12 changed files with 55 additions and 390 deletions
--- a/api/parameters/xsrf_token_cookie.yaml
+++ b/api/parameters/xsrf_token_cookie.yaml
@ -1,4 +1,4 @@
-name: xsrf_token
+name: XSRF-TOKEN
 in: cookie
 required: true
 schema:
--- a/deploy/docker-compose.yml
+++ b/deploy/docker-compose.yml
@ -62,8 +62,6 @@ services:
    environment:
      LOG_LEVEL: ${LOG_LEVEL}
      DATABASE_URL: ${DATABASE_URL}
-      SERVICE_ADDRESS: ${SERVICE_ADDRESS}
-      JWT_PRIVATE_KEY: ${JWT_PRIVATE_KEY}
    ports:
      - "8082:8082"
    depends_on:
--- a/modules/auth/handlers/handlers.go
+++ b/modules/auth/handlers/handlers.go
@ -2,8 +2,6 @@ package handlers

 import (
 	"context"
-	"crypto/rand"
-	"encoding/base64"
 	"fmt"
 	"net/http"
 	auth "nyanimedb/auth"
@ -17,13 +15,15 @@ import (
 	log "github.com/sirupsen/logrus"
 )

+var accessSecret = []byte("my_access_secret_key")
+var refreshSecret = []byte("my_refresh_secret_key")
+
 type Server struct {
 	db *sqlc.Queries
-	JwtPrivateKey string
 }

-func NewServer(db *sqlc.Queries, JwtPrivatekey string) Server {
-	return Server{db: db, JwtPrivateKey: JwtPrivatekey}
+func NewServer(db *sqlc.Queries) Server {
+	return Server{db: db}
 }

 func parseInt64(s string) (int32, error) {
@ -47,15 +47,15 @@ func CheckPassword(password, hash string) (bool, error) {
 	return argon2id.ComparePasswordAndHash(password, hash)
 }

-func (s Server) generateTokens(userID string) (accessToken string, refreshToken string, csrfToken string, err error) {
+func generateTokens(userID string) (accessToken string, refreshToken string, err error) {
 	accessClaims := jwt.MapClaims{
 		"user_id": userID,
 		"exp":     time.Now().Add(15 * time.Minute).Unix(),
 	}
 	at := jwt.NewWithClaims(jwt.SigningMethodHS256, accessClaims)
-	accessToken, err = at.SignedString(s.JwtPrivateKey)
+	accessToken, err = at.SignedString(accessSecret)
 	if err != nil {
-		return "", "", "", err
+		return "", "", err
 	}

 	refreshClaims := jwt.MapClaims{
@ -63,19 +63,12 @@ func (s Server) generateTokens(userID string) (accessToken string, refreshToken
 		"exp":     time.Now().Add(7 * 24 * time.Hour).Unix(),
 	}
 	rt := jwt.NewWithClaims(jwt.SigningMethodHS256, refreshClaims)
-	refreshToken, err = rt.SignedString(s.JwtPrivateKey)
+	refreshToken, err = rt.SignedString(refreshSecret)
 	if err != nil {
-		return "", "", "", err
+		return "", "", err
 	}

-	csrfBytes := make([]byte, 32)
-	_, err = rand.Read(csrfBytes)
-	if err != nil {
-		return "", "", "", err
-	}
-	csrfToken = base64.RawURLEncoding.EncodeToString(csrfBytes)
-
-	return accessToken, refreshToken, csrfToken, nil
+	return accessToken, refreshToken, nil
 }

 func (s Server) PostAuthSignUp(ctx context.Context, req auth.PostAuthSignUpRequestObject) (auth.PostAuthSignUpResponseObject, error) {
@ -125,7 +118,7 @@ func (s Server) PostAuthSignIn(ctx context.Context, req auth.PostAuthSignInReque
 		}, nil
 	}

-	accessToken, refreshToken, csrfToken, err := s.generateTokens(req.Body.Nickname)
+	accessToken, refreshToken, err := generateTokens(req.Body.Nickname)
 	if err != nil {
 		log.Errorf("failed to generate tokens for user %s: %v", req.Body.Nickname, err)
 		// TODO: return 500
@ -133,9 +126,8 @@ func (s Server) PostAuthSignIn(ctx context.Context, req auth.PostAuthSignInReque

 	// TODO: check cookie settings carefully
 	ginCtx.SetSameSite(http.SameSiteStrictMode)
-	ginCtx.SetCookie("access_token", accessToken, 900, "/api", "", false, true)
-	ginCtx.SetCookie("refresh_token", refreshToken, 1209600, "/auth", "", false, true)
-	ginCtx.SetCookie("xsrf_token", csrfToken, 1209600, "/api", "", false, false)
+	ginCtx.SetCookie("access_token", accessToken, 604800, "/auth", "", false, true)
+	ginCtx.SetCookie("refresh_token", refreshToken, 604800, "/api", "", false, true)

 	result := auth.PostAuthSignIn200JSONResponse{
 		UserId:   user.ID,
--- a/modules/auth/helpers.go
+++ b/modules/auth/helpers.go
@ -1,33 +0,0 @@
-package main
-
-import (
-	"fmt"
-	"reflect"
-)
-
-func setField(obj interface{}, name string, value interface{}) error {
-	v := reflect.ValueOf(obj)
-
-	if v.Kind() != reflect.Ptr || v.Elem().Kind() != reflect.Struct {
-		return fmt.Errorf("expected pointer to a struct")
-	}
-
-	v = v.Elem()
-	field := v.FieldByName(name)
-
-	if !field.IsValid() {
-		return fmt.Errorf("no such field: %s", name)
-	}
-	if !field.CanSet() {
-		return fmt.Errorf("cannot set field: %s", name)
-	}
-
-	val := reflect.ValueOf(value)
-
-	if field.Type() != val.Type() {
-		return fmt.Errorf("provided value type (%s) doesn't match field type (%s)", val.Type(), field.Type())
-	}
-
-	field.Set(val)
-	return nil
-}
--- a/modules/auth/main.go
+++ b/modules/auth/main.go
@ -4,7 +4,6 @@ import (
 	"context"
 	"fmt"
 	"os"
-	"reflect"
 	"time"

 	auth "nyanimedb/auth"
@ -14,24 +13,12 @@ import (
 	"github.com/gin-contrib/cors"
 	"github.com/gin-gonic/gin"
 	"github.com/jackc/pgx/v5/pgxpool"
-	"github.com/pelletier/go-toml/v2"
-	log "github.com/sirupsen/logrus"
 )

 var AppConfig Config

 func main() {
-	if len(os.Args) != 2 {
-		AppConfig.Mode = "env"
-	} else {
-		AppConfig.Mode = "argv"
-	}
-
-	err := InitConfig()
-	if err != nil {
-		log.Fatalf("Failed to init config: %v\n", err)
-	}
-
+	// TODO: env args
 	r := gin.Default()

 	pool, err := pgxpool.New(context.Background(), os.Getenv("DATABASE_URL"))
@ -42,10 +29,10 @@ func main() {

 	var queries *sqlc.Queries = sqlc.New(pool)

-	server := handlers.NewServer(queries, AppConfig.JwtPrivateKey)
+	server := handlers.NewServer(queries)

 	r.Use(cors.New(cors.Config{
-		AllowOrigins:     []string{AppConfig.ServiceAddress},
+		AllowOrigins:     []string{"*"}, // allow all origins, change to specific domains in production
 		AllowMethods:     []string{"GET", "POST", "PUT", "DELETE"},
 		AllowHeaders:     []string{"Origin", "Content-Type", "Accept"},
 		ExposeHeaders:    []string{"Content-Length"},
@ -60,41 +47,3 @@ func main() {

 	r.Run(":8082")
 }
-
-func InitConfig() error {
-	if AppConfig.Mode == "argv" {
-		content, err := os.ReadFile(os.Args[1])
-		if err != nil {
-			return err
-		}
-
-		toml.Unmarshal(content, &AppConfig)
-
-		fmt.Printf("%+v\n", AppConfig)
-
-		return nil
-	} else if AppConfig.Mode == "env" {
-		f := reflect.ValueOf(AppConfig)
-
-		for i := 0; i < f.NumField(); i++ {
-			field := f.Type().Field(i)
-			tag := field.Tag
-			env_var := tag.Get("env")
-			fmt.Printf("Field: %v.\nEnvironment variable: %v.\n", field.Name, env_var)
-			if env_var != "" {
-				env_value, exists := os.LookupEnv(env_var)
-				if !exists {
-					return fmt.Errorf("there is no env variable %s", env_var)
-				}
-				err := setField(&AppConfig, field.Name, env_value)
-				if err != nil {
-					return fmt.Errorf("failed to set config field %s: %v", field.Name, err)
-				}
-			}
-		}
-
-		return nil
-	} else {
-		return fmt.Errorf("incorrect config mode")
-	}
-}
--- a/modules/auth/types.go
+++ b/modules/auth/types.go
@ -1,9 +1,6 @@
 package main

 type Config struct {
-	Mode           string
-	ServiceAddress string `toml:"ServiceAddress" env:"SERVICE_ADDRESS"`
-	DdUrl          string `toml:"DbUrl" env:"DATABASE_URL"`
-	JwtPrivateKey  string `toml:"JwtPrivateKey" env:"JWT_PRIVATE_KEY"`
+	JwtPrivateKey string
 	LogLevel      string `toml:"LogLevel" env:"LOG_LEVEL"`
 }
--- a/modules/backend/main.go
+++ b/modules/backend/main.go
@ -25,18 +25,18 @@ import (
 var AppConfig Config

 func main() {
-	if len(os.Args) != 2 {
-		AppConfig.Mode = "env"
-	} else {
-		AppConfig.Mode = "argv"
-	}
+	// if len(os.Args) != 2 {
+	// 	AppConfig.Mode = "env"
+	// } else {
+	// 	AppConfig.Mode = "argv"
+	// }

-	err := InitConfig()
-	if err != nil {
-		log.Fatalf("Failed to init config: %v\n", err)
-	}
+	// err := InitConfig()
+	// if err != nil {
+	// 	log.Fatalf("Failed to init config: %v\n", err)
+	// }

-	pool, err := pgxpool.New(context.Background(), AppConfig.DdUrl)
+	pool, err := pgxpool.New(context.Background(), os.Getenv("DATABASE_URL"))
 	if err != nil {
 		fmt.Fprintf(os.Stderr, "Unable to connect to database: %v\n", err)
 		os.Exit(1)
@ -47,11 +47,16 @@ func main() {
 	r := gin.Default()

 	r.Use(middleware.CSRFMiddleware())
-	r.Use(middleware.JWTAuthMiddleware(AppConfig.JwtPrivateKey))
-
+	// jwt middle will be here
 	queries := sqlc.New(pool)

-	rmqConn, err := amqp091.Dial(AppConfig.rmqURL)
+	// === RabbitMQ setup ===
+	rmqURL := os.Getenv("RABBITMQ_URL")
+	if rmqURL == "" {
+		rmqURL = "amqp://guest:guest@rabbitmq:5672/"
+	}
+
+	rmqConn, err := amqp091.Dial(rmqURL)
 	if err != nil {
 		log.Fatalf("Failed to connect to RabbitMQ: %v", err)
 	}
@ -63,7 +68,7 @@ func main() {
 	server := handlers.NewServer(queries, publisher, rpcClient)

 	r.Use(cors.New(cors.Config{
-		AllowOrigins:     []string{AppConfig.ServiceAddress},
+		AllowOrigins:     []string{"*"}, // allow all origins, change to specific domains in production
 		AllowMethods:     []string{"GET", "POST", "PUT", "DELETE", "PATCH"},
 		AllowHeaders:     []string{"Origin", "Content-Type", "Accept"},
 		ExposeHeaders:    []string{"Content-Length"},
@ -73,7 +78,7 @@ func main() {

 	oapi.RegisterHandlers(r, oapi.NewStrictHandler(
 		server,
-
+		// сюда можно добавить middlewares, если нужно
 		[]oapi.StrictMiddlewareFunc{},
 	))

--- a/modules/backend/middlewares/access.go
+++ b/modules/backend/middlewares/access.go
@ -1,109 +0,0 @@
-package middleware
-
-import (
-	"context"
-	"errors"
-	"net/http"
-
-	"github.com/gin-gonic/gin"
-	"github.com/golang-jwt/jwt/v5"
-)
-
-// ctxKey — приватный тип для ключа контекста
-type ctxKey struct{}
-
-// ginContextKey — уникальный ключ для хранения *gin.Context
-var ginContextKey = &ctxKey{}
-
-// GinContextToContext сохраняет *gin.Context в context.Context запроса
-func GinContextToContext(c *gin.Context) {
-	ctx := context.WithValue(c.Request.Context(), ginContextKey, c)
-	c.Request = c.Request.WithContext(ctx)
-}
-
-// GinContextFromContext извлекает *gin.Context из context.Context
-func GinContextFromContext(ctx context.Context) (*gin.Context, bool) {
-	ginCtx, ok := ctx.Value(ginContextKey).(*gin.Context)
-	return ginCtx, ok
-}
-
-func JWTAuthMiddleware(secret string) gin.HandlerFunc {
-	return func(c *gin.Context) {
-		// 1. Получаем access_token из cookie
-		tokenStr, err := c.Cookie("access_token")
-		if err != nil {
-			abortWithJSON(c, http.StatusUnauthorized, "missing access_token cookie")
-			return
-		}
-
-		// 2. Парсим токен с MapClaims
-		token, err := jwt.Parse(tokenStr, func(t *jwt.Token) (interface{}, error) {
-			if t.Method != jwt.SigningMethodHS256 {
-				return nil, errors.New("unexpected signing method: " + t.Method.Alg())
-			}
-			return []byte(secret), nil // ← конвертируем string → []byte
-		})
-		if err != nil {
-			abortWithJSON(c, http.StatusUnauthorized, "invalid token: "+err.Error())
-			return
-		}
-
-		// 3. Проверяем валидность
-		if !token.Valid {
-			abortWithJSON(c, http.StatusUnauthorized, "token is invalid")
-			return
-		}
-
-		// 4. Извлекаем user_id из claims
-		claims, ok := token.Claims.(jwt.MapClaims)
-		if !ok {
-			abortWithJSON(c, http.StatusUnauthorized, "invalid claims format")
-			return
-		}
-
-		userID, ok := claims["user_id"].(string)
-		if !ok || userID == "" {
-			abortWithJSON(c, http.StatusUnauthorized, "user_id claim missing or invalid")
-			return
-		}
-
-		// 5. Сохраняем в контексте
-		c.Set("user_id", userID)
-
-		// 6. Для oapi-codegen — кладём gin.Context в request context
-		GinContextToContext(c)
-
-		c.Next()
-	}
-}
-
-// Вспомогательные функции (без изменений)
-func UserIDFromGin(c *gin.Context) (string, bool) {
-	id, exists := c.Get("user_id")
-	if !exists {
-		return "", false
-	}
-	if s, ok := id.(string); ok {
-		return s, true
-	}
-	return "", false
-}
-
-func UserIDFromContext(ctx context.Context) (string, error) {
-	ginCtx, ok := GinContextFromContext(ctx)
-	if !ok {
-		return "", errors.New("gin context not found")
-	}
-	userID, ok := UserIDFromGin(ginCtx)
-	if !ok {
-		return "", errors.New("user_id not found in context")
-	}
-	return userID, nil
-}
-
-func abortWithJSON(c *gin.Context, code int, message string) {
-	c.AbortWithStatusJSON(code, gin.H{
-		"error":   "unauthorized",
-		"message": message,
-	})
-}
--- a/modules/backend/types.go
+++ b/modules/backend/types.go
@ -2,9 +2,11 @@ package main

 type Config struct {
 	Mode     string
-	ServiceAddress string `toml:"ServiceAddress" env:"SERVICE_ADDRESS"`
-	DdUrl          string `toml:"DbUrl" env:"DATABASE_URL"`
-	JwtPrivateKey  string `toml:"JwtPrivateKey" env:"JWT_PRIVATE_KEY"`
 	LogLevel string `toml:"LogLevel" env:"LOG_LEVEL"`
-	rmqURL         string `toml:"RabbitMQUrl" env:"RABBITMQ_URL"`
+}
+
+type Item struct {
+	ID          int    `json:"id"`
+	Title       string `json:"title"`
+	Description string `json:"description"`
 }
--- a/modules/frontend/src/api/services/DefaultService.ts
+++ b/modules/frontend/src/api/services/DefaultService.ts
@ -20,7 +20,6 @@ export class DefaultService {
     * @param cursor
     * @param sort
     * @param sortForward
-     * @param extSearch
     * @param word
     * @param status List of title statuses to filter
     * @param rating
@ -36,7 +35,6 @@ export class DefaultService {
        cursor?: string,
        sort?: TitleSort,
        sortForward: boolean = true,
-        extSearch: boolean = false,
        word?: string,
        status?: Array<TitleStatus>,
        rating?: number,
@ -59,7 +57,6 @@ export class DefaultService {
                'cursor': cursor,
                'sort': sort,
                'sort_forward': sortForward,
-                'ext_search': extSearch,
                'word': word,
                'status': status,
                'rating': rating,
--- a/modules/frontend/src/components/TitlesFilterPanel/TitlesFilterPanel.tsx
+++ b/modules/frontend/src/components/TitlesFilterPanel/TitlesFilterPanel.tsx
@ -1,122 +0,0 @@
-import { useState } from "react";
-import type { TitleStatus, ReleaseSeason } from "../../api";
-import { ChevronDownIcon, ChevronUpIcon } from "@heroicons/react/24/solid";
-
-export type TitlesFilter = {
-  extSearch: boolean;
-  status: TitleStatus | "";
-  rating: number | "";
-  releaseYear: number | "";
-  releaseSeason: ReleaseSeason | "";
-};
-
-type TitlesFilterPanelProps = {
-  filters: TitlesFilter;
-  setFilters: (filters: TitlesFilter) => void;
-};
-
-const STATUS_OPTIONS: (TitleStatus | "")[] = ["", "planned", "finished", "ongoing"];
-const SEASON_OPTIONS: (ReleaseSeason | "")[] = ["", "winter", "spring", "summer", "fall"];
-const RATING_OPTIONS = ["", 1, 2, 3, 4, 5, 6, 7, 8, 9, 10];
-
-export function TitlesFilterPanel({ filters, setFilters }: TitlesFilterPanelProps) {
-  const [open, setOpen] = useState(false);
-
-  const handleChange = (field: keyof TitlesFilter, value: any) => {
-    setFilters({ ...filters, [field]: value });
-  };
-
-  return (
-    <div className="w-full flex justify-center my-4">
-      <div className="bg-white shadow rounded-lg w-full max-w-3xl p-4">
-        {/* Заголовок панели */}
-        <div
-          className="flex justify-between items-center cursor-pointer"
-          onClick={() => setOpen((prev) => !prev)}
-        >
-          <h3 className="text-lg font-medium">Filters</h3>
-          {open ? <ChevronUpIcon className="w-5 h-5" /> : <ChevronDownIcon className="w-5 h-5" />}
-        </div>
-
-        {/* Контент панели */}
-        {open && (
-          <div className="mt-4 grid grid-cols-2 sm:grid-cols-3 gap-4">
-            {/* Extended Search */}
-            <div className="flex items-center gap-2">
-              <input
-                type="checkbox"
-                id="extSearch"
-                checked={filters.extSearch}
-                onChange={(e) => handleChange("extSearch", e.target.checked)}
-                className="w-4 h-4"
-              />
-              <label htmlFor="extSearch" className="text-sm">
-                Extended Search
-              </label>
-            </div>
-
-            {/* Status */}
-            <div className="flex flex-col">
-              <label htmlFor="status" className="text-sm mb-1">Status</label>
-              <select
-                id="status"
-                value={filters.status}
-                onChange={(e) => handleChange("status", e.target.value || "")}
-                className="border rounded px-2 py-1"
-              >
-                {STATUS_OPTIONS.map((s) => (
-                  <option key={s || "all"} value={s}>{s || "All"}</option>
-                ))}
-              </select>
-            </div>
-
-            {/* Rating */}
-            <div className="flex flex-col">
-              <label htmlFor="rating" className="text-sm mb-1">Rating</label>
-              <select
-                id="rating"
-                value={filters.rating}
-                onChange={(e) => handleChange("rating", e.target.value ? Number(e.target.value) : "")}
-                className="border rounded px-2 py-1"
-              >
-                {RATING_OPTIONS.map((r) => (
-                  <option key={r} value={r}>{r || "All"}</option>
-                ))}
-              </select>
-            </div>
-
-            {/* Release Year */}
-            <div className="flex flex-col">
-              <label htmlFor="releaseYear" className="text-sm mb-1">Release Year</label>
-              <input
-                type="number"
-                id="releaseYear"
-                value={filters.releaseYear || ""}
-                onChange={(e) =>
-                  handleChange("releaseYear", e.target.value ? Number(e.target.value) : "")
-                }
-                className="border rounded px-2 py-1"
-                placeholder="Any"
-              />
-            </div>
-
-            {/* Release Season */}
-            <div className="flex flex-col">
-              <label htmlFor="releaseSeason" className="text-sm mb-1">Release Season</label>
-              <select
-                id="releaseSeason"
-                value={filters.releaseSeason}
-                onChange={(e) => handleChange("releaseSeason", e.target.value || "")}
-                className="border rounded px-2 py-1"
-              >
-                {SEASON_OPTIONS.map((s) => (
-                  <option key={s || "all"} value={s}>{s || "All"}</option>
-                ))}
-              </select>
-            </div>
-          </div>
-        )}
-      </div>
-    </div>
-  );
-}
--- a/modules/frontend/src/pages/TitlesPage/TitlesPage.tsx
+++ b/modules/frontend/src/pages/TitlesPage/TitlesPage.tsx
@ -8,7 +8,6 @@ import { TitleCardHorizontal } from "../../components/cards/TitleCardHorizontal"
 import type { CursorObj, Title, TitleSort } from "../../api";
 import { LayoutSwitch } from "../../components/LayoutSwitch/LayoutSwitch";
 import { Link } from "react-router-dom";
-import { type TitlesFilter, TitlesFilterPanel } from "../../components/TitlesFilterPanel/TitlesFilterPanel";

 const PAGE_SIZE = 10;

@ -23,14 +22,6 @@ export default function TitlesPage() {
  const [sortForward, setSortForward] = useState(true);
  const [layout, setLayout] = useState<"square" | "horizontal">("square");

-  const [filters, setFilters] = useState<TitlesFilter>({
-    extSearch: false,
-    status: "",
-    rating: "",
-    releaseYear: "",
-    releaseSeason: "",
-  });
-
  const fetchPage = async (cursorObj: CursorObj | null) => {
    const cursorStr = cursorObj ? btoa(JSON.stringify(cursorObj)).replace(/\+/g, '-').replace(/\//g, '_').replace(/=+$/, '') : "";

@ -39,14 +30,13 @@ export default function TitlesPage() {
        cursorStr,
        sort,
        sortForward,
-        filters.extSearch,
        search.trim() || undefined,
-        filters.status ? [filters.status] : undefined,
-        filters.rating || undefined,
-        filters.releaseYear || undefined,
-        filters.releaseSeason || undefined,
-        PAGE_SIZE,
+        undefined,
+        undefined,
+        undefined,
+        undefined,
        PAGE_SIZE,
+        undefined,
        "all"
      );

@ -83,7 +73,7 @@ export default function TitlesPage() {
    };

    initLoad();
-  }, [search, sort, sortForward, filters]);
+  }, [search, sort, sortForward]);


 const handleLoadMore = async () => {
@ -131,7 +121,6 @@ const handleLoadMore = async () => {
          setSortForward={setSortForward}
        />
      </div>
-       <TitlesFilterPanel filters={filters} setFilters={setFilters} />

      {loading && <div className="mt-20 font-medium text-black">Loading...</div>}