Merge pull request #31 from edwinvautier/feat_authenticator-bundle

Authenticator bundle V1
gogolcorp · Apr 3, 2021 · 432e530 · 432e530
2 parents 70fe6ed + fc57b9c
commit 432e530
Show file tree

Hide file tree

Showing 7 changed files with 76 additions and 48 deletions.
diff --git a/bundles/authenticator/README.md b/bundles/authenticator/README.md
@@ -0,0 +1,62 @@
+# Authenticator bundle
+
+This bundle is used to authenticate users on your API.
+It uses [Json Web Token](https://en.wikipedia.org/wiki/JSON_Web_Token).
+
+## Setup
+
+In order to work, the bundle needs the following variables to be set in your `.env` file :
+
+| variable             | description                            |
+| -------------------- | -------------------------------------- |
+| TOKEN_VALID_DURATION | valid duration of the token in minutes |
+| RSA_PUBLIC_PATH      | the path to the public.pem file        |
+| RSA_PRIVATE_PATH     | the path to the private.pem file       |
+| RSA_PASSWORD         | password of the encryption key         |
+| DOMAIN               | the domain for the cookies             |
+
+As the bundle uses RSA keys, you need to generate them :
+
+```sh
+# Generate private.pem
+openssl genrsa -des3 -out private.pem 2048
+
+# Generate public.pem
+openssl rsa -in private.pem -outform PEM -pubout -out public.pem
+```
+
+> 💡 You need to use the same password for both commands, this password is the one you set as **RSA_PASSWORD**
+
+By default if you put your public.pem and private.pem in project root, then the path to them should be `../public.pem`.
+
+## Available methods
+
+The following methods are available :
+
+| name          | description                                      |
+| ------------- | ------------------------------------------------ |
+| GenerateToken | generates a JWT from email                       |
+| DecodeToken   | decode a jwt and returns the token and its claim |
+| HashPassword  | hash password with MD5 method                    |
+
+## Use
+
+When installed, a middleware is automatically created for authentication.
+You can use it inside the `api/routes/router.go` file :
+
+```go
+func Init(r *gin.Engine) {
+  r.POST("/register", controllers.CreateCustomer)
+  r.POST("/login", controllers.Login)
+
+  api := r.Group("/api")
+  api.Use(middlewares.CheckAuthorization)
+  {
+    api.GET("/", controllers.TestController)
+  }
+}
+```
+
+`login controller` is also created, feel free to modify it to your needs.
+
+Your customer entity should have a password, you can use the authenticator.HashPassword to do so.
diff --git a/bundles/authenticator/authenticator.go b/bundles/authenticator/authenticator.go
diff --git a/bundles/authenticator/password_hasher.go b/bundles/authenticator/password_hasher.go
@@ -6,7 +6,7 @@ import (
 )
 
 // HashPassword takes a string in parameter and returns the same string hashed with sha512
-func (auth Authenticator) HashPassword(password string) string {
+func HashPassword(password string) string {
 	h := sha512.New()
 	h.Write([]byte(password))
 	bytesHash := h.Sum(nil)

diff --git a/...pi/controllers/authentication.go.template → ...pi/controllers/authentication.go.template b/...pi/controllers/authentication.go.template → ...pi/controllers/authentication.go.template
@@ -7,7 +7,7 @@ import (
 	"{{.GoPackageFullPath}}/shared/env"
 	"{{.GoPackageFullPath}}/api/models"
 	"{{.GoPackageFullPath}}/api/repositories"
-	"{{.GoPackageFullPath}}/shared/services"
+	"github.com/edwinvautier/go-cli/bundles/authenticator"
 	"github.com/gin-gonic/gin"
 )
 
@@ -29,14 +29,14 @@ func Login(c *gin.Context) {
 	}
 
 	// Verify password
-	hashedPwd := services.HashPassword(customerForm.Password)
+	hashedPwd := authenticator.HashPassword(customerForm.Password)
 	if hashedPwd != customer.HashedPassword {
 		c.JSON(http.StatusUnauthorized, "incorrect email or password.")
 		return
 	}
 
 	// Generate connection token
-	token, err := services.GenerateToken(customer.Email)
+	token, err := authenticator.GenerateToken(customer.Email)
 	if err != nil {
 		c.JSON(http.StatusInternalServerError, "Couldn't create your authorization")
 		return

diff --git a/bundles/authenticator/templates/api/middlewares/authorization_middleware.go.template b/bundles/authenticator/templates/api/middlewares/authorization_middleware.go.template
@@ -7,7 +7,7 @@ import (
 	"{{.GoPackageFullPath}}/api/models"
 	"{{.GoPackageFullPath}}/api/repositories"
 
-	"{{.GoPackageFullPath}}/shared/services"
+	"github.com/edwinvautier/go-cli/bundles/authenticator"
 	"github.com/gin-gonic/gin"
 )
 
@@ -23,7 +23,7 @@ func CheckAuthorization(c *gin.Context) {
 	token := strings.TrimPrefix(bearer, "Bearer ")
 
 	// validate and decode token to get its informations
-	_, claims, err := services.DecodeToken(token)
+	_, claims, err := authenticator.DecodeToken(token)
 	if err != nil {
 		c.AbortWithStatusJSON(http.StatusUnauthorized, "Unauthorized")
 		return

diff --git a/bundles/authenticator/token.go b/bundles/authenticator/token.go
@@ -18,6 +18,12 @@ type Rsa struct {
 	PrivateKey     interface{}
 }
 
+// Claim is the struct for the jwt claim
+type Claim struct {
+	Email string
+	jwt.StandardClaims
+}
+
 var rsa Rsa
 
 func initRsaKeys() error {
@@ -58,7 +64,7 @@ func initRsaKeys() error {
 }
 
 // GenerateToken creates a JWT with email and expiration time in the payload
-func (auth Authenticator) GenerateToken(email string) (string, error) {
+func GenerateToken(email string) (string, error) {
 	err := initRsaKeys()
 	if err != nil {
 		return "", errors.New("Couldn't init rsa keys")
@@ -88,7 +94,7 @@ func (auth Authenticator) GenerateToken(email string) (string, error) {
 }
 
 // DecodeToken decode and validates a token
-func (auth Authenticator) DecodeToken(tokenString string) (*jwt.Token, *Claim, error) {
+func DecodeToken(tokenString string) (*jwt.Token, *Claim, error) {
 	err := initRsaKeys()
 	if err != nil {
 		return nil, &Claim{}, errors.New("Couldn't init rsa keys")

diff --git a/templates/tests/customers_test.go.template b/templates/tests/customers_test.go.template
@@ -19,7 +19,6 @@ func TestValidateCustomer(t *testing.T) {
 			args: args{
 				&models.CustomerForm{
 					Name:     "",
-					Password: "tesT12345",
 					Email:    "bob@gmail.com",
 				},
 			},
@@ -30,29 +29,16 @@ func TestValidateCustomer(t *testing.T) {
 			args: args{
 				&models.CustomerForm{
 					Name:     "Bob",
-					Password: "tesT12345",
 					Email:    "bobgmail.com",
 				},
 			},
 			wantErr: true,
 		},
-		{
-			name: "wrong password",
-			args: args{
-				&models.CustomerForm{
-					Name:     "Bob",
-					Password: "test",
-					Email:    "bob@gmail.com",
-				},
-			},
-			wantErr: true,
-		},
 		{
 			name: "correct customer",
 			args: args{
 				&models.CustomerForm{
 					Name:     "Bob",
-					Password: "tesT12345",
 					Email:    "bob@gmail.com",
 				},
 			},