Merge pull request 'docs: rapporter ancien README.md' (#69 ) from vlbeaudoin/docs/readme into main

Reviewed-on: #69
docs: rapporter ancien README.md
2024-09-19 14:41:55 -04:00 · 2024-09-19 14:41:24 -04:00 · 2024-09-18 19:14:04 -04:00 · 2024-09-18 19:06:33 -04:00 · 2024-09-03 17:07:02 -04:00 · 2024-09-03 17:06:10 -04:00
27 changed files with 1015 additions and 621 deletions
--- a/.gitignore
+++ b/.gitignore
@ -22,6 +22,8 @@
 # Dependency directories (remove the comment below to include it)
 # vendor/

+# cert files
+*.pem

 # env
 .env
--- a/12
+++ b/12
@ -1,19 +1,21 @@
-FROM golang:1.22.3 as build
+FROM golang:1.23.0 as build

 LABEL author="vlbeaudoin"

 WORKDIR /go/src/app

-COPY go.mod go.sum client.go client_test.go cmd.go config.go db.go entity.go main.go request.go response.go routes.go template.go ./
+COPY go.mod go.sum LICENSE ./

-ADD sql/ sql/
+ADD cmd/ cmd/
+ADD pkg/ pkg/
+ADD queries/ queries/
 ADD templates/ templates/

-RUN CGO_ENABLED=0 go build -a -o bottin .
+RUN CGO_ENABLED=0 go build -a -o bottin ./cmd/bottin

 # Alpine

-FROM alpine:3.20
+FROM alpine:3.20.2

 WORKDIR /app

--- a/12
+++ b/12
@ -14,3 +14,15 @@ help: ## Show this help
 .PHONY: test-integration
 test-integration: ## run integration tests through API client. Config is read from `~/.bottin.yaml`. WARNING: affects data in the database, do not run on production server
 	docker-compose down && docker-compose up -d --build && sleep 2 && go test
+
+.PHONY: dev
+dev: generate-self-signed-x509 compose-inject-x509 ## deploy development environment on docker-compose
+	docker-compose up -d
+
+.PHONY: generate-self-signed-x509
+generate-self-signed-x509: ## Générer une paire de clés x509 self-signed pour utilisation avec un serveur de développement
+	./scripts/generate-self-signed-x509.sh
+
+.PHONY: compose-inject-x509
+compose-inject-x509: ## Copie la paire de clés x509 du current directory vers les containers orchestrés par docker-compose
+	./scripts/compose-inject-x509.sh
--- a/README.md
+++ b/README.md
@ -20,17 +20,18 @@ https://git.agecem.com/agecem/bottin

 Remplir .env avec les infos qui seront utilisées pour déployer le container

-(Remplacer `bottin` par quelque chose de plus sécuritaire)
+Au minimum, il faut ces 3 entrées:
+
+*Remplacer `bottin` par quelque chose de plus sécuritaire*

 ```sh
-BOTTIN_API_KEY=bottin
-BOTTIN_POSTGRES_DATABASE=bottin
-BOTTIN_POSTGRES_PASSWORD=bottin
-BOTTIN_POSTGRES_USER=bottin
-BOTTIN_WEB_PASSWORD=bottin
-BOTTIN_WEB_USER=bottin
+BOTTIN_SERVER_DB_DATABASE=bottin
+BOTTIN_SERVER_DB_PASSWORD=bottin
+BOTTIN_SERVER_DB_USER=bottin
 ```

+*D'autres entrées peuvent être ajoutées, voir `config.go` pour les options*
+
 Déployer avec docker-compose

 `$ docker-compose up -d`
@ -43,14 +44,15 @@ Pour modifier la configuration du serveur API

 `$ docker-compose exec -it api vi /etc/bottin/api.yaml`

-*Y remplir au minimum le champs `api.key` (string)*
+*Y remplir au minimum le champs `server.api.key` (string)*

 Pour modifier la configuration du client web

-`$ docker-compose exec -it web vi /etc/bottin/web.yaml`
+`$ docker-compose exec -it ui vi /etc/bottin/ui.yaml`

-*Y remplir au minimum les champs `web.api.key` (string), `web.user` (string) et `web.password` (string)*
+*Y remplir au minimum les champs `server.ui.api.key` (string), `server.ui.user` (string) et `server.ui.password` (string)*

 Redémarrer les containers une fois la configuration modifiée

 `$ docker-compose down && docker-compose up -d`
+v
--- a/cmd.go
+++ b/cmd.go
@ -1,226 +0,0 @@
-package main
-
-import (
-	"context"
-	"crypto/subtle"
-	"fmt"
-	"html/template"
-	"log"
-	"net/http"
-	"os"
-
-	"codeberg.org/vlbeaudoin/voki/v3"
-	"github.com/jackc/pgx/v5/pgxpool"
-	"github.com/labstack/echo/v4"
-	"github.com/labstack/echo/v4/middleware"
-	"github.com/spf13/cobra"
-	"github.com/spf13/viper"
-)
-
-// rootCmd represents the base command when called without any subcommands
-var rootCmd = &cobra.Command{
-	Use:   "bottin",
-	Short: "Bottin étudiant de l'AGECEM",
-}
-
-// execute adds all child commands to the root command and sets flags appropriately.
-// This is called by main.main(). It only needs to happen once to the rootCmd.
-func execute() {
-	err := rootCmd.Execute()
-	if err != nil {
-		os.Exit(1)
-	}
-}
-
-// apiCmd represents the api command
-var apiCmd = &cobra.Command{
-	Use:   "api",
-	Short: "Démarrer le serveur API",
-	Args:  cobra.ExactArgs(0),
-	Run: func(cmd *cobra.Command, args []string) {
-		var cfg Config
-		if err := viper.Unmarshal(&cfg); err != nil {
-			log.Fatal("parse config:", err)
-		}
-
-		e := echo.New()
-
-		// Middlewares
-
-		e.Pre(middleware.AddTrailingSlash())
-
-		if cfg.API.Key != "" {
-			e.Use(middleware.KeyAuth(func(key string, c echo.Context) (bool, error) {
-				return subtle.ConstantTimeCompare([]byte(key), []byte(cfg.API.Key)) == 1, nil
-			}))
-		}
-
-		// DataClient
-		ctx := context.Background()
-
-		//prep
-		pool, err := pgxpool.New(
-			ctx,
-			fmt.Sprintf(
-				"user=%s password=%s database=%s host=%s port=%d sslmode=%s ",
-				cfg.DB.User,
-				cfg.DB.Password,
-				cfg.DB.Database,
-				cfg.DB.Host,
-				cfg.DB.Port,
-				cfg.DB.SSLMode,
-			))
-		if err != nil {
-			log.Fatal("init pgx pool:", err)
-		}
-		defer pool.Close()
-
-		db := &PostgresClient{
-			Ctx:  ctx,
-			Pool: pool,
-		}
-		if err := db.Pool.Ping(ctx); err != nil {
-			log.Fatal("ping db:", err)
-		}
-
-		if err := db.CreateOrReplaceSchema(); err != nil {
-			log.Fatal("create or replace schema:", err)
-		}
-
-		if err := db.CreateOrReplaceViews(); err != nil {
-			log.Fatal("create or replace views:", err)
-		}
-
-		// Routes
-		if err := addRoutes(e, db, cfg); err != nil {
-			log.Fatal("add routes:", err)
-		}
-		/*
-			h := handlers.New(client)
-
-			e.GET("/v7/health/", h.GetHealth)
-
-			e.POST("/v7/membres/", h.PostMembres)
-
-			e.GET("/v7/membres/", h.ListMembres)
-
-			e.GET("/v7/membres/:membre_id/", h.ReadMembre)
-
-			e.PUT("/v7/membres/:membre_id/prefered_name/", h.PutMembrePreferedName)
-
-			e.POST("/v7/programmes/", h.PostProgrammes)
-
-			e.POST("/v7/seed/", h.PostSeed)
-		*/
-
-		// Execution
-		e.Logger.Fatal(e.Start(fmt.Sprintf(":%d", cfg.API.Port)))
-	},
-}
-
-// webCmd represents the web command
-var webCmd = &cobra.Command{
-	Use:   "web",
-	Short: "Démarrer le client web",
-	Args:  cobra.ExactArgs(0),
-	Run: func(cmd *cobra.Command, args []string) {
-		// Parse config
-		var cfg Config
-		if err := viper.Unmarshal(&cfg); err != nil {
-			log.Fatal("init config:", err)
-		}
-
-		e := echo.New()
-
-		// Middlewares
-
-		// Trailing slash
-		e.Pre(middleware.AddTrailingSlash())
-
-		// Auth
-		e.Use(middleware.BasicAuth(func(user, password string, c echo.Context) (bool, error) {
-			usersMatch := subtle.ConstantTimeCompare([]byte(user), []byte(cfg.Web.User)) == 1
-			passwordsMatch := subtle.ConstantTimeCompare([]byte(password), []byte(cfg.Web.Password)) == 1
-			return usersMatch && passwordsMatch, nil
-		}))
-
-		// Templating
-		e.Renderer = &Template{
-			templates: template.Must(template.ParseFS(templatesFS, "templates/*.html")),
-		}
-
-		// API Client
-		apiClient := APIClient{voki.New(
-			http.DefaultClient,
-			cfg.Web.API.Host,
-			cfg.Web.API.Key,
-			cfg.Web.API.Port,
-			cfg.Web.API.Protocol,
-		)}
-		defer apiClient.Voki.CloseIdleConnections()
-
-		// Routes
-		e.GET("/", func(c echo.Context) error {
-			pingResult, err := apiClient.GetHealth()
-			if err != nil {
-				return c.Render(
-					http.StatusOK,
-					"index-html",
-					voki.MessageResponse{Message: fmt.Sprintf("impossible d'accéder au serveur API: %s", err)},
-				)
-			}
-
-			return c.Render(
-				http.StatusOK,
-				"index-html",
-				voki.MessageResponse{Message: pingResult},
-			)
-		})
-
-		e.GET("/membre/", func(c echo.Context) error {
-			membreID := c.QueryParam("membre_id")
-			switch {
-			case membreID == "":
-				return c.Render(
-					http.StatusOK,
-					"index-html",
-					voki.MessageResponse{Message: "❗Veuillez entrer un numéro étudiant à rechercher"},
-				)
-			case !IsMembreID(membreID):
-				return c.Render(
-					http.StatusOK,
-					"index-html",
-					voki.MessageResponse{Message: fmt.Sprintf("❗Numéro étudiant '%s' invalide", membreID)},
-				)
-			}
-
-			membre, err := apiClient.GetMembreForDisplay(membreID)
-			if err != nil {
-				return c.Render(
-					http.StatusOK,
-					"index-html",
-					voki.MessageResponse{Message: fmt.Sprintf("❗erreur: %s", err)},
-				)
-			}
-
-			return c.Render(
-				http.StatusOK,
-				"index-html",
-				voki.MessageResponse{Message: fmt.Sprintf(`
-Numéro étudiant: %s
-Nom d'usage: %s
-Programme: [%s] %s
-`,
-					membre.ID,
-					membre.Name,
-					membre.ProgrammeID,
-					membre.ProgrammeName,
-				)},
-			)
-		})
-
-		// Execution
-		e.Logger.Fatal(e.Start(
-			fmt.Sprintf(":%d", cfg.Web.Port)))
-	},
-}
--- a/cmd/bottin/main.go
+++ b/cmd/bottin/main.go
@ -0,0 +1,717 @@
+package main
+
+import (
+	"context"
+	"crypto/subtle"
+	"crypto/tls"
+	"fmt"
+	"log"
+	"net/http"
+	"os"
+	"strings"
+
+	"codeberg.org/vlbeaudoin/voki/v3"
+	"git.agecem.com/agecem/bottin/v9/pkg/bottin"
+	"git.agecem.com/agecem/bottin/v9/templates"
+	"github.com/jackc/pgx/v5/pgxpool"
+	"github.com/labstack/echo/v4"
+	"github.com/labstack/echo/v4/middleware"
+	"github.com/spf13/cobra"
+	"github.com/spf13/viper"
+)
+
+var cfgFile string
+
+// initConfig reads in config file and ENV variables if set.
+func initConfig() {
+	if cfgFile != "" {
+		// Use config file from the flag.
+		viper.SetConfigFile(cfgFile)
+	} else {
+		// Find home directory.
+		home, err := os.UserHomeDir()
+		cobra.CheckErr(err)
+
+		// Search config in home directory with name ".bottin" (without extension).
+		viper.AddConfigPath(home)
+		viper.SetConfigType("yaml")
+		viper.SetConfigName(".bottin")
+	}
+
+	viper.SetEnvPrefix("BOTTIN")
+	viper.SetEnvKeyReplacer(strings.NewReplacer(".", "_"))
+	viper.AutomaticEnv() // read in environment variables that match
+
+	// If a config file is found, read it in.
+	if err := viper.ReadInConfig(); err == nil {
+		fmt.Fprintln(os.Stderr, "Using config file:", viper.ConfigFileUsed())
+	}
+}
+
+func main() {
+	/* TODO
+	if err := Run(context.Background(), Config{}, nil, os.Stdout); err != nil {
+		log.Fatal(err)
+	}
+	*/
+
+	// Handle the command-line via cobra and viper
+	execute()
+}
+
+func init() {
+	// rootCmd
+
+	cobra.OnInitialize(initConfig)
+
+	rootCmd.PersistentFlags().StringVar(&cfgFile, "config", "", "config file (default is $HOME/.bottin.yaml)")
+
+	// client.api.host
+	rootCmd.PersistentFlags().String(
+		"client-api-host",
+		"api",
+		"API server host",
+	)
+	if err := viper.BindPFlag(
+		"client.api.host",
+		rootCmd.PersistentFlags().Lookup("client-api-host"),
+	); err != nil {
+		log.Fatal(err)
+	}
+
+	// client.api.key
+	rootCmd.PersistentFlags().String(
+		"client-api-key",
+		"bottin",
+		"API server key",
+	)
+	if err := viper.BindPFlag(
+		"client.api.key",
+		rootCmd.PersistentFlags().Lookup("client-api-key"),
+	); err != nil {
+		log.Fatal(err)
+	}
+
+	// client.api.port
+	rootCmd.PersistentFlags().Int(
+		"client-api-port",
+		1312,
+		"API server port",
+	)
+	if err := viper.BindPFlag(
+		"client.api.port",
+		rootCmd.PersistentFlags().Lookup("client-api-port"),
+	); err != nil {
+		log.Fatal(err)
+	}
+
+	// client.api.protocol
+	rootCmd.PersistentFlags().String(
+		"client-api-protocol",
+		"https",
+		"API server protocol",
+	)
+	if err := viper.BindPFlag(
+		"client.api.protocol",
+		rootCmd.PersistentFlags().Lookup("client-api-protocol"),
+	); err != nil {
+		log.Fatal(err)
+	}
+
+	// server
+	rootCmd.AddCommand(serverCmd)
+
+	// server api
+	serverCmd.AddCommand(apiCmd)
+
+	// server api db
+	// server.api.db.database
+	apiCmd.PersistentFlags().String(
+		"server-api-db-database",
+		"bottin",
+		"Postgres database name",
+	)
+	if err := viper.BindPFlag(
+		"server.api.db.database",
+		apiCmd.PersistentFlags().Lookup("server-api-db-database"),
+	); err != nil {
+		log.Fatal(err)
+	}
+
+	// server.api.db.host
+	apiCmd.PersistentFlags().String(
+		"server-api-db-host",
+		"db",
+		"Postgres host name",
+	)
+	if err := viper.BindPFlag(
+		"server.api.db.host",
+		apiCmd.PersistentFlags().Lookup("server-api-db-host"),
+	); err != nil {
+		log.Fatal(err)
+	}
+
+	// server.api.db.password
+	apiCmd.PersistentFlags().String(
+		"server-api-db-password",
+		"bottin",
+		"Postgres password",
+	)
+	if err := viper.BindPFlag(
+		"server.api.db.password",
+		apiCmd.PersistentFlags().Lookup("server-api-db-password"),
+	); err != nil {
+		log.Fatal(err)
+	}
+
+	// server.api.db.port
+	apiCmd.PersistentFlags().Int(
+		"server-api-db-port",
+		5432,
+		"Postgres port",
+	)
+	if err := viper.BindPFlag(
+		"server.api.db.port",
+		apiCmd.PersistentFlags().Lookup("server-api-db-port"),
+	); err != nil {
+		log.Fatal(err)
+	}
+
+	// server.api.db.sslmode
+	apiCmd.PersistentFlags().String(
+		"server-api-db-sslmode",
+		"prefer",
+		"Postgres sslmode",
+	)
+	if err := viper.BindPFlag(
+		"server.api.db.sslmode",
+		apiCmd.PersistentFlags().Lookup("server-api-db-sslmode"),
+	); err != nil {
+		log.Fatal(err)
+	}
+
+	// server.api.db.user
+	apiCmd.PersistentFlags().String(
+		"server-api-db-user",
+		"bottin",
+		"Postgres user name",
+	)
+	if err := viper.BindPFlag(
+		"server.api.db.user",
+		apiCmd.PersistentFlags().Lookup("server-api-db-user"),
+	); err != nil {
+		log.Fatal(err)
+	}
+
+	// server.api.host
+	apiCmd.PersistentFlags().String(
+		"server-api-host",
+		"",
+		"API server hostname or IP to answer on (empty = any)",
+	)
+	if err := viper.BindPFlag(
+		"server.api.host",
+		apiCmd.PersistentFlags().Lookup("server-api-host"),
+	); err != nil {
+		log.Fatal(err)
+	}
+
+	// server.api.key
+	apiCmd.PersistentFlags().String(
+		"server-api-key",
+		"bottin",
+		"API server key",
+	)
+	if err := viper.BindPFlag(
+		"server.api.key",
+		apiCmd.PersistentFlags().Lookup("server-api-key"),
+	); err != nil {
+		log.Fatal(err)
+	}
+
+	// server.api.port
+	apiCmd.PersistentFlags().Int(
+		"server-api-port",
+		1312,
+		"API server port",
+	)
+	if err := viper.BindPFlag(
+		"server.api.port",
+		apiCmd.PersistentFlags().Lookup("server-api-port"),
+	); err != nil {
+		log.Fatal(err)
+	}
+
+	// server api tls
+	// server.api.tls.enabled
+	apiCmd.PersistentFlags().Bool(
+		"server-api-tls-enabled",
+		true,
+		"Use TLS for API server connections (requires certfile and keyfile)",
+	)
+	if err := viper.BindPFlag(
+		"server.api.tls.enabled",
+		apiCmd.PersistentFlags().Lookup("server-api-tls-enabled"),
+	); err != nil {
+		log.Fatal(err)
+	}
+
+	// server.api.tls.certfile
+	apiCmd.PersistentFlags().String(
+		"server-api-tls-certfile",
+		"/etc/bottin/cert.pem",
+		"Path to certificate file",
+	)
+	if err := viper.BindPFlag(
+		"server.api.tls.certfile",
+		apiCmd.PersistentFlags().Lookup("server-api-tls-certfile"),
+	); err != nil {
+		log.Fatal(err)
+	}
+
+	// server.api.tls.keyfile
+	apiCmd.PersistentFlags().String(
+		"server-api-tls-keyfile",
+		"/etc/bottin/key.pem",
+		"Path to private key file",
+	)
+	if err := viper.BindPFlag(
+		"server.api.tls.keyfile",
+		apiCmd.PersistentFlags().Lookup("server-api-tls-keyfile"),
+	); err != nil {
+		log.Fatal(err)
+	}
+
+	// server ui
+	serverCmd.AddCommand(uiCmd)
+
+	// server ui api
+
+	// server.ui.api.host
+	uiCmd.PersistentFlags().String(
+		"server-ui-api-host",
+		"api",
+		"Web UI backend API server host name",
+	)
+	if err := viper.BindPFlag(
+		"server.ui.api.host",
+		uiCmd.PersistentFlags().Lookup("server-ui-api-host"),
+	); err != nil {
+		log.Fatal(err)
+	}
+
+	// server.ui.api.key
+	uiCmd.PersistentFlags().String(
+		"server-ui-api-key",
+		"bottin",
+		"Web UI backend API server key",
+	)
+	if err := viper.BindPFlag(
+		"server.ui.api.key",
+		uiCmd.PersistentFlags().Lookup("server-ui-api-key"),
+	); err != nil {
+		log.Fatal(err)
+	}
+
+	// server.ui.api.port
+	uiCmd.PersistentFlags().Int(
+		"server-ui-api-port",
+		1312,
+		"Web UI backend API server port",
+	)
+	if err := viper.BindPFlag(
+		"server.ui.api.port",
+		uiCmd.PersistentFlags().Lookup("server-ui-api-port"),
+	); err != nil {
+		log.Fatal(err)
+	}
+
+	// server.ui.api.protocol
+	uiCmd.PersistentFlags().String(
+		"server-ui-api-protocol",
+		"https",
+		"Web UI backend API server protocol",
+	)
+	if err := viper.BindPFlag(
+		"server.ui.api.protocol",
+		uiCmd.PersistentFlags().Lookup("server-ui-api-protocol"),
+	); err != nil {
+		log.Fatal(err)
+	}
+
+	// server.ui.api.tls.skipverify
+	uiCmd.PersistentFlags().Bool(
+		"server-ui-api-tls-skipverify",
+		false,
+		"Skip API server TLS certificate verification",
+	)
+	if err := viper.BindPFlag(
+		"server.ui.api.tls.skipverify",
+		uiCmd.PersistentFlags().Lookup("server-ui-api-tls-skipverify"),
+	); err != nil {
+		log.Fatal(err)
+	}
+
+	// server.ui.host
+	uiCmd.PersistentFlags().String(
+		"server-ui-host",
+		"",
+		"Web UI host",
+	)
+	if err := viper.BindPFlag(
+		"server.ui.host",
+		uiCmd.PersistentFlags().Lookup("server-ui-host"),
+	); err != nil {
+		log.Fatal(err)
+	}
+
+	// server.ui.password
+	uiCmd.PersistentFlags().String(
+		"server-ui-password",
+		"bottin",
+		"Web UI password",
+	)
+	if err := viper.BindPFlag(
+		"server.ui.password",
+		uiCmd.PersistentFlags().Lookup("server-ui-password"),
+	); err != nil {
+		log.Fatal(err)
+	}
+
+	// server.ui.port
+	uiCmd.PersistentFlags().Int(
+		"server-ui-port",
+		2312,
+		"Web UI port",
+	)
+	if err := viper.BindPFlag(
+		"server.ui.port",
+		uiCmd.PersistentFlags().Lookup("server-ui-port"),
+	); err != nil {
+		log.Fatal(err)
+	}
+
+	// server.ui.user
+	uiCmd.PersistentFlags().String(
+		"server-ui-user",
+		"bottin",
+		"Web UI user",
+	)
+	if err := viper.BindPFlag(
+		"server.ui.user",
+		uiCmd.PersistentFlags().Lookup("server-ui-user"),
+	); err != nil {
+		log.Fatal(err)
+	}
+
+	// server ui tls
+	// server.ui.tls.enabled
+	uiCmd.PersistentFlags().Bool(
+		"server-ui-tls-enabled",
+		true,
+		"Web UI enable TLS (requires certfile and keyfile)",
+	)
+	if err := viper.BindPFlag(
+		"server.ui.tls.enabled",
+		uiCmd.PersistentFlags().Lookup("server-ui-tls-enabled"),
+	); err != nil {
+		log.Fatal(err)
+	}
+
+	// server.ui.tls.certfile
+	uiCmd.PersistentFlags().String(
+		"server-ui-tls-certfile",
+		"/etc/bottin/cert.pem",
+		"Path to Web UI TLS certificate file",
+	)
+	if err := viper.BindPFlag(
+		"server.ui.tls.certfile",
+		uiCmd.PersistentFlags().Lookup("server-ui-tls-certfile"),
+	); err != nil {
+		log.Fatal(err)
+	}
+
+	// server.ui.tls.keyfile
+	uiCmd.PersistentFlags().String(
+		"server-ui-tls-keyfile",
+		"/etc/bottin/key.pem",
+		"Path to Web UI TLS private key file",
+	)
+	if err := viper.BindPFlag(
+		"server.ui.tls.keyfile",
+		uiCmd.PersistentFlags().Lookup("server-ui-tls-keyfile"),
+	); err != nil {
+		log.Fatal(err)
+	}
+}
+
+/* TODO
+func Run(ctx context.Context, config Config, args []string, stdout io.Writer) error {
+	return fmt.Errorf("not implemented")
+}
+*/
+
+// rootCmd represents the base command when called without any subcommands
+var rootCmd = &cobra.Command{
+	Use:   "bottin",
+	Short: "Bottin étudiant de l'AGECEM",
+}
+
+// execute adds all child commands to the root command and sets flags appropriately.
+// This is called by main.main(). It only needs to happen once to the rootCmd.
+func execute() {
+	err := rootCmd.Execute()
+	if err != nil {
+		os.Exit(1)
+	}
+}
+
+var serverCmd = &cobra.Command{
+	Use:   "server",
+	Short: "Démarrer serveurs (API ou Web UI)",
+}
+
+// apiCmd represents the api command
+var apiCmd = &cobra.Command{
+	Use:   "api",
+	Short: "Démarrer le serveur API",
+	Args:  cobra.ExactArgs(0),
+	Run: func(cmd *cobra.Command, args []string) {
+		var cfg bottin.Config
+		if err := viper.Unmarshal(&cfg); err != nil {
+			log.Fatal("parse config:", err)
+		}
+
+		e := echo.New()
+
+		// Middlewares
+
+		e.Pre(middleware.AddTrailingSlash())
+
+		if cfg.Server.API.Key != "" {
+			e.Use(middleware.KeyAuth(func(key string, c echo.Context) (bool, error) {
+				return subtle.ConstantTimeCompare([]byte(key), []byte(cfg.Server.API.Key)) == 1, nil
+			}))
+		} else {
+			log.Println("Server started but no API key (server.api.key) was provided, using empty key (NOT RECOMMENDED FOR PRODUCTION)")
+		}
+
+		// DataClient
+		ctx := context.Background()
+
+		//prep
+		pool, err := pgxpool.New(
+			ctx,
+			fmt.Sprintf(
+				"user=%s password=%s database=%s host=%s port=%d sslmode=%s ",
+				cfg.Server.API.DB.User,
+				cfg.Server.API.DB.Password,
+				cfg.Server.API.DB.Database,
+				cfg.Server.API.DB.Host,
+				cfg.Server.API.DB.Port,
+				cfg.Server.API.DB.SSLMode,
+			))
+		if err != nil {
+			log.Fatal("init pgx pool:", err)
+		}
+		defer pool.Close()
+
+		db := &bottin.PostgresClient{
+			Ctx:  ctx,
+			Pool: pool,
+		}
+		if err := db.Pool.Ping(ctx); err != nil {
+			log.Fatal("ping db:", err)
+		}
+
+		if err := db.CreateOrReplaceSchema(); err != nil {
+			log.Fatal("create or replace schema:", err)
+		}
+
+		if err := db.CreateOrReplaceViews(); err != nil {
+			log.Fatal("create or replace views:", err)
+		}
+
+		// Routes
+		if err := bottin.AddRoutes(e, db, cfg); err != nil {
+			log.Fatal("add routes:", err)
+		}
+		/*
+			h := handlers.New(client)
+
+			e.GET("/v9/health/", h.GetHealth)
+
+			e.POST("/v9/membres/", h.PostMembres)
+
+			e.GET("/v9/membres/", h.ListMembres)
+
+			e.GET("/v9/membres/:membre_id/", h.ReadMembre)
+
+			e.PUT("/v9/membres/:membre_id/prefered_name/", h.PutMembrePreferedName)
+
+			e.POST("/v9/programmes/", h.PostProgrammes)
+
+			e.POST("/v9/seed/", h.PostSeed)
+		*/
+
+		// Execution
+		switch cfg.Server.API.TLS.Enabled {
+		case false:
+			e.Logger.Fatal(
+				e.Start(
+					fmt.Sprintf("%s:%d", cfg.Server.API.Host, cfg.Server.API.Port),
+				),
+			)
+		case true:
+			if cfg.Server.API.TLS.Certfile == "" {
+				log.Fatal("TLS enabled for API but no certificate file provided")
+			}
+
+			if cfg.Server.API.TLS.Keyfile == "" {
+				log.Fatal("TLS enabled for UI but no private key file provided")
+			}
+
+			e.Logger.Fatal(
+				e.StartTLS(
+					fmt.Sprintf("%s:%d", cfg.Server.API.Host, cfg.Server.API.Port),
+					cfg.Server.API.TLS.Certfile,
+					cfg.Server.API.TLS.Keyfile,
+				),
+			)
+		}
+	},
+}
+
+// uiCmd represents the ui command
+var uiCmd = &cobra.Command{
+	Use:     "ui",
+	Aliases: []string{"web", "interface"},
+	Short:   "Démarrer l'interface Web UI",
+	Args:    cobra.ExactArgs(0),
+	Run: func(cmd *cobra.Command, args []string) {
+		// Parse config
+		var cfg bottin.Config
+		if err := viper.Unmarshal(&cfg); err != nil {
+			log.Fatal("init config:", err)
+		}
+
+		e := echo.New()
+
+		// Middlewares
+
+		// Trailing slash
+		e.Pre(middleware.AddTrailingSlash())
+
+		// Auth
+		e.Use(middleware.BasicAuth(func(user, password string, c echo.Context) (bool, error) {
+			usersMatch := subtle.ConstantTimeCompare([]byte(user), []byte(cfg.Server.UI.User)) == 1
+			passwordsMatch := subtle.ConstantTimeCompare([]byte(password), []byte(cfg.Server.UI.Password)) == 1
+			return usersMatch && passwordsMatch, nil
+		}))
+
+		// Templating
+		e.Renderer = templates.NewTemplate()
+
+		// API Client
+		var httpClient = &http.Client{
+			Transport: &http.Transport{
+				TLSClientConfig: &tls.Config{
+					InsecureSkipVerify: cfg.Server.UI.API.TLS.SkipVerify,
+				},
+			},
+		}
+		apiClient := bottin.APIClient{
+			Voki: voki.New(
+				httpClient,
+				cfg.Server.UI.API.Host,
+				cfg.Server.UI.API.Key,
+				cfg.Server.UI.API.Port,
+				cfg.Server.UI.API.Protocol,
+			)}
+		defer apiClient.Voki.CloseIdleConnections()
+
+		// Routes
+		e.GET("/", func(c echo.Context) error {
+			pingResult, err := apiClient.GetHealth()
+			if err != nil {
+				return c.Render(
+					http.StatusOK,
+					"index-html",
+					voki.MessageResponse{Message: fmt.Sprintf("impossible d'accéder au serveur API: %s", err)},
+				)
+			}
+
+			return c.Render(
+				http.StatusOK,
+				"index-html",
+				voki.MessageResponse{Message: pingResult},
+			)
+		})
+
+		e.GET("/membre/", func(c echo.Context) error {
+			membreID := c.QueryParam("membre_id")
+			switch {
+			case membreID == "":
+				return c.Render(
+					http.StatusOK,
+					"index-html",
+					voki.MessageResponse{Message: "❗Veuillez entrer un numéro étudiant à rechercher"},
+				)
+			case !bottin.IsMembreID(membreID):
+				return c.Render(
+					http.StatusOK,
+					"index-html",
+					voki.MessageResponse{Message: fmt.Sprintf("❗Numéro étudiant '%s' invalide", membreID)},
+				)
+			}
+
+			membre, err := apiClient.GetMembreForDisplay(membreID)
+			if err != nil {
+				return c.Render(
+					http.StatusOK,
+					"index-html",
+					voki.MessageResponse{Message: fmt.Sprintf("❗erreur: %s", err)},
+				)
+			}
+
+			return c.Render(
+				http.StatusOK,
+				"index-html",
+				voki.MessageResponse{Message: fmt.Sprintf(`
+Numéro étudiant: %s
+Nom d'usage: %s
+Programme: [%s] %s
+`,
+					membre.ID,
+					membre.Name,
+					membre.ProgrammeID,
+					membre.ProgrammeName,
+				)},
+			)
+		})
+
+		// Execution
+		switch cfg.Server.UI.TLS.Enabled {
+		case false:
+			e.Logger.Fatal(e.Start(
+				fmt.Sprintf("%s:%d", cfg.Server.UI.Host, cfg.Server.UI.Port)))
+		case true:
+			if cfg.Server.UI.TLS.Certfile == "" {
+				log.Fatal("TLS enabled for UI but no certificate file provided")
+			}
+
+			if cfg.Server.UI.TLS.Keyfile == "" {
+				log.Fatal("TLS enabled for UI but no private key file provided")
+			}
+
+			e.Logger.Fatal(
+				e.StartTLS(
+					fmt.Sprintf("%s:%d", cfg.Server.UI.Host, cfg.Server.UI.Port),
+					cfg.Server.UI.TLS.Certfile,
+					cfg.Server.UI.TLS.Keyfile,
+				),
+			)
+		}
+
+	},
+}
--- a/cmd/bottin/main_test.go
+++ b/cmd/bottin/main_test.go
@ -1,10 +1,12 @@
 package main

 import (
+	"crypto/tls"
 	"net/http"
 	"testing"

 	"codeberg.org/vlbeaudoin/voki/v3"
+	"git.agecem.com/agecem/bottin/v9/pkg/bottin"
 	"github.com/spf13/viper"
 )

@ -13,17 +15,28 @@ func init() {
 }

 func TestAPI(t *testing.T) {
-	var cfg Config
+	var cfg bottin.Config
 	if err := viper.Unmarshal(&cfg); err != nil {
 		t.Error(err)
 		return
 	}

-	httpClient := http.DefaultClient
+	//httpClient := http.DefaultClient
+	//defer httpClient.CloseIdleConnections()
+
+	transport := http.Transport{
+		TLSClientConfig: &tls.Config{
+			InsecureSkipVerify: true,
+		},
+	}
+
+	httpClient := http.Client{
+		Transport: &transport,
+	}
 	defer httpClient.CloseIdleConnections()

-	vokiClient := voki.New(httpClient, "localhost", cfg.API.Key, cfg.API.Port, "http")
-	apiClient := APIClient{vokiClient}
+	vokiClient := voki.New(&httpClient, "localhost", cfg.Client.API.Key, cfg.Client.API.Port, cfg.Client.API.Protocol)
+	apiClient := bottin.APIClient{Voki: vokiClient}

 	t.Run("get API health", func(t *testing.T) {
 		health, err := apiClient.GetHealth()
@ -41,9 +54,9 @@ func TestAPI(t *testing.T) {

 	t.Run("insert programmes",
 		func(t *testing.T) {
-			programmes := []Programme{
-				{"404.42", "Cool programme"},
-				{"200.10", "Autre programme"},
+			programmes := []bottin.Programme{
+				{ID: "404.42", Name: "Cool programme"},
+				{ID: "200.10", Name: "Autre programme"},
 			}
 			t.Log("programmes:", programmes)
 			_, err := apiClient.InsertProgrammes(programmes...)
@ -52,7 +65,7 @@ func TestAPI(t *testing.T) {
 			}
 		})

-	testMembres := []Membre{
+	testMembres := []bottin.Membre{
 		{
 			ID:          "0000000",
 			FirstName:   "Test",
--- a/compose.yaml
+++ b/compose.yaml
@ -0,0 +1,51 @@
+name: 'bottin'
+services:
+
+  db:
+    image: 'docker.io/library/postgres:16'
+    environment:
+      POSTGRES_DATABASE: "${BOTTIN_SERVER_API_DB_DATABASE:?}"
+      POSTGRES_PASSWORD: "${BOTTIN_SERVER_API_DB_PASSWORD:?}"
+      POSTGRES_USER: "${BOTTIN_SERVER_API_DB_USER:?}"
+    volumes:
+      - 'db-data:/var/lib/postgresql/data'
+    restart: 'unless-stopped'
+
+  api:
+    depends_on:
+      - db
+    build: ../..
+    image: 'git.agecem.com/agecem/bottin:latest'
+    env_file: '.env'
+    ports:
+      - '1312:1312'
+    volumes:
+      - 'api-config:/etc/bottin'
+    restart: 'unless-stopped'
+    command: ['bottin', '--config', '/etc/bottin/api.yaml', 'server', 'api']
+
+  ui:
+    depends_on: 
+      - api
+    build: ../..
+    image: 'git.agecem.com/agecem/bottin:latest'
+    env_file: '.env'
+    ports:
+      - '2312:2312'
+    volumes:
+      - 'ui-config:/etc/bottin'
+    restart: 'unless-stopped'
+    command: ['bottin', '--config', '/etc/bottin/ui.yaml', 'server', 'ui']
+  
+#  adminer:
+#    image: adminer
+#    restart: always
+#    ports:
+#      - 8088:8080
+#    depends_on:
+#      - db
+
+volumes:
+  db-data:
+  api-config:
+  ui-config:
--- a/config.go
+++ b/config.go
@ -1,268 +0,0 @@
-package main
-
-import (
-	"fmt"
-	"log"
-	"os"
-	"strings"
-
-	"github.com/spf13/cobra"
-	"github.com/spf13/viper"
-)
-
-const (
-	ViperAPIPort       string = "api.port"
-	FlagAPIPort        string = "api-port"
-	DefaultAPIPort     int    = 1312
-	DescriptionAPIPort string = "API server port"
-
-	ViperAPIKey       string = "api.key"
-	FlagAPIKey        string = "api-key"
-	DefaultAPIKey     string = "bottin"
-	DescriptionAPIKey string = "API server key. Leave empty for no key auth (not recommended)"
-
-	ViperDBDatabase       string = "db.database"
-	FlagDBDatabase        string = "db-database"
-	DefaultDBDatabase     string = "bottin"
-	DescriptionDBDatabase string = "Postgres database"
-
-	ViperDBSSLMode       string = "db.sslmode"
-	FlagDBSSLMode        string = "db-sslmode"
-	DefaultDBSSLMode     string = "prefer"
-	DescriptionDBSSLMode string = "Postgres sslmode"
-
-	ViperDBHost       string = "db.host"
-	FlagDBHost        string = "db-host"
-	DefaultDBHost     string = "db"
-	DescriptionDBHost string = "Postgres host"
-
-	ViperDBPassword       string = "db.password"
-	FlagDBPassword        string = "db-password"
-	DefaultDBPassword     string = "bottin"
-	DescriptionDBPassword string = "Postgres password"
-
-	ViperDBPort       string = "db.port"
-	FlagDBPort        string = "db-port"
-	DefaultDBPort     int    = 5432
-	DescriptionDBPort string = "Postgres port"
-
-	ViperDBUser       string = "db.user"
-	FlagDBUser        string = "db-user"
-	DefaultDBUser     string = "bottin"
-	DescriptionDBUser string = "Postgres user"
-
-	ViperWebUser       string = "web.user"
-	FlagWebUser        string = "web-user"
-	DefaultWebUser     string = "bottin"
-	DescriptionWebUser string = "Web client basic auth user"
-
-	ViperWebPassword       string = "web.password"
-	FlagWebPassword        string = "web-password"
-	DefaultWebPassword     string = "bottin"
-	DescriptionWebPassword string = "Web client basic auth password"
-
-	ViperWebPort       string = "web.port"
-	FlagWebPort        string = "web-port"
-	DefaultWebPort     int    = 2312
-	DescriptionWebPort string = "Web client port"
-
-	ViperWebAPIHost       string = "web.api.host"
-	FlagWebAPIHost        string = "web-api-host"
-	DefaultWebAPIHost     string = "api"
-	DescriptionWebAPIHost string = "Target API server host"
-
-	ViperWebAPIKey       string = "web.api.key"
-	FlagWebAPIKey        string = "web-api-key"
-	DefaultWebAPIKey     string = "bottin"
-	DescriptionWebAPIKey string = "Target API server key"
-
-	ViperWebAPIPort       string = "web.api.port"
-	FlagWebAPIPort        string = "web-api-port"
-	DefaultWebAPIPort     int    = 1312
-	DescriptionWebAPIPort string = "Target API server port"
-
-	ViperWebAPIProtocol       string = "web.api.protocol"
-	FlagWebAPIProtocol        string = "web-api-protocol"
-	DefaultWebAPIProtocol     string = "http"
-	DescriptionWebAPIProtocol string = "Target API server protocol (http/https)"
-)
-
-type Config struct {
-	API struct {
-		Port int    `yaml:"port"`
-		Key  string `yaml:"key"`
-	} `yaml:"api"`
-	DB struct {
-		Database string `yaml:"database"`
-		Host     string `yaml:"host"`
-		SSLMode  string `yaml:"sslmode"`
-		Password string `yaml:"password"`
-		Port     int    `yaml:"port"`
-		User     string `yaml:"user"`
-	} `yaml:"db"`
-	Web struct {
-		User     string `yaml:"user"`
-		Password string `yaml:"password"`
-		Port     int    `yaml:"port"`
-		API      struct {
-			Host     string `yaml:"host"`
-			Key      string `yaml:"key"`
-			Port     int    `yaml:"port"`
-			Protocol string `yaml:"protocol"`
-		} `yaml:"api"`
-	} `yaml:"web"`
-}
-
-// DefaultConfig returns a Config filled with the default values from the
-// `Default*` constants defined in this file.
-func DefaultConfig() (cfg Config) {
-	cfg.API.Port = DefaultAPIPort
-	cfg.API.Key = DefaultAPIKey
-	cfg.DB.Database = DefaultDBDatabase
-	cfg.DB.Host = DefaultDBHost
-	cfg.DB.SSLMode = DefaultDBSSLMode
-	cfg.DB.Password = DefaultDBPassword
-	cfg.DB.Port = DefaultDBPort
-	cfg.DB.User = DefaultDBUser
-	cfg.Web.User = DefaultWebUser
-	cfg.Web.Password = DefaultWebPassword
-	cfg.Web.Port = DefaultWebPort
-	cfg.Web.API.Host = DefaultWebAPIHost
-	cfg.Web.API.Key = DefaultWebAPIKey
-	cfg.Web.API.Port = DefaultWebAPIPort
-	cfg.Web.API.Protocol = DefaultWebAPIProtocol
-	return
-}
-
-func init() {
-	// rootCmd
-
-	cobra.OnInitialize(initConfig)
-
-	rootCmd.PersistentFlags().StringVar(&cfgFile, "config", "", "config file (default is $HOME/.bottin.yaml)")
-
-	// apiCmd
-
-	rootCmd.AddCommand(apiCmd)
-
-	// api.key
-	apiCmd.Flags().String(FlagAPIKey, DefaultAPIKey, DescriptionAPIKey)
-	if err := viper.BindPFlag(ViperAPIKey, apiCmd.Flags().Lookup(FlagAPIKey)); err != nil {
-		log.Fatal(err)
-	}
-
-	// api.port
-	apiCmd.Flags().Int(FlagAPIPort, DefaultAPIPort, DescriptionAPIPort)
-	if err := viper.BindPFlag(ViperAPIPort, apiCmd.Flags().Lookup(FlagAPIPort)); err != nil {
-		log.Fatal(err)
-	}
-
-	// db.database
-	apiCmd.Flags().String(FlagDBDatabase, DefaultDBDatabase, DescriptionDBDatabase)
-	if err := viper.BindPFlag(ViperDBDatabase, apiCmd.Flags().Lookup(FlagDBDatabase)); err != nil {
-		log.Fatal(err)
-	}
-
-	// db.sslmode
-	apiCmd.Flags().String(FlagDBSSLMode, DefaultDBSSLMode, DescriptionDBSSLMode)
-	if err := viper.BindPFlag(ViperDBSSLMode, apiCmd.Flags().Lookup(FlagDBSSLMode)); err != nil {
-		log.Fatal(err)
-	}
-
-	// db.host
-	apiCmd.Flags().String(FlagDBHost, DefaultDBHost, DescriptionDBHost)
-	if err := viper.BindPFlag(ViperDBHost, apiCmd.Flags().Lookup(FlagDBHost)); err != nil {
-		log.Fatal(err)
-	}
-
-	// db.password
-	apiCmd.Flags().String(FlagDBPassword, DefaultDBPassword, DescriptionDBPassword)
-	if err := viper.BindPFlag(ViperDBPassword, apiCmd.Flags().Lookup(FlagDBPassword)); err != nil {
-		log.Fatal(err)
-	}
-
-	// db.port
-	apiCmd.Flags().Int(FlagDBPort, DefaultDBPort, DescriptionDBPort)
-	if err := viper.BindPFlag(ViperDBPort, apiCmd.Flags().Lookup(FlagDBPort)); err != nil {
-		log.Fatal(err)
-	}
-
-	// db.user
-	apiCmd.Flags().String(FlagDBUser, DefaultDBUser, DescriptionDBUser)
-	if err := viper.BindPFlag(ViperDBUser, apiCmd.Flags().Lookup(FlagDBUser)); err != nil {
-		log.Fatal(err)
-	}
-
-	// WebCmd
-	rootCmd.AddCommand(webCmd)
-
-	// web.api.host
-	webCmd.Flags().String(FlagWebAPIHost, DefaultWebAPIHost, DescriptionWebAPIHost)
-	if err := viper.BindPFlag(ViperWebAPIHost, webCmd.Flags().Lookup(FlagWebAPIHost)); err != nil {
-		log.Fatal(err)
-	}
-
-	// web.api.key
-	webCmd.Flags().String(FlagWebAPIKey, DefaultWebAPIKey, DescriptionWebAPIKey)
-	if err := viper.BindPFlag(ViperWebAPIKey, webCmd.Flags().Lookup(FlagWebAPIKey)); err != nil {
-		log.Fatal(err)
-	}
-
-	// web.api.protocol
-	webCmd.Flags().String(FlagWebAPIProtocol, DefaultWebAPIProtocol, DescriptionWebAPIProtocol)
-	if err := viper.BindPFlag(ViperWebAPIProtocol, webCmd.Flags().Lookup(FlagWebAPIProtocol)); err != nil {
-		log.Fatal(err)
-	}
-
-	// web.api.port
-	webCmd.Flags().Int(FlagWebAPIPort, DefaultWebAPIPort, DescriptionWebAPIPort)
-	if err := viper.BindPFlag(ViperWebAPIPort, webCmd.Flags().Lookup(FlagWebAPIPort)); err != nil {
-		log.Fatal(err)
-	}
-
-	// web.password
-	webCmd.Flags().String(FlagWebPassword, DefaultWebPassword, DescriptionWebPassword)
-	if err := viper.BindPFlag(ViperWebPassword, webCmd.Flags().Lookup(FlagWebPassword)); err != nil {
-		log.Fatal(err)
-	}
-
-	// web.port
-	webCmd.Flags().Int(FlagWebPort, DefaultWebPort, DescriptionWebPort)
-	if err := viper.BindPFlag(ViperWebPort, webCmd.Flags().Lookup(FlagWebPort)); err != nil {
-		log.Fatal(err)
-	}
-
-	// web.user
-	webCmd.Flags().String(FlagWebUser, DefaultWebUser, DescriptionWebUser)
-	if err := viper.BindPFlag(ViperWebUser, webCmd.Flags().Lookup(FlagWebUser)); err != nil {
-		log.Fatal(err)
-	}
-}
-
-var cfgFile string
-
-// initConfig reads in config file and ENV variables if set.
-func initConfig() {
-	if cfgFile != "" {
-		// Use config file from the flag.
-		viper.SetConfigFile(cfgFile)
-	} else {
-		// Find home directory.
-		home, err := os.UserHomeDir()
-		cobra.CheckErr(err)
-
-		// Search config in home directory with name ".bottin" (without extension).
-		viper.AddConfigPath(home)
-		viper.SetConfigType("yaml")
-		viper.SetConfigName(".bottin")
-	}
-
-	viper.SetEnvPrefix("BOTTIN")
-	viper.SetEnvKeyReplacer(strings.NewReplacer(".", "_"))
-	viper.AutomaticEnv() // read in environment variables that match
-
-	// If a config file is found, read it in.
-	if err := viper.ReadInConfig(); err == nil {
-		fmt.Fprintln(os.Stderr, "Using config file:", viper.ConfigFileUsed())
-	}
-}
--- a/deployments/kubernetes/bottin-pod.yaml
+++ b/deployments/kubernetes/bottin-pod.yaml
@ -0,0 +1,60 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: bottin-pod
+spec:
+  initContainers:
+    - name: clone
+      image: alpine:3.20
+      command: ['sh', '-c']
+      args:
+        - apk add git &&
+          git clone -- https://git.agecem.com/agecem/bottin /opt/bottin-src
+      volumeMounts:
+        - name: bottin-src
+          mountPath: /opt/bottin-src
+    - name: build
+      image: golang:1.23
+      env:
+        - name: CGO_ENABLED
+          value: '0'
+      command: ['sh', '-c']
+      args:
+        - cd /opt/bottin-src &&
+          go build -a -o /opt/bottin-executable/bottin
+      volumeMounts:
+        - name: bottin-src
+          mountPath: /opt/bottin-src
+        - name: bottin-executable
+          mountPath: /opt/bottin-executable
+  containers:
+    - name: api
+      image: alpine:3.20
+      command: ['sh', '-c']
+      args:
+        - ln -s /opt/bottin-executable/bottin /usr/bin/bottin
+      volumeMounts:
+        - name: bottin-executable
+          mountPath: /opt/bottin-executable
+        - name: bottin-secret
+          readOnly: true
+          mountPath: '/etc/bottin'
+    - name: ui
+      image: alpine:3.20
+      command: ['sh', '-c']
+      args:
+        - bottin --config /etc/bottin/ui.yaml server ui
+      volumeMounts:
+        - name: bottin-executable
+          mountPath: /opt/bottin-executable
+        - name: bottin-secret
+          readOnly: true
+          mountPath: '/etc/bottin'
+  volumes:
+    - name: bottin-src
+      emptyDir: {}
+    - name: bottin-executable
+      emptyDir: {}
+    - name: bottin-secret
+      secret:
+        secretName: bottin-secret
--- a/deployments/kubernetes/example-bottin-secret.yaml
+++ b/deployments/kubernetes/example-bottin-secret.yaml
@ -0,0 +1,26 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: bottin-secret
+stringData:
+  api.yaml: |
+    bottin:
+      server:
+        api:
+          db:
+            database: 'bottin'
+            host: 'db.example.com'
+            password: 'bottin'
+            sslmode: 'require'
+            user: 'bottin'
+          key: 'bottin'
+  ui.yaml: |
+    bottin:
+      server:
+        ui:
+          api:
+            tls:
+              skipverify: 'true'
+            key: 'bottin'
+          password: 'bottin'
+          user: 'bottin'
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@ -1,57 +0,0 @@
-services:
-
-  db:
-    image: 'docker.io/library/postgres:16'
-    environment:
-      POSTGRES_DATABASE: "${BOTTIN_POSTGRES_DATABASE}"
-      POSTGRES_PASSWORD: "${BOTTIN_POSTGRES_PASSWORD}"
-      POSTGRES_USER: "${BOTTIN_POSTGRES_USER}"
-    volumes:
-      - 'db-data:/var/lib/postgresql/data'
-    restart: 'unless-stopped'
-
-  api:
-    depends_on:
-      - db
-    build: .
-    image: 'git.agecem.com/agecem/bottin:latest'
-    environment:
-      BOTTIN_DB_DATABASE: "${BOTTIN_POSTGRES_DATABASE}"
-      BOTTIN_DB_PASSWORD: "${BOTTIN_POSTGRES_PASSWORD}"
-      BOTTIN_DB_USER: "${BOTTIN_POSTGRES_USER}"
-      BOTTIN_API_KEY: "${BOTTIN_API_KEY}"
-    ports:
-      - '1312:1312'
-    volumes:
-      - 'api-config:/etc/bottin'
-    restart: 'unless-stopped'
-    command: ['bottin', '--config', '/etc/bottin/api.yaml', 'api']
-
-  web:
-    depends_on: 
-      - api
-    build: .
-    image: 'git.agecem.com/agecem/bottin:latest'
-    environment:
-      BOTTIN_WEB_API_KEY: "${BOTTIN_API_KEY}"
-      BOTTIN_WEB_PASSWORD: "${BOTTIN_WEB_PASSWORD}"
-      BOTTIN_WEB_USER: "${BOTTIN_WEB_USER}"
-    ports:
-      - '2312:2312'
-    volumes:
-      - 'web-config:/etc/bottin'
-    restart: 'unless-stopped'
-    command: ['bottin', '--config', '/etc/bottin/web.yaml', 'web']
-  
-#  adminer:
-#    image: adminer
-#    restart: always
-#    ports:
-#      - 8088:8080
-#    depends_on:
-#      - db
-
-volumes:
-  db-data:
-  api-config:
-  web-config:
--- a/go.mod
+++ b/go.mod
@ -1,4 +1,4 @@
-module git.agecem.com/agecem/bottin/v7
+module git.agecem.com/agecem/bottin/v9

 go 1.22.0

--- a/main.go
+++ b/main.go
@ -1,18 +0,0 @@
-package main
-
-func main() {
-	/* TODO
-	if err := Run(context.Background(), Config{}, nil, os.Stdout); err != nil {
-		log.Fatal(err)
-	}
-	*/
-
-	// Handle the command-line via cobra and viper
-	execute()
-}
-
-/* TODO
-func Run(ctx context.Context, config Config, args []string, stdout io.Writer) error {
-	return fmt.Errorf("not implemented")
-}
-*/
--- a/pkg/bottin/client.go
+++ b/pkg/bottin/client.go
@ -1,4 +1,4 @@
-package main
+package bottin

 import (
 	"fmt"
--- a/pkg/bottin/config.go
+++ b/pkg/bottin/config.go
@ -0,0 +1,53 @@
+package bottin
+
+type Config struct {
+	Client struct {
+		API struct {
+			Host     string `yaml:"host"`
+			Key      string `yaml:"key"`
+			Port     int    `yaml:"port"`
+			Protocol string `yaml:"protocol"`
+		} `yaml:"api"`
+	} `yaml:"client"`
+
+	Server struct {
+		API struct {
+			DB struct {
+				Database string `yaml:"database"`
+				Host     string `yaml:"host"`
+				Password string `yaml:"password"`
+				Port     int    `yaml:"port"`
+				SSLMode  string `yaml:"sslmode"`
+				User     string `yaml:"user"`
+			} `yaml:"db"`
+			Host string `yaml:"host"`
+			Key  string `yaml:"key"`
+			Port int    `yaml:"port"`
+			TLS  struct {
+				Enabled  bool   `yaml:"enabled"`
+				Certfile string `yaml:"certfile"`
+				Keyfile  string `yaml:"keyfile"`
+			} `yaml:"tls"`
+		} `yaml:"api"`
+		UI struct {
+			API struct {
+				Host     string `yaml:"host"`
+				Key      string `yaml:"key"`
+				Port     int    `yaml:"port"`
+				Protocol string `yaml:"protocol"`
+				TLS      struct {
+					SkipVerify bool `yaml:"skipverify"`
+				} `yaml:"tls"`
+			} `yaml:"api"`
+			Host     string `yaml:"host"`
+			Password string `yaml:"password"`
+			Port     int    `yaml:"port"`
+			TLS      struct {
+				Enabled  bool   `yaml:"enabled"`
+				Certfile string `yaml:"certfile"`
+				Keyfile  string `yaml:"keyfile"`
+			} `yaml:"tls"`
+			User string `yaml:"user"`
+		} `yaml:"ui"`
+	} `yaml:"server"`
+}
--- a/pkg/bottin/db.go
+++ b/pkg/bottin/db.go
@ -1,20 +1,15 @@
-package main
+package bottin

 import (
 	"context"
 	_ "embed"
 	"fmt"

+	"git.agecem.com/agecem/bottin/v9/queries"
 	"github.com/jackc/pgx/v5"
 	"github.com/jackc/pgx/v5/pgxpool"
 )

-//go:embed sql/schema.sql
-var sqlSchema string
-
-//go:embed sql/views.sql
-var sqlViews string
-
 type PostgresClient struct {
 	//TODO move context out of client
 	Ctx  context.Context
@ -22,12 +17,12 @@ type PostgresClient struct {
 }

 func (db *PostgresClient) CreateOrReplaceSchema() error {
-	_, err := db.Pool.Exec(db.Ctx, sqlSchema)
+	_, err := db.Pool.Exec(db.Ctx, queries.SQLSchema())
 	return err
 }

 func (db *PostgresClient) CreateOrReplaceViews() error {
-	_, err := db.Pool.Exec(db.Ctx, sqlViews)
+	_, err := db.Pool.Exec(db.Ctx, queries.SQLViews())
 	return err
 }

--- a/pkg/bottin/entity.go
+++ b/pkg/bottin/entity.go
@ -1,4 +1,4 @@
-package main
+package bottin

 import "unicode"

--- a/pkg/bottin/request.go
+++ b/pkg/bottin/request.go
@ -1,4 +1,4 @@
-package main
+package bottin

 import (
 	"bytes"
@ -23,7 +23,7 @@ func (request HealthGETRequest) Request(v *voki.Voki) (response HealthGETRespons

 	statusCode, body, err := v.CallAndParse(
 		http.MethodGet,
-		"/api/v7/health/",
+		"/api/v9/health/",
 		nil,
 		true,
 	)
@ -64,7 +64,7 @@ func (request ProgrammesPOSTRequest) Request(v *voki.Voki) (response ProgrammesP

 	statusCode, body, err := v.CallAndParse(
 		http.MethodPost,
-		"/api/v7/programme/",
+		"/api/v9/programme/",
 		&buf,
 		true,
 	)
@ -105,7 +105,7 @@ func (request MembresPOSTRequest) Request(v *voki.Voki) (response MembresPOSTRes

 	statusCode, body, err := v.CallAndParse(
 		http.MethodPost,
-		"/api/v7/membre/",
+		"/api/v9/membre/",
 		&buf,
 		true,
 	)
@ -146,7 +146,7 @@ func (request MembreGETRequest) Request(v *voki.Voki) (response MembreGETRespons

 	statusCode, body, err := v.CallAndParse(
 		http.MethodGet,
-		fmt.Sprintf("/api/v7/membre/%s/", request.Param.MembreID),
+		fmt.Sprintf("/api/v9/membre/%s/", request.Param.MembreID),
 		nil,
 		true,
 	)
@ -180,7 +180,7 @@ func (request MembresGETRequest) Request(v *voki.Voki) (response MembresGETRespo

 	statusCode, body, err := v.CallAndParse(
 		http.MethodGet,
-		fmt.Sprintf("/api/v7/membre/?limit=%d", request.Query.Limit),
+		fmt.Sprintf("/api/v9/membre/?limit=%d", request.Query.Limit),
 		nil,
 		true,
 	)
@ -224,7 +224,7 @@ func (request MembrePreferedNamePUTRequest) Request(v *voki.Voki) (response Memb

 	statusCode, body, err := v.CallAndParse(
 		http.MethodPut,
-		fmt.Sprintf("/api/v7/membre/%s/prefered_name/", request.Param.MembreID),
+		fmt.Sprintf("/api/v9/membre/%s/prefered_name/", request.Param.MembreID),
 		&buf,
 		true,
 	)
@ -258,7 +258,7 @@ func (request ProgrammesGETRequest) Request(v *voki.Voki) (response ProgrammesGE

 	statusCode, body, err := v.CallAndParse(
 		http.MethodGet,
-		fmt.Sprintf("/api/v7/programme/?limit=%d", request.Query.Limit),
+		fmt.Sprintf("/api/v9/programme/?limit=%d", request.Query.Limit),
 		nil,
 		true,
 	)
@ -292,7 +292,7 @@ func (request MembresDisplayGETRequest) Request(v *voki.Voki) (response MembresD

 	statusCode, body, err := v.CallAndParse(
 		http.MethodGet,
-		fmt.Sprintf("/api/v7/membre/display/?limit=%d", request.Query.Limit),
+		fmt.Sprintf("/api/v9/membre/display/?limit=%d", request.Query.Limit),
 		nil,
 		true,
 	)
@ -333,7 +333,7 @@ func (request MembreDisplayGETRequest) Request(v *voki.Voki) (response MembreDis

 	statusCode, body, err := v.CallAndParse(
 		http.MethodGet,
-		fmt.Sprintf("/api/v7/membre/%s/display/", request.Param.MembreID),
+		fmt.Sprintf("/api/v9/membre/%s/display/", request.Param.MembreID),
 		nil,
 		true,
 	)
--- a/pkg/bottin/response.go
+++ b/pkg/bottin/response.go
@ -1,4 +1,4 @@
-package main
+package bottin

 import (
 	"fmt"
--- a/pkg/bottin/routes.go
+++ b/pkg/bottin/routes.go
@ -1,4 +1,4 @@
-package main
+package bottin

 import (
 	"encoding/csv"
@ -13,11 +13,11 @@ import (
 	"github.com/labstack/echo/v4"
 )

-func addRoutes(e *echo.Echo, db *PostgresClient, cfg Config) error {
+func AddRoutes(e *echo.Echo, db *PostgresClient, cfg Config) error {
 	_ = db
 	_ = cfg

-	apiPath := "/api/v7"
+	apiPath := "/api/v9"
 	apiGroup := e.Group(apiPath)
 	p := pave.New()
 	if err := pave.EchoRegister[HealthGETRequest](
@ -248,7 +248,8 @@ func addRoutes(e *echo.Echo, db *PostgresClient, cfg Config) error {
 				}

 			} else {
-				//TODO cfg.API.DefaultLimit
+				//TODO cfg.Server.API.DefaultLimit
+				//TODO cfg.Client.API.Limit
 				request.Query.Limit = 1000
 			}

--- a/queries/queries.go
+++ b/queries/queries.go
@ -0,0 +1,14 @@
+package queries
+
+import (
+	_ "embed"
+)
+
+//go:embed schema.sql
+var sqlSchema string
+
+//go:embed views.sql
+var sqlViews string
+
+func SQLSchema() string { return sqlSchema }
+func SQLViews() string  { return sqlViews }
--- a/queries/schema.sql
+++ b/queries/schema.sql
--- a/queries/views.sql
+++ b/queries/views.sql
--- a/scripts/compose-inject-x509.sh
+++ b/scripts/compose-inject-x509.sh
@ -0,0 +1,6 @@
+#!/bin/sh
+
+docker-compose cp cert.pem api:/etc/bottin/cert.pem
+docker-compose cp key.pem api:/etc/bottin/key.pem
+docker-compose cp cert.pem ui:/etc/bottin/cert.pem
+docker-compose cp key.pem ui:/etc/bottin/key.pem
--- a/scripts/generate-self-signed-x509.sh
+++ b/scripts/generate-self-signed-x509.sh
@ -0,0 +1,2 @@
+#!/bin/sh
+openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes
--- a/templates/templates.go
+++ b/templates/templates.go
@ -1,4 +1,4 @@
-package main
+package templates

 import (
 	"embed"
@ -8,7 +8,7 @@ import (
 	"github.com/labstack/echo/v4"
 )

-//go:embed templates/*
+//go:embed *.html
 var templatesFS embed.FS

 type Template struct {
@ -18,3 +18,10 @@ type Template struct {
 func (t *Template) Render(w io.Writer, name string, data interface{}, c echo.Context) error {
 	return t.templates.ExecuteTemplate(w, name, data)
 }
+
+// NewTemplate returns a new Template instance with templates embedded from *.html
+func NewTemplate() *Template {
+	return &Template{
+		templates: template.Must(template.ParseFS(templatesFS, "*.html")),
+	}
+}
Author	SHA1	Message	Date
Victor Lacasse-Beaudoin	68074dcd85	Merge pull request 'docs: rapporter ancien README.md' (#69 ) from vlbeaudoin/docs/readme into main Reviewed-on: #69	2024-09-19 14:41:55 -04:00
Victor Lacasse-Beaudoin	1ad0d61477	docs: rapporter ancien README.md	2024-09-19 14:41:24 -04:00
Victor Lacasse-Beaudoin	e96033eb80	Merge pull request 'major: séparer commande de librairie importable' (#67 ) from vlbeaudoin/major/v9 into main Reviewed-on: #67	2024-09-18 19:14:04 -04:00
Victor Lacasse-Beaudoin	b419a5b260	major: séparer commande de librairie importable Bump major version à 9 package main déplacé vers cmd/bottin/ pour garder `go install` qui nomme l'exécutable `bottin`, sans empêcher d'importer le code à l'extérieur du projet avec pkg/bottin/. Déplacer fichiers SQL vers queries/ Déplacer fichiers html vers templates/ Ajouter scripts/ avec génération et injection de certificats x509 (https) et les ajouter au Makefile Ajouter début d'exemple de manifests dans deployments/kubernetes/	2024-09-18 19:06:33 -04:00
Victor Lacasse-Beaudoin	a17d6bf06c	Merge pull request 'fix(Dockerfile): utiliser version de alpine qui existe actually' (#66 ) from vlbeaudoin/fix/dockerfile-alpine-version into main Reviewed-on: #66	2024-09-03 17:07:02 -04:00
Victor Lacasse-Beaudoin	0640395fd2	fix(Dockerfile): utiliser version de alpine qui existe actually	2024-09-03 17:06:10 -04:00
Victor Lacasse-Beaudoin	d29ef1b5ef	Merge pull request 'chores(Dockerfile): bump alpine -> 3.20.3' (#65 ) from vlbeaudoin/chores/bump-alpine into main Reviewed-on: #65	2024-09-03 17:03:09 -04:00
Victor Lacasse-Beaudoin	545b38c0db	Merge pull request 'chores(Dockerfile): bump golang -> 1.23.0' (#64 ) from vlbeaudoin/chores/bump-go into main Reviewed-on: #64	2024-09-03 17:03:02 -04:00
Victor Lacasse-Beaudoin	882553521a	chores(Dockerfile): bump alpine -> 3.20.3	2024-09-03 17:02:20 -04:00
Victor Lacasse-Beaudoin	c9a45f8db8	chores(Dockerfile): bump golang -> 1.23.0	2024-09-03 17:01:34 -04:00
Victor Lacasse-Beaudoin	f874c449a7	Merge pull request 'feature(compose): directly inject .env file à containers api et ui' (#63 ) from vlbeaudoin/feature/inject-env-file into main Reviewed-on: #63	2024-09-03 16:58:53 -04:00
Victor Lacasse-Beaudoin	bdff81c6b2	feature(compose): directly inject .env file à containers api et ui	2024-09-03 16:58:25 -04:00
Victor Lacasse-Beaudoin	c0b8ceafa9	Merge pull request 'feature(cmd): implémenter UI API TLS skip verify' (#62 ) from vlbeaudoin/feature/ui-allow-selfsigned-api-tls into main Reviewed-on: #62	2024-09-03 16:44:18 -04:00
Victor Lacasse-Beaudoin	9072f7114a	feature(cmd): implémenter UI API TLS skip verify	2024-09-03 16:43:22 -04:00
Victor Lacasse-Beaudoin	2b6c631d64	fix(compose): adjust `.env` inject	2024-09-03 16:42:25 -04:00
Victor Lacasse-Beaudoin	7ddf89a859	feature(config): add `server.ui.api.tls.skipverify`	2024-09-03 16:42:14 -04:00
Victor Lacasse-Beaudoin	1a847209f4	Merge pull request 'feature: ajouter cfg.Server.UI.Host et implémenter UI TLS' (#61 ) from vlbeaudoin/feature/ui-tls into main Reviewed-on: #61	2024-07-23 11:48:40 -04:00
Victor Lacasse-Beaudoin	f5aa25a12a	feature: ajouter cfg.Server.UI.Host et implémenter UI TLS	2024-07-23 11:46:37 -04:00
Victor Lacasse-Beaudoin	61c4ef80f5	Merge pull request 'fix: considérer cfg.Server.API.Host' (#60 ) from vlbeaudoin/fix/api-check-host into main Reviewed-on: #60	2024-07-23 11:45:52 -04:00
Victor Lacasse-Beaudoin	8a9decfe6c	fix: considérer cfg.Server.API.Host Valeur n'avait aucun effet précédemment, permet maintenant de choisir sur quel hôte le serveur API est rejoignable	2024-07-23 11:44:41 -04:00
Victor Lacasse-Beaudoin	31bcdbac20	Merge pull request 'fix: vérifier existence de certfile et keyfile pour API' (#59 ) from vlbeaudoin/fix/check-api-cert-and-key into main Reviewed-on: #59	2024-07-23 11:41:47 -04:00
Victor Lacasse-Beaudoin	03c9ad5f3c	fix: vérifier existence de certfile et keyfile pour API Au lieu de print leur valeur à l'écran	2024-07-23 11:40:40 -04:00
Victor Lacasse-Beaudoin	537f1a8a1a	Merge pull request 'rework: config and cmd' (#58 ) from vlbeaudoin/rework/config into main Reviewed-on: #58	2024-07-15 16:55:02 -04:00
Victor Lacasse-Beaudoin	e14ff3d04e	Merge pull request 'fix: implémenter correctement tls certfile et keyfile' (#55 ) from vlbeaudoin/fix/tls into main Reviewed-on: #55	2024-09-06 20:38:02 -05:00
Victor Lacasse-Beaudoin	6579ea45f9	Merge pull request 'Permettre d'exposer le serveur API par https' (#54 ) from vlbeaudoin/feature/tls-api into main Reviewed-on: #54	2024-09-03 13:29:11 -05:00
Victor Lacasse-Beaudoin	eb1982898c	rework: config and cmd Renamed `web` command to `server ui` (web is still an alias to ui) Completely changed the config options and flags Usage of PersistentFlags now allow clearer `--help` BREAKING: cmd modified BREAKING: config overhauled BREAKING: Bump API to v8	2024-07-15 16:52:04 -04:00
Victor Lacasse-Beaudoin	8c074dd443	fix: implémenter correctement tls certfile et keyfile test: ne pas vérifier le certificat avant de l'accepter	2024-07-07 03:58:15 -04:00
Victor Lacasse-Beaudoin	a9f1682634	fix(test): ajuster TLS client voki selon config	2024-07-03 20:53:17 -04:00
Victor Lacasse-Beaudoin	4ce3d9f60b	feature(api): permettre d'exposer le serveur API par https Requiert `cfg.API.TLS.Enabled = true` et des fichiers valides pour `cfg.API.TLS.{CertificateFile,PrivateKeyFile}`	2024-07-03 20:51:57 -04:00
Victor Lacasse-Beaudoin	150782c42f	feature(config): ajouter options TLS	2024-07-03 20:51:43 -04:00