TBNilles/workorders
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initialize work order management system with database schema, API handlers, web client, and Docker configuration.

Browse Source
This commit is contained in:
Thomas Nilles
2026-05-16 16:15:53 -04:00
parent c135722339
commit f904431ec3
28 changed files with 2171 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Dockerfile
+17
View File
@@ -0,0 +1,17 @@
# ── Build stage ───────────────────────────────────────────────────────────────
FROM golang:1.23-alpine AS builder
WORKDIR /app
RUN apk add --no-cache git
COPY go.mod go.sum ./
RUN go mod download
COPY . .
RUN CGO_ENABLED=0 GOOS=linux go build -o workorders ./cmd/server
# ── Runtime stage ─────────────────────────────────────────────────────────────
FROM alpine:3.20
WORKDIR /app
RUN apk add --no-cache tzdata ca-certificates curl
COPY --from=builder /app/workorders .
COPY web/ ./web/
EXPOSE 8080
CMD ["./workorders"]
cmd/server/main.go
+45
View File
@@ -0,0 +1,45 @@
package main
import (
"log"
"net/http"
"os"
"github.com/joho/godotenv"
"workorders/internal/api"
"workorders/internal/config"
"workorders/internal/repository"
)
func main() {
// Load .env if present (ignored in production containers where env is injected)
if _, err := os.Stat(".env"); err == nil {
if err := godotenv.Load(); err != nil {
log.Printf("warning: could not load .env: %v", err)
}
}
cfg := config.Load()
log.Printf("connecting to database...")
db, err := repository.Connect(cfg.DBDSN)
if err != nil {
log.Fatalf("database connect: %v", err)
}
defer db.Close()
log.Printf("running migrations...")
if err := repository.RunMigrations(db); err != nil {
log.Fatalf("migrations: %v", err)
}
log.Printf("fetching JWKS from %s", cfg.JWKSUrl)
api.InitJWKS(cfg.JWKSUrl)
r := api.NewRouter(cfg, db)
log.Printf("listening on %s", cfg.Addr)
if err := http.ListenAndServe(cfg.Addr, r); err != nil {
log.Fatal(err)
}
}
docker-compose.yml
+68
View File
@@ -0,0 +1,68 @@
services:
mssql:
image: mcr.microsoft.com/mssql/server:2022-latest
environment:
SA_PASSWORD: ${SA_PASSWORD}
ACCEPT_EULA: "Y"
MSSQL_PID: Developer
ports:
- "1433:1433"
volumes:
- mssql_data:/var/opt/mssql
healthcheck:
test: ["CMD", "/opt/mssql-tools18/bin/sqlcmd", "-S", "localhost", "-U", "sa", "-P", "${SA_PASSWORD}", "-Q", "SELECT 1", "-No", "-l", "5"]
interval: 10s
timeout: 10s
retries: 12
start_period: 40s
keycloak:
image: quay.io/keycloak/keycloak:24.0
command: start-dev --import-realm --http-port=8180
environment:
KEYCLOAK_ADMIN: ${KC_ADMIN}
KEYCLOAK_ADMIN_PASSWORD: ${KC_ADMIN_PASSWORD}
KC_DB: dev-file
KC_HTTP_PORT: "8180"
KC_HOSTNAME_STRICT: "false"
KC_HOSTNAME_STRICT_HTTPS: "false"
KC_HTTP_ENABLED: "true"
KC_HEALTH_ENABLED: "true"
ports:
- "8180:8180"
volumes:
- ./keycloak:/opt/keycloak/data/import
- keycloak_data:/opt/keycloak/data
healthcheck:
# Keycloak image has no curl/wget; use bash TCP to confirm port is open
test: ["CMD-SHELL", "bash -c 'exec 3<>/dev/tcp/localhost/8180' 2>/dev/null && echo ok || exit 1"]
interval: 10s
timeout: 5s
retries: 18
start_period: 30s
api:
build: .
ports:
- "9080:9080"
env_file: .env
environment:
DB_DSN: "sqlserver://sa:${SA_PASSWORD}@mssql:1433?database=workorders"
OIDC_ISSUER: "http://localhost:8180/realms/workorders"
JWKS_URL: "http://keycloak:8180/realms/workorders/protocol/openid-connect/certs"
extra_hosts:
- "localhost:host-gateway"
volumes:
- uploads:/uploads
depends_on:
mssql:
condition: service_healthy
keycloak:
condition: service_healthy
restart: on-failure
volumes:
mssql_data:
keycloak_data:
uploads:
go.mod
+19
View File
@@ -0,0 +1,19 @@
module workorders
go 1.23
require (
github.com/go-chi/chi/v5 v5.1.0
github.com/golang-jwt/jwt/v5 v5.2.1
github.com/google/uuid v1.6.0
github.com/jmoiron/sqlx v1.3.5
github.com/joho/godotenv v1.5.1
github.com/microsoft/go-mssqldb v1.7.2
)
require (
github.com/golang-sql/civil v0.0.0-20220223132316-b832511892a9 // indirect
github.com/golang-sql/sqlexp v0.1.0 // indirect
golang.org/x/crypto v0.18.0 // indirect
golang.org/x/text v0.14.0 // indirect
)
go.sum
+54
View File
@@ -0,0 +1,54 @@
github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.1 h1:lGlwhPtrX6EVml1hO0ivjkUxsSyl4dsiw9qcA1k/3IQ=
github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.1/go.mod h1:RKUqNu35KJYcVG/fqTRqmuXJZYNhYkBrnC/hX7yGbTA=
github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.1 h1:sO0/P7g68FrryJzljemN+6GTssUXdANk6aJ7T1ZxnsQ=
github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.1/go.mod h1:h8hyGFDsU5HMivxiS2iYFZsgDbU9OnnJ163x5UGVKYo=
github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.1 h1:6oNBlSdi1QqM1PNW7FPA6xOGA5UNsXnkaYZz9vdPGhA=
github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.1/go.mod h1:s4kgfzA0covAXNicZHDMN58jExvcng2mC/DepXiF1EI=
github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.0.1 h1:MyVTgWR8qd/Jw1Le0NZebGBUCLbtak3bJ3z1OlqZBpw=
github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.0.1/go.mod h1:GpPjLhVR9dnUoJMyHWSPy71xY9/lcmpzIPZXmF0FCVY=
github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.0.0 h1:D3occbWoio4EBLkbkevetNMAVX197GkzbUMtqjGWn80=
github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.0.0/go.mod h1:bTSOgj05NGRuHHhQwAdPnYr9TOdNmKlZTgGLL6nyAdI=
github.com/AzureAD/microsoft-authentication-library-for-go v1.2.1 h1:DzHpqpoJVaCgOUdVHxE8QB52S6NiVdDQvGlny1qvPqA=
github.com/AzureAD/microsoft-authentication-library-for-go v1.2.1/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI=
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/go-chi/chi/v5 v5.1.0 h1:acVI1TYaD+hhedDJ3r54HyA6sExp3HfXq7QWEEY/xMw=
github.com/go-chi/chi/v5 v5.1.0/go.mod h1:DslCQbL2OYiznFReuXYUmQ2hGd1aDpCnlMNITLSKoi8=
github.com/go-sql-driver/mysql v1.6.0 h1:BCTh4TKNUYmOmMUcQ3IipzF5prigylS7XXjEkfCHuOE=
github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
github.com/golang-jwt/jwt/v5 v5.2.1 h1:OuVbFODueb089Lh128TAcimifWaLhJwVflnrgM17wHk=
github.com/golang-jwt/jwt/v5 v5.2.1/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
github.com/golang-sql/civil v0.0.0-20220223132316-b832511892a9 h1:au07oEsX2xN0ktxqI+Sida1w446QrXBRJ0nee3SNZlA=
github.com/golang-sql/civil v0.0.0-20220223132316-b832511892a9/go.mod h1:8vg3r2VgvsThLBIFL93Qb5yWzgyZWhEmBwUJWevAkK0=
github.com/golang-sql/sqlexp v0.1.0 h1:ZCD6MBpcuOVfGVqsEmY5/4FtYiKz6tSyUv9LPEDei6A=
github.com/golang-sql/sqlexp v0.1.0/go.mod h1:J4ad9Vo8ZCWQ2GMrC4UCQy1JpCbwU9m3EOqtpKwwwHI=
github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
github.com/jmoiron/sqlx v1.3.5 h1:vFFPA71p1o5gAeqtEAwLU4dnX2napprKtHr7PYIcN3g=
github.com/jmoiron/sqlx v1.3.5/go.mod h1:nRVWtLre0KfCLJvgxzCsLVMogSvQ1zNJtpYr2Ccp0mQ=
github.com/joho/godotenv v1.5.1 h1:7eLL/+HRGLY0ldzfGMeQkb7vMd0as4CfYvUVzLqw0N0=
github.com/joho/godotenv v1.5.1/go.mod h1:f4LDr5Voq0i2e/R5DDNOoa2zzDfwtkZa6DnEwAbqwq4=
github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc=
github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw=
github.com/lib/pq v1.2.0 h1:LXpIM/LZ5xGFhOpXAQUIMM1HdyqzVYM13zNdjCEEcA0=
github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
github.com/mattn/go-sqlite3 v1.14.6 h1:dNPt6NO46WmLVt2DLNpwczCmdV5boIZ6g/tlDrlRUbg=
github.com/mattn/go-sqlite3 v1.14.6/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU=
github.com/microsoft/go-mssqldb v1.7.2 h1:CHkFJiObW7ItKTJfHo1QX7QBBD1iV+mn1eOyRP3b/PA=
github.com/microsoft/go-mssqldb v1.7.2/go.mod h1:kOvZKUdrhhFQmxLZqbwUV0rHkNkZpthMITIb2Ko1IoA=
github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c h1:+mdjkGKdHQG3305AYmdv1U2eRNDiU2ErMBj1gwrq8eQ=
github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c/go.mod h1:7rwL4CYBLnjLxUqIJNnCWiEdr3bn6IUYi15bNlnbCCU=
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
golang.org/x/crypto v0.18.0 h1:PGVlW0xEltQnzFZ55hkuX5+KLyrMYhHld1YHO4AKcdc=
golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg=
golang.org/x/net v0.20.0 h1:aCL9BSgETF1k+blQaYUBx9hJ9LOGP3gAVemcZlf1Kpo=
golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY=
golang.org/x/sys v0.16.0 h1:xWw16ngr6ZMtmxDyKyIgsE93KNKz5HKmMa3b8ALHidU=
golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
internal/api/handlers/accounting.go
+50
View File
@@ -0,0 +1,50 @@
package handlers
import (
"net/http"
"github.com/jmoiron/sqlx"
"workorders/internal/model"
)
type AccountingHandler struct{ db *sqlx.DB }
func NewAccountingHandler(db *sqlx.DB) *AccountingHandler { return &AccountingHandler{db: db} }
func (h *AccountingHandler) Get(w http.ResponseWriter, r *http.Request) {
woID, err := intParam(r, "id")
if err != nil {
respondError(w, http.StatusBadRequest, "invalid id")
return
}
var codes []model.AccountingCode
h.db.Select(&codes, `SELECT * FROM wo_accounting WHERE wo_id=@p1`, woID)
respond(w, http.StatusOK, codes)
}
func (h *AccountingHandler) Upsert(w http.ResponseWriter, r *http.Request) {
woID, err := intParam(r, "id")
if err != nil {
respondError(w, http.StatusBadRequest, "invalid id")
return
}
var codes []model.AccountingCode
if err := decode(r, &codes); err != nil {
respondError(w, http.StatusBadRequest, "invalid body")
return
}
for _, c := range codes {
h.db.Exec(`
MERGE wo_accounting AS t
USING (SELECT @p1 AS wo_id, @p2 AS code_type) AS s
ON t.wo_id=s.wo_id AND t.code_type=s.code_type
WHEN MATCHED THEN UPDATE SET code_value=@p3,description=@p4
WHEN NOT MATCHED THEN INSERT (wo_id,code_type,code_value,description)
VALUES (@p1,@p2,@p3,@p4);`,
woID, c.CodeType, c.CodeValue, c.Description,
)
}
var result []model.AccountingCode
h.db.Select(&result, `SELECT * FROM wo_accounting WHERE wo_id=@p1`, woID)
respond(w, http.StatusOK, result)
}
internal/api/handlers/attachment.go
+107
View File
@@ -0,0 +1,107 @@
package handlers
import (
"fmt"
"io"
"net/http"
"os"
"path/filepath"
"github.com/google/uuid"
"github.com/jmoiron/sqlx"
"workorders/internal/config"
"workorders/internal/model"
)
type AttachmentHandler struct {
db *sqlx.DB
cfg *config.Config
}
func NewAttachmentHandler(db *sqlx.DB, cfg *config.Config) *AttachmentHandler {
return &AttachmentHandler{db: db, cfg: cfg}
}
func (h *AttachmentHandler) List(w http.ResponseWriter, r *http.Request) {
woID, err := intParam(r, "id")
if err != nil {
respondError(w, http.StatusBadRequest, "invalid id")
return
}
var atts []model.Attachment
if err := h.db.Select(&atts, `SELECT * FROM wo_attachments WHERE wo_id=@p1 ORDER BY uploaded_at`, woID); err != nil {
respondError(w, http.StatusInternalServerError, err.Error())
return
}
for i := range atts {
atts[i].URL = "/uploads/" + atts[i].FilePath
}
respond(w, http.StatusOK, atts)
}
func (h *AttachmentHandler) Upload(w http.ResponseWriter, r *http.Request) {
woID, err := intParam(r, "id")
if err != nil {
respondError(w, http.StatusBadRequest, "invalid id")
return
}
user := userFromCtx(r)
if err := r.ParseMultipartForm(32 << 20); err != nil {
respondError(w, http.StatusBadRequest, "parse form failed")
return
}
file, header, err := r.FormFile("file")
if err != nil {
respondError(w, http.StatusBadRequest, "missing file")
return
}
defer file.Close()
ext := filepath.Ext(header.Filename)
fname := uuid.New().String() + ext
relPath := fmt.Sprintf("%d/%s", woID, fname)
absPath := filepath.Join(h.cfg.UploadPath, relPath)
if err := os.MkdirAll(filepath.Dir(absPath), 0755); err != nil {
respondError(w, http.StatusInternalServerError, "storage error")
return
}
dst, err := os.Create(absPath)
if err != nil {
respondError(w, http.StatusInternalServerError, "storage error")
return
}
defer dst.Close()
size, _ := io.Copy(dst, file)
var aid int
err = h.db.QueryRow(`
INSERT INTO wo_attachments (wo_id,file_name,file_path,file_type,file_size,caption,phase,uploaded_by)
OUTPUT INSERTED.id VALUES (@p1,@p2,@p3,@p4,@p5,@p6,@p7,@p8)`,
woID, header.Filename, relPath, header.Header.Get("Content-Type"),
size, r.FormValue("caption"), r.FormValue("phase"), user.Email,
).Scan(&aid)
if err != nil {
respondError(w, http.StatusInternalServerError, err.Error())
return
}
respond(w, http.StatusCreated, map[string]any{
"id": aid,
"url": "/uploads/" + relPath,
})
}
func (h *AttachmentHandler) Delete(w http.ResponseWriter, r *http.Request) {
aid, err := intParam(r, "aid")
if err != nil {
respondError(w, http.StatusBadRequest, "invalid aid")
return
}
var att model.Attachment
if err := h.db.Get(&att, `SELECT * FROM wo_attachments WHERE id=@p1`, aid); err == nil {
os.Remove(filepath.Join(h.cfg.UploadPath, att.FilePath))
}
h.db.Exec(`DELETE FROM wo_attachments WHERE id=@p1`, aid)
respond(w, http.StatusOK, map[string]any{"deleted": aid})
}
internal/api/handlers/auth.go
+7
View File
@@ -0,0 +1,7 @@
package handlers
import "net/http"
func Me(w http.ResponseWriter, r *http.Request) {
respond(w, http.StatusOK, userFromCtx(r))
}
internal/api/handlers/helpers.go
+36
View File
@@ -0,0 +1,36 @@
package handlers
import (
"encoding/json"
"fmt"
"net/http"
"strconv"
"github.com/go-chi/chi/v5"
"workorders/internal/model"
)
func respond(w http.ResponseWriter, code int, data any) {
w.Header().Set("Content-Type", "application/json")
w.WriteHeader(code)
json.NewEncoder(w).Encode(map[string]any{"data": data})
}
func respondError(w http.ResponseWriter, code int, msg string) {
w.Header().Set("Content-Type", "application/json")
w.WriteHeader(code)
fmt.Fprintf(w, `{"error":%q}`, msg)
}
func intParam(r *http.Request, key string) (int, error) {
return strconv.Atoi(chi.URLParam(r, key))
}
func decode(r *http.Request, v any) error {
return json.NewDecoder(r.Body).Decode(v)
}
func userFromCtx(r *http.Request) model.UserClaims {
u, _ := r.Context().Value(model.CtxUserKey).(model.UserClaims)
return u
}
internal/api/handlers/registry.go
+36
View File
@@ -0,0 +1,36 @@
package handlers
import (
"net/http"
"github.com/jmoiron/sqlx"
"workorders/internal/model"
)
type RegistryHandler struct{ db *sqlx.DB }
func NewRegistryHandler(db *sqlx.DB) *RegistryHandler { return &RegistryHandler{db: db} }
func (h *RegistryHandler) People(w http.ResponseWriter, r *http.Request) {
var rows []model.RegistryPerson
h.db.Select(&rows, `SELECT id,name,role,email,phone FROM resource_people WHERE active=1 ORDER BY name`)
respond(w, http.StatusOK, rows)
}
func (h *RegistryHandler) Vehicles(w http.ResponseWriter, r *http.Request) {
var rows []model.RegistryVehicle
h.db.Select(&rows, `SELECT id,unit_number,description,vehicle_type FROM resource_vehicles WHERE active=1 ORDER BY unit_number`)
respond(w, http.StatusOK, rows)
}
func (h *RegistryHandler) Equipment(w http.ResponseWriter, r *http.Request) {
var rows []model.RegistryEquipment
h.db.Select(&rows, `SELECT id,name,asset_tag,category FROM resource_equipment WHERE active=1 ORDER BY name`)
respond(w, http.StatusOK, rows)
}
func (h *RegistryHandler) Materials(w http.ResponseWriter, r *http.Request) {
var rows []model.RegistryMaterial
h.db.Select(&rows, `SELECT id,name,unit,part_number FROM resource_materials WHERE active=1 ORDER BY name`)
respond(w, http.StatusOK, rows)
}
internal/api/handlers/resource.go
+74
View File
@@ -0,0 +1,74 @@
package handlers
import (
"net/http"
"github.com/jmoiron/sqlx"
"workorders/internal/model"
)
type ResourceHandler struct{ db *sqlx.DB }
func NewResourceHandler(db *sqlx.DB) *ResourceHandler { return &ResourceHandler{db: db} }
func (h *ResourceHandler) List(w http.ResponseWriter, r *http.Request) {
woID, err := intParam(r, "id")
if err != nil {
respondError(w, http.StatusBadRequest, "invalid id")
return
}
var rows []model.AssignedResource
err = h.db.Select(&rows, `
SELECT r.id, r.wo_id, r.resource_type, r.resource_id, r.quantity, r.notes, r.assigned_at,
ISNULL(p.name, ISNULL(v.unit_number, ISNULL(e.name, m.name))) AS name
FROM wo_resources r
LEFT JOIN resource_people p ON r.resource_type='person' AND r.resource_id=p.id
LEFT JOIN resource_vehicles v ON r.resource_type='vehicle' AND r.resource_id=v.id
LEFT JOIN resource_equipment e ON r.resource_type='equipment' AND r.resource_id=e.id
LEFT JOIN resource_materials m ON r.resource_type='material' AND r.resource_id=m.id
WHERE r.wo_id=@p1`, woID)
if err != nil {
respondError(w, http.StatusInternalServerError, err.Error())
return
}
respond(w, http.StatusOK, rows)
}
func (h *ResourceHandler) Assign(w http.ResponseWriter, r *http.Request) {
woID, err := intParam(r, "id")
if err != nil {
respondError(w, http.StatusBadRequest, "invalid id")
return
}
var body struct {
ResourceType string `json:"resource_type"`
ResourceID int `json:"resource_id"`
Quantity *float64 `json:"quantity"`
Notes string `json:"notes"`
}
if err := decode(r, &body); err != nil {
respondError(w, http.StatusBadRequest, "invalid body")
return
}
var rid int
err = h.db.QueryRow(`
INSERT INTO wo_resources (wo_id,resource_type,resource_id,quantity,notes)
OUTPUT INSERTED.id VALUES (@p1,@p2,@p3,@p4,@p5)`,
woID, body.ResourceType, body.ResourceID, body.Quantity, body.Notes,
).Scan(&rid)
if err != nil {
respondError(w, http.StatusInternalServerError, err.Error())
return
}
respond(w, http.StatusCreated, map[string]any{"id": rid})
}
func (h *ResourceHandler) Remove(w http.ResponseWriter, r *http.Request) {
rid, err := intParam(r, "rid")
if err != nil {
respondError(w, http.StatusBadRequest, "invalid rid")
return
}
h.db.Exec(`DELETE FROM wo_resources WHERE id=@p1`, rid)
respond(w, http.StatusOK, map[string]any{"deleted": rid})
}
internal/api/handlers/step.go
+104
View File
@@ -0,0 +1,104 @@
package handlers
import (
"net/http"
"time"
"github.com/jmoiron/sqlx"
"workorders/internal/model"
)
type StepHandler struct{ db *sqlx.DB }
func NewStepHandler(db *sqlx.DB) *StepHandler { return &StepHandler{db: db} }
func (h *StepHandler) List(w http.ResponseWriter, r *http.Request) {
woID, err := intParam(r, "id")
if err != nil {
respondError(w, http.StatusBadRequest, "invalid id")
return
}
var steps []model.Step
if err := h.db.Select(&steps,
`SELECT * FROM wo_steps WHERE wo_id=@p1 ORDER BY step_order`, woID); err != nil {
respondError(w, http.StatusInternalServerError, err.Error())
return
}
respond(w, http.StatusOK, steps)
}
func (h *StepHandler) Create(w http.ResponseWriter, r *http.Request) {
woID, err := intParam(r, "id")
if err != nil {
respondError(w, http.StatusBadRequest, "invalid id")
return
}
var body model.Step
if err := decode(r, &body); err != nil {
respondError(w, http.StatusBadRequest, "invalid body")
return
}
var maxOrder int
h.db.QueryRow(`SELECT ISNULL(MAX(step_order),0) FROM wo_steps WHERE wo_id=@p1`, woID).Scan(&maxOrder)
var sid int
err = h.db.QueryRow(`
INSERT INTO wo_steps (wo_id,step_order,title,description,required)
OUTPUT INSERTED.id VALUES (@p1,@p2,@p3,@p4,@p5)`,
woID, maxOrder+1, body.Title, body.Description, body.Required,
).Scan(&sid)
if err != nil {
respondError(w, http.StatusInternalServerError, err.Error())
return
}
var step model.Step
h.db.Get(&step, `SELECT * FROM wo_steps WHERE id=@p1`, sid)
respond(w, http.StatusCreated, step)
}
func (h *StepHandler) Update(w http.ResponseWriter, r *http.Request) {
sid, err := intParam(r, "sid")
if err != nil {
respondError(w, http.StatusBadRequest, "invalid sid")
return
}
var body model.Step
if err := decode(r, &body); err != nil {
respondError(w, http.StatusBadRequest, "invalid body")
return
}
h.db.Exec(`UPDATE wo_steps SET title=@p1,description=@p2,required=@p3 WHERE id=@p4`,
body.Title, body.Description, body.Required, sid)
var step model.Step
h.db.Get(&step, `SELECT * FROM wo_steps WHERE id=@p1`, sid)
respond(w, http.StatusOK, step)
}
func (h *StepHandler) Complete(w http.ResponseWriter, r *http.Request) {
sid, err := intParam(r, "sid")
if err != nil {
respondError(w, http.StatusBadRequest, "invalid sid")
return
}
user := userFromCtx(r)
var body struct {
Notes string `json:"notes"`
}
decode(r, &body)
now := time.Now().UTC()
h.db.Exec(`UPDATE wo_steps SET completed=1,completed_by=@p1,completed_at=@p2,notes=@p3 WHERE id=@p4`,
user.Email, now, body.Notes, sid)
var step model.Step
h.db.Get(&step, `SELECT * FROM wo_steps WHERE id=@p1`, sid)
respond(w, http.StatusOK, step)
}
func (h *StepHandler) Delete(w http.ResponseWriter, r *http.Request) {
sid, err := intParam(r, "sid")
if err != nil {
respondError(w, http.StatusBadRequest, "invalid sid")
return
}
h.db.Exec(`DELETE FROM wo_steps WHERE id=@p1`, sid)
respond(w, http.StatusOK, map[string]any{"deleted": sid})
}
internal/api/handlers/workorder.go
+171
View File
@@ -0,0 +1,171 @@
package handlers
import (
"net/http"
"time"
"github.com/jmoiron/sqlx"
"workorders/internal/config"
"workorders/internal/model"
)
type WorkOrderHandler struct {
db *sqlx.DB
cfg *config.Config
}
func NewWorkOrderHandler(db *sqlx.DB, cfg *config.Config) *WorkOrderHandler {
return &WorkOrderHandler{db: db, cfg: cfg}
}
func (h *WorkOrderHandler) List(w http.ResponseWriter, r *http.Request) {
status := r.URL.Query().Get("status")
search := r.URL.Query().Get("search")
if search != "" {
search = "%" + search + "%"
}
query := `
SELECT
wo.id, wo.wo_number, wo.title, wo.status, wo.priority,
wo.site_name, wo.scheduled_start,
COUNT(s.id) AS step_count,
ISNULL(SUM(CAST(s.completed AS INT)),0) AS steps_done,
COUNT(a.id) AS photo_count
FROM work_orders wo
LEFT JOIN wo_steps s ON s.wo_id = wo.id
LEFT JOIN wo_attachments a ON a.wo_id = wo.id
WHERE (@p1 = '' OR wo.status = @p1)
AND (@p2 = '' OR wo.title LIKE @p2 OR wo.wo_number LIKE @p2 OR wo.site_name LIKE @p2)
GROUP BY wo.id, wo.wo_number, wo.title, wo.status,
wo.priority, wo.site_name, wo.scheduled_start
ORDER BY wo.scheduled_start DESC, wo.id DESC`
rows := []model.WorkOrderListItem{}
if err := h.db.Select(&rows, query, status, search); err != nil {
respondError(w, http.StatusInternalServerError, err.Error())
return
}
respond(w, http.StatusOK, rows)
}
func (h *WorkOrderHandler) Get(w http.ResponseWriter, r *http.Request) {
id, err := intParam(r, "id")
if err != nil {
respondError(w, http.StatusBadRequest, "invalid id")
return
}
var wo model.WorkOrder
if err = h.db.Get(&wo, `SELECT * FROM work_orders WHERE id = @p1`, id); err != nil {
respondError(w, http.StatusNotFound, "not found")
return
}
respond(w, http.StatusOK, wo)
}
func (h *WorkOrderHandler) Create(w http.ResponseWriter, r *http.Request) {
user := userFromCtx(r)
var body model.WorkOrder
if err := decode(r, &body); err != nil {
respondError(w, http.StatusBadRequest, "invalid body")
return
}
if body.Priority == "" {
body.Priority = "normal"
}
var id int
err := h.db.QueryRow(`
INSERT INTO work_orders
(title, description, instructions, status, priority,
scheduled_start, scheduled_end, site_name, address, lat, lng,
access_notes, parent_type, parent_id, created_by, updated_at)
OUTPUT INSERTED.id
VALUES (@p1,@p2,@p3,'draft',@p4,@p5,@p6,@p7,@p8,@p9,@p10,@p11,@p12,@p13,@p14,GETUTCDATE())`,
body.Title, body.Description, body.Instructions, body.Priority,
body.ScheduledStart, body.ScheduledEnd, body.SiteName, body.Address,
body.Lat, body.Lng, body.AccessNotes, body.ParentType, body.ParentID,
user.Email,
).Scan(&id)
if err != nil {
respondError(w, http.StatusInternalServerError, err.Error())
return
}
var wo model.WorkOrder
h.db.Get(&wo, `SELECT * FROM work_orders WHERE id = @p1`, id)
respond(w, http.StatusCreated, wo)
}
func (h *WorkOrderHandler) Update(w http.ResponseWriter, r *http.Request) {
id, err := intParam(r, "id")
if err != nil {
respondError(w, http.StatusBadRequest, "invalid id")
return
}
var body model.WorkOrder
if err := decode(r, &body); err != nil {
respondError(w, http.StatusBadRequest, "invalid body")
return
}
_, err = h.db.Exec(`
UPDATE work_orders SET
title=@p1, description=@p2, instructions=@p3, priority=@p4,
scheduled_start=@p5, scheduled_end=@p6, site_name=@p7, address=@p8,
lat=@p9, lng=@p10, access_notes=@p11, updated_at=GETUTCDATE()
WHERE id=@p12`,
body.Title, body.Description, body.Instructions, body.Priority,
body.ScheduledStart, body.ScheduledEnd, body.SiteName, body.Address,
body.Lat, body.Lng, body.AccessNotes, id,
)
if err != nil {
respondError(w, http.StatusInternalServerError, err.Error())
return
}
var wo model.WorkOrder
h.db.Get(&wo, `SELECT * FROM work_orders WHERE id = @p1`, id)
respond(w, http.StatusOK, wo)
}
func (h *WorkOrderHandler) Delete(w http.ResponseWriter, r *http.Request) {
id, err := intParam(r, "id")
if err != nil {
respondError(w, http.StatusBadRequest, "invalid id")
return
}
h.db.Exec(`DELETE FROM work_orders WHERE id = @p1`, id)
respond(w, http.StatusOK, map[string]any{"deleted": id})
}
func (h *WorkOrderHandler) UpdateStatus(w http.ResponseWriter, r *http.Request) {
id, err := intParam(r, "id")
if err != nil {
respondError(w, http.StatusBadRequest, "invalid id")
return
}
user := userFromCtx(r)
var body struct {
Status string `json:"status"`
}
if err := decode(r, &body); err != nil {
respondError(w, http.StatusBadRequest, "invalid body")
return
}
now := time.Now().UTC()
_, err = h.db.Exec(`
UPDATE work_orders SET
status=@p1, updated_at=GETUTCDATE(),
actual_start = CASE WHEN @p1='in_progress' AND actual_start IS NULL THEN @p2 ELSE actual_start END,
actual_end = CASE WHEN @p1='closed' THEN @p2 ELSE actual_end END,
closed_at = CASE WHEN @p1='closed' THEN @p2 ELSE closed_at END,
closed_by = CASE WHEN @p1='closed' THEN @p3 ELSE closed_by END
WHERE id=@p4`,
body.Status, now, user.Email, id,
)
if err != nil {
respondError(w, http.StatusInternalServerError, err.Error())
return
}
var wo model.WorkOrder
h.db.Get(&wo, `SELECT * FROM work_orders WHERE id = @p1`, id)
respond(w, http.StatusOK, wo)
}
internal/api/middleware.go
+190
View File
@@ -0,0 +1,190 @@
package api
import (
"context"
"crypto/rsa"
"encoding/base64"
"encoding/json"
"fmt"
"log"
"math/big"
"net/http"
"strings"
"sync"
"time"
"github.com/golang-jwt/jwt/v5"
"workorders/internal/model"
)
// jwksCache caches the public keys from Keycloak
type jwksCache struct {
mu sync.RWMutex
keys map[string]*rsa.PublicKey
fetchAt time.Time
url string
}
var cache = &jwksCache{}
func InitJWKS(url string) {
cache.url = url
if err := cache.refresh(); err != nil {
log.Printf("JWKS initial fetch warning: %v (will retry per-request)", err)
}
}
func (c *jwksCache) refresh() error {
resp, err := http.Get(c.url) //nolint:gosec
if err != nil {
return fmt.Errorf("fetch JWKS: %w", err)
}
defer resp.Body.Close()
var jwks struct {
Keys []struct {
Kid string `json:"kid"`
Kty string `json:"kty"`
Alg string `json:"alg"`
N string `json:"n"`
E string `json:"e"`
} `json:"keys"`
}
if err := json.NewDecoder(resp.Body).Decode(&jwks); err != nil {
return fmt.Errorf("decode JWKS: %w", err)
}
keys := make(map[string]*rsa.PublicKey, len(jwks.Keys))
for _, k := range jwks.Keys {
if k.Kty != "RSA" {
continue
}
pub, err := rsaPublicKey(k.N, k.E)
if err != nil {
continue
}
keys[k.Kid] = pub
}
c.mu.Lock()
c.keys = keys
c.fetchAt = time.Now()
c.mu.Unlock()
return nil
}
func (c *jwksCache) get(kid string) (*rsa.PublicKey, error) {
c.mu.RLock()
key, ok := c.keys[kid]
stale := time.Since(c.fetchAt) > 10*time.Minute
c.mu.RUnlock()
if ok && !stale {
return key, nil
}
if err := c.refresh(); err != nil {
if ok {
return key, nil // use stale key if refresh fails
}
return nil, err
}
c.mu.RLock()
key, ok = c.keys[kid]
c.mu.RUnlock()
if !ok {
return nil, fmt.Errorf("key %q not found", kid)
}
return key, nil
}
func rsaPublicKey(nStr, eStr string) (*rsa.PublicKey, error) {
nBytes, err := base64.RawURLEncoding.DecodeString(nStr)
if err != nil {
return nil, err
}
eBytes, err := base64.RawURLEncoding.DecodeString(eStr)
if err != nil {
return nil, err
}
n := new(big.Int).SetBytes(nBytes)
e := new(big.Int).SetBytes(eBytes)
return &rsa.PublicKey{N: n, E: int(e.Int64())}, nil
}
// OIDCAuth validates a Keycloak-issued JWT in the Authorization header.
func OIDCAuth(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
auth := r.Header.Get("Authorization")
if !strings.HasPrefix(auth, "Bearer ") {
jsonError(w, "unauthorized", http.StatusUnauthorized)
return
}
raw := strings.TrimPrefix(auth, "Bearer ")
token, err := jwt.Parse(raw, func(t *jwt.Token) (any, error) {
if _, ok := t.Method.(*jwt.SigningMethodRSA); !ok {
return nil, fmt.Errorf("unexpected signing method: %v", t.Header["alg"])
}
kid, _ := t.Header["kid"].(string)
return cache.get(kid)
}, jwt.WithExpirationRequired())
if err != nil || !token.Valid {
jsonError(w, "invalid token", http.StatusUnauthorized)
return
}
claims, ok := token.Claims.(jwt.MapClaims)
if !ok {
jsonError(w, "invalid claims", http.StatusUnauthorized)
return
}
user := model.UserClaims{
Sub: stringClaim(claims, "sub"),
Email: stringClaim(claims, "email"),
Name: stringClaim(claims, "name"),
}
if ra, ok := claims["realm_access"].(map[string]any); ok {
if roles, ok := ra["roles"].([]any); ok {
for _, r := range roles {
if s, ok := r.(string); ok {
user.Roles = append(user.Roles, s)
}
}
}
}
ctx := context.WithValue(r.Context(), model.CtxUserKey, user)
next.ServeHTTP(w, r.WithContext(ctx))
})
}
func CORS(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Access-Control-Allow-Origin", "*")
w.Header().Set("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS")
w.Header().Set("Access-Control-Allow-Headers", "Authorization, Content-Type")
if r.Method == http.MethodOptions {
w.WriteHeader(http.StatusNoContent)
return
}
next.ServeHTTP(w, r)
})
}
func stringClaim(c jwt.MapClaims, key string) string {
v, _ := c[key].(string)
return v
}
func jsonError(w http.ResponseWriter, msg string, code int) {
w.Header().Set("Content-Type", "application/json")
w.WriteHeader(code)
fmt.Fprintf(w, `{"error":%q}`, msg)
}
func UserFromCtx(r *http.Request) model.UserClaims {
u, _ := r.Context().Value(model.CtxUserKey).(model.UserClaims)
return u
}
internal/api/router.go
+67
View File
@@ -0,0 +1,67 @@
package api
import (
"net/http"
"github.com/go-chi/chi/v5"
"github.com/go-chi/chi/v5/middleware"
"github.com/jmoiron/sqlx"
"workorders/internal/api/handlers"
"workorders/internal/config"
)
func NewRouter(cfg *config.Config, db *sqlx.DB) http.Handler {
r := chi.NewRouter()
r.Use(middleware.Logger)
r.Use(middleware.Recoverer)
r.Use(middleware.RealIP)
r.Use(CORS)
// Serve frontend static files
r.Handle("/*", http.FileServer(http.Dir("./web")))
// Protected API
r.Group(func(r chi.Router) {
r.Use(OIDCAuth)
wo := handlers.NewWorkOrderHandler(db, cfg)
r.Get("/api/work-orders", wo.List)
r.Post("/api/work-orders", wo.Create)
r.Get("/api/work-orders/{id}", wo.Get)
r.Put("/api/work-orders/{id}", wo.Update)
r.Delete("/api/work-orders/{id}", wo.Delete)
r.Put("/api/work-orders/{id}/status", wo.UpdateStatus)
step := handlers.NewStepHandler(db)
r.Get("/api/work-orders/{id}/steps", step.List)
r.Post("/api/work-orders/{id}/steps", step.Create)
r.Put("/api/work-orders/{id}/steps/{sid}", step.Update)
r.Post("/api/work-orders/{id}/steps/{sid}/complete", step.Complete)
r.Delete("/api/work-orders/{id}/steps/{sid}", step.Delete)
res := handlers.NewResourceHandler(db)
r.Get("/api/work-orders/{id}/resources", res.List)
r.Post("/api/work-orders/{id}/resources", res.Assign)
r.Delete("/api/work-orders/{id}/resources/{rid}", res.Remove)
att := handlers.NewAttachmentHandler(db, cfg)
r.Get("/api/work-orders/{id}/attachments", att.List)
r.Post("/api/work-orders/{id}/attachments", att.Upload)
r.Delete("/api/work-orders/{id}/attachments/{aid}", att.Delete)
r.Handle("/uploads/*", http.StripPrefix("/uploads/", http.FileServer(http.Dir(cfg.UploadPath))))
acc := handlers.NewAccountingHandler(db)
r.Get("/api/work-orders/{id}/accounting", acc.Get)
r.Put("/api/work-orders/{id}/accounting", acc.Upsert)
reg := handlers.NewRegistryHandler(db)
r.Get("/api/registry/people", reg.People)
r.Get("/api/registry/vehicles", reg.Vehicles)
r.Get("/api/registry/equipment", reg.Equipment)
r.Get("/api/registry/materials", reg.Materials)
r.Get("/api/me", handlers.Me)
})
return r
}
internal/config/config.go
+33
View File
@@ -0,0 +1,33 @@
package config
import "os"
type Config struct {
Addr string
DBDSN string
JWTSecret string
UploadPath string
BaseURL string
OIDCIssuer string
JWKSUrl string
AppEnv string
}
func Load() *Config {
return &Config{
Addr: env("ADDR", ":8080"),
DBDSN: env("DB_DSN", ""),
UploadPath: env("UPLOAD_PATH", "./uploads"),
BaseURL: env("BASE_URL", "http://localhost:8080"),
OIDCIssuer: env("OIDC_ISSUER", "http://localhost:8180/realms/workorders"),
JWKSUrl: env("JWKS_URL", "http://localhost:8180/realms/workorders/protocol/openid-connect/certs"),
AppEnv: env("APP_ENV", "development"),
}
}
func env(key, fallback string) string {
if v := os.Getenv(key); v != "" {
return v
}
return fallback
}
internal/model/models.go
+131
View File
@@ -0,0 +1,131 @@
package model
import "time"
type WorkOrder struct {
ID int `db:"id" json:"id"`
WONumber string `db:"wo_number" json:"wo_number"`
Title string `db:"title" json:"title"`
Description string `db:"description" json:"description"`
Instructions string `db:"instructions" json:"instructions"`
Status string `db:"status" json:"status"`
Priority string `db:"priority" json:"priority"`
ScheduledStart *time.Time `db:"scheduled_start" json:"scheduled_start"`
ScheduledEnd *time.Time `db:"scheduled_end" json:"scheduled_end"`
ActualStart *time.Time `db:"actual_start" json:"actual_start"`
ActualEnd *time.Time `db:"actual_end" json:"actual_end"`
SiteName string `db:"site_name" json:"site_name"`
Address string `db:"address" json:"address"`
Lat *float64 `db:"lat" json:"lat"`
Lng *float64 `db:"lng" json:"lng"`
AccessNotes string `db:"access_notes" json:"access_notes"`
ParentType *string `db:"parent_type" json:"parent_type"`
ParentID *int `db:"parent_id" json:"parent_id"`
CreatedBy string `db:"created_by" json:"created_by"`
CreatedAt time.Time `db:"created_at" json:"created_at"`
UpdatedAt time.Time `db:"updated_at" json:"updated_at"`
ClosedAt *time.Time `db:"closed_at" json:"closed_at"`
ClosedBy *string `db:"closed_by" json:"closed_by"`
}
type WorkOrderListItem struct {
ID int `db:"id" json:"id"`
WONumber string `db:"wo_number" json:"wo_number"`
Title string `db:"title" json:"title"`
Status string `db:"status" json:"status"`
Priority string `db:"priority" json:"priority"`
SiteName string `db:"site_name" json:"site_name"`
ScheduledStart *time.Time `db:"scheduled_start" json:"scheduled_start"`
StepCount int `db:"step_count" json:"step_count"`
StepsDone int `db:"steps_done" json:"steps_done"`
PhotoCount int `db:"photo_count" json:"photo_count"`
}
type Step struct {
ID int `db:"id" json:"id"`
WOID int `db:"wo_id" json:"wo_id"`
StepOrder int `db:"step_order" json:"step_order"`
Title string `db:"title" json:"title"`
Description string `db:"description" json:"description"`
Required bool `db:"required" json:"required"`
Completed bool `db:"completed" json:"completed"`
CompletedBy *string `db:"completed_by" json:"completed_by"`
CompletedAt *time.Time `db:"completed_at" json:"completed_at"`
Notes string `db:"notes" json:"notes"`
}
type AssignedResource struct {
ID int `db:"id" json:"id"`
WOID int `db:"wo_id" json:"wo_id"`
ResourceType string `db:"resource_type" json:"resource_type"`
ResourceID int `db:"resource_id" json:"resource_id"`
Name string `db:"name" json:"name"`
Quantity *float64 `db:"quantity" json:"quantity"`
Notes string `db:"notes" json:"notes"`
AssignedAt time.Time `db:"assigned_at" json:"assigned_at"`
}
type Attachment struct {
ID int `db:"id" json:"id"`
WOID int `db:"wo_id" json:"wo_id"`
StepID *int `db:"step_id" json:"step_id"`
FileName string `db:"file_name" json:"file_name"`
FilePath string `db:"file_path" json:"file_path"`
FileType string `db:"file_type" json:"file_type"`
FileSize int64 `db:"file_size" json:"file_size"`
Caption string `db:"caption" json:"caption"`
Phase string `db:"phase" json:"phase"`
Lat *float64 `db:"lat" json:"lat"`
Lng *float64 `db:"lng" json:"lng"`
UploadedBy string `db:"uploaded_by" json:"uploaded_by"`
UploadedAt time.Time `db:"uploaded_at" json:"uploaded_at"`
URL string `db:"-" json:"url"`
}
type AccountingCode struct {
ID int `db:"id" json:"id"`
WOID int `db:"wo_id" json:"wo_id"`
CodeType string `db:"code_type" json:"code_type"`
CodeValue string `db:"code_value" json:"code_value"`
Description string `db:"description" json:"description"`
}
type RegistryPerson struct {
ID int `db:"id" json:"id"`
Name string `db:"name" json:"name"`
Role string `db:"role" json:"role"`
Email string `db:"email" json:"email"`
Phone string `db:"phone" json:"phone"`
}
type RegistryVehicle struct {
ID int `db:"id" json:"id"`
UnitNumber string `db:"unit_number" json:"unit_number"`
Description string `db:"description" json:"description"`
VehicleType string `db:"vehicle_type" json:"vehicle_type"`
}
type RegistryEquipment struct {
ID int `db:"id" json:"id"`
Name string `db:"name" json:"name"`
AssetTag string `db:"asset_tag" json:"asset_tag"`
Category string `db:"category" json:"category"`
}
type RegistryMaterial struct {
ID int `db:"id" json:"id"`
Name string `db:"name" json:"name"`
Unit string `db:"unit" json:"unit"`
PartNumber string `db:"part_number" json:"part_number"`
}
type UserClaims struct {
Sub string
Email string
Name string
Roles []string
}
type CtxKey string
const CtxUserKey CtxKey = "user"
internal/repository/db.go
+134
View File
@@ -0,0 +1,134 @@
package repository
import (
"context"
"embed"
"fmt"
"log"
"strings"
"time"
"github.com/jmoiron/sqlx"
_ "github.com/microsoft/go-mssqldb"
)
//go:embed migrations/*.sql
var migrations embed.FS
func Connect(dsn string) (*sqlx.DB, error) {
// Extract base DSN without the database name for initial connection to master
masterDSN := strings.Replace(dsn, "database=workorders", "database=master", 1)
// Retry loop — MSSQL takes time to start
var db *sqlx.DB
var err error
for i := range 20 {
db, err = sqlx.Open("sqlserver", masterDSN)
if err == nil {
if pingErr := db.PingContext(context.Background()); pingErr == nil {
break
}
db.Close()
}
log.Printf("waiting for MSSQL (%d/20)...", i+1)
time.Sleep(3 * time.Second)
}
if err != nil {
return nil, fmt.Errorf("connect to master: %w", err)
}
// Create the workorders database if it doesn't exist
_, err = db.Exec(`
IF NOT EXISTS (SELECT name FROM sys.databases WHERE name = 'workorders')
CREATE DATABASE workorders;
`)
if err != nil {
return nil, fmt.Errorf("create database: %w", err)
}
db.Close()
// Reconnect to the workorders database
db, err = sqlx.Open("sqlserver", dsn)
if err != nil {
return nil, fmt.Errorf("connect to workorders: %w", err)
}
if err = db.PingContext(context.Background()); err != nil {
return nil, fmt.Errorf("ping workorders: %w", err)
}
db.SetMaxOpenConns(25)
db.SetMaxIdleConns(5)
db.SetConnMaxLifetime(5 * time.Minute)
return db, nil
}
func RunMigrations(db *sqlx.DB) error {
// Create migrations tracking table
_, err := db.Exec(`
IF NOT EXISTS (
SELECT * FROM sys.tables WHERE name = 'schema_migrations'
)
CREATE TABLE schema_migrations (
filename NVARCHAR(255) PRIMARY KEY,
applied_at DATETIME2 NOT NULL DEFAULT GETUTCDATE()
);
`)
if err != nil {
return fmt.Errorf("create schema_migrations: %w", err)
}
entries, err := migrations.ReadDir("migrations")
if err != nil {
return fmt.Errorf("read migrations dir: %w", err)
}
for _, entry := range entries {
if !strings.HasSuffix(entry.Name(), ".sql") {
continue
}
var count int
_ = db.QueryRow(`SELECT COUNT(1) FROM schema_migrations WHERE filename = @p1`, entry.Name()).Scan(&count)
if count > 0 {
continue
}
content, err := migrations.ReadFile("migrations/" + entry.Name())
if err != nil {
return fmt.Errorf("read %s: %w", entry.Name(), err)
}
// Split on GO statements for multi-batch SQL
statements := splitSQL(string(content))
for _, stmt := range statements {
stmt = strings.TrimSpace(stmt)
if stmt == "" {
continue
}
if _, err := db.Exec(stmt); err != nil {
return fmt.Errorf("migration %s: %w", entry.Name(), err)
}
}
_, err = db.Exec(`INSERT INTO schema_migrations (filename) VALUES (@p1)`, entry.Name())
if err != nil {
return fmt.Errorf("record migration %s: %w", entry.Name(), err)
}
log.Printf("applied migration: %s", entry.Name())
}
return nil
}
func splitSQL(sql string) []string {
var stmts []string
for _, part := range strings.Split(sql, "\nGO") {
if s := strings.TrimSpace(part); s != "" {
stmts = append(stmts, s)
}
}
if len(stmts) == 0 {
stmts = []string{sql}
}
return stmts
}
internal/repository/migrations/001_initial_schema.sql
+157
View File
@@ -0,0 +1,157 @@
-- Run once: create database if needed (executed against master)
-- The Go migration runner handles this separately.
-- ── Work Orders ───────────────────────────────────────────────────────────────
CREATE TABLE work_orders (
id INT IDENTITY PRIMARY KEY,
wo_number AS ('WO-' + RIGHT('000000' + CAST(id AS VARCHAR), 6)) PERSISTED,
title NVARCHAR(200) NOT NULL,
description NVARCHAR(MAX),
instructions NVARCHAR(MAX),
status NVARCHAR(30) NOT NULL DEFAULT 'draft',
priority NVARCHAR(10) NOT NULL DEFAULT 'normal',
scheduled_start DATETIME2,
scheduled_end DATETIME2,
actual_start DATETIME2,
actual_end DATETIME2,
site_name NVARCHAR(200),
address NVARCHAR(400),
lat DECIMAL(10,7),
lng DECIMAL(10,7),
access_notes NVARCHAR(MAX),
parent_type NVARCHAR(50),
parent_id INT,
created_by NVARCHAR(200) NOT NULL DEFAULT 'system',
created_at DATETIME2 NOT NULL DEFAULT GETUTCDATE(),
updated_at DATETIME2 NOT NULL DEFAULT GETUTCDATE(),
closed_at DATETIME2,
closed_by NVARCHAR(200),
CONSTRAINT chk_wo_status CHECK (status IN ('draft','assigned','scheduled','in_progress','pending_review','closed')),
CONSTRAINT chk_wo_priority CHECK (priority IN ('low','normal','high','urgent'))
);
-- ── Resource Registry ─────────────────────────────────────────────────────────
CREATE TABLE resource_people (
id INT IDENTITY PRIMARY KEY,
name NVARCHAR(100) NOT NULL,
role NVARCHAR(100),
email NVARCHAR(200),
phone NVARCHAR(30),
active BIT NOT NULL DEFAULT 1
);
CREATE TABLE resource_vehicles (
id INT IDENTITY PRIMARY KEY,
unit_number NVARCHAR(50) NOT NULL,
description NVARCHAR(200),
vehicle_type NVARCHAR(100),
active BIT NOT NULL DEFAULT 1
);
CREATE TABLE resource_equipment (
id INT IDENTITY PRIMARY KEY,
name NVARCHAR(200) NOT NULL,
asset_tag NVARCHAR(100),
category NVARCHAR(100),
active BIT NOT NULL DEFAULT 1
);
CREATE TABLE resource_materials (
id INT IDENTITY PRIMARY KEY,
name NVARCHAR(200) NOT NULL,
unit NVARCHAR(30),
part_number NVARCHAR(100),
active BIT NOT NULL DEFAULT 1
);
-- ── Work Order Resources ───────────────────────────────────────────────────────
CREATE TABLE wo_resources (
id INT IDENTITY PRIMARY KEY,
wo_id INT NOT NULL REFERENCES work_orders(id) ON DELETE CASCADE,
resource_type NVARCHAR(20) NOT NULL,
resource_id INT NOT NULL,
quantity DECIMAL(10,2),
notes NVARCHAR(500),
assigned_at DATETIME2 NOT NULL DEFAULT GETUTCDATE(),
CONSTRAINT chk_resource_type CHECK (resource_type IN ('person','vehicle','equipment','material'))
);
-- ── Checklist Steps ───────────────────────────────────────────────────────────
CREATE TABLE wo_steps (
id INT IDENTITY PRIMARY KEY,
wo_id INT NOT NULL REFERENCES work_orders(id) ON DELETE CASCADE,
step_order INT NOT NULL,
title NVARCHAR(200) NOT NULL,
description NVARCHAR(MAX),
required BIT NOT NULL DEFAULT 1,
completed BIT NOT NULL DEFAULT 0,
completed_by NVARCHAR(200),
completed_at DATETIME2,
notes NVARCHAR(MAX)
);
-- ── Attachments ───────────────────────────────────────────────────────────────
CREATE TABLE wo_attachments (
id INT IDENTITY PRIMARY KEY,
wo_id INT NOT NULL REFERENCES work_orders(id) ON DELETE CASCADE,
step_id INT REFERENCES wo_steps(id),
file_name NVARCHAR(500) NOT NULL,
file_path NVARCHAR(1000) NOT NULL,
file_type NVARCHAR(100),
file_size BIGINT,
caption NVARCHAR(500),
phase NVARCHAR(20),
lat DECIMAL(10,7),
lng DECIMAL(10,7),
uploaded_by NVARCHAR(200) NOT NULL,
uploaded_at DATETIME2 NOT NULL DEFAULT GETUTCDATE()
);
-- ── Accounting Codes ──────────────────────────────────────────────────────────
CREATE TABLE wo_accounting (
id INT IDENTITY PRIMARY KEY,
wo_id INT NOT NULL REFERENCES work_orders(id) ON DELETE CASCADE,
code_type NVARCHAR(50) NOT NULL,
code_value NVARCHAR(200) NOT NULL,
description NVARCHAR(500),
CONSTRAINT uq_wo_accounting UNIQUE (wo_id, code_type)
);
-- ── Audit Log ─────────────────────────────────────────────────────────────────
CREATE TABLE wo_audit_log (
id INT IDENTITY PRIMARY KEY,
wo_id INT NOT NULL REFERENCES work_orders(id) ON DELETE CASCADE,
action NVARCHAR(100) NOT NULL,
old_value NVARCHAR(MAX),
new_value NVARCHAR(MAX),
performed_by NVARCHAR(200) NOT NULL,
performed_at DATETIME2 NOT NULL DEFAULT GETUTCDATE()
);
-- ── Indexes ───────────────────────────────────────────────────────────────────
CREATE INDEX ix_wo_status ON work_orders (status);
CREATE INDEX ix_wo_parent ON work_orders (parent_type, parent_id);
CREATE INDEX ix_wo_scheduled ON work_orders (scheduled_start);
CREATE INDEX ix_resources ON wo_resources (wo_id, resource_type);
CREATE INDEX ix_attachments ON wo_attachments (wo_id);
-- ── Seed registry data ────────────────────────────────────────────────────────
INSERT INTO resource_people (name, role, email, phone) VALUES
('Alice Johnson', 'Lead Technician', 'alice@example.com', '555-0101'),
('Bob Smith', 'Field Tech', 'bob@example.com', '555-0102'),
('Carol White', 'Supervisor', 'carol@example.com', '555-0103');
INSERT INTO resource_vehicles (unit_number, description, vehicle_type) VALUES
('TRK-001', 'Ford F-250 Service Truck', 'Pickup'),
('VAN-002', 'Transit Connect Work Van', 'Van'),
('SUV-003', 'Chevy Tahoe Supervisor', 'SUV');
INSERT INTO resource_equipment (name, asset_tag, category) VALUES
('Bucket Truck', 'EQ-1001', 'Heavy Equipment'),
('Portable Generator', 'EQ-1002', 'Power'),
('Cable Puller', 'EQ-1003', 'Tools');
INSERT INTO resource_materials (name, unit, part_number) VALUES
('Wire 12 AWG', 'ft', 'WR-12AWG'),
('Conduit 1"', 'ft', 'CD-1IN'),
('Junction Box', 'each', 'JB-100');
keycloak/realm-export.json
+87
View File
@@ -0,0 +1,87 @@
{
"id": "workorders",
"realm": "workorders",
"displayName": "Work Orders",
"enabled": true,
"registrationAllowed": false,
"resetPasswordAllowed": true,
"rememberMe": true,
"verifyEmail": false,
"loginWithEmailAllowed": true,
"sslRequired": "none",
"clients": [
{
"clientId": "workorders-app",
"name": "Work Orders App",
"enabled": true,
"publicClient": true,
"standardFlowEnabled": true,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": false,
"serviceAccountsEnabled": false,
"redirectUris": [
"http://localhost:9080/*",
"http://localhost:8081/*"
],
"webOrigins": [
"http://localhost:9080",
"http://localhost:8081"
],
"attributes": {
"pkce.code.challenge.method": "S256",
"post.logout.redirect.uris": "http://localhost:9080/*"
},
"protocol": "openid-connect"
}
],
"roles": {
"realm": [
{ "name": "admin", "description": "Full administrative access" },
{ "name": "dispatcher", "description": "Create and assign work orders" },
{ "name": "field_tech", "description": "Complete steps and upload photos" },
{ "name": "viewer", "description": "Read-only access" }
]
},
"users": [
{
"username": "admin",
"email": "admin@workorders.local",
"firstName": "Admin",
"lastName": "User",
"enabled": true,
"emailVerified": true,
"credentials": [{ "type": "password", "value": "admin123", "temporary": false }],
"realmRoles": ["admin"]
},
{
"username": "dispatcher",
"email": "dispatcher@workorders.local",
"firstName": "Dispatcher",
"lastName": "User",
"enabled": true,
"emailVerified": true,
"credentials": [{ "type": "password", "value": "dispatcher123", "temporary": false }],
"realmRoles": ["dispatcher"]
},
{
"username": "tech1",
"email": "tech1@workorders.local",
"firstName": "Tech",
"lastName": "One",
"enabled": true,
"emailVerified": true,
"credentials": [{ "type": "password", "value": "tech123", "temporary": false }],
"realmRoles": ["field_tech"]
},
{
"username": "viewer",
"email": "viewer@workorders.local",
"firstName": "View",
"lastName": "Only",
"enabled": true,
"emailVerified": true,
"credentials": [{ "type": "password", "value": "viewer123", "temporary": false }],
"realmRoles": ["viewer"]
}
]
}
migrations/001_initial_schema.sql
+157
View File
@@ -0,0 +1,157 @@
-- Run once: create database if needed (executed against master)
-- The Go migration runner handles this separately.
-- ── Work Orders ───────────────────────────────────────────────────────────────
CREATE TABLE work_orders (
id INT IDENTITY PRIMARY KEY,
wo_number AS ('WO-' + RIGHT('000000' + CAST(id AS VARCHAR), 6)) PERSISTED,
title NVARCHAR(200) NOT NULL,
description NVARCHAR(MAX),
instructions NVARCHAR(MAX),
status NVARCHAR(30) NOT NULL DEFAULT 'draft',
priority NVARCHAR(10) NOT NULL DEFAULT 'normal',
scheduled_start DATETIME2,
scheduled_end DATETIME2,
actual_start DATETIME2,
actual_end DATETIME2,
site_name NVARCHAR(200),
address NVARCHAR(400),
lat DECIMAL(10,7),
lng DECIMAL(10,7),
access_notes NVARCHAR(MAX),
parent_type NVARCHAR(50),
parent_id INT,
created_by NVARCHAR(200) NOT NULL DEFAULT 'system',
created_at DATETIME2 NOT NULL DEFAULT GETUTCDATE(),
updated_at DATETIME2 NOT NULL DEFAULT GETUTCDATE(),
closed_at DATETIME2,
closed_by NVARCHAR(200),
CONSTRAINT chk_wo_status CHECK (status IN ('draft','assigned','scheduled','in_progress','pending_review','closed')),
CONSTRAINT chk_wo_priority CHECK (priority IN ('low','normal','high','urgent'))
);
-- ── Resource Registry ─────────────────────────────────────────────────────────
CREATE TABLE resource_people (
id INT IDENTITY PRIMARY KEY,
name NVARCHAR(100) NOT NULL,
role NVARCHAR(100),
email NVARCHAR(200),
phone NVARCHAR(30),
active BIT NOT NULL DEFAULT 1
);
CREATE TABLE resource_vehicles (
id INT IDENTITY PRIMARY KEY,
unit_number NVARCHAR(50) NOT NULL,
description NVARCHAR(200),
vehicle_type NVARCHAR(100),
active BIT NOT NULL DEFAULT 1
);
CREATE TABLE resource_equipment (
id INT IDENTITY PRIMARY KEY,
name NVARCHAR(200) NOT NULL,
asset_tag NVARCHAR(100),
category NVARCHAR(100),
active BIT NOT NULL DEFAULT 1
);
CREATE TABLE resource_materials (
id INT IDENTITY PRIMARY KEY,
name NVARCHAR(200) NOT NULL,
unit NVARCHAR(30),
part_number NVARCHAR(100),
active BIT NOT NULL DEFAULT 1
);
-- ── Work Order Resources ───────────────────────────────────────────────────────
CREATE TABLE wo_resources (
id INT IDENTITY PRIMARY KEY,
wo_id INT NOT NULL REFERENCES work_orders(id) ON DELETE CASCADE,
resource_type NVARCHAR(20) NOT NULL,
resource_id INT NOT NULL,
quantity DECIMAL(10,2),
notes NVARCHAR(500),
assigned_at DATETIME2 NOT NULL DEFAULT GETUTCDATE(),
CONSTRAINT chk_resource_type CHECK (resource_type IN ('person','vehicle','equipment','material'))
);
-- ── Checklist Steps ───────────────────────────────────────────────────────────
CREATE TABLE wo_steps (
id INT IDENTITY PRIMARY KEY,
wo_id INT NOT NULL REFERENCES work_orders(id) ON DELETE CASCADE,
step_order INT NOT NULL,
title NVARCHAR(200) NOT NULL,
description NVARCHAR(MAX),
required BIT NOT NULL DEFAULT 1,
completed BIT NOT NULL DEFAULT 0,
completed_by NVARCHAR(200),
completed_at DATETIME2,
notes NVARCHAR(MAX)
);
-- ── Attachments ───────────────────────────────────────────────────────────────
CREATE TABLE wo_attachments (
id INT IDENTITY PRIMARY KEY,
wo_id INT NOT NULL REFERENCES work_orders(id) ON DELETE CASCADE,
step_id INT REFERENCES wo_steps(id),
file_name NVARCHAR(500) NOT NULL,
file_path NVARCHAR(1000) NOT NULL,
file_type NVARCHAR(100),
file_size BIGINT,
caption NVARCHAR(500),
phase NVARCHAR(20),
lat DECIMAL(10,7),
lng DECIMAL(10,7),
uploaded_by NVARCHAR(200) NOT NULL,
uploaded_at DATETIME2 NOT NULL DEFAULT GETUTCDATE()
);
-- ── Accounting Codes ──────────────────────────────────────────────────────────
CREATE TABLE wo_accounting (
id INT IDENTITY PRIMARY KEY,
wo_id INT NOT NULL REFERENCES work_orders(id) ON DELETE CASCADE,
code_type NVARCHAR(50) NOT NULL,
code_value NVARCHAR(200) NOT NULL,
description NVARCHAR(500),
CONSTRAINT uq_wo_accounting UNIQUE (wo_id, code_type)
);
-- ── Audit Log ─────────────────────────────────────────────────────────────────
CREATE TABLE wo_audit_log (
id INT IDENTITY PRIMARY KEY,
wo_id INT NOT NULL REFERENCES work_orders(id) ON DELETE CASCADE,
action NVARCHAR(100) NOT NULL,
old_value NVARCHAR(MAX),
new_value NVARCHAR(MAX),
performed_by NVARCHAR(200) NOT NULL,
performed_at DATETIME2 NOT NULL DEFAULT GETUTCDATE()
);
-- ── Indexes ───────────────────────────────────────────────────────────────────
CREATE INDEX ix_wo_status ON work_orders (status);
CREATE INDEX ix_wo_parent ON work_orders (parent_type, parent_id);
CREATE INDEX ix_wo_scheduled ON work_orders (scheduled_start);
CREATE INDEX ix_resources ON wo_resources (wo_id, resource_type);
CREATE INDEX ix_attachments ON wo_attachments (wo_id);
-- ── Seed registry data ────────────────────────────────────────────────────────
INSERT INTO resource_people (name, role, email, phone) VALUES
('Alice Johnson', 'Lead Technician', 'alice@example.com', '555-0101'),
('Bob Smith', 'Field Tech', 'bob@example.com', '555-0102'),
('Carol White', 'Supervisor', 'carol@example.com', '555-0103');
INSERT INTO resource_vehicles (unit_number, description, vehicle_type) VALUES
('TRK-001', 'Ford F-250 Service Truck', 'Pickup'),
('VAN-002', 'Transit Connect Work Van', 'Van'),
('SUV-003', 'Chevy Tahoe Supervisor', 'SUV');
INSERT INTO resource_equipment (name, asset_tag, category) VALUES
('Bucket Truck', 'EQ-1001', 'Heavy Equipment'),
('Portable Generator', 'EQ-1002', 'Power'),
('Cable Puller', 'EQ-1003', 'Tools');
INSERT INTO resource_materials (name, unit, part_number) VALUES
('Wire 12 AWG', 'ft', 'WR-12AWG'),
('Conduit 1"', 'ft', 'CD-1IN'),
('Junction Box', 'each', 'JB-100');
web/app.mjs
+84
View File
@@ -0,0 +1,84 @@
import { setToken } from './lib/api.mjs';
import './components/wo-list.mjs';
import './components/wo-form.mjs';
// ── Keycloak init ─────────────────────────────────────────────────────────────
const keycloak = new Keycloak({
url: window.KEYCLOAK_URL || 'http://localhost:8180',
realm: window.KEYCLOAK_REALM || 'workorders',
clientId: window.KEYCLOAK_CLIENT_ID || 'workorders-app',
});
keycloak.init({
onLoad: 'login-required',
pkceMethod: 'S256',
checkLoginIframe: false,
})
.then(authenticated => {
if (!authenticated) { keycloak.login(); return; }
setToken(keycloak.token);
// Refresh token before it expires
setInterval(async () => {
try { await keycloak.updateToken(60); setToken(keycloak.token); }
catch { keycloak.login(); }
}, 30_000);
window.addEventListener('auth:expired', () => keycloak.login());
renderApp(keycloak);
})
.catch(() => document.getElementById('app').innerHTML =
'<p style="color:red;padding:2rem">Failed to connect to authentication server.</p>');
// ── App shell ─────────────────────────────────────────────────────────────────
function renderApp(kc) {
const app = document.getElementById('app');
const userName = kc.tokenParsed?.name || kc.tokenParsed?.preferred_username || 'User';
// Nav
const nav = document.createElement('nav');
nav.innerHTML = `
<span class="brand">Work Orders</span>
<span class="spacer"></span>
<span class="user-info">${userName}</span>
<button id="logout" style="background:transparent;border:1px solid rgba(255,255,255,.4);color:#fff;padding:.3rem .8rem;font-size:.85rem">Logout</button>`;
document.body.insertBefore(nav, app);
nav.querySelector('#logout').addEventListener('click', () => kc.logout());
showList();
app.addEventListener('wo:select', e => showDetail(e.detail.id));
app.addEventListener('wo:cancel', () => showList());
app.addEventListener('wo:saved', () => showList());
document.addEventListener('keydown', e => { if (e.key === 'Escape') showList(); });
}
function showList() {
const app = document.getElementById('app');
app.innerHTML = `
<div class="page-header">
<h1>Work Orders</h1>
<button id="new-wo">+ New Work Order</button>
</div>
<wo-list id="wo-list"></wo-list>`;
app.querySelector('#new-wo').addEventListener('click', showCreate);
}
function showCreate() {
const app = document.getElementById('app');
app.innerHTML = `
<div class="page-header"><h1>New Work Order</h1></div>
<div class="card"><wo-form></wo-form></div>`;
}
function showDetail(id) {
const app = document.getElementById('app');
app.innerHTML = `
<div class="page-header">
<h1>Edit Work Order</h1>
<button id="back" class="secondary">← Back</button>
</div>
<div class="card"><wo-form wo-id="${id}"></wo-form></div>`;
app.querySelector('#back').addEventListener('click', showList);
}
web/components/wo-form.mjs
+115
View File
@@ -0,0 +1,115 @@
import { api } from '../lib/api.mjs';
class WoForm extends HTMLElement {
#woId = null;
#wo = null;
static get observedAttributes() { return ['wo-id']; }
attributeChangedCallback(_, __, val) { this.#woId = val ? +val : null; this.#load(); }
connectedCallback() {
this.attachShadow({ mode: 'open' });
this.#render();
if (this.#woId) this.#load();
}
async #load() {
if (!this.#woId) return;
this.#wo = await api.get(`/work-orders/${this.#woId}`);
this.#render();
}
#render() {
const wo = this.#wo ?? {};
this.shadowRoot.innerHTML = `
<style>
:host { display: block; }
form { display: grid; gap: 1rem; }
.row { display: grid; grid-template-columns: 1fr 1fr; gap: 1rem; }
label { display: flex; flex-direction: column; gap: .3rem; font-size: .9rem; font-weight: 600; color: #1a2e3b; }
input, select, textarea {
border: 1px solid #e2ebf0; border-radius: 8px;
padding: .5rem .75rem; font-size: .95rem; background: #fff; color: #1a2e3b;
}
input:focus, select:focus, textarea:focus { outline: none; border-color: #0a7ea4; }
textarea { resize: vertical; min-height: 80px; }
.actions { display: flex; gap: .75rem; justify-content: flex-end; }
button {
padding: .5rem 1.25rem; border: none; border-radius: 8px;
font-weight: 600; cursor: pointer;
}
.btn-primary { background: #0a7ea4; color: #fff; }
.btn-cancel { background: transparent; border: 1px solid #e2ebf0; color: #1a2e3b; }
.error { color: #c0392b; font-size: .85rem; }
</style>
<form>
<label>Title *<input name="title" required value="${wo.title || ''}"></label>
<div class="row">
<label>Priority
<select name="priority">
${['low','normal','high','urgent'].map(p =>
`<option value="${p}" ${wo.priority===p?'selected':''}>${p}</option>`).join('')}
</select>
</label>
<label>Site Name<input name="site_name" value="${wo.site_name || ''}"></label>
</div>
<label>Address<input name="address" value="${wo.address || ''}"></label>
<div class="row">
<label>Scheduled Start<input type="datetime-local" name="scheduled_start"
value="${wo.scheduled_start ? wo.scheduled_start.slice(0,16) : ''}"></label>
<label>Scheduled End<input type="datetime-local" name="scheduled_end"
value="${wo.scheduled_end ? wo.scheduled_end.slice(0,16) : ''}"></label>
</div>
<label>Description<textarea name="description">${wo.description || ''}</textarea></label>
<label>Instructions<textarea name="instructions">${wo.instructions || ''}</textarea></label>
<label>Access Notes<textarea name="access_notes">${wo.access_notes || ''}</textarea></label>
<div class="error" id="err"></div>
<div class="actions">
<button type="button" class="btn-cancel" id="cancel">Cancel</button>
<button type="submit" class="btn-primary">${this.#woId ? 'Save Changes' : 'Create Work Order'}</button>
</div>
</form>`;
this.shadowRoot.querySelector('#cancel').addEventListener('click', () =>
this.dispatchEvent(new CustomEvent('wo:cancel', { bubbles: true, composed: true })));
this.shadowRoot.querySelector('form').addEventListener('submit', async e => {
e.preventDefault();
// Read fields directly — Shadow DOM + FormData has unreliable browser support
const val = name => (this.shadowRoot.querySelector(`[name="${name}"]`)?.value ?? '').trim();
// datetime-local gives "YYYY-MM-DDTHH:MM"; convert to full ISO so Go can parse it
const dt = name => { const v = val(name); return v ? new Date(v).toISOString() : null; };
const body = {
title: val('title'),
priority: val('priority') || 'normal',
site_name: val('site_name'),
address: val('address'),
scheduled_start: dt('scheduled_start'),
scheduled_end: dt('scheduled_end'),
description: val('description'),
instructions: val('instructions'),
access_notes: val('access_notes'),
};
if (!body.title) {
this.shadowRoot.querySelector('#err').textContent = 'Title is required.';
return;
}
this.shadowRoot.querySelector('#err').textContent = '';
try {
const wo = this.#woId
? await api.put(`/work-orders/${this.#woId}`, body)
: await api.post('/work-orders', body);
this.dispatchEvent(new CustomEvent('wo:saved',
{ detail: { wo }, bubbles: true, composed: true }));
} catch (err) {
this.shadowRoot.querySelector('#err').textContent = err.message;
}
});
}
}
customElements.define('wo-form', WoForm);
web/components/wo-list.mjs
+66
View File
@@ -0,0 +1,66 @@
import { api } from '../lib/api.mjs';
class WoList extends HTMLElement {
#data = [];
connectedCallback() {
this.attachShadow({ mode: 'open' });
this.#load();
}
async #load() {
const status = this.getAttribute('filter-status') || '';
this.#data = await api.get(`/work-orders?status=${status}`) ?? [];
this.#render();
}
refresh() { this.#load(); }
#render() {
this.shadowRoot.innerHTML = `
<style>
:host { display: block; }
.empty { color: #64748b; text-align: center; padding: 3rem; }
.grid { display: grid; gap: .75rem; }
.card {
background: #fff; border: 1px solid #e2ebf0;
border-radius: 8px; padding: 1rem 1.25rem;
cursor: pointer; display: grid;
grid-template-columns: 1fr auto; gap: .25rem 1rem;
transition: box-shadow .15s;
}
.card:hover { box-shadow: 0 4px 12px rgba(0,0,0,.08); }
.wo-num { font-size: .75rem; color: #64748b; }
.title { font-weight: 600; }
.meta { font-size: .8rem; color: #64748b; }
.badge { display:inline-block; padding:.2rem .6rem; border-radius:999px;
font-size:.7rem; font-weight:700; text-transform:uppercase;
align-self: start; margin-top:.25rem; }
.draft { background:#e2e8f0; color:#475569; }
.assigned { background:#dbeafe; color:#1d4ed8; }
.scheduled { background:#fef3c7; color:#92400e; }
.in_progress { background:#d1fae5; color:#065f46; }
.pending_review { background:#ede9fe; color:#5b21b6; }
.closed { background:#f3f4f6; color:#6b7280; }
</style>
${this.#data.length === 0
? '<div class="empty">No work orders found.</div>'
: `<div class="grid">${this.#data.map(wo => `
<div class="card" data-id="${wo.id}">
<div>
<div class="wo-num">${wo.wo_number}</div>
<div class="title">${wo.title}</div>
<div class="meta">${wo.site_name || '—'} · ${wo.steps_done}/${wo.step_count} steps</div>
</div>
<span class="badge ${wo.status}">${wo.status.replace('_',' ')}</span>
</div>`).join('')}
</div>`}`;
this.shadowRoot.querySelectorAll('.card').forEach(c =>
c.addEventListener('click', () =>
this.dispatchEvent(new CustomEvent('wo:select',
{ detail: { id: +c.dataset.id }, bubbles: true, composed: true }))));
}
}
customElements.define('wo-list', WoList);
web/index.html
+19
View File
@@ -0,0 +1,19 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Work Orders</title>
<link rel="stylesheet" href="/styles/reset.css">
<link rel="stylesheet" href="/styles/global.css">
<!-- Keycloak JS adapter (served by Keycloak itself) -->
<script src="http://localhost:8180/js/keycloak.js"></script>
</head>
<body>
<div id="app">
<p style="padding:2rem;color:#64748b">Connecting to authentication server...</p>
</div>
<script type="module" src="/app.mjs"></script>
</body>
</html>
web/lib/api.mjs
+33
View File
@@ -0,0 +1,33 @@
const BASE = '/api';
let _token = '';
export function setToken(t) { _token = t; }
export function getToken() { return _token; }
async function request(method, path, body, isForm = false) {
const headers = { Authorization: `Bearer ${_token}` };
if (!isForm && body) headers['Content-Type'] = 'application/json';
const res = await fetch(BASE + path, {
method,
headers,
body: body ? (isForm ? body : JSON.stringify(body)) : undefined,
});
if (res.status === 401) {
window.dispatchEvent(new CustomEvent('auth:expired'));
return null;
}
const json = await res.json().catch(() => ({}));
if (!res.ok) throw new Error(json.error || `HTTP ${res.status}`);
return json.data;
}
export const api = {
get: (path) => request('GET', path),
post: (path, body) => request('POST', path, body),
put: (path, body) => request('PUT', path, body),
delete: (path) => request('DELETE', path),
upload: (path, form) => request('POST', path, form, true),
};
web/styles/global.css
+104
View File
@@ -0,0 +1,104 @@
:root {
--navy: #0d2137;
--accent: #0a7ea4;
--accent-lt: #14b8d4;
--surface: #ffffff;
--bg: #f0f6fa;
--border: #e2ebf0;
--text: #1a2e3b;
--muted: #64748b;
--danger: #c0392b;
--success: #1d9d6c;
--warning: #e07b39;
--radius: 8px;
--shadow: 0 2px 8px rgba(0,0,0,.08);
font-family: Calibri, 'Segoe UI', system-ui, sans-serif;
font-size: 16px;
color: var(--text);
background: var(--bg);
}
body { min-height: 100vh; }
a { color: var(--accent); text-decoration: none; }
a:hover { text-decoration: underline; }
button {
cursor: pointer;
border: none;
border-radius: var(--radius);
padding: .5rem 1rem;
background: var(--accent);
color: #fff;
font-weight: 600;
transition: opacity .15s;
}
button:hover { opacity: .85; }
button.secondary {
background: transparent;
border: 1px solid var(--border);
color: var(--text);
}
input, select, textarea {
border: 1px solid var(--border);
border-radius: var(--radius);
padding: .5rem .75rem;
width: 100%;
background: var(--surface);
color: var(--text);
transition: border-color .15s;
}
input:focus, select:focus, textarea:focus {
outline: none;
border-color: var(--accent);
}
.card {
background: var(--surface);
border: 1px solid var(--border);
border-radius: var(--radius);
padding: 1.25rem;
box-shadow: var(--shadow);
}
.badge {
display: inline-block;
padding: .2rem .6rem;
border-radius: 999px;
font-size: .75rem;
font-weight: 600;
text-transform: uppercase;
letter-spacing: .04em;
}
.badge-draft { background: #e2e8f0; color: #475569; }
.badge-assigned { background: #dbeafe; color: #1d4ed8; }
.badge-scheduled { background: #fef3c7; color: #92400e; }
.badge-in_progress { background: #d1fae5; color: #065f46; }
.badge-pending_review { background: #ede9fe; color: #5b21b6; }
.badge-closed { background: #f3f4f6; color: #6b7280; }
#app { max-width: 1200px; margin: 0 auto; padding: 0 1rem; }
nav {
background: var(--navy);
color: #fff;
padding: .75rem 1.5rem;
display: flex;
align-items: center;
gap: 1.5rem;
}
nav .brand { font-weight: 700; font-size: 1.1rem; color: #fff; }
nav a { color: rgba(255,255,255,.8); font-size: .9rem; }
nav a:hover { color: #fff; text-decoration: none; }
nav .spacer { flex: 1; }
nav .user-info { font-size: .85rem; color: rgba(255,255,255,.7); }
.page-header {
display: flex;
align-items: center;
justify-content: space-between;
padding: 1.5rem 0 1rem;
}
.page-header h1 { font-size: 1.4rem; }
web/styles/reset.css
+6
View File
@@ -0,0 +1,6 @@
*, *::before, *::after { box-sizing: border-box; margin: 0; padding: 0; }
html { -webkit-text-size-adjust: 100%; }
body { line-height: 1.5; -webkit-font-smoothing: antialiased; }
img, svg { display: block; max-width: 100%; }
input, button, textarea, select { font: inherit; }
p, h1, h2, h3, h4, h5, h6 { overflow-wrap: break-word; }