# NTech
[π·πΈ Srpska verzija](Readme_sr.md)
A business application for computer repair shop management, parts inventory tracking, and sales. Built with Go, it runs in the browser and requires no internet connection or external services.
> β οΈ The project is under active development. It is not ready for production use.
**Live demo:** [https://demo.vm-net.in.rs](https://demo.vm-net.in.rs) β log in with `Demo` / `Demo1234` (admin role; password and 2FA changes are disabled in demo mode).
---
## About the Project
NTech is an internal application built for a specific user β a computer repair shop that, in addition to repairs, manages a parts inventory, sales of components and pre-built configurations, as well as client and supplier records.
The goal is simple: everything the repair shop needs to track is located in one place, without relying on Excel spreadsheets or paper records.
---
## Features
### Implemented
- Initial setup on first run (setup wizard)
- Database migration system
- User interface β sidebar navigation, theme system (dark/light), dashboard with statistics
- User login β server-side sessions, account locking
- Two-factor authentication (TOTP) β activation with a QR code; secret encrypted at rest (AES-256-GCM, key kept outside the database)
- Backup (one-time) codes for 2FA β generated on activation, stored as bcrypt hashes; a fallback to TOTP at login
- Brute-force protection β IP locking after 5 failed attempts within 15 minutes
- CSRF protection β double-submit cookie pattern, automatic token injection into all forms
- Security HTTP headers (CSP, X-Frame-Options, Referrer-Policy, nosniff...)
- Login attempt logging β history by user, IP, reason, date
- Users and roles β admin panel, user management
- Inventory β items, categories, filtering, critical stock levels
- Service orders β intake, status bar, costs, receipt
- Sales orders β items, calculation, receipt with company and client details
- Procurement β records of purchases from suppliers
- Sales price calculation on procurement β markup (global, per category, per item), landed costs (customs, shipping...) allocated across items, two-way markupβprice computation; respects VAT-payer status
- Price revaluation (nivelacija) β sales price changes with an audit trail (oldβnew, reason, source, user)
- Company profile and modules β features toggle based on company type and VAT-payer status
- VAT records (KIR/KPR) β books of issued and received invoices, auto-filled from sales and procurement
- VAT calculation per period + mapping to the PP-PDV form; imports (customs declaration) tracked in fields 006/106
- VAT rate code list
- Clients and suppliers β contact database
- Reminders β records with deadlines
- Reports β revenue overview, inventory status
- Settings β company name, address, Tax ID (PIB), logo; theme toggle
- Background images β login page and app, with blur, transparency and glass effect
- Personal theme and background β each user can set their own theme and background image
- Permission matrix (RBAC) β admin panel for permissions by role; enforced at the route level (both mutations and views) and in handlers
- Flash messages β one-time feedback after an action
- Automatic SQLite backup β with configurable number of retained copies; restore from a copy (safe, with no downtime)
- Charts β monthly revenue on reports (Chart.js)
- Structured logging β `log/slog` (JSON in production, text in development); separate auth log in fail2ban format
- Automated tests β unit and integration over a SQLite database (crypto, RBAC, login flows, form validators, reports)
- **Demo mode** (`NTECH_ENV=demo`) β auto-created demo user, pre-filled login form, restricted backup count, blocked password/2FA changes
### Planned
- Fiscalization (ESIR/PFR)
- KPO book and double-entry bookkeeping (optional, later phase)
- PostgreSQL support (for multi-user environments)
- WebAuthn / Passkey login (database schema is already prepared)
- Notifications (email / WhatsApp) β deferred to a later phase
- Barcode scanning via camera β deferred to a later phase
---
## Technologies
| Technology | Role |
| ------------------------------------------------------------------------------------ | ------------------------------- |
| [Go](https://go.dev) | backend language |
| [chi](https://github.com/go-chi/chi) | HTTP router |
| [html/template](https://pkg.go.dev/html/template) | server-side templates |
| [Alpine.js](https://alpinejs.dev) | client-side UI logic |
| [SQLite](https://sqlite.org) + [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) | main database (pure Go, no CGO) |
| [PostgreSQL](https://www.postgresql.org) + [pgx/v5](https://github.com/jackc/pgx) | optional production database |
---
## Running the Application
### Requirements
- Go 1.24 or newer
- Git
### Steps
```bash
# 1. Clone the repository
git clone
cd GoNtech
# 2. Run in development mode (reads files from disk, no HTTPS required)
go run ./cmd/ntech
```
The application opens at `http://localhost:8080`. On first run the setup wizard starts automatically.
### Production Build
Use the interactive build script:
```bash
./start.sh
```
It asks for the version, environment (production/development), platform (Linux/Windows/both), optional UPX compression, and whether to push a Docker image to Gitea and GitHub Container Registry.
Or build manually:
```bash
CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build \
-ldflags "-X main.Verzija=1.0.0 -s -w" \
-trimpath \
-o ntech ./cmd/ntech
```
The result is a single static binary with no external dependencies.
---
## Environment Variables
The application reads environment variables on startup. In development, place them in `ntech.env` alongside the SQLite database file. In production/demo the program creates `ntech.env` automatically in the same directory as the database.
`ntech.env` is **never committed** to Git.
| Variable | Default | Description |
| ---------------- | ------------- | ----------------------------------------------------------------- |
| `NTECH_ENV` | `development` | Mode: `development`, `production`, or `demo` |
| `NTECH_PORT` | `8080` | HTTP port |
| `NTECH_DB` | `sqlite` | Database type: `sqlite` or `postgres` |
| `NTECH_SQLITE` | `ntech.db` | Path to the SQLite file |
| `NTECH_DSN` | β | PostgreSQL connection string |
| `NTECH_SECRET` | β | Session signing key (min. 32 bytes); auto-generated if missing |
| `NTECH_TOTP_KEY` | β | AES-256 key for TOTP secret encryption; auto-generated if missing |
`NTECH_SECRET` and `NTECH_TOTP_KEY` are generated automatically on the first run and saved to `ntech.env`. **Back this file up** β losing `NTECH_TOTP_KEY` invalidates all 2FA secrets stored in the database.
---
## Docker Deployment
Docker images are published to:
- `ghcr.io/dalibor31/ntech:latest`
- `git.vm-net.in.rs/dasko/ntech:latest`
### Production
```yaml
# docker-compose.yml
services:
ntech:
image: ghcr.io/dalibor31/ntech:latest
restart: unless-stopped
environment:
NTECH_ENV: production
NTECH_PORT: "8000"
NTECH_SQLITE: /app/data/ntech.db
volumes:
- ./data:/app/data # database + ntech.env (secrets)
- ./uploads:/app/uploads # uploaded images
- ./logs:/app/logs # structured + auth logs
- ./backups:/app/backups # automatic database backups
ports:
- "8000:8000"
```
On the **first start** the setup wizard runs and creates the first admin user. After that, `./data/ntech.env` contains the auto-generated secrets β **back it up**.
Place the app behind a reverse proxy (Caddy, nginx) that terminates HTTPS. Secure cookies require HTTPS.
Example Caddy config:
```
your.domain.com {
reverse_proxy ntech:8000
}
```
### Demo Mode
Demo mode runs a fully functional copy with a pre-created `Demo` / `Demo1234` admin account. Password and 2FA changes are blocked. Backup is limited to 2 copies.
```yaml
# docker-compose.yml (demo)
services:
ntech-demo:
image: ghcr.io/dalibor31/ntech:latest
restart: unless-stopped
environment:
NTECH_ENV: demo
NTECH_PORT: "8000"
NTECH_SQLITE: /app/data/ntech.db
volumes:
- ./data:/app/data
- ./uploads:/app/uploads
- ./logs:/app/logs
- ./backups:/app/backups
ports:
- "8000:8000"
```
Demo also requires HTTPS (Caddy or similar) because Secure cookies are enabled.
---
## Project Structure
```
ntech/
βββ cmd/
β βββ ntech/ # entry point
βββ internal/
β βββ auth/ # login, sessions, fail2ban log
β βββ config/ # settings, setup wizard
β βββ db/ # database layer
β β βββ sqlite/ # SQLite implementation
β βββ handler/ # HTTP handlers
β βββ middleware/ # CSRF, security headers, authentication
β βββ model/ # shared data types
βββ web/
β βββ static/ # CSS, JavaScript, images, logos
β βββ templates/ # HTML templates
βββ migrations/ # SQL migrations (001_desc.sql, 002_desc.sql, ...)
βββ logs/ # auth.log and other logs
βββ backups/ # database backups
βββ start.sh # interactive build and Docker push script
βββ Dockerfile
βββ go.mod
βββ go.sum
```