feat: завершён этап 2 - Аутентификация Core Service

- Реализована JWT аутентификация с organization-scope - Добавлено хеширование паролей через bcrypt - Созданы репозитории для организаций и пользователей - Реализован AuthService с бизнес-логикой - Добавлен AuthMiddleware для проверки токенов - Созданы handlers для регистрации и входа - Обновлён API сервер для использования аутентификации Готово для этапа 3 - API структура
2025-08-27 14:56:33 +04:00
parent 9777114e16
commit ae84ce74a7
11 changed files with 581 additions and 34 deletions
--- a/core-service/internal/api/handlers/auth.go
+++ b/core-service/internal/api/handlers/auth.go
@@ -0,0 +1,78 @@
+package handlers
+
+import (
+	"net/http"
+
+	"erp-mvp/core-service/internal/models"
+	"erp-mvp/core-service/internal/service"
+	"github.com/gin-gonic/gin"
+	"github.com/go-playground/validator/v10"
+)
+
+type AuthHandler struct {
+	authService service.AuthService
+	validate    *validator.Validate
+}
+
+func NewAuthHandler(authService service.AuthService) *AuthHandler {
+	return &AuthHandler{
+		authService: authService,
+		validate:    validator.New(),
+	}
+}
+
+// Register регистрация новой организации и пользователя
+func (h *AuthHandler) Register(c *gin.Context) {
+	var req models.RegisterRequest
+	if err := c.ShouldBindJSON(&req); err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "Invalid request body"})
+		return
+	}
+
+	// Валидируем запрос
+	if err := h.validate.Struct(req); err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "Validation failed", "details": err.Error()})
+		return
+	}
+
+	// Выполняем регистрацию
+	response, err := h.authService.Register(c.Request.Context(), &req)
+	if err != nil {
+		if validationErr, ok := err.(*service.ValidationError); ok {
+			c.JSON(http.StatusBadRequest, gin.H{"error": validationErr.Message})
+			return
+		}
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "Registration failed"})
+		return
+	}
+
+	c.JSON(http.StatusCreated, response)
+}
+
+// Login вход в систему
+func (h *AuthHandler) Login(c *gin.Context) {
+	var req models.LoginRequest
+	if err := c.ShouldBindJSON(&req); err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "Invalid request body"})
+		return
+	}
+
+	// Валидируем запрос
+	if err := h.validate.Struct(req); err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "Validation failed", "details": err.Error()})
+		return
+	}
+
+	// Выполняем вход
+	response, err := h.authService.Login(c.Request.Context(), &req)
+	if err != nil {
+		if validationErr, ok := err.(*service.ValidationError); ok {
+			c.JSON(http.StatusUnauthorized, gin.H{"error": validationErr.Message})
+			return
+		}
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "Login failed"})
+		return
+	}
+
+	c.JSON(http.StatusOK, response)
+}
--- a/core-service/internal/api/middleware/auth.go
+++ b/core-service/internal/api/middleware/auth.go
@@ -0,0 +1,57 @@
+package middleware
+
+import (
+	"net/http"
+	"strings"
+
+	"erp-mvp/core-service/internal/auth"
+	"github.com/gin-gonic/gin"
+)
+
+type AuthMiddleware struct {
+	jwtService *auth.JWTService
+}
+
+func NewAuthMiddleware(jwtService *auth.JWTService) *AuthMiddleware {
+	return &AuthMiddleware{
+		jwtService: jwtService,
+	}
+}
+
+func (m *AuthMiddleware) AuthRequired() gin.HandlerFunc {
+	return func(c *gin.Context) {
+		// Получаем токен из заголовка Authorization
+		authHeader := c.GetHeader("Authorization")
+		if authHeader == "" {
+			c.JSON(http.StatusUnauthorized, gin.H{"error": "Authorization header required"})
+			c.Abort()
+			return
+		}
+
+		// Проверяем формат "Bearer <token>"
+		tokenParts := strings.Split(authHeader, " ")
+		if len(tokenParts) != 2 || tokenParts[0] != "Bearer" {
+			c.JSON(http.StatusUnauthorized, gin.H{"error": "Invalid authorization header format"})
+			c.Abort()
+			return
+		}
+
+		tokenString := tokenParts[1]
+
+		// Валидируем токен
+		claims, err := m.jwtService.ValidateToken(tokenString)
+		if err != nil {
+			c.JSON(http.StatusUnauthorized, gin.H{"error": "Invalid token"})
+			c.Abort()
+			return
+		}
+
+		// Сохраняем claims в контексте
+		c.Set("user_id", claims.UserID)
+		c.Set("organization_id", claims.OrganizationID)
+		c.Set("email", claims.Email)
+		c.Set("role", claims.Role)
+
+		c.Next()
+	}
+}
--- a/core-service/internal/api/server.go
+++ b/core-service/internal/api/server.go
@@ -5,8 +5,13 @@ import (
 	"database/sql"
 	"net/http"

+	"erp-mvp/core-service/internal/auth"
 	"erp-mvp/core-service/internal/config"
 	"erp-mvp/core-service/internal/logger"
+	"erp-mvp/core-service/internal/repository"
+	"erp-mvp/core-service/internal/service"
+	"erp-mvp/core-service/internal/api/handlers"
+	"erp-mvp/core-service/internal/api/middleware"

 	"github.com/gin-gonic/gin"
 )
@@ -16,14 +21,42 @@ type Server struct {
 	db     *sql.DB
 	logger logger.Logger
 	router *gin.Engine
+
+	// Services
+	authService service.AuthService
+
+	// Handlers
+	authHandler *handlers.AuthHandler
+
+	// Middleware
+	authMiddleware *middleware.AuthMiddleware
 }

 func NewServer(cfg *config.Config, db *sql.DB, log logger.Logger) *Server {
+	// Инициализируем JWT сервис
+	jwtService := auth.NewJWTService(cfg.JWT.Secret, cfg.JWT.TTL)
+
+	// Инициализируем репозитории
+	orgRepo := repository.NewOrganizationRepository(db)
+	userRepo := repository.NewUserRepository(db)
+
+	// Инициализируем сервисы
+	authService := service.NewAuthService(orgRepo, userRepo, jwtService)
+
+	// Инициализируем handlers
+	authHandler := handlers.NewAuthHandler(authService)
+
+	// Инициализируем middleware
+	authMiddleware := middleware.NewAuthMiddleware(jwtService)
+
 	server := &Server{
-		config: cfg,
-		db:     db,
-		logger: log,
-		router: gin.Default(),
+		config:         cfg,
+		db:             db,
+		logger:         log,
+		router:         gin.Default(),
+		authService:    authService,
+		authHandler:    authHandler,
+		authMiddleware: authMiddleware,
 	}

 	server.setupRoutes()
@@ -40,13 +73,13 @@ func (s *Server) setupRoutes() {
 		// Auth routes
 		auth := api.Group("/auth")
 		{
-			auth.POST("/register", s.register)
-			auth.POST("/login", s.login)
+			auth.POST("/register", s.authHandler.Register)
+			auth.POST("/login", s.authHandler.Login)
 		}

 		// Protected routes
 		protected := api.Group("/")
-		protected.Use(s.authMiddleware())
+		protected.Use(s.authMiddleware.AuthRequired())
 		{
 			// Organizations
 			protected.GET("/organizations/:id", s.getOrganization)
@@ -86,21 +119,6 @@ func (s *Server) healthCheck(c *gin.Context) {
 }

 // Placeholder handlers - will be implemented in next stages
-func (s *Server) register(c *gin.Context) {
-	c.JSON(http.StatusNotImplemented, gin.H{"error": "Not implemented yet"})
-}
-
-func (s *Server) login(c *gin.Context) {
-	c.JSON(http.StatusNotImplemented, gin.H{"error": "Not implemented yet"})
-}
-
-func (s *Server) authMiddleware() gin.HandlerFunc {
-	return func(c *gin.Context) {
-		c.JSON(http.StatusUnauthorized, gin.H{"error": "Auth not implemented yet"})
-		c.Abort()
-	}
-}
-
 func (s *Server) getOrganization(c *gin.Context) {
 	c.JSON(http.StatusNotImplemented, gin.H{"error": "Not implemented yet"})
 }