v1.1

.gitignore

@@ -126,3 +126,6 @@ fabric.properties
 # Android studio 3.1+ serialized cache file
 .idea/caches/build_file_checksums.ser
 
+luggagelocator-all
+luggagelocator.tar.gz
+LuggageLocator

.idea/vcs.xml

@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="VcsDirectoryMappings">
+    <mapping directory="$PROJECT_DIR$" vcs="Git" />
+  </component>
+</project>

README.md

@@ -1,13 +1,32 @@
 # LuggageTracker
 
+## TODO
+- Geo Tagging when scanned
+
 ## Envs
-- PORT            | 8080
+- PORT.................| 8080
-- DB_USER         | user
+- DB_USER..............| user
-- DB_PASS         | pass
+- DB_PASS..............| pass
-- DB_HOST         | 10.0.0.1
+- DB_HOST..............| 10.0.0.1
-- DB_PORT         | 3306
+- DB_PORT..............| 3306
-- DB_SCHEMA       | luggage
+- DB_SCHEMA............| luggage
-- DB_CA_CERT_PATH | /etc/ssl/ca-cert.pem
+- DB_CA_CERT_PATH......| /etc/ssl/ca-cert.pem
-- DB_CERT_PATH    | /etc/ssl/client-cert.pem
+- DB_CERT_PATH.........| /etc/ssl/client-cert.pem
-- DB_KEY_PATH     | /etc/ssl/private/client-key.pem
+- DB_KEY_PATH..........| /etc/ssl/private/client-key.pem
-- DB_SKIP_VERIFY  | true
+- DB_SKIP_VERIFY.......| true
+- SECURE_SESSION.......| true
+- AUTHENTICATION_KEY...| xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx=
+- ENCRYPTION_KEY.......| xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx=
+- CORS_ALLOWED_ORIGINS.| http://localhost:8080,https://example.com
+
+## Endpoints
+### GET
+- /
+- /ping
+- /api/u/:user
+  - requires `token` query param
+- /api/verify/:user
+  - requires `Authorization` header to be set to `Basic (code)`
+- /u/:user
+- /u/:user/info
+  - requires `token` query param

build.bat

@@ -0,0 +1,21 @@
+@echo off
+title Building LuggageLocator
+
+set GOARCH=amd64
+set GOOS=linux
+set GIN_MODE=release
+go build -ldflags="-s -w" -o LuggageLocator .
+
+mkdir luggagelocator-all
+rmdir /s /q .\luggagelocator-all
+mkdir luggagelocator-all
+
+xcopy /S .\html .\luggagelocator-all\html\
+xcopy /S .\static .\luggagelocator-all\static\
+xcopy /S .\templates .\luggagelocator-all\templates\
+xcopy .\formatDB.sql .\luggagelocator-all\
+xcopy .\LuggageLocator .\luggagelocator-all\
+xcopy .\README.md .\luggagelocator-all\
+
+del /s /q .\luggagelocator.tar.gz
+tar -czvf luggagelocator.tar.gz luggagelocator-all

db.go

@@ -1,12 +1,14 @@
 package main
 
 import (
+	"crypto/rand"
 	"crypto/tls"
 	"crypto/x509"
 	"database/sql"
 	"errors"
 	"fmt"
 	"github.com/go-sql-driver/mysql"
+	"io"
 	"log"
 	"os"
 	"strconv"
@@ -17,7 +19,8 @@ type LDB struct {
 	db *sql.DB
 }
 
-var NoEntriesFoundError error = errors.New("no entries found")
+var NoEntriesFoundError = errors.New("no entries found")
+var CodeExistsError = errors.New("code already exists")
 
 func createTLSConf(skipVerify bool) tls.Config {
 	rootCertPool := x509.NewCertPool()
@@ -90,11 +93,11 @@ func connect() *LDB {
 	return &LDB{db}
 }
 
-func (ldb *LDB) queryUser(userName string) (u *User, newError error) {
+func (ldb *LDB) queryUser(userName string) (*User, error) {
 	db := ldb.db
 
 	queryStr := `
-		SELECT users.user_name, users.secret_codes, users.current_token, users.contact_number, users.email_address, 
+		SELECT users.user_name, users.contact_name, users.secret_codes, users.current_token, users.contact_number, users.email_address, 
 			addresses.street1, addresses.street2, addresses.city, addresses.state, addresses.postal_code, 
 			addresses.country, addresses.created_at, addresses.updated_at 
 		FROM users
@@ -114,7 +117,7 @@ func (ldb *LDB) queryUser(userName string) (u *User, newError error) {
 		return nil, NoEntriesFoundError
 	}
 	user := new(User)
-	err = res.Scan(&user.UserName, &user.SecretCodes, &user.CurrentToken, &user.ContactNumber, &user.EmailAddress,
+	err = res.Scan(&user.UserName, &user.ContactName, &user.SecretCodes, &user.CurrentToken, &user.ContactNumber, &user.EmailAddress,
 		&user.MailingAddress.Street1, &user.MailingAddress.Street2, &user.MailingAddress.City,
 		&user.MailingAddress.State, &user.MailingAddress.PostalCode, &user.MailingAddress.Country,
 		&user.MailingAddress.CreatedAt, &user.MailingAddress.UpdatedAt,
@@ -125,6 +128,81 @@ func (ldb *LDB) queryUser(userName string) (u *User, newError error) {
 	return user, nil
 }
 
+func RandNum(length int) string {
+	b := make([]byte, length)
+	n, err := io.ReadAtLeast(rand.Reader, b, length)
+	if n != length {
+		panic(err)
+	}
+	for i := 0; i < len(b); i++ {
+		b[i] = table[int(b[i])%len(table)]
+	}
+	return string(b)
+}
+
+var table = [...]byte{'1', '2', '3', '4', '5', '6', '7', '8', '9', '0'}
+
+func (ldb *LDB) createUser(user *User) (*string, error) {
+	db := ldb.db
+
+	insertStr := `
+		INSERT INTO addresses(street1, street2, city, state, postal_code, country, created_at, updated_at)
+		VALUES (?, ?, ?, ?, ?, ?, ?, ?);
+		SELECT last_insert_id();
+`
+	stmt, err := db.Prepare(insertStr)
+	if err != nil {
+		return nil, err
+	}
+	row := stmt.QueryRow(
+		user.MailingAddress.Street1, user.MailingAddress.Street2, user.MailingAddress.City, user.MailingAddress.State,
+		user.MailingAddress.PostalCode, user.MailingAddress.Country, time.Now(), time.Now(),
+	)
+	var id int64
+	err = row.Scan(&id)
+	if err != nil {
+		return nil, err
+	}
+	insertStr = `
+		INSERT INTO users(user_name, contact_name, secret_codes, contact_number, email_address, mailing_address)
+		VALUES (?, ?, ?, ?, ?, ?);
+`
+	stmt, err = db.Prepare(insertStr)
+	if err != nil {
+		return nil, err
+	}
+
+	code := RandNum(6)
+	_, err = stmt.Exec(user.UserName, user.ContactName, code, user.ContactName, user.EmailAddress, user.MailingAddress)
+	if err != nil {
+		return nil, err
+	}
+	return &code, nil
+}
+
+func (ldb *LDB) getUsers() ([]string, error) {
+	db := ldb.db
+
+	queryStr := `
+		SELECT user_name FROM users;
+`
+	rows, err := db.Query(queryStr)
+	if err != nil {
+		return nil, err
+	}
+
+	var users []string
+	var user string
+	for rows.Next() {
+		err = rows.Scan(&user)
+		if err != nil {
+			return nil, err
+		}
+		users = append(users, user)
+	}
+	return users, nil
+}
+
 func (ldb *LDB) updateToken(userName string, token string) error {
 	db := ldb.db
 
@@ -143,3 +221,53 @@ func (ldb *LDB) updateToken(userName string, token string) error {
 	}
 	return nil
 }
+
+// Creates an 8-digit token with GenerateToken, then inserts it into the db
+// If the generated token already exists it will be regenerated up to 10 times
+// Returns the token and any errors
+func (ldb *LDB) createRegistrationCode() (*string, error) {
+	db := ldb.db
+	code, err := GenerateToken(8)
+	if err != nil {
+		return nil, err
+	}
+
+	for i := 0; i < 10; i++ {
+		_, err = db.Exec(
+			"INSERT INTO registration_codes (registration_code, expiration) VALUES (?, ?)",
+			code, time.Now(),
+		)
+		if err == nil {
+			return &code, nil
+		}
+
+		var mySqlErr *mysql.MySQLError
+		if errors.As(err, &mySqlErr) && mySqlErr.Number == 1062 {
+			continue
+		}
+
+		return nil, err
+	}
+
+	return nil, errors.New("could not generate a unique token after 10 retries")
+}
+
+// Queries DB for any matching code
+// Returns no error if code is found
+// Otherwise returns NoEntryFoundError
+func (ldb *LDB) checkRegistrationCode(code string) error {
+	db := ldb.db
+
+	querySql := `
+		SELECT * FROM registration_codes
+		WHERE registration_code=?;
+`
+	rows, err := db.Query(querySql, code)
+	if err != nil {
+		return err
+	}
+	if rows.Next() {
+		return nil
+	}
+	return NoEntriesFoundError
+}

formatDB.sql

@@ -14,6 +14,7 @@ CREATE TABLE addresses (
 CREATE TABLE users (
     id BIGINT NOT NULL AUTO_INCREMENT,
     user_name TEXT NOT NULL,
+    contact_name TEXT NOT NULL,
     secret_codes TEXT NOT NULL,
     current_token TEXT,
     token_creation TIMESTAMP,
@@ -21,5 +22,22 @@ CREATE TABLE users (
     email_address TEXT NOT NULL,
     mailing_address BIGINT NOT NULL,
     PRIMARY KEY (id),
-    FOREIGN KEY (mailing_address) REFERENCES addresses(id)
+    FOREIGN KEY (mailing_address) REFERENCES addresses(id),
+    UNIQUE (user_name)
+);
+
+CREATE TABLE accounts(
+                         id BIGINT NOT NULL AUTO_INCREMENT,
+                         email TEXT NOT NULL,
+                         passwordHash TEXT NOT NULL,
+                         PRIMARY KEY (id),
+                         UNIQUE (email)
+);
+
+CREATE TABLE registration_codes(
+    id BIGINT AUTO_INCREMENT NOT NULL,
+    registration_code TEXT NOT NULL,
+    expiration TIMESTAMP NOT NULL,
+    PRIMARY KEY (id),
+    UNIQUE (registration_code)
 );

go.mod

@@ -1,32 +1,42 @@
 module LuggageLocatorBackend
 
-go 1.23.2
+go 1.24.2
+
+toolchain go1.24.5
 
 require (
+	github.com/JGLTechnologies/gin-rate-limit v1.5.6
 	github.com/gin-contrib/cors v1.7.6
 	github.com/gin-gonic/gin v1.10.1
 	github.com/go-sql-driver/mysql v1.9.3
+	github.com/golang-jwt/jwt/v4 v4.5.2
 )
 
 require (
 	filippo.io/edwards25519 v1.1.0 // indirect
 	github.com/bytedance/sonic v1.13.3 // indirect
 	github.com/bytedance/sonic/loader v0.2.4 // indirect
+	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/cloudwego/base64x v0.1.5 // indirect
+	github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect
 	github.com/gabriel-vasile/mimetype v1.4.9 // indirect
+	github.com/gin-contrib/sessions v1.0.4 // indirect
 	github.com/gin-contrib/sse v1.1.0 // indirect
 	github.com/go-playground/locales v0.14.1 // indirect
 	github.com/go-playground/universal-translator v0.18.1 // indirect
 	github.com/go-playground/validator/v10 v10.26.0 // indirect
 	github.com/goccy/go-json v0.10.5 // indirect
+	github.com/gorilla/context v1.1.2 // indirect
+	github.com/gorilla/securecookie v1.1.2 // indirect
+	github.com/gorilla/sessions v1.4.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/klauspost/cpuid/v2 v2.2.10 // indirect
-	github.com/kr/text v0.2.0 // indirect
 	github.com/leodido/go-urn v1.4.0 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/pelletier/go-toml/v2 v2.2.4 // indirect
+	github.com/redis/go-redis/v9 v9.7.3 // indirect
 	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
 	github.com/ugorji/go/codec v1.3.0 // indirect
 	golang.org/x/arch v0.18.0 // indirect

go.sum

@@ -1,21 +1,32 @@
 filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA=
 filippo.io/edwards25519 v1.1.0/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4=
+github.com/JGLTechnologies/gin-rate-limit v1.5.6 h1:BrL2wXrF7SSqmB88YTGFVKMGVcjURMUeKqwQrlmzweI=
+github.com/JGLTechnologies/gin-rate-limit v1.5.6/go.mod h1:fwUuBegxLKm8+/4ST0zDFssRFTFaVZ7bH3ApK7iNZww=
+github.com/bsm/ginkgo/v2 v2.12.0 h1:Ny8MWAHyOepLGlLKYmXG4IEkioBysk6GpaRTLC8zwWs=
+github.com/bsm/ginkgo/v2 v2.12.0/go.mod h1:SwYbGRRDovPVboqFv0tPTcG1sN61LM1Z4ARdbAV9g4c=
+github.com/bsm/gomega v1.27.10 h1:yeMWxP2pV2fG3FgAODIY8EiRE3dy0aeFYt4l7wh6yKA=
+github.com/bsm/gomega v1.27.10/go.mod h1:JyEr/xRbxbtgWNi8tIEVPUYZ5Dzef52k01W3YH0H+O0=
 github.com/bytedance/sonic v1.13.3 h1:MS8gmaH16Gtirygw7jV91pDCN33NyMrPbN7qiYhEsF0=
 github.com/bytedance/sonic v1.13.3/go.mod h1:o68xyaF9u2gvVBuGHPlUVCy+ZfmNNO5ETf1+KgkJhz4=
 github.com/bytedance/sonic/loader v0.1.1/go.mod h1:ncP89zfokxS5LZrJxl5z0UJcsk4M4yY2JpfqGeCtNLU=
 github.com/bytedance/sonic/loader v0.2.4 h1:ZWCw4stuXUsn1/+zQDqeE7JKP+QO47tz7QCNan80NzY=
 github.com/bytedance/sonic/loader v0.2.4/go.mod h1:N8A3vUdtUebEY2/VQC0MyhYeKUFosQU6FxH2JmUe6VI=
+github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
+github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/cloudwego/base64x v0.1.5 h1:XPciSp1xaq2VCSt6lF0phncD4koWyULpl5bUxbfCyP4=
 github.com/cloudwego/base64x v0.1.5/go.mod h1:0zlkT4Wn5C6NdauXdJRhSKRlJvmclQ1hhJgA0rcu/8w=
 github.com/cloudwego/iasm v0.2.0/go.mod h1:8rXZaNYT2n95jn+zTI1sDr+IgcD2GVs0nlbbQPiEFhY=
-github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f h1:lO4WD4F/rVNCu3HqELle0jiPLLBs70cWOduZpkS1E78=
+github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f/go.mod h1:cuUVRXasLTGF7a8hSLbxyZXjz+1KgoB3wDUb6vlszIc=
 github.com/gabriel-vasile/mimetype v1.4.9 h1:5k+WDwEsD9eTLL8Tz3L0VnmVh9QxGjRmjBvAG7U/oYY=
 github.com/gabriel-vasile/mimetype v1.4.9/go.mod h1:WnSQhFKJuBlRyLiKohA/2DtIlPFAbguNaG7QCHcyGok=
 github.com/gin-contrib/cors v1.7.6 h1:3gQ8GMzs1Ylpf70y8bMw4fVpycXIeX1ZemuSQIsnQQY=
 github.com/gin-contrib/cors v1.7.6/go.mod h1:Ulcl+xN4jel9t1Ry8vqph23a60FwH9xVLd+3ykmTjOk=
+github.com/gin-contrib/sessions v1.0.4 h1:ha6CNdpYiTOK/hTp05miJLbpTSNfOnFg5Jm2kbcqy8U=
+github.com/gin-contrib/sessions v1.0.4/go.mod h1:ccmkrb2z6iU2osiAHZG3x3J4suJK+OU27oqzlWOqQgs=
 github.com/gin-contrib/sse v1.1.0 h1:n0w2GMuUpWDVp7qSpvze6fAu9iRxJY4Hmj6AmBOU05w=
 github.com/gin-contrib/sse v1.1.0/go.mod h1:hxRZ5gVpWMT7Z0B0gSNYqqsSCNIJMjzvm6fqCz9vjwM=
 github.com/gin-gonic/gin v1.10.1 h1:T0ujvqyCSqRopADpgPgiTT63DUQVSfojyME59Ei63pQ=
@@ -32,9 +43,17 @@ github.com/go-sql-driver/mysql v1.9.3 h1:U/N249h2WzJ3Ukj8SowVFjdtZKfu9vlLZxjPXV1
 github.com/go-sql-driver/mysql v1.9.3/go.mod h1:qn46aNg1333BRMNU69Lq93t8du/dwxI64Gl8i5p1WMU=
 github.com/goccy/go-json v0.10.5 h1:Fq85nIqj+gXn/S5ahsiTlK3TmC85qgirsdTP/+DeaC4=
 github.com/goccy/go-json v0.10.5/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PULtXL6M=
+github.com/golang-jwt/jwt/v4 v4.5.2 h1:YtQM7lnr8iZ+j5q71MGKkNw9Mn7AjHM68uc9g5fXeUI=
+github.com/golang-jwt/jwt/v4 v4.5.2/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
 github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
 github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/gorilla/context v1.1.2 h1:WRkNAv2uoa03QNIc1A6u4O7DAGMUVoopZhkiXWA2V1o=
+github.com/gorilla/context v1.1.2/go.mod h1:KDPwT9i/MeWHiLl90fuTgrt4/wPcv75vFAZLaOOcbxM=
+github.com/gorilla/securecookie v1.1.2 h1:YCIWL56dvtr73r6715mJs5ZvhtnY73hBvEF8kXD8ePA=
+github.com/gorilla/securecookie v1.1.2/go.mod h1:NfCASbcHqRSY+3a8tlWJwsQap2VX5pwzwo4h3eOamfo=
+github.com/gorilla/sessions v1.4.0 h1:kpIYOp/oi6MG/p5PgxApU8srsSw9tuFbt46Lt7auzqQ=
+github.com/gorilla/sessions v1.4.0/go.mod h1:FLWm50oby91+hl7p/wRxDth9bWSuk0qVL2emc7lT5ik=
 github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
 github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
 github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
@@ -58,6 +77,8 @@ github.com/pelletier/go-toml/v2 v2.2.4 h1:mye9XuhQ6gvn5h28+VilKrrPoQVanw5PMw/TB0
 github.com/pelletier/go-toml/v2 v2.2.4/go.mod h1:2gIqNv+qfxSVS7cM2xJQKtLSTLUE9V8t9Stt+h56mCY=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/redis/go-redis/v9 v9.7.3 h1:YpPyAayJV+XErNsatSElgRZZVCwXX9QzkKYNvO7x0wM=
+github.com/redis/go-redis/v9 v9.7.3/go.mod h1:bGUrSggJ9X9GUmZpZNEOQKaANxSGgOEBRltRTZHSvrA=
 github.com/rogpeppe/go-internal v1.8.0 h1:FCbCCtXNOY3UtUuHUYaghJg4y7Fd14rXifAYUAtL9R8=
 github.com/rogpeppe/go-internal v1.8.0/go.mod h1:WmiCO8CzOY8rg0OYDC4/i/2WRWAB6poM+XZ2dLUbcbE=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=

html/genqr.html

@@ -0,0 +1,69 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, internal-scale=1, viewport-fit=cover">
+    <title>My Luggage Info</title>
+    <link rel="stylesheet" href="/static/style.css?v=43">
+</head>
+<body>
+
+<header class="header">
+    <a class="icon-link" href="/">
+        <img class="header-icon" src="/static/icon.png" alt="icon"/>
+    </a>
+    <h1 class="title">My Luggage Info</h1>
+    <div class="spacer"></div>
+</header>
+<div class="container">
+    <div class="content flex-vertical">
+        <div class="section-one">
+            <h1>QR Code</h1>
+            <a id="qr-link" href="">
+                <div id="qr"></div>
+            </a>
+        </div>
+        <div class="section-two">
+            <div id="loading"></div>
+        </div>
+    </div>
+</div>
+
+<footer class="footer">
+    <p class="footer-text">Made hastily by <a class="footer-text" href="https://www.linkedin.com/in/steven-tracey18/">Steven Tracey</a></p>
+</footer>
+
+<script src="/static/qrcode.min.js"></script>
+<script>
+    const path = window.location.pathname;
+    const parts = path.split("/");
+    const user = parts.pop();
+    let url = location.protocol + "//" + location.host + "/u/" + user.toLowerCase();
+
+    const qrcode = new QRCode(document.getElementById('qr'), {
+        text: url,
+        width: 1024,
+        height: 1024,
+        colorDark : '#000',
+        colorLight : '#fff',
+        correctLevel : QRCode.CorrectLevel.L
+    });
+
+    let qrLink = document.getElementById("qr-link");
+    let qrImg = document.querySelector("#qr img");
+    console.log(qrImg.src);
+    qrLink.setAttribute("download", "qrcode-" + user.toLowerCase() + ".png");
+
+    const delay = ms => new Promise(res => setTimeout(res, ms));
+    const setHref = async () => {
+        while (!qrLink.href.startsWith("data:")) {
+            await delay(100);
+            qrLink.setAttribute("href", qrImg.src);
+            console.log("Refreshing...");
+        }
+        document.getElementById("loading").remove();
+    };
+    setHref();
+</script>
+</body>
+</html>

html/home.html

@@ -2,18 +2,21 @@
 <html lang="en">
 <head>
     <meta charset="UTF-8">
-    <title>Luggage Tracker</title>
+    <meta name="viewport" content="width=device-width, internal-scale=1, viewport-fit=cover">
-    <link rel="stylesheet" href="/static/style.css">
+    <title>My Luggage Info</title>
+    <link rel="stylesheet" href="/static/style.css?v=43">
 </head>
 <body>
 
 <header class="header">
-    <img class="header-icon" src="/static/icon.png" alt="icon"/>
+    <a class="icon-link" href="/">
-    <h1 class="title">Luggage Tracker</h1>
+        <img class="header-icon" src="/static/icon.png" alt="icon"/>
+    </a>
+    <h1 class="title">My Luggage Info</h1>
     <div class="spacer"></div>
 </header>
 <div class="container">
-    <div class="content">
+    <div class="content flex-vertical">
         <h3>Registration</h3>
         <p>Contact Steven Tracey
             <a class="contact-link" href="mailto:steven@nevets.tech?subject=QR%20Generator%20-%20(Your%20Name)&body=Name%3A%0APhone%20Number%3A%0AEmail%20Address%3A%0AMailing%20Address%3A%0AStreet%3A%0ACity%3A%0AZip%3A%0AState%3A%0ACountry%3A">via email</a>
@@ -26,4 +29,3 @@
 </footer>
 </body>
 </html>
-

html/register.html

@@ -0,0 +1,65 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, internal-scale=1, viewport-fit=cover">
+    <title>My Luggage Info</title>
+    <link rel="stylesheet" href="/static/style.css?v=43">
+</head>
+<body>
+
+<header class="header">
+    <a class="icon-link" href="/">
+        <img class="header-icon" src="/static/icon.png" alt="icon"/>
+    </a>
+    <h1 class="title">My Luggage Info</h1>
+    <div class="spacer"></div>
+</header>
+<div class="container">
+    <div class="content flex-vertical">
+        <div class="section-one">
+            <h1>Registration</h1>
+        </div>
+        <div class="section-two">
+            <form id="reg-form" accept-charset="UTF-8" action="/api/register" method="post">
+                <div class="inputs">
+                    <div class="flex flex-vertical">
+                        <label class="label-left" for="name">Name</label>
+                        <input id="name" name="name" type="text" placeholder="John Doe">
+                        <label class="label-left" for="user-id">User ID</label>
+                        <input id="user-id" name="user-id" type="text" placeholder="jdoe">
+                        <label class="label-left" for="email">Email Address</label>
+                        <input id="email" name="email" type="text" placeholder="johndoe@example.com">
+                        <label class="label-left" for="phone-number">Phone Number</label>
+                        <input id="phone-number" name="phone-number" type="text" placeholder="+1(212)555-1234">
+                        <label class="label-left" for="registration_code">Registration Code</label>
+                        <input id="registration_code" name="registration_code" type="text" placeholder="xxxxxxxx">
+                        <p id="msg-box"></p>
+                    </div>
+                    <div class="flex flex-vertical">
+                        <label class="label-left" for="street1">Street Line 1</label>
+                        <input id="street1" name="street1" type="text" placeholder="123 Main Street">
+                        <label class="label-left" for="street2">Street Line 2</label>
+                        <input id="street2" name="street2" type="text" placeholder="(Optional)">
+                        <label class="label-left" for="city">City</label>
+                        <input id="city" name="city" type="text" placeholder="Anytown">
+                        <label class="label-left" for="state">State</label>
+                        <input id="state" name="state" type="text" placeholder="New York">
+                        <label class="label-left" for="postal-code">Postal Code</label>
+                        <input id="postal-code" name="postal-code" type="text" placeholder="12345">
+                        <label class="label-left" for="country">Country</label>
+                        <input id="country" name="country" type="text" placeholder="United States">
+                    </div>
+                </div>
+                <input class="btn" type="submit" value="Register">
+            </form>
+        </div>
+    </div>
+</div>
+
+<footer class="footer">
+    <p class="footer-text">Made hastily by <a class="footer-text" href="https://www.linkedin.com/in/steven-tracey18/">Steven Tracey</a></p>
+</footer>
+<script src="/static/register.js"></script>
+</body>
+</html>

html/verify.html

@@ -0,0 +1,36 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, internal-scale=1, viewport-fit=cover">
+    <title>My Luggage Info</title>
+    <link rel="stylesheet" href="/static/style.css?v=43">
+</head>
+<body>
+
+<header class="header">
+    <a class="icon-link" href="/">
+        <img class="header-icon" src="/static/icon.png" alt="icon"/>
+    </a>
+    <h1 class="title">My Luggage Info</h1>
+    <div class="spacer"></div>
+</header>
+<div class="container">
+    <div class="content flex-vertical">
+        <div class="section-one flex-horizontal">
+            <label for="code">Secret Code (SC):</label>
+            <input id="code" type="text">
+            <button id="submitBtn" class="btn">Submit</button>
+        </div>
+        <div class="section-two flex-vertical">
+            <p id="status" class="hidden"></p>
+        </div>
+    </div>
+</div>
+
+<footer class="footer">
+    <p class="footer-text">Made hastily by <a class="footer-text" href="https://www.linkedin.com/in/steven-tracey18/">Steven Tracey</a></p>
+</footer>
+<script src="/static/verify.js"></script>
+</body>
+</html>

main.go

@@ -2,84 +2,18 @@ package main
 
 import (
 	"context"
-	"crypto/rand"
-	"database/sql"
-	"encoding/base64"
-	"errors"
-	"fmt"
 	"github.com/gin-contrib/cors"
 	"github.com/gin-gonic/gin"
 	"log"
-	"net/http"
+	"os"
 	"strings"
 	"time"
 )
 
-type Address struct {
+var db *LDB
-	Id         int64     `json:"address_id"`
-	Street1    string    `json:"street1"`
-	Street2    *string   `json:"street2,omitempty"`
-	City       string    `json:"city"`
-	State      *string   `json:"state,omitempty"`
-	PostalCode string    `json:"postal_code"`
-	Country    string    `json:"country"`
-	CreatedAt  time.Time `json:"created_at"`
-	UpdatedAt  time.Time `json:"updated_at"`
-}
-
-type User struct {
-	Status         int32  `json:"status"`
-	Id             int64  `json:"user_id"`
-	UserName       string `json:"user_name"`
-	SecretCodes    string `json:"secret_codes"`
-	CurrentToken   *string
-	ContactNumber  string  `json:"contact_number"`
-	EmailAddress   string  `json:"email_address"`
-	MailingAddress Address `json:"mailing_address"`
-}
-
-func GenerateToken(n int) (string, error) {
-	b := make([]byte, n)
-	if _, err := rand.Read(b); err != nil {
-		return "", fmt.Errorf("reading random bytes: %w\n", err)
-	}
-	return base64.RawURLEncoding.EncodeToString(b), nil
-}
-
-func startCleanupLoop(ctx context.Context, db *sql.DB, interval, ttl time.Duration) {
-	ticker := time.NewTicker(interval)
-	defer ticker.Stop()
-
-	for {
-		select {
-		case <-ctx.Done():
-			return
-
-		case <-ticker.C:
-			if err := cleanupExpired(db, ttl); err != nil {
-				log.Printf("token cleanup error: %v\n", err)
-			}
-		}
-	}
-}
-
-func cleanupExpired(db *sql.DB, ttl time.Duration) error {
-	sqlStmt := `
-		DELETE FROM users
-        WHERE token_creation < DATE_SUB(NOW(), INTERVAL ? SECOND);
-`
-	res, err := db.Exec(sqlStmt, int(ttl.Seconds()))
-	if err != nil {
-		return err
-	}
-
-	n, _ := res.RowsAffected()
-	log.Printf("token cleanup: deleted %d rows\n", n)
-	return nil
-}
 
 func main() {
-	db := connect()
+	db = connect()
 	defer db.db.Close()
 
 	ctx, cancel := context.WithCancel(context.Background())
@@ -87,9 +21,14 @@ func main() {
 	go startCleanupLoop(ctx, db.db, time.Hour, 24*time.Hour)
 
 	r := gin.Default()
+	gin.SetMode(gin.ReleaseMode)
+	//createSessionStore()
+	//r.Use(sessions.Sessions("luggageinfo_session", sessionStore))
+	createRateLimiters()
 
+	allowedOrigins := strings.Split(os.Getenv("CORS_ALLOWED_ORIGINS"), ",")
 	r.Use(cors.New(cors.Config{
-		AllowOrigins:     []string{"http://localhost:8080", "http://localhost:8000"},
+		AllowOrigins:     allowedOrigins,
 		AllowMethods:     []string{"GET", "POST"},
 		AllowHeaders:     []string{"Origin", "Content-Type", "Authorization"},
 		ExposeHeaders:    []string{"Content-Length", "Authorization"},
@@ -98,127 +37,28 @@ func main() {
 
 	r.Static("/static", "./static")
 	r.StaticFile("/favicon.ico", "./static/favicon.ico")
+	r.LoadHTMLGlob("./templates/*")
 
-	r.GET("/", func(c *gin.Context) {
+	r.GET("/", htmlRL, webRoot)
-		c.File("./static/index.html")
+	//r.GET("/register", htmlRL, webRegister)
-	})
+	//r.GET("/register/success", htmlRL, webRegisterSuccess)
+	r.GET("/qr/:user", htmlRL, webQr)
+	r.GET("/ping", webPing)
 
 	api := r.Group("/api")
-	api.GET("/luggage/:user", func(c *gin.Context) {
+	api.GET("/u/:user", jsonRL, webUserApi)
-		user, err := db.queryUser(c.Param("user"))
+	api.GET("/verify/:user", jsonRL, webVerifyUserApi)
-		if err != nil {
+	api.GET("/checkname/:user", jsonRL, webCheckNameApi)
-			if errors.Is(err, NoEntriesFoundError) {
+	//api.POST("/register", jsonRL, webRegisterApi)
-				c.AbortWithStatusJSON(http.StatusNotFound, gin.H{
-					"error": "User not found",
-				})
-			} else {
-				fmt.Printf("Error: %s\n", err)
-				c.AbortWithStatus(http.StatusBadRequest)
-			}
-		} else {
-			c.JSON(http.StatusOK, user)
-		}
-	})
-	api.GET("/verify/:user", func(c *gin.Context) {
-		user, err := db.queryUser(c.Param("user"))
-		if err != nil {
-			if errors.Is(err, NoEntriesFoundError) {
-				c.AbortWithStatusJSON(http.StatusNotFound, gin.H{
-					"status": 404,
-					"user":   "",
-					"error":  "User not found",
-				})
-			} else {
-				fmt.Printf("Error: %s\n", err)
-				c.AbortWithStatusJSON(http.StatusBadRequest, gin.H{
-					"status": 500,
-					"user":   "",
-					"error":  err.Error(),
-				})
-			}
-		} else {
-			codes := strings.Split(user.SecretCodes, "'")
-			responded := false
-			for _, code := range codes {
-				codeHeader := c.GetHeader("Authorization")
-				reqCode := strings.Split(codeHeader, " ")
-				if strings.Compare(code, reqCode[len(reqCode)-1]) == 0 {
-					token, err := GenerateToken(16)
-					if err != nil {
-						c.JSON(http.StatusInternalServerError, gin.H{
-							"status": 500,
-							"user":   "",
-							"error":  err.Error(),
-						})
-						responded = true
-						break
-					} else {
-						err = db.updateToken(user.UserName, token)
-						if err != nil {
-							c.JSON(http.StatusInternalServerError, gin.H{
-								"status": 500,
-								"user":   "",
-								"error":  err.Error(),
-							})
-							responded = true
-							break
-						} else {
-							user.Status = 200
-							c.JSON(http.StatusOK, gin.H{
-								"status": 200,
-								"user":   user.UserName,
-								"error":  "",
-								"token":  token,
-							})
-							responded = true
-							break
-						}
-					}
-				}
-			}
-			if !responded {
-				c.JSON(http.StatusNotFound, gin.H{
-					"status": "404",
-					"user":   "",
-					"error":  "User not found",
-				})
-			}
-		}
-	})
-	api.GET("/ping", func(c *gin.Context) {
-		c.JSON(http.StatusOK, gin.H{
-			"message": "pong",
-		})
-	})
 
-	r.GET("/u/:user/info", func(c *gin.Context) {
+	user := r.Group("/u")
-		user, err := db.queryUser(c.Param("user"))
+	user.GET("/:user", htmlRL, webUser)
-		if user.CurrentToken == nil {
+	user.GET("/:user/info", htmlRL, webUserInfo)
-			c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{
+
-				"status": 403,
+	//auth := r.Group("/auth")
-				"error":  "Unauthorized",
+	//auth.GET("/login", htmlRL, webLoginAuth)
-			})
+	//auth.POST("/login", htmlRL, webLoginAuthPost)
-		} else if strings.Compare(c.Query("token"), *user.CurrentToken) == 0 {
+	//auth.GET("/logout", htmlRL, webLogoutAuth)
-			if err != nil {
-				if errors.Is(err, NoEntriesFoundError) {
-					c.AbortWithStatusJSON(http.StatusNotFound, gin.H{
-						"error": "User not found",
-					})
-				} else {
-					fmt.Printf("Error: %s\n", err)
-					c.AbortWithStatus(http.StatusBadRequest)
-				}
-			} else {
-				c.JSON(http.StatusOK, user)
-			}
-		} else {
-			c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{
-				"status": 403,
-				"user":   "",
-				"error":  "Unauthorized",
-			})
-		}
-	})
 
 	err := r.Run()
 	if err != nil {

renderHtml.bat

@@ -0,0 +1,20 @@
+@echo off
+title Render HTML from PHP
+
+del /s /q .\html\*
+del /s /q .\static\style.css
+del /s /q .\static\verify.js
+del /s /q .\static\register.js
+del /s /q .\templates\*
+
+curl -o ./html/home.html http://localhost:8080/home.php
+curl -o ./html/register.html http://localhost:8080/register.php
+curl -o ./html/verify.html http://localhost:8080/verify.php
+curl -o ./html/genqr.html http://localhost:8080/genqr.php
+
+curl -o ./templates/base.html.tmpl http://localhost:8080/generic.php
+curl -o ./templates/info.html.tmpl http://localhost:8080/info.php
+
+curl -o ./static/verify.js http://localhost:8080/static/verify.js
+curl -o ./static/register.js http://localhost:8080/static/register.js
+curl -o ./static/style.css http://localhost:8080/static/style.css

static/register.js

@@ -0,0 +1,29 @@
+const form = document.getElementById("reg-form");
+
+form.addEventListener("submit", async (event) => {
+    event.preventDefault();
+
+    let userId = document.getElementById("user-id").value;
+    let msgBox = document.getElementById("msg-box");
+    try {
+        const response = await fetch(`/api/checkname/${userId}`, {
+            method: "GET",
+        });
+
+        if (response.status === 409) {
+            msgBox.innerText = "Entry with id \"" + userId + "\" already in use";
+            return;
+        } else if (!response.ok) {
+            throw new Error(`Server Error: ${response.status}`);
+        }
+
+        const data = await response.json();
+        console.log("Fetch successful:", data);
+
+        form.submit();
+
+    } catch (error) {
+        console.error("Fetch failed:", error);
+        msgBox.innerText = "Internal Error: " + error;
+    }
+});

static/style.css

@@ -1,5 +1,6 @@
 :root {
     --dark: #1f363dff;
+    --dark-click: #152429;
     --mid-dark: #40798cff;
     --mid: #70a9a1ff;
     --mid-light: #9ec1a3ff;
@@ -7,43 +8,184 @@
     font-family: Verdana,sans-serif;
 }
 
-body {
+@media only screen and (min-width: 300px) {
-    margin: 0;
+    body {
+        margin: 0;
+        height: 92vh;
+        display: flex;
+        flex-direction: column;
+    }
+
+    .header {
+        display: flex;
+        flex: 0 0 auto;
+        align-items: center;
+        justify-content: space-between;
+        background-color: var(--mid-dark);
+        padding: 0 1rem;
+        height: 120px;
+    }
+
+    .spacer {
+        flex: 0 0 72px;
+    }
+
+    .header-icon {
+        display: block;
+        flex: 0 0 72px;
+        width: 85px;
+        height: 85px;
+    }
+
+    .footer {
+        background-color: var(--dark);
+        display: flex;
+        flex: 0 0 auto;
+        height: 120px;
+    }
+
+    .content {
+        display: flex;
+        width: 85vw;
+        max-width: 800px;
+        padding: 1.5rem;
+        background: white;
+        border-radius: 15px;
+        text-align: center;
+    }
+
+    .content input {
+        font-size: 16px;
+    }
+
+    .btn {
+        color: var(--dark);
+        background-color: var(--light);
+        border-radius: 8px;
+        border: 2px solid;
+        border-color: var(--dark);
+        padding: 8px 12px;
+        text-align: center;
+        text-decoration: none;
+        font-size: 16px;
+        cursor: pointer;
+    }
+
+    .align-left {
+        align-items: flex-start;
+        margin-left: 5vw;
+    }
+
+    .inputs {
+        display: flex;
+        flex: 1 0 auto;
+        flex-direction: column;
+    }
+
+    .inputs div {
+        flex: 1 0 auto;
+    }
+
+    .inputs input {
+        margin-bottom: 10px;
+    }
 }
 
-.header {
+@media only screen and (min-width: 700px) {
-    display: flex;
+    body {
-    align-items: center;            /* vertical centering */
+        margin: 0;
-    justify-content: space-between; /* icon left, spacer right */
+        height: 100vh;
-    background-color: var(--mid-dark);
+        display: flex;
-    padding: 0 1rem;
+        flex-direction: column;
-    height: 80px;
+    }
-}
 
-.spacer {
+    .header {
-    flex: 0 0 64px; /* or your icon’s width */
+        display: flex;
-}
+        flex: 0 0 auto;
+        align-items: center;
+        justify-content: space-between;
+        background-color: var(--mid-dark);
+        padding: 0 1rem;
+        height: 80px;
+    }
 
-.header-icon {
+    .spacer {
-    display: block;            /* remove inline whitespace */
+        flex: 0 0 64px;
-    flex: 0 0 64px; /* or your icon’s width */
+    }
-    width: 15vw;               /* fill the 64px container */
+
-    height: auto;              /* keep aspect ratio */
+    .icon-link {
-    max-height: 80px;          /* never exceed 80px bar height */
+        display: flex;
+    }
+
+    .header-icon {
+        display: block;
+        flex: 0 0 64px;
+        width: 80px;
+        height: 80px;
+    }
+
+    .footer {
+        background-color: var(--dark);
+        display: flex;
+        flex: 0 0 auto;
+        height: 80px;
+    }
+
+    .content {
+        display: flex;
+        width: 90vw;
+        max-width: 800px;
+        padding: 1.5rem;
+        background: white;
+        border-radius: 5px;
+        text-align: center;
+    }
+
+    .content input {
+        font-size: 16px;
+    }
+
+    .btn {
+        color: var(--dark);
+        background-color: var(--light);
+        border-radius: 8px;
+        border: 2px solid;
+        border-color: var(--dark);
+        padding: 8px 12px;
+        text-align: center;
+        text-decoration: none;
+        font-size: 16px;
+        cursor: pointer;
+    }
+
+    .align-left {
+        align-items: flex-start;
+        margin-left: 5vw;
+    }
+
+    .inputs {
+        display: flex;
+        flex: 1 0 auto;
+        flex-direction: row;
+        justify-content: space-between;
+        column-gap: 5vw;
+    }
+
+    .inputs div {
+        flex: 1 0 auto;
+    }
+
+    .inputs input {
+        margin-bottom: 10px;
+    }
 }
 
 .title {
-    flex: 1;              /* take up all the space between */
+    flex: 1;
-    text-align: center;   /* center text within that space */
+    text-align: center;
     color: var(--light);
 }
 
-.footer {
-    background-color: var(--dark);
-    display: flex;
-    height: 80px;
-}
-
 .footer-text {
     display: inherit;
     align-content: center;
@@ -78,7 +220,11 @@ body {
 }
 
 .container {
-    padding: 20vh 0 calc(80vh - 303px) 0;
+    flex: 1 0 auto;
+    display: flex;
+    justify-content: center;
+    align-items: center;
+    padding: 0;
     background-image: linear-gradient(
             to bottom right,
             var(--mid-light),
@@ -86,13 +232,8 @@ body {
     );
 }
 
-.content {
+.content h1 {
-    margin: 0 auto;
+    text-align: center;
-    width: 90vw;            /* takes 90% of viewport (or container) width */
-    max-width: 800px;      /* but never wider than 800px */
-    padding: 1.5rem;       /* give it some breathing room inside */
-    background: white;
-    border-radius: 5px;
 }
 
 .content h3 {
@@ -101,4 +242,81 @@ body {
 
 .content p {
     text-align: center;
+}
+
+.content button:hover {
+    color: var(--light);
+    background-color: var(--dark);
+}
+
+.content button:active {
+    background-color: var(--dark-click);
+}
+
+.flex {
+    display: flex;
+}
+
+.flex-vertical {
+    /*display: flex;*/
+    flex-direction: column;
+}
+
+.flex-horizontal {
+    /*display: flex;*/
+    flex-direction: row;
+}
+
+.hidden {
+    display: none;
+}
+
+.section-one {
+    flex: 0 0 auto;
+}
+
+.section-two {
+    display: flex;
+    flex: 1 0 auto;
+}
+
+.label-left {
+    text-align: left;
+}
+
+#reg-form {
+    flex: 1 0 auto;
+}
+
+#status {
+    margin-bottom: 0;
+}
+
+#qr-link {
+    display: inline-flex;
+}
+
+#qr {
+    display: flex;
+    justify-content: center;
+}
+
+#qr img {
+    width: auto;
+    height: 60vh;
+}
+
+#loading {
+    display: inline-block;
+    width: 50px;
+    height: 50px;
+    border: 3px solid var(--mid-light);
+    border-radius: 50%;
+    border-top-color: var(--mid-dark);
+    animation: spin 1s ease-in-out infinite;
+    -webkit-animation: spin 1s ease-in-out infinite;
+}
+
+@keyframes spin {
+    to { transform: rotate(360deg); }
 }

static/verify.js

@@ -0,0 +1,39 @@
+let submitBtn = document.getElementById("submitBtn");
+submitBtn.addEventListener('click', function(e) {
+    let code = document.getElementById("code").value.replaceAll(" ", "");
+
+    const path = window.location.pathname;
+    const parts = path.split("/");
+    const user = parts.pop().toLowerCase();
+
+    fetch("/api/verify/" + user, {
+        method: 'GET',
+        headers: {
+            'Content-Type': 'application/json',
+            'Authorization': "Basic " + code,
+        }
+    }).then(response => response.json())
+        .then(data => {
+            let statusText = document.getElementById("status");
+            statusText.classList.remove("hidden");
+            console.log("Status Code: " + data.status);
+            console.log("Code Type: " + typeof data.status)
+            if (data.status === 404) {
+                // Not found
+                statusText.innerText = "User with that code not found";
+            } else if (data.status === 200) {
+                // Display found and redirect to baseUrl/u/user/info with auth token
+                statusText.innerText = "User found, redirecting...";
+                window.location.replace("/u/" + user + "/info?token=" + data.token);
+            } else {
+                // Error
+                statusText.innerText = "Error, please send this to Steven to be fixed. Error: " + data.error;
+            }
+        })
+});
+
+document.getElementById("code").addEventListener('keyup', function(e) {
+    if (e.key === "Enter") {
+        submitBtn.click();
+    }
+});

templates/base.html.tmpl

@@ -0,0 +1,31 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, internal-scale=1, viewport-fit=cover">
+    <title>My Luggage Info</title>
+    <link rel="stylesheet" href="/static/style.css?v=43">
+</head>
+<body>
+
+<header class="header">
+    <a class="icon-link" href="/">
+        <img class="header-icon" src="/static/icon.png" alt="icon"/>
+    </a>
+    <h1 class="title">My Luggage Info</h1>
+    <div class="spacer"></div>
+</header>
+<div class="container">
+    <div class="content flex-vertical">
+        <div class="section-one">
+            <h1>{{ .header }}</h1>
+            <p>{{ .body  }}</p>
+        </div>
+    </div>
+</div>
+
+<footer class="footer">
+    <p class="footer-text">Made hastily by <a class="footer-text" href="https://www.linkedin.com/in/steven-tracey18/">Steven Tracey</a></p>
+</footer>
+</body>
+</html>

templates/info.html.tmpl

@@ -0,0 +1,36 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, internal-scale=1, viewport-fit=cover">
+    <title>My Luggage Info</title>
+    <link rel="stylesheet" href="/static/style.css?v=43">
+</head>
+<body>
+
+<header class="header">
+    <a class="icon-link" href="/">
+        <img class="header-icon" src="/static/icon.png" alt="icon"/>
+    </a>
+    <h1 class="title">My Luggage Info</h1>
+    <div class="spacer"></div>
+</header>
+<div class="container">
+    <div class="content flex-vertical">
+        <div class="section-one flex-vertical">
+            <h1>Owner Information</h1>
+        </div>
+        <div class="section-two flex-vertical align-left">
+            <p>Contact Name: {{ .contact_name }}</p>
+            <p>Phone Number: {{ .phone_number }}</p>
+            <p>Email Address: {{ .email_address }}</p>
+            <p>Address: {{ .address }}</p>
+        </div>
+    </div>
+</div>
+
+<footer class="footer">
+    <p class="footer-text">Made hastily by <a class="footer-text" href="https://www.linkedin.com/in/steven-tracey18/">Steven Tracey</a></p>
+</footer>
+</body>
+</html>

util.go

@@ -0,0 +1,86 @@
+package main
+
+import (
+	"context"
+	"crypto/rand"
+	"database/sql"
+	"encoding/base64"
+	"fmt"
+	"log"
+	"time"
+)
+
+type Address struct {
+	Id         int64     `json:"-"`
+	Street1    string    `json:"street1" form:"street1"`
+	Street2    *string   `json:"street2,omitempty" form:"street2,omitempty"`
+	City       string    `json:"city" form:"city"`
+	State      *string   `json:"state,omitempty" form:"state,omitempty"`
+	PostalCode string    `json:"postal_code" form:"postal-code"`
+	Country    string    `json:"country" form:"country"`
+	CreatedAt  time.Time `json:"-"`
+	UpdatedAt  time.Time `json:"-"`
+}
+
+type User struct {
+	Status           int32   `json:"status"`
+	Id               int64   `json:"-"`
+	UserName         string  `json:"user_name" form:"user-id"`
+	ContactName      string  `json:"contact_name" form:"name"`
+	SecretCodes      string  `json:"-"`
+	CurrentToken     *string `json:"-"`
+	ContactNumber    string  `json:"contact_number" form:"phone-number"`
+	EmailAddress     string  `json:"email_address" form:"email"`
+	MailingAddress   Address `json:"mailing_address"`
+	RegistrationCode string  `json:"-" form:"registration_code"`
+}
+
+func GenerateToken(n int) (string, error) {
+	b := make([]byte, n)
+	if _, err := rand.Read(b); err != nil {
+		return "", fmt.Errorf("reading random bytes: %w\n", err)
+	}
+	return base64.RawURLEncoding.EncodeToString(b), nil
+}
+
+func startCleanupLoop(ctx context.Context, db *sql.DB, interval, ttl time.Duration) {
+	ticker := time.NewTicker(interval)
+	defer ticker.Stop()
+
+	for {
+		select {
+		case <-ctx.Done():
+			return
+
+		case <-ticker.C:
+			if err := cleanupExpired(db, ttl); err != nil {
+				log.Printf("token cleanup error: %v\n", err)
+			}
+		}
+	}
+}
+
+func cleanupExpired(db *sql.DB, ttl time.Duration) error {
+	sqlStmt := `
+		UPDATE users
+		SET current_token=null,token_creation=null
+		WHERE token_creation < DATE_SUB(NOW(), INTERVAL ? SECOND);
+`
+	res, err := db.Exec(sqlStmt, int(ttl.Seconds()))
+	if err != nil {
+		return err
+	}
+
+	n, _ := res.RowsAffected()
+	log.Printf("Token Cleanup: updated %d rows\n", n)
+	return nil
+}
+
+func generateAESKey(keySize int) ([]byte, error) {
+	key := make([]byte, keySize)
+	_, err := rand.Read(key)
+	if err != nil {
+		return nil, err
+	}
+	return key, nil
+}

web.go

@@ -0,0 +1,308 @@
+package main
+
+import (
+	"errors"
+	"fmt"
+	ratelimit "github.com/JGLTechnologies/gin-rate-limit"
+	"github.com/gin-contrib/sessions"
+	"github.com/gin-contrib/sessions/cookie"
+	"github.com/gin-gonic/gin"
+	"html/template"
+	"net/http"
+	"os"
+	"strconv"
+	"strings"
+	"time"
+)
+
+var sessionStore sessions.Store
+var htmlRL gin.HandlerFunc
+var jsonRL gin.HandlerFunc
+
+func createSessionStore() {
+	secureBool, err := strconv.ParseBool(os.Getenv("SECURE_SESSION"))
+	if err != nil {
+		fmt.Printf("Unable to get Secure Session Env, defaulting to \"true\". Error: %v\n", err.Error())
+		secureBool = true
+	}
+
+	sessionStore = cookie.NewStore([]byte(os.Getenv("AUTHENTICATION_KEY")), []byte(os.Getenv("ENCRYPTION_KEY")))
+	sessionStore.Options(sessions.Options{
+		Path:     "/",
+		MaxAge:   60 * 60 * 24, // 1 day
+		HttpOnly: true,
+		Secure:   secureBool,
+		SameSite: http.SameSiteLaxMode,
+	})
+}
+
+func keyFunc(c *gin.Context) string {
+	return c.ClientIP()
+}
+
+func createRateLimiters() {
+	store := ratelimit.InMemoryStore(&ratelimit.InMemoryOptions{
+		Rate:  time.Second,
+		Limit: 5,
+	})
+	htmlRL = ratelimit.RateLimiter(store, &ratelimit.Options{
+		ErrorHandler: func(c *gin.Context, info ratelimit.Info) {
+			c.HTML(http.StatusTooManyRequests, "base.html.tmpl", gin.H{
+				"header": "Error",
+				"body":   fmt.Sprintf("Too many requests. Try again in %v", time.Until(info.ResetTime).String()),
+			})
+		},
+		KeyFunc: keyFunc,
+	})
+	jsonRL = ratelimit.RateLimiter(store, &ratelimit.Options{
+		ErrorHandler: func(c *gin.Context, info ratelimit.Info) {
+			c.JSON(http.StatusTooManyRequests, gin.H{})
+		},
+		KeyFunc: keyFunc,
+	})
+}
+
+func webRoot(c *gin.Context) {
+	c.File("./html/home.html")
+}
+
+func webRegister(c *gin.Context) {
+	c.File("./html/register.html")
+}
+
+func webRegisterSuccess(c *gin.Context) {
+	c.HTML(http.StatusOK, "base.html.tmpl", gin.H{
+		"header": "Registration Success",
+		"body":   "We will reach out soon to get your tag to you!",
+	})
+}
+
+func webQr(c *gin.Context) {
+	c.File("./html/genqr.html")
+}
+
+func webPing(c *gin.Context) {
+	c.JSON(http.StatusOK, gin.H{
+		"message": "pong",
+	})
+}
+
+func webUserApi(c *gin.Context) {
+	user, err := db.queryUser(strings.ToLower(c.Param("user")))
+	if err != nil {
+		if errors.Is(err, NoEntriesFoundError) {
+			c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{
+				"status": 401,
+				"error":  "Unauthorized",
+			})
+			return
+		}
+		c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{
+			"status": 500,
+			"error":  fmt.Sprintf("Internal Server Error: %s", err.Error()),
+		})
+		return
+	}
+	if user.CurrentToken == nil {
+		c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{
+			"status": 401,
+			"error":  "Unauthorized",
+		})
+		return
+	}
+	if strings.Compare(c.Query("token"), *user.CurrentToken) == 0 {
+		user.Status = 200
+		c.JSON(http.StatusOK, user)
+		return
+	}
+	c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{
+		"status": 401,
+		"error":  "Unauthorized",
+	})
+}
+
+func webVerifyUserApi(c *gin.Context) {
+	user, err := db.queryUser(strings.ToLower(c.Param("user")))
+	if err != nil {
+		if errors.Is(err, NoEntriesFoundError) {
+			c.AbortWithStatusJSON(http.StatusNotFound, gin.H{
+				"status": 404,
+				"user":   "",
+				"error":  "User not found",
+			})
+			return
+		}
+		fmt.Printf("Error: %s\n", err)
+		c.AbortWithStatusJSON(http.StatusBadRequest, gin.H{
+			"status": 500,
+			"user":   "",
+			"error":  err.Error(),
+		})
+		return
+	}
+	codes := strings.Split(user.SecretCodes, ",")
+	codeHeader := c.GetHeader("Authorization")
+	reqCodeRaw := strings.Split(codeHeader, " ")
+	reqCode := strings.ReplaceAll(reqCodeRaw[len(reqCodeRaw)-1], " ", "")
+	for _, code := range codes {
+		if strings.Compare(code, reqCode) == 0 {
+			token, err := GenerateToken(16)
+			if err != nil {
+				c.JSON(http.StatusInternalServerError, gin.H{
+					"status": 500,
+					"user":   "",
+					"error":  err.Error(),
+				})
+				return
+			}
+			err = db.updateToken(user.UserName, token) // TODO make a more robust system for authorizing info page
+			if err != nil {
+				c.JSON(http.StatusInternalServerError, gin.H{
+					"status": 500,
+					"user":   "",
+					"error":  err.Error(),
+				})
+				return
+			}
+			user.Status = 200
+			c.JSON(http.StatusOK, gin.H{
+				"user":  user.UserName,
+				"error": "",
+				"token": token,
+			})
+			return
+		}
+	}
+	c.JSON(http.StatusNotFound, gin.H{
+		"status": 404,
+		"user":   "",
+		"error":  "User not found",
+	})
+}
+
+func webCheckNameApi(c *gin.Context) {
+	users, err := db.getUsers()
+	if err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{
+			"status": 500,
+			"error":  err.Error(),
+		})
+		return
+	}
+	anyMatch := false
+	for _, user := range users {
+		if strings.Compare(user, strings.ToLower(c.Param("user"))) == 0 {
+			anyMatch = true
+			break
+		}
+	}
+	if anyMatch {
+		c.JSON(http.StatusConflict, gin.H{
+			"status": 409,
+			"error":  "userid already exists",
+		})
+		return
+	}
+	c.JSON(http.StatusOK, gin.H{
+		"status": 200,
+		"error":  "",
+	})
+}
+
+func webRegisterApi(c *gin.Context) { //TODO refactor with JS form submission or under logged in user dashboard
+	var newUser User
+	err := c.ShouldBind(&newUser)
+	if err != nil {
+		fmt.Printf("Error: %v\n", err)
+		c.HTML(http.StatusInternalServerError, "base.html.tmpl", gin.H{
+			"header": "Registration Error",
+			"body":   err.Error(),
+		})
+		return
+	}
+	err = db.checkRegistrationCode(newUser.RegistrationCode)
+	if errors.Is(err, NoEntriesFoundError) {
+		c.HTML(http.StatusNotFound, "base.html.tmpl", gin.H{
+			"header": "Registration Error",
+			"body":   err.Error(),
+		})
+		return
+	}
+	c.Redirect(http.StatusSeeOther, "/register/success")
+}
+
+func webUser(c *gin.Context) {
+	c.File("./html/verify.html")
+}
+
+func webUserInfo(c *gin.Context) {
+	user, err := db.queryUser(strings.ToLower(c.Param("user")))
+	if err != nil {
+		if errors.Is(err, NoEntriesFoundError) {
+			body := template.HTML("The user searched is not found, please try again.")
+			c.HTML(http.StatusNotFound, "base.html.tmpl", gin.H{
+				"header": "User Not Found",
+				"body":   body,
+			})
+			return
+		}
+	}
+	if user.CurrentToken == nil {
+		c.HTML(http.StatusUnauthorized, "base.html.tmpl", gin.H{
+			"header": "Unauthorized",
+			"body":   "You don't have the right token, please try again.",
+		})
+		return
+	}
+	if strings.Compare(c.Query("token"), *user.CurrentToken) == 0 {
+		if err != nil {
+			if errors.Is(err, NoEntriesFoundError) {
+				c.HTML(http.StatusUnauthorized, "base.html.tmpl", gin.H{
+					"header": "Unauthorized",
+					"body":   "You don't have the right token, please try again.",
+				})
+				return
+			}
+			fmt.Printf("Error: %s\n", err)
+			c.HTML(http.StatusInternalServerError, "base.html.tmpl", gin.H{
+				"header": "Error",
+				"body":   err.Error(),
+			})
+			return
+		}
+		addressStr := fmt.Sprintf("%s", user.MailingAddress.Street1)
+		if user.MailingAddress.Street2 == nil {
+			addressStr = fmt.Sprintf("%s, %s", addressStr, user.MailingAddress.City)
+		} else {
+			addressStr = fmt.Sprintf("%s, %s, %s", addressStr, *user.MailingAddress.Street2, user.MailingAddress.City)
+		}
+		if user.MailingAddress.State == nil {
+			addressStr = fmt.Sprintf("%s, %s, %s", addressStr, user.MailingAddress.PostalCode, user.MailingAddress.Country)
+		} else {
+			addressStr = fmt.Sprintf("%s, %s, %s, %s", addressStr, *user.MailingAddress.State, user.MailingAddress.PostalCode, user.MailingAddress.Country)
+		}
+		c.HTML(http.StatusOK, "info.html.tmpl", gin.H{
+			"contact_name":  user.ContactName,
+			"phone_number":  user.ContactNumber,
+			"email_address": user.EmailAddress,
+			"address":       addressStr,
+		})
+		return
+	}
+	c.HTML(http.StatusUnauthorized, "base.html.tmpl", gin.H{
+		"header": "Unauthorized",
+		"body":   "You don't have the right token :/",
+	})
+}
+
+func webLoginAuth(c *gin.Context) {
+
+}
+
+func webLoginAuthPost(c *gin.Context) {
+
+}
+
+func webLogoutAuth(c *gin.Context) {
+
+}