From 3a8bc6df2d85e0fdebf5a1205c9499e8d6691a2a Mon Sep 17 00:00:00 2001
From: Daniil Tsivinsky <daniil@tsivinsky.com>
Date: Mon, 16 Mar 2026 20:18:37 +0300
Subject: [PATCH] add user authentication

---
 db/migrations/20260316171605_init_users.sql | 25 +++++++
 go.mod                                      |  4 +-
 go.sum                                      | 14 ++++
 main.go                                     | 80 +++++++++++++++++++--
 model/model.go                              |  9 +++
 model/user.go                               | 50 +++++++++++++
 6 files changed, 175 insertions(+), 7 deletions(-)
 create mode 100644 db/migrations/20260316171605_init_users.sql
 create mode 100644 model/model.go
 create mode 100644 model/user.go

diff --git a/db/migrations/20260316171605_init_users.sql b/db/migrations/20260316171605_init_users.sql
new file mode 100644
index 0000000..84f3beb
--- /dev/null
+++ b/db/migrations/20260316171605_init_users.sql
@@ -0,0 +1,25 @@
+-- +goose Up
+-- +goose StatementBegin
+CREATE TABLE users (
+  id integer primary key not null,
+  email varchar not null unique,
+  password varchar not null,
+  created_at datetime default current_timestamp,
+  updated_at datetime default current_timestamp
+);
+
+CREATE TRIGGER update_users_updated_at
+AFTER UPDATE ON users
+FOR EACH ROW
+  BEGIN
+    UPDATE users
+    SET updated_at = current_timestamp
+    WHERE id = OLD.id;
+  END;
+-- +goose StatementEnd
+
+-- +goose Down
+-- +goose StatementBegin
+DROP TABLE users;
+-- +goose StatementEnd
+		
diff --git a/go.mod b/go.mod
index 23689db..2103eae 100644
--- a/go.mod
+++ b/go.mod
@@ -1,9 +1,11 @@
-module go-template
+module image-storage
 
 go 1.26.1
 
 require (
+	github.com/jmoiron/sqlx v1.4.0
 	github.com/pressly/goose/v3 v3.27.0
+	golang.org/x/crypto v0.48.0
 	modernc.org/sqlite v1.46.1
 )
 
diff --git a/go.sum b/go.sum
index ab2ee28..0db0b78 100644
--- a/go.sum
+++ b/go.sum
@@ -1,15 +1,27 @@
+filippo.io/edwards25519 v1.1.0/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4=
+filippo.io/edwards25519 v1.2.0 h1:crnVqOiS4jqYleHd9vaKZ+HKtHfllngJIiOpNpoJsjo=
+filippo.io/edwards25519 v1.2.0/go.mod h1:xzAOLCNug/yB62zG1bQ8uziwrIqIuxhctzJT18Q77mc=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY=
 github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto=
+github.com/go-sql-driver/mysql v1.8.1/go.mod h1:wEBSXgmK//2ZFJyE+qWnIsVGmvmEKlqwuVSjsCm7DZg=
+github.com/go-sql-driver/mysql v1.9.3 h1:U/N249h2WzJ3Ukj8SowVFjdtZKfu9vlLZxjPXV1aweo=
+github.com/go-sql-driver/mysql v1.9.3/go.mod h1:qn46aNg1333BRMNU69Lq93t8du/dwxI64Gl8i5p1WMU=
 github.com/google/pprof v0.0.0-20250317173921-a4b03ec1a45e h1:ijClszYn+mADRFY17kjQEVQ1XRhq2/JR1M3sGqeJoxs=
 github.com/google/pprof v0.0.0-20250317173921-a4b03ec1a45e/go.mod h1:boTsfXsheKC2y+lKOCMpSfarhxDeIzfZG1jqGcPl3cA=
 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/hashicorp/golang-lru/v2 v2.0.7 h1:a+bsQ5rvGLjzHuww6tVxozPZFVghXaHOwFs4luLUK2k=
 github.com/hashicorp/golang-lru/v2 v2.0.7/go.mod h1:QeFd9opnmA6QUJc5vARoKUSoFhyfM2/ZepoAG6RGpeM=
+github.com/jmoiron/sqlx v1.4.0 h1:1PLqN7S1UYp5t4SrVVnt4nUVNemrDAtxlulVe+Qgm3o=
+github.com/jmoiron/sqlx v1.4.0/go.mod h1:ZrZ7UsYB/weZdl2Bxg6jCRO9c3YHl8r3ahlKmRT4JLY=
+github.com/lib/pq v1.10.9 h1:YXG7RB+JIjhP29X+OtkiDnYaXQwpS4JEWq7dtCCRUEw=
+github.com/lib/pq v1.10.9/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
 github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
 github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
+github.com/mattn/go-sqlite3 v1.14.22 h1:2gZY6PC6kBnID23Tichd1K+Z0oS6nE/XwU+Vz/5o4kU=
+github.com/mattn/go-sqlite3 v1.14.22/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y=
 github.com/mfridman/interpolate v0.0.2 h1:pnuTK7MQIxxFz1Gr+rjSIx9u7qVjf5VOoM/u6BbAxPY=
 github.com/mfridman/interpolate v0.0.2/go.mod h1:p+7uk6oE07mpE/Ik1b8EckO0O4ZXiGAfshKBWLUM9Xg=
 github.com/ncruces/go-strftime v1.0.0 h1:HMFp8mLCTPp341M/ZnA4qaf7ZlsbTc+miZjCLOFAw7w=
@@ -26,6 +38,8 @@ github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu
 github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U=
 go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
 go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
+golang.org/x/crypto v0.48.0 h1:/VRzVqiRSggnhY7gNRxPauEQ5Drw9haKdM0jqfcCFts=
+golang.org/x/crypto v0.48.0/go.mod h1:r0kV5h3qnFPlQnBSrULhlsRfryS2pmewsg+XfMgkVos=
 golang.org/x/exp v0.0.0-20260218203240-3dfff04db8fa h1:Zt3DZoOFFYkKhDT3v7Lm9FDMEV06GpzjG2jrqW+QTE0=
 golang.org/x/exp v0.0.0-20260218203240-3dfff04db8fa/go.mod h1:K79w1Vqn7PoiZn+TkNpx3BUWUQksGO3JcVX6qIjytmA=
 golang.org/x/mod v0.33.0 h1:tHFzIWbBifEmbwtGz65eaWyGiGZatSrT9prnU8DbVL8=
diff --git a/main.go b/main.go
index ef209ca..940cde6 100644
--- a/main.go
+++ b/main.go
@@ -1,22 +1,90 @@
 package main
 
 import (
+	"encoding/json"
 	"fmt"
+	"image-storage/model"
 	"log"
 	"net/http"
+
+	"github.com/jmoiron/sqlx"
+	"golang.org/x/crypto/bcrypt"
+	_ "modernc.org/sqlite"
 )
 
 func main() {
+	db, err := sqlx.Connect("sqlite", "./db/sqlite.db")
+	if err != nil {
+		log.Fatalf("failed to connect to db: %v", err)
+	}
+	defer db.Close()
+
 	srv := NewServer(":5000")
 
-	srv.Handle("GET /", func(w http.ResponseWriter, r *http.Request) error {
-		return srv.JSON(w, struct {
-			Ok bool `json:"ok"`
-		}{true}, 200)
+	srv.Handle("POST /api/auth/register", func(w http.ResponseWriter, r *http.Request) error {
+		var body struct {
+			Email    string `json:"email"`
+			Password string `json:"password"`
+		}
+		if err := json.NewDecoder(r.Body).Decode(&body); err != nil {
+			srv.Error(w, "empty body", err, 400)
+			return nil
+		}
+
+		if body.Email == "" || body.Password == "" {
+			srv.Error(w, "email or password missing", nil, 400)
+			return nil
+		}
+
+		hash, err := bcrypt.GenerateFromPassword([]byte(body.Password), 10)
+		if err != nil {
+			return fmt.Errorf("failed to generate password hash: %v", err)
+		}
+
+		user := &model.User{
+			Email:    body.Email,
+			Password: string(hash),
+		}
+
+		if err := user.Create(db); err != nil {
+			srv.Error(w, "failed to create user", err, 400)
+			return nil
+		}
+
+		if err := user.FindByID(db); err != nil {
+			return fmt.Errorf("failed to populate user object after creating it: %v", err)
+		}
+
+		return srv.JSON(w, user, 201)
 	})
 
-	srv.Handle("GET /error", func(w http.ResponseWriter, r *http.Request) error {
-		return fmt.Errorf("not ok")
+	srv.Handle("POST /api/auth/login", func(w http.ResponseWriter, r *http.Request) error {
+		var body struct {
+			Email    string `json:"email"`
+			Password string `json:"password"`
+		}
+		if err := json.NewDecoder(r.Body).Decode(&body); err != nil {
+			srv.Error(w, "empty body", err, 400)
+			return nil
+		}
+
+		if body.Email == "" || body.Password == "" {
+			srv.Error(w, "email or password missing", nil, 400)
+			return nil
+		}
+
+		user := &model.User{Email: body.Email}
+		if err := user.FindByEmail(db); err != nil {
+			srv.Error(w, "user not found", err, 404)
+			return nil
+		}
+
+		if err := bcrypt.CompareHashAndPassword([]byte(user.Password), []byte(body.Password)); err != nil {
+			srv.Error(w, "invalid password", nil, 400)
+			return nil
+		}
+
+		return srv.JSON(w, user, 200)
 	})
 
 	if err := srv.ListenAndServe(); err != nil {
diff --git a/model/model.go b/model/model.go
new file mode 100644
index 0000000..7b46108
--- /dev/null
+++ b/model/model.go
@@ -0,0 +1,9 @@
+package model
+
+import "time"
+
+type Model struct {
+	ID        int64     `json:"id" db:"id"`
+	CreatedAt time.Time `json:"createdAt" db:"created_at"`
+	UpdatedAt time.Time `json:"updatedAt" db:"updated_at"`
+}
diff --git a/model/user.go b/model/user.go
new file mode 100644
index 0000000..047a945
--- /dev/null
+++ b/model/user.go
@@ -0,0 +1,50 @@
+package model
+
+import "github.com/jmoiron/sqlx"
+
+type User struct {
+	Model
+
+	Email    string `json:"email" db:"email"`
+	Password string `json:"-" db:"password"`
+}
+
+func (u *User) Create(db *sqlx.DB) error {
+	res, err := db.NamedExec("INSERT INTO users (email, password) VALUES (:email, :password)", map[string]any{
+		"email":    u.Email,
+		"password": u.Password,
+	})
+	if err != nil {
+		return err
+	}
+
+	u.ID, _ = res.LastInsertId()
+
+	return nil
+}
+
+func (u *User) FindByID(db *sqlx.DB) error {
+	row := db.QueryRowx("SELECT * FROM users WHERE id = ?", u.ID)
+	if row.Err() != nil {
+		return row.Err()
+	}
+
+	if err := row.StructScan(u); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (u *User) FindByEmail(db *sqlx.DB) error {
+	row := db.QueryRowx("SELECT * FROM users WHERE email = ?", u.Email)
+	if row.Err() != nil {
+		return row.Err()
+	}
+
+	if err := row.StructScan(u); err != nil {
+		return err
+	}
+
+	return nil
+}