Added authorization

2025-09-25 09:01:00 +04:00 · 2025-09-25 09:01:00 +04:00 · b96dd39795
commit b96dd39795
parent c3c3d65d32
50 changed files with 685 additions and 410 deletions
--- a/internal/interfaces/api/controllers/user_controller.go
+++ b/internal/interfaces/api/controllers/user_controller.go
@ -11,20 +11,117 @@ import (
 	"log"
 	"net/http"

+	"github.com/gin-contrib/sessions"
 	"github.com/gin-gonic/gin"
 	"github.com/google/uuid"
 )

 type UserController struct {
-	service *services.UserService
+	adminName string
+	adminPass string
+	service   *services.UserService
 }

-func CreateUserController(service *services.UserService) UserController {
+func CreateUserController(service *services.UserService, adminName string, adminPass string) UserController {
 	return UserController{
-		service: service,
+		service:   service,
+		adminName: adminName,
+		adminPass: adminPass,
 	}
 }

+// @Summary		Login
+// @Description	Login user into system
+// @Tags		user
+// @Accept	json
+// @Produce	json
+// @Param		request body requests.LoginUserRequest true "User login data"
+// @Success	200
+// @Failure	400 {object} responses.ErrorResponse
+// @Failure 401 {object} responses.ErrorResponse
+// @Failure	500 {object} responses.ErrorResponse
+// @Router		/login [post]
+func (r *UserController) Login(c *gin.Context) {
+	session := sessions.Default(c)
+
+	var request requests.LoginUserRequest
+	if err := c.BindJSON(&request); err != nil {
+		log.Println("User invalid request: ", err)
+		resp := responses.CreateErrorResponse(http.StatusBadRequest, err.Error())
+		c.JSON(resp.ErrorCode, resp)
+		return
+	}
+
+	// Check admin login
+	if request.Username == r.adminName && request.Password == r.adminPass {
+		session.Set("user", uuid.NewString())
+		if err := session.Save(); err != nil {
+			log.Println("User save session error: ", err)
+			resp := responses.CreateErrorResponse(http.StatusInternalServerError, "Internal server error")
+			c.JSON(resp.ErrorCode, resp)
+			return
+		}
+
+		c.Status(http.StatusOK)
+		return
+	}
+
+	user, err := r.service.FindByName(queries.UserFindByNameQuery{Name: request.Username})
+	if err != nil {
+		resp := utils.HandleError(err)
+		c.JSON(resp.ErrorCode, resp)
+		return
+	}
+
+	pass, err := utils.EncryptPassword(request.Password)
+	if err != nil {
+		log.Println("User encrypt password error: ", err)
+		resp := responses.CreateErrorResponse(http.StatusInternalServerError, "Internal server error")
+		c.JSON(resp.ErrorCode, resp)
+		return
+	}
+
+	if utils.CheckPassword(user.Result.Password, pass) {
+		log.Println("Pass ", user.Result.Password, " != ", pass)
+		resp := responses.CreateErrorResponse(http.StatusUnauthorized, "Authentication error")
+		c.JSON(resp.ErrorCode, resp)
+		return
+	}
+
+	session.Set("user", user.Result.Id.String())
+	if err := session.Save(); err != nil {
+		log.Println("User save session error: ", err)
+		resp := responses.CreateErrorResponse(http.StatusInternalServerError, "Internal server error")
+		c.JSON(resp.ErrorCode, resp)
+		return
+	}
+
+	c.Status(http.StatusOK)
+}
+
+// @Summary		Create new user
+// @Description	Creates new user in system
+// @Tags		user
+// @Produce	json
+// @Success	200
+// @Failure	400 {object} responses.ErrorResponse
+// @Failure	500 {object} responses.ErrorResponse
+// @Router		/logout [get]
+func (r *UserController) Logout(c *gin.Context) {
+	session := sessions.Default(c)
+	user := session.Get("user")
+	if user == nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "Invalid session token"})
+		return
+	}
+	session.Delete("user")
+	if err := session.Save(); err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "Failed to save session"})
+		return
+	}
+	c.Status(http.StatusOK)
+}
+
 // @Summary		Create new user
 // @Description	Creates new user in system
 // @Tags		user