fix: potential context leak

Add BE validator
Sending invoice from the BE
2024-10-03 23:41:39 +02:00 · 2024-08-27 14:38:37 +02:00 · 2024-08-27 13:52:36 +02:00 · 2024-08-27 13:28:11 +02:00 · 2024-08-26 23:06:29 +02:00 · 2024-08-26 22:49:10 +02:00
35 changed files with 1543 additions and 62 deletions
--- a/.gitignore
+++ b/.gitignore
@ -6,3 +6,4 @@ cred.txt
 dist/
 .air.toml
 tmp/
+invoices/
--- a/24
+++ b/24
@ -5,7 +5,7 @@ API_PORT=4001
 DSN=vinchent:secret@tcp(localhost:3306)/widgets?parseTime=true&tls=false

 ## build: builds all binaries
-build: clean build_front build_back
+build: clean build_front build_back build_invoice
 	@printf "All binaries built!\n"

 ## clean: cleans all binaries and runs go clean
@ -15,6 +15,12 @@ clean:
 	@go clean
 	@echo "Cleaned!"

+## build_invoice: builds the invoice microservice
+build_invoice:
+	@echo "Building invoice microservice..."
+	@go build -o dist/invoice ./cmd/micro/invoice
+	@echo "Invoice microservice built!"
+
 ## build_front: builds the front end
 build_front:
 	@echo "Building front end..."
@ -28,8 +34,14 @@ build_back:
 	@echo "Back end built!"

 ## start: starts front and back end
-start: start_front start_back
+start: start_front start_back start_invoice
 	
+## start_invoice: starts the invoice microservice
+start_invoice: build_invoice
+	@echo "Starting the invoice microservice..."
+	@./dist/invoice &
+	@echo "invoice microservice running!"
+
 ## start_front: starts the front end
 start_front: build_front
 	@echo "Starting the front end..."
@ -43,9 +55,15 @@ start_back: build_back
 	@echo "Back end running!"

 ## stop: stops the front and back end
-stop: stop_front stop_back
+stop: stop_front stop_back stop_invoice
 	@echo "All applications stopped"

+## stop_invoice: stops the invoice microservice
+stop_invoice:
+	@echo "Stopping the invoice microservice..."
+	@-pkill -SIGTERM -f "invoice"
+	@echo "Stopped invoice microservice"
+
 ## stop_front: stops the front end
 stop_front:
 	@echo "Stopping the front end..."
--- a/cmd/api/handlers-api.go
+++ b/cmd/api/handlers-api.go
@ -1,6 +1,7 @@
 package main

 import (
+	"bytes"
 	"encoding/json"
 	"errors"
 	"fmt"
@ -8,6 +9,7 @@ import (
 	"myapp/internal/cards/encryption"
 	"myapp/internal/models"
 	"myapp/internal/urlsigner"
+	"myapp/internal/validator"
 	"net/http"
 	"strconv"
 	"strings"
@ -33,7 +35,7 @@ type stripePayload struct {
 	LastName      string `json:"last_name"`
 }

-type jsonResponse struct {
+type JSONResponse struct {
 	OK      bool   `json:"ok"`
 	Message string `json:"message,omitempty"`
 	Content string `json:"content,omitempty"`
@ -63,7 +65,7 @@ func (app *application) GetPaymentIntent(w http.ResponseWriter, r *http.Request)

 	pi, msg, err := card.Charge(payload.Currency, amount)
 	if err != nil {
-		j := jsonResponse{
+		j := JSONResponse{
 			OK:      false,
 			Message: msg,
 			Content: "",
@ -103,6 +105,17 @@ func (app *application) GetWidgetByID(w http.ResponseWriter, r *http.Request) {
 	w.Write(out)
 }

+type Invoice struct {
+	ID        int       `json:"id"`
+	Quantity  int       `json:"quantity"`
+	Amount    int       `json:"amount"`
+	Product   string    `json:"product"`
+	FirstName string    `json:"first_name"`
+	LastName  string    `json:"last_name"`
+	Email     string    `json:"email"`
+	CreatedAt time.Time `json:"created_at"`
+}
+
 func (app *application) CreateCustomerAndSubscribeToPlan(w http.ResponseWriter, r *http.Request) {
 	var data stripePayload

@ -112,6 +125,14 @@ func (app *application) CreateCustomerAndSubscribeToPlan(w http.ResponseWriter,
 		return
 	}

+	// validate data
+	v := validator.New()
+	v.Check(len(data.FirstName) > 1, "first_name", "must be at least 2 characters")
+	if !v.Valid() {
+		app.failedValidation(w, r, v.Errors)
+		return
+	}
+
 	app.infoLog.Println(data.Email, data.LastFour, data.PaymentMethod, data.Plan)

 	card := cards.Card{
@ -183,14 +204,30 @@ func (app *application) CreateCustomerAndSubscribeToPlan(w http.ResponseWriter,
 			Amount:        amount,
 		}

-		_, err = app.SaveOrder(order)
+		orderID, err := app.SaveOrder(order)
 		if err != nil {
 			app.errorLog.Println(err)
 			return
 		}
+
+		inv := Invoice{
+			ID:        orderID,
+			Quantity:  order.Quantity,
+			Amount:    order.Amount,
+			Product:   "Bronze Plan",
+			FirstName: data.FirstName,
+			LastName:  data.LastName,
+			Email:     data.Email,
+			CreatedAt: time.Now(),
+		}
+		err = app.callInvoiceMicro(inv)
+		if err != nil {
+			app.errorLog.Println(err)
+			// Don't stop the program
+		}
 	}

-	resp := jsonResponse{
+	resp := JSONResponse{
 		OK:      okay,
 		Message: txnMsg,
 	}
@ -205,6 +242,30 @@ func (app *application) CreateCustomerAndSubscribeToPlan(w http.ResponseWriter,
 	w.Write(out)
 }

+func (app *application) callInvoiceMicro(inv Invoice) error {
+	// TODO: Do not hard code this.
+	url := "http://localhost:5000/invoice/create-and-send"
+	out, err := json.MarshalIndent(inv, "", "\t")
+	if err != err {
+		return err
+	}
+
+	req, err := http.NewRequest("POST", url, bytes.NewBuffer(out))
+	if err != nil {
+		return nil
+	}
+	req.Header.Set("Content-Type", "application/json")
+	client := &http.Client{}
+	resp, err := client.Do(req)
+	if err != nil {
+		return err
+	}
+	defer resp.Body.Close()
+	app.infoLog.Println(resp.Body)
+
+	return nil
+}
+
 func (app *application) SaveCustomer(firstName, lastName, email string) (int, error) {
 	customer := models.Customer{
 		FirstName: firstName,
@ -340,7 +401,7 @@ func (app *application) CheckAuthentication(w http.ResponseWriter, r *http.Reque
 	}

 	// valid user
-	var payload jsonResponse
+	var payload JSONResponse
 	payload.OK = true
 	payload.Message = fmt.Sprintf("authenticated user %s", user.Email)
 	app.writeJSON(w, http.StatusOK, payload)
@ -403,6 +464,7 @@ func (app *application) VirtualTerminalPaymentSucceeded(w http.ResponseWriter, r
 	_, err = app.SaveTransaction(txn)
 	if err != nil {
 		app.badRequest(w, r, err)
+		return
 	}

 	app.writeJSON(w, http.StatusOK, txn)
@ -422,7 +484,7 @@ func (app *application) SendPasswordResetEmail(w http.ResponseWriter, r *http.Re
 	// verify that email exists
 	_, err = app.DB.GetUserByEmail(payload.Email)
 	if err != nil {
-		resp := jsonResponse{
+		resp := JSONResponse{
 			OK:      false,
 			Message: "No matching email found on our system",
 		}
@ -457,7 +519,7 @@ func (app *application) SendPasswordResetEmail(w http.ResponseWriter, r *http.Re
 		return
 	}

-	resp := jsonResponse{
+	resp := JSONResponse{
 		OK: true,
 	}

@ -508,7 +570,7 @@ func (app *application) ResetPassword(w http.ResponseWriter, r *http.Request) {
 		return
 	}

-	resp := jsonResponse{
+	resp := JSONResponse{
 		OK:      true,
 		Message: "Password reset.",
 	}
@ -522,12 +584,20 @@ func (app *application) AllSales(w http.ResponseWriter, r *http.Request) {
 	}
 	err := app.readJSON(w, r, &payload)
 	if err != nil {
+		app.errorLog.Println(err)
 		app.badRequest(w, r, err)
+		return
 	}

-	allSales, lastPage, totalRecords, err := app.DB.GetAllOrdersPaginated(false, 2, 1)
+	allSales, lastPage, totalRecords, err := app.DB.GetAllOrdersPaginated(
+		false,
+		payload.PageSize,
+		payload.CurrentPage,
+	)
 	if err != nil {
+		app.errorLog.Println(err)
 		app.badRequest(w, r, err)
+		return
 	}

 	var resp struct {
@ -538,7 +608,7 @@ func (app *application) AllSales(w http.ResponseWriter, r *http.Request) {
 		Orders       []*models.Order `json:"orders"`
 	}

-	resp.CurrentPage = 1
+	resp.CurrentPage = payload.CurrentPage
 	resp.PageSize = payload.PageSize
 	resp.LastPage = lastPage
 	resp.TotalRecords = totalRecords
@ -548,11 +618,43 @@ func (app *application) AllSales(w http.ResponseWriter, r *http.Request) {
 }

 func (app *application) AllSubscriptions(w http.ResponseWriter, r *http.Request) {
-	allSubscriptions, err := app.DB.GetAllOrders(true)
-	if err != nil {
-		app.badRequest(w, r, err)
+	var payload struct {
+		PageSize    int `json:"page_size"`
+		CurrentPage int `json:"page"`
 	}
-	app.writeJSON(w, http.StatusOK, allSubscriptions)
+	err := app.readJSON(w, r, &payload)
+	if err != nil {
+		app.errorLog.Println(err)
+		app.badRequest(w, r, err)
+		return
+	}
+
+	allSales, lastPage, totalRecords, err := app.DB.GetAllOrdersPaginated(
+		true,
+		payload.PageSize,
+		payload.CurrentPage,
+	)
+	if err != nil {
+		app.errorLog.Println(err)
+		app.badRequest(w, r, err)
+		return
+	}
+
+	var resp struct {
+		CurrentPage  int             `json:"current_page"`
+		PageSize     int             `json:"page_size"`
+		LastPage     int             `json:"last_page"`
+		TotalRecords int             `json:"total_records"`
+		Orders       []*models.Order `json:"orders"`
+	}
+
+	resp.CurrentPage = payload.CurrentPage
+	resp.PageSize = payload.PageSize
+	resp.LastPage = lastPage
+	resp.TotalRecords = totalRecords
+	resp.Orders = allSales
+
+	app.writeJSON(w, http.StatusOK, resp)
 }

 func (app *application) GetSale(w http.ResponseWriter, r *http.Request) {
@ -562,6 +664,7 @@ func (app *application) GetSale(w http.ResponseWriter, r *http.Request) {
 	order, err := app.DB.GetOrderByID(orderID)
 	if err != nil {
 		app.badRequest(w, r, err)
+		return
 	}
 	app.writeJSON(w, http.StatusOK, order)
 }
@ -607,7 +710,7 @@ func (app *application) RefundCharge(w http.ResponseWriter, r *http.Request) {
 		return
 	}

-	var resp jsonResponse
+	var resp JSONResponse
 	resp.OK = true
 	resp.Message = "Charge refunded"

@ -654,9 +757,100 @@ func (app *application) CancelSubscription(w http.ResponseWriter, r *http.Reques
 		return
 	}

-	var resp jsonResponse
+	var resp JSONResponse
 	resp.OK = true
 	resp.Message = "Subscription canceled"

 	app.writeJSON(w, http.StatusOK, resp)
 }
+
+func (app *application) AllUsers(w http.ResponseWriter, r *http.Request) {
+	allUsers, err := app.DB.GetAllUsers()
+	if err != nil {
+		app.errorLog.Println(err)
+		app.badRequest(w, r, err)
+		return
+	}
+	app.writeJSON(w, http.StatusOK, allUsers)
+}
+
+func (app *application) OneUser(w http.ResponseWriter, r *http.Request) {
+	id := chi.URLParam(r, "id")
+	userID, _ := strconv.Atoi(id)
+	user, err := app.DB.GetOneUser(userID)
+	if err != nil {
+		app.errorLog.Println(err)
+		app.badRequest(w, r, err)
+		return
+	}
+	app.writeJSON(w, http.StatusOK, user)
+}
+
+func (app *application) EditUser(w http.ResponseWriter, r *http.Request) {
+	id := chi.URLParam(r, "id")
+	userID, _ := strconv.Atoi(id)
+
+	var user models.User
+	err := app.readJSON(w, r, &user)
+	if err != nil {
+		app.errorLog.Println(err)
+		app.badRequest(w, r, err)
+		return
+	}
+
+	if userID > 0 {
+		err = app.DB.EditUser(user)
+		if err != nil {
+			app.errorLog.Println(err)
+			app.badRequest(w, r, err)
+			return
+		}
+
+		if user.Password != "" {
+			newHash, err := bcrypt.GenerateFromPassword([]byte(user.Password), 12)
+			if err != nil {
+				app.errorLog.Println(err)
+				app.badRequest(w, r, err)
+				return
+			}
+
+			err = app.DB.UpdatePasswordForUser(user, string(newHash))
+			if err != nil {
+				app.errorLog.Println(err)
+				app.badRequest(w, r, err)
+				return
+			}
+		}
+	} else {
+		newHash, err := bcrypt.GenerateFromPassword([]byte(user.Password), 12)
+		if err != nil {
+			app.errorLog.Println(err)
+			app.badRequest(w, r, err)
+			return
+		}
+		err = app.DB.AddUser(user, string(newHash))
+		if err != nil {
+			app.errorLog.Println(err)
+			app.badRequest(w, r, err)
+			return
+		}
+	}
+
+	var resp JSONResponse
+	resp.OK = true
+	app.writeJSON(w, http.StatusOK, resp)
+}
+
+func (app *application) DeleteUser(w http.ResponseWriter, r *http.Request) {
+	id := chi.URLParam(r, "id")
+	userID, _ := strconv.Atoi(id)
+	err := app.DB.DeleteUser(userID)
+	if err != nil {
+		app.errorLog.Println(err)
+		app.badRequest(w, r, err)
+		return
+	}
+	var resp JSONResponse
+	resp.OK = true
+	app.writeJSON(w, http.StatusOK, resp)
+}
--- a/cmd/api/helpers.go
+++ b/cmd/api/helpers.go
@ -53,7 +53,7 @@ func (app *application) writeJSON(
 }

 func (app *application) badRequest(w http.ResponseWriter, r *http.Request, err error) error {
-	var payload jsonResponse
+	var payload JSONResponse

 	payload.OK = false
 	payload.Message = err.Error()
@ -70,7 +70,7 @@ func (app *application) badRequest(w http.ResponseWriter, r *http.Request, err e
 }

 func (app *application) invalidCredentials(w http.ResponseWriter) error {
-	var payload jsonResponse
+	var payload JSONResponse
 	payload.OK = false
 	payload.Message = "invalid authentication credentials"

@ -95,3 +95,20 @@ func (app *application) passwordMatches(hash, password string) (bool, error) {

 	return true, nil
 }
+
+func (app *application) failedValidation(
+	w http.ResponseWriter,
+	r *http.Request,
+	errors map[string]string,
+) {
+	var payload struct {
+		OK      bool              `json:"ok"`
+		Message string            `json:"message"`
+		Errors  map[string]string `json:"errors"`
+	}
+
+	payload.OK = false
+	payload.Message = "failed validation"
+	payload.Errors = errors
+	app.writeJSON(w, http.StatusUnprocessableEntity, payload)
+}
--- a/cmd/api/routes-api.go
+++ b/cmd/api/routes-api.go
@ -37,6 +37,10 @@ func (app *application) routes() http.Handler {
 		mux.Post("/get-sale/{id}", app.GetSale)
 		mux.Post("/refund", app.RefundCharge)
 		mux.Post("/cancel-subscription", app.CancelSubscription)
+		mux.Post("/all-users", app.AllUsers)
+		mux.Post("/all-users/{id}", app.OneUser)
+		mux.Post("/all-users/edit/{id}", app.EditUser)
+		mux.Post("/all-users/delete/{id}", app.DeleteUser)
 	})
 	mux.Post("/api/forgot-password", app.SendPasswordResetEmail)
 	mux.Post("/api/reset-password", app.ResetPassword)
--- a/cmd/micro/invoice/email-templates/invoice.html.gohtml
+++ b/cmd/micro/invoice/email-templates/invoice.html.gohtml
@ -0,0 +1,18 @@
+{{ define "body" }}
+<!DOCTYPE html>
+<html>
+    <head>
+        <meta name="viewport" content="width=device-width">
+        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+    </head>
+    <body>
+        <p>Hello:</p>
+        <p>Please find your invoice attached.</p>
+        <p>
+            --
+            <br>
+            Widget Co.
+        </p>
+    </body>
+</html>
+{{ end }}
--- a/cmd/micro/invoice/email-templates/invoice.plain.gohtml
+++ b/cmd/micro/invoice/email-templates/invoice.plain.gohtml
@ -0,0 +1,9 @@
+{{ define "body" }}
+Hello:
+
+Please find your invoice attached.
+
+--
+Widget Co.
+{{ end }}
+
--- a/cmd/micro/invoice/helpers.go
+++ b/cmd/micro/invoice/helpers.go
@ -0,0 +1,86 @@
+package main
+
+import (
+	"encoding/json"
+	"errors"
+	"io"
+	"net/http"
+	"os"
+)
+
+type JSONResponse struct {
+	OK      bool   `json:"ok"`
+	Message string `json:"message,omitempty"`
+}
+
+func (app *application) readJSON(w http.ResponseWriter, r *http.Request, data interface{}) error {
+	maxBytes := 1048576
+
+	r.Body = http.MaxBytesReader(w, r.Body, int64(maxBytes))
+
+	dec := json.NewDecoder(r.Body)
+	err := dec.Decode(data)
+	if err != nil {
+		return err
+	}
+
+	// Make sure there is only one entry.
+	err = dec.Decode(&struct{}{})
+	if err != io.EOF {
+		return errors.New("body must only have a single JSON value")
+	}
+
+	return nil
+}
+
+// writeJSON writes arbitrary data out as JSON
+func (app *application) writeJSON(
+	w http.ResponseWriter,
+	status int, data interface{},
+	headers ...http.Header,
+) error {
+	out, err := json.MarshalIndent(data, "", "\t")
+	if err != nil {
+		return err
+	}
+
+	if len(headers) > 0 {
+		for k, v := range headers[0] {
+			w.Header()[k] = v
+		}
+	}
+
+	w.Header().Set("Content-Type", "application/json")
+	w.WriteHeader(status)
+	w.Write(out)
+	return nil
+}
+
+func (app *application) badRequest(w http.ResponseWriter, r *http.Request, err error) error {
+	var payload JSONResponse
+
+	payload.OK = false
+	payload.Message = err.Error()
+
+	out, err := json.MarshalIndent(payload, "", "\t")
+	if err != nil {
+		return err
+	}
+
+	w.Header().Set("Content-Type", "application/json")
+	w.WriteHeader(http.StatusBadGateway)
+	w.Write(out)
+	return nil
+}
+
+func (app *application) CreateDirIfNotExist(path string) error {
+	const mode = 0755
+	if _, err := os.Stat(path); os.IsNotExist(err) {
+		err := os.Mkdir(path, mode)
+		if err != nil {
+			app.errorLog.Println(err)
+			return err
+		}
+	}
+	return nil
+}
--- a/cmd/micro/invoice/invoice-handlers.go
+++ b/cmd/micro/invoice/invoice-handlers.go
@ -0,0 +1,159 @@
+package main
+
+import (
+	"fmt"
+	"net/http"
+	"time"
+
+	"github.com/phpdave11/gofpdf"
+	"github.com/phpdave11/gofpdf/contrib/gofpdi"
+)
+
+type Order struct {
+	ID        int       `json:"id"`
+	Quantity  int       `json:"quantity"`
+	Amount    int       `json:"amount"`
+	Product   string    `json:"product"`
+	FirstName string    `json:"first_name"`
+	LastName  string    `json:"last_name"`
+	Email     string    `json:"email"`
+	CreatedAt time.Time `json:"created_at"`
+}
+
+func (app *application) CreateAndSendInvoice(w http.ResponseWriter, r *http.Request) {
+	// receive json
+	var order Order
+
+	err := app.readJSON(w, r, &order)
+	if err != nil {
+		app.badRequest(w, r, err)
+		return
+	}
+	app.infoLog.Println(order)
+
+	// generate a pdf invoice
+	err = app.createInvoicePDF(order)
+	if err != nil {
+		app.badRequest(w, r, err)
+		return
+	}
+
+	// create mail attachment
+	attachments := []string{
+		fmt.Sprintf("./invoices/%d.pdf", order.ID),
+	}
+
+	// send mail with attachment
+	err = app.SendMail("info@widgets.com", order.Email, "Your invoice", "invoice", attachments, nil)
+	if err != nil {
+		app.badRequest(w, r, err)
+		return
+	}
+
+	// send response
+	var resp JSONResponse
+	resp.OK = true
+	resp.Message = fmt.Sprintf("Invoice %d.pdf created and sent to %s", order.ID, order.Email)
+	app.writeJSON(w, http.StatusCreated, resp)
+}
+
+func (app *application) createInvoicePDF(order Order) error {
+	pdf := gofpdf.New("P", "mm", "Letter", "")
+	pdf.SetMargins(10, 13, 10)
+	pdf.SetAutoPageBreak(true, 0)
+
+	importer := gofpdi.NewImporter()
+
+	t := importer.ImportPage(pdf, "./pdf-templates/invoice.pdf", 1, "/MediaBox")
+
+	pdf.AddPage()
+	importer.UseImportedTemplate(pdf, t, 0, 0, 215.9, 0)
+
+	pdf.SetY(20)
+
+	// write info
+	pdf.SetY(50)
+	pdf.SetX(10)
+	pdf.SetFont("Times", "", 11)
+	pdf.CellFormat(
+		97,
+		8,
+		fmt.Sprintf("Attention: %s %s", order.FirstName, order.LastName),
+		"",
+		0,
+		"L",
+		false,
+		0,
+		"",
+	)
+	pdf.Ln(5)
+	pdf.CellFormat(
+		97,
+		8,
+		order.Email,
+		"",
+		0,
+		"L",
+		false,
+		0,
+		"",
+	)
+	pdf.Ln(5)
+	pdf.CellFormat(
+		97,
+		8,
+		order.CreatedAt.Format("2006-01-02"),
+		"",
+		0,
+		"L",
+		false,
+		0,
+		"",
+	)
+
+	pdf.SetX(58)
+	pdf.SetY(93)
+	pdf.CellFormat(
+		155,
+		8,
+		order.Product,
+		"",
+		0,
+		"L",
+		false,
+		0,
+		"",
+	)
+	pdf.SetX(166)
+	pdf.CellFormat(
+		20,
+		8,
+		fmt.Sprintf("%d", order.Quantity),
+		"",
+		0,
+		"C",
+		false,
+		0,
+		"",
+	)
+
+	pdf.SetX(185)
+	pdf.CellFormat(
+		20,
+		8,
+		fmt.Sprintf("$%.2f", float32(order.Amount)/100.0),
+		"",
+		0,
+		"R",
+		false,
+		0,
+		"",
+	)
+
+	invoicePath := fmt.Sprintf("./invoices/%d.pdf", order.ID)
+	err := pdf.OutputFileAndClose(invoicePath)
+	if err != nil {
+		return err
+	}
+	return nil
+}
--- a/cmd/micro/invoice/invoice-routes.go
+++ b/cmd/micro/invoice/invoice-routes.go
@ -0,0 +1,23 @@
+package main
+
+import (
+	"net/http"
+
+	"github.com/go-chi/chi/v5"
+	"github.com/go-chi/cors"
+)
+
+func (app *application) routes() http.Handler {
+	mux := chi.NewRouter()
+
+	mux.Use(cors.Handler(cors.Options{
+		AllowedOrigins:   []string{"https://*", "http://*"},
+		AllowedMethods:   []string{"GET", "POST", "PUT", "DELETE", "OPTIONS"},
+		AllowedHeaders:   []string{"Accept", "Authorization", "Content-Type", "X-CSRF-Token"},
+		AllowCredentials: false,
+		MaxAge:           300,
+	}))
+
+	mux.Post("/invoice/create-and-send", app.CreateAndSendInvoice)
+	return mux
+}
--- a/cmd/micro/invoice/invoice.go
+++ b/cmd/micro/invoice/invoice.go
@ -0,0 +1,79 @@
+package main
+
+import (
+	"flag"
+	"fmt"
+	"log"
+	"net/http"
+	"os"
+	"time"
+)
+
+const (
+	version = "1.0.0"
+)
+
+type config struct {
+	port int
+	smtp struct {
+		host     string
+		port     int
+		username string
+		password string
+	}
+	frontend string
+}
+
+type application struct {
+	config   config
+	infoLog  *log.Logger
+	errorLog *log.Logger
+	version  string
+}
+
+func (app *application) serve() error {
+	srv := &http.Server{
+		Addr:              fmt.Sprintf(":%d", app.config.port),
+		Handler:           app.routes(),
+		IdleTimeout:       30 * time.Second,
+		ReadTimeout:       10 * time.Second,
+		ReadHeaderTimeout: 5 * time.Second,
+		WriteTimeout:      5 * time.Second,
+	}
+
+	app.infoLog.Printf(
+		"Starting invoice microservice on port %d",
+		app.config.port,
+	)
+	return srv.ListenAndServe()
+}
+
+func main() {
+	var cfg config
+
+	flag.IntVar(&cfg.port, "port", 5000, "Server port to listen on")
+	flag.StringVar(&cfg.smtp.host, "smtphost", "0.0.0.0", "smtp host")
+	flag.IntVar(&cfg.smtp.port, "smtpport", 1025, "smtp host")
+	flag.StringVar(&cfg.smtp.username, "smtpuser", "user", "smtp user")
+	flag.StringVar(&cfg.smtp.password, "smtppwd", "password", "smtp password")
+	flag.StringVar(&cfg.frontend, "frontend", "http://localhost:4000", "frontend address")
+
+	flag.Parse()
+
+	infoLog := log.New(os.Stdout, "INFO\t", log.Ldate|log.Ltime)
+	errorLog := log.New(os.Stdout, "ERROR\t", log.Ldate|log.Ltime|log.Lshortfile)
+
+	app := &application{
+		version:  version,
+		config:   cfg,
+		infoLog:  infoLog,
+		errorLog: errorLog,
+	}
+
+	app.CreateDirIfNotExist("./invoices")
+
+	err := app.serve()
+	if err != nil {
+		log.Fatal(err)
+	}
+}
--- a/cmd/micro/invoice/mailer.go
+++ b/cmd/micro/invoice/mailer.go
@ -0,0 +1,88 @@
+package main
+
+import (
+	"bytes"
+	"embed"
+	"fmt"
+	"text/template"
+	"time"
+
+	mail "github.com/xhit/go-simple-mail/v2"
+)
+
+//go:embed email-templates
+var emailTemplateFS embed.FS
+
+func (app *application) SendMail(
+	from, to, subject, tmpl string,
+	attachments []string,
+	data interface{},
+) error {
+	templateToRender := fmt.Sprintf("email-templates/%s.html.gohtml", tmpl)
+
+	t, err := template.New("email-html").ParseFS(emailTemplateFS, templateToRender)
+	if err != nil {
+		app.errorLog.Println(err)
+		return err
+	}
+
+	var tpl bytes.Buffer
+	if err = t.ExecuteTemplate(&tpl, "body", data); err != nil {
+		app.errorLog.Println(err)
+		return err
+	}
+
+	formattedMessage := tpl.String()
+
+	templateToRender = fmt.Sprintf("email-templates/%s.plain.gohtml", tmpl)
+	t, err = template.New("email-plain").ParseFS(emailTemplateFS, templateToRender)
+	if err != nil {
+		app.errorLog.Println(err)
+		return err
+	}
+	if err = t.ExecuteTemplate(&tpl, "body", data); err != nil {
+		app.errorLog.Println(err)
+		return err
+	}
+
+	plainMessage := tpl.String()
+
+	app.infoLog.Println(formattedMessage, plainMessage)
+
+	// send the mail
+	server := mail.NewSMTPClient()
+	server.Host = app.config.smtp.host
+	server.Port = app.config.smtp.port
+	// NOTE: not needed for MailHog
+	// server.Username = app.config.smtp.username
+	// server.Password = app.config.smtp.password
+	// server.Encryption = mail.EncryptionTLS
+	server.KeepAlive = false
+	server.ConnectTimeout = 10 * time.Second
+	server.SendTimeout = 10 * time.Second
+
+	smtpClient, err := server.Connect()
+	if err != nil {
+		return err
+	}
+	email := mail.NewMSG()
+	email.SetFrom(from).AddTo(to).SetSubject(subject)
+	email.SetBody(mail.TextHTML, formattedMessage)
+	email.AddAlternative(mail.TextPlain, plainMessage)
+
+	if len(attachments) > 0 {
+		for _, x := range attachments {
+			email.AddAttachment(x)
+		}
+	}
+
+	err = email.Send(smtpClient)
+	if err != nil {
+		app.errorLog.Println(err)
+		return err
+	}
+
+	app.infoLog.Println("send mail")
+
+	return nil
+}
--- a/cmd/web/handlers.go
+++ b/cmd/web/handlers.go
@ -1,6 +1,8 @@
 package main

 import (
+	"bytes"
+	"encoding/json"
 	"fmt"
 	"myapp/internal/cards"
 	"myapp/internal/cards/encryption"
@ -8,6 +10,7 @@ import (
 	"myapp/internal/urlsigner"
 	"net/http"
 	"strconv"
+	"time"

 	"github.com/go-chi/chi/v5"
 )
@ -95,6 +98,17 @@ func (app *application) GetTransactionData(r *http.Request) (TransactionData, er
 	return txnData, nil
 }

+type Invoice struct {
+	ID        int       `json:"id"`
+	Quantity  int       `json:"quantity"`
+	Amount    int       `json:"amount"`
+	Product   string    `json:"product"`
+	FirstName string    `json:"first_name"`
+	LastName  string    `json:"last_name"`
+	Email     string    `json:"email"`
+	CreatedAt time.Time `json:"created_at"`
+}
+
 func (app *application) PaymentSucceeded(w http.ResponseWriter, r *http.Request) {
 	// read posted data
 	err := r.ParseForm()
@ -150,6 +164,24 @@ func (app *application) PaymentSucceeded(w http.ResponseWriter, r *http.Request)
 		app.errorLog.Println(err)
 		return
 	}
+	// call microservice
+	inv := Invoice{
+		ID:        orderID,
+		Quantity:  order.Quantity,
+		Amount:    order.Amount,
+		Product:   "Widget",
+		FirstName: txnData.FirstName,
+		LastName:  txnData.LastName,
+		Email:     txnData.Email,
+		CreatedAt: time.Now(),
+	}
+
+	err = app.callInvoiceMicro(inv)
+	if err != nil {
+		app.errorLog.Println(err)
+		// Don't stop the program
+	}
+
 	app.infoLog.Printf("order id: %d", orderID)

 	app.Session.Put(r.Context(), "txn", txnData)
@ -157,6 +189,30 @@ func (app *application) PaymentSucceeded(w http.ResponseWriter, r *http.Request)
 	http.Redirect(w, r, "/receipt", http.StatusSeeOther)
 }

+func (app *application) callInvoiceMicro(inv Invoice) error {
+	// TODO: Do not hard code this.
+	url := "http://localhost:5000/invoice/create-and-send"
+	out, err := json.MarshalIndent(inv, "", "\t")
+	if err != err {
+		return err
+	}
+
+	req, err := http.NewRequest("POST", url, bytes.NewBuffer(out))
+	if err != nil {
+		return nil
+	}
+	req.Header.Set("Content-Type", "application/json")
+	client := &http.Client{}
+	resp, err := client.Do(req)
+	if err != nil {
+		return err
+	}
+	defer resp.Body.Close()
+	app.infoLog.Println(resp.Body)
+
+	return nil
+}
+
 func (app *application) VirtualTerminalPaymentSucceeded(w http.ResponseWriter, r *http.Request) {
 	txnData, err := app.GetTransactionData(r)
 	if err != nil {
@ -389,7 +445,7 @@ func (app *application) ShowSale(w http.ResponseWriter, r *http.Request) {
 	stringMap["refund-badge"] = "Refunded"

 	intMap := make(map[string]int)
-	intMap["isRefund"] = 1
+	intMap["is-refund"] = 1

 	if err := app.renderTemplate(w, r, "sale", &templateData{
 		StringMap: stringMap,
@ -417,3 +473,15 @@ func (app *application) ShowSubscriptions(w http.ResponseWriter, r *http.Request
 		app.errorLog.Println(err)
 	}
 }
+
+func (app *application) AllUsers(w http.ResponseWriter, r *http.Request) {
+	if err := app.renderTemplate(w, r, "all-users", &templateData{}); err != nil {
+		app.errorLog.Println(err)
+	}
+}
+
+func (app *application) OneUser(w http.ResponseWriter, r *http.Request) {
+	if err := app.renderTemplate(w, r, "one-user", &templateData{}); err != nil {
+		app.errorLog.Println(err)
+	}
+}
--- a/cmd/web/main.go
+++ b/cmd/web/main.go
@ -119,6 +119,8 @@ func main() {
 		Session:       session,
 	}

+	go app.ListenToWsChannel()
+
 	app.infoLog.Println("Connected to MariaDB")

 	err = app.serve()
--- a/cmd/web/render.go
+++ b/cmd/web/render.go
@ -20,6 +20,7 @@ type templateData struct {
 	API             string
 	CSSVersion      string
 	IsAuthenticated int
+	UserID          int
 	StripeSecretKey string
 	StripePubKey    string
 }
@ -43,6 +44,7 @@ func (app *application) addDefaultData(td *templateData, r *http.Request) *templ

 	if app.Session.Exists(r.Context(), "userID") {
 		td.IsAuthenticated = 1
+		td.UserID = app.Session.GetInt(r.Context(), "userID")
 	} else {
 		td.IsAuthenticated = 0
 	}
--- a/cmd/web/routes.go
+++ b/cmd/web/routes.go
@ -12,6 +12,8 @@ func (app *application) routes() http.Handler {

 	mux.Get("/", app.Home)

+	mux.Get("/ws", app.WsEndPoint)
+
 	mux.Route("/admin", func(mux chi.Router) {
 		mux.Use(app.Auth)
 		mux.Get("/virtual-terminal", app.VirtualTerminal)
@ -19,6 +21,8 @@ func (app *application) routes() http.Handler {
 		mux.Get("/all-subscriptions", app.AllSubscriptions)
 		mux.Get("/sales/{id}", app.ShowSale)
 		mux.Get("/subscriptions/{id}", app.ShowSubscriptions)
+		mux.Get("/all-users", app.AllUsers)
+		mux.Get("/all-users/{id}", app.OneUser)
 	})

 	// mux.Post("/virtual-terminal-payment-succeeded", app.VirtualTerminalPaymentSucceeded)
--- a/cmd/web/templates/all-sales.page.gohtml
+++ b/cmd/web/templates/all-sales.page.gohtml
@ -18,10 +18,21 @@ All Sales
    <tbody>
    </tbody>
 </table>
+<nav>
+    <ul id="paginator" class="pagination">
+    </ul>
+</nav>
 {{ end }}
 {{ define "js" }}
 <script type="module">
-    import {showTable} from "/static/js/all-sales.js"
-    showTable({{.API}});
+    import {pageSize} from "/static/js/common.js"
+    import {showTable, currentPage} from "/static/js/all-sales.js"
+
+    let curPage = currentPage;
+    if (sessionStorage.getItem("cur-page") !== null) {
+        curPage = sessionStorage.getItem("cur-page");
+        sessionStorage.removeItem("cur-page");
+    }
+    showTable({{.API}}, pageSize, curPage);
 </script>
 {{ end }}
--- a/cmd/web/templates/all-subscriptions.page.gohtml
+++ b/cmd/web/templates/all-subscriptions.page.gohtml
@ -20,11 +20,22 @@ All Subscriptions
    <tbody>
    </tbody>
 </table>
+<nav>
+    <ul id="paginator" class="pagination">
+    </ul>
+</nav>
 {{end}}

 {{define "js"}}
 <script type="module">
-    import {showTable} from "/static/js/all-subscriptions.js"
-    showTable({{.API}});
+    import {pageSize} from "/static/js/common.js"
+    import {showTable, currentPage} from "/static/js/all-subscriptions.js"
+
+    let curPage = currentPage;
+    if (sessionStorage.getItem("cur-page") !== null) {
+        curPage = sessionStorage.getItem("cur-page");
+        sessionStorage.removeItem("cur-page");
+    }
+    showTable({{.API}}, pageSize, curPage);
 </script>
 {{end}}
--- a/cmd/web/templates/all-users.page.gohtml
+++ b/cmd/web/templates/all-users.page.gohtml
@ -0,0 +1,28 @@
+{{ template "base". }}
+{{ define "title" }}
+All Users
+{{ end }}
+{{ define "content" }}
+<h2 class="mt-5">All Admin users</h2>
+<hr>
+<div class="float-end">
+    <a class="btn btn-outline-secondary" href="/admin/all-users/0">Add User</a>
+</div>
+<div class="clearfix"></div>
+<table id="user-table" class="table table-striped">
+    <thead>
+        <tr>
+            <th>User</th>
+            <th>Email</th>
+        </tr>
+    </thead>
+    <tbody>
+    </tbody>
+</table>
+{{ end }}
+{{ define "js" }}
+<script type="module">
+import {showUsers} from "/static/js/users.js"
+showUsers({{.API}});
+</script>
+{{ end }}
--- a/cmd/web/templates/base.layout.gohtml
+++ b/cmd/web/templates/base.layout.gohtml
@ -70,6 +70,12 @@
                                <li>
                                    <hr class="dropdown-divider">
                                </li>
+                                <li>
+                                    <a class="dropdown-item" href="/admin/all-users">All Users</a>
+                                </li>
+                                <li>
+                                    <hr class="dropdown-divider">
+                                </li>
                                <li>
                                    <a class="dropdown-item" href="/logout">Logout</a>
                                </li>
@ -99,7 +105,12 @@
        <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/js/bootstrap.bundle.min.js"
                integrity="sha384-YvpcrYf0tY3lHB60NNkmXc5s9fDVZLESaAA55NDzOxhy9GkcIdslK1eN7N6jIeHz"
                crossorigin="anonymous"></script>
-        <script src="/static/js/base.js"></script>
+        <script type="module">
+            import {wsConn, socket} from "/static/js/base.js"
+            document.addEventListener("DOMContentLoaded", function() {
+                wsConn({{.IsAuthenticated}}, {{.UserID}});
+            });
+        </script>
        {{ block "js" . }}
        {{ end }}
    </body>
--- a/cmd/web/templates/bronze-plan.page.gohtml
+++ b/cmd/web/templates/bronze-plan.page.gohtml
@ -14,18 +14,22 @@ Bronze Plan
      class="d-blick needs-validation charge-form"
      autocomplete="off"
      novalidate="">
-    <input type="hidden" id="product_id" name="product_id" value="{{$widget.ID}}">
+    <input type="hidden"
+           id="product_id"
+           name="product_id"
+           value="{{$widget.ID}}">
    <input type="hidden" id="amount" name="amount" value="{{$widget.Price}}">
    <p class="mt-2 mb-3 text-center">{{$widget.Description}}</p>
    <hr>
    <div class="mb-3">
-        <label for="first-name" class="form-label">First Name</label>
+        <label for="first_name" class="form-label">First Name</label>
        <input type="text"
-               id="first-name"
+               id="first_name"
               name="first_name"
-               autocomplete="first-name-new"
+               autocomplete="first_name-new"
               required=""
               class="form-control">
+        <div id="first_name-help" class="d-none"></div>
    </div>
    <div class="mb-3">
        <label for="last-name" class="form-label">Last Name</label>
--- a/cmd/web/templates/one-user.page.gohtml
+++ b/cmd/web/templates/one-user.page.gohtml
@ -0,0 +1,81 @@
+{{ template "base". }}
+{{ define "title" }}
+Admin User
+{{ end }}
+{{ define "content" }}
+<h2 class="mt-5">Admin user</h2>
+<hr>
+<form method="post"
+      action=""
+      name="user_form"
+      id="user_form"
+      class="needs-validation"
+      autocomplete="off"
+      novalidate>
+    <div class="mb-3">
+        <label for="first_name" class="form-label">First Name</label>
+        <input type="text"
+               name="first_name"
+               id="first_name"
+               class="form-control"
+               required=""
+               autocomplete="first_name-new">
+    </div>
+    <div class="mb-3">
+        <label for="last_name" class="form-label">Last Name</label>
+        <input type="text"
+               name="last_name"
+               id="last_name"
+               class="form-control"
+               required=""
+               autocomplete="last_name-new">
+    </div>
+    <div class="mb-3">
+        <label for="email" class="form-label">Email</label>
+        <input type="text"
+               name="email"
+               id="email"
+               class="form-control"
+               required=""
+               autocomplete="email-new">
+    </div>
+    <div class="mb-3">
+        <label for="password" class="form-label">Password</label>
+        <input type="password"
+               name="password"
+               id="password"
+               class="form-control"
+               autocomplete="password-new">
+    </div>
+    <div class="mb-3">
+        <label for="verify_password" class="form-label">Verify Password</label>
+        <input type="password"
+               name="verify_password"
+               id="verify_password"
+               class="form-control"
+               autocomplete="veryfy_password-new">
+    </div>
+    <hr>
+    <div class="float-start">
+        <a href="javascript:void(0)" class="btn btn-primary" id="saveBtn">Save Changes</a>
+        <a href="/admin/all-users" class="btn btn-warning" id="cancelBtn">Cancel</a>
+    </div>
+    <div class="float-end">
+        <a href="javascript:void(0)" class="btn btn-danger d-none" id="deleteBtn">Delete</a>
+    </div>
+    <div class="clearfix"></div>
+</form>
+{{ end }}
+{{ define "js" }}
+<script src="https://cdn.jsdelivr.net/npm/sweetalert2@11"></script>
+<script type="module">
+import {showUser, saveUser, deleteUser} from "/static/js/users.js"
+showUser({{.API}}, {{.UserID}});
+document.getElementById("saveBtn").addEventListener("click", (evt) => {
+    saveUser({{.API}}, evt);
+});
+document.getElementById("deleteBtn").addEventListener("click", () => {
+    deleteUser({{.API}});
+});
+</script>
+{{ end }}
--- a/cmd/web/ws-handlers.go
+++ b/cmd/web/ws-handlers.go
@ -0,0 +1,109 @@
+package main
+
+import (
+	"fmt"
+	"net/http"
+
+	"github.com/gorilla/websocket"
+)
+
+type WebSocketConnection struct {
+	*websocket.Conn
+}
+
+type WsPayload struct {
+	Action      string              `json:"action"`
+	Message     string              `json:"message"`
+	UserName    string              `json:"user_name"`
+	MessageType string              `json:"message_type"`
+	UserID      int                 `json:"user_id"`
+	Conn        WebSocketConnection `json:"-"`
+}
+
+type WsJSONResponse struct {
+	Action  string `json:"action"`
+	Message string `json:"message"`
+	UserID  int    `json:"user_id"`
+}
+
+var upgradeConnection = websocket.Upgrader{
+	ReadBufferSize:  1024,
+	WriteBufferSize: 1024,
+	// since we don't expect any communication from the client side
+	CheckOrigin: func(r *http.Request) bool { return true },
+}
+
+var clients = make(map[WebSocketConnection]string)
+
+var wsChan = make(chan WsPayload)
+
+func (app *application) WsEndPoint(w http.ResponseWriter, r *http.Request) {
+	ws, err := upgradeConnection.Upgrade(w, r, nil)
+	if err != nil {
+		app.errorLog.Println(err)
+		return
+	}
+
+	app.infoLog.Printf("Client connected from %s\n", r.RemoteAddr)
+	var response WsJSONResponse
+	response.Message = "Connected to server"
+
+	err = ws.WriteJSON(response)
+	if err != nil {
+		app.errorLog.Println(err)
+		return
+	}
+
+	conn := WebSocketConnection{Conn: ws}
+	clients[conn] = ""
+
+	go app.ListenForWS(&conn)
+}
+
+func (app *application) ListenForWS(conn *WebSocketConnection) {
+	defer func() {
+		if r := recover(); r != nil {
+			app.errorLog.Println("ERROR:", fmt.Sprintf("%v", r))
+		}
+	}()
+
+	var payload WsPayload
+
+	for {
+		err := conn.ReadJSON(&payload)
+		if err != nil {
+			// do nothing
+			app.errorLog.Println(err)
+			break
+		}
+		payload.Conn = *conn
+		wsChan <- payload
+	}
+}
+
+func (app *application) ListenToWsChannel() {
+	var response WsJSONResponse
+	for {
+		e := <-wsChan
+		switch e.Action {
+		case "deleteUser":
+			response.Action = "logout"
+			response.Message = "Your account has ben deleted"
+			response.UserID = e.UserID
+			app.broadcastToAll(response)
+		default:
+		}
+	}
+}
+
+func (app *application) broadcastToAll(response WsJSONResponse) {
+	for client := range clients {
+		// broadcast to every connected client
+		err := client.WriteJSON(response)
+		if err != nil {
+			app.errorLog.Printf("Websocket err on %s: %s", response.Action, err)
+			_ = client.Close()
+			delete(clients, client)
+		}
+	}
+}
--- a/go.mod
+++ b/go.mod
@ -9,6 +9,8 @@ require (
 	github.com/go-chi/chi/v5 v5.1.0
 	github.com/go-chi/cors v1.2.1
 	github.com/go-sql-driver/mysql v1.8.1
+	github.com/gorilla/websocket v1.5.3
+	github.com/phpdave11/gofpdf v1.4.2
 	github.com/stripe/stripe-go/v79 v79.6.0
 	github.com/xhit/go-simple-mail/v2 v2.16.0
 	golang.org/x/crypto v0.26.0
@ -17,6 +19,8 @@ require (
 require (
 	filippo.io/edwards25519 v1.1.0 // indirect
 	github.com/go-test/deep v1.1.1 // indirect
+	github.com/phpdave11/gofpdi v1.0.12 // indirect
+	github.com/pkg/errors v0.9.1 // indirect
 	github.com/toorop/go-dkim v0.0.0-20201103131630-e1cd1a0a5208 // indirect
 	golang.org/x/sys v0.23.0 // indirect
 )
--- a/go.sum
+++ b/go.sum
@ -4,6 +4,7 @@ github.com/alexedwards/scs/mysqlstore v0.0.0-20240316134038-7e11d57e8885 h1:C7QA
 github.com/alexedwards/scs/mysqlstore v0.0.0-20240316134038-7e11d57e8885/go.mod h1:p8jK3D80sw1PFrCSdlcJF1O75bp55HqbgDyyCLM0FrE=
 github.com/alexedwards/scs/v2 v2.8.0 h1:h31yUYoycPuL0zt14c0gd+oqxfRwIj6SOjHdKRZxhEw=
 github.com/alexedwards/scs/v2 v2.8.0/go.mod h1:ToaROZxyKukJKT/xLcVQAChi5k6+Pn1Gvmdl7h3RRj8=
+github.com/boombuler/barcode v1.0.0/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8=
 github.com/bwmarrin/go-alone v0.0.0-20190806015146-742bb55d1631 h1:Xb5rra6jJt5Z1JsZhIMby+IP5T8aU+Uc2RC9RzSxs9g=
 github.com/bwmarrin/go-alone v0.0.0-20190806015146-742bb55d1631/go.mod h1:P86Dksd9km5HGX5UMIocXvX87sEp2xUARle3by+9JZ4=
 github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8=
@ -17,9 +18,21 @@ github.com/go-sql-driver/mysql v1.8.1 h1:LedoTUt/eveggdHS9qUFC1EFSa8bU2+1pZjSRpv
 github.com/go-sql-driver/mysql v1.8.1/go.mod h1:wEBSXgmK//2ZFJyE+qWnIsVGmvmEKlqwuVSjsCm7DZg=
 github.com/go-test/deep v1.1.1 h1:0r/53hagsehfO4bzD2Pgr/+RgHqhmf+k1Bpse2cTu1U=
 github.com/go-test/deep v1.1.1/go.mod h1:5C2ZWiW0ErCdrYzpqxLbTX7MG14M9iiw8DgHncVwcsE=
+github.com/gorilla/websocket v1.5.3 h1:saDtZ6Pbx/0u+bgYQ3q96pZgCzfhKXGPqt7kZ72aNNg=
+github.com/gorilla/websocket v1.5.3/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
+github.com/jung-kurt/gofpdf v1.0.0/go.mod h1:7Id9E/uU8ce6rXgefFLlgrJj/GYY22cpxn+r32jIOes=
+github.com/phpdave11/gofpdf v1.4.2 h1:KPKiIbfwbvC/wOncwhrpRdXVj2CZTCFlw4wnoyjtHfQ=
+github.com/phpdave11/gofpdf v1.4.2/go.mod h1:zpO6xFn9yxo3YLyMvW8HcKWVdbNqgIfOOp2dXMnm1mY=
+github.com/phpdave11/gofpdi v1.0.12 h1:RZb9NG62cw/RW0rHAduVRo+98R8o/G1krcg2ns7DakQ=
+github.com/phpdave11/gofpdi v1.0.12/go.mod h1:vBmVV0Do6hSBHC8uKUQ71JGW+ZGQq74llk/7bXwjDoI=
+github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
+github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/ruudk/golang-pdf417 v0.0.0-20181029194003-1af4ab5afa58/go.mod h1:6lfFZQK844Gfx8o5WFuvpxWRwnSoipWe/p622j1v06w=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stripe/stripe-go/v79 v79.6.0 h1:qSBV2f2rpLEEZTdTlVLzdmQJZNmfoo2E3hUEkFT8GBc=
@ -30,6 +43,7 @@ github.com/xhit/go-simple-mail/v2 v2.16.0 h1:ouGy/Ww4kuaqu2E2UrDw7SvLaziWTB60ICL
 github.com/xhit/go-simple-mail/v2 v2.16.0/go.mod h1:b7P5ygho6SYE+VIqpxA6QkYfv4teeyG4MKqB3utRu98=
 golang.org/x/crypto v0.26.0 h1:RrRspgV4mU+YwB4FYnuBoKsUapNIL5cohGAmSH3azsw=
 golang.org/x/crypto v0.26.0/go.mod h1:GY7jblb9wI+FOo5y8/S2oY4zWP07AkOJ4+jxCqdqn54=
+golang.org/x/image v0.0.0-20190910094157-69e4b8554b2a/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
 golang.org/x/net v0.0.0-20210520170846-37e1c6afe023/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.21.0 h1:AQyQV4dYCvJ7vGmJyKki9+PBdyvhkSd8EIx/qb0AYv4=
 golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
@ -38,6 +52,7 @@ golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.23.0 h1:YfKFowiIMvtgl1UERQoTPPToxltDeZfbj4H7dVUCwmM=
 golang.org/x/sys v0.23.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.17.0 h1:XtiM5bkSOt+ewxlOE/aE/AKEHibwj/6gvWMl9Rsh0Qc=
 golang.org/x/text v0.17.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
--- a/internal/driver/driver.go
+++ b/internal/driver/driver.go
@ -19,7 +19,8 @@ func OpenDB(dsn string) (*sql.DB, error) {
 	db.SetMaxOpenConns(10)
 	db.SetMaxIdleConns(10)

-	ctx, _ := context.WithTimeout(context.Background(), 3*time.Second)
+	ctx, cancel := context.WithTimeout(context.Background(), 3*time.Second)
+	defer cancel()
 	err = db.PingContext(ctx)
 	if err != nil {
 		fmt.Println(err)
--- a/internal/models/models.go
+++ b/internal/models/models.go
@ -150,7 +150,7 @@ func (m *DBModel) InsertTransaction(txn Transaction) (int, error) {
             (amount, currency, last_four, expiry_month, expiry_year,
             payment_intent, payment_method, bank_return_code,
             transaction_status_id, created_at, updated_at)
-             VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`
+             VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?);`

 	result, err := m.DB.ExecContext(ctx, stmt,
 		txn.Amount,
@ -183,7 +183,7 @@ func (m *DBModel) InsertOrder(order Order) (int, error) {
 	stmt := `INSERT INTO orders
             (widget_id, transaction_id, customer_id, status_id, quantity,
             amount, created_at, updated_at)
-             VALUES (?, ?, ?, ?, ?, ?, ?, ?)`
+             VALUES (?, ?, ?, ?, ?, ?, ?, ?);`

 	result, err := m.DB.ExecContext(ctx, stmt,
 		order.WidgetID,
@ -212,7 +212,7 @@ func (m *DBModel) InsertCustomer(customer Customer) (int, error) {

 	stmt := `INSERT INTO customers
             (first_name, last_name, email, created_at, updated_at)
-             VALUES (?, ?, ?, ?, ?)`
+             VALUES (?, ?, ?, ?, ?);`

 	result, err := m.DB.ExecContext(ctx, stmt,
 		customer.FirstName,
@ -241,7 +241,7 @@ func (m *DBModel) GetUserByEmail(email string) (User, error) {

 	query := `SELECT id, first_name, last_name, email, password, created_at, updated_at
              FROM users
-              WHERE email = ?`
+              WHERE email = ?;`

 	row := m.DB.QueryRowContext(ctx, query, email)

@ -268,7 +268,7 @@ func (m *DBModel) Authenticate(email, password string) (int, error) {
 	var id int
 	var hashedPassword string

-	row := m.DB.QueryRowContext(ctx, "SELECT id, password from users WHERE email = ?", email)
+	row := m.DB.QueryRowContext(ctx, "SELECT id, password from users WHERE email = ?;", email)
 	err := row.Scan(&id, &hashedPassword)
 	if err != nil {
 		return 0, err
@ -288,7 +288,7 @@ func (m *DBModel) UpdatePasswordForUser(u User, hash string) error {
 	ctx, cancel := context.WithTimeout(context.Background(), 3*time.Second)
 	defer cancel()

-	stmt := `UPDATE users SET password = ? where id = ?`
+	stmt := `UPDATE users SET password = ? where id = ?;`

 	_, err := m.DB.ExecContext(ctx, stmt, hash, u.ID)
 	if err != nil {
@ -317,7 +317,7 @@ func (m *DBModel) GetAllOrders(isRecurring bool) ([]*Order, error) {
        WHERE
            w.is_recurring = ?
        ORDER BY
-            o.created_at DESC
+            o.created_at DESC;
    `

 	rows, err := m.DB.QueryContext(ctx, query, isRecurring)
@ -387,7 +387,7 @@ func (m *DBModel) GetAllOrdersPaginated(
            w.is_recurring = ?
        ORDER BY
            o.created_at DESC
-        LIMIT ? OFFSET ?
+        LIMIT ? OFFSET ?;
    `

 	rows, err := m.DB.QueryContext(ctx, query, isRecurring, pageSize, offset)
@ -433,7 +433,7 @@ func (m *DBModel) GetAllOrdersPaginated(
        SELECT COUNT(o.id)
        FROM orders o
        LEFT JOIN widgets w on (o.widget_id = w.id)
-        WHERE w.is_recurring = ?
+        WHERE w.is_recurring = ?;
    `

 	var totalRecords int
@ -444,6 +444,9 @@ func (m *DBModel) GetAllOrdersPaginated(
 	}

 	lastPage := totalRecords / pageSize
+	if totalRecords%pageSize != 0 {
+		lastPage++
+	}

 	return orders, lastPage, totalRecords, nil
 }
@ -464,7 +467,7 @@ func (m *DBModel) GetOrderByID(ID int) (Order, error) {
            LEFT JOIN transactions t on (o.transaction_id = t.id)
            LEFT JOIN customers c on (o.customer_id = c.id)
        WHERE
-            o.id = ?
+            o.id = ?;
    `

 	var o Order
@ -513,3 +516,128 @@ func (m *DBModel) UpdateOrderStatus(id, statusID int) error {
 	}
 	return nil
 }
+
+func (m *DBModel) GetAllUsers() ([]*User, error) {
+	ctx, cancel := context.WithTimeout(context.Background(), 3*time.Second)
+	defer cancel()
+
+	var users []*User
+	query := `
+        SELECT id, last_name, first_name, email, created_at, updated_at
+        FROM users
+        ORDER BY last_name, first_name;
+    `
+
+	rows, err := m.DB.QueryContext(ctx, query)
+	if err != nil {
+		return nil, err
+	}
+	defer rows.Close()
+
+	for rows.Next() {
+		var u User
+		err = rows.Scan(
+			&u.ID,
+			&u.LastName,
+			&u.FirstName,
+			&u.Email,
+			&u.CreatedAt,
+			&u.UpdatedAt,
+		)
+		if err != nil {
+			return nil, err
+		}
+		users = append(users, &u)
+	}
+
+	return users, nil
+}
+
+func (m *DBModel) GetOneUser(id int) (User, error) {
+	ctx, cancel := context.WithTimeout(context.Background(), 3*time.Second)
+	defer cancel()
+
+	var u User
+	query := `
+        SELECT id, last_name, first_name, email, created_at, updated_at
+        FROM users
+        WHERE id = ?;
+    `
+
+	row := m.DB.QueryRowContext(ctx, query, id)
+
+	err := row.Scan(
+		&u.ID,
+		&u.LastName,
+		&u.FirstName,
+		&u.Email,
+		&u.CreatedAt,
+		&u.UpdatedAt,
+	)
+	if err != nil {
+		return u, err
+	}
+
+	return u, nil
+}
+
+func (m *DBModel) EditUser(u User) error {
+	ctx, cancel := context.WithTimeout(context.Background(), 3*time.Second)
+	defer cancel()
+
+	stmt := `
+        UPDATE users
+        SET last_name = ?, first_name = ?, email = ?, updated_at = ?
+        WHERE id = ?;
+    `
+
+	_, err := m.DB.ExecContext(ctx, stmt, u.LastName, u.FirstName, u.Email, time.Now(), u.ID)
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+func (m *DBModel) AddUser(u User, hash string) error {
+	ctx, cancel := context.WithTimeout(context.Background(), 3*time.Second)
+	defer cancel()
+
+	stmt := `
+        INSERT INTO users
+        (last_name, first_name, email, password, created_at, updated_at)
+        VALUES (?, ?, ?, ?, ?, ?);
+    `
+
+	_, err := m.DB.ExecContext(ctx, stmt,
+		u.LastName, u.FirstName, u.Email, hash, time.Now(), time.Now())
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+func (m *DBModel) DeleteUser(id int) error {
+	ctx, cancel := context.WithTimeout(context.Background(), 3*time.Second)
+	defer cancel()
+
+	stmt := `
+        DELETE FROM users
+        WHERE id = ?;
+    `
+
+	_, err := m.DB.ExecContext(ctx, stmt, id)
+	if err != nil {
+		return err
+	}
+
+	stmt = `
+        DELETE FROM tokens
+        WHERE id = ?;
+    `
+	_, err = m.DB.ExecContext(ctx, stmt, id)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
--- a/internal/validator/validator.go
+++ b/internal/validator/validator.go
@ -0,0 +1,25 @@
+package validator
+
+type Validator struct {
+	Errors map[string]string
+}
+
+func New() *Validator {
+	return &Validator{Errors: make(map[string]string)}
+}
+
+func (v *Validator) Valid() bool {
+	return len(v.Errors) == 0
+}
+
+func (v *Validator) AddError(key, message string) {
+	if _, exists := v.Errors[key]; !exists {
+		v.Errors[key] = message
+	}
+}
+
+func (v *Validator) Check(ok bool, key, message string) {
+	if !ok {
+		v.AddError(key, message)
+	}
+}
--- a/pdf-templates/invoice.pdf
+++ b/pdf-templates/invoice.pdf
--- a/static/js/all-sales.js
+++ b/static/js/all-sales.js
@ -1,8 +1,20 @@
-import { formatCurrency } from "./common.js"
+import { formatCurrency, paginator } from "./common.js"

-export function showTable(api) {
-    let token = localStorage.getItem("token");
-    let tbody = document.getElementById("sales-table").getElementsByTagName("tbody")[0];
+//TODO: This should be put into the localStorage if we click into a sale and
+//get back, we may want to stay at the same page before.
+export let currentPage = 1;
+
+export function showTable(api, ps, cp) {
+    const token = localStorage.getItem("token");
+    const tbody = document.getElementById("sales-table").getElementsByTagName("tbody")[0];
+
+    // reset tbody
+    tbody.innerHTML = ``
+
+    const body = {
+        page_size: parseInt(ps, 10),
+        page: parseInt(cp, 10),
+    };

    const requestOptions = {
        method: 'post',
@ -11,17 +23,25 @@ export function showTable(api) {
            'Content-Type': 'application/json',
            'Authorization': 'Bearer ' + token,
        },
+        body: JSON.stringify(body),
    };

    fetch(api + "/api/admin/all-sales", requestOptions)
        .then(response => response.json())
        .then(function (data) {
-            if (data) {
-                data.forEach(function (i) {
+            if (data.orders) {
+                data.orders.forEach(function (i) {
                    let newRow = tbody.insertRow();
                    let newCell = newRow.insertCell();

-                    newCell.innerHTML = `<a href="/admin/sales/${i.id}">Order ${i.id}</a>`;
+                    newCell.innerHTML = `<a href="#!">Order ${i.id}</a>`;
+                    newCell.addEventListener("click", function (evt) {
+                        // put the current_page into sessionStorage
+                        sessionStorage.setItem("cur-page", data.current_page);
+
+                        // redirect
+                        location.href = `/admin/sales/${i.id}`;
+                    });

                    newCell = newRow.insertCell();
                    let item = document.createTextNode(i.customer.last_name + ", " + i.customer.first_name);
@ -42,12 +62,14 @@ export function showTable(api) {
                    } else {
                        newCell.innerHTML = `<span class="badge bg-success">Charged</span>`
                    }
+                    paginator(api, data.last_page, data.current_page, showTable)
                });
            } else {
                let newRow = tbody.insertRow();
                let newCell = newRow.insertCell();
-                newCell.setAttribute("colspan", "4");
+                newCell.setAttribute("colspan", "5");
                newCell.innerHTML = "No data available";
            }
        });
 }
+
--- a/static/js/all-subscriptions.js
+++ b/static/js/all-subscriptions.js
@ -1,9 +1,19 @@
-import { formatCurrency } from "./common.js"
+import { formatCurrency, paginator } from "./common.js"

-export function showTable(api) {
+export let currentPage = 1;
+
+export function showTable(api, ps, cp) {
    let token = localStorage.getItem("token");
    let tbody = document.getElementById("subscriptions-table").getElementsByTagName("tbody")[0];

+    // reset tbody
+    tbody.innerHTML = ``
+
+    const body = {
+        page_size: parseInt(ps, 10),
+        page: parseInt(cp, 10),
+    };
+
    const requestOptions = {
        method: 'post',
        headers: {
@ -11,17 +21,25 @@ export function showTable(api) {
            'Content-Type': 'application/json',
            'Authorization': 'Bearer ' + token,
        },
+        body: JSON.stringify(body),
    };

    fetch(api + "/api/admin/all-subscriptions", requestOptions)
        .then(response => response.json())
        .then(function (data) {
-            if (data) {
-                data.forEach(function (i) {
+            if (data.orders) {
+                data.orders.forEach(function (i) {
                    let newRow = tbody.insertRow();
                    let newCell = newRow.insertCell();

-                    newCell.innerHTML = `<a href="/admin/subscriptions/${i.id}">Order ${i.id}</a>`;
+                    newCell.innerHTML = `<a href="#!">Order ${i.id}</a>`;
+                    newCell.addEventListener("click", function (evt) {
+                        // put the current_page into sessionStorage
+                        sessionStorage.setItem("cur-page", data.current_page);
+
+                        // redirect
+                        location.href = `/admin/subscriptions/${i.id}`;
+                    });

                    newCell = newRow.insertCell();
                    let item = document.createTextNode(i.customer.last_name + ", " + i.customer.first_name);
@ -42,6 +60,7 @@ export function showTable(api) {
                    } else {
                        newCell.innerHTML = `<span class="badge bg-success">Charged</span>`
                    }
+                    paginator(api, data.last_page, data.current_page, showTable)
                });
            } else {
                let newRow = tbody.insertRow();
--- a/static/js/base.js
+++ b/static/js/base.js
@ -1,3 +1,32 @@
+export let socket;
+
+export function wsConn(is_authenticated, user_id) {
+    if (is_authenticated !== 1) {
+        return;
+    }
+
+    socket = new WebSocket("ws://localhost:4000/ws")
+    socket.onopen = () => {
+        console.log("Successfully connected to websockets")
+    }
+
+    socket.onclose = event => {};
+    socket.onerror = error => {};
+
+    socket.onmessage = msg => {
+        let data = JSON.parse(msg.data);
+
+        switch (data.action) {
+            case "logout":
+                if (data.user_id === user_id) {
+                    logout()
+                }
+                break;
+            default:
+        }
+    }
+}
+
 // let loginLink = document.getElementById("login-link");
 // let vtLink = document.getElementById("vt-link");
 //
@ -11,9 +40,9 @@
 //     loginLink.classList.remove('d-none')
 // });

-// function logout() {
-//     localStorage.removeItem("token");
-//     localStorage.removeItem("token_expiry");
-//     location.href = "/logout";
-// }
+function logout() {
+    localStorage.removeItem("token");
+    localStorage.removeItem("token_expiry");
+    location.href = "/logout";
+}

--- a/static/js/common.js
+++ b/static/js/common.js
@ -3,6 +3,8 @@ export let stripe;
 const payButton = document.getElementById("pay-button");
 export const processing = document.getElementById("processing-payment");

+export let pageSize = 2;
+
 export function hidePayButton() {
    payButton.classList.add("d-none");
    processing.classList.remove("d-none");
@ -98,3 +100,38 @@ export function formatCurrency(amount) {
        currency: "EUR",
    });
 }
+
+export function paginator(api, pages, curPage, showTable) {
+    // Check the border case
+    if (curPage >= pages) {
+        curPage = pages
+    }
+
+    const p = document.getElementById("paginator")
+    let html = `<li class="page-item"><a href="#!" class="page-link pager" data-page="${curPage - 1}">&lt;</a></li>`;
+
+    for (var i = 0; i < pages; i++) {
+        if (i + 1 == curPage) {
+            html += `<li class="page-item"><a href="#!" class="page-link pager active" data-page="${i + 1}">${i + 1}</a></li>`;
+
+        } else {
+
+            html += `<li class="page-item"><a href="#!" class="page-link pager" data-page="${i + 1}">${i + 1}</a></li>`;
+        }
+    }
+
+    html += `<li class="page-item"><a href="#!" class="page-link pager" data-page="${curPage + 1}">&gt;</a></li>`;
+
+    p.innerHTML = html;
+
+    let pageBtns = document.getElementsByClassName("pager");
+    for (var j = 0; j < pageBtns.length; j++) {
+        pageBtns[j].addEventListener("click", function (evt) {
+            let desiredPage = evt.target.getAttribute("data-page");
+            if ((desiredPage > 0) && (desiredPage <= pages)) {
+                console.log("would go to page", desiredPage);
+                showTable(api, pageSize, desiredPage);
+            }
+        })
+    }
+}
--- a/static/js/stripe-plan.js
+++ b/static/js/stripe-plan.js
@ -47,7 +47,7 @@ function stripePaymentMethodHandler(result, plan_id, api) {
            card_brand: result.paymentMethod.card.brand,
            expiry_month: result.paymentMethod.card.exp_month,
            expiry_year: result.paymentMethod.card.exp_year,
-            first_name: document.getElementById("first-name").value,
+            first_name: document.getElementById("first_name").value,
            last_name: document.getElementById("last-name").value,
            amount: document.getElementById("amount").value,
        };
@ -65,9 +65,22 @@ function stripePaymentMethodHandler(result, plan_id, api) {
            .then(response => response.json())
            .then(function (data) {
                console.log(data);
+                if (data.ok === false) {
+                    document.getElementById("charge_form").classList.remove("was-validated")
+                    Object.entries(data.errors).forEach((i) => {
+                        const [key, value] = i
+                        document.getElementById(key).classList.add("is-invalid");
+                        document.getElementById(key + "-help").classList.remove("valid-feedback");
+                        document.getElementById(key + "-help").classList.remove("d-none");
+                        document.getElementById(key + "-help").classList.add("invalid-feedback");
+                        document.getElementById(key + "-help").innerText = value;
+                    });
+                    showPayButton();
+                    return
+                }
                processing.classList.add("d-none");
                showSuccess("card-messages", "Transaction successful!");
-                sessionStorage.first_name = document.getElementById("first-name").value;
+                sessionStorage.first_name = document.getElementById("first_name").value;
                sessionStorage.last_name = document.getElementById("last-name").value;
                sessionStorage.amount = document.getElementById("amount").value;
                sessionStorage.last_four = result.paymentMethod.card.last4;
--- a/static/js/users.js
+++ b/static/js/users.js
@ -0,0 +1,161 @@
+import {socket} from "./base.js"
+
+export function showUsers(api) {
+    const tbody = document.getElementById("user-table").getElementsByTagName("tbody")[0];
+    const token = localStorage.getItem("token");
+
+    const requestOptions = {
+        method: 'post',
+        headers: {
+            'Accept': `application/json`,
+            'Content-Type': 'application/json',
+            'Authorization': 'Bearer ' + token,
+        },
+    };
+
+    fetch(api + "/api/admin/all-users", requestOptions)
+        .then(response => response.json())
+        .then(function (data) {
+            console.log(data)
+            if (data) {
+                data.forEach(i => {
+                    let newRow = tbody.insertRow();
+                    let newCell = newRow.insertCell();
+
+                    newCell.innerHTML = `<a href="/admin/all-users/${i.id}">${i.last_name}, ${i.first_name}</a>`;
+
+                    newCell = newRow.insertCell();
+                    let item = document.createTextNode(i.email);
+                    newCell.appendChild(item);
+                });
+            } else {
+                let newRow = tbody.insertRow();
+                let newCell = newRow.insertCell();
+                newCell.setAttribute("colspan", "2");
+                newCell.innerHTML = "no data available";
+            }
+        });
+}
+
+export function showUser(api, userID) {
+    const token = localStorage.getItem("token");
+    let id = window.location.pathname.split("/").pop();
+    let delBtn = document.getElementById("deleteBtn");
+
+    if (id === "0") {
+        return
+    }
+
+    if (userID !== parseInt(id, 10)) {
+        delBtn.classList.remove("d-none")
+    }
+    const requestOptions = {
+        method: 'post',
+        headers: {
+            'Accept': `application/json`,
+            'Content-Type': 'application/json',
+            'Authorization': 'Bearer ' + token,
+        },
+    };
+
+    fetch(api + `/api/admin/all-users/${id}`, requestOptions)
+        .then(response => response.json())
+        .then(function (data) {
+            console.log(data);
+            document.getElementById("first_name").value = data.first_name;
+            document.getElementById("last_name").value = data.last_name;
+            document.getElementById("email").value = data.email;
+        });
+}
+
+export function saveUser(api, event) {
+    const token = localStorage.getItem("token");
+    let form = document.getElementById("user_form");
+    let id = window.location.pathname.split("/").pop();
+
+    if (form.checkValidity() === false) {
+        event.preventDefault();
+        event.stopPropagation();
+        form.classList.add("was-validated");
+        return;
+    }
+
+    form.classList.add("was-validated");
+
+    if (document.getElementById("password").value !== document.getElementById("verify_password").value) {
+        Swal.fire("Password do not match!");
+        return
+    }
+
+    let payload = {
+        id: parseInt(id),
+        first_name: document.getElementById("first_name").value,
+        last_name: document.getElementById("last_name").value,
+        email: document.getElementById("email").value,
+        password: document.getElementById("password").value,
+    }
+
+    const requestOptions = {
+        method: 'post',
+        headers: {
+            'Accept': `application/json`,
+            'Content-Type': 'application/json',
+            'Authorization': 'Bearer ' + token,
+        },
+        body: JSON.stringify(payload)
+    }
+
+    fetch(api + `/api/admin/all-users/edit/${id}`, requestOptions)
+        .then(response => response.json())
+        .then(function (data) {
+            console.log(data);
+            if (!data.ok) {
+                Swal.fire("Error" + data.message)
+            } else {
+                location.href = "/admin/all-users"
+            }
+        });
+
+}
+
+export function deleteUser(api) {
+    const token = localStorage.getItem("token");
+    let id = window.location.pathname.split("/").pop();
+
+    Swal.fire({
+        title: "Are you sure?",
+        text: "You won't be able to undo this!",
+        icon: "warning",
+        showCancelButton: true,
+        confirmButtonColor: "#3085d6",
+        cancelButtonColor: "#d33",
+        confirmButtonText: "Delete user"
+    }).then((result) => {
+        if (result.isConfirmed) {
+            const requestOptions = {
+                method: 'post',
+                headers: {
+                    'Accept': `application/json`,
+                    'Content-Type': 'application/json',
+                    'Authorization': 'Bearer ' + token,
+                },
+            };
+
+            fetch(api + `/api/admin/all-users/delete/${id}`, requestOptions)
+                .then(response => response.json())
+                .then(function (data) {
+                    console.log(data);
+                    if (!data.ok) {
+                        Swal.fire("Error" + data.message)
+                    } else {
+                        let jsonData = {
+                            action: "deleteUser",
+                            user_id: parseInt(id),
+                        };
+                        socket.send(JSON.stringify(jsonData));
+                        location.href = "/admin/all-users"
+                    }
+                });
+        }
+    });
+}
Author	SHA1	Message	Date
Muyao CHEN	c22b5d2372	fix: potential context leak	2024-10-03 23:41:39 +02:00
vinchent	3d5212fb53	Add BE validator	2024-08-27 14:38:37 +02:00
vinchent	082c75283d	Sending invoice from the BE	2024-08-27 13:52:36 +02:00
vinchent	9b31ff0bbb	Sending invoice mails with attachement	2024-08-27 13:28:11 +02:00
vinchent	491f482fc7	fix errors and test pdf	2024-08-26 23:06:29 +02:00
vinchent	08fb20d7be	Setting un invoice pdf microservice	2024-08-26 22:49:10 +02:00
vinchent	6547b6ac85	use websockets to logout remote users	2024-08-26 21:26:07 +02:00
vinchent	3f0ddf7138	delete users	2024-08-26 14:10:18 +02:00
vinchent	bced6d7036	edit user	2024-08-26 13:37:05 +02:00
vinchent	591525e97f	Populating the user form	2024-08-23 21:26:06 +02:00
vinchent	b183e7bf43	Create user	2024-08-23 21:07:13 +02:00
vinchent	05db85eca1	all users front end	2024-08-23 14:26:12 +02:00
vinchent	f39c000e5d	add user be handlers	2024-08-23 14:13:06 +02:00
vinchent	d16793c01c	add user db functions	2024-08-23 14:10:44 +02:00
vinchent	1971169e2f	use sessionStorage & add user admin pages	2024-08-23 13:55:21 +02:00
vinchent	0e7b9d8c20	improve pagination	2024-08-23 10:51:20 +02:00
vinchent	0f0c896065	pagination all-subscriptions	2024-08-23 10:13:50 +02:00
vinchent	c8b032236b	pagination all-sales	2024-08-23 10:04:06 +02:00