Add JWT auth for protected routes, add /reg endpoint, remove /user endpoints

bin/routes/auth_routes.dart

@@ -1,7 +1,10 @@
 import 'package:shelf/shelf.dart';
 import 'package:shelf_router/shelf_router.dart';
 import 'package:bcrypt/bcrypt.dart';
+import 'package:dart_jsonwebtoken/dart_jsonwebtoken.dart';
+import 'package:dotenv/dotenv.dart';
 import '../database/database_provider.dart';
+import '../middleware/auth_middleware.dart';
 import 'dart:convert';
 
 class AuthRoutes {
@@ -12,7 +15,8 @@ class AuthRoutes {
   Router get routes {
     final router = Router();
     router.post('/login', _login);
-    router.get('/watch', _watch);
+    router.post('/reg', _register);
+    router.get('/watch', AuthMiddleware(_watch).call);
     return router;
   }
 
@@ -29,19 +33,40 @@ class AuthRoutes {
       return Response(401, body: 'Invalid credentials');
     }
 
-    return Response(200, body: jsonEncode({'user': user.toMap()}));
+    // Генерация JWT токена
+    final dotenv = DotEnv();
+    final secret = dotenv['JWT_SECRET'] ?? '';
+    final jwt = JWT(
+      {'user_id': user.id, 'login': user.login},
+      issuer: 'family_safety_tracker'
+    );
+    final token = jwt.sign(SecretKey(secret));
+
+    return Response(200, body: jsonEncode({
+      'user': user.toMap(),
+      'token': token
+    }));
+  }
+
+  Future<Response> _register(Request request) async {
+    final body = await request.readAsString();
+    final data = jsonDecode(body);
+
+    final login = data['login'];
+    final password = data['password'];
+
+    final user = await database.createUser(login, password);
+    return Response(201, body: jsonEncode(user.toMap()));
   }
 
   Future<Response> _watch(Request request) async {
     final uniqueId = request.url.queryParameters['unique_id'];
 
-    final userId = database.getUserIdByShareId(uniqueId!);
-
-    if (userId == null) {
+    if (!database.isValidShareId(uniqueId!)) {
       return Response(404, body: 'Share link not found');
     }
 
-    final position = await database.getLatestPosition(userId);
+    final position = await database.getLatestPosition();
 
     if (position == null) {
       return Response(404, body: 'No position available');

bin/routes/geo_routes.dart

@@ -1,6 +1,7 @@
 import 'package:shelf/shelf.dart';
 import 'package:shelf_router/shelf_router.dart';
 import '../database/database_provider.dart';
+import '../middleware/auth_middleware.dart';
 import 'dart:convert';
 
 class GeoRoutes {
@@ -10,9 +11,9 @@ class GeoRoutes {
 
   Router get routes {
     final router = Router();
-    router.post('/geo', _createPosition);
-    router.put('/geo', _updatePosition);
-    router.post('/share', _createShare);
+    router.post('/geo', AuthMiddleware(_createPosition).call);
+    router.put('/geo', AuthMiddleware(_updatePosition).call);
+    router.post('/share', AuthMiddleware(_createShare).call);
     return router;
   }
 
@@ -20,13 +21,10 @@ class GeoRoutes {
     final body = await request.readAsString();
     final data = jsonDecode(body);
 
-    final userId = data['user_id'];
     final x = data['x'];
     final y = data['y'];
-    final lifetimeSeconds = data['lifetime'];
-    final lifetime = Duration(seconds: lifetimeSeconds);
 
-    final position = await database.createPosition(userId, x, y, lifetime);
+    final position = await database.createPosition(x, y);
     return Response(201, body: position.toJson());
   }
 
@@ -34,22 +32,15 @@ class GeoRoutes {
     final body = await request.readAsString();
     final data = jsonDecode(body);
 
-    final userId = data['user_id'];
     final x = data['x'];
     final y = data['y'];
-    final lifetimeSeconds = data['lifetime'];
-    final lifetime = Duration(seconds: lifetimeSeconds);
 
-    final position = await database.updatePosition(userId, x, y, lifetime);
+    final position = await database.updatePosition(x, y);
     return Response(200, body: position.toJson());
   }
 
   Future<Response> _createShare(Request request) async {
-    final body = await request.readAsString();
-    final data = jsonDecode(body);
-
-    final userId = data['user_id'];
-    final shareId = database.createShareId(userId);
+    final shareId = database.createShareId();
 
     return Response(200, body: jsonEncode({'share_id': shareId}));
   }

bin/routes/user_routes.dart

@@ -1,54 +0,0 @@
-import 'package:shelf/shelf.dart';
-import 'package:shelf_router/shelf_router.dart';
-import '../database/database_provider.dart';
-import 'dart:convert';
-
-class UserRoutes {
-  final DatabaseProvider database;
-
-  UserRoutes(this.database);
-
-  Router get routes {
-    final router = Router();
-    router.get('/user', _getAllUsers);
-    router.post('/user', _createUser);
-    router.put('/user/<id>', _updateUser);
-    router.delete('/user/<id>', _deleteUser);
-    return router;
-  }
-
-  Future<Response> _getAllUsers(Request request) async {
-    final users = await database.getAllUsers();
-    return Response(200, body: jsonEncode(users.map((u) => u.toMap()).toList()));
-  }
-
-  Future<Response> _createUser(Request request) async {
-    final body = await request.readAsString();
-    final data = jsonDecode(body);
-
-    final login = data['login'];
-    final password = data['password'];
-
-    final user = await database.createUser(login, password);
-    return Response(201, body: jsonEncode(user.toMap()));
-  }
-
-  Future<Response> _updateUser(Request request) async {
-    final id = int.parse(request.params['id']!);
-
-    final body = await request.readAsString();
-    final data = jsonDecode(body);
-
-    final login = data['login'];
-    final password = data['password'];
-
-    final user = await database.updateUser(id, login, password);
-    return Response(200, body: jsonEncode(user.toMap()));
-  }
-
-  Future<Response> _deleteUser(Request request) async {
-    final id = int.parse(request.params['id']!);
-    await database.deleteUser(id);
-    return Response(204);
-  }
-}