moved form.rs into the state where it really belongs to

Cargo.lock

@@ -1024,8 +1024,10 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "c4567c8db10ae91089c99af84c68c38da3ec2f087c3f82960bcdbf3656b6f4d7"
 dependencies = [
  "cfg-if",
+ "js-sys",
  "libc",
  "wasi 0.11.0+wasi-snapshot-preview1",
+ "wasm-bindgen",
 ]
 
 [[package]]
@@ -1541,6 +1543,21 @@ dependencies = [
  "wasm-bindgen",
 ]
 
+[[package]]
+name = "jsonwebtoken"
+version = "9.3.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5a87cc7a48537badeae96744432de36f4be2b4a34a05a5ef32e9dd8a1c169dde"
+dependencies = [
+ "base64",
+ "js-sys",
+ "pem",
+ "ring",
+ "serde",
+ "serde_json",
+ "simple_asn1",
+]
+
 [[package]]
 name = "lasso"
 version = "0.7.3"
@@ -1928,6 +1945,16 @@ version = "1.0.15"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "57c0d7b74b563b49d38dae00a0c37d4d6de9b432382b2892f0574ddcae73fd0a"
 
+[[package]]
+name = "pem"
+version = "3.0.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "38af38e8470ac9dee3ce1bae1af9c1671fffc44ddfd8bd1d0a3445bf349a8ef3"
+dependencies = [
+ "base64",
+ "serde",
+]
+
 [[package]]
 name = "pem-rfc7468"
 version = "0.7.0"
@@ -2345,6 +2372,20 @@ dependencies = [
  "tstr",
 ]
 
+[[package]]
+name = "ring"
+version = "0.17.14"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a4689e6c2294d81e88dc6261c768b63bc4fcdb852be6d1352498b114f61383b7"
+dependencies = [
+ "cc",
+ "cfg-if",
+ "getrandom 0.2.15",
+ "libc",
+ "untrusted",
+ "windows-sys 0.52.0",
+]
+
 [[package]]
 name = "rsa"
 version = "0.9.7"
@@ -2554,6 +2595,7 @@ dependencies = [
  "common",
  "dashmap",
  "dotenvy",
+ "jsonwebtoken",
  "lazy_static",
  "prost",
  "regex",
@@ -2641,6 +2683,18 @@ dependencies = [
  "rand_core 0.6.4",
 ]
 
+[[package]]
+name = "simple_asn1"
+version = "0.6.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "297f631f50729c8c99b84667867963997ec0b50f32b2a7dbcab828ef0541e8bb"
+dependencies = [
+ "num-bigint",
+ "num-traits",
+ "thiserror 2.0.12",
+ "time",
+]
+
 [[package]]
 name = "sized-chunks"
 version = "0.6.5"
@@ -3521,6 +3575,12 @@ version = "0.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "1fc81956842c57dac11422a97c3b8195a1ff727f06e85c84ed2e8aa277c9a0fd"
 
+[[package]]
+name = "untrusted"
+version = "0.9.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8ecb6da28b8a351d773b68d5825ac39017e680750f980f3a1a85cd8dd28a47c1"
+
 [[package]]
 name = "url"
 version = "2.5.4"
@@ -3551,6 +3611,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "458f7a779bf54acc9f347480ac654f68407d3aab21269a6e3c9f922acd9e2da9"
 dependencies = [
  "getrandom 0.3.1",
+ "serde",
 ]
 
 [[package]]

client/src/components/auth.rs

@@ -0,0 +1,6 @@
+// src/components/form.rs
+pub mod login;
+pub mod register;
+
+pub use login::*;
+pub use register::*;

client/src/components/auth/login.rs

@@ -0,0 +1,111 @@
+// src/components/login/login.rs
+use ratatui::{
+    widgets::{Block, BorderType, Borders, List, ListItem, ListState, Paragraph},
+    style::Style,
+    text::{Line, Span, Text},
+    layout::{Alignment, Constraint, Direction, Layout, Rect},
+    Frame,
+};
+use crate::config::colors::themes::Theme;
+
+pub struct LoginState {
+    pub fields: Vec<String>,
+    pub values: Vec<String>,
+    pub selected_field: usize,
+}
+
+impl LoginState {
+    pub fn new() -> Self {
+        Self {
+            fields: vec!["Username".to_string(), "Password".to_string()],
+            values: vec![String::new(), String::new()],
+            selected_field: 0,
+        }
+    }
+
+    pub fn next_field(&mut self) {
+        self.selected_field = (self.selected_field + 1) % self.fields.len();
+    }
+
+    pub fn previous_field(&mut self) {
+        self.selected_field = if self.selected_field == 0 {
+            self.fields.len() - 1
+        } else {
+            self.selected_field - 1
+        };
+    }
+
+    pub fn render(&mut self, f: &mut Frame, area: Rect, theme: &Theme) {
+        let block = Block::default()
+            .borders(Borders::ALL)
+            .border_type(BorderType::Rounded)
+            .border_style(Style::default().fg(theme.accent))
+            .style(Style::default().bg(theme.bg));
+
+        let inner_area = block.inner(area);
+        f.render_widget(block, area);
+
+        let chunks = Layout::default()
+            .direction(Direction::Vertical)
+            .constraints([
+                Constraint::Length(3),
+                Constraint::Length(5),
+                Constraint::Min(1),
+            ])
+            .split(inner_area);
+
+        // Title
+        let title = Line::from(Span::styled("Login", Style::default().fg(theme.highlight)));
+        let title_widget = Paragraph::new(title).alignment(Alignment::Center);
+        f.render_widget(title_widget, chunks[0]);
+
+        // Login form
+        let form_chunks = Layout::default()
+            .direction(Direction::Vertical)
+            .constraints([
+                Constraint::Length(3),
+                Constraint::Length(3),
+                Constraint::Length(3),
+            ])
+            .split(chunks[1]);
+
+        // Username field
+        let username_block = Block::default()
+            .title("Username")
+            .borders(Borders::ALL)
+            .border_style(if self.selected_field == 0 {
+                Style::default().fg(theme.highlight)
+            } else {
+                Style::default().fg(theme.border)
+            });
+        let username = Paragraph::new(self.values[0].as_str())
+            .block(username_block);
+        f.render_widget(username, form_chunks[0]);
+
+        // Password field
+        let password_block = Block::default()
+            .title("Password")
+            .borders(Borders::ALL)
+            .border_style(if self.selected_field == 1 {
+                Style::default().fg(theme.highlight)
+            } else {
+                Style::default().fg(theme.border)
+            });
+        let password = Paragraph::new("*".repeat(self.values[1].len()))
+            .block(password_block);
+        f.render_widget(password, form_chunks[1]);
+
+        // Submit button
+        let submit_block = Block::default()
+            .borders(Borders::ALL)
+            .border_style(if self.selected_field == 2 {
+                Style::default().fg(theme.highlight)
+            } else {
+                Style::default().fg(theme.border)
+            });
+        let submit = Paragraph::new("Submit")
+            .block(submit_block)
+            .alignment(Alignment::Center);
+        f.render_widget(submit, form_chunks[2]);
+    }
+}

client/src/components/form/form.rs

@@ -6,7 +6,7 @@ use ratatui::{
     Frame,
 };
 use crate::config::colors::themes::Theme;
-use crate::ui::form::FormState;
+use crate::state::pages::form::FormState;
 use crate::components::handlers::canvas::render_canvas;
 
 pub fn render_form(

client/src/components/handlers/canvas.rs

@@ -8,7 +8,7 @@ use ratatui::{
     prelude::Alignment,
 };
 use crate::config::colors::themes::Theme;
-use crate::ui::form::FormState;
+use crate::state::pages::form::FormState;
 
 pub fn render_canvas(
     f: &mut Frame,

client/src/components/intro/intro.rs

@@ -1,4 +1,4 @@
-// src/components/handlers/intro.rs
+// src/components/intro/intro.rs
 use ratatui::{
     layout::{Alignment, Constraint, Direction, Layout, Rect},
     style::Style,
@@ -33,7 +33,7 @@ impl IntroState {
             .direction(Direction::Vertical)
             .constraints([
                 Constraint::Percentage(35),
-                Constraint::Length(5),
+                Constraint::Length(7), // Increased to accommodate 3 buttons
                 Constraint::Percentage(35),
             ])
             .split(inner_area);
@@ -48,10 +48,14 @@ impl IntroState {
             .alignment(Alignment::Center);
         f.render_widget(title_para, chunks[1]);
 
-        // Buttons
+        // Buttons - now with 3 options
         let button_area = Layout::default()
             .direction(Direction::Horizontal)
-            .constraints([Constraint::Percentage(50), Constraint::Percentage(50)])
+            .constraints([
+                Constraint::Percentage(33),
+                Constraint::Percentage(33),
+                Constraint::Percentage(33),
+            ])
             .split(chunks[1].inner(Margin {
                 horizontal: 1,
                 vertical: 1
@@ -71,6 +75,13 @@ impl IntroState {
             self.selected_option == 1,
             theme,
         );
+        self.render_button(
+            f,
+            button_area[2],
+            "Login",
+            self.selected_option == 2,
+            theme,
+        );
     }
 
     fn render_button(&self, f: &mut Frame, area: Rect, text: &str, selected: bool, theme: &Theme) {
@@ -100,11 +111,23 @@ impl IntroState {
         f.render_widget(button, area);
     }
 
-    pub fn next_option(&mut self) {
-        self.selected_option = (self.selected_option + 1) % 2;
+ pub fn next_option(&mut self) {
+        self.selected_option = (self.selected_option + 1) % 3;
     }
 
     pub fn previous_option(&mut self) {
-        self.selected_option = if self.selected_option == 0 { 1 } else { 0 };
+        self.selected_option = if self.selected_option == 0 { 2 } else { self.selected_option - 1 };
+    }
+
+    pub fn handle_selection(&self, app_state: &mut crate::state::state::AppState) {
+        match self.selected_option {
+            0 => { /* Continue logic */ }
+            1 => { /* Admin logic */ }
+            2 => {
+                app_state.ui.show_intro = false;
+                app_state.ui.show_login = true;
+            }
+            _ => {}
+        }
     }
 }

client/src/components/mod.rs

@@ -4,9 +4,11 @@ pub mod intro;
 pub mod admin;
 pub mod common;
 pub mod form;
+pub mod auth;
 
 pub use handlers::*;
 pub use intro::*;
 pub use admin::*;
 pub use common::*;
 pub use form::*;
+pub use auth::*;

client/src/modes/canvas/common.rs

@@ -5,7 +5,7 @@ use crate::config::binds::config::Config;
 use crate::tui::terminal::grpc_client::GrpcClient;
 use crate::tui::terminal::core::TerminalCore;
 use crate::tui::controls::commands::CommandHandler;
-use crate::ui::handlers::form::FormState;
+use crate::state::pages::form::FormState;
 use crate::state::state::AppState;
 use common::proto::multieko2::adresar::{PostAdresarRequest, PutAdresarRequest};
 

client/src/modes/canvas/edit.rs

@@ -6,7 +6,7 @@ use crate::tui::terminal::{
     grpc_client::GrpcClient,
 };
 use crate::config::binds::config::Config;
-use crate::ui::handlers::form::FormState;
+use crate::state::pages::form::FormState;
 use crate::modes::canvas::common;
 
 pub async fn handle_edit_event_internal(

client/src/modes/canvas/read_only.rs

@@ -2,7 +2,7 @@
 
 use crossterm::event::{KeyEvent};
 use crate::config::binds::config::Config;
-use crate::ui::handlers::form::FormState;
+use crate::state::pages::form::FormState;
 use crate::config::binds::key_sequences::KeySequenceTracker;
 use crate::tui::terminal::grpc_client::GrpcClient;
 

client/src/modes/common/command_mode.rs

@@ -3,7 +3,7 @@
 use crossterm::event::{KeyEvent, KeyCode, KeyModifiers};
 use crate::tui::terminal::grpc_client::GrpcClient;
 use crate::config::binds::config::Config;
-use crate::ui::handlers::form::FormState;
+use crate::state::pages::form::FormState;
 use crate::tui::controls::commands::CommandHandler;
 use crate::tui::terminal::core::TerminalCore;
 use crate::modes::{

client/src/modes/general/navigation.rs

@@ -3,7 +3,7 @@
 use crossterm::event::KeyEvent;
 use crate::config::binds::config::Config;
 use crate::state::state::AppState;
-use crate::ui::handlers::form::FormState;
+use crate::state::pages::form::FormState;
 
 pub async fn handle_navigation_event(
     key: KeyEvent,

client/src/modes/handlers/event.rs

@@ -7,7 +7,7 @@ use crate::tui::terminal::{
 };
 use crate::tui::controls::commands::CommandHandler;
 use crate::config::binds::config::Config;
-use crate::ui::handlers::form::FormState;
+use crate::state::pages::form::FormState;
 use crate::ui::handlers::rat_state::UiStateHandler;
 use crate::modes::{
     common::{command_mode},

client/src/state/mod.rs

@@ -1,2 +1,3 @@
 // src/state/mod.rs
 pub mod state;
+pub mod pages;

client/src/state/pages.rs

@@ -0,0 +1,3 @@
+// src/state/pages.rs
+
+pub mod form;

client/src/state/pages/form.rs

@@ -1,4 +1,4 @@
-// src/client/ui/handlers/form.rs
+// src/state/pages/form.rs
 use crate::config::colors::themes::Theme;
 use ratatui::layout::Rect;
 use ratatui::Frame;

client/src/state/state.rs

@@ -11,6 +11,7 @@ pub struct UiState {
     pub show_intro: bool,
     pub show_admin: bool,
     pub show_form: bool,
+    pub show_login: bool,
     pub intro_state: IntroState,
 }
 
@@ -75,6 +76,7 @@ impl Default for UiState {
             show_intro: true,
             show_admin: false,
             show_form: false,
+            show_login: false,
             intro_state: IntroState::new(),
         }
     }

client/src/ui/handlers.rs

@@ -1,7 +1,6 @@
 // src/client/ui/handlers.rs
 
 pub mod ui;
-pub mod form;
 pub mod render;
 pub mod rat_state;
 

client/src/ui/handlers/render.rs

@@ -12,7 +12,7 @@ use crate::components::{
 use crate::config::colors::themes::Theme;
 use ratatui::layout::{Constraint, Direction, Layout};
 use ratatui::Frame;
-use super::form::FormState;
+use crate::state::pages::form::FormState;
 use crate::state::state::AppState;
 
 pub fn render_ui(

client/src/ui/handlers/ui.rs

@@ -6,7 +6,8 @@ use crate::tui::controls::CommandHandler;
 use crate::tui::terminal::EventReader;
 use crate::config::colors::themes::Theme;
 use crate::config::binds::config::Config;
-use crate::ui::handlers::{form::FormState, render::render_ui};
+use crate::ui::handlers::render::render_ui;
+use crate::state::pages::form::FormState;
 use crate::modes::handlers::event::EventHandler;
 use crate::state::state::AppState;
 use crate::components::admin::{admin_panel::AdminPanelState};

common/proto/auth.proto

@@ -6,6 +6,7 @@ import "common.proto";
 
 service AuthService {
     rpc Register(RegisterRequest) returns (AuthResponse);
+    rpc Login(LoginRequest) returns (LoginResponse);
 }
 
 message RegisterRequest {
@@ -21,3 +22,16 @@ message AuthResponse {
     string email = 3;        // Registered email (if provided)
     string role = 4;         // Default role: 'accountant'
 }
+
+message LoginRequest {
+    string identifier = 1;   // Can be username or email
+    string password = 2;
+}
+
+message LoginResponse {
+    string access_token = 1;   // JWT token
+    string token_type = 2;     // Usually "Bearer"
+    int32 expires_in = 3;      // Expiration in seconds (86400 for 24 hours)
+    string user_id = 4;        // User's UUID in string format
+    string role = 5;           // User's role
+}

common/src/proto/multieko2.auth.rs

@@ -25,6 +25,32 @@ pub struct AuthResponse {
     #[prost(string, tag = "4")]
     pub role: ::prost::alloc::string::String,
 }
+#[derive(Clone, PartialEq, ::prost::Message)]
+pub struct LoginRequest {
+    /// Can be username or email
+    #[prost(string, tag = "1")]
+    pub identifier: ::prost::alloc::string::String,
+    #[prost(string, tag = "2")]
+    pub password: ::prost::alloc::string::String,
+}
+#[derive(Clone, PartialEq, ::prost::Message)]
+pub struct LoginResponse {
+    /// JWT token
+    #[prost(string, tag = "1")]
+    pub access_token: ::prost::alloc::string::String,
+    /// Usually "Bearer"
+    #[prost(string, tag = "2")]
+    pub token_type: ::prost::alloc::string::String,
+    /// Expiration in seconds (86400 for 24 hours)
+    #[prost(int32, tag = "3")]
+    pub expires_in: i32,
+    /// User's UUID in string format
+    #[prost(string, tag = "4")]
+    pub user_id: ::prost::alloc::string::String,
+    /// User's role
+    #[prost(string, tag = "5")]
+    pub role: ::prost::alloc::string::String,
+}
 /// Generated client implementations.
 pub mod auth_service_client {
     #![allow(
@@ -137,6 +163,27 @@ pub mod auth_service_client {
                 .insert(GrpcMethod::new("multieko2.auth.AuthService", "Register"));
             self.inner.unary(req, path, codec).await
         }
+        pub async fn login(
+            &mut self,
+            request: impl tonic::IntoRequest<super::LoginRequest>,
+        ) -> std::result::Result<tonic::Response<super::LoginResponse>, tonic::Status> {
+            self.inner
+                .ready()
+                .await
+                .map_err(|e| {
+                    tonic::Status::unknown(
+                        format!("Service was not ready: {}", e.into()),
+                    )
+                })?;
+            let codec = tonic::codec::ProstCodec::default();
+            let path = http::uri::PathAndQuery::from_static(
+                "/multieko2.auth.AuthService/Login",
+            );
+            let mut req = request.into_request();
+            req.extensions_mut()
+                .insert(GrpcMethod::new("multieko2.auth.AuthService", "Login"));
+            self.inner.unary(req, path, codec).await
+        }
     }
 }
 /// Generated server implementations.
@@ -156,6 +203,10 @@ pub mod auth_service_server {
             &self,
             request: tonic::Request<super::RegisterRequest>,
         ) -> std::result::Result<tonic::Response<super::AuthResponse>, tonic::Status>;
+        async fn login(
+            &self,
+            request: tonic::Request<super::LoginRequest>,
+        ) -> std::result::Result<tonic::Response<super::LoginResponse>, tonic::Status>;
     }
     #[derive(Debug)]
     pub struct AuthServiceServer<T> {
@@ -278,6 +329,49 @@ pub mod auth_service_server {
                     };
                     Box::pin(fut)
                 }
+                "/multieko2.auth.AuthService/Login" => {
+                    #[allow(non_camel_case_types)]
+                    struct LoginSvc<T: AuthService>(pub Arc<T>);
+                    impl<T: AuthService> tonic::server::UnaryService<super::LoginRequest>
+                    for LoginSvc<T> {
+                        type Response = super::LoginResponse;
+                        type Future = BoxFuture<
+                            tonic::Response<Self::Response>,
+                            tonic::Status,
+                        >;
+                        fn call(
+                            &mut self,
+                            request: tonic::Request<super::LoginRequest>,
+                        ) -> Self::Future {
+                            let inner = Arc::clone(&self.0);
+                            let fut = async move {
+                                <T as AuthService>::login(&inner, request).await
+                            };
+                            Box::pin(fut)
+                        }
+                    }
+                    let accept_compression_encodings = self.accept_compression_encodings;
+                    let send_compression_encodings = self.send_compression_encodings;
+                    let max_decoding_message_size = self.max_decoding_message_size;
+                    let max_encoding_message_size = self.max_encoding_message_size;
+                    let inner = self.inner.clone();
+                    let fut = async move {
+                        let method = LoginSvc(inner);
+                        let codec = tonic::codec::ProstCodec::default();
+                        let mut grpc = tonic::server::Grpc::new(codec)
+                            .apply_compression_config(
+                                accept_compression_encodings,
+                                send_compression_encodings,
+                            )
+                            .apply_max_message_size_config(
+                                max_decoding_message_size,
+                                max_encoding_message_size,
+                            );
+                        let res = grpc.unary(method, req).await;
+                        Ok(res)
+                    };
+                    Box::pin(fut)
+                }
                 _ => {
                     Box::pin(async move {
                         let mut response = http::Response::new(empty_body());

server/Cargo.toml

@@ -26,7 +26,8 @@ lazy_static = "1.5.0"
 regex = "1.11.1"
 bcrypt = "0.17.0"
 validator = { version = "0.20.0", features = ["derive"] }
-uuid = { version = "1.16.0", features = ["v4"] }
+uuid = { version = "1.16.0", features = ["serde", "v4"] }
+jsonwebtoken = "9.3.1"
 
 [lib]
 name = "server"

server/src/auth/docs/reg_log.txt

@@ -0,0 +1,51 @@
+❯ grpcurl -plaintext -d '{
+  "username": "testuser3",
+  "email": "test3@example.com",
+  "password": "your_password",
+  "password_confirmation": "your_password"
+}' localhost:50051 multieko2.auth.AuthService/Register
+{
+  "id": "96d2fd35-b39d-4c05-916a-66134453d34c",
+  "username": "testuser3",
+  "email": "test3@example.com",
+  "role": "accountant"
+}
+❯ grpcurl -plaintext -d '{
+  "identifier": "testuser3"
+}' localhost:50051 multieko2.auth.AuthService/Login
+ERROR:
+  Code: Unauthenticated
+  Message: Invalid credentials
+❯ grpcurl -plaintext -d '{
+  "identifier": "testuser3",
+  "password": "your_password"
+}' localhost:50051 multieko2.auth.AuthService/Login
+{
+  "accessToken": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI5NmQyZmQzNS1iMzlkLTRjMDUtOTE2YS02NjEzNDQ1M2QzNGMiLCJleHAiOjE3NDI5ODE2MTAsInJvbGUiOiJhY2NvdW50YW50In0.78VIR3X4QZohzeI5x3xmkmqcICTusOC6PELPohMV-k8",
+  "tokenType": "Bearer",
+  "expiresIn": 86400,
+  "userId": "96d2fd35-b39d-4c05-916a-66134453d34c",
+  "role": "accountant"
+}
+❯ grpcurl -plaintext -d '{
+  "username": "testuser4",
+  "email": "test4@example.com"
+}' localhost:50051 multieko2.auth.AuthService/Register
+{
+  "id": "413d7ecc-f231-48af-8c5a-566b1dc2bf0b",
+  "username": "testuser4",
+  "email": "test4@example.com",
+  "role": "accountant"
+}
+❯ grpcurl -plaintext -d '{
+  "identifier": "test4@example.com"
+}' localhost:50051 multieko2.auth.AuthService/Login
+{
+  "accessToken": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI0MTNkN2VjYy1mMjMxLTQ4YWYtOGM1YS01NjZiMWRjMmJmMGIiLCJleHAiOjE3NDI5ODE3MDEsInJvbGUiOiJhY2NvdW50YW50In0.4Hzu3tTZRNGHnBSgeCbGy2tFTl8EzpPdXBhcW8kuIc8",
+  "tokenType": "Bearer",
+  "expiresIn": 86400,
+  "userId": "413d7ecc-f231-48af-8c5a-566b1dc2bf0b",
+  "role": "accountant"
+}
+╭─     ~/Doc/pr/multieko2/server     auth ······ ✔
+╰─

server/src/auth/handlers.rs

@@ -1,5 +1,7 @@
 // src/auth/handlers.rs
 
 pub mod register;
+pub mod login;
 
 pub use register::*;
+pub use login::*;

server/src/auth/handlers/login.rs

@@ -0,0 +1,46 @@
+// src/auth/handlers/login.rs
+use bcrypt::verify;
+use tonic::{Request, Response, Status};
+use crate::db::PgPool;
+use crate::auth::{models::AuthError, logic::jwt}; // Fixed import path
+use common::proto::multieko2::auth::{LoginRequest, LoginResponse};
+
+pub async fn login(
+    pool: &PgPool,
+    request: LoginRequest,
+) -> Result<Response<LoginResponse>, Status> {
+    let user = sqlx::query!(
+        r#"
+        SELECT id, password_hash, role
+        FROM users
+        WHERE username = $1 OR email = $1
+        "#,
+        request.identifier
+    )
+    .fetch_optional(pool)
+    .await
+    .map_err(|e| Status::internal(e.to_string()))?
+    .ok_or_else(|| Status::unauthenticated("Invalid credentials"))?;
+
+    // Handle the optional password_hash
+    let password_hash = user.password_hash
+        .ok_or_else(|| Status::internal("User account has no password set"))?;
+
+    // Verify the password
+    if !verify(&request.password, &password_hash)
+        .map_err(|e| Status::internal(e.to_string()))?
+    {
+        return Err(Status::unauthenticated("Invalid credentials"));
+    }
+
+    let token = jwt::generate_token(user.id, &user.role)
+        .map_err(|e| Status::internal(e.to_string()))?;
+
+    Ok(Response::new(LoginResponse {
+        access_token: token,
+        token_type: "Bearer".to_string(),
+        expires_in: 86400, // 24 hours
+        user_id: user.id.to_string(),
+        role: user.role,
+    }))
+}

server/src/auth/handlers/register.rs

@@ -1,64 +1,48 @@
 // src/auth/handlers/register.rs
-
 use bcrypt::{hash, DEFAULT_COST};
-use tonic::{Request, Response, Status};
-use common::proto::multieko2::auth::{auth_service_server, RegisterRequest, AuthResponse};
+use tonic::{Response, Status};
+use common::proto::multieko2::auth::{RegisterRequest, AuthResponse};
 use crate::db::PgPool;
 use crate::auth::models::AuthError;
 
-pub struct AuthService {
-    pool: PgPool,
-}
-
-impl AuthService {
-    pub fn new(pool: PgPool) -> Self {
-        Self { pool }
+pub async fn register(
+    pool: &PgPool,
+    payload: RegisterRequest,
+) -> Result<Response<AuthResponse>, Status> {
+    // Validate passwords match
+    if payload.password != payload.password_confirmation {
+        return Err(Status::invalid_argument(AuthError::PasswordMismatch.to_string()));
     }
-}
 
-#[tonic::async_trait]
-impl auth_service_server::AuthService for AuthService {
-    async fn register(
-        &self,
-        request: Request<RegisterRequest>,
-    ) -> Result<Response<AuthResponse>, Status> {
-        let payload = request.into_inner();
+    // Hash password
+    let password_hash = hash(payload.password, DEFAULT_COST)
+        .map_err(|e| Status::internal(AuthError::HashingError(e.to_string()).to_string()))?;
 
-        // Validate passwords match
-        if payload.password != payload.password_confirmation {
-            return Err(Status::invalid_argument(AuthError::PasswordMismatch.to_string()));
+    // Insert user
+    let user = sqlx::query!(
+        r#"
+        INSERT INTO users (username, email, password_hash, role)
+        VALUES ($1, $2, $3, 'accountant')
+        RETURNING id, username, email, role
+        "#,
+        payload.username,
+        payload.email,
+        password_hash
+    )
+    .fetch_one(pool)
+    .await
+    .map_err(|e| {
+        if e.to_string().contains("duplicate key") {
+            Status::already_exists(AuthError::UserExists.to_string())
+        } else {
+            Status::internal(AuthError::DatabaseError(e.to_string()).to_string())
         }
+    })?;
 
-        // Hash password
-        let password_hash = hash(payload.password, DEFAULT_COST)
-            .map_err(|e| Status::internal(AuthError::HashingError(e.to_string()).to_string()))?;
-
-        // Insert user
-        let user = sqlx::query!(
-            r#"
-            INSERT INTO users (username, email, password_hash, role)
-            VALUES ($1, $2, $3, 'accountant')
-            RETURNING id, username, email, role
-            "#,
-            payload.username,
-            payload.email,
-            password_hash
-        )
-        .fetch_one(&self.pool)
-        .await
-        .map_err(|e| {
-            if e.to_string().contains("duplicate key") {
-                Status::already_exists(AuthError::UserExists.to_string())
-            } else {
-                Status::internal(AuthError::DatabaseError(e.to_string()).to_string())
-            }
-        })?;
-
-        Ok(Response::new(AuthResponse {
-            id: user.id.to_string(),
-            username: user.username,
-            email: user.email.unwrap_or_default(),
-            role: user.role,
-        }))
-    }
+    Ok(Response::new(AuthResponse {
+        id: user.id.to_string(),
+        username: user.username,
+        email: user.email.unwrap_or_default(),
+        role: user.role,
+    }))
 }

server/src/auth/logic.rs

@@ -0,0 +1,9 @@
+// src/auth/logic.rs
+
+pub mod jwt;
+pub mod middleware;
+// TODO implement RBAC on all of the endpoints
+// pub mod rbac;
+
+pub use jwt::*;
+pub use middleware::*;

server/src/auth/logic/jwt.rs

@@ -0,0 +1,55 @@
+// src/auth/jwt.rs
+use jsonwebtoken::{encode, decode, Header, EncodingKey, DecodingKey, Validation};
+use serde::{Deserialize, Serialize};
+use time::{Duration, OffsetDateTime};
+use uuid::Uuid;
+use std::sync::OnceLock;
+use crate::auth::models::AuthError;
+
+static KEYS: OnceLock<Keys> = OnceLock::new();
+
+struct Keys {
+    encoding: EncodingKey,
+    decoding: DecodingKey,
+}
+
+#[derive(Debug, Serialize, Deserialize, Clone)]
+pub struct Claims {
+    pub sub: Uuid,    // User ID
+    pub exp: i64,     // Expiration time
+    pub role: String, // User role
+}
+
+pub fn init_jwt() -> Result<(), AuthError> {
+    let secret = std::env::var("JWT_SECRET")
+        .map_err(|_| AuthError::ConfigError("JWT_SECRET must be set".to_string()))?;
+
+    KEYS.set(Keys {
+        encoding: EncodingKey::from_secret(secret.as_bytes()),
+        decoding: DecodingKey::from_secret(secret.as_bytes()),
+    }).map_err(|_| AuthError::ConfigError("Failed to initialize JWT keys".to_string()))?;
+
+    Ok(())
+}
+
+pub fn generate_token(user_id: Uuid, role: &str) -> Result<String, AuthError> {
+    let keys = KEYS.get().ok_or(AuthError::ConfigError("JWT not initialized".to_string()))?;
+    
+    let exp = OffsetDateTime::now_utc() + Duration::days(365000);
+    let claims = Claims {
+        sub: user_id,
+        exp: exp.unix_timestamp(),
+        role: role.to_string(),
+    };
+
+    encode(&Header::default(), &claims, &keys.encoding)
+        .map_err(|e| AuthError::JwtError(e.to_string()))
+}
+
+pub fn validate_token(token: &str) -> Result<Claims, AuthError> {
+    let keys = KEYS.get().ok_or(AuthError::ConfigError("JWT not initialized".to_string()))?;
+    
+    decode::<Claims>(token, &keys.decoding, &Validation::default())
+        .map(|data| data.claims)
+        .map_err(|e| AuthError::JwtError(e.to_string()))
+}

server/src/auth/logic/middleware.rs

@@ -0,0 +1,22 @@
+// src/auth/middleware.rs
+use tonic::{metadata::MetadataValue, service::Interceptor, Status};
+use crate::auth::{logic::jwt, models::AuthError};
+
+pub struct AuthInterceptor;
+
+impl Interceptor for AuthInterceptor {
+    fn call(&mut self, mut request: tonic::Request<()>) -> Result<tonic::Request<()>, Status> {
+        let metadata = request.metadata();
+        let token = metadata.get("authorization")
+            .and_then(|v| v.to_str().ok())
+            .and_then(|s| s.strip_prefix("Bearer "))
+            .ok_or(Status::unauthenticated("Missing authorization header"))?;
+
+        let claims = jwt::validate_token(token)
+            .map_err(|e| Status::unauthenticated(e.to_string()))?;
+
+        // Store claims in request extensions
+        request.extensions_mut().insert(claims);
+        Ok(request)
+    }
+}

server/src/auth/logic/rbac.rs

@@ -0,0 +1,36 @@
+// src/auth/logic/rbac.rs
+
+use tower::ServiceBuilder;
+use crate::auth::logic::rbac;
+
+pub async fn run_server(db_pool: sqlx::PgPool) -> Result<(), Box<dyn std::error::Error>> {
+    // ... existing setup code ...
+
+    // Create service layers
+    let adresar_layer = ServiceBuilder::new()
+        .layer(rbac::create_adresar_layer())
+        .into_inner();
+
+    let uctovnictvo_layer = ServiceBuilder::new()
+        .layer(rbac::create_uctovnictvo_layer())
+        .into_inner();
+
+    // Create services with layers
+    let adresar_service = AdresarServer::new(AdresarService { db_pool: db_pool.clone() })
+        .layer(adresar_layer);
+
+    let uctovnictvo_service = UctovnictvoServer::new(UctovnictvoService { db_pool: db_pool.clone() })
+        .layer(uctovnictvo_layer);
+
+    // ... repeat for other services ...
+
+    Server::builder()
+        .add_service(auth_server)
+        .add_service(adresar_service)
+        .add_service(uctovnictvo_service)
+        // ... other services ...
+        .serve(addr)
+        .await?;
+
+    Ok(())
+}

server/src/auth/mod.rs

@@ -1,5 +1,6 @@
 // src/auth/mod.rs
 
 pub mod models;
+pub mod logic;
 pub mod handlers;
 

server/src/auth/models.rs

@@ -14,6 +14,14 @@ pub struct RegisterRequest {
     pub password_confirmation: String,
 }
 
+#[derive(Debug, Validate, Deserialize)]
+pub struct LoginRequest {
+    #[validate(length(min = 1))]
+    pub identifier: String,
+    #[validate(length(min = 1))]
+    pub password: String,
+}
+
 #[derive(Debug, thiserror::Error)]
 pub enum AuthError {
     #[error("Passwords do not match")]
@@ -24,4 +32,10 @@ pub enum AuthError {
     DatabaseError(String),
     #[error("Hashing error: {0}")]
     HashingError(String),
+    #[error("Invalid credentials")]
+    InvalidCredentials,
+    #[error("JWT error: {0}")]
+    JwtError(String),
+    #[error("Configuration error: {0}")]
+    ConfigError(String),
 }

server/src/server/run.rs

@@ -10,6 +10,7 @@ use crate::server::services::{
     TableDefinitionService,
     TablesDataService,
     TableScriptService,
+    AuthServiceImpl
 };
 use common::proto::multieko2::{
     adresar::adresar_server::AdresarServer,
@@ -18,11 +19,13 @@ use common::proto::multieko2::{
     table_definition::table_definition_server::TableDefinitionServer,
     tables_data::tables_data_server::TablesDataServer,
     table_script::table_script_server::TableScriptServer,
-    auth::auth_service_server::AuthServiceServer  // Add this import
+    auth::auth_service_server::AuthServiceServer
 };
-use crate::auth::handlers::AuthService;  // Add this import
 
 pub async fn run_server(db_pool: sqlx::PgPool) -> Result<(), Box<dyn std::error::Error>> {
+    // Initialize JWT for authentication
+    crate::auth::logic::jwt::init_jwt()?;
+    
     let addr = "[::1]:50051".parse()?;
 
     let reflection_service = ReflectionBuilder::configure()
@@ -33,7 +36,7 @@ pub async fn run_server(db_pool: sqlx::PgPool) -> Result<(), Box<dyn std::error:
     let table_definition_service = TableDefinitionService { db_pool: db_pool.clone() };
     let tables_data_service = TablesDataService { db_pool: db_pool.clone() };
     let table_script_service = TableScriptService { db_pool: db_pool.clone() };
-    let auth_service = AuthService::new(db_pool.clone());  // Add this line
+    let auth_service = AuthServiceImpl { db_pool: db_pool.clone() };
 
     Server::builder()
         .add_service(AdresarServer::new(AdresarService { db_pool: db_pool.clone() }))

server/src/server/services/auth_service.rs

@@ -0,0 +1,36 @@
+// src/server/services/auth_service.rs
+use tonic::{Request, Response, Status};
+use common::proto::multieko2::auth::{
+    auth_service_server::AuthService,
+    RegisterRequest, AuthResponse,
+    LoginRequest, LoginResponse
+};
+use crate::auth::handlers::{
+    login::login,
+    register::register
+};
+use sqlx::PgPool;
+
+#[derive(Debug)]
+pub struct AuthServiceImpl {
+    pub db_pool: PgPool,
+}
+
+#[tonic::async_trait]
+impl AuthService for AuthServiceImpl {
+    async fn register(
+        &self,
+        request: Request<RegisterRequest>,
+    ) -> Result<Response<AuthResponse>, Status> {
+        let response = register(&self.db_pool, request.into_inner()).await?;
+        Ok(response)
+    }
+
+    async fn login(
+        &self,
+        request: Request<LoginRequest>,
+    ) -> Result<Response<LoginResponse>, Status> {
+        let response = login(&self.db_pool, request.into_inner()).await?;
+        Ok(response)
+    }
+}

server/src/server/services/mod.rs

@@ -6,6 +6,7 @@ pub mod uctovnictvo_service;
 pub mod table_definition_service;
 pub mod tables_data_service;
 pub mod table_script_service;
+pub mod auth_service;
 
 pub use adresar_service::AdresarService;
 pub use table_structure_service::TableStructureHandler;
@@ -13,3 +14,4 @@ pub use uctovnictvo_service::UctovnictvoService;
 pub use table_definition_service::TableDefinitionService;
 pub use tables_data_service::TablesDataService;
 pub use table_script_service::TableScriptService;
+pub use auth_service::AuthServiceImpl;