Stack of changes to get gin, scs, nosurf running.

internal/handlers/admin/audit.go

@@ -7,7 +7,6 @@ import (
 
 	templateHelpers "synlotto-website/internal/helpers/template"
 
-	"synlotto-website/internal/http/middleware"
 	"synlotto-website/internal/models"
 )
 
@@ -20,7 +19,7 @@ type AdminLogEntry struct {
 }
 
 func AdminAccessLogHandler(db *sql.DB) http.HandlerFunc {
-	return middleware.Auth(true)(func(w http.ResponseWriter, r *http.Request) {
+	return func(w http.ResponseWriter, r *http.Request) {
 		data := models.TemplateData{}
 		context := templateHelpers.TemplateContext(w, r, data)
 
@@ -37,7 +36,7 @@ func AdminAccessLogHandler(db *sql.DB) http.HandlerFunc {
 		}
 		defer rows.Close()
 
-		var logs []AdminLogEntry // ToDo should be in models
+		var logs []AdminLogEntry // ToDo: move to models ?
 		for rows.Next() {
 			var entry AdminLogEntry
 			if err := rows.Scan(&entry.AccessedAt, &entry.UserID, &entry.Path, &entry.IP, &entry.UserAgent); err != nil {
@@ -48,14 +47,13 @@ func AdminAccessLogHandler(db *sql.DB) http.HandlerFunc {
 		}
 		context["AuditLogs"] = logs
 
-		tmpl := templateHelpers.LoadTemplateFiles("access_log.html", "templates/admin/logs/access_log.html")
-
+		tmpl := templateHelpers.LoadTemplateFiles("access_log.html", "web/templates/admin/logs/access_log.html")
 		_ = tmpl.ExecuteTemplate(w, "layout", context)
-	})
+	}
 }
 
 func AuditLogHandler(db *sql.DB) http.HandlerFunc {
-	return middleware.Auth(true)(func(w http.ResponseWriter, r *http.Request) {
+	return func(w http.ResponseWriter, r *http.Request) {
 		data := models.TemplateData{}
 		context := templateHelpers.TemplateContext(w, r, data)
 
@@ -75,8 +73,7 @@ func AuditLogHandler(db *sql.DB) http.HandlerFunc {
 		var logs []models.AuditEntry
 		for rows.Next() {
 			var entry models.AuditEntry
-			err := rows.Scan(&entry.Timestamp, &entry.UserID, &entry.Action, &entry.IP, &entry.UserAgent)
-			if err != nil {
+			if err := rows.Scan(&entry.Timestamp, &entry.UserID, &entry.Action, &entry.IP, &entry.UserAgent); err != nil {
 				log.Println("⚠️ Failed to scan row:", err)
 				continue
 			}
@@ -85,12 +82,10 @@ func AuditLogHandler(db *sql.DB) http.HandlerFunc {
 
 		context["AuditLogs"] = logs
 
-		tmpl := templateHelpers.LoadTemplateFiles("audit.html", "templates/admin/logs/audit.html")
-
-		err = tmpl.ExecuteTemplate(w, "layout", context)
-		if err != nil {
+		tmpl := templateHelpers.LoadTemplateFiles("audit.html", "web/templates/admin/logs/audit.html")
+		if err := tmpl.ExecuteTemplate(w, "layout", context); err != nil {
 			log.Println("❌ Failed to render audit page:", err)
 			http.Error(w, "Template error", http.StatusInternalServerError)
 		}
-	})
+	}
 }

internal/handlers/admin/dashboard.go

@@ -1,76 +1,96 @@
+// internal/handlers/admin/dashboard.go
 package handlers
 
+// ToDo: move SQL into storage layer
 import (
-	"database/sql"
 	"log"
 	"net/http"
 
-	httpHelpers "synlotto-website/internal/helpers/http"
-	securityHelpers "synlotto-website/internal/helpers/security"
+	templateHandlers "synlotto-website/internal/handlers/template"
+	security "synlotto-website/internal/helpers/security"
 	templateHelpers "synlotto-website/internal/helpers/template"
-
-	"synlotto-website/internal/models"
+	"synlotto-website/internal/platform/bootstrap"
 	usersStorage "synlotto-website/internal/storage/users"
 )
 
-var (
-	total, winners int
-	prizeSum       float64
-)
-
-func AdminDashboardHandler(db *sql.DB) http.HandlerFunc {
-	return httpHelpers.AuthMiddleware(func(w http.ResponseWriter, r *http.Request) {
-		userID, ok := securityHelpers.GetCurrentUserID(r)
+func AdminDashboardHandler(app *bootstrap.App) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		userID, ok := security.GetCurrentUserID(app.SessionManager, r)
 		if !ok {
 			http.Redirect(w, r, "/account/login", http.StatusSeeOther)
 			return
 		}
 
-		user := usersStorage.GetUserByID(db, userID)
+		user := usersStorage.GetUserByID(app.DB, userID)
 		if user == nil {
 			http.Error(w, "User not found", http.StatusUnauthorized)
 			return
 		}
 
-		data := models.TemplateData{}
+		// Shared template data (loads user, notifications, counts, etc.)
+		data := templateHandlers.BuildTemplateData(app, w, r)
 		context := templateHelpers.TemplateContext(w, r, data)
 		context["User"] = user
 		context["IsAdmin"] = user.IsAdmin
-		// ToDo: Missing messages, notifications, potentially syndicate notifictions if that becomes a new top bar icon.
-		db.QueryRow(`SELECT COUNT(*), SUM(CASE WHEN is_winner THEN 1 ELSE 0 END), SUM(prize_amount) FROM my_tickets`).Scan(&total, &winners, &prizeSum)
+
+		// Quick stats (keep here for now; move to storage soon)
+		var (
+			total, winners int
+			prizeSum       float64
+		)
+		if err := app.DB.QueryRow(`
+			SELECT COUNT(*),
+			       SUM(CASE WHEN is_winner THEN 1 ELSE 0 END),
+			       COALESCE(SUM(prize_amount), 0)
+			FROM my_tickets
+		`).Scan(&total, &winners, &prizeSum); err != nil {
+			log.Println("⚠️ Failed to load ticket stats:", err)
+		}
 		context["Stats"] = map[string]interface{}{
 			"TotalTickets":     total,
 			"TotalWinners":     winners,
 			"TotalPrizeAmount": prizeSum,
 		}
 
-		rows, err := db.Query(`
-			SELECT run_at, triggered_by, tickets_matched, winners_found, COALESCE(notes, '') 
-			FROM log_ticket_matching 
-			ORDER BY run_at DESC LIMIT 10
+		// Recent matcher logs (limit 10)
+		rows, err := app.DB.Query(`
+			SELECT run_at, triggered_by, tickets_matched, winners_found, COALESCE(notes, '')
+			FROM log_ticket_matching
+			ORDER BY run_at DESC
+			LIMIT 10
 		`)
 		if err != nil {
 			log.Println("⚠️ Failed to load logs:", err)
-		}
-		defer rows.Close()
-
-		var logs []models.MatchLog
-		for rows.Next() {
-			var logEntry models.MatchLog
-			err := rows.Scan(&logEntry.RunAt, &logEntry.TriggeredBy, &logEntry.TicketsMatched, &logEntry.WinnersFound, &logEntry.Notes)
-			if err != nil {
-				log.Println("⚠️ Failed to scan log row:", err)
-				continue
+		} else {
+			defer rows.Close()
+			var logs []struct {
+				RunAt          any
+				TriggeredBy    string
+				TicketsMatched int
+				WinnersFound   int
+				Notes          string
 			}
-			logs = append(logs, logEntry)
+			for rows.Next() {
+				var e struct {
+					RunAt          any
+					TriggeredBy    string
+					TicketsMatched int
+					WinnersFound   int
+					Notes          string
+				}
+				if err := rows.Scan(&e.RunAt, &e.TriggeredBy, &e.TicketsMatched, &e.WinnersFound, &e.Notes); err != nil {
+					log.Println("⚠️ Failed to scan log row:", err)
+					continue
+				}
+				logs = append(logs, e)
+			}
+			context["MatchLogs"] = logs
 		}
-		context["MatchLogs"] = logs
 
-		tmpl := templateHelpers.LoadTemplateFiles("dashboard.html", "templates/admin/dashboard.html")
-
-		err = tmpl.ExecuteTemplate(w, "layout", context)
-		if err != nil {
+		tmpl := templateHelpers.LoadTemplateFiles("dashboard.html", "web/templates/admin/dashboard.html")
+		if err := tmpl.ExecuteTemplate(w, "layout", context); err != nil {
 			http.Error(w, "Failed to render dashboard", http.StatusInternalServerError)
+			return
 		}
-	})
+	}
 }

internal/handlers/admin/draws.go

@@ -1,20 +1,19 @@
 package handlers
 
+// ToDo: move SQL into storage layer
 import (
 	"database/sql"
 	"log"
 	"net/http"
 
-	httpHelpers "synlotto-website/internal/helpers/http"
 	templateHelpers "synlotto-website/internal/helpers/template"
-
 	"synlotto-website/internal/models"
 )
 
 func NewDrawHandler(db *sql.DB) http.HandlerFunc {
-	return httpHelpers.AuthMiddleware(func(w http.ResponseWriter, r *http.Request) {
+	return func(w http.ResponseWriter, r *http.Request) {
 		data := models.TemplateData{}
-		context := templateHelpers.TemplateContext(w, r, data)
+		ctx := templateHelpers.TemplateContext(w, r, data)
 
 		if r.Method == http.MethodPost {
 			game := r.FormValue("game_type")
@@ -22,29 +21,35 @@ func NewDrawHandler(db *sql.DB) http.HandlerFunc {
 			machine := r.FormValue("machine")
 			ballset := r.FormValue("ball_set")
 
-			_, err := db.Exec(`INSERT INTO results_thunderball (game_type, draw_date, machine, ball_set) VALUES (?, ?, ?, ?)`,
-				game, date, machine, ballset)
+			_, err := db.Exec(
+				`INSERT INTO results_thunderball (game_type, draw_date, machine, ball_set) VALUES (?, ?, ?, ?)`,
+				game, date, machine, ballset,
+			)
 			if err != nil {
 				http.Error(w, "Failed to add draw", http.StatusInternalServerError)
 				return
 			}
-
 			http.Redirect(w, r, "/admin/dashboard", http.StatusSeeOther)
 			return
 		}
 
-		tmpl := templateHelpers.LoadTemplateFiles("new_draw", "templates/admin/draws/new_draw.html")
-
-		tmpl.ExecuteTemplate(w, "layout", context)
-	})
+		tmpl := templateHelpers.LoadTemplateFiles("new_draw", "web/templates/admin/draws/new_draw.html")
+		_ = tmpl.ExecuteTemplate(w, "layout", ctx)
+	}
 }
 
 func ModifyDrawHandler(db *sql.DB) http.HandlerFunc {
-	return httpHelpers.AuthMiddleware(func(w http.ResponseWriter, r *http.Request) {
+	return func(w http.ResponseWriter, r *http.Request) {
 		if r.Method == http.MethodPost {
 			id := r.FormValue("id")
-			_, err := db.Exec(`UPDATE results_thunderball SET game_type=?, draw_date=?, ball_set=?, machine=? WHERE id=?`,
-				r.FormValue("game_type"), r.FormValue("draw_date"), r.FormValue("ball_set"), r.FormValue("machine"), id)
+			_, err := db.Exec(
+				`UPDATE results_thunderball SET game_type=?, draw_date=?, ball_set=?, machine=? WHERE id=?`,
+				r.FormValue("game_type"),
+				r.FormValue("draw_date"),
+				r.FormValue("ball_set"),
+				r.FormValue("machine"),
+				id,
+			)
 			if err != nil {
 				http.Error(w, "Update failed", http.StatusInternalServerError)
 				return
@@ -52,33 +57,30 @@ func ModifyDrawHandler(db *sql.DB) http.HandlerFunc {
 			http.Redirect(w, r, "/admin/dashboard", http.StatusSeeOther)
 			return
 		}
-		// For GET: load draw by ID (pseudo-code)
-		// id := r.URL.Query().Get("id")
-		// query DB, pass into context.Draw
-	})
+		// For GET: load draw by ID if needed and render a form/template
+	}
 }
 
 func DeleteDrawHandler(db *sql.DB) http.HandlerFunc {
-	return httpHelpers.AuthMiddleware(func(w http.ResponseWriter, r *http.Request) {
+	return func(w http.ResponseWriter, r *http.Request) {
 		if r.Method == http.MethodPost {
 			id := r.FormValue("id")
-			_, err := db.Exec(`DELETE FROM results_thunderball WHERE id = ?`, id)
-			if err != nil {
+			if _, err := db.Exec(`DELETE FROM results_thunderball WHERE id = ?`, id); err != nil {
 				http.Error(w, "Delete failed", http.StatusInternalServerError)
 				return
 			}
 			http.Redirect(w, r, "/admin/dashboard", http.StatusSeeOther)
 			return
 		}
-	})
+	}
 }
 
 func ListDrawsHandler(db *sql.DB) http.HandlerFunc {
-	return httpHelpers.AuthMiddleware(func(w http.ResponseWriter, r *http.Request) {
+	return func(w http.ResponseWriter, r *http.Request) {
 		data := models.TemplateData{}
-		context := templateHelpers.TemplateContext(w, r, data)
-		draws := []models.DrawSummary{}
+		ctx := templateHelpers.TemplateContext(w, r, data)
 
+		var draws []models.DrawSummary
 		rows, err := db.Query(`
 			SELECT r.id, r.game_type, r.draw_date, r.ball_set, r.machine,
 			       (SELECT COUNT(1) FROM prizes_thunderball p WHERE p.draw_date = r.draw_date) as prize_exists
@@ -101,11 +103,9 @@ func ListDrawsHandler(db *sql.DB) http.HandlerFunc {
 			d.PrizeSet = prizeFlag > 0
 			draws = append(draws, d)
 		}
+		ctx["Draws"] = draws
 
-		context["Draws"] = draws
-
-		tmpl := templateHelpers.LoadTemplateFiles("list.html", "templates/admin/draws/list.html")
-
-		tmpl.ExecuteTemplate(w, "layout", context)
-	})
+		tmpl := templateHelpers.LoadTemplateFiles("list.html", "web/templates/admin/draws/list.html")
+		_ = tmpl.ExecuteTemplate(w, "layout", ctx)
+	}
 }

internal/handlers/admin/manualtriggers.go

@@ -14,6 +14,7 @@ import (
 	"synlotto-website/internal/models"
 )
 
+// ToDo: need to fix flash messages from new gin context
 func AdminTriggersHandler(db *sql.DB) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		data := models.TemplateData{}
@@ -73,7 +74,7 @@ func AdminTriggersHandler(db *sql.DB) http.HandlerFunc {
 			return
 		}
 
-		tmpl := templateHelpers.LoadTemplateFiles("triggers.html", "templates/admin/triggers.html")
+		tmpl := templateHelpers.LoadTemplateFiles("triggers.html", "web/templates/admin/triggers.html")
 
 		err := tmpl.ExecuteTemplate(w, "layout", context)
 		if err != nil {

internal/handlers/admin/prizes.go

@@ -6,23 +6,23 @@ import (
 	"net/http"
 	"strconv"
 
-	httpHelpers "synlotto-website/internal/helpers/http"
 	templateHelpers "synlotto-website/internal/helpers/template"
-
 	"synlotto-website/internal/models"
 )
 
+// ToDo: move SQL into the storage layer.
+
 func AddPrizesHandler(db *sql.DB) http.HandlerFunc {
-	return httpHelpers.AuthMiddleware(func(w http.ResponseWriter, r *http.Request) {
+	return func(w http.ResponseWriter, r *http.Request) {
 		data := models.TemplateData{}
 		if r.Method == http.MethodGet {
-			tmpl := templateHelpers.LoadTemplateFiles("add_prizes.html", "templates/admin/draws/prizes/add_prizes.html")
-			tmpl.ExecuteTemplate(w, "layout", templateHelpers.TemplateContext(w, r, data))
+			tmpl := templateHelpers.LoadTemplateFiles("add_prizes.html", "web/templates/admin/draws/prizes/add_prizes.html")
+			_ = tmpl.ExecuteTemplate(w, "layout", templateHelpers.TemplateContext(w, r, data))
 			return
 		}
 
 		drawDate := r.FormValue("draw_date")
-		values := make([]interface{}, 0)
+		values := make([]interface{}, 0, 9)
 		for i := 1; i <= 9; i++ {
 			val, _ := strconv.Atoi(r.FormValue(fmt.Sprintf("prize%d_per_winner", i)))
 			values = append(values, val)
@@ -34,23 +34,21 @@ func AddPrizesHandler(db *sql.DB) http.HandlerFunc {
 			prize7_per_winner, prize8_per_winner, prize9_per_winner
 		) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`
 
-		_, err := db.Exec(stmt, append([]interface{}{drawDate}, values...)...)
-		if err != nil {
+		if _, err := db.Exec(stmt, append([]interface{}{drawDate}, values...)...); err != nil {
 			http.Error(w, "Insert failed: "+err.Error(), http.StatusInternalServerError)
 			return
 		}
 
 		http.Redirect(w, r, "/admin/draws", http.StatusSeeOther)
-	})
+	}
 }
 
 func ModifyPrizesHandler(db *sql.DB) http.HandlerFunc {
-	return httpHelpers.AuthMiddleware(func(w http.ResponseWriter, r *http.Request) {
+	return func(w http.ResponseWriter, r *http.Request) {
 		data := models.TemplateData{}
 		if r.Method == http.MethodGet {
-			tmpl := templateHelpers.LoadTemplateFiles("modify_prizes.html", "templates/admin/draws/prizes/modify_prizes.html")
-
-			tmpl.ExecuteTemplate(w, "layout", templateHelpers.TemplateContext(w, r, data))
+			tmpl := templateHelpers.LoadTemplateFiles("modify_prizes.html", "web/templates/admin/draws/prizes/modify_prizes.html")
+			_ = tmpl.ExecuteTemplate(w, "layout", templateHelpers.TemplateContext(w, r, data))
 			return
 		}
 
@@ -58,13 +56,12 @@ func ModifyPrizesHandler(db *sql.DB) http.HandlerFunc {
 		for i := 1; i <= 9; i++ {
 			key := fmt.Sprintf("prize%d_per_winner", i)
 			val, _ := strconv.Atoi(r.FormValue(key))
-			_, err := db.Exec("UPDATE prizes_thunderball SET "+key+" = ? WHERE draw_date = ?", val, drawDate)
-			if err != nil {
+			if _, err := db.Exec("UPDATE prizes_thunderball SET "+key+" = ? WHERE draw_date = ?", val, drawDate); err != nil {
 				http.Error(w, "Update failed: "+err.Error(), http.StatusInternalServerError)
 				return
 			}
 		}
 
 		http.Redirect(w, r, "/admin/draws", http.StatusSeeOther)
-	})
+	}
 }