add basic user authentication

internal/api/routes.go

@@ -2,11 +2,14 @@ package api
 
 import (
 	"errors"
+	"fmt"
 	"net/http"
 
+	"git.artlef.fr/PersonalLibraryManager/internal/jwtauth"
 	"git.artlef.fr/PersonalLibraryManager/internal/model"
 	"github.com/gin-gonic/gin"
 	"github.com/go-playground/validator/v10"
+	"golang.org/x/crypto/bcrypt"
 	"gorm.io/gorm"
 )
 
@@ -32,8 +35,8 @@ func PostBookHandler(c *gin.Context, db *gorm.DB) {
 	c.String(200, "Success")
 }
 
-func PostUserHandler(c *gin.Context, db *gorm.DB) {
-	var user userPostCreate
+func PostSignupHandler(c *gin.Context, db *gorm.DB) {
+	var user userSignup
 	err := c.ShouldBindJSON(&user)
 	if err != nil {
 		manageBindingError(c, err)
@@ -52,6 +55,37 @@ func PostUserHandler(c *gin.Context, db *gorm.DB) {
 	c.String(200, "Success")
 }
 
+func PostLoginHandler(c *gin.Context, db *gorm.DB) {
+	var user userLogin
+	err := c.ShouldBindJSON(&user)
+	if err != nil {
+		manageBindingError(c, err)
+		return
+	}
+
+	if !isUserAndPasswordOk(db, user.Username, user.Password) {
+		c.JSON(http.StatusInternalServerError,
+			gin.H{"error": "Invalid credentials."})
+		return
+	}
+
+	var jwtToken string
+	jwtToken, err = jwtauth.GenerateJwtToken(user.Username)
+	if err != nil {
+		c.JSON(http.StatusUnauthorized,
+			gin.H{"error": fmt.Errorf("Error when generating JWT token: %w", err)})
+		return
+	}
+	c.JSON(200, gin.H{"message": "Authentication was a success.", "token": jwtToken})
+}
+
+func isUserAndPasswordOk(db *gorm.DB, username string, password string) bool {
+	var user model.User
+	db.Where("name = ?", username).First(&user)
+	err := bcrypt.CompareHashAndPassword([]byte(user.Password), []byte(password))
+	return err == nil
+}
+
 func manageBindingError(c *gin.Context, err error) {
 	var ve validator.ValidationErrors
 	if errors.As(err, &ve) {