User Authentication and Authorization using JWT

apperrors/apperrors.go

@@ -0,0 +1,68 @@
+package apperrors
+
+import (
+	"encoding/json"
+	"errors"
+	l "github.com/sirupsen/logrus"
+	"net/http"
+)
+
+// ErrorStruct - struct used to convert error messages into required JSON format
+type ErrorStruct struct {
+	Message string `json:"message,omitempty"` //Error Message
+	Status  int    `json:"status,omitempty"`  //HTTP Response status code
+}
+
+// Error - prints out an error
+func Error(appError error, msg string, triggeringError error) {
+	l.WithFields(l.Fields{"appError": appError, "message": msg}).Error(triggeringError)
+}
+
+// Warn - for warnings
+func Warn(appError error, msg string, triggeringError error) {
+	l.WithFields(l.Fields{"appError": appError, "message": msg}).Warn(triggeringError)
+}
+
+// JSONError - This function writes out an error response with the status
+// header passed in
+func JSONError(rw http.ResponseWriter, status int, err error) {
+
+	errObj := ErrorStruct{
+		Message: err.Error(),
+		Status:  status,
+	}
+
+	errJSON, err := json.Marshal(&errObj)
+	if err != nil {
+		Warn(err, "Error in AppErrors marshalling JSON", err)
+	}
+	rw.WriteHeader(status)
+	rw.Header().Add("Content-Type", "application/json")
+	rw.Write(errJSON)
+	return
+}
+
+// ErrRecordNotFound - for when a database record isn't found
+var ErrRecordNotFound = errors.New("Database record not found")
+
+// ErrInvalidToken - used when a JSON Web Token ("JWT") cannot be validated
+// by the JWT library
+var ErrInvalidToken = errors.New("Invalid Token")
+
+// ErrSignedString - failed to sign the token string
+var ErrSignedString = errors.New("Failed to sign token string")
+
+// ErrMissingAuthHeader - When the HTTP request doesn't contain an 'Authorization' header
+var ErrMissingAuthHeader = errors.New("Missing Auth header")
+
+// ErrJSONParseFail - If json.Unmarshal or json.Marshal returns an error
+var ErrJSONParseFail = errors.New("Failed to parse JSON response (likely not valid JSON)")
+
+// ErrNoSigningKey - there isn't a signing key defined in the app configuration
+var ErrNoSigningKey = errors.New("no JWT signing key specified; cannot authenticate users. Define JWT_SECRET in application.yml and restart")
+
+// ErrFailedToCreate - Record Creation Failed
+var ErrFailedToCreate = errors.New("Failed to create database record")
+
+// ErrUnknown - Generic Error For Unknown Errors
+var ErrUnknown = errors.New("unknown/unexpected error has occurred")

config/config.go

@@ -1,20 +1,22 @@
 package config
 
 import (
-	"errors"
 	"fmt"
 	"strconv"
 
 	"github.com/spf13/viper"
 )
 
 var (
-	appName string
-	appPort int
+	appName                string
+	appPort                int
+	jwtKey                 string
+	jwtExpiryDurationHours int
 )
 
+// Load - loads all the environment variables and/or params in application.yml
 func Load() {
-	viper.SetDefault("APP_NAME", "app")
+	viper.SetDefault("APP_NAME", "e-commerce")
 	viper.SetDefault("APP_PORT", "8002")
 
 	viper.SetConfigName("application")
@@ -24,22 +26,39 @@ func Load() {
 	viper.AddConfigPath("./../..")
 	viper.ReadInConfig()
 	viper.AutomaticEnv()
+
+	// Check for the presence of JWT_KEY and JWT_EXPIRY_DURATION_HOURS
+	JWTKey()
+	JWTExpiryDurationHours()
 }
 
+// AppName - returns the app name
 func AppName() string {
 	if appName == "" {
 		appName = ReadEnvString("APP_NAME")
 	}
 	return appName
 }
 
+// AppPort - returns application http port
 func AppPort() int {
 	if appPort == 0 {
 		appPort = ReadEnvInt("APP_PORT")
 	}
 	return appPort
 }
 
+// JWTKey - returns the JSON Web Token key
+func JWTKey() []byte {
+	return []byte(ReadEnvString("JWT_SECRET"))
+}
+
+// JWTExpiryDurationHours - returns duration for jwt expiry in int
+func JWTExpiryDurationHours() int {
+	return int(ReadEnvInt("JWT_EXPIRY_DURATION_HOURS"))
+}
+
+// ReadEnvInt - reads an environment variable as an integer
 func ReadEnvInt(key string) int {
 	checkIfSet(key)
 	v, err := strconv.Atoi(viper.GetString(key))
@@ -49,19 +68,22 @@ func ReadEnvInt(key string) int {
 	return v
 }
 
+// ReadEnvString - reads an environment variable as a string
 func ReadEnvString(key string) string {
 	checkIfSet(key)
 	return viper.GetString(key)
 }
 
+// ReadEnvBool - reads environment variable as a boolean
 func ReadEnvBool(key string) bool {
 	checkIfSet(key)
 	return viper.GetBool(key)
 }
 
+//CheckIfSet checks if all the necessary keys are set
 func checkIfSet(key string) {
 	if !viper.IsSet(key) {
-		err := errors.New(fmt.Sprintf("Key %s is not set", key))
+		err := fmt.Errorf("Key %s is not set", key)
 		panic(err)
 	}
 }

db/db.go

@@ -4,9 +4,11 @@ import (
 	"context"
 )
 
+// Storer - an interface we use to expose methods that do stuff to the underlying database
 type Storer interface {
 	ListUsers(context.Context) ([]User, error)
-	//Create(context.Context, User) error
-	//GetUser(context.Context) (User, error)
-	//Delete(context.Context, string) error
+	AuthenticateUser(context.Context, User) (User, error)
+	GetUser(context.Context, int) (User, error)
+	CreateBlacklistedToken(context.Context, BlacklistedToken) error
+	CheckBlacklistedToken(context.Context, string) (bool, int)
 }

db/pg.go

@@ -10,6 +10,7 @@ import (
 	"time"
 
 	"github.com/jmoiron/sqlx"
+	//lib/pq internally configures with database/sql library"
 	_ "github.com/lib/pq"
 	"github.com/mattes/migrate"
 	"github.com/mattes/migrate/database/postgres"

db/user.go

@@ -2,21 +2,66 @@ package db
 
 import (
 	"context"
-
+	"database/sql"
 	logger "github.com/sirupsen/logrus"
+	"golang.org/x/crypto/bcrypt"
+	ae "joshsoftware/go-e-commerce/apperrors"
 )
 
+//User Struct for declaring attributes of User
 type User struct {
-	Name string `db:"name" json:"full_name"`
-	Age  int    `db:"age" json:"age"`
+	ID        int    `db:"id" json:"id"`
+	FirstName string `db:"first_name" json:"first_name"`
+	LastName  string `db:"last_name" json:"last_name"`
+	Email     string `db:"email" json:"email"`
+	Mobile    string `db:"mobile" json:"mobile"`
+	Address   string `db:"address" json:"address"`
+	Password  string `db:"password" json:"password"`
+	Country   string `db:"country" json:"country"`
+	State     string `db:"state" json:"state"`
+	City      string `db:"city" json:"city"`
+	CreatedAt string `db:"created_at" json:"created_at"`
 }
 
+//ListUsers function to fetch all Users From Database
 func (s *pgStore) ListUsers(ctx context.Context) (users []User, err error) {
-	err = s.db.Select(&users, "SELECT * FROM users ORDER BY name ASC")
+	err = s.db.Select(&users, "SELECT * FROM users ORDER BY first_name ASC")
 	if err != nil {
 		logger.WithField("err", err.Error()).Error("Error listing users")
 		return
 	}
 
 	return
 }
+
+//GetUser function is used to Get a Particular User
+func (s *pgStore) GetUser(ctx context.Context, id int) (user User, err error) {
+
+	err = s.db.Get(&user, "SELECT * FROM users WHERE id=$1", id)
+	if err != nil {
+		if err == sql.ErrNoRows {
+			err = ae.ErrRecordNotFound
+		}
+		logger.WithField("err", err.Error()).Error("Query Failed")
+		return
+	}
+
+	return
+}
+
+//AuthenticateUser Function checks if User has Registered before Login
+// and Has Entered Correct Credentials
+func (s *pgStore) AuthenticateUser(ctx context.Context, u User) (user User, err error) {
+
+	err = s.db.Get(&user, "SELECT * FROM users where email = $1", u.Email)
+	if err != nil {
+		logger.WithField("err", err.Error()).Error("No such User Available")
+		return
+	}
+
+	if err = bcrypt.CompareHashAndPassword([]byte(user.Password), []byte(u.Password)); err != nil {
+		// If the two passwords don't match, return a 401 status
+		logger.WithField("Error", err.Error())
+	}
+	return
+}

db/user_blacklisted_tokens.go

@@ -0,0 +1,49 @@
+package db
+
+import (
+	"context"
+	"fmt"
+	"time"
+
+	logger "github.com/sirupsen/logrus"
+)
+
+//BlacklistedToken - struct representing a token to be blacklisted (logout)
+type BlacklistedToken struct {
+	ID             int       `db:"id" json:"id"`
+	UserID         float64   `db:"user_id" json:"user_id"`
+	Token          string    `db:"token" json:"token"`
+	ExpirationDate time.Time `db:"expiration_date" json:"expiration_date"`
+}
+
+const (
+	insertBlacklistedToken = `INSERT INTO user_blacklisted_tokens
+(user_id, token, expiration_date)
+VALUES ($1, $2, $3)`
+)
+
+//CreateBlacklistedToken function to insert the blacklisted token in database
+func (s *pgStore) CreateBlacklistedToken(ctx context.Context, token BlacklistedToken) (err error) {
+	_, err = s.db.Exec(insertBlacklistedToken, token.UserID, token.Token, token.ExpirationDate)
+
+	if err != nil {
+		errMsg := fmt.Sprintf("Error inserting the blacklisted token for user with id %v", token.UserID)
+		logger.WithField("err", err.Error()).Error(errMsg)
+		return
+	}
+	return
+}
+
+//CheckBlacklistedToken function to check if token is blacklisted earlier
+func (s *pgStore) CheckBlacklistedToken(ctx context.Context, token string) (bool, int) {
+
+	var userID int
+	query1 := fmt.Sprintf("SELECT user_id FROM user_blacklisted_tokens WHERE token='%s'", token)
+	err := s.db.QueryRow(query1).Scan(&userID)
+
+	if err != nil {
+		logger.WithField("err", err.Error()).Error("Either Query Failed or No Rows Found")
+		return false, -1
+	}
+	return true, userID
+}

go.mod

@@ -3,13 +3,16 @@ module joshsoftware/go-e-commerce
 go 1.14
 
 require (
+	github.com/dgrijalva/jwt-go v3.2.0+incompatible
 	github.com/gorilla/mux v1.8.0
 	github.com/jmoiron/sqlx v1.2.0
 	github.com/lib/pq v1.8.0
 	github.com/mattes/migrate v3.0.1+incompatible
+	github.com/rs/cors v1.7.0
 	github.com/sirupsen/logrus v1.6.0
 	github.com/spf13/viper v1.7.1
 	github.com/stretchr/testify v1.6.1
 	github.com/urfave/cli v1.22.4
 	github.com/urfave/negroni v1.0.0
+	golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5
 )

go.sum

@@ -35,6 +35,7 @@ github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:ma
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/dgrijalva/jwt-go v3.2.0+incompatible h1:7qlOGliEKZXTDg6OTjfoBKDXWrumCAMpl/TFQ4/5kLM=
 github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
 github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no=
 github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
@@ -154,6 +155,8 @@ github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7z
 github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU=
 github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg=
 github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
+github.com/rs/cors v1.7.0 h1:+88SsELBHx5r+hZ8TCkggzSstaWNbDvThkVK8H6f9ik=
+github.com/rs/cors v1.7.0/go.mod h1:gFx+x8UowdsKA9AchylcLynDq+nNFfI8FkUZdN/jGCU=
 github.com/russross/blackfriday/v2 v2.0.1 h1:lPqVAte+HuHNfhJ/0LC98ESWRz8afy9tM/0RK8m9o+Q=
 github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
@@ -203,6 +206,7 @@ golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnf
 golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5 h1:58fnuSXlxZmFdJyvtTFVmVhcMLU6v5fEb/ok4wyqtNU=
 golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=

main.go

@@ -5,6 +5,7 @@ package main
 
 import (
 	"fmt"
+	"github.com/rs/cors"
 	"joshsoftware/go-e-commerce/config"
 	"joshsoftware/go-e-commerce/db"
 	"joshsoftware/go-e-commerce/service"
@@ -70,6 +71,13 @@ func startApp() (err error) {
 		return
 	}
 
+	c := cors.New(cors.Options{
+		AllowedOrigins:   []string{"*"},
+		AllowedMethods:   []string{"POST", "GET", "DELETE", "PUT", "PATCH", "OPTIONS"},
+		AllowCredentials: true,
+		Debug:            true,
+	})
+
 	deps := service.Dependencies{
 		Store: store,
 	}
@@ -79,6 +87,7 @@ func startApp() (err error) {
 
 	// init web server
 	server := negroni.Classic()
+	server.Use(c)
 	server.UseHandler(router)
 
 	port := config.AppPort() // This can be changed to the service port number via environment variable.

migrations/1587381324_create_users.up.sql

@@ -1,4 +1,13 @@
-CREATE TABLE users (
-  name text,
-  age integer
-);
+CREATE TABLE IF NOT EXISTS users (
+  id SERIAL NOT NULL PRIMARY KEY,
+  first_name VARCHAR(255) NOT NULL,
+  last_name VARCHAR(255),
+  email VARCHAR(255) NOT NULL UNIQUE,
+  mobile VARCHAR(20),
+  country VARCHAR(100),
+  state VARCHAR(100),
+  city VARCHAR(100),
+  address TEXT,
+  password TEXT,  
+  created_at TIMESTAMP DEFAULT (NOW() AT TIME ZONE 'UTC')
+);

migrations/1599589830_blacklisted_tokens.down.sql

@@ -0,0 +1 @@
+DROP TABLE IF EXISTS user_blacklisted_tokens;