login is not dependent on form/form.rs and only on canvas now

button sizes
working, split config where functions for each page are defined for this page, if the functions are not general for each page. Huge update, works for tui/functions/form and fui/functions/login. Working, time to move to other things
2025-03-30 17:00:51 +02:00 · 2025-03-30 16:35:38 +02:00 · 2025-03-30 15:46:49 +02:00 · 2025-03-30 15:11:02 +02:00 · 2025-03-30 15:03:12 +02:00 · 2025-03-30 14:24:12 +02:00
68 changed files with 1981 additions and 371 deletions
--- a/.env_template
+++ b/.env_template
@@ -4,3 +4,5 @@ RUST_DB_USER=multi_psql_dev
 RUST_DB_PASSWORD=3
 RUST_DB_HOST=localhost
 RUST_DB_PORT=5432
+
+JWT_SECRET=<YOUR-JWT-HERE>
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -170,9 +170,9 @@ dependencies = [

 [[package]]
 name = "async-trait"
-version = "0.1.87"
+version = "0.1.88"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d556ec1359574147ec0c4fc5eb525f3f23263a592b1a9c07e0a75b427de55c97"
+checksum = "e539d3fca749fcee5236ab05e93a52867dd549cc157c8cb7f99595f3cedffdb5"
 dependencies = [
 "proc-macro2",
 "quote",
@@ -274,6 +274,19 @@ version = "1.6.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "8c3c1a368f70d6cf7302d78f8f7093da241fb8e8807c05cc9e51a125895a6d5b"

+[[package]]
+name = "bcrypt"
+version = "0.17.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "92758ad6077e4c76a6cadbce5005f666df70d4f13b19976b1a8062eef880040f"
+dependencies = [
+ "base64",
+ "blowfish",
+ "getrandom 0.3.1",
+ "subtle",
+ "zeroize",
+]
+
 [[package]]
 name = "bigdecimal"
 version = "0.4.7"
@@ -323,6 +336,16 @@ dependencies = [
 "generic-array",
 ]

+[[package]]
+name = "blowfish"
+version = "0.9.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e412e2cd0f2b2d93e02543ceae7917b3c70331573df19ee046bcbc35e45e87d7"
+dependencies = [
+ "byteorder",
+ "cipher",
+]
+
 [[package]]
 name = "bumpalo"
 version = "3.17.0"
@@ -387,9 +410,20 @@ dependencies = [
 ]

 [[package]]
-name = "client"
-version = "0.1.0"
+name = "cipher"
+version = "0.4.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "773f3b9af64447d2ce9850330c473515014aa235e6a783b02db81ff39e4a3dad"
 dependencies = [
+ "crypto-common",
+ "inout",
+]
+
+[[package]]
+name = "client"
+version = "0.2.5"
+dependencies = [
+ "async-trait",
 "common",
 "crossterm",
 "dirs 6.0.0",
@@ -424,7 +458,7 @@ dependencies = [

 [[package]]
 name = "common"
-version = "0.1.0"
+version = "0.2.5"
 dependencies = [
 "prost",
 "serde",
@@ -782,7 +816,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "33d852cb9b869c2a9b3df2f71a3074817f01e1844f839a144f5fcef059a4eb5d"
 dependencies = [
 "libc",
- "windows-sys 0.52.0",
+ "windows-sys 0.59.0",
 ]

 [[package]]
@@ -991,8 +1025,10 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "c4567c8db10ae91089c99af84c68c38da3ec2f087c3f82960bcdbf3656b6f4d7"
 dependencies = [
 "cfg-if",
+ "js-sys",
 "libc",
 "wasi 0.11.0+wasi-snapshot-preview1",
+ "wasm-bindgen",
 ]

 [[package]]
@@ -1452,6 +1488,15 @@ version = "2.0.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "f4c7245a08504955605670dbf141fceab975f15ca21570696aebe9d2e71576bd"

+[[package]]
+name = "inout"
+version = "0.1.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "879f10e63c20629ecabbb64a8010319738c66a5cd0c29b02d63d272b03751d01"
+dependencies = [
+ "generic-array",
+]
+
 [[package]]
 name = "instability"
 version = "0.3.7"
@@ -1499,6 +1544,21 @@ dependencies = [
 "wasm-bindgen",
 ]

+[[package]]
+name = "jsonwebtoken"
+version = "9.3.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5a87cc7a48537badeae96744432de36f4be2b4a34a05a5ef32e9dd8a1c169dde"
+dependencies = [
+ "base64",
+ "js-sys",
+ "pem",
+ "ring",
+ "serde",
+ "serde_json",
+ "simple_asn1",
+]
+
 [[package]]
 name = "lasso"
 version = "0.7.3"
@@ -1886,6 +1946,16 @@ version = "1.0.15"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "57c0d7b74b563b49d38dae00a0c37d4d6de9b432382b2892f0574ddcae73fd0a"

+[[package]]
+name = "pem"
+version = "3.0.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "38af38e8470ac9dee3ce1bae1af9c1671fffc44ddfd8bd1d0a3445bf349a8ef3"
+dependencies = [
+ "base64",
+ "serde",
+]
+
 [[package]]
 name = "pem-rfc7468"
 version = "0.7.0"
@@ -2030,6 +2100,28 @@ dependencies = [
 "toml_edit",
 ]

+[[package]]
+name = "proc-macro-error-attr2"
+version = "2.0.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "96de42df36bb9bba5542fe9f1a054b8cc87e172759a1868aa05c1f3acc89dfc5"
+dependencies = [
+ "proc-macro2",
+ "quote",
+]
+
+[[package]]
+name = "proc-macro-error2"
+version = "2.0.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "11ec05c52be0a07b08061f7dd003e7d7092e0472bc731b4af7bb1ef876109802"
+dependencies = [
+ "proc-macro-error-attr2",
+ "proc-macro2",
+ "quote",
+ "syn 2.0.99",
+]
+
 [[package]]
 name = "proc-macro2"
 version = "1.0.94"
@@ -2281,6 +2373,20 @@ dependencies = [
 "tstr",
 ]

+[[package]]
+name = "ring"
+version = "0.17.14"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a4689e6c2294d81e88dc6261c768b63bc4fcdb852be6d1352498b114f61383b7"
+dependencies = [
+ "cc",
+ "cfg-if",
+ "getrandom 0.2.15",
+ "libc",
+ "untrusted",
+ "windows-sys 0.52.0",
+]
+
 [[package]]
 name = "rsa"
 version = "0.9.7"
@@ -2356,7 +2462,7 @@ dependencies = [
 "errno",
 "libc",
 "linux-raw-sys 0.4.15",
- "windows-sys 0.52.0",
+ "windows-sys 0.59.0",
 ]

 [[package]]
@@ -2369,7 +2475,7 @@ dependencies = [
 "errno",
 "libc",
 "linux-raw-sys 0.9.2",
- "windows-sys 0.52.0",
+ "windows-sys 0.59.0",
 ]

 [[package]]
@@ -2483,12 +2589,14 @@ dependencies = [

 [[package]]
 name = "server"
-version = "0.1.0"
+version = "0.2.5"
 dependencies = [
+ "bcrypt",
 "chrono",
 "common",
 "dashmap",
 "dotenvy",
+ "jsonwebtoken",
 "lazy_static",
 "prost",
 "regex",
@@ -2504,6 +2612,8 @@ dependencies = [
 "tonic",
 "tonic-reflection",
 "tracing",
+ "uuid",
+ "validator",
 ]

 [[package]]
@@ -2574,6 +2684,18 @@ dependencies = [
 "rand_core 0.6.4",
 ]

+[[package]]
+name = "simple_asn1"
+version = "0.6.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "297f631f50729c8c99b84667867963997ec0b50f32b2a7dbcab828ef0541e8bb"
+dependencies = [
+ "num-bigint",
+ "num-traits",
+ "thiserror 2.0.12",
+ "time",
+]
+
 [[package]]
 name = "sized-chunks"
 version = "0.6.5"
@@ -2678,6 +2800,7 @@ dependencies = [
 "tokio-stream",
 "tracing",
 "url",
+ "uuid",
 ]

 [[package]]
@@ -2760,6 +2883,7 @@ dependencies = [
 "thiserror 2.0.12",
 "time",
 "tracing",
+ "uuid",
 "whoami",
 ]

@@ -2799,6 +2923,7 @@ dependencies = [
 "thiserror 2.0.12",
 "time",
 "tracing",
+ "uuid",
 "whoami",
 ]

@@ -2825,6 +2950,7 @@ dependencies = [
 "time",
 "tracing",
 "url",
+ "uuid",
 ]

 [[package]]
@@ -3029,7 +3155,7 @@ dependencies = [
 "getrandom 0.3.1",
 "once_cell",
 "rustix 1.0.1",
- "windows-sys 0.52.0",
+ "windows-sys 0.59.0",
 ]

 [[package]]
@@ -3450,6 +3576,12 @@ version = "0.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "1fc81956842c57dac11422a97c3b8195a1ff727f06e85c84ed2e8aa277c9a0fd"

+[[package]]
+name = "untrusted"
+version = "0.9.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8ecb6da28b8a351d773b68d5825ac39017e680750f980f3a1a85cd8dd28a47c1"
+
 [[package]]
 name = "url"
 version = "2.5.4"
@@ -3473,6 +3605,46 @@ version = "1.0.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "b6c140620e7ffbb22c2dee59cafe6084a59b5ffc27a8859a5f0d494b5d52b6be"

+[[package]]
+name = "uuid"
+version = "1.16.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "458f7a779bf54acc9f347480ac654f68407d3aab21269a6e3c9f922acd9e2da9"
+dependencies = [
+ "getrandom 0.3.1",
+ "serde",
+]
+
+[[package]]
+name = "validator"
+version = "0.20.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "43fb22e1a008ece370ce08a3e9e4447a910e92621bb49b85d6e48a45397e7cfa"
+dependencies = [
+ "idna",
+ "once_cell",
+ "regex",
+ "serde",
+ "serde_derive",
+ "serde_json",
+ "url",
+ "validator_derive",
+]
+
+[[package]]
+name = "validator_derive"
+version = "0.20.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b7df16e474ef958526d1205f6dda359fdfab79d9aa6d54bafcb92dcd07673dca"
+dependencies = [
+ "darling",
+ "once_cell",
+ "proc-macro-error2",
+ "proc-macro2",
+ "quote",
+ "syn 2.0.99",
+]
+
 [[package]]
 name = "vcpkg"
 version = "0.2.15"
@@ -3623,7 +3795,7 @@ version = "0.1.9"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "cf221c93e13a30d793f7645a0e7762c55d169dbb0a49671918a2319d289b10bb"
 dependencies = [
- "windows-sys 0.52.0",
+ "windows-sys 0.59.0",
 ]

 [[package]]
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -5,7 +5,7 @@ resolver = "2"
 [workspace.package]
 # TODO: idk how to do the name, fix later
 # name = "Multieko2"
-version = "0.1.0"
+version = "0.2.5"
 edition = "2021"
 license = "GPL-3.0-or-later"
 authors = ["Filip Priečinský <filippriec@gmail.com>"]
--- a/client/Cargo.toml
+++ b/client/Cargo.toml
@@ -5,6 +5,7 @@ edition.workspace = true
 license.workspace = true

 [dependencies]
+async-trait = "0.1.88"
 common = { path = "../common" }

 crossterm = "0.28.1"
--- a/client/src/components/auth.rs
+++ b/client/src/components/auth.rs
@@ -0,0 +1,5 @@
+// src/components/form.rs
+pub mod login;
+pub mod register;
+
+pub use login::*;
--- a/client/src/components/auth/login.rs
+++ b/client/src/components/auth/login.rs
@@ -0,0 +1,173 @@
+// src/components/auth/login.rs
+use crate::{
+    config::colors::themes::Theme,
+    state::pages::auth::AuthState,
+};
+use ratatui::{
+    layout::{Alignment, Constraint, Direction, Layout, Rect, Margin},
+    style::{Color, Style, Modifier},
+    widgets::{Block, BorderType, Borders, Paragraph},
+    Frame,
+    text::{Line, Span},
+};
+
+pub fn render_login(
+    f: &mut Frame,
+    area: Rect,
+    theme: &Theme,
+    state: &AuthState,
+) {
+    // Main container
+    let block = Block::default()
+        .borders(Borders::ALL)
+        .border_type(BorderType::Plain)
+        .border_style(Style::default().fg(theme.border))
+        .title(" Login ")
+        .style(Style::default().bg(theme.bg));
+
+    f.render_widget(block, area);
+
+    let inner_area = area.inner(Margin {
+        horizontal: 1,
+        vertical: 1,
+    });
+
+    // Layout chunks
+    let chunks = Layout::default()
+        .direction(Direction::Vertical)
+        .constraints([
+            Constraint::Length(4),  // Form (2 fields + padding)
+            Constraint::Length(1),  // Error message
+            Constraint::Length(3),  // Buttons
+        ])
+        .split(inner_area);
+
+    // --- FORM RENDERING ---
+    let fields = &["Username/Email", "Password"];
+    let inputs = &[&state.username, &state.password];
+    let current_field = state.current_field;
+
+    // Create input container (store the inner area before rendering)
+    let input_block = Block::default()
+        .borders(Borders::ALL)
+        .border_style(if !state.return_selected {
+            Style::default().fg(theme.accent)
+        } else {
+            Style::default().fg(theme.border)
+        })
+        .style(Style::default().bg(theme.bg));
+
+    // Calculate inner area before consuming input_block
+    let input_area = input_block.inner(chunks[0]);
+    
+    // Now render the widget
+    f.render_widget(input_block, chunks[0]);
+
+    let input_layout = Layout::default()
+        .direction(Direction::Horizontal)
+        .constraints([Constraint::Percentage(30), Constraint::Percentage(70)])
+        .split(input_area);
+
+    // Render field labels
+    for (i, field) in fields.iter().enumerate() {
+        f.render_widget(
+            Paragraph::new(Line::from(Span::styled(
+                format!("{}:", field),
+                Style::default().fg(theme.fg),
+            ))),
+            Rect {
+                x: input_layout[0].x,
+                y: input_layout[0].y + i as u16,
+                width: input_layout[0].width,
+                height: 1,
+            },
+        );
+    }
+
+    // Render input fields
+    let input_rows = Layout::default()
+        .direction(Direction::Vertical)
+        .constraints(vec![Constraint::Length(1); fields.len()])
+        .split(input_layout[1]);
+
+    for (i, input) in inputs.iter().enumerate() {
+        let is_active = i == current_field;
+        let mut style = Style::default().fg(theme.fg);
+        if is_active {
+            style = style.fg(theme.highlight);
+        }
+
+        f.render_widget(
+            Paragraph::new(input.as_str()).style(style),
+            input_rows[i],
+        );
+
+        // Set cursor position if active
+        if is_active {
+            f.set_cursor_position((
+                input_rows[i].x + state.current_cursor_pos as u16,
+                input_rows[i].y,
+            ));
+        }
+    }
+
+    // --- BUTTONS ---
+    let button_chunks = Layout::default()
+        .direction(Direction::Horizontal)
+        .constraints([Constraint::Percentage(50), Constraint::Percentage(50)])
+        .split(chunks[2]);
+
+    // Login Button
+    let login_active = !state.return_selected;
+    let mut login_style = Style::default().fg(theme.fg);
+    let mut login_border = Style::default().fg(theme.border);
+    if login_active {
+        login_style = login_style.fg(theme.highlight).add_modifier(Modifier::BOLD);
+        login_border = login_border.fg(theme.accent);
+    }
+
+    f.render_widget(
+        Paragraph::new("Login")
+            .style(login_style)
+            .alignment(Alignment::Center)
+            .block(
+                Block::default()
+                    .borders(Borders::ALL)
+                    .border_type(BorderType::Plain)
+                    .border_style(login_border),
+            ),
+        button_chunks[0],
+    );
+
+    // Return Button
+    let return_active = state.return_selected;
+    let mut return_style = Style::default().fg(theme.fg);
+    let mut return_border = Style::default().fg(theme.border);
+    if return_active {
+        return_style = return_style.fg(theme.highlight).add_modifier(Modifier::BOLD);
+        return_border = return_border.fg(theme.accent);
+    }
+
+    f.render_widget(
+        Paragraph::new("Return")
+            .style(return_style)
+            .alignment(Alignment::Center)
+            .block(
+                Block::default()
+                    .borders(Borders::ALL)
+                    .border_type(BorderType::Plain)
+                    .border_style(return_border),
+            ),
+        button_chunks[1],
+    );
+
+    // Error message
+    if let Some(err) = &state.error_message {
+        f.render_widget(
+            Paragraph::new(err.as_str())
+                .style(Style::default().fg(Color::Red))
+                .alignment(Alignment::Center),
+            chunks[1],
+        );
+    }
+}
--- a/client/src/components/auth/register.rs
+++ b/client/src/components/auth/register.rs
--- a/client/src/components/form.rs
+++ b/client/src/components/form.rs
@@ -0,0 +1,4 @@
+// src/components/form.rs
+pub mod form;
+
+pub use form::*;
--- a/client/src/components/handlers/form.rs
+++ b/client/src/components/handlers/form.rs
@@ -1,4 +1,4 @@
-// src/components/handlers/form.rs
+// src/components/form/form.rs
 use ratatui::{
    widgets::{Paragraph, Block, Borders},
    layout::{Layout, Constraint, Direction, Rect, Margin, Alignment},
@@ -6,13 +6,14 @@ use ratatui::{
    Frame,
 };
 use crate::config::colors::themes::Theme;
-use crate::ui::form::FormState;
-use super::canvas::render_canvas;  // Changed to canvas
+use crate::state::canvas_state::CanvasState;
+use crate::components::handlers::canvas::render_canvas;

+// Original form renderer (keep for backward compatibility)
 pub fn render_form(
    f: &mut Frame,
    area: Rect,
-    form_state: &FormState,
+    form_state: &impl CanvasState,
    fields: &[&str],
    current_field: &usize,
    inputs: &[&String],
--- a/client/src/components/handlers.rs
+++ b/client/src/components/handlers.rs
@@ -1,8 +1,6 @@
 // src/components/handlers.rs
-pub mod form;
 pub mod canvas;
 pub mod sidebar;

-pub use form::*;
 pub use canvas::*;
 pub use sidebar::*;
--- a/client/src/components/handlers/canvas.rs
+++ b/client/src/components/handlers/canvas.rs
@@ -8,12 +8,12 @@ use ratatui::{
    prelude::Alignment,
 };
 use crate::config::colors::themes::Theme;
-use crate::ui::form::FormState;
+use crate::state::canvas_state::CanvasState;

 pub fn render_canvas(
    f: &mut Frame,
    area: Rect,
-    form_state: &FormState,
+    form_state: &impl CanvasState,
    fields: &[&str],
    current_field: &usize,
    inputs: &[&String],
@@ -30,7 +30,7 @@ pub fn render_canvas(
    let input_container = Block::default()
        .borders(Borders::ALL)
        .border_style(if is_edit_mode {
-            form_state.has_unsaved_changes.then(|| theme.warning).unwrap_or(theme.accent)
+            form_state.has_unsaved_changes().then(|| theme.warning).unwrap_or(theme.accent)
        } else {
            theme.secondary
        })
@@ -81,7 +81,7 @@ pub fn render_canvas(
        f.render_widget(input_display, input_rows[i]);

        if is_active {
-            let cursor_x = input_rows[i].x + form_state.current_cursor_pos as u16;
+            let cursor_x = input_rows[i].x + form_state.current_cursor_pos() as u16;
            let cursor_y = input_rows[i].y;
            f.set_cursor_position((cursor_x, cursor_y));
        }
--- a/client/src/components/handlers/sidebar.rs
+++ b/client/src/components/handlers/sidebar.rs
@@ -9,7 +9,8 @@ use crate::config::colors::themes::Theme;
 use common::proto::multieko2::table_definition::{ProfileTreeResponse};
 use ratatui::text::{Span, Line};

-const SIDEBAR_WIDTH: u16 = 16;
+// Reduced sidebar width
+const SIDEBAR_WIDTH: u16 = 12;

 pub fn calculate_sidebar_layout(show_sidebar: bool, main_content_area: Rect) -> (Option<Rect>, Rect) {
    if show_sidebar {
@@ -37,46 +38,72 @@ pub fn render_sidebar(
    let mut items = Vec::new();

    if let Some(profile_name) = selected_profile {
-        if let Some(profile) = profile_tree.profiles.iter()
-            .find(|p| &p.name == profile_name)
-        {
-            // Profile header
+        // Existing code for when a profile is selected...
+    } else {
+        // Show full profile tree when no profile is selected (compact version)
+        for (profile_idx, profile) in profile_tree.profiles.iter().enumerate() {
+            // Profile header - more compact
            items.push(ListItem::new(Line::from(vec![
-                Span::styled("📁 ", Style::default().fg(theme.accent)),
+                Span::styled("◆", Style::default().fg(theme.accent)),
                Span::styled(&profile.name, Style::default().fg(theme.highlight)),
            ])));

-            // Tables
+            // Tables with compact prefixes
            for (table_idx, table) in profile.tables.iter().enumerate() {
-                let is_last = table_idx == profile.tables.len() - 1;
-                let prefix = if is_last { "└─ " } else { "├─ " };
+                let is_last_table = table_idx == profile.tables.len() - 1;
+                let is_last_profile = profile_idx == profile_tree.profiles.len() - 1;
+
+                // Shorter prefix characters
+                let prefix = match (is_last_profile, is_last_table) {
+                    (true, true) => " └",
+                    (true, false) => " ├",
+                    (false, true) => "│└",
+                    (false, false) => "│├",
+                };
+
+                // Get table name without year prefix to save space
+                let display_name = if table.name.starts_with("2025_") {
+                    &table.name[5..] // Skip "2025_" prefix
+                } else {
+                    &table.name
+                };

                let mut line = vec![
-                    Span::styled(format!("  {}", prefix), Style::default().fg(theme.fg)),
-                    Span::styled(&table.name, Style::default().fg(theme.fg)),
+                    Span::styled(prefix, Style::default().fg(theme.fg)),
+                    Span::styled(display_name, Style::default().fg(theme.fg)),
                ];

+                // Show a simple indicator for dependencies instead of listing them
                if !table.depends_on.is_empty() {
                    line.push(Span::styled(
-                        format!(" → {}", table.depends_on.join(", ")),
+                        "→",
                        Style::default().fg(theme.secondary)
                    ));
                }

                items.push(ListItem::new(Line::from(line)));
            }
+
+            // Compact separator between profiles
+            if profile_idx < profile_tree.profiles.len() - 1 {
+                items.push(ListItem::new(Line::from(
+                    Span::styled("│", Style::default().fg(theme.secondary))
+                )));
+            }
+        }
+
+        if profile_tree.profiles.is_empty() {
+            items.push(ListItem::new(Span::styled(
+                "No profiles",
+                Style::default().fg(theme.secondary)
+            )));
        }
-    } else {
-        items.push(ListItem::new(Span::styled(
-            "No profile selected",
-            Style::default().fg(theme.secondary)
-        )));
    }

    let list = List::new(items)
        .block(sidebar_block)
        .highlight_style(Style::default().fg(theme.highlight))
-        .highlight_symbol(">>");
+        .highlight_symbol(">");

    f.render_widget(list, area);
 }
--- a/client/src/components/intro/intro.rs
+++ b/client/src/components/intro/intro.rs
@@ -1,4 +1,4 @@
-// src/components/handlers/intro.rs
+// src/components/intro/intro.rs
 use ratatui::{
    layout::{Alignment, Constraint, Direction, Layout, Rect},
    style::Style,
@@ -32,9 +32,9 @@ impl IntroState {
        let chunks = Layout::default()
            .direction(Direction::Vertical)
            .constraints([
-                Constraint::Percentage(35),
-                Constraint::Length(5),
-                Constraint::Percentage(35),
+                Constraint::Percentage(40),
+                Constraint::Length(5), // Increased to accommodate 3 buttons
+                Constraint::Percentage(40),
            ])
            .split(inner_area);

@@ -48,10 +48,14 @@ impl IntroState {
            .alignment(Alignment::Center);
        f.render_widget(title_para, chunks[1]);

-        // Buttons
+        // Buttons - now with 3 options
        let button_area = Layout::default()
            .direction(Direction::Horizontal)
-            .constraints([Constraint::Percentage(50), Constraint::Percentage(50)])
+            .constraints([
+                Constraint::Percentage(33),
+                Constraint::Percentage(33),
+                Constraint::Percentage(33),
+            ])
            .split(chunks[1].inner(Margin {
                horizontal: 1,
                vertical: 1
@@ -71,6 +75,13 @@ impl IntroState {
            self.selected_option == 1,
            theme,
        );
+        self.render_button(
+            f,
+            button_area[2],
+            "Login",
+            self.selected_option == 2,
+            theme,
+        );
    }

    fn render_button(&self, f: &mut Frame, area: Rect, text: &str, selected: bool, theme: &Theme) {
@@ -100,11 +111,11 @@ impl IntroState {
        f.render_widget(button, area);
    }

-    pub fn next_option(&mut self) {
-        self.selected_option = (self.selected_option + 1) % 2;
+ pub fn next_option(&mut self) {
+        self.selected_option = (self.selected_option + 1) % 3;
    }

    pub fn previous_option(&mut self) {
-        self.selected_option = if self.selected_option == 0 { 1 } else { 0 };
+        self.selected_option = if self.selected_option == 0 { 2 } else { self.selected_option - 1 };
    }
 }
--- a/client/src/components/mod.rs
+++ b/client/src/components/mod.rs
@@ -3,8 +3,12 @@ pub mod handlers;
 pub mod intro;
 pub mod admin;
 pub mod common;
+pub mod form;
+pub mod auth;

 pub use handlers::*;
 pub use intro::*;
 pub use admin::*;
 pub use common::*;
+pub use form::*;
+pub use auth::*;
--- a/client/src/modes/canvas/common.rs
+++ b/client/src/modes/canvas/common.rs
@@ -1,11 +1,9 @@
 // src/modes/canvas/common.rs

-use crossterm::event::{KeyEvent};
 use crate::config::binds::config::Config;
 use crate::tui::terminal::grpc_client::GrpcClient;
 use crate::tui::terminal::core::TerminalCore;
-use crate::tui::terminal::commands::CommandHandler;
-use crate::ui::handlers::form::FormState;
+use crate::state::pages::form::FormState;
 use crate::state::state::AppState;
 use common::proto::multieko2::adresar::{PostAdresarRequest, PutAdresarRequest};

@@ -14,7 +12,6 @@ pub async fn handle_core_action(
    action: &str,
    form_state: &mut FormState,
    grpc_client: &mut GrpcClient,
-    command_handler: &mut CommandHandler,
    terminal: &mut TerminalCore,
    app_state: &mut AppState,
    current_position: &mut u64,
@@ -32,12 +29,19 @@ pub async fn handle_core_action(
            Ok((false, message))
        },
        "force_quit" => {
-            let (should_exit, message) = command_handler.handle_command("force_quit", terminal).await?;
-            Ok((should_exit, message))
+            terminal.cleanup()?;
+            Ok((true, "Force exiting without saving.".to_string()))
        },
        "save_and_quit" => {
-            let (should_exit, message) = command_handler.handle_command("save_and_quit", terminal).await?;
-            Ok((should_exit, message))
+            let message = save(
+                form_state,
+                grpc_client,
+                &mut app_state.ui.is_saved,
+                current_position,
+                total_count,
+            ).await?;
+            terminal.cleanup()?;
+            Ok((true, format!("{}. Exiting application.", message)))
        },
        "revert" => {
            let message = revert(
@@ -132,64 +136,6 @@ pub async fn save(
    Ok(message)
 }

-/// Shared logic for force quitting the application
-pub fn force_quit() -> (bool, String) {
-    (true, "Force quitting application".to_string())
-}
-
-/// Shared logic for saving and quitting
-pub async fn save_and_quit(
-    form_state: &mut FormState,
-    grpc_client: &mut GrpcClient,
-    current_position: &mut u64,
-    total_count: u64,
-) -> Result<(bool, String), Box<dyn std::error::Error>> {
-    let is_new = *current_position == total_count + 1;
-
-    if is_new {
-        let post_request = PostAdresarRequest {
-            firma: form_state.values[0].clone(),
-            kz: form_state.values[1].clone(),
-            drc: form_state.values[2].clone(),
-            ulica: form_state.values[3].clone(),
-            psc: form_state.values[4].clone(),
-            mesto: form_state.values[5].clone(),
-            stat: form_state.values[6].clone(),
-            banka: form_state.values[7].clone(),
-            ucet: form_state.values[8].clone(),
-            skladm: form_state.values[9].clone(),
-            ico: form_state.values[10].clone(),
-            kontakt: form_state.values[11].clone(),
-            telefon: form_state.values[12].clone(),
-            skladu: form_state.values[13].clone(),
-            fax: form_state.values[14].clone(),
-        };
-        let _ = grpc_client.post_adresar(post_request).await?;
-    } else {
-        let put_request = PutAdresarRequest {
-            id: form_state.id,
-            firma: form_state.values[0].clone(),
-            kz: form_state.values[1].clone(),
-            drc: form_state.values[2].clone(),
-            ulica: form_state.values[3].clone(),
-            psc: form_state.values[4].clone(),
-            mesto: form_state.values[5].clone(),
-            stat: form_state.values[6].clone(),
-            banka: form_state.values[7].clone(),
-            ucet: form_state.values[8].clone(),
-            skladm: form_state.values[9].clone(),
-            ico: form_state.values[10].clone(),
-            kontakt: form_state.values[11].clone(),
-            telefon: form_state.values[12].clone(),
-            skladu: form_state.values[13].clone(),
-            fax: form_state.values[14].clone(),
-        };
-        let _ = grpc_client.put_adresar(put_request).await?;
-    }
-
-    Ok((true, "Saved and exiting application".to_string()))
-}
-
 /// Discard changes since last save
 pub async fn revert(
    form_state: &mut FormState,
--- a/client/src/modes/canvas/edit.rs
+++ b/client/src/modes/canvas/edit.rs
@@ -6,7 +6,7 @@ use crate::tui::terminal::{
    grpc_client::GrpcClient,
 };
 use crate::config::binds::config::Config;
-use crate::ui::handlers::form::FormState;
+use crate::state::pages::form::FormState;
 use crate::modes::canvas::common;

 pub async fn handle_edit_event_internal(
--- a/client/src/modes/canvas/read_only.rs
+++ b/client/src/modes/canvas/read_only.rs
@@ -1,8 +1,10 @@
-// src/modes/handlers/read_only.rs
+        
+// src/modes/canvas/read_only.rs

 use crossterm::event::{KeyEvent};
 use crate::config::binds::config::Config;
-use crate::ui::handlers::form::FormState;
+use crate::state::pages::form::FormState;
+use crate::state::pages::auth::AuthState;
 use crate::config::binds::key_sequences::KeySequenceTracker;
 use crate::tui::terminal::grpc_client::GrpcClient;

@@ -14,9 +16,11 @@ enum CharType {
 }

 pub async fn handle_read_only_event(
+    app_state: &crate::state::state::AppState,
    key: KeyEvent,
    config: &Config,
    form_state: &mut FormState,
+    auth_state: &mut AuthState,
    key_sequence_tracker: &mut KeySequenceTracker,
    current_position: &mut u64,
    total_count: u64,
@@ -50,16 +54,34 @@ pub async fn handle_read_only_event(

        // Try to match the current sequence against Read-Only mode bindings
        if let Some(action) = config.matches_key_sequence_generalized(&sequence) {
-            let result = execute_action(
-                action,
-                form_state,
-                ideal_cursor_column,
-                key_sequence_tracker,
-                command_message,
-                current_position,
-                total_count,
-                grpc_client,
-            ).await?;
+            let result = if (action == "previous_entry" || action == "next_entry" || 
+                action == "move_up" || action == "move_down") && app_state.ui.show_form {
+                crate::tui::functions::form::handle_action(
+                    action,
+                    form_state,
+                    grpc_client,
+                    current_position,
+                    total_count,
+                    ideal_cursor_column,
+                ).await?
+            } else if (action == "move_up" || action == "move_down") && app_state.ui.show_login {
+                crate::tui::functions::login::handle_action(
+                    action,
+                    auth_state,
+                    ideal_cursor_column,
+                ).await?
+            } else {
+                execute_action(
+                    action,
+                    form_state,
+                    ideal_cursor_column,
+                    key_sequence_tracker,
+                    command_message,
+                    current_position,
+                    total_count,
+                    grpc_client,
+                ).await?
+            };
            key_sequence_tracker.reset();
            return Ok((false, result));
        }
@@ -72,16 +94,27 @@ pub async fn handle_read_only_event(
        // Since it's not part of a multi-key sequence, check for a direct action
        if sequence.len() == 1 && !config.is_key_sequence_prefix(&sequence) {
            if let Some(action) = config.get_read_only_action_for_key(key.code, key.modifiers) {
-                let result = execute_action(
-                    action,
-                    form_state,
-                    ideal_cursor_column,
-                    key_sequence_tracker,
-                    command_message,
-                    current_position,
-                    total_count,
-                    grpc_client,
-                ).await?;
+                let result = if action == "previous_entry" && app_state.ui.show_form {
+                    crate::tui::functions::form::handle_action(
+                        action,
+                        form_state,
+                        grpc_client,
+                        current_position,
+                        total_count,
+                        ideal_cursor_column,
+                    ).await?
+                } else {
+                    execute_action(
+                        action,
+                        form_state,
+                        ideal_cursor_column,
+                        key_sequence_tracker,
+                        command_message,
+                        current_position,
+                        total_count,
+                        grpc_client,
+                    ).await?
+                };
                key_sequence_tracker.reset();
                return Ok((false, result));
            }
@@ -91,16 +124,27 @@ pub async fn handle_read_only_event(
        key_sequence_tracker.reset();

        if let Some(action) = config.get_read_only_action_for_key(key.code, key.modifiers) {
-            let result = execute_action(
-                action,
-                form_state,
-                ideal_cursor_column,
-                key_sequence_tracker,
-                command_message,
-                current_position,
-                total_count,
-                grpc_client,
-            ).await?;
+            let result = if action == "previous_entry" && app_state.ui.show_form {
+                crate::tui::functions::form::handle_action(
+                    action,
+                    form_state,
+                    grpc_client,
+                    current_position,
+                    total_count,
+                    ideal_cursor_column,
+                ).await?
+            } else {
+                execute_action(
+                    action,
+                    form_state,
+                    ideal_cursor_column,
+                    key_sequence_tracker,
+                    command_message,
+                    current_position,
+                    total_count,
+                    grpc_client,
+                ).await?
+            };
            return Ok((false, result));
        }
    }
@@ -128,72 +172,20 @@ async fn execute_action(
    grpc_client: &mut GrpcClient,
 ) -> Result<String, Box<dyn std::error::Error>> {
    match action {
-        "previous_entry" => {
-            let new_position = current_position.saturating_sub(1);
-            if new_position >= 1 {
-                *current_position = new_position;
-                match grpc_client.get_adresar_by_position(*current_position).await {
-                    Ok(response) => {
-                        form_state.id = response.id;
-                        form_state.values = vec![
-                            response.firma, response.kz, response.drc,
-                            response.ulica, response.psc, response.mesto,
-                            response.stat, response.banka, response.ucet,
-                            response.skladm, response.ico, response.kontakt,
-                            response.telefon, response.skladu, response.fax,
-                        ];
-                        let current_input = form_state.get_current_input();
-                        let max_cursor_pos = if !current_input.is_empty() {
-                            current_input.len() - 1
-                        } else { 0 };
-                        form_state.current_cursor_pos = std::cmp::min(*ideal_cursor_column, max_cursor_pos);
-                        form_state.has_unsaved_changes = false;
-                        *command_message = format!("Loaded entry {}", *current_position);
-                    }
-                    Err(e) => {
-                        *command_message = format!("Error loading entry: {}", e);
-                    }
-                }
-                key_sequence_tracker.reset();
-            }
-            Ok(command_message.clone())
+        "previous_entry" | "next_entry" => {
+            // This will only be called when no component is active
+            key_sequence_tracker.reset();
+            Ok(format!("Navigation prev/next only available in form mode"))
        }
-        "next_entry" => {
-            if *current_position <= total_count {
-                *current_position += 1;
-                if *current_position <= total_count {
-                    match grpc_client.get_adresar_by_position(*current_position).await {
-                        Ok(response) => {
-                            form_state.id = response.id;
-                            form_state.values = vec![
-                                response.firma, response.kz, response.drc,
-                                response.ulica, response.psc, response.mesto,
-                                response.stat, response.banka, response.ucet,
-                                response.skladm, response.ico, response.kontakt,
-                                response.telefon, response.skladu, response.fax,
-                            ];
-                            let current_input = form_state.get_current_input();
-                            let max_cursor_pos = if !current_input.is_empty() {
-                                current_input.len() - 1
-                            } else { 0 };
-                            form_state.current_cursor_pos = std::cmp::min(*ideal_cursor_column, max_cursor_pos);
-                            form_state.has_unsaved_changes = false;
-                            *command_message = format!("Loaded entry {}", *current_position);
-                        }
-                        Err(e) => {
-                            *command_message = format!("Error loading entry: {}", e);
-                        }
-                    }
-                } else {
-                    form_state.reset_to_empty();
-                    form_state.current_field = 0;
-                    form_state.current_cursor_pos = 0;
-                    *ideal_cursor_column = 0;
-                    *command_message = "New entry mode".to_string();
-                }
-                key_sequence_tracker.reset();
-            }
-            Ok(command_message.clone())
+        "move_up" | "move_down" => {
+            // This will only be called when no component is active
+            key_sequence_tracker.reset();
+            Ok(format!("Navigation up/down only available in form mode"))
+        }
+        "exit_edit_mode" => {
+            key_sequence_tracker.reset();
+            command_message.clear();
+            Ok("".to_string())
        }
        "exit_edit_mode" => {
            key_sequence_tracker.reset();
@@ -215,38 +207,6 @@ async fn execute_action(
            }
            Ok("".to_string())
        }
-        "move_up" => {
-            // Change field first
-            if form_state.current_field == 0 {
-                form_state.current_field = form_state.fields.len() - 1;
-            } else {
-                form_state.current_field = form_state.current_field.saturating_sub(1);
-            }
-
-            // Get current input AFTER changing field
-            let current_input = form_state.get_current_input();
-            let max_cursor_pos = if !current_input.is_empty() {
-                current_input.len() - 1
-            } else {
-                0
-            };
-            form_state.current_cursor_pos = (*ideal_cursor_column).min(max_cursor_pos);
-            Ok("".to_string())
-        }
-        "move_down" => {
-            // Change field first
-            form_state.current_field = (form_state.current_field + 1) % form_state.fields.len();
-
-            // Get current input AFTER changing field
-            let current_input = form_state.get_current_input();
-            let max_cursor_pos = if !current_input.is_empty() {
-                current_input.len() - 1
-            } else {
-                0
-            };
-            form_state.current_cursor_pos = (*ideal_cursor_column).min(max_cursor_pos);
-            Ok("".to_string())
-        }
        "move_word_next" => {
            let current_input = form_state.get_current_input();
            if !current_input.is_empty() {
--- a/client/src/modes/common/command_mode.rs
+++ b/client/src/modes/common/command_mode.rs
@@ -3,7 +3,9 @@
 use crossterm::event::{KeyEvent, KeyCode, KeyModifiers};
 use crate::tui::terminal::grpc_client::GrpcClient;
 use crate::config::binds::config::Config;
-use crate::ui::handlers::form::FormState;
+use crate::state::pages::form::FormState;
+use crate::tui::controls::commands::CommandHandler;
+use crate::tui::terminal::core::TerminalCore;
 use crate::modes::{
    canvas::{common},
 };
@@ -15,7 +17,8 @@ pub async fn handle_command_event(
    command_input: &mut String,
    command_message: &mut String,
    grpc_client: &mut GrpcClient,
-    is_saved: &mut bool,
+    command_handler: &mut CommandHandler,
+    terminal: &mut TerminalCore,
    current_position: &mut u64,
    total_count: u64,
 ) -> Result<(bool, String, bool), Box<dyn std::error::Error>> {
@@ -37,7 +40,8 @@ pub async fn handle_command_event(
            command_input,
            command_message,
            grpc_client,
-            is_saved,
+            command_handler,
+            terminal,
            current_position,
            total_count,
        ).await;
@@ -68,7 +72,8 @@ async fn process_command(
    command_input: &mut String,
    command_message: &mut String,
    grpc_client: &mut GrpcClient,
-    is_saved: &mut bool,
+    command_handler: &mut CommandHandler,
+    terminal: &mut TerminalCore,
    current_position: &mut u64,
    total_count: u64,
 ) -> Result<(bool, String, bool), Box<dyn std::error::Error>> {
@@ -84,32 +89,24 @@ async fn process_command(
        .unwrap_or("unknown");

    match action {
+        "force_quit" | "save_and_quit" | "quit" => {
+            let (should_exit, message) = command_handler
+                .handle_command(action, terminal)
+                .await?;
+            command_input.clear();
+            Ok((should_exit, message, true))
+        },
        "save" => {
            let message = common::save(
                form_state,
                grpc_client,
-                is_saved,
+                &mut command_handler.is_saved,
                current_position,
                total_count,
            ).await?;
            command_input.clear();
            return Ok((false, message, true));
        },
-        "force_quit" => {
-            let (should_exit, message) = common::force_quit();
-            command_input.clear();
-            return Ok((should_exit, message, true));
-        },
-        "save_and_quit" => {
-            let (should_exit, message) = common::save_and_quit(
-                form_state,
-                grpc_client,
-                current_position,
-                total_count,
-            ).await?;
-            command_input.clear();
-            return Ok((should_exit, message, true));
-        },
        "revert" => {
            let message = common::revert(
                form_state,
--- a/client/src/modes/general/navigation.rs
+++ b/client/src/modes/general/navigation.rs
@@ -3,7 +3,8 @@
 use crossterm::event::KeyEvent;
 use crate::config::binds::config::Config;
 use crate::state::state::AppState;
-use crate::ui::handlers::form::FormState;
+use crate::state::pages::form::FormState;
+use crate::tui::functions::{intro, admin};

 pub async fn handle_navigation_event(
    key: KeyEvent,
@@ -21,16 +22,11 @@ pub async fn handle_navigation_event(
                return Ok((false, String::new()));
            }
            "move_down" => {
-                let item_count = if app_state.ui.show_intro {
-                    2 // Intro options count
-                } else {
-                    app_state.profile_tree.profiles.len() // Admin panel items
-                };
-                move_down(app_state, item_count);
+                move_down(app_state);
                return Ok((false, String::new()));
            }
            "next_option" => {
-                next_option(app_state, 2); // Intro has 2 options
+                next_option(app_state); // Intro has 2 options
                return Ok((false, String::new()));
            }
            "previous_option" => {
@@ -84,7 +80,7 @@ pub fn move_up(app_state: &mut AppState) {
    }
 }

-pub fn move_down(app_state: &mut AppState, item_count: usize) {
+pub fn move_down(app_state: &mut AppState) {
    if app_state.ui.show_intro {
        app_state.ui.intro_state.next_option();
    } else if app_state.ui.show_admin {
@@ -98,11 +94,12 @@ pub fn move_down(app_state: &mut AppState, item_count: usize) {
    }
 }

-pub fn next_option(app_state: &mut AppState, option_count: usize) {
+pub fn next_option(app_state: &mut AppState) {  // Remove option_count parameter
    if app_state.ui.show_intro {
        app_state.ui.intro_state.next_option();
    } else {
-        // For other screens that might have options
+        // Get option count from state instead of parameter
+        let option_count = app_state.profile_tree.profiles.len();
        app_state.general.current_option = (app_state.general.current_option + 1) % option_count;
    }
 }
@@ -111,36 +108,20 @@ pub fn previous_option(app_state: &mut AppState) {
    if app_state.ui.show_intro {
        app_state.ui.intro_state.previous_option();
    } else {
-        // For other screens that might have options
-        if app_state.general.current_option == 0 {
-            // We'd need the option count here, but since it's not passed we can't wrap around correctly
-            // For now, just stay at 0
+        let option_count = app_state.profile_tree.profiles.len();
+        app_state.general.current_option = if app_state.general.current_option == 0 {
+            option_count.saturating_sub(1)  // Wrap to last option
        } else {
-            app_state.general.current_option -= 1;
-        }
+            app_state.general.current_option - 1
+        };
    }
 }

 pub fn select(app_state: &mut AppState) {
    if app_state.ui.show_intro {
-        // Handle selection in intro screen
-        if app_state.ui.intro_state.selected_option == 0 {
-            // First option selected - show form
-            app_state.ui.show_form = true;
-            app_state.ui.show_admin = false;
-        } else {
-            // Second option selected - show admin
-            app_state.ui.show_form = false;
-            app_state.ui.show_admin = true;
-        }
-        app_state.ui.show_intro = false;
+        intro::handle_intro_selection(app_state);
    } else if app_state.ui.show_admin {
-        // Handle selection in admin panel
-        let profiles = &app_state.profile_tree.profiles;
-        if !profiles.is_empty() && app_state.general.selected_item < profiles.len() {
-            // Set the selected profile
-            app_state.selected_profile = Some(profiles[app_state.general.selected_item].name.clone());
-        }
+        admin::handle_admin_selection(app_state);
    }
 }

--- a/client/src/modes/handlers/event.rs
+++ b/client/src/modes/handlers/event.rs
@@ -1,13 +1,14 @@
 // src/modes/handlers/event.rs
-use crossterm::event::{Event, KeyEvent};
+use crossterm::event::Event;
 use crossterm::cursor::SetCursorStyle;
 use crate::tui::terminal::{
    core::TerminalCore,
    grpc_client::GrpcClient,
-    commands::CommandHandler,
 };
+use crate::tui::controls::commands::CommandHandler;
 use crate::config::binds::config::Config;
-use crate::ui::handlers::form::FormState;
+use crate::state::pages::form::FormState;
+use crate::state::pages::auth::AuthState;
 use crate::ui::handlers::rat_state::UiStateHandler;
 use crate::modes::{
    common::{command_mode},
@@ -25,6 +26,7 @@ pub struct EventHandler {
    pub edit_mode_cooldown: bool,
    pub ideal_cursor_column: usize,
    pub key_sequence_tracker: KeySequenceTracker,
+    pub auth_state: AuthState,
 }

 impl EventHandler {
@@ -37,6 +39,7 @@ impl EventHandler {
            edit_mode_cooldown: false,
            ideal_cursor_column: 0,
            key_sequence_tracker: KeySequenceTracker::new(800),
+            auth_state: AuthState::new(),
        }
    }

@@ -129,7 +132,6 @@ impl EventHandler {
                                    action,
                                    form_state,
                                    grpc_client,
-                                    command_handler,
                                    terminal,
                                    app_state,
                                    current_position,
@@ -142,9 +144,11 @@ impl EventHandler {

                    // Let read_only mode handle its own actions (including navigation from common bindings)
                    return read_only::handle_read_only_event(
+                        &app_state,
                        key,
                        config,
                        form_state,
+                        &mut self.auth_state,
                        &mut self.key_sequence_tracker,
                        current_position,
                        total_count,
@@ -188,7 +192,6 @@ impl EventHandler {
                                    action,
                                    form_state,
                                    grpc_client,
-                                    command_handler,
                                    terminal,
                                    app_state,
                                    current_position,
@@ -224,7 +227,8 @@ impl EventHandler {
                        &mut self.command_input,
                        &mut self.command_message,
                        grpc_client,
-                        &mut app_state.ui.is_saved,
+                        command_handler,
+                        terminal,
                        current_position,
                        total_count,
                    ).await?;
--- a/client/src/modes/handlers/mode_manager.rs
+++ b/client/src/modes/handlers/mode_manager.rs
@@ -15,14 +15,16 @@ pub struct ModeManager;
 impl ModeManager {
    // Determine current mode based on app state
    pub fn derive_mode(app_state: &AppState, event_handler: &EventHandler) -> AppMode {
-        // Command mode takes precedence if active
        if event_handler.command_mode {
            return AppMode::Command;
        }

-        // Check UI state flags
-        if app_state.ui.show_intro || app_state.ui.show_admin {
-            AppMode::General
+        if app_state.ui.show_login {  // NEW: Check auth visibility
+            if event_handler.is_edit_mode {
+                AppMode::Edit
+            } else {
+                AppMode::ReadOnly
+            }
        } else if app_state.ui.show_form {
            if event_handler.is_edit_mode {
                AppMode::Edit
@@ -30,11 +32,10 @@ impl ModeManager {
                AppMode::ReadOnly
            }
        } else {
-            // Fallback
            AppMode::General
        }
    }
-    
+
    // Mode transition rules
    pub fn can_enter_command_mode(current_mode: AppMode) -> bool {
        !matches!(current_mode, AppMode::Edit)  // Can't enter from Edit mode
--- a/client/src/state/canvas_state.rs
+++ b/client/src/state/canvas_state.rs
@@ -0,0 +1,44 @@
+// src/state/canvas_state.rs
+
+use crate::state::pages::form::FormState;
+
+pub trait CanvasState {
+    fn current_field(&self) -> usize;
+    fn current_cursor_pos(&self) -> usize;
+    fn has_unsaved_changes(&self) -> bool;
+    fn inputs(&self) -> Vec<&String>;
+    fn get_current_input(&self) -> &str;
+    fn get_current_input_mut(&mut self) -> &mut String;
+}
+
+// Implement for FormState (keep existing form.rs code and add this)
+impl CanvasState for FormState {
+    fn current_field(&self) -> usize {
+        self.current_field
+    }
+
+    fn current_cursor_pos(&self) -> usize {
+        self.current_cursor_pos
+    }
+
+    fn has_unsaved_changes(&self) -> bool {
+        self.has_unsaved_changes
+    }
+
+    fn inputs(&self) -> Vec<&String> {
+        self.values.iter().collect()
+    }
+
+    fn get_current_input(&self) -> &str {
+        self.values
+            .get(self.current_field)
+            .map(|s| s.as_str())
+            .unwrap_or("")
+    }
+
+    fn get_current_input_mut(&mut self) -> &mut String {
+        self.values
+            .get_mut(self.current_field)
+            .expect("Invalid current_field index")
+    }
+}
--- a/client/src/state/mod.rs
+++ b/client/src/state/mod.rs
@@ -1,2 +1,4 @@
 // src/state/mod.rs
 pub mod state;
+pub mod pages;
+pub mod canvas_state;
--- a/client/src/state/pages.rs
+++ b/client/src/state/pages.rs
@@ -0,0 +1,4 @@
+// src/state/pages.rs
+
+pub mod form;
+pub mod auth;
--- a/client/src/state/pages/auth.rs
+++ b/client/src/state/pages/auth.rs
@@ -0,0 +1,60 @@
+// src/state/pages/auth.rs
+use crate::state::canvas_state::CanvasState;
+
+#[derive(Default)]
+pub struct AuthState {
+    pub return_selected: bool,
+    pub username: String,
+    pub password: String,
+    pub error_message: Option<String>,
+    pub current_field: usize,
+    pub current_cursor_pos: usize,
+}
+
+impl AuthState {
+    pub fn new() -> Self {
+        Self {
+            return_selected: false,
+            username: String::new(),
+            password: String::new(),
+            error_message: None,
+            current_field: 0,
+            current_cursor_pos: 0,
+        }
+    }
+}
+
+impl CanvasState for AuthState {
+    fn current_field(&self) -> usize {
+        self.current_field
+    }
+
+    fn current_cursor_pos(&self) -> usize {
+        self.current_cursor_pos
+    }
+
+    fn has_unsaved_changes(&self) -> bool {
+        // Auth form doesn't need unsaved changes tracking
+        false
+    }
+
+    fn inputs(&self) -> Vec<&String> {
+        vec![&self.username, &self.password]
+    }
+
+    fn get_current_input(&self) -> &str {
+        match self.current_field {
+            0 => &self.username,
+            1 => &self.password,
+            _ => "", // Return empty string for invalid index instead of panicking
+        }
+    }
+
+    fn get_current_input_mut(&mut self) -> &mut String {
+        match self.current_field {
+            0 => &mut self.username,
+            1 => &mut self.password,
+            _ => panic!("Invalid current_field index in AuthState"),
+        }
+    }
+}
--- a/client/src/state/pages/form.rs
+++ b/client/src/state/pages/form.rs
@@ -1,4 +1,4 @@
-// src/client/ui/handlers/form.rs
+// src/state/pages/form.rs
 use crate::config::colors::themes::Theme;
 use ratatui::layout::Rect;
 use ratatui::Frame;
@@ -38,7 +38,7 @@ impl FormState {
        let fields: Vec<&str> = self.fields.iter().map(|s| s.as_str()).collect();
        let values: Vec<&String> = self.values.iter().collect();

-        crate::components::handlers::form::render_form(
+        crate::components::form::form::render_form(
            f,
            area,
            self,
@@ -70,4 +70,15 @@ impl FormState {
            .get_mut(self.current_field)
            .expect("Invalid current_field index")
    }
+
+    pub fn update_from_response(&mut self, response: common::proto::multieko2::adresar::AdresarResponse) {
+        self.id = response.id;
+        self.values = vec![
+            response.firma, response.kz, response.drc,
+            response.ulica, response.psc, response.mesto,
+            response.stat, response.banka, response.ucet,
+            response.skladm, response.ico, response.kontakt,
+            response.telefon, response.skladu, response.fax,
+        ];
+    }
 }
--- a/client/src/state/state.rs
+++ b/client/src/state/state.rs
@@ -11,6 +11,7 @@ pub struct UiState {
    pub show_intro: bool,
    pub show_admin: bool,
    pub show_form: bool,
+    pub show_login: bool,
    pub intro_state: IntroState,
 }

@@ -75,6 +76,7 @@ impl Default for UiState {
            show_intro: true,
            show_admin: false,
            show_form: false,
+            show_login: false,
            intro_state: IntroState::new(),
        }
    }
--- a/client/src/tui/controls.rs
+++ b/client/src/tui/controls.rs
@@ -0,0 +1,5 @@
+// src/tui/controls.rs
+
+pub mod commands;
+
+pub use commands::*;
--- a/client/src/tui/controls/commands.rs
+++ b/client/src/tui/controls/commands.rs
@@ -1,9 +1,8 @@
-// src/tui/terminal/commands.rs
-
+// src/tui/controls/commands.rs
 use crate::tui::terminal::core::TerminalCore;

 pub struct CommandHandler {
-    is_saved: bool,
+    pub is_saved: bool,
 }

 impl CommandHandler {
@@ -24,7 +23,10 @@ impl CommandHandler {
        }
    }

-    async fn handle_quit(&self, terminal: &mut TerminalCore) -> Result<(bool, String), Box<dyn std::error::Error>> {
+    async fn handle_quit(
+        &self,
+        terminal: &mut TerminalCore,
+    ) -> Result<(bool, String), Box<dyn std::error::Error>> {
        if self.is_saved {
            terminal.cleanup()?;
            Ok((true, "Exiting.".into()))
@@ -33,12 +35,18 @@ impl CommandHandler {
        }
    }

-    async fn handle_force_quit(&self, terminal: &mut TerminalCore) -> Result<(bool, String), Box<dyn std::error::Error>> {
+    async fn handle_force_quit(
+        &self,
+        terminal: &mut TerminalCore,
+    ) -> Result<(bool, String), Box<dyn std::error::Error>> {
        terminal.cleanup()?;
        Ok((true, "Force exiting without saving.".into()))
    }

-    async fn handle_save_quit(&mut self, terminal: &mut TerminalCore) -> Result<(bool, String), Box<dyn std::error::Error>> {
+    async fn handle_save_quit(
+        &mut self,
+        terminal: &mut TerminalCore,
+    ) -> Result<(bool, String), Box<dyn std::error::Error>> {
        self.is_saved = true;
        terminal.cleanup()?;
        Ok((true, "State saved. Exiting.".into()))
--- a/client/src/tui/functions.rs
+++ b/client/src/tui/functions.rs
@@ -0,0 +1,10 @@
+// src/tui/functions.rs
+
+pub mod admin;
+pub mod intro;
+pub mod login;
+pub mod form;
+
+pub use admin::*;
+pub use intro::*;
+pub use form::*;
--- a/client/src/tui/functions/admin.rs
+++ b/client/src/tui/functions/admin.rs
@@ -0,0 +1,8 @@
+use crate::state::state::AppState;
+
+pub fn handle_admin_selection(app_state: &mut AppState) {
+    let profiles = &app_state.profile_tree.profiles;
+    if !profiles.is_empty() && app_state.general.selected_item < profiles.len() {
+        app_state.selected_profile = Some(profiles[app_state.general.selected_item].name.clone());
+    }
+}
--- a/client/src/tui/functions/form.rs
+++ b/client/src/tui/functions/form.rs
@@ -0,0 +1,112 @@
+// src/tui/functions/form.rs
+use crate::state::pages::form::FormState;
+use crate::tui::terminal::GrpcClient;
+use common::proto::multieko2::adresar::AdresarResponse;
+
+pub async fn handle_action(
+    action: &str,
+    form_state: &mut FormState,
+    grpc_client: &mut GrpcClient,
+    current_position: &mut u64,
+    total_count: u64,
+    ideal_cursor_column: &mut usize,
+) -> Result<String, Box<dyn std::error::Error>> {
+    match action {
+        "previous_entry" => {
+            let new_position = current_position.saturating_sub(1);
+            if new_position >= 1 {
+                *current_position = new_position;
+                let response = grpc_client.get_adresar_by_position(*current_position).await?;
+                
+                // Direct field assignments
+                form_state.id = response.id;
+                form_state.values = vec![
+                    response.firma, response.kz, response.drc,
+                    response.ulica, response.psc, response.mesto,
+                    response.stat, response.banka, response.ucet,
+                    response.skladm, response.ico, response.kontakt,
+                    response.telefon, response.skladu, response.fax,
+                ];
+                
+                let current_input = form_state.get_current_input();
+                let max_cursor_pos = if !current_input.is_empty() {
+                    current_input.len() - 1
+                } else { 0 };
+                form_state.current_cursor_pos = std::cmp::min(*ideal_cursor_column, max_cursor_pos);
+                form_state.has_unsaved_changes = false;
+                
+                Ok(format!("Loaded form entry {}", *current_position))
+            } else {
+                Ok("Already at first form entry".into())
+            }
+        }
+        "next_entry" => {
+            if *current_position <= total_count {
+                *current_position += 1;
+                if *current_position <= total_count {
+                    let response = grpc_client.get_adresar_by_position(*current_position).await?;
+                    
+                    // Direct field assignments
+                    form_state.id = response.id;
+                    form_state.values = vec![
+                        response.firma, response.kz, response.drc,
+                        response.ulica, response.psc, response.mesto,
+                        response.stat, response.banka, response.ucet,
+                        response.skladm, response.ico, response.kontakt,
+                        response.telefon, response.skladu, response.fax,
+                    ];
+                    
+                    let current_input = form_state.get_current_input();
+                    let max_cursor_pos = if !current_input.is_empty() {
+                        current_input.len() - 1
+                    } else { 0 };
+                    form_state.current_cursor_pos = std::cmp::min(*ideal_cursor_column, max_cursor_pos);
+                    form_state.has_unsaved_changes = false;
+                    
+                    Ok(format!("Loaded form entry {}", *current_position))
+                } else {
+                    form_state.reset_to_empty();
+                    form_state.current_field = 0;
+                    form_state.current_cursor_pos = 0;
+                    *ideal_cursor_column = 0;
+                    Ok("New form entry mode".into())
+                }
+            } else {
+                Ok("Already at last entry".into())
+            }
+        }
+        "move_up" => {
+            // Change field first
+            if form_state.current_field == 0 {
+                form_state.current_field = form_state.fields.len() - 1;
+            } else {
+                form_state.current_field = form_state.current_field.saturating_sub(1);
+            }
+
+            // Get current input AFTER changing field
+            let current_input = form_state.get_current_input();
+            let max_cursor_pos = if !current_input.is_empty() {
+                current_input.len() - 1
+            } else {
+                0
+            };
+            form_state.current_cursor_pos = (*ideal_cursor_column).min(max_cursor_pos);
+            Ok("".to_string())
+        }
+        "move_down" => {
+            // Change field first
+            form_state.current_field = (form_state.current_field + 1) % form_state.fields.len();
+
+            // Get current input AFTER changing field
+            let current_input = form_state.get_current_input();
+            let max_cursor_pos = if !current_input.is_empty() {
+                current_input.len() - 1
+            } else {
+                0
+            };
+            form_state.current_cursor_pos = (*ideal_cursor_column).min(max_cursor_pos);
+            Ok("".to_string())
+        }
+        _ => Err("Unknown form action".into())
+    }
+}
--- a/client/src/tui/functions/intro.rs
+++ b/client/src/tui/functions/intro.rs
@@ -0,0 +1,23 @@
+use crate::state::state::AppState;
+
+pub fn handle_intro_selection(app_state: &mut AppState) {
+    match app_state.ui.intro_state.selected_option {
+        0 => { // Continue
+            app_state.ui.show_form = true;
+            app_state.ui.show_admin = false;
+            app_state.ui.show_login = false;
+        }
+        1 => { // Admin
+            app_state.ui.show_form = false;
+            app_state.ui.show_admin = true;
+            app_state.ui.show_login = false;
+        }
+        2 => { // Login
+            app_state.ui.show_form = false;
+            app_state.ui.show_admin = false;
+            app_state.ui.show_login = true;
+        }
+        _ => {}
+    }
+    app_state.ui.show_intro = false;
+}
--- a/client/src/tui/functions/login.rs
+++ b/client/src/tui/functions/login.rs
@@ -0,0 +1,58 @@
+// src/tui/functions/login.rs
+use crate::state::pages::auth::AuthState;
+use crate::state::canvas_state::CanvasState;
+
+pub async fn handle_action(
+    action: &str,
+    auth_state: &mut AuthState,
+    ideal_cursor_column: &mut usize,
+) -> Result<String, Box<dyn std::error::Error>> {
+    match action {
+        "move_up" => {
+            if auth_state.return_selected {
+                // From Return button to last field (password)
+                auth_state.return_selected = false;
+                auth_state.current_field = 1;
+            } else if auth_state.current_field == 1 {
+                // Password -> Username
+                auth_state.current_field = 0;
+            } else if auth_state.current_field == 0 {
+                // Username -> Password (wrap around fields only)
+                auth_state.current_field = 1;
+            }
+
+            // Update cursor position
+            if !auth_state.return_selected {
+                let current_input = auth_state.get_current_input();
+                let max_cursor_pos = current_input.len();
+                auth_state.current_cursor_pos = (*ideal_cursor_column).min(max_cursor_pos);
+            }
+
+            Ok(format!("Navigation 'up' from functions/login"))
+        }
+        "move_down" => {
+            if auth_state.return_selected {
+                // From Return button to first field (username)
+                auth_state.return_selected = false;
+                auth_state.current_field = 0;
+            } else if auth_state.current_field == 0 {
+                // Username -> Password
+                auth_state.current_field = 1;
+            } else if auth_state.current_field == 1 {
+                // Password -> Buttons (Login button)
+                auth_state.return_selected = false;
+            }
+
+            // Update cursor position when in a field
+            if !auth_state.return_selected {
+                let current_input = auth_state.get_current_input();
+                let max_cursor_pos = current_input.len();
+                auth_state.current_cursor_pos = (*ideal_cursor_column).min(max_cursor_pos);
+            }
+
+            Ok(format!("Navigation 'down' from functions/login"))
+        }
+        _ => Err("Unknown login action".into())
+    }
+}
+
--- a/client/src/tui/mod.rs
+++ b/client/src/tui/mod.rs
@@ -1,2 +1,5 @@
 // src/tui/mod.rs
 pub mod terminal;
+pub mod controls;
+pub mod functions;
+
--- a/client/src/tui/terminal.rs
+++ b/client/src/tui/terminal.rs
@@ -2,10 +2,8 @@

 pub mod core;
 pub mod grpc_client;
-pub mod commands;
 pub mod event_reader;

 pub use core::TerminalCore;
 pub use grpc_client::GrpcClient;
-pub use commands::CommandHandler;
 pub use event_reader::EventReader;
--- a/client/src/ui/handlers.rs
+++ b/client/src/ui/handlers.rs
@@ -1,7 +1,6 @@
 // src/client/ui/handlers.rs

 pub mod ui;
-pub mod form;
 pub mod render;
 pub mod rat_state;

--- a/client/src/ui/handlers/render.rs
+++ b/client/src/ui/handlers/render.rs
@@ -4,19 +4,22 @@ use crate::components::{
    render_background,
    render_command_line,
    render_status_line,
-    handlers::{sidebar::{self, calculate_sidebar_layout}, form::render_form},
-    intro::{intro},
+    handlers::sidebar::{self, calculate_sidebar_layout},
+    form::form::render_form,
    admin::{admin_panel::AdminPanelState},
+    auth::login::render_login,
 };
 use crate::config::colors::themes::Theme;
 use ratatui::layout::{Constraint, Direction, Layout};
 use ratatui::Frame;
-use super::form::FormState;
+use crate::state::pages::form::FormState;
+use crate::state::pages::auth::AuthState;
 use crate::state::state::AppState;

 pub fn render_ui(
    f: &mut Frame,
    form_state: &mut FormState,
+    auth_state: &mut AuthState,
    theme: &Theme,
    is_edit_mode: bool,
    total_count: u64,
@@ -43,6 +46,8 @@ pub fn render_ui(
    if app_state.ui.show_intro {
        // Use app_state's intro_state directly
        app_state.ui.intro_state.render(f, main_content_area, theme);
+    }else if app_state.ui.show_login {
+        render_login(f, main_content_area, theme, auth_state);
    } else if app_state.ui.show_admin {
        // Create temporary AdminPanelState for rendering
        let mut admin_state = AdminPanelState::new(
--- a/client/src/ui/handlers/ui.rs
+++ b/client/src/ui/handlers/ui.rs
@@ -2,15 +2,15 @@

 use crate::tui::terminal::TerminalCore;
 use crate::tui::terminal::GrpcClient;
-use crate::tui::terminal::CommandHandler;
+use crate::tui::controls::CommandHandler;
 use crate::tui::terminal::EventReader;
 use crate::config::colors::themes::Theme;
 use crate::config::binds::config::Config;
-use crate::ui::handlers::{form::FormState, render::render_ui};
+use crate::ui::handlers::render::render_ui;
+use crate::state::pages::form::FormState;
+use crate::state::pages::auth::AuthState;
 use crate::modes::handlers::event::EventHandler;
 use crate::state::state::AppState;
-use crate::components::admin::{admin_panel::AdminPanelState};
-use crate::components::intro::{intro::IntroState};

 pub async fn run_ui() -> Result<(), Box<dyn std::error::Error>> {
    let config = Config::load()?;
@@ -18,7 +18,7 @@ pub async fn run_ui() -> Result<(), Box<dyn std::error::Error>> {
    let mut grpc_client = GrpcClient::new().await?;
    let mut command_handler = CommandHandler::new();
    let theme = Theme::from_str(&config.colors.theme);
-    let mut intro_state = IntroState::new();
+    let mut auth_state = AuthState::default();

    // Initialize app_state first
    let mut app_state = AppState::new()?;
@@ -27,13 +27,6 @@ pub async fn run_ui() -> Result<(), Box<dyn std::error::Error>> {
    let profile_tree = grpc_client.get_profile_tree().await?;
    app_state.profile_tree = profile_tree;

-    // Now create admin panel with profiles from app_state
-    if intro_state.selected_option == 1 {
-        app_state.ui.show_admin = true;
-        app_state.general.selected_item = 0;
-        app_state.general.current_option = 0;
-    }
-
    // Fetch table structure at startup (one-time)
    let table_structure = grpc_client.get_table_structure().await?;

@@ -65,6 +58,7 @@ pub async fn run_ui() -> Result<(), Box<dyn std::error::Error>> {
            render_ui(
                f,
                &mut form_state,
+                &mut auth_state,
                &theme,
                event_handler.is_edit_mode,
                app_state.total_count,
--- a/common/build.rs
+++ b/common/build.rs
@@ -8,6 +8,7 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
            &[
                "proto/common.proto",
                "proto/adresar.proto",
+                "proto/auth.proto",
                "proto/uctovnictvo.proto",
                "proto/table_structure.proto",
                "proto/table_definition.proto",
--- a/common/proto/auth.proto
+++ b/common/proto/auth.proto
@@ -0,0 +1,37 @@
+// proto/auth.proto
+syntax = "proto3";
+package multieko2.auth;
+
+import "common.proto";
+
+service AuthService {
+    rpc Register(RegisterRequest) returns (AuthResponse);
+    rpc Login(LoginRequest) returns (LoginResponse);
+}
+
+message RegisterRequest {
+    string username = 1;
+    string email = 2;
+    string password = 3;
+    string password_confirmation = 4;
+}
+
+message AuthResponse {
+    string id = 1;           // UUID in string format
+    string username = 2;     // Registered username
+    string email = 3;        // Registered email (if provided)
+    string role = 4;         // Default role: 'accountant'
+}
+
+message LoginRequest {
+    string identifier = 1;   // Can be username or email
+    string password = 2;
+}
+
+message LoginResponse {
+    string access_token = 1;   // JWT token
+    string token_type = 2;     // Usually "Bearer"
+    int32 expires_in = 3;      // Expiration in seconds (86400 for 24 hours)
+    string user_id = 4;        // User's UUID in string format
+    string role = 5;           // User's role
+}
--- a/common/src/lib.rs
+++ b/common/src/lib.rs
@@ -4,6 +4,9 @@ pub mod proto {
        pub mod adresar {
            include!("proto/multieko2.adresar.rs");
        }
+        pub mod auth {
+            include!("proto/multieko2.auth.rs");
+        }
        pub mod common {
            include!("proto/multieko2.common.rs");
        }
--- a/common/src/proto/descriptor.bin
+++ b/common/src/proto/descriptor.bin
--- a/common/src/proto/multieko2.auth.rs
+++ b/common/src/proto/multieko2.auth.rs
@@ -0,0 +1,412 @@
+// This file is @generated by prost-build.
+#[derive(Clone, PartialEq, ::prost::Message)]
+pub struct RegisterRequest {
+    #[prost(string, tag = "1")]
+    pub username: ::prost::alloc::string::String,
+    #[prost(string, tag = "2")]
+    pub email: ::prost::alloc::string::String,
+    #[prost(string, tag = "3")]
+    pub password: ::prost::alloc::string::String,
+    #[prost(string, tag = "4")]
+    pub password_confirmation: ::prost::alloc::string::String,
+}
+#[derive(Clone, PartialEq, ::prost::Message)]
+pub struct AuthResponse {
+    /// UUID in string format
+    #[prost(string, tag = "1")]
+    pub id: ::prost::alloc::string::String,
+    /// Registered username
+    #[prost(string, tag = "2")]
+    pub username: ::prost::alloc::string::String,
+    /// Registered email (if provided)
+    #[prost(string, tag = "3")]
+    pub email: ::prost::alloc::string::String,
+    /// Default role: 'accountant'
+    #[prost(string, tag = "4")]
+    pub role: ::prost::alloc::string::String,
+}
+#[derive(Clone, PartialEq, ::prost::Message)]
+pub struct LoginRequest {
+    /// Can be username or email
+    #[prost(string, tag = "1")]
+    pub identifier: ::prost::alloc::string::String,
+    #[prost(string, tag = "2")]
+    pub password: ::prost::alloc::string::String,
+}
+#[derive(Clone, PartialEq, ::prost::Message)]
+pub struct LoginResponse {
+    /// JWT token
+    #[prost(string, tag = "1")]
+    pub access_token: ::prost::alloc::string::String,
+    /// Usually "Bearer"
+    #[prost(string, tag = "2")]
+    pub token_type: ::prost::alloc::string::String,
+    /// Expiration in seconds (86400 for 24 hours)
+    #[prost(int32, tag = "3")]
+    pub expires_in: i32,
+    /// User's UUID in string format
+    #[prost(string, tag = "4")]
+    pub user_id: ::prost::alloc::string::String,
+    /// User's role
+    #[prost(string, tag = "5")]
+    pub role: ::prost::alloc::string::String,
+}
+/// Generated client implementations.
+pub mod auth_service_client {
+    #![allow(
+        unused_variables,
+        dead_code,
+        missing_docs,
+        clippy::wildcard_imports,
+        clippy::let_unit_value,
+    )]
+    use tonic::codegen::*;
+    use tonic::codegen::http::Uri;
+    #[derive(Debug, Clone)]
+    pub struct AuthServiceClient<T> {
+        inner: tonic::client::Grpc<T>,
+    }
+    impl AuthServiceClient<tonic::transport::Channel> {
+        /// Attempt to create a new client by connecting to a given endpoint.
+        pub async fn connect<D>(dst: D) -> Result<Self, tonic::transport::Error>
+        where
+            D: TryInto<tonic::transport::Endpoint>,
+            D::Error: Into<StdError>,
+        {
+            let conn = tonic::transport::Endpoint::new(dst)?.connect().await?;
+            Ok(Self::new(conn))
+        }
+    }
+    impl<T> AuthServiceClient<T>
+    where
+        T: tonic::client::GrpcService<tonic::body::BoxBody>,
+        T::Error: Into<StdError>,
+        T::ResponseBody: Body<Data = Bytes> + std::marker::Send + 'static,
+        <T::ResponseBody as Body>::Error: Into<StdError> + std::marker::Send,
+    {
+        pub fn new(inner: T) -> Self {
+            let inner = tonic::client::Grpc::new(inner);
+            Self { inner }
+        }
+        pub fn with_origin(inner: T, origin: Uri) -> Self {
+            let inner = tonic::client::Grpc::with_origin(inner, origin);
+            Self { inner }
+        }
+        pub fn with_interceptor<F>(
+            inner: T,
+            interceptor: F,
+        ) -> AuthServiceClient<InterceptedService<T, F>>
+        where
+            F: tonic::service::Interceptor,
+            T::ResponseBody: Default,
+            T: tonic::codegen::Service<
+                http::Request<tonic::body::BoxBody>,
+                Response = http::Response<
+                    <T as tonic::client::GrpcService<tonic::body::BoxBody>>::ResponseBody,
+                >,
+            >,
+            <T as tonic::codegen::Service<
+                http::Request<tonic::body::BoxBody>,
+            >>::Error: Into<StdError> + std::marker::Send + std::marker::Sync,
+        {
+            AuthServiceClient::new(InterceptedService::new(inner, interceptor))
+        }
+        /// Compress requests with the given encoding.
+        ///
+        /// This requires the server to support it otherwise it might respond with an
+        /// error.
+        #[must_use]
+        pub fn send_compressed(mut self, encoding: CompressionEncoding) -> Self {
+            self.inner = self.inner.send_compressed(encoding);
+            self
+        }
+        /// Enable decompressing responses.
+        #[must_use]
+        pub fn accept_compressed(mut self, encoding: CompressionEncoding) -> Self {
+            self.inner = self.inner.accept_compressed(encoding);
+            self
+        }
+        /// Limits the maximum size of a decoded message.
+        ///
+        /// Default: `4MB`
+        #[must_use]
+        pub fn max_decoding_message_size(mut self, limit: usize) -> Self {
+            self.inner = self.inner.max_decoding_message_size(limit);
+            self
+        }
+        /// Limits the maximum size of an encoded message.
+        ///
+        /// Default: `usize::MAX`
+        #[must_use]
+        pub fn max_encoding_message_size(mut self, limit: usize) -> Self {
+            self.inner = self.inner.max_encoding_message_size(limit);
+            self
+        }
+        pub async fn register(
+            &mut self,
+            request: impl tonic::IntoRequest<super::RegisterRequest>,
+        ) -> std::result::Result<tonic::Response<super::AuthResponse>, tonic::Status> {
+            self.inner
+                .ready()
+                .await
+                .map_err(|e| {
+                    tonic::Status::unknown(
+                        format!("Service was not ready: {}", e.into()),
+                    )
+                })?;
+            let codec = tonic::codec::ProstCodec::default();
+            let path = http::uri::PathAndQuery::from_static(
+                "/multieko2.auth.AuthService/Register",
+            );
+            let mut req = request.into_request();
+            req.extensions_mut()
+                .insert(GrpcMethod::new("multieko2.auth.AuthService", "Register"));
+            self.inner.unary(req, path, codec).await
+        }
+        pub async fn login(
+            &mut self,
+            request: impl tonic::IntoRequest<super::LoginRequest>,
+        ) -> std::result::Result<tonic::Response<super::LoginResponse>, tonic::Status> {
+            self.inner
+                .ready()
+                .await
+                .map_err(|e| {
+                    tonic::Status::unknown(
+                        format!("Service was not ready: {}", e.into()),
+                    )
+                })?;
+            let codec = tonic::codec::ProstCodec::default();
+            let path = http::uri::PathAndQuery::from_static(
+                "/multieko2.auth.AuthService/Login",
+            );
+            let mut req = request.into_request();
+            req.extensions_mut()
+                .insert(GrpcMethod::new("multieko2.auth.AuthService", "Login"));
+            self.inner.unary(req, path, codec).await
+        }
+    }
+}
+/// Generated server implementations.
+pub mod auth_service_server {
+    #![allow(
+        unused_variables,
+        dead_code,
+        missing_docs,
+        clippy::wildcard_imports,
+        clippy::let_unit_value,
+    )]
+    use tonic::codegen::*;
+    /// Generated trait containing gRPC methods that should be implemented for use with AuthServiceServer.
+    #[async_trait]
+    pub trait AuthService: std::marker::Send + std::marker::Sync + 'static {
+        async fn register(
+            &self,
+            request: tonic::Request<super::RegisterRequest>,
+        ) -> std::result::Result<tonic::Response<super::AuthResponse>, tonic::Status>;
+        async fn login(
+            &self,
+            request: tonic::Request<super::LoginRequest>,
+        ) -> std::result::Result<tonic::Response<super::LoginResponse>, tonic::Status>;
+    }
+    #[derive(Debug)]
+    pub struct AuthServiceServer<T> {
+        inner: Arc<T>,
+        accept_compression_encodings: EnabledCompressionEncodings,
+        send_compression_encodings: EnabledCompressionEncodings,
+        max_decoding_message_size: Option<usize>,
+        max_encoding_message_size: Option<usize>,
+    }
+    impl<T> AuthServiceServer<T> {
+        pub fn new(inner: T) -> Self {
+            Self::from_arc(Arc::new(inner))
+        }
+        pub fn from_arc(inner: Arc<T>) -> Self {
+            Self {
+                inner,
+                accept_compression_encodings: Default::default(),
+                send_compression_encodings: Default::default(),
+                max_decoding_message_size: None,
+                max_encoding_message_size: None,
+            }
+        }
+        pub fn with_interceptor<F>(
+            inner: T,
+            interceptor: F,
+        ) -> InterceptedService<Self, F>
+        where
+            F: tonic::service::Interceptor,
+        {
+            InterceptedService::new(Self::new(inner), interceptor)
+        }
+        /// Enable decompressing requests with the given encoding.
+        #[must_use]
+        pub fn accept_compressed(mut self, encoding: CompressionEncoding) -> Self {
+            self.accept_compression_encodings.enable(encoding);
+            self
+        }
+        /// Compress responses with the given encoding, if the client supports it.
+        #[must_use]
+        pub fn send_compressed(mut self, encoding: CompressionEncoding) -> Self {
+            self.send_compression_encodings.enable(encoding);
+            self
+        }
+        /// Limits the maximum size of a decoded message.
+        ///
+        /// Default: `4MB`
+        #[must_use]
+        pub fn max_decoding_message_size(mut self, limit: usize) -> Self {
+            self.max_decoding_message_size = Some(limit);
+            self
+        }
+        /// Limits the maximum size of an encoded message.
+        ///
+        /// Default: `usize::MAX`
+        #[must_use]
+        pub fn max_encoding_message_size(mut self, limit: usize) -> Self {
+            self.max_encoding_message_size = Some(limit);
+            self
+        }
+    }
+    impl<T, B> tonic::codegen::Service<http::Request<B>> for AuthServiceServer<T>
+    where
+        T: AuthService,
+        B: Body + std::marker::Send + 'static,
+        B::Error: Into<StdError> + std::marker::Send + 'static,
+    {
+        type Response = http::Response<tonic::body::BoxBody>;
+        type Error = std::convert::Infallible;
+        type Future = BoxFuture<Self::Response, Self::Error>;
+        fn poll_ready(
+            &mut self,
+            _cx: &mut Context<'_>,
+        ) -> Poll<std::result::Result<(), Self::Error>> {
+            Poll::Ready(Ok(()))
+        }
+        fn call(&mut self, req: http::Request<B>) -> Self::Future {
+            match req.uri().path() {
+                "/multieko2.auth.AuthService/Register" => {
+                    #[allow(non_camel_case_types)]
+                    struct RegisterSvc<T: AuthService>(pub Arc<T>);
+                    impl<
+                        T: AuthService,
+                    > tonic::server::UnaryService<super::RegisterRequest>
+                    for RegisterSvc<T> {
+                        type Response = super::AuthResponse;
+                        type Future = BoxFuture<
+                            tonic::Response<Self::Response>,
+                            tonic::Status,
+                        >;
+                        fn call(
+                            &mut self,
+                            request: tonic::Request<super::RegisterRequest>,
+                        ) -> Self::Future {
+                            let inner = Arc::clone(&self.0);
+                            let fut = async move {
+                                <T as AuthService>::register(&inner, request).await
+                            };
+                            Box::pin(fut)
+                        }
+                    }
+                    let accept_compression_encodings = self.accept_compression_encodings;
+                    let send_compression_encodings = self.send_compression_encodings;
+                    let max_decoding_message_size = self.max_decoding_message_size;
+                    let max_encoding_message_size = self.max_encoding_message_size;
+                    let inner = self.inner.clone();
+                    let fut = async move {
+                        let method = RegisterSvc(inner);
+                        let codec = tonic::codec::ProstCodec::default();
+                        let mut grpc = tonic::server::Grpc::new(codec)
+                            .apply_compression_config(
+                                accept_compression_encodings,
+                                send_compression_encodings,
+                            )
+                            .apply_max_message_size_config(
+                                max_decoding_message_size,
+                                max_encoding_message_size,
+                            );
+                        let res = grpc.unary(method, req).await;
+                        Ok(res)
+                    };
+                    Box::pin(fut)
+                }
+                "/multieko2.auth.AuthService/Login" => {
+                    #[allow(non_camel_case_types)]
+                    struct LoginSvc<T: AuthService>(pub Arc<T>);
+                    impl<T: AuthService> tonic::server::UnaryService<super::LoginRequest>
+                    for LoginSvc<T> {
+                        type Response = super::LoginResponse;
+                        type Future = BoxFuture<
+                            tonic::Response<Self::Response>,
+                            tonic::Status,
+                        >;
+                        fn call(
+                            &mut self,
+                            request: tonic::Request<super::LoginRequest>,
+                        ) -> Self::Future {
+                            let inner = Arc::clone(&self.0);
+                            let fut = async move {
+                                <T as AuthService>::login(&inner, request).await
+                            };
+                            Box::pin(fut)
+                        }
+                    }
+                    let accept_compression_encodings = self.accept_compression_encodings;
+                    let send_compression_encodings = self.send_compression_encodings;
+                    let max_decoding_message_size = self.max_decoding_message_size;
+                    let max_encoding_message_size = self.max_encoding_message_size;
+                    let inner = self.inner.clone();
+                    let fut = async move {
+                        let method = LoginSvc(inner);
+                        let codec = tonic::codec::ProstCodec::default();
+                        let mut grpc = tonic::server::Grpc::new(codec)
+                            .apply_compression_config(
+                                accept_compression_encodings,
+                                send_compression_encodings,
+                            )
+                            .apply_max_message_size_config(
+                                max_decoding_message_size,
+                                max_encoding_message_size,
+                            );
+                        let res = grpc.unary(method, req).await;
+                        Ok(res)
+                    };
+                    Box::pin(fut)
+                }
+                _ => {
+                    Box::pin(async move {
+                        let mut response = http::Response::new(empty_body());
+                        let headers = response.headers_mut();
+                        headers
+                            .insert(
+                                tonic::Status::GRPC_STATUS,
+                                (tonic::Code::Unimplemented as i32).into(),
+                            );
+                        headers
+                            .insert(
+                                http::header::CONTENT_TYPE,
+                                tonic::metadata::GRPC_CONTENT_TYPE,
+                            );
+                        Ok(response)
+                    })
+                }
+            }
+        }
+    }
+    impl<T> Clone for AuthServiceServer<T> {
+        fn clone(&self) -> Self {
+            let inner = self.inner.clone();
+            Self {
+                inner,
+                accept_compression_encodings: self.accept_compression_encodings,
+                send_compression_encodings: self.send_compression_encodings,
+                max_decoding_message_size: self.max_decoding_message_size,
+                max_encoding_message_size: self.max_encoding_message_size,
+            }
+        }
+    }
+    /// Generated gRPC service name
+    pub const SERVICE_NAME: &str = "multieko2.auth.AuthService";
+    impl<T> tonic::server::NamedService for AuthServiceServer<T> {
+        const NAME: &'static str = SERVICE_NAME;
+    }
+}
--- a/server/.sqlx/query-468bb5bb4fdaefcb4b280761d7880a556d40c172568ad3a1ed13156fbef72776.json
+++ b/server/.sqlx/query-468bb5bb4fdaefcb4b280761d7880a556d40c172568ad3a1ed13156fbef72776.json
@@ -0,0 +1,22 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "SELECT ltd.table_name\n        FROM table_definition_links tdl\n        JOIN table_definitions ltd ON tdl.linked_table_id = ltd.id\n        WHERE tdl.source_table_id = $1",
+  "describe": {
+    "columns": [
+      {
+        "ordinal": 0,
+        "name": "table_name",
+        "type_info": "Text"
+      }
+    ],
+    "parameters": {
+      "Left": [
+        "Int8"
+      ]
+    },
+    "nullable": [
+      false
+    ]
+  },
+  "hash": "468bb5bb4fdaefcb4b280761d7880a556d40c172568ad3a1ed13156fbef72776"
+}
--- a/server/.sqlx/query-48d0a6d393dac121bfa4230830a105aede2179b07395f97750ab2fa1970afacd.json
+++ b/server/.sqlx/query-48d0a6d393dac121bfa4230830a105aede2179b07395f97750ab2fa1970afacd.json
@@ -0,0 +1,42 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "\n        INSERT INTO users (username, email, password_hash, role)\n        VALUES ($1, $2, $3, 'accountant')\n        RETURNING id, username, email, role\n        ",
+  "describe": {
+    "columns": [
+      {
+        "ordinal": 0,
+        "name": "id",
+        "type_info": "Uuid"
+      },
+      {
+        "ordinal": 1,
+        "name": "username",
+        "type_info": "Varchar"
+      },
+      {
+        "ordinal": 2,
+        "name": "email",
+        "type_info": "Varchar"
+      },
+      {
+        "ordinal": 3,
+        "name": "role",
+        "type_info": "Varchar"
+      }
+    ],
+    "parameters": {
+      "Left": [
+        "Varchar",
+        "Varchar",
+        "Varchar"
+      ]
+    },
+    "nullable": [
+      false,
+      false,
+      true,
+      false
+    ]
+  },
+  "hash": "48d0a6d393dac121bfa4230830a105aede2179b07395f97750ab2fa1970afacd"
+}
--- a/server/.sqlx/query-6be0bb23ad1ba85add309f6e4f55495a5d248901fb0d23fea908815747a0bd50.json
+++ b/server/.sqlx/query-6be0bb23ad1ba85add309f6e4f55495a5d248901fb0d23fea908815747a0bd50.json
@@ -0,0 +1,34 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "\n        SELECT id, password_hash, role\n        FROM users\n        WHERE username = $1 OR email = $1\n        ",
+  "describe": {
+    "columns": [
+      {
+        "ordinal": 0,
+        "name": "id",
+        "type_info": "Uuid"
+      },
+      {
+        "ordinal": 1,
+        "name": "password_hash",
+        "type_info": "Varchar"
+      },
+      {
+        "ordinal": 2,
+        "name": "role",
+        "type_info": "Varchar"
+      }
+    ],
+    "parameters": {
+      "Left": [
+        "Text"
+      ]
+    },
+    "nullable": [
+      false,
+      true,
+      false
+    ]
+  },
+  "hash": "6be0bb23ad1ba85add309f6e4f55495a5d248901fb0d23fea908815747a0bd50"
+}
--- a/server/.sqlx/query-80f0f7f9ab12a8fe07ea71b548d27bcd6253b598ac4486b72b3d960f03df47f3.json
+++ b/server/.sqlx/query-80f0f7f9ab12a8fe07ea71b548d27bcd6253b598ac4486b72b3d960f03df47f3.json
@@ -0,0 +1,23 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "SELECT table_name FROM table_definitions\n               WHERE profile_id = $1 AND table_name LIKE $2",
+  "describe": {
+    "columns": [
+      {
+        "ordinal": 0,
+        "name": "table_name",
+        "type_info": "Text"
+      }
+    ],
+    "parameters": {
+      "Left": [
+        "Int8",
+        "Text"
+      ]
+    },
+    "nullable": [
+      false
+    ]
+  },
+  "hash": "80f0f7f9ab12a8fe07ea71b548d27bcd6253b598ac4486b72b3d960f03df47f3"
+}
--- a/server/.sqlx/query-b097f30f98490b979939759d85327a20ca7ade4866052a5cfdb0451fb76fbf15.json
+++ b/server/.sqlx/query-b097f30f98490b979939759d85327a20ca7ade4866052a5cfdb0451fb76fbf15.json
@@ -1,22 +0,0 @@
-{
-  "db_name": "PostgreSQL",
-  "query": "SELECT ltd.table_name \n        FROM table_definition_links tdl\n        JOIN table_definitions ltd ON tdl.linked_table_id = ltd.id\n        WHERE tdl.source_table_id = $1 AND tdl.is_required = true",
-  "describe": {
-    "columns": [
-      {
-        "ordinal": 0,
-        "name": "table_name",
-        "type_info": "Text"
-      }
-    ],
-    "parameters": {
-      "Left": [
-        "Int8"
-      ]
-    },
-    "nullable": [
-      false
-    ]
-  },
-  "hash": "b097f30f98490b979939759d85327a20ca7ade4866052a5cfdb0451fb76fbf15"
-}
--- a/server/.sqlx/query-c07a8511e5f32bf230240b28cb292d40f862b6ec58883f21ee8e1937860585d6.json
+++ b/server/.sqlx/query-c07a8511e5f32bf230240b28cb292d40f862b6ec58883f21ee8e1937860585d6.json
@@ -1,6 +1,6 @@
 {
  "db_name": "PostgreSQL",
-  "query": "INSERT INTO table_scripts\n        (table_definitions_id, target_column, target_column_type, script, description)\n        VALUES ($1, $2, $3, $4, $5)\n        RETURNING id",
+  "query": "INSERT INTO table_scripts\n        (table_definitions_id, target_table, target_column,\n         target_column_type, script, description, profile_id)\n        VALUES ($1, $2, $3, $4, $5, $6, $7)\n        RETURNING id",
  "describe": {
    "columns": [
      {
@@ -15,12 +15,14 @@
        "Text",
        "Text",
        "Text",
-        "Text"
+        "Text",
+        "Text",
+        "Int8"
      ]
    },
    "nullable": [
      false
    ]
  },
-  "hash": "4cd5de4d3332ca35a9975ffb32728041978435e14f97c559e2ffec4a82d567ae"
+  "hash": "c07a8511e5f32bf230240b28cb292d40f862b6ec58883f21ee8e1937860585d6"
 }
--- a/server/Cargo.toml
+++ b/server/Cargo.toml
@@ -12,7 +12,7 @@ dotenvy = "0.15.7"
 prost = "0.13.5"
 serde = { version = "1.0.218", features = ["derive"] }
 serde_json = "1.0.140"
-sqlx = { version = "0.8.3", features = ["chrono", "postgres", "runtime-tokio", "runtime-tokio-native-tls", "time"] }
+sqlx = { version = "0.8.3", features = ["chrono", "postgres", "runtime-tokio", "runtime-tokio-native-tls", "time", "uuid"] }
 tokio = { version = "1.43.0", features = ["full", "macros"] }
 tonic = "0.12.3"
 tonic-reflection = "0.12.3"
@@ -24,6 +24,10 @@ thiserror = "2.0.12"
 dashmap = "6.1.0"
 lazy_static = "1.5.0"
 regex = "1.11.1"
+bcrypt = "0.17.0"
+validator = { version = "0.20.0", features = ["derive"] }
+uuid = { version = "1.16.0", features = ["serde", "v4"] }
+jsonwebtoken = "9.3.1"

 [lib]
 name = "server"
--- a/server/migrations/20250324192805_auth.sql
+++ b/server/migrations/20250324192805_auth.sql
@@ -0,0 +1,38 @@
+-- Add migration script here
+
+CREATE TABLE IF NOT EXISTS users (
+    id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+    username VARCHAR(255) NOT NULL UNIQUE,
+    email VARCHAR(255) UNIQUE,
+    password_hash VARCHAR(255),
+    role VARCHAR(20) NOT NULL DEFAULT 'accountant',
+    created_at TIMESTAMPTZ DEFAULT CURRENT_TIMESTAMP
+);
+
+-- Add an index for faster lookups
+CREATE INDEX idx_users_email_username ON users(email, username);
+
+ALTER TABLE users
+ADD CONSTRAINT valid_roles CHECK (role IN (
+    'admin',
+    'moderator',
+    'accountant',
+    'viewer'
+));
+
+-- Create JWT sessions table
+CREATE TABLE user_sessions (
+    id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+    user_id UUID NOT NULL REFERENCES users(id) ON DELETE CASCADE,
+    jwt_token TEXT NOT NULL UNIQUE,
+    expires_at TIMESTAMPTZ NOT NULL,
+    revoked BOOLEAN NOT NULL DEFAULT false,
+    created_at TIMESTAMPTZ NOT NULL DEFAULT CURRENT_TIMESTAMP
+);
+
+-- Add indexes
+CREATE INDEX idx_sessions_user ON user_sessions(user_id);
+CREATE INDEX idx_sessions_expires ON user_sessions(expires_at);
+
+
+
--- a/server/src/auth/docs/first_reg.txt
+++ b/server/src/auth/docs/first_reg.txt
@@ -0,0 +1,10 @@
+❯ grpcurl -plaintext -d '{
+  "username": "testuser2",
+  "email": "test2@example.com"
+}' localhost:50051 multieko2.auth.AuthService/Register
+{
+  "id": "5fa9bbce-85e0-4b06-8364-b561770c2fdd",
+  "username": "testuser2",
+  "email": "test2@example.com",
+  "role": "accountant"
+}
--- a/server/src/auth/docs/reg_log.txt
+++ b/server/src/auth/docs/reg_log.txt
@@ -0,0 +1,51 @@
+❯ grpcurl -plaintext -d '{
+  "username": "testuser3",
+  "email": "test3@example.com",
+  "password": "your_password",
+  "password_confirmation": "your_password"
+}' localhost:50051 multieko2.auth.AuthService/Register
+{
+  "id": "96d2fd35-b39d-4c05-916a-66134453d34c",
+  "username": "testuser3",
+  "email": "test3@example.com",
+  "role": "accountant"
+}
+❯ grpcurl -plaintext -d '{
+  "identifier": "testuser3"
+}' localhost:50051 multieko2.auth.AuthService/Login
+ERROR:
+  Code: Unauthenticated
+  Message: Invalid credentials
+❯ grpcurl -plaintext -d '{
+  "identifier": "testuser3",
+  "password": "your_password"
+}' localhost:50051 multieko2.auth.AuthService/Login
+{
+  "accessToken": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI5NmQyZmQzNS1iMzlkLTRjMDUtOTE2YS02NjEzNDQ1M2QzNGMiLCJleHAiOjE3NDI5ODE2MTAsInJvbGUiOiJhY2NvdW50YW50In0.78VIR3X4QZohzeI5x3xmkmqcICTusOC6PELPohMV-k8",
+  "tokenType": "Bearer",
+  "expiresIn": 86400,
+  "userId": "96d2fd35-b39d-4c05-916a-66134453d34c",
+  "role": "accountant"
+}
+❯ grpcurl -plaintext -d '{
+  "username": "testuser4",
+  "email": "test4@example.com"
+}' localhost:50051 multieko2.auth.AuthService/Register
+{
+  "id": "413d7ecc-f231-48af-8c5a-566b1dc2bf0b",
+  "username": "testuser4",
+  "email": "test4@example.com",
+  "role": "accountant"
+}
+❯ grpcurl -plaintext -d '{
+  "identifier": "test4@example.com"
+}' localhost:50051 multieko2.auth.AuthService/Login
+{
+  "accessToken": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI0MTNkN2VjYy1mMjMxLTQ4YWYtOGM1YS01NjZiMWRjMmJmMGIiLCJleHAiOjE3NDI5ODE3MDEsInJvbGUiOiJhY2NvdW50YW50In0.4Hzu3tTZRNGHnBSgeCbGy2tFTl8EzpPdXBhcW8kuIc8",
+  "tokenType": "Bearer",
+  "expiresIn": 86400,
+  "userId": "413d7ecc-f231-48af-8c5a-566b1dc2bf0b",
+  "role": "accountant"
+}
+╭─     ~/Doc/pr/multieko2/server     auth ······ ✔
+╰─
--- a/server/src/auth/handlers.rs
+++ b/server/src/auth/handlers.rs
@@ -0,0 +1,7 @@
+// src/auth/handlers.rs
+
+pub mod register;
+pub mod login;
+
+pub use register::*;
+pub use login::*;
--- a/server/src/auth/handlers/login.rs
+++ b/server/src/auth/handlers/login.rs
@@ -0,0 +1,46 @@
+// src/auth/handlers/login.rs
+use bcrypt::verify;
+use tonic::{Request, Response, Status};
+use crate::db::PgPool;
+use crate::auth::{models::AuthError, logic::jwt}; // Fixed import path
+use common::proto::multieko2::auth::{LoginRequest, LoginResponse};
+
+pub async fn login(
+    pool: &PgPool,
+    request: LoginRequest,
+) -> Result<Response<LoginResponse>, Status> {
+    let user = sqlx::query!(
+        r#"
+        SELECT id, password_hash, role
+        FROM users
+        WHERE username = $1 OR email = $1
+        "#,
+        request.identifier
+    )
+    .fetch_optional(pool)
+    .await
+    .map_err(|e| Status::internal(e.to_string()))?
+    .ok_or_else(|| Status::unauthenticated("Invalid credentials"))?;
+
+    // Handle the optional password_hash
+    let password_hash = user.password_hash
+        .ok_or_else(|| Status::internal("User account has no password set"))?;
+
+    // Verify the password
+    if !verify(&request.password, &password_hash)
+        .map_err(|e| Status::internal(e.to_string()))?
+    {
+        return Err(Status::unauthenticated("Invalid credentials"));
+    }
+
+    let token = jwt::generate_token(user.id, &user.role)
+        .map_err(|e| Status::internal(e.to_string()))?;
+
+    Ok(Response::new(LoginResponse {
+        access_token: token,
+        token_type: "Bearer".to_string(),
+        expires_in: 86400, // 24 hours
+        user_id: user.id.to_string(),
+        role: user.role,
+    }))
+}
--- a/server/src/auth/handlers/register.rs
+++ b/server/src/auth/handlers/register.rs
@@ -0,0 +1,48 @@
+// src/auth/handlers/register.rs
+use bcrypt::{hash, DEFAULT_COST};
+use tonic::{Response, Status};
+use common::proto::multieko2::auth::{RegisterRequest, AuthResponse};
+use crate::db::PgPool;
+use crate::auth::models::AuthError;
+
+pub async fn register(
+    pool: &PgPool,
+    payload: RegisterRequest,
+) -> Result<Response<AuthResponse>, Status> {
+    // Validate passwords match
+    if payload.password != payload.password_confirmation {
+        return Err(Status::invalid_argument(AuthError::PasswordMismatch.to_string()));
+    }
+
+    // Hash password
+    let password_hash = hash(payload.password, DEFAULT_COST)
+        .map_err(|e| Status::internal(AuthError::HashingError(e.to_string()).to_string()))?;
+
+    // Insert user
+    let user = sqlx::query!(
+        r#"
+        INSERT INTO users (username, email, password_hash, role)
+        VALUES ($1, $2, $3, 'accountant')
+        RETURNING id, username, email, role
+        "#,
+        payload.username,
+        payload.email,
+        password_hash
+    )
+    .fetch_one(pool)
+    .await
+    .map_err(|e| {
+        if e.to_string().contains("duplicate key") {
+            Status::already_exists(AuthError::UserExists.to_string())
+        } else {
+            Status::internal(AuthError::DatabaseError(e.to_string()).to_string())
+        }
+    })?;
+
+    Ok(Response::new(AuthResponse {
+        id: user.id.to_string(),
+        username: user.username,
+        email: user.email.unwrap_or_default(),
+        role: user.role,
+    }))
+}
--- a/server/src/auth/logic.rs
+++ b/server/src/auth/logic.rs
@@ -0,0 +1,9 @@
+// src/auth/logic.rs
+
+pub mod jwt;
+pub mod middleware;
+// TODO implement RBAC on all of the endpoints
+// pub mod rbac;
+
+pub use jwt::*;
+pub use middleware::*;
--- a/server/src/auth/logic/jwt.rs
+++ b/server/src/auth/logic/jwt.rs
@@ -0,0 +1,55 @@
+// src/auth/jwt.rs
+use jsonwebtoken::{encode, decode, Header, EncodingKey, DecodingKey, Validation};
+use serde::{Deserialize, Serialize};
+use time::{Duration, OffsetDateTime};
+use uuid::Uuid;
+use std::sync::OnceLock;
+use crate::auth::models::AuthError;
+
+static KEYS: OnceLock<Keys> = OnceLock::new();
+
+struct Keys {
+    encoding: EncodingKey,
+    decoding: DecodingKey,
+}
+
+#[derive(Debug, Serialize, Deserialize, Clone)]
+pub struct Claims {
+    pub sub: Uuid,    // User ID
+    pub exp: i64,     // Expiration time
+    pub role: String, // User role
+}
+
+pub fn init_jwt() -> Result<(), AuthError> {
+    let secret = std::env::var("JWT_SECRET")
+        .map_err(|_| AuthError::ConfigError("JWT_SECRET must be set".to_string()))?;
+
+    KEYS.set(Keys {
+        encoding: EncodingKey::from_secret(secret.as_bytes()),
+        decoding: DecodingKey::from_secret(secret.as_bytes()),
+    }).map_err(|_| AuthError::ConfigError("Failed to initialize JWT keys".to_string()))?;
+
+    Ok(())
+}
+
+pub fn generate_token(user_id: Uuid, role: &str) -> Result<String, AuthError> {
+    let keys = KEYS.get().ok_or(AuthError::ConfigError("JWT not initialized".to_string()))?;
+    
+    let exp = OffsetDateTime::now_utc() + Duration::days(365000);
+    let claims = Claims {
+        sub: user_id,
+        exp: exp.unix_timestamp(),
+        role: role.to_string(),
+    };
+
+    encode(&Header::default(), &claims, &keys.encoding)
+        .map_err(|e| AuthError::JwtError(e.to_string()))
+}
+
+pub fn validate_token(token: &str) -> Result<Claims, AuthError> {
+    let keys = KEYS.get().ok_or(AuthError::ConfigError("JWT not initialized".to_string()))?;
+    
+    decode::<Claims>(token, &keys.decoding, &Validation::default())
+        .map(|data| data.claims)
+        .map_err(|e| AuthError::JwtError(e.to_string()))
+}
--- a/server/src/auth/logic/middleware.rs
+++ b/server/src/auth/logic/middleware.rs
@@ -0,0 +1,22 @@
+// src/auth/middleware.rs
+use tonic::{metadata::MetadataValue, service::Interceptor, Status};
+use crate::auth::{logic::jwt, models::AuthError};
+
+pub struct AuthInterceptor;
+
+impl Interceptor for AuthInterceptor {
+    fn call(&mut self, mut request: tonic::Request<()>) -> Result<tonic::Request<()>, Status> {
+        let metadata = request.metadata();
+        let token = metadata.get("authorization")
+            .and_then(|v| v.to_str().ok())
+            .and_then(|s| s.strip_prefix("Bearer "))
+            .ok_or(Status::unauthenticated("Missing authorization header"))?;
+
+        let claims = jwt::validate_token(token)
+            .map_err(|e| Status::unauthenticated(e.to_string()))?;
+
+        // Store claims in request extensions
+        request.extensions_mut().insert(claims);
+        Ok(request)
+    }
+}
--- a/server/src/auth/logic/rbac.rs
+++ b/server/src/auth/logic/rbac.rs
@@ -0,0 +1,36 @@
+// src/auth/logic/rbac.rs
+
+use tower::ServiceBuilder;
+use crate::auth::logic::rbac;
+
+pub async fn run_server(db_pool: sqlx::PgPool) -> Result<(), Box<dyn std::error::Error>> {
+    // ... existing setup code ...
+
+    // Create service layers
+    let adresar_layer = ServiceBuilder::new()
+        .layer(rbac::create_adresar_layer())
+        .into_inner();
+
+    let uctovnictvo_layer = ServiceBuilder::new()
+        .layer(rbac::create_uctovnictvo_layer())
+        .into_inner();
+
+    // Create services with layers
+    let adresar_service = AdresarServer::new(AdresarService { db_pool: db_pool.clone() })
+        .layer(adresar_layer);
+
+    let uctovnictvo_service = UctovnictvoServer::new(UctovnictvoService { db_pool: db_pool.clone() })
+        .layer(uctovnictvo_layer);
+
+    // ... repeat for other services ...
+
+    Server::builder()
+        .add_service(auth_server)
+        .add_service(adresar_service)
+        .add_service(uctovnictvo_service)
+        // ... other services ...
+        .serve(addr)
+        .await?;
+
+    Ok(())
+}
--- a/server/src/auth/mod.rs
+++ b/server/src/auth/mod.rs
@@ -0,0 +1,6 @@
+// src/auth/mod.rs
+
+pub mod models;
+pub mod logic;
+pub mod handlers;
+
--- a/server/src/auth/models.rs
+++ b/server/src/auth/models.rs
@@ -0,0 +1,41 @@
+// src/auth/models.rs
+
+use serde::{Deserialize, Serialize};
+use validator::Validate;
+
+#[derive(Debug, Validate, Deserialize)]
+pub struct RegisterRequest {
+    #[validate(length(min = 1, max = 30))]
+    pub username: String,
+    #[validate(email)]
+    pub email: String,
+    #[validate(length(min = 1))]
+    pub password: String,
+    pub password_confirmation: String,
+}
+
+#[derive(Debug, Validate, Deserialize)]
+pub struct LoginRequest {
+    #[validate(length(min = 1))]
+    pub identifier: String,
+    #[validate(length(min = 1))]
+    pub password: String,
+}
+
+#[derive(Debug, thiserror::Error)]
+pub enum AuthError {
+    #[error("Passwords do not match")]
+    PasswordMismatch,
+    #[error("User already exists")]
+    UserExists,
+    #[error("Database error: {0}")]
+    DatabaseError(String),
+    #[error("Hashing error: {0}")]
+    HashingError(String),
+    #[error("Invalid credentials")]
+    InvalidCredentials,
+    #[error("JWT error: {0}")]
+    JwtError(String),
+    #[error("Configuration error: {0}")]
+    ConfigError(String),
+}
--- a/server/src/db.rs
+++ b/server/src/db.rs
@@ -1,5 +1,7 @@
 // src/db.rs
-use sqlx::postgres::{PgPool, PgPoolOptions};
+
+use sqlx::postgres::PgPoolOptions;
+pub use sqlx::postgres::PgPool;
 use std::time::Duration;
 use tracing::info;

--- a/server/src/lib.rs
+++ b/server/src/lib.rs
@@ -1,5 +1,6 @@
 // src/lib.rs
 pub mod db;
+pub mod auth;
 pub mod server;
 pub mod adresar;
 pub mod uctovnictvo;
--- a/server/src/server/run.rs
+++ b/server/src/server/run.rs
@@ -10,15 +10,22 @@ use crate::server::services::{
    TableDefinitionService,
    TablesDataService,
    TableScriptService,
+    AuthServiceImpl
+};
+use common::proto::multieko2::{
+    adresar::adresar_server::AdresarServer,
+    uctovnictvo::uctovnictvo_server::UctovnictvoServer,
+    table_structure::table_structure_service_server::TableStructureServiceServer,
+    table_definition::table_definition_server::TableDefinitionServer,
+    tables_data::tables_data_server::TablesDataServer,
+    table_script::table_script_server::TableScriptServer,
+    auth::auth_service_server::AuthServiceServer
 };
-use common::proto::multieko2::adresar::adresar_server::AdresarServer;
-use common::proto::multieko2::uctovnictvo::uctovnictvo_server::UctovnictvoServer;
-use common::proto::multieko2::table_structure::table_structure_service_server::TableStructureServiceServer;
-use common::proto::multieko2::table_definition::table_definition_server::TableDefinitionServer;
-use common::proto::multieko2::tables_data::tables_data_server::TablesDataServer;
-use common::proto::multieko2::table_script::table_script_server::TableScriptServer;

 pub async fn run_server(db_pool: sqlx::PgPool) -> Result<(), Box<dyn std::error::Error>> {
+    // Initialize JWT for authentication
+    crate::auth::logic::jwt::init_jwt()?;
+    
    let addr = "[::1]:50051".parse()?;

    let reflection_service = ReflectionBuilder::configure()
@@ -27,8 +34,9 @@ pub async fn run_server(db_pool: sqlx::PgPool) -> Result<(), Box<dyn std::error:

    // Initialize services
    let table_definition_service = TableDefinitionService { db_pool: db_pool.clone() };
-    let tables_data_service = TablesDataService { db_pool: db_pool.clone() }; // Add this
+    let tables_data_service = TablesDataService { db_pool: db_pool.clone() };
    let table_script_service = TableScriptService { db_pool: db_pool.clone() };
+    let auth_service = AuthServiceImpl { db_pool: db_pool.clone() };

    Server::builder()
        .add_service(AdresarServer::new(AdresarService { db_pool: db_pool.clone() }))
@@ -37,6 +45,7 @@ pub async fn run_server(db_pool: sqlx::PgPool) -> Result<(), Box<dyn std::error:
        .add_service(TableDefinitionServer::new(table_definition_service))
        .add_service(TablesDataServer::new(tables_data_service))
        .add_service(TableScriptServer::new(table_script_service))
+        .add_service(AuthServiceServer::new(auth_service))
        .add_service(reflection_service)
        .serve(addr)
        .await?;
--- a/server/src/server/services/auth_service.rs
+++ b/server/src/server/services/auth_service.rs
@@ -0,0 +1,36 @@
+// src/server/services/auth_service.rs
+use tonic::{Request, Response, Status};
+use common::proto::multieko2::auth::{
+    auth_service_server::AuthService,
+    RegisterRequest, AuthResponse,
+    LoginRequest, LoginResponse
+};
+use crate::auth::handlers::{
+    login::login,
+    register::register
+};
+use sqlx::PgPool;
+
+#[derive(Debug)]
+pub struct AuthServiceImpl {
+    pub db_pool: PgPool,
+}
+
+#[tonic::async_trait]
+impl AuthService for AuthServiceImpl {
+    async fn register(
+        &self,
+        request: Request<RegisterRequest>,
+    ) -> Result<Response<AuthResponse>, Status> {
+        let response = register(&self.db_pool, request.into_inner()).await?;
+        Ok(response)
+    }
+
+    async fn login(
+        &self,
+        request: Request<LoginRequest>,
+    ) -> Result<Response<LoginResponse>, Status> {
+        let response = login(&self.db_pool, request.into_inner()).await?;
+        Ok(response)
+    }
+}
--- a/server/src/server/services/mod.rs
+++ b/server/src/server/services/mod.rs
@@ -6,6 +6,7 @@ pub mod uctovnictvo_service;
 pub mod table_definition_service;
 pub mod tables_data_service;
 pub mod table_script_service;
+pub mod auth_service;

 pub use adresar_service::AdresarService;
 pub use table_structure_service::TableStructureHandler;
@@ -13,3 +14,4 @@ pub use uctovnictvo_service::UctovnictvoService;
 pub use table_definition_service::TableDefinitionService;
 pub use tables_data_service::TablesDataService;
 pub use table_script_service::TableScriptService;
+pub use auth_service::AuthServiceImpl;
Author	SHA1	Message	Date
filipriec	301189bd85	login is not dependent on form/form.rs and only on canvas now	2025-03-30 17:00:51 +02:00
filipriec	81767f376f	button sizes	2025-03-30 16:35:38 +02:00
filipriec	e36b1817bc	working, split config where functions for each page are defined for this page, if the functions are not general for each page. Huge update, works for tui/functions/form and fui/functions/login. Working, time to move to other things	2025-03-30 15:46:49 +02:00
filipriec	13d4db6bdc	properly handling up and down in the form and login, login needs logic implementation	2025-03-30 15:11:02 +02:00
filipriec	b5a5ebd7c0	working exactly as i want, now making the login up and down to work properly well	2025-03-30 15:03:12 +02:00
filipriec	6e04c1f267	original form fully working in the tui functions is the logic for the form	2025-03-30 14:24:12 +02:00
filipriec	a0d96cb87a	moving to tui/functions/form.rs read_only functions	2025-03-30 14:13:07 +02:00
filipriec	4052a5b81b	fixed unused imports	2025-03-30 14:01:08 +02:00
filipriec	ed99ebf541	compiled if statement in the read_only mode	2025-03-30 13:57:22 +02:00
filipriec	0a4f59cf8e	reverting back fully	2025-03-30 13:15:51 +02:00
filipriec	fd6a9b73be	reverting back	2025-03-30 13:11:04 +02:00
filipriec	dc994f6ee1	login in the functions	2025-03-30 13:04:48 +02:00
filipriec	e234dd1785	down and up now added to work in the original form	2025-03-30 12:09:20 +02:00
filipriec	6e0943f0cc	compiled	2025-03-30 00:51:11 +01:00
filipriec	9622e0bd3c	moving read_only functions for the form specific	2025-03-29 22:36:03 +01:00
filipriec	ee666e91ed	adjusted login not working yet, wrong changes	2025-03-29 00:09:06 +01:00
filipriec	4f8f2f4a40	step4	2025-03-28 20:48:06 +01:00
filipriec	f21953147b	step 3 compiled	2025-03-28 14:35:16 +01:00
filipriec	48b2658b55	step2	2025-03-28 14:29:36 +01:00
filipriec	37b08fdd10	implementation of canvas for multiple pages step 1	2025-03-28 14:26:18 +01:00
filipriec	d4efdf4833	login improvements	2025-03-27 12:27:43 +01:00
filipriec	b408abe8c6	quick prod check .sqlx	2025-03-26 00:50:25 +01:00
filipriec	722c63af54	fixed the navigation previous function, therefore we are now moving into the login properly, lets implement the auth now	2025-03-26 00:46:59 +01:00
filipriec	4601ba4094	unused stuff removed	2025-03-26 00:43:42 +01:00
filipriec	3e2b8a36df	fixing warnings	2025-03-26 00:39:27 +01:00
filipriec	11214734ae	functions are now in the file dedicated to the functions belonging to the page	2025-03-26 00:26:36 +01:00
filipriec	92045a4e67	unused stuff	2025-03-26 00:16:38 +01:00
filipriec	9564bd8524	login page is now being properly displayed	2025-03-26 00:04:30 +01:00
filipriec	ad64df2ec3	nothing is fixed, it doesnt work, i cant see a login page	2025-03-25 23:23:47 +01:00
filipriec	aab11c1cba	login logic in the components	2025-03-25 22:56:24 +01:00
filipriec	1fe139e0c5	we compiled	2025-03-25 22:01:09 +01:00
filipriec	4ced1a36d4	moved form.rs into the state where it really belongs to	2025-03-25 21:23:52 +01:00
filipriec	45fff34c4c	login page being implemented slowly	2025-03-25 16:02:23 +01:00
filipriec	c84fa4a692	frontend implementing login	2025-03-25 15:57:45 +01:00
filipriec	eba3f56ba3	indefinite jwt expiration set	2025-03-25 13:17:13 +01:00
filipriec	71ab588c16	tonic rbac to tower	2025-03-25 12:36:31 +01:00
filipriec	195375c083	temp disable of the rbac	2025-03-25 12:35:10 +01:00
filipriec	34dafcc23e	rbac using tonic	2025-03-25 11:33:14 +01:00
filipriec	507f86fcf1	docs	2025-03-25 10:35:22 +01:00
filipriec	f40654d2c4	it compiled	2025-03-25 10:28:29 +01:00
filipriec	cd32c175a4	jwt implementation and login, not working yet	2025-03-25 10:15:17 +01:00
filipriec	9393294af8	docs, auth starting officially 0.2.0 version	2025-03-24 22:17:02 +01:00
filipriec	24c426229c	registration works perfectly well	2025-03-24 22:15:17 +01:00
filipriec	3ed6fd4ee8	we compiled	2025-03-24 22:03:04 +01:00
filipriec	70d83c284a	broken only push user data	2025-03-24 21:46:04 +01:00
filipriec	8a248cab58	working finally	2025-03-24 18:57:59 +01:00
filipriec	e6851e1fe4	small error to fix	2025-03-24 17:14:12 +01:00
filipriec	65ff1256aa	canvas common needs redesign, sidebar displaying even when no profile selected	2025-03-24 16:46:02 +01:00
filipriec	36dc4302a0	sidebar if there is no profile selected	2025-03-24 16:15:55 +01:00
filipriec	938a1f16f1	form component is now in the separate component	2025-03-24 15:57:41 +01:00