Add basic authentication

backend/app/handlers/auth.go

@@ -0,0 +1,52 @@
+package handlers
+
+import (
+	"log"
+	"quay/app/repository"
+	"quay/internal/security"
+	"time"
+
+	"github.com/gofiber/fiber/v3"
+)
+
+type AuthHandler struct {
+	Repo repository.UserRepository
+}
+
+func NewAuthHandler(repo repository.UserRepository) *AuthHandler {
+	return &AuthHandler{Repo: repo}
+}
+
+type LoginRequest struct {
+	Name     string `json:"name"`
+	Password string `json:"password"`
+}
+
+type LoginResponse struct {
+	Token string `json:"token"`
+}
+
+func (h *AuthHandler) Login(c fiber.Ctx) error {
+	var req LoginRequest
+	if err := c.Bind().Body(&req); err != nil {
+		return c.Status(fiber.StatusBadRequest).JSON(fiber.Map{"error": "invalid request"})
+	}
+
+	user, err := h.Repo.GetUserByName(req.Name)
+	if err != nil || user == nil {
+		log.Println("login: user lookup failed", err)
+		return c.Status(fiber.StatusUnauthorized).JSON(fiber.Map{"error": "invalid credentials"})
+	}
+
+	if !security.CheckPasswordHash(req.Password, user.HashedPassword) {
+		return c.Status(fiber.StatusUnauthorized).JSON(fiber.Map{"error": "invalid credentials"})
+	}
+
+	token, err := security.GenerateToken(user.ID, user.Role, 24*time.Hour)
+	if err != nil {
+		log.Println("login: token generation failed", err)
+		return c.Status(fiber.StatusInternalServerError).JSON(fiber.Map{"error": "failed to generate token"})
+	}
+
+	return c.JSON(LoginResponse{Token: token})
+}