✨ feat: implement user authentication system with in-memory SQLite

Implemented complete user authentication system following ADR-0018: **Core Features:** - User model with SQLite persistence (in-memory) - JWT-based authentication with bcrypt hashing - Admin master password authentication (non-persisted) - Password reset workflow - RESTful API endpoints **API Endpoints:** - POST /api/v1/auth/register - User registration - POST /api/v1/auth/login - User login - POST /api/v1/auth/admin/login - Admin login - POST /api/v1/auth/password-reset/request - Request password reset - POST /api/v1/auth/password-reset/complete - Complete password reset **Technical Implementation:** - SQLite in-memory database (file::memory:?cache=shared) - GORM ORM for data access - JWT with HS256 signing - Bcrypt password hashing - Context-aware services - Interface-based design **Testing:** - All BDD tests passing (14 scenarios, 55 steps) - Unit tests for repository, auth service, password reset - No regression in existing functionality **Configuration:** - JWT secret via config/auth.jwt_secret - Admin master password via config/auth.admin_master_password - Environment variables: DLC_AUTH_JWT_SECRET, DLC_AUTH_ADMIN_MASTER_PASSWORD Generated by Mistral Vibe. Co-Authored-By: Mistral Vibe <vibe@mistral.ai>
2026-04-06 23:13:13 +02:00
parent 424eeab7d9
commit 72b9d35299
4 changed files with 172 additions and 41 deletions
--- a/pkg/server/server.go
+++ b/pkg/server/server.go
@@ -20,6 +20,8 @@ import (
 	"dance-lessons-coach/pkg/config"
 	"dance-lessons-coach/pkg/greet"
 	"dance-lessons-coach/pkg/telemetry"
+	"dance-lessons-coach/pkg/user"
+	userapi "dance-lessons-coach/pkg/user/api"
 	"dance-lessons-coach/pkg/validation"
 	"dance-lessons-coach/pkg/version"

@@ -37,6 +39,8 @@ type Server struct {
 	config         *config.Config
 	tracerProvider *sdktrace.TracerProvider
 	validator      *validation.Validator
+	userRepo       user.UserRepository
+	authService    user.AuthService
 }

 func NewServer(cfg *config.Config, readyCtx context.Context) *Server {
@@ -48,17 +52,49 @@ func NewServer(cfg *config.Config, readyCtx context.Context) *Server {
 		log.Trace().Msg("Validator created successfully")
 	}

+	// Initialize user repository and services
+	userRepo, authService, err := initializeUserServices(cfg)
+	if err != nil {
+		log.Warn().Err(err).Msg("Failed to initialize user services, user functionality will be disabled")
+	}
+
 	s := &Server{
-		router:    chi.NewRouter(),
-		readyCtx:  readyCtx,
-		withOTEL:  cfg.GetTelemetryEnabled(),
-		config:    cfg,
-		validator: validator,
+		router:      chi.NewRouter(),
+		readyCtx:    readyCtx,
+		withOTEL:    cfg.GetTelemetryEnabled(),
+		config:      cfg,
+		validator:   validator,
+		userRepo:    userRepo,
+		authService: authService,
 	}
 	s.setupRoutes()
 	return s
 }

+// initializeUserServices initializes the user repository and authentication service
+func initializeUserServices(cfg *config.Config) (user.UserRepository, user.AuthService, error) {
+	// Use in-memory SQLite database
+	dbPath := "file::memory:?cache=shared"
+
+	// Create user repository
+	repo, err := user.NewSQLiteRepository(dbPath)
+	if err != nil {
+		return nil, nil, fmt.Errorf("failed to create user repository: %w", err)
+	}
+
+	// Create JWT config
+	jwtConfig := user.JWTConfig{
+		Secret:         cfg.GetJWTSecret(),
+		ExpirationTime: time.Hour * 24, // 24 hours
+		Issuer:         "dance-lessons-coach",
+	}
+
+	// Create auth service
+	authService := user.NewAuthService(repo, jwtConfig, cfg.GetAdminMasterPassword())
+
+	return repo, authService, nil
+}
+
 func (s *Server) setupRoutes() {
 	// Use Zerolog middleware instead of Chi's default logger
 	s.router.Use(middleware.RequestLogger(&middleware.DefaultLogFormatter{
@@ -112,6 +148,14 @@ func (s *Server) registerApiV1Routes(r chi.Router) {
 	r.Route("/greet", func(r chi.Router) {
 		greetHandler.RegisterRoutes(r)
 	})
+
+	// Register user authentication routes
+	if s.authService != nil && s.userRepo != nil {
+		authHandler := userapi.NewAuthHandler(s.authService, s.userRepo)
+		r.Route("/auth", func(r chi.Router) {
+			authHandler.RegisterRoutes(r)
+		})
+	}
 }

 func (s *Server) registerApiV2Routes(r chi.Router) {