add basic user authentication

internal/api/dto.go

@@ -6,7 +6,12 @@ type bookPostCreate struct {
 	Rating int    `json:"rating" binding:"min=0,max=10"`
 }
 
-type userPostCreate struct {
+type userSignup struct {
+	Username string `json:"username" binding:"required,min=2,max=20"`
+	Password string `json:"password" binding:"required,min=6,max=100"`
+}
+
+type userLogin struct {
 	Username string `json:"username" binding:"required,min=2,max=20"`
 	Password string `json:"password" binding:"required,min=6,max=100"`
 }

internal/api/mapper.go

@@ -13,7 +13,7 @@ func (b bookPostCreate) toBook() model.Book {
 	}
 }
 
-func (u userPostCreate) toUser() (model.User, error) {
+func (u userSignup) toUser() (model.User, error) {
 	user := model.User{
 		Name:     u.Username,
 		Password: "",

internal/api/routes.go

@@ -2,11 +2,14 @@ package api
 
 import (
 	"errors"
+	"fmt"
 	"net/http"
 
+	"git.artlef.fr/PersonalLibraryManager/internal/jwtauth"
 	"git.artlef.fr/PersonalLibraryManager/internal/model"
 	"github.com/gin-gonic/gin"
 	"github.com/go-playground/validator/v10"
+	"golang.org/x/crypto/bcrypt"
 	"gorm.io/gorm"
 )
 
@@ -32,8 +35,8 @@ func PostBookHandler(c *gin.Context, db *gorm.DB) {
 	c.String(200, "Success")
 }
 
-func PostUserHandler(c *gin.Context, db *gorm.DB) {
-	var user userPostCreate
+func PostSignupHandler(c *gin.Context, db *gorm.DB) {
+	var user userSignup
 	err := c.ShouldBindJSON(&user)
 	if err != nil {
 		manageBindingError(c, err)
@@ -52,6 +55,37 @@ func PostUserHandler(c *gin.Context, db *gorm.DB) {
 	c.String(200, "Success")
 }
 
+func PostLoginHandler(c *gin.Context, db *gorm.DB) {
+	var user userLogin
+	err := c.ShouldBindJSON(&user)
+	if err != nil {
+		manageBindingError(c, err)
+		return
+	}
+
+	if !isUserAndPasswordOk(db, user.Username, user.Password) {
+		c.JSON(http.StatusInternalServerError,
+			gin.H{"error": "Invalid credentials."})
+		return
+	}
+
+	var jwtToken string
+	jwtToken, err = jwtauth.GenerateJwtToken(user.Username)
+	if err != nil {
+		c.JSON(http.StatusUnauthorized,
+			gin.H{"error": fmt.Errorf("Error when generating JWT token: %w", err)})
+		return
+	}
+	c.JSON(200, gin.H{"message": "Authentication was a success.", "token": jwtToken})
+}
+
+func isUserAndPasswordOk(db *gorm.DB, username string, password string) bool {
+	var user model.User
+	db.Where("name = ?", username).First(&user)
+	err := bcrypt.CompareHashAndPassword([]byte(user.Password), []byte(password))
+	return err == nil
+}
+
 func manageBindingError(c *gin.Context, err error) {
 	var ve validator.ValidationErrors
 	if errors.As(err, &ve) {

internal/jwtauth/jwt.go

@@ -0,0 +1,22 @@
+package jwtauth
+
+import (
+	"encoding/base64"
+	"os"
+
+	"github.com/golang-jwt/jwt/v5"
+)
+
+func GenerateJwtToken(username string) (string, error) {
+	var s string
+	key, err := base64.URLEncoding.DecodeString(os.Getenv(getKeyVariableName()))
+	if err != nil {
+		return s, err
+	}
+	t := jwt.NewWithClaims(jwt.SigningMethodHS256,
+		jwt.MapClaims{
+			"iss": "PersonalLibraryManager",
+			"sub": username,
+		})
+	return t.SignedString(key)
+}

internal/jwtauth/key.go

@@ -0,0 +1,39 @@
+package jwtauth
+
+import (
+	"crypto/rand"
+	"encoding/base64"
+	"os"
+)
+
+func generateRandomBytes(n int) ([]byte, error) {
+	b := make([]byte, n)
+	_, err := rand.Read(b)
+	if err != nil {
+		return nil, err
+	}
+	return b, nil
+}
+
+func generateSecureToken(n int) (string, error) {
+	bytes, err := generateRandomBytes(n)
+	if err != nil {
+		return "", err
+	}
+	return base64.URLEncoding.EncodeToString(bytes), nil
+}
+
+func getKeyVariableName() string {
+	return "PLM_JWT_KEY"
+}
+
+func InitKey() error {
+	var err error
+	keyName := getKeyVariableName()
+	key := os.Getenv(keyName)
+	if key == "" {
+		key, err = generateSecureToken(64)
+		os.Setenv(keyName, key)
+	}
+	return err
+}