package auth import ( "net/http" "github.com/gin-gonic/gin" "onixbyte.com/pipely/internal/model" ) type Handler struct { svc *Service } func NewHandler(svc *Service) *Handler { return &Handler{svc: svc} } func (h *Handler) Login(c *gin.Context) { var req model.LoginRequest if err := c.ShouldBindJSON(&req); err != nil { c.JSON(http.StatusBadRequest, gin.H{"error": "Invalid request: " + err.Error()}) return } resp, err := h.svc.Login(req.Username, req.Password) if err != nil { c.JSON(http.StatusUnauthorized, gin.H{"error": "Invalid credentials"}) return } // Set JWT as HttpOnly cookie so the frontend doesn't need to manage it. // The browser sends it automatically on every request. maxAge := h.svc.ExpiryHrs() * 3600 c.SetCookie("pipely_token", resp.Token, maxAge, "/", "", false, true) c.JSON(http.StatusOK, gin.H{"message": "Login successful"}) } func (h *Handler) Logout(c *gin.Context) { // Clear the auth cookie by setting MaxAge=-1 c.SetCookie("pipely_token", "", -1, "/", "", false, true) c.JSON(http.StatusOK, gin.H{"message": "Logged out"}) }