modified: main_dc/yalarba/api_es/go.mod

modified: main_dc/yalarba/api_es/go.sum new file: main_dc/yalarba/api_es/internal/dto/user.go new file: main_dc/yalarba/api_es/internal/handler/all_handlers.go new file: main_dc/yalarba/api_es/internal/handler/auth_handler.go new file: main_dc/yalarba/api_es/internal/handler/user_handler.go deleted: main_dc/yalarba/api_es/internal/handlers/all_handlers.go deleted: main_dc/yalarba/api_es/internal/handlers/auth_handler.go deleted: main_dc/yalarba/api_es/internal/handlers/user_handler.go new file: main_dc/yalarba/api_es/internal/middleware/auth.go deleted: main_dc/yalarba/api_es/internal/repositories/user_repository.go new file: main_dc/yalarba/api_es/internal/repository/user_repository.go new file: main_dc/yalarba/api_es/internal/service/user_service.go new file: main_dc/yalarba/api_es/internal/utils/jwt.go add service, handler, repository for user model
2025-11-12 05:19:26 +05:00
parent e30d62fc5a
commit 1c74d12df6
14 changed files with 758 additions and 16 deletions
@@ -8,9 +8,18 @@ require (
 	gorm.io/gorm v1.25.10
 )

-require go.uber.org/multierr v1.10.0 // indirect
+require (
+	github.com/gabriel-vasile/mimetype v1.4.10 // indirect
+	github.com/go-playground/locales v0.14.1 // indirect
+	github.com/go-playground/universal-translator v0.18.1 // indirect
+	github.com/leodido/go-urn v1.4.0 // indirect
+	go.uber.org/multierr v1.10.0 // indirect
+	golang.org/x/sys v0.36.0 // indirect
+)

 require (
+	github.com/go-playground/validator/v10 v10.28.0
+	github.com/golang-jwt/jwt/v4 v4.5.2
 	github.com/jackc/pgpassfile v1.0.0 // indirect
 	github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761 // indirect
 	github.com/jackc/pgx/v5 v5.6.0 // indirect
@@ -18,7 +27,7 @@ require (
 	github.com/jinzhu/inflection v1.0.0 // indirect
 	github.com/jinzhu/now v1.1.5 // indirect
 	go.uber.org/zap v1.27.0
-	golang.org/x/crypto v0.31.0 // indirect
-	golang.org/x/sync v0.10.0 // indirect
-	golang.org/x/text v0.21.0 // indirect
+	golang.org/x/crypto v0.42.0
+	golang.org/x/sync v0.17.0 // indirect
+	golang.org/x/text v0.29.0 // indirect
 )
@@ -1,8 +1,20 @@
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/gabriel-vasile/mimetype v1.4.10 h1:zyueNbySn/z8mJZHLt6IPw0KoZsiQNszIpU+bX4+ZK0=
+github.com/gabriel-vasile/mimetype v1.4.10/go.mod h1:d+9Oxyo1wTzWdyVUPMmXFvp4F9tea18J8ufA774AB3s=
 github.com/go-chi/chi/v5 v5.2.3 h1:WQIt9uxdsAbgIYgid+BpYc+liqQZGMHRaUwp0JUcvdE=
 github.com/go-chi/chi/v5 v5.2.3/go.mod h1:L2yAIGWB3H+phAw1NxKwWM+7eUH/lU8pOMm5hHcoops=
+github.com/go-playground/assert/v2 v2.2.0 h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s=
+github.com/go-playground/assert/v2 v2.2.0/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
+github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA=
+github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY=
+github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY=
+github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY=
+github.com/go-playground/validator/v10 v10.28.0 h1:Q7ibns33JjyW48gHkuFT91qX48KG0ktULL6FgHdG688=
+github.com/go-playground/validator/v10 v10.28.0/go.mod h1:GoI6I1SjPBh9p7ykNE/yj3fFYbyDOpwMn5KXd+m2hUU=
+github.com/golang-jwt/jwt/v4 v4.5.2 h1:YtQM7lnr8iZ+j5q71MGKkNw9Mn7AjHM68uc9g5fXeUI=
+github.com/golang-jwt/jwt/v4 v4.5.2/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
 github.com/jackc/pgpassfile v1.0.0 h1:/6Hmqy13Ss2zCq62VdNG8tM1wchn8zjSGOBJ6icpsIM=
 github.com/jackc/pgpassfile v1.0.0/go.mod h1:CEx0iS5ambNFdcRtxPj5JhEz+xB6uRky5eyVu/W2HEg=
 github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761 h1:iCEnooe7UlwOQYpKFhBabPMi4aNAfoODPEFNiAnClxo=
@@ -15,23 +27,29 @@ github.com/jinzhu/inflection v1.0.0 h1:K317FqzuhWc8YvSVlFMCCUb36O/S9MCKRDI7QkRKD
 github.com/jinzhu/inflection v1.0.0/go.mod h1:h+uFLlag+Qp1Va5pdKtLDYj+kHp5pxUVkryuEj+Srlc=
 github.com/jinzhu/now v1.1.5 h1:/o9tlHleP7gOFmsnYNz3RGnqzefHA47wQpKrrdTIwXQ=
 github.com/jinzhu/now v1.1.5/go.mod h1:d3SSVoowX0Lcu0IBviAWJpolVfI5UJVZZ7cO71lE/z8=
+github.com/leodido/go-urn v1.4.0 h1:WT9HwE9SGECu3lg4d/dIA+jxlljEa1/ffXKmRjqdmIQ=
+github.com/leodido/go-urn v1.4.0/go.mod h1:bvxc+MVxLKB4z00jd1z+Dvzr47oO32F/QSNjSBOlFxI=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk=
-github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
+github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
+github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
+go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
+go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
 go.uber.org/multierr v1.10.0 h1:S0h4aNzvfcFsC3dRF1jLoaov7oRaKqRGC/pUEJ2yvPQ=
 go.uber.org/multierr v1.10.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
 go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8=
 go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E=
-golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U=
-golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk=
-golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ=
-golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
-golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo=
-golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
+golang.org/x/crypto v0.42.0 h1:chiH31gIWm57EkTXpwnqf8qeuMUi0yekh6mT2AvFlqI=
+golang.org/x/crypto v0.42.0/go.mod h1:4+rDnOTJhQCx2q7/j6rAN5XDw8kPjeaXEUR2eL94ix8=
+golang.org/x/sync v0.17.0 h1:l60nONMj9l5drqw6jlhIELNv9I0A4OFgRsG9k2oT9Ug=
+golang.org/x/sync v0.17.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
+golang.org/x/sys v0.36.0 h1:KVRy2GtZBrk1cBYA7MKu5bEZFxQk4NIDV6RLVcC8o0k=
+golang.org/x/sys v0.36.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
+golang.org/x/text v0.29.0 h1:1neNs90w9YzJ9BocxfsQNHKuAT4pkghyXc4nhZ6sJvk=
+golang.org/x/text v0.29.0/go.mod h1:7MhJOA9CD2qZyOKYazxdYMF85OwPdEr9jTtBpO7ydH4=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
@@ -0,0 +1,85 @@
+package dto
+
+import (
+	"api_es/internal/models"
+	"time"
+)
+
+// RegisterRequest - запрос на регистрацию
+type RegisterRequest struct {
+	Email     string `json:"email" validate:"required,email"`
+	Password  string `json:"password" validate:"required,min=6"`
+	FullName  string `json:"full_name" validate:"required"`
+	FirstName string `json:"first_name" validate:"required"`
+	LastName  string `json:"last_name" validate:"required"`
+	Phone     string `json:"phone"`
+	City      string `json:"city"`
+}
+
+// LoginRequest - запрос на вход
+type LoginRequest struct {
+	Email    string `json:"email" validate:"required,email"`
+	Password string `json:"password" validate:"required"`
+}
+
+// UpdateUserRequest - запрос на обновление пользователя
+type UpdateUserRequest struct {
+	FullName          string `json:"full_name"`
+	FirstName         string `json:"first_name"`
+	LastName          string `json:"last_name"`
+	Phone             string `json:"phone"`
+	City              string `json:"city"`
+	OrganizationForm  string `json:"organization_form"`
+	OrganizationName  string `json:"organization_name"`
+	OrganizationShort string `json:"organization_short"`
+	INN               string `json:"inn"`
+	PersonalINN       string `json:"personal_inn"`
+}
+
+// UserResponse - ответ с данными пользователя
+type UserResponse struct {
+	ID                uint      `json:"id"`
+	Email             string    `json:"email"`
+	FullName          string    `json:"full_name"`
+	FirstName         string    `json:"first_name"`
+	LastName          string    `json:"last_name"`
+	Phone             string    `json:"phone"`
+	City              string    `json:"city"`
+	OrganizationForm  string    `json:"organization_form"`
+	OrganizationName  string    `json:"organization_name"`
+	OrganizationShort string    `json:"organization_short"`
+	INN               string    `json:"inn"`
+	PersonalINN       string    `json:"personal_inn"`
+	IsActive          bool      `json:"is_active"`
+	IsVerified        bool      `json:"is_verified"`
+	Role              string    `json:"role"`
+	CreatedAt         time.Time `json:"created_at"`
+}
+
+// AuthResponse - ответ с токеном
+type AuthResponse struct {
+	Token string       `json:"token"`
+	User  UserResponse `json:"user"`
+}
+
+// ToUserResponse преобразует модель в DTO
+func ToUserResponse(user *models.User) UserResponse {
+	return UserResponse{
+		ID:                user.ID,
+		Email:             user.Email,
+		FullName:          user.FullName,
+		FirstName:         user.FirstName,
+		LastName:          user.LastName,
+		Phone:             user.Phone,
+		City:              user.City,
+		OrganizationForm:  user.OrganizationForm,
+		OrganizationName:  user.OrganizationName,
+		OrganizationShort: user.OrganizationShort,
+		INN:               user.INN,
+		PersonalINN:       user.PersonalINN,
+		IsActive:          user.IsActive,
+		IsVerified:        user.IsVerified,
+		Role:              user.Role,
+		CreatedAt:         user.CreatedAt,
+	}
+}
@@ -0,0 +1 @@
+package handler
@@ -0,0 +1 @@
+package handler
@@ -0,0 +1,254 @@
+package handler
+
+import (
+	"encoding/json"
+	"net/http"
+	"strconv"
+	"api_es/internal/dto"
+	appMiddleware "api_es/internal/middleware"
+	"api_es/internal/service"
+
+	"github.com/go-chi/chi/v5"
+	"github.com/go-playground/validator/v10"
+)
+
+type UserHandler struct {
+	userService service.UserService
+	validator   *validator.Validate
+}
+
+func NewUserHandler(userService service.UserService) *UserHandler {
+	return &UserHandler{
+		userService: userService,
+		validator:   validator.New(),
+	}
+}
+
+// Register godoc
+// @Summary Register new user
+// @Description Create a new user account
+// @Tags auth
+// @Accept json
+// @Produce json
+// @Param request body dto.RegisterRequest true "Register request"
+// @Success 201 {object} dto.AuthResponse
+// @Failure 400 {object} map[string]string
+// @Failure 500 {object} map[string]string
+// @Router /auth/register [post]
+func (h *UserHandler) Register(w http.ResponseWriter, r *http.Request) {
+	var req dto.RegisterRequest
+	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+		http.Error(w, "Invalid request body", http.StatusBadRequest)
+		return
+	}
+
+	if err := h.validator.Struct(req); err != nil {
+		http.Error(w, err.Error(), http.StatusBadRequest)
+		return
+	}
+
+	response, err := h.userService.Register(r.Context(), req)
+	if err != nil {
+		switch err {
+		case service.ErrUserAlreadyExists:
+			http.Error(w, "User already exists", http.StatusConflict)
+		default:
+			http.Error(w, "Internal server error", http.StatusInternalServerError)
+		}
+		return
+	}
+
+	w.Header().Set("Content-Type", "application/json")
+	w.WriteHeader(http.StatusCreated)
+	json.NewEncoder(w).Encode(response)
+}
+
+// Login godoc
+// @Summary Login user
+// @Description Authenticate user and get token
+// @Tags auth
+// @Accept json
+// @Produce json
+// @Param request body dto.LoginRequest true "Login request"
+// @Success 200 {object} dto.AuthResponse
+// @Failure 400 {object} map[string]string
+// @Failure 401 {object} map[string]string
+// @Router /auth/login [post]
+func (h *UserHandler) Login(w http.ResponseWriter, r *http.Request) {
+	var req dto.LoginRequest
+	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+		http.Error(w, "Invalid request body", http.StatusBadRequest)
+		return
+	}
+
+	if err := h.validator.Struct(req); err != nil {
+		http.Error(w, err.Error(), http.StatusBadRequest)
+		return
+	}
+
+	response, err := h.userService.Login(r.Context(), req)
+	if err != nil {
+		switch err {
+		case service.ErrInvalidCredentials:
+			http.Error(w, "Invalid credentials", http.StatusUnauthorized)
+		default:
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+		}
+		return
+	}
+
+	w.Header().Set("Content-Type", "application/json")
+	json.NewEncoder(w).Encode(response)
+}
+
+// GetProfile godoc
+// @Summary Get user profile
+// @Description Get current user profile
+// @Tags users
+// @Accept json
+// @Produce json
+// @Security BearerAuth
+// @Success 200 {object} dto.UserResponse
+// @Failure 404 {object} map[string]string
+// @Router /users/profile [get]
+func (h *UserHandler) GetProfile(w http.ResponseWriter, r *http.Request) {
+	userID, ok := r.Context().Value(appMiddleware.UserIDKey).(uint)
+	if !ok {
+		http.Error(w, "Unauthorized", http.StatusUnauthorized)
+		return
+	}
+
+	user, err := h.userService.GetUserProfile(r.Context(), userID)
+	if err != nil {
+		http.Error(w, "User not found", http.StatusNotFound)
+		return
+	}
+
+	w.Header().Set("Content-Type", "application/json")
+	json.NewEncoder(w).Encode(user)
+}
+
+// UpdateProfile godoc
+// @Summary Update user profile
+// @Description Update current user profile
+// @Tags users
+// @Accept json
+// @Produce json
+// @Security BearerAuth
+// @Param request body dto.UpdateUserRequest true "Update request"
+// @Success 200 {object} dto.UserResponse
+// @Failure 400 {object} map[string]string
+// @Router /users/profile [put]
+func (h *UserHandler) UpdateProfile(w http.ResponseWriter, r *http.Request) {
+	userID, ok := r.Context().Value(appMiddleware.UserIDKey).(uint)
+	if !ok {
+		http.Error(w, "Unauthorized", http.StatusUnauthorized)
+		return
+	}
+
+	var req dto.UpdateUserRequest
+	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+		http.Error(w, "Invalid request body", http.StatusBadRequest)
+		return
+	}
+
+	user, err := h.userService.UpdateUser(r.Context(), userID, req)
+	if err != nil {
+		http.Error(w, err.Error(), http.StatusInternalServerError)
+		return
+	}
+
+	w.Header().Set("Content-Type", "application/json")
+	json.NewEncoder(w).Encode(user)
+}
+
+// GetUser godoc
+// @Summary Get user by ID
+// @Description Get user details by ID (admin only)
+// @Tags users
+// @Accept json
+// @Produce json
+// @Security BearerAuth
+// @Param id path int true "User ID"
+// @Success 200 {object} dto.UserResponse
+// @Failure 404 {object} map[string]string
+// @Router /users/{id} [get]
+func (h *UserHandler) GetUser(w http.ResponseWriter, r *http.Request) {
+	idStr := chi.URLParam(r, "id")
+	id, err := strconv.ParseUint(idStr, 10, 32)
+	if err != nil {
+		http.Error(w, "Invalid user ID", http.StatusBadRequest)
+		return
+	}
+
+	user, err := h.userService.GetUser(r.Context(), uint(id))
+	if err != nil {
+		http.Error(w, "User not found", http.StatusNotFound)
+		return
+	}
+
+	w.Header().Set("Content-Type", "application/json")
+	json.NewEncoder(w).Encode(user)
+}
+
+// ListUsers godoc
+// @Summary List users
+// @Description Get paginated list of users (admin only)
+// @Tags users
+// @Accept json
+// @Produce json
+// @Security BearerAuth
+// @Param limit query int false "Limit" default(10)
+// @Param offset query int false "Offset" default(0)
+// @Success 200 {array} dto.UserResponse
+// @Router /users [get]
+func (h *UserHandler) ListUsers(w http.ResponseWriter, r *http.Request) {
+	limitStr := r.URL.Query().Get("limit")
+	offsetStr := r.URL.Query().Get("offset")
+
+	limit := 10
+	offset := 0
+
+	if limitStr != "" {
+		if l, err := strconv.Atoi(limitStr); err == nil {
+			limit = l
+		}
+	}
+
+	if offsetStr != "" {
+		if o, err := strconv.Atoi(offsetStr); err == nil {
+			offset = o
+		}
+	}
+
+	users, err := h.userService.ListUsers(r.Context(), limit, offset)
+	if err != nil {
+		http.Error(w, err.Error(), http.StatusInternalServerError)
+		return
+	}
+
+	w.Header().Set("Content-Type", "application/json")
+	json.NewEncoder(w).Encode(users)
+}
+
+func (h *UserHandler) Routes() chi.Router {
+	r := chi.NewRouter()
+
+	r.Route("/auth", func(r chi.Router) {
+		r.Post("/register", h.Register)
+		r.Post("/login", h.Login)
+	})
+
+	r.Route("/users", func(r chi.Router) {
+		r.Use(appMiddleware.AuthMiddleware)
+
+		r.Get("/profile", h.GetProfile)
+		r.Put("/profile", h.UpdateProfile)
+
+		// Admin routes
+		r.With(appMiddleware.AdminMiddleware).Get("/", h.ListUsers)
+		r.With(appMiddleware.AdminMiddleware).Get("/{id}", h.GetUser)
+	})
+
+	return r
+}
@@ -1 +0,0 @@
-package handlers
@@ -1 +0,0 @@
-package handlers
@@ -1 +0,0 @@
-package handlers
@@ -0,0 +1,57 @@
+package middleware
+
+import (
+	"context"
+	"net/http"
+	"strings"
+	"api_es/internal/utils"
+)
+
+type contextKey string
+
+const (
+	UserIDKey    contextKey = "userID"
+	UserEmailKey contextKey = "userEmail"
+	UserRoleKey  contextKey = "userRole"
+)
+
+func AuthMiddleware(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		authHeader := r.Header.Get("Authorization")
+		if authHeader == "" {
+			http.Error(w, "Authorization header required", http.StatusUnauthorized)
+			return
+		}
+
+		tokenString := strings.Replace(authHeader, "Bearer ", "", 1)
+		if tokenString == "" {
+			http.Error(w, "Invalid token", http.StatusUnauthorized)
+			return
+		}
+
+		// Здесь нужно использовать ваш JWT утилити
+		jwtUtil := utils.NewJWTUtil("your-secret-key")
+		claims, err := jwtUtil.ValidateToken(tokenString)
+		if err != nil {
+			http.Error(w, "Invalid token", http.StatusUnauthorized)
+			return
+		}
+
+		ctx := context.WithValue(r.Context(), UserIDKey, claims.UserID)
+		ctx = context.WithValue(ctx, UserEmailKey, claims.Email)
+		ctx = context.WithValue(ctx, UserRoleKey, claims.Role)
+
+		next.ServeHTTP(w, r.WithContext(ctx))
+	})
+}
+
+func AdminMiddleware(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		role, ok := r.Context().Value(UserRoleKey).(string)
+		if !ok || role != "admin" {
+			http.Error(w, "Admin access required", http.StatusForbidden)
+			return
+		}
+		next.ServeHTTP(w, r)
+	})
+}
@@ -1 +0,0 @@
-package repositories
@@ -0,0 +1,74 @@
+package repository
+
+import (
+	"api_es/internal/models"
+	"context"
+
+	"gorm.io/gorm"
+)
+
+type UserRepository interface {
+	Create(ctx context.Context, user *models.User) error
+	GetByID(ctx context.Context, id uint) (*models.User, error)
+	GetByEmail(ctx context.Context, email string) (*models.User, error)
+	Update(ctx context.Context, user *models.User) error
+	Delete(ctx context.Context, id uint) error
+	List(ctx context.Context, limit, offset int) ([]*models.User, error)
+	GetUserStats(ctx context.Context, userID uint) (*models.UserStats, error)
+}
+
+type userRepository struct {
+	db *gorm.DB
+}
+
+func NewUserRepository(db *gorm.DB) UserRepository {
+	return &userRepository{db: db}
+}
+
+func (r *userRepository) Create(ctx context.Context, user *models.User) error {
+	return r.db.WithContext(ctx).Create(user).Error
+}
+
+func (r *userRepository) GetByID(ctx context.Context, id uint) (*models.User, error) {
+	var user models.User
+	err := r.db.WithContext(ctx).First(&user, id).Error
+	if err != nil {
+		return nil, err
+	}
+	return &user, nil
+}
+
+func (r *userRepository) GetByEmail(ctx context.Context, email string) (*models.User, error) {
+	var user models.User
+	err := r.db.WithContext(ctx).Where("email = ?", email).First(&user).Error
+	if err != nil {
+		return nil, err
+	}
+	return &user, nil
+}
+
+func (r *userRepository) Update(ctx context.Context, user *models.User) error {
+	return r.db.WithContext(ctx).Save(user).Error
+}
+
+func (r *userRepository) Delete(ctx context.Context, id uint) error {
+	return r.db.WithContext(ctx).Delete(&models.User{}, id).Error
+}
+
+func (r *userRepository) List(ctx context.Context, limit, offset int) ([]*models.User, error) {
+	var users []*models.User
+	err := r.db.WithContext(ctx).Limit(limit).Offset(offset).Find(&users).Error
+	if err != nil {
+		return nil, err
+	}
+	return users, nil
+}
+
+func (r *userRepository) GetUserStats(ctx context.Context, userID uint) (*models.UserStats, error) {
+	var stats models.UserStats
+	err := r.db.WithContext(ctx).First(&stats, userID).Error
+	if err != nil {
+		return nil, err
+	}
+	return &stats, nil
+}
@@ -0,0 +1,194 @@
+package service
+
+import (
+	"context"
+	"errors"
+	"api_es/internal/dto"
+	"api_es/internal/models"
+	"api_es/internal/repository"
+	"api_es/internal/utils"
+
+	"golang.org/x/crypto/bcrypt"
+)
+
+var (
+	ErrUserNotFound       = errors.New("user not found")
+	ErrInvalidCredentials = errors.New("invalid credentials")
+	ErrUserAlreadyExists  = errors.New("user already exists")
+	ErrInvalidPassword    = errors.New("invalid password")
+)
+
+type UserService interface {
+	Register(ctx context.Context, req dto.RegisterRequest) (*dto.AuthResponse, error)
+	Login(ctx context.Context, req dto.LoginRequest) (*dto.AuthResponse, error)
+	GetUser(ctx context.Context, id uint) (*dto.UserResponse, error)
+	UpdateUser(ctx context.Context, id uint, req dto.UpdateUserRequest) (*dto.UserResponse, error)
+	DeleteUser(ctx context.Context, id uint) error
+	ListUsers(ctx context.Context, limit, offset int) ([]*dto.UserResponse, error)
+	GetUserProfile(ctx context.Context, id uint) (*dto.UserResponse, error)
+}
+
+type userService struct {
+	userRepo repository.UserRepository
+	jwtUtil  *utils.JWTUtil
+}
+
+func NewUserService(userRepo repository.UserRepository, jwtUtil *utils.JWTUtil) UserService {
+	return &userService{
+		userRepo: userRepo,
+		jwtUtil:  jwtUtil,
+	}
+}
+
+func (s *userService) Register(ctx context.Context, req dto.RegisterRequest) (*dto.AuthResponse, error) {
+	// Проверяем существование пользователя
+	existingUser, _ := s.userRepo.GetByEmail(ctx, req.Email)
+	if existingUser != nil {
+		return nil, ErrUserAlreadyExists
+	}
+
+	// Хешируем пароль
+	hashedPassword, err := bcrypt.GenerateFromPassword([]byte(req.Password), bcrypt.DefaultCost)
+	if err != nil {
+		return nil, err
+	}
+
+	// Создаем пользователя
+	user := &models.User{
+		Email:        req.Email,
+		PasswordHash: string(hashedPassword),
+		FullName:     req.FullName,
+		FirstName:    req.FirstName,
+		LastName:     req.LastName,
+		Phone:        req.Phone,
+		City:         req.City,
+		IsActive:     true,
+		IsVerified:   false,
+		Role:         "user",
+	}
+
+	if err := s.userRepo.Create(ctx, user); err != nil {
+		return nil, err
+	}
+
+	// Генерируем токен
+	token, err := s.jwtUtil.GenerateToken(user.ID, user.Email, user.Role)
+	if err != nil {
+		return nil, err
+	}
+
+	userResponse := dto.ToUserResponse(user)
+	return &dto.AuthResponse{
+		Token: token,
+		User:  userResponse,
+	}, nil
+}
+
+func (s *userService) Login(ctx context.Context, req dto.LoginRequest) (*dto.AuthResponse, error) {
+	// Находим пользователя по email
+	user, err := s.userRepo.GetByEmail(ctx, req.Email)
+	if err != nil {
+		return nil, ErrInvalidCredentials
+	}
+
+	// Проверяем пароль
+	if err := bcrypt.CompareHashAndPassword([]byte(user.PasswordHash), []byte(req.Password)); err != nil {
+		return nil, ErrInvalidCredentials
+	}
+
+	// Проверяем активность пользователя
+	if !user.IsActive {
+		return nil, errors.New("account is deactivated")
+	}
+
+	// Генерируем токен
+	token, err := s.jwtUtil.GenerateToken(user.ID, user.Email, user.Role)
+	if err != nil {
+		return nil, err
+	}
+
+	userResponse := dto.ToUserResponse(user)
+	return &dto.AuthResponse{
+		Token: token,
+		User:  userResponse,
+	}, nil
+}
+
+func (s *userService) GetUser(ctx context.Context, id uint) (*dto.UserResponse, error) {
+	user, err := s.userRepo.GetByID(ctx, id)
+	if err != nil {
+		return nil, ErrUserNotFound
+	}
+
+	response := dto.ToUserResponse(user)
+	return &response, nil
+}
+
+func (s *userService) UpdateUser(ctx context.Context, id uint, req dto.UpdateUserRequest) (*dto.UserResponse, error) {
+	user, err := s.userRepo.GetByID(ctx, id)
+	if err != nil {
+		return nil, ErrUserNotFound
+	}
+
+	// Обновляем поля
+	if req.FullName != "" {
+		user.FullName = req.FullName
+	}
+	if req.FirstName != "" {
+		user.FirstName = req.FirstName
+	}
+	if req.LastName != "" {
+		user.LastName = req.LastName
+	}
+	if req.Phone != "" {
+		user.Phone = req.Phone
+	}
+	if req.City != "" {
+		user.City = req.City
+	}
+	if req.OrganizationForm != "" {
+		user.OrganizationForm = req.OrganizationForm
+	}
+	if req.OrganizationName != "" {
+		user.OrganizationName = req.OrganizationName
+	}
+	if req.OrganizationShort != "" {
+		user.OrganizationShort = req.OrganizationShort
+	}
+	if req.INN != "" {
+		user.INN = req.INN
+	}
+	if req.PersonalINN != "" {
+		user.PersonalINN = req.PersonalINN
+	}
+
+	if err := s.userRepo.Update(ctx, user); err != nil {
+		return nil, err
+	}
+
+	response := dto.ToUserResponse(user)
+	return &response, nil
+}
+
+func (s *userService) DeleteUser(ctx context.Context, id uint) error {
+	return s.userRepo.Delete(ctx, id)
+}
+
+func (s *userService) ListUsers(ctx context.Context, limit, offset int) ([]*dto.UserResponse, error) {
+	users, err := s.userRepo.List(ctx, limit, offset)
+	if err != nil {
+		return nil, err
+	}
+
+	responses := make([]*dto.UserResponse, len(users))
+	for i, user := range users {
+		response := dto.ToUserResponse(user)
+		responses[i] = &response
+	}
+
+	return responses, nil
+}
+
+func (s *userService) GetUserProfile(ctx context.Context, id uint) (*dto.UserResponse, error) {
+	return s.GetUser(ctx, id)
+}
@@ -0,0 +1,53 @@
+package utils
+
+import (
+	"time"
+
+	"github.com/golang-jwt/jwt/v4"
+)
+
+type JWTUtil struct {
+	secretKey string
+}
+
+type Claims struct {
+	UserID uint   `json:"user_id"`
+	Email  string `json:"email"`
+	Role   string `json:"role"`
+	jwt.RegisteredClaims
+}
+
+func NewJWTUtil(secretKey string) *JWTUtil {
+	return &JWTUtil{secretKey: secretKey}
+}
+
+func (j *JWTUtil) GenerateToken(userID uint, email, role string) (string, error) {
+	claims := Claims{
+		UserID: userID,
+		Email:  email,
+		Role:   role,
+		RegisteredClaims: jwt.RegisteredClaims{
+			ExpiresAt: jwt.NewNumericDate(time.Now().Add(24 * time.Hour)),
+			IssuedAt:  jwt.NewNumericDate(time.Now()),
+		},
+	}
+
+	token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
+	return token.SignedString([]byte(j.secretKey))
+}
+
+func (j *JWTUtil) ValidateToken(tokenString string) (*Claims, error) {
+	token, err := jwt.ParseWithClaims(tokenString, &Claims{}, func(token *jwt.Token) (interface{}, error) {
+		return []byte(j.secretKey), nil
+	})
+
+	if err != nil {
+		return nil, err
+	}
+
+	if claims, ok := token.Claims.(*Claims); ok && token.Valid {
+		return claims, nil
+	}
+
+	return nil, jwt.ErrInvalidKey
+}