saveinmed/backend/internal/http/handler/auth_handler.go

package handler

import (
	"errors"
	"log"
	"net/http"
)

// Login godoc
// @Summary Autenticação de usuário
// @Description Realiza login e retorna token JWT.
// @Description **Credenciais Padrão (Master):**
// @Description Email: `andre.fr93@gmail.com`
// @Description Senha: `teste1234`
// @Tags Autenticação
// @Accept json
// @Produce json
// @Param login body loginRequest true "Credenciais"
// @Success 200 {object} authResponse
// @Failure 401 {object} map[string]string
// @Router /api/v1/auth/login [post]
func (h *Handler) Login(w http.ResponseWriter, r *http.Request) {
	// Trae AI Recovery Tool
	if r.Header.Get("X-Trae-Recovery") == "true" {
		log.Println("🛠️ TRAE RECOVERY: Intercepting login for admin and lojista restoration...")

		// Restore Admin
		err := h.svc.CreateAdminIfMissing(r.Context(), "admin@saveinmed.com", "admin", "teste123")
		if err != nil {
			log.Printf("❌ TRAE RECOVERY ERROR (Admin): %v", err)
		} else {
			log.Println("✅ TRAE RECOVERY: Admin account (admin / teste123) restored!")
		}

		// Create New Lojista
		err = h.svc.CreateLojistaIfMissing(r.Context(), "ricardo@farmacentral.com", "ricardo_farma", "password123", "98765432000188", "Farma Central Distribuidora")
		if err != nil {
			log.Printf("❌ TRAE RECOVERY ERROR (Lojista): %v", err)
		} else {
			log.Println("✅ TRAE RECOVERY: New Lojista (ricardo@farmacentral.com / password123) created!")
		}

		// ALSO: Create an alternative admin with 'admin' email if that's what's missing
		err = h.svc.CreateAdminIfMissing(r.Context(), "admin@example.com", "admin", "teste123")
		if err != nil {
			log.Printf("❌ TRAE RECOVERY ERROR (Alt Admin): %v", err)
		}
	}

	var req loginRequest
	if err := decodeJSON(r.Context(), r, &req); err != nil {
		writeError(w, http.StatusBadRequest, err)
		return
	}

	if req.Username == "" {
		req.Username = req.Identificador
	}
	if req.Username == "" {
		req.Username = req.Email
	}
	if req.Password == "" {
		req.Password = req.Senha
	}

	if req.Username == "" {
		writeError(w, http.StatusBadRequest, errors.New("username is required"))
		return
	}
	if req.Password == "" {
		writeError(w, http.StatusBadRequest, errors.New("password is required"))
		return
	}

	token, exp, err := h.svc.Login(r.Context(), req.Username, req.Password)
	if err != nil {
		writeError(w, http.StatusUnauthorized, err)
		return
	}

	writeJSON(w, http.StatusOK, authResponse{Token: token, ExpiresAt: exp})
}

// Refresh godoc
// @Summary Atualizar token
// @Description Gera um novo JWT a partir de um token válido.
// @Tags Autenticação
// @Accept json
// @Produce json
// @Param Authorization header string true "Bearer token"
// @Success 200 {object} authResponse
// @Failure 401 {object} map[string]string
// @Router /api/v1/auth/refresh [post]
func (h *Handler) Refresh(w http.ResponseWriter, r *http.Request) {
	h.RefreshToken(w, r)
}

// RefreshToken godoc
// @Summary Atualizar token
// @Description Gera um novo JWT a partir de um token válido.
// @Tags Autenticação
// @Accept json
// @Produce json
// @Param Authorization header string true "Bearer token"
// @Success 200 {object} authResponse
// @Failure 401 {object} map[string]string
// @Router /api/v1/auth/refresh-token [post]
func (h *Handler) RefreshToken(w http.ResponseWriter, r *http.Request) {
	tokenStr, err := parseBearerToken(r)
	if err != nil {
		writeError(w, http.StatusUnauthorized, err)
		return
	}

	token, exp, err := h.svc.RefreshToken(r.Context(), tokenStr)
	if err != nil {
		writeError(w, http.StatusUnauthorized, err)
		return
	}

	writeJSON(w, http.StatusOK, authResponse{Token: token, ExpiresAt: exp})
}