implement password reset

Add a Contributing section and the Buy Me A Coffee link since I had to hunt for it.

.devcontainer/devcontainer.json

@@ -35,6 +35,6 @@
 	// Comment out to connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root.
 	"remoteUser": "node",
 	"features": {
-		"golang": "1.19"
+		"golang": "1.21"
 	}
 }

.dockerignore

@@ -22,3 +22,4 @@
 **/secrets.dev.yaml
 **/values.dev.yaml
 README.md
+!Dockerfile.rootless

.github/workflows/partial-backend.yaml

@@ -7,12 +7,12 @@ jobs:
   Go:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
       - name: Set up Go
-        uses: actions/setup-go@v4
+        uses: actions/setup-go@v5
         with:
-          go-version: "1.20"
+          go-version: "1.21"
 
       - name: Install Task
         uses: arduino/setup-task@v1
@@ -20,7 +20,7 @@ jobs:
           repo-token: ${{ secrets.GITHUB_TOKEN }}
 
       - name: golangci-lint
-        uses: golangci/golangci-lint-action@v3
+        uses: golangci/golangci-lint-action@v4
         with:
           # Optional: version of golangci-lint to use in form of v1.2 or v1.2.3 or `latest` to use the latest version
           version: latest

.github/workflows/partial-frontend.yaml

@@ -9,13 +9,17 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
 
-      - uses: pnpm/action-setup@v2.2.4
+      - uses: actions/setup-node@v4
         with:
-          version: 6.0.2
+          node-version: 20
+
+      - uses: pnpm/action-setup@v3.0.0
+        with:
+          version: 9
 
       - name: Install dependencies
         run: pnpm install --shamefully-hoist
@@ -34,7 +38,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
 
@@ -44,20 +48,20 @@ jobs:
           repo-token: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Set up Go
-        uses: actions/setup-go@v4
+        uses: actions/setup-go@v5
         with:
-          go-version: "1.20"
+          go-version: "1.22"
 
-      - uses: actions/setup-node@v3
+      - uses: actions/setup-node@v4
         with:
-          node-version: 18
+          node-version: 20
 
-      - uses: pnpm/action-setup@v2.2.4
+      - uses: pnpm/action-setup@v3.0.0
         with:
-          version: 6.0.2
+          version: 9
 
       - name: Install dependencies
-        run: pnpm install
+        run: pnpm install --shamefully-hoist
         working-directory: frontend
 
       - name: Run Integration Tests

.github/workflows/partial-publish.yaml

@@ -20,22 +20,22 @@ jobs:
     name: "Publish Homebox"
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Set up Go
-        uses: actions/setup-go@v4
+        uses: actions/setup-go@v5
         with:
           go-version: "1.20"
 
       - name: Set up QEMU
         id: qemu
-        uses: docker/setup-qemu-action@v2
+        uses: docker/setup-qemu-action@v3
         with:
           image: tonistiigi/binfmt:latest
           platforms: all
 
       - name: install buildx
         id: buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3
         with:
           install: true
 
@@ -44,7 +44,7 @@ jobs:
         env:
           CR_PAT: ${{ secrets.GH_TOKEN }}
 
-      - name: build nightly the image
+      - name: build nightly image
         if: ${{ inputs.release == false }}
         run: |
           docker build --push --no-cache \
@@ -53,6 +53,16 @@ jobs:
             --build-arg=BUILD_TIME=$(date -u +"%Y-%m-%dT%H:%M:%SZ") \
             --platform=linux/amd64,linux/arm64,linux/arm/v7 .
 
+      - name: build nightly-rootless image
+        if: ${{ inputs.release == false }}
+        run: |
+          docker build --push --no-cache \
+            --tag=ghcr.io/hay-kot/homebox:${{ inputs.tag }}-rootless \
+            --build-arg=COMMIT=$(git rev-parse HEAD) \
+            --build-arg=BUILD_TIME=$(date -u +"%Y-%m-%dT%H:%M:%SZ") \
+            --file Dockerfile.rootless \
+            --platform=linux/amd64,linux/arm64,linux/arm/v7 .
+
       - name: build release tagged the image
         if: ${{ inputs.release == true }}
         run: |
@@ -64,3 +74,16 @@ jobs:
             --build-arg COMMIT=$(git rev-parse HEAD) \
             --build-arg BUILD_TIME=$(date -u +"%Y-%m-%dT%H:%M:%SZ") \
             --platform linux/amd64,linux/arm64,linux/arm/v7 .
+
+      - name: build release tagged the rootless image
+        if: ${{ inputs.release == true }}
+        run: |
+          docker build --push --no-cache \
+            --tag ghcr.io/hay-kot/homebox:nightly-rootless \
+            --tag ghcr.io/hay-kot/homebox:latest-rootless \
+            --tag ghcr.io/hay-kot/homebox:${{ inputs.tag }}-rootless \
+            --build-arg VERSION=${{ inputs.tag }} \
+            --build-arg COMMIT=$(git rev-parse HEAD) \
+            --build-arg BUILD_TIME=$(date -u +"%Y-%m-%dT%H:%M:%SZ") \
+            --platform linux/amd64,linux/arm64,linux/arm/v7  \
+            --file Dockerfile.rootless .

.github/workflows/publish.yaml

@@ -4,9 +4,6 @@ on:
   push:
     branches:
       - main
-  release:
-    types:
-      - published
 
 env:
   FLY_API_TOKEN: ${{ secrets.FLY_API_TOKEN }}
@@ -16,7 +13,7 @@ jobs:
     name: "Deploy Nightly to Fly.io"
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - uses: superfly/flyctl-actions/setup-flyctl@master
       - run: flyctl deploy --remote-only
 
@@ -29,28 +26,4 @@ jobs:
     secrets:
       GH_TOKEN: ${{ secrets.CR_PAT }}
 
-  publish-tag:
-    name: "Publish Tag"
-    if: github.event_name == 'release'
-    uses: hay-kot/homebox/.github/workflows/partial-publish.yaml@main
-    with:
-      release: true
-      tag: ${{ github.event.release.tag_name }}
-    secrets:
-      GH_TOKEN: ${{ secrets.CR_PAT }}
 
-  deploy-docs:
-    name: Deploy docs
-    needs:
-      - publish-tag
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout main
-        uses: actions/checkout@v3
-
-      - name: Deploy docs
-        uses: mhausenblas/mkdocs-deploy-gh-pages@master
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          CONFIG_FILE: docs/mkdocs.yml
-          EXTRA_PACKAGES: build-base

.github/workflows/tag.yaml

@@ -17,17 +17,17 @@ jobs:
     name: "Frontend and End-to-End Tests"
     uses: hay-kot/homebox/.github/workflows/partial-frontend.yaml@main
 
-
   goreleaser:
+    name: goreleaser
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
 
       - name: Set up Go
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@v5
 
       - uses: pnpm/action-setup@v2
         with:
@@ -41,7 +41,7 @@ jobs:
           cp -r ./.output/public ../backend/app/api/static/
 
       - name: Run GoReleaser
-        uses: goreleaser/goreleaser-action@v4
+        uses: goreleaser/goreleaser-action@v5
         with:
           workdir: "backend"
           distribution: goreleaser
@@ -49,3 +49,29 @@ jobs:
           args: release --clean
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+  publish-tag:
+    name: "Publish Tag"
+    uses: hay-kot/homebox/.github/workflows/partial-publish.yaml@main
+    with:
+      release: true
+      tag: ${{ github.ref_name }}
+    secrets:
+      GH_TOKEN: ${{ secrets.CR_PAT }}
+
+  deploy-docs:
+    name: Deploy docs
+    needs:
+      - publish-tag
+      - goreleaser
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout main
+        uses: actions/checkout@v4
+
+      - name: Deploy docs
+        uses: mhausenblas/mkdocs-deploy-gh-pages@master
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          CONFIG_FILE: docs/mkdocs.yml
+          EXTRA_PACKAGES: build-base

.gitignore

@@ -53,4 +53,5 @@ dist/
 
 # Nuxt Publish Dir
 backend/app/api/static/public/*
-!backend/app/api/static/public/.gitkeep
+!backend/app/api/static/public/.gitkeep
+backend/api

.vscode/settings.json

@@ -16,7 +16,7 @@
   "editor.formatOnSave": false,
   "editor.defaultFormatter": "dbaeumer.vscode-eslint",
   "editor.codeActionsOnSave": {
-    "source.fixAll.eslint": true
+    "source.fixAll.eslint": "explicit"
   },
   "[typescript]": {
     "editor.defaultFormatter": "dbaeumer.vscode-eslint"

CONTRIBUTING.md

@@ -1,16 +1,16 @@
 # Contributing
 
-## We Develop with Github
+## We Develop with GitHub
 
-We use github to host code, to track issues and feature requests, as well as accept pull requests.
+We use GitHub to host code, to track issues and feature requests, as well as accept pull requests.
 
 ## Branch Flow
 
-We use the `main` branch as the development branch. All PRs should be made to the `main` branch from a feature branch. To create a pull request you can use the following steps:
+We use the `main` branch as the development branch. All PRs should be made to the `main` branch from a feature branch. To create a pull request, you can use the following steps:
 
 1. Fork the repository and create a new branch from `main`.
 2. If you've added code that should be tested, add tests.
-3. If you've changed API's, update the documentation.
+3. If you've changed APIs, update the documentation.
 4. Ensure that the test suite and linters pass
 5. Issue your pull request
 
@@ -18,7 +18,7 @@ We use the `main` branch as the development branch. All PRs should be made to th
 
 ### Prerequisites
 
-There is a devcontainer available for this project. If you are using VSCode, you can use the devcontainer to get started. If you are not using VSCode, you can need to ensure that you have the following tools installed:
+There is a devcontainer available for this project. If you are using VSCode, you can use the devcontainer to get started. If you are not using VSCode, you need to ensure that you have the following tools installed:
 
 - [Go 1.19+](https://golang.org/doc/install)
 - [Swaggo](https://github.com/swaggo/swag)
@@ -31,27 +31,27 @@ If you're using `taskfile` you can run `task --list-all` for a list of all comma
 
 ### Setup
 
-If you're using the taskfile you can use the `task setup` command to run the required setup commands. Otherwise you can review the commands required in the `Taskfile.yml` file.
+If you're using the taskfile, you can use the `task setup` command to run the required setup commands. Otherwise, you can review the commands required in the `Taskfile.yml` file.
 
-Note that when installing dependencies with pnpm you must use the `--shamefully-hoist` flag. If you don't use this flag you will get an error when running the the frontend server.
+Note that when installing dependencies with pnpm you must use the `--shamefully-hoist` flag. If you don't use this flag, you will get an error when running the frontend server.
 
 ### API Development Notes
 
 start command `task go:run`
 
 1. API Server does not auto reload. You'll need to restart the server after making changes.
-2. Unit tests should be written in Go, however end-to-end or user story tests should be written in TypeScript using the client library in the frontend directory.
+2. Unit tests should be written in Go, however, end-to-end or user story tests should be written in TypeScript using the client library in the frontend directory.
 
 ### Frontend Development Notes
 
 start command `task: ui:dev`
 
 1. The frontend is a Vue 3 app with Nuxt.js that uses Tailwind and DaisyUI for styling.
-2. We're using Vitest for our automated testing. you can run these with `task ui:watch`.
-3. Tests require the API server to be running and in some cases the first run will fail due to a race condition. If this happens just run the tests again and they should pass.
+2. We're using Vitest for our automated testing. You can run these with `task ui:watch`.
+3. Tests require the API server to be running, and in some cases the first run will fail due to a race condition. If this happens, just run the tests again and they should pass.
 
 ## Publishing Release
 
-Create a new tag in github with the version number vX.X.X. This will trigger a new release to be created.
+Create a new tag in GitHub with the version number vX.X.X. This will trigger a new release to be created.
 
 Test -> Goreleaser -> Publish Release -> Trigger Docker Builds -> Deploy Docs + Fly.io Demo

Dockerfile

@@ -1,6 +1,6 @@
 
 # Build Nuxt
-FROM node:17-alpine as frontend-builder
+FROM node:18-alpine as frontend-builder
 WORKDIR  /app
 RUN npm install -g pnpm
 COPY frontend/package.json frontend/pnpm-lock.yaml ./
@@ -32,7 +32,7 @@ FROM alpine:latest
 
 ENV HBOX_MODE=production
 ENV HBOX_STORAGE_DATA=/data/
-ENV HBOX_STORAGE_SQLITE_URL=/data/homebox.db?_fk=1
+ENV HBOX_STORAGE_SQLITE_URL=/data/homebox.db?_pragma=busy_timeout=2000&_pragma=journal_mode=WAL&_fk=1
 
 RUN apk --no-cache add ca-certificates
 RUN mkdir /app

Dockerfile.rootless

@@ -0,0 +1,53 @@
+
+# Build Nuxt
+FROM node:17-alpine as frontend-builder
+WORKDIR  /app
+RUN npm install -g pnpm
+COPY frontend/package.json frontend/pnpm-lock.yaml ./
+RUN pnpm install --frozen-lockfile --shamefully-hoist
+COPY frontend .
+RUN pnpm build
+
+# Build API
+FROM golang:alpine AS builder
+ARG BUILD_TIME
+ARG COMMIT
+ARG VERSION
+RUN apk update && \
+    apk upgrade && \
+    apk add --update git build-base gcc g++
+
+WORKDIR /go/src/app
+COPY ./backend .
+RUN go get -d -v ./...
+RUN rm -rf ./app/api/public
+COPY --from=frontend-builder /app/.output/public ./app/api/static/public
+RUN CGO_ENABLED=0 GOOS=linux go build \
+    -ldflags "-s -w -X main.commit=$COMMIT -X main.buildTime=$BUILD_TIME -X main.version=$VERSION"  \
+    -o /go/bin/api \
+    -v ./app/api/*.go && \
+    chmod +x /go/bin/api && \
+    # create a directory so that we can copy it in the next stage
+    mkdir /data
+
+# Production Stage
+FROM gcr.io/distroless/static
+
+ENV HBOX_MODE=production
+ENV HBOX_STORAGE_DATA=/data/
+ENV HBOX_STORAGE_SQLITE_URL=/data/homebox.db?_fk=1
+
+# Copy the binary and the (empty) /data dir and
+# change the ownership to the low-privileged user
+COPY --from=builder --chown=nonroot /go/bin/api /app
+COPY --from=builder --chown=nonroot /data /data
+
+LABEL Name=homebox Version=0.0.1
+LABEL org.opencontainers.image.source="https://github.com/hay-kot/homebox"
+EXPOSE 7745
+VOLUME [ "/data" ]
+
+# Drop root and run as low-privileged user
+USER nonroot
+ENTRYPOINT [ "/app" ]
+CMD [ "/data/config.yml" ]

README.md

@@ -16,6 +16,10 @@
 [Configuration & Docker Compose](https://hay-kot.github.io/homebox/quick-start)
 
 ```bash
+# If using the rootless image, ensure data 
+# folder has correct permissions
+mkdir -p /path/to/data/folder
+chown 65532:65532 -R /path/to/data/folder
 docker run -d \
   --name homebox \
   --restart unless-stopped \
@@ -23,8 +27,17 @@ docker run -d \
   --env TZ=Europe/Bucharest \
   --volume /path/to/data/folder/:/data \
   ghcr.io/hay-kot/homebox:latest
+# ghcr.io/hay-kot/homebox:latest-rootless
 ```
 
+<!-- CONTRIBUTING -->
+## Contributing
+
+Contributions are what make the open source community such an amazing place to learn, inspire, and create. Any contributions you make are **greatly appreciated**.
+
+If you are not a coder, you can still contribute financially. Financial contributions help me prioritize working on this project over others and helps me know that there is a real demand for project development.
+
+<a href="https://www.buymeacoffee.com/haykot" target="_blank"><img src="https://cdn.buymeacoffee.com/buttons/v2/default-green.png" alt="Buy Me A Coffee" style="height: 30px !important;width: 107px !important;" ></a>
 ## Credits
 
 - Logo by [@lakotelman](https://github.com/lakotelman)

Taskfile.yml

@@ -1,9 +1,15 @@
 version: "3"
 
 env:
+  HBOX_LOG_LEVEL: debug
   HBOX_STORAGE_SQLITE_URL: .data/homebox.db?_pragma=busy_timeout=1000&_pragma=journal_mode=WAL&_fk=1
   HBOX_OPTIONS_ALLOW_REGISTRATION: true
   UNSAFE_DISABLE_PASSWORD_PROJECTION: "yes_i_am_sure"
+  HBOX_MAILER_HOST: 127.0.0.1
+  HBOX_MAILER_PORT: 1025
+  HBOX_MAILER_USERNAME: c836555d57d205
+  HBOX_MAILER_PASSWORD: 3ff2f9986f3cff
+  HBOX_MAILER_FROM: info@example.com
 tasks:
   setup:
     desc: Install development dependencies
@@ -12,15 +18,25 @@ tasks:
       - cd backend && go mod tidy
       - cd frontend && pnpm install --shamefully-hoist
 
-  generate:
-    desc: |
-      Generates collateral files from the backend project
-      including swagger docs and typescripts type for the frontend
-    deps:
-      - db:generate
+  swag:
+    desc: Generate swagger docs
+    dir: backend/app/api/static/
+    vars:
+      API: "../"
+      INTERNAL: "../../../internal"
+      PKGS: "../../../pkgs"
+    cmds:
+      - swag fmt --dir={{ .API }}
+      - swag init --dir={{ .API }},{{ .INTERNAL }}/core/services,{{ .INTERNAL }}/data/repo --parseDependency
+    sources:
+      - "./backend/app/api/**/*"
+      - "./backend/internal/data/**"
+      - "./backend/internal/core/services/**/*"
+      - "./backend/app/tools/typegen/main.go"
+
+  typescript-types:
+    desc: Generates typescript types from swagger definition
     cmds:
-      - cd backend/app/api/static && swag fmt --dir=../
-      - cd backend/app/api/static && swag init --dir=../,../../../internal,../../../pkgs
       - |
         npx swagger-typescript-api \
           --no-client \
@@ -28,12 +44,17 @@ tasks:
           --path ./backend/app/api/static/docs/swagger.json \
           --output ./frontend/lib/api/types
       - go run ./backend/app/tools/typegen/main.go ./frontend/lib/api/types/data-contracts.ts
-      - cp ./backend/app/api/static/docs/swagger.json docs/docs/api/openapi-2.0.json
     sources:
-      - "./backend/app/api/**/*"
-      - "./backend/internal/data/**"
-      - "./backend/internal/core/services/**/*"
-      - "./backend/app/tools/typegen/main.go"
+      - ./backend/app/tools/typegen/main.go
+      - ./backend/app/api/static/docs/swagger.json
+
+  generate:
+    deps:
+      - db:generate
+    cmds:
+      - task: swag
+      - task: typescript-types
+      - cp ./backend/app/api/static/docs/swagger.json docs/docs/api/openapi-2.0.json
 
   go:run:
     desc: Starts the backend api server (depends on generate task)
@@ -63,6 +84,12 @@ tasks:
     cmds:
       - go mod tidy
 
+  go:fmt:
+    desc: Runs go fmt on the backend
+    dir: backend
+    cmds:
+      - gofumpt -w .
+
   go:lint:
     desc: Runs golangci-lint
     dir: backend
@@ -87,8 +114,7 @@ tasks:
     dir: backend/internal/
     cmds:
       - |
-        go generate ./... \
-        --template=./data/ent/schema/templates/has_id.tmpl
+        go generate ./...
     sources:
       - "./backend/internal/data/ent/schema/**/*"
 
@@ -139,4 +165,4 @@ tasks:
       - task: go:all
       - task: ui:check
       - task: ui:fix
-      - task: test:ci
+      - task: test:ci

backend/.golangci.yml

@@ -0,0 +1,77 @@
+run:
+  timeout: 10m
+linters-settings:
+  errcheck:
+    exclude-functions:
+      - (net/http.ResponseWriter).Write
+  goconst:
+    min-len: 5
+    min-occurrences: 5
+  exhaustive:
+    default-signifies-exhaustive: true
+  revive:
+    ignore-generated-header: false
+    severity: warning
+    confidence: 3
+  depguard:
+    rules:
+      main:
+        deny:
+          - pkg: io/util
+            desc: |
+              Deprecated: As of Go 1.16, the same functionality is now provided by
+              package io or package os, and those implementations should be
+              preferred in new code. See the specific function documentation for
+              details.
+  gocritic:
+    enabled-checks:
+      - ruleguard
+  testifylint:
+    enable-all: true
+  tagalign:
+    order:
+      - json
+      - schema
+      - yaml
+      - yml
+      - toml
+      - validate
+linters:
+  disable-all: true
+  enable:
+    - asciicheck
+    - bodyclose
+    - depguard
+    - dogsled
+    - errcheck
+    - errorlint
+    - exhaustive
+    - exportloopref
+    - gochecknoinits
+    - goconst
+    - gocritic
+    - gocyclo
+    - gofmt
+    - goprintffuncname
+    - gosimple
+    - govet
+    - ineffassign
+    - misspell
+    - nakedret
+    - revive
+    - staticcheck
+    - stylecheck
+    - tagalign
+    - testifylint
+    - typecheck
+    - typecheck
+    - unconvert
+    - unused
+    - whitespace
+    - zerologlint
+    - sqlclosecheck
+issues:
+  exclude-use-default: false
+  fix: false
+  exclude-dirs:
+    - internal/data/ent.*

backend/app/api/app.go

@@ -1,23 +1,21 @@
 package main
 
 import (
-	"time"
-
 	"github.com/hay-kot/homebox/backend/internal/core/services"
+	"github.com/hay-kot/homebox/backend/internal/core/services/reporting/eventbus"
 	"github.com/hay-kot/homebox/backend/internal/data/ent"
 	"github.com/hay-kot/homebox/backend/internal/data/repo"
 	"github.com/hay-kot/homebox/backend/internal/sys/config"
 	"github.com/hay-kot/homebox/backend/pkgs/mailer"
-	"github.com/hay-kot/safeserve/server"
 )
 
 type app struct {
 	conf     *config.Config
-	mailer   mailer.Mailer
+	mailer   *mailer.Mailer
 	db       *ent.Client
-	server   *server.Server
 	repos    *repo.AllRepos
 	services *services.AllServices
+	bus      *eventbus.EventBus
 }
 
 func new(conf *config.Config) *app {
@@ -25,7 +23,7 @@ func new(conf *config.Config) *app {
 		conf: conf,
 	}
 
-	s.mailer = mailer.Mailer{
+	s.mailer = &mailer.Mailer{
 		Host:     s.conf.Mailer.Host,
 		Port:     s.conf.Mailer.Port,
 		Username: s.conf.Mailer.Username,
@@ -35,13 +33,3 @@ func new(conf *config.Config) *app {
 
 	return s
 }
-
-func (a *app) startBgTask(t time.Duration, fn func()) {
-	timer := time.NewTimer(t)
-
-	for {
-		timer.Reset(t)
-		a.server.Background(fn)
-		<-timer.C
-	}
-}

backend/app/api/bgrunner.go

@@ -0,0 +1,37 @@
+package main
+
+import (
+	"context"
+	"time"
+)
+
+type BackgroundTask struct {
+	name     string
+	Interval time.Duration
+	Fn       func(context.Context)
+}
+
+func (tsk *BackgroundTask) Name() string {
+	return tsk.name
+}
+
+func NewTask(name string, interval time.Duration, fn func(context.Context)) *BackgroundTask {
+	return &BackgroundTask{
+		Interval: interval,
+		Fn:       fn,
+	}
+}
+
+func (tsk *BackgroundTask) Start(ctx context.Context) error {
+	timer := time.NewTimer(tsk.Interval)
+
+	for {
+		select {
+		case <-ctx.Done():
+			return nil
+		case <-timer.C:
+			timer.Reset(tsk.Interval)
+			tsk.Fn(ctx)
+		}
+	}
+}

backend/app/api/demo.go

@@ -3,6 +3,7 @@ package main
 import (
 	"context"
 	"strings"
+	"time"
 
 	"github.com/hay-kot/homebox/backend/internal/core/services"
 	"github.com/rs/zerolog/log"
@@ -15,9 +16,12 @@ func (a *app) SetupDemo() {
 ,Office,IOT;Home Assistant; Z-Wave,1,Zooz 110v Power Switch,"Zooz Z-Wave Plus Power Switch ZEN15 for 110V AC Units, Sump Pumps, Humidifiers, and More",,,ZEN15,Zooz,,Amazon,39.95,10/13/2021,,,,,,,
 ,Downstairs,IOT;Home Assistant; Z-Wave,1,Ecolink Z-Wave PIR Motion Sensor,"Ecolink Z-Wave PIR Motion Detector Pet Immune, White (PIRZWAVE2.5-ECO)",,,PIRZWAVE2.5-ECO,Ecolink,,Amazon,35.58,10/21/2020,,,,,,,
 ,Entry,IOT;Home Assistant; Z-Wave,1,Yale Security Touchscreen Deadbolt,"Yale Security YRD226-ZW2-619 YRD226ZW2619 Touchscreen Deadbolt, Satin Nickel",,,YRD226ZW2619,Yale,,Amazon,120.39,10/14/2020,,,,,,,
-,Kitchen,IOT;Home Assistant; Z-Wave,1,Smart Rocker Light Dimmer,"UltraPro Z-Wave Smart Rocker Light Dimmer with QuickFit and SimpleWire, 3-Way Ready, Compatible with Alexa, Google Assistant, ZWave Hub Required, Repeater/Range Extender, White Paddle Only, 39351",,,‎39351,Honeywell,,Amazon,65.98,09/30/0202,,,,,,,
+,Kitchen,IOT;Home Assistant; Z-Wave,1,Smart Rocker Light Dimmer,"UltraPro Z-Wave Smart Rocker Light Dimmer with QuickFit and SimpleWire, 3-Way Ready, Compatible with Alexa, Google Assistant, ZWave Hub Required, Repeater/Range Extender, White Paddle Only, 39351",,,39351,Honeywell,,Amazon,65.98,09/30/0202,,,,,,,
 `
 
+	ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
+	defer cancel()
+
 	registration := services.UserRegistration{
 		Email:    "demo@example.com",
 		Name:     "Demo",
@@ -25,21 +29,32 @@ func (a *app) SetupDemo() {
 	}
 
 	// First check if we've already setup a demo user and skip if so
-	_, err := a.services.User.Login(context.Background(), registration.Email, registration.Password, false)
+	log.Debug().Msg("Checking if demo user already exists")
+	_, err := a.services.User.Login(ctx, registration.Email, registration.Password, false)
 	if err == nil {
+		log.Info().Msg("Demo user already exists, skipping setup")
 		return
 	}
 
-	_, err = a.services.User.RegisterUser(context.Background(), registration)
+	log.Debug().Msg("Demo user does not exist, setting up demo")
+	_, err = a.services.User.RegisterUser(ctx, registration)
 	if err != nil {
 		log.Err(err).Msg("Failed to register demo user")
+		log.Fatal().Msg("Failed to setup demo") // nolint
+	}
+
+	token, err := a.services.User.Login(ctx, registration.Email, registration.Password, false)
+	if err != nil {
+		log.Err(err).Msg("Failed to login demo user")
+		log.Fatal().Msg("Failed to setup demo")
+	}
+	self, err := a.services.User.GetSelf(ctx, token.Raw)
+	if err != nil {
+		log.Err(err).Msg("Failed to get self")
 		log.Fatal().Msg("Failed to setup demo")
 	}
 
-	token, _ := a.services.User.Login(context.Background(), registration.Email, registration.Password, false)
-	self, _ := a.services.User.GetSelf(context.Background(), token.Raw)
-
-	_, err = a.services.Items.CsvImport(context.Background(), self.GroupID, strings.NewReader(csvText))
+	_, err = a.services.Items.CsvImport(ctx, self.GroupID, strings.NewReader(csvText))
 	if err != nil {
 		log.Err(err).Msg("Failed to import CSV")
 		log.Fatal().Msg("Failed to setup demo")

backend/app/api/handlers/debughandlers/debug.go

@@ -1,3 +1,4 @@
+// Package debughandlers provides handlers for debugging.
 package debughandlers
 
 import (

backend/app/api/handlers/v1/controller.go

@@ -1,12 +1,20 @@
+// Package v1 provides the API handlers for version 1 of the API.
 package v1
 
 import (
+	"encoding/json"
 	"net/http"
+	"time"
 
+	"github.com/google/uuid"
 	"github.com/hay-kot/homebox/backend/internal/core/services"
+	"github.com/hay-kot/homebox/backend/internal/core/services/reporting/eventbus"
 	"github.com/hay-kot/homebox/backend/internal/data/repo"
-	"github.com/hay-kot/safeserve/errchain"
-	"github.com/hay-kot/safeserve/server"
+	"github.com/hay-kot/httpkit/errchain"
+	"github.com/hay-kot/httpkit/server"
+	"github.com/rs/zerolog/log"
+
+	"github.com/olahol/melody"
 )
 
 type Results[T any] struct {
@@ -43,12 +51,20 @@ func WithRegistration(allowRegistration bool) func(*V1Controller) {
 	}
 }
 
+func WithSecureCookies(secure bool) func(*V1Controller) {
+	return func(ctrl *V1Controller) {
+		ctrl.cookieSecure = secure
+	}
+}
+
 type V1Controller struct {
+	cookieSecure      bool
 	repo              *repo.AllRepos
 	svc               *services.AllServices
 	maxUploadSize     int64
 	isDemo            bool
 	allowRegistration bool
+	bus               *eventbus.EventBus
 }
 
 type (
@@ -60,7 +76,7 @@ type (
 		BuildTime string `json:"buildTime"`
 	}
 
-	ApiSummary struct {
+	APISummary struct {
 		Healthy           bool     `json:"health"`
 		Versions          []string `json:"versions"`
 		Title             string   `json:"title"`
@@ -71,17 +87,18 @@ type (
 	}
 )
 
-func BaseUrlFunc(prefix string) func(s string) string {
+func BaseURLFunc(prefix string) func(s string) string {
 	return func(s string) string {
 		return prefix + "/v1" + s
 	}
 }
 
-func NewControllerV1(svc *services.AllServices, repos *repo.AllRepos, options ...func(*V1Controller)) *V1Controller {
+func NewControllerV1(svc *services.AllServices, repos *repo.AllRepos, bus *eventbus.EventBus, options ...func(*V1Controller)) *V1Controller {
 	ctrl := &V1Controller{
 		repo:              repos,
 		svc:               svc,
 		allowRegistration: true,
+		bus:               bus,
 	}
 
 	for _, opt := range options {
@@ -96,11 +113,11 @@ func NewControllerV1(svc *services.AllServices, repos *repo.AllRepos, options ..
 //	@Summary Application Info
 //	@Tags    Base
 //	@Produce json
-//	@Success 200 {object} ApiSummary
+//	@Success 200 {object} APISummary
 //	@Router  /v1/status [GET]
 func (ctrl *V1Controller) HandleBase(ready ReadyFunc, build Build) errchain.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) error {
-		return server.JSON(w, http.StatusOK, ApiSummary{
+		return server.JSON(w, http.StatusOK, APISummary{
 			Healthy:           ready(),
 			Title:             "Homebox",
 			Message:           "Track, Manage, and Organize your Things",
@@ -110,3 +127,87 @@ func (ctrl *V1Controller) HandleBase(ready ReadyFunc, build Build) errchain.Hand
 		})
 	}
 }
+
+// HandleCurrency godoc
+//
+// @Summary Currency
+// @Tags    Base
+// @Produce json
+// @Success 200 {object} currencies.Currency
+// @Router  /v1/currency [GET]
+func (ctrl *V1Controller) HandleCurrency() errchain.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) error {
+		// Set Cache for 10 Minutes
+		w.Header().Set("Cache-Control", "max-age=600")
+
+		return server.JSON(w, http.StatusOK, ctrl.svc.Currencies.Slice())
+	}
+}
+
+func (ctrl *V1Controller) HandleCacheWS() errchain.HandlerFunc {
+	type eventMsg struct {
+		Event string `json:"event"`
+	}
+
+	m := melody.New()
+
+	m.HandleConnect(func(s *melody.Session) {
+		auth := services.NewContext(s.Request.Context())
+		s.Set("gid", auth.GroupID)
+	})
+
+	factory := func(e string) func(data any) {
+		return func(data any) {
+			eventData, ok := data.(eventbus.GroupMutationEvent)
+			if !ok {
+				log.Log().Msgf("invalid event data: %v", data)
+				return
+			}
+
+			msg := &eventMsg{Event: e}
+
+			jsonBytes, err := json.Marshal(msg)
+			if err != nil {
+				log.Log().Msgf("error marshling event data %v: %v", data, err)
+				return
+			}
+
+			_ = m.BroadcastFilter(jsonBytes, func(s *melody.Session) bool {
+				groupIDStr, ok := s.Get("gid")
+				if !ok {
+					return false
+				}
+
+				GID := groupIDStr.(uuid.UUID)
+				return GID == eventData.GID
+			})
+		}
+	}
+
+	ctrl.bus.Subscribe(eventbus.EventLabelMutation, factory("label.mutation"))
+	ctrl.bus.Subscribe(eventbus.EventLocationMutation, factory("location.mutation"))
+	ctrl.bus.Subscribe(eventbus.EventItemMutation, factory("item.mutation"))
+
+	// Persistent asynchronous ticker that keeps all websocket connections alive with periodic pings.
+	go func() {
+		const interval = 10 * time.Second
+
+		ping := time.NewTicker(interval)
+		defer ping.Stop()
+
+		for range ping.C {
+			msg := &eventMsg{Event: "ping"}
+
+			pingBytes, err := json.Marshal(msg)
+			if err != nil {
+				log.Log().Msgf("error marshaling ping: %v", err)
+			} else {
+				_ = m.Broadcast(pingBytes)
+			}
+		}
+	}()
+
+	return func(w http.ResponseWriter, r *http.Request) error {
+		return m.HandleRequest(w, r)
+	}
+}

backend/app/api/handlers/v1/v1_ctrl_actions.go

@@ -7,8 +7,8 @@ import (
 	"github.com/google/uuid"
 	"github.com/hay-kot/homebox/backend/internal/core/services"
 	"github.com/hay-kot/homebox/backend/internal/sys/validate"
-	"github.com/hay-kot/safeserve/errchain"
-	"github.com/hay-kot/safeserve/server"
+	"github.com/hay-kot/httpkit/errchain"
+	"github.com/hay-kot/httpkit/server"
 	"github.com/rs/zerolog/log"
 )
 
@@ -20,7 +20,7 @@ func actionHandlerFactory(ref string, fn func(context.Context, uuid.UUID) (int,
 	return func(w http.ResponseWriter, r *http.Request) error {
 		ctx := services.NewContext(r.Context())
 
-		totalCompleted, err := fn(ctx, ctx.GID)
+		totalCompleted, err := fn(ctx, ctx.GroupID)
 		if err != nil {
 			log.Err(err).Str("action_ref", ref).Msg("failed to run action")
 			return validate.NewRequestError(err, http.StatusInternalServerError)
@@ -68,3 +68,16 @@ func (ctrl *V1Controller) HandleEnsureImportRefs() errchain.HandlerFunc {
 func (ctrl *V1Controller) HandleItemDateZeroOut() errchain.HandlerFunc {
 	return actionHandlerFactory("zero out date time", ctrl.repo.Items.ZeroOutTimeFields)
 }
+
+// HandleSetPrimaryPhotos godoc
+//
+//	@Summary     Set Primary Photos
+//	@Description Sets the first photo of each item as the primary photo
+//	@Tags        Actions
+//	@Produce     json
+//	@Success     200     {object} ActionAmountResult
+//	@Router      /v1/actions/set-primary-photos [Post]
+//	@Security    Bearer
+func (ctrl *V1Controller) HandleSetPrimaryPhotos() errchain.HandlerFunc {
+	return actionHandlerFactory("ensure asset IDs", ctrl.repo.Items.SetPrimaryPhotos)
+}

backend/app/api/handlers/v1/v1_ctrl_assets.go

@@ -9,8 +9,8 @@ import (
 	"github.com/hay-kot/homebox/backend/internal/core/services"
 	"github.com/hay-kot/homebox/backend/internal/data/repo"
 	"github.com/hay-kot/homebox/backend/internal/sys/validate"
-	"github.com/hay-kot/safeserve/errchain"
-	"github.com/hay-kot/safeserve/server"
+	"github.com/hay-kot/httpkit/errchain"
+	"github.com/hay-kot/httpkit/server"
 
 	"github.com/rs/zerolog/log"
 )
@@ -27,10 +27,10 @@ import (
 func (ctrl *V1Controller) HandleAssetGet() errchain.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) error {
 		ctx := services.NewContext(r.Context())
-		assetIdParam := chi.URLParam(r, "id")
-		assetIdParam = strings.ReplaceAll(assetIdParam, "-", "") // Remove dashes
+		assetIDParam := chi.URLParam(r, "id")
+		assetIDParam = strings.ReplaceAll(assetIDParam, "-", "") // Remove dashes
 		// Convert the asset ID to an int64
-		assetId, err := strconv.ParseInt(assetIdParam, 10, 64)
+		assetID, err := strconv.ParseInt(assetIDParam, 10, 64)
 		if err != nil {
 			return err
 		}
@@ -52,7 +52,7 @@ func (ctrl *V1Controller) HandleAssetGet() errchain.HandlerFunc {
 			}
 		}
 
-		items, err := ctrl.repo.Items.QueryByAssetID(r.Context(), ctx.GID, repo.AssetID(assetId), int(page), int(pageSize))
+		items, err := ctrl.repo.Items.QueryByAssetID(r.Context(), ctx.GroupID, repo.AssetID(assetID), int(page), int(pageSize))
 		if err != nil {
 			log.Err(err).Msg("failed to get item")
 			return validate.NewRequestError(err, http.StatusInternalServerError)

backend/app/api/handlers/v1/v1_ctrl_auth.go

@@ -3,16 +3,23 @@ package v1
 import (
 	"errors"
 	"net/http"
+	"strconv"
 	"strings"
 	"time"
 
 	"github.com/hay-kot/homebox/backend/internal/core/services"
 	"github.com/hay-kot/homebox/backend/internal/sys/validate"
-	"github.com/hay-kot/safeserve/errchain"
-	"github.com/hay-kot/safeserve/server"
+	"github.com/hay-kot/httpkit/errchain"
+	"github.com/hay-kot/httpkit/server"
 	"github.com/rs/zerolog/log"
 )
 
+const (
+	cookieNameToken    = "hb.auth.token"
+	cookieNameRemember = "hb.auth.remember"
+	cookieNameSession  = "hb.auth.session"
+)
+
 type (
 	TokenResponse struct {
 		Token           string    `json:"token"`
@@ -27,6 +34,49 @@ type (
 	}
 )
 
+type CookieContents struct {
+	Token     string
+	ExpiresAt time.Time
+	Remember  bool
+}
+
+func GetCookies(r *http.Request) (*CookieContents, error) {
+	cookie, err := r.Cookie(cookieNameToken)
+	if err != nil {
+		return nil, errors.New("authorization cookie is required")
+	}
+
+	rememberCookie, err := r.Cookie(cookieNameRemember)
+	if err != nil {
+		return nil, errors.New("remember cookie is required")
+	}
+
+	return &CookieContents{
+		Token:     cookie.Value,
+		ExpiresAt: cookie.Expires,
+		Remember:  rememberCookie.Value == "true",
+	}, nil
+}
+
+// AuthProvider is an interface that can be implemented by any authentication provider.
+// to extend authentication methods for the API.
+type AuthProvider interface {
+	// Name returns the name of the authentication provider. This should be a unique name.
+	// that is URL friendly.
+	//
+	// Example: "local", "ldap"
+	Name() string
+	// Authenticate is called when a user attempts to login to the API. The implementation
+	// should return an error if the user cannot be authenticated. If an error is returned
+	// the API controller will return a vague error message to the user.
+	//
+	// Authenticate should do the following:
+	//
+	// 1. Ensure that the user exists within the database (either create, or get)
+	// 2. On successful authentication, they must set the user cookies.
+	Authenticate(w http.ResponseWriter, r *http.Request) (services.UserAuthTokenDetail, error)
+}
+
 // HandleAuthLogin godoc
 //
 //	@Summary User Login
@@ -35,52 +85,42 @@ type (
 //	@Accept  application/json
 //	@Param   username formData string false "string" example(admin@admin.com)
 //	@Param   password formData string false "string" example(admin)
-//	@Param    payload body     LoginForm true "Login Data"
+//	@Param   payload body     LoginForm true "Login Data"
+//	@Param   provider    query    string   false "auth provider"
 //	@Produce json
 //	@Success 200 {object} TokenResponse
 //	@Router  /v1/users/login [POST]
-func (ctrl *V1Controller) HandleAuthLogin() errchain.HandlerFunc {
+func (ctrl *V1Controller) HandleAuthLogin(ps ...AuthProvider) errchain.HandlerFunc {
+	if len(ps) == 0 {
+		panic("no auth providers provided")
+	}
+
+	providers := make(map[string]AuthProvider)
+	for _, p := range ps {
+		log.Info().Str("name", p.Name()).Msg("registering auth provider")
+		providers[p.Name()] = p
+	}
+
 	return func(w http.ResponseWriter, r *http.Request) error {
-		loginForm := &LoginForm{}
-
-		switch r.Header.Get("Content-Type") {
-		case "application/x-www-form-urlencoded":
-			err := r.ParseForm()
-			if err != nil {
-				return errors.New("failed to parse form")
-			}
-
-			loginForm.Username = r.PostFormValue("username")
-			loginForm.Password = r.PostFormValue("password")
-			loginForm.StayLoggedIn = r.PostFormValue("stayLoggedIn") == "true"
-		case "application/json":
-			err := server.Decode(r, loginForm)
-			if err != nil {
-				log.Err(err).Msg("failed to decode login form")
-				return errors.New("failed to decode login form")
-			}
-		default:
-			return server.JSON(w, http.StatusBadRequest, errors.New("invalid content type"))
+		// Extract provider query
+		provider := r.URL.Query().Get("provider")
+		if provider == "" {
+			provider = "local"
 		}
 
-		if loginForm.Username == "" || loginForm.Password == "" {
-			return validate.NewFieldErrors(
-				validate.FieldError{
-					Field: "username",
-					Error: "username or password is empty",
-				},
-				validate.FieldError{
-					Field: "password",
-					Error: "username or password is empty",
-				},
-			)
+		// Get the provider
+		p, ok := providers[provider]
+		if !ok {
+			return validate.NewRequestError(errors.New("invalid auth provider"), http.StatusBadRequest)
 		}
 
-		newToken, err := ctrl.svc.User.Login(r.Context(), strings.ToLower(loginForm.Username), loginForm.Password, loginForm.StayLoggedIn)
+		newToken, err := p.Authenticate(w, r)
 		if err != nil {
-			return validate.NewRequestError(errors.New("authentication failed"), http.StatusInternalServerError)
+			log.Err(err).Msg("failed to authenticate")
+			return server.JSON(w, http.StatusInternalServerError, err.Error())
 		}
 
+		ctrl.setCookies(w, noPort(r.Host), newToken.Raw, newToken.ExpiresAt, true)
 		return server.JSON(w, http.StatusOK, TokenResponse{
 			Token:           "Bearer " + newToken.Raw,
 			ExpiresAt:       newToken.ExpiresAt,
@@ -108,11 +148,12 @@ func (ctrl *V1Controller) HandleAuthLogout() errchain.HandlerFunc {
 			return validate.NewRequestError(err, http.StatusInternalServerError)
 		}
 
+		ctrl.unsetCookies(w, noPort(r.Host))
 		return server.JSON(w, http.StatusNoContent, nil)
 	}
 }
 
-// HandleAuthLogout godoc
+// HandleAuthRefresh godoc
 //
 //	@Summary     User Token Refresh
 //	@Description handleAuthRefresh returns a handler that will issue a new token from an existing token.
@@ -133,6 +174,78 @@ func (ctrl *V1Controller) HandleAuthRefresh() errchain.HandlerFunc {
 			return validate.NewUnauthorizedError()
 		}
 
+		ctrl.setCookies(w, noPort(r.Host), newToken.Raw, newToken.ExpiresAt, false)
 		return server.JSON(w, http.StatusOK, newToken)
 	}
 }
+
+func noPort(host string) string {
+	return strings.Split(host, ":")[0]
+}
+
+func (ctrl *V1Controller) setCookies(w http.ResponseWriter, domain, token string, expires time.Time, remember bool) {
+	http.SetCookie(w, &http.Cookie{
+		Name:     cookieNameRemember,
+		Value:    strconv.FormatBool(remember),
+		Expires:  expires,
+		Domain:   domain,
+		Secure:   ctrl.cookieSecure,
+		HttpOnly: true,
+		Path:     "/",
+	})
+
+	// Set HTTP only cookie
+	http.SetCookie(w, &http.Cookie{
+		Name:     cookieNameToken,
+		Value:    token,
+		Expires:  expires,
+		Domain:   domain,
+		Secure:   ctrl.cookieSecure,
+		HttpOnly: true,
+		Path:     "/",
+	})
+
+	// Set Fake Session cookie
+	http.SetCookie(w, &http.Cookie{
+		Name:     cookieNameSession,
+		Value:    "true",
+		Expires:  expires,
+		Domain:   domain,
+		Secure:   ctrl.cookieSecure,
+		HttpOnly: false,
+		Path:     "/",
+	})
+}
+
+func (ctrl *V1Controller) unsetCookies(w http.ResponseWriter, domain string) {
+	http.SetCookie(w, &http.Cookie{
+		Name:     cookieNameToken,
+		Value:    "",
+		Expires:  time.Unix(0, 0),
+		Domain:   domain,
+		Secure:   ctrl.cookieSecure,
+		HttpOnly: true,
+		Path:     "/",
+	})
+
+	http.SetCookie(w, &http.Cookie{
+		Name:     cookieNameRemember,
+		Value:    "false",
+		Expires:  time.Unix(0, 0),
+		Domain:   domain,
+		Secure:   ctrl.cookieSecure,
+		HttpOnly: true,
+		Path:     "/",
+	})
+
+	// Set Fake Session cookie
+	http.SetCookie(w, &http.Cookie{
+		Name:     cookieNameSession,
+		Value:    "false",
+		Expires:  time.Unix(0, 0),
+		Domain:   domain,
+		Secure:   ctrl.cookieSecure,
+		HttpOnly: false,
+		Path:     "/",
+	})
+}

backend/app/api/handlers/v1/v1_ctrl_group.go

@@ -6,13 +6,14 @@ import (
 
 	"github.com/hay-kot/homebox/backend/internal/core/services"
 	"github.com/hay-kot/homebox/backend/internal/data/repo"
+	"github.com/hay-kot/homebox/backend/internal/sys/validate"
 	"github.com/hay-kot/homebox/backend/internal/web/adapters"
-	"github.com/hay-kot/safeserve/errchain"
+	"github.com/hay-kot/httpkit/errchain"
 )
 
 type (
 	GroupInvitationCreate struct {
-		Uses      int       `json:"uses" validate:"required,min=1,max=100"`
+		Uses      int       `json:"uses"      validate:"required,min=1,max=100"`
 		ExpiresAt time.Time `json:"expiresAt"`
 	}
 
@@ -34,7 +35,7 @@ type (
 func (ctrl *V1Controller) HandleGroupGet() errchain.HandlerFunc {
 	fn := func(r *http.Request) (repo.Group, error) {
 		auth := services.NewContext(r.Context())
-		return ctrl.repo.Groups.GroupByID(auth, auth.GID)
+		return ctrl.repo.Groups.GroupByID(auth, auth.GroupID)
 	}
 
 	return adapters.Command(fn, http.StatusOK)
@@ -52,6 +53,14 @@ func (ctrl *V1Controller) HandleGroupGet() errchain.HandlerFunc {
 func (ctrl *V1Controller) HandleGroupUpdate() errchain.HandlerFunc {
 	fn := func(r *http.Request, body repo.GroupUpdate) (repo.Group, error) {
 		auth := services.NewContext(r.Context())
+
+		ok := ctrl.svc.Currencies.IsSupported(body.Currency)
+		if !ok {
+			return repo.Group{}, validate.NewFieldErrors(
+				validate.NewFieldError("currency", "currency '"+body.Currency+"' is not supported"),
+			)
+		}
+
 		return ctrl.svc.Group.UpdateGroup(auth, body)
 	}
 

backend/app/api/handlers/v1/v1_ctrl_items.go

@@ -12,8 +12,8 @@ import (
 	"github.com/hay-kot/homebox/backend/internal/data/repo"
 	"github.com/hay-kot/homebox/backend/internal/sys/validate"
 	"github.com/hay-kot/homebox/backend/internal/web/adapters"
-	"github.com/hay-kot/safeserve/errchain"
-	"github.com/hay-kot/safeserve/server"
+	"github.com/hay-kot/httpkit/errchain"
+	"github.com/hay-kot/httpkit/server"
 	"github.com/rs/zerolog/log"
 )
 
@@ -27,6 +27,7 @@ import (
 //	@Param    pageSize  query    int      false "items per page"
 //	@Param    labels    query    []string false "label Ids"    collectionFormat(multi)
 //	@Param    locations query    []string false "location Ids" collectionFormat(multi)
+//	@Param    parentIds query    []string false "parent Ids"   collectionFormat(multi)
 //	@Success  200       {object} repo.PaginationResult[repo.ItemSummary]{}
 //	@Router   /v1/items [GET]
 //	@Security Bearer
@@ -56,8 +57,10 @@ func (ctrl *V1Controller) HandleItemsGetAll() errchain.HandlerFunc {
 			Search:          params.Get("q"),
 			LocationIDs:     queryUUIDList(params, "locations"),
 			LabelIDs:        queryUUIDList(params, "labels"),
+			ParentItemIDs:   queryUUIDList(params, "parentIds"),
 			IncludeArchived: queryBool(params.Get("includeArchived")),
 			Fields:          filterFieldItems(params["fields"]),
+			OrderBy:         params.Get("orderBy"),
 		}
 
 		if strings.HasPrefix(v.Search, "#") {
@@ -76,7 +79,7 @@ func (ctrl *V1Controller) HandleItemsGetAll() errchain.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) error {
 		ctx := services.NewContext(r.Context())
 
-		items, err := ctrl.repo.Items.QueryByGroup(ctx, ctx.GID, extractQuery(r))
+		items, err := ctrl.repo.Items.QueryByGroup(ctx, ctx.GroupID, extractQuery(r))
 		if err != nil {
 			if errors.Is(err, sql.ErrNoRows) {
 				return server.JSON(w, http.StatusOK, repo.PaginationResult[repo.ItemSummary]{
@@ -90,6 +93,48 @@ func (ctrl *V1Controller) HandleItemsGetAll() errchain.HandlerFunc {
 	}
 }
 
+// HandleItemFullPath godoc
+//
+// @Summary Get the full path of an item
+// @Tags Items
+// @Produce json
+// @Param id path string true "Item ID"
+// @Success 200 {object} []repo.ItemPath
+// @Router /v1/items/{id}/path [GET]
+// @Security Bearer
+func (ctrl *V1Controller) HandleItemFullPath() errchain.HandlerFunc {
+	fn := func(r *http.Request, ID uuid.UUID) ([]repo.ItemPath, error) {
+		auth := services.NewContext(r.Context())
+		item, err := ctrl.repo.Items.GetOneByGroup(auth, auth.GroupID, ID)
+		if err != nil {
+			return nil, err
+		}
+
+		paths, err := ctrl.repo.Locations.PathForLoc(auth, auth.GroupID, item.Location.ID)
+		if err != nil {
+			return nil, err
+		}
+
+		if item.Parent != nil {
+			paths = append(paths, repo.ItemPath{
+				Type: repo.ItemTypeItem,
+				ID:   item.Parent.ID,
+				Name: item.Parent.Name,
+			})
+		}
+
+		paths = append(paths, repo.ItemPath{
+			Type: repo.ItemTypeItem,
+			ID:   item.ID,
+			Name: item.Name,
+		})
+
+		return paths, nil
+	}
+
+	return adapters.CommandID("id", fn, http.StatusOK)
+}
+
 // HandleItemsCreate godoc
 //
 //	@Summary  Create Item
@@ -120,7 +165,7 @@ func (ctrl *V1Controller) HandleItemGet() errchain.HandlerFunc {
 	fn := func(r *http.Request, ID uuid.UUID) (repo.ItemOut, error) {
 		auth := services.NewContext(r.Context())
 
-		return ctrl.repo.Items.GetOneByGroup(auth, auth.GID, ID)
+		return ctrl.repo.Items.GetOneByGroup(auth, auth.GroupID, ID)
 	}
 
 	return adapters.CommandID("id", fn, http.StatusOK)
@@ -138,7 +183,7 @@ func (ctrl *V1Controller) HandleItemGet() errchain.HandlerFunc {
 func (ctrl *V1Controller) HandleItemDelete() errchain.HandlerFunc {
 	fn := func(r *http.Request, ID uuid.UUID) (any, error) {
 		auth := services.NewContext(r.Context())
-		err := ctrl.repo.Items.DeleteByGroup(auth, auth.GID, ID)
+		err := ctrl.repo.Items.DeleteByGroup(auth, auth.GroupID, ID)
 		return nil, err
 	}
 
@@ -160,7 +205,33 @@ func (ctrl *V1Controller) HandleItemUpdate() errchain.HandlerFunc {
 		auth := services.NewContext(r.Context())
 
 		body.ID = ID
-		return ctrl.repo.Items.UpdateByGroup(auth, auth.GID, body)
+		return ctrl.repo.Items.UpdateByGroup(auth, auth.GroupID, body)
+	}
+
+	return adapters.ActionID("id", fn, http.StatusOK)
+}
+
+// HandleItemPatch godocs
+//
+//	@Summary  Update Item
+//	@Tags     Items
+//	@Produce  json
+//	@Param    id      path     string          true "Item ID"
+//	@Param    payload body     repo.ItemPatch true "Item Data"
+//	@Success  200     {object} repo.ItemOut
+//	@Router   /v1/items/{id} [Patch]
+//	@Security Bearer
+func (ctrl *V1Controller) HandleItemPatch() errchain.HandlerFunc {
+	fn := func(r *http.Request, ID uuid.UUID, body repo.ItemPatch) (repo.ItemOut, error) {
+		auth := services.NewContext(r.Context())
+
+		body.ID = ID
+		err := ctrl.repo.Items.Patch(auth, auth.GroupID, ID, body)
+		if err != nil {
+			return repo.ItemOut{}, err
+		}
+
+		return ctrl.repo.Items.GetOneByGroup(auth, auth.GroupID, ID)
 	}
 
 	return adapters.ActionID("id", fn, http.StatusOK)
@@ -178,7 +249,7 @@ func (ctrl *V1Controller) HandleItemUpdate() errchain.HandlerFunc {
 func (ctrl *V1Controller) HandleGetAllCustomFieldNames() errchain.HandlerFunc {
 	fn := func(r *http.Request) ([]string, error) {
 		auth := services.NewContext(r.Context())
-		return ctrl.repo.Items.GetAllCustomFieldNames(auth, auth.GID)
+		return ctrl.repo.Items.GetAllCustomFieldNames(auth, auth.GroupID)
 	}
 
 	return adapters.Command(fn, http.StatusOK)
@@ -200,11 +271,10 @@ func (ctrl *V1Controller) HandleGetAllCustomFieldValues() errchain.HandlerFunc {
 
 	fn := func(r *http.Request, q query) ([]string, error) {
 		auth := services.NewContext(r.Context())
-		return ctrl.repo.Items.GetAllCustomFieldValues(auth, auth.GID, q.Field)
+		return ctrl.repo.Items.GetAllCustomFieldValues(auth, auth.GroupID, q.Field)
 	}
 
-	return adapters.Action(fn, http.StatusOK)
-
+	return adapters.Query(fn, http.StatusOK)
 }
 
 // HandleItemsImport godocs
@@ -253,7 +323,7 @@ func (ctrl *V1Controller) HandleItemsExport() errchain.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) error {
 		ctx := services.NewContext(r.Context())
 
-		csvData, err := ctrl.svc.Items.ExportTSV(r.Context(), ctx.GID)
+		csvData, err := ctrl.svc.Items.ExportTSV(r.Context(), ctx.GroupID)
 		if err != nil {
 			log.Err(err).Msg("failed to export items")
 			return validate.NewRequestError(err, http.StatusInternalServerError)

backend/app/api/handlers/v1/v1_ctrl_items_attachments.go

@@ -3,13 +3,15 @@ package v1
 import (
 	"errors"
 	"net/http"
+	"path/filepath"
+	"strings"
 
 	"github.com/hay-kot/homebox/backend/internal/core/services"
 	"github.com/hay-kot/homebox/backend/internal/data/ent/attachment"
 	"github.com/hay-kot/homebox/backend/internal/data/repo"
 	"github.com/hay-kot/homebox/backend/internal/sys/validate"
-	"github.com/hay-kot/safeserve/errchain"
-	"github.com/hay-kot/safeserve/server"
+	"github.com/hay-kot/httpkit/errchain"
+	"github.com/hay-kot/httpkit/server"
 	"github.com/rs/zerolog/log"
 )
 
@@ -29,7 +31,7 @@ type (
 //	@Param    type formData string true "Type of file"
 //	@Param    name formData string true "name of the file including extension"
 //	@Success  200  {object} repo.ItemOut
-//	@Failure  422  {object} mid.ErrorResponse
+//	@Failure  422  {object} validate.ErrorResponse
 //	@Router   /v1/items/{id}/attachments [POST]
 //	@Security Bearer
 func (ctrl *V1Controller) HandleItemAttachmentCreate() errchain.HandlerFunc {
@@ -38,7 +40,6 @@ func (ctrl *V1Controller) HandleItemAttachmentCreate() errchain.HandlerFunc {
 		if err != nil {
 			log.Err(err).Msg("failed to parse multipart form")
 			return validate.NewRequestError(errors.New("failed to parse multipart form"), http.StatusBadRequest)
-
 		}
 
 		errs := validate.NewFieldErrors()
@@ -67,7 +68,15 @@ func (ctrl *V1Controller) HandleItemAttachmentCreate() errchain.HandlerFunc {
 
 		attachmentType := r.FormValue("type")
 		if attachmentType == "" {
-			attachmentType = attachment.TypeAttachment.String()
+			// Attempt to auto-detect the type of the file
+			ext := filepath.Ext(attachmentName)
+
+			switch strings.ToLower(ext) {
+			case ".jpg", ".jpeg", ".png", ".webp", ".gif", ".bmp", ".tiff":
+				attachmentType = attachment.TypePhoto.String()
+			default:
+				attachmentType = attachment.TypeAttachment.String()
+			}
 		}
 
 		id, err := ctrl.routeID(r)
@@ -159,7 +168,7 @@ func (ctrl *V1Controller) handleItemAttachmentsHandler(w http.ResponseWriter, r
 
 	// Delete Attachment Handler
 	case http.MethodDelete:
-		err = ctrl.svc.Items.AttachmentDelete(r.Context(), ctx.GID, ID, attachmentID)
+		err = ctrl.svc.Items.AttachmentDelete(r.Context(), ctx.GroupID, ID, attachmentID)
 		if err != nil {
 			log.Err(err).Msg("failed to delete attachment")
 			return validate.NewRequestError(err, http.StatusInternalServerError)

backend/app/api/handlers/v1/v1_ctrl_labels.go

@@ -7,7 +7,7 @@ import (
 	"github.com/hay-kot/homebox/backend/internal/core/services"
 	"github.com/hay-kot/homebox/backend/internal/data/repo"
 	"github.com/hay-kot/homebox/backend/internal/web/adapters"
-	"github.com/hay-kot/safeserve/errchain"
+	"github.com/hay-kot/httpkit/errchain"
 )
 
 // HandleLabelsGetAll godoc
@@ -21,7 +21,7 @@ import (
 func (ctrl *V1Controller) HandleLabelsGetAll() errchain.HandlerFunc {
 	fn := func(r *http.Request) ([]repo.LabelSummary, error) {
 		auth := services.NewContext(r.Context())
-		return ctrl.repo.Labels.GetAll(auth, auth.GID)
+		return ctrl.repo.Labels.GetAll(auth, auth.GroupID)
 	}
 
 	return adapters.Command(fn, http.StatusOK)
@@ -39,7 +39,7 @@ func (ctrl *V1Controller) HandleLabelsGetAll() errchain.HandlerFunc {
 func (ctrl *V1Controller) HandleLabelsCreate() errchain.HandlerFunc {
 	fn := func(r *http.Request, data repo.LabelCreate) (repo.LabelOut, error) {
 		auth := services.NewContext(r.Context())
-		return ctrl.repo.Labels.Create(auth, auth.GID, data)
+		return ctrl.repo.Labels.Create(auth, auth.GroupID, data)
 	}
 
 	return adapters.Action(fn, http.StatusCreated)
@@ -57,7 +57,7 @@ func (ctrl *V1Controller) HandleLabelsCreate() errchain.HandlerFunc {
 func (ctrl *V1Controller) HandleLabelDelete() errchain.HandlerFunc {
 	fn := func(r *http.Request, ID uuid.UUID) (any, error) {
 		auth := services.NewContext(r.Context())
-		err := ctrl.repo.Labels.DeleteByGroup(auth, auth.GID, ID)
+		err := ctrl.repo.Labels.DeleteByGroup(auth, auth.GroupID, ID)
 		return nil, err
 	}
 
@@ -76,7 +76,7 @@ func (ctrl *V1Controller) HandleLabelDelete() errchain.HandlerFunc {
 func (ctrl *V1Controller) HandleLabelGet() errchain.HandlerFunc {
 	fn := func(r *http.Request, ID uuid.UUID) (repo.LabelOut, error) {
 		auth := services.NewContext(r.Context())
-		return ctrl.repo.Labels.GetOneByGroup(auth, auth.GID, ID)
+		return ctrl.repo.Labels.GetOneByGroup(auth, auth.GroupID, ID)
 	}
 
 	return adapters.CommandID("id", fn, http.StatusOK)
@@ -95,7 +95,7 @@ func (ctrl *V1Controller) HandleLabelUpdate() errchain.HandlerFunc {
 	fn := func(r *http.Request, ID uuid.UUID, data repo.LabelUpdate) (repo.LabelOut, error) {
 		auth := services.NewContext(r.Context())
 		data.ID = ID
-		return ctrl.repo.Labels.UpdateByGroup(auth, auth.GID, data)
+		return ctrl.repo.Labels.UpdateByGroup(auth, auth.GroupID, data)
 	}
 
 	return adapters.ActionID("id", fn, http.StatusOK)

backend/app/api/handlers/v1/v1_ctrl_locations.go

@@ -7,10 +7,10 @@ import (
 	"github.com/hay-kot/homebox/backend/internal/core/services"
 	"github.com/hay-kot/homebox/backend/internal/data/repo"
 	"github.com/hay-kot/homebox/backend/internal/web/adapters"
-	"github.com/hay-kot/safeserve/errchain"
+	"github.com/hay-kot/httpkit/errchain"
 )
 
-// HandleLocationTreeQuery
+// HandleLocationTreeQuery godoc
 //
 //	@Summary  Get Locations Tree
 //	@Tags     Locations
@@ -22,13 +22,13 @@ import (
 func (ctrl *V1Controller) HandleLocationTreeQuery() errchain.HandlerFunc {
 	fn := func(r *http.Request, query repo.TreeQuery) ([]repo.TreeItem, error) {
 		auth := services.NewContext(r.Context())
-		return ctrl.repo.Locations.Tree(auth, auth.GID, query)
+		return ctrl.repo.Locations.Tree(auth, auth.GroupID, query)
 	}
 
 	return adapters.Query(fn, http.StatusOK)
 }
 
-// HandleLocationGetAll
+// HandleLocationGetAll godoc
 //
 //	@Summary  Get All Locations
 //	@Tags     Locations
@@ -40,13 +40,13 @@ func (ctrl *V1Controller) HandleLocationTreeQuery() errchain.HandlerFunc {
 func (ctrl *V1Controller) HandleLocationGetAll() errchain.HandlerFunc {
 	fn := func(r *http.Request, q repo.LocationQuery) ([]repo.LocationOutCount, error) {
 		auth := services.NewContext(r.Context())
-		return ctrl.repo.Locations.GetAll(auth, auth.GID, q)
+		return ctrl.repo.Locations.GetAll(auth, auth.GroupID, q)
 	}
 
 	return adapters.Query(fn, http.StatusOK)
 }
 
-// HandleLocationCreate
+// HandleLocationCreate godoc
 //
 //	@Summary  Create Location
 //	@Tags     Locations
@@ -58,13 +58,13 @@ func (ctrl *V1Controller) HandleLocationGetAll() errchain.HandlerFunc {
 func (ctrl *V1Controller) HandleLocationCreate() errchain.HandlerFunc {
 	fn := func(r *http.Request, createData repo.LocationCreate) (repo.LocationOut, error) {
 		auth := services.NewContext(r.Context())
-		return ctrl.repo.Locations.Create(auth, auth.GID, createData)
+		return ctrl.repo.Locations.Create(auth, auth.GroupID, createData)
 	}
 
 	return adapters.Action(fn, http.StatusCreated)
 }
 
-// HandleLocationDelete
+// HandleLocationDelete godoc
 //
 //	@Summary  Delete Location
 //	@Tags     Locations
@@ -76,14 +76,14 @@ func (ctrl *V1Controller) HandleLocationCreate() errchain.HandlerFunc {
 func (ctrl *V1Controller) HandleLocationDelete() errchain.HandlerFunc {
 	fn := func(r *http.Request, ID uuid.UUID) (any, error) {
 		auth := services.NewContext(r.Context())
-		err := ctrl.repo.Locations.DeleteByGroup(auth, auth.GID, ID)
+		err := ctrl.repo.Locations.DeleteByGroup(auth, auth.GroupID, ID)
 		return nil, err
 	}
 
 	return adapters.CommandID("id", fn, http.StatusNoContent)
 }
 
-// HandleLocationGet
+// HandleLocationGet godoc
 //
 //	@Summary  Get Location
 //	@Tags     Locations
@@ -95,13 +95,13 @@ func (ctrl *V1Controller) HandleLocationDelete() errchain.HandlerFunc {
 func (ctrl *V1Controller) HandleLocationGet() errchain.HandlerFunc {
 	fn := func(r *http.Request, ID uuid.UUID) (repo.LocationOut, error) {
 		auth := services.NewContext(r.Context())
-		return ctrl.repo.Locations.GetOneByGroup(auth, auth.GID, ID)
+		return ctrl.repo.Locations.GetOneByGroup(auth, auth.GroupID, ID)
 	}
 
 	return adapters.CommandID("id", fn, http.StatusOK)
 }
 
-// HandleLocationUpdate
+// HandleLocationUpdate godoc
 //
 //	@Summary  Update Location
 //	@Tags     Locations
@@ -115,7 +115,7 @@ func (ctrl *V1Controller) HandleLocationUpdate() errchain.HandlerFunc {
 	fn := func(r *http.Request, ID uuid.UUID, body repo.LocationUpdate) (repo.LocationOut, error) {
 		auth := services.NewContext(r.Context())
 		body.ID = ID
-		return ctrl.repo.Locations.UpdateByGroup(auth, auth.GID, ID, body)
+		return ctrl.repo.Locations.UpdateByGroup(auth, auth.GroupID, ID, body)
 	}
 
 	return adapters.ActionID("id", fn, http.StatusOK)

backend/app/api/handlers/v1/v1_ctrl_maint_entry.go

@@ -7,10 +7,10 @@ import (
 	"github.com/hay-kot/homebox/backend/internal/core/services"
 	"github.com/hay-kot/homebox/backend/internal/data/repo"
 	"github.com/hay-kot/homebox/backend/internal/web/adapters"
-	"github.com/hay-kot/safeserve/errchain"
+	"github.com/hay-kot/httpkit/errchain"
 )
 
-// HandleMaintenanceGetLog godoc
+// HandleMaintenanceLogGet godoc
 //
 //	@Summary  Get Maintenance Log
 //	@Tags     Maintenance
@@ -21,7 +21,7 @@ import (
 func (ctrl *V1Controller) HandleMaintenanceLogGet() errchain.HandlerFunc {
 	fn := func(r *http.Request, ID uuid.UUID, q repo.MaintenanceLogQuery) (repo.MaintenanceLog, error) {
 		auth := services.NewContext(r.Context())
-		return ctrl.repo.MaintEntry.GetLog(auth, auth.GID, ID, q)
+		return ctrl.repo.MaintEntry.GetLog(auth, auth.GroupID, ID, q)
 	}
 
 	return adapters.QueryID("id", fn, http.StatusOK)

backend/app/api/handlers/v1/v1_ctrl_notifiers.go

@@ -8,7 +8,7 @@ import (
 	"github.com/hay-kot/homebox/backend/internal/core/services"
 	"github.com/hay-kot/homebox/backend/internal/data/repo"
 	"github.com/hay-kot/homebox/backend/internal/web/adapters"
-	"github.com/hay-kot/safeserve/errchain"
+	"github.com/hay-kot/httpkit/errchain"
 )
 
 // HandleGetUserNotifiers godoc
@@ -40,7 +40,7 @@ func (ctrl *V1Controller) HandleGetUserNotifiers() errchain.HandlerFunc {
 func (ctrl *V1Controller) HandleCreateNotifier() errchain.HandlerFunc {
 	fn := func(r *http.Request, in repo.NotifierCreate) (repo.NotifierOut, error) {
 		auth := services.NewContext(r.Context())
-		return ctrl.repo.Notifiers.Create(auth, auth.GID, auth.UID, in)
+		return ctrl.repo.Notifiers.Create(auth, auth.GroupID, auth.UserID, in)
 	}
 
 	return adapters.Action(fn, http.StatusCreated)
@@ -57,7 +57,7 @@ func (ctrl *V1Controller) HandleCreateNotifier() errchain.HandlerFunc {
 func (ctrl *V1Controller) HandleDeleteNotifier() errchain.HandlerFunc {
 	fn := func(r *http.Request, ID uuid.UUID) (any, error) {
 		auth := services.NewContext(r.Context())
-		return nil, ctrl.repo.Notifiers.Delete(auth, auth.UID, ID)
+		return nil, ctrl.repo.Notifiers.Delete(auth, auth.UserID, ID)
 	}
 
 	return adapters.CommandID("id", fn, http.StatusNoContent)
@@ -75,7 +75,7 @@ func (ctrl *V1Controller) HandleDeleteNotifier() errchain.HandlerFunc {
 func (ctrl *V1Controller) HandleUpdateNotifier() errchain.HandlerFunc {
 	fn := func(r *http.Request, ID uuid.UUID, in repo.NotifierUpdate) (repo.NotifierOut, error) {
 		auth := services.NewContext(r.Context())
-		return ctrl.repo.Notifiers.Update(auth, auth.UID, ID, in)
+		return ctrl.repo.Notifiers.Update(auth, auth.UserID, ID, in)
 	}
 
 	return adapters.ActionID("id", fn, http.StatusOK)

backend/app/api/handlers/v1/v1_ctrl_qrcode.go

@@ -5,9 +5,10 @@ import (
 	"image/png"
 	"io"
 	"net/http"
+	"net/url"
 
 	"github.com/hay-kot/homebox/backend/internal/web/adapters"
-	"github.com/hay-kot/safeserve/errchain"
+	"github.com/hay-kot/httpkit/errchain"
 	"github.com/yeqown/go-qrcode/v2"
 	"github.com/yeqown/go-qrcode/writer/standard"
 
@@ -43,7 +44,12 @@ func (ctrl *V1Controller) HandleGenerateQRCode() errchain.HandlerFunc {
 			panic(err)
 		}
 
-		qrc, err := qrcode.New(q.Data)
+		decodedStr, err := url.QueryUnescape(q.Data)
+		if err != nil {
+			return err
+		}
+
+		qrc, err := qrcode.New(decodedStr)
 		if err != nil {
 			return err
 		}

backend/app/api/handlers/v1/v1_ctrl_reporting.go

@@ -4,7 +4,7 @@ import (
 	"net/http"
 
 	"github.com/hay-kot/homebox/backend/internal/core/services"
-	"github.com/hay-kot/safeserve/errchain"
+	"github.com/hay-kot/httpkit/errchain"
 )
 
 // HandleBillOfMaterialsExport godoc

backend/app/api/handlers/v1/v1_ctrl_statistics.go

@@ -8,11 +8,11 @@ import (
 	"github.com/hay-kot/homebox/backend/internal/data/repo"
 	"github.com/hay-kot/homebox/backend/internal/sys/validate"
 	"github.com/hay-kot/homebox/backend/internal/web/adapters"
-	"github.com/hay-kot/safeserve/errchain"
-	"github.com/hay-kot/safeserve/server"
+	"github.com/hay-kot/httpkit/errchain"
+	"github.com/hay-kot/httpkit/server"
 )
 
-// HandleGroupGet godoc
+// HandleGroupStatisticsLocations godoc
 //
 //	@Summary  Get Location Statistics
 //	@Tags     Statistics
@@ -23,7 +23,7 @@ import (
 func (ctrl *V1Controller) HandleGroupStatisticsLocations() errchain.HandlerFunc {
 	fn := func(r *http.Request) ([]repo.TotalsByOrganizer, error) {
 		auth := services.NewContext(r.Context())
-		return ctrl.repo.Groups.StatsLocationsByPurchasePrice(auth, auth.GID)
+		return ctrl.repo.Groups.StatsLocationsByPurchasePrice(auth, auth.GroupID)
 	}
 
 	return adapters.Command(fn, http.StatusOK)
@@ -40,7 +40,7 @@ func (ctrl *V1Controller) HandleGroupStatisticsLocations() errchain.HandlerFunc
 func (ctrl *V1Controller) HandleGroupStatisticsLabels() errchain.HandlerFunc {
 	fn := func(r *http.Request) ([]repo.TotalsByOrganizer, error) {
 		auth := services.NewContext(r.Context())
-		return ctrl.repo.Groups.StatsLabelsByPurchasePrice(auth, auth.GID)
+		return ctrl.repo.Groups.StatsLabelsByPurchasePrice(auth, auth.GroupID)
 	}
 
 	return adapters.Command(fn, http.StatusOK)
@@ -57,7 +57,7 @@ func (ctrl *V1Controller) HandleGroupStatisticsLabels() errchain.HandlerFunc {
 func (ctrl *V1Controller) HandleGroupStatistics() errchain.HandlerFunc {
 	fn := func(r *http.Request) (repo.GroupStatistics, error) {
 		auth := services.NewContext(r.Context())
-		return ctrl.repo.Groups.StatsGroup(auth, auth.GID)
+		return ctrl.repo.Groups.StatsGroup(auth, auth.GroupID)
 	}
 
 	return adapters.Command(fn, http.StatusOK)
@@ -94,7 +94,7 @@ func (ctrl *V1Controller) HandleGroupStatisticsPriceOverTime() errchain.HandlerF
 			return validate.NewRequestError(err, http.StatusBadRequest)
 		}
 
-		stats, err := ctrl.repo.Groups.StatsPurchasePrice(ctx, ctx.GID, startDate, endDate)
+		stats, err := ctrl.repo.Groups.StatsPurchasePrice(ctx, ctx.GroupID, startDate, endDate)
 		if err != nil {
 			return validate.NewRequestError(err, http.StatusInternalServerError)
 		}

backend/app/api/handlers/v1/v1_ctrl_user.go

@@ -1,6 +1,7 @@
 package v1
 
 import (
+	"context"
 	"fmt"
 	"net/http"
 
@@ -8,8 +9,9 @@ import (
 	"github.com/hay-kot/homebox/backend/internal/core/services"
 	"github.com/hay-kot/homebox/backend/internal/data/repo"
 	"github.com/hay-kot/homebox/backend/internal/sys/validate"
-	"github.com/hay-kot/safeserve/errchain"
-	"github.com/hay-kot/safeserve/server"
+	"github.com/hay-kot/homebox/backend/internal/web/adapters"
+	"github.com/hay-kot/httpkit/errchain"
+	"github.com/hay-kot/httpkit/server"
 	"github.com/rs/zerolog/log"
 )
 
@@ -115,12 +117,10 @@ func (ctrl *V1Controller) HandleUserSelfDelete() errchain.HandlerFunc {
 	}
 }
 
-type (
-	ChangePassword struct {
-		Current string `json:"current,omitempty"`
-		New     string `json:"new,omitempty"`
-	}
-)
+type ChangePassword struct {
+	Current string `json:"current,omitempty"`
+	New     string `json:"new,omitempty"`
+}
 
 // HandleUserSelfChangePassword godoc
 //
@@ -144,7 +144,7 @@ func (ctrl *V1Controller) HandleUserSelfChangePassword() errchain.HandlerFunc {
 
 		ctx := services.NewContext(r.Context())
 
-		ok := ctrl.svc.User.ChangePassword(ctx, cp.Current, cp.New)
+		ok := ctrl.svc.User.PasswordChange(ctx, cp.Current, cp.New)
 		if !ok {
 			return validate.NewRequestError(err, http.StatusInternalServerError)
 		}
@@ -152,3 +152,73 @@ func (ctrl *V1Controller) HandleUserSelfChangePassword() errchain.HandlerFunc {
 		return server.JSON(w, http.StatusNoContent, nil)
 	}
 }
+
+// HandleUserSelfChangePasswordWithToken godoc
+//
+//	@Summary  Change Password
+//	@Tags     User
+//	@Success  204
+//	@Param    payload body ChangePassword true "Password Payload"
+//	@Router   /v1/users/change-password-token [PUT]
+func (ctrl *V1Controller) HandleUserSelfChangePasswordWithToken() errchain.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) error {
+		tokenQueryParam := r.URL.Query().Get("token")
+		if tokenQueryParam == "" {
+			return validate.NewRequestError(fmt.Errorf("missing token query param"), http.StatusBadRequest)
+		}
+
+		if ctrl.isDemo {
+			return validate.NewRequestError(nil, http.StatusForbidden)
+		}
+
+		var cp ChangePassword
+		err := server.Decode(r, &cp)
+		if err != nil {
+			log.Err(err).Msg("user failed to change password")
+		}
+
+		ctx := services.NewContext(r.Context())
+
+		ok := ctrl.svc.User.PasswordChange(ctx, cp.Current, cp.New)
+		if !ok {
+			return validate.NewRequestError(err, http.StatusInternalServerError)
+		}
+
+		return server.JSON(w, http.StatusNoContent, nil)
+	}
+}
+
+// HandleUserRequestPasswordReset godoc
+//
+// @Summary Request Password Reset
+// @Tags    User
+// @Produce json
+// @Param   payload body services.PasswordResetRequest true "User Data"
+// @Success 204
+// @Router  /v1/users/request-password-reset [Post]
+func (ctrl *V1Controller) HandleUserRequestPasswordReset() errchain.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) error {
+		if ctrl.isDemo {
+			return validate.NewRequestError(nil, http.StatusForbidden)
+		}
+
+		v, err := adapters.DecodeBody[services.PasswordResetRequest](r)
+		if err != nil {
+			return err
+		}
+
+		go func() {
+			ctx := context.Background()
+
+			err = ctrl.svc.User.PasswordResetRequest(ctx, v)
+			if err != nil {
+				log.Warn().
+					Err(err).
+					Str("email", v.Email).
+					Msg("failed to request password reset")
+			}
+		}()
+
+		return server.JSON(w, http.StatusNoContent, nil)
+	}
+}

backend/app/api/logger.go

@@ -2,7 +2,6 @@ package main
 
 import (
 	"os"
-	"strings"
 
 	"github.com/hay-kot/homebox/backend/internal/sys/config"
 	"github.com/rs/zerolog"
@@ -18,24 +17,8 @@ func (a *app) setupLogger() {
 		log.Logger = log.Output(zerolog.ConsoleWriter{Out: os.Stderr}).With().Caller().Logger()
 	}
 
-	log.Level(getLevel(a.conf.Log.Level))
-}
-
-func getLevel(l string) zerolog.Level {
-	switch strings.ToLower(l) {
-	case "debug":
-		return zerolog.DebugLevel
-	case "info":
-		return zerolog.InfoLevel
-	case "warn":
-		return zerolog.WarnLevel
-	case "error":
-		return zerolog.ErrorLevel
-	case "fatal":
-		return zerolog.FatalLevel
-	case "panic":
-		return zerolog.PanicLevel
-	default:
-		return zerolog.InfoLevel
+	level, err := zerolog.ParseLevel(a.conf.Log.Level)
+	if err == nil {
+		zerolog.SetGlobalLevel(level)
 	}
 }

backend/app/api/main.go

@@ -1,6 +1,7 @@
 package main
 
 import (
+	"bytes"
 	"context"
 	"fmt"
 	"net/http"
@@ -13,15 +14,16 @@ import (
 	"github.com/go-chi/chi/v5"
 	"github.com/go-chi/chi/v5/middleware"
 
-	"github.com/hay-kot/homebox/backend/app/api/static/docs"
+	"github.com/hay-kot/homebox/backend/internal/core/currencies"
 	"github.com/hay-kot/homebox/backend/internal/core/services"
+	"github.com/hay-kot/homebox/backend/internal/core/services/reporting/eventbus"
 	"github.com/hay-kot/homebox/backend/internal/data/ent"
 	"github.com/hay-kot/homebox/backend/internal/data/migrations"
 	"github.com/hay-kot/homebox/backend/internal/data/repo"
 	"github.com/hay-kot/homebox/backend/internal/sys/config"
 	"github.com/hay-kot/homebox/backend/internal/web/mid"
-	"github.com/hay-kot/safeserve/errchain"
-	"github.com/hay-kot/safeserve/server"
+	"github.com/hay-kot/httpkit/errchain"
+	"github.com/hay-kot/httpkit/graceful"
 	"github.com/rs/zerolog"
 	"github.com/rs/zerolog/log"
 	"github.com/rs/zerolog/pkgerrors"
@@ -35,11 +37,19 @@ var (
 	buildTime = "now"
 )
 
+func build() string {
+	short := commit
+	if len(short) > 7 {
+		short = short[:7]
+	}
+
+	return fmt.Sprintf("%s, commit %s, built at %s", version, short, buildTime)
+}
+
 // @title                      Homebox API
 // @version                    1.0
 // @description                Track, Manage, and Organize your Things.
 // @contact.name               Don't
-// @license.name               MIT
 // @BasePath                   /api
 // @securityDefinitions.apikey Bearer
 // @in                         header
@@ -48,13 +58,11 @@ var (
 func main() {
 	zerolog.ErrorStackMarshaler = pkgerrors.MarshalStack
 
-	cfg, err := config.New()
+	cfg, err := config.New(build(), "Homebox inventory management system")
 	if err != nil {
 		panic(err)
 	}
 
-	docs.SwaggerInfo.Host = cfg.Swagger.Host
-
 	if err := run(cfg); err != nil {
 		panic(err)
 	}
@@ -72,12 +80,12 @@ func run(cfg *config.Config) error {
 		log.Fatal().Err(err).Msg("failed to create data directory")
 	}
 
-	c, err := ent.Open("sqlite3", cfg.Storage.SqliteUrl)
+	c, err := ent.Open("sqlite3", cfg.Storage.SqliteURL)
 	if err != nil {
 		log.Fatal().
 			Err(err).
 			Str("driver", "sqlite").
-			Str("url", cfg.Storage.SqliteUrl).
+			Str("url", cfg.Storage.SqliteURL).
 			Msg("failed opening connection to sqlite")
 	}
 	defer func(c *ent.Client) {
@@ -107,11 +115,11 @@ func run(cfg *config.Config) error {
 
 	err = c.Schema.Create(context.Background(), options...)
 	if err != nil {
-		log.Fatal().
-			Err(err).
-			Str("driver", "sqlite").
-			Str("url", cfg.Storage.SqliteUrl).
-			Msg("failed creating schema resources")
+		log.Fatal(). // nolint
+				Err(err).
+				Str("driver", "sqlite").
+				Str("url", cfg.Storage.SqliteURL).
+				Msg("failed creating schema resources")
 	}
 
 	err = os.RemoveAll(temp)
@@ -120,11 +128,42 @@ func run(cfg *config.Config) error {
 		return err
 	}
 
+	collectFuncs := []currencies.CollectorFunc{
+		currencies.CollectDefaults(),
+	}
+
+	if cfg.Options.CurrencyConfig != "" {
+		log.Info().
+			Str("path", cfg.Options.CurrencyConfig).
+			Msg("loading currency config file")
+
+		content, err := os.ReadFile(cfg.Options.CurrencyConfig)
+		if err != nil {
+			log.Fatal().
+				Err(err).
+				Str("path", cfg.Options.CurrencyConfig).
+				Msg("failed to read currency config file")
+		}
+
+		collectFuncs = append(collectFuncs, currencies.CollectJSON(bytes.NewReader(content)))
+	}
+
+	currencies, err := currencies.CollectionCurrencies(collectFuncs...)
+	if err != nil {
+		log.Fatal().
+			Err(err).
+			Msg("failed to collect currencies")
+	}
+
+	app.bus = eventbus.New()
 	app.db = c
-	app.repos = repo.New(c, cfg.Storage.Data)
+	app.repos = repo.New(c, app.bus, cfg.Storage.Data)
 	app.services = services.New(
 		app.repos,
+		app.conf.BaseURL,
+		app.mailer,
 		services.WithAutoIncrementAssetID(cfg.Options.AutoIncrementAssetID),
+		services.WithCurrencies(currencies),
 	)
 
 	// =========================================================================
@@ -141,36 +180,63 @@ func run(cfg *config.Config) error {
 		middleware.StripSlashes,
 	)
 
-	chain := errchain.New(mid.Errors(app.server, logger))
+	chain := errchain.New(mid.Errors(logger))
 
-	app.mountRoutes(router, chain, app.repos)
+	app.mountRoutes(router, chain)
 
-	app.server = server.NewServer(
-		server.WithHost(app.conf.Web.Host),
-		server.WithPort(app.conf.Web.Port),
-	)
-	log.Info().Msgf("Starting HTTP Server on %s:%s", app.server.Host, app.server.Port)
+	runner := graceful.NewRunner()
+
+	runner.AddFunc("server", func(ctx context.Context) error {
+		httpserver := http.Server{
+			Addr:         fmt.Sprintf("%s:%s", cfg.Web.Host, cfg.Web.Port),
+			Handler:      router,
+			ReadTimeout:  cfg.Web.ReadTimeout,
+			WriteTimeout: cfg.Web.WriteTimeout,
+			IdleTimeout:  cfg.Web.IdleTimeout,
+		}
+
+		go func() {
+			<-ctx.Done()
+			_ = httpserver.Shutdown(context.Background())
+		}()
+
+		log.Info().Msgf("Server is running on %s:%s", cfg.Web.Host, cfg.Web.Port)
+		return httpserver.ListenAndServe()
+	})
 
 	// =========================================================================
 	// Start Reoccurring Tasks
 
-	go app.startBgTask(time.Duration(24)*time.Hour, func() {
-		_, err := app.repos.AuthTokens.PurgeExpiredTokens(context.Background())
+	runner.AddFunc("eventbus", app.bus.Run)
+
+	runner.AddFunc("seed_database", func(ctx context.Context) error {
+		// TODO: Remove through external API that does setup
+		if cfg.Demo {
+			log.Info().Msg("Running in demo mode, creating demo data")
+			app.SetupDemo()
+		}
+		return nil
+	})
+
+	runner.AddPlugin(NewTask("purge-tokens", time.Duration(24)*time.Hour, func(ctx context.Context) {
+		_, err := app.repos.AuthTokens.PurgeExpiredTokens(ctx)
 		if err != nil {
 			log.Error().
 				Err(err).
 				Msg("failed to purge expired tokens")
 		}
-	})
-	go app.startBgTask(time.Duration(24)*time.Hour, func() {
-		_, err := app.repos.Groups.InvitationPurge(context.Background())
+	}))
+
+	runner.AddPlugin(NewTask("purge-invitations", time.Duration(24)*time.Hour, func(ctx context.Context) {
+		_, err := app.repos.Groups.InvitationPurge(ctx)
 		if err != nil {
 			log.Error().
 				Err(err).
 				Msg("failed to purge expired invitations")
 		}
-	})
-	go app.startBgTask(time.Duration(1)*time.Hour, func() {
+	}))
+
+	runner.AddPlugin(NewTask("send-notifications", time.Duration(1)*time.Hour, func(ctx context.Context) {
 		now := time.Now()
 
 		if now.Hour() == 8 {
@@ -182,22 +248,27 @@ func run(cfg *config.Config) error {
 					Msg("failed to send notifiers")
 			}
 		}
-	})
-
-	// TODO: Remove through external API that does setup
-	if cfg.Demo {
-		log.Info().Msg("Running in demo mode, creating demo data")
-		app.SetupDemo()
-	}
+	}))
 
 	if cfg.Debug.Enabled {
-		debugrouter := app.debugRouter()
-		go func() {
-			if err := http.ListenAndServe(":"+cfg.Debug.Port, debugrouter); err != nil {
-				log.Fatal().Err(err).Msg("failed to start debug server")
+		runner.AddFunc("debug", func(ctx context.Context) error {
+			debugserver := http.Server{
+				Addr:         fmt.Sprintf("%s:%s", cfg.Web.Host, cfg.Debug.Port),
+				Handler:      app.debugRouter(),
+				ReadTimeout:  cfg.Web.ReadTimeout,
+				WriteTimeout: cfg.Web.WriteTimeout,
+				IdleTimeout:  cfg.Web.IdleTimeout,
 			}
-		}()
+
+			go func() {
+				<-ctx.Done()
+				_ = debugserver.Shutdown(context.Background())
+			}()
+
+			log.Info().Msgf("Debug server is running on %s:%s", cfg.Web.Host, cfg.Debug.Port)
+			return debugserver.ListenAndServe()
+		})
 	}
 
-	return app.server.Start(router)
+	return runner.Start(context.Background())
 }

backend/app/api/middleware.go

@@ -7,9 +7,11 @@ import (
 	"net/url"
 	"strings"
 
+	v1 "github.com/hay-kot/homebox/backend/app/api/handlers/v1"
 	"github.com/hay-kot/homebox/backend/internal/core/services"
+	"github.com/hay-kot/homebox/backend/internal/data/ent"
 	"github.com/hay-kot/homebox/backend/internal/sys/validate"
-	"github.com/hay-kot/safeserve/errchain"
+	"github.com/hay-kot/httpkit/errchain"
 )
 
 type tokenHasKey struct {
@@ -94,20 +96,6 @@ func getQuery(r *http.Request) (string, error) {
 	return token, nil
 }
 
-func getCookie(r *http.Request) (string, error) {
-	cookie, err := r.Cookie("hb.auth.token")
-	if err != nil {
-		return "", errors.New("access_token cookie is required")
-	}
-
-	token, err := url.QueryUnescape(cookie.Value)
-	if err != nil {
-		return "", errors.New("access_token cookie is required")
-	}
-
-	return token, nil
-}
-
 // mwAuthToken is a middleware that will check the database for a stateful token
 // and attach it's user to the request context, or return an appropriate error.
 // Authorization support is by token via Headers or Query Parameter
@@ -115,26 +103,35 @@ func getCookie(r *http.Request) (string, error) {
 // Example:
 //   - header = "Bearer 1234567890"
 //   - query = "?access_token=1234567890"
-//   - cookie = hb.auth.token = 1234567890
 func (a *app) mwAuthToken(next errchain.Handler) errchain.Handler {
 	return errchain.HandlerFunc(func(w http.ResponseWriter, r *http.Request) error {
-		keyFuncs := [...]KeyFunc{
-			getBearer,
-			getCookie,
-			getQuery,
-		}
-
 		var requestToken string
-		for _, keyFunc := range keyFuncs {
-			token, err := keyFunc(r)
-			if err == nil {
-				requestToken = token
-				break
+
+		// We ignore the error to allow the next strategy to be attempted
+		{
+			cookies, _ := v1.GetCookies(r)
+			if cookies != nil {
+				requestToken = cookies.Token
 			}
 		}
 
 		if requestToken == "" {
-			return validate.NewRequestError(errors.New("Authorization header or query is required"), http.StatusUnauthorized)
+			keyFuncs := [...]KeyFunc{
+				getBearer,
+				getQuery,
+			}
+
+			for _, keyFunc := range keyFuncs {
+				token, err := keyFunc(r)
+				if err == nil {
+					requestToken = token
+					break
+				}
+			}
+		}
+
+		if requestToken == "" {
+			return validate.NewRequestError(errors.New("authorization header or query is required"), http.StatusUnauthorized)
 		}
 
 		requestToken = strings.TrimPrefix(requestToken, "Bearer ")
@@ -144,7 +141,11 @@ func (a *app) mwAuthToken(next errchain.Handler) errchain.Handler {
 		usr, err := a.services.User.GetSelf(r.Context(), requestToken)
 		// Check the database for the token
 		if err != nil {
-			return validate.NewRequestError(errors.New("valid authorization header is required"), http.StatusUnauthorized)
+			if ent.IsNotFound(err) {
+				return validate.NewRequestError(errors.New("valid authorization token is required"), http.StatusUnauthorized)
+			}
+
+			return err
 		}
 
 		r = r.WithContext(services.SetUserCtx(r.Context(), &usr, requestToken))

backend/app/api/providers/doc.go

@@ -0,0 +1,2 @@
+// Package providers provides a authentication abstraction for the backend.
+package providers

backend/app/api/providers/extractors.go

@@ -0,0 +1,55 @@
+package providers
+
+import (
+	"errors"
+	"net/http"
+
+	"github.com/hay-kot/homebox/backend/internal/sys/validate"
+	"github.com/hay-kot/httpkit/server"
+	"github.com/rs/zerolog/log"
+)
+
+type LoginForm struct {
+	Username     string `json:"username"`
+	Password     string `json:"password"`
+	StayLoggedIn bool   `json:"stayLoggedIn"`
+}
+
+func getLoginForm(r *http.Request) (LoginForm, error) {
+	loginForm := LoginForm{}
+
+	switch r.Header.Get("Content-Type") {
+	case "application/x-www-form-urlencoded":
+		err := r.ParseForm()
+		if err != nil {
+			return loginForm, errors.New("failed to parse form")
+		}
+
+		loginForm.Username = r.PostFormValue("username")
+		loginForm.Password = r.PostFormValue("password")
+		loginForm.StayLoggedIn = r.PostFormValue("stayLoggedIn") == "true"
+	case "application/json":
+		err := server.Decode(r, &loginForm)
+		if err != nil {
+			log.Err(err).Msg("failed to decode login form")
+			return loginForm, errors.New("failed to decode login form")
+		}
+	default:
+		return loginForm, errors.New("invalid content type")
+	}
+
+	if loginForm.Username == "" || loginForm.Password == "" {
+		return loginForm, validate.NewFieldErrors(
+			validate.FieldError{
+				Field: "username",
+				Error: "username or password is empty",
+			},
+			validate.FieldError{
+				Field: "password",
+				Error: "username or password is empty",
+			},
+		)
+	}
+
+	return loginForm, nil
+}

backend/app/api/providers/local.go

@@ -0,0 +1,30 @@
+package providers
+
+import (
+	"net/http"
+
+	"github.com/hay-kot/homebox/backend/internal/core/services"
+)
+
+type LocalProvider struct {
+	service *services.UserService
+}
+
+func NewLocalProvider(service *services.UserService) *LocalProvider {
+	return &LocalProvider{
+		service: service,
+	}
+}
+
+func (p *LocalProvider) Name() string {
+	return "local"
+}
+
+func (p *LocalProvider) Authenticate(w http.ResponseWriter, r *http.Request) (services.UserAuthTokenDetail, error) {
+	loginForm, err := getLoginForm(r)
+	if err != nil {
+		return services.UserAuthTokenDetail{}, err
+	}
+
+	return p.service.Login(r.Context(), loginForm.Username, loginForm.Password, loginForm.StayLoggedIn)
+}

backend/app/api/routes.go

@@ -3,7 +3,6 @@ package main
 import (
 	"embed"
 	"errors"
-	"fmt"
 	"io"
 	"mime"
 	"net/http"
@@ -13,11 +12,11 @@ import (
 	"github.com/go-chi/chi/v5"
 	"github.com/hay-kot/homebox/backend/app/api/handlers/debughandlers"
 	v1 "github.com/hay-kot/homebox/backend/app/api/handlers/v1"
+	"github.com/hay-kot/homebox/backend/app/api/providers"
 	_ "github.com/hay-kot/homebox/backend/app/api/static/docs"
 	"github.com/hay-kot/homebox/backend/internal/data/ent/authroles"
-	"github.com/hay-kot/homebox/backend/internal/data/repo"
-	"github.com/hay-kot/safeserve/errchain"
-	httpSwagger "github.com/swaggo/http-swagger" // http-swagger middleware
+	"github.com/hay-kot/httpkit/errchain"
+	httpSwagger "github.com/swaggo/http-swagger/v2" // http-swagger middleware
 )
 
 const prefix = "/api"
@@ -37,21 +36,22 @@ func (a *app) debugRouter() *http.ServeMux {
 }
 
 // registerRoutes registers all the routes for the API
-func (a *app) mountRoutes(r *chi.Mux, chain *errchain.ErrChain, repos *repo.AllRepos) {
+func (a *app) mountRoutes(r *chi.Mux, chain *errchain.ErrChain) {
 	registerMimes()
 
 	r.Get("/swagger/*", httpSwagger.Handler(
-		httpSwagger.URL(fmt.Sprintf("%s://%s/swagger/doc.json", a.conf.Swagger.Scheme, a.conf.Swagger.Host)),
+		httpSwagger.URL("/swagger/doc.json"),
 	))
 
 	// =========================================================================
 	// API Version 1
 
-	v1Base := v1.BaseUrlFunc(prefix)
+	v1Base := v1.BaseURLFunc(prefix)
 
 	v1Ctrl := v1.NewControllerV1(
 		a.services,
 		a.repos,
+		a.bus,
 		v1.WithMaxUploadSize(a.conf.Web.MaxUploadSize),
 		v1.WithRegistration(a.conf.Options.AllowRegistration),
 		v1.WithDemoStatus(a.conf.Demo), // Disable Password Change in Demo Mode
@@ -63,20 +63,29 @@ func (a *app) mountRoutes(r *chi.Mux, chain *errchain.ErrChain, repos *repo.AllR
 		BuildTime: buildTime,
 	})))
 
+	r.Get(v1Base("/currencies"), chain.ToHandlerFunc(v1Ctrl.HandleCurrency()))
+
+	providers := []v1.AuthProvider{
+		providers.NewLocalProvider(a.services.User),
+	}
+
 	r.Post(v1Base("/users/register"), chain.ToHandlerFunc(v1Ctrl.HandleUserRegistration()))
-	r.Post(v1Base("/users/login"), chain.ToHandlerFunc(v1Ctrl.HandleAuthLogin()))
+	r.Post(v1Base("/users/login"), chain.ToHandlerFunc(v1Ctrl.HandleAuthLogin(providers...)))
+	r.Post(v1Base("/users/request-password-reset"), chain.ToHandlerFunc(v1Ctrl.HandleUserRequestPasswordReset()))
 
 	userMW := []errchain.Middleware{
 		a.mwAuthToken,
 		a.mwRoles(RoleModeOr, authroles.RoleUser.String()),
 	}
 
+	r.Get(v1Base("/ws/events"), chain.ToHandlerFunc(v1Ctrl.HandleCacheWS(), userMW...))
 	r.Get(v1Base("/users/self"), chain.ToHandlerFunc(v1Ctrl.HandleUserSelf(), userMW...))
 	r.Put(v1Base("/users/self"), chain.ToHandlerFunc(v1Ctrl.HandleUserSelfUpdate(), userMW...))
 	r.Delete(v1Base("/users/self"), chain.ToHandlerFunc(v1Ctrl.HandleUserSelfDelete(), userMW...))
 	r.Post(v1Base("/users/logout"), chain.ToHandlerFunc(v1Ctrl.HandleAuthLogout(), userMW...))
 	r.Get(v1Base("/users/refresh"), chain.ToHandlerFunc(v1Ctrl.HandleAuthRefresh(), userMW...))
 	r.Put(v1Base("/users/self/change-password"), chain.ToHandlerFunc(v1Ctrl.HandleUserSelfChangePassword(), userMW...))
+	r.Put(v1Base("/users/self/change-password-token"), chain.ToHandlerFunc(v1Ctrl.HandleUserSelfChangePasswordWithToken()))
 
 	r.Post(v1Base("/groups/invitations"), chain.ToHandlerFunc(v1Ctrl.HandleGroupInvitationsCreate(), userMW...))
 	r.Get(v1Base("/groups/statistics"), chain.ToHandlerFunc(v1Ctrl.HandleGroupStatistics(), userMW...))
@@ -91,6 +100,7 @@ func (a *app) mountRoutes(r *chi.Mux, chain *errchain.ErrChain, repos *repo.AllR
 	r.Post(v1Base("/actions/ensure-asset-ids"), chain.ToHandlerFunc(v1Ctrl.HandleEnsureAssetID(), userMW...))
 	r.Post(v1Base("/actions/zero-item-time-fields"), chain.ToHandlerFunc(v1Ctrl.HandleItemDateZeroOut(), userMW...))
 	r.Post(v1Base("/actions/ensure-import-refs"), chain.ToHandlerFunc(v1Ctrl.HandleEnsureImportRefs(), userMW...))
+	r.Post(v1Base("/actions/set-primary-photos"), chain.ToHandlerFunc(v1Ctrl.HandleSetPrimaryPhotos(), userMW...))
 
 	r.Get(v1Base("/locations"), chain.ToHandlerFunc(v1Ctrl.HandleLocationGetAll(), userMW...))
 	r.Post(v1Base("/locations"), chain.ToHandlerFunc(v1Ctrl.HandleLocationCreate(), userMW...))
@@ -113,7 +123,9 @@ func (a *app) mountRoutes(r *chi.Mux, chain *errchain.ErrChain, repos *repo.AllR
 	r.Get(v1Base("/items/fields/values"), chain.ToHandlerFunc(v1Ctrl.HandleGetAllCustomFieldValues(), userMW...))
 
 	r.Get(v1Base("/items/{id}"), chain.ToHandlerFunc(v1Ctrl.HandleItemGet(), userMW...))
+	r.Get(v1Base("/items/{id}/path"), chain.ToHandlerFunc(v1Ctrl.HandleItemFullPath(), userMW...))
 	r.Put(v1Base("/items/{id}"), chain.ToHandlerFunc(v1Ctrl.HandleItemUpdate(), userMW...))
+	r.Patch(v1Base("/items/{id}"), chain.ToHandlerFunc(v1Ctrl.HandleItemPatch(), userMW...))
 	r.Delete(v1Base("/items/{id}"), chain.ToHandlerFunc(v1Ctrl.HandleItemDelete(), userMW...))
 
 	r.Post(v1Base("/items/{id}/attachments"), chain.ToHandlerFunc(v1Ctrl.HandleItemAttachmentCreate(), userMW...))
@@ -125,7 +137,7 @@ func (a *app) mountRoutes(r *chi.Mux, chain *errchain.ErrChain, repos *repo.AllR
 	r.Put(v1Base("/items/{id}/maintenance/{entry_id}"), chain.ToHandlerFunc(v1Ctrl.HandleMaintenanceEntryUpdate(), userMW...))
 	r.Delete(v1Base("/items/{id}/maintenance/{entry_id}"), chain.ToHandlerFunc(v1Ctrl.HandleMaintenanceEntryDelete(), userMW...))
 
-	r.Get(v1Base("/asset/{id}"), chain.ToHandlerFunc(v1Ctrl.HandleAssetGet(), userMW...))
+	r.Get(v1Base("/assets/{id}"), chain.ToHandlerFunc(v1Ctrl.HandleAssetGet(), userMW...))
 
 	// Notifiers
 	r.Get(v1Base("/notifiers"), chain.ToHandlerFunc(v1Ctrl.HandleGetUserNotifiers(), userMW...))
@@ -153,7 +165,6 @@ func (a *app) mountRoutes(r *chi.Mux, chain *errchain.ErrChain, repos *repo.AllR
 	r.Get(v1Base("/reporting/bill-of-materials"), chain.ToHandlerFunc(v1Ctrl.HandleBillOfMaterialsExport(), userMW...))
 
 	r.NotFound(chain.ToHandlerFunc(notFoundHandler()))
-
 }
 
 func registerMimes() {
@@ -176,7 +187,7 @@ func notFoundHandler() errchain.HandlerFunc {
 		if err != nil {
 			return err
 		}
-		defer f.Close()
+		defer func() { _ = f.Close() }()
 
 		stat, _ := f.Stat()
 		if stat.IsDir() {

backend/app/api/static/docs/docs.go

@@ -1,5 +1,4 @@
-// Package docs GENERATED BY SWAG; DO NOT EDIT
-// This file was generated by swaggo/swag
+// Package docs Code generated by swaggo/swag. DO NOT EDIT
 package docs
 
 import "github.com/swaggo/swag"
@@ -13,9 +12,6 @@ const docTemplate = `{
         "contact": {
             "name": "Don't"
         },
-        "license": {
-            "name": "MIT"
-        },
         "version": "{{.Version}}"
     },
     "host": "{{.Host}}",
@@ -71,6 +67,31 @@ const docTemplate = `{
                 }
             }
         },
+        "/v1/actions/set-primary-photos": {
+            "post": {
+                "security": [
+                    {
+                        "Bearer": []
+                    }
+                ],
+                "description": "Sets the first photo of each item as the primary photo",
+                "produces": [
+                    "application/json"
+                ],
+                "tags": [
+                    "Actions"
+                ],
+                "summary": "Set Primary Photos",
+                "responses": {
+                    "200": {
+                        "description": "OK",
+                        "schema": {
+                            "$ref": "#/definitions/v1.ActionAmountResult"
+                        }
+                    }
+                }
+            }
+        },
         "/v1/actions/zero-item-time-fields": {
             "post": {
                 "security": [
@@ -129,6 +150,25 @@ const docTemplate = `{
                 }
             }
         },
+        "/v1/currency": {
+            "get": {
+                "produces": [
+                    "application/json"
+                ],
+                "tags": [
+                    "Base"
+                ],
+                "summary": "Currency",
+                "responses": {
+                    "200": {
+                        "description": "OK",
+                        "schema": {
+                            "$ref": "#/definitions/currencies.Currency"
+                        }
+                    }
+                }
+            }
+        },
         "/v1/groups": {
             "get": {
                 "security": [
@@ -389,6 +429,16 @@ const docTemplate = `{
                         "description": "location Ids",
                         "name": "locations",
                         "in": "query"
+                    },
+                    {
+                        "type": "array",
+                        "items": {
+                            "type": "string"
+                        },
+                        "collectionFormat": "multi",
+                        "description": "parent Ids",
+                        "name": "parentIds",
+                        "in": "query"
                     }
                 ],
                 "responses": {
@@ -638,6 +688,46 @@ const docTemplate = `{
                         "description": "No Content"
                     }
                 }
+            },
+            "patch": {
+                "security": [
+                    {
+                        "Bearer": []
+                    }
+                ],
+                "produces": [
+                    "application/json"
+                ],
+                "tags": [
+                    "Items"
+                ],
+                "summary": "Update Item",
+                "parameters": [
+                    {
+                        "type": "string",
+                        "description": "Item ID",
+                        "name": "id",
+                        "in": "path",
+                        "required": true
+                    },
+                    {
+                        "description": "Item Data",
+                        "name": "payload",
+                        "in": "body",
+                        "required": true,
+                        "schema": {
+                            "$ref": "#/definitions/repo.ItemPatch"
+                        }
+                    }
+                ],
+                "responses": {
+                    "200": {
+                        "description": "OK",
+                        "schema": {
+                            "$ref": "#/definitions/repo.ItemOut"
+                        }
+                    }
+                }
             }
         },
         "/v1/items/{id}/attachments": {
@@ -694,7 +784,7 @@ const docTemplate = `{
                     "422": {
                         "description": "Unprocessable Entity",
                         "schema": {
-                            "$ref": "#/definitions/mid.ErrorResponse"
+                            "$ref": "#/definitions/validate.ErrorResponse"
                         }
                     }
                 }
@@ -927,6 +1017,42 @@ const docTemplate = `{
                 }
             }
         },
+        "/v1/items/{id}/path": {
+            "get": {
+                "security": [
+                    {
+                        "Bearer": []
+                    }
+                ],
+                "produces": [
+                    "application/json"
+                ],
+                "tags": [
+                    "Items"
+                ],
+                "summary": "Get the full path of an item",
+                "parameters": [
+                    {
+                        "type": "string",
+                        "description": "Item ID",
+                        "name": "id",
+                        "in": "path",
+                        "required": true
+                    }
+                ],
+                "responses": {
+                    "200": {
+                        "description": "OK",
+                        "schema": {
+                            "type": "array",
+                            "items": {
+                                "$ref": "#/definitions/repo.ItemPath"
+                            }
+                        }
+                    }
+                }
+            }
+        },
         "/v1/labels": {
             "get": {
                 "security": [
@@ -1513,7 +1639,7 @@ const docTemplate = `{
                     "200": {
                         "description": "OK",
                         "schema": {
-                            "$ref": "#/definitions/v1.ApiSummary"
+                            "$ref": "#/definitions/v1.APISummary"
                         }
                     }
                 }
@@ -1584,6 +1710,12 @@ const docTemplate = `{
                         "schema": {
                             "$ref": "#/definitions/v1.LoginForm"
                         }
+                    },
+                    {
+                        "type": "string",
+                        "description": "auth provider",
+                        "name": "provider",
+                        "in": "query"
                     }
                 ],
                 "responses": {
@@ -1660,6 +1792,33 @@ const docTemplate = `{
                 }
             }
         },
+        "/v1/users/request-password-reset": {
+            "post": {
+                "produces": [
+                    "application/json"
+                ],
+                "tags": [
+                    "User"
+                ],
+                "summary": "Request Password Reset",
+                "parameters": [
+                    {
+                        "description": "User Data",
+                        "name": "payload",
+                        "in": "body",
+                        "required": true,
+                        "schema": {
+                            "$ref": "#/definitions/services.PasswordResetRequest"
+                        }
+                    }
+                ],
+                "responses": {
+                    "204": {
+                        "description": "No Content"
+                    }
+                }
+            }
+        },
         "/v1/users/self": {
             "get": {
                 "security": [
@@ -1762,17 +1921,20 @@ const docTemplate = `{
         }
     },
     "definitions": {
-        "mid.ErrorResponse": {
+        "currencies.Currency": {
             "type": "object",
             "properties": {
-                "error": {
+                "code": {
                     "type": "string"
                 },
-                "fields": {
-                    "type": "object",
-                    "additionalProperties": {
-                        "type": "string"
-                    }
+                "local": {
+                    "type": "string"
+                },
+                "name": {
+                    "type": "string"
+                },
+                "symbol": {
+                    "type": "string"
                 }
             }
         },
@@ -1856,6 +2018,9 @@ const docTemplate = `{
                 "id": {
                     "type": "string"
                 },
+                "primary": {
+                    "type": "boolean"
+                },
                 "type": {
                     "type": "string"
                 },
@@ -1867,6 +2032,9 @@ const docTemplate = `{
         "repo.ItemAttachmentUpdate": {
             "type": "object",
             "properties": {
+                "primary": {
+                    "type": "boolean"
+                },
                 "title": {
                     "type": "string"
                 },
@@ -1945,12 +2113,6 @@ const docTemplate = `{
                         "$ref": "#/definitions/repo.ItemAttachment"
                     }
                 },
-                "children": {
-                    "type": "array",
-                    "items": {
-                        "$ref": "#/definitions/repo.ItemSummary"
-                    }
-                },
                 "createdAt": {
                     "type": "string"
                 },
@@ -1966,6 +2128,9 @@ const docTemplate = `{
                 "id": {
                     "type": "string"
                 },
+                "imageId": {
+                    "type": "string"
+                },
                 "insured": {
                     "type": "boolean"
                 },
@@ -1981,9 +2146,13 @@ const docTemplate = `{
                 },
                 "location": {
                     "description": "Edges",
+                    "allOf": [
+                        {
+                            "$ref": "#/definitions/repo.LocationSummary"
+                        }
+                    ],
                     "x-nullable": true,
-                    "x-omitempty": true,
-                    "$ref": "#/definitions/repo.LocationSummary"
+                    "x-omitempty": true
                 },
                 "manufacturer": {
                     "type": "string"
@@ -1999,9 +2168,13 @@ const docTemplate = `{
                     "type": "string"
                 },
                 "parent": {
+                    "allOf": [
+                        {
+                            "$ref": "#/definitions/repo.ItemSummary"
+                        }
+                    ],
                     "x-nullable": true,
-                    "x-omitempty": true,
-                    "$ref": "#/definitions/repo.ItemSummary"
+                    "x-omitempty": true
                 },
                 "purchaseFrom": {
                     "type": "string"
@@ -2045,6 +2218,33 @@ const docTemplate = `{
                 }
             }
         },
+        "repo.ItemPatch": {
+            "type": "object",
+            "properties": {
+                "id": {
+                    "type": "string"
+                },
+                "quantity": {
+                    "type": "integer",
+                    "x-nullable": true,
+                    "x-omitempty": true
+                }
+            }
+        },
+        "repo.ItemPath": {
+            "type": "object",
+            "properties": {
+                "id": {
+                    "type": "string"
+                },
+                "name": {
+                    "type": "string"
+                },
+                "type": {
+                    "$ref": "#/definitions/repo.ItemType"
+                }
+            }
+        },
         "repo.ItemSummary": {
             "type": "object",
             "properties": {
@@ -2060,6 +2260,9 @@ const docTemplate = `{
                 "id": {
                     "type": "string"
                 },
+                "imageId": {
+                    "type": "string"
+                },
                 "insured": {
                     "type": "boolean"
                 },
@@ -2071,9 +2274,13 @@ const docTemplate = `{
                 },
                 "location": {
                     "description": "Edges",
+                    "allOf": [
+                        {
+                            "$ref": "#/definitions/repo.LocationSummary"
+                        }
+                    ],
                     "x-nullable": true,
-                    "x-omitempty": true,
-                    "$ref": "#/definitions/repo.LocationSummary"
+                    "x-omitempty": true
                 },
                 "name": {
                     "type": "string"
@@ -2090,6 +2297,17 @@ const docTemplate = `{
                 }
             }
         },
+        "repo.ItemType": {
+            "type": "string",
+            "enum": [
+                "location",
+                "item"
+            ],
+            "x-enum-varnames": [
+                "ItemTypeLocation",
+                "ItemTypeItem"
+            ]
+        },
         "repo.ItemUpdate": {
             "type": "object",
             "properties": {
@@ -2182,7 +2400,6 @@ const docTemplate = `{
                     "type": "string"
                 },
                 "warrantyExpires": {
-                    "description": "Sold",
                     "type": "string"
                 }
             }
@@ -2219,12 +2436,6 @@ const docTemplate = `{
                 "id": {
                     "type": "string"
                 },
-                "items": {
-                    "type": "array",
-                    "items": {
-                        "$ref": "#/definitions/repo.ItemSummary"
-                    }
-                },
                 "name": {
                     "type": "string"
                 },
@@ -2286,12 +2497,6 @@ const docTemplate = `{
                 "id": {
                     "type": "string"
                 },
-                "items": {
-                    "type": "array",
-                    "items": {
-                        "$ref": "#/definitions/repo.ItemSummary"
-                    }
-                },
                 "name": {
                     "type": "string"
                 },
@@ -2368,7 +2573,6 @@ const docTemplate = `{
             "type": "object",
             "properties": {
                 "completedDate": {
-                    "description": "Sold",
                     "type": "string"
                 },
                 "cost": {
@@ -2385,7 +2589,6 @@ const docTemplate = `{
                     "type": "string"
                 },
                 "scheduledDate": {
-                    "description": "Sold",
                     "type": "string"
                 }
             }
@@ -2397,7 +2600,6 @@ const docTemplate = `{
             ],
             "properties": {
                 "completedDate": {
-                    "description": "Sold",
                     "type": "string"
                 },
                 "cost": {
@@ -2411,7 +2613,6 @@ const docTemplate = `{
                     "type": "string"
                 },
                 "scheduledDate": {
-                    "description": "Sold",
                     "type": "string"
                 }
             }
@@ -2420,7 +2621,6 @@ const docTemplate = `{
             "type": "object",
             "properties": {
                 "completedDate": {
-                    "description": "Sold",
                     "type": "string"
                 },
                 "cost": {
@@ -2434,7 +2634,6 @@ const docTemplate = `{
                     "type": "string"
                 },
                 "scheduledDate": {
-                    "description": "Sold",
                     "type": "string"
                 }
             }
@@ -2653,6 +2852,14 @@ const docTemplate = `{
                 }
             }
         },
+        "services.PasswordResetRequest": {
+            "type": "object",
+            "properties": {
+                "email": {
+                    "type": "string"
+                }
+            }
+        },
         "services.UserRegistration": {
             "type": "object",
             "properties": {
@@ -2670,15 +2877,7 @@ const docTemplate = `{
                 }
             }
         },
-        "v1.ActionAmountResult": {
-            "type": "object",
-            "properties": {
-                "completed": {
-                    "type": "integer"
-                }
-            }
-        },
-        "v1.ApiSummary": {
+        "v1.APISummary": {
             "type": "object",
             "properties": {
                 "allowRegistration": {
@@ -2707,6 +2906,14 @@ const docTemplate = `{
                 }
             }
         },
+        "v1.ActionAmountResult": {
+            "type": "object",
+            "properties": {
+                "completed": {
+                    "type": "integer"
+                }
+            }
+        },
         "v1.Build": {
             "type": "object",
             "properties": {
@@ -2803,6 +3010,17 @@ const docTemplate = `{
             "properties": {
                 "item": {}
             }
+        },
+        "validate.ErrorResponse": {
+            "type": "object",
+            "properties": {
+                "error": {
+                    "type": "string"
+                },
+                "fields": {
+                    "type": "string"
+                }
+            }
         }
     },
     "securityDefinitions": {
@@ -2825,6 +3043,8 @@ var SwaggerInfo = &swag.Spec{
 	Description:      "Track, Manage, and Organize your Things.",
 	InfoInstanceName: "swagger",
 	SwaggerTemplate:  docTemplate,
+	LeftDelim:        "{{",
+	RightDelim:       "}}",
 }
 
 func init() {

backend/app/api/static/docs/swagger.json

@@ -6,9 +6,6 @@
         "contact": {
             "name": "Don't"
         },
-        "license": {
-            "name": "MIT"
-        },
         "version": "1.0"
     },
     "basePath": "/api",
@@ -63,6 +60,31 @@
                 }
             }
         },
+        "/v1/actions/set-primary-photos": {
+            "post": {
+                "security": [
+                    {
+                        "Bearer": []
+                    }
+                ],
+                "description": "Sets the first photo of each item as the primary photo",
+                "produces": [
+                    "application/json"
+                ],
+                "tags": [
+                    "Actions"
+                ],
+                "summary": "Set Primary Photos",
+                "responses": {
+                    "200": {
+                        "description": "OK",
+                        "schema": {
+                            "$ref": "#/definitions/v1.ActionAmountResult"
+                        }
+                    }
+                }
+            }
+        },
         "/v1/actions/zero-item-time-fields": {
             "post": {
                 "security": [
@@ -121,6 +143,25 @@
                 }
             }
         },
+        "/v1/currency": {
+            "get": {
+                "produces": [
+                    "application/json"
+                ],
+                "tags": [
+                    "Base"
+                ],
+                "summary": "Currency",
+                "responses": {
+                    "200": {
+                        "description": "OK",
+                        "schema": {
+                            "$ref": "#/definitions/currencies.Currency"
+                        }
+                    }
+                }
+            }
+        },
         "/v1/groups": {
             "get": {
                 "security": [
@@ -381,6 +422,16 @@
                         "description": "location Ids",
                         "name": "locations",
                         "in": "query"
+                    },
+                    {
+                        "type": "array",
+                        "items": {
+                            "type": "string"
+                        },
+                        "collectionFormat": "multi",
+                        "description": "parent Ids",
+                        "name": "parentIds",
+                        "in": "query"
                     }
                 ],
                 "responses": {
@@ -630,6 +681,46 @@
                         "description": "No Content"
                     }
                 }
+            },
+            "patch": {
+                "security": [
+                    {
+                        "Bearer": []
+                    }
+                ],
+                "produces": [
+                    "application/json"
+                ],
+                "tags": [
+                    "Items"
+                ],
+                "summary": "Update Item",
+                "parameters": [
+                    {
+                        "type": "string",
+                        "description": "Item ID",
+                        "name": "id",
+                        "in": "path",
+                        "required": true
+                    },
+                    {
+                        "description": "Item Data",
+                        "name": "payload",
+                        "in": "body",
+                        "required": true,
+                        "schema": {
+                            "$ref": "#/definitions/repo.ItemPatch"
+                        }
+                    }
+                ],
+                "responses": {
+                    "200": {
+                        "description": "OK",
+                        "schema": {
+                            "$ref": "#/definitions/repo.ItemOut"
+                        }
+                    }
+                }
             }
         },
         "/v1/items/{id}/attachments": {
@@ -686,7 +777,7 @@
                     "422": {
                         "description": "Unprocessable Entity",
                         "schema": {
-                            "$ref": "#/definitions/mid.ErrorResponse"
+                            "$ref": "#/definitions/validate.ErrorResponse"
                         }
                     }
                 }
@@ -919,6 +1010,42 @@
                 }
             }
         },
+        "/v1/items/{id}/path": {
+            "get": {
+                "security": [
+                    {
+                        "Bearer": []
+                    }
+                ],
+                "produces": [
+                    "application/json"
+                ],
+                "tags": [
+                    "Items"
+                ],
+                "summary": "Get the full path of an item",
+                "parameters": [
+                    {
+                        "type": "string",
+                        "description": "Item ID",
+                        "name": "id",
+                        "in": "path",
+                        "required": true
+                    }
+                ],
+                "responses": {
+                    "200": {
+                        "description": "OK",
+                        "schema": {
+                            "type": "array",
+                            "items": {
+                                "$ref": "#/definitions/repo.ItemPath"
+                            }
+                        }
+                    }
+                }
+            }
+        },
         "/v1/labels": {
             "get": {
                 "security": [
@@ -1505,7 +1632,7 @@
                     "200": {
                         "description": "OK",
                         "schema": {
-                            "$ref": "#/definitions/v1.ApiSummary"
+                            "$ref": "#/definitions/v1.APISummary"
                         }
                     }
                 }
@@ -1576,6 +1703,12 @@
                         "schema": {
                             "$ref": "#/definitions/v1.LoginForm"
                         }
+                    },
+                    {
+                        "type": "string",
+                        "description": "auth provider",
+                        "name": "provider",
+                        "in": "query"
                     }
                 ],
                 "responses": {
@@ -1652,6 +1785,33 @@
                 }
             }
         },
+        "/v1/users/request-password-reset": {
+            "post": {
+                "produces": [
+                    "application/json"
+                ],
+                "tags": [
+                    "User"
+                ],
+                "summary": "Request Password Reset",
+                "parameters": [
+                    {
+                        "description": "User Data",
+                        "name": "payload",
+                        "in": "body",
+                        "required": true,
+                        "schema": {
+                            "$ref": "#/definitions/services.PasswordResetRequest"
+                        }
+                    }
+                ],
+                "responses": {
+                    "204": {
+                        "description": "No Content"
+                    }
+                }
+            }
+        },
         "/v1/users/self": {
             "get": {
                 "security": [
@@ -1754,17 +1914,20 @@
         }
     },
     "definitions": {
-        "mid.ErrorResponse": {
+        "currencies.Currency": {
             "type": "object",
             "properties": {
-                "error": {
+                "code": {
                     "type": "string"
                 },
-                "fields": {
-                    "type": "object",
-                    "additionalProperties": {
-                        "type": "string"
-                    }
+                "local": {
+                    "type": "string"
+                },
+                "name": {
+                    "type": "string"
+                },
+                "symbol": {
+                    "type": "string"
                 }
             }
         },
@@ -1848,6 +2011,9 @@
                 "id": {
                     "type": "string"
                 },
+                "primary": {
+                    "type": "boolean"
+                },
                 "type": {
                     "type": "string"
                 },
@@ -1859,6 +2025,9 @@
         "repo.ItemAttachmentUpdate": {
             "type": "object",
             "properties": {
+                "primary": {
+                    "type": "boolean"
+                },
                 "title": {
                     "type": "string"
                 },
@@ -1937,12 +2106,6 @@
                         "$ref": "#/definitions/repo.ItemAttachment"
                     }
                 },
-                "children": {
-                    "type": "array",
-                    "items": {
-                        "$ref": "#/definitions/repo.ItemSummary"
-                    }
-                },
                 "createdAt": {
                     "type": "string"
                 },
@@ -1958,6 +2121,9 @@
                 "id": {
                     "type": "string"
                 },
+                "imageId": {
+                    "type": "string"
+                },
                 "insured": {
                     "type": "boolean"
                 },
@@ -1973,9 +2139,13 @@
                 },
                 "location": {
                     "description": "Edges",
+                    "allOf": [
+                        {
+                            "$ref": "#/definitions/repo.LocationSummary"
+                        }
+                    ],
                     "x-nullable": true,
-                    "x-omitempty": true,
-                    "$ref": "#/definitions/repo.LocationSummary"
+                    "x-omitempty": true
                 },
                 "manufacturer": {
                     "type": "string"
@@ -1991,9 +2161,13 @@
                     "type": "string"
                 },
                 "parent": {
+                    "allOf": [
+                        {
+                            "$ref": "#/definitions/repo.ItemSummary"
+                        }
+                    ],
                     "x-nullable": true,
-                    "x-omitempty": true,
-                    "$ref": "#/definitions/repo.ItemSummary"
+                    "x-omitempty": true
                 },
                 "purchaseFrom": {
                     "type": "string"
@@ -2037,6 +2211,33 @@
                 }
             }
         },
+        "repo.ItemPatch": {
+            "type": "object",
+            "properties": {
+                "id": {
+                    "type": "string"
+                },
+                "quantity": {
+                    "type": "integer",
+                    "x-nullable": true,
+                    "x-omitempty": true
+                }
+            }
+        },
+        "repo.ItemPath": {
+            "type": "object",
+            "properties": {
+                "id": {
+                    "type": "string"
+                },
+                "name": {
+                    "type": "string"
+                },
+                "type": {
+                    "$ref": "#/definitions/repo.ItemType"
+                }
+            }
+        },
         "repo.ItemSummary": {
             "type": "object",
             "properties": {
@@ -2052,6 +2253,9 @@
                 "id": {
                     "type": "string"
                 },
+                "imageId": {
+                    "type": "string"
+                },
                 "insured": {
                     "type": "boolean"
                 },
@@ -2063,9 +2267,13 @@
                 },
                 "location": {
                     "description": "Edges",
+                    "allOf": [
+                        {
+                            "$ref": "#/definitions/repo.LocationSummary"
+                        }
+                    ],
                     "x-nullable": true,
-                    "x-omitempty": true,
-                    "$ref": "#/definitions/repo.LocationSummary"
+                    "x-omitempty": true
                 },
                 "name": {
                     "type": "string"
@@ -2082,6 +2290,17 @@
                 }
             }
         },
+        "repo.ItemType": {
+            "type": "string",
+            "enum": [
+                "location",
+                "item"
+            ],
+            "x-enum-varnames": [
+                "ItemTypeLocation",
+                "ItemTypeItem"
+            ]
+        },
         "repo.ItemUpdate": {
             "type": "object",
             "properties": {
@@ -2174,7 +2393,6 @@
                     "type": "string"
                 },
                 "warrantyExpires": {
-                    "description": "Sold",
                     "type": "string"
                 }
             }
@@ -2211,12 +2429,6 @@
                 "id": {
                     "type": "string"
                 },
-                "items": {
-                    "type": "array",
-                    "items": {
-                        "$ref": "#/definitions/repo.ItemSummary"
-                    }
-                },
                 "name": {
                     "type": "string"
                 },
@@ -2278,12 +2490,6 @@
                 "id": {
                     "type": "string"
                 },
-                "items": {
-                    "type": "array",
-                    "items": {
-                        "$ref": "#/definitions/repo.ItemSummary"
-                    }
-                },
                 "name": {
                     "type": "string"
                 },
@@ -2360,7 +2566,6 @@
             "type": "object",
             "properties": {
                 "completedDate": {
-                    "description": "Sold",
                     "type": "string"
                 },
                 "cost": {
@@ -2377,7 +2582,6 @@
                     "type": "string"
                 },
                 "scheduledDate": {
-                    "description": "Sold",
                     "type": "string"
                 }
             }
@@ -2389,7 +2593,6 @@
             ],
             "properties": {
                 "completedDate": {
-                    "description": "Sold",
                     "type": "string"
                 },
                 "cost": {
@@ -2403,7 +2606,6 @@
                     "type": "string"
                 },
                 "scheduledDate": {
-                    "description": "Sold",
                     "type": "string"
                 }
             }
@@ -2412,7 +2614,6 @@
             "type": "object",
             "properties": {
                 "completedDate": {
-                    "description": "Sold",
                     "type": "string"
                 },
                 "cost": {
@@ -2426,7 +2627,6 @@
                     "type": "string"
                 },
                 "scheduledDate": {
-                    "description": "Sold",
                     "type": "string"
                 }
             }
@@ -2645,6 +2845,14 @@
                 }
             }
         },
+        "services.PasswordResetRequest": {
+            "type": "object",
+            "properties": {
+                "email": {
+                    "type": "string"
+                }
+            }
+        },
         "services.UserRegistration": {
             "type": "object",
             "properties": {
@@ -2662,15 +2870,7 @@
                 }
             }
         },
-        "v1.ActionAmountResult": {
-            "type": "object",
-            "properties": {
-                "completed": {
-                    "type": "integer"
-                }
-            }
-        },
-        "v1.ApiSummary": {
+        "v1.APISummary": {
             "type": "object",
             "properties": {
                 "allowRegistration": {
@@ -2699,6 +2899,14 @@
                 }
             }
         },
+        "v1.ActionAmountResult": {
+            "type": "object",
+            "properties": {
+                "completed": {
+                    "type": "integer"
+                }
+            }
+        },
         "v1.Build": {
             "type": "object",
             "properties": {
@@ -2795,6 +3003,17 @@
             "properties": {
                 "item": {}
             }
+        },
+        "validate.ErrorResponse": {
+            "type": "object",
+            "properties": {
+                "error": {
+                    "type": "string"
+                },
+                "fields": {
+                    "type": "string"
+                }
+            }
         }
     },
     "securityDefinitions": {

backend/app/api/static/docs/swagger.yaml

@@ -1,13 +1,15 @@
 basePath: /api
 definitions:
-  mid.ErrorResponse:
+  currencies.Currency:
     properties:
-      error:
+      code:
+        type: string
+      local:
+        type: string
+      name:
+        type: string
+      symbol:
         type: string
-      fields:
-        additionalProperties:
-          type: string
-        type: object
     type: object
   repo.DocumentOut:
     properties:
@@ -61,6 +63,8 @@ definitions:
         $ref: '#/definitions/repo.DocumentOut'
       id:
         type: string
+      primary:
+        type: boolean
       type:
         type: string
       updatedAt:
@@ -68,6 +72,8 @@ definitions:
     type: object
   repo.ItemAttachmentUpdate:
     properties:
+      primary:
+        type: boolean
       title:
         type: string
       type:
@@ -121,10 +127,6 @@ definitions:
         items:
           $ref: '#/definitions/repo.ItemAttachment'
         type: array
-      children:
-        items:
-          $ref: '#/definitions/repo.ItemSummary'
-        type: array
       createdAt:
         type: string
       description:
@@ -135,6 +137,8 @@ definitions:
         type: array
       id:
         type: string
+      imageId:
+        type: string
       insured:
         type: boolean
       labels:
@@ -145,7 +149,8 @@ definitions:
         description: Warranty
         type: boolean
       location:
-        $ref: '#/definitions/repo.LocationSummary'
+        allOf:
+        - $ref: '#/definitions/repo.LocationSummary'
         description: Edges
         x-nullable: true
         x-omitempty: true
@@ -159,7 +164,8 @@ definitions:
         description: Extras
         type: string
       parent:
-        $ref: '#/definitions/repo.ItemSummary'
+        allOf:
+        - $ref: '#/definitions/repo.ItemSummary'
         x-nullable: true
         x-omitempty: true
       purchaseFrom:
@@ -191,6 +197,24 @@ definitions:
       warrantyExpires:
         type: string
     type: object
+  repo.ItemPatch:
+    properties:
+      id:
+        type: string
+      quantity:
+        type: integer
+        x-nullable: true
+        x-omitempty: true
+    type: object
+  repo.ItemPath:
+    properties:
+      id:
+        type: string
+      name:
+        type: string
+      type:
+        $ref: '#/definitions/repo.ItemType'
+    type: object
   repo.ItemSummary:
     properties:
       archived:
@@ -201,6 +225,8 @@ definitions:
         type: string
       id:
         type: string
+      imageId:
+        type: string
       insured:
         type: boolean
       labels:
@@ -208,7 +234,8 @@ definitions:
           $ref: '#/definitions/repo.LabelSummary'
         type: array
       location:
-        $ref: '#/definitions/repo.LocationSummary'
+        allOf:
+        - $ref: '#/definitions/repo.LocationSummary'
         description: Edges
         x-nullable: true
         x-omitempty: true
@@ -222,6 +249,14 @@ definitions:
       updatedAt:
         type: string
     type: object
+  repo.ItemType:
+    enum:
+    - location
+    - item
+    type: string
+    x-enum-varnames:
+    - ItemTypeLocation
+    - ItemTypeItem
   repo.ItemUpdate:
     properties:
       archived:
@@ -287,7 +322,6 @@ definitions:
       warrantyDetails:
         type: string
       warrantyExpires:
-        description: Sold
         type: string
     type: object
   repo.LabelCreate:
@@ -312,10 +346,6 @@ definitions:
         type: string
       id:
         type: string
-      items:
-        items:
-          $ref: '#/definitions/repo.ItemSummary'
-        type: array
       name:
         type: string
       updatedAt:
@@ -356,10 +386,6 @@ definitions:
         type: string
       id:
         type: string
-      items:
-        items:
-          $ref: '#/definitions/repo.ItemSummary'
-        type: array
       name:
         type: string
       parent:
@@ -410,7 +436,6 @@ definitions:
   repo.MaintenanceEntry:
     properties:
       completedDate:
-        description: Sold
         type: string
       cost:
         example: "0"
@@ -422,13 +447,11 @@ definitions:
       name:
         type: string
       scheduledDate:
-        description: Sold
         type: string
     type: object
   repo.MaintenanceEntryCreate:
     properties:
       completedDate:
-        description: Sold
         type: string
       cost:
         example: "0"
@@ -438,7 +461,6 @@ definitions:
       name:
         type: string
       scheduledDate:
-        description: Sold
         type: string
     required:
     - name
@@ -446,7 +468,6 @@ definitions:
   repo.MaintenanceEntryUpdate:
     properties:
       completedDate:
-        description: Sold
         type: string
       cost:
         example: "0"
@@ -456,7 +477,6 @@ definitions:
       name:
         type: string
       scheduledDate:
-        description: Sold
         type: string
     type: object
   repo.MaintenanceLog:
@@ -600,6 +620,11 @@ definitions:
       value:
         type: number
     type: object
+  services.PasswordResetRequest:
+    properties:
+      email:
+        type: string
+    type: object
   services.UserRegistration:
     properties:
       email:
@@ -611,12 +636,7 @@ definitions:
       token:
         type: string
     type: object
-  v1.ActionAmountResult:
-    properties:
-      completed:
-        type: integer
-    type: object
-  v1.ApiSummary:
+  v1.APISummary:
     properties:
       allowRegistration:
         type: boolean
@@ -635,6 +655,11 @@ definitions:
           type: string
         type: array
     type: object
+  v1.ActionAmountResult:
+    properties:
+      completed:
+        type: integer
+    type: object
   v1.Build:
     properties:
       buildTime:
@@ -698,12 +723,17 @@ definitions:
     properties:
       item: {}
     type: object
+  validate.ErrorResponse:
+    properties:
+      error:
+        type: string
+      fields:
+        type: string
+    type: object
 info:
   contact:
     name: Don't
   description: Track, Manage, and Organize your Things.
-  license:
-    name: MIT
   title: Homebox API
   version: "1.0"
 paths:
@@ -737,6 +767,21 @@ paths:
       summary: Ensures Import Refs
       tags:
       - Actions
+  /v1/actions/set-primary-photos:
+    post:
+      description: Sets the first photo of each item as the primary photo
+      produces:
+      - application/json
+      responses:
+        "200":
+          description: OK
+          schema:
+            $ref: '#/definitions/v1.ActionAmountResult'
+      security:
+      - Bearer: []
+      summary: Set Primary Photos
+      tags:
+      - Actions
   /v1/actions/zero-item-time-fields:
     post:
       description: Resets all item date fields to the beginning of the day
@@ -772,6 +817,18 @@ paths:
       summary: Get Item by Asset ID
       tags:
       - Items
+  /v1/currency:
+    get:
+      produces:
+      - application/json
+      responses:
+        "200":
+          description: OK
+          schema:
+            $ref: '#/definitions/currencies.Currency'
+      summary: Currency
+      tags:
+      - Base
   /v1/groups:
     get:
       produces:
@@ -925,6 +982,13 @@ paths:
           type: string
         name: locations
         type: array
+      - collectionFormat: multi
+        description: parent Ids
+        in: query
+        items:
+          type: string
+        name: parentIds
+        type: array
       produces:
       - application/json
       responses:
@@ -994,6 +1058,31 @@ paths:
       summary: Get Item
       tags:
       - Items
+    patch:
+      parameters:
+      - description: Item ID
+        in: path
+        name: id
+        required: true
+        type: string
+      - description: Item Data
+        in: body
+        name: payload
+        required: true
+        schema:
+          $ref: '#/definitions/repo.ItemPatch'
+      produces:
+      - application/json
+      responses:
+        "200":
+          description: OK
+          schema:
+            $ref: '#/definitions/repo.ItemOut'
+      security:
+      - Bearer: []
+      summary: Update Item
+      tags:
+      - Items
     put:
       parameters:
       - description: Item ID
@@ -1052,7 +1141,7 @@ paths:
         "422":
           description: Unprocessable Entity
           schema:
-            $ref: '#/definitions/mid.ErrorResponse'
+            $ref: '#/definitions/validate.ErrorResponse'
       security:
       - Bearer: []
       summary: Create Item Attachment
@@ -1197,6 +1286,28 @@ paths:
       summary: Update Maintenance Entry
       tags:
       - Maintenance
+  /v1/items/{id}/path:
+    get:
+      parameters:
+      - description: Item ID
+        in: path
+        name: id
+        required: true
+        type: string
+      produces:
+      - application/json
+      responses:
+        "200":
+          description: OK
+          schema:
+            items:
+              $ref: '#/definitions/repo.ItemPath'
+            type: array
+      security:
+      - Bearer: []
+      summary: Get the full path of an item
+      tags:
+      - Items
   /v1/items/export:
     get:
       responses:
@@ -1614,7 +1725,7 @@ paths:
         "200":
           description: OK
           schema:
-            $ref: '#/definitions/v1.ApiSummary'
+            $ref: '#/definitions/v1.APISummary'
       summary: Application Info
       tags:
       - Base
@@ -1657,6 +1768,10 @@ paths:
         required: true
         schema:
           $ref: '#/definitions/v1.LoginForm'
+      - description: auth provider
+        in: query
+        name: provider
+        type: string
       produces:
       - application/json
       responses:
@@ -1707,6 +1822,23 @@ paths:
       summary: Register New User
       tags:
       - User
+  /v1/users/request-password-reset:
+    post:
+      parameters:
+      - description: User Data
+        in: body
+        name: payload
+        required: true
+        schema:
+          $ref: '#/definitions/services.PasswordResetRequest'
+      produces:
+      - application/json
+      responses:
+        "204":
+          description: No Content
+      summary: Request Password Reset
+      tags:
+      - User
   /v1/users/self:
     delete:
       produces:

backend/app/tools/typegen/main.go

@@ -54,6 +54,7 @@ func main() {
 		NewReReplace(` Services`, " "),
 		NewReReplace(` V1`, " "),
 		NewReReplace(`\?:`, ":"),
+		NewReReplace(`(\w+):\s(.*null.*)`, "$1?: $2"), // make null union types optional
 		NewReDate("createdAt"),
 		NewReDate("updatedAt"),
 		NewReDate("soldTime"),
@@ -70,7 +71,7 @@ func main() {
 		text = replace.Regex.ReplaceAllString(text, replace.Text)
 	}
 
-	err = os.WriteFile(path, []byte(text), 0644)
+	err = os.WriteFile(path, []byte(text), 0o644)
 	if err != nil {
 		fmt.Println(err)
 		os.Exit(1)

backend/go.mod

@@ -1,74 +1,79 @@
 module github.com/hay-kot/homebox/backend
 
-go 1.20
+go 1.22
+
+toolchain go1.22.0
 
 require (
-	ariga.io/atlas v0.10.0
-	entgo.io/ent v0.11.10
-	github.com/ardanlabs/conf/v3 v3.1.5
-	github.com/containrrr/shoutrrr v0.7.1
-	github.com/go-chi/chi/v5 v5.0.8
-	github.com/go-playground/validator/v10 v10.12.0
-	github.com/gocarina/gocsv v0.0.0-20230226133904-70c27cb2918a
-	github.com/google/uuid v1.3.0
-	github.com/gorilla/schema v1.2.0
-	github.com/hay-kot/safeserve v0.0.1
-	github.com/mattn/go-sqlite3 v1.14.16
+	ariga.io/atlas v0.19.1
+	entgo.io/ent v0.12.5
+	github.com/ardanlabs/conf/v3 v3.1.7
+	github.com/containrrr/shoutrrr v0.8.0
+	github.com/go-chi/chi/v5 v5.0.12
+	github.com/go-playground/validator/v10 v10.18.0
+	github.com/gocarina/gocsv v0.0.0-20231116093920-b87c2d0e983a
+	github.com/google/uuid v1.6.0
+	github.com/gorilla/schema v1.2.1
+	github.com/hay-kot/easyemails v0.0.0-20240206011027-25232fb79aa3
+	github.com/hay-kot/httpkit v0.0.9
+	github.com/mattn/go-sqlite3 v1.14.22
+	github.com/olahol/melody v1.1.4
 	github.com/pkg/errors v0.9.1
-	github.com/rs/zerolog v1.29.0
-	github.com/stretchr/testify v1.8.2
-	github.com/swaggo/http-swagger v1.3.4
-	github.com/swaggo/swag v1.8.11
-	github.com/yeqown/go-qrcode/v2 v2.2.1
-	github.com/yeqown/go-qrcode/writer/standard v1.2.1
-	golang.org/x/crypto v0.7.0
-	modernc.org/sqlite v1.21.0
+	github.com/rs/zerolog v1.32.0
+	github.com/stretchr/testify v1.8.4
+	github.com/swaggo/http-swagger/v2 v2.0.2
+	github.com/swaggo/swag v1.16.3
+	github.com/yeqown/go-qrcode/v2 v2.2.2
+	github.com/yeqown/go-qrcode/writer/standard v1.2.2
+	golang.org/x/crypto v0.19.0
+	modernc.org/sqlite v1.29.2
 )
 
 require (
 	github.com/KyleBanks/depth v1.2.1 // indirect
 	github.com/agext/levenshtein v1.2.3 // indirect
-	github.com/apparentlymart/go-textseg/v13 v13.0.0 // indirect
+	github.com/apparentlymart/go-textseg/v15 v15.0.0 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
-	github.com/dustin/go-humanize v1.0.0 // indirect
-	github.com/fatih/color v1.13.0 // indirect
+	github.com/dustin/go-humanize v1.0.1 // indirect
+	github.com/fatih/color v1.16.0 // indirect
 	github.com/fogleman/gg v1.3.0 // indirect
+	github.com/gabriel-vasile/mimetype v1.4.3 // indirect
 	github.com/go-openapi/inflect v0.19.0 // indirect
-	github.com/go-openapi/jsonpointer v0.19.5 // indirect
-	github.com/go-openapi/jsonreference v0.20.0 // indirect
-	github.com/go-openapi/spec v0.20.7 // indirect
-	github.com/go-openapi/swag v0.22.3 // indirect
+	github.com/go-openapi/jsonpointer v0.20.0 // indirect
+	github.com/go-openapi/jsonreference v0.20.2 // indirect
+	github.com/go-openapi/spec v0.20.9 // indirect
+	github.com/go-openapi/swag v0.22.4 // indirect
 	github.com/go-playground/locales v0.14.1 // indirect
 	github.com/go-playground/universal-translator v0.18.1 // indirect
 	github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0 // indirect
-	github.com/google/go-cmp v0.5.9 // indirect
-	github.com/hashicorp/hcl/v2 v2.15.0 // indirect
+	github.com/google/go-cmp v0.6.0 // indirect
+	github.com/gorilla/websocket v1.5.1 // indirect
+	github.com/hashicorp/golang-lru/v2 v2.0.7 // indirect
+	github.com/hashicorp/hcl/v2 v2.19.1 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
-	github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 // indirect
-	github.com/leodido/go-urn v1.2.2 // indirect
+	github.com/leodido/go-urn v1.4.0 // indirect
 	github.com/mailru/easyjson v0.7.7 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
-	github.com/mattn/go-isatty v0.0.17 // indirect
+	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/mitchellh/go-wordwrap v1.0.1 // indirect
+	github.com/ncruces/go-strftime v0.1.9 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec // indirect
-	github.com/swaggo/files v1.0.0 // indirect
+	github.com/rogpeppe/go-internal v1.11.0 // indirect
+	github.com/swaggo/files/v2 v2.0.0 // indirect
 	github.com/yeqown/reedsolomon v1.0.0 // indirect
-	github.com/zclconf/go-cty v1.12.1 // indirect
-	golang.org/x/image v0.0.0-20200927104501-e162460cd6b5 // indirect
-	golang.org/x/mod v0.8.0 // indirect
-	golang.org/x/net v0.8.0 // indirect
-	golang.org/x/sys v0.6.0 // indirect
-	golang.org/x/text v0.8.0 // indirect
-	golang.org/x/tools v0.6.1-0.20230222164832-25d2519c8696 // indirect
+	github.com/zclconf/go-cty v1.14.1 // indirect
+	golang.org/x/image v0.14.0 // indirect
+	golang.org/x/mod v0.15.0 // indirect
+	golang.org/x/net v0.21.0 // indirect
+	golang.org/x/sys v0.17.0 // indirect
+	golang.org/x/text v0.14.0 // indirect
+	golang.org/x/tools v0.17.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
-	lukechampine.com/uint128 v1.2.0 // indirect
-	modernc.org/cc/v3 v3.40.0 // indirect
-	modernc.org/ccgo/v3 v3.16.13 // indirect
-	modernc.org/libc v1.22.3 // indirect
-	modernc.org/mathutil v1.5.0 // indirect
-	modernc.org/memory v1.5.0 // indirect
-	modernc.org/opt v0.1.3 // indirect
-	modernc.org/strutil v1.1.3 // indirect
-	modernc.org/token v1.0.1 // indirect
+	modernc.org/gc/v3 v3.0.0-20240107210532-573471604cb6 // indirect
+	modernc.org/libc v1.41.0 // indirect
+	modernc.org/mathutil v1.6.0 // indirect
+	modernc.org/memory v1.7.2 // indirect
+	modernc.org/strutil v1.2.0 // indirect
+	modernc.org/token v1.1.0 // indirect
 )

backend/internal/core/currencies/currencies.go

@@ -0,0 +1,104 @@
+// Package currencies provides a shared definition of currencies. This uses a global
+// variable to hold the currencies.
+package currencies
+
+import (
+	"bytes"
+	_ "embed"
+	"encoding/json"
+	"io"
+	"slices"
+	"strings"
+	"sync"
+)
+
+//go:embed currencies.json
+var defaults []byte
+
+type CollectorFunc func() ([]Currency, error)
+
+func CollectJSON(reader io.Reader) CollectorFunc {
+	return func() ([]Currency, error) {
+		var currencies []Currency
+		err := json.NewDecoder(reader).Decode(&currencies)
+		if err != nil {
+			return nil, err
+		}
+
+		return currencies, nil
+	}
+}
+
+func CollectDefaults() CollectorFunc {
+	return CollectJSON(bytes.NewReader(defaults))
+}
+
+func CollectionCurrencies(collectors ...CollectorFunc) ([]Currency, error) {
+	out := make([]Currency, 0, len(collectors))
+	for i := range collectors {
+		c, err := collectors[i]()
+		if err != nil {
+			return nil, err
+		}
+
+		out = append(out, c...)
+	}
+
+	return out, nil
+}
+
+type Currency struct {
+	Name   string `json:"name"`
+	Code   string `json:"code"`
+	Local  string `json:"local"`
+	Symbol string `json:"symbol"`
+}
+
+type CurrencyRegistry struct {
+	mu       sync.RWMutex
+	registry map[string]Currency
+}
+
+func NewCurrencyService(currencies []Currency) *CurrencyRegistry {
+	registry := make(map[string]Currency, len(currencies))
+	for i := range currencies {
+		registry[currencies[i].Code] = currencies[i]
+	}
+
+	return &CurrencyRegistry{
+		registry: registry,
+	}
+}
+
+func (cs *CurrencyRegistry) Slice() []Currency {
+	cs.mu.RLock()
+	defer cs.mu.RUnlock()
+
+	out := make([]Currency, 0, len(cs.registry))
+	for key := range cs.registry {
+		out = append(out, cs.registry[key])
+	}
+
+	slices.SortFunc(out, func(a, b Currency) int {
+		if a.Name < b.Name {
+			return -1
+		}
+
+		if a.Name > b.Name {
+			return 1
+		}
+
+		return 0
+	})
+
+	return out
+}
+
+func (cs *CurrencyRegistry) IsSupported(code string) bool {
+	upper := strings.ToUpper(code)
+
+	cs.mu.RLock()
+	defer cs.mu.RUnlock()
+	_, ok := cs.registry[upper]
+	return ok
+}

backend/internal/core/currencies/currencies.json

@@ -0,0 +1,638 @@
+[
+  {
+    "code": "USD",
+    "local": "United States",
+    "symbol": "$",
+    "name": "United States Dollar"
+  },
+  {
+    "code": "AED",
+    "local": "United Arab Emirates",
+    "symbol": "د.إ",
+    "name": "United Arab Emirates Dirham"
+  },
+  {
+    "code": "AFN",
+    "local": "Afghanistan",
+    "symbol": "؋",
+    "name": "Afghan Afghani"
+  },
+  {
+    "code": "ALL",
+    "local": "Albania",
+    "symbol": "L",
+    "name": "Albanian Lek"
+  },
+  {
+    "code": "AMD",
+    "local": "Armenia",
+    "symbol": "֏",
+    "name": "Armenian Dram"
+  },
+  {
+    "code": "ANG",
+    "local": "Netherlands Antilles",
+    "symbol": "ƒ",
+    "name": "Netherlands Antillean Guilder"
+  },
+  {
+    "code": "AOA",
+    "local": "Angola",
+    "symbol": "Kz",
+    "name": "Angolan Kwanza"
+  },
+  {
+    "code": "ARS",
+    "local": "Argentina",
+    "symbol": "$",
+    "name": "Argentine Peso"
+  },
+  {
+    "code": "AUD",
+    "local": "Australia",
+    "symbol": "A$",
+    "name": "Australian Dollar"
+  },
+  {
+    "code": "AWG",
+    "local": "Aruba",
+    "symbol": "ƒ",
+    "name": "Aruban Florin"
+  },
+  {
+    "code": "AZN",
+    "local": "Azerbaijan",
+    "symbol": "₼",
+    "name": "Azerbaijani Manat"
+  },
+  {
+    "code": "BAM",
+    "local": "Bosnia and Herzegovina",
+    "symbol": "KM",
+    "name": "Bosnia and Herzegovina Convertible Mark"
+  },
+  {
+    "code": "BBD",
+    "local": "Barbados",
+    "symbol": "Bds$",
+    "name": "Barbadian Dollar"
+  },
+  {
+    "code": "BDT",
+    "local": "Bangladesh",
+    "symbol": "৳",
+    "name": "Bangladeshi Taka"
+  },
+  {
+    "code": "BGN",
+    "local": "Bulgaria",
+    "symbol": "лв",
+    "name": "Bulgarian lev"
+  },
+  {
+    "code": "BHD",
+    "local": "Bahrain",
+    "symbol": "ب.د",
+    "name": "Bahraini Dinar"
+  },
+  {
+    "code": "BIF",
+    "local": "Burundi",
+    "symbol": "FBu",
+    "name": "Burundian Franc"
+  },
+  {
+    "code": "BMD",
+    "local": "Bermuda",
+    "symbol": "BD$",
+    "name": "Bermudian Dollar"
+  },
+  {
+    "code": "BND",
+    "local": "Brunei",
+    "symbol": "B$",
+    "name": "Brunei Dollar"
+  },
+  {
+    "code": "BOB",
+    "local": "Bolivia",
+    "symbol": "Bs.",
+    "name": "Bolivian Boliviano"
+  },
+  {
+    "code": "BRL",
+    "local": "Brazil",
+    "symbol": "R$",
+    "name": "Brazilian Real"
+  },
+  {
+    "code": "BSD",
+    "local": "Bahamas",
+    "symbol": "B$",
+    "name": "Bahamian Dollar"
+  },
+  {
+    "code": "BTN",
+    "local": "Bhutan",
+    "symbol": "Nu.",
+    "name": "Bhutanese Ngultrum"
+  },
+  {
+    "code": "BWP",
+    "local": "Botswana",
+    "symbol": "P",
+    "name": "Botswana Pula"
+  },
+  {
+    "code": "BYN",
+    "local": "Belarus",
+    "symbol": "Br",
+    "name": "Belarusian Ruble"
+  },
+  {
+    "code": "BZD",
+    "local": "Belize",
+    "symbol": "BZ$",
+    "name": "Belize Dollar"
+  },
+  {
+    "code": "CAD",
+    "local": "Canada",
+    "symbol": "C$",
+    "name": "Canadian Dollar"
+  },
+  {
+    "code": "CDF",
+    "local": "Democratic Republic of the Congo",
+    "symbol": "FC",
+    "name": "Congolese Franc"
+  },
+  {
+    "code": "CHF",
+    "local": "Switzerland",
+    "symbol": "CHF",
+    "name": "Swiss Franc"
+  },
+  {
+    "code": "CLP",
+    "local": "Chile",
+    "symbol": "CL$",
+    "name": "Chilean Peso"
+  },
+  {
+    "code": "CNY",
+    "local": "China",
+    "symbol": "¥",
+    "name": "Chinese Yuan"
+  },
+  {
+    "code": "COP",
+    "local": "Colombia",
+    "symbol": "COL$",
+    "name": "Colombian Peso"
+  },
+  {
+    "code": "CRC",
+    "local": "Costa Rica",
+    "symbol": "₡",
+    "name": "Costa Rican Colón"
+  },
+  {
+    "code": "CUP",
+    "local": "Cuba",
+    "symbol": "₱",
+    "name": "Cuban Peso"
+  },
+  {
+    "code": "CVE",
+    "local": "Cape Verde",
+    "symbol": "$",
+    "name": "Cape Verdean Escudo"
+  },
+  {
+    "code": "CZK",
+    "local": "Czech Republic",
+    "symbol": "Kč",
+    "name": "Czech Koruna"
+  },
+  {
+    "code": "DJF",
+    "local": "Djibouti",
+    "symbol": "Fdj",
+    "name": "Djiboutian Franc"
+  },
+  {
+    "code": "DKK",
+    "local": "Denmark",
+    "symbol": "kr",
+    "name": "Danish Krone"
+  },
+  {
+    "code": "DOP",
+    "local": "Dominican Republic",
+    "symbol": "RD$",
+    "name": "Dominican Peso"
+  },
+  {
+    "code": "DZD",
+    "local": "Algeria",
+    "symbol": "د.ج",
+    "name": "Algerian Dinar"
+  },
+  {
+    "code": "EGP",
+    "local": "Egypt",
+    "symbol": "£",
+    "name": "Egyptian Pound"
+  },
+  {
+    "code": "ERN",
+    "local": "Eritrea",
+    "symbol": "Nfk",
+    "name": "Eritrean Nakfa"
+  },
+  {
+    "code": "ETB",
+    "local": "Ethiopia",
+    "symbol": "Br",
+    "name": "Ethiopian Birr"
+  },
+  {
+    "code": "EUR",
+    "local": "Eurozone",
+    "symbol": "€",
+    "name": "Euro"
+  },
+  {
+    "code": "FJD",
+    "local": "Fiji",
+    "symbol": "FJ$",
+    "name": "Fijian Dollar"
+  },
+  {
+    "code": "FKP",
+    "local": "Falkland Islands",
+    "symbol": "£",
+    "name": "Falkland Islands Pound"
+  },
+  {
+    "code": "FOK",
+    "local": "Faroe Islands",
+    "symbol": "kr",
+    "name": "Faroese Króna"
+  },
+  {
+    "code": "GBP",
+    "local": "United Kingdom",
+    "symbol": "£",
+    "name": "British Pound Sterling"
+  },
+  {
+    "code": "GEL",
+    "local": "Georgia",
+    "symbol": "₾",
+    "name": "Georgian Lari"
+  },
+  {
+    "code": "GGP",
+    "local": "Guernsey",
+    "symbol": "£",
+    "name": "Guernsey Pound"
+  },
+  {
+    "code": "GHS",
+    "local": "Ghana",
+    "symbol": "GH₵",
+    "name": "Ghanaian Cedi"
+  },
+  {
+    "code": "GIP",
+    "local": "Gibraltar",
+    "symbol": "£",
+    "name": "Gibraltar Pound"
+  },
+  {
+    "code": "GMD",
+    "local": "Gambia",
+    "symbol": "D",
+    "name": "Gambian Dalasi"
+  },
+  {
+    "code": "GNF",
+    "local": "Guinea",
+    "symbol": "FG",
+    "name": "Guinean Franc"
+  },
+  {
+    "code": "GTQ",
+    "local": "Guatemala",
+    "symbol": "Q",
+    "name": "Guatemalan Quetzal"
+  },
+  {
+    "code": "GYD",
+    "local": "Guyana",
+    "symbol": "GY$",
+    "name": "Guyanese Dollar"
+  },
+  {
+    "code": "HKD",
+    "local": "Hong Kong",
+    "symbol": "HK$",
+    "name": "Hong Kong Dollar"
+  },
+  {
+    "code": "HNL",
+    "local": "Honduras",
+    "symbol": "L",
+    "name": "Honduran Lempira"
+  },
+  {
+    "code": "HRK",
+    "local": "Croatia",
+    "symbol": "kn",
+    "name": "Croatian Kuna"
+  },
+  {
+    "code": "HTG",
+    "local": "Haiti",
+    "symbol": "G",
+    "name": "Haitian Gourde"
+  },
+  {
+    "code": "HUF",
+    "local": "Hungary",
+    "symbol": "Ft",
+    "name": "Hungarian Forint"
+  },
+  {
+    "code": "IDR",
+    "local": "Indonesia",
+    "symbol": "Rp",
+    "name": "Indonesian Rupiah"
+  },
+  {
+    "code": "ILS",
+    "local": "Israel",
+    "symbol": "₪",
+    "name": "Israeli New Shekel"
+  },
+  {
+    "code": "IMP",
+    "local": "Isle of Man",
+    "symbol": "£",
+    "name": "Manx Pound"
+  },
+  {
+    "code": "INR",
+    "local": "India",
+    "symbol": "₹",
+    "name": "Indian Rupee"
+  },
+  {
+    "code": "IQD",
+    "local": "Iraq",
+    "symbol": "ع.د",
+    "name": "Iraqi Dinar"
+  },
+  {
+    "code": "IRR",
+    "local": "Iran",
+    "symbol": "﷼",
+    "name": "Iranian Rial"
+  },
+  {
+    "code": "ISK",
+    "local": "Iceland",
+    "symbol": "kr",
+    "name": "Icelandic Króna"
+  },
+  {
+    "code": "JEP",
+    "local": "Jersey",
+    "symbol": "£",
+    "name": "Jersey Pound"
+  },
+  {
+    "code": "JMD",
+    "local": "Jamaica",
+    "symbol": "J$",
+    "name": "Jamaican Dollar"
+  },
+  {
+    "code": "JOD",
+    "local": "Jordan",
+    "symbol": "د.ا",
+    "name": "Jordanian Dinar"
+  },
+  {
+    "code": "JPY",
+    "local": "Japan",
+    "symbol": "¥",
+    "name": "Japanese Yen"
+  },
+  {
+    "code": "KES",
+    "local": "Kenya",
+    "symbol": "KSh",
+    "name": "Kenyan Shilling"
+  },
+  {
+    "code": "KGS",
+    "local": "Kyrgyzstan",
+    "symbol": "с",
+    "name": "Kyrgyzstani Som"
+  },
+  {
+    "code": "KHR",
+    "local": "Cambodia",
+    "symbol": "៛",
+    "name": "Cambodian Riel"
+  },
+  {
+    "code": "KID",
+    "local": "Kiribati",
+    "symbol": "$",
+    "name": "Kiribati Dollar"
+  },
+  {
+    "code": "KMF",
+    "local": "Comoros",
+    "symbol": "CF",
+    "name": "Comorian Franc"
+  },
+  {
+    "code": "KRW",
+    "local": "South Korea",
+    "symbol": "₩",
+    "name": "South Korean Won"
+  },
+  {
+    "code": "KWD",
+    "local": "Kuwait",
+    "symbol": "د.ك",
+    "name": "Kuwaiti Dinar"
+  },
+  {
+    "code": "KYD",
+    "local": "Cayman Islands",
+    "symbol": "CI$",
+    "name": "Cayman Islands Dollar"
+  },
+  {
+    "code": "KZT",
+    "local": "Kazakhstan",
+    "symbol": "₸",
+    "name": "Kazakhstani Tenge"
+  },
+  {
+    "code": "LAK",
+    "local": "Laos",
+    "symbol": "₭",
+    "name": "Lao Kip"
+  },
+  {
+    "code": "LBP",
+    "local": "Lebanon",
+    "symbol": "ل.ل",
+    "name": "Lebanese Pound"
+  },
+  {
+    "code": "LKR",
+    "local": "Sri Lanka",
+    "symbol": "₨",
+    "name": "Sri Lankan Rupee"
+  },
+  {
+    "code": "LRD",
+    "local": "Liberia",
+    "symbol": "L$",
+    "name": "Liberian Dollar"
+  },
+  {
+    "code": "LSL",
+    "local": "Lesotho",
+    "symbol": "M",
+    "name": "Lesotho Loti"
+  },
+  {
+    "code": "LYD",
+    "local": "Libya",
+    "symbol": "ل.د",
+    "name": "Libyan Dinar"
+  },
+  {
+    "code": "MAD",
+    "local": "Morocco",
+    "symbol": "د.م.",
+    "name": "Moroccan Dirham"
+  },
+  {
+    "code": "MDL",
+    "local": "Moldova",
+    "symbol": "lei",
+    "name": "Moldovan Leu"
+  },
+  {
+    "code": "MGA",
+    "local": "Madagascar",
+    "symbol": "Ar",
+    "name": "Malagasy Ariary"
+  },
+  {
+    "code": "MKD",
+    "local": "North Macedonia",
+    "symbol": "ден",
+    "name": "Macedonian Denar"
+  },
+  {
+    "code": "MMK",
+    "local": "Myanmar",
+    "symbol": "K",
+    "name": "Myanmar Kyat"
+  },
+  {
+    "code": "MNT",
+    "local": "Mongolia",
+    "symbol": "₮",
+    "name": "Mongolian Tugrik"
+  },
+  {
+    "code": "MOP",
+    "local": "Macau",
+    "symbol": "MOP$",
+    "name": "Macanese Pataca"
+  },
+  {
+    "code": "MRU",
+    "local": "Mauritania",
+    "symbol": "UM",
+    "name": "Mauritanian Ouguiya"
+  },
+  {
+    "code": "MUR",
+    "local": "Mauritius",
+    "symbol": "₨",
+    "name": "Mauritian Rupee"
+  },
+  {
+    "code": "MVR",
+    "local": "Maldives",
+    "symbol": "Rf",
+    "name": "Maldivian Rufiyaa"
+  },
+  {
+    "code": "MWK",
+    "local": "Malawi",
+    "symbol": "MK",
+    "name": "Malawian Kwacha"
+  },
+  {
+    "code": "MXN",
+    "local": "Mexico",
+    "symbol": "Mex$",
+    "name": "Mexican Peso"
+  },
+  {
+    "code": "MYR",
+    "local": "Malaysia",
+    "symbol": "RM",
+    "name": "Malaysian Ringgit"
+  },
+  {
+    "code": "MZN",
+    "local": "Mozambique",
+    "symbol": "MT",
+    "name": "Mozambican Metical"
+  },
+  {
+    "code": "NAD",
+    "local": "Namibia",
+    "symbol": "N$",
+    "name": "Namibian Dollar"
+  },
+  {
+    "code": "NGN",
+    "local": "Nigeria",
+    "symbol": "₦",
+    "name": "Nigerian Naira"
+  },
+  {
+    "code": "NIO",
+    "local": "Nicaragua",
+    "symbol": "C$",
+    "name": "Nicaraguan Córdoba"
+  },
+  {
+    "code": "NOK",
+    "local": "Norway",
+    "symbol": "kr",
+    "name": "Norwegian Krone"
+  },
+  {
+    "code": "UAH",
+    "local": "Ukraine",
+    "symbol": "₴",
+    "name": "Ukrainian Hryvnia"
+  }
+]

backend/internal/core/services/all.go

@@ -1,7 +1,10 @@
+// Package services provides the core business logic for the application.
 package services
 
 import (
+	"github.com/hay-kot/homebox/backend/internal/core/currencies"
 	"github.com/hay-kot/homebox/backend/internal/data/repo"
+	"github.com/hay-kot/homebox/backend/pkgs/mailer"
 )
 
 type AllServices struct {
@@ -9,12 +12,14 @@ type AllServices struct {
 	Group             *GroupService
 	Items             *ItemService
 	BackgroundService *BackgroundService
+	Currencies        *currencies.CurrencyRegistry
 }
 
 type OptionsFunc func(*options)
 
 type options struct {
 	autoIncrementAssetID bool
+	currencies           []currencies.Currency
 }
 
 func WithAutoIncrementAssetID(v bool) func(*options) {
@@ -23,13 +28,27 @@ func WithAutoIncrementAssetID(v bool) func(*options) {
 	}
 }
 
-func New(repos *repo.AllRepos, opts ...OptionsFunc) *AllServices {
+func WithCurrencies(v []currencies.Currency) func(*options) {
+	return func(o *options) {
+		o.currencies = v
+	}
+}
+
+func New(repos *repo.AllRepos, baseurl string, sender *mailer.Mailer, opts ...OptionsFunc) *AllServices {
 	if repos == nil {
 		panic("repos cannot be nil")
 	}
 
+	defaultCurrencies, err := currencies.CollectionCurrencies(
+		currencies.CollectDefaults(),
+	)
+	if err != nil {
+		panic("failed to collect default currencies")
+	}
+
 	options := &options{
 		autoIncrementAssetID: true,
+		currencies:           defaultCurrencies,
 	}
 
 	for _, opt := range opts {
@@ -37,12 +56,17 @@ func New(repos *repo.AllRepos, opts ...OptionsFunc) *AllServices {
 	}
 
 	return &AllServices{
-		User:  &UserService{repos},
+		User: &UserService{
+			repos:   repos,
+			mailer:  sender,
+			baseurl: baseurl,
+		},
 		Group: &GroupService{repos},
 		Items: &ItemService{
 			repo:                 repos,
 			autoIncrementAssetID: options.autoIncrementAssetID,
 		},
 		BackgroundService: &BackgroundService{repos},
+		Currencies:        currencies.NewCurrencyService(options.currencies),
 	}
 }

backend/internal/core/services/contexts.go

@@ -19,11 +19,11 @@ var (
 type Context struct {
 	context.Context
 
-	// UID is a unique identifier for the acting user.
-	UID uuid.UUID
+	// UserID is a unique identifier for the acting user.
+	UserID uuid.UUID
 
-	// GID is a unique identifier for the acting users group.
-	GID uuid.UUID
+	// GroupID is a unique identifier for the acting users group.
+	GroupID uuid.UUID
 
 	// User is the acting user.
 	User *repo.UserOut
@@ -35,8 +35,8 @@ func NewContext(ctx context.Context) Context {
 	user := UseUserCtx(ctx)
 	return Context{
 		Context: ctx,
-		UID:     user.ID,
-		GID:     user.GroupID,
+		UserID:  user.ID,
+		GroupID: user.GroupID,
 		User:    user,
 	}
 }

backend/internal/core/services/main_test.go

@@ -6,14 +6,18 @@ import (
 	"os"
 	"testing"
 
+	"github.com/hay-kot/homebox/backend/internal/core/currencies"
+	"github.com/hay-kot/homebox/backend/internal/core/services/reporting/eventbus"
 	"github.com/hay-kot/homebox/backend/internal/data/ent"
 	"github.com/hay-kot/homebox/backend/internal/data/repo"
 	"github.com/hay-kot/homebox/backend/pkgs/faker"
+	"github.com/hay-kot/homebox/backend/pkgs/mailer"
 	_ "github.com/mattn/go-sqlite3"
 )
 
 var (
-	fk = faker.NewFaker()
+	fk   = faker.NewFaker()
+	tbus = eventbus.New()
 
 	tCtx    = Context{}
 	tClient *ent.Client
@@ -58,16 +62,22 @@ func TestMain(m *testing.M) {
 	}
 
 	tClient = client
-	tRepos = repo.New(tClient, os.TempDir()+"/homebox")
-	tSvc = New(tRepos)
-	defer client.Close()
+	tRepos = repo.New(tClient, tbus, os.TempDir()+"/homebox")
+
+	defaults, _ := currencies.CollectionCurrencies(
+		currencies.CollectDefaults(),
+	)
+
+	tSvc = New(tRepos, "", &mailer.Mailer{}, WithCurrencies(defaults))
 
 	bootstrap()
 	tCtx = Context{
 		Context: context.Background(),
-		GID:     tGroup.ID,
-		UID:     tUser.ID,
+		GroupID: tGroup.ID,
+		UserID:  tUser.ID,
 	}
 
-	os.Exit(m.Run())
+	exit := m.Run()
+	_ = client.Close()
+	os.Exit(exit)
 }

backend/internal/core/services/reporting/.testdata/import.csv

@@ -1,7 +0,0 @@
-Import Ref,Location,Labels,Quantity,Name,Description,Insured,Serial Number,Mode Number,Manufacturer,Notes,Purchase From,Purchased Price,Purchased Time,Lifetime Warranty,Warranty Expires,Warranty Details,Sold To,Sold Price,Sold Time,Sold Notes
-A,Garage,IOT;Home Assistant; Z-Wave,1,Zooz Universal Relay ZEN17,Description 1,TRUE,,ZEN17,Zooz,,Amazon,39.95,10/13/2021,,10/13/2021,,,,10/13/2021,
-B,Living Room,IOT;Home Assistant; Z-Wave,1,Zooz Motion Sensor,Description 2,FALSE,,ZSE18,Zooz,,Amazon,29.95,10/15/2021,,10/15/2021,,,,10/15/2021,
-C,Office,IOT;Home Assistant; Z-Wave,1,Zooz 110v Power Switch,Description 3,TRUE,,ZEN15,Zooz,,Amazon,39.95,10/13/2021,,10/13/2021,,,,10/13/2021,
-D,Downstairs,IOT;Home Assistant; Z-Wave,1,Ecolink Z-Wave PIR Motion Sensor,Description 4,FALSE,,PIRZWAVE2.5-ECO,Ecolink,,Amazon,35.58,10/21/2020,,10/21/2020,,,,10/21/2020,
-E,Entry,IOT;Home Assistant; Z-Wave,1,Yale Security Touchscreen Deadbolt,Description 5,TRUE,,YRD226ZW2619,Yale,,Amazon,120.39,10/14/2020,,10/14/2020,,,,10/14/2020,
-F,Kitchen,IOT;Home Assistant; Z-Wave,1,Smart Rocker Light Dimmer,Description 6,FALSE,,39351,Honeywell,,Amazon,65.98,09/30/2020,,09/30/2020,,,,09/30/2020,

backend/internal/core/services/reporting/.testdata/import.tsv

@@ -1,7 +0,0 @@
-Import Ref	Location	Labels	Quantity	Name	Description	Insured	Serial Number	Mode Number	Manufacturer	Notes	Purchase From	Purchased Price	Purchased Time	Lifetime Warranty	Warranty Expires	Warranty Details	Sold To	Sold Price	Sold Time	Sold Notes
-A	Garage	IOT;Home Assistant; Z-Wave	1	Zooz Universal Relay ZEN17	Description 1	TRUE		ZEN17	Zooz		Amazon	39.95	10/13/2021		10/13/2021				10/13/2021	
-B	Living Room	IOT;Home Assistant; Z-Wave	1	Zooz Motion Sensor	Description 2	FALSE		ZSE18	Zooz		Amazon	29.95	10/15/2021		10/15/2021				10/15/2021	
-C	Office	IOT;Home Assistant; Z-Wave	1	Zooz 110v Power Switch	Description 3	TRUE		ZEN15	Zooz		Amazon	39.95	10/13/2021		10/13/2021				10/13/2021	
-D	Downstairs	IOT;Home Assistant; Z-Wave	1	Ecolink Z-Wave PIR Motion Sensor	Description 4	FALSE		PIRZWAVE2.5-ECO	Ecolink		Amazon	35.58	10/21/2020		10/21/2020				10/21/2020	
-E	Entry	IOT;Home Assistant; Z-Wave	1	Yale Security Touchscreen Deadbolt	Description 5	TRUE		YRD226ZW2619	Yale		Amazon	120.39	10/14/2020		10/14/2020				10/14/2020	
-F	Kitchen	IOT;Home Assistant; Z-Wave	1	Smart Rocker Light Dimmer	Description 6	FALSE		39351	Honeywell		Amazon	65.98	09/30/2020		09/30/2020				09/30/2020	

backend/internal/core/services/reporting/eventbus/eventbus.go

@@ -0,0 +1,91 @@
+// Package eventbus provides an interface for event bus.
+package eventbus
+
+import (
+	"context"
+	"sync"
+
+	"github.com/google/uuid"
+)
+
+type Event string
+
+const (
+	EventLabelMutation    Event = "label.mutation"
+	EventLocationMutation Event = "location.mutation"
+	EventItemMutation     Event = "item.mutation"
+)
+
+type GroupMutationEvent struct {
+	GID uuid.UUID
+}
+
+type eventData struct {
+	event Event
+	data  any
+}
+
+type EventBus struct {
+	started bool
+	ch      chan eventData
+
+	mu          sync.RWMutex
+	subscribers map[Event][]func(any)
+}
+
+func New() *EventBus {
+	return &EventBus{
+		ch: make(chan eventData, 100),
+		subscribers: map[Event][]func(any){
+			EventLabelMutation:    {},
+			EventLocationMutation: {},
+			EventItemMutation:     {},
+		},
+	}
+}
+
+func (e *EventBus) Run(ctx context.Context) error {
+	if e.started {
+		panic("event bus already started")
+	}
+
+	e.started = true
+
+	for {
+		select {
+		case <-ctx.Done():
+			return nil
+		case event := <-e.ch:
+			e.mu.RLock()
+			arr, ok := e.subscribers[event.event]
+			e.mu.RUnlock()
+
+			if !ok {
+				continue
+			}
+
+			for _, fn := range arr {
+				fn(event.data)
+			}
+		}
+	}
+}
+
+func (e *EventBus) Publish(event Event, data any) {
+	e.ch <- eventData{
+		event: event,
+		data:  data,
+	}
+}
+
+func (e *EventBus) Subscribe(event Event, fn func(any)) {
+	e.mu.Lock()
+	defer e.mu.Unlock()
+
+	arr, ok := e.subscribers[event]
+	if !ok {
+		panic("event not found")
+	}
+
+	e.subscribers[event] = append(arr, fn)
+}

backend/internal/core/services/reporting/import.go

@@ -1,3 +1,4 @@
+// Package reporting provides a way to import CSV files into the database.
 package reporting
 
 import (

backend/internal/core/services/reporting/io_row.go

@@ -83,3 +83,13 @@ func parseLocationString(s string) LocationString {
 func (csf LocationString) String() string {
 	return strings.Join(csf, " / ")
 }
+
+func fromPathSlice(s []repo.ItemPath) LocationString {
+	v := make(LocationString, len(s))
+
+	for i := range s {
+		v[i] = s[i].Name
+	}
+
+	return v
+}

backend/internal/core/services/reporting/io_sheet.go

@@ -1,6 +1,7 @@
 package reporting
 
 import (
+	"context"
 	"fmt"
 	"io"
 	"reflect"
@@ -8,6 +9,7 @@ import (
 	"strconv"
 	"strings"
 
+	"github.com/google/uuid"
 	"github.com/hay-kot/homebox/backend/internal/data/repo"
 	"github.com/hay-kot/homebox/backend/internal/data/types"
 	"github.com/rs/zerolog/log"
@@ -150,8 +152,8 @@ func (s *IOSheet) Read(data io.Reader) error {
 	return nil
 }
 
-// Write writes the sheet to a writer.
-func (s *IOSheet) ReadItems(items []repo.ItemOut) {
+// ReadItems writes the sheet to a writer.
+func (s *IOSheet) ReadItems(ctx context.Context, items []repo.ItemOut, groupID uuid.UUID, repos *repo.AllRepos) error {
 	s.Rows = make([]ExportTSVRow, len(items))
 
 	extraHeaders := map[string]struct{}{}
@@ -160,7 +162,15 @@ func (s *IOSheet) ReadItems(items []repo.ItemOut) {
 		item := items[i]
 
 		// TODO: Support fetching nested locations
-		locString := LocationString{item.Location.Name}
+		locID := item.Location.ID
+
+		locPaths, err := repos.Locations.PathForLoc(context.Background(), groupID, locID)
+		if err != nil {
+			log.Error().Err(err).Msg("could not get location path")
+			return err
+		}
+
+		locString := fromPathSlice(locPaths)
 
 		labelString := make([]string, len(item.Labels))
 
@@ -238,9 +248,11 @@ func (s *IOSheet) ReadItems(items []repo.ItemOut) {
 	for _, h := range customHeaders {
 		s.headers = append(s.headers, "HB.field."+h)
 	}
+
+	return nil
 }
 
-// Writes the current sheet to a writer in TSV format.
+// TSV writes the current sheet to a writer in TSV format.
 func (s *IOSheet) TSV() ([][]string, error) {
 	memcsv := make([][]string, len(s.Rows)+1)
 

backend/internal/core/services/reporting/io_sheet_test.go

@@ -9,6 +9,7 @@ import (
 
 	"github.com/hay-kot/homebox/backend/internal/data/repo"
 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 )
 
 var (
@@ -20,12 +21,6 @@ var (
 
 	//go:embed .testdata/import/types.csv
 	customTypesImportCSV []byte
-
-	//go:embed .testdata/import.csv
-	CSVData_Comma []byte
-
-	//go:embed .testdata/import.tsv
-	CSVData_Tab []byte
 )
 
 func TestSheet_Read(t *testing.T) {
@@ -109,9 +104,9 @@ func TestSheet_Read(t *testing.T) {
 
 			switch {
 			case tt.wantErr:
-				assert.Error(t, err)
+				require.Error(t, err)
 			default:
-				assert.NoError(t, err)
+				require.NoError(t, err)
 				assert.ElementsMatch(t, tt.want, sheet.Rows)
 			}
 		})
@@ -189,7 +184,7 @@ func Test_determineSeparator(t *testing.T) {
 		{
 			name: "comma",
 			args: args{
-				data: CSVData_Comma,
+				data: []byte("a,b,c"),
 			},
 			want:    ',',
 			wantErr: false,
@@ -197,7 +192,7 @@ func Test_determineSeparator(t *testing.T) {
 		{
 			name: "tab",
 			args: args{
-				data: CSVData_Tab,
+				data: []byte("a\tb\tc"),
 			},
 			want:    '\t',
 			wantErr: false,

backend/internal/core/services/service_background.go

@@ -66,7 +66,6 @@ func (svc *BackgroundService) SendNotifiersToday(ctx context.Context) error {
 		var sendErrs []error
 		for i := range urls {
 			err := shoutrrr.Send(urls[i], bldr.String())
-
 			if err != nil {
 				sendErrs = append(sendErrs, err)
 			}

backend/internal/core/services/service_group.go

@@ -21,13 +21,13 @@ func (svc *GroupService) UpdateGroup(ctx Context, data repo.GroupUpdate) (repo.G
 		return repo.Group{}, errors.New("currency cannot be empty")
 	}
 
-	return svc.repos.Groups.GroupUpdate(ctx.Context, ctx.GID, data)
+	return svc.repos.Groups.GroupUpdate(ctx.Context, ctx.GroupID, data)
 }
 
 func (svc *GroupService) NewInvitation(ctx Context, uses int, expiresAt time.Time) (string, error) {
 	token := hasher.GenerateToken()
 
-	_, err := svc.repos.Groups.InvitationCreate(ctx, ctx.GID, repo.GroupInvitationCreate{
+	_, err := svc.repos.Groups.InvitationCreate(ctx, ctx.GroupID, repo.GroupInvitationCreate{
 		Token:     token.Hash,
 		Uses:      uses,
 		ExpiresAt: expiresAt,

backend/internal/core/services/service_items.go

@@ -27,24 +27,24 @@ type ItemService struct {
 
 func (svc *ItemService) Create(ctx Context, item repo.ItemCreate) (repo.ItemOut, error) {
 	if svc.autoIncrementAssetID {
-		highest, err := svc.repo.Items.GetHighestAssetID(ctx, ctx.GID)
+		highest, err := svc.repo.Items.GetHighestAssetID(ctx, ctx.GroupID)
 		if err != nil {
 			return repo.ItemOut{}, err
 		}
 
-		item.AssetID = repo.AssetID(highest + 1)
+		item.AssetID = highest + 1
 	}
 
-	return svc.repo.Items.Create(ctx, ctx.GID, item)
+	return svc.repo.Items.Create(ctx, ctx.GroupID, item)
 }
 
-func (svc *ItemService) EnsureAssetID(ctx context.Context, GID uuid.UUID) (int, error) {
-	items, err := svc.repo.Items.GetAllZeroAssetID(ctx, GID)
+func (svc *ItemService) EnsureAssetID(ctx context.Context, groupID uuid.UUID) (int, error) {
+	items, err := svc.repo.Items.GetAllZeroAssetID(ctx, groupID)
 	if err != nil {
 		return 0, err
 	}
 
-	highest, err := svc.repo.Items.GetHighestAssetID(ctx, GID)
+	highest, err := svc.repo.Items.GetHighestAssetID(ctx, groupID)
 	if err != nil {
 		return 0, err
 	}
@@ -53,7 +53,7 @@ func (svc *ItemService) EnsureAssetID(ctx context.Context, GID uuid.UUID) (int,
 	for _, item := range items {
 		highest++
 
-		err = svc.repo.Items.SetAssetID(ctx, GID, item.ID, repo.AssetID(highest))
+		err = svc.repo.Items.SetAssetID(ctx, groupID, item.ID, highest)
 		if err != nil {
 			return 0, err
 		}
@@ -64,8 +64,8 @@ func (svc *ItemService) EnsureAssetID(ctx context.Context, GID uuid.UUID) (int,
 	return finished, nil
 }
 
-func (svc *ItemService) EnsureImportRef(ctx context.Context, GID uuid.UUID) (int, error) {
-	ids, err := svc.repo.Items.GetAllZeroImportRef(ctx, GID)
+func (svc *ItemService) EnsureImportRef(ctx context.Context, groupID uuid.UUID) (int, error) {
+	ids, err := svc.repo.Items.GetAllZeroImportRef(ctx, groupID)
 	if err != nil {
 		return 0, err
 	}
@@ -74,7 +74,7 @@ func (svc *ItemService) EnsureImportRef(ctx context.Context, GID uuid.UUID) (int
 	for _, itemID := range ids {
 		ref := uuid.New().String()[0:8]
 
-		err = svc.repo.Items.Patch(ctx, GID, itemID, repo.ItemPatch{ImportRef: &ref})
+		err = svc.repo.Items.Patch(ctx, groupID, itemID, repo.ItemPatch{ImportRef: &ref})
 		if err != nil {
 			return 0, err
 		}
@@ -96,7 +96,7 @@ func serializeLocation[T ~[]string](location T) string {
 //  1. If the item does not exist, it is created.
 //  2. If the item has a ImportRef and it exists it is skipped
 //  3. Locations and Labels are created if they do not exist.
-func (svc *ItemService) CsvImport(ctx context.Context, GID uuid.UUID, data io.Reader) (int, error) {
+func (svc *ItemService) CsvImport(ctx context.Context, groupID uuid.UUID, data io.Reader) (int, error) {
 	sheet := reporting.IOSheet{}
 
 	err := sheet.Read(data)
@@ -109,7 +109,7 @@ func (svc *ItemService) CsvImport(ctx context.Context, GID uuid.UUID, data io.Re
 
 	labelMap := make(map[string]uuid.UUID)
 	{
-		labels, err := svc.repo.Labels.GetAll(ctx, GID)
+		labels, err := svc.repo.Labels.GetAll(ctx, groupID)
 		if err != nil {
 			return 0, err
 		}
@@ -124,7 +124,7 @@ func (svc *ItemService) CsvImport(ctx context.Context, GID uuid.UUID, data io.Re
 
 	locationMap := make(map[string]uuid.UUID)
 	{
-		locations, err := svc.repo.Locations.Tree(ctx, GID, repo.TreeQuery{WithItems: false})
+		locations, err := svc.repo.Locations.Tree(ctx, groupID, repo.TreeQuery{WithItems: false})
 		if err != nil {
 			return 0, err
 		}
@@ -153,7 +153,7 @@ func (svc *ItemService) CsvImport(ctx context.Context, GID uuid.UUID, data io.Re
 	// Asset ID Pre-Check
 	highestAID := repo.AssetID(-1)
 	if svc.autoIncrementAssetID {
-		highestAID, err = svc.repo.Items.GetHighestAssetID(ctx, GID)
+		highestAID, err = svc.repo.Items.GetHighestAssetID(ctx, groupID)
 		if err != nil {
 			return 0, err
 		}
@@ -169,7 +169,7 @@ func (svc *ItemService) CsvImport(ctx context.Context, GID uuid.UUID, data io.Re
 		// ========================================
 		// Preflight check for existing item
 		if row.ImportRef != "" {
-			exists, err := svc.repo.Items.CheckRef(ctx, GID, row.ImportRef)
+			exists, err := svc.repo.Items.CheckRef(ctx, groupID, row.ImportRef)
 			if err != nil {
 				return 0, fmt.Errorf("error checking for existing item with ref %q: %w", row.ImportRef, err)
 			}
@@ -188,7 +188,7 @@ func (svc *ItemService) CsvImport(ctx context.Context, GID uuid.UUID, data io.Re
 
 			id, ok := labelMap[label]
 			if !ok {
-				newLabel, err := svc.repo.Labels.Create(ctx, GID, repo.LabelCreate{Name: label})
+				newLabel, err := svc.repo.Labels.Create(ctx, groupID, repo.LabelCreate{Name: label})
 				if err != nil {
 					return 0, err
 				}
@@ -220,7 +220,7 @@ func (svc *ItemService) CsvImport(ctx context.Context, GID uuid.UUID, data io.Re
 						parentID = locationMap[parentPath]
 					}
 
-					newLocation, err := svc.repo.Locations.Create(ctx, GID, repo.LocationCreate{
+					newLocation, err := svc.repo.Locations.Create(ctx, groupID, repo.LocationCreate{
 						ParentID: parentID,
 						Name:     pathElement,
 					})
@@ -261,12 +261,12 @@ func (svc *ItemService) CsvImport(ctx context.Context, GID uuid.UUID, data io.Re
 				LabelIDs:    labelIds,
 			}
 
-			item, err = svc.repo.Items.Create(ctx, GID, newItem)
+			item, err = svc.repo.Items.Create(ctx, groupID, newItem)
 			if err != nil {
 				return 0, err
 			}
 		default:
-			item, err = svc.repo.Items.GetByRef(ctx, GID, row.ImportRef)
+			item, err = svc.repo.Items.GetByRef(ctx, groupID, row.ImportRef)
 			if err != nil {
 				return 0, err
 			}
@@ -318,7 +318,7 @@ func (svc *ItemService) CsvImport(ctx context.Context, GID uuid.UUID, data io.Re
 			Fields: fields,
 		}
 
-		item, err = svc.repo.Items.UpdateByGroup(ctx, GID, updateItem)
+		item, err = svc.repo.Items.UpdateByGroup(ctx, groupID, updateItem)
 		if err != nil {
 			return 0, err
 		}
@@ -329,21 +329,24 @@ func (svc *ItemService) CsvImport(ctx context.Context, GID uuid.UUID, data io.Re
 	return finished, nil
 }
 
-func (svc *ItemService) ExportTSV(ctx context.Context, GID uuid.UUID) ([][]string, error) {
-	items, err := svc.repo.Items.GetAll(ctx, GID)
+func (svc *ItemService) ExportTSV(ctx context.Context, groupID uuid.UUID) ([][]string, error) {
+	items, err := svc.repo.Items.GetAll(ctx, groupID)
 	if err != nil {
 		return nil, err
 	}
 
 	sheet := reporting.IOSheet{}
 
-	sheet.ReadItems(items)
+	err = sheet.ReadItems(ctx, items, groupID, svc.repo)
+	if err != nil {
+		return nil, err
+	}
 
 	return sheet.TSV()
 }
 
-func (svc *ItemService) ExportBillOfMaterialsTSV(ctx context.Context, GID uuid.UUID) ([]byte, error) {
-	items, err := svc.repo.Items.GetAll(ctx, GID)
+func (svc *ItemService) ExportBillOfMaterialsTSV(ctx context.Context, groupID uuid.UUID) ([]byte, error) {
+	items, err := svc.repo.Items.GetAll(ctx, groupID)
 	if err != nil {
 		return nil, err
 	}

backend/internal/core/services/service_items_attachments.go

@@ -12,8 +12,8 @@ import (
 	"github.com/rs/zerolog/log"
 )
 
-func (svc *ItemService) AttachmentPath(ctx context.Context, attachmentId uuid.UUID) (*ent.Document, error) {
-	attachment, err := svc.repo.Attachments.Get(ctx, attachmentId)
+func (svc *ItemService) AttachmentPath(ctx context.Context, attachmentID uuid.UUID) (*ent.Document, error) {
+	attachment, err := svc.repo.Attachments.Get(ctx, attachmentID)
 	if err != nil {
 		return nil, err
 	}
@@ -21,9 +21,9 @@ func (svc *ItemService) AttachmentPath(ctx context.Context, attachmentId uuid.UU
 	return attachment.Edges.Document, nil
 }
 
-func (svc *ItemService) AttachmentUpdate(ctx Context, itemId uuid.UUID, data *repo.ItemAttachmentUpdate) (repo.ItemOut, error) {
+func (svc *ItemService) AttachmentUpdate(ctx Context, itemID uuid.UUID, data *repo.ItemAttachmentUpdate) (repo.ItemOut, error) {
 	// Update Attachment
-	attachment, err := svc.repo.Attachments.Update(ctx, data.ID, attachment.Type(data.Type))
+	attachment, err := svc.repo.Attachments.Update(ctx, data.ID, data)
 	if err != nil {
 		return repo.ItemOut{}, err
 	}
@@ -35,50 +35,50 @@ func (svc *ItemService) AttachmentUpdate(ctx Context, itemId uuid.UUID, data *re
 		return repo.ItemOut{}, err
 	}
 
-	return svc.repo.Items.GetOneByGroup(ctx, ctx.GID, itemId)
+	return svc.repo.Items.GetOneByGroup(ctx, ctx.GroupID, itemID)
 }
 
 // AttachmentAdd adds an attachment to an item by creating an entry in the Documents table and linking it to the Attachment
 // Table and Items table. The file provided via the reader is stored on the file system based on the provided
 // relative path during construction of the service.
-func (svc *ItemService) AttachmentAdd(ctx Context, itemId uuid.UUID, filename string, attachmentType attachment.Type, file io.Reader) (repo.ItemOut, error) {
+func (svc *ItemService) AttachmentAdd(ctx Context, itemID uuid.UUID, filename string, attachmentType attachment.Type, file io.Reader) (repo.ItemOut, error) {
 	// Get the Item
-	_, err := svc.repo.Items.GetOneByGroup(ctx, ctx.GID, itemId)
+	_, err := svc.repo.Items.GetOneByGroup(ctx, ctx.GroupID, itemID)
 	if err != nil {
 		return repo.ItemOut{}, err
 	}
 
 	// Create the document
-	doc, err := svc.repo.Docs.Create(ctx, ctx.GID, repo.DocumentCreate{Title: filename, Content: file})
+	doc, err := svc.repo.Docs.Create(ctx, ctx.GroupID, repo.DocumentCreate{Title: filename, Content: file})
 	if err != nil {
 		log.Err(err).Msg("failed to create document")
 		return repo.ItemOut{}, err
 	}
 
 	// Create the attachment
-	_, err = svc.repo.Attachments.Create(ctx, itemId, doc.ID, attachmentType)
+	_, err = svc.repo.Attachments.Create(ctx, itemID, doc.ID, attachmentType)
 	if err != nil {
 		log.Err(err).Msg("failed to create attachment")
 		return repo.ItemOut{}, err
 	}
 
-	return svc.repo.Items.GetOneByGroup(ctx, ctx.GID, itemId)
+	return svc.repo.Items.GetOneByGroup(ctx, ctx.GroupID, itemID)
 }
 
-func (svc *ItemService) AttachmentDelete(ctx context.Context, gid, itemId, attachmentId uuid.UUID) error {
+func (svc *ItemService) AttachmentDelete(ctx context.Context, gid, itemID, attachmentID uuid.UUID) error {
 	// Get the Item
-	_, err := svc.repo.Items.GetOneByGroup(ctx, gid, itemId)
+	_, err := svc.repo.Items.GetOneByGroup(ctx, gid, itemID)
 	if err != nil {
 		return err
 	}
 
-	attachment, err := svc.repo.Attachments.Get(ctx, attachmentId)
+	attachment, err := svc.repo.Attachments.Get(ctx, attachmentID)
 	if err != nil {
 		return err
 	}
 
 	// Delete the attachment
-	err = svc.repo.Attachments.Delete(ctx, attachmentId)
+	err = svc.repo.Attachments.Delete(ctx, attachmentID)
 	if err != nil {
 		return err
 	}

backend/internal/core/services/service_items_attachments_test.go

@@ -9,6 +9,7 @@ import (
 
 	"github.com/hay-kot/homebox/backend/internal/data/repo"
 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 )
 
 func TestItemService_AddAttachment(t *testing.T) {
@@ -23,7 +24,7 @@ func TestItemService_AddAttachment(t *testing.T) {
 		Description: "test",
 		Name:        "test",
 	})
-	assert.NoError(t, err)
+	require.NoError(t, err)
 	assert.NotNil(t, loc)
 
 	itmC := repo.ItemCreate{
@@ -33,11 +34,11 @@ func TestItemService_AddAttachment(t *testing.T) {
 	}
 
 	itm, err := svc.repo.Items.Create(context.Background(), tGroup.ID, itmC)
-	assert.NoError(t, err)
+	require.NoError(t, err)
 	assert.NotNil(t, itm)
 	t.Cleanup(func() {
 		err := svc.repo.Items.Delete(context.Background(), itm.ID)
-		assert.NoError(t, err)
+		require.NoError(t, err)
 	})
 
 	contents := fk.Str(1000)
@@ -45,7 +46,7 @@ func TestItemService_AddAttachment(t *testing.T) {
 
 	// Setup
 	afterAttachment, err := svc.AttachmentAdd(tCtx, itm.ID, "testfile.txt", "attachment", reader)
-	assert.NoError(t, err)
+	require.NoError(t, err)
 	assert.NotNil(t, afterAttachment)
 
 	// Check that the file exists
@@ -56,6 +57,6 @@ func TestItemService_AddAttachment(t *testing.T) {
 
 	// Check that the file contents are correct
 	bts, err := os.ReadFile(storedPath)
-	assert.NoError(t, err)
+	require.NoError(t, err)
 	assert.Equal(t, contents, string(bts))
 }

backend/internal/core/services/service_user.go

@@ -3,12 +3,15 @@ package services
 import (
 	"context"
 	"errors"
+	"net/url"
 	"time"
 
 	"github.com/google/uuid"
+	"github.com/hay-kot/easyemails"
 	"github.com/hay-kot/homebox/backend/internal/data/ent/authroles"
 	"github.com/hay-kot/homebox/backend/internal/data/repo"
 	"github.com/hay-kot/homebox/backend/pkgs/hasher"
+	"github.com/hay-kot/homebox/backend/pkgs/mailer"
 	"github.com/rs/zerolog/log"
 )
 
@@ -16,11 +19,18 @@ var (
 	oneWeek              = time.Hour * 24 * 7
 	ErrorInvalidLogin    = errors.New("invalid username or password")
 	ErrorInvalidToken    = errors.New("invalid token")
-	ErrorTokenIdMismatch = errors.New("token id mismatch")
+	ErrorTokenIDMismatch = errors.New("token id mismatch")
 )
 
+func init() { // nolint: gochecknoinits
+	easyemails.ImageLogoHeader = "https://raw.githubusercontent.com/hay-kot/homebox/af9aa239af66df17478f5ed9283e303daf7c6775/docs/docs/assets/img/homebox-email-banner.jpg"
+	easyemails.ColorPrimary = "#5D7F67"
+}
+
 type UserService struct {
-	repos *repo.AllRepos
+	repos   *repo.AllRepos
+	mailer  *mailer.Mailer
+	baseurl string
 }
 
 type (
@@ -39,6 +49,9 @@ type (
 		Username string `json:"username"`
 		Password string `json:"password"`
 	}
+	PasswordResetRequest struct {
+		Email string `json:"email"`
+	}
 )
 
 // RegisterUser creates a new user and group in the data with the provided data. It also bootstraps the user's group
@@ -92,9 +105,11 @@ func (svc *UserService) RegisterUser(ctx context.Context, data UserRegistration)
 	if err != nil {
 		return repo.UserOut{}, err
 	}
+	log.Debug().Msg("user created")
 
 	// Create the default labels and locations for the group.
 	if creatingGroup {
+		log.Debug().Msg("creating default labels")
 		for _, label := range defaultLabels() {
 			_, err := svc.repos.Labels.Create(ctx, usr.GroupID, label)
 			if err != nil {
@@ -102,6 +117,7 @@ func (svc *UserService) RegisterUser(ctx context.Context, data UserRegistration)
 			}
 		}
 
+		log.Debug().Msg("creating default locations")
 		for _, location := range defaultLocations() {
 			_, err := svc.repos.Locations.Create(ctx, usr.GroupID, location)
 			if err != nil {
@@ -112,6 +128,7 @@ func (svc *UserService) RegisterUser(ctx context.Context, data UserRegistration)
 
 	// Decrement the invitation token if it was used.
 	if token.ID != uuid.Nil {
+		log.Debug().Msg("decrementing invitation token")
 		err = svc.repos.Groups.InvitationUpdate(ctx, token.ID, token.Uses-1)
 		if err != nil {
 			log.Err(err).Msg("Failed to update invitation token")
@@ -128,19 +145,19 @@ func (svc *UserService) GetSelf(ctx context.Context, requestToken string) (repo.
 	return svc.repos.AuthTokens.GetUserFromToken(ctx, hash)
 }
 
-func (svc *UserService) UpdateSelf(ctx context.Context, ID uuid.UUID, data repo.UserUpdate) (repo.UserOut, error) {
-	err := svc.repos.Users.Update(ctx, ID, data)
+func (svc *UserService) UpdateSelf(ctx context.Context, userID uuid.UUID, data repo.UserUpdate) (repo.UserOut, error) {
+	err := svc.repos.Users.Update(ctx, userID, data)
 	if err != nil {
 		return repo.UserOut{}, err
 	}
 
-	return svc.repos.Users.GetOneId(ctx, ID)
+	return svc.repos.Users.GetOneID(ctx, userID)
 }
 
 // ============================================================================
 // User Authentication
 
-func (svc *UserService) createSessionToken(ctx context.Context, userId uuid.UUID, extendedSession bool) (UserAuthTokenDetail, error) {
+func (svc *UserService) createSessionToken(ctx context.Context, userID uuid.UUID, extendedSession bool) (UserAuthTokenDetail, error) {
 	attachmentToken := hasher.GenerateToken()
 
 	expiresAt := time.Now().Add(oneWeek)
@@ -149,7 +166,7 @@ func (svc *UserService) createSessionToken(ctx context.Context, userId uuid.UUID
 	}
 
 	attachmentData := repo.UserAuthTokenCreate{
-		UserID:    userId,
+		UserID:    userID,
 		TokenHash: attachmentToken.Hash,
 		ExpiresAt: expiresAt,
 	}
@@ -161,7 +178,7 @@ func (svc *UserService) createSessionToken(ctx context.Context, userId uuid.UUID
 
 	userToken := hasher.GenerateToken()
 	data := repo.UserAuthTokenCreate{
-		UserID:    userId,
+		UserID:    userID,
 		TokenHash: userToken.Hash,
 		ExpiresAt: expiresAt,
 	}
@@ -213,28 +230,28 @@ func (svc *UserService) RenewToken(ctx context.Context, token string) (UserAuthT
 // DeleteSelf deletes the user that is currently logged based of the provided UUID
 // There is _NO_ protection against deleting the wrong user, as such this should only
 // be used when the identify of the user has been confirmed.
-func (svc *UserService) DeleteSelf(ctx context.Context, ID uuid.UUID) error {
-	return svc.repos.Users.Delete(ctx, ID)
+func (svc *UserService) DeleteSelf(ctx context.Context, userID uuid.UUID) error {
+	return svc.repos.Users.Delete(ctx, userID)
 }
 
-func (svc *UserService) ChangePassword(ctx Context, current string, new string) (ok bool) {
-	usr, err := svc.repos.Users.GetOneId(ctx, ctx.UID)
+func (svc *UserService) PasswordChange(ctx Context, currentPassword, newPassword string) (ok bool) {
+	usr, err := svc.repos.Users.GetOneID(ctx, ctx.UserID)
 	if err != nil {
 		return false
 	}
 
-	if !hasher.CheckPasswordHash(current, usr.PasswordHash) {
+	if !hasher.CheckPasswordHash(currentPassword, usr.PasswordHash) {
 		log.Err(errors.New("current password is incorrect")).Msg("Failed to change password")
 		return false
 	}
 
-	hashed, err := hasher.HashPassword(new)
+	hashed, err := hasher.HashPassword(newPassword)
 	if err != nil {
 		log.Err(err).Msg("Failed to hash password")
 		return false
 	}
 
-	err = svc.repos.Users.ChangePassword(ctx.Context, ctx.UID, hashed)
+	err = svc.repos.Users.ChangePassword(ctx.Context, ctx.UserID, hashed)
 	if err != nil {
 		log.Err(err).Msg("Failed to change password")
 		return false
@@ -242,3 +259,80 @@ func (svc *UserService) ChangePassword(ctx Context, current string, new string)
 
 	return true
 }
+
+func (svc *UserService) PasswordChangeWithToken(ctx Context, token, newPassword string) error {
+	hashed, err := hasher.HashPassword(newPassword)
+	if err != nil {
+		return err
+	}
+
+	tokenHash := hasher.HashToken(token)
+
+	resetToken, err := svc.repos.Users.PasswordResetGet(ctx.Context, tokenHash)
+	if err != nil {
+		return err
+	}
+
+	if resetToken.UserID != ctx.UserID {
+		return ErrorTokenIDMismatch
+	}
+
+	err = svc.repos.Users.ChangePassword(ctx.Context, ctx.UserID, hashed)
+	if err != nil {
+		return err
+	}
+
+	err = svc.repos.Users.PasswordResetDelete(ctx.Context, tokenHash)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (svc *UserService) PasswordResetRequest(ctx context.Context, req PasswordResetRequest) error {
+	usr, err := svc.repos.Users.GetOneEmail(ctx, req.Email)
+	if err != nil {
+		log.Warn().Err(err).Msg("failed to get user for email reset")
+		return err
+	}
+
+	token := hasher.GenerateToken()
+	err = svc.repos.Users.PasswordResetCreate(ctx, usr.ID, token.Hash)
+	if err != nil {
+		return err
+	}
+
+	resetURL, err := url.JoinPath(svc.baseurl, "reset-password/")
+	if err != nil {
+		return err
+	}
+
+	resetURL = resetURL + "?token=" + token.Raw
+
+	bldr := easyemails.NewBuilder().Add(
+		easyemails.WithParagraph(
+			easyemails.WithText("You have requested a password reset. Please click the link below to reset your password."),
+		),
+		easyemails.WithButton("Reset Password", resetURL),
+		easyemails.WithParagraph(
+			easyemails.WithText("[Github](https://github.com/hay-kot/homebox) · [Docs](https://hay-kot.github.io/homebox/)").
+				Centered(),
+		).
+			FontSize(12),
+	)
+
+	msg := mailer.NewMessageBuilder().
+		SetBody(bldr.Render()).
+		SetSubject("Password Reset").
+		SetTo(usr.Name, usr.Email).
+		Build()
+
+	err = svc.mailer.Send(msg)
+	if err != nil {
+		log.Err(err).Msg("Failed to send password reset email")
+		return err
+	}
+
+	return nil
+}

backend/internal/data/ent/actiontoken.go

@@ -0,0 +1,184 @@
+// Code generated by ent, DO NOT EDIT.
+
+package ent
+
+import (
+	"fmt"
+	"strings"
+	"time"
+
+	"entgo.io/ent"
+	"entgo.io/ent/dialect/sql"
+	"github.com/google/uuid"
+	"github.com/hay-kot/homebox/backend/internal/data/ent/actiontoken"
+	"github.com/hay-kot/homebox/backend/internal/data/ent/user"
+)
+
+// ActionToken is the model entity for the ActionToken schema.
+type ActionToken struct {
+	config `json:"-"`
+	// ID of the ent.
+	ID uuid.UUID `json:"id,omitempty"`
+	// UserID holds the value of the "user_id" field.
+	UserID uuid.UUID `json:"user_id,omitempty"`
+	// CreatedAt holds the value of the "created_at" field.
+	CreatedAt time.Time `json:"created_at,omitempty"`
+	// UpdatedAt holds the value of the "updated_at" field.
+	UpdatedAt time.Time `json:"updated_at,omitempty"`
+	// Action holds the value of the "action" field.
+	Action actiontoken.Action `json:"action,omitempty"`
+	// Token holds the value of the "token" field.
+	Token []byte `json:"token,omitempty"`
+	// Edges holds the relations/edges for other nodes in the graph.
+	// The values are being populated by the ActionTokenQuery when eager-loading is set.
+	Edges        ActionTokenEdges `json:"edges"`
+	selectValues sql.SelectValues
+}
+
+// ActionTokenEdges holds the relations/edges for other nodes in the graph.
+type ActionTokenEdges struct {
+	// User holds the value of the user edge.
+	User *User `json:"user,omitempty"`
+	// loadedTypes holds the information for reporting if a
+	// type was loaded (or requested) in eager-loading or not.
+	loadedTypes [1]bool
+}
+
+// UserOrErr returns the User value or an error if the edge
+// was not loaded in eager-loading, or loaded but was not found.
+func (e ActionTokenEdges) UserOrErr() (*User, error) {
+	if e.loadedTypes[0] {
+		if e.User == nil {
+			// Edge was loaded but was not found.
+			return nil, &NotFoundError{label: user.Label}
+		}
+		return e.User, nil
+	}
+	return nil, &NotLoadedError{edge: "user"}
+}
+
+// scanValues returns the types for scanning values from sql.Rows.
+func (*ActionToken) scanValues(columns []string) ([]any, error) {
+	values := make([]any, len(columns))
+	for i := range columns {
+		switch columns[i] {
+		case actiontoken.FieldToken:
+			values[i] = new([]byte)
+		case actiontoken.FieldAction:
+			values[i] = new(sql.NullString)
+		case actiontoken.FieldCreatedAt, actiontoken.FieldUpdatedAt:
+			values[i] = new(sql.NullTime)
+		case actiontoken.FieldID, actiontoken.FieldUserID:
+			values[i] = new(uuid.UUID)
+		default:
+			values[i] = new(sql.UnknownType)
+		}
+	}
+	return values, nil
+}
+
+// assignValues assigns the values that were returned from sql.Rows (after scanning)
+// to the ActionToken fields.
+func (at *ActionToken) assignValues(columns []string, values []any) error {
+	if m, n := len(values), len(columns); m < n {
+		return fmt.Errorf("mismatch number of scan values: %d != %d", m, n)
+	}
+	for i := range columns {
+		switch columns[i] {
+		case actiontoken.FieldID:
+			if value, ok := values[i].(*uuid.UUID); !ok {
+				return fmt.Errorf("unexpected type %T for field id", values[i])
+			} else if value != nil {
+				at.ID = *value
+			}
+		case actiontoken.FieldUserID:
+			if value, ok := values[i].(*uuid.UUID); !ok {
+				return fmt.Errorf("unexpected type %T for field user_id", values[i])
+			} else if value != nil {
+				at.UserID = *value
+			}
+		case actiontoken.FieldCreatedAt:
+			if value, ok := values[i].(*sql.NullTime); !ok {
+				return fmt.Errorf("unexpected type %T for field created_at", values[i])
+			} else if value.Valid {
+				at.CreatedAt = value.Time
+			}
+		case actiontoken.FieldUpdatedAt:
+			if value, ok := values[i].(*sql.NullTime); !ok {
+				return fmt.Errorf("unexpected type %T for field updated_at", values[i])
+			} else if value.Valid {
+				at.UpdatedAt = value.Time
+			}
+		case actiontoken.FieldAction:
+			if value, ok := values[i].(*sql.NullString); !ok {
+				return fmt.Errorf("unexpected type %T for field action", values[i])
+			} else if value.Valid {
+				at.Action = actiontoken.Action(value.String)
+			}
+		case actiontoken.FieldToken:
+			if value, ok := values[i].(*[]byte); !ok {
+				return fmt.Errorf("unexpected type %T for field token", values[i])
+			} else if value != nil {
+				at.Token = *value
+			}
+		default:
+			at.selectValues.Set(columns[i], values[i])
+		}
+	}
+	return nil
+}
+
+// Value returns the ent.Value that was dynamically selected and assigned to the ActionToken.
+// This includes values selected through modifiers, order, etc.
+func (at *ActionToken) Value(name string) (ent.Value, error) {
+	return at.selectValues.Get(name)
+}
+
+// QueryUser queries the "user" edge of the ActionToken entity.
+func (at *ActionToken) QueryUser() *UserQuery {
+	return NewActionTokenClient(at.config).QueryUser(at)
+}
+
+// Update returns a builder for updating this ActionToken.
+// Note that you need to call ActionToken.Unwrap() before calling this method if this ActionToken
+// was returned from a transaction, and the transaction was committed or rolled back.
+func (at *ActionToken) Update() *ActionTokenUpdateOne {
+	return NewActionTokenClient(at.config).UpdateOne(at)
+}
+
+// Unwrap unwraps the ActionToken entity that was returned from a transaction after it was closed,
+// so that all future queries will be executed through the driver which created the transaction.
+func (at *ActionToken) Unwrap() *ActionToken {
+	_tx, ok := at.config.driver.(*txDriver)
+	if !ok {
+		panic("ent: ActionToken is not a transactional entity")
+	}
+	at.config.driver = _tx.drv
+	return at
+}
+
+// String implements the fmt.Stringer.
+func (at *ActionToken) String() string {
+	var builder strings.Builder
+	builder.WriteString("ActionToken(")
+	builder.WriteString(fmt.Sprintf("id=%v, ", at.ID))
+	builder.WriteString("user_id=")
+	builder.WriteString(fmt.Sprintf("%v", at.UserID))
+	builder.WriteString(", ")
+	builder.WriteString("created_at=")
+	builder.WriteString(at.CreatedAt.Format(time.ANSIC))
+	builder.WriteString(", ")
+	builder.WriteString("updated_at=")
+	builder.WriteString(at.UpdatedAt.Format(time.ANSIC))
+	builder.WriteString(", ")
+	builder.WriteString("action=")
+	builder.WriteString(fmt.Sprintf("%v", at.Action))
+	builder.WriteString(", ")
+	builder.WriteString("token=")
+	builder.WriteString(fmt.Sprintf("%v", at.Token))
+	builder.WriteByte(')')
+	return builder.String()
+}
+
+// ActionTokens is a parsable slice of ActionToken.
+type ActionTokens []*ActionToken

backend/internal/data/ent/actiontoken/actiontoken.go

@@ -0,0 +1,138 @@
+// Code generated by ent, DO NOT EDIT.
+
+package actiontoken
+
+import (
+	"fmt"
+	"time"
+
+	"entgo.io/ent/dialect/sql"
+	"entgo.io/ent/dialect/sql/sqlgraph"
+	"github.com/google/uuid"
+)
+
+const (
+	// Label holds the string label denoting the actiontoken type in the database.
+	Label = "action_token"
+	// FieldID holds the string denoting the id field in the database.
+	FieldID = "id"
+	// FieldUserID holds the string denoting the user_id field in the database.
+	FieldUserID = "user_id"
+	// FieldCreatedAt holds the string denoting the created_at field in the database.
+	FieldCreatedAt = "created_at"
+	// FieldUpdatedAt holds the string denoting the updated_at field in the database.
+	FieldUpdatedAt = "updated_at"
+	// FieldAction holds the string denoting the action field in the database.
+	FieldAction = "action"
+	// FieldToken holds the string denoting the token field in the database.
+	FieldToken = "token"
+	// EdgeUser holds the string denoting the user edge name in mutations.
+	EdgeUser = "user"
+	// Table holds the table name of the actiontoken in the database.
+	Table = "action_tokens"
+	// UserTable is the table that holds the user relation/edge.
+	UserTable = "action_tokens"
+	// UserInverseTable is the table name for the User entity.
+	// It exists in this package in order to avoid circular dependency with the "user" package.
+	UserInverseTable = "users"
+	// UserColumn is the table column denoting the user relation/edge.
+	UserColumn = "user_id"
+)
+
+// Columns holds all SQL columns for actiontoken fields.
+var Columns = []string{
+	FieldID,
+	FieldUserID,
+	FieldCreatedAt,
+	FieldUpdatedAt,
+	FieldAction,
+	FieldToken,
+}
+
+// ValidColumn reports if the column name is valid (part of the table columns).
+func ValidColumn(column string) bool {
+	for i := range Columns {
+		if column == Columns[i] {
+			return true
+		}
+	}
+	return false
+}
+
+var (
+	// DefaultCreatedAt holds the default value on creation for the "created_at" field.
+	DefaultCreatedAt func() time.Time
+	// DefaultUpdatedAt holds the default value on creation for the "updated_at" field.
+	DefaultUpdatedAt func() time.Time
+	// UpdateDefaultUpdatedAt holds the default value on update for the "updated_at" field.
+	UpdateDefaultUpdatedAt func() time.Time
+	// DefaultID holds the default value on creation for the "id" field.
+	DefaultID func() uuid.UUID
+)
+
+// Action defines the type for the "action" enum field.
+type Action string
+
+// ActionResetPassword is the default value of the Action enum.
+const DefaultAction = ActionResetPassword
+
+// Action values.
+const (
+	ActionResetPassword Action = "reset_password"
+)
+
+func (a Action) String() string {
+	return string(a)
+}
+
+// ActionValidator is a validator for the "action" field enum values. It is called by the builders before save.
+func ActionValidator(a Action) error {
+	switch a {
+	case ActionResetPassword:
+		return nil
+	default:
+		return fmt.Errorf("actiontoken: invalid enum value for action field: %q", a)
+	}
+}
+
+// OrderOption defines the ordering options for the ActionToken queries.
+type OrderOption func(*sql.Selector)
+
+// ByID orders the results by the id field.
+func ByID(opts ...sql.OrderTermOption) OrderOption {
+	return sql.OrderByField(FieldID, opts...).ToFunc()
+}
+
+// ByUserID orders the results by the user_id field.
+func ByUserID(opts ...sql.OrderTermOption) OrderOption {
+	return sql.OrderByField(FieldUserID, opts...).ToFunc()
+}
+
+// ByCreatedAt orders the results by the created_at field.
+func ByCreatedAt(opts ...sql.OrderTermOption) OrderOption {
+	return sql.OrderByField(FieldCreatedAt, opts...).ToFunc()
+}
+
+// ByUpdatedAt orders the results by the updated_at field.
+func ByUpdatedAt(opts ...sql.OrderTermOption) OrderOption {
+	return sql.OrderByField(FieldUpdatedAt, opts...).ToFunc()
+}
+
+// ByAction orders the results by the action field.
+func ByAction(opts ...sql.OrderTermOption) OrderOption {
+	return sql.OrderByField(FieldAction, opts...).ToFunc()
+}
+
+// ByUserField orders the results by user field.
+func ByUserField(field string, opts ...sql.OrderTermOption) OrderOption {
+	return func(s *sql.Selector) {
+		sqlgraph.OrderByNeighborTerms(s, newUserStep(), sql.OrderByField(field, opts...))
+	}
+}
+func newUserStep() *sqlgraph.Step {
+	return sqlgraph.NewStep(
+		sqlgraph.From(Table, FieldID),
+		sqlgraph.To(UserInverseTable, FieldID),
+		sqlgraph.Edge(sqlgraph.M2O, true, UserTable, UserColumn),
+	)
+}

backend/internal/data/ent/actiontoken/where.go

@@ -0,0 +1,275 @@
+// Code generated by ent, DO NOT EDIT.
+
+package actiontoken
+
+import (
+	"time"
+
+	"entgo.io/ent/dialect/sql"
+	"entgo.io/ent/dialect/sql/sqlgraph"
+	"github.com/google/uuid"
+	"github.com/hay-kot/homebox/backend/internal/data/ent/predicate"
+)
+
+// ID filters vertices based on their ID field.
+func ID(id uuid.UUID) predicate.ActionToken {
+	return predicate.ActionToken(sql.FieldEQ(FieldID, id))
+}
+
+// IDEQ applies the EQ predicate on the ID field.
+func IDEQ(id uuid.UUID) predicate.ActionToken {
+	return predicate.ActionToken(sql.FieldEQ(FieldID, id))
+}
+
+// IDNEQ applies the NEQ predicate on the ID field.
+func IDNEQ(id uuid.UUID) predicate.ActionToken {
+	return predicate.ActionToken(sql.FieldNEQ(FieldID, id))
+}
+
+// IDIn applies the In predicate on the ID field.
+func IDIn(ids ...uuid.UUID) predicate.ActionToken {
+	return predicate.ActionToken(sql.FieldIn(FieldID, ids...))
+}
+
+// IDNotIn applies the NotIn predicate on the ID field.
+func IDNotIn(ids ...uuid.UUID) predicate.ActionToken {
+	return predicate.ActionToken(sql.FieldNotIn(FieldID, ids...))
+}
+
+// IDGT applies the GT predicate on the ID field.
+func IDGT(id uuid.UUID) predicate.ActionToken {
+	return predicate.ActionToken(sql.FieldGT(FieldID, id))
+}
+
+// IDGTE applies the GTE predicate on the ID field.
+func IDGTE(id uuid.UUID) predicate.ActionToken {
+	return predicate.ActionToken(sql.FieldGTE(FieldID, id))
+}
+
+// IDLT applies the LT predicate on the ID field.
+func IDLT(id uuid.UUID) predicate.ActionToken {
+	return predicate.ActionToken(sql.FieldLT(FieldID, id))
+}
+
+// IDLTE applies the LTE predicate on the ID field.
+func IDLTE(id uuid.UUID) predicate.ActionToken {
+	return predicate.ActionToken(sql.FieldLTE(FieldID, id))
+}
+
+// UserID applies equality check predicate on the "user_id" field. It's identical to UserIDEQ.
+func UserID(v uuid.UUID) predicate.ActionToken {
+	return predicate.ActionToken(sql.FieldEQ(FieldUserID, v))
+}
+
+// CreatedAt applies equality check predicate on the "created_at" field. It's identical to CreatedAtEQ.
+func CreatedAt(v time.Time) predicate.ActionToken {
+	return predicate.ActionToken(sql.FieldEQ(FieldCreatedAt, v))
+}
+
+// UpdatedAt applies equality check predicate on the "updated_at" field. It's identical to UpdatedAtEQ.
+func UpdatedAt(v time.Time) predicate.ActionToken {
+	return predicate.ActionToken(sql.FieldEQ(FieldUpdatedAt, v))
+}
+
+// Token applies equality check predicate on the "token" field. It's identical to TokenEQ.
+func Token(v []byte) predicate.ActionToken {
+	return predicate.ActionToken(sql.FieldEQ(FieldToken, v))
+}
+
+// UserIDEQ applies the EQ predicate on the "user_id" field.
+func UserIDEQ(v uuid.UUID) predicate.ActionToken {
+	return predicate.ActionToken(sql.FieldEQ(FieldUserID, v))
+}
+
+// UserIDNEQ applies the NEQ predicate on the "user_id" field.
+func UserIDNEQ(v uuid.UUID) predicate.ActionToken {
+	return predicate.ActionToken(sql.FieldNEQ(FieldUserID, v))
+}
+
+// UserIDIn applies the In predicate on the "user_id" field.
+func UserIDIn(vs ...uuid.UUID) predicate.ActionToken {
+	return predicate.ActionToken(sql.FieldIn(FieldUserID, vs...))
+}
+
+// UserIDNotIn applies the NotIn predicate on the "user_id" field.
+func UserIDNotIn(vs ...uuid.UUID) predicate.ActionToken {
+	return predicate.ActionToken(sql.FieldNotIn(FieldUserID, vs...))
+}
+
+// CreatedAtEQ applies the EQ predicate on the "created_at" field.
+func CreatedAtEQ(v time.Time) predicate.ActionToken {
+	return predicate.ActionToken(sql.FieldEQ(FieldCreatedAt, v))
+}
+
+// CreatedAtNEQ applies the NEQ predicate on the "created_at" field.
+func CreatedAtNEQ(v time.Time) predicate.ActionToken {
+	return predicate.ActionToken(sql.FieldNEQ(FieldCreatedAt, v))
+}
+
+// CreatedAtIn applies the In predicate on the "created_at" field.
+func CreatedAtIn(vs ...time.Time) predicate.ActionToken {
+	return predicate.ActionToken(sql.FieldIn(FieldCreatedAt, vs...))
+}
+
+// CreatedAtNotIn applies the NotIn predicate on the "created_at" field.
+func CreatedAtNotIn(vs ...time.Time) predicate.ActionToken {
+	return predicate.ActionToken(sql.FieldNotIn(FieldCreatedAt, vs...))
+}
+
+// CreatedAtGT applies the GT predicate on the "created_at" field.
+func CreatedAtGT(v time.Time) predicate.ActionToken {
+	return predicate.ActionToken(sql.FieldGT(FieldCreatedAt, v))
+}
+
+// CreatedAtGTE applies the GTE predicate on the "created_at" field.
+func CreatedAtGTE(v time.Time) predicate.ActionToken {
+	return predicate.ActionToken(sql.FieldGTE(FieldCreatedAt, v))
+}
+
+// CreatedAtLT applies the LT predicate on the "created_at" field.
+func CreatedAtLT(v time.Time) predicate.ActionToken {
+	return predicate.ActionToken(sql.FieldLT(FieldCreatedAt, v))
+}
+
+// CreatedAtLTE applies the LTE predicate on the "created_at" field.
+func CreatedAtLTE(v time.Time) predicate.ActionToken {
+	return predicate.ActionToken(sql.FieldLTE(FieldCreatedAt, v))
+}
+
+// UpdatedAtEQ applies the EQ predicate on the "updated_at" field.
+func UpdatedAtEQ(v time.Time) predicate.ActionToken {
+	return predicate.ActionToken(sql.FieldEQ(FieldUpdatedAt, v))
+}
+
+// UpdatedAtNEQ applies the NEQ predicate on the "updated_at" field.
+func UpdatedAtNEQ(v time.Time) predicate.ActionToken {
+	return predicate.ActionToken(sql.FieldNEQ(FieldUpdatedAt, v))
+}
+
+// UpdatedAtIn applies the In predicate on the "updated_at" field.
+func UpdatedAtIn(vs ...time.Time) predicate.ActionToken {
+	return predicate.ActionToken(sql.FieldIn(FieldUpdatedAt, vs...))
+}
+
+// UpdatedAtNotIn applies the NotIn predicate on the "updated_at" field.
+func UpdatedAtNotIn(vs ...time.Time) predicate.ActionToken {
+	return predicate.ActionToken(sql.FieldNotIn(FieldUpdatedAt, vs...))
+}
+
+// UpdatedAtGT applies the GT predicate on the "updated_at" field.
+func UpdatedAtGT(v time.Time) predicate.ActionToken {
+	return predicate.ActionToken(sql.FieldGT(FieldUpdatedAt, v))
+}
+
+// UpdatedAtGTE applies the GTE predicate on the "updated_at" field.
+func UpdatedAtGTE(v time.Time) predicate.ActionToken {
+	return predicate.ActionToken(sql.FieldGTE(FieldUpdatedAt, v))
+}
+
+// UpdatedAtLT applies the LT predicate on the "updated_at" field.
+func UpdatedAtLT(v time.Time) predicate.ActionToken {
+	return predicate.ActionToken(sql.FieldLT(FieldUpdatedAt, v))
+}
+
+// UpdatedAtLTE applies the LTE predicate on the "updated_at" field.
+func UpdatedAtLTE(v time.Time) predicate.ActionToken {
+	return predicate.ActionToken(sql.FieldLTE(FieldUpdatedAt, v))
+}
+
+// ActionEQ applies the EQ predicate on the "action" field.
+func ActionEQ(v Action) predicate.ActionToken {
+	return predicate.ActionToken(sql.FieldEQ(FieldAction, v))
+}
+
+// ActionNEQ applies the NEQ predicate on the "action" field.
+func ActionNEQ(v Action) predicate.ActionToken {
+	return predicate.ActionToken(sql.FieldNEQ(FieldAction, v))
+}
+
+// ActionIn applies the In predicate on the "action" field.
+func ActionIn(vs ...Action) predicate.ActionToken {
+	return predicate.ActionToken(sql.FieldIn(FieldAction, vs...))
+}
+
+// ActionNotIn applies the NotIn predicate on the "action" field.
+func ActionNotIn(vs ...Action) predicate.ActionToken {
+	return predicate.ActionToken(sql.FieldNotIn(FieldAction, vs...))
+}
+
+// TokenEQ applies the EQ predicate on the "token" field.
+func TokenEQ(v []byte) predicate.ActionToken {
+	return predicate.ActionToken(sql.FieldEQ(FieldToken, v))
+}
+
+// TokenNEQ applies the NEQ predicate on the "token" field.
+func TokenNEQ(v []byte) predicate.ActionToken {
+	return predicate.ActionToken(sql.FieldNEQ(FieldToken, v))
+}
+
+// TokenIn applies the In predicate on the "token" field.
+func TokenIn(vs ...[]byte) predicate.ActionToken {
+	return predicate.ActionToken(sql.FieldIn(FieldToken, vs...))
+}
+
+// TokenNotIn applies the NotIn predicate on the "token" field.
+func TokenNotIn(vs ...[]byte) predicate.ActionToken {
+	return predicate.ActionToken(sql.FieldNotIn(FieldToken, vs...))
+}
+
+// TokenGT applies the GT predicate on the "token" field.
+func TokenGT(v []byte) predicate.ActionToken {
+	return predicate.ActionToken(sql.FieldGT(FieldToken, v))
+}
+
+// TokenGTE applies the GTE predicate on the "token" field.
+func TokenGTE(v []byte) predicate.ActionToken {
+	return predicate.ActionToken(sql.FieldGTE(FieldToken, v))
+}
+
+// TokenLT applies the LT predicate on the "token" field.
+func TokenLT(v []byte) predicate.ActionToken {
+	return predicate.ActionToken(sql.FieldLT(FieldToken, v))
+}
+
+// TokenLTE applies the LTE predicate on the "token" field.
+func TokenLTE(v []byte) predicate.ActionToken {
+	return predicate.ActionToken(sql.FieldLTE(FieldToken, v))
+}
+
+// HasUser applies the HasEdge predicate on the "user" edge.
+func HasUser() predicate.ActionToken {
+	return predicate.ActionToken(func(s *sql.Selector) {
+		step := sqlgraph.NewStep(
+			sqlgraph.From(Table, FieldID),
+			sqlgraph.Edge(sqlgraph.M2O, true, UserTable, UserColumn),
+		)
+		sqlgraph.HasNeighbors(s, step)
+	})
+}
+
+// HasUserWith applies the HasEdge predicate on the "user" edge with a given conditions (other predicates).
+func HasUserWith(preds ...predicate.User) predicate.ActionToken {
+	return predicate.ActionToken(func(s *sql.Selector) {
+		step := newUserStep()
+		sqlgraph.HasNeighborsWith(s, step, func(s *sql.Selector) {
+			for _, p := range preds {
+				p(s)
+			}
+		})
+	})
+}
+
+// And groups predicates with the AND operator between them.
+func And(predicates ...predicate.ActionToken) predicate.ActionToken {
+	return predicate.ActionToken(sql.AndPredicates(predicates...))
+}
+
+// Or groups predicates with the OR operator between them.
+func Or(predicates ...predicate.ActionToken) predicate.ActionToken {
+	return predicate.ActionToken(sql.OrPredicates(predicates...))
+}
+
+// Not applies the not operator on the given predicate.
+func Not(p predicate.ActionToken) predicate.ActionToken {
+	return predicate.ActionToken(sql.NotPredicates(p))
+}

backend/internal/data/ent/actiontoken_create.go

@@ -0,0 +1,329 @@
+// Code generated by ent, DO NOT EDIT.
+
+package ent
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"time"
+
+	"entgo.io/ent/dialect/sql/sqlgraph"
+	"entgo.io/ent/schema/field"
+	"github.com/google/uuid"
+	"github.com/hay-kot/homebox/backend/internal/data/ent/actiontoken"
+	"github.com/hay-kot/homebox/backend/internal/data/ent/user"
+)
+
+// ActionTokenCreate is the builder for creating a ActionToken entity.
+type ActionTokenCreate struct {
+	config
+	mutation *ActionTokenMutation
+	hooks    []Hook
+}
+
+// SetUserID sets the "user_id" field.
+func (atc *ActionTokenCreate) SetUserID(u uuid.UUID) *ActionTokenCreate {
+	atc.mutation.SetUserID(u)
+	return atc
+}
+
+// SetCreatedAt sets the "created_at" field.
+func (atc *ActionTokenCreate) SetCreatedAt(t time.Time) *ActionTokenCreate {
+	atc.mutation.SetCreatedAt(t)
+	return atc
+}
+
+// SetNillableCreatedAt sets the "created_at" field if the given value is not nil.
+func (atc *ActionTokenCreate) SetNillableCreatedAt(t *time.Time) *ActionTokenCreate {
+	if t != nil {
+		atc.SetCreatedAt(*t)
+	}
+	return atc
+}
+
+// SetUpdatedAt sets the "updated_at" field.
+func (atc *ActionTokenCreate) SetUpdatedAt(t time.Time) *ActionTokenCreate {
+	atc.mutation.SetUpdatedAt(t)
+	return atc
+}
+
+// SetNillableUpdatedAt sets the "updated_at" field if the given value is not nil.
+func (atc *ActionTokenCreate) SetNillableUpdatedAt(t *time.Time) *ActionTokenCreate {
+	if t != nil {
+		atc.SetUpdatedAt(*t)
+	}
+	return atc
+}
+
+// SetAction sets the "action" field.
+func (atc *ActionTokenCreate) SetAction(a actiontoken.Action) *ActionTokenCreate {
+	atc.mutation.SetAction(a)
+	return atc
+}
+
+// SetNillableAction sets the "action" field if the given value is not nil.
+func (atc *ActionTokenCreate) SetNillableAction(a *actiontoken.Action) *ActionTokenCreate {
+	if a != nil {
+		atc.SetAction(*a)
+	}
+	return atc
+}
+
+// SetToken sets the "token" field.
+func (atc *ActionTokenCreate) SetToken(b []byte) *ActionTokenCreate {
+	atc.mutation.SetToken(b)
+	return atc
+}
+
+// SetID sets the "id" field.
+func (atc *ActionTokenCreate) SetID(u uuid.UUID) *ActionTokenCreate {
+	atc.mutation.SetID(u)
+	return atc
+}
+
+// SetNillableID sets the "id" field if the given value is not nil.
+func (atc *ActionTokenCreate) SetNillableID(u *uuid.UUID) *ActionTokenCreate {
+	if u != nil {
+		atc.SetID(*u)
+	}
+	return atc
+}
+
+// SetUser sets the "user" edge to the User entity.
+func (atc *ActionTokenCreate) SetUser(u *User) *ActionTokenCreate {
+	return atc.SetUserID(u.ID)
+}
+
+// Mutation returns the ActionTokenMutation object of the builder.
+func (atc *ActionTokenCreate) Mutation() *ActionTokenMutation {
+	return atc.mutation
+}
+
+// Save creates the ActionToken in the database.
+func (atc *ActionTokenCreate) Save(ctx context.Context) (*ActionToken, error) {
+	atc.defaults()
+	return withHooks(ctx, atc.sqlSave, atc.mutation, atc.hooks)
+}
+
+// SaveX calls Save and panics if Save returns an error.
+func (atc *ActionTokenCreate) SaveX(ctx context.Context) *ActionToken {
+	v, err := atc.Save(ctx)
+	if err != nil {
+		panic(err)
+	}
+	return v
+}
+
+// Exec executes the query.
+func (atc *ActionTokenCreate) Exec(ctx context.Context) error {
+	_, err := atc.Save(ctx)
+	return err
+}
+
+// ExecX is like Exec, but panics if an error occurs.
+func (atc *ActionTokenCreate) ExecX(ctx context.Context) {
+	if err := atc.Exec(ctx); err != nil {
+		panic(err)
+	}
+}
+
+// defaults sets the default values of the builder before save.
+func (atc *ActionTokenCreate) defaults() {
+	if _, ok := atc.mutation.CreatedAt(); !ok {
+		v := actiontoken.DefaultCreatedAt()
+		atc.mutation.SetCreatedAt(v)
+	}
+	if _, ok := atc.mutation.UpdatedAt(); !ok {
+		v := actiontoken.DefaultUpdatedAt()
+		atc.mutation.SetUpdatedAt(v)
+	}
+	if _, ok := atc.mutation.Action(); !ok {
+		v := actiontoken.DefaultAction
+		atc.mutation.SetAction(v)
+	}
+	if _, ok := atc.mutation.ID(); !ok {
+		v := actiontoken.DefaultID()
+		atc.mutation.SetID(v)
+	}
+}
+
+// check runs all checks and user-defined validators on the builder.
+func (atc *ActionTokenCreate) check() error {
+	if _, ok := atc.mutation.UserID(); !ok {
+		return &ValidationError{Name: "user_id", err: errors.New(`ent: missing required field "ActionToken.user_id"`)}
+	}
+	if _, ok := atc.mutation.CreatedAt(); !ok {
+		return &ValidationError{Name: "created_at", err: errors.New(`ent: missing required field "ActionToken.created_at"`)}
+	}
+	if _, ok := atc.mutation.UpdatedAt(); !ok {
+		return &ValidationError{Name: "updated_at", err: errors.New(`ent: missing required field "ActionToken.updated_at"`)}
+	}
+	if _, ok := atc.mutation.Action(); !ok {
+		return &ValidationError{Name: "action", err: errors.New(`ent: missing required field "ActionToken.action"`)}
+	}
+	if v, ok := atc.mutation.Action(); ok {
+		if err := actiontoken.ActionValidator(v); err != nil {
+			return &ValidationError{Name: "action", err: fmt.Errorf(`ent: validator failed for field "ActionToken.action": %w`, err)}
+		}
+	}
+	if _, ok := atc.mutation.Token(); !ok {
+		return &ValidationError{Name: "token", err: errors.New(`ent: missing required field "ActionToken.token"`)}
+	}
+	if _, ok := atc.mutation.UserID(); !ok {
+		return &ValidationError{Name: "user", err: errors.New(`ent: missing required edge "ActionToken.user"`)}
+	}
+	return nil
+}
+
+func (atc *ActionTokenCreate) sqlSave(ctx context.Context) (*ActionToken, error) {
+	if err := atc.check(); err != nil {
+		return nil, err
+	}
+	_node, _spec := atc.createSpec()
+	if err := sqlgraph.CreateNode(ctx, atc.driver, _spec); err != nil {
+		if sqlgraph.IsConstraintError(err) {
+			err = &ConstraintError{msg: err.Error(), wrap: err}
+		}
+		return nil, err
+	}
+	if _spec.ID.Value != nil {
+		if id, ok := _spec.ID.Value.(*uuid.UUID); ok {
+			_node.ID = *id
+		} else if err := _node.ID.Scan(_spec.ID.Value); err != nil {
+			return nil, err
+		}
+	}
+	atc.mutation.id = &_node.ID
+	atc.mutation.done = true
+	return _node, nil
+}
+
+func (atc *ActionTokenCreate) createSpec() (*ActionToken, *sqlgraph.CreateSpec) {
+	var (
+		_node = &ActionToken{config: atc.config}
+		_spec = sqlgraph.NewCreateSpec(actiontoken.Table, sqlgraph.NewFieldSpec(actiontoken.FieldID, field.TypeUUID))
+	)
+	if id, ok := atc.mutation.ID(); ok {
+		_node.ID = id
+		_spec.ID.Value = &id
+	}
+	if value, ok := atc.mutation.CreatedAt(); ok {
+		_spec.SetField(actiontoken.FieldCreatedAt, field.TypeTime, value)
+		_node.CreatedAt = value
+	}
+	if value, ok := atc.mutation.UpdatedAt(); ok {
+		_spec.SetField(actiontoken.FieldUpdatedAt, field.TypeTime, value)
+		_node.UpdatedAt = value
+	}
+	if value, ok := atc.mutation.Action(); ok {
+		_spec.SetField(actiontoken.FieldAction, field.TypeEnum, value)
+		_node.Action = value
+	}
+	if value, ok := atc.mutation.Token(); ok {
+		_spec.SetField(actiontoken.FieldToken, field.TypeBytes, value)
+		_node.Token = value
+	}
+	if nodes := atc.mutation.UserIDs(); len(nodes) > 0 {
+		edge := &sqlgraph.EdgeSpec{
+			Rel:     sqlgraph.M2O,
+			Inverse: true,
+			Table:   actiontoken.UserTable,
+			Columns: []string{actiontoken.UserColumn},
+			Bidi:    false,
+			Target: &sqlgraph.EdgeTarget{
+				IDSpec: sqlgraph.NewFieldSpec(user.FieldID, field.TypeUUID),
+			},
+		}
+		for _, k := range nodes {
+			edge.Target.Nodes = append(edge.Target.Nodes, k)
+		}
+		_node.UserID = nodes[0]
+		_spec.Edges = append(_spec.Edges, edge)
+	}
+	return _node, _spec
+}
+
+// ActionTokenCreateBulk is the builder for creating many ActionToken entities in bulk.
+type ActionTokenCreateBulk struct {
+	config
+	err      error
+	builders []*ActionTokenCreate
+}
+
+// Save creates the ActionToken entities in the database.
+func (atcb *ActionTokenCreateBulk) Save(ctx context.Context) ([]*ActionToken, error) {
+	if atcb.err != nil {
+		return nil, atcb.err
+	}
+	specs := make([]*sqlgraph.CreateSpec, len(atcb.builders))
+	nodes := make([]*ActionToken, len(atcb.builders))
+	mutators := make([]Mutator, len(atcb.builders))
+	for i := range atcb.builders {
+		func(i int, root context.Context) {
+			builder := atcb.builders[i]
+			builder.defaults()
+			var mut Mutator = MutateFunc(func(ctx context.Context, m Mutation) (Value, error) {
+				mutation, ok := m.(*ActionTokenMutation)
+				if !ok {
+					return nil, fmt.Errorf("unexpected mutation type %T", m)
+				}
+				if err := builder.check(); err != nil {
+					return nil, err
+				}
+				builder.mutation = mutation
+				var err error
+				nodes[i], specs[i] = builder.createSpec()
+				if i < len(mutators)-1 {
+					_, err = mutators[i+1].Mutate(root, atcb.builders[i+1].mutation)
+				} else {
+					spec := &sqlgraph.BatchCreateSpec{Nodes: specs}
+					// Invoke the actual operation on the latest mutation in the chain.
+					if err = sqlgraph.BatchCreate(ctx, atcb.driver, spec); err != nil {
+						if sqlgraph.IsConstraintError(err) {
+							err = &ConstraintError{msg: err.Error(), wrap: err}
+						}
+					}
+				}
+				if err != nil {
+					return nil, err
+				}
+				mutation.id = &nodes[i].ID
+				mutation.done = true
+				return nodes[i], nil
+			})
+			for i := len(builder.hooks) - 1; i >= 0; i-- {
+				mut = builder.hooks[i](mut)
+			}
+			mutators[i] = mut
+		}(i, ctx)
+	}
+	if len(mutators) > 0 {
+		if _, err := mutators[0].Mutate(ctx, atcb.builders[0].mutation); err != nil {
+			return nil, err
+		}
+	}
+	return nodes, nil
+}
+
+// SaveX is like Save, but panics if an error occurs.
+func (atcb *ActionTokenCreateBulk) SaveX(ctx context.Context) []*ActionToken {
+	v, err := atcb.Save(ctx)
+	if err != nil {
+		panic(err)
+	}
+	return v
+}
+
+// Exec executes the query.
+func (atcb *ActionTokenCreateBulk) Exec(ctx context.Context) error {
+	_, err := atcb.Save(ctx)
+	return err
+}
+
+// ExecX is like Exec, but panics if an error occurs.
+func (atcb *ActionTokenCreateBulk) ExecX(ctx context.Context) {
+	if err := atcb.Exec(ctx); err != nil {
+		panic(err)
+	}
+}

backend/internal/data/ent/actiontoken_delete.go

@@ -0,0 +1,88 @@
+// Code generated by ent, DO NOT EDIT.
+
+package ent
+
+import (
+	"context"
+
+	"entgo.io/ent/dialect/sql"
+	"entgo.io/ent/dialect/sql/sqlgraph"
+	"entgo.io/ent/schema/field"
+	"github.com/hay-kot/homebox/backend/internal/data/ent/actiontoken"
+	"github.com/hay-kot/homebox/backend/internal/data/ent/predicate"
+)
+
+// ActionTokenDelete is the builder for deleting a ActionToken entity.
+type ActionTokenDelete struct {
+	config
+	hooks    []Hook
+	mutation *ActionTokenMutation
+}
+
+// Where appends a list predicates to the ActionTokenDelete builder.
+func (atd *ActionTokenDelete) Where(ps ...predicate.ActionToken) *ActionTokenDelete {
+	atd.mutation.Where(ps...)
+	return atd
+}
+
+// Exec executes the deletion query and returns how many vertices were deleted.
+func (atd *ActionTokenDelete) Exec(ctx context.Context) (int, error) {
+	return withHooks(ctx, atd.sqlExec, atd.mutation, atd.hooks)
+}
+
+// ExecX is like Exec, but panics if an error occurs.
+func (atd *ActionTokenDelete) ExecX(ctx context.Context) int {
+	n, err := atd.Exec(ctx)
+	if err != nil {
+		panic(err)
+	}
+	return n
+}
+
+func (atd *ActionTokenDelete) sqlExec(ctx context.Context) (int, error) {
+	_spec := sqlgraph.NewDeleteSpec(actiontoken.Table, sqlgraph.NewFieldSpec(actiontoken.FieldID, field.TypeUUID))
+	if ps := atd.mutation.predicates; len(ps) > 0 {
+		_spec.Predicate = func(selector *sql.Selector) {
+			for i := range ps {
+				ps[i](selector)
+			}
+		}
+	}
+	affected, err := sqlgraph.DeleteNodes(ctx, atd.driver, _spec)
+	if err != nil && sqlgraph.IsConstraintError(err) {
+		err = &ConstraintError{msg: err.Error(), wrap: err}
+	}
+	atd.mutation.done = true
+	return affected, err
+}
+
+// ActionTokenDeleteOne is the builder for deleting a single ActionToken entity.
+type ActionTokenDeleteOne struct {
+	atd *ActionTokenDelete
+}
+
+// Where appends a list predicates to the ActionTokenDelete builder.
+func (atdo *ActionTokenDeleteOne) Where(ps ...predicate.ActionToken) *ActionTokenDeleteOne {
+	atdo.atd.mutation.Where(ps...)
+	return atdo
+}
+
+// Exec executes the deletion query.
+func (atdo *ActionTokenDeleteOne) Exec(ctx context.Context) error {
+	n, err := atdo.atd.Exec(ctx)
+	switch {
+	case err != nil:
+		return err
+	case n == 0:
+		return &NotFoundError{actiontoken.Label}
+	default:
+		return nil
+	}
+}
+
+// ExecX is like Exec, but panics if an error occurs.
+func (atdo *ActionTokenDeleteOne) ExecX(ctx context.Context) {
+	if err := atdo.Exec(ctx); err != nil {
+		panic(err)
+	}
+}

backend/internal/data/ent/actiontoken_query.go

@@ -0,0 +1,606 @@
+// Code generated by ent, DO NOT EDIT.
+
+package ent
+
+import (
+	"context"
+	"fmt"
+	"math"
+
+	"entgo.io/ent/dialect/sql"
+	"entgo.io/ent/dialect/sql/sqlgraph"
+	"entgo.io/ent/schema/field"
+	"github.com/google/uuid"
+	"github.com/hay-kot/homebox/backend/internal/data/ent/actiontoken"
+	"github.com/hay-kot/homebox/backend/internal/data/ent/predicate"
+	"github.com/hay-kot/homebox/backend/internal/data/ent/user"
+)
+
+// ActionTokenQuery is the builder for querying ActionToken entities.
+type ActionTokenQuery struct {
+	config
+	ctx        *QueryContext
+	order      []actiontoken.OrderOption
+	inters     []Interceptor
+	predicates []predicate.ActionToken
+	withUser   *UserQuery
+	// intermediate query (i.e. traversal path).
+	sql  *sql.Selector
+	path func(context.Context) (*sql.Selector, error)
+}
+
+// Where adds a new predicate for the ActionTokenQuery builder.
+func (atq *ActionTokenQuery) Where(ps ...predicate.ActionToken) *ActionTokenQuery {
+	atq.predicates = append(atq.predicates, ps...)
+	return atq
+}
+
+// Limit the number of records to be returned by this query.
+func (atq *ActionTokenQuery) Limit(limit int) *ActionTokenQuery {
+	atq.ctx.Limit = &limit
+	return atq
+}
+
+// Offset to start from.
+func (atq *ActionTokenQuery) Offset(offset int) *ActionTokenQuery {
+	atq.ctx.Offset = &offset
+	return atq
+}
+
+// Unique configures the query builder to filter duplicate records on query.
+// By default, unique is set to true, and can be disabled using this method.
+func (atq *ActionTokenQuery) Unique(unique bool) *ActionTokenQuery {
+	atq.ctx.Unique = &unique
+	return atq
+}
+
+// Order specifies how the records should be ordered.
+func (atq *ActionTokenQuery) Order(o ...actiontoken.OrderOption) *ActionTokenQuery {
+	atq.order = append(atq.order, o...)
+	return atq
+}
+
+// QueryUser chains the current query on the "user" edge.
+func (atq *ActionTokenQuery) QueryUser() *UserQuery {
+	query := (&UserClient{config: atq.config}).Query()
+	query.path = func(ctx context.Context) (fromU *sql.Selector, err error) {
+		if err := atq.prepareQuery(ctx); err != nil {
+			return nil, err
+		}
+		selector := atq.sqlQuery(ctx)
+		if err := selector.Err(); err != nil {
+			return nil, err
+		}
+		step := sqlgraph.NewStep(
+			sqlgraph.From(actiontoken.Table, actiontoken.FieldID, selector),
+			sqlgraph.To(user.Table, user.FieldID),
+			sqlgraph.Edge(sqlgraph.M2O, true, actiontoken.UserTable, actiontoken.UserColumn),
+		)
+		fromU = sqlgraph.SetNeighbors(atq.driver.Dialect(), step)
+		return fromU, nil
+	}
+	return query
+}
+
+// First returns the first ActionToken entity from the query.
+// Returns a *NotFoundError when no ActionToken was found.
+func (atq *ActionTokenQuery) First(ctx context.Context) (*ActionToken, error) {
+	nodes, err := atq.Limit(1).All(setContextOp(ctx, atq.ctx, "First"))
+	if err != nil {
+		return nil, err
+	}
+	if len(nodes) == 0 {
+		return nil, &NotFoundError{actiontoken.Label}
+	}
+	return nodes[0], nil
+}
+
+// FirstX is like First, but panics if an error occurs.
+func (atq *ActionTokenQuery) FirstX(ctx context.Context) *ActionToken {
+	node, err := atq.First(ctx)
+	if err != nil && !IsNotFound(err) {
+		panic(err)
+	}
+	return node
+}
+
+// FirstID returns the first ActionToken ID from the query.
+// Returns a *NotFoundError when no ActionToken ID was found.
+func (atq *ActionTokenQuery) FirstID(ctx context.Context) (id uuid.UUID, err error) {
+	var ids []uuid.UUID
+	if ids, err = atq.Limit(1).IDs(setContextOp(ctx, atq.ctx, "FirstID")); err != nil {
+		return
+	}
+	if len(ids) == 0 {
+		err = &NotFoundError{actiontoken.Label}
+		return
+	}
+	return ids[0], nil
+}
+
+// FirstIDX is like FirstID, but panics if an error occurs.
+func (atq *ActionTokenQuery) FirstIDX(ctx context.Context) uuid.UUID {
+	id, err := atq.FirstID(ctx)
+	if err != nil && !IsNotFound(err) {
+		panic(err)
+	}
+	return id
+}
+
+// Only returns a single ActionToken entity found by the query, ensuring it only returns one.
+// Returns a *NotSingularError when more than one ActionToken entity is found.
+// Returns a *NotFoundError when no ActionToken entities are found.
+func (atq *ActionTokenQuery) Only(ctx context.Context) (*ActionToken, error) {
+	nodes, err := atq.Limit(2).All(setContextOp(ctx, atq.ctx, "Only"))
+	if err != nil {
+		return nil, err
+	}
+	switch len(nodes) {
+	case 1:
+		return nodes[0], nil
+	case 0:
+		return nil, &NotFoundError{actiontoken.Label}
+	default:
+		return nil, &NotSingularError{actiontoken.Label}
+	}
+}
+
+// OnlyX is like Only, but panics if an error occurs.
+func (atq *ActionTokenQuery) OnlyX(ctx context.Context) *ActionToken {
+	node, err := atq.Only(ctx)
+	if err != nil {
+		panic(err)
+	}
+	return node
+}
+
+// OnlyID is like Only, but returns the only ActionToken ID in the query.
+// Returns a *NotSingularError when more than one ActionToken ID is found.
+// Returns a *NotFoundError when no entities are found.
+func (atq *ActionTokenQuery) OnlyID(ctx context.Context) (id uuid.UUID, err error) {
+	var ids []uuid.UUID
+	if ids, err = atq.Limit(2).IDs(setContextOp(ctx, atq.ctx, "OnlyID")); err != nil {
+		return
+	}
+	switch len(ids) {
+	case 1:
+		id = ids[0]
+	case 0:
+		err = &NotFoundError{actiontoken.Label}
+	default:
+		err = &NotSingularError{actiontoken.Label}
+	}
+	return
+}
+
+// OnlyIDX is like OnlyID, but panics if an error occurs.
+func (atq *ActionTokenQuery) OnlyIDX(ctx context.Context) uuid.UUID {
+	id, err := atq.OnlyID(ctx)
+	if err != nil {
+		panic(err)
+	}
+	return id
+}
+
+// All executes the query and returns a list of ActionTokens.
+func (atq *ActionTokenQuery) All(ctx context.Context) ([]*ActionToken, error) {
+	ctx = setContextOp(ctx, atq.ctx, "All")
+	if err := atq.prepareQuery(ctx); err != nil {
+		return nil, err
+	}
+	qr := querierAll[[]*ActionToken, *ActionTokenQuery]()
+	return withInterceptors[[]*ActionToken](ctx, atq, qr, atq.inters)
+}
+
+// AllX is like All, but panics if an error occurs.
+func (atq *ActionTokenQuery) AllX(ctx context.Context) []*ActionToken {
+	nodes, err := atq.All(ctx)
+	if err != nil {
+		panic(err)
+	}
+	return nodes
+}
+
+// IDs executes the query and returns a list of ActionToken IDs.
+func (atq *ActionTokenQuery) IDs(ctx context.Context) (ids []uuid.UUID, err error) {
+	if atq.ctx.Unique == nil && atq.path != nil {
+		atq.Unique(true)
+	}
+	ctx = setContextOp(ctx, atq.ctx, "IDs")
+	if err = atq.Select(actiontoken.FieldID).Scan(ctx, &ids); err != nil {
+		return nil, err
+	}
+	return ids, nil
+}
+
+// IDsX is like IDs, but panics if an error occurs.
+func (atq *ActionTokenQuery) IDsX(ctx context.Context) []uuid.UUID {
+	ids, err := atq.IDs(ctx)
+	if err != nil {
+		panic(err)
+	}
+	return ids
+}
+
+// Count returns the count of the given query.
+func (atq *ActionTokenQuery) Count(ctx context.Context) (int, error) {
+	ctx = setContextOp(ctx, atq.ctx, "Count")
+	if err := atq.prepareQuery(ctx); err != nil {
+		return 0, err
+	}
+	return withInterceptors[int](ctx, atq, querierCount[*ActionTokenQuery](), atq.inters)
+}
+
+// CountX is like Count, but panics if an error occurs.
+func (atq *ActionTokenQuery) CountX(ctx context.Context) int {
+	count, err := atq.Count(ctx)
+	if err != nil {
+		panic(err)
+	}
+	return count
+}
+
+// Exist returns true if the query has elements in the graph.
+func (atq *ActionTokenQuery) Exist(ctx context.Context) (bool, error) {
+	ctx = setContextOp(ctx, atq.ctx, "Exist")
+	switch _, err := atq.FirstID(ctx); {
+	case IsNotFound(err):
+		return false, nil
+	case err != nil:
+		return false, fmt.Errorf("ent: check existence: %w", err)
+	default:
+		return true, nil
+	}
+}
+
+// ExistX is like Exist, but panics if an error occurs.
+func (atq *ActionTokenQuery) ExistX(ctx context.Context) bool {
+	exist, err := atq.Exist(ctx)
+	if err != nil {
+		panic(err)
+	}
+	return exist
+}
+
+// Clone returns a duplicate of the ActionTokenQuery builder, including all associated steps. It can be
+// used to prepare common query builders and use them differently after the clone is made.
+func (atq *ActionTokenQuery) Clone() *ActionTokenQuery {
+	if atq == nil {
+		return nil
+	}
+	return &ActionTokenQuery{
+		config:     atq.config,
+		ctx:        atq.ctx.Clone(),
+		order:      append([]actiontoken.OrderOption{}, atq.order...),
+		inters:     append([]Interceptor{}, atq.inters...),
+		predicates: append([]predicate.ActionToken{}, atq.predicates...),
+		withUser:   atq.withUser.Clone(),
+		// clone intermediate query.
+		sql:  atq.sql.Clone(),
+		path: atq.path,
+	}
+}
+
+// WithUser tells the query-builder to eager-load the nodes that are connected to
+// the "user" edge. The optional arguments are used to configure the query builder of the edge.
+func (atq *ActionTokenQuery) WithUser(opts ...func(*UserQuery)) *ActionTokenQuery {
+	query := (&UserClient{config: atq.config}).Query()
+	for _, opt := range opts {
+		opt(query)
+	}
+	atq.withUser = query
+	return atq
+}
+
+// GroupBy is used to group vertices by one or more fields/columns.
+// It is often used with aggregate functions, like: count, max, mean, min, sum.
+//
+// Example:
+//
+//	var v []struct {
+//		UserID uuid.UUID `json:"user_id,omitempty"`
+//		Count int `json:"count,omitempty"`
+//	}
+//
+//	client.ActionToken.Query().
+//		GroupBy(actiontoken.FieldUserID).
+//		Aggregate(ent.Count()).
+//		Scan(ctx, &v)
+func (atq *ActionTokenQuery) GroupBy(field string, fields ...string) *ActionTokenGroupBy {
+	atq.ctx.Fields = append([]string{field}, fields...)
+	grbuild := &ActionTokenGroupBy{build: atq}
+	grbuild.flds = &atq.ctx.Fields
+	grbuild.label = actiontoken.Label
+	grbuild.scan = grbuild.Scan
+	return grbuild
+}
+
+// Select allows the selection one or more fields/columns for the given query,
+// instead of selecting all fields in the entity.
+//
+// Example:
+//
+//	var v []struct {
+//		UserID uuid.UUID `json:"user_id,omitempty"`
+//	}
+//
+//	client.ActionToken.Query().
+//		Select(actiontoken.FieldUserID).
+//		Scan(ctx, &v)
+func (atq *ActionTokenQuery) Select(fields ...string) *ActionTokenSelect {
+	atq.ctx.Fields = append(atq.ctx.Fields, fields...)
+	sbuild := &ActionTokenSelect{ActionTokenQuery: atq}
+	sbuild.label = actiontoken.Label
+	sbuild.flds, sbuild.scan = &atq.ctx.Fields, sbuild.Scan
+	return sbuild
+}
+
+// Aggregate returns a ActionTokenSelect configured with the given aggregations.
+func (atq *ActionTokenQuery) Aggregate(fns ...AggregateFunc) *ActionTokenSelect {
+	return atq.Select().Aggregate(fns...)
+}
+
+func (atq *ActionTokenQuery) prepareQuery(ctx context.Context) error {
+	for _, inter := range atq.inters {
+		if inter == nil {
+			return fmt.Errorf("ent: uninitialized interceptor (forgotten import ent/runtime?)")
+		}
+		if trv, ok := inter.(Traverser); ok {
+			if err := trv.Traverse(ctx, atq); err != nil {
+				return err
+			}
+		}
+	}
+	for _, f := range atq.ctx.Fields {
+		if !actiontoken.ValidColumn(f) {
+			return &ValidationError{Name: f, err: fmt.Errorf("ent: invalid field %q for query", f)}
+		}
+	}
+	if atq.path != nil {
+		prev, err := atq.path(ctx)
+		if err != nil {
+			return err
+		}
+		atq.sql = prev
+	}
+	return nil
+}
+
+func (atq *ActionTokenQuery) sqlAll(ctx context.Context, hooks ...queryHook) ([]*ActionToken, error) {
+	var (
+		nodes       = []*ActionToken{}
+		_spec       = atq.querySpec()
+		loadedTypes = [1]bool{
+			atq.withUser != nil,
+		}
+	)
+	_spec.ScanValues = func(columns []string) ([]any, error) {
+		return (*ActionToken).scanValues(nil, columns)
+	}
+	_spec.Assign = func(columns []string, values []any) error {
+		node := &ActionToken{config: atq.config}
+		nodes = append(nodes, node)
+		node.Edges.loadedTypes = loadedTypes
+		return node.assignValues(columns, values)
+	}
+	for i := range hooks {
+		hooks[i](ctx, _spec)
+	}
+	if err := sqlgraph.QueryNodes(ctx, atq.driver, _spec); err != nil {
+		return nil, err
+	}
+	if len(nodes) == 0 {
+		return nodes, nil
+	}
+	if query := atq.withUser; query != nil {
+		if err := atq.loadUser(ctx, query, nodes, nil,
+			func(n *ActionToken, e *User) { n.Edges.User = e }); err != nil {
+			return nil, err
+		}
+	}
+	return nodes, nil
+}
+
+func (atq *ActionTokenQuery) loadUser(ctx context.Context, query *UserQuery, nodes []*ActionToken, init func(*ActionToken), assign func(*ActionToken, *User)) error {
+	ids := make([]uuid.UUID, 0, len(nodes))
+	nodeids := make(map[uuid.UUID][]*ActionToken)
+	for i := range nodes {
+		fk := nodes[i].UserID
+		if _, ok := nodeids[fk]; !ok {
+			ids = append(ids, fk)
+		}
+		nodeids[fk] = append(nodeids[fk], nodes[i])
+	}
+	if len(ids) == 0 {
+		return nil
+	}
+	query.Where(user.IDIn(ids...))
+	neighbors, err := query.All(ctx)
+	if err != nil {
+		return err
+	}
+	for _, n := range neighbors {
+		nodes, ok := nodeids[n.ID]
+		if !ok {
+			return fmt.Errorf(`unexpected foreign-key "user_id" returned %v`, n.ID)
+		}
+		for i := range nodes {
+			assign(nodes[i], n)
+		}
+	}
+	return nil
+}
+
+func (atq *ActionTokenQuery) sqlCount(ctx context.Context) (int, error) {
+	_spec := atq.querySpec()
+	_spec.Node.Columns = atq.ctx.Fields
+	if len(atq.ctx.Fields) > 0 {
+		_spec.Unique = atq.ctx.Unique != nil && *atq.ctx.Unique
+	}
+	return sqlgraph.CountNodes(ctx, atq.driver, _spec)
+}
+
+func (atq *ActionTokenQuery) querySpec() *sqlgraph.QuerySpec {
+	_spec := sqlgraph.NewQuerySpec(actiontoken.Table, actiontoken.Columns, sqlgraph.NewFieldSpec(actiontoken.FieldID, field.TypeUUID))
+	_spec.From = atq.sql
+	if unique := atq.ctx.Unique; unique != nil {
+		_spec.Unique = *unique
+	} else if atq.path != nil {
+		_spec.Unique = true
+	}
+	if fields := atq.ctx.Fields; len(fields) > 0 {
+		_spec.Node.Columns = make([]string, 0, len(fields))
+		_spec.Node.Columns = append(_spec.Node.Columns, actiontoken.FieldID)
+		for i := range fields {
+			if fields[i] != actiontoken.FieldID {
+				_spec.Node.Columns = append(_spec.Node.Columns, fields[i])
+			}
+		}
+		if atq.withUser != nil {
+			_spec.Node.AddColumnOnce(actiontoken.FieldUserID)
+		}
+	}
+	if ps := atq.predicates; len(ps) > 0 {
+		_spec.Predicate = func(selector *sql.Selector) {
+			for i := range ps {
+				ps[i](selector)
+			}
+		}
+	}
+	if limit := atq.ctx.Limit; limit != nil {
+		_spec.Limit = *limit
+	}
+	if offset := atq.ctx.Offset; offset != nil {
+		_spec.Offset = *offset
+	}
+	if ps := atq.order; len(ps) > 0 {
+		_spec.Order = func(selector *sql.Selector) {
+			for i := range ps {
+				ps[i](selector)
+			}
+		}
+	}
+	return _spec
+}
+
+func (atq *ActionTokenQuery) sqlQuery(ctx context.Context) *sql.Selector {
+	builder := sql.Dialect(atq.driver.Dialect())
+	t1 := builder.Table(actiontoken.Table)
+	columns := atq.ctx.Fields
+	if len(columns) == 0 {
+		columns = actiontoken.Columns
+	}
+	selector := builder.Select(t1.Columns(columns...)...).From(t1)
+	if atq.sql != nil {
+		selector = atq.sql
+		selector.Select(selector.Columns(columns...)...)
+	}
+	if atq.ctx.Unique != nil && *atq.ctx.Unique {
+		selector.Distinct()
+	}
+	for _, p := range atq.predicates {
+		p(selector)
+	}
+	for _, p := range atq.order {
+		p(selector)
+	}
+	if offset := atq.ctx.Offset; offset != nil {
+		// limit is mandatory for offset clause. We start
+		// with default value, and override it below if needed.
+		selector.Offset(*offset).Limit(math.MaxInt32)
+	}
+	if limit := atq.ctx.Limit; limit != nil {
+		selector.Limit(*limit)
+	}
+	return selector
+}
+
+// ActionTokenGroupBy is the group-by builder for ActionToken entities.
+type ActionTokenGroupBy struct {
+	selector
+	build *ActionTokenQuery
+}
+
+// Aggregate adds the given aggregation functions to the group-by query.
+func (atgb *ActionTokenGroupBy) Aggregate(fns ...AggregateFunc) *ActionTokenGroupBy {
+	atgb.fns = append(atgb.fns, fns...)
+	return atgb
+}
+
+// Scan applies the selector query and scans the result into the given value.
+func (atgb *ActionTokenGroupBy) Scan(ctx context.Context, v any) error {
+	ctx = setContextOp(ctx, atgb.build.ctx, "GroupBy")
+	if err := atgb.build.prepareQuery(ctx); err != nil {
+		return err
+	}
+	return scanWithInterceptors[*ActionTokenQuery, *ActionTokenGroupBy](ctx, atgb.build, atgb, atgb.build.inters, v)
+}
+
+func (atgb *ActionTokenGroupBy) sqlScan(ctx context.Context, root *ActionTokenQuery, v any) error {
+	selector := root.sqlQuery(ctx).Select()
+	aggregation := make([]string, 0, len(atgb.fns))
+	for _, fn := range atgb.fns {
+		aggregation = append(aggregation, fn(selector))
+	}
+	if len(selector.SelectedColumns()) == 0 {
+		columns := make([]string, 0, len(*atgb.flds)+len(atgb.fns))
+		for _, f := range *atgb.flds {
+			columns = append(columns, selector.C(f))
+		}
+		columns = append(columns, aggregation...)
+		selector.Select(columns...)
+	}
+	selector.GroupBy(selector.Columns(*atgb.flds...)...)
+	if err := selector.Err(); err != nil {
+		return err
+	}
+	rows := &sql.Rows{}
+	query, args := selector.Query()
+	if err := atgb.build.driver.Query(ctx, query, args, rows); err != nil {
+		return err
+	}
+	defer rows.Close()
+	return sql.ScanSlice(rows, v)
+}
+
+// ActionTokenSelect is the builder for selecting fields of ActionToken entities.
+type ActionTokenSelect struct {
+	*ActionTokenQuery
+	selector
+}
+
+// Aggregate adds the given aggregation functions to the selector query.
+func (ats *ActionTokenSelect) Aggregate(fns ...AggregateFunc) *ActionTokenSelect {
+	ats.fns = append(ats.fns, fns...)
+	return ats
+}
+
+// Scan applies the selector query and scans the result into the given value.
+func (ats *ActionTokenSelect) Scan(ctx context.Context, v any) error {
+	ctx = setContextOp(ctx, ats.ctx, "Select")
+	if err := ats.prepareQuery(ctx); err != nil {
+		return err
+	}
+	return scanWithInterceptors[*ActionTokenQuery, *ActionTokenSelect](ctx, ats.ActionTokenQuery, ats, ats.inters, v)
+}
+
+func (ats *ActionTokenSelect) sqlScan(ctx context.Context, root *ActionTokenQuery, v any) error {
+	selector := root.sqlQuery(ctx)
+	aggregation := make([]string, 0, len(ats.fns))
+	for _, fn := range ats.fns {
+		aggregation = append(aggregation, fn(selector))
+	}
+	switch n := len(*ats.selector.flds); {
+	case n == 0 && len(aggregation) > 0:
+		selector.Select(aggregation...)
+	case n != 0 && len(aggregation) > 0:
+		selector.AppendSelect(aggregation...)
+	}
+	rows := &sql.Rows{}
+	query, args := selector.Query()
+	if err := ats.driver.Query(ctx, query, args, rows); err != nil {
+		return err
+	}
+	defer rows.Close()
+	return sql.ScanSlice(rows, v)
+}

backend/internal/data/ent/actiontoken_update.go

@@ -0,0 +1,406 @@
+// Code generated by ent, DO NOT EDIT.
+
+package ent
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"time"
+
+	"entgo.io/ent/dialect/sql"
+	"entgo.io/ent/dialect/sql/sqlgraph"
+	"entgo.io/ent/schema/field"
+	"github.com/google/uuid"
+	"github.com/hay-kot/homebox/backend/internal/data/ent/actiontoken"
+	"github.com/hay-kot/homebox/backend/internal/data/ent/predicate"
+	"github.com/hay-kot/homebox/backend/internal/data/ent/user"
+)
+
+// ActionTokenUpdate is the builder for updating ActionToken entities.
+type ActionTokenUpdate struct {
+	config
+	hooks    []Hook
+	mutation *ActionTokenMutation
+}
+
+// Where appends a list predicates to the ActionTokenUpdate builder.
+func (atu *ActionTokenUpdate) Where(ps ...predicate.ActionToken) *ActionTokenUpdate {
+	atu.mutation.Where(ps...)
+	return atu
+}
+
+// SetUserID sets the "user_id" field.
+func (atu *ActionTokenUpdate) SetUserID(u uuid.UUID) *ActionTokenUpdate {
+	atu.mutation.SetUserID(u)
+	return atu
+}
+
+// SetNillableUserID sets the "user_id" field if the given value is not nil.
+func (atu *ActionTokenUpdate) SetNillableUserID(u *uuid.UUID) *ActionTokenUpdate {
+	if u != nil {
+		atu.SetUserID(*u)
+	}
+	return atu
+}
+
+// SetUpdatedAt sets the "updated_at" field.
+func (atu *ActionTokenUpdate) SetUpdatedAt(t time.Time) *ActionTokenUpdate {
+	atu.mutation.SetUpdatedAt(t)
+	return atu
+}
+
+// SetAction sets the "action" field.
+func (atu *ActionTokenUpdate) SetAction(a actiontoken.Action) *ActionTokenUpdate {
+	atu.mutation.SetAction(a)
+	return atu
+}
+
+// SetNillableAction sets the "action" field if the given value is not nil.
+func (atu *ActionTokenUpdate) SetNillableAction(a *actiontoken.Action) *ActionTokenUpdate {
+	if a != nil {
+		atu.SetAction(*a)
+	}
+	return atu
+}
+
+// SetToken sets the "token" field.
+func (atu *ActionTokenUpdate) SetToken(b []byte) *ActionTokenUpdate {
+	atu.mutation.SetToken(b)
+	return atu
+}
+
+// SetUser sets the "user" edge to the User entity.
+func (atu *ActionTokenUpdate) SetUser(u *User) *ActionTokenUpdate {
+	return atu.SetUserID(u.ID)
+}
+
+// Mutation returns the ActionTokenMutation object of the builder.
+func (atu *ActionTokenUpdate) Mutation() *ActionTokenMutation {
+	return atu.mutation
+}
+
+// ClearUser clears the "user" edge to the User entity.
+func (atu *ActionTokenUpdate) ClearUser() *ActionTokenUpdate {
+	atu.mutation.ClearUser()
+	return atu
+}
+
+// Save executes the query and returns the number of nodes affected by the update operation.
+func (atu *ActionTokenUpdate) Save(ctx context.Context) (int, error) {
+	atu.defaults()
+	return withHooks(ctx, atu.sqlSave, atu.mutation, atu.hooks)
+}
+
+// SaveX is like Save, but panics if an error occurs.
+func (atu *ActionTokenUpdate) SaveX(ctx context.Context) int {
+	affected, err := atu.Save(ctx)
+	if err != nil {
+		panic(err)
+	}
+	return affected
+}
+
+// Exec executes the query.
+func (atu *ActionTokenUpdate) Exec(ctx context.Context) error {
+	_, err := atu.Save(ctx)
+	return err
+}
+
+// ExecX is like Exec, but panics if an error occurs.
+func (atu *ActionTokenUpdate) ExecX(ctx context.Context) {
+	if err := atu.Exec(ctx); err != nil {
+		panic(err)
+	}
+}
+
+// defaults sets the default values of the builder before save.
+func (atu *ActionTokenUpdate) defaults() {
+	if _, ok := atu.mutation.UpdatedAt(); !ok {
+		v := actiontoken.UpdateDefaultUpdatedAt()
+		atu.mutation.SetUpdatedAt(v)
+	}
+}
+
+// check runs all checks and user-defined validators on the builder.
+func (atu *ActionTokenUpdate) check() error {
+	if v, ok := atu.mutation.Action(); ok {
+		if err := actiontoken.ActionValidator(v); err != nil {
+			return &ValidationError{Name: "action", err: fmt.Errorf(`ent: validator failed for field "ActionToken.action": %w`, err)}
+		}
+	}
+	if _, ok := atu.mutation.UserID(); atu.mutation.UserCleared() && !ok {
+		return errors.New(`ent: clearing a required unique edge "ActionToken.user"`)
+	}
+	return nil
+}
+
+func (atu *ActionTokenUpdate) sqlSave(ctx context.Context) (n int, err error) {
+	if err := atu.check(); err != nil {
+		return n, err
+	}
+	_spec := sqlgraph.NewUpdateSpec(actiontoken.Table, actiontoken.Columns, sqlgraph.NewFieldSpec(actiontoken.FieldID, field.TypeUUID))
+	if ps := atu.mutation.predicates; len(ps) > 0 {
+		_spec.Predicate = func(selector *sql.Selector) {
+			for i := range ps {
+				ps[i](selector)
+			}
+		}
+	}
+	if value, ok := atu.mutation.UpdatedAt(); ok {
+		_spec.SetField(actiontoken.FieldUpdatedAt, field.TypeTime, value)
+	}
+	if value, ok := atu.mutation.Action(); ok {
+		_spec.SetField(actiontoken.FieldAction, field.TypeEnum, value)
+	}
+	if value, ok := atu.mutation.Token(); ok {
+		_spec.SetField(actiontoken.FieldToken, field.TypeBytes, value)
+	}
+	if atu.mutation.UserCleared() {
+		edge := &sqlgraph.EdgeSpec{
+			Rel:     sqlgraph.M2O,
+			Inverse: true,
+			Table:   actiontoken.UserTable,
+			Columns: []string{actiontoken.UserColumn},
+			Bidi:    false,
+			Target: &sqlgraph.EdgeTarget{
+				IDSpec: sqlgraph.NewFieldSpec(user.FieldID, field.TypeUUID),
+			},
+		}
+		_spec.Edges.Clear = append(_spec.Edges.Clear, edge)
+	}
+	if nodes := atu.mutation.UserIDs(); len(nodes) > 0 {
+		edge := &sqlgraph.EdgeSpec{
+			Rel:     sqlgraph.M2O,
+			Inverse: true,
+			Table:   actiontoken.UserTable,
+			Columns: []string{actiontoken.UserColumn},
+			Bidi:    false,
+			Target: &sqlgraph.EdgeTarget{
+				IDSpec: sqlgraph.NewFieldSpec(user.FieldID, field.TypeUUID),
+			},
+		}
+		for _, k := range nodes {
+			edge.Target.Nodes = append(edge.Target.Nodes, k)
+		}
+		_spec.Edges.Add = append(_spec.Edges.Add, edge)
+	}
+	if n, err = sqlgraph.UpdateNodes(ctx, atu.driver, _spec); err != nil {
+		if _, ok := err.(*sqlgraph.NotFoundError); ok {
+			err = &NotFoundError{actiontoken.Label}
+		} else if sqlgraph.IsConstraintError(err) {
+			err = &ConstraintError{msg: err.Error(), wrap: err}
+		}
+		return 0, err
+	}
+	atu.mutation.done = true
+	return n, nil
+}
+
+// ActionTokenUpdateOne is the builder for updating a single ActionToken entity.
+type ActionTokenUpdateOne struct {
+	config
+	fields   []string
+	hooks    []Hook
+	mutation *ActionTokenMutation
+}
+
+// SetUserID sets the "user_id" field.
+func (atuo *ActionTokenUpdateOne) SetUserID(u uuid.UUID) *ActionTokenUpdateOne {
+	atuo.mutation.SetUserID(u)
+	return atuo
+}
+
+// SetNillableUserID sets the "user_id" field if the given value is not nil.
+func (atuo *ActionTokenUpdateOne) SetNillableUserID(u *uuid.UUID) *ActionTokenUpdateOne {
+	if u != nil {
+		atuo.SetUserID(*u)
+	}
+	return atuo
+}
+
+// SetUpdatedAt sets the "updated_at" field.
+func (atuo *ActionTokenUpdateOne) SetUpdatedAt(t time.Time) *ActionTokenUpdateOne {
+	atuo.mutation.SetUpdatedAt(t)
+	return atuo
+}
+
+// SetAction sets the "action" field.
+func (atuo *ActionTokenUpdateOne) SetAction(a actiontoken.Action) *ActionTokenUpdateOne {
+	atuo.mutation.SetAction(a)
+	return atuo
+}
+
+// SetNillableAction sets the "action" field if the given value is not nil.
+func (atuo *ActionTokenUpdateOne) SetNillableAction(a *actiontoken.Action) *ActionTokenUpdateOne {
+	if a != nil {
+		atuo.SetAction(*a)
+	}
+	return atuo
+}
+
+// SetToken sets the "token" field.
+func (atuo *ActionTokenUpdateOne) SetToken(b []byte) *ActionTokenUpdateOne {
+	atuo.mutation.SetToken(b)
+	return atuo
+}
+
+// SetUser sets the "user" edge to the User entity.
+func (atuo *ActionTokenUpdateOne) SetUser(u *User) *ActionTokenUpdateOne {
+	return atuo.SetUserID(u.ID)
+}
+
+// Mutation returns the ActionTokenMutation object of the builder.
+func (atuo *ActionTokenUpdateOne) Mutation() *ActionTokenMutation {
+	return atuo.mutation
+}
+
+// ClearUser clears the "user" edge to the User entity.
+func (atuo *ActionTokenUpdateOne) ClearUser() *ActionTokenUpdateOne {
+	atuo.mutation.ClearUser()
+	return atuo
+}
+
+// Where appends a list predicates to the ActionTokenUpdate builder.
+func (atuo *ActionTokenUpdateOne) Where(ps ...predicate.ActionToken) *ActionTokenUpdateOne {
+	atuo.mutation.Where(ps...)
+	return atuo
+}
+
+// Select allows selecting one or more fields (columns) of the returned entity.
+// The default is selecting all fields defined in the entity schema.
+func (atuo *ActionTokenUpdateOne) Select(field string, fields ...string) *ActionTokenUpdateOne {
+	atuo.fields = append([]string{field}, fields...)
+	return atuo
+}
+
+// Save executes the query and returns the updated ActionToken entity.
+func (atuo *ActionTokenUpdateOne) Save(ctx context.Context) (*ActionToken, error) {
+	atuo.defaults()
+	return withHooks(ctx, atuo.sqlSave, atuo.mutation, atuo.hooks)
+}
+
+// SaveX is like Save, but panics if an error occurs.
+func (atuo *ActionTokenUpdateOne) SaveX(ctx context.Context) *ActionToken {
+	node, err := atuo.Save(ctx)
+	if err != nil {
+		panic(err)
+	}
+	return node
+}
+
+// Exec executes the query on the entity.
+func (atuo *ActionTokenUpdateOne) Exec(ctx context.Context) error {
+	_, err := atuo.Save(ctx)
+	return err
+}
+
+// ExecX is like Exec, but panics if an error occurs.
+func (atuo *ActionTokenUpdateOne) ExecX(ctx context.Context) {
+	if err := atuo.Exec(ctx); err != nil {
+		panic(err)
+	}
+}
+
+// defaults sets the default values of the builder before save.
+func (atuo *ActionTokenUpdateOne) defaults() {
+	if _, ok := atuo.mutation.UpdatedAt(); !ok {
+		v := actiontoken.UpdateDefaultUpdatedAt()
+		atuo.mutation.SetUpdatedAt(v)
+	}
+}
+
+// check runs all checks and user-defined validators on the builder.
+func (atuo *ActionTokenUpdateOne) check() error {
+	if v, ok := atuo.mutation.Action(); ok {
+		if err := actiontoken.ActionValidator(v); err != nil {
+			return &ValidationError{Name: "action", err: fmt.Errorf(`ent: validator failed for field "ActionToken.action": %w`, err)}
+		}
+	}
+	if _, ok := atuo.mutation.UserID(); atuo.mutation.UserCleared() && !ok {
+		return errors.New(`ent: clearing a required unique edge "ActionToken.user"`)
+	}
+	return nil
+}
+
+func (atuo *ActionTokenUpdateOne) sqlSave(ctx context.Context) (_node *ActionToken, err error) {
+	if err := atuo.check(); err != nil {
+		return _node, err
+	}
+	_spec := sqlgraph.NewUpdateSpec(actiontoken.Table, actiontoken.Columns, sqlgraph.NewFieldSpec(actiontoken.FieldID, field.TypeUUID))
+	id, ok := atuo.mutation.ID()
+	if !ok {
+		return nil, &ValidationError{Name: "id", err: errors.New(`ent: missing "ActionToken.id" for update`)}
+	}
+	_spec.Node.ID.Value = id
+	if fields := atuo.fields; len(fields) > 0 {
+		_spec.Node.Columns = make([]string, 0, len(fields))
+		_spec.Node.Columns = append(_spec.Node.Columns, actiontoken.FieldID)
+		for _, f := range fields {
+			if !actiontoken.ValidColumn(f) {
+				return nil, &ValidationError{Name: f, err: fmt.Errorf("ent: invalid field %q for query", f)}
+			}
+			if f != actiontoken.FieldID {
+				_spec.Node.Columns = append(_spec.Node.Columns, f)
+			}
+		}
+	}
+	if ps := atuo.mutation.predicates; len(ps) > 0 {
+		_spec.Predicate = func(selector *sql.Selector) {
+			for i := range ps {
+				ps[i](selector)
+			}
+		}
+	}
+	if value, ok := atuo.mutation.UpdatedAt(); ok {
+		_spec.SetField(actiontoken.FieldUpdatedAt, field.TypeTime, value)
+	}
+	if value, ok := atuo.mutation.Action(); ok {
+		_spec.SetField(actiontoken.FieldAction, field.TypeEnum, value)
+	}
+	if value, ok := atuo.mutation.Token(); ok {
+		_spec.SetField(actiontoken.FieldToken, field.TypeBytes, value)
+	}
+	if atuo.mutation.UserCleared() {
+		edge := &sqlgraph.EdgeSpec{
+			Rel:     sqlgraph.M2O,
+			Inverse: true,
+			Table:   actiontoken.UserTable,
+			Columns: []string{actiontoken.UserColumn},
+			Bidi:    false,
+			Target: &sqlgraph.EdgeTarget{
+				IDSpec: sqlgraph.NewFieldSpec(user.FieldID, field.TypeUUID),
+			},
+		}
+		_spec.Edges.Clear = append(_spec.Edges.Clear, edge)
+	}
+	if nodes := atuo.mutation.UserIDs(); len(nodes) > 0 {
+		edge := &sqlgraph.EdgeSpec{
+			Rel:     sqlgraph.M2O,
+			Inverse: true,
+			Table:   actiontoken.UserTable,
+			Columns: []string{actiontoken.UserColumn},
+			Bidi:    false,
+			Target: &sqlgraph.EdgeTarget{
+				IDSpec: sqlgraph.NewFieldSpec(user.FieldID, field.TypeUUID),
+			},
+		}
+		for _, k := range nodes {
+			edge.Target.Nodes = append(edge.Target.Nodes, k)
+		}
+		_spec.Edges.Add = append(_spec.Edges.Add, edge)
+	}
+	_node = &ActionToken{config: atuo.config}
+	_spec.Assign = _node.assignValues
+	_spec.ScanValues = _node.scanValues
+	if err = sqlgraph.UpdateNode(ctx, atuo.driver, _spec); err != nil {
+		if _, ok := err.(*sqlgraph.NotFoundError); ok {
+			err = &NotFoundError{actiontoken.Label}
+		} else if sqlgraph.IsConstraintError(err) {
+			err = &ConstraintError{msg: err.Error(), wrap: err}
+		}
+		return nil, err
+	}
+	atuo.mutation.done = true
+	return _node, nil
+}

backend/internal/data/ent/attachment.go

@@ -7,6 +7,7 @@ import (
 	"strings"
 	"time"
 
+	"entgo.io/ent"
 	"entgo.io/ent/dialect/sql"
 	"github.com/google/uuid"
 	"github.com/hay-kot/homebox/backend/internal/data/ent/attachment"
@@ -25,11 +26,14 @@ type Attachment struct {
 	UpdatedAt time.Time `json:"updated_at,omitempty"`
 	// Type holds the value of the "type" field.
 	Type attachment.Type `json:"type,omitempty"`
+	// Primary holds the value of the "primary" field.
+	Primary bool `json:"primary,omitempty"`
 	// Edges holds the relations/edges for other nodes in the graph.
 	// The values are being populated by the AttachmentQuery when eager-loading is set.
 	Edges                AttachmentEdges `json:"edges"`
 	document_attachments *uuid.UUID
 	item_attachments     *uuid.UUID
+	selectValues         sql.SelectValues
 }
 
 // AttachmentEdges holds the relations/edges for other nodes in the graph.
@@ -74,6 +78,8 @@ func (*Attachment) scanValues(columns []string) ([]any, error) {
 	values := make([]any, len(columns))
 	for i := range columns {
 		switch columns[i] {
+		case attachment.FieldPrimary:
+			values[i] = new(sql.NullBool)
 		case attachment.FieldType:
 			values[i] = new(sql.NullString)
 		case attachment.FieldCreatedAt, attachment.FieldUpdatedAt:
@@ -85,7 +91,7 @@ func (*Attachment) scanValues(columns []string) ([]any, error) {
 		case attachment.ForeignKeys[1]: // item_attachments
 			values[i] = &sql.NullScanner{S: new(uuid.UUID)}
 		default:
-			return nil, fmt.Errorf("unexpected column %q for type Attachment", columns[i])
+			values[i] = new(sql.UnknownType)
 		}
 	}
 	return values, nil
@@ -123,6 +129,12 @@ func (a *Attachment) assignValues(columns []string, values []any) error {
 			} else if value.Valid {
 				a.Type = attachment.Type(value.String)
 			}
+		case attachment.FieldPrimary:
+			if value, ok := values[i].(*sql.NullBool); !ok {
+				return fmt.Errorf("unexpected type %T for field primary", values[i])
+			} else if value.Valid {
+				a.Primary = value.Bool
+			}
 		case attachment.ForeignKeys[0]:
 			if value, ok := values[i].(*sql.NullScanner); !ok {
 				return fmt.Errorf("unexpected type %T for field document_attachments", values[i])
@@ -137,11 +149,19 @@ func (a *Attachment) assignValues(columns []string, values []any) error {
 				a.item_attachments = new(uuid.UUID)
 				*a.item_attachments = *value.S.(*uuid.UUID)
 			}
+		default:
+			a.selectValues.Set(columns[i], values[i])
 		}
 	}
 	return nil
 }
 
+// Value returns the ent.Value that was dynamically selected and assigned to the Attachment.
+// This includes values selected through modifiers, order, etc.
+func (a *Attachment) Value(name string) (ent.Value, error) {
+	return a.selectValues.Get(name)
+}
+
 // QueryItem queries the "item" edge of the Attachment entity.
 func (a *Attachment) QueryItem() *ItemQuery {
 	return NewAttachmentClient(a.config).QueryItem(a)
@@ -183,6 +203,9 @@ func (a *Attachment) String() string {
 	builder.WriteString(", ")
 	builder.WriteString("type=")
 	builder.WriteString(fmt.Sprintf("%v", a.Type))
+	builder.WriteString(", ")
+	builder.WriteString("primary=")
+	builder.WriteString(fmt.Sprintf("%v", a.Primary))
 	builder.WriteByte(')')
 	return builder.String()
 }

backend/internal/data/ent/attachment/attachment.go

@@ -6,6 +6,8 @@ import (
 	"fmt"
 	"time"
 
+	"entgo.io/ent/dialect/sql"
+	"entgo.io/ent/dialect/sql/sqlgraph"
 	"github.com/google/uuid"
 )
 
@@ -20,6 +22,8 @@ const (
 	FieldUpdatedAt = "updated_at"
 	// FieldType holds the string denoting the type field in the database.
 	FieldType = "type"
+	// FieldPrimary holds the string denoting the primary field in the database.
+	FieldPrimary = "primary"
 	// EdgeItem holds the string denoting the item edge name in mutations.
 	EdgeItem = "item"
 	// EdgeDocument holds the string denoting the document edge name in mutations.
@@ -48,6 +52,7 @@ var Columns = []string{
 	FieldCreatedAt,
 	FieldUpdatedAt,
 	FieldType,
+	FieldPrimary,
 }
 
 // ForeignKeys holds the SQL foreign-keys that are owned by the "attachments"
@@ -79,6 +84,8 @@ var (
 	DefaultUpdatedAt func() time.Time
 	// UpdateDefaultUpdatedAt holds the default value on update for the "updated_at" field.
 	UpdateDefaultUpdatedAt func() time.Time
+	// DefaultPrimary holds the default value on creation for the "primary" field.
+	DefaultPrimary bool
 	// DefaultID holds the default value on creation for the "id" field.
 	DefaultID func() uuid.UUID
 )
@@ -111,3 +118,59 @@ func TypeValidator(_type Type) error {
 		return fmt.Errorf("attachment: invalid enum value for type field: %q", _type)
 	}
 }
+
+// OrderOption defines the ordering options for the Attachment queries.
+type OrderOption func(*sql.Selector)
+
+// ByID orders the results by the id field.
+func ByID(opts ...sql.OrderTermOption) OrderOption {
+	return sql.OrderByField(FieldID, opts...).ToFunc()
+}
+
+// ByCreatedAt orders the results by the created_at field.
+func ByCreatedAt(opts ...sql.OrderTermOption) OrderOption {
+	return sql.OrderByField(FieldCreatedAt, opts...).ToFunc()
+}
+
+// ByUpdatedAt orders the results by the updated_at field.
+func ByUpdatedAt(opts ...sql.OrderTermOption) OrderOption {
+	return sql.OrderByField(FieldUpdatedAt, opts...).ToFunc()
+}
+
+// ByType orders the results by the type field.
+func ByType(opts ...sql.OrderTermOption) OrderOption {
+	return sql.OrderByField(FieldType, opts...).ToFunc()
+}
+
+// ByPrimary orders the results by the primary field.
+func ByPrimary(opts ...sql.OrderTermOption) OrderOption {
+	return sql.OrderByField(FieldPrimary, opts...).ToFunc()
+}
+
+// ByItemField orders the results by item field.
+func ByItemField(field string, opts ...sql.OrderTermOption) OrderOption {
+	return func(s *sql.Selector) {
+		sqlgraph.OrderByNeighborTerms(s, newItemStep(), sql.OrderByField(field, opts...))
+	}
+}
+
+// ByDocumentField orders the results by document field.
+func ByDocumentField(field string, opts ...sql.OrderTermOption) OrderOption {
+	return func(s *sql.Selector) {
+		sqlgraph.OrderByNeighborTerms(s, newDocumentStep(), sql.OrderByField(field, opts...))
+	}
+}
+func newItemStep() *sqlgraph.Step {
+	return sqlgraph.NewStep(
+		sqlgraph.From(Table, FieldID),
+		sqlgraph.To(ItemInverseTable, FieldID),
+		sqlgraph.Edge(sqlgraph.M2O, true, ItemTable, ItemColumn),
+	)
+}
+func newDocumentStep() *sqlgraph.Step {
+	return sqlgraph.NewStep(
+		sqlgraph.From(Table, FieldID),
+		sqlgraph.To(DocumentInverseTable, FieldID),
+		sqlgraph.Edge(sqlgraph.M2O, true, DocumentTable, DocumentColumn),
+	)
+}

backend/internal/data/ent/attachment/where.go

@@ -66,6 +66,11 @@ func UpdatedAt(v time.Time) predicate.Attachment {
 	return predicate.Attachment(sql.FieldEQ(FieldUpdatedAt, v))
 }
 
+// Primary applies equality check predicate on the "primary" field. It's identical to PrimaryEQ.
+func Primary(v bool) predicate.Attachment {
+	return predicate.Attachment(sql.FieldEQ(FieldPrimary, v))
+}
+
 // CreatedAtEQ applies the EQ predicate on the "created_at" field.
 func CreatedAtEQ(v time.Time) predicate.Attachment {
 	return predicate.Attachment(sql.FieldEQ(FieldCreatedAt, v))
@@ -166,6 +171,16 @@ func TypeNotIn(vs ...Type) predicate.Attachment {
 	return predicate.Attachment(sql.FieldNotIn(FieldType, vs...))
 }
 
+// PrimaryEQ applies the EQ predicate on the "primary" field.
+func PrimaryEQ(v bool) predicate.Attachment {
+	return predicate.Attachment(sql.FieldEQ(FieldPrimary, v))
+}
+
+// PrimaryNEQ applies the NEQ predicate on the "primary" field.
+func PrimaryNEQ(v bool) predicate.Attachment {
+	return predicate.Attachment(sql.FieldNEQ(FieldPrimary, v))
+}
+
 // HasItem applies the HasEdge predicate on the "item" edge.
 func HasItem() predicate.Attachment {
 	return predicate.Attachment(func(s *sql.Selector) {
@@ -180,11 +195,7 @@ func HasItem() predicate.Attachment {
 // HasItemWith applies the HasEdge predicate on the "item" edge with a given conditions (other predicates).
 func HasItemWith(preds ...predicate.Item) predicate.Attachment {
 	return predicate.Attachment(func(s *sql.Selector) {
-		step := sqlgraph.NewStep(
-			sqlgraph.From(Table, FieldID),
-			sqlgraph.To(ItemInverseTable, FieldID),
-			sqlgraph.Edge(sqlgraph.M2O, true, ItemTable, ItemColumn),
-		)
+		step := newItemStep()
 		sqlgraph.HasNeighborsWith(s, step, func(s *sql.Selector) {
 			for _, p := range preds {
 				p(s)
@@ -207,11 +218,7 @@ func HasDocument() predicate.Attachment {
 // HasDocumentWith applies the HasEdge predicate on the "document" edge with a given conditions (other predicates).
 func HasDocumentWith(preds ...predicate.Document) predicate.Attachment {
 	return predicate.Attachment(func(s *sql.Selector) {
-		step := sqlgraph.NewStep(
-			sqlgraph.From(Table, FieldID),
-			sqlgraph.To(DocumentInverseTable, FieldID),
-			sqlgraph.Edge(sqlgraph.M2O, true, DocumentTable, DocumentColumn),
-		)
+		step := newDocumentStep()
 		sqlgraph.HasNeighborsWith(s, step, func(s *sql.Selector) {
 			for _, p := range preds {
 				p(s)
@@ -222,32 +229,15 @@ func HasDocumentWith(preds ...predicate.Document) predicate.Attachment {
 
 // And groups predicates with the AND operator between them.
 func And(predicates ...predicate.Attachment) predicate.Attachment {
-	return predicate.Attachment(func(s *sql.Selector) {
-		s1 := s.Clone().SetP(nil)
-		for _, p := range predicates {
-			p(s1)
-		}
-		s.Where(s1.P())
-	})
+	return predicate.Attachment(sql.AndPredicates(predicates...))
 }
 
 // Or groups predicates with the OR operator between them.
 func Or(predicates ...predicate.Attachment) predicate.Attachment {
-	return predicate.Attachment(func(s *sql.Selector) {
-		s1 := s.Clone().SetP(nil)
-		for i, p := range predicates {
-			if i > 0 {
-				s1.Or()
-			}
-			p(s1)
-		}
-		s.Where(s1.P())
-	})
+	return predicate.Attachment(sql.OrPredicates(predicates...))
 }
 
 // Not applies the not operator on the given predicate.
 func Not(p predicate.Attachment) predicate.Attachment {
-	return predicate.Attachment(func(s *sql.Selector) {
-		p(s.Not())
-	})
+	return predicate.Attachment(sql.NotPredicates(p))
 }

backend/internal/data/ent/attachment_create.go

@@ -65,6 +65,20 @@ func (ac *AttachmentCreate) SetNillableType(a *attachment.Type) *AttachmentCreat
 	return ac
 }
 
+// SetPrimary sets the "primary" field.
+func (ac *AttachmentCreate) SetPrimary(b bool) *AttachmentCreate {
+	ac.mutation.SetPrimary(b)
+	return ac
+}
+
+// SetNillablePrimary sets the "primary" field if the given value is not nil.
+func (ac *AttachmentCreate) SetNillablePrimary(b *bool) *AttachmentCreate {
+	if b != nil {
+		ac.SetPrimary(*b)
+	}
+	return ac
+}
+
 // SetID sets the "id" field.
 func (ac *AttachmentCreate) SetID(u uuid.UUID) *AttachmentCreate {
 	ac.mutation.SetID(u)
@@ -109,7 +123,7 @@ func (ac *AttachmentCreate) Mutation() *AttachmentMutation {
 // Save creates the Attachment in the database.
 func (ac *AttachmentCreate) Save(ctx context.Context) (*Attachment, error) {
 	ac.defaults()
-	return withHooks[*Attachment, AttachmentMutation](ctx, ac.sqlSave, ac.mutation, ac.hooks)
+	return withHooks(ctx, ac.sqlSave, ac.mutation, ac.hooks)
 }
 
 // SaveX calls Save and panics if Save returns an error.
@@ -148,6 +162,10 @@ func (ac *AttachmentCreate) defaults() {
 		v := attachment.DefaultType
 		ac.mutation.SetType(v)
 	}
+	if _, ok := ac.mutation.Primary(); !ok {
+		v := attachment.DefaultPrimary
+		ac.mutation.SetPrimary(v)
+	}
 	if _, ok := ac.mutation.ID(); !ok {
 		v := attachment.DefaultID()
 		ac.mutation.SetID(v)
@@ -170,6 +188,9 @@ func (ac *AttachmentCreate) check() error {
 			return &ValidationError{Name: "type", err: fmt.Errorf(`ent: validator failed for field "Attachment.type": %w`, err)}
 		}
 	}
+	if _, ok := ac.mutation.Primary(); !ok {
+		return &ValidationError{Name: "primary", err: errors.New(`ent: missing required field "Attachment.primary"`)}
+	}
 	if _, ok := ac.mutation.ItemID(); !ok {
 		return &ValidationError{Name: "item", err: errors.New(`ent: missing required edge "Attachment.item"`)}
 	}
@@ -223,6 +244,10 @@ func (ac *AttachmentCreate) createSpec() (*Attachment, *sqlgraph.CreateSpec) {
 		_spec.SetField(attachment.FieldType, field.TypeEnum, value)
 		_node.Type = value
 	}
+	if value, ok := ac.mutation.Primary(); ok {
+		_spec.SetField(attachment.FieldPrimary, field.TypeBool, value)
+		_node.Primary = value
+	}
 	if nodes := ac.mutation.ItemIDs(); len(nodes) > 0 {
 		edge := &sqlgraph.EdgeSpec{
 			Rel:     sqlgraph.M2O,
@@ -263,11 +288,15 @@ func (ac *AttachmentCreate) createSpec() (*Attachment, *sqlgraph.CreateSpec) {
 // AttachmentCreateBulk is the builder for creating many Attachment entities in bulk.
 type AttachmentCreateBulk struct {
 	config
+	err      error
 	builders []*AttachmentCreate
 }
 
 // Save creates the Attachment entities in the database.
 func (acb *AttachmentCreateBulk) Save(ctx context.Context) ([]*Attachment, error) {
+	if acb.err != nil {
+		return nil, acb.err
+	}
 	specs := make([]*sqlgraph.CreateSpec, len(acb.builders))
 	nodes := make([]*Attachment, len(acb.builders))
 	mutators := make([]Mutator, len(acb.builders))
@@ -284,8 +313,8 @@ func (acb *AttachmentCreateBulk) Save(ctx context.Context) ([]*Attachment, error
 					return nil, err
 				}
 				builder.mutation = mutation
-				nodes[i], specs[i] = builder.createSpec()
 				var err error
+				nodes[i], specs[i] = builder.createSpec()
 				if i < len(mutators)-1 {
 					_, err = mutators[i+1].Mutate(root, acb.builders[i+1].mutation)
 				} else {

backend/internal/data/ent/attachment_delete.go

@@ -27,7 +27,7 @@ func (ad *AttachmentDelete) Where(ps ...predicate.Attachment) *AttachmentDelete
 
 // Exec executes the deletion query and returns how many vertices were deleted.
 func (ad *AttachmentDelete) Exec(ctx context.Context) (int, error) {
-	return withHooks[int, AttachmentMutation](ctx, ad.sqlExec, ad.mutation, ad.hooks)
+	return withHooks(ctx, ad.sqlExec, ad.mutation, ad.hooks)
 }
 
 // ExecX is like Exec, but panics if an error occurs.

backend/internal/data/ent/attachment_query.go

@@ -21,7 +21,7 @@ import (
 type AttachmentQuery struct {
 	config
 	ctx          *QueryContext
-	order        []OrderFunc
+	order        []attachment.OrderOption
 	inters       []Interceptor
 	predicates   []predicate.Attachment
 	withItem     *ItemQuery
@@ -58,7 +58,7 @@ func (aq *AttachmentQuery) Unique(unique bool) *AttachmentQuery {
 }
 
 // Order specifies how the records should be ordered.
-func (aq *AttachmentQuery) Order(o ...OrderFunc) *AttachmentQuery {
+func (aq *AttachmentQuery) Order(o ...attachment.OrderOption) *AttachmentQuery {
 	aq.order = append(aq.order, o...)
 	return aq
 }
@@ -296,7 +296,7 @@ func (aq *AttachmentQuery) Clone() *AttachmentQuery {
 	return &AttachmentQuery{
 		config:       aq.config,
 		ctx:          aq.ctx.Clone(),
-		order:        append([]OrderFunc{}, aq.order...),
+		order:        append([]attachment.OrderOption{}, aq.order...),
 		inters:       append([]Interceptor{}, aq.inters...),
 		predicates:   append([]predicate.Attachment{}, aq.predicates...),
 		withItem:     aq.withItem.Clone(),

backend/internal/data/ent/attachment_update.go

@@ -51,6 +51,20 @@ func (au *AttachmentUpdate) SetNillableType(a *attachment.Type) *AttachmentUpdat
 	return au
 }
 
+// SetPrimary sets the "primary" field.
+func (au *AttachmentUpdate) SetPrimary(b bool) *AttachmentUpdate {
+	au.mutation.SetPrimary(b)
+	return au
+}
+
+// SetNillablePrimary sets the "primary" field if the given value is not nil.
+func (au *AttachmentUpdate) SetNillablePrimary(b *bool) *AttachmentUpdate {
+	if b != nil {
+		au.SetPrimary(*b)
+	}
+	return au
+}
+
 // SetItemID sets the "item" edge to the Item entity by ID.
 func (au *AttachmentUpdate) SetItemID(id uuid.UUID) *AttachmentUpdate {
 	au.mutation.SetItemID(id)
@@ -93,7 +107,7 @@ func (au *AttachmentUpdate) ClearDocument() *AttachmentUpdate {
 // Save executes the query and returns the number of nodes affected by the update operation.
 func (au *AttachmentUpdate) Save(ctx context.Context) (int, error) {
 	au.defaults()
-	return withHooks[int, AttachmentMutation](ctx, au.sqlSave, au.mutation, au.hooks)
+	return withHooks(ctx, au.sqlSave, au.mutation, au.hooks)
 }
 
 // SaveX is like Save, but panics if an error occurs.
@@ -160,6 +174,9 @@ func (au *AttachmentUpdate) sqlSave(ctx context.Context) (n int, err error) {
 	if value, ok := au.mutation.GetType(); ok {
 		_spec.SetField(attachment.FieldType, field.TypeEnum, value)
 	}
+	if value, ok := au.mutation.Primary(); ok {
+		_spec.SetField(attachment.FieldPrimary, field.TypeBool, value)
+	}
 	if au.mutation.ItemCleared() {
 		edge := &sqlgraph.EdgeSpec{
 			Rel:     sqlgraph.M2O,
@@ -258,6 +275,20 @@ func (auo *AttachmentUpdateOne) SetNillableType(a *attachment.Type) *AttachmentU
 	return auo
 }
 
+// SetPrimary sets the "primary" field.
+func (auo *AttachmentUpdateOne) SetPrimary(b bool) *AttachmentUpdateOne {
+	auo.mutation.SetPrimary(b)
+	return auo
+}
+
+// SetNillablePrimary sets the "primary" field if the given value is not nil.
+func (auo *AttachmentUpdateOne) SetNillablePrimary(b *bool) *AttachmentUpdateOne {
+	if b != nil {
+		auo.SetPrimary(*b)
+	}
+	return auo
+}
+
 // SetItemID sets the "item" edge to the Item entity by ID.
 func (auo *AttachmentUpdateOne) SetItemID(id uuid.UUID) *AttachmentUpdateOne {
 	auo.mutation.SetItemID(id)
@@ -313,7 +344,7 @@ func (auo *AttachmentUpdateOne) Select(field string, fields ...string) *Attachme
 // Save executes the query and returns the updated Attachment entity.
 func (auo *AttachmentUpdateOne) Save(ctx context.Context) (*Attachment, error) {
 	auo.defaults()
-	return withHooks[*Attachment, AttachmentMutation](ctx, auo.sqlSave, auo.mutation, auo.hooks)
+	return withHooks(ctx, auo.sqlSave, auo.mutation, auo.hooks)
 }
 
 // SaveX is like Save, but panics if an error occurs.
@@ -397,6 +428,9 @@ func (auo *AttachmentUpdateOne) sqlSave(ctx context.Context) (_node *Attachment,
 	if value, ok := auo.mutation.GetType(); ok {
 		_spec.SetField(attachment.FieldType, field.TypeEnum, value)
 	}
+	if value, ok := auo.mutation.Primary(); ok {
+		_spec.SetField(attachment.FieldPrimary, field.TypeBool, value)
+	}
 	if auo.mutation.ItemCleared() {
 		edge := &sqlgraph.EdgeSpec{
 			Rel:     sqlgraph.M2O,

backend/internal/data/ent/authroles.go

@@ -6,6 +6,7 @@ import (
 	"fmt"
 	"strings"
 
+	"entgo.io/ent"
 	"entgo.io/ent/dialect/sql"
 	"github.com/google/uuid"
 	"github.com/hay-kot/homebox/backend/internal/data/ent/authroles"
@@ -23,6 +24,7 @@ type AuthRoles struct {
 	// The values are being populated by the AuthRolesQuery when eager-loading is set.
 	Edges             AuthRolesEdges `json:"edges"`
 	auth_tokens_roles *uuid.UUID
+	selectValues      sql.SelectValues
 }
 
 // AuthRolesEdges holds the relations/edges for other nodes in the graph.
@@ -59,7 +61,7 @@ func (*AuthRoles) scanValues(columns []string) ([]any, error) {
 		case authroles.ForeignKeys[0]: // auth_tokens_roles
 			values[i] = &sql.NullScanner{S: new(uuid.UUID)}
 		default:
-			return nil, fmt.Errorf("unexpected column %q for type AuthRoles", columns[i])
+			values[i] = new(sql.UnknownType)
 		}
 	}
 	return values, nil
@@ -92,11 +94,19 @@ func (ar *AuthRoles) assignValues(columns []string, values []any) error {
 				ar.auth_tokens_roles = new(uuid.UUID)
 				*ar.auth_tokens_roles = *value.S.(*uuid.UUID)
 			}
+		default:
+			ar.selectValues.Set(columns[i], values[i])
 		}
 	}
 	return nil
 }
 
+// Value returns the ent.Value that was dynamically selected and assigned to the AuthRoles.
+// This includes values selected through modifiers, order, etc.
+func (ar *AuthRoles) Value(name string) (ent.Value, error) {
+	return ar.selectValues.Get(name)
+}
+
 // QueryToken queries the "token" edge of the AuthRoles entity.
 func (ar *AuthRoles) QueryToken() *AuthTokensQuery {
 	return NewAuthRolesClient(ar.config).QueryToken(ar)

backend/internal/data/ent/authroles/authroles.go

@@ -4,6 +4,9 @@ package authroles
 
 import (
 	"fmt"
+
+	"entgo.io/ent/dialect/sql"
+	"entgo.io/ent/dialect/sql/sqlgraph"
 )
 
 const (
@@ -79,3 +82,30 @@ func RoleValidator(r Role) error {
 		return fmt.Errorf("authroles: invalid enum value for role field: %q", r)
 	}
 }
+
+// OrderOption defines the ordering options for the AuthRoles queries.
+type OrderOption func(*sql.Selector)
+
+// ByID orders the results by the id field.
+func ByID(opts ...sql.OrderTermOption) OrderOption {
+	return sql.OrderByField(FieldID, opts...).ToFunc()
+}
+
+// ByRole orders the results by the role field.
+func ByRole(opts ...sql.OrderTermOption) OrderOption {
+	return sql.OrderByField(FieldRole, opts...).ToFunc()
+}
+
+// ByTokenField orders the results by token field.
+func ByTokenField(field string, opts ...sql.OrderTermOption) OrderOption {
+	return func(s *sql.Selector) {
+		sqlgraph.OrderByNeighborTerms(s, newTokenStep(), sql.OrderByField(field, opts...))
+	}
+}
+func newTokenStep() *sqlgraph.Step {
+	return sqlgraph.NewStep(
+		sqlgraph.From(Table, FieldID),
+		sqlgraph.To(TokenInverseTable, FieldID),
+		sqlgraph.Edge(sqlgraph.O2O, true, TokenTable, TokenColumn),
+	)
+}

backend/internal/data/ent/authroles/where.go

@@ -87,11 +87,7 @@ func HasToken() predicate.AuthRoles {
 // HasTokenWith applies the HasEdge predicate on the "token" edge with a given conditions (other predicates).
 func HasTokenWith(preds ...predicate.AuthTokens) predicate.AuthRoles {
 	return predicate.AuthRoles(func(s *sql.Selector) {
-		step := sqlgraph.NewStep(
-			sqlgraph.From(Table, FieldID),
-			sqlgraph.To(TokenInverseTable, FieldID),
-			sqlgraph.Edge(sqlgraph.O2O, true, TokenTable, TokenColumn),
-		)
+		step := newTokenStep()
 		sqlgraph.HasNeighborsWith(s, step, func(s *sql.Selector) {
 			for _, p := range preds {
 				p(s)
@@ -102,32 +98,15 @@ func HasTokenWith(preds ...predicate.AuthTokens) predicate.AuthRoles {
 
 // And groups predicates with the AND operator between them.
 func And(predicates ...predicate.AuthRoles) predicate.AuthRoles {
-	return predicate.AuthRoles(func(s *sql.Selector) {
-		s1 := s.Clone().SetP(nil)
-		for _, p := range predicates {
-			p(s1)
-		}
-		s.Where(s1.P())
-	})
+	return predicate.AuthRoles(sql.AndPredicates(predicates...))
 }
 
 // Or groups predicates with the OR operator between them.
 func Or(predicates ...predicate.AuthRoles) predicate.AuthRoles {
-	return predicate.AuthRoles(func(s *sql.Selector) {
-		s1 := s.Clone().SetP(nil)
-		for i, p := range predicates {
-			if i > 0 {
-				s1.Or()
-			}
-			p(s1)
-		}
-		s.Where(s1.P())
-	})
+	return predicate.AuthRoles(sql.OrPredicates(predicates...))
 }
 
 // Not applies the not operator on the given predicate.
 func Not(p predicate.AuthRoles) predicate.AuthRoles {
-	return predicate.AuthRoles(func(s *sql.Selector) {
-		p(s.Not())
-	})
+	return predicate.AuthRoles(sql.NotPredicates(p))
 }

backend/internal/data/ent/authroles_create.go

@@ -62,7 +62,7 @@ func (arc *AuthRolesCreate) Mutation() *AuthRolesMutation {
 // Save creates the AuthRoles in the database.
 func (arc *AuthRolesCreate) Save(ctx context.Context) (*AuthRoles, error) {
 	arc.defaults()
-	return withHooks[*AuthRoles, AuthRolesMutation](ctx, arc.sqlSave, arc.mutation, arc.hooks)
+	return withHooks(ctx, arc.sqlSave, arc.mutation, arc.hooks)
 }
 
 // SaveX calls Save and panics if Save returns an error.
@@ -158,11 +158,15 @@ func (arc *AuthRolesCreate) createSpec() (*AuthRoles, *sqlgraph.CreateSpec) {
 // AuthRolesCreateBulk is the builder for creating many AuthRoles entities in bulk.
 type AuthRolesCreateBulk struct {
 	config
+	err      error
 	builders []*AuthRolesCreate
 }
 
 // Save creates the AuthRoles entities in the database.
 func (arcb *AuthRolesCreateBulk) Save(ctx context.Context) ([]*AuthRoles, error) {
+	if arcb.err != nil {
+		return nil, arcb.err
+	}
 	specs := make([]*sqlgraph.CreateSpec, len(arcb.builders))
 	nodes := make([]*AuthRoles, len(arcb.builders))
 	mutators := make([]Mutator, len(arcb.builders))
@@ -179,8 +183,8 @@ func (arcb *AuthRolesCreateBulk) Save(ctx context.Context) ([]*AuthRoles, error)
 					return nil, err
 				}
 				builder.mutation = mutation
-				nodes[i], specs[i] = builder.createSpec()
 				var err error
+				nodes[i], specs[i] = builder.createSpec()
 				if i < len(mutators)-1 {
 					_, err = mutators[i+1].Mutate(root, arcb.builders[i+1].mutation)
 				} else {

backend/internal/data/ent/authroles_delete.go

@@ -27,7 +27,7 @@ func (ard *AuthRolesDelete) Where(ps ...predicate.AuthRoles) *AuthRolesDelete {
 
 // Exec executes the deletion query and returns how many vertices were deleted.
 func (ard *AuthRolesDelete) Exec(ctx context.Context) (int, error) {
-	return withHooks[int, AuthRolesMutation](ctx, ard.sqlExec, ard.mutation, ard.hooks)
+	return withHooks(ctx, ard.sqlExec, ard.mutation, ard.hooks)
 }
 
 // ExecX is like Exec, but panics if an error occurs.

backend/internal/data/ent/authroles_query.go

@@ -20,7 +20,7 @@ import (
 type AuthRolesQuery struct {
 	config
 	ctx        *QueryContext
-	order      []OrderFunc
+	order      []authroles.OrderOption
 	inters     []Interceptor
 	predicates []predicate.AuthRoles
 	withToken  *AuthTokensQuery
@@ -56,7 +56,7 @@ func (arq *AuthRolesQuery) Unique(unique bool) *AuthRolesQuery {
 }
 
 // Order specifies how the records should be ordered.
-func (arq *AuthRolesQuery) Order(o ...OrderFunc) *AuthRolesQuery {
+func (arq *AuthRolesQuery) Order(o ...authroles.OrderOption) *AuthRolesQuery {
 	arq.order = append(arq.order, o...)
 	return arq
 }
@@ -272,7 +272,7 @@ func (arq *AuthRolesQuery) Clone() *AuthRolesQuery {
 	return &AuthRolesQuery{
 		config:     arq.config,
 		ctx:        arq.ctx.Clone(),
-		order:      append([]OrderFunc{}, arq.order...),
+		order:      append([]authroles.OrderOption{}, arq.order...),
 		inters:     append([]Interceptor{}, arq.inters...),
 		predicates: append([]predicate.AuthRoles{}, arq.predicates...),
 		withToken:  arq.withToken.Clone(),

backend/internal/data/ent/authroles_update.go

@@ -75,7 +75,7 @@ func (aru *AuthRolesUpdate) ClearToken() *AuthRolesUpdate {
 
 // Save executes the query and returns the number of nodes affected by the update operation.
 func (aru *AuthRolesUpdate) Save(ctx context.Context) (int, error) {
-	return withHooks[int, AuthRolesMutation](ctx, aru.sqlSave, aru.mutation, aru.hooks)
+	return withHooks(ctx, aru.sqlSave, aru.mutation, aru.hooks)
 }
 
 // SaveX is like Save, but panics if an error occurs.
@@ -233,7 +233,7 @@ func (aruo *AuthRolesUpdateOne) Select(field string, fields ...string) *AuthRole
 
 // Save executes the query and returns the updated AuthRoles entity.
 func (aruo *AuthRolesUpdateOne) Save(ctx context.Context) (*AuthRoles, error) {
-	return withHooks[*AuthRoles, AuthRolesMutation](ctx, aruo.sqlSave, aruo.mutation, aruo.hooks)
+	return withHooks(ctx, aruo.sqlSave, aruo.mutation, aruo.hooks)
 }
 
 // SaveX is like Save, but panics if an error occurs.

backend/internal/data/ent/authtokens.go

@@ -7,6 +7,7 @@ import (
 	"strings"
 	"time"
 
+	"entgo.io/ent"
 	"entgo.io/ent/dialect/sql"
 	"github.com/google/uuid"
 	"github.com/hay-kot/homebox/backend/internal/data/ent/authroles"
@@ -31,6 +32,7 @@ type AuthTokens struct {
 	// The values are being populated by the AuthTokensQuery when eager-loading is set.
 	Edges            AuthTokensEdges `json:"edges"`
 	user_auth_tokens *uuid.UUID
+	selectValues     sql.SelectValues
 }
 
 // AuthTokensEdges holds the relations/edges for other nodes in the graph.
@@ -84,7 +86,7 @@ func (*AuthTokens) scanValues(columns []string) ([]any, error) {
 		case authtokens.ForeignKeys[0]: // user_auth_tokens
 			values[i] = &sql.NullScanner{S: new(uuid.UUID)}
 		default:
-			return nil, fmt.Errorf("unexpected column %q for type AuthTokens", columns[i])
+			values[i] = new(sql.UnknownType)
 		}
 	}
 	return values, nil
@@ -135,11 +137,19 @@ func (at *AuthTokens) assignValues(columns []string, values []any) error {
 				at.user_auth_tokens = new(uuid.UUID)
 				*at.user_auth_tokens = *value.S.(*uuid.UUID)
 			}
+		default:
+			at.selectValues.Set(columns[i], values[i])
 		}
 	}
 	return nil
 }
 
+// Value returns the ent.Value that was dynamically selected and assigned to the AuthTokens.
+// This includes values selected through modifiers, order, etc.
+func (at *AuthTokens) Value(name string) (ent.Value, error) {
+	return at.selectValues.Get(name)
+}
+
 // QueryUser queries the "user" edge of the AuthTokens entity.
 func (at *AuthTokens) QueryUser() *UserQuery {
 	return NewAuthTokensClient(at.config).QueryUser(at)

backend/internal/data/ent/authtokens/authtokens.go

@@ -5,6 +5,8 @@ package authtokens
 import (
 	"time"
 
+	"entgo.io/ent/dialect/sql"
+	"entgo.io/ent/dialect/sql/sqlgraph"
 	"github.com/google/uuid"
 )
 
@@ -85,3 +87,54 @@ var (
 	// DefaultID holds the default value on creation for the "id" field.
 	DefaultID func() uuid.UUID
 )
+
+// OrderOption defines the ordering options for the AuthTokens queries.
+type OrderOption func(*sql.Selector)
+
+// ByID orders the results by the id field.
+func ByID(opts ...sql.OrderTermOption) OrderOption {
+	return sql.OrderByField(FieldID, opts...).ToFunc()
+}
+
+// ByCreatedAt orders the results by the created_at field.
+func ByCreatedAt(opts ...sql.OrderTermOption) OrderOption {
+	return sql.OrderByField(FieldCreatedAt, opts...).ToFunc()
+}
+
+// ByUpdatedAt orders the results by the updated_at field.
+func ByUpdatedAt(opts ...sql.OrderTermOption) OrderOption {
+	return sql.OrderByField(FieldUpdatedAt, opts...).ToFunc()
+}
+
+// ByExpiresAt orders the results by the expires_at field.
+func ByExpiresAt(opts ...sql.OrderTermOption) OrderOption {
+	return sql.OrderByField(FieldExpiresAt, opts...).ToFunc()
+}
+
+// ByUserField orders the results by user field.
+func ByUserField(field string, opts ...sql.OrderTermOption) OrderOption {
+	return func(s *sql.Selector) {
+		sqlgraph.OrderByNeighborTerms(s, newUserStep(), sql.OrderByField(field, opts...))
+	}
+}
+
+// ByRolesField orders the results by roles field.
+func ByRolesField(field string, opts ...sql.OrderTermOption) OrderOption {
+	return func(s *sql.Selector) {
+		sqlgraph.OrderByNeighborTerms(s, newRolesStep(), sql.OrderByField(field, opts...))
+	}
+}
+func newUserStep() *sqlgraph.Step {
+	return sqlgraph.NewStep(
+		sqlgraph.From(Table, FieldID),
+		sqlgraph.To(UserInverseTable, FieldID),
+		sqlgraph.Edge(sqlgraph.M2O, true, UserTable, UserColumn),
+	)
+}
+func newRolesStep() *sqlgraph.Step {
+	return sqlgraph.NewStep(
+		sqlgraph.From(Table, FieldID),
+		sqlgraph.To(RolesInverseTable, FieldID),
+		sqlgraph.Edge(sqlgraph.O2O, false, RolesTable, RolesColumn),
+	)
+}

backend/internal/data/ent/authtokens/where.go

@@ -250,11 +250,7 @@ func HasUser() predicate.AuthTokens {
 // HasUserWith applies the HasEdge predicate on the "user" edge with a given conditions (other predicates).
 func HasUserWith(preds ...predicate.User) predicate.AuthTokens {
 	return predicate.AuthTokens(func(s *sql.Selector) {
-		step := sqlgraph.NewStep(
-			sqlgraph.From(Table, FieldID),
-			sqlgraph.To(UserInverseTable, FieldID),
-			sqlgraph.Edge(sqlgraph.M2O, true, UserTable, UserColumn),
-		)
+		step := newUserStep()
 		sqlgraph.HasNeighborsWith(s, step, func(s *sql.Selector) {
 			for _, p := range preds {
 				p(s)
@@ -277,11 +273,7 @@ func HasRoles() predicate.AuthTokens {
 // HasRolesWith applies the HasEdge predicate on the "roles" edge with a given conditions (other predicates).
 func HasRolesWith(preds ...predicate.AuthRoles) predicate.AuthTokens {
 	return predicate.AuthTokens(func(s *sql.Selector) {
-		step := sqlgraph.NewStep(
-			sqlgraph.From(Table, FieldID),
-			sqlgraph.To(RolesInverseTable, FieldID),
-			sqlgraph.Edge(sqlgraph.O2O, false, RolesTable, RolesColumn),
-		)
+		step := newRolesStep()
 		sqlgraph.HasNeighborsWith(s, step, func(s *sql.Selector) {
 			for _, p := range preds {
 				p(s)
@@ -292,32 +284,15 @@ func HasRolesWith(preds ...predicate.AuthRoles) predicate.AuthTokens {
 
 // And groups predicates with the AND operator between them.
 func And(predicates ...predicate.AuthTokens) predicate.AuthTokens {
-	return predicate.AuthTokens(func(s *sql.Selector) {
-		s1 := s.Clone().SetP(nil)
-		for _, p := range predicates {
-			p(s1)
-		}
-		s.Where(s1.P())
-	})
+	return predicate.AuthTokens(sql.AndPredicates(predicates...))
 }
 
 // Or groups predicates with the OR operator between them.
 func Or(predicates ...predicate.AuthTokens) predicate.AuthTokens {
-	return predicate.AuthTokens(func(s *sql.Selector) {
-		s1 := s.Clone().SetP(nil)
-		for i, p := range predicates {
-			if i > 0 {
-				s1.Or()
-			}
-			p(s1)
-		}
-		s.Where(s1.P())
-	})
+	return predicate.AuthTokens(sql.OrPredicates(predicates...))
 }
 
 // Not applies the not operator on the given predicate.
 func Not(p predicate.AuthTokens) predicate.AuthTokens {
-	return predicate.AuthTokens(func(s *sql.Selector) {
-		p(s.Not())
-	})
+	return predicate.AuthTokens(sql.NotPredicates(p))
 }

backend/internal/data/ent/authtokens_create.go

@@ -131,7 +131,7 @@ func (atc *AuthTokensCreate) Mutation() *AuthTokensMutation {
 // Save creates the AuthTokens in the database.
 func (atc *AuthTokensCreate) Save(ctx context.Context) (*AuthTokens, error) {
 	atc.defaults()
-	return withHooks[*AuthTokens, AuthTokensMutation](ctx, atc.sqlSave, atc.mutation, atc.hooks)
+	return withHooks(ctx, atc.sqlSave, atc.mutation, atc.hooks)
 }
 
 // SaveX calls Save and panics if Save returns an error.
@@ -280,11 +280,15 @@ func (atc *AuthTokensCreate) createSpec() (*AuthTokens, *sqlgraph.CreateSpec) {
 // AuthTokensCreateBulk is the builder for creating many AuthTokens entities in bulk.
 type AuthTokensCreateBulk struct {
 	config
+	err      error
 	builders []*AuthTokensCreate
 }
 
 // Save creates the AuthTokens entities in the database.
 func (atcb *AuthTokensCreateBulk) Save(ctx context.Context) ([]*AuthTokens, error) {
+	if atcb.err != nil {
+		return nil, atcb.err
+	}
 	specs := make([]*sqlgraph.CreateSpec, len(atcb.builders))
 	nodes := make([]*AuthTokens, len(atcb.builders))
 	mutators := make([]Mutator, len(atcb.builders))
@@ -301,8 +305,8 @@ func (atcb *AuthTokensCreateBulk) Save(ctx context.Context) ([]*AuthTokens, erro
 					return nil, err
 				}
 				builder.mutation = mutation
-				nodes[i], specs[i] = builder.createSpec()
 				var err error
+				nodes[i], specs[i] = builder.createSpec()
 				if i < len(mutators)-1 {
 					_, err = mutators[i+1].Mutate(root, atcb.builders[i+1].mutation)
 				} else {

backend/internal/data/ent/authtokens_delete.go

@@ -27,7 +27,7 @@ func (atd *AuthTokensDelete) Where(ps ...predicate.AuthTokens) *AuthTokensDelete
 
 // Exec executes the deletion query and returns how many vertices were deleted.
 func (atd *AuthTokensDelete) Exec(ctx context.Context) (int, error) {
-	return withHooks[int, AuthTokensMutation](ctx, atd.sqlExec, atd.mutation, atd.hooks)
+	return withHooks(ctx, atd.sqlExec, atd.mutation, atd.hooks)
 }
 
 // ExecX is like Exec, but panics if an error occurs.

backend/internal/data/ent/authtokens_query.go

@@ -22,7 +22,7 @@ import (
 type AuthTokensQuery struct {
 	config
 	ctx        *QueryContext
-	order      []OrderFunc
+	order      []authtokens.OrderOption
 	inters     []Interceptor
 	predicates []predicate.AuthTokens
 	withUser   *UserQuery
@@ -59,7 +59,7 @@ func (atq *AuthTokensQuery) Unique(unique bool) *AuthTokensQuery {
 }
 
 // Order specifies how the records should be ordered.
-func (atq *AuthTokensQuery) Order(o ...OrderFunc) *AuthTokensQuery {
+func (atq *AuthTokensQuery) Order(o ...authtokens.OrderOption) *AuthTokensQuery {
 	atq.order = append(atq.order, o...)
 	return atq
 }
@@ -297,7 +297,7 @@ func (atq *AuthTokensQuery) Clone() *AuthTokensQuery {
 	return &AuthTokensQuery{
 		config:     atq.config,
 		ctx:        atq.ctx.Clone(),
-		order:      append([]OrderFunc{}, atq.order...),
+		order:      append([]authtokens.OrderOption{}, atq.order...),
 		inters:     append([]Interceptor{}, atq.inters...),
 		predicates: append([]predicate.AuthTokens{}, atq.predicates...),
 		withUser:   atq.withUser.Clone(),
@@ -494,7 +494,7 @@ func (atq *AuthTokensQuery) loadRoles(ctx context.Context, query *AuthRolesQuery
 	}
 	query.withFKs = true
 	query.Where(predicate.AuthRoles(func(s *sql.Selector) {
-		s.Where(sql.InValues(authtokens.RolesColumn, fks...))
+		s.Where(sql.InValues(s.C(authtokens.RolesColumn), fks...))
 	}))
 	neighbors, err := query.All(ctx)
 	if err != nil {
@@ -507,7 +507,7 @@ func (atq *AuthTokensQuery) loadRoles(ctx context.Context, query *AuthRolesQuery
 		}
 		node, ok := nodeids[*fk]
 		if !ok {
-			return fmt.Errorf(`unexpected foreign-key "auth_tokens_roles" returned %v for node %v`, *fk, n.ID)
+			return fmt.Errorf(`unexpected referenced foreign-key "auth_tokens_roles" returned %v for node %v`, *fk, n.ID)
 		}
 		assign(node, n)
 	}

backend/internal/data/ent/authtokens_update.go

@@ -115,7 +115,7 @@ func (atu *AuthTokensUpdate) ClearRoles() *AuthTokensUpdate {
 // Save executes the query and returns the number of nodes affected by the update operation.
 func (atu *AuthTokensUpdate) Save(ctx context.Context) (int, error) {
 	atu.defaults()
-	return withHooks[int, AuthTokensMutation](ctx, atu.sqlSave, atu.mutation, atu.hooks)
+	return withHooks(ctx, atu.sqlSave, atu.mutation, atu.hooks)
 }
 
 // SaveX is like Save, but panics if an error occurs.
@@ -341,7 +341,7 @@ func (atuo *AuthTokensUpdateOne) Select(field string, fields ...string) *AuthTok
 // Save executes the query and returns the updated AuthTokens entity.
 func (atuo *AuthTokensUpdateOne) Save(ctx context.Context) (*AuthTokens, error) {
 	atuo.defaults()
-	return withHooks[*AuthTokens, AuthTokensMutation](ctx, atuo.sqlSave, atuo.mutation, atuo.hooks)
+	return withHooks(ctx, atuo.sqlSave, atuo.mutation, atuo.hooks)
 }
 
 // SaveX is like Save, but panics if an error occurs.

backend/internal/data/ent/client.go

@@ -7,6 +7,7 @@ import (
 	"errors"
 	"fmt"
 	"log"
+	"reflect"
 
 	"github.com/google/uuid"
 	"github.com/hay-kot/homebox/backend/internal/data/ent/migrate"
@@ -15,6 +16,7 @@ import (
 	"entgo.io/ent/dialect"
 	"entgo.io/ent/dialect/sql"
 	"entgo.io/ent/dialect/sql/sqlgraph"
+	"github.com/hay-kot/homebox/backend/internal/data/ent/actiontoken"
 	"github.com/hay-kot/homebox/backend/internal/data/ent/attachment"
 	"github.com/hay-kot/homebox/backend/internal/data/ent/authroles"
 	"github.com/hay-kot/homebox/backend/internal/data/ent/authtokens"
@@ -35,6 +37,8 @@ type Client struct {
 	config
 	// Schema is the client for creating, migrating and dropping schema.
 	Schema *migrate.Schema
+	// ActionToken is the client for interacting with the ActionToken builders.
+	ActionToken *ActionTokenClient
 	// Attachment is the client for interacting with the Attachment builders.
 	Attachment *AttachmentClient
 	// AuthRoles is the client for interacting with the AuthRoles builders.
@@ -65,15 +69,14 @@ type Client struct {
 
 // NewClient creates a new client configured with the given options.
 func NewClient(opts ...Option) *Client {
-	cfg := config{log: log.Println, hooks: &hooks{}, inters: &inters{}}
-	cfg.options(opts...)
-	client := &Client{config: cfg}
+	client := &Client{config: newConfig(opts...)}
 	client.init()
 	return client
 }
 
 func (c *Client) init() {
 	c.Schema = migrate.NewSchema(c.driver)
+	c.ActionToken = NewActionTokenClient(c.config)
 	c.Attachment = NewAttachmentClient(c.config)
 	c.AuthRoles = NewAuthRolesClient(c.config)
 	c.AuthTokens = NewAuthTokensClient(c.config)
@@ -107,6 +110,13 @@ type (
 	Option func(*config)
 )
 
+// newConfig creates a new config for the client.
+func newConfig(opts ...Option) config {
+	cfg := config{log: log.Println, hooks: &hooks{}, inters: &inters{}}
+	cfg.options(opts...)
+	return cfg
+}
+
 // options applies the options on the config object.
 func (c *config) options(opts ...Option) {
 	for _, opt := range opts {
@@ -154,11 +164,14 @@ func Open(driverName, dataSourceName string, options ...Option) (*Client, error)
 	}
 }
 
+// ErrTxStarted is returned when trying to start a new transaction from a transactional client.
+var ErrTxStarted = errors.New("ent: cannot start a transaction within a transaction")
+
 // Tx returns a new transactional client. The provided context
 // is used until the transaction is committed or rolled back.
 func (c *Client) Tx(ctx context.Context) (*Tx, error) {
 	if _, ok := c.driver.(*txDriver); ok {
-		return nil, errors.New("ent: cannot start a transaction within a transaction")
+		return nil, ErrTxStarted
 	}
 	tx, err := newTx(ctx, c.driver)
 	if err != nil {
@@ -169,6 +182,7 @@ func (c *Client) Tx(ctx context.Context) (*Tx, error) {
 	return &Tx{
 		ctx:                  ctx,
 		config:               cfg,
+		ActionToken:          NewActionTokenClient(cfg),
 		Attachment:           NewAttachmentClient(cfg),
 		AuthRoles:            NewAuthRolesClient(cfg),
 		AuthTokens:           NewAuthTokensClient(cfg),
@@ -201,6 +215,7 @@ func (c *Client) BeginTx(ctx context.Context, opts *sql.TxOptions) (*Tx, error)
 	return &Tx{
 		ctx:                  ctx,
 		config:               cfg,
+		ActionToken:          NewActionTokenClient(cfg),
 		Attachment:           NewAttachmentClient(cfg),
 		AuthRoles:            NewAuthRolesClient(cfg),
 		AuthTokens:           NewAuthTokensClient(cfg),
@@ -220,7 +235,7 @@ func (c *Client) BeginTx(ctx context.Context, opts *sql.TxOptions) (*Tx, error)
 // Debug returns a new debug-client. It's used to get verbose logging on specific operations.
 //
 //	client.Debug().
-//		Attachment.
+//		ActionToken.
 //		Query().
 //		Count(ctx)
 func (c *Client) Debug() *Client {
@@ -243,7 +258,7 @@ func (c *Client) Close() error {
 // In order to add hooks to a specific client, call: `client.Node.Use(...)`.
 func (c *Client) Use(hooks ...Hook) {
 	for _, n := range []interface{ Use(...Hook) }{
-		c.Attachment, c.AuthRoles, c.AuthTokens, c.Document, c.Group,
+		c.ActionToken, c.Attachment, c.AuthRoles, c.AuthTokens, c.Document, c.Group,
 		c.GroupInvitationToken, c.Item, c.ItemField, c.Label, c.Location,
 		c.MaintenanceEntry, c.Notifier, c.User,
 	} {
@@ -255,7 +270,7 @@ func (c *Client) Use(hooks ...Hook) {
 // In order to add interceptors to a specific client, call: `client.Node.Intercept(...)`.
 func (c *Client) Intercept(interceptors ...Interceptor) {
 	for _, n := range []interface{ Intercept(...Interceptor) }{
-		c.Attachment, c.AuthRoles, c.AuthTokens, c.Document, c.Group,
+		c.ActionToken, c.Attachment, c.AuthRoles, c.AuthTokens, c.Document, c.Group,
 		c.GroupInvitationToken, c.Item, c.ItemField, c.Label, c.Location,
 		c.MaintenanceEntry, c.Notifier, c.User,
 	} {
@@ -266,6 +281,8 @@ func (c *Client) Intercept(interceptors ...Interceptor) {
 // Mutate implements the ent.Mutator interface.
 func (c *Client) Mutate(ctx context.Context, m Mutation) (Value, error) {
 	switch m := m.(type) {
+	case *ActionTokenMutation:
+		return c.ActionToken.mutate(ctx, m)
 	case *AttachmentMutation:
 		return c.Attachment.mutate(ctx, m)
 	case *AuthRolesMutation:
@@ -297,6 +314,155 @@ func (c *Client) Mutate(ctx context.Context, m Mutation) (Value, error) {
 	}
 }
 
+// ActionTokenClient is a client for the ActionToken schema.
+type ActionTokenClient struct {
+	config
+}
+
+// NewActionTokenClient returns a client for the ActionToken from the given config.
+func NewActionTokenClient(c config) *ActionTokenClient {
+	return &ActionTokenClient{config: c}
+}
+
+// Use adds a list of mutation hooks to the hooks stack.
+// A call to `Use(f, g, h)` equals to `actiontoken.Hooks(f(g(h())))`.
+func (c *ActionTokenClient) Use(hooks ...Hook) {
+	c.hooks.ActionToken = append(c.hooks.ActionToken, hooks...)
+}
+
+// Intercept adds a list of query interceptors to the interceptors stack.
+// A call to `Intercept(f, g, h)` equals to `actiontoken.Intercept(f(g(h())))`.
+func (c *ActionTokenClient) Intercept(interceptors ...Interceptor) {
+	c.inters.ActionToken = append(c.inters.ActionToken, interceptors...)
+}
+
+// Create returns a builder for creating a ActionToken entity.
+func (c *ActionTokenClient) Create() *ActionTokenCreate {
+	mutation := newActionTokenMutation(c.config, OpCreate)
+	return &ActionTokenCreate{config: c.config, hooks: c.Hooks(), mutation: mutation}
+}
+
+// CreateBulk returns a builder for creating a bulk of ActionToken entities.
+func (c *ActionTokenClient) CreateBulk(builders ...*ActionTokenCreate) *ActionTokenCreateBulk {
+	return &ActionTokenCreateBulk{config: c.config, builders: builders}
+}
+
+// MapCreateBulk creates a bulk creation builder from the given slice. For each item in the slice, the function creates
+// a builder and applies setFunc on it.
+func (c *ActionTokenClient) MapCreateBulk(slice any, setFunc func(*ActionTokenCreate, int)) *ActionTokenCreateBulk {
+	rv := reflect.ValueOf(slice)
+	if rv.Kind() != reflect.Slice {
+		return &ActionTokenCreateBulk{err: fmt.Errorf("calling to ActionTokenClient.MapCreateBulk with wrong type %T, need slice", slice)}
+	}
+	builders := make([]*ActionTokenCreate, rv.Len())
+	for i := 0; i < rv.Len(); i++ {
+		builders[i] = c.Create()
+		setFunc(builders[i], i)
+	}
+	return &ActionTokenCreateBulk{config: c.config, builders: builders}
+}
+
+// Update returns an update builder for ActionToken.
+func (c *ActionTokenClient) Update() *ActionTokenUpdate {
+	mutation := newActionTokenMutation(c.config, OpUpdate)
+	return &ActionTokenUpdate{config: c.config, hooks: c.Hooks(), mutation: mutation}
+}
+
+// UpdateOne returns an update builder for the given entity.
+func (c *ActionTokenClient) UpdateOne(at *ActionToken) *ActionTokenUpdateOne {
+	mutation := newActionTokenMutation(c.config, OpUpdateOne, withActionToken(at))
+	return &ActionTokenUpdateOne{config: c.config, hooks: c.Hooks(), mutation: mutation}
+}
+
+// UpdateOneID returns an update builder for the given id.
+func (c *ActionTokenClient) UpdateOneID(id uuid.UUID) *ActionTokenUpdateOne {
+	mutation := newActionTokenMutation(c.config, OpUpdateOne, withActionTokenID(id))
+	return &ActionTokenUpdateOne{config: c.config, hooks: c.Hooks(), mutation: mutation}
+}
+
+// Delete returns a delete builder for ActionToken.
+func (c *ActionTokenClient) Delete() *ActionTokenDelete {
+	mutation := newActionTokenMutation(c.config, OpDelete)
+	return &ActionTokenDelete{config: c.config, hooks: c.Hooks(), mutation: mutation}
+}
+
+// DeleteOne returns a builder for deleting the given entity.
+func (c *ActionTokenClient) DeleteOne(at *ActionToken) *ActionTokenDeleteOne {
+	return c.DeleteOneID(at.ID)
+}
+
+// DeleteOneID returns a builder for deleting the given entity by its id.
+func (c *ActionTokenClient) DeleteOneID(id uuid.UUID) *ActionTokenDeleteOne {
+	builder := c.Delete().Where(actiontoken.ID(id))
+	builder.mutation.id = &id
+	builder.mutation.op = OpDeleteOne
+	return &ActionTokenDeleteOne{builder}
+}
+
+// Query returns a query builder for ActionToken.
+func (c *ActionTokenClient) Query() *ActionTokenQuery {
+	return &ActionTokenQuery{
+		config: c.config,
+		ctx:    &QueryContext{Type: TypeActionToken},
+		inters: c.Interceptors(),
+	}
+}
+
+// Get returns a ActionToken entity by its id.
+func (c *ActionTokenClient) Get(ctx context.Context, id uuid.UUID) (*ActionToken, error) {
+	return c.Query().Where(actiontoken.ID(id)).Only(ctx)
+}
+
+// GetX is like Get, but panics if an error occurs.
+func (c *ActionTokenClient) GetX(ctx context.Context, id uuid.UUID) *ActionToken {
+	obj, err := c.Get(ctx, id)
+	if err != nil {
+		panic(err)
+	}
+	return obj
+}
+
+// QueryUser queries the user edge of a ActionToken.
+func (c *ActionTokenClient) QueryUser(at *ActionToken) *UserQuery {
+	query := (&UserClient{config: c.config}).Query()
+	query.path = func(context.Context) (fromV *sql.Selector, _ error) {
+		id := at.ID
+		step := sqlgraph.NewStep(
+			sqlgraph.From(actiontoken.Table, actiontoken.FieldID, id),
+			sqlgraph.To(user.Table, user.FieldID),
+			sqlgraph.Edge(sqlgraph.M2O, true, actiontoken.UserTable, actiontoken.UserColumn),
+		)
+		fromV = sqlgraph.Neighbors(at.driver.Dialect(), step)
+		return fromV, nil
+	}
+	return query
+}
+
+// Hooks returns the client hooks.
+func (c *ActionTokenClient) Hooks() []Hook {
+	return c.hooks.ActionToken
+}
+
+// Interceptors returns the client interceptors.
+func (c *ActionTokenClient) Interceptors() []Interceptor {
+	return c.inters.ActionToken
+}
+
+func (c *ActionTokenClient) mutate(ctx context.Context, m *ActionTokenMutation) (Value, error) {
+	switch m.Op() {
+	case OpCreate:
+		return (&ActionTokenCreate{config: c.config, hooks: c.Hooks(), mutation: m}).Save(ctx)
+	case OpUpdate:
+		return (&ActionTokenUpdate{config: c.config, hooks: c.Hooks(), mutation: m}).Save(ctx)
+	case OpUpdateOne:
+		return (&ActionTokenUpdateOne{config: c.config, hooks: c.Hooks(), mutation: m}).Save(ctx)
+	case OpDelete, OpDeleteOne:
+		return (&ActionTokenDelete{config: c.config, hooks: c.Hooks(), mutation: m}).Exec(ctx)
+	default:
+		return nil, fmt.Errorf("ent: unknown ActionToken mutation op: %q", m.Op())
+	}
+}
+
 // AttachmentClient is a client for the Attachment schema.
 type AttachmentClient struct {
 	config
@@ -330,6 +496,21 @@ func (c *AttachmentClient) CreateBulk(builders ...*AttachmentCreate) *Attachment
 	return &AttachmentCreateBulk{config: c.config, builders: builders}
 }
 
+// MapCreateBulk creates a bulk creation builder from the given slice. For each item in the slice, the function creates
+// a builder and applies setFunc on it.
+func (c *AttachmentClient) MapCreateBulk(slice any, setFunc func(*AttachmentCreate, int)) *AttachmentCreateBulk {
+	rv := reflect.ValueOf(slice)
+	if rv.Kind() != reflect.Slice {
+		return &AttachmentCreateBulk{err: fmt.Errorf("calling to AttachmentClient.MapCreateBulk with wrong type %T, need slice", slice)}
+	}
+	builders := make([]*AttachmentCreate, rv.Len())
+	for i := 0; i < rv.Len(); i++ {
+		builders[i] = c.Create()
+		setFunc(builders[i], i)
+	}
+	return &AttachmentCreateBulk{config: c.config, builders: builders}
+}
+
 // Update returns an update builder for Attachment.
 func (c *AttachmentClient) Update() *AttachmentUpdate {
 	mutation := newAttachmentMutation(c.config, OpUpdate)
@@ -480,6 +661,21 @@ func (c *AuthRolesClient) CreateBulk(builders ...*AuthRolesCreate) *AuthRolesCre
 	return &AuthRolesCreateBulk{config: c.config, builders: builders}
 }
 
+// MapCreateBulk creates a bulk creation builder from the given slice. For each item in the slice, the function creates
+// a builder and applies setFunc on it.
+func (c *AuthRolesClient) MapCreateBulk(slice any, setFunc func(*AuthRolesCreate, int)) *AuthRolesCreateBulk {
+	rv := reflect.ValueOf(slice)
+	if rv.Kind() != reflect.Slice {
+		return &AuthRolesCreateBulk{err: fmt.Errorf("calling to AuthRolesClient.MapCreateBulk with wrong type %T, need slice", slice)}
+	}
+	builders := make([]*AuthRolesCreate, rv.Len())
+	for i := 0; i < rv.Len(); i++ {
+		builders[i] = c.Create()
+		setFunc(builders[i], i)
+	}
+	return &AuthRolesCreateBulk{config: c.config, builders: builders}
+}
+
 // Update returns an update builder for AuthRoles.
 func (c *AuthRolesClient) Update() *AuthRolesUpdate {
 	mutation := newAuthRolesMutation(c.config, OpUpdate)
@@ -614,6 +810,21 @@ func (c *AuthTokensClient) CreateBulk(builders ...*AuthTokensCreate) *AuthTokens
 	return &AuthTokensCreateBulk{config: c.config, builders: builders}
 }
 
+// MapCreateBulk creates a bulk creation builder from the given slice. For each item in the slice, the function creates
+// a builder and applies setFunc on it.
+func (c *AuthTokensClient) MapCreateBulk(slice any, setFunc func(*AuthTokensCreate, int)) *AuthTokensCreateBulk {
+	rv := reflect.ValueOf(slice)
+	if rv.Kind() != reflect.Slice {
+		return &AuthTokensCreateBulk{err: fmt.Errorf("calling to AuthTokensClient.MapCreateBulk with wrong type %T, need slice", slice)}
+	}
+	builders := make([]*AuthTokensCreate, rv.Len())
+	for i := 0; i < rv.Len(); i++ {
+		builders[i] = c.Create()
+		setFunc(builders[i], i)
+	}
+	return &AuthTokensCreateBulk{config: c.config, builders: builders}
+}
+
 // Update returns an update builder for AuthTokens.
 func (c *AuthTokensClient) Update() *AuthTokensUpdate {
 	mutation := newAuthTokensMutation(c.config, OpUpdate)
@@ -764,6 +975,21 @@ func (c *DocumentClient) CreateBulk(builders ...*DocumentCreate) *DocumentCreate
 	return &DocumentCreateBulk{config: c.config, builders: builders}
 }
 
+// MapCreateBulk creates a bulk creation builder from the given slice. For each item in the slice, the function creates
+// a builder and applies setFunc on it.
+func (c *DocumentClient) MapCreateBulk(slice any, setFunc func(*DocumentCreate, int)) *DocumentCreateBulk {
+	rv := reflect.ValueOf(slice)
+	if rv.Kind() != reflect.Slice {
+		return &DocumentCreateBulk{err: fmt.Errorf("calling to DocumentClient.MapCreateBulk with wrong type %T, need slice", slice)}
+	}
+	builders := make([]*DocumentCreate, rv.Len())
+	for i := 0; i < rv.Len(); i++ {
+		builders[i] = c.Create()
+		setFunc(builders[i], i)
+	}
+	return &DocumentCreateBulk{config: c.config, builders: builders}
+}
+
 // Update returns an update builder for Document.
 func (c *DocumentClient) Update() *DocumentUpdate {
 	mutation := newDocumentMutation(c.config, OpUpdate)
@@ -914,6 +1140,21 @@ func (c *GroupClient) CreateBulk(builders ...*GroupCreate) *GroupCreateBulk {
 	return &GroupCreateBulk{config: c.config, builders: builders}
 }
 
+// MapCreateBulk creates a bulk creation builder from the given slice. For each item in the slice, the function creates
+// a builder and applies setFunc on it.
+func (c *GroupClient) MapCreateBulk(slice any, setFunc func(*GroupCreate, int)) *GroupCreateBulk {
+	rv := reflect.ValueOf(slice)
+	if rv.Kind() != reflect.Slice {
+		return &GroupCreateBulk{err: fmt.Errorf("calling to GroupClient.MapCreateBulk with wrong type %T, need slice", slice)}
+	}
+	builders := make([]*GroupCreate, rv.Len())
+	for i := 0; i < rv.Len(); i++ {
+		builders[i] = c.Create()
+		setFunc(builders[i], i)
+	}
+	return &GroupCreateBulk{config: c.config, builders: builders}
+}
+
 // Update returns an update builder for Group.
 func (c *GroupClient) Update() *GroupUpdate {
 	mutation := newGroupMutation(c.config, OpUpdate)
@@ -1144,6 +1385,21 @@ func (c *GroupInvitationTokenClient) CreateBulk(builders ...*GroupInvitationToke
 	return &GroupInvitationTokenCreateBulk{config: c.config, builders: builders}
 }
 
+// MapCreateBulk creates a bulk creation builder from the given slice. For each item in the slice, the function creates
+// a builder and applies setFunc on it.
+func (c *GroupInvitationTokenClient) MapCreateBulk(slice any, setFunc func(*GroupInvitationTokenCreate, int)) *GroupInvitationTokenCreateBulk {
+	rv := reflect.ValueOf(slice)
+	if rv.Kind() != reflect.Slice {
+		return &GroupInvitationTokenCreateBulk{err: fmt.Errorf("calling to GroupInvitationTokenClient.MapCreateBulk with wrong type %T, need slice", slice)}
+	}
+	builders := make([]*GroupInvitationTokenCreate, rv.Len())
+	for i := 0; i < rv.Len(); i++ {
+		builders[i] = c.Create()
+		setFunc(builders[i], i)
+	}
+	return &GroupInvitationTokenCreateBulk{config: c.config, builders: builders}
+}
+
 // Update returns an update builder for GroupInvitationToken.
 func (c *GroupInvitationTokenClient) Update() *GroupInvitationTokenUpdate {
 	mutation := newGroupInvitationTokenMutation(c.config, OpUpdate)
@@ -1278,6 +1534,21 @@ func (c *ItemClient) CreateBulk(builders ...*ItemCreate) *ItemCreateBulk {
 	return &ItemCreateBulk{config: c.config, builders: builders}
 }
 
+// MapCreateBulk creates a bulk creation builder from the given slice. For each item in the slice, the function creates
+// a builder and applies setFunc on it.
+func (c *ItemClient) MapCreateBulk(slice any, setFunc func(*ItemCreate, int)) *ItemCreateBulk {
+	rv := reflect.ValueOf(slice)
+	if rv.Kind() != reflect.Slice {
+		return &ItemCreateBulk{err: fmt.Errorf("calling to ItemClient.MapCreateBulk with wrong type %T, need slice", slice)}
+	}
+	builders := make([]*ItemCreate, rv.Len())
+	for i := 0; i < rv.Len(); i++ {
+		builders[i] = c.Create()
+		setFunc(builders[i], i)
+	}
+	return &ItemCreateBulk{config: c.config, builders: builders}
+}
+
 // Update returns an update builder for Item.
 func (c *ItemClient) Update() *ItemUpdate {
 	mutation := newItemMutation(c.config, OpUpdate)
@@ -1524,6 +1795,21 @@ func (c *ItemFieldClient) CreateBulk(builders ...*ItemFieldCreate) *ItemFieldCre
 	return &ItemFieldCreateBulk{config: c.config, builders: builders}
 }
 
+// MapCreateBulk creates a bulk creation builder from the given slice. For each item in the slice, the function creates
+// a builder and applies setFunc on it.
+func (c *ItemFieldClient) MapCreateBulk(slice any, setFunc func(*ItemFieldCreate, int)) *ItemFieldCreateBulk {
+	rv := reflect.ValueOf(slice)
+	if rv.Kind() != reflect.Slice {
+		return &ItemFieldCreateBulk{err: fmt.Errorf("calling to ItemFieldClient.MapCreateBulk with wrong type %T, need slice", slice)}
+	}
+	builders := make([]*ItemFieldCreate, rv.Len())
+	for i := 0; i < rv.Len(); i++ {
+		builders[i] = c.Create()
+		setFunc(builders[i], i)
+	}
+	return &ItemFieldCreateBulk{config: c.config, builders: builders}
+}
+
 // Update returns an update builder for ItemField.
 func (c *ItemFieldClient) Update() *ItemFieldUpdate {
 	mutation := newItemFieldMutation(c.config, OpUpdate)
@@ -1658,6 +1944,21 @@ func (c *LabelClient) CreateBulk(builders ...*LabelCreate) *LabelCreateBulk {
 	return &LabelCreateBulk{config: c.config, builders: builders}
 }
 
+// MapCreateBulk creates a bulk creation builder from the given slice. For each item in the slice, the function creates
+// a builder and applies setFunc on it.
+func (c *LabelClient) MapCreateBulk(slice any, setFunc func(*LabelCreate, int)) *LabelCreateBulk {
+	rv := reflect.ValueOf(slice)
+	if rv.Kind() != reflect.Slice {
+		return &LabelCreateBulk{err: fmt.Errorf("calling to LabelClient.MapCreateBulk with wrong type %T, need slice", slice)}
+	}
+	builders := make([]*LabelCreate, rv.Len())
+	for i := 0; i < rv.Len(); i++ {
+		builders[i] = c.Create()
+		setFunc(builders[i], i)
+	}
+	return &LabelCreateBulk{config: c.config, builders: builders}
+}
+
 // Update returns an update builder for Label.
 func (c *LabelClient) Update() *LabelUpdate {
 	mutation := newLabelMutation(c.config, OpUpdate)
@@ -1808,6 +2109,21 @@ func (c *LocationClient) CreateBulk(builders ...*LocationCreate) *LocationCreate
 	return &LocationCreateBulk{config: c.config, builders: builders}
 }
 
+// MapCreateBulk creates a bulk creation builder from the given slice. For each item in the slice, the function creates
+// a builder and applies setFunc on it.
+func (c *LocationClient) MapCreateBulk(slice any, setFunc func(*LocationCreate, int)) *LocationCreateBulk {
+	rv := reflect.ValueOf(slice)
+	if rv.Kind() != reflect.Slice {
+		return &LocationCreateBulk{err: fmt.Errorf("calling to LocationClient.MapCreateBulk with wrong type %T, need slice", slice)}
+	}
+	builders := make([]*LocationCreate, rv.Len())
+	for i := 0; i < rv.Len(); i++ {
+		builders[i] = c.Create()
+		setFunc(builders[i], i)
+	}
+	return &LocationCreateBulk{config: c.config, builders: builders}
+}
+
 // Update returns an update builder for Location.
 func (c *LocationClient) Update() *LocationUpdate {
 	mutation := newLocationMutation(c.config, OpUpdate)
@@ -1990,6 +2306,21 @@ func (c *MaintenanceEntryClient) CreateBulk(builders ...*MaintenanceEntryCreate)
 	return &MaintenanceEntryCreateBulk{config: c.config, builders: builders}
 }
 
+// MapCreateBulk creates a bulk creation builder from the given slice. For each item in the slice, the function creates
+// a builder and applies setFunc on it.
+func (c *MaintenanceEntryClient) MapCreateBulk(slice any, setFunc func(*MaintenanceEntryCreate, int)) *MaintenanceEntryCreateBulk {
+	rv := reflect.ValueOf(slice)
+	if rv.Kind() != reflect.Slice {
+		return &MaintenanceEntryCreateBulk{err: fmt.Errorf("calling to MaintenanceEntryClient.MapCreateBulk with wrong type %T, need slice", slice)}
+	}
+	builders := make([]*MaintenanceEntryCreate, rv.Len())
+	for i := 0; i < rv.Len(); i++ {
+		builders[i] = c.Create()
+		setFunc(builders[i], i)
+	}
+	return &MaintenanceEntryCreateBulk{config: c.config, builders: builders}
+}
+
 // Update returns an update builder for MaintenanceEntry.
 func (c *MaintenanceEntryClient) Update() *MaintenanceEntryUpdate {
 	mutation := newMaintenanceEntryMutation(c.config, OpUpdate)
@@ -2124,6 +2455,21 @@ func (c *NotifierClient) CreateBulk(builders ...*NotifierCreate) *NotifierCreate
 	return &NotifierCreateBulk{config: c.config, builders: builders}
 }
 
+// MapCreateBulk creates a bulk creation builder from the given slice. For each item in the slice, the function creates
+// a builder and applies setFunc on it.
+func (c *NotifierClient) MapCreateBulk(slice any, setFunc func(*NotifierCreate, int)) *NotifierCreateBulk {
+	rv := reflect.ValueOf(slice)
+	if rv.Kind() != reflect.Slice {
+		return &NotifierCreateBulk{err: fmt.Errorf("calling to NotifierClient.MapCreateBulk with wrong type %T, need slice", slice)}
+	}
+	builders := make([]*NotifierCreate, rv.Len())
+	for i := 0; i < rv.Len(); i++ {
+		builders[i] = c.Create()
+		setFunc(builders[i], i)
+	}
+	return &NotifierCreateBulk{config: c.config, builders: builders}
+}
+
 // Update returns an update builder for Notifier.
 func (c *NotifierClient) Update() *NotifierUpdate {
 	mutation := newNotifierMutation(c.config, OpUpdate)
@@ -2274,6 +2620,21 @@ func (c *UserClient) CreateBulk(builders ...*UserCreate) *UserCreateBulk {
 	return &UserCreateBulk{config: c.config, builders: builders}
 }
 
+// MapCreateBulk creates a bulk creation builder from the given slice. For each item in the slice, the function creates
+// a builder and applies setFunc on it.
+func (c *UserClient) MapCreateBulk(slice any, setFunc func(*UserCreate, int)) *UserCreateBulk {
+	rv := reflect.ValueOf(slice)
+	if rv.Kind() != reflect.Slice {
+		return &UserCreateBulk{err: fmt.Errorf("calling to UserClient.MapCreateBulk with wrong type %T, need slice", slice)}
+	}
+	builders := make([]*UserCreate, rv.Len())
+	for i := 0; i < rv.Len(); i++ {
+		builders[i] = c.Create()
+		setFunc(builders[i], i)
+	}
+	return &UserCreateBulk{config: c.config, builders: builders}
+}
+
 // Update returns an update builder for User.
 func (c *UserClient) Update() *UserUpdate {
 	mutation := newUserMutation(c.config, OpUpdate)
@@ -2382,6 +2743,22 @@ func (c *UserClient) QueryNotifiers(u *User) *NotifierQuery {
 	return query
 }
 
+// QueryActionTokens queries the action_tokens edge of a User.
+func (c *UserClient) QueryActionTokens(u *User) *ActionTokenQuery {
+	query := (&ActionTokenClient{config: c.config}).Query()
+	query.path = func(context.Context) (fromV *sql.Selector, _ error) {
+		id := u.ID
+		step := sqlgraph.NewStep(
+			sqlgraph.From(user.Table, user.FieldID, id),
+			sqlgraph.To(actiontoken.Table, actiontoken.FieldID),
+			sqlgraph.Edge(sqlgraph.O2M, false, user.ActionTokensTable, user.ActionTokensColumn),
+		)
+		fromV = sqlgraph.Neighbors(u.driver.Dialect(), step)
+		return fromV, nil
+	}
+	return query
+}
+
 // Hooks returns the client hooks.
 func (c *UserClient) Hooks() []Hook {
 	return c.hooks.User
@@ -2410,11 +2787,13 @@ func (c *UserClient) mutate(ctx context.Context, m *UserMutation) (Value, error)
 // hooks and interceptors per client, for fast access.
 type (
 	hooks struct {
-		Attachment, AuthRoles, AuthTokens, Document, Group, GroupInvitationToken, Item,
-		ItemField, Label, Location, MaintenanceEntry, Notifier, User []ent.Hook
+		ActionToken, Attachment, AuthRoles, AuthTokens, Document, Group,
+		GroupInvitationToken, Item, ItemField, Label, Location, MaintenanceEntry,
+		Notifier, User []ent.Hook
 	}
 	inters struct {
-		Attachment, AuthRoles, AuthTokens, Document, Group, GroupInvitationToken, Item,
-		ItemField, Label, Location, MaintenanceEntry, Notifier, User []ent.Interceptor
+		ActionToken, Attachment, AuthRoles, AuthTokens, Document, Group,
+		GroupInvitationToken, Item, ItemField, Label, Location, MaintenanceEntry,
+		Notifier, User []ent.Interceptor
 	}
 )

backend/internal/data/ent/document.go

@@ -7,6 +7,7 @@ import (
 	"strings"
 	"time"
 
+	"entgo.io/ent"
 	"entgo.io/ent/dialect/sql"
 	"github.com/google/uuid"
 	"github.com/hay-kot/homebox/backend/internal/data/ent/document"
@@ -30,6 +31,7 @@ type Document struct {
 	// The values are being populated by the DocumentQuery when eager-loading is set.
 	Edges           DocumentEdges `json:"edges"`
 	group_documents *uuid.UUID
+	selectValues    sql.SelectValues
 }
 
 // DocumentEdges holds the relations/edges for other nodes in the graph.
@@ -79,7 +81,7 @@ func (*Document) scanValues(columns []string) ([]any, error) {
 		case document.ForeignKeys[0]: // group_documents
 			values[i] = &sql.NullScanner{S: new(uuid.UUID)}
 		default:
-			return nil, fmt.Errorf("unexpected column %q for type Document", columns[i])
+			values[i] = new(sql.UnknownType)
 		}
 	}
 	return values, nil
@@ -130,11 +132,19 @@ func (d *Document) assignValues(columns []string, values []any) error {
 				d.group_documents = new(uuid.UUID)
 				*d.group_documents = *value.S.(*uuid.UUID)
 			}
+		default:
+			d.selectValues.Set(columns[i], values[i])
 		}
 	}
 	return nil
 }
 
+// Value returns the ent.Value that was dynamically selected and assigned to the Document.
+// This includes values selected through modifiers, order, etc.
+func (d *Document) Value(name string) (ent.Value, error) {
+	return d.selectValues.Get(name)
+}
+
 // QueryGroup queries the "group" edge of the Document entity.
 func (d *Document) QueryGroup() *GroupQuery {
 	return NewDocumentClient(d.config).QueryGroup(d)

backend/internal/data/ent/document/document.go

@@ -5,6 +5,8 @@ package document
 import (
 	"time"
 
+	"entgo.io/ent/dialect/sql"
+	"entgo.io/ent/dialect/sql/sqlgraph"
 	"github.com/google/uuid"
 )
 
@@ -87,3 +89,66 @@ var (
 	// DefaultID holds the default value on creation for the "id" field.
 	DefaultID func() uuid.UUID
 )
+
+// OrderOption defines the ordering options for the Document queries.
+type OrderOption func(*sql.Selector)
+
+// ByID orders the results by the id field.
+func ByID(opts ...sql.OrderTermOption) OrderOption {
+	return sql.OrderByField(FieldID, opts...).ToFunc()
+}
+
+// ByCreatedAt orders the results by the created_at field.
+func ByCreatedAt(opts ...sql.OrderTermOption) OrderOption {
+	return sql.OrderByField(FieldCreatedAt, opts...).ToFunc()
+}
+
+// ByUpdatedAt orders the results by the updated_at field.
+func ByUpdatedAt(opts ...sql.OrderTermOption) OrderOption {
+	return sql.OrderByField(FieldUpdatedAt, opts...).ToFunc()
+}
+
+// ByTitle orders the results by the title field.
+func ByTitle(opts ...sql.OrderTermOption) OrderOption {
+	return sql.OrderByField(FieldTitle, opts...).ToFunc()
+}
+
+// ByPath orders the results by the path field.
+func ByPath(opts ...sql.OrderTermOption) OrderOption {
+	return sql.OrderByField(FieldPath, opts...).ToFunc()
+}
+
+// ByGroupField orders the results by group field.
+func ByGroupField(field string, opts ...sql.OrderTermOption) OrderOption {
+	return func(s *sql.Selector) {
+		sqlgraph.OrderByNeighborTerms(s, newGroupStep(), sql.OrderByField(field, opts...))
+	}
+}
+
+// ByAttachmentsCount orders the results by attachments count.
+func ByAttachmentsCount(opts ...sql.OrderTermOption) OrderOption {
+	return func(s *sql.Selector) {
+		sqlgraph.OrderByNeighborsCount(s, newAttachmentsStep(), opts...)
+	}
+}
+
+// ByAttachments orders the results by attachments terms.
+func ByAttachments(term sql.OrderTerm, terms ...sql.OrderTerm) OrderOption {
+	return func(s *sql.Selector) {
+		sqlgraph.OrderByNeighborTerms(s, newAttachmentsStep(), append([]sql.OrderTerm{term}, terms...)...)
+	}
+}
+func newGroupStep() *sqlgraph.Step {
+	return sqlgraph.NewStep(
+		sqlgraph.From(Table, FieldID),
+		sqlgraph.To(GroupInverseTable, FieldID),
+		sqlgraph.Edge(sqlgraph.M2O, true, GroupTable, GroupColumn),
+	)
+}
+func newAttachmentsStep() *sqlgraph.Step {
+	return sqlgraph.NewStep(
+		sqlgraph.From(Table, FieldID),
+		sqlgraph.To(AttachmentsInverseTable, FieldID),
+		sqlgraph.Edge(sqlgraph.O2M, false, AttachmentsTable, AttachmentsColumn),
+	)
+}

backend/internal/data/ent/document/where.go

@@ -300,11 +300,7 @@ func HasGroup() predicate.Document {
 // HasGroupWith applies the HasEdge predicate on the "group" edge with a given conditions (other predicates).
 func HasGroupWith(preds ...predicate.Group) predicate.Document {
 	return predicate.Document(func(s *sql.Selector) {
-		step := sqlgraph.NewStep(
-			sqlgraph.From(Table, FieldID),
-			sqlgraph.To(GroupInverseTable, FieldID),
-			sqlgraph.Edge(sqlgraph.M2O, true, GroupTable, GroupColumn),
-		)
+		step := newGroupStep()
 		sqlgraph.HasNeighborsWith(s, step, func(s *sql.Selector) {
 			for _, p := range preds {
 				p(s)
@@ -327,11 +323,7 @@ func HasAttachments() predicate.Document {
 // HasAttachmentsWith applies the HasEdge predicate on the "attachments" edge with a given conditions (other predicates).
 func HasAttachmentsWith(preds ...predicate.Attachment) predicate.Document {
 	return predicate.Document(func(s *sql.Selector) {
-		step := sqlgraph.NewStep(
-			sqlgraph.From(Table, FieldID),
-			sqlgraph.To(AttachmentsInverseTable, FieldID),
-			sqlgraph.Edge(sqlgraph.O2M, false, AttachmentsTable, AttachmentsColumn),
-		)
+		step := newAttachmentsStep()
 		sqlgraph.HasNeighborsWith(s, step, func(s *sql.Selector) {
 			for _, p := range preds {
 				p(s)
@@ -342,32 +334,15 @@ func HasAttachmentsWith(preds ...predicate.Attachment) predicate.Document {
 
 // And groups predicates with the AND operator between them.
 func And(predicates ...predicate.Document) predicate.Document {
-	return predicate.Document(func(s *sql.Selector) {
-		s1 := s.Clone().SetP(nil)
-		for _, p := range predicates {
-			p(s1)
-		}
-		s.Where(s1.P())
-	})
+	return predicate.Document(sql.AndPredicates(predicates...))
 }
 
 // Or groups predicates with the OR operator between them.
 func Or(predicates ...predicate.Document) predicate.Document {
-	return predicate.Document(func(s *sql.Selector) {
-		s1 := s.Clone().SetP(nil)
-		for i, p := range predicates {
-			if i > 0 {
-				s1.Or()
-			}
-			p(s1)
-		}
-		s.Where(s1.P())
-	})
+	return predicate.Document(sql.OrPredicates(predicates...))
 }
 
 // Not applies the not operator on the given predicate.
 func Not(p predicate.Document) predicate.Document {
-	return predicate.Document(func(s *sql.Selector) {
-		p(s.Not())
-	})
+	return predicate.Document(sql.NotPredicates(p))
 }

backend/internal/data/ent/document_create.go

@@ -111,7 +111,7 @@ func (dc *DocumentCreate) Mutation() *DocumentMutation {
 // Save creates the Document in the database.
 func (dc *DocumentCreate) Save(ctx context.Context) (*Document, error) {
 	dc.defaults()
-	return withHooks[*Document, DocumentMutation](ctx, dc.sqlSave, dc.mutation, dc.hooks)
+	return withHooks(ctx, dc.sqlSave, dc.mutation, dc.hooks)
 }
 
 // SaveX calls Save and panics if Save returns an error.
@@ -269,11 +269,15 @@ func (dc *DocumentCreate) createSpec() (*Document, *sqlgraph.CreateSpec) {
 // DocumentCreateBulk is the builder for creating many Document entities in bulk.
 type DocumentCreateBulk struct {
 	config
+	err      error
 	builders []*DocumentCreate
 }
 
 // Save creates the Document entities in the database.
 func (dcb *DocumentCreateBulk) Save(ctx context.Context) ([]*Document, error) {
+	if dcb.err != nil {
+		return nil, dcb.err
+	}
 	specs := make([]*sqlgraph.CreateSpec, len(dcb.builders))
 	nodes := make([]*Document, len(dcb.builders))
 	mutators := make([]Mutator, len(dcb.builders))
@@ -290,8 +294,8 @@ func (dcb *DocumentCreateBulk) Save(ctx context.Context) ([]*Document, error) {
 					return nil, err
 				}
 				builder.mutation = mutation
-				nodes[i], specs[i] = builder.createSpec()
 				var err error
+				nodes[i], specs[i] = builder.createSpec()
 				if i < len(mutators)-1 {
 					_, err = mutators[i+1].Mutate(root, dcb.builders[i+1].mutation)
 				} else {

backend/internal/data/ent/document_delete.go

@@ -27,7 +27,7 @@ func (dd *DocumentDelete) Where(ps ...predicate.Document) *DocumentDelete {
 
 // Exec executes the deletion query and returns how many vertices were deleted.
 func (dd *DocumentDelete) Exec(ctx context.Context) (int, error) {
-	return withHooks[int, DocumentMutation](ctx, dd.sqlExec, dd.mutation, dd.hooks)
+	return withHooks(ctx, dd.sqlExec, dd.mutation, dd.hooks)
 }
 
 // ExecX is like Exec, but panics if an error occurs.

backend/internal/data/ent/document_query.go

@@ -22,7 +22,7 @@ import (
 type DocumentQuery struct {
 	config
 	ctx             *QueryContext
-	order           []OrderFunc
+	order           []document.OrderOption
 	inters          []Interceptor
 	predicates      []predicate.Document
 	withGroup       *GroupQuery
@@ -59,7 +59,7 @@ func (dq *DocumentQuery) Unique(unique bool) *DocumentQuery {
 }
 
 // Order specifies how the records should be ordered.
-func (dq *DocumentQuery) Order(o ...OrderFunc) *DocumentQuery {
+func (dq *DocumentQuery) Order(o ...document.OrderOption) *DocumentQuery {
 	dq.order = append(dq.order, o...)
 	return dq
 }
@@ -297,7 +297,7 @@ func (dq *DocumentQuery) Clone() *DocumentQuery {
 	return &DocumentQuery{
 		config:          dq.config,
 		ctx:             dq.ctx.Clone(),
-		order:           append([]OrderFunc{}, dq.order...),
+		order:           append([]document.OrderOption{}, dq.order...),
 		inters:          append([]Interceptor{}, dq.inters...),
 		predicates:      append([]predicate.Document{}, dq.predicates...),
 		withGroup:       dq.withGroup.Clone(),
@@ -498,7 +498,7 @@ func (dq *DocumentQuery) loadAttachments(ctx context.Context, query *AttachmentQ
 	}
 	query.withFKs = true
 	query.Where(predicate.Attachment(func(s *sql.Selector) {
-		s.Where(sql.InValues(document.AttachmentsColumn, fks...))
+		s.Where(sql.InValues(s.C(document.AttachmentsColumn), fks...))
 	}))
 	neighbors, err := query.All(ctx)
 	if err != nil {
@@ -511,7 +511,7 @@ func (dq *DocumentQuery) loadAttachments(ctx context.Context, query *AttachmentQ
 		}
 		node, ok := nodeids[*fk]
 		if !ok {
-			return fmt.Errorf(`unexpected foreign-key "document_attachments" returned %v for node %v`, *fk, n.ID)
+			return fmt.Errorf(`unexpected referenced foreign-key "document_attachments" returned %v for node %v`, *fk, n.ID)
 		}
 		assign(node, n)
 	}