feat(account): #49 account page

db/account.go

@@ -8,12 +8,13 @@ import (
 	"github.com/jmoiron/sqlx"
 )
 
+// While it may be duplicated to check for groupIds in the database access, it serves as a security layer
 type Account interface {
-	Insert(account *types.Account) error
-	Update(account *types.Account) error
+	Insert(groupId uuid.UUID, account *types.Account) error
+	Update(groupId uuid.UUID, account *types.Account) error
 	GetAll(groupId uuid.UUID) ([]*types.Account, error)
 	Get(groupId uuid.UUID, id uuid.UUID) (*types.Account, error)
-	Delete(id uuid.UUID) error
+	Delete(groupId uuid.UUID, id uuid.UUID) error
 }
 
 type AccountSqlite struct {
@@ -24,11 +25,11 @@ func NewAccountSqlite(db *sqlx.DB) *AccountSqlite {
 	return &AccountSqlite{db: db}
 }
 
-func (db AccountSqlite) Insert(account *types.Account) error {
+func (db AccountSqlite) Insert(groupId uuid.UUID, account *types.Account) error {
 
 	_, err := db.db.Exec(`
 		INSERT INTO account (id, group_id, name, current_balance, oink_balance, created_at, created_by) 
-		VALUES (?,?,?,?,?,?,?)`, account.Id, account.GroupId, 0, 0, account.CreatedAt, account.CreatedBy)
+		VALUES (?,?,?,?,?,?,?)`, account.Id, groupId, account.Name, 0, 0, account.CreatedAt, account.CreatedBy)
 	if err != nil {
 		log.Error("Error inserting account: %v", err)
 		return types.ErrInternal
@@ -37,22 +38,34 @@ func (db AccountSqlite) Insert(account *types.Account) error {
 	return nil
 }
 
-func (db AccountSqlite) Update(account *types.Account) error {
+func (db AccountSqlite) Update(groupId uuid.UUID, account *types.Account) error {
 
-	_, err := db.db.Exec(`
+	log.Info("Updating account: %v", account)
+	r, err := db.db.Exec(`
 		UPDATE account 
+		SET
 			name = ?,
 			current_balance = ?,
 			last_transaction = ?,
 			oink_balance = ?,
 			updated_at = ?,
-			updated_by = ?,
+			updated_by = ?
 		WHERE id = ?
-		  AND group_id = ?`, account.Name, account.CurrentBalance, account.LastTransaction, account.OinkBalance, account.UpdatedAt, account.UpdatedBy, account.Id, account.GroupId)
+		  AND group_id = ?`, account.Name, account.CurrentBalance, account.LastTransaction, account.OinkBalance, account.UpdatedAt, account.UpdatedBy, account.Id, groupId)
 	if err != nil {
 		log.Error("Error updating account: %v", err)
 		return types.ErrInternal
 	}
+	rows, err := r.RowsAffected()
+	if err != nil {
+		log.Error("Error deleting account, getting rows affected: %v", err)
+		return types.ErrInternal
+	}
+
+	if rows == 0 {
+		log.Error("Error deleting account, rows affected: %v", rows)
+		return ErrNotFound
+	}
 
 	return nil
 }
@@ -62,7 +75,7 @@ func (db AccountSqlite) GetAll(groupId uuid.UUID) ([]*types.Account, error) {
 	accounts := make([]*types.Account, 0)
 	err := db.db.Select(&accounts, `
 		SELECT 
-			id,	name, 
+			id,	group_id, name, 
 			current_balance, last_transaction, oink_balance, 
 			created_at, created_by, updated_at, updated_by
 			FROM account 
@@ -81,7 +94,7 @@ func (db AccountSqlite) Get(groupId uuid.UUID, id uuid.UUID) (*types.Account, er
 	account := &types.Account{}
 	err := db.db.Get(account, `
 		SELECT 
-			id,	name, 
+			id,	group_id, name, 
 			current_balance, last_transaction, oink_balance, 
 			created_at, created_by, updated_at, updated_by
 			FROM account 
@@ -95,9 +108,9 @@ func (db AccountSqlite) Get(groupId uuid.UUID, id uuid.UUID) (*types.Account, er
 	return account, nil
 }
 
-func (db AccountSqlite) Delete(id uuid.UUID) error {
+func (db AccountSqlite) Delete(groupId uuid.UUID, id uuid.UUID) error {
 
-	res, err := db.db.Exec("DELETE FROM account WHERE id = ?", id)
+	res, err := db.db.Exec("DELETE FROM account WHERE id = ? and group_id = ?", id, groupId)
 	if err != nil {
 		log.Error("Error deleting account: %v", err)
 		return types.ErrInternal
@@ -110,6 +123,7 @@ func (db AccountSqlite) Delete(id uuid.UUID) error {
 	}
 
 	if rows == 0 {
+		log.Error("Error deleting account, rows affected: %v", rows)
 		return ErrNotFound
 	}
 

handler/account.go

@@ -2,11 +2,16 @@ package handler
 
 import (
 	"spend-sparrow/handler/middleware"
+	"spend-sparrow/log"
 	"spend-sparrow/service"
-	"spend-sparrow/template/account"
+	t "spend-sparrow/template/account"
+	"spend-sparrow/types"
 	"spend-sparrow/utils"
 
 	"net/http"
+
+	"github.com/a-h/templ"
+	"github.com/google/uuid"
 )
 
 type Account interface {
@@ -14,27 +19,27 @@ type Account interface {
 }
 
 type AccountImpl struct {
-	service service.Account
-	auth    service.Auth
-	render  *Render
+	s service.Account
+	a service.Auth
+	r *Render
 }
 
-func NewAccount(service service.Account, auth service.Auth, render *Render) Account {
+func NewAccount(s service.Account, a service.Auth, r *Render) Account {
 	return AccountImpl{
-		service: service,
-		auth:    auth,
-		render:  render,
+		s: s,
+		a: a,
+		r: r,
 	}
 }
 
-func (handler AccountImpl) Handle(router *http.ServeMux) {
-	router.Handle("/account", handler.handleAccountPage())
-	// router.Handle("POST /account", handler.handleAddAccount())
-	// router.Handle("GET /account", handler.handleGetAccount())
-	// router.Handle("DELETE /account/{id}", handler.handleDeleteAccount())
+func (h AccountImpl) Handle(r *http.ServeMux) {
+	r.Handle("GET /account", h.handleAccountPage())
+	r.Handle("GET /account/{id}", h.handleAccountItemComp())
+	r.Handle("POST /account/{id}", h.handleUpdateAccount())
+	r.Handle("DELETE /account/{id}", h.handleDeleteAccount())
 }
 
-func (handler AccountImpl) handleAccountPage() http.HandlerFunc {
+func (h AccountImpl) handleAccountPage() http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		user := middleware.GetUser(r)
 		if user == nil {
@@ -42,85 +47,111 @@ func (handler AccountImpl) handleAccountPage() http.HandlerFunc {
 			return
 		}
 
-		comp := account.AccountListComp(nil)
-		handler.render.RenderLayout(r, w, comp, user)
+		accounts, err := h.s.GetAll(user)
+		if err != nil {
+			utils.TriggerToastWithStatus(w, r, "error", "Internal Server Error", http.StatusInternalServerError)
+			return
+		}
+
+		comp := t.Account(accounts)
+		h.r.RenderLayout(r, w, comp, user)
 	}
 }
 
-// func (handler AccountImpl) handleAddAccount() http.HandlerFunc {
-// 	return func(w http.ResponseWriter, r *http.Request) {
-// 		user := middleware.GetUser(r)
-// 		if user == nil {
-// 			utils.DoRedirect(w, r, "/auth/signin")
-// 			return
-// 		}
-//
-// 		var dateStr = r.FormValue("date")
-// 		var typeStr = r.FormValue("type")
-// 		var setsStr = r.FormValue("sets")
-// 		var repsStr = r.FormValue("reps")
-//
-// 		wo := service.NewAccountDto("", dateStr, typeStr, setsStr, repsStr)
-// 		wo, err := handler.service.AddAccount(user, wo)
-// 		if err != nil {
-// 			utils.TriggerToast(w, r, "error", "Invalid input values", http.StatusBadRequest)
-// 			http.Error(w, "Invalid input values", http.StatusBadRequest)
-// 			return
-// 		}
-// 		wor := account.Account{Id: wo.RowId, Date: wo.Date, Type: wo.Type, Sets: wo.Sets, Reps: wo.Reps}
-//
-// 		comp := account.AccountItemComp(wor, true)
-// 		handler.render.Render(r, w, comp)
-// 	}
-// }
-//
-// func (handler AccountImpl) handleGetAccount() http.HandlerFunc {
-// 	return func(w http.ResponseWriter, r *http.Request) {
-// 		user := middleware.GetUser(r)
-// 		if user == nil {
-// 			utils.DoRedirect(w, r, "/auth/signin")
-// 			return
-// 		}
-//
-// 		workouts, err := handler.service.GetAccounts(user)
-// 		if err != nil {
-// 			return
-// 		}
-//
-// 		wos := make([]*types.Account, 0)
-// 		for _, wo := range workouts {
-// 			wos = append(wos, *types.Account{Id: wo.RowId, Date: wo.Date, Type: wo.Type, Sets: wo.Sets, Reps: wo.Reps})
-// 		}
-//
-// 		comp := account.AccountListComp(wos)
-// 		handler.render.Render(r, w, comp)
-// 	}
-// }
-//
-// func (handler AccountImpl) handleDeleteAccount() http.HandlerFunc {
-// 	return func(w http.ResponseWriter, r *http.Request) {
-// 		user := middleware.GetUser(r)
-// 		if user == nil {
-// 			utils.DoRedirect(w, r, "/auth/signin")
-// 			return
-// 		}
-//
-// 		rowId := r.PathValue("id")
-// 		if rowId == "" {
-// 			utils.TriggerToast(w, r, "error", "Missing ID field", http.StatusBadRequest)
-// 			return
-// 		}
-//
-// 		rowIdInt, err := strconv.Atoi(rowId)
-// 		if err != nil {
-// 			utils.TriggerToast(w, r, "error", "Invalid ID", http.StatusBadRequest)
-// 			return
-// 		}
-//
-// 		err = handler.service.DeleteAccount(user, rowIdInt)
-// 		if err != nil {
-// 			utils.TriggerToast(w, r, "error", "Internal Server Error", http.StatusInternalServerError)
-// 			return
-// 		}
-// 	}
-// }
+func (h AccountImpl) handleAccountItemComp() http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		user := middleware.GetUser(r)
+		if user == nil {
+			utils.DoRedirect(w, r, "/auth/signin")
+			return
+		}
+
+		idStr := r.PathValue("id")
+		if idStr == "new" {
+			comp := t.EditAccount(nil)
+			log.Info("Component: %v", comp)
+			h.r.Render(r, w, comp)
+			return
+		}
+
+		id, err := uuid.Parse(idStr)
+		if err != nil {
+			utils.TriggerToastWithStatus(w, r, "error", "Could not parse Id", http.StatusBadRequest)
+			return
+		}
+
+		account, err := h.s.Get(user, id)
+		if err != nil {
+			utils.TriggerToastWithStatus(w, r, "error", "Internal Server Error", http.StatusInternalServerError)
+			return
+		}
+
+		var comp templ.Component
+		if r.URL.Query().Get("edit") == "true" {
+			comp = t.EditAccount(account)
+		} else {
+			comp = t.AccountItem(account)
+		}
+		h.r.Render(r, w, comp)
+	}
+}
+
+func (h AccountImpl) handleUpdateAccount() http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		user := middleware.GetUser(r)
+		if user == nil {
+			utils.DoRedirect(w, r, "/auth/signin")
+			return
+		}
+
+		var (
+			account *types.Account
+			err     error
+		)
+		idStr := r.PathValue("id")
+		name := r.FormValue("name")
+		if idStr == "new" {
+			account, err = h.s.Add(user, name)
+			if err != nil {
+				utils.TriggerToastWithStatus(w, r, "error", err.Error(), http.StatusInternalServerError)
+				return
+			}
+		} else {
+			id, err := uuid.Parse(idStr)
+			if err != nil {
+				utils.TriggerToastWithStatus(w, r, "error", "Could not parse Id", http.StatusBadRequest)
+				return
+			}
+			account, err = h.s.Update(user, id, name)
+			if err != nil {
+				utils.TriggerToastWithStatus(w, r, "error", err.Error(), http.StatusInternalServerError)
+				return
+			}
+		}
+
+		comp := t.AccountItem(account)
+		h.r.Render(r, w, comp)
+	}
+}
+
+func (h AccountImpl) handleDeleteAccount() http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		user := middleware.GetUser(r)
+		if user == nil {
+			utils.DoRedirect(w, r, "/auth/signin")
+			return
+		}
+
+		id, err := uuid.Parse(r.PathValue("id"))
+		if err != nil {
+			utils.TriggerToastWithStatus(w, r, "error", "Could not parse Id", http.StatusBadRequest)
+			return
+		}
+
+		err = h.s.Delete(user, id)
+		if err != nil {
+			utils.TriggerToastWithStatus(w, r, "error", err.Error(), http.StatusInternalServerError)
+			return
+		}
+	}
+}

handler/auth.go

@@ -96,9 +96,9 @@ func (handler AuthImpl) handleSignIn() http.HandlerFunc {
 
 		if err != nil {
 			if err == service.ErrInvalidCredentials {
-				utils.TriggerToast(w, r, "error", "Invalid email or password", http.StatusUnauthorized)
+				utils.TriggerToastWithStatus(w, r, "error", "Invalid email or password", http.StatusUnauthorized)
 			} else {
-				utils.TriggerToast(w, r, "error", "An error occurred", http.StatusInternalServerError)
+				utils.TriggerToastWithStatus(w, r, "error", "An error occurred", http.StatusInternalServerError)
 			}
 			return
 		}
@@ -204,19 +204,19 @@ func (handler AuthImpl) handleSignUp() http.HandlerFunc {
 
 		if err != nil {
 			if errors.Is(err, types.ErrInternal) {
-				utils.TriggerToast(w, r, "error", "An error occurred", http.StatusInternalServerError)
+				utils.TriggerToastWithStatus(w, r, "error", "An error occurred", http.StatusInternalServerError)
 				return
 			} else if errors.Is(err, service.ErrInvalidEmail) {
-				utils.TriggerToast(w, r, "error", "The email provided is invalid", http.StatusBadRequest)
+				utils.TriggerToastWithStatus(w, r, "error", "The email provided is invalid", http.StatusBadRequest)
 				return
 			} else if errors.Is(err, service.ErrInvalidPassword) {
-				utils.TriggerToast(w, r, "error", service.ErrInvalidPassword.Error(), http.StatusBadRequest)
+				utils.TriggerToastWithStatus(w, r, "error", service.ErrInvalidPassword.Error(), http.StatusBadRequest)
 				return
 			}
 			// If err is "service.ErrAccountExists", then just continue
 		}
 
-		utils.TriggerToast(w, r, "success", "An activation link has been send to your email", http.StatusOK)
+		utils.TriggerToastWithStatus(w, r, "success", "An activation link has been send to your email", http.StatusOK)
 	}
 }
 
@@ -273,9 +273,9 @@ func (handler AuthImpl) handleDeleteAccountComp() http.HandlerFunc {
 		err := handler.service.DeleteAccount(user, password)
 		if err != nil {
 			if err == service.ErrInvalidCredentials {
-				utils.TriggerToast(w, r, "error", "Password not correct", http.StatusBadRequest)
+				utils.TriggerToastWithStatus(w, r, "error", "Password not correct", http.StatusBadRequest)
 			} else {
-				utils.TriggerToast(w, r, "error", "Internal Server Error", http.StatusInternalServerError)
+				utils.TriggerToastWithStatus(w, r, "error", "Internal Server Error", http.StatusInternalServerError)
 			}
 			return
 		}
@@ -307,7 +307,7 @@ func (handler AuthImpl) handleChangePasswordComp() http.HandlerFunc {
 		session := middleware.GetSession(r)
 		user := middleware.GetUser(r)
 		if session == nil || user == nil {
-			utils.TriggerToast(w, r, "error", "Unathorized", http.StatusUnauthorized)
+			utils.TriggerToastWithStatus(w, r, "error", "Unathorized", http.StatusUnauthorized)
 			return
 		}
 
@@ -316,11 +316,11 @@ func (handler AuthImpl) handleChangePasswordComp() http.HandlerFunc {
 
 		err := handler.service.ChangePassword(user, session.Id, currPass, newPass)
 		if err != nil {
-			utils.TriggerToast(w, r, "error", "Password not correct", http.StatusBadRequest)
+			utils.TriggerToastWithStatus(w, r, "error", "Password not correct", http.StatusBadRequest)
 			return
 		}
 
-		utils.TriggerToast(w, r, "success", "Password changed", http.StatusOK)
+		utils.TriggerToastWithStatus(w, r, "success", "Password changed", http.StatusOK)
 	}
 }
 
@@ -343,7 +343,7 @@ func (handler AuthImpl) handleForgotPasswordComp() http.HandlerFunc {
 
 		email := r.FormValue("email")
 		if email == "" {
-			utils.TriggerToast(w, r, "error", "Please enter an email", http.StatusBadRequest)
+			utils.TriggerToastWithStatus(w, r, "error", "Please enter an email", http.StatusBadRequest)
 			return
 		}
 
@@ -353,9 +353,9 @@ func (handler AuthImpl) handleForgotPasswordComp() http.HandlerFunc {
 		})
 
 		if err != nil {
-			utils.TriggerToast(w, r, "error", "Internal Server Error", http.StatusInternalServerError)
+			utils.TriggerToastWithStatus(w, r, "error", "Internal Server Error", http.StatusInternalServerError)
 		} else {
-			utils.TriggerToast(w, r, "info", "If the address exists, an email has been sent.", http.StatusOK)
+			utils.TriggerToastWithStatus(w, r, "info", "If the address exists, an email has been sent.", http.StatusOK)
 		}
 	}
 }
@@ -365,7 +365,7 @@ func (handler AuthImpl) handleForgotPasswordResponseComp() http.HandlerFunc {
 		pageUrl, err := url.Parse(r.Header.Get("HX-Current-URL"))
 		if err != nil {
 			log.Error("Could not get current URL: %v", err)
-			utils.TriggerToast(w, r, "error", "Internal Server Error", http.StatusInternalServerError)
+			utils.TriggerToastWithStatus(w, r, "error", "Internal Server Error", http.StatusInternalServerError)
 			return
 		}
 
@@ -374,9 +374,9 @@ func (handler AuthImpl) handleForgotPasswordResponseComp() http.HandlerFunc {
 
 		err = handler.service.ForgotPassword(token, newPass)
 		if err != nil {
-			utils.TriggerToast(w, r, "error", err.Error(), http.StatusBadRequest)
+			utils.TriggerToastWithStatus(w, r, "error", err.Error(), http.StatusBadRequest)
 		} else {
-			utils.TriggerToast(w, r, "success", "Password changed", http.StatusOK)
+			utils.TriggerToastWithStatus(w, r, "success", "Password changed", http.StatusOK)
 		}
 	}
 }

handler/middleware/cross_site_request_forgery.go

@@ -59,7 +59,7 @@ func CrossSiteRequestForgery(auth service.Auth) func(http.Handler) http.Handler
 				if session == nil || csrfToken == "" || !auth.IsCsrfTokenValid(csrfToken, session.Id) {
 					log.Info("CSRF-Token not correct")
 					if r.Header.Get("HX-Request") == "true" {
-						utils.TriggerToast(w, r, "error", "CSRF-Token not correct", http.StatusBadRequest)
+						utils.TriggerToastWithStatus(w, r, "error", "CSRF-Token not correct", http.StatusBadRequest)
 					} else {
 						http.Error(w, "CSRF-Token not correct", http.StatusBadRequest)
 					}

handler/middleware/gzip.go

@@ -0,0 +1,38 @@
+package middleware
+
+import (
+	"compress/gzip"
+	"io"
+	"net/http"
+	"strings"
+
+	"spend-sparrow/log"
+)
+
+type gzipResponseWriter struct {
+	io.Writer
+	http.ResponseWriter
+}
+
+func (w gzipResponseWriter) Write(b []byte) (int, error) {
+	return w.Writer.Write(b)
+}
+
+func Gzip(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if !strings.Contains(r.Header.Get("Accept-Encoding"), "gzip") {
+			next.ServeHTTP(w, r)
+			return
+		}
+
+		w.Header().Set("Content-Encoding", "gzip")
+		gz := gzip.NewWriter(w)
+		gzr := gzipResponseWriter{Writer: gz, ResponseWriter: w}
+		next.ServeHTTP(gzr, r)
+
+		err := gz.Close()
+		if err != nil {
+			log.Error("Gzip: could not close Writer: %v", err)
+		}
+	})
+}

handler/middleware/wrapper.go

@@ -2,10 +2,11 @@ package middleware
 
 import "net/http"
 
+// Chain list of handlers together
 func Wrapper(next http.Handler, handlers ...func(http.Handler) http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		lastHandler := next
-		for i := len(handlers) - 1; i >= 0; i-- {
+		for i := 0; i < len(handlers); i++ {
 			lastHandler = handlers[i](lastHandler)
 		}
 		lastHandler.ServeHTTP(w, r)

handler/root_and_404.go

@@ -28,6 +28,7 @@ func NewIndex(service service.Auth, render *Render) Index {
 
 func (handler IndexImpl) Handle(router *http.ServeMux) {
 	router.Handle("/", handler.handleRootAnd404())
+	router.Handle("/empty", handler.handleEmpty())
 }
 
 func (handler IndexImpl) handleRootAnd404() http.HandlerFunc {
@@ -52,3 +53,9 @@ func (handler IndexImpl) handleRootAnd404() http.HandlerFunc {
 		handler.render.RenderLayoutWithStatus(r, w, comp, user, status)
 	}
 }
+
+func (handler IndexImpl) handleEmpty() http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		// Return nothing
+	}
+}

input.css

@@ -28,33 +28,25 @@ input:focus {
 /* Button */
 .button {
   transition: all 150ms linear;
-	border-radius: 0.5rem;
-	@apply inline-block cursor-pointer bg-white;
-}
-
-.button:hover {
-  box-shadow: 3px 3px 3px var(--color-gray-200);
+	@apply cursor-pointer border-2 rounded-lg border-transparent;
 }
 
 .button-primary:hover,
 .button-normal:hover {
   transform: translate(-0.25rem, -0.25rem);
+  box-shadow: 3px 3px 3px var(--color-gray-200);
 }
 
 .button-primary {
-  border: 2px solid var(--color-gray-400);
+	@apply border-gray-400
 }
 
 .button-normal {
-  border: 2px solid var(--color-gray-200);
-}
-
-.button-neglect {
-  border: 2px solid white;
+	@apply border-gray-200
 }
 
 .button-neglect:hover {
-  border-color: var(--color-gray-200);
+	@apply border-gray-200;
 }
 
 /* Input */

main.go

@@ -130,10 +130,12 @@ func createHandler(d *sqlx.DB, serverSettings *types.Settings) http.Handler {
 
 	return middleware.Wrapper(
 		router,
-		middleware.Log,
-		middleware.CacheControl,
 		middleware.SecurityHeaders(serverSettings),
-		middleware.Authenticate(authService),
+		middleware.CacheControl,
 		middleware.CrossSiteRequestForgery(authService),
+		middleware.Authenticate(authService),
+		middleware.Log,
+		// Gzip last, as it	compresses the body
+		middleware.Gzip,
 	)
 }

service/account.go

@@ -12,13 +12,14 @@ import (
 )
 
 var (
-	safeInputRegex = regexp.MustCompile(`^[a-zA-Z0-9-]+$`)
+	safeInputRegex = regexp.MustCompile(`^[a-zA-Z0-9äöüß -]+$`)
 )
 
 type Account interface {
 	Add(user *types.User, name string) (*types.Account, error)
 	Update(user *types.User, id uuid.UUID, name string) (*types.Account, error)
-	Get(user *types.User) ([]*types.Account, error)
+	Get(user *types.User, id uuid.UUID) (*types.Account, error)
+	GetAll(user *types.User) ([]*types.Account, error)
 	Delete(user *types.User, id uuid.UUID) error
 }
 
@@ -69,7 +70,7 @@ func (service AccountImpl) Add(user *types.User, name string) (*types.Account, e
 		UpdatedBy: nil,
 	}
 
-	err = service.db.Insert(account)
+	err = service.db.Insert(user.Id, account)
 	if err != nil {
 		return nil, err
 	}
@@ -103,7 +104,7 @@ func (service AccountImpl) Update(user *types.User, id uuid.UUID, name string) (
 	account.UpdatedAt = &timestamp
 	account.UpdatedBy = &user.Id
 
-	err = service.db.Update(account)
+	err = service.db.Update(user.Id, account)
 	if err != nil {
 		return nil, err
 	}
@@ -111,13 +112,27 @@ func (service AccountImpl) Update(user *types.User, id uuid.UUID, name string) (
 	return account, nil
 }
 
-func (service AccountImpl) Get(user *types.User) ([]*types.Account, error) {
+func (service AccountImpl) Get(user *types.User, id uuid.UUID) (*types.Account, error) {
 
 	if user == nil {
 		return nil, types.ErrInternal
 	}
 
-	accounts, err := service.db.GetAll(user.GroupId)
+	account, err := service.db.Get(user.Id, id)
+	if err != nil {
+		return nil, types.ErrInternal
+	}
+
+	return account, nil
+}
+
+func (service AccountImpl) GetAll(user *types.User) ([]*types.Account, error) {
+
+	if user == nil {
+		return nil, types.ErrInternal
+	}
+
+	accounts, err := service.db.GetAll(user.Id)
 	if err != nil {
 		return nil, types.ErrInternal
 	}
@@ -130,16 +145,16 @@ func (service AccountImpl) Delete(user *types.User, id uuid.UUID) error {
 		return types.ErrInternal
 	}
 
-	account, err := service.db.Get(user.GroupId, id)
+	account, err := service.db.Get(user.Id, id)
 	if err != nil {
 		return err
 	}
 
-	if account.GroupId != user.GroupId {
+	if account.GroupId != user.Id {
 		return types.ErrUnauthorized
 	}
 
-	err = service.db.Delete(account.Id)
+	err = service.db.Delete(user.Id, account.Id)
 	if err != nil {
 		return err
 	}

static/js/toast.js

@@ -1,5 +1,4 @@
 
-
 function getClass(type) {
 	switch (type) {
 		case "error":

template/account/account.templ

@@ -0,0 +1,143 @@
+package account
+
+import "fmt"
+import "spend-sparrow/template/svg"
+import "spend-sparrow/types"
+
+templ Account(accounts []*types.Account) {
+	<div class="max-w-6xl mt-10 mx-auto">
+		<button
+			hx-get="/account/new"
+			hx-target="#account-items"
+			hx-swap="afterbegin"
+			class="ml-auto button button-primary px-2 flex-1 flex items-center gap-2 justify-center"
+		>
+			@svg.Plus()
+			<p class="">New Account</p>
+		</button>
+		<div id="account-items" class="my-6 flex flex-col items-center">
+			for _, account := range accounts {
+				@AccountItem(account)
+				@AccountItem(account)
+				@AccountItem(account)
+				@AccountItem(account)
+				@AccountItem(account)
+				@AccountItem(account)
+				@AccountItem(account)
+				@AccountItem(account)
+				@AccountItem(account)
+				@AccountItem(account)
+				@AccountItem(account)
+				@AccountItem(account)
+				@AccountItem(account)
+				@AccountItem(account)
+				@AccountItem(account)
+				@AccountItem(account)
+				@AccountItem(account)
+				@AccountItem(account)
+				@AccountItem(account)
+				@AccountItem(account)
+				@AccountItem(account)
+				@AccountItem(account)
+				@AccountItem(account)
+				@AccountItem(account)
+				@AccountItem(account)
+				@AccountItem(account)
+				@AccountItem(account)
+				@AccountItem(account)
+				@AccountItem(account)
+				@AccountItem(account)
+				@AccountItem(account)
+			}
+		</div>
+	</div>
+}
+
+templ EditAccount(account *types.Account) {
+	{{
+	var (
+		name      string
+		id        string
+		cancelUrl string
+	)
+	if account == nil {
+		name = ""
+		id = "new"
+		cancelUrl = "/empty"
+	} else {
+		name = account.Name
+		id = account.Id.String()
+		cancelUrl = "/account/" + id
+	}
+	}}
+	<div id="account" class="border-1 border-gray-300 w-full my-4 p-4 bg-gray-50 rounded-lg">
+		<form
+			hx-post={ "/account/" + id }
+			hx-target="closest #account"
+			hx-swap="outerHTML"
+			class="text-xl flex justify-end gap-4 items-center"
+		>
+			<input
+				autofocus
+				name="name"
+				type="text"
+				value={ name }
+				class="mr-auto bg-white input"
+			/>
+			<button type="submit" class="button button-neglect px-1 flex items-center gap-2">
+				@svg.Save()
+				<span>
+					Save
+				</span>
+			</button>
+			<button
+				hx-get={ cancelUrl }
+				hx-target="closest #account"
+				hx-swap="outerHTML"
+				class="button button-neglect px-1 flex items-center gap-2"
+			>
+				@svg.Cancel()
+				<span>
+					Cancel
+				</span>
+			</button>
+		</form>
+	</div>
+}
+
+templ AccountItem(account *types.Account) {
+	<div id="account" class="border-1 border-gray-300 w-full my-4 p-4 bg-gray-50 rounded-lg">
+		<div class="text-xl flex justify-end gap-4">
+			<p class="mr-auto">{ account.Name }</p>
+			<p class="mr-20 text-green-700">{ displayBalance(account.CurrentBalance) }</p>
+			<button
+				hx-get={ "/account/" + account.Id.String() + "?edit=true" }
+				hx-target="closest #account"
+				hx-swap="outerHTML"
+				class="button button-neglect px-1 flex items-center gap-2"
+			>
+				@svg.Edit()
+				<span>
+					Edit
+				</span>
+			</button>
+			<button
+				hx-delete={ "/account/" + account.Id.String() }
+				hx-target="closest #account"
+				hx-swap="outerHTML"
+				class="button button-neglect px-1 flex items-center gap-2"
+			>
+				@svg.Delete()
+				<span>
+					Delete
+				</span>
+			</button>
+		</div>
+	</div>
+}
+
+func displayBalance(balance int64) string {
+
+	euros := float64(balance) / 100
+	return fmt.Sprintf("%.2f €", euros)
+}

template/account/workout.templ

@@ -1,7 +0,0 @@
-package account
-
-import "spend-sparrow/types"
-
-templ AccountListComp(accounts []*types.Account) {
-	<main class="mx-2"></main>
-}

template/auth/sign_in_or_up.templ

@@ -9,8 +9,11 @@ postUrl = "/api/auth/signin"
 	postUrl = "/api/auth/signup"
 }
 	}}
-<form class="max-w-xl px-2 mx-auto flex flex-col gap-4 h-full justify-center" hx-target="#sign-in-or-up-error" hx-post={
-	postUrl }>
+	<form
+		class="max-w-xl px-2 mx-auto flex flex-col gap-4 h-full justify-center"
+		hx-target="#sign-in-or-up-error"
+		hx-post={ postUrl }
+	>
 		<h2 class="text-4xl mb-4">
 			if isSignIn {
 				Sign In
@@ -21,23 +24,42 @@ postUrl = "/api/auth/signup"
 		<label class="input flex items-center gap-2">
 			<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16" fill="currentColor" class="h-5 w-5 opacity-70">
 				<path
-				d="M2.5 3A1.5 1.5 0 0 0 1 4.5v.793c.026.009.051.02.076.032L7.674 8.51c.206.1.446.1.652 0l6.598-3.185A.755.755 0 0 1 15 5.293V4.5A1.5 1.5 0 0 0 13.5 3h-11Z">
-			</path>
+					d="M2.5 3A1.5 1.5 0 0 0 1 4.5v.793c.026.009.051.02.076.032L7.674 8.51c.206.1.446.1.652 0l6.598-3.185A.755.755 0 0 1 15 5.293V4.5A1.5 1.5 0 0 0 13.5 3h-11Z"
+				></path>
 				<path
-				d="M15 6.954 8.978 9.86a2.25 2.25 0 0 1-1.956 0L1 6.954V11.5A1.5 1.5 0 0 0 2.5 13h11a1.5 1.5 0 0 0 1.5-1.5V6.954Z">
-			</path>
+					d="M15 6.954 8.978 9.86a2.25 2.25 0 0 1-1.956 0L1 6.954V11.5A1.5 1.5 0 0 0 2.5 13h11a1.5 1.5 0 0 0 1.5-1.5V6.954Z"
+				></path>
 			</svg>
-		<input type="text" class="grow" placeholder="Email" name="email" spellcheck="false" autocomplete="off"
-			autocorrect="off" autocapitalize="off" />
+			<input
+				type="text"
+				class="grow"
+				placeholder="Email"
+				name="email"
+				spellcheck="false"
+				autocomplete="off"
+				autocorrect="off"
+				autocapitalize="off"
+				autofocus
+			/>
 		</label>
 		<label class="input input-bordered flex items-center gap-2">
 			<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16" fill="currentColor" class="h-5 w-5 opacity-70">
-			<path fill-rule="evenodd"
+				<path
+					fill-rule="evenodd"
 					d="M14 6a4 4 0 0 1-4.899 3.899l-1.955 1.955a.5.5 0 0 1-.353.146H5v1.5a.5.5 0 0 1-.5.5h-2a.5.5 0 0 1-.5-.5v-2.293a.5.5 0 0 1 .146-.353l3.955-3.955A4 4 0 1 1 14 6Zm-4-2a.75.75 0 0 0 0 1.5.5.5 0 0 1 .5.5.75.75 0 0 0 1.5 0 2 2 0 0 0-2-2Z"
-				clip-rule="evenodd"></path>
+					clip-rule="evenodd"
+				></path>
 			</svg>
-		<input type="password" class="grow" placeholder="Password" name="password" spellcheck="false" autocomplete="off"
-			autocorrect="off" autocapitalize="off" />
+			<input
+				type="password"
+				class="grow"
+				placeholder="Password"
+				name="password"
+				spellcheck="false"
+				autocomplete="off"
+				autocorrect="off"
+				autocapitalize="off"
+			/>
 		</label>
 		<div class="flex justify-end items-center gap-3 h-14">
 			if isSignIn {

template/auth/user.templ

@@ -12,15 +12,15 @@ templ UserComp(user string) {
 					</svg>
 				</button>
 				<div class="absolute hidden group-has-hover:block w-full">
-			<ul class="w-fit float-right mr-4 p-3 border-2 border-gray-200 rounded-lg">
+					<ul class="w-fit float-right mr-4 p-3 border-2 border-gray-200 rounded-lg bg-white shadow-lg">
 						<li class="mb-1">
-					<a class="button w-full px-1 button-neglect" hx-post="/api/auth/signout" hx-target="#user-info">Sign Out</a>
+							<a class="button w-full px-1 button-neglect block" hx-post="/api/auth/signout" hx-target="#user-info">Sign Out</a>
 						</li>
 						<li class="mb-1">
-					<a class="button w-full px-1 button-neglect" href="/auth/change-password">Change Password</a>
+							<a class="button w-full px-1 button-neglect block" href="/auth/change-password">Change Password</a>
 						</li>
 						<li>
-					<a class="button w-full px-1 button-neglect text-gray-400 mt-4" href="/auth/delete-account" class="">
+							<a class="button w-full px-1 button-neglect text-gray-400 mt-4 block" href="/auth/delete-account" class="">
 								Delete
 								Account
 							</a>

template/auth/verify.templ

@@ -12,8 +12,12 @@ templ VerifyComp() {
 			<p class="text-lg text-center">
 				Please check your inbox/spam and click on the link to verify your account.
 			</p>
-		<button class="mt-8 button button-normal px-2 text-gray-500 text-xl" hx-get="/api/auth/verify-resend"
-			hx-sync="this:drop" hx-swap="outerHTML">
+			<button
+				class="mt-8 button button-normal px-2 text-gray-500 text-xl"
+				hx-get="/api/auth/verify-resend"
+				hx-sync="this:drop"
+				hx-swap="outerHTML"
+			>
 				resend verification email
 			</button>
 		</div>

template/index.templ

@@ -1,14 +0,0 @@
-package template
-
-templ Index() {
-<div class="h-full text-center flex flex-col items-center justify-center">
-	<h1 class="flex gap-2 w-full justify-center">
-		<img class="w-24" src="/static/favicon.svg" alt="SpendSparrow logo" />
-		<span class="text-8xl tracking-tighter font-bold font-pirata">SpendSparrow</span>
-	</h1>
-	<h2 class="text-3xl mt-8 text-gray-800">
-		Spend on the important<span class="text-sm">, like a fine Whiskey</span>
-	</h2>
-	<a href="/auth/signup" class="mt-24 button button-primary text-2xl p-4 font-bold">Getting Started</a>
-</div>
-}

template/layout.templ

@@ -27,10 +27,9 @@ templ Layout(slot templ.Component, user templ.Component, loggedIn bool, path str
 			<script src="/static/js/htmx.min.js"></script>
 			<script src="/static/js/toast.js"></script>
 		</head>
-		<body hx-headers='{"csrf-token": "CSRF_TOKEN"}'>
-			<div class="h-screen flex flex-col">
+		<body class="h-screen flex flex-col" hx-headers='{"csrf-token": "CSRF_TOKEN"}'>
 			// Header
-				<div class="sticky top-0">
+			<div class="">
 				<nav class="flex bg-white items-center gap-2 py-1 px-2 h-12 md:gap-10 md:px-10 md:py-2">
 					<a href="/" class="flex gap-2 mr-20">
 						<img class="w-6" src="/static/favicon.svg" alt="SpendSparrow logo"/>
@@ -45,16 +44,18 @@ templ Layout(slot templ.Component, user templ.Component, loggedIn bool, path str
 						@user
 					</div>
 				</nav>
-					<div class="h-12 inset-0 bg-linear-0 from-transparent to-white"></div>
+				<div class="h-12 fixed top-12 mr-4 inset-0 bg-linear-0 from-transparent to-white"></div>
 			</div>
 			// Content
-				<div class="flex-1">
+			<div class="flex-1 overflow-auto">
+				<main class="h-full">
 					if slot != nil {
 						@slot
 					}
+				</main>
 			</div>
 			// Footer
-			</div>
+			<!-- </div> -->
 			<div id="toasts" class="fixed bottom-4 right-4 ml-4 max-w-96 flex flex-col gap-2 z-50">
 				<div
 					id="toast"

template/mail/register.templ

@@ -5,19 +5,18 @@ import "net/url"
 templ Register(baseUrl string, token string) {
 	<!DOCTYPE html>
 	<html lang="en">
-
 		<head>
 			<meta charset="UTF-8"/>
 			<meta name="viewport" content="width=device-width, initial-scale=1.0"/>
 			<title>Welcome</title>
 		</head>
-
 		<body>
 			<h4>Thank you for Sign Up!</h4>
-	<p>Click <a href={ templ.URL(baseUrl + "/auth/verify-email?token=" + url.QueryEscape(token)) }>here</a> to finalize
-		your registration.</p>
+			<p>
+				Click <a href={ templ.URL(baseUrl + "/auth/verify-email?token=" + url.QueryEscape(token)) }>here</a> to finalize
+				your registration.
+			</p>
 			<p>Kind regards</p>
 		</body>
-
 	</html>
 }

template/not_found.templ

@@ -5,7 +5,7 @@ templ NotFound() {
 		<div class="p-16 rounded-lg">
 			<h1 class="text-4xl mb-5">Not Found</h1>
 			<p class="text-lg mb-5">The page you are looking for does not exist.</p>
-			<a href="/" class="">Go back to home</a>
+			<a href="/" class="button button-primary text-2xl py-2 px-4 mt-10">Go back to home</a>
 		</div>
 	</main>
 }

template/root.templ

@@ -0,0 +1,15 @@
+package template
+
+templ Index() {
+	<!-- <div class="h-full flex flex-col items-center justify-center"> -->
+	<div class="h-full flex flex-col items-center justify-center">
+		<h1 class="flex gap-2 w-full justify-center">
+			<img class="w-24" src="/static/favicon.svg" alt="SpendSparrow logo"/>
+			<span class="text-8xl tracking-tighter font-bold font-pirata">SpendSparrow</span>
+		</h1>
+		<h2 class="text-2xl mt-8 text-gray-800">
+			Spend your <span class="px-2 text-3xl text-yellow-800">treasure</span> on the important
+		</h2>
+		<a href="/auth/signup" class="mt-24 button button-primary text-2xl p-4 font-bold">Getting Started</a>
+	</div>
+}

template/svg/default.templ

@@ -0,0 +1,37 @@
+package svg
+
+templ Edit() {
+	<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 384 384" class="h-4 w-4 text-gray-500">
+		<path fill="currentColor" d="M0 304L236 68l80 80L80 384H0v-80zM378 86l-39 39l-80-80l39-39q6-6 15-6t15 6l50 50q6 6 6 15t-6 15z"></path>
+	</svg>
+}
+
+templ Delete() {
+	<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 304 384" class="h-4 w-4 text-gray-500">
+		<path fill="currentColor" d="M21 341V85h256v256q0 18-12.5 30.5T235 384H64q-18 0-30.5-12.5T21 341zM299 21v43H0V21h75L96 0h107l21 21h75z"></path>
+	</svg>
+}
+
+templ Eye() {
+	<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 472 384" class="h-4 w-4 text-gray-500">
+		<path fill="currentColor" d="M235 32q79 0 142.5 44.5T469 192q-28 71-91.5 115.5T235 352T92 307.5T0 192q28-71 92-115.5T235 32zm0 267q44 0 75-31.5t31-75.5t-31-75.5T235 85t-75.5 31.5T128 192t31.5 75.5T235 299zm-.5-171q26.5 0 45.5 18.5t19 45.5t-19 45.5t-45.5 18.5t-45-18.5T171 192t18.5-45.5t45-18.5z"></path>
+	</svg>
+}
+
+templ Plus() {
+	<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 304 384" class="h-4 w-4 text-gray-500">
+		<path fill="currentColor" d="M299 213H171v128h-43V213H0v-42h128V43h43v128h128v42z"></path>
+	</svg>
+}
+
+templ Save() {
+	<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" class="h-4 w-4 text-gray-500">
+		<path fill="currentColor" d="M21 7v12q0 .825-.588 1.413T19 21H5q-.825 0-1.413-.588T3 19V5q0-.825.588-1.413T5 3h12l4 4Zm-9 11q1.25 0 2.125-.875T15 15q0-1.25-.875-2.125T12 12q-1.25 0-2.125.875T9 15q0 1.25.875 2.125T12 18Zm-6-8h9V6H6v4Z"></path>
+	</svg>
+}
+
+templ Cancel() {
+	<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 1000 1000" class="h-4 w-4 text-gray-500">
+		<path fill="currentColor" d="m654 501l346 346l-154 154l-346-346l-346 346L0 847l346-346L0 155L154 1l346 346L846 1l154 154z"></path>
+	</svg>
+}

template/workout/default.go

@@ -1 +0,0 @@
-package workout

template/workout/workout.templ

@@ -1,73 +0,0 @@
-package workout
-
-templ WorkoutComp(currentDate string) {
-	<main class="mx-2">
-		<form
-			class="max-w-xl mx-auto flex flex-col gap-4 justify-center mt-10"
-			hx-post="/api/workout"
-			hx-target="#workout-placeholder"
-			hx-swap="outerHTML"
-		>
-			<h2 class="text-4xl mb-8">Track your workout</h2>
-			<input id="date" type="date" class="" value={ currentDate } name="date"/>
-			<select class="w-full" name="type">
-				<option>Push Ups</option>
-				<option>Pull Ups</option>
-			</select>
-			<input type="number" class="" placeholder="Sets" name="sets"/>
-			<input type="number" class="" placeholder="Reps" name="reps"/>
-			<button class="self-end">Save</button>
-		</form>
-		<div hx-get="/api/workout" hx-trigger="load"></div>
-	</main>
-}
-
-type Workout struct {
-	Id   string
-	Date string
-	Type string
-	Sets string
-	Reps string
-}
-
-templ WorkoutListComp(workouts []Workout) {
-	<div class="overflow-x-auto mx-auto max-w-lg">
-		<h2 class="text-4xl mt-14 mb-8">Workout history</h2>
-		<table class="table table-auto max-w-full">
-			<thead>
-				<tr>
-					<th>Date</th>
-					<th>Type</th>
-					<th>Sets</th>
-					<th>Reps</th>
-					<th></th>
-				</tr>
-			</thead>
-			<tbody>
-				<tr class="hidden" id="workout-placeholder"></tr>
-				for _,w := range workouts {
-					@WorkoutItemComp(w, false)
-				}
-			</tbody>
-		</table>
-	</div>
-}
-
-templ WorkoutItemComp(w Workout, includePlaceholder bool) {
-	if includePlaceholder {
-		<tr class="hidden" id="workout-placeholder"></tr>
-	}
-	<tr>
-		<th>{ w.Date }</th>
-		<th>{ w.Type }</th>
-		<th>{ w.Sets }</th>
-		<th>{ w.Reps }</th>
-		<th>
-			<div class="tooltip" data-tip="Delete Entry">
-				<button hx-delete={ "api/workout/" + w.Id } hx-target="closest tr" type="submit">
-					Delete
-				</button>
-			</div>
-		</th>
-	</tr>
-}

types/money.go

@@ -38,21 +38,21 @@ type Transaction struct {
 // The Account holds money
 type Account struct {
 	Id      uuid.UUID
-	GroupId uuid.UUID
+	GroupId uuid.UUID `db:"group_id"`
 
 	// Custom Name of the account, e.g. "Bank", "Cash", "Credit Card"
 	Name string
 
-	CurrentBalance  int64
-	LastTransaction *time.Time
+	CurrentBalance  int64      `db:"current_balance"`
+	LastTransaction *time.Time `db:"last_transaction"`
 	// The current precalculated value of:
 	// 	Account.Balance - [PiggyBank.Balance...]
-	OinkBalance int64
+	OinkBalance int64 `db:"oink_balance"`
 
-	CreatedAt time.Time
-	CreatedBy uuid.UUID
-	UpdatedAt *time.Time
-	UpdatedBy *uuid.UUID
+	CreatedAt time.Time  `db:"created_at"`
+	CreatedBy uuid.UUID  `db:"created_by"`
+	UpdatedAt *time.Time `db:"updated_at"`
+	UpdatedBy *uuid.UUID `db:"updated_by"`
 }
 
 // The PiggyBank is a fictional account. The money it "holds" is actually in the Account

utils/http.go

@@ -3,20 +3,25 @@ package utils
 import (
 	"fmt"
 	"net/http"
+	"strings"
 	"time"
 
 	"spend-sparrow/log"
 )
 
-func TriggerToast(w http.ResponseWriter, r *http.Request, class string, message string, statusCode int) {
+func TriggerToast(w http.ResponseWriter, r *http.Request, class string, message string) {
 	if isHtmx(r) {
-		w.Header().Set("HX-Trigger", fmt.Sprintf(`{"toast": "%v|%v"}`, class, message))
-		w.WriteHeader(statusCode)
+		w.Header().Set("HX-Trigger", fmt.Sprintf(`{"toast": "%v|%v"}`, class, strings.ReplaceAll(message, `"`, `\"`)))
 	} else {
 		log.Error("Trying to trigger toast in non-HTMX request")
 	}
 }
 
+func TriggerToastWithStatus(w http.ResponseWriter, r *http.Request, class string, message string, statusCode int) {
+	TriggerToast(w, r, class, message)
+	w.WriteHeader(statusCode)
+}
+
 func DoRedirect(w http.ResponseWriter, r *http.Request, url string) {
 	if isHtmx(r) {
 		w.Header().Add("HX-Redirect", url)