From fdc3122b68c80706582f38d8697fe74de6843580 Mon Sep 17 00:00:00 2001
From: cdricms <36056008+cdricms@users.noreply.github.com>
Date: Fri, 17 Jan 2025 10:39:59 +0100
Subject: [PATCH 1/3] Hashing password

Using postgres' pgcrypt
---
 backend/api/auth.go         |  9 ++----
 backend/api/core/schemas.go | 59 ++++++++++++++++++++++++++++++++-----
 backend/api/new_blog.go     | 10 +++----
 backend/api/new_user.go     | 17 ++++++-----
 backend/go.mod              |  4 +++
 backend/go.sum              | 11 +++++++
 backend/main.go             |  6 ++++
 7 files changed, 88 insertions(+), 28 deletions(-)

diff --git a/backend/api/auth.go b/backend/api/auth.go
index 74d55ce..4383054 100644
--- a/backend/api/auth.go
+++ b/backend/api/auth.go
@@ -53,13 +53,8 @@ func HandleLogin(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	var user core.User
-	count, err := core.DB.NewSelect().
-		Model(&user).
-		Where("email = ? AND password = ?", login.Email, login.Password).
-		Limit(1).
-		ScanAndCount(context.Background())
-	if count == 0 {
+	user, err := core.Verify(context.Background(), login.Email, login.Password)
+	if user == nil {
 		core.JSONError{
 			Status:  core.Error,
 			Message: "User not found.",
diff --git a/backend/api/core/schemas.go b/backend/api/core/schemas.go
index d7e5d55..7473199 100644
--- a/backend/api/core/schemas.go
+++ b/backend/api/core/schemas.go
@@ -36,8 +36,8 @@ const (
 type Status string
 
 const (
-	Active Status = "Active"
-	Inactive  Status = "Inactive"
+	Active   Status = "Active"
+	Inactive Status = "Inactive"
 )
 
 type User struct {
@@ -56,6 +56,43 @@ type User struct {
 	Articles  []*Blog   `bun:"rel:has-many,join:user_id=blog_id" json:"articles,omitempty"`
 }
 
+func (u *User) Insert(ctx context.Context) (sql.Result, error) {
+	u.Password = fmt.Sprintf("crypt('%s', gen_salt('bf'))", u.Password)
+	return DB.NewInsert().
+		Model(u).
+		Value("password", u.Password).
+		Exec(ctx)
+}
+
+func Verify(ctx context.Context, email, password string) (*User, error) {
+	// var user User
+	// query := `
+	// 	SELECT *
+	// 	FROM users
+	// 	WHERE email = ? AND password = crypt(?, password)
+	// `
+	//
+	// err := DB.NewRaw(query, email, password).Scan(ctx, user)
+
+	var user User
+	count, err := DB.NewSelect().
+		Model(&user).
+		Where("email = ? AND password = crypt(?, password)", email, password).
+		Limit(1).
+		ScanAndCount(context.Background())
+	if count == 0 {
+		return nil, fmt.Errorf("invalid email or password")
+	}
+	if err != nil {
+		if err == sql.ErrNoRows {
+			return nil, fmt.Errorf("invalid email or password")
+		}
+		return nil, err
+	}
+
+	return &user, nil
+}
+
 type Event struct {
 	bun.BaseModel `bun:"table:events"`
 
@@ -69,7 +106,7 @@ type Event struct {
 type EventToUser struct {
 	bun.BaseModel `bun:"table:events_to_users"`
 
-	EventID uuid.UUID `bun:"type:uuid,pk"` 
+	EventID uuid.UUID `bun:"type:uuid,pk"`
 	UserID  uuid.UUID `bun:"type:uuid,pk"`
 
 	Event *Event `bun:"rel:belongs-to,join:event_id=event_id"`
@@ -103,12 +140,18 @@ func InitDatabase(dsn DSN) (*bun.DB, error) {
 	sqldb := sql.OpenDB(pgdriver.NewConnector(pgdriver.WithDSN(dsn.ToString())))
 	db := bun.NewDB(sqldb, pgdialect.New())
 
+	ctx := context.Background()
+
+	_, err := db.ExecContext(ctx, "CREATE EXTENSION IF NOT EXISTS pgcrypto;")
+	if err != nil {
+		return nil, err
+	}
 	db.RegisterModel((*EventToUser)(nil))
-	_, err := db.NewCreateTable().Model((*User)(nil)).IfNotExists().Exec(context.Background())
-	_, err = db.NewCreateTable().Model((*Event)(nil)).IfNotExists().Exec(context.Background())
-	_, err = db.NewCreateTable().Model((*EventToUser)(nil)).IfNotExists().Exec(context.Background())
-	_, err = db.NewCreateTable().Model((*Blog)(nil)).IfNotExists().Exec(context.Background())
-	_, err = db.NewCreateTable().Model((*WebsiteSettings)(nil)).IfNotExists().Exec(context.Background())
+	_, err = db.NewCreateTable().Model((*User)(nil)).IfNotExists().Exec(ctx)
+	_, err = db.NewCreateTable().Model((*Event)(nil)).IfNotExists().Exec(ctx)
+	_, err = db.NewCreateTable().Model((*EventToUser)(nil)).IfNotExists().Exec(ctx)
+	_, err = db.NewCreateTable().Model((*Blog)(nil)).IfNotExists().Exec(ctx)
+	_, err = db.NewCreateTable().Model((*WebsiteSettings)(nil)).IfNotExists().Exec(ctx)
 	if err != nil {
 		return nil, err
 	}
diff --git a/backend/api/new_blog.go b/backend/api/new_blog.go
index 9b1150f..29419f2 100644
--- a/backend/api/new_blog.go
+++ b/backend/api/new_blog.go
@@ -17,7 +17,7 @@ func HandleCreateBlog(w http.ResponseWriter, r *http.Request) {
 		}.Respond(w, http.StatusMethodNotAllowed)
 		return
 	}
-	
+
 	body, err := io.ReadAll(r.Body)
 	if err != nil {
 		core.JSONError{
@@ -26,16 +26,16 @@ func HandleCreateBlog(w http.ResponseWriter, r *http.Request) {
 		}.Respond(w, http.StatusNoContent)
 		return
 	}
-	var blog core.Blog	
+	var blog core.Blog
 	if err = json.Unmarshal(body, &blog); err != nil {
 		core.JSONError{
 			Status:  core.Error,
 			Message: err.Error(),
 		}.Respond(w, http.StatusNoContent)
 		return
-	}	
+	}
 
-	_, err = core.DB.NewInsert().Model(blog).Exec(context.Background())	
+	_, err = core.DB.NewInsert().Model(blog).Exec(context.Background())
 	if err != nil {
 		core.JSONError{
 			Status:  core.Error,
@@ -46,6 +46,6 @@ func HandleCreateBlog(w http.ResponseWriter, r *http.Request) {
 	core.JSONSuccess{
 		Status:  core.Success,
 		Message: "Blog inserted",
-		Data: blog,
+		Data:    blog,
 	}.Respond(w, http.StatusCreated)
 }
diff --git a/backend/api/new_user.go b/backend/api/new_user.go
index 0dbd6d2..b897d9e 100644
--- a/backend/api/new_user.go
+++ b/backend/api/new_user.go
@@ -32,14 +32,15 @@ func HandleCreateUser(w http.ResponseWriter, r *http.Request) {
 
 	log.Println(user)
 
-	res, err := core.DB.NewInsert().Model(&user).Exec(context.Background())
-	if res == nil {
-		core.JSONError{
-			Status:  core.Error,
-			Message: "The user couldn't be inserted.",
-		}.Respond(w, http.StatusNotAcceptable)
-		return
-	}
+	res, err := user.Insert(context.Background())
+	log.Println(res)
+	// if res == nil {
+	// 	core.JSONError{
+	// 		Status:  core.Error,
+	// 		Message: "The user couldn't be inserted.",
+	// 	}.Respond(w, http.StatusNotAcceptable)
+	// 	return
+	// }
 
 	if err != nil {
 		core.JSONError{
diff --git a/backend/go.mod b/backend/go.mod
index 4dcb277..0290aaa 100644
--- a/backend/go.mod
+++ b/backend/go.mod
@@ -13,9 +13,13 @@ require (
 )
 
 require (
+	github.com/fatih/color v1.18.0 // indirect
 	github.com/jinzhu/inflection v1.0.0 // indirect
+	github.com/mattn/go-colorable v0.1.13 // indirect
+	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/puzpuzpuz/xsync/v3 v3.4.0 // indirect
 	github.com/tmthrgd/go-hex v0.0.0-20190904060850-447a3041c3bc // indirect
+	github.com/uptrace/bun/extra/bundebug v1.2.8 // indirect
 	github.com/vmihailenco/msgpack/v5 v5.4.1 // indirect
 	github.com/vmihailenco/tagparser/v2 v2.0.0 // indirect
 	golang.org/x/crypto v0.31.0 // indirect
diff --git a/backend/go.sum b/backend/go.sum
index dc8aaad..b23099f 100644
--- a/backend/go.sum
+++ b/backend/go.sum
@@ -1,5 +1,7 @@
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/fatih/color v1.18.0 h1:S8gINlzdQ840/4pfAwic/ZE0djQEH3wM94VfqLTZcOM=
+github.com/fatih/color v1.18.0/go.mod h1:4FelSpRwEGDpQ12mAdzqdOukCy4u8WUtOY6lkT/6HfU=
 github.com/golang-jwt/jwt v3.2.2+incompatible h1:IfV12K8xAKAnZqdXVzCZ+TOjboZ2keLg81eXfW3O+oY=
 github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I=
 github.com/golang-jwt/jwt/v5 v5.2.1 h1:OuVbFODueb089Lh128TAcimifWaLhJwVflnrgM17wHk=
@@ -12,6 +14,11 @@ github.com/joho/godotenv v1.5.1 h1:7eLL/+HRGLY0ldzfGMeQkb7vMd0as4CfYvUVzLqw0N0=
 github.com/joho/godotenv v1.5.1/go.mod h1:f4LDr5Voq0i2e/R5DDNOoa2zzDfwtkZa6DnEwAbqwq4=
 github.com/lib/pq v1.10.9 h1:YXG7RB+JIjhP29X+OtkiDnYaXQwpS4JEWq7dtCCRUEw=
 github.com/lib/pq v1.10.9/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
+github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA=
+github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
+github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
+github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
+github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/puzpuzpuz/xsync/v3 v3.4.0 h1:DuVBAdXuGFHv8adVXjWWZ63pJq+NRXOWVXlKDBZ+mJ4=
@@ -26,12 +33,16 @@ github.com/uptrace/bun/dialect/pgdialect v1.2.8 h1:9n3qVh6yc+u7F3lpXzsWrAFJG1yLH
 github.com/uptrace/bun/dialect/pgdialect v1.2.8/go.mod h1:plksD43MjAlPGYLD9/SzsLUpGH5poXE9IB1+ka/sEzE=
 github.com/uptrace/bun/driver/pgdriver v1.2.8 h1:5XrNn/9enSrWhhrUpz+6PY9S1vcg/jhCQPJu+ZmsKX4=
 github.com/uptrace/bun/driver/pgdriver v1.2.8/go.mod h1:cwRRwqabgePwYBiLlXtbeNmPD7LGJnqP21J2ZKP4ah8=
+github.com/uptrace/bun/extra/bundebug v1.2.8 h1:Epv0ycLOnoKWPky+rufP2F/PrcSlKkd4tmVIFOdq90A=
+github.com/uptrace/bun/extra/bundebug v1.2.8/go.mod h1:ucnmuPw/5ePbNFj2SPmV0lQh3ZvL+3HCrpvRxIYZyWQ=
 github.com/vmihailenco/msgpack/v5 v5.4.1 h1:cQriyiUvjTwOHg8QZaPihLWeRAAVoCpE00IUPn0Bjt8=
 github.com/vmihailenco/msgpack/v5 v5.4.1/go.mod h1:GaZTsDaehaPpQVyxrf5mtQlH+pc21PIudVV/E3rRQok=
 github.com/vmihailenco/tagparser/v2 v2.0.0 h1:y09buUbR+b5aycVFQs/g70pqKVZNBmxwAhO7/IwNM9g=
 github.com/vmihailenco/tagparser/v2 v2.0.0/go.mod h1:Wri+At7QHww0WTrCBeu4J6bNtoV6mEfg5OIWRZA9qds=
 golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U=
 golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk=
+golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.29.0 h1:TPYlXGxvx1MGTn2GiZDhnjPA9wZzZeGKHHmKhHYvgaU=
 golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
diff --git a/backend/main.go b/backend/main.go
index 6a1878f..e799caf 100644
--- a/backend/main.go
+++ b/backend/main.go
@@ -3,6 +3,7 @@ package main
 import (
 	"fmt"
 	"github.com/joho/godotenv"
+	"github.com/uptrace/bun/extra/bundebug"
 	"log"
 	"net/http"
 	"os"
@@ -23,6 +24,7 @@ func main() {
 		log.Fatalf("Error loading .env file: %v", err)
 	}
 	environ := os.Getenv("ENVIRONMENT")
+
 	port := os.Getenv("BACKEND_DOCKER_PORT")
 	if environ == "DEV" {
 		port = os.Getenv("BACKEND_PORT")
@@ -41,6 +43,10 @@ func main() {
 		log.Fatal(err)
 	}
 
+	core.DB.AddQueryHook(bundebug.NewQueryHook(bundebug.WithVerbose(true)))
+
+	defer core.DB.Close()
+
 	mux := http.NewServeMux()
 
 	core.HandleRoutes(mux, map[string]core.Handler{

From 5405cc50d938fa0a7bdcd3fff3a145b6cdf3012d Mon Sep 17 00:00:00 2001
From: cdricms <36056008+cdricms@users.noreply.github.com>
Date: Fri, 17 Jan 2025 10:57:59 +0100
Subject: [PATCH 2/3] Hashing new password on update

Using postgres' pgcrypt
---
 backend/api/update_user.go | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/backend/api/update_user.go b/backend/api/update_user.go
index 3c7c915..3d7cd84 100644
--- a/backend/api/update_user.go
+++ b/backend/api/update_user.go
@@ -49,6 +49,7 @@ func HandleUpdateUser(w http.ResponseWriter, r *http.Request) {
 
 	for i := 0; i < val.NumField(); i++ {
 		field := val.Field(i)
+		fieldname := typ.Field(i).Name
 
 		tag := typ.Field(i).Tag.Get("bun")
 		if tag == "" {
@@ -57,7 +58,11 @@ func HandleUpdateUser(w http.ResponseWriter, r *http.Request) {
 
 		// Only add fields that are non-nil and non-zero
 		if field.IsValid() && !field.IsNil() && !field.IsZero() {
-			updateQuery.Set(fmt.Sprintf("%s = ?", strings.Split(tag, ",")[0]), field.Interface())
+			if fieldname == "Password" {
+				updateQuery.Set(fmt.Sprintf("%s = crypt(?, gen_salt('bf'))", strings.Split(tag, ",")[0]), field.Interface())
+			} else {
+				updateQuery.Set(fmt.Sprintf("%s = ?", strings.Split(tag, ",")[0]), field.Interface())
+			}
 		}
 	}
 

From eb9883a1c312c2ecd4ea334f499a4de6889f0ae3 Mon Sep 17 00:00:00 2001
From: cdricms <36056008+cdricms@users.noreply.github.com>
Date: Fri, 17 Jan 2025 15:37:01 +0100
Subject: [PATCH 3/3] Added /users/me route, and handling auth in frontend

---
 backend/api/auth.go                        |   4 +-
 backend/api/get_me.go                      |  33 +++++++
 backend/main.go                            |  22 ++++-
 frontend/app/(main)/login/page.tsx         |  15 ++-
 frontend/app/layout.tsx                    |  23 ++---
 frontend/components/app-sidebar.tsx        |  11 ++-
 frontend/components/layouts/swr-layout.tsx |  27 +++++
 frontend/components/login-form.tsx         |  46 ++++++++-
 frontend/components/nav-bar.tsx            |   7 +-
 frontend/components/nav-user.tsx           |  40 ++++----
 frontend/hooks/use-api.tsx                 | 109 +++++++++++++++++++++
 frontend/hooks/use-login.tsx               |  31 ++++++
 frontend/hooks/use-me.tsx                  |  16 +++
 frontend/interfaces/IUser.ts               |  10 ++
 frontend/lib/constants.ts                  |   1 +
 frontend/middleware.ts                     |  43 ++++++++
 frontend/next.config.ts                    |  19 ++--
 frontend/package-lock.json                 |  55 +++++++++++
 frontend/package.json                      |   1 +
 nginx.conf                                 |   8 --
 20 files changed, 453 insertions(+), 68 deletions(-)
 create mode 100644 backend/api/get_me.go
 create mode 100644 frontend/components/layouts/swr-layout.tsx
 create mode 100644 frontend/hooks/use-api.tsx
 create mode 100644 frontend/hooks/use-login.tsx
 create mode 100644 frontend/hooks/use-me.tsx
 create mode 100644 frontend/interfaces/IUser.ts
 create mode 100644 frontend/lib/constants.ts
 create mode 100644 frontend/middleware.ts

diff --git a/backend/api/auth.go b/backend/api/auth.go
index 4383054..69b2b60 100644
--- a/backend/api/auth.go
+++ b/backend/api/auth.go
@@ -135,8 +135,10 @@ func AuthJWT(next http.Handler) http.Handler {
 			return
 		}
 
+		ctx := context.WithValue(r.Context(), "token", token)
+
 		// Call the next handler if the JWT is valid
-		next.ServeHTTP(w, r)
+		next.ServeHTTP(w, r.WithContext(ctx))
 	})
 }
 
diff --git a/backend/api/get_me.go b/backend/api/get_me.go
new file mode 100644
index 0000000..6ad406e
--- /dev/null
+++ b/backend/api/get_me.go
@@ -0,0 +1,33 @@
+package api
+
+import (
+	"net/http"
+
+	"fr.latosa-escrima/api/core"
+	"github.com/golang-jwt/jwt/v5"
+)
+
+func HandleGetMe(w http.ResponseWriter, r *http.Request) {
+	token, ok := r.Context().Value("token").(*jwt.Token)
+	if !ok {
+		core.JSONError{
+			Status:  core.Error,
+			Message: "Couldn't retrieve your JWT.",
+		}.Respond(w, http.StatusInternalServerError)
+		return
+	}
+
+	claims, ok := token.Claims.(jwt.MapClaims)
+	if !ok {
+		core.JSONError{
+			Status:  core.Error,
+			Message: "Invalid token claims.",
+		}.Respond(w, http.StatusInternalServerError)
+		return
+	}
+
+	uuid := claims["user_id"].(string)
+
+	r.SetPathValue("user_uuid", uuid)
+	HandleGetUser(w, r)
+}
diff --git a/backend/main.go b/backend/main.go
index e799caf..aa115ae 100644
--- a/backend/main.go
+++ b/backend/main.go
@@ -17,6 +17,21 @@ import (
 func handler(w http.ResponseWriter, r *http.Request) {
 	fmt.Fprintf(w, "<html><body><h1>Hello, World!</h1></body></html>")
 }
+func Cors(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		// Allow all origins (can restrict to specific origins)
+		w.Header().Set("Access-Control-Allow-Origin", "*")
+		// Allow certain HTTP methods (you can customize these as needed)
+		w.Header().Set("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS, PATCH")
+		// Allow certain headers (you can add more as needed)
+		w.Header().Set("Access-Control-Allow-Headers", "Content-Type, Authorization")
+		// Handle OPTIONS pre-flight request
+		if r.Method == http.MethodOptions {
+			return
+		}
+		next.ServeHTTP(w, r)
+	})
+}
 
 func main() {
 	err := godotenv.Load()
@@ -52,10 +67,13 @@ func main() {
 	core.HandleRoutes(mux, map[string]core.Handler{
 		"/": {
 			Handler:     handler,
-			Middlewares: []core.Middleware{api.Methods("post")}},
+			Middlewares: []core.Middleware{api.Methods("get")}},
 		"/users/login": {
 			Handler:     api.HandleLogin,
 			Middlewares: []core.Middleware{api.Methods("POST")}},
+		"/users/me": {
+			Handler:     api.HandleGetMe,
+			Middlewares: []core.Middleware{api.Methods("GET"), api.AuthJWT}},
 		"/users": {
 			Handler:     api.HandleGetUsers,
 			Middlewares: []core.Middleware{api.Methods("GET"), api.AuthJWT}},
@@ -80,7 +98,7 @@ func main() {
 	})
 
 	fmt.Printf("Serving on port %s\n", port)
-	err = http.ListenAndServe(fmt.Sprintf(":%s", port), mux)
+	err = http.ListenAndServe(fmt.Sprintf(":%s", port), Cors(mux))
 	if err != nil {
 		fmt.Printf("Error starting server: %s\n", err)
 	}
diff --git a/frontend/app/(main)/login/page.tsx b/frontend/app/(main)/login/page.tsx
index 78f09d5..1ccb800 100644
--- a/frontend/app/(main)/login/page.tsx
+++ b/frontend/app/(main)/login/page.tsx
@@ -1,8 +1,15 @@
-import { GalleryVerticalEnd } from "lucide-react";
+import Image from "next/image";
 
 import { LoginForm } from "@/components/login-form";
+import { cookies } from "next/headers";
+import { redirect } from "next/navigation";
+
+export default async function LoginPage() {
+	const cookiesObj = await cookies();
+	const token = cookiesObj.get("auth_token")?.value;
+
+	if (token) redirect("/dashboard");
 
-export default function LoginPage() {
 	return (
 		<div className="grid min-h-svh lg:grid-cols-2">
 			<div className="flex flex-col gap-4 p-6 md:p-10">
@@ -13,7 +20,9 @@ export default function LoginPage() {
 				</div>
 			</div>
 			<div className="relative hidden bg-muted lg:block">
-				<img
+				<Image
+					width={20}
+					height={20}
 					src="/placeholder.svg"
 					alt="Image"
 					className="absolute inset-0 h-full w-full object-cover dark:brightness-[0.2] dark:grayscale"
diff --git a/frontend/app/layout.tsx b/frontend/app/layout.tsx
index dd8f016..d6ef1f6 100644
--- a/frontend/app/layout.tsx
+++ b/frontend/app/layout.tsx
@@ -1,7 +1,7 @@
 import type { Metadata } from "next";
 import { Geist, Geist_Mono } from "next/font/google";
 import "@/app/globals.css";
-import { SWRConfig } from "swr";
+import SWRLayout from "@/components/layouts/swr-layout";
 
 const geistSans = Geist({
 	variable: "--font-geist-sans",
@@ -24,19 +24,12 @@ export default function RootLayout({
 	children: React.ReactNode;
 }>) {
 	return (
-		//<SWRConfig
-		//	value={{
-		//		fetcher: (url: string) => fetch(url).then((res) => res.json()),
-		//		revalidateOnFocus: false,
-		//	}}
-		//>
-			<html lang="fr">
-				<body
-					className={`${geistSans.variable} ${geistMono.variable} antialiased`}
-				>
-					{children}
-				</body>
-			</html>
-		//</SWRConfig>
+		<html lang="fr">
+			<body
+				className={`${geistSans.variable} ${geistMono.variable} antialiased`}
+			>
+				<SWRLayout>{children}</SWRLayout>
+			</body>
+		</html>
 	);
 }
diff --git a/frontend/components/app-sidebar.tsx b/frontend/components/app-sidebar.tsx
index 5f094b6..715a576 100644
--- a/frontend/components/app-sidebar.tsx
+++ b/frontend/components/app-sidebar.tsx
@@ -10,6 +10,7 @@ import {
 	GalleryVerticalEnd,
 	Settings2,
 	Calendar,
+	Loader2,
 } from "lucide-react";
 
 import { NavMain } from "@/components/nav-main";
@@ -23,6 +24,8 @@ import {
 	SidebarHeader,
 	SidebarRail,
 } from "@/components/ui/sidebar";
+import useMe from "@/hooks/use-me";
+import { useEffect } from "react";
 
 // This is sample data.
 const data = {
@@ -93,6 +96,8 @@ const data = {
 };
 
 export function AppSidebar({ ...props }: React.ComponentProps<typeof Sidebar>) {
+	const { user, isLoading, success, error } = useMe();
+
 	return (
 		<Sidebar collapsible="icon" {...props}>
 			<SidebarHeader>
@@ -102,7 +107,11 @@ export function AppSidebar({ ...props }: React.ComponentProps<typeof Sidebar>) {
 				<NavMain items={data.navMain} />
 			</SidebarContent>
 			<SidebarFooter>
-				<NavUser user={data.user} />
+				{isLoading ? (
+					<Loader2 className="flex w-full min-w-0 flex-col gap-1 justify-center animate-spin" />
+				) : (
+					<NavUser user={user!} />
+				)}
 			</SidebarFooter>
 			<SidebarRail />
 		</Sidebar>
diff --git a/frontend/components/layouts/swr-layout.tsx b/frontend/components/layouts/swr-layout.tsx
new file mode 100644
index 0000000..44d81bb
--- /dev/null
+++ b/frontend/components/layouts/swr-layout.tsx
@@ -0,0 +1,27 @@
+/*---------------------------------------------------------------------------------------------
+ *  Copyright (c) Hammed Abass. <3 All rights reserved.
+ *  Licensed under the MIT License. See License.txt in the project root for license information.
+ *--------------------------------------------------------------------------------------------*/
+"use client";
+
+import { SWRConfig } from "swr";
+
+interface SWRLayoutProps {
+	children: React.ReactNode;
+}
+
+const SWRLayout: React.FC<SWRLayoutProps> = ({ children }) => (
+	<SWRConfig
+		value={{
+			fetcher: (url: string) =>
+				fetch(url, { credentials: "include" }).then((res) =>
+					res.json(),
+				),
+			revalidateOnFocus: false,
+		}}
+	>
+		{children}
+	</SWRConfig>
+);
+
+export default SWRLayout;
diff --git a/frontend/components/login-form.tsx b/frontend/components/login-form.tsx
index 78da3d8..427d62a 100644
--- a/frontend/components/login-form.tsx
+++ b/frontend/components/login-form.tsx
@@ -1,14 +1,39 @@
+"use client";
 import { cn } from "@/lib/utils";
 import { Button } from "@/components/ui/button";
 import { Input } from "@/components/ui/input";
 import { Label } from "@/components/ui/label";
+import { useState } from "react";
+import { useRouter } from "next/navigation";
+import useLogin from "@/hooks/use-login";
+import { Loader2 } from "lucide-react";
 
 export function LoginForm({
 	className,
 	...props
 }: React.ComponentPropsWithoutRef<"form">) {
+	const [email, setEmail] = useState("");
+	const [password, setPassword] = useState("");
+	const { login, loading, isSuccess } = useLogin();
+	const router = useRouter();
+
+	const handleSubmit = async (e: React.FormEvent<HTMLFormElement>) => {
+		e.preventDefault();
+		try {
+			const res = await login({ email, password });
+			if (res.status === "Success") router.push("/dashboard");
+			console.log(res);
+		} catch (err: any) {
+			console.log(err.message);
+		}
+	};
+
 	return (
-		<form className={cn("flex flex-col gap-6", className)} {...props}>
+		<form
+			onSubmit={handleSubmit}
+			className={cn("flex flex-col gap-6", className)}
+			{...props}
+		>
 			<div className="flex flex-col items-center gap-2 text-center">
 				<h1 className="text-2xl font-bold">
 					Connectez-vous à votre compte.
@@ -23,6 +48,9 @@ export function LoginForm({
 					<Input
 						id="email"
 						type="email"
+						value={email}
+						disabled={loading}
+						onChange={(e) => setEmail(e.currentTarget.value)}
 						placeholder="m@example.com"
 						required
 					/>
@@ -37,9 +65,21 @@ export function LoginForm({
 							Forgot your password?
 						</a>
 					</div>
-					<Input id="password" type="password" required />
+					<Input
+						value={password}
+						onChange={(e) => setPassword(e.currentTarget.value)}
+						disabled={loading}
+						id="password"
+						type="password"
+						required
+					/>
 				</div>
-				<Button type="submit" className="w-full">
+				<Button
+					disabled={loading}
+					type="submit"
+					className="w-full transition-all ease-in-out"
+				>
+					{loading && <Loader2 className="animate-spin" />}
 					Se connecter
 				</Button>
 				<div className="relative text-center text-sm after:absolute after:inset-0 after:top-1/2 after:z-0 after:flex after:items-center after:border-t after:border-border">
diff --git a/frontend/components/nav-bar.tsx b/frontend/components/nav-bar.tsx
index 99a0400..d87b900 100644
--- a/frontend/components/nav-bar.tsx
+++ b/frontend/components/nav-bar.tsx
@@ -68,7 +68,7 @@ const subMenuItemsTwo = [
 
 const Navbar = () => {
 	return (
-		<section className="p-4 bg-white top-0 sticky z-[100]">
+		<section className="p-4 bg-white top-0 sticky z-50">
 			<div>
 				<nav className="hidden justify-between lg:flex">
 					<div className="flex items-center gap-6">
@@ -103,8 +103,9 @@ const Navbar = () => {
 										variant: "ghost",
 									}),
 								)}
-								href="/">
-								Planning	
+								href="/"
+							>
+								Planning
 							</a>
 							<a
 								className={cn(
diff --git a/frontend/components/nav-user.tsx b/frontend/components/nav-user.tsx
index 018d2dc..7c2bf51 100644
--- a/frontend/components/nav-user.tsx
+++ b/frontend/components/nav-user.tsx
@@ -25,17 +25,16 @@ import {
 	SidebarMenuItem,
 	useSidebar,
 } from "@/components/ui/sidebar";
+import { deleteCookie } from "cookies-next";
+import { useRouter } from "next/navigation";
+import IUser from "@/interfaces/IUser";
 
-export function NavUser({
-	user,
-}: {
-	user: {
-		name: string;
-		email: string;
-		avatar: string;
-	};
-}) {
+export const NavUser: React.FC<{ user: IUser }> = ({ user }) => {
 	const { isMobile } = useSidebar();
+	const router = useRouter();
+
+	const name = `${user.firstname} ${user.lastname}`;
+	const image = `https://avatar.vercel.sh/${name}`;
 
 	return (
 		<SidebarMenu>
@@ -47,17 +46,14 @@ export function NavUser({
 							className="data-[state=open]:bg-sidebar-accent data-[state=open]:text-sidebar-accent-foreground"
 						>
 							<Avatar className="h-8 w-8 rounded-lg">
-								<AvatarImage
-									src={user.avatar}
-									alt={user.name}
-								/>
+								<AvatarImage src={image} alt={name} />
 								<AvatarFallback className="rounded-lg">
 									CN
 								</AvatarFallback>
 							</Avatar>
 							<div className="grid flex-1 text-left text-sm leading-tight">
 								<span className="truncate font-semibold">
-									{user.name}
+									{name}
 								</span>
 								<span className="truncate text-xs">
 									{user.email}
@@ -75,17 +71,14 @@ export function NavUser({
 						<DropdownMenuLabel className="p-0 font-normal">
 							<div className="flex items-center gap-2 px-1 py-1.5 text-left text-sm">
 								<Avatar className="h-8 w-8 rounded-lg">
-									<AvatarImage
-										src={user.avatar}
-										alt={user.name}
-									/>
+									<AvatarImage src={image} alt={name} />
 									<AvatarFallback className="rounded-lg">
 										CN
 									</AvatarFallback>
 								</Avatar>
 								<div className="grid flex-1 text-left text-sm leading-tight">
 									<span className="truncate font-semibold">
-										{user.name}
+										{name}
 									</span>
 									<span className="truncate text-xs">
 										{user.email}
@@ -116,7 +109,12 @@ export function NavUser({
 							</DropdownMenuItem>
 						</DropdownMenuGroup>
 						<DropdownMenuSeparator />
-						<DropdownMenuItem>
+						<DropdownMenuItem
+							onClick={async () => {
+								await deleteCookie("auth_token");
+								router.push("/");
+							}}
+						>
 							<LogOut />
 							Log out
 						</DropdownMenuItem>
@@ -125,4 +123,4 @@ export function NavUser({
 			</SidebarMenuItem>
 		</SidebarMenu>
 	);
-}
+};
diff --git a/frontend/hooks/use-api.tsx b/frontend/hooks/use-api.tsx
new file mode 100644
index 0000000..6ac280f
--- /dev/null
+++ b/frontend/hooks/use-api.tsx
@@ -0,0 +1,109 @@
+"use client";
+import { API_URL } from "@/lib/constants";
+import { getCookie } from "cookies-next";
+import useSWR, { SWRConfiguration } from "swr";
+import useSWRMutation, { type SWRMutationConfiguration } from "swr/mutation";
+
+export interface ApiResponse<T> {
+	status: "Error" | "Success";
+	message: string;
+	data?: T;
+}
+
+async function request<T>(
+	url: string,
+	options: {
+		method?: "GET" | "POST" | "PATCH" | "DELETE";
+		body?: any;
+		requiresAuth?: boolean;
+	} = {},
+): Promise<ApiResponse<T>> {
+	const { method = "GET", body, requiresAuth = true } = options;
+	const headers: Record<string, string> = {
+		"Content-Type": "application/json",
+	};
+
+	if (requiresAuth) {
+		const authToken = getCookie("auth_token");
+		if (!authToken) {
+			throw new Error("User is not authenticated");
+		}
+		headers.Authorization = `Bearer ${authToken}`;
+	}
+
+	const response = await fetch(`${API_URL}${url}`, {
+		method,
+		headers,
+		body: body ? JSON.stringify(body) : undefined,
+	});
+
+	const apiResponse: ApiResponse<T> = await response.json();
+
+	if (apiResponse.status === "Error") {
+		throw new Error(apiResponse.message || "An unexpected error occurred");
+	}
+
+	return apiResponse;
+}
+
+async function fetcher<T>(
+	url: string,
+	requiresAuth: boolean = true,
+): Promise<ApiResponse<T>> {
+	return request(url, { requiresAuth });
+}
+
+async function mutationHandler<T, A>(
+	url: string,
+	{
+		arg,
+		method,
+		requiresAuth,
+	}: {
+		arg: A;
+		method: "GET" | "POST" | "PATCH" | "DELETE";
+		requiresAuth: boolean;
+	},
+): Promise<ApiResponse<T>> {
+	return request(url, { method, body: arg, requiresAuth });
+}
+
+export function useApi<T>(
+	url: string,
+	config?: SWRConfiguration,
+	requiresAuth: boolean = true,
+) {
+	const swr = useSWR<ApiResponse<T>>(
+		url,
+		() => fetcher(url, requiresAuth),
+		config,
+	);
+
+	return {
+		...swr,
+		data: swr.data?.data,
+		isLoading: swr.isLoading || swr.isValidating,
+		success: swr.data?.status === "Success",
+	};
+}
+
+export default function useApiMutation<T, A>(
+	endpoint: string,
+	config?: SWRMutationConfiguration<ApiResponse<T>, Error, string, A>,
+	method: "GET" | "POST" | "PATCH" | "DELETE" = "GET",
+	requiresAuth: boolean = false,
+) {
+	const mutation = useSWRMutation<ApiResponse<T>, Error, string, A>(
+		endpoint,
+		(url, { arg }) => mutationHandler(url, { arg, method, requiresAuth }),
+		config,
+	);
+	return {
+		...mutation,
+		trigger: mutation.trigger as (
+			arg: A,
+		) => Promise<ApiResponse<T> | undefined>,
+		data: mutation.data?.data,
+		isSuccess: mutation.data?.status === "Success",
+	};
+}
diff --git a/frontend/hooks/use-login.tsx b/frontend/hooks/use-login.tsx
new file mode 100644
index 0000000..0afbe60
--- /dev/null
+++ b/frontend/hooks/use-login.tsx
@@ -0,0 +1,31 @@
+"use client";
+
+import { setCookie } from "cookies-next";
+import useApiMutation from "./use-api";
+
+export interface LoginArgs {
+	email: string;
+	password: string;
+}
+
+export default function useLogin() {
+	const {
+		trigger,
+		isMutating: loading,
+		isSuccess,
+	} = useApiMutation<string, LoginArgs>("/users/login", undefined, "POST");
+
+	const login = async (inputs: LoginArgs) => {
+		try {
+			const res = await trigger(inputs);
+			if (!res) throw new Error("The server hasn't responded.");
+			if (res.status === "Error") throw new Error(res.message);
+			if (res.data) setCookie("auth_token", res.data);
+			return res;
+		} catch (error: any) {
+			throw new Error(error.message);
+		}
+	};
+
+	return { login, loading, isSuccess };
+}
diff --git a/frontend/hooks/use-me.tsx b/frontend/hooks/use-me.tsx
new file mode 100644
index 0000000..76b97ce
--- /dev/null
+++ b/frontend/hooks/use-me.tsx
@@ -0,0 +1,16 @@
+"use client";
+
+import IUser from "@/interfaces/IUser";
+import { useApi } from "./use-api";
+
+export default function useMe() {
+	const {
+		data: user,
+		isLoading,
+		mutate,
+		error,
+		success,
+	} = useApi<IUser>("/users/me", undefined, true);
+
+	return { user, isLoading, success, error, mutate };
+}
diff --git a/frontend/interfaces/IUser.ts b/frontend/interfaces/IUser.ts
new file mode 100644
index 0000000..7b593fe
--- /dev/null
+++ b/frontend/interfaces/IUser.ts
@@ -0,0 +1,10 @@
+export default interface IUser {
+	userId: string;
+	firstname: string;
+	lastname: string;
+	email: string;
+	phone: string;
+	role: string;
+	createdAt: Date;
+	updatedAt: Date;
+}
diff --git a/frontend/lib/constants.ts b/frontend/lib/constants.ts
new file mode 100644
index 0000000..7ef418c
--- /dev/null
+++ b/frontend/lib/constants.ts
@@ -0,0 +1 @@
+export const API_URL = `http://localhost:${process.env.NEXT_PUBLIC_BACKEND_PORT}`;
diff --git a/frontend/middleware.ts b/frontend/middleware.ts
new file mode 100644
index 0000000..74eee25
--- /dev/null
+++ b/frontend/middleware.ts
@@ -0,0 +1,43 @@
+import { NextRequest, NextResponse } from "next/server";
+import { ApiResponse } from "./hooks/use-api";
+import { API_URL } from "./lib/constants";
+import IUser from "./interfaces/IUser";
+
+export async function middleware(request: NextRequest) {
+	const sessionCookie = request.cookies.get("auth_token")?.value;
+	if (!sessionCookie) {
+		return NextResponse.redirect(
+			new URL(
+				`/login?redirectTo=${encodeURIComponent(request.url)}`,
+				request.url,
+			),
+		);
+	}
+
+	try {
+		const res = await fetch(`${API_URL}/users/me`, {
+			headers: { Authorization: `Bearer ${sessionCookie}` },
+		});
+		const js: ApiResponse<IUser> = await res.json();
+		if (js.status === "Error")
+			return NextResponse.redirect(
+				new URL(
+					`/login?redirectTo=${encodeURIComponent(request.url)}`,
+					request.url,
+				),
+			);
+	} catch (e: any) {
+		return NextResponse.redirect(
+			new URL(
+				`/login?redirectTo=${encodeURIComponent(request.url)}`,
+				request.url,
+			),
+		);
+	}
+
+	return NextResponse.next();
+}
+
+export const config = {
+	matcher: ["/dashboard/:path*"],
+};
diff --git a/frontend/next.config.ts b/frontend/next.config.ts
index b9b9e42..de9111d 100644
--- a/frontend/next.config.ts
+++ b/frontend/next.config.ts
@@ -3,19 +3,16 @@ import type { NextConfig } from "next";
 const nextConfig: NextConfig = {
 	/* config options here */
 	output: "standalone",
-	async redirects() {
-		if (!process.env.BACKEND_PORT) {
-			throw new Error(
-				"Environment variable BACKEND_PORT is not defined.",
-			);
-		}
-		return [
+	images: {
+		remotePatterns: [
 			{
-				source: "/api/:path",
-				destination: `http://localhost:${process.env.BACKEND_PORT}/:path`,
-				permanent: false,
+				protocol: "https",
+				hostname: "avatar.vercel.sh",
 			},
-		];
+		],
+	},
+	env: {
+		NEXT_PUBLIC_BACKEND_PORT: process.env.BACKEND_PORT,
 	},
 };
 
diff --git a/frontend/package-lock.json b/frontend/package-lock.json
index acaae52..fdbbf56 100644
--- a/frontend/package-lock.json
+++ b/frontend/package-lock.json
@@ -21,12 +21,14 @@
 				"@radix-ui/react-tooltip": "^1.1.6",
 				"class-variance-authority": "^0.7.1",
 				"clsx": "^2.1.1",
+				"cookies-next": "^5.1.0",
 				"embla-carousel-react": "^8.5.2",
 				"lucide-react": "^0.471.1",
 				"next": "15.1.4",
 				"react": "^19.0.0",
 				"react-dom": "^19.0.0",
 				"react-icons": "^5.4.0",
+				"swr": "^2.3.0",
 				"tailwind-merge": "^2.6.0",
 				"tailwindcss-animate": "^1.0.7"
 			},
@@ -2678,6 +2680,28 @@
 			"dev": true,
 			"license": "MIT"
 		},
+		"node_modules/cookie": {
+			"version": "1.0.2",
+			"resolved": "https://registry.npmjs.org/cookie/-/cookie-1.0.2.tgz",
+			"integrity": "sha512-9Kr/j4O16ISv8zBBhJoi4bXOYNTkFLOqSL3UDB0njXxCXNezjeyVrJyGOWtgfs/q2km1gwBcfH8q1yEGoMYunA==",
+			"license": "MIT",
+			"engines": {
+				"node": ">=18"
+			}
+		},
+		"node_modules/cookies-next": {
+			"version": "5.1.0",
+			"resolved": "https://registry.npmjs.org/cookies-next/-/cookies-next-5.1.0.tgz",
+			"integrity": "sha512-9Ekne+q8hfziJtnT9c1yDUBqT0eDMGgPrfPl4bpR3xwQHLTd/8gbSf6+IEkP/pjGsDZt1TGbC6emYmFYRbIXwQ==",
+			"license": "MIT",
+			"dependencies": {
+				"cookie": "^1.0.1"
+			},
+			"peerDependencies": {
+				"next": ">=15.0.0",
+				"react": ">= 16.8.0"
+			}
+		},
 		"node_modules/cross-spawn": {
 			"version": "7.0.6",
 			"resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.6.tgz",
@@ -2833,6 +2857,15 @@
 				"url": "https://github.com/sponsors/ljharb"
 			}
 		},
+		"node_modules/dequal": {
+			"version": "2.0.3",
+			"resolved": "https://registry.npmjs.org/dequal/-/dequal-2.0.3.tgz",
+			"integrity": "sha512-0je+qPKHEMohvfRTCEo3CrPG6cAzAYgmzKyxRiYSSDkS6eGJdyVJm7WaYA5ECaAD9wLB2T4EEeymA5aFVcYXCA==",
+			"license": "MIT",
+			"engines": {
+				"node": ">=6"
+			}
+		},
 		"node_modules/detect-libc": {
 			"version": "2.0.3",
 			"resolved": "https://registry.npmjs.org/detect-libc/-/detect-libc-2.0.3.tgz",
@@ -6321,6 +6354,19 @@
 				"url": "https://github.com/sponsors/ljharb"
 			}
 		},
+		"node_modules/swr": {
+			"version": "2.3.0",
+			"resolved": "https://registry.npmjs.org/swr/-/swr-2.3.0.tgz",
+			"integrity": "sha512-NyZ76wA4yElZWBHzSgEJc28a0u6QZvhb6w0azeL2k7+Q1gAzVK+IqQYXhVOC/mzi+HZIozrZvBVeSeOZNR2bqA==",
+			"license": "MIT",
+			"dependencies": {
+				"dequal": "^2.0.3",
+				"use-sync-external-store": "^1.4.0"
+			},
+			"peerDependencies": {
+				"react": "^16.11.0 || ^17.0.0 || ^18.0.0 || ^19.0.0"
+			}
+		},
 		"node_modules/tailwind-merge": {
 			"version": "2.6.0",
 			"resolved": "https://registry.npmjs.org/tailwind-merge/-/tailwind-merge-2.6.0.tgz",
@@ -6670,6 +6716,15 @@
 				}
 			}
 		},
+		"node_modules/use-sync-external-store": {
+			"version": "1.4.0",
+			"resolved": "https://registry.npmjs.org/use-sync-external-store/-/use-sync-external-store-1.4.0.tgz",
+			"integrity": "sha512-9WXSPC5fMv61vaupRkCKCxsPxBocVnwakBEkMIHHpkTTg6icbJtg6jzgtLDm4bl3cSHAca52rYWih0k4K3PfHw==",
+			"license": "MIT",
+			"peerDependencies": {
+				"react": "^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0"
+			}
+		},
 		"node_modules/util-deprecate": {
 			"version": "1.0.2",
 			"resolved": "https://registry.npmjs.org/util-deprecate/-/util-deprecate-1.0.2.tgz",
diff --git a/frontend/package.json b/frontend/package.json
index c2025ca..114b902 100644
--- a/frontend/package.json
+++ b/frontend/package.json
@@ -22,6 +22,7 @@
 		"@radix-ui/react-tooltip": "^1.1.6",
 		"class-variance-authority": "^0.7.1",
 		"clsx": "^2.1.1",
+		"cookies-next": "^5.1.0",
 		"embla-carousel-react": "^8.5.2",
 		"lucide-react": "^0.471.1",
 		"next": "15.1.4",
diff --git a/nginx.conf b/nginx.conf
index 068fe32..198bdb4 100644
--- a/nginx.conf
+++ b/nginx.conf
@@ -8,12 +8,4 @@ server {
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto $scheme;
     }
-
-	location /api {
-        proxy_pass http://localhost:BACKEND_PORT; # Set backend port based on what you have exposed
-        proxy_set_header Host $host;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
-	}
 }