MiauRizius/MiauInv
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases 4 Wiki Activity

Compare commits

base: MiauRizius:78731c1728fc5b7b600e53418609169310dbf0f8
Branches Tags
MiauRizius:main MiauRizius:feature/13-activity-log
MiauRizius:v1.1.1 MiauRizius:v1.1.0 MiauRizius:v1.0.2 MiauRizius:v1.0.0
..
compare: MiauRizius:v1.0.0
Branches Tags
MiauRizius:feature/13-activity-log MiauRizius:main
MiauRizius:v1.1.1 MiauRizius:v1.1.0 MiauRizius:v1.0.2 MiauRizius:v1.0.0

23 Commits
78731c1728 ... v1.0.0

Author SHA1 Message Date
miaurizius
089998d45b updated deploy 2026-06-08 15:35:43 +02:00
miaurizius
e2d51c6cdf updated dockerfile and deploy 2026-06-08 15:30:49 +02:00
miaurizius
0f8c7f57ac fixed #1 2026-06-08 15:27:06 +02:00
miaurizius
8d2be395b9 added .min.* support 2026-06-08 15:03:24 +02:00
miaurizius
339d5a709c dashboard locations and projects will now show items 2026-06-08 14:46:52 +02:00
miaurizius
405502cb20 added ad page 2026-06-08 00:34:54 +02:00
miaurizius
1a454dd201 Updated README.md 2026-06-08 00:25:40 +02:00
miaurizius
15cc33eb23 added README.md 2026-06-08 00:24:08 +02:00
miaurizius
f367188c08 Under construction page and dynamic profile loading 2026-06-08 00:00:45 +02:00
miaurizius
dcc6dc0b98 item and location names will be shown instead of their ids 2026-06-07 23:28:03 +02:00
miaurizius
d771ebba13 logout is now possible again 2026-06-07 23:04:12 +02:00
miaurizius
92e7ea4667 Added more things to dashboard 2026-06-07 02:29:27 +02:00
miaurizius
b93d9382ac made registration disableable 2026-06-07 02:08:49 +02:00
miaurizius
a31c516e8f Fixed quantity bug 2026-06-07 01:54:09 +02:00
miaurizius
eba273be49 Added stock management 2026-06-07 01:25:07 +02:00
miaurizius
e46b4904e3 Added functionality to all pages 2026-06-07 01:15:30 +02:00
Maurice L.
28bf03d1a3 added api endpoints 2026-06-06 21:25:37 +02:00
miaurizius
419e05bb89 Made page more responsive 2026-06-05 22:18:47 +02:00
miaurizius
52d551ab39 Added more frontend and some more login logic 2026-06-05 21:58:10 +02:00
miaurizius
6543149dab Added docker deploy 2026-06-05 19:12:09 +02:00
miaurizius
978ba292a1 Made assets accessible 2026-06-05 19:09:41 +02:00
miaurizius
1a0797ef19 Added HTML 2026-06-05 19:00:48 +02:00
miaurizius
0a44df319d Started with items 2026-06-03 14:24:14 +02:00
39 changed files with 3845 additions and 68 deletions
Expand all files Collapse all files

2
Dockerfile
View File

@@ -11,6 +11,8 @@ COPY . .
ARG TARGETOS ARG TARGETOS
ARG TARGETARCH ARG TARGETARCH
LABEL org.opencontainers.image.source="https://git.miaurizius.de/miaurizius/miauinv"
RUN CGO_ENABLED=0 GOOS=$TARGETOS GOARCH=$TARGETARCH \ RUN CGO_ENABLED=0 GOOS=$TARGETOS GOARCH=$TARGETARCH \
go build -ldflags "-s -w" -o MiauInv . go build -ldflags "-s -w" -o MiauInv .

189
README.md Normal file
View File

@@ -0,0 +1,189 @@
# MiauInv - Inventory and Project Management System
MiauInv is a secure, light-weight inventory, stock, and project allocation tracking system written in Go. It utilizes HTMX for a dynamic, reactive single-page experience over traditional server-rendered HTML blocks, backed by an encrypted JWT and dual-token refresh architecture alongside an embedded SQLite instance.
## Table of Contents
* [Technical Specifications](#technical-specifications)
* [Architecture Overview](#architecture-overview)
* [Configuration](#configuration)
* [Configuration File (config.yaml)](#configuration-file-configyaml)
* [Environment Variables](#environment-variables)
* [Route and Endpoint Matrix](#route-and-endpoint-matrix)
* [Frontend Web Routes (HTML Views)](#frontend-web-routes-html-views)
* [Backend API Endpoints (JSON Serialization)](#backend-api-endpoints-json-serialization)
* [Setup and Deployment Tutorial](#setup-and-deployment-tutorial)
* [Prerequisites](#prerequisites)
* [Option 1: Native Local Deployment](#option-1-native-local-deployment)
* [Option 2: Docker Deployment (Recommended)](#option-2-docker-deployment-recommended)
## Technical Specifications
* **Backend Language:** Go (Golang 1.22+)
* **Frontend Interactivity:** HTMX (v2.0.4) & Vanilla JavaScript (API Client integration)
* **Database Engine:** SQLite (via standard driver dependencies)
* **Security & Session Layer:** JSON Web Tokens (JWT) with HTTP-Only/Secure dual cookie strategy (Access and Refresh Token Rotation)
* **Styling Architecture:** Modern dark-theme customized native CSS variables (`--bg`, `--card`, `--accent`, `--border`)
* **Transport Security:** Compulsory HTTPS / Native TLS Listener implementation
---
## Architecture Overview
MiauInv splits responsibility cleanly across modularized architecture packages:
* **`main.go`**: Entrypoint initializing components and connecting layers.
* **`server/`**: Configures variables, spins up TLS mechanisms, and exposes route endpoints.
* **`auth/`**: Custom HTTP Middleware interceptors validating JWT signatures and parsing sub-claims.
* **`handlers/`**: Core API Controller actions processing CRUD functions on database entities.
* **`storage/`**: Direct abstraction queries interacting with the underlying SQLite database schema.
* **`frontend/`**: Serving standard static assets and injecting structural data into components.
---
## Configuration
The system uses a combination of a structural JSON configuration file and environment variables for system runtime flags.
### Configuration File (`config.yaml`)
The application automatically creates or reads a configuration file named `config.json` in the working directory on startup.
```yaml
port: "8080"
database_path: ./appdata/database.db
certificate_path: ./appdata/cert.pem
private_key_path: ./appdata/key.pem
allow_registration: true
```
### Environment Variables
For cryptographic functions, a mandatory environment variable must be exported before executing the binary:
| Variable | Type | Description | Minimum Requirement |
| --- | --- | --- | --- |
| `JWT_SECRET` | String | Symmetric secret signature key used to sign access tokens | Minimum 32 characters |
---
## Route and Endpoint Matrix
All communication with the application happens over defined HTTP transport interfaces. The routes are divided into User-Facing Views (HTML renders) and programmatic Data Hooks (JSON APIs).
### Frontend Web Routes (HTML Views)
| Route Path | HTTP Method | Auth Required | Description |
| --- | --- | --- | --- |
| `/` | `GET` | No | Root index landing view. |
| `/login` | `GET` | No | Renders login page component. |
| `/register` | `GET` | No | Registration layout or block alert based on authorization properties. |
| `/dashboard` | `GET` | **Yes** | Aggregated stats layout covering items, projects, and locations. |
| `/inventory` | `GET` | **Yes** | General overview interface managing stock quantities. |
| `/items` | `GET` | **Yes** | Standard component interface targeting primary atomic assets. |
| `/locations` | `GET` | **Yes** | Physical or logical facility structures view. |
| `/projects` | `GET` | **Yes** | Overview interface listing active construction and logistics operations. |
| `/profile/` | `GET` | **Yes** | Component context under development. |
| `/assets/*` | `GET` | No | Serves global minified system design files (`.css`, `.js`). |
### Backend API Endpoints (JSON Serialization)
| Endpoint Path | Method | Auth | Query Parameters | Request/Response Behavior |
| --- | --- | --- | --- | --- |
| `/api/register` | `POST` | No | None | Creates a new user record. Requires plain JSON payload containing raw `username` and `password`. Returns status code `201 Created`. |
| `/api/login` | `POST` | No | None | Performs credential authentication. Sets `access_token` and `refresh_token` as secure, HTTP-Only cookies, and returns user identity metadata. |
| `/api/refresh` | `POST` | No | None | Accepts JSON containing `refresh_token`. Invalidates previous token structures, rotates identities, and hands over a newly active pair. |
| `/api/logout` | `POST` | **Yes** | None | Revokes active database-linked refresh session IDs for the user context and drops current browser state tracking. Returns status `204`. |
| `/api/profile` | `GET` | **Yes** | `id` *(Optional)* | Returns `id`, `username`, and metadata of either the target parameter or active identity mapped from token signatures. |
| `/api/item` | `GET` | **Yes** | `id` *(Optional)* | Empty parameters fetch all available items with aggregated `allocated` and `available` calculations. Providing `id` isolates a specific item. |
| `/api/item` | `POST` | **Yes** | None | Inserts a new tracked inventory item schema definition. |
| `/api/item` | `PUT` | **Yes** | `id` *(Required)* | Modifies values (`name`, `category`, `description`, `total_quantity`) of an active asset by primary key. |
| `/api/item` | `DELETE` | **Yes** | `id` *(Required)* | Removes an entry. SQLite blocks cascade execution if foreign key assignments still exist in stock or project tracking. |
| `/api/location` | `GET` | **Yes** | `id`, `content` | Fetching with `id` and `content=true` extracts an array of items grouped at the facility (`item_id`, `name`, `quantity`). Without `content`, returns details or global catalogs. |
| `/api/location` | `POST` | **Yes** | None | Instantiates a singular distinct location boundary identifier. |
| `/api/location` | `PUT` | **Yes** | `id` *(Required)* | Renames a location while maintaining foreign keys. |
| `/api/location` | `DELETE` | **Yes** | `id` *(Required)* | Destroys location configurations if currently cleared of active items. |
| `/api/project` | `GET` | **Yes** | `id`, `details` | Providing `id` with `details=true` unrolls associated items allocated to that project context. |
| `/api/project` | `POST` | **Yes** | None | Inserts a tracking context entity for targeted hardware allocation. |
| `/api/project` | `PUT` | **Yes** | `id` *(Required)* | Updates a project metadata record definition. |
| `/api/project` | `DELETE` | **Yes** | `id` *(Required)* | Drops an empty project wrapper. |
| `/api/stock` | `GET` | **Yes** | `id` *(Optional)* | Obtains exact relationship matrices between location nodes and items. |
| `/api/stock` | `POST` | **Yes** | None | Links allocations across specific site nodes. |
| `/api/stock` | `PUT` | **Yes** | `id` *(Required)* | Modifies stock metrics directly on specified maps. |
| `/api/stock` | `DELETE` | **Yes** | `id` *(Required)* | Completely severs relationship entry allocations between nodes. |
| `/api/association` | `GET` | **Yes** | `id`, `project_id` | Dumps general configuration links, isolated optionally by operational `project_id`. |
| `/api/association` | `POST` | **Yes** | None | Allocates an inventory batch to a dedicated project infrastructure requirement. |
| `/api/association` | `PUT` | **Yes** | `id` *(Required)* | Alters active quantity indicators inside a specific deployment matrix. |
| `/api/association` | `DELETE` | **Yes** | `id` *(Required)* | Frees up allocations, returning tracking variables back to unassigned states. |
---
## Setup and Deployment Tutorial
### Prerequisites
Before deployment, you must generate SSL/TLS certificates since MiauInv enforces native transport encryption layer communication (or use a bought one).
```bash
# Create directory for certs
mkdir -p appdata
# Generate self-signed certificate and private key
openssl req -x509 -newkey rsa:4096 -keyout appdata/key.pem -out certs/cert.pem -sha256 -days 365 -nodes
```
### Option 1: Native Local Deployment
1. Make sure your Go environment path variable properties are populated (Go 1.22+).
2. Create your environmental token and execute the initialization routine task:
```bash
export JWT_SECRET="your_minimum_thirty_two_char_secret_key_here"
go build -o miauinv main.go
./miauinv
```
---
### Option 2: Docker Deployment (Recommended)
MiauInv includes container definition orchestrations to package configurations cleanly, binding storage databases outside running containers into persistent volumes.
#### 1. Create the Docker Compose Descriptor
Write the configuration definition mapping layer blocks directly inside a standard file named `docker-compose.yaml`:
```yaml
services:
miauinv:
image: git.miaurizius.de/miaurizius/miauinv:latest
container_name: MiauInv
restart: unless-stopped
ports:
- "8080:8080"
environment:
- JWT_SECRET=SECURE_RANDOM_STRING # Must be at least 32 characters long
volumes:
- ./appdata:/appdata # To edit your configuration files
```
#### 2. Execution Commands
To bring up your background container image instance pipelines, execute the compose environment controls:
```bash
# Build and execute the container in background detached mode
docker-compose up --build -d
# Verify container operation statuses
docker-compose ps
# Monitor execution system logs
docker-compose logs -f
```
Once running successfully via Docker orchestration loops, navigate your web browser context safely to `https://localhost:8080` to interact with your MiauInv control panel workspace.

407
ad.html Normal file
View File

@@ -0,0 +1,407 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>MiauInv - Modern Inventory & Project Management</title>
<style>
:root {
--bg: #0b0f19;
--card: #111827;
--border: #1f2937;
--text: #f9fafb;
--text-muted: #9ca3af;
--accent: #3b82f6;
--accent-hover: #2563eb;
--success: #10b981;
--code-bg: #1f2937;
}
* {
box-sizing: border-box;
margin: 0;
padding: 0;
}
body {
background-color: var(--bg);
color: var(--text);
font-family: system-ui, -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif;
line-height: 1.6;
padding: 0;
margin: 0;
}
.navbar {
display: flex;
justify-content: flex-end;
padding: 1rem 2rem;
max-width: 1000px;
margin: 0 auto;
}
.lang-switch {
background: var(--card);
border: 1px solid var(--border);
color: var(--text);
padding: 0.5rem 1rem;
border-radius: 8px;
font-weight: 600;
cursor: pointer;
transition: all 0.2s ease;
}
.lang-switch:hover {
border-color: var(--accent);
color: var(--accent);
}
.container {
max-width: 1000px;
margin: 0 auto;
padding: 0 1.5rem 4rem 1.5rem;
}
header {
text-align: center;
padding: 3rem 0 3rem 0;
}
.brand {
font-size: 3.5rem;
font-weight: 800;
letter-spacing: -0.04em;
margin-bottom: 1rem;
}
.brand span {
color: var(--accent);
}
.tagline {
font-size: 1.25rem;
color: var(--text-muted);
max-width: 600px;
margin: 0 auto 2.5rem auto;
}
.badge-container {
display: flex;
justify-content: center;
gap: 0.75rem;
margin-bottom: 3rem;
flex-wrap: wrap;
}
.badge {
background: rgba(59, 130, 246, 0.1);
color: var(--accent);
border: 1px solid rgba(59, 130, 246, 0.2);
padding: 0.35rem 0.75rem;
border-radius: 999px;
font-size: 0.85rem;
font-weight: 600;
}
.badge.green {
background: rgba(16, 185, 129, 0.1);
color: var(--success);
border-color: rgba(16, 185, 129, 0.2);
}
.grid {
display: grid;
grid-template-columns: 1fr;
gap: 2rem;
margin-bottom: 4rem;
}
@media (min-width: 768px) {
.grid {
grid-template-columns: 1fr 1fr;
}
}
.card {
background: var(--card);
border: 1px solid var(--border);
border-radius: 16px;
padding: 2.5rem;
box-shadow: 0 10px 15px -3px rgba(0, 0, 0, 0.5);
}
.card h2 {
font-size: 1.5rem;
font-weight: 700;
margin-bottom: 1.25rem;
letter-spacing: -0.02em;
}
.features-list {
list-style: none;
text-align: left;
}
.features-list li {
margin-bottom: 1rem;
display: flex;
align-items: flex-start;
gap: 0.75rem;
color: var(--text-muted);
}
.features-list li strong {
color: var(--text);
}
.features-list svg {
flex-shrink: 0;
margin-top: 0.2rem;
color: var(--success);
}
.install-section {
background: var(--card);
border: 1px solid var(--border);
border-radius: 16px;
padding: 3rem 2rem;
text-align: left;
box-shadow: 0 10px 15px -3px rgba(0, 0, 0, 0.5);
margin-bottom: 4rem;
}
.install-section h2 {
font-size: 1.75rem;
margin-bottom: 0.5rem;
letter-spacing: -0.02em;
}
.install-section p {
color: var(--text-muted);
margin-bottom: 2rem;
}
.step {
margin-bottom: 2rem;
}
.step h3 {
font-size: 1.1rem;
margin-bottom: 0.75rem;
color: var(--text);
display: flex;
align-items: center;
gap: 0.5rem;
}
.step-num {
background: var(--border);
width: 24px;
height: 24px;
border-radius: 50%;
display: inline-flex;
align-items: center;
justify-content: center;
font-size: 0.8rem;
font-weight: bold;
}
pre {
background: var(--bg);
border: 1px solid var(--border);
padding: 1rem 1.25rem;
border-radius: 10px;
font-family: monospace;
font-size: 0.9rem;
color: #e5e7eb;
overflow-x: auto;
white-space: pre;
margin-bottom: 1rem;
}
footer {
text-align: center;
padding: 3rem 0;
color: var(--text-muted);
font-size: 0.9rem;
border-top: 1px solid var(--border);
}
/* Sprach-Sichtbarkeitsregeln */
[lang="de"] { display: none; }
html[data-lang="de"] [lang="de"] { display: block; }
html[data-lang="de"] [lang="en"] { display: none; }
html[data-lang="de"] span[lang="de"],
html[data-lang="de"] strong[lang="de"] {
display: inline;
}
html[data-lang="en"] span[lang="en"],
html[data-lang="en"] strong[lang="en"] {
display: inline;
}
</style>
</head>
<body class="lang-en">
<div class="navbar">
<button class="lang-switch" id="langBtn" onclick="toggleLanguage()">DE</button>
</div>
<div class="container">
<header>
<div class="brand">Miau<span>Inv</span></div>
<p class="tagline" lang="en">A secure, light-weight, and minimalistic management system for tracking your inventory stock and project allocations.</p>
<p class="tagline" lang="de">Ein sicheres, pfeilschnelles und minimalistisches System für deine Lagerbestände und Projekt-Zuweisungen.</p>
<div class="badge-container">
<span class="badge">Go Backend</span>
<span class="badge">HTMX Frontend</span>
<span class="badge">SQLite Inside</span>
<span class="badge green">Docker Ready</span>
</div>
</header>
<div class="grid">
<div class="card">
<h2 lang="en">Why MiauInv?</h2>
<h2 lang="de">Warum MiauInv?</h2>
<ul class="features-list">
<li>
<svg width="18" height="18" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2.5" stroke-linecap="round" stroke-linejoin="round"><polyline points="20 6 9 17 4 12"></polyline></svg>
<span>
<strong lang="en">Zero JS-Overhead:</strong><strong lang="de">Kein JS-Overhead:</strong>
<span lang="en"> Powered by HTMX for an ultra-reactive, dynamic SPA experience without heavy client-side bundles.</span>
<span lang="de"> Dank HTMX extrem reaktiv und dynamisch wie eine SPA, aber ohne tonnenweise schweres JavaScript.</span>
</span>
</li>
<li>
<svg width="18" height="18" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2.5" stroke-linecap="round" stroke-linejoin="round"><polyline points="20 6 9 17 4 12"></polyline></svg>
<span>
<strong lang="en">Live Quantities:</strong><strong lang="de">Live-Verfügbarkeit:</strong>
<span lang="en"> See overall totals, allocated project metrics, and remaining available counts instantly.</span>
<span lang="de"> Siehst sofort den Gesamtbestand, was in Projekten verplant ist und was noch frei zur Verfügung steht.</span>
</span>
</li>
<li>
<svg width="18" height="18" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2.5" stroke-linecap="round" stroke-linejoin="round"><polyline points="20 6 9 17 4 12"></polyline></svg>
<span>
<strong lang="en">Unified Dashboards:</strong><strong lang="de">Orte & Projekte im Blick:</strong>
<span lang="en"> Drill straight down into site boundaries or project lists to inspect stock components with one click.</span>
<span lang="de"> Klicke auf Lagerorte oder aktive Projekte im Dashboard, um direkt den aktuellen Inhalt einzusehen.</span>
</span>
</li>
</ul>
</div>
<div class="card">
<h2 lang="en">Security & Tech Stack</h2>
<h2 lang="de">Sicherheit & Tech</h2>
<ul class="features-list">
<li>
<svg width="18" height="18" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2.5" stroke-linecap="round" stroke-linejoin="round"><polyline points="20 6 9 17 4 12"></polyline></svg>
<span>
<strong lang="en">Dual-Token Security:</strong><strong lang="de">Dual-Token Security:</strong>
<span lang="en"> Uses robust cryptographically signed JWT cookies combined with seamless backend refresh token rotations.</span>
<span lang="de"> Zugriffsschutz über sichere, verschlüsselte JWT-Cookies inkl. Refresh-Token-Rotation.</span>
</span>
</li>
<li>
<svg width="18" height="18" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2.5" stroke-linecap="round" stroke-linejoin="round"><polyline points="20 6 9 17 4 12"></polyline></svg>
<span>
<strong lang="en">Native TLS Listener:</strong><strong lang="de">Native TLS Listener:</strong>
<span lang="en"> Out-of-the-box enforced HTTPS transport layer security powered directly by Go's core networking.</span>
<span lang="de"> Enforcierte HTTPS-Verschlüsselung direkt aus dem Go-Core heraus.</span>
</span>
</li>
<li>
<svg width="18" height="18" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2.5" stroke-linecap="round" stroke-linejoin="round"><polyline points="20 6 9 17 4 12"></polyline></svg>
<span>
<strong lang="en">Ultra Lightweight:</strong><strong lang="de">Leichtgewicht:</strong>
<span lang="en"> Runs on absolute minimal system footprint resource margins using an embedded optimized SQLite model.</span>
<span lang="de"> Minimaler Ressourcenverbrauch dank kompilierter Go-Binary und eingebetteter SQLite-Datenbank.</span>
</span>
</li>
</ul>
</div>
</div>
<div class="install-section">
<h2 lang="en">Install Your Server</h2>
<h2 lang="de">Server installieren</h2>
<p lang="en">Deploy MiauInv to your server infrastructure or local machine in less than a minute utilizing our streamlined container configurations.</p>
<p lang="de">MiauInv lässt sich dank vorkonfiguriertem Docker-Setup innerhalb weniger Sekunden auf deinem Server oder lokalen System starten.</p>
<div class="step">
<h3>
<span class="step-num">1</span>
<span lang="en">Setup Asset Directories and TLS</span>
<span lang="de">Ordner und Zertifikate vorbereiten</span>
</h3>
<p lang="en">Since MiauInv natively enforces encrypted communication channels, initialize your tracking asset directory and place your TLS files there (or generate a self-signed keypair for testing targets):</p>
<p lang="de">Da MiauInv standardmäßig verschlüsseltes HTTPS erzwingt, erstelle den Appdata-Ordner und lege deine SSL-Zertifikate ab (oder generiere ein Self-Signed Cert für Tests):</p>
<pre>mkdir -p appdata
openssl req -x509 -newkey rsa:4096 -keyout appdata/key.pem -out appdata/cert.pem -sha256 -days 365 -nodes -subj "/CN=localhost"</pre>
</div>
<div class="step">
<h3>
<span class="step-num">2</span>
<span lang="en">Configure Docker Compose</span>
<span lang="de">Docker Compose Datei anlegen</span>
</h3>
<p lang="en">Create a <code>docker-compose.yaml</code> layout file in the parent folder, and inject the orchestration service blocks. Ensure your <code>JWT_SECRET</code> environment variable meets the minimum security threshold length requirements:</p>
<p lang="de">Erstelle eine <code>docker-compose.yaml</code> im selben Verzeichnis und füge folgenden Inhalt ein. Passe den <code>JWT_SECRET</code>-String an:</p>
<pre>services:
miauinv:
image: git.miaurizius.de/miaurizius/miauinv:latest
container_name: MiauInv
restart: unless-stopped
ports:
- "8080:8080"
environment:
- JWT_SECRET=SECURE_RANDOM_STRING_HERE_MIN_32_CHARS
volumes:
- ./appdata:/appdata</pre>
</div>
<div class="step">
<h3>
<span class="step-num">3</span>
<span lang="en">Boot the Environment</span>
<span lang="de">Container starten</span>
</h3>
<p lang="en">Fire up the production background workers by executing your infrastructure controls daemon tasks:</p>
<p lang="de">Führe nun einfach den Start-Befehl aus, um das Image zu ziehen und im Hintergrund zu starten:</p>
<pre>docker-compose up -d</pre>
<p style="margin-top: 0.5rem;" lang="en">Everything is set up! Your instance is running and fully accessible at <strong>https://localhost:8080</strong>.</p>
<p style="margin-top: 0.5rem;" lang="de">Fertig! Dein Server läuft und ist sofort unter <strong>https://localhost:8080</strong> erreichbar.</p>
</div>
</div>
<footer>
<p lang="en">&copy; 2026 Maurice Larivière.</p>
<p lang="de">&copy; 2026 Maurice Larivière.</p>
</footer>
</div>
<script>
function setLanguage(lang) {
document.documentElement.setAttribute('data-lang', lang);
document.getElementById('langBtn').innerText = lang === 'en' ? 'DE' : 'EN';
localStorage.setItem('miauinv-lang', lang);
}
function toggleLanguage() {
const currentLang = document.documentElement.getAttribute('data-lang') || 'en';
const nextLang = currentLang === 'en' ? 'de' : 'en';
setLanguage(nextLang);
}
const savedLang = localStorage.getItem('miauinv-lang') || 'en';
setLanguage(savedLang);
</script>
</body>
</html>

45
auth/middleware.go
View File

@@ -10,27 +10,62 @@ type contextKey string
const UserContextKey contextKey = contextKey("user") const UserContextKey contextKey = contextKey("user")
// middleware.go
func AuthMiddleware(secret []byte) func(http.Handler) http.Handler { func AuthMiddleware(secret []byte) func(http.Handler) http.Handler {
return func(next http.Handler) http.Handler { return func(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
authHeader := r.Header.Get("Authorization") // WICHTIG: Wenn der User auf einer öffentlichen Seite ist,
if authHeader == "" { // darf die Middleware KEINEN Auth-Zwang ausüben und nicht redirecten!
http.Error(w, "Missing token", http.StatusUnauthorized) if r.URL.Path == "/login" || r.URL.Path == "/register" || r.URL.Path == "/" {
next.ServeHTTP(w, r)
return return
} }
tokenStr := strings.TrimPrefix(authHeader, "Bearer ") tokenStr := ""
authHeader := r.Header.Get("Authorization")
if strings.HasPrefix(authHeader, "Bearer ") {
tokenStr = strings.TrimPrefix(authHeader, "Bearer ")
}
if tokenStr == "" {
cookie, err := r.Cookie("access_token")
if err == nil {
tokenStr = cookie.Value
}
}
if tokenStr == "" {
if strings.HasPrefix(r.URL.Path, "/api/") {
http.Error(w, "Missing token", http.StatusUnauthorized)
} else {
http.Redirect(w, r, "/login", http.StatusSeeOther)
}
return
}
claims, err := ValidateJWT(tokenStr, secret) claims, err := ValidateJWT(tokenStr, secret)
if err != nil { if err != nil {
if strings.HasPrefix(r.URL.Path, "/api/") {
http.Error(w, "Invalid token", http.StatusUnauthorized) http.Error(w, "Invalid token", http.StatusUnauthorized)
} else {
// Falls das Cookie korrupt oder abgelaufen ist, löschen wir es direkt,
// damit das Frontend sauber merkt, dass es weg ist.
http.SetCookie(w, &http.Cookie{
Name: "access_token",
Value: "",
Path: "/",
MaxAge: -1,
HttpOnly: false, // Erlaubt JS das Auslesen
})
http.Redirect(w, r, "/login", http.StatusSeeOther)
}
return return
} }
ctx := context.WithValue(r.Context(), UserContextKey, claims) ctx := context.WithValue(r.Context(), UserContextKey, claims)
next.ServeHTTP(w, r.WithContext(ctx)) next.ServeHTTP(w, r.WithContext(ctx))
}) })
} }
} }

2
config/config.go
View File

@@ -13,6 +13,7 @@ type Config struct {
DatabasePath string `yaml:"database_path"` DatabasePath string `yaml:"database_path"`
CertificatePath string `yaml:"certificate_path"` CertificatePath string `yaml:"certificate_path"`
PrivateKeyPath string `yaml:"private_key_path"` PrivateKeyPath string `yaml:"private_key_path"`
AllowRegistration bool `yaml:"allow_registration"`
} }
const configPath = "./appdata/config.yaml" const configPath = "./appdata/config.yaml"
@@ -38,6 +39,7 @@ func CheckIfExists() error {
DatabasePath: "./appdata/database.db", DatabasePath: "./appdata/database.db",
CertificatePath: "./appdata/cert.pem", CertificatePath: "./appdata/cert.pem",
PrivateKeyPath: "./appdata/key.pem", PrivateKeyPath: "./appdata/key.pem",
AllowRegistration: true,
} }
data, err := yaml.Marshal(defaultConfig) data, err := yaml.Marshal(defaultConfig)

5
deploy.sh Executable file
View File

@@ -0,0 +1,5 @@
sudo docker buildx build \
--platform linux/amd64,linux/arm64 \
-t git.miaurizius.de/miaurizius/miauinv:latest \
-t git.miaurizius.de/miaurizius/miauinv:v1.0.0 \
--push .

344
frontend/assets/css/dashboard.css Normal file
View File

@@ -0,0 +1,344 @@
.dashboard-layout {
justify-content: flex-start;
align-items: stretch;
padding: 0;
}
main {
max-width: 1400px;
width: 100%;
margin: 0 auto;
padding: 2rem;
flex: 1;
}
.page-header h1 {
font-size: 2.2rem;
font-weight: 700;
letter-spacing: -0.03em;
margin-bottom: 2rem;
color: var(--text);
}
header {
width: 100%;
border-bottom: 1px solid var(--border);
background: rgba(31, 41, 55, 0.8);
backdrop-filter: blur(12px);
position: sticky;
top: 0;
z-index: 50;
}
.nav-container {
max-width: 1400px;
margin: 0 auto;
padding: 0 2rem;
height: 4.5rem;
display: flex;
justify-content: space-between;
align-items: center;
}
.nav-left {
display: flex;
align-items: center;
gap: 3rem;
height: 100%;
}
.brand {
font-weight: 800;
font-size: 1.4rem;
letter-spacing: -0.03em;
}
.brand span {
color: var(--accent);
}
nav {
display: flex;
gap: 1.5rem;
height: 100%;
}
nav a {
color: var(--text-muted);
text-decoration: none;
font-size: 0.95rem;
font-weight: 500;
display: inline-flex;
align-items: center;
border-bottom: 2px solid transparent;
padding: 0 0.25rem;
transition: color 0.2s ease, border-color 0.2s ease;
}
nav a:hover, nav a.active {
color: var(--text);
border-color: var(--accent);
}
.profile-dropdown {
position: relative;
display: flex;
align-items: center;
height: 100%;
}
.profile-trigger {
background: none;
border: none;
display: flex;
align-items: center;
gap: 0.75rem;
color: var(--text);
cursor: pointer;
padding: 0.5rem;
border-radius: 8px;
transition: background-color 0.2s ease;
}
.profile-trigger:hover {
background-color: rgba(255, 255, 255, 0.05);
}
.avatar {
width: 2.2rem;
height: 2.2rem;
background-color: var(--accent);
color: #ffffff;
border-radius: 50%;
display: flex;
align-items: center;
justify-content: center;
font-weight: 600;
font-size: 0.9rem;
}
.username {
font-size: 0.95rem;
font-weight: 500;
display: none;
}
@media (min-width: 640px) {
.username {
display: block;
}
}
.dropdown-menu {
position: absolute;
top: calc(100% - 0.5rem);
right: 0;
width: 220px;
background: #1f2937;
border: 1px solid var(--border);
border-radius: 12px;
box-shadow: 0 10px 25px -5px rgba(0, 0, 0, 0.5);
display: none;
flex-direction: column;
padding: 0.5rem 0;
z-index: 100;
}
.profile-dropdown:hover .dropdown-menu,
.dropdown-menu.show {
display: flex;
}
.dropdown-menu a, .logout-btn {
width: 100%;
padding: 0.75rem 1.25rem;
font-size: 0.95rem;
color: var(--text-muted);
text-decoration: none;
text-align: left;
background: none;
border: none;
cursor: pointer;
transition: background-color 0.15s ease, color 0.15s ease;
box-sizing: border-box;
display: flex;
align-items: center;
gap: 0.5rem;
}
.dropdown-menu a:hover {
background-color: rgba(255, 255, 255, 0.05);
color: var(--text);
}
.dropdown-divider {
border: 0;
border-top: 1px solid var(--border);
margin: 0.5rem 0;
}
.logout-btn {
color: #ef4444;
font-weight: 500;
}
.logout-btn:hover {
background-color: rgba(239, 68, 68, 0.1);
color: #f87171;
}
.stats-grid {
display: grid;
grid-template-columns: repeat(auto-fit, minmax(280px, 1fr));
gap: 1.5rem;
margin-bottom: 2rem;
}
.stat-card {
background: var(--card);
border: 1px solid var(--border);
border-radius: 16px;
padding: 1.75rem;
display: flex;
align-items: center;
gap: 1.5rem;
box-shadow: 0 4px 6px -1px rgba(0, 0, 0, 0.1);
transition: transform 0.2s ease, box-shadow 0.2s ease;
}
.stat-card:hover {
transform: translateY(-2px);
box-shadow: 0 10px 15px -3px rgba(0, 0, 0, 0.2);
}
.stat-icon {
width: 3.5rem;
height: 3.5rem;
border-radius: 12px;
display: flex;
align-items: center;
justify-content: center;
}
.stat-info h2 {
font-size: 2rem;
font-weight: 700;
letter-spacing: -0.03em;
margin: 0;
color: var(--text);
line-height: 1.2;
}
.stat-info p {
color: var(--text-muted);
font-size: 0.9rem;
font-weight: 500;
text-transform: uppercase;
letter-spacing: 0.05em;
margin: 0 0 0.25rem 0;
}
.action-bar {
display: flex;
justify-content: space-between;
align-items: center;
gap: 1rem;
margin-bottom: 1.5rem;
}
.search-input {
max-width: 320px;
}
.table-container {
width: 100%;
background: var(--card);
border: 1px solid var(--border);
border-radius: 16px;
overflow: hidden;
box-shadow: 0 4px 6px -1px rgba(0, 0, 0, 0.1);
}
table {
width: 100%;
border-collapse: collapse;
text-align: left;
font-size: 0.95rem;
}
th {
background: #111827;
color: var(--text-muted);
font-weight: 600;
padding: 1.25rem 1.5rem;
font-size: 0.85rem;
text-transform: uppercase;
letter-spacing: 0.05em;
border-bottom: 1px solid var(--border);
}
td {
padding: 1.25rem 1.5rem;
border-bottom: 1px solid var(--border);
color: var(--text);
}
tr:last-child td {
border-bottom: none;
}
tr:hover td {
background: rgba(255, 255, 255, 0.02);
}
#modal {
position: fixed;
z-index: 100;
}
@media (max-width: 768px) {
.menu-trigger {
display: flex;
align-items: center;
justify-content: center;
background: none;
border: 1px solid var(--border);
color: var(--text);
padding: 0.5rem;
border-radius: 8px;
cursor: pointer;
}
#main-nav {
display: none;
flex-direction: column;
position: absolute;
top: 4.5rem;
left: 0;
width: 100%;
background: rgba(17, 24, 39, 0.95);
backdrop-filter: blur(12px);
padding: 1rem;
z-index: 1000;
border-bottom: 1px solid var(--border);
}
#main-nav.show {
display: flex;
}
#main-nav a {
padding: 1rem;
border-bottom: 1px solid var(--border);
}
#main-nav a:last-child {
border-bottom: none;
}
}
@media (min-width: 769px) {
.menu-trigger {
display: none;
}
}

14
frontend/assets/css/error404.css Normal file
View File

@@ -0,0 +1,14 @@
/* error404.css */
.error-code {
font-size: 6rem;
font-weight: 800;
color: var(--accent);
margin: 0;
line-height: 1;
}
@media(max-width:768px){
.error-code {
font-size: 4.5rem;
}
}

16
frontend/assets/css/home.css Normal file
View File

@@ -0,0 +1,16 @@
/* home.css */
.brand-title {
font-size: 2.25rem !important;
font-weight: 800 !important;
letter-spacing: -0.04em !important;
}
.brand-title span {
color: var(--accent);
}
.home-actions {
display: flex;
flex-direction: column;
gap: 0.85rem;
}

108
frontend/assets/css/register-blocked.css Normal file
View File

@@ -0,0 +1,108 @@
:root {
--bg: #111827;
--card: #1f2937;
--border: #374151;
--text: #f9fafb;
--text-muted: #9ca3af;
--accent: #3b82f6;
--accent-hover: #2563eb;
--success: #10b981;
--error: #ef4444;
}
* {
box-sizing: border-box;
margin: 0;
padding: 0;
}
body {
min-height: 100vh;
background: var(--bg);
color: var(--text);
font-family: system-ui, -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif;
display: flex;
flex-direction: column;
}
body:not(.dashboard-layout) {
justify-content: center;
align-items: center;
padding: 1rem;
}
.card {
width: 100%;
max-width: 400px;
background: var(--card);
border: 1px solid var(--border);
border-radius: 16px;
padding: 2.5rem 2rem;
box-shadow: 0 10px 15px -3px rgba(0, 0, 0, 0.3), 0 4px 6px -4px rgba(0, 0, 0, 0.3);
text-align: center;
}
.card h1 {
margin: 0 0 0.5rem 0;
font-size: 1.75rem;
font-weight: 700;
letter-spacing: -0.025em;
}
.card .subtitle {
color: var(--text-muted);
font-size: 0.95rem;
margin-bottom: 2rem;
}
.btn {
display: inline-flex;
justify-content: center;
align-items: center;
width: 100%;
padding: 0.85rem;
font-size: 1rem;
font-weight: 600;
border-radius: 10px;
border: none;
cursor: pointer;
text-decoration: none;
transition: background-color 0.15s ease, border-color 0.15s ease, transform 0.1s ease;
}
.btn:active {
transform: scale(0.98);
}
.btn-secondary {
background: #1f2937;
color: white;
border: 1px solid var(--border);
}
.btn-secondary:hover {
background: var(--accent);
border-color: var(--accent);
}
.footer-text {
margin-top: 1.5rem;
font-size: 0.9rem;
color: var(--text-muted);
}
.message {
margin-top: 1.25rem;
padding: 0.85rem 1rem;
border-radius: 10px;
font-size: 0.9rem;
line-height: 1.4;
text-align: left;
}
.message.error {
background: rgba(239, 68, 68, 0.1);
border: 1px solid rgba(239, 68, 68, 0.2);
color: var(--error);
display: block;
}

285
frontend/assets/css/theme.css Normal file
View File

@@ -0,0 +1,285 @@
:root {
--bg: #111827;
--card: #1f2937;
--border: #374151;
--text: #f9fafb;
--text-muted: #9ca3af;
--accent: #3b82f6;
--accent-hover: #2563eb;
--success: #10b981;
--error: #ef4444;
}
* {
box-sizing: border-box;
margin: 0;
padding: 0;
}
body {
min-height: 100vh;
background: var(--bg);
color: var(--text);
font-family: system-ui, -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif;
display: flex;
flex-direction: column;
}
body:not(.dashboard-layout) {
justify-content: center;
align-items: center;
padding: 1rem;
}
.card {
width: 100%;
max-width: 400px;
background: var(--card);
border: 1px solid var(--border);
border-radius: 16px;
padding: 2.5rem 2rem;
box-shadow: 0 10px 15px -3px rgba(0, 0, 0, 0.3), 0 4px 6px -4px rgba(0, 0, 0, 0.3);
text-align: center;
}
.card h1 {
margin: 0 0 0.5rem 0;
font-size: 1.75rem;
font-weight: 700;
letter-spacing: -0.025em;
}
.card .subtitle {
color: var(--text-muted);
font-size: 0.95rem;
margin-bottom: 2rem;
}
.btn {
display: inline-flex;
justify-content: center;
align-items: center;
width: 100%;
padding: 0.85rem;
font-size: 1rem;
font-weight: 600;
border-radius: 10px;
border: none;
cursor: pointer;
text-decoration: none;
transition: background-color 0.15s ease, border-color 0.15s ease, transform 0.1s ease;
}
.btn:active {
transform: scale(0.98);
}
.btn-primary {
background: var(--accent);
color: white;
}
.btn-primary:hover {
background: var(--accent-hover);
}
.btn-secondary {
background: #1f2937;
color: white;
border: 1px solid var(--border);
}
.btn-secondary:hover {
background: var(--accent);
border-color: var(--accent);
}
.form-group {
margin-bottom: 1.25rem;
}
.sr-only {
position: absolute;
width: 1px;
height: 1px;
padding: 0;
margin: -1px;
overflow: hidden;
clip: rect(0, 0, 0, 0);
border: 0;
}
input {
width: 100%;
background: #111827;
color: white;
border: 1px solid var(--border);
border-radius: 10px;
padding: 0.85rem 1rem;
font-size: 1rem;
outline: none;
transition: border-color 0.15s ease, box-shadow 0.15s ease;
}
input:focus {
border-color: var(--accent);
box-shadow: 0 0 0 4px rgba(59, 130, 246, 0.15);
}
input::placeholder {
color: #4b5563;
}
.footer-text {
margin-top: 1.5rem;
font-size: 0.9rem;
color: var(--text-muted);
}
.footer-text a {
color: var(--accent);
text-decoration: none;
}
.footer-text a:hover {
text-decoration: underline;
}
.message {
display: none;
margin-top: 1.25rem;
padding: 0.85rem 1rem;
border-radius: 10px;
font-size: 0.9rem;
line-height: 1.4;
text-align: left;
}
.message.error {
background: rgba(239, 68, 68, 0.1);
border: 1px solid rgba(239, 68, 68, 0.2);
color: var(--error);
}
.message.success {
background: rgba(16, 185, 129, 0.1);
border: 1px solid rgba(16, 185, 129, 0.2);
color: var(--success);
}
.modal {
position: fixed;
top: 0;
left: 0;
width: 100%;
height: 100%;
background: rgba(17, 24, 39, 0.7);
backdrop-filter: blur(4px);
display: none;
justify-content: center;
align-items: center;
z-index: 1000;
}
.modal.show {
display: flex;
}
.modal-content {
background: var(--card);
border: 1px solid var(--border);
border-radius: 16px;
padding: 2rem;
width: 90%;
max-width: 500px;
box-shadow: 0 20px 25px -5px rgba(0, 0, 0, 0.3);
position: relative;
transform: translateY(20px);
opacity: 0;
animation: modalSlideIn 0.3s forwards ease-out;
}
@keyframes modalSlideIn {
to {
transform: translateY(0);
opacity: 1;
}
}
.modal-content h2 {
margin-top: 0;
margin-bottom: 1.5rem;
font-size: 1.5rem;
}
.button-group {
display: flex;
gap: 1rem;
margin-top: 2rem;
}
.danger-btn {
background: rgba(239, 68, 68, 0.1) !important;
color: var(--error) !important;
border: 1px solid rgba(239, 68, 68, 0.2) !important;
}
.danger-btn:hover {
background: var(--error) !important;
color: white !important;
}
.table-loader {
padding: 3rem;
text-align: center;
color: var(--text-muted);
}
.modal-split {
display: grid;
grid-template-columns: 1fr;
gap: 2rem;
margin-top: 1.5rem;
}
@media (min-width: 768px) {
.modal-split {
grid-template-columns: 1fr 1fr;
}
}
.modal-content.large {
max-width: 800px;
}
.inner-table {
width: 100%;
margin-top: 1rem;
border: 1px solid var(--border);
border-radius: 8px;
overflow: hidden;
}
.inner-table th, .inner-table td {
padding: 0.75rem 1rem;
font-size: 0.85rem;
}
.inner-table th {
background: #111827;
}
.badge {
background: rgba(255, 255, 255, 0.05);
padding: 0.25rem 0.6rem;
border-radius: 999px;
font-size: 0.8rem;
color: var(--text-muted);
border: 1px solid var(--border);
}
.badge.success {
background: rgba(16, 185, 129, 0.1);
color: var(--success);
border-color: rgba(16, 185, 129, 0.2);
}

24
frontend/assets/css/under-construction.css Normal file
View File

@@ -0,0 +1,24 @@
.construction-icon-wrapper {
display: inline-flex;
align-items: center;
justify-content: center;
width: 80px;
height: 80px;
background: rgba(59, 130, 246, 0.1); /* Nutzt die var(--accent) Transparenz */
border: 1px solid rgba(59, 130, 246, 0.2);
border-radius: 50%;
margin-bottom: 1.5rem;
}
.gear-icon {
animation: gearRotate 8s linear infinite;
}
@keyframes gearRotate {
0% {
transform: rotate(0deg);
}
100% {
transform: rotate(360deg);
}
}

484
frontend/assets/js/api.js Normal file
View File

@@ -0,0 +1,484 @@
// api.js
document.addEventListener("DOMContentLoaded", () => {
const profileBtn = document.getElementById('profile-btn');
const dropdownMenu = document.getElementById('dropdown-menu');
const menuBtn = document.getElementById('menu-btn');
const mainNav = document.getElementById('main-nav');
const logoutBtn = document.getElementById('logout-btn');
if (profileBtn && dropdownMenu) {
profileBtn.addEventListener('click', (e) => {
e.stopPropagation();
dropdownMenu.classList.toggle('show');
if (mainNav) mainNav.classList.remove('show');
});
}
if (menuBtn && mainNav) {
menuBtn.addEventListener('click', (e) => {
e.stopPropagation();
e.preventDefault();
mainNav.classList.toggle('show');
if (dropdownMenu) dropdownMenu.classList.remove('show');
});
}
logoutBtn.addEventListener('click', () => {
console.log("Logout")
localStorage.removeItem('access_token');
localStorage.removeItem('refresh_token');
document.cookie = "access_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 UTC;";
document.cookie = "refresh_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 UTC;";
});
document.addEventListener('click', () => {
if (dropdownMenu) dropdownMenu.classList.remove('show');
if (mainNav) mainNav.classList.remove('show');
});
if (document.getElementById('items-table-body')) loadItems();
if (document.getElementById('locations-table-body')) loadLocations();
if (document.getElementById('projects-table-body')) loadProjects();
loadProfile();
});
function closeModal(id) {
document.getElementById(id).classList.remove('show');
}
async function apiRequest(endpoint, method = 'GET', body = null) {
const options = {
method,
headers: { 'Content-Type': 'application/json' }
};
if (body) options.body = JSON.stringify(body);
try {
const response = await fetch(endpoint, options);
if (!response.ok && response.status !== 204) {
const errText = await response.text();
throw new Error(errText || `HTTP Error ${response.status}`);
}
if (response.status === 204) return null;
return await response.json();
} catch (err) {
alert("Action failed: " + err.message);
throw err;
}
}
// ---- ITEMS ----
async function loadItems() {
const data = await apiRequest('/api/item');
const tbody = document.getElementById('items-table-body');
tbody.innerHTML = '';
if (!data.items || data.items.length === 0) {
tbody.innerHTML = '<tr><td colspan="4" style="text-align: center;">No items found.</td></tr>';
return;
}
data.items.forEach(item => {
tbody.innerHTML += `
<tr>
<td style="font-weight: 600;">${item.name}</td>
<td><span class="badge">${item.category}</span></td>
<td style="font-family: monospace; font-size: 1.05rem;">${item.total_quantity || 0}</td>
<td style="text-align: right;">
<button class="btn btn-secondary" style="width: auto; padding: 0.4rem 0.8rem; font-size: 0.85rem; border-color: var(--success); color: var(--success);" onclick='openStockModal(${JSON.stringify(item).replace(/'/g, "&#39;")})'>Stock</button>
<button class="btn btn-secondary" style="width: auto; padding: 0.4rem 0.8rem; font-size: 0.85rem;" onclick='editItem(${JSON.stringify(item).replace(/'/g, "&#39;")})'>Edit</button>
<button class="btn btn-secondary danger-btn" style="width: auto; padding: 0.4rem 0.8rem; font-size: 0.85rem;" onclick="deleteItem(${item.id})">Del</button>
</td>
</tr>
`;
});
}
function openItemModal() {
document.getElementById('item-form').reset();
document.getElementById('item-id').value = '';
document.getElementById('item-modal-title').innerText = 'New Item';
document.getElementById('item-modal').classList.add('show');
}
function editItem(item) {
document.getElementById('item-id').value = item.id;
document.getElementById('item-name').value = item.name;
document.getElementById('item-category').value = item.category;
document.getElementById('item-desc').value = item.description;
//document.getElementById('item-qty').value = item.total_quantity;
document.getElementById('item-modal-title').innerText = 'Edit Item';
document.getElementById('item-modal').classList.add('show');
}
async function saveItem(event) {
event.preventDefault();
const id = document.getElementById('item-id').value;
const payload = {
name: document.getElementById('item-name').value,
category: document.getElementById('item-category').value,
description: document.getElementById('item-desc').value,
//total_quantity: parseInt(document.getElementById('item-qty').value, 10)
};
const method = id ? 'PUT' : 'POST';
const endpoint = id ? `/api/item?id=${id}` : '/api/item';
await apiRequest(endpoint, method, payload);
closeModal('item-modal');
loadItems();
}
async function deleteItem(id) {
if (confirm("Are you sure you want to delete this item?")) {
await apiRequest(`/api/item?id=${id}`, 'DELETE');
loadItems();
}
}
// ---- LOCATIONS ----
async function loadLocations() {
const data = await apiRequest('/api/location');
const tbody = document.getElementById('locations-table-body');
tbody.innerHTML = '';
if (!data.locations || data.locations.length === 0) {
tbody.innerHTML = '<tr><td colspan="2" style="text-align: center;">No locations found.</td></tr>';
return;
}
data.locations.forEach(loc => {
tbody.innerHTML += `
<tr>
<td style="font-weight: 600;">${loc.name}</td>
<td style="text-align: right;">
<button class="btn btn-secondary" style="width: auto; padding: 0.4rem 0.8rem; font-size: 0.85rem;" onclick="editLocation(${loc.id}, '${loc.name}')">Edit</button>
<button class="btn btn-secondary danger-btn" style="width: auto; padding: 0.4rem 0.8rem; font-size: 0.85rem;" onclick="deleteLocation(${loc.id})">Delete</button>
</td>
</tr>
`;
});
}
function openLocationModal() {
document.getElementById('location-form').reset();
document.getElementById('location-id').value = '';
document.getElementById('location-modal-title').innerText = 'New Location';
document.getElementById('location-modal').classList.add('show');
}
function editLocation(id, name) {
document.getElementById('location-id').value = id;
document.getElementById('location-name').value = name;
document.getElementById('location-modal-title').innerText = 'Edit Location';
document.getElementById('location-modal').classList.add('show');
}
async function saveLocation(event) {
event.preventDefault();
const id = document.getElementById('location-id').value;
const payload = { name: document.getElementById('location-name').value };
const method = id ? 'PUT' : 'POST';
const endpoint = id ? `/api/location?id=${id}` : '/api/location';
await apiRequest(endpoint, method, payload);
closeModal('location-modal');
loadLocations();
}
async function deleteLocation(id) {
if (confirm("Are you sure you want to delete this location?")) {
await apiRequest(`/api/location?id=${id}`, 'DELETE');
loadLocations();
}
}
// ---- PROJECTS ----
async function loadProjects() {
const data = await apiRequest('/api/project');
const tbody = document.getElementById('projects-table-body');
tbody.innerHTML = '';
if (!data.projects || data.projects.length === 0) {
tbody.innerHTML = '<tr><td colspan="3" style="text-align: center;">No projects found.</td></tr>';
return;
}
data.projects.forEach(proj => {
tbody.innerHTML += `
<tr>
<td style="font-weight: 600;">${proj.name}</td>
<td style="color: var(--text-muted);">${proj.description}</td>
<td style="text-align: right;">
<button class="btn btn-secondary" style="width: auto; padding: 0.4rem 0.8rem; font-size: 0.85rem; border-color: var(--accent); color: var(--accent);" onclick='openAssociationModal(${JSON.stringify(proj).replace(/'/g, "&#39;")})'>Items</button>
<button class="btn btn-secondary" style="width: auto; padding: 0.4rem 0.8rem; font-size: 0.85rem;" onclick='editProject(${JSON.stringify(proj).replace(/'/g, "&#39;")})'>Edit</button>
<button class="btn btn-secondary danger-btn" style="width: auto; padding: 0.4rem 0.8rem; font-size: 0.85rem;" onclick="deleteProject(${proj.id})">Del</button>
</td>
</tr>
`;
});
}
function openProjectModal() {
document.getElementById('project-form').reset();
document.getElementById('project-id').value = '';
document.getElementById('project-modal-title').innerText = 'New Project';
document.getElementById('project-modal').classList.add('show');
}
function editProject(proj) {
document.getElementById('project-id').value = proj.id;
document.getElementById('project-name').value = proj.name;
document.getElementById('project-desc').value = proj.description;
document.getElementById('project-modal-title').innerText = 'Edit Project';
document.getElementById('project-modal').classList.add('show');
}
async function saveProject(event) {
event.preventDefault();
const id = document.getElementById('project-id').value;
const payload = {
name: document.getElementById('project-name').value,
description: document.getElementById('project-desc').value
};
const method = id ? 'PUT' : 'POST';
const endpoint = id ? `/api/project?id=${id}` : '/api/project';
await apiRequest(endpoint, method, payload);
closeModal('project-modal');
loadProjects();
}
async function deleteProject(id) {
if (confirm("Are you sure you want to delete this project?")) {
await apiRequest(`/api/project?id=${id}`, 'DELETE');
loadProjects();
}
}
// ---- STOCK ----
async function openStockModal(item) {
document.getElementById('stock-modal-title').innerText = `Stock: ${item.name}`;
document.getElementById('stock-item-id').value = item.id;
document.getElementById('stock-qty').value = '';
document.getElementById('stock-modal').classList.add('show');
await reloadStockTable(item.id);
const locData = await apiRequest('/api/location');
const locSelect = document.getElementById('stock-location');
locSelect.innerHTML = '<option value="">Select Location...</option>';
if (locData.locations) {
locData.locations.forEach(loc => {
locSelect.innerHTML += `<option value="${loc.id}">${loc.name}</option>`;
});
}
}
async function reloadStockTable(itemId) {
const tbody = document.getElementById('stock-table-body');
tbody.innerHTML = '<tr><td colspan="3" style="text-align:center;">Loading...</td></tr>';
try {
const data = await apiRequest(`/api/stock?item_id=${itemId}`);
tbody.innerHTML = '';
if (!data.stock || data.stock.length === 0) {
tbody.innerHTML = '<tr><td colspan="3" style="text-align: center;">No stock entries.</td></tr>';
return;
}
for (const st of data.stock) {
const locData = await apiRequest(`/api/location?id=${st.location_id}`);
tbody.innerHTML += `
<tr>
<td>${locData.name || `Location #${st.location_id}`}</td>
<td><span class="badge success">${st.quantity}</span></td>
<td style="text-align: right;">
<button class="btn btn-secondary danger-btn" style="padding: 0.2rem 0.5rem; font-size: 0.75rem;" onclick="deleteStock(${st.id}, ${itemId})">Del</button>
</td>
</tr>
`;
}
} catch (e) {
tbody.innerHTML = '<tr><td colspan="3" style="text-align: center;">Failed to load.</td></tr>';
}
}
async function saveStock(event) {
event.preventDefault();
const itemId = document.getElementById('stock-item-id').value;
const payload = {
item_id: parseInt(itemId, 10),
location_id: parseInt(document.getElementById('stock-location').value, 10),
quantity: parseInt(document.getElementById('stock-qty').value, 10)
};
await apiRequest('/api/stock', 'POST', payload);
document.getElementById('stock-qty').value = '';
await reloadStockTable(itemId);
loadItems();
}
async function deleteStock(stockId, itemId) {
if (confirm("Remove this stock entry?")) {
await apiRequest(`/api/stock?id=${stockId}`, 'DELETE');
await reloadStockTable(itemId);
loadItems();
}
}
// ---- ASSOCIATIONS ----
async function openAssociationModal(project) {
document.getElementById('association-modal-title').innerText = `Items for: ${project.name}`;
document.getElementById('assoc-project-id').value = project.id;
document.getElementById('assoc-qty').value = '';
document.getElementById('association-modal').classList.add('show');
await reloadAssociationTable(project.id);
const itemData = await apiRequest('/api/item');
const itemSelect = document.getElementById('assoc-item');
itemSelect.innerHTML = '<option value="">Select Item...</option>';
if (itemData.items) {
itemData.items.forEach(it => {
itemSelect.innerHTML += `<option value="${it.id}">${it.name} (Avail: ${it.total_quantity})</option>`;
});
}
}
async function reloadAssociationTable(projectId) {
const tbody = document.getElementById('association-table-body');
tbody.innerHTML = '<tr><td colspan="3" style="text-align:center;">Loading...</td></tr>';
try {
const data = await apiRequest(`/api/association?project_id=${projectId}`);
tbody.innerHTML = '';
if (!data.associations || data.associations.length === 0) {
tbody.innerHTML = '<tr><td colspan="3" style="text-align: center;">No allocated items.</td></tr>';
return;
}
for (const asc of data.associations) {
const itemData = await apiRequest(`/api/item?id=${asc.item_id}`);
console.log(itemData)
tbody.innerHTML += `
<tr>
<td>${itemData.name || `Item #${asc.item_id}`}</td>
<td><span class="badge success">${asc.quantity}</span></td>
<td style="text-align: right;">
<button class="btn btn-secondary danger-btn" style="padding: 0.2rem 0.5rem; font-size: 0.75rem;" onclick="deleteAssociation(${asc.id}, ${projectId})">Del</button>
</td>
</tr>
`;
}
} catch (e) {
tbody.innerHTML = '<tr><td colspan="3" style="text-align: center;">Failed to load.</td></tr>';
}
}
async function saveAssociation(event) {
event.preventDefault();
const projectId = document.getElementById('assoc-project-id').value;
const payload = {
project_id: parseInt(projectId, 10),
item_id: parseInt(document.getElementById('assoc-item').value, 10),
quantity: parseInt(document.getElementById('assoc-qty').value, 10)
};
await apiRequest('/api/association', 'POST', payload);
document.getElementById('assoc-qty').value = '';
await reloadAssociationTable(projectId);
}
async function deleteAssociation(assocId, projectId) {
if (confirm("Remove this item from the project?")) {
await apiRequest(`/api/association?id=${assocId}`, 'DELETE');
await reloadAssociationTable(projectId);
}
}
async function handleDashboardView() {
const locTbody = document.getElementById('dash-locations-body');
const projTbody = document.getElementById('dash-projects-body');
if (!locTbody && !projTbody) return;
try {
const locData = await apiRequest('/api/location');
if (locTbody && locData && locData.locations) {
locTbody.innerHTML = '';
if (locData.locations.length === 0) {
locTbody.innerHTML = '<tr><td style="color: var(--text-muted); padding: 1rem;">No locations found.</td></tr>';
} else {
locData.locations.forEach(loc => {
const tr = document.createElement('tr');
tr.innerHTML = `<td style="cursor: pointer; color: var(--accent); font-weight: 500; padding: 0.75rem 1rem;">${loc.name}</td>`;
tr.onclick = () => openDashboardModal(`/api/location?id=${loc.id}&content=true`, `Items in ${loc.name}`, 'contents');
locTbody.appendChild(tr);
});
}
}
const projData = await apiRequest('/api/project');
if (projTbody && projData && projData.projects) {
projTbody.innerHTML = '';
if (projData.projects.length === 0) {
projTbody.innerHTML = '<tr><td style="color: var(--text-muted); padding: 1rem;">No projects found.</td></tr>';
} else {
projData.projects.forEach(p => {
const tr = document.createElement('tr');
tr.innerHTML = `<td style="cursor: pointer; color: var(--accent); font-weight: 500; padding: 0.75rem 1rem;">${p.name}</td>`;
tr.onclick = () => openDashboardModal(`/api/project?id=${p.id}&details=true`, `Items assigned to ${p.name}`, 'items');
projTbody.appendChild(tr);
});
}
}
} catch (err) {
console.error(err);
}
}
async function openDashboardModal(url, title, dataKey) {
document.getElementById('dash-modal-title').innerText = title;
const tbody = document.getElementById('dash-modal-body');
if (!tbody) return;
tbody.innerHTML = '<tr><td colspan="2" style="text-align:center; padding:1.5rem; color:var(--text-muted);">Loading...</td></tr>';
document.getElementById('dash-details-modal').classList.add('show');
try {
const data = await apiRequest(url);
tbody.innerHTML = '';
const list = data[dataKey] || [];
if (list.length === 0) {
tbody.innerHTML = '<tr><td colspan="2" style="color:var(--text-muted); text-align:center; padding:1.5rem;">No active items found.</td></tr>';
return;
}
list.forEach(i => {
tbody.innerHTML += `
<tr>
<td style="color:var(--text); padding:0.75rem 1rem;">${i.item_name}</td>
<td style="text-align:right; padding:0.75rem 1rem;"><span class="badge success">${i.quantity}</span></td>
</tr>
`;
});
} catch (e) {
tbody.innerHTML = '<tr><td colspan="2" style="color:var(--error); text-align:center; padding:1.5rem;">Failed to load data.</td></tr>';
}
}
// ---- PROFILE ----
async function loadProfile() {
const avatar = document.getElementById("avatar");
const username = document.getElementById('username');
try {
const data = await apiRequest('/api/profile');
avatar.innerText = data.username[0].toLocaleUpperCase();
username.innerText = data.username;
} catch (e) {
username.innerHTML = '<tr><td colspan="2" style="color:var(--error); text-align:center; padding:1.5rem;">Failed to load data.</td></tr>';
}
}

128
frontend/assets/js/auth.js Normal file
View File

@@ -0,0 +1,128 @@
// auth.js
(() => {
const currentPath = window.location.pathname;
if (currentPath !== "/" && currentPath !== "/login" && currentPath !== "/register") {
return;
}
function getCookie(name) {
const value = `; ${document.cookie}`;
const parts = value.split(`; ${name}=`);
if (parts.length === 2) return parts.pop().split(';').shift();
return null;
}
function clearAllAuth() {
console.log("Clearing all auth remnants from everywhere...");
localStorage.removeItem("access_token");
localStorage.removeItem("refresh_token");
sessionStorage.removeItem("is_refreshing");
document.cookie = "access_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 UTC; Secure; SameSite=Lax;";
document.cookie = "refresh_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 UTC; Secure; SameSite=Lax;";
}
async function tryTokenRefresh(refreshToken) {
if (!refreshToken) return false;
try {
console.log("Sending refresh token to /api/refresh...");
const response = await fetch("/api/refresh", {
method: "POST",
headers: { "Content-Type": "application/json" },
body: JSON.stringify({ refresh_token: refreshToken })
});
if (response.ok) {
const data = await response.json();
localStorage.setItem("access_token", data.access_token);
localStorage.setItem("refresh_token", data.refresh_token);
document.cookie = `access_token=${data.access_token}; path=/; max-age=900; SameSite=Lax; Secure`;
document.cookie = `refresh_token=${data.refresh_token}; path=/; max-age=604800; SameSite=Lax; Secure`;
return true;
}
} catch (err) {
console.error("Refresh request failed:", err);
}
return false;
}
async function checkAuth() {
const cookieAccessToken = getCookie("access_token");
const cookieRefreshToken = getCookie("refresh_token");
const localAccessToken = localStorage.getItem("access_token");
const localRefreshToken = localStorage.getItem("refresh_token");
const accessToken = cookieAccessToken || localAccessToken;
const refreshToken = cookieRefreshToken || localRefreshToken;
console.log("Auth check started...");
console.log("AccessToken available (Cookie/Local):", !!cookieAccessToken, "/", !!localAccessToken);
console.log("RefreshToken available (Cookie/Local):", !!cookieRefreshToken, "/", !!localRefreshToken);
if (!accessToken && !refreshToken) {
console.log("No tokens found in cookies or localStorage. User is a guest.");
return;
}
if (accessToken) {
try {
console.log("Validating token against /api/userinfo...");
const response = await fetch("/api/userinfo", {
method: "GET",
headers: { "Authorization": `Bearer ${accessToken}` }
});
if (response.ok) {
console.log("Token is perfectly valid!");
sessionStorage.removeItem("is_refreshing");
if (!cookieAccessToken) {
document.cookie = `access_token=${accessToken}; path=/; max-age=900; SameSite=Lax; Secure`;
}
if (!cookieRefreshToken && localRefreshToken) {
document.cookie = `refresh_token=${localRefreshToken}; path=/; max-age=604800; SameSite=Lax; Secure`;
}
console.log("Redirecting to dashboard...");
window.location.href = "/dashboard";
return;
} else {
console.log("Token rejected by /api/userinfo. Status:", response.status);
}
} catch (err) {
console.error("Network error during token verification:", err);
}
}
if (sessionStorage.getItem("is_refreshing") === "true") {
console.warn("Loop protection triggered! Tokens appear to be corrupt. Clearing storage.");
clearAllAuth();
return;
}
if (refreshToken) {
console.log("Access token has expired. Starting refresh process...");
sessionStorage.setItem("is_refreshing", "true");
const refreshSuccessful = await tryTokenRefresh(refreshToken);
if (refreshSuccessful) {
console.log("Refresh successful! Reloading page to apply cookies...");
window.location.reload();
return;
} else {
console.log("Refresh failed. Refresh token has also expired.");
}
} else {
console.log("No refresh token available for recovery.");
}
clearAllAuth();
console.log("Authentication completely failed. User remains on login page.");
}
setTimeout(checkAuth, 50);
})();

42
frontend/assets/js/login.js Normal file
View File

@@ -0,0 +1,42 @@
// login.js
document.addEventListener("DOMContentLoaded", () => {
const form = document.getElementById("login-form");
const errorBox = document.getElementById("error");
if (!form) return;
form.addEventListener("submit", async (e) => {
e.preventDefault();
errorBox.style.display = "none";
const username = document.getElementById("username").value;
const password = document.getElementById("password").value;
try {
const response = await fetch("/api/login", {
method: "POST",
headers: { "Content-Type": "application/json" },
body: JSON.stringify({ username, password })
});
if (!response.ok) {
const text = await response.text();
throw new Error(text);
}
const data = await response.json();
localStorage.setItem("access_token", data.access_token);
localStorage.setItem("refresh_token", data.refresh_token);
document.cookie = `access_token=${data.access_token}; path=/; max-age=900; SameSite=Lax; Secure`;
document.cookie = `refresh_token=${data.refresh_token}; path=/; max-age=604800; SameSite=Lax; Secure`;
window.location.href = "/dashboard";
} catch (err) {
errorBox.textContent = err.message || "Login failed.";
errorBox.style.display = "block";
}
});
});

43
frontend/assets/js/register.js Normal file
View File

@@ -0,0 +1,43 @@
// register.js
document.addEventListener("DOMContentLoaded", () => {
const form = document.getElementById("register-form");
const msgBox = document.getElementById("message");
form.addEventListener("submit", async (e) => {
e.preventDefault();
msgBox.style.display = "none";
msgBox.className = "message";
const username = document.getElementById("username").value;
const password = document.getElementById("password").value;
try {
const response = await fetch("/api/register", {
method: "POST",
headers: { "Content-Type": "application/json" },
body: JSON.stringify({ username, password })
});
if (!response.ok) {
const text = await response.text();
throw new Error(text);
}
msgBox.textContent = "Registration successful! Redirecting...";
msgBox.classList.add("success");
msgBox.style.display = "block";
form.querySelector("button").disabled = true;
setTimeout(() => {
window.location.href = "/login";
}, 1500);
} catch (err) {
msgBox.textContent = err.message;
msgBox.classList.add("error");
msgBox.style.display = "block";
}
});
});

157
frontend/handler.go
View File

@@ -3,17 +3,168 @@ package frontend
import ( import (
"html/template" "html/template"
"net/http" "net/http"
"os"
"path/filepath"
"strings"
"github.com/tdewolff/minify/v2"
"github.com/tdewolff/minify/v2/css"
"github.com/tdewolff/minify/v2/js"
) )
var dashboard = template.Must(template.ParseFiles(
"frontend/htmx/contents/dash/base.html",
"frontend/htmx/contents/dash/dashboard.html"))
var inventory = template.Must(template.ParseFiles(
"frontend/htmx/contents/dash/base.html",
"frontend/htmx/contents/dash/inventory.html"))
var item = template.Must(template.ParseFiles(
"frontend/htmx/contents/dash/base.html",
"frontend/htmx/contents/dash/itemlist.html"))
var locations = template.Must(template.ParseFiles(
"frontend/htmx/contents/dash/base.html",
"frontend/htmx/contents/dash/locations.html"))
var projects = template.Must(template.ParseFiles(
"frontend/htmx/contents/dash/base.html",
"frontend/htmx/contents/dash/projects.html"))
var home = template.Must(template.ParseFiles("frontend/htmx/home.html"))
func Home(w http.ResponseWriter, r *http.Request) { func Home(w http.ResponseWriter, r *http.Request) {
if r.URL.Path != "/" {
http.ServeFile(w, r, "frontend/htmx/404.html")
return
}
w.Header().Set("Content-Type", "text/html") w.Header().Set("Content-Type", "text/html")
var tmpl = template.Must(template.ParseFiles("frontend/htmx/home.html")) err := home.Execute(w, struct {
err := tmpl.Execute(w, struct {
Name string Name string
}{ }{
Name: "Miau", Name: "Home",
}) })
if err != nil { if err != nil {
return return
} }
} }
func Dashboard(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "text/html")
err := dashboard.ExecuteTemplate(w, "base.html", struct {
Title string
Stats struct {
Items int
Projects int
Locations int
}
}{
Title: "Dashboard",
Stats: struct {
Items int
Projects int
Locations int
}{
Items: 1,
Projects: 1,
Locations: 3,
},
})
if err != nil {
return
}
}
func Inventory(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "text/html")
err := inventory.ExecuteTemplate(w, "base.html", struct {
Title string
}{
Title: "Inventory",
})
if err != nil {
return
}
}
func Items(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "text/html")
err := item.ExecuteTemplate(w, "base.html", struct {
Title string
}{
Title: "Items",
})
if err != nil {
return
}
}
func Locations(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "text/html")
err := locations.ExecuteTemplate(w, "base.html", struct {
Title string
}{
Title: "Locations",
})
if err != nil {
return
}
}
func Projects(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "text/html")
err := projects.ExecuteTemplate(w, "base.html", struct {
Title string
}{
Title: "Projects",
})
if err != nil {
return
}
}
var minifier *minify.M
func init() {
minifier = minify.New()
// Füge die Minifier für CSS und JS hinzu
minifier.AddFunc("text/css", css.Minify)
minifier.AddFunc("text/javascript", js.Minify)
}
func Assets(w http.ResponseWriter, r *http.Request) {
path := strings.TrimPrefix(r.URL.Path, "/assets/")
fullPath := filepath.Join("frontend/assets", path)
w.Header().Set("Cache-Control", "public, max-age=3600")
var mimeType string
if strings.HasSuffix(path, ".min.js") {
mimeType = "text/javascript"
fullPath = strings.Replace(fullPath, ".min.js", ".js", 1)
} else if strings.HasSuffix(path, ".min.css") {
mimeType = "text/css"
fullPath = strings.Replace(fullPath, ".min.css", ".css", 1)
}
info, err := os.Stat(fullPath)
if err != nil || info.IsDir() {
http.Error(w, "Asset not found", http.StatusNotFound)
return
}
if mimeType != "" {
content, err := os.ReadFile(fullPath)
if err != nil {
http.Error(w, "Internal server error", http.StatusInternalServerError)
return
}
minifiedContent, err := minifier.Bytes(mimeType, content)
if err == nil {
w.Header().Set("Content-Type", mimeType)
w.Write(minifiedContent)
return
}
}
http.ServeFile(w, r, fullPath)
}

23
frontend/htmx/404.html Normal file
View File

@@ -0,0 +1,23 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>404 - Page Not Found | MiauInv</title>
<link rel="stylesheet" href="/assets/css/theme.min.css">
<link rel="stylesheet" href="/assets/css/error404.min.css">
</head>
<body>
<main class="card">
<div class="error-code">404</div>
<h1>Page Not Found</h1>
<p class="subtitle" style="margin-bottom: 2rem;">The page you are looking for does not exist or has been moved to another address.</p>
<a href="/dashboard" class="btn btn-secondary">
Back to Dashboard
</a>
</main>
</body>
</html>

57
frontend/htmx/contents/dash/base.html Normal file
View File

@@ -0,0 +1,57 @@
{{ define "base.html" }}
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>{{ .Title }} | MiauInv</title>
<script src="https://unpkg.com/htmx.org@2.0.4"></script>
<script src="/assets/js/api.min.js"></script>
<link rel="stylesheet" href="/assets/css/theme.min.css">
<link rel="stylesheet" href="/assets/css/dashboard.min.css">
</head>
<body class="dashboard-layout">
<header>
<div class="nav-container">
<div class="nav-left">
<div class="brand">Miau<span>Inv</span></div>
<button class="menu-trigger" id="menu-btn" aria-label="Menu">
<svg width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><line x1="3" y1="12" x2="21" y2="12"></line><line x1="3" y1="6" x2="21" y2="6"></line><line x1="3" y1="18" x2="21" y2="18"></line></svg>
</button>
<nav id="main-nav">
<a href="/dashboard">Dashboard</a>
<a href="/inventory">Inventory</a>
<a href="/projects">Projects</a>
<a href="/locations">Locations</a>
</nav>
</div>
<div class="profile-dropdown">
<button class="profile-trigger" id="profile-btn">
<div id="avatar" class="avatar">M</div>
<span id="username" class="username">Loading...</span>
<svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><polyline points="6 9 12 15 18 9"></polyline></svg>
</button>
<div class="dropdown-menu" id="dropdown-menu">
<a href="/profile/settings">Account Settings</a>
<a href="/profile/activity">Activity Log</a>
<hr class="dropdown-divider">
<button id="logout-btn" class="logout-btn"
hx-post="/api/logout"
hx-on::after-request="window.location.href='/login'">
Log Out
</button>
</div>
</div>
</div>
</header>
<main>
{{ template "content" . }}
</main>
</body>
</html>
{{ end }}

110
frontend/htmx/contents/dash/dashboard.html Normal file
View File

@@ -0,0 +1,110 @@
{{ define "content" }}
<div class="page-header">
<h1>Dashboard Overview</h1>
</div>
<div class="stats-grid" style="margin-bottom: 2rem; display: grid; grid-template-columns: repeat(auto-fit, minmax(200px, 1fr)); gap: 1.5rem;">
<div class="stat-card" style="background: var(--card); border: 1px solid var(--border); border-radius: 12px; padding: 1.5rem; display: flex; align-items: center; gap: 1rem;">
<div class="stat-icon" style="background: rgba(59, 130, 246, 0.1); color: var(--accent); padding: 0.75rem; border-radius: 10px; display: flex; align-items: center; justify-content: center;">
<svg width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><polygon points="12 2 2 7 12 12 22 7 12 2"></polygon><polyline points="2 17 12 22 22 17"></polyline><polyline points="2 12 12 17 22 12"></polyline></svg>
</div>
<div class="stat-info">
<p style="color: var(--text-muted); font-size: 0.9rem; margin: 0;">Total Items</p>
<h2 style="font-size: 1.5rem; font-weight: 700; margin: 0;">
{{ if .Stats }}{{ .Stats.Items }}{{ else }}0{{ end }}
</h2>
</div>
</div>
<div class="stat-card" style="background: var(--card); border: 1px solid var(--border); border-radius: 12px; padding: 1.5rem; display: flex; align-items: center; gap: 1rem;">
<div class="stat-icon" style="background: rgba(16, 185, 129, 0.1); color: var(--success); padding: 0.75rem; border-radius: 10px; display: flex; align-items: center; justify-content: center;">
<svg width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M22 19a2 2 0 0 1-2 2H4a2 2 0 0 1-2-2V5a2 2 0 0 1 2-2h5l2 3h9a2 2 0 0 1 2 2z"></path></svg>
</div>
<div class="stat-info">
<p style="color: var(--text-muted); font-size: 0.9rem; margin: 0;">Active Projects</p>
<h2 style="font-size: 1.5rem; font-weight: 700; margin: 0;">
{{ if .Stats }}{{ .Stats.Projects }}{{ else }}0{{ end }}
</h2>
</div>
</div>
<div class="stat-card" style="background: var(--card); border: 1px solid var(--border); border-radius: 12px; padding: 1.5rem; display: flex; align-items: center; gap: 1rem;">
<div class="stat-icon" style="background: rgba(245, 158, 11, 0.1); color: #f59e0b; padding: 0.75rem; border-radius: 10px; display: flex; align-items: center; justify-content: center;">
<svg width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 10c0 7-9 13-9 13s-9-6-9-13a9 9 0 0 1 18 0z"></path><circle cx="12" cy="10" r="3"></circle></svg>
</div>
<div class="stat-info">
<p style="color: var(--text-muted); font-size: 0.9rem; margin: 0;">Locations</p>
<h2 style="font-size: 1.5rem; font-weight: 700; margin: 0;">
{{ if .Stats }}{{ .Stats.Locations }}{{ else }}0{{ end }}
</h2>
</div>
</div>
</div>
<div class="modal-split">
<div class="card" style="max-width: 100%; text-align: left; padding: 1.5rem;">
<h2 style="font-size: 1.25rem; margin-bottom: 1rem; color: var(--text);">Locations</h2>
<div class="table-container">
<table class="inner-table" style="margin-top: 0; border-radius: 8px; width: 100%;">
<thead>
<tr>
<th style="text-align: left; padding: 0.75rem 1rem; background: #111827;">Name</th>
</tr>
</thead>
<tbody id="dash-locations-body">
<tr><td class="table-loader" style="padding: 1.5rem; text-align: center; color: var(--text-muted);">Loading locations...</td></tr>
</tbody>
</table>
</div>
</div>
<div class="card" style="max-width: 100%; text-align: left; padding: 1.5rem;">
<h2 style="font-size: 1.25rem; margin-bottom: 1rem; color: var(--text);">Active Projects</h2>
<div class="table-container">
<table class="inner-table" style="margin-top: 0; border-radius: 8px; width: 100%;">
<thead>
<tr>
<th style="text-align: left; padding: 0.75rem 1rem; background: #111827;">Project Name</th>
</tr>
</thead>
<tbody id="dash-projects-body">
<tr><td class="table-loader" style="padding: 1.5rem; text-align: center; color: var(--text-muted);">Loading projects...</td></tr>
</tbody>
</table>
</div>
</div>
</div>
<div id="dash-details-modal" class="modal">
<div class="modal-content">
<h2 id="dash-modal-title">Details</h2>
<div class="table-container">
<table class="inner-table" style="width: 100%;">
<thead>
<tr>
<th style="text-align: left; padding: 0.75rem 1rem;">Item</th>
<th style="text-align: right; width: 100px; padding: 0.75rem 1rem;">Quantity</th>
</tr>
</thead>
<tbody id="dash-modal-body"></tbody>
</table>
</div>
<div class="button-group">
<button type="button" class="btn btn-secondary" onclick="document.getElementById('dash-details-modal').classList.remove('show')">Close</button>
</div>
</div>
</div>
<script>
if (typeof handleDashboardView === "function") {
handleDashboardView();
}
if (window.htmx) {
htmx.on("htmx:afterOnLoad", function() {
if (typeof handleDashboardView === "function") {
handleDashboardView();
}
});
}
</script>
{{ end }}

88
frontend/htmx/contents/dash/inventory.html Normal file
View File

@@ -0,0 +1,88 @@
{{ define "content" }}
<div class="page-header action-bar">
<h1>Inventory</h1>
<button class="btn btn-primary" style="width: auto; padding: 0.6rem 1.2rem; font-size: 0.95rem;" onclick="openItemModal()">
Add Item
</button>
</div>
<div class="table-container">
<table>
<thead>
<tr>
<th>Name</th>
<th>Category</th>
<th>Total Quantity</th>
<th style="text-align: right;">Actions</th>
</tr>
</thead>
<tbody id="items-table-body">
<tr><td colspan="4" class="table-loader">Loading inventory...</td></tr>
</tbody>
</table>
</div>
<div id="item-modal" class="modal">
<div class="modal-content">
<h2 id="item-modal-title">New Item</h2>
<form id="item-form" onsubmit="saveItem(event)">
<input type="hidden" id="item-id">
<div class="form-group">
<input type="text" id="item-name" placeholder="Item Name" required>
</div>
<div class="form-group">
<input type="text" id="item-category" placeholder="Category" required>
</div>
<div class="form-group">
<input type="text" id="item-desc" placeholder="Description">
</div>
<div class="button-group">
<button type="submit" class="btn btn-primary">Save Item</button>
<button type="button" class="btn btn-secondary" onclick="closeModal('item-modal')">Cancel</button>
</div>
</form>
</div>
</div>
<div id="stock-modal" class="modal">
<div class="modal-content large">
<h2 id="stock-modal-title">Manage Stock</h2>
<div class="modal-split">
<div>
<h3>Current Locations</h3>
<div class="inner-table">
<table>
<thead>
<tr>
<th>Location</th>
<th>Quantity</th>
<th></th>
</tr>
</thead>
<tbody id="stock-table-body">
</tbody>
</table>
</div>
</div>
<div>
<h3>Update Stock</h3>
<form id="stock-form" onsubmit="saveStock(event)" style="margin-top: 1rem;">
<input type="hidden" id="stock-item-id">
<div class="form-group">
<select id="stock-location" class="search-input" style="width: 100%; padding: 0.85rem 1rem; background: #111827; color: white; border: 1px solid var(--border); border-radius: 10px;" required>
<option value="">Select Location...</option>
</select>
</div>
<div class="form-group">
<input type="number" id="stock-qty" placeholder="Quantity to add/set" required>
</div>
<div class="button-group">
<button type="submit" class="btn btn-primary">Update Stock</button>
<button type="button" class="btn btn-secondary" onclick="closeModal('stock-modal')">Done</button>
</div>
</form>
</div>
</div>
</div>
</div>
{{ end }}

28
frontend/htmx/contents/dash/itemlist.html Normal file
View File

@@ -0,0 +1,28 @@
<table>
<thead>
<tr>
<th>Name</th>
<th>Category</th>
<th>Total</th>
<th>Free</th>
<th style="text-align: right;">Actions</th>
</tr>
</thead>
<tbody>
{{ range . }}
<tr>
<td style="font-weight: 600;">{{ .Name }}</td>
<td>
<span style="background: rgba(255,255,255,0.05); padding: 0.25rem 0.6rem; border-radius: 999px; font-size: 0.8rem; color: var(--text-muted); border: 1px solid var(--border);">
{{ .Category }}
</span>
</td>
<td style="font-family: monospace; font-size: 1.05rem;">{{ .TotalQuantity }}</td>
<td style="font-family: monospace; font-size: 1.05rem; color: var(--success);">{{ .FreeQuantity }}</td>
<td style="text-align: right;">
<button class="btn btn-secondary" style="width: auto; padding: 0.4rem 0.8rem; font-size: 0.85rem;">Edit</button>
</td>
</tr>
{{ end }}
</tbody>
</table>

38
frontend/htmx/contents/dash/locations.html Normal file
View File

@@ -0,0 +1,38 @@
{{ define "content" }}
<div class="page-header action-bar">
<h1>Locations</h1>
<button class="btn btn-primary" style="width: auto; padding: 0.6rem 1.2rem; font-size: 0.95rem;" onclick="openLocationModal()">
Add Location
</button>
</div>
<div class="table-container">
<table>
<thead>
<tr>
<th>Name</th>
<th style="text-align: right;">Actions</th>
</tr>
</thead>
<tbody id="locations-table-body">
<tr><td colspan="2" class="table-loader">Loading locations...</td></tr>
</tbody>
</table>
</div>
<div id="location-modal" class="modal">
<div class="modal-content">
<h2 id="location-modal-title">New Location</h2>
<form id="location-form" onsubmit="saveLocation(event)">
<input type="hidden" id="location-id">
<div class="form-group">
<input type="text" id="location-name" placeholder="Location Name" required>
</div>
<div class="button-group">
<button type="submit" class="btn btn-primary">Save Location</button>
<button type="button" class="btn btn-secondary" onclick="closeModal('location-modal')">Cancel</button>
</div>
</form>
</div>
</div>
{{ end }}

84
frontend/htmx/contents/dash/projects.html Normal file
View File

@@ -0,0 +1,84 @@
{{ define "content" }}
<div class="page-header action-bar">
<h1>Projects</h1>
<button class="btn btn-primary" style="width: auto; padding: 0.6rem 1.2rem; font-size: 0.95rem;" onclick="openProjectModal()">
New Project
</button>
</div>
<div class="table-container">
<table>
<thead>
<tr>
<th>Name</th>
<th>Description</th>
<th style="text-align: right;">Actions</th>
</tr>
</thead>
<tbody id="projects-table-body">
<tr><td colspan="3" class="table-loader">Loading projects...</td></tr>
</tbody>
</table>
</div>
<div id="project-modal" class="modal">
<div class="modal-content">
<h2 id="project-modal-title">New Project</h2>
<form id="project-form" onsubmit="saveProject(event)">
<input type="hidden" id="project-id">
<div class="form-group">
<input type="text" id="project-name" placeholder="Project Name" required>
</div>
<div class="form-group">
<input type="text" id="project-desc" placeholder="Description">
</div>
<div class="button-group">
<button type="submit" class="btn btn-primary">Save Project</button>
<button type="button" class="btn btn-secondary" onclick="closeModal('project-modal')">Cancel</button>
</div>
</form>
</div>
</div>
<div id="association-modal" class="modal">
<div class="modal-content large">
<h2 id="association-modal-title">Manage Project Items</h2>
<div class="modal-split">
<div>
<h3>Allocated Items</h3>
<div class="inner-table">
<table>
<thead>
<tr>
<th>Item</th>
<th>Quantity</th>
<th></th>
</tr>
</thead>
<tbody id="association-table-body">
</tbody>
</table>
</div>
</div>
<div>
<h3>Allocate New Item</h3>
<form id="association-form" onsubmit="saveAssociation(event)" style="margin-top: 1rem;">
<input type="hidden" id="assoc-project-id">
<div class="form-group">
<select id="assoc-item" class="search-input" style="width: 100%; padding: 0.85rem 1rem; background: #111827; color: white; border: 1px solid var(--border); border-radius: 10px;" required>
<option value="">Select Item...</option>
</select>
</div>
<div class="form-group">
<input type="number" id="assoc-qty" placeholder="Quantity needed" required>
</div>
<div class="button-group">
<button type="submit" class="btn btn-primary">Allocate</button>
<button type="button" class="btn btn-secondary" onclick="closeModal('association-modal')">Done</button>
</div>
</form>
</div>
</div>
</div>
</div>
{{ end }}

24
frontend/htmx/home.html
View File

@@ -1,6 +1,26 @@
<!DOCTYPE html> <!DOCTYPE html>
<html> <html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>MiauInv | Private Instance</title>
<script src="/assets/js/auth.js"></script>
<link rel="stylesheet" href="/assets/css/theme.min.css">
<link rel="stylesheet" href="/assets/css/home.min.css">
</head>
<body> <body>
<h1>Hallo, {{.Name}}!</h1>
<main class="card">
<div class="header">
<h1 class="brand-title">Miau<span>Inv</span></h1>
<p class="subtitle">Private Instance</p>
</div>
<div class="home-actions">
<a href="/login" class="btn btn-primary">Sign In</a>
<a href="/register" class="btn btn-secondary">Create Account</a>
</div>
</main>
</body> </body>
</html> </html>

43
frontend/htmx/login.html Normal file
View File

@@ -0,0 +1,43 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Sign In | MiauInv</title>
<script src="/assets/js/auth.min.js" defer></script>
<script src="/assets/js/login.min.js" defer></script>
<link rel="stylesheet" href="/assets/css/theme.min.css">
</head>
<body>
<main class="card">
<div class="header">
<h1>Welcome back</h1>
<p class="subtitle">Sign in to your account</p>
</div>
<form id="login-form">
<div class="form-group">
<label for="username" class="sr-only">Username</label>
<input type="text" id="username" placeholder="Username" autocomplete="username" required>
</div>
<div class="form-group">
<label for="password" class="sr-only">Password</label>
<input type="password" id="password" placeholder="Password" autocomplete="current-password" required>
</div>
<button type="submit" class="btn btn-primary">Sign In</button>
</form>
<div id="error" class="message error"></div>
<p class="footer-text">
Don't have an account yet? <a href="/register">Create account</a>
</p>
</main>
</body>
</html>

26
frontend/htmx/register-blocked.html Normal file
View File

@@ -0,0 +1,26 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Registration Disabled - MiauInv</title>
<link rel="stylesheet" href="/assets/css/register-blocked.min.css">
</head>
<body>
<div class="card">
<h1>Registration</h1>
<div class="subtitle">Create a new account</div>
<div class="message error">
<strong>Access Denied:</strong> Public registration is currently disabled for this system. Please contact your system administrator to request an account.
</div>
<div class="footer-text">
<a class="btn btn-secondary" href="/login" style="margin-top: 1.5rem;">Back to Login</a>
</div>
</div>
</body>
</html>

41
frontend/htmx/register.html Normal file
View File

@@ -0,0 +1,41 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Register | MiauInv</title>
<script src="/assets/js/auth.min.js"></script>
<script src="/assets/js/register.min.js"></script>
<link rel="stylesheet" href="/assets/css/theme.min.css">
</head>
<body>
<main class="card">
<div class="header">
<h1>Create Account</h1>
<p class="subtitle">Register to continue</p>
</div>
<form id="register-form">
<div class="form-group">
<label for="username" class="sr-only">Username</label>
<input type="text" id="username" placeholder="Username" autocomplete="username" required>
</div>
<div class="form-group">
<label for="password" class="sr-only">Password</label>
<input type="password" id="password" placeholder="Password" autocomplete="new-password" required>
</div>
<button type="submit" class="btn btn-primary">Register</button>
</form>
<div id="message" class="message"></div>
<p class="footer-text">
Already have an account? <a href="/login">Sign in here</a>
</p>
</main>
</body>
</html>

39
frontend/htmx/under-construction.html Normal file
View File

@@ -0,0 +1,39 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Feature Under Development | MiauInv</title>
<link rel="stylesheet" href="/assets/css/theme.min.css">
<link rel="stylesheet" href="/assets/css/under-construction.min.css">
</head>
<body>
<div class="card">
<div class="construction-icon-wrapper">
<svg class="gear-icon" width="48" height="48" viewBox="0 0 24 24" fill="none" stroke="var(--accent)" stroke-width="2" stroke-linecap="round" stroke-linejoin="round">
<circle cx="12" cy="12" r="3"></circle>
<path d="M19.4 15a1.65 1.65 0 0 0 .33 1.82l.06.06a2 2 0 1 1-2.83 2.83l-.06-.06a1.65 1.65 0 0 0-1.82-.33 1.65 1.65 0 0 0-1 1.51V21a2 2 0 0 1-4 0v-.09A1.65 1.65 0 0 0 9 19.4a1.65 1.65 0 0 0-1.82.33l-.06.06a2 2 0 1 1-2.83-2.83l.06-.06a1.65 1.65 0 0 0 .33-1.82 1.65 1.65 0 0 0-1.51-1H3a2 2 0 0 1 0-4h.09A1.65 1.65 0 0 0 4.6 9a1.65 1.65 0 0 0-.33-1.82l-.06-.06a2 2 0 1 1 2.83-2.83l.06.06a1.65 1.65 0 0 0 1.82.33H9a1.65 1.65 0 0 0 1-1.51V3a2 2 0 0 1 4 0v.09a1.65 1.65 0 0 0 1 1.51 1.65 1.65 0 0 0 1.82-.33l.06-.06a2 2 0 1 1 2.83 2.83l-.06.06a1.65 1.65 0 0 0-.33 1.82V9a1.65 1.65 0 0 0 1.51 1H21a2 2 0 0 1 0 4h-.09a1.65 1.65 0 0 0-1.51 1z"></path>
</svg>
</div>
<h1>Coming Soon</h1>
<div class="subtitle">Feature Under Development</div>
<div class="message success" style="display: block; margin-bottom: 2rem;">
<strong>Development in progress!</strong><br>
Our team is actively working on this feature to bring you the best experience possible.
</div>
<a href="/dashboard" class="btn btn-secondary">
<svg width="18" height="18" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" style="margin-right: 8px;"><line x1="19" y1="12" x2="5" y2="12"></line><polyline points="12 19 5 12 12 5"></polyline></svg>
Back to Dashboard
</a>
<div class="footer-text">
Need urgent assistance? <a href="mailto:maurice@miaurizius.de">Contact Developer</a>
</div>
</div>
</body>
</html>

4
go.mod
View File

@@ -5,15 +5,17 @@ go 1.26
require ( require (
github.com/glebarez/go-sqlite v1.22.0 github.com/glebarez/go-sqlite v1.22.0
github.com/golang-jwt/jwt/v5 v5.3.1 github.com/golang-jwt/jwt/v5 v5.3.1
github.com/google/uuid v1.5.0
github.com/tdewolff/minify/v2 v2.24.13
golang.org/x/crypto v0.52.0 golang.org/x/crypto v0.52.0
gopkg.in/yaml.v3 v3.0.1 gopkg.in/yaml.v3 v3.0.1
) )
require ( require (
github.com/dustin/go-humanize v1.0.1 // indirect github.com/dustin/go-humanize v1.0.1 // indirect
github.com/google/uuid v1.5.0 // indirect
github.com/mattn/go-isatty v0.0.20 // indirect github.com/mattn/go-isatty v0.0.20 // indirect
github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec // indirect github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec // indirect
github.com/tdewolff/parse/v2 v2.8.12 // indirect
golang.org/x/sys v0.45.0 // indirect golang.org/x/sys v0.45.0 // indirect
modernc.org/libc v1.37.6 // indirect modernc.org/libc v1.37.6 // indirect
modernc.org/mathutil v1.6.0 // indirect modernc.org/mathutil v1.6.0 // indirect

7
go.sum
View File

@@ -12,6 +12,13 @@ github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWE
github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec h1:W09IVJc94icq4NjY3clb7Lk8O1qJ8BdBEF8z0ibU0rE= github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec h1:W09IVJc94icq4NjY3clb7Lk8O1qJ8BdBEF8z0ibU0rE=
github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec/go.mod h1:qqbHyh8v60DhA7CoWK5oRCqLrMHRGoxYCSS9EjAz6Eo= github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec/go.mod h1:qqbHyh8v60DhA7CoWK5oRCqLrMHRGoxYCSS9EjAz6Eo=
github.com/tdewolff/minify/v2 v2.24.13 h1:xrcF7gKDnUszseEY9WX9mUlZII2v2Go/QAcAwRASw58=
github.com/tdewolff/minify/v2 v2.24.13/go.mod h1:emvwoYeIl8bfAKqRU5ww95LX9Gpggpqv/naal9a8Yq0=
github.com/tdewolff/parse/v2 v2.8.12 h1:5BBjfaCv482v3nltlS0u6wH1xJaxjR6ofDrWttNvROg=
github.com/tdewolff/parse/v2 v2.8.12/go.mod h1:Hwlni2tiVNKyzR1o6nUs4FOF07URA+JLBLd6dlIXYqo=
github.com/tdewolff/test v1.0.11/go.mod h1:XPuWBzvdUzhCuxWO1ojpXsyzsA5bFoS3tO/Q3kFuTG8=
github.com/tdewolff/test v1.0.12 h1:7F21DqIajswxuche0geHdrUZRCWE4oko4b7bcmkkrxk=
github.com/tdewolff/test v1.0.12/go.mod h1:XPuWBzvdUzhCuxWO1ojpXsyzsA5bFoS3tO/Q3kFuTG8=
golang.org/x/crypto v0.52.0 h1:RMs7fP2rXdep0CftQlK8Uf+kibLm7qkCcradZWYz988= golang.org/x/crypto v0.52.0 h1:RMs7fP2rXdep0CftQlK8Uf+kibLm7qkCcradZWYz988=
golang.org/x/crypto v0.52.0/go.mod h1:1QgfPxDqh0T2M/elOJtp9RvuR95kVjir0e6/BvEmGbc= golang.org/x/crypto v0.52.0/go.mod h1:1QgfPxDqh0T2M/elOJtp9RvuR95kVjir0e6/BvEmGbc=
golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=

60
handlers/account.go
View File

@@ -10,12 +10,13 @@ import (
"log" "log"
"net/http" "net/http"
"os" "os"
"strings"
"time" "time"
) )
var cfg, _ = config.LoadConfig() var cfg, _ = config.LoadConfig()
func Register(w http.ResponseWriter, r *http.Request) { func APIRegister(w http.ResponseWriter, r *http.Request) {
var user models.User var user models.User
if err := json.NewDecoder(r.Body).Decode(&user); err != nil { if err := json.NewDecoder(r.Body).Decode(&user); err != nil {
log.Println("POST [api/register] " + r.RemoteAddr + ": " + err.Error()) log.Println("POST [api/register] " + r.RemoteAddr + ": " + err.Error())
@@ -48,7 +49,7 @@ func Register(w http.ResponseWriter, r *http.Request) {
w.WriteHeader(http.StatusCreated) w.WriteHeader(http.StatusCreated)
log.Println("POST [api/register] " + r.RemoteAddr + ": Successfully created user") log.Println("POST [api/register] " + r.RemoteAddr + ": Successfully created user")
} }
func Login(w http.ResponseWriter, r *http.Request) { func APILogin(w http.ResponseWriter, r *http.Request) {
var creds struct { var creds struct {
Username string `json:"username"` Username string `json:"username"`
Password string `json:"password"` Password string `json:"password"`
@@ -123,6 +124,23 @@ func Login(w http.ResponseWriter, r *http.Request) {
}, },
} }
http.SetCookie(w, &http.Cookie{
Name: "access_token",
Value: accessToken,
Path: "/",
HttpOnly: true,
Secure: true,
SameSite: http.SameSiteLaxMode,
})
http.SetCookie(w, &http.Cookie{
Name: "refresh_token",
Value: refreshTokenPlain,
Path: "/",
HttpOnly: true,
Secure: true,
SameSite: http.SameSiteLaxMode,
})
w.Header().Set("Content-Type", "application/json") w.Header().Set("Content-Type", "application/json")
err = json.NewEncoder(w).Encode(resp) err = json.NewEncoder(w).Encode(resp)
if err != nil { if err != nil {
@@ -155,7 +173,7 @@ func TestHandler(w http.ResponseWriter, r *http.Request) {
log.Println("GET [api/ping] " + r.RemoteAddr + ": " + err.Error()) log.Println("GET [api/ping] " + r.RemoteAddr + ": " + err.Error())
return return
} }
log.Println("GET [api/login] " + r.RemoteAddr + ": Successfully tested connection") log.Println("GET [api/ping] " + r.RemoteAddr + ": Successfully tested connection")
} }
func RefreshToken(w http.ResponseWriter, r *http.Request) { func RefreshToken(w http.ResponseWriter, r *http.Request) {
var req struct { var req struct {
@@ -225,6 +243,38 @@ func UserInfo(w http.ResponseWriter, r *http.Request) {
} }
query := r.URL.Query() query := r.URL.Query()
idParam := query.Get("id") idParam := query.Get("id")
if idParam == "" {
tokenStr := ""
authHeader := r.Header.Get("Authorization")
if strings.HasPrefix(authHeader, "Bearer ") {
tokenStr = strings.TrimPrefix(authHeader, "Bearer ")
}
if tokenStr == "" {
cookie, err := r.Cookie("access_token")
if err == nil {
tokenStr = cookie.Value
}
}
if tokenStr == "" {
http.Error(w, "Missing token", http.StatusUnauthorized)
return
}
claims, err := auth.ValidateJWT(tokenStr, models.JWTSecret)
if err != nil {
log.Println("GET [api/userinfo] " + r.RemoteAddr + ": " + err.Error())
http.Error(w, "Unauthorized: Invalid or expired token", http.StatusUnauthorized)
return
}
idParam = claims.UserID
}
user, err := storage.GetUserById(idParam) user, err := storage.GetUserById(idParam)
if err != nil { if err != nil {
log.Println("GET [api/userinfo] " + r.RemoteAddr + ": User " + idParam + " not found") log.Println("GET [api/userinfo] " + r.RemoteAddr + ": User " + idParam + " not found")
@@ -234,12 +284,12 @@ func UserInfo(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json") w.Header().Set("Content-Type", "application/json")
err = json.NewEncoder(w).Encode(map[string]interface{}{ err = json.NewEncoder(w).Encode(map[string]interface{}{
"id": user.ID, "id": user.ID,
"name": user.Username, "username": user.Username,
"avatar_url": "", "avatar_url": "",
}) })
if err != nil { if err != nil {
log.Println("GET [api/userinfo] " + r.RemoteAddr + ": " + err.Error()) log.Println("GET [api/userinfo] " + r.RemoteAddr + ": " + err.Error())
return return
} }
log.Println("GET [api/userinfo] " + r.RemoteAddr + ": Successfully retrieved user info") log.Println("GET [api/userinfo] " + r.RemoteAddr + ": Successfully retrieved user info of " + user.Username + " (" + user.ID + ")")
} }

679
handlers/api.go Normal file
View File

@@ -0,0 +1,679 @@
package handlers
import (
"MiauInv/models"
"MiauInv/storage"
"database/sql"
"encoding/json"
"log"
"net/http"
"strconv"
"strings"
)
func Location(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json")
switch r.Method {
case http.MethodGet:
idStr := r.URL.Query().Get("id")
contentMode := r.URL.Query().Get("content")
if idStr != "" && contentMode == "true" {
locationID, err := strconv.Atoi(idStr)
if err != nil {
http.Error(w, "Invalid location ID", http.StatusBadRequest)
return
}
query := `
SELECT s.item_id, i.name, s.quantity
FROM stock s
JOIN items i ON s.item_id = i.id
WHERE s.location_id = ? AND s.quantity > 0
`
rows, err := storage.DB.Query(query, locationID)
if err != nil {
http.Error(w, "Database error", http.StatusInternalServerError)
return
}
defer rows.Close()
var contents []models.LocationContent
for rows.Next() {
var c models.LocationContent
if err := rows.Scan(&c.ItemID, &c.ItemName, &c.Quantity); err != nil {
http.Error(w, "Row scan error", http.StatusInternalServerError)
return
}
contents = append(contents, c)
}
json.NewEncoder(w).Encode(map[string]interface{}{"contents": contents})
return
}
if idStr != "" {
id, err := strconv.Atoi(idStr)
if err != nil {
http.Error(w, "Invalid ID parameter", http.StatusBadRequest)
return
}
var loc models.Location
err = storage.DB.QueryRow("SELECT id, name FROM locations WHERE id = ?", id).Scan(&loc.ID, &loc.Name)
if err != nil {
if err == sql.ErrNoRows {
log.Println("GET [api/locations] " + r.RemoteAddr + ": Location not found (ID " + idStr + ")")
http.Error(w, "Location not found", http.StatusNotFound)
return
}
log.Println("GET [api/locations] DB Error: " + err.Error())
http.Error(w, "Internal server error", http.StatusInternalServerError)
return
}
json.NewEncoder(w).Encode(loc)
log.Println("GET [api/locations] " + r.RemoteAddr + ": Successfully retrieved location ID " + idStr)
return
}
rows, err := storage.DB.Query("SELECT id, name FROM locations ORDER BY name ASC")
if err != nil {
log.Println("GET [api/locations] " + r.RemoteAddr + ": " + err.Error())
http.Error(w, "Internal server error", http.StatusInternalServerError)
return
}
defer rows.Close()
var locations []models.Location
for rows.Next() {
var loc models.Location
if err := rows.Scan(&loc.ID, &loc.Name); err != nil {
log.Println("GET [api/locations] Scan Error: " + err.Error())
continue
}
locations = append(locations, loc)
}
if locations == nil {
locations = []models.Location{}
}
json.NewEncoder(w).Encode(map[string]interface{}{
"locations": locations,
})
log.Println("GET [api/locations] " + r.RemoteAddr + ": Successfully retrieved all locations")
case http.MethodPost:
var body struct {
Name string `json:"name"`
}
if err := json.NewDecoder(r.Body).Decode(&body); err != nil {
log.Println("POST [api/locations] Decode Error: " + err.Error())
http.Error(w, "Invalid request body", http.StatusBadRequest)
return
}
if strings.TrimSpace(body.Name) == "" {
http.Error(w, "Location name cannot be empty", http.StatusBadRequest)
return
}
res, err := storage.DB.Exec("INSERT INTO locations(name) VALUES(?)", body.Name)
if err != nil {
log.Println("POST [api/locations] DB Error: " + err.Error())
http.Error(w, "Location already exists or database error", http.StatusConflict)
return
}
lastID, _ := res.LastInsertId()
w.WriteHeader(http.StatusCreated)
json.NewEncoder(w).Encode(models.Location{
ID: int(lastID),
Name: body.Name,
})
log.Println("POST [api/locations] " + r.RemoteAddr + ": Successfully created location " + body.Name)
case http.MethodPut:
idStr := r.URL.Query().Get("id")
if idStr == "" {
http.Error(w, "Missing ID parameter for update", http.StatusBadRequest)
return
}
id, err := strconv.Atoi(idStr)
if err != nil {
http.Error(w, "Invalid ID parameter", http.StatusBadRequest)
return
}
var body struct {
Name string `json:"name"`
}
if err := json.NewDecoder(r.Body).Decode(&body); err != nil {
log.Println("PUT [api/locations] Decode Error: " + err.Error())
http.Error(w, "Invalid request body", http.StatusBadRequest)
return
}
if strings.TrimSpace(body.Name) == "" {
http.Error(w, "Location name cannot be empty", http.StatusBadRequest)
return
}
res, err := storage.DB.Exec("UPDATE locations SET name = ? WHERE id = ?", body.Name, id)
if err != nil {
log.Println("PUT [api/locations] DB Error: " + err.Error())
http.Error(w, "Location name unique constraint failed or database error", http.StatusConflict)
return
}
rowsAffected, _ := res.RowsAffected()
if rowsAffected == 0 {
http.Error(w, "Location not found", http.StatusNotFound)
return
}
json.NewEncoder(w).Encode(models.Location{
ID: id,
Name: body.Name,
})
log.Println("PUT [api/locations] " + r.RemoteAddr + ": Successfully updated location ID " + idStr)
case http.MethodDelete:
idStr := r.URL.Query().Get("id")
if idStr == "" {
http.Error(w, "Missing ID parameter for deletion", http.StatusBadRequest)
return
}
id, err := strconv.Atoi(idStr)
if err != nil {
http.Error(w, "Invalid ID parameter", http.StatusBadRequest)
return
}
res, err := storage.DB.Exec("DELETE FROM locations WHERE id = ?", id)
if err != nil {
log.Println("DELETE [api/locations] DB Error: " + err.Error())
http.Error(w, "Cannot delete location. It might still be in use by inventory stock.", http.StatusConflict)
return
}
rowsAffected, _ := res.RowsAffected()
if rowsAffected == 0 {
http.Error(w, "Location not found", http.StatusNotFound)
return
}
w.WriteHeader(http.StatusNoContent)
log.Println("DELETE [api/locations] " + r.RemoteAddr + ": Successfully deleted location ID " + idStr)
default:
http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)
}
}
func Item(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json")
switch r.Method {
case http.MethodGet:
idStr := r.URL.Query().Get("id")
if idStr != "" {
id, err := strconv.Atoi(idStr)
if err != nil {
http.Error(w, "Invalid ID parameter", http.StatusBadRequest)
return
}
var item models.Item
err = storage.DB.QueryRow("SELECT id, name, category, description, total_quantity FROM items WHERE id = ?", id).Scan(&item.ID, &item.Name, &item.Category, &item.Description, &item.TotalQuantity)
if err != nil {
if err == sql.ErrNoRows {
log.Println("GET [api/locations] " + r.RemoteAddr + ": Location not found (ID " + idStr + ")")
http.Error(w, "Location not found", http.StatusNotFound)
return
}
log.Println("GET [api/item] DB Error: " + err.Error())
http.Error(w, "Internal server error", http.StatusInternalServerError)
return
}
json.NewEncoder(w).Encode(item)
log.Println("GET [api/item] " + r.RemoteAddr + ": Successfully retrieved item ID " + idStr)
return
}
query := `
SELECT
i.id, i.name, i.category, i.description,
COALESCE((SELECT SUM(quantity) FROM stock WHERE item_id = i.id), 0) as total_qty,
COALESCE((SELECT SUM(quantity) FROM project_items WHERE item_id = i.id), 0) as allocated_qty
FROM items i
ORDER BY i.name ASC
`
rows, err := storage.DB.Query(query)
if err != nil {
http.Error(w, "Database error", http.StatusInternalServerError)
return
}
defer rows.Close()
var itemsExtended []models.ItemExtended
for rows.Next() {
var ie models.ItemExtended
err := rows.Scan(&ie.ID, &ie.Name, &ie.Category, &ie.Description, &ie.TotalQuantity, &ie.AllocatedQty)
if err != nil {
continue
}
ie.AvailableQty = ie.TotalQuantity - ie.AllocatedQty
itemsExtended = append(itemsExtended, ie)
}
json.NewEncoder(w).Encode(map[string]interface{}{"items": itemsExtended})
return
case http.MethodPost:
var body models.Item
if err := json.NewDecoder(r.Body).Decode(&body); err != nil {
http.Error(w, "Invalid request body", http.StatusBadRequest)
return
}
res, err := storage.DB.Exec("INSERT INTO items(name, category, description, total_quantity) VALUES(?, ?, ?, ?)",
body.Name, body.Category, body.Description, body.TotalQuantity)
if err != nil {
http.Error(w, "Database error", http.StatusInternalServerError)
return
}
lastID, _ := res.LastInsertId()
body.ID = int(lastID)
w.WriteHeader(http.StatusCreated)
json.NewEncoder(w).Encode(body)
case http.MethodPut:
idStr := r.URL.Query().Get("id")
if idStr == "" {
http.Error(w, "Missing ID parameter", http.StatusBadRequest)
return
}
id, _ := strconv.Atoi(idStr)
var body models.Item
json.NewDecoder(r.Body).Decode(&body)
res, err := storage.DB.Exec("UPDATE items SET name = ?, category = ?, description = ?, total_quantity = ? WHERE id = ?",
body.Name, body.Category, body.Description, body.TotalQuantity, id)
if err != nil {
http.Error(w, "Database error", http.StatusInternalServerError)
return
}
rowsAffected, _ := res.RowsAffected()
if rowsAffected == 0 {
http.Error(w, "Item not found", http.StatusNotFound)
return
}
body.ID = id
json.NewEncoder(w).Encode(body)
case http.MethodDelete:
idStr := r.URL.Query().Get("id")
id, _ := strconv.Atoi(idStr)
// SQLite blockiert dank FK, falls Item noch im Stock oder Projekten ist
res, err := storage.DB.Exec("DELETE FROM items WHERE id = ?", id)
if err != nil {
http.Error(w, "Cannot delete item. Still referenced in stock or projects.", http.StatusConflict)
return
}
rowsAffected, _ := res.RowsAffected()
if rowsAffected == 0 {
http.Error(w, "Item not found", http.StatusNotFound)
return
}
w.WriteHeader(http.StatusNoContent)
default:
http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)
}
}
func Project(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json")
switch r.Method {
case http.MethodGet:
idStr := r.URL.Query().Get("id")
detailsMode := r.URL.Query().Get("details")
if idStr != "" && detailsMode == "true" {
projectID, err := strconv.Atoi(idStr)
if err != nil {
http.Error(w, "Invalid project ID", http.StatusBadRequest)
return
}
query := `
SELECT pi.item_id, i.name, pi.quantity
FROM project_items pi
JOIN items i ON pi.item_id = i.id
WHERE pi.project_id = ?
`
rows, err := storage.DB.Query(query, projectID)
if err != nil {
http.Error(w, "Database error", http.StatusInternalServerError)
return
}
defer rows.Close()
var details []models.ProjectDetailItem
for rows.Next() {
var d models.ProjectDetailItem
if err := rows.Scan(&d.ItemID, &d.ItemName, &d.Quantity); err != nil {
http.Error(w, "Row scan error", http.StatusInternalServerError)
return
}
details = append(details, d)
}
json.NewEncoder(w).Encode(map[string]interface{}{"items": details})
return
}
if idStr != "" {
id, _ := strconv.Atoi(idStr)
var p models.Project
err := storage.DB.QueryRow("SELECT id, name, description FROM projects WHERE id = ?", id).Scan(&p.ID, &p.Name, &p.Description)
if err == sql.ErrNoRows {
http.Error(w, "Project not found", http.StatusNotFound)
return
}
json.NewEncoder(w).Encode(p)
return
}
rows, err := storage.DB.Query("SELECT id, name, description FROM projects ORDER BY name ASC")
if err != nil {
http.Error(w, "Internal server error", http.StatusInternalServerError)
return
}
defer rows.Close()
projects := []models.Project{}
for rows.Next() {
var p models.Project
rows.Scan(&p.ID, &p.Name, &p.Description)
projects = append(projects, p)
}
json.NewEncoder(w).Encode(map[string]interface{}{"projects": projects})
case http.MethodPost:
var body models.Project
json.NewDecoder(r.Body).Decode(&body)
res, err := storage.DB.Exec("INSERT INTO projects(name, description) VALUES(?, ?)", body.Name, body.Description)
if err != nil {
http.Error(w, "Project name already exists", http.StatusConflict)
return
}
lastID, _ := res.LastInsertId()
body.ID = int(lastID)
w.WriteHeader(http.StatusCreated)
json.NewEncoder(w).Encode(body)
case http.MethodPut:
idStr := r.URL.Query().Get("id")
id, _ := strconv.Atoi(idStr)
var body models.Project
json.NewDecoder(r.Body).Decode(&body)
res, err := storage.DB.Exec("UPDATE projects SET name = ?, description = ? WHERE id = ?", body.Name, body.Description, id)
if err != nil {
http.Error(w, "Project name constraint violation", http.StatusConflict)
return
}
rowsAffected, _ := res.RowsAffected()
if rowsAffected == 0 {
http.Error(w, "Project not found", http.StatusNotFound)
return
}
body.ID = id
json.NewEncoder(w).Encode(body)
case http.MethodDelete:
idStr := r.URL.Query().Get("id")
id, _ := strconv.Atoi(idStr)
res, err := storage.DB.Exec("DELETE FROM projects WHERE id = ?", id)
if err != nil {
http.Error(w, "Cannot delete project. Clear active item assignments first.", http.StatusConflict)
return
}
rowsAffected, _ := res.RowsAffected()
if rowsAffected == 0 {
http.Error(w, "Project not found", http.StatusNotFound)
return
}
w.WriteHeader(http.StatusNoContent)
default:
http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)
}
}
func Stock(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json")
switch r.Method {
case http.MethodGet:
idStr := r.URL.Query().Get("id")
if idStr != "" {
id, _ := strconv.Atoi(idStr)
var s models.Stock
err := storage.DB.QueryRow("SELECT id, item_id, location_id, quantity FROM stock WHERE id = ?", id).
Scan(&s.ID, &s.ItemID, &s.LocationID, &s.Quantity)
if err == sql.ErrNoRows {
http.Error(w, "Stock entry not found", http.StatusNotFound)
return
}
json.NewEncoder(w).Encode(s)
return
}
rows, err := storage.DB.Query("SELECT id, item_id, location_id, quantity FROM stock")
if err != nil {
http.Error(w, "Internal server error", http.StatusInternalServerError)
return
}
defer rows.Close()
stocks := []models.Stock{}
for rows.Next() {
var s models.Stock
rows.Scan(&s.ID, &s.ItemID, &s.LocationID, &s.Quantity)
stocks = append(stocks, s)
}
json.NewEncoder(w).Encode(map[string]interface{}{"stock": stocks})
case http.MethodPost:
var body models.Stock
json.NewDecoder(r.Body).Decode(&body)
res, err := storage.DB.Exec("INSERT INTO stock(item_id, location_id, quantity) VALUES(?, ?, ?)",
body.ItemID, body.LocationID, body.Quantity)
if err != nil {
http.Error(w, "Failed to link stock. Ensure Item and Location exist.", http.StatusBadRequest)
return
}
lastID, _ := res.LastInsertId()
body.ID = int(lastID)
w.WriteHeader(http.StatusCreated)
json.NewEncoder(w).Encode(body)
case http.MethodPut:
idStr := r.URL.Query().Get("id")
id, _ := strconv.Atoi(idStr)
var body models.Stock
json.NewDecoder(r.Body).Decode(&body)
res, err := storage.DB.Exec("UPDATE stock SET item_id = ?, location_id = ?, quantity = ? WHERE id = ?",
body.ItemID, body.LocationID, body.Quantity, id)
if err != nil {
http.Error(w, "Failed to update stock. Verify Foreign Keys.", http.StatusBadRequest)
return
}
rowsAffected, _ := res.RowsAffected()
if rowsAffected == 0 {
http.Error(w, "Stock entry not found", http.StatusNotFound)
return
}
body.ID = id
json.NewEncoder(w).Encode(body)
case http.MethodDelete:
idStr := r.URL.Query().Get("id")
id, _ := strconv.Atoi(idStr)
res, _ := storage.DB.Exec("DELETE FROM stock WHERE id = ?", id)
rowsAffected, _ := res.RowsAffected()
if rowsAffected == 0 {
http.Error(w, "Stock entry not found", http.StatusNotFound)
return
}
w.WriteHeader(http.StatusNoContent)
default:
http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)
}
}
func Associations(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json")
switch r.Method {
case http.MethodGet:
idStr := r.URL.Query().Get("id")
projectIDStr := r.URL.Query().Get("project_id")
// Optionaler Filter: Alle Items für ein bestimmtes Projekt holen (?project_id=X)
if projectIDStr != "" {
pID, _ := strconv.Atoi(projectIDStr)
rows, err := storage.DB.Query("SELECT id, item_id, project_id, quantity FROM project_items WHERE project_id = ?", pID)
if err != nil {
http.Error(w, "Internal server error", http.StatusInternalServerError)
return
}
defer rows.Close()
list := []models.ProjectItem{}
for rows.Next() {
var pi models.ProjectItem
rows.Scan(&pi.ID, &pi.ItemID, &pi.ProjectID, &pi.Quantity)
list = append(list, pi)
}
json.NewEncoder(w).Encode(map[string]interface{}{"associations": list})
return
}
// Einzelne Assoziation anhand der Tabellen-ID (?id=X)
if idStr != "" {
id, _ := strconv.Atoi(idStr)
var pi models.ProjectItem
err := storage.DB.QueryRow("SELECT id, item_id, project_id, quantity FROM project_items WHERE id = ?", id).
Scan(&pi.ID, &pi.ItemID, &pi.ProjectID, &pi.Quantity)
if err == sql.ErrNoRows {
http.Error(w, "Association not found", http.StatusNotFound)
return
}
json.NewEncoder(w).Encode(pi)
return
}
// Gar kein Parameter -> Komplett-Dump aller Zuweisungen
rows, err := storage.DB.Query("SELECT id, item_id, project_id, quantity FROM project_items")
if err != nil {
http.Error(w, "Internal server error", http.StatusInternalServerError)
return
}
defer rows.Close()
all := []models.ProjectItem{}
for rows.Next() {
var pi models.ProjectItem
rows.Scan(&pi.ID, &pi.ItemID, &pi.ProjectID, &pi.Quantity)
all = append(all, pi)
}
json.NewEncoder(w).Encode(map[string]interface{}{"associations": all})
case http.MethodPost:
var body models.ProjectItem
json.NewDecoder(r.Body).Decode(&body)
res, err := storage.DB.Exec("INSERT INTO project_items(item_id, project_id, quantity) VALUES(?, ?, ?)",
body.ItemID, body.ProjectID, body.Quantity)
if err != nil {
http.Error(w, "Link failed. Check item_id and project_id.", http.StatusBadRequest)
return
}
lastID, _ := res.LastInsertId()
body.ID = int(lastID)
w.WriteHeader(http.StatusCreated)
json.NewEncoder(w).Encode(body)
case http.MethodPut:
idStr := r.URL.Query().Get("id")
id, _ := strconv.Atoi(idStr)
var body models.ProjectItem
json.NewDecoder(r.Body).Decode(&body)
res, err := storage.DB.Exec("UPDATE project_items SET item_id = ?, project_id = ?, quantity = ? WHERE id = ?",
body.ItemID, body.ProjectID, body.Quantity, id)
if err != nil {
http.Error(w, "Update failed. Check Constraints.", http.StatusBadRequest)
return
}
rowsAffected, _ := res.RowsAffected()
if rowsAffected == 0 {
http.Error(w, "Association not found", http.StatusNotFound)
return
}
body.ID = id
json.NewEncoder(w).Encode(body)
case http.MethodDelete:
idStr := r.URL.Query().Get("id")
id, _ := strconv.Atoi(idStr)
res, _ := storage.DB.Exec("DELETE FROM project_items WHERE id = ?", id)
rowsAffected, _ := res.RowsAffected()
if rowsAffected == 0 {
http.Error(w, "Association not found", http.StatusNotFound)
return
}
w.WriteHeader(http.StatusNoContent)
default:
http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)
}
}

2
models/constants.go
View File

@@ -1,5 +1,7 @@
package models package models
var JWTSecret []byte
// Roles // Roles
const ( const (
RoleUser = "user" RoleUser = "user"

66
models/inventory.go Normal file
View File

@@ -0,0 +1,66 @@
package models
type Item struct {
ID int `json:"id"`
Name string `json:"name"`
Category string `json:"category"`
Description string `json:"description"`
TotalQuantity int `json:"total_quantity"` // Berechnet aus der Summe aller Stocks
FreeQuantity int `json:"free_quantity"` // TotalQuantity minus Summe aller Projekt-Zuweisungen
}
type Location struct {
ID int `json:"id"`
Name string `json:"name"`
}
type Project struct {
ID int `json:"id"`
Name string `json:"name"`
Description string `json:"description"`
}
type Stock struct {
ID int `json:"id"`
ItemID int `json:"item_id"`
LocationID int `json:"location_id"`
Quantity int `json:"quantity"`
LocationName string `json:"location_name"` // Used to display the location in the modal table
}
type Association struct {
ID int `json:"id"`
ProjectID int `json:"project_id"`
ItemID int `json:"item_id"`
Quantity int `json:"quantity"`
ItemName string `json:"item_name"` // Used to display the item name in the modal table
}
type ProjectItem struct {
ID int `json:"id"`
ItemID int `json:"item_id"`
ProjectID int `json:"project_id"`
Quantity int `json:"quantity"`
}
type ItemExtended struct {
ID int `json:"id"`
Name string `json:"name"`
Category string `json:"category"`
Description string `json:"description"`
TotalQuantity int `json:"total_quantity"` // Summe aus allen Stock-Einträgen
AllocatedQty int `json:"allocated_quantity"` // Summe aus allen Projekt-Zuweisungen
AvailableQty int `json:"available_quantity"` // Total - Allocated
}
type LocationContent struct {
ItemID int `json:"item_id"`
ItemName string `json:"item_name"`
Quantity int `json:"quantity"`
}
type ProjectDetailItem struct {
ItemID int `json:"item_id"`
ItemName string `json:"item_name"`
Quantity int `json:"quantity"`
}

40
server/server.go
View File

@@ -1,9 +1,12 @@
package server package server
import ( import (
"MiauInv/auth"
"MiauInv/config" "MiauInv/config"
"MiauInv/frontend" "MiauInv/frontend"
"MiauInv/handlers" "MiauInv/handlers"
"MiauInv/models"
utils "MiauInv/util"
"log" "log"
"net/http" "net/http"
"os" "os"
@@ -15,6 +18,7 @@ type Server struct {
DatabasePath string DatabasePath string
CertificatePath string CertificatePath string
PrivateKeyPath string PrivateKeyPath string
AllowRegistration bool
} }
func InitServer() *Server { func InitServer() *Server {
@@ -41,12 +45,15 @@ func InitServer() *Server {
return nil return nil
} }
models.JWTSecret = []byte(jwtSecret)
return &Server{ return &Server{
Port: cfg.Port, Port: cfg.Port,
JWTSecret: []byte(jwtSecret), JWTSecret: []byte(jwtSecret),
DatabasePath: cfg.DatabasePath, DatabasePath: cfg.DatabasePath,
CertificatePath: cfg.CertificatePath, CertificatePath: cfg.CertificatePath,
PrivateKeyPath: cfg.PrivateKeyPath, PrivateKeyPath: cfg.PrivateKeyPath,
AllowRegistration: cfg.AllowRegistration,
} }
} }
@@ -58,20 +65,39 @@ func (this *Server) Run() {
// FRONTEND // FRONTEND
// //
mux.HandleFunc("/", frontend.Home) mux.HandleFunc("/", frontend.Home)
mux.HandleFunc("/login", utils.RenderFile("frontend/htmx/login.html"))
mux.Handle("/dashboard", auth.AuthMiddleware(this.JWTSecret)(http.HandlerFunc(frontend.Dashboard)))
mux.Handle("/inventory", auth.AuthMiddleware(this.JWTSecret)(http.HandlerFunc(frontend.Inventory)))
mux.Handle("/items", auth.AuthMiddleware(this.JWTSecret)(http.HandlerFunc(frontend.Items)))
mux.Handle("/locations", auth.AuthMiddleware(this.JWTSecret)(http.HandlerFunc(frontend.Locations)))
mux.Handle("/projects", auth.AuthMiddleware(this.JWTSecret)(http.HandlerFunc(frontend.Projects)))
mux.HandleFunc("/profile/", utils.RenderFile("frontend/htmx/under-construction.html"))
if this.AllowRegistration {
mux.HandleFunc("/register", utils.RenderFile("frontend/htmx/register.html"))
} else {
mux.HandleFunc("/register", utils.RenderFile("frontend/htmx/register-blocked.html"))
}
// //
// API // API
// //
mux.HandleFunc("/api/login", handlers.APILogin)
// Public
mux.HandleFunc("/api/login", handlers.Login)
mux.HandleFunc("/api/register", handlers.Register)
mux.HandleFunc("/api/refresh", handlers.RefreshToken) mux.HandleFunc("/api/refresh", handlers.RefreshToken)
mux.HandleFunc("/api/logout", handlers.Logout) mux.Handle("/api/logout", auth.AuthMiddleware(this.JWTSecret)(http.HandlerFunc(handlers.Logout)))
mux.Handle("/api/profile", auth.AuthMiddleware(this.JWTSecret)(http.HandlerFunc(handlers.UserInfo)))
mux.HandleFunc("/api/userinfo", handlers.UserInfo)
if this.AllowRegistration {
mux.HandleFunc("/api/register", handlers.APIRegister)
}
// Login required mux.Handle("/api/item", auth.AuthMiddleware(this.JWTSecret)(http.HandlerFunc(handlers.Item)))
mux.Handle("/api/location", auth.AuthMiddleware(this.JWTSecret)(http.HandlerFunc(handlers.Location)))
mux.Handle("/api/project", auth.AuthMiddleware(this.JWTSecret)(http.HandlerFunc(handlers.Project)))
mux.Handle("/api/stock", auth.AuthMiddleware(this.JWTSecret)(http.HandlerFunc(handlers.Stock)))
mux.Handle("/api/association", auth.AuthMiddleware(this.JWTSecret)(http.HandlerFunc(handlers.Associations)))
// Admin-only // Assets
mux.HandleFunc("/assets/", frontend.Assets)
log.Printf("Listening on port %s", this.Port) log.Printf("Listening on port %s", this.Port)
log.Fatal(http.ListenAndServeTLS(":"+this.Port, this.CertificatePath, this.PrivateKeyPath, mux)) log.Fatal(http.ListenAndServeTLS(":"+this.Port, this.CertificatePath, this.PrivateKeyPath, mux))

52
storage/inventory.go Normal file
View File

@@ -0,0 +1,52 @@
package storage
import "MiauInv/models"
func AddItem(item models.Item) error {
_, err := DB.Exec(
"INSERT INTO items(name, category, description, total_quantity) VALUES(?,?,?,?)",
item.Name,
item.Category,
item.Description,
item.TotalQuantity,
)
return err
}
func GetItems() ([]models.Item, error) {
rows, err := DB.Query(`
SELECT id,name,category,description,total_quantity
FROM items
`)
if err != nil {
return nil, err
}
defer rows.Close()
var items []models.Item
for rows.Next() {
var item models.Item
err = rows.Scan(
&item.ID,
&item.Name,
&item.Category,
&item.Description,
&item.TotalQuantity,
)
if err != nil {
return nil, err
}
items = append(items, item)
}
return items, nil
}

24
storage/storage.go
View File

@@ -45,25 +45,37 @@ func InitDB(filepath string) error {
id INTEGER PRIMARY KEY AUTOINCREMENT, id INTEGER PRIMARY KEY AUTOINCREMENT,
name TEXT NOT NULL, name TEXT NOT NULL,
category TEXT, category TEXT,
description TEXT,
total_quantity INTEGER NOT NULL DEFAULT 0 total_quantity INTEGER NOT NULL DEFAULT 0
); );
CREATE TABLE IF NOT EXISTS locations ( CREATE TABLE IF NOT EXISTS locations (
id INTEGER PRIMARY KEY AUTOINCREMENT, id INTEGER PRIMARY KEY AUTOINCREMENT,
name TEXT NOT NULL name TEXT NOT NULL UNIQUE
); );
CREATE TABLE IF NOT EXISTS projects ( CREATE TABLE IF NOT EXISTS projects (
id INTEGER PRIMARY KEY AUTOINCREMENT, id INTEGER PRIMARY KEY AUTOINCREMENT,
name TEXT NOT NULL name TEXT NOT NULL UNIQUE,
description TEXT
); );
CREATE TABLE IF NOT EXISTS item_allocations ( CREATE TABLE IF NOT EXISTS stock (
id INTEGER PRIMARY KEY AUTOINCREMENT, id INTEGER PRIMARY KEY AUTOINCREMENT,
item_id INTEGER NOT NULL, item_id INTEGER NOT NULL,
location_id INTEGER, location_id INTEGER NOT NULL,
project_id INTEGER, quantity INTEGER NOT NULL,
quantity INTEGER NOT NULL FOREIGN KEY(item_id) REFERENCES items(id),
FOREIGN KEY(location_id) REFERENCES locations(id)
);
CREATE TABLE IF NOT EXISTS project_items (
id INTEGER PRIMARY KEY AUTOINCREMENT,
item_id INTEGER NOT NULL,
project_id INTEGER NOT NULL,
quantity INTEGER NOT NULL,
FOREIGN KEY(item_id) REFERENCES items(id),
FOREIGN KEY(project_id) REFERENCES projects(id)
); );
` `

5
util/util.go
View File

@@ -47,3 +47,8 @@ func IsLoggedIn(w http.ResponseWriter, r *http.Request) (*auth.Claims, bool) {
} }
return claims, true return claims, true
} }
func RenderFile(path string) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
http.ServeFile(w, r, path)
}
}