start working on the frontend side

backend/internal/auth/handler.go

@@ -8,6 +8,7 @@ import (
 	"github.com/atlasos/calypso/internal/common/config"
 	"github.com/atlasos/calypso/internal/common/database"
 	"github.com/atlasos/calypso/internal/common/logger"
+	"github.com/atlasos/calypso/internal/common/password"
 	"github.com/atlasos/calypso/internal/iam"
 	"github.com/gin-gonic/gin"
 	"github.com/golang-jwt/jwt/v5"
@@ -206,11 +207,13 @@ func (h *Handler) ValidateToken(tokenString string) (*iam.User, error) {
 }
 
 // verifyPassword verifies a password against an Argon2id hash
-func (h *Handler) verifyPassword(password, hash string) bool {
-	// TODO: Implement proper Argon2id verification
-	// For now, this is a stub
-	// In production, use golang.org/x/crypto/argon2 and compare hashes
-	return true
+func (h *Handler) verifyPassword(pwd, hash string) bool {
+	valid, err := password.VerifyPassword(pwd, hash)
+	if err != nil {
+		h.logger.Warn("Password verification error", "error", err)
+		return false
+	}
+	return valid
 }
 
 // generateToken generates a JWT token for a user
@@ -235,8 +238,8 @@ func (h *Handler) generateToken(user *iam.User) (string, time.Time, error) {
 
 // createSession creates a session record in the database
 func (h *Handler) createSession(userID, token, ipAddress, userAgent string, expiresAt time.Time) error {
-	// Hash the token for storage
-	tokenHash := hashToken(token)
+	// Hash the token for storage using SHA-256
+	tokenHash := HashToken(token)
 
 	query := `
 		INSERT INTO sessions (user_id, token_hash, ip_address, user_agent, expires_at)
@@ -253,10 +256,4 @@ func (h *Handler) updateLastLogin(userID string) error {
 	return err
 }
 
-// hashToken creates a simple hash of the token for storage
-func hashToken(token string) string {
-	// TODO: Use proper cryptographic hash (SHA-256)
-	// For now, return a placeholder
-	return token[:32] + "..."
-}