2023-01-17 09:40:22 +00:00
|
|
|
package pkg
|
2023-01-13 19:43:42 +00:00
|
|
|
|
|
|
|
import (
|
2023-02-03 11:30:56 +00:00
|
|
|
"github.com/julienschmidt/httprouter"
|
2023-05-14 16:46:16 +00:00
|
|
|
"mime"
|
|
|
|
"net/http"
|
2023-01-13 19:43:42 +00:00
|
|
|
)
|
|
|
|
|
Implement login cookie, its verification, and logout
At first i thought that i would need to implement sessions, the ones
that keep small files onto the disk, to know which user is talking to
the server, but then i realized that, for now at least, i only need a
very large number, plus the email address, to be used as a lookup, and
that can be stored in the user table, in a separate schema.
Had to change login to avoid raising exceptions when login failed
because i now keep a record of login attemps, and functions are always
run in a single transaction, thus the exception would prevent me to
insert into login_attempt. Even if i use a separate procedure, i could
not keep the records.
I did not want to add a parameter to the logout function because i was
afraid that it could be called from separate users. I do not know
whether it is possible with the current approach, since the settings
variable is also set by the same applications; time will tell.
2023-01-17 19:48:50 +00:00
|
|
|
func NewRouter(db *Db) http.Handler {
|
2023-02-03 11:30:56 +00:00
|
|
|
companyRouter := httprouter.New()
|
|
|
|
companyRouter.GET("/profile", GetProfileForm)
|
|
|
|
companyRouter.POST("/profile", HandleProfileForm)
|
|
|
|
companyRouter.GET("/tax-details", GetCompanyTaxDetailsForm)
|
|
|
|
companyRouter.POST("/tax-details", HandleCompanyTaxDetailsForm)
|
|
|
|
companyRouter.POST("/tax", HandleAddCompanyTax)
|
|
|
|
companyRouter.DELETE("/tax/:taxId", HandleDeleteCompanyTax)
|
2023-03-03 15:49:06 +00:00
|
|
|
companyRouter.POST("/payment-method", HandleAddPaymentMethod)
|
|
|
|
companyRouter.DELETE("/payment-method/:paymentMethodId", HandleDeletePaymentMethod)
|
2023-02-03 11:30:56 +00:00
|
|
|
companyRouter.GET("/contacts", IndexContacts)
|
|
|
|
companyRouter.POST("/contacts", HandleAddContact)
|
2023-02-03 12:29:10 +00:00
|
|
|
companyRouter.GET("/contacts/:slug", GetContactForm)
|
|
|
|
companyRouter.PUT("/contacts/:slug", HandleUpdateContact)
|
2023-05-12 09:32:39 +00:00
|
|
|
companyRouter.PUT("/contacts/:slug/tags", HandleUpdateContactTags)
|
|
|
|
companyRouter.GET("/contacts/:slug/tags/edit", ServeEditContactTags)
|
2023-02-04 10:32:39 +00:00
|
|
|
companyRouter.GET("/products", IndexProducts)
|
|
|
|
companyRouter.POST("/products", HandleAddProduct)
|
|
|
|
companyRouter.GET("/products/:slug", GetProductForm)
|
|
|
|
companyRouter.PUT("/products/:slug", HandleUpdateProduct)
|
2023-05-09 10:18:31 +00:00
|
|
|
companyRouter.PUT("/products/:slug/tags", HandleUpdateProductTags)
|
|
|
|
companyRouter.GET("/products/:slug/tags/edit", ServeEditProductTags)
|
2023-02-11 21:16:48 +00:00
|
|
|
companyRouter.GET("/invoices", IndexInvoices)
|
|
|
|
companyRouter.POST("/invoices", HandleAddInvoice)
|
Convert invoices to PDF with WeasyPrint
Although it is possible to just print the invoice from the browser, many
people will not even try an assume that they can not create a PDF for
the invoice.
I thought of using Groff or TeX to create the PDF, but it would mean
maintaining two templates in two different systems (HTML and whatever i
would use), and would probably look very different, because i do not
know Groff or TeX that well.
I wish there was a way to tell the browser to print to PDF, and it can
be done, but only with the Chrome Protocol to a server-side running
Chrome instance. This works, but i would need a Chrome running as a
daemon.
I also wrote a Qt application that uses QWebEngine to print the PDF,
much like wkhtmltopdf, but with support for more recent HTML and CSS
standards. Unfortunately, Qt 6.4’s embedded Chromium does not follow
break-page-inside as well as WeasyPrint does.
To use WeasyPrint, at first i wanted to reach the same URL as the user,
passing the cookie to WeasyPrint so that i can access the same invoice
as the user, something that can be done with wkhtmltopdf, but WeasyPrint
does not have such option. I did it with a custom Python script, but
then i need to package and install that script, that is not that much
work, but using the Debian-provided script is even less work, and less
likely to drift when WeasyPrint changes API.
Also, it is unnecessary to do a network round-trip from Go to Python
back to Go, because i can already write the invoice HTML as is to
WeasyPrint’s stdin.
2023-02-26 16:26:09 +00:00
|
|
|
companyRouter.GET("/invoices/:slug", ServeInvoice)
|
2023-03-07 10:52:09 +00:00
|
|
|
companyRouter.PUT("/invoices/:slug", HandleUpdateInvoice)
|
2023-03-13 14:00:35 +00:00
|
|
|
companyRouter.POST("/invoices/:slug", HandleNewInvoiceAction)
|
|
|
|
companyRouter.GET("/invoices/:slug/edit", ServeEditInvoice)
|
|
|
|
companyRouter.POST("/invoices/:slug/edit", HandleEditInvoiceAction)
|
Allow editing invoice tags inline from the index table
I use the same pattern as HTMx’s “Click to Edit” example[0], except that
my edit form is triggered by submit and by focus out of the tags input.
I could not, however, use the standard focus out event because it would
also trigger when removing a tag with the mouse, as for a moment the
remove button has the focus and the search input dispatches a bubbling
focusout. I had to resort to a custom event for that, but i am not
happy with it.
The autofocus attribute seems to do nothing in this case, so i need to
manually change the focus to the new input with JavaScript. However,
this means that i can not use the same input ID for all the forms
because getElementById would always return the first in document order,
changing the focus to that same element and automatically submit the
form due to focus out. That’s why in this form i append the invoice’s
slug to the input’s ID.
Finally, this is the first time i am using an HTMx-only solution and i
needed a way to return back just the HTML for the <td>, without <title>,
breadcrumbs, or <dialog>. In principle, the template would be the
“layout”, but then i would need to modify everything to check whether
the template file is empty, or something to that effect, so instead i
created a “standalone” template for these cases.
[0]: https://htmx.org/examples/click-to-edit/
2023-04-11 08:46:27 +00:00
|
|
|
companyRouter.PUT("/invoices/:slug/tags", HandleUpdateInvoiceTags)
|
|
|
|
companyRouter.GET("/invoices/:slug/tags/edit", ServeEditInvoiceTags)
|
2023-06-07 14:35:31 +00:00
|
|
|
companyRouter.GET("/quotes", IndexQuotes)
|
|
|
|
companyRouter.POST("/quotes", HandleAddQuote)
|
|
|
|
companyRouter.GET("/quotes/:slug", ServeQuote)
|
|
|
|
companyRouter.PUT("/quotes/:slug", HandleUpdateQuote)
|
|
|
|
companyRouter.POST("/quotes/:slug", HandleNewQuoteAction)
|
|
|
|
companyRouter.GET("/quotes/:slug/edit", ServeEditQuote)
|
|
|
|
companyRouter.POST("/quotes/:slug/edit", HandleEditQuoteAction)
|
|
|
|
companyRouter.PUT("/quotes/:slug/tags", HandleUpdateQuoteTags)
|
|
|
|
companyRouter.GET("/quotes/:slug/tags/edit", ServeEditQuoteTags)
|
2023-04-24 00:00:38 +00:00
|
|
|
companyRouter.GET("/search/products", HandleProductSearch)
|
2023-05-03 10:46:25 +00:00
|
|
|
companyRouter.GET("/expenses", IndexExpenses)
|
|
|
|
companyRouter.POST("/expenses", HandleAddExpense)
|
|
|
|
companyRouter.GET("/expenses/:slug", ServeExpenseForm)
|
2023-05-05 08:59:35 +00:00
|
|
|
companyRouter.PUT("/expenses/:slug", HandleUpdateExpense)
|
2023-05-08 10:58:54 +00:00
|
|
|
companyRouter.PUT("/expenses/:slug/tags", HandleUpdateExpenseTags)
|
|
|
|
companyRouter.GET("/expenses/:slug/tags/edit", ServeEditExpenseTags)
|
2023-05-14 16:46:16 +00:00
|
|
|
companyRouter.GET("/expenses/:slug/download/:filename", ServeExpenseAttachment)
|
2023-05-16 12:56:49 +00:00
|
|
|
companyRouter.GET("/", ServeDashboard)
|
Add the company relation and read-only form to edit
I do not have more time to update the update to the company today, but i
believe this is already a good amount of work for a commit.
The company is going to be used for row level security, as users will
only have access to the data from companies they are granted access, by
virtue of being in the company_user relation.
I did not know how add a row level security policy to the company_user
because i needed the to select on the same relation and this is not
allowed, because it would create an infinite loop.
Had to add the vat, pg_libphonenumber, and uri extensions in order to
validate VAT identification numbers, phone numbers, and URIs,
repectively. These libraries are not in Debian, but i created packages
for them all in https://dev.tandem.ws/tandem.
2023-01-24 20:46:07 +00:00
|
|
|
|
2023-02-03 11:30:56 +00:00
|
|
|
router := httprouter.New()
|
|
|
|
router.ServeFiles("/static/*filepath", http.Dir("web/static"))
|
|
|
|
router.GET("/login", GetLoginForm)
|
|
|
|
router.POST("/login", HandleLoginForm)
|
|
|
|
router.POST("/logout", Authenticated(HandleLogout))
|
|
|
|
|
|
|
|
companyHandler := Authenticated(CompanyHandler(companyRouter))
|
|
|
|
router.GET("/company/:slug/*rest", companyHandler)
|
|
|
|
router.POST("/company/:slug/*rest", companyHandler)
|
|
|
|
router.PUT("/company/:slug/*rest", companyHandler)
|
|
|
|
router.DELETE("/company/:slug/*rest", companyHandler)
|
|
|
|
|
|
|
|
router.GET("/", func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
|
Implement login cookie, its verification, and logout
At first i thought that i would need to implement sessions, the ones
that keep small files onto the disk, to know which user is talking to
the server, but then i realized that, for now at least, i only need a
very large number, plus the email address, to be used as a lookup, and
that can be stored in the user table, in a separate schema.
Had to change login to avoid raising exceptions when login failed
because i now keep a record of login attemps, and functions are always
run in a single transaction, thus the exception would prevent me to
insert into login_attempt. Even if i use a separate procedure, i could
not keep the records.
I did not want to add a parameter to the logout function because i was
afraid that it could be called from separate users. I do not know
whether it is possible with the current approach, since the settings
variable is also set by the same applications; time will tell.
2023-01-17 19:48:50 +00:00
|
|
|
user := getUser(r)
|
|
|
|
if user.LoggedIn {
|
Add the company relation and read-only form to edit
I do not have more time to update the update to the company today, but i
believe this is already a good amount of work for a commit.
The company is going to be used for row level security, as users will
only have access to the data from companies they are granted access, by
virtue of being in the company_user relation.
I did not know how add a row level security policy to the company_user
because i needed the to select on the same relation and this is not
allowed, because it would create an infinite loop.
Had to add the vat, pg_libphonenumber, and uri extensions in order to
validate VAT identification numbers, phone numbers, and URIs,
repectively. These libraries are not in Debian, but i created packages
for them all in https://dev.tandem.ws/tandem.
2023-01-24 20:46:07 +00:00
|
|
|
conn := getConn(r)
|
2023-02-04 09:43:42 +00:00
|
|
|
company := &Company{
|
|
|
|
Slug: conn.MustGetText(r.Context(), "", "select slug::text from company order by company_id limit 1"),
|
|
|
|
}
|
|
|
|
http.Redirect(w, r, companyURI(company, "/"), http.StatusFound)
|
Implement login cookie, its verification, and logout
At first i thought that i would need to implement sessions, the ones
that keep small files onto the disk, to know which user is talking to
the server, but then i realized that, for now at least, i only need a
very large number, plus the email address, to be used as a lookup, and
that can be stored in the user table, in a separate schema.
Had to change login to avoid raising exceptions when login failed
because i now keep a record of login attemps, and functions are always
run in a single transaction, thus the exception would prevent me to
insert into login_attempt. Even if i use a separate procedure, i could
not keep the records.
I did not want to add a parameter to the logout function because i was
afraid that it could be called from separate users. I do not know
whether it is possible with the current approach, since the settings
variable is also set by the same applications; time will tell.
2023-01-17 19:48:50 +00:00
|
|
|
} else {
|
Add Catalan and Spanish translation with gotext[3]
I had to choose between [1], [2], and [3].
As far as i could find, [1] is not easy to work with templates[4] and at
the moment is not maintained[5].
Both [2] and [3] use the same approach to be used from within templates:
you have to define a FuncMap with template functions that call the
message catalog. Also, both libraries seems to be reasonably
maintained, and have packages in Debian’s repository.
However, [2] repeats the same mistakes that POSIX did with its
catalogs—using identifiers that are not the strings in the source
language—, however this time the catalogs are written in JSON or YAML!
This, somehow, makes things worse….
[3], the one i settled with, is fine and decently maintained. There are
some surprising things, such as to be able to use directly the PO file,
and that it has higher priority over the corresponding MO, or that the
order of parameters is reversed in respect to gettext. However, it uses
a saner format, and is a lot easier to work with than [3].
The problem, of course, is that xgettext does not know how to find
translatable strings inside the template. [3] includes a CLI tool
similar to xgettext, but is not a drop-in replacement[6] and does not
process templates.
The proper way to handle this would be to add a parser to xgettext, but
for now i found out that if i surround the call to the translation
functions from within the template with parentheses, i can trick
xgettext into believing it is parsing Scheme code, and extracts the
strings successfully—at least, for what i have tried. Had to add the
keyword for pgettext, because Schemed does not have it, but at least i
can do that with command line parameters.
For now i left only Spanish and Catalan as the two available languages,
even though the source text is written in English, because that way i
can make sure i do not leave strings untranslated.
[1]: https://golang.org/x/text
[2]: https://github.com/nicksnyder/go-i18n
[3]: https://github.com/leonelquinteros/gotext
[4]: https://github.com/golang/go/issues/39954
[5]: https://github.com/golang/go/issues/12750
[6]: https://github.com/leonelquinteros/gotext/issues/38
2023-01-18 18:07:42 +00:00
|
|
|
http.Redirect(w, r, "/login", http.StatusSeeOther)
|
2023-01-13 19:43:42 +00:00
|
|
|
}
|
|
|
|
})
|
2023-02-03 11:30:56 +00:00
|
|
|
|
2023-01-13 19:43:42 +00:00
|
|
|
var handler http.Handler = router
|
2023-02-03 11:30:56 +00:00
|
|
|
handler = MethodOverrider(handler)
|
|
|
|
handler = LocaleSetter(db, handler)
|
|
|
|
handler = LoginChecker(db, handler)
|
Implement login cookie, its verification, and logout
At first i thought that i would need to implement sessions, the ones
that keep small files onto the disk, to know which user is talking to
the server, but then i realized that, for now at least, i only need a
very large number, plus the email address, to be used as a lookup, and
that can be stored in the user table, in a separate schema.
Had to change login to avoid raising exceptions when login failed
because i now keep a record of login attemps, and functions are always
run in a single transaction, thus the exception would prevent me to
insert into login_attempt. Even if i use a separate procedure, i could
not keep the records.
I did not want to add a parameter to the logout function because i was
afraid that it could be called from separate users. I do not know
whether it is possible with the current approach, since the settings
variable is also set by the same applications; time will tell.
2023-01-17 19:48:50 +00:00
|
|
|
handler = Recoverer(handler)
|
2023-01-17 09:40:22 +00:00
|
|
|
handler = Logger(handler)
|
2023-01-13 19:43:42 +00:00
|
|
|
return handler
|
|
|
|
}
|
2023-02-03 11:30:56 +00:00
|
|
|
|
|
|
|
func MethodOverrider(next http.Handler) http.Handler {
|
|
|
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
|
|
if r.Method == http.MethodPost {
|
2023-05-14 16:46:16 +00:00
|
|
|
contentType := r.Header.Get("Content-Type")
|
|
|
|
contentType, _, err := mime.ParseMediaType(contentType)
|
|
|
|
if err != nil {
|
2023-02-03 11:30:56 +00:00
|
|
|
http.Error(w, err.Error(), http.StatusBadRequest)
|
|
|
|
return
|
|
|
|
}
|
2023-05-14 16:46:16 +00:00
|
|
|
if contentType == "multipart/form-data" {
|
|
|
|
if err := r.ParseMultipartForm(20 << 20); err != nil {
|
|
|
|
http.Error(w, err.Error(), http.StatusBadRequest)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
if err := r.ParseForm(); err != nil {
|
|
|
|
http.Error(w, err.Error(), http.StatusBadRequest)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
}
|
2023-02-03 12:29:10 +00:00
|
|
|
override := r.FormValue(overrideMethodName)
|
2023-02-03 11:30:56 +00:00
|
|
|
if override == http.MethodDelete || override == http.MethodPut {
|
|
|
|
r2 := new(http.Request)
|
|
|
|
*r2 = *r
|
|
|
|
r2.Method = override
|
|
|
|
r = r2
|
|
|
|
}
|
|
|
|
}
|
|
|
|
next.ServeHTTP(w, r)
|
|
|
|
})
|
|
|
|
}
|