Security added on delete service and list all node + cleaning some code

backend/main.go

@@ -4,18 +4,67 @@ import (
 	"backend/handlers"
 	"backend/repositories"
 	"database/sql"
+	"fmt"
 	"log"
 	"net/http"
 
+	"github.com/gin-contrib/sessions"
+	"github.com/gin-contrib/sessions/cookie"
+	"github.com/gin-gonic/gin"
 	"github.com/jmoiron/sqlx"
 	_ "github.com/lib/pq"
-
-	"github.com/gorilla/mux"
-	"github.com/rs/cors"
+	"golang.org/x/crypto/bcrypt"
 )
 
+func SeedAdmin(db *sqlx.DB) error {
+	var count int
+	err := db.Get(&count, "SELECT count(*) FROM users WHERE role = 'admin'")
+	if err != nil {
+		return err
+	}
+
+	if count == 0 {
+		hash, _ := bcrypt.GenerateFromPassword([]byte("admin"), bcrypt.DefaultCost)
+
+		_, err = db.Exec(
+			"INSERT INTO users (username, email, password_hash, role) VALUES ($1, $2, $3, $4)",
+			"admin", "admin@localhost", string(hash), "admin",
+		)
+		if err == nil {
+			fmt.Println("✅ Compte admin créé (admin / admin)")
+		}
+		return err
+	}
+	return nil
+}
+
+func AuthRequired(c *gin.Context) {
+	session := sessions.Default(c)
+	userID := session.Get("user_id")
+
+	if userID == nil {
+		c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "Veuillez vous connecter"})
+		return
+	}
+
+	c.Next()
+}
+
 func main() {
 
+	r := gin.Default()
+	store := cookie.NewStore([]byte("ma_cle_secrete_super_secure"))
+
+	store.Options(sessions.Options{
+		Path:     "/",
+		MaxAge:   3600 * 8,
+		HttpOnly: true,
+		Secure:   false,
+		SameSite: http.SameSiteLaxMode,
+	})
+
+	r.Use(sessions.Sessions("session_id", store))
+
 	dsn := "host=db user=admin password=admin dbname=monitoring sslmode=disable"
 
 	db, err := sql.Open("postgres", dsn)
@@ -30,35 +79,34 @@ func main() {
 
 	dbSqlx := sqlx.NewDb(db, "postgres")
 
+	if err := SeedAdmin(dbSqlx); err != nil {
+		log.Printf("Erreur lors du seeding: %v", err)
+	}
 	nodeRepo := &repositories.NodeRepository{DB: dbSqlx}
 
 	nodeHandler := &handlers.NodeHandler{
 		Repo: nodeRepo,
 	}
 
-	router := mux.NewRouter()
+	api := r.Group("/api")
+	{
+		api.POST("/login", nodeHandler.LoginHandler)
 
-	router.HandleFunc("/register", nodeHandler.HandleRegisterNode).Methods("POST")
-	router.HandleFunc("/registerService", nodeHandler.HandleRegisterService).Methods("POST")
-	router.HandleFunc("/updateServiceStatus", nodeHandler.HandleUpdateServiceStatus).Methods("POST")
+		api.POST("/register", nodeHandler.HandleRegisterNode)
+		api.POST("/registerService", nodeHandler.HandleRegisterService)
+		api.POST("/updateServiceStatus", nodeHandler.HandleUpdateServiceStatus)
 
-	router.HandleFunc("/retrieveNodeList", nodeHandler.HandleRetrieveNodeList).Methods("GET")
-	router.HandleFunc("/retrieveNode/{id}", handlers.HandleRetrieveNode).Methods("GET")
-
-	//router.HandleFunc("/updateNode/{id}", nodeHandler.HandleUpdateNode).Methods("POST")
-
-	//router.HandleFunc("/handleAddService/{NodeId}", handleUpdateNode).Methods("POST")
-	router.HandleFunc("/deleteService", nodeHandler.HandleDeleteService).Methods("DELETE")
-
-	c := cors.New(cors.Options{
-		// Remplacez par l'origine exacte de votre frontend
-		AllowedOrigins:   []string{"http://localhost:3000"},
-		AllowedMethods:   []string{"GET", "POST", "PATCH", "DELETE"},
-		AllowCredentials: true,
-	})
-
-	handler := c.Handler(router)
+		protected := api.Group("/")
+		protected.Use(AuthRequired)
+		{
+			protected.DELETE("/deleteService", nodeHandler.HandleDeleteService)
+			protected.GET("/retrieveNodeList", nodeHandler.HandleRetrieveNodeList)
+		}
+	}
 
 	log.Println("Backend running on :8080")
-	log.Fatal(http.ListenAndServe(":8080", handler))
+
+	if err := r.Run(":8080"); err != nil {
+		log.Fatalf("Erreur lors du lancement du serveur: %v", err)
+	}
 }