

  1257. 	l.num,

  1258. 	l.monthly_income

  1259. 	FROM borrower l WHERE l.id = ?

  1260. 	`

  1261. 	row := db.QueryRow(query, id)

  1262. 	err = row.Scan(

  1263. 			borrower.Id,

  1264. 			borrower.Credit,

  1265. 			borrower.Num,

  1266. 			borrower.Income,

  1267. 		)

  1268. 

  1269. 	if err != nil {

  1270. 		return borrower, err

  1271. 	}

  1272. 

  1273. 	return borrower, nil

  1274. }

  1275. 

  1276. // Must have an estimate ID 'e', but not necessarily a loan id 'id'

  1277. func getResults(db *sql.DB, e int, id int) ( []Result, error ) {

  1278. 	var results []Result

  1279. 	var query string

  1280. 	var rows *sql.Rows

  1281. 	var err error

  1282. 

  1283. 	query = `SELECT

  1284. 	r.id,

  1285. 	loan_id,

  1286. 	loan_payment,

  1287. 	total_monthly,

  1288. 	total_fees,

  1289. 	total_credits,

  1290. 	cash_to_close

  1291. 	FROM estimate_result r

  1292. 	INNER JOIN loan

  1293. 	ON r.loan_id = loan.id

  1294. 	WHERE r.id = CASE @e := ? WHEN 0 THEN r.id ELSE @e END

  1295. 	AND loan.estimate_id = ?

  1296. 	`

  1297. 	rows, err = db.Query(query, id, e)

  1298. 

  1299. 	if err != nil {

  1300. 		return results, err

  1301. 	}

  1302. 

  1303. 	defer rows.Close()

  1304. 

  1305. 	for rows.Next() {

  1306. 		var result Result

  1307. 

  1308. 		if err := rows.Scan(

  1309. 			&result.Id,

  1310. 			&result.LoanId,

  1311. 			&result.LoanPayment,

  1312. 			&result.TotalMonthly,

  1313. 			&result.TotalFees,

  1314. 			&result.TotalCredits,

  1315. 			&result.CashToClose,

  1316. 			)

  1317. 		err != nil {

  1318. 			return results, err

  1319.         }

  1320.         

  1321. 		results = append(results, result)

  1322. 	}

  1323. 	

  1324. 	// Prevents runtime panics

  1325. 	// if len(results) == 0 { return results, errors.New("Result not found.") }

  1326. 

  1327. 	return results, nil

  1328. }

  1329. 

  1330. // Must have an estimate ID 'e', but not necessarily a loan id 'id'

  1331. func getLoans(db *sql.DB, e int, id int) ( []Loan, error ) {

  1332. 	var loans []Loan

  1333. 	var query string

  1334. 	var rows *sql.Rows

  1335. 	var err error

  1336. 

  1337. 	query = `SELECT

  1338. 	l.id,

  1339. 	l.type_id,

  1340. 	l.estimate_id,

  1341. 	l.amount,

  1342. 	l.term,

  1343. 	l.interest,

  1344. 	l.ltv,

  1345. 	l.dti,

  1346. 	l.hoi,

  1347. 	l.tax,

  1348. 	l.name

  1349. 	FROM loan l WHERE l.id = CASE @e := ? WHEN 0 THEN l.id ELSE @e END AND

  1350. 	l.estimate_id = ?

  1351. 	`

  1352. 	rows, err = db.Query(query, id, e)

  1353. 

  1354. 	if err != nil {

  1355. 		return loans, err

  1356. 	}

  1357. 

  1358. 	defer rows.Close()

  1359. 

  1360. 	for rows.Next() {

  1361. 		var loan Loan

  1362. 

  1363. 		if err := rows.Scan(

  1364. 			&loan.Id,

  1365. 			&loan.Type.Id,

  1366. 			&loan.EstimateId,

  1367. 			&loan.Amount,

  1368. 			&loan.Term,

  1369. 			&loan.Interest,

  1370. 			&loan.Ltv,

  1371. 			&loan.Dti,

  1372. 			&loan.Hoi,

  1373. 			&loan.Tax,

  1374. 			&loan.Name,

  1375. 			)

  1376. 		err != nil {

  1377. 			return loans, err

  1378.         }

  1379.         

  1380.         mi, err := getMi(db, loan.Id)

  1381. 		if err != nil {

  1382. 			return loans, err

  1383.         }

  1384. 		loan.Mi = mi

  1385. 		fees, err := getFees(db, loan.Id)

  1386. 		if err != nil {

  1387. 			return loans, err

  1388.         }

  1389. 		loan.Fees = fees

  1390. 		

  1391. 		loan.Type, err = getLoanType(db, loan.Type.Id)

  1392. 		if err != nil {

  1393. 			return loans, err

  1394.         }

  1395. 		

  1396. 		loans = append(loans, loan)

  1397. 	}

  1398. 	

  1399. 	// Prevents runtime panics

  1400. 	if len(loans) == 0 { return loans, errors.New("Loan not found.") }

  1401. 

  1402. 	return loans, nil

  1403. }

  1404. 

  1405. func getEstimates(db *sql.DB, id int, user int) ( []Estimate, error ) {

  1406. 	var estimates []Estimate

  1407. 	var query string

  1408. 	var rows *sql.Rows

  1409. 	var err error

  1410. 

  1411. 	query = `SELECT

  1412. 	id,

  1413. 	user_id,

  1414. 	borrower_id,

  1415. 	transaction,

  1416. 	price,

  1417. 	property,

  1418. 	occupancy,

  1419. 	zip,

  1420. 	pud

  1421. 	FROM estimate WHERE id = CASE @e := ? WHEN 0 THEN id ELSE @e END AND

  1422. 	user_id = CASE @e := ? WHEN 0 THEN user_id ELSE @e END

  1423. 	`

  1424. 	rows, err = db.Query(query, id, user)

  1425. 

  1426. 	if err != nil {

  1427. 		return estimates, err

  1428. 	}

  1429. 

  1430. 	defer rows.Close()

  1431. 

  1432. 	for rows.Next() {

  1433. 		var estimate Estimate

  1434. 

  1435. 		if err := rows.Scan(

  1436. 			&estimate.Id,

  1437. 			&estimate.User,

  1438. 			&estimate.Borrower.Id,

  1439. 			&estimate.Transaction,

  1440. 			&estimate.Price,

  1441. 			&estimate.Property,

  1442. 			&estimate.Occupancy,

  1443. 			&estimate.Zip,

  1444. 			&estimate.Pud,

  1445. 			)

  1446. 		err != nil {

  1447. 			return estimates, err

  1448.         }

  1449.         

  1450. 		borrower, err := getBorrower(db, estimate.Borrower.Id)

  1451. 		if err != nil {

  1452. 			return estimates, err

  1453.         }

  1454.         estimate.Borrower = borrower

  1455.         

  1456. 		estimate.Results, err = getResults(db, estimate.Id, 0)

  1457. 		if err != nil {

  1458. 			return estimates, err

  1459.         }

  1460.         

  1461. 		estimates = append(estimates, estimate)

  1462. 	}

  1463. 

  1464. 	// Prevents runtime panics

  1465. 	if len(estimates) == 0 { return estimates, errors.New("Estimate not found.") }

  1466. 	

  1467. 	for i := range estimates {

  1468. 		estimates[i].Loans, err = getLoans(db, estimates[i].Id, 0)

  1469. 		if err != nil { return estimates, err }

  1470. 	}

  1471. 	

  1472. 	return estimates, nil

  1473. }

  1474. 

  1475. // Accepts a borrower struct and returns the id of the inserted borrower and

  1476. // any related error.

  1477. func insertBorrower(db *sql.DB, borrower Borrower) (int, error) {

  1478. 	var query string

  1479. 	var row *sql.Row

  1480. 	var err error

  1481. 	var id int // Inserted loan's id

  1482. 

  1483. 	query = `INSERT INTO borrower

  1484. 	(

  1485. 		credit_score,

  1486. 		monthly_income,

  1487. 		num

  1488. 	)

  1489. 	VALUES (?, ?, ?)

  1490. 	RETURNING id

  1491. 	`

  1492. 	row = db.QueryRow(query,

  1493. 		borrower.Credit,

  1494. 		borrower.Income,

  1495. 		borrower.Num,

  1496. 	)

  1497. 

  1498. 	err = row.Scan(&id)

  1499. 	if err != nil { return 0, err }

  1500. 

  1501. 	return id, nil

  1502. }

  1503. 

  1504. func insertMi(db *sql.DB, mi MI) (int, error) {

  1505. 	var id int

  1506. 	

  1507. 	query := `INSERT INTO mi 

  1508. 		(

  1509. 			type,

  1510. 			label,

  1511. 			lender,

  1512. 			rate,

  1513. 			premium,

  1514. 			upfront,

  1515. 			five_year_total,

  1516. 			initial_premium,

  1517. 			initial_rate,

  1518. 			initial_amount

  1519. 		)

  1520. 		VALUES (?, ?, ?, ?, ?, ?, ?)

  1521. 		RETURNING id`

  1522. 	

  1523. 	row := db.QueryRow(query,

  1524. 		&mi.Type,

  1525. 		&mi.Label,

  1526. 		&mi.Lender,

  1527. 		&mi.Rate,

  1528. 		&mi.Premium,

  1529. 		&mi.Upfront,

  1530. 		&mi.FiveYearTotal,

  1531. 		&mi.InitialAllInPremium,

  1532. 		&mi.InitialAllInRate,

  1533. 		&mi.InitialAmount,

  1534. 	)

  1535. 	

  1536. 	err := row.Scan(&id)

  1537. 	if err != nil { return 0, err }

  1538. 	

  1539. 	return id, nil

  1540. }

  1541. 

  1542. func insertFee(db *sql.DB, fee Fee) (int, error) {

  1543. 	var id int

  1544. 	

  1545. 	query := `INSERT INTO fee 

  1546. 		(loan_id, amount, perc, type, notes, name, category)

  1547. 		VALUES (?, ?, ?, ?, ?, ?, ?)

  1548. 		RETURNING id`

  1549. 	

  1550. 	row := db.QueryRow(query,

  1551. 		fee.LoanId,

  1552. 		fee.Amount,

  1553. 		fee.Perc,

  1554. 		fee.Type,

  1555. 		fee.Notes,

  1556. 		fee.Name,

  1557. 		fee.Category,

  1558. 	)

  1559. 	

  1560. 	err := row.Scan(&id)

  1561. 	if err != nil { return 0, err }

  1562. 	

  1563. 	return id, nil

  1564. }

  1565. 

  1566. func insertLoan(db *sql.DB, loan Loan) (Loan, error){

  1567. 	var query string

  1568. 	var row *sql.Row

  1569. 	var err error

  1570. 	var id int // Inserted loan's id

  1571. 

  1572. 	query = `INSERT INTO loan

  1573. 	(

  1574. 		estimate_id,

  1575. 		type_id,

  1576. 		amount,

  1577. 		term,

  1578. 		interest,

  1579. 		ltv,

  1580. 		dti,

  1581. 		hoi,

  1582. 		tax,

  1583. 		name

  1584. 	)

  1585. 	VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)

  1586. 	RETURNING id

  1587. 	`

  1588. 	row = db.QueryRow(query,

  1589. 		loan.EstimateId,

  1590. 		loan.Type.Id,

  1591. 		loan.Amount,

  1592. 		loan.Term,

  1593. 		loan.Interest,

  1594. 		loan.Ltv,

  1595. 		loan.Dti,

  1596. 		loan.Hoi,

  1597. 		loan.Tax,

  1598. 		loan.Name,

  1599. 	)

  1600. 

  1601. 	err = row.Scan(&id)

  1602. 	if err != nil { return loan, err }

  1603. 	_, err = insertMi(db, loan.Mi)

  1604. 	if err != nil { return loan, err }

  1605. 	for i := range loan.Fees {

  1606. 		_, err := insertFee(db, loan.Fees[i])

  1607. 		if err != nil { return loan, err }

  1608. 	}

  1609. 

  1610. 	loans, err := getLoans(db, id, 0)

  1611. 	if err != nil { return Loan{}, err }

  1612. 

  1613. 	return loans[0], nil

  1614. }

  1615. 

  1616. 

  1617. func insertEstimate(db *sql.DB, estimate Estimate) (Estimate, error){

  1618. 	var query string

  1619. 	var row *sql.Row

  1620. 	var err error

  1621. 	// var id int // Inserted estimate's id

  1622. 	

  1623. 	estimate.Borrower.Id, err = insertBorrower(db, estimate.Borrower)

  1624. 	if err != nil { return Estimate{}, err }

  1625. 

  1626. 	query = `INSERT INTO estimate

  1627. 	(

  1628. 		user_id,

  1629. 		borrower_id,

  1630. 		transaction,

  1631. 		price,

  1632. 		property,

  1633. 		occupancy,

  1634. 		zip,

  1635. 		pud

  1636. 	)

  1637. 	VALUES (?, ?, ?, ?, ?, ?, ?, ?)

  1638. 	RETURNING id

  1639. 	`

  1640. 	row = db.QueryRow(query,

  1641. 		estimate.User,

  1642. 		estimate.Borrower.Id,

  1643. 		estimate.Transaction,

  1644. 		estimate.Price,

  1645. 		estimate.Property,

  1646. 		estimate.Occupancy,

  1647. 		estimate.Zip,

  1648. 		estimate.Pud,

  1649. 	)

  1650. 

  1651. 	err = row.Scan(&estimate.Id)

  1652. 	if err != nil { return Estimate{}, err }

  1653. 

  1654. 	for _, l := range estimate.Loans {

  1655. 		l.EstimateId = estimate.Id

  1656. 		_, err = insertLoan(db, l)

  1657. 		if err != nil { return estimate, err }

  1658. 	}

  1659. 	

  1660. 	estimates, err := getEstimates(db, estimate.Id, 0)

  1661. 	if err != nil { return Estimate{}, err }

  1662. 

  1663. 	return estimates[0], nil

  1664. }

  1665. 

  1666. func createEstimate(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  1667. 	var estimate Estimate

  1668. 	err := json.NewDecoder(r.Body).Decode(&estimate)

  1669. 	if err != nil { http.Error(w, "Invalid fields.", 422); return }

  1670. 	claims, err := getClaims(r)

  1671. 	estimate.User = claims.Id

  1672. 

  1673. 	estimate, err = insertEstimate(db, estimate)

  1674. 	if err != nil { http.Error(w, err.Error(), 422); return }

  1675. 	estimate.Results = makeResults(estimate)

  1676. 	err = insertResults(db, estimate.Results)

  1677. 	if err != nil { http.Error(w, err.Error(), 500); return }

  1678. 	e, err := getEstimates(db, estimate.Id, 0)

  1679. 	if err != nil { http.Error(w, err.Error(), 500); return }

  1680. 	

  1681. 	json.NewEncoder(w).Encode(e[0])

  1682. }

  1683. 

  1684. // Query all estimates that belong to the current user

  1685. func fetchEstimate(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  1686. 	var estimates []Estimate

  1687. 	claims, err := getClaims(r)

  1688. 

  1689. 	estimates, err = getEstimates(db, 0, claims.Id)

  1690. 	if err != nil { http.Error(w, err.Error(), 500); return }

  1691. 	

  1692. 	json.NewEncoder(w).Encode(estimates)

  1693. }

  1694. 

  1695. func checkConventional(l Loan, b Borrower) error {

  1696. 	if b.Credit < 620 {

  1697. 		return errors.New("Credit score too low for conventional loan")

  1698. 	}

  1699. 	

  1700. 	// Buyer needs to put down 20% to avoid mortgage insurance

  1701. 	if (l.Ltv > 80 && l.Mi.Rate == 0) {

  1702. 		return errors.New(fmt.Sprintln(

  1703. 			l.Name,

  1704. 			"down payment must be 20% to avoid insurance",

  1705. 			))

  1706. 	}

  1707. 	

  1708. 	return nil

  1709. }

  1710. 

  1711. func checkFHA(l Loan, b Borrower) error {

  1712. 	if b.Credit < 500 {

  1713. 		return errors.New("Credit score too low for FHA loan")

  1714. 	}

  1715. 	

  1716. 	if (l.Ltv > 96.5) {

  1717. 		return errors.New("FHA down payment must be at least 3.5%")

  1718. 	}

  1719. 	

  1720. 	if (b.Credit < 580 && l.Ltv > 90) {

  1721. 		return errors.New("FHA down payment must be at least 10%")

  1722. 	}

  1723. 	

  1724. 	// Debt-to-income must be below 45% if credit score is below 580.

  1725. 	if (b.Credit < 580 && l.Dti > 45) {

  1726. 		return errors.New(fmt.Sprintln(

  1727. 			l.Name, "debt to income is too high for credit score.",

  1728. 		))

  1729. 	}

  1730. 	

  1731. 	return nil

  1732. }

  1733. 

  1734. // Loan option for veterans with no set rules. Mainly placeholder.

  1735. func checkVA(l Loan, b Borrower) error {

  1736. 	return nil

  1737. }

  1738. 

  1739. // Loan option for residents of rural areas with no set rules.

  1740. // Mainly placeholder.

  1741. func checkUSDA(l Loan, b Borrower) error {

  1742. 	return nil

  1743. }

  1744. 

  1745. // Should also check loan amount limit maybe with an API.

  1746. func checkEstimate(e Estimate) error {

  1747. 	if e.Property == "" { return errors.New("Empty property type") }

  1748. 	if e.Price == 0 { return errors.New("Empty property price") }

  1749. 	

  1750. 	if e.Borrower.Num == 0 {

  1751. 		return errors.New("Missing number of borrowers")

  1752. 	}

  1753. 	

  1754. 	if e.Borrower.Credit == 0 {

  1755. 		return errors.New("Missing borrower credit score")

  1756. 	}

  1757. 	

  1758. 	if e.Borrower.Income == 0 {

  1759. 		return errors.New("Missing borrower credit income")

  1760. 	}

  1761. 	

  1762. 	for _, l := range e.Loans {

  1763. 		if l.Amount == 0 {

  1764. 			return errors.New(fmt.Sprintln(l.Name, "loan amount cannot be zero"))

  1765. 		}

  1766. 		if l.Term == 0 {

  1767. 			return errors.New(fmt.Sprintln(l.Name, "loan term cannot be zero"))

  1768. 		}

  1769. 		if l.Interest == 0 {

  1770. 			return errors.New(fmt.Sprintln(l.Name, "loan interest cannot be zero"))

  1771. 		}

  1772. 		

  1773. 		// Can be used to check rules for specific loan types

  1774. 		var err error

  1775. 		switch l.Type.Id {

  1776. 		case 1:

  1777. 			err = checkConventional(l, e.Borrower)

  1778. 		case 2:

  1779. 			err = checkFHA(l, e.Borrower)

  1780. 		case 3:

  1781. 			err = checkVA(l, e.Borrower)

  1782. 		case 4:

  1783. 			err = checkUSDA(l, e.Borrower)

  1784. 		default:

  1785. 			err = errors.New("Invalid loan type")

  1786. 		}

  1787. 		

  1788. 		if err != nil { return err }

  1789. 	}

  1790. 	

  1791. 	return nil

  1792. 	

  1793. }

  1794. 

  1795. func validateEstimate(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  1796. 	var estimate Estimate

  1797. 	err := json.NewDecoder(r.Body).Decode(&estimate)

  1798. 

  1799. 	if err != nil { http.Error(w, err.Error(), 422); return }

  1800. 	

  1801. 	err = checkEstimate(estimate)

  1802. 	if err != nil { http.Error(w, err.Error(), 406); return }

  1803. }

  1804. 

  1805. func showPDF(w http.ResponseWriter, r *http.Request) {

  1806. 	// var args []string

  1807. 

  1808. 	// p := r.URL.Path

  1809. 	db, err := sql.Open("mysql",

  1810. 		fmt.Sprintf("%s:%s@tcp(127.0.0.1:3306)/skouter",

  1811. 			os.Getenv("DBUser"),

  1812. 			os.Getenv("DBPass")))

  1813. 

  1814. 	// w.Header().Set("Content-Type", "application/json; charset=UTF-8")

  1815. 	err = db.Ping()

  1816. 	if err != nil {

  1817. 		fmt.Println("Bad database configuration: %v\n", err)

  1818. 		panic(err)

  1819. 		// maybe os.Exit(1) instead

  1820. 	}

  1821. 	

  1822. 	var pa = template.Must(template.ParseFiles("views/master.tpl",

  1823. 	"views/test.tpl"))

  1824. 	

  1825. 	// claims, err := getClaims(r)

  1826. 	if err != nil { w.WriteHeader(500); return }

  1827. 	users, err := queryUsers(db, 1)

  1828. 	

  1829. 	info := struct {

  1830. 		Title string

  1831. 		Name string

  1832. 		User User

  1833. 	}{

  1834. 		Title: "test PDF",

  1835. 		Name: "idk-random-name",

  1836. 		User: users[0],

  1837. 	}

  1838. 	

  1839. 	err = pa.Execute(w, info)

  1840. 	if err != nil {fmt.Println(err)}

  1841. 

  1842. }

  1843. 

  1844. func clipLetterhead(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  1845. 	var validTypes []string = []string{"image/png", "image/jpeg"}

  1846. 	var isValidType bool

  1847. 	var err error

  1848. 	

  1849. 	// claims, err := getClaims(r)

  1850. 	if err != nil { http.Error(w, "Invalid token.", 422); return }

  1851. 	img, t, err := image.Decode(r.Body)

  1852. 	if err != nil { http.Error(w, "Invalid file.", 422); return }

  1853. 	for _, v := range validTypes {

  1854. 		if v == "image/"+t { isValidType = true }

  1855. 	}

  1856. 	if !isValidType { http.Error(w, "Invalid file type.", 422); return }

  1857. 	

  1858. 	g := gift.New(

  1859. 		gift.ResizeToFit(400, 200, gift.LanczosResampling),

  1860. 	)

  1861. 	dst := image.NewRGBA(g.Bounds(img.Bounds()))

  1862. 	g.Draw(dst, img)

  1863. 	

  1864. 	w.Header().Set("Content-Type", "image/png")

  1865. 	err = png.Encode(w, dst)

  1866. 	if err != nil { http.Error(w, "Error encoding.", 500); return }

  1867. }

  1868. 

  1869. 

  1870. func api(w http.ResponseWriter, r *http.Request) {

  1871. 	var args []string

  1872. 

  1873. 	p := r.URL.Path

  1874. 	db, err := sql.Open("mysql", fmt.Sprintf("%s:%s@tcp(127.0.0.1:3306)/%s",

  1875. 			os.Getenv("DBUser"),

  1876. 			os.Getenv("DBPass"),

  1877. 			os.Getenv("DBName"),

  1878. 			))

  1879. 

  1880. 	w.Header().Set("Content-Type", "application/json; charset=UTF-8")

  1881. 

  1882. 	err = db.Ping()

  1883. 	if err != nil {

  1884. 		fmt.Println("Bad database configuration: %v\n", err)

  1885. 		panic(err)

  1886. 		// maybe os.Exit(1) instead

  1887. 	}

  1888. 	

  1889. 	switch {

  1890. 	case match(p, "/api/login", &args) &&

  1891. 	r.Method == http.MethodPost:

  1892. 		login(w, db, r)

  1893. 	case match(p, "/api/token", &args) &&

  1894. 	r.Method == http.MethodGet && guard(r, 1):

  1895. 		getToken(w, db, r)

  1896. 	case match(p, "/api/letterhead", &args) &&

  1897. 	r.Method == http.MethodPost && guard(r, 1):

  1898. 		clipLetterhead(w, db, r)

  1899. 	case match(p, "/api/users", &args) && // Array of all users

  1900. 	r.Method == http.MethodGet && guard(r, 3):

  1901. 		getUsers(w, db, r)

  1902. 	case match(p, "/api/user", &args) &&

  1903. 	r.Method == http.MethodGet && guard(r, 1):

  1904. 		getUser(w, db, r)

  1905. 	case match(p, "/api/user", &args) &&

  1906. 	r.Method == http.MethodPost &&

  1907. 	guard(r, 3):

  1908. 		createUser(w, db, r)

  1909. 	case match(p, "/api/user", &args) &&

  1910. 	r.Method == http.MethodPatch &&

  1911. 	guard(r, 3): // For admin to modify any user

  1912. 		patchUser(w, db, r)

  1913. 	case match(p, "/api/user", &args) &&

  1914. 	r.Method == http.MethodPatch &&

  1915. 	guard(r, 1): // For employees to modify own accounts

  1916. 		patchSelf(w, db, r)

  1917. 	case match(p, "/api/user", &args) &&

  1918. 	r.Method == http.MethodDelete &&

  1919. 	guard(r, 3):

  1920. 		deleteUser(w, db, r)

  1921. 	case match(p, "/api/user/avatar", &args) &&

  1922. 	r.Method == http.MethodGet &&

  1923. 	guard(r, 1):

  1924. 		getAvatar(w, db, r)

  1925. 	case match(p, "/api/user/avatar", &args) &&

  1926. 	r.Method == http.MethodPost &&

  1927. 	guard(r, 1):

  1928. 		setAvatar(w, db, r)

  1929. 	case match(p, "/api/user/letterhead", &args) &&

  1930. 	r.Method == http.MethodGet &&

  1931. 	guard(r, 1):

  1932. 		getLetterhead(w, db, r)

  1933. 	case match(p, "/api/user/letterhead", &args) &&

  1934. 	r.Method == http.MethodPost &&

  1935. 	guard(r, 1):

  1936. 		setLetterhead(w, db, r)

  1937. 	case match(p, "/api/user/password", &args) &&

  1938. 	r.Method == http.MethodPost &&

  1939. 	guard(r, 1):

  1940. 		changePassword(w, db, r)

  1941. 	case match(p, "/api/fees", &args) &&

  1942. 	r.Method == http.MethodGet &&

  1943. 	guard(r, 1):

  1944. 		getFeesTemp(w, db, r)

  1945. 	case match(p, "/api/fee", &args) &&

  1946. 	r.Method == http.MethodPost &&

  1947. 	guard(r, 1):

  1948. 		createFeesTemp(w, db, r)

  1949. 	case match(p, "/api/fee", &args) &&

  1950. 	r.Method == http.MethodDelete &&

  1951. 	guard(r, 1):

  1952. 		deleteFeeTemp(w, db, r)

  1953. 	case match(p, "/api/estimates", &args) &&

  1954. 	r.Method == http.MethodGet &&

  1955. 	guard(r, 1):

  1956. 		fetchEstimate(w, db, r)

  1957. 	case match(p, "/api/estimate", &args) &&

  1958. 	r.Method == http.MethodPost &&

  1959. 	guard(r, 1):

  1960. 		createEstimate(w, db, r)

  1961. 	case match(p, "/api/estimate/validate", &args) &&

  1962. 	r.Method == http.MethodPost &&

  1963. 	guard(r, 1):

  1964. 		validateEstimate(w, db, r)

  1965. 	case match(p, "/api/estimate/summarize", &args) &&

  1966. 	r.Method == http.MethodPost &&

  1967. 	guard(r, 1):

  1968. 		summarize(w, db, r)

  1969. 	default:

  1970. 		http.Error(w, "Invalid route or token", 404)

  1971. 	}

  1972. 

  1973. 	db.Close()

  1974. }

  1975. 

  1976. func route(w http.ResponseWriter, r *http.Request) {

  1977. 	var page Page

  1978. 	var args []string

  1979. 	p := r.URL.Path

  1980. 

  1981.     switch {

  1982.     case r.Method == "GET" && match(p, "/", &args):

  1983.         page = pages[ "home" ]

  1984.     case match(p, "/terms", &args):

  1985.         page = pages[ "terms" ]

  1986.     case match(p, "/app", &args):

  1987.         page = pages[ "app" ]

  1988.     case match(p, "/test", &args):

  1989. 		showPDF(w, r)

  1990. 		return

  1991.     default:

  1992.         http.NotFound(w, r)

  1993.         return

  1994.     }

  1995. 

  1996.     page.Render(w)

  1997. }

  1998. 

  1999. func serve() {

  2000. 	files := http.FileServer(http.Dir(""))

  2001. 

  2002. 	http.Handle("/assets/", files)

  2003. 	http.HandleFunc("/api/", api)

  2004. 	http.HandleFunc("/", route)

  2005. 	log.Fatal(http.ListenAndServe(address, nil))

  2006. }

  2007. 

  2008. func dev(args []string) {

  2009. 	if len(args) == 0 {

  2010. 		os.Setenv("DBName", "skouter_dev")

  2011. 		os.Setenv("DBUser", "tester")

  2012. 		os.Setenv("DBPass", "test123")

  2013. 		serve()

  2014. 	}

  2015. }

  2016. 

  2017. func main() {

  2018. 	if len(os.Args) <= 1 {

  2019. 		serve()

  2020. 	}

  2021. 	

  2022. 	if os.Args[1] == "dev" {

  2023. 		dev(os.Args[2:])

  2024. 	}

  2025. }