williamp/chatservice_concept
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

implement authentication

Browse Source
This commit is contained in:
William P
2025-04-06 21:36:03 -04:00
parent 824ca781d4
commit ccc0a58f88
2 changed files with 56 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
api/api.go
View File

@@ -37,6 +37,8 @@ func Start() {
}) })
r.Route("/messages", func(r chi.Router) { r.Route("/messages", func(r chi.Router) {
r.Use(SessionAuthMiddleware) // Protect with authentication
r.Get("/", ListMessages) r.Get("/", ListMessages)
r.Route("/{messageID}", func(r chi.Router) { r.Route("/{messageID}", func(r chi.Router) {
r.Use(MessageCtx) // Load message r.Use(MessageCtx) // Load message
@@ -48,6 +50,8 @@ func Start() {
}) })
r.Route("/users", func(r chi.Router) { r.Route("/users", func(r chi.Router) {
r.Use(SessionAuthMiddleware) // Protect with authentication
r.Get("/", ListUsers) r.Get("/", ListUsers)
r.Route("/{userID}", func(r chi.Router) { r.Route("/{userID}", func(r chi.Router) {
r.Use(UserCtx) // Load user r.Use(UserCtx) // Load user

52
api/user.go
View File

@@ -75,6 +75,10 @@ func NewUser(w http.ResponseWriter, r *http.Request) {
} }
hashedPassword, err := hashPassword(password) hashedPassword, err := hashPassword(password)
if err != nil {
http.Error(w, "Unable to hash password", http.StatusInternalServerError)
}
newUser := User{ newUser := User{
ID: newUserID(), ID: newUserID(),
Name: newUserName, Name: newUserName,
@@ -116,9 +120,57 @@ func Login(w http.ResponseWriter, r *http.Request) {
return return
} }
sessionToken := CreateSession(username)
http.SetCookie(w, &http.Cookie{
Name: "session_token",
Value: sessionToken,
Path: "/",
HttpOnly: true,
Secure: false,
})
w.Write([]byte("Login successful")) w.Write([]byte("Login successful"))
} }
var sessionStore = make(map[string]string)
func CreateSession(username string) string {
sessionToken := uuid.New().String()
sessionStore[sessionToken] = username
return sessionToken
}
func ValidateSession(sessionToken string) (string, bool) {
username, exists := sessionStore[sessionToken]
return username, exists
}
type contextKey string
const usernameKey contextKey = "username"
func SessionAuthMiddleware(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
cookie, err := r.Cookie("session_token")
if err != nil {
http.Error(w, "Unauthorized", http.StatusUnauthorized)
return
}
sessionToken := cookie.Value
username, valid := ValidateSession(sessionToken)
if !valid {
http.Error(w, "Unauthorized", http.StatusUnauthorized)
return
}
// Add username to request context
ctx := context.WithValue(r.Context(), usernameKey, username)
next.ServeHTTP(w, r.WithContext(ctx))
})
}
func (u *UserPayload) Render(w http.ResponseWriter, r *http.Request) error { func (u *UserPayload) Render(w http.ResponseWriter, r *http.Request) error {
return nil return nil
} }