Odoo ERP ported to Go — complete backend + original OWL frontend

Full port of Odoo's ERP system from Python to Go, with the original
Odoo JavaScript frontend (OWL framework) running against the Go server.

Backend (10,691 LoC Go):
- Custom ORM: CRUD, domains→SQL with JOINs, computed fields, sequences
- 93 models across 14 modules (base, account, sale, stock, purchase, hr,
  project, crm, fleet, product, l10n_de, google_address/translate/calendar)
- Auth with bcrypt + session cookies
- Setup wizard (company, SKR03 chart, admin, demo data)
- Double-entry bookkeeping constraint
- Sale→Invoice workflow (confirm SO → generate invoice → post)
- SKR03 chart of accounts (110 accounts) + German taxes (USt/VSt)
- Record rules (multi-company filter)
- Google integrations as opt-in modules (Maps, Translate, Calendar)

Frontend:
- Odoo's original OWL webclient (503 JS modules, 378 XML templates)
- JS transpiled via Odoo's js_transpiler (ES modules → odoo.define)
- SCSS compiled to CSS (675KB) via dart-sass
- XML templates compiled to registerTemplate() JS calls
- Static file serving from Odoo source addons
- Login page, session management, menu navigation
- Contacts list view renders with real data from PostgreSQL

Infrastructure:
- 14MB single binary (CGO_ENABLED=0)
- Docker Compose (Go server + PostgreSQL 16)
- Zero phone-home (no outbound calls to odoo.com)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

pkg/server/session.go

@@ -0,0 +1,86 @@
+package server
+
+import (
+	"crypto/rand"
+	"encoding/hex"
+	"sync"
+	"time"
+)
+
+// Session represents an authenticated user session.
+type Session struct {
+	ID           string
+	UID          int64
+	CompanyID    int64
+	Login        string
+	CreatedAt    time.Time
+	LastActivity time.Time
+}
+
+// SessionStore is a thread-safe in-memory session store.
+type SessionStore struct {
+	mu       sync.RWMutex
+	sessions map[string]*Session
+	ttl      time.Duration
+}
+
+// NewSessionStore creates a new session store with the given TTL.
+func NewSessionStore(ttl time.Duration) *SessionStore {
+	return &SessionStore{
+		sessions: make(map[string]*Session),
+		ttl:      ttl,
+	}
+}
+
+// New creates a new session and returns it.
+func (s *SessionStore) New(uid, companyID int64, login string) *Session {
+	s.mu.Lock()
+	defer s.mu.Unlock()
+
+	token := generateToken()
+	sess := &Session{
+		ID:           token,
+		UID:          uid,
+		CompanyID:    companyID,
+		Login:        login,
+		CreatedAt:    time.Now(),
+		LastActivity: time.Now(),
+	}
+	s.sessions[token] = sess
+	return sess
+}
+
+// Get retrieves a session by ID. Returns nil if not found or expired.
+func (s *SessionStore) Get(id string) *Session {
+	s.mu.RLock()
+	sess, ok := s.sessions[id]
+	s.mu.RUnlock()
+
+	if !ok {
+		return nil
+	}
+	if time.Since(sess.LastActivity) > s.ttl {
+		s.Delete(id)
+		return nil
+	}
+
+	// Update last activity
+	s.mu.Lock()
+	sess.LastActivity = time.Now()
+	s.mu.Unlock()
+
+	return sess
+}
+
+// Delete removes a session.
+func (s *SessionStore) Delete(id string) {
+	s.mu.Lock()
+	defer s.mu.Unlock()
+	delete(s.sessions, id)
+}
+
+func generateToken() string {
+	b := make([]byte, 32)
+	rand.Read(b)
+	return hex.EncodeToString(b)
+}