add basic jwt auth

2025-01-04 21:22:22 +01:00
parent a08e708a3b
commit c78a84e075
5 changed files with 244 additions and 12 deletions
--- a/controllers/userController.go
+++ b/controllers/userController.go
@@ -0,0 +1,144 @@
+package controllers
+
+import(
+	"os"
+	"time"
+	"net/http"
+	"golang.org/x/crypto/bcrypt"
+
+	"github.com/golang-jwt/jwt/v5"
+	"github.com/gin-gonic/gin"
+	"gorm.io/gorm"
+
+	"example.com/gin/test/models"
+)	
+
+
+type UserController struct {
+	DB *gorm.DB
+}
+
+func NewUserController(db *gorm.DB) UserController {
+	return UserController{
+		DB: db,
+	}
+}
+
+
+func (uc *UserController) Signup(c *gin.Context) {
+	//Get the email/passwd off req body
+	var body struct {
+		Email string
+		Password string
+	}
+
+	err := c.Bind(&body)
+
+	if err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{
+			"error": "Failed to read body",
+		})
+
+		return
+	}
+
+	//hash pw
+	hash, err := bcrypt.GenerateFromPassword([]byte(body.Password), 10)
+
+	if err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{
+			"error": "Failed to hash password",
+		})
+
+		return
+	}
+
+	//create user
+	user := models.User{Email: body.Email, Password: string(hash)}
+	result := uc.DB.Create(&user)
+
+	if result.Error != nil {
+		c.JSON(http.StatusBadRequest, gin.H{
+			"error": "Failed to create user",
+		})
+
+		return
+	}
+
+
+	//respond
+	c.JSON(http.StatusOK, gin.H{})
+}
+
+
+func (uc *UserController) Login(c *gin.Context) {
+	//Get the email/passwd off req body
+	var body struct {
+		Email string
+		Password string
+	}
+
+	err := c.Bind(&body)
+
+	if err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{
+			"error": "Failed to read body",
+		})
+
+		return
+	}
+
+	//lookup requested user
+	var user models.User
+	result := uc.DB.First(&user, "email = ?", body.Email)
+
+	if result.Error != nil {
+		c.JSON(http.StatusBadRequest, gin.H{
+			"error": "Invalid email or password",
+		})
+
+		return
+	}
+
+	// compare sent with saved pass
+	err = bcrypt.CompareHashAndPassword([]byte(user.Password), []byte(body.Password))
+
+	if err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{
+			"error": "Invalid email or password",
+		})
+
+		return
+	}
+
+	//generate jwt token
+	token := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{
+		"sub": user.ID,
+		"exp": time.Now().Add(time.Hour * 24).Unix(),
+	})
+
+	// Sign and get the complete encoded token as a string using the secret
+	tokenString, err := token.SignedString([]byte(os.Getenv("SECRET")))
+
+	if err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{
+			"error": "Failed to create token",
+		})
+
+		return
+	}
+
+	// send it back
+	c.SetSameSite(http.SameSiteLaxMode)
+	c.SetCookie("Authorization", tokenString, 3600 * 24, "", "", false, true)
+
+	c.JSON(http.StatusOK, gin.H{})
+}
+
+func (uc *UserController) Validate(c *gin.Context) {
+	user, _ := c.Get("user")
+
+	c.JSON(http.StatusOK, gin.H{
+		"message": user,
+	})
+}