Initial fullstack project setup with Next.js 15, Gin, PostgreSQL and Docker Compose

- Frontend: Next.js 15 (App Router), Auth.js v5, shadcn/ui, MagicUI
- Backend: Go + Gin + GORM with layered architecture
- Auth: Local credentials login with optional Keycloak OAuth binding
- Admin: RBAC user management for admin role
- Dev: Docker Compose with hot reload for both frontend and backend
- Docker: 3-service orchestration (frontend, backend, postgres)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

backend/internal/service/user.go

@@ -0,0 +1,106 @@
+package service
+
+import (
+	"errors"
+
+	"evanpage-backend/internal/domain"
+	"evanpage-backend/internal/repository"
+	"golang.org/x/crypto/bcrypt"
+	"gorm.io/gorm"
+)
+
+type UserService struct {
+	repo *repository.UserRepository
+}
+
+func NewUserService(repo *repository.UserRepository) *UserService {
+	return &UserService{repo: repo}
+}
+
+func (s *UserService) Register(username, email, password, role string) (*domain.User, error) {
+	_, err := s.repo.FindByUsername(username)
+	if err == nil {
+		return nil, errors.New("username already exists")
+	}
+	_, err = s.repo.FindByEmail(email)
+	if err == nil {
+		return nil, errors.New("email already exists")
+	}
+
+	hash, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
+	if err != nil {
+		return nil, err
+	}
+
+	if role == "" {
+		role = "user"
+	}
+
+	user := &domain.User{
+		Username:     username,
+		Email:        email,
+		PasswordHash: string(hash),
+		Role:         role,
+	}
+
+	if err := s.repo.Create(user); err != nil {
+		return nil, err
+	}
+	return user, nil
+}
+
+func (s *UserService) ValidateLocalLogin(username, password string) (*domain.User, error) {
+	user, err := s.repo.FindByUsername(username)
+	if err != nil {
+		if errors.Is(err, gorm.ErrRecordNotFound) {
+			return nil, errors.New("invalid credentials")
+		}
+		return nil, err
+	}
+
+	if err := bcrypt.CompareHashAndPassword([]byte(user.PasswordHash), []byte(password)); err != nil {
+		return nil, errors.New("invalid credentials")
+	}
+
+	return user, nil
+}
+
+func (s *UserService) LookupKeycloakBinding(keycloakID string) (*domain.User, error) {
+	return s.repo.FindByKeycloakID(keycloakID)
+}
+
+func (s *UserService) BindKeycloak(username, password, keycloakID, keycloakEmail string) (*domain.User, error) {
+	user, err := s.ValidateLocalLogin(username, password)
+	if err != nil {
+		return nil, err
+	}
+
+	if user.KeycloakID != nil && *user.KeycloakID != "" && *user.KeycloakID != keycloakID {
+		return nil, errors.New("user already bound to another keycloak account")
+	}
+
+	existing, err := s.repo.FindByKeycloakID(keycloakID)
+	if err == nil && existing.ID != user.ID {
+		return nil, errors.New("keycloak account already bound to another user")
+	}
+
+	user.KeycloakID = &keycloakID
+	user.KeycloakEmail = keycloakEmail
+	if err := s.repo.Update(user); err != nil {
+		return nil, err
+	}
+
+	return user, nil
+}
+
+func (s *UserService) ListUsers() ([]domain.User, error) {
+	return s.repo.ListAll()
+}
+
+func (s *UserService) DeleteUser(id uint) error {
+	return s.repo.Delete(id)
+}
+
+func (s *UserService) CountUsers() (int64, error) {
+	return s.repo.Count()
+}