HellreigN/Control-plane
5
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Compare commits

base: HellreigN/Control-plane:master
Branches Tags
HellreigN/Control-plane:master HellreigN/Control-plane:feature/jwt
...
compare: HellreigN/Control-plane:e4c86fab5d0b2d4e9b85637cc8b627f84bc2fc49
Branches Tags
HellreigN/Control-plane:feature/jwt HellreigN/Control-plane:master

7 Commits
master ... e4c86fab5d

Author SHA1 Message Date
d3m0k1d e4c86fab5d chore: add dockerfile and ci
ci / build (push) Failing after 4m31s
Details
ci / build (pull_request) Failing after 2m42s
Details
2026-06-14 00:34:37 +03:00
Mephimeow 93cd169616 added readme 2026-06-13 18:38:20 +00:00
Mephimeow fe15c04168 added some govno to postgres 2026-06-13 18:31:22 +00:00
Mephimeow 17ffe35f5c postgres 2026-06-13 17:30:14 +00:00
Mephimeow a26cd891e4 added logout 2026-06-12 10:18:04 +00:00
Mephimeow 130d5d5e3d added refresh tocken 2026-06-12 10:01:21 +00:00
Mephimeow 8c3e4b7a5a JWT proto with login & registration 2026-06-12 09:12:18 +00:00
25 changed files with 4021 additions and 94 deletions
Expand all files Collapse all files
.env.example
+5
View File
@@ -0,0 +1,5 @@
SERVER_PORT=8080
DATABASE_URL=postgres://postgres:postgres@localhost:5432/aegisguard?sslmode=disable
JWT_SECRET=change_me_to_a_random_secret_at_least_32_chars
JWT_EXPIRATION=24h
JWT_REFRESH_EXPIRATION=168h
.gitea/workflows/ci.yml
+29
View File
@@ -0,0 +1,29 @@
name: ci
on:
push:
pull_request:
branches: [master]
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v6
- name: Go setup
uses: actions/setup-go@v6
with:
go-version: "1.26.1"
cache: false
- name: Install deps
run: go mod tidy
- name: Golangci-lint
uses: golangci/golangci-lint-action@v9
with:
args: --timeout=5m
skip-cache: true
- name: Run tests
run: go test ./...
- name: Build
run: go build -o backend ./cmd/main.go
README.md
+154 -1
View File
@@ -1,2 +1,155 @@
# Control-plane
# Control-plane API
## Аутентификация
### POST /api/auth/register
```json
{
"username": "john",
"email": "john@example.com",
"password": "Secret123"
}
```
| Поле | Описание |
|------|----------|
| `username` | 330 символов |
| `email` | Валидный email |
| `password` | От 8 символов, заглавная + строчная + цифра |
`201``{ "token": "...", "refresh_token": "...", "user": { "id": "...", "username": "...", "email": "...", "created_at": "..." } }`
`400` — ошибка валидации
`409` — email уже занят
### POST /api/auth/login
```json
{ "email": "john@example.com", "password": "Secret123" }
```
`200``{ "token": "...", "refresh_token": "...", "user": { ... } }`
`401` — неверный email или пароль
`429` — превышен лимит (10 попыток/мин с IP)
### POST /api/auth/refresh
Обновить токены. Старый refresh_token удаляется, выдаётся новая пара.
```json
{ "refresh_token": "..." }
```
`200``{ "token": "...", "refresh_token": "...", "user": { ... } }`
`401` — токен невалиден или умер
### POST /api/auth/logout
Удалить refresh_token из БД.
```json
{ "refresh_token": "..." }
```
`200``{ "message": "logged out successfully" }`
---
## Защищённые (требуют Bearer-токен)
Заголовок: `Authorization: Bearer <access_token>`
### GET /api/auth/me
Профиль текущего пользователя.
`200``{ "user": { "id": "...", "username": "...", "email": "...", "created_at": "..." } }`
### PUT /api/auth/me
Обновить username.
```json
{ "username": "john_updated" }
```
`200``{ "user": { "id": "...", "username": "john_updated", ... } }`
### PUT /api/auth/password
Сменить пароль. Старый пароль обязателен для подтверждения.
```json
{ "old_password": "Secret123", "new_password": "NewSecret456!" }
```
`200``{ "message": "password changed successfully" }`
`400` — неверный старый пароль, слабый новый или совпадают
---
## Организации (все Bearer)
### POST /api/organizations
```json
{ "name": "My Corp", "slug": "my-corp" }
```
`201``{ "organization": { "id": "...", "name": "My Corp", "slug": "my-corp", "created_at": "...", "updated_at": "..." } }`
`409` — slug уже занят
### GET /api/organizations
`200``{ "organizations": [...], "total": 1 }`
### GET /api/organizations/:id
`200``{ "organization": { ... } }`
`404` — не найдена
### PUT /api/organizations/:id
```json
{ "name": "Updated Corp" }
```
`200``{ "organization": { ... } }`
### DELETE /api/organizations/:id
`200``{ "message": "organization deleted" }`
---
## Формат JWT
```json
{
"user_id": "uuid",
"email": "john@example.com",
"sub": "uuid",
"exp": 1718000000,
"iat": 1717913600
}
```
- `user_id` / `sub` — UUID пользователя
- `exp` — timestamp истечения (24ч)
- `iat` — timestamp выпуска
## Ошибки
```json
{ "error": "описание" }
```
| Статус | Описание |
|--------|----------|
| 400 | Ошибка валидации |
| 401 | Неверные данные, токен протух или невалиден |
| 404 | Пользователь или организация не найдены |
| 409 | Email или slug уже заняты |
| 429 | Превышен лимит попыток логина |
| 500 | Внутренняя ошибка |
cmd/main.go
+124 -5
View File
@@ -1,28 +1,147 @@
package main
import (
"context"
"log"
"net/http"
"os"
"os/signal"
"syscall"
"time"
docs "gitea.d3m0k1d.ru/HellreigN/Control-plane/docs"
"gitea.d3m0k1d.ru/HellreigN/Control-plane/internal/auth"
"gitea.d3m0k1d.ru/HellreigN/Control-plane/internal/config"
"gitea.d3m0k1d.ru/HellreigN/Control-plane/internal/org"
"github.com/gin-gonic/gin"
"github.com/jackc/pgx/v5/pgxpool"
"github.com/jackc/pgx/v5/stdlib"
"github.com/pressly/goose/v3"
"github.com/swaggo/files"
"github.com/swaggo/gin-swagger"
)
// @title AegisGuard API
// @version 1.0
// @description API for AegisGuard control plane
// @schemes http
//
// @securityDefinitions.apikey Bearer
// @in header
// @name Authorization
// @description Type "Bearer" followed by a space and the JWT token.
func main() {
r := gin.Default()
cfg, err := config.Load()
if err != nil {
log.Fatalf("failed to load config: %v", err)
}
ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
defer cancel()
pool, err := pgxpool.New(ctx, cfg.DatabaseURL)
if err != nil {
log.Fatalf("failed to create postgres pool: %v", err)
}
defer pool.Close()
if err := pool.Ping(ctx); err != nil {
log.Fatalf("failed to ping postgres: %v", err)
}
log.Println("connected to postgres")
db := stdlib.OpenDBFromPool(pool)
defer db.Close()
if err := goose.Up(db, "migrations"); err != nil {
log.Fatalf("failed to run migrations: %v", err)
}
log.Println("migrations applied")
repo := auth.NewRepository(pool)
orgRepo := org.NewRepository(pool)
svc := auth.NewService(repo, cfg.JWTSecret, cfg.JWTExpiration, cfg.JWTRefreshExpiration)
handler := auth.NewHandler(svc)
orgSvc := org.NewService(orgRepo)
orgHandler := org.NewHandler(orgSvc)
loginLimiter := auth.NewRateLimiter(10, time.Minute)
authMW := auth.AuthMiddleware([]byte(cfg.JWTSecret))
go func() {
ticker := time.NewTicker(30 * time.Minute)
defer ticker.Stop()
for range ticker.C {
cleanupCtx, cleanupCancel := context.WithTimeout(context.Background(), 30*time.Second)
if err := repo.DeleteExpiredRefreshTokens(cleanupCtx); err != nil {
log.Printf("failed to cleanup expired tokens: %v", err)
}
cleanupCancel()
}
}()
gin.SetMode(gin.ReleaseMode)
r := gin.New()
r.Use(gin.Logger(), gin.Recovery())
docs.SwaggerInfo.Title = "AegisGuard API"
docs.SwaggerInfo.Version = "1.0"
docs.SwaggerInfo.Description = "API for AegisGuard"
docs.SwaggerInfo.Schemes = []string{"http"}
r.GET("/swagger/*any", ginSwagger.WrapHandler(swaggerFiles.Handler))
r.GET("/health", func(c *gin.Context) {
c.JSON(200, gin.H{
"status": "ok",
})
c.JSON(200, gin.H{"status": "ok"})
})
r.Run(":8080")
api := r.Group("/api/auth")
{
api.POST("/register", handler.Register)
api.POST("/login", loginLimiter.Middleware(), handler.Login)
api.POST("/refresh", handler.Refresh)
api.POST("/logout", handler.Logout)
api.GET("/me", authMW, handler.Me)
api.PUT("/me", authMW, handler.UpdateProfile)
api.PUT("/password", authMW, handler.ChangePassword)
}
orgs := r.Group("/api/organizations", authMW)
{
orgs.POST("", orgHandler.Create)
orgs.GET("", orgHandler.List)
orgs.GET("/:id", orgHandler.GetByID)
orgs.PUT("/:id", orgHandler.Update)
orgs.DELETE("/:id", orgHandler.Delete)
}
srv := &http.Server{
Addr: ":" + cfg.ServerPort,
Handler: r,
}
go func() {
log.Printf("server starting on :%s", cfg.ServerPort)
if err := srv.ListenAndServe(); err != nil && err != http.ErrServerClosed {
log.Fatalf("failed to start server: %v", err)
}
}()
quit := make(chan os.Signal, 1)
signal.Notify(quit, syscall.SIGINT, syscall.SIGTERM)
<-quit
log.Println("shutting down server...")
shutdownCtx, shutdownCancel := context.WithTimeout(context.Background(), 10*time.Second)
defer shutdownCancel()
if err := srv.Shutdown(shutdownCtx); err != nil {
log.Fatalf("server forced to shutdown: %v", err)
}
pool.Close()
log.Println("server stopped")
}
dockerfile
+22
View File
@@ -0,0 +1,22 @@
FROM golang:1.26.1 as builder
WORKDIR /app
COPY . .
ENV CGO_ENABLED=0
ENV GIN_MODE=release
RUN --mount=type=cache,target=/go/pkg/mod \
--mount=type=cache,target=/root/.cache/go-build \
go mod download && \
go build -ldflags "-s -w" -o backend ./cmd/main.go
FROM alpine:3.23.0
RUN apk add --no-cache curl openssl bash
COPY --from=builder /app/backend .
EXPOSE 8080
HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ "curl --fail http://localhost:8080/health" ]
CMD ["./backend"]
docs/docs.go
+791 -5
View File
@@ -14,7 +14,793 @@ const docTemplate = `{
},
"host": "{{.Host}}",
"basePath": "{{.BasePath}}",
"paths": {},
"paths": {
"/api/auth/login": {
"post": {
"description": "Authenticate user with email and password, returns JWT token",
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"tags": [
"auth"
],
"summary": "Login",
"parameters": [
{
"description": "Login credentials",
"name": "request",
"in": "body",
"required": true,
"schema": {
"$ref": "#/definitions/auth.LoginRequest"
}
}
],
"responses": {
"200": {
"description": "OK",
"schema": {
"$ref": "#/definitions/auth.AuthResponse"
}
},
"400": {
"description": "Bad Request",
"schema": {
"$ref": "#/definitions/auth.ErrorResponse"
}
},
"401": {
"description": "Unauthorized",
"schema": {
"$ref": "#/definitions/auth.ErrorResponse"
}
}
}
}
},
"/api/auth/logout": {
"post": {
"description": "Invalidate a refresh token (logout)",
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"tags": [
"auth"
],
"summary": "Logout",
"parameters": [
{
"description": "Refresh token to invalidate",
"name": "request",
"in": "body",
"required": true,
"schema": {
"$ref": "#/definitions/auth.LogoutRequest"
}
}
],
"responses": {
"200": {
"description": "OK",
"schema": {
"type": "object",
"additionalProperties": {
"type": "string"
}
}
},
"400": {
"description": "Bad Request",
"schema": {
"$ref": "#/definitions/auth.ErrorResponse"
}
},
"401": {
"description": "Unauthorized",
"schema": {
"$ref": "#/definitions/auth.ErrorResponse"
}
}
}
}
},
"/api/auth/me": {
"get": {
"security": [
{
"Bearer": []
}
],
"description": "Get authenticated user's profile",
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"tags": [
"auth"
],
"summary": "Get current user",
"responses": {
"200": {
"description": "OK",
"schema": {
"$ref": "#/definitions/auth.UserResponse"
}
},
"401": {
"description": "Unauthorized",
"schema": {
"$ref": "#/definitions/auth.ErrorResponse"
}
}
}
},
"put": {
"security": [
{
"Bearer": []
}
],
"description": "Update current user's username",
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"tags": [
"auth"
],
"summary": "Update profile",
"parameters": [
{
"description": "Profile update",
"name": "request",
"in": "body",
"required": true,
"schema": {
"$ref": "#/definitions/auth.UpdateProfileRequest"
}
}
],
"responses": {
"200": {
"description": "OK",
"schema": {
"$ref": "#/definitions/auth.UserResponse"
}
},
"400": {
"description": "Bad Request",
"schema": {
"$ref": "#/definitions/auth.ErrorResponse"
}
},
"401": {
"description": "Unauthorized",
"schema": {
"$ref": "#/definitions/auth.ErrorResponse"
}
}
}
}
},
"/api/auth/password": {
"put": {
"security": [
{
"Bearer": []
}
],
"description": "Change current user's password",
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"tags": [
"auth"
],
"summary": "Change password",
"parameters": [
{
"description": "Password change details",
"name": "request",
"in": "body",
"required": true,
"schema": {
"$ref": "#/definitions/auth.PasswordChangeRequest"
}
}
],
"responses": {
"200": {
"description": "OK",
"schema": {
"type": "object",
"additionalProperties": {
"type": "string"
}
}
},
"400": {
"description": "Bad Request",
"schema": {
"$ref": "#/definitions/auth.ErrorResponse"
}
},
"401": {
"description": "Unauthorized",
"schema": {
"$ref": "#/definitions/auth.ErrorResponse"
}
}
}
}
},
"/api/auth/refresh": {
"post": {
"description": "Get a new access token using a refresh token",
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"tags": [
"auth"
],
"summary": "Refresh token",
"parameters": [
{
"description": "Refresh token",
"name": "request",
"in": "body",
"required": true,
"schema": {
"$ref": "#/definitions/auth.RefreshRequest"
}
}
],
"responses": {
"200": {
"description": "OK",
"schema": {
"$ref": "#/definitions/auth.AuthResponse"
}
},
"400": {
"description": "Bad Request",
"schema": {
"$ref": "#/definitions/auth.ErrorResponse"
}
},
"401": {
"description": "Unauthorized",
"schema": {
"$ref": "#/definitions/auth.ErrorResponse"
}
}
}
}
},
"/api/auth/register": {
"post": {
"description": "Create user account with username, email, password",
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"tags": [
"auth"
],
"summary": "Register",
"parameters": [
{
"description": "Registration details",
"name": "request",
"in": "body",
"required": true,
"schema": {
"$ref": "#/definitions/auth.RegisterRequest"
}
}
],
"responses": {
"201": {
"description": "Created",
"schema": {
"$ref": "#/definitions/auth.AuthResponse"
}
},
"400": {
"description": "Bad Request",
"schema": {
"$ref": "#/definitions/auth.ErrorResponse"
}
},
"409": {
"description": "Conflict",
"schema": {
"$ref": "#/definitions/auth.ErrorResponse"
}
}
}
}
},
"/api/organizations": {
"get": {
"security": [
{
"Bearer": []
}
],
"description": "Get all organizations",
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"tags": [
"organizations"
],
"summary": "List organizations",
"responses": {
"200": {
"description": "OK",
"schema": {
"$ref": "#/definitions/org.OrgListResponse"
}
},
"500": {
"description": "Internal Server Error",
"schema": {
"$ref": "#/definitions/org.ErrorResponse"
}
}
}
},
"post": {
"security": [
{
"Bearer": []
}
],
"description": "Create a new organization",
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"tags": [
"organizations"
],
"summary": "Create organization",
"parameters": [
{
"description": "Organization details",
"name": "request",
"in": "body",
"required": true,
"schema": {
"$ref": "#/definitions/org.CreateOrgRequest"
}
}
],
"responses": {
"201": {
"description": "Created",
"schema": {
"$ref": "#/definitions/org.OrgResponse"
}
},
"400": {
"description": "Bad Request",
"schema": {
"$ref": "#/definitions/org.ErrorResponse"
}
},
"409": {
"description": "Conflict",
"schema": {
"$ref": "#/definitions/org.ErrorResponse"
}
}
}
}
},
"/api/organizations/{id}": {
"get": {
"security": [
{
"Bearer": []
}
],
"description": "Get organization details",
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"tags": [
"organizations"
],
"summary": "Get organization by ID",
"parameters": [
{
"type": "string",
"description": "Organization ID",
"name": "id",
"in": "path",
"required": true
}
],
"responses": {
"200": {
"description": "OK",
"schema": {
"$ref": "#/definitions/org.OrgResponse"
}
},
"404": {
"description": "Not Found",
"schema": {
"$ref": "#/definitions/org.ErrorResponse"
}
}
}
},
"put": {
"security": [
{
"Bearer": []
}
],
"description": "Update organization name",
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"tags": [
"organizations"
],
"summary": "Update organization",
"parameters": [
{
"type": "string",
"description": "Organization ID",
"name": "id",
"in": "path",
"required": true
},
{
"description": "New organization details",
"name": "request",
"in": "body",
"required": true,
"schema": {
"$ref": "#/definitions/org.UpdateOrgRequest"
}
}
],
"responses": {
"200": {
"description": "OK",
"schema": {
"$ref": "#/definitions/org.OrgResponse"
}
},
"400": {
"description": "Bad Request",
"schema": {
"$ref": "#/definitions/org.ErrorResponse"
}
},
"404": {
"description": "Not Found",
"schema": {
"$ref": "#/definitions/org.ErrorResponse"
}
}
}
},
"delete": {
"security": [
{
"Bearer": []
}
],
"description": "Delete an organization",
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"tags": [
"organizations"
],
"summary": "Delete organization",
"parameters": [
{
"type": "string",
"description": "Organization ID",
"name": "id",
"in": "path",
"required": true
}
],
"responses": {
"200": {
"description": "OK",
"schema": {
"type": "object",
"additionalProperties": {
"type": "string"
}
}
},
"404": {
"description": "Not Found",
"schema": {
"$ref": "#/definitions/org.ErrorResponse"
}
}
}
}
}
},
"definitions": {
"auth.AuthResponse": {
"type": "object",
"properties": {
"refresh_token": {
"type": "string",
"example": "dGhpcyBpcyBhIHJlZnJlc2ggdG9rZW4="
},
"token": {
"type": "string",
"example": "eyJhbGciOiJIUzI1NiIs..."
},
"user": {
"$ref": "#/definitions/auth.UserPublic"
}
}
},
"auth.ErrorResponse": {
"type": "object",
"properties": {
"error": {
"type": "string",
"example": "invalid email or password"
}
}
},
"auth.LoginRequest": {
"type": "object",
"required": [
"email",
"password"
],
"properties": {
"email": {
"type": "string",
"example": "john@example.com"
},
"password": {
"type": "string",
"example": "secret123"
}
}
},
"auth.LogoutRequest": {
"type": "object",
"required": [
"refresh_token"
],
"properties": {
"refresh_token": {
"type": "string",
"example": "dGhpcyBpcyBhIHJlZnJlc2ggdG9rZW4="
}
}
},
"auth.PasswordChangeRequest": {
"type": "object",
"required": [
"new_password",
"old_password"
],
"properties": {
"new_password": {
"type": "string",
"minLength": 8,
"example": "NewSecret456!"
},
"old_password": {
"type": "string",
"example": "Secret123!"
}
}
},
"auth.RefreshRequest": {
"type": "object",
"required": [
"refresh_token"
],
"properties": {
"refresh_token": {
"type": "string",
"example": "dGhpcyBpcyBhIHJlZnJlc2ggdG9rZW4="
}
}
},
"auth.RegisterRequest": {
"type": "object",
"required": [
"email",
"password",
"username"
],
"properties": {
"email": {
"type": "string",
"example": "john@example.com"
},
"password": {
"type": "string",
"minLength": 8,
"example": "Secret123!"
},
"username": {
"type": "string",
"maxLength": 30,
"minLength": 3,
"example": "john"
}
}
},
"auth.UpdateProfileRequest": {
"type": "object",
"required": [
"username"
],
"properties": {
"username": {
"type": "string",
"maxLength": 30,
"minLength": 3,
"example": "john_updated"
}
}
},
"auth.UserPublic": {
"type": "object",
"properties": {
"created_at": {
"type": "string"
},
"email": {
"type": "string"
},
"id": {
"type": "string"
},
"username": {
"type": "string"
}
}
},
"auth.UserResponse": {
"type": "object",
"properties": {
"user": {
"$ref": "#/definitions/auth.UserPublic"
}
}
},
"org.CreateOrgRequest": {
"type": "object",
"required": [
"name",
"slug"
],
"properties": {
"name": {
"type": "string",
"maxLength": 100,
"minLength": 2,
"example": "My Corp"
},
"slug": {
"type": "string",
"maxLength": 50,
"minLength": 2,
"example": "my-corp"
}
}
},
"org.ErrorResponse": {
"type": "object",
"properties": {
"error": {
"type": "string"
}
}
},
"org.OrgListResponse": {
"type": "object",
"properties": {
"organizations": {
"type": "array",
"items": {
"$ref": "#/definitions/org.Organization"
}
},
"total": {
"type": "integer"
}
}
},
"org.OrgResponse": {
"type": "object",
"properties": {
"organization": {
"$ref": "#/definitions/org.Organization"
}
}
},
"org.Organization": {
"type": "object",
"properties": {
"created_at": {
"type": "string"
},
"id": {
"type": "string"
},
"name": {
"type": "string"
},
"slug": {
"type": "string"
},
"updated_at": {
"type": "string"
}
}
},
"org.UpdateOrgRequest": {
"type": "object",
"required": [
"name"
],
"properties": {
"name": {
"type": "string",
"maxLength": 100,
"minLength": 2,
"example": "My Corp Updated"
}
}
}
},
"securityDefinitions": {
"Bearer": {
"description": "Type \"Bearer\" followed by a space and the JWT token.",
@@ -27,12 +813,12 @@ const docTemplate = `{
// SwaggerInfo holds exported Swagger Info so clients can modify it
var SwaggerInfo = &swag.Spec{
Version: "",
Version: "1.0",
Host: "",
BasePath: "",
Schemes: []string{},
Title: "",
Description: "",
Schemes: []string{"http"},
Title: "AegisGuard API",
Description: "API for AegisGuard control plane",
InfoInstanceName: "swagger",
SwaggerTemplate: docTemplate,
LeftDelim: "{{",
docs/swagger.json
+794 -2
View File
@@ -1,9 +1,801 @@
{
"schemes": [
"http"
],
"swagger": "2.0",
"info": {
"contact": {}
"description": "API for AegisGuard control plane",
"title": "AegisGuard API",
"contact": {},
"version": "1.0"
},
"paths": {
"/api/auth/login": {
"post": {
"description": "Authenticate user with email and password, returns JWT token",
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"tags": [
"auth"
],
"summary": "Login",
"parameters": [
{
"description": "Login credentials",
"name": "request",
"in": "body",
"required": true,
"schema": {
"$ref": "#/definitions/auth.LoginRequest"
}
}
],
"responses": {
"200": {
"description": "OK",
"schema": {
"$ref": "#/definitions/auth.AuthResponse"
}
},
"400": {
"description": "Bad Request",
"schema": {
"$ref": "#/definitions/auth.ErrorResponse"
}
},
"401": {
"description": "Unauthorized",
"schema": {
"$ref": "#/definitions/auth.ErrorResponse"
}
}
}
}
},
"/api/auth/logout": {
"post": {
"description": "Invalidate a refresh token (logout)",
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"tags": [
"auth"
],
"summary": "Logout",
"parameters": [
{
"description": "Refresh token to invalidate",
"name": "request",
"in": "body",
"required": true,
"schema": {
"$ref": "#/definitions/auth.LogoutRequest"
}
}
],
"responses": {
"200": {
"description": "OK",
"schema": {
"type": "object",
"additionalProperties": {
"type": "string"
}
}
},
"400": {
"description": "Bad Request",
"schema": {
"$ref": "#/definitions/auth.ErrorResponse"
}
},
"401": {
"description": "Unauthorized",
"schema": {
"$ref": "#/definitions/auth.ErrorResponse"
}
}
}
}
},
"/api/auth/me": {
"get": {
"security": [
{
"Bearer": []
}
],
"description": "Get authenticated user's profile",
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"tags": [
"auth"
],
"summary": "Get current user",
"responses": {
"200": {
"description": "OK",
"schema": {
"$ref": "#/definitions/auth.UserResponse"
}
},
"401": {
"description": "Unauthorized",
"schema": {
"$ref": "#/definitions/auth.ErrorResponse"
}
}
}
},
"put": {
"security": [
{
"Bearer": []
}
],
"description": "Update current user's username",
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"tags": [
"auth"
],
"summary": "Update profile",
"parameters": [
{
"description": "Profile update",
"name": "request",
"in": "body",
"required": true,
"schema": {
"$ref": "#/definitions/auth.UpdateProfileRequest"
}
}
],
"responses": {
"200": {
"description": "OK",
"schema": {
"$ref": "#/definitions/auth.UserResponse"
}
},
"400": {
"description": "Bad Request",
"schema": {
"$ref": "#/definitions/auth.ErrorResponse"
}
},
"401": {
"description": "Unauthorized",
"schema": {
"$ref": "#/definitions/auth.ErrorResponse"
}
}
}
}
},
"/api/auth/password": {
"put": {
"security": [
{
"Bearer": []
}
],
"description": "Change current user's password",
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"tags": [
"auth"
],
"summary": "Change password",
"parameters": [
{
"description": "Password change details",
"name": "request",
"in": "body",
"required": true,
"schema": {
"$ref": "#/definitions/auth.PasswordChangeRequest"
}
}
],
"responses": {
"200": {
"description": "OK",
"schema": {
"type": "object",
"additionalProperties": {
"type": "string"
}
}
},
"400": {
"description": "Bad Request",
"schema": {
"$ref": "#/definitions/auth.ErrorResponse"
}
},
"401": {
"description": "Unauthorized",
"schema": {
"$ref": "#/definitions/auth.ErrorResponse"
}
}
}
}
},
"/api/auth/refresh": {
"post": {
"description": "Get a new access token using a refresh token",
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"tags": [
"auth"
],
"summary": "Refresh token",
"parameters": [
{
"description": "Refresh token",
"name": "request",
"in": "body",
"required": true,
"schema": {
"$ref": "#/definitions/auth.RefreshRequest"
}
}
],
"responses": {
"200": {
"description": "OK",
"schema": {
"$ref": "#/definitions/auth.AuthResponse"
}
},
"400": {
"description": "Bad Request",
"schema": {
"$ref": "#/definitions/auth.ErrorResponse"
}
},
"401": {
"description": "Unauthorized",
"schema": {
"$ref": "#/definitions/auth.ErrorResponse"
}
}
}
}
},
"/api/auth/register": {
"post": {
"description": "Create user account with username, email, password",
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"tags": [
"auth"
],
"summary": "Register",
"parameters": [
{
"description": "Registration details",
"name": "request",
"in": "body",
"required": true,
"schema": {
"$ref": "#/definitions/auth.RegisterRequest"
}
}
],
"responses": {
"201": {
"description": "Created",
"schema": {
"$ref": "#/definitions/auth.AuthResponse"
}
},
"400": {
"description": "Bad Request",
"schema": {
"$ref": "#/definitions/auth.ErrorResponse"
}
},
"409": {
"description": "Conflict",
"schema": {
"$ref": "#/definitions/auth.ErrorResponse"
}
}
}
}
},
"/api/organizations": {
"get": {
"security": [
{
"Bearer": []
}
],
"description": "Get all organizations",
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"tags": [
"organizations"
],
"summary": "List organizations",
"responses": {
"200": {
"description": "OK",
"schema": {
"$ref": "#/definitions/org.OrgListResponse"
}
},
"500": {
"description": "Internal Server Error",
"schema": {
"$ref": "#/definitions/org.ErrorResponse"
}
}
}
},
"post": {
"security": [
{
"Bearer": []
}
],
"description": "Create a new organization",
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"tags": [
"organizations"
],
"summary": "Create organization",
"parameters": [
{
"description": "Organization details",
"name": "request",
"in": "body",
"required": true,
"schema": {
"$ref": "#/definitions/org.CreateOrgRequest"
}
}
],
"responses": {
"201": {
"description": "Created",
"schema": {
"$ref": "#/definitions/org.OrgResponse"
}
},
"400": {
"description": "Bad Request",
"schema": {
"$ref": "#/definitions/org.ErrorResponse"
}
},
"409": {
"description": "Conflict",
"schema": {
"$ref": "#/definitions/org.ErrorResponse"
}
}
}
}
},
"/api/organizations/{id}": {
"get": {
"security": [
{
"Bearer": []
}
],
"description": "Get organization details",
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"tags": [
"organizations"
],
"summary": "Get organization by ID",
"parameters": [
{
"type": "string",
"description": "Organization ID",
"name": "id",
"in": "path",
"required": true
}
],
"responses": {
"200": {
"description": "OK",
"schema": {
"$ref": "#/definitions/org.OrgResponse"
}
},
"404": {
"description": "Not Found",
"schema": {
"$ref": "#/definitions/org.ErrorResponse"
}
}
}
},
"put": {
"security": [
{
"Bearer": []
}
],
"description": "Update organization name",
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"tags": [
"organizations"
],
"summary": "Update organization",
"parameters": [
{
"type": "string",
"description": "Organization ID",
"name": "id",
"in": "path",
"required": true
},
{
"description": "New organization details",
"name": "request",
"in": "body",
"required": true,
"schema": {
"$ref": "#/definitions/org.UpdateOrgRequest"
}
}
],
"responses": {
"200": {
"description": "OK",
"schema": {
"$ref": "#/definitions/org.OrgResponse"
}
},
"400": {
"description": "Bad Request",
"schema": {
"$ref": "#/definitions/org.ErrorResponse"
}
},
"404": {
"description": "Not Found",
"schema": {
"$ref": "#/definitions/org.ErrorResponse"
}
}
}
},
"delete": {
"security": [
{
"Bearer": []
}
],
"description": "Delete an organization",
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"tags": [
"organizations"
],
"summary": "Delete organization",
"parameters": [
{
"type": "string",
"description": "Organization ID",
"name": "id",
"in": "path",
"required": true
}
],
"responses": {
"200": {
"description": "OK",
"schema": {
"type": "object",
"additionalProperties": {
"type": "string"
}
}
},
"404": {
"description": "Not Found",
"schema": {
"$ref": "#/definitions/org.ErrorResponse"
}
}
}
}
}
},
"definitions": {
"auth.AuthResponse": {
"type": "object",
"properties": {
"refresh_token": {
"type": "string",
"example": "dGhpcyBpcyBhIHJlZnJlc2ggdG9rZW4="
},
"token": {
"type": "string",
"example": "eyJhbGciOiJIUzI1NiIs..."
},
"user": {
"$ref": "#/definitions/auth.UserPublic"
}
}
},
"auth.ErrorResponse": {
"type": "object",
"properties": {
"error": {
"type": "string",
"example": "invalid email or password"
}
}
},
"auth.LoginRequest": {
"type": "object",
"required": [
"email",
"password"
],
"properties": {
"email": {
"type": "string",
"example": "john@example.com"
},
"password": {
"type": "string",
"example": "secret123"
}
}
},
"auth.LogoutRequest": {
"type": "object",
"required": [
"refresh_token"
],
"properties": {
"refresh_token": {
"type": "string",
"example": "dGhpcyBpcyBhIHJlZnJlc2ggdG9rZW4="
}
}
},
"auth.PasswordChangeRequest": {
"type": "object",
"required": [
"new_password",
"old_password"
],
"properties": {
"new_password": {
"type": "string",
"minLength": 8,
"example": "NewSecret456!"
},
"old_password": {
"type": "string",
"example": "Secret123!"
}
}
},
"auth.RefreshRequest": {
"type": "object",
"required": [
"refresh_token"
],
"properties": {
"refresh_token": {
"type": "string",
"example": "dGhpcyBpcyBhIHJlZnJlc2ggdG9rZW4="
}
}
},
"auth.RegisterRequest": {
"type": "object",
"required": [
"email",
"password",
"username"
],
"properties": {
"email": {
"type": "string",
"example": "john@example.com"
},
"password": {
"type": "string",
"minLength": 8,
"example": "Secret123!"
},
"username": {
"type": "string",
"maxLength": 30,
"minLength": 3,
"example": "john"
}
}
},
"auth.UpdateProfileRequest": {
"type": "object",
"required": [
"username"
],
"properties": {
"username": {
"type": "string",
"maxLength": 30,
"minLength": 3,
"example": "john_updated"
}
}
},
"auth.UserPublic": {
"type": "object",
"properties": {
"created_at": {
"type": "string"
},
"email": {
"type": "string"
},
"id": {
"type": "string"
},
"username": {
"type": "string"
}
}
},
"auth.UserResponse": {
"type": "object",
"properties": {
"user": {
"$ref": "#/definitions/auth.UserPublic"
}
}
},
"org.CreateOrgRequest": {
"type": "object",
"required": [
"name",
"slug"
],
"properties": {
"name": {
"type": "string",
"maxLength": 100,
"minLength": 2,
"example": "My Corp"
},
"slug": {
"type": "string",
"maxLength": 50,
"minLength": 2,
"example": "my-corp"
}
}
},
"org.ErrorResponse": {
"type": "object",
"properties": {
"error": {
"type": "string"
}
}
},
"org.OrgListResponse": {
"type": "object",
"properties": {
"organizations": {
"type": "array",
"items": {
"$ref": "#/definitions/org.Organization"
}
},
"total": {
"type": "integer"
}
}
},
"org.OrgResponse": {
"type": "object",
"properties": {
"organization": {
"$ref": "#/definitions/org.Organization"
}
}
},
"org.Organization": {
"type": "object",
"properties": {
"created_at": {
"type": "string"
},
"id": {
"type": "string"
},
"name": {
"type": "string"
},
"slug": {
"type": "string"
},
"updated_at": {
"type": "string"
}
}
},
"org.UpdateOrgRequest": {
"type": "object",
"required": [
"name"
],
"properties": {
"name": {
"type": "string",
"maxLength": 100,
"minLength": 2,
"example": "My Corp Updated"
}
}
}
},
"paths": {},
"securityDefinitions": {
"Bearer": {
"description": "Type \"Bearer\" followed by a space and the JWT token.",
docs/swagger.yaml
+519 -1
View File
@@ -1,6 +1,524 @@
definitions:
auth.AuthResponse:
properties:
refresh_token:
example: dGhpcyBpcyBhIHJlZnJlc2ggdG9rZW4=
type: string
token:
example: eyJhbGciOiJIUzI1NiIs...
type: string
user:
$ref: '#/definitions/auth.UserPublic'
type: object
auth.ErrorResponse:
properties:
error:
example: invalid email or password
type: string
type: object
auth.LoginRequest:
properties:
email:
example: john@example.com
type: string
password:
example: secret123
type: string
required:
- email
- password
type: object
auth.LogoutRequest:
properties:
refresh_token:
example: dGhpcyBpcyBhIHJlZnJlc2ggdG9rZW4=
type: string
required:
- refresh_token
type: object
auth.PasswordChangeRequest:
properties:
new_password:
example: NewSecret456!
minLength: 8
type: string
old_password:
example: Secret123!
type: string
required:
- new_password
- old_password
type: object
auth.RefreshRequest:
properties:
refresh_token:
example: dGhpcyBpcyBhIHJlZnJlc2ggdG9rZW4=
type: string
required:
- refresh_token
type: object
auth.RegisterRequest:
properties:
email:
example: john@example.com
type: string
password:
example: Secret123!
minLength: 8
type: string
username:
example: john
maxLength: 30
minLength: 3
type: string
required:
- email
- password
- username
type: object
auth.UpdateProfileRequest:
properties:
username:
example: john_updated
maxLength: 30
minLength: 3
type: string
required:
- username
type: object
auth.UserPublic:
properties:
created_at:
type: string
email:
type: string
id:
type: string
username:
type: string
type: object
auth.UserResponse:
properties:
user:
$ref: '#/definitions/auth.UserPublic'
type: object
org.CreateOrgRequest:
properties:
name:
example: My Corp
maxLength: 100
minLength: 2
type: string
slug:
example: my-corp
maxLength: 50
minLength: 2
type: string
required:
- name
- slug
type: object
org.ErrorResponse:
properties:
error:
type: string
type: object
org.OrgListResponse:
properties:
organizations:
items:
$ref: '#/definitions/org.Organization'
type: array
total:
type: integer
type: object
org.OrgResponse:
properties:
organization:
$ref: '#/definitions/org.Organization'
type: object
org.Organization:
properties:
created_at:
type: string
id:
type: string
name:
type: string
slug:
type: string
updated_at:
type: string
type: object
org.UpdateOrgRequest:
properties:
name:
example: My Corp Updated
maxLength: 100
minLength: 2
type: string
required:
- name
type: object
info:
contact: {}
paths: {}
description: API for AegisGuard control plane
title: AegisGuard API
version: "1.0"
paths:
/api/auth/login:
post:
consumes:
- application/json
description: Authenticate user with email and password, returns JWT token
parameters:
- description: Login credentials
in: body
name: request
required: true
schema:
$ref: '#/definitions/auth.LoginRequest'
produces:
- application/json
responses:
"200":
description: OK
schema:
$ref: '#/definitions/auth.AuthResponse'
"400":
description: Bad Request
schema:
$ref: '#/definitions/auth.ErrorResponse'
"401":
description: Unauthorized
schema:
$ref: '#/definitions/auth.ErrorResponse'
summary: Login
tags:
- auth
/api/auth/logout:
post:
consumes:
- application/json
description: Invalidate a refresh token (logout)
parameters:
- description: Refresh token to invalidate
in: body
name: request
required: true
schema:
$ref: '#/definitions/auth.LogoutRequest'
produces:
- application/json
responses:
"200":
description: OK
schema:
additionalProperties:
type: string
type: object
"400":
description: Bad Request
schema:
$ref: '#/definitions/auth.ErrorResponse'
"401":
description: Unauthorized
schema:
$ref: '#/definitions/auth.ErrorResponse'
summary: Logout
tags:
- auth
/api/auth/me:
get:
consumes:
- application/json
description: Get authenticated user's profile
produces:
- application/json
responses:
"200":
description: OK
schema:
$ref: '#/definitions/auth.UserResponse'
"401":
description: Unauthorized
schema:
$ref: '#/definitions/auth.ErrorResponse'
security:
- Bearer: []
summary: Get current user
tags:
- auth
put:
consumes:
- application/json
description: Update current user's username
parameters:
- description: Profile update
in: body
name: request
required: true
schema:
$ref: '#/definitions/auth.UpdateProfileRequest'
produces:
- application/json
responses:
"200":
description: OK
schema:
$ref: '#/definitions/auth.UserResponse'
"400":
description: Bad Request
schema:
$ref: '#/definitions/auth.ErrorResponse'
"401":
description: Unauthorized
schema:
$ref: '#/definitions/auth.ErrorResponse'
security:
- Bearer: []
summary: Update profile
tags:
- auth
/api/auth/password:
put:
consumes:
- application/json
description: Change current user's password
parameters:
- description: Password change details
in: body
name: request
required: true
schema:
$ref: '#/definitions/auth.PasswordChangeRequest'
produces:
- application/json
responses:
"200":
description: OK
schema:
additionalProperties:
type: string
type: object
"400":
description: Bad Request
schema:
$ref: '#/definitions/auth.ErrorResponse'
"401":
description: Unauthorized
schema:
$ref: '#/definitions/auth.ErrorResponse'
security:
- Bearer: []
summary: Change password
tags:
- auth
/api/auth/refresh:
post:
consumes:
- application/json
description: Get a new access token using a refresh token
parameters:
- description: Refresh token
in: body
name: request
required: true
schema:
$ref: '#/definitions/auth.RefreshRequest'
produces:
- application/json
responses:
"200":
description: OK
schema:
$ref: '#/definitions/auth.AuthResponse'
"400":
description: Bad Request
schema:
$ref: '#/definitions/auth.ErrorResponse'
"401":
description: Unauthorized
schema:
$ref: '#/definitions/auth.ErrorResponse'
summary: Refresh token
tags:
- auth
/api/auth/register:
post:
consumes:
- application/json
description: Create user account with username, email, password
parameters:
- description: Registration details
in: body
name: request
required: true
schema:
$ref: '#/definitions/auth.RegisterRequest'
produces:
- application/json
responses:
"201":
description: Created
schema:
$ref: '#/definitions/auth.AuthResponse'
"400":
description: Bad Request
schema:
$ref: '#/definitions/auth.ErrorResponse'
"409":
description: Conflict
schema:
$ref: '#/definitions/auth.ErrorResponse'
summary: Register
tags:
- auth
/api/organizations:
get:
consumes:
- application/json
description: Get all organizations
produces:
- application/json
responses:
"200":
description: OK
schema:
$ref: '#/definitions/org.OrgListResponse'
"500":
description: Internal Server Error
schema:
$ref: '#/definitions/org.ErrorResponse'
security:
- Bearer: []
summary: List organizations
tags:
- organizations
post:
consumes:
- application/json
description: Create a new organization
parameters:
- description: Organization details
in: body
name: request
required: true
schema:
$ref: '#/definitions/org.CreateOrgRequest'
produces:
- application/json
responses:
"201":
description: Created
schema:
$ref: '#/definitions/org.OrgResponse'
"400":
description: Bad Request
schema:
$ref: '#/definitions/org.ErrorResponse'
"409":
description: Conflict
schema:
$ref: '#/definitions/org.ErrorResponse'
security:
- Bearer: []
summary: Create organization
tags:
- organizations
/api/organizations/{id}:
delete:
consumes:
- application/json
description: Delete an organization
parameters:
- description: Organization ID
in: path
name: id
required: true
type: string
produces:
- application/json
responses:
"200":
description: OK
schema:
additionalProperties:
type: string
type: object
"404":
description: Not Found
schema:
$ref: '#/definitions/org.ErrorResponse'
security:
- Bearer: []
summary: Delete organization
tags:
- organizations
get:
consumes:
- application/json
description: Get organization details
parameters:
- description: Organization ID
in: path
name: id
required: true
type: string
produces:
- application/json
responses:
"200":
description: OK
schema:
$ref: '#/definitions/org.OrgResponse'
"404":
description: Not Found
schema:
$ref: '#/definitions/org.ErrorResponse'
security:
- Bearer: []
summary: Get organization by ID
tags:
- organizations
put:
consumes:
- application/json
description: Update organization name
parameters:
- description: Organization ID
in: path
name: id
required: true
type: string
- description: New organization details
in: body
name: request
required: true
schema:
$ref: '#/definitions/org.UpdateOrgRequest'
produces:
- application/json
responses:
"200":
description: OK
schema:
$ref: '#/definitions/org.OrgResponse'
"400":
description: Bad Request
schema:
$ref: '#/definitions/org.ErrorResponse'
"404":
description: Not Found
schema:
$ref: '#/definitions/org.ErrorResponse'
security:
- Bearer: []
summary: Update organization
tags:
- organizations
schemes:
- http
securityDefinitions:
Bearer:
description: Type "Bearer" followed by a space and the JWT token.
go.mod
+29 -30
View File
@@ -2,60 +2,60 @@ module gitea.d3m0k1d.ru/HellreigN/Control-plane
go 1.26.1
require (
github.com/gin-gonic/gin v1.12.0
github.com/golang-jwt/jwt/v5 v5.3.1
github.com/google/uuid v1.6.0
github.com/jackc/pgx/v5 v5.7.4
github.com/joho/godotenv v1.5.1
github.com/pressly/goose/v3 v3.24.2
github.com/swaggo/files v1.0.1
github.com/swaggo/gin-swagger v1.6.1
github.com/swaggo/swag v1.16.6
golang.org/x/crypto v0.53.0
)
require (
github.com/KyleBanks/depth v1.2.1 // indirect
github.com/PuerkitoBio/purell v1.2.2 // indirect
github.com/PuerkitoBio/purell v1.1.1 // indirect
github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 // indirect
github.com/bytedance/gopkg v0.1.4 // indirect
github.com/bytedance/gopkg v0.1.3 // indirect
github.com/bytedance/sonic v1.15.2 // indirect
github.com/bytedance/sonic/loader v0.5.1 // indirect
github.com/cloudwego/base64x v0.1.7 // indirect
github.com/cpuguy83/go-md2man/v2 v2.0.7 // indirect
github.com/gabriel-vasile/mimetype v1.4.13 // indirect
github.com/gin-contrib/sse v1.1.1 // indirect
github.com/gin-gonic/gin v1.12.0 // indirect
github.com/go-openapi/jsonpointer v0.23.1 // indirect
github.com/go-openapi/jsonreference v0.21.6 // indirect
github.com/go-openapi/spec v0.22.5 // indirect
github.com/go-openapi/swag v0.26.1 // indirect
github.com/go-openapi/swag/conv v0.26.1 // indirect
github.com/go-openapi/swag/jsonname v0.26.1 // indirect
github.com/go-openapi/swag/jsonutils v0.26.1 // indirect
github.com/go-openapi/swag/loading v0.26.1 // indirect
github.com/go-openapi/swag/stringutils v0.26.1 // indirect
github.com/go-openapi/swag/typeutils v0.26.1 // indirect
github.com/go-openapi/swag/yamlutils v0.26.1 // indirect
github.com/go-openapi/jsonpointer v0.19.5 // indirect
github.com/go-openapi/jsonreference v0.19.6 // indirect
github.com/go-openapi/spec v0.20.4 // indirect
github.com/go-openapi/swag v0.19.15 // indirect
github.com/go-playground/locales v0.14.1 // indirect
github.com/go-playground/universal-translator v0.18.1 // indirect
github.com/go-playground/validator/v10 v10.30.3 // indirect
github.com/goccy/go-json v0.10.6 // indirect
github.com/goccy/go-yaml v1.19.2 // indirect
github.com/jackc/pgpassfile v1.0.0 // indirect
github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761 // indirect
github.com/jackc/puddle/v2 v2.2.2 // indirect
github.com/josharian/intern v1.0.0 // indirect
github.com/json-iterator/go v1.1.12 // indirect
github.com/klauspost/cpuid/v2 v2.3.0 // indirect
github.com/leodido/go-urn v1.4.0 // indirect
github.com/mailru/easyjson v0.9.2 // indirect
github.com/mailru/easyjson v0.7.6 // indirect
github.com/mattn/go-isatty v0.0.22 // indirect
github.com/mfridman/interpolate v0.0.2 // indirect
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
github.com/modern-go/reflect2 v1.0.2 // indirect
github.com/pelletier/go-toml/v2 v2.3.1 // indirect
github.com/quic-go/qpack v0.6.0 // indirect
github.com/quic-go/quic-go v0.60.0 // indirect
github.com/russross/blackfriday/v2 v2.1.0 // indirect
github.com/shurcooL/sanitized_anchor_name v1.0.0 // indirect
github.com/swaggo/files v1.0.1 // indirect
github.com/swaggo/gin-swagger v1.6.1 // indirect
github.com/swaggo/swag v1.16.6 // indirect
github.com/quic-go/quic-go v0.59.0 // indirect
github.com/sethvargo/go-retry v0.3.0 // indirect
github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
github.com/ugorji/go/codec v1.3.1 // indirect
github.com/urfave/cli/v2 v2.27.7 // indirect
github.com/xrash/smetrics v0.0.0-20250705151800-55b8f293f342 // indirect
go.mongodb.org/mongo-driver/v2 v2.6.0 // indirect
go.yaml.in/yaml/v2 v2.4.4 // indirect
go.yaml.in/yaml/v3 v3.0.4 // indirect
go.mongodb.org/mongo-driver/v2 v2.5.0 // indirect
go.uber.org/multierr v1.11.0 // indirect
golang.org/x/arch v0.28.0 // indirect
golang.org/x/crypto v0.53.0 // indirect
golang.org/x/mod v0.37.0 // indirect
golang.org/x/mod v0.36.0 // indirect
golang.org/x/net v0.56.0 // indirect
golang.org/x/sync v0.21.0 // indirect
golang.org/x/sys v0.46.0 // indirect
@@ -63,5 +63,4 @@ require (
golang.org/x/tools v0.45.0 // indirect
google.golang.org/protobuf v1.36.11 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
sigs.k8s.io/yaml v1.6.0 // indirect
)
go.sum
+96 -50
View File
@@ -1,49 +1,43 @@
github.com/KyleBanks/depth v1.2.1 h1:5h8fQADFrWtarTdtDudMmGsC7GPbOAu6RVB3ffsVFHc=
github.com/KyleBanks/depth v1.2.1/go.mod h1:jzSb9d0L43HxTQfT+oSA1EEp2q+ne2uh6XgeJcm8brE=
github.com/PuerkitoBio/purell v1.2.2 h1:irlAloIzZaJ5RP/+UcaT1Nw0H9on2HKWdRehCsbJWJw=
github.com/PuerkitoBio/purell v1.2.2/go.mod h1:ZwHcC/82TOaovDi//J/804umJFFmbOHPngi8iYYv/Eo=
github.com/PuerkitoBio/purell v1.1.1 h1:WEQqlqaGbrPkxLJWfBwQmfEAE1Z7ONdDLqrN38tNFfI=
github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 h1:d+Bc7a5rLufV/sSk/8dngufqelfh6jnri85riMAaF/M=
github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
github.com/bytedance/gopkg v0.1.4 h1:oZnQwnX82KAIWb7033bEwtxvTqXcYMxDBaQxo5JJHWM=
github.com/bytedance/gopkg v0.1.4/go.mod h1:v1zWfPm21Fb+OsyXN2VAHdL6TBb2L88anLQgdyje6R4=
github.com/bytedance/gopkg v0.1.3 h1:TPBSwH8RsouGCBcMBktLt1AymVo2TVsBVCY4b6TnZ/M=
github.com/bytedance/gopkg v0.1.3/go.mod h1:576VvJ+eJgyCzdjS+c4+77QF3p7ubbtiKARP3TxducM=
github.com/bytedance/sonic v1.15.2 h1:90H+rcF/FwLXwfB1cudOLq/je83n683Utf4Cbp0xHCo=
github.com/bytedance/sonic v1.15.2/go.mod h1:mT2NbXunuaEbnZ+mRIX/vYqKISmgEuHFDI4UzmKx2SA=
github.com/bytedance/sonic/loader v0.5.1 h1:Ygpfa9zwRCCKSlrp5bBP/b/Xzc3VxsAW+5NIYXrOOpI=
github.com/bytedance/sonic/loader v0.5.1/go.mod h1:AR4NYCk5DdzZizZ5djGqQ92eEhCCcdf5x77udYiSJRo=
github.com/cloudwego/base64x v0.1.7 h1:NppS+Fgzg5ovhn4NkUXaDT3x9jldgH5ToMCqzBSi2zI=
github.com/cloudwego/base64x v0.1.7/go.mod h1:Cu1PV9zfrSf7ET2tIbWbbEy7jO7HHJ13q4X2SQ8aWYg=
github.com/cpuguy83/go-md2man/v2 v2.0.7 h1:zbFlGlXEAKlwXpmvle3d8Oe3YnkKIK4xSRTd3sHPnBo=
github.com/cpuguy83/go-md2man/v2 v2.0.7/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g=
github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY=
github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto=
github.com/gabriel-vasile/mimetype v1.4.13 h1:46nXokslUBsAJE/wMsp5gtO500a4F3Nkz9Ufpk2AcUM=
github.com/gabriel-vasile/mimetype v1.4.13/go.mod h1:d+9Oxyo1wTzWdyVUPMmXFvp4F9tea18J8ufA774AB3s=
github.com/gin-contrib/gzip v0.0.6 h1:NjcunTcGAj5CO1gn4N8jHOSIeRFHIbn51z6K+xaN4d4=
github.com/gin-contrib/gzip v0.0.6/go.mod h1:QOJlmV2xmayAjkNS2Y8NQsMneuRShOU/kjovCXNuzzk=
github.com/gin-contrib/sse v1.1.1 h1:uGYpNwTacv5R68bSGMapo62iLTRa9l5zxGCps4hK6ko=
github.com/gin-contrib/sse v1.1.1/go.mod h1:QXzuVkA0YO7o/gun03UI1Q+FTI8ZV/n5t03kIQAI89s=
github.com/gin-gonic/gin v1.12.0 h1:b3YAbrZtnf8N//yjKeU2+MQsh2mY5htkZidOM7O0wG8=
github.com/gin-gonic/gin v1.12.0/go.mod h1:VxccKfsSllpKshkBWgVgRniFFAzFb9csfngsqANjnLc=
github.com/go-openapi/jsonpointer v0.23.1 h1:1HBACs7XIwR2RcmItfdSFlALhGbe6S92p0ry4d1GWg4=
github.com/go-openapi/jsonpointer v0.23.1/go.mod h1:iWRmZTrGn7XwYhtPt/fvdSFj1OfNBngqRT2UG3BxSqY=
github.com/go-openapi/jsonreference v0.21.6 h1:NZ5nGfnaM1n4I43Xjm1e5/M2GjOwQwndQz22uhxwD+Y=
github.com/go-openapi/jsonreference v0.21.6/go.mod h1:xzbgtQ3ZbWxvET3AxdzCJlJt6vkovbf+IfSPJjD0tUY=
github.com/go-openapi/spec v0.22.5 h1:KhO7RBlKQfonUWX2WzQCoLIXVA6AcNqDGZ3a1Dutdlo=
github.com/go-openapi/spec v0.22.5/go.mod h1:vxpOtMya5TXtENXKE5bKqv5NjocVhyhxHrlZfvKnZ74=
github.com/go-openapi/swag v0.26.1 h1:l5sVEyVpwj+DDYeZyo7wQI/Ebn/mKYIyGB/pFwAfGoQ=
github.com/go-openapi/swag v0.26.1/go.mod h1:yNY38BbIVthxbkDtq1UHBCGasBqjakW3lCR6ANzdBEw=
github.com/go-openapi/swag/conv v0.26.1 h1:slr5FVkg9Wc3Y5zcwenD8Sd/PQ94b2I/QJI7N7KTBpg=
github.com/go-openapi/swag/conv v0.26.1/go.mod h1:mvQXgPptZk9GTrFgGwWvT4q+dN+zQej9JfmGwnipz1A=
github.com/go-openapi/swag/jsonname v0.26.1 h1:VReupaV6WxlAsCn0e4DUfgV6bPmINnPpyJDLqSfNPcE=
github.com/go-openapi/swag/jsonname v0.26.1/go.mod h1:OvdW6BoWoj33pTfi7x9vFrgmT+fk7aw0BRwvCE0YOuc=
github.com/go-openapi/swag/jsonutils v0.26.1 h1:2hdBfFkHg+7Wrz2VsCbeyR6hzkRDs7AztnMR2u84yOY=
github.com/go-openapi/swag/jsonutils v0.26.1/go.mod h1:U+RMJH3wa+6BRiphuRtIyI8fW9HPFqFQ4sHk2oRx0UQ=
github.com/go-openapi/swag/loading v0.26.1 h1:E9K4wqXeROlhjFQ13K9zMz6ojFGXIggGe+ad1odrK9w=
github.com/go-openapi/swag/loading v0.26.1/go.mod h1:3qvRIlWzWdq1HvmldwmuJ2ohpcAryN6xVt2OTKd0/7E=
github.com/go-openapi/swag/stringutils v0.26.1 h1:f88uYyTso7TnHrKM/bUBsQ5e2wKf37cpgo6pvbzd9yU=
github.com/go-openapi/swag/stringutils v0.26.1/go.mod h1:Sc6d3bU8fgk5AyZR8/8jEQ+Is/Ald+TD/IIggPN8UJk=
github.com/go-openapi/swag/typeutils v0.26.1 h1:yg42FgMzRR6PVQ3M3qHz1s+Y6/P4HoJ3cBarXa3OVnU=
github.com/go-openapi/swag/typeutils v0.26.1/go.mod h1:VfnV+oUtSP2vCSCn2aJgnr8OevUYemyIzzS1VOzS10o=
github.com/go-openapi/swag/yamlutils v0.26.1 h1:0TSLK+lXs9vfIhAWzBeI/lOzEnIoot6WTCO1aAeWFTk=
github.com/go-openapi/swag/yamlutils v0.26.1/go.mod h1:7W5b7PRX9MxwL7TjeG7H8HkyBGRsIDRObhyMWFgBI2M=
github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
github.com/go-openapi/jsonpointer v0.19.5 h1:gZr+CIYByUqjcgeLXnQu2gHYQC9o73G2XUeOFYEICuY=
github.com/go-openapi/jsonpointer v0.19.5/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
github.com/go-openapi/jsonreference v0.19.6 h1:UBIxjkht+AWIgYzCDSv2GN+E/togfwXUJFRTWhl2Jjs=
github.com/go-openapi/jsonreference v0.19.6/go.mod h1:diGHMEHg2IqXZGKxqyvWdfWU/aim5Dprw5bqpKkTvns=
github.com/go-openapi/spec v0.20.4 h1:O8hJrt0UMnhHcluhIdUgCLRWyM2x7QkBXRvOs7m+O1M=
github.com/go-openapi/spec v0.20.4/go.mod h1:faYFR1CvsJZ0mNsmsphTMSoRrNV3TEDoAM7FOEWeq8I=
github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
github.com/go-openapi/swag v0.19.15 h1:D2NRCBzS9/pEY3gP9Nl8aDqGUcPFrwG2p+CNFrLyrCM=
github.com/go-openapi/swag v0.19.15/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ=
github.com/go-playground/assert/v2 v2.2.0 h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s=
github.com/go-playground/assert/v2 v2.2.0/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA=
github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY=
github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY=
@@ -54,45 +48,83 @@ github.com/goccy/go-json v0.10.6 h1:p8HrPJzOakx/mn/bQtjgNjdTcN+/S6FcG2CTtQOrHVU=
github.com/goccy/go-json v0.10.6/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PULtXL6M=
github.com/goccy/go-yaml v1.19.2 h1:PmFC1S6h8ljIz6gMRBopkjP1TVT7xuwrButHID66PoM=
github.com/goccy/go-yaml v1.19.2/go.mod h1:XBurs7gK8ATbW4ZPGKgcbrY1Br56PdM69F7LkFRi1kA=
github.com/golang-jwt/jwt/v5 v5.3.1 h1:kYf81DTWFe7t+1VvL7eS+jKFVWaUnK9cB1qbwn63YCY=
github.com/golang-jwt/jwt/v5 v5.3.1/go.mod h1:fxCRLWMO43lRc8nhHWY6LGqRcf+1gQWArsqaEUEa5bE=
github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=
github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
github.com/jackc/pgpassfile v1.0.0 h1:/6Hmqy13Ss2zCq62VdNG8tM1wchn8zjSGOBJ6icpsIM=
github.com/jackc/pgpassfile v1.0.0/go.mod h1:CEx0iS5ambNFdcRtxPj5JhEz+xB6uRky5eyVu/W2HEg=
github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761 h1:iCEnooe7UlwOQYpKFhBabPMi4aNAfoODPEFNiAnClxo=
github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761/go.mod h1:5TJZWKEWniPve33vlWYSoGYefn3gLQRzjfDlhSJ9ZKM=
github.com/jackc/pgx/v5 v5.7.4 h1:9wKznZrhWa2QiHL+NjTSPP6yjl3451BX3imWDnokYlg=
github.com/jackc/pgx/v5 v5.7.4/go.mod h1:ncY89UGWxg82EykZUwSpUKEfccBGGYq1xjrOpsbsfGQ=
github.com/jackc/puddle/v2 v2.2.2 h1:PR8nw+E/1w0GLuRFSmiioY6UooMp6KJv0/61nB7icHo=
github.com/jackc/puddle/v2 v2.2.2/go.mod h1:vriiEXHvEE654aYKXXjOvZM39qJ0q+azkZFrfEOc3H4=
github.com/joho/godotenv v1.5.1 h1:7eLL/+HRGLY0ldzfGMeQkb7vMd0as4CfYvUVzLqw0N0=
github.com/joho/godotenv v1.5.1/go.mod h1:f4LDr5Voq0i2e/R5DDNOoa2zzDfwtkZa6DnEwAbqwq4=
github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
github.com/klauspost/cpuid/v2 v2.3.0 h1:S4CRMLnYUhGeDFDqkGriYKdfoFlDnMtqTiI/sFzhA9Y=
github.com/klauspost/cpuid/v2 v2.3.0/go.mod h1:hqwkgyIinND0mEev00jJYCxPNVRVXFQeu1XKlok6oO0=
github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
github.com/leodido/go-urn v1.4.0 h1:WT9HwE9SGECu3lg4d/dIA+jxlljEa1/ffXKmRjqdmIQ=
github.com/leodido/go-urn v1.4.0/go.mod h1:bvxc+MVxLKB4z00jd1z+Dvzr47oO32F/QSNjSBOlFxI=
github.com/mailru/easyjson v0.9.2 h1:dX8U45hQsZpxd80nLvDGihsQ/OxlvTkVUXH2r/8cb2M=
github.com/mailru/easyjson v0.9.2/go.mod h1:1+xMtQp2MRNVL/V1bOzuP3aP8VNwRW55fQUto+XFtTU=
github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
github.com/mailru/easyjson v0.7.6 h1:8yTIVnZgCoiM1TgqoeTl+LfU5Jg6/xL3QhGQnimLYnA=
github.com/mailru/easyjson v0.7.6/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
github.com/mattn/go-isatty v0.0.22 h1:j8l17JJ9i6VGPUFUYoTUKPSgKe/83EYU2zBC7YNKMw4=
github.com/mattn/go-isatty v0.0.22/go.mod h1:ZXfXG4SQHsB/w3ZeOYbR0PrPwLy+n6xiMrJlRFqopa4=
github.com/mfridman/interpolate v0.0.2 h1:pnuTK7MQIxxFz1Gr+rjSIx9u7qVjf5VOoM/u6BbAxPY=
github.com/mfridman/interpolate v0.0.2/go.mod h1:p+7uk6oE07mpE/Ik1b8EckO0O4ZXiGAfshKBWLUM9Xg=
github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
github.com/ncruces/go-strftime v0.1.9 h1:bY0MQC28UADQmHmaF5dgpLmImcShSi2kHU9XLdhx/f4=
github.com/ncruces/go-strftime v0.1.9/go.mod h1:Fwc5htZGVVkseilnfgOVb9mKy6w1naJmn9CehxcKcls=
github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
github.com/pelletier/go-toml/v2 v2.3.1 h1:MYEvvGnQjeNkRF1qUuGolNtNExTDwct51yp7olPtrEc=
github.com/pelletier/go-toml/v2 v2.3.1/go.mod h1:2gIqNv+qfxSVS7cM2xJQKtLSTLUE9V8t9Stt+h56mCY=
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
github.com/pressly/goose/v3 v3.24.2 h1:c/ie0Gm8rnIVKvnDQ/scHErv46jrDv9b4I0WRcFJzYU=
github.com/pressly/goose/v3 v3.24.2/go.mod h1:kjefwFB0eR4w30Td2Gj2Mznyw94vSP+2jJYkOVNbD1k=
github.com/quic-go/qpack v0.6.0 h1:g7W+BMYynC1LbYLSqRt8PBg5Tgwxn214ZZR34VIOjz8=
github.com/quic-go/qpack v0.6.0/go.mod h1:lUpLKChi8njB4ty2bFLX2x4gzDqXwUpaO1DP9qMDZII=
github.com/quic-go/quic-go v0.60.0 h1:xcQioE8OM66UQLeUMHltK1CCcOu3JbVB4JAQdDQSB+0=
github.com/quic-go/quic-go v0.60.0/go.mod h1:wpKpjmPpftl30sL6pFh7REVpjbcCVy4zt2vDyK1TuJk=
github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk=
github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
github.com/shurcooL/sanitized_anchor_name v1.0.0 h1:PdmoCO6wvbs+7yrJyMORt4/BmY5IYyJwS/kOiWx8mHo=
github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
github.com/quic-go/quic-go v0.59.0 h1:OLJkp1Mlm/aS7dpKgTc6cnpynnD2Xg7C1pwL6vy/SAw=
github.com/quic-go/quic-go v0.59.0/go.mod h1:upnsH4Ju1YkqpLXC305eW3yDZ4NfnNbmQRCMWS58IKU=
github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec h1:W09IVJc94icq4NjY3clb7Lk8O1qJ8BdBEF8z0ibU0rE=
github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec/go.mod h1:qqbHyh8v60DhA7CoWK5oRCqLrMHRGoxYCSS9EjAz6Eo=
github.com/rogpeppe/go-internal v1.13.1 h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR38lUII=
github.com/rogpeppe/go-internal v1.13.1/go.mod h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o=
github.com/sethvargo/go-retry v0.3.0 h1:EEt31A35QhrcRZtrYFDTBg91cqZVnFL2navjDrah2SE=
github.com/sethvargo/go-retry v0.3.0/go.mod h1:mNX17F0C/HguQMyMyJxcnU471gOZGxCLyYaFyAZraas=
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA=
github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U=
github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U=
github.com/swaggo/files v1.0.1 h1:J1bVJ4XHZNq0I46UU90611i9/YzdrF7x92oX1ig5IdE=
github.com/swaggo/files v1.0.1/go.mod h1:0qXmMNH6sXNf+73t65aKeB+ApmgxdnkQzVTAj2uaMUg=
github.com/swaggo/gin-swagger v1.6.1 h1:Ri06G4gc9N4t4k8hekMigJ9zKTFSlqj/9paAQCQs7cY=
@@ -103,28 +135,27 @@ github.com/twitchyliquid64/golang-asm v0.15.1 h1:SU5vSMR7hnwNxj24w34ZyCi/FmDZTkS
github.com/twitchyliquid64/golang-asm v0.15.1/go.mod h1:a1lVb/DtPvCB8fslRZhAngC2+aY1QWCk3Cedj/Gdt08=
github.com/ugorji/go/codec v1.3.1 h1:waO7eEiFDwidsBN6agj1vJQ4AG7lh2yqXyOXqhgQuyY=
github.com/ugorji/go/codec v1.3.1/go.mod h1:pRBVtBSKl77K30Bv8R2P+cLSGaTtex6fsA2Wjqmfxj4=
github.com/urfave/cli/v2 v2.27.7 h1:bH59vdhbjLv3LAvIu6gd0usJHgoTTPhCFib8qqOwXYU=
github.com/urfave/cli/v2 v2.27.7/go.mod h1:CyNAG/xg+iAOg0N4MPGZqVmv2rCoP267496AOXUZjA4=
github.com/xrash/smetrics v0.0.0-20250705151800-55b8f293f342 h1:FnBeRrxr7OU4VvAzt5X7s6266i6cSVkkFPS0TuXWbIg=
github.com/xrash/smetrics v0.0.0-20250705151800-55b8f293f342/go.mod h1:Ohn+xnUBiLI6FVj/9LpzZWtj1/D6lUovWYBkxHVV3aM=
github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
go.mongodb.org/mongo-driver/v2 v2.6.0 h1:b9sJOYrkmt4l8bY43ZenFBcPlhYIjaOfYHLtbB/5qi8=
go.mongodb.org/mongo-driver/v2 v2.6.0/go.mod h1:yOI9kBsufol30iFsl1slpdq1I0eHPzybRWdyYUs8K/0=
go.yaml.in/yaml/v2 v2.4.4 h1:tuyd0P+2Ont/d6e2rl3be67goVK4R6deVxCUX5vyPaQ=
go.yaml.in/yaml/v2 v2.4.4/go.mod h1:gMZqIpDtDqOfM0uNfy0SkpRhvUryYH0Z6wdMYcacYXQ=
go.yaml.in/yaml/v3 v3.0.4 h1:tfq32ie2Jv2UxXFdLJdh3jXuOzWiL1fo0bu/FbuKpbc=
go.yaml.in/yaml/v3 v3.0.4/go.mod h1:DhzuOOF2ATzADvBadXxruRBLzYTpT36CKvDb3+aBEFg=
go.mongodb.org/mongo-driver/v2 v2.5.0 h1:yXUhImUjjAInNcpTcAlPHiT7bIXhshCTL3jVBkF3xaE=
go.mongodb.org/mongo-driver/v2 v2.5.0/go.mod h1:yOI9kBsufol30iFsl1slpdq1I0eHPzybRWdyYUs8K/0=
go.uber.org/mock v0.6.0 h1:hyF9dfmbgIX5EfOdasqLsWD6xqpNZlXblLB/Dbnwv3Y=
go.uber.org/mock v0.6.0/go.mod h1:KiVJ4BqZJaMj4svdfmHM0AUx4NJYO8ZNpPnZn1Z+BBU=
go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
golang.org/x/arch v0.28.0 h1:wVwVdqsTuUbJvhYVCspQYwZXHNYeLSoZnmHD+ggddpQ=
golang.org/x/arch v0.28.0/go.mod h1:0X+GdSIP+kL5wPmpK7sdkEVTt2XoYP0cSjQSbZBwOi8=
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
golang.org/x/crypto v0.53.0 h1:QZ4Muo8THX6CizN2vPPd5fBGHyogrdK9fG4wLPFUsto=
golang.org/x/crypto v0.53.0/go.mod h1:DNLU434OwVakk9PzuwV8w62mAJpRJL3vsgcfp4Qnsio=
golang.org/x/exp v0.0.0-20250305212735-054e65f0b394 h1:nDVHiLt8aIbd/VzvPWN6kSOPE7+F/fNFDSXLVYkE/Iw=
golang.org/x/exp v0.0.0-20250305212735-054e65f0b394/go.mod h1:sIifuuw/Yco/y6yb6+bDNfyeQ/MdPUy/hKEMYQV17cM=
golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
golang.org/x/mod v0.37.0 h1:vF1DjpVEshcIqoEaauuHebaLk1O1forxjxBaVn884JQ=
golang.org/x/mod v0.37.0/go.mod h1:m8S8VeM9r4dzDwjrKO0a1sZP3YjeMamRRlD+fmR2Q/0=
golang.org/x/mod v0.36.0 h1:JJjpVx6myfUsUdAzZuOSTTmRE0PfZeNWzzvKrP7amb4=
golang.org/x/mod v0.36.0/go.mod h1:moc6ELqsWcOw5Ef3xVprK5ul/MvtVvkIXLziUOICjUQ=
golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
golang.org/x/net v0.0.0-20210421230115-4e50805a0758/go.mod h1:72T/g9IO56b78aLF+1Kcs5dz7/ng1VjMUvfKvpfy+jM=
golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
golang.org/x/net v0.56.0 h1:Rw8j/hFzGvJUZwNBXnAtf5sVDVt+65SK2C7IxCxZt5o=
@@ -135,6 +166,7 @@ golang.org/x/sync v0.21.0 h1:HLII4xRRTtCRkxYp4HNFF0Js/Og6q2i++KXbg0gHCwM=
golang.org/x/sync v0.21.0/go.mod h1:9xrNwdLfx4jkKbNva9FpL6vEN7evnE43NNNJQ2LF3+0=
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210420072515-93ed5bcd2bfe/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
@@ -146,6 +178,7 @@ golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuX
golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
golang.org/x/text v0.38.0 h1:sXmwo9DwP3OK9EZ7PqAdaooSGozfl/3a6/xJcbzPRhE=
@@ -159,9 +192,22 @@ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8T
google.golang.org/protobuf v1.36.11 h1:fV6ZwhNocDyBLK0dj+fg8ektcVegBBuEolpbTQyBNVE=
google.golang.org/protobuf v1.36.11/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
sigs.k8s.io/yaml v1.6.0 h1:G8fkbMSAFqgEFgh4b1wmtzDnioxFCUgTZhlbj5P9QYs=
sigs.k8s.io/yaml v1.6.0/go.mod h1:796bPqUfzR/0jLAl6XjHl3Ck7MiyVv8dbTdyT3/pMf4=
modernc.org/libc v1.61.13 h1:3LRd6ZO1ezsFiX1y+bHd1ipyEHIJKvuprv0sLTBwLW8=
modernc.org/libc v1.61.13/go.mod h1:8F/uJWL/3nNil0Lgt1Dpz+GgkApWh04N3el3hxJcA6E=
modernc.org/mathutil v1.7.1 h1:GCZVGXdaN8gTqB1Mf/usp1Y/hSqgI2vAGGP4jZMCxOU=
modernc.org/mathutil v1.7.1/go.mod h1:4p5IwJITfppl0G4sUEDtCr4DthTaT47/N3aT6MhfgJg=
modernc.org/memory v1.9.1 h1:V/Z1solwAVmMW1yttq3nDdZPJqV1rM05Ccq6KMSZ34g=
modernc.org/memory v1.9.1/go.mod h1:/JP4VbVC+K5sU2wZi9bHoq2MAkCnrt2r98UGeSK7Mjw=
modernc.org/sqlite v1.36.2 h1:vjcSazuoFve9Wm0IVNHgmJECoOXLZM1KfMXbcX2axHA=
modernc.org/sqlite v1.36.2/go.mod h1:ADySlx7K4FdY5MaJcEv86hTJ0PjedAloTUuif0YS3ws=
internal/auth/JWT_README.md
+108
View File
@@ -0,0 +1,108 @@
# JWT Аутентификация — AegisGuard API
## Схема работы
- **access_token** — JWT, живёт 24 часа. Передаётся в заголовке `Authorization: Bearer`.
- **refresh_token** — случайная строка, хранится в БД в виде хеша. Используется **один раз** (ротация): при запросе новой пары старый токен удаляется.
- Регистрация сразу возвращает токены — отдельный логин не нужен.
## Эндпоинты
### POST /api/auth/register
Создание аккаунта.
```
Запрос:
{ "username": "john", "email": "john@example.com", "password": "Secret123" }
Ответ 201:
{
"token": "eyJhbGciOiJIUzI1NiIs...",
"refresh_token": "dGhpcyBpcyBhIHJlZnJlc2ggdG9rZW4=",
"user": {
"id": "uuid",
"username": "john",
"email": "john@example.com",
"created_at": "2026-06-13T12:00:00Z"
}
}
```
- `username` — 330 символов
- `email` — валидный email
- `password` — минимум 8 символов, обязательно заглавная + строчная + цифра
Ошибки: `400` (валидация), `409` (email уже занят).
### POST /api/auth/login
```
Запрос:
{ "email": "john@example.com", "password": "Secret123" }
Ответ 200:
{ "token": "...", "refresh_token": "...", "user": { ... } }
```
Rate limit: 10 попыток в минуту с одного IP (`429 Too Many Requests`).
### POST /api/auth/refresh
Обновить токены по refresh_token. Старый удаляется, выдаётся новая пара.
```
Запрос:
{ "refresh_token": "dGhpcyBpcyBhIHJlZnJlc2ggdG9rZW4=" }
Ответ 200:
{ "token": "...", "refresh_token": "...", "user": { ... } }
```
### POST /api/auth/logout
Удалить refresh_token из БД.
```
Запрос:
{ "refresh_token": "dGhpcyBpcyBhIHJlZnJlc2ggdG9rZW4=" }
Ответ 200:
{ "message": "logged out successfully" }
```
## Заголовок авторизации
```
Authorization: Bearer <access_token>
```
## Формат JWT
```json
{
"user_id": "uuid",
"email": "john@example.com",
"sub": "uuid",
"exp": 1718000000,
"iat": 1717913600
}
```
- `user_id` — UUID пользователя
- `email` — Email пользователя
- `sub` — то же, что `user_id`
- `exp` — Unix-timestamp истечения токена
- `iat` — Unix-timestamp выпуска токена
## Формат ошибок
```json
{ "error": "описание" }
```
- `400` — ошибка валидации
- `401` — неверный email/пароль, токен протух или невалиден
- `409` — email уже зарегистрирован
- `429` — превышен лимит попыток логина
- `500` — внутренняя ошибка сервера
internal/auth/auth.go
+48
View File
@@ -0,0 +1,48 @@
package auth
import (
"fmt"
"time"
"github.com/golang-jwt/jwt/v5"
)
type Claims struct {
UserID string `json:"user_id"`
Email string `json:"email"`
jwt.RegisteredClaims
}
func GenerateToken(userID, email string, secret []byte, expiration time.Duration) (string, error) {
claims := Claims{
UserID: userID,
Email: email,
RegisteredClaims: jwt.RegisteredClaims{
Subject: userID,
ExpiresAt: jwt.NewNumericDate(time.Now().Add(expiration)),
IssuedAt: jwt.NewNumericDate(time.Now()),
},
}
token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
return token.SignedString(secret)
}
func ValidateToken(tokenString string, secret []byte) (*Claims, error) {
token, err := jwt.ParseWithClaims(tokenString, &Claims{}, func(t *jwt.Token) (interface{}, error) {
if _, ok := t.Method.(*jwt.SigningMethodHMAC); !ok {
return nil, fmt.Errorf("unexpected signing method: %v", t.Header["alg"])
}
return secret, nil
})
if err != nil {
return nil, err
}
claims, ok := token.Claims.(*Claims)
if !ok || !token.Valid {
return nil, fmt.Errorf("invalid token")
}
return claims, nil
}
internal/auth/handler.go
+271
View File
@@ -0,0 +1,271 @@
package auth
import (
"errors"
"log"
"net/http"
"github.com/gin-gonic/gin"
)
type Handler struct {
service *Service
}
func NewHandler(service *Service) *Handler {
return &Handler{service: service}
}
// @Summary Register epta
// @Description Create user account with username, email, password
// @Tags auth
// @Accept json
// @Produce json
// @Param request body RegisterRequest true "Registration details"
// @Success 201 {object} AuthResponse
// @Failure 400 {object} ErrorResponse
// @Failure 409 {object} ErrorResponse
// @Router /api/auth/register [post]
func (h *Handler) Register(c *gin.Context) {
var req RegisterRequest
if err := c.ShouldBindJSON(&req); err != nil {
c.JSON(http.StatusBadRequest, ErrorResponse{Error: err.Error()})
return
}
resp, err := h.service.Register(c.Request.Context(), req)
if err != nil {
if errors.Is(err, ErrEmailExists) {
c.JSON(http.StatusConflict, ErrorResponse{Error: err.Error()})
return
}
if errors.Is(err, ErrWeakPassword) {
c.JSON(http.StatusBadRequest, ErrorResponse{Error: err.Error()})
return
}
log.Printf("register error: %v", err)
c.JSON(http.StatusInternalServerError, ErrorResponse{Error: "internal server error"})
return
}
c.JSON(http.StatusCreated, resp)
}
// @Summary Login
// @Description Authenticate user with email and password, returns JWT token
// @Tags auth
// @Accept json
// @Produce json
// @Param request body LoginRequest true "Login credentials"
// @Success 200 {object} AuthResponse
// @Failure 400 {object} ErrorResponse
// @Failure 401 {object} ErrorResponse
// @Router /api/auth/login [post]
func (h *Handler) Login(c *gin.Context) {
var req LoginRequest
if err := c.ShouldBindJSON(&req); err != nil {
c.JSON(http.StatusBadRequest, ErrorResponse{Error: err.Error()})
return
}
resp, err := h.service.Login(c.Request.Context(), req)
if err != nil {
if errors.Is(err, ErrInvalidCreds) {
c.JSON(http.StatusUnauthorized, ErrorResponse{Error: err.Error()})
return
}
log.Printf("login error: %v", err)
c.JSON(http.StatusInternalServerError, ErrorResponse{Error: "internal server error"})
return
}
c.JSON(http.StatusOK, resp)
}
// @Summary Refresh epta token
// @Description Get a new access token using a refresh token
// @Tags auth
// @Accept json
// @Produce json
// @Param request body RefreshRequest true "Refresh token"
// @Success 200 {object} AuthResponse
// @Failure 400 {object} ErrorResponse
// @Failure 401 {object} ErrorResponse
// @Router /api/auth/refresh [post]
func (h *Handler) Refresh(c *gin.Context) {
var req RefreshRequest
if err := c.ShouldBindJSON(&req); err != nil {
c.JSON(http.StatusBadRequest, ErrorResponse{Error: err.Error()})
return
}
resp, err := h.service.Refresh(c.Request.Context(), req.RefreshToken)
if err != nil {
if errors.Is(err, ErrInvalidRefresh) || errors.Is(err, ErrRefreshExpired) {
c.JSON(http.StatusUnauthorized, ErrorResponse{Error: err.Error()})
return
}
log.Printf("refresh error: %v", err)
c.JSON(http.StatusInternalServerError, ErrorResponse{Error: "internal server error"})
return
}
c.JSON(http.StatusOK, resp)
}
// @Summary Logout epta
// @Description Invalidate a refresh token (logout)
// @Tags auth
// @Accept json
// @Produce json
// @Param request body LogoutRequest true "Refresh token to invalidate"
// @Success 200 {object} map[string]string
// @Failure 400 {object} ErrorResponse
// @Failure 401 {object} ErrorResponse
// @Router /api/auth/logout [post]
func (h *Handler) Logout(c *gin.Context) {
var req LogoutRequest
if err := c.ShouldBindJSON(&req); err != nil {
c.JSON(http.StatusBadRequest, ErrorResponse{Error: err.Error()})
return
}
if err := h.service.Logout(c.Request.Context(), req.RefreshToken); err != nil {
if errors.Is(err, ErrLogoutInvalid) {
c.JSON(http.StatusUnauthorized, ErrorResponse{Error: err.Error()})
return
}
log.Printf("logout error: %v", err)
c.JSON(http.StatusInternalServerError, ErrorResponse{Error: "internal server error"})
return
}
c.JSON(http.StatusOK, gin.H{"message": "logged out successfully"})
}
// @Summary Get epta current user
// @Description Get authenticated user's profile
// @Tags auth
// @Accept json
// @Produce json
// @Security Bearer
// @Success 200 {object} UserResponse
// @Failure 401 {object} ErrorResponse
// @Router /api/auth/me [get]
func (h *Handler) Me(c *gin.Context) {
rawUserID, exists := c.Get("user_id")
if !exists {
c.JSON(http.StatusUnauthorized, ErrorResponse{Error: "unauthorized"})
return
}
userID, ok := rawUserID.(string)
if !ok {
c.JSON(http.StatusInternalServerError, ErrorResponse{Error: "invalid user ID in context"})
return
}
user, err := h.service.GetUserByID(c.Request.Context(), userID)
if err != nil {
if errors.Is(err, ErrUserNotFound) || errors.Is(err, ErrInvalidUserID) {
c.JSON(http.StatusNotFound, ErrorResponse{Error: err.Error()})
return
}
log.Printf("me error: %v", err)
c.JSON(http.StatusInternalServerError, ErrorResponse{Error: "internal server error"})
return
}
c.JSON(http.StatusOK, UserResponse{User: *user})
}
// @Summary Change epta password
// @Description Change current user's password
// @Tags auth
// @Accept json
// @Produce json
// @Security Bearer
// @Param request body PasswordChangeRequest true "Password change details"
// @Success 200 {object} map[string]string
// @Failure 400 {object} ErrorResponse
// @Failure 401 {object} ErrorResponse
// @Router /api/auth/password [put]
func (h *Handler) ChangePassword(c *gin.Context) {
rawUserID, exists := c.Get("user_id")
if !exists {
c.JSON(http.StatusUnauthorized, ErrorResponse{Error: "unauthorized"})
return
}
userID, ok := rawUserID.(string)
if !ok {
c.JSON(http.StatusInternalServerError, ErrorResponse{Error: "invalid user ID in context"})
return
}
var req PasswordChangeRequest
if err := c.ShouldBindJSON(&req); err != nil {
c.JSON(http.StatusBadRequest, ErrorResponse{Error: err.Error()})
return
}
if err := h.service.ChangePassword(c.Request.Context(), userID, req); err != nil {
if errors.Is(err, ErrWrongPassword) || errors.Is(err, ErrSamePassword) || errors.Is(err, ErrWeakPassword) {
c.JSON(http.StatusBadRequest, ErrorResponse{Error: err.Error()})
return
}
if errors.Is(err, ErrUserNotFound) || errors.Is(err, ErrInvalidUserID) {
c.JSON(http.StatusNotFound, ErrorResponse{Error: err.Error()})
return
}
log.Printf("change password error: %v", err)
c.JSON(http.StatusInternalServerError, ErrorResponse{Error: "internal server error"})
return
}
c.JSON(http.StatusOK, gin.H{"message": "password changed successfully"})
}
// @Summary Update epta profile
// @Description Update current user's username
// @Tags auth
// @Accept json
// @Produce json
// @Security Bearer
// @Param request body UpdateProfileRequest true "Profile update"
// @Success 200 {object} UserResponse
// @Failure 400 {object} ErrorResponse
// @Failure 401 {object} ErrorResponse
// @Router /api/auth/me [put]
func (h *Handler) UpdateProfile(c *gin.Context) {
rawUserID, exists := c.Get("user_id")
if !exists {
c.JSON(http.StatusUnauthorized, ErrorResponse{Error: "unauthorized"})
return
}
userID, ok := rawUserID.(string)
if !ok {
c.JSON(http.StatusInternalServerError, ErrorResponse{Error: "invalid user ID in context"})
return
}
var req UpdateProfileRequest
if err := c.ShouldBindJSON(&req); err != nil {
c.JSON(http.StatusBadRequest, ErrorResponse{Error: err.Error()})
return
}
user, err := h.service.UpdateProfile(c.Request.Context(), userID, req)
if err != nil {
if errors.Is(err, ErrUserNotFound) || errors.Is(err, ErrInvalidUserID) {
c.JSON(http.StatusNotFound, ErrorResponse{Error: err.Error()})
return
}
log.Printf("update profile error: %v", err)
c.JSON(http.StatusInternalServerError, ErrorResponse{Error: "internal server error"})
return
}
c.JSON(http.StatusOK, UserResponse{User: *user})
}
internal/auth/middleware.go
+34
View File
@@ -0,0 +1,34 @@
package auth
import (
"net/http"
"strings"
"github.com/gin-gonic/gin"
)
func AuthMiddleware(jwtSecret []byte) gin.HandlerFunc {
return func(c *gin.Context) {
authHeader := c.GetHeader("Authorization")
if authHeader == "" {
c.AbortWithStatusJSON(http.StatusUnauthorized, ErrorResponse{Error: "authorization header required"})
return
}
parts := strings.SplitN(authHeader, " ", 2)
if len(parts) != 2 || !strings.EqualFold(parts[0], "Bearer") {
c.AbortWithStatusJSON(http.StatusUnauthorized, ErrorResponse{Error: "invalid authorization header format"})
return
}
claims, err := ValidateToken(parts[1], jwtSecret)
if err != nil {
c.AbortWithStatusJSON(http.StatusUnauthorized, ErrorResponse{Error: "invalid or expired token"})
return
}
c.Set("user_id", claims.UserID)
c.Set("email", claims.Email)
c.Next()
}
}
internal/auth/models.go
+79
View File
@@ -0,0 +1,79 @@
package auth
import (
"time"
)
type User struct {
ID string `json:"id"`
Username string `json:"username"`
Email string `json:"email"`
PasswordHash string `json:"-"`
CreatedAt time.Time `json:"created_at"`
}
type RegisterRequest struct {
Username string `json:"username" binding:"required,min=3,max=30" example:"john"`
Email string `json:"email" binding:"required,email" example:"john@example.com"`
Password string `json:"password" binding:"required,min=8" example:"Secret123!"`
}
type LoginRequest struct {
Email string `json:"email" binding:"required,email" example:"john@example.com"`
Password string `json:"password" binding:"required" example:"secret123"`
}
type AuthResponse struct {
Token string `json:"token" example:"eyJhbGciOiJIUzI1NiIs..."`
RefreshToken string `json:"refresh_token" example:"dGhpcyBpcyBhIHJlZnJlc2ggdG9rZW4="`
User UserPublic `json:"user"`
}
type RefreshRequest struct {
RefreshToken string `json:"refresh_token" binding:"required" example:"dGhpcyBpcyBhIHJlZnJlc2ggdG9rZW4="`
}
type LogoutRequest struct {
RefreshToken string `json:"refresh_token" binding:"required" example:"dGhpcyBpcyBhIHJlZnJlc2ggdG9rZW4="`
}
type RefreshTokenDoc struct {
ID string `json:"id"`
UserID string `json:"user_id"`
TokenHash string `json:"token_hash"`
ExpiresAt time.Time `json:"expires_at"`
CreatedAt time.Time `json:"created_at"`
}
type UserPublic struct {
ID string `json:"id"`
Username string `json:"username"`
Email string `json:"email"`
CreatedAt time.Time `json:"created_at"`
}
func NewUserPublic(u *User) UserPublic {
return UserPublic{
ID: u.ID,
Username: u.Username,
Email: u.Email,
CreatedAt: u.CreatedAt,
}
}
type UserResponse struct {
User UserPublic `json:"user"`
}
type PasswordChangeRequest struct {
OldPassword string `json:"old_password" binding:"required" example:"Secret123!"`
NewPassword string `json:"new_password" binding:"required,min=8" example:"NewSecret456!"`
}
type UpdateProfileRequest struct {
Username string `json:"username" binding:"required,min=3,max=30" example:"john_updated"`
}
type ErrorResponse struct {
Error string `json:"error" example:"invalid email or password"`
}
internal/auth/ratelimit.go
+77
View File
@@ -0,0 +1,77 @@
package auth
import (
"net/http"
"sync"
"time"
"github.com/gin-gonic/gin"
)
type visitor struct {
count int
lastSeen time.Time
}
type RateLimiter struct {
mu sync.Mutex
visitors map[string]*visitor
rate int
window time.Duration
}
func NewRateLimiter(rate int, window time.Duration) *RateLimiter {
rl := &RateLimiter{
visitors: make(map[string]*visitor),
rate: rate,
window: window,
}
go rl.cleanup()
return rl
}
func (rl *RateLimiter) cleanup() {
ticker := time.NewTicker(10 * time.Minute)
defer ticker.Stop()
for range ticker.C {
rl.mu.Lock()
now := time.Now()
for ip, v := range rl.visitors {
if now.Sub(v.lastSeen) > rl.window*2 {
delete(rl.visitors, ip)
}
}
rl.mu.Unlock()
}
}
func (rl *RateLimiter) Middleware() gin.HandlerFunc {
return func(c *gin.Context) {
ip := c.ClientIP()
rl.mu.Lock()
v, exists := rl.visitors[ip]
now := time.Now()
if !exists || now.Sub(v.lastSeen) > rl.window {
rl.visitors[ip] = &visitor{count: 1, lastSeen: now}
rl.mu.Unlock()
c.Next()
return
}
v.count++
v.lastSeen = now
if v.count > rl.rate {
rl.mu.Unlock()
c.JSON(http.StatusTooManyRequests, ErrorResponse{Error: "too many requests, try again later"})
c.Abort()
return
}
rl.mu.Unlock()
c.Next()
}
}
internal/auth/repository.go
+101
View File
@@ -0,0 +1,101 @@
package auth
import (
"context"
"time"
"github.com/google/uuid"
"github.com/jackc/pgx/v5"
"github.com/jackc/pgx/v5/pgxpool"
)
type Repository struct {
pool *pgxpool.Pool
}
func NewRepository(pool *pgxpool.Pool) *Repository {
return &Repository{pool: pool}
}
func (r *Repository) CreateUser(ctx context.Context, user *User) error {
user.ID = uuid.New().String()
user.CreatedAt = time.Now().UTC()
_, err := r.pool.Exec(ctx,
`INSERT INTO users (id, username, email, password_hash, created_at) VALUES ($1, $2, $3, $4, $5)`,
user.ID, user.Username, user.Email, user.PasswordHash, user.CreatedAt,
)
return err
}
func (r *Repository) FindByEmail(ctx context.Context, email string) (*User, error) {
var user User
err := r.pool.QueryRow(ctx,
`SELECT id, username, email, password_hash, created_at FROM users WHERE email = $1`, email,
).Scan(&user.ID, &user.Username, &user.Email, &user.PasswordHash, &user.CreatedAt)
if err != nil {
return nil, err
}
return &user, nil
}
func (r *Repository) FindByID(ctx context.Context, id string) (*User, error) {
var user User
err := r.pool.QueryRow(ctx,
`SELECT id, username, email, password_hash, created_at FROM users WHERE id = $1`, id,
).Scan(&user.ID, &user.Username, &user.Email, &user.PasswordHash, &user.CreatedAt)
if err != nil {
return nil, err
}
return &user, nil
}
func (r *Repository) CreateRefreshToken(ctx context.Context, doc *RefreshTokenDoc) error {
doc.ID = uuid.New().String()
doc.CreatedAt = time.Now().UTC()
_, err := r.pool.Exec(ctx,
`INSERT INTO refresh_tokens (id, user_id, token_hash, expires_at, created_at) VALUES ($1, $2, $3, $4, $5)`,
doc.ID, doc.UserID, doc.TokenHash, doc.ExpiresAt, doc.CreatedAt,
)
return err
}
func (r *Repository) FindRefreshTokenByHash(ctx context.Context, hash string) (*RefreshTokenDoc, error) {
var doc RefreshTokenDoc
err := r.pool.QueryRow(ctx,
`SELECT id, user_id, token_hash, expires_at, created_at FROM refresh_tokens WHERE token_hash = $1 AND expires_at > NOW()`, hash,
).Scan(&doc.ID, &doc.UserID, &doc.TokenHash, &doc.ExpiresAt, &doc.CreatedAt)
if err != nil {
return nil, err
}
return &doc, nil
}
func (r *Repository) DeleteRefreshToken(ctx context.Context, id string) error {
_, err := r.pool.Exec(ctx, `DELETE FROM refresh_tokens WHERE id = $1`, id)
return err
}
func (r *Repository) UpdateUserUsername(ctx context.Context, id, username string) error {
_, err := r.pool.Exec(ctx, `UPDATE users SET username = $1 WHERE id = $2`, username, id)
return err
}
func (r *Repository) UpdateUserPassword(ctx context.Context, id, passwordHash string) error {
_, err := r.pool.Exec(ctx, `UPDATE users SET password_hash = $1 WHERE id = $2`, passwordHash, id)
return err
}
func (r *Repository) DeleteExpiredRefreshTokens(ctx context.Context) error {
_, err := r.pool.Exec(ctx, `DELETE FROM refresh_tokens WHERE expires_at <= NOW()`)
return err
}
func (r *Repository) DeleteRefreshTokenByHash(ctx context.Context, hash string) (bool, error) {
tag, err := r.pool.Exec(ctx, `DELETE FROM refresh_tokens WHERE token_hash = $1`, hash)
if err != nil {
return false, err
}
return tag.RowsAffected() > 0, nil
}
var ErrNoRows = pgx.ErrNoRows
internal/auth/service.go
+276
View File
@@ -0,0 +1,276 @@
package auth
import (
"context"
"crypto/rand"
"crypto/sha256"
"encoding/base64"
"errors"
"fmt"
"strings"
"time"
"unicode"
"golang.org/x/crypto/bcrypt"
)
var (
ErrEmailExists = errors.New("email already registered")
ErrInvalidCreds = errors.New("invalid email or password")
ErrUserNotFound = errors.New("user not found")
ErrInvalidUserID = errors.New("invalid user ID")
ErrInvalidRefresh = errors.New("invalid refresh token")
ErrRefreshExpired = errors.New("refresh token expired")
ErrLogoutInvalid = errors.New("refresh token not found or already used")
ErrWrongPassword = errors.New("current password is incorrect")
ErrWeakPassword = errors.New("password must be at least 8 characters with uppercase, lowercase, and digit")
ErrSamePassword = errors.New("new password must differ from current password")
)
type Service struct {
repo *Repository
jwtSecret []byte
jwtExp time.Duration
refreshExp time.Duration
}
func NewService(repo *Repository, jwtSecret string, jwtExp, refreshExp time.Duration) *Service {
return &Service{
repo: repo,
jwtSecret: []byte(jwtSecret),
jwtExp: jwtExp,
refreshExp: refreshExp,
}
}
func sha256Hex(data string) string {
h := sha256.Sum256([]byte(data))
return fmt.Sprintf("%x", h)
}
func generateRandomToken() (string, error) {
b := make([]byte, 32)
if _, err := rand.Read(b); err != nil {
return "", fmt.Errorf("failed to generate random bytes: %w", err)
}
return base64.RawURLEncoding.EncodeToString(b), nil
}
func validatePasswordStrength(password string) error {
if len(password) < 8 {
return ErrWeakPassword
}
var hasUpper, hasLower, hasDigit bool
for _, ch := range password {
switch {
case unicode.IsUpper(ch):
hasUpper = true
case unicode.IsLower(ch):
hasLower = true
case unicode.IsDigit(ch):
hasDigit = true
}
}
if !hasUpper || !hasLower || !hasDigit {
return ErrWeakPassword
}
return nil
}
func (s *Service) issueTokenPair(ctx context.Context, user *User) (*AuthResponse, error) {
accessToken, err := GenerateToken(user.ID, user.Email, s.jwtSecret, s.jwtExp)
if err != nil {
return nil, fmt.Errorf("failed to generate access token: %w", err)
}
rawRefresh, err := generateRandomToken()
if err != nil {
return nil, fmt.Errorf("failed to generate refresh token: %w", err)
}
refreshDoc := &RefreshTokenDoc{
UserID: user.ID,
TokenHash: sha256Hex(rawRefresh),
ExpiresAt: time.Now().UTC().Add(s.refreshExp),
}
if err := s.repo.CreateRefreshToken(ctx, refreshDoc); err != nil {
return nil, fmt.Errorf("failed to store refresh token: %w", err)
}
return &AuthResponse{
Token: accessToken,
RefreshToken: rawRefresh,
User: NewUserPublic(user),
}, nil
}
func (s *Service) Register(ctx context.Context, req RegisterRequest) (*AuthResponse, error) {
if err := validatePasswordStrength(req.Password); err != nil {
return nil, err
}
req.Email = strings.ToLower(req.Email)
existing, err := s.repo.FindByEmail(ctx, req.Email)
if err != nil && !errors.Is(err, ErrNoRows) {
return nil, fmt.Errorf("failed to check existing user: %w", err)
}
if existing != nil {
return nil, ErrEmailExists
}
hash, err := bcrypt.GenerateFromPassword([]byte(req.Password), bcrypt.DefaultCost)
if err != nil {
return nil, fmt.Errorf("failed to hash password: %w", err)
}
user := &User{
Username: req.Username,
Email: req.Email,
PasswordHash: string(hash),
}
if err := s.repo.CreateUser(ctx, user); err != nil {
if isPGUniqueViolation(err) {
return nil, ErrEmailExists
}
return nil, fmt.Errorf("failed to create user: %w", err)
}
return s.issueTokenPair(ctx, user)
}
func (s *Service) Login(ctx context.Context, req LoginRequest) (*AuthResponse, error) {
req.Email = strings.ToLower(req.Email)
user, err := s.repo.FindByEmail(ctx, req.Email)
if err != nil {
if errors.Is(err, ErrNoRows) {
return nil, ErrInvalidCreds
}
return nil, fmt.Errorf("failed to find user: %w", err)
}
if err := bcrypt.CompareHashAndPassword([]byte(user.PasswordHash), []byte(req.Password)); err != nil {
return nil, ErrInvalidCreds
}
return s.issueTokenPair(ctx, user)
}
func (s *Service) Refresh(ctx context.Context, rawRefresh string) (*AuthResponse, error) {
hash := sha256Hex(rawRefresh)
doc, err := s.repo.FindRefreshTokenByHash(ctx, hash)
if err != nil {
if errors.Is(err, ErrNoRows) {
return nil, ErrInvalidRefresh
}
return nil, fmt.Errorf("failed to find refresh token: %w", err)
}
if err := s.repo.DeleteRefreshToken(ctx, doc.ID); err != nil {
return nil, fmt.Errorf("failed to delete old refresh token: %w", err)
}
user, err := s.repo.FindByID(ctx, doc.UserID)
if err != nil {
return nil, fmt.Errorf("failed to find user: %w", err)
}
return s.issueTokenPair(ctx, user)
}
func (s *Service) Logout(ctx context.Context, rawRefresh string) error {
hash := sha256Hex(rawRefresh)
found, err := s.repo.DeleteRefreshTokenByHash(ctx, hash)
if err != nil {
return fmt.Errorf("failed to delete refresh token: %w", err)
}
if !found {
return ErrLogoutInvalid
}
return nil
}
func (s *Service) GetUserByID(ctx context.Context, userID string) (*UserPublic, error) {
if userID == "" {
return nil, ErrInvalidUserID
}
user, err := s.repo.FindByID(ctx, userID)
if err != nil {
if errors.Is(err, ErrNoRows) {
return nil, ErrUserNotFound
}
return nil, fmt.Errorf("failed to find user: %w", err)
}
public := NewUserPublic(user)
return &public, nil
}
func (s *Service) ChangePassword(ctx context.Context, userID string, req PasswordChangeRequest) error {
if userID == "" {
return ErrInvalidUserID
}
user, err := s.repo.FindByID(ctx, userID)
if err != nil {
if errors.Is(err, ErrNoRows) {
return ErrUserNotFound
}
return fmt.Errorf("failed to find user: %w", err)
}
if err := bcrypt.CompareHashAndPassword([]byte(user.PasswordHash), []byte(req.OldPassword)); err != nil {
return ErrWrongPassword
}
if req.OldPassword == req.NewPassword {
return ErrSamePassword
}
if err := validatePasswordStrength(req.NewPassword); err != nil {
return err
}
hash, err := bcrypt.GenerateFromPassword([]byte(req.NewPassword), bcrypt.DefaultCost)
if err != nil {
return fmt.Errorf("failed to hash password: %w", err)
}
if err := s.repo.UpdateUserPassword(ctx, userID, string(hash)); err != nil {
return fmt.Errorf("failed to update password: %w", err)
}
return nil
}
func (s *Service) UpdateProfile(ctx context.Context, userID string, req UpdateProfileRequest) (*UserPublic, error) {
if userID == "" {
return nil, ErrInvalidUserID
}
user, err := s.repo.FindByID(ctx, userID)
if err != nil {
if errors.Is(err, ErrNoRows) {
return nil, ErrUserNotFound
}
return nil, fmt.Errorf("failed to find user: %w", err)
}
if err := s.repo.UpdateUserUsername(ctx, userID, req.Username); err != nil {
return nil, fmt.Errorf("failed to update username: %w", err)
}
user.Username = req.Username
public := NewUserPublic(user)
return &public, nil
}
func isPGUniqueViolation(err error) bool {
return err != nil && (strings.Contains(err.Error(), "unique") || strings.Contains(err.Error(), "23505"))
}
internal/config/config.go
+64
View File
@@ -0,0 +1,64 @@
package config
import (
"fmt"
"log"
"os"
"time"
"github.com/joho/godotenv"
)
type Config struct {
ServerPort string
DatabaseURL string
JWTSecret string
JWTExpiration time.Duration
JWTRefreshExpiration time.Duration
}
func Load() (*Config, error) {
if err := godotenv.Load(); err != nil {
log.Printf("warning: .env file not loaded: %v", err)
}
cfg := &Config{
ServerPort: getEnv("SERVER_PORT", "8080"),
DatabaseURL: getEnv("DATABASE_URL", "postgres://localhost:5432/aegisguard?sslmode=disable"),
JWTSecret: getEnv("JWT_SECRET", ""),
JWTExpiration: 24 * time.Hour,
JWTRefreshExpiration: 7 * 24 * time.Hour,
}
if cfg.JWTSecret == "" {
return nil, fmt.Errorf("JWT_SECRET is required in .env file")
}
if len(cfg.JWTSecret) < 32 {
return nil, fmt.Errorf("JWT_SECRET must be at least 32 characters long")
}
if expStr := os.Getenv("JWT_EXPIRATION"); expStr != "" {
d, err := time.ParseDuration(expStr)
if err != nil {
return nil, fmt.Errorf("invalid JWT_EXPIRATION: %w", err)
}
cfg.JWTExpiration = d
}
if expStr := os.Getenv("JWT_REFRESH_EXPIRATION"); expStr != "" {
d, err := time.ParseDuration(expStr)
if err != nil {
return nil, fmt.Errorf("invalid JWT_REFRESH_EXPIRATION: %w", err)
}
cfg.JWTRefreshExpiration = d
}
return cfg, nil
}
func getEnv(key, defaultVal string) string {
if val := os.Getenv(key); val != "" {
return val
}
return defaultVal
}
internal/org/handler.go
+157
View File
@@ -0,0 +1,157 @@
package org
import (
"errors"
"log"
"net/http"
"github.com/gin-gonic/gin"
)
type Handler struct {
service *Service
}
func NewHandler(service *Service) *Handler {
return &Handler{service: service}
}
// @Summary Create organization
// @Description Create a new organization
// @Tags organizations
// @Accept json
// @Produce json
// @Security Bearer
// @Param request body CreateOrgRequest true "Organization details"
// @Success 201 {object} OrgResponse
// @Failure 400 {object} ErrorResponse
// @Failure 409 {object} ErrorResponse
// @Router /api/organizations [post]
func (h *Handler) Create(c *gin.Context) {
var req CreateOrgRequest
if err := c.ShouldBindJSON(&req); err != nil {
c.JSON(http.StatusBadRequest, ErrorResponse{Error: err.Error()})
return
}
org, err := h.service.Create(c.Request.Context(), req)
if err != nil {
if errors.Is(err, ErrSlugExists) {
c.JSON(http.StatusConflict, ErrorResponse{Error: err.Error()})
return
}
log.Printf("create org error: %v", err)
c.JSON(http.StatusInternalServerError, ErrorResponse{Error: "internal server error"})
return
}
c.JSON(http.StatusCreated, OrgResponse{Organization: *org})
}
// @Summary Get organization by ID
// @Description Get organization details
// @Tags organizations
// @Accept json
// @Produce json
// @Security Bearer
// @Param id path string true "Organization ID"
// @Success 200 {object} OrgResponse
// @Failure 404 {object} ErrorResponse
// @Router /api/organizations/{id} [get]
func (h *Handler) GetByID(c *gin.Context) {
id := c.Param("id")
org, err := h.service.GetByID(c.Request.Context(), id)
if err != nil {
if errors.Is(err, ErrNotFound) {
c.JSON(http.StatusNotFound, ErrorResponse{Error: err.Error()})
return
}
log.Printf("get org error: %v", err)
c.JSON(http.StatusInternalServerError, ErrorResponse{Error: "internal server error"})
return
}
c.JSON(http.StatusOK, OrgResponse{Organization: *org})
}
// @Summary List organizations
// @Description Get all organizations
// @Tags organizations
// @Accept json
// @Produce json
// @Security Bearer
// @Success 200 {object} OrgListResponse
// @Failure 500 {object} ErrorResponse
// @Router /api/organizations [get]
func (h *Handler) List(c *gin.Context) {
resp, err := h.service.List(c.Request.Context())
if err != nil {
log.Printf("list orgs error: %v", err)
c.JSON(http.StatusInternalServerError, ErrorResponse{Error: "internal server error"})
return
}
c.JSON(http.StatusOK, resp)
}
// @Summary Update organization
// @Description Update organization name
// @Tags organizations
// @Accept json
// @Produce json
// @Security Bearer
// @Param id path string true "Organization ID"
// @Param request body UpdateOrgRequest true "New organization details"
// @Success 200 {object} OrgResponse
// @Failure 400 {object} ErrorResponse
// @Failure 404 {object} ErrorResponse
// @Router /api/organizations/{id} [put]
func (h *Handler) Update(c *gin.Context) {
id := c.Param("id")
var req UpdateOrgRequest
if err := c.ShouldBindJSON(&req); err != nil {
c.JSON(http.StatusBadRequest, ErrorResponse{Error: err.Error()})
return
}
org, err := h.service.Update(c.Request.Context(), id, req)
if err != nil {
if errors.Is(err, ErrNotFound) {
c.JSON(http.StatusNotFound, ErrorResponse{Error: err.Error()})
return
}
log.Printf("update org error: %v", err)
c.JSON(http.StatusInternalServerError, ErrorResponse{Error: "internal server error"})
return
}
c.JSON(http.StatusOK, OrgResponse{Organization: *org})
}
// @Summary Delete organization
// @Description Delete an organization
// @Tags organizations
// @Accept json
// @Produce json
// @Security Bearer
// @Param id path string true "Organization ID"
// @Success 200 {object} map[string]string
// @Failure 404 {object} ErrorResponse
// @Router /api/organizations/{id} [delete]
func (h *Handler) Delete(c *gin.Context) {
id := c.Param("id")
if err := h.service.Delete(c.Request.Context(), id); err != nil {
if errors.Is(err, ErrNotFound) {
c.JSON(http.StatusNotFound, ErrorResponse{Error: err.Error()})
return
}
log.Printf("delete org error: %v", err)
c.JSON(http.StatusInternalServerError, ErrorResponse{Error: "internal server error"})
return
}
c.JSON(http.StatusOK, gin.H{"message": "organization deleted"})
}
internal/org/models.go
+33
View File
@@ -0,0 +1,33 @@
package org
import "time"
type Organization struct {
ID string `json:"id"`
Name string `json:"name"`
Slug string `json:"slug"`
CreatedAt time.Time `json:"created_at"`
UpdatedAt time.Time `json:"updated_at"`
}
type CreateOrgRequest struct {
Name string `json:"name" binding:"required,min=2,max=100" example:"My Corp"`
Slug string `json:"slug" binding:"required,min=2,max=50" example:"my-corp"`
}
type UpdateOrgRequest struct {
Name string `json:"name" binding:"required,min=2,max=100" example:"My Corp Updated"`
}
type OrgResponse struct {
Organization Organization `json:"organization"`
}
type OrgListResponse struct {
Organizations []Organization `json:"organizations"`
Total int `json:"total"`
}
type ErrorResponse struct {
Error string `json:"error"`
}
internal/org/repository.go
+77
View File
@@ -0,0 +1,77 @@
package org
import (
"context"
"time"
"github.com/google/uuid"
"github.com/jackc/pgx/v5"
"github.com/jackc/pgx/v5/pgxpool"
)
var ErrNoRows = pgx.ErrNoRows
type Repository struct {
pool *pgxpool.Pool
}
func NewRepository(pool *pgxpool.Pool) *Repository {
return &Repository{pool: pool}
}
func (r *Repository) Create(ctx context.Context, org *Organization) error {
org.ID = uuid.New().String()
now := time.Now().UTC()
org.CreatedAt = now
org.UpdatedAt = now
_, err := r.pool.Exec(ctx,
`INSERT INTO organizations (id, name, slug, created_at, updated_at) VALUES ($1, $2, $3, $4, $5)`,
org.ID, org.Name, org.Slug, org.CreatedAt, org.UpdatedAt,
)
return err
}
func (r *Repository) FindByID(ctx context.Context, id string) (*Organization, error) {
var org Organization
err := r.pool.QueryRow(ctx,
`SELECT id, name, slug, created_at, updated_at FROM organizations WHERE id = $1`, id,
).Scan(&org.ID, &org.Name, &org.Slug, &org.CreatedAt, &org.UpdatedAt)
if err != nil {
return nil, err
}
return &org, nil
}
func (r *Repository) FindAll(ctx context.Context) ([]Organization, error) {
rows, err := r.pool.Query(ctx,
`SELECT id, name, slug, created_at, updated_at FROM organizations ORDER BY created_at DESC`,
)
if err != nil {
return nil, err
}
defer rows.Close()
var orgs []Organization
for rows.Next() {
var org Organization
if err := rows.Scan(&org.ID, &org.Name, &org.Slug, &org.CreatedAt, &org.UpdatedAt); err != nil {
return nil, err
}
orgs = append(orgs, org)
}
return orgs, rows.Err()
}
func (r *Repository) Update(ctx context.Context, org *Organization) error {
org.UpdatedAt = time.Now().UTC()
_, err := r.pool.Exec(ctx,
`UPDATE organizations SET name = $1, updated_at = $2 WHERE id = $3`,
org.Name, org.UpdatedAt, org.ID,
)
return err
}
func (r *Repository) Delete(ctx context.Context, id string) error {
_, err := r.pool.Exec(ctx, `DELETE FROM organizations WHERE id = $1`, id)
return err
}
internal/org/service.go
+102
View File
@@ -0,0 +1,102 @@
package org
import (
"context"
"errors"
"fmt"
"strings"
)
var (
ErrNotFound = errors.New("organization not found")
ErrSlugExists = errors.New("slug already taken")
)
type Service struct {
repo *Repository
}
func NewService(repo *Repository) *Service {
return &Service{repo: repo}
}
func (s *Service) Create(ctx context.Context, req CreateOrgRequest) (*Organization, error) {
req.Slug = strings.ToLower(strings.TrimSpace(req.Slug))
org := &Organization{
Name: req.Name,
Slug: req.Slug,
}
if err := s.repo.Create(ctx, org); err != nil {
if isUniqueViolation(err) {
return nil, ErrSlugExists
}
return nil, fmt.Errorf("failed to create organization: %w", err)
}
return org, nil
}
func (s *Service) GetByID(ctx context.Context, id string) (*Organization, error) {
org, err := s.repo.FindByID(ctx, id)
if err != nil {
if errors.Is(err, ErrNoRows) {
return nil, ErrNotFound
}
return nil, fmt.Errorf("failed to find organization: %w", err)
}
return org, nil
}
func (s *Service) List(ctx context.Context) (*OrgListResponse, error) {
orgs, err := s.repo.FindAll(ctx)
if err != nil {
return nil, fmt.Errorf("failed to list organizations: %w", err)
}
if orgs == nil {
orgs = []Organization{}
}
return &OrgListResponse{
Organizations: orgs,
Total: len(orgs),
}, nil
}
func (s *Service) Update(ctx context.Context, id string, req UpdateOrgRequest) (*Organization, error) {
org, err := s.repo.FindByID(ctx, id)
if err != nil {
if errors.Is(err, ErrNoRows) {
return nil, ErrNotFound
}
return nil, fmt.Errorf("failed to find organization: %w", err)
}
org.Name = req.Name
if err := s.repo.Update(ctx, org); err != nil {
return nil, fmt.Errorf("failed to update organization: %w", err)
}
return org, nil
}
func (s *Service) Delete(ctx context.Context, id string) error {
org, err := s.repo.FindByID(ctx, id)
if err != nil {
if errors.Is(err, ErrNoRows) {
return ErrNotFound
}
return fmt.Errorf("failed to find organization: %w", err)
}
if err := s.repo.Delete(ctx, org.ID); err != nil {
return fmt.Errorf("failed to delete organization: %w", err)
}
return nil
}
func isUniqueViolation(err error) bool {
return err != nil && (strings.Contains(err.Error(), "unique") || strings.Contains(err.Error(), "23505"))
}
migrations/00001_init.sql
+20
View File
@@ -0,0 +1,20 @@
CREATE TABLE IF NOT EXISTS users (
id UUID PRIMARY KEY,
username TEXT NOT NULL,
email TEXT NOT NULL UNIQUE,
password_hash TEXT NOT NULL,
created_at TIMESTAMPTZ NOT NULL DEFAULT NOW()
);
CREATE TABLE IF NOT EXISTS refresh_tokens (
id UUID PRIMARY KEY,
user_id UUID NOT NULL REFERENCES users(id) ON DELETE CASCADE,
token_hash TEXT NOT NULL UNIQUE,
expires_at TIMESTAMPTZ NOT NULL,
created_at TIMESTAMPTZ NOT NULL DEFAULT NOW()
);
CREATE INDEX IF NOT EXISTS idx_refresh_tokens_expires_at ON refresh_tokens(expires_at);
DROP TABLE IF EXISTS refresh_tokens;
DROP TABLE IF EXISTS users;
migrations/00002_create_organizations.sql
+11
View File
@@ -0,0 +1,11 @@
-- +goose Up
CREATE TABLE IF NOT EXISTS organizations (
id UUID PRIMARY KEY,
name TEXT NOT NULL,
slug TEXT NOT NULL UNIQUE,
created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
updated_at TIMESTAMPTZ NOT NULL DEFAULT NOW()
);
-- +goose Down
DROP TABLE IF EXISTS organizations;