Initial fullstack project setup with Next.js 15, Gin, PostgreSQL and Docker Compose

- Frontend: Next.js 15 (App Router), Auth.js v5, shadcn/ui, MagicUI
- Backend: Go + Gin + GORM with layered architecture
- Auth: Local credentials login with optional Keycloak OAuth binding
- Admin: RBAC user management for admin role
- Dev: Docker Compose with hot reload for both frontend and backend
- Docker: 3-service orchestration (frontend, backend, postgres)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

backend/internal/handler/admin.go

@@ -0,0 +1,68 @@
+package handler
+
+import (
+	"net/http"
+	"strconv"
+
+	"evanpage-backend/internal/service"
+	"github.com/gin-gonic/gin"
+)
+
+type AdminHandler struct {
+	userService *service.UserService
+}
+
+func NewAdminHandler(userService *service.UserService) *AdminHandler {
+	return &AdminHandler{userService: userService}
+}
+
+func (h *AdminHandler) ListUsers(c *gin.Context) {
+	users, err := h.userService.ListUsers()
+	if err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
+		return
+	}
+	c.JSON(http.StatusOK, gin.H{"users": users})
+}
+
+func (h *AdminHandler) CreateUser(c *gin.Context) {
+	var req struct {
+		Username string `json:"username" binding:"required"`
+		Email    string `json:"email" binding:"required,email"`
+		Password string `json:"password" binding:"required,min=6"`
+		Role     string `json:"role" binding:"required"`
+	}
+	if err := c.ShouldBindJSON(&req); err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+		return
+	}
+
+	user, err := h.userService.Register(req.Username, req.Email, req.Password, req.Role)
+	if err != nil {
+		c.JSON(http.StatusConflict, gin.H{"error": err.Error()})
+		return
+	}
+
+	c.JSON(http.StatusCreated, gin.H{
+		"id":       user.ID,
+		"username": user.Username,
+		"email":    user.Email,
+		"role":     user.Role,
+	})
+}
+
+func (h *AdminHandler) DeleteUser(c *gin.Context) {
+	idStr := c.Param("id")
+	id, err := strconv.ParseUint(idStr, 10, 32)
+	if err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "invalid id"})
+		return
+	}
+
+	if err := h.userService.DeleteUser(uint(id)); err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
+		return
+	}
+
+	c.JSON(http.StatusOK, gin.H{"message": "user deleted"})
+}

backend/internal/handler/auth.go

@@ -0,0 +1,156 @@
+package handler
+
+import (
+	"net/http"
+
+	"evanpage-backend/internal/service"
+	"github.com/gin-gonic/gin"
+)
+
+type AuthHandler struct {
+	userService *service.UserService
+}
+
+func NewAuthHandler(userService *service.UserService) *AuthHandler {
+	return &AuthHandler{userService: userService}
+}
+
+func (h *AuthHandler) Register(c *gin.Context) {
+	var req struct {
+		Username string `json:"username" binding:"required"`
+		Email    string `json:"email" binding:"required,email"`
+		Password string `json:"password" binding:"required,min=6"`
+	}
+	if err := c.ShouldBindJSON(&req); err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+		return
+	}
+
+	user, err := h.userService.Register(req.Username, req.Email, req.Password, "user")
+	if err != nil {
+		c.JSON(http.StatusConflict, gin.H{"error": err.Error()})
+		return
+	}
+
+	c.JSON(http.StatusCreated, gin.H{
+		"id":       user.ID,
+		"username": user.Username,
+		"email":    user.Email,
+		"role":     user.Role,
+	})
+}
+
+func (h *AuthHandler) LocalLogin(c *gin.Context) {
+	var req struct {
+		Username string `json:"username" binding:"required"`
+		Password string `json:"password" binding:"required"`
+	}
+	if err := c.ShouldBindJSON(&req); err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+		return
+	}
+
+	user, err := h.userService.ValidateLocalLogin(req.Username, req.Password)
+	if err != nil {
+		c.JSON(http.StatusUnauthorized, gin.H{"error": err.Error()})
+		return
+	}
+
+	c.JSON(http.StatusOK, gin.H{
+		"id":       user.ID,
+		"username": user.Username,
+		"email":    user.Email,
+		"role":     user.Role,
+	})
+}
+
+func (h *AuthHandler) LookupBinding(c *gin.Context) {
+	var req struct {
+		KeycloakID string `json:"keycloakId" binding:"required"`
+		Email      string `json:"email"`
+	}
+	if err := c.ShouldBindJSON(&req); err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+		return
+	}
+
+	user, err := h.userService.LookupKeycloakBinding(req.KeycloakID)
+	if err != nil {
+		c.JSON(http.StatusOK, gin.H{"bound": false})
+		return
+	}
+
+	c.JSON(http.StatusOK, gin.H{
+		"bound": true,
+		"user": gin.H{
+			"id":       user.ID,
+			"username": user.Username,
+			"email":    user.Email,
+			"role":     user.Role,
+		},
+	})
+}
+
+func (h *AuthHandler) BindKeycloak(c *gin.Context) {
+	var req struct {
+		Username      string `json:"username" binding:"required"`
+		Password      string `json:"password" binding:"required"`
+		KeycloakID    string `json:"keycloakId" binding:"required"`
+		KeycloakEmail string `json:"keycloakEmail"`
+	}
+	if err := c.ShouldBindJSON(&req); err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+		return
+	}
+
+	user, err := h.userService.BindKeycloak(req.Username, req.Password, req.KeycloakID, req.KeycloakEmail)
+	if err != nil {
+		c.JSON(http.StatusConflict, gin.H{"error": err.Error()})
+		return
+	}
+
+	c.JSON(http.StatusOK, gin.H{
+		"bound": true,
+		"user": gin.H{
+			"id":       user.ID,
+			"username": user.Username,
+			"email":    user.Email,
+			"role":     user.Role,
+		},
+	})
+}
+
+func (h *AuthHandler) InitAdmin(c *gin.Context) {
+	count, err := h.userService.CountUsers()
+	if err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "db error"})
+		return
+	}
+	if count > 0 {
+		c.JSON(http.StatusForbidden, gin.H{"error": "already initialized"})
+		return
+	}
+
+	var req struct {
+		Username string `json:"username" binding:"required"`
+		Email    string `json:"email" binding:"required,email"`
+		Password string `json:"password" binding:"required,min=6"`
+	}
+	if err := c.ShouldBindJSON(&req); err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+		return
+	}
+
+	user, err := h.userService.Register(req.Username, req.Email, req.Password, "admin")
+	if err != nil {
+		c.JSON(http.StatusConflict, gin.H{"error": err.Error()})
+		return
+	}
+
+	c.JSON(http.StatusCreated, gin.H{
+		"id":       user.ID,
+		"username": user.Username,
+		"email":    user.Email,
+		"role":     user.Role,
+	})
+}

backend/internal/handler/health.go

@@ -0,0 +1,32 @@
+package handler
+
+import (
+	"net/http"
+	"time"
+
+	"gorm.io/gorm"
+	"github.com/gin-gonic/gin"
+)
+
+type HealthHandler struct {
+	db *gorm.DB
+}
+
+func NewHealthHandler(db *gorm.DB) *HealthHandler {
+	return &HealthHandler{db: db}
+}
+
+func (h *HealthHandler) Check(c *gin.Context) {
+	sqlDB, err := h.db.DB()
+	if err != nil {
+		c.String(http.StatusInternalServerError, "DB connection error: "+err.Error())
+		return
+	}
+
+	if err := sqlDB.Ping(); err != nil {
+		c.String(http.StatusInternalServerError, "DB unreachable: "+err.Error())
+		return
+	}
+
+	c.String(http.StatusOK, "Database connected. Server time: %s", time.Now().Format(time.RFC3339))
+}