feat(event): add JWT-based user filtering for registration

Kocannn · Kocannn · commit 73db5e5dcb7e · 2025-08-06T21:39:03.000+08:00
- Refactor event registration and listing to require JWT token.
- Filter registration list by user email extracted from JWT.
- Move registration creation to protected route and use JWT user data
  for name and email fields.
- Update repository, usecase, and handler signatures to pass token.
- Add utility for extracting Bearer token from HTTP headers.
- Improve error handling for unauthorized access.
diff --git a/app/app.go b/app/app.go
@@ -49,7 +49,7 @@ func InitApp(
 	// usecase
 	userUsecase := users.InitUsecase(cfg, userRepo, dbTx, jwtInstance)
 	newsletterUC := newsletters.InitUsecase(cfg, newsletterRepo, dbTx, jwt.NewJwt(cfg.JWT_SECRET_KEY))
-	eventUC := events.InitUsecase(cfg, eventRepo, imgRepo, dbTx)
+	eventUC := events.InitUsecase(cfg, eventRepo, imgRepo, dbTx, jwtInstance)
 	imgUc := images.InitUsecase(imgRepo, dbTx)
 	blogPostUc := blogPost.InitUseCase(blogPostRepo, jwtInstance)
 
diff --git a/app/events/delivery/http/list_registration.go b/app/events/delivery/http/list_registration.go
@@ -34,6 +34,7 @@ func (h Handler) ListRegistration(w http.ResponseWriter, r *http.Request) {
 		}, w)
 		return
 	}
+	token := utils.ExtractBearerToken(r)
 
 	startDate, _ := utils.ParseDate(r.URL.Query().Get("start_date"))
 	endDate, _ := utils.ParseDate(r.URL.Query().Get("end_date"))
@@ -43,7 +44,7 @@ func (h Handler) ListRegistration(w http.ResponseWriter, r *http.Request) {
 		StartDate:        startDate,
 		EndDate:          endDate,
 		FilterPagination: flterPagination,
-	})
+	}, *token)
 
 	if err != nil {
 		ngelog.Error(r.Context(), "failed to list registration event", err)
diff --git a/app/events/delivery/http/register_event.go b/app/events/delivery/http/register_event.go
@@ -32,6 +32,17 @@ func (h Handler) RegisterEvent(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	token := utils.ExtractBearerToken(r)
+
+	if err != nil {
+		ngelog.Error(r.Context(), "failed to verify token", err)
+		utils.Response(domain.HttpResponse{
+			Code:    http.StatusUnauthorized,
+			Message: "Unauthorized",
+		}, w)
+		return
+	}
+
 	var payload domain.RegisterEventPayload
 	if err := json.Unmarshal(bodyBytes, &payload); err != nil {
 		ngelog.Error(r.Context(), "failed to unmarshal payload", err)
@@ -41,7 +52,7 @@ func (h Handler) RegisterEvent(w http.ResponseWriter, r *http.Request) {
 		}, w)
 		return
 	}
-	data, err := h.usecase.CreateRegistrationEvent(r.Context(), payload)
+	data, err := h.usecase.CreateRegistrationEvent(r.Context(), payload, *token)
 	if err != nil {
 		ngelog.Error(r.Context(), "failed to create registration event", err)
 		resp := utils.CustomErrorResponse(err)
diff --git a/app/events/events.go b/app/events/events.go
@@ -8,14 +8,15 @@ import (
 	"github.com/hammer-code/lms-be/config"
 	"github.com/hammer-code/lms-be/domain"
 	"github.com/hammer-code/lms-be/pkg/db"
+	"github.com/hammer-code/lms-be/pkg/jwt"
 )
 
 func InitRepository(db db.DatabaseTransaction) domain.EventRepository {
 	return repository.NewRepository(db)
 }
 
-func InitUsecase(cfg config.Config, repository domain.EventRepository, imageRepository domain.ImageRepository, dbTX db.DatabaseTransaction) domain.EventUsecase {
-	return usecase.NewUsecase(cfg, repository, imageRepository, dbTX)
+func InitUsecase(cfg config.Config, repository domain.EventRepository, imageRepository domain.ImageRepository, dbTX db.DatabaseTransaction, jwt jwt.JWT) domain.EventUsecase {
+	return usecase.NewUsecase(cfg, repository, imageRepository, dbTX, jwt)
 }
 
 func InitHandler(uc domain.EventUsecase) domain.EventHandler {
diff --git a/app/events/repository/list_registration.go b/app/events/repository/list_registration.go
@@ -6,11 +6,9 @@ import (
 	"github.com/hammer-code/lms-be/domain"
 )
 
-func (repo *repository) ListRegistration(ctx context.Context, filter domain.EventFilter) (tData int, data []domain.RegistrationEvent, err error) {
+func (repo *repository) ListRegistration(ctx context.Context, filter domain.EventFilter, email string) (tData int, data []domain.RegistrationEvent, err error) {
 	db := repo.db.DB(ctx).Model(&domain.RegistrationEvent{})
 
-	var totalData int64
-
 	if filter.Status != "" {
 		db = db.Where("status = ?", filter.Status)
 	}
@@ -19,17 +17,24 @@ func (repo *repository) ListRegistration(ctx context.Context, filter domain.Even
 		db = db.Where("start_date > ?", filter.StartDate)
 	}
 
-	if filter.StartDate.Valid {
+	if filter.EndDate.Valid {
 		db = db.Where("end_date < ?", filter.EndDate)
 	}
 
+	if email != "" {
+		db = db.Where("email = ?", email)
+	}
+
+	var totalData int64
 	db.Count(&totalData)
 
 	err = db.Limit(filter.FilterPagination.GetLimit()).
-		Offset(filter.FilterPagination.GetOffset()).Find(&data).Error
+		Offset(filter.FilterPagination.GetOffset()).
+		Find(&data).Error
 	if err != nil {
 		return
 	}
 
 	return int(totalData), data, err
-}
+}
+
diff --git a/app/events/usecase/create_registration_event.go b/app/events/usecase/create_registration_event.go
@@ -15,7 +15,7 @@ import (
 	"github.com/sirupsen/logrus"
 )
 
-func (uc usecase) CreateRegistrationEvent(ctx context.Context, payload domain.RegisterEventPayload) (domain.RegisterEventResponse, error) {
+func (uc usecase) CreateRegistrationEvent(ctx context.Context, payload domain.RegisterEventPayload, token string) (domain.RegisterEventResponse, error) {
 	event, err := uc.repository.GetEvent(ctx, payload.EventID)
 	if err != nil {
 		err = utils.NewInternalServerError(ctx, err)
@@ -41,6 +41,11 @@ func (uc usecase) CreateRegistrationEvent(ctx context.Context, payload domain.Re
 		}
 	}
 
+	userData, err := uc.jwt.VerifyToken(token)
+	if err != nil {
+		return domain.RegisterEventResponse{}, fmt.Errorf("failed to verify token: %w", err)
+	}
+
 	hash := hash.GenerateHash(time.Now().Format("2006-01-02 15:04:05"))
 
 	orderNo := fmt.Sprintf("TXE-%d-%s%s%s%s", event.ID, time.Now().Format("06"), time.Now().Format("01"), time.Now().Format("02"), hash[0:4])
@@ -84,12 +89,12 @@ func (uc usecase) CreateRegistrationEvent(ctx context.Context, payload domain.Re
 	if err := emailPayload.AddReceiver(
 		ctx,
 		email.Receiver{
-			Email: payload.Email,
+			Email: userData.Email,
 			Data: map[string]interface{}{
-				"name":     payload.Name,
+				"name":     userData.UserName,
 				"title":    event.Title,
 				"price":    event.Price,
-				"email":    payload.Email,
+				"email":    userData.Email,
 				"order_no": orderNo,
 				"year":     time.Now().Format("2006"),
 				"date":     formattedDate,
@@ -131,8 +136,8 @@ func (uc usecase) CreateRegistrationEvent(ctx context.Context, payload domain.Re
 		rId, err := uc.repository.CreateRegistrationEvent(txCtx, domain.RegistrationEvent{
 			OrderNo:     orderNo,
 			EventID:     event.ID,
-			Name:        payload.Name,
-			Email:       payload.Email,
+			Name:        userData.UserName,
+			Email:       userData.Email,
 			PhoneNumber: payload.PhoneNumber,
 			Status:      status,
 			UpToYou:     upToYou,
diff --git a/app/events/usecase/list_registration_event.go b/app/events/usecase/list_registration_event.go
@@ -7,8 +7,14 @@ import (
 	"github.com/hammer-code/lms-be/utils"
 )
 
-func (uc usecase) ListRegistration(ctx context.Context, filter domain.EventFilter) (resp []domain.RegistrationEvent, pagination domain.Pagination, err error) {
-	tData, datas, err := uc.repository.ListRegistration(ctx, filter)
+func (uc usecase) ListRegistration(ctx context.Context, filter domain.EventFilter, token string) (resp []domain.RegistrationEvent, pagination domain.Pagination, err error) {
+
+	userData, err := uc.jwt.VerifyToken(token)
+	if err != nil {
+		return nil, domain.Pagination{}, utils.NewUnauthorizedError(ctx, "unauthorized", err)
+	}
+
+	tData, datas, err := uc.repository.ListRegistration(ctx, filter, userData.Email)
 	if err != nil {
 		err = utils.NewInternalServerError(ctx, err)
 		return
diff --git a/app/events/usecase/usecase.go b/app/events/usecase/usecase.go
@@ -4,26 +4,29 @@ import (
 	"github.com/hammer-code/lms-be/config"
 	"github.com/hammer-code/lms-be/domain"
 	"github.com/hammer-code/lms-be/pkg/db"
+	"github.com/hammer-code/lms-be/pkg/jwt"
 )
 
 type usecase struct {
 	repository      domain.EventRepository
 	imageRepository domain.ImageRepository
 	cfg             config.Config
 	dbTX            db.DatabaseTransaction
+	jwt             jwt.JWT
 }
 
 var (
 	uc *usecase
 )
 
-func NewUsecase(cfg config.Config, repository domain.EventRepository, imageRepository domain.ImageRepository, dbTX db.DatabaseTransaction) domain.EventUsecase {
+func NewUsecase(cfg config.Config, repository domain.EventRepository, imageRepository domain.ImageRepository, dbTX db.DatabaseTransaction, jwt jwt.JWT) domain.EventUsecase {
 	if uc == nil {
 		uc = &usecase{
 			repository:      repository,
 			imageRepository: imageRepository,
 			dbTX:            dbTX,
 			cfg:             cfg,
+			jwt:             jwt,
 		}
 	}
 
diff --git a/cmd/serve_http.go b/cmd/serve_http.go
@@ -151,7 +151,6 @@ func registerHandler(app app.App) *mux.Router {
 	public.HandleFunc("/events", app.EventHandler.List).Methods(http.MethodGet)
 	public.HandleFunc("/events/{id}", app.EventHandler.GetEventByID).Methods(http.MethodGet)
 	public.HandleFunc("/images", app.ImageHandler.UploadImage).Methods(http.MethodPost)
-	public.HandleFunc("/events/registrations", app.EventHandler.RegisterEvent).Methods(http.MethodPost)
 	public.HandleFunc("/events/registrations/{order_no}", app.EventHandler.RegistrationStatus).Methods(http.MethodGet)
 	public.HandleFunc("/events/pay", app.EventHandler.PayEvent).Methods(http.MethodPost)
 	public.HandleFunc("/blogs", app.BlogPostHandler.GetAllBlogPosts).Methods(http.MethodGet)
@@ -176,6 +175,8 @@ func registerHandler(app app.App) *mux.Router {
 	protectedV1Route.HandleFunc("/events/pays", app.EventHandler.ListEventPay).Methods(http.MethodGet)
 	protectedV1Route.HandleFunc("/events/pays", app.EventHandler.PayProcess).Methods(http.MethodPost)
 	protectedV1Route.HandleFunc("/events/{id}", app.EventHandler.GetEventByID).Methods(http.MethodGet)
+	protectedV1Route.HandleFunc("/events/registrations", app.EventHandler.RegisterEvent).Methods(http.MethodPost)
+
 	protectedV1Route.HandleFunc("/images", app.ImageHandler.UploadImage).Methods(http.MethodPost)
 
 	protectedV1Route.HandleFunc("/blogs", app.BlogPostHandler.CreateBlogPost).Methods(http.MethodPost)
diff --git a/domain/event.go b/domain/event.go
@@ -22,7 +22,7 @@ type EventRepository interface {
 	GetEvent(ctx context.Context, eventID uint) (data Event, err error)
 	DeleteEvent(ctx context.Context, eventID uint) (err error)
 	GetRegistrationEvent(ctx context.Context, orderNo string) (data RegistrationEvent, err error)
-	ListRegistration(ctx context.Context, filter EventFilter) (tData int, data []RegistrationEvent, err error)
+	ListRegistration(ctx context.Context, filter EventFilter, email string) (tData int, data []RegistrationEvent, err error)
 	ListEventPay(ctx context.Context, filter EventFilter) (tData int, data []EventPay, err error)
 	UpdateEventPay(ctx context.Context, event EventPay) error
 	GetEventPay(ctx context.Context, orderNo string) (data EventPay, err error)
@@ -34,12 +34,12 @@ type EventUsecase interface {
 	CreateEvent(ctx context.Context, payload CreateEventPayload) error
 	UpdateEvent(ctx context.Context, id uint, payload UpdateEventPayload) error
 	GetEvents(ctx context.Context, filter EventFilter) (data []Event, pagination Pagination, err error)
-	CreateRegistrationEvent(ctx context.Context, payload RegisterEventPayload) (RegisterEventResponse, error)
+	CreateRegistrationEvent(ctx context.Context, payload RegisterEventPayload, token string) (RegisterEventResponse, error)
 	CreateEventPay(ctx context.Context, payload EventPayPayload) error
 	GetEventByID(ctx context.Context, id uint) (resp Event, err error)
 	DeleteEvent(ctx context.Context, id uint) (err error)
 	RegistrationStatus(ctx context.Context, orderNo string) (resp RegisterStatusResponse, err error)
-	ListRegistration(ctx context.Context, filter EventFilter) (resp []RegistrationEvent, pagination Pagination, err error)
+	ListRegistration(ctx context.Context, filter EventFilter, token string) (resp []RegistrationEvent, pagination Pagination, err error)
 	ListEventPay(ctx context.Context, filter EventFilter) (data []EventPay, pagination Pagination, err error)
 	PayProcess(ctx context.Context, payload PayProcessPayload) error
 }
diff --git a/pkg/jwt/verify_token.go b/pkg/jwt/verify_token.go
@@ -4,6 +4,16 @@ import (
 	"github.com/golang-jwt/jwt/v5"
 )
 
+// VerifyToken verifies the given JWT token string using the configured secret key.
+// It parses the token and returns the custom claims if the token is valid.
+// Returns an error if the token is invalid or cannot be parsed.
+//
+// Parameters:
+//   - token: the JWT token string to be verified
+//
+// Returns:
+//   - *JwtCustomClaims: the custom claims extracted from the token if valid
+//   - error: error if the token is invalid or parsing fails
 func (j *jwtConfig) VerifyToken(token string) (*JwtCustomClaims, error) {
 	tkn, err := jwt.ParseWithClaims(token, &JwtCustomClaims{}, func(token *jwt.Token) (interface{}, error) {
 		return []byte(j.SecretKey), nil
diff --git a/utils/http_headers.go b/utils/http_headers.go
@@ -5,6 +5,15 @@ import (
 	"strings"
 )
 
+// ExtractBearerToken extracts the Bearer token from the Authorization header of an HTTP request.
+// If the Authorization header does not start with "Bearer ", it returns the header value as is.
+// If the header starts with "Bearer ", it returns the token part after "Bearer ".
+//
+// Parameters:
+//   - r: pointer to http.Request from which to extract the token
+//
+// Returns:
+//   - *string: pointer to the extracted token string
 func ExtractBearerToken(r *http.Request) *string {
 	token := r.Header.Get("Authorization")
 	if !strings.HasPrefix(token, "Bearer ") {

Original file line number	Diff line number	Diff line change
`@@ -8,14 +8,15 @@ import (`
`8`	`8`	`"github.com/hammer-code/lms-be/config"`
`9`	`9`	`"github.com/hammer-code/lms-be/domain"`
`10`	`10`	`"github.com/hammer-code/lms-be/pkg/db"`
	`11`	`+ "github.com/hammer-code/lms-be/pkg/jwt"`
`11`	`12`	`)`
`12`	`13`
`13`	`14`	`func InitRepository(db db.DatabaseTransaction) domain.EventRepository {`
`14`	`15`	`return repository.NewRepository(db)`
`15`	`16`	`}`
`16`	`17`
`17`		`-func InitUsecase(cfg config.Config, repository domain.EventRepository, imageRepository domain.ImageRepository, dbTX db.DatabaseTransaction) domain.EventUsecase {`
`18`		`- return usecase.NewUsecase(cfg, repository, imageRepository, dbTX)`
	`18`	`+func InitUsecase(cfg config.Config, repository domain.EventRepository, imageRepository domain.ImageRepository, dbTX db.DatabaseTransaction, jwt jwt.JWT) domain.EventUsecase {`
	`19`	`+ return usecase.NewUsecase(cfg, repository, imageRepository, dbTX, jwt)`
`19`	`20`	`}`
`20`	`21`
`21`	`22`	`func InitHandler(uc domain.EventUsecase) domain.EventHandler {`
Original file line number	Diff line number	Diff line change
`@@ -4,26 +4,29 @@ import (`
`4`	`4`	`"github.com/hammer-code/lms-be/config"`
`5`	`5`	`"github.com/hammer-code/lms-be/domain"`
`6`	`6`	`"github.com/hammer-code/lms-be/pkg/db"`
	`7`	`+ "github.com/hammer-code/lms-be/pkg/jwt"`
`7`	`8`	`)`
`8`	`9`
`9`	`10`	`type usecase struct {`
`10`	`11`	`repository domain.EventRepository`
`11`	`12`	`imageRepository domain.ImageRepository`
`12`	`13`	`cfg config.Config`
`13`	`14`	`dbTX db.DatabaseTransaction`
	`15`	`+ jwt jwt.JWT`
`14`	`16`	`}`
`15`	`17`
`16`	`18`	`var (`
`17`	`19`	`uc *usecase`
`18`	`20`	`)`
`19`	`21`
`20`		`-func NewUsecase(cfg config.Config, repository domain.EventRepository, imageRepository domain.ImageRepository, dbTX db.DatabaseTransaction) domain.EventUsecase {`
	`22`	`+func NewUsecase(cfg config.Config, repository domain.EventRepository, imageRepository domain.ImageRepository, dbTX db.DatabaseTransaction, jwt jwt.JWT) domain.EventUsecase {`
`21`	`23`	`if uc == nil {`
`22`	`24`	`uc = &usecase{`
`23`	`25`	`repository: repository,`
`24`	`26`	`imageRepository: imageRepository,`
`25`	`27`	`dbTX: dbTX,`
`26`	`28`	`cfg: cfg,`
	`29`	`+ jwt: jwt,`
`27`	`30`	`}`
`28`	`31`	`}`
`29`	`32`