update git ignore

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

.devcontainer/Dockerfile

@@ -0,0 +1,5 @@
+# [Choice] Node.js version (use -bullseye variants on local arm64/Apple Silicon): 18, 16, 14, 18-bullseye, 16-bullseye, 14-bullseye, 18-buster, 16-buster, 14-buster
+ARG VARIANT=16-bullseye
+FROM mcr.microsoft.com/vscode/devcontainers/typescript-node:0-${VARIANT}
+
+RUN sh -c "$(curl --location https://taskfile.dev/install.sh)" -- -d -b ~/.local/bin

.devcontainer/devcontainer.json

@@ -0,0 +1,40 @@
+// For format details, see https://aka.ms/devcontainer.json. For config options, see the README at:
+// https://github.com/microsoft/vscode-dev-containers/tree/v0.245.2/containers/typescript-node
+{
+	"name": "Node.js & TypeScript",
+	"build": {
+		"dockerfile": "Dockerfile",
+		// Update 'VARIANT' to pick a Node version: 18, 16, 14.
+		// Append -bullseye or -buster to pin to an OS version.
+		// Use -bullseye variants on local on arm64/Apple Silicon.
+		"args": {
+			"VARIANT": "18-bullseye"
+		}
+	},
+
+	// Configure tool-specific properties.
+	"customizations": {
+		// Configure properties specific to VS Code.
+		"vscode": {
+			// Add the IDs of extensions you want installed when the container is created.
+			"extensions": [
+				"dbaeumer.vscode-eslint"
+			]
+		}
+	},
+
+	// Use 'forwardPorts' to make a list of ports inside the container available locally.
+	"forwardPorts": [
+		7745,
+		3000
+	],
+
+	// Use 'postCreateCommand' to run commands after the container is created.
+	"postCreateCommand": "go install github.com/go-task/task/v3/cmd/task@latest && npm install -g pnpm && task setup",
+
+	// Comment out to connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root.
+	"remoteUser": "node",
+	"features": {
+		"golang": "1.19"
+	}
+}

.github/FUNDING.yml

@@ -0,0 +1 @@
+github: [hay-kot]

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -1,6 +1,7 @@
 ---
 name: "Bug Report"
-description: "submit a bug report for the current release"
+description: "Submit a bug report for the current release"
+labels: ["bug"]
 body:
   - type: checkboxes
     id: checks

.github/ISSUE_TEMPLATE/feature_request.yml

@@ -1,6 +1,7 @@
 ---
 name: "Feature Request"
-description: "submit a feature request for the current release"
+description: "Submit a feature request for the current release"
+labels: ["feature-request"]
 body:
   - type: textarea
     id: problem-statement

.github/dependabot.yml

@@ -1,31 +0,0 @@
-version: 2
-updates:
-  # Fetch and update latest `npm` packages
-  - package-ecosystem: npm
-    directory: "/frontend"
-    schedule:
-      interval: daily
-      time: "00:00"
-    open-pull-requests-limit: 10
-    reviewers:
-      - hay-kot
-    assignees:
-      - hay-kot
-    commit-message:
-      prefix: fix
-      prefix-development: chore
-      include: scope
-  - package-ecosystem: gomod
-    directory: backend
-    schedule:
-      interval: daily
-      time: "00:00"
-    open-pull-requests-limit: 10
-    reviewers:
-      - hay-kot
-    assignees:
-      - hay-kot
-    commit-message:
-      prefix: fix
-      prefix-development: chore
-      include: scope

.github/workflows/partial-backend.yaml

@@ -7,15 +7,17 @@ jobs:
   Go:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
 
       - name: Set up Go
-        uses: actions/setup-go@v2
+        uses: actions/setup-go@v4
         with:
-          go-version: 1.19
+          go-version: "1.20"
 
       - name: Install Task
         uses: arduino/setup-task@v1
+        with:
+          repo-token: ${{ secrets.GITHUB_TOKEN }}
 
       - name: golangci-lint
         uses: golangci/golangci-lint-action@v3
@@ -28,7 +30,7 @@ jobs:
           args: --timeout=6m
 
       - name: Build API
-        run: task api:build
+        run: task go:build
 
       - name: Test
-        run: task api:coverage
+        run: task go:coverage

.github/workflows/partial-frontend.yaml

@@ -4,27 +4,55 @@ on:
   workflow_call:
 
 jobs:
-  Frontend:
+  lint:
+    name: Lint
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - uses: pnpm/action-setup@v2.2.4
+        with:
+          version: 6.0.2
+
+      - name: Install dependencies
+        run: pnpm install --shamefully-hoist
+        working-directory: frontend
+
+      - name: Run Lint
+        run: pnpm run lint:ci
+        working-directory: frontend
+
+      - name: Run Typecheck
+        run: pnpm run typecheck
+        working-directory: frontend
+
+  integration-tests:
+    name: Integration Tests
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
         with:
           fetch-depth: 0
 
       - name: Install Task
         uses: arduino/setup-task@v1
+        with:
+          repo-token: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Set up Go
-        uses: actions/setup-go@v2
+        uses: actions/setup-go@v4
         with:
-          go-version: 1.19
+          go-version: "1.20"
 
       - uses: actions/setup-node@v3
         with:
           node-version: 18
 
-      - uses: pnpm/action-setup@v2.2.2
+      - uses: pnpm/action-setup@v2.2.4
         with:
           version: 6.0.2
 
@@ -32,9 +60,5 @@ jobs:
         run: pnpm install
         working-directory: frontend
 
-      - name: Run linter 👀
-        run: pnpm lint
-        working-directory: "frontend"
-
       - name: Run Integration Tests
         run: task test:ci

.github/workflows/partial-publish.yaml

@@ -20,22 +20,22 @@ jobs:
     name: "Publish Homebox"
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
       - name: Set up Go
-        uses: actions/setup-go@v2
+        uses: actions/setup-go@v4
         with:
-          go-version: 1.19
+          go-version: "1.20"
 
       - name: Set up QEMU
         id: qemu
-        uses: docker/setup-qemu-action@v1
+        uses: docker/setup-qemu-action@v2
         with:
           image: tonistiigi/binfmt:latest
           platforms: all
 
       - name: install buildx
         id: buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v2
         with:
           install: true
 
@@ -60,6 +60,7 @@ jobs:
             --tag ghcr.io/hay-kot/homebox:nightly \
             --tag ghcr.io/hay-kot/homebox:latest \
             --tag ghcr.io/hay-kot/homebox:${{ inputs.tag }} \
+            --build-arg VERSION=${{ inputs.tag }} \
             --build-arg COMMIT=$(git rev-parse HEAD) \
             --build-arg BUILD_TIME=$(date -u +"%Y-%m-%dT%H:%M:%SZ") \
             --platform linux/amd64,linux/arm64,linux/arm/v7 .

.github/workflows/publish.yaml

@@ -1,4 +1,4 @@
-name: Build Nightly
+name: Publish Dockers
 
 on:
   push:
@@ -12,31 +12,17 @@ env:
   FLY_API_TOKEN: ${{ secrets.FLY_API_TOKEN }}
 
 jobs:
-  backend-tests:
-    name: "Backend Server Tests"
-    uses: hay-kot/homebox/.github/workflows/partial-backend.yaml@main
-
-  frontend-tests:
-    name: "Frontend and End-to-End Tests"
-    uses: hay-kot/homebox/.github/workflows/partial-frontend.yaml@main
-
   deploy:
     name: "Deploy Nightly to Fly.io"
     runs-on: ubuntu-latest
-    needs:
-      - backend-tests
-      - frontend-tests
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
       - uses: superfly/flyctl-actions/setup-flyctl@master
       - run: flyctl deploy --remote-only
 
   publish-nightly:
     name: "Publish Nightly"
     if: github.event_name != 'release'
-    needs:
-      - backend-tests
-      - frontend-tests
     uses: hay-kot/homebox/.github/workflows/partial-publish.yaml@main
     with:
       tag: nightly
@@ -46,9 +32,6 @@ jobs:
   publish-tag:
     name: "Publish Tag"
     if: github.event_name == 'release'
-    needs:
-      - backend-tests
-      - frontend-tests
     uses: hay-kot/homebox/.github/workflows/partial-publish.yaml@main
     with:
       release: true
@@ -63,7 +46,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout main
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
 
       - name: Deploy docs
         uses: mhausenblas/mkdocs-deploy-gh-pages@master

.github/workflows/pull-requests.yaml

@@ -8,8 +8,8 @@ on:
 jobs:
   backend-tests:
     name: "Backend Server Tests"
-    uses: hay-kot/homebox/.github/workflows/partial-backend.yaml@main
+    uses: ./.github/workflows/partial-backend.yaml
 
   frontend-tests:
     name: "Frontend and End-to-End Tests"
-    uses: hay-kot/homebox/.github/workflows/partial-frontend.yaml@main
+    uses: ./.github/workflows/partial-frontend.yaml

.github/workflows/tag.yaml

@@ -0,0 +1,51 @@
+name: Publish Release
+
+on:
+  push:
+    tags:
+      - v*
+
+env:
+  FLY_API_TOKEN: ${{ secrets.FLY_API_TOKEN }}
+
+jobs:
+  backend-tests:
+    name: "Backend Server Tests"
+    uses: hay-kot/homebox/.github/workflows/partial-backend.yaml@main
+
+  frontend-tests:
+    name: "Frontend and End-to-End Tests"
+    uses: hay-kot/homebox/.github/workflows/partial-frontend.yaml@main
+
+
+  goreleaser:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: Set up Go
+        uses: actions/setup-go@v3
+
+      - uses: pnpm/action-setup@v2
+        with:
+          version: 7.30.1
+
+      - name: Build Frontend and Copy to Backend
+        working-directory: frontend
+        run: |
+          pnpm install --shamefully-hoist
+          pnpm run build
+          cp -r ./.output/public ../backend/app/api/static/
+
+      - name: Run GoReleaser
+        uses: goreleaser/goreleaser-action@v4
+        with:
+          workdir: "backend"
+          distribution: goreleaser
+          version: latest
+          args: release --clean
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.gitignore

@@ -3,7 +3,6 @@ backend/.data/*
 config.yml
 homebox.db
 .idea
-
 .DS_Store
 test-mailer.json
 node_modules
@@ -32,6 +31,7 @@ node_modules
 go.work
 .task/
 backend/.env
+build/*
 
 # Output Directory for Nuxt/Frontend during build step
 backend/app/api/public/*
@@ -45,3 +45,12 @@ node_modules
 .output
 .env
 dist
+
+.pnpm-store
+backend/app/api/app
+backend/app/api/__debug_bin
+dist/
+
+# Nuxt Publish Dir
+backend/app/api/static/public/*
+!backend/app/api/static/public/.gitkeep

.scaffold/model/scaffold.yaml

@@ -0,0 +1,33 @@
+---
+# yaml-language-server: $schema=https://hay-kot.github.io/scaffold/schema.json
+messages:
+  pre: |
+    # Ent Model Generation
+
+    With Boilerplate!
+  post: |
+    Complete!
+
+questions:
+  - name: "model"
+    prompt:
+      message: "What is the name of the model? (PascalCase)"
+    required: true
+
+  - name: "by_group"
+    prompt:
+      confirm: "Include a Group Edge? (group_id -> id)"
+    required: true
+
+rewrites:
+  - from: 'templates/model.go'
+    to: 'backend/internal/data/ent/schema/{{ lower .Scaffold.model }}.go'
+
+inject:
+  - name: "Insert Groups Edge"
+    path: 'backend/internal/data/ent/schema/group.go'
+    at: // $scaffold_edge
+    template: |
+      {{- if .Scaffold.by_group -}}
+      owned("{{ lower .Scaffold.model }}s", {{ .Scaffold.model }}.Type),
+      {{- end -}}

.scaffold/model/templates/model.go

@@ -0,0 +1,40 @@
+package schema
+
+import (
+	"entgo.io/ent"
+
+	"github.com/hay-kot/homebox/backend/internal/data/ent/schema/mixins"
+)
+
+type {{ .Scaffold.model }} struct {
+	ent.Schema
+}
+
+func ({{ .Scaffold.model }}) Mixin() []ent.Mixin {
+	return []ent.Mixin{
+		mixins.BaseMixin{},
+		{{- if .Scaffold.by_group }}
+		GroupMixin{ref: "{{ snakecase .Scaffold.model  }}s"},
+		{{- end }}
+	}
+}
+
+// Fields of the {{ .Scaffold.model }}.
+func ({{ .Scaffold.model }}) Fields() []ent.Field {
+	return []ent.Field{
+		// field.String("name").
+	}
+}
+
+// Edges of the {{ .Scaffold.model }}.
+func ({{ .Scaffold.model }}) Edges() []ent.Edge {
+	return []ent.Edge{
+		// edge.From("group", Group.Type).
+	}
+}
+
+func ({{ .Scaffold.model }}) Indexes() []ent.Index {
+	return []ent.Index{
+		// index.Fields("token"),
+	}
+}

.vscode/launch.json

@@ -0,0 +1,47 @@
+{
+    // Use IntelliSense to learn about possible attributes.
+    // Hover to view descriptions of existing attributes.
+    // For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387
+    "version": "0.2.0",
+    "compounds": [
+        {
+            "name": "Full Stack",
+            "configurations": ["Launch Backend", "Launch Frontend"],
+            "stopAll": true
+        }
+    ],
+    "configurations": [
+        {
+            "name": "Launch Backend",
+            "type": "go",
+            "request": "launch",
+            "mode": "debug",
+            "program": "${workspaceRoot}/backend/app/api/",
+            "args": [],
+            "env": {
+                "HBOX_DEMO": "true",
+                "HBOX_LOG_LEVEL": "debug",
+                "HBOX_DEBUG_ENABLED": "true",
+                "HBOX_STORAGE_DATA": "${workspaceRoot}/backend/.data",
+                "HBOX_STORAGE_SQLITE_URL": "${workspaceRoot}/backend/.data/homebox.db?_fk=1"
+            },
+        },
+        {
+            "name": "Launch Frontend",
+            "type": "node",
+            "request": "launch",
+            "runtimeExecutable": "pnpm",
+            "runtimeArgs": [
+                "run",
+                "dev"
+            ],
+            "cwd": "${workspaceFolder}/frontend",
+            "serverReadyAction": {
+                "action": "debugWithChrome",
+                "pattern": "Local: http://localhost:([0-9]+)",
+                "uriFormat": "http://localhost:%s",
+                "webRoot": "${workspaceFolder}/frontend"
+              }
+        }
+    ]
+}

.vscode/settings.json

@@ -1,7 +1,4 @@
 {
-  "editor.codeActionsOnSave": {
-    "source.fixAll.eslint": true
-  },
   "yaml.schemas": {
     "https://squidfunk.github.io/mkdocs-material/schema.json": "mkdocs.yml"
   },
@@ -10,5 +7,28 @@
     "package.json": "package-lock.json, yarn.lock, .eslintrc.js, tsconfig.json, .prettierrc, .editorconfig, pnpm-lock.yaml, postcss.config.js, tailwind.config.js",
     "docker-compose.yml": "Dockerfile, .dockerignore, docker-compose.dev.yml, docker-compose.yml",
     "README.md": "LICENSE, SECURITY.md"
-  }
+  },
+  "cSpell.words": [
+    "debughandlers",
+    "Homebox"
+  ],
+  // use ESLint to format code on save
+  "editor.formatOnSave": false,
+  "editor.defaultFormatter": "dbaeumer.vscode-eslint",
+  "editor.codeActionsOnSave": {
+    "source.fixAll.eslint": true
+  },
+  "[typescript]": {
+    "editor.defaultFormatter": "dbaeumer.vscode-eslint"
+  },
+  "eslint.format.enable": true,
+  "css.validate": false,
+	"tailwindCSS.includeLanguages": {
+		"vue": "html",
+		"vue-html": "html"
+	},
+	"editor.quickSuggestions": {
+		"strings": true
+	},
+  "tailwindCSS.experimental.configFile": "./frontend/tailwind.config.js"
 }

CONTRIBUTING.md

@@ -0,0 +1,57 @@
+# Contributing
+
+## We Develop with Github
+
+We use github to host code, to track issues and feature requests, as well as accept pull requests.
+
+## Branch Flow
+
+We use the `main` branch as the development branch. All PRs should be made to the `main` branch from a feature branch. To create a pull request you can use the following steps:
+
+1. Fork the repository and create a new branch from `main`.
+2. If you've added code that should be tested, add tests.
+3. If you've changed API's, update the documentation.
+4. Ensure that the test suite and linters pass
+5. Issue your pull request
+
+## How To Get Started
+
+### Prerequisites
+
+There is a devcontainer available for this project. If you are using VSCode, you can use the devcontainer to get started. If you are not using VSCode, you can need to ensure that you have the following tools installed:
+
+- [Go 1.19+](https://golang.org/doc/install)
+- [Swaggo](https://github.com/swaggo/swag)
+- [Node.js 16+](https://nodejs.org/en/download/)
+- [pnpm](https://pnpm.io/installation)
+- [Taskfile](https://taskfile.dev/#/installation) (Optional but recommended)
+- For code generation, you'll need to have `python3` available on your path. In most cases, this is already installed and available.
+
+If you're using `taskfile` you can run `task --list-all` for a list of all commands and their descriptions.
+
+### Setup
+
+If you're using the taskfile you can use the `task setup` command to run the required setup commands. Otherwise you can review the commands required in the `Taskfile.yml` file.
+
+Note that when installing dependencies with pnpm you must use the `--shamefully-hoist` flag. If you don't use this flag you will get an error when running the the frontend server.
+
+### API Development Notes
+
+start command `task go:run`
+
+1. API Server does not auto reload. You'll need to restart the server after making changes.
+2. Unit tests should be written in Go, however end-to-end or user story tests should be written in TypeScript using the client library in the frontend directory.
+
+### Frontend Development Notes
+
+start command `task: ui:dev`
+
+1. The frontend is a Vue 3 app with Nuxt.js that uses Tailwind and DaisyUI for styling.
+2. We're using Vitest for our automated testing. you can run these with `task ui:watch`.
+3. Tests require the API server to be running and in some cases the first run will fail due to a race condition. If this happens just run the tests again and they should pass.
+
+## Publishing Release
+
+Create a new tag in github with the version number vX.X.X. This will trigger a new release to be created.
+
+Test -> Goreleaser -> Publish Release -> Trigger Docker Builds -> Deploy Docs + Fly.io Demo

Dockerfile

@@ -12,6 +12,7 @@ RUN pnpm build
 FROM golang:alpine AS builder
 ARG BUILD_TIME
 ARG COMMIT
+ARG VERSION
 RUN apk update && \
     apk upgrade && \
     apk add --update git build-base gcc g++
@@ -20,9 +21,9 @@ WORKDIR /go/src/app
 COPY ./backend .
 RUN go get -d -v ./...
 RUN rm -rf ./app/api/public
-COPY --from=frontend-builder /app/.output/public ./app/api/public
-RUN CGO_ENABLED=1 GOOS=linux go build \
-    -ldflags "-s -w -X main.Commit=$COMMIT -X main.BuildTime=$BUILD_TIME" \
+COPY --from=frontend-builder /app/.output/public ./app/api/static/public
+RUN CGO_ENABLED=0 GOOS=linux go build \
+    -ldflags "-s -w -X main.commit=$COMMIT -X main.buildTime=$BUILD_TIME -X main.version=$VERSION"  \
     -o /go/bin/api \
     -v ./app/api/*.go
 
@@ -40,9 +41,10 @@ COPY --from=builder /go/bin/api /app
 RUN chmod +x /app/api
 
 LABEL Name=homebox Version=0.0.1
+LABEL org.opencontainers.image.source="https://github.com/hay-kot/homebox"
 EXPOSE 7745
 WORKDIR /app
 VOLUME [ "/data" ]
 
 ENTRYPOINT [ "/app/api" ]
-CMD [ "/data/config.yml" ]
+CMD [ "/data/config.yml" ]

README.md

@@ -16,10 +16,13 @@
 [Configuration & Docker Compose](https://hay-kot.github.io/homebox/quick-start)
 
 ```bash
-docker run --name=homebox \
-    --restart=always \
-    --publish=3100:7745 \
-    ghcr.io/hay-kot/homebox:latest
+docker run -d \
+  --name homebox \
+  --restart unless-stopped \
+  --publish 3100:7745 \
+  --env TZ=Europe/Bucharest \
+  --volume /path/to/data/folder/:/data \
+  ghcr.io/hay-kot/homebox:latest
 ```
 
 ## Credits

Taskfile.yml

@@ -1,9 +1,17 @@
 version: "3"
 
 env:
-  HBOX_STORAGE_SQLITE_URL: .data/homebox.db?_fk=1
-
+  HBOX_STORAGE_SQLITE_URL: .data/homebox.db?_pragma=busy_timeout=1000&_pragma=journal_mode=WAL&_fk=1
+  HBOX_OPTIONS_ALLOW_REGISTRATION: true
+  UNSAFE_DISABLE_PASSWORD_PROJECTION: "yes_i_am_sure"
 tasks:
+  setup:
+    desc: Install development dependencies
+    cmds:
+      - go install github.com/swaggo/swag/cmd/swag@latest
+      - cd backend && go mod tidy
+      - cd frontend && pnpm install --shamefully-hoist
+
   generate:
     desc: |
       Generates collateral files from the backend project
@@ -11,53 +19,112 @@ tasks:
     deps:
       - db:generate
     cmds:
-      - cd backend/app/api/ && swag fmt
-      - cd backend/app/api/ && swag init --dir=./,../../internal,../../pkgs
+      - cd backend/app/api/static && swag fmt --dir=../
+      - cd backend/app/api/static && swag init --dir=../,../../../internal,../../../pkgs
       - |
         npx swagger-typescript-api \
           --no-client \
           --modular \
-          --path ./backend/app/api/docs/swagger.json \
+          --path ./backend/app/api/static/docs/swagger.json \
           --output ./frontend/lib/api/types
-      - python3 ./scripts/process-types.py ./frontend/lib/api/types/data-contracts.ts
+      - go run ./backend/app/tools/typegen/main.go ./frontend/lib/api/types/data-contracts.ts
+      - cp ./backend/app/api/static/docs/swagger.json docs/docs/api/openapi-2.0.json
     sources:
       - "./backend/app/api/**/*"
-      - "./backend/internal/repo/**/*"
-      - "./backend/internal/services/**/*"
-      - "./scripts/process-types.py"
-    generates:
-      - "./frontend/lib/api/types/data-contracts.ts"
-      - "./backend/app/api/docs/swagger.json"
-      - "./backend/app/api/docs/swagger.yaml"
+      - "./backend/internal/data/**"
+      - "./backend/internal/core/services/**/*"
+      - "./backend/app/tools/typegen/main.go"
 
-  api:
+  go:run:
     desc: Starts the backend api server (depends on generate task)
+    dir: backend
     deps:
       - generate
     cmds:
-      - cd backend && go run ./app/api/ {{ .CLI_ARGS }}
+      - go run ./app/api/ {{ .CLI_ARGS }}
     silent: false
 
-  api:build:
+  go:test:
+    desc: Runs all go tests using gotestsum - supports passing gotestsum args
+    dir: backend
     cmds:
-      - cd backend && go build ./app/api/
+      - gotestsum {{ .CLI_ARGS }} ./...
+
+  go:coverage:
+    desc: Runs all go tests with -race flag and generates a coverage report
+    dir: backend
+    cmds:
+      - go test -race -coverprofile=coverage.out -covermode=atomic ./app/... ./internal/... ./pkgs/... -v -cover
     silent: true
 
-  api:test:
+  go:tidy:
+    desc: Runs go mod tidy on the backend
+    dir: backend
     cmds:
-      - cd backend && go test ./app/api/
-    silent: true
+      - go mod tidy
 
-  api:watch:
+  go:lint:
+    desc: Runs golangci-lint
+    dir: backend
     cmds:
-      - cd backend && gotestsum --watch ./...
+      - golangci-lint run ./...
 
-  api:coverage:
+  go:all:
+    desc: Runs all go test and lint related tasks
     cmds:
-      - cd backend && go test -race -coverprofile=coverage.out -covermode=atomic ./app/... ./internal/... ./pkgs/... -v -cover
-    silent: true
+      - task: go:tidy
+      - task: go:lint
+      - task: go:test
+
+  go:build:
+    desc: Builds the backend binary
+    dir: backend
+    cmds:
+      - go build -o ../build/backend ./app/api
+
+  db:generate:
+    desc: Run Entgo.io Code Generation
+    dir: backend/internal/
+    cmds:
+      - |
+        go generate ./... \
+        --template=./data/ent/schema/templates/has_id.tmpl
+    sources:
+      - "./backend/internal/data/ent/schema/**/*"
+
+  db:migration:
+    desc: Runs the database diff engine to generate a SQL migration files
+    deps:
+      - db:generate
+    cmds:
+      - cd backend && go run app/tools/migrations/main.go {{ .CLI_ARGS }}
+
+  ui:watch:
+    desc: Starts the vitest test runner in watch mode
+    dir: frontend
+    cmds:
+      - pnpm run test:watch
+
+  ui:dev:
+    desc: Run frontend development server
+    dir: frontend
+    cmds:
+      - pnpm dev
+
+  ui:fix:
+    desc: Runs prettier and eslint on the frontend
+    dir: frontend
+    cmds:
+      - pnpm run lint:fix
+
+  ui:check:
+    desc: Runs type checking
+    dir: frontend
+    cmds:
+      - pnpm run typecheck
 
   test:ci:
+    desc: Runs end-to-end test on a live server (only for use in CI)
     cmds:
       - cd backend && go build ./app/api
       - backend/api &
@@ -65,30 +132,11 @@ tasks:
       - cd frontend && pnpm run test:ci
     silent: true
 
-  frontend:watch:
-    desc: Starts the vitest test runner in watch mode
+  pr:
+    desc: Runs all tasks required for a PR
     cmds:
-      - cd frontend && pnpm vitest --watch
-
-  frontend:
-    desc: Run frontend development server
-    cmds:
-      - cd frontend && pnpm dev
-
-  db:generate:
-    desc: Run Entgo.io Code Generation
-    cmds:
-      - |
-        cd backend && go generate ./... \
-        --template=ent/schema/templates/has_id.tmpl
-    sources:
-      - "./backend/ent/schema/**/*"
-    generates:
-      - "./backend/ent/"
-
-  db:migration:
-    desc: Runs the database diff engine to generate a SQL migration files
-    deps:
-      - db:generate
-    cmds:
-      - cd backend && go run app/migrations/main.go {{ .CLI_ARGS }}
+      - task: generate
+      - task: go:all
+      - task: ui:check
+      - task: ui:fix
+      - task: test:ci

backend/.gitignore

@@ -0,0 +1,2 @@
+
+dist/

backend/.goreleaser.yaml

@@ -0,0 +1,54 @@
+# This is an example .goreleaser.yml file with some sensible defaults.
+# Make sure to check the documentation at https://goreleaser.com
+before:
+  hooks:
+    # you may remove this if you don't need go generate
+    - go generate ./...
+builds:
+  - main: ./app/api
+    env:
+      - CGO_ENABLED=0
+    goos:
+      - linux
+      - windows
+      - darwin
+    goarch:
+      - amd64
+      - "386"
+      - arm
+      - arm64
+    ignore:
+      - goos: windows
+        goarch: arm
+      - goos: windows
+        goarch: "386"
+
+archives:
+  - format: tar.gz
+    # this name template makes the OS and Arch compatible with the results of uname.
+    name_template: >-
+      {{ .ProjectName }}_
+      {{- title .Os }}_
+      {{- if eq .Arch "amd64" }}x86_64
+      {{- else if eq .Arch "386" }}i386
+      {{- else }}{{ .Arch }}{{ end }}
+      {{- if .Arm }}v{{ .Arm }}{{ end }}
+    # use zip for windows archives
+    format_overrides:
+    - goos: windows
+      format: zip
+checksum:
+  name_template: 'checksums.txt'
+snapshot:
+  name_template: "{{ incpatch .Version }}-next"
+changelog:
+  sort: asc
+  filters:
+    exclude:
+      - '^docs:'
+      - '^test:'
+
+# The lines beneath this are called `modelines`. See `:help modeline`
+# Feel free to remove those if you don't want/use them.
+# yaml-language-server: $schema=https://goreleaser.com/static/schema.json
+# vim: set ts=2 sw=2 tw=0 fo=cnqoj

backend/app/api/app.go

@@ -3,12 +3,12 @@ package main
 import (
 	"time"
 
-	"github.com/hay-kot/homebox/backend/ent"
-	"github.com/hay-kot/homebox/backend/internal/config"
-	"github.com/hay-kot/homebox/backend/internal/repo"
-	"github.com/hay-kot/homebox/backend/internal/services"
+	"github.com/hay-kot/homebox/backend/internal/core/services"
+	"github.com/hay-kot/homebox/backend/internal/data/ent"
+	"github.com/hay-kot/homebox/backend/internal/data/repo"
+	"github.com/hay-kot/homebox/backend/internal/sys/config"
 	"github.com/hay-kot/homebox/backend/pkgs/mailer"
-	"github.com/hay-kot/homebox/backend/pkgs/server"
+	"github.com/hay-kot/safeserve/server"
 )
 
 type app struct {
@@ -37,8 +37,11 @@ func new(conf *config.Config) *app {
 }
 
 func (a *app) startBgTask(t time.Duration, fn func()) {
+	timer := time.NewTimer(t)
+
 	for {
+		timer.Reset(t)
 		a.server.Background(fn)
-		time.Sleep(t)
+		<-timer.C
 	}
 }

backend/app/api/demo.go

@@ -2,15 +2,14 @@ package main
 
 import (
 	"context"
-	"encoding/csv"
 	"strings"
 
-	"github.com/hay-kot/homebox/backend/internal/services"
+	"github.com/hay-kot/homebox/backend/internal/core/services"
 	"github.com/rs/zerolog/log"
 )
 
 func (a *app) SetupDemo() {
-	csvText := `Import Ref,Location,Labels,Quantity,Name,Description,Insured,Serial Number,Model Number,Manufacturer,Notes,Purchase From,Purchased Price,Purchased Time,Lifetime Warranty,Warranty Expires,Warranty Details,Sold To,Sold Price,Sold Time,Sold Notes
+	csvText := `HB.import_ref,HB.location,HB.labels,HB.quantity,HB.name,HB.description,HB.insured,HB.serial_number,HB.model_number,HB.manufacturer,HB.notes,HB.purchase_from,HB.purchase_price,HB.purchase_time,HB.lifetime_warranty,HB.warranty_expires,HB.warranty_details,HB.sold_to,HB.sold_price,HB.sold_time,HB.sold_notes
 ,Garage,IOT;Home Assistant; Z-Wave,1,Zooz Universal Relay ZEN17,"Zooz 700 Series Z-Wave Universal Relay ZEN17 for Awnings, Garage Doors, Sprinklers, and More | 2 NO-C-NC Relays (20A, 10A) | Signal Repeater | Hub Required (Compatible with SmartThings and Hubitat)",,,ZEN17,Zooz,,Amazon,39.95,10/13/2021,,,,,,,
 ,Living Room,IOT;Home Assistant; Z-Wave,1,Zooz Motion Sensor,"Zooz Z-Wave Plus S2 Motion Sensor ZSE18 with Magnetic Mount, Works with Vera and SmartThings",,,ZSE18,Zooz,,Amazon,29.95,10/15/2021,,,,,,,
 ,Office,IOT;Home Assistant; Z-Wave,1,Zooz 110v Power Switch,"Zooz Z-Wave Plus Power Switch ZEN15 for 110V AC Units, Sump Pumps, Humidifiers, and More",,,ZEN15,Zooz,,Amazon,39.95,10/13/2021,,,,,,,
@@ -19,16 +18,14 @@ func (a *app) SetupDemo() {
 ,Kitchen,IOT;Home Assistant; Z-Wave,1,Smart Rocker Light Dimmer,"UltraPro Z-Wave Smart Rocker Light Dimmer with QuickFit and SimpleWire, 3-Way Ready, Compatible with Alexa, Google Assistant, ZWave Hub Required, Repeater/Range Extender, White Paddle Only, 39351",,,‎39351,Honeywell,,Amazon,65.98,09/30/0202,,,,,,,
 `
 
-	var (
-		registration = services.UserRegistration{
-			Email:    "demo@email.com",
-			Name:     "Demo",
-			Password: "demo",
-		}
-	)
+	registration := services.UserRegistration{
+		Email:    "demo@example.com",
+		Name:     "Demo",
+		Password: "demo",
+	}
 
 	// First check if we've already setup a demo user and skip if so
-	_, err := a.services.User.Login(context.Background(), registration.Email, registration.Password)
+	_, err := a.services.User.Login(context.Background(), registration.Email, registration.Password, false)
 	if err == nil {
 		return
 	}
@@ -39,20 +36,10 @@ func (a *app) SetupDemo() {
 		log.Fatal().Msg("Failed to setup demo")
 	}
 
-	token, _ := a.services.User.Login(context.Background(), registration.Email, registration.Password)
+	token, _ := a.services.User.Login(context.Background(), registration.Email, registration.Password, false)
 	self, _ := a.services.User.GetSelf(context.Background(), token.Raw)
 
-	// Read CSV Text
-	reader := csv.NewReader(strings.NewReader(csvText))
-	reader.Comma = ','
-
-	records, err := reader.ReadAll()
-	if err != nil {
-		log.Err(err).Msg("Failed to read CSV")
-		log.Fatal().Msg("Failed to setup demo")
-	}
-
-	err = a.services.Items.CsvImport(context.Background(), self.GroupID, records)
+	_, err = a.services.Items.CsvImport(context.Background(), self.GroupID, strings.NewReader(csvText))
 	if err != nil {
 		log.Err(err).Msg("Failed to import CSV")
 		log.Fatal().Msg("Failed to setup demo")

backend/app/api/handlers/debughandlers/debug.go

@@ -0,0 +1,16 @@
+package debughandlers
+
+import (
+	"expvar"
+	"net/http"
+	"net/http/pprof"
+)
+
+func New(mux *http.ServeMux) {
+	mux.HandleFunc("/debug/pprof", pprof.Index)
+	mux.HandleFunc("/debug/pprof/cmdline", pprof.Cmdline)
+	mux.HandleFunc("/debug/pprof/profile", pprof.Profile)
+	mux.HandleFunc("/debug/pprof/symbol", pprof.Symbol)
+	mux.HandleFunc("/debug/pprof/trace", pprof.Trace)
+	mux.Handle("/debug/vars", expvar.Handler())
+}

backend/app/api/handlers/v1/controller.go

@@ -0,0 +1,112 @@
+package v1
+
+import (
+	"net/http"
+
+	"github.com/hay-kot/homebox/backend/internal/core/services"
+	"github.com/hay-kot/homebox/backend/internal/data/repo"
+	"github.com/hay-kot/safeserve/errchain"
+	"github.com/hay-kot/safeserve/server"
+)
+
+type Results[T any] struct {
+	Items []T `json:"items"`
+}
+
+func WrapResults[T any](items []T) Results[T] {
+	return Results[T]{Items: items}
+}
+
+type Wrapped struct {
+	Item interface{} `json:"item"`
+}
+
+func Wrap(v any) Wrapped {
+	return Wrapped{Item: v}
+}
+
+func WithMaxUploadSize(maxUploadSize int64) func(*V1Controller) {
+	return func(ctrl *V1Controller) {
+		ctrl.maxUploadSize = maxUploadSize
+	}
+}
+
+func WithDemoStatus(demoStatus bool) func(*V1Controller) {
+	return func(ctrl *V1Controller) {
+		ctrl.isDemo = demoStatus
+	}
+}
+
+func WithRegistration(allowRegistration bool) func(*V1Controller) {
+	return func(ctrl *V1Controller) {
+		ctrl.allowRegistration = allowRegistration
+	}
+}
+
+type V1Controller struct {
+	repo              *repo.AllRepos
+	svc               *services.AllServices
+	maxUploadSize     int64
+	isDemo            bool
+	allowRegistration bool
+}
+
+type (
+	ReadyFunc func() bool
+
+	Build struct {
+		Version   string `json:"version"`
+		Commit    string `json:"commit"`
+		BuildTime string `json:"buildTime"`
+	}
+
+	ApiSummary struct {
+		Healthy           bool     `json:"health"`
+		Versions          []string `json:"versions"`
+		Title             string   `json:"title"`
+		Message           string   `json:"message"`
+		Build             Build    `json:"build"`
+		Demo              bool     `json:"demo"`
+		AllowRegistration bool     `json:"allowRegistration"`
+	}
+)
+
+func BaseUrlFunc(prefix string) func(s string) string {
+	return func(s string) string {
+		return prefix + "/v1" + s
+	}
+}
+
+func NewControllerV1(svc *services.AllServices, repos *repo.AllRepos, options ...func(*V1Controller)) *V1Controller {
+	ctrl := &V1Controller{
+		repo:              repos,
+		svc:               svc,
+		allowRegistration: true,
+	}
+
+	for _, opt := range options {
+		opt(ctrl)
+	}
+
+	return ctrl
+}
+
+// HandleBase godoc
+//
+//	@Summary Application Info
+//	@Tags    Base
+//	@Produce json
+//	@Success 200 {object} ApiSummary
+//	@Router  /v1/status [GET]
+func (ctrl *V1Controller) HandleBase(ready ReadyFunc, build Build) errchain.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) error {
+		return server.JSON(w, http.StatusOK, ApiSummary{
+			Healthy:           ready(),
+			Title:             "Homebox",
+			Message:           "Track, Manage, and Organize your Things",
+			Build:             build,
+			Demo:              ctrl.isDemo,
+			AllowRegistration: ctrl.allowRegistration,
+		})
+	}
+}

backend/app/api/handlers/v1/partials.go

@@ -0,0 +1,27 @@
+package v1
+
+import (
+	"net/http"
+
+	"github.com/go-chi/chi/v5"
+	"github.com/google/uuid"
+	"github.com/hay-kot/homebox/backend/internal/sys/validate"
+)
+
+// routeID extracts the ID from the request URL. If the ID is not in a valid
+// format, an error is returned. If a error is returned, it can be directly returned
+// from the handler. the validate.ErrInvalidID error is known by the error middleware
+// and will be handled accordingly.
+//
+// Example: /api/v1/ac614db5-d8b8-4659-9b14-6e913a6eb18a -> uuid.UUID{ac614db5-d8b8-4659-9b14-6e913a6eb18a}
+func (ctrl *V1Controller) routeID(r *http.Request) (uuid.UUID, error) {
+	return ctrl.routeUUID(r, "id")
+}
+
+func (ctrl *V1Controller) routeUUID(r *http.Request, key string) (uuid.UUID, error) {
+	ID, err := uuid.Parse(chi.URLParam(r, key))
+	if err != nil {
+		return uuid.Nil, validate.NewRouteKeyError(key)
+	}
+	return ID, nil
+}

backend/app/api/handlers/v1/query_params.go

@@ -0,0 +1,36 @@
+package v1
+
+import (
+	"net/url"
+	"strconv"
+
+	"github.com/google/uuid"
+)
+
+func queryUUIDList(params url.Values, key string) []uuid.UUID {
+	var ids []uuid.UUID
+	for _, id := range params[key] {
+		uid, err := uuid.Parse(id)
+		if err != nil {
+			continue
+		}
+		ids = append(ids, uid)
+	}
+	return ids
+}
+
+func queryIntOrNegativeOne(s string) int {
+	i, err := strconv.Atoi(s)
+	if err != nil {
+		return -1
+	}
+	return i
+}
+
+func queryBool(s string) bool {
+	b, err := strconv.ParseBool(s)
+	if err != nil {
+		return false
+	}
+	return b
+}

backend/app/api/handlers/v1/v1_ctrl_actions.go

@@ -0,0 +1,70 @@
+package v1
+
+import (
+	"context"
+	"net/http"
+
+	"github.com/google/uuid"
+	"github.com/hay-kot/homebox/backend/internal/core/services"
+	"github.com/hay-kot/homebox/backend/internal/sys/validate"
+	"github.com/hay-kot/safeserve/errchain"
+	"github.com/hay-kot/safeserve/server"
+	"github.com/rs/zerolog/log"
+)
+
+type ActionAmountResult struct {
+	Completed int `json:"completed"`
+}
+
+func actionHandlerFactory(ref string, fn func(context.Context, uuid.UUID) (int, error)) errchain.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) error {
+		ctx := services.NewContext(r.Context())
+
+		totalCompleted, err := fn(ctx, ctx.GID)
+		if err != nil {
+			log.Err(err).Str("action_ref", ref).Msg("failed to run action")
+			return validate.NewRequestError(err, http.StatusInternalServerError)
+		}
+
+		return server.JSON(w, http.StatusOK, ActionAmountResult{Completed: totalCompleted})
+	}
+}
+
+// HandleEnsureAssetID godoc
+//
+//	@Summary     Ensure Asset IDs
+//	@Description Ensures all items in the database have an asset ID
+//	@Tags        Actions
+//	@Produce     json
+//	@Success     200     {object} ActionAmountResult
+//	@Router      /v1/actions/ensure-asset-ids [Post]
+//	@Security    Bearer
+func (ctrl *V1Controller) HandleEnsureAssetID() errchain.HandlerFunc {
+	return actionHandlerFactory("ensure asset IDs", ctrl.svc.Items.EnsureAssetID)
+}
+
+// HandleEnsureImportRefs godoc
+//
+//	@Summary  Ensures Import Refs
+//	@Description  Ensures all items in the database have an import ref
+//	@Tags     Actions
+//	@Produce  json
+//	@Success  200     {object} ActionAmountResult
+//	@Router   /v1/actions/ensure-import-refs [Post]
+//	@Security Bearer
+func (ctrl *V1Controller) HandleEnsureImportRefs() errchain.HandlerFunc {
+	return actionHandlerFactory("ensure import refs", ctrl.svc.Items.EnsureImportRef)
+}
+
+// HandleItemDateZeroOut godoc
+//
+//	@Summary      Zero Out Time Fields
+//	@Description  Resets all item date fields to the beginning of the day
+//	@Tags         Actions
+//	@Produce      json
+//	@Success      200     {object} ActionAmountResult
+//	@Router       /v1/actions/zero-item-time-fields [Post]
+//	@Security Bearer
+func (ctrl *V1Controller) HandleItemDateZeroOut() errchain.HandlerFunc {
+	return actionHandlerFactory("zero out date time", ctrl.repo.Items.ZeroOutTimeFields)
+}

backend/app/api/handlers/v1/v1_ctrl_assets.go

@@ -0,0 +1,62 @@
+package v1
+
+import (
+	"net/http"
+	"strconv"
+	"strings"
+
+	"github.com/go-chi/chi/v5"
+	"github.com/hay-kot/homebox/backend/internal/core/services"
+	"github.com/hay-kot/homebox/backend/internal/data/repo"
+	"github.com/hay-kot/homebox/backend/internal/sys/validate"
+	"github.com/hay-kot/safeserve/errchain"
+	"github.com/hay-kot/safeserve/server"
+
+	"github.com/rs/zerolog/log"
+)
+
+// HandleAssetGet godocs
+//
+//	@Summary  Get Item by Asset ID
+//	@Tags     Items
+//	@Produce  json
+//	@Param    id  path     string true "Asset ID"
+//	@Success  200       {object} repo.PaginationResult[repo.ItemSummary]{}
+//	@Router   /v1/assets/{id} [GET]
+//	@Security Bearer
+func (ctrl *V1Controller) HandleAssetGet() errchain.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) error {
+		ctx := services.NewContext(r.Context())
+		assetIdParam := chi.URLParam(r, "id")
+		assetIdParam = strings.ReplaceAll(assetIdParam, "-", "") // Remove dashes
+		// Convert the asset ID to an int64
+		assetId, err := strconv.ParseInt(assetIdParam, 10, 64)
+		if err != nil {
+			return err
+		}
+		pageParam := r.URL.Query().Get("page")
+		var page int64 = -1
+		if pageParam != "" {
+			page, err = strconv.ParseInt(pageParam, 10, 64)
+			if err != nil {
+				return server.JSON(w, http.StatusBadRequest, "Invalid page number")
+			}
+		}
+
+		pageSizeParam := r.URL.Query().Get("pageSize")
+		var pageSize int64 = -1
+		if pageSizeParam != "" {
+			pageSize, err = strconv.ParseInt(pageSizeParam, 10, 64)
+			if err != nil {
+				return server.JSON(w, http.StatusBadRequest, "Invalid page size")
+			}
+		}
+
+		items, err := ctrl.repo.Items.QueryByAssetID(r.Context(), ctx.GID, repo.AssetID(assetId), int(page), int(pageSize))
+		if err != nil {
+			log.Err(err).Msg("failed to get item")
+			return validate.NewRequestError(err, http.StatusInternalServerError)
+		}
+		return server.JSON(w, http.StatusOK, items)
+	}
+}

backend/app/api/handlers/v1/v1_ctrl_auth.go

@@ -0,0 +1,138 @@
+package v1
+
+import (
+	"errors"
+	"net/http"
+	"strings"
+	"time"
+
+	"github.com/hay-kot/homebox/backend/internal/core/services"
+	"github.com/hay-kot/homebox/backend/internal/sys/validate"
+	"github.com/hay-kot/safeserve/errchain"
+	"github.com/hay-kot/safeserve/server"
+	"github.com/rs/zerolog/log"
+)
+
+type (
+	TokenResponse struct {
+		Token           string    `json:"token"`
+		ExpiresAt       time.Time `json:"expiresAt"`
+		AttachmentToken string    `json:"attachmentToken"`
+	}
+
+	LoginForm struct {
+		Username     string `json:"username"`
+		Password     string `json:"password"`
+		StayLoggedIn bool   `json:"stayLoggedIn"`
+	}
+)
+
+// HandleAuthLogin godoc
+//
+//	@Summary User Login
+//	@Tags    Authentication
+//	@Accept  x-www-form-urlencoded
+//	@Accept  application/json
+//	@Param   username formData string false "string" example(admin@admin.com)
+//	@Param   password formData string false "string" example(admin)
+//	@Param    payload body     LoginForm true "Login Data"
+//	@Produce json
+//	@Success 200 {object} TokenResponse
+//	@Router  /v1/users/login [POST]
+func (ctrl *V1Controller) HandleAuthLogin() errchain.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) error {
+		loginForm := &LoginForm{}
+
+		switch r.Header.Get("Content-Type") {
+		case "application/x-www-form-urlencoded":
+			err := r.ParseForm()
+			if err != nil {
+				return errors.New("failed to parse form")
+			}
+
+			loginForm.Username = r.PostFormValue("username")
+			loginForm.Password = r.PostFormValue("password")
+			loginForm.StayLoggedIn = r.PostFormValue("stayLoggedIn") == "true"
+		case "application/json":
+			err := server.Decode(r, loginForm)
+			if err != nil {
+				log.Err(err).Msg("failed to decode login form")
+				return errors.New("failed to decode login form")
+			}
+		default:
+			return server.JSON(w, http.StatusBadRequest, errors.New("invalid content type"))
+		}
+
+		if loginForm.Username == "" || loginForm.Password == "" {
+			return validate.NewFieldErrors(
+				validate.FieldError{
+					Field: "username",
+					Error: "username or password is empty",
+				},
+				validate.FieldError{
+					Field: "password",
+					Error: "username or password is empty",
+				},
+			)
+		}
+
+		newToken, err := ctrl.svc.User.Login(r.Context(), strings.ToLower(loginForm.Username), loginForm.Password, loginForm.StayLoggedIn)
+		if err != nil {
+			return validate.NewRequestError(errors.New("authentication failed"), http.StatusInternalServerError)
+		}
+
+		return server.JSON(w, http.StatusOK, TokenResponse{
+			Token:           "Bearer " + newToken.Raw,
+			ExpiresAt:       newToken.ExpiresAt,
+			AttachmentToken: newToken.AttachmentToken,
+		})
+	}
+}
+
+// HandleAuthLogout godoc
+//
+//	@Summary  User Logout
+//	@Tags     Authentication
+//	@Success  204
+//	@Router   /v1/users/logout [POST]
+//	@Security Bearer
+func (ctrl *V1Controller) HandleAuthLogout() errchain.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) error {
+		token := services.UseTokenCtx(r.Context())
+		if token == "" {
+			return validate.NewRequestError(errors.New("no token within request context"), http.StatusUnauthorized)
+		}
+
+		err := ctrl.svc.User.Logout(r.Context(), token)
+		if err != nil {
+			return validate.NewRequestError(err, http.StatusInternalServerError)
+		}
+
+		return server.JSON(w, http.StatusNoContent, nil)
+	}
+}
+
+// HandleAuthLogout godoc
+//
+//	@Summary     User Token Refresh
+//	@Description handleAuthRefresh returns a handler that will issue a new token from an existing token.
+//	@Description This does not validate that the user still exists within the database.
+//	@Tags        Authentication
+//	@Success     200
+//	@Router      /v1/users/refresh [GET]
+//	@Security    Bearer
+func (ctrl *V1Controller) HandleAuthRefresh() errchain.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) error {
+		requestToken := services.UseTokenCtx(r.Context())
+		if requestToken == "" {
+			return validate.NewRequestError(errors.New("no token within request context"), http.StatusUnauthorized)
+		}
+
+		newToken, err := ctrl.svc.User.RenewToken(r.Context(), requestToken)
+		if err != nil {
+			return validate.NewUnauthorizedError()
+		}
+
+		return server.JSON(w, http.StatusOK, newToken)
+	}
+}

backend/app/api/handlers/v1/v1_ctrl_group.go

@@ -0,0 +1,88 @@
+package v1
+
+import (
+	"net/http"
+	"time"
+
+	"github.com/hay-kot/homebox/backend/internal/core/services"
+	"github.com/hay-kot/homebox/backend/internal/data/repo"
+	"github.com/hay-kot/homebox/backend/internal/web/adapters"
+	"github.com/hay-kot/safeserve/errchain"
+)
+
+type (
+	GroupInvitationCreate struct {
+		Uses      int       `json:"uses" validate:"required,min=1,max=100"`
+		ExpiresAt time.Time `json:"expiresAt"`
+	}
+
+	GroupInvitation struct {
+		Token     string    `json:"token"`
+		ExpiresAt time.Time `json:"expiresAt"`
+		Uses      int       `json:"uses"`
+	}
+)
+
+// HandleGroupGet godoc
+//
+//	@Summary  Get Group
+//	@Tags     Group
+//	@Produce  json
+//	@Success  200 {object} repo.Group
+//	@Router   /v1/groups [Get]
+//	@Security Bearer
+func (ctrl *V1Controller) HandleGroupGet() errchain.HandlerFunc {
+	fn := func(r *http.Request) (repo.Group, error) {
+		auth := services.NewContext(r.Context())
+		return ctrl.repo.Groups.GroupByID(auth, auth.GID)
+	}
+
+	return adapters.Command(fn, http.StatusOK)
+}
+
+// HandleGroupUpdate godoc
+//
+//	@Summary  Update Group
+//	@Tags     Group
+//	@Produce  json
+//	@Param    payload body     repo.GroupUpdate true "User Data"
+//	@Success  200     {object} repo.Group
+//	@Router   /v1/groups [Put]
+//	@Security Bearer
+func (ctrl *V1Controller) HandleGroupUpdate() errchain.HandlerFunc {
+	fn := func(r *http.Request, body repo.GroupUpdate) (repo.Group, error) {
+		auth := services.NewContext(r.Context())
+		return ctrl.svc.Group.UpdateGroup(auth, body)
+	}
+
+	return adapters.Action(fn, http.StatusOK)
+}
+
+// HandleGroupInvitationsCreate godoc
+//
+//	@Summary  Create Group Invitation
+//	@Tags     Group
+//	@Produce  json
+//	@Param    payload body     GroupInvitationCreate true "User Data"
+//	@Success  200     {object} GroupInvitation
+//	@Router   /v1/groups/invitations [Post]
+//	@Security Bearer
+func (ctrl *V1Controller) HandleGroupInvitationsCreate() errchain.HandlerFunc {
+	fn := func(r *http.Request, body GroupInvitationCreate) (GroupInvitation, error) {
+		if body.ExpiresAt.IsZero() {
+			body.ExpiresAt = time.Now().Add(time.Hour * 24)
+		}
+
+		auth := services.NewContext(r.Context())
+
+		token, err := ctrl.svc.Group.NewInvitation(auth, body.Uses, body.ExpiresAt)
+
+		return GroupInvitation{
+			Token:     token,
+			ExpiresAt: body.ExpiresAt,
+			Uses:      body.Uses,
+		}, err
+	}
+
+	return adapters.Action(fn, http.StatusCreated)
+}

backend/app/api/handlers/v1/v1_ctrl_items.go

@@ -0,0 +1,267 @@
+package v1
+
+import (
+	"database/sql"
+	"encoding/csv"
+	"errors"
+	"net/http"
+	"strings"
+
+	"github.com/google/uuid"
+	"github.com/hay-kot/homebox/backend/internal/core/services"
+	"github.com/hay-kot/homebox/backend/internal/data/repo"
+	"github.com/hay-kot/homebox/backend/internal/sys/validate"
+	"github.com/hay-kot/homebox/backend/internal/web/adapters"
+	"github.com/hay-kot/safeserve/errchain"
+	"github.com/hay-kot/safeserve/server"
+	"github.com/rs/zerolog/log"
+)
+
+// HandleItemsGetAll godoc
+//
+//	@Summary  Query All Items
+//	@Tags     Items
+//	@Produce  json
+//	@Param    q         query    string   false "search string"
+//	@Param    page      query    int      false "page number"
+//	@Param    pageSize  query    int      false "items per page"
+//	@Param    labels    query    []string false "label Ids"    collectionFormat(multi)
+//	@Param    locations query    []string false "location Ids" collectionFormat(multi)
+//	@Success  200       {object} repo.PaginationResult[repo.ItemSummary]{}
+//	@Router   /v1/items [GET]
+//	@Security Bearer
+func (ctrl *V1Controller) HandleItemsGetAll() errchain.HandlerFunc {
+	extractQuery := func(r *http.Request) repo.ItemQuery {
+		params := r.URL.Query()
+
+		filterFieldItems := func(raw []string) []repo.FieldQuery {
+			var items []repo.FieldQuery
+
+			for _, v := range raw {
+				parts := strings.SplitN(v, "=", 2)
+				if len(parts) == 2 {
+					items = append(items, repo.FieldQuery{
+						Name:  parts[0],
+						Value: parts[1],
+					})
+				}
+			}
+
+			return items
+		}
+
+		v := repo.ItemQuery{
+			Page:            queryIntOrNegativeOne(params.Get("page")),
+			PageSize:        queryIntOrNegativeOne(params.Get("pageSize")),
+			Search:          params.Get("q"),
+			LocationIDs:     queryUUIDList(params, "locations"),
+			LabelIDs:        queryUUIDList(params, "labels"),
+			IncludeArchived: queryBool(params.Get("includeArchived")),
+			Fields:          filterFieldItems(params["fields"]),
+		}
+
+		if strings.HasPrefix(v.Search, "#") {
+			aidStr := strings.TrimPrefix(v.Search, "#")
+
+			aid, ok := repo.ParseAssetID(aidStr)
+			if ok {
+				v.Search = ""
+				v.AssetID = aid
+			}
+		}
+
+		return v
+	}
+
+	return func(w http.ResponseWriter, r *http.Request) error {
+		ctx := services.NewContext(r.Context())
+
+		items, err := ctrl.repo.Items.QueryByGroup(ctx, ctx.GID, extractQuery(r))
+		if err != nil {
+			if errors.Is(err, sql.ErrNoRows) {
+				return server.JSON(w, http.StatusOK, repo.PaginationResult[repo.ItemSummary]{
+					Items: []repo.ItemSummary{},
+				})
+			}
+			log.Err(err).Msg("failed to get items")
+			return validate.NewRequestError(err, http.StatusInternalServerError)
+		}
+		return server.JSON(w, http.StatusOK, items)
+	}
+}
+
+// HandleItemsCreate godoc
+//
+//	@Summary  Create Item
+//	@Tags     Items
+//	@Produce  json
+//	@Param    payload body     repo.ItemCreate true "Item Data"
+//	@Success  201     {object} repo.ItemSummary
+//	@Router   /v1/items [POST]
+//	@Security Bearer
+func (ctrl *V1Controller) HandleItemsCreate() errchain.HandlerFunc {
+	fn := func(r *http.Request, body repo.ItemCreate) (repo.ItemOut, error) {
+		return ctrl.svc.Items.Create(services.NewContext(r.Context()), body)
+	}
+
+	return adapters.Action(fn, http.StatusCreated)
+}
+
+// HandleItemGet godocs
+//
+//	@Summary  Get Item
+//	@Tags     Items
+//	@Produce  json
+//	@Param    id  path     string true "Item ID"
+//	@Success  200 {object} repo.ItemOut
+//	@Router   /v1/items/{id} [GET]
+//	@Security Bearer
+func (ctrl *V1Controller) HandleItemGet() errchain.HandlerFunc {
+	fn := func(r *http.Request, ID uuid.UUID) (repo.ItemOut, error) {
+		auth := services.NewContext(r.Context())
+
+		return ctrl.repo.Items.GetOneByGroup(auth, auth.GID, ID)
+	}
+
+	return adapters.CommandID("id", fn, http.StatusOK)
+}
+
+// HandleItemDelete godocs
+//
+//	@Summary  Delete Item
+//	@Tags     Items
+//	@Produce  json
+//	@Param    id path string true "Item ID"
+//	@Success  204
+//	@Router   /v1/items/{id} [DELETE]
+//	@Security Bearer
+func (ctrl *V1Controller) HandleItemDelete() errchain.HandlerFunc {
+	fn := func(r *http.Request, ID uuid.UUID) (any, error) {
+		auth := services.NewContext(r.Context())
+		err := ctrl.repo.Items.DeleteByGroup(auth, auth.GID, ID)
+		return nil, err
+	}
+
+	return adapters.CommandID("id", fn, http.StatusNoContent)
+}
+
+// HandleItemUpdate godocs
+//
+//	@Summary  Update Item
+//	@Tags     Items
+//	@Produce  json
+//	@Param    id      path     string          true "Item ID"
+//	@Param    payload body     repo.ItemUpdate true "Item Data"
+//	@Success  200     {object} repo.ItemOut
+//	@Router   /v1/items/{id} [PUT]
+//	@Security Bearer
+func (ctrl *V1Controller) HandleItemUpdate() errchain.HandlerFunc {
+	fn := func(r *http.Request, ID uuid.UUID, body repo.ItemUpdate) (repo.ItemOut, error) {
+		auth := services.NewContext(r.Context())
+
+		body.ID = ID
+		return ctrl.repo.Items.UpdateByGroup(auth, auth.GID, body)
+	}
+
+	return adapters.ActionID("id", fn, http.StatusOK)
+}
+
+// HandleGetAllCustomFieldNames godocs
+//
+//	@Summary  Get All Custom Field Names
+//	@Tags     Items
+//	@Produce  json
+//	@Success  200
+//	@Router   /v1/items/fields [GET]
+//	@Success  200     {object} []string
+//	@Security Bearer
+func (ctrl *V1Controller) HandleGetAllCustomFieldNames() errchain.HandlerFunc {
+	fn := func(r *http.Request) ([]string, error) {
+		auth := services.NewContext(r.Context())
+		return ctrl.repo.Items.GetAllCustomFieldNames(auth, auth.GID)
+	}
+
+	return adapters.Command(fn, http.StatusOK)
+}
+
+// HandleGetAllCustomFieldValues godocs
+//
+//	@Summary  Get All Custom Field Values
+//	@Tags     Items
+//	@Produce  json
+//	@Success  200
+//	@Router   /v1/items/fields/values [GET]
+//	@Success  200     {object} []string
+//	@Security Bearer
+func (ctrl *V1Controller) HandleGetAllCustomFieldValues() errchain.HandlerFunc {
+	type query struct {
+		Field string `schema:"field" validate:"required"`
+	}
+
+	fn := func(r *http.Request, q query) ([]string, error) {
+		auth := services.NewContext(r.Context())
+		return ctrl.repo.Items.GetAllCustomFieldValues(auth, auth.GID, q.Field)
+	}
+
+	return adapters.Action(fn, http.StatusOK)
+
+}
+
+// HandleItemsImport godocs
+//
+//	@Summary  Import Items
+//	@Tags     Items
+//	@Produce  json
+//	@Success  204
+//	@Param    csv formData file true "Image to upload"
+//	@Router   /v1/items/import [Post]
+//	@Security Bearer
+func (ctrl *V1Controller) HandleItemsImport() errchain.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) error {
+		err := r.ParseMultipartForm(ctrl.maxUploadSize << 20)
+		if err != nil {
+			log.Err(err).Msg("failed to parse multipart form")
+			return validate.NewRequestError(err, http.StatusInternalServerError)
+		}
+
+		file, _, err := r.FormFile("csv")
+		if err != nil {
+			log.Err(err).Msg("failed to get file from form")
+			return validate.NewRequestError(err, http.StatusInternalServerError)
+		}
+
+		user := services.UseUserCtx(r.Context())
+
+		_, err = ctrl.svc.Items.CsvImport(r.Context(), user.GroupID, file)
+		if err != nil {
+			log.Err(err).Msg("failed to import items")
+			return validate.NewRequestError(err, http.StatusInternalServerError)
+		}
+
+		return server.JSON(w, http.StatusNoContent, nil)
+	}
+}
+
+// HandleItemsExport godocs
+//
+//	@Summary  Export Items
+//	@Tags     Items
+//	@Success 200 {string} string "text/csv"
+//	@Router   /v1/items/export [GET]
+//	@Security Bearer
+func (ctrl *V1Controller) HandleItemsExport() errchain.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) error {
+		ctx := services.NewContext(r.Context())
+
+		csvData, err := ctrl.svc.Items.ExportTSV(r.Context(), ctx.GID)
+		if err != nil {
+			log.Err(err).Msg("failed to export items")
+			return validate.NewRequestError(err, http.StatusInternalServerError)
+		}
+
+		w.Header().Set("Content-Type", "text/tsv")
+		w.Header().Set("Content-Disposition", "attachment;filename=homebox-items.tsv")
+		writer := csv.NewWriter(w)
+		return writer.WriteAll(csvData)
+	}
+}

backend/app/api/handlers/v1/v1_ctrl_items_attachments.go

@@ -0,0 +1,190 @@
+package v1
+
+import (
+	"errors"
+	"net/http"
+
+	"github.com/hay-kot/homebox/backend/internal/core/services"
+	"github.com/hay-kot/homebox/backend/internal/data/ent/attachment"
+	"github.com/hay-kot/homebox/backend/internal/data/repo"
+	"github.com/hay-kot/homebox/backend/internal/sys/validate"
+	"github.com/hay-kot/safeserve/errchain"
+	"github.com/hay-kot/safeserve/server"
+	"github.com/rs/zerolog/log"
+)
+
+type (
+	ItemAttachmentToken struct {
+		Token string `json:"token"`
+	}
+)
+
+// HandleItemAttachmentCreate godocs
+//
+//	@Summary  Create Item Attachment
+//	@Tags     Items Attachments
+//	@Produce  json
+//	@Param    id   path     string true "Item ID"
+//	@Param    file formData file   true "File attachment"
+//	@Param    type formData string true "Type of file"
+//	@Param    name formData string true "name of the file including extension"
+//	@Success  200  {object} repo.ItemOut
+//	@Failure  422  {object} mid.ErrorResponse
+//	@Router   /v1/items/{id}/attachments [POST]
+//	@Security Bearer
+func (ctrl *V1Controller) HandleItemAttachmentCreate() errchain.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) error {
+		err := r.ParseMultipartForm(ctrl.maxUploadSize << 20)
+		if err != nil {
+			log.Err(err).Msg("failed to parse multipart form")
+			return validate.NewRequestError(errors.New("failed to parse multipart form"), http.StatusBadRequest)
+
+		}
+
+		errs := validate.NewFieldErrors()
+
+		file, _, err := r.FormFile("file")
+		if err != nil {
+			switch {
+			case errors.Is(err, http.ErrMissingFile):
+				log.Debug().Msg("file for attachment is missing")
+				errs = errs.Append("file", "file is required")
+			default:
+				log.Err(err).Msg("failed to get file from form")
+				return validate.NewRequestError(err, http.StatusInternalServerError)
+			}
+		}
+
+		attachmentName := r.FormValue("name")
+		if attachmentName == "" {
+			log.Debug().Msg("failed to get name from form")
+			errs = errs.Append("name", "name is required")
+		}
+
+		if !errs.Nil() {
+			return server.JSON(w, http.StatusUnprocessableEntity, errs)
+		}
+
+		attachmentType := r.FormValue("type")
+		if attachmentType == "" {
+			attachmentType = attachment.TypeAttachment.String()
+		}
+
+		id, err := ctrl.routeID(r)
+		if err != nil {
+			return err
+		}
+
+		ctx := services.NewContext(r.Context())
+
+		item, err := ctrl.svc.Items.AttachmentAdd(
+			ctx,
+			id,
+			attachmentName,
+			attachment.Type(attachmentType),
+			file,
+		)
+		if err != nil {
+			log.Err(err).Msg("failed to add attachment")
+			return validate.NewRequestError(err, http.StatusInternalServerError)
+		}
+
+		return server.JSON(w, http.StatusCreated, item)
+	}
+}
+
+// HandleItemAttachmentGet godocs
+//
+//	@Summary  Get Item Attachment
+//	@Tags     Items Attachments
+//	@Produce  application/octet-stream
+//	@Param    id            path     string true "Item ID"
+//	@Param    attachment_id path     string true "Attachment ID"
+//	@Success  200           {object} ItemAttachmentToken
+//	@Router   /v1/items/{id}/attachments/{attachment_id} [GET]
+//	@Security Bearer
+func (ctrl *V1Controller) HandleItemAttachmentGet() errchain.HandlerFunc {
+	return ctrl.handleItemAttachmentsHandler
+}
+
+// HandleItemAttachmentDelete godocs
+//
+//	@Summary  Delete Item Attachment
+//	@Tags     Items Attachments
+//	@Param    id            path string true "Item ID"
+//	@Param    attachment_id path string true "Attachment ID"
+//	@Success  204
+//	@Router   /v1/items/{id}/attachments/{attachment_id} [DELETE]
+//	@Security Bearer
+func (ctrl *V1Controller) HandleItemAttachmentDelete() errchain.HandlerFunc {
+	return ctrl.handleItemAttachmentsHandler
+}
+
+// HandleItemAttachmentUpdate godocs
+//
+//	@Summary  Update Item Attachment
+//	@Tags     Items Attachments
+//	@Param    id            path     string                    true "Item ID"
+//	@Param    attachment_id path     string                    true "Attachment ID"
+//	@Param    payload       body     repo.ItemAttachmentUpdate true "Attachment Update"
+//	@Success  200           {object} repo.ItemOut
+//	@Router   /v1/items/{id}/attachments/{attachment_id} [PUT]
+//	@Security Bearer
+func (ctrl *V1Controller) HandleItemAttachmentUpdate() errchain.HandlerFunc {
+	return ctrl.handleItemAttachmentsHandler
+}
+
+func (ctrl *V1Controller) handleItemAttachmentsHandler(w http.ResponseWriter, r *http.Request) error {
+	ID, err := ctrl.routeID(r)
+	if err != nil {
+		return err
+	}
+
+	attachmentID, err := ctrl.routeUUID(r, "attachment_id")
+	if err != nil {
+		return err
+	}
+
+	ctx := services.NewContext(r.Context())
+	switch r.Method {
+	case http.MethodGet:
+		doc, err := ctrl.svc.Items.AttachmentPath(r.Context(), attachmentID)
+		if err != nil {
+			log.Err(err).Msg("failed to get attachment path")
+			return validate.NewRequestError(err, http.StatusInternalServerError)
+		}
+
+		http.ServeFile(w, r, doc.Path)
+		return nil
+
+	// Delete Attachment Handler
+	case http.MethodDelete:
+		err = ctrl.svc.Items.AttachmentDelete(r.Context(), ctx.GID, ID, attachmentID)
+		if err != nil {
+			log.Err(err).Msg("failed to delete attachment")
+			return validate.NewRequestError(err, http.StatusInternalServerError)
+		}
+
+		return server.JSON(w, http.StatusNoContent, nil)
+
+	// Update Attachment Handler
+	case http.MethodPut:
+		var attachment repo.ItemAttachmentUpdate
+		err = server.Decode(r, &attachment)
+		if err != nil {
+			log.Err(err).Msg("failed to decode attachment")
+			return validate.NewRequestError(err, http.StatusBadRequest)
+		}
+
+		attachment.ID = attachmentID
+		val, err := ctrl.svc.Items.AttachmentUpdate(ctx, ID, &attachment)
+		if err != nil {
+			log.Err(err).Msg("failed to delete attachment")
+			return validate.NewRequestError(err, http.StatusInternalServerError)
+		}
+
+		return server.JSON(w, http.StatusOK, val)
+	}
+
+	return nil
+}

backend/app/api/handlers/v1/v1_ctrl_labels.go

@@ -0,0 +1,102 @@
+package v1
+
+import (
+	"net/http"
+
+	"github.com/google/uuid"
+	"github.com/hay-kot/homebox/backend/internal/core/services"
+	"github.com/hay-kot/homebox/backend/internal/data/repo"
+	"github.com/hay-kot/homebox/backend/internal/web/adapters"
+	"github.com/hay-kot/safeserve/errchain"
+)
+
+// HandleLabelsGetAll godoc
+//
+//	@Summary  Get All Labels
+//	@Tags     Labels
+//	@Produce  json
+//	@Success  200 {object} []repo.LabelOut
+//	@Router   /v1/labels [GET]
+//	@Security Bearer
+func (ctrl *V1Controller) HandleLabelsGetAll() errchain.HandlerFunc {
+	fn := func(r *http.Request) ([]repo.LabelSummary, error) {
+		auth := services.NewContext(r.Context())
+		return ctrl.repo.Labels.GetAll(auth, auth.GID)
+	}
+
+	return adapters.Command(fn, http.StatusOK)
+}
+
+// HandleLabelsCreate godoc
+//
+//	@Summary  Create Label
+//	@Tags     Labels
+//	@Produce  json
+//	@Param    payload body     repo.LabelCreate true "Label Data"
+//	@Success  200     {object} repo.LabelSummary
+//	@Router   /v1/labels [POST]
+//	@Security Bearer
+func (ctrl *V1Controller) HandleLabelsCreate() errchain.HandlerFunc {
+	fn := func(r *http.Request, data repo.LabelCreate) (repo.LabelOut, error) {
+		auth := services.NewContext(r.Context())
+		return ctrl.repo.Labels.Create(auth, auth.GID, data)
+	}
+
+	return adapters.Action(fn, http.StatusCreated)
+}
+
+// HandleLabelDelete godocs
+//
+//	@Summary  Delete Label
+//	@Tags     Labels
+//	@Produce  json
+//	@Param    id path string true "Label ID"
+//	@Success  204
+//	@Router   /v1/labels/{id} [DELETE]
+//	@Security Bearer
+func (ctrl *V1Controller) HandleLabelDelete() errchain.HandlerFunc {
+	fn := func(r *http.Request, ID uuid.UUID) (any, error) {
+		auth := services.NewContext(r.Context())
+		err := ctrl.repo.Labels.DeleteByGroup(auth, auth.GID, ID)
+		return nil, err
+	}
+
+	return adapters.CommandID("id", fn, http.StatusNoContent)
+}
+
+// HandleLabelGet godocs
+//
+//	@Summary  Get Label
+//	@Tags     Labels
+//	@Produce  json
+//	@Param    id  path     string true "Label ID"
+//	@Success  200 {object} repo.LabelOut
+//	@Router   /v1/labels/{id} [GET]
+//	@Security Bearer
+func (ctrl *V1Controller) HandleLabelGet() errchain.HandlerFunc {
+	fn := func(r *http.Request, ID uuid.UUID) (repo.LabelOut, error) {
+		auth := services.NewContext(r.Context())
+		return ctrl.repo.Labels.GetOneByGroup(auth, auth.GID, ID)
+	}
+
+	return adapters.CommandID("id", fn, http.StatusOK)
+}
+
+// HandleLabelUpdate godocs
+//
+//	@Summary  Update Label
+//	@Tags     Labels
+//	@Produce  json
+//	@Param    id  path     string true "Label ID"
+//	@Success  200 {object} repo.LabelOut
+//	@Router   /v1/labels/{id} [PUT]
+//	@Security Bearer
+func (ctrl *V1Controller) HandleLabelUpdate() errchain.HandlerFunc {
+	fn := func(r *http.Request, ID uuid.UUID, data repo.LabelUpdate) (repo.LabelOut, error) {
+		auth := services.NewContext(r.Context())
+		data.ID = ID
+		return ctrl.repo.Labels.UpdateByGroup(auth, auth.GID, data)
+	}
+
+	return adapters.ActionID("id", fn, http.StatusOK)
+}

backend/app/api/handlers/v1/v1_ctrl_locations.go

@@ -0,0 +1,122 @@
+package v1
+
+import (
+	"net/http"
+
+	"github.com/google/uuid"
+	"github.com/hay-kot/homebox/backend/internal/core/services"
+	"github.com/hay-kot/homebox/backend/internal/data/repo"
+	"github.com/hay-kot/homebox/backend/internal/web/adapters"
+	"github.com/hay-kot/safeserve/errchain"
+)
+
+// HandleLocationTreeQuery
+//
+//	@Summary  Get Locations Tree
+//	@Tags     Locations
+//	@Produce  json
+//	@Param    withItems         query    bool   false "include items in response tree"
+//	@Success  200 {object} []repo.TreeItem
+//	@Router   /v1/locations/tree [GET]
+//	@Security Bearer
+func (ctrl *V1Controller) HandleLocationTreeQuery() errchain.HandlerFunc {
+	fn := func(r *http.Request, query repo.TreeQuery) ([]repo.TreeItem, error) {
+		auth := services.NewContext(r.Context())
+		return ctrl.repo.Locations.Tree(auth, auth.GID, query)
+	}
+
+	return adapters.Query(fn, http.StatusOK)
+}
+
+// HandleLocationGetAll
+//
+//	@Summary  Get All Locations
+//	@Tags     Locations
+//	@Produce  json
+//	@Param    filterChildren query bool false "Filter locations with parents"
+//	@Success  200 {object} []repo.LocationOutCount
+//	@Router   /v1/locations [GET]
+//	@Security Bearer
+func (ctrl *V1Controller) HandleLocationGetAll() errchain.HandlerFunc {
+	fn := func(r *http.Request, q repo.LocationQuery) ([]repo.LocationOutCount, error) {
+		auth := services.NewContext(r.Context())
+		return ctrl.repo.Locations.GetAll(auth, auth.GID, q)
+	}
+
+	return adapters.Query(fn, http.StatusOK)
+}
+
+// HandleLocationCreate
+//
+//	@Summary  Create Location
+//	@Tags     Locations
+//	@Produce  json
+//	@Param    payload body     repo.LocationCreate true "Location Data"
+//	@Success  200     {object} repo.LocationSummary
+//	@Router   /v1/locations [POST]
+//	@Security Bearer
+func (ctrl *V1Controller) HandleLocationCreate() errchain.HandlerFunc {
+	fn := func(r *http.Request, createData repo.LocationCreate) (repo.LocationOut, error) {
+		auth := services.NewContext(r.Context())
+		return ctrl.repo.Locations.Create(auth, auth.GID, createData)
+	}
+
+	return adapters.Action(fn, http.StatusCreated)
+}
+
+// HandleLocationDelete
+//
+//	@Summary  Delete Location
+//	@Tags     Locations
+//	@Produce  json
+//	@Param    id path string true "Location ID"
+//	@Success  204
+//	@Router   /v1/locations/{id} [DELETE]
+//	@Security Bearer
+func (ctrl *V1Controller) HandleLocationDelete() errchain.HandlerFunc {
+	fn := func(r *http.Request, ID uuid.UUID) (any, error) {
+		auth := services.NewContext(r.Context())
+		err := ctrl.repo.Locations.DeleteByGroup(auth, auth.GID, ID)
+		return nil, err
+	}
+
+	return adapters.CommandID("id", fn, http.StatusNoContent)
+}
+
+// HandleLocationGet
+//
+//	@Summary  Get Location
+//	@Tags     Locations
+//	@Produce  json
+//	@Param    id  path     string true "Location ID"
+//	@Success  200 {object} repo.LocationOut
+//	@Router   /v1/locations/{id} [GET]
+//	@Security Bearer
+func (ctrl *V1Controller) HandleLocationGet() errchain.HandlerFunc {
+	fn := func(r *http.Request, ID uuid.UUID) (repo.LocationOut, error) {
+		auth := services.NewContext(r.Context())
+		return ctrl.repo.Locations.GetOneByGroup(auth, auth.GID, ID)
+	}
+
+	return adapters.CommandID("id", fn, http.StatusOK)
+}
+
+// HandleLocationUpdate
+//
+//	@Summary  Update Location
+//	@Tags     Locations
+//	@Produce  json
+//	@Param    id      path     string              true "Location ID"
+//	@Param    payload body     repo.LocationUpdate true "Location Data"
+//	@Success  200     {object} repo.LocationOut
+//	@Router   /v1/locations/{id} [PUT]
+//	@Security Bearer
+func (ctrl *V1Controller) HandleLocationUpdate() errchain.HandlerFunc {
+	fn := func(r *http.Request, ID uuid.UUID, body repo.LocationUpdate) (repo.LocationOut, error) {
+		auth := services.NewContext(r.Context())
+		body.ID = ID
+		return ctrl.repo.Locations.UpdateByGroup(auth, auth.GID, ID, body)
+	}
+
+	return adapters.ActionID("id", fn, http.StatusOK)
+}

backend/app/api/handlers/v1/v1_ctrl_maint_entry.go

@@ -0,0 +1,82 @@
+package v1
+
+import (
+	"net/http"
+
+	"github.com/google/uuid"
+	"github.com/hay-kot/homebox/backend/internal/core/services"
+	"github.com/hay-kot/homebox/backend/internal/data/repo"
+	"github.com/hay-kot/homebox/backend/internal/web/adapters"
+	"github.com/hay-kot/safeserve/errchain"
+)
+
+// HandleMaintenanceGetLog godoc
+//
+//	@Summary  Get Maintenance Log
+//	@Tags     Maintenance
+//	@Produce  json
+//	@Success  200       {object} repo.MaintenanceLog
+//	@Router   /v1/items/{id}/maintenance [GET]
+//	@Security Bearer
+func (ctrl *V1Controller) HandleMaintenanceLogGet() errchain.HandlerFunc {
+	fn := func(r *http.Request, ID uuid.UUID, q repo.MaintenanceLogQuery) (repo.MaintenanceLog, error) {
+		auth := services.NewContext(r.Context())
+		return ctrl.repo.MaintEntry.GetLog(auth, auth.GID, ID, q)
+	}
+
+	return adapters.QueryID("id", fn, http.StatusOK)
+}
+
+// HandleMaintenanceEntryCreate godoc
+//
+//	@Summary  Create Maintenance Entry
+//	@Tags     Maintenance
+//	@Produce  json
+//	@Param    payload body     repo.MaintenanceEntryCreate true "Entry Data"
+//	@Success  201     {object} repo.MaintenanceEntry
+//	@Router   /v1/items/{id}/maintenance [POST]
+//	@Security Bearer
+func (ctrl *V1Controller) HandleMaintenanceEntryCreate() errchain.HandlerFunc {
+	fn := func(r *http.Request, itemID uuid.UUID, body repo.MaintenanceEntryCreate) (repo.MaintenanceEntry, error) {
+		auth := services.NewContext(r.Context())
+		return ctrl.repo.MaintEntry.Create(auth, itemID, body)
+	}
+
+	return adapters.ActionID("id", fn, http.StatusCreated)
+}
+
+// HandleMaintenanceEntryDelete godoc
+//
+//	@Summary  Delete Maintenance Entry
+//	@Tags     Maintenance
+//	@Produce  json
+//	@Success  204
+//	@Router   /v1/items/{id}/maintenance/{entry_id} [DELETE]
+//	@Security Bearer
+func (ctrl *V1Controller) HandleMaintenanceEntryDelete() errchain.HandlerFunc {
+	fn := func(r *http.Request, entryID uuid.UUID) (any, error) {
+		auth := services.NewContext(r.Context())
+		err := ctrl.repo.MaintEntry.Delete(auth, entryID)
+		return nil, err
+	}
+
+	return adapters.CommandID("entry_id", fn, http.StatusNoContent)
+}
+
+// HandleMaintenanceEntryUpdate godoc
+//
+//	@Summary  Update Maintenance Entry
+//	@Tags     Maintenance
+//	@Produce  json
+//	@Param    payload body     repo.MaintenanceEntryUpdate true "Entry Data"
+//	@Success  200     {object} repo.MaintenanceEntry
+//	@Router   /v1/items/{id}/maintenance/{entry_id} [PUT]
+//	@Security Bearer
+func (ctrl *V1Controller) HandleMaintenanceEntryUpdate() errchain.HandlerFunc {
+	fn := func(r *http.Request, entryID uuid.UUID, body repo.MaintenanceEntryUpdate) (repo.MaintenanceEntry, error) {
+		auth := services.NewContext(r.Context())
+		return ctrl.repo.MaintEntry.Update(auth, entryID, body)
+	}
+
+	return adapters.ActionID("entry_id", fn, http.StatusOK)
+}

backend/app/api/handlers/v1/v1_ctrl_notifiers.go

@@ -0,0 +1,105 @@
+package v1
+
+import (
+	"net/http"
+
+	"github.com/containrrr/shoutrrr"
+	"github.com/google/uuid"
+	"github.com/hay-kot/homebox/backend/internal/core/services"
+	"github.com/hay-kot/homebox/backend/internal/data/repo"
+	"github.com/hay-kot/homebox/backend/internal/web/adapters"
+	"github.com/hay-kot/safeserve/errchain"
+)
+
+// HandleGetUserNotifiers godoc
+//
+//	@Summary  Get Notifiers
+//	@Tags     Notifiers
+//	@Produce  json
+//	@Success  200 {object} []repo.NotifierOut
+//	@Router   /v1/notifiers [GET]
+//	@Security Bearer
+func (ctrl *V1Controller) HandleGetUserNotifiers() errchain.HandlerFunc {
+	fn := func(r *http.Request, _ struct{}) ([]repo.NotifierOut, error) {
+		user := services.UseUserCtx(r.Context())
+		return ctrl.repo.Notifiers.GetByUser(r.Context(), user.ID)
+	}
+
+	return adapters.Query(fn, http.StatusOK)
+}
+
+// HandleCreateNotifier godoc
+//
+//	@Summary  Create Notifier
+//	@Tags     Notifiers
+//	@Produce  json
+//	@Param    payload body     repo.NotifierCreate true "Notifier Data"
+//	@Success  200     {object} repo.NotifierOut
+//	@Router   /v1/notifiers [POST]
+//	@Security Bearer
+func (ctrl *V1Controller) HandleCreateNotifier() errchain.HandlerFunc {
+	fn := func(r *http.Request, in repo.NotifierCreate) (repo.NotifierOut, error) {
+		auth := services.NewContext(r.Context())
+		return ctrl.repo.Notifiers.Create(auth, auth.GID, auth.UID, in)
+	}
+
+	return adapters.Action(fn, http.StatusCreated)
+}
+
+// HandleDeleteNotifier godocs
+//
+//	@Summary Delete a Notifier
+//	@Tags    Notifiers
+//	@Param   id path string true "Notifier ID"
+//	@Success 204
+//	@Router  /v1/notifiers/{id} [DELETE]
+//	@Security Bearer
+func (ctrl *V1Controller) HandleDeleteNotifier() errchain.HandlerFunc {
+	fn := func(r *http.Request, ID uuid.UUID) (any, error) {
+		auth := services.NewContext(r.Context())
+		return nil, ctrl.repo.Notifiers.Delete(auth, auth.UID, ID)
+	}
+
+	return adapters.CommandID("id", fn, http.StatusNoContent)
+}
+
+// HandleUpdateNotifier godocs
+//
+//	@Summary Update Notifier
+//	@Tags    Notifiers
+//	@Param   id path string true "Notifier ID"
+//	@Param   payload body repo.NotifierUpdate true "Notifier Data"
+//	@Success 200 {object} repo.NotifierOut
+//	@Router  /v1/notifiers/{id} [PUT]
+//	@Security Bearer
+func (ctrl *V1Controller) HandleUpdateNotifier() errchain.HandlerFunc {
+	fn := func(r *http.Request, ID uuid.UUID, in repo.NotifierUpdate) (repo.NotifierOut, error) {
+		auth := services.NewContext(r.Context())
+		return ctrl.repo.Notifiers.Update(auth, auth.UID, ID, in)
+	}
+
+	return adapters.ActionID("id", fn, http.StatusOK)
+}
+
+// HandlerNotifierTest godoc
+//
+//	@Summary  Test Notifier
+//	@Tags     Notifiers
+//	@Produce  json
+//	@Param    id path string true "Notifier ID"
+//	@Param url query string true "URL"
+//	@Success  204
+//	@Router   /v1/notifiers/test [POST]
+//	@Security Bearer
+func (ctrl *V1Controller) HandlerNotifierTest() errchain.HandlerFunc {
+	type body struct {
+		URL string `json:"url" validate:"required"`
+	}
+
+	fn := func(r *http.Request, q body) (any, error) {
+		err := shoutrrr.Send(q.URL, "Test message from Homebox")
+		return nil, err
+	}
+
+	return adapters.Action(fn, http.StatusOK)
+}

backend/app/api/handlers/v1/v1_ctrl_qrcode.go

@@ -0,0 +1,66 @@
+package v1
+
+import (
+	"bytes"
+	"image/png"
+	"io"
+	"net/http"
+
+	"github.com/hay-kot/homebox/backend/internal/web/adapters"
+	"github.com/hay-kot/safeserve/errchain"
+	"github.com/yeqown/go-qrcode/v2"
+	"github.com/yeqown/go-qrcode/writer/standard"
+
+	_ "embed"
+)
+
+//go:embed assets/QRIcon.png
+var qrcodeLogo []byte
+
+// HandleGenerateQRCode godoc
+//
+//	@Summary  Create QR Code
+//	@Tags     Items
+//	@Produce  json
+//	@Param    data      query    string   false "data to be encoded into qrcode"
+//	@Success 200 {string} string "image/jpeg"
+//	@Router   /v1/qrcode [GET]
+//	@Security Bearer
+func (ctrl *V1Controller) HandleGenerateQRCode() errchain.HandlerFunc {
+	type query struct {
+		// 4,296 characters is the maximum length of a QR code
+		Data string `schema:"data" validate:"required,max=4296"`
+	}
+
+	return func(w http.ResponseWriter, r *http.Request) error {
+		q, err := adapters.DecodeQuery[query](r)
+		if err != nil {
+			return err
+		}
+
+		image, err := png.Decode(bytes.NewReader(qrcodeLogo))
+		if err != nil {
+			panic(err)
+		}
+
+		qrc, err := qrcode.New(q.Data)
+		if err != nil {
+			return err
+		}
+
+		toWriteCloser := struct {
+			io.Writer
+			io.Closer
+		}{
+			Writer: w,
+			Closer: io.NopCloser(nil),
+		}
+
+		qrwriter := standard.NewWithWriter(toWriteCloser, standard.WithLogoImage(image))
+
+		// Return the QR code as a jpeg image
+		w.Header().Set("Content-Type", "image/jpeg")
+		w.Header().Set("Content-Disposition", "attachment; filename=qrcode.jpg")
+		return qrc.Save(qrwriter)
+	}
+}

backend/app/api/handlers/v1/v1_ctrl_reporting.go

@@ -0,0 +1,32 @@
+package v1
+
+import (
+	"net/http"
+
+	"github.com/hay-kot/homebox/backend/internal/core/services"
+	"github.com/hay-kot/safeserve/errchain"
+)
+
+// HandleBillOfMaterialsExport godoc
+//
+//	@Summary  Export Bill of Materials
+//	@Tags     Reporting
+//	@Produce  json
+//	@Success 200 {string} string "text/csv"
+//	@Router   /v1/reporting/bill-of-materials [GET]
+//	@Security Bearer
+func (ctrl *V1Controller) HandleBillOfMaterialsExport() errchain.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) error {
+		actor := services.UseUserCtx(r.Context())
+
+		csv, err := ctrl.svc.Items.ExportBillOfMaterialsTSV(r.Context(), actor.GroupID)
+		if err != nil {
+			return err
+		}
+
+		w.Header().Set("Content-Type", "text/tsv")
+		w.Header().Set("Content-Disposition", "attachment; filename=bill-of-materials.tsv")
+		_, err = w.Write(csv)
+		return err
+	}
+}

backend/app/api/handlers/v1/v1_ctrl_statistics.go

@@ -0,0 +1,104 @@
+package v1
+
+import (
+	"net/http"
+	"time"
+
+	"github.com/hay-kot/homebox/backend/internal/core/services"
+	"github.com/hay-kot/homebox/backend/internal/data/repo"
+	"github.com/hay-kot/homebox/backend/internal/sys/validate"
+	"github.com/hay-kot/homebox/backend/internal/web/adapters"
+	"github.com/hay-kot/safeserve/errchain"
+	"github.com/hay-kot/safeserve/server"
+)
+
+// HandleGroupGet godoc
+//
+//	@Summary  Get Location Statistics
+//	@Tags     Statistics
+//	@Produce  json
+//	@Success  200 {object} []repo.TotalsByOrganizer
+//	@Router   /v1/groups/statistics/locations [GET]
+//	@Security Bearer
+func (ctrl *V1Controller) HandleGroupStatisticsLocations() errchain.HandlerFunc {
+	fn := func(r *http.Request) ([]repo.TotalsByOrganizer, error) {
+		auth := services.NewContext(r.Context())
+		return ctrl.repo.Groups.StatsLocationsByPurchasePrice(auth, auth.GID)
+	}
+
+	return adapters.Command(fn, http.StatusOK)
+}
+
+// HandleGroupStatisticsLabels godoc
+//
+//	@Summary  Get Label Statistics
+//	@Tags     Statistics
+//	@Produce  json
+//	@Success  200 {object} []repo.TotalsByOrganizer
+//	@Router   /v1/groups/statistics/labels [GET]
+//	@Security Bearer
+func (ctrl *V1Controller) HandleGroupStatisticsLabels() errchain.HandlerFunc {
+	fn := func(r *http.Request) ([]repo.TotalsByOrganizer, error) {
+		auth := services.NewContext(r.Context())
+		return ctrl.repo.Groups.StatsLabelsByPurchasePrice(auth, auth.GID)
+	}
+
+	return adapters.Command(fn, http.StatusOK)
+}
+
+// HandleGroupStatistics godoc
+//
+//	@Summary  Get Group Statistics
+//	@Tags     Statistics
+//	@Produce  json
+//	@Success  200 {object} repo.GroupStatistics
+//	@Router   /v1/groups/statistics [GET]
+//	@Security Bearer
+func (ctrl *V1Controller) HandleGroupStatistics() errchain.HandlerFunc {
+	fn := func(r *http.Request) (repo.GroupStatistics, error) {
+		auth := services.NewContext(r.Context())
+		return ctrl.repo.Groups.StatsGroup(auth, auth.GID)
+	}
+
+	return adapters.Command(fn, http.StatusOK)
+}
+
+// HandleGroupStatisticsPriceOverTime godoc
+//
+//	@Summary  Get Purchase Price Statistics
+//	@Tags     Statistics
+//	@Produce  json
+//	@Success  200 {object} repo.ValueOverTime
+//	@Param 	 start query string false "start date"
+//	@Param 	 end query string false "end date"
+//	@Router   /v1/groups/statistics/purchase-price [GET]
+//	@Security Bearer
+func (ctrl *V1Controller) HandleGroupStatisticsPriceOverTime() errchain.HandlerFunc {
+	parseDate := func(datestr string, defaultDate time.Time) (time.Time, error) {
+		if datestr == "" {
+			return defaultDate, nil
+		}
+		return time.Parse("2006-01-02", datestr)
+	}
+
+	return func(w http.ResponseWriter, r *http.Request) error {
+		ctx := services.NewContext(r.Context())
+
+		startDate, err := parseDate(r.URL.Query().Get("start"), time.Now().AddDate(0, -1, 0))
+		if err != nil {
+			return validate.NewRequestError(err, http.StatusBadRequest)
+		}
+
+		endDate, err := parseDate(r.URL.Query().Get("end"), time.Now())
+		if err != nil {
+			return validate.NewRequestError(err, http.StatusBadRequest)
+		}
+
+		stats, err := ctrl.repo.Groups.StatsPurchasePrice(ctx, ctx.GID, startDate, endDate)
+		if err != nil {
+			return validate.NewRequestError(err, http.StatusInternalServerError)
+		}
+
+		return server.JSON(w, http.StatusOK, stats)
+	}
+}

backend/app/api/handlers/v1/v1_ctrl_user.go

@@ -0,0 +1,154 @@
+package v1
+
+import (
+	"fmt"
+	"net/http"
+
+	"github.com/google/uuid"
+	"github.com/hay-kot/homebox/backend/internal/core/services"
+	"github.com/hay-kot/homebox/backend/internal/data/repo"
+	"github.com/hay-kot/homebox/backend/internal/sys/validate"
+	"github.com/hay-kot/safeserve/errchain"
+	"github.com/hay-kot/safeserve/server"
+	"github.com/rs/zerolog/log"
+)
+
+// HandleUserRegistration godoc
+//
+//	@Summary Register New User
+//	@Tags    User
+//	@Produce json
+//	@Param   payload body services.UserRegistration true "User Data"
+//	@Success 204
+//	@Router  /v1/users/register [Post]
+func (ctrl *V1Controller) HandleUserRegistration() errchain.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) error {
+		regData := services.UserRegistration{}
+
+		if err := server.Decode(r, &regData); err != nil {
+			log.Err(err).Msg("failed to decode user registration data")
+			return validate.NewRequestError(err, http.StatusInternalServerError)
+		}
+
+		if !ctrl.allowRegistration && regData.GroupToken == "" {
+			return validate.NewRequestError(fmt.Errorf("user registration disabled"), http.StatusForbidden)
+		}
+
+		_, err := ctrl.svc.User.RegisterUser(r.Context(), regData)
+		if err != nil {
+			log.Err(err).Msg("failed to register user")
+			return validate.NewRequestError(err, http.StatusInternalServerError)
+		}
+
+		return server.JSON(w, http.StatusNoContent, nil)
+	}
+}
+
+// HandleUserSelf godoc
+//
+//	@Summary  Get User Self
+//	@Tags     User
+//	@Produce  json
+//	@Success  200 {object} Wrapped{item=repo.UserOut}
+//	@Router   /v1/users/self [GET]
+//	@Security Bearer
+func (ctrl *V1Controller) HandleUserSelf() errchain.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) error {
+		token := services.UseTokenCtx(r.Context())
+		usr, err := ctrl.svc.User.GetSelf(r.Context(), token)
+		if usr.ID == uuid.Nil || err != nil {
+			log.Err(err).Msg("failed to get user")
+			return validate.NewRequestError(err, http.StatusInternalServerError)
+		}
+
+		return server.JSON(w, http.StatusOK, Wrap(usr))
+	}
+}
+
+// HandleUserSelfUpdate godoc
+//
+//	@Summary  Update Account
+//	@Tags     User
+//	@Produce  json
+//	@Param    payload body     repo.UserUpdate true "User Data"
+//	@Success  200     {object} Wrapped{item=repo.UserUpdate}
+//	@Router   /v1/users/self [PUT]
+//	@Security Bearer
+func (ctrl *V1Controller) HandleUserSelfUpdate() errchain.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) error {
+		updateData := repo.UserUpdate{}
+		if err := server.Decode(r, &updateData); err != nil {
+			log.Err(err).Msg("failed to decode user update data")
+			return validate.NewRequestError(err, http.StatusBadRequest)
+		}
+
+		actor := services.UseUserCtx(r.Context())
+		newData, err := ctrl.svc.User.UpdateSelf(r.Context(), actor.ID, updateData)
+		if err != nil {
+			return validate.NewRequestError(err, http.StatusInternalServerError)
+		}
+
+		return server.JSON(w, http.StatusOK, Wrap(newData))
+	}
+}
+
+// HandleUserSelfDelete godoc
+//
+//	@Summary  Delete Account
+//	@Tags     User
+//	@Produce  json
+//	@Success  204
+//	@Router   /v1/users/self [DELETE]
+//	@Security Bearer
+func (ctrl *V1Controller) HandleUserSelfDelete() errchain.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) error {
+		if ctrl.isDemo {
+			return validate.NewRequestError(nil, http.StatusForbidden)
+		}
+
+		actor := services.UseUserCtx(r.Context())
+		if err := ctrl.svc.User.DeleteSelf(r.Context(), actor.ID); err != nil {
+			return validate.NewRequestError(err, http.StatusInternalServerError)
+		}
+
+		return server.JSON(w, http.StatusNoContent, nil)
+	}
+}
+
+type (
+	ChangePassword struct {
+		Current string `json:"current,omitempty"`
+		New     string `json:"new,omitempty"`
+	}
+)
+
+// HandleUserSelfChangePassword godoc
+//
+//	@Summary  Change Password
+//	@Tags     User
+//	@Success  204
+//	@Param    payload body ChangePassword true "Password Payload"
+//	@Router   /v1/users/change-password [PUT]
+//	@Security Bearer
+func (ctrl *V1Controller) HandleUserSelfChangePassword() errchain.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) error {
+		if ctrl.isDemo {
+			return validate.NewRequestError(nil, http.StatusForbidden)
+		}
+
+		var cp ChangePassword
+		err := server.Decode(r, &cp)
+		if err != nil {
+			log.Err(err).Msg("user failed to change password")
+		}
+
+		ctx := services.NewContext(r.Context())
+
+		ok := ctrl.svc.User.ChangePassword(ctx, cp.Current, cp.New)
+		if !ok {
+			return validate.NewRequestError(err, http.StatusInternalServerError)
+		}
+
+		return server.JSON(w, http.StatusNoContent, nil)
+	}
+}

backend/app/api/logger.go

@@ -4,7 +4,7 @@ import (
 	"os"
 	"strings"
 
-	"github.com/hay-kot/homebox/backend/internal/config"
+	"github.com/hay-kot/homebox/backend/internal/sys/config"
 	"github.com/rs/zerolog"
 	"github.com/rs/zerolog/log"
 )
@@ -15,7 +15,7 @@ func (a *app) setupLogger() {
 	// Logger Init
 	// zerolog.TimeFieldFormat = zerolog.TimeFormatUnix
 	if a.conf.Log.Format != config.LogFormatJSON {
-		log.Logger = log.Output(zerolog.ConsoleWriter{Out: os.Stderr})
+		log.Logger = log.Output(zerolog.ConsoleWriter{Out: os.Stderr}).With().Caller().Logger()
 	}
 
 	log.Level(getLevel(a.conf.Log.Level))

backend/app/api/main.go

@@ -2,40 +2,52 @@ package main
 
 import (
 	"context"
+	"fmt"
+	"net/http"
 	"os"
 	"path/filepath"
 	"time"
 
 	atlas "ariga.io/atlas/sql/migrate"
 	"entgo.io/ent/dialect/sql/schema"
-	"github.com/hay-kot/homebox/backend/app/api/docs"
-	"github.com/hay-kot/homebox/backend/ent"
-	"github.com/hay-kot/homebox/backend/internal/config"
-	"github.com/hay-kot/homebox/backend/internal/migrations"
-	"github.com/hay-kot/homebox/backend/internal/repo"
-	"github.com/hay-kot/homebox/backend/internal/services"
-	"github.com/hay-kot/homebox/backend/pkgs/server"
-	_ "github.com/mattn/go-sqlite3"
+	"github.com/go-chi/chi/v5"
+	"github.com/go-chi/chi/v5/middleware"
+
+	"github.com/hay-kot/homebox/backend/app/api/static/docs"
+	"github.com/hay-kot/homebox/backend/internal/core/services"
+	"github.com/hay-kot/homebox/backend/internal/data/ent"
+	"github.com/hay-kot/homebox/backend/internal/data/migrations"
+	"github.com/hay-kot/homebox/backend/internal/data/repo"
+	"github.com/hay-kot/homebox/backend/internal/sys/config"
+	"github.com/hay-kot/homebox/backend/internal/web/mid"
+	"github.com/hay-kot/safeserve/errchain"
+	"github.com/hay-kot/safeserve/server"
+	"github.com/rs/zerolog"
 	"github.com/rs/zerolog/log"
+	"github.com/rs/zerolog/pkgerrors"
+
+	_ "github.com/hay-kot/homebox/backend/pkgs/cgofreesqlite"
 )
 
 var (
-	Version   = "0.1.0"
-	Commit    = "HEAD"
-	BuildTime = "now"
+	version   = "nightly"
+	commit    = "HEAD"
+	buildTime = "now"
 )
 
-// @title                       Go API Templates
-// @version                     1.0
-// @description                 This is a simple Rest API Server Template that implements some basic User and Authentication patterns to help you get started and bootstrap your next project!.
-// @contact.name                Don't
-// @license.name                MIT
-// @BasePath                    /api
-// @securityDefinitions.apikey  Bearer
-// @in                          header
-// @name                        Authorization
-// @description                 "Type 'Bearer TOKEN' to correctly set the API Key"
+// @title                      Homebox API
+// @version                    1.0
+// @description                Track, Manage, and Organize your Things.
+// @contact.name               Don't
+// @license.name               MIT
+// @BasePath                   /api
+// @securityDefinitions.apikey Bearer
+// @in                         header
+// @name                       Authorization
+// @description                "Type 'Bearer TOKEN' to correctly set the API Key"
 func main() {
+	zerolog.ErrorStackMarshaler = pkgerrors.MarshalStack
+
 	cfg, err := config.New()
 	if err != nil {
 		panic(err)
@@ -55,7 +67,7 @@ func run(cfg *config.Config) error {
 	// =========================================================================
 	// Initialize Database & Repos
 
-	err := os.MkdirAll(cfg.Storage.Data, 0755)
+	err := os.MkdirAll(cfg.Storage.Data, 0o755)
 	if err != nil {
 		log.Fatal().Err(err).Msg("failed to create data directory")
 	}
@@ -110,21 +122,33 @@ func run(cfg *config.Config) error {
 
 	app.db = c
 	app.repos = repo.New(c, cfg.Storage.Data)
-	app.services = services.NewServices(app.repos)
+	app.services = services.New(
+		app.repos,
+		services.WithAutoIncrementAssetID(cfg.Options.AutoIncrementAssetID),
+	)
 
 	// =========================================================================
 	// Start Server
+
+	logger := log.With().Caller().Logger()
+
+	router := chi.NewMux()
+	router.Use(
+		middleware.RequestID,
+		middleware.RealIP,
+		mid.Logger(logger),
+		middleware.Recoverer,
+		middleware.StripSlashes,
+	)
+
+	chain := errchain.New(mid.Errors(app.server, logger))
+
+	app.mountRoutes(router, chain, app.repos)
+
 	app.server = server.NewServer(
 		server.WithHost(app.conf.Web.Host),
 		server.WithPort(app.conf.Web.Port),
 	)
-
-	routes := app.newRouter(app.repos)
-
-	if app.conf.Mode != config.ModeDevelopment {
-		app.logRoutes(routes)
-	}
-
 	log.Info().Msgf("Starting HTTP Server on %s:%s", app.server.Host, app.server.Port)
 
 	// =========================================================================
@@ -138,6 +162,27 @@ func run(cfg *config.Config) error {
 				Msg("failed to purge expired tokens")
 		}
 	})
+	go app.startBgTask(time.Duration(24)*time.Hour, func() {
+		_, err := app.repos.Groups.InvitationPurge(context.Background())
+		if err != nil {
+			log.Error().
+				Err(err).
+				Msg("failed to purge expired invitations")
+		}
+	})
+	go app.startBgTask(time.Duration(1)*time.Hour, func() {
+		now := time.Now()
+
+		if now.Hour() == 8 {
+			fmt.Println("run notifiers")
+			err := app.services.BackgroundService.SendNotifiersToday(context.Background())
+			if err != nil {
+				log.Error().
+					Err(err).
+					Msg("failed to send notifiers")
+			}
+		}
+	})
 
 	// TODO: Remove through external API that does setup
 	if cfg.Demo {
@@ -145,5 +190,14 @@ func run(cfg *config.Config) error {
 		app.SetupDemo()
 	}
 
-	return app.server.Start(routes)
+	if cfg.Debug.Enabled {
+		debugrouter := app.debugRouter()
+		go func() {
+			if err := http.ListenAndServe(":"+cfg.Debug.Port, debugrouter); err != nil {
+				log.Fatal().Err(err).Msg("failed to start debug server")
+			}
+		}()
+	}
+
+	return app.server.Start(router)
 }

backend/app/api/middleware.go

@@ -1,160 +1,153 @@
 package main
 
 import (
-	"fmt"
+	"context"
+	"errors"
 	"net/http"
+	"net/url"
 	"strings"
-	"time"
 
-	"github.com/go-chi/chi/v5"
-	"github.com/go-chi/chi/v5/middleware"
-	"github.com/hay-kot/homebox/backend/internal/config"
-	"github.com/hay-kot/homebox/backend/internal/services"
-	"github.com/hay-kot/homebox/backend/pkgs/server"
-	"github.com/rs/zerolog/log"
+	"github.com/hay-kot/homebox/backend/internal/core/services"
+	"github.com/hay-kot/homebox/backend/internal/sys/validate"
+	"github.com/hay-kot/safeserve/errchain"
 )
 
-func (a *app) setGlobalMiddleware(r *chi.Mux) {
-	// =========================================================================
-	// Middleware
-	r.Use(middleware.RequestID)
-	r.Use(middleware.RealIP)
-	r.Use(mwStripTrailingSlash)
+type tokenHasKey struct {
+	key string
+}
 
-	// Use struct logger in production for requests, but use
-	// pretty console logger in development.
-	if a.conf.Mode == config.ModeDevelopment {
-		r.Use(a.mwSummaryLogger)
-	} else {
-		r.Use(a.mwStructLogger)
+var hashedToken = tokenHasKey{key: "hashedToken"}
+
+type RoleMode int
+
+const (
+	RoleModeOr  RoleMode = 0
+	RoleModeAnd RoleMode = 1
+)
+
+// mwRoles is a middleware that will validate the required roles are met. All roles
+// are required to be met for the request to be allowed. If the user does not have
+// the required roles, a 403 Forbidden will be returned.
+//
+// WARNING: This middleware _MUST_ be called after mwAuthToken or else it will panic
+func (a *app) mwRoles(rm RoleMode, required ...string) errchain.Middleware {
+	return func(next errchain.Handler) errchain.Handler {
+		return errchain.HandlerFunc(func(w http.ResponseWriter, r *http.Request) error {
+			ctx := r.Context()
+
+			maybeToken := ctx.Value(hashedToken)
+			if maybeToken == nil {
+				panic("mwRoles: token not found in context, you must call mwAuthToken before mwRoles")
+			}
+
+			token := maybeToken.(string)
+
+			roles, err := a.repos.AuthTokens.GetRoles(r.Context(), token)
+			if err != nil {
+				return err
+			}
+
+		outer:
+			switch rm {
+			case RoleModeOr:
+				for _, role := range required {
+					if roles.Contains(role) {
+						break outer
+					}
+				}
+				return validate.NewRequestError(errors.New("Forbidden"), http.StatusForbidden)
+			case RoleModeAnd:
+				for _, req := range required {
+					if !roles.Contains(req) {
+						return validate.NewRequestError(errors.New("Unauthorized"), http.StatusForbidden)
+					}
+				}
+			}
+
+			return next.ServeHTTP(w, r)
+		})
 	}
-	r.Use(middleware.Recoverer)
+}
 
-	// Set a timeout value on the request context (ctx), that will signal
-	// through ctx.Done() that the request has timed out and further
-	// processing should be stopped.
-	r.Use(middleware.Timeout(60 * time.Second))
+type KeyFunc func(r *http.Request) (string, error)
+
+func getBearer(r *http.Request) (string, error) {
+	auth := r.Header.Get("Authorization")
+	if auth == "" {
+		return "", errors.New("authorization header is required")
+	}
+
+	return auth, nil
+}
+
+func getQuery(r *http.Request) (string, error) {
+	token := r.URL.Query().Get("access_token")
+	if token == "" {
+		return "", errors.New("access_token query is required")
+	}
+
+	token, err := url.QueryUnescape(token)
+	if err != nil {
+		return "", errors.New("access_token query is required")
+	}
+
+	return token, nil
+}
+
+func getCookie(r *http.Request) (string, error) {
+	cookie, err := r.Cookie("hb.auth.token")
+	if err != nil {
+		return "", errors.New("access_token cookie is required")
+	}
+
+	token, err := url.QueryUnescape(cookie.Value)
+	if err != nil {
+		return "", errors.New("access_token cookie is required")
+	}
+
+	return token, nil
 }
 
 // mwAuthToken is a middleware that will check the database for a stateful token
-// and attach it to the request context with the user, or return a 401 if it doesn't exist.
-func (a *app) mwAuthToken(next http.Handler) http.Handler {
-	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		requestToken := r.Header.Get("Authorization")
+// and attach it's user to the request context, or return an appropriate error.
+// Authorization support is by token via Headers or Query Parameter
+//
+// Example:
+//   - header = "Bearer 1234567890"
+//   - query = "?access_token=1234567890"
+//   - cookie = hb.auth.token = 1234567890
+func (a *app) mwAuthToken(next errchain.Handler) errchain.Handler {
+	return errchain.HandlerFunc(func(w http.ResponseWriter, r *http.Request) error {
+		keyFuncs := [...]KeyFunc{
+			getBearer,
+			getCookie,
+			getQuery,
+		}
+
+		var requestToken string
+		for _, keyFunc := range keyFuncs {
+			token, err := keyFunc(r)
+			if err == nil {
+				requestToken = token
+				break
+			}
+		}
 
 		if requestToken == "" {
-			server.RespondUnauthorized(w)
-			return
+			return validate.NewRequestError(errors.New("Authorization header or query is required"), http.StatusUnauthorized)
 		}
 
 		requestToken = strings.TrimPrefix(requestToken, "Bearer ")
+
+		r = r.WithContext(context.WithValue(r.Context(), hashedToken, requestToken))
+
 		usr, err := a.services.User.GetSelf(r.Context(), requestToken)
-
 		// Check the database for the token
-
 		if err != nil {
-			server.RespondUnauthorized(w)
-			return
+			return validate.NewRequestError(errors.New("valid authorization header is required"), http.StatusUnauthorized)
 		}
 
 		r = r.WithContext(services.SetUserCtx(r.Context(), &usr, requestToken))
-
-		next.ServeHTTP(w, r)
-	})
-}
-
-// mwAdminOnly is a middleware that extends the mwAuthToken middleware to only allow
-// requests from superusers.
-// func (a *app) mwAdminOnly(next http.Handler) http.Handler {
-// 	mw := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-// 		usr := services.UseUserCtx(r.Context())
-
-// 		if !usr.IsSuperuser {
-// 			server.RespondUnauthorized(w)
-// 			return
-// 		}
-
-// 		next.ServeHTTP(w, r)
-// 	})
-// 	return a.mwAuthToken(mw)
-// }
-
-// mqStripTrailingSlash is a middleware that will strip trailing slashes from the request path.
-func mwStripTrailingSlash(next http.Handler) http.Handler {
-	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		r.URL.Path = strings.TrimSuffix(r.URL.Path, "/")
-		next.ServeHTTP(w, r)
-	})
-}
-
-type StatusRecorder struct {
-	http.ResponseWriter
-	Status int
-}
-
-func (r *StatusRecorder) WriteHeader(status int) {
-	r.Status = status
-	r.ResponseWriter.WriteHeader(status)
-}
-
-func (a *app) mwStructLogger(next http.Handler) http.Handler {
-	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		record := &StatusRecorder{ResponseWriter: w, Status: http.StatusOK}
-		next.ServeHTTP(record, r)
-
-		scheme := "http"
-		if r.TLS != nil {
-			scheme = "https"
-		}
-
-		url := fmt.Sprintf("%s://%s%s %s", scheme, r.Host, r.RequestURI, r.Proto)
-
-		log.Info().
-			Str("id", middleware.GetReqID(r.Context())).
-			Str("url", url).
-			Str("method", r.Method).
-			Str("remote_addr", r.RemoteAddr).
-			Int("status", record.Status).
-			Msg(url)
-	})
-}
-
-func (a *app) mwSummaryLogger(next http.Handler) http.Handler {
-	bold := func(s string) string { return "\033[1m" + s + "\033[0m" }
-	orange := func(s string) string { return "\033[33m" + s + "\033[0m" }
-	aqua := func(s string) string { return "\033[36m" + s + "\033[0m" }
-	red := func(s string) string { return "\033[31m" + s + "\033[0m" }
-	green := func(s string) string { return "\033[32m" + s + "\033[0m" }
-
-	fmtCode := func(code int) string {
-		switch {
-		case code >= 500:
-			return red(fmt.Sprintf("%d", code))
-		case code >= 400:
-			return orange(fmt.Sprintf("%d", code))
-		case code >= 300:
-			return aqua(fmt.Sprintf("%d", code))
-		default:
-			return green(fmt.Sprintf("%d", code))
-		}
-	}
-
-	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		record := &StatusRecorder{ResponseWriter: w, Status: http.StatusOK}
-		next.ServeHTTP(record, r) // Blocks until the next handler returns.
-
-		scheme := "http"
-		if r.TLS != nil {
-			scheme = "https"
-		}
-
-		url := fmt.Sprintf("%s://%s%s %s", scheme, r.Host, r.RequestURI, r.Proto)
-
-		log.Info().
-			Msgf("%s  %s  %s",
-				bold(orange(""+r.Method+"")),
-				aqua(url),
-				bold(fmtCode(record.Status)),
-			)
+		return next.ServeHTTP(w, r)
 	})
 }

backend/app/api/routes.go

@@ -11,10 +11,12 @@ import (
 	"path/filepath"
 
 	"github.com/go-chi/chi/v5"
-	_ "github.com/hay-kot/homebox/backend/app/api/docs"
-	v1 "github.com/hay-kot/homebox/backend/app/api/v1"
-	"github.com/hay-kot/homebox/backend/internal/repo"
-	"github.com/rs/zerolog/log"
+	"github.com/hay-kot/homebox/backend/app/api/handlers/debughandlers"
+	v1 "github.com/hay-kot/homebox/backend/app/api/handlers/v1"
+	_ "github.com/hay-kot/homebox/backend/app/api/static/docs"
+	"github.com/hay-kot/homebox/backend/internal/data/ent/authroles"
+	"github.com/hay-kot/homebox/backend/internal/data/repo"
+	"github.com/hay-kot/safeserve/errchain"
 	httpSwagger "github.com/swaggo/http-swagger" // http-swagger middleware
 )
 
@@ -23,16 +25,20 @@ const prefix = "/api"
 var (
 	ErrDir = errors.New("path is dir")
 
-	//go:embed all:public/*
+	//go:embed all:static/public/*
 	public embed.FS
 )
 
-// registerRoutes registers all the routes for the API
-func (a *app) newRouter(repos *repo.AllRepos) *chi.Mux {
-	registerMimes()
+func (a *app) debugRouter() *http.ServeMux {
+	dbg := http.NewServeMux()
+	debughandlers.New(dbg)
 
-	r := chi.NewRouter()
-	a.setGlobalMiddleware(r)
+	return dbg
+}
+
+// registerRoutes registers all the routes for the API
+func (a *app) mountRoutes(r *chi.Mux, chain *errchain.ErrChain, repos *repo.AllRepos) {
+	registerMimes()
 
 	r.Get("/swagger/*", httpSwagger.Handler(
 		httpSwagger.URL(fmt.Sprintf("%s://%s/swagger/doc.json", a.conf.Swagger.Scheme, a.conf.Swagger.Host)),
@@ -42,83 +48,112 @@ func (a *app) newRouter(repos *repo.AllRepos) *chi.Mux {
 	// API Version 1
 
 	v1Base := v1.BaseUrlFunc(prefix)
-	v1Ctrl := v1.NewControllerV1(a.services,
+
+	v1Ctrl := v1.NewControllerV1(
+		a.services,
+		a.repos,
 		v1.WithMaxUploadSize(a.conf.Web.MaxUploadSize),
+		v1.WithRegistration(a.conf.Options.AllowRegistration),
 		v1.WithDemoStatus(a.conf.Demo), // Disable Password Change in Demo Mode
 	)
-	r.Get(v1Base("/status"), v1Ctrl.HandleBase(func() bool { return true }, v1.Build{
-		Version:   Version,
-		Commit:    Commit,
-		BuildTime: BuildTime,
-	}))
 
-	r.Post(v1Base("/users/register"), v1Ctrl.HandleUserRegistration())
-	r.Post(v1Base("/users/login"), v1Ctrl.HandleAuthLogin())
+	r.Get(v1Base("/status"), chain.ToHandlerFunc(v1Ctrl.HandleBase(func() bool { return true }, v1.Build{
+		Version:   version,
+		Commit:    commit,
+		BuildTime: buildTime,
+	})))
 
-	// Attachment download URl needs a `token` query param to be passed in the request.
-	// and also needs to be outside of the `auth` middleware.
-	r.Get(v1Base("/items/{id}/attachments/download"), v1Ctrl.HandleItemAttachmentDownload())
+	r.Post(v1Base("/users/register"), chain.ToHandlerFunc(v1Ctrl.HandleUserRegistration()))
+	r.Post(v1Base("/users/login"), chain.ToHandlerFunc(v1Ctrl.HandleAuthLogin()))
 
-	r.Group(func(r chi.Router) {
-		r.Use(a.mwAuthToken)
-		r.Get(v1Base("/users/self"), v1Ctrl.HandleUserSelf())
-		r.Put(v1Base("/users/self"), v1Ctrl.HandleUserSelfUpdate())
-		r.Delete(v1Base("/users/self"), v1Ctrl.HandleUserSelfDelete())
-		r.Put(v1Base("/users/self/password"), v1Ctrl.HandleUserUpdatePassword())
-		r.Post(v1Base("/users/logout"), v1Ctrl.HandleAuthLogout())
-		r.Get(v1Base("/users/refresh"), v1Ctrl.HandleAuthRefresh())
-		r.Put(v1Base("/users/self/change-password"), v1Ctrl.HandleUserSelfChangePassword())
-
-		r.Post(v1Base("/groups/invitations"), v1Ctrl.HandleGroupInvitationsCreate())
-
-		r.Get(v1Base("/locations"), v1Ctrl.HandleLocationGetAll())
-		r.Post(v1Base("/locations"), v1Ctrl.HandleLocationCreate())
-		r.Get(v1Base("/locations/{id}"), v1Ctrl.HandleLocationGet())
-		r.Put(v1Base("/locations/{id}"), v1Ctrl.HandleLocationUpdate())
-		r.Delete(v1Base("/locations/{id}"), v1Ctrl.HandleLocationDelete())
-
-		r.Get(v1Base("/labels"), v1Ctrl.HandleLabelsGetAll())
-		r.Post(v1Base("/labels"), v1Ctrl.HandleLabelsCreate())
-		r.Get(v1Base("/labels/{id}"), v1Ctrl.HandleLabelGet())
-		r.Put(v1Base("/labels/{id}"), v1Ctrl.HandleLabelUpdate())
-		r.Delete(v1Base("/labels/{id}"), v1Ctrl.HandleLabelDelete())
-
-		r.Get(v1Base("/items"), v1Ctrl.HandleItemsGetAll())
-		r.Post(v1Base("/items/import"), v1Ctrl.HandleItemsImport())
-		r.Post(v1Base("/items"), v1Ctrl.HandleItemsCreate())
-		r.Get(v1Base("/items/{id}"), v1Ctrl.HandleItemGet())
-		r.Put(v1Base("/items/{id}"), v1Ctrl.HandleItemUpdate())
-		r.Delete(v1Base("/items/{id}"), v1Ctrl.HandleItemDelete())
-
-		r.Post(v1Base("/items/{id}/attachments"), v1Ctrl.HandleItemAttachmentCreate())
-		r.Get(v1Base("/items/{id}/attachments/{attachment_id}"), v1Ctrl.HandleItemAttachmentToken())
-		r.Put(v1Base("/items/{id}/attachments/{attachment_id}"), v1Ctrl.HandleItemAttachmentUpdate())
-		r.Delete(v1Base("/items/{id}/attachments/{attachment_id}"), v1Ctrl.HandleItemAttachmentDelete())
-	})
-
-	r.NotFound(notFoundHandler())
-	return r
-}
-
-// logRoutes logs the routes of the server that are registered within Server.registerRoutes(). This is useful for debugging.
-// See https://github.com/go-chi/chi/issues/332 for details and inspiration.
-func (a *app) logRoutes(r *chi.Mux) {
-	desiredSpaces := 10
-
-	walkFunc := func(method string, route string, handler http.Handler, middleware ...func(http.Handler) http.Handler) error {
-		text := "[" + method + "]"
-
-		for len(text) < desiredSpaces {
-			text = text + " "
-		}
-
-		fmt.Printf("Registered Route: %s%s\n", text, route)
-		return nil
+	userMW := []errchain.Middleware{
+		a.mwAuthToken,
+		a.mwRoles(RoleModeOr, authroles.RoleUser.String()),
 	}
 
-	if err := chi.Walk(r, walkFunc); err != nil {
-		fmt.Printf("Logging err: %s\n", err.Error())
+	r.Get(v1Base("/users/self"), chain.ToHandlerFunc(v1Ctrl.HandleUserSelf(), userMW...))
+	r.Put(v1Base("/users/self"), chain.ToHandlerFunc(v1Ctrl.HandleUserSelfUpdate(), userMW...))
+	r.Delete(v1Base("/users/self"), chain.ToHandlerFunc(v1Ctrl.HandleUserSelfDelete(), userMW...))
+	r.Post(v1Base("/users/logout"), chain.ToHandlerFunc(v1Ctrl.HandleAuthLogout(), userMW...))
+	r.Get(v1Base("/users/refresh"), chain.ToHandlerFunc(v1Ctrl.HandleAuthRefresh(), userMW...))
+	r.Put(v1Base("/users/self/change-password"), chain.ToHandlerFunc(v1Ctrl.HandleUserSelfChangePassword(), userMW...))
+
+	r.Post(v1Base("/groups/invitations"), chain.ToHandlerFunc(v1Ctrl.HandleGroupInvitationsCreate(), userMW...))
+	r.Get(v1Base("/groups/statistics"), chain.ToHandlerFunc(v1Ctrl.HandleGroupStatistics(), userMW...))
+	r.Get(v1Base("/groups/statistics/purchase-price"), chain.ToHandlerFunc(v1Ctrl.HandleGroupStatisticsPriceOverTime(), userMW...))
+	r.Get(v1Base("/groups/statistics/locations"), chain.ToHandlerFunc(v1Ctrl.HandleGroupStatisticsLocations(), userMW...))
+	r.Get(v1Base("/groups/statistics/labels"), chain.ToHandlerFunc(v1Ctrl.HandleGroupStatisticsLabels(), userMW...))
+
+	// TODO: I don't like /groups being the URL for users
+	r.Get(v1Base("/groups"), chain.ToHandlerFunc(v1Ctrl.HandleGroupGet(), userMW...))
+	r.Put(v1Base("/groups"), chain.ToHandlerFunc(v1Ctrl.HandleGroupUpdate(), userMW...))
+
+	r.Post(v1Base("/actions/ensure-asset-ids"), chain.ToHandlerFunc(v1Ctrl.HandleEnsureAssetID(), userMW...))
+	r.Post(v1Base("/actions/zero-item-time-fields"), chain.ToHandlerFunc(v1Ctrl.HandleItemDateZeroOut(), userMW...))
+	r.Post(v1Base("/actions/ensure-import-refs"), chain.ToHandlerFunc(v1Ctrl.HandleEnsureImportRefs(), userMW...))
+
+	r.Get(v1Base("/locations"), chain.ToHandlerFunc(v1Ctrl.HandleLocationGetAll(), userMW...))
+	r.Post(v1Base("/locations"), chain.ToHandlerFunc(v1Ctrl.HandleLocationCreate(), userMW...))
+	r.Get(v1Base("/locations/tree"), chain.ToHandlerFunc(v1Ctrl.HandleLocationTreeQuery(), userMW...))
+	r.Get(v1Base("/locations/{id}"), chain.ToHandlerFunc(v1Ctrl.HandleLocationGet(), userMW...))
+	r.Put(v1Base("/locations/{id}"), chain.ToHandlerFunc(v1Ctrl.HandleLocationUpdate(), userMW...))
+	r.Delete(v1Base("/locations/{id}"), chain.ToHandlerFunc(v1Ctrl.HandleLocationDelete(), userMW...))
+
+	r.Get(v1Base("/labels"), chain.ToHandlerFunc(v1Ctrl.HandleLabelsGetAll(), userMW...))
+	r.Post(v1Base("/labels"), chain.ToHandlerFunc(v1Ctrl.HandleLabelsCreate(), userMW...))
+	r.Get(v1Base("/labels/{id}"), chain.ToHandlerFunc(v1Ctrl.HandleLabelGet(), userMW...))
+	r.Put(v1Base("/labels/{id}"), chain.ToHandlerFunc(v1Ctrl.HandleLabelUpdate(), userMW...))
+	r.Delete(v1Base("/labels/{id}"), chain.ToHandlerFunc(v1Ctrl.HandleLabelDelete(), userMW...))
+
+	r.Get(v1Base("/items"), chain.ToHandlerFunc(v1Ctrl.HandleItemsGetAll(), userMW...))
+	r.Post(v1Base("/items"), chain.ToHandlerFunc(v1Ctrl.HandleItemsCreate(), userMW...))
+	r.Post(v1Base("/items/import"), chain.ToHandlerFunc(v1Ctrl.HandleItemsImport(), userMW...))
+	r.Get(v1Base("/items/export"), chain.ToHandlerFunc(v1Ctrl.HandleItemsExport(), userMW...))
+	r.Get(v1Base("/items/fields"), chain.ToHandlerFunc(v1Ctrl.HandleGetAllCustomFieldNames(), userMW...))
+	r.Get(v1Base("/items/fields/values"), chain.ToHandlerFunc(v1Ctrl.HandleGetAllCustomFieldValues(), userMW...))
+
+	r.Get(v1Base("/items/{id}"), chain.ToHandlerFunc(v1Ctrl.HandleItemGet(), userMW...))
+	r.Put(v1Base("/items/{id}"), chain.ToHandlerFunc(v1Ctrl.HandleItemUpdate(), userMW...))
+	r.Delete(v1Base("/items/{id}"), chain.ToHandlerFunc(v1Ctrl.HandleItemDelete(), userMW...))
+
+	r.Post(v1Base("/items/{id}/attachments"), chain.ToHandlerFunc(v1Ctrl.HandleItemAttachmentCreate(), userMW...))
+	r.Put(v1Base("/items/{id}/attachments/{attachment_id}"), chain.ToHandlerFunc(v1Ctrl.HandleItemAttachmentUpdate(), userMW...))
+	r.Delete(v1Base("/items/{id}/attachments/{attachment_id}"), chain.ToHandlerFunc(v1Ctrl.HandleItemAttachmentDelete(), userMW...))
+
+	r.Get(v1Base("/items/{id}/maintenance"), chain.ToHandlerFunc(v1Ctrl.HandleMaintenanceLogGet(), userMW...))
+	r.Post(v1Base("/items/{id}/maintenance"), chain.ToHandlerFunc(v1Ctrl.HandleMaintenanceEntryCreate(), userMW...))
+	r.Put(v1Base("/items/{id}/maintenance/{entry_id}"), chain.ToHandlerFunc(v1Ctrl.HandleMaintenanceEntryUpdate(), userMW...))
+	r.Delete(v1Base("/items/{id}/maintenance/{entry_id}"), chain.ToHandlerFunc(v1Ctrl.HandleMaintenanceEntryDelete(), userMW...))
+
+	r.Get(v1Base("/asset/{id}"), chain.ToHandlerFunc(v1Ctrl.HandleAssetGet(), userMW...))
+
+	// Notifiers
+	r.Get(v1Base("/notifiers"), chain.ToHandlerFunc(v1Ctrl.HandleGetUserNotifiers(), userMW...))
+	r.Post(v1Base("/notifiers"), chain.ToHandlerFunc(v1Ctrl.HandleCreateNotifier(), userMW...))
+	r.Put(v1Base("/notifiers/{id}"), chain.ToHandlerFunc(v1Ctrl.HandleUpdateNotifier(), userMW...))
+	r.Delete(v1Base("/notifiers/{id}"), chain.ToHandlerFunc(v1Ctrl.HandleDeleteNotifier(), userMW...))
+	r.Post(v1Base("/notifiers/test"), chain.ToHandlerFunc(v1Ctrl.HandlerNotifierTest(), userMW...))
+
+	// Asset-Like endpoints
+	assetMW := []errchain.Middleware{
+		a.mwAuthToken,
+		a.mwRoles(RoleModeOr, authroles.RoleUser.String(), authroles.RoleAttachments.String()),
 	}
+
+	r.Get(
+		v1Base("/qrcode"),
+		chain.ToHandlerFunc(v1Ctrl.HandleGenerateQRCode(), assetMW...),
+	)
+	r.Get(
+		v1Base("/items/{id}/attachments/{attachment_id}"),
+		chain.ToHandlerFunc(v1Ctrl.HandleItemAttachmentGet(), assetMW...),
+	)
+
+	// Reporting Services
+	r.Get(v1Base("/reporting/bill-of-materials"), chain.ToHandlerFunc(v1Ctrl.HandleBillOfMaterialsExport(), userMW...))
+
+	r.NotFound(chain.ToHandlerFunc(notFoundHandler()))
+
 }
 
 func registerMimes() {
@@ -135,7 +170,7 @@ func registerMimes() {
 
 // notFoundHandler perform the main logic around handling the internal SPA embed and ensuring that
 // the client side routing is handled correctly.
-func notFoundHandler() http.HandlerFunc {
+func notFoundHandler() errchain.HandlerFunc {
 	tryRead := func(fs embed.FS, prefix, requestedPath string, w http.ResponseWriter) error {
 		f, err := fs.Open(path.Join(prefix, requestedPath))
 		if err != nil {
@@ -154,17 +189,16 @@ func notFoundHandler() http.HandlerFunc {
 		return err
 	}
 
-	return func(w http.ResponseWriter, r *http.Request) {
-		err := tryRead(public, "public", r.URL.Path, w)
-		if err == nil {
-			return
-		}
-		log.Debug().
-			Str("path", r.URL.Path).
-			Msg("served from embed not found - serving index.html")
-		err = tryRead(public, "public", "index.html", w)
+	return func(w http.ResponseWriter, r *http.Request) error {
+		err := tryRead(public, "static/public", r.URL.Path, w)
 		if err != nil {
-			panic(err)
+			// Fallback to the index.html file.
+			// should succeed in all cases.
+			err = tryRead(public, "static/public", "index.html", w)
+			if err != nil {
+				return err
+			}
 		}
+		return nil
 	}
 }

backend/app/api/v1/controller.go

@@ -1,84 +0,0 @@
-package v1
-
-import (
-	"net/http"
-
-	"github.com/hay-kot/homebox/backend/internal/services"
-	"github.com/hay-kot/homebox/backend/pkgs/server"
-)
-
-func WithMaxUploadSize(maxUploadSize int64) func(*V1Controller) {
-	return func(ctrl *V1Controller) {
-		ctrl.maxUploadSize = maxUploadSize
-	}
-}
-
-func WithDemoStatus(demoStatus bool) func(*V1Controller) {
-	return func(ctrl *V1Controller) {
-		ctrl.isDemo = demoStatus
-	}
-}
-
-type V1Controller struct {
-	svc           *services.AllServices
-	maxUploadSize int64
-	isDemo        bool
-}
-
-type (
-	Build struct {
-		Version   string `json:"version"`
-		Commit    string `json:"commit"`
-		BuildTime string `json:"buildTime"`
-	}
-
-	ApiSummary struct {
-		Healthy  bool     `json:"health"`
-		Versions []string `json:"versions"`
-		Title    string   `json:"title"`
-		Message  string   `json:"message"`
-		Build    Build    `json:"build"`
-		Demo     bool     `json:"demo"`
-	}
-)
-
-func BaseUrlFunc(prefix string) func(s string) string {
-	v1Base := prefix + "/v1"
-	prefixFunc := func(s string) string {
-		return v1Base + s
-	}
-
-	return prefixFunc
-}
-
-func NewControllerV1(svc *services.AllServices, options ...func(*V1Controller)) *V1Controller {
-	ctrl := &V1Controller{
-		svc: svc,
-	}
-
-	for _, opt := range options {
-		opt(ctrl)
-	}
-
-	return ctrl
-}
-
-type ReadyFunc func() bool
-
-// HandleBase godoc
-// @Summary  Retrieves the basic information about the API
-// @Tags     Base
-// @Produce  json
-// @Success  200  {object}  ApiSummary
-// @Router   /v1/status [GET]
-func (ctrl *V1Controller) HandleBase(ready ReadyFunc, build Build) http.HandlerFunc {
-	return func(w http.ResponseWriter, r *http.Request) {
-		server.Respond(w, http.StatusOK, ApiSummary{
-			Healthy: ready(),
-			Title:   "Go API Template",
-			Message: "Welcome to the Go API Template Application!",
-			Build:   build,
-			Demo:    ctrl.isDemo,
-		})
-	}
-}

backend/app/api/v1/partials.go

@@ -1,34 +0,0 @@
-package v1
-
-import (
-	"net/http"
-
-	"github.com/go-chi/chi/v5"
-	"github.com/google/uuid"
-	"github.com/hay-kot/homebox/backend/internal/repo"
-	"github.com/hay-kot/homebox/backend/internal/services"
-	"github.com/hay-kot/homebox/backend/pkgs/server"
-	"github.com/rs/zerolog/log"
-)
-
-/*
-This is where we put partial snippets/functions for actions that are commonly
-used within the controller class. This _hopefully_ helps with code duplication
-and makes it a little more consistent when error handling and logging.
-*/
-
-// partialParseIdAndUser parses the ID from the requests URL and pulls the user
-// from the context. If either of these fail, it will return an error. When an error
-// occurs it will also write the error to the response. As such, if an error is returned
-// from this function you can return immediately without writing to the response.
-func (ctrl *V1Controller) partialParseIdAndUser(w http.ResponseWriter, r *http.Request) (uuid.UUID, *repo.UserOut, error) {
-	uid, err := uuid.Parse(chi.URLParam(r, "id"))
-	if err != nil {
-		log.Err(err).Msg("failed to parse id")
-		server.RespondError(w, http.StatusBadRequest, err)
-		return uuid.Nil, &repo.UserOut{}, err
-	}
-
-	user := services.UseUserCtx(r.Context())
-	return uid, user, nil
-}

backend/app/api/v1/v1_ctrl_auth.go

@@ -1,134 +0,0 @@
-package v1
-
-import (
-	"errors"
-	"net/http"
-	"time"
-
-	"github.com/hay-kot/homebox/backend/internal/services"
-	"github.com/hay-kot/homebox/backend/pkgs/server"
-	"github.com/rs/zerolog/log"
-)
-
-type (
-	TokenResponse struct {
-		Token     string    `json:"token"`
-		ExpiresAt time.Time `json:"expiresAt"`
-	}
-
-	LoginForm struct {
-		Username string `json:"username"`
-		Password string `json:"password"`
-	}
-)
-
-// HandleAuthLogin godoc
-// @Summary  User Login
-// @Tags     Authentication
-// @Accept   x-www-form-urlencoded
-// @Accept   application/json
-// @Param    username  formData  string  false  "string"  example(admin@admin.com)
-// @Param    password  formData  string  false  "string"  example(admin)
-// @Produce  json
-// @Success  200  {object}  TokenResponse
-// @Router   /v1/users/login [POST]
-func (ctrl *V1Controller) HandleAuthLogin() http.HandlerFunc {
-	return func(w http.ResponseWriter, r *http.Request) {
-		loginForm := &LoginForm{}
-
-		switch r.Header.Get("Content-Type") {
-		case server.ContentFormUrlEncoded:
-			err := r.ParseForm()
-			if err != nil {
-				server.Respond(w, http.StatusBadRequest, server.Wrap(err))
-				log.Error().Err(err).Msg("failed to parse form")
-				return
-			}
-
-			loginForm.Username = r.PostFormValue("username")
-			loginForm.Password = r.PostFormValue("password")
-		case server.ContentJSON:
-			err := server.Decode(r, loginForm)
-
-			if err != nil {
-				log.Err(err).Msg("failed to decode login form")
-				server.Respond(w, http.StatusBadRequest, server.Wrap(err))
-				return
-			}
-		default:
-			server.Respond(w, http.StatusBadRequest, errors.New("invalid content type"))
-			return
-		}
-
-		if loginForm.Username == "" || loginForm.Password == "" {
-			server.RespondError(w, http.StatusBadRequest, errors.New("username and password are required"))
-			return
-		}
-
-		newToken, err := ctrl.svc.User.Login(r.Context(), loginForm.Username, loginForm.Password)
-
-		if err != nil {
-			server.RespondError(w, http.StatusInternalServerError, err)
-			return
-		}
-
-		server.Respond(w, http.StatusOK, TokenResponse{
-			Token:     "Bearer " + newToken.Raw,
-			ExpiresAt: newToken.ExpiresAt,
-		})
-	}
-}
-
-// HandleAuthLogout godoc
-// @Summary   User Logout
-// @Tags      Authentication
-// @Success   204
-// @Router    /v1/users/logout [POST]
-// @Security  Bearer
-func (ctrl *V1Controller) HandleAuthLogout() http.HandlerFunc {
-	return func(w http.ResponseWriter, r *http.Request) {
-		token := services.UseTokenCtx(r.Context())
-
-		if token == "" {
-			server.RespondError(w, http.StatusUnauthorized, errors.New("no token within request context"))
-			return
-		}
-
-		err := ctrl.svc.User.Logout(r.Context(), token)
-
-		if err != nil {
-			server.RespondError(w, http.StatusInternalServerError, err)
-			return
-		}
-
-		server.Respond(w, http.StatusNoContent, nil)
-	}
-}
-
-// HandleAuthLogout godoc
-// @Summary      User Token Refresh
-// @Description  handleAuthRefresh returns a handler that will issue a new token from an existing token.
-// @Description  This does not validate that the user still exists within the database.
-// @Tags         Authentication
-// @Success      200
-// @Router       /v1/users/refresh [GET]
-// @Security     Bearer
-func (ctrl *V1Controller) HandleAuthRefresh() http.HandlerFunc {
-	return func(w http.ResponseWriter, r *http.Request) {
-		requestToken := services.UseTokenCtx(r.Context())
-
-		if requestToken == "" {
-			server.RespondError(w, http.StatusUnauthorized, errors.New("no user token found"))
-			return
-		}
-
-		newToken, err := ctrl.svc.User.RenewToken(r.Context(), requestToken)
-
-		if err != nil {
-			server.RespondUnauthorized(w)
-			return
-		}
-
-		server.Respond(w, http.StatusOK, newToken)
-	}
-}

backend/app/api/v1/v1_ctrl_group.go

@@ -1,62 +0,0 @@
-package v1
-
-import (
-	"net/http"
-	"time"
-
-	"github.com/hay-kot/homebox/backend/internal/services"
-	"github.com/hay-kot/homebox/backend/pkgs/server"
-	"github.com/rs/zerolog/log"
-)
-
-type (
-	GroupInvitationCreate struct {
-		Uses      int       `json:"uses"`
-		ExpiresAt time.Time `json:"expiresAt"`
-	}
-
-	GroupInvitation struct {
-		Token     string    `json:"token"`
-		ExpiresAt time.Time `json:"expiresAt"`
-		Uses      int       `json:"uses"`
-	}
-)
-
-// HandleUserSelf godoc
-// @Summary   Get the current user
-// @Tags      User
-// @Produce   json
-// @Param     payload  body      GroupInvitationCreate  true  "User Data"
-// @Success   200      {object}  GroupInvitation
-// @Router    /v1/groups/invitations [Post]
-// @Security  Bearer
-func (ctrl *V1Controller) HandleGroupInvitationsCreate() http.HandlerFunc {
-	return func(w http.ResponseWriter, r *http.Request) {
-		data := GroupInvitationCreate{}
-
-		if err := server.Decode(r, &data); err != nil {
-			log.Err(err).Msg("failed to decode user registration data")
-			server.RespondError(w, http.StatusInternalServerError, err)
-			return
-		}
-
-		if data.ExpiresAt.IsZero() {
-			data.ExpiresAt = time.Now().Add(time.Hour * 24)
-		}
-
-		ctx := services.NewContext(r.Context())
-
-		token, err := ctrl.svc.User.NewInvitation(ctx, data.Uses, data.ExpiresAt)
-		if err != nil {
-			log.Err(err).Msg("failed to create new token")
-			server.RespondError(w, http.StatusInternalServerError, err)
-			return
-		}
-
-		server.Respond(w, http.StatusCreated, GroupInvitation{
-			Token:     token,
-			ExpiresAt: data.ExpiresAt,
-			Uses:      data.Uses,
-		})
-	}
-}

backend/app/api/v1/v1_ctrl_items.go

@@ -1,189 +0,0 @@
-package v1
-
-import (
-	"encoding/csv"
-	"net/http"
-
-	"github.com/hay-kot/homebox/backend/internal/repo"
-	"github.com/hay-kot/homebox/backend/internal/services"
-	"github.com/hay-kot/homebox/backend/pkgs/server"
-	"github.com/rs/zerolog/log"
-)
-
-// HandleItemsGetAll godoc
-// @Summary   Get All Items
-// @Tags      Items
-// @Produce   json
-// @Success   200  {object}  server.Results{items=[]repo.ItemSummary}
-// @Router    /v1/items [GET]
-// @Security  Bearer
-func (ctrl *V1Controller) HandleItemsGetAll() http.HandlerFunc {
-	return func(w http.ResponseWriter, r *http.Request) {
-		user := services.UseUserCtx(r.Context())
-		items, err := ctrl.svc.Items.GetAll(r.Context(), user.GroupID)
-		if err != nil {
-			log.Err(err).Msg("failed to get items")
-			server.RespondServerError(w)
-			return
-		}
-		server.Respond(w, http.StatusOK, server.Results{Items: items})
-	}
-}
-
-// HandleItemsCreate godoc
-// @Summary   Create a new item
-// @Tags      Items
-// @Produce   json
-// @Param     payload  body      repo.ItemCreate  true  "Item Data"
-// @Success   200      {object}  repo.ItemSummary
-// @Router    /v1/items [POST]
-// @Security  Bearer
-func (ctrl *V1Controller) HandleItemsCreate() http.HandlerFunc {
-	return func(w http.ResponseWriter, r *http.Request) {
-		createData := repo.ItemCreate{}
-		if err := server.Decode(r, &createData); err != nil {
-			log.Err(err).Msg("failed to decode request body")
-			server.RespondError(w, http.StatusInternalServerError, err)
-			return
-		}
-
-		user := services.UseUserCtx(r.Context())
-		item, err := ctrl.svc.Items.Create(r.Context(), user.GroupID, createData)
-		if err != nil {
-			log.Err(err).Msg("failed to create item")
-			server.RespondServerError(w)
-			return
-		}
-
-		server.Respond(w, http.StatusCreated, item)
-	}
-}
-
-// HandleItemDelete godocs
-// @Summary   deletes a item
-// @Tags      Items
-// @Produce   json
-// @Param     id  path  string  true  "Item ID"
-// @Success   204
-// @Router    /v1/items/{id} [DELETE]
-// @Security  Bearer
-func (ctrl *V1Controller) HandleItemDelete() http.HandlerFunc {
-	return func(w http.ResponseWriter, r *http.Request) {
-		uid, user, err := ctrl.partialParseIdAndUser(w, r)
-		if err != nil {
-			return
-		}
-
-		err = ctrl.svc.Items.Delete(r.Context(), user.GroupID, uid)
-		if err != nil {
-			log.Err(err).Msg("failed to delete item")
-			server.RespondServerError(w)
-			return
-		}
-		server.Respond(w, http.StatusNoContent, nil)
-	}
-}
-
-// HandleItemGet godocs
-// @Summary   Gets a item and fields
-// @Tags      Items
-// @Produce   json
-// @Param     id   path      string  true  "Item ID"
-// @Success   200      {object}  repo.ItemOut
-// @Router    /v1/items/{id} [GET]
-// @Security  Bearer
-func (ctrl *V1Controller) HandleItemGet() http.HandlerFunc {
-	return func(w http.ResponseWriter, r *http.Request) {
-		uid, user, err := ctrl.partialParseIdAndUser(w, r)
-		if err != nil {
-			return
-		}
-
-		items, err := ctrl.svc.Items.GetOne(r.Context(), user.GroupID, uid)
-		if err != nil {
-			log.Err(err).Msg("failed to get item")
-			server.RespondServerError(w)
-			return
-		}
-		server.Respond(w, http.StatusOK, items)
-	}
-}
-
-// HandleItemUpdate godocs
-// @Summary   updates a item
-// @Tags      Items
-// @Produce   json
-// @Param     id       path      string           true  "Item ID"
-// @Param     payload  body      repo.ItemUpdate  true  "Item Data"
-// @Success   200  {object}  repo.ItemOut
-// @Router    /v1/items/{id} [PUT]
-// @Security  Bearer
-func (ctrl *V1Controller) HandleItemUpdate() http.HandlerFunc {
-	return func(w http.ResponseWriter, r *http.Request) {
-		body := repo.ItemUpdate{}
-		if err := server.Decode(r, &body); err != nil {
-			log.Err(err).Msg("failed to decode request body")
-			server.RespondError(w, http.StatusInternalServerError, err)
-			return
-		}
-		uid, user, err := ctrl.partialParseIdAndUser(w, r)
-		if err != nil {
-			return
-		}
-
-		body.ID = uid
-		result, err := ctrl.svc.Items.Update(r.Context(), user.GroupID, body)
-		if err != nil {
-			log.Err(err).Msg("failed to update item")
-			server.RespondServerError(w)
-			return
-		}
-		server.Respond(w, http.StatusOK, result)
-	}
-}
-
-// HandleItemsImport godocs
-// @Summary   imports items into the database
-// @Tags      Items
-// @Produce   json
-// @Success   204
-// @Param     csv  formData  file  true  "Image to upload"
-// @Router    /v1/items/import [Post]
-// @Security  Bearer
-func (ctrl *V1Controller) HandleItemsImport() http.HandlerFunc {
-	return func(w http.ResponseWriter, r *http.Request) {
-
-		err := r.ParseMultipartForm(ctrl.maxUploadSize << 20)
-		if err != nil {
-			log.Err(err).Msg("failed to parse multipart form")
-			server.RespondServerError(w)
-			return
-		}
-
-		file, _, err := r.FormFile("csv")
-		if err != nil {
-			log.Err(err).Msg("failed to get file from form")
-			server.RespondServerError(w)
-			return
-		}
-
-		reader := csv.NewReader(file)
-		data, err := reader.ReadAll()
-		if err != nil {
-			log.Err(err).Msg("failed to read csv")
-			server.RespondServerError(w)
-			return
-		}
-
-		user := services.UseUserCtx(r.Context())
-
-		err = ctrl.svc.Items.CsvImport(r.Context(), user.GroupID, data)
-		if err != nil {
-			log.Err(err).Msg("failed to import items")
-			server.RespondServerError(w)
-			return
-		}
-
-		server.Respond(w, http.StatusNoContent, nil)
-	}
-}

backend/app/api/v1/v1_ctrl_items_attachments.go

@@ -1,242 +0,0 @@
-package v1
-
-import (
-	"errors"
-	"fmt"
-	"net/http"
-
-	"github.com/go-chi/chi/v5"
-	"github.com/google/uuid"
-	"github.com/hay-kot/homebox/backend/ent/attachment"
-	"github.com/hay-kot/homebox/backend/internal/repo"
-	"github.com/hay-kot/homebox/backend/internal/services"
-	"github.com/hay-kot/homebox/backend/pkgs/server"
-	"github.com/rs/zerolog/log"
-)
-
-type (
-	ItemAttachmentToken struct {
-		Token string `json:"token"`
-	}
-)
-
-// HandleItemsImport godocs
-// @Summary   imports items into the database
-// @Tags      Items
-// @Produce   json
-// @Param     id    path      string  true  "Item ID"
-// @Param     file  formData  file    true  "File attachment"
-// @Param     type  formData  string  true  "Type of file"
-// @Param     name  formData  string  true  "name of the file including extension"
-// @Success   200   {object}  repo.ItemOut
-// @Failure   422   {object}  []server.ValidationError
-// @Router    /v1/items/{id}/attachments [POST]
-// @Security  Bearer
-func (ctrl *V1Controller) HandleItemAttachmentCreate() http.HandlerFunc {
-	return func(w http.ResponseWriter, r *http.Request) {
-		err := r.ParseMultipartForm(ctrl.maxUploadSize << 20)
-		if err != nil {
-			log.Err(err).Msg("failed to parse multipart form")
-			server.RespondError(w, http.StatusBadRequest, errors.New("failed to parse multipart form"))
-			return
-		}
-
-		errs := make(server.ValidationErrors, 0)
-
-		file, _, err := r.FormFile("file")
-		if err != nil {
-			switch {
-			case errors.Is(err, http.ErrMissingFile):
-				log.Debug().Msg("file for attachment is missing")
-				errs = errs.Append("file", "file is required")
-			default:
-				log.Err(err).Msg("failed to get file from form")
-				server.RespondServerError(w)
-				return
-			}
-		}
-
-		attachmentName := r.FormValue("name")
-		if attachmentName == "" {
-			log.Debug().Msg("failed to get name from form")
-			errs = errs.Append("name", "name is required")
-		}
-
-		if errs.HasErrors() {
-			server.Respond(w, http.StatusUnprocessableEntity, errs)
-			return
-		}
-
-		attachmentType := r.FormValue("type")
-		if attachmentType == "" {
-			attachmentType = attachment.TypeAttachment.String()
-		}
-
-		id, _, err := ctrl.partialParseIdAndUser(w, r)
-		if err != nil {
-			return
-		}
-
-		ctx := services.NewContext(r.Context())
-
-		item, err := ctrl.svc.Items.AttachmentAdd(
-			ctx,
-			id,
-			attachmentName,
-			attachment.Type(attachmentType),
-			file,
-		)
-
-		if err != nil {
-			log.Err(err).Msg("failed to add attachment")
-			server.RespondServerError(w)
-			return
-		}
-
-		server.Respond(w, http.StatusCreated, item)
-	}
-}
-
-// HandleItemAttachmentGet godocs
-// @Summary   retrieves an attachment for an item
-// @Tags      Items
-// @Produce   application/octet-stream
-// @Param     id     path   string  true  "Item ID"
-// @Param     token  query  string  true  "Attachment token"
-// @Success   200
-// @Router    /v1/items/{id}/attachments/download [GET]
-// @Security  Bearer
-func (ctrl *V1Controller) HandleItemAttachmentDownload() http.HandlerFunc {
-	return func(w http.ResponseWriter, r *http.Request) {
-		token := server.GetParam(r, "token", "")
-
-		doc, err := ctrl.svc.Items.AttachmentPath(r.Context(), token)
-
-		if err != nil {
-			log.Err(err).Msg("failed to get attachment")
-			server.RespondServerError(w)
-			return
-		}
-
-		w.Header().Set("Content-Disposition", fmt.Sprintf("attachment; filename=\"%s\"", doc.Title))
-		w.Header().Set("Content-Type", "application/octet-stream")
-		http.ServeFile(w, r, doc.Path)
-	}
-}
-
-// HandleItemAttachmentToken godocs
-// @Summary   retrieves an attachment for an item
-// @Tags      Items
-// @Produce   application/octet-stream
-// @Param     id             path      string  true  "Item ID"
-// @Param     attachment_id  path      string  true  "Attachment ID"
-// @Success   200            {object}  ItemAttachmentToken
-// @Router    /v1/items/{id}/attachments/{attachment_id} [GET]
-// @Security  Bearer
-func (ctrl *V1Controller) HandleItemAttachmentToken() http.HandlerFunc {
-	return ctrl.handleItemAttachmentsHandler
-}
-
-// HandleItemAttachmentDelete godocs
-// @Summary   retrieves an attachment for an item
-// @Tags      Items
-// @Param     id             path  string  true  "Item ID"
-// @Param     attachment_id  path  string  true  "Attachment ID"
-// @Success   204
-// @Router    /v1/items/{id}/attachments/{attachment_id} [DELETE]
-// @Security  Bearer
-func (ctrl *V1Controller) HandleItemAttachmentDelete() http.HandlerFunc {
-	return ctrl.handleItemAttachmentsHandler
-}
-
-// HandleItemAttachmentUpdate godocs
-// @Summary   retrieves an attachment for an item
-// @Tags      Items
-// @Param     id             path      string                     true  "Item ID"
-// @Param     attachment_id  path      string                     true  "Attachment ID"
-// @Param     payload        body      repo.ItemAttachmentUpdate  true  "Attachment Update"
-// @Success   200            {object}  repo.ItemOut
-// @Router    /v1/items/{id}/attachments/{attachment_id} [PUT]
-// @Security  Bearer
-func (ctrl *V1Controller) HandleItemAttachmentUpdate() http.HandlerFunc {
-	return ctrl.handleItemAttachmentsHandler
-}
-
-func (ctrl *V1Controller) handleItemAttachmentsHandler(w http.ResponseWriter, r *http.Request) {
-	uid, user, err := ctrl.partialParseIdAndUser(w, r)
-	if err != nil {
-		return
-	}
-
-	attachmentId, err := uuid.Parse(chi.URLParam(r, "attachment_id"))
-	if err != nil {
-		log.Err(err).Msg("failed to parse attachment_id param")
-		server.RespondError(w, http.StatusBadRequest, err)
-		return
-	}
-
-	ctx := services.NewContext(r.Context())
-
-	switch r.Method {
-
-	// Token Handler
-	case http.MethodGet:
-		token, err := ctrl.svc.Items.AttachmentToken(ctx, uid, attachmentId)
-		if err != nil {
-			switch err {
-			case services.ErrNotFound:
-				log.Err(err).
-					Str("id", attachmentId.String()).
-					Msg("failed to find attachment with id")
-
-				server.RespondError(w, http.StatusNotFound, err)
-
-			case services.ErrFileNotFound:
-				log.Err(err).
-					Str("id", attachmentId.String()).
-					Msg("failed to find file path for attachment with id")
-				log.Warn().Msg("attachment with no file path removed from database")
-
-				server.RespondError(w, http.StatusNotFound, err)
-
-			default:
-				log.Err(err).Msg("failed to get attachment")
-				server.RespondServerError(w)
-				return
-			}
-		}
-
-		server.Respond(w, http.StatusOK, ItemAttachmentToken{Token: token})
-
-	// Delete Attachment Handler
-	case http.MethodDelete:
-		err = ctrl.svc.Items.AttachmentDelete(r.Context(), user.GroupID, uid, attachmentId)
-		if err != nil {
-			log.Err(err).Msg("failed to delete attachment")
-			server.RespondServerError(w)
-			return
-		}
-
-		server.Respond(w, http.StatusNoContent, nil)
-
-	// Update Attachment Handler
-	case http.MethodPut:
-		var attachment repo.ItemAttachmentUpdate
-		err = server.Decode(r, &attachment)
-		if err != nil {
-			log.Err(err).Msg("failed to decode attachment")
-			server.RespondError(w, http.StatusBadRequest, err)
-			return
-		}
-
-		attachment.ID = attachmentId
-		val, err := ctrl.svc.Items.AttachmentUpdate(ctx, uid, &attachment)
-		if err != nil {
-			log.Err(err).Msg("failed to delete attachment")
-			server.RespondServerError(w)
-			return
-		}
-
-		server.Respond(w, http.StatusOK, val)
-	}
-}

backend/app/api/v1/v1_ctrl_labels.go

@@ -1,150 +0,0 @@
-package v1
-
-import (
-	"net/http"
-
-	"github.com/hay-kot/homebox/backend/ent"
-	"github.com/hay-kot/homebox/backend/internal/repo"
-	"github.com/hay-kot/homebox/backend/internal/services"
-	"github.com/hay-kot/homebox/backend/pkgs/server"
-	"github.com/rs/zerolog/log"
-)
-
-// HandleLabelsGetAll godoc
-// @Summary   Get All Labels
-// @Tags      Labels
-// @Produce   json
-// @Success   200  {object}  server.Results{items=[]repo.LabelOut}
-// @Router    /v1/labels [GET]
-// @Security  Bearer
-func (ctrl *V1Controller) HandleLabelsGetAll() http.HandlerFunc {
-	return func(w http.ResponseWriter, r *http.Request) {
-		user := services.UseUserCtx(r.Context())
-		labels, err := ctrl.svc.Labels.GetAll(r.Context(), user.GroupID)
-		if err != nil {
-			log.Err(err).Msg("error getting labels")
-			server.RespondServerError(w)
-			return
-		}
-		server.Respond(w, http.StatusOK, server.Results{Items: labels})
-	}
-}
-
-// HandleLabelsCreate godoc
-// @Summary   Create a new label
-// @Tags      Labels
-// @Produce   json
-// @Param     payload  body      repo.LabelCreate  true  "Label Data"
-// @Success   200      {object}  repo.LabelSummary
-// @Router    /v1/labels [POST]
-// @Security  Bearer
-func (ctrl *V1Controller) HandleLabelsCreate() http.HandlerFunc {
-	return func(w http.ResponseWriter, r *http.Request) {
-		createData := repo.LabelCreate{}
-		if err := server.Decode(r, &createData); err != nil {
-			log.Err(err).Msg("error decoding label create data")
-			server.RespondError(w, http.StatusInternalServerError, err)
-			return
-		}
-
-		user := services.UseUserCtx(r.Context())
-		label, err := ctrl.svc.Labels.Create(r.Context(), user.GroupID, createData)
-		if err != nil {
-			log.Err(err).Msg("error creating label")
-			server.RespondServerError(w)
-			return
-		}
-
-		server.Respond(w, http.StatusCreated, label)
-
-	}
-}
-
-// HandleLabelDelete godocs
-// @Summary   deletes a label
-// @Tags      Labels
-// @Produce   json
-// @Param     id   path      string  true  "Label ID"
-// @Success   204
-// @Router    /v1/labels/{id} [DELETE]
-// @Security  Bearer
-func (ctrl *V1Controller) HandleLabelDelete() http.HandlerFunc {
-	return func(w http.ResponseWriter, r *http.Request) {
-		uid, user, err := ctrl.partialParseIdAndUser(w, r)
-		if err != nil {
-			return
-		}
-
-		err = ctrl.svc.Labels.Delete(r.Context(), user.GroupID, uid)
-		if err != nil {
-			log.Err(err).Msg("error deleting label")
-			server.RespondServerError(w)
-			return
-		}
-		server.Respond(w, http.StatusNoContent, nil)
-	}
-}
-
-// HandleLabelGet godocs
-// @Summary   Gets a label and fields
-// @Tags      Labels
-// @Produce   json
-// @Param     id   path      string  true  "Label ID"
-// @Success   200  {object}  repo.LabelOut
-// @Router    /v1/labels/{id} [GET]
-// @Security  Bearer
-func (ctrl *V1Controller) HandleLabelGet() http.HandlerFunc {
-	return func(w http.ResponseWriter, r *http.Request) {
-		uid, user, err := ctrl.partialParseIdAndUser(w, r)
-		if err != nil {
-			return
-		}
-
-		labels, err := ctrl.svc.Labels.Get(r.Context(), user.GroupID, uid)
-		if err != nil {
-			if ent.IsNotFound(err) {
-				log.Err(err).
-					Str("id", uid.String()).
-					Msg("label not found")
-				server.RespondError(w, http.StatusNotFound, err)
-				return
-			}
-			log.Err(err).Msg("error getting label")
-			server.RespondServerError(w)
-			return
-		}
-		server.Respond(w, http.StatusOK, labels)
-	}
-}
-
-// HandleLabelUpdate godocs
-// @Summary   updates a label
-// @Tags      Labels
-// @Produce   json
-// @Param     id  path  string  true  "Label ID"
-// @Success   200  {object}  repo.LabelOut
-// @Router    /v1/labels/{id} [PUT]
-// @Security  Bearer
-func (ctrl *V1Controller) HandleLabelUpdate() http.HandlerFunc {
-	return func(w http.ResponseWriter, r *http.Request) {
-		body := repo.LabelUpdate{}
-		if err := server.Decode(r, &body); err != nil {
-			log.Err(err).Msg("error decoding label update data")
-			server.RespondError(w, http.StatusInternalServerError, err)
-			return
-		}
-		uid, user, err := ctrl.partialParseIdAndUser(w, r)
-		if err != nil {
-			return
-		}
-
-		body.ID = uid
-		result, err := ctrl.svc.Labels.Update(r.Context(), user.GroupID, body)
-		if err != nil {
-			log.Err(err).Msg("error updating label")
-			server.RespondServerError(w)
-			return
-		}
-		server.Respond(w, http.StatusOK, result)
-	}
-}

backend/app/api/v1/v1_ctrl_locations.go

@@ -1,157 +0,0 @@
-package v1
-
-import (
-	"net/http"
-
-	"github.com/hay-kot/homebox/backend/ent"
-	"github.com/hay-kot/homebox/backend/internal/repo"
-	"github.com/hay-kot/homebox/backend/internal/services"
-	"github.com/hay-kot/homebox/backend/pkgs/server"
-	"github.com/rs/zerolog/log"
-)
-
-// HandleLocationGetAll godoc
-// @Summary   Get All Locations
-// @Tags      Locations
-// @Produce   json
-// @Success   200  {object}  server.Results{items=[]repo.LocationOutCount}
-// @Router    /v1/locations [GET]
-// @Security  Bearer
-func (ctrl *V1Controller) HandleLocationGetAll() http.HandlerFunc {
-	return func(w http.ResponseWriter, r *http.Request) {
-		user := services.UseUserCtx(r.Context())
-		locations, err := ctrl.svc.Location.GetAll(r.Context(), user.GroupID)
-		if err != nil {
-			log.Err(err).Msg("failed to get locations")
-			server.RespondServerError(w)
-			return
-		}
-
-		server.Respond(w, http.StatusOK, server.Results{Items: locations})
-	}
-}
-
-// HandleLocationCreate godoc
-// @Summary   Create a new location
-// @Tags      Locations
-// @Produce   json
-// @Param     payload  body      repo.LocationCreate  true  "Location Data"
-// @Success   200      {object}  repo.LocationSummary
-// @Router    /v1/locations [POST]
-// @Security  Bearer
-func (ctrl *V1Controller) HandleLocationCreate() http.HandlerFunc {
-	return func(w http.ResponseWriter, r *http.Request) {
-		createData := repo.LocationCreate{}
-		if err := server.Decode(r, &createData); err != nil {
-			log.Err(err).Msg("failed to decode location create data")
-			server.RespondError(w, http.StatusInternalServerError, err)
-			return
-		}
-
-		user := services.UseUserCtx(r.Context())
-		location, err := ctrl.svc.Location.Create(r.Context(), user.GroupID, createData)
-		if err != nil {
-			log.Err(err).Msg("failed to create location")
-			server.RespondServerError(w)
-			return
-		}
-
-		server.Respond(w, http.StatusCreated, location)
-	}
-}
-
-// HandleLocationDelete godocs
-// @Summary   deletes a location
-// @Tags      Locations
-// @Produce   json
-// @Param     id   path      string  true  "Location ID"
-// @Success   204
-// @Router    /v1/locations/{id} [DELETE]
-// @Security  Bearer
-func (ctrl *V1Controller) HandleLocationDelete() http.HandlerFunc {
-	return func(w http.ResponseWriter, r *http.Request) {
-		uid, user, err := ctrl.partialParseIdAndUser(w, r)
-		if err != nil {
-			return
-		}
-
-		err = ctrl.svc.Location.Delete(r.Context(), user.GroupID, uid)
-		if err != nil {
-			log.Err(err).Msg("failed to delete location")
-			server.RespondServerError(w)
-			return
-		}
-		server.Respond(w, http.StatusNoContent, nil)
-	}
-}
-
-// HandleLocationGet godocs
-// @Summary   Gets a location and fields
-// @Tags      Locations
-// @Produce   json
-// @Param     id   path      string  true  "Location ID"
-// @Success   200  {object}  repo.LocationOut
-// @Router    /v1/locations/{id} [GET]
-// @Security  Bearer
-func (ctrl *V1Controller) HandleLocationGet() http.HandlerFunc {
-	return func(w http.ResponseWriter, r *http.Request) {
-		uid, user, err := ctrl.partialParseIdAndUser(w, r)
-		if err != nil {
-			return
-		}
-
-		location, err := ctrl.svc.Location.GetOne(r.Context(), user.GroupID, uid)
-		if err != nil {
-			if ent.IsNotFound(err) {
-				log.Err(err).
-					Str("id", uid.String()).
-					Str("gid", user.GroupID.String()).
-					Msg("location not found")
-				server.RespondError(w, http.StatusNotFound, err)
-				return
-			}
-
-			log.Err(err).
-				Str("id", uid.String()).
-				Str("gid", user.GroupID.String()).
-				Msg("failed to get location")
-			server.RespondServerError(w)
-			return
-		}
-		server.Respond(w, http.StatusOK, location)
-	}
-}
-
-// HandleLocationUpdate godocs
-// @Summary   updates a location
-// @Tags      Locations
-// @Produce   json
-// @Param     id  path  string  true  "Location ID"
-// @Success   200  {object}  repo.LocationOut
-// @Router    /v1/locations/{id} [PUT]
-// @Security  Bearer
-func (ctrl *V1Controller) HandleLocationUpdate() http.HandlerFunc {
-	return func(w http.ResponseWriter, r *http.Request) {
-		body := repo.LocationUpdate{}
-		if err := server.Decode(r, &body); err != nil {
-			log.Err(err).Msg("failed to decode location update data")
-			server.RespondError(w, http.StatusInternalServerError, err)
-			return
-		}
-
-		uid, user, err := ctrl.partialParseIdAndUser(w, r)
-		if err != nil {
-			return
-		}
-
-		body.ID = uid
-
-		result, err := ctrl.svc.Location.Update(r.Context(), user.GroupID, body)
-		if err != nil {
-			log.Err(err).Msg("failed to update location")
-			server.RespondServerError(w)
-			return
-		}
-		server.Respond(w, http.StatusOK, result)
-	}
-}

backend/app/api/v1/v1_ctrl_user.go

@@ -1,160 +0,0 @@
-package v1
-
-import (
-	"net/http"
-
-	"github.com/google/uuid"
-	"github.com/hay-kot/homebox/backend/internal/repo"
-	"github.com/hay-kot/homebox/backend/internal/services"
-	"github.com/hay-kot/homebox/backend/pkgs/server"
-	"github.com/rs/zerolog/log"
-)
-
-// HandleUserSelf godoc
-// @Summary  Get the current user
-// @Tags     User
-// @Produce  json
-// @Param    payload  body  services.UserRegistration  true  "User Data"
-// @Success  204
-// @Router   /v1/users/register [Post]
-func (ctrl *V1Controller) HandleUserRegistration() http.HandlerFunc {
-	return func(w http.ResponseWriter, r *http.Request) {
-		regData := services.UserRegistration{}
-
-		if err := server.Decode(r, &regData); err != nil {
-			log.Err(err).Msg("failed to decode user registration data")
-			server.RespondError(w, http.StatusInternalServerError, err)
-			return
-		}
-
-		_, err := ctrl.svc.User.RegisterUser(r.Context(), regData)
-		if err != nil {
-			log.Err(err).Msg("failed to register user")
-			server.RespondError(w, http.StatusInternalServerError, err)
-			return
-		}
-
-		server.Respond(w, http.StatusNoContent, nil)
-	}
-}
-
-// HandleUserSelf godoc
-// @Summary   Get the current user
-// @Tags      User
-// @Produce   json
-// @Success   200  {object}  server.Result{item=repo.UserOut}
-// @Router    /v1/users/self [GET]
-// @Security  Bearer
-func (ctrl *V1Controller) HandleUserSelf() http.HandlerFunc {
-	return func(w http.ResponseWriter, r *http.Request) {
-		token := services.UseTokenCtx(r.Context())
-		usr, err := ctrl.svc.User.GetSelf(r.Context(), token)
-		if usr.ID == uuid.Nil || err != nil {
-			log.Err(err).Msg("failed to get user")
-			server.RespondServerError(w)
-			return
-		}
-
-		server.Respond(w, http.StatusOK, server.Wrap(usr))
-	}
-}
-
-// HandleUserSelfUpdate godoc
-// @Summary   Update the current user
-// @Tags      User
-// @Produce   json
-// @Param     payload  body      repo.UserUpdate  true  "User Data"
-// @Success   200      {object}  server.Result{item=repo.UserUpdate}
-// @Router    /v1/users/self [PUT]
-// @Security  Bearer
-func (ctrl *V1Controller) HandleUserSelfUpdate() http.HandlerFunc {
-	return func(w http.ResponseWriter, r *http.Request) {
-		updateData := repo.UserUpdate{}
-		if err := server.Decode(r, &updateData); err != nil {
-			log.Err(err).Msg("failed to decode user update data")
-			server.RespondError(w, http.StatusBadRequest, err)
-			return
-		}
-
-		actor := services.UseUserCtx(r.Context())
-		newData, err := ctrl.svc.User.UpdateSelf(r.Context(), actor.ID, updateData)
-
-		if err != nil {
-
-			server.RespondError(w, http.StatusInternalServerError, err)
-			return
-		}
-
-		server.Respond(w, http.StatusOK, server.Wrap(newData))
-	}
-}
-
-// HandleUserUpdatePassword godoc
-// @Summary   Update the current user's password // TODO:
-// @Tags      User
-// @Produce   json
-// @Success   204
-// @Router    /v1/users/self/password [PUT]
-// @Security  Bearer
-func (ctrl *V1Controller) HandleUserUpdatePassword() http.HandlerFunc {
-	return func(w http.ResponseWriter, r *http.Request) {
-	}
-}
-
-// HandleUserSelfDelete godoc
-// @Summary   Deletes the user account
-// @Tags      User
-// @Produce   json
-// @Success   204
-// @Router    /v1/users/self [DELETE]
-// @Security  Bearer
-func (ctrl *V1Controller) HandleUserSelfDelete() http.HandlerFunc {
-	return func(w http.ResponseWriter, r *http.Request) {
-		actor := services.UseUserCtx(r.Context())
-		if err := ctrl.svc.User.DeleteSelf(r.Context(), actor.ID); err != nil {
-			server.RespondError(w, http.StatusInternalServerError, err)
-			return
-		}
-
-		server.Respond(w, http.StatusNoContent, nil)
-	}
-}
-
-type (
-	ChangePassword struct {
-		Current string `json:"current,omitempty"`
-		New     string `json:"new,omitempty"`
-	}
-)
-
-// HandleUserSelfChangePassword godoc
-// @Summary   Updates the users password
-// @Tags      User
-// @Success   204
-// @Param     payload  body  ChangePassword  true  "Password Payload"
-// @Router    /v1/users/change-password [PUT]
-// @Security  Bearer
-func (ctrl *V1Controller) HandleUserSelfChangePassword() http.HandlerFunc {
-	return func(w http.ResponseWriter, r *http.Request) {
-		if ctrl.isDemo {
-			server.RespondError(w, http.StatusForbidden, nil)
-			return
-		}
-
-		var cp ChangePassword
-		err := server.Decode(r, &cp)
-		if err != nil {
-			log.Err(err).Msg("user failed to change password")
-		}
-
-		ctx := services.NewContext(r.Context())
-
-		ok := ctrl.svc.User.ChangePassword(ctx, cp.Current, cp.New)
-		if !ok {
-			server.RespondError(w, http.StatusInternalServerError, err)
-			return
-		}
-
-		server.Respond(w, http.StatusNoContent, nil)
-	}
-}

backend/app/tools/migrations/main.go

@@ -2,10 +2,11 @@ package main
 
 import (
 	"context"
+	"fmt"
 	"log"
 	"os"
 
-	"github.com/hay-kot/homebox/backend/ent/migrate"
+	"github.com/hay-kot/homebox/backend/internal/data/ent/migrate"
 
 	atlas "ariga.io/atlas/sql/migrate"
 	_ "ariga.io/atlas/sql/sqlite"
@@ -17,7 +18,7 @@ import (
 func main() {
 	ctx := context.Background()
 	// Create a local migration directory able to understand Atlas migration file format for replay.
-	dir, err := atlas.NewLocalDir("internal/migrations/migrations")
+	dir, err := atlas.NewLocalDir("internal/data/migrations/migrations")
 	if err != nil {
 		log.Fatalf("failed creating atlas migration directory: %v", err)
 	}
@@ -39,4 +40,6 @@ func main() {
 	if err != nil {
 		log.Fatalf("failed generating migration file: %v", err)
 	}
+
+	fmt.Println("Migration file generated successfully.")
 }

backend/app/tools/typegen/main.go

@@ -0,0 +1,80 @@
+package main
+
+import (
+	"fmt"
+	"os"
+	"regexp"
+)
+
+type ReReplace struct {
+	Regex *regexp.Regexp
+	Text  string
+}
+
+func NewReReplace(regex string, replace string) ReReplace {
+	return ReReplace{
+		Regex: regexp.MustCompile(regex),
+		Text:  replace,
+	}
+}
+
+func NewReDate(dateStr string) ReReplace {
+	return ReReplace{
+		Regex: regexp.MustCompile(fmt.Sprintf(`%s: string`, dateStr)),
+		Text:  fmt.Sprintf(`%s: Date | string`, dateStr),
+	}
+}
+
+func main() {
+	if len(os.Args) != 2 {
+		fmt.Println("Please provide a file path as an argument")
+		os.Exit(1)
+	}
+
+	path := os.Args[1]
+
+	fmt.Printf("Processing %s\n", path)
+
+	if _, err := os.Stat(path); os.IsNotExist(err) {
+		fmt.Printf("File %s does not exist\n", path)
+		os.Exit(1)
+	}
+
+	text := "/* post-processed by ./scripts/process-types.go */\n"
+	data, err := os.ReadFile(path)
+	if err != nil {
+		fmt.Println(err)
+		os.Exit(1)
+	}
+	text += string(data)
+
+	replaces := [...]ReReplace{
+		NewReReplace(` Repo`, " "),
+		NewReReplace(` PaginationResultRepo`, " PaginationResult"),
+		NewReReplace(` Services`, " "),
+		NewReReplace(` V1`, " "),
+		NewReReplace(`\?:`, ":"),
+		NewReDate("createdAt"),
+		NewReDate("updatedAt"),
+		NewReDate("soldTime"),
+		NewReDate("purchaseTime"),
+		NewReDate("warrantyExpires"),
+		NewReDate("expiresAt"),
+		NewReDate("date"),
+		NewReDate("completedDate"),
+		NewReDate("scheduledDate"),
+	}
+
+	for _, replace := range replaces {
+		fmt.Printf("Replacing '%v' -> '%s'\n", replace.Regex, replace.Text)
+		text = replace.Regex.ReplaceAllString(text, replace.Text)
+	}
+
+	err = os.WriteFile(path, []byte(text), 0644)
+	if err != nil {
+		fmt.Println(err)
+		os.Exit(1)
+	}
+
+	os.Exit(0)
+}

backend/ent/config.go

@@ -1,69 +0,0 @@
-// Code generated by ent, DO NOT EDIT.
-
-package ent
-
-import (
-	"entgo.io/ent"
-	"entgo.io/ent/dialect"
-)
-
-// Option function to configure the client.
-type Option func(*config)
-
-// Config is the configuration for the client and its builder.
-type config struct {
-	// driver used for executing database requests.
-	driver dialect.Driver
-	// debug enable a debug logging.
-	debug bool
-	// log used for logging on debug mode.
-	log func(...any)
-	// hooks to execute on mutations.
-	hooks *hooks
-}
-
-// hooks per client, for fast access.
-type hooks struct {
-	Attachment           []ent.Hook
-	AuthTokens           []ent.Hook
-	Document             []ent.Hook
-	DocumentToken        []ent.Hook
-	Group                []ent.Hook
-	GroupInvitationToken []ent.Hook
-	Item                 []ent.Hook
-	ItemField            []ent.Hook
-	Label                []ent.Hook
-	Location             []ent.Hook
-	User                 []ent.Hook
-}
-
-// Options applies the options on the config object.
-func (c *config) options(opts ...Option) {
-	for _, opt := range opts {
-		opt(c)
-	}
-	if c.debug {
-		c.driver = dialect.Debug(c.driver, c.log)
-	}
-}
-
-// Debug enables debug logging on the ent.Driver.
-func Debug() Option {
-	return func(c *config) {
-		c.debug = true
-	}
-}
-
-// Log sets the logging function for debug mode.
-func Log(fn func(...any)) Option {
-	return func(c *config) {
-		c.log = fn
-	}
-}
-
-// Driver configures the client driver.
-func Driver(driver dialect.Driver) Option {
-	return func(c *config) {
-		c.driver = driver
-	}
-}

backend/ent/context.go

@@ -1,33 +0,0 @@
-// Code generated by ent, DO NOT EDIT.
-
-package ent
-
-import (
-	"context"
-)
-
-type clientCtxKey struct{}
-
-// FromContext returns a Client stored inside a context, or nil if there isn't one.
-func FromContext(ctx context.Context) *Client {
-	c, _ := ctx.Value(clientCtxKey{}).(*Client)
-	return c
-}
-
-// NewContext returns a new context with the given Client attached.
-func NewContext(parent context.Context, c *Client) context.Context {
-	return context.WithValue(parent, clientCtxKey{}, c)
-}
-
-type txCtxKey struct{}
-
-// TxFromContext returns a Tx stored inside a context, or nil if there isn't one.
-func TxFromContext(ctx context.Context) *Tx {
-	tx, _ := ctx.Value(txCtxKey{}).(*Tx)
-	return tx
-}
-
-// NewTxContext returns a new context with the given Tx attached.
-func NewTxContext(parent context.Context, tx *Tx) context.Context {
-	return context.WithValue(parent, txCtxKey{}, tx)
-}

backend/ent/documenttoken.go

@@ -1,190 +0,0 @@
-// Code generated by ent, DO NOT EDIT.
-
-package ent
-
-import (
-	"fmt"
-	"strings"
-	"time"
-
-	"entgo.io/ent/dialect/sql"
-	"github.com/google/uuid"
-	"github.com/hay-kot/homebox/backend/ent/document"
-	"github.com/hay-kot/homebox/backend/ent/documenttoken"
-)
-
-// DocumentToken is the model entity for the DocumentToken schema.
-type DocumentToken struct {
-	config `json:"-"`
-	// ID of the ent.
-	ID uuid.UUID `json:"id,omitempty"`
-	// CreatedAt holds the value of the "created_at" field.
-	CreatedAt time.Time `json:"created_at,omitempty"`
-	// UpdatedAt holds the value of the "updated_at" field.
-	UpdatedAt time.Time `json:"updated_at,omitempty"`
-	// Token holds the value of the "token" field.
-	Token []byte `json:"token,omitempty"`
-	// Uses holds the value of the "uses" field.
-	Uses int `json:"uses,omitempty"`
-	// ExpiresAt holds the value of the "expires_at" field.
-	ExpiresAt time.Time `json:"expires_at,omitempty"`
-	// Edges holds the relations/edges for other nodes in the graph.
-	// The values are being populated by the DocumentTokenQuery when eager-loading is set.
-	Edges                    DocumentTokenEdges `json:"edges"`
-	document_document_tokens *uuid.UUID
-}
-
-// DocumentTokenEdges holds the relations/edges for other nodes in the graph.
-type DocumentTokenEdges struct {
-	// Document holds the value of the document edge.
-	Document *Document `json:"document,omitempty"`
-	// loadedTypes holds the information for reporting if a
-	// type was loaded (or requested) in eager-loading or not.
-	loadedTypes [1]bool
-}
-
-// DocumentOrErr returns the Document value or an error if the edge
-// was not loaded in eager-loading, or loaded but was not found.
-func (e DocumentTokenEdges) DocumentOrErr() (*Document, error) {
-	if e.loadedTypes[0] {
-		if e.Document == nil {
-			// Edge was loaded but was not found.
-			return nil, &NotFoundError{label: document.Label}
-		}
-		return e.Document, nil
-	}
-	return nil, &NotLoadedError{edge: "document"}
-}
-
-// scanValues returns the types for scanning values from sql.Rows.
-func (*DocumentToken) scanValues(columns []string) ([]any, error) {
-	values := make([]any, len(columns))
-	for i := range columns {
-		switch columns[i] {
-		case documenttoken.FieldToken:
-			values[i] = new([]byte)
-		case documenttoken.FieldUses:
-			values[i] = new(sql.NullInt64)
-		case documenttoken.FieldCreatedAt, documenttoken.FieldUpdatedAt, documenttoken.FieldExpiresAt:
-			values[i] = new(sql.NullTime)
-		case documenttoken.FieldID:
-			values[i] = new(uuid.UUID)
-		case documenttoken.ForeignKeys[0]: // document_document_tokens
-			values[i] = &sql.NullScanner{S: new(uuid.UUID)}
-		default:
-			return nil, fmt.Errorf("unexpected column %q for type DocumentToken", columns[i])
-		}
-	}
-	return values, nil
-}
-
-// assignValues assigns the values that were returned from sql.Rows (after scanning)
-// to the DocumentToken fields.
-func (dt *DocumentToken) assignValues(columns []string, values []any) error {
-	if m, n := len(values), len(columns); m < n {
-		return fmt.Errorf("mismatch number of scan values: %d != %d", m, n)
-	}
-	for i := range columns {
-		switch columns[i] {
-		case documenttoken.FieldID:
-			if value, ok := values[i].(*uuid.UUID); !ok {
-				return fmt.Errorf("unexpected type %T for field id", values[i])
-			} else if value != nil {
-				dt.ID = *value
-			}
-		case documenttoken.FieldCreatedAt:
-			if value, ok := values[i].(*sql.NullTime); !ok {
-				return fmt.Errorf("unexpected type %T for field created_at", values[i])
-			} else if value.Valid {
-				dt.CreatedAt = value.Time
-			}
-		case documenttoken.FieldUpdatedAt:
-			if value, ok := values[i].(*sql.NullTime); !ok {
-				return fmt.Errorf("unexpected type %T for field updated_at", values[i])
-			} else if value.Valid {
-				dt.UpdatedAt = value.Time
-			}
-		case documenttoken.FieldToken:
-			if value, ok := values[i].(*[]byte); !ok {
-				return fmt.Errorf("unexpected type %T for field token", values[i])
-			} else if value != nil {
-				dt.Token = *value
-			}
-		case documenttoken.FieldUses:
-			if value, ok := values[i].(*sql.NullInt64); !ok {
-				return fmt.Errorf("unexpected type %T for field uses", values[i])
-			} else if value.Valid {
-				dt.Uses = int(value.Int64)
-			}
-		case documenttoken.FieldExpiresAt:
-			if value, ok := values[i].(*sql.NullTime); !ok {
-				return fmt.Errorf("unexpected type %T for field expires_at", values[i])
-			} else if value.Valid {
-				dt.ExpiresAt = value.Time
-			}
-		case documenttoken.ForeignKeys[0]:
-			if value, ok := values[i].(*sql.NullScanner); !ok {
-				return fmt.Errorf("unexpected type %T for field document_document_tokens", values[i])
-			} else if value.Valid {
-				dt.document_document_tokens = new(uuid.UUID)
-				*dt.document_document_tokens = *value.S.(*uuid.UUID)
-			}
-		}
-	}
-	return nil
-}
-
-// QueryDocument queries the "document" edge of the DocumentToken entity.
-func (dt *DocumentToken) QueryDocument() *DocumentQuery {
-	return (&DocumentTokenClient{config: dt.config}).QueryDocument(dt)
-}
-
-// Update returns a builder for updating this DocumentToken.
-// Note that you need to call DocumentToken.Unwrap() before calling this method if this DocumentToken
-// was returned from a transaction, and the transaction was committed or rolled back.
-func (dt *DocumentToken) Update() *DocumentTokenUpdateOne {
-	return (&DocumentTokenClient{config: dt.config}).UpdateOne(dt)
-}
-
-// Unwrap unwraps the DocumentToken entity that was returned from a transaction after it was closed,
-// so that all future queries will be executed through the driver which created the transaction.
-func (dt *DocumentToken) Unwrap() *DocumentToken {
-	_tx, ok := dt.config.driver.(*txDriver)
-	if !ok {
-		panic("ent: DocumentToken is not a transactional entity")
-	}
-	dt.config.driver = _tx.drv
-	return dt
-}
-
-// String implements the fmt.Stringer.
-func (dt *DocumentToken) String() string {
-	var builder strings.Builder
-	builder.WriteString("DocumentToken(")
-	builder.WriteString(fmt.Sprintf("id=%v, ", dt.ID))
-	builder.WriteString("created_at=")
-	builder.WriteString(dt.CreatedAt.Format(time.ANSIC))
-	builder.WriteString(", ")
-	builder.WriteString("updated_at=")
-	builder.WriteString(dt.UpdatedAt.Format(time.ANSIC))
-	builder.WriteString(", ")
-	builder.WriteString("token=")
-	builder.WriteString(fmt.Sprintf("%v", dt.Token))
-	builder.WriteString(", ")
-	builder.WriteString("uses=")
-	builder.WriteString(fmt.Sprintf("%v", dt.Uses))
-	builder.WriteString(", ")
-	builder.WriteString("expires_at=")
-	builder.WriteString(dt.ExpiresAt.Format(time.ANSIC))
-	builder.WriteByte(')')
-	return builder.String()
-}
-
-// DocumentTokens is a parsable slice of DocumentToken.
-type DocumentTokens []*DocumentToken
-
-func (dt DocumentTokens) config(cfg config) {
-	for _i := range dt {
-		dt[_i].config = cfg
-	}
-}

backend/ent/documenttoken/documenttoken.go

@@ -1,85 +0,0 @@
-// Code generated by ent, DO NOT EDIT.
-
-package documenttoken
-
-import (
-	"time"
-
-	"github.com/google/uuid"
-)
-
-const (
-	// Label holds the string label denoting the documenttoken type in the database.
-	Label = "document_token"
-	// FieldID holds the string denoting the id field in the database.
-	FieldID = "id"
-	// FieldCreatedAt holds the string denoting the created_at field in the database.
-	FieldCreatedAt = "created_at"
-	// FieldUpdatedAt holds the string denoting the updated_at field in the database.
-	FieldUpdatedAt = "updated_at"
-	// FieldToken holds the string denoting the token field in the database.
-	FieldToken = "token"
-	// FieldUses holds the string denoting the uses field in the database.
-	FieldUses = "uses"
-	// FieldExpiresAt holds the string denoting the expires_at field in the database.
-	FieldExpiresAt = "expires_at"
-	// EdgeDocument holds the string denoting the document edge name in mutations.
-	EdgeDocument = "document"
-	// Table holds the table name of the documenttoken in the database.
-	Table = "document_tokens"
-	// DocumentTable is the table that holds the document relation/edge.
-	DocumentTable = "document_tokens"
-	// DocumentInverseTable is the table name for the Document entity.
-	// It exists in this package in order to avoid circular dependency with the "document" package.
-	DocumentInverseTable = "documents"
-	// DocumentColumn is the table column denoting the document relation/edge.
-	DocumentColumn = "document_document_tokens"
-)
-
-// Columns holds all SQL columns for documenttoken fields.
-var Columns = []string{
-	FieldID,
-	FieldCreatedAt,
-	FieldUpdatedAt,
-	FieldToken,
-	FieldUses,
-	FieldExpiresAt,
-}
-
-// ForeignKeys holds the SQL foreign-keys that are owned by the "document_tokens"
-// table and are not defined as standalone fields in the schema.
-var ForeignKeys = []string{
-	"document_document_tokens",
-}
-
-// ValidColumn reports if the column name is valid (part of the table columns).
-func ValidColumn(column string) bool {
-	for i := range Columns {
-		if column == Columns[i] {
-			return true
-		}
-	}
-	for i := range ForeignKeys {
-		if column == ForeignKeys[i] {
-			return true
-		}
-	}
-	return false
-}
-
-var (
-	// DefaultCreatedAt holds the default value on creation for the "created_at" field.
-	DefaultCreatedAt func() time.Time
-	// DefaultUpdatedAt holds the default value on creation for the "updated_at" field.
-	DefaultUpdatedAt func() time.Time
-	// UpdateDefaultUpdatedAt holds the default value on update for the "updated_at" field.
-	UpdateDefaultUpdatedAt func() time.Time
-	// TokenValidator is a validator for the "token" field. It is called by the builders before save.
-	TokenValidator func([]byte) error
-	// DefaultUses holds the default value on creation for the "uses" field.
-	DefaultUses int
-	// DefaultExpiresAt holds the default value on creation for the "expires_at" field.
-	DefaultExpiresAt func() time.Time
-	// DefaultID holds the default value on creation for the "id" field.
-	DefaultID func() uuid.UUID
-)

backend/ent/documenttoken/where.go

@@ -1,498 +0,0 @@
-// Code generated by ent, DO NOT EDIT.
-
-package documenttoken
-
-import (
-	"time"
-
-	"entgo.io/ent/dialect/sql"
-	"entgo.io/ent/dialect/sql/sqlgraph"
-	"github.com/google/uuid"
-	"github.com/hay-kot/homebox/backend/ent/predicate"
-)
-
-// ID filters vertices based on their ID field.
-func ID(id uuid.UUID) predicate.DocumentToken {
-	return predicate.DocumentToken(func(s *sql.Selector) {
-		s.Where(sql.EQ(s.C(FieldID), id))
-	})
-}
-
-// IDEQ applies the EQ predicate on the ID field.
-func IDEQ(id uuid.UUID) predicate.DocumentToken {
-	return predicate.DocumentToken(func(s *sql.Selector) {
-		s.Where(sql.EQ(s.C(FieldID), id))
-	})
-}
-
-// IDNEQ applies the NEQ predicate on the ID field.
-func IDNEQ(id uuid.UUID) predicate.DocumentToken {
-	return predicate.DocumentToken(func(s *sql.Selector) {
-		s.Where(sql.NEQ(s.C(FieldID), id))
-	})
-}
-
-// IDIn applies the In predicate on the ID field.
-func IDIn(ids ...uuid.UUID) predicate.DocumentToken {
-	return predicate.DocumentToken(func(s *sql.Selector) {
-		v := make([]any, len(ids))
-		for i := range v {
-			v[i] = ids[i]
-		}
-		s.Where(sql.In(s.C(FieldID), v...))
-	})
-}
-
-// IDNotIn applies the NotIn predicate on the ID field.
-func IDNotIn(ids ...uuid.UUID) predicate.DocumentToken {
-	return predicate.DocumentToken(func(s *sql.Selector) {
-		v := make([]any, len(ids))
-		for i := range v {
-			v[i] = ids[i]
-		}
-		s.Where(sql.NotIn(s.C(FieldID), v...))
-	})
-}
-
-// IDGT applies the GT predicate on the ID field.
-func IDGT(id uuid.UUID) predicate.DocumentToken {
-	return predicate.DocumentToken(func(s *sql.Selector) {
-		s.Where(sql.GT(s.C(FieldID), id))
-	})
-}
-
-// IDGTE applies the GTE predicate on the ID field.
-func IDGTE(id uuid.UUID) predicate.DocumentToken {
-	return predicate.DocumentToken(func(s *sql.Selector) {
-		s.Where(sql.GTE(s.C(FieldID), id))
-	})
-}
-
-// IDLT applies the LT predicate on the ID field.
-func IDLT(id uuid.UUID) predicate.DocumentToken {
-	return predicate.DocumentToken(func(s *sql.Selector) {
-		s.Where(sql.LT(s.C(FieldID), id))
-	})
-}
-
-// IDLTE applies the LTE predicate on the ID field.
-func IDLTE(id uuid.UUID) predicate.DocumentToken {
-	return predicate.DocumentToken(func(s *sql.Selector) {
-		s.Where(sql.LTE(s.C(FieldID), id))
-	})
-}
-
-// CreatedAt applies equality check predicate on the "created_at" field. It's identical to CreatedAtEQ.
-func CreatedAt(v time.Time) predicate.DocumentToken {
-	return predicate.DocumentToken(func(s *sql.Selector) {
-		s.Where(sql.EQ(s.C(FieldCreatedAt), v))
-	})
-}
-
-// UpdatedAt applies equality check predicate on the "updated_at" field. It's identical to UpdatedAtEQ.
-func UpdatedAt(v time.Time) predicate.DocumentToken {
-	return predicate.DocumentToken(func(s *sql.Selector) {
-		s.Where(sql.EQ(s.C(FieldUpdatedAt), v))
-	})
-}
-
-// Token applies equality check predicate on the "token" field. It's identical to TokenEQ.
-func Token(v []byte) predicate.DocumentToken {
-	return predicate.DocumentToken(func(s *sql.Selector) {
-		s.Where(sql.EQ(s.C(FieldToken), v))
-	})
-}
-
-// Uses applies equality check predicate on the "uses" field. It's identical to UsesEQ.
-func Uses(v int) predicate.DocumentToken {
-	return predicate.DocumentToken(func(s *sql.Selector) {
-		s.Where(sql.EQ(s.C(FieldUses), v))
-	})
-}
-
-// ExpiresAt applies equality check predicate on the "expires_at" field. It's identical to ExpiresAtEQ.
-func ExpiresAt(v time.Time) predicate.DocumentToken {
-	return predicate.DocumentToken(func(s *sql.Selector) {
-		s.Where(sql.EQ(s.C(FieldExpiresAt), v))
-	})
-}
-
-// CreatedAtEQ applies the EQ predicate on the "created_at" field.
-func CreatedAtEQ(v time.Time) predicate.DocumentToken {
-	return predicate.DocumentToken(func(s *sql.Selector) {
-		s.Where(sql.EQ(s.C(FieldCreatedAt), v))
-	})
-}
-
-// CreatedAtNEQ applies the NEQ predicate on the "created_at" field.
-func CreatedAtNEQ(v time.Time) predicate.DocumentToken {
-	return predicate.DocumentToken(func(s *sql.Selector) {
-		s.Where(sql.NEQ(s.C(FieldCreatedAt), v))
-	})
-}
-
-// CreatedAtIn applies the In predicate on the "created_at" field.
-func CreatedAtIn(vs ...time.Time) predicate.DocumentToken {
-	v := make([]any, len(vs))
-	for i := range v {
-		v[i] = vs[i]
-	}
-	return predicate.DocumentToken(func(s *sql.Selector) {
-		s.Where(sql.In(s.C(FieldCreatedAt), v...))
-	})
-}
-
-// CreatedAtNotIn applies the NotIn predicate on the "created_at" field.
-func CreatedAtNotIn(vs ...time.Time) predicate.DocumentToken {
-	v := make([]any, len(vs))
-	for i := range v {
-		v[i] = vs[i]
-	}
-	return predicate.DocumentToken(func(s *sql.Selector) {
-		s.Where(sql.NotIn(s.C(FieldCreatedAt), v...))
-	})
-}
-
-// CreatedAtGT applies the GT predicate on the "created_at" field.
-func CreatedAtGT(v time.Time) predicate.DocumentToken {
-	return predicate.DocumentToken(func(s *sql.Selector) {
-		s.Where(sql.GT(s.C(FieldCreatedAt), v))
-	})
-}
-
-// CreatedAtGTE applies the GTE predicate on the "created_at" field.
-func CreatedAtGTE(v time.Time) predicate.DocumentToken {
-	return predicate.DocumentToken(func(s *sql.Selector) {
-		s.Where(sql.GTE(s.C(FieldCreatedAt), v))
-	})
-}
-
-// CreatedAtLT applies the LT predicate on the "created_at" field.
-func CreatedAtLT(v time.Time) predicate.DocumentToken {
-	return predicate.DocumentToken(func(s *sql.Selector) {
-		s.Where(sql.LT(s.C(FieldCreatedAt), v))
-	})
-}
-
-// CreatedAtLTE applies the LTE predicate on the "created_at" field.
-func CreatedAtLTE(v time.Time) predicate.DocumentToken {
-	return predicate.DocumentToken(func(s *sql.Selector) {
-		s.Where(sql.LTE(s.C(FieldCreatedAt), v))
-	})
-}
-
-// UpdatedAtEQ applies the EQ predicate on the "updated_at" field.
-func UpdatedAtEQ(v time.Time) predicate.DocumentToken {
-	return predicate.DocumentToken(func(s *sql.Selector) {
-		s.Where(sql.EQ(s.C(FieldUpdatedAt), v))
-	})
-}
-
-// UpdatedAtNEQ applies the NEQ predicate on the "updated_at" field.
-func UpdatedAtNEQ(v time.Time) predicate.DocumentToken {
-	return predicate.DocumentToken(func(s *sql.Selector) {
-		s.Where(sql.NEQ(s.C(FieldUpdatedAt), v))
-	})
-}
-
-// UpdatedAtIn applies the In predicate on the "updated_at" field.
-func UpdatedAtIn(vs ...time.Time) predicate.DocumentToken {
-	v := make([]any, len(vs))
-	for i := range v {
-		v[i] = vs[i]
-	}
-	return predicate.DocumentToken(func(s *sql.Selector) {
-		s.Where(sql.In(s.C(FieldUpdatedAt), v...))
-	})
-}
-
-// UpdatedAtNotIn applies the NotIn predicate on the "updated_at" field.
-func UpdatedAtNotIn(vs ...time.Time) predicate.DocumentToken {
-	v := make([]any, len(vs))
-	for i := range v {
-		v[i] = vs[i]
-	}
-	return predicate.DocumentToken(func(s *sql.Selector) {
-		s.Where(sql.NotIn(s.C(FieldUpdatedAt), v...))
-	})
-}
-
-// UpdatedAtGT applies the GT predicate on the "updated_at" field.
-func UpdatedAtGT(v time.Time) predicate.DocumentToken {
-	return predicate.DocumentToken(func(s *sql.Selector) {
-		s.Where(sql.GT(s.C(FieldUpdatedAt), v))
-	})
-}
-
-// UpdatedAtGTE applies the GTE predicate on the "updated_at" field.
-func UpdatedAtGTE(v time.Time) predicate.DocumentToken {
-	return predicate.DocumentToken(func(s *sql.Selector) {
-		s.Where(sql.GTE(s.C(FieldUpdatedAt), v))
-	})
-}
-
-// UpdatedAtLT applies the LT predicate on the "updated_at" field.
-func UpdatedAtLT(v time.Time) predicate.DocumentToken {
-	return predicate.DocumentToken(func(s *sql.Selector) {
-		s.Where(sql.LT(s.C(FieldUpdatedAt), v))
-	})
-}
-
-// UpdatedAtLTE applies the LTE predicate on the "updated_at" field.
-func UpdatedAtLTE(v time.Time) predicate.DocumentToken {
-	return predicate.DocumentToken(func(s *sql.Selector) {
-		s.Where(sql.LTE(s.C(FieldUpdatedAt), v))
-	})
-}
-
-// TokenEQ applies the EQ predicate on the "token" field.
-func TokenEQ(v []byte) predicate.DocumentToken {
-	return predicate.DocumentToken(func(s *sql.Selector) {
-		s.Where(sql.EQ(s.C(FieldToken), v))
-	})
-}
-
-// TokenNEQ applies the NEQ predicate on the "token" field.
-func TokenNEQ(v []byte) predicate.DocumentToken {
-	return predicate.DocumentToken(func(s *sql.Selector) {
-		s.Where(sql.NEQ(s.C(FieldToken), v))
-	})
-}
-
-// TokenIn applies the In predicate on the "token" field.
-func TokenIn(vs ...[]byte) predicate.DocumentToken {
-	v := make([]any, len(vs))
-	for i := range v {
-		v[i] = vs[i]
-	}
-	return predicate.DocumentToken(func(s *sql.Selector) {
-		s.Where(sql.In(s.C(FieldToken), v...))
-	})
-}
-
-// TokenNotIn applies the NotIn predicate on the "token" field.
-func TokenNotIn(vs ...[]byte) predicate.DocumentToken {
-	v := make([]any, len(vs))
-	for i := range v {
-		v[i] = vs[i]
-	}
-	return predicate.DocumentToken(func(s *sql.Selector) {
-		s.Where(sql.NotIn(s.C(FieldToken), v...))
-	})
-}
-
-// TokenGT applies the GT predicate on the "token" field.
-func TokenGT(v []byte) predicate.DocumentToken {
-	return predicate.DocumentToken(func(s *sql.Selector) {
-		s.Where(sql.GT(s.C(FieldToken), v))
-	})
-}
-
-// TokenGTE applies the GTE predicate on the "token" field.
-func TokenGTE(v []byte) predicate.DocumentToken {
-	return predicate.DocumentToken(func(s *sql.Selector) {
-		s.Where(sql.GTE(s.C(FieldToken), v))
-	})
-}
-
-// TokenLT applies the LT predicate on the "token" field.
-func TokenLT(v []byte) predicate.DocumentToken {
-	return predicate.DocumentToken(func(s *sql.Selector) {
-		s.Where(sql.LT(s.C(FieldToken), v))
-	})
-}
-
-// TokenLTE applies the LTE predicate on the "token" field.
-func TokenLTE(v []byte) predicate.DocumentToken {
-	return predicate.DocumentToken(func(s *sql.Selector) {
-		s.Where(sql.LTE(s.C(FieldToken), v))
-	})
-}
-
-// UsesEQ applies the EQ predicate on the "uses" field.
-func UsesEQ(v int) predicate.DocumentToken {
-	return predicate.DocumentToken(func(s *sql.Selector) {
-		s.Where(sql.EQ(s.C(FieldUses), v))
-	})
-}
-
-// UsesNEQ applies the NEQ predicate on the "uses" field.
-func UsesNEQ(v int) predicate.DocumentToken {
-	return predicate.DocumentToken(func(s *sql.Selector) {
-		s.Where(sql.NEQ(s.C(FieldUses), v))
-	})
-}
-
-// UsesIn applies the In predicate on the "uses" field.
-func UsesIn(vs ...int) predicate.DocumentToken {
-	v := make([]any, len(vs))
-	for i := range v {
-		v[i] = vs[i]
-	}
-	return predicate.DocumentToken(func(s *sql.Selector) {
-		s.Where(sql.In(s.C(FieldUses), v...))
-	})
-}
-
-// UsesNotIn applies the NotIn predicate on the "uses" field.
-func UsesNotIn(vs ...int) predicate.DocumentToken {
-	v := make([]any, len(vs))
-	for i := range v {
-		v[i] = vs[i]
-	}
-	return predicate.DocumentToken(func(s *sql.Selector) {
-		s.Where(sql.NotIn(s.C(FieldUses), v...))
-	})
-}
-
-// UsesGT applies the GT predicate on the "uses" field.
-func UsesGT(v int) predicate.DocumentToken {
-	return predicate.DocumentToken(func(s *sql.Selector) {
-		s.Where(sql.GT(s.C(FieldUses), v))
-	})
-}
-
-// UsesGTE applies the GTE predicate on the "uses" field.
-func UsesGTE(v int) predicate.DocumentToken {
-	return predicate.DocumentToken(func(s *sql.Selector) {
-		s.Where(sql.GTE(s.C(FieldUses), v))
-	})
-}
-
-// UsesLT applies the LT predicate on the "uses" field.
-func UsesLT(v int) predicate.DocumentToken {
-	return predicate.DocumentToken(func(s *sql.Selector) {
-		s.Where(sql.LT(s.C(FieldUses), v))
-	})
-}
-
-// UsesLTE applies the LTE predicate on the "uses" field.
-func UsesLTE(v int) predicate.DocumentToken {
-	return predicate.DocumentToken(func(s *sql.Selector) {
-		s.Where(sql.LTE(s.C(FieldUses), v))
-	})
-}
-
-// ExpiresAtEQ applies the EQ predicate on the "expires_at" field.
-func ExpiresAtEQ(v time.Time) predicate.DocumentToken {
-	return predicate.DocumentToken(func(s *sql.Selector) {
-		s.Where(sql.EQ(s.C(FieldExpiresAt), v))
-	})
-}
-
-// ExpiresAtNEQ applies the NEQ predicate on the "expires_at" field.
-func ExpiresAtNEQ(v time.Time) predicate.DocumentToken {
-	return predicate.DocumentToken(func(s *sql.Selector) {
-		s.Where(sql.NEQ(s.C(FieldExpiresAt), v))
-	})
-}
-
-// ExpiresAtIn applies the In predicate on the "expires_at" field.
-func ExpiresAtIn(vs ...time.Time) predicate.DocumentToken {
-	v := make([]any, len(vs))
-	for i := range v {
-		v[i] = vs[i]
-	}
-	return predicate.DocumentToken(func(s *sql.Selector) {
-		s.Where(sql.In(s.C(FieldExpiresAt), v...))
-	})
-}
-
-// ExpiresAtNotIn applies the NotIn predicate on the "expires_at" field.
-func ExpiresAtNotIn(vs ...time.Time) predicate.DocumentToken {
-	v := make([]any, len(vs))
-	for i := range v {
-		v[i] = vs[i]
-	}
-	return predicate.DocumentToken(func(s *sql.Selector) {
-		s.Where(sql.NotIn(s.C(FieldExpiresAt), v...))
-	})
-}
-
-// ExpiresAtGT applies the GT predicate on the "expires_at" field.
-func ExpiresAtGT(v time.Time) predicate.DocumentToken {
-	return predicate.DocumentToken(func(s *sql.Selector) {
-		s.Where(sql.GT(s.C(FieldExpiresAt), v))
-	})
-}
-
-// ExpiresAtGTE applies the GTE predicate on the "expires_at" field.
-func ExpiresAtGTE(v time.Time) predicate.DocumentToken {
-	return predicate.DocumentToken(func(s *sql.Selector) {
-		s.Where(sql.GTE(s.C(FieldExpiresAt), v))
-	})
-}
-
-// ExpiresAtLT applies the LT predicate on the "expires_at" field.
-func ExpiresAtLT(v time.Time) predicate.DocumentToken {
-	return predicate.DocumentToken(func(s *sql.Selector) {
-		s.Where(sql.LT(s.C(FieldExpiresAt), v))
-	})
-}
-
-// ExpiresAtLTE applies the LTE predicate on the "expires_at" field.
-func ExpiresAtLTE(v time.Time) predicate.DocumentToken {
-	return predicate.DocumentToken(func(s *sql.Selector) {
-		s.Where(sql.LTE(s.C(FieldExpiresAt), v))
-	})
-}
-
-// HasDocument applies the HasEdge predicate on the "document" edge.
-func HasDocument() predicate.DocumentToken {
-	return predicate.DocumentToken(func(s *sql.Selector) {
-		step := sqlgraph.NewStep(
-			sqlgraph.From(Table, FieldID),
-			sqlgraph.To(DocumentTable, FieldID),
-			sqlgraph.Edge(sqlgraph.M2O, true, DocumentTable, DocumentColumn),
-		)
-		sqlgraph.HasNeighbors(s, step)
-	})
-}
-
-// HasDocumentWith applies the HasEdge predicate on the "document" edge with a given conditions (other predicates).
-func HasDocumentWith(preds ...predicate.Document) predicate.DocumentToken {
-	return predicate.DocumentToken(func(s *sql.Selector) {
-		step := sqlgraph.NewStep(
-			sqlgraph.From(Table, FieldID),
-			sqlgraph.To(DocumentInverseTable, FieldID),
-			sqlgraph.Edge(sqlgraph.M2O, true, DocumentTable, DocumentColumn),
-		)
-		sqlgraph.HasNeighborsWith(s, step, func(s *sql.Selector) {
-			for _, p := range preds {
-				p(s)
-			}
-		})
-	})
-}
-
-// And groups predicates with the AND operator between them.
-func And(predicates ...predicate.DocumentToken) predicate.DocumentToken {
-	return predicate.DocumentToken(func(s *sql.Selector) {
-		s1 := s.Clone().SetP(nil)
-		for _, p := range predicates {
-			p(s1)
-		}
-		s.Where(s1.P())
-	})
-}
-
-// Or groups predicates with the OR operator between them.
-func Or(predicates ...predicate.DocumentToken) predicate.DocumentToken {
-	return predicate.DocumentToken(func(s *sql.Selector) {
-		s1 := s.Clone().SetP(nil)
-		for i, p := range predicates {
-			if i > 0 {
-				s1.Or()
-			}
-			p(s1)
-		}
-		s.Where(s1.P())
-	})
-}
-
-// Not applies the not operator on the given predicate.
-func Not(p predicate.DocumentToken) predicate.DocumentToken {
-	return predicate.DocumentToken(func(s *sql.Selector) {
-		p(s.Not())
-	})
-}

backend/ent/documenttoken_create.go

@@ -1,418 +0,0 @@
-// Code generated by ent, DO NOT EDIT.
-
-package ent
-
-import (
-	"context"
-	"errors"
-	"fmt"
-	"time"
-
-	"entgo.io/ent/dialect/sql/sqlgraph"
-	"entgo.io/ent/schema/field"
-	"github.com/google/uuid"
-	"github.com/hay-kot/homebox/backend/ent/document"
-	"github.com/hay-kot/homebox/backend/ent/documenttoken"
-)
-
-// DocumentTokenCreate is the builder for creating a DocumentToken entity.
-type DocumentTokenCreate struct {
-	config
-	mutation *DocumentTokenMutation
-	hooks    []Hook
-}
-
-// SetCreatedAt sets the "created_at" field.
-func (dtc *DocumentTokenCreate) SetCreatedAt(t time.Time) *DocumentTokenCreate {
-	dtc.mutation.SetCreatedAt(t)
-	return dtc
-}
-
-// SetNillableCreatedAt sets the "created_at" field if the given value is not nil.
-func (dtc *DocumentTokenCreate) SetNillableCreatedAt(t *time.Time) *DocumentTokenCreate {
-	if t != nil {
-		dtc.SetCreatedAt(*t)
-	}
-	return dtc
-}
-
-// SetUpdatedAt sets the "updated_at" field.
-func (dtc *DocumentTokenCreate) SetUpdatedAt(t time.Time) *DocumentTokenCreate {
-	dtc.mutation.SetUpdatedAt(t)
-	return dtc
-}
-
-// SetNillableUpdatedAt sets the "updated_at" field if the given value is not nil.
-func (dtc *DocumentTokenCreate) SetNillableUpdatedAt(t *time.Time) *DocumentTokenCreate {
-	if t != nil {
-		dtc.SetUpdatedAt(*t)
-	}
-	return dtc
-}
-
-// SetToken sets the "token" field.
-func (dtc *DocumentTokenCreate) SetToken(b []byte) *DocumentTokenCreate {
-	dtc.mutation.SetToken(b)
-	return dtc
-}
-
-// SetUses sets the "uses" field.
-func (dtc *DocumentTokenCreate) SetUses(i int) *DocumentTokenCreate {
-	dtc.mutation.SetUses(i)
-	return dtc
-}
-
-// SetNillableUses sets the "uses" field if the given value is not nil.
-func (dtc *DocumentTokenCreate) SetNillableUses(i *int) *DocumentTokenCreate {
-	if i != nil {
-		dtc.SetUses(*i)
-	}
-	return dtc
-}
-
-// SetExpiresAt sets the "expires_at" field.
-func (dtc *DocumentTokenCreate) SetExpiresAt(t time.Time) *DocumentTokenCreate {
-	dtc.mutation.SetExpiresAt(t)
-	return dtc
-}
-
-// SetNillableExpiresAt sets the "expires_at" field if the given value is not nil.
-func (dtc *DocumentTokenCreate) SetNillableExpiresAt(t *time.Time) *DocumentTokenCreate {
-	if t != nil {
-		dtc.SetExpiresAt(*t)
-	}
-	return dtc
-}
-
-// SetID sets the "id" field.
-func (dtc *DocumentTokenCreate) SetID(u uuid.UUID) *DocumentTokenCreate {
-	dtc.mutation.SetID(u)
-	return dtc
-}
-
-// SetNillableID sets the "id" field if the given value is not nil.
-func (dtc *DocumentTokenCreate) SetNillableID(u *uuid.UUID) *DocumentTokenCreate {
-	if u != nil {
-		dtc.SetID(*u)
-	}
-	return dtc
-}
-
-// SetDocumentID sets the "document" edge to the Document entity by ID.
-func (dtc *DocumentTokenCreate) SetDocumentID(id uuid.UUID) *DocumentTokenCreate {
-	dtc.mutation.SetDocumentID(id)
-	return dtc
-}
-
-// SetNillableDocumentID sets the "document" edge to the Document entity by ID if the given value is not nil.
-func (dtc *DocumentTokenCreate) SetNillableDocumentID(id *uuid.UUID) *DocumentTokenCreate {
-	if id != nil {
-		dtc = dtc.SetDocumentID(*id)
-	}
-	return dtc
-}
-
-// SetDocument sets the "document" edge to the Document entity.
-func (dtc *DocumentTokenCreate) SetDocument(d *Document) *DocumentTokenCreate {
-	return dtc.SetDocumentID(d.ID)
-}
-
-// Mutation returns the DocumentTokenMutation object of the builder.
-func (dtc *DocumentTokenCreate) Mutation() *DocumentTokenMutation {
-	return dtc.mutation
-}
-
-// Save creates the DocumentToken in the database.
-func (dtc *DocumentTokenCreate) Save(ctx context.Context) (*DocumentToken, error) {
-	var (
-		err  error
-		node *DocumentToken
-	)
-	dtc.defaults()
-	if len(dtc.hooks) == 0 {
-		if err = dtc.check(); err != nil {
-			return nil, err
-		}
-		node, err = dtc.sqlSave(ctx)
-	} else {
-		var mut Mutator = MutateFunc(func(ctx context.Context, m Mutation) (Value, error) {
-			mutation, ok := m.(*DocumentTokenMutation)
-			if !ok {
-				return nil, fmt.Errorf("unexpected mutation type %T", m)
-			}
-			if err = dtc.check(); err != nil {
-				return nil, err
-			}
-			dtc.mutation = mutation
-			if node, err = dtc.sqlSave(ctx); err != nil {
-				return nil, err
-			}
-			mutation.id = &node.ID
-			mutation.done = true
-			return node, err
-		})
-		for i := len(dtc.hooks) - 1; i >= 0; i-- {
-			if dtc.hooks[i] == nil {
-				return nil, fmt.Errorf("ent: uninitialized hook (forgotten import ent/runtime?)")
-			}
-			mut = dtc.hooks[i](mut)
-		}
-		v, err := mut.Mutate(ctx, dtc.mutation)
-		if err != nil {
-			return nil, err
-		}
-		nv, ok := v.(*DocumentToken)
-		if !ok {
-			return nil, fmt.Errorf("unexpected node type %T returned from DocumentTokenMutation", v)
-		}
-		node = nv
-	}
-	return node, err
-}
-
-// SaveX calls Save and panics if Save returns an error.
-func (dtc *DocumentTokenCreate) SaveX(ctx context.Context) *DocumentToken {
-	v, err := dtc.Save(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Exec executes the query.
-func (dtc *DocumentTokenCreate) Exec(ctx context.Context) error {
-	_, err := dtc.Save(ctx)
-	return err
-}
-
-// ExecX is like Exec, but panics if an error occurs.
-func (dtc *DocumentTokenCreate) ExecX(ctx context.Context) {
-	if err := dtc.Exec(ctx); err != nil {
-		panic(err)
-	}
-}
-
-// defaults sets the default values of the builder before save.
-func (dtc *DocumentTokenCreate) defaults() {
-	if _, ok := dtc.mutation.CreatedAt(); !ok {
-		v := documenttoken.DefaultCreatedAt()
-		dtc.mutation.SetCreatedAt(v)
-	}
-	if _, ok := dtc.mutation.UpdatedAt(); !ok {
-		v := documenttoken.DefaultUpdatedAt()
-		dtc.mutation.SetUpdatedAt(v)
-	}
-	if _, ok := dtc.mutation.Uses(); !ok {
-		v := documenttoken.DefaultUses
-		dtc.mutation.SetUses(v)
-	}
-	if _, ok := dtc.mutation.ExpiresAt(); !ok {
-		v := documenttoken.DefaultExpiresAt()
-		dtc.mutation.SetExpiresAt(v)
-	}
-	if _, ok := dtc.mutation.ID(); !ok {
-		v := documenttoken.DefaultID()
-		dtc.mutation.SetID(v)
-	}
-}
-
-// check runs all checks and user-defined validators on the builder.
-func (dtc *DocumentTokenCreate) check() error {
-	if _, ok := dtc.mutation.CreatedAt(); !ok {
-		return &ValidationError{Name: "created_at", err: errors.New(`ent: missing required field "DocumentToken.created_at"`)}
-	}
-	if _, ok := dtc.mutation.UpdatedAt(); !ok {
-		return &ValidationError{Name: "updated_at", err: errors.New(`ent: missing required field "DocumentToken.updated_at"`)}
-	}
-	if _, ok := dtc.mutation.Token(); !ok {
-		return &ValidationError{Name: "token", err: errors.New(`ent: missing required field "DocumentToken.token"`)}
-	}
-	if v, ok := dtc.mutation.Token(); ok {
-		if err := documenttoken.TokenValidator(v); err != nil {
-			return &ValidationError{Name: "token", err: fmt.Errorf(`ent: validator failed for field "DocumentToken.token": %w`, err)}
-		}
-	}
-	if _, ok := dtc.mutation.Uses(); !ok {
-		return &ValidationError{Name: "uses", err: errors.New(`ent: missing required field "DocumentToken.uses"`)}
-	}
-	if _, ok := dtc.mutation.ExpiresAt(); !ok {
-		return &ValidationError{Name: "expires_at", err: errors.New(`ent: missing required field "DocumentToken.expires_at"`)}
-	}
-	return nil
-}
-
-func (dtc *DocumentTokenCreate) sqlSave(ctx context.Context) (*DocumentToken, error) {
-	_node, _spec := dtc.createSpec()
-	if err := sqlgraph.CreateNode(ctx, dtc.driver, _spec); err != nil {
-		if sqlgraph.IsConstraintError(err) {
-			err = &ConstraintError{msg: err.Error(), wrap: err}
-		}
-		return nil, err
-	}
-	if _spec.ID.Value != nil {
-		if id, ok := _spec.ID.Value.(*uuid.UUID); ok {
-			_node.ID = *id
-		} else if err := _node.ID.Scan(_spec.ID.Value); err != nil {
-			return nil, err
-		}
-	}
-	return _node, nil
-}
-
-func (dtc *DocumentTokenCreate) createSpec() (*DocumentToken, *sqlgraph.CreateSpec) {
-	var (
-		_node = &DocumentToken{config: dtc.config}
-		_spec = &sqlgraph.CreateSpec{
-			Table: documenttoken.Table,
-			ID: &sqlgraph.FieldSpec{
-				Type:   field.TypeUUID,
-				Column: documenttoken.FieldID,
-			},
-		}
-	)
-	if id, ok := dtc.mutation.ID(); ok {
-		_node.ID = id
-		_spec.ID.Value = &id
-	}
-	if value, ok := dtc.mutation.CreatedAt(); ok {
-		_spec.Fields = append(_spec.Fields, &sqlgraph.FieldSpec{
-			Type:   field.TypeTime,
-			Value:  value,
-			Column: documenttoken.FieldCreatedAt,
-		})
-		_node.CreatedAt = value
-	}
-	if value, ok := dtc.mutation.UpdatedAt(); ok {
-		_spec.Fields = append(_spec.Fields, &sqlgraph.FieldSpec{
-			Type:   field.TypeTime,
-			Value:  value,
-			Column: documenttoken.FieldUpdatedAt,
-		})
-		_node.UpdatedAt = value
-	}
-	if value, ok := dtc.mutation.Token(); ok {
-		_spec.Fields = append(_spec.Fields, &sqlgraph.FieldSpec{
-			Type:   field.TypeBytes,
-			Value:  value,
-			Column: documenttoken.FieldToken,
-		})
-		_node.Token = value
-	}
-	if value, ok := dtc.mutation.Uses(); ok {
-		_spec.Fields = append(_spec.Fields, &sqlgraph.FieldSpec{
-			Type:   field.TypeInt,
-			Value:  value,
-			Column: documenttoken.FieldUses,
-		})
-		_node.Uses = value
-	}
-	if value, ok := dtc.mutation.ExpiresAt(); ok {
-		_spec.Fields = append(_spec.Fields, &sqlgraph.FieldSpec{
-			Type:   field.TypeTime,
-			Value:  value,
-			Column: documenttoken.FieldExpiresAt,
-		})
-		_node.ExpiresAt = value
-	}
-	if nodes := dtc.mutation.DocumentIDs(); len(nodes) > 0 {
-		edge := &sqlgraph.EdgeSpec{
-			Rel:     sqlgraph.M2O,
-			Inverse: true,
-			Table:   documenttoken.DocumentTable,
-			Columns: []string{documenttoken.DocumentColumn},
-			Bidi:    false,
-			Target: &sqlgraph.EdgeTarget{
-				IDSpec: &sqlgraph.FieldSpec{
-					Type:   field.TypeUUID,
-					Column: document.FieldID,
-				},
-			},
-		}
-		for _, k := range nodes {
-			edge.Target.Nodes = append(edge.Target.Nodes, k)
-		}
-		_node.document_document_tokens = &nodes[0]
-		_spec.Edges = append(_spec.Edges, edge)
-	}
-	return _node, _spec
-}
-
-// DocumentTokenCreateBulk is the builder for creating many DocumentToken entities in bulk.
-type DocumentTokenCreateBulk struct {
-	config
-	builders []*DocumentTokenCreate
-}
-
-// Save creates the DocumentToken entities in the database.
-func (dtcb *DocumentTokenCreateBulk) Save(ctx context.Context) ([]*DocumentToken, error) {
-	specs := make([]*sqlgraph.CreateSpec, len(dtcb.builders))
-	nodes := make([]*DocumentToken, len(dtcb.builders))
-	mutators := make([]Mutator, len(dtcb.builders))
-	for i := range dtcb.builders {
-		func(i int, root context.Context) {
-			builder := dtcb.builders[i]
-			builder.defaults()
-			var mut Mutator = MutateFunc(func(ctx context.Context, m Mutation) (Value, error) {
-				mutation, ok := m.(*DocumentTokenMutation)
-				if !ok {
-					return nil, fmt.Errorf("unexpected mutation type %T", m)
-				}
-				if err := builder.check(); err != nil {
-					return nil, err
-				}
-				builder.mutation = mutation
-				nodes[i], specs[i] = builder.createSpec()
-				var err error
-				if i < len(mutators)-1 {
-					_, err = mutators[i+1].Mutate(root, dtcb.builders[i+1].mutation)
-				} else {
-					spec := &sqlgraph.BatchCreateSpec{Nodes: specs}
-					// Invoke the actual operation on the latest mutation in the chain.
-					if err = sqlgraph.BatchCreate(ctx, dtcb.driver, spec); err != nil {
-						if sqlgraph.IsConstraintError(err) {
-							err = &ConstraintError{msg: err.Error(), wrap: err}
-						}
-					}
-				}
-				if err != nil {
-					return nil, err
-				}
-				mutation.id = &nodes[i].ID
-				mutation.done = true
-				return nodes[i], nil
-			})
-			for i := len(builder.hooks) - 1; i >= 0; i-- {
-				mut = builder.hooks[i](mut)
-			}
-			mutators[i] = mut
-		}(i, ctx)
-	}
-	if len(mutators) > 0 {
-		if _, err := mutators[0].Mutate(ctx, dtcb.builders[0].mutation); err != nil {
-			return nil, err
-		}
-	}
-	return nodes, nil
-}
-
-// SaveX is like Save, but panics if an error occurs.
-func (dtcb *DocumentTokenCreateBulk) SaveX(ctx context.Context) []*DocumentToken {
-	v, err := dtcb.Save(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Exec executes the query.
-func (dtcb *DocumentTokenCreateBulk) Exec(ctx context.Context) error {
-	_, err := dtcb.Save(ctx)
-	return err
-}
-
-// ExecX is like Exec, but panics if an error occurs.
-func (dtcb *DocumentTokenCreateBulk) ExecX(ctx context.Context) {
-	if err := dtcb.Exec(ctx); err != nil {
-		panic(err)
-	}
-}

backend/ent/documenttoken_delete.go

@@ -1,115 +0,0 @@
-// Code generated by ent, DO NOT EDIT.
-
-package ent
-
-import (
-	"context"
-	"fmt"
-
-	"entgo.io/ent/dialect/sql"
-	"entgo.io/ent/dialect/sql/sqlgraph"
-	"entgo.io/ent/schema/field"
-	"github.com/hay-kot/homebox/backend/ent/documenttoken"
-	"github.com/hay-kot/homebox/backend/ent/predicate"
-)
-
-// DocumentTokenDelete is the builder for deleting a DocumentToken entity.
-type DocumentTokenDelete struct {
-	config
-	hooks    []Hook
-	mutation *DocumentTokenMutation
-}
-
-// Where appends a list predicates to the DocumentTokenDelete builder.
-func (dtd *DocumentTokenDelete) Where(ps ...predicate.DocumentToken) *DocumentTokenDelete {
-	dtd.mutation.Where(ps...)
-	return dtd
-}
-
-// Exec executes the deletion query and returns how many vertices were deleted.
-func (dtd *DocumentTokenDelete) Exec(ctx context.Context) (int, error) {
-	var (
-		err      error
-		affected int
-	)
-	if len(dtd.hooks) == 0 {
-		affected, err = dtd.sqlExec(ctx)
-	} else {
-		var mut Mutator = MutateFunc(func(ctx context.Context, m Mutation) (Value, error) {
-			mutation, ok := m.(*DocumentTokenMutation)
-			if !ok {
-				return nil, fmt.Errorf("unexpected mutation type %T", m)
-			}
-			dtd.mutation = mutation
-			affected, err = dtd.sqlExec(ctx)
-			mutation.done = true
-			return affected, err
-		})
-		for i := len(dtd.hooks) - 1; i >= 0; i-- {
-			if dtd.hooks[i] == nil {
-				return 0, fmt.Errorf("ent: uninitialized hook (forgotten import ent/runtime?)")
-			}
-			mut = dtd.hooks[i](mut)
-		}
-		if _, err := mut.Mutate(ctx, dtd.mutation); err != nil {
-			return 0, err
-		}
-	}
-	return affected, err
-}
-
-// ExecX is like Exec, but panics if an error occurs.
-func (dtd *DocumentTokenDelete) ExecX(ctx context.Context) int {
-	n, err := dtd.Exec(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return n
-}
-
-func (dtd *DocumentTokenDelete) sqlExec(ctx context.Context) (int, error) {
-	_spec := &sqlgraph.DeleteSpec{
-		Node: &sqlgraph.NodeSpec{
-			Table: documenttoken.Table,
-			ID: &sqlgraph.FieldSpec{
-				Type:   field.TypeUUID,
-				Column: documenttoken.FieldID,
-			},
-		},
-	}
-	if ps := dtd.mutation.predicates; len(ps) > 0 {
-		_spec.Predicate = func(selector *sql.Selector) {
-			for i := range ps {
-				ps[i](selector)
-			}
-		}
-	}
-	affected, err := sqlgraph.DeleteNodes(ctx, dtd.driver, _spec)
-	if err != nil && sqlgraph.IsConstraintError(err) {
-		err = &ConstraintError{msg: err.Error(), wrap: err}
-	}
-	return affected, err
-}
-
-// DocumentTokenDeleteOne is the builder for deleting a single DocumentToken entity.
-type DocumentTokenDeleteOne struct {
-	dtd *DocumentTokenDelete
-}
-
-// Exec executes the deletion query.
-func (dtdo *DocumentTokenDeleteOne) Exec(ctx context.Context) error {
-	n, err := dtdo.dtd.Exec(ctx)
-	switch {
-	case err != nil:
-		return err
-	case n == 0:
-		return &NotFoundError{documenttoken.Label}
-	default:
-		return nil
-	}
-}
-
-// ExecX is like Exec, but panics if an error occurs.
-func (dtdo *DocumentTokenDeleteOne) ExecX(ctx context.Context) {
-	dtdo.dtd.ExecX(ctx)
-}

backend/ent/documenttoken_query.go

@@ -1,614 +0,0 @@
-// Code generated by ent, DO NOT EDIT.
-
-package ent
-
-import (
-	"context"
-	"fmt"
-	"math"
-
-	"entgo.io/ent/dialect/sql"
-	"entgo.io/ent/dialect/sql/sqlgraph"
-	"entgo.io/ent/schema/field"
-	"github.com/google/uuid"
-	"github.com/hay-kot/homebox/backend/ent/document"
-	"github.com/hay-kot/homebox/backend/ent/documenttoken"
-	"github.com/hay-kot/homebox/backend/ent/predicate"
-)
-
-// DocumentTokenQuery is the builder for querying DocumentToken entities.
-type DocumentTokenQuery struct {
-	config
-	limit        *int
-	offset       *int
-	unique       *bool
-	order        []OrderFunc
-	fields       []string
-	predicates   []predicate.DocumentToken
-	withDocument *DocumentQuery
-	withFKs      bool
-	// intermediate query (i.e. traversal path).
-	sql  *sql.Selector
-	path func(context.Context) (*sql.Selector, error)
-}
-
-// Where adds a new predicate for the DocumentTokenQuery builder.
-func (dtq *DocumentTokenQuery) Where(ps ...predicate.DocumentToken) *DocumentTokenQuery {
-	dtq.predicates = append(dtq.predicates, ps...)
-	return dtq
-}
-
-// Limit adds a limit step to the query.
-func (dtq *DocumentTokenQuery) Limit(limit int) *DocumentTokenQuery {
-	dtq.limit = &limit
-	return dtq
-}
-
-// Offset adds an offset step to the query.
-func (dtq *DocumentTokenQuery) Offset(offset int) *DocumentTokenQuery {
-	dtq.offset = &offset
-	return dtq
-}
-
-// Unique configures the query builder to filter duplicate records on query.
-// By default, unique is set to true, and can be disabled using this method.
-func (dtq *DocumentTokenQuery) Unique(unique bool) *DocumentTokenQuery {
-	dtq.unique = &unique
-	return dtq
-}
-
-// Order adds an order step to the query.
-func (dtq *DocumentTokenQuery) Order(o ...OrderFunc) *DocumentTokenQuery {
-	dtq.order = append(dtq.order, o...)
-	return dtq
-}
-
-// QueryDocument chains the current query on the "document" edge.
-func (dtq *DocumentTokenQuery) QueryDocument() *DocumentQuery {
-	query := &DocumentQuery{config: dtq.config}
-	query.path = func(ctx context.Context) (fromU *sql.Selector, err error) {
-		if err := dtq.prepareQuery(ctx); err != nil {
-			return nil, err
-		}
-		selector := dtq.sqlQuery(ctx)
-		if err := selector.Err(); err != nil {
-			return nil, err
-		}
-		step := sqlgraph.NewStep(
-			sqlgraph.From(documenttoken.Table, documenttoken.FieldID, selector),
-			sqlgraph.To(document.Table, document.FieldID),
-			sqlgraph.Edge(sqlgraph.M2O, true, documenttoken.DocumentTable, documenttoken.DocumentColumn),
-		)
-		fromU = sqlgraph.SetNeighbors(dtq.driver.Dialect(), step)
-		return fromU, nil
-	}
-	return query
-}
-
-// First returns the first DocumentToken entity from the query.
-// Returns a *NotFoundError when no DocumentToken was found.
-func (dtq *DocumentTokenQuery) First(ctx context.Context) (*DocumentToken, error) {
-	nodes, err := dtq.Limit(1).All(ctx)
-	if err != nil {
-		return nil, err
-	}
-	if len(nodes) == 0 {
-		return nil, &NotFoundError{documenttoken.Label}
-	}
-	return nodes[0], nil
-}
-
-// FirstX is like First, but panics if an error occurs.
-func (dtq *DocumentTokenQuery) FirstX(ctx context.Context) *DocumentToken {
-	node, err := dtq.First(ctx)
-	if err != nil && !IsNotFound(err) {
-		panic(err)
-	}
-	return node
-}
-
-// FirstID returns the first DocumentToken ID from the query.
-// Returns a *NotFoundError when no DocumentToken ID was found.
-func (dtq *DocumentTokenQuery) FirstID(ctx context.Context) (id uuid.UUID, err error) {
-	var ids []uuid.UUID
-	if ids, err = dtq.Limit(1).IDs(ctx); err != nil {
-		return
-	}
-	if len(ids) == 0 {
-		err = &NotFoundError{documenttoken.Label}
-		return
-	}
-	return ids[0], nil
-}
-
-// FirstIDX is like FirstID, but panics if an error occurs.
-func (dtq *DocumentTokenQuery) FirstIDX(ctx context.Context) uuid.UUID {
-	id, err := dtq.FirstID(ctx)
-	if err != nil && !IsNotFound(err) {
-		panic(err)
-	}
-	return id
-}
-
-// Only returns a single DocumentToken entity found by the query, ensuring it only returns one.
-// Returns a *NotSingularError when more than one DocumentToken entity is found.
-// Returns a *NotFoundError when no DocumentToken entities are found.
-func (dtq *DocumentTokenQuery) Only(ctx context.Context) (*DocumentToken, error) {
-	nodes, err := dtq.Limit(2).All(ctx)
-	if err != nil {
-		return nil, err
-	}
-	switch len(nodes) {
-	case 1:
-		return nodes[0], nil
-	case 0:
-		return nil, &NotFoundError{documenttoken.Label}
-	default:
-		return nil, &NotSingularError{documenttoken.Label}
-	}
-}
-
-// OnlyX is like Only, but panics if an error occurs.
-func (dtq *DocumentTokenQuery) OnlyX(ctx context.Context) *DocumentToken {
-	node, err := dtq.Only(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return node
-}
-
-// OnlyID is like Only, but returns the only DocumentToken ID in the query.
-// Returns a *NotSingularError when more than one DocumentToken ID is found.
-// Returns a *NotFoundError when no entities are found.
-func (dtq *DocumentTokenQuery) OnlyID(ctx context.Context) (id uuid.UUID, err error) {
-	var ids []uuid.UUID
-	if ids, err = dtq.Limit(2).IDs(ctx); err != nil {
-		return
-	}
-	switch len(ids) {
-	case 1:
-		id = ids[0]
-	case 0:
-		err = &NotFoundError{documenttoken.Label}
-	default:
-		err = &NotSingularError{documenttoken.Label}
-	}
-	return
-}
-
-// OnlyIDX is like OnlyID, but panics if an error occurs.
-func (dtq *DocumentTokenQuery) OnlyIDX(ctx context.Context) uuid.UUID {
-	id, err := dtq.OnlyID(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return id
-}
-
-// All executes the query and returns a list of DocumentTokens.
-func (dtq *DocumentTokenQuery) All(ctx context.Context) ([]*DocumentToken, error) {
-	if err := dtq.prepareQuery(ctx); err != nil {
-		return nil, err
-	}
-	return dtq.sqlAll(ctx)
-}
-
-// AllX is like All, but panics if an error occurs.
-func (dtq *DocumentTokenQuery) AllX(ctx context.Context) []*DocumentToken {
-	nodes, err := dtq.All(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return nodes
-}
-
-// IDs executes the query and returns a list of DocumentToken IDs.
-func (dtq *DocumentTokenQuery) IDs(ctx context.Context) ([]uuid.UUID, error) {
-	var ids []uuid.UUID
-	if err := dtq.Select(documenttoken.FieldID).Scan(ctx, &ids); err != nil {
-		return nil, err
-	}
-	return ids, nil
-}
-
-// IDsX is like IDs, but panics if an error occurs.
-func (dtq *DocumentTokenQuery) IDsX(ctx context.Context) []uuid.UUID {
-	ids, err := dtq.IDs(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return ids
-}
-
-// Count returns the count of the given query.
-func (dtq *DocumentTokenQuery) Count(ctx context.Context) (int, error) {
-	if err := dtq.prepareQuery(ctx); err != nil {
-		return 0, err
-	}
-	return dtq.sqlCount(ctx)
-}
-
-// CountX is like Count, but panics if an error occurs.
-func (dtq *DocumentTokenQuery) CountX(ctx context.Context) int {
-	count, err := dtq.Count(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return count
-}
-
-// Exist returns true if the query has elements in the graph.
-func (dtq *DocumentTokenQuery) Exist(ctx context.Context) (bool, error) {
-	if err := dtq.prepareQuery(ctx); err != nil {
-		return false, err
-	}
-	return dtq.sqlExist(ctx)
-}
-
-// ExistX is like Exist, but panics if an error occurs.
-func (dtq *DocumentTokenQuery) ExistX(ctx context.Context) bool {
-	exist, err := dtq.Exist(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return exist
-}
-
-// Clone returns a duplicate of the DocumentTokenQuery builder, including all associated steps. It can be
-// used to prepare common query builders and use them differently after the clone is made.
-func (dtq *DocumentTokenQuery) Clone() *DocumentTokenQuery {
-	if dtq == nil {
-		return nil
-	}
-	return &DocumentTokenQuery{
-		config:       dtq.config,
-		limit:        dtq.limit,
-		offset:       dtq.offset,
-		order:        append([]OrderFunc{}, dtq.order...),
-		predicates:   append([]predicate.DocumentToken{}, dtq.predicates...),
-		withDocument: dtq.withDocument.Clone(),
-		// clone intermediate query.
-		sql:    dtq.sql.Clone(),
-		path:   dtq.path,
-		unique: dtq.unique,
-	}
-}
-
-// WithDocument tells the query-builder to eager-load the nodes that are connected to
-// the "document" edge. The optional arguments are used to configure the query builder of the edge.
-func (dtq *DocumentTokenQuery) WithDocument(opts ...func(*DocumentQuery)) *DocumentTokenQuery {
-	query := &DocumentQuery{config: dtq.config}
-	for _, opt := range opts {
-		opt(query)
-	}
-	dtq.withDocument = query
-	return dtq
-}
-
-// GroupBy is used to group vertices by one or more fields/columns.
-// It is often used with aggregate functions, like: count, max, mean, min, sum.
-//
-// Example:
-//
-//	var v []struct {
-//		CreatedAt time.Time `json:"created_at,omitempty"`
-//		Count int `json:"count,omitempty"`
-//	}
-//
-//	client.DocumentToken.Query().
-//		GroupBy(documenttoken.FieldCreatedAt).
-//		Aggregate(ent.Count()).
-//		Scan(ctx, &v)
-func (dtq *DocumentTokenQuery) GroupBy(field string, fields ...string) *DocumentTokenGroupBy {
-	grbuild := &DocumentTokenGroupBy{config: dtq.config}
-	grbuild.fields = append([]string{field}, fields...)
-	grbuild.path = func(ctx context.Context) (prev *sql.Selector, err error) {
-		if err := dtq.prepareQuery(ctx); err != nil {
-			return nil, err
-		}
-		return dtq.sqlQuery(ctx), nil
-	}
-	grbuild.label = documenttoken.Label
-	grbuild.flds, grbuild.scan = &grbuild.fields, grbuild.Scan
-	return grbuild
-}
-
-// Select allows the selection one or more fields/columns for the given query,
-// instead of selecting all fields in the entity.
-//
-// Example:
-//
-//	var v []struct {
-//		CreatedAt time.Time `json:"created_at,omitempty"`
-//	}
-//
-//	client.DocumentToken.Query().
-//		Select(documenttoken.FieldCreatedAt).
-//		Scan(ctx, &v)
-func (dtq *DocumentTokenQuery) Select(fields ...string) *DocumentTokenSelect {
-	dtq.fields = append(dtq.fields, fields...)
-	selbuild := &DocumentTokenSelect{DocumentTokenQuery: dtq}
-	selbuild.label = documenttoken.Label
-	selbuild.flds, selbuild.scan = &dtq.fields, selbuild.Scan
-	return selbuild
-}
-
-func (dtq *DocumentTokenQuery) prepareQuery(ctx context.Context) error {
-	for _, f := range dtq.fields {
-		if !documenttoken.ValidColumn(f) {
-			return &ValidationError{Name: f, err: fmt.Errorf("ent: invalid field %q for query", f)}
-		}
-	}
-	if dtq.path != nil {
-		prev, err := dtq.path(ctx)
-		if err != nil {
-			return err
-		}
-		dtq.sql = prev
-	}
-	return nil
-}
-
-func (dtq *DocumentTokenQuery) sqlAll(ctx context.Context, hooks ...queryHook) ([]*DocumentToken, error) {
-	var (
-		nodes       = []*DocumentToken{}
-		withFKs     = dtq.withFKs
-		_spec       = dtq.querySpec()
-		loadedTypes = [1]bool{
-			dtq.withDocument != nil,
-		}
-	)
-	if dtq.withDocument != nil {
-		withFKs = true
-	}
-	if withFKs {
-		_spec.Node.Columns = append(_spec.Node.Columns, documenttoken.ForeignKeys...)
-	}
-	_spec.ScanValues = func(columns []string) ([]any, error) {
-		return (*DocumentToken).scanValues(nil, columns)
-	}
-	_spec.Assign = func(columns []string, values []any) error {
-		node := &DocumentToken{config: dtq.config}
-		nodes = append(nodes, node)
-		node.Edges.loadedTypes = loadedTypes
-		return node.assignValues(columns, values)
-	}
-	for i := range hooks {
-		hooks[i](ctx, _spec)
-	}
-	if err := sqlgraph.QueryNodes(ctx, dtq.driver, _spec); err != nil {
-		return nil, err
-	}
-	if len(nodes) == 0 {
-		return nodes, nil
-	}
-	if query := dtq.withDocument; query != nil {
-		if err := dtq.loadDocument(ctx, query, nodes, nil,
-			func(n *DocumentToken, e *Document) { n.Edges.Document = e }); err != nil {
-			return nil, err
-		}
-	}
-	return nodes, nil
-}
-
-func (dtq *DocumentTokenQuery) loadDocument(ctx context.Context, query *DocumentQuery, nodes []*DocumentToken, init func(*DocumentToken), assign func(*DocumentToken, *Document)) error {
-	ids := make([]uuid.UUID, 0, len(nodes))
-	nodeids := make(map[uuid.UUID][]*DocumentToken)
-	for i := range nodes {
-		if nodes[i].document_document_tokens == nil {
-			continue
-		}
-		fk := *nodes[i].document_document_tokens
-		if _, ok := nodeids[fk]; !ok {
-			ids = append(ids, fk)
-		}
-		nodeids[fk] = append(nodeids[fk], nodes[i])
-	}
-	query.Where(document.IDIn(ids...))
-	neighbors, err := query.All(ctx)
-	if err != nil {
-		return err
-	}
-	for _, n := range neighbors {
-		nodes, ok := nodeids[n.ID]
-		if !ok {
-			return fmt.Errorf(`unexpected foreign-key "document_document_tokens" returned %v`, n.ID)
-		}
-		for i := range nodes {
-			assign(nodes[i], n)
-		}
-	}
-	return nil
-}
-
-func (dtq *DocumentTokenQuery) sqlCount(ctx context.Context) (int, error) {
-	_spec := dtq.querySpec()
-	_spec.Node.Columns = dtq.fields
-	if len(dtq.fields) > 0 {
-		_spec.Unique = dtq.unique != nil && *dtq.unique
-	}
-	return sqlgraph.CountNodes(ctx, dtq.driver, _spec)
-}
-
-func (dtq *DocumentTokenQuery) sqlExist(ctx context.Context) (bool, error) {
-	switch _, err := dtq.FirstID(ctx); {
-	case IsNotFound(err):
-		return false, nil
-	case err != nil:
-		return false, fmt.Errorf("ent: check existence: %w", err)
-	default:
-		return true, nil
-	}
-}
-
-func (dtq *DocumentTokenQuery) querySpec() *sqlgraph.QuerySpec {
-	_spec := &sqlgraph.QuerySpec{
-		Node: &sqlgraph.NodeSpec{
-			Table:   documenttoken.Table,
-			Columns: documenttoken.Columns,
-			ID: &sqlgraph.FieldSpec{
-				Type:   field.TypeUUID,
-				Column: documenttoken.FieldID,
-			},
-		},
-		From:   dtq.sql,
-		Unique: true,
-	}
-	if unique := dtq.unique; unique != nil {
-		_spec.Unique = *unique
-	}
-	if fields := dtq.fields; len(fields) > 0 {
-		_spec.Node.Columns = make([]string, 0, len(fields))
-		_spec.Node.Columns = append(_spec.Node.Columns, documenttoken.FieldID)
-		for i := range fields {
-			if fields[i] != documenttoken.FieldID {
-				_spec.Node.Columns = append(_spec.Node.Columns, fields[i])
-			}
-		}
-	}
-	if ps := dtq.predicates; len(ps) > 0 {
-		_spec.Predicate = func(selector *sql.Selector) {
-			for i := range ps {
-				ps[i](selector)
-			}
-		}
-	}
-	if limit := dtq.limit; limit != nil {
-		_spec.Limit = *limit
-	}
-	if offset := dtq.offset; offset != nil {
-		_spec.Offset = *offset
-	}
-	if ps := dtq.order; len(ps) > 0 {
-		_spec.Order = func(selector *sql.Selector) {
-			for i := range ps {
-				ps[i](selector)
-			}
-		}
-	}
-	return _spec
-}
-
-func (dtq *DocumentTokenQuery) sqlQuery(ctx context.Context) *sql.Selector {
-	builder := sql.Dialect(dtq.driver.Dialect())
-	t1 := builder.Table(documenttoken.Table)
-	columns := dtq.fields
-	if len(columns) == 0 {
-		columns = documenttoken.Columns
-	}
-	selector := builder.Select(t1.Columns(columns...)...).From(t1)
-	if dtq.sql != nil {
-		selector = dtq.sql
-		selector.Select(selector.Columns(columns...)...)
-	}
-	if dtq.unique != nil && *dtq.unique {
-		selector.Distinct()
-	}
-	for _, p := range dtq.predicates {
-		p(selector)
-	}
-	for _, p := range dtq.order {
-		p(selector)
-	}
-	if offset := dtq.offset; offset != nil {
-		// limit is mandatory for offset clause. We start
-		// with default value, and override it below if needed.
-		selector.Offset(*offset).Limit(math.MaxInt32)
-	}
-	if limit := dtq.limit; limit != nil {
-		selector.Limit(*limit)
-	}
-	return selector
-}
-
-// DocumentTokenGroupBy is the group-by builder for DocumentToken entities.
-type DocumentTokenGroupBy struct {
-	config
-	selector
-	fields []string
-	fns    []AggregateFunc
-	// intermediate query (i.e. traversal path).
-	sql  *sql.Selector
-	path func(context.Context) (*sql.Selector, error)
-}
-
-// Aggregate adds the given aggregation functions to the group-by query.
-func (dtgb *DocumentTokenGroupBy) Aggregate(fns ...AggregateFunc) *DocumentTokenGroupBy {
-	dtgb.fns = append(dtgb.fns, fns...)
-	return dtgb
-}
-
-// Scan applies the group-by query and scans the result into the given value.
-func (dtgb *DocumentTokenGroupBy) Scan(ctx context.Context, v any) error {
-	query, err := dtgb.path(ctx)
-	if err != nil {
-		return err
-	}
-	dtgb.sql = query
-	return dtgb.sqlScan(ctx, v)
-}
-
-func (dtgb *DocumentTokenGroupBy) sqlScan(ctx context.Context, v any) error {
-	for _, f := range dtgb.fields {
-		if !documenttoken.ValidColumn(f) {
-			return &ValidationError{Name: f, err: fmt.Errorf("invalid field %q for group-by", f)}
-		}
-	}
-	selector := dtgb.sqlQuery()
-	if err := selector.Err(); err != nil {
-		return err
-	}
-	rows := &sql.Rows{}
-	query, args := selector.Query()
-	if err := dtgb.driver.Query(ctx, query, args, rows); err != nil {
-		return err
-	}
-	defer rows.Close()
-	return sql.ScanSlice(rows, v)
-}
-
-func (dtgb *DocumentTokenGroupBy) sqlQuery() *sql.Selector {
-	selector := dtgb.sql.Select()
-	aggregation := make([]string, 0, len(dtgb.fns))
-	for _, fn := range dtgb.fns {
-		aggregation = append(aggregation, fn(selector))
-	}
-	// If no columns were selected in a custom aggregation function, the default
-	// selection is the fields used for "group-by", and the aggregation functions.
-	if len(selector.SelectedColumns()) == 0 {
-		columns := make([]string, 0, len(dtgb.fields)+len(dtgb.fns))
-		for _, f := range dtgb.fields {
-			columns = append(columns, selector.C(f))
-		}
-		columns = append(columns, aggregation...)
-		selector.Select(columns...)
-	}
-	return selector.GroupBy(selector.Columns(dtgb.fields...)...)
-}
-
-// DocumentTokenSelect is the builder for selecting fields of DocumentToken entities.
-type DocumentTokenSelect struct {
-	*DocumentTokenQuery
-	selector
-	// intermediate query (i.e. traversal path).
-	sql *sql.Selector
-}
-
-// Scan applies the selector query and scans the result into the given value.
-func (dts *DocumentTokenSelect) Scan(ctx context.Context, v any) error {
-	if err := dts.prepareQuery(ctx); err != nil {
-		return err
-	}
-	dts.sql = dts.DocumentTokenQuery.sqlQuery(ctx)
-	return dts.sqlScan(ctx, v)
-}
-
-func (dts *DocumentTokenSelect) sqlScan(ctx context.Context, v any) error {
-	rows := &sql.Rows{}
-	query, args := dts.sql.Query()
-	if err := dts.driver.Query(ctx, query, args, rows); err != nil {
-		return err
-	}
-	defer rows.Close()
-	return sql.ScanSlice(rows, v)
-}

backend/ent/documenttoken_update.go

@@ -1,582 +0,0 @@
-// Code generated by ent, DO NOT EDIT.
-
-package ent
-
-import (
-	"context"
-	"errors"
-	"fmt"
-	"time"
-
-	"entgo.io/ent/dialect/sql"
-	"entgo.io/ent/dialect/sql/sqlgraph"
-	"entgo.io/ent/schema/field"
-	"github.com/google/uuid"
-	"github.com/hay-kot/homebox/backend/ent/document"
-	"github.com/hay-kot/homebox/backend/ent/documenttoken"
-	"github.com/hay-kot/homebox/backend/ent/predicate"
-)
-
-// DocumentTokenUpdate is the builder for updating DocumentToken entities.
-type DocumentTokenUpdate struct {
-	config
-	hooks    []Hook
-	mutation *DocumentTokenMutation
-}
-
-// Where appends a list predicates to the DocumentTokenUpdate builder.
-func (dtu *DocumentTokenUpdate) Where(ps ...predicate.DocumentToken) *DocumentTokenUpdate {
-	dtu.mutation.Where(ps...)
-	return dtu
-}
-
-// SetUpdatedAt sets the "updated_at" field.
-func (dtu *DocumentTokenUpdate) SetUpdatedAt(t time.Time) *DocumentTokenUpdate {
-	dtu.mutation.SetUpdatedAt(t)
-	return dtu
-}
-
-// SetToken sets the "token" field.
-func (dtu *DocumentTokenUpdate) SetToken(b []byte) *DocumentTokenUpdate {
-	dtu.mutation.SetToken(b)
-	return dtu
-}
-
-// SetUses sets the "uses" field.
-func (dtu *DocumentTokenUpdate) SetUses(i int) *DocumentTokenUpdate {
-	dtu.mutation.ResetUses()
-	dtu.mutation.SetUses(i)
-	return dtu
-}
-
-// SetNillableUses sets the "uses" field if the given value is not nil.
-func (dtu *DocumentTokenUpdate) SetNillableUses(i *int) *DocumentTokenUpdate {
-	if i != nil {
-		dtu.SetUses(*i)
-	}
-	return dtu
-}
-
-// AddUses adds i to the "uses" field.
-func (dtu *DocumentTokenUpdate) AddUses(i int) *DocumentTokenUpdate {
-	dtu.mutation.AddUses(i)
-	return dtu
-}
-
-// SetExpiresAt sets the "expires_at" field.
-func (dtu *DocumentTokenUpdate) SetExpiresAt(t time.Time) *DocumentTokenUpdate {
-	dtu.mutation.SetExpiresAt(t)
-	return dtu
-}
-
-// SetNillableExpiresAt sets the "expires_at" field if the given value is not nil.
-func (dtu *DocumentTokenUpdate) SetNillableExpiresAt(t *time.Time) *DocumentTokenUpdate {
-	if t != nil {
-		dtu.SetExpiresAt(*t)
-	}
-	return dtu
-}
-
-// SetDocumentID sets the "document" edge to the Document entity by ID.
-func (dtu *DocumentTokenUpdate) SetDocumentID(id uuid.UUID) *DocumentTokenUpdate {
-	dtu.mutation.SetDocumentID(id)
-	return dtu
-}
-
-// SetNillableDocumentID sets the "document" edge to the Document entity by ID if the given value is not nil.
-func (dtu *DocumentTokenUpdate) SetNillableDocumentID(id *uuid.UUID) *DocumentTokenUpdate {
-	if id != nil {
-		dtu = dtu.SetDocumentID(*id)
-	}
-	return dtu
-}
-
-// SetDocument sets the "document" edge to the Document entity.
-func (dtu *DocumentTokenUpdate) SetDocument(d *Document) *DocumentTokenUpdate {
-	return dtu.SetDocumentID(d.ID)
-}
-
-// Mutation returns the DocumentTokenMutation object of the builder.
-func (dtu *DocumentTokenUpdate) Mutation() *DocumentTokenMutation {
-	return dtu.mutation
-}
-
-// ClearDocument clears the "document" edge to the Document entity.
-func (dtu *DocumentTokenUpdate) ClearDocument() *DocumentTokenUpdate {
-	dtu.mutation.ClearDocument()
-	return dtu
-}
-
-// Save executes the query and returns the number of nodes affected by the update operation.
-func (dtu *DocumentTokenUpdate) Save(ctx context.Context) (int, error) {
-	var (
-		err      error
-		affected int
-	)
-	dtu.defaults()
-	if len(dtu.hooks) == 0 {
-		if err = dtu.check(); err != nil {
-			return 0, err
-		}
-		affected, err = dtu.sqlSave(ctx)
-	} else {
-		var mut Mutator = MutateFunc(func(ctx context.Context, m Mutation) (Value, error) {
-			mutation, ok := m.(*DocumentTokenMutation)
-			if !ok {
-				return nil, fmt.Errorf("unexpected mutation type %T", m)
-			}
-			if err = dtu.check(); err != nil {
-				return 0, err
-			}
-			dtu.mutation = mutation
-			affected, err = dtu.sqlSave(ctx)
-			mutation.done = true
-			return affected, err
-		})
-		for i := len(dtu.hooks) - 1; i >= 0; i-- {
-			if dtu.hooks[i] == nil {
-				return 0, fmt.Errorf("ent: uninitialized hook (forgotten import ent/runtime?)")
-			}
-			mut = dtu.hooks[i](mut)
-		}
-		if _, err := mut.Mutate(ctx, dtu.mutation); err != nil {
-			return 0, err
-		}
-	}
-	return affected, err
-}
-
-// SaveX is like Save, but panics if an error occurs.
-func (dtu *DocumentTokenUpdate) SaveX(ctx context.Context) int {
-	affected, err := dtu.Save(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return affected
-}
-
-// Exec executes the query.
-func (dtu *DocumentTokenUpdate) Exec(ctx context.Context) error {
-	_, err := dtu.Save(ctx)
-	return err
-}
-
-// ExecX is like Exec, but panics if an error occurs.
-func (dtu *DocumentTokenUpdate) ExecX(ctx context.Context) {
-	if err := dtu.Exec(ctx); err != nil {
-		panic(err)
-	}
-}
-
-// defaults sets the default values of the builder before save.
-func (dtu *DocumentTokenUpdate) defaults() {
-	if _, ok := dtu.mutation.UpdatedAt(); !ok {
-		v := documenttoken.UpdateDefaultUpdatedAt()
-		dtu.mutation.SetUpdatedAt(v)
-	}
-}
-
-// check runs all checks and user-defined validators on the builder.
-func (dtu *DocumentTokenUpdate) check() error {
-	if v, ok := dtu.mutation.Token(); ok {
-		if err := documenttoken.TokenValidator(v); err != nil {
-			return &ValidationError{Name: "token", err: fmt.Errorf(`ent: validator failed for field "DocumentToken.token": %w`, err)}
-		}
-	}
-	return nil
-}
-
-func (dtu *DocumentTokenUpdate) sqlSave(ctx context.Context) (n int, err error) {
-	_spec := &sqlgraph.UpdateSpec{
-		Node: &sqlgraph.NodeSpec{
-			Table:   documenttoken.Table,
-			Columns: documenttoken.Columns,
-			ID: &sqlgraph.FieldSpec{
-				Type:   field.TypeUUID,
-				Column: documenttoken.FieldID,
-			},
-		},
-	}
-	if ps := dtu.mutation.predicates; len(ps) > 0 {
-		_spec.Predicate = func(selector *sql.Selector) {
-			for i := range ps {
-				ps[i](selector)
-			}
-		}
-	}
-	if value, ok := dtu.mutation.UpdatedAt(); ok {
-		_spec.Fields.Set = append(_spec.Fields.Set, &sqlgraph.FieldSpec{
-			Type:   field.TypeTime,
-			Value:  value,
-			Column: documenttoken.FieldUpdatedAt,
-		})
-	}
-	if value, ok := dtu.mutation.Token(); ok {
-		_spec.Fields.Set = append(_spec.Fields.Set, &sqlgraph.FieldSpec{
-			Type:   field.TypeBytes,
-			Value:  value,
-			Column: documenttoken.FieldToken,
-		})
-	}
-	if value, ok := dtu.mutation.Uses(); ok {
-		_spec.Fields.Set = append(_spec.Fields.Set, &sqlgraph.FieldSpec{
-			Type:   field.TypeInt,
-			Value:  value,
-			Column: documenttoken.FieldUses,
-		})
-	}
-	if value, ok := dtu.mutation.AddedUses(); ok {
-		_spec.Fields.Add = append(_spec.Fields.Add, &sqlgraph.FieldSpec{
-			Type:   field.TypeInt,
-			Value:  value,
-			Column: documenttoken.FieldUses,
-		})
-	}
-	if value, ok := dtu.mutation.ExpiresAt(); ok {
-		_spec.Fields.Set = append(_spec.Fields.Set, &sqlgraph.FieldSpec{
-			Type:   field.TypeTime,
-			Value:  value,
-			Column: documenttoken.FieldExpiresAt,
-		})
-	}
-	if dtu.mutation.DocumentCleared() {
-		edge := &sqlgraph.EdgeSpec{
-			Rel:     sqlgraph.M2O,
-			Inverse: true,
-			Table:   documenttoken.DocumentTable,
-			Columns: []string{documenttoken.DocumentColumn},
-			Bidi:    false,
-			Target: &sqlgraph.EdgeTarget{
-				IDSpec: &sqlgraph.FieldSpec{
-					Type:   field.TypeUUID,
-					Column: document.FieldID,
-				},
-			},
-		}
-		_spec.Edges.Clear = append(_spec.Edges.Clear, edge)
-	}
-	if nodes := dtu.mutation.DocumentIDs(); len(nodes) > 0 {
-		edge := &sqlgraph.EdgeSpec{
-			Rel:     sqlgraph.M2O,
-			Inverse: true,
-			Table:   documenttoken.DocumentTable,
-			Columns: []string{documenttoken.DocumentColumn},
-			Bidi:    false,
-			Target: &sqlgraph.EdgeTarget{
-				IDSpec: &sqlgraph.FieldSpec{
-					Type:   field.TypeUUID,
-					Column: document.FieldID,
-				},
-			},
-		}
-		for _, k := range nodes {
-			edge.Target.Nodes = append(edge.Target.Nodes, k)
-		}
-		_spec.Edges.Add = append(_spec.Edges.Add, edge)
-	}
-	if n, err = sqlgraph.UpdateNodes(ctx, dtu.driver, _spec); err != nil {
-		if _, ok := err.(*sqlgraph.NotFoundError); ok {
-			err = &NotFoundError{documenttoken.Label}
-		} else if sqlgraph.IsConstraintError(err) {
-			err = &ConstraintError{msg: err.Error(), wrap: err}
-		}
-		return 0, err
-	}
-	return n, nil
-}
-
-// DocumentTokenUpdateOne is the builder for updating a single DocumentToken entity.
-type DocumentTokenUpdateOne struct {
-	config
-	fields   []string
-	hooks    []Hook
-	mutation *DocumentTokenMutation
-}
-
-// SetUpdatedAt sets the "updated_at" field.
-func (dtuo *DocumentTokenUpdateOne) SetUpdatedAt(t time.Time) *DocumentTokenUpdateOne {
-	dtuo.mutation.SetUpdatedAt(t)
-	return dtuo
-}
-
-// SetToken sets the "token" field.
-func (dtuo *DocumentTokenUpdateOne) SetToken(b []byte) *DocumentTokenUpdateOne {
-	dtuo.mutation.SetToken(b)
-	return dtuo
-}
-
-// SetUses sets the "uses" field.
-func (dtuo *DocumentTokenUpdateOne) SetUses(i int) *DocumentTokenUpdateOne {
-	dtuo.mutation.ResetUses()
-	dtuo.mutation.SetUses(i)
-	return dtuo
-}
-
-// SetNillableUses sets the "uses" field if the given value is not nil.
-func (dtuo *DocumentTokenUpdateOne) SetNillableUses(i *int) *DocumentTokenUpdateOne {
-	if i != nil {
-		dtuo.SetUses(*i)
-	}
-	return dtuo
-}
-
-// AddUses adds i to the "uses" field.
-func (dtuo *DocumentTokenUpdateOne) AddUses(i int) *DocumentTokenUpdateOne {
-	dtuo.mutation.AddUses(i)
-	return dtuo
-}
-
-// SetExpiresAt sets the "expires_at" field.
-func (dtuo *DocumentTokenUpdateOne) SetExpiresAt(t time.Time) *DocumentTokenUpdateOne {
-	dtuo.mutation.SetExpiresAt(t)
-	return dtuo
-}
-
-// SetNillableExpiresAt sets the "expires_at" field if the given value is not nil.
-func (dtuo *DocumentTokenUpdateOne) SetNillableExpiresAt(t *time.Time) *DocumentTokenUpdateOne {
-	if t != nil {
-		dtuo.SetExpiresAt(*t)
-	}
-	return dtuo
-}
-
-// SetDocumentID sets the "document" edge to the Document entity by ID.
-func (dtuo *DocumentTokenUpdateOne) SetDocumentID(id uuid.UUID) *DocumentTokenUpdateOne {
-	dtuo.mutation.SetDocumentID(id)
-	return dtuo
-}
-
-// SetNillableDocumentID sets the "document" edge to the Document entity by ID if the given value is not nil.
-func (dtuo *DocumentTokenUpdateOne) SetNillableDocumentID(id *uuid.UUID) *DocumentTokenUpdateOne {
-	if id != nil {
-		dtuo = dtuo.SetDocumentID(*id)
-	}
-	return dtuo
-}
-
-// SetDocument sets the "document" edge to the Document entity.
-func (dtuo *DocumentTokenUpdateOne) SetDocument(d *Document) *DocumentTokenUpdateOne {
-	return dtuo.SetDocumentID(d.ID)
-}
-
-// Mutation returns the DocumentTokenMutation object of the builder.
-func (dtuo *DocumentTokenUpdateOne) Mutation() *DocumentTokenMutation {
-	return dtuo.mutation
-}
-
-// ClearDocument clears the "document" edge to the Document entity.
-func (dtuo *DocumentTokenUpdateOne) ClearDocument() *DocumentTokenUpdateOne {
-	dtuo.mutation.ClearDocument()
-	return dtuo
-}
-
-// Select allows selecting one or more fields (columns) of the returned entity.
-// The default is selecting all fields defined in the entity schema.
-func (dtuo *DocumentTokenUpdateOne) Select(field string, fields ...string) *DocumentTokenUpdateOne {
-	dtuo.fields = append([]string{field}, fields...)
-	return dtuo
-}
-
-// Save executes the query and returns the updated DocumentToken entity.
-func (dtuo *DocumentTokenUpdateOne) Save(ctx context.Context) (*DocumentToken, error) {
-	var (
-		err  error
-		node *DocumentToken
-	)
-	dtuo.defaults()
-	if len(dtuo.hooks) == 0 {
-		if err = dtuo.check(); err != nil {
-			return nil, err
-		}
-		node, err = dtuo.sqlSave(ctx)
-	} else {
-		var mut Mutator = MutateFunc(func(ctx context.Context, m Mutation) (Value, error) {
-			mutation, ok := m.(*DocumentTokenMutation)
-			if !ok {
-				return nil, fmt.Errorf("unexpected mutation type %T", m)
-			}
-			if err = dtuo.check(); err != nil {
-				return nil, err
-			}
-			dtuo.mutation = mutation
-			node, err = dtuo.sqlSave(ctx)
-			mutation.done = true
-			return node, err
-		})
-		for i := len(dtuo.hooks) - 1; i >= 0; i-- {
-			if dtuo.hooks[i] == nil {
-				return nil, fmt.Errorf("ent: uninitialized hook (forgotten import ent/runtime?)")
-			}
-			mut = dtuo.hooks[i](mut)
-		}
-		v, err := mut.Mutate(ctx, dtuo.mutation)
-		if err != nil {
-			return nil, err
-		}
-		nv, ok := v.(*DocumentToken)
-		if !ok {
-			return nil, fmt.Errorf("unexpected node type %T returned from DocumentTokenMutation", v)
-		}
-		node = nv
-	}
-	return node, err
-}
-
-// SaveX is like Save, but panics if an error occurs.
-func (dtuo *DocumentTokenUpdateOne) SaveX(ctx context.Context) *DocumentToken {
-	node, err := dtuo.Save(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return node
-}
-
-// Exec executes the query on the entity.
-func (dtuo *DocumentTokenUpdateOne) Exec(ctx context.Context) error {
-	_, err := dtuo.Save(ctx)
-	return err
-}
-
-// ExecX is like Exec, but panics if an error occurs.
-func (dtuo *DocumentTokenUpdateOne) ExecX(ctx context.Context) {
-	if err := dtuo.Exec(ctx); err != nil {
-		panic(err)
-	}
-}
-
-// defaults sets the default values of the builder before save.
-func (dtuo *DocumentTokenUpdateOne) defaults() {
-	if _, ok := dtuo.mutation.UpdatedAt(); !ok {
-		v := documenttoken.UpdateDefaultUpdatedAt()
-		dtuo.mutation.SetUpdatedAt(v)
-	}
-}
-
-// check runs all checks and user-defined validators on the builder.
-func (dtuo *DocumentTokenUpdateOne) check() error {
-	if v, ok := dtuo.mutation.Token(); ok {
-		if err := documenttoken.TokenValidator(v); err != nil {
-			return &ValidationError{Name: "token", err: fmt.Errorf(`ent: validator failed for field "DocumentToken.token": %w`, err)}
-		}
-	}
-	return nil
-}
-
-func (dtuo *DocumentTokenUpdateOne) sqlSave(ctx context.Context) (_node *DocumentToken, err error) {
-	_spec := &sqlgraph.UpdateSpec{
-		Node: &sqlgraph.NodeSpec{
-			Table:   documenttoken.Table,
-			Columns: documenttoken.Columns,
-			ID: &sqlgraph.FieldSpec{
-				Type:   field.TypeUUID,
-				Column: documenttoken.FieldID,
-			},
-		},
-	}
-	id, ok := dtuo.mutation.ID()
-	if !ok {
-		return nil, &ValidationError{Name: "id", err: errors.New(`ent: missing "DocumentToken.id" for update`)}
-	}
-	_spec.Node.ID.Value = id
-	if fields := dtuo.fields; len(fields) > 0 {
-		_spec.Node.Columns = make([]string, 0, len(fields))
-		_spec.Node.Columns = append(_spec.Node.Columns, documenttoken.FieldID)
-		for _, f := range fields {
-			if !documenttoken.ValidColumn(f) {
-				return nil, &ValidationError{Name: f, err: fmt.Errorf("ent: invalid field %q for query", f)}
-			}
-			if f != documenttoken.FieldID {
-				_spec.Node.Columns = append(_spec.Node.Columns, f)
-			}
-		}
-	}
-	if ps := dtuo.mutation.predicates; len(ps) > 0 {
-		_spec.Predicate = func(selector *sql.Selector) {
-			for i := range ps {
-				ps[i](selector)
-			}
-		}
-	}
-	if value, ok := dtuo.mutation.UpdatedAt(); ok {
-		_spec.Fields.Set = append(_spec.Fields.Set, &sqlgraph.FieldSpec{
-			Type:   field.TypeTime,
-			Value:  value,
-			Column: documenttoken.FieldUpdatedAt,
-		})
-	}
-	if value, ok := dtuo.mutation.Token(); ok {
-		_spec.Fields.Set = append(_spec.Fields.Set, &sqlgraph.FieldSpec{
-			Type:   field.TypeBytes,
-			Value:  value,
-			Column: documenttoken.FieldToken,
-		})
-	}
-	if value, ok := dtuo.mutation.Uses(); ok {
-		_spec.Fields.Set = append(_spec.Fields.Set, &sqlgraph.FieldSpec{
-			Type:   field.TypeInt,
-			Value:  value,
-			Column: documenttoken.FieldUses,
-		})
-	}
-	if value, ok := dtuo.mutation.AddedUses(); ok {
-		_spec.Fields.Add = append(_spec.Fields.Add, &sqlgraph.FieldSpec{
-			Type:   field.TypeInt,
-			Value:  value,
-			Column: documenttoken.FieldUses,
-		})
-	}
-	if value, ok := dtuo.mutation.ExpiresAt(); ok {
-		_spec.Fields.Set = append(_spec.Fields.Set, &sqlgraph.FieldSpec{
-			Type:   field.TypeTime,
-			Value:  value,
-			Column: documenttoken.FieldExpiresAt,
-		})
-	}
-	if dtuo.mutation.DocumentCleared() {
-		edge := &sqlgraph.EdgeSpec{
-			Rel:     sqlgraph.M2O,
-			Inverse: true,
-			Table:   documenttoken.DocumentTable,
-			Columns: []string{documenttoken.DocumentColumn},
-			Bidi:    false,
-			Target: &sqlgraph.EdgeTarget{
-				IDSpec: &sqlgraph.FieldSpec{
-					Type:   field.TypeUUID,
-					Column: document.FieldID,
-				},
-			},
-		}
-		_spec.Edges.Clear = append(_spec.Edges.Clear, edge)
-	}
-	if nodes := dtuo.mutation.DocumentIDs(); len(nodes) > 0 {
-		edge := &sqlgraph.EdgeSpec{
-			Rel:     sqlgraph.M2O,
-			Inverse: true,
-			Table:   documenttoken.DocumentTable,
-			Columns: []string{documenttoken.DocumentColumn},
-			Bidi:    false,
-			Target: &sqlgraph.EdgeTarget{
-				IDSpec: &sqlgraph.FieldSpec{
-					Type:   field.TypeUUID,
-					Column: document.FieldID,
-				},
-			},
-		}
-		for _, k := range nodes {
-			edge.Target.Nodes = append(edge.Target.Nodes, k)
-		}
-		_spec.Edges.Add = append(_spec.Edges.Add, edge)
-	}
-	_node = &DocumentToken{config: dtuo.config}
-	_spec.Assign = _node.assignValues
-	_spec.ScanValues = _node.scanValues
-	if err = sqlgraph.UpdateNode(ctx, dtuo.driver, _spec); err != nil {
-		if _, ok := err.(*sqlgraph.NotFoundError); ok {
-			err = &NotFoundError{documenttoken.Label}
-		} else if sqlgraph.IsConstraintError(err) {
-			err = &ConstraintError{msg: err.Error(), wrap: err}
-		}
-		return nil, err
-	}
-	return _node, nil
-}

backend/ent/generate.go

@@ -1,3 +0,0 @@
-package ent
-
-//go:generate go run -mod=mod entgo.io/ent/cmd/ent generate --feature sql/versioned-migration ./schema

backend/ent/schema/document_token.go

@@ -1,50 +0,0 @@
-package schema
-
-import (
-	"time"
-
-	"entgo.io/ent"
-	"entgo.io/ent/schema/edge"
-	"entgo.io/ent/schema/field"
-	"entgo.io/ent/schema/index"
-	"github.com/hay-kot/homebox/backend/ent/schema/mixins"
-)
-
-// DocumentToken holds the schema definition for the DocumentToken entity.
-type DocumentToken struct {
-	ent.Schema
-}
-
-func (DocumentToken) Mixin() []ent.Mixin {
-	return []ent.Mixin{
-		mixins.BaseMixin{},
-	}
-}
-
-// Fields of the DocumentToken.
-func (DocumentToken) Fields() []ent.Field {
-	return []ent.Field{
-		field.Bytes("token").
-			NotEmpty().
-			Unique(),
-		field.Int("uses").
-			Default(1),
-		field.Time("expires_at").
-			Default(func() time.Time { return time.Now().Add(time.Minute * 10) }),
-	}
-}
-
-// Edges of the DocumentToken.
-func (DocumentToken) Edges() []ent.Edge {
-	return []ent.Edge{
-		edge.From("document", Document.Type).
-			Ref("document_tokens").
-			Unique(),
-	}
-}
-
-func (DocumentToken) Indexes() []ent.Index {
-	return []ent.Index{
-		index.Fields("token"),
-	}
-}

backend/ent/schema/group.go

@@ -1,62 +0,0 @@
-package schema
-
-import (
-	"entgo.io/ent"
-	"entgo.io/ent/dialect/entsql"
-	"entgo.io/ent/schema/edge"
-	"entgo.io/ent/schema/field"
-	"github.com/hay-kot/homebox/backend/ent/schema/mixins"
-)
-
-// Group holds the schema definition for the Group entity.
-type Group struct {
-	ent.Schema
-}
-
-func (Group) Mixin() []ent.Mixin {
-	return []ent.Mixin{
-		mixins.BaseMixin{},
-	}
-}
-
-// Fields of the Home.
-func (Group) Fields() []ent.Field {
-	return []ent.Field{
-		field.String("name").
-			MaxLen(255).
-			NotEmpty(),
-		field.Enum("currency").
-			Default("usd").
-			Values("usd"), // TODO: add more currencies
-	}
-}
-
-// Edges of the Home.
-func (Group) Edges() []ent.Edge {
-	return []ent.Edge{
-		edge.To("users", User.Type).
-			Annotations(entsql.Annotation{
-				OnDelete: entsql.Cascade,
-			}),
-		edge.To("locations", Location.Type).
-			Annotations(entsql.Annotation{
-				OnDelete: entsql.Cascade,
-			}),
-		edge.To("items", Item.Type).
-			Annotations(entsql.Annotation{
-				OnDelete: entsql.Cascade,
-			}),
-		edge.To("labels", Label.Type).
-			Annotations(entsql.Annotation{
-				OnDelete: entsql.Cascade,
-			}),
-		edge.To("documents", Document.Type).
-			Annotations(entsql.Annotation{
-				OnDelete: entsql.Cascade,
-			}),
-		edge.To("invitation_tokens", GroupInvitationToken.Type).
-			Annotations(entsql.Annotation{
-				OnDelete: entsql.Cascade,
-			}),
-	}
-}

backend/go.mod

@@ -1,19 +1,28 @@
 module github.com/hay-kot/homebox/backend
 
-go 1.19
+go 1.20
 
 require (
-	ariga.io/atlas v0.7.2-0.20220927111110-867ee0cca56a
-	entgo.io/ent v0.11.3
-	github.com/ardanlabs/conf/v2 v2.2.0
-	github.com/go-chi/chi/v5 v5.0.7
+	ariga.io/atlas v0.10.0
+	entgo.io/ent v0.11.10
+	github.com/ardanlabs/conf/v3 v3.1.5
+	github.com/containrrr/shoutrrr v0.7.1
+	github.com/go-chi/chi/v5 v5.0.8
+	github.com/go-playground/validator/v10 v10.12.0
+	github.com/gocarina/gocsv v0.0.0-20230226133904-70c27cb2918a
 	github.com/google/uuid v1.3.0
-	github.com/mattn/go-sqlite3 v1.14.15
-	github.com/rs/zerolog v1.28.0
-	github.com/stretchr/testify v1.8.0
-	github.com/swaggo/http-swagger v1.3.3
-	github.com/swaggo/swag v1.8.6
-	golang.org/x/crypto v0.0.0-20220829220503-c86fa9a7ed90
+	github.com/gorilla/schema v1.2.0
+	github.com/hay-kot/safeserve v0.0.1
+	github.com/mattn/go-sqlite3 v1.14.16
+	github.com/pkg/errors v0.9.1
+	github.com/rs/zerolog v1.29.0
+	github.com/stretchr/testify v1.8.2
+	github.com/swaggo/http-swagger v1.3.4
+	github.com/swaggo/swag v1.8.11
+	github.com/yeqown/go-qrcode/v2 v2.2.1
+	github.com/yeqown/go-qrcode/writer/standard v1.2.1
+	golang.org/x/crypto v0.7.0
+	modernc.org/sqlite v1.21.0
 )
 
 require (
@@ -21,26 +30,45 @@ require (
 	github.com/agext/levenshtein v1.2.3 // indirect
 	github.com/apparentlymart/go-textseg/v13 v13.0.0 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/dustin/go-humanize v1.0.0 // indirect
+	github.com/fatih/color v1.13.0 // indirect
+	github.com/fogleman/gg v1.3.0 // indirect
 	github.com/go-openapi/inflect v0.19.0 // indirect
 	github.com/go-openapi/jsonpointer v0.19.5 // indirect
 	github.com/go-openapi/jsonreference v0.20.0 // indirect
 	github.com/go-openapi/spec v0.20.7 // indirect
 	github.com/go-openapi/swag v0.22.3 // indirect
+	github.com/go-playground/locales v0.14.1 // indirect
+	github.com/go-playground/universal-translator v0.18.1 // indirect
+	github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0 // indirect
 	github.com/google/go-cmp v0.5.9 // indirect
-	github.com/hashicorp/hcl/v2 v2.14.1 // indirect
+	github.com/hashicorp/hcl/v2 v2.15.0 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
-	github.com/kr/pretty v0.3.0 // indirect
+	github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 // indirect
+	github.com/leodido/go-urn v1.2.2 // indirect
 	github.com/mailru/easyjson v0.7.7 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
-	github.com/mattn/go-isatty v0.0.16 // indirect
+	github.com/mattn/go-isatty v0.0.17 // indirect
 	github.com/mitchellh/go-wordwrap v1.0.1 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
-	github.com/swaggo/files v0.0.0-20220728132757-551d4a08d97a // indirect
-	github.com/zclconf/go-cty v1.11.0 // indirect
-	golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 // indirect
-	golang.org/x/net v0.0.0-20220923203811-8be639271d50 // indirect
-	golang.org/x/sys v0.0.0-20220919091848-fb04ddd9f9c8 // indirect
-	golang.org/x/text v0.3.7 // indirect
-	golang.org/x/tools v0.1.13-0.20220804200503-81c7dc4e4efa // indirect
+	github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec // indirect
+	github.com/swaggo/files v1.0.0 // indirect
+	github.com/yeqown/reedsolomon v1.0.0 // indirect
+	github.com/zclconf/go-cty v1.12.1 // indirect
+	golang.org/x/image v0.0.0-20200927104501-e162460cd6b5 // indirect
+	golang.org/x/mod v0.8.0 // indirect
+	golang.org/x/net v0.8.0 // indirect
+	golang.org/x/sys v0.6.0 // indirect
+	golang.org/x/text v0.8.0 // indirect
+	golang.org/x/tools v0.6.1-0.20230222164832-25d2519c8696 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
+	lukechampine.com/uint128 v1.2.0 // indirect
+	modernc.org/cc/v3 v3.40.0 // indirect
+	modernc.org/ccgo/v3 v3.16.13 // indirect
+	modernc.org/libc v1.22.3 // indirect
+	modernc.org/mathutil v1.5.0 // indirect
+	modernc.org/memory v1.5.0 // indirect
+	modernc.org/opt v0.1.3 // indirect
+	modernc.org/strutil v1.1.3 // indirect
+	modernc.org/token v1.0.1 // indirect
 )

backend/internal/core/services/all.go

@@ -0,0 +1,48 @@
+package services
+
+import (
+	"github.com/hay-kot/homebox/backend/internal/data/repo"
+)
+
+type AllServices struct {
+	User              *UserService
+	Group             *GroupService
+	Items             *ItemService
+	BackgroundService *BackgroundService
+}
+
+type OptionsFunc func(*options)
+
+type options struct {
+	autoIncrementAssetID bool
+}
+
+func WithAutoIncrementAssetID(v bool) func(*options) {
+	return func(o *options) {
+		o.autoIncrementAssetID = v
+	}
+}
+
+func New(repos *repo.AllRepos, opts ...OptionsFunc) *AllServices {
+	if repos == nil {
+		panic("repos cannot be nil")
+	}
+
+	options := &options{
+		autoIncrementAssetID: true,
+	}
+
+	for _, opt := range opts {
+		opt(options)
+	}
+
+	return &AllServices{
+		User:  &UserService{repos},
+		Group: &GroupService{repos},
+		Items: &ItemService{
+			repo:                 repos,
+			autoIncrementAssetID: options.autoIncrementAssetID,
+		},
+		BackgroundService: &BackgroundService{repos},
+	}
+}

backend/internal/core/services/contexts.go

@@ -4,7 +4,7 @@ import (
 	"context"
 
 	"github.com/google/uuid"
-	"github.com/hay-kot/homebox/backend/internal/repo"
+	"github.com/hay-kot/homebox/backend/internal/data/repo"
 )
 
 type contextKeys struct {

backend/internal/core/services/contexts_test.go

@@ -5,7 +5,7 @@ import (
 	"testing"
 
 	"github.com/google/uuid"
-	"github.com/hay-kot/homebox/backend/internal/repo"
+	"github.com/hay-kot/homebox/backend/internal/data/repo"
 	"github.com/stretchr/testify/assert"
 )
 

backend/internal/core/services/main_test.go

@@ -3,13 +3,11 @@ package services
 import (
 	"context"
 	"log"
-	"math/rand"
 	"os"
 	"testing"
-	"time"
 
-	"github.com/hay-kot/homebox/backend/ent"
-	"github.com/hay-kot/homebox/backend/internal/repo"
+	"github.com/hay-kot/homebox/backend/internal/data/ent"
+	"github.com/hay-kot/homebox/backend/internal/data/repo"
 	"github.com/hay-kot/homebox/backend/pkgs/faker"
 	_ "github.com/mattn/go-sqlite3"
 )
@@ -49,8 +47,6 @@ func bootstrap() {
 }
 
 func TestMain(m *testing.M) {
-	rand.Seed(int64(time.Now().Unix()))
-
 	client, err := ent.Open("sqlite3", "file:ent?mode=memory&cache=shared&_fk=1")
 	if err != nil {
 		log.Fatalf("failed opening connection to sqlite: %v", err)
@@ -63,7 +59,7 @@ func TestMain(m *testing.M) {
 
 	tClient = client
 	tRepos = repo.New(tClient, os.TempDir()+"/homebox")
-	tSvc = NewServices(tRepos)
+	tSvc = New(tRepos)
 	defer client.Close()
 
 	bootstrap()

backend/internal/core/services/reporting/.testdata/import.csv

@@ -0,0 +1,7 @@
+Import Ref,Location,Labels,Quantity,Name,Description,Insured,Serial Number,Mode Number,Manufacturer,Notes,Purchase From,Purchased Price,Purchased Time,Lifetime Warranty,Warranty Expires,Warranty Details,Sold To,Sold Price,Sold Time,Sold Notes
+A,Garage,IOT;Home Assistant; Z-Wave,1,Zooz Universal Relay ZEN17,Description 1,TRUE,,ZEN17,Zooz,,Amazon,39.95,10/13/2021,,10/13/2021,,,,10/13/2021,
+B,Living Room,IOT;Home Assistant; Z-Wave,1,Zooz Motion Sensor,Description 2,FALSE,,ZSE18,Zooz,,Amazon,29.95,10/15/2021,,10/15/2021,,,,10/15/2021,
+C,Office,IOT;Home Assistant; Z-Wave,1,Zooz 110v Power Switch,Description 3,TRUE,,ZEN15,Zooz,,Amazon,39.95,10/13/2021,,10/13/2021,,,,10/13/2021,
+D,Downstairs,IOT;Home Assistant; Z-Wave,1,Ecolink Z-Wave PIR Motion Sensor,Description 4,FALSE,,PIRZWAVE2.5-ECO,Ecolink,,Amazon,35.58,10/21/2020,,10/21/2020,,,,10/21/2020,
+E,Entry,IOT;Home Assistant; Z-Wave,1,Yale Security Touchscreen Deadbolt,Description 5,TRUE,,YRD226ZW2619,Yale,,Amazon,120.39,10/14/2020,,10/14/2020,,,,10/14/2020,
+F,Kitchen,IOT;Home Assistant; Z-Wave,1,Smart Rocker Light Dimmer,Description 6,FALSE,,39351,Honeywell,,Amazon,65.98,09/30/2020,,09/30/2020,,,,09/30/2020,

backend/internal/core/services/reporting/.testdata/import.tsv

@@ -0,0 +1,7 @@
+Import Ref	Location	Labels	Quantity	Name	Description	Insured	Serial Number	Mode Number	Manufacturer	Notes	Purchase From	Purchased Price	Purchased Time	Lifetime Warranty	Warranty Expires	Warranty Details	Sold To	Sold Price	Sold Time	Sold Notes
+A	Garage	IOT;Home Assistant; Z-Wave	1	Zooz Universal Relay ZEN17	Description 1	TRUE		ZEN17	Zooz		Amazon	39.95	10/13/2021		10/13/2021				10/13/2021	
+B	Living Room	IOT;Home Assistant; Z-Wave	1	Zooz Motion Sensor	Description 2	FALSE		ZSE18	Zooz		Amazon	29.95	10/15/2021		10/15/2021				10/15/2021	
+C	Office	IOT;Home Assistant; Z-Wave	1	Zooz 110v Power Switch	Description 3	TRUE		ZEN15	Zooz		Amazon	39.95	10/13/2021		10/13/2021				10/13/2021	
+D	Downstairs	IOT;Home Assistant; Z-Wave	1	Ecolink Z-Wave PIR Motion Sensor	Description 4	FALSE		PIRZWAVE2.5-ECO	Ecolink		Amazon	35.58	10/21/2020		10/21/2020				10/21/2020	
+E	Entry	IOT;Home Assistant; Z-Wave	1	Yale Security Touchscreen Deadbolt	Description 5	TRUE		YRD226ZW2619	Yale		Amazon	120.39	10/14/2020		10/14/2020				10/14/2020	
+F	Kitchen	IOT;Home Assistant; Z-Wave	1	Smart Rocker Light Dimmer	Description 6	FALSE		39351	Honeywell		Amazon	65.98	09/30/2020		09/30/2020				09/30/2020	

backend/internal/core/services/reporting/.testdata/import/fields.csv

@@ -0,0 +1,5 @@
+HB.location,HB.name,HB.quantity,HB.description,HB.field.Custom Field 1,HB.field.Custom Field 2,HB.field.Custom Field 3
+loc,Item 1,1,Description 1,Value 1[1],Value 1[2],Value 1[3]
+loc,Item 2,2,Description 2,Value 2[1],Value 2[2],Value 2[3]
+loc,Item 3,3,Description 3,Value 3[1],Value 3[2],Value 3[3]
+

backend/internal/core/services/reporting/.testdata/import/minimal.csv

@@ -0,0 +1,4 @@
+HB.location,HB.name,HB.quantity,HB.description
+loc,Item 1,1,Description 1
+loc,Item 2,2,Description 2
+loc,Item 3,3,Description 3

backend/internal/core/services/reporting/.testdata/import/types.csv

@@ -0,0 +1,4 @@
+HB.name,HB.asset_id,HB.location,HB.labels
+Item 1,1,Path / To / Location 1,L1 ; L2 ; L3
+Item 2,000-002,Path /To/ Location 2,L1;L2;L3
+Item 3,1000-003,Path / To /Location 3  ,   L1;L2;   L3

backend/internal/core/services/reporting/bill_of_materials.go

@@ -0,0 +1,42 @@
+package reporting
+
+import (
+	"github.com/gocarina/gocsv"
+	"github.com/hay-kot/homebox/backend/internal/data/repo"
+	"github.com/hay-kot/homebox/backend/internal/data/types"
+)
+
+// =================================================================================================
+
+type BillOfMaterialsEntry struct {
+	PurchaseDate types.Date `csv:"Purchase Date"`
+	Name         string     `csv:"Name"`
+	Description  string     `csv:"Description"`
+	Manufacturer string     `csv:"Manufacturer"`
+	SerialNumber string     `csv:"Serial Number"`
+	ModelNumber  string     `csv:"Model Number"`
+	Quantity     int        `csv:"Quantity"`
+	Price        float64    `csv:"Price"`
+	TotalPrice   float64    `csv:"Total Price"`
+}
+
+// BillOfMaterialsTSV returns a byte slice of the Bill of Materials for a given GID in TSV format
+// See BillOfMaterialsEntry for the format of the output
+func BillOfMaterialsTSV(entities []repo.ItemOut) ([]byte, error) {
+	bomEntries := make([]BillOfMaterialsEntry, len(entities))
+	for i, entity := range entities {
+		bomEntries[i] = BillOfMaterialsEntry{
+			PurchaseDate: entity.PurchaseTime,
+			Name:         entity.Name,
+			Description:  entity.Description,
+			Manufacturer: entity.Manufacturer,
+			SerialNumber: entity.SerialNumber,
+			ModelNumber:  entity.ModelNumber,
+			Quantity:     entity.Quantity,
+			Price:        entity.PurchasePrice,
+			TotalPrice:   entity.PurchasePrice * float64(entity.Quantity),
+		}
+	}
+
+	return gocsv.MarshalBytes(&bomEntries)
+}

backend/internal/core/services/reporting/import.go

@@ -0,0 +1,93 @@
+package reporting
+
+import (
+	"bytes"
+	"encoding/csv"
+	"errors"
+	"io"
+	"strings"
+)
+
+var (
+	ErrNoHomeboxHeaders       = errors.New("no headers found")
+	ErrMissingRequiredHeaders = errors.New("missing required headers `HB.location` or `HB.name`")
+)
+
+// determineSeparator determines the separator used in the CSV file
+// It returns the separator as a rune and an error if it could not be determined
+//
+// It is assumed that the first row is the header row and that the separator is the same
+// for all rows.
+//
+// Supported separators are `,` and `\t`
+func determineSeparator(data []byte) (rune, error) {
+	// First row
+	firstRow := bytes.Split(data, []byte("\n"))[0]
+
+	// find first comma or /t
+	comma := bytes.IndexByte(firstRow, ',')
+	tab := bytes.IndexByte(firstRow, '\t')
+
+	switch {
+	case comma == -1 && tab == -1:
+		return 0, errors.New("could not determine separator")
+	case tab > comma:
+		return '\t', nil
+	default:
+		return ',', nil
+	}
+}
+
+// readRawCsv reads a CSV file and returns the raw data as a 2D string array
+// It determines the separator used in the CSV file and returns an error if
+// it could not be determined
+func readRawCsv(r io.Reader) ([][]string, error) {
+	data, err := io.ReadAll(r)
+	if err != nil {
+		return nil, err
+	}
+
+	reader := csv.NewReader(bytes.NewReader(data))
+
+	// Determine separator
+	sep, err := determineSeparator(data)
+	if err != nil {
+		return nil, err
+	}
+
+	reader.Comma = sep
+
+	return reader.ReadAll()
+}
+
+// parseHeaders parses the homebox headers from the CSV file and returns a map of the headers
+// and their column index as well as a list of the field headers (HB.field.*) in the order
+// they appear in the CSV file
+//
+// It returns an error if no homebox headers are found
+func parseHeaders(headers []string) (hbHeaders map[string]int, fieldHeaders []string, err error) {
+	hbHeaders = map[string]int{} // initialize map
+
+	for col, h := range headers {
+		if strings.HasPrefix(h, "HB.field.") {
+			fieldHeaders = append(fieldHeaders, h)
+		}
+
+		if strings.HasPrefix(h, "HB.") {
+			hbHeaders[h] = col
+		}
+	}
+
+	required := []string{"HB.location", "HB.name"}
+	for _, h := range required {
+		if _, ok := hbHeaders[h]; !ok {
+			return nil, nil, ErrMissingRequiredHeaders
+		}
+	}
+
+	if len(hbHeaders) == 0 {
+		return nil, nil, ErrNoHomeboxHeaders
+	}
+
+	return hbHeaders, fieldHeaders, nil
+}

backend/internal/core/services/reporting/io_row.go

@@ -0,0 +1,85 @@
+package reporting
+
+import (
+	"strings"
+
+	"github.com/hay-kot/homebox/backend/internal/data/repo"
+	"github.com/hay-kot/homebox/backend/internal/data/types"
+)
+
+type ExportItemFields struct {
+	Name  string
+	Value string
+}
+
+type ExportTSVRow struct {
+	ImportRef string         `csv:"HB.import_ref"`
+	Location  LocationString `csv:"HB.location"`
+	LabelStr  LabelString    `csv:"HB.labels"`
+	AssetID   repo.AssetID   `csv:"HB.asset_id"`
+	Archived  bool           `csv:"HB.archived"`
+
+	Name        string `csv:"HB.name"`
+	Quantity    int    `csv:"HB.quantity"`
+	Description string `csv:"HB.description"`
+	Insured     bool   `csv:"HB.insured"`
+	Notes       string `csv:"HB.notes"`
+
+	PurchasePrice float64    `csv:"HB.purchase_price"`
+	PurchaseFrom  string     `csv:"HB.purchase_from"`
+	PurchaseTime  types.Date `csv:"HB.purchase_time"`
+
+	Manufacturer string `csv:"HB.manufacturer"`
+	ModelNumber  string `csv:"HB.model_number"`
+	SerialNumber string `csv:"HB.serial_number"`
+
+	LifetimeWarranty bool       `csv:"HB.lifetime_warranty"`
+	WarrantyExpires  types.Date `csv:"HB.warranty_expires"`
+	WarrantyDetails  string     `csv:"HB.warranty_details"`
+
+	SoldTo    string     `csv:"HB.sold_to"`
+	SoldPrice float64    `csv:"HB.sold_price"`
+	SoldTime  types.Date `csv:"HB.sold_time"`
+	SoldNotes string     `csv:"HB.sold_notes"`
+
+	Fields []ExportItemFields `csv:"-"`
+}
+
+// ============================================================================
+
+// LabelString is a string slice that is used to represent a list of labels.
+//
+// For example, a list of labels "Important; Work" would be represented as a
+// LabelString with the following values:
+//
+//	LabelString{"Important", "Work"}
+type LabelString []string
+
+func parseLabelString(s string) LabelString {
+	v, _ := parseSeparatedString(s, ";")
+	return v
+}
+
+func (ls LabelString) String() string {
+	return strings.Join(ls, "; ")
+}
+
+// ============================================================================
+
+// LocationString is a string slice that is used to represent a location
+// hierarchy.
+//
+// For example, a location hierarchy of "Home / Bedroom / Desk" would be
+// represented as a LocationString with the following values:
+//
+//	LocationString{"Home", "Bedroom", "Desk"}
+type LocationString []string
+
+func parseLocationString(s string) LocationString {
+	v, _ := parseSeparatedString(s, "/")
+	return v
+}
+
+func (csf LocationString) String() string {
+	return strings.Join(csf, " / ")
+}

backend/internal/core/services/reporting/io_sheet.go

@@ -0,0 +1,310 @@
+package reporting
+
+import (
+	"fmt"
+	"io"
+	"reflect"
+	"sort"
+	"strconv"
+	"strings"
+
+	"github.com/hay-kot/homebox/backend/internal/data/repo"
+	"github.com/hay-kot/homebox/backend/internal/data/types"
+	"github.com/rs/zerolog/log"
+)
+
+// IOSheet is the representation of a CSV/TSV sheet that is used for importing/exporting
+// items from homebox. It is used to read/write the data from/to a CSV/TSV file given
+// the standard format of the file.
+//
+// See ExportTSVRow for the format of the data in the sheet.
+type IOSheet struct {
+	headers []string
+	custom  []int
+	index   map[string]int
+	Rows    []ExportTSVRow
+}
+
+func (s *IOSheet) indexHeaders() {
+	s.index = make(map[string]int)
+
+	for i, h := range s.headers {
+		if strings.HasPrefix(h, "HB.field") {
+			s.custom = append(s.custom, i)
+		}
+
+		if strings.HasPrefix(h, "HB.") {
+			s.index[h] = i
+		}
+	}
+}
+
+func (s *IOSheet) GetColumn(str string) (col int, ok bool) {
+	if s.index == nil {
+		s.indexHeaders()
+	}
+
+	col, ok = s.index[str]
+	return
+}
+
+// Read reads a CSV/TSV and populates the "Rows" field with the data from the sheet
+// Custom Fields are supported via the `HB.field.*` headers. The `HB.field.*` the "Name"
+// of the field is the part after the `HB.field.` prefix. Additionally, Custom Fields with
+// no value are excluded from the row.Fields slice, this includes empty strings.
+//
+// Note That
+//   - the first row is assumed to be the header
+//   - at least 1 row of data is required
+//   - rows and columns must be rectangular (i.e. all rows must have the same number of columns)
+func (s *IOSheet) Read(data io.Reader) error {
+	sheet, err := readRawCsv(data)
+	if err != nil {
+		return err
+	}
+
+	if len(sheet) < 2 {
+		return fmt.Errorf("sheet must have at least 1 row of data (header + 1)")
+	}
+
+	s.headers = sheet[0]
+	s.Rows = make([]ExportTSVRow, len(sheet)-1)
+
+	for i, row := range sheet[1:] {
+		if len(row) != len(s.headers) {
+			return fmt.Errorf("row has %d columns, expected %d", len(row), len(s.headers))
+		}
+
+		rowData := ExportTSVRow{}
+
+		st := reflect.TypeOf(ExportTSVRow{})
+
+		for i := 0; i < st.NumField(); i++ {
+			field := st.Field(i)
+			tag := field.Tag.Get("csv")
+			if tag == "" || tag == "-" {
+				continue
+			}
+
+			col, ok := s.GetColumn(tag)
+			if !ok {
+				continue
+			}
+
+			val := row[col]
+
+			var v interface{}
+
+			switch field.Type {
+			case reflect.TypeOf(""):
+				v = val
+			case reflect.TypeOf(int(0)):
+				v = parseInt(val)
+			case reflect.TypeOf(bool(false)):
+				v = parseBool(val)
+			case reflect.TypeOf(float64(0)):
+				v = parseFloat(val)
+
+			// Custom Types
+			case reflect.TypeOf(types.Date{}):
+				v = types.DateFromString(val)
+			case reflect.TypeOf(repo.AssetID(0)):
+				v, _ = repo.ParseAssetID(val)
+			case reflect.TypeOf(LocationString{}):
+				v = parseLocationString(val)
+			case reflect.TypeOf(LabelString{}):
+				v = parseLabelString(val)
+			}
+
+			log.Debug().
+				Str("tag", tag).
+				Interface("val", v).
+				Str("type", fmt.Sprintf("%T", v)).
+				Msg("parsed value")
+
+			// Nil values are not allowed at the moment. This may change.
+			if v == nil {
+				return fmt.Errorf("could not convert %q to %s", val, field.Type)
+			}
+
+			ptrField := reflect.ValueOf(&rowData).Elem().Field(i)
+			ptrField.Set(reflect.ValueOf(v))
+		}
+
+		for _, col := range s.custom {
+			colName := strings.TrimPrefix(s.headers[col], "HB.field.")
+			customVal := row[col]
+			if customVal == "" {
+				continue
+			}
+
+			rowData.Fields = append(rowData.Fields, ExportItemFields{
+				Name:  colName,
+				Value: customVal,
+			})
+		}
+
+		s.Rows[i] = rowData
+	}
+
+	return nil
+}
+
+// Write writes the sheet to a writer.
+func (s *IOSheet) ReadItems(items []repo.ItemOut) {
+	s.Rows = make([]ExportTSVRow, len(items))
+
+	extraHeaders := map[string]struct{}{}
+
+	for i := range items {
+		item := items[i]
+
+		// TODO: Support fetching nested locations
+		locString := LocationString{item.Location.Name}
+
+		labelString := make([]string, len(item.Labels))
+
+		for i, l := range item.Labels {
+			labelString[i] = l.Name
+		}
+
+		customFields := make([]ExportItemFields, len(item.Fields))
+
+		for i, f := range item.Fields {
+			extraHeaders[f.Name] = struct{}{}
+
+			customFields[i] = ExportItemFields{
+				Name:  f.Name,
+				Value: f.TextValue,
+			}
+		}
+
+		s.Rows[i] = ExportTSVRow{
+			// fill struct
+			Location: locString,
+			LabelStr: labelString,
+
+			ImportRef:   item.ImportRef,
+			AssetID:     item.AssetID,
+			Name:        item.Name,
+			Quantity:    item.Quantity,
+			Description: item.Description,
+			Insured:     item.Insured,
+			Archived:    item.Archived,
+
+			PurchasePrice: item.PurchasePrice,
+			PurchaseFrom:  item.PurchaseFrom,
+			PurchaseTime:  item.PurchaseTime,
+
+			Manufacturer: item.Manufacturer,
+			ModelNumber:  item.ModelNumber,
+			SerialNumber: item.SerialNumber,
+
+			LifetimeWarranty: item.LifetimeWarranty,
+			WarrantyExpires:  item.WarrantyExpires,
+			WarrantyDetails:  item.WarrantyDetails,
+
+			SoldTo:    item.SoldTo,
+			SoldTime:  item.SoldTime,
+			SoldPrice: item.SoldPrice,
+			SoldNotes: item.SoldNotes,
+
+			Fields: customFields,
+		}
+	}
+
+	// Extract and sort additional headers for deterministic output
+	customHeaders := make([]string, 0, len(extraHeaders))
+
+	for k := range extraHeaders {
+		customHeaders = append(customHeaders, k)
+	}
+
+	sort.Strings(customHeaders)
+
+	st := reflect.TypeOf(ExportTSVRow{})
+
+	// Write headers
+	for i := 0; i < st.NumField(); i++ {
+		field := st.Field(i)
+		tag := field.Tag.Get("csv")
+		if tag == "" || tag == "-" {
+			continue
+		}
+
+		s.headers = append(s.headers, tag)
+	}
+
+	for _, h := range customHeaders {
+		s.headers = append(s.headers, "HB.field."+h)
+	}
+}
+
+// Writes the current sheet to a writer in TSV format.
+func (s *IOSheet) TSV() ([][]string, error) {
+	memcsv := make([][]string, len(s.Rows)+1)
+
+	memcsv[0] = s.headers
+
+	// use struct tags in rows to dertmine column order
+	for i, row := range s.Rows {
+		rowIdx := i + 1
+
+		memcsv[rowIdx] = make([]string, len(s.headers))
+
+		st := reflect.TypeOf(row)
+
+		for i := 0; i < st.NumField(); i++ {
+			field := st.Field(i)
+			tag := field.Tag.Get("csv")
+			if tag == "" || tag == "-" {
+				continue
+			}
+
+			col, ok := s.GetColumn(tag)
+			if !ok {
+				continue
+			}
+
+			val := reflect.ValueOf(row).Field(i)
+
+			var v string
+
+			switch field.Type {
+			case reflect.TypeOf(""):
+				v = val.String()
+			case reflect.TypeOf(int(0)):
+				v = strconv.Itoa(int(val.Int()))
+			case reflect.TypeOf(bool(false)):
+				v = strconv.FormatBool(val.Bool())
+			case reflect.TypeOf(float64(0)):
+				v = strconv.FormatFloat(val.Float(), 'f', -1, 64)
+
+			// Custom Types
+			case reflect.TypeOf(types.Date{}):
+				v = val.Interface().(types.Date).String()
+			case reflect.TypeOf(repo.AssetID(0)):
+				v = val.Interface().(repo.AssetID).String()
+			case reflect.TypeOf(LocationString{}):
+				v = val.Interface().(LocationString).String()
+			case reflect.TypeOf(LabelString{}):
+				v = val.Interface().(LabelString).String()
+			default:
+				log.Debug().Str("type", field.Type.String()).Msg("unknown type")
+			}
+
+			memcsv[rowIdx][col] = v
+		}
+
+		for _, f := range row.Fields {
+			col, ok := s.GetColumn("HB.field." + f.Name)
+			if !ok {
+				continue
+			}
+
+			memcsv[i+1][col] = f.Value
+		}
+	}
+
+	return memcsv, nil
+}

backend/internal/core/services/reporting/io_sheet_test.go

@@ -0,0 +1,226 @@
+package reporting
+
+import (
+	"bytes"
+	"reflect"
+	"testing"
+
+	_ "embed"
+
+	"github.com/hay-kot/homebox/backend/internal/data/repo"
+	"github.com/stretchr/testify/assert"
+)
+
+var (
+	//go:embed .testdata/import/minimal.csv
+	minimalImportCSV []byte
+
+	//go:embed .testdata/import/fields.csv
+	customFieldImportCSV []byte
+
+	//go:embed .testdata/import/types.csv
+	customTypesImportCSV []byte
+
+	//go:embed .testdata/import.csv
+	CSVData_Comma []byte
+
+	//go:embed .testdata/import.tsv
+	CSVData_Tab []byte
+)
+
+func TestSheet_Read(t *testing.T) {
+	tests := []struct {
+		name    string
+		data    []byte
+		want    []ExportTSVRow
+		wantErr bool
+	}{
+		{
+			name: "minimal import",
+			data: minimalImportCSV,
+			want: []ExportTSVRow{
+				{Location: LocationString{"loc"}, Name: "Item 1", Quantity: 1, Description: "Description 1"},
+				{Location: LocationString{"loc"}, Name: "Item 2", Quantity: 2, Description: "Description 2"},
+				{Location: LocationString{"loc"}, Name: "Item 3", Quantity: 3, Description: "Description 3"},
+			},
+		},
+		{
+			name: "custom field import",
+			data: customFieldImportCSV,
+			want: []ExportTSVRow{
+				{
+					Location: LocationString{"loc"}, Name: "Item 1", Quantity: 1, Description: "Description 1",
+					Fields: []ExportItemFields{
+						{Name: "Custom Field 1", Value: "Value 1[1]"},
+						{Name: "Custom Field 2", Value: "Value 1[2]"},
+						{Name: "Custom Field 3", Value: "Value 1[3]"},
+					},
+				},
+				{
+					Location: LocationString{"loc"}, Name: "Item 2", Quantity: 2, Description: "Description 2",
+					Fields: []ExportItemFields{
+						{Name: "Custom Field 1", Value: "Value 2[1]"},
+						{Name: "Custom Field 2", Value: "Value 2[2]"},
+						{Name: "Custom Field 3", Value: "Value 2[3]"},
+					},
+				},
+				{
+					Location: LocationString{"loc"}, Name: "Item 3", Quantity: 3, Description: "Description 3",
+					Fields: []ExportItemFields{
+						{Name: "Custom Field 1", Value: "Value 3[1]"},
+						{Name: "Custom Field 2", Value: "Value 3[2]"},
+						{Name: "Custom Field 3", Value: "Value 3[3]"},
+					},
+				},
+			},
+		},
+		{
+			name: "custom types import",
+			data: customTypesImportCSV,
+			want: []ExportTSVRow{
+				{
+					Name:     "Item 1",
+					AssetID:  repo.AssetID(1),
+					Location: LocationString{"Path", "To", "Location 1"},
+					LabelStr: LabelString{"L1", "L2", "L3"},
+				},
+				{
+					Name:     "Item 2",
+					AssetID:  repo.AssetID(2),
+					Location: LocationString{"Path", "To", "Location 2"},
+					LabelStr: LabelString{"L1", "L2", "L3"},
+				},
+				{
+					Name:     "Item 3",
+					AssetID:  repo.AssetID(1000003),
+					Location: LocationString{"Path", "To", "Location 3"},
+					LabelStr: LabelString{"L1", "L2", "L3"},
+				},
+			},
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			reader := bytes.NewReader(tt.data)
+
+			sheet := &IOSheet{}
+			err := sheet.Read(reader)
+
+			switch {
+			case tt.wantErr:
+				assert.Error(t, err)
+			default:
+				assert.NoError(t, err)
+				assert.ElementsMatch(t, tt.want, sheet.Rows)
+			}
+		})
+	}
+}
+
+func Test_parseHeaders(t *testing.T) {
+	tests := []struct {
+		name             string
+		rawHeaders       []string
+		wantHbHeaders    map[string]int
+		wantFieldHeaders []string
+		wantErr          bool
+	}{
+		{
+			name:             "no hombox headers",
+			rawHeaders:       []string{"Header 1", "Header 2", "Header 3"},
+			wantHbHeaders:    nil,
+			wantFieldHeaders: nil,
+			wantErr:          true,
+		},
+		{
+			name:       "field headers only",
+			rawHeaders: []string{"HB.location", "HB.name", "HB.field.1", "HB.field.2", "HB.field.3"},
+			wantHbHeaders: map[string]int{
+				"HB.location": 0,
+				"HB.name":     1,
+				"HB.field.1":  2,
+				"HB.field.2":  3,
+				"HB.field.3":  4,
+			},
+			wantFieldHeaders: []string{"HB.field.1", "HB.field.2", "HB.field.3"},
+			wantErr:          false,
+		},
+		{
+			name:       "mixed headers",
+			rawHeaders: []string{"Header 1", "HB.name", "Header 2", "HB.field.2", "Header 3", "HB.field.3", "HB.location"},
+			wantHbHeaders: map[string]int{
+				"HB.name":     1,
+				"HB.field.2":  3,
+				"HB.field.3":  5,
+				"HB.location": 6,
+			},
+			wantFieldHeaders: []string{"HB.field.2", "HB.field.3"},
+			wantErr:          false,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			gotHbHeaders, gotFieldHeaders, err := parseHeaders(tt.rawHeaders)
+			if (err != nil) != tt.wantErr {
+				t.Errorf("parseHeaders() error = %v, wantErr %v", err, tt.wantErr)
+				return
+			}
+			if !reflect.DeepEqual(gotHbHeaders, tt.wantHbHeaders) {
+				t.Errorf("parseHeaders() gotHbHeaders = %v, want %v", gotHbHeaders, tt.wantHbHeaders)
+			}
+			if !reflect.DeepEqual(gotFieldHeaders, tt.wantFieldHeaders) {
+				t.Errorf("parseHeaders() gotFieldHeaders = %v, want %v", gotFieldHeaders, tt.wantFieldHeaders)
+			}
+		})
+	}
+}
+
+func Test_determineSeparator(t *testing.T) {
+	type args struct {
+		data []byte
+	}
+	tests := []struct {
+		name    string
+		args    args
+		want    rune
+		wantErr bool
+	}{
+		{
+			name: "comma",
+			args: args{
+				data: CSVData_Comma,
+			},
+			want:    ',',
+			wantErr: false,
+		},
+		{
+			name: "tab",
+			args: args{
+				data: CSVData_Tab,
+			},
+			want:    '\t',
+			wantErr: false,
+		},
+		{
+			name: "invalid",
+			args: args{
+				data: []byte("a;b;c"),
+			},
+			want:    0,
+			wantErr: true,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got, err := determineSeparator(tt.args.data)
+			if (err != nil) != tt.wantErr {
+				t.Errorf("determineSeparator() error = %v, wantErr %v", err, tt.wantErr)
+				return
+			}
+			if got != tt.want {
+				t.Errorf("determineSeparator() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}

backend/internal/core/services/reporting/value_parsers.go

@@ -0,0 +1,38 @@
+package reporting
+
+import (
+	"strconv"
+	"strings"
+)
+
+func parseSeparatedString(s string, sep string) ([]string, error) {
+	list := strings.Split(s, sep)
+
+	csf := make([]string, 0, len(list))
+	for _, s := range list {
+		trimmed := strings.TrimSpace(s)
+		if trimmed != "" {
+			csf = append(csf, trimmed)
+		}
+	}
+
+	return csf, nil
+}
+
+func parseFloat(s string) float64 {
+	if s == "" {
+		return 0
+	}
+	f, _ := strconv.ParseFloat(s, 64)
+	return f
+}
+
+func parseBool(s string) bool {
+	b, _ := strconv.ParseBool(s)
+	return b
+}
+
+func parseInt(s string) int {
+	i, _ := strconv.Atoi(s)
+	return i
+}

backend/internal/core/services/reporting/value_parsers_test.go

@@ -0,0 +1,65 @@
+package reporting
+
+import (
+	"reflect"
+	"testing"
+)
+
+func Test_parseSeparatedString(t *testing.T) {
+	type args struct {
+		s   string
+		sep string
+	}
+	tests := []struct {
+		name    string
+		args    args
+		want    []string
+		wantErr bool
+	}{
+		{
+			name: "comma",
+			args: args{
+				s:   "a,b,c",
+				sep: ",",
+			},
+			want:    []string{"a", "b", "c"},
+			wantErr: false,
+		},
+		{
+			name: "trimmed comma",
+			args: args{
+				s:   "a, b, c",
+				sep: ",",
+			},
+			want: []string{"a", "b", "c"},
+		},
+		{
+			name: "excessive whitespace",
+			args: args{
+				s:   "     			a,   b,    			c  	",
+				sep: ",",
+			},
+			want: []string{"a", "b", "c"},
+		},
+		{
+			name: "empty",
+			args: args{
+				s:   "",
+				sep: ",",
+			},
+			want: []string{},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got, err := parseSeparatedString(tt.args.s, tt.args.sep)
+			if (err != nil) != tt.wantErr {
+				t.Errorf("parseSeparatedString() error = %v, wantErr %v", err, tt.wantErr)
+				return
+			}
+			if !reflect.DeepEqual(got, tt.want) {
+				t.Errorf("parseSeparatedString() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}

backend/internal/core/services/service_background.go

@@ -0,0 +1,81 @@
+package services
+
+import (
+	"context"
+	"strings"
+	"time"
+
+	"github.com/containrrr/shoutrrr"
+	"github.com/hay-kot/homebox/backend/internal/data/repo"
+	"github.com/hay-kot/homebox/backend/internal/data/types"
+	"github.com/rs/zerolog/log"
+)
+
+type BackgroundService struct {
+	repos *repo.AllRepos
+}
+
+func (svc *BackgroundService) SendNotifiersToday(ctx context.Context) error {
+	// Get All Groups
+	groups, err := svc.repos.Groups.GetAllGroups(ctx)
+	if err != nil {
+		return err
+	}
+
+	today := types.DateFromTime(time.Now())
+
+	for i := range groups {
+		group := groups[i]
+
+		entries, err := svc.repos.MaintEntry.GetScheduled(ctx, group.ID, today)
+		if err != nil {
+			return err
+		}
+
+		if len(entries) == 0 {
+			log.Debug().
+				Str("group_name", group.Name).
+				Str("group_id", group.ID.String()).
+				Msg("No scheduled maintenance for today")
+			continue
+		}
+
+		notifiers, err := svc.repos.Notifiers.GetByGroup(ctx, group.ID)
+		if err != nil {
+			return err
+		}
+
+		urls := make([]string, len(notifiers))
+		for i := range notifiers {
+			urls[i] = notifiers[i].URL
+		}
+
+		bldr := strings.Builder{}
+
+		bldr.WriteString("Homebox Maintenance for (")
+		bldr.WriteString(today.String())
+		bldr.WriteString("):\n")
+
+		for i := range entries {
+			entry := entries[i]
+			bldr.WriteString(" - ")
+			bldr.WriteString(entry.Name)
+			bldr.WriteString("\n")
+		}
+
+		var sendErrs []error
+		for i := range urls {
+			err := shoutrrr.Send(urls[i], bldr.String())
+
+			if err != nil {
+				sendErrs = append(sendErrs, err)
+			}
+		}
+
+		if len(sendErrs) > 0 {
+			return sendErrs[0]
+		}
+	}
+
+	return nil
+}

backend/internal/core/services/service_group.go

@@ -0,0 +1,40 @@
+package services
+
+import (
+	"errors"
+	"time"
+
+	"github.com/hay-kot/homebox/backend/internal/data/repo"
+	"github.com/hay-kot/homebox/backend/pkgs/hasher"
+)
+
+type GroupService struct {
+	repos *repo.AllRepos
+}
+
+func (svc *GroupService) UpdateGroup(ctx Context, data repo.GroupUpdate) (repo.Group, error) {
+	if data.Name == "" {
+		data.Name = ctx.User.GroupName
+	}
+
+	if data.Currency == "" {
+		return repo.Group{}, errors.New("currency cannot be empty")
+	}
+
+	return svc.repos.Groups.GroupUpdate(ctx.Context, ctx.GID, data)
+}
+
+func (svc *GroupService) NewInvitation(ctx Context, uses int, expiresAt time.Time) (string, error) {
+	token := hasher.GenerateToken()
+
+	_, err := svc.repos.Groups.InvitationCreate(ctx, ctx.GID, repo.GroupInvitationCreate{
+		Token:     token.Hash,
+		Uses:      uses,
+		ExpiresAt: expiresAt,
+	})
+	if err != nil {
+		return "", err
+	}
+
+	return token.Raw, nil
+}

backend/internal/core/services/service_items.go

@@ -0,0 +1,352 @@
+package services
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"io"
+	"strings"
+
+	"github.com/google/uuid"
+	"github.com/hay-kot/homebox/backend/internal/core/services/reporting"
+	"github.com/hay-kot/homebox/backend/internal/data/repo"
+)
+
+var (
+	ErrNotFound     = errors.New("not found")
+	ErrFileNotFound = errors.New("file not found")
+)
+
+type ItemService struct {
+	repo *repo.AllRepos
+
+	filepath string
+
+	autoIncrementAssetID bool
+}
+
+func (svc *ItemService) Create(ctx Context, item repo.ItemCreate) (repo.ItemOut, error) {
+	if svc.autoIncrementAssetID {
+		highest, err := svc.repo.Items.GetHighestAssetID(ctx, ctx.GID)
+		if err != nil {
+			return repo.ItemOut{}, err
+		}
+
+		item.AssetID = repo.AssetID(highest + 1)
+	}
+
+	return svc.repo.Items.Create(ctx, ctx.GID, item)
+}
+
+func (svc *ItemService) EnsureAssetID(ctx context.Context, GID uuid.UUID) (int, error) {
+	items, err := svc.repo.Items.GetAllZeroAssetID(ctx, GID)
+	if err != nil {
+		return 0, err
+	}
+
+	highest, err := svc.repo.Items.GetHighestAssetID(ctx, GID)
+	if err != nil {
+		return 0, err
+	}
+
+	finished := 0
+	for _, item := range items {
+		highest++
+
+		err = svc.repo.Items.SetAssetID(ctx, GID, item.ID, repo.AssetID(highest))
+		if err != nil {
+			return 0, err
+		}
+
+		finished++
+	}
+
+	return finished, nil
+}
+
+func (svc *ItemService) EnsureImportRef(ctx context.Context, GID uuid.UUID) (int, error) {
+	ids, err := svc.repo.Items.GetAllZeroImportRef(ctx, GID)
+	if err != nil {
+		return 0, err
+	}
+
+	finished := 0
+	for _, itemID := range ids {
+		ref := uuid.New().String()[0:8]
+
+		err = svc.repo.Items.Patch(ctx, GID, itemID, repo.ItemPatch{ImportRef: &ref})
+		if err != nil {
+			return 0, err
+		}
+
+		finished++
+	}
+
+	return finished, nil
+}
+
+func serializeLocation[T ~[]string](location T) string {
+	return strings.Join(location, "/")
+}
+
+// CsvImport imports items from a CSV file. using the standard defined format.
+//
+// CsvImport applies the following rules/operations
+//
+//  1. If the item does not exist, it is created.
+//  2. If the item has a ImportRef and it exists it is skipped
+//  3. Locations and Labels are created if they do not exist.
+func (svc *ItemService) CsvImport(ctx context.Context, GID uuid.UUID, data io.Reader) (int, error) {
+	sheet := reporting.IOSheet{}
+
+	err := sheet.Read(data)
+	if err != nil {
+		return 0, err
+	}
+
+	// ========================================
+	// Labels
+
+	labelMap := make(map[string]uuid.UUID)
+	{
+		labels, err := svc.repo.Labels.GetAll(ctx, GID)
+		if err != nil {
+			return 0, err
+		}
+
+		for _, label := range labels {
+			labelMap[label.Name] = label.ID
+		}
+	}
+
+	// ========================================
+	// Locations
+
+	locationMap := make(map[string]uuid.UUID)
+	{
+		locations, err := svc.repo.Locations.Tree(ctx, GID, repo.TreeQuery{WithItems: false})
+		if err != nil {
+			return 0, err
+		}
+
+		// Traverse the tree and build a map of location full paths to IDs
+		// where the full path is the location name joined by slashes.
+		var traverse func(location *repo.TreeItem, path []string)
+		traverse = func(location *repo.TreeItem, path []string) {
+			path = append(path, location.Name)
+
+			locationMap[serializeLocation(path)] = location.ID
+
+			for _, child := range location.Children {
+				traverse(child, path)
+			}
+		}
+
+		for _, location := range locations {
+			traverse(&location, []string{})
+		}
+	}
+
+	// ========================================
+	// Import items
+
+	// Asset ID Pre-Check
+	highestAID := repo.AssetID(-1)
+	if svc.autoIncrementAssetID {
+		highestAID, err = svc.repo.Items.GetHighestAssetID(ctx, GID)
+		if err != nil {
+			return 0, err
+		}
+	}
+
+	finished := 0
+
+	for i := range sheet.Rows {
+		row := sheet.Rows[i]
+
+		createRequired := true
+
+		// ========================================
+		// Preflight check for existing item
+		if row.ImportRef != "" {
+			exists, err := svc.repo.Items.CheckRef(ctx, GID, row.ImportRef)
+			if err != nil {
+				return 0, fmt.Errorf("error checking for existing item with ref %q: %w", row.ImportRef, err)
+			}
+
+			if exists {
+				createRequired = false
+			}
+		}
+
+		// ========================================
+		// Pre-Create Labels as necessary
+		labelIds := make([]uuid.UUID, len(row.LabelStr))
+
+		for j := range row.LabelStr {
+			label := row.LabelStr[j]
+
+			id, ok := labelMap[label]
+			if !ok {
+				newLabel, err := svc.repo.Labels.Create(ctx, GID, repo.LabelCreate{Name: label})
+				if err != nil {
+					return 0, err
+				}
+				id = newLabel.ID
+			}
+
+			labelIds[j] = id
+			labelMap[label] = id
+		}
+
+		// ========================================
+		// Pre-Create Locations as necessary
+		path := serializeLocation(row.Location)
+
+		locationID, ok := locationMap[path]
+		if !ok { // Traverse the path of LocationStr and check each path element to see if it exists already, if not create it.
+			paths := []string{}
+			for i, pathElement := range row.Location {
+				paths = append(paths, pathElement)
+				path := serializeLocation(paths)
+
+				locationID, ok = locationMap[path]
+				if !ok {
+					parentID := uuid.Nil
+
+					// Get the parent ID
+					if i > 0 {
+						parentPath := serializeLocation(row.Location[:i])
+						parentID = locationMap[parentPath]
+					}
+
+					newLocation, err := svc.repo.Locations.Create(ctx, GID, repo.LocationCreate{
+						ParentID: parentID,
+						Name:     pathElement,
+					})
+					if err != nil {
+						return 0, err
+					}
+					locationID = newLocation.ID
+				}
+
+				locationMap[path] = locationID
+			}
+
+			locationID, ok = locationMap[path]
+			if !ok {
+				return 0, errors.New("failed to create location")
+			}
+		}
+
+		var effAID repo.AssetID
+		if svc.autoIncrementAssetID && row.AssetID.Nil() {
+			effAID = highestAID + 1
+			highestAID++
+		} else {
+			effAID = row.AssetID
+		}
+
+		// ========================================
+		// Create Item
+		var item repo.ItemOut
+		switch {
+		case createRequired:
+			newItem := repo.ItemCreate{
+				ImportRef:   row.ImportRef,
+				Name:        row.Name,
+				Description: row.Description,
+				AssetID:     effAID,
+				LocationID:  locationID,
+				LabelIDs:    labelIds,
+			}
+
+			item, err = svc.repo.Items.Create(ctx, GID, newItem)
+			if err != nil {
+				return 0, err
+			}
+		default:
+			item, err = svc.repo.Items.GetByRef(ctx, GID, row.ImportRef)
+			if err != nil {
+				return 0, err
+			}
+		}
+
+		if item.ID == uuid.Nil {
+			panic("item ID is nil on import - this should never happen")
+		}
+
+		fields := make([]repo.ItemField, len(row.Fields))
+		for i := range row.Fields {
+			fields[i] = repo.ItemField{
+				Name:      row.Fields[i].Name,
+				Type:      "text",
+				TextValue: row.Fields[i].Value,
+			}
+		}
+
+		updateItem := repo.ItemUpdate{
+			ID:         item.ID,
+			LabelIDs:   labelIds,
+			LocationID: locationID,
+
+			Name:        row.Name,
+			Description: row.Description,
+			AssetID:     effAID,
+			Insured:     row.Insured,
+			Quantity:    row.Quantity,
+			Archived:    row.Archived,
+
+			PurchasePrice: row.PurchasePrice,
+			PurchaseFrom:  row.PurchaseFrom,
+			PurchaseTime:  row.PurchaseTime,
+
+			Manufacturer: row.Manufacturer,
+			ModelNumber:  row.ModelNumber,
+			SerialNumber: row.SerialNumber,
+
+			LifetimeWarranty: row.LifetimeWarranty,
+			WarrantyExpires:  row.WarrantyExpires,
+			WarrantyDetails:  row.WarrantyDetails,
+
+			SoldTo:    row.SoldTo,
+			SoldTime:  row.SoldTime,
+			SoldPrice: row.SoldPrice,
+			SoldNotes: row.SoldNotes,
+
+			Notes:  row.Notes,
+			Fields: fields,
+		}
+
+		item, err = svc.repo.Items.UpdateByGroup(ctx, GID, updateItem)
+		if err != nil {
+			return 0, err
+		}
+
+		finished++
+	}
+
+	return finished, nil
+}
+
+func (svc *ItemService) ExportTSV(ctx context.Context, GID uuid.UUID) ([][]string, error) {
+	items, err := svc.repo.Items.GetAll(ctx, GID)
+	if err != nil {
+		return nil, err
+	}
+
+	sheet := reporting.IOSheet{}
+
+	sheet.ReadItems(items)
+
+	return sheet.TSV()
+}
+
+func (svc *ItemService) ExportBillOfMaterialsTSV(ctx context.Context, GID uuid.UUID) ([]byte, error) {
+	items, err := svc.repo.Items.GetAll(ctx, GID)
+	if err != nil {
+		return nil, err
+	}
+
+	return reporting.BillOfMaterialsTSV(items)
+}

backend/internal/core/services/service_items_attachments.go

@@ -4,71 +4,15 @@ import (
 	"context"
 	"io"
 	"os"
-	"time"
 
 	"github.com/google/uuid"
-	"github.com/hay-kot/homebox/backend/ent"
-	"github.com/hay-kot/homebox/backend/ent/attachment"
-	"github.com/hay-kot/homebox/backend/internal/repo"
-	"github.com/hay-kot/homebox/backend/pkgs/hasher"
+	"github.com/hay-kot/homebox/backend/internal/data/ent"
+	"github.com/hay-kot/homebox/backend/internal/data/ent/attachment"
+	"github.com/hay-kot/homebox/backend/internal/data/repo"
 	"github.com/rs/zerolog/log"
 )
 
-// TODO: this isn't a scalable solution, tokens should be stored in the database
-type attachmentTokens map[string]uuid.UUID
-
-func (at attachmentTokens) Add(token string, id uuid.UUID) {
-	at[token] = id
-
-	log.Debug().Str("token", token).Str("uuid", id.String()).Msg("added token")
-
-	go func() {
-		ch := time.After(1 * time.Minute)
-		<-ch
-		at.Delete(token)
-		log.Debug().Str("token", token).Msg("deleted token")
-	}()
-}
-
-func (at attachmentTokens) Get(token string) (uuid.UUID, bool) {
-	id, ok := at[token]
-	return id, ok
-}
-
-func (at attachmentTokens) Delete(token string) {
-	delete(at, token)
-}
-
-func (svc *ItemService) AttachmentToken(ctx Context, itemId, attachmentId uuid.UUID) (string, error) {
-	_, err := svc.repo.Items.GetOneByGroup(ctx, ctx.GID, itemId)
-	if err != nil {
-		return "", err
-	}
-
-	token := hasher.GenerateToken()
-
-	// Ensure that the file exists
-	attachment, err := svc.repo.Attachments.Get(ctx, attachmentId)
-	if err != nil {
-		return "", err
-	}
-
-	if _, err := os.Stat(attachment.Edges.Document.Path); os.IsNotExist(err) {
-		_ = svc.AttachmentDelete(ctx, ctx.GID, itemId, attachmentId)
-		return "", ErrNotFound
-	}
-
-	svc.at.Add(token.Raw, attachmentId)
-
-	return token.Raw, nil
-}
-
-func (svc *ItemService) AttachmentPath(ctx context.Context, token string) (*ent.Document, error) {
-	attachmentId, ok := svc.at.Get(token)
-	if !ok {
-		return nil, ErrNotFound
-	}
-
+func (svc *ItemService) AttachmentPath(ctx context.Context, attachmentId uuid.UUID) (*ent.Document, error) {
 	attachment, err := svc.repo.Attachments.Get(ctx, attachmentId)
 	if err != nil {
 		return nil, err
@@ -91,7 +35,7 @@ func (svc *ItemService) AttachmentUpdate(ctx Context, itemId uuid.UUID, data *re
 		return repo.ItemOut{}, err
 	}
 
-	return svc.GetOne(ctx, ctx.GID, itemId)
+	return svc.repo.Items.GetOneByGroup(ctx, ctx.GID, itemId)
 }
 
 // AttachmentAdd adds an attachment to an item by creating an entry in the Documents table and linking it to the Attachment
@@ -118,7 +62,7 @@ func (svc *ItemService) AttachmentAdd(ctx Context, itemId uuid.UUID, filename st
 		return repo.ItemOut{}, err
 	}
 
-	return svc.GetOne(ctx, ctx.GID, itemId)
+	return svc.repo.Items.GetOneByGroup(ctx, ctx.GID, itemId)
 }
 
 func (svc *ItemService) AttachmentDelete(ctx context.Context, gid, itemId, attachmentId uuid.UUID) error {

backend/internal/core/services/service_items_attachments_test.go

@@ -7,7 +7,7 @@ import (
 	"strings"
 	"testing"
 
-	"github.com/hay-kot/homebox/backend/internal/repo"
+	"github.com/hay-kot/homebox/backend/internal/data/repo"
 	"github.com/stretchr/testify/assert"
 )
 
@@ -19,7 +19,7 @@ func TestItemService_AddAttachment(t *testing.T) {
 		filepath: temp,
 	}
 
-	loc, err := tSvc.Location.Create(context.Background(), tGroup.ID, repo.LocationCreate{
+	loc, err := tRepos.Locations.Create(context.Background(), tGroup.ID, repo.LocationCreate{
 		Description: "test",
 		Name:        "test",
 	})
@@ -32,7 +32,7 @@ func TestItemService_AddAttachment(t *testing.T) {
 		LocationID:  loc.ID,
 	}
 
-	itm, err := svc.Create(context.Background(), tGroup.ID, itmC)
+	itm, err := svc.repo.Items.Create(context.Background(), tGroup.ID, itmC)
 	assert.NoError(t, err)
 	assert.NotNil(t, itm)
 	t.Cleanup(func() {
@@ -58,5 +58,4 @@ func TestItemService_AddAttachment(t *testing.T) {
 	bts, err := os.ReadFile(storedPath)
 	assert.NoError(t, err)
 	assert.Equal(t, contents, string(bts))
-
 }

backend/internal/core/services/service_user.go

@@ -6,7 +6,8 @@ import (
 	"time"
 
 	"github.com/google/uuid"
-	"github.com/hay-kot/homebox/backend/internal/repo"
+	"github.com/hay-kot/homebox/backend/internal/data/ent/authroles"
+	"github.com/hay-kot/homebox/backend/internal/data/repo"
 	"github.com/hay-kot/homebox/backend/pkgs/hasher"
 	"github.com/rs/zerolog/log"
 )
@@ -30,8 +31,9 @@ type (
 		Password   string `json:"password"`
 	}
 	UserAuthTokenDetail struct {
-		Raw       string    `json:"raw"`
-		ExpiresAt time.Time `json:"expiresAt"`
+		Raw             string    `json:"raw"`
+		AttachmentToken string    `json:"attachmentToken"`
+		ExpiresAt       time.Time `json:"expiresAt"`
 	}
 	LoginForm struct {
 		Username string `json:"username"`
@@ -49,21 +51,25 @@ func (svc *UserService) RegisterUser(ctx context.Context, data UserRegistration)
 		Msg("Registering new user")
 
 	var (
-		err     error
-		group   repo.Group
-		token   repo.GroupInvitation
-		isOwner = false
+		err   error
+		group repo.Group
+		token repo.GroupInvitation
+
+		// creatingGroup is true if the user is creating a new group.
+		creatingGroup = false
 	)
 
 	switch data.GroupToken {
 	case "":
-		isOwner = true
+		log.Debug().Msg("creating new group")
+		creatingGroup = true
 		group, err = svc.repos.Groups.GroupCreate(ctx, "Home")
 		if err != nil {
 			log.Err(err).Msg("Failed to create group")
 			return repo.UserOut{}, err
 		}
 	default:
+		log.Debug().Msg("joining existing group")
 		token, err = svc.repos.Groups.InvitationGet(ctx, hasher.HashToken(data.GroupToken))
 		if err != nil {
 			log.Err(err).Msg("Failed to get invitation token")
@@ -79,7 +85,7 @@ func (svc *UserService) RegisterUser(ctx context.Context, data UserRegistration)
 		Password:    hashed,
 		IsSuperuser: false,
 		GroupID:     group.ID,
-		IsOwner:     isOwner,
+		IsOwner:     creatingGroup,
 	}
 
 	usr, err := svc.repos.Users.Create(ctx, usrCreate)
@@ -87,21 +93,24 @@ func (svc *UserService) RegisterUser(ctx context.Context, data UserRegistration)
 		return repo.UserOut{}, err
 	}
 
-	for _, label := range defaultLabels() {
-		_, err := svc.repos.Labels.Create(ctx, group.ID, label)
-		if err != nil {
-			return repo.UserOut{}, err
+	// Create the default labels and locations for the group.
+	if creatingGroup {
+		for _, label := range defaultLabels() {
+			_, err := svc.repos.Labels.Create(ctx, usr.GroupID, label)
+			if err != nil {
+				return repo.UserOut{}, err
+			}
+		}
+
+		for _, location := range defaultLocations() {
+			_, err := svc.repos.Locations.Create(ctx, usr.GroupID, location)
+			if err != nil {
+				return repo.UserOut{}, err
+			}
 		}
 	}
 
-	for _, location := range defaultLocations() {
-		_, err := svc.repos.Locations.Create(ctx, group.ID, location)
-		if err != nil {
-			return repo.UserOut{}, err
-		}
-	}
-
-	// Decrement the invitation token if it was used
+	// Decrement the invitation token if it was used.
 	if token.ID != uuid.Nil {
 		err = svc.repos.Groups.InvitationUpdate(ctx, token.ID, token.Uses-1)
 		if err != nil {
@@ -131,21 +140,46 @@ func (svc *UserService) UpdateSelf(ctx context.Context, ID uuid.UUID, data repo.
 // ============================================================================
 // User Authentication
 
-func (svc *UserService) createToken(ctx context.Context, userId uuid.UUID) (UserAuthTokenDetail, error) {
-	newToken := hasher.GenerateToken()
+func (svc *UserService) createSessionToken(ctx context.Context, userId uuid.UUID, extendedSession bool) (UserAuthTokenDetail, error) {
+	attachmentToken := hasher.GenerateToken()
 
-	created, err := svc.repos.AuthTokens.CreateToken(ctx, repo.UserAuthTokenCreate{
+	expiresAt := time.Now().Add(oneWeek)
+	if extendedSession {
+		expiresAt = time.Now().Add(oneWeek * 4)
+	}
+
+	attachmentData := repo.UserAuthTokenCreate{
 		UserID:    userId,
-		TokenHash: newToken.Hash,
-		ExpiresAt: time.Now().Add(oneWeek),
-	})
+		TokenHash: attachmentToken.Hash,
+		ExpiresAt: expiresAt,
+	}
 
-	return UserAuthTokenDetail{Raw: newToken.Raw, ExpiresAt: created.ExpiresAt}, err
+	_, err := svc.repos.AuthTokens.CreateToken(ctx, attachmentData, authroles.RoleAttachments)
+	if err != nil {
+		return UserAuthTokenDetail{}, err
+	}
+
+	userToken := hasher.GenerateToken()
+	data := repo.UserAuthTokenCreate{
+		UserID:    userId,
+		TokenHash: userToken.Hash,
+		ExpiresAt: expiresAt,
+	}
+
+	created, err := svc.repos.AuthTokens.CreateToken(ctx, data, authroles.RoleUser)
+	if err != nil {
+		return UserAuthTokenDetail{}, err
+	}
+
+	return UserAuthTokenDetail{
+		Raw:             userToken.Raw,
+		ExpiresAt:       created.ExpiresAt,
+		AttachmentToken: attachmentToken.Raw,
+	}, nil
 }
 
-func (svc *UserService) Login(ctx context.Context, username, password string) (UserAuthTokenDetail, error) {
+func (svc *UserService) Login(ctx context.Context, username, password string, extendedSession bool) (UserAuthTokenDetail, error) {
 	usr, err := svc.repos.Users.GetOneEmail(ctx, username)
-
 	if err != nil {
 		// SECURITY: Perform hash to ensure response times are the same
 		hasher.CheckPasswordHash("not-a-real-password", "not-a-real-password")
@@ -156,7 +190,7 @@ func (svc *UserService) Login(ctx context.Context, username, password string) (U
 		return UserAuthTokenDetail{}, ErrorInvalidLogin
 	}
 
-	return svc.createToken(ctx, usr.ID)
+	return svc.createSessionToken(ctx, usr.ID, extendedSession)
 }
 
 func (svc *UserService) Logout(ctx context.Context, token string) error {
@@ -169,14 +203,11 @@ func (svc *UserService) RenewToken(ctx context.Context, token string) (UserAuthT
 	hash := hasher.HashToken(token)
 
 	dbToken, err := svc.repos.AuthTokens.GetUserFromToken(ctx, hash)
-
 	if err != nil {
 		return UserAuthTokenDetail{}, ErrorInvalidToken
 	}
 
-	newToken, _ := svc.createToken(ctx, dbToken.ID)
-
-	return newToken, nil
+	return svc.createSessionToken(ctx, dbToken.ID, false)
 }
 
 // DeleteSelf deletes the user that is currently logged based of the provided UUID
@@ -186,21 +217,6 @@ func (svc *UserService) DeleteSelf(ctx context.Context, ID uuid.UUID) error {
 	return svc.repos.Users.Delete(ctx, ID)
 }
 
-func (svc *UserService) NewInvitation(ctx Context, uses int, expiresAt time.Time) (string, error) {
-	token := hasher.GenerateToken()
-
-	_, err := svc.repos.Groups.InvitationCreate(ctx, ctx.GID, repo.GroupInvitationCreate{
-		Token:     token.Hash,
-		Uses:      uses,
-		ExpiresAt: expiresAt,
-	})
-	if err != nil {
-		return "", err
-	}
-
-	return token.Raw, nil
-}
-
 func (svc *UserService) ChangePassword(ctx Context, current string, new string) (ok bool) {
 	usr, err := svc.repos.Users.GetOneId(ctx, ctx.UID)
 	if err != nil {

backend/internal/core/services/service_user_defaults.go

@@ -1,7 +1,7 @@
 package services
 
 import (
-	"github.com/hay-kot/homebox/backend/internal/repo"
+	"github.com/hay-kot/homebox/backend/internal/data/repo"
 )
 
 func defaultLocations() []repo.LocationCreate {