add user authentication

2026-03-16 20:18:37 +03:00
parent 1baa6a4806
commit 3a8bc6df2d
6 changed files with 175 additions and 7 deletions
--- a/main.go
+++ b/main.go
@@ -1,22 +1,90 @@
 package main

 import (
+	"encoding/json"
 	"fmt"
+	"image-storage/model"
 	"log"
 	"net/http"
+
+	"github.com/jmoiron/sqlx"
+	"golang.org/x/crypto/bcrypt"
+	_ "modernc.org/sqlite"
 )

 func main() {
+	db, err := sqlx.Connect("sqlite", "./db/sqlite.db")
+	if err != nil {
+		log.Fatalf("failed to connect to db: %v", err)
+	}
+	defer db.Close()
+
 	srv := NewServer(":5000")

-	srv.Handle("GET /", func(w http.ResponseWriter, r *http.Request) error {
-		return srv.JSON(w, struct {
-			Ok bool `json:"ok"`
-		}{true}, 200)
+	srv.Handle("POST /api/auth/register", func(w http.ResponseWriter, r *http.Request) error {
+		var body struct {
+			Email    string `json:"email"`
+			Password string `json:"password"`
+		}
+		if err := json.NewDecoder(r.Body).Decode(&body); err != nil {
+			srv.Error(w, "empty body", err, 400)
+			return nil
+		}
+
+		if body.Email == "" || body.Password == "" {
+			srv.Error(w, "email or password missing", nil, 400)
+			return nil
+		}
+
+		hash, err := bcrypt.GenerateFromPassword([]byte(body.Password), 10)
+		if err != nil {
+			return fmt.Errorf("failed to generate password hash: %v", err)
+		}
+
+		user := &model.User{
+			Email:    body.Email,
+			Password: string(hash),
+		}
+
+		if err := user.Create(db); err != nil {
+			srv.Error(w, "failed to create user", err, 400)
+			return nil
+		}
+
+		if err := user.FindByID(db); err != nil {
+			return fmt.Errorf("failed to populate user object after creating it: %v", err)
+		}
+
+		return srv.JSON(w, user, 201)
 	})

-	srv.Handle("GET /error", func(w http.ResponseWriter, r *http.Request) error {
-		return fmt.Errorf("not ok")
+	srv.Handle("POST /api/auth/login", func(w http.ResponseWriter, r *http.Request) error {
+		var body struct {
+			Email    string `json:"email"`
+			Password string `json:"password"`
+		}
+		if err := json.NewDecoder(r.Body).Decode(&body); err != nil {
+			srv.Error(w, "empty body", err, 400)
+			return nil
+		}
+
+		if body.Email == "" || body.Password == "" {
+			srv.Error(w, "email or password missing", nil, 400)
+			return nil
+		}
+
+		user := &model.User{Email: body.Email}
+		if err := user.FindByEmail(db); err != nil {
+			srv.Error(w, "user not found", err, 404)
+			return nil
+		}
+
+		if err := bcrypt.CompareHashAndPassword([]byte(user.Password), []byte(body.Password)); err != nil {
+			srv.Error(w, "invalid password", nil, 400)
+			return nil
+		}
+
+		return srv.JSON(w, user, 200)
 	})

 	if err := srv.ListenAndServe(); err != nil {