Merge branch 'game-entry'

11 files changed, 502 insertions, 76 deletions

diff --git a/backend/api/generated.go b/backend/api/generated.go
index 1abdf73..921f4b3 100644
--- a/backend/api/generated.go
+++ b/backend/api/generated.go
@@ -17,32 +17,73 @@ import (
 
 	"github.com/getkin/kin-openapi/openapi3"
 	"github.com/labstack/echo/v4"
+	"github.com/oapi-codegen/runtime"
 	strictecho "github.com/oapi-codegen/runtime/strictmiddleware/echo"
 )
 
+// Defines values for GameState.
+const (
+	Closed         GameState = "closed"
+	Finished       GameState = "finished"
+	Gaming         GameState = "gaming"
+	Prepare        GameState = "prepare"
+	Starting       GameState = "starting"
+	WaitingEntries GameState = "waiting_entries"
+	WaitingStart   GameState = "waiting_start"
+)
+
+// Game defines model for Game.
+type Game struct {
+	DisplayName     string    `json:"display_name"`
+	DurationSeconds int       `json:"duration_seconds"`
+	GameId          int       `json:"game_id"`
+	Problem         *Problem  `json:"problem,omitempty"`
+	StartedAt       *int      `json:"started_at,omitempty"`
+	State           GameState `json:"state"`
+}
+
+// GameState defines model for Game.State.
+type GameState string
+
 // JwtPayload defines model for JwtPayload.
 type JwtPayload struct {
 	DisplayName string  `json:"display_name"`
-	IconPath    *string `json:"icon_path"`
+	IconPath    *string `json:"icon_path,omitempty"`
 	IsAdmin     bool    `json:"is_admin"`
-	UserId      float32 `json:"user_id"`
+	UserId      int     `json:"user_id"`
 	Username    string  `json:"username"`
 }
 
-// PostApiLoginJSONBody defines parameters for PostApiLogin.
-type PostApiLoginJSONBody struct {
+// Problem defines model for Problem.
+type Problem struct {
+	Description string `json:"description"`
+	ProblemId   int    `json:"problem_id"`
+	Title       string `json:"title"`
+}
+
+// GetGamesParams defines parameters for GetGames.
+type GetGamesParams struct {
+	PlayerId      *int   `form:"player_id,omitempty" json:"player_id,omitempty"`
+	Authorization string `json:"Authorization"`
+}
+
+// PostLoginJSONBody defines parameters for PostLogin.
+type PostLoginJSONBody struct {
 	Password string `json:"password"`
 	Username string `json:"username"`
 }
 
-// PostApiLoginJSONRequestBody defines body for PostApiLogin for application/json ContentType.
-type PostApiLoginJSONRequestBody PostApiLoginJSONBody
+// PostLoginJSONRequestBody defines body for PostLogin for application/json ContentType.
+type PostLoginJSONRequestBody PostLoginJSONBody
 
 // ServerInterface represents all server handlers.
 type ServerInterface interface {
+	// List games
+	// (GET /games)
+	GetGames(ctx echo.Context, params GetGamesParams) error
 	// User login
-	// (POST /api/login)
-	PostApiLogin(ctx echo.Context) error
+	// (POST /login)
+	PostLogin(ctx echo.Context) error
 }
 
 // ServerInterfaceWrapper converts echo contexts to parameters.
@@ -50,12 +91,49 @@ type ServerInterfaceWrapper struct {
 	Handler ServerInterface
 }
 
-// PostApiLogin converts echo context to params.
-func (w *ServerInterfaceWrapper) PostApiLogin(ctx echo.Context) error {
+// GetGames converts echo context to params.
+func (w *ServerInterfaceWrapper) GetGames(ctx echo.Context) error {
 	var err error
 
+	// Parameter object where we will unmarshal all parameters from the context
+	var params GetGamesParams
+	// ------------- Optional query parameter "player_id" -------------
+
+	err = runtime.BindQueryParameter("form", true, false, "player_id", ctx.QueryParams(), &params.PlayerId)
+	if err != nil {
+		return echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("Invalid format for parameter player_id: %s", err))
+	}
+
+	headers := ctx.Request().Header
+	// ------------- Required header parameter "Authorization" -------------
+	if valueList, found := headers[http.CanonicalHeaderKey("Authorization")]; found {
+		var Authorization string
+		n := len(valueList)
+		if n != 1 {
+			return echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("Expected one value for Authorization, got %d", n))
+		}
+
+		err = runtime.BindStyledParameterWithOptions("simple", "Authorization", valueList[0], &Authorization, runtime.BindStyledParameterOptions{ParamLocation: runtime.ParamLocationHeader, Explode: false, Required: true})
+		if err != nil {
+			return echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("Invalid format for parameter Authorization: %s", err))
+		}
+
+		params.Authorization = Authorization
+	} else {
+		return echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("Header parameter Authorization is required, but not found"))
+	}
+
 	// Invoke the callback with all the unmarshaled arguments
-	err = w.Handler.PostApiLogin(ctx)
+	err = w.Handler.GetGames(ctx, params)
+	return err
+}
+
+// PostLogin converts echo context to params.
+func (w *ServerInterfaceWrapper) PostLogin(ctx echo.Context) error {
+	var err error
+
+	// Invoke the callback with all the unmarshaled arguments
+	err = w.Handler.PostLogin(ctx)
 	return err
 }
 
@@ -87,34 +165,65 @@ func RegisterHandlersWithBaseURL(router EchoRouter, si ServerInterface, baseURL
 		Handler: si,
 	}
 
-	router.POST(baseURL+"/api/login", wrapper.PostApiLogin)
+	router.GET(baseURL+"/games", wrapper.GetGames)
+	router.POST(baseURL+"/login", wrapper.PostLogin)
+
+}
+
+type GetGamesRequestObject struct {
+	Params GetGamesParams
+}
+
+type GetGamesResponseObject interface {
+	VisitGetGamesResponse(w http.ResponseWriter) error
+}
+
+type GetGames200JSONResponse struct {
+	Games []Game `json:"games"`
+}
+
+func (response GetGames200JSONResponse) VisitGetGamesResponse(w http.ResponseWriter) error {
+	w.Header().Set("Content-Type", "application/json")
+	w.WriteHeader(200)
+
+	return json.NewEncoder(w).Encode(response)
+}
+
+type GetGames403JSONResponse struct {
+	Message string `json:"message"`
+}
+
+func (response GetGames403JSONResponse) VisitGetGamesResponse(w http.ResponseWriter) error {
+	w.Header().Set("Content-Type", "application/json")
+	w.WriteHeader(403)
 
+	return json.NewEncoder(w).Encode(response)
 }
 
-type PostApiLoginRequestObject struct {
-	Body *PostApiLoginJSONRequestBody
+type PostLoginRequestObject struct {
+	Body *PostLoginJSONRequestBody
 }
 
-type PostApiLoginResponseObject interface {
-	VisitPostApiLoginResponse(w http.ResponseWriter) error
+type PostLoginResponseObject interface {
+	VisitPostLoginResponse(w http.ResponseWriter) error
 }
 
-type PostApiLogin200JSONResponse struct {
+type PostLogin200JSONResponse struct {
 	Token string `json:"token"`
 }
 
-func (response PostApiLogin200JSONResponse) VisitPostApiLoginResponse(w http.ResponseWriter) error {
+func (response PostLogin200JSONResponse) VisitPostLoginResponse(w http.ResponseWriter) error {
 	w.Header().Set("Content-Type", "application/json")
 	w.WriteHeader(200)
 
 	return json.NewEncoder(w).Encode(response)
 }
 
-type PostApiLogin401JSONResponse struct {
+type PostLogin401JSONResponse struct {
 	Message string `json:"message"`
 }
 
-func (response PostApiLogin401JSONResponse) VisitPostApiLoginResponse(w http.ResponseWriter) error {
+func (response PostLogin401JSONResponse) VisitPostLoginResponse(w http.ResponseWriter) error {
 	w.Header().Set("Content-Type", "application/json")
 	w.WriteHeader(401)
 
@@ -123,9 +232,12 @@ func (response PostApiLogin401JSONResponse) VisitPostApiLoginResponse(w http.Res
 
 // StrictServerInterface represents all server handlers.
 type StrictServerInterface interface {
+	// List games
+	// (GET /games)
+	GetGames(ctx context.Context, request GetGamesRequestObject) (GetGamesResponseObject, error)
 	// User login
-	// (POST /api/login)
-	PostApiLogin(ctx context.Context, request PostApiLoginRequestObject) (PostApiLoginResponseObject, error)
+	// (POST /login)
+	PostLogin(ctx context.Context, request PostLoginRequestObject) (PostLoginResponseObject, error)
 }
 
 type StrictHandlerFunc = strictecho.StrictEchoHandlerFunc
@@ -140,29 +252,54 @@ type strictHandler struct {
 	middlewares []StrictMiddlewareFunc
 }
 
-// PostApiLogin operation middleware
-func (sh *strictHandler) PostApiLogin(ctx echo.Context) error {
-	var request PostApiLoginRequestObject
+// GetGames operation middleware
+func (sh *strictHandler) GetGames(ctx echo.Context, params GetGamesParams) error {
+	var request GetGamesRequestObject
+
+	request.Params = params
+
+	handler := func(ctx echo.Context, request interface{}) (interface{}, error) {
+		return sh.ssi.GetGames(ctx.Request().Context(), request.(GetGamesRequestObject))
+	}
+	for _, middleware := range sh.middlewares {
+		handler = middleware(handler, "GetGames")
+	}
+
+	response, err := handler(ctx, request)
+
+	if err != nil {
+		return err
+	} else if validResponse, ok := response.(GetGamesResponseObject); ok {
+		return validResponse.VisitGetGamesResponse(ctx.Response())
+	} else if response != nil {
+		return fmt.Errorf("unexpected response type: %T", response)
+	}
+	return nil
+}
+
+// PostLogin operation middleware
+func (sh *strictHandler) PostLogin(ctx echo.Context) error {
+	var request PostLoginRequestObject
 
-	var body PostApiLoginJSONRequestBody
+	var body PostLoginJSONRequestBody
 	if err := ctx.Bind(&body); err != nil {
 		return err
 	}
 	request.Body = &body
 
 	handler := func(ctx echo.Context, request interface{}) (interface{}, error) {
-		return sh.ssi.PostApiLogin(ctx.Request().Context(), request.(PostApiLoginRequestObject))
+		return sh.ssi.PostLogin(ctx.Request().Context(), request.(PostLoginRequestObject))
 	}
 	for _, middleware := range sh.middlewares {
-		handler = middleware(handler, "PostApiLogin")
+		handler = middleware(handler, "PostLogin")
 	}
 
 	response, err := handler(ctx, request)
 
 	if err != nil {
 		return err
-	} else if validResponse, ok := response.(PostApiLoginResponseObject); ok {
-		return validResponse.VisitPostApiLoginResponse(ctx.Response())
+	} else if validResponse, ok := response.(PostLoginResponseObject); ok {
+		return validResponse.VisitPostLoginResponse(ctx.Response())
 	} else if response != nil {
 		return fmt.Errorf("unexpected response type: %T", response)
 	}
@@ -172,15 +309,20 @@ func (sh *strictHandler) PostApiLogin(ctx echo.Context) error {
 // Base64 encoded, gzipped, json marshaled Swagger object
 var swaggerSpec = []string{
 
-	"H4sIAAAAAAAC/6RSwY7aQAz9lcjnKITdnnKj6oVVD0hVT1WFnMTA0Ik9HU+WjVb592qSEkhB2kpwAGbm",
-	"+dnv+b1DJY0TJg4KxTtodaAGh78vp7DBzgrW8eS8OPLB0PBWG3UWuy1jQ/FMb9g4S1DAixw4+SIEKYTO",
-	"xRsN3vAe+hRMJbx1GA7zkoVpcE+6OMqBs6PbQwrcWotlfA2+pXtUusW6MTxj2qHVC7gUsYQc0a2S35p6",
-	"Bl4+PU9QbpuS/Bl5KypOdiuoT8HT79Z4qqH4MTW5IknnRl2N/XNik/JIVYA+0hneSewcTBj6rmyJwYtq",
-	"YjhETpucqExWmzWk8EpejTAUkGfLLI/TiyNGZ6CA5yzPckghuj1sbIHOLKzsR8ucaIi/cacYjPC6hgI2",
-	"omHlzNcBNYojDZ+l7iK2Eg7EQxk6Z001FC6OKnxJzm1UHKqexM/Nn26XT8/3kvLgGv66PbW+7/alKoZs",
-	"uFAnrOPcT3n+gOogv2geTniLn+zq+0MpI8n94WvSyhsXxgR8a6uKVHettV2CbTgQhzgq1dHNT/nyASkN",
-	"qeL+n1Ws+RWtqZPKUx17odUP5ZyJ/kfQmf+8zUR8Mq0zwrVtGvQdFPBdySdjsvu+7/8EAAD//3hNTqrS",
-	"BAAA",
+	"H4sIAAAAAAAC/6xUTW/jNhD9K8K0R8FW4iDY+pai6CKLPRhoe1oExlgcS0wlkssZJesG+u8FqQ9btoqk",
+	"SHKIZGo+3nvzOC+Q29pZQ0YY1i/AeUk1xtfPWFN4Om8dedEUT5VmV+Fha/qv9ANrVxGsY3xyBSnIwYXf",
+	"LF6bAtoUVONRtDVbptwaxZO81W02pmgjVJAPOQXWtNVqEno1F+i83VVUh8CfPe1hDT8tj5yWPaHlpg9r",
+	"U2BBL6S2KJPqv9zc3n66+ZTNwmFB6fiapob1N8gry6QghWfUok2xJSM+aHQ8iX0gICSHnqDvHESJ/LqX",
+	"vTaaS1LwkJ6IibnoJ7oUs03B0/dGe1IBxaDSADCdzmdG+oexpN09Ui6B3Jdn2eChsqj+z7y/2NIkv1ma",
+	"m7jOrdk6lHKastQ1FsTLR1uaxaMrZlN5i6rWZpK5x4ppDN5ZWxGaEN0w+QubXK/mRhhCL1kEKK/KPHQ5",
+	"KXKh9Ih7TuHN0aRn8hLnXrswoimuP0vNieYEk8HgM1r1n950T0RLdca9RzV3ac8EOGk0VEon2C9JhxLa",
+	"7G1o2feGu2qH4i1zEoB5g1XyTLvkbnMPKTyR5ygDZIurRRYwW0cGnYY1rBbZIgt3CaWMwi2D9eNbQfEe",
+	"B1Wj1e9VWEYkn2NASPFYk5BnWH97geAs+N6QP0AKnR8gzHGYcLcwIuozDdu0zy4JFflj+l0jpfX6n9ge",
+	"TpUT39BMyVHlhxDMzhruuFxnWXjk1giZSAudq3QeKy8fuXPJsd7UTKMkWqjm1zZi3O/tODf0Hg+zC4b/",
+	"Y7oT78JXzZLYfdJltCncZKt3cKmJGYszw/5u/U4rRSYZp/2qdYdCb+Ew1o9VuKlr9IeBW0+sTWFZ2aJb",
+	"UM7yjPk2luVrDOmgEMuvVh3eoYZD5mfrp9d8PL26Xs1th3cuvH6vja3nBZx6vf1QP4v9m87W4o/wtzj5",
+	"/yqVrshbpv9Hk+fEvG+q6pBgIyUZCVBJdXa++mg735snrLRKck8q9MKKP9TOQ/1hmon1yTjOqcP/YvJJ",
+	"Z+u2bdt/AwAA//+RpToKFwoAAA==",
 }
 
 // GetSwagger returns the content of the embedded swagger specification file
diff --git a/backend/api/handlers.go b/backend/api/handlers.go
index c435d72..9856ce9 100644
--- a/backend/api/handlers.go
+++ b/backend/api/handlers.go
@@ -3,6 +3,7 @@ package api
 import (
 	"context"
 	"net/http"
+	"strings"
 
 	"github.com/labstack/echo/v4"
 
@@ -10,6 +11,8 @@ import (
 	"github.com/nsfisis/iosdc-2024-albatross-backend/db"
 )
 
+var _ StrictServerInterface = (*ApiHandler)(nil)
+
 type ApiHandler struct {
 	q *db.Queries
 }
@@ -20,43 +23,148 @@ func NewHandler(queries *db.Queries) *ApiHandler {
 	}
 }
 
-func (h *ApiHandler) PostApiLogin(ctx context.Context, request PostApiLoginRequestObject) (PostApiLoginResponseObject, error) {
+func (h *ApiHandler) PostLogin(ctx context.Context, request PostLoginRequestObject) (PostLoginResponseObject, error) {
 	username := request.Body.Username
 	password := request.Body.Password
 	userId, err := auth.Login(ctx, h.q, username, password)
 	if err != nil {
-		return PostApiLogin401JSONResponse{
+		return PostLogin401JSONResponse{
 			Message: "Invalid username or password",
-		}, echo.NewHTTPError(http.StatusUnauthorized, "Invalid username or password")
+		}, nil
 	}
 
 	user, err := h.q.GetUserById(ctx, int32(userId))
 	if err != nil {
-		return PostApiLogin401JSONResponse{
+		return PostLogin401JSONResponse{
 			Message: "Invalid username or password",
-		}, echo.NewHTTPError(http.StatusUnauthorized, "Invalid username or password")
+		}, nil
 	}
 
 	jwt, err := auth.NewJWT(&user)
 	if err != nil {
 		// TODO
-		return PostApiLogin401JSONResponse{
-			Message: "Internal Server Error",
-		}, echo.NewHTTPError(http.StatusInternalServerError, "Internal Server Error")
+		return nil, echo.NewHTTPError(http.StatusInternalServerError)
 	}
 
-	return PostApiLogin200JSONResponse{
+	return PostLogin200JSONResponse{
 		Token: jwt,
 	}, nil
 }
 
+func (h *ApiHandler) GetGames(ctx context.Context, request GetGamesRequestObject) (GetGamesResponseObject, error) {
+	user := ctx.Value("user").(*auth.JWTClaims)
+	playerId := request.Params.PlayerId
+	if !user.IsAdmin {
+		if playerId == nil || *playerId != user.UserID {
+			return GetGames403JSONResponse{
+				Message: "Forbidden",
+			}, nil
+		}
+	}
+	if playerId == nil {
+		gameRows, err := h.q.ListGames(ctx)
+		if err != nil {
+			return nil, echo.NewHTTPError(http.StatusInternalServerError)
+		}
+		games := make([]Game, len(gameRows))
+		for i, row := range gameRows {
+			var startedAt *int
+			if row.StartedAt.Valid {
+				startedAtTimestamp := int(row.StartedAt.Time.Unix())
+				startedAt = &startedAtTimestamp
+			}
+			var problem *Problem
+			if row.ProblemID.Valid {
+				if !row.Title.Valid || !row.Description.Valid {
+					panic("inconsistent data")
+				}
+				problem = &Problem{
+					ProblemId:   int(row.ProblemID.Int32),
+					Title:       row.Title.String,
+					Description: row.Description.String,
+				}
+			}
+			games[i] = Game{
+				GameId:          int(row.GameID),
+				State:           GameState(row.State),
+				DisplayName:     row.DisplayName,
+				DurationSeconds: int(row.DurationSeconds),
+				StartedAt:       startedAt,
+				Problem:         problem,
+			}
+		}
+		return GetGames200JSONResponse{
+			Games: games,
+		}, nil
+	} else {
+		gameRows, err := h.q.ListGamesForPlayer(ctx, int32(*playerId))
+		if err != nil {
+			return nil, echo.NewHTTPError(http.StatusInternalServerError)
+		}
+		games := make([]Game, len(gameRows))
+		for i, row := range gameRows {
+			var startedAt *int
+			if row.StartedAt.Valid {
+				startedAtTimestamp := int(row.StartedAt.Time.Unix())
+				startedAt = &startedAtTimestamp
+			}
+			var problem *Problem
+			if row.ProblemID.Valid {
+				if !row.Title.Valid || !row.Description.Valid {
+					panic("inconsistent data")
+				}
+				problem = &Problem{
+					ProblemId:   int(row.ProblemID.Int32),
+					Title:       row.Title.String,
+					Description: row.Description.String,
+				}
+			}
+			games[i] = Game{
+				GameId:          int(row.GameID),
+				State:           GameState(row.State),
+				DisplayName:     row.DisplayName,
+				DurationSeconds: int(row.DurationSeconds),
+				StartedAt:       startedAt,
+				Problem:         problem,
+			}
+		}
+		return GetGames200JSONResponse{
+			Games: games,
+		}, nil
+	}
+}
+
 func _assertJwtPayloadIsCompatibleWithJWTClaims() {
 	var c auth.JWTClaims
 	var p JwtPayload
-	p.UserId = float32(c.UserID)
+	p.UserId = c.UserID
 	p.Username = c.Username
 	p.DisplayName = c.DisplayName
 	p.IconPath = c.IconPath
 	p.IsAdmin = c.IsAdmin
 	_ = p
 }
+
+func NewJWTMiddleware() StrictMiddlewareFunc {
+	return func(handler StrictHandlerFunc, operationID string) StrictHandlerFunc {
+		if operationID == "PostLogin" {
+			return handler
+		} else {
+			return func(c echo.Context, request interface{}) (response interface{}, err error) {
+				authorization := c.Request().Header.Get("Authorization")
+				const prefix = "Bearer "
+				if !strings.HasPrefix(authorization, prefix) {
+					return nil, echo.NewHTTPError(http.StatusUnauthorized)
+				}
+				token := authorization[len(prefix):]
+
+				claims, err := auth.ParseJWT(token)
+				if err != nil {
+					return nil, echo.NewHTTPError(http.StatusUnauthorized)
+				}
+				c.SetRequest(c.Request().WithContext(context.WithValue(c.Request().Context(), "user", claims)))
+				return handler(c, request)
+			}
+		}
+	}
+}
diff --git a/backend/api/workaround.go b/backend/api/workaround.go
new file mode 100644
index 0000000..a3c47d7
--- /dev/null
+++ b/backend/api/workaround.go
@@ -0,0 +1,22 @@
+package api
+
+import (
+	"github.com/getkin/kin-openapi/openapi3"
+)
+
+// Work-around for this issue:
+// https://stackoverflow.com/questions/70087465/echo-groups-not-working-with-openapi-generated-code-using-oapi-codegen
+func GetSwaggerWithPrefix(prefix string) (*openapi3.T, error) {
+	spec, err := GetSwagger()
+	if err != nil {
+		return nil, err
+	}
+
+	var prefixedPaths openapi3.Paths = openapi3.Paths{}
+	for key, value := range spec.Paths.Map() {
+		prefixedPaths.Set(prefix+key, value)
+	}
+
+	spec.Paths = &prefixedPaths
+	return spec, nil
+}
diff --git a/backend/auth/jwt.go b/backend/auth/jwt.go
index 1b153fe..c750531 100644
--- a/backend/auth/jwt.go
+++ b/backend/auth/jwt.go
@@ -1,11 +1,10 @@
 package auth
 
 import (
+	"errors"
 	"time"
 
 	"github.com/golang-jwt/jwt/v5"
-	echojwt "github.com/labstack/echo-jwt/v4"
-	"github.com/labstack/echo/v4"
 
 	"github.com/nsfisis/iosdc-2024-albatross-backend/db"
 )
@@ -38,17 +37,16 @@ func NewJWT(user *db.User) (string, error) {
 	return token.SignedString([]byte("TODO"))
 }
 
-func NewJWTMiddleware() echo.MiddlewareFunc {
-	return echojwt.WithConfig(echojwt.Config{
-		NewClaimsFunc: func(c echo.Context) jwt.Claims {
-			return new(JWTClaims)
-		},
-		SigningKey: []byte("TODO"),
+func ParseJWT(token string) (*JWTClaims, error) {
+	claims := new(JWTClaims)
+	t, err := jwt.ParseWithClaims(token, claims, func(t *jwt.Token) (interface{}, error) {
+		return []byte("TODO"), nil
 	})
-}
-
-func GetJWTClaimsFromEchoContext(c echo.Context) *JWTClaims {
-	user := c.Get("user").(*jwt.Token)
-	claims := user.Claims.(*JWTClaims)
-	return claims
+	if err != nil {
+		return nil, err
+	}
+	if !t.Valid {
+		return nil, errors.New("invalid token")
+	}
+	return claims, nil
 }
diff --git a/backend/db/models.go b/backend/db/models.go
index a54fd8c..cc08817 100644
--- a/backend/db/models.go
+++ b/backend/db/models.go
@@ -9,10 +9,24 @@ import (
 )
 
 type Game struct {
-	GameID    int32
-	Type      string
-	CreatedAt pgtype.Timestamp
-	State     string
+	GameID          int32
+	State           string
+	DisplayName     string
+	DurationSeconds int32
+	CreatedAt       pgtype.Timestamp
+	StartedAt       pgtype.Timestamp
+	ProblemID       pgtype.Int4
+}
+
+type GamePlayer struct {
+	GameID int32
+	UserID int32
+}
+
+type Problem struct {
+	ProblemID   int32
+	Title       string
+	Description string
 }
 
 type User struct {
diff --git a/backend/db/query.sql.go b/backend/db/query.sql.go
index 12651d2..20a7dc1 100644
--- a/backend/db/query.sql.go
+++ b/backend/db/query.sql.go
@@ -68,3 +68,107 @@ func (q *Queries) GetUserById(ctx context.Context, userID int32) (User, error) {
 	)
 	return i, err
 }
+
+const listGames = `-- name: ListGames :many
+SELECT game_id, state, display_name, duration_seconds, created_at, started_at, games.problem_id, problems.problem_id, title, description FROM games
+LEFT JOIN problems ON games.problem_id = problems.problem_id
+`
+
+type ListGamesRow struct {
+	GameID          int32
+	State           string
+	DisplayName     string
+	DurationSeconds int32
+	CreatedAt       pgtype.Timestamp
+	StartedAt       pgtype.Timestamp
+	ProblemID       pgtype.Int4
+	ProblemID_2     pgtype.Int4
+	Title           pgtype.Text
+	Description     pgtype.Text
+}
+
+func (q *Queries) ListGames(ctx context.Context) ([]ListGamesRow, error) {
+	rows, err := q.db.Query(ctx, listGames)
+	if err != nil {
+		return nil, err
+	}
+	defer rows.Close()
+	var items []ListGamesRow
+	for rows.Next() {
+		var i ListGamesRow
+		if err := rows.Scan(
+			&i.GameID,
+			&i.State,
+			&i.DisplayName,
+			&i.DurationSeconds,
+			&i.CreatedAt,
+			&i.StartedAt,
+			&i.ProblemID,
+			&i.ProblemID_2,
+			&i.Title,
+			&i.Description,
+		); err != nil {
+			return nil, err
+		}
+		items = append(items, i)
+	}
+	if err := rows.Err(); err != nil {
+		return nil, err
+	}
+	return items, nil
+}
+
+const listGamesForPlayer = `-- name: ListGamesForPlayer :many
+SELECT games.game_id, state, display_name, duration_seconds, created_at, started_at, games.problem_id, problems.problem_id, title, description, game_players.game_id, user_id FROM games
+LEFT JOIN problems ON games.problem_id = problems.problem_id
+JOIN game_players ON games.game_id = game_players.game_id
+WHERE game_players.user_id = $1
+`
+
+type ListGamesForPlayerRow struct {
+	GameID          int32
+	State           string
+	DisplayName     string
+	DurationSeconds int32
+	CreatedAt       pgtype.Timestamp
+	StartedAt       pgtype.Timestamp
+	ProblemID       pgtype.Int4
+	ProblemID_2     pgtype.Int4
+	Title           pgtype.Text
+	Description     pgtype.Text
+	GameID_2        int32
+	UserID          int32
+}
+
+func (q *Queries) ListGamesForPlayer(ctx context.Context, userID int32) ([]ListGamesForPlayerRow, error) {
+	rows, err := q.db.Query(ctx, listGamesForPlayer, userID)
+	if err != nil {
+		return nil, err
+	}
+	defer rows.Close()
+	var items []ListGamesForPlayerRow
+	for rows.Next() {
+		var i ListGamesForPlayerRow
+		if err := rows.Scan(
+			&i.GameID,
+			&i.State,
+			&i.DisplayName,
+			&i.DurationSeconds,
+			&i.CreatedAt,
+			&i.StartedAt,
+			&i.ProblemID,
+			&i.ProblemID_2,
+			&i.Title,
+			&i.Description,
+			&i.GameID_2,
+			&i.UserID,
+		); err != nil {
+			return nil, err
+		}
+		items = append(items, i)
+	}
+	if err := rows.Err(); err != nil {
+		return nil, err
+	}
+	return items, nil
+}
diff --git a/backend/go.mod b/backend/go.mod
index 8e3e387..7e47d35 100644
--- a/backend/go.mod
+++ b/backend/go.mod
@@ -7,7 +7,6 @@ require (
 	github.com/golang-jwt/jwt/v5 v5.2.1
 	github.com/gorilla/websocket v1.5.3
 	github.com/jackc/pgx/v5 v5.5.5
-	github.com/labstack/echo-jwt/v4 v4.2.0
 	github.com/labstack/echo/v4 v4.12.0
 	github.com/oapi-codegen/echo-middleware v1.0.2
 	github.com/oapi-codegen/oapi-codegen/v2 v2.3.0
@@ -18,6 +17,7 @@ require (
 require (
 	filippo.io/edwards25519 v1.1.0 // indirect
 	github.com/antlr4-go/antlr/v4 v4.13.0 // indirect
+	github.com/apapsch/go-jsonmerge/v2 v2.0.0 // indirect
 	github.com/cubicdaiya/gonp v1.0.4 // indirect
 	github.com/cznic/mathutil v0.0.0-20181122101859-297441e03548 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
diff --git a/backend/go.sum b/backend/go.sum
index 6973c16..bc38c89 100644
--- a/backend/go.sum
+++ b/backend/go.sum
@@ -1,9 +1,13 @@
 filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA=
 filippo.io/edwards25519 v1.1.0/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
+github.com/RaveNoX/go-jsoncommentstrip v1.0.0/go.mod h1:78ihd09MekBnJnxpICcwzCMzGrKSKYe4AqU6PDYYpjk=
 github.com/antlr4-go/antlr/v4 v4.13.0 h1:lxCg3LAv+EUK6t1i0y1V6/SLeUi0eKEKdhQAlS8TVTI=
 github.com/antlr4-go/antlr/v4 v4.13.0/go.mod h1:pfChB/xh/Unjila75QW7+VU4TSnWnnk9UTnmpPaOR2g=
+github.com/apapsch/go-jsonmerge/v2 v2.0.0 h1:axGnT1gRIfimI7gJifB699GoE/oq+F2MU7Dml6nw9rQ=
+github.com/apapsch/go-jsonmerge/v2 v2.0.0/go.mod h1:lvDnEdqiQrp0O42VQGgmlKpxL1AP2+08jFMw88y4klk=
 github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA=
+github.com/bmatcuk/doublestar v1.1.1/go.mod h1:UD6OnuiIn0yFxxA2le/rnRU1G4RaI4UvFv1sNto9p6w=
 github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/cubicdaiya/gonp v1.0.4 h1:ky2uIAJh81WiLcGKBVD5R7KsM/36W6IqqTy6Bo6rGws=
 github.com/cubicdaiya/gonp v1.0.4/go.mod h1:iWGuP/7+JVTn02OWhRemVbMmG1DOUnmrGTYYACpOI0I=
@@ -64,6 +68,7 @@ github.com/jinzhu/inflection v1.0.0 h1:K317FqzuhWc8YvSVlFMCCUb36O/S9MCKRDI7QkRKD
 github.com/jinzhu/inflection v1.0.0/go.mod h1:h+uFLlag+Qp1Va5pdKtLDYj+kHp5pxUVkryuEj+Srlc=
 github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
 github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
+github.com/juju/gnuflag v0.0.0-20171113085948-2ce1bb71843d/go.mod h1:2PavIy+JPciBPrBUjwbNvtwB6RQlve+hkpll6QSNmOE=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
 github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
 github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
@@ -71,8 +76,6 @@ github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
-github.com/labstack/echo-jwt/v4 v4.2.0 h1:odSISV9JgcSCuhgQSV/6Io3i7nUmfM/QkBeR5GVJj5c=
-github.com/labstack/echo-jwt/v4 v4.2.0/go.mod h1:MA2RqdXdEn4/uEglx0HcUOgQSyBaTh5JcaHIan3biwU=
 github.com/labstack/echo/v4 v4.12.0 h1:IKpw49IMryVB2p1a4dzwlhP1O2Tf2E0Ir/450lH+kI0=
 github.com/labstack/echo/v4 v4.12.0/go.mod h1:UP9Cr2DJXbOK3Kr9ONYzNowSh7HP0aG0ShAyycHSJvM=
 github.com/labstack/gommon v0.4.2 h1:F8qTUNXgG1+6WQmqoUWnz8WiEU60mXVVw0P4ht1WRA0=
@@ -126,6 +129,7 @@ github.com/spf13/cobra v1.8.0 h1:7aJaZx1B85qltLMc546zn58BxxfZdR/W22ej9CFoEf0=
 github.com/spf13/cobra v1.8.0/go.mod h1:WXLWApfZ71AjXPya3WOlMsY9yMs7YeiHhFVlvLyhcho=
 github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
 github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
+github.com/spkg/bom v0.0.0-20160624110644-59b7046e48ad/go.mod h1:qLr4V1qq6nMqFKkMo8ZTx3f+BZEkzsRUY10Xsm2mwU0=
 github.com/sqlc-dev/sqlc v1.26.0 h1:bW6TA1vVdi2lfqsEddN5tSznRMYcWez7hf+AOqSiEp8=
 github.com/sqlc-dev/sqlc v1.26.0/go.mod h1:k2F3RWilLCup3D0XufrzZENCyXjtplALmHDmOt4v5bs=
 github.com/stoewer/go-strcase v1.2.0 h1:Z2iHWqGXH00XYgqDmNgQbIBxf3wrNq0F3feEy0ainaU=
diff --git a/backend/main.go b/backend/main.go
index fa5c079..7f87bb4 100644
--- a/backend/main.go
+++ b/backend/main.go
@@ -10,6 +10,7 @@ import (
 
 	"github.com/jackc/pgx/v5"
 	"github.com/labstack/echo/v4"
+	"github.com/labstack/echo/v4/middleware"
 	oapimiddleware "github.com/oapi-codegen/echo-middleware"
 
 	"github.com/nsfisis/iosdc-2024-albatross-backend/api"
@@ -126,7 +127,7 @@ func main() {
 		return
 	}
 
-	openApiSpec, err := api.GetSwagger()
+	openApiSpec, err := api.GetSwaggerWithPrefix("/api")
 	if err != nil {
 		fmt.Printf("Error loading OpenAPI spec\n: %s", err)
 		return
@@ -144,11 +145,16 @@ func main() {
 
 	e := echo.New()
 
+	e.Use(middleware.Logger())
+	e.Use(middleware.Recover())
+
 	{
 		apiGroup := e.Group("/api")
 		apiGroup.Use(oapimiddleware.OapiRequestValidator(openApiSpec))
 		apiHandler := api.NewHandler(queries)
-		api.RegisterHandlers(apiGroup, api.NewStrictHandler(apiHandler, nil))
+		api.RegisterHandlers(apiGroup, api.NewStrictHandler(apiHandler, []api.StrictMiddlewareFunc{
+			api.NewJWTMiddleware(),
+		}))
 	}
 
 	e.GET("/sock/golf/:gameId/watch", func(c echo.Context) error {
diff --git a/backend/query.sql b/backend/query.sql
index 165c2c9..9b038a5 100644
--- a/backend/query.sql
+++ b/backend/query.sql
@@ -8,3 +8,13 @@ SELECT * FROM users
 JOIN user_auths ON users.user_id = user_auths.user_id
 WHERE users.username = $1
 LIMIT 1;
+
+-- name: ListGames :many
+SELECT * FROM games
+LEFT JOIN problems ON games.problem_id = problems.problem_id;
+
+-- name: ListGamesForPlayer :many
+SELECT * FROM games
+LEFT JOIN problems ON games.problem_id = problems.problem_id
+JOIN game_players ON games.game_id = game_players.game_id
+WHERE game_players.user_id = $1;
diff --git a/backend/schema.sql b/backend/schema.sql
index 6696242..f0b5b37 100644
--- a/backend/schema.sql
+++ b/backend/schema.sql
@@ -16,8 +16,26 @@ CREATE TABLE user_auths (
 );
 
 CREATE TABLE games (
-    game_id    SERIAL       PRIMARY KEY,
-    type       VARCHAR(255) NOT NULL,
-    created_at TIMESTAMP    NOT NULL DEFAULT NOW(),
-    state      VARCHAR(255) NOT NULL
+    game_id          SERIAL       PRIMARY KEY,
+    state            VARCHAR(32)  NOT NULL,
+    display_name     VARCHAR(255) NOT NULL,
+    duration_seconds INT          NOT NULL,
+    created_at       TIMESTAMP    NOT NULL DEFAULT NOW(),
+    started_at       TIMESTAMP,
+    problem_id       INT,
+    CONSTRAINT fk_problem_id FOREIGN KEY(problem_id) REFERENCES problems(problem_id)
+);
+
+CREATE TABLE game_players (
+    game_id INT NOT NULL,
+    user_id INT NOT NULL,
+    PRIMARY KEY (game_id, user_id),
+    CONSTRAINT fk_game_id FOREIGN KEY(game_id) REFERENCES games(game_id),
+    CONSTRAINT fk_user_id FOREIGN KEY(user_id) REFERENCES users(user_id)
+);
+
+CREATE TABLE problems (
+    problem_id  SERIAL       PRIMARY KEY,
+    title       VARCHAR(255) NOT NULL,
+    description TEXT         NOT NULL
 );