Forem: George The latest articles on Forem by George (@39george). https://forem.com/39george https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F2780956%2F1484679c-94f1-4248-aa73-b07e32c2015a.jpeg Forem: George https://forem.com/39george en User authentication in go George Thu, 30 Jan 2025 13:21:22 +0000 https://forem.com/39george/user-authentication-in-go-nm7 https://forem.com/39george/user-authentication-in-go-nm7 <p>User authentication and authorization are fundamental concepts in building secure applications. They ensure that only authorized users can access specific resources or functionalities within your application.</p> <p>This article dives into these concepts and explores how Golang packages like Authpher can simplify their implementation.</p> <h2> Let's start! </h2> <p>To effectively manage user authentication and authorization, we need to consider how to store user data and handle user sessions.</p> <ul> <li>User Data Storage: In this example, we'll utilize a PostgreSQL database to securely store user information, such as usernames, passwords, and associated permissions.</li> <li>Session Management: To enhance user experience, we'll implement session caching using Redis. This allows users to authenticate once and have their session information stored in Redis for subsequent requests. A unique session token will be securely stored in the user's browser cookie, enabling seamless identification and access to their session data.</li> </ul> <p>To simplify things, we will use <a href="https://github.com/gin-gonic/gin" rel="noopener noreferrer">gin</a> framework and several additional packages:</p> <ul> <li> <a href="https://github.com/jackc/pgx" rel="noopener noreferrer">pgx</a> - postgreSQL driver and toolkit for Go.</li> <li> <a href="https://github.com/sqlc-dev/sqlc" rel="noopener noreferrer">sqlc</a> - type-safe code from SQL generator.</li> <li> <a href="https://github.com/redis/go-redis" rel="noopener noreferrer">go-redis</a> - redis Go client.</li> <li> <a href="https://github.com/alexedwards/scs" rel="noopener noreferrer">scs</a> - HTTP Session Management for Go.</li> <li> <a href="https://github.com/39george/scs_gin_adapter" rel="noopener noreferrer">scs_gin_adapter</a> - a tiny adapter for using scs with gin.</li> <li> <a href="https://github.com/39george/scs_redisstore" rel="noopener noreferrer">scs_redisstore</a> - go-redis store for scs.</li> <li> <a href="https://github.com/39george/authpher" rel="noopener noreferrer">authpher</a> - user identification, authentication, and authorization for Go.</li> </ul> <h2> Prepare storage </h2> <p>Create <code>any-name</code> project directory, in my example, it will be <code>auth_example</code>.<br> Run <code>go mod init auth_example</code> to create go module for our project.</p> <p>We will use awesome <a href="https://github.com/amacneil/dbmate" rel="noopener noreferrer">dbmate</a> migration tool for our migrations.</p> <p>Run in the terminal in our project root:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>dbmate new init_migration </code></pre> </div> <p>Output:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>Creating migration: db/migrations/20250129053023_init_migration.sql </code></pre> </div> <p>Lets write our first database migration:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="c1">-- migrate:up</span> <span class="k">CREATE</span> <span class="n">EXTENSION</span> <span class="n">IF</span> <span class="k">NOT</span> <span class="k">EXISTS</span> <span class="n">citext</span><span class="p">;</span> <span class="k">CREATE</span> <span class="k">TABLE</span> <span class="n">users</span> <span class="p">(</span> <span class="n">id</span> <span class="nb">SERIAL</span> <span class="k">PRIMARY</span> <span class="k">KEY</span><span class="p">,</span> <span class="n">created_at</span> <span class="nb">TIMESTAMP</span> <span class="k">WITH</span> <span class="nb">TIME</span> <span class="k">ZONE</span> <span class="k">NOT</span> <span class="k">NULL</span> <span class="k">DEFAULT</span> <span class="k">CURRENT_TIMESTAMP</span><span class="p">,</span> <span class="n">updated_at</span> <span class="nb">TIMESTAMP</span> <span class="k">WITH</span> <span class="nb">TIME</span> <span class="k">ZONE</span> <span class="k">NOT</span> <span class="k">NULL</span> <span class="k">DEFAULT</span> <span class="k">CURRENT_TIMESTAMP</span><span class="p">,</span> <span class="n">username</span> <span class="nb">VARCHAR</span><span class="p">(</span><span class="mi">50</span><span class="p">)</span> <span class="k">NOT</span> <span class="k">NULL</span><span class="p">,</span> <span class="n">password_hash</span> <span class="nb">VARCHAR</span><span class="p">(</span><span class="mi">500</span><span class="p">)</span> <span class="k">NOT</span> <span class="k">NULL</span><span class="p">,</span> <span class="c1">-- Ensure case insensitive uniqueness with CITEXT type</span> <span class="n">email</span> <span class="n">CITEXT</span> <span class="k">UNIQUE</span> <span class="k">NOT</span> <span class="k">NULL</span> <span class="p">);</span> <span class="k">CREATE</span> <span class="k">TABLE</span> <span class="n">groups</span> <span class="p">(</span> <span class="n">id</span> <span class="nb">SERIAL</span> <span class="k">PRIMARY</span> <span class="k">KEY</span><span class="p">,</span> <span class="n">name</span> <span class="nb">VARCHAR</span><span class="p">(</span><span class="mi">50</span><span class="p">)</span> <span class="k">NOT</span> <span class="k">NULL</span> <span class="k">UNIQUE</span> <span class="p">);</span> <span class="k">CREATE</span> <span class="k">TABLE</span> <span class="n">permissions</span> <span class="p">(</span> <span class="n">id</span> <span class="nb">SERIAL</span> <span class="k">PRIMARY</span> <span class="k">KEY</span><span class="p">,</span> <span class="n">name</span> <span class="nb">VARCHAR</span><span class="p">(</span><span class="mi">50</span><span class="p">)</span> <span class="k">NOT</span> <span class="k">NULL</span> <span class="k">UNIQUE</span> <span class="p">);</span> <span class="c1">-- Create `users_groups` table for many-to-many</span> <span class="c1">-- relationships between users and groups.</span> <span class="k">CREATE</span> <span class="k">TABLE</span> <span class="n">user_groups</span> <span class="p">(</span> <span class="n">user_id</span> <span class="nb">INTEGER</span> <span class="k">REFERENCES</span> <span class="n">users</span><span class="p">(</span><span class="n">id</span><span class="p">)</span> <span class="k">ON</span> <span class="k">DELETE</span> <span class="k">CASCADE</span><span class="p">,</span> <span class="n">group_id</span> <span class="nb">INTEGER</span> <span class="k">REFERENCES</span> <span class="n">groups</span><span class="p">(</span><span class="n">id</span><span class="p">)</span> <span class="k">ON</span> <span class="k">DELETE</span> <span class="k">RESTRICT</span><span class="p">,</span> <span class="k">PRIMARY</span> <span class="k">KEY</span> <span class="p">(</span><span class="n">user_id</span><span class="p">,</span> <span class="n">group_id</span><span class="p">)</span> <span class="p">);</span> <span class="c1">-- Create `groups_permissions` table for many-to-many relationships</span> <span class="c1">-- between groups and permissions.</span> <span class="k">CREATE</span> <span class="k">TABLE</span> <span class="n">group_permissions</span> <span class="p">(</span> <span class="n">group_id</span> <span class="nb">INTEGER</span> <span class="k">REFERENCES</span> <span class="n">groups</span><span class="p">(</span><span class="n">id</span><span class="p">)</span> <span class="k">ON</span> <span class="k">DELETE</span> <span class="k">CASCADE</span><span class="p">,</span> <span class="n">permission_id</span> <span class="nb">INTEGER</span> <span class="k">REFERENCES</span> <span class="n">permissions</span><span class="p">(</span><span class="n">id</span><span class="p">)</span> <span class="k">ON</span> <span class="k">DELETE</span> <span class="k">CASCADE</span><span class="p">,</span> <span class="k">PRIMARY</span> <span class="k">KEY</span> <span class="p">(</span><span class="n">group_id</span><span class="p">,</span> <span class="n">permission_id</span><span class="p">)</span> <span class="p">);</span> <span class="c1">-- Insert "users" and "administrators" groups.</span> <span class="k">INSERT</span> <span class="k">INTO</span> <span class="n">groups</span> <span class="p">(</span><span class="n">name</span><span class="p">)</span> <span class="k">VALUES</span> <span class="p">(</span><span class="s1">'group.administrators'</span><span class="p">);</span> <span class="k">INSERT</span> <span class="k">INTO</span> <span class="n">groups</span> <span class="p">(</span><span class="n">name</span><span class="p">)</span> <span class="k">VALUES</span> <span class="p">(</span><span class="s1">'group.users-starter'</span><span class="p">);</span> <span class="k">INSERT</span> <span class="k">INTO</span> <span class="n">groups</span> <span class="p">(</span><span class="n">name</span><span class="p">)</span> <span class="k">VALUES</span> <span class="p">(</span><span class="s1">'group.users-medium'</span><span class="p">);</span> <span class="k">INSERT</span> <span class="k">INTO</span> <span class="n">groups</span> <span class="p">(</span><span class="n">name</span><span class="p">)</span> <span class="k">VALUES</span> <span class="p">(</span><span class="s1">'group.users-pro'</span><span class="p">);</span> <span class="c1">-- Insert individual permissions.</span> <span class="k">INSERT</span> <span class="k">INTO</span> <span class="n">permissions</span> <span class="p">(</span><span class="n">name</span><span class="p">)</span> <span class="k">VALUES</span> <span class="p">(</span><span class="s1">'administrator'</span><span class="p">);</span> <span class="k">INSERT</span> <span class="k">INTO</span> <span class="n">permissions</span> <span class="p">(</span><span class="n">name</span><span class="p">)</span> <span class="k">VALUES</span> <span class="p">(</span><span class="s1">'starter'</span><span class="p">);</span> <span class="k">INSERT</span> <span class="k">INTO</span> <span class="n">permissions</span> <span class="p">(</span><span class="n">name</span><span class="p">)</span> <span class="k">VALUES</span> <span class="p">(</span><span class="s1">'medium'</span><span class="p">);</span> <span class="k">INSERT</span> <span class="k">INTO</span> <span class="n">permissions</span> <span class="p">(</span><span class="n">name</span><span class="p">)</span> <span class="k">VALUES</span> <span class="p">(</span><span class="s1">'pro'</span><span class="p">);</span> <span class="c1">-- Insert group permissions.</span> <span class="k">INSERT</span> <span class="k">INTO</span> <span class="n">group_permissions</span> <span class="p">(</span><span class="n">group_id</span><span class="p">,</span> <span class="n">permission_id</span><span class="p">)</span> <span class="k">VALUES</span> <span class="p">(</span> <span class="p">(</span><span class="k">SELECT</span> <span class="n">id</span> <span class="k">FROM</span> <span class="n">groups</span> <span class="k">WHERE</span> <span class="n">name</span> <span class="o">=</span> <span class="s1">'group.users-starter'</span><span class="p">),</span> <span class="p">(</span><span class="k">SELECT</span> <span class="n">id</span> <span class="k">FROM</span> <span class="n">permissions</span> <span class="k">WHERE</span> <span class="n">name</span> <span class="o">=</span> <span class="s1">'starter'</span><span class="p">)</span> <span class="p">),</span> <span class="p">(</span> <span class="p">(</span><span class="k">SELECT</span> <span class="n">id</span> <span class="k">FROM</span> <span class="n">groups</span> <span class="k">WHERE</span> <span class="n">name</span> <span class="o">=</span> <span class="s1">'group.users-medium'</span><span class="p">),</span> <span class="p">(</span><span class="k">SELECT</span> <span class="n">id</span> <span class="k">FROM</span> <span class="n">permissions</span> <span class="k">WHERE</span> <span class="n">name</span> <span class="o">=</span> <span class="s1">'starter'</span><span class="p">)</span> <span class="p">),</span> <span class="p">(</span> <span class="p">(</span><span class="k">SELECT</span> <span class="n">id</span> <span class="k">FROM</span> <span class="n">groups</span> <span class="k">WHERE</span> <span class="n">name</span> <span class="o">=</span> <span class="s1">'group.users-medium'</span><span class="p">),</span> <span class="p">(</span><span class="k">SELECT</span> <span class="n">id</span> <span class="k">FROM</span> <span class="n">permissions</span> <span class="k">WHERE</span> <span class="n">name</span> <span class="o">=</span> <span class="s1">'medium'</span><span class="p">)</span> <span class="p">),</span> <span class="p">(</span> <span class="p">(</span><span class="k">SELECT</span> <span class="n">id</span> <span class="k">FROM</span> <span class="n">groups</span> <span class="k">WHERE</span> <span class="n">name</span> <span class="o">=</span> <span class="s1">'group.users-pro'</span><span class="p">),</span> <span class="p">(</span><span class="k">SELECT</span> <span class="n">id</span> <span class="k">FROM</span> <span class="n">permissions</span> <span class="k">WHERE</span> <span class="n">name</span> <span class="o">=</span> <span class="s1">'starter'</span><span class="p">)</span> <span class="p">),</span> <span class="p">(</span> <span class="p">(</span><span class="k">SELECT</span> <span class="n">id</span> <span class="k">FROM</span> <span class="n">groups</span> <span class="k">WHERE</span> <span class="n">name</span> <span class="o">=</span> <span class="s1">'group.users-pro'</span><span class="p">),</span> <span class="p">(</span><span class="k">SELECT</span> <span class="n">id</span> <span class="k">FROM</span> <span class="n">permissions</span> <span class="k">WHERE</span> <span class="n">name</span> <span class="o">=</span> <span class="s1">'medium'</span><span class="p">)</span> <span class="p">),</span> <span class="p">(</span> <span class="p">(</span><span class="k">SELECT</span> <span class="n">id</span> <span class="k">FROM</span> <span class="n">groups</span> <span class="k">WHERE</span> <span class="n">name</span> <span class="o">=</span> <span class="s1">'group.users-pro'</span><span class="p">),</span> <span class="p">(</span><span class="k">SELECT</span> <span class="n">id</span> <span class="k">FROM</span> <span class="n">permissions</span> <span class="k">WHERE</span> <span class="n">name</span> <span class="o">=</span> <span class="s1">'pro'</span><span class="p">)</span> <span class="p">),</span> <span class="p">(</span> <span class="p">(</span><span class="k">SELECT</span> <span class="n">id</span> <span class="k">FROM</span> <span class="n">groups</span> <span class="k">WHERE</span> <span class="n">name</span> <span class="o">=</span> <span class="s1">'group.administrators'</span><span class="p">),</span> <span class="p">(</span><span class="k">SELECT</span> <span class="n">id</span> <span class="k">FROM</span> <span class="n">permissions</span> <span class="k">WHERE</span> <span class="n">name</span> <span class="o">=</span> <span class="s1">'starter'</span><span class="p">)</span> <span class="p">),</span> <span class="p">(</span> <span class="p">(</span><span class="k">SELECT</span> <span class="n">id</span> <span class="k">FROM</span> <span class="n">groups</span> <span class="k">WHERE</span> <span class="n">name</span> <span class="o">=</span> <span class="s1">'group.administrators'</span><span class="p">),</span> <span class="p">(</span><span class="k">SELECT</span> <span class="n">id</span> <span class="k">FROM</span> <span class="n">permissions</span> <span class="k">WHERE</span> <span class="n">name</span> <span class="o">=</span> <span class="s1">'medium'</span><span class="p">)</span> <span class="p">),</span> <span class="p">(</span> <span class="p">(</span><span class="k">SELECT</span> <span class="n">id</span> <span class="k">FROM</span> <span class="n">groups</span> <span class="k">WHERE</span> <span class="n">name</span> <span class="o">=</span> <span class="s1">'group.administrators'</span><span class="p">),</span> <span class="p">(</span><span class="k">SELECT</span> <span class="n">id</span> <span class="k">FROM</span> <span class="n">permissions</span> <span class="k">WHERE</span> <span class="n">name</span> <span class="o">=</span> <span class="s1">'pro'</span><span class="p">)</span> <span class="p">),</span> <span class="p">(</span> <span class="p">(</span><span class="k">SELECT</span> <span class="n">id</span> <span class="k">FROM</span> <span class="n">groups</span> <span class="k">WHERE</span> <span class="n">name</span> <span class="o">=</span> <span class="s1">'group.administrators'</span><span class="p">),</span> <span class="p">(</span><span class="k">SELECT</span> <span class="n">id</span> <span class="k">FROM</span> <span class="n">permissions</span> <span class="k">WHERE</span> <span class="n">name</span> <span class="o">=</span> <span class="s1">'administrator'</span><span class="p">)</span> <span class="p">);</span> <span class="c1">-- migrate:down</span> <span class="k">DROP</span> <span class="k">FUNCTION</span> <span class="n">IF</span> <span class="k">EXISTS</span> <span class="n">insert_request</span><span class="p">;</span> <span class="k">DROP</span> <span class="k">TABLE</span> <span class="n">IF</span> <span class="k">EXISTS</span> <span class="n">group_permissions</span><span class="p">;</span> <span class="k">DROP</span> <span class="k">TABLE</span> <span class="n">IF</span> <span class="k">EXISTS</span> <span class="n">user_groups</span><span class="p">;</span> <span class="k">DROP</span> <span class="k">TABLE</span> <span class="n">IF</span> <span class="k">EXISTS</span> <span class="n">permissions</span><span class="p">;</span> <span class="k">DROP</span> <span class="k">TABLE</span> <span class="n">IF</span> <span class="k">EXISTS</span> <span class="n">groups</span><span class="p">;</span> <span class="k">DROP</span> <span class="k">TABLE</span> <span class="n">IF</span> <span class="k">EXISTS</span> <span class="n">users</span><span class="p">;</span> <span class="k">DROP</span> <span class="n">EXTENSION</span> <span class="n">IF</span> <span class="k">EXISTS</span> <span class="n">citext</span><span class="p">;</span> </code></pre> </div> <p>In this example, we have four groups of users with varying access levels:</p> <ul> <li> <code>Administrators</code>: Have access to all endpoints within the application.</li> <li> <code>Pro</code> Users: Have access to all endpoints intended for users.</li> <li> <code>Medium</code> Users: Have access to "starter" and "medium" level endpoints.</li> <li> <code>Starter</code> Users: Have access to only "starter" level endpoints.</li> </ul> <p>Implying that you already have postgres available (for example, in docker container), run our first migration with (use our own credentials):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>dbmate <span class="nt">--url</span> postgres://postgres:admin@pg.docker.loc/auth_example?sslmode<span class="o">=</span>disable <span class="nt">--no-dump-schema</span> up </code></pre> </div> <p>Next, let's write sql queries for retrieving our users &amp; their permissions. Here we will use <a href="https://github.com/sqlc-dev/sqlc" rel="noopener noreferrer">sqlc</a> for type-safe code generation from our sql queries, and <a href="https://github.com/jackc/pgx/v5" rel="noopener noreferrer">pgx</a> as its backend<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>go <span class="nb">install </span>github.com/sqlc-dev/sqlc/cmd/sqlc@latest go get github.com/jackc/pgx/v5 go get github.com/jackc/pgx/v5/pgxpool </code></pre> </div> <p>Create sqlc.yaml at the root of our project:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">version</span><span class="pi">:</span> <span class="s2">"</span><span class="s">2"</span> <span class="na">sql</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">engine</span><span class="pi">:</span> <span class="s2">"</span><span class="s">postgresql"</span> <span class="na">queries</span><span class="pi">:</span> <span class="s2">"</span><span class="s">db/queries"</span> <span class="na">schema</span><span class="pi">:</span> <span class="s2">"</span><span class="s">db/migrations/"</span> <span class="na">gen</span><span class="pi">:</span> <span class="na">go</span><span class="pi">:</span> <span class="na">package</span><span class="pi">:</span> <span class="s2">"</span><span class="s">sqlc"</span> <span class="c1"># Package name</span> <span class="na">out</span><span class="pi">:</span> <span class="s2">"</span><span class="s">db/sqlc"</span> <span class="c1"># Output folder</span> <span class="na">sql_package</span><span class="pi">:</span> <span class="s2">"</span><span class="s">pgx/v5"</span> <span class="c1"># Use sql types provided by pgx</span> <span class="na">emit_json_tags</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">emit_db_tags</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">emit_pointers_for_null_types</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">emit_empty_slices</span><span class="pi">:</span> <span class="kc">true</span> </code></pre> </div> <p>Then create <code>db/queries/user_auth_queries.sql</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="c1">-- name: GetAuthUserData :one</span> <span class="k">SELECT</span> <span class="n">id</span><span class="p">,</span> <span class="n">username</span><span class="p">,</span> <span class="n">password_hash</span> <span class="k">FROM</span> <span class="n">users</span> <span class="k">WHERE</span> <span class="n">username</span> <span class="o">=</span> <span class="n">sqlc</span><span class="p">.</span><span class="n">narg</span><span class="p">(</span><span class="n">username</span><span class="p">)</span> <span class="k">OR</span> <span class="n">id</span> <span class="o">=</span> <span class="n">sqlc</span><span class="p">.</span><span class="n">narg</span><span class="p">(</span><span class="n">id</span><span class="p">);</span> <span class="c1">-- name: GetUserPermissions :many</span> <span class="k">SELECT</span> <span class="k">DISTINCT</span> <span class="n">permissions</span><span class="p">.</span><span class="n">name</span> <span class="k">FROM</span> <span class="n">users</span> <span class="k">JOIN</span> <span class="n">user_groups</span> <span class="k">ON</span> <span class="n">users</span><span class="p">.</span><span class="n">id</span> <span class="o">=</span> <span class="n">user_groups</span><span class="p">.</span><span class="n">user_id</span> <span class="k">JOIN</span> <span class="n">group_permissions</span> <span class="k">ON</span> <span class="n">user_groups</span><span class="p">.</span><span class="n">group_id</span> <span class="o">=</span> <span class="n">group_permissions</span><span class="p">.</span><span class="n">group_id</span> <span class="k">JOIN</span> <span class="n">permissions</span> <span class="k">ON</span> <span class="n">group_permissions</span><span class="p">.</span><span class="n">permission_id</span> <span class="o">=</span> <span class="n">permissions</span><span class="p">.</span><span class="n">id</span> <span class="k">WHERE</span> <span class="n">users</span><span class="p">.</span><span class="n">id</span> <span class="o">=</span> <span class="err">$</span><span class="mi">1</span><span class="p">;</span> <span class="c1">-- name: InsertUserToDb :one</span> <span class="k">INSERT</span> <span class="k">INTO</span> <span class="n">users</span> <span class="p">(</span><span class="n">username</span><span class="p">,</span> <span class="n">password_hash</span><span class="p">,</span> <span class="n">email</span><span class="p">)</span> <span class="k">VALUES</span> <span class="p">(</span><span class="err">$</span><span class="mi">1</span><span class="p">,</span> <span class="err">$</span><span class="mi">2</span><span class="p">,</span> <span class="err">$</span><span class="mi">3</span><span class="p">)</span> <span class="n">RETURNING</span> <span class="n">id</span><span class="p">;</span> <span class="c1">-- name: AddUserToGroup :exec</span> <span class="k">INSERT</span> <span class="k">INTO</span> <span class="n">user_groups</span><span class="p">(</span><span class="n">user_id</span><span class="p">,</span> <span class="n">group_id</span><span class="p">)</span> <span class="k">VALUES</span> <span class="p">(</span><span class="err">$</span><span class="mi">1</span><span class="p">,</span> <span class="p">(</span> <span class="k">SELECT</span> <span class="n">id</span> <span class="k">FROM</span> <span class="n">groups</span> <span class="k">WHERE</span> <span class="n">name</span> <span class="o">=</span> <span class="err">$</span><span class="mi">2</span> <span class="p">));</span> </code></pre> </div> <p>Then run <code>sqlc generate</code> to generate go code from our queries.<br> Go code should appear in the db/sqlc folder.</p> <h2> Go logic implementation </h2> <p>Let's write some go code! Add our dependencies:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>go get github.com/gin-gonic/gin go get github.com/alexedwards/scs/v2 go get github.com/39george/scs_gin_adapter go get github.com/39george/scs_redisstore go get github.com/39george/authpher go get github.com/redis/go-redis/v9 </code></pre> </div> <p>Create <code>auth_example/internal/appstate.go</code>, it will hold our app's state:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">package</span> <span class="n">internal</span> <span class="k">import</span> <span class="p">(</span> <span class="n">ginAdapter</span> <span class="s">"github.com/39george/scs_gin_adapter"</span> <span class="s">"github.com/redis/go-redis/v9"</span> <span class="s">"auth_example/db/sqlc"</span> <span class="p">)</span> <span class="k">const</span> <span class="n">AppStateLabel</span> <span class="o">=</span> <span class="s">"auth_example.appstate"</span> <span class="c">// Should be cheap-to-copy and thread-safe for using from many requests concurrently</span> <span class="k">type</span> <span class="n">AppState</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">Sqlc</span> <span class="o">*</span><span class="n">sqlc</span><span class="o">.</span><span class="n">Queries</span> <span class="n">RedisClient</span> <span class="o">*</span><span class="n">redis</span><span class="o">.</span><span class="n">Client</span> <span class="n">Session</span> <span class="o">*</span><span class="n">ginAdapter</span><span class="o">.</span><span class="n">GinAdapter</span> <span class="p">}</span> </code></pre> </div> <p>Also we will use <a href="https://en.wikipedia.org/wiki/Argon2" rel="noopener noreferrer">argon2</a>, modern password-hashing function for securing our password, create <code>auth_example/internal/argon2/argon2.go</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">package</span> <span class="n">argon2</span> <span class="k">import</span> <span class="p">(</span> <span class="s">"crypto/rand"</span> <span class="s">"crypto/subtle"</span> <span class="s">"encoding/base64"</span> <span class="s">"errors"</span> <span class="s">"fmt"</span> <span class="s">"strings"</span> <span class="s">"golang.org/x/crypto/argon2"</span> <span class="p">)</span> <span class="k">var</span> <span class="p">(</span> <span class="n">ErrInvalidHash</span> <span class="o">=</span> <span class="n">errors</span><span class="o">.</span><span class="n">New</span><span class="p">(</span> <span class="s">"the encoded hash is not in the correct format"</span><span class="p">,</span> <span class="p">)</span> <span class="n">ErrIncompatibleVersion</span> <span class="o">=</span> <span class="n">errors</span><span class="o">.</span><span class="n">New</span><span class="p">(</span><span class="s">"incompatible version of argon2"</span><span class="p">)</span> <span class="p">)</span> <span class="k">type</span> <span class="n">params</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">memory</span> <span class="kt">uint32</span> <span class="n">iterations</span> <span class="kt">uint32</span> <span class="n">parallelism</span> <span class="kt">uint8</span> <span class="n">saltLength</span> <span class="kt">uint32</span> <span class="n">keyLength</span> <span class="kt">uint32</span> <span class="p">}</span> <span class="k">var</span> <span class="n">StdParams</span> <span class="o">=</span> <span class="n">params</span><span class="p">{</span> <span class="n">memory</span><span class="o">:</span> <span class="m">64</span> <span class="o">*</span> <span class="m">1024</span><span class="p">,</span> <span class="n">iterations</span><span class="o">:</span> <span class="m">3</span><span class="p">,</span> <span class="n">parallelism</span><span class="o">:</span> <span class="m">2</span><span class="p">,</span> <span class="n">saltLength</span><span class="o">:</span> <span class="m">16</span><span class="p">,</span> <span class="n">keyLength</span><span class="o">:</span> <span class="m">32</span><span class="p">,</span> <span class="p">}</span> <span class="k">var</span> <span class="n">LightParams</span> <span class="o">=</span> <span class="n">params</span><span class="p">{</span> <span class="n">memory</span><span class="o">:</span> <span class="m">15000</span><span class="p">,</span> <span class="n">iterations</span><span class="o">:</span> <span class="m">2</span><span class="p">,</span> <span class="n">parallelism</span><span class="o">:</span> <span class="m">1</span><span class="p">,</span> <span class="n">saltLength</span><span class="o">:</span> <span class="m">16</span><span class="p">,</span> <span class="n">keyLength</span><span class="o">:</span> <span class="m">32</span><span class="p">,</span> <span class="p">}</span> <span class="k">func</span> <span class="n">GenWithParams</span><span class="p">(</span><span class="n">p</span> <span class="n">params</span><span class="p">,</span> <span class="n">pass</span> <span class="kt">string</span><span class="p">)</span> <span class="p">(</span><span class="kt">string</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span> <span class="c">// Generate a cryptographically secure random salt.</span> <span class="n">salt</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">generateRandomBytes</span><span class="p">(</span><span class="n">p</span><span class="o">.</span><span class="n">saltLength</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="s">""</span><span class="p">,</span> <span class="n">err</span> <span class="p">}</span> <span class="n">hash</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">generateFromPassword</span><span class="p">(</span><span class="n">salt</span><span class="p">,</span> <span class="n">pass</span><span class="p">,</span> <span class="o">&amp;</span><span class="n">p</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="s">""</span><span class="p">,</span> <span class="n">err</span> <span class="p">}</span> <span class="c">// Encode salt and hash using Base64</span> <span class="n">encodedSalt</span> <span class="o">:=</span> <span class="n">base64</span><span class="o">.</span><span class="n">RawStdEncoding</span><span class="o">.</span><span class="n">EncodeToString</span><span class="p">(</span><span class="n">salt</span><span class="p">)</span> <span class="n">encodedHash</span> <span class="o">:=</span> <span class="n">base64</span><span class="o">.</span><span class="n">RawStdEncoding</span><span class="o">.</span><span class="n">EncodeToString</span><span class="p">(</span><span class="n">hash</span><span class="p">)</span> <span class="c">// Construct the Argon2 hash format</span> <span class="n">hashString</span> <span class="o">:=</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Sprintf</span><span class="p">(</span><span class="s">"$argon2id$v=19$m=%d,t=%d,p=%d$%s$%s"</span><span class="p">,</span> <span class="n">p</span><span class="o">.</span><span class="n">memory</span><span class="p">,</span> <span class="n">p</span><span class="o">.</span><span class="n">iterations</span><span class="p">,</span> <span class="n">p</span><span class="o">.</span><span class="n">parallelism</span><span class="p">,</span> <span class="n">encodedSalt</span><span class="p">,</span> <span class="n">encodedHash</span><span class="p">)</span> <span class="k">return</span> <span class="n">hashString</span><span class="p">,</span> <span class="no">nil</span> <span class="p">}</span> <span class="k">func</span> <span class="n">ComparePasswordAndHash</span><span class="p">(</span> <span class="n">password</span><span class="p">,</span> <span class="n">encodedHash</span> <span class="kt">string</span><span class="p">,</span> <span class="p">)</span> <span class="p">(</span><span class="n">match</span> <span class="kt">bool</span><span class="p">,</span> <span class="n">err</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span> <span class="c">// Extract the parameters, salt and derived key from the encoded password</span> <span class="c">// hash.</span> <span class="n">p</span><span class="p">,</span> <span class="n">salt</span><span class="p">,</span> <span class="n">hash</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">decodeHash</span><span class="p">(</span><span class="n">encodedHash</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="no">false</span><span class="p">,</span> <span class="n">err</span> <span class="p">}</span> <span class="c">// Derive the key from the other password using the same parameters.</span> <span class="n">otherHash</span> <span class="o">:=</span> <span class="n">argon2</span><span class="o">.</span><span class="n">IDKey</span><span class="p">(</span> <span class="p">[]</span><span class="kt">byte</span><span class="p">(</span><span class="n">password</span><span class="p">),</span> <span class="n">salt</span><span class="p">,</span> <span class="n">p</span><span class="o">.</span><span class="n">iterations</span><span class="p">,</span> <span class="n">p</span><span class="o">.</span><span class="n">memory</span><span class="p">,</span> <span class="n">p</span><span class="o">.</span><span class="n">parallelism</span><span class="p">,</span> <span class="n">p</span><span class="o">.</span><span class="n">keyLength</span><span class="p">,</span> <span class="p">)</span> <span class="c">// Check that the contents of the hashed passwords are identical. Note</span> <span class="c">// that we are using the subtle.ConstantTimeCompare() function for this</span> <span class="c">// to help prevent timing attacks.</span> <span class="k">if</span> <span class="n">subtle</span><span class="o">.</span><span class="n">ConstantTimeCompare</span><span class="p">(</span><span class="n">hash</span><span class="p">,</span> <span class="n">otherHash</span><span class="p">)</span> <span class="o">==</span> <span class="m">1</span> <span class="p">{</span> <span class="k">return</span> <span class="no">true</span><span class="p">,</span> <span class="no">nil</span> <span class="p">}</span> <span class="k">return</span> <span class="no">false</span><span class="p">,</span> <span class="no">nil</span> <span class="p">}</span> <span class="k">func</span> <span class="n">generateFromPassword</span><span class="p">(</span> <span class="n">salt</span> <span class="p">[]</span><span class="kt">byte</span><span class="p">,</span> <span class="n">password</span> <span class="kt">string</span><span class="p">,</span> <span class="n">p</span> <span class="o">*</span><span class="n">params</span><span class="p">,</span> <span class="p">)</span> <span class="p">(</span><span class="n">hash</span> <span class="p">[]</span><span class="kt">byte</span><span class="p">,</span> <span class="n">err</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span> <span class="c">// Pass the plaintext password, salt and parameters to the argon2.IDKey</span> <span class="c">// function. This will generate a hash of the password using the Argon2id</span> <span class="c">// variant.</span> <span class="n">hash</span> <span class="o">=</span> <span class="n">argon2</span><span class="o">.</span><span class="n">IDKey</span><span class="p">(</span> <span class="p">[]</span><span class="kt">byte</span><span class="p">(</span><span class="n">password</span><span class="p">),</span> <span class="n">salt</span><span class="p">,</span> <span class="n">p</span><span class="o">.</span><span class="n">iterations</span><span class="p">,</span> <span class="n">p</span><span class="o">.</span><span class="n">memory</span><span class="p">,</span> <span class="n">p</span><span class="o">.</span><span class="n">parallelism</span><span class="p">,</span> <span class="n">p</span><span class="o">.</span><span class="n">keyLength</span><span class="p">,</span> <span class="p">)</span> <span class="k">return</span> <span class="n">hash</span><span class="p">,</span> <span class="no">nil</span> <span class="p">}</span> <span class="k">func</span> <span class="n">generateRandomBytes</span><span class="p">(</span><span class="n">n</span> <span class="kt">uint32</span><span class="p">)</span> <span class="p">([]</span><span class="kt">byte</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span> <span class="n">b</span> <span class="o">:=</span> <span class="nb">make</span><span class="p">([]</span><span class="kt">byte</span><span class="p">,</span> <span class="n">n</span><span class="p">)</span> <span class="n">_</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">rand</span><span class="o">.</span><span class="n">Read</span><span class="p">(</span><span class="n">b</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">err</span> <span class="p">}</span> <span class="k">return</span> <span class="n">b</span><span class="p">,</span> <span class="no">nil</span> <span class="p">}</span> <span class="k">func</span> <span class="n">decodeHash</span><span class="p">(</span><span class="n">encodedHash</span> <span class="kt">string</span><span class="p">)</span> <span class="p">(</span><span class="n">p</span> <span class="o">*</span><span class="n">params</span><span class="p">,</span> <span class="n">salt</span><span class="p">,</span> <span class="n">hash</span> <span class="p">[]</span><span class="kt">byte</span><span class="p">,</span> <span class="n">err</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span> <span class="n">vals</span> <span class="o">:=</span> <span class="n">strings</span><span class="o">.</span><span class="n">Split</span><span class="p">(</span><span class="n">encodedHash</span><span class="p">,</span> <span class="s">"$"</span><span class="p">)</span> <span class="k">if</span> <span class="nb">len</span><span class="p">(</span><span class="n">vals</span><span class="p">)</span> <span class="o">!=</span> <span class="m">6</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="no">nil</span><span class="p">,</span> <span class="no">nil</span><span class="p">,</span> <span class="n">ErrInvalidHash</span> <span class="p">}</span> <span class="k">var</span> <span class="n">version</span> <span class="kt">int</span> <span class="n">_</span><span class="p">,</span> <span class="n">err</span> <span class="o">=</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Sscanf</span><span class="p">(</span><span class="n">vals</span><span class="p">[</span><span class="m">2</span><span class="p">],</span> <span class="s">"v=%d"</span><span class="p">,</span> <span class="o">&amp;</span><span class="n">version</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="no">nil</span><span class="p">,</span> <span class="no">nil</span><span class="p">,</span> <span class="n">err</span> <span class="p">}</span> <span class="k">if</span> <span class="n">version</span> <span class="o">!=</span> <span class="n">argon2</span><span class="o">.</span><span class="n">Version</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="no">nil</span><span class="p">,</span> <span class="no">nil</span><span class="p">,</span> <span class="n">ErrIncompatibleVersion</span> <span class="p">}</span> <span class="n">p</span> <span class="o">=</span> <span class="o">&amp;</span><span class="n">params</span><span class="p">{}</span> <span class="n">_</span><span class="p">,</span> <span class="n">err</span> <span class="o">=</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Sscanf</span><span class="p">(</span> <span class="n">vals</span><span class="p">[</span><span class="m">3</span><span class="p">],</span> <span class="s">"m=%d,t=%d,p=%d"</span><span class="p">,</span> <span class="o">&amp;</span><span class="n">p</span><span class="o">.</span><span class="n">memory</span><span class="p">,</span> <span class="o">&amp;</span><span class="n">p</span><span class="o">.</span><span class="n">iterations</span><span class="p">,</span> <span class="o">&amp;</span><span class="n">p</span><span class="o">.</span><span class="n">parallelism</span><span class="p">,</span> <span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="no">nil</span><span class="p">,</span> <span class="no">nil</span><span class="p">,</span> <span class="n">err</span> <span class="p">}</span> <span class="n">salt</span><span class="p">,</span> <span class="n">err</span> <span class="o">=</span> <span class="n">base64</span><span class="o">.</span><span class="n">RawStdEncoding</span><span class="o">.</span><span class="n">Strict</span><span class="p">()</span><span class="o">.</span><span class="n">DecodeString</span><span class="p">(</span><span class="n">vals</span><span class="p">[</span><span class="m">4</span><span class="p">])</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="no">nil</span><span class="p">,</span> <span class="no">nil</span><span class="p">,</span> <span class="n">err</span> <span class="p">}</span> <span class="n">p</span><span class="o">.</span><span class="n">saltLength</span> <span class="o">=</span> <span class="kt">uint32</span><span class="p">(</span><span class="nb">len</span><span class="p">(</span><span class="n">salt</span><span class="p">))</span> <span class="n">hash</span><span class="p">,</span> <span class="n">err</span> <span class="o">=</span> <span class="n">base64</span><span class="o">.</span><span class="n">RawStdEncoding</span><span class="o">.</span><span class="n">Strict</span><span class="p">()</span><span class="o">.</span><span class="n">DecodeString</span><span class="p">(</span><span class="n">vals</span><span class="p">[</span><span class="m">5</span><span class="p">])</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="no">nil</span><span class="p">,</span> <span class="no">nil</span><span class="p">,</span> <span class="n">err</span> <span class="p">}</span> <span class="n">p</span><span class="o">.</span><span class="n">keyLength</span> <span class="o">=</span> <span class="kt">uint32</span><span class="p">(</span><span class="nb">len</span><span class="p">(</span><span class="n">hash</span><span class="p">))</span> <span class="k">return</span> <span class="n">p</span><span class="p">,</span> <span class="n">salt</span><span class="p">,</span> <span class="n">hash</span><span class="p">,</span> <span class="no">nil</span> <span class="p">}</span> </code></pre> </div> <p>Next step, we will implement our actual authentication backend, create <code>auth_example/internal/auth/backend.go</code>, we could just fetch user data from postgres, but for reducing database read rate we will cache that data for limited time in redis:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">package</span> <span class="n">auth</span> <span class="k">import</span> <span class="p">(</span> <span class="s">"context"</span> <span class="s">"errors"</span> <span class="s">"fmt"</span> <span class="s">"time"</span> <span class="s">"log/slog"</span> <span class="s">"strconv"</span> <span class="s">"github.com/39george/authpher"</span> <span class="n">mapset</span> <span class="s">"github.com/deckarep/golang-set/v2"</span> <span class="s">"github.com/jackc/pgx/v5"</span> <span class="s">"github.com/redis/go-redis/v9"</span> <span class="s">"auth_example/db/sqlc"</span> <span class="s">"auth_example/internal/argon2"</span> <span class="p">)</span> <span class="k">type</span> <span class="n">User</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">ID</span> <span class="kt">int32</span> <span class="s">`json:"id"`</span> <span class="n">Username</span> <span class="kt">string</span> <span class="s">`json:"username"`</span> <span class="n">PasswordHash</span> <span class="kt">string</span> <span class="s">`json:"password_hash"`</span> <span class="p">}</span> <span class="k">func</span> <span class="n">UserFromMap</span><span class="p">(</span><span class="n">m</span> <span class="k">map</span><span class="p">[</span><span class="kt">string</span><span class="p">]</span><span class="kt">string</span><span class="p">)</span> <span class="p">(</span><span class="n">User</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span> <span class="k">var</span> <span class="n">user</span> <span class="n">User</span> <span class="k">if</span> <span class="nb">len</span><span class="p">(</span><span class="n">m</span><span class="p">)</span> <span class="o">==</span> <span class="m">0</span> <span class="p">{</span> <span class="k">return</span> <span class="n">user</span><span class="p">,</span> <span class="n">errors</span><span class="o">.</span><span class="n">New</span><span class="p">(</span><span class="s">"map len is 0"</span><span class="p">)</span> <span class="p">}</span> <span class="n">idS</span><span class="p">,</span> <span class="n">ok</span> <span class="o">:=</span> <span class="n">m</span><span class="p">[</span><span class="s">"id"</span><span class="p">]</span> <span class="k">if</span> <span class="o">!</span><span class="n">ok</span> <span class="p">{</span> <span class="k">return</span> <span class="n">user</span><span class="p">,</span> <span class="n">errors</span><span class="o">.</span><span class="n">New</span><span class="p">(</span><span class="s">"id field not found"</span><span class="p">)</span> <span class="p">}</span> <span class="n">id</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">strconv</span><span class="o">.</span><span class="n">Atoi</span><span class="p">(</span><span class="n">idS</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="p">}</span> <span class="n">username</span><span class="p">,</span> <span class="n">ok</span> <span class="o">:=</span> <span class="n">m</span><span class="p">[</span><span class="s">"username"</span><span class="p">]</span> <span class="k">if</span> <span class="o">!</span><span class="n">ok</span> <span class="p">{</span> <span class="k">return</span> <span class="n">user</span><span class="p">,</span> <span class="n">errors</span><span class="o">.</span><span class="n">New</span><span class="p">(</span><span class="s">"username field not found"</span><span class="p">)</span> <span class="p">}</span> <span class="n">passwordHash</span><span class="p">,</span> <span class="n">ok</span> <span class="o">:=</span> <span class="n">m</span><span class="p">[</span><span class="s">"password_hash"</span><span class="p">]</span> <span class="k">if</span> <span class="o">!</span><span class="n">ok</span> <span class="p">{</span> <span class="k">return</span> <span class="n">user</span><span class="p">,</span> <span class="n">errors</span><span class="o">.</span><span class="n">New</span><span class="p">(</span><span class="s">"password_hash field not found"</span><span class="p">)</span> <span class="p">}</span> <span class="k">return</span> <span class="n">User</span><span class="p">{</span><span class="kt">int32</span><span class="p">(</span><span class="n">id</span><span class="p">),</span> <span class="n">username</span><span class="p">,</span> <span class="n">passwordHash</span><span class="p">},</span> <span class="no">nil</span> <span class="p">}</span> <span class="k">func</span> <span class="p">(</span><span class="n">u</span> <span class="o">*</span><span class="n">User</span><span class="p">)</span> <span class="n">IntoMap</span><span class="p">()</span> <span class="k">map</span><span class="p">[</span><span class="kt">string</span><span class="p">]</span><span class="kt">string</span> <span class="p">{</span> <span class="k">return</span> <span class="k">map</span><span class="p">[</span><span class="kt">string</span><span class="p">]</span><span class="kt">string</span><span class="p">{</span> <span class="s">"id"</span><span class="o">:</span> <span class="n">strconv</span><span class="o">.</span><span class="n">Itoa</span><span class="p">(</span><span class="kt">int</span><span class="p">(</span><span class="n">u</span><span class="o">.</span><span class="n">ID</span><span class="p">)),</span> <span class="s">"username"</span><span class="o">:</span> <span class="n">u</span><span class="o">.</span><span class="n">Username</span><span class="p">,</span> <span class="s">"password_hash"</span><span class="o">:</span> <span class="n">u</span><span class="o">.</span><span class="n">PasswordHash</span><span class="p">,</span> <span class="p">}</span> <span class="p">}</span> <span class="k">func</span> <span class="p">(</span><span class="n">u</span> <span class="o">*</span><span class="n">User</span><span class="p">)</span> <span class="n">UserId</span><span class="p">()</span> <span class="n">any</span> <span class="p">{</span> <span class="k">return</span> <span class="n">u</span><span class="o">.</span><span class="n">ID</span> <span class="p">}</span> <span class="k">func</span> <span class="p">(</span><span class="n">u</span> <span class="o">*</span><span class="n">User</span><span class="p">)</span> <span class="n">SessionAuthHash</span><span class="p">()</span> <span class="p">[]</span><span class="kt">byte</span> <span class="p">{</span> <span class="k">return</span> <span class="p">[]</span><span class="kt">byte</span><span class="p">(</span><span class="n">u</span><span class="o">.</span><span class="n">PasswordHash</span><span class="p">)</span> <span class="p">}</span> <span class="k">type</span> <span class="n">Credentials</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">Username</span> <span class="kt">string</span> <span class="s">`form:"username" json:"username"`</span> <span class="n">Password</span> <span class="kt">string</span> <span class="s">`form:"password" json:"password"`</span> <span class="n">Email</span> <span class="kt">string</span> <span class="s">`form:"email" json:"email"`</span> <span class="n">Group</span> <span class="kt">string</span> <span class="s">`form:"group" json:"group"`</span> <span class="p">}</span> <span class="k">type</span> <span class="n">MyBackend</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">PgPool</span> <span class="o">*</span><span class="n">sqlc</span><span class="o">.</span><span class="n">Queries</span> <span class="n">RedisPool</span> <span class="o">*</span><span class="n">redis</span><span class="o">.</span><span class="n">Client</span> <span class="p">}</span> <span class="k">func</span> <span class="p">(</span><span class="n">mb</span> <span class="n">MyBackend</span><span class="p">)</span> <span class="n">Authenticate</span><span class="p">(</span> <span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">,</span> <span class="n">creds</span> <span class="n">Credentials</span><span class="p">,</span> <span class="p">)</span> <span class="p">(</span><span class="n">authpher</span><span class="o">.</span><span class="n">AuthUser</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span> <span class="c">// Get user data by username</span> <span class="n">data</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">mb</span><span class="o">.</span><span class="n">PgPool</span><span class="o">.</span><span class="n">GetAuthUserData</span><span class="p">(</span> <span class="n">ctx</span><span class="p">,</span> <span class="n">sqlc</span><span class="o">.</span><span class="n">GetAuthUserDataParams</span><span class="p">{</span><span class="n">Username</span><span class="o">:</span> <span class="o">&amp;</span><span class="n">creds</span><span class="o">.</span><span class="n">Username</span><span class="p">},</span> <span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Errorf</span><span class="p">(</span> <span class="s">"failed to get auth user data for %v, %w"</span><span class="p">,</span> <span class="n">creds</span><span class="p">,</span> <span class="n">err</span><span class="p">,</span> <span class="p">)</span> <span class="p">}</span> <span class="c">// Run argon2 verification</span> <span class="n">user</span> <span class="o">:=</span> <span class="n">User</span><span class="p">(</span><span class="n">data</span><span class="p">)</span> <span class="n">match</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">argon2</span><span class="o">.</span><span class="n">ComparePasswordAndHash</span><span class="p">(</span> <span class="n">creds</span><span class="o">.</span><span class="n">Password</span><span class="p">,</span> <span class="n">user</span><span class="o">.</span><span class="n">PasswordHash</span><span class="p">,</span> <span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">err</span> <span class="p">}</span> <span class="k">if</span> <span class="n">match</span> <span class="p">{</span> <span class="k">return</span> <span class="o">&amp;</span><span class="n">user</span><span class="p">,</span> <span class="no">nil</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="no">nil</span> <span class="p">}</span> <span class="p">}</span> <span class="k">func</span> <span class="p">(</span><span class="n">mb</span> <span class="n">MyBackend</span><span class="p">)</span> <span class="n">GetUser</span><span class="p">(</span> <span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">,</span> <span class="n">userId</span> <span class="n">any</span><span class="p">,</span> <span class="p">)</span> <span class="p">(</span><span class="n">authpher</span><span class="o">.</span><span class="n">AuthUser</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span> <span class="n">usrId</span> <span class="o">:=</span> <span class="n">userId</span><span class="o">.</span><span class="p">(</span><span class="kt">int32</span><span class="p">)</span> <span class="c">// Try to get user usrData by username from cache</span> <span class="n">rKey</span> <span class="o">:=</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Sprintf</span><span class="p">(</span><span class="s">"user_data_cache:%d"</span><span class="p">,</span> <span class="n">usrId</span><span class="p">)</span> <span class="n">m</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">mb</span><span class="o">.</span><span class="n">RedisPool</span><span class="o">.</span><span class="n">HGetAll</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="n">rKey</span><span class="p">)</span><span class="o">.</span><span class="n">Result</span><span class="p">()</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Errorf</span><span class="p">(</span> <span class="s">"failed to fetch user_data_cache from redis: %w"</span><span class="p">,</span> <span class="n">err</span><span class="p">,</span> <span class="p">)</span> <span class="p">}</span> <span class="k">else</span> <span class="k">if</span> <span class="nb">len</span><span class="p">(</span><span class="n">m</span><span class="p">)</span> <span class="o">!=</span> <span class="m">0</span> <span class="p">{</span> <span class="n">user</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">UserFromMap</span><span class="p">(</span><span class="n">m</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">slog</span><span class="o">.</span><span class="n">Warn</span><span class="p">(</span><span class="n">fmt</span><span class="o">.</span><span class="n">Errorf</span><span class="p">(</span><span class="s">"failed to get user from map: %w"</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span><span class="o">.</span><span class="n">Error</span><span class="p">())</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="c">// Return pointer!</span> <span class="k">return</span> <span class="o">&amp;</span><span class="n">user</span><span class="p">,</span> <span class="no">nil</span> <span class="p">}</span> <span class="p">}</span> <span class="c">// Get user usrData by username from db</span> <span class="n">usrData</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">mb</span><span class="o">.</span><span class="n">PgPool</span><span class="o">.</span><span class="n">GetAuthUserData</span><span class="p">(</span> <span class="n">ctx</span><span class="p">,</span> <span class="n">sqlc</span><span class="o">.</span><span class="n">GetAuthUserDataParams</span><span class="p">{</span><span class="n">ID</span><span class="o">:</span> <span class="o">&amp;</span><span class="n">usrId</span><span class="p">},</span> <span class="p">)</span> <span class="k">if</span> <span class="n">errors</span><span class="o">.</span><span class="n">Is</span><span class="p">(</span><span class="n">err</span><span class="p">,</span> <span class="n">pgx</span><span class="o">.</span><span class="n">ErrNoRows</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="no">nil</span> <span class="p">}</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">err</span> <span class="p">}</span> <span class="n">user</span> <span class="o">:=</span> <span class="n">User</span><span class="p">(</span><span class="n">usrData</span><span class="p">)</span> <span class="c">// Cache user</span> <span class="n">_</span><span class="p">,</span> <span class="n">err</span> <span class="o">=</span> <span class="n">mb</span><span class="o">.</span><span class="n">RedisPool</span><span class="o">.</span><span class="n">HSet</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="n">rKey</span><span class="p">,</span> <span class="n">user</span><span class="o">.</span><span class="n">IntoMap</span><span class="p">())</span><span class="o">.</span><span class="n">Result</span><span class="p">()</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">slog</span><span class="o">.</span><span class="n">Error</span><span class="p">(</span><span class="n">fmt</span><span class="o">.</span><span class="n">Errorf</span><span class="p">(</span><span class="s">"failed to cache user: %w"</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span><span class="o">.</span><span class="n">Error</span><span class="p">())</span> <span class="p">}</span> <span class="n">_</span><span class="p">,</span> <span class="n">err</span> <span class="o">=</span> <span class="n">mb</span><span class="o">.</span><span class="n">RedisPool</span><span class="o">.</span><span class="n">Expire</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="n">rKey</span><span class="p">,</span> <span class="n">time</span><span class="o">.</span><span class="n">Minute</span><span class="p">)</span><span class="o">.</span><span class="n">Result</span><span class="p">()</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">slog</span><span class="o">.</span><span class="n">Error</span><span class="p">(</span><span class="n">fmt</span><span class="o">.</span><span class="n">Errorf</span><span class="p">(</span><span class="s">"failed to set expiration: %w"</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span><span class="o">.</span><span class="n">Error</span><span class="p">())</span> <span class="p">}</span> <span class="c">// Return pointer!</span> <span class="k">return</span> <span class="o">&amp;</span><span class="n">user</span><span class="p">,</span> <span class="no">nil</span> <span class="p">}</span> <span class="k">func</span> <span class="p">(</span><span class="n">mb</span> <span class="n">MyBackend</span><span class="p">)</span> <span class="n">GetUserPermissions</span><span class="p">(</span> <span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">,</span> <span class="n">user</span> <span class="n">authpher</span><span class="o">.</span><span class="n">AuthUser</span><span class="p">,</span> <span class="p">)</span> <span class="p">(</span><span class="n">mapset</span><span class="o">.</span><span class="n">Set</span><span class="p">[</span><span class="kt">string</span><span class="p">],</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span> <span class="n">perms</span> <span class="o">:=</span> <span class="n">mapset</span><span class="o">.</span><span class="n">NewSetWithSize</span><span class="p">[</span><span class="kt">string</span><span class="p">](</span><span class="m">0</span><span class="p">)</span> <span class="k">return</span> <span class="n">perms</span><span class="p">,</span> <span class="no">nil</span> <span class="p">}</span> <span class="k">func</span> <span class="p">(</span><span class="n">mb</span> <span class="n">MyBackend</span><span class="p">)</span> <span class="n">GetGroupPermissions</span><span class="p">(</span> <span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">,</span> <span class="n">user</span> <span class="n">authpher</span><span class="o">.</span><span class="n">AuthUser</span><span class="p">,</span> <span class="p">)</span> <span class="p">(</span><span class="n">mapset</span><span class="o">.</span><span class="n">Set</span><span class="p">[</span><span class="kt">string</span><span class="p">],</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span> <span class="c">// user is pointer!</span> <span class="n">u</span> <span class="o">:=</span> <span class="n">user</span><span class="o">.</span><span class="p">(</span><span class="o">*</span><span class="n">User</span><span class="p">)</span> <span class="c">// Try to get user permissions from cache</span> <span class="n">rKey</span> <span class="o">:=</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Sprintf</span><span class="p">(</span><span class="s">"user_permissions_cache:%d"</span><span class="p">,</span> <span class="n">u</span><span class="o">.</span><span class="n">ID</span><span class="p">)</span> <span class="n">slice</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">mb</span><span class="o">.</span><span class="n">RedisPool</span><span class="o">.</span><span class="n">SMembers</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="n">rKey</span><span class="p">)</span><span class="o">.</span><span class="n">Result</span><span class="p">()</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Errorf</span><span class="p">(</span> <span class="s">"failed to fetch user_permissions_cache from redis: %w"</span><span class="p">,</span> <span class="n">err</span><span class="p">,</span> <span class="p">)</span> <span class="p">}</span> <span class="k">else</span> <span class="k">if</span> <span class="nb">len</span><span class="p">(</span><span class="n">slice</span><span class="p">)</span> <span class="o">!=</span> <span class="m">0</span> <span class="p">{</span> <span class="n">perms</span> <span class="o">:=</span> <span class="n">mapset</span><span class="o">.</span><span class="n">NewSetWithSize</span><span class="p">[</span><span class="kt">string</span><span class="p">](</span><span class="nb">len</span><span class="p">(</span><span class="n">slice</span><span class="p">))</span> <span class="k">for</span> <span class="n">_</span><span class="p">,</span> <span class="n">perm</span> <span class="o">:=</span> <span class="k">range</span> <span class="n">slice</span> <span class="p">{</span> <span class="n">perms</span><span class="o">.</span><span class="n">Add</span><span class="p">(</span><span class="n">perm</span><span class="p">)</span> <span class="p">}</span> <span class="k">return</span> <span class="n">perms</span><span class="p">,</span> <span class="no">nil</span> <span class="p">}</span> <span class="c">// Get user permissions from db</span> <span class="n">data</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">mb</span><span class="o">.</span><span class="n">PgPool</span><span class="o">.</span><span class="n">GetUserPermissions</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="n">u</span><span class="o">.</span><span class="n">ID</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">err</span> <span class="p">}</span> <span class="n">perms</span> <span class="o">:=</span> <span class="n">mapset</span><span class="o">.</span><span class="n">NewSetWithSize</span><span class="p">[</span><span class="kt">string</span><span class="p">](</span><span class="nb">len</span><span class="p">(</span><span class="n">data</span><span class="p">))</span> <span class="k">for</span> <span class="n">_</span><span class="p">,</span> <span class="n">perm</span> <span class="o">:=</span> <span class="k">range</span> <span class="n">data</span> <span class="p">{</span> <span class="n">perms</span><span class="o">.</span><span class="n">Add</span><span class="p">(</span><span class="n">perm</span><span class="p">)</span> <span class="p">}</span> <span class="c">// Cache permissions</span> <span class="n">_</span><span class="p">,</span> <span class="n">err</span> <span class="o">=</span> <span class="n">mb</span><span class="o">.</span><span class="n">RedisPool</span><span class="o">.</span><span class="n">SAdd</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="n">rKey</span><span class="p">,</span> <span class="n">data</span><span class="p">)</span><span class="o">.</span><span class="n">Result</span><span class="p">()</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">slog</span><span class="o">.</span><span class="n">Error</span><span class="p">(</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Errorf</span><span class="p">(</span><span class="s">"failed to cache user permissions: %w"</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span><span class="o">.</span><span class="n">Error</span><span class="p">(),</span> <span class="p">)</span> <span class="p">}</span> <span class="n">_</span><span class="p">,</span> <span class="n">err</span> <span class="o">=</span> <span class="n">mb</span><span class="o">.</span><span class="n">RedisPool</span><span class="o">.</span><span class="n">Expire</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="n">rKey</span><span class="p">,</span> <span class="n">time</span><span class="o">.</span><span class="n">Minute</span><span class="p">)</span><span class="o">.</span><span class="n">Result</span><span class="p">()</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">slog</span><span class="o">.</span><span class="n">Error</span><span class="p">(</span><span class="n">fmt</span><span class="o">.</span><span class="n">Errorf</span><span class="p">(</span><span class="s">"failed to set expiration: %w"</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span><span class="o">.</span><span class="n">Error</span><span class="p">())</span> <span class="p">}</span> <span class="k">return</span> <span class="n">perms</span><span class="p">,</span> <span class="no">nil</span> <span class="p">}</span> </code></pre> </div> <p>We will not create separate <code>config</code> package, instead, for simplicity, just pass all configs directly in code. Create <code>auth_example/app.go</code> file:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">package</span> <span class="n">auth_example</span> <span class="k">import</span> <span class="p">(</span> <span class="s">"context"</span> <span class="s">"fmt"</span> <span class="s">"log/slog"</span> <span class="s">"net"</span> <span class="s">"time"</span> <span class="s">"http"</span> <span class="s">"github.com/39george/authpher"</span> <span class="s">"github.com/39george/authpher/adapters/authgin"</span> <span class="s">"github.com/39george/authpher/sessions/ginsessions"</span> <span class="n">ginAdapter</span> <span class="s">"github.com/39george/scs_gin_adapter"</span> <span class="n">scsRedisStore</span> <span class="s">"github.com/39george/scs_redisstore"</span> <span class="s">"github.com/alexedwards/scs/v2"</span> <span class="s">"github.com/gin-gonic/gin"</span> <span class="s">"github.com/gin-gonic/gin/binding"</span> <span class="s">"github.com/jackc/pgx/v5/pgxpool"</span> <span class="s">"github.com/redis/go-redis/v9"</span> <span class="s">"auth_example/db/sqlc"</span> <span class="s">"auth_example/internal"</span> <span class="s">"auth_example/internal/argon2"</span> <span class="s">"auth_example/internal/auth"</span> <span class="p">)</span> <span class="k">type</span> <span class="n">Application</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">server</span> <span class="o">*</span><span class="n">gin</span><span class="o">.</span><span class="n">Engine</span> <span class="n">listener</span> <span class="o">*</span><span class="n">net</span><span class="o">.</span><span class="n">Listener</span> <span class="p">}</span> <span class="k">func</span> <span class="n">BuildApplication</span><span class="p">(</span><span class="n">router</span> <span class="o">*</span><span class="n">gin</span><span class="o">.</span><span class="n">Engine</span><span class="p">)</span> <span class="n">Application</span> <span class="p">{</span> <span class="n">ctx</span> <span class="o">:=</span> <span class="n">context</span><span class="o">.</span><span class="n">Background</span><span class="p">()</span> <span class="c">// NOTE: Adjust options yourself</span> <span class="n">pgConnStr</span> <span class="o">:=</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Sprintf</span><span class="p">(</span> <span class="s">"host=%s port=%d user=%s password=%s dbname=%s sslmode=allow"</span><span class="p">,</span> <span class="s">"localhost"</span><span class="p">,</span> <span class="m">5432</span><span class="p">,</span> <span class="s">"postgres"</span><span class="p">,</span> <span class="s">"admin"</span><span class="p">,</span> <span class="s">"auth_example"</span><span class="p">,</span> <span class="p">)</span> <span class="n">pool</span> <span class="o">:=</span> <span class="n">getPgPool</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="n">pgConnStr</span><span class="p">)</span> <span class="n">sqlcObj</span> <span class="o">:=</span> <span class="n">sqlc</span><span class="o">.</span><span class="n">New</span><span class="p">(</span><span class="n">pool</span><span class="p">)</span> <span class="c">// NOTE: Adjust options yourself</span> <span class="n">redisClient</span> <span class="o">:=</span> <span class="n">getRedisConnectionPool</span><span class="p">(</span><span class="s">"localhost:6379"</span><span class="p">,</span> <span class="s">"admin"</span><span class="p">,</span> <span class="m">0</span><span class="p">)</span> <span class="c">// Initialize a new session manager and configure the session lifetime.</span> <span class="n">sessionManager</span> <span class="o">:=</span> <span class="n">scs</span><span class="o">.</span><span class="n">New</span><span class="p">()</span> <span class="n">sessionManager</span><span class="o">.</span><span class="n">Store</span> <span class="o">=</span> <span class="n">scsRedisStore</span><span class="o">.</span><span class="n">New</span><span class="p">(</span><span class="n">redisClient</span><span class="p">)</span> <span class="n">sessionManager</span><span class="o">.</span><span class="n">Lifetime</span> <span class="o">=</span> <span class="m">24</span> <span class="o">*</span> <span class="n">time</span><span class="o">.</span><span class="n">Hour</span> <span class="n">sessionAdapter</span> <span class="o">:=</span> <span class="n">ginAdapter</span><span class="o">.</span><span class="n">New</span><span class="p">(</span><span class="n">sessionManager</span><span class="p">)</span> <span class="n">appState</span> <span class="o">:=</span> <span class="o">&amp;</span><span class="n">internal</span><span class="o">.</span><span class="n">AppState</span><span class="p">{</span> <span class="n">Sqlc</span><span class="o">:</span> <span class="n">sqlcObj</span><span class="p">,</span> <span class="n">RedisClient</span><span class="o">:</span> <span class="n">redisClient</span><span class="p">,</span> <span class="n">Session</span><span class="o">:</span> <span class="n">sessionAdapter</span><span class="p">,</span> <span class="p">}</span> <span class="c">// Use our app state for every request</span> <span class="n">router</span><span class="o">.</span><span class="n">Use</span><span class="p">(</span><span class="k">func</span><span class="p">(</span><span class="n">c</span> <span class="o">*</span><span class="n">gin</span><span class="o">.</span><span class="n">Context</span><span class="p">)</span> <span class="p">{</span> <span class="n">c</span><span class="o">.</span><span class="n">Set</span><span class="p">(</span><span class="n">internal</span><span class="o">.</span><span class="n">AppStateLabel</span><span class="p">,</span> <span class="n">appState</span><span class="p">)</span> <span class="p">})</span> <span class="c">// Logging errors</span> <span class="n">router</span><span class="o">.</span><span class="n">Use</span><span class="p">(</span><span class="k">func</span><span class="p">(</span><span class="n">c</span> <span class="o">*</span><span class="n">gin</span><span class="o">.</span><span class="n">Context</span><span class="p">)</span> <span class="p">{</span> <span class="n">c</span><span class="o">.</span><span class="n">Next</span><span class="p">()</span> <span class="n">errors</span> <span class="o">:=</span> <span class="n">c</span><span class="o">.</span><span class="n">Errors</span><span class="o">.</span><span class="n">Errors</span><span class="p">()</span> <span class="k">for</span> <span class="n">i</span><span class="p">,</span> <span class="kt">error</span> <span class="o">:=</span> <span class="k">range</span> <span class="n">errors</span> <span class="p">{</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Errorf</span><span class="p">(</span><span class="s">"#%02d: %s"</span><span class="p">,</span> <span class="n">i</span><span class="o">+</span><span class="m">1</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="n">slog</span><span class="o">.</span><span class="n">Error</span><span class="p">(</span><span class="n">err</span><span class="o">.</span><span class="n">Error</span><span class="p">())</span> <span class="p">}</span> <span class="n">c</span><span class="o">.</span><span class="n">Errors</span> <span class="o">=</span> <span class="no">nil</span> <span class="p">})</span> <span class="c">// Session middleware</span> <span class="n">router</span><span class="o">.</span><span class="n">Use</span><span class="p">(</span><span class="n">sessionAdapter</span><span class="o">.</span><span class="n">LoadAndSave</span><span class="p">)</span> <span class="n">router</span><span class="o">.</span><span class="n">Use</span><span class="p">(</span><span class="n">authgin</span><span class="o">.</span><span class="n">Auth</span><span class="p">[</span><span class="kt">string</span><span class="p">,</span> <span class="n">auth</span><span class="o">.</span><span class="n">Credentials</span><span class="p">](</span> <span class="n">auth</span><span class="o">.</span><span class="n">MyBackend</span><span class="p">{</span> <span class="n">PgPool</span><span class="o">:</span> <span class="n">appState</span><span class="o">.</span><span class="n">Sqlc</span><span class="p">,</span> <span class="n">RedisPool</span><span class="o">:</span> <span class="n">appState</span><span class="o">.</span><span class="n">RedisClient</span><span class="p">,</span> <span class="p">},</span> <span class="o">&amp;</span><span class="n">ginsessions</span><span class="o">.</span><span class="n">GinSessions</span><span class="p">{</span><span class="n">Store</span><span class="o">:</span> <span class="n">sessionAdapter</span><span class="p">}),</span> <span class="p">)</span> <span class="n">openRoutes</span> <span class="o">:=</span> <span class="n">router</span><span class="o">.</span><span class="n">Group</span><span class="p">(</span><span class="s">"/open"</span><span class="p">)</span> <span class="n">userRoutes</span> <span class="o">:=</span> <span class="n">router</span><span class="o">.</span><span class="n">Group</span><span class="p">(</span><span class="s">"/user"</span><span class="p">)</span> <span class="n">userRoutes</span><span class="o">.</span><span class="n">Use</span><span class="p">(</span><span class="n">authgin</span><span class="o">.</span><span class="n">PermissionRequired</span><span class="p">[</span><span class="kt">string</span><span class="p">,</span> <span class="n">auth</span><span class="o">.</span><span class="n">Credentials</span><span class="p">](</span><span class="s">"starter"</span><span class="p">))</span> <span class="n">adminRoutes</span> <span class="o">:=</span> <span class="n">router</span><span class="o">.</span><span class="n">Group</span><span class="p">(</span><span class="s">"/admin"</span><span class="p">)</span> <span class="n">adminRoutes</span><span class="o">.</span><span class="n">Use</span><span class="p">(</span><span class="n">authgin</span><span class="o">.</span><span class="n">PermissionRequired</span><span class="p">[</span><span class="kt">string</span><span class="p">,</span> <span class="n">auth</span><span class="o">.</span><span class="n">Credentials</span><span class="p">](</span><span class="s">"admin"</span><span class="p">))</span> <span class="c">// Define handlers</span> <span class="n">userRoutes</span><span class="o">.</span><span class="n">GET</span><span class="p">(</span><span class="s">"/test"</span><span class="p">,</span> <span class="k">func</span><span class="p">(</span><span class="n">c</span> <span class="o">*</span><span class="n">gin</span><span class="o">.</span><span class="n">Context</span><span class="p">)</span> <span class="p">{})</span> <span class="n">adminRoutes</span><span class="o">.</span><span class="n">GET</span><span class="p">(</span><span class="s">"/test"</span><span class="p">,</span> <span class="k">func</span><span class="p">(</span><span class="n">c</span> <span class="o">*</span><span class="n">gin</span><span class="o">.</span><span class="n">Context</span><span class="p">)</span> <span class="p">{})</span> <span class="n">openRoutes</span><span class="o">.</span><span class="n">GET</span><span class="p">(</span><span class="s">"/test"</span><span class="p">,</span> <span class="k">func</span><span class="p">(</span><span class="n">c</span> <span class="o">*</span><span class="n">gin</span><span class="o">.</span><span class="n">Context</span><span class="p">)</span> <span class="p">{})</span> <span class="n">openRoutes</span><span class="o">.</span><span class="n">POST</span><span class="p">(</span><span class="s">"/login"</span><span class="p">,</span> <span class="k">func</span><span class="p">(</span><span class="n">c</span> <span class="o">*</span><span class="n">gin</span><span class="o">.</span><span class="n">Context</span><span class="p">)</span> <span class="p">{</span> <span class="n">credentials</span> <span class="o">:=</span> <span class="nb">new</span><span class="p">(</span><span class="n">auth</span><span class="o">.</span><span class="n">Credentials</span><span class="p">)</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">c</span><span class="o">.</span><span class="n">ShouldBindWith</span><span class="p">(</span><span class="n">credentials</span><span class="p">,</span> <span class="n">binding</span><span class="o">.</span><span class="n">JSON</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">c</span><span class="o">.</span><span class="n">AbortWithStatusJSON</span><span class="p">(</span><span class="n">http</span><span class="o">.</span><span class="n">StatusBadRequest</span><span class="p">,</span> <span class="n">gin</span><span class="o">.</span><span class="n">H</span><span class="p">{</span><span class="s">"error"</span><span class="o">:</span> <span class="n">err</span><span class="o">.</span><span class="n">Error</span><span class="p">()})</span> <span class="k">return</span> <span class="p">}</span> <span class="n">authSession</span><span class="p">,</span> <span class="n">_</span> <span class="o">:=</span> <span class="n">c</span><span class="o">.</span><span class="n">Get</span><span class="p">(</span><span class="n">authpher</span><span class="o">.</span><span class="n">AuthContextString</span><span class="p">)</span> <span class="n">aS</span> <span class="o">:=</span> <span class="n">authSession</span><span class="o">.</span><span class="p">(</span><span class="o">*</span><span class="n">authpher</span><span class="o">.</span><span class="n">AuthSession</span><span class="p">[</span><span class="kt">string</span><span class="p">,</span> <span class="n">auth</span><span class="o">.</span><span class="n">Credentials</span><span class="p">])</span> <span class="n">user</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">aS</span><span class="o">.</span><span class="n">Authenticate</span><span class="p">(</span><span class="n">c</span><span class="p">,</span> <span class="o">*</span><span class="n">credentials</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">c</span><span class="o">.</span><span class="n">AbortWithError</span><span class="p">(</span><span class="n">http</span><span class="o">.</span><span class="n">StatusUnauthorized</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span> <span class="k">return</span> <span class="p">}</span> <span class="k">if</span> <span class="n">user</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">u</span> <span class="o">:=</span> <span class="n">user</span><span class="o">.</span><span class="p">(</span><span class="o">*</span><span class="n">auth</span><span class="o">.</span><span class="n">User</span><span class="p">)</span> <span class="n">err</span> <span class="o">=</span> <span class="n">aS</span><span class="o">.</span><span class="n">Login</span><span class="p">(</span><span class="n">c</span><span class="p">,</span> <span class="n">u</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">slog</span><span class="o">.</span><span class="n">Warn</span><span class="p">(</span><span class="s">"Failed to login user"</span><span class="p">,</span> <span class="s">"error"</span><span class="p">,</span> <span class="n">err</span><span class="o">.</span><span class="n">Error</span><span class="p">())</span> <span class="p">}</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="n">c</span><span class="o">.</span><span class="n">AbortWithStatus</span><span class="p">(</span><span class="n">http</span><span class="o">.</span><span class="n">StatusUnauthorized</span><span class="p">)</span> <span class="p">}</span> <span class="p">})</span> <span class="n">openRoutes</span><span class="o">.</span><span class="n">POST</span><span class="p">(</span><span class="s">"/signup"</span><span class="p">,</span> <span class="k">func</span><span class="p">(</span><span class="n">c</span> <span class="o">*</span><span class="n">gin</span><span class="o">.</span><span class="n">Context</span><span class="p">)</span> <span class="p">{</span> <span class="n">s</span><span class="p">,</span> <span class="n">_</span> <span class="o">:=</span> <span class="n">c</span><span class="o">.</span><span class="n">Get</span><span class="p">(</span><span class="n">internal</span><span class="o">.</span><span class="n">AppStateLabel</span><span class="p">)</span> <span class="n">state</span> <span class="o">:=</span> <span class="n">s</span><span class="o">.</span><span class="p">(</span><span class="o">*</span><span class="n">internal</span><span class="o">.</span><span class="n">AppState</span><span class="p">)</span> <span class="n">creds</span> <span class="o">:=</span> <span class="nb">new</span><span class="p">(</span><span class="n">auth</span><span class="o">.</span><span class="n">Credentials</span><span class="p">)</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">c</span><span class="o">.</span><span class="n">ShouldBindWith</span><span class="p">(</span><span class="n">creds</span><span class="p">,</span> <span class="n">binding</span><span class="o">.</span><span class="n">FormPost</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">c</span><span class="o">.</span><span class="n">AbortWithStatusJSON</span><span class="p">(</span><span class="n">http</span><span class="o">.</span><span class="n">StatusBadRequest</span><span class="p">,</span> <span class="n">gin</span><span class="o">.</span><span class="n">H</span><span class="p">{</span><span class="s">"error"</span><span class="o">:</span> <span class="n">err</span><span class="o">.</span><span class="n">Error</span><span class="p">()})</span> <span class="k">return</span> <span class="p">}</span> <span class="n">passwordHash</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">argon2</span><span class="o">.</span><span class="n">GenWithParams</span><span class="p">(</span><span class="n">argon2</span><span class="o">.</span><span class="n">LightParams</span><span class="p">,</span> <span class="n">creds</span><span class="o">.</span><span class="n">Password</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">c</span><span class="o">.</span><span class="n">AbortWithStatus</span><span class="p">(</span><span class="n">http</span><span class="o">.</span><span class="n">StatusInternalServerError</span><span class="p">)</span> <span class="k">return</span> <span class="p">}</span> <span class="n">userId</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">state</span><span class="o">.</span><span class="n">Sqlc</span><span class="o">.</span><span class="n">InsertUserToDb</span><span class="p">(</span><span class="n">c</span><span class="p">,</span> <span class="n">sqlc</span><span class="o">.</span><span class="n">InsertUserToDbParams</span><span class="p">{</span> <span class="n">Username</span><span class="o">:</span> <span class="n">creds</span><span class="o">.</span><span class="n">Username</span><span class="p">,</span> <span class="n">PasswordHash</span><span class="o">:</span> <span class="n">passwordHash</span><span class="p">,</span> <span class="n">Email</span><span class="o">:</span> <span class="n">creds</span><span class="o">.</span><span class="n">Email</span><span class="p">,</span> <span class="p">})</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">c</span><span class="o">.</span><span class="n">AbortWithError</span><span class="p">(</span><span class="n">http</span><span class="o">.</span><span class="n">StatusInternalServerError</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span> <span class="p">}</span> <span class="n">err</span> <span class="o">=</span> <span class="n">state</span><span class="o">.</span><span class="n">Sqlc</span><span class="o">.</span><span class="n">AddUserToGroup</span><span class="p">(</span><span class="n">c</span><span class="p">,</span> <span class="n">sqlc</span><span class="o">.</span><span class="n">AddUserToGroupParams</span><span class="p">{</span> <span class="n">UserID</span><span class="o">:</span> <span class="n">userId</span><span class="p">,</span> <span class="n">Name</span><span class="o">:</span> <span class="n">creds</span><span class="o">.</span><span class="n">Group</span><span class="p">,</span> <span class="p">})</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">c</span><span class="o">.</span><span class="n">AbortWithError</span><span class="p">(</span><span class="n">http</span><span class="o">.</span><span class="n">StatusInternalServerError</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span> <span class="p">}</span> <span class="n">c</span><span class="o">.</span><span class="n">Status</span><span class="p">(</span><span class="n">http</span><span class="o">.</span><span class="n">StatusOK</span><span class="p">)</span> <span class="p">})</span> <span class="n">listener</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">net</span><span class="o">.</span><span class="n">Listen</span><span class="p">(</span> <span class="s">"tcp"</span><span class="p">,</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Sprintf</span><span class="p">(</span><span class="s">"%s:%d"</span><span class="p">,</span> <span class="s">"localhost"</span><span class="p">,</span> <span class="m">8080</span><span class="p">),</span> <span class="p">)</span> <span class="n">panicOnError</span><span class="p">(</span><span class="n">err</span><span class="p">,</span> <span class="s">"Error binding to port"</span><span class="p">)</span> <span class="k">return</span> <span class="n">Application</span><span class="p">{</span><span class="n">server</span><span class="o">:</span> <span class="n">router</span><span class="p">,</span> <span class="n">listener</span><span class="o">:</span> <span class="o">&amp;</span><span class="n">listener</span><span class="p">}</span> <span class="p">}</span> <span class="k">func</span> <span class="p">(</span><span class="n">a</span> <span class="o">*</span><span class="n">Application</span><span class="p">)</span> <span class="n">RunUntilStopped</span><span class="p">()</span> <span class="p">{</span> <span class="n">a</span><span class="o">.</span><span class="n">server</span><span class="o">.</span><span class="n">RunListener</span><span class="p">(</span><span class="o">*</span><span class="n">a</span><span class="o">.</span><span class="n">listener</span><span class="p">)</span> <span class="p">}</span> <span class="k">func</span> <span class="n">getRedisConnectionPool</span><span class="p">(</span><span class="n">addr</span> <span class="kt">string</span><span class="p">,</span> <span class="n">password</span> <span class="kt">string</span><span class="p">,</span> <span class="n">dbNumber</span> <span class="kt">int</span><span class="p">)</span> <span class="o">*</span><span class="n">redis</span><span class="o">.</span><span class="n">Client</span> <span class="p">{</span> <span class="n">opts</span> <span class="o">:=</span> <span class="o">&amp;</span><span class="n">redis</span><span class="o">.</span><span class="n">Options</span><span class="p">{</span> <span class="n">Addr</span><span class="o">:</span> <span class="n">addr</span><span class="p">,</span> <span class="n">Password</span><span class="o">:</span> <span class="n">password</span><span class="p">,</span> <span class="n">DB</span><span class="o">:</span> <span class="n">dbNumber</span><span class="p">,</span> <span class="p">}</span> <span class="k">return</span> <span class="n">redis</span><span class="o">.</span><span class="n">NewClient</span><span class="p">(</span><span class="n">opts</span><span class="p">)</span> <span class="p">}</span> <span class="k">func</span> <span class="n">getPgPool</span><span class="p">(</span> <span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">,</span> <span class="n">connStr</span> <span class="kt">string</span><span class="p">,</span> <span class="p">)</span> <span class="o">*</span><span class="n">pgxpool</span><span class="o">.</span><span class="n">Pool</span> <span class="p">{</span> <span class="n">pool</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">pgxpool</span><span class="o">.</span><span class="n">New</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="n">connStr</span><span class="p">)</span> <span class="n">panicOnError</span><span class="p">(</span><span class="n">err</span><span class="p">,</span> <span class="s">"Failed to connect to postgres"</span><span class="p">)</span> <span class="k">return</span> <span class="n">pool</span> <span class="p">}</span> <span class="k">func</span> <span class="n">panicOnError</span><span class="p">(</span><span class="n">err</span> <span class="kt">error</span><span class="p">,</span> <span class="n">message</span> <span class="kt">string</span><span class="p">)</span> <span class="p">{</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="nb">panic</span><span class="p">(</span><span class="n">message</span> <span class="o">+</span> <span class="s">": "</span> <span class="o">+</span> <span class="n">err</span><span class="o">.</span><span class="n">Error</span><span class="p">())</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>And, finally, lets implement our <code>auth_example/main.go</code> program:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">package</span> <span class="n">main</span> <span class="k">import</span> <span class="p">(</span> <span class="s">"github.com/gin-gonic/gin"</span> <span class="s">"auth_example"</span> <span class="p">)</span> <span class="k">func</span> <span class="n">main</span><span class="p">()</span> <span class="p">{</span> <span class="n">r</span> <span class="o">:=</span> <span class="n">gin</span><span class="o">.</span><span class="n">New</span><span class="p">()</span> <span class="n">r</span><span class="o">.</span><span class="n">Use</span><span class="p">(</span><span class="n">gin</span><span class="o">.</span><span class="n">Recovery</span><span class="p">())</span> <span class="n">app</span> <span class="o">:=</span> <span class="n">auth_example</span><span class="o">.</span><span class="n">BuildApplication</span><span class="p">(</span><span class="n">r</span><span class="p">)</span> <span class="n">app</span><span class="o">.</span><span class="n">RunUntilStopped</span><span class="p">()</span> <span class="p">}</span> </code></pre> </div> <p>Now we can run our application with:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>go run main.go </code></pre> </div> <h2> Testing </h2> <p>Now let's test our open handler with curl:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl <span class="nt">-i</span> localhost:8080/open/test </code></pre> </div> <p>You should get:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight http"><code><span class="k">HTTP</span><span class="o">/</span><span class="m">1.1</span> <span class="m">200</span> <span class="ne">OK</span> <span class="na">Vary</span><span class="p">:</span> <span class="s">Cookie</span> <span class="na">Date</span><span class="p">:</span> <span class="s">Thu, 30 Jan 2025 12:45:47 GMT</span> <span class="na">Content-Length</span><span class="p">:</span> <span class="s">0</span> </code></pre> </div> <p>Try to get access to protected route:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl <span class="nt">-i</span> <span class="nt">-X</span> GET localhost:8080/user/test </code></pre> </div> <p>You will get:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight http"><code><span class="k">HTTP</span><span class="o">/</span><span class="m">1.1</span> <span class="m">401</span> <span class="ne">Unauthorized</span> <span class="na">Vary</span><span class="p">:</span> <span class="s">Cookie</span> <span class="na">Date</span><span class="p">:</span> <span class="s">Thu, 30 Jan 2025 13:07:35 GMT</span> <span class="na">Content-Length</span><span class="p">:</span> <span class="s">0</span> </code></pre> </div> <p>Then we will create a new account with command:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> curl <span class="nt">-i</span> <span class="nt">-X</span> POST <span class="nt">-H</span> <span class="s1">'Content-Type: application/x-www-form-urlencoded'</span> <span class="nt">-d</span> <span class="s1">'username=user1&amp;password=pass&amp;email=email1@mail.com&amp;group=group.users-starter'</span> localhost:8080/open/signup </code></pre> </div> <p>Output should be:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight http"><code><span class="k">HTTP</span><span class="o">/</span><span class="m">1.1</span> <span class="m">200</span> <span class="ne">OK</span> <span class="na">Vary</span><span class="p">:</span> <span class="s">Cookie</span> <span class="na">Date</span><span class="p">:</span> <span class="s">Thu, 30 Jan 2025 13:00:03 GMT</span> <span class="na">Content-Length</span><span class="p">:</span> <span class="s">0</span> </code></pre> </div> <p>And now login to our account (we use <code>-c</code> curl flag to dump response cookie into a file, simulating web browser session):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl <span class="nt">-i</span> <span class="nt">-X</span> POST <span class="nt">-c</span> cookie.txt <span class="nt">-H</span> <span class="s1">'Content-Type: application/json'</span> <span class="nt">-d</span> <span class="s1">'{"username":"user1","password":"pass"}'</span> localhost:8080/open/login </code></pre> </div> <p>Response:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight http"><code><span class="k">HTTP</span><span class="o">/</span><span class="m">1.1</span> <span class="m">200</span> <span class="ne">OK</span> <span class="na">Cache-Control</span><span class="p">:</span> <span class="s">no-cache="Set-Cookie"</span> <span class="na">Set-Cookie</span><span class="p">:</span> <span class="s">session=yoP9sQprjrBeTbbEdxO_pa_eGCenKnvmUFqjNfY4kqA; Path=/; Expires=Fri, 31 Jan 2025 13:09:02 GMT; Max-Age=86400; HttpOnly; SameSite=Lax</span> <span class="na">Vary</span><span class="p">:</span> <span class="s">Cookie</span> <span class="na">Date</span><span class="p">:</span> <span class="s">Thu, 30 Jan 2025 13:09:02 GMT</span> <span class="na">Content-Length</span><span class="p">:</span> <span class="s">0</span> </code></pre> </div> <p>After that you should have access to protected endpoint:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl <span class="nt">-i</span> <span class="nt">-X</span> GET <span class="nt">-b</span> cookie.txt localhost:8080/user/test </code></pre> </div> <p>Response:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight http"><code><span class="k">HTTP</span><span class="o">/</span><span class="m">1.1</span> <span class="m">200</span> <span class="ne">OK</span> <span class="na">Vary</span><span class="p">:</span> <span class="s">Cookie</span> <span class="na">Date</span><span class="p">:</span> <span class="s">Thu, 30 Jan 2025 13:10:59 GMT</span> <span class="na">Content-Length</span><span class="p">:</span> <span class="s">0</span> </code></pre> </div> <p>If you want, you can go further and create more accounts for testing various permissions for our groups!</p> <p>That's all, you can find full code at the <a href="https://github.com/39george/articles/tree/main/code/auth_example" rel="noopener noreferrer">repo</a>.</p> go backend coding webdev