Add authentication, authorization, and team-scoped access control

Implement email/password auth with JWT sessions and API key auth for sandbox lifecycle. Users get a default team on signup; sandboxes, snapshots, and API keys are scoped to teams. - Add user, team, users_teams, and team_api_keys tables (goose migrations) - Add JWT middleware (Bearer token) for user management endpoints - Add API key middleware (X-API-Key header, SHA-256 hashed) for sandbox ops - Add signup/login handlers with transactional user+team creation - Add API key CRUD endpoints (create/list/delete) - Replace owner_id with team_id on sandboxes and templates - Update all handlers to use team-scoped queries - Add godotenv for .env file loading - Update OpenAPI spec and test UI with auth flows
2026-03-14 03:57:06 +06:00
parent 712b77b01c
commit c92cc29b88
37 changed files with 1722 additions and 82 deletions
--- a/internal/db/models.go
+++ b/internal/db/models.go
@ -10,7 +10,6 @@ import (

 type Sandbox struct {
 	ID           string             `json:"id"`
-	OwnerID      string             `json:"owner_id"`
 	HostID       string             `json:"host_id"`
 	Template     string             `json:"template"`
 	Status       string             `json:"status"`
@ -23,6 +22,24 @@ type Sandbox struct {
 	StartedAt    pgtype.Timestamptz `json:"started_at"`
 	LastActiveAt pgtype.Timestamptz `json:"last_active_at"`
 	LastUpdated  pgtype.Timestamptz `json:"last_updated"`
+	TeamID       string             `json:"team_id"`
+}
+
+type Team struct {
+	ID        string             `json:"id"`
+	Name      string             `json:"name"`
+	CreatedAt pgtype.Timestamptz `json:"created_at"`
+}
+
+type TeamApiKey struct {
+	ID        string             `json:"id"`
+	TeamID    string             `json:"team_id"`
+	Name      string             `json:"name"`
+	KeyHash   string             `json:"key_hash"`
+	KeyPrefix string             `json:"key_prefix"`
+	CreatedBy string             `json:"created_by"`
+	CreatedAt pgtype.Timestamptz `json:"created_at"`
+	LastUsed  pgtype.Timestamptz `json:"last_used"`
 }

 type Template struct {
@ -32,4 +49,21 @@ type Template struct {
 	MemoryMb  pgtype.Int4        `json:"memory_mb"`
 	SizeBytes int64              `json:"size_bytes"`
 	CreatedAt pgtype.Timestamptz `json:"created_at"`
+	TeamID    string             `json:"team_id"`
+}
+
+type User struct {
+	ID           string             `json:"id"`
+	Email        string             `json:"email"`
+	PasswordHash string             `json:"password_hash"`
+	CreatedAt    pgtype.Timestamptz `json:"created_at"`
+	UpdatedAt    pgtype.Timestamptz `json:"updated_at"`
+}
+
+type UsersTeam struct {
+	UserID    string             `json:"user_id"`
+	TeamID    string             `json:"team_id"`
+	IsDefault bool               `json:"is_default"`
+	Role      string             `json:"role"`
+	CreatedAt pgtype.Timestamptz `json:"created_at"`
 }