add auth module

2026-04-15 19:17:10 +06:00
parent e50f81f7f3
commit be0b13acbf
12 changed files with 410 additions and 8 deletions
--- a/backend/internal/auth/errors.go
+++ b/backend/internal/auth/errors.go
@@ -0,0 +1,12 @@
+package auth
+
+import "errors"
+
+var (
+	ErrInvalidCredentials = errors.New("invalid credentials")
+	ErrUserExists         = errors.New("user already exists")
+	ErrUserNotFound       = errors.New("user not found")
+	ErrPasswordMismatch   = errors.New("passwords do not match")
+	ErrCredentialsEmpty   = errors.New("username and password cannot be empty")
+	ErrPasswordTooShort   = errors.New("password must be at least 6 characters long")
+)
--- a/backend/internal/auth/handler.go
+++ b/backend/internal/auth/handler.go
@@ -0,0 +1,77 @@
+package auth
+
+import (
+	"net/http"
+
+	"github.com/gin-gonic/gin"
+)
+
+type Handler struct {
+	authService *Service
+}
+
+func NewHandler(authService *Service) *Handler {
+	return &Handler{
+		authService: authService,
+	}
+}
+
+type LoginRequest struct {
+	Username string `json:"username" binding:"required"`
+	Password string `json:"password" binding:"required"`
+}
+
+type RegisterRequest struct {
+	Username string `json:"username" binding:"required,min=3,max=50"`
+	Password string `json:"password" binding:"required,min=6"`
+}
+
+func (h *Handler) Login(c *gin.Context) {
+	var req LoginRequest
+	if err := c.ShouldBindJSON(&req); err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "invalid request", "details": err.Error()})
+		return
+	}
+
+	token, err := h.authService.Login(c.Request.Context(), req.Username, req.Password)
+	if err != nil {
+		switch err {
+		case ErrUserNotFound, ErrInvalidCredentials:
+			c.JSON(http.StatusUnauthorized, gin.H{"error": "invalid credentials"})
+		default:
+			c.JSON(http.StatusInternalServerError, gin.H{"error": "login failed"})
+		}
+		return
+	}
+
+	c.JSON(http.StatusOK, gin.H{"token": token})
+}
+
+func (h *Handler) Register(c *gin.Context) {
+	var req RegisterRequest
+	if err := c.ShouldBindJSON(&req); err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "invalid request", "details": err.Error()})
+		return
+	}
+
+	user, token, err := h.authService.Register(c.Request.Context(), req.Username, req.Password)
+	if err != nil {
+		switch err {
+		case ErrUserExists:
+			c.JSON(http.StatusConflict, gin.H{"error": "user already exists"})
+		case ErrPasswordTooShort:
+			c.JSON(http.StatusBadRequest, gin.H{"error": "password too short"})
+		default:
+			c.JSON(http.StatusInternalServerError, gin.H{"error": "registration failed"})
+		}
+		return
+	}
+
+	c.JSON(http.StatusCreated, gin.H{
+		"user": gin.H{
+			"id":       user.ID,
+			"username": user.Username,
+		},
+		"token": token,
+	})
+}
--- a/backend/internal/auth/jwt.go
+++ b/backend/internal/auth/jwt.go
@@ -0,0 +1,50 @@
+package auth
+
+import (
+	"errors"
+	"time"
+
+	"github.com/golang-jwt/jwt/v5"
+	"github.com/google/uuid"
+)
+
+type Claims struct {
+	UserID uuid.UUID `json:"user_id"`
+	jwt.RegisteredClaims
+}
+
+func GenerateToken(userID uuid.UUID, secret []byte, expiry time.Duration) (string, error) {
+	if userID == uuid.Nil {
+		return "", errors.New("user ID cannot be nil")
+	}
+	if secret == nil {
+		return "", errors.New("JWT secret not set")
+	}
+
+	claims := Claims{
+		UserID: userID,
+		RegisteredClaims: jwt.RegisteredClaims{
+			ExpiresAt: jwt.NewNumericDate(time.Now().Add(expiry)),
+			IssuedAt:  jwt.NewNumericDate(time.Now()),
+		},
+	}
+
+	token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
+	return token.SignedString(secret)
+}
+
+func ParseToken(tokenString string, secret []byte) (*Claims, error) {
+	token, err := jwt.ParseWithClaims(tokenString, &Claims{}, func(token *jwt.Token) (interface{}, error) {
+		return secret, nil
+	}, jwt.WithValidMethods([]string{jwt.SigningMethodHS256.Alg()}))
+
+	if err != nil {
+		return nil, err
+	}
+
+	if claims, ok := token.Claims.(*Claims); ok && token.Valid {
+		return claims, nil
+	}
+
+	return nil, errors.New("invalid token claims")
+}
--- a/backend/internal/auth/middleware.go
+++ b/backend/internal/auth/middleware.go
@@ -0,0 +1,36 @@
+package auth
+
+import (
+	"net/http"
+	"strings"
+
+	"github.com/gin-gonic/gin"
+)
+
+func AuthMiddleware(secret []byte) gin.HandlerFunc {
+	return func(c *gin.Context) {
+		authHeader := c.GetHeader("Authorization")
+		if authHeader == "" {
+			c.JSON(http.StatusUnauthorized, gin.H{"error": "missing authorization header"})
+			c.Abort()
+			return
+		}
+
+		tokenString := strings.TrimPrefix(authHeader, "Bearer ")
+		if tokenString == authHeader {
+			c.JSON(http.StatusUnauthorized, gin.H{"error": "invalid authorization header"})
+			c.Abort()
+			return
+		}
+
+		claims, err := ParseToken(tokenString, secret)
+		if err != nil {
+			c.JSON(http.StatusUnauthorized, gin.H{"error": "invalid token"})
+			c.Abort()
+			return
+		}
+
+		c.Set("userID", claims.UserID)
+		c.Next()
+	}
+}
--- a/backend/internal/auth/service.go
+++ b/backend/internal/auth/service.go
@@ -0,0 +1,98 @@
+package auth
+
+import (
+	"context"
+	"errors"
+	"time"
+
+	sqlc "github.com/chedius/delivery-tracker/internal/db/sqlc"
+	"github.com/google/uuid"
+
+	"github.com/jackc/pgx/v5"
+	"golang.org/x/crypto/bcrypt"
+)
+
+type Service struct {
+	queries *sqlc.Queries
+	secret  []byte
+	expiry  time.Duration
+}
+
+type User struct {
+	ID       string
+	Username string
+	// Password string
+}
+
+func New(queries *sqlc.Queries, secret []byte, expiry time.Duration) *Service {
+	return &Service{queries, secret, expiry}
+}
+
+func (s *Service) Register(ctx context.Context, username, password string) (User, string, error) {
+	if username == "" || password == "" {
+		return User{}, "", ErrCredentialsEmpty
+	}
+	if _, err := s.queries.GetUserByUsername(ctx, username); err == nil {
+		return User{}, "", ErrUserExists
+	}
+	if len(password) < 6 {
+		return User{}, "", ErrPasswordTooShort
+	}
+	hashedPassword, err := s.HashPassword(password)
+	if err != nil {
+		return User{}, "", err
+	}
+
+	user, err := s.queries.CreateUser(ctx, sqlc.CreateUserParams{
+		Username:     username,
+		PasswordHash: hashedPassword,
+	})
+	if err != nil {
+		return User{}, "", err
+	}
+
+	token, err := GenerateToken(uuid.UUID(user.ID.Bytes), s.secret, s.expiry)
+	if err != nil {
+		return User{}, "", err
+	}
+
+	return User{
+		ID:       user.ID.String(),
+		Username: user.Username,
+	}, token, nil
+}
+
+func (s *Service) Login(ctx context.Context, username, password string) (string, error) { // returns JWT
+	user, err := s.queries.GetUserByUsername(ctx, username)
+	if err != nil {
+		if errors.Is(err, pgx.ErrNoRows) {
+			return "", ErrUserNotFound
+		}
+		return "", err
+	}
+
+	if !s.VerifyPassword(user.PasswordHash, password) {
+		return "", ErrInvalidCredentials
+	}
+
+	token, err := GenerateToken(uuid.UUID(user.ID.Bytes), s.secret, s.expiry)
+	if err != nil {
+		return "", err
+	}
+
+	return token, nil
+}
+
+func (s *Service) HashPassword(password string) (string, error) {
+	hash, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
+	if err != nil {
+		return "", err
+	}
+
+	return string(hash), nil
+}
+func (s *Service) VerifyPassword(hash, password string) bool {
+	err := bcrypt.CompareHashAndPassword([]byte(hash), []byte(password))
+
+	return err == nil
+}
--- a/backend/internal/db/queries/query.sql
+++ b/backend/internal/db/queries/query.sql
@@ -1,3 +1,11 @@
+-- name: CreateUser :one
+INSERT INTO users (username, password_hash)
+VALUES ($1, $2)
+RETURNING *;
+
+-- name: GetUserByUsername :one
+SELECT * FROM users WHERE username = $1;
+
 -- name: GetDeliveriesByDate :many
 SELECT * FROM deliveries WHERE date = $1;
 
--- a/backend/internal/db/sqlc/querier.go
+++ b/backend/internal/db/sqlc/querier.go
@@ -12,10 +12,12 @@ import (

 type Querier interface {
 	CreateDelivery(ctx context.Context, arg CreateDeliveryParams) (Delivery, error)
+	CreateUser(ctx context.Context, arg CreateUserParams) (User, error)
 	DeleteDelivery(ctx context.Context, id pgtype.UUID) error
 	GetDeliveriesByDate(ctx context.Context, date pgtype.Date) ([]Delivery, error)
 	GetDeliveryByID(ctx context.Context, id pgtype.UUID) (Delivery, error)
 	GetDeliveryCount(ctx context.Context) ([]GetDeliveryCountRow, error)
+	GetUserByUsername(ctx context.Context, username string) (User, error)
 	UpdateDelivery(ctx context.Context, arg UpdateDeliveryParams) error
 	UpdateDeliveryStatus(ctx context.Context, arg UpdateDeliveryStatusParams) error
 }
--- a/backend/internal/db/sqlc/query.sql.go
+++ b/backend/internal/db/sqlc/query.sql.go
@@ -57,6 +57,29 @@ func (q *Queries) CreateDelivery(ctx context.Context, arg CreateDeliveryParams)
 	return i, err
 }

+const createUser = `-- name: CreateUser :one
+INSERT INTO users (username, password_hash)
+VALUES ($1, $2)
+RETURNING id, username, password_hash, created_at
+`
+
+type CreateUserParams struct {
+	Username     string `db:"username" json:"username"`
+	PasswordHash string `db:"password_hash" json:"password_hash"`
+}
+
+func (q *Queries) CreateUser(ctx context.Context, arg CreateUserParams) (User, error) {
+	row := q.db.QueryRow(ctx, createUser, arg.Username, arg.PasswordHash)
+	var i User
+	err := row.Scan(
+		&i.ID,
+		&i.Username,
+		&i.PasswordHash,
+		&i.CreatedAt,
+	)
+	return i, err
+}
+
 const deleteDelivery = `-- name: DeleteDelivery :exec
 DELETE FROM deliveries WHERE id = $1
 `
@@ -156,6 +179,22 @@ func (q *Queries) GetDeliveryCount(ctx context.Context) ([]GetDeliveryCountRow,
 	return items, nil
 }

+const getUserByUsername = `-- name: GetUserByUsername :one
+SELECT id, username, password_hash, created_at FROM users WHERE username = $1
+`
+
+func (q *Queries) GetUserByUsername(ctx context.Context, username string) (User, error) {
+	row := q.db.QueryRow(ctx, getUserByUsername, username)
+	var i User
+	err := row.Scan(
+		&i.ID,
+		&i.Username,
+		&i.PasswordHash,
+		&i.CreatedAt,
+	)
+	return i, err
+}
+
 const updateDelivery = `-- name: UpdateDelivery :exec
 UPDATE deliveries SET date = $1, pickup_location = $2, product_name = $3, address = $4, phone = $5, additional_phone = $6, has_elevator = $7, comment = $8, updated_at = NOW() WHERE id = $9
 `