Add Phase 2: Local SQLite database with sync functionality

Implements complete offline-first architecture with SQLite caching and MariaDB synchronization. Key features: - Local SQLite database for offline operation (data/quoteforge.db) - Connection settings with encrypted credentials - Component and pricelist caching with auto-sync - Sync API endpoints (/api/sync/status, /components, /pricelists, /all) - Real-time sync status indicator in UI with auto-refresh - Offline mode detection middleware - Migration tool for database initialization - Setup wizard for initial configuration New components: - internal/localdb: SQLite repository layer (components, pricelists, sync) - internal/services/sync: Synchronization service - internal/handlers/sync: Sync API handlers - internal/handlers/setup: Setup wizard handlers - internal/middleware/offline: Offline detection - cmd/migrate: Database migration tool UI improvements: - Setup page for database configuration - Sync status indicator with online/offline detection - Warning icons for pending synchronization - Auto-refresh every 30 seconds Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-02-01 11:00:32 +03:00
parent 8b8d2f18f9
commit 143d217397
30 changed files with 3697 additions and 887 deletions
--- a/cmd/server/main.go
+++ b/cmd/server/main.go
@@ -3,53 +3,97 @@ package main
 import (
 	"context"
 	"flag"
+	"fmt"
 	"log/slog"
 	"net/http"
 	"os"
 	"os/signal"
+	"strconv"
 	"syscall"
 	"time"

 	"github.com/gin-gonic/gin"
 	"git.mchus.pro/mchus/quoteforge/internal/config"
 	"git.mchus.pro/mchus/quoteforge/internal/handlers"
+	"git.mchus.pro/mchus/quoteforge/internal/localdb"
 	"git.mchus.pro/mchus/quoteforge/internal/middleware"
 	"git.mchus.pro/mchus/quoteforge/internal/models"
 	"git.mchus.pro/mchus/quoteforge/internal/repository"
 	"git.mchus.pro/mchus/quoteforge/internal/services"
 	"git.mchus.pro/mchus/quoteforge/internal/services/alerts"
+	"git.mchus.pro/mchus/quoteforge/internal/services/pricelist"
 	"git.mchus.pro/mchus/quoteforge/internal/services/pricing"
-	"golang.org/x/crypto/bcrypt"
+	"git.mchus.pro/mchus/quoteforge/internal/services/sync"
 	"gorm.io/driver/mysql"
 	"gorm.io/gorm"
 	"gorm.io/gorm/logger"
 )

+const (
+	localDBPath = "./data/settings.db"
+)
+
 func main() {
-	configPath := flag.String("config", "config.yaml", "path to config file")
+	configPath := flag.String("config", "config.yaml", "path to config file (optional, for server settings)")
 	migrate := flag.Bool("migrate", false, "run database migrations")
 	flag.Parse()

-	cfg, err := config.Load(*configPath)
+	// Initialize local SQLite database (always used)
+	local, err := localdb.New(localDBPath)
 	if err != nil {
-		slog.Error("failed to load config", "error", err)
+		slog.Error("failed to initialize local database", "error", err)
 		os.Exit(1)
 	}

+	// Check if running in setup mode (no connection settings)
+	if !local.HasSettings() {
+		slog.Info("no database settings found, starting setup mode")
+		runSetupMode(local)
+		return
+	}
+
+	// Load config for server settings (optional)
+	cfg, err := config.Load(*configPath)
+	if err != nil {
+		// Use defaults if config file doesn't exist
+		slog.Info("config file not found, using defaults", "path", *configPath)
+		cfg = &config.Config{}
+	}
+	setConfigDefaults(cfg)
+
 	setupLogger(cfg.Logging)

+	// Get DSN from local SQLite
+	dsn, err := local.GetDSN()
+	if err != nil {
+		slog.Error("failed to get database settings", "error", err)
+		os.Exit(1)
+	}
+
+	// Connect to MariaDB
+	db, err := setupDatabaseFromDSN(dsn)
+	if err != nil {
+		slog.Error("failed to connect to database", "error", err)
+		slog.Info("you may need to reconfigure connection at /setup")
+		os.Exit(1)
+	}
+
+	dbUser := local.GetDBUser()
+
+	// Ensure DB user exists in qt_users table (for foreign key constraint)
+	dbUserID, err := models.EnsureDBUser(db, dbUser)
+	if err != nil {
+		slog.Error("failed to ensure DB user exists", "error", err)
+		os.Exit(1)
+	}
+
 	slog.Info("starting QuoteForge server",
 		"host", cfg.Server.Host,
 		"port", cfg.Server.Port,
-		"mode", cfg.Server.Mode,
+		"db_user", dbUser,
+		"db_user_id", dbUserID,
 	)

-	db, err := setupDatabase(cfg.Database)
-	if err != nil {
-		slog.Error("failed to connect to database", "error", err)
-		os.Exit(1)
-	}
-
 	if *migrate {
 		slog.Info("running database migrations...")
 		if err := models.Migrate(db); err != nil {
@@ -60,17 +104,11 @@ func main() {
 			slog.Error("seeding categories failed", "error", err)
 			os.Exit(1)
 		}
-		// Create default admin user (admin / admin123)
-		adminHash, _ := bcrypt.GenerateFromPassword([]byte("admin123"), bcrypt.DefaultCost)
-		if err := models.SeedAdminUser(db, string(adminHash)); err != nil {
-			slog.Error("seeding admin user failed", "error", err)
-			os.Exit(1)
-		}
 		slog.Info("migrations completed")
 	}

 	gin.SetMode(cfg.Server.Mode)
-	router, err := setupRouter(db, cfg)
+	router, err := setupRouter(db, cfg, local, dbUserID)
 	if err != nil {
 		slog.Error("failed to setup router", "error", err)
 		os.Exit(1)
@@ -107,6 +145,96 @@ func main() {
 	slog.Info("server stopped")
 }

+func setConfigDefaults(cfg *config.Config) {
+	if cfg.Server.Host == "" {
+		cfg.Server.Host = "0.0.0.0"
+	}
+	if cfg.Server.Port == 0 {
+		cfg.Server.Port = 8080
+	}
+	if cfg.Server.Mode == "" {
+		cfg.Server.Mode = "release"
+	}
+	if cfg.Server.ReadTimeout == 0 {
+		cfg.Server.ReadTimeout = 30 * time.Second
+	}
+	if cfg.Server.WriteTimeout == 0 {
+		cfg.Server.WriteTimeout = 30 * time.Second
+	}
+	if cfg.Pricing.DefaultMethod == "" {
+		cfg.Pricing.DefaultMethod = "weighted_median"
+	}
+	if cfg.Pricing.DefaultPeriodDays == 0 {
+		cfg.Pricing.DefaultPeriodDays = 90
+	}
+	if cfg.Pricing.FreshnessGreenDays == 0 {
+		cfg.Pricing.FreshnessGreenDays = 30
+	}
+	if cfg.Pricing.FreshnessYellowDays == 0 {
+		cfg.Pricing.FreshnessYellowDays = 60
+	}
+	if cfg.Pricing.FreshnessRedDays == 0 {
+		cfg.Pricing.FreshnessRedDays = 90
+	}
+	if cfg.Pricing.MinQuotesForMedian == 0 {
+		cfg.Pricing.MinQuotesForMedian = 3
+	}
+}
+
+// runSetupMode starts a minimal server that only serves the setup page
+func runSetupMode(local *localdb.LocalDB) {
+	setupHandler, err := handlers.NewSetupHandler(local, "web/templates")
+	if err != nil {
+		slog.Error("failed to create setup handler", "error", err)
+		os.Exit(1)
+	}
+
+	gin.SetMode(gin.ReleaseMode)
+	router := gin.New()
+	router.Use(gin.Recovery())
+
+	router.Static("/static", "web/static")
+
+	// Setup routes only
+	router.GET("/", func(c *gin.Context) {
+		c.Redirect(http.StatusFound, "/setup")
+	})
+	router.GET("/setup", setupHandler.ShowSetup)
+	router.POST("/setup", setupHandler.SaveConnection)
+	router.POST("/setup/test", setupHandler.TestConnection)
+	router.GET("/setup/status", setupHandler.GetStatus)
+
+	// Health check
+	router.GET("/health", func(c *gin.Context) {
+		c.JSON(http.StatusOK, gin.H{
+			"status": "setup_required",
+			"time":   time.Now().UTC().Format(time.RFC3339),
+		})
+	})
+
+	addr := ":8080"
+	slog.Info("starting setup mode server", "address", addr)
+	slog.Info("open http://localhost:8080/setup to configure database connection")
+
+	srv := &http.Server{
+		Addr:    addr,
+		Handler: router,
+	}
+
+	go func() {
+		if err := srv.ListenAndServe(); err != nil && err != http.ErrServerClosed {
+			slog.Error("server error", "error", err)
+			os.Exit(1)
+		}
+	}()
+
+	quit := make(chan os.Signal, 1)
+	signal.Notify(quit, syscall.SIGINT, syscall.SIGTERM)
+	<-quit
+
+	slog.Info("setup mode server stopped")
+}
+
 func setupLogger(cfg config.LoggingConfig) {
 	var level slog.Level
 	switch cfg.Level {
@@ -132,10 +260,10 @@ func setupLogger(cfg config.LoggingConfig) {
 	slog.SetDefault(slog.New(handler))
 }

-func setupDatabase(cfg config.DatabaseConfig) (*gorm.DB, error) {
+func setupDatabaseFromDSN(dsn string) (*gorm.DB, error) {
 	gormLogger := logger.Default.LogMode(logger.Silent)

-	db, err := gorm.Open(mysql.Open(cfg.DSN()), &gorm.Config{
+	db, err := gorm.Open(mysql.Open(dsn), &gorm.Config{
 		Logger: gormLogger,
 	})
 	if err != nil {
@@ -147,39 +275,46 @@ func setupDatabase(cfg config.DatabaseConfig) (*gorm.DB, error) {
 		return nil, err
 	}

-	sqlDB.SetMaxOpenConns(cfg.MaxOpenConns)
-	sqlDB.SetMaxIdleConns(cfg.MaxIdleConns)
-	sqlDB.SetConnMaxLifetime(cfg.ConnMaxLifetime)
+	sqlDB.SetMaxOpenConns(25)
+	sqlDB.SetMaxIdleConns(5)
+	sqlDB.SetConnMaxLifetime(5 * time.Minute)

 	return db, nil
 }

-func setupRouter(db *gorm.DB, cfg *config.Config) (*gin.Engine, error) {
+func setupRouter(db *gorm.DB, cfg *config.Config, local *localdb.LocalDB, dbUserID uint) (*gin.Engine, error) {
 	// Repositories
-	userRepo := repository.NewUserRepository(db)
 	componentRepo := repository.NewComponentRepository(db)
 	categoryRepo := repository.NewCategoryRepository(db)
 	priceRepo := repository.NewPriceRepository(db)
-	configRepo := repository.NewConfigurationRepository(db)
 	alertRepo := repository.NewAlertRepository(db)
 	statsRepo := repository.NewStatsRepository(db)
+	pricelistRepo := repository.NewPricelistRepository(db)
+	configRepo := repository.NewConfigurationRepository(db)

 	// Services
-	authService := services.NewAuthService(userRepo, cfg.Auth)
 	pricingService := pricing.NewService(componentRepo, priceRepo, cfg.Pricing)
 	componentService := services.NewComponentService(componentRepo, categoryRepo, statsRepo)
 	quoteService := services.NewQuoteService(componentRepo, statsRepo, pricingService)
-	configService := services.NewConfigurationService(configRepo, componentRepo, quoteService)
 	exportService := services.NewExportService(cfg.Export, categoryRepo)
 	alertService := alerts.NewService(alertRepo, componentRepo, priceRepo, statsRepo, cfg.Alerts, cfg.Pricing)
+	pricelistService := pricelist.NewService(db, pricelistRepo, componentRepo)
+	configService := services.NewConfigurationService(configRepo, componentRepo, quoteService)
+	syncService := sync.NewService(pricelistRepo, local)

 	// Handlers
-	authHandler := handlers.NewAuthHandler(authService, userRepo)
 	componentHandler := handlers.NewComponentHandler(componentService)
 	quoteHandler := handlers.NewQuoteHandler(quoteService)
-	configHandler := handlers.NewConfigurationHandler(configService, exportService)
 	exportHandler := handlers.NewExportHandler(exportService, configService, componentService)
 	pricingHandler := handlers.NewPricingHandler(db, pricingService, alertService, componentRepo, priceRepo, statsRepo)
+	pricelistHandler := handlers.NewPricelistHandler(pricelistService, local)
+	syncHandler := handlers.NewSyncHandler(local, syncService, db)
+
+	// Setup handler (for reconfiguration)
+	setupHandler, err := handlers.NewSetupHandler(local, "web/templates")
+	if err != nil {
+		return nil, fmt.Errorf("creating setup handler: %w", err)
+	}

 	// Web handler (templates)
 	webHandler, err := handlers.NewWebHandler("web/templates", componentService)
@@ -192,6 +327,7 @@ func setupRouter(db *gorm.DB, cfg *config.Config) (*gin.Engine, error) {
 	router.Use(gin.Recovery())
 	router.Use(requestLogger())
 	router.Use(middleware.CORS())
+	router.Use(middleware.OfflineDetector(db, local))

 	// Static files
 	router.Static("/static", "web/static")
@@ -229,14 +365,30 @@ func setupRouter(db *gorm.DB, cfg *config.Config) (*gin.Engine, error) {
 			"lot_count":      lotCount,
 			"lot_log_count":  lotLogCount,
 			"metadata_count": metadataCount,
+			"db_user":        local.GetDBUser(),
 		})
 	})

+	// Current user info (DB user, not app user)
+	router.GET("/api/current-user", func(c *gin.Context) {
+		c.JSON(http.StatusOK, gin.H{
+			"username": local.GetDBUser(),
+			"role":     "db_user",
+		})
+	})
+
+	// Setup routes (for reconfiguration)
+	router.GET("/setup", setupHandler.ShowSetup)
+	router.POST("/setup", setupHandler.SaveConnection)
+	router.POST("/setup/test", setupHandler.TestConnection)
+	router.GET("/setup/status", setupHandler.GetStatus)
+
 	// Web pages
 	router.GET("/", webHandler.Index)
-	router.GET("/login", webHandler.Login)
 	router.GET("/configs", webHandler.Configs)
 	router.GET("/configurator", webHandler.Configurator)
+	router.GET("/pricelists", webHandler.Pricelists)
+	router.GET("/pricelists/:id", webHandler.PricelistDetail)
 	router.GET("/admin/pricing", webHandler.AdminPricing)

 	// htmx partials
@@ -252,16 +404,7 @@ func setupRouter(db *gorm.DB, cfg *config.Config) (*gin.Engine, error) {
 			c.JSON(http.StatusOK, gin.H{"message": "pong"})
 		})

-		// Auth (public)
-		auth := api.Group("/auth")
-		{
-			auth.POST("/login", authHandler.Login)
-			auth.POST("/refresh", authHandler.Refresh)
-			auth.POST("/logout", authHandler.Logout)
-			auth.GET("/me", middleware.Auth(authService), authHandler.Me)
-		}
-
-		// Components (public read, for quote builder)
+		// Components (public read)
 		components := api.Group("/components")
 		{
 			components.GET("", componentHandler.List)
@@ -271,45 +414,155 @@ func setupRouter(db *gorm.DB, cfg *config.Config) (*gin.Engine, error) {
 		// Categories (public)
 		api.GET("/categories", componentHandler.GetCategories)

-		// Quote (public, for anonymous quote building)
+		// Quote (public)
 		quote := api.Group("/quote")
 		{
 			quote.POST("/validate", quoteHandler.Validate)
 			quote.POST("/calculate", quoteHandler.Calculate)
 		}

-		// Export (public, for anonymous exports)
+		// Export (public)
 		export := api.Group("/export")
 		{
 			export.POST("/csv", exportHandler.ExportCSV)
 		}

-		// Configurations (requires auth)
-		configs := api.Group("/configs")
-		configs.Use(middleware.Auth(authService))
-		configs.Use(middleware.RequireEditor())
+		// Pricelists (public - RBAC disabled in Phase 1-3)
+		pricelists := api.Group("/pricelists")
 		{
-			configs.GET("", configHandler.List)
-			configs.POST("", configHandler.Create)
-			configs.GET("/:uuid", configHandler.Get)
-			configs.PUT("/:uuid", configHandler.Update)
-			configs.PATCH("/:uuid/rename", configHandler.Rename)
-			configs.POST("/:uuid/clone", configHandler.Clone)
-			configs.POST("/:uuid/refresh-prices", configHandler.RefreshPrices)
-			configs.DELETE("/:uuid", configHandler.Delete)
-			// configs.GET("/:uuid/export", configHandler.ExportJSON)
-			configs.GET("/:uuid/csv", exportHandler.ExportConfigCSV)
-			// configs.POST("/import", configHandler.ImportJSON)
+			pricelists.GET("", pricelistHandler.List)
+			pricelists.GET("/can-write", pricelistHandler.CanWrite)
+			pricelists.GET("/latest", pricelistHandler.GetLatest)
+			pricelists.GET("/:id", pricelistHandler.Get)
+			pricelists.GET("/:id/items", pricelistHandler.GetItems)
+			pricelists.POST("", pricelistHandler.Create)
+			pricelists.DELETE("/:id", pricelistHandler.Delete)
 		}
-	}

-	// Admin routes
-	admin := router.Group("/admin")
-	admin.Use(middleware.Auth(authService))
-	{
-		// Pricing admin
-		pricingAdmin := admin.Group("/pricing")
-		pricingAdmin.Use(middleware.RequirePricingAdmin())
+		// Configurations (public - RBAC disabled)
+		configs := api.Group("/configs")
+		{
+			configs.GET("", func(c *gin.Context) {
+				page, _ := strconv.Atoi(c.DefaultQuery("page", "1"))
+				perPage, _ := strconv.Atoi(c.DefaultQuery("per_page", "20"))
+
+				cfgs, total, err := configService.ListAll(page, perPage)
+				if err != nil {
+					c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
+					return
+				}
+
+				c.JSON(http.StatusOK, gin.H{
+					"configurations": cfgs,
+					"total":          total,
+					"page":           page,
+					"per_page":       perPage,
+				})
+			})
+
+			configs.POST("", func(c *gin.Context) {
+				var req services.CreateConfigRequest
+				if err := c.ShouldBindJSON(&req); err != nil {
+					c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+					return
+				}
+
+				config, err := configService.Create(dbUserID, &req) // use DB user ID
+				if err != nil {
+					c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
+					return
+				}
+
+				c.JSON(http.StatusCreated, config)
+			})
+
+			configs.GET("/:uuid", func(c *gin.Context) {
+				uuid := c.Param("uuid")
+				config, err := configService.GetByUUIDNoAuth(uuid)
+				if err != nil {
+					c.JSON(http.StatusNotFound, gin.H{"error": "configuration not found"})
+					return
+				}
+				c.JSON(http.StatusOK, config)
+			})
+
+			configs.PUT("/:uuid", func(c *gin.Context) {
+				uuid := c.Param("uuid")
+				var req services.CreateConfigRequest
+				if err := c.ShouldBindJSON(&req); err != nil {
+					c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+					return
+				}
+
+				config, err := configService.UpdateNoAuth(uuid, &req)
+				if err != nil {
+					c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
+					return
+				}
+
+				c.JSON(http.StatusOK, config)
+			})
+
+			configs.DELETE("/:uuid", func(c *gin.Context) {
+				uuid := c.Param("uuid")
+				if err := configService.DeleteNoAuth(uuid); err != nil {
+					c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
+					return
+				}
+				c.JSON(http.StatusOK, gin.H{"message": "deleted"})
+			})
+
+			configs.PATCH("/:uuid/rename", func(c *gin.Context) {
+				uuid := c.Param("uuid")
+				var req struct {
+					Name string `json:"name"`
+				}
+				if err := c.ShouldBindJSON(&req); err != nil {
+					c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+					return
+				}
+
+				config, err := configService.RenameNoAuth(uuid, req.Name)
+				if err != nil {
+					c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
+					return
+				}
+
+				c.JSON(http.StatusOK, config)
+			})
+
+			configs.POST("/:uuid/clone", func(c *gin.Context) {
+				uuid := c.Param("uuid")
+				var req struct {
+					Name string `json:"name"`
+				}
+				if err := c.ShouldBindJSON(&req); err != nil {
+					c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+					return
+				}
+
+				config, err := configService.CloneNoAuth(uuid, req.Name, dbUserID)
+				if err != nil {
+					c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
+					return
+				}
+
+				c.JSON(http.StatusCreated, config)
+			})
+
+			configs.POST("/:uuid/refresh-prices", func(c *gin.Context) {
+				uuid := c.Param("uuid")
+				config, err := configService.RefreshPricesNoAuth(uuid)
+				if err != nil {
+					c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
+					return
+				}
+				c.JSON(http.StatusOK, config)
+			})
+		}
+
+		// Pricing admin (public - RBAC disabled)
+		pricingAdmin := api.Group("/admin/pricing")
 		{
 			pricingAdmin.GET("/stats", pricingHandler.GetStats)
 			pricingAdmin.GET("/components", pricingHandler.ListComponents)
@@ -323,6 +576,15 @@ func setupRouter(db *gorm.DB, cfg *config.Config) (*gin.Engine, error) {
 			pricingAdmin.POST("/alerts/:id/resolve", pricingHandler.ResolveAlert)
 			pricingAdmin.POST("/alerts/:id/ignore", pricingHandler.IgnoreAlert)
 		}
+
+		// Sync API (for offline mode)
+		syncAPI := api.Group("/sync")
+		{
+			syncAPI.GET("/status", syncHandler.GetStatus)
+			syncAPI.POST("/components", syncHandler.SyncComponents)
+			syncAPI.POST("/pricelists", syncHandler.SyncPricelists)
+			syncAPI.POST("/all", syncHandler.SyncAll)
+		}
 	}

 	return router, nil