school-timetracker/backend/main.go

package main

import (
	"embed"
	"fmt"
	"io"
	"io/fs"
	"log"
	"net/http"
	"os"
	"strings"

	"github.com/labstack/echo/v4"
	"github.com/labstack/echo/v4/middleware"
)

//go:embed dist
var frontendDist embed.FS

func main() {
	dbPath := os.Getenv("DB_PATH")
	if dbPath == "" {
		dbPath = "./timetracking.db"
	}

	db := InitDB(dbPath)
	defer db.Close()

	app := &App{DB: db}

	e := echo.New()

	e.Use(middleware.Logger())
	e.Use(middleware.Recover())

	e.Use(middleware.Gzip())

	e.Use(middleware.Secure())

	allowOrigins := []string{"*"}
	if os.Getenv("ENVIRONMENT") == "production" {
		origins := os.Getenv("CORS_ALLOWED_ORIGINS")
		if origins != "" {
			allowOrigins = strings.Split(origins, ",")
		}
	}

	e.Use(middleware.CORSWithConfig(middleware.CORSConfig{
		AllowOrigins: allowOrigins,
		AllowMethods: []string{http.MethodGet, http.MethodPost, http.MethodPut, http.MethodDelete},
		AllowHeaders: []string{echo.HeaderOrigin, echo.HeaderContentType, echo.HeaderAccept, echo.HeaderAuthorization},
	}))

	e.HTTPErrorHandler = customHTTPErrorHandler

	e.POST("/api/login", app.LoginHandler)
	e.GET("/api/logo", app.GetLogoHandler)

	protected := e.Group("/api")
	protected.Use(JWTMiddleware())
	{
		protected.GET("/schedules", app.GetSchedulesHandler)
		protected.POST("/time-entries", app.CreateTimeEntryHandler)
		protected.GET("/my-time-entries", app.GetMyTimeEntriesHandler)
		protected.POST("/time-entries/batch", app.CreateBatchTimeEntriesHandler)
		protected.DELETE("/my-time-entries/week", app.DeleteWeekEntries)
		protected.GET("/week-dates", app.GetWeekDates)
		protected.GET("/week-has-entries", app.CheckWeekHasEntries)
		protected.GET("/yearly-hours-summary", app.GetYearlyHoursSummaryHandler)
		protected.GET("/my-info", app.GetMyInfoHandler)
		protected.POST("/change-password", app.ChangeMyPasswordHandler)
		protected.GET("/school-year/active", app.GetActiveSchoolYearHandler)
		protected.GET("/substitutions/open", app.GetOpenSubstitutionsHandler)
		protected.POST("/substitutions/:id/accept", app.AcceptSubstitutionHandler)
	}

	admin := e.Group("/api/admin")
	admin.Use(JWTMiddleware())
	admin.Use(AdminMiddleware())
	{
		admin.POST("/schedules", app.CreateScheduleHandler)
		admin.DELETE("/schedules/delete", app.DeleteScheduleHandler)
		admin.POST("/users", app.CreateUserHandler)
		admin.GET("/users/list", app.GetUsersHandler)
		admin.DELETE("/users/delete", app.DeleteUserHandler)
		admin.GET("/time-entries", app.GetAllTimeEntriesHandler)
		admin.GET("/weekly-hours", app.GetWeeklyHoursHandler)
		admin.PUT("/users/:id", app.UpdateUserHandler)
		admin.PUT("/users/:id/reset-password", app.ResetPasswordHandler)
		admin.PUT("/time-entries/:id", app.UpdateTimeEntryHandler)
		admin.DELETE("/time-entries/:id", app.DeleteTimeEntryHandler)
		admin.POST("/time-entry", app.AdminCreateTimeEntryHandler)
		admin.GET("/school-years", app.GetSchoolYearsHandler)
		admin.POST("/school-years", app.CreateSchoolYearHandler)
		admin.DELETE("/school-years/:id", app.DeleteSchoolYearHandler)
		admin.PUT("/school-years/:id/activate", app.SetActiveSchoolYearHandler)
		admin.GET("/yearly-summary/pdf", app.GenerateYearlySummaryPDFHandler)
		admin.POST("/settings/logo", app.UploadLogoHandler)
		admin.GET("/settings/license", app.GetLicenseStatusHandler)
		admin.POST("/settings/license", app.UploadLicenseHandler)
		admin.GET("/substitutions", app.GetAllSubstitutionsHandler)
		admin.POST("/substitutions", app.CreateSubstitutionHandler)
		admin.DELETE("/substitutions/:id", app.DeleteSubstitutionHandler)
	}

	distDir, err := fs.Sub(frontendDist, "dist")
	if err != nil {
		log.Fatal("Fehler beim Laden des eingebetteten Frontends:", err)
	}

	fileHandler := http.FileServer(http.FS(distDir))
	e.GET("/*", func(c echo.Context) error {
		path := c.Request().URL.Path
		f, err := distDir.Open(strings.TrimPrefix(path, "/"))
		if err == nil {
			f.Close()
			fileHandler.ServeHTTP(c.Response(), c.Request())
			return nil
		}

		index, err := distDir.Open("index.html")
		if err != nil {
			return echo.NewHTTPError(http.StatusInternalServerError, "Frontend index.html missing")
		}
		defer index.Close()

		stat, _ := index.Stat()
		http.ServeContent(c.Response(), c.Request(), "index.html", stat.ModTime(), index.(io.ReadSeeker))
		return nil
	})

	port := os.Getenv("PORT")
	if port == "" {
		port = "8085"
	}

	log.Printf("Server starting on port %s", port)
	e.Logger.Fatal(e.Start(":" + port))
}

func customHTTPErrorHandler(err error, c echo.Context) {
	code := http.StatusInternalServerError
	message := "Internal Server Error"

	if he, ok := err.(*echo.HTTPError); ok {
		code = he.Code
		message = fmt.Sprintf("%v", he.Message)
	}

	c.Logger().Error(err)
	c.JSON(code, map[string]string{"message": message})
}