main.go

package main

import (
	"context"
	"crypto/hmac"
	"crypto/sha256"
	"database/sql"
	_ "embed"
	"encoding/base64"
	"encoding/json"
	"fmt"
	"html/template"
	"log"
	"net/http"
	"os"
	"path/filepath"
	"strings"

	_ "github.com/lib/pq"
	"google.golang.org/api/idtoken"
)

//go:embed schema.sql
var schema string

var templates *template.Template

func main() {
	dsn := os.Getenv("PGCONN")
	if dsn == "" {
		log.Fatal("PGCONN environment variable is required")
	}

	db, err := sql.Open("postgres", dsn)
	if err != nil {
		log.Fatalf("failed to open database: %v", err)
	}
	defer db.Close()

	if err := db.Ping(); err != nil {
		log.Fatalf("failed to connect to database: %v", err)
	}
	log.Println("connected to database")

	if _, err := db.Exec(schema); err != nil {
		log.Fatalf("failed to apply schema: %v", err)
	}

	templates = template.Must(template.New("").ParseGlob("static/*.html"))
	template.Must(templates.ParseGlob("static/*.js"))

	http.HandleFunc("/", handleStatic)
	http.HandleFunc("POST /auth/google/callback", handleGoogleCallback)
	http.HandleFunc("/healthz", func(w http.ResponseWriter, r *http.Request) {
		if err := db.Ping(); err != nil {
			http.Error(w, "db unhealthy", http.StatusServiceUnavailable)
			return
		}
		fmt.Fprintln(w, "ok")
	})

	log.Println("listening on :8080")
	log.Fatal(http.ListenAndServe(":8080", nil))
}

func templateData() map[string]any {
	return map[string]any{
		"env": envMap(),
	}
}

func envMap() map[string]string {
	m := map[string]string{}
	for _, e := range os.Environ() {
		if parts := strings.SplitN(e, "=", 2); len(parts) == 2 {
			m[parts[0]] = parts[1]
		}
	}
	return m
}

func handleStatic(w http.ResponseWriter, r *http.Request) {
	w.Header().Set("Cache-Control", "no-cache")

	path := r.URL.Path
	if path == "/" {
		path = "/index.html"
	}

	name := strings.TrimPrefix(path, "/")

	if strings.HasSuffix(name, ".html") || strings.HasSuffix(name, ".js") {
		t := templates.Lookup(name)
		if t == nil {
			http.NotFound(w, r)
			return
		}
		if strings.HasSuffix(name, ".html") {
			w.Header().Set("Content-Type", "text/html")
		} else {
			w.Header().Set("Content-Type", "application/javascript")
		}
		t.Execute(w, templateData())
		return
	}

	http.ServeFile(w, r, filepath.Join("static", name))
}

func handleGoogleCallback(w http.ResponseWriter, r *http.Request) {
	credential := r.FormValue("credential")
	if credential == "" {
		http.Error(w, "missing credential", http.StatusBadRequest)
		return
	}

	payload, err := idtoken.Validate(context.Background(), credential, os.Getenv("GOOGLE_CLIENT_ID"))
	if err != nil {
		log.Println("failed to validate token:", err)
		http.Error(w, "invalid token", http.StatusUnauthorized)
		return
	}

	email := payload.Claims["email"].(string)

	profile := map[string]any{
		"email":   email,
		"name":    payload.Claims["name"],
		"picture": payload.Claims["picture"],
		"token":   signEmail(email),
	}

	w.Header().Set("Content-Type", "application/json")
	json.NewEncoder(w).Encode(profile)
}

func signEmail(email string) string {
	h := hmac.New(sha256.New, []byte(os.Getenv("TOKEN_SECRET")))
	h.Write([]byte(email))
	sig := base64.RawURLEncoding.EncodeToString(h.Sum(nil))
	return base64.RawURLEncoding.EncodeToString([]byte(email)) + "." + sig
}

func authorize(r *http.Request) (string, bool) {
	token := strings.TrimPrefix(r.Header.Get("Authorization"), "Bearer ")
	parts := strings.SplitN(token, ".", 2)
	if len(parts) != 2 {
		return "", false
	}
	emailBytes, err := base64.RawURLEncoding.DecodeString(parts[0])
	if err != nil {
		return "", false
	}
	email := string(emailBytes)
	if signEmail(email) != token {
		return "", false
	}
	return email, true
}
Initial Go server with PostgreSQL and static file serving 2026-02-14 20:29:42 -08:00			`package main`

			`import (`
Add Google OAuth authentication 2026-02-14 21:11:25 -08:00			`"context"`
			`"crypto/hmac"`
			`"crypto/sha256"`
Initial Go server with PostgreSQL and static file serving 2026-02-14 20:29:42 -08:00			`"database/sql"`
Add database schema for trips, students, parents, and constraints 2026-02-14 20:59:03 -08:00			`_ "embed"`
Add Google OAuth authentication 2026-02-14 21:11:25 -08:00			`"encoding/base64"`
			`"encoding/json"`
Initial Go server with PostgreSQL and static file serving 2026-02-14 20:29:42 -08:00			`"fmt"`
Add Google OAuth authentication 2026-02-14 21:11:25 -08:00			`"html/template"`
Initial Go server with PostgreSQL and static file serving 2026-02-14 20:29:42 -08:00			`"log"`
			`"net/http"`
			`"os"`
Add Google OAuth authentication 2026-02-14 21:11:25 -08:00			`"path/filepath"`
			`"strings"`
Initial Go server with PostgreSQL and static file serving 2026-02-14 20:29:42 -08:00
			`_ "github.com/lib/pq"`
Add Google OAuth authentication 2026-02-14 21:11:25 -08:00			`"google.golang.org/api/idtoken"`
Initial Go server with PostgreSQL and static file serving 2026-02-14 20:29:42 -08:00			`)`

Add database schema for trips, students, parents, and constraints 2026-02-14 20:59:03 -08:00			`//go:embed schema.sql`
			`var schema string`

Add Google OAuth authentication 2026-02-14 21:11:25 -08:00			`var templates *template.Template`

Initial Go server with PostgreSQL and static file serving 2026-02-14 20:29:42 -08:00			`func main() {`
			`dsn := os.Getenv("PGCONN")`
			`if dsn == "" {`
			`log.Fatal("PGCONN environment variable is required")`
			`}`

			`db, err := sql.Open("postgres", dsn)`
			`if err != nil {`
			`log.Fatalf("failed to open database: %v", err)`
			`}`
			`defer db.Close()`

			`if err := db.Ping(); err != nil {`
			`log.Fatalf("failed to connect to database: %v", err)`
			`}`
			`log.Println("connected to database")`

Add database schema for trips, students, parents, and constraints 2026-02-14 20:59:03 -08:00			`if _, err := db.Exec(schema); err != nil {`
			`log.Fatalf("failed to apply schema: %v", err)`
			`}`

Add Google OAuth authentication 2026-02-14 21:11:25 -08:00			`templates = template.Must(template.New("").ParseGlob("static/*.html"))`
			`template.Must(templates.ParseGlob("static/*.js"))`
Initial Go server with PostgreSQL and static file serving 2026-02-14 20:29:42 -08:00
Add Google OAuth authentication 2026-02-14 21:11:25 -08:00			`http.HandleFunc("/", handleStatic)`
			`http.HandleFunc("POST /auth/google/callback", handleGoogleCallback)`
Initial Go server with PostgreSQL and static file serving 2026-02-14 20:29:42 -08:00			`http.HandleFunc("/healthz", func(w http.ResponseWriter, r *http.Request) {`
			`if err := db.Ping(); err != nil {`
			`http.Error(w, "db unhealthy", http.StatusServiceUnavailable)`
			`return`
			`}`
			`fmt.Fprintln(w, "ok")`
			`})`

			`log.Println("listening on :8080")`
			`log.Fatal(http.ListenAndServe(":8080", nil))`
			`}`
Add Google OAuth authentication 2026-02-14 21:11:25 -08:00
			`func templateData() map[string]any {`
			`return map[string]any{`
			`"env": envMap(),`
			`}`
			`}`

			`func envMap() map[string]string {`
			`m := map[string]string{}`
			`for _, e := range os.Environ() {`
			`if parts := strings.SplitN(e, "=", 2); len(parts) == 2 {`
			`m[parts[0]] = parts[1]`
			`}`
			`}`
			`return m`
			`}`

			`func handleStatic(w http.ResponseWriter, r *http.Request) {`
			`w.Header().Set("Cache-Control", "no-cache")`

			`path := r.URL.Path`
			`if path == "/" {`
			`path = "/index.html"`
			`}`

			`name := strings.TrimPrefix(path, "/")`

			`if strings.HasSuffix(name, ".html") \|\| strings.HasSuffix(name, ".js") {`
			`t := templates.Lookup(name)`
			`if t == nil {`
			`http.NotFound(w, r)`
			`return`
			`}`
			`if strings.HasSuffix(name, ".html") {`
			`w.Header().Set("Content-Type", "text/html")`
			`} else {`
			`w.Header().Set("Content-Type", "application/javascript")`
			`}`
			`t.Execute(w, templateData())`
			`return`
			`}`

			`http.ServeFile(w, r, filepath.Join("static", name))`
			`}`

			`func handleGoogleCallback(w http.ResponseWriter, r *http.Request) {`
			`credential := r.FormValue("credential")`
			`if credential == "" {`
			`http.Error(w, "missing credential", http.StatusBadRequest)`
			`return`
			`}`

			`payload, err := idtoken.Validate(context.Background(), credential, os.Getenv("GOOGLE_CLIENT_ID"))`
			`if err != nil {`
			`log.Println("failed to validate token:", err)`
			`http.Error(w, "invalid token", http.StatusUnauthorized)`
			`return`
			`}`

			`email := payload.Claims["email"].(string)`

			`profile := map[string]any{`
			`"email": email,`
			`"name": payload.Claims["name"],`
			`"picture": payload.Claims["picture"],`
			`"token": signEmail(email),`
			`}`

			`w.Header().Set("Content-Type", "application/json")`
			`json.NewEncoder(w).Encode(profile)`
			`}`

			`func signEmail(email string) string {`
			`h := hmac.New(sha256.New, []byte(os.Getenv("TOKEN_SECRET")))`
			`h.Write([]byte(email))`
			`sig := base64.RawURLEncoding.EncodeToString(h.Sum(nil))`
			`return base64.RawURLEncoding.EncodeToString([]byte(email)) + "." + sig`
			`}`

			`func authorize(r *http.Request) (string, bool) {`
			`token := strings.TrimPrefix(r.Header.Get("Authorization"), "Bearer ")`
			`parts := strings.SplitN(token, ".", 2)`
			`if len(parts) != 2 {`
			`return "", false`
			`}`
			`emailBytes, err := base64.RawURLEncoding.DecodeString(parts[0])`
			`if err != nil {`
			`return "", false`
			`}`
			`email := string(emailBytes)`
			`if signEmail(email) != token {`
			`return "", false`
			`}`
			`return email, true`
			`}`