auth
GIN JWT authentication with token stored in cookies
Code Example
main.go
package main
import (
"net/http"
"time"
"github.com/gin-contrib/cors"
"github.com/gin-gonic/gin"
"github.com/oyaro-tech/auth"
)
func main() {
router := gin.New()
_ = router.SetTrustedProxies(nil)
router.Use(cors.New(cors.Config{
AllowOrigins: []string{"*"},
AllowMethods: []string{"GET", "POST", "PUT", "DELETE", "UPDATE", "OPTIONS"},
AllowHeaders: []string{"Origin", "Accept", "Content-Type", "X-CSRF-Token", "X-Requested-With"},
ExposeHeaders: []string{"Content-Length"},
AllowCredentials: true,
MaxAge: 12 * time.Hour,
}))
router.Use(gin.LoggerWithConfig(gin.LoggerConfig{
SkipPaths: []string{"/favicon.ico"},
}))
router.Use(gin.Recovery())
auth.RegisterRoutes(router)
router.GET("/welcome", auth.TokenAuthMiddleware, func(c *gin.Context) {
c.JSON(http.StatusAccepted, "Welcome user!")
})
router.Run()
}
.env
POSTGRES_HOST=localhost
POSTGRES_PORT=5432
POSTGRES_USER=postgres
POSTGRES_PASSWORD=postgres
init.sql
-- Create database
CREATE DATABASE users;
-- Create users table
create table if not exists users (
id SERIAL NOT NULL,
email varchar(1024) NOT NULL,
username varchar(64) NOT NULL,
password varchar(64) NOT NULL,
created_at timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
PRIMARY KEY (id)
);
-- Insert test user
insert into users (email, username, password)
values (
'example@gmail.com',
'admin',
'$2a$10$.lWUct/xzfsd8OccI/Fn0ue8aiDMmU/HCffzOTcD8KwsNlldHkOE6' -- qwerty123
);
Run Postgres in Docker and init database
docker run --name postgres -e POSTGRES_PASSWORD=postgres -d -p 5432:5432 --rm postgres
cat init.sql | docker exec -i postgres psql -U postgres
Init package and install requirements
go mod init github.com/$USER/auth-example
go mod tidy
go get
Running
env $(cat .env) go run ./...
Usage
Try accessing the /welcome
endpoint
curl -v localhost:8080/welcome -X GET
Note: Unnecessary use of -X or --request, GET is already inferred.
* Trying 127.0.0.1:8080...
* Connected to localhost (127.0.0.1) port 8080 (#0)
> GET /welcome HTTP/1.1
> Host: localhost:8080
> User-Agent: curl/7.74.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 401 Unauthorized
< Content-Type: application/json; charset=utf-8
< Set-Cookie: access_token=; Path=/; Max-Age=0; HttpOnly; Secure
< Date: Tue, 01 Mar 2022 09:23:09 GMT
< Content-Length: 33
<
* Connection #0 to host localhost left intact
"no access_token found in cookie"
Login with invalid credentials
curl -v localhost:8080/auth/login -X POST -H "Content-Type: application/json" -d '{"username": "admin", "password": "admin"}'
Note: Unnecessary use of -X or --request, POST is already inferred.
* Trying 127.0.0.1:8080...
* Connected to localhost (127.0.0.1) port 8080 (#0)
> POST /auth/login HTTP/1.1
> Host: localhost:8080
> User-Agent: curl/7.74.0
> Accept: */*
> Content-Type: application/json
> Content-Length: 42
>
* upload completely sent off: 42 out of 42 bytes
* Mark bundle as not supporting multiuse
< HTTP/1.1 401 Unauthorized
< Content-Type: application/json; charset=utf-8
< Date: Tue, 01 Mar 2022 09:35:36 GMT
< Content-Length: 36
<
* Connection #0 to host localhost left intact
"please provide valid login details"
Login with valid credentials
curl -v localhost:8080/auth/login -X POST -H "Content-Type: application/json" -d '{"username": "admin", "password": "qwerty123"}'
Note: Unnecessary use of -X or --request, POST is already inferred.
* Trying 127.0.0.1:8080...
* Connected to localhost (127.0.0.1) port 8080 (#0)
> POST /auth/login HTTP/1.1
> Host: localhost:8080
> User-Agent: curl/7.74.0
> Accept: */*
> Content-Type: application/json
> Content-Length: 46
>
* upload completely sent off: 46 out of 46 bytes
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Set-Cookie: access_token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX2lkIjoxfQ.tJMQeyTTqaFkHbzImAyYcGRzlJYwA04tKZ61OZ3lKqg; Path=/; Max-Age=43200; HttpOnly; Secure
< Date: Tue, 01 Mar 2022 09:31:40 GMT
< Content-Length: 0
<
* Connection #0 to host localhost left intact
Try accessing the /welcome
endpoint with invalid jwt token in cookies
curl -v localhost:8080/welcome -b "access_token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX2lkIjoxfQ.Fzb932Uj1qCIvi4ggTFMG634mJ-T63lan_G-1tRi9Ek; Path=/; Max-Age=43200; HttpOnly; Secure"
* Trying 127.0.0.1:8080...
* Connected to localhost (127.0.0.1) port 8080 (#0)
> GET /welcome HTTP/1.1
> Host: localhost:8080
> User-Agent: curl/7.74.0
> Accept: */*
> Cookie: access_token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX2lkIjoxfQ.Fzb932Uj1qCIvi4ggTFMG634mJ-T63lan_G-1tRi9Ek; Path=/; Max-Age=43200; HttpOnly; Secure
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 401 Unauthorized
< Content-Type: application/json; charset=utf-8
< Set-Cookie: access_token=; Path=/; Max-Age=0; HttpOnly; Secure
< Date: Tue, 01 Mar 2022 09:45:04 GMT
< Content-Length: 22
<
* Connection #0 to host localhost left intact
"signature is invalid"
Try accessing the /welcome
endpoint with valid jwt token in cookies
curl -v localhost:8080/welcome -X GET -b "access_token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX2lkIjoxfQ.tJMQeyTTqaFkHbzImAyYcGRzlJYwA04tKZ61OZ3lKqg; Path=/; Max-Age=43200; HttpOnly; Secure"
Note: Unnecessary use of -X or --request, GET is already inferred.
* Trying 127.0.0.1:8080...
* Connected to localhost (127.0.0.1) port 8080 (#0)
> GET /welcome HTTP/1.1
> Host: localhost:8080
> User-Agent: curl/7.74.0
> Accept: */*
> Cookie: access_token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX2lkIjoxfQ.tJMQeyTTqaFkHbzImAyYcGRzlJYwA04tKZ61OZ3lKqg; Path=/; Max-Age=43200; HttpOnly; Secure
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 202 Accepted
< Content-Type: application/json; charset=utf-8
< Date: Tue, 01 Mar 2022 09:37:18 GMT
< Content-Length: 16
<
* Connection #0 to host localhost left intact
"Welcome user!"