Security added on delete service and list all node + cleaning some code

backend/repositories/login_repo.go

@@ -0,0 +1,60 @@
+package repositories
+
+import (
+	"backend/models"
+	"database/sql"
+	"log"
+	"net/http"
+
+	"github.com/gin-contrib/sessions"
+	"github.com/gin-gonic/gin"
+	"golang.org/x/crypto/bcrypt"
+)
+
+func (r *NodeRepository) LoginHandler(c *gin.Context) {
+	var req models.LoginRequest
+	if err := c.ShouldBindJSON(&req); err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "Format invalide"})
+		return
+	}
+
+	log.Println("trying to login")
+
+	var user struct {
+		ID           int    `db:"id"`
+		PasswordHash string `db:"password_hash"`
+		Role         string `db:"role"`
+	}
+
+	log.Printf("trying to login with %v pswd %v", req.Username, req.Password)
+
+	query := "SELECT id, password_hash, role FROM users WHERE username = $1"
+	err := r.DB.Get(&user, query, req.Username)
+
+	if err != nil {
+		if err == sql.ErrNoRows {
+			c.JSON(http.StatusUnauthorized, gin.H{"error": "Identifiants incorrects"})
+			return
+		}
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "Erreur serveur"})
+		return
+	}
+
+	err = bcrypt.CompareHashAndPassword([]byte(user.PasswordHash), []byte(req.Password))
+	if err != nil {
+		c.JSON(http.StatusUnauthorized, gin.H{"error": "Identifiants incorrects"})
+		return
+	} else {
+		session := sessions.Default(c)
+		session.Set("user_id", user.ID)
+		session.Set("role", user.Role)
+
+		if err := session.Save(); err != nil {
+			c.JSON(http.StatusInternalServerError, gin.H{"error": "Impossible de créer la session"})
+			return
+		}
+
+		c.JSON(http.StatusOK, gin.H{"message": "Connexion réussie"})
+		return
+	}
+}

backend/repositories/node_repo.go

@@ -40,7 +40,6 @@ func (r *NodeRepository) UpdateServiceStatus(serviceUpdate models.ServiceUpdateR
 		timestamps = append(timestamps, s.Status.Timestamp)
 	}
 
-	// lib/pq supporte le passage de slices Go vers les types array de Postgres
 	_, err := r.DB.Exec(string(query), pq.Array(serviceIds), pq.Array(statuses), pq.Array(timestamps))
 	return err
 }
@@ -106,9 +105,8 @@ func (r *NodeRepository) RetriveNodeList() (map[string]models.FullNodeInfo, erro
 		log.Printf("new node")
 
 		var node models.FullNodeInfo
-		var servicesData []byte // On récupère le JSON brut ici
+		var servicesData []byte
 
-		// On scanne les colonnes dans l'ordre du SELECT
 		err := rows.Scan(
 			&node.Id,
 			&node.Name,
@@ -122,7 +120,6 @@ func (r *NodeRepository) RetriveNodeList() (map[string]models.FullNodeInfo, erro
 			return nil, err
 		}
 
-		// On décode le JSON des services dans la Map de la structure
 		if err := json.Unmarshal(servicesData, &node.Services); err != nil {
 			return nil, fmt.Errorf("error decoding services for node %d: %v", node.Id, err)
 		}
@@ -146,7 +143,7 @@ func deleteServiceFromNode(node *models.NodeInfo, serviceId int) error {
 		return err
 	}
 
-	req, err := http.NewRequest(http.MethodDelete, apiURL, bytes.NewBuffer(jsonData)) // Le corps (body) est nil pour un DELETE
+	req, err := http.NewRequest(http.MethodDelete, apiURL, bytes.NewBuffer(jsonData))
 	req.Header.Set("Content-Type", "application/json")
 
 	if err != nil {
@@ -154,7 +151,7 @@ func deleteServiceFromNode(node *models.NodeInfo, serviceId int) error {
 	}
 
 	client := http.Client{
-		Timeout: 10 * time.Second, // Définir un timeout
+		Timeout: 10 * time.Second,
 	}
 
 	resp, err := client.Do(req)
@@ -194,7 +191,6 @@ func (r *NodeRepository) DeleteService(node models.NodeInfo, serviceId int) erro
 
 	err = deleteServiceFromNode(&node, serviceId)
 	if err != nil {
-		// 4. LE NODE A ÉCHOUÉ : On annule tout en DB
 		tx.Rollback()
 		return fmt.Errorf("échec sur le node, annulation du changement en base de données : %w", err)
 	}