Optimized login system

handlers/account.go

@@ -3,6 +3,7 @@ package handlers
 import (
 	"encoding/json"
 	"net/http"
+	"os"
 	"shap-planner-backend/auth"
 	"shap-planner-backend/models"
 	"shap-planner-backend/storage"
@@ -11,16 +12,30 @@ import (
 
 func Register(w http.ResponseWriter, r *http.Request) {
 	var user models.User
-	_ = json.NewDecoder(r.Body).Decode(&user)
+	if err := json.NewDecoder(r.Body).Decode(&user); err != nil {
-	hashed, _ := auth.HashPassword(user.Password)
+		http.Error(w, "Invalid request body", http.StatusBadRequest)
-	user.Password = hashed
-	user.ID = utils.GenerateUUID()
-
-	err := storage.AddUser(user)
-	if err != nil {
-		http.Error(w, "User exists", http.StatusBadRequest)
 		return
 	}
+
+	if user.Username == "" || user.Password == "" {
+		http.Error(w, "username and password required", http.StatusBadRequest)
+		return
+	}
+
+	hashed, err := auth.HashPassword(user.Password)
+	if err != nil {
+		http.Error(w, "internal error", http.StatusInternalServerError)
+		return
+	}
+	user.Password = hashed
+	user.ID = utils.GenerateUUID()
+	user.Role = "user"
+
+	if err := storage.AddUser(user); err != nil {
+		http.Error(w, "user already exists", http.StatusBadRequest)
+		return
+	}
+
 	w.WriteHeader(http.StatusCreated)
 }
 
@@ -29,23 +44,68 @@ func Login(w http.ResponseWriter, r *http.Request) {
 		Username string `json:"username"`
 		Password string `json:"password"`
 	}
-	_ = json.NewDecoder(r.Body).Decode(&creds)
+	if err := json.NewDecoder(r.Body).Decode(&creds); err != nil {
+		http.Error(w, "Invalid request", http.StatusBadRequest)
+		return
+	}
 
 	user, err := storage.GetUserByUsername(creds.Username)
 	if err != nil {
-		http.Error(w, "User not found", http.StatusUnauthorized)
+		http.Error(w, "Invalid credentials", http.StatusUnauthorized)
 		return
 	}
 
 	if !auth.CheckPasswordHash(creds.Password, user.Password) {
-		http.Error(w, "Wrong password", http.StatusUnauthorized)
+		http.Error(w, "Invalid credentials", http.StatusUnauthorized)
 		return
 	}
 
-	// TODO: JWT oder Session-Token erzeugen
+	secret := []byte(os.Getenv("SHAP_JWT_SECRET"))
-	w.WriteHeader(http.StatusOK)
+	if len(secret) == 0 {
-	err = json.NewEncoder(w).Encode(user)
+		http.Error(w, "Server misconfiguration", http.StatusInternalServerError)
-	if err != nil {
 		return
 	}
+
+	token, err := auth.GenerateJWT(user.ID, user.Role, secret)
+	if err != nil {
+		http.Error(w, "Could not generate token", http.StatusInternalServerError)
+		return
+	}
+
+	type userResp struct {
+		ID       string `json:"id"`
+		Username string `json:"username"`
+		Role     string `json:"role"`
+	}
+
+	w.Header().Set("Content-Type", "application/json")
+	json.NewEncoder(w).Encode(map[string]interface{}{
+		"token": token,
+		"user": userResp{
+			ID:       user.ID,
+			Username: user.Username,
+			Role:     user.Role,
+		},
+	})
+}
+
+func TestHandler(w http.ResponseWriter, r *http.Request) {
+	claimsRaw := r.Context().Value(auth.UserContextKey)
+	if claimsRaw == nil {
+		http.Error(w, "No claims in context", http.StatusUnauthorized)
+		return
+	}
+
+	claims, ok := claimsRaw.(*auth.Claims)
+	if !ok {
+		http.Error(w, "Invalid claims", http.StatusUnauthorized)
+		return
+	}
+
+	w.Header().Set("Content-Type", "application/json")
+	json.NewEncoder(w).Encode(map[string]interface{}{
+		"user_id": claims.UserID,
+		"role":    claims.Role,
+		"msg":     "access granted to protected endpoint",
+	})
 }

models/dbmodels.go

@@ -4,6 +4,7 @@ type User struct {
 	ID       string `json:"id"`
 	Username string `json:"username"`
 	Password string `json:"password"`
+	Role     string `json:"role"`
 }
 
 type Expense struct {

models/loginmodels.go

@@ -0,0 +1,10 @@
+package models
+
+import "time"
+
+type RefreshToken struct {
+	ID        string    `json:id`
+	UserID    string    `json:userid`
+	Token     string    `json:token`
+	ExpiresAt time.Time `json:expiresat`
+}

server/server.go

@@ -45,13 +45,16 @@ func InitServer() *Server {
 func (server *Server) Run() {
 	mux := http.NewServeMux()
 
-	mux.HandleFunc("/login", handlers.Login)
+	// Public
+	mux.HandleFunc("/api/login", handlers.Login)
+	mux.HandleFunc("/api/register", handlers.Register)
 
-	protected := auth.AuthMiddleware(server.JWTSecret)(http.HandlerFunc(handlers.GetExpenses))
+	// Login required
-	mux.Handle("/expenses", protected)
+	mux.Handle("/api/expenses", auth.AuthMiddleware(server.JWTSecret)(http.HandlerFunc(handlers.GetExpenses)))
+	mux.Handle("/api/ping", auth.AuthMiddleware(server.JWTSecret)(http.HandlerFunc(handlers.TestHandler)))
 
-	adminOnly := auth.AuthMiddleware(server.JWTSecret)(auth.RequireRole("admin")(http.HandlerFunc(handlers.AdminPanel)))
+	// Admin-only
-	mux.Handle("/admin", adminOnly)
+	mux.Handle("/api/admin", auth.AuthMiddleware(server.JWTSecret)(auth.RequireRole("admin")(http.HandlerFunc(handlers.AdminPanel))))
 
 	log.Printf("Listening on port %s", server.Port)
 	log.Fatal(http.ListenAndServe(":"+server.Port, mux))

storage/storage.go

@@ -2,8 +2,9 @@ package storage
 
 import (
 	"database/sql"
-	_ "github.com/glebarez/go-sqlite"
 	"shap-planner-backend/models"
+
+	_ "github.com/glebarez/go-sqlite"
 )
 
 var DB *sql.DB
@@ -34,7 +35,7 @@ func InitDB(filepath string) error {
 }
 
 func AddUser(user models.User) error {
-	_, err := DB.Exec("INSERT INTO users(id, username, password) VALUES (?, ?, ?)", user.ID, user.Username, user.Password)
+	_, err := DB.Exec("INSERT INTO users(id, username, password, role) VALUES (?, ?, ?, ?)", user.ID, user.Username, user.Password, user.Role)
 	return err
 }