+1

backend/cmd/api/main.go

reviewed

··· 38 38 r.Group(func(r chi.Router) { 39 39 r.Use(auth.RequireAuth) 40 40 r.Get("/whoami", authHandler.Whoami) 41 41 + r.Post("/change-password", authHandler.ChangePassword) 41 42 }) 42 43 }) 43 44

+17

backend/internal/handlers/auth.go

reviewed

··· 46 46 w.Write([]byte(email)) 47 47 w.WriteHeader(http.StatusOK) 48 48 } 49 49 + 50 50 + func (h *AuthHandler) ChangePassword(w http.ResponseWriter, r *http.Request) { 51 51 + userID := middlewares.GetUserID(r.Context()) 52 52 + var req models.ChangePasswordRequest 53 53 + if err := json.NewDecoder(r.Body).Decode(&req); err != nil { 54 54 + http.Error(w, err.Error(), http.StatusBadRequest) 55 55 + return 56 56 + } 57 57 + 58 58 + err := h.svc.ChangePassword(r.Context(), userID, req) 59 59 + if err != nil { 60 60 + http.Error(w, err.Error(), http.StatusInternalServerError) 61 61 + return 62 62 + } 63 63 + 64 64 + w.WriteHeader(http.StatusOK) 65 65 + }

+4

backend/internal/models/auth.go

reviewed

··· 4 4 Email string `json:"email" binding:"required,email"` 5 5 Password string `json:"password" binding:"required,min=8,max=100"` 6 6 } 7 7 + 8 8 + type ChangePasswordRequest struct { 9 9 + NewPassword string `json:"new_password" binding:"required,min=8,max=100"` 10 10 + }

+13

backend/internal/services/auth.go

reviewed

··· 49 49 50 50 return user.Email, nil 51 51 } 52 52 + 53 53 + func (s *AuthService) ChangePassword(context context.Context, userId string, req models.ChangePasswordRequest) error { 54 54 + user, err := s.user.GetFromID(userId) 55 55 + if err != nil { 56 56 + return err 57 57 + } 58 58 + 59 59 + if err := s.user.UpdatePassword(user, req.NewPassword); err != nil { 60 60 + return err 61 61 + } 62 62 + 63 63 + return nil 64 64 + }

+16 -2

backend/internal/services/user.go

reviewed

··· 18 18 19 19 // get a user by its email 20 20 func (s *UserService) GetFromEmail(email string) (*models.User, error) { 21 21 - row := s.db.QueryRow("select * from \"user\" where email = ?", email) 21 21 + row := s.db.QueryRow("select * from \"users\" where email = ?", email) 22 22 var user models.User 23 23 if err := row.Scan(&user.ID, &user.Email, &user.PasswordHash); err != nil { 24 24 return nil, err ··· 41 41 } 42 42 43 43 func (s *UserService) GetFromID(userId string) (*models.User, error) { 44 44 - row := s.db.QueryRow("select * from \"user\" where id = ?", userId) 44 44 + row := s.db.QueryRow("select * from \"users\" where id = ?", userId) 45 45 var user models.User 46 46 if err := row.Scan(&user.ID, &user.Email, &user.PasswordHash); err != nil { 47 47 return nil, err 48 48 } 49 49 return &user, nil 50 50 } 51 51 + 52 52 + func (s *UserService) UpdatePassword(user *models.User, newPassword string) error { 53 53 + hashedPassword, err := bcrypt.GenerateFromPassword([]byte(newPassword), bcrypt.DefaultCost) 54 54 + if err != nil { 55 55 + return err 56 56 + } 57 57 + 58 58 + _, err = s.db.Exec("update \"users\" set password_hash = ? where id = ?", hashedPassword, user.ID) 59 59 + if err != nil { 60 60 + return err 61 61 + } 62 62 + 63 63 + return nil 64 64 + }

+1

backend/migrations/20250205_passwd_hash.sql

reviewed

··· 1 1 + alter table users rename column password to password_hash;