feat: auth service + security audit fixes + cleanup legacy services

Major changes: - Add auth-svc: JWT auth, register/login/refresh, password reset - Add auth UI: modals, pages (/login, /register, /forgot-password) - Add usage tracking (usage_metrics table, daily limits) - Add tiered rate limiting (free/pro/business) - Add LLM usage limits per tier Security fixes: - All repos now require userID for Update/Delete operations - JWT middleware in chat-svc, llm-svc, agent-svc, discover-svc - ErrNotFound/ErrForbidden errors for proper access control Cleanup: - Remove legacy TypeScript services/ directory - Remove computer-svc (to be reimplemented) - Remove old deploy/docker configs New files: - backend/cmd/auth-svc/main.go - backend/internal/auth/{types,repository}.go - backend/internal/usage/{types,repository}.go - backend/pkg/middleware/{llm_limits,ratelimit_tiered}.go - backend/webui/src/components/auth/* - backend/webui/src/app/(auth)/* Made-with: Cursor
2026-02-28 01:33:49 +03:00
parent 120fbbaafb
commit a0e3748dde
523 changed files with 10776 additions and 59630 deletions
--- a/backend/pkg/middleware/llm_limits.go
+++ b/backend/pkg/middleware/llm_limits.go
@@ -0,0 +1,106 @@
+package middleware
+
+import (
+	"context"
+	"database/sql"
+
+	"github.com/gofiber/fiber/v2"
+	"github.com/gooseek/backend/internal/usage"
+)
+
+type LLMLimitsConfig struct {
+	UsageRepo *usage.Repository
+}
+
+func LLMLimits(config LLMLimitsConfig) fiber.Handler {
+	return func(c *fiber.Ctx) error {
+		userID := GetUserID(c)
+		if userID == "" {
+			return c.Status(401).JSON(fiber.Map{
+				"error": "Authentication required",
+			})
+		}
+
+		tier := GetUserTier(c)
+		if tier == "" {
+			tier = "free"
+		}
+
+		if config.UsageRepo != nil {
+			allowed, reason := config.UsageRepo.CheckLLMLimits(c.Context(), userID, tier)
+			if !allowed {
+				limits := usage.GetLimits(tier)
+				return c.Status(429).JSON(fiber.Map{
+					"error":        reason,
+					"tier":         tier,
+					"dailyLimit":   limits.LLMRequestsPerDay,
+					"tokenLimit":   limits.LLMTokensPerDay,
+					"upgradeUrl":   "/settings/billing",
+				})
+			}
+		}
+
+		return c.Next()
+	}
+}
+
+type UsageTracker struct {
+	repo *usage.Repository
+}
+
+func NewUsageTracker(db *sql.DB) *UsageTracker {
+	return &UsageTracker{
+		repo: usage.NewRepository(db),
+	}
+}
+
+func (t *UsageTracker) RunMigrations(ctx context.Context) error {
+	return t.repo.RunMigrations(ctx)
+}
+
+func (t *UsageTracker) TrackAPIRequest(c *fiber.Ctx) {
+	userID := GetUserID(c)
+	if userID == "" {
+		return
+	}
+	tier := GetUserTier(c)
+	if tier == "" {
+		tier = "free"
+	}
+	go t.repo.IncrementAPIRequests(context.Background(), userID, tier)
+}
+
+func (t *UsageTracker) TrackLLMRequest(ctx context.Context, userID, tier string, tokens int) {
+	if userID == "" {
+		return
+	}
+	if tier == "" {
+		tier = "free"
+	}
+	go t.repo.IncrementLLMUsage(ctx, userID, tier, tokens)
+}
+
+func (t *UsageTracker) TrackSearchRequest(c *fiber.Ctx) {
+	userID := GetUserID(c)
+	if userID == "" {
+		return
+	}
+	tier := GetUserTier(c)
+	if tier == "" {
+		tier = "free"
+	}
+	go t.repo.IncrementSearchRequests(context.Background(), userID, tier)
+}
+
+func (t *UsageTracker) GetRepository() *usage.Repository {
+	return t.repo
+}
+
+func UsageTracking(tracker *UsageTracker) fiber.Handler {
+	return func(c *fiber.Ctx) error {
+		if tracker != nil {
+			tracker.TrackAPIRequest(c)
+		}
+		return c.Next()
+	}
+}