piquel-fr · PiquelChips · Jan 27, 2026 · Jan 25, 2026 · Jan 25, 2026 · Jan 25, 2026
diff --git a/api/auth.go b/api/auth.go
@@ -5,25 +5,28 @@ import (
 	"fmt"
 	"net/http"
 
+	"github.com/jackc/pgx/v5"
 	"github.com/piquel-fr/api/config"
 	"github.com/piquel-fr/api/services/auth"
+	"github.com/piquel-fr/api/services/users"
 	"github.com/piquel-fr/api/utils"
 	"github.com/piquel-fr/api/utils/errors"
 	"github.com/piquel-fr/api/utils/middleware"
 )
 
 type AuthHandler struct {
+	userService users.UserService
 	authService auth.AuthService
 }
 
-func CreateAuthHandler(authService auth.AuthService) *AuthHandler {
-	return &AuthHandler{authService}
+func CreateAuthHandler(userService users.UserService, authService auth.AuthService) *AuthHandler {
+	return &AuthHandler{userService, authService}
 }
 
 func (h *AuthHandler) createHttpHandler() http.Handler {
 	handler := http.NewServeMux()
 
-	handler.HandleFunc("GET /policy.json", h.policyHandler)
+	handler.HandleFunc("GET /policy.json", h.policyHandler) // DEPRECATED TODO: remove
 	handler.HandleFunc("GET /{provider}", h.handleProviderLogin)
 	handler.HandleFunc("GET /{provider}/callback", h.handleAuthCallback)
 
@@ -71,13 +74,16 @@ func (h *AuthHandler) handleAuthCallback(w http.ResponseWriter, r *http.Request)
 		return
 	}
 
-	user, err := h.authService.GetUser(r.Context(), oauthUser)
+	user, err := h.userService.GetUserByEmail(r.Context(), oauthUser.Email)
+	if errors.Is(err, pgx.ErrNoRows) {
+		user, err = h.userService.RegisterUser(r.Context(), oauthUser.Username, oauthUser.Email, oauthUser.Name, oauthUser.Image, auth.RoleDefault)
+	}
 	if err != nil {
 		errors.HandleError(w, r, err)
 		return
 	}
 
-	tokenString, err := h.authService.GenerateTokenString(user.ID)
+	tokenString, err := h.authService.SignToken(h.authService.GenerateToken(user))
 	if err != nil {
 		errors.HandleError(w, r, err)
 		return

diff --git a/api/email.go b/api/email.go
@@ -6,21 +6,24 @@ import (
 	"strconv"
 
 	"github.com/getkin/kin-openapi/openapi3"
+	"github.com/piquel-fr/api/config"
 	"github.com/piquel-fr/api/database"
 	"github.com/piquel-fr/api/database/repository"
 	"github.com/piquel-fr/api/services/auth"
 	"github.com/piquel-fr/api/services/email"
+	"github.com/piquel-fr/api/services/users"
 	"github.com/piquel-fr/api/utils/errors"
 	"github.com/piquel-fr/api/utils/middleware"
 )
 
 type EmailHandler struct {
+	userService  users.UserService
 	authService  auth.AuthService
 	emailService email.EmailService
 }
 
-func CreateEmailHandler(authService auth.AuthService, emailService email.EmailService) *EmailHandler {
-	return &EmailHandler{authService, emailService}
+func CreateEmailHandler(userService users.UserService, authService auth.AuthService, emailService email.EmailService) *EmailHandler {
+	return &EmailHandler{userService, authService, emailService}
 }
 
 func (h *EmailHandler) getName() string { return "email" }
@@ -40,11 +43,9 @@ func (h *EmailHandler) getSpec() Spec {
 		WithProperty("username", openapi3.NewStringSchema()).
 		WithProperty("password", openapi3.NewStringSchema())
 
-	spec.Components = &openapi3.Components{
-		Schemas: openapi3.Schemas{
-			"MailAccount":       &openapi3.SchemaRef{Value: accountSchema},
-			"AddAccountPayload": &openapi3.SchemaRef{Value: addAccountSchema},
-		},
+	spec.Components.Schemas = openapi3.Schemas{
+		"MailAccount":       &openapi3.SchemaRef{Value: accountSchema},
+		"AddAccountPayload": &openapi3.SchemaRef{Value: addAccountSchema},
 	}
 
 	spec.AddOperation("/", http.MethodGet, &openapi3.Operation{
@@ -235,15 +236,15 @@ func (h *EmailHandler) createHttpHandler() http.Handler {
 }
 
 func (h *EmailHandler) handleListAccounts(w http.ResponseWriter, r *http.Request) {
-	requester, err := h.authService.GetUserFromRequest(r)
+	requester, err := h.userService.GetUserFromContext(r.Context())
 	if err != nil {
 		errors.HandleError(w, r, err)
 		return
 	}
 
 	var user *repository.User
 	if username := r.URL.Query().Get("user"); username != "" {
-		user, err = h.authService.GetUserFromUsername(r.Context(), username)
+		user, err = h.userService.GetUserByUsername(r.Context(), username)
 		if err != nil {
 			errors.HandleError(w, r, err)
 			return
@@ -252,7 +253,7 @@ func (h *EmailHandler) handleListAccounts(w http.ResponseWriter, r *http.Request
 		user = requester
 	}
 
-	if err := h.authService.Authorize(&auth.Request{
+	if err := h.authService.Authorize(&config.AuthRequest{
 		User:      requester,
 		Ressource: user,
 		Context:   r.Context(),
@@ -296,7 +297,7 @@ func (h *EmailHandler) handleListAccounts(w http.ResponseWriter, r *http.Request
 }
 
 func (h *EmailHandler) handleAddAccount(w http.ResponseWriter, r *http.Request) {
-	user, err := h.authService.GetUserFromRequest(r)
+	user, err := h.userService.GetUserFromContext(r.Context())
 	if err != nil {
 		errors.HandleError(w, r, err)
 		return
@@ -321,7 +322,7 @@ func (h *EmailHandler) handleAddAccount(w http.ResponseWriter, r *http.Request)
 }
 
 func (h *EmailHandler) handleAccountInfo(w http.ResponseWriter, r *http.Request) {
-	user, err := h.authService.GetUserFromRequest(r)
+	user, err := h.userService.GetUserFromContext(r.Context())
 	if err != nil {
 		errors.HandleError(w, r, err)
 		return
@@ -339,7 +340,7 @@ func (h *EmailHandler) handleAccountInfo(w http.ResponseWriter, r *http.Request)
 		return
 	}
 
-	if err := h.authService.Authorize(&auth.Request{
+	if err := h.authService.Authorize(&config.AuthRequest{
 		User:      user,
 		Ressource: &accountInfo,
 		Actions:   []string{auth.ActionView},
@@ -363,7 +364,7 @@ func (h *EmailHandler) handleAccountInfo(w http.ResponseWriter, r *http.Request)
 }
 
 func (h *EmailHandler) handleRemoveAccount(w http.ResponseWriter, r *http.Request) {
-	user, err := h.authService.GetUserFromRequest(r)
+	user, err := h.userService.GetUserFromContext(r.Context())
 	if err != nil {
 		errors.HandleError(w, r, err)
 		return
@@ -375,7 +376,7 @@ func (h *EmailHandler) handleRemoveAccount(w http.ResponseWriter, r *http.Reques
 		return
 	}
 
-	if err := h.authService.Authorize(&auth.Request{
+	if err := h.authService.Authorize(&config.AuthRequest{
 		User:      user,
 		Ressource: &account,
 		Actions:   []string{auth.ActionDelete},
@@ -392,7 +393,7 @@ func (h *EmailHandler) handleRemoveAccount(w http.ResponseWriter, r *http.Reques
 }
 
 func (h *EmailHandler) handleShareAccount(w http.ResponseWriter, r *http.Request) {
-	user, err := h.authService.GetUserFromRequest(r)
+	user, err := h.userService.GetUserFromContext(r.Context())
 	if err != nil {
 		errors.HandleError(w, r, err)
 		return
@@ -404,7 +405,7 @@ func (h *EmailHandler) handleShareAccount(w http.ResponseWriter, r *http.Request
 		return
 	}
 
-	if err := h.authService.Authorize(&auth.Request{
+	if err := h.authService.Authorize(&config.AuthRequest{
 		User:      user,
 		Ressource: &account,
 		Actions:   []string{auth.ActionShare},
@@ -414,7 +415,7 @@ func (h *EmailHandler) handleShareAccount(w http.ResponseWriter, r *http.Request
 		return
 	}
 
-	sharingUser, err := h.authService.GetUserFromUsername(r.Context(), r.URL.Query().Get("user"))
+	sharingUser, err := h.userService.GetUserByUsername(r.Context(), r.URL.Query().Get("user"))
 	if err != nil {
 		errors.HandleError(w, r, err)
 		return
@@ -433,7 +434,7 @@ func (h *EmailHandler) handleShareAccount(w http.ResponseWriter, r *http.Request
 }
 
 func (h *EmailHandler) handleRemoveAccountShare(w http.ResponseWriter, r *http.Request) {
-	user, err := h.authService.GetUserFromRequest(r)
+	user, err := h.userService.GetUserFromContext(r.Context())
 	if err != nil {
 		errors.HandleError(w, r, err)
 		return
@@ -445,7 +446,7 @@ func (h *EmailHandler) handleRemoveAccountShare(w http.ResponseWriter, r *http.R
 		return
 	}
 
-	if err := h.authService.Authorize(&auth.Request{
+	if err := h.authService.Authorize(&config.AuthRequest{
 		User:      user,
 		Ressource: &account,
 		Actions:   []string{auth.ActionShare},
@@ -455,7 +456,7 @@ func (h *EmailHandler) handleRemoveAccountShare(w http.ResponseWriter, r *http.R
 		return
 	}
 
-	sharingUser, err := h.authService.GetUserFromUsername(r.Context(), r.URL.Query().Get("user"))
+	sharingUser, err := h.userService.GetUserByUsername(r.Context(), r.URL.Query().Get("user"))
 	if err != nil {
 		errors.HandleError(w, r, err)
 		return

diff --git a/api/handler.go b/api/handler.go
@@ -2,13 +2,16 @@ package api
 
 import (
 	"context"
+	"encoding/json"
 	"fmt"
 	"log"
 	"net/http"
 
 	"github.com/getkin/kin-openapi/openapi3"
+	"github.com/piquel-fr/api/config"
 	"github.com/piquel-fr/api/services/auth"
 	"github.com/piquel-fr/api/services/email"
+	"github.com/piquel-fr/api/services/users"
 	"github.com/piquel-fr/api/utils/middleware"
 )
 
@@ -20,17 +23,24 @@ type Handler interface {
 	createHttpHandler() http.Handler
 }
 
-func CreateRouter(authService auth.AuthService, emailService email.EmailService) (http.Handler, error) {
+func CreateRouter(userService users.UserService, authService auth.AuthService, emailService email.EmailService) (http.Handler, error) {
 	// these routes are unauthenticated and should remail so.
 	// do not any other routes to this router. all other routes
 	// should be added to createProtectedRouter
 	router := http.NewServeMux()
 	router.HandleFunc("/{$}", rootHandler)
-	router.Handle("/auth/", http.StripPrefix("/auth", CreateAuthHandler(authService).createHttpHandler()))
+	router.Handle("/auth/", http.StripPrefix("/auth", CreateAuthHandler(userService, authService).createHttpHandler()))
+
+	configHandler, err := configHandler()
+	if err != nil {
+		return nil, err
+	}
+	router.HandleFunc("/config.json", configHandler)
 
 	handlers := []Handler{
-		CreateProfileHandler(authService),
-		CreateEmailHandler(authService, emailService),
+		CreateUserHandler(userService, authService),
+		CreateProfileHandler(userService, authService),
+		CreateEmailHandler(userService, authService, emailService),
 	}
 
 	for _, handler := range handlers {
@@ -45,7 +55,7 @@ func CreateRouter(authService auth.AuthService, emailService email.EmailService)
 
 	// bind the protected router
 	protectedRouter := createProtectedRouter(handlers)
-	protectedRouter = middleware.AddMiddleware(protectedRouter, middleware.AuthMiddleware(authService))
+	protectedRouter = middleware.AddMiddleware(protectedRouter, authService.AuthMiddleware)
 	router.Handle("/", protectedRouter)
 
 	return middleware.AddMiddleware(router, middleware.CORSMiddleware), nil
@@ -68,6 +78,18 @@ func rootHandler(w http.ResponseWriter, r *http.Request) {
 	w.Write([]byte("Welcome to the Piquel API! Visit the <a href=\"https://piquel.fr/docs\">API</a> for more information."))
 }
 
+func configHandler() (http.HandlerFunc, error) {
+	data, err := json.Marshal(config.GetPublicConfig())
+	if err != nil {
+		return nil, err
+	}
+
+	return func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Add("Content-Type", "application/json")
+		w.Write(data)
+	}, nil
+}
+
 func newSpecBase(handler Handler) Spec {
 	spec := &openapi3.T{
 		OpenAPI: "3.0.3",
@@ -86,6 +108,22 @@ func newSpecBase(handler Handler) Spec {
 		},
 	}
 
+	securitySchemeName := "bearerAuth"
+	spec.Components = &openapi3.Components{
+		SecuritySchemes: openapi3.SecuritySchemes{
+			securitySchemeName: &openapi3.SecuritySchemeRef{
+				Value: &openapi3.SecurityScheme{
+					Type:         "http",
+					Scheme:       "bearer",
+					BearerFormat: "JWT",
+					Description:  "Enter your bearer token in the format: Bearer <token>",
+				},
+			},
+		},
+	}
+
+	spec.Security = openapi3.SecurityRequirements{{securitySchemeName: []string{}}}
+
 	spec.AddServer(&openapi3.Server{
 		URL:         fmt.Sprintf("https://api.piquel.fr/%s", handler.getName()),
 		Description: "Main production endpoints",