williamp/chatservice_concept
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: williamp:824ca781d4fa34bc24640f4e9a8cdcb7e51c4a4b
Branches Tags
williamp:master williamp:simple_client
...
compare: williamp:a601f1ceecadd9d23d7c3c05f3477911e0a8bcff
Branches Tags
williamp:master williamp:simple_client

2 Commits
824ca781d4 ... a601f1ceec

Author SHA1 Message Date
William P
a601f1ceec split auth functions to auth.go 2025-04-06 21:45:01 -04:00
William P
ccc0a58f88 implement authentication 2025-04-06 21:36:03 -04:00
3 changed files with 107 additions and 43 deletions
Expand all files Collapse all files

4
api/api.go
View File

@@ -37,6 +37,8 @@ func Start() {
}) })
r.Route("/messages", func(r chi.Router) { r.Route("/messages", func(r chi.Router) {
r.Use(SessionAuthMiddleware) // Protect with authentication
r.Get("/", ListMessages) r.Get("/", ListMessages)
r.Route("/{messageID}", func(r chi.Router) { r.Route("/{messageID}", func(r chi.Router) {
r.Use(MessageCtx) // Load message r.Use(MessageCtx) // Load message
@@ -48,6 +50,8 @@ func Start() {
}) })
r.Route("/users", func(r chi.Router) { r.Route("/users", func(r chi.Router) {
r.Use(SessionAuthMiddleware) // Protect with authentication
r.Get("/", ListUsers) r.Get("/", ListUsers)
r.Route("/{userID}", func(r chi.Router) { r.Route("/{userID}", func(r chi.Router) {
r.Use(UserCtx) // Load user r.Use(UserCtx) // Load user

99
api/auth.go Normal file
View File

@@ -0,0 +1,99 @@
package api
import (
"context"
"net/http"
"github.com/google/uuid"
"golang.org/x/crypto/bcrypt"
)
func Login(w http.ResponseWriter, r *http.Request) {
err := r.ParseMultipartForm(64 << 10)
if err != nil {
http.Error(w, "Unable to parse form", http.StatusBadRequest)
return
}
username := r.FormValue("name")
password := r.FormValue("password")
if username == "" || password == "" {
http.Error(w, "Username and password cannot be empty", http.StatusBadRequest)
return
}
user, err := dbGetUserByName(username)
if err != nil {
http.Error(w, "Invalid username or password", http.StatusUnauthorized)
return
}
err = validatePassword(user.Password, password)
if err != nil {
http.Error(w, "Invalid username or password", http.StatusUnauthorized)
return
}
sessionToken := CreateSession(username)
http.SetCookie(w, &http.Cookie{
Name: "session_token",
Value: sessionToken,
Path: "/",
HttpOnly: true,
Secure: false,
})
w.Write([]byte("Login successful"))
}
var sessionStore = make(map[string]string)
func CreateSession(username string) string {
sessionToken := uuid.New().String()
sessionStore[sessionToken] = username
return sessionToken
}
func ValidateSession(sessionToken string) (string, bool) {
username, exists := sessionStore[sessionToken]
return username, exists
}
type contextKey string
const usernameKey contextKey = "username"
func SessionAuthMiddleware(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
cookie, err := r.Cookie("session_token")
if err != nil {
http.Error(w, "Unauthorized", http.StatusUnauthorized)
return
}
sessionToken := cookie.Value
username, valid := ValidateSession(sessionToken)
if !valid {
http.Error(w, "Unauthorized", http.StatusUnauthorized)
return
}
// Add username to request context
ctx := context.WithValue(r.Context(), usernameKey, username)
next.ServeHTTP(w, r.WithContext(ctx))
})
}
func (u *UserPayload) Render(w http.ResponseWriter, r *http.Request) error {
return nil
}
func hashPassword(password string) (string, error) {
hashedPassword, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
return string(hashedPassword), err
}
func validatePassword(hashedPassword, password string) error {
return bcrypt.CompareHashAndPassword([]byte(hashedPassword), []byte(password))
}

47
api/user.go
View File

@@ -7,7 +7,6 @@ import (
"github.com/go-chi/chi/v5" "github.com/go-chi/chi/v5"
"github.com/go-chi/render" "github.com/go-chi/render"
"github.com/google/uuid" "github.com/google/uuid"
"golang.org/x/crypto/bcrypt"
) )
func UserCtx(next http.Handler) http.Handler { func UserCtx(next http.Handler) http.Handler {
@@ -75,6 +74,10 @@ func NewUser(w http.ResponseWriter, r *http.Request) {
} }
hashedPassword, err := hashPassword(password) hashedPassword, err := hashPassword(password)
if err != nil {
http.Error(w, "Unable to hash password", http.StatusInternalServerError)
}
newUser := User{ newUser := User{
ID: newUserID(), ID: newUserID(),
Name: newUserName, Name: newUserName,
@@ -90,48 +93,6 @@ func NewUser(w http.ResponseWriter, r *http.Request) {
render.Render(w, r, NewUserPayloadResponse(&newUser)) render.Render(w, r, NewUserPayloadResponse(&newUser))
} }
func Login(w http.ResponseWriter, r *http.Request) {
err := r.ParseMultipartForm(64 << 10)
if err != nil {
http.Error(w, "Unable to parse form", http.StatusBadRequest)
return
}
username := r.FormValue("name")
password := r.FormValue("password")
if username == "" || password == "" {
http.Error(w, "Username and password cannot be empty", http.StatusBadRequest)
return
}
user, err := dbGetUserByName(username)
if err != nil {
http.Error(w, "Invalid username or password", http.StatusUnauthorized)
return
}
err = validatePassword(user.Password, password)
if err != nil {
http.Error(w, "Invalid username or password", http.StatusUnauthorized)
return
}
w.Write([]byte("Login successful"))
}
func (u *UserPayload) Render(w http.ResponseWriter, r *http.Request) error {
return nil
}
func hashPassword(password string) (string, error) {
hashedPassword, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
return string(hashedPassword), err
}
func validatePassword(hashedPassword, password string) error {
return bcrypt.CompareHashAndPassword([]byte(hashedPassword), []byte(password))
}
type userKey struct{} type userKey struct{}
type User struct { type User struct {