Forem: Faizan The latest articles on Forem by Faizan (@mdfaizan7). https://forem.com/mdfaizan7 https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F498563%2F15b6ad52-cba8-42b5-be35-93406e45ccf1.jpeg Forem: Faizan https://forem.com/mdfaizan7 en Database Replication using CDC Faizan Wed, 06 Oct 2021 04:30:47 +0000 https://forem.com/mdfaizan7/database-replication-using-cdc-48l8 https://forem.com/mdfaizan7/database-replication-using-cdc-48l8 <p>Database Replication is the process of taking data from a source database (MySQL, Mongo, PostgreSQL, etc), and copies it into a destination database. This can be a one-time operation or a real-time sync process.</p> <p>At <a href="https://www.getpowerplay.in/">Powerplay</a>, our Product team constantly runs various data queries to derive user insight. Running complex queries to build user dashboards created a huge overhead on our production database. Therefore production APIs started taking more time to execute. It also caused our production DB to crash a few times. That's when we decide to create a replica of our main production DB and shift all analytics to analytics DB.</p> <h2> DB replication methods </h2> <p>There are mainly 3 data replication methods. Selecting the right method depends upon your particular use-case and what type of database you are using.</p> <ol> <li> <strong>Full Load and Dump -</strong> In this method, at regular intervals, all the data inside the DB is first queried, then a snapshot is taken. Then this snapshot replaces the previous snapshot in our data warehouse. This method is suited for small tables or for one-time exports.</li> <li> <strong>Incremental -</strong> In this method, we define an event for each table/collection. Every time a row/document is updated or inserted, the event is triggered. The database is queried regularly to look for changes. Despite the initial effort for setting up the trigger system, this method has less load on DB.</li> <li> <strong>Change Data Capture(CDC) -</strong> It involves querying DB's internal operation log every few seconds and copying the changes inside the data warehouse. This is a more reliable method and has a much lower impact on DB performance. It also helps you avoid loading duplicate events. CDC is the best method for databases that are being updated continually.</li> </ol> <h2> CDC with MongoDB &amp; Kafka </h2> <p>Why we picked CDC because we want to sync analytics DB with production DB in realtime which can be achieved by incremental and CDC methods. But Incremental method has high initial efforts and requires regular monitoring. On other hand, it is seamless with CDC. </p> <p>Before knowing how to implement CDC with <a href="https://www.mongodb.com/">MongoDB</a>, we will need to know some topics beforehand:</p> <h3> Change Streams - </h3> <p><a href="https://docs.mongodb.com/manual/changeStreams/">Change Stream</a> is a MongoDB API introduced in v3.6. Change Streams allow apps to listen to real-time data changes without the complexity and risk of tailing the <a href="https://docs.mongodb.com/manual/core/replica-set-oplog/">oplog</a> (rolling record of all modification operations on DB). Apps can use change streams to subscribe to all data changes on a single collection, a database, or an entire deployment, and immediately react to them.</p> <p>Change Streams are only available for replica sets. This limitation is because the implementation of change streams is based on the oplog, which is only available on replica sets. </p> <blockquote> <p>NOTE: Change Streams is also available for sharded clusters, but it is not recommended as you would have to tail each oplog on each shard separately, which ultimately defeats the purpose of change streams.</p> </blockquote> <p>To pass change stream data from source DB to sink DB, we need an event streaming platform. That's where Apache Kafka fits the role.</p> <h3> Apache Kafka - </h3> <p><a href="https://kafka.apache.org/">Kafka</a> is a distributed event streaming platform that enables a developer to connect multiple systems together to exchange messages(data). It is commonly used in ETL data pipelines, CDC Systems, etc.</p> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fy1fcu1vko1o44eko7rvx.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fy1fcu1vko1o44eko7rvx.png" alt="Kafka Architecture" width="663" height="488"></a></p> <p>Kafka Key Concepts:</p> <ol> <li> <strong>Cluster:</strong> It is a collection of servers, that work together to handle the management of messages/data.</li> <li> <strong>Messages:</strong> byte arrays that store data in any format.</li> <li> <strong>Topics:</strong> Topics are the categories in Kafka to which the messages are stored and published.</li> <li> <strong>Producers:</strong> writes messages to Kafka topics.</li> <li> <strong>Consumers:</strong> read messages from Kafka topics.</li> </ol> <p>To create a connection between MongoDB and Apache Kafka, MongoDB has build official framework <a href="https://github.com/mongodb/mongo-kafka">MongoDB Kafka Connector</a>. </p> <h3> MongoDB Kafka Connector - </h3> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Futalktkomyp0adwalsl5.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Futalktkomyp0adwalsl5.png" alt="MongoDB Kafka Connector" width="663" height="488"></a></p> <p>Using this framework, Producers and consumers can write and read changes for each database or collection in MongoDB using the Kafka Connect APIs.</p> <p>A connector can be configured as a source or a sink:</p> <ul> <li>Source Connector - This acts as a source. It's configured to subscribe to the changes on our MongoDB deployment and as changes are made in that deployment, events are published to Kafka topics.</li> <li>Sink Connector - It reads messages from the topic, and writes documents to sink MongoDB deployment.</li> </ul> <p>MongoDB Kafka Connector makes it seamless to replicate MongoDB using CDC and Kafka. You can find the instructions <a href="https://github.com/mongodb/mongo-kafka/tree/master/docker">here</a> on how to setup and use it.</p> mongodb database cdc analytics Creating Login and Private Routes with Refreshing tokens - Part[3/3] of Go Authentication series Faizan Sat, 31 Oct 2020 06:52:06 +0000 https://forem.com/mdfaizan7/creating-login-and-private-routes-with-refreshing-tokens-part-3-3-of-go-authentication-series-2n0c https://forem.com/mdfaizan7/creating-login-and-private-routes-with-refreshing-tokens-part-3-3-of-go-authentication-series-2n0c <p>In this part, we will create 3 routes:</p> <ul> <li>A SignIn route from where users can log in either with their username or email along with their password.</li> <li>A secure Route from where any logged-in user can get their details from the database.</li> <li>Another route that returns an access token iff the refresh token is valid.</li> </ul> <p>So let's get started:</p> <p>We will make all these functions inside the <em>router/user.go</em> file.</p> <p>First, we will modify the <em>SetupUserRoutes</em> function inside <em>router/user.go</em> file.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="c">// SetupUserRoutes func sets up all the user routes</span> <span class="k">func</span> <span class="n">SetupUserRoutes</span><span class="p">()</span> <span class="p">{</span> <span class="n">USER</span><span class="o">.</span><span class="n">Post</span><span class="p">(</span><span class="s">"/signup"</span><span class="p">,</span> <span class="n">CreateUser</span><span class="p">)</span> <span class="c">// Sign Up a user</span> <span class="o">++</span> <span class="n">USER</span><span class="o">.</span><span class="n">Post</span><span class="p">(</span><span class="s">"/signin"</span><span class="p">,</span> <span class="n">LoginUser</span><span class="p">)</span> <span class="c">// Sign In a user</span> <span class="o">++</span> <span class="n">USER</span><span class="o">.</span><span class="n">Get</span><span class="p">(</span><span class="s">"/get-access-token"</span><span class="p">,</span> <span class="n">GetAccessToken</span><span class="p">)</span> <span class="c">// returns a new access_token</span> <span class="o">++</span> <span class="c">// privUser handles all the private user routes that requires authentication</span> <span class="o">++</span> <span class="n">privUser</span> <span class="o">:=</span> <span class="n">USER</span><span class="o">.</span><span class="n">Group</span><span class="p">(</span><span class="s">"/private"</span><span class="p">)</span> <span class="o">++</span> <span class="n">privUser</span><span class="o">.</span><span class="n">Use</span><span class="p">(</span><span class="n">util</span><span class="o">.</span><span class="n">SecureAuth</span><span class="p">())</span> <span class="c">// middleware to secure all routes for this group</span> <span class="o">++</span> <span class="n">privUser</span><span class="o">.</span><span class="n">Get</span><span class="p">(</span><span class="s">"/user"</span><span class="p">,</span> <span class="n">GetUserData</span><span class="p">)</span> <span class="p">}</span> </code></pre> </div> <p>You can see that we are using our SecureAuth middleware for the private routes here, to make sure that every route from this group is secured. </p> <h3> Create a SignIn route </h3> <p>Now we will create a new function inside <em>routr/user.go</em> file that will handle the logging in for any user.</p> <p>We will follow the following steps to log in a user:</p> <ol> <li>First, we will parse the input data into an input struct.</li> <li>Then, we will check whether or not any user exists according to the provided email or username.</li> <li>If it exists, then we will compare the password provided with the hashed password inside the database.</li> <li>If there is a match, we will then generate access and refresh tokens and set their cookies.</li> <li>Then we return the tokens.</li> </ol> <p>So if we follow all these steps, our function will look like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="c">// LoginUser route logins a user in the app</span> <span class="k">func</span> <span class="n">LoginUser</span><span class="p">(</span><span class="n">c</span> <span class="o">*</span><span class="n">fiber</span><span class="o">.</span><span class="n">Ctx</span><span class="p">)</span> <span class="kt">error</span> <span class="p">{</span> <span class="k">type</span> <span class="n">LoginInput</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">Identity</span> <span class="kt">string</span> <span class="s">`json:"identity"`</span> <span class="n">Password</span> <span class="kt">string</span> <span class="s">`json:"password"`</span> <span class="p">}</span> <span class="n">input</span> <span class="o">:=</span> <span class="nb">new</span><span class="p">(</span><span class="n">LoginInput</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">c</span><span class="o">.</span><span class="n">BodyParser</span><span class="p">(</span><span class="n">input</span><span class="p">);</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="n">c</span><span class="o">.</span><span class="n">JSON</span><span class="p">(</span><span class="n">fiber</span><span class="o">.</span><span class="n">Map</span><span class="p">{</span><span class="s">"error"</span><span class="o">:</span> <span class="no">true</span><span class="p">,</span> <span class="s">"input"</span><span class="o">:</span> <span class="s">"Please review your input"</span><span class="p">})</span> <span class="p">}</span> <span class="c">// check if a user exists</span> <span class="n">u</span> <span class="o">:=</span> <span class="nb">new</span><span class="p">(</span><span class="n">models</span><span class="o">.</span><span class="n">User</span><span class="p">)</span> <span class="k">if</span> <span class="n">res</span> <span class="o">:=</span> <span class="n">db</span><span class="o">.</span><span class="n">DB</span><span class="o">.</span><span class="n">Where</span><span class="p">(</span> <span class="o">&amp;</span><span class="n">models</span><span class="o">.</span><span class="n">User</span><span class="p">{</span><span class="n">Email</span><span class="o">:</span> <span class="n">input</span><span class="o">.</span><span class="n">Identity</span><span class="p">})</span><span class="o">.</span><span class="n">Or</span><span class="p">(</span> <span class="o">&amp;</span><span class="n">models</span><span class="o">.</span><span class="n">User</span><span class="p">{</span><span class="n">Username</span><span class="o">:</span> <span class="n">input</span><span class="o">.</span><span class="n">Identity</span><span class="p">},</span> <span class="p">)</span><span class="o">.</span><span class="n">First</span><span class="p">(</span><span class="o">&amp;</span><span class="n">u</span><span class="p">);</span> <span class="n">res</span><span class="o">.</span><span class="n">RowsAffected</span> <span class="o">&lt;=</span> <span class="m">0</span> <span class="p">{</span> <span class="k">return</span> <span class="n">c</span><span class="o">.</span><span class="n">JSON</span><span class="p">(</span><span class="n">fiber</span><span class="o">.</span><span class="n">Map</span><span class="p">{</span><span class="s">"error"</span><span class="o">:</span> <span class="no">true</span><span class="p">,</span> <span class="s">"general"</span><span class="o">:</span> <span class="s">"Invalid Credentials."</span><span class="p">})</span> <span class="p">}</span> <span class="c">// Comparing the password with the hash</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">bcrypt</span><span class="o">.</span><span class="n">CompareHashAndPassword</span><span class="p">([]</span><span class="kt">byte</span><span class="p">(</span><span class="n">u</span><span class="o">.</span><span class="n">Password</span><span class="p">),</span> <span class="p">[]</span><span class="kt">byte</span><span class="p">(</span><span class="n">input</span><span class="o">.</span><span class="n">Password</span><span class="p">));</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="n">c</span><span class="o">.</span><span class="n">JSON</span><span class="p">(</span><span class="n">fiber</span><span class="o">.</span><span class="n">Map</span><span class="p">{</span><span class="s">"error"</span><span class="o">:</span> <span class="no">true</span><span class="p">,</span> <span class="s">"general"</span><span class="o">:</span> <span class="s">"Invalid Credentials."</span><span class="p">})</span> <span class="p">}</span> <span class="c">// setting up the authorization cookies</span> <span class="n">accessToken</span><span class="p">,</span> <span class="n">refreshToken</span> <span class="o">:=</span> <span class="n">util</span><span class="o">.</span><span class="n">GenerateTokens</span><span class="p">(</span><span class="n">u</span><span class="o">.</span><span class="n">UUID</span><span class="o">.</span><span class="n">String</span><span class="p">())</span> <span class="n">accessCookie</span><span class="p">,</span> <span class="n">refreshCookie</span> <span class="o">:=</span> <span class="n">util</span><span class="o">.</span><span class="n">GetAuthCookies</span><span class="p">(</span><span class="n">accessToken</span><span class="p">,</span> <span class="n">refreshToken</span><span class="p">)</span> <span class="n">c</span><span class="o">.</span><span class="n">Cookie</span><span class="p">(</span><span class="n">accessCookie</span><span class="p">)</span> <span class="n">c</span><span class="o">.</span><span class="n">Cookie</span><span class="p">(</span><span class="n">refreshCookie</span><span class="p">)</span> <span class="k">return</span> <span class="n">c</span><span class="o">.</span><span class="n">Status</span><span class="p">(</span><span class="n">fiber</span><span class="o">.</span><span class="n">StatusOK</span><span class="p">)</span><span class="o">.</span><span class="n">JSON</span><span class="p">(</span><span class="n">fiber</span><span class="o">.</span><span class="n">Map</span><span class="p">{</span> <span class="s">"access_token"</span><span class="o">:</span> <span class="n">accessToken</span><span class="p">,</span> <span class="s">"refresh_token"</span><span class="o">:</span> <span class="n">refreshToken</span><span class="p">,</span> <span class="p">})</span> <span class="p">}</span> </code></pre> </div> <p>Yay!, we have created both a SignUp route and a SignIn route successfully. But the work is still not over, we will now create a secure route from which a logged-in user can access their data.</p> <h3> Access user data with a secure route </h3> <p>Now, we will create a new function called GetUserData inside the <em>router/user.go</em> file. This function is only triggered when the request passes through our SecureAuth middleware successfully.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="c">// GetUserData returns the details of the user signed in</span> <span class="k">func</span> <span class="n">GetUserData</span><span class="p">(</span><span class="n">c</span> <span class="o">*</span><span class="n">fiber</span><span class="o">.</span><span class="n">Ctx</span><span class="p">)</span> <span class="kt">error</span> <span class="p">{</span> <span class="n">id</span> <span class="o">:=</span> <span class="n">c</span><span class="o">.</span><span class="n">Locals</span><span class="p">(</span><span class="s">"id"</span><span class="p">)</span> <span class="n">u</span> <span class="o">:=</span> <span class="nb">new</span><span class="p">(</span><span class="n">models</span><span class="o">.</span><span class="n">User</span><span class="p">)</span> <span class="k">if</span> <span class="n">res</span> <span class="o">:=</span> <span class="n">db</span><span class="o">.</span><span class="n">DB</span><span class="o">.</span><span class="n">Where</span><span class="p">(</span><span class="s">"uuid = ?"</span><span class="p">,</span> <span class="n">id</span><span class="p">)</span><span class="o">.</span><span class="n">First</span><span class="p">(</span><span class="o">&amp;</span><span class="n">u</span><span class="p">);</span> <span class="n">res</span><span class="o">.</span><span class="n">RowsAffected</span> <span class="o">&lt;=</span> <span class="m">0</span> <span class="p">{</span> <span class="k">return</span> <span class="n">c</span><span class="o">.</span><span class="n">JSON</span><span class="p">(</span><span class="n">fiber</span><span class="o">.</span><span class="n">Map</span><span class="p">{</span><span class="s">"error"</span><span class="o">:</span> <span class="no">true</span><span class="p">,</span> <span class="s">"general"</span><span class="o">:</span> <span class="s">"Cannot find the User"</span><span class="p">})</span> <span class="p">}</span> <span class="k">return</span> <span class="n">c</span><span class="o">.</span><span class="n">JSON</span><span class="p">(</span><span class="n">u</span><span class="p">)</span> <span class="p">}</span> </code></pre> </div> <h3> Refreshing Tokens </h3> <p>We know that each of our access tokens expires in 15 minutes. But we don't want our user to log in again and again after 15 minutes.<br> So this is where the refresh token comes into play. We need to refresh these access tokens. We can do this with the use of refresh tokens we made earlier. So now we have to make a new function called <em>GetAccessToken</em> that will refresh these access tokens.</p> <p>This function will follow the following steps:</p> <ol> <li>Fetch the refresh token from the cookies of the request.</li> <li>Parse the refresh token inside a Claim.</li> <li>Check if the database contains the token belonging to that particular user.</li> <li>If the token exists in the database, validate that token.</li> <li>If the token is valid then generate a new access token and create a new cookie for that access token and return it.</li> </ol> <p>So after following the about steps, our function will look like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="c">// GetAccessToken generates and sends a new access token iff there is a valid refresh token</span> <span class="k">func</span> <span class="n">GetAccessToken</span><span class="p">(</span><span class="n">c</span> <span class="o">*</span><span class="n">fiber</span><span class="o">.</span><span class="n">Ctx</span><span class="p">)</span> <span class="kt">error</span> <span class="p">{</span> <span class="n">refreshToken</span> <span class="o">:=</span> <span class="n">c</span><span class="o">.</span><span class="n">Cookies</span><span class="p">(</span><span class="s">"refresh_token"</span><span class="p">)</span> <span class="n">refreshClaims</span> <span class="o">:=</span> <span class="nb">new</span><span class="p">(</span><span class="n">models</span><span class="o">.</span><span class="n">Claims</span><span class="p">)</span> <span class="n">token</span><span class="p">,</span> <span class="n">_</span> <span class="o">:=</span> <span class="n">jwt</span><span class="o">.</span><span class="n">ParseWithClaims</span><span class="p">(</span><span class="n">refreshToken</span><span class="p">,</span> <span class="n">refreshClaims</span><span class="p">,</span> <span class="k">func</span><span class="p">(</span><span class="n">token</span> <span class="o">*</span><span class="n">jwt</span><span class="o">.</span><span class="n">Token</span><span class="p">)</span> <span class="p">(</span><span class="k">interface</span><span class="p">{},</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="n">jwtKey</span><span class="p">,</span> <span class="no">nil</span> <span class="p">})</span> <span class="k">if</span> <span class="n">res</span> <span class="o">:=</span> <span class="n">db</span><span class="o">.</span><span class="n">DB</span><span class="o">.</span><span class="n">Where</span><span class="p">(</span> <span class="s">"expires_at = ? AND issued_at = ? AND issuer = ?"</span><span class="p">,</span> <span class="n">refreshClaims</span><span class="o">.</span><span class="n">ExpiresAt</span><span class="p">,</span> <span class="n">refreshClaims</span><span class="o">.</span><span class="n">IssuedAt</span><span class="p">,</span> <span class="n">refreshClaims</span><span class="o">.</span><span class="n">Issuer</span><span class="p">,</span> <span class="p">)</span><span class="o">.</span><span class="n">First</span><span class="p">(</span><span class="o">&amp;</span><span class="n">models</span><span class="o">.</span><span class="n">Claims</span><span class="p">{});</span> <span class="n">res</span><span class="o">.</span><span class="n">RowsAffected</span> <span class="o">&lt;=</span> <span class="m">0</span> <span class="p">{</span> <span class="c">// no such refresh token exist in the database</span> <span class="n">c</span><span class="o">.</span><span class="n">ClearCookie</span><span class="p">(</span><span class="s">"access_token"</span><span class="p">,</span> <span class="s">"refresh_token"</span><span class="p">)</span> <span class="k">return</span> <span class="n">c</span><span class="o">.</span><span class="n">SendStatus</span><span class="p">(</span><span class="n">fiber</span><span class="o">.</span><span class="n">StatusForbidden</span><span class="p">)</span> <span class="p">}</span> <span class="k">if</span> <span class="n">token</span><span class="o">.</span><span class="n">Valid</span> <span class="p">{</span> <span class="k">if</span> <span class="n">refreshClaims</span><span class="o">.</span><span class="n">ExpiresAt</span> <span class="o">&lt;</span> <span class="n">time</span><span class="o">.</span><span class="n">Now</span><span class="p">()</span><span class="o">.</span><span class="n">Unix</span><span class="p">()</span> <span class="p">{</span> <span class="c">// refresh token is expired</span> <span class="n">c</span><span class="o">.</span><span class="n">ClearCookie</span><span class="p">(</span><span class="s">"access_token"</span><span class="p">,</span> <span class="s">"refresh_token"</span><span class="p">)</span> <span class="k">return</span> <span class="n">c</span><span class="o">.</span><span class="n">SendStatus</span><span class="p">(</span><span class="n">fiber</span><span class="o">.</span><span class="n">StatusForbidden</span><span class="p">)</span> <span class="p">}</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="c">// malformed refresh token</span> <span class="n">c</span><span class="o">.</span><span class="n">ClearCookie</span><span class="p">(</span><span class="s">"access_token"</span><span class="p">,</span> <span class="s">"refresh_token"</span><span class="p">)</span> <span class="k">return</span> <span class="n">c</span><span class="o">.</span><span class="n">SendStatus</span><span class="p">(</span><span class="n">fiber</span><span class="o">.</span><span class="n">StatusForbidden</span><span class="p">)</span> <span class="p">}</span> <span class="n">_</span><span class="p">,</span> <span class="n">accessToken</span> <span class="o">:=</span> <span class="n">util</span><span class="o">.</span><span class="n">GenerateAccessClaims</span><span class="p">(</span><span class="n">refreshClaims</span><span class="o">.</span><span class="n">Issuer</span><span class="p">)</span> <span class="n">c</span><span class="o">.</span><span class="n">Cookie</span><span class="p">(</span><span class="o">&amp;</span><span class="n">fiber</span><span class="o">.</span><span class="n">Cookie</span><span class="p">{</span> <span class="n">Name</span><span class="o">:</span> <span class="s">"access_token"</span><span class="p">,</span> <span class="n">Value</span><span class="o">:</span> <span class="n">accessToken</span><span class="p">,</span> <span class="n">Expires</span><span class="o">:</span> <span class="n">time</span><span class="o">.</span><span class="n">Now</span><span class="p">()</span><span class="o">.</span><span class="n">Add</span><span class="p">(</span><span class="m">24</span> <span class="o">*</span> <span class="n">time</span><span class="o">.</span><span class="n">Hour</span><span class="p">),</span> <span class="n">HTTPOnly</span><span class="o">:</span> <span class="no">true</span><span class="p">,</span> <span class="n">Secure</span><span class="o">:</span> <span class="no">true</span><span class="p">,</span> <span class="p">})</span> <span class="k">return</span> <span class="n">c</span><span class="o">.</span><span class="n">JSON</span><span class="p">(</span><span class="n">fiber</span><span class="o">.</span><span class="n">Map</span><span class="p">{</span><span class="s">"access_token"</span><span class="o">:</span> <span class="n">accessToken</span><span class="p">})</span> <span class="p">}</span> </code></pre> </div> <p>So now our Go Authentication Boilerplate is complete. If you want to take a look at the source code, <a href="https://github.com/mdfaizan7/go-authentication-boilerplate">here's a GitHub Repository for that</a>. If you like it, please give it a ⭐.</p> <h2> Conclusion </h2> <p>So this is it folks! This was my first experience writing a blog and giving back to a community that has given me so much more. This was a 3 Part series and I really enjoyed writing it. </p> <p><em>Thanks for reading! If you liked this article, please let me know and share it!</em> </p> go security beginners Creating JWT's and SignUp Route - Part[2/3] of Go Authentication series Faizan Sat, 31 Oct 2020 06:51:50 +0000 https://forem.com/mdfaizan7/creating-jwt-s-and-signup-route-part-2-3-of-go-authentication-series-5339 https://forem.com/mdfaizan7/creating-jwt-s-and-signup-route-part-2-3-of-go-authentication-series-5339 <p>In this part, we will configure the SignUp route for our server.</p> <h1> Getting Started </h1> <p>For the authentication process of the user, we will be using JSON Web Tokens(JWT's). I am gonna assume you know what a JWT is. If you want to learn about JWT, <a href="https://jwt.io/introduction/">here is a very good introduction to it</a>.</p> <p>We will first start by creating some new models inside our <strong>models/user.go</strong> file.</p> <p>We will need to add a model called <em>Claims</em> and a model called <em>UserErrors</em> inside the file. The <em>Claims</em> will contain the struct of the information that the JWT token will contain. And the <em>UserErrors</em> will contain the return body if there is an error during the registration process.</p> <p><strong>models/user.go</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">package</span> <span class="n">models</span> <span class="o">++</span> <span class="k">import</span> <span class="p">(</span> <span class="o">++</span> <span class="s">"github.com/dgrijalva/jwt-go"</span> <span class="o">++</span> <span class="p">)</span> <span class="c">// User represents a User schema</span> <span class="k">type</span> <span class="n">User</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">Base</span> <span class="n">Email</span> <span class="kt">string</span> <span class="s">`json:"email" gorm:"unique"`</span> <span class="n">Username</span> <span class="kt">string</span> <span class="s">`json:"username" gorm:"unique"`</span> <span class="n">Password</span> <span class="kt">string</span> <span class="s">`json:"password"`</span> <span class="p">}</span> <span class="o">++</span> <span class="c">// UserErrors represent the error format for user routes</span> <span class="o">++</span> <span class="k">type</span> <span class="n">UserErrors</span> <span class="k">struct</span> <span class="p">{</span> <span class="o">++</span> <span class="n">Err</span> <span class="kt">bool</span> <span class="s">`json:"error"`</span> <span class="o">++</span> <span class="n">Email</span> <span class="kt">string</span> <span class="s">`json:"email"`</span> <span class="o">++</span> <span class="n">Username</span> <span class="kt">string</span> <span class="s">`json:"username"`</span> <span class="o">++</span> <span class="n">Password</span> <span class="kt">string</span> <span class="s">`json:"password"`</span> <span class="o">++</span> <span class="p">}</span> <span class="o">++</span> <span class="c">// Claims represent the structure of the JWT token</span> <span class="o">++</span> <span class="k">type</span> <span class="n">Claims</span> <span class="k">struct</span> <span class="p">{</span> <span class="o">++</span> <span class="n">jwt</span><span class="o">.</span><span class="n">StandardClaims</span> <span class="o">++</span> <span class="n">ID</span> <span class="kt">uint</span> <span class="s">`gorm:"primaryKey"`</span> <span class="o">++</span> <span class="p">}</span> </code></pre> </div> <h2> Auto Migrate the data </h2> <p>Now that we will store data in our database we need to migrate our data. We will use the AutoMigrate function from Gorm for this.</p> <p><strong>database/postgres.go</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">package</span> <span class="n">database</span> <span class="k">import</span> <span class="p">(</span> <span class="s">"fmt"</span> <span class="s">"go-authentication-boilerplate/models"</span> <span class="s">"log"</span> <span class="s">"os"</span> <span class="s">"github.com/joho/godotenv"</span> <span class="s">"gorm.io/driver/postgres"</span> <span class="s">"gorm.io/gorm"</span> <span class="s">"gorm.io/gorm/logger"</span> <span class="p">)</span> <span class="c">// DB represents a Database instance</span> <span class="k">var</span> <span class="n">DB</span> <span class="o">*</span><span class="n">gorm</span><span class="o">.</span><span class="n">DB</span> <span class="c">// ConnectToDB connects the server with database</span> <span class="k">func</span> <span class="n">ConnectToDB</span><span class="p">()</span> <span class="p">{</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">godotenv</span><span class="o">.</span><span class="n">Load</span><span class="p">()</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">log</span><span class="o">.</span><span class="n">Fatal</span><span class="p">(</span><span class="s">"Error loading env file </span><span class="se">\n</span><span class="s">"</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span> <span class="p">}</span> <span class="n">dsn</span> <span class="o">:=</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Sprintf</span><span class="p">(</span><span class="s">"host=localhost user=%s password=%s dbname=%s port=%s sslmode=disable TimeZone=Asia/Kolkata"</span><span class="p">,</span> <span class="n">os</span><span class="o">.</span><span class="n">Getenv</span><span class="p">(</span><span class="s">"PSQL_USER"</span><span class="p">),</span> <span class="n">os</span><span class="o">.</span><span class="n">Getenv</span><span class="p">(</span><span class="s">"PSQL_PASS"</span><span class="p">),</span> <span class="n">os</span><span class="o">.</span><span class="n">Getenv</span><span class="p">(</span><span class="s">"PSQL_DBNAME"</span><span class="p">),</span> <span class="n">os</span><span class="o">.</span><span class="n">Getenv</span><span class="p">(</span><span class="s">"PSQL_PORT"</span><span class="p">))</span> <span class="n">log</span><span class="o">.</span><span class="n">Print</span><span class="p">(</span><span class="s">"Connecting to Postgres DB..."</span><span class="p">)</span> <span class="n">DB</span><span class="p">,</span> <span class="n">err</span> <span class="o">=</span> <span class="n">gorm</span><span class="o">.</span><span class="n">Open</span><span class="p">(</span><span class="n">postgres</span><span class="o">.</span><span class="n">Open</span><span class="p">(</span><span class="n">dsn</span><span class="p">),</span> <span class="o">&amp;</span><span class="n">gorm</span><span class="o">.</span><span class="n">Config</span><span class="p">{})</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">log</span><span class="o">.</span><span class="n">Fatal</span><span class="p">(</span><span class="s">"Failed to connect to database. </span><span class="se">\n</span><span class="s">"</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span> <span class="n">os</span><span class="o">.</span><span class="n">Exit</span><span class="p">(</span><span class="m">2</span><span class="p">)</span> <span class="p">}</span> <span class="n">log</span><span class="o">.</span><span class="n">Println</span><span class="p">(</span><span class="s">"connected"</span><span class="p">)</span> <span class="c">// turned on the loger on info mode</span> <span class="n">DB</span><span class="o">.</span><span class="n">Logger</span> <span class="o">=</span> <span class="n">logger</span><span class="o">.</span><span class="n">Default</span><span class="o">.</span><span class="n">LogMode</span><span class="p">(</span><span class="n">logger</span><span class="o">.</span><span class="n">Info</span><span class="p">)</span> <span class="o">++</span> <span class="n">log</span><span class="o">.</span><span class="n">Print</span><span class="p">(</span><span class="s">"Running the migrations..."</span><span class="p">)</span> <span class="o">++</span> <span class="n">DB</span><span class="o">.</span><span class="n">AutoMigrate</span><span class="p">(</span><span class="o">&amp;</span><span class="n">models</span><span class="o">.</span><span class="n">User</span><span class="p">{},</span> <span class="o">&amp;</span><span class="n">models</span><span class="o">.</span><span class="n">Claims</span><span class="p">{})</span> <span class="p">}</span> </code></pre> </div> <h3> Creating Utility Functions </h3> <p>We will be creating two tokens, an <strong>access_token</strong> and a <strong>refresh_token</strong>. We will create tokens using a Go library called <a href="https://github.com/dgrijalva/jwt-go">jwt-go</a>.</p> <p>Then we will create a middleware that validates the <em>access_token</em> stored in the Request's cookie then another function that returns token cookies when called.</p> <p>Now, we need to create a folder named <em>util</em>. Inside <em>util</em> we will create a new file called <em>auth.go</em>. Right now, this file will contain 5 different functions.</p> <ol> <li> <strong>GenerateTokens</strong> - This function will return access_token and refresh_token.</li> <li> <strong>GenerateAccessClaims</strong> - GenerateAccessClaims generates and returns a claim and a acess_token string. This will create an access token with an expiry of 15 minutes.</li> <li> <strong>GenerateRefreshClaims</strong> - GenerateRefreshClaims generates and returns a refresh_token string. This will create a refresh token with an expiry of 30 days.</li> <li> <strong>SecureAuth</strong> - SecureAuth returns a middleware which secures all the private routes. This middleware first validates the access_toke. If the token is valid then we will use <em>Locals</em> which is a method that stores variables scoped to the request. </li> <li> <strong>GetAuthCookies</strong> - GetAuthCookies sends two cookies of type access_token and refresh_token.</li> </ol> <p><strong>util/auth.go</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">package</span> <span class="n">util</span> <span class="k">import</span> <span class="p">(</span> <span class="n">db</span> <span class="s">"go-authentication-boilerplate/database"</span> <span class="s">"go-authentication-boilerplate/models"</span> <span class="s">"time"</span> <span class="s">"os"</span> <span class="s">"github.com/dgrijalva/jwt-go"</span> <span class="s">"github.com/gofiber/fiber/v2"</span> <span class="p">)</span> <span class="k">var</span> <span class="n">jwtKey</span> <span class="o">=</span> <span class="p">[]</span><span class="kt">byte</span><span class="p">(</span><span class="n">os</span><span class="o">.</span><span class="n">Getenv</span><span class="p">(</span><span class="s">"PRIV_KEY"</span><span class="p">))</span> <span class="c">// GenerateTokens returns the access and refresh tokens</span> <span class="k">func</span> <span class="n">GenerateTokens</span><span class="p">(</span><span class="n">uuid</span> <span class="kt">string</span><span class="p">)</span> <span class="p">(</span><span class="kt">string</span><span class="p">,</span> <span class="kt">string</span><span class="p">)</span> <span class="p">{</span> <span class="n">claim</span><span class="p">,</span> <span class="n">accessToken</span> <span class="o">:=</span> <span class="n">GenerateAccessClaims</span><span class="p">(</span><span class="n">uuid</span><span class="p">)</span> <span class="n">refreshToken</span> <span class="o">:=</span> <span class="n">GenerateRefreshClaims</span><span class="p">(</span><span class="n">claim</span><span class="p">)</span> <span class="k">return</span> <span class="n">accessToken</span><span class="p">,</span> <span class="n">refreshToken</span> <span class="p">}</span> <span class="c">// GenerateAccessClaims returns a claim and a acess_token string</span> <span class="k">func</span> <span class="n">GenerateAccessClaims</span><span class="p">(</span><span class="n">uuid</span> <span class="kt">string</span><span class="p">)</span> <span class="p">(</span><span class="o">*</span><span class="n">models</span><span class="o">.</span><span class="n">Claims</span><span class="p">,</span> <span class="kt">string</span><span class="p">)</span> <span class="p">{</span> <span class="n">t</span> <span class="o">:=</span> <span class="n">time</span><span class="o">.</span><span class="n">Now</span><span class="p">()</span> <span class="n">claim</span> <span class="o">:=</span> <span class="o">&amp;</span><span class="n">models</span><span class="o">.</span><span class="n">Claims</span><span class="p">{</span> <span class="n">StandardClaims</span><span class="o">:</span> <span class="n">jwt</span><span class="o">.</span><span class="n">StandardClaims</span><span class="p">{</span> <span class="n">Issuer</span><span class="o">:</span> <span class="n">uuid</span><span class="p">,</span> <span class="n">ExpiresAt</span><span class="o">:</span> <span class="n">t</span><span class="o">.</span><span class="n">Add</span><span class="p">(</span><span class="m">15</span> <span class="o">*</span> <span class="n">time</span><span class="o">.</span><span class="n">Minute</span><span class="p">)</span><span class="o">.</span><span class="n">Unix</span><span class="p">(),</span> <span class="n">Subject</span><span class="o">:</span> <span class="s">"access_token"</span><span class="p">,</span> <span class="n">IssuedAt</span><span class="o">:</span> <span class="n">t</span><span class="o">.</span><span class="n">Unix</span><span class="p">(),</span> <span class="p">},</span> <span class="p">}</span> <span class="n">token</span> <span class="o">:=</span> <span class="n">jwt</span><span class="o">.</span><span class="n">NewWithClaims</span><span class="p">(</span><span class="n">jwt</span><span class="o">.</span><span class="n">SigningMethodHS256</span><span class="p">,</span> <span class="n">claim</span><span class="p">)</span> <span class="n">tokenString</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">token</span><span class="o">.</span><span class="n">SignedString</span><span class="p">(</span><span class="n">jwtKey</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="nb">panic</span><span class="p">(</span><span class="n">err</span><span class="p">)</span> <span class="p">}</span> <span class="k">return</span> <span class="n">claim</span><span class="p">,</span> <span class="n">tokenString</span> <span class="p">}</span> <span class="c">// GenerateRefreshClaims returns refresh_token</span> <span class="k">func</span> <span class="n">GenerateRefreshClaims</span><span class="p">(</span><span class="n">cl</span> <span class="o">*</span><span class="n">models</span><span class="o">.</span><span class="n">Claims</span><span class="p">)</span> <span class="kt">string</span> <span class="p">{</span> <span class="n">result</span> <span class="o">:=</span> <span class="n">db</span><span class="o">.</span><span class="n">DB</span><span class="o">.</span><span class="n">Where</span><span class="p">(</span><span class="o">&amp;</span><span class="n">models</span><span class="o">.</span><span class="n">Claims</span><span class="p">{</span> <span class="n">StandardClaims</span><span class="o">:</span> <span class="n">jwt</span><span class="o">.</span><span class="n">StandardClaims</span><span class="p">{</span> <span class="n">Issuer</span><span class="o">:</span> <span class="n">cl</span><span class="o">.</span><span class="n">Issuer</span><span class="p">,</span> <span class="p">},</span> <span class="p">})</span><span class="o">.</span><span class="n">Find</span><span class="p">(</span><span class="o">&amp;</span><span class="n">models</span><span class="o">.</span><span class="n">Claims</span><span class="p">{})</span> <span class="c">// checking the number of refresh tokens stored.</span> <span class="c">// If the number is higher than 3, remove all the refresh tokens and leave only new one.</span> <span class="k">if</span> <span class="n">result</span><span class="o">.</span><span class="n">RowsAffected</span> <span class="o">&gt;</span> <span class="m">3</span> <span class="p">{</span> <span class="n">db</span><span class="o">.</span><span class="n">DB</span><span class="o">.</span><span class="n">Where</span><span class="p">(</span><span class="o">&amp;</span><span class="n">models</span><span class="o">.</span><span class="n">Claims</span><span class="p">{</span> <span class="n">StandardClaims</span><span class="o">:</span> <span class="n">jwt</span><span class="o">.</span><span class="n">StandardClaims</span><span class="p">{</span><span class="n">Issuer</span><span class="o">:</span> <span class="n">cl</span><span class="o">.</span><span class="n">Issuer</span><span class="p">},</span> <span class="p">})</span><span class="o">.</span><span class="n">Delete</span><span class="p">(</span><span class="o">&amp;</span><span class="n">models</span><span class="o">.</span><span class="n">Claims</span><span class="p">{})</span> <span class="p">}</span> <span class="n">t</span> <span class="o">:=</span> <span class="n">time</span><span class="o">.</span><span class="n">Now</span><span class="p">()</span> <span class="n">refreshClaim</span> <span class="o">:=</span> <span class="o">&amp;</span><span class="n">models</span><span class="o">.</span><span class="n">Claims</span><span class="p">{</span> <span class="n">StandardClaims</span><span class="o">:</span> <span class="n">jwt</span><span class="o">.</span><span class="n">StandardClaims</span><span class="p">{</span> <span class="n">Issuer</span><span class="o">:</span> <span class="n">cl</span><span class="o">.</span><span class="n">Issuer</span><span class="p">,</span> <span class="n">ExpiresAt</span><span class="o">:</span> <span class="n">t</span><span class="o">.</span><span class="n">Add</span><span class="p">(</span><span class="m">30</span> <span class="o">*</span> <span class="m">24</span> <span class="o">*</span> <span class="n">time</span><span class="o">.</span><span class="n">Hour</span><span class="p">)</span><span class="o">.</span><span class="n">Unix</span><span class="p">(),</span> <span class="n">Subject</span><span class="o">:</span> <span class="s">"refresh_token"</span><span class="p">,</span> <span class="n">IssuedAt</span><span class="o">:</span> <span class="n">t</span><span class="o">.</span><span class="n">Unix</span><span class="p">(),</span> <span class="p">},</span> <span class="p">}</span> <span class="c">// create a claim on DB</span> <span class="n">db</span><span class="o">.</span><span class="n">DB</span><span class="o">.</span><span class="n">Create</span><span class="p">(</span><span class="o">&amp;</span><span class="n">refreshClaim</span><span class="p">)</span> <span class="n">refreshToken</span> <span class="o">:=</span> <span class="n">jwt</span><span class="o">.</span><span class="n">NewWithClaims</span><span class="p">(</span><span class="n">jwt</span><span class="o">.</span><span class="n">SigningMethodHS256</span><span class="p">,</span> <span class="n">refreshClaim</span><span class="p">)</span> <span class="n">refreshTokenString</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">refreshToken</span><span class="o">.</span><span class="n">SignedString</span><span class="p">(</span><span class="n">jwtKey</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="nb">panic</span><span class="p">(</span><span class="n">err</span><span class="p">)</span> <span class="p">}</span> <span class="k">return</span> <span class="n">refreshTokenString</span> <span class="p">}</span> <span class="c">// SecureAuth returns a middleware which secures all the private routes</span> <span class="k">func</span> <span class="n">SecureAuth</span><span class="p">()</span> <span class="k">func</span><span class="p">(</span><span class="o">*</span><span class="n">fiber</span><span class="o">.</span><span class="n">Ctx</span><span class="p">)</span> <span class="kt">error</span> <span class="p">{</span> <span class="k">return</span> <span class="k">func</span><span class="p">(</span><span class="n">c</span> <span class="o">*</span><span class="n">fiber</span><span class="o">.</span><span class="n">Ctx</span><span class="p">)</span> <span class="kt">error</span> <span class="p">{</span> <span class="n">accessToken</span> <span class="o">:=</span> <span class="n">c</span><span class="o">.</span><span class="n">Cookies</span><span class="p">(</span><span class="s">"access_token"</span><span class="p">)</span> <span class="n">claims</span> <span class="o">:=</span> <span class="nb">new</span><span class="p">(</span><span class="n">models</span><span class="o">.</span><span class="n">Claims</span><span class="p">)</span> <span class="n">token</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">jwt</span><span class="o">.</span><span class="n">ParseWithClaims</span><span class="p">(</span><span class="n">accessToken</span><span class="p">,</span> <span class="n">claims</span><span class="p">,</span> <span class="k">func</span><span class="p">(</span><span class="n">token</span> <span class="o">*</span><span class="n">jwt</span><span class="o">.</span><span class="n">Token</span><span class="p">)</span> <span class="p">(</span><span class="k">interface</span><span class="p">{},</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="n">jwtKey</span><span class="p">,</span> <span class="no">nil</span> <span class="p">})</span> <span class="k">if</span> <span class="n">token</span><span class="o">.</span><span class="n">Valid</span> <span class="p">{</span> <span class="k">if</span> <span class="n">claims</span><span class="o">.</span><span class="n">ExpiresAt</span> <span class="o">&lt;</span> <span class="n">time</span><span class="o">.</span><span class="n">Now</span><span class="p">()</span><span class="o">.</span><span class="n">Unix</span><span class="p">()</span> <span class="p">{</span> <span class="k">return</span> <span class="n">c</span><span class="o">.</span><span class="n">Status</span><span class="p">(</span><span class="n">fiber</span><span class="o">.</span><span class="n">StatusUnauthorized</span><span class="p">)</span><span class="o">.</span><span class="n">JSON</span><span class="p">(</span><span class="n">fiber</span><span class="o">.</span><span class="n">Map</span><span class="p">{</span> <span class="s">"error"</span><span class="o">:</span> <span class="no">true</span><span class="p">,</span> <span class="s">"general"</span><span class="o">:</span> <span class="s">"Token Expired"</span><span class="p">,</span> <span class="p">})</span> <span class="p">}</span> <span class="p">}</span> <span class="k">else</span> <span class="k">if</span> <span class="n">ve</span><span class="p">,</span> <span class="n">ok</span> <span class="o">:=</span> <span class="n">err</span><span class="o">.</span><span class="p">(</span><span class="o">*</span><span class="n">jwt</span><span class="o">.</span><span class="n">ValidationError</span><span class="p">);</span> <span class="n">ok</span> <span class="p">{</span> <span class="k">if</span> <span class="n">ve</span><span class="o">.</span><span class="n">Errors</span><span class="o">&amp;</span><span class="n">jwt</span><span class="o">.</span><span class="n">ValidationErrorMalformed</span> <span class="o">!=</span> <span class="m">0</span> <span class="p">{</span> <span class="c">// this is not even a token, we should delete the cookies here</span> <span class="n">c</span><span class="o">.</span><span class="n">ClearCookie</span><span class="p">(</span><span class="s">"access_token"</span><span class="p">,</span> <span class="s">"refresh_token"</span><span class="p">)</span> <span class="k">return</span> <span class="n">c</span><span class="o">.</span><span class="n">SendStatus</span><span class="p">(</span><span class="n">fiber</span><span class="o">.</span><span class="n">StatusForbidden</span><span class="p">)</span> <span class="p">}</span> <span class="k">else</span> <span class="k">if</span> <span class="n">ve</span><span class="o">.</span><span class="n">Errors</span><span class="o">&amp;</span><span class="p">(</span><span class="n">jwt</span><span class="o">.</span><span class="n">ValidationErrorExpired</span><span class="o">|</span><span class="n">jwt</span><span class="o">.</span><span class="n">ValidationErrorNotValidYet</span><span class="p">)</span> <span class="o">!=</span> <span class="m">0</span> <span class="p">{</span> <span class="c">// Token is either expired or not active yet</span> <span class="k">return</span> <span class="n">c</span><span class="o">.</span><span class="n">SendStatus</span><span class="p">(</span><span class="n">fiber</span><span class="o">.</span><span class="n">StatusUnauthorized</span><span class="p">)</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="c">// cannot handle this token</span> <span class="n">c</span><span class="o">.</span><span class="n">ClearCookie</span><span class="p">(</span><span class="s">"access_token"</span><span class="p">,</span> <span class="s">"refresh_token"</span><span class="p">)</span> <span class="k">return</span> <span class="n">c</span><span class="o">.</span><span class="n">SendStatus</span><span class="p">(</span><span class="n">fiber</span><span class="o">.</span><span class="n">StatusForbidden</span><span class="p">)</span> <span class="p">}</span> <span class="p">}</span> <span class="n">c</span><span class="o">.</span><span class="n">Locals</span><span class="p">(</span><span class="s">"id"</span><span class="p">,</span> <span class="n">claims</span><span class="o">.</span><span class="n">Issuer</span><span class="p">)</span> <span class="k">return</span> <span class="n">c</span><span class="o">.</span><span class="n">Next</span><span class="p">()</span> <span class="p">}</span> <span class="p">}</span> <span class="c">// GetAuthCookies sends two cookies of type access_token and refresh_token</span> <span class="k">func</span> <span class="n">GetAuthCookies</span><span class="p">(</span><span class="n">accessToken</span><span class="p">,</span> <span class="n">refreshToken</span> <span class="kt">string</span><span class="p">)</span> <span class="p">(</span><span class="o">*</span><span class="n">fiber</span><span class="o">.</span><span class="n">Cookie</span><span class="p">,</span> <span class="o">*</span><span class="n">fiber</span><span class="o">.</span><span class="n">Cookie</span><span class="p">)</span> <span class="p">{</span> <span class="n">accessCookie</span> <span class="o">:=</span> <span class="o">&amp;</span><span class="n">fiber</span><span class="o">.</span><span class="n">Cookie</span><span class="p">{</span> <span class="n">Name</span><span class="o">:</span> <span class="s">"access_token"</span><span class="p">,</span> <span class="n">Value</span><span class="o">:</span> <span class="n">accessToken</span><span class="p">,</span> <span class="n">Expires</span><span class="o">:</span> <span class="n">time</span><span class="o">.</span><span class="n">Now</span><span class="p">()</span><span class="o">.</span><span class="n">Add</span><span class="p">(</span><span class="m">24</span> <span class="o">*</span> <span class="n">time</span><span class="o">.</span><span class="n">Hour</span><span class="p">),</span> <span class="n">HTTPOnly</span><span class="o">:</span> <span class="no">true</span><span class="p">,</span> <span class="n">Secure</span><span class="o">:</span> <span class="no">true</span><span class="p">,</span> <span class="p">}</span> <span class="n">refreshCookie</span> <span class="o">:=</span> <span class="o">&amp;</span><span class="n">fiber</span><span class="o">.</span><span class="n">Cookie</span><span class="p">{</span> <span class="n">Name</span><span class="o">:</span> <span class="s">"refresh_token"</span><span class="p">,</span> <span class="n">Value</span><span class="o">:</span> <span class="n">refreshToken</span><span class="p">,</span> <span class="n">Expires</span><span class="o">:</span> <span class="n">time</span><span class="o">.</span><span class="n">Now</span><span class="p">()</span><span class="o">.</span><span class="n">Add</span><span class="p">(</span><span class="m">10</span> <span class="o">*</span> <span class="m">24</span> <span class="o">*</span> <span class="n">time</span><span class="o">.</span><span class="n">Hour</span><span class="p">),</span> <span class="n">HTTPOnly</span><span class="o">:</span> <span class="no">true</span><span class="p">,</span> <span class="n">Secure</span><span class="o">:</span> <span class="no">true</span><span class="p">,</span> <span class="p">}</span> <span class="k">return</span> <span class="n">accessCookie</span><span class="p">,</span> <span class="n">refreshCookie</span> <span class="p">}</span> </code></pre> </div> <p>Now, we will need to create some validator functions to validate the input send while registering the user.</p> <p>So we do this by creating a new file called <em>validators.go</em> inside the <em>util</em> folder.</p> <p><strong>util/validators.go</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">package</span> <span class="n">util</span> <span class="k">import</span> <span class="p">(</span> <span class="s">"go-authentication-boilerplate/models"</span> <span class="s">"regexp"</span> <span class="n">valid</span> <span class="s">"github.com/asaskevich/govalidator"</span> <span class="p">)</span> <span class="c">// IsEmpty checks if a string is empty</span> <span class="k">func</span> <span class="n">IsEmpty</span><span class="p">(</span><span class="n">str</span> <span class="kt">string</span><span class="p">)</span> <span class="p">(</span><span class="kt">bool</span><span class="p">,</span> <span class="kt">string</span><span class="p">)</span> <span class="p">{</span> <span class="k">if</span> <span class="n">valid</span><span class="o">.</span><span class="n">HasWhitespaceOnly</span><span class="p">(</span><span class="n">str</span><span class="p">)</span> <span class="o">&amp;&amp;</span> <span class="n">str</span> <span class="o">!=</span> <span class="s">""</span> <span class="p">{</span> <span class="k">return</span> <span class="no">true</span><span class="p">,</span> <span class="s">"Must not be empty"</span> <span class="p">}</span> <span class="k">return</span> <span class="no">false</span><span class="p">,</span> <span class="s">""</span> <span class="p">}</span> <span class="c">// ValidateRegister func validates the body of user for registration</span> <span class="k">func</span> <span class="n">ValidateRegister</span><span class="p">(</span><span class="n">u</span> <span class="o">*</span><span class="n">models</span><span class="o">.</span><span class="n">User</span><span class="p">)</span> <span class="o">*</span><span class="n">models</span><span class="o">.</span><span class="n">UserErrors</span> <span class="p">{</span> <span class="n">e</span> <span class="o">:=</span> <span class="o">&amp;</span><span class="n">models</span><span class="o">.</span><span class="n">UserErrors</span><span class="p">{}</span> <span class="n">e</span><span class="o">.</span><span class="n">Err</span><span class="p">,</span> <span class="n">e</span><span class="o">.</span><span class="n">Username</span> <span class="o">=</span> <span class="n">IsEmpty</span><span class="p">(</span><span class="n">u</span><span class="o">.</span><span class="n">Username</span><span class="p">)</span> <span class="k">if</span> <span class="o">!</span><span class="n">valid</span><span class="o">.</span><span class="n">IsEmail</span><span class="p">(</span><span class="n">u</span><span class="o">.</span><span class="n">Email</span><span class="p">)</span> <span class="p">{</span> <span class="n">e</span><span class="o">.</span><span class="n">Err</span><span class="p">,</span> <span class="n">e</span><span class="o">.</span><span class="n">Email</span> <span class="o">=</span> <span class="no">true</span><span class="p">,</span> <span class="s">"Must be a valid email"</span> <span class="p">}</span> <span class="n">re</span> <span class="o">:=</span> <span class="n">regexp</span><span class="o">.</span><span class="n">MustCompile</span><span class="p">(</span><span class="s">"</span><span class="se">\\</span><span class="s">d"</span><span class="p">)</span> <span class="c">// regex check for at least one integer in string</span> <span class="k">if</span> <span class="o">!</span><span class="p">(</span><span class="nb">len</span><span class="p">(</span><span class="n">u</span><span class="o">.</span><span class="n">Password</span><span class="p">)</span> <span class="o">&gt;=</span> <span class="m">8</span> <span class="o">&amp;&amp;</span> <span class="n">valid</span><span class="o">.</span><span class="n">HasLowerCase</span><span class="p">(</span><span class="n">u</span><span class="o">.</span><span class="n">Password</span><span class="p">)</span> <span class="o">&amp;&amp;</span> <span class="n">valid</span><span class="o">.</span><span class="n">HasUpperCase</span><span class="p">(</span><span class="n">u</span><span class="o">.</span><span class="n">Password</span><span class="p">)</span> <span class="o">&amp;&amp;</span> <span class="n">re</span><span class="o">.</span><span class="n">MatchString</span><span class="p">(</span><span class="n">u</span><span class="o">.</span><span class="n">Password</span><span class="p">))</span> <span class="p">{</span> <span class="n">e</span><span class="o">.</span><span class="n">Err</span><span class="p">,</span> <span class="n">e</span><span class="o">.</span><span class="n">Password</span> <span class="o">=</span> <span class="no">true</span><span class="p">,</span> <span class="s">"Length of password should be atleast 8 and it must be a combination of uppercase letters, lowercase letters and numbers"</span> <span class="p">}</span> <span class="k">return</span> <span class="n">e</span> <span class="p">}</span> </code></pre> </div> <h3> Creating a SignUp Route </h3> <p>First, we will modify the SetupRoutes function inside <em>router/setup.go</em> file.</p> <p><strong>router/setup.go</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">package</span> <span class="n">router</span> <span class="k">import</span> <span class="p">(</span> <span class="s">"github.com/gofiber/fiber/v2"</span> <span class="p">)</span> <span class="o">++</span> <span class="c">// USER handles all the user routes</span> <span class="o">++</span> <span class="k">var</span> <span class="n">USER</span> <span class="n">fiber</span><span class="o">.</span><span class="n">Router</span> <span class="c">// SetupRoutes setups all the Routes</span> <span class="k">func</span> <span class="n">SetupRoutes</span><span class="p">(</span><span class="n">app</span> <span class="o">*</span><span class="n">fiber</span><span class="o">.</span><span class="n">App</span><span class="p">)</span> <span class="p">{</span> <span class="n">api</span> <span class="o">:=</span> <span class="n">app</span><span class="o">.</span><span class="n">Group</span><span class="p">(</span><span class="s">"/api"</span><span class="p">)</span> <span class="o">++</span> <span class="n">USER</span> <span class="o">=</span> <span class="n">api</span><span class="o">.</span><span class="n">Group</span><span class="p">(</span><span class="s">"/user"</span><span class="p">)</span> <span class="o">++</span> <span class="n">SetupUserRoutes</span><span class="p">()</span> <span class="p">}</span> </code></pre> </div> <p>Now we will create a new file called <em>users.go</em> inside the <em>router</em> folder.</p> <p>Next, we will create our SignUp route(finally!) inside that file. <br> We will use the following steps to register the user:</p> <ol> <li>Parse the input data into a User model struct.</li> <li>Validate the input by calling the <em>ValidateRegister</em> function from <em>util/validators.go</em>.</li> <li>Check that the email and username are unique.</li> <li>If all is well till now, then hash the password using <a href="https://godoc.org/golang.org/x/crypto/bcrypt">bcrypt</a> library with a random salt.</li> <li>Now, register the user inside our Database and generate the access and refresh tokens.</li> <li>Set the access and refresh token as cookies with httpOnly and secure flag.</li> <li>Return the tokens.</li> </ol> <p>Following all these steps, our <em>router/user.go</em> file will look like this:</p> <p><strong>router/user.go</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">package</span> <span class="n">router</span> <span class="k">import</span> <span class="p">(</span> <span class="n">db</span> <span class="s">"go-authentication-boilerplate/database"</span> <span class="s">"go-authentication-boilerplate/models"</span> <span class="s">"go-authentication-boilerplate/util"</span> <span class="s">"math/rand"</span> <span class="s">"time"</span> <span class="s">"golang.org/x/crypto/bcrypt"</span> <span class="s">"github.com/dgrijalva/jwt-go"</span> <span class="s">"github.com/gofiber/fiber/v2"</span> <span class="p">)</span> <span class="k">var</span> <span class="n">jwtKey</span> <span class="o">=</span> <span class="p">[]</span><span class="kt">byte</span><span class="p">(</span><span class="n">os</span><span class="o">.</span><span class="n">Getenv</span><span class="p">(</span><span class="s">"PRIV_KEY"</span><span class="p">))</span> <span class="c">// SetupUserRoutes func sets up all the user routes</span> <span class="k">func</span> <span class="n">SetupUserRoutes</span><span class="p">()</span> <span class="p">{</span> <span class="n">USER</span><span class="o">.</span><span class="n">Post</span><span class="p">(</span><span class="s">"/signup"</span><span class="p">,</span> <span class="n">CreateUser</span><span class="p">)</span> <span class="c">// Sign Up a user</span> <span class="p">}</span> <span class="c">// CreateUser route registers a User into the database</span> <span class="k">func</span> <span class="n">CreateUser</span><span class="p">(</span><span class="n">c</span> <span class="o">*</span><span class="n">fiber</span><span class="o">.</span><span class="n">Ctx</span><span class="p">)</span> <span class="kt">error</span> <span class="p">{</span> <span class="n">u</span> <span class="o">:=</span> <span class="nb">new</span><span class="p">(</span><span class="n">models</span><span class="o">.</span><span class="n">User</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">c</span><span class="o">.</span><span class="n">BodyParser</span><span class="p">(</span><span class="n">u</span><span class="p">);</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="n">c</span><span class="o">.</span><span class="n">JSON</span><span class="p">(</span><span class="n">fiber</span><span class="o">.</span><span class="n">Map</span><span class="p">{</span> <span class="s">"error"</span><span class="o">:</span> <span class="no">true</span><span class="p">,</span> <span class="s">"input"</span><span class="o">:</span> <span class="s">"Please review your input"</span><span class="p">,</span> <span class="p">})</span> <span class="p">}</span> <span class="c">// validate if the email, username and password are in correct format</span> <span class="n">errors</span> <span class="o">:=</span> <span class="n">util</span><span class="o">.</span><span class="n">ValidateRegister</span><span class="p">(</span><span class="n">u</span><span class="p">)</span> <span class="k">if</span> <span class="n">errors</span><span class="o">.</span><span class="n">Err</span> <span class="p">{</span> <span class="k">return</span> <span class="n">c</span><span class="o">.</span><span class="n">JSON</span><span class="p">(</span><span class="n">errors</span><span class="p">)</span> <span class="p">}</span> <span class="k">if</span> <span class="n">count</span> <span class="o">:=</span> <span class="n">db</span><span class="o">.</span><span class="n">DB</span><span class="o">.</span><span class="n">Where</span><span class="p">(</span><span class="o">&amp;</span><span class="n">models</span><span class="o">.</span><span class="n">User</span><span class="p">{</span><span class="n">Email</span><span class="o">:</span> <span class="n">u</span><span class="o">.</span><span class="n">Email</span><span class="p">})</span><span class="o">.</span><span class="n">First</span><span class="p">(</span><span class="nb">new</span><span class="p">(</span><span class="n">models</span><span class="o">.</span><span class="n">User</span><span class="p">))</span><span class="o">.</span><span class="n">RowsAffected</span><span class="p">;</span> <span class="n">count</span> <span class="o">&gt;</span> <span class="m">0</span> <span class="p">{</span> <span class="n">errors</span><span class="o">.</span><span class="n">Err</span><span class="p">,</span> <span class="n">errors</span><span class="o">.</span><span class="n">Email</span> <span class="o">=</span> <span class="no">true</span><span class="p">,</span> <span class="s">"Email is already registered"</span> <span class="p">}</span> <span class="k">if</span> <span class="n">count</span> <span class="o">:=</span> <span class="n">db</span><span class="o">.</span><span class="n">DB</span><span class="o">.</span><span class="n">Where</span><span class="p">(</span><span class="o">&amp;</span><span class="n">models</span><span class="o">.</span><span class="n">User</span><span class="p">{</span><span class="n">Username</span><span class="o">:</span> <span class="n">u</span><span class="o">.</span><span class="n">Username</span><span class="p">})</span><span class="o">.</span><span class="n">First</span><span class="p">(</span><span class="nb">new</span><span class="p">(</span><span class="n">models</span><span class="o">.</span><span class="n">User</span><span class="p">))</span><span class="o">.</span><span class="n">RowsAffected</span><span class="p">;</span> <span class="n">count</span> <span class="o">&gt;</span> <span class="m">0</span> <span class="p">{</span> <span class="n">errors</span><span class="o">.</span><span class="n">Err</span><span class="p">,</span> <span class="n">errors</span><span class="o">.</span><span class="n">Username</span> <span class="o">=</span> <span class="no">true</span><span class="p">,</span> <span class="s">"Username is already registered"</span> <span class="p">}</span> <span class="k">if</span> <span class="n">errors</span><span class="o">.</span><span class="n">Err</span> <span class="p">{</span> <span class="k">return</span> <span class="n">c</span><span class="o">.</span><span class="n">JSON</span><span class="p">(</span><span class="n">errors</span><span class="p">)</span> <span class="p">}</span> <span class="c">// Hashing the password with a random salt</span> <span class="n">password</span> <span class="o">:=</span> <span class="p">[]</span><span class="kt">byte</span><span class="p">(</span><span class="n">u</span><span class="o">.</span><span class="n">Password</span><span class="p">)</span> <span class="n">hashedPassword</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">bcrypt</span><span class="o">.</span><span class="n">GenerateFromPassword</span><span class="p">(</span> <span class="n">password</span><span class="p">,</span> <span class="n">rand</span><span class="o">.</span><span class="n">Intn</span><span class="p">(</span><span class="n">bcrypt</span><span class="o">.</span><span class="n">MaxCost</span><span class="o">-</span><span class="n">bcrypt</span><span class="o">.</span><span class="n">MinCost</span><span class="p">)</span><span class="o">+</span><span class="n">bcrypt</span><span class="o">.</span><span class="n">MinCost</span><span class="p">,</span> <span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="nb">panic</span><span class="p">(</span><span class="n">err</span><span class="p">)</span> <span class="p">}</span> <span class="n">u</span><span class="o">.</span><span class="n">Password</span> <span class="o">=</span> <span class="kt">string</span><span class="p">(</span><span class="n">hashedPassword</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">db</span><span class="o">.</span><span class="n">DB</span><span class="o">.</span><span class="n">Create</span><span class="p">(</span><span class="o">&amp;</span><span class="n">u</span><span class="p">)</span><span class="o">.</span><span class="n">Error</span><span class="p">;</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="n">c</span><span class="o">.</span><span class="n">JSON</span><span class="p">(</span><span class="n">fiber</span><span class="o">.</span><span class="n">Map</span><span class="p">{</span> <span class="s">"error"</span><span class="o">:</span> <span class="no">true</span><span class="p">,</span> <span class="s">"general"</span><span class="o">:</span> <span class="s">"Something went wrong, please try again later. 😕"</span><span class="p">,</span> <span class="p">})</span> <span class="p">}</span> <span class="c">// setting up the authorization cookies</span> <span class="n">accessToken</span><span class="p">,</span> <span class="n">refreshToken</span> <span class="o">:=</span> <span class="n">util</span><span class="o">.</span><span class="n">GenerateTokens</span><span class="p">(</span><span class="n">u</span><span class="o">.</span><span class="n">UUID</span><span class="o">.</span><span class="n">String</span><span class="p">())</span> <span class="n">accessCookie</span><span class="p">,</span> <span class="n">refreshCookie</span> <span class="o">:=</span> <span class="n">util</span><span class="o">.</span><span class="n">GetAuthCookies</span><span class="p">(</span><span class="n">accessToken</span><span class="p">,</span> <span class="n">refreshToken</span><span class="p">)</span> <span class="n">c</span><span class="o">.</span><span class="n">Cookie</span><span class="p">(</span><span class="n">accessCookie</span><span class="p">)</span> <span class="n">c</span><span class="o">.</span><span class="n">Cookie</span><span class="p">(</span><span class="n">refreshCookie</span><span class="p">)</span> <span class="k">return</span> <span class="n">c</span><span class="o">.</span><span class="n">Status</span><span class="p">(</span><span class="n">fiber</span><span class="o">.</span><span class="n">StatusOK</span><span class="p">)</span><span class="o">.</span><span class="n">JSON</span><span class="p">(</span><span class="n">fiber</span><span class="o">.</span><span class="n">Map</span><span class="p">{</span> <span class="s">"access_token"</span><span class="o">:</span> <span class="n">accessToken</span><span class="p">,</span> <span class="s">"refresh_token"</span><span class="o">:</span> <span class="n">refreshToken</span><span class="p">,</span> <span class="p">})</span> <span class="p">}</span> </code></pre> </div> <p>Now that we have created our SignUp Route, we can start working on our SignIn route on the next Part.</p> <p><em>Thanks for reading! If you liked this article, please let me know and share it!</em> </p> go security beginners Create a server with PostgreSQL in Go - Part[1/3] of Go Authentication series Faizan Sat, 31 Oct 2020 06:51:36 +0000 https://forem.com/mdfaizan7/create-a-server-with-postgresql-in-go-part-1-3-of-go-authentication-series-3127 https://forem.com/mdfaizan7/create-a-server-with-postgresql-in-go-part-1-3-of-go-authentication-series-3127 <p>In this tutorial, you will learn how to make an authentication boilerplate with <a href="https://golang.org/doc/">Go</a>. We will use <a href="https://gofiber.io/">GoFiber</a> and <a href="https://www.postgresql.org/docs/">PostgreSQL</a>. We will go from the ground up to build this project.</p> <h1> Getting Started </h1> <p>You need to have at least go 1.11 installed on your system we will use go mod to support versioning.</p> <h3> 1. Create a Simple Server </h3> <p>Let us first create a simple Go API to start with. We will use Fiber which is an Express-inspired web framework written in Go.</p> <p>So first of all, create a new directory called <code>go-authentication-boilerplate</code> and then <code>cd</code> into it.<br> After that run <code>go mod init</code> to build the go modules inside our app. More information on go modules can be found <a href="https://blog.golang.org/using-go-modules">here</a>.</p> <p>Now, create a file named: <em>main.go</em> inside our home directory.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">package</span> <span class="n">main</span> <span class="k">import</span> <span class="p">(</span> <span class="s">"log"</span> <span class="s">"github.com/gofiber/fiber/v2"</span> <span class="s">"github.com/gofiber/fiber/v2/middleware/cors"</span> <span class="p">)</span> <span class="c">// CreateServer creates a new Fiber instance</span> <span class="k">func</span> <span class="n">CreateServer</span><span class="p">()</span> <span class="o">*</span><span class="n">fiber</span><span class="o">.</span><span class="n">App</span> <span class="p">{</span> <span class="n">app</span> <span class="o">:=</span> <span class="n">fiber</span><span class="o">.</span><span class="n">New</span><span class="p">()</span> <span class="k">return</span> <span class="n">app</span> <span class="p">}</span> <span class="k">func</span> <span class="n">main</span><span class="p">()</span> <span class="p">{</span> <span class="n">app</span> <span class="o">:=</span> <span class="n">CreateServer</span><span class="p">()</span> <span class="n">app</span><span class="o">.</span><span class="n">Use</span><span class="p">(</span><span class="n">cors</span><span class="o">.</span><span class="n">New</span><span class="p">())</span> <span class="n">app</span><span class="o">.</span><span class="n">Get</span><span class="p">(</span><span class="s">"/hello"</span><span class="p">,</span> <span class="k">func</span><span class="p">(</span><span class="n">c</span> <span class="o">*</span><span class="n">fiber</span><span class="o">.</span><span class="n">Ctx</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="n">c</span><span class="o">.</span><span class="n">SendString</span><span class="p">(</span><span class="s">"Hello, World!"</span><span class="p">)</span> <span class="p">}</span> <span class="c">// 404 Handler</span> <span class="n">app</span><span class="o">.</span><span class="n">Use</span><span class="p">(</span><span class="k">func</span><span class="p">(</span><span class="n">c</span> <span class="o">*</span><span class="n">fiber</span><span class="o">.</span><span class="n">Ctx</span><span class="p">)</span> <span class="kt">error</span> <span class="p">{</span> <span class="k">return</span> <span class="n">c</span><span class="o">.</span><span class="n">SendStatus</span><span class="p">(</span><span class="m">404</span><span class="p">)</span> <span class="c">// =&gt; 404 "Not Found"</span> <span class="p">})</span> <span class="n">log</span><span class="o">.</span><span class="n">Fatal</span><span class="p">(</span><span class="n">app</span><span class="o">.</span><span class="n">Listen</span><span class="p">(</span><span class="s">":3000"</span><span class="p">))</span> <span class="p">}</span> </code></pre> </div> <p>Now, run this server with the command <code>go run main.go</code> and go to <code>http://localhost:3000/hello</code>. You will see a <em>Hello, World!</em> text there.</p> <h3> 2. Connect PostgreSQL with the server. </h3> <p>First of all, we need to create a database. Let us name our database <strong>go-auth</strong>. We can create a database either with bash/zsh or with psql by running the following commands:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>createdb go-auth <span class="c"># in bash/zsh</span> CREATE DATABASE go-auth<span class="p">;</span> <span class="c"># in psql </span> </code></pre> </div> <p>We are going to use <a href="https://gorm.io/index.html">Gorm</a> to connect our server with our database. Gorm is an ORM library for Golang.</p> <p>Now we will store some environment variables inside a <em>.env</em>. A sample <em>.env</em> file for this project would look like:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>PSQL_USER=postgres PSQL_PASS=postgres PSQL_DBNAME=go-auth PSQL_PORT=5432 </code></pre> </div> <p>Now, we create a new file called postgres.go inside a new directory called database. Here, we will create our database session and export it from this package for other packages to use. We are also going to use <a href="https://github.com/joho/godotenv">godotenv</a> to use the environment variables inside this file. Then we will call this function from our <em><strong>main</strong></em> function to instantiate the database.</p> <p><strong>database/postgres.go</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">package</span> <span class="n">database</span> <span class="k">import</span> <span class="p">(</span> <span class="s">"fmt"</span> <span class="s">"go-authentication-boilerplate/models"</span> <span class="s">"log"</span> <span class="s">"os"</span> <span class="s">"github.com/joho/godotenv"</span> <span class="s">"gorm.io/driver/postgres"</span> <span class="s">"gorm.io/gorm"</span> <span class="s">"gorm.io/gorm/logger"</span> <span class="p">)</span> <span class="c">// DB represents a Database instance</span> <span class="k">var</span> <span class="n">DB</span> <span class="o">*</span><span class="n">gorm</span><span class="o">.</span><span class="n">DB</span> <span class="c">// ConnectToDB connects the server with database</span> <span class="k">func</span> <span class="n">ConnectToDB</span><span class="p">()</span> <span class="p">{</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">godotenv</span><span class="o">.</span><span class="n">Load</span><span class="p">()</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">log</span><span class="o">.</span><span class="n">Fatal</span><span class="p">(</span><span class="s">"Error loading env file </span><span class="se">\n</span><span class="s">"</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span> <span class="p">}</span> <span class="n">dsn</span> <span class="o">:=</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Sprintf</span><span class="p">(</span><span class="s">"host=localhost user=%s password=%s dbname=%s port=%s sslmode=disable TimeZone=Asia/Kolkata"</span><span class="p">,</span> <span class="n">os</span><span class="o">.</span><span class="n">Getenv</span><span class="p">(</span><span class="s">"PSQL_USER"</span><span class="p">),</span> <span class="n">os</span><span class="o">.</span><span class="n">Getenv</span><span class="p">(</span><span class="s">"PSQL_PASS"</span><span class="p">),</span> <span class="n">os</span><span class="o">.</span><span class="n">Getenv</span><span class="p">(</span><span class="s">"PSQL_DBNAME"</span><span class="p">),</span> <span class="n">os</span><span class="o">.</span><span class="n">Getenv</span><span class="p">(</span><span class="s">"PSQL_PORT"</span><span class="p">))</span> <span class="n">log</span><span class="o">.</span><span class="n">Print</span><span class="p">(</span><span class="s">"Connecting to PostgreSQL DB..."</span><span class="p">)</span> <span class="n">DB</span><span class="p">,</span> <span class="n">err</span> <span class="o">=</span> <span class="n">gorm</span><span class="o">.</span><span class="n">Open</span><span class="p">(</span><span class="n">postgres</span><span class="o">.</span><span class="n">Open</span><span class="p">(</span><span class="n">dsn</span><span class="p">),</span> <span class="o">&amp;</span><span class="n">gorm</span><span class="o">.</span><span class="n">Config</span><span class="p">{</span> <span class="n">Logger</span><span class="o">:</span> <span class="n">logger</span><span class="o">.</span><span class="n">Default</span><span class="o">.</span><span class="n">LogMode</span><span class="p">(</span><span class="n">logger</span><span class="o">.</span><span class="n">Info</span><span class="p">),</span> <span class="p">})</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">log</span><span class="o">.</span><span class="n">Fatal</span><span class="p">(</span><span class="s">"Failed to connect to database. </span><span class="se">\n</span><span class="s">"</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span> <span class="n">os</span><span class="o">.</span><span class="n">Exit</span><span class="p">(</span><span class="m">2</span><span class="p">)</span> <span class="p">}</span> <span class="n">log</span><span class="o">.</span><span class="n">Println</span><span class="p">(</span><span class="s">"connected"</span><span class="p">)</span> <span class="p">}</span> </code></pre> </div> <p>Now that we are done with connecting our database to our server, let's start with database models.</p> <h3> 3. Creating the models </h3> <p>Now go ahead and create a new folder named <em>models</em>. Inside that folder create a new file called <em>models.go</em>. This file will contain the base struct that will contain common columns for all other models.</p> <p><strong>models/models.go</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">package</span> <span class="n">models</span> <span class="k">import</span> <span class="p">(</span> <span class="s">"time"</span> <span class="s">"github.com/google/uuid"</span> <span class="s">"gorm.io/gorm"</span> <span class="p">)</span> <span class="c">// GenerateISOString generates a time string equivalent to Date.now().toISOString in JavaScript</span> <span class="k">func</span> <span class="n">GenerateISOString</span><span class="p">()</span> <span class="kt">string</span> <span class="p">{</span> <span class="k">return</span> <span class="n">time</span><span class="o">.</span><span class="n">Now</span><span class="p">()</span><span class="o">.</span><span class="n">UTC</span><span class="p">()</span><span class="o">.</span><span class="n">Format</span><span class="p">(</span><span class="s">"2006-01-02T15:04:05.999Z07:00"</span><span class="p">)</span> <span class="p">}</span> <span class="c">// Base contains common columns for all tables</span> <span class="k">type</span> <span class="n">Base</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">ID</span> <span class="kt">uint</span> <span class="s">`gorm:"primaryKey"`</span> <span class="n">UUID</span> <span class="n">uuid</span><span class="o">.</span><span class="n">UUID</span> <span class="s">`json:"_id" gorm:"primaryKey;autoIncrement:false"`</span> <span class="n">CreatedAt</span> <span class="kt">string</span> <span class="s">`json:"created_at"`</span> <span class="n">UpdatedAt</span> <span class="kt">string</span> <span class="s">`json:"updated_at"`</span> <span class="p">}</span> <span class="c">// BeforeCreate will set Base struct before every insert</span> <span class="k">func</span> <span class="p">(</span><span class="n">base</span> <span class="o">*</span><span class="n">Base</span><span class="p">)</span> <span class="n">BeforeCreate</span><span class="p">(</span><span class="n">tx</span> <span class="o">*</span><span class="n">gorm</span><span class="o">.</span><span class="n">DB</span><span class="p">)</span> <span class="kt">error</span> <span class="p">{</span> <span class="c">// uuid.New() creates a new random UUID or panics.</span> <span class="n">base</span><span class="o">.</span><span class="n">UUID</span> <span class="o">=</span> <span class="n">uuid</span><span class="o">.</span><span class="n">New</span><span class="p">()</span> <span class="c">// generate timestamps</span> <span class="n">t</span> <span class="o">:=</span> <span class="n">GenerateISOString</span><span class="p">()</span> <span class="n">base</span><span class="o">.</span><span class="n">CreatedAt</span><span class="p">,</span> <span class="n">base</span><span class="o">.</span><span class="n">UpdatedAt</span> <span class="o">=</span> <span class="n">t</span><span class="p">,</span> <span class="n">t</span> <span class="k">return</span> <span class="no">nil</span> <span class="p">}</span> <span class="c">// AfterUpdate will update the Base struct after every update</span> <span class="k">func</span> <span class="p">(</span><span class="n">base</span> <span class="o">*</span><span class="n">Base</span><span class="p">)</span> <span class="n">AfterUpdate</span><span class="p">(</span><span class="n">tx</span> <span class="o">*</span><span class="n">gorm</span><span class="o">.</span><span class="n">DB</span><span class="p">)</span> <span class="kt">error</span> <span class="p">{</span> <span class="c">// update timestamps</span> <span class="n">base</span><span class="o">.</span><span class="n">UpdatedAt</span> <span class="o">=</span> <span class="n">GenerateISOString</span><span class="p">()</span> <span class="k">return</span> <span class="no">nil</span> <span class="p">}</span> </code></pre> </div> <p>Now let us create a new file inside <em>models</em> folder called <em>user.go</em>. This file will contain all the models which are relevant to user routes.</p> <p><strong>models/user.go</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">package</span> <span class="n">models</span> <span class="c">// User represents a User schema</span> <span class="k">type</span> <span class="n">User</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">Base</span> <span class="n">Email</span> <span class="kt">string</span> <span class="s">`json:"email" gorm:"unique"`</span> <span class="n">Username</span> <span class="kt">string</span> <span class="s">`json:"username" gorm:"unique"`</span> <span class="n">Password</span> <span class="kt">string</span> <span class="s">`json:"password"`</span> <span class="p">}</span> </code></pre> </div> <p>Now we will modify our <strong>main.go</strong> file to connect our database with the server.</p> <p><strong>main.go</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">package</span> <span class="n">main</span> <span class="k">import</span> <span class="p">(</span> <span class="s">"log"</span> <span class="o">++</span> <span class="s">"go-authentication-boilerplate/database"</span> <span class="s">"github.com/gofiber/fiber/v2"</span> <span class="s">"github.com/gofiber/fiber/v2/middleware/cors"</span> <span class="p">)</span> <span class="c">// CreateServer creates a new Fiber instance</span> <span class="k">func</span> <span class="n">CreateServer</span><span class="p">()</span> <span class="o">*</span><span class="n">fiber</span><span class="o">.</span><span class="n">App</span> <span class="p">{</span> <span class="n">app</span> <span class="o">:=</span> <span class="n">fiber</span><span class="o">.</span><span class="n">New</span><span class="p">()</span> <span class="k">return</span> <span class="n">app</span> <span class="p">}</span> <span class="k">func</span> <span class="n">main</span><span class="p">()</span> <span class="p">{</span> <span class="o">++</span> <span class="c">// Connect to Postgres</span> <span class="o">++</span> <span class="n">database</span><span class="o">.</span><span class="n">ConnectToDB</span><span class="p">()</span> <span class="n">app</span> <span class="o">:=</span> <span class="n">CreateServer</span><span class="p">()</span> <span class="n">app</span><span class="o">.</span><span class="n">Use</span><span class="p">(</span><span class="n">cors</span><span class="o">.</span><span class="n">New</span><span class="p">())</span> <span class="c">// 404 Handler</span> <span class="n">app</span><span class="o">.</span><span class="n">Use</span><span class="p">(</span><span class="k">func</span><span class="p">(</span><span class="n">c</span> <span class="o">*</span><span class="n">fiber</span><span class="o">.</span><span class="n">Ctx</span><span class="p">)</span> <span class="kt">error</span> <span class="p">{</span> <span class="k">return</span> <span class="n">c</span><span class="o">.</span><span class="n">SendStatus</span><span class="p">(</span><span class="m">404</span><span class="p">)</span> <span class="c">// =&gt; 404 "Not Found"</span> <span class="p">})</span> <span class="n">log</span><span class="o">.</span><span class="n">Fatal</span><span class="p">(</span><span class="n">app</span><span class="o">.</span><span class="n">Listen</span><span class="p">(</span><span class="s">":3000"</span><span class="p">))</span> <span class="p">}</span> </code></pre> </div> <p><sup>NOTE: ++ represents the added or modified lines</sup></p> <h3> 4. Setup Routes </h3> <p>Now we need to set up the needed routes for our application. We will start by making a new folder called <em>router</em>. Inside that folder, create a new file called <em>setup.go</em>. Here we will setup all our routes.</p> <p><strong>router/setup.go</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">package</span> <span class="n">router</span> <span class="k">import</span> <span class="p">(</span> <span class="s">"github.com/gofiber/fiber/v2"</span> <span class="p">)</span> <span class="k">func</span> <span class="n">hello</span><span class="p">(</span><span class="n">c</span> <span class="o">*</span><span class="n">fiber</span><span class="o">.</span><span class="n">Ctx</span><span class="p">)</span> <span class="kt">error</span> <span class="p">{</span> <span class="k">return</span> <span class="n">c</span><span class="o">.</span><span class="n">SendString</span><span class="p">(</span><span class="s">"Hello World!"</span><span class="p">)</span> <span class="p">}</span> <span class="c">// SetupRoutes setups all the Routes</span> <span class="k">func</span> <span class="n">SetupRoutes</span><span class="p">(</span><span class="n">app</span> <span class="o">*</span><span class="n">fiber</span><span class="o">.</span><span class="n">App</span><span class="p">)</span> <span class="p">{</span> <span class="n">api</span> <span class="o">:=</span> <span class="n">app</span><span class="o">.</span><span class="n">Group</span><span class="p">(</span><span class="s">"/api"</span><span class="p">)</span> <span class="n">api</span><span class="o">.</span><span class="n">Get</span><span class="p">(</span><span class="s">"/"</span><span class="p">,</span> <span class="n">hello</span><span class="p">)</span> <span class="p">}</span> </code></pre> </div> <p>Now we will call this SetupRoutes function inside our <em>main.go</em> file.</p> <p><strong>main.go</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">package</span> <span class="n">main</span> <span class="k">import</span> <span class="p">(</span> <span class="s">"log"</span> <span class="s">"go-authentication-boilerplate/database"</span> <span class="o">++</span> <span class="s">"go-authentication-boilerplate/router"</span> <span class="s">"github.com/gofiber/fiber/v2"</span> <span class="s">"github.com/gofiber/fiber/v2/middleware/cors"</span> <span class="p">)</span> <span class="c">// CreateServer creates a new Fiber instance</span> <span class="k">func</span> <span class="n">CreateServer</span><span class="p">()</span> <span class="o">*</span><span class="n">fiber</span><span class="o">.</span><span class="n">App</span> <span class="p">{</span> <span class="n">app</span> <span class="o">:=</span> <span class="n">fiber</span><span class="o">.</span><span class="n">New</span><span class="p">()</span> <span class="k">return</span> <span class="n">app</span> <span class="p">}</span> <span class="k">func</span> <span class="n">main</span><span class="p">()</span> <span class="p">{</span> <span class="c">// Connect to Postgres</span> <span class="n">database</span><span class="o">.</span><span class="n">ConnectToDB</span><span class="p">()</span> <span class="n">app</span> <span class="o">:=</span> <span class="n">CreateServer</span><span class="p">()</span> <span class="n">app</span><span class="o">.</span><span class="n">Use</span><span class="p">(</span><span class="n">cors</span><span class="o">.</span><span class="n">New</span><span class="p">())</span> <span class="o">++</span> <span class="n">router</span><span class="o">.</span><span class="n">SetupRoutes</span><span class="p">(</span><span class="n">app</span><span class="p">)</span> <span class="c">// 404 Handler</span> <span class="n">app</span><span class="o">.</span><span class="n">Use</span><span class="p">(</span><span class="k">func</span><span class="p">(</span><span class="n">c</span> <span class="o">*</span><span class="n">fiber</span><span class="o">.</span><span class="n">Ctx</span><span class="p">)</span> <span class="kt">error</span> <span class="p">{</span> <span class="k">return</span> <span class="n">c</span><span class="o">.</span><span class="n">SendStatus</span><span class="p">(</span><span class="m">404</span><span class="p">)</span> <span class="c">// =&gt; 404 "Not Found"</span> <span class="p">})</span> <span class="n">log</span><span class="o">.</span><span class="n">Fatal</span><span class="p">(</span><span class="n">app</span><span class="o">.</span><span class="n">Listen</span><span class="p">(</span><span class="s">":3000"</span><span class="p">))</span> <span class="p">}</span> </code></pre> </div> <p><sup>NOTE: ++ represents the added or modified lines</sup></p> <p>Now that we have scaffolded our Server, we will now create SignUp and SignIn route. We will do this in the next part of this tutorial.</p> <p><em>Thanks for reading! If you liked this article, please let me know and share it!</em></p> go security beginners