package main
import (
"bufio"
"crypto/rand"
"crypto/sha256"
"crypto/tls"
"database/sql"
"encoding/base64"
"fmt"
"html/template"
"io"
"math/big"
"net"
"net/http"
"net/http/httputil"
"net/smtp"
"os"
"path/filepath"
"sort"
"strings"
"time"
"golang.org/x/crypto/acme/autocert"
_ "github.com/mattn/go-sqlite3"
"inou/lib"
)
var (
db *sql.DB
templates *template.Template
translations map[string]map[string]string
smtpHost, smtpPort, smtpUser, smtpToken, smtpFrom string
)
const (
langDir = "lang"
tmplDir = "templates"
staticDir = "static"
uploadsDir = "uploads"
dbPath = "data/inou.db"
minAge = 18
)
type Dossier struct {
GUID, EmailHash, Email, Name, DOB, Sex, Phone, Language, Timezone string
CreatedAt, LastLogin time.Time
}
type AccessEntry struct {
GUID, Name, Relation string
IsCareReceiver, CanEdit, IsSelf, IsPending bool
AccessedAt time.Time
}
type PageData struct {
Page, Lang, Title, Error, Success, Email, Name, DOB, Sex, Relation, RecipientName, EmailLang string
IsCareReceiver, CanEdit, ShowDetails, CanManageAccess, Uploads, HasImaging bool
UploadCount int
UploadSize string
T map[string]string
Dossier, TargetDossier *Dossier
AccessibleDossiers, AccessList []AccessEntry
UploadList []Upload
Studies []Study
HasLabs bool
StudyCount, LabCount, TotalSlices int
}
type Upload struct {
ID int
FileName, FilePath, SizeHuman, UploadedAt, ExpiresAt, DeletedReason string
Category, Status string
Deleted bool
}
type Series struct {
GUID, Description, Modality string
SliceCount int
}
type Study struct {
GUID, Date, Description, Institution, Modality string
SeriesCount, SliceCount int
Series []Series
}
func initDB() {
var err error
db, err = sql.Open("sqlite3", dbPath)
if err != nil { panic(err) }
db.Exec(`CREATE TABLE IF NOT EXISTS dossiers (guid TEXT PRIMARY KEY, email_hash TEXT UNIQUE NOT NULL, email TEXT, name TEXT, date_of_birth TEXT, sex TEXT, phone TEXT, language TEXT DEFAULT 'en', timezone TEXT, auth_code TEXT NOT NULL DEFAULT '', auth_code_expires_at TIMESTAMP NOT NULL DEFAULT '1900-01-01 00:00:00', invited_by_dossier_guid TEXT, created_at TIMESTAMP, last_login TIMESTAMP)`)
db.Exec(`CREATE TABLE IF NOT EXISTS dossier_access (accessor_dossier_guid TEXT, target_dossier_guid TEXT, relation TEXT, is_care_receiver BOOLEAN DEFAULT FALSE, can_edit BOOLEAN DEFAULT FALSE, created_at TIMESTAMP, accessed_at TIMESTAMP, PRIMARY KEY (accessor_dossier_guid, target_dossier_guid))`)
db.Exec(`CREATE TABLE IF NOT EXISTS audit (id INTEGER PRIMARY KEY AUTOINCREMENT, dossier_guid TEXT, action TEXT, target_dossier_guid TEXT, details TEXT, created_at TIMESTAMP)`)
db.Exec(`CREATE INDEX IF NOT EXISTS idx_dossiers_email_hash ON dossiers(email_hash)`)
db.Exec(`CREATE INDEX IF NOT EXISTS idx_access_accessor ON dossier_access(accessor_dossier_guid)`)
db.Exec(`CREATE INDEX IF NOT EXISTS idx_access_target ON dossier_access(target_dossier_guid)`)
db.Exec(`CREATE TABLE IF NOT EXISTS uploads (id INTEGER PRIMARY KEY AUTOINCREMENT, dossier_guid TEXT NOT NULL, file_name TEXT NOT NULL, file_path TEXT NOT NULL, size_bytes INTEGER, uploaded_by TEXT, uploaded_at TIMESTAMP, expires_at TIMESTAMP, deleted_at TIMESTAMP, deleted_reason TEXT, category TEXT DEFAULT 'other', status TEXT DEFAULT 'uploaded')`)
}
func loadTranslations() {
translations = make(map[string]map[string]string)
files, _ := filepath.Glob(filepath.Join(langDir, "*.yaml"))
for _, f := range files {
lang := strings.TrimSuffix(filepath.Base(f), ".yaml")
translations[lang] = make(map[string]string)
file, _ := os.Open(f)
if file == nil { continue }
scanner := bufio.NewScanner(file)
for scanner.Scan() {
line := scanner.Text()
if idx := strings.Index(line, ": "); idx > 0 {
translations[lang][line[:idx]] = strings.Trim(line[idx+2:], "\"'")
}
}
file.Close()
}
}
func T(lang, key string) string {
if t, ok := translations[lang]; ok { if s, ok := t[key]; ok { return s } }
if t, ok := translations["en"]; ok { if s, ok := t[key]; ok { return s } }
return "[" + key + "]"
}
func getLang(r *http.Request) string {
if c, err := r.Cookie("lang"); err == nil { if _, ok := translations[c.Value]; ok { return c.Value } }
return "en"
}
func loadTemplates() { templates = template.Must(template.ParseGlob(filepath.Join(tmplDir, "*.tmpl"))) }
func loadSMTPConfig() {
data, _ := os.ReadFile("smtp.env")
for _, line := range strings.Split(string(data), "\n") {
parts := strings.SplitN(line, "=", 2)
if len(parts) != 2 { continue }
switch parts[0] {
case "SMTP_HOST": smtpHost = parts[1]
case "SMTP_PORT": smtpPort = parts[1]
case "SMTP_USER": smtpUser = parts[1]
case "SMTP_TOKEN": smtpToken = parts[1]
case "SMTP_FROM_NAME": smtpFrom = parts[1]
}
}
}
func emailHash(email string) string {
h := sha256.Sum256([]byte(strings.ToLower(strings.TrimSpace(email))))
return base64.StdEncoding.EncodeToString(h[:])
}
func randomHash() string { b := make([]byte, 32); rand.Read(b); return base64.StdEncoding.EncodeToString(b) }
func generateUUID() string {
b := make([]byte, 16); rand.Read(b)
return fmt.Sprintf("%x-%x-%x-%x-%x", b[0:4], b[4:6], b[6:8], b[8:10], b[10:])
}
func generateCode() string {
code := make([]byte, 6)
for i := range code { n, _ := rand.Int(rand.Reader, big.NewInt(10)); code[i] = '0' + byte(n.Int64()) }
return string(code)
}
func isMinor(dob string) bool {
t, err := time.Parse("2006-01-02", dob)
if err != nil { return true }
age := time.Now().Year() - t.Year()
if time.Now().YearDay() < t.YearDay() { age-- }
return age < minAge
}
func getLoggedInDossier(r *http.Request) *Dossier {
cookie, err := r.Cookie("login")
if err != nil || cookie.Value == "" { return nil }
var p Dossier
var email, name, dob, sex, phone, tz sql.NullString
err = db.QueryRow(`SELECT guid, email_hash, email, name, date_of_birth, sex, phone, language, timezone, created_at, last_login FROM dossiers WHERE email_hash = ?`, cookie.Value).Scan(&p.GUID, &p.EmailHash, &email, &name, &dob, &sex, &phone, &p.Language, &tz, &p.CreatedAt, &p.LastLogin)
if err != nil { return nil }
if email.Valid { p.Email = lib.CryptoDecrypt(email.String) }
if name.Valid { p.Name = lib.CryptoDecrypt(name.String) }
if dob.Valid { p.DOB = lib.CryptoDecrypt(dob.String) }
if sex.Valid { p.Sex = lib.CryptoDecrypt(sex.String) }
if phone.Valid { p.Phone = lib.CryptoDecrypt(phone.String) }
if tz.Valid { p.Timezone = tz.String }
return &p
}
func setLoginCookie(w http.ResponseWriter, hash string) {
http.SetCookie(w, &http.Cookie{Name: "login", Value: hash, Path: "/", MaxAge: 30*24*60*60, HttpOnly: true, Secure: true, SameSite: http.SameSiteLaxMode})
}
func clearLoginCookie(w http.ResponseWriter) {
http.SetCookie(w, &http.Cookie{Name: "login", Value: "", Path: "/", MaxAge: -1, HttpOnly: true, Secure: true})
}
func auditLog(dossierGUID, action, targetGUID, details string) {
db.Exec(`INSERT INTO audit (dossier_guid, action, target_dossier_guid, details, created_at) VALUES (?, ?, ?, ?, ?)`, dossierGUID, action, targetGUID, lib.CryptoEncrypt(details), time.Now())
}
func sendEmail(toEmail, subject, html string) error {
if smtpHost == "" { return nil }
conn, err := net.Dial("tcp", smtpHost+":"+smtpPort)
if err != nil { return err }
defer conn.Close()
client, err := smtp.NewClient(conn, smtpHost)
if err != nil { return err }
defer client.Close()
if err = client.StartTLS(&tls.Config{ServerName: smtpHost}); err != nil { return err }
if err = client.Auth(smtp.PlainAuth("", smtpUser, smtpToken, smtpHost)); err != nil { return err }
if err = client.Mail(smtpUser); err != nil { return err }
if err = client.Rcpt(toEmail); err != nil { return err }
w, err := client.Data()
if err != nil { return err }
msg := "From: " + smtpFrom + " <" + smtpUser + ">\r\nTo: " + toEmail + "\r\nSubject: " + subject + "\r\nMIME-Version: 1.0\r\nContent-Type: text/html; charset=utf-8\r\n\r\n" + html
w.Write([]byte(msg))
return w.Close()
}
func sendCodeEmail(email, code, lang string) error {
html := fmt.Sprintf(`
inou
your health data, your AI
Your verification code is:
%s
This code expires in 10 minutes.
`, code)
return sendEmail(email, "Your inou verification code", html)
}
func sendEmailWithFrom(toEmail, fromName, subject, html string) error {
if smtpHost == "" { return nil }
conn, err := net.Dial("tcp", smtpHost+":"+smtpPort)
if err != nil { return err }
defer conn.Close()
client, err := smtp.NewClient(conn, smtpHost)
if err != nil { return err }
defer client.Close()
if err = client.StartTLS(&tls.Config{ServerName: smtpHost}); err != nil { return err }
if err = client.Auth(smtp.PlainAuth("", smtpUser, smtpToken, smtpHost)); err != nil { return err }
if err = client.Mail(smtpUser); err != nil { return err }
if err = client.Rcpt(toEmail); err != nil { return err }
w, err := client.Data()
if err != nil { return err }
displayFrom := fromName + " via inou"
msg := "From: " + displayFrom + " <" + smtpUser + ">\r\nTo: " + toEmail + "\r\nSubject: " + subject + "\r\nMIME-Version: 1.0\r\nContent-Type: text/html; charset=utf-8\r\n\r\n" + html
w.Write([]byte(msg))
return w.Close()
}
func getFirstName(fullName string) string {
parts := strings.Fields(fullName)
if len(parts) > 0 { return parts[0] }
return fullName
}
func sendShareEmail(toEmail, recipientName, targetName, fromName string, canEdit bool, lang string) error {
firstName := getFirstName(recipientName)
// Email translations
subjects := map[string]string{
"en": "%s's health dossier — from %s",
"nl": "%s's gezondheidsdossier — van %s",
"ru": "Медицинское досье %s — от %s",
}
p1 := map[string]string{
"en": "We've shared %s's health dossier with you on inou, the secure way to store health data and explore it with AI. We're using it to keep all of %s's health information in one place — medical records, imaging studies, lab results, and more.",
"nl": "We hebben %s's gezondheidsdossier met je gedeeld op inou, de veilige manier om gezondheidsgegevens op te slaan en te verkennen met AI. We gebruiken het om alle gezondheidsinformatie van %s op één plek te bewaren — medische dossiers, beeldvorming, labresultaten en meer.",
"ru": "Мы открыли вам доступ к медицинскому досье %s на inou — безопасном способе хранить медицинские данные и анализировать их с помощью ИИ. Мы используем его, чтобы хранить всю медицинскую информацию %s в одном месте — медицинские записи, снимки, результаты анализов и многое другое.",
}
p2 := map[string]string{
"en": "The real power is that we can use AI to make sense of it all: understand what an MRI report actually means, spot trends in lab results over time, or ask questions in plain language and get clear answers. The more complete %s's dossier is, the better the insights we can get.",
"nl": "De echte kracht is dat we AI kunnen gebruiken om alles te begrijpen: begrijpen wat een MRI-rapport echt betekent, trends in labresultaten ontdekken, of vragen stellen in gewone taal en duidelijke antwoorden krijgen. Hoe completer %s's dossier is, hoe beter de inzichten die we kunnen krijgen.",
"ru": "Настоящая сила в том, что мы можем использовать ИИ, чтобы разобраться во всём: понять, что на самом деле означает заключение МРТ, отследить тенденции в результатах анализов или задать вопросы простым языком и получить понятные ответы. Чем полнее досье %s, тем лучше выводы мы сможем получить.",
}
cta := map[string]string{
"en": "Click the button below to sign in. Just enter your email address and you'll receive a six-digit code for immediate access.",
"nl": "Klik op de knop hieronder om in te loggen. Voer gewoon je e-mailadres in en je ontvangt een zescijferige code voor directe toegang.",
"ru": "Нажмите кнопку ниже, чтобы войти. Просто введите свой email, и вы получите шестизначный код для мгновенного доступа.",
}
btn := map[string]string{
"en": "Sign in to inou",
"nl": "Inloggen bij inou",
"ru": "Войти в inou",
}
canEditText := map[string]string{
"en": "You have permission to add information to %s's dossier. Whether it's observations from a session, notes from a conversation, or documents — every detail helps build a fuller picture. We're grateful for anything you can contribute to make %s's dossier as complete as possible.",
"nl": "Je hebt toestemming om informatie toe te voegen aan %s's dossier. Of het nu gaat om observaties van een sessie, notities van een gesprek of documenten — elk detail helpt een vollediger beeld te vormen. We zijn dankbaar voor alles wat je kunt bijdragen om %s's dossier zo compleet mogelijk te maken.",
"ru": "У вас есть разрешение добавлять информацию в досье %s. Будь то наблюдения после сеанса, заметки из разговора или документы — каждая деталь помогает создать более полную картину. Мы благодарны за всё, чем вы можете дополнить досье %s.",
}
thanks := map[string]string{
"en": "Thank you for being part of %s's health journey.",
"nl": "Bedankt dat je deel uitmaakt van %s's gezondheidsreis.",
"ru": "Спасибо, что вы участвуете в заботе о здоровье %s.",
}
if lang == "" { lang = "en" }
if _, ok := subjects[lang]; !ok { lang = "en" }
subject := fmt.Sprintf(subjects[lang], targetName, fromName)
canEditHtml := ""
if canEdit {
canEditHtml = fmt.Sprintf(`
%s
`, fmt.Sprintf(canEditText[lang], targetName, targetName))
}
html := fmt.Sprintf(`
`,
firstName,
fmt.Sprintf(p1[lang], targetName, targetName),
fmt.Sprintf(p2[lang], targetName),
cta[lang],
btn[lang],
canEditHtml,
fmt.Sprintf(thanks[lang], targetName),
fromName)
return sendEmailWithFrom(toEmail, fromName, subject, html)
}
func sendFriendInviteEmail(toEmail, recipientName, fromName, lang string) error {
firstName := getFirstName(recipientName)
subjects := map[string]string{
"en": "Check this out — %s",
"nl": "Kijk hier eens naar — %s",
"ru": "Посмотри — %s",
}
p1 := map[string]string{
"en": "I've been using inou, the secure way to store health data and explore it with AI. It keeps all my family's health information in one place — imaging studies, lab results, medical records — and I thought you might find it useful too.",
"nl": "Ik gebruik inou, de veilige manier om gezondheidsgegevens op te slaan en te verkennen met AI. Het houdt alle gezondheidsinformatie van mijn familie op één plek — beeldvorming, labresultaten, medische dossiers — en ik dacht dat jij het misschien ook handig zou vinden.",
"ru": "Я использую inou — безопасный способ хранить медицинские данные и анализировать их с помощью ИИ. Там хранится вся медицинская информация моей семьи — снимки, результаты анализов, медицинские записи — и я подумал, что тебе тоже может пригодиться.",
}
p2 := map[string]string{
"en": "The real power is being able to use AI to make sense of it all: understand what a report actually means, spot trends over time, or just ask questions in plain language and get clear answers.",
"nl": "De echte kracht is dat je AI kunt gebruiken om alles te begrijpen: begrijpen wat een rapport echt betekent, trends in de tijd ontdekken, of gewoon vragen stellen in gewone taal en duidelijke antwoorden krijgen.",
"ru": "Настоящая сила в том, что можно использовать ИИ, чтобы разобраться во всём: понять, что на самом деле означает заключение, отследить тенденции или просто задать вопросы простым языком и получить понятные ответы.",
}
btn := map[string]string{
"en": "Check out inou",
"nl": "Bekijk inou",
"ru": "Посмотреть inou",
}
if lang == "" { lang = "en" }
if _, ok := subjects[lang]; !ok { lang = "en" }
subject := fmt.Sprintf(subjects[lang], fromName)
html := fmt.Sprintf(`