Prepara versao dev 1.0

backend/internal/api/handlers/agency.go

@@ -0,0 +1,192 @@
+package handlers
+
+import (
+	"encoding/json"
+	"errors"
+	"log"
+	"net/http"
+	"strings"
+	"time"
+
+	"aggios-app/backend/internal/config"
+	"aggios-app/backend/internal/domain"
+	"aggios-app/backend/internal/service"
+
+	"github.com/golang-jwt/jwt/v5"
+	"github.com/google/uuid"
+)
+
+// AgencyRegistrationHandler handles agency management endpoints
+type AgencyRegistrationHandler struct {
+	agencyService *service.AgencyService
+	cfg           *config.Config
+}
+
+// NewAgencyRegistrationHandler creates a new agency registration handler
+func NewAgencyRegistrationHandler(agencyService *service.AgencyService, cfg *config.Config) *AgencyRegistrationHandler {
+	return &AgencyRegistrationHandler{
+		agencyService: agencyService,
+		cfg:           cfg,
+	}
+}
+
+// RegisterAgency handles agency registration (SUPERADMIN only)
+func (h *AgencyRegistrationHandler) RegisterAgency(w http.ResponseWriter, r *http.Request) {
+	if r.Method != http.MethodPost {
+		http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)
+		return
+	}
+
+	var req domain.RegisterAgencyRequest
+	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+		log.Printf("❌ Error decoding request: %v", err)
+		http.Error(w, "Invalid request body", http.StatusBadRequest)
+		return
+	}
+
+	log.Printf("📥 Registering agency: %s (subdomain: %s)", req.AgencyName, req.Subdomain)
+
+	tenant, admin, err := h.agencyService.RegisterAgency(req)
+	if err != nil {
+		log.Printf("❌ Error registering agency: %v", err)
+		switch err {
+		case service.ErrSubdomainTaken:
+			http.Error(w, err.Error(), http.StatusConflict)
+		case service.ErrEmailAlreadyExists:
+			http.Error(w, err.Error(), http.StatusConflict)
+		case service.ErrWeakPassword:
+			http.Error(w, err.Error(), http.StatusBadRequest)
+		default:
+			http.Error(w, "Internal server error", http.StatusInternalServerError)
+		}
+		return
+	}
+
+	log.Printf("✅ Agency created: %s (ID: %s)", tenant.Name, tenant.ID)
+
+	// Generate JWT token for the new admin
+	claims := jwt.MapClaims{
+		"user_id":   admin.ID.String(),
+		"email":     admin.Email,
+		"role":      admin.Role,
+		"tenant_id": tenant.ID.String(),
+		"exp":       time.Now().Add(time.Hour * 24 * 7).Unix(), // 7 days
+		"iat":       time.Now().Unix(),
+	}
+
+	token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
+	tokenString, err := token.SignedString([]byte(h.cfg.JWT.Secret))
+	if err != nil {
+		http.Error(w, "Failed to generate token", http.StatusInternalServerError)
+		return
+	}
+
+	protocol := "http://"
+	if h.cfg.App.Environment == "production" {
+		protocol = "https://"
+	}
+
+	response := map[string]interface{}{
+		"token":      tokenString,
+		"id":         admin.ID,
+		"email":      admin.Email,
+		"name":       admin.Name,
+		"role":       admin.Role,
+		"tenantId":   tenant.ID,
+		"company":    tenant.Name,
+		"subdomain":  tenant.Subdomain,
+		"message":    "Agency registered successfully",
+		"access_url": protocol + tenant.Domain,
+	}
+
+	w.Header().Set("Content-Type", "application/json")
+	w.WriteHeader(http.StatusCreated)
+	json.NewEncoder(w).Encode(response)
+}
+
+// RegisterClient handles client registration (ADMIN_AGENCIA only)
+func (h *AgencyRegistrationHandler) RegisterClient(w http.ResponseWriter, r *http.Request) {
+	if r.Method != http.MethodPost {
+		http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)
+		return
+	}
+
+	// TODO: Get tenant_id from authenticated user context
+	// For now, this would need the auth middleware to set it
+
+	var req domain.RegisterClientRequest
+	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+		http.Error(w, "Invalid request body", http.StatusBadRequest)
+		return
+	}
+
+	// Get tenantID from context (set by middleware)
+	tenantIDStr := r.Header.Get("X-Tenant-ID")
+	if tenantIDStr == "" {
+		http.Error(w, "Tenant not found", http.StatusBadRequest)
+		return
+	}
+
+	// Parse tenant ID
+	// tenantID, _ := uuid.Parse(tenantIDStr)
+
+	// client, err := h.agencyService.RegisterClient(req, tenantID)
+	// ... handle response
+
+	w.Header().Set("Content-Type", "application/json")
+	w.WriteHeader(http.StatusCreated)
+	json.NewEncoder(w).Encode(map[string]string{
+		"message": "Client registration endpoint - implementation pending",
+	})
+}
+
+// HandleAgency supports GET (details) and DELETE operations for a specific agency
+func (h *AgencyRegistrationHandler) HandleAgency(w http.ResponseWriter, r *http.Request) {
+	if r.URL.Path == "/api/admin/agencies/" {
+		http.Error(w, "Agency ID required", http.StatusBadRequest)
+		return
+	}
+
+	agencyID := strings.TrimPrefix(r.URL.Path, "/api/admin/agencies/")
+	if agencyID == "" || agencyID == r.URL.Path {
+		http.NotFound(w, r)
+		return
+	}
+
+	id, err := uuid.Parse(agencyID)
+	if err != nil {
+		http.Error(w, "Invalid agency ID", http.StatusBadRequest)
+		return
+	}
+
+	switch r.Method {
+	case http.MethodGet:
+		details, err := h.agencyService.GetAgencyDetails(id)
+		if err != nil {
+			if errors.Is(err, service.ErrTenantNotFound) {
+				http.Error(w, "Agency not found", http.StatusNotFound)
+				return
+			}
+			http.Error(w, "Internal server error", http.StatusInternalServerError)
+			return
+		}
+
+		w.Header().Set("Content-Type", "application/json")
+		json.NewEncoder(w).Encode(details)
+
+	case http.MethodDelete:
+		if err := h.agencyService.DeleteAgency(id); err != nil {
+			if errors.Is(err, service.ErrTenantNotFound) {
+				http.Error(w, "Agency not found", http.StatusNotFound)
+				return
+			}
+			http.Error(w, "Internal server error", http.StatusInternalServerError)
+			return
+		}
+
+		w.WriteHeader(http.StatusNoContent)
+
+	default:
+		http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)
+	}
+}

backend/internal/api/handlers/agency_profile.go

@@ -0,0 +1,179 @@
+package handlers
+
+import (
+	"encoding/json"
+	"net/http"
+
+	"aggios-app/backend/internal/repository"
+
+	"github.com/google/uuid"
+)
+
+type AgencyHandler struct {
+	tenantRepo *repository.TenantRepository
+}
+
+func NewAgencyHandler(tenantRepo *repository.TenantRepository) *AgencyHandler {
+	return &AgencyHandler{
+		tenantRepo: tenantRepo,
+	}
+}
+
+type AgencyProfileResponse struct {
+	ID          string `json:"id"`
+	Name        string `json:"name"`
+	CNPJ        string `json:"cnpj"`
+	Email       string `json:"email"`
+	Phone       string `json:"phone"`
+	Website     string `json:"website"`
+	Address     string `json:"address"`
+	City        string `json:"city"`
+	State       string `json:"state"`
+	Zip         string `json:"zip"`
+	RazaoSocial string `json:"razao_social"`
+	Description string `json:"description"`
+	Industry    string `json:"industry"`
+}
+
+type UpdateAgencyProfileRequest struct {
+	Name        string `json:"name"`
+	CNPJ        string `json:"cnpj"`
+	Email       string `json:"email"`
+	Phone       string `json:"phone"`
+	Website     string `json:"website"`
+	Address     string `json:"address"`
+	City        string `json:"city"`
+	State       string `json:"state"`
+	Zip         string `json:"zip"`
+	RazaoSocial string `json:"razao_social"`
+	Description string `json:"description"`
+	Industry    string `json:"industry"`
+}
+
+// GetProfile returns the current agency profile
+func (h *AgencyHandler) GetProfile(w http.ResponseWriter, r *http.Request) {
+	if r.Method != http.MethodGet {
+		http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)
+		return
+	}
+
+	// Get tenant from context (set by middleware)
+	tenantID := r.Context().Value("tenantID")
+	if tenantID == nil {
+		http.Error(w, "Tenant not found", http.StatusUnauthorized)
+		return
+	}
+
+	// Parse tenant ID
+	tid, err := uuid.Parse(tenantID.(string))
+	if err != nil {
+		http.Error(w, "Invalid tenant ID", http.StatusBadRequest)
+		return
+	}
+
+	// Get tenant from database
+	tenant, err := h.tenantRepo.FindByID(tid)
+	if err != nil {
+		http.Error(w, "Error fetching profile", http.StatusInternalServerError)
+		return
+	}
+	if tenant == nil {
+		http.Error(w, "Tenant not found", http.StatusNotFound)
+		return
+	}
+
+	response := AgencyProfileResponse{
+		ID:          tenant.ID.String(),
+		Name:        tenant.Name,
+		CNPJ:        tenant.CNPJ,
+		Email:       tenant.Email,
+		Phone:       tenant.Phone,
+		Website:     tenant.Website,
+		Address:     tenant.Address,
+		City:        tenant.City,
+		State:       tenant.State,
+		Zip:         tenant.Zip,
+		RazaoSocial: tenant.RazaoSocial,
+		Description: tenant.Description,
+		Industry:    tenant.Industry,
+	}
+
+	w.Header().Set("Content-Type", "application/json")
+	json.NewEncoder(w).Encode(response)
+}
+
+// UpdateProfile updates the current agency profile
+func (h *AgencyHandler) UpdateProfile(w http.ResponseWriter, r *http.Request) {
+	if r.Method != http.MethodPut && r.Method != http.MethodPatch {
+		http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)
+		return
+	}
+
+	// Get tenant from context
+	tenantID := r.Context().Value("tenantID")
+	if tenantID == nil {
+		http.Error(w, "Tenant not found", http.StatusUnauthorized)
+		return
+	}
+
+	var req UpdateAgencyProfileRequest
+	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+		http.Error(w, "Invalid request body", http.StatusBadRequest)
+		return
+	}
+
+	// Parse tenant ID
+	tid, err := uuid.Parse(tenantID.(string))
+	if err != nil {
+		http.Error(w, "Invalid tenant ID", http.StatusBadRequest)
+		return
+	}
+
+	// Prepare updates
+	updates := map[string]interface{}{
+		"name":         req.Name,
+		"cnpj":         req.CNPJ,
+		"razao_social": req.RazaoSocial,
+		"email":        req.Email,
+		"phone":        req.Phone,
+		"website":      req.Website,
+		"address":      req.Address,
+		"city":         req.City,
+		"state":        req.State,
+		"zip":          req.Zip,
+		"description":  req.Description,
+		"industry":     req.Industry,
+	}
+
+	// Update in database
+	if err := h.tenantRepo.UpdateProfile(tid, updates); err != nil {
+		http.Error(w, "Error updating profile", http.StatusInternalServerError)
+		return
+	}
+
+	// Fetch updated data
+	tenant, err := h.tenantRepo.FindByID(tid)
+	if err != nil {
+		http.Error(w, "Error fetching updated profile", http.StatusInternalServerError)
+		return
+	}
+
+	response := AgencyProfileResponse{
+		ID:          tenant.ID.String(),
+		Name:        tenant.Name,
+		CNPJ:        tenant.CNPJ,
+		Email:       tenant.Email,
+		Phone:       tenant.Phone,
+		Website:     tenant.Website,
+		Address:     tenant.Address,
+		City:        tenant.City,
+		State:       tenant.State,
+		Zip:         tenant.Zip,
+		RazaoSocial: tenant.RazaoSocial,
+		Description: tenant.Description,
+		Industry:    tenant.Industry,
+	}
+
+	w.Header().Set("Content-Type", "application/json")
+	json.NewEncoder(w).Encode(response)
+}

backend/internal/api/handlers/auth.go

@@ -0,0 +1,139 @@
+package handlers
+
+import (
+	"encoding/json"
+	"io"
+	"net/http"
+	"strings"
+
+	"aggios-app/backend/internal/domain"
+	"aggios-app/backend/internal/service"
+)
+
+// AuthHandler handles authentication endpoints
+type AuthHandler struct {
+	authService *service.AuthService
+}
+
+// NewAuthHandler creates a new auth handler
+func NewAuthHandler(authService *service.AuthService) *AuthHandler {
+	return &AuthHandler{
+		authService: authService,
+	}
+}
+
+// Register handles user registration
+func (h *AuthHandler) Register(w http.ResponseWriter, r *http.Request) {
+	if r.Method != http.MethodPost {
+		http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)
+		return
+	}
+
+	var req domain.CreateUserRequest
+	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+		http.Error(w, "Invalid request body", http.StatusBadRequest)
+		return
+	}
+
+	user, err := h.authService.Register(req)
+	if err != nil {
+		switch err {
+		case service.ErrEmailAlreadyExists:
+			http.Error(w, err.Error(), http.StatusConflict)
+		case service.ErrWeakPassword:
+			http.Error(w, err.Error(), http.StatusBadRequest)
+		default:
+			http.Error(w, "Internal server error", http.StatusInternalServerError)
+		}
+		return
+	}
+
+	w.Header().Set("Content-Type", "application/json")
+	w.WriteHeader(http.StatusCreated)
+	json.NewEncoder(w).Encode(user)
+}
+
+// Login handles user login
+func (h *AuthHandler) Login(w http.ResponseWriter, r *http.Request) {
+	if r.Method != http.MethodPost {
+		http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)
+		return
+	}
+
+	bodyBytes, err := io.ReadAll(r.Body)
+	if err != nil {
+		http.Error(w, "Failed to read request body", http.StatusBadRequest)
+		return
+	}
+	defer r.Body.Close()
+
+	// Trim whitespace to avoid decode errors caused by BOM or stray chars
+	sanitized := strings.TrimSpace(string(bodyBytes))
+	var req domain.LoginRequest
+	if err := json.Unmarshal([]byte(sanitized), &req); err != nil {
+		http.Error(w, "Invalid request body", http.StatusBadRequest)
+		return
+	}
+
+	response, err := h.authService.Login(req)
+	if err != nil {
+		if err == service.ErrInvalidCredentials {
+			http.Error(w, err.Error(), http.StatusUnauthorized)
+		} else {
+			http.Error(w, "Internal server error", http.StatusInternalServerError)
+		}
+		return
+	}
+
+	w.Header().Set("Content-Type", "application/json")
+	json.NewEncoder(w).Encode(response)
+}
+
+// ChangePasswordRequest represents a password change request
+type ChangePasswordRequest struct {
+	CurrentPassword string `json:"currentPassword"`
+	NewPassword     string `json:"newPassword"`
+}
+
+// ChangePassword handles password change
+func (h *AuthHandler) ChangePassword(w http.ResponseWriter, r *http.Request) {
+	if r.Method != http.MethodPost {
+		http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)
+		return
+	}
+
+	// Get user ID from context (set by auth middleware)
+	userID, ok := r.Context().Value("userID").(string)
+	if !ok {
+		http.Error(w, "Unauthorized", http.StatusUnauthorized)
+		return
+	}
+
+	var req ChangePasswordRequest
+	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+		http.Error(w, "Invalid request body", http.StatusBadRequest)
+		return
+	}
+
+	if req.CurrentPassword == "" || req.NewPassword == "" {
+		http.Error(w, "Current password and new password are required", http.StatusBadRequest)
+		return
+	}
+
+	// Call auth service to change password
+	if err := h.authService.ChangePassword(userID, req.CurrentPassword, req.NewPassword); err != nil {
+		if err == service.ErrInvalidCredentials {
+			http.Error(w, "Current password is incorrect", http.StatusUnauthorized)
+		} else if err == service.ErrWeakPassword {
+			http.Error(w, "New password is too weak", http.StatusBadRequest)
+		} else {
+			http.Error(w, "Error changing password", http.StatusInternalServerError)
+		}
+		return
+	}
+
+	w.Header().Set("Content-Type", "application/json")
+	json.NewEncoder(w).Encode(map[string]string{
+		"message": "Password changed successfully",
+	})
+}

backend/internal/api/handlers/company.go

@@ -0,0 +1,90 @@
+package handlers
+
+import (
+	"encoding/json"
+	"net/http"
+
+	"aggios-app/backend/internal/api/middleware"
+	"aggios-app/backend/internal/domain"
+	"aggios-app/backend/internal/service"
+
+	"github.com/google/uuid"
+)
+
+// CompanyHandler handles company endpoints
+type CompanyHandler struct {
+	companyService *service.CompanyService
+}
+
+// NewCompanyHandler creates a new company handler
+func NewCompanyHandler(companyService *service.CompanyService) *CompanyHandler {
+	return &CompanyHandler{
+		companyService: companyService,
+	}
+}
+
+// Create handles company creation
+func (h *CompanyHandler) Create(w http.ResponseWriter, r *http.Request) {
+	if r.Method != http.MethodPost {
+		http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)
+		return
+	}
+
+	// Get user ID from context (set by auth middleware)
+	userIDStr, ok := r.Context().Value(middleware.UserIDKey).(string)
+	if !ok {
+		http.Error(w, "Unauthorized", http.StatusUnauthorized)
+		return
+	}
+
+	userID, err := uuid.Parse(userIDStr)
+	if err != nil {
+		http.Error(w, "Invalid user ID", http.StatusBadRequest)
+		return
+	}
+
+	var req domain.CreateCompanyRequest
+	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+		http.Error(w, "Invalid request body", http.StatusBadRequest)
+		return
+	}
+
+	// TODO: Get tenantID from user context
+	// For now, this is a placeholder - you'll need to get the tenant from the authenticated user
+	tenantID := uuid.New() // Replace with actual tenant from user
+
+	company, err := h.companyService.Create(req, tenantID, userID)
+	if err != nil {
+		switch err {
+		case service.ErrCNPJAlreadyExists:
+			http.Error(w, err.Error(), http.StatusConflict)
+		default:
+			http.Error(w, "Internal server error", http.StatusInternalServerError)
+		}
+		return
+	}
+
+	w.Header().Set("Content-Type", "application/json")
+	w.WriteHeader(http.StatusCreated)
+	json.NewEncoder(w).Encode(company)
+}
+
+// List handles listing companies for a tenant
+func (h *CompanyHandler) List(w http.ResponseWriter, r *http.Request) {
+	if r.Method != http.MethodGet {
+		http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)
+		return
+	}
+
+	// TODO: Get tenantID from authenticated user
+	tenantID := uuid.New() // Replace with actual tenant from user
+
+	companies, err := h.companyService.ListByTenant(tenantID)
+	if err != nil {
+		http.Error(w, "Internal server error", http.StatusInternalServerError)
+		return
+	}
+
+	w.Header().Set("Content-Type", "application/json")
+	json.NewEncoder(w).Encode(companies)
+}

backend/internal/api/handlers/health.go

@@ -0,0 +1,31 @@
+package handlers
+
+import (
+	"encoding/json"
+	"net/http"
+)
+
+// HealthHandler handles health check endpoint
+type HealthHandler struct{}
+
+// NewHealthHandler creates a new health handler
+func NewHealthHandler() *HealthHandler {
+	return &HealthHandler{}
+}
+
+// Check returns API health status
+func (h *HealthHandler) Check(w http.ResponseWriter, r *http.Request) {
+	if r.Method != http.MethodGet {
+		http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)
+		return
+	}
+
+	response := map[string]interface{}{
+		"status":  "healthy",
+		"service": "aggios-api",
+		"version": "1.0.0",
+	}
+
+	w.Header().Set("Content-Type", "application/json")
+	json.NewEncoder(w).Encode(response)
+}

backend/internal/api/handlers/tenant.go

@@ -0,0 +1,42 @@
+package handlers
+
+import (
+	"encoding/json"
+	"net/http"
+
+	"aggios-app/backend/internal/domain"
+	"aggios-app/backend/internal/service"
+)
+
+// TenantHandler handles tenant/agency listing endpoints
+type TenantHandler struct {
+	tenantService *service.TenantService
+}
+
+// NewTenantHandler creates a new tenant handler
+func NewTenantHandler(tenantService *service.TenantService) *TenantHandler {
+	return &TenantHandler{
+		tenantService: tenantService,
+	}
+}
+
+// ListAll lists all agencies/tenants (SUPERADMIN only)
+func (h *TenantHandler) ListAll(w http.ResponseWriter, r *http.Request) {
+	if r.Method != http.MethodGet {
+		http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)
+		return
+	}
+
+	tenants, err := h.tenantService.ListAll()
+	if err != nil {
+		http.Error(w, "Internal server error", http.StatusInternalServerError)
+		return
+	}
+
+	if tenants == nil {
+		tenants = []*domain.Tenant{}
+	}
+
+	w.Header().Set("Content-Type", "application/json; charset=utf-8")
+	json.NewEncoder(w).Encode(tenants)
+}