Basic Authentication with Golang

Thursday, 26/03/2020

Tram Ho

We will learn how to write registration, login, and authentication functions with json web token with Golang and MongoDB database. The full source of this article you can refer to here

1. Initialize directory

<span class="token function">mkdir</span> web-golang
<span class="token function">cd</span> web-golang
<span class="token function">mkdir</span> server
<span class="token function">cd</span> server
go mod init github.com/conglt10/web-golang

mkdir web-golang

cd web-golang

mkdir server

cd server

go mod init github.com/conglt10/web-golang

The go mod init [tên-module] command will create a file called go.mod , which will help manage the application’s packages. It is similar to implementing npm init inside Javascript and the go.mod file is similar to the package.json file

2. Directory structure

The directory structure will be organized as follows

The main.go file is the file we set the general specifications for the server, when running the application, it will run this file.
The go.mod file manages how the package (as introduced above).
.env stores application environment variables – auth containing json web token handling file
database contains files tasked with manipulating MongoDB (connect the database).
models defines the data structure to be saved in a collection.
routes contain request handler functions for each route
tests contain unit test files
utils contains some processing functions to use (parse JSON, …)

3. Coding Login and Register

`main.go`

<span class="token keyword">package</span> main

<span class="token keyword">import</span> <span class="token punctuation">(</span>
	<span class="token string">"fmt"</span>
	<span class="token string">"log"</span>
	<span class="token string">"net/http"</span>
	<span class="token string">"github.com/julienschmidt/httprouter"</span>
    <span class="token string">"github.com/joho/godotenv"</span>
	<span class="token string">"github.com/conglt10/web-golang/routes"</span>
<span class="token punctuation">)</span>

<span class="token keyword">func</span> <span class="token function">main</span> <span class="token punctuation">(</span> <span class="token punctuation">)</span> <span class="token punctuation">{</span>
	err <span class="token operator">:=</span> godotenv <span class="token punctuation">.</span> <span class="token function">Load</span> <span class="token punctuation">(</span> <span class="token punctuation">)</span>
	<span class="token keyword">if</span> err <span class="token operator">!=</span> <span class="token boolean">nil</span> <span class="token punctuation">{</span>
		log <span class="token punctuation">.</span> <span class="token function">Fatalf</span> <span class="token punctuation">(</span> <span class="token string">"Error getting env, %v"</span> <span class="token punctuation">,</span> err <span class="token punctuation">)</span>
	<span class="token punctuation">}</span>
	
	router <span class="token operator">:=</span> httprouter <span class="token punctuation">.</span> <span class="token function">New</span> <span class="token punctuation">(</span> <span class="token punctuation">)</span>
	
	router <span class="token punctuation">.</span> <span class="token function">POST</span> <span class="token punctuation">(</span> <span class="token string">"/auth/login"</span> <span class="token punctuation">,</span> auth <span class="token punctuation">.</span> Login <span class="token punctuation">)</span>
	router <span class="token punctuation">.</span> <span class="token function">POST</span> <span class="token punctuation">(</span> <span class="token string">"/auth/register"</span> <span class="token punctuation">,</span> auth <span class="token punctuation">.</span> Register <span class="token punctuation">)</span>

	fmt <span class="token punctuation">.</span> <span class="token function">Println</span> <span class="token punctuation">(</span> <span class="token string">"Listening to port 8000"</span> <span class="token punctuation">)</span>
	log <span class="token punctuation">.</span> <span class="token function">Fatal</span> <span class="token punctuation">(</span> http <span class="token punctuation">.</span> <span class="token function">ListenAndServe</span> <span class="token punctuation">(</span> <span class="token string">":8000"</span> <span class="token punctuation">,</span> router <span class="token punctuation">)</span> <span class="token punctuation">)</span>
<span class="token punctuation">}</span>

package main

import (

"fmt"

"log"

"net/http"

"github.com/julienschmidt/httprouter"

"github.com/joho/godotenv"

"github.com/conglt10/web-golang/routes"

)

func main ( ) {

err := godotenv . Load ( )

if err != nil {

log . Fatalf ( "Error getting env, %v" , err )

}

router := httprouter . New ( )

router . POST ( "/auth/login" , auth . Login )

router . POST ( "/auth/register" , auth . Register )

fmt . Println ( "Listening to port 8000" )

log . Fatal ( http . ListenAndServe ( ":8000" , router ) )

}

The first line of the main function body uses the godotenv library so that the application can extract environment variables.
The following section simply checks for errors.
Our application will use the Multiplexer http / router instead of the default Multiplexer in the net/http library.
The next 2 lines define 2 routes used to login and register. The handling functions of the corresponding routes are Login and Register in the auth package (folder routes).
The server will listen on port 8000

`models/User.go` : Define the data structure in db

<span class="token keyword">package</span> models

<span class="token keyword">import</span> <span class="token punctuation">(</span>
	<span class="token string">"html"</span>
	<span class="token string">"strings"</span>
	<span class="token string">"golang.org/x/crypto/bcrypt"</span>
<span class="token punctuation">)</span>

<span class="token keyword">type</span> User <span class="token keyword">struct</span> <span class="token punctuation">{</span>
	username <span class="token builtin">string</span> 
	email <span class="token builtin">string</span>	
	password <span class="token builtin">string</span>	
<span class="token punctuation">}</span>


<span class="token keyword">func</span> <span class="token function">Hash</span> <span class="token punctuation">(</span> password <span class="token builtin">string</span> <span class="token punctuation">)</span> <span class="token punctuation">(</span> <span class="token builtin">string</span> <span class="token punctuation">,</span> <span class="token builtin">error</span> <span class="token punctuation">)</span> <span class="token punctuation">{</span>
	bytes <span class="token punctuation">,</span> err <span class="token operator">:=</span> bcrypt <span class="token punctuation">.</span> <span class="token function">GenerateFromPassword</span> <span class="token punctuation">(</span> <span class="token punctuation">[</span> <span class="token punctuation">]</span> <span class="token function">byte</span> <span class="token punctuation">(</span> password <span class="token punctuation">)</span> <span class="token punctuation">,</span> <span class="token number">14</span> <span class="token punctuation">)</span>
	<span class="token keyword">return</span> <span class="token function">string</span> <span class="token punctuation">(</span> bytes <span class="token punctuation">)</span> <span class="token punctuation">,</span> err
<span class="token punctuation">}</span>

<span class="token keyword">func</span> <span class="token function">CheckPasswordHash</span> <span class="token punctuation">(</span> hashedPassword <span class="token punctuation">,</span> password <span class="token builtin">string</span> <span class="token punctuation">)</span> <span class="token builtin">error</span> <span class="token punctuation">{</span>
	<span class="token keyword">return</span> bcrypt <span class="token punctuation">.</span> <span class="token function">CompareHashAndPassword</span> <span class="token punctuation">(</span> <span class="token punctuation">[</span> <span class="token punctuation">]</span> <span class="token function">byte</span> <span class="token punctuation">(</span> hashedPassword <span class="token punctuation">)</span> <span class="token punctuation">,</span> <span class="token punctuation">[</span> <span class="token punctuation">]</span> <span class="token function">byte</span> <span class="token punctuation">(</span> password <span class="token punctuation">)</span> <span class="token punctuation">)</span>
<span class="token punctuation">}</span>

<span class="token keyword">func</span> <span class="token function">Santize</span> <span class="token punctuation">(</span> data <span class="token builtin">string</span> <span class="token punctuation">)</span> <span class="token builtin">string</span> <span class="token punctuation">{</span>
	data <span class="token operator">=</span> html <span class="token punctuation">.</span> <span class="token function">EscapeString</span> <span class="token punctuation">(</span> strings <span class="token punctuation">.</span> <span class="token function">TrimSpace</span> <span class="token punctuation">(</span> data <span class="token punctuation">)</span> <span class="token punctuation">)</span>
	<span class="token keyword">return</span> data
<span class="token punctuation">}</span>

package models

import (

"html"

"strings"

"golang.org/x/crypto/bcrypt"

)

type User struct {

username string

email string

password string

}

func Hash ( password string ) ( string , error ) {

bytes , err := bcrypt . GenerateFromPassword ( [ ] byte ( password ) , 14 )

return string ( bytes ) , err

}

func CheckPasswordHash ( hashedPassword , password string ) error {

return bcrypt . CompareHashAndPassword ( [ ] byte ( hashedPassword ) , [ ] byte ( password ) )

}

func Santize ( data string ) string {

data = html . EscapeString ( strings . TrimSpace ( data ) )

return data

}

Basic User structure consists of 3 username fields, email and password
The Hash function passes the string password, then passes the GenerateFromPassword function of the brcypt library to hash. Below is the prototyped of the GenerateFromPassword function.

<span class="token keyword">func</span> <span class="token function">GenerateFromPassword</span> <span class="token punctuation">(</span> password <span class="token punctuation">[</span> <span class="token punctuation">]</span> <span class="token builtin">byte</span> <span class="token punctuation">,</span> cost <span class="token builtin">int</span> <span class="token punctuation">)</span> <span class="token punctuation">(</span> <span class="token punctuation">[</span> <span class="token punctuation">]</span> <span class="token builtin">byte</span> <span class="token punctuation">,</span> <span class="token builtin">error</span> <span class="token punctuation">)</span>

func GenerateFromPassword ( password [ ] byte , cost int ) ( [ ] byte , error )

CheckPasswordHash the CheckPasswordHash function compare the submitted user password match the hashed password in the database?

<span class="token keyword">func</span> <span class="token function">CompareHashAndPassword</span> <span class="token punctuation">(</span> hashedPassword <span class="token punctuation">,</span> password <span class="token punctuation">[</span> <span class="token punctuation">]</span> <span class="token builtin">byte</span> <span class="token punctuation">)</span> <span class="token builtin">error</span>

func CompareHashAndPassword ( hashedPassword , password [ ] byte ) error

Santize function to remove extra spaces, encode special characters of the data (avoid partial injection holes) before saving to the db.

`database/connect.go` : Connect to the database

<span class="token keyword">package</span> db

<span class="token keyword">import</span> <span class="token punctuation">(</span>
	<span class="token string">"log"</span>
	<span class="token string">"context"</span>
	<span class="token string">"os"</span>
	<span class="token string">"go.mongodb.org/mongo-driver/mongo"</span>
    <span class="token string">"go.mongodb.org/mongo-driver/mongo/options"</span>
<span class="token punctuation">)</span>

<span class="token keyword">func</span> <span class="token function">Connect</span> <span class="token punctuation">(</span> <span class="token punctuation">)</span> <span class="token operator">*</span> mongo <span class="token punctuation">.</span> Collection <span class="token punctuation">{</span>
	clientOptions <span class="token operator">:=</span> options <span class="token punctuation">.</span> <span class="token function">Client</span> <span class="token punctuation">(</span> <span class="token punctuation">)</span> <span class="token punctuation">.</span> <span class="token function">ApplyURI</span> <span class="token punctuation">(</span> os <span class="token punctuation">.</span> <span class="token function">Getenv</span> <span class="token punctuation">(</span> <span class="token string">"MONGODB_URI"</span> <span class="token punctuation">)</span> <span class="token punctuation">)</span>
	client <span class="token punctuation">,</span> err <span class="token operator">:=</span> mongo <span class="token punctuation">.</span> <span class="token function">Connect</span> <span class="token punctuation">(</span> context <span class="token punctuation">.</span> <span class="token function">TODO</span> <span class="token punctuation">(</span> <span class="token punctuation">)</span> <span class="token punctuation">,</span> clientOptions <span class="token punctuation">)</span>

	<span class="token keyword">if</span> err <span class="token operator">!=</span> <span class="token boolean">nil</span> <span class="token punctuation">{</span>
    	log <span class="token punctuation">.</span> <span class="token function">Fatal</span> <span class="token punctuation">(</span> err <span class="token punctuation">)</span>
	<span class="token punctuation">}</span>

	<span class="token comment">// Check the connection</span>
	err <span class="token operator">=</span> client <span class="token punctuation">.</span> <span class="token function">Ping</span> <span class="token punctuation">(</span> context <span class="token punctuation">.</span> <span class="token function">TODO</span> <span class="token punctuation">(</span> <span class="token punctuation">)</span> <span class="token punctuation">,</span> <span class="token boolean">nil</span> <span class="token punctuation">)</span>

	<span class="token keyword">if</span> err <span class="token operator">!=</span> <span class="token boolean">nil</span> <span class="token punctuation">{</span>
    	log <span class="token punctuation">.</span> <span class="token function">Fatal</span> <span class="token punctuation">(</span> err <span class="token punctuation">)</span>
	<span class="token punctuation">}</span>

	collection <span class="token operator">:=</span> client <span class="token punctuation">.</span> <span class="token function">Database</span> <span class="token punctuation">(</span> <span class="token string">"golang"</span> <span class="token punctuation">)</span> <span class="token punctuation">.</span> <span class="token function">Collection</span> <span class="token punctuation">(</span> <span class="token string">"users"</span> <span class="token punctuation">)</span>
	<span class="token keyword">return</span> collection
<span class="token punctuation">}</span>

package db

import (

"log"

"context"

"os"

"go.mongodb.org/mongo-driver/mongo"

"go.mongodb.org/mongo-driver/mongo/options"

)

func Connect ( ) * mongo . Collection {

clientOptions := options . Client ( ) . ApplyURI ( os . Getenv ( "MONGODB_URI" ) )

client , err := mongo . Connect ( context . TODO ( ) , clientOptions )

if err != nil {

log . Fatal ( err )

}

// Check the connection

err = client . Ping ( context . TODO ( ) , nil )

if err != nil {

log . Fatal ( err )

}

collection := client . Database ( "golang" ) . Collection ( "users" )

return collection

}

As in the previous article, we connect to mongoDB right in the main function and execute the query. However, this is not suitable for writing module splits because other functions in the other package will not use the collection object returned when the connection is successful. Therefore, we will write the connect to DB function in a separate package and the function can be called at any time to execute.

`utils/json.go`

<span class="token keyword">package</span> res

<span class="token keyword">import</span> <span class="token punctuation">(</span>
	<span class="token string">"encoding/json"</span>
	<span class="token string">"fmt"</span>
	<span class="token string">"net/http"</span>
<span class="token punctuation">)</span>

<span class="token keyword">func</span> <span class="token function">JSON</span> <span class="token punctuation">(</span> w http <span class="token punctuation">.</span> ResponseWriter <span class="token punctuation">,</span> statusCode <span class="token builtin">int</span> <span class="token punctuation">,</span> data <span class="token keyword">interface</span> <span class="token punctuation">{</span> <span class="token punctuation">}</span> <span class="token punctuation">)</span> <span class="token punctuation">{</span>
	w <span class="token punctuation">.</span> <span class="token function">WriteHeader</span> <span class="token punctuation">(</span> statusCode <span class="token punctuation">)</span>
	err <span class="token operator">:=</span> json <span class="token punctuation">.</span> <span class="token function">NewEncoder</span> <span class="token punctuation">(</span> w <span class="token punctuation">)</span> <span class="token punctuation">.</span> <span class="token function">Encode</span> <span class="token punctuation">(</span> data <span class="token punctuation">)</span>

	<span class="token keyword">if</span> err <span class="token operator">!=</span> <span class="token boolean">nil</span> <span class="token punctuation">{</span>
		fmt <span class="token punctuation">.</span> <span class="token function">Fprintf</span> <span class="token punctuation">(</span> w <span class="token punctuation">,</span> <span class="token string">"%s"</span> <span class="token punctuation">,</span> err <span class="token punctuation">.</span> <span class="token function">Error</span> <span class="token punctuation">(</span> <span class="token punctuation">)</span> <span class="token punctuation">)</span>
	<span class="token punctuation">}</span>
<span class="token punctuation">}</span>

<span class="token keyword">func</span> <span class="token function">ERROR</span> <span class="token punctuation">(</span> w http <span class="token punctuation">.</span> ResponseWriter <span class="token punctuation">,</span> statusCode <span class="token builtin">int</span> <span class="token punctuation">,</span> err <span class="token builtin">error</span> <span class="token punctuation">)</span> <span class="token punctuation">{</span>
	<span class="token keyword">if</span> err <span class="token operator">!=</span> <span class="token boolean">nil</span> <span class="token punctuation">{</span>
		<span class="token function">JSON</span> <span class="token punctuation">(</span> w <span class="token punctuation">,</span> statusCode <span class="token punctuation">,</span> <span class="token keyword">struct</span> <span class="token punctuation">{</span>
			Error <span class="token builtin">string</span> <span class="token string">`json:"error"`</span>
		<span class="token punctuation">}</span> <span class="token punctuation">{</span>
			Error <span class="token punctuation">:</span> err <span class="token punctuation">.</span> <span class="token function">Error</span> <span class="token punctuation">(</span> <span class="token punctuation">)</span> <span class="token punctuation">,</span>
		<span class="token punctuation">}</span> <span class="token punctuation">)</span>
		<span class="token keyword">return</span>
	<span class="token punctuation">}</span>
	<span class="token function">JSON</span> <span class="token punctuation">(</span> w <span class="token punctuation">,</span> http <span class="token punctuation">.</span> StatusBadRequest <span class="token punctuation">,</span> <span class="token boolean">nil</span> <span class="token punctuation">)</span>
<span class="token punctuation">}</span>

package res

import (

"encoding/json"

"fmt"

"net/http"

)

func JSON ( w http . ResponseWriter , statusCode int , data interface { } ) {

w . WriteHeader ( statusCode )

err := json . NewEncoder ( w ) . Encode ( data )

if err != nil {

fmt . Fprintf ( w , "%s" , err . Error ( ) )

}

func ERROR ( w http . ResponseWriter , statusCode int , err error ) {

if err != nil {

JSON ( w , statusCode , struct {

Error string `json:"error"`

} {

Error : err . Error ( ) ,

} )

return

}

JSON ( w , http . StatusBadRequest , nil )

}

Since we are writing the server in pure Golang , when returning the response to the client, we need to set the status code for the header , converting the data to json . To simplify the problem, we will write a function, named package res . So at return response will be res.JSON (looks like Express.JS )

`routes/auth.go` : Register an account

<span class="token keyword">package</span> auth

<span class="token keyword">import</span> <span class="token punctuation">(</span>
    <span class="token string">"fmt"</span>
    <span class="token string">"net/http"</span>
    <span class="token string">"context"</span>
    <span class="token string">"github.com/conglt10/web-golang/models"</span>
    <span class="token string">"github.com/conglt10/web-golang/auth"</span>
    <span class="token string">"github.com/conglt10/web-golang/utils"</span>
    <span class="token string">"github.com/conglt10/web-golang/database"</span>
    <span class="token string">"github.com/julienschmidt/httprouter"</span>
    <span class="token string">"github.com/asaskevich/govalidator"</span>
    <span class="token string">"go.mongodb.org/mongo-driver/bson"</span>
<span class="token punctuation">)</span>

package auth

import (

"fmt"

"net/http"

"context"

"github.com/conglt10/web-golang/models"

"github.com/conglt10/web-golang/auth"

"github.com/conglt10/web-golang/utils"

"github.com/conglt10/web-golang/database"

"github.com/julienschmidt/httprouter"

"github.com/asaskevich/govalidator"

"go.mongodb.org/mongo-driver/bson"

)

Initially, we imported a series of packages as above. In addition to the local package, there are some other 3rd party packages.

govalidator : Help validate data received from the client.
bson : Because the data in MongoDB is saved as bson it is necessary to format the data before querying.

<span class="token keyword">func</span> <span class="token function">Register</span> <span class="token punctuation">(</span> w http <span class="token punctuation">.</span> ResponseWriter <span class="token punctuation">,</span> r <span class="token operator">*</span> http <span class="token punctuation">.</span> Request <span class="token punctuation">,</span> <span class="token boolean">_</span> httprouter <span class="token punctuation">.</span> Params <span class="token punctuation">)</span> <span class="token punctuation">{</span>
    username <span class="token operator">:=</span> r <span class="token punctuation">.</span> <span class="token function">PostFormValue</span> <span class="token punctuation">(</span> <span class="token string">"username"</span> <span class="token punctuation">)</span>
    email <span class="token operator">:=</span> r <span class="token punctuation">.</span> <span class="token function">PostFormValue</span> <span class="token punctuation">(</span> <span class="token string">"email"</span> <span class="token punctuation">)</span>
    password <span class="token operator">:=</span> r <span class="token punctuation">.</span> <span class="token function">PostFormValue</span> <span class="token punctuation">(</span> <span class="token string">"password"</span> <span class="token punctuation">)</span>

    <span class="token keyword">if</span> govalidator <span class="token punctuation">.</span> <span class="token function">IsNull</span> <span class="token punctuation">(</span> username <span class="token punctuation">)</span> <span class="token operator">||</span> govalidator <span class="token punctuation">.</span> <span class="token function">IsNull</span> <span class="token punctuation">(</span> email <span class="token punctuation">)</span> <span class="token operator">||</span> govalidator <span class="token punctuation">.</span> <span class="token function">IsNull</span> <span class="token punctuation">(</span> password <span class="token punctuation">)</span> <span class="token punctuation">{</span>
        res <span class="token punctuation">.</span> <span class="token function">JSON</span> <span class="token punctuation">(</span> w <span class="token punctuation">,</span> <span class="token number">400</span> <span class="token punctuation">,</span> <span class="token string">"Data can not null"</span> <span class="token punctuation">)</span>
        <span class="token keyword">return</span>
    <span class="token punctuation">}</span>

    <span class="token keyword">if</span> <span class="token operator">!</span> govalidator <span class="token punctuation">.</span> <span class="token function">IsEmail</span> <span class="token punctuation">(</span> email <span class="token punctuation">)</span> <span class="token punctuation">{</span>
        res <span class="token punctuation">.</span> <span class="token function">JSON</span> <span class="token punctuation">(</span> w <span class="token punctuation">,</span> <span class="token number">400</span> <span class="token punctuation">,</span> <span class="token string">"Email is invalid"</span> <span class="token punctuation">)</span>
        <span class="token keyword">return</span>
    <span class="token punctuation">}</span>

    username <span class="token operator">=</span> models <span class="token punctuation">.</span> <span class="token function">Santize</span> <span class="token punctuation">(</span> username <span class="token punctuation">)</span>
    email <span class="token operator">=</span> models <span class="token punctuation">.</span> <span class="token function">Santize</span> <span class="token punctuation">(</span> email <span class="token punctuation">)</span>
    password <span class="token operator">=</span> models <span class="token punctuation">.</span> <span class="token function">Santize</span> <span class="token punctuation">(</span> password <span class="token punctuation">)</span>

    collection <span class="token operator">:=</span> db <span class="token punctuation">.</span> <span class="token function">Connect</span> <span class="token punctuation">(</span> <span class="token punctuation">)</span>


    errFindUsername <span class="token operator">:=</span> collection <span class="token punctuation">.</span> <span class="token function">FindOne</span> <span class="token punctuation">(</span> context <span class="token punctuation">.</span> <span class="token function">TODO</span> <span class="token punctuation">(</span> <span class="token punctuation">)</span> <span class="token punctuation">,</span> bson <span class="token punctuation">.</span> M <span class="token punctuation">{</span> <span class="token string">"username"</span> <span class="token punctuation">:</span> username <span class="token punctuation">}</span> <span class="token punctuation">)</span>
    errFindEmail <span class="token operator">:=</span> collection <span class="token punctuation">.</span> <span class="token function">FindOne</span> <span class="token punctuation">(</span> context <span class="token punctuation">.</span> <span class="token function">TODO</span> <span class="token punctuation">(</span> <span class="token punctuation">)</span> <span class="token punctuation">,</span> bson <span class="token punctuation">.</span> M <span class="token punctuation">{</span> <span class="token string">"email"</span> <span class="token punctuation">:</span> email <span class="token punctuation">}</span> <span class="token punctuation">)</span>
  
    <span class="token keyword">if</span> errFindUsername <span class="token operator">==</span> <span class="token boolean">nil</span> <span class="token operator">||</span> errFindEmail <span class="token operator">==</span> <span class="token boolean">nil</span> <span class="token punctuation">{</span>
        res <span class="token punctuation">.</span> <span class="token function">JSON</span> <span class="token punctuation">(</span> w <span class="token punctuation">,</span> <span class="token number">409</span> <span class="token punctuation">,</span> <span class="token string">"User does exists"</span> <span class="token punctuation">)</span>
        <span class="token keyword">return</span>
    <span class="token punctuation">}</span>

    password <span class="token punctuation">,</span> err <span class="token operator">:=</span> models <span class="token punctuation">.</span> <span class="token function">Hash</span> <span class="token punctuation">(</span> password <span class="token punctuation">)</span>

    <span class="token keyword">if</span> err <span class="token operator">!=</span> <span class="token boolean">nil</span> <span class="token punctuation">{</span>
        res <span class="token punctuation">.</span> <span class="token function">JSON</span> <span class="token punctuation">(</span> w <span class="token punctuation">,</span> <span class="token number">500</span> <span class="token punctuation">,</span> <span class="token string">"Register has failed"</span> <span class="token punctuation">)</span>
        <span class="token keyword">return</span>
    <span class="token punctuation">}</span>

    newUser <span class="token operator">:=</span> bson <span class="token punctuation">.</span> M <span class="token punctuation">{</span> <span class="token string">"username"</span> <span class="token punctuation">:</span> username <span class="token punctuation">,</span> <span class="token string">"email"</span> <span class="token punctuation">:</span> email <span class="token punctuation">,</span> <span class="token string">"password"</span> <span class="token punctuation">:</span> password <span class="token punctuation">}</span>

    <span class="token boolean">_</span> <span class="token punctuation">,</span> errs <span class="token operator">:=</span> collection <span class="token punctuation">.</span> <span class="token function">InsertOne</span> <span class="token punctuation">(</span> context <span class="token punctuation">.</span> <span class="token function">TODO</span> <span class="token punctuation">(</span> <span class="token punctuation">)</span> <span class="token punctuation">,</span> newUser <span class="token punctuation">)</span>

    <span class="token keyword">if</span> errs <span class="token operator">!=</span> <span class="token boolean">nil</span> <span class="token punctuation">{</span>
        res <span class="token punctuation">.</span> <span class="token function">JSON</span> <span class="token punctuation">(</span> w <span class="token punctuation">,</span> <span class="token number">500</span> <span class="token punctuation">,</span> <span class="token string">"Register has failed"</span> <span class="token punctuation">)</span>
        <span class="token keyword">return</span>
    <span class="token punctuation">}</span>

    res <span class="token punctuation">.</span> <span class="token function">JSON</span> <span class="token punctuation">(</span> w <span class="token punctuation">,</span> <span class="token number">201</span> <span class="token punctuation">,</span> <span class="token string">"Register Succesfully"</span> <span class="token punctuation">)</span>
<span class="token punctuation">}</span>

func Register ( w http . ResponseWriter , r * http . Request , _ httprouter . Params ) {

username := r . PostFormValue ( "username" )

email := r . PostFormValue ( "email" )

password := r . PostFormValue ( "password" )

if govalidator . IsNull ( username ) || govalidator . IsNull ( email ) || govalidator . IsNull ( password ) {

res . JSON ( w , 400 , "Data can not null" )

return

}

if ! govalidator . IsEmail ( email ) {

res . JSON ( w , 400 , "Email is invalid" )

return

}

username = models . Santize ( username )

email = models . Santize ( email )

password = models . Santize ( password )

collection := db . Connect ( )

errFindUsername := collection . FindOne ( context . TODO ( ) , bson . M { "username" : username } )

errFindEmail := collection . FindOne ( context . TODO ( ) , bson . M { "email" : email } )

if errFindUsername == nil || errFindEmail == nil {

res . JSON ( w , 409 , "User does exists" )

return

}

password , err := models . Hash ( password )

if err != nil {

res . JSON ( w , 500 , "Register has failed" )

return

}

newUser := bson . M { "username" : username , "email" : email , "password" : password }

_ , errs := collection . InsertOne ( context . TODO ( ) , newUser )

if errs != nil {

res . JSON ( w , 500 , "Register has failed" )

return

}

res . JSON ( w , 201 , "Register Succesfully" )

}

The Register function passes three arguments in accordance with the specified prototype of the http / router . In this route we do not need to use params so leave the _ before to skip it.

<span class="token keyword">type</span> Handle <span class="token keyword">func</span> <span class="token punctuation">(</span> http <span class="token punctuation">.</span> ResponseWriter <span class="token punctuation">,</span> <span class="token operator">*</span> http <span class="token punctuation">.</span> Request <span class="token punctuation">,</span> Params <span class="token punctuation">)</span>

type Handle func ( http . ResponseWriter , * http . Request , Params )

More than the first 10 lines of the function do the job of extracting data sent from the client and validated by govalidator , if the data submitted is invalid, it returns an error of 400 . Then clean the data with the Santize function.
collection := db.Connect() : Connect to collection users
Next need to check if the username and email already exist in the system, if it exists then return an error to the client. bson.M data type format bson map (key-value). For more details, you can refer to bson go doc
Before saving the user to the db, the password needs to be hashed with the Hash function in the package models

Run the app on The beauty of golang, when you go run main.go , it will automatically install the imported packages. As for Node.JS, you need to run npm install before running the app.

Tested by PostMan

Check in the database to see if there is a record?

Registration failed due to duplicate information (return status 409)

Registration failed due to missing or incorrect information (return status 400)

`auth/jwt.go` : Create jsonwebtoken

With the login function, we will use json web token, when the user successfully logs in, the server will return 1 token, the client will save the token (to localStorage for example) and send it to the server for subsequent requests. to identify users without having to log in again.

<span class="token keyword">package</span> jwt

<span class="token keyword">import</span> <span class="token punctuation">(</span>
	<span class="token string">"os"</span>
	<span class="token string">"time"</span>
	jwt <span class="token string">"github.com/dgrijalva/jwt-go"</span>
<span class="token punctuation">)</span>

<span class="token keyword">func</span> <span class="token function">Create</span> <span class="token punctuation">(</span> username <span class="token builtin">string</span> <span class="token punctuation">)</span> <span class="token punctuation">(</span> <span class="token builtin">string</span> <span class="token punctuation">,</span> <span class="token builtin">error</span> <span class="token punctuation">)</span> <span class="token punctuation">{</span>
	claims <span class="token operator">:=</span> jwt <span class="token punctuation">.</span> MapClaims <span class="token punctuation">{</span> <span class="token punctuation">}</span>
	claims <span class="token punctuation">[</span> <span class="token string">"authorized"</span> <span class="token punctuation">]</span> <span class="token operator">=</span> <span class="token boolean">true</span>
	claims <span class="token punctuation">[</span> <span class="token string">"username"</span> <span class="token punctuation">]</span> <span class="token operator">=</span> username
	claims <span class="token punctuation">[</span> <span class="token string">"exp"</span> <span class="token punctuation">]</span> <span class="token operator">=</span> time <span class="token punctuation">.</span> <span class="token function">Now</span> <span class="token punctuation">(</span> <span class="token punctuation">)</span> <span class="token punctuation">.</span> <span class="token function">Add</span> <span class="token punctuation">(</span> time <span class="token punctuation">.</span> Hour <span class="token operator">*</span> <span class="token number">12</span> <span class="token punctuation">)</span> <span class="token punctuation">.</span> <span class="token function">Unix</span> <span class="token punctuation">(</span> <span class="token punctuation">)</span> <span class="token comment">//Token hết hạn sau 12 giờ</span>
	token <span class="token operator">:=</span> jwt <span class="token punctuation">.</span> <span class="token function">NewWithClaims</span> <span class="token punctuation">(</span> jwt <span class="token punctuation">.</span> SigningMethodHS256 <span class="token punctuation">,</span> claims <span class="token punctuation">)</span>
	<span class="token keyword">return</span> token <span class="token punctuation">.</span> <span class="token function">SignedString</span> <span class="token punctuation">(</span> <span class="token punctuation">[</span> <span class="token punctuation">]</span> <span class="token function">byte</span> <span class="token punctuation">(</span> os <span class="token punctuation">.</span> <span class="token function">Getenv</span> <span class="token punctuation">(</span> <span class="token string">"SECRET_JWT"</span> <span class="token punctuation">)</span> <span class="token punctuation">)</span> <span class="token punctuation">)</span>
<span class="token punctuation">}</span>

package jwt

import (

"os"

"time"

jwt "github.com/dgrijalva/jwt-go"

)

func Create ( username string ) ( string , error ) {

claims := jwt . MapClaims { }

claims [ "authorized" ] = true

claims [ "username" ] = username

claims [ "exp" ] = time . Now ( ) . Add ( time . Hour * 12 ) . Unix ( ) //Token hết hạn sau 12 giờ

token := jwt . NewWithClaims ( jwt . SigningMethodHS256 , claims )

return token . SignedString ( [ ] byte ( os . Getenv ( "SECRET_JWT" ) ) )

}

We will use the jwt-go library to create json web token, the token will be encrypted according to the secret key stored in .env .

`routes/auth.go` : Login

<span class="token keyword">func</span> <span class="token function">Login</span> <span class="token punctuation">(</span> w http <span class="token punctuation">.</span> ResponseWriter <span class="token punctuation">,</span> r <span class="token operator">*</span> http <span class="token punctuation">.</span> Request <span class="token punctuation">,</span> <span class="token boolean">_</span> httprouter <span class="token punctuation">.</span> Params <span class="token punctuation">)</span> <span class="token punctuation">{</span>
    username <span class="token operator">:=</span> r <span class="token punctuation">.</span> <span class="token function">PostFormValue</span> <span class="token punctuation">(</span> <span class="token string">"username"</span> <span class="token punctuation">)</span>
    password <span class="token operator">:=</span> r <span class="token punctuation">.</span> <span class="token function">PostFormValue</span> <span class="token punctuation">(</span> <span class="token string">"password"</span> <span class="token punctuation">)</span>

    <span class="token keyword">if</span> govalidator <span class="token punctuation">.</span> <span class="token function">IsNull</span> <span class="token punctuation">(</span> username <span class="token punctuation">)</span> <span class="token operator">||</span> govalidator <span class="token punctuation">.</span> <span class="token function">IsNull</span> <span class="token punctuation">(</span> password <span class="token punctuation">)</span> <span class="token punctuation">{</span>
        res <span class="token punctuation">.</span> <span class="token function">JSON</span> <span class="token punctuation">(</span> w <span class="token punctuation">,</span> <span class="token number">400</span> <span class="token punctuation">,</span> <span class="token string">"Data can not null"</span> <span class="token punctuation">)</span>
        <span class="token keyword">return</span>
    <span class="token punctuation">}</span>

    username <span class="token operator">=</span> models <span class="token punctuation">.</span> <span class="token function">Santize</span> <span class="token punctuation">(</span> username <span class="token punctuation">)</span>
    password <span class="token operator">=</span> models <span class="token punctuation">.</span> <span class="token function">Santize</span> <span class="token punctuation">(</span> password <span class="token punctuation">)</span>

    collection <span class="token operator">:=</span> db <span class="token punctuation">.</span> <span class="token function">Connect</span> <span class="token punctuation">(</span> <span class="token punctuation">)</span>

    <span class="token keyword">var</span> result bson <span class="token punctuation">.</span> M
    err <span class="token operator">:=</span> collection <span class="token punctuation">.</span> <span class="token function">FindOne</span> <span class="token punctuation">(</span> context <span class="token punctuation">.</span> <span class="token function">TODO</span> <span class="token punctuation">(</span> <span class="token punctuation">)</span> <span class="token punctuation">,</span> bson <span class="token punctuation">.</span> M <span class="token punctuation">{</span> <span class="token string">"username"</span> <span class="token punctuation">:</span> username <span class="token punctuation">}</span> <span class="token punctuation">)</span> <span class="token punctuation">.</span> <span class="token function">Decode</span> <span class="token punctuation">(</span> <span class="token operator">&amp;</span> result <span class="token punctuation">)</span>
    
    <span class="token keyword">if</span> err <span class="token operator">!=</span> <span class="token boolean">nil</span> <span class="token punctuation">{</span>
        res <span class="token punctuation">.</span> <span class="token function">JSON</span> <span class="token punctuation">(</span> w <span class="token punctuation">,</span> <span class="token number">400</span> <span class="token punctuation">,</span> <span class="token string">"Username or Password incorrect"</span> <span class="token punctuation">)</span>
        <span class="token keyword">return</span>
    <span class="token punctuation">}</span>

    <span class="token comment">// convert interface to string</span>
    hashedPassword <span class="token operator">:=</span> fmt <span class="token punctuation">.</span> <span class="token function">Sprintf</span> <span class="token punctuation">(</span> <span class="token string">"%v"</span> <span class="token punctuation">,</span> result <span class="token punctuation">[</span> <span class="token string">"password"</span> <span class="token punctuation">]</span> <span class="token punctuation">)</span>

    err <span class="token operator">=</span> models <span class="token punctuation">.</span> <span class="token function">CheckPasswordHash</span> <span class="token punctuation">(</span> hashedPassword <span class="token punctuation">,</span> password <span class="token punctuation">)</span>

    <span class="token keyword">if</span> err <span class="token operator">!=</span> <span class="token boolean">nil</span> <span class="token punctuation">{</span>
        res <span class="token punctuation">.</span> <span class="token function">JSON</span> <span class="token punctuation">(</span> w <span class="token punctuation">,</span> <span class="token number">401</span> <span class="token punctuation">,</span> <span class="token string">"Username or Password incorrect"</span> <span class="token punctuation">)</span>
        <span class="token keyword">return</span>
    <span class="token punctuation">}</span>

      token <span class="token punctuation">,</span> errCreate <span class="token operator">:=</span> jwt <span class="token punctuation">.</span> <span class="token function">Create</span> <span class="token punctuation">(</span> username <span class="token punctuation">)</span>

    <span class="token keyword">if</span> errCreate <span class="token operator">!=</span> <span class="token boolean">nil</span> <span class="token punctuation">{</span>
        res <span class="token punctuation">.</span> <span class="token function">JSON</span> <span class="token punctuation">(</span> w <span class="token punctuation">,</span> <span class="token number">500</span> <span class="token punctuation">,</span> <span class="token string">"Internal Server Error"</span> <span class="token punctuation">)</span>
        <span class="token keyword">return</span>
    <span class="token punctuation">}</span>

    res <span class="token punctuation">.</span> <span class="token function">JSON</span> <span class="token punctuation">(</span> w <span class="token punctuation">,</span> <span class="token number">200</span> <span class="token punctuation">,</span> token <span class="token punctuation">)</span>
<span class="token punctuation">}</span>

func Login ( w http . ResponseWriter , r * http . Request , _ httprouter . Params ) {

return

}

var result bson . M

err := collection . FindOne ( context . TODO ( ) , bson . M { "username" : username } ) . Decode ( & result )

if err != nil {

res . JSON ( w , 400 , "Username or Password incorrect" )

return

}

// convert interface to string

hashedPassword := fmt . Sprintf ( "%v" , result [ "password" ] )

err = models . CheckPasswordHash ( hashedPassword , password )

if err != nil {

res . JSON ( w , 401 , "Username or Password incorrect" )

return

}

token , errCreate := jwt . Create ( username )

if errCreate != nil {

res . JSON ( w , 500 , "Internal Server Error" )

return

}

res . JSON ( w , 200 , token )

}

The part that takes data from the form request and validate is similar to the one we have in the Register function.
The database query (FindOne) is different from the Decode function in the back. The Decode function will convert the query data back to a map, making it easier to get the hash of the password at the back. For example, the result variable after FindOne will look like this.

<span class="token keyword">map</span> <span class="token punctuation">[</span> _id <span class="token punctuation">:</span> <span class="token function">ObjectID</span> <span class="token punctuation">(</span> <span class="token string">"5e7c1f2c0964025facbc0111"</span> <span class="token punctuation">)</span> email <span class="token punctuation">:</span> <a class="__cf_email__" href="/cdn-cgi/l/email-protection">[email protected]</a> <span class="token punctuation">.</span> com password <span class="token punctuation">:</span> $ <span class="token number">2</span> a$ <span class="token number">14</span> $ <span class="token operator">/</span> Ay <span class="token operator">/</span> <span class="token number">2.</span> SOzBESe <span class="token operator">/</span> <span class="token number">0</span> ZvqH <span class="token punctuation">.</span> mOKv0n3B9CmvnBiH8uNlWG9HeY7pyQtbK username <span class="token punctuation">:</span> conglt <span class="token punctuation">]</span>

map [ _id : ObjectID ( "5e7c1f2c0964025facbc0111" ) email : <a class="__cf_email__" href="/cdn-cgi/l/email-protection">[email protected]</a> . com password : $ 2 a$ 14 $ / Ay / 2. SOzBESe / 0 ZvqH . mOKv0n3B9CmvnBiH8uNlWG9HeY7pyQtbK username : conglt ]

Next, call the CheckPasswordHash function to see if the password sent from the client when hashed is the same as the password stored in the db?
Finally, call the jwt.Create function to generate tokens, we also do not forget to check for possible errors.

Test with Postman

Logged in successfully
Wrong password
The username does not exist in the db

References

Share the news now

Source : Viblo

Basic Authentication with Golang

1. Initialize directory

2. Directory structure

3. Coding Login and Register

`main.go`

`models/User.go` : Define the data structure in db

`database/connect.go` : Connect to the database

`utils/json.go`

`routes/auth.go` : Register an account

`auth/jwt.go` : Create jsonwebtoken

`routes/auth.go` : Login

References

TikTok becomes the second largest social platform in South Africa

The fastest depreciating after 9 months of launch, iPhone 14 Pro Max continues to break the bottom in Vietnam

Beginner's guide to R: Introduction

10 essential SublimeText plugins for JavaScript developers

1. Initialize directory

2. Directory structure

3. Coding Login and Register

main.go

models/User.go : Define the data structure in db

database/connect.go : Connect to the database

utils/json.go

routes/auth.go : Register an account

auth/jwt.go : Create jsonwebtoken

routes/auth.go : Login

References

TikTok becomes the second largest social platform in South Africa

The fastest depreciating after 9 months of launch, iPhone 14 Pro Max continues to break the bottom in Vietnam

Beginner's guide to R: Introduction

10 essential SublimeText plugins for JavaScript developers

`main.go`

`models/User.go` : Define the data structure in db

`database/connect.go` : Connect to the database

`utils/json.go`

`routes/auth.go` : Register an account

`auth/jwt.go` : Create jsonwebtoken

`routes/auth.go` : Login