nilopaim
/
apifiber
1
0
Fork 0
Code Issues Pull Requests Packages Projects 1 Releases Wiki Activity

updated to use jwt for authentication

pull/2/head
Nilo Roberto C Paim 2021-11-01 20:42:17 -03:00
parent 5fef21b0c7
commit 8a55954d92
7 changed files with 78 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -1,2 +1,4 @@
.vscode
api api
api.exe api.exe

52
controllers/authController.go
View File

@ -15,7 +15,7 @@ import (
func Version(c *fiber.Ctx) error { func Version(c *fiber.Ctx) error {
return c.JSON(fiber.Map{ return c.JSON(fiber.Map{
"version": "1.0.0", "version": "1.0.1",
}) })
} }
@ -67,31 +67,8 @@ func Login(c *fiber.Ctx) error {
}) })
} }
cookie := fiber.Cookie{
Name: "jwt",
Value: token,
Expires: time.Now().Add(time.Hour * 1),
HTTPOnly: true,
}
c.Cookie(&cookie)
return c.JSON(token)
}
func Logout(c *fiber.Ctx) error {
cookie := fiber.Cookie{
Name: "jwt",
Value: "",
Expires: time.Now().Add(-time.Hour),
HTTPOnly: true,
}
c.Cookie(&cookie)
return c.JSON(fiber.Map{ return c.JSON(fiber.Map{
"message": "Successful logout", "token": token})
})
} }
func AddUser(c *fiber.Ctx) error { func AddUser(c *fiber.Ctx) error {
@ -124,24 +101,23 @@ func AddUser(c *fiber.Ctx) error {
} }
func GetOwnUser(c *fiber.Ctx) error { func GetOwnUser(c *fiber.Ctx) error {
cookie := c.Cookies("jwt")
var user models.User var user models.User
claims, err := utils.VerifyAuthentication(c, cookie) userCode, err := utils.ProcessToken(c)
if err != nil { if err != nil {
c.Status(fiber.StatusUnauthorized) c.Status(fiber.StatusBadRequest)
return c.JSON(fiber.Map{ return c.JSON(fiber.Map{
"message": "Unauthenticated", "message": "Invalid authorization",
}) })
} }
database.DB.Where("id = ?", claims.Issuer).First(&user) database.DB.Where("id = ?", userCode).First(&user)
if user.Id == 0 { if user.Id == 0 {
c.Status(fiber.StatusUnauthorized) c.Status(fiber.StatusInternalServerError)
return c.JSON(fiber.Map{ return c.JSON(fiber.Map{
"message": "Unauthenticated", "message": "Invalid token when should be ok",
}) })
} }
@ -149,11 +125,9 @@ func GetOwnUser(c *fiber.Ctx) error {
} }
func GetAllUsers(c *fiber.Ctx) error { func GetAllUsers(c *fiber.Ctx) error {
cookie := c.Cookies("jwt") var users []models.User
var user []models.User _, err := utils.ProcessToken(c)
_, err := utils.VerifyAuthentication(c, cookie)
if err != nil { if err != nil {
c.Status(fiber.StatusUnauthorized) c.Status(fiber.StatusUnauthorized)
return c.JSON(fiber.Map{ return c.JSON(fiber.Map{
@ -161,14 +135,14 @@ func GetAllUsers(c *fiber.Ctx) error {
}) })
} }
database.DB.Find(&user) database.DB.Find(&users)
if len(user) == 0 { if len(users) == 0 {
c.Status(fiber.StatusUnauthorized) c.Status(fiber.StatusUnauthorized)
return c.JSON(fiber.Map{ return c.JSON(fiber.Map{
"message": "Unauthenticated", "message": "Unauthenticated",
}) })
} }
return c.JSON(user) return c.JSON(users)
} }

9
controllers/eventController.go
View File

@ -4,6 +4,7 @@ import (
"api/database" "api/database"
"api/dbaccess" "api/dbaccess"
"api/models" "api/models"
"api/utils"
"strconv" "strconv"
"time" "time"
@ -15,6 +16,14 @@ func AddEvent(c *fiber.Ctx) error {
var audience int var audience int
var startdt time.Time var startdt time.Time
_, err := utils.ProcessToken(c)
if err != nil {
c.Status(fiber.StatusBadRequest)
return c.JSON(fiber.Map{
"message": "Invalid authorization",
})
}
if err := c.BodyParser(&data); err != nil { if err := c.BodyParser(&data); err != nil {
return err return err
} }

2
go.mod
View File

@ -5,6 +5,7 @@ go 1.17
require ( require (
github.com/dgrijalva/jwt-go v3.2.0+incompatible github.com/dgrijalva/jwt-go v3.2.0+incompatible
github.com/gofiber/fiber/v2 v2.20.1 github.com/gofiber/fiber/v2 v2.20.1
github.com/gofiber/jwt/v3 v3.2.0
github.com/joho/godotenv v1.4.0 github.com/joho/godotenv v1.4.0
golang.org/x/crypto v0.0.0-20210921155107-089bfa567519 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519
gorm.io/driver/mysql v1.1.2 gorm.io/driver/mysql v1.1.2
@ -14,6 +15,7 @@ require (
require ( require (
github.com/andybalholm/brotli v1.0.3 // indirect github.com/andybalholm/brotli v1.0.3 // indirect
github.com/go-sql-driver/mysql v1.6.0 // indirect github.com/go-sql-driver/mysql v1.6.0 // indirect
github.com/golang-jwt/jwt/v4 v4.1.0 // indirect
github.com/jinzhu/inflection v1.0.0 // indirect github.com/jinzhu/inflection v1.0.0 // indirect
github.com/jinzhu/now v1.1.2 // indirect github.com/jinzhu/now v1.1.2 // indirect
github.com/klauspost/compress v1.13.6 // indirect github.com/klauspost/compress v1.13.6 // indirect

4
go.sum
View File

@ -7,6 +7,10 @@ github.com/go-sql-driver/mysql v1.6.0 h1:BCTh4TKNUYmOmMUcQ3IipzF5prigylS7XXjEkfC
github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg= github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
github.com/gofiber/fiber/v2 v2.20.1 h1:p463gd/RI8YeYxP4WMGS+u1UtBS88yk8oLiPkEiDYx4= github.com/gofiber/fiber/v2 v2.20.1 h1:p463gd/RI8YeYxP4WMGS+u1UtBS88yk8oLiPkEiDYx4=
github.com/gofiber/fiber/v2 v2.20.1/go.mod h1:/LdZHMUXZvTTo7gU4+b1hclqCAdoQphNQ9bi9gutPyI= github.com/gofiber/fiber/v2 v2.20.1/go.mod h1:/LdZHMUXZvTTo7gU4+b1hclqCAdoQphNQ9bi9gutPyI=
github.com/gofiber/jwt/v3 v3.2.0 h1:brHGfuuAJI2NxdPQO0Yoa7L01I0Uc/CKZ3Z2lYE5W30=
github.com/gofiber/jwt/v3 v3.2.0/go.mod h1:Z05kGvvdRqbWMvb3uYmAPwfFyCV8/n/QVorzq4XjwvU=
github.com/golang-jwt/jwt/v4 v4.1.0 h1:XUgk2Ex5veyVFVeLm0xhusUTQybEbexJXrvPNOKkSY0=
github.com/golang-jwt/jwt/v4 v4.1.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg=
github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
github.com/jinzhu/inflection v1.0.0 h1:K317FqzuhWc8YvSVlFMCCUb36O/S9MCKRDI7QkRKD/E= github.com/jinzhu/inflection v1.0.0 h1:K317FqzuhWc8YvSVlFMCCUb36O/S9MCKRDI7QkRKD/E=
github.com/jinzhu/inflection v1.0.0/go.mod h1:h+uFLlag+Qp1Va5pdKtLDYj+kHp5pxUVkryuEj+Srlc= github.com/jinzhu/inflection v1.0.0/go.mod h1:h+uFLlag+Qp1Va5pdKtLDYj+kHp5pxUVkryuEj+Srlc=

17
routes/routes.go
View File

@ -2,8 +2,11 @@ package routes
import ( import (
"api/controllers" "api/controllers"
"os"
"github.com/gofiber/fiber/v2" "github.com/gofiber/fiber/v2"
jwtware "github.com/gofiber/jwt/v3"
) )
func Setup(app *fiber.App) { func Setup(app *fiber.App) {
@ -11,11 +14,15 @@ func Setup(app *fiber.App) {
app.Get("/version", controllers.Version) app.Get("/version", controllers.Version)
app.Post("/login", controllers.Login) app.Post("/login", controllers.Login)
app.Post("/logout", controllers.Logout)
app.Get("/user", controllers.GetOwnUser) protected := app.Group("/")
app.Get("/users", controllers.GetAllUsers) protected.Use(jwtware.New(jwtware.Config{
app.Post("/user", controllers.AddUser) SigningKey: []byte(os.Getenv("API_SECRET")),
}))
app.Post("/event", controllers.AddEvent) protected.Get("user", controllers.GetOwnUser)
protected.Get("users", controllers.GetAllUsers)
protected.Post("user", controllers.AddUser)
protected.Post("event", controllers.AddEvent)
} }

36
utils/utils.go
View File

@ -1,7 +1,9 @@
package utils package utils
import ( import (
"fmt"
"os" "os"
"strings"
"github.com/dgrijalva/jwt-go" "github.com/dgrijalva/jwt-go"
"github.com/gofiber/fiber/v2" "github.com/gofiber/fiber/v2"
@ -26,3 +28,37 @@ func VerifyAuthentication(c *fiber.Ctx, cookie string) (*jwt.StandardClaims, err
return claims, nil return claims, nil
} }
func ProcessToken(c *fiber.Ctx) (interface{}, error) {
bearToken := c.Get("Authorization")
var token string
// Normally Authorization HTTP header.
onlyToken := strings.Split(bearToken, " ")
if len(onlyToken) == 2 {
token = onlyToken[1]
} else {
token = bearToken
}
tk, err := jwt.Parse(token, jwtKeyFunc)
if err != nil {
fmt.Println("Error 1")
return nil, err
}
claims, ok := tk.Claims.(jwt.MapClaims)
if ok && tk.Valid {
fmt.Printf("claims user: %v\n", claims["user"])
return claims["user"], nil
}
return nil, err
}
func jwtKeyFunc(token *jwt.Token) (interface{}, error) {
return []byte(os.Getenv("API_SECRET")), nil
}