Immanuel
/
skouter
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Skouter mortgage estimates. Web application with view written in PHP and Vue, but controller and models in Go.
153 Commits
1 Branch
11 MiB
 
 
 
 
 
 
Tree: eb33ae45e7
skouter/skouter.go

3836 lines
78 KiB
Raw Blame History 

  1. package main

  2. 

  3. import (

  4. 	"bytes"

  5. 	"database/sql"

  6. 	"encoding/base64"

  7. 	"encoding/json"

  8. 	"errors"

  9. 	"fmt"

  10. 	_ "github.com/go-sql-driver/mysql"

  11. 	"html/template"

  12. 	"io"

  13. 	"log"

  14. 	"math"

  15. 	"net/http"

  16. 	"net/http/httputil"

  17. 	"net/mail"

  18. 	"net/url"

  19. 	"os"

  20. 	"os/exec"

  21. 	"regexp"

  22. 	"strconv"

  23. 	"strings"

  24. 	"sync"

  25. 	"time"

  26. 	// pdf "github.com/SebastiaanKlippert/go-wkhtmltopdf"

  27. 	"github.com/brianvoe/gofakeit/v6"

  28. 	"github.com/disintegration/gift"

  29. 	"github.com/dustin/go-humanize"

  30. 	"github.com/golang-jwt/jwt/v4"

  31. 	"github.com/stripe/stripe-go/v76"

  32. 	"github.com/stripe/stripe-go/v76/customer"

  33. 	"github.com/stripe/stripe-go/v76/subscription"

  34. 	// "github.com/stripe/stripe-go/v76/invoice"

  35. 	// "github.com/stripe/stripe-go/v76/paymentintent"

  36. 	"github.com/stripe/stripe-go/v76/webhook"

  37. 	"image"

  38. 	_ "image/jpeg"

  39. 	"image/png"

  40. )

  41. 

  42. type Config struct {

  43. 	DBName     string

  44. 	DBUsername string

  45. 	DBPassword string

  46. }

  47. 

  48. type Address struct {

  49. 	Id      int    `json:"id"`

  50. 	Full    string `json:"full"`

  51. 	Street  string `json:"street"`

  52. 	City    string `json:"city"`

  53. 	Region  string `json:"region"`

  54. 	Country string `json:"country"`

  55. 	Zip     string `json:"zip"`

  56. }

  57. 

  58. type Branch struct {

  59. 	Id         int     `json:"id"`

  60. 	Name       string  `json:"name"`

  61. 	Type       string  `json:"type"`

  62. 	Letterhead []byte  `json:"letterhead"`

  63. 	Num        string  `json:"num"`

  64. 	Phone      string  `json:"phone"`

  65. 	Address    Address `json:"address"`

  66. }

  67. 

  68. type Subscription struct {

  69. 	Id	int     `json:"id"`

  70. 	UserId	int     `json:"userId"`

  71. 	StripeId	string  `json:"stripeId"`

  72. 	CustomerId	string  `json:"customerId"`

  73. 	PriceId	string  `json:"priceId"`

  74. 	Start	int     `json:"start"`

  75. 	End	int     `json:"end"`

  76. 	ClientSecret	string  `json:"clientSecret,omitempty"`

  77. 	PaymentStatus	string  `json:"paymentStatus"`

  78. 	Status	string  `json:"status"`

  79. }

  80. 

  81. type User struct {

  82. 	Id        int     `json:"id"`

  83. 	Email     string  `json:"email"`

  84. 	FirstName string  `json:"firstName"`

  85. 	LastName  string  `json:"lastName"`

  86. 	Phone     string  `json:"phone"`

  87. 	Address   Address `json:"address"`

  88. 	Branch    Branch  `json:"branch"`

  89. 	License   License `json:"license"`

  90. 	Sub   Subscription `json:"sub"`

  91. 	Status    string  `json:"status"`

  92. 	Country   string  `json:"country"`

  93. 	Title     string  `json:"title"`

  94. 	Verified  bool    `json:"verified"`

  95. 	Role      string  `json:"role"`

  96. 	Password  string  `json:"password,omitempty"`

  97. 	CustomerId  string  `json:"customerId"`

  98. }

  99. 

  100. type License struct {

  101. 	Id     int    `json:"id"`

  102. 	UserId int    `json:"userId"`

  103. 	Type   string `json:"type"`

  104. 	Num    string `json:"num"`

  105. }

  106. 

  107. type UserClaims struct {

  108. 	Id   int    `json:"id"`

  109. 	Role string `json:"role"`

  110. 	Exp  string `json:"exp"`

  111. }

  112. 

  113. type Page struct {

  114. 	tpl   *template.Template

  115. 	Title string

  116. 	Name  string

  117. }

  118. 

  119. type Borrower struct {

  120. 	Id     int `json:"id"`

  121. 	Credit int `json:"credit"`

  122. 	Income int `json:"income"`

  123. 	Num    int `json:"num"`

  124. }

  125. 

  126. type FeeTemplate struct {

  127. 	Id       int     `json:"id"`

  128. 	User     int     `json:"user"`

  129. 	Branch   int     `json:"branch"`

  130. 	Amount   int     `json:"amount"`

  131. 	Perc     float32 `json:"perc"`

  132. 	Type     string  `json:"type"`

  133. 	Notes    string  `json:"notes"`

  134. 	Name     string  `json:"name"`

  135. 	Category string  `json:"category"`

  136. 	Auto     bool    `json:"auto"`

  137. }

  138. 

  139. type Fee struct {

  140. 	Id       int     `json:"id"`

  141. 	LoanId   int     `json:"loan_id"`

  142. 	Amount   int     `json:"amount"`

  143. 	Perc     float32 `json:"perc"`

  144. 	Type     string  `json:"type"`

  145. 	Notes    string  `json:"notes"`

  146. 	Name     string  `json:"name"`

  147. 	Category string  `json:"category"`

  148. }

  149. 

  150. type LoanType struct {

  151. 	Id     int    `json:"id"`

  152. 	User   int    `json:"user"`

  153. 	Branch int    `json:"branch"`

  154. 	Name   string `json:"name"`

  155. }

  156. 

  157. type Loan struct {

  158. 	Id           int      `json:"id"`

  159. 	EstimateId   int      `json:"estimateId"`

  160. 	Type         LoanType `json:"type"`

  161. 	Amount       int      `json:"amount"`

  162. 	Amortization string   `json:"amortization"`

  163. 	Term         int      `json:"term"`

  164. 	Ltv          float32  `json:"ltv"`

  165. 	Dti          float32  `json:"dti"`

  166. 	Hoi          int      `json:"hoi"`

  167. 	Hazard       int      `json:"hazard"`

  168. 	Tax          int      `json:"tax"`

  169. 	Interest     float32  `json:"interest"`

  170. 	Mi           MI       `json:"mi"`

  171. 	Fees         []Fee    `json:"fees"`

  172. 	Credits      []Fee    // Fees with negative amounts for internal use

  173. 	Name         string   `json:"title"`

  174. 	Result       Result   `json:"result"`

  175. }

  176. 

  177. type MI struct {

  178. 	Type                string  `json:"user"`

  179. 	Label               string  `json:"label"`

  180. 	Lender              string  `json:"lender"`

  181. 	Rate                float32 `json:"rate"`

  182. 	Premium             int     `json:"premium"`

  183. 	Upfront             int     `json:"upfront"`

  184. 	Monthly             bool    `json:"monthly"`

  185. 	FiveYearTotal       float32 `json:"fiveYearTotal"`

  186. 	InitialAllInPremium float32 `json:"initialAllInPremium"`

  187. 	InitialAllInRate    float32 `json:"initialAllInRate"`

  188. 	InitialAmount       float32 `json:"initialAmount"`

  189. }

  190. 

  191. type Result struct {

  192. 	Id           int `json:"id"`

  193. 	LoanId       int `json:"loanId"`

  194. 	LoanPayment  int `json:"loanPayment"`

  195. 	TotalMonthly int `json:"totalMonthly"`

  196. 	TotalFees    int `json:"totalFees"`

  197. 	TotalCredits int `json:"totalCredits"`

  198. 	CashToClose  int `json:"cashToClose"`

  199. }

  200. 

  201. type Estimate struct {

  202. 	Id          int      `json:"id"`

  203. 	User        int      `json:"user"`

  204. 	Borrower    Borrower `json:"borrower"`

  205. 	Transaction string   `json:"transaction"`

  206. 	Price       int      `json:"price"`

  207. 	Property    string   `json:"property"`

  208. 	Occupancy   string   `json:"occupancy"`

  209. 	Zip         string   `json:"zip"`

  210. 	Pud         bool     `json:"pud"`

  211. 	Loans       []Loan   `json:"loans"`

  212. }

  213. 

  214. type ETemplate struct {

  215. 	Id       int      `json:"id"`

  216. 	Estimate Estimate `json:"estimate"`

  217. 	UserId   int      `json:"userId"`

  218. 	BranchId int      `json:"branchId"`

  219. }

  220. 

  221. type Report struct {

  222. 	Title      string

  223. 	Name       string

  224. 	Avatar     string

  225. 	Letterhead string

  226. 	User       User

  227. 	Estimate   Estimate

  228. }

  229. 

  230. type Password struct {

  231. 	Old string `json:"old"`

  232. 	New string `json:"new"`

  233. }

  234. 

  235. type Endpoint func(http.ResponseWriter, *sql.DB, *http.Request)

  236. 

  237. type HookKeys struct {

  238. 	InvoicePaid	string

  239. 	InvoiceFailed	string

  240. 	SubCreated	string

  241. 	SubUpdated	string

  242. 	SubDeleted	string

  243. }

  244. 

  245. var (

  246. 	regexen     = make(map[string]*regexp.Regexp)

  247. 	relock      sync.Mutex

  248. 	address     = "localhost:8001"

  249. 	mainAddress = "localhost:8002"

  250. )

  251. 

  252. var paths = map[string]string{

  253. 	"home":       "views/home.tpl",

  254. 	"terms":      "views/terms.tpl",

  255. 	"app":        "views/app.tpl",

  256. 	"comparison": "views/report/comparison.tpl",

  257. }

  258. 

  259. var pages = map[string]Page{

  260. 	"home":   cache("home", "Home"),

  261. 	"terms":  cache("terms", "Terms and Conditions"),

  262. 	"report": cachePdf("comparison"),

  263. 	"app":    cache("app", "App"),

  264. }

  265. 

  266. var roles = map[string]int{

  267. 	"User":    1,

  268. 	"Manager": 2,

  269. 	"Admin":   3,

  270. }

  271. 

  272. var statuses = map[string]int{

  273. 	"Unsubscribed":    1,

  274. 	"Trial":    2,

  275. 	"Free":    3,

  276. 	"Subscriber": 4,

  277. 	"Branch":   5,

  278. 	"Admin":   6,

  279. }

  280. 

  281. var propertyTypes = []string{

  282. 	"Single Detached",

  283. 	"Single Attached",

  284. 	"Condo Lo-rise",

  285. 	"Condo Hi-rise",

  286. }

  287. 

  288. var feeTypes = []string{

  289. 	"Government",

  290. 	"Title",

  291. 	"Required",

  292. 	"Lender",

  293. 	"Other",

  294. }

  295. 

  296. var hookKeys = HookKeys{

  297. 	InvoicePaid: "",

  298. 	InvoiceFailed: "",

  299. 	SubCreated: "",

  300. 	SubUpdated: "",

  301. 	SubDeleted: "",

  302. }

  303. 

  304. var standardPriceId = "price_1OZLK9BPMoXn2pf9kuTAf8rs"

  305. 

  306. // Used to validate claim in JWT token body. Checks if user id is greater than

  307. // zero and time format is valid

  308. func (c UserClaims) Valid() error {

  309. 	if c.Id < 1 {

  310. 		return errors.New("Invalid id")

  311. 	}

  312. 	t, err := time.Parse(time.UnixDate, c.Exp)

  313. 	if err != nil {

  314. 		return err

  315. 	}

  316. 	if t.Before(time.Now()) {

  317. 		return errors.New("Token expired.")

  318. 	}

  319. 	return err

  320. }

  321. 

  322. func cache(name string, title string) Page {

  323. 	var p = []string{"views/master.tpl", paths[name]}

  324. 	tpl := template.Must(template.ParseFiles(p...))

  325. 	return Page{tpl: tpl, Title: title, Name: name}

  326. }

  327. 

  328. func cachePdf(name string) Page {

  329. 	// Money is stored in cents, so it must be converted to dollars in reports

  330. 	dollars := func(cents int) string {

  331. 		return humanize.Commaf(float64(cents) / 100)

  332. 	}

  333. 

  334. 	// For calculating down payments

  335. 	diff := func(a, b int) string {

  336. 		return humanize.Commaf(float64(b-a) / 100)

  337. 	}

  338. 

  339. 	sortFees := func(ftype string, fees []Fee) []Fee {

  340. 		result := make([]Fee, 0)

  341. 		for i := range fees {

  342. 			if fees[i].Type != ftype {

  343. 				continue

  344. 			}

  345. 			result = append(result, fees[i])

  346. 		}

  347. 		return result

  348. 	}

  349. 

  350. 	fm := template.FuncMap{

  351. 		"dollars":  dollars,

  352. 		"diff":     diff,

  353. 		"sortFees": sortFees}

  354. 

  355. 	var p = []string{"views/report/master.tpl",

  356. 		"views/report/header.tpl",

  357. 		"views/report/summary.tpl",

  358. 		"views/report/comparison.tpl"}

  359. 

  360. 	tpl := template.Must(template.New("master.tpl").Funcs(fm).ParseFiles(p...))

  361. 	return Page{tpl: tpl, Title: "", Name: name}

  362. }

  363. 

  364. func (page Page) Render(w http.ResponseWriter) {

  365. 	err := page.tpl.Execute(w, page)

  366. 	if err != nil {

  367. 		log.Print(err)

  368. 	}

  369. }

  370. 

  371. func match(path, pattern string, args *[]string) bool {

  372. 	relock.Lock()

  373. 	defer relock.Unlock()

  374. 	regex := regexen[pattern]

  375. 

  376. 	if regex == nil {

  377. 		regex = regexp.MustCompile("^" + pattern + "$")

  378. 		regexen[pattern] = regex

  379. 	}

  380. 

  381. 	matches := regex.FindStringSubmatch(path)

  382. 	if len(matches) <= 0 {

  383. 		return false

  384. 	}

  385. 

  386. 	*args = matches[1:]

  387. 	return true

  388. }

  389. 

  390. func (estimate *Estimate) makeResults() []Result {

  391. 	var results []Result

  392. 	amortize := func(principle float64, rate float64, periods float64) int {

  393. 		exp := math.Pow(1+rate, periods)

  394. 		return int(principle * rate * exp / (exp - 1))

  395. 	}

  396. 

  397. 	for i := range estimate.Loans {

  398. 		var loan = &estimate.Loans[i]

  399. 		var result Result = Result{}

  400. 		// Monthly payments use amortized loan payment formula plus monthly MI,

  401. 		// plus all other recurring fees

  402. 		result.LoanPayment = amortize(float64(loan.Amount),

  403. 			float64(loan.Interest/100/12),

  404. 			float64(loan.Term*12))

  405. 		result.TotalMonthly = result.LoanPayment + loan.Hoi + loan.Tax + loan.Hazard

  406. 		if loan.Mi.Monthly {

  407. 			result.TotalMonthly = result.TotalMonthly +

  408. 				int(loan.Mi.Rate/100/12*float32(loan.Amount))

  409. 		} else {

  410. 			loan.Mi.Upfront = int(loan.Mi.Rate / 100 * float32(loan.Amount))

  411. 		}

  412. 

  413. 		for i := range loan.Fees {

  414. 			if loan.Fees[i].Amount > 0 {

  415. 				result.TotalFees = result.TotalFees + loan.Fees[i].Amount

  416. 			} else {

  417. 				result.TotalCredits = result.TotalCredits + loan.Fees[i].Amount

  418. 			}

  419. 		}

  420. 

  421. 		result.CashToClose =

  422. 			result.TotalFees + result.TotalCredits + (estimate.Price - loan.Amount)

  423. 		result.LoanId = loan.Id

  424. 

  425. 		loan.Result = result

  426. 		results = append(results, result)

  427. 	}

  428. 

  429. 	return results

  430. }

  431. 

  432. func summarize(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  433. 	var estimate Estimate

  434. 	err := json.NewDecoder(r.Body).Decode(&estimate)

  435. 	if err != nil {

  436. 		http.Error(w, "Invalid estimate.", 422)

  437. 		return

  438. 	}

  439. 	estimate.makeResults()

  440. 

  441. 	json.NewEncoder(w).Encode(estimate)

  442. }

  443. 

  444. func getLoanType(db *sql.DB, id int) (LoanType, error) {

  445. 	types, err := getLoanTypes(db, id, 0, 0)

  446. 	if err != nil {

  447. 		return LoanType{Id: id}, err

  448. 	}

  449. 	if len(types) == 0 {

  450. 		return LoanType{Id: id}, errors.New("No type with that id")

  451. 	}

  452. 

  453. 	return types[0], nil

  454. }

  455. 

  456. func getLoanTypes(db *sql.DB, id int, user int, branch int) (

  457. 	[]LoanType, error) {

  458. 	var loans []LoanType

  459. 	var query = `SELECT

  460. 	id,

  461. 	coalesce(user_id, 0),

  462. 	coalesce(branch_id, 0),

  463. 	name

  464. 	FROM loan_type WHERE loan_type.id = CASE @e := ? WHEN 0 THEN id ELSE @e END

  465. 	OR

  466. 	loan_type.user_id = CASE @e := ? WHEN 0 THEN id ELSE @e END

  467. 	OR

  468. 	loan_type.branch_id = CASE @e := ? WHEN 0 THEN id ELSE @e END`

  469. 

  470. 	// Should be changed to specify user

  471. 	rows, err := db.Query(query, id, user, branch)

  472. 

  473. 	if err != nil {

  474. 		return nil, fmt.Errorf("loan_type error: %v", err)

  475. 	}

  476. 

  477. 	defer rows.Close()

  478. 

  479. 	for rows.Next() {

  480. 		var loan LoanType

  481. 

  482. 		if err := rows.Scan(

  483. 			&loan.Id,

  484. 			&loan.User,

  485. 			&loan.Branch,

  486. 			&loan.Name); err != nil {

  487. 			log.Printf("Error occured fetching loan: %v", err)

  488. 			return nil, fmt.Errorf("Error occured fetching loan: %v", err)

  489. 		}

  490. 

  491. 		loans = append(loans, loan)

  492. 	}

  493. 

  494. 	return loans, nil

  495. }

  496. 

  497. func getFees(db *sql.DB, loan int) ([]Fee, error) {

  498. 	var fees []Fee

  499. 

  500. 	query := `SELECT id, loan_id, amount, perc, type, notes, name, category

  501. 	FROM fee

  502. 	WHERE loan_id = ?`

  503. 

  504. 	rows, err := db.Query(query, loan)

  505. 

  506. 	if err != nil {

  507. 		return nil, fmt.Errorf("Fee query error %v", err)

  508. 	}

  509. 

  510. 	defer rows.Close()

  511. 

  512. 	for rows.Next() {

  513. 		var fee Fee

  514. 

  515. 		if err := rows.Scan(

  516. 			&fee.Id,

  517. 			&fee.LoanId,

  518. 			&fee.Amount,

  519. 			&fee.Perc,

  520. 			&fee.Type,

  521. 			&fee.Notes,

  522. 			&fee.Name,

  523. 			&fee.Category,

  524. 		); err != nil {

  525. 			return nil, fmt.Errorf("Fees scanning error: %v", err)

  526. 		}

  527. 

  528. 		fees = append(fees, fee)

  529. 	}

  530. 

  531. 	return fees, nil

  532. }

  533. 

  534. func fetchFeesTemp(db *sql.DB, user int, branch int) ([]FeeTemplate, error) {

  535. 	var fees []FeeTemplate

  536. 	query := `SELECT

  537. 	id, user_id, COALESCE(branch_id, 0), amount, perc, type, notes, name,

  538. 	category, auto

  539. 	FROM fee_template

  540. 	WHERE user_id = ? OR branch_id = ?

  541. 	`

  542. 

  543. 	rows, err := db.Query(query, user, branch)

  544. 

  545. 	if err != nil {

  546. 		return nil, fmt.Errorf("Fee template query error %v", err)

  547. 	}

  548. 

  549. 	defer rows.Close()

  550. 

  551. 	for rows.Next() {

  552. 		var fee FeeTemplate

  553. 

  554. 		if err := rows.Scan(

  555. 			&fee.Id,

  556. 			&fee.User,

  557. 			&fee.Branch,

  558. 			&fee.Amount,

  559. 			&fee.Perc,

  560. 			&fee.Type,

  561. 			&fee.Notes,

  562. 			&fee.Name,

  563. 			&fee.Category,

  564. 			&fee.Auto); err != nil {

  565. 			return nil, fmt.Errorf("FeesTemplate scanning error: %v", err)

  566. 		}

  567. 

  568. 		fees = append(fees, fee)

  569. 	}

  570. 

  571. 	return fees, nil

  572. }

  573. 

  574. // Fetch fees from the database

  575. func getFeesTemp(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  576. 	var fees []FeeTemplate

  577. 	claims, err := getClaims(r)

  578. 	if err != nil {

  579. 		w.WriteHeader(500)

  580. 		return

  581. 	}

  582. 	user, err := queryUser(db, claims.Id)

  583. 	if err != nil {

  584. 		w.WriteHeader(422)

  585. 		return

  586. 	}

  587. 

  588. 	fees, err = fetchFeesTemp(db, claims.Id, user.Branch.Id)

  589. 	json.NewEncoder(w).Encode(fees)

  590. }

  591. 

  592. // Fetch fees from the database

  593. func createFeesTemp(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  594. 	var fee FeeTemplate

  595. 	var query string

  596. 	var row *sql.Row

  597. 	var err error

  598. 

  599. 	claims, err := getClaims(r)

  600. 	// var id int // Inserted estimate's id

  601. 	err = json.NewDecoder(r.Body).Decode(&fee)

  602. 	if err != nil {

  603. 		w.WriteHeader(422)

  604. 		return

  605. 	}

  606. 

  607. 	query = `INSERT INTO fee_template

  608. 	(

  609. 		user_id,

  610. 		branch_id,

  611. 		amount,

  612. 		perc,

  613. 		type,

  614. 		notes,

  615. 		name,

  616. 		auto

  617. 	)

  618. 	VALUES (?, NULL, ?, ?, ?, ?, ?, ?)

  619. 	RETURNING id

  620. 	`

  621. 	row = db.QueryRow(query,

  622. 		claims.Id,

  623. 		fee.Amount,

  624. 		fee.Perc,

  625. 		fee.Type,

  626. 		fee.Notes,

  627. 		fee.Name,

  628. 		fee.Auto,

  629. 	)

  630. 

  631. 	err = row.Scan(&fee.Id)

  632. 	if err != nil {

  633. 		w.WriteHeader(500)

  634. 		return

  635. 	}

  636. 

  637. 	json.NewEncoder(w).Encode(fee)

  638. }

  639. 

  640. // Fetch fees from the database

  641. func deleteFeeTemp(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  642. 	var fee FeeTemplate

  643. 	var query string

  644. 	var err error

  645. 

  646. 	// claims, err := getClaims(r)

  647. 	// var id int // Inserted estimate's id

  648. 	err = json.NewDecoder(r.Body).Decode(&fee)

  649. 	if err != nil {

  650. 		w.WriteHeader(422)

  651. 		return

  652. 	}

  653. 

  654. 	query = `DELETE FROM fee_template WHERE id = ?`

  655. 	_, err = db.Exec(query, fee.Id)

  656. 	if err != nil {

  657. 		w.WriteHeader(500)

  658. 		return

  659. 	}

  660. }

  661. 

  662. func deleteEstimate(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  663. 	var estimate Estimate

  664. 	var err error

  665. 

  666. 	err = json.NewDecoder(r.Body).Decode(&estimate)

  667. 	if err != nil {

  668. 		w.WriteHeader(422)

  669. 		return

  670. 	}

  671. 

  672. 	claims, err := getClaims(r)

  673. 	err = estimate.del(db, claims.Id)

  674. 	if err != nil {

  675. 		http.Error(w, err.Error(), 500)

  676. 		return

  677. 	}

  678. }

  679. 

  680. func deleteET(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  681. 	var et ETemplate

  682. 	var err error

  683. 

  684. 	err = json.NewDecoder(r.Body).Decode(&et)

  685. 	if err != nil {

  686. 		w.WriteHeader(422)

  687. 		return

  688. 	}

  689. 

  690. 	claims, err := getClaims(r)

  691. 	err = et.del(db, claims.Id)

  692. 	if err != nil {

  693. 		http.Error(w, err.Error(), 500)

  694. 		return

  695. 	}

  696. }

  697. 

  698. func getMi(db *sql.DB, loan int) (MI, error) {

  699. 	var mi MI

  700. 

  701. 	query := `SELECT

  702. 	type, label, lender, rate, premium, upfront, five_year_total,

  703. 	initial_premium, initial_rate, initial_amount

  704. 	FROM mi WHERE loan_id = ?`

  705. 

  706. 	rows, err := db.Query(query, loan)

  707. 	if err != nil {

  708. 		return mi, err

  709. 	}

  710. 

  711. 	defer rows.Close()

  712. 

  713. 	if !rows.Next() {

  714. 		return mi, nil

  715. 	}

  716. 

  717. 	if err := rows.Scan(

  718. 		&mi.Type,

  719. 		&mi.Label,

  720. 		&mi.Lender,

  721. 		&mi.Rate,

  722. 		&mi.Premium,

  723. 		&mi.Upfront,

  724. 		&mi.FiveYearTotal,

  725. 		&mi.InitialAllInPremium,

  726. 		&mi.InitialAllInRate,

  727. 		&mi.InitialAmount,

  728. 	); err != nil {

  729. 		return mi, err

  730. 	}

  731. 

  732. 	return mi, nil

  733. }

  734. 

  735. func (estimate *Estimate) getBorrower(db *sql.DB) error {

  736. 	query := `SELECT id, credit_score, monthly_income, num FROM borrower

  737. 		WHERE estimate_id = ? LIMIT 1`

  738. 

  739. 	row := db.QueryRow(query, estimate.Id)

  740. 

  741. 	if err := row.Scan(

  742. 		&estimate.Borrower.Id,

  743. 		&estimate.Borrower.Credit,

  744. 		&estimate.Borrower.Income,

  745. 		&estimate.Borrower.Num,

  746. 	); err != nil {

  747. 		return fmt.Errorf("Borrower scanning error: %v", err)

  748. 	}

  749. 

  750. 	return nil

  751. }

  752. 

  753. // Query Lender APIs and parse responses into MI structs

  754. func fetchMi(db *sql.DB, estimate *Estimate, pos int) []MI {

  755. 	var loan Loan = estimate.Loans[pos]

  756. 

  757. 	var ltv = func(l float32) string {

  758. 		switch {

  759. 		case l > 95:

  760. 			return "LTV97"

  761. 		case l > 90:

  762. 			return "LTV95"

  763. 		case l > 85:

  764. 			return "LTV90"

  765. 		default:

  766. 			return "LTV85"

  767. 		}

  768. 	}

  769. 

  770. 	var term = func(t int) string {

  771. 		switch {

  772. 		case t <= 10:

  773. 			return "A10"

  774. 		case t <= 15:

  775. 			return "A15"

  776. 		case t <= 20:

  777. 			return "A20"

  778. 		case t <= 25:

  779. 			return "A25"

  780. 		case t <= 30:

  781. 			return "A30"

  782. 		default:

  783. 			return "A40"

  784. 		}

  785. 	}

  786. 

  787. 	var propertyCodes = map[string]string{

  788. 		"Single Attached": "SFO",

  789. 		"Single Detached": "SFO",

  790. 		"Condo Lo-rise":   "CON",

  791. 		"Condo Hi-rise":   "CON",

  792. 	}

  793. 

  794. 	var purposeCodes = map[string]string{

  795. 		"Purchase":  "PUR",

  796. 		"Refinance": "RRT",

  797. 	}

  798. 

  799. 	body, err := json.Marshal(map[string]any{

  800. 		"zipCode":                estimate.Zip,

  801. 		"stateCode":              "CA",

  802. 		"address":                "",

  803. 		"propertyTypeCode":       propertyCodes[estimate.Property],

  804. 		"occupancyTypeCode":      "PRS",

  805. 		"loanPurposeCode":        purposeCodes[estimate.Transaction],

  806. 		"loanAmount":             loan.Amount,

  807. 		"loanToValue":            ltv(loan.Ltv),

  808. 		"amortizationTerm":       term(loan.Term),

  809. 		"loanTypeCode":           "FXD",

  810. 		"duLpDecisionCode":       "DAE",

  811. 		"loanProgramCodes":       []any{},

  812. 		"debtToIncome":           loan.Dti,

  813. 		"wholesaleLoan":          0,

  814. 		"coveragePercentageCode": "L30",

  815. 		"productCode":            "BPM",

  816. 		"renewalTypeCode":        "CON",

  817. 		"numberOfBorrowers":      1,

  818. 		"coBorrowerCreditScores": []any{},

  819. 		"borrowerCreditScore":    strconv.Itoa(estimate.Borrower.Credit),

  820. 		"masterPolicy":           nil,

  821. 		"selfEmployedIndicator":  false,

  822. 		"armType":                "",

  823. 		"userId":                 44504,

  824. 	})

  825. 	/*

  826. 		if err != nil {

  827. 			log.Printf("Could not marshal NationalMI body: \n%v\n%v\n",

  828. 			bytes.NewBuffer(body), err)

  829. 			func queryAddress(db *sql.DB, id int) ( Address, error ) {

  830. 				var address Address = Address{Id: id}

  831. 				var err error

  832. 

  833. 				row := db.QueryRow(

  834. 					`SELECT id, full_address, street, city, region, country, zip

  835. 					FROM address WHERE id = ?`, id)

  836. 

  837. 				err = row.Scan(

  838. 					&address.Id,

  839. 					&address.Full,

  840. 					&address.Street,

  841. 					&address.City,

  842. 					&address.Region,

  843. 					&address.Country,

  844. 					&address.Zip,

  845. 					)

  846. 

  847. 				return address, err

  848. 		}

  849. 		}

  850. 	*/

  851. 

  852. 	req, err := http.NewRequest("POST",

  853. 		"https://rate-gps.nationalmi.com/rates/productRateQuote",

  854. 		bytes.NewBuffer(body))

  855. 	req.Header.Add("Content-Type", "application/json")

  856. 

  857. 	req.AddCookie(&http.Cookie{

  858. 		Name:  "nmirategps_email",

  859. 		Value: os.Getenv("NationalMIEmail")})

  860. 

  861. 	resp, err := http.DefaultClient.Do(req)

  862. 	var res map[string]interface{}

  863. 	var result []MI

  864. 

  865. 	if resp.StatusCode != 200 {

  866. 		log.Printf("the status: %v\nthe resp: %v\n the req: %v\n the body: %v\n",

  867. 			resp.Status, resp, req.Body, bytes.NewBuffer(body))

  868. 	} else {

  869. 		json.NewDecoder(resp.Body).Decode(&res)

  870. 		// estimate.Loans[pos].Mi = res

  871. 		// Parse res into result here

  872. 	}

  873. 

  874. 	log.Println(err)

  875. 

  876. 	return result

  877. }

  878. 

  879. // Make comparison PDF

  880. func generatePDF(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  881. }

  882. 

  883. func login(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  884. 	var id int

  885. 	var role string

  886. 	var err error

  887. 	var user User

  888. 	json.NewDecoder(r.Body).Decode(&user)

  889. 

  890. 	row := db.QueryRow(

  891. 		`SELECT id, role FROM user WHERE email = ? AND password = sha2(?, 256)`,

  892. 		user.Email, user.Password,

  893. 	)

  894. 

  895. 	err = row.Scan(&id, &role)

  896. 	if err != nil {

  897. 		http.Error(w, "Invalid Credentials.", http.StatusUnauthorized)

  898. 		return

  899. 	}

  900. 

  901. 	err = setTokenCookie(id, role, w)

  902. 	if err != nil {

  903. 		http.Error(w, err.Error(), 500)

  904. 	}

  905. }

  906. 

  907. func setTokenCookie(id int, role string, w http.ResponseWriter) error {

  908. 	token := jwt.NewWithClaims(jwt.SigningMethodHS256,

  909. 		UserClaims{Id: id, Role: role,

  910. 			Exp: time.Now().Add(time.Minute * 30).Format(time.UnixDate)})

  911. 

  912. 	tokenStr, err := token.SignedString([]byte(os.Getenv("JWT_SECRET")))

  913. 	if err != nil {

  914. 		log.Println("Token could not be signed: ", err, tokenStr)

  915. 		return err

  916. 	}

  917. 	

  918. 	cookie := http.Cookie{Name: "skouter",

  919. 	Value:   tokenStr,

  920. 	Path:    "/",

  921. 	Expires: time.Now().Add(time.Hour * 1)}

  922. 	http.SetCookie(w, &cookie)

  923. 	

  924. 	return nil

  925. }

  926. 

  927. func getToken(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  928. 	claims, _ := getClaims(r)

  929. 	

  930. 	err := setTokenCookie(claims.Id, claims.Role, w)

  931. 

  932. 	if err != nil {

  933. 		http.Error(w,

  934. 			"Token generation error",

  935. 			http.StatusInternalServerError)

  936. 	}

  937. }

  938. 

  939. func getClaims(r *http.Request) (UserClaims, error) {

  940. 	claims := new(UserClaims)

  941. 	_, tokenStr, found := strings.Cut(r.Header.Get("Authorization"), " ")

  942. 

  943. 	if !found {

  944. 		return *claims, errors.New("Token not found")

  945. 	}

  946. 

  947. 	// Pull token payload into UserClaims

  948. 	_, err := jwt.ParseWithClaims(tokenStr, claims,

  949. 		func(token *jwt.Token) (any, error) {

  950. 			return []byte(os.Getenv("JWT_SECRET")), nil

  951. 		})

  952. 

  953. 	if err != nil {

  954. 		return *claims, err

  955. 	}

  956. 

  957. 	if err = claims.Valid(); err != nil {

  958. 		return *claims, err

  959. 	}

  960. 

  961. 	return *claims, nil

  962. }

  963. 

  964. func guard(r *http.Request, required int) bool {

  965. 	claims, err := getClaims(r)

  966. 	if err != nil {

  967. 		return false

  968. 	}

  969. 	if roles[claims.Role] < required {

  970. 		return false

  971. 	}

  972. 	

  973. 

  974. 	return true

  975. }

  976. 

  977. // Inserts an address and returns it's ID along with any errors.

  978. func insertAddress(db *sql.DB, address Address) (int, error) {

  979. 	var query string

  980. 	var row *sql.Row

  981. 	var err error

  982. 	var id int // Inserted user's id

  983. 

  984. 	query = `INSERT INTO address

  985. 	(

  986. 		full_address,

  987. 		street,

  988. 		city,

  989. 		region,

  990. 		country,

  991. 		zip

  992. 	)

  993. 	VALUES (?, ?, ?, ?, ?, ?)

  994. 	RETURNING id 

  995. 	`

  996. 

  997. 	row = db.QueryRow(query,

  998. 		address.Full,

  999. 		address.Street,

  1000. 		address.City,

  1001. 		address.Region,

  1002. 		address.Country,

  1003. 		address.Zip,

  1004. 	)

  1005. 

  1006. 	err = row.Scan(&id)

  1007. 

  1008. 	return id, err

  1009. }

  1010. 

  1011. // Inserts an address and returns it's ID along with any errors.

  1012. func insertBranch(db *sql.DB, branch Branch) (int, error) {

  1013. 	var query string

  1014. 	var row *sql.Row

  1015. 	var err error

  1016. 	var id int // Inserted user's id

  1017. 

  1018. 	query = `INSERT INTO branch

  1019. 	(

  1020. 		name,

  1021. 		type,

  1022. 		letterhead,

  1023. 		num,

  1024. 		phone,

  1025. 		address

  1026. 	)

  1027. 	VALUES (?, ?, ?, ?, ?, ?)

  1028. 	RETURNING id 

  1029. 	`

  1030. 

  1031. 	row = db.QueryRow(query,

  1032. 		branch.Name,

  1033. 		branch.Type,

  1034. 		branch.Letterhead,

  1035. 		branch.Num,

  1036. 		branch.Phone,

  1037. 		branch.Address.Id,

  1038. 	)

  1039. 

  1040. 	err = row.Scan(&id)

  1041. 

  1042. 	return id, err

  1043. }

  1044. 

  1045. // Inserts an address and returns it's ID along with any errors.

  1046. func insertLicense(db *sql.DB, license License) (int, error) {

  1047. 	var query string

  1048. 	var row *sql.Row

  1049. 	var err error

  1050. 	var id int // Inserted license's id

  1051. 

  1052. 	query = `INSERT INTO license

  1053. 	(

  1054. 		user_id,

  1055. 		type,

  1056. 		num

  1057. 	)

  1058. 	VALUES (?, ?, ?)

  1059. 	RETURNING id 

  1060. 	`

  1061. 

  1062. 	row = db.QueryRow(query,

  1063. 		license.UserId,

  1064. 		license.Type,

  1065. 		license.Num,

  1066. 	)

  1067. 

  1068. 	err = row.Scan(&id)

  1069. 

  1070. 	return id, err

  1071. }

  1072. 

  1073. func queryLicense(db *sql.DB, user int) (License, error) {

  1074. 	var license License = License{UserId: user}

  1075. 	var err error

  1076. 

  1077. 	row := db.QueryRow(

  1078. 		`SELECT id, type, num FROM license WHERE user_id = ?`,

  1079. 		user)

  1080. 

  1081. 	err = row.Scan(

  1082. 		&license.Id,

  1083. 		&license.Type,

  1084. 		&license.Num,

  1085. 	)

  1086. 

  1087. 	return license, err

  1088. }

  1089. 

  1090. func queryAddress(db *sql.DB, id int) (Address, error) {

  1091. 	var address Address = Address{Id: id}

  1092. 	var err error

  1093. 

  1094. 	row := db.QueryRow(

  1095. 		`SELECT id, full_address, street, city, region, country, zip

  1096. 		FROM address WHERE id = ?`, id)

  1097. 

  1098. 	err = row.Scan(

  1099. 		&address.Id,

  1100. 		&address.Full,

  1101. 		&address.Street,

  1102. 		&address.City,

  1103. 		&address.Region,

  1104. 		&address.Country,

  1105. 		&address.Zip,

  1106. 	)

  1107. 

  1108. 	return address, err

  1109. }

  1110. 

  1111. func queryBranch(db *sql.DB, id int) (Branch, error) {

  1112. 	var branch Branch = Branch{Id: id}

  1113. 	var err error

  1114. 

  1115. 	row := db.QueryRow(

  1116. 		`SELECT id, name, type, letterhead, num, phone, address

  1117. 		FROM branch WHERE id = ?`, id)

  1118. 

  1119. 	err = row.Scan(

  1120. 		&branch.Id,

  1121. 		&branch.Name,

  1122. 		&branch.Type,

  1123. 		&branch.Letterhead,

  1124. 		&branch.Num,

  1125. 		&branch.Phone,

  1126. 		&branch.Address.Id,

  1127. 	)

  1128. 

  1129. 	return branch, err

  1130. }

  1131. 

  1132. func queryUser(db *sql.DB, id int) (User, error) {

  1133. 	var user User

  1134. 	var query string

  1135. 	var err error

  1136. 

  1137. 	query = `SELECT

  1138. 	u.id,

  1139. 	u.email,

  1140. 	u.first_name,

  1141. 	u.last_name,

  1142. 	coalesce(u.branch_id, 0),

  1143. 	u.country,

  1144. 	u.title,

  1145. 	coalesce(u.status, ''),

  1146. 	coalesce(u.customer_id, ''),

  1147. 	u.verified,

  1148. 	u.role,

  1149. 	u.address,

  1150. 	u.phone

  1151. 	FROM user u WHERE u.id = ?

  1152. 	`

  1153. 	row := db.QueryRow(query, id)

  1154. 

  1155. 	if err != nil {

  1156. 		return user, err

  1157. 	}

  1158. 

  1159. 	err = row.Scan(

  1160. 		&user.Id,

  1161. 		&user.Email,

  1162. 		&user.FirstName,

  1163. 		&user.LastName,

  1164. 		&user.Branch.Id,

  1165. 		&user.Country,

  1166. 		&user.Title,

  1167. 		&user.Status,

  1168. 		&user.CustomerId,

  1169. 		&user.Verified,

  1170. 		&user.Role,

  1171. 		&user.Address.Id,

  1172. 		&user.Phone,

  1173. 	)

  1174. 

  1175. 	if err != nil {

  1176. 		return user, err

  1177. 	}

  1178. 

  1179. 	user.Address, err = queryAddress(db, user.Address.Id)

  1180. 	if err != nil {

  1181. 		return user, err

  1182. 	}

  1183. 

  1184. 	if user.Branch.Id > 0 {

  1185. 		user.Branch, err = queryBranch(db, user.Branch.Id)

  1186. 		if err != nil {

  1187. 			return user, err

  1188. 		}

  1189. 	}

  1190. 

  1191. 	return user, nil

  1192. }

  1193. 

  1194. func queryCustomer(db *sql.DB, id string) (User, error) {

  1195. 	var user User

  1196. 	var query string

  1197. 	var err error

  1198. 

  1199. 	query = `SELECT

  1200. 	u.id,

  1201. 	u.email,

  1202. 	u.first_name,

  1203. 	u.last_name,

  1204. 	coalesce(u.branch_id, 0),

  1205. 	u.country,

  1206. 	u.title,

  1207. 	coalesce(u.status, ''),

  1208. 	coalesce(u.customer_id, ''),

  1209. 	u.verified,

  1210. 	u.role,

  1211. 	u.address,

  1212. 	u.phone

  1213. 	FROM user u WHERE u.customer_id = ?

  1214. 	`

  1215. 	row := db.QueryRow(query, id)

  1216. 

  1217. 	if err != nil {

  1218. 		return user, err

  1219. 	}

  1220. 

  1221. 	err = row.Scan(

  1222. 		&user.Id,

  1223. 		&user.Email,

  1224. 		&user.FirstName,

  1225. 		&user.LastName,

  1226. 		&user.Branch.Id,

  1227. 		&user.Country,

  1228. 		&user.Title,

  1229. 		&user.Status,

  1230. 		&user.CustomerId,

  1231. 		&user.Verified,

  1232. 		&user.Role,

  1233. 		&user.Address.Id,

  1234. 		&user.Phone,

  1235. 	)

  1236. 

  1237. 	if err != nil {

  1238. 		return user, err

  1239. 	}

  1240. 

  1241. 	user.Address, err = queryAddress(db, user.Address.Id)

  1242. 	if err != nil {

  1243. 		return user, err

  1244. 	}

  1245. 

  1246. 	user.Branch, err = queryBranch(db, user.Branch.Id)

  1247. 	if err != nil {

  1248. 		return user, err

  1249. 	}

  1250. 

  1251. 	return user, nil

  1252. }

  1253. 

  1254. // Can probably be deleted.

  1255. func queryUsers(db *sql.DB, id int) ([]User, error) {

  1256. 	var users []User

  1257. 	var query string

  1258. 	var rows *sql.Rows

  1259. 	var err error

  1260. 

  1261. 	query = `SELECT

  1262. 	u.id,

  1263. 	u.email,

  1264. 	u.first_name,

  1265. 	u.last_name,

  1266. 	coalesce(u.branch_id, 0),

  1267. 	u.country,

  1268. 	u.title,

  1269. 	coalesce(u.status, ''),

  1270. 	u.verified,

  1271. 	u.role,

  1272. 	u.address,

  1273. 	u.phone

  1274. 	FROM user u WHERE u.id = CASE @e := ? WHEN 0 THEN u.id ELSE @e END

  1275. 	`

  1276. 	rows, err = db.Query(query, id)

  1277. 

  1278. 	if err != nil {

  1279. 		return users, err

  1280. 	}

  1281. 

  1282. 	defer rows.Close()

  1283. 

  1284. 	for rows.Next() {

  1285. 		var user User

  1286. 

  1287. 		if err := rows.Scan(

  1288. 			&user.Id,

  1289. 			&user.Email,

  1290. 			&user.FirstName,

  1291. 			&user.LastName,

  1292. 			&user.Branch.Id,

  1293. 			&user.Country,

  1294. 			&user.Title,

  1295. 			&user.Status,

  1296. 			&user.Verified,

  1297. 			&user.Role,

  1298. 			&user.Address.Id,

  1299. 			&user.Phone,

  1300. 		); err != nil {

  1301. 			return users, err

  1302. 		}

  1303. 

  1304. 		user.Address, err = queryAddress(db, user.Address.Id)

  1305. 		if err != nil {

  1306. 			return users, err

  1307. 		}

  1308. 

  1309. 		user.Branch, err = queryBranch(db, user.Branch.Id)

  1310. 		if err != nil {

  1311. 			return users, err

  1312. 		}

  1313. 

  1314. 		users = append(users, user)

  1315. 	}

  1316. 

  1317. 	// Prevents runtime panics

  1318. 	if len(users) == 0 {

  1319. 		return users, errors.New("User not found.")

  1320. 	}

  1321. 

  1322. 	return users, nil

  1323. }

  1324. 

  1325. func querySub(db *sql.DB, id int) (Subscription, error) {

  1326. 	var query string

  1327. 	var err error

  1328. 	var s Subscription

  1329. 

  1330. 	query = `SELECT

  1331. 	id,

  1332. 	stripe_id,

  1333. 	user_id,

  1334. 	customer_id,

  1335. 	current_period_end,

  1336. 	current_period_start,

  1337. 	client_secret,

  1338. 	payment_status

  1339. 	FROM subscription WHERE id = ?

  1340. 	`

  1341. 	row := db.QueryRow(query, id)

  1342. 

  1343. 	err = row.Scan(

  1344. 		&s.Id,

  1345. 		&s.StripeId,

  1346. 		&s.CustomerId,

  1347. 		&s.End,

  1348. 		&s.Start,

  1349. 		&s.ClientSecret,

  1350. 		&s.PaymentStatus,

  1351. 	)

  1352. 

  1353. 	return s, err

  1354. }

  1355. 

  1356. func (user *User) querySub(db *sql.DB) error {

  1357. 	var query string

  1358. 	var err error

  1359. 

  1360. 	query = `SELECT

  1361. 	id,

  1362. 	stripe_id,

  1363. 	user_id,

  1364. 	customer_id,

  1365. 	price_id,

  1366. 	current_period_end,

  1367. 	current_period_start,

  1368. 	client_secret,

  1369. 	payment_status

  1370. 	FROM subscription WHERE user_id = ?

  1371. 	`

  1372. 	row := db.QueryRow(query, user.Id)

  1373. 

  1374. 	err = row.Scan(

  1375. 		&user.Sub.Id,

  1376. 		&user.Sub.StripeId,

  1377. 		&user.Sub.UserId,

  1378. 		&user.Sub.CustomerId,

  1379. 		&user.Sub.PriceId,

  1380. 		&user.Sub.End,

  1381. 		&user.Sub.Start,

  1382. 		&user.Sub.ClientSecret,

  1383. 		&user.Sub.PaymentStatus,

  1384. 	)

  1385. 

  1386. 	return err

  1387. }

  1388. 

  1389. func (estimate *Estimate) insertResults(db *sql.DB) error {

  1390. 	var query string

  1391. 	var row *sql.Row

  1392. 	var err error

  1393. 	var id int

  1394. 

  1395. 	query = `INSERT INTO estimate_result

  1396. 	(

  1397. 		loan_id,

  1398. 		loan_payment,

  1399. 		total_monthly,

  1400. 		total_fees,

  1401. 		total_credits,

  1402. 		cash_to_close

  1403. 	)

  1404. 	VALUES (?, ?, ?, ?, ?, ?)

  1405. 	RETURNING id

  1406. 	`

  1407. 	for i := range estimate.Loans {

  1408. 		r := estimate.Loans[i].Result

  1409. 		r.LoanId = estimate.Loans[i].Id

  1410. 

  1411. 		row = db.QueryRow(query,

  1412. 			r.LoanId,

  1413. 			r.LoanPayment,

  1414. 			r.TotalMonthly,

  1415. 			r.TotalFees,

  1416. 			r.TotalCredits,

  1417. 			r.CashToClose,

  1418. 		)

  1419. 		err = row.Scan(&id)

  1420. 		if err != nil {

  1421. 			return err

  1422. 		}

  1423. 		r.Id = id

  1424. 	}

  1425. 

  1426. 	return nil

  1427. }

  1428. 

  1429. // Insert user returning it's ID or any error

  1430. func insertUser(db *sql.DB, user User) (int, error) {

  1431. 	var query string

  1432. 	var row *sql.Row

  1433. 	var err error

  1434. 	var id int // Inserted user's id

  1435. 

  1436. 	user.Address.Id, err = insertAddress(db, user.Address)

  1437. 	if err != nil {

  1438. 		return 0, err

  1439. 	}

  1440. 

  1441. 	query = `INSERT INTO user

  1442. 	(

  1443. 		email,

  1444. 		first_name,

  1445. 		last_name,

  1446. 		password,

  1447. 		role,

  1448. 		title,

  1449. 		status,

  1450. 		verified,

  1451. 		address,

  1452. 		country,

  1453. 		branch_id,

  1454. 		phone,

  1455. 		created,

  1456. 		last_login

  1457. 	)

  1458. 	VALUES (?, ?, ?, sha2(?, 256), ?, ?, ?, ?, ?, ?,

  1459. 	CASE @b := ? WHEN 0 THEN NULL ELSE @b END,

  1460. 	?, NOW(), NOW())

  1461. 	RETURNING id 

  1462. 	`

  1463. 

  1464. 	row = db.QueryRow(query,

  1465. 		user.Email,

  1466. 		user.FirstName,

  1467. 		user.LastName,

  1468. 		user.Password,

  1469. 		user.Role,

  1470. 		user.Title,

  1471. 		user.Status,

  1472. 		user.Verified,

  1473. 		user.Address.Id,

  1474. 		user.Country,

  1475. 		user.Branch.Id,

  1476. 		user.Phone,

  1477. 	)

  1478. 

  1479. 	err = row.Scan(&id)

  1480. 	if err != nil {

  1481. 		return 0, err

  1482. 	}

  1483. 

  1484. 	user.Id = id

  1485. 

  1486. 	return id, nil

  1487. }

  1488. 

  1489. // Insert user returning it's ID or any error

  1490. func (sub *Subscription) insertSub(db *sql.DB) (error) {

  1491. 	var query string

  1492. 	var row *sql.Row

  1493. 	var err error

  1494. 

  1495. 	query = `INSERT INTO subscription

  1496. 	(

  1497. 		stripe_id,

  1498. 		user_id,

  1499. 		customer_id,

  1500. 		price_id,

  1501. 		current_period_end,

  1502. 		current_period_start,

  1503. 		client_secret,

  1504. 		payment_status,

  1505. 		status

  1506. 	)

  1507. 	VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)

  1508. 	RETURNING id

  1509. 	`

  1510. 	

  1511. 	row = db.QueryRow(query,

  1512. 		sub.StripeId,

  1513. 		sub.UserId,

  1514. 		sub.CustomerId,

  1515. 		sub.PriceId,

  1516. 		sub.End,

  1517. 		sub.Start,

  1518. 		sub.ClientSecret,

  1519. 		sub.PaymentStatus,

  1520. 		sub.Status,

  1521. 	)

  1522. 

  1523. 	err = row.Scan(&sub.Id)

  1524. 	return err

  1525. }

  1526. 

  1527. func (sub *Subscription) updateSub(db *sql.DB) error {

  1528. 	var query string

  1529. 	var err error

  1530. 

  1531. 	query = `UPDATE subscription

  1532. 	SET client_secret = CASE @a := ? WHEN '' THEN client_secret ELSE @a END,

  1533. 		current_period_end = CASE

  1534. 		@b := ? WHEN 0 THEN current_period_end ELSE @b END,

  1535. 		current_period_start = CASE

  1536. 		@c := ? WHEN 0 THEN current_period_start ELSE @c END,

  1537. 		payment_status = CASE @d := ? WHEN '' THEN client_secret ELSE @d END,

  1538. 		status = CASE @e := ? WHEN '' THEN client_secret ELSE @e END

  1539. 	WHERE id = ?

  1540. 	`

  1541. 	

  1542. 	_, err = db.Exec(query,

  1543. 		sub.ClientSecret,

  1544. 		sub.End,

  1545. 		sub.Start,

  1546. 		sub.PaymentStatus,

  1547. 		sub.Status,

  1548. 		sub.Id,

  1549. 	)

  1550. 	if err != nil { return err }

  1551. 

  1552. 	return err

  1553. }

  1554. 

  1555. 

  1556. // Updates a user's stripe customer ID.

  1557. func (user *User) updateCustomerId(db *sql.DB, cid string) (error) {

  1558. 	var query string

  1559. 	var err error

  1560. 

  1561. 	query = `UPDATE user SET

  1562. 	customer_id = ?

  1563. 	WHERE id = ?

  1564. 	`

  1565. 	_, err = db.Exec(query,

  1566. 		cid,

  1567. 		user.Id,

  1568. 	)

  1569. 	if err != nil { return err }

  1570. 	

  1571. 	user.CustomerId = cid

  1572. 

  1573. 	return nil

  1574. }

  1575. 

  1576. func updateAddress(address Address, db *sql.DB) error {

  1577. 	query := `

  1578. 	UPDATE address

  1579. 	SET

  1580. 	full_address = CASE @e := ? WHEN '' THEN full_address ELSE @e END,

  1581. 	street = CASE @fn := ? WHEN '' THEN street ELSE @fn END,

  1582. 	city = CASE @ln := ? WHEN '' THEN city ELSE @ln END,

  1583. 	region = CASE @r := ? WHEN '' THEN region ELSE @r END,

  1584. 	country = CASE @r := ? WHEN '' THEN country ELSE @r END,

  1585. 	zip = CASE @r := ? WHEN '' THEN zip ELSE @r END

  1586. 	WHERE id = ?

  1587. 	`

  1588. 

  1589. 	_, err := db.Exec(query,

  1590. 		address.Full,

  1591. 		address.Street,

  1592. 		address.City,

  1593. 		address.Region,

  1594. 		address.Country,

  1595. 		address.Zip,

  1596. 		address.Id,

  1597. 	)

  1598. 

  1599. 	return err

  1600. }

  1601. 

  1602. func (user *User) update(db *sql.DB) error {

  1603. 	query := `

  1604. 	UPDATE user

  1605. 	SET

  1606. 	email = CASE @e := ? WHEN '' THEN email ELSE @e END,

  1607. 	first_name = CASE @fn := ? WHEN '' THEN first_name ELSE @fn END,

  1608. 	last_name = CASE @ln := ? WHEN '' THEN last_name ELSE @ln END,

  1609. 	role = CASE @r := ? WHEN '' THEN role ELSE @r END,

  1610. 	password = CASE @p := ? WHEN '' THEN password ELSE sha2(@p, 256) END

  1611. 	WHERE id = ?

  1612. 	`

  1613. 

  1614. 	_, err := db.Exec(query,

  1615. 		user.Email,

  1616. 		user.FirstName,

  1617. 		user.LastName,

  1618. 		user.Role,

  1619. 		user.Password,

  1620. 		user.Id,

  1621. 	)

  1622. 

  1623. 	return err

  1624. }

  1625. 

  1626. func getUser(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  1627. 	claims, err := getClaims(r)

  1628. 	if err != nil {

  1629. 		w.WriteHeader(500)

  1630. 		return

  1631. 	}

  1632. 	

  1633. 	user, err := queryUser(db, claims.Id)

  1634. 	if err != nil {

  1635. 		w.WriteHeader(422)

  1636. 		log.Println(err)

  1637. 		return

  1638. 	}

  1639. 	

  1640. 	json.NewEncoder(w).Encode(user)

  1641. }

  1642. 

  1643. func getUsers(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  1644. 	users, err := queryUsers(db, 0)

  1645. 	if err != nil {

  1646. 		w.WriteHeader(http.StatusInternalServerError)

  1647. 		return

  1648. 	}

  1649. 

  1650. 	json.NewEncoder(w).Encode(users)

  1651. }

  1652. 

  1653. // Updates a user using only specified values in the JSON body

  1654. func setUser(user User, db *sql.DB) error {

  1655. 	_, err := mail.ParseAddress(user.Email)

  1656. 	if err != nil {

  1657. 		return err

  1658. 	}

  1659. 

  1660. 	if roles[user.Role] == 0 {

  1661. 		return errors.New("Invalid role")

  1662. 	}

  1663. 

  1664. 	err = user.update(db)

  1665. 	if err != nil {

  1666. 		return err

  1667. 	}

  1668. 	err = updateAddress(user.Address, db)

  1669. 	if err != nil {

  1670. 		return err

  1671. 	}

  1672. 

  1673. 	return nil

  1674. }

  1675. 

  1676. func patchUser(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  1677. 	var user User

  1678. 	err := json.NewDecoder(r.Body).Decode(&user)

  1679. 	if err != nil {

  1680. 		http.Error(w, "Invalid fields", 422)

  1681. 		return

  1682. 	}

  1683. 

  1684. 	err = setUser(user, db)

  1685. 	if err != nil {

  1686. 		http.Error(w, err.Error(), 422)

  1687. 		return

  1688. 	}

  1689. }

  1690. 

  1691. // Update specified fields of the user specified in the claim

  1692. func patchSelf(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  1693. 	claim, err := getClaims(r)

  1694. 	var user User

  1695. 	json.NewDecoder(r.Body).Decode(&user)

  1696. 

  1697. 	// First check that the target user to be updated is the same as the claim id, and

  1698. 	// their role is unchanged.

  1699. 	if err != nil || claim.Id != user.Id {

  1700. 		http.Error(w, "Target user's id does not match claim.", 401)

  1701. 		return

  1702. 	}

  1703. 

  1704. 	if claim.Role != user.Role && user.Role != "" {

  1705. 		http.Error(w, "Administrator required to escalate role.", 401)

  1706. 		return

  1707. 	}

  1708. 

  1709. 	err = setUser(user, db)

  1710. 	if err != nil {

  1711. 		http.Error(w, err.Error(), 422)

  1712. 		return

  1713. 	}

  1714. }

  1715. 

  1716. func deleteUser(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  1717. 	var user User

  1718. 	err := json.NewDecoder(r.Body).Decode(&user)

  1719. 	if err != nil {

  1720. 		http.Error(w, "Invalid fields.", 422)

  1721. 		return

  1722. 	}

  1723. 

  1724. 	query := `DELETE FROM user WHERE id = ?`

  1725. 	_, err = db.Exec(query, user.Id)

  1726. 

  1727. 	if err != nil {

  1728. 		http.Error(w, "Could not delete.", 500)

  1729. 	}

  1730. }

  1731. 

  1732. // Checks if a user's entries are reasonable before database insertion.

  1733. // This function is very important because it is the only thing preventing

  1734. // anyone from creating an admin user. These error messages are displayed to

  1735. // the user.

  1736. func (user *User) validate() error {

  1737. 	_, err := mail.ParseAddress(user.Email)

  1738. 	if err != nil {

  1739. 		return errors.New("Invalid email.")

  1740. 	}

  1741. 

  1742. 	if roles[user.Role] == 0 {

  1743. 		return errors.New("Invalid role.")

  1744. 	}

  1745. 

  1746. 	if roles[user.Role] == roles["Admin"] {

  1747. 		return errors.New("New user cannot be an Admin.")

  1748. 	}

  1749. 

  1750. 	if user.FirstName == "" {

  1751. 		return errors.New("Given name cannot be empty.")

  1752. 	}

  1753. 

  1754. 	if user.LastName == "" {

  1755. 		return errors.New("Surname cannot be empty.")

  1756. 	}

  1757. 

  1758. 	if user.Password == "" {

  1759. 		return errors.New("Empty password")

  1760. 	}

  1761. 

  1762. 	return nil

  1763. }

  1764. 

  1765. func createUser(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  1766. 	var user User

  1767. 	err := json.NewDecoder(r.Body).Decode(&user)

  1768. 	if err != nil {

  1769. 		http.Error(w, "Invalid fields.", 422)

  1770. 		return

  1771. 	}

  1772. 

  1773. 	user.Role = "User"

  1774. 	user.Status = "Trial"

  1775. 	err = user.validate()

  1776. 	if err != nil {

  1777. 		http.Error(w, err.Error(), 422)

  1778. 		return

  1779. 	}

  1780. 

  1781. 	user.Id, err = insertUser(db, user)

  1782. 	if err != nil {

  1783. 		http.Error(w, err.Error(), 422)

  1784. 		return

  1785. 	}

  1786. 	

  1787. 	err = setTokenCookie(user.Id, user.Role, w)

  1788. 	if err != nil {

  1789. 		http.Error(w, err.Error(), 500)

  1790. 		return

  1791. 	}

  1792. 

  1793. 	json.NewEncoder(w).Encode(user)

  1794. }

  1795. 

  1796. func checkPassword(db *sql.DB, id int, pass string) bool {

  1797. 	var p string

  1798. 	query := `SELECT

  1799. 	password

  1800. 	FROM user WHERE user.id = ? AND password = sha2(?, 256)

  1801. 	`

  1802. 	row := db.QueryRow(query, id, pass)

  1803. 	err := row.Scan(&p)

  1804. 	if err != nil {

  1805. 		return false

  1806. 	}

  1807. 

  1808. 	return true

  1809. }

  1810. 

  1811. func setPassword(db *sql.DB, id int, pass string) error {

  1812. 	query := `UPDATE user

  1813. 	SET password = sha2(?, 256)

  1814. 	WHERE user.id = ?

  1815. 	`

  1816. 	_, err := db.Exec(query, pass, id)

  1817. 	if err != nil {

  1818. 		return errors.New("Could not insert password.")

  1819. 	}

  1820. 

  1821. 	return nil

  1822. }

  1823. 

  1824. func changePassword(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  1825. 	var pass Password

  1826. 	claim, err := getClaims(r)

  1827. 	err = json.NewDecoder(r.Body).Decode(&pass)

  1828. 	if err != nil {

  1829. 		http.Error(w, "Bad fields.", 422)

  1830. 		return

  1831. 	}

  1832. 

  1833. 	if checkPassword(db, claim.Id, pass.Old) {

  1834. 		err = setPassword(db, claim.Id, pass.New)

  1835. 	} else {

  1836. 		http.Error(w, "Incorrect old password.", 401)

  1837. 		return

  1838. 	}

  1839. 

  1840. 	if err != nil {

  1841. 		http.Error(w, err.Error(), 500)

  1842. 		return

  1843. 	}

  1844. }

  1845. 

  1846. func fetchAvatar(db *sql.DB, user int) ([]byte, error) {

  1847. 	var img []byte

  1848. 	var query string

  1849. 	var err error

  1850. 

  1851. 	query = `SELECT

  1852. 	avatar

  1853. 	FROM user WHERE user.id = ?

  1854. 	`

  1855. 	row := db.QueryRow(query, user)

  1856. 	err = row.Scan(&img)

  1857. 

  1858. 	if err != nil {

  1859. 		return img, err

  1860. 	}

  1861. 

  1862. 	return img, nil

  1863. }

  1864. 

  1865. func insertAvatar(db *sql.DB, user int, img []byte) error {

  1866. 	query := `UPDATE user

  1867. 	SET avatar = ?

  1868. 	WHERE id = ?

  1869. 	`

  1870. 	_, err := db.Exec(query, img, user)

  1871. 	if err != nil {

  1872. 		return err

  1873. 	}

  1874. 

  1875. 	return nil

  1876. }

  1877. 

  1878. func fetchLetterhead(db *sql.DB, user int) ([]byte, error) {

  1879. 	var img []byte

  1880. 	var query string

  1881. 	var err error

  1882. 

  1883. 	query = `SELECT

  1884. 	letterhead

  1885. 	FROM user WHERE user.id = ?

  1886. 	`

  1887. 	row := db.QueryRow(query, user)

  1888. 	err = row.Scan(&img)

  1889. 

  1890. 	if err != nil {

  1891. 		return img, err

  1892. 	}

  1893. 

  1894. 	return img, nil

  1895. }

  1896. 

  1897. func insertLetterhead(db *sql.DB, user int, img []byte) error {

  1898. 	query := `UPDATE user

  1899. 	SET letterhead = ?

  1900. 	WHERE id = ?

  1901. 	`

  1902. 	_, err := db.Exec(query, img, user)

  1903. 	if err != nil {

  1904. 		return err

  1905. 	}

  1906. 

  1907. 	return nil

  1908. }

  1909. 

  1910. func setAvatar(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  1911. 	var validTypes []string = []string{"image/png", "image/jpeg"}

  1912. 	var isValidType bool

  1913. 

  1914. 	claims, err := getClaims(r)

  1915. 	if err != nil {

  1916. 		http.Error(w, "Invalid token.", 422)

  1917. 		return

  1918. 	}

  1919. 	img, err := io.ReadAll(r.Body)

  1920. 	if err != nil {

  1921. 		http.Error(w, "Invalid file.", 422)

  1922. 		return

  1923. 	}

  1924. 	for _, v := range validTypes {

  1925. 		if v == http.DetectContentType(img) {

  1926. 			isValidType = true

  1927. 		}

  1928. 	}

  1929. 	if !isValidType {

  1930. 		http.Error(w, "Invalid file type.", 422)

  1931. 		return

  1932. 	}

  1933. 

  1934. 	err = insertAvatar(db, claims.Id, img)

  1935. 	if err != nil {

  1936. 		http.Error(w, "Could not insert.", 500)

  1937. 		return

  1938. 	}

  1939. }

  1940. 

  1941. func getAvatar(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  1942. 	claims, err := getClaims(r)

  1943. 	if err != nil {

  1944. 		http.Error(w, "Invalid token.", 422)

  1945. 		return

  1946. 	}

  1947. 	img, err := fetchAvatar(db, claims.Id)

  1948. 	if err != nil {

  1949. 		http.Error(w, "Could not retrieve.", 500)

  1950. 		return

  1951. 	}

  1952. 

  1953. 	w.Header().Set("Content-Type", http.DetectContentType(img))

  1954. 	w.Write(img)

  1955. }

  1956. 

  1957. func setLetterhead(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  1958. 	var validTypes []string = []string{"image/png", "image/jpeg"}

  1959. 	var isValidType bool

  1960. 

  1961. 	claims, err := getClaims(r)

  1962. 	if err != nil {

  1963. 		http.Error(w, "Invalid token.", 422)

  1964. 		return

  1965. 	}

  1966. 	img, err := io.ReadAll(r.Body)

  1967. 	if err != nil {

  1968. 		http.Error(w, "Invalid file.", 422)

  1969. 		return

  1970. 	}

  1971. 	for _, v := range validTypes {

  1972. 		if v == http.DetectContentType(img) {

  1973. 			isValidType = true

  1974. 		}

  1975. 	}

  1976. 	if !isValidType {

  1977. 		http.Error(w, "Invalid file type.", 422)

  1978. 		return

  1979. 	}

  1980. 

  1981. 	err = insertLetterhead(db, claims.Id, img)

  1982. 	if err != nil {

  1983. 		http.Error(w, "Could not insert.", 500)

  1984. 		return

  1985. 	}

  1986. }

  1987. 

  1988. func getLetterhead(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  1989. 	claims, err := getClaims(r)

  1990. 	if err != nil {

  1991. 		http.Error(w, "Invalid token.", 422)

  1992. 		return

  1993. 	}

  1994. 	img, err := fetchLetterhead(db, claims.Id)

  1995. 	if err != nil {

  1996. 		http.Error(w, "Could not retrieve.", 500)

  1997. 		return

  1998. 	}

  1999. 

  2000. 	w.Header().Set("Content-Type", http.DetectContentType(img))

  2001. 	w.Write(img)

  2002. }

  2003. 

  2004. func queryBorrower(db *sql.DB, id int) (Borrower, error) {

  2005. 	var borrower Borrower

  2006. 	var query string

  2007. 	var err error

  2008. 

  2009. 	query = `SELECT

  2010. 	l.id,

  2011. 	l.credit_score,

  2012. 	l.num,

  2013. 	l.monthly_income

  2014. 	FROM borrower l WHERE l.id = ?

  2015. 	`

  2016. 	row := db.QueryRow(query, id)

  2017. 	err = row.Scan(

  2018. 		borrower.Id,

  2019. 		borrower.Credit,

  2020. 		borrower.Num,

  2021. 		borrower.Income,

  2022. 	)

  2023. 

  2024. 	if err != nil {

  2025. 		return borrower, err

  2026. 	}

  2027. 

  2028. 	return borrower, nil

  2029. }

  2030. 

  2031. // Must have an estimate ID 'e', but not necessarily a loan id 'id'

  2032. func getResults(db *sql.DB, e int, id int) ([]Result, error) {

  2033. 	var results []Result

  2034. 	var query string

  2035. 	var rows *sql.Rows

  2036. 	var err error

  2037. 

  2038. 	query = `SELECT

  2039. 	r.id,

  2040. 	loan_id,

  2041. 	loan_payment,

  2042. 	total_monthly,

  2043. 	total_fees,

  2044. 	total_credits,

  2045. 	cash_to_close

  2046. 	FROM estimate_result r

  2047. 	INNER JOIN loan

  2048. 	ON r.loan_id = loan.id

  2049. 	WHERE r.id = CASE @e := ? WHEN 0 THEN r.id ELSE @e END

  2050. 	AND loan.estimate_id = ?

  2051. 	`

  2052. 	rows, err = db.Query(query, id, e)

  2053. 

  2054. 	if err != nil {

  2055. 		return results, err

  2056. 	}

  2057. 

  2058. 	defer rows.Close()

  2059. 

  2060. 	for rows.Next() {

  2061. 		var result Result

  2062. 

  2063. 		if err := rows.Scan(

  2064. 			&result.Id,

  2065. 			&result.LoanId,

  2066. 			&result.LoanPayment,

  2067. 			&result.TotalMonthly,

  2068. 			&result.TotalFees,

  2069. 			&result.TotalCredits,

  2070. 			&result.CashToClose,

  2071. 		); err != nil {

  2072. 			return results, err

  2073. 		}

  2074. 

  2075. 		results = append(results, result)

  2076. 	}

  2077. 

  2078. 	// Prevents runtime panics

  2079. 	// if len(results) == 0 { return results, errors.New("Result not found.") }

  2080. 

  2081. 	return results, nil

  2082. }

  2083. 

  2084. // Retrieve an estimate result with a specified loan id

  2085. func getResult(db *sql.DB, loan int) (Result, error) {

  2086. 	var result Result

  2087. 	var query string

  2088. 	var err error

  2089. 

  2090. 	query = `SELECT

  2091. 	r.id,

  2092. 	loan_id,

  2093. 	loan_payment,

  2094. 	total_monthly,

  2095. 	total_fees,

  2096. 	total_credits,

  2097. 	cash_to_close

  2098. 	FROM estimate_result r

  2099. 	INNER JOIN loan

  2100. 	ON r.loan_id = loan.id

  2101. 	WHERE loan.Id = ?

  2102. 	`

  2103. 	row := db.QueryRow(query, loan)

  2104. 

  2105. 	err = row.Scan(

  2106. 		&result.Id,

  2107. 		&result.LoanId,

  2108. 		&result.LoanPayment,

  2109. 		&result.TotalMonthly,

  2110. 		&result.TotalFees,

  2111. 		&result.TotalCredits,

  2112. 		&result.CashToClose,

  2113. 	)

  2114. 

  2115. 	if err != nil {

  2116. 		return result, err

  2117. 	}

  2118. 

  2119. 	return result, nil

  2120. }

  2121. 

  2122. // Must have an estimate ID 'e', but not necessarily a loan id 'id'

  2123. func getLoans(db *sql.DB, e int, id int) ([]Loan, error) {

  2124. 	var loans []Loan

  2125. 	var query string

  2126. 	var rows *sql.Rows

  2127. 	var err error

  2128. 

  2129. 	query = `SELECT

  2130. 	l.id,

  2131. 	l.type_id,

  2132. 	l.estimate_id,

  2133. 	l.amount,

  2134. 	l.term,

  2135. 	l.interest,

  2136. 	l.ltv,

  2137. 	l.dti,

  2138. 	l.hoi,

  2139. 	l.tax,

  2140. 	l.name

  2141. 	FROM loan l WHERE l.id = CASE @e := ? WHEN 0 THEN l.id ELSE @e END AND

  2142. 	l.estimate_id = ?

  2143. 	`

  2144. 	rows, err = db.Query(query, id, e)

  2145. 

  2146. 	if err != nil {

  2147. 		return loans, err

  2148. 	}

  2149. 

  2150. 	defer rows.Close()

  2151. 

  2152. 	for rows.Next() {

  2153. 		var loan Loan

  2154. 

  2155. 		if err := rows.Scan(

  2156. 			&loan.Id,

  2157. 			&loan.Type.Id,

  2158. 			&loan.EstimateId,

  2159. 			&loan.Amount,

  2160. 			&loan.Term,

  2161. 			&loan.Interest,

  2162. 			&loan.Ltv,

  2163. 			&loan.Dti,

  2164. 			&loan.Hoi,

  2165. 			&loan.Tax,

  2166. 			&loan.Name,

  2167. 		); err != nil {

  2168. 			return loans, err

  2169. 		}

  2170. 

  2171. 		mi, err := getMi(db, loan.Id)

  2172. 		if err != nil {

  2173. 			return loans, err

  2174. 		}

  2175. 		loan.Mi = mi

  2176. 		fees, err := getFees(db, loan.Id)

  2177. 		if err != nil {

  2178. 			return loans, err

  2179. 		}

  2180. 		loan.Fees = fees

  2181. 

  2182. 		loan.Result, err = getResult(db, loan.Id)

  2183. 		if err != nil {

  2184. 			return loans, err

  2185. 		}

  2186. 

  2187. 		loan.Type, err = getLoanType(db, loan.Type.Id)

  2188. 		if err != nil {

  2189. 			return loans, err

  2190. 		}

  2191. 

  2192. 		loans = append(loans, loan)

  2193. 	}

  2194. 

  2195. 	// Prevents runtime panics

  2196. 	if len(loans) == 0 {

  2197. 		return loans, errors.New("Loan not found.")

  2198. 	}

  2199. 

  2200. 	return loans, nil

  2201. }

  2202. 

  2203. func getEstimate(db *sql.DB, id int) (Estimate, error) {

  2204. 	estimates, err := getEstimates(db, id, 0)

  2205. 

  2206. 	if err != nil {

  2207. 		return Estimate{}, err

  2208. 	}

  2209. 

  2210. 	return estimates[0], nil

  2211. }

  2212. 

  2213. func getEstimates(db *sql.DB, id int, user int) ([]Estimate, error) {

  2214. 	var estimates []Estimate

  2215. 	var query string

  2216. 	var rows *sql.Rows

  2217. 	var err error

  2218. 

  2219. 	query = `SELECT

  2220. 	id,

  2221. 	user_id,

  2222. 	transaction,

  2223. 	price,

  2224. 	property,

  2225. 	occupancy,

  2226. 	zip,

  2227. 	pud

  2228. 	FROM estimate WHERE id = CASE @e := ? WHEN 0 THEN id ELSE @e END AND

  2229. 	user_id = CASE @e := ? WHEN 0 THEN user_id ELSE @e END

  2230. 	`

  2231. 	rows, err = db.Query(query, id, user)

  2232. 

  2233. 	if err != nil {

  2234. 		return estimates, err

  2235. 	}

  2236. 

  2237. 	defer rows.Close()

  2238. 

  2239. 	for rows.Next() {

  2240. 		var estimate Estimate

  2241. 

  2242. 		if err := rows.Scan(

  2243. 			&estimate.Id,

  2244. 			&estimate.User,

  2245. 			&estimate.Transaction,

  2246. 			&estimate.Price,

  2247. 			&estimate.Property,

  2248. 			&estimate.Occupancy,

  2249. 			&estimate.Zip,

  2250. 			&estimate.Pud,

  2251. 		); err != nil {

  2252. 			return estimates, err

  2253. 		}

  2254. 

  2255. 		err := estimate.getBorrower(db)

  2256. 		if err != nil {

  2257. 			return estimates, err

  2258. 		}

  2259. 		estimates = append(estimates, estimate)

  2260. 	}

  2261. 

  2262. 	// Prevents runtime panics

  2263. 	if len(estimates) == 0 {

  2264. 		return estimates, errors.New("Estimate not found.")

  2265. 	}

  2266. 

  2267. 	for i := range estimates {

  2268. 		estimates[i].Loans, err = getLoans(db, estimates[i].Id, 0)

  2269. 		if err != nil {

  2270. 			return estimates, err

  2271. 		}

  2272. 	}

  2273. 

  2274. 	return estimates, nil

  2275. }

  2276. 

  2277. func queryETemplates(db *sql.DB, id int, user int) ([]ETemplate, error) {

  2278. 	var eTemplates []ETemplate

  2279. 	var query string

  2280. 	var rows *sql.Rows

  2281. 	var err error

  2282. 

  2283. 	query = `SELECT

  2284. 	id,

  2285. 	estimate_id,

  2286. 	user_id,

  2287. 	branch_id

  2288. 	FROM estimate_template WHERE id = CASE @e := ? WHEN 0 THEN id ELSE @e END AND

  2289. 	user_id = CASE @e := ? WHEN 0 THEN user_id ELSE @e END

  2290. 	`

  2291. 	rows, err = db.Query(query, id, user)

  2292. 

  2293. 	if err != nil {

  2294. 		return eTemplates, err

  2295. 	}

  2296. 

  2297. 	defer rows.Close()

  2298. 

  2299. 	for rows.Next() {

  2300. 		var e ETemplate

  2301. 

  2302. 		if err := rows.Scan(

  2303. 			&e.Id,

  2304. 			&e.Estimate.Id,

  2305. 			&e.UserId,

  2306. 			&e.BranchId,

  2307. 		); err != nil {

  2308. 			return eTemplates, err

  2309. 		}

  2310. 

  2311. 		e.Estimate, err = getEstimate(db, e.Estimate.Id)

  2312. 		if err != nil {

  2313. 			return eTemplates, err

  2314. 		}

  2315. 

  2316. 		eTemplates = append(eTemplates, e)

  2317. 	}

  2318. 

  2319. 	return eTemplates, nil

  2320. }

  2321. 

  2322. // Accepts a borrower struct and returns the id of the inserted borrower and

  2323. // any related error.

  2324. func (estimate *Estimate) insertETemplate(db *sql.DB, user int, branch int) error {

  2325. 	var query string

  2326. 	var err error

  2327. 

  2328. 	query = `INSERT INTO estimate_template

  2329. 	(

  2330. 		estimate_id,

  2331. 		user_id,

  2332. 		branch_id

  2333. 	)

  2334. 	VALUES (?, ?, ?)

  2335. 	`

  2336. 	_, err = db.Exec(query,

  2337. 		estimate.Id,

  2338. 		user,

  2339. 		branch,

  2340. 	)

  2341. 	if err != nil {

  2342. 		return err

  2343. 	}

  2344. 

  2345. 	return nil

  2346. }

  2347. 

  2348. // Accepts a borrower struct and returns the id of the inserted borrower and

  2349. // any related error.

  2350. func (estimate *Estimate) insertBorrower(db *sql.DB) error {

  2351. 	var query string

  2352. 	var row *sql.Row

  2353. 	var err error

  2354. 

  2355. 	query = `INSERT INTO borrower

  2356. 	(

  2357. 		estimate_id,

  2358. 		credit_score,

  2359. 		monthly_income,

  2360. 		num

  2361. 	)

  2362. 	VALUES (?, ?, ?, ?)

  2363. 	RETURNING id

  2364. 	`

  2365. 	row = db.QueryRow(query,

  2366. 		estimate.Id,

  2367. 		estimate.Borrower.Credit,

  2368. 		estimate.Borrower.Income,

  2369. 		estimate.Borrower.Num,

  2370. 	)

  2371. 

  2372. 	err = row.Scan(&estimate.Borrower.Id)

  2373. 	if err != nil {

  2374. 		return err

  2375. 	}

  2376. 

  2377. 	return nil

  2378. }

  2379. 

  2380. func insertMi(db *sql.DB, mi MI) (int, error) {

  2381. 	var id int

  2382. 

  2383. 	query := `INSERT INTO mi 

  2384. 		(

  2385. 			type,

  2386. 			label,

  2387. 			lender,

  2388. 			rate,

  2389. 			premium,

  2390. 			upfront,

  2391. 			five_year_total,

  2392. 			initial_premium,

  2393. 			initial_rate,

  2394. 			initial_amount

  2395. 		)

  2396. 		VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)

  2397. 		RETURNING id`

  2398. 

  2399. 	row := db.QueryRow(query,

  2400. 		&mi.Type,

  2401. 		&mi.Label,

  2402. 		&mi.Lender,

  2403. 		&mi.Rate,

  2404. 		&mi.Premium,

  2405. 		&mi.Upfront,

  2406. 		&mi.FiveYearTotal,

  2407. 		&mi.InitialAllInPremium,

  2408. 		&mi.InitialAllInRate,

  2409. 		&mi.InitialAmount,

  2410. 	)

  2411. 

  2412. 	err := row.Scan(&id)

  2413. 	if err != nil {

  2414. 		return 0, err

  2415. 	}

  2416. 

  2417. 	return id, nil

  2418. }

  2419. 

  2420. func insertFee(db *sql.DB, fee Fee) (int, error) {

  2421. 	var id int

  2422. 

  2423. 	query := `INSERT INTO fee 

  2424. 		(loan_id, amount, perc, type, notes, name, category)

  2425. 		VALUES (?, ?, ?, ?, ?, ?, ?)

  2426. 		RETURNING id`

  2427. 

  2428. 	row := db.QueryRow(query,

  2429. 		fee.LoanId,

  2430. 		fee.Amount,

  2431. 		fee.Perc,

  2432. 		fee.Type,

  2433. 		fee.Notes,

  2434. 		fee.Name,

  2435. 		fee.Category,

  2436. 	)

  2437. 

  2438. 	err := row.Scan(&id)

  2439. 	if err != nil {

  2440. 		return 0, err

  2441. 	}

  2442. 

  2443. 	return id, nil

  2444. }

  2445. 

  2446. func insertLoanType(db *sql.DB, lt LoanType) (int, error) {

  2447. 	var id int

  2448. 

  2449. 	query := `INSERT INTO loan_type (branch_id, user_id, name)

  2450. 		VALUES (NULLIF(?, 0), NULLIF(?, 0), ?)

  2451. 		RETURNING id`

  2452. 

  2453. 	row := db.QueryRow(query,

  2454. 		lt.Branch,

  2455. 		lt.User,

  2456. 		lt.Name,

  2457. 	)

  2458. 

  2459. 	err := row.Scan(&id)

  2460. 	if err != nil {

  2461. 		return 0, err

  2462. 	}

  2463. 

  2464. 	return id, nil

  2465. }

  2466. 

  2467. func (loan *Loan) insertLoan(db *sql.DB) error {

  2468. 	var query string

  2469. 	var row *sql.Row

  2470. 	var err error

  2471. 

  2472. 	query = `INSERT INTO loan

  2473. 	(

  2474. 		estimate_id,

  2475. 		type_id,

  2476. 		amount,

  2477. 		term,

  2478. 		interest,

  2479. 		ltv,

  2480. 		dti,

  2481. 		hoi,

  2482. 		tax,

  2483. 		name

  2484. 	)

  2485. 	VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)

  2486. 	RETURNING id

  2487. 	`

  2488. 	row = db.QueryRow(query,

  2489. 		loan.EstimateId,

  2490. 		loan.Type.Id,

  2491. 		loan.Amount,

  2492. 		loan.Term,

  2493. 		loan.Interest,

  2494. 		loan.Ltv,

  2495. 		loan.Dti,

  2496. 		loan.Hoi,

  2497. 		loan.Tax,

  2498. 		loan.Name,

  2499. 	)

  2500. 

  2501. 	err = row.Scan(&loan.Id)

  2502. 	if err != nil {

  2503. 		return err

  2504. 	}

  2505. 	_, err = insertMi(db, loan.Mi)

  2506. 	if err != nil {

  2507. 		return err

  2508. 	}

  2509. 	for i := range loan.Fees {

  2510. 		loan.Fees[i].LoanId = loan.Id

  2511. 		_, err := insertFee(db, loan.Fees[i])

  2512. 		if err != nil {

  2513. 			return err

  2514. 		}

  2515. 	}

  2516. 

  2517. 	return nil

  2518. }

  2519. 

  2520. func (estimate *Estimate) insertEstimate(db *sql.DB) error {

  2521. 	var query string

  2522. 	var row *sql.Row

  2523. 	var err error

  2524. 	// var id int // Inserted estimate's id

  2525. 

  2526. 	query = `INSERT INTO estimate

  2527. 	(

  2528. 		user_id,

  2529. 		transaction,

  2530. 		price,

  2531. 		property,

  2532. 		occupancy,

  2533. 		zip,

  2534. 		pud

  2535. 	)

  2536. 	VALUES (?, ?, ?, ?, ?, ?, ?)

  2537. 	RETURNING id

  2538. 	`

  2539. 	row = db.QueryRow(query,

  2540. 		estimate.User,

  2541. 		estimate.Transaction,

  2542. 		estimate.Price,

  2543. 		estimate.Property,

  2544. 		estimate.Occupancy,

  2545. 		estimate.Zip,

  2546. 		estimate.Pud,

  2547. 	)

  2548. 

  2549. 	err = row.Scan(&estimate.Id)

  2550. 	if err != nil {

  2551. 		return err

  2552. 	}

  2553. 

  2554. 	err = estimate.insertBorrower(db)

  2555. 	if err != nil {

  2556. 		return err

  2557. 	}

  2558. 

  2559. 	for i := range estimate.Loans {

  2560. 		estimate.Loans[i].EstimateId = estimate.Id

  2561. 		err = estimate.Loans[i].insertLoan(db)

  2562. 		if err != nil {

  2563. 			return err

  2564. 		}

  2565. 	}

  2566. 

  2567. 	return nil

  2568. }

  2569. 

  2570. func (estimate *Estimate) del(db *sql.DB, user int) error {

  2571. 	var query string

  2572. 	var err error

  2573. 

  2574. 	query = `DELETE FROM estimate WHERE id = ? AND user_id = ?`

  2575. 

  2576. 	_, err = db.Exec(query, estimate.Id, user)

  2577. 	if err != nil {

  2578. 		return err

  2579. 	}

  2580. 

  2581. 	return nil

  2582. }

  2583. 

  2584. func (et *ETemplate) del(db *sql.DB, user int) error {

  2585. 	var query string

  2586. 	var err error

  2587. 

  2588. 	query = `DELETE FROM estimate_template WHERE id = ? AND user_id = ?`

  2589. 

  2590. 	_, err = db.Exec(query, et.Id, user)

  2591. 	if err != nil {

  2592. 		return err

  2593. 	}

  2594. 

  2595. 	return nil

  2596. }

  2597. 

  2598. func (eTemplate *ETemplate) insert(db *sql.DB) error {

  2599. 	var query string

  2600. 	var row *sql.Row

  2601. 	var err error

  2602. 

  2603. 	query = `INSERT INTO estimate_template

  2604. 	(

  2605. 		user_id,

  2606. 		branch_id,

  2607. 		estimate_id,

  2608. 	)

  2609. 	VALUES (?, ?, ?)

  2610. 	RETURNING id

  2611. 	`

  2612. 	row = db.QueryRow(query,

  2613. 		eTemplate.UserId,

  2614. 		eTemplate.BranchId,

  2615. 		eTemplate.Estimate.Id,

  2616. 	)

  2617. 

  2618. 	err = row.Scan(&eTemplate.Id)

  2619. 	if err != nil {

  2620. 		return err

  2621. 	}

  2622. 

  2623. 	return nil

  2624. }

  2625. 

  2626. func createEstimate(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  2627. 	var estimate Estimate

  2628. 	err := json.NewDecoder(r.Body).Decode(&estimate)

  2629. 	if err != nil {

  2630. 		http.Error(w, "Invalid fields.", 422)

  2631. 		return

  2632. 	}

  2633. 	claims, err := getClaims(r)

  2634. 	estimate.User = claims.Id

  2635. 

  2636. 	err = estimate.insertEstimate(db)

  2637. 	if err != nil {

  2638. 		http.Error(w, err.Error(), 422)

  2639. 		return

  2640. 	}

  2641. 	estimate.makeResults()

  2642. 	err = estimate.insertResults(db)

  2643. 	if err != nil {

  2644. 		http.Error(w, err.Error(), 500)

  2645. 		return

  2646. 	}

  2647. 	e, err := getEstimates(db, estimate.Id, 0)

  2648. 	if err != nil {

  2649. 		http.Error(w, err.Error(), 500)

  2650. 		return

  2651. 	}

  2652. 

  2653. 	json.NewEncoder(w).Encode(e[0])

  2654. }

  2655. 

  2656. // Query all estimates that belong to the current user

  2657. func fetchEstimate(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  2658. 	var estimates []Estimate

  2659. 	claims, err := getClaims(r)

  2660. 

  2661. 	estimates, err = getEstimates(db, 0, claims.Id)

  2662. 	if err != nil {

  2663. 		http.Error(w, err.Error(), 500)

  2664. 		return

  2665. 	}

  2666. 

  2667. 	json.NewEncoder(w).Encode(estimates)

  2668. }

  2669. 

  2670. func checkConventional(l Loan, b Borrower) error {

  2671. 	if b.Credit < 620 {

  2672. 		return errors.New("Credit score too low for conventional loan")

  2673. 	}

  2674. 

  2675. 	// Buyer needs to put down 20% to avoid mortgage insurance

  2676. 	if l.Ltv > 80 && l.Mi.Rate == 0 {

  2677. 		return errors.New(fmt.Sprintln(

  2678. 			l.Name,

  2679. 			"down payment must be 20% to avoid insurance",

  2680. 		))

  2681. 	}

  2682. 

  2683. 	return nil

  2684. }

  2685. 

  2686. func checkFHA(l Loan, b Borrower) error {

  2687. 	if b.Credit < 500 {

  2688. 		return errors.New("Credit score too low for FHA loan")

  2689. 	}

  2690. 

  2691. 	if l.Ltv > 96.5 {

  2692. 		return errors.New("FHA down payment must be at least 3.5%")

  2693. 	}

  2694. 

  2695. 	if b.Credit < 580 && l.Ltv > 90 {

  2696. 		return errors.New("FHA down payment must be at least 10%")

  2697. 	}

  2698. 

  2699. 	// Debt-to-income must be below 45% if credit score is below 580.

  2700. 	if b.Credit < 580 && l.Dti > 45 {

  2701. 		return errors.New(fmt.Sprintln(

  2702. 			l.Name, "debt to income is too high for credit score.",

  2703. 		))

  2704. 	}

  2705. 

  2706. 	return nil

  2707. }

  2708. 

  2709. // Loan option for veterans with no set rules. Mainly placeholder.

  2710. func checkVA(l Loan, b Borrower) error {

  2711. 	return nil

  2712. }

  2713. 

  2714. // Loan option for residents of rural areas with no set rules.

  2715. // Mainly placeholder.

  2716. func checkUSDA(l Loan, b Borrower) error {

  2717. 	return nil

  2718. }

  2719. 

  2720. // Should also check loan amount limit maybe with an API.

  2721. func checkEstimate(e Estimate) error {

  2722. 	if e.Property == "" {

  2723. 		return errors.New("Empty property type")

  2724. 	}

  2725. 	if e.Price == 0 {

  2726. 		return errors.New("Empty property price")

  2727. 	}

  2728. 

  2729. 	if e.Borrower.Num == 0 {

  2730. 		return errors.New("Missing number of borrowers")

  2731. 	}

  2732. 

  2733. 	if e.Borrower.Credit == 0 {

  2734. 		return errors.New("Missing borrower credit score")

  2735. 	}

  2736. 

  2737. 	if e.Borrower.Income == 0 {

  2738. 		return errors.New("Missing borrower credit income")

  2739. 	}

  2740. 

  2741. 	for _, l := range e.Loans {

  2742. 		if l.Amount == 0 {

  2743. 			return errors.New(fmt.Sprintln(l.Name, "loan amount cannot be zero"))

  2744. 		}

  2745. 		if l.Term == 0 {

  2746. 			return errors.New(fmt.Sprintln(l.Name, "loan term cannot be zero"))

  2747. 		}

  2748. 		if l.Interest == 0 {

  2749. 			return errors.New(fmt.Sprintln(l.Name, "loan interest cannot be zero"))

  2750. 		}

  2751. 

  2752. 		// Can be used to check rules for specific loan types

  2753. 		var err error

  2754. 		switch l.Type.Id {

  2755. 		case 1:

  2756. 			err = checkConventional(l, e.Borrower)

  2757. 		case 2:

  2758. 			err = checkFHA(l, e.Borrower)

  2759. 		case 3:

  2760. 			err = checkVA(l, e.Borrower)

  2761. 		case 4:

  2762. 			err = checkUSDA(l, e.Borrower)

  2763. 		default:

  2764. 			err = errors.New("Invalid loan type")

  2765. 		}

  2766. 

  2767. 		if err != nil {

  2768. 			return err

  2769. 		}

  2770. 	}

  2771. 

  2772. 	return nil

  2773. 

  2774. }

  2775. 

  2776. func validateEstimate(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  2777. 	var estimate Estimate

  2778. 	err := json.NewDecoder(r.Body).Decode(&estimate)

  2779. 

  2780. 	if err != nil {

  2781. 		http.Error(w, err.Error(), 422)

  2782. 		return

  2783. 	}

  2784. 

  2785. 	err = checkEstimate(estimate)

  2786. 	if err != nil {

  2787. 		http.Error(w, err.Error(), 406)

  2788. 		return

  2789. 	}

  2790. }

  2791. 

  2792. func checkPdf(w http.ResponseWriter, r *http.Request) {

  2793. 	db, err := sql.Open("mysql",

  2794. 		fmt.Sprintf("%s:%s@tcp(127.0.0.1:3306)/skouter_dev",

  2795. 			os.Getenv("DBUser"),

  2796. 			os.Getenv("DBPass")))

  2797. 

  2798. 	// w.Header().Set("Content-Type", "application/json; charset=UTF-8")

  2799. 	err = db.Ping()

  2800. 	if err != nil {

  2801. 		fmt.Println("Bad database configuration: %v\n", err)

  2802. 		panic(err)

  2803. 		// maybe os.Exit(1) instead

  2804. 	}

  2805. 

  2806. 	estimates, err := getEstimates(db, 1, 0)

  2807. 	if err != nil {

  2808. 		w.WriteHeader(500)

  2809. 		return

  2810. 	}

  2811. 

  2812. 	// claims, err := getClaims(r)

  2813. 	if err != nil {

  2814. 		w.WriteHeader(500)

  2815. 		return

  2816. 	}

  2817. 	user, err := queryUser(db, 1)

  2818. 

  2819. 	info := Report{

  2820. 		Title:    "test PDF",

  2821. 		Name:     "idk-random-name",

  2822. 		User:     user,

  2823. 		Estimate: estimates[0],

  2824. 	}

  2825. 	avatar, err := fetchAvatar(db, info.User.Id)

  2826. 	letterhead, err := fetchLetterhead(db, info.User.Id)

  2827. 	info.Avatar =

  2828. 		base64.StdEncoding.EncodeToString(avatar)

  2829. 	info.Letterhead =

  2830. 		base64.StdEncoding.EncodeToString(letterhead)

  2831. 

  2832. 	for l := range info.Estimate.Loans {

  2833. 		loan := info.Estimate.Loans[l]

  2834. 		for f := range info.Estimate.Loans[l].Fees {

  2835. 			if info.Estimate.Loans[l].Fees[f].Amount < 0 {

  2836. 				loan.Credits = append(loan.Credits, loan.Fees[f])

  2837. 			}

  2838. 		}

  2839. 	}

  2840. 

  2841. 	err = pages["report"].tpl.ExecuteTemplate(w, "master.tpl", info)

  2842. 	if err != nil {

  2843. 		fmt.Println(err)

  2844. 	}

  2845. 

  2846. }

  2847. 

  2848. func getETemplates(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  2849. 	claims, err := getClaims(r)

  2850. 

  2851. 	et, err := queryETemplates(db, 0, claims.Id)

  2852. 	if err != nil {

  2853. 		http.Error(w, err.Error(), 500)

  2854. 		return

  2855. 	}

  2856. 

  2857. 	json.NewEncoder(w).Encode(et)

  2858. }

  2859. 

  2860. func createETemplate(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  2861. 	var estimate Estimate

  2862. 	err := json.NewDecoder(r.Body).Decode(&estimate)

  2863. 

  2864. 	if err != nil {

  2865. 		http.Error(w, err.Error(), 422)

  2866. 		return

  2867. 	}

  2868. 	claims, err := getClaims(r)

  2869. 	if err != nil {

  2870. 		http.Error(w, err.Error(), 422)

  2871. 		return

  2872. 	}

  2873. 

  2874. 	err = estimate.insertETemplate(db, claims.Id, 0)

  2875. 	if err != nil {

  2876. 		http.Error(w, err.Error(), 500)

  2877. 		return

  2878. 	}

  2879. }

  2880. 

  2881. func getPdf(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  2882. 	var estimate Estimate

  2883. 	err := json.NewDecoder(r.Body).Decode(&estimate)

  2884. 	cmd := exec.Command("wkhtmltopdf", "-", "-")

  2885. 

  2886. 	stdout, err := cmd.StdoutPipe()

  2887. 	if err != nil {

  2888. 		w.WriteHeader(500)

  2889. 		log.Println(err)

  2890. 		return

  2891. 	}

  2892. 

  2893. 	stdin, err := cmd.StdinPipe()

  2894. 	if err != nil {

  2895. 		w.WriteHeader(500)

  2896. 		log.Println(err)

  2897. 		return

  2898. 	}

  2899. 

  2900. 	if err := cmd.Start(); err != nil {

  2901. 		log.Fatal(err)

  2902. 	}

  2903. 

  2904. 	claims, err := getClaims(r)

  2905. 	if err != nil {

  2906. 		w.WriteHeader(500)

  2907. 		log.Println(err)

  2908. 		return

  2909. 	}

  2910. 	user, err := queryUser(db, claims.Id)

  2911. 

  2912. 	info := Report{

  2913. 		Title:    "test PDF",

  2914. 		Name:     "idk-random-name",

  2915. 		User:     user,

  2916. 		Estimate: estimate,

  2917. 	}

  2918. 	avatar, err := fetchAvatar(db, info.User.Id)

  2919. 	letterhead, err := fetchLetterhead(db, info.User.Id)

  2920. 

  2921. 	if len(avatar) > 1 {

  2922. 		info.Avatar =

  2923. 			base64.StdEncoding.EncodeToString(avatar)

  2924. 	}

  2925. 

  2926. 	if len(letterhead) > 1 {

  2927. 		info.Letterhead =

  2928. 			base64.StdEncoding.EncodeToString(letterhead)

  2929. 	}

  2930. 

  2931. 	err = pages["report"].tpl.ExecuteTemplate(stdin, "master.tpl", info)

  2932. 	if err != nil {

  2933. 		w.WriteHeader(500)

  2934. 		log.Println(err)

  2935. 		return

  2936. 	}

  2937. 	stdin.Close()

  2938. 

  2939. 	buf, err := io.ReadAll(stdout)

  2940. 

  2941. 	if _, err := w.Write(buf); err != nil {

  2942. 		w.WriteHeader(500)

  2943. 		log.Println(err)

  2944. 		return

  2945. 	}

  2946. 

  2947. 	if err := cmd.Wait(); err != nil {

  2948. 		log.Println(err)

  2949. 		return

  2950. 	}

  2951. 

  2952. }

  2953. 

  2954. func clipLetterhead(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  2955. 	var validTypes []string = []string{"image/png", "image/jpeg"}

  2956. 	var isValidType bool

  2957. 	var err error

  2958. 

  2959. 	// claims, err := getClaims(r)

  2960. 	if err != nil {

  2961. 		http.Error(w, "Invalid token.", 422)

  2962. 		return

  2963. 	}

  2964. 	img, t, err := image.Decode(r.Body)

  2965. 	if err != nil {

  2966. 		http.Error(w, "Invalid file, JPEG and PNG only.", 422)

  2967. 		return

  2968. 	}

  2969. 	for _, v := range validTypes {

  2970. 		if v == "image/"+t {

  2971. 			isValidType = true

  2972. 		}

  2973. 	}

  2974. 	if !isValidType {

  2975. 		http.Error(w, "Invalid file type.", 422)

  2976. 		return

  2977. 	}

  2978. 

  2979. 	g := gift.New(

  2980. 		gift.ResizeToFit(400, 200, gift.LanczosResampling),

  2981. 	)

  2982. 	dst := image.NewRGBA(g.Bounds(img.Bounds()))

  2983. 	g.Draw(dst, img)

  2984. 

  2985. 	w.Header().Set("Content-Type", "image/png")

  2986. 	err = png.Encode(w, dst)

  2987. 	if err != nil {

  2988. 		http.Error(w, "Error encoding.", 500)

  2989. 		return

  2990. 	}

  2991. }

  2992. 

  2993. func createCustomer(name string, email string, address Address) (

  2994. stripe.Customer, error) {

  2995. 

  2996. 	params := &stripe.CustomerParams{

  2997. 		Email: stripe.String(email),

  2998. 		Name: stripe.String(name),

  2999. 		Address: &stripe.AddressParams{

  3000. 			City: stripe.String(address.City),

  3001. 			Country: stripe.String(address.Country),

  3002. 			Line1: stripe.String(address.Street),

  3003. 			PostalCode: stripe.String(address.Zip),

  3004. 			State: stripe.String(address.Region),

  3005. 		},

  3006. 	};

  3007. 	

  3008. 	result, err := customer.New(params)

  3009. 	return *result, err

  3010. }

  3011. 

  3012. // Initiates a new standard subscription using a given customer ID

  3013. func createSubscription(cid string) (*stripe.Subscription, error) {

  3014. 

  3015. 	// Automatically save the payment method to the subscription

  3016.     // when the first payment is successful.

  3017.     paymentSettings := &stripe.SubscriptionPaymentSettingsParams{

  3018. 		    SaveDefaultPaymentMethod: stripe.String("on_subscription"),

  3019.   	}

  3020.   	

  3021.   	// Create the subscription. Note we're expanding the Subscription's

  3022.     // latest invoice and that invoice's payment_intent

  3023.     // so we can pass it to the front end to confirm the payment

  3024.     subscriptionParams := &stripe.SubscriptionParams{

  3025.         Customer: stripe.String(cid),

  3026.         Items: []*stripe.SubscriptionItemsParams{

  3027.             {

  3028.                 Price: stripe.String(standardPriceId),

  3029.             },

  3030.         },

  3031.         PaymentSettings: paymentSettings,

  3032.         PaymentBehavior: stripe.String("default_incomplete"),

  3033.     }

  3034.     subscriptionParams.AddExpand("latest_invoice.payment_intent")

  3035.     s, err := subscription.New(subscriptionParams)

  3036.     

  3037.     return s, err

  3038. }

  3039. 

  3040. // Creates a new subscription instance for a new user or retrieves the

  3041. // existing instance if possible. It's main purpose is to supply a

  3042. // client secret used for sending billing information to stripe.

  3043. func subscribe(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  3044. 	claims, err := getClaims(r)

  3045. 	user, err := queryUser(db, claims.Id)

  3046. 

  3047. 	if err != nil {

  3048. 		w.WriteHeader(422)

  3049. 		return

  3050. 	}

  3051. 	

  3052. 	user.querySub(db)

  3053. 	

  3054. 	var name string = user.FirstName + " " + user.LastName

  3055. 	

  3056. 	if user.CustomerId == "" {

  3057. 		c, err := createCustomer(name, user.Email, user.Address)

  3058. 		if err != nil {

  3059. 			http.Error(w, err.Error(), 500)

  3060. 			return

  3061. 		}

  3062. 	

  3063. 		err = user.updateCustomerId(db, c.ID)

  3064. 		if err != nil {

  3065. 			http.Error(w, err.Error(), 500)

  3066. 			return

  3067. 		}

  3068. 	}

  3069. 

  3070. 	if user.Sub.Id == 0 {

  3071. 		s, err := createSubscription(user.CustomerId)

  3072. 		if err != nil {

  3073. 			http.Error(w, err.Error(), 500)

  3074. 			return

  3075. 		}

  3076. 		

  3077. 		user.Sub.UserId = user.Id

  3078. 		user.Sub.StripeId = s.ID

  3079. 		user.Sub.CustomerId = user.CustomerId

  3080. 		user.Sub.PriceId = standardPriceId

  3081. 		user.Sub.End = int(s.CurrentPeriodEnd)

  3082. 		user.Sub.Start = int(s.CurrentPeriodStart)

  3083. 		user.Sub.ClientSecret = s.LatestInvoice.PaymentIntent.ClientSecret

  3084. 		user.Sub.PaymentStatus = string(s.LatestInvoice.PaymentIntent.Status)

  3085. 		

  3086. 		// Inserting from here is probably unnecessary and confusing because

  3087. 		// new subs are already handled by the stripe hook

  3088. 		err = user.Sub.insertSub(db)

  3089. 		if err != nil {

  3090. 			http.Error(w, err.Error(), 500)

  3091. 			return

  3092. 		}

  3093. 	} else {

  3094. 		// This should handle creating a new subscription when the old one

  3095. 		// has an incomplete_expired status and cannot be paid

  3096. 	}

  3097. 	

  3098. 	json.NewEncoder(w).Encode(user.Sub)

  3099. 	

  3100. }

  3101. 

  3102. // A successful subscription payment should be confirmed by Stripe and

  3103. // Updated through this hook.

  3104. func invoicePaid(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  3105. 	var invoice stripe.Invoice

  3106. 	b, err := io.ReadAll(r.Body)

  3107. 	if err != nil {

  3108. 		http.Error(w, err.Error(), http.StatusBadRequest)

  3109. 		log.Printf("io.ReadAll: %v", err)

  3110. 		return

  3111. 	}

  3112. 	

  3113. 	event, err := webhook.ConstructEvent(b,

  3114. 	r.Header.Get("Stripe-Signature"),

  3115. 	hookKeys.InvoicePaid)

  3116. 	if err != nil {

  3117. 		http.Error(w, err.Error(), http.StatusBadRequest)

  3118. 		log.Printf("webhook.ConstructEvent: %v", err)

  3119. 		return

  3120. 	}

  3121. 	

  3122. 	// OK should be sent before any processing to confirm with Stripe that

  3123. 	// the hook was received

  3124. 	w.WriteHeader(http.StatusOK)

  3125. 	if event.Type != "invoice.paid" {

  3126. 		log.Println("Invalid event type sent to invoice-paid.")

  3127. 		return

  3128. 	}

  3129. 	

  3130. 	json.Unmarshal(event.Data.Raw, &invoice)

  3131. 	log.Println(event.Type, invoice.ID, invoice.Customer.ID)

  3132. 	

  3133. 	user, err := queryCustomer(db, invoice.Customer.ID)

  3134. 	if err != nil {

  3135. 		log.Printf("Could not query customer: %v", err)

  3136. 		return

  3137. 	}

  3138. 	s, err := subscription.Get(invoice.Subscription.ID, nil)

  3139. 	if err != nil {

  3140. 		log.Printf("Could not fetch subscription: %v", err)

  3141. 		return

  3142. 	}

  3143. 	

  3144. 	log.Println(user.Id, s.ID)

  3145. }

  3146. 

  3147. func invoiceFailed(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  3148. 	b, err := io.ReadAll(r.Body)

  3149. 	if err != nil {

  3150. 		http.Error(w, err.Error(), http.StatusBadRequest)

  3151. 		log.Printf("io.ReadAll: %v", err)

  3152. 		return

  3153. 	}

  3154. 	

  3155. 	event, err := webhook.ConstructEvent(b, r.Header.Get("Stripe-Signature"),

  3156. 	os.Getenv("STRIPE_SECRET_KEY"))

  3157. 	if err != nil {

  3158. 		http.Error(w, err.Error(), http.StatusBadRequest)

  3159. 		log.Printf("webhook.ConstructEvent: %v", err)

  3160. 		return

  3161. 	}

  3162. 

  3163. 	log.Println(event.Data)

  3164. }

  3165. 

  3166. // Important for catching subscription creation through Stripe dashboard

  3167. // although it already happens at subscribe(). It checks if the user already

  3168. // has a subscription and replaces those fields if necessary so a seperate

  3169. // subCreated() is not necessary.

  3170. func subUpdated(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  3171. 

  3172. 	var sub stripe.Subscription

  3173. 	b, err := io.ReadAll(r.Body)

  3174. 	if err != nil {

  3175. 		http.Error(w, err.Error(), http.StatusBadRequest)

  3176. 		log.Printf("io.ReadAll: %v", err)

  3177. 		return

  3178. 	}

  3179. 	

  3180. 	event, err := webhook.ConstructEvent(b,

  3181. 	r.Header.Get("Stripe-Signature"),

  3182. 	hookKeys.SubUpdated)

  3183. 	if err != nil {

  3184. 		http.Error(w, err.Error(), http.StatusBadRequest)

  3185. 		log.Printf("webhook.ConstructEvent: %v", err)

  3186. 		return

  3187. 	}

  3188. 	

  3189. 	// OK should be sent before any processing to confirm with Stripe that

  3190. 	// the hook was received

  3191. 	w.WriteHeader(http.StatusOK)

  3192. 	if event.Type != "customer.subscription.created" {

  3193. 		log.Println(

  3194. 		"Invalid event type sent to customer.subscription.created.")

  3195. 		return

  3196. 	}

  3197. 	

  3198. 	json.Unmarshal(event.Data.Raw, &sub)

  3199. 	log.Println(event.Type, sub.ID, sub.Customer.ID)

  3200. 	

  3201. 	user, err := queryCustomer(db, sub.Customer.ID)

  3202. 	if err != nil {

  3203. 		log.Printf("Could not query customer: %v", err)

  3204. 		return

  3205. 	}

  3206. 	

  3207. 	if statuses[user.Status] < 5 && sub.Status == "trialing" {

  3208. 		user.Status = "Trial"

  3209. 		user.update(db)

  3210. 	} else if sub.Status != "active" {

  3211. 		user.Status = "Unsubscribed"

  3212. 		user.update(db)

  3213. 	}

  3214. 	

  3215. 	user.Sub.UserId = user.Id

  3216. 	user.Sub.StripeId = sub.ID

  3217. 	user.Sub.CustomerId = user.CustomerId

  3218. 	user.Sub.PriceId = standardPriceId

  3219. 	user.Sub.End = int(sub.CurrentPeriodEnd)

  3220. 	user.Sub.Start = int(sub.CurrentPeriodStart)

  3221. 	user.Sub.ClientSecret = sub.LatestInvoice.PaymentIntent.ClientSecret

  3222. 	user.Sub.PaymentStatus = string(sub.LatestInvoice.PaymentIntent.Status)

  3223. 	user.Sub.Status = string(sub.Status)

  3224. 	

  3225. 	if user.Sub.Id != 0 {

  3226. 		err = user.Sub.insertSub(db)

  3227. 	} else {

  3228. 		user.Sub.updateSub(db)

  3229. 	}

  3230. 	

  3231. 	if err != nil {

  3232. 		http.Error(w, err.Error(), 500)

  3233. 		return

  3234. 	}

  3235. 	

  3236. 	log.Println("User subscription created:", user.Id, sub.ID)

  3237. }

  3238. 

  3239. // Handles changes to customer subscriptions sent by Stripe

  3240. func subDeleted(w http.ResponseWriter, db *sql.DB, r *http.Request) {

  3241. 	var sub stripe.Subscription

  3242. 	b, err := io.ReadAll(r.Body)

  3243. 	if err != nil {

  3244. 		http.Error(w, err.Error(), http.StatusBadRequest)

  3245. 		log.Printf("io.ReadAll: %v", err)

  3246. 		return

  3247. 	}

  3248. 	

  3249. 	event, err := webhook.ConstructEvent(b,

  3250. 	r.Header.Get("Stripe-Signature"),

  3251. 	hookKeys.SubUpdated)

  3252. 	if err != nil {

  3253. 		http.Error(w, err.Error(), http.StatusBadRequest)

  3254. 		log.Printf("webhook.ConstructEvent: %v", err)

  3255. 		return

  3256. 	}

  3257. 	

  3258. 	// OK should be sent before any processing to confirm with Stripe that

  3259. 	// the hook was received

  3260. 	w.WriteHeader(http.StatusOK)

  3261. 	if event.Type != "customer.subscription.updated" {

  3262. 		log.Println(

  3263. 		"Invalid event type sent to customer.subscription.updated.")

  3264. 		return

  3265. 	}

  3266. 	

  3267. 	json.Unmarshal(event.Data.Raw, &sub)

  3268. 	log.Println(event.Type, sub.ID, sub.Customer.ID)

  3269. 	

  3270. 	user, err := queryCustomer(db, sub.Customer.ID)

  3271. 	if err != nil {

  3272. 		log.Printf("Could not query customer: %v", err)

  3273. 		return

  3274. 	}

  3275. 	

  3276. 	if statuses[user.Status] < 5 && sub.Status == "trialing" {

  3277. 		user.Status = "Trial"

  3278. 		user.update(db)

  3279. 	} else if sub.Status != "active" {

  3280. 		user.Status = "Unsubscribed"

  3281. 		user.update(db)

  3282. 	}

  3283. 	

  3284. 	user.Sub.UserId = user.Id

  3285. 	user.Sub.StripeId = sub.ID

  3286. 	user.Sub.CustomerId = user.CustomerId

  3287. 	user.Sub.PriceId = standardPriceId

  3288. 	user.Sub.End = int(sub.CurrentPeriodEnd)

  3289. 	user.Sub.Start = int(sub.CurrentPeriodStart)

  3290. 	user.Sub.ClientSecret = sub.LatestInvoice.PaymentIntent.ClientSecret

  3291. 	user.Sub.PaymentStatus = string(sub.LatestInvoice.PaymentIntent.Status)

  3292. 	user.Sub.Status = string(sub.Status)

  3293. 	

  3294. 	if user.Sub.Id != 0 {

  3295. 		err = user.Sub.insertSub(db)

  3296. 	} else {

  3297. 		user.Sub.updateSub(db)

  3298. 	}

  3299. 	

  3300. 	if err != nil {

  3301. 		http.Error(w, err.Error(), 500)

  3302. 		return

  3303. 	}

  3304. 	

  3305. 	log.Println("User subscription created:", user.Id, sub.ID)

  3306. }

  3307. 

  3308. func api(w http.ResponseWriter, r *http.Request) {

  3309. 	var args []string

  3310. 

  3311. 	p := r.URL.Path

  3312. 	db, err := sql.Open("mysql", fmt.Sprintf("%s:%s@tcp(127.0.0.1:3306)/%s",

  3313. 		os.Getenv("DBUser"),

  3314. 		os.Getenv("DBPass"),

  3315. 		os.Getenv("DBName"),

  3316. 	))

  3317. 

  3318. 	w.Header().Set("Content-Type", "application/json; charset=UTF-8")

  3319. 

  3320. 	err = db.Ping()

  3321. 	if err != nil {

  3322. 		fmt.Println("Bad database configuration: %v\n", err)

  3323. 		panic(err)

  3324. 		// maybe os.Exit(1) instead

  3325. 	}

  3326. 

  3327. 	switch {

  3328. 	case match(p, "/api/login", &args) &&

  3329. 		r.Method == http.MethodPost:

  3330. 		login(w, db, r)

  3331. 	case match(p, "/api/token", &args) &&

  3332. 		r.Method == http.MethodGet && guard(r, 1):

  3333. 		getToken(w, db, r)

  3334. 	case match(p, "/api/letterhead", &args) &&

  3335. 		r.Method == http.MethodPost && guard(r, 1):

  3336. 		clipLetterhead(w, db, r)

  3337. 	case match(p, "/api/users", &args) && // Array of all users

  3338. 		r.Method == http.MethodGet && guard(r, 3):

  3339. 		getUsers(w, db, r)

  3340. 	case match(p, "/api/user", &args) &&

  3341. 		r.Method == http.MethodGet && guard(r, 1):

  3342. 		getUser(w, db, r)

  3343. 	case match(p, "/api/user", &args) &&

  3344. 		r.Method == http.MethodPost:

  3345. 		createUser(w, db, r)

  3346. 	case match(p, "/api/user", &args) &&

  3347. 		r.Method == http.MethodPatch &&

  3348. 		guard(r, 3): // For admin to modify any user

  3349. 		patchUser(w, db, r)

  3350. 	case match(p, "/api/user", &args) &&

  3351. 		r.Method == http.MethodPatch &&

  3352. 		guard(r, 1): // For employees to modify own accounts

  3353. 		patchSelf(w, db, r)

  3354. 	case match(p, "/api/user", &args) &&

  3355. 		r.Method == http.MethodDelete &&

  3356. 		guard(r, 3):

  3357. 		deleteUser(w, db, r)

  3358. 	case match(p, "/api/user/avatar", &args) &&

  3359. 		r.Method == http.MethodGet &&

  3360. 		guard(r, 1):

  3361. 		getAvatar(w, db, r)

  3362. 	case match(p, "/api/user/avatar", &args) &&

  3363. 		r.Method == http.MethodPost &&

  3364. 		guard(r, 1):

  3365. 		setAvatar(w, db, r)

  3366. 	case match(p, "/api/user/letterhead", &args) &&

  3367. 		r.Method == http.MethodGet &&

  3368. 		guard(r, 1):

  3369. 		getLetterhead(w, db, r)

  3370. 	case match(p, "/api/user/letterhead", &args) &&

  3371. 		r.Method == http.MethodPost &&

  3372. 		guard(r, 1):

  3373. 		setLetterhead(w, db, r)

  3374. 	case match(p, "/api/user/password", &args) &&

  3375. 		r.Method == http.MethodPost &&

  3376. 		guard(r, 1):

  3377. 		changePassword(w, db, r)

  3378. 	case match(p, "/api/user/subscribe", &args) &&

  3379. 		r.Method == http.MethodPost &&

  3380. 		guard(r, 1):

  3381. 		subscribe(w, db, r)

  3382. 	case match(p, "/api/fees", &args) &&

  3383. 		r.Method == http.MethodGet &&

  3384. 		guard(r, 1):

  3385. 		getFeesTemp(w, db, r)

  3386. 	case match(p, "/api/fee", &args) &&

  3387. 		r.Method == http.MethodPost &&

  3388. 		guard(r, 1):

  3389. 		createFeesTemp(w, db, r)

  3390. 	case match(p, "/api/fee", &args) &&

  3391. 		r.Method == http.MethodDelete &&

  3392. 		guard(r, 1):

  3393. 		deleteFeeTemp(w, db, r)

  3394. 	case match(p, "/api/estimates", &args) &&

  3395. 		r.Method == http.MethodGet &&

  3396. 		guard(r, 1):

  3397. 		fetchEstimate(w, db, r)

  3398. 	case match(p, "/api/estimate", &args) &&

  3399. 		r.Method == http.MethodPost &&

  3400. 		guard(r, 1):

  3401. 		createEstimate(w, db, r)

  3402. 	case match(p, "/api/estimate", &args) &&

  3403. 		r.Method == http.MethodDelete &&

  3404. 		guard(r, 1):

  3405. 		deleteEstimate(w, db, r)

  3406. 	case match(p, "/api/estimate/validate", &args) &&

  3407. 		r.Method == http.MethodPost &&

  3408. 		guard(r, 1):

  3409. 		validateEstimate(w, db, r)

  3410. 	case match(p, "/api/estimate/summarize", &args) &&

  3411. 		r.Method == http.MethodPost &&

  3412. 		guard(r, 1):

  3413. 		summarize(w, db, r)

  3414. 	case match(p, "/api/templates", &args) &&

  3415. 		r.Method == http.MethodGet &&

  3416. 		guard(r, 1):

  3417. 		getETemplates(w, db, r)

  3418. 	case match(p, "/api/templates", &args) &&

  3419. 		r.Method == http.MethodPost &&

  3420. 		guard(r, 1):

  3421. 		createETemplate(w, db, r)

  3422. 	case match(p, "/api/templates", &args) &&

  3423. 		r.Method == http.MethodDelete &&

  3424. 		guard(r, 1):

  3425. 		deleteET(w, db, r)

  3426. 	case match(p, "/api/pdf", &args) &&

  3427. 		r.Method == http.MethodPost &&

  3428. 		guard(r, 1):

  3429. 		getPdf(w, db, r)

  3430. 	case match(p, "/api/stripe/invoice-paid", &args) &&

  3431. 		r.Method == http.MethodPost:

  3432. 		invoicePaid(w, db, r)

  3433. 	case match(p, "/api/stripe/invoice-payment-failed", &args) &&

  3434. 		r.Method == http.MethodPost:

  3435. 		invoiceFailed(w, db, r)

  3436. 	case match(p, "/api/stripe/sub-created", &args) &&

  3437. 		r.Method == http.MethodPost:

  3438. 		subUpdated(w, db, r)

  3439. 	case match(p, "/api/stripe/sub-updated", &args) &&

  3440. 		r.Method == http.MethodPost:

  3441. 		subUpdated(w, db, r)

  3442. 	case match(p, "/api/stripe/sub-updated", &args) &&

  3443. 		r.Method == http.MethodPost:

  3444. 		subUpdated(w, db, r)

  3445. 	default:

  3446. 		http.Error(w, "Invalid route or token", 404)

  3447. 	}

  3448. 

  3449. 	db.Close()

  3450. }

  3451. 

  3452. func route(w http.ResponseWriter, r *http.Request) {

  3453. 	var page Page

  3454. 	var args []string

  3455. 	p := r.URL.Path

  3456. 

  3457. 	switch {

  3458. 	case r.Method == "GET" && match(p, "/", &args):

  3459. 		page = pages["home"]

  3460. 	case match(p, "/terms", &args):

  3461. 		page = pages["terms"]

  3462. 	case match(p, "/app", &args):

  3463. 		page = pages["app"]

  3464. 	default:

  3465. 		http.NotFound(w, r)

  3466. 		return

  3467. 	}

  3468. 

  3469. 	page.Render(w)

  3470. }

  3471. 

  3472. func serve() {

  3473. 

  3474. 	files := http.FileServer(http.Dir(""))

  3475. 

  3476. 	proxy, err := url.Parse("http://localhost:8002")

  3477. 	if err != nil {

  3478. 		log.Fatal("invalid origin server URL")

  3479. 	}

  3480. 

  3481. 	http.Handle("/assets/", files)

  3482. 	http.HandleFunc("/api/", api)

  3483. 	http.HandleFunc("/app", route)

  3484. 	http.Handle("/", httputil.NewSingleHostReverseProxy(proxy))

  3485. 	log.Fatal(http.ListenAndServe(address, nil))

  3486. }

  3487. 

  3488. func dbReset(db *sql.DB) {

  3489. 	b, err := os.ReadFile("migrations/reset.sql")

  3490. 	if err != nil {

  3491. 		log.Fatal(err)

  3492. 	}

  3493. 

  3494. 	_, err = db.Exec(string(b))

  3495. 	if err != nil {

  3496. 		log.Fatal(err)

  3497. 	}

  3498. 

  3499. 	b, err = os.ReadFile("migrations/0_29092022_setup_tables.sql")

  3500. 	if err != nil {

  3501. 		log.Fatal(err)

  3502. 	}

  3503. 

  3504. 	_, err = db.Exec(string(b))

  3505. 	if err != nil {

  3506. 		log.Fatal(err)

  3507. 	}

  3508. }

  3509. 

  3510. func generateFees(loan Loan) []Fee {

  3511. 	var fees []Fee

  3512. 	var fee Fee

  3513. 	p := gofakeit.Float32Range(0.5, 10)

  3514. 	size := gofakeit.Number(1, 10)

  3515. 

  3516. 	for f := 0; f < size; f++ {

  3517. 		fee = Fee{

  3518. 			Amount: int(float32(loan.Amount) * p / 100),

  3519. 			Perc:   p,

  3520. 			Name:   gofakeit.BuzzWord(),

  3521. 			Type:   feeTypes[gofakeit.Number(0, len(feeTypes)-1)],

  3522. 		}

  3523. 		fees = append(fees, fee)

  3524. 	}

  3525. 

  3526. 	return fees

  3527. }

  3528. 

  3529. func generateCredits(loan Loan) []Fee {

  3530. 	var fees []Fee

  3531. 	var fee Fee

  3532. 	p := gofakeit.Float32Range(-10, -0.5)

  3533. 	size := gofakeit.Number(1, 10)

  3534. 

  3535. 	for f := 0; f < size; f++ {

  3536. 		fee = Fee{

  3537. 			Amount: int(float32(loan.Amount) * p / 100),

  3538. 			Perc:   p,

  3539. 			Name:   gofakeit.BuzzWord(),

  3540. 			Type:   feeTypes[gofakeit.Number(0, len(feeTypes)-1)],

  3541. 		}

  3542. 		fees = append(fees, fee)

  3543. 	}

  3544. 

  3545. 	return fees

  3546. }

  3547. 

  3548. func seedAddresses(db *sql.DB) []Address {

  3549. 	addresses := make([]Address, 10)

  3550. 

  3551. 	for i, a := range addresses {

  3552. 		a.Street = gofakeit.Street()

  3553. 		a.City = gofakeit.City()

  3554. 		a.Region = gofakeit.State()

  3555. 		a.Country = "Canada"

  3556. 		a.Full = fmt.Sprintf("%s, %s %s", a.Street, a.City, a.Region)

  3557. 		id, err := insertAddress(db, a)

  3558. 		if err != nil {

  3559. 			log.Println(err)

  3560. 			break

  3561. 		}

  3562. 		addresses[i].Id = id

  3563. 	}

  3564. 

  3565. 	return addresses

  3566. }

  3567. 

  3568. func seedBranches(db *sql.DB, addresses []Address) []Branch {

  3569. 	branches := make([]Branch, 4)

  3570. 

  3571. 	for i := range branches {

  3572. 		branches[i].Name = gofakeit.Company()

  3573. 		branches[i].Type = "NMLS"

  3574. 		branches[i].Letterhead = gofakeit.ImagePng(400, 200)

  3575. 		branches[i].Num = gofakeit.HexUint8()

  3576. 		branches[i].Phone = gofakeit.Phone()

  3577. 		branches[i].Address.Id = gofakeit.Number(1, 5)

  3578. 		id, err := insertBranch(db, branches[i])

  3579. 		if err != nil {

  3580. 			log.Println(err)

  3581. 			break

  3582. 		}

  3583. 		branches[i].Id = id

  3584. 	}

  3585. 

  3586. 	return branches

  3587. }

  3588. 

  3589. func seedUsers(db *sql.DB, addresses []Address, branches []Branch) []User {

  3590. 	users := make([]User, 10)

  3591. 

  3592. 	for i := range users {

  3593. 		p := gofakeit.Person()

  3594. 		users[i].FirstName = p.FirstName

  3595. 		users[i].LastName = p.LastName

  3596. 		users[i].Email = p.Contact.Email

  3597. 		users[i].Phone = p.Contact.Phone

  3598. 		users[i].Branch = branches[gofakeit.Number(0, 3)]

  3599. 		users[i].Address = addresses[gofakeit.Number(1, 9)]

  3600. 		// users[i].Letterhead = gofakeit.ImagePng(400, 200)

  3601. 		// users[i].Avatar = gofakeit.ImagePng(200, 200)

  3602. 		users[i].Country = []string{"Canada", "USA"}[gofakeit.Number(0, 1)]

  3603. 		users[i].Password = "test123"

  3604. 		users[i].Verified = true

  3605. 		users[i].Title = "Loan Officer"

  3606. 		users[i].Status = "Subscriber"

  3607. 		users[i].Role = "User"

  3608. 	}

  3609. 

  3610. 	users[0].Email = "test@example.com"

  3611. 	users[0].Email = "test@example.com"

  3612. 

  3613. 	users[1].Email = "test2@example.com"

  3614. 	users[1].Status = "Branch"

  3615. 	users[1].Role = "Manager"

  3616. 

  3617. 	users[2].Email = "test3@example.com"

  3618. 	users[2].Status = "Free"

  3619. 	users[2].Role = "Admin"

  3620. 

  3621. 	for i := range users {

  3622. 		var err error

  3623. 		users[i].Id, err = insertUser(db, users[i])

  3624. 		if err != nil {

  3625. 			log.Println(err)

  3626. 			break

  3627. 		}

  3628. 	}

  3629. 

  3630. 	return users

  3631. }

  3632. 

  3633. func seedLicenses(db *sql.DB, users []User) []License {

  3634. 	licenses := make([]License, len(users))

  3635. 

  3636. 	for i := range licenses {

  3637. 		licenses[i].UserId = users[i].Id

  3638. 		licenses[i].Type = []string{"NMLS", "FSRA"}[gofakeit.Number(0, 1)]

  3639. 		licenses[i].Num = gofakeit.UUID()

  3640. 		id, err := insertLicense(db, licenses[i])

  3641. 		if err != nil {

  3642. 			log.Println(err)

  3643. 			break

  3644. 		}

  3645. 		licenses[i].Id = id

  3646. 	}

  3647. 

  3648. 	return licenses

  3649. }

  3650. 

  3651. func seedLoanTypes(db *sql.DB) []LoanType {

  3652. 	var loantypes []LoanType

  3653. 	var loantype LoanType

  3654. 	var err error

  3655. 

  3656. 	loantype = LoanType{Branch: 0, User: 0, Name: "Conventional"}

  3657. 	loantype.Id, err = insertLoanType(db, loantype)

  3658. 	if err != nil {

  3659. 		panic(err)

  3660. 	}

  3661. 	loantypes = append(loantypes, loantype)

  3662. 

  3663. 	loantype = LoanType{Branch: 0, User: 0, Name: "FHA"}

  3664. 	loantype.Id, err = insertLoanType(db, loantype)

  3665. 	if err != nil {

  3666. 		panic(err)

  3667. 	}

  3668. 	loantypes = append(loantypes, loantype)

  3669. 

  3670. 	loantype = LoanType{Branch: 0, User: 0, Name: "USDA"}

  3671. 	loantype.Id, err = insertLoanType(db, loantype)

  3672. 	if err != nil {

  3673. 		panic(err)

  3674. 	}

  3675. 	loantypes = append(loantypes, loantype)

  3676. 

  3677. 	loantype = LoanType{Branch: 0, User: 0, Name: "VA"}

  3678. 	loantype.Id, err = insertLoanType(db, loantype)

  3679. 	if err != nil {

  3680. 		panic(err)

  3681. 	}

  3682. 	loantypes = append(loantypes, loantype)

  3683. 

  3684. 	return loantypes

  3685. }

  3686. 

  3687. func seedEstimates(db *sql.DB, users []User, ltypes []LoanType) []Estimate {

  3688. 	var estimates []Estimate

  3689. 	var estimate Estimate

  3690. 	var l Loan

  3691. 	var err error

  3692. 

  3693. 	for i := 0; i < 15; i++ {

  3694. 		estimate = Estimate{}

  3695. 		estimate.User = users[gofakeit.Number(0, len(users)-1)].Id

  3696. 		estimate.Borrower = Borrower{

  3697. 			Credit: gofakeit.Number(600, 800),

  3698. 			Income: gofakeit.Number(1000000, 15000000),

  3699. 			Num:    gofakeit.Number(1, 20),

  3700. 		}

  3701. 		estimate.Transaction = []string{"Purchase", "Refinance"}[gofakeit.Number(0, 1)]

  3702. 		estimate.Price = gofakeit.Number(50000, 200000000)

  3703. 		estimate.Property =

  3704. 			propertyTypes[gofakeit.Number(0, len(propertyTypes)-1)]

  3705. 		estimate.Occupancy =

  3706. 			[]string{"Primary", "Secondary", "Investment"}[gofakeit.Number(0, 2)]

  3707. 		estimate.Zip = gofakeit.Zip()

  3708. 

  3709. 		lsize := gofakeit.Number(1, 6)

  3710. 		for j := 0; j < lsize; j++ {

  3711. 			l.Type = ltypes[gofakeit.Number(0, len(ltypes)-1)]

  3712. 			l.Amount = gofakeit.Number(

  3713. 				int(float32(estimate.Price)*0.5),

  3714. 				int(float32(estimate.Price)*0.93))

  3715. 			l.Term = gofakeit.Number(4, 30)

  3716. 			l.Hoi = gofakeit.Number(50000, 700000)

  3717. 			l.Hazard = gofakeit.Number(5000, 200000)

  3718. 			l.Tax = gofakeit.Number(5000, 200000)

  3719. 			l.Interest = gofakeit.Float32Range(0.5, 8)

  3720. 			l.Fees = generateFees(l)

  3721. 			l.Credits = generateCredits(l)

  3722. 			l.Name = gofakeit.AdjectiveDescriptive()

  3723. 			estimate.Loans = append(estimate.Loans, l)

  3724. 		}

  3725. 

  3726. 		estimates = append(estimates, estimate)

  3727. 	}

  3728. 

  3729. 	estimates[0].User = users[0].Id

  3730. 	estimates[1].User = users[0].Id

  3731. 

  3732. 	for i := range estimates {

  3733. 		err = estimates[i].insertEstimate(db)

  3734. 		if err != nil {

  3735. 			log.Println(err)

  3736. 			return estimates

  3737. 		}

  3738. 	}

  3739. 

  3740. 	return estimates

  3741. }

  3742. 

  3743. func seedResults(db *sql.DB, estimates []Estimate) error {

  3744. 	var err error

  3745. 

  3746. 	for i := range estimates {

  3747. 		estimates[i].makeResults()

  3748. 		err = estimates[i].insertResults(db)

  3749. 		if err != nil {

  3750. 			log.Println(err)

  3751. 			return err

  3752. 		}

  3753. 	}

  3754. 

  3755. 	return nil

  3756. }

  3757. 

  3758. func dbSeed(db *sql.DB) {

  3759. 	addresses := seedAddresses(db)

  3760. 	branches := seedBranches(db, addresses)

  3761. 	users := seedUsers(db, addresses, branches)

  3762. 	_ = seedLicenses(db, users)

  3763. 	loantypes := seedLoanTypes(db)

  3764. 	estimates := seedEstimates(db, users, loantypes)

  3765. 	_ = seedResults(db, estimates)

  3766. }

  3767. 

  3768. func dev(args []string) {

  3769. 	os.Setenv("DBName", "skouter_dev")

  3770. 	os.Setenv("DBUser", "tester")

  3771. 	os.Setenv("DBPass", "test123")

  3772. 	stripe.Key = os.Getenv("STRIPE_SECRET_KEY")

  3773. 	standardPriceId = "price_1OZLK9BPMoXn2pf9kuTAf8rs"

  3774. 	hookKeys = HookKeys{

  3775. 		InvoicePaid: os.Getenv("DEV_WEBHOOK_KEY"),

  3776. 		InvoiceFailed: os.Getenv("DEV_WEBHOOK_KEY"),

  3777. 	}

  3778. 

  3779. 	db, err := sql.Open("mysql",

  3780. 		fmt.Sprintf("%s:%s@tcp(127.0.0.1:3306)/%s?multiStatements=true",

  3781. 			os.Getenv("DBUser"),

  3782. 			os.Getenv("DBPass"),

  3783. 			os.Getenv("DBName"),

  3784. 		))

  3785. 

  3786. 	err = db.Ping()

  3787. 	if err != nil {

  3788. 		log.Println("Bad database configuration: %v", err)

  3789. 		panic(err)

  3790. 		// maybe os.Exit(1) instead

  3791. 	}

  3792. 

  3793. 	if len(args) == 0 {

  3794. 		serve()

  3795. 		return

  3796. 	}

  3797. 

  3798. 	switch args[0] {

  3799. 	case "seed":

  3800. 		dbSeed(db)

  3801. 	case "reset":

  3802. 		dbReset(db)

  3803. 	default:

  3804. 		return

  3805. 	}

  3806. 

  3807. 	db.Close()

  3808. }

  3809. 

  3810. func check(args []string) {

  3811. 	os.Setenv("DBName", "skouter_dev")

  3812. 	os.Setenv("DBUser", "tester")

  3813. 	os.Setenv("DBPass", "test123")

  3814. 	files := http.FileServer(http.Dir(""))

  3815. 

  3816. 	http.Handle("/assets/", files)

  3817. 	http.HandleFunc("/", checkPdf)

  3818. 	log.Fatal(http.ListenAndServe(address, nil))

  3819. }

  3820. 

  3821. func main() {

  3822. 	if len(os.Args) <= 1 {

  3823. 		serve()

  3824. 		return

  3825. 	}

  3826. 

  3827. 	switch os.Args[1] {

  3828. 	case "dev":

  3829. 		dev(os.Args[2:])

  3830. 	case "checkpdf":

  3831. 		check(os.Args[2:])

  3832. 	default:

  3833. 		return

  3834. 	}

  3835. }