server/main.go

package main

import (
	"encoding/json"
	"fmt"
	"log"
	"net/http"
	"os"
	"time"

	_ "github.com/go-sql-driver/mysql"
)

// RecoveryMiddleware catches panics and returns 500
func RecoveryMiddleware(next http.Handler) http.Handler {
	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		defer func() {
			if err := recover(); err != nil {
				log.Printf("[PANIC] %v", err)
				http.Error(w, "Internal Server Error", http.StatusInternalServerError)
			}
		}()
		next.ServeHTTP(w, r)
	})
}

// getStepManager creates a new StepManager for the given user, loading state from DB
func getStepManager(userID string) *StepManager {
	return NewStepManager(userID)
}

func initTimezone() {
	tz := os.Getenv("TZ")
	if tz != "" {
		loc, err := time.LoadLocation(tz)
		if err != nil {
			log.Printf("Error loading timezone %s: %v. Using UTC.", tz, err)
			return
		}
		time.Local = loc
		log.Printf("Timezone set to %s", tz)
	} else {
		log.Printf("TZ environment variable not set, using system default (usually UTC)")
	}
	log.Printf("Current system time: %s", time.Now().Format(time.RFC1123Z))
}

func main() {
	// Initialize components
	initTimezone()
	InitDB()
	InitFitbit()

	// 1. Serve Static Files (Frontend)
	fs := http.FileServer(http.Dir("frontend"))
	http.Handle("/", fs)

	// 2. API Endpoints (all require authentication)
	http.HandleFunc("/api/status", RequireAuth(func(w http.ResponseWriter, r *http.Request) {
		userID, _ := getUserID(r.Context())
		sm := getStepManager(userID)

		status := sm.GetStatus()

		// Add user info to status
		user, err := GetUser(userID)
		if err == nil && user != nil {
			status["user"] = map[string]string{
				"id":          user.FitbitUserID,
				"displayName": user.DisplayName,
				"avatarUrl":   user.AvatarURL,
			}
		} else {
			fmt.Printf("[API Status] WARNING: User info not found for ID: %s (err=%v)\n", userID, err)
		}

		w.Header().Set("Content-Type", "application/json")
		json.NewEncoder(w).Encode(status)
	}))

	http.HandleFunc("/api/refresh", RequireAuth(func(w http.ResponseWriter, r *http.Request) {
		if r.Method != http.MethodPost {
			http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)
			return
		}

		userID, _ := getUserID(r.Context())
		sm := getStepManager(userID)
		sm.Sync()
		w.WriteHeader(http.StatusOK)
	}))

	http.HandleFunc("/api/trip", RequireAuth(func(w http.ResponseWriter, r *http.Request) {
		if r.Method != http.MethodPost {
			http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)
			return
		}

		var metadata TripState
		if err := json.NewDecoder(r.Body).Decode(&metadata); err != nil {
			// Fallback for legacy calls or if no metadata is sent
			// But we expect metadata now
			fmt.Printf("[API Trip] Warning: Failed to decode metadata: %v\n", err)
		}

		userID, _ := getUserID(r.Context())
		sm := getStepManager(userID)
		sm.StartNewTrip(metadata)
		w.WriteHeader(http.StatusOK)
	}))

	http.HandleFunc("/api/drain", RequireAuth(func(w http.ResponseWriter, r *http.Request) {
		if r.Method != http.MethodPost {
			http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)
			return
		}

		userID, _ := getUserID(r.Context())
		sm := getStepManager(userID)
		go sm.Drain() // Async so we don't block
		w.WriteHeader(http.StatusOK)
	}))

	// 3. KML Management Endpoints
	http.HandleFunc("/api/kml/upload", RequireAuth(HandleKMLUpload))
	http.HandleFunc("/api/kml/list", RequireAuth(HandleKMLList))
	http.HandleFunc("/api/kml/edit", RequireAuth(HandleKMLEdit))
	http.HandleFunc("/api/kml/privacy", RequireAuth(HandleKMLPrivacyToggle))
	http.HandleFunc("/api/kml/vote", RequireAuth(HandleKMLVote))
	http.HandleFunc("/api/kml/delete", RequireAuth(HandleKMLDelete))
	http.HandleFunc("/api/kml/download", RequireAuth(HandleKMLDownload))

	// 4. Fitbit OAuth Endpoints
	http.HandleFunc("/auth/fitbit", HandleFitbitAuth)
	http.HandleFunc("/auth/callback", HandleFitbitCallback)

	// 5. Logout Endpoint
	http.HandleFunc("/auth/logout", func(w http.ResponseWriter, r *http.Request) {
		session, err := GetSessionFromRequest(r)
		if err == nil {
			DeleteSession(session.Token)
		}
		ClearSessionCookie(w)
		http.Redirect(w, r, "/", http.StatusTemporaryRedirect)
	})

	// 7. User Profile Endpoint
	http.HandleFunc("/api/user/profile", RequireAuth(HandleUserProfile))

	// 9. Start Server
	binding := "0.0.0.0:8080"
	fmt.Printf("Server starting on http://%s\n", binding)
	log.Fatal(http.ListenAndServe(binding, RecoveryMiddleware(http.DefaultServeMux)))
}
initial commit 2026-01-11 17:16:59 -07:00			`package main`

			`import (`
			`"encoding/json"`
			`"fmt"`
			`"log"`
			`"net/http"`
inittimezone 2026-01-11 18:27:07 -07:00			`"os"`
			`"time"`
initial commit 2026-01-11 17:16:59 -07:00
use antigravity to rewrite all your code to migrate from flat files to relational database. YOLO 2026-01-11 20:24:50 -07:00			`_ "github.com/go-sql-driver/mysql"`
initial commit 2026-01-11 17:16:59 -07:00			`)`

fix deadlocks and add recovery middleware for http server errors 2026-01-11 20:34:06 -07:00			`// RecoveryMiddleware catches panics and returns 500`
			`func RecoveryMiddleware(next http.Handler) http.Handler {`
			`return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {`
			`defer func() {`
			`if err := recover(); err != nil {`
			`log.Printf("[PANIC] %v", err)`
			`http.Error(w, "Internal Server Error", http.StatusInternalServerError)`
			`}`
			`}()`
			`next.ServeHTTP(w, r)`
			`})`
			`}`

use antigravity to rewrite all your code to migrate from flat files to relational database. YOLO 2026-01-11 20:24:50 -07:00			`// getStepManager creates a new StepManager for the given user, loading state from DB`
			`func getStepManager(userID string) *StepManager {`
			`return NewStepManager(userID)`
initial commit 2026-01-11 17:16:59 -07:00			`}`

inittimezone 2026-01-11 18:27:07 -07:00			`func initTimezone() {`
			`tz := os.Getenv("TZ")`
			`if tz != "" {`
			`loc, err := time.LoadLocation(tz)`
			`if err != nil {`
			`log.Printf("Error loading timezone %s: %v. Using UTC.", tz, err)`
			`return`
			`}`
			`time.Local = loc`
			`log.Printf("Timezone set to %s", tz)`
			`} else {`
			`log.Printf("TZ environment variable not set, using system default (usually UTC)")`
			`}`
			`log.Printf("Current system time: %s", time.Now().Format(time.RFC1123Z))`
			`}`

initial commit 2026-01-11 17:16:59 -07:00			`func main() {`
			`// Initialize components`
inittimezone 2026-01-11 18:27:07 -07:00			`initTimezone()`
use antigravity to rewrite all your code to migrate from flat files to relational database. YOLO 2026-01-11 20:24:50 -07:00			`InitDB()`
initial commit 2026-01-11 17:16:59 -07:00			`InitFitbit()`

			`// 1. Serve Static Files (Frontend)`
			`fs := http.FileServer(http.Dir("frontend"))`
			`http.Handle("/", fs)`

			`// 2. API Endpoints (all require authentication)`
			`http.HandleFunc("/api/status", RequireAuth(func(w http.ResponseWriter, r *http.Request) {`
			`userID, _ := getUserID(r.Context())`
use antigravity to rewrite all your code to migrate from flat files to relational database. YOLO 2026-01-11 20:24:50 -07:00			`sm := getStepManager(userID)`
initial commit 2026-01-11 17:16:59 -07:00
			`status := sm.GetStatus()`

			`// Add user info to status`
use antigravity to rewrite all your code to migrate from flat files to relational database. YOLO 2026-01-11 20:24:50 -07:00			`user, err := GetUser(userID)`
			`if err == nil && user != nil {`
initial commit 2026-01-11 17:16:59 -07:00			`status["user"] = map[string]string{`
add rich KML support, mitigate KML vulnerabilities 2026-01-11 22:48:50 -07:00			`"id": user.FitbitUserID,`
initial commit 2026-01-11 17:16:59 -07:00			`"displayName": user.DisplayName,`
			`"avatarUrl": user.AvatarURL,`
			`}`
			`} else {`
use antigravity to rewrite all your code to migrate from flat files to relational database. YOLO 2026-01-11 20:24:50 -07:00			`fmt.Printf("[API Status] WARNING: User info not found for ID: %s (err=%v)\n", userID, err)`
initial commit 2026-01-11 17:16:59 -07:00			`}`

			`w.Header().Set("Content-Type", "application/json")`
			`json.NewEncoder(w).Encode(status)`
			`}))`

			`http.HandleFunc("/api/refresh", RequireAuth(func(w http.ResponseWriter, r *http.Request) {`
			`if r.Method != http.MethodPost {`
			`http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)`
			`return`
			`}`

			`userID, _ := getUserID(r.Context())`
use antigravity to rewrite all your code to migrate from flat files to relational database. YOLO 2026-01-11 20:24:50 -07:00			`sm := getStepManager(userID)`
initial commit 2026-01-11 17:16:59 -07:00			`sm.Sync()`
			`w.WriteHeader(http.StatusOK)`
			`}))`

			`http.HandleFunc("/api/trip", RequireAuth(func(w http.ResponseWriter, r *http.Request) {`
			`if r.Method != http.MethodPost {`
			`http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)`
			`return`
			`}`

anti cheat: don't trust the client, move trip completions to server 2026-01-14 17:17:58 -07:00			`var metadata TripState`
			`if err := json.NewDecoder(r.Body).Decode(&metadata); err != nil {`
			`// Fallback for legacy calls or if no metadata is sent`
			`// But we expect metadata now`
			`fmt.Printf("[API Trip] Warning: Failed to decode metadata: %v\n", err)`
			`}`

initial commit 2026-01-11 17:16:59 -07:00			`userID, _ := getUserID(r.Context())`
use antigravity to rewrite all your code to migrate from flat files to relational database. YOLO 2026-01-11 20:24:50 -07:00			`sm := getStepManager(userID)`
anti cheat: don't trust the client, move trip completions to server 2026-01-14 17:17:58 -07:00			`sm.StartNewTrip(metadata)`
initial commit 2026-01-11 17:16:59 -07:00			`w.WriteHeader(http.StatusOK)`
			`}))`

			`http.HandleFunc("/api/drain", RequireAuth(func(w http.ResponseWriter, r *http.Request) {`
			`if r.Method != http.MethodPost {`
			`http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)`
			`return`
			`}`

			`userID, _ := getUserID(r.Context())`
use antigravity to rewrite all your code to migrate from flat files to relational database. YOLO 2026-01-11 20:24:50 -07:00			`sm := getStepManager(userID)`
initial commit 2026-01-11 17:16:59 -07:00			`go sm.Drain() // Async so we don't block`
			`w.WriteHeader(http.StatusOK)`
			`}))`

			`// 3. KML Management Endpoints`
			`http.HandleFunc("/api/kml/upload", RequireAuth(HandleKMLUpload))`
			`http.HandleFunc("/api/kml/list", RequireAuth(HandleKMLList))`
add rich KML support, mitigate KML vulnerabilities 2026-01-11 22:48:50 -07:00			`http.HandleFunc("/api/kml/edit", RequireAuth(HandleKMLEdit))`
initial commit 2026-01-11 17:16:59 -07:00			`http.HandleFunc("/api/kml/privacy", RequireAuth(HandleKMLPrivacyToggle))`
			`http.HandleFunc("/api/kml/vote", RequireAuth(HandleKMLVote))`
			`http.HandleFunc("/api/kml/delete", RequireAuth(HandleKMLDelete))`
			`http.HandleFunc("/api/kml/download", RequireAuth(HandleKMLDownload))`

			`// 4. Fitbit OAuth Endpoints`
			`http.HandleFunc("/auth/fitbit", HandleFitbitAuth)`
			`http.HandleFunc("/auth/callback", HandleFitbitCallback)`

			`// 5. Logout Endpoint`
			`http.HandleFunc("/auth/logout", func(w http.ResponseWriter, r *http.Request) {`
			`session, err := GetSessionFromRequest(r)`
			`if err == nil {`
			`DeleteSession(session.Token)`
			`}`
			`ClearSessionCookie(w)`
			`http.Redirect(w, r, "/", http.StatusTemporaryRedirect)`
			`})`

user profiles 2026-01-13 13:10:55 -07:00			`// 7. User Profile Endpoint`
			`http.HandleFunc("/api/user/profile", RequireAuth(HandleUserProfile))`

show completed trips on profiles 2026-01-14 16:55:49 -07:00			`// 9. Start Server`
initial commit 2026-01-11 17:16:59 -07:00			`binding := "0.0.0.0:8080"`
			`fmt.Printf("Server starting on http://%s\n", binding)`
fix deadlocks and add recovery middleware for http server errors 2026-01-11 20:34:06 -07:00			`log.Fatal(http.ListenAndServe(binding, RecoveryMiddleware(http.DefaultServeMux)))`
initial commit 2026-01-11 17:16:59 -07:00			`}`