DEV Community: Jacob Goodwin The latest articles on DEV Community by Jacob Goodwin (@jacobsngoodwin). https://dev.to/jacobsngoodwin https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F460237%2F81a50528-f572-48d4-924f-6158bb2fffbf.jpeg DEV Community: Jacob Goodwin https://dev.to/jacobsngoodwin en Get Started with XState and Vue 3 Jacob Goodwin Thu, 21 Jan 2021 05:26:17 +0000 https://dev.to/jacobsngoodwin/get-started-with-xstate-and-vue-3-4oie https://dev.to/jacobsngoodwin/get-started-with-xstate-and-vue-3-4oie <p>Hey folks, I just wanted to let you all know that I have recently created a pair of tutorials on using XState with Vue 3.</p> <p>In the first video, I go over creating a simple state machine with the <a href="https://xstate.js.org/viz/">XState Visualizer</a>, and then show how to integrate this into a Vue 3 setup function by using the composable function provided by XState. </p> <p><iframe width="710" height="399" src="https://www.youtube.com/embed/g4YnmydXMP8"> </iframe> </p> <p>In the second video, I discuss how we can use <a href="https://xstate.js.org/docs/guides/typescript.html#typestates">Typestates</a> along with Typescript to better type our state machines and give us great compile-time support inside of Vue templates. In this latter tutorial, I also go over scaffolding out a Vite application for Typescript. In this video, we work on asynchronous data fetching.</p> <p><iframe width="710" height="399" src="https://www.youtube.com/embed/7tT45eRmyJE"> </iframe> </p> <p>I hope you check out the videos and give'em a thumbs up!</p> vue xstate state compositionapi 17 - Updating TokenPair Model Jacob Goodwin Mon, 11 Jan 2021 03:23:25 +0000 https://dev.to/jacobsngoodwin/17-updating-tokenpair-model-a8g https://dev.to/jacobsngoodwin/17-updating-tokenpair-model-a8g <h2> Written Tutorial Ending 😥 </h2> <p>Thanks to all of you have been following along with this tutorial series. After much consideration, I have decided to focus on the video series only.</p> <p>I'm currently increasing my effort to land my first job in software development and have thankfully been getting a few interviews. I need a little more time to review topics and frameworks that I haven't used in some time as I tend to go all in with one tech stack and then forget what I've previously learned. I also should spend some more time on algorithm study as I do not have a CS background. Unfortunately, companies still haven't found a better way to choose candidates.</p> <p>Furthermore, my YouTube channel has seen slow, but steady growth in minutes watched and subscribers, whereas these articles don't seem to be gaining as much traction. Also, as the app gets more complex, it's really tough to explain the details in writing. </p> <p>I know some of you might find it harder to watch a video in your non-native language (and frankly, they're a little long), but I promise I'll try to speak slowly!</p> <p>Thanks for those of you that have followed along!</p> <p><em>As always, check out the <a href="https://github.com/JacobSNGoodwin/memrizr">Github repo</a> with all of the code for this tutorial including a branch for each lesson and some unit tests not included in the tutorials!</em></p> <p>Here's the video for today's tutorial where I'll be updating the <code>TokenPair</code> model!</p> <p><iframe width="710" height="399" src="https://www.youtube.com/embed/SeksH9txEZ4"> </iframe> </p> <p>¡Hasta pronto!</p> go gin authentication architecture 16 - Create Gin Middleware to Extract Authorized User Jacob Goodwin Mon, 04 Jan 2021 01:22:56 +0000 https://dev.to/jacobsngoodwin/16-create-gin-middleware-to-extract-authorized-user-1jom https://dev.to/jacobsngoodwin/16-create-gin-middleware-to-extract-authorized-user-1jom <p>Today we'll create a middleware to extract a user from an ID token sent to our application on an <code>Authorization</code> header of an HTTP request. This ID token is the one we send to a user in JWT format when they sign up or sign in. </p> <p>The middleware will do the following:</p> <ol> <li>verify that we've received the appropriate <code>Authorization</code> header. </li> <li>check that the token is valid and not expired. </li> <li>"set" the user on the Gin context so that route handlers can use the verified user data to make authorized updates for this user (like updating their profile, for example). </li> </ol> <p>In some role- or permission-based authorization schemes, the token might store a role, or the role might be fetched from a database based on an ID stored in the token. In our application, each user will only be authorized to make changes to their own account info, so we will not be looking up or assigning any permissions.</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Frh5kekajdmwvmbsetxh5.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Frh5kekajdmwvmbsetxh5.png" alt="Auth User Middleware"></a></p> <p>In order to create this middleware, we'll need to add a new method to our our <code>TokenService</code> called <code>ValidateIDToken</code>. As <code>middleware</code> is a sub-package of <code>handler</code>, we'll have to pass the <code>TokenService</code> as a parameter to the middleware.</p> <p>After we've completed these tasks, we'll be able to run our application and send a Get Request with a user's valid ID token to the "/me" endpoint and receive the user's details.</p> <p><em>As always, check out the <a href="https://github.com/JacobSNGoodwin/memrizr" rel="noopener noreferrer">Github repo</a> with all of the code for this tutorial including a branch for each lesson and some unit tests not included in the tutorials!</em></p> <p><em>If you prefer video</em> <br> <iframe width="710" height="399" src="https://www.youtube.com/embed/CfLwB5UBeOQ"> </iframe> </p> <h2> Review of Me Handler </h2> <p>If we look at the current code of our "me" handler, we see that we extract a user from the gin context with a <code>Get</code> method. This user is then cast to a <code>*model.User</code>. The middleware we're going to write will make sure that a user is available on the "user" key when this handler method is executed.</p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code> <span class="k">func</span> <span class="p">(</span><span class="n">h</span> <span class="o">*</span><span class="n">Handler</span><span class="p">)</span> <span class="n">Me</span><span class="p">(</span><span class="n">c</span> <span class="o">*</span><span class="n">gin</span><span class="o">.</span><span class="n">Context</span><span class="p">)</span> <span class="p">{</span> <span class="c">// A *model.User will eventually be added to context in middleware</span> <span class="n">user</span><span class="p">,</span> <span class="n">exists</span> <span class="o">:=</span> <span class="n">c</span><span class="o">.</span><span class="n">Get</span><span class="p">(</span><span class="s">"user"</span><span class="p">)</span> <span class="c">// This shouldn't happen, as our middleware ought to throw an error.</span> <span class="c">// We can also use "MustGet" to get the key or panic</span> <span class="k">if</span> <span class="o">!</span><span class="n">exists</span> <span class="p">{</span> <span class="n">log</span><span class="o">.</span><span class="n">Printf</span><span class="p">(</span><span class="s">"Unable to extract user from request context for unknown reason: %v</span><span class="se">\n</span><span class="s">"</span><span class="p">,</span> <span class="n">c</span><span class="p">)</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">apperrors</span><span class="o">.</span><span class="n">NewInternal</span><span class="p">()</span> <span class="n">c</span><span class="o">.</span><span class="n">JSON</span><span class="p">(</span><span class="n">err</span><span class="o">.</span><span class="n">Status</span><span class="p">(),</span> <span class="n">gin</span><span class="o">.</span><span class="n">H</span><span class="p">{</span> <span class="s">"error"</span><span class="o">:</span> <span class="n">err</span><span class="p">,</span> <span class="p">})</span> <span class="k">return</span> <span class="p">}</span> <span class="n">uid</span> <span class="o">:=</span> <span class="n">user</span><span class="o">.</span><span class="p">(</span><span class="o">*</span><span class="n">model</span><span class="o">.</span><span class="n">User</span><span class="p">)</span><span class="o">.</span><span class="n">UID</span> <span class="c">// code omitted</span> <span class="p">}</span> </code></pre> </div> <h2> Fix UserService.Signin </h2> <p>I previously failed to update the <code>*model.User</code> passed as a method parameter to <code>UserService.Signin</code> with the user returned by <code>UserRepository.FindByEmail</code>.</p> <p>Let's fix this as follows:</p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code> <span class="c">// prev</span> <span class="n">u</span> <span class="o">=</span> <span class="n">uFetched</span> <span class="c">// May be better to return new user from method</span> <span class="o">*</span><span class="n">u</span> <span class="o">=</span> <span class="o">*</span><span class="n">uFetched</span> </code></pre> </div> <p>If I had to do things again, I would pass an <code>email</code> and a <code>password</code> (or else a struct containing these fields) to <code>UserService.Signin</code>, and return <code>(*model.User, error)</code>. I believe this approach would be much easier to understand. </p> <p>To avoid having to modify our tests and <code>handler.Signin</code>, we won't fix this now, but feel free to do this in your app.</p> <h2> Add a validateIDToken Function </h2> <p>We previously created a file with some utility functions for working with tokens in <code>~/service/tokens.go</code>. Let's now update this file with with a function to validate an ID token.</p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code> <span class="c">// IDTokenCustomClaims holds structure of jwt claims of idToken</span> <span class="k">type</span> <span class="n">IDTokenCustomClaims</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">User</span> <span class="o">*</span><span class="n">model</span><span class="o">.</span><span class="n">User</span> <span class="s">`json:"user"`</span> <span class="n">jwt</span><span class="o">.</span><span class="n">StandardClaims</span> <span class="p">}</span> <span class="c">// CODE OMITTED ...</span> <span class="c">// validateIDToken returns the token's claims if the token is valid</span> <span class="k">func</span> <span class="n">validateIDToken</span><span class="p">(</span><span class="n">tokenString</span> <span class="kt">string</span><span class="p">,</span> <span class="n">key</span> <span class="o">*</span><span class="n">rsa</span><span class="o">.</span><span class="n">PublicKey</span><span class="p">)</span> <span class="p">(</span><span class="o">*</span><span class="n">IDTokenCustomClaims</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span> <span class="n">claims</span> <span class="o">:=</span> <span class="o">&amp;</span><span class="n">IDTokenCustomClaims</span><span class="p">{}</span> <span class="n">token</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">jwt</span><span class="o">.</span><span class="n">ParseWithClaims</span><span class="p">(</span><span class="n">tokenString</span><span class="p">,</span> <span class="n">claims</span><span class="p">,</span> <span class="k">func</span><span class="p">(</span><span class="n">token</span> <span class="o">*</span><span class="n">jwt</span><span class="o">.</span><span class="n">Token</span><span class="p">)</span> <span class="p">(</span><span class="k">interface</span><span class="p">{},</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="n">key</span><span class="p">,</span> <span class="no">nil</span> <span class="p">})</span> <span class="c">// For now we'll just return the error and handle logging in service level</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">err</span> <span class="p">}</span> <span class="k">if</span> <span class="o">!</span><span class="n">token</span><span class="o">.</span><span class="n">Valid</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Errorf</span><span class="p">(</span><span class="s">"ID token is invalid"</span><span class="p">)</span> <span class="p">}</span> <span class="n">claims</span><span class="p">,</span> <span class="n">ok</span> <span class="o">:=</span> <span class="n">token</span><span class="o">.</span><span class="n">Claims</span><span class="o">.</span><span class="p">(</span><span class="o">*</span><span class="n">IDTokenCustomClaims</span><span class="p">)</span> <span class="k">if</span> <span class="o">!</span><span class="n">ok</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Errorf</span><span class="p">(</span><span class="s">"ID token valid but couldn't parse claims"</span><span class="p">)</span> <span class="p">}</span> <span class="k">return</span> <span class="n">claims</span><span class="p">,</span> <span class="no">nil</span> <span class="p">}</span> </code></pre> </div> <p>This function takes in the stringified version of our JWT, <code>tokenString</code>, and the <code>rsa.PublicKey</code> which is a field of our <code>tokenService</code>. We first parse the JWT using the public RSA key. This will return a <code>*jwt.Token</code>. This token will contain a <code>valid</code> field indicating whether the token is valid (including if it is expired). It also contains the claims, or fields, of the token. We cast these claims to <code>*IDTokenCustomClaims</code> and then return them.</p> <h2> Use validateIDToken in TokenService.ValidateIDToken </h2> <h3> Add Method to Interfaces </h3> <p>We need to update the <code>TokenService</code> interface by creating the method signature for <code>ValidateIDToken</code>. We do this in <code>~/model/interfaces.go</code>.</p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code> <span class="c">// TokenService defines methods the handler layer expects to interact</span> <span class="c">// with in regards to producing JWTs as string</span> <span class="k">type</span> <span class="n">TokenService</span> <span class="k">interface</span> <span class="p">{</span> <span class="n">NewPairFromUser</span><span class="p">(</span><span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">,</span> <span class="n">u</span> <span class="o">*</span><span class="n">User</span><span class="p">,</span> <span class="n">prevTokenID</span> <span class="kt">string</span><span class="p">)</span> <span class="p">(</span><span class="o">*</span><span class="n">TokenPair</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="n">ValidateIDToken</span><span class="p">(</span><span class="n">tokenString</span> <span class="kt">string</span><span class="p">)</span> <span class="p">(</span><span class="o">*</span><span class="n">User</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">}</span> </code></pre> </div> <p>We need not pass a context as this method will not be making calls to the repository layer and because our token functions do not require a context.</p> <h3> Create Mock ValidateIDToken </h3> <p>To get rid of warnings, I'll add a mock definition in <code>~/model/mocks/token_service.go</code>.</p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code> <span class="c">// ValidateIDToken mocks concrete ValidateIDToken</span> <span class="k">func</span> <span class="p">(</span><span class="n">m</span> <span class="o">*</span><span class="n">MockTokenService</span><span class="p">)</span> <span class="n">ValidateIDToken</span><span class="p">(</span><span class="n">tokenString</span> <span class="kt">string</span><span class="p">)</span> <span class="p">(</span><span class="o">*</span><span class="n">model</span><span class="o">.</span><span class="n">User</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span> <span class="n">ret</span> <span class="o">:=</span> <span class="n">m</span><span class="o">.</span><span class="n">Called</span><span class="p">(</span><span class="n">tokenString</span><span class="p">)</span> <span class="c">// first value passed to "Return"</span> <span class="k">var</span> <span class="n">r0</span> <span class="o">*</span><span class="n">model</span><span class="o">.</span><span class="n">User</span> <span class="k">if</span> <span class="n">ret</span><span class="o">.</span><span class="n">Get</span><span class="p">(</span><span class="m">0</span><span class="p">)</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="c">// we can just return this if we know we won't be passing function to "Return"</span> <span class="n">r0</span> <span class="o">=</span> <span class="n">ret</span><span class="o">.</span><span class="n">Get</span><span class="p">(</span><span class="m">0</span><span class="p">)</span><span class="o">.</span><span class="p">(</span><span class="o">*</span><span class="n">model</span><span class="o">.</span><span class="n">User</span><span class="p">)</span> <span class="p">}</span> <span class="k">var</span> <span class="n">r1</span> <span class="kt">error</span> <span class="k">if</span> <span class="n">ret</span><span class="o">.</span><span class="n">Get</span><span class="p">(</span><span class="m">1</span><span class="p">)</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">r1</span> <span class="o">=</span> <span class="n">ret</span><span class="o">.</span><span class="n">Get</span><span class="p">(</span><span class="m">1</span><span class="p">)</span><span class="o">.</span><span class="p">(</span><span class="kt">error</span><span class="p">)</span> <span class="p">}</span> <span class="k">return</span> <span class="n">r0</span><span class="p">,</span> <span class="n">r1</span> <span class="p">}</span> </code></pre> </div> <h3> ValidateIDToken Implementation </h3> <p>The implementation of <code>TokenService.ValidateIDToken</code> will be pretty simple. The main purpose is to extract and return the <code>*model.User</code> from off of the <code>IDTokenCustomClaims</code>. Let's update <code>~/service/token_service.go</code>.</p> <p>In the case of any error from <code>validateIDToken</code>, we'll return an authorization error.</p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code> <span class="c">// ValidateIDToken validates the id token jwt string</span> <span class="c">// It returns the user extract from the IDTokenCustomClaims</span> <span class="k">func</span> <span class="p">(</span><span class="n">s</span> <span class="o">*</span><span class="n">tokenService</span><span class="p">)</span> <span class="n">ValidateIDToken</span><span class="p">(</span><span class="n">tokenString</span> <span class="kt">string</span><span class="p">)</span> <span class="p">(</span><span class="o">*</span><span class="n">model</span><span class="o">.</span><span class="n">User</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span> <span class="n">claims</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">validateIDToken</span><span class="p">(</span><span class="n">tokenString</span><span class="p">,</span> <span class="n">s</span><span class="o">.</span><span class="n">PubKey</span><span class="p">)</span> <span class="c">// uses public RSA key</span> <span class="c">// We'll just return unauthorized error in all instances of failing to verify user</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">log</span><span class="o">.</span><span class="n">Printf</span><span class="p">(</span><span class="s">"Unable to validate or parse idToken - Error: %v</span><span class="se">\n</span><span class="s">"</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">apperrors</span><span class="o">.</span><span class="n">NewAuthorization</span><span class="p">(</span><span class="s">"Unable to verify user from idToken"</span><span class="p">)</span> <span class="p">}</span> <span class="k">return</span> <span class="n">claims</span><span class="o">.</span><span class="n">User</span><span class="p">,</span> <span class="no">nil</span> <span class="p">}</span> </code></pre> </div> <h2> Create AuthUser Middleware </h2> <p>We can finally create the middleware to extract an authorized user! To do this, let's add a file, <code>~/handler/middleware/auth_user.go</code>.</p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code> <span class="k">package</span> <span class="n">middleware</span> <span class="c">// IMPORTS OMITTED - Make sure to import validator/v10</span> <span class="c">// My auto import always uses V9</span> <span class="k">type</span> <span class="n">authHeader</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">IDToken</span> <span class="kt">string</span> <span class="s">`header:"Authorization"`</span> <span class="p">}</span> <span class="c">// used to help extract validation errors</span> <span class="k">type</span> <span class="n">invalidArgument</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">Field</span> <span class="kt">string</span> <span class="s">`json:"field"`</span> <span class="n">Value</span> <span class="kt">string</span> <span class="s">`json:"value"`</span> <span class="n">Tag</span> <span class="kt">string</span> <span class="s">`json:"tag"`</span> <span class="n">Param</span> <span class="kt">string</span> <span class="s">`json:"param"`</span> <span class="p">}</span> <span class="c">// AuthUser extracts a user from the Authorization header</span> <span class="c">// which is of the form "Bearer token"</span> <span class="c">// It sets the user to the context if the user exists</span> <span class="k">func</span> <span class="n">AuthUser</span><span class="p">(</span><span class="n">s</span> <span class="n">model</span><span class="o">.</span><span class="n">TokenService</span><span class="p">)</span> <span class="n">gin</span><span class="o">.</span><span class="n">HandlerFunc</span> <span class="p">{</span> <span class="k">return</span> <span class="k">func</span><span class="p">(</span><span class="n">c</span> <span class="o">*</span><span class="n">gin</span><span class="o">.</span><span class="n">Context</span><span class="p">)</span> <span class="p">{</span> <span class="n">h</span> <span class="o">:=</span> <span class="n">authHeader</span><span class="p">{}</span> <span class="c">// bind Authorization Header to h and check for validation errors</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">c</span><span class="o">.</span><span class="n">ShouldBindHeader</span><span class="p">(</span><span class="o">&amp;</span><span class="n">h</span><span class="p">);</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">if</span> <span class="n">errs</span><span class="p">,</span> <span class="n">ok</span> <span class="o">:=</span> <span class="n">err</span><span class="o">.</span><span class="p">(</span><span class="n">validator</span><span class="o">.</span><span class="n">ValidationErrors</span><span class="p">);</span> <span class="n">ok</span> <span class="p">{</span> <span class="c">// we used this type in bind_data to extract desired fields from errs</span> <span class="c">// you might consider extracting it</span> <span class="k">var</span> <span class="n">invalidArgs</span> <span class="p">[]</span><span class="n">invalidArgument</span> <span class="k">for</span> <span class="n">_</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="k">range</span> <span class="n">errs</span> <span class="p">{</span> <span class="n">invalidArgs</span> <span class="o">=</span> <span class="nb">append</span><span class="p">(</span><span class="n">invalidArgs</span><span class="p">,</span> <span class="n">invalidArgument</span><span class="p">{</span> <span class="n">err</span><span class="o">.</span><span class="n">Field</span><span class="p">(),</span> <span class="n">err</span><span class="o">.</span><span class="n">Value</span><span class="p">()</span><span class="o">.</span><span class="p">(</span><span class="kt">string</span><span class="p">),</span> <span class="n">err</span><span class="o">.</span><span class="n">Tag</span><span class="p">(),</span> <span class="n">err</span><span class="o">.</span><span class="n">Param</span><span class="p">(),</span> <span class="p">})</span> <span class="p">}</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">apperrors</span><span class="o">.</span><span class="n">NewBadRequest</span><span class="p">(</span><span class="s">"Invalid request parameters. See invalidArgs"</span><span class="p">)</span> <span class="n">c</span><span class="o">.</span><span class="n">JSON</span><span class="p">(</span><span class="n">err</span><span class="o">.</span><span class="n">Status</span><span class="p">(),</span> <span class="n">gin</span><span class="o">.</span><span class="n">H</span><span class="p">{</span> <span class="s">"error"</span><span class="o">:</span> <span class="n">err</span><span class="p">,</span> <span class="s">"invalidArgs"</span><span class="o">:</span> <span class="n">invalidArgs</span><span class="p">,</span> <span class="p">})</span> <span class="n">c</span><span class="o">.</span><span class="n">Abort</span><span class="p">()</span> <span class="k">return</span> <span class="p">}</span> <span class="c">// otherwise error type is unknown</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">apperrors</span><span class="o">.</span><span class="n">NewInternal</span><span class="p">()</span> <span class="n">c</span><span class="o">.</span><span class="n">JSON</span><span class="p">(</span><span class="n">err</span><span class="o">.</span><span class="n">Status</span><span class="p">(),</span> <span class="n">gin</span><span class="o">.</span><span class="n">H</span><span class="p">{</span> <span class="s">"error"</span><span class="o">:</span> <span class="n">err</span><span class="p">,</span> <span class="p">})</span> <span class="n">c</span><span class="o">.</span><span class="n">Abort</span><span class="p">()</span> <span class="k">return</span> <span class="p">}</span> <span class="n">idTokenHeader</span> <span class="o">:=</span> <span class="n">strings</span><span class="o">.</span><span class="n">Split</span><span class="p">(</span><span class="n">h</span><span class="o">.</span><span class="n">IDToken</span><span class="p">,</span> <span class="s">"Bearer "</span><span class="p">)</span> <span class="k">if</span> <span class="nb">len</span><span class="p">(</span><span class="n">idTokenHeader</span><span class="p">)</span> <span class="o">&lt;</span> <span class="m">2</span> <span class="p">{</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">apperrors</span><span class="o">.</span><span class="n">NewAuthorization</span><span class="p">(</span><span class="s">"Must provide Authorization header with format `Bearer {token}`"</span><span class="p">)</span> <span class="n">c</span><span class="o">.</span><span class="n">JSON</span><span class="p">(</span><span class="n">err</span><span class="o">.</span><span class="n">Status</span><span class="p">(),</span> <span class="n">gin</span><span class="o">.</span><span class="n">H</span><span class="p">{</span> <span class="s">"error"</span><span class="o">:</span> <span class="n">err</span><span class="p">,</span> <span class="p">})</span> <span class="n">c</span><span class="o">.</span><span class="n">Abort</span><span class="p">()</span> <span class="k">return</span> <span class="p">}</span> <span class="c">// validate ID token here</span> <span class="n">user</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">s</span><span class="o">.</span><span class="n">ValidateIDToken</span><span class="p">(</span><span class="n">idTokenHeader</span><span class="p">[</span><span class="m">1</span><span class="p">])</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">apperrors</span><span class="o">.</span><span class="n">NewAuthorization</span><span class="p">(</span><span class="s">"Provided token is invalid"</span><span class="p">)</span> <span class="n">c</span><span class="o">.</span><span class="n">JSON</span><span class="p">(</span><span class="n">err</span><span class="o">.</span><span class="n">Status</span><span class="p">(),</span> <span class="n">gin</span><span class="o">.</span><span class="n">H</span><span class="p">{</span> <span class="s">"error"</span><span class="o">:</span> <span class="n">err</span><span class="p">,</span> <span class="p">})</span> <span class="n">c</span><span class="o">.</span><span class="n">Abort</span><span class="p">()</span> <span class="k">return</span> <span class="p">}</span> <span class="n">c</span><span class="o">.</span><span class="n">Set</span><span class="p">(</span><span class="s">"user"</span><span class="p">,</span> <span class="n">user</span><span class="p">)</span> <span class="n">c</span><span class="o">.</span><span class="n">Next</span><span class="p">()</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>In the middleware we:</p> <ol> <li>Check for validation errors provided by Gin's <code>ShouldBindHeader</code>. We check if the error is a validation error. If it is, we extract a few fields off of each <code>validator.ValidationErrors</code> (individual errors are called <code>FieldError</code>) to send to the client as a <code>BadRequest</code>. We use <code>invalidArgument</code> to define the error fields we want to send to the client. </li> <li>Check that the Authorization header is provided in the format <code>Bearer {token}</code>. We split the token off of the string, which is a stringified JWT, and check for any errors.</li> <li>Finally, we reach out to the <code>ValidateIDToken</code> method we just created, which uses the JWT library to make sure the token can be verified with the <em>public</em> RSA key, and that the token is not expired. </li> <li>If all of these cases pass, we can <code>Set</code> the user on our Gin context, and call the <code>Next()</code> handler.</li> </ol> <h2> Apply AuthUser to Me Handler </h2> <p>Recall that our <code>Me</code> handler will expect to extract a <em>model.User</em> from the gin context. To make this user available to our handler, we need to add the <code>AuthUser</code> middleware to this individual handler.</p> <p>We can update this in <code>~/handler/handler.go</code>.</p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code> <span class="c">// Wish I had thought this through better!</span> <span class="k">if</span> <span class="n">gin</span><span class="o">.</span><span class="n">Mode</span><span class="p">()</span> <span class="o">!=</span> <span class="n">gin</span><span class="o">.</span><span class="n">TestMode</span> <span class="p">{</span> <span class="n">g</span><span class="o">.</span><span class="n">Use</span><span class="p">(</span><span class="n">middleware</span><span class="o">.</span><span class="n">Timeout</span><span class="p">(</span><span class="n">c</span><span class="o">.</span><span class="n">TimeoutDuration</span><span class="p">,</span> <span class="n">apperrors</span><span class="o">.</span><span class="n">NewServiceUnavailable</span><span class="p">()))</span> <span class="n">g</span><span class="o">.</span><span class="n">GET</span><span class="p">(</span><span class="s">"/me"</span><span class="p">,</span> <span class="n">middleware</span><span class="o">.</span><span class="n">AuthUser</span><span class="p">(</span><span class="n">h</span><span class="o">.</span><span class="n">TokenService</span><span class="p">),</span> <span class="n">h</span><span class="o">.</span><span class="n">Me</span><span class="p">)</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="n">g</span><span class="o">.</span><span class="n">GET</span><span class="p">(</span><span class="s">"/me"</span><span class="p">,</span> <span class="n">h</span><span class="o">.</span><span class="n">Me</span><span class="p">)</span> <span class="p">}</span> </code></pre> </div> <p>Notice that we only add the middleware if we're not in test mode. That's because we previously created a handler test in isolation of the middleware. You can choose to do it this way, or to integrate middleware and handlers for your test.</p> <p>I'd really love if any of you have any practical suggestions on how to handle this in production-grade applications!</p> <h2> Run and Test Application </h2> <p>From the application root, let's run our application!</p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> docker-compose up </code></pre> </div> <h3> Sign In An Existing User </h3> <p>I'll first sign in an existing user.</p> <p><em>If you want to see how to make this request in Postman, checkout the YouTube video.</em></p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> ➜ curl <span class="nt">--location</span> <span class="nt">--request</span> POST <span class="s1">'http://malcorp.test/api/account/signin'</span> <span class="se">\</span> <span class="nt">--header</span> <span class="s1">'Authorization: Bearer {{idToken}}'</span> <span class="se">\</span> <span class="nt">--header</span> <span class="s1">'Content-Type: application/json'</span> <span class="se">\</span> <span class="nt">--data-raw</span> <span class="s1">'{ "email": "guy01@guy.com", "password": "avalidpassword123" }'</span> </code></pre> </div> <p>The response is:</p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"tokens"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"idToken"</span><span class="p">:</span><span class="s2">"eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyIjp7InVpZCI6ImVlODZjYzJjLTg2ODEtNDU5YS1hOTc3LTNjYWY5NzUzZTE0YiIsImVtYWlsIjoiZ3V5MDFAZ3V5LmNvbSIsIm5hbWUiOiIiLCJpbWFnZVVybCI6IiIsIndlYnNpdGUiOiIifSwiZXhwIjoxNjA5MjY5NDI2LCJpYXQiOjE2MDkyNjg1MjZ9.RLC-RcH-YnSJfKqgbucUvvo2DV3sLcJwXSMlbvOqnEbPgjeWv_3ae61lZU909xUMq6Qrl-tpGLxgkrkk3FiXUuhu8J8bBdCYgSgBhPTkoVuALSuC9N-0mcVTLiQ2zZVwxpuDWHCxHtcjinCwt-XSq94CuSqfwDxjmc--Y0IiQMa5pRMa5Ol4qhs0ABkCI-cq0op8_HUOR7mctmiyR1xaKC8AmvLXbgYp7-g5DfKquYjdEDM640W4y99eBTvDRJwHqRTE5QBVYwzVylqFcy82yCriKPB0sgv60iACOjngkzTqatPzYI6C_QUtKOoaNY1NiIpRI99jiFrrW7z1IIt9NA"</span><span class="p">,</span><span class="nl">"refreshToken"</span><span class="p">:</span><span class="s2">"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1aWQiOiJlZTg2Y2MyYy04NjgxLTQ1OWEtYTk3Ny0zY2FmOTc1M2UxNGIiLCJleHAiOjE2MDk1Mjc3MjYsImp0aSI6IjE0NDBlNTg4LWI2NjgtNGVjNy05ZmJiLTU5OTM0ODhjMTE4NCIsImlhdCI6MTYwOTI2ODUyNn0.Hd6j4jzD5IKswvWqnJKG7XFLIBw-IRMLeCD4ojAZedA"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>We can then add the <code>idToken</code> to our "Authorization" header while making a GET request to "/me".</p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> ➜ curl <span class="nt">--location</span> <span class="nt">--request</span> GET <span class="s1">'http://malcorp.test/api/account/me'</span> <span class="se">\</span> <span class="nt">--header</span> <span class="s1">'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyIjp7InVpZCI6ImVlODZjYzJjLTg2ODEtNDU5YS1hOTc3LTNjYWY5NzUzZTE0YiIsImVtYWlsIjoiZ3V5MDFAZ3V5LmNvbSIsIm5hbWUiOiIiLCJpbWFnZVVybCI6IiIsIndlYnNpdGUiOiIifSwiZXhwIjoxNjA5MjY5NDI2LCJpYXQiOjE2MDkyNjg1MjZ9.RLC-RcH-YnSJfKqgbucUvvo2DV3sLcJwXSMlbvOqnEbPgjeWv_3ae61lZU909xUMq6Qrl-tpGLxgkrkk3FiXUuhu8J8bBdCYgSgBhPTkoVuALSuC9N-0mcVTLiQ2zZVwxpuDWHCxHtcjinCwt-XSq94CuSqfwDxjmc--Y0IiQMa5pRMa5Ol4qhs0ABkCI-cq0op8_HUOR7mctmiyR1xaKC8AmvLXbgYp7-g5DfKquYjdEDM640W4y99eBTvDRJwHqRTE5QBVYwzVylqFcy82yCriKPB0sgv60iACOjngkzTqatPzYI6C_QUtKOoaNY1NiIpRI99jiFrrW7z1IIt9NA'</span> </code></pre> </div> <p>And we receive the user as a response.</p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"user"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"uid"</span><span class="p">:</span><span class="s2">"ee86cc2c-8681-459a-a977-3caf9753e14b"</span><span class="p">,</span><span class="w"> </span><span class="nl">"email"</span><span class="p">:</span><span class="s2">"guy01@guy.com"</span><span class="p">,</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="s2">""</span><span class="p">,</span><span class="w"> </span><span class="nl">"imageUrl"</span><span class="p">:</span><span class="s2">""</span><span class="p">,</span><span class="w"> </span><span class="nl">"website"</span><span class="p">:</span><span class="s2">""</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>I recommend you try to send the request with a missing auth header, which should return an HTTP 401 error with a response such as:</p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="w"> </span><span class="p">{</span><span class="w"><br> </span><span class="nl">"error"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"><br> </span><span class="nl">"type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"AUTHORIZATION"</span><span class="p">,</span><span class="w"><br> </span><span class="nl">"message"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Must provide Authorization header with format <code>Bearer {token}</code>"</span><span class="w"><br> </span><span class="p">}</span><span class="w"><br> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <h2> <br> <br> <br> Conclusion<br> </h2> <p>That's all for today. Once again I'll remind you of the unit tests available in the Github repository! </p> <p>Next time, we'll get working on a "tokens" handler which will be used by a client to get renewed id and refresh tokens. This helps clients remain logged in to applications in our company or domain!</p> <p>Hasta pronto!</p> go gin authentication middleware Creating a Re-usable Vue 3 Store Plugin with Typescript Jacob Goodwin Tue, 29 Dec 2020 16:47:30 +0000 https://dev.to/jacobsngoodwin/creating-a-re-usable-vue-3-store-plugin-with-typescript-4k5l https://dev.to/jacobsngoodwin/creating-a-re-usable-vue-3-store-plugin-with-typescript-4k5l <p>In a <a href="https://dev.to/jacobsngoodwin/vue-dfs-store-a-simple-store-wrapping-vue-s-built-in-reactivity-42pn">previous article</a>, I described how to use a library I created called <a href="https://dev.to/jacobsngoodwin/vue-dfs-store-a-simple-store-wrapping-vue-s-built-in-reactivity-42pn">vue-dfs-store</a> for creating and accessing re-usable global data stores in Vue 3 applications. </p> <p>To expound on the topic, I have created a video tutorial demo on how to create a store to maintain a list of favorite restaurants. The demo will work with an asynchronous API to fetch, create, update, and delete a list of favorite restaurants which will be maintained in (vue-dfs) store. You'll learn how to make your state read-only and how to update the state via "trackable" mutations. </p> <p><iframe width="710" height="399" src="https://www.youtube.com/embed/-VE32khlTgQ"> </iframe> </p> <p>A few tutorials already touch on the topic of providing a reactive object and functions to update this state down the application tree. However, the ones I have seen don't use Typescript, which is one of the benefits of Vue 3 and the composition API. They also don't show how you might create your own "API" for accessing and modifying the state. </p> <p>What's more? I'll be showing you how to create Vue plugins and an example of a <a href="https://github.com/vitejs/vite">Vite</a> development environment with Typescript and TailwindCSS setup!</p> <p>I hope these additions will be helpful to intermediate and advanced Vue developers who are interested in using the latest and greatest!</p> <h3> Two Good Introductions to Creating Stores with Vue's "Reactive" Objects </h3> <ul> <li><a href="https://dev.to/blacksonic/you-might-not-need-vuex-with-vue-3-52e4">You Might Not Need Vuex with Vue 3</a></li> <li><a href="https://www.youtube.com/watch?v=IatqphZuN64&amp;t=2s">Programming with Erik related video</a></li> </ul> <h2> Some Related Content </h2> <p>Here's some related, and maybe prerequisite, content that you might find useful while checking out my video!</p> <ul> <li><a href="https://v3.vuejs.org/guide/composition-api-introduction.html">Vue Composition API</a></li> <li><a href="https://v3.vuejs.org/guide/component-provide-inject.html#provide-inject">Vue Provide and Inject</a></li> <li><a href="https://v3.vuejs.org/guide/plugins.html#plugins">Vue Plugins</a></li> <li> <a href="https://gigobyte.github.io/purify">Purify-TS</a> - A functional programming library for Typescript</li> <li> <a href="https://github.com/vitejs/vite">Vite</a> - Native ES Module development tool</li> <li><a href="https://tailwindcss.com">TailwindCSS</a></li> </ul> vue3 typescript composition statemanagement 15 - Add Signin to Service and Repository Layers Jacob Goodwin Sun, 27 Dec 2020 23:30:10 +0000 https://dev.to/jacobsngoodwin/15-add-signin-to-service-and-repository-layers-5mg https://dev.to/jacobsngoodwin/15-add-signin-to-service-and-repository-layers-5mg <p>Last time, we created and tested a handler for signing in a user. This handler accepts and validates an email and password received in a JSON request body. Let's take a look at our progress diagram to see what we'll work on today! </p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fi5b88v7k854pqvyx9dl3.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fi5b88v7k854pqvyx9dl3.png" alt="15 - Signin Service and Repository Layers"></a></p> <p>We'll add functionality to sign-in a user in the service layer. To do this, we'll need to be able to find a user in our database by email, and then verify that the password entered by the user matches the encrypted stored password from the database. To make this possible, we'll add a <code>FindByEmail</code> method to our <code>UserRepository</code> interface, mock, and Postgres implementations. This method will retrieve the user attempting to sign-in, which includes their hashed password. We'll also review and use the function we previously created to compare the user's supplied password with the password stored in the database. </p> <p>At the end of the tutorial, we'll spin up the application, create a new user with a known password, and then attempt to sign in as that user. </p> <p>As always, checkout the <a href="https://github.com/JacobSNGoodwin/memrizr" rel="noopener noreferrer">repo on Github</a> with all of the code for this tutorial including complete tests a branch for each lesson!</p> <p>If you prefer video, check out the video version below!<br> <iframe width="710" height="399" src="https://www.youtube.com/embed/Z3R0OGaF650"> </iframe> </p> <p><em>I will continue to create unit tests for handler- and service-layer methods. However, I will not include these in written or video tutorials unless I feel they provide some new information. I feel a lengthy portion of the tutorials has been dedicated to testing. I did this deliberately because sometimes setting up tests is more difficult than actual coding logic (seriously), and only a few tutorials write more than rudimentary tests.</em> </p> <h2> Add FindByEmail to UserRepository Interface </h2> <p>In <code>~/model/interfaces.go</code>, let's add an expectation that a <code>UserRepository</code> can find a user by email address.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="c">// UserRepository defines methods the service layer expects</span> <span class="c">// any repository it interacts with to implement</span> <span class="k">type</span> <span class="n">UserRepository</span> <span class="k">interface</span> <span class="p">{</span> <span class="n">Create</span><span class="p">(</span><span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">,</span> <span class="n">u</span> <span class="o">*</span><span class="n">User</span><span class="p">)</span> <span class="kt">error</span> <span class="n">FindByEmail</span><span class="p">(</span><span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">,</span> <span class="n">email</span> <span class="kt">string</span><span class="p">)</span> <span class="p">(</span><span class="o">*</span><span class="n">User</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="n">FindByID</span><span class="p">(</span><span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">,</span> <span class="n">uid</span> <span class="n">uuid</span><span class="o">.</span><span class="n">UUID</span><span class="p">)</span> <span class="p">(</span><span class="o">*</span><span class="n">User</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">}</span> </code></pre> </div> <p>You should now have errors because or <code>pGUserRepository</code> and <code>mockUserRepository</code> do not implement this newly added method. Let's add these implementations!</p> <h2> Add FindByEmail to mockUserRepository </h2> <p>Though I mentioned that I won't go over unit tests unless necessary, I'll still add the mock implementations so you don't have any errors.</p> <p>Add the following to <code>~/model/mocks/user_repository.go</code>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="c">// FindByEmail is mock of UserRepository.FindByEmail</span> <span class="k">func</span> <span class="p">(</span><span class="n">m</span> <span class="o">*</span><span class="n">MockUserRepository</span><span class="p">)</span> <span class="n">FindByEmail</span><span class="p">(</span><span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">,</span> <span class="n">email</span> <span class="kt">string</span><span class="p">)</span> <span class="p">(</span><span class="o">*</span><span class="n">model</span><span class="o">.</span><span class="n">User</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span> <span class="n">ret</span> <span class="o">:=</span> <span class="n">m</span><span class="o">.</span><span class="n">Called</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="n">email</span><span class="p">)</span> <span class="k">var</span> <span class="n">r0</span> <span class="o">*</span><span class="n">model</span><span class="o">.</span><span class="n">User</span> <span class="k">if</span> <span class="n">ret</span><span class="o">.</span><span class="n">Get</span><span class="p">(</span><span class="m">0</span><span class="p">)</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">r0</span> <span class="o">=</span> <span class="n">ret</span><span class="o">.</span><span class="n">Get</span><span class="p">(</span><span class="m">0</span><span class="p">)</span><span class="o">.</span><span class="p">(</span><span class="o">*</span><span class="n">model</span><span class="o">.</span><span class="n">User</span><span class="p">)</span> <span class="p">}</span> <span class="k">var</span> <span class="n">r1</span> <span class="kt">error</span> <span class="k">if</span> <span class="n">ret</span><span class="o">.</span><span class="n">Get</span><span class="p">(</span><span class="m">1</span><span class="p">)</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">r1</span> <span class="o">=</span> <span class="n">ret</span><span class="o">.</span><span class="n">Get</span><span class="p">(</span><span class="m">1</span><span class="p">)</span><span class="o">.</span><span class="p">(</span><span class="kt">error</span><span class="p">)</span> <span class="p">}</span> <span class="k">return</span> <span class="n">r0</span><span class="p">,</span> <span class="n">r1</span> <span class="p">}</span> </code></pre> </div> <h2> Add FindByEmail to pGUserRepository </h2> <p>Let's now add the implementation to our the Postgres User Repository implementation, found in <code>~/repository/pg_user_repository.go</code>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="c">// FindByEmail retrieves user row by email address</span> <span class="k">func</span> <span class="p">(</span><span class="n">r</span> <span class="o">*</span><span class="n">pGUserRepository</span><span class="p">)</span> <span class="n">FindByEmail</span><span class="p">(</span><span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">,</span> <span class="n">email</span> <span class="kt">string</span><span class="p">)</span> <span class="p">(</span><span class="o">*</span><span class="n">model</span><span class="o">.</span><span class="n">User</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span> <span class="n">user</span> <span class="o">:=</span> <span class="o">&amp;</span><span class="n">model</span><span class="o">.</span><span class="n">User</span><span class="p">{}</span> <span class="n">query</span> <span class="o">:=</span> <span class="s">"SELECT * FROM users WHERE email=$1"</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">r</span><span class="o">.</span><span class="n">DB</span><span class="o">.</span><span class="n">GetContext</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="n">user</span><span class="p">,</span> <span class="n">query</span><span class="p">,</span> <span class="n">email</span><span class="p">);</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">log</span><span class="o">.</span><span class="n">Printf</span><span class="p">(</span><span class="s">"Unable to get user with email address: %v. Err: %v</span><span class="se">\n</span><span class="s">"</span><span class="p">,</span> <span class="n">email</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span> <span class="k">return</span> <span class="n">user</span><span class="p">,</span> <span class="n">apperrors</span><span class="o">.</span><span class="n">NewNotFound</span><span class="p">(</span><span class="s">"email"</span><span class="p">,</span> <span class="n">email</span><span class="p">)</span> <span class="p">}</span> <span class="k">return</span> <span class="n">user</span><span class="p">,</span> <span class="no">nil</span> <span class="p">}</span> </code></pre> </div> <p>In this code block, we simply create a select query to get a user with the given email, and return a <code>NotFound</code> error if the user cannot be found (and for all possible errors, which is maybe a bit lazy). If the user is found, it will be populated on the <code>*model.User</code> and returned.</p> <h2> User Service Signin Implementation </h2> <p>We can now reach out to <code>FindByEmail</code> within the <code>UserService</code>. Let's add this in <code>~/service/user_service.go</code>!<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="c">// Signin reaches our to a UserRepository check if the user exists</span> <span class="c">// and then compares the supplied password with the provided password.</span> <span class="c">// If a valid email/password combo is provided, u will hold all</span> <span class="c">// available user fields</span> <span class="k">func</span> <span class="p">(</span><span class="n">s</span> <span class="o">*</span><span class="n">userService</span><span class="p">)</span> <span class="n">Signin</span><span class="p">(</span><span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">,</span> <span class="n">u</span> <span class="o">*</span><span class="n">model</span><span class="o">.</span><span class="n">User</span><span class="p">)</span> <span class="kt">error</span> <span class="p">{</span> <span class="n">uFetched</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">s</span><span class="o">.</span><span class="n">UserRepository</span><span class="o">.</span><span class="n">FindByEmail</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="n">u</span><span class="o">.</span><span class="n">Email</span><span class="p">)</span> <span class="c">// Will return NotAuthorized to client to omit details of why</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="n">apperrors</span><span class="o">.</span><span class="n">NewAuthorization</span><span class="p">(</span><span class="s">"Invalid email and password combination"</span><span class="p">)</span> <span class="p">}</span> <span class="c">// verify password - we previously created this method</span> <span class="n">match</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">comparePasswords</span><span class="p">(</span><span class="n">uFetched</span><span class="o">.</span><span class="n">Password</span><span class="p">,</span> <span class="n">u</span><span class="o">.</span><span class="n">Password</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="n">apperrors</span><span class="o">.</span><span class="n">NewInternal</span><span class="p">()</span> <span class="p">}</span> <span class="k">if</span> <span class="o">!</span><span class="n">match</span> <span class="p">{</span> <span class="k">return</span> <span class="n">apperrors</span><span class="o">.</span><span class="n">NewAuthorization</span><span class="p">(</span><span class="s">"Invalid email and password combination"</span><span class="p">)</span> <span class="p">}</span> <span class="n">u</span> <span class="o">=</span> <span class="n">uFetched</span> <span class="k">return</span> <span class="no">nil</span> <span class="p">}</span> </code></pre> </div> <p>After storing the user in <code>uFetch</code>, we make a call to <code>comparePasswords</code> which compares the supplied password (from the HTTP request) and the retrieved password (from the database). We previously created this function in <code>~/service/passwords.go</code>. This function extracts the password salt, <code>pwsalt[1]</code>, and then hashes the <em>supplied</em> password with this salt. If this matches the hashed password from the database, <code>pwsalt[0]</code>, we know the user entered a valid password! We return whether or not the password is a match as a boolean. We can also return an error if decoding the stored password fails.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">func</span> <span class="n">comparePasswords</span><span class="p">(</span><span class="n">storedPassword</span> <span class="kt">string</span><span class="p">,</span> <span class="n">suppliedPassword</span> <span class="kt">string</span><span class="p">)</span> <span class="p">(</span><span class="kt">bool</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span> <span class="n">pwsalt</span> <span class="o">:=</span> <span class="n">strings</span><span class="o">.</span><span class="n">Split</span><span class="p">(</span><span class="n">storedPassword</span><span class="p">,</span> <span class="s">"."</span><span class="p">)</span> <span class="c">// check supplied password salted with hash</span> <span class="n">salt</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">hex</span><span class="o">.</span><span class="n">DecodeString</span><span class="p">(</span><span class="n">pwsalt</span><span class="p">[</span><span class="m">1</span><span class="p">])</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="no">false</span><span class="p">,</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Errorf</span><span class="p">(</span><span class="s">"Unable to verify user password"</span><span class="p">)</span> <span class="p">}</span> <span class="n">shash</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">scrypt</span><span class="o">.</span><span class="n">Key</span><span class="p">([]</span><span class="kt">byte</span><span class="p">(</span><span class="n">suppliedPassword</span><span class="p">),</span> <span class="n">salt</span><span class="p">,</span> <span class="m">32768</span><span class="p">,</span> <span class="m">8</span><span class="p">,</span> <span class="m">1</span><span class="p">,</span> <span class="m">32</span><span class="p">)</span> <span class="k">return</span> <span class="n">hex</span><span class="o">.</span><span class="n">EncodeToString</span><span class="p">(</span><span class="n">shash</span><span class="p">)</span> <span class="o">==</span> <span class="n">pwsalt</span><span class="p">[</span><span class="m">0</span><span class="p">],</span> <span class="no">nil</span> <span class="p">}</span> </code></pre> </div> <h2> Run Application </h2> <p>From the root of the project, you should now be able to run <code>docker-compose up</code>! Let's create a new user by posting a request to our <code>signup</code> endpoint (I've deleted all previous users from Postgres prior to this tutorial). I'll use <em>curl</em> here to keep things simple, and Postman in the video if you prefer to check that out!<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>➜ curl <span class="nt">--location</span> <span class="nt">--request</span> POST <span class="s1">'http://malcorp.test/api/account/signup'</span> <span class="se">\</span> <span class="nt">--header</span> <span class="s1">'Content-Type: application/json'</span> <span class="se">\</span> <span class="nt">--data-raw</span> <span class="s1">'{ "email": "guy01@guy.com", "password": "avalidpassword123" }'</span> </code></pre> </div> <p>We get a status 201, created, response with the following body.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>HTTP/1.1 201 Created Content-Length: 871 Content-Type: application/json<span class="p">;</span> <span class="nv">charset</span><span class="o">=</span>utf-8 Date: Wed, 23 Dec 2020 01:39:09 GMT <span class="o">{</span><span class="s2">"tokens"</span>:<span class="o">{</span><span class="s2">"idToken"</span>:<span class="s2">"eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyIjp7InVpZCI6ImVlODZjYzJjLTg2ODEtNDU5YS1hOTc3LTNjYWY5NzUzZTE0YiIsImVtYWlsIjoiZ3V5MDFAZ3V5LmNvbSIsIm5hbWUiOiIiLCJpbWFnZVVybCI6IiIsIndlYnNpdGUiOiIifSwiZXhwIjoxNjA4Njg4NDQ5LCJpYXQiOjE2MDg2ODc1NDl9.haU3a-15xfoUYrpllkkuUphKFDqNfZKckmPZP6LRN7BGhe15DAONdirhLnH1n5QHFaqQ31eOs1nAleqln5MTzeG_YYdw4VhbQ53wve_b156SeMEvfm664js8fSQYsfTG_PBzkmkRaL62jcSaNmSWkKhzzT5bBeYlBd4lUBqGV1nw12Jj9WgF6oWoDHN786bSMQz25TWmkVyE1-082DHUdAjqnnVy7J_G-CU1Ozdv_6KUurUeVfqBj0D4irghcMnfnk75vBzFhyOShl2-RkXprRKvqjNo0u28Fd5BZ6ZKLAv6k_iUxK8rb-F3atozlFhdWaNL77w18XI4ZkZ2YieLPw"</span>,<span class="s2">"refreshToken"</span>:<span class="s2">"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1aWQiOiJlZTg2Y2MyYy04NjgxLTQ1OWEtYTk3Ny0zY2FmOTc1M2UxNGIiLCJleHAiOjE2MDg5NDY3NDksImp0aSI6IjIzODhkY2Y5LWVlODQtNGUzMy04ZGJlLTZmNTlkOGQ2NzFmNCIsImlhdCI6MTYwODY4NzU0OX0.Rsr2zFf62WYm2ExZXo5zVlq0Ot_jqnoUtL8xapjc75U"</span><span class="o">}}</span>% </code></pre> </div> <p>If we then send a request to the <code>signin</code> endpoint with the same email and password, we should hopefully get a token pair and a response of status 200 (ok).<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>➜ curl <span class="nt">-i</span> <span class="nt">--location</span> <span class="nt">--request</span> POST <span class="s1">'http://malcorp.test/api/account/signin'</span> <span class="se">\</span> <span class="nt">--header</span> <span class="s1">'Content-Type: application/json'</span> <span class="se">\</span> <span class="nt">--data-raw</span> <span class="s1">'{ "email": "guy01@guy.com", "password": "avalidpassword123" }'</span> HTTP/1.1 200 OK Content-Length: 871 Content-Type: application/json<span class="p">;</span> <span class="nv">charset</span><span class="o">=</span>utf-8 Date: Wed, 23 Dec 2020 01:39:51 GMT <span class="o">{</span><span class="s2">"tokens"</span>:<span class="o">{</span><span class="s2">"idToken"</span>:<span class="s2">"eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyIjp7InVpZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCIsImVtYWlsIjoiZ3V5MDFAZ3V5LmNvbSIsIm5hbWUiOiIiLCJpbWFnZVVybCI6IiIsIndlYnNpdGUiOiIifSwiZXhwIjoxNjA4Njg4NDkxLCJpYXQiOjE2MDg2ODc1OTF9.YuGGc6m1ZaL7BMSGTwdS7hBt8QFIcxRn1MJ-PqjnOm9vtVUPrVsYbg0n_TcwypcqtAcuhsI3buIipFj9GJU657q3INZWcVzNzlWEzeaPPUKuoJtL2EUP6veGElKd8bAQWsg5eX1T48ff8x4CxW-s7PJ0ZLWMi2Al2TU4xbzz4wxGs6PfgD3T4UYuwnCvnC3GGRdL0htLmqc9EiGqs4M6fzu8HhrusKSRvDdbbKNBO6eELtOzRM8_YKcbBBKMGsS9gKxGnDY227_zqYsc1T1fpy7NYmz7SSxZjd4c6XEqcmItqG28L9tvELZk1HlMQvOI7_yTxW13ntCaLLKdkKnZ0A"</span>,<span class="s2">"refreshToken"</span>:<span class="s2">"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1aWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAiLCJleHAiOjE2MDg5NDY3OTEsImp0aSI6IjQ3MTFjMDE0LTVmMDgtNDZhNC04Njk3LWQwNGVjMDMwMTEyMCIsImlhdCI6MTYwODY4NzU5MX0.aG7Y01RldyOxxkmaFIT04iYhvb1joSkBw0bboIDSpmE"</span><span class="o">}}</span>% </code></pre> </div> <h2> Conclusion </h2> <p>We now have the ability to sign up <strong>and</strong> sign in users. This was quite an effort, especially since we added unit tests and spent a great deal of time on architecture.</p> <p>Next time, we'll create our second middleware, which will be used to extract the user from our <code>idToken</code>. You might recall that at the very beginning of the tutorial, we created a <code>me</code> handler and API endpoint, but didn't use this in our application. I did this deliberately to show that we could test the handler in isolation od middleware and service layers.</p> <p>Next time, we'll create this middleware. This can be used to verify the user, and authorize them to do things like retrieve and update their user profile details. </p> <p>Until next time, ¡chau!</p> go gin authentication postgres 14 - Add Signin Handler Jacob Goodwin Sun, 20 Dec 2020 21:47:02 +0000 https://dev.to/jacobsngoodwin/14-add-signin-handler-32be https://dev.to/jacobsngoodwin/14-add-signin-handler-32be <p>Today's tutorial will be the first of 2 parts on implementing sign in functionality. We'll follow many of the same patterns we used to sign up users, implementing some new methods in the process!</p> <p>As seen in the diagram, we'll start with the <code>handler</code> layer signin in method, and next time flush out the details of all the other layers, some of which functionality we've already implemented!</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--CMKqFctH--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/dc0f9oy6a9qway40hoxm.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--CMKqFctH--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/dc0f9oy6a9qway40hoxm.png" alt="Account Overview - Signin"></a></p> <p>As always, checkout the <a href="https://github.com/JacobSNGoodwin/memrizr">repo on Github</a> with all of the code for this tutorial, including a branch for each lesson!</p> <p>If you prefer video, check out the video version below!<br> <iframe width="710" height="399" src="https://www.youtube.com/embed/Rkx_SBVzxwM"> </iframe> </p> <h2> Add Signin to UserService Interface </h2> <p>When a user signs in, we want to accept a user's email and password, just like we would when a user signs up. While the implementation details of signing in and signing up differ, the method signatures are the same. Let's add <code>Signin</code> to the <code>UserService</code> interface in <code>~/model/interfaces.go</code>. As with <code>Signin</code>, we'll pass a partially filled <code>*model.User</code>, and return an error if signing in fails. If signing in is successful, then the user passed to the method will be modified to contain all user details.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="c">// UserService defines methods the handler layer expects</span> <span class="c">// any service it interacts with to implement</span> <span class="k">type</span> <span class="n">UserService</span> <span class="k">interface</span> <span class="p">{</span> <span class="n">Get</span><span class="p">(</span><span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">,</span> <span class="n">uid</span> <span class="n">uuid</span><span class="o">.</span><span class="n">UUID</span><span class="p">)</span> <span class="p">(</span><span class="o">*</span><span class="n">User</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="n">Signup</span><span class="p">(</span><span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">,</span> <span class="n">u</span> <span class="o">*</span><span class="n">User</span><span class="p">)</span> <span class="kt">error</span> <span class="n">Signin</span><span class="p">(</span><span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">,</span> <span class="n">u</span> <span class="o">*</span><span class="n">User</span><span class="p">)</span> <span class="kt">error</span> <span class="p">}</span> </code></pre> </div> <p>This update will break our <code>mockUserService</code> and service-layer <code>UserService</code> as they do not implement this method. Let's add an incomplete implementation of <code>Signup</code> in <code>~/service/user_service.go</code>, which we'll complete in the next tutorial.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="c">// Signin reaches our to a UserRepository check if the user exists</span> <span class="c">// and then compares the supplied password with the provided password</span> <span class="c">// if a valid email/password combo is provided, u will hold all</span> <span class="c">// available user fields</span> <span class="k">func</span> <span class="p">(</span><span class="n">s</span> <span class="o">*</span><span class="n">userService</span><span class="p">)</span> <span class="n">Signin</span><span class="p">(</span><span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">,</span> <span class="n">u</span> <span class="o">*</span><span class="n">model</span><span class="o">.</span><span class="n">User</span><span class="p">)</span> <span class="kt">error</span> <span class="p">{</span> <span class="nb">panic</span><span class="p">(</span><span class="s">"Not implemented"</span><span class="p">)</span> <span class="p">}</span> </code></pre> </div> <h2> Add Mock Signin Method </h2> <p>Before adding our handler logic and unit test, let's update our <code>~/model/mocks/user_service.go</code> so that with a <code>Signin</code> method. See previous tutorials on testing and <a href="https://github.com/stretchr/testify">testify</a> to learn more!<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">func</span> <span class="p">(</span><span class="n">m</span> <span class="o">*</span><span class="n">MockUserService</span><span class="p">)</span> <span class="n">Signin</span><span class="p">(</span><span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">,</span> <span class="n">u</span> <span class="o">*</span><span class="n">model</span><span class="o">.</span><span class="n">User</span><span class="p">)</span> <span class="kt">error</span> <span class="p">{</span> <span class="n">ret</span> <span class="o">:=</span> <span class="n">m</span><span class="o">.</span><span class="n">Called</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="n">u</span><span class="p">)</span> <span class="k">var</span> <span class="n">r0</span> <span class="kt">error</span> <span class="k">if</span> <span class="n">ret</span><span class="o">.</span><span class="n">Get</span><span class="p">(</span><span class="m">0</span><span class="p">)</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">r0</span> <span class="o">=</span> <span class="n">ret</span><span class="o">.</span><span class="n">Get</span><span class="p">(</span><span class="m">0</span><span class="p">)</span><span class="o">.</span><span class="p">(</span><span class="kt">error</span><span class="p">)</span> <span class="p">}</span> <span class="k">return</span> <span class="n">r0</span> <span class="p">}</span> </code></pre> </div> <h2> Add Handler </h2> <p>Since we'll be adding a lot of code for this handler, let's copy the <code>Signin</code> handler from <code>~/handler/handler.go</code> into its own file, <code>~/handler/signin.go</code>. We'll also update the contents of this method as follows.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">package</span> <span class="n">handler</span> <span class="c">// IMPORTS OMITTED</span> <span class="c">// signinReq is not exported</span> <span class="k">type</span> <span class="n">signinReq</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">Email</span> <span class="kt">string</span> <span class="s">`json:"email" binding:"required,email"`</span> <span class="n">Password</span> <span class="kt">string</span> <span class="s">`json:"password" binding:"required,gte=6,lte=30"`</span> <span class="p">}</span> <span class="c">// Signin used to authenticate extant user</span> <span class="k">func</span> <span class="p">(</span><span class="n">h</span> <span class="o">*</span><span class="n">Handler</span><span class="p">)</span> <span class="n">Signin</span><span class="p">(</span><span class="n">c</span> <span class="o">*</span><span class="n">gin</span><span class="o">.</span><span class="n">Context</span><span class="p">)</span> <span class="p">{</span> <span class="k">var</span> <span class="n">req</span> <span class="n">signinReq</span> <span class="k">if</span> <span class="n">ok</span> <span class="o">:=</span> <span class="n">bindData</span><span class="p">(</span><span class="n">c</span><span class="p">,</span> <span class="o">&amp;</span><span class="n">req</span><span class="p">);</span> <span class="o">!</span><span class="n">ok</span> <span class="p">{</span> <span class="k">return</span> <span class="p">}</span> <span class="n">u</span> <span class="o">:=</span> <span class="o">&amp;</span><span class="n">model</span><span class="o">.</span><span class="n">User</span><span class="p">{</span> <span class="n">Email</span><span class="o">:</span> <span class="n">req</span><span class="o">.</span><span class="n">Email</span><span class="p">,</span> <span class="n">Password</span><span class="o">:</span> <span class="n">req</span><span class="o">.</span><span class="n">Password</span><span class="p">,</span> <span class="p">}</span> <span class="n">ctx</span> <span class="o">:=</span> <span class="n">c</span><span class="o">.</span><span class="n">Request</span><span class="o">.</span><span class="n">Context</span><span class="p">()</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">h</span><span class="o">.</span><span class="n">UserService</span><span class="o">.</span><span class="n">Signin</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="n">u</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">log</span><span class="o">.</span><span class="n">Printf</span><span class="p">(</span><span class="s">"Failed to sign in user: %v</span><span class="se">\n</span><span class="s">"</span><span class="p">,</span> <span class="n">err</span><span class="o">.</span><span class="n">Error</span><span class="p">())</span> <span class="n">c</span><span class="o">.</span><span class="n">JSON</span><span class="p">(</span><span class="n">apperrors</span><span class="o">.</span><span class="n">Status</span><span class="p">(</span><span class="n">err</span><span class="p">),</span> <span class="n">gin</span><span class="o">.</span><span class="n">H</span><span class="p">{</span> <span class="s">"error"</span><span class="o">:</span> <span class="n">err</span><span class="p">,</span> <span class="p">})</span> <span class="k">return</span> <span class="p">}</span> <span class="n">tokens</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">h</span><span class="o">.</span><span class="n">TokenService</span><span class="o">.</span><span class="n">NewPairFromUser</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="n">u</span><span class="p">,</span> <span class="s">""</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">log</span><span class="o">.</span><span class="n">Printf</span><span class="p">(</span><span class="s">"Failed to create tokens for user: %v</span><span class="se">\n</span><span class="s">"</span><span class="p">,</span> <span class="n">err</span><span class="o">.</span><span class="n">Error</span><span class="p">())</span> <span class="n">c</span><span class="o">.</span><span class="n">JSON</span><span class="p">(</span><span class="n">apperrors</span><span class="o">.</span><span class="n">Status</span><span class="p">(</span><span class="n">err</span><span class="p">),</span> <span class="n">gin</span><span class="o">.</span><span class="n">H</span><span class="p">{</span> <span class="s">"error"</span><span class="o">:</span> <span class="n">err</span><span class="p">,</span> <span class="p">})</span> <span class="k">return</span> <span class="p">}</span> <span class="n">c</span><span class="o">.</span><span class="n">JSON</span><span class="p">(</span><span class="n">http</span><span class="o">.</span><span class="n">StatusOK</span><span class="p">,</span> <span class="n">gin</span><span class="o">.</span><span class="n">H</span><span class="p">{</span> <span class="s">"tokens"</span><span class="o">:</span> <span class="n">tokens</span><span class="p">,</span> <span class="p">})</span> <span class="p">}</span> </code></pre> </div> <p>We do the following in this handler method.</p> <ol> <li>Bind data to <code>signinReq</code> using the helper <code>bind_data</code> function we previously created. This function sends a "bad request" HTTP status 400 error if the data cannot be bound or fails validation. In reality, it would be wise to create a separate test for <code>bind_data</code> (turns out this tutorial is flawed 😂).</li> <li>If we do have valid data, we create a partially filled <code>*model.User</code> from the request's email and password fields.</li> <li>Extract the request context from the gin context using <code>c.Request.Context()</code>.</li> <li>Reach out to the <code>UserService.Signin</code> method and handle any errors. If there is any error, we use our <code>apperrors.Status()</code> function to determine is the error is among those defined in our custom <code>apperrors</code>.</li> <li>If the user signs in successfully, we'll send a new token pair, just as we do when signing up. We also make sure to handle any errors.</li> </ol> <h2> Testing Signin </h2> <p>Let's create a new file for this test, <code>~/handler/signin_test.go</code>. In this file we'll test the following.</p> <ol> <li>Invalid request data - Although we won't test all validation error combinations, we will test one case to make sure that we receive the proper error JSON response for a bad request.</li> <li>Error returned by UserService.Signin</li> <li>Successful call to <code>TokenService.NewPairFromUser</code> (which means a successful handler result).</li> <li>Error from <code>TokenService.NewPairFromUser</code>. Again, we just want to make sure the handler sends the proper HTTP response in this case.</li> </ol> <h3> Test Body and Setup </h3> <p>We'll instantiate our mock services, gin engine/router, and handler in the setup portion of our test (before the <code>t.Run</code> blocks). </p> <p>However, I decided that it will be clearer to define our mock method responses, i.e. <code>mock.On(...)</code>, inside of the individual <code>t.Run</code> blocks instead of in the setup. I did this because I ended up creating so many mock method call definitions and variables in the setup that it was hard to understand what variables corresponded to which test cases.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">package</span> <span class="n">handler</span> <span class="c">// IMPORTS OMITTED</span> <span class="k">func</span> <span class="n">TestSignin</span><span class="p">(</span><span class="n">t</span> <span class="o">*</span><span class="n">testing</span><span class="o">.</span><span class="n">T</span><span class="p">)</span> <span class="p">{</span> <span class="c">// Setup</span> <span class="n">gin</span><span class="o">.</span><span class="n">SetMode</span><span class="p">(</span><span class="n">gin</span><span class="o">.</span><span class="n">TestMode</span><span class="p">)</span> <span class="c">// setup mock services, gin engine/router, handler layer</span> <span class="n">mockUserService</span> <span class="o">:=</span> <span class="nb">new</span><span class="p">(</span><span class="n">mocks</span><span class="o">.</span><span class="n">MockUserService</span><span class="p">)</span> <span class="n">mockTokenService</span> <span class="o">:=</span> <span class="nb">new</span><span class="p">(</span><span class="n">mocks</span><span class="o">.</span><span class="n">MockTokenService</span><span class="p">)</span> <span class="n">router</span> <span class="o">:=</span> <span class="n">gin</span><span class="o">.</span><span class="n">Default</span><span class="p">()</span> <span class="n">NewHandler</span><span class="p">(</span><span class="o">&amp;</span><span class="n">Config</span><span class="p">{</span> <span class="n">R</span><span class="o">:</span> <span class="n">router</span><span class="p">,</span> <span class="n">UserService</span><span class="o">:</span> <span class="n">mockUserService</span><span class="p">,</span> <span class="n">TokenService</span><span class="o">:</span> <span class="n">mockTokenService</span><span class="p">,</span> <span class="p">})</span> <span class="c">// Tests will be added here below</span> <span class="c">// ...</span> <span class="p">}</span> </code></pre> </div> <h3> Bad Request Data Case </h3> <p>In this case we create a JSON request body with an invalid email address and send this to our handler which we instantiated in the setup portion of the test. We assert that an HTTP Status of 400, <code>http.StatusBadRequest</code>, is sent and that the <code>mockUserService.Signin</code> and <code>mockTokenService.NewPairFromUser</code> methods don't get called as the handler should return before reaching these methods.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code> <span class="n">t</span><span class="o">.</span><span class="n">Run</span><span class="p">(</span><span class="s">"Bad request data"</span><span class="p">,</span> <span class="k">func</span><span class="p">(</span><span class="n">t</span> <span class="o">*</span><span class="n">testing</span><span class="o">.</span><span class="n">T</span><span class="p">)</span> <span class="p">{</span> <span class="c">// a response recorder for getting written http response</span> <span class="n">rr</span> <span class="o">:=</span> <span class="n">httptest</span><span class="o">.</span><span class="n">NewRecorder</span><span class="p">()</span> <span class="c">// create a request body with invalid fields</span> <span class="n">reqBody</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">json</span><span class="o">.</span><span class="n">Marshal</span><span class="p">(</span><span class="n">gin</span><span class="o">.</span><span class="n">H</span><span class="p">{</span> <span class="s">"email"</span><span class="o">:</span> <span class="s">"notanemail"</span><span class="p">,</span> <span class="s">"password"</span><span class="o">:</span> <span class="s">"short"</span><span class="p">,</span> <span class="p">})</span> <span class="n">assert</span><span class="o">.</span><span class="n">NoError</span><span class="p">(</span><span class="n">t</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span> <span class="n">request</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">http</span><span class="o">.</span><span class="n">NewRequest</span><span class="p">(</span><span class="n">http</span><span class="o">.</span><span class="n">MethodPost</span><span class="p">,</span> <span class="s">"/signin"</span><span class="p">,</span> <span class="n">bytes</span><span class="o">.</span><span class="n">NewBuffer</span><span class="p">(</span><span class="n">reqBody</span><span class="p">))</span> <span class="n">assert</span><span class="o">.</span><span class="n">NoError</span><span class="p">(</span><span class="n">t</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span> <span class="n">request</span><span class="o">.</span><span class="n">Header</span><span class="o">.</span><span class="n">Set</span><span class="p">(</span><span class="s">"Content-Type"</span><span class="p">,</span> <span class="s">"application/json"</span><span class="p">)</span> <span class="n">router</span><span class="o">.</span><span class="n">ServeHTTP</span><span class="p">(</span><span class="n">rr</span><span class="p">,</span> <span class="n">request</span><span class="p">)</span> <span class="n">assert</span><span class="o">.</span><span class="n">Equal</span><span class="p">(</span><span class="n">t</span><span class="p">,</span> <span class="n">http</span><span class="o">.</span><span class="n">StatusBadRequest</span><span class="p">,</span> <span class="n">rr</span><span class="o">.</span><span class="n">Code</span><span class="p">)</span> <span class="n">mockUserService</span><span class="o">.</span><span class="n">AssertNotCalled</span><span class="p">(</span><span class="n">t</span><span class="p">,</span> <span class="s">"Signin"</span><span class="p">)</span> <span class="n">mockTokenService</span><span class="o">.</span><span class="n">AssertNotCalled</span><span class="p">(</span><span class="n">t</span><span class="p">,</span> <span class="s">"NewTokensFromUser"</span><span class="p">)</span> <span class="p">})</span> </code></pre> </div> <h3> Error from UserService.Signin Case </h3> <p>In this case, we define a mock response for <code>Signin</code> which returns an error. We create an example of such an error and store it in <code>mockError</code>. We then assert that this error is relayed and sent as JSON to the user with HTTP status 401, <code>http.StatusUnauthorized</code>, and the assert that <code>mockUserService.Signin</code> method is called, but that <code>mockTokenService.NewPairFromUser</code> is not called.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code> <span class="n">t</span><span class="o">.</span><span class="n">Run</span><span class="p">(</span><span class="s">"Error Returned from UserService.Signin"</span><span class="p">,</span> <span class="k">func</span><span class="p">(</span><span class="n">t</span> <span class="o">*</span><span class="n">testing</span><span class="o">.</span><span class="n">T</span><span class="p">)</span> <span class="p">{</span> <span class="n">email</span> <span class="o">:=</span> <span class="s">"bob@bob.com"</span> <span class="n">password</span> <span class="o">:=</span> <span class="s">"pwdoesnotmatch123"</span> <span class="n">mockUSArgs</span> <span class="o">:=</span> <span class="n">mock</span><span class="o">.</span><span class="n">Arguments</span><span class="p">{</span> <span class="n">mock</span><span class="o">.</span><span class="n">AnythingOfType</span><span class="p">(</span><span class="s">"*context.emptyCtx"</span><span class="p">),</span> <span class="o">&amp;</span><span class="n">model</span><span class="o">.</span><span class="n">User</span><span class="p">{</span><span class="n">Email</span><span class="o">:</span> <span class="n">email</span><span class="p">,</span> <span class="n">Password</span><span class="o">:</span> <span class="n">password</span><span class="p">},</span> <span class="p">}</span> <span class="c">// so we can check for a known status code</span> <span class="n">mockError</span> <span class="o">:=</span> <span class="n">apperrors</span><span class="o">.</span><span class="n">NewAuthorization</span><span class="p">(</span><span class="s">"invalid email/password combo"</span><span class="p">)</span> <span class="n">mockUserService</span><span class="o">.</span><span class="n">On</span><span class="p">(</span><span class="s">"Signin"</span><span class="p">,</span> <span class="n">mockUSArgs</span><span class="o">...</span><span class="p">)</span><span class="o">.</span><span class="n">Return</span><span class="p">(</span><span class="n">mockError</span><span class="p">)</span> <span class="c">// a response recorder for getting written http response</span> <span class="n">rr</span> <span class="o">:=</span> <span class="n">httptest</span><span class="o">.</span><span class="n">NewRecorder</span><span class="p">()</span> <span class="c">// create a request body with valid fields</span> <span class="n">reqBody</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">json</span><span class="o">.</span><span class="n">Marshal</span><span class="p">(</span><span class="n">gin</span><span class="o">.</span><span class="n">H</span><span class="p">{</span> <span class="s">"email"</span><span class="o">:</span> <span class="n">email</span><span class="p">,</span> <span class="s">"password"</span><span class="o">:</span> <span class="n">password</span><span class="p">,</span> <span class="p">})</span> <span class="n">assert</span><span class="o">.</span><span class="n">NoError</span><span class="p">(</span><span class="n">t</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span> <span class="n">request</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">http</span><span class="o">.</span><span class="n">NewRequest</span><span class="p">(</span><span class="n">http</span><span class="o">.</span><span class="n">MethodPost</span><span class="p">,</span> <span class="s">"/signin"</span><span class="p">,</span> <span class="n">bytes</span><span class="o">.</span><span class="n">NewBuffer</span><span class="p">(</span><span class="n">reqBody</span><span class="p">))</span> <span class="n">assert</span><span class="o">.</span><span class="n">NoError</span><span class="p">(</span><span class="n">t</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span> <span class="n">request</span><span class="o">.</span><span class="n">Header</span><span class="o">.</span><span class="n">Set</span><span class="p">(</span><span class="s">"Content-Type"</span><span class="p">,</span> <span class="s">"application/json"</span><span class="p">)</span> <span class="n">router</span><span class="o">.</span><span class="n">ServeHTTP</span><span class="p">(</span><span class="n">rr</span><span class="p">,</span> <span class="n">request</span><span class="p">)</span> <span class="n">mockUserService</span><span class="o">.</span><span class="n">AssertCalled</span><span class="p">(</span><span class="n">t</span><span class="p">,</span> <span class="s">"Signin"</span><span class="p">,</span> <span class="n">mockUSArgs</span><span class="o">...</span><span class="p">)</span> <span class="n">mockTokenService</span><span class="o">.</span><span class="n">AssertNotCalled</span><span class="p">(</span><span class="n">t</span><span class="p">,</span> <span class="s">"NewTokensFromUser"</span><span class="p">)</span> <span class="n">assert</span><span class="o">.</span><span class="n">Equal</span><span class="p">(</span><span class="n">t</span><span class="p">,</span> <span class="n">http</span><span class="o">.</span><span class="n">StatusUnauthorized</span><span class="p">,</span> <span class="n">rr</span><span class="o">.</span><span class="n">Code</span><span class="p">)</span> <span class="p">})</span> </code></pre> </div> <h3> Success Case </h3> <p>In this case, we respond to <code>mockUserService.Signin</code> with no error (<code>nil</code>). We also mock a valid token response from <code>mockTokenService.NewPairFromUser</code>. We assert that both of the above methods are called and that a valid HTTP response with HTTP status 200, <code>http.StatusOK</code>, is returned.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code> <span class="n">t</span><span class="o">.</span><span class="n">Run</span><span class="p">(</span><span class="s">"Successful Token Creation"</span><span class="p">,</span> <span class="k">func</span><span class="p">(</span><span class="n">t</span> <span class="o">*</span><span class="n">testing</span><span class="o">.</span><span class="n">T</span><span class="p">)</span> <span class="p">{</span> <span class="n">email</span> <span class="o">:=</span> <span class="s">"bob@bob.com"</span> <span class="n">password</span> <span class="o">:=</span> <span class="s">"pwworksgreat123"</span> <span class="n">mockUSArgs</span> <span class="o">:=</span> <span class="n">mock</span><span class="o">.</span><span class="n">Arguments</span><span class="p">{</span> <span class="n">mock</span><span class="o">.</span><span class="n">AnythingOfType</span><span class="p">(</span><span class="s">"*context.emptyCtx"</span><span class="p">),</span> <span class="o">&amp;</span><span class="n">model</span><span class="o">.</span><span class="n">User</span><span class="p">{</span><span class="n">Email</span><span class="o">:</span> <span class="n">email</span><span class="p">,</span> <span class="n">Password</span><span class="o">:</span> <span class="n">password</span><span class="p">},</span> <span class="p">}</span> <span class="n">mockUserService</span><span class="o">.</span><span class="n">On</span><span class="p">(</span><span class="s">"Signin"</span><span class="p">,</span> <span class="n">mockUSArgs</span><span class="o">...</span><span class="p">)</span><span class="o">.</span><span class="n">Return</span><span class="p">(</span><span class="no">nil</span><span class="p">)</span> <span class="n">mockTSArgs</span> <span class="o">:=</span> <span class="n">mock</span><span class="o">.</span><span class="n">Arguments</span><span class="p">{</span> <span class="n">mock</span><span class="o">.</span><span class="n">AnythingOfType</span><span class="p">(</span><span class="s">"*context.emptyCtx"</span><span class="p">),</span> <span class="o">&amp;</span><span class="n">model</span><span class="o">.</span><span class="n">User</span><span class="p">{</span><span class="n">Email</span><span class="o">:</span> <span class="n">email</span><span class="p">,</span> <span class="n">Password</span><span class="o">:</span> <span class="n">password</span><span class="p">},</span> <span class="s">""</span><span class="p">,</span> <span class="p">}</span> <span class="n">mockTokenPair</span> <span class="o">:=</span> <span class="o">&amp;</span><span class="n">model</span><span class="o">.</span><span class="n">TokenPair</span><span class="p">{</span> <span class="n">IDToken</span><span class="o">:</span> <span class="s">"idToken"</span><span class="p">,</span> <span class="n">RefreshToken</span><span class="o">:</span> <span class="s">"refreshToken"</span><span class="p">,</span> <span class="p">}</span> <span class="n">mockTokenService</span><span class="o">.</span><span class="n">On</span><span class="p">(</span><span class="s">"NewPairFromUser"</span><span class="p">,</span> <span class="n">mockTSArgs</span><span class="o">...</span><span class="p">)</span><span class="o">.</span><span class="n">Return</span><span class="p">(</span><span class="n">mockTokenPair</span><span class="p">,</span> <span class="no">nil</span><span class="p">)</span> <span class="c">// a response recorder for getting written http response</span> <span class="n">rr</span> <span class="o">:=</span> <span class="n">httptest</span><span class="o">.</span><span class="n">NewRecorder</span><span class="p">()</span> <span class="c">// create a request body with valid fields</span> <span class="n">reqBody</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">json</span><span class="o">.</span><span class="n">Marshal</span><span class="p">(</span><span class="n">gin</span><span class="o">.</span><span class="n">H</span><span class="p">{</span> <span class="s">"email"</span><span class="o">:</span> <span class="n">email</span><span class="p">,</span> <span class="s">"password"</span><span class="o">:</span> <span class="n">password</span><span class="p">,</span> <span class="p">})</span> <span class="n">assert</span><span class="o">.</span><span class="n">NoError</span><span class="p">(</span><span class="n">t</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span> <span class="n">request</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">http</span><span class="o">.</span><span class="n">NewRequest</span><span class="p">(</span><span class="n">http</span><span class="o">.</span><span class="n">MethodPost</span><span class="p">,</span> <span class="s">"/signin"</span><span class="p">,</span> <span class="n">bytes</span><span class="o">.</span><span class="n">NewBuffer</span><span class="p">(</span><span class="n">reqBody</span><span class="p">))</span> <span class="n">assert</span><span class="o">.</span><span class="n">NoError</span><span class="p">(</span><span class="n">t</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span> <span class="n">request</span><span class="o">.</span><span class="n">Header</span><span class="o">.</span><span class="n">Set</span><span class="p">(</span><span class="s">"Content-Type"</span><span class="p">,</span> <span class="s">"application/json"</span><span class="p">)</span> <span class="n">router</span><span class="o">.</span><span class="n">ServeHTTP</span><span class="p">(</span><span class="n">rr</span><span class="p">,</span> <span class="n">request</span><span class="p">)</span> <span class="n">respBody</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">json</span><span class="o">.</span><span class="n">Marshal</span><span class="p">(</span><span class="n">gin</span><span class="o">.</span><span class="n">H</span><span class="p">{</span> <span class="s">"tokens"</span><span class="o">:</span> <span class="n">mockTokenPair</span><span class="p">,</span> <span class="p">})</span> <span class="n">assert</span><span class="o">.</span><span class="n">NoError</span><span class="p">(</span><span class="n">t</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span> <span class="n">assert</span><span class="o">.</span><span class="n">Equal</span><span class="p">(</span><span class="n">t</span><span class="p">,</span> <span class="n">http</span><span class="o">.</span><span class="n">StatusOK</span><span class="p">,</span> <span class="n">rr</span><span class="o">.</span><span class="n">Code</span><span class="p">)</span> <span class="n">assert</span><span class="o">.</span><span class="n">Equal</span><span class="p">(</span><span class="n">t</span><span class="p">,</span> <span class="n">respBody</span><span class="p">,</span> <span class="n">rr</span><span class="o">.</span><span class="n">Body</span><span class="o">.</span><span class="n">Bytes</span><span class="p">())</span> <span class="n">mockUserService</span><span class="o">.</span><span class="n">AssertCalled</span><span class="p">(</span><span class="n">t</span><span class="p">,</span> <span class="s">"Signin"</span><span class="p">,</span> <span class="n">mockUSArgs</span><span class="o">...</span><span class="p">)</span> <span class="n">mockTokenService</span><span class="o">.</span><span class="n">AssertCalled</span><span class="p">(</span><span class="n">t</span><span class="p">,</span> <span class="s">"NewPairFromUser"</span><span class="p">,</span> <span class="n">mockTSArgs</span><span class="o">...</span><span class="p">)</span> <span class="p">})</span> </code></pre> </div> <h3> Error from TokenService.NewPairFromUser Case </h3> <p>In this case, we want the <code>mockUserService.Signin</code> method to be called successfully, but want <code>mockTokenService.NewPairFromUser</code> to produce an error. We then expect an HTTP 500, <code>http.StatusInternalServerError</code>, as a response.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code> <span class="n">t</span><span class="o">.</span><span class="n">Run</span><span class="p">(</span><span class="s">"Failed Token Creation"</span><span class="p">,</span> <span class="k">func</span><span class="p">(</span><span class="n">t</span> <span class="o">*</span><span class="n">testing</span><span class="o">.</span><span class="n">T</span><span class="p">)</span> <span class="p">{</span> <span class="n">email</span> <span class="o">:=</span> <span class="s">"cannotproducetoken@bob.com"</span> <span class="n">password</span> <span class="o">:=</span> <span class="s">"cannotproducetoken"</span> <span class="n">mockUSArgs</span> <span class="o">:=</span> <span class="n">mock</span><span class="o">.</span><span class="n">Arguments</span><span class="p">{</span> <span class="n">mock</span><span class="o">.</span><span class="n">AnythingOfType</span><span class="p">(</span><span class="s">"*context.emptyCtx"</span><span class="p">),</span> <span class="o">&amp;</span><span class="n">model</span><span class="o">.</span><span class="n">User</span><span class="p">{</span><span class="n">Email</span><span class="o">:</span> <span class="n">email</span><span class="p">,</span> <span class="n">Password</span><span class="o">:</span> <span class="n">password</span><span class="p">},</span> <span class="p">}</span> <span class="n">mockUserService</span><span class="o">.</span><span class="n">On</span><span class="p">(</span><span class="s">"Signin"</span><span class="p">,</span> <span class="n">mockUSArgs</span><span class="o">...</span><span class="p">)</span><span class="o">.</span><span class="n">Return</span><span class="p">(</span><span class="no">nil</span><span class="p">)</span> <span class="n">mockTSArgs</span> <span class="o">:=</span> <span class="n">mock</span><span class="o">.</span><span class="n">Arguments</span><span class="p">{</span> <span class="n">mock</span><span class="o">.</span><span class="n">AnythingOfType</span><span class="p">(</span><span class="s">"*context.emptyCtx"</span><span class="p">),</span> <span class="o">&amp;</span><span class="n">model</span><span class="o">.</span><span class="n">User</span><span class="p">{</span><span class="n">Email</span><span class="o">:</span> <span class="n">email</span><span class="p">,</span> <span class="n">Password</span><span class="o">:</span> <span class="n">password</span><span class="p">},</span> <span class="s">""</span><span class="p">,</span> <span class="p">}</span> <span class="n">mockError</span> <span class="o">:=</span> <span class="n">apperrors</span><span class="o">.</span><span class="n">NewInternal</span><span class="p">()</span> <span class="n">mockTokenService</span><span class="o">.</span><span class="n">On</span><span class="p">(</span><span class="s">"NewPairFromUser"</span><span class="p">,</span> <span class="n">mockTSArgs</span><span class="o">...</span><span class="p">)</span><span class="o">.</span><span class="n">Return</span><span class="p">(</span><span class="no">nil</span><span class="p">,</span> <span class="n">mockError</span><span class="p">)</span> <span class="c">// a response recorder for getting written http response</span> <span class="n">rr</span> <span class="o">:=</span> <span class="n">httptest</span><span class="o">.</span><span class="n">NewRecorder</span><span class="p">()</span> <span class="c">// create a request body with valid fields</span> <span class="n">reqBody</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">json</span><span class="o">.</span><span class="n">Marshal</span><span class="p">(</span><span class="n">gin</span><span class="o">.</span><span class="n">H</span><span class="p">{</span> <span class="s">"email"</span><span class="o">:</span> <span class="n">email</span><span class="p">,</span> <span class="s">"password"</span><span class="o">:</span> <span class="n">password</span><span class="p">,</span> <span class="p">})</span> <span class="n">assert</span><span class="o">.</span><span class="n">NoError</span><span class="p">(</span><span class="n">t</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span> <span class="n">request</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">http</span><span class="o">.</span><span class="n">NewRequest</span><span class="p">(</span><span class="n">http</span><span class="o">.</span><span class="n">MethodPost</span><span class="p">,</span> <span class="s">"/signin"</span><span class="p">,</span> <span class="n">bytes</span><span class="o">.</span><span class="n">NewBuffer</span><span class="p">(</span><span class="n">reqBody</span><span class="p">))</span> <span class="n">assert</span><span class="o">.</span><span class="n">NoError</span><span class="p">(</span><span class="n">t</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span> <span class="n">request</span><span class="o">.</span><span class="n">Header</span><span class="o">.</span><span class="n">Set</span><span class="p">(</span><span class="s">"Content-Type"</span><span class="p">,</span> <span class="s">"application/json"</span><span class="p">)</span> <span class="n">router</span><span class="o">.</span><span class="n">ServeHTTP</span><span class="p">(</span><span class="n">rr</span><span class="p">,</span> <span class="n">request</span><span class="p">)</span> <span class="n">respBody</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">json</span><span class="o">.</span><span class="n">Marshal</span><span class="p">(</span><span class="n">gin</span><span class="o">.</span><span class="n">H</span><span class="p">{</span> <span class="s">"error"</span><span class="o">:</span> <span class="n">mockError</span><span class="p">,</span> <span class="p">})</span> <span class="n">assert</span><span class="o">.</span><span class="n">NoError</span><span class="p">(</span><span class="n">t</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span> <span class="n">assert</span><span class="o">.</span><span class="n">Equal</span><span class="p">(</span><span class="n">t</span><span class="p">,</span> <span class="n">mockError</span><span class="o">.</span><span class="n">Status</span><span class="p">(),</span> <span class="n">rr</span><span class="o">.</span><span class="n">Code</span><span class="p">)</span> <span class="n">assert</span><span class="o">.</span><span class="n">Equal</span><span class="p">(</span><span class="n">t</span><span class="p">,</span> <span class="n">respBody</span><span class="p">,</span> <span class="n">rr</span><span class="o">.</span><span class="n">Body</span><span class="o">.</span><span class="n">Bytes</span><span class="p">())</span> <span class="n">mockUserService</span><span class="o">.</span><span class="n">AssertCalled</span><span class="p">(</span><span class="n">t</span><span class="p">,</span> <span class="s">"Signin"</span><span class="p">,</span> <span class="n">mockUSArgs</span><span class="o">...</span><span class="p">)</span> <span class="n">mockTokenService</span><span class="o">.</span><span class="n">AssertCalled</span><span class="p">(</span><span class="n">t</span><span class="p">,</span> <span class="s">"NewPairFromUser"</span><span class="p">,</span> <span class="n">mockTSArgs</span><span class="o">...</span><span class="p">)</span> <span class="p">})</span> </code></pre> </div> <h2> Conclusion </h2> <p>That's all for today, chicos! Next time, we'll write the concrete implementation of <code>UserService.Signin</code> as well as the needed <code>UserRepository</code> methods to get a user from the database and verify their entered password. </p> <p>¡Chau, hasta luego!</p> go gin authentication testing 13 - Gin Handler Timeout Middleware Jacob Goodwin Mon, 14 Dec 2020 20:05:12 +0000 https://dev.to/jacobsngoodwin/13-gin-handler-timeout-middleware-4bhg https://dev.to/jacobsngoodwin/13-gin-handler-timeout-middleware-4bhg <p>We just added the ability to store refresh tokens in Redis. Today, let's take a break from the main application features to learn how to create our first Gin middleware!</p> <p>If at any point you are confused about file structure or code, go to <a href="https://github.com/JacobSNGoodwin/memrizr" rel="noopener noreferrer">Github repository</a> and check out the branch for the previous lesson to be in sync with me!</p> <p><em>I also wanted to mentioned that I made two updates in the main branch of the repository for more easily getting the application running for newcomers to this project. The steps to run the project have been updated in the README, as well.</em> </p> <p><em>First, I decided to add the <code>.env.dev</code> file to the repository. For development, I don't plan to include any API secrets directly in this file. Later on, however, we'll reference a Google Cloud Configuration file in <code>.env.dev</code>, so you'll need to make sure to keep that configuration file secret as always.</em></p> <p><em>Second, I've added a make rule, <code>make init</code>, which will start up our Postgres containers and run database migrations so that you'll be ready to start creating data (users for now) with the application!</em></p> <p>If you prefer video, check out the video version below!<br> <iframe width="710" height="399" src="https://www.youtube.com/embed/cjSrwuy6G74"> </iframe> </p> <h2> Handler Timeout Middleware </h2> <p>Here's the ol' diagram of what we'll be working on today.</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fdsujyxs4zbucjjdz8vho.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fdsujyxs4zbucjjdz8vho.png" alt="Handler Timeout Middleware Diagram"></a></p> <p>If we look at the right-hand side of our middleware, we see our application layers. The handler layer methods all receive a <code>*gin.Context</code>. This context is provided to us by Gin and gives us access to numerous utility methods that make working with HTTP requests and responses easier.</p> <p>The problem we're trying to solve is if a call to these handler methods (including all of the downstream calls to the service/repository layers and data sources) takes a long time, we want to be able to terminate the handler and send an error to the user. </p> <p>We can do this with built-in functionality from the <code>context</code> package of Go, by wrapping the request context using the <code>context.WithTimeout</code> method. When we wrap our context with this method, we get access to the context.Done() method which "returns a channel that's closed when work done on behalf of this context should be canceled" (<a href="https://golang.org/pkg/context/#WithTimeout" rel="noopener noreferrer">source</a>). After using <code>WithTimeout</code>, the context will be cancelled for us automatically after the duration of time we pass to the method. </p> <p>We'll save discussing the <code>timeoutWriter</code> for when we write the middleware code.</p> <h3> What About http.Server Timeout Fields? </h3> <p>If we look in <code>~/main.go</code>, we initialize our server with Go's <code>http.Server</code>.</p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code> <span class="n">srv</span> <span class="o">:=</span> <span class="o">&amp;</span><span class="n">http</span><span class="o">.</span><span class="n">Server</span><span class="p">{</span> <span class="n">Addr</span><span class="o">:</span> <span class="s">":8080"</span><span class="p">,</span> <span class="n">Handler</span><span class="o">:</span> <span class="n">router</span><span class="p">,</span> <span class="p">}</span> </code></pre> </div> <p>You might be asking why we don't just make use of the <a href="https://golang.org/pkg/net/http/#Server" rel="noopener noreferrer">net/http package's Server</a> fields like <code>ReadTimeout</code> or <code>WriteTimeout</code>. These timeouts are concerned with the time to read and write the body to and from the client (i.e. networking I/O) and don't deal with the case of long running-handlers. There's a fine <a href="https://stackoverflow.com/questions/51258952/use-http-timeouthandler-or-readtimeout-writetimeout" rel="noopener noreferrer">answer on StackOverflow</a> you might want to read.</p> <h2> Middleware In Gin </h2> <h3> Custom Middleware Function </h3> <p>Looking back at the diagram, remember that our goal is to manipulate the <em>request context</em>, which we extract from the <em>gin.Context</em> using the <code>Request()</code> method. I'll reiterate that the Gin and request context are two different contexts, which can be confusing.</p> <p>To create a custom middleware in Gin, we create a function that returns a <code>gin.HandlerFunc</code>, which is defined as:</p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code> <span class="k">type</span> <span class="n">HandlerFunc</span> <span class="k">func</span><span class="p">(</span><span class="o">*</span><span class="n">Context</span><span class="p">)</span> </code></pre> </div> <p>In middleware <code>HandlerFunc</code>, we can modify this <code>gin.Context</code> according to our needs. In our handler timeout middleware, we will wrap our the request context with a timeout and handle concurrency issues. Another simple example is a logger, as shown in the <a href="https://github.com/gin-gonic/gin#custom-middleware" rel="noopener noreferrer">Gin docs</a>. Yet another case you might see is extracting a user from a session or token, and setting this user as a key on <code>gin.Context</code>. In fact, we'll do just that in a handful of tutorials!</p> <h3> Usage in Gin </h3> <p>I recommend checking out the <a href="https://github.com/gin-gonic/gin#using-middleware" rel="noopener noreferrer">Using Middleware</a> section of the Gin docs to see how you can call a middleware function for routes, groups, and individual routes! We'll end up applying middleware to our existing route group in <code>~/handler/handler.go</code> with the <code>Use</code> method.</p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code> <span class="c">// Create a group, or base url for all routes</span> <span class="n">g</span> <span class="o">:=</span> <span class="n">c</span><span class="o">.</span><span class="n">R</span><span class="o">.</span><span class="n">Group</span><span class="p">(</span><span class="n">c</span><span class="o">.</span><span class="n">BaseURL</span><span class="p">)</span> <span class="k">if</span> <span class="n">gin</span><span class="o">.</span><span class="n">Mode</span><span class="p">()</span> <span class="o">!=</span> <span class="n">gin</span><span class="o">.</span><span class="n">TestMode</span> <span class="p">{</span> <span class="n">g</span><span class="o">.</span><span class="n">Use</span><span class="p">()</span> <span class="c">// middleware will be called in Use()</span> <span class="p">}</span> </code></pre> </div> <h2> Why Make Our Own Middleware? </h2> <p>I found the following open source middlewares for setting a handler timeout. </p> <p>The first is the Go <a href="https://golang.org/pkg/net/http/#TimeoutHandler" rel="noopener noreferrer">http.TimeoutHandler</a>. The downside to this handler is that it's not configured to directly work with Gin routes and groups. Another thing I didn't like about the handler is that it is configured to send an HTML response in the case of a timeout, and doesn't appear to have a way to send a different Content-Type for a response. </p> <p>The second middleware I found was <a href="https://github.com/gin-contrib/timeout" rel="noopener noreferrer">gin-contrib/timeout</a>. Note that this repository of middlewares is not the official one by gin-gonic, <a href="https://github.com/gin-gonic/contrib" rel="noopener noreferrer">gin-gonic/contrib</a>, even though it has a similar name. This middleware had issues trying to rewrite headers to a response writer, which we'll discuss when we write our middleware.</p> <p>The third middleware I found was <a href="https://github.com/vearne/gin-timeout" rel="noopener noreferrer">vearne/gin-timeout</a>. This middleware actually addressed the above issues, and so I have no problem recommending it. However, it did not provide a way to modify the error response sent to the user. </p> <p>Since getting a timeout handler middleware to work as I would like would require modifying any of the available handlers, I decided it would just be easier to create our own, even if I'm borrowing heavily from <a href="https://golang.org/pkg/net/http/#TimeoutHandler" rel="noopener noreferrer">http.TimeoutHandler</a> and <a href="https://github.com/vearne/gin-timeout" rel="noopener noreferrer">vearne/gin-timeout</a>.</p> <h2> Middleware Prep </h2> <h3> Add A Pretend Delay to Signin Handler </h3> <p>In <code>~/handler/handler.go</code>, let's fake a handler that takes a long time to complete. We'll use the <code>Signin</code> handler method as it currently doesn't yet have a "real" implementation. We'll set the <code>Sleep</code> duration to 6 seconds, as we'll end up setting our timeout limit to 5 seconds. </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code> <span class="c">// Signin handler</span> <span class="k">func</span> <span class="p">(</span><span class="n">h</span> <span class="o">*</span><span class="n">Handler</span><span class="p">)</span> <span class="n">Signin</span><span class="p">(</span><span class="n">c</span> <span class="o">*</span><span class="n">gin</span><span class="o">.</span><span class="n">Context</span><span class="p">)</span> <span class="p">{</span> <span class="n">time</span><span class="o">.</span><span class="n">Sleep</span><span class="p">(</span><span class="m">6</span> <span class="o">*</span> <span class="n">time</span><span class="o">.</span><span class="n">Second</span><span class="p">)</span> <span class="c">// to demonstrate a timeout</span> <span class="n">c</span><span class="o">.</span><span class="n">JSON</span><span class="p">(</span><span class="n">http</span><span class="o">.</span><span class="n">StatusOK</span><span class="p">,</span> <span class="n">gin</span><span class="o">.</span><span class="n">H</span><span class="p">{</span> <span class="s">"hello"</span><span class="o">:</span> <span class="s">"it's signin"</span><span class="p">,</span> <span class="p">})</span> <span class="p">}</span> </code></pre> </div> <h3> Update App Errors </h3> <p>I want to add a <code>ServiceUnavailable</code> (HTTP 503) to our <code>~/model/apperrors/apperrors.go</code> to send when our handlers run longer than 5 seconds.</p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code> <span class="c">// update const</span> <span class="k">const</span> <span class="p">(</span> <span class="c">// ... other types excluded for brevity</span> <span class="n">ServiceUnavailable</span> <span class="n">Type</span> <span class="o">=</span> <span class="s">"SERVICE_UNAVAILABLE"</span> <span class="c">// For long running handlers</span> <span class="p">)</span> <span class="c">// update status method switch case to handle ServiceUnavailable</span> <span class="k">func</span> <span class="p">(</span><span class="n">e</span> <span class="o">*</span><span class="n">Error</span><span class="p">)</span> <span class="n">Status</span><span class="p">()</span> <span class="kt">int</span> <span class="p">{</span> <span class="k">switch</span> <span class="n">e</span><span class="o">.</span><span class="n">Type</span> <span class="p">{</span> <span class="c">// other cases and default excluded for brevity</span> <span class="k">case</span> <span class="n">ServiceUnavailable</span><span class="o">:</span> <span class="k">return</span> <span class="n">http</span><span class="o">.</span><span class="n">StatusServiceUnavailable</span> <span class="c">// cases omitted</span> <span class="p">}</span> <span class="p">}</span> <span class="c">// add an error factory</span> <span class="c">// NewServiceUnavailable to create an error for 503</span> <span class="k">func</span> <span class="n">NewServiceUnavailable</span><span class="p">()</span> <span class="o">*</span><span class="n">Error</span> <span class="p">{</span> <span class="k">return</span> <span class="o">&amp;</span><span class="n">Error</span><span class="p">{</span> <span class="n">Type</span><span class="o">:</span> <span class="n">ServiceUnavailable</span><span class="p">,</span> <span class="n">Message</span><span class="o">:</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Sprintf</span><span class="p">(</span><span class="s">"Service unavailable or timed out"</span><span class="p">),</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h3> Timeout Duration Environment Variable </h3> <p>Let's make timeout duration configurable. We'll set a handler timeout of 5 seconds for now. In reality, we could set different timeout lengths for different handlers or groups of handlers. As an example, you would probably expect the time to upload a file to a cloud service to take longer than a handler that merely updates text fields in the database. I encourage you to do this in your applications.</p> <p>In <code>.env.go</code> add the following.</p> <div class="highlight js-code-highlight"> <pre class="highlight toml"><code> <span class="py">HANDLER_TIMEOUT</span><span class="p">=</span><span class="mi">5</span> </code></pre> </div> <p>We now need to update the instantiation of our handler via <code>handler.Config</code> to accept this field as a duration. In <code>~/handler/handler.go</code>.</p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code> <span class="c">// Config will hold services that will eventually be injected into this</span> <span class="c">// handler layer on handler initialization</span> <span class="k">type</span> <span class="n">Config</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">R</span> <span class="o">*</span><span class="n">gin</span><span class="o">.</span><span class="n">Engine</span> <span class="n">UserService</span> <span class="n">model</span><span class="o">.</span><span class="n">UserService</span> <span class="n">TokenService</span> <span class="n">model</span><span class="o">.</span><span class="n">TokenService</span> <span class="n">BaseURL</span> <span class="kt">string</span> <span class="n">TimeoutDuration</span> <span class="n">time</span><span class="o">.</span><span class="n">Duration</span> <span class="p">}</span> </code></pre> </div> <p>Let's also load the environment variable and pass it to our handler config in <code>~/injection.go</code> of <code>package main</code>.</p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code> <span class="c">// read in HANDLER_TIMEOUT</span> <span class="n">handlerTimeout</span> <span class="o">:=</span> <span class="n">os</span><span class="o">.</span><span class="n">Getenv</span><span class="p">(</span><span class="s">"HANDLER_TIMEOUT"</span><span class="p">)</span> <span class="n">ht</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">strconv</span><span class="o">.</span><span class="n">ParseInt</span><span class="p">(</span><span class="n">handlerTimeout</span><span class="p">,</span> <span class="m">0</span><span class="p">,</span> <span class="m">64</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Errorf</span><span class="p">(</span><span class="s">"could not parse HANDLER_TIMEOUT as int: %w"</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span> <span class="p">}</span> <span class="n">handler</span><span class="o">.</span><span class="n">NewHandler</span><span class="p">(</span><span class="o">&amp;</span><span class="n">handler</span><span class="o">.</span><span class="n">Config</span><span class="p">{</span> <span class="n">R</span><span class="o">:</span> <span class="n">router</span><span class="p">,</span> <span class="n">UserService</span><span class="o">:</span> <span class="n">userService</span><span class="p">,</span> <span class="n">TokenService</span><span class="o">:</span> <span class="n">tokenService</span><span class="p">,</span> <span class="n">BaseURL</span><span class="o">:</span> <span class="n">baseURL</span><span class="p">,</span> <span class="n">TimeoutDuration</span><span class="o">:</span> <span class="n">time</span><span class="o">.</span><span class="n">Duration</span><span class="p">(</span><span class="n">time</span><span class="o">.</span><span class="n">Duration</span><span class="p">(</span><span class="n">ht</span><span class="p">)</span> <span class="o">*</span> <span class="n">time</span><span class="o">.</span><span class="n">Second</span><span class="p">),</span> <span class="p">})</span> </code></pre> </div> <p>We now have a configurable handler timeout duration! Woot woot!</p> <h2> Timeout Middleware Code </h2> <p>After quite a preface, let's add the middleware code. Our middleware will be added to a sub-package of <code>handler</code>. Let's add a folder and file at the path <code>~/handler/middleware/timeout.go</code>. We'll go step-by-step over the code we add to this middleware function.</p> <h3> Middleware Function Definition </h3> <p>Our middleware will accept a timeout duration, which will be received from <code>handler.Config</code>, and an error that we'll send to the user in case of a timeout. We'll end up passing the custom <code>ServiceUnavailable</code> error we recently created.</p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code> <span class="k">package</span> <span class="n">middleware</span> <span class="c">// Imports omitted</span> <span class="k">func</span> <span class="n">Timeout</span><span class="p">(</span><span class="n">timeout</span> <span class="n">time</span><span class="o">.</span><span class="n">Duration</span><span class="p">,</span> <span class="n">errTimeout</span> <span class="o">*</span><span class="n">apperrors</span><span class="o">.</span><span class="n">Error</span><span class="p">)</span> <span class="n">gin</span><span class="o">.</span><span class="n">HandlerFunc</span> <span class="p">{</span> <span class="k">return</span> <span class="k">func</span><span class="p">(</span><span class="n">c</span> <span class="o">*</span><span class="n">gin</span><span class="o">.</span><span class="n">Context</span><span class="p">)</span> <span class="p">{</span> <span class="c">// Code will go here</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h3> Set Gin Writer to Custom Timeout Writer </h3> <p>We first set the writer on Gin's context, <code>c</code>, to a custom writer, <code>tw</code>. You'll also observe that this writer is passed as a field to our custom <code>timeoutWriter</code>. This is a little confusing, but will hopefully become clearer after we go over the <code>timeoutWriter</code> definition. </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code> <span class="c">// set Gin's writer as our custom writer</span> <span class="n">tw</span> <span class="o">:=</span> <span class="o">&amp;</span><span class="n">timeoutWriter</span><span class="p">{</span><span class="n">ResponseWriter</span><span class="o">:</span> <span class="n">c</span><span class="o">.</span><span class="n">Writer</span><span class="p">,</span> <span class="n">h</span><span class="o">:</span> <span class="nb">make</span><span class="p">(</span><span class="n">http</span><span class="o">.</span><span class="n">Header</span><span class="p">)}</span> <span class="n">c</span><span class="o">.</span><span class="n">Writer</span> <span class="o">=</span> <span class="n">tw</span> </code></pre> </div> <h3> Wrap Context in Timeout </h3> <p>In order to apply a timeout duration, we can use <code>context.WithTimeout</code> as follows. We defer the cancel function's execution until the end of the function. When cancel is called, all resources associated with it context, <code>ctx</code>, will be freed up.</p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code> <span class="c">// wrap the request context with a timeout</span> <span class="n">ctx</span><span class="p">,</span> <span class="n">cancel</span> <span class="o">:=</span> <span class="n">context</span><span class="o">.</span><span class="n">WithTimeout</span><span class="p">(</span><span class="n">c</span><span class="o">.</span><span class="n">Request</span><span class="o">.</span><span class="n">Context</span><span class="p">(),</span> <span class="n">timeout</span><span class="p">)</span> <span class="k">defer</span> <span class="n">cancel</span><span class="p">()</span> <span class="c">// update gin request context</span> <span class="n">c</span><span class="o">.</span><span class="n">Request</span> <span class="o">=</span> <span class="n">c</span><span class="o">.</span><span class="n">Request</span><span class="o">.</span><span class="n">WithContext</span><span class="p">(</span><span class="n">ctx</span><span class="p">)</span> </code></pre> </div> <h3> Channels For Finished of Panic "Signals" </h3> <p>We create channels that we'll send values into if our handler successfully completes or if the application panics.</p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code> <span class="n">finished</span> <span class="o">:=</span> <span class="nb">make</span><span class="p">(</span><span class="k">chan</span> <span class="k">struct</span><span class="p">{})</span> <span class="c">// to indicate handler finished</span> <span class="n">panicChan</span> <span class="o">:=</span> <span class="nb">make</span><span class="p">(</span><span class="k">chan</span> <span class="k">interface</span><span class="p">{},</span> <span class="m">1</span><span class="p">)</span> <span class="c">// used to handle panics if we can't recover</span> </code></pre> </div> <h3> Call Handler Inside of a GoRoutine </h3> <p>We then create and invoke a goroutine which calls <code>c.Next()</code>. <code>Next</code> is a helper method which calls the next middleware or handler function (you can "cascade" handler functions and middlewares). As of yet, we only have a single middleware, so <code>c.Next()</code> will call a handler method. If the method completes, we pass an empty struct into the <code>finished</code> channel. </p> <p>We also defer a call to <a href="https://blog.golang.org/defer-panic-and-recover" rel="noopener noreferrer">recover</a> from a panic and send the captured value from the panic and send it to the <code>panicChan</code> (it turns out we don't do anything with this value, so send and empty struct, if you prefer).</p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code> <span class="k">go</span> <span class="k">func</span><span class="p">()</span> <span class="p">{</span> <span class="k">defer</span> <span class="k">func</span><span class="p">()</span> <span class="p">{</span> <span class="k">if</span> <span class="n">p</span> <span class="o">:=</span> <span class="nb">recover</span><span class="p">();</span> <span class="n">p</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">panicChan</span> <span class="o">&lt;-</span> <span class="n">p</span> <span class="p">}</span> <span class="p">}()</span> <span class="n">c</span><span class="o">.</span><span class="n">Next</span><span class="p">()</span> <span class="c">// calls subsequent middleware(s) and handler</span> <span class="n">finished</span> <span class="o">&lt;-</span> <span class="k">struct</span><span class="p">{}{}</span> <span class="p">}()</span> </code></pre> </div> <h3> Handling Either Finished, Panic, or Timeout/context.Done() </h3> <p>After invoking the goroutine, we then create a select statement that listens for incoming values on one of three channels. In all of these cases, we then write a header and body to a response writer embedded inside of our custom <code>timeoutWriter</code> in variable <code>tw</code>.</p> <p>This may be a little confusing, writing to a <code>Writer</code> inside of a <code>Writer</code>, but this is how we prevent overwriting response bodies and headers. We basically use the <code>timeoutWriter</code> as a temporary/proxy writer that also stores the state of whether or not we have either timed out or already sent the response from a handler.</p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code> <span class="k">select</span> <span class="p">{</span> <span class="k">case</span> <span class="o">&lt;-</span><span class="n">panicChan</span><span class="o">:</span> <span class="c">// if we cannot recover from panic,</span> <span class="c">// send internal server error</span> <span class="n">e</span> <span class="o">:=</span> <span class="n">apperrors</span><span class="o">.</span><span class="n">NewInternal</span><span class="p">()</span> <span class="n">tw</span><span class="o">.</span><span class="n">ResponseWriter</span><span class="o">.</span><span class="n">WriteHeader</span><span class="p">(</span><span class="n">e</span><span class="o">.</span><span class="n">Status</span><span class="p">())</span> <span class="n">eResp</span><span class="p">,</span> <span class="n">_</span> <span class="o">:=</span> <span class="n">json</span><span class="o">.</span><span class="n">Marshal</span><span class="p">(</span><span class="n">gin</span><span class="o">.</span><span class="n">H</span><span class="p">{</span> <span class="s">"error"</span><span class="o">:</span> <span class="n">e</span><span class="p">,</span> <span class="p">})</span> <span class="n">tw</span><span class="o">.</span><span class="n">ResponseWriter</span><span class="o">.</span><span class="n">Write</span><span class="p">(</span><span class="n">eResp</span><span class="p">)</span> <span class="k">case</span> <span class="o">&lt;-</span><span class="n">finished</span><span class="o">:</span> <span class="c">// if finished, set headers and write resp</span> <span class="n">tw</span><span class="o">.</span><span class="n">mu</span><span class="o">.</span><span class="n">Lock</span><span class="p">()</span> <span class="k">defer</span> <span class="n">tw</span><span class="o">.</span><span class="n">mu</span><span class="o">.</span><span class="n">Unlock</span><span class="p">()</span> <span class="c">// map Headers from tw.Header() (written to by gin)</span> <span class="c">// to tw.ResponseWriter for response</span> <span class="n">dst</span> <span class="o">:=</span> <span class="n">tw</span><span class="o">.</span><span class="n">ResponseWriter</span><span class="o">.</span><span class="n">Header</span><span class="p">()</span> <span class="k">for</span> <span class="n">k</span><span class="p">,</span> <span class="n">vv</span> <span class="o">:=</span> <span class="k">range</span> <span class="n">tw</span><span class="o">.</span><span class="n">Header</span><span class="p">()</span> <span class="p">{</span> <span class="n">dst</span><span class="p">[</span><span class="n">k</span><span class="p">]</span> <span class="o">=</span> <span class="n">vv</span> <span class="p">}</span> <span class="n">tw</span><span class="o">.</span><span class="n">ResponseWriter</span><span class="o">.</span><span class="n">WriteHeader</span><span class="p">(</span><span class="n">tw</span><span class="o">.</span><span class="n">code</span><span class="p">)</span> <span class="c">// tw.wbuf will have been written to already when gin writes to tw.Write()</span> <span class="n">tw</span><span class="o">.</span><span class="n">ResponseWriter</span><span class="o">.</span><span class="n">Write</span><span class="p">(</span><span class="n">tw</span><span class="o">.</span><span class="n">wbuf</span><span class="o">.</span><span class="n">Bytes</span><span class="p">())</span> <span class="k">case</span> <span class="o">&lt;-</span><span class="n">ctx</span><span class="o">.</span><span class="n">Done</span><span class="p">()</span><span class="o">:</span> <span class="c">// timeout has occurred, send errTimeout and write headers</span> <span class="n">tw</span><span class="o">.</span><span class="n">mu</span><span class="o">.</span><span class="n">Lock</span><span class="p">()</span> <span class="k">defer</span> <span class="n">tw</span><span class="o">.</span><span class="n">mu</span><span class="o">.</span><span class="n">Unlock</span><span class="p">()</span> <span class="c">// ResponseWriter from gin</span> <span class="n">tw</span><span class="o">.</span><span class="n">ResponseWriter</span><span class="o">.</span><span class="n">Header</span><span class="p">()</span><span class="o">.</span><span class="n">Set</span><span class="p">(</span><span class="s">"Content-Type"</span><span class="p">,</span> <span class="s">"application/json"</span><span class="p">)</span> <span class="n">tw</span><span class="o">.</span><span class="n">ResponseWriter</span><span class="o">.</span><span class="n">WriteHeader</span><span class="p">(</span><span class="n">errTimeout</span><span class="o">.</span><span class="n">Status</span><span class="p">())</span> <span class="n">eResp</span><span class="p">,</span> <span class="n">_</span> <span class="o">:=</span> <span class="n">json</span><span class="o">.</span><span class="n">Marshal</span><span class="p">(</span><span class="n">gin</span><span class="o">.</span><span class="n">H</span><span class="p">{</span> <span class="s">"error"</span><span class="o">:</span> <span class="n">errTimeout</span><span class="p">,</span> <span class="p">})</span> <span class="n">tw</span><span class="o">.</span><span class="n">ResponseWriter</span><span class="o">.</span><span class="n">Write</span><span class="p">(</span><span class="n">eResp</span><span class="p">)</span> <span class="n">c</span><span class="o">.</span><span class="n">Abort</span><span class="p">()</span> <span class="n">tw</span><span class="o">.</span><span class="n">SetTimedOut</span><span class="p">()</span> <span class="p">}</span> </code></pre> </div> <p>In the case of a panic, we simply write an internal server error with the appropriate status code.</p> <p>If we receive on the finished channel, this means that our custom <code>timeoutWriter</code> will have the headers written by Gin to its <code>h</code> field, which will store headers. We then copy these headers to the inner, <code>gin.ResponseWriter</code>, referenced by <code>dst</code>. We then send the status code from <code>tw</code>, and the actual response body from the handler which is stored in <code>tw.wbuf</code>. We make sure to lock <code>tw</code> using it's mutex field to prevent writes in the case we "simultaneously" receive a on another channel. </p> <p>In the case when the context times out, we receive on the channel returned by <code>ctx.Done()</code>. We also create a response with the <code>*apperrors.Error</code> passed to the middleware as a parameter. We then call <code>c.Abort()</code> which prevents any subsequent handlers or middlewares from being called, and set <code>tw</code>'s <code>timedOut</code> field to true so that if the handler response eventually comes through, it will not be written to the client. </p> <p>Let's now discuss the <code>timeoutWriter</code> in detail.</p> <h3> Custom Timeout Writer Explanation </h3> <p>The code for <code>timeoutWriter</code> is included below. </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code> <span class="c">// implements http.Writer, but tracks if Writer has timed out</span> <span class="c">// or has already written its header to prevent</span> <span class="c">// header and body overwrites</span> <span class="c">// also locks access to this writer to prevent race conditions</span> <span class="c">// holds the gin.ResponseWriter which we'll manually call Write()</span> <span class="c">// on in the middleware function to send response</span> <span class="k">type</span> <span class="n">timeoutWriter</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">gin</span><span class="o">.</span><span class="n">ResponseWriter</span> <span class="n">h</span> <span class="n">http</span><span class="o">.</span><span class="n">Header</span> <span class="n">wbuf</span> <span class="n">bytes</span><span class="o">.</span><span class="n">Buffer</span> <span class="c">// The zero value for Buffer is an empty buffer ready to use.</span> <span class="n">mu</span> <span class="n">sync</span><span class="o">.</span><span class="n">Mutex</span> <span class="n">timedOut</span> <span class="kt">bool</span> <span class="n">wroteHeader</span> <span class="kt">bool</span> <span class="n">code</span> <span class="kt">int</span> <span class="p">}</span> <span class="c">// Writes the response, but first makes sure there</span> <span class="c">// hasn't already been a timeout</span> <span class="c">// In http.ResponseWriter interface</span> <span class="k">func</span> <span class="p">(</span><span class="n">tw</span> <span class="o">*</span><span class="n">timeoutWriter</span><span class="p">)</span> <span class="n">Write</span><span class="p">(</span><span class="n">b</span> <span class="p">[]</span><span class="kt">byte</span><span class="p">)</span> <span class="p">(</span><span class="kt">int</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span> <span class="n">tw</span><span class="o">.</span><span class="n">mu</span><span class="o">.</span><span class="n">Lock</span><span class="p">()</span> <span class="k">defer</span> <span class="n">tw</span><span class="o">.</span><span class="n">mu</span><span class="o">.</span><span class="n">Unlock</span><span class="p">()</span> <span class="k">if</span> <span class="n">tw</span><span class="o">.</span><span class="n">timedOut</span> <span class="p">{</span> <span class="k">return</span> <span class="m">0</span><span class="p">,</span> <span class="no">nil</span> <span class="p">}</span> <span class="k">return</span> <span class="n">tw</span><span class="o">.</span><span class="n">wbuf</span><span class="o">.</span><span class="n">Write</span><span class="p">(</span><span class="n">b</span><span class="p">)</span> <span class="p">}</span> <span class="c">// In http.ResponseWriter interface</span> <span class="k">func</span> <span class="p">(</span><span class="n">tw</span> <span class="o">*</span><span class="n">timeoutWriter</span><span class="p">)</span> <span class="n">WriteHeader</span><span class="p">(</span><span class="n">code</span> <span class="kt">int</span><span class="p">)</span> <span class="p">{</span> <span class="n">checkWriteHeaderCode</span><span class="p">(</span><span class="n">code</span><span class="p">)</span> <span class="n">tw</span><span class="o">.</span><span class="n">mu</span><span class="o">.</span><span class="n">Lock</span><span class="p">()</span> <span class="k">defer</span> <span class="n">tw</span><span class="o">.</span><span class="n">mu</span><span class="o">.</span><span class="n">Unlock</span><span class="p">()</span> <span class="c">// We do not write the header if we've timed out or written the header</span> <span class="k">if</span> <span class="n">tw</span><span class="o">.</span><span class="n">timedOut</span> <span class="o">||</span> <span class="n">tw</span><span class="o">.</span><span class="n">wroteHeader</span> <span class="p">{</span> <span class="k">return</span> <span class="p">}</span> <span class="n">tw</span><span class="o">.</span><span class="n">writeHeader</span><span class="p">(</span><span class="n">code</span><span class="p">)</span> <span class="p">}</span> <span class="c">// set that the header has been written</span> <span class="k">func</span> <span class="p">(</span><span class="n">tw</span> <span class="o">*</span><span class="n">timeoutWriter</span><span class="p">)</span> <span class="n">writeHeader</span><span class="p">(</span><span class="n">code</span> <span class="kt">int</span><span class="p">)</span> <span class="p">{</span> <span class="n">tw</span><span class="o">.</span><span class="n">wroteHeader</span> <span class="o">=</span> <span class="no">true</span> <span class="n">tw</span><span class="o">.</span><span class="n">code</span> <span class="o">=</span> <span class="n">code</span> <span class="p">}</span> <span class="c">// Header "relays" the header, h, set in struct</span> <span class="c">// In http.ResponseWriter interface</span> <span class="k">func</span> <span class="p">(</span><span class="n">tw</span> <span class="o">*</span><span class="n">timeoutWriter</span><span class="p">)</span> <span class="n">Header</span><span class="p">()</span> <span class="n">http</span><span class="o">.</span><span class="n">Header</span> <span class="p">{</span> <span class="k">return</span> <span class="n">tw</span><span class="o">.</span><span class="n">h</span> <span class="p">}</span> <span class="c">// SetTimeOut sets timedOut field to true</span> <span class="k">func</span> <span class="p">(</span><span class="n">tw</span> <span class="o">*</span><span class="n">timeoutWriter</span><span class="p">)</span> <span class="n">SetTimedOut</span><span class="p">()</span> <span class="p">{</span> <span class="n">tw</span><span class="o">.</span><span class="n">timedOut</span> <span class="o">=</span> <span class="no">true</span> <span class="p">}</span> <span class="k">func</span> <span class="n">checkWriteHeaderCode</span><span class="p">(</span><span class="n">code</span> <span class="kt">int</span><span class="p">)</span> <span class="p">{</span> <span class="k">if</span> <span class="n">code</span> <span class="o">&lt;</span> <span class="m">100</span> <span class="o">||</span> <span class="n">code</span> <span class="o">&gt;</span> <span class="m">999</span> <span class="p">{</span> <span class="nb">panic</span><span class="p">(</span><span class="n">fmt</span><span class="o">.</span><span class="n">Sprintf</span><span class="p">(</span><span class="s">"invalid WriteHeader code %v"</span><span class="p">,</span> <span class="n">code</span><span class="p">))</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>This writer implements an <code>http.ResponseWriter</code> with the required <code>Write</code>, <code>WriteHeader</code>, and <code>Header</code> methods. In the middleware, we replaced the writer on <code>*gin.Context</code> with the custom <code>timeoutWriter</code>. Therefore, when the Gin handlers write a response, they will end up calling <code>timeoutWriter.Write</code>, <code>timeoutWriter.WriterHeader</code> and <code>timeoutWriter.Header</code>. </p> <p>Let's take a look at what would happen if we use this middleware and send a response from the <code>Signin</code> handler.</p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code> <span class="n">c</span><span class="o">.</span><span class="n">JSON</span><span class="p">(</span><span class="n">http</span><span class="o">.</span><span class="n">StatusOK</span><span class="p">,</span> <span class="n">gin</span><span class="o">.</span><span class="n">H</span><span class="p">{</span> <span class="s">"hello"</span><span class="o">:</span> <span class="s">"it's signin"</span><span class="p">,</span> <span class="p">})</span> </code></pre> </div> <p>When Gin calls the <code>JSON</code> method it will set the response body by calling <code>timeoutWriter.Write</code> with the JSON body inside of the <code>gin.H</code> map. If we look at <code>timeoutWriter.Write</code>, you can see that it checks that we haven't already set the <code>timedOut</code> field. This is how we prevent overwriting our response body! If we haven't timed out, we write the body to our custom field, <code>wbuf</code>. This <code>wbuf</code> temporarily stores the valid response which gets "relayed" to the client in the <code>finished</code> channel branch of the switch case.</p> <p>The <code>c.JSON</code> method will also call <code>timeoutWriter.Header()</code> to get access to our writer's headers, <code>timeoutWriter.h</code>. Gin then sets headers such as <code>Content-Type</code> and <code>Content-Length</code>. </p> <p>Finally, <code>c.JSON</code> will also set the HTTP status via the <code>timeoutWriter.WriteHeader()</code> method. Our custom <code>WriteHeader()</code> method will check to see if the header has already been written or if we've already timed out via the fields <code>timedOut</code> and <code>wroteHeader</code>. If we've already timed out or written a header, we do nothing. Otherwise, we set <code>wroteHeader</code> and the HTTP status <code>code</code> to our struct.</p> <p>We also have a <code>mu sync.Mutex</code> in our custom writer. You can see that anytime we write to our <code>timeoutWriter</code>, we call <code>tw.mu.Lock()</code>. When we add a <code>sync.Mutex</code> to a struct, this allows us to lock struct to updates by concurrent routines which may want to access our <code>timeoutWriter</code> data (sorry if my terminology is off). Once all of the updates to our <code>timeoutWriter</code> data have been made, we <code>Unlock</code> access to the fields/data. </p> <h2> Apply Middleware </h2> <p>In <code>~/handler/handler.go</code> we'll <em>use</em> our middleware immediately after creating our route group.</p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code> <span class="c">// Create a group, or base url for all routes</span> <span class="n">g</span> <span class="o">:=</span> <span class="n">c</span><span class="o">.</span><span class="n">R</span><span class="o">.</span><span class="n">Group</span><span class="p">(</span><span class="n">c</span><span class="o">.</span><span class="n">BaseURL</span><span class="p">)</span> <span class="k">if</span> <span class="n">gin</span><span class="o">.</span><span class="n">Mode</span><span class="p">()</span> <span class="o">!=</span> <span class="n">gin</span><span class="o">.</span><span class="n">TestMode</span> <span class="p">{</span> <span class="n">g</span><span class="o">.</span><span class="n">Use</span><span class="p">(</span><span class="n">middleware</span><span class="o">.</span><span class="n">Timeout</span><span class="p">(</span><span class="n">c</span><span class="o">.</span><span class="n">TimeoutDuration</span><span class="p">,</span> <span class="n">apperrors</span><span class="o">.</span><span class="n">NewServiceUnavailable</span><span class="p">()))</span> <span class="p">}</span> </code></pre> </div> <p>You should now be able to run your app with <code>docker-compose up</code> and send a request to the "signin" endpoint as follows (with Curl or other client):</p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> ➜ curl <span class="nt">--location</span> <span class="nt">--request</span> POST <span class="s1">'http://malcorp.test/api/account/signin'</span> <span class="se">\</span> <span class="nt">--header</span> <span class="s1">'Authorization: Bearer {{idToken}}'</span> <span class="se">\</span> <span class="nt">--header</span> <span class="s1">'Content-Type: application/json'</span> <span class="se">\</span> <span class="nt">--data-raw</span> <span class="s1">'{}'</span> <span class="o">{</span><span class="s2">"error"</span>:<span class="o">{</span><span class="s2">"type"</span>:<span class="s2">"SERVICE_UNAVAILABLE"</span>,<span class="s2">"message"</span>:<span class="s2">"Service unavailable or timed out process"</span><span class="o">}}</span>% </code></pre> </div> <p>If you then set the timeout in <code>Signin</code> to something less than 5 seconds (our application's handler timeout duration), you should receive a status 200 response with JSON.</p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code> <span class="c">// Signin handler</span> <span class="k">func</span> <span class="p">(</span><span class="n">h</span> <span class="o">*</span><span class="n">Handler</span><span class="p">)</span> <span class="n">Signin</span><span class="p">(</span><span class="n">c</span> <span class="o">*</span><span class="n">gin</span><span class="o">.</span><span class="n">Context</span><span class="p">)</span> <span class="p">{</span> <span class="n">time</span><span class="o">.</span><span class="n">Sleep</span><span class="p">(</span><span class="m">1</span> <span class="o">*</span> <span class="n">time</span><span class="o">.</span><span class="n">Second</span><span class="p">)</span> <span class="c">// to demonstrate normal use</span> <span class="n">c</span><span class="o">.</span><span class="n">JSON</span><span class="p">(</span><span class="n">http</span><span class="o">.</span><span class="n">StatusOK</span><span class="p">,</span> <span class="n">gin</span><span class="o">.</span><span class="n">H</span><span class="p">{</span> <span class="s">"hello"</span><span class="o">:</span> <span class="s">"it's signin"</span><span class="p">,</span> <span class="p">})</span> <span class="p">}</span> </code></pre> </div> <p>Rerunning the same curl command we receive:</p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> <p><span class="o">{</span><span class="s2">"hello"</span>:<span class="s2">"it's signin"</span><span class="o">}</span>% </p> </code></pre> </div> <h2> <br> <br> <br> Conclusion<br> </h2> <p>That was actually a relatively complex middleware. If you're like me when I was learning from other's work, you may have to stare at it for a while until it makes sense. Yet I hope I've laid it out in a manner that saves you from a few minutes of confusion! Heck, I'm not sure I did everything right, so let me know if you think there are any blaring mistakes!</p> <p>Next time, we'll write and test the <code>Signin</code> handler. Following that, we'll add service and repository method implementations to complete the full signin functionality.</p> <p>¡Hasta pronto!</p> go gin middleware concurrency 12 - Store Refresh Tokens in Redis Jacob Goodwin Tue, 08 Dec 2020 00:54:51 +0000 https://dev.to/jacobsngoodwin/12-store-refresh-tokens-in-redis-1k5d https://dev.to/jacobsngoodwin/12-store-refresh-tokens-in-redis-1k5d <p>Howdy ho, neighbor!</p> <p>Last time we cleaned up our app by:</p> <ul> <li>making some structs package private </li> <li>using the proper request context, <code>*gin.Context.Request()</code>, to forward down the call chain</li> <li>reading in all environment variables in <code>package main</code> </li> <li>making sure to send the user a clear error message if they send a non-JSON body. </li> </ul> <p>As there were a lot of changes, you may want to check our the Github repository's branch called <a href="https://github.com/JacobSNGoodwin/memrizr/tree/lesson-11" rel="noopener noreferrer">lesson-11</a>, to make sure you have properly updated all of your code!</p> <p>We're in for another big one today, but hopefully the patterns we established while learning to signup users will become even clearer as we store tokens. </p> <p>You might also find the video useful!<br> <iframe width="710" height="399" src="https://www.youtube.com/embed/QcJNTZ0t53k"> </iframe> </p> <h2> Why We'll Store Refresh Tokens </h2> <p>We recently implemented signing up a user (see <a href="https://dev.to/jacobsngoodwin/series/9052">parts 8-10</a> of this series). However, we omitted an important detail in our application - storing refresh tokens. You can see these details below in the calls from <code>NewPairFromUser</code> to the token repository. In the diagram, I've grayed out and checked off the completed portions required to sign up a user.</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fqfe2qwjzr409ly16i0jx.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fqfe2qwjzr409ly16i0jx.png" alt="Token Storage Architecture"></a></p> <p>Why store these tokens at all? Because this gives us the ability to invalidate user's long-lived tokens. </p> <p>Recall that we set the duration to expiration to 3 days for refresh tokens and 15 minutes for ID tokens. This allows a user with an expired <code>idToken</code> to reach out to this account application with their refreshToken to get a new idToken. The <code>idToken</code> will allow the user to access various applications in our domain. </p> <p>At the end of the day, we do this to make accessing our applications more pleasant, since it would be a pain in the arse to need to login every 15 minutes. </p> <p>However, there is a danger in creating a token that lives for 3 days. If the token is stolen, or if a user wants to sign out of all of their devices, they could still access the application for up to 3 days!</p> <p>For this reason, we're going to create a Redis database that stores valid refresh tokens for users. We use Redis because it's in-memory database (fast), has an easy API for storing key-value pairs, and allows us to easily remove the tokens from the cache after 3 days. A diagram of our storage approach is shown below.</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fidj06h6ljecva4m4kp8k.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fidj06h6ljecva4m4kp8k.png" alt="How We Use Token Storage"></a></p> <p>We call this store a white list of refresh tokens. When a user receives an idToken/refreshToken pair, the refresh token will always be stored in Redis. Later on, we'll add a token refresh route and logic to our application. In this case, the user already has a refresh token, which is required to get a new idToken. Nevertheless, we'll expire their old refreshToken in Redis and provide them a fresh one. This is of a type of "revolving" refresh token technique.</p> <p>I'll admit there are probably more infrastructure-friendly ways to do this, but I think we'll still learn a lot implementing the white list approach, and you can adjust the approach to your needs. </p> <p><em>I see that many people create a "black list" of invalidated tokens, instead of a "white list" of valid tokens. In the blacklist approach, if a user wants to reset their password, or log out of all devices, then all of their current refresh tokens would need to be moved to Redis from the main database.</em> </p> <p><em>But wait, isn't this the same as a white list? No, because these tokens might originally be stored in the main database, and only sent to the in-memory cache when tokens must be invalidated. This may be a better architectural decision in your case. You'll likely save money using this latter approach, as you would be storing fewer tokens inside of Redis (in-memory is pricier, to the best of my knowledge). You will probably add some complexity, though, by needing to push all of the user's tokens from your main DB to Redis, though that shouldn't be too difficult.</em></p> <h2> Topics We'll Cover Today </h2> <p>We'll need to perform the following steps to update our application for token storage. </p> <ol> <li>Create a Redis Container in <code>docker-compose.yml</code>.</li> <li>Instantiate a connection in <code>package main</code>. Recall that we have a <code>data_sources.go</code> file for initializing our data. </li> <li>Add a <code>TokenRepository</code> interface to our <code>~/model/interfaces.go</code> and specify the method signatures for <code>SetRefreshToken</code> and <code>DeleteRefreshToken</code>.</li> <li>Update our <code>TokenService</code> struct and <code>NewPairFromUser</code> method so that we can store the user's current refresh token, and delete their previous refresh token (will be used in a refresh token endpoint will implement down the road). </li> <li>Add a <code>TokenRepository</code> mock and update the unit test for <code>NewPairFromUser</code>.</li> <li>Create a <code>RedisTokenRepository</code> and implement <code>SetRefreshToken</code> and <code>DeleteRefreshToken</code>.</li> <li>Make sure to inject our <code>RedisTokenRepository</code> into <code>TokenService</code> and run the application.</li> </ol> <h2> Add Redis to docker-compose.yaml </h2> <p>Add the following service at the same indentation level as other services (e.g., <code>postgres-account</code>) in <code>docker-compose.yml</code>, located at the project root. </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code> <span class="na">redis-account</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s2">"</span><span class="s">redis:alpine"</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">6379:6379"</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">redisdata:/data"</span> </code></pre> </div> <p>We'll also need to make sure to add <code>redis-account</code> to the <code>depends_on</code> list of <code>account</code></p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code> <span class="na">account</span><span class="pi">:</span> <span class="c1"># ... content omitted here ...</span> <span class="na">depends_on</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">postgres-account</span> <span class="pi">-</span> <span class="s">redis-account</span> </code></pre> </div> <p>Also include the volume <code>redisdata</code> under the <code>volumes</code> key at the bottom of the file.</p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code> <span class="na">volumes</span><span class="pi">:</span> <span class="na">pgdata_account</span><span class="pi">:</span> <span class="na">redisdata</span><span class="pi">:</span> </code></pre> </div> <p>That's all we need to create our Redis container!</p> <h2> Establish Redis Connection </h2> <p>We'll establish the application's connection to Redis inside of <code>~/data_sources.go</code> of <code>package main</code>. We'll be using the Redis client package <code>github.com/go-redis/redis/v8</code>. Make sure to add this package to <code>go.mod</code> by running <code>go get github.com/go-redis/redis/v8</code> from inside of the <code>account</code> folder.</p> <p>Then, update the <code>dataSources</code> struct as follows:</p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code> <span class="k">type</span> <span class="n">dataSources</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">DB</span> <span class="o">*</span><span class="n">sqlx</span><span class="o">.</span><span class="n">DB</span> <span class="n">RedisClient</span> <span class="o">*</span><span class="n">redis</span><span class="o">.</span><span class="n">Client</span> <span class="p">}</span> </code></pre> </div> <p>Then, inside of <code>initDs()</code>, establish a the connection as follows, and make sure to return this connection in <code>dataSources</code>.</p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code> <span class="c">// Initialize redis connection</span> <span class="n">redisHost</span> <span class="o">:=</span> <span class="n">os</span><span class="o">.</span><span class="n">Getenv</span><span class="p">(</span><span class="s">"REDIS_HOST"</span><span class="p">)</span> <span class="n">redisPort</span> <span class="o">:=</span> <span class="n">os</span><span class="o">.</span><span class="n">Getenv</span><span class="p">(</span><span class="s">"REDIS_PORT"</span><span class="p">)</span> <span class="n">log</span><span class="o">.</span><span class="n">Printf</span><span class="p">(</span><span class="s">"Connecting to Redis</span><span class="se">\n</span><span class="s">"</span><span class="p">)</span> <span class="n">rdb</span> <span class="o">:=</span> <span class="n">redis</span><span class="o">.</span><span class="n">NewClient</span><span class="p">(</span><span class="o">&amp;</span><span class="n">redis</span><span class="o">.</span><span class="n">Options</span><span class="p">{</span> <span class="n">Addr</span><span class="o">:</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Sprintf</span><span class="p">(</span><span class="s">"%s:%s"</span><span class="p">,</span> <span class="n">redisHost</span><span class="p">,</span> <span class="n">redisPort</span><span class="p">),</span> <span class="n">Password</span><span class="o">:</span> <span class="s">""</span><span class="p">,</span> <span class="n">DB</span><span class="o">:</span> <span class="m">0</span><span class="p">,</span> <span class="p">})</span> <span class="c">// verify redis connection</span> <span class="n">_</span><span class="p">,</span> <span class="n">err</span> <span class="o">=</span> <span class="n">rdb</span><span class="o">.</span><span class="n">Ping</span><span class="p">(</span><span class="n">context</span><span class="o">.</span><span class="n">Background</span><span class="p">())</span><span class="o">.</span><span class="n">Result</span><span class="p">()</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Errorf</span><span class="p">(</span><span class="s">"error connecting to redis: %w"</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span> <span class="p">}</span> <span class="k">return</span> <span class="o">&amp;</span><span class="n">dataSources</span><span class="p">{</span> <span class="n">DB</span><span class="o">:</span> <span class="n">db</span><span class="p">,</span> <span class="n">RedisClient</span><span class="o">:</span> <span class="n">rdb</span><span class="p">,</span> <span class="p">},</span> <span class="no">nil</span> </code></pre> </div> <p>Notice that we're making use of the <code>REDIS_HOST</code> and <code>REDIS_PORT</code> environment variables. Therefore, we need to add the host (inside of Docker networking, this will be the name of the service) and the default Redis port to our <code>~/account/env.dev</code> file.</p> <div class="highlight js-code-highlight"> <pre class="highlight toml"><code> <span class="py">REDIS_HOST</span><span class="p">=</span><span class="err">redis-account</span> <span class="py">REDIS_PORT</span><span class="p">=</span><span class="mi">6379</span> </code></pre> </div> <p>Finally, we want to make sure we close the connection in our <code>close</code> method at the bottom of the file.</p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code> <span class="c">// close to be used in graceful server shutdown</span> <span class="k">func</span> <span class="p">(</span><span class="n">d</span> <span class="o">*</span><span class="n">dataSources</span><span class="p">)</span> <span class="nb">close</span><span class="p">()</span> <span class="kt">error</span> <span class="p">{</span> <span class="c">// ...code omitted</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">d</span><span class="o">.</span><span class="n">RedisClient</span><span class="o">.</span><span class="n">Close</span><span class="p">();</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Errorf</span><span class="p">(</span><span class="s">"error closing Redis Client: %w"</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span> <span class="p">}</span> <span class="k">return</span> <span class="no">nil</span> <span class="p">}</span> </code></pre> </div> <p>You should now be able spin up the application by running <code>docker-compose up</code> inside of the project root folder! Hopefully you'll see a log showing your Redis container is up and running and that the application has established a connection!</p> <h2> Create Token Repository Interface </h2> <p>We have yet to define expectations for a token repository. We can do so inside <code>~/model/interfaces.go</code> of the model layer. We'll also add the first two methods for this repository. We'll soon see how these methods are used. </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code> <span class="c">// TokenRepository defines methods it expects a repository</span> <span class="c">// it interacts with to implement</span> <span class="k">type</span> <span class="n">TokenRepository</span> <span class="k">interface</span> <span class="p">{</span> <span class="n">SetRefreshToken</span><span class="p">(</span><span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">,</span> <span class="n">userID</span> <span class="kt">string</span><span class="p">,</span> <span class="n">tokenID</span> <span class="kt">string</span><span class="p">,</span> <span class="n">expiresIn</span> <span class="n">time</span><span class="o">.</span><span class="n">Duration</span><span class="p">)</span> <span class="kt">error</span> <span class="n">DeleteRefreshToken</span><span class="p">(</span><span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">,</span> <span class="n">userID</span> <span class="kt">string</span><span class="p">,</span> <span class="n">prevTokenID</span> <span class="kt">string</span><span class="p">)</span> <span class="kt">error</span> <span class="p">}</span> </code></pre> </div> <h2> Access TokenRepository from tokenService </h2> <p>We will access a <code>TokenRepository</code> interface from inside of our <code>tokenService</code> implementation. Currently this service has a single method, <code>NewPairFromUser</code>, which will access the repository methods we just created. </p> <p>Let's make sure to add <code>model.TokenRepository</code> as a dependency to <code>tokenService</code> in <code>~/service/token_service.go</code> as follows:</p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code> <span class="c">// tokenService used for injecting an implementation of TokenRepository</span> <span class="c">// for use in service methods along with keys and secrets for</span> <span class="c">// signing JWTs</span> <span class="k">type</span> <span class="n">tokenService</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">TokenRepository</span> <span class="n">model</span><span class="o">.</span><span class="n">TokenRepository</span> <span class="n">PrivKey</span> <span class="o">*</span><span class="n">rsa</span><span class="o">.</span><span class="n">PrivateKey</span> <span class="n">PubKey</span> <span class="o">*</span><span class="n">rsa</span><span class="o">.</span><span class="n">PublicKey</span> <span class="n">RefreshSecret</span> <span class="kt">string</span> <span class="n">IDExpirationSecs</span> <span class="kt">int64</span> <span class="n">RefreshExpirationSecs</span> <span class="kt">int64</span> <span class="p">}</span> <span class="c">// TSConfig will hold repositories that will eventually be injected into this</span> <span class="c">// this service layer</span> <span class="k">type</span> <span class="n">TSConfig</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">TokenRepository</span> <span class="n">model</span><span class="o">.</span><span class="n">TokenRepository</span> <span class="n">PrivKey</span> <span class="o">*</span><span class="n">rsa</span><span class="o">.</span><span class="n">PrivateKey</span> <span class="n">PubKey</span> <span class="o">*</span><span class="n">rsa</span><span class="o">.</span><span class="n">PublicKey</span> <span class="n">RefreshSecret</span> <span class="kt">string</span> <span class="n">IDExpirationSecs</span> <span class="kt">int64</span> <span class="n">RefreshExpirationSecs</span> <span class="kt">int64</span> <span class="p">}</span> <span class="c">// NewTokenService is a factory function for</span> <span class="c">// initializing a UserService with its repository layer dependencies</span> <span class="k">func</span> <span class="n">NewTokenService</span><span class="p">(</span><span class="n">c</span> <span class="o">*</span><span class="n">TSConfig</span><span class="p">)</span> <span class="n">model</span><span class="o">.</span><span class="n">TokenService</span> <span class="p">{</span> <span class="k">return</span> <span class="o">&amp;</span><span class="n">tokenService</span><span class="p">{</span> <span class="n">TokenRepository</span><span class="o">:</span> <span class="n">c</span><span class="o">.</span><span class="n">TokenRepository</span><span class="p">,</span> <span class="n">PrivKey</span><span class="o">:</span> <span class="n">c</span><span class="o">.</span><span class="n">PrivKey</span><span class="p">,</span> <span class="n">PubKey</span><span class="o">:</span> <span class="n">c</span><span class="o">.</span><span class="n">PubKey</span><span class="p">,</span> <span class="n">RefreshSecret</span><span class="o">:</span> <span class="n">c</span><span class="o">.</span><span class="n">RefreshSecret</span><span class="p">,</span> <span class="n">IDExpirationSecs</span><span class="o">:</span> <span class="n">c</span><span class="o">.</span><span class="n">IDExpirationSecs</span><span class="p">,</span> <span class="n">RefreshExpirationSecs</span><span class="o">:</span> <span class="n">c</span><span class="o">.</span><span class="n">RefreshExpirationSecs</span><span class="p">,</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>We'll now add the logic for storing and deleting the tokens in <code>NewPairFromUser</code>. We do this after the tokens have been generated. Check out <a href="https://dev.to/jacobsngoodwin/09-token-creation-gjh">part 9</a> if you want to learn more about generating tokens.</p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code> <span class="c">// set freshly minted refresh token to valid list</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">s</span><span class="o">.</span><span class="n">TokenRepository</span><span class="o">.</span><span class="n">SetRefreshToken</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="n">u</span><span class="o">.</span><span class="n">UID</span><span class="o">.</span><span class="n">String</span><span class="p">(),</span> <span class="n">refreshToken</span><span class="o">.</span><span class="n">ID</span><span class="p">,</span> <span class="n">refreshToken</span><span class="o">.</span><span class="n">ExpiresIn</span><span class="p">);</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">log</span><span class="o">.</span><span class="n">Printf</span><span class="p">(</span><span class="s">"Error storing tokenID for uid: %v. Error: %v</span><span class="se">\n</span><span class="s">"</span><span class="p">,</span> <span class="n">u</span><span class="o">.</span><span class="n">UID</span><span class="p">,</span> <span class="n">err</span><span class="o">.</span><span class="n">Error</span><span class="p">())</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">apperrors</span><span class="o">.</span><span class="n">NewInternal</span><span class="p">()</span> <span class="p">}</span> <span class="c">// delete user's current refresh token (used when refreshing idToken)</span> <span class="k">if</span> <span class="n">prevTokenID</span> <span class="o">!=</span> <span class="s">""</span> <span class="p">{</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">s</span><span class="o">.</span><span class="n">TokenRepository</span><span class="o">.</span><span class="n">DeleteRefreshToken</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="n">u</span><span class="o">.</span><span class="n">UID</span><span class="o">.</span><span class="n">String</span><span class="p">(),</span> <span class="n">prevTokenID</span><span class="p">);</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">log</span><span class="o">.</span><span class="n">Printf</span><span class="p">(</span><span class="s">"Could not delete previous refreshToken for uid: %v, tokenID: %v</span><span class="se">\n</span><span class="s">"</span><span class="p">,</span> <span class="n">u</span><span class="o">.</span><span class="n">UID</span><span class="o">.</span><span class="n">String</span><span class="p">(),</span> <span class="n">prevTokenID</span><span class="p">)</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>First, we store the token, which is derived from a userID (as a string), <code>refreshToken.ID</code> and <code>refreshToken.expiresIn</code>. The user is passed to the function from the handler layer, and the <code>refreshToken</code> is generated in a utility function called <code>generateRefreshToken</code>. We return an internal server error should any error occur. </p> <p>Next, we delete the user's current refresh token if one exists. This functionality is not used when signing up a user. In <code>~/handler/signup.go</code>, we call <code>NewPairFromUser</code> with an empty string for the final parameter, which is <code>prevTokenID</code>. Note that if there is an error deleting an old refresh token, we <em>do not</em> return an error, but merely log this for internal use.</p> <p>Here is the call in <code>~/handler/signup.go</code>.</p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code> <span class="c">// create token pair as strings</span> <span class="n">tokens</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">h</span><span class="o">.</span><span class="n">TokenService</span><span class="o">.</span><span class="n">NewPairFromUser</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="n">u</span><span class="p">,</span> <span class="s">""</span><span class="p">)</span> </code></pre> </div> <p>Even though we're not yet deleting refresh tokens, I wanted to add this logic now so that we can complete our <code>NewPairFromUser</code> method. We'll call this method again when we add token refreshing. </p> <h2> Testing Newly Added Functionality </h2> <p>We will now update our <code>~/service/token_service_test.go</code> to account for the updated logic to <code>NewPairFromUser</code>. As always, we need to mock the behavior or our <code>TokenRepository</code> so that this service doesn't depend on any concrete repository implementation. Let's add a mock, leveraging the <a href="https://github.com/stretchr/testify" rel="noopener noreferrer">testify package</a> as always!</p> <h3> Add Mock Token Repository </h3> <p>Create a <code>~/model/mocks/token_repository.go</code> file with the following content for mocking a <code>TokenRepository</code>. These mocks will be fairly straightforward as both methods only return errors. As always, please check out the <a href="https://github.com/stretchr/testify" rel="noopener noreferrer">testify documentation</a> or previous videos to better understand these mocks!</p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code> <span class="k">package</span> <span class="n">mocks</span> <span class="c">// ... imports omitted</span> <span class="c">// MockTokenRepository is a mock type for model.TokenRepository</span> <span class="k">type</span> <span class="n">MockTokenRepository</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">mock</span><span class="o">.</span><span class="n">Mock</span> <span class="p">}</span> <span class="c">// SetRefreshToken is a mock of model.TokenRepository SetRefreshToken</span> <span class="k">func</span> <span class="p">(</span><span class="n">m</span> <span class="o">*</span><span class="n">MockTokenRepository</span><span class="p">)</span> <span class="n">SetRefreshToken</span><span class="p">(</span><span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">,</span> <span class="n">userID</span> <span class="kt">string</span><span class="p">,</span> <span class="n">tokenID</span> <span class="kt">string</span><span class="p">,</span> <span class="n">expiresIn</span> <span class="n">time</span><span class="o">.</span><span class="n">Duration</span><span class="p">)</span> <span class="kt">error</span> <span class="p">{</span> <span class="n">ret</span> <span class="o">:=</span> <span class="n">m</span><span class="o">.</span><span class="n">Called</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="n">userID</span><span class="p">,</span> <span class="n">tokenID</span><span class="p">,</span> <span class="n">expiresIn</span><span class="p">)</span> <span class="k">var</span> <span class="n">r0</span> <span class="kt">error</span> <span class="k">if</span> <span class="n">ret</span><span class="o">.</span><span class="n">Get</span><span class="p">(</span><span class="m">0</span><span class="p">)</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">r0</span> <span class="o">=</span> <span class="n">ret</span><span class="o">.</span><span class="n">Get</span><span class="p">(</span><span class="m">0</span><span class="p">)</span><span class="o">.</span><span class="p">(</span><span class="kt">error</span><span class="p">)</span> <span class="p">}</span> <span class="k">return</span> <span class="n">r0</span> <span class="p">}</span> <span class="c">// DeleteRefreshToken is a mock of model.TokenRepository DeleteRefreshToken</span> <span class="k">func</span> <span class="p">(</span><span class="n">m</span> <span class="o">*</span><span class="n">MockTokenRepository</span><span class="p">)</span> <span class="n">DeleteRefreshToken</span><span class="p">(</span><span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">,</span> <span class="n">userID</span> <span class="kt">string</span><span class="p">,</span> <span class="n">prevTokenID</span> <span class="kt">string</span><span class="p">)</span> <span class="kt">error</span> <span class="p">{</span> <span class="n">ret</span> <span class="o">:=</span> <span class="n">m</span><span class="o">.</span><span class="n">Called</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="n">userID</span><span class="p">,</span> <span class="n">prevTokenID</span><span class="p">)</span> <span class="k">var</span> <span class="n">r0</span> <span class="kt">error</span> <span class="k">if</span> <span class="n">ret</span><span class="o">.</span><span class="n">Get</span><span class="p">(</span><span class="m">0</span><span class="p">)</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">r0</span> <span class="o">=</span> <span class="n">ret</span><span class="o">.</span><span class="n">Get</span><span class="p">(</span><span class="m">0</span><span class="p">)</span><span class="o">.</span><span class="p">(</span><span class="kt">error</span><span class="p">)</span> <span class="p">}</span> <span class="k">return</span> <span class="n">r0</span> <span class="p">}</span> </code></pre> </div> <h3> Update Unit Test </h3> <p>Let's make the following updates to <code>~/service/token_service_test.go</code>:</p> <ol> <li>assert that <code>TokenRepository.SetRefreshToken</code> gets called inside of the current test ("Returns a token pair with proper values"). Also make sure that <code>TokenRepository.DeleteRefreshToken</code> is called if we pass <code>prevTokenID</code> to <code>NewPairFromUser</code> </li> <li>assert <code>TokenService.NewPairFromUser</code> returns an error if there is an error setting the refresh token. </li> <li>assert that <code>DeleteRefreshToken</code> is not called if we supply an empty string, "", as the <code>prevTokenID</code>. </li> </ol> <p>I want to setup the mock before the <code>t.Run</code> blocks. Previously, we set up the mocks inside of each <code>t.Run</code> block.</p> <p>To do this, import and instantiate a <code>MockTokenRepository</code>, making sure to supply it to the <code>NewTokenService</code> factory.</p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code> <span class="n">mockTokenRepository</span> <span class="o">:=</span> <span class="nb">new</span><span class="p">(</span><span class="n">mocks</span><span class="o">.</span><span class="n">MockTokenRepository</span><span class="p">)</span> <span class="c">// instantiate a common token service to be used by all tests</span> <span class="n">tokenService</span> <span class="o">:=</span> <span class="n">NewTokenService</span><span class="p">(</span><span class="o">&amp;</span><span class="n">TSConfig</span><span class="p">{</span> <span class="n">TokenRepository</span><span class="o">:</span> <span class="n">mockTokenRepository</span><span class="p">,</span> <span class="n">PrivKey</span><span class="o">:</span> <span class="n">privKey</span><span class="p">,</span> <span class="n">PubKey</span><span class="o">:</span> <span class="n">pubKey</span><span class="p">,</span> <span class="n">RefreshSecret</span><span class="o">:</span> <span class="n">secret</span><span class="p">,</span> <span class="n">IDExpirationSecs</span><span class="o">:</span> <span class="n">idExp</span><span class="p">,</span> <span class="n">RefreshExpirationSecs</span><span class="o">:</span> <span class="n">refreshExp</span><span class="p">,</span> <span class="p">})</span> </code></pre> </div> <p>And just before the <code>t.Run</code>, we add the following:</p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code> <span class="c">// code after instantiating a tokenService</span> <span class="c">// include password to make sure it is not serialized</span> <span class="c">// since json tag is "-"</span> <span class="n">uid</span><span class="p">,</span> <span class="n">_</span> <span class="o">:=</span> <span class="n">uuid</span><span class="o">.</span><span class="n">NewRandom</span><span class="p">()</span> <span class="n">u</span> <span class="o">:=</span> <span class="o">&amp;</span><span class="n">model</span><span class="o">.</span><span class="n">User</span><span class="p">{</span> <span class="n">UID</span><span class="o">:</span> <span class="n">uid</span><span class="p">,</span> <span class="n">Email</span><span class="o">:</span> <span class="s">"bob@bob.com"</span><span class="p">,</span> <span class="n">Password</span><span class="o">:</span> <span class="s">"blarghedymcblarghface"</span><span class="p">,</span> <span class="p">}</span> <span class="c">// Setup mock call responses in setup before t.Run statements</span> <span class="n">uidErrorCase</span><span class="p">,</span> <span class="n">_</span> <span class="o">:=</span> <span class="n">uuid</span><span class="o">.</span><span class="n">NewRandom</span><span class="p">()</span> <span class="n">uErrorCase</span> <span class="o">:=</span> <span class="o">&amp;</span><span class="n">model</span><span class="o">.</span><span class="n">User</span><span class="p">{</span> <span class="n">UID</span><span class="o">:</span> <span class="n">uidErrorCase</span><span class="p">,</span> <span class="n">Email</span><span class="o">:</span> <span class="s">"failure@failure.com"</span><span class="p">,</span> <span class="n">Password</span><span class="o">:</span> <span class="s">"blarghedymcblarghface"</span><span class="p">,</span> <span class="p">}</span> <span class="n">prevID</span> <span class="o">:=</span> <span class="s">"a_previous_tokenID"</span> <span class="n">setSuccessArguments</span> <span class="o">:=</span> <span class="n">mock</span><span class="o">.</span><span class="n">Arguments</span><span class="p">{</span> <span class="n">mock</span><span class="o">.</span><span class="n">AnythingOfType</span><span class="p">(</span><span class="s">"*context.emptyCtx"</span><span class="p">),</span> <span class="n">u</span><span class="o">.</span><span class="n">UID</span><span class="o">.</span><span class="n">String</span><span class="p">(),</span> <span class="n">mock</span><span class="o">.</span><span class="n">AnythingOfType</span><span class="p">(</span><span class="s">"string"</span><span class="p">),</span> <span class="n">mock</span><span class="o">.</span><span class="n">AnythingOfType</span><span class="p">(</span><span class="s">"time.Duration"</span><span class="p">),</span> <span class="p">}</span> <span class="n">setErrorArguments</span> <span class="o">:=</span> <span class="n">mock</span><span class="o">.</span><span class="n">Arguments</span><span class="p">{</span> <span class="n">mock</span><span class="o">.</span><span class="n">AnythingOfType</span><span class="p">(</span><span class="s">"*context.emptyCtx"</span><span class="p">),</span> <span class="n">uErrorCase</span><span class="o">.</span><span class="n">UID</span><span class="o">.</span><span class="n">String</span><span class="p">(),</span> <span class="n">mock</span><span class="o">.</span><span class="n">AnythingOfType</span><span class="p">(</span><span class="s">"string"</span><span class="p">),</span> <span class="n">mock</span><span class="o">.</span><span class="n">AnythingOfType</span><span class="p">(</span><span class="s">"time.Duration"</span><span class="p">),</span> <span class="p">}</span> <span class="n">deleteWithPrevIDArguments</span> <span class="o">:=</span> <span class="n">mock</span><span class="o">.</span><span class="n">Arguments</span><span class="p">{</span> <span class="n">mock</span><span class="o">.</span><span class="n">AnythingOfType</span><span class="p">(</span><span class="s">"*context.emptyCtx"</span><span class="p">),</span> <span class="n">u</span><span class="o">.</span><span class="n">UID</span><span class="o">.</span><span class="n">String</span><span class="p">(),</span> <span class="n">prevID</span><span class="p">,</span> <span class="p">}</span> <span class="c">// mock call argument/responses</span> <span class="n">mockTokenRepository</span><span class="o">.</span><span class="n">On</span><span class="p">(</span><span class="s">"SetRefreshToken"</span><span class="p">,</span> <span class="n">setSuccessArguments</span><span class="o">...</span><span class="p">)</span><span class="o">.</span><span class="n">Return</span><span class="p">(</span><span class="no">nil</span><span class="p">)</span> <span class="n">mockTokenRepository</span><span class="o">.</span><span class="n">On</span><span class="p">(</span><span class="s">"SetRefreshToken"</span><span class="p">,</span> <span class="n">setErrorArguments</span><span class="o">...</span><span class="p">)</span><span class="o">.</span><span class="n">Return</span><span class="p">(</span><span class="n">fmt</span><span class="o">.</span><span class="n">Errorf</span><span class="p">(</span><span class="s">"Error setting refresh token"</span><span class="p">))</span> <span class="n">mockTokenRepository</span><span class="o">.</span><span class="n">On</span><span class="p">(</span><span class="s">"DeleteRefreshToken"</span><span class="p">,</span> <span class="n">deleteWithPrevIDArguments</span><span class="o">...</span><span class="p">)</span><span class="o">.</span><span class="n">Return</span><span class="p">(</span><span class="no">nil</span><span class="p">)</span> </code></pre> </div> <p>Since we'll be setting up our mock responses before the t.Run blocks, I want to be explicit about the arguments that we pass to various method calls. That is why you see arguments stored in <code>mock.Arguments</code> structs. This will then make it easier to check that the methods were called with those specific arguments without having to rewrite all of the arguments in test-case assertions. </p> <p>Let's now update our existing test to make sure that <code>SetRefreshToken</code> and <code>DeleteRefreshToken</code> are called with correct parameters. In order to test the call of <code>DeleteRefreshToken</code>, I make sure to pass <code>prevID</code> (defined in the test setup) to <code>NewPairFromUser</code>.</p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code> <span class="n">ctx</span> <span class="o">:=</span> <span class="n">context</span><span class="o">.</span><span class="n">Background</span><span class="p">()</span> <span class="c">// updated from context.TODO()</span> <span class="n">tokenPair</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">tokenService</span><span class="o">.</span><span class="n">NewPairFromUser</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="n">u</span><span class="p">,</span> <span class="n">prevID</span><span class="p">)</span> <span class="c">// replaced "" with prevID from setup</span> <span class="n">assert</span><span class="o">.</span><span class="n">NoError</span><span class="p">(</span><span class="n">t</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span> <span class="c">// SetRefreshToken should be called with setSuccessArguments</span> <span class="n">mockTokenRepository</span><span class="o">.</span><span class="n">AssertCalled</span><span class="p">(</span><span class="n">t</span><span class="p">,</span> <span class="s">"SetRefreshToken"</span><span class="p">,</span> <span class="n">setSuccessArguments</span><span class="o">...</span><span class="p">)</span> <span class="c">// DeleteRefreshToken should not be called since prevID is ""</span> <span class="n">mockTokenRepository</span><span class="o">.</span><span class="n">AssertCalled</span><span class="p">(</span><span class="n">t</span><span class="p">,</span> <span class="s">"DeleteRefreshToken"</span><span class="p">,</span> <span class="n">deleteWithPrevIDArguments</span><span class="o">...</span><span class="p">)</span> <span class="c">// rest of test is unchanged</span> </code></pre> </div> <p>Take note that I updated <code>context.TODO</code> to <code>context.Background</code> to conform to our mock argument expectations (<code>context.emptyCtx</code> is the type of <code>context.Background</code>, and this is what we've been using in other tests).</p> <p>Next, we'll add a test for when <code>SetRefreshToken</code> returns an error. In this test, we make sure an error is returned of the correct type, and that <code>DeleteRefreshToken</code> is not called, since and error will be returned from <code>NewPairFromUser</code> before <code>DeleteRefreshToken</code> can be called.</p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code> <span class="n">t</span><span class="o">.</span><span class="n">Run</span><span class="p">(</span><span class="s">"Error setting refresh token"</span><span class="p">,</span> <span class="k">func</span><span class="p">(</span><span class="n">t</span> <span class="o">*</span><span class="n">testing</span><span class="o">.</span><span class="n">T</span><span class="p">)</span> <span class="p">{</span> <span class="n">ctx</span> <span class="o">:=</span> <span class="n">context</span><span class="o">.</span><span class="n">Background</span><span class="p">()</span> <span class="n">_</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">tokenService</span><span class="o">.</span><span class="n">NewPairFromUser</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="n">uErrorCase</span><span class="p">,</span> <span class="s">""</span><span class="p">)</span> <span class="n">assert</span><span class="o">.</span><span class="n">Error</span><span class="p">(</span><span class="n">t</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span> <span class="c">// should return an error</span> <span class="c">// SetRefreshToken should be called with setErrorArguments</span> <span class="n">mockTokenRepository</span><span class="o">.</span><span class="n">AssertCalled</span><span class="p">(</span><span class="n">t</span><span class="p">,</span> <span class="s">"SetRefreshToken"</span><span class="p">,</span> <span class="n">setErrorArguments</span><span class="o">...</span><span class="p">)</span> <span class="c">// DeleteRefreshToken should not be since SetRefreshToken causes method to return</span> <span class="n">mockTokenRepository</span><span class="o">.</span><span class="n">AssertNotCalled</span><span class="p">(</span><span class="n">t</span><span class="p">,</span> <span class="s">"DeleteRefreshToken"</span><span class="p">)</span> <span class="p">})</span> </code></pre> </div> <p>Finally, let's add a test for the case when no <code>prevTokenID</code> is provided. We'll only test to make sure <code>DeleteRefreshToken</code> is not called. We've already tested for the response body in the first test.</p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code> <span class="n">t</span><span class="o">.</span><span class="n">Run</span><span class="p">(</span><span class="s">"Empty string provided for prevID"</span><span class="p">,</span> <span class="k">func</span><span class="p">(</span><span class="n">t</span> <span class="o">*</span><span class="n">testing</span><span class="o">.</span><span class="n">T</span><span class="p">)</span> <span class="p">{</span> <span class="n">ctx</span> <span class="o">:=</span> <span class="n">context</span><span class="o">.</span><span class="n">Background</span><span class="p">()</span> <span class="n">_</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">tokenService</span><span class="o">.</span><span class="n">NewPairFromUser</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="n">u</span><span class="p">,</span> <span class="s">""</span><span class="p">)</span> <span class="n">assert</span><span class="o">.</span><span class="n">NoError</span><span class="p">(</span><span class="n">t</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span> <span class="c">// SetRefreshToken should be called with setSuccessArguments</span> <span class="n">mockTokenRepository</span><span class="o">.</span><span class="n">AssertCalled</span><span class="p">(</span><span class="n">t</span><span class="p">,</span> <span class="s">"SetRefreshToken"</span><span class="p">,</span> <span class="n">setSuccessArguments</span><span class="o">...</span><span class="p">)</span> <span class="c">// DeleteRefreshToken should not be called since prevID is ""</span> <span class="n">mockTokenRepository</span><span class="o">.</span><span class="n">AssertNotCalled</span><span class="p">(</span><span class="n">t</span><span class="p">,</span> <span class="s">"DeleteRefreshToken"</span><span class="p">)</span> <span class="p">})</span> </code></pre> </div> <p>You should now retest this method by running the following from the <code>account</code> directory:</p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> go <span class="nb">test</span> <span class="nt">-v</span> ./service <span class="nt">-run</span> NewPairFromUser </code></pre> </div> <h2> RedisTokenRepository Implementation </h2> <p>We start by creating a <code>~/account/repository/redis_token_repository.go</code> file.</p> <p>As with other repositories and services, we start by defining a dependency struct and a factory function to initialize this struct. </p> <p>Make sure that you import <code>redis/v8</code> as auto-import may not import the correct version.</p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code> <span class="k">package</span> <span class="n">repository</span> <span class="c">//... imports omitted</span> <span class="c">// redisTokenRepository is data/repository implementation</span> <span class="c">// of service layer TokenRepository</span> <span class="k">type</span> <span class="n">redisTokenRepository</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">Redis</span> <span class="o">*</span><span class="n">redis</span><span class="o">.</span><span class="n">Client</span> <span class="p">}</span> <span class="c">// NewTokenRepository is a factory for initializing User Repositories</span> <span class="k">func</span> <span class="n">NewTokenRepository</span><span class="p">(</span><span class="n">redisClient</span> <span class="o">*</span><span class="n">redis</span><span class="o">.</span><span class="n">Client</span><span class="p">)</span> <span class="n">model</span><span class="o">.</span><span class="n">TokenRepository</span> <span class="p">{</span> <span class="k">return</span> <span class="o">&amp;</span><span class="n">redisTokenRepository</span><span class="p">{</span> <span class="n">Redis</span><span class="o">:</span> <span class="n">redisClient</span><span class="p">,</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>Next, we'll implement our current two methods on the <code>model.TokenRepository</code>.</p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code> <span class="c">// SetRefreshToken stores a refresh token with an expiry time</span> <span class="k">func</span> <span class="p">(</span><span class="n">r</span> <span class="o">*</span><span class="n">redisTokenRepository</span><span class="p">)</span> <span class="n">SetRefreshToken</span><span class="p">(</span><span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">,</span> <span class="n">userID</span> <span class="kt">string</span><span class="p">,</span> <span class="n">tokenID</span> <span class="kt">string</span><span class="p">,</span> <span class="n">expiresIn</span> <span class="n">time</span><span class="o">.</span><span class="n">Duration</span><span class="p">)</span> <span class="kt">error</span> <span class="p">{</span> <span class="c">// We'll store userID with token id so we can scan (non-blocking)</span> <span class="c">// over the user's tokens and delete them in case of token leakage</span> <span class="n">key</span> <span class="o">:=</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Sprintf</span><span class="p">(</span><span class="s">"%s:%s"</span><span class="p">,</span> <span class="n">userID</span><span class="p">,</span> <span class="n">tokenID</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">r</span><span class="o">.</span><span class="n">Redis</span><span class="o">.</span><span class="n">Set</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="n">key</span><span class="p">,</span> <span class="m">0</span><span class="p">,</span> <span class="n">expiresIn</span><span class="p">)</span><span class="o">.</span><span class="n">Err</span><span class="p">();</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">log</span><span class="o">.</span><span class="n">Printf</span><span class="p">(</span><span class="s">"Could not SET refresh token to redis for userID/tokenID: %s/%s: %v</span><span class="se">\n</span><span class="s">"</span><span class="p">,</span> <span class="n">userID</span><span class="p">,</span> <span class="n">tokenID</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span> <span class="k">return</span> <span class="n">apperrors</span><span class="o">.</span><span class="n">NewInternal</span><span class="p">()</span> <span class="p">}</span> <span class="k">return</span> <span class="no">nil</span> <span class="p">}</span> <span class="c">// DeleteRefreshToken used to delete old refresh tokens</span> <span class="c">// Services my access this to revolve tokens</span> <span class="k">func</span> <span class="p">(</span><span class="n">r</span> <span class="o">*</span><span class="n">redisTokenRepository</span><span class="p">)</span> <span class="n">DeleteRefreshToken</span><span class="p">(</span><span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">,</span> <span class="n">userID</span> <span class="kt">string</span><span class="p">,</span> <span class="n">tokenID</span> <span class="kt">string</span><span class="p">)</span> <span class="kt">error</span> <span class="p">{</span> <span class="n">key</span> <span class="o">:=</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Sprintf</span><span class="p">(</span><span class="s">"%s:%s"</span><span class="p">,</span> <span class="n">userID</span><span class="p">,</span> <span class="n">tokenID</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">r</span><span class="o">.</span><span class="n">Redis</span><span class="o">.</span><span class="n">Del</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="n">key</span><span class="p">)</span><span class="o">.</span><span class="n">Err</span><span class="p">();</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">log</span><span class="o">.</span><span class="n">Printf</span><span class="p">(</span><span class="s">"Could not delete refresh token to redis for userID/tokenID: %s/%s: %v</span><span class="se">\n</span><span class="s">"</span><span class="p">,</span> <span class="n">userID</span><span class="p">,</span> <span class="n">tokenID</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span> <span class="k">return</span> <span class="n">apperrors</span><span class="o">.</span><span class="n">NewInternal</span><span class="p">()</span> <span class="p">}</span> <span class="k">return</span> <span class="no">nil</span> <span class="p">}</span> </code></pre> </div> <p>I've added some comments about the storage of these tokens, but let's make sure it's clear what we're doing! </p> <p>We store the tokens with a key <code>{userID}:{tokenID}</code>. We append the token to the <code>userID</code> (as opposed to storing the <code>tokenID</code> alone) because this will allow us to use a Redis operation called scan if we need to invalidate all of a user's refresh tokens. This would be necessary if the user wanted to reset a password or sign out of all devices. We'll be able to scan for and delete all keys starting with the user's id. Scan does this in a non-blocking fashion so other operations can be performed on the database.</p> <p>The <code>DeleteRefreshToken</code> is used to revolve refresh tokens. If a user wants a new <code>idToken</code>, we'll also give them a new <code>refreshToken</code> and invalidate their former token. But I think I'm repeating myself. 😉</p> <h2> Inject RedisTokenRepository and Run Application </h2> <p>Let's take our Redis data source, create a <code>TokenRepository</code> from its <code>RedisClient</code> field, and inject this into our <code>TokenService</code> implementation. The <code>TokenService</code> has already been injected into the handler. We make these updates in <code>~/injection.go</code> of <code>package main</code>.</p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code> <span class="c">/* * repository layer */</span> <span class="n">userRepository</span> <span class="o">:=</span> <span class="n">repository</span><span class="o">.</span><span class="n">NewUserRepository</span><span class="p">(</span><span class="n">d</span><span class="o">.</span><span class="n">DB</span><span class="p">)</span> <span class="n">tokenRepository</span> <span class="o">:=</span> <span class="n">repository</span><span class="o">.</span><span class="n">NewTokenRepository</span><span class="p">(</span><span class="n">d</span><span class="o">.</span><span class="n">RedisClient</span><span class="p">)</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight go"><code> <span class="n">tokenService</span> <span class="o">:=</span> <span class="n">service</span><span class="o">.</span><span class="n">NewTokenService</span><span class="p">(</span><span class="o">&amp;</span><span class="n">service</span><span class="o">.</span><span class="n">TSConfig</span><span class="p">{</span> <span class="n">TokenRepository</span><span class="o">:</span> <span class="n">tokenRepository</span><span class="p">,</span> <span class="n">PrivKey</span><span class="o">:</span> <span class="n">privKey</span><span class="p">,</span> <span class="n">PubKey</span><span class="o">:</span> <span class="n">pubKey</span><span class="p">,</span> <span class="n">RefreshSecret</span><span class="o">:</span> <span class="n">refreshSecret</span><span class="p">,</span> <span class="n">IDExpirationSecs</span><span class="o">:</span> <span class="n">idExp</span><span class="p">,</span> <span class="n">RefreshExpirationSecs</span><span class="o">:</span> <span class="n">refreshExp</span><span class="p">,</span> <span class="p">})</span> </code></pre> </div> <h3> Use Redis Client to View Cache </h3> <p>Let's re-run the application, sign up a new user, and then check to make sure that user has been created with a token. <em>Note that I've deleted all users from Postgres before running these commands.</em></p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> curl <span class="nt">--location</span> <span class="nt">--request</span> POST <span class="s1">'http://malcorp.test/api/account/signup'</span> <span class="se">\</span> <span class="nt">--header</span> <span class="s1">'Content-Type: application/json'</span> <span class="se">\</span> <span class="nt">--data-raw</span> <span class="s1">'{ "email": "jacob@jacob.com", "password": "avalidpassword123" }'</span> </code></pre> </div> <p>You should get a response with the <code>idToken</code> and <code>refreshToken</code> stored as JWTs:</p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"tokens"</span><span class="p">:{</span><span class="w"> </span><span class="nl">"idToken"</span><span class="p">:</span><span class="w"> </span><span class="s2">"eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyIjp7InVpZCI6ImIyODRmZGQ5LTU2ZjItNDgyNC1hN2IwLTU1NWQ0NWQwYTFiNCIsImVtYWlsIjoiYm9iQGJvYi5jb20iLCJuYW1lIjoiIiwiaW1hZ2VVcmwiOiIiLCJ3ZWJzaXRlIjoiIn0sImV4cCI6MTYwNzM4OTQ5MywiaWF0IjoxNjA3Mzg4NTkzfQ.jeT0WyRN0rN9RuudXr7fG1rRmVtBw_t-efBRq8E3iaLyEgPMgG5SC6y16mheeMtXQ74ksVKAlDVV7siS9D94pNBh2PoknA7H2Pa_9k5RFSxJPw4g-qk2NIMnOQIJ6NBrpbc2g1HozndGYpX7wnoCMDxlJvuzGg3mpMXIXausQdUG7nr5VJH_izksybRdhmW_vaK4ZushH8oFJT8XpW8zmylI3tz7g7ICSeRd7wIFybW3XbMudmIw_NOhV-dxd_UGgELQfZG4WRvoBOgVFhd0NmWhwqtyVb1CL1NeJJ1zItfX5WriXGvLesGfbDBSgRThirWlWs2tRBFNVRi6kJYu0g"</span><span class="p">,</span><span class="w"> </span><span class="nl">"refreshToken"</span><span class="p">:</span><span class="w"> </span><span class="s2">"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1aWQiOiJiMjg0ZmRkOS01NmYyLTQ4MjQtYTdiMC01NTVkNDVkMGExYjQiLCJleHAiOjE2MDc2NDc3OTMsImp0aSI6ImMyMzYwMjJkLWE5MTAtNGE4NS1iMjdkLTljNGE1MTQ0NDhjNCIsImlhdCI6MTYwNzM4ODU5M30.DDuKOfQBPqXdSDAwfqVLy0vECcGJtUfScoWYRUFH4Gk"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>You can then copy and paste the refreshToken inside of the <a href="http://jwt.io" rel="noopener noreferrer">jwt.io</a> debugger or in another way that you prefer. </p> <p>I get the following body for the token:</p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"uid"</span><span class="p">:</span><span class="w"> </span><span class="s2">"b284fdd9-56f2-4824-a7b0-555d45d0a1b4"</span><span class="p">,</span><span class="w"> </span><span class="nl">"exp"</span><span class="p">:</span><span class="w"> </span><span class="mi">1607647793</span><span class="p">,</span><span class="w"> </span><span class="nl">"jti"</span><span class="p">:</span><span class="w"> </span><span class="s2">"c236022d-a910-4a85-b27d-9c4a514448c4"</span><span class="p">,</span><span class="w"> </span><span class="nl">"iat"</span><span class="p">:</span><span class="w"> </span><span class="mi">1607388593</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>The <code>jti</code> key is where we store the refresh token ID. You can then check Redis for a token with the <code>uid</code> and <code>jti</code> separated by a colon: <code>b284fdd9-56f2-4824-a7b0-555d45d0a1b4:c236022d-a910-4a85-b27d-9c4a514448c4</code>. </p> <p>There are various options to look at a Redis DB, including a <a href="https://redislabs.com/redis-enterprise/redis-insight/" rel="noopener noreferrer">GUI version</a>. </p> <p>For this tutorial, I'll show how to use the <a href="https://redis.io/topics/quickstart" rel="noopener noreferrer">CLI version</a>.</p> <p>You can check for the existence of the key as follows (we're using the default Redis port, so you need not do anything special to connect from your local machine):</p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> redis-cli get b284fdd9-56f2-4824-a7b0-555d45d0a1b4:c236022d-a910-4a85-b27d-9c4a514448c4 </code></pre> </div> <p>And you should receive a response of "0", the value we stored under the key (because I believe you have to store a value for each key).</p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> redis-cli get b284fdd9-56f2-4824-a7b0-555d45d0a1b4:c236022d-a910-4a85-b27d-9c4a514448c4 <span class="s2">"0"</span> </code></pre> </div> <p>You can also check the expiration on the key with the <code>TTL</code> (time to live) command. </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> ➜ redis-cli TTL b284fdd9-56f2-4824-a7b0-555d45d0a1b4:c236022d-a910-4a85-b27d-9c4a514448c4 <span class="o">(</span>integer<span class="o">)</span> 258634 </code></pre> </div> <p>It looks like our time is just shy of 3 days, in seconds!</p> <h2> Conclusion </h2> <p>That was another big one! Thanks for hanging around! We're starting to reap the benefits of our application's architecture. Sure, it was a pain in the arse to set it up, but now I'm quite enjoying connecting everything!</p> <p>Next time, we'll add middleware to set a handler timeout for each individual request. The tutorial won't involve modifying so many files, but it will be interesting in terms of working with Go and address some concurrency principles!</p> <p>Hasta pronto!</p> go redis authentication docker 11 - Account API Cleanup & Fixes Jacob Goodwin Sun, 29 Nov 2020 17:18:40 +0000 https://dev.to/jacobsngoodwin/11-cleanup-fixes-2b18 https://dev.to/jacobsngoodwin/11-cleanup-fixes-2b18 <p>Today we're going to clean up some of the naming, variables, and parameters passed to a few methods. Nothing will be terribly intellectually challenging, but we will modify a lot of files. </p> <p>If you find this boring or are uncertain about the changes made to the codebase, please check out the branch for this tutorial from the <a href="https://github.com/JacobSNGoodwin/memrizr">Github repository</a>!</p> <p>You might also find the video useful to make sure you don't miss any changes.<br> <iframe width="710" height="399" src="https://www.youtube.com/embed/rWVaKBJK_wA"> </iframe> </p> <p>I also want to thank everybody who has subscribed to me feed and actually reads! Thanks for subjecting yourself to some seriously dense material. I hope you find a useful snippet here or there! 😊</p> <h2> Make Service and Repository Implementations Private </h2> <p>Our service and repository factories return interfaces. As an example, let's look at the <code>NewUserService</code> in <code>~/service/user_service.go</code><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="c">// UserService acts as a struct for injecting an implementation of UserRepository</span> <span class="c">// for use in service methods</span> <span class="k">type</span> <span class="n">UserService</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">UserRepository</span> <span class="n">model</span><span class="o">.</span><span class="n">UserRepository</span> <span class="p">}</span> <span class="c">// USConfig will hold repositories that will eventually be injected into this</span> <span class="c">// this service layer</span> <span class="k">type</span> <span class="n">USConfig</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">UserRepository</span> <span class="n">model</span><span class="o">.</span><span class="n">UserRepository</span> <span class="p">}</span> <span class="c">// NewUserService is a factory function for</span> <span class="c">// initializing a UserService with its repository layer dependencies</span> <span class="k">func</span> <span class="n">NewUserService</span><span class="p">(</span><span class="n">c</span> <span class="o">*</span><span class="n">USConfig</span><span class="p">)</span> <span class="n">model</span><span class="o">.</span><span class="n">UserService</span> <span class="p">{</span> <span class="k">return</span> <span class="o">&amp;</span><span class="n">UserService</span><span class="p">{</span> <span class="n">UserRepository</span><span class="o">:</span> <span class="n">c</span><span class="o">.</span><span class="n">UserRepository</span><span class="p">,</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>We want to force external packages to access the service by means of the factory and its config struct (as opposed to instantiating <code>UserService</code> directly). Therefore, we will make the actual service and repository structs package private.</p> <h3> Update UserService </h3> <p>To get started with this, let's make the <code>UserService</code> implementation package private. We do this by making the service name lowercase, i.e. <code>userService</code>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="c">// userService acts as a struct for injecting an implementation of UserRepository</span> <span class="c">// for use in service methods</span> <span class="k">type</span> <span class="n">userService</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">UserRepository</span> <span class="n">model</span><span class="o">.</span><span class="n">UserRepository</span> <span class="p">}</span> <span class="c">// USConfig will hold repositories that will eventually be injected into this</span> <span class="c">// this service layer</span> <span class="k">type</span> <span class="n">USConfig</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">UserRepository</span> <span class="n">model</span><span class="o">.</span><span class="n">UserRepository</span> <span class="p">}</span> <span class="c">// NewUserService is a factory function for</span> <span class="c">// initializing a UserService with its repository layer dependencies</span> <span class="k">func</span> <span class="n">NewUserService</span><span class="p">(</span><span class="n">c</span> <span class="o">*</span><span class="n">USConfig</span><span class="p">)</span> <span class="n">model</span><span class="o">.</span><span class="n">UserService</span> <span class="p">{</span> <span class="k">return</span> <span class="o">&amp;</span><span class="n">userService</span><span class="p">{</span> <span class="n">UserRepository</span><span class="o">:</span> <span class="n">c</span><span class="o">.</span><span class="n">UserRepository</span><span class="p">,</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>Furthermore, you will need to return this lower-case <code>userService</code> inside of <code>NewUserService</code> and to update all of the receiver methods to use <code>userService</code>. </p> <p>As an example (you'll need to do this to all of the methods):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="c">// Signup reaches our to a UserRepository to sign up the user.</span> <span class="c">// UserRepository Create should handle checking for user exists conflicts</span> <span class="k">func</span> <span class="p">(</span><span class="n">s</span> <span class="o">*</span><span class="n">userService</span><span class="p">)</span> <span class="n">Signup</span><span class="p">(</span><span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">,</span> <span class="n">u</span> <span class="o">*</span><span class="n">model</span><span class="o">.</span><span class="n">User</span><span class="p">)</span> <span class="kt">error</span> <span class="p">{</span> <span class="c">// omitting body...</span> <span class="p">}</span> <span class="c">// ... subsequent code omitted</span> </code></pre> </div> <h3> Update TokenService </h3> <p>Let's do the same in <code>TokenService</code>, located in <code>~/service/token_service.go</code>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="c">// tokenService used for injecting an implementation of TokenRepository</span> <span class="c">// for use in service methods along with keys and secrets for</span> <span class="c">// signing JWTs</span> <span class="k">type</span> <span class="n">tokenService</span> <span class="k">struct</span> <span class="p">{</span> <span class="c">// TokenRepository model.TokenRepository</span> <span class="n">PrivKey</span> <span class="o">*</span><span class="n">rsa</span><span class="o">.</span><span class="n">PrivateKey</span> <span class="n">PubKey</span> <span class="o">*</span><span class="n">rsa</span><span class="o">.</span><span class="n">PublicKey</span> <span class="n">RefreshSecret</span> <span class="kt">string</span> <span class="p">}</span> <span class="c">// TSConfig will hold repositories that will eventually be injected into this</span> <span class="c">// this service layer</span> <span class="k">type</span> <span class="n">TSConfig</span> <span class="k">struct</span> <span class="p">{</span> <span class="c">// TokenRepository model.TokenRepository</span> <span class="n">PrivKey</span> <span class="o">*</span><span class="n">rsa</span><span class="o">.</span><span class="n">PrivateKey</span> <span class="n">PubKey</span> <span class="o">*</span><span class="n">rsa</span><span class="o">.</span><span class="n">PublicKey</span> <span class="n">RefreshSecret</span> <span class="kt">string</span> <span class="p">}</span> <span class="c">// NewTokenService is a factory function for</span> <span class="c">// initializing a UserService with its repository layer dependencies</span> <span class="k">func</span> <span class="n">NewTokenService</span><span class="p">(</span><span class="n">c</span> <span class="o">*</span><span class="n">TSConfig</span><span class="p">)</span> <span class="n">model</span><span class="o">.</span><span class="n">TokenService</span> <span class="p">{</span> <span class="k">return</span> <span class="o">&amp;</span><span class="n">tokenService</span><span class="p">{</span> <span class="n">PrivKey</span><span class="o">:</span> <span class="n">c</span><span class="o">.</span><span class="n">PrivKey</span><span class="p">,</span> <span class="n">PubKey</span><span class="o">:</span> <span class="n">c</span><span class="o">.</span><span class="n">PubKey</span><span class="p">,</span> <span class="n">RefreshSecret</span><span class="o">:</span> <span class="n">c</span><span class="o">.</span><span class="n">RefreshSecret</span><span class="p">,</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>Also remember to update the factory and receiver methods to use <code>tokenService</code>.</p> <h3> Update PGUserRepository </h3> <p>Let's do the same for our <code>PGUserRepository</code>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="c">// pgUserRepository is data/repository implementation</span> <span class="c">// of service layer UserRepository</span> <span class="k">type</span> <span class="n">pgUserRepository</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">DB</span> <span class="o">*</span><span class="n">sqlx</span><span class="o">.</span><span class="n">DB</span> <span class="p">}</span> <span class="c">// NewUserRepository is a factory for initializing User Repositories</span> <span class="k">func</span> <span class="n">NewUserRepository</span><span class="p">(</span><span class="n">db</span> <span class="o">*</span><span class="n">sqlx</span><span class="o">.</span><span class="n">DB</span><span class="p">)</span> <span class="n">model</span><span class="o">.</span><span class="n">UserRepository</span> <span class="p">{</span> <span class="k">return</span> <span class="o">&amp;</span><span class="n">pgUserRepository</span><span class="p">{</span> <span class="n">DB</span><span class="o">:</span> <span class="n">db</span><span class="p">,</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>Again, remember to update the factory and receiver methods to use <code>pGUserRepository</code>!</p> <h2> Context Fixes </h2> <p>I want to forward our <code>Context</code> down the call chain (handler -&gt; service -&gt; repository -&gt; data sources), so that we can timeout any handler, along with calls all the way to the data sources, after a lengthy amount of time. To do this, though, we need to extract the <code>Request().Context</code> from off of the gin context.</p> <p>We do this by passing the request context to service method calls inside of <code>handler</code> layer methods.</p> <p>We need to update our current 2 handlers, <code>Signup</code> and <code>Me</code>. </p> <h3> Handler Updates </h3> <p>In <code>~/handler/me.go</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code> <span class="c">// ... code omitted</span> <span class="c">// use the Request Context</span> <span class="n">ctx</span> <span class="o">:=</span> <span class="n">c</span><span class="o">.</span><span class="n">Request</span><span class="o">.</span><span class="n">Context</span><span class="p">()</span> <span class="n">u</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">h</span><span class="o">.</span><span class="n">UserService</span><span class="o">.</span><span class="n">Get</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="n">uid</span><span class="p">)</span> <span class="c">// ... code omitted</span> </code></pre> </div> <p>And in <code>~/handler/signup.go</code>, update the calls to <code>Signup</code> and <code>NewPairFromUser</code> methods with the <code>Context</code> from the <code>Request</code>. We'll use the same context for both calls, though I can definitely see cases where this would not be prudent.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code> <span class="n">ctx</span> <span class="o">:=</span> <span class="n">c</span><span class="o">.</span><span class="n">Request</span><span class="o">.</span><span class="n">Context</span><span class="p">()</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">h</span><span class="o">.</span><span class="n">UserService</span><span class="o">.</span><span class="n">Signup</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="n">u</span><span class="p">)</span> <span class="c">// error checking here</span> <span class="c">// create token pair as strings</span> <span class="n">tokens</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">h</span><span class="o">.</span><span class="n">TokenService</span><span class="o">.</span><span class="n">NewPairFromUser</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="n">u</span><span class="p">,</span> <span class="s">""</span><span class="p">)</span> </code></pre> </div> <h3> Fix Handler Layer Tests </h3> <p>Now that we're using a plain Golang context to call service methods, we need to fix our <code>signup_test.go</code> and <code>me_test.go</code>.</p> <p>You merely need to replace mock call arguments using:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="n">mock</span><span class="o">.</span><span class="n">AnythingOfType</span><span class="p">(</span><span class="s">"*gin.Context"</span><span class="p">)</span> </code></pre> </div> <p>with the following <strong>in both test files</strong>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="n">mock</span><span class="o">.</span><span class="n">AnythingOfType</span><span class="p">(</span><span class="s">"*context.emptyCtx"</span><span class="p">)</span> </code></pre> </div> <p>We use <code>*context.emptyCtx</code> here, which is an alias for <code>context.Background()</code>, a non-nil, empty context (we don't have any context fields in the unit tests).</p> <h3> SQLX </h3> <p>I also want to use methods in SQLX that can receive the context. To do this, we'll update method calls on <code>DB</code> in the <code>PGUserRepository</code> to use "Context" versions of each method. As an example, let's look at the <code>Create</code> method and change <code>r.DB.Get</code> to <code>r.DB.GetContext</code>, remembering to pass in the context.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="c">// Create reaches out to database SQLX api</span> <span class="k">func</span> <span class="p">(</span><span class="n">r</span> <span class="o">*</span><span class="n">pgUserRepository</span><span class="p">)</span> <span class="n">Create</span><span class="p">(</span><span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">,</span> <span class="n">u</span> <span class="o">*</span><span class="n">model</span><span class="o">.</span><span class="n">User</span><span class="p">)</span> <span class="kt">error</span> <span class="p">{</span> <span class="n">query</span> <span class="o">:=</span> <span class="s">"INSERT INTO users (email, password) VALUES ($1, $2) RETURNING *"</span> <span class="c">// update this method to "GetContext"</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">r</span><span class="o">.</span><span class="n">DB</span><span class="o">.</span><span class="n">GetContext</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="n">u</span><span class="p">,</span> <span class="n">query</span><span class="p">,</span> <span class="n">u</span><span class="o">.</span><span class="n">Email</span><span class="p">,</span> <span class="n">u</span><span class="o">.</span><span class="n">Password</span><span class="p">);</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="c">// ... code omitted</span> <span class="p">}</span> <span class="c">// ... code omitted</span> <span class="p">}</span> </code></pre> </div> <p>Also make sure to update the <code>Get</code> call in <code>FindByID</code> to <code>GetContext</code>.</p> <h2> Update Environment Variables Usage </h2> <p>To make our app more "configurable," I want to make the following updates: </p> <ol> <li>Pass the <code>ACCOUNT_API_URL</code> environment variable to the handler config. </li> <li>Set the expiration duration for both JWTs as environment variables so a user can easily set them per their requirements or per environment.</li> </ol> <h3> Pass ACCOUNT_API_URL to Handler Config </h3> <p>Where possible, environment variables should be read in from the <code>main</code> package so the app can terminate early if there is any configuration error. </p> <p>Let's add <code>BaseURL</code> as a field to our <code>Config</code> inside of <code>~/handler/handler.go</code>. This way we can instantiate the handler with this BaseURL inside of the main package.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="c">// Config will hold services that will eventually be injected into this</span> <span class="c">// handler layer on handler initialization</span> <span class="k">type</span> <span class="n">Config</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">R</span> <span class="o">*</span><span class="n">gin</span><span class="o">.</span><span class="n">Engine</span> <span class="n">UserService</span> <span class="n">model</span><span class="o">.</span><span class="n">UserService</span> <span class="n">TokenService</span> <span class="n">model</span><span class="o">.</span><span class="n">TokenService</span> <span class="n">BaseURL</span> <span class="kt">string</span> <span class="p">}</span> </code></pre> </div> <p>Then inside of the <code>NewHandler</code> function, we'll use this value to group our handlers.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="c">// Create a group, or base url for all routes</span> <span class="n">g</span> <span class="o">:=</span> <span class="n">c</span><span class="o">.</span><span class="n">R</span><span class="o">.</span><span class="n">Group</span><span class="p">(</span><span class="n">c</span><span class="o">.</span><span class="n">BaseURL</span><span class="p">)</span> </code></pre> </div> <p>Let's read and pass this environment variable to <code>NewHandler</code> inside of <code>injection.go</code>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="c">// read in ACCOUNT_API_URL</span> <span class="n">baseURL</span> <span class="o">:=</span> <span class="n">os</span><span class="o">.</span><span class="n">Getenv</span><span class="p">(</span><span class="s">"ACCOUNT_API_URL"</span><span class="p">)</span> <span class="n">handler</span><span class="o">.</span><span class="n">NewHandler</span><span class="p">(</span><span class="o">&amp;</span><span class="n">handler</span><span class="o">.</span><span class="n">Config</span><span class="p">{</span> <span class="n">R</span><span class="o">:</span> <span class="n">router</span><span class="p">,</span> <span class="n">UserService</span><span class="o">:</span> <span class="n">userService</span><span class="p">,</span> <span class="n">TokenService</span><span class="o">:</span> <span class="n">tokenService</span><span class="p">,</span> <span class="n">BaseURL</span><span class="o">:</span> <span class="n">baseURL</span><span class="p">,</span> <span class="p">})</span> </code></pre> </div> <p>We have also instantiated our handler inside of unit tests, but we do not need to make any changes as the tests work with an empty string for the <code>BaseURL</code>. Omitted <code>string</code> fields in a struct will default to an empty string in Go. </p> <h3> JWT Expiration </h3> <p>We currently set the JWT expiration with hard-coded values inside of the token utility methods found in <code>~/service/tokens.go</code>. I want to make these functions configurable. Let's add environment variables for expiration time in seconds in <code>.env.dev</code>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight toml"><code><span class="py">ID_TOKEN_EXP</span><span class="p">=</span><span class="mi">900</span> <span class="c">#15 mins in seconds</span> <span class="py">REFRESH_TOKEN_EXP</span><span class="p">=</span><span class="mi">259200</span> <span class="c">#3 days in seconds</span> </code></pre> </div> <p>We'll read in and parse these environment variables the injection file in <code>package main</code>, as we did with the BaseURL. But first, we need to add these timeouts to our <code>tokenService</code>, <code>TSConfig</code>, and <code>NewTokenService</code> in <code>~/service/token_service.go</code>. We'll add them as <code>int64</code> type.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="c">// tokenService used for injecting an implementation of TokenRepository</span> <span class="c">// for use in service methods along with keys and secrets for</span> <span class="c">// signing JWTs</span> <span class="k">type</span> <span class="n">tokenService</span> <span class="k">struct</span> <span class="p">{</span> <span class="c">// TokenRepository model.TokenRepository</span> <span class="n">PrivKey</span> <span class="o">*</span><span class="n">rsa</span><span class="o">.</span><span class="n">PrivateKey</span> <span class="n">PubKey</span> <span class="o">*</span><span class="n">rsa</span><span class="o">.</span><span class="n">PublicKey</span> <span class="n">RefreshSecret</span> <span class="kt">string</span> <span class="n">IDExpirationSecs</span> <span class="kt">int64</span> <span class="n">RefreshExpirationSecs</span> <span class="kt">int64</span> <span class="p">}</span> <span class="c">// TSConfig will hold repositories that will eventually be injected into this</span> <span class="c">// this service layer</span> <span class="k">type</span> <span class="n">TSConfig</span> <span class="k">struct</span> <span class="p">{</span> <span class="c">// TokenRepository model.TokenRepository</span> <span class="n">PrivKey</span> <span class="o">*</span><span class="n">rsa</span><span class="o">.</span><span class="n">PrivateKey</span> <span class="n">PubKey</span> <span class="o">*</span><span class="n">rsa</span><span class="o">.</span><span class="n">PublicKey</span> <span class="n">RefreshSecret</span> <span class="kt">string</span> <span class="n">IDExpirationSecs</span> <span class="kt">int64</span> <span class="n">RefreshExpirationSecs</span> <span class="kt">int64</span> <span class="p">}</span> <span class="c">// NewTokenService is a factory function for</span> <span class="c">// initializing a UserService with its repository layer dependencies</span> <span class="k">func</span> <span class="n">NewTokenService</span><span class="p">(</span><span class="n">c</span> <span class="o">*</span><span class="n">TSConfig</span><span class="p">)</span> <span class="n">model</span><span class="o">.</span><span class="n">TokenService</span> <span class="p">{</span> <span class="k">return</span> <span class="o">&amp;</span><span class="n">tokenService</span><span class="p">{</span> <span class="n">PrivKey</span><span class="o">:</span> <span class="n">c</span><span class="o">.</span><span class="n">PrivKey</span><span class="p">,</span> <span class="n">PubKey</span><span class="o">:</span> <span class="n">c</span><span class="o">.</span><span class="n">PubKey</span><span class="p">,</span> <span class="n">RefreshSecret</span><span class="o">:</span> <span class="n">c</span><span class="o">.</span><span class="n">RefreshSecret</span><span class="p">,</span> <span class="n">IDExpirationSecs</span><span class="o">:</span> <span class="n">c</span><span class="o">.</span><span class="n">IDExpirationSecs</span><span class="p">,</span> <span class="n">RefreshExpirationSecs</span><span class="o">:</span> <span class="n">c</span><span class="o">.</span><span class="n">RefreshExpirationSecs</span><span class="p">,</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>Then inside of <code>injection.go</code>, we'll parse the environment variables and call <code>NewTokenService</code> with them:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="c">// load expiration lengths from env variables and parse as int</span> <span class="n">idTokenExp</span> <span class="o">:=</span> <span class="n">os</span><span class="o">.</span><span class="n">Getenv</span><span class="p">(</span><span class="s">"ID_TOKEN_EXP"</span><span class="p">)</span> <span class="n">refreshTokenExp</span> <span class="o">:=</span> <span class="n">os</span><span class="o">.</span><span class="n">Getenv</span><span class="p">(</span><span class="s">"REFRESH_TOKEN_EXP"</span><span class="p">)</span> <span class="n">idExp</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">strconv</span><span class="o">.</span><span class="n">ParseInt</span><span class="p">(</span><span class="n">idTokenExp</span><span class="p">,</span> <span class="m">0</span><span class="p">,</span> <span class="m">64</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Errorf</span><span class="p">(</span><span class="s">"could not parse ID_TOKEN_EXP as int: %w"</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span> <span class="p">}</span> <span class="n">refreshExp</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">strconv</span><span class="o">.</span><span class="n">ParseInt</span><span class="p">(</span><span class="n">refreshTokenExp</span><span class="p">,</span> <span class="m">0</span><span class="p">,</span> <span class="m">64</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Errorf</span><span class="p">(</span><span class="s">"could not parse REFRESH_TOKEN_EXP as int: %w"</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span> <span class="p">}</span> <span class="n">tokenService</span> <span class="o">:=</span> <span class="n">service</span><span class="o">.</span><span class="n">NewTokenService</span><span class="p">(</span><span class="o">&amp;</span><span class="n">service</span><span class="o">.</span><span class="n">TSConfig</span><span class="p">{</span> <span class="n">PrivKey</span><span class="o">:</span> <span class="n">privKey</span><span class="p">,</span> <span class="n">PubKey</span><span class="o">:</span> <span class="n">pubKey</span><span class="p">,</span> <span class="n">RefreshSecret</span><span class="o">:</span> <span class="n">refreshSecret</span><span class="p">,</span> <span class="n">IDExpirationSecs</span><span class="o">:</span> <span class="n">idExp</span><span class="p">,</span> <span class="n">RefreshExpirationSecs</span><span class="o">:</span> <span class="n">refreshExp</span><span class="p">,</span> <span class="p">})</span> </code></pre> </div> <p>We use <code>int64</code> as this is the type of int used golang's <code>time</code> package.</p> <p>The final thing we need to do is accept these values in our utility functions, found in <code>~/service/token.go</code>, for generating tokens.</p> <p>Note that in <code>generateRefreshToken</code> we are working with <code>time</code> and <code>time.Duration</code> so we have to do some casting of our <code>int64</code>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="c">// generateIDToken generates an IDToken which is a jwt with myCustomClaims</span> <span class="c">// Could call this GenerateIDTokenString, but the signature makes this fairly clear</span> <span class="k">func</span> <span class="n">generateIDToken</span><span class="p">(</span><span class="n">u</span> <span class="o">*</span><span class="n">model</span><span class="o">.</span><span class="n">User</span><span class="p">,</span> <span class="n">key</span> <span class="o">*</span><span class="n">rsa</span><span class="o">.</span><span class="n">PrivateKey</span><span class="p">,</span> <span class="n">exp</span> <span class="kt">int64</span><span class="p">)</span> <span class="p">(</span><span class="kt">string</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span> <span class="n">unixTime</span> <span class="o">:=</span> <span class="n">time</span><span class="o">.</span><span class="n">Now</span><span class="p">()</span><span class="o">.</span><span class="n">Unix</span><span class="p">()</span> <span class="n">tokenExp</span> <span class="o">:=</span> <span class="n">unixTime</span> <span class="o">+</span> <span class="n">exp</span> <span class="c">// ... code omitted</span> <span class="p">}</span> <span class="c">// generateRefreshToken creates a refresh token</span> <span class="c">// The refresh token stores only the user's ID, a string</span> <span class="k">func</span> <span class="n">generateRefreshToken</span><span class="p">(</span><span class="n">uid</span> <span class="n">uuid</span><span class="o">.</span><span class="n">UUID</span><span class="p">,</span> <span class="n">key</span> <span class="kt">string</span><span class="p">,</span> <span class="n">exp</span> <span class="kt">int64</span><span class="p">)</span> <span class="p">(</span><span class="o">*</span><span class="n">RefreshToken</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span> <span class="n">currentTime</span> <span class="o">:=</span> <span class="n">time</span><span class="o">.</span><span class="n">Now</span><span class="p">()</span> <span class="n">tokenExp</span> <span class="o">:=</span> <span class="n">currentTime</span><span class="o">.</span><span class="n">Add</span><span class="p">(</span><span class="n">time</span><span class="o">.</span><span class="n">Duration</span><span class="p">(</span><span class="n">exp</span><span class="p">)</span> <span class="o">*</span> <span class="n">time</span><span class="o">.</span><span class="n">Second</span><span class="p">)</span> <span class="n">tokenID</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">uuid</span><span class="o">.</span><span class="n">NewRandom</span><span class="p">()</span> <span class="c">// v4 uuid in the google uuid lib</span> </code></pre> </div> <p>Let's now make sure to call these functions inside of <code>token_service.go</code> by passing in the expiration times!<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="c">// ... code omitted</span> <span class="n">idToken</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">generateIDToken</span><span class="p">(</span><span class="n">u</span><span class="p">,</span> <span class="n">s</span><span class="o">.</span><span class="n">PrivKey</span><span class="p">,</span> <span class="n">s</span><span class="o">.</span><span class="n">IDExpirationSecs</span><span class="p">)</span> <span class="c">// not showing code here</span> <span class="n">refreshToken</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">generateRefreshToken</span><span class="p">(</span><span class="n">u</span><span class="o">.</span><span class="n">UID</span><span class="p">,</span> <span class="n">s</span><span class="o">.</span><span class="n">RefreshSecret</span><span class="p">,</span> <span class="n">s</span><span class="o">.</span><span class="n">RefreshExpirationSecs</span><span class="p">)</span> </code></pre> </div> <h3> Update Token Service Test </h3> <p>Let's update our tests in <code>~/service/token_service_test.go</code> to take in these new expiration parameters. We'll hard code the expiration durations in seconds ad the start of the test.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">func</span> <span class="n">TestNewPairFromUser</span><span class="p">(</span><span class="n">t</span> <span class="o">*</span><span class="n">testing</span><span class="o">.</span><span class="n">T</span><span class="p">)</span> <span class="p">{</span> <span class="k">var</span> <span class="n">idExp</span> <span class="kt">int64</span> <span class="o">=</span> <span class="m">15</span> <span class="o">*</span> <span class="m">60</span> <span class="k">var</span> <span class="n">refreshExp</span> <span class="kt">int64</span> <span class="o">=</span> <span class="m">3</span> <span class="o">*</span> <span class="m">24</span> <span class="o">*</span> <span class="m">2600</span> <span class="n">priv</span><span class="p">,</span> <span class="n">_</span> <span class="o">:=</span> <span class="n">ioutil</span><span class="o">.</span><span class="n">ReadFile</span><span class="p">(</span><span class="s">"../rsa_private_test.pem"</span><span class="p">)</span> <span class="n">privKey</span><span class="p">,</span> <span class="n">_</span> <span class="o">:=</span> <span class="n">jwt</span><span class="o">.</span><span class="n">ParseRSAPrivateKeyFromPEM</span><span class="p">(</span><span class="n">priv</span><span class="p">)</span> <span class="n">pub</span><span class="p">,</span> <span class="n">_</span> <span class="o">:=</span> <span class="n">ioutil</span><span class="o">.</span><span class="n">ReadFile</span><span class="p">(</span><span class="s">"../rsa_public_test.pem"</span><span class="p">)</span> <span class="n">pubKey</span><span class="p">,</span> <span class="n">_</span> <span class="o">:=</span> <span class="n">jwt</span><span class="o">.</span><span class="n">ParseRSAPublicKeyFromPEM</span><span class="p">(</span><span class="n">pub</span><span class="p">)</span> <span class="n">secret</span> <span class="o">:=</span> <span class="s">"anotsorandomtestsecret"</span> <span class="c">// ... code omitted</span> <span class="p">}</span> </code></pre> </div> <p>We also need to update the expectations in this test to use the expiration values passed to <code>NewTokenService</code>. We do this by updating the <code>expectedExpiresAt...</code> statement for each token.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code> <span class="c">// for idToken</span> <span class="n">expiresAt</span> <span class="o">:=</span> <span class="n">time</span><span class="o">.</span><span class="n">Unix</span><span class="p">(</span><span class="n">idTokenClaims</span><span class="o">.</span><span class="n">StandardClaims</span><span class="o">.</span><span class="n">ExpiresAt</span><span class="p">,</span> <span class="m">0</span><span class="p">)</span> <span class="n">expectedExpiresAt</span> <span class="o">:=</span> <span class="n">time</span><span class="o">.</span><span class="n">Now</span><span class="p">()</span><span class="o">.</span><span class="n">Add</span><span class="p">(</span><span class="n">time</span><span class="o">.</span><span class="n">Duration</span><span class="p">(</span><span class="n">idExp</span><span class="p">)</span> <span class="o">*</span> <span class="n">time</span><span class="o">.</span><span class="n">Second</span><span class="p">)</span> <span class="n">assert</span><span class="o">.</span><span class="n">WithinDuration</span><span class="p">(</span><span class="n">t</span><span class="p">,</span> <span class="n">expectedExpiresAt</span><span class="p">,</span> <span class="n">expiresAt</span><span class="p">,</span> <span class="m">5</span><span class="o">*</span><span class="n">time</span><span class="o">.</span><span class="n">Second</span><span class="p">)</span> <span class="c">// for refreshToken</span> <span class="n">expiresAt</span> <span class="o">=</span> <span class="n">time</span><span class="o">.</span><span class="n">Unix</span><span class="p">(</span><span class="n">refreshTokenClaims</span><span class="o">.</span><span class="n">StandardClaims</span><span class="o">.</span><span class="n">ExpiresAt</span><span class="p">,</span> <span class="m">0</span><span class="p">)</span> <span class="n">expectedExpiresAt</span> <span class="o">=</span> <span class="n">time</span><span class="o">.</span><span class="n">Now</span><span class="p">()</span><span class="o">.</span><span class="n">Add</span><span class="p">(</span><span class="n">time</span><span class="o">.</span><span class="n">Duration</span><span class="p">(</span><span class="n">refreshExp</span><span class="p">)</span> <span class="o">*</span> <span class="n">time</span><span class="o">.</span><span class="n">Second</span><span class="p">)</span> <span class="n">assert</span><span class="o">.</span><span class="n">WithinDuration</span><span class="p">(</span><span class="n">t</span><span class="p">,</span> <span class="n">expectedExpiresAt</span><span class="p">,</span> <span class="n">expiresAt</span><span class="p">,</span> <span class="m">5</span><span class="o">*</span><span class="n">time</span><span class="o">.</span><span class="n">Second</span><span class="p">)</span> </code></pre> </div> <h2> Accept Only JSON and multipart/form </h2> <p>Our struct tags for our <code>model.User</code> and <code>model.TokenPair</code> only support JSON. Currently, when we bind data with our <code>bindData</code> function in <code>~/handler/bind_data.go</code>, we might receive form or XML data in the HTTP body. I want to make sure to send a clear error if the user sends anything other than application/json.</p> <p>Let's add some code in <code>~/handler/bind_data</code> at the top of the <code>bindData</code> function.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="c">// send error if Content-Type != application/json</span> <span class="k">if</span> <span class="n">c</span><span class="o">.</span><span class="n">ContentType</span><span class="p">()</span> <span class="o">!=</span> <span class="s">"application/json"</span> <span class="p">{</span> <span class="n">msg</span> <span class="o">:=</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Sprintf</span><span class="p">(</span><span class="s">"%s only accepts Content-Type application/json"</span><span class="p">,</span> <span class="n">c</span><span class="o">.</span><span class="n">FullPath</span><span class="p">())</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">apperrors</span><span class="o">.</span><span class="n">NewUnsupportedMediaType</span><span class="p">(</span><span class="n">msg</span><span class="p">)</span> <span class="n">c</span><span class="o">.</span><span class="n">JSON</span><span class="p">(</span><span class="n">err</span><span class="o">.</span><span class="n">Status</span><span class="p">(),</span> <span class="n">gin</span><span class="o">.</span><span class="n">H</span><span class="p">{</span> <span class="s">"error"</span><span class="o">:</span> <span class="n">err</span><span class="p">,</span> <span class="p">})</span> <span class="k">return</span> <span class="no">false</span> <span class="p">}</span> </code></pre> </div> <p>Note that I added a new custom error type called <code>UnsupportedMediaType</code>. You can see this added in our <code>~/model/apperrors/apperrors.go</code>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="c">// "Set" of valid errorTypes</span> <span class="k">const</span> <span class="p">(</span> <span class="n">Authorization</span> <span class="n">Type</span> <span class="o">=</span> <span class="s">"AUTHORIZATION"</span> <span class="c">// Authentication Failures -</span> <span class="n">BadRequest</span> <span class="n">Type</span> <span class="o">=</span> <span class="s">"BADREQUEST"</span> <span class="c">// Validation errors / BadInput</span> <span class="n">Conflict</span> <span class="n">Type</span> <span class="o">=</span> <span class="s">"CONFLICT"</span> <span class="c">// Already exists (eg, create account with existent email) - 409</span> <span class="n">Internal</span> <span class="n">Type</span> <span class="o">=</span> <span class="s">"INTERNAL"</span> <span class="c">// Server (500) and fallback errors</span> <span class="n">NotFound</span> <span class="n">Type</span> <span class="o">=</span> <span class="s">"NOTFOUND"</span> <span class="c">// For not finding resource</span> <span class="n">PayloadTooLarge</span> <span class="n">Type</span> <span class="o">=</span> <span class="s">"PAYLOADTOOLARGE"</span> <span class="c">// for uploading tons of JSON, or an image over the limit - 413</span> <span class="n">UnsupportedMediaType</span> <span class="n">Type</span> <span class="o">=</span> <span class="s">"UNSUPPORTEDMEDIATYPE"</span> <span class="c">// for http 415</span> <span class="p">)</span> <span class="c">// ... code omitted</span> <span class="c">// Status is a mapping errors to status codes</span> <span class="c">// Of course, this is somewhat redundant since</span> <span class="c">// our errors already map http status codes</span> <span class="k">func</span> <span class="p">(</span><span class="n">e</span> <span class="o">*</span><span class="n">Error</span><span class="p">)</span> <span class="n">Status</span><span class="p">()</span> <span class="kt">int</span> <span class="p">{</span> <span class="k">switch</span> <span class="n">e</span><span class="o">.</span><span class="n">Type</span> <span class="p">{</span> <span class="k">case</span> <span class="n">Authorization</span><span class="o">:</span> <span class="k">return</span> <span class="n">http</span><span class="o">.</span><span class="n">StatusUnauthorized</span> <span class="k">case</span> <span class="n">BadRequest</span><span class="o">:</span> <span class="k">return</span> <span class="n">http</span><span class="o">.</span><span class="n">StatusBadRequest</span> <span class="k">case</span> <span class="n">Conflict</span><span class="o">:</span> <span class="k">return</span> <span class="n">http</span><span class="o">.</span><span class="n">StatusConflict</span> <span class="k">case</span> <span class="n">Internal</span><span class="o">:</span> <span class="k">return</span> <span class="n">http</span><span class="o">.</span><span class="n">StatusInternalServerError</span> <span class="k">case</span> <span class="n">NotFound</span><span class="o">:</span> <span class="k">return</span> <span class="n">http</span><span class="o">.</span><span class="n">StatusNotFound</span> <span class="k">case</span> <span class="n">PayloadTooLarge</span><span class="o">:</span> <span class="k">return</span> <span class="n">http</span><span class="o">.</span><span class="n">StatusRequestEntityTooLarge</span> <span class="k">case</span> <span class="n">UnsupportedMediaType</span><span class="o">:</span> <span class="k">return</span> <span class="n">http</span><span class="o">.</span><span class="n">StatusUnsupportedMediaType</span> <span class="k">default</span><span class="o">:</span> <span class="k">return</span> <span class="n">http</span><span class="o">.</span><span class="n">StatusInternalServerError</span> <span class="p">}</span> <span class="p">}</span> <span class="c">// ... code omitted</span> <span class="c">// NewUnsupportedMediaType to create an error for 415</span> <span class="k">func</span> <span class="n">NewUnsupportedMediaType</span><span class="p">(</span><span class="n">reason</span> <span class="kt">string</span><span class="p">)</span> <span class="o">*</span><span class="n">Error</span> <span class="p">{</span> <span class="k">return</span> <span class="o">&amp;</span><span class="n">Error</span><span class="p">{</span> <span class="n">Type</span><span class="o">:</span> <span class="n">UnsupportedMediaType</span><span class="p">,</span> <span class="n">Message</span><span class="o">:</span> <span class="n">reason</span><span class="p">,</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h2> Run Server </h2> <p>Having made the above fixes, you should now be able to run the application. If you would like to see examples of sending HTTP requests (including bodies in formats other than application/json), please check out the video!</p> <p><code>docker-compose up</code></p> <h2> Run All Unit Tests </h2> <p>Let's change into the account folder, and make sure all of our tests pass.</p> <p><code>cd account</code></p> <p><code>go test -v ./...</code></p> <h2> Conclusion </h2> <p>I hope you're now in sync with me! Again, you can also go ahead and checkout the code for the <a href="https://github.com/JacobSNGoodwin/memrizr/tree/lesson-11"><code>lesson-11</code> branch on Github</a> to have these updates.</p> <p>Next time we'll get working on creating a <code>TokenRepository</code> for storing valid refresh tokens in Redis.</p> <p>Hasta entonces, chau!</p> go rest authentication tutorial 10 - Dependency Injection and App Demo Jacob Goodwin Mon, 23 Nov 2020 21:04:27 +0000 https://dev.to/jacobsngoodwin/10-dependency-injection-and-app-demo-1pj5 https://dev.to/jacobsngoodwin/10-dependency-injection-and-app-demo-1pj5 <p>After about two months building and testing pieces of our application, it's time to put the pieces together and run the application again! I apologies for the tedium of the tutorials and commend you for hanging in there!</p> <p>Here's the diagram we've been looking at over the last few tutorials, with check-marks next to things we've completed. </p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2F7vss80cjxhk8n4e3ru8i.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2F7vss80cjxhk8n4e3ru8i.png" alt="Dependency Injection for Signup"></a></p> <p>With these steps completed, we're now able to: </p> <ul> <li>Instantiate a database connection to Postgres from within <code>package main</code> </li> <li>Inject this connection into the <code>UserRepository</code> </li> <li>Inject the <code>UserRepository</code> into the <code>UserService</code> </li> <li>Inject the <code>UserService</code> and <code>TokenService</code> into the <code>Handler</code> layer.</li> </ul> <p>Later we'll also inject a <code>TokenRepository</code> into the <code>TokenService</code>, but I wanted to run this dadgummed application before boring y'all to death!</p> <p>If at any point you are confused about file structure or code, go to <a href="https://github.com/JacobSNGoodwin/memrizr" rel="noopener noreferrer">Github repository</a> and check out the branch for the previous lesson to be in sync with me!</p> <p>The final file structure should be:</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fjby5gmc7orucc6eo4t4m.PNG" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fjby5gmc7orucc6eo4t4m.PNG" alt="File Structure"></a></p> <p>If you prefer video, check out the video version below!<br> <iframe width="710" height="399" src="https://www.youtube.com/embed/_60ozjK46Yc"> </iframe> </p> <h2> Migrating Users Table </h2> <p>Migrations, in my rough definition, are snapshots of each change you make to your database. For each migration, we create two files with SQL statements: one for updating the database, and another for reverting those updates. These files are usually prefixed/suffixed with a sequence or timestamp which indicate the order in which the migrations are applied. </p> <h3> Install golang-migrate CLI </h3> <p>I ended up using a tool called <a href="https://github.com/golang-migrate/migrate/tree/master/cmd/migrate" rel="noopener noreferrer">golang-migrate CLI</a> to create and apply migrations. Check out the link for instructions on how to install the CLI on your OS. I'm just going to install the CLI directly on my machine as it's a bit simpler than setting it up inside of Docker. </p> <p>After installing, make sure to check your installation by running:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>➜ migrate <span class="nt">--version</span> 4.13.0 </code></pre> </div> <h3> Migration Commands </h3> <p>Since remembering all of the command-line arguments for <code>migrate</code> can be difficult, let's update the <code>Makefile</code> with some commands for migrating a database.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight make"><code><span class="nl">.PHONY</span><span class="o">:</span> <span class="nf">keypair migrate-create migrate-up migrate-down migrate-force</span> <span class="nv">PWD</span> <span class="o">=</span> <span class="p">$(</span>shell <span class="nb">pwd</span><span class="p">)</span> <span class="nv">ACCTPATH</span> <span class="o">=</span> <span class="p">$(</span>PWD<span class="p">)</span>/account <span class="nv">MPATH</span> <span class="o">=</span> <span class="p">$(</span>ACCTPATH<span class="p">)</span>/migrations <span class="nv">PORT</span> <span class="o">=</span> 5432 <span class="c"># Default number of migrations to execute up or down </span><span class="nv">N</span> <span class="o">=</span> 1 <span class="c"># Create keypair should be in your file below </span> <span class="nl">migrate-create</span><span class="o">:</span> <span class="p">@</span><span class="nb">echo</span> <span class="s2">"---Creating migration files---"</span> migrate create <span class="nt">-ext</span> sql <span class="nt">-dir</span> <span class="p">$(</span>MPATH<span class="p">)</span> <span class="nt">-seq</span> <span class="nt">-digits</span> 5 <span class="p">$(</span>NAME<span class="p">)</span> <span class="nl">migrate-up</span><span class="o">:</span> migrate <span class="nt">-source</span> file://<span class="p">$(</span>MPATH<span class="p">)</span> <span class="nt">-database</span> postgres://postgres:password@localhost:<span class="p">$(</span>PORT<span class="p">)</span>/postgres?sslmode<span class="o">=</span>disable up <span class="p">$(</span>N<span class="p">)</span> <span class="nl">migrate-down</span><span class="o">:</span> migrate <span class="nt">-source</span> file://<span class="p">$(</span>MPATH<span class="p">)</span> <span class="nt">-database</span> postgres://postgres:password@localhost:<span class="p">$(</span>PORT<span class="p">)</span>/postgres?sslmode<span class="o">=</span>disable down <span class="p">$(</span>N<span class="p">)</span> <span class="nl">migrate-force</span><span class="o">:</span> migrate <span class="nt">-source</span> file://<span class="p">$(</span>MPATH<span class="p">)</span> <span class="nt">-database</span> postgres://postgres:password@localhost:<span class="p">$(</span>PORT<span class="p">)</span>/postgres?sslmode<span class="o">=</span>disable force <span class="p">$(</span>VERSION<span class="p">)</span> </code></pre> </div> <p>What do these commands do?</p> <p><code>migrate-create</code> creates migration files in "sequential order" (-seq) inside of the <code>MPATH</code> folder. That folder will be a <code>~/migrations</code> folder in the account application, which you should create.</p> <p>The next commands are used for applying a discrete number of migrations, as defined by <code>N</code>. The default for <code>N</code> is 1. The <code>migrate-up</code> command applies database updates, and the <code>migrate-down</code> command reverts these updates. </p> <p><code>migrate-force</code> can be used to force a version number (in our case, the sequence number), which is often required if you have to fix an error in a previous migration. I'll admit I still struggle with this, and have to sort of "hack" or manually fix migration issues before forcing a version. </p> <p>The good news is that the migrate CLI has reasonably readable warnings. </p> <h3> Create Migration Files </h3> <p>To create a migration, execute the following from the project root (where the <code>Makefile</code> is), where <code>NAME</code> describes the change you're making:</p> <p><code>make migrate-create NAME=add_users_table</code></p> <p>You'll now have 2 files in the <code>migrations</code> folder (which you have hopefully created). Notice the sequence number is added to the beginning of the file, and that the <code>NAME</code> is added to the end of the file.</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fc5j7fh0awr3bzyp0dsaq.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fc5j7fh0awr3bzyp0dsaq.png" alt="Migration Files"></a></p> <p>Let's add the SQL statements for our first migration to <code>00001_add_users_table.up.sql</code>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">CREATE</span> <span class="n">EXTENSION</span> <span class="n">IF</span> <span class="k">NOT</span> <span class="k">EXISTS</span> <span class="nv">"uuid-ossp"</span><span class="p">;</span> <span class="k">CREATE</span> <span class="k">TABLE</span> <span class="n">IF</span> <span class="k">NOT</span> <span class="k">EXISTS</span> <span class="n">users</span> <span class="p">(</span> <span class="n">uid</span> <span class="n">uuid</span> <span class="k">DEFAULT</span> <span class="n">uuid_generate_v4</span><span class="p">()</span> <span class="k">PRIMARY</span> <span class="k">KEY</span><span class="p">,</span> <span class="n">name</span> <span class="nb">VARCHAR</span> <span class="k">NOT</span> <span class="k">NULL</span> <span class="k">DEFAULT</span> <span class="s1">''</span><span class="p">,</span> <span class="n">email</span> <span class="nb">VARCHAR</span> <span class="k">NOT</span> <span class="k">NULL</span> <span class="k">UNIQUE</span><span class="p">,</span> <span class="n">password</span> <span class="nb">VARCHAR</span> <span class="k">NOT</span> <span class="k">NULL</span><span class="p">,</span> <span class="n">image_url</span> <span class="nb">VARCHAR</span> <span class="k">NOT</span> <span class="k">NULL</span> <span class="k">DEFAULT</span> <span class="s1">''</span><span class="p">,</span> <span class="n">website</span> <span class="nb">VARCHAR</span> <span class="k">NOT</span> <span class="k">NULL</span> <span class="k">DEFAULT</span> <span class="s1">''</span> <span class="p">);</span> </code></pre> </div> <p>The first line adds an extension for creating UUIDs. When we create a user with email and password, UUIDs will be automatically generated for the <code>uid</code> column.</p> <p>All other columns are non-nullable VARCHARs. We will use an empty value to represent no value (like no imageURL). We also require <code>email</code> addresses to be unique.</p> <p>Let's add the "down" statements in <code>00001_add_users_table.down.sql</code>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">DROP</span> <span class="k">TABLE</span> <span class="n">users</span><span class="p">;</span> <span class="k">DROP</span> <span class="n">EXTENSION</span> <span class="n">IF</span> <span class="k">EXISTS</span> <span class="nv">"uuid-ossp"</span><span class="p">;</span> </code></pre> </div> <p>The down file just drops the entire user table and then removes the UUID extension. While this looks simple, you should make sure to drop the table first, as the <code>uid</code> column depends on the UUID extension. Postgres will prevent us from deleting an extension if any remaining table column depends on it.</p> <h3> Update "Auth" to "Account" in Docker-Compose </h3> <p>We need to run our Postgres container to execute apply the migrations.</p> <p>Before running the Postgres container, I want to update some of the naming in our <code>docker-compose.yaml</code> file at the root of our project.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">postgres-account</span><span class="pi">:</span> <span class="s">...</span> <span class="s">volumes</span><span class="err">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">pgdata_account:/var/lib/postgresql/data"</span> <span class="err"> </span><span class="s">...</span> <span class="na">account</span><span class="pi">:</span> <span class="s">...</span> <span class="s">depends_on</span><span class="err">:</span> <span class="pi">-</span> <span class="s">postgres-account</span> <span class="s">...</span> <span class="na">volumes</span><span class="pi">:</span> <span class="na">pgdata_account</span><span class="pi">:</span> </code></pre> </div> <p>First, we'll change the <code>auth</code> suffix of <code>postgres-auth</code> to <code>account</code>. </p> <p>Also make sure to change the <code>depends_on</code> value of the <code>account</code> service, and to change the volume name of <code>postgres-account</code> to <code>pgdata_account</code>.</p> <p>With these updates, let's run this specific service.</p> <p><code>docker-compose up postgres-account</code></p> <p>You should now be able to log into your Postgres server with PSQL, PGAdmin, or your preferred SQL client. (If you check out the video, you can see this in PGAdmin.) If you're a boss and want to use PSQL, enter the following command, then entering "password" when prompted.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>psql <span class="nt">-h</span> localhost <span class="nt">-d</span> postgres <span class="nt">-U</span> postgres </code></pre> </div> <h3> Apply First Migration </h3> <p>With the container running, open up another terminal in the project root.</p> <p>Run <code>make migrate-up</code>.</p> <p>This by default should run migration <code>00001...</code>, if we were to have 2 migrations we could set N=2 to run multiple migrations.</p> <p>Looking at the database, you should see a <code>users</code> table and a <code>schema_migrations</code> table, the latter tracking which migration we're on and whether the migration state is dirty. The dirty flag would be set, for example, if you created an SQL file with an error and tried to migrate it. You'd then need to resolve some issues manually and possibly run <code>make migrate-force</code>. </p> <p>For kicks, let's run the down migration to make sure it works, and then reapply the up migration. </p> <p><code>make migrate-down</code> - <code>make migrate-down</code></p> <p><em>It might be worth going to the video to see me showing this inside of PGAdmin</em></p> <h2> Initialize DB and Inject </h2> <p><em>Queue the <a href="https://youtu.be/IUZEtVbJT5c?t=18" rel="noopener noreferrer">Hallelujah Chorus</a></em></p> <p>Let's review the dependency injection flow (it may help to reference the big diagram at the top). </p> <ol> <li>Initialize a connection to Postgres when our application starts up.</li> <li>Provide or inject this connection into our <code>UserRepository</code> </li> <li>Inject the <code>UserRepository</code> into the <code>UserService</code> </li> <li>Initialize the <code>TokenService</code> </li> <li>Inject the <code>TokenService</code> and <code>UserService</code> into the handler</li> <li>Use the handler in the gin router/engine and start the application.</li> </ol> <p>Then we'll be able to run our application and make HTTP requests to our signup endpoint. </p> <h3> Connect to Postgres </h3> <p>Lets exit out of our currently running docker-compose since we have already migrated our database table and because we need to run both our account application and Postgres containers.</p> <p><code>docker-compose down</code> or <code>ctrl-c</code>.</p> <p>To keep our main file from getting unwieldy, I am going to create a <code>~/data_sources.go</code> file. We'll also use this file later on for initializing our Redis container and Google Cloud Storage Client. We'll also add a <code>close</code> method on <code>dataSources</code> for shutting down all connections when the application closes.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">package</span> <span class="n">main</span> <span class="k">import</span> <span class="p">(</span> <span class="s">"fmt"</span> <span class="s">"log"</span> <span class="s">"os"</span> <span class="s">"github.com/jmoiron/sqlx"</span> <span class="n">_</span> <span class="s">"github.com/lib/pq"</span> <span class="p">)</span> <span class="k">type</span> <span class="n">dataSources</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">DB</span> <span class="o">*</span><span class="n">sqlx</span><span class="o">.</span><span class="n">DB</span> <span class="p">}</span> <span class="c">// InitDS establishes connections to fields in dataSources</span> <span class="k">func</span> <span class="n">initDS</span><span class="p">()</span> <span class="p">(</span><span class="o">*</span><span class="n">dataSources</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span> <span class="n">log</span><span class="o">.</span><span class="n">Printf</span><span class="p">(</span><span class="s">"Initializing data sources</span><span class="se">\n</span><span class="s">"</span><span class="p">)</span> <span class="c">// load env variables - we could pass these in,</span> <span class="c">// but this is sort of just a top-level (main package)</span> <span class="c">// helper function, so I'll just read them in here</span> <span class="n">pgHost</span> <span class="o">:=</span> <span class="n">os</span><span class="o">.</span><span class="n">Getenv</span><span class="p">(</span><span class="s">"PG_HOST"</span><span class="p">)</span> <span class="n">pgPort</span> <span class="o">:=</span> <span class="n">os</span><span class="o">.</span><span class="n">Getenv</span><span class="p">(</span><span class="s">"PG_PORT"</span><span class="p">)</span> <span class="n">pgUser</span> <span class="o">:=</span> <span class="n">os</span><span class="o">.</span><span class="n">Getenv</span><span class="p">(</span><span class="s">"PG_USER"</span><span class="p">)</span> <span class="n">pgPassword</span> <span class="o">:=</span> <span class="n">os</span><span class="o">.</span><span class="n">Getenv</span><span class="p">(</span><span class="s">"PG_PASSWORD"</span><span class="p">)</span> <span class="n">pgDB</span> <span class="o">:=</span> <span class="n">os</span><span class="o">.</span><span class="n">Getenv</span><span class="p">(</span><span class="s">"PG_DB"</span><span class="p">)</span> <span class="n">pgSSL</span> <span class="o">:=</span> <span class="n">os</span><span class="o">.</span><span class="n">Getenv</span><span class="p">(</span><span class="s">"PG_SSL"</span><span class="p">)</span> <span class="n">pgConnString</span> <span class="o">:=</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Sprintf</span><span class="p">(</span><span class="s">"host=%s port=%s user=%s password=%s dbname=%s sslmode=%s"</span><span class="p">,</span> <span class="n">pgHost</span><span class="p">,</span> <span class="n">pgPort</span><span class="p">,</span> <span class="n">pgUser</span><span class="p">,</span> <span class="n">pgPassword</span><span class="p">,</span> <span class="n">pgDB</span><span class="p">,</span> <span class="n">pgSSL</span><span class="p">)</span> <span class="n">log</span><span class="o">.</span><span class="n">Printf</span><span class="p">(</span><span class="s">"Connecting to Postgresql</span><span class="se">\n</span><span class="s">"</span><span class="p">)</span> <span class="n">db</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">sqlx</span><span class="o">.</span><span class="n">Open</span><span class="p">(</span><span class="s">"postgres"</span><span class="p">,</span> <span class="n">pgConnString</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Errorf</span><span class="p">(</span><span class="s">"error opening db: %w"</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span> <span class="p">}</span> <span class="c">// Verify database connection is working</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">db</span><span class="o">.</span><span class="n">Ping</span><span class="p">();</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Errorf</span><span class="p">(</span><span class="s">"error connecting to db: %w"</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span> <span class="p">}</span> <span class="k">return</span> <span class="o">&amp;</span><span class="n">dataSources</span><span class="p">{</span> <span class="n">DB</span><span class="o">:</span> <span class="n">db</span><span class="p">,</span> <span class="p">},</span> <span class="no">nil</span> <span class="p">}</span> <span class="c">// close to be used in graceful server shutdown</span> <span class="k">func</span> <span class="p">(</span><span class="n">d</span> <span class="o">*</span><span class="n">dataSources</span><span class="p">)</span> <span class="nb">close</span><span class="p">()</span> <span class="kt">error</span> <span class="p">{</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">d</span><span class="o">.</span><span class="n">DB</span><span class="o">.</span><span class="n">Close</span><span class="p">();</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Errorf</span><span class="p">(</span><span class="s">"error closing Postgresql: %w"</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span> <span class="p">}</span> <span class="k">return</span> <span class="no">nil</span> <span class="p">}</span> </code></pre> </div> <p>An important note in this code is that we must import the Postgres driver, <code>_ "github.com/lib/pq"</code>, in order to establish a connection to Postgres with the SQLX library.</p> <p>We also read in environment variables with SQL connection information. I'll explain where these come from in a moment.</p> <p>From the environment variables, we create a formatted connection string, and make sure we can ping the database server to verify our connection is working. This function returns a package private <code>datasources</code> struct which will be used as input for our dependency injection.</p> <h3> Environment variables </h3> <p>Let's go back to the environment variables.</p> <p>Recall that in our <code>docker-compose.yaml</code> file, under our account service we have an <code>env_file</code> key which references our <code>.env.dev</code> file. Docker-compose will load environment variables from this file and make them available to our <code>account</code> application. </p> <p>I actually want to move the <code>.env.dev</code> file into the <code>account</code> project folder. To continue following along, do so now!</p> <p>Inside of <code>docker-compose.yaml</code>, let's update:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">env_file</span><span class="pi">:</span> <span class="s">./account/.env.dev</span> </code></pre> </div> <p>Then update the <code>.env.dev</code> file:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>ACCOUNT_API_URL=/api/account PG_HOST=postgres-account PG_PORT=5432 PG_USER=postgres PG_PASSWORD=password PG_DB=postgres PG_SSL=disable REFRESH_SECRET=areallynotsuperg00ds33cret PRIV_KEY_FILE=./rsa_private_dev.pem PUB_KEY_FILE=./rsa_public_dev.pem </code></pre> </div> <p>In addition to Postgres connection string variables, I've also added paths to our RSA keys. We'll create the necessary keypair soon.</p> <p>Back inside of <code>main.go</code>, let's initialize the <code>datasources</code> at the top of the function.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code> <span class="n">log</span><span class="o">.</span><span class="n">Println</span><span class="p">(</span><span class="s">"Starting server..."</span><span class="p">)</span> <span class="c">// initialize data sources</span> <span class="n">ds</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">initDS</span><span class="p">()</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">log</span><span class="o">.</span><span class="n">Fatalf</span><span class="p">(</span><span class="s">"Unable to initialize data sources: %v</span><span class="se">\n</span><span class="s">"</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span> <span class="p">}</span> </code></pre> </div> <p>I also encourage you to add the <code>close</code> method at the end of <code>main.go</code> for shutting down the <code>datasources</code>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code> <span class="o">...</span> <span class="c">// The context is used to inform the server it has 5 seconds to finish</span> <span class="c">// the request it is currently handling</span> <span class="n">ctx</span><span class="p">,</span> <span class="n">cancel</span> <span class="o">:=</span> <span class="n">context</span><span class="o">.</span><span class="n">WithTimeout</span><span class="p">(</span><span class="n">context</span><span class="o">.</span><span class="n">Background</span><span class="p">(),</span> <span class="m">5</span><span class="o">*</span><span class="n">time</span><span class="o">.</span><span class="n">Second</span><span class="p">)</span> <span class="k">defer</span> <span class="n">cancel</span><span class="p">()</span> <span class="c">// shutdown data sources</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">ds</span><span class="o">.</span><span class="nb">close</span><span class="p">();</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">log</span><span class="o">.</span><span class="n">Fatalf</span><span class="p">(</span><span class="s">"A problem occurred gracefully shutting down data sources: %v</span><span class="se">\n</span><span class="s">"</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span> <span class="p">}</span> <span class="c">// Shutdown server</span> <span class="n">log</span><span class="o">.</span><span class="n">Println</span><span class="p">(</span><span class="s">"Shutting down server..."</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">srv</span><span class="o">.</span><span class="n">Shutdown</span><span class="p">(</span><span class="n">ctx</span><span class="p">);</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">log</span><span class="o">.</span><span class="n">Fatalf</span><span class="p">(</span><span class="s">"Server forced to shutdown: %v</span><span class="se">\n</span><span class="s">"</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span> <span class="p">}</span> <span class="o">...</span> </code></pre> </div> <p>Now we can run <code>docker-compose up</code>, and our account application should successfully connect to the database (check account and postgres-account docker logs).</p> <h2> Dependency Injection </h2> <p>Let's create a file called <code>injection.go</code> at the root of the account application.</p> <p>This file will be a little long, but aside from loading key files, it's mostly just making calls to the factories in our service and repository layers to make sure our handler gets access to the concrete implementations of our app's features.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">package</span> <span class="n">main</span> <span class="c">// your imports here</span> <span class="c">// will initialize a handler starting from data sources</span> <span class="c">// which inject into repository layer</span> <span class="c">// which inject into service layer</span> <span class="c">// which inject into handler layer</span> <span class="k">func</span> <span class="n">inject</span><span class="p">(</span><span class="n">d</span> <span class="o">*</span><span class="n">dataSources</span><span class="p">)</span> <span class="p">(</span><span class="o">*</span><span class="n">gin</span><span class="o">.</span><span class="n">Engine</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span> <span class="n">log</span><span class="o">.</span><span class="n">Println</span><span class="p">(</span><span class="s">"Injecting data sources"</span><span class="p">)</span> <span class="c">/* * repository layer */</span> <span class="n">userRepository</span> <span class="o">:=</span> <span class="n">repository</span><span class="o">.</span><span class="n">NewUserRepository</span><span class="p">(</span><span class="n">d</span><span class="o">.</span><span class="n">DB</span><span class="p">)</span> <span class="c">/* * repository layer */</span> <span class="n">userService</span> <span class="o">:=</span> <span class="n">service</span><span class="o">.</span><span class="n">NewUserService</span><span class="p">(</span><span class="o">&amp;</span><span class="n">service</span><span class="o">.</span><span class="n">USConfig</span><span class="p">{</span> <span class="n">UserRepository</span><span class="o">:</span> <span class="n">userRepository</span><span class="p">,</span> <span class="p">})</span> <span class="c">// load rsa keys</span> <span class="n">privKeyFile</span> <span class="o">:=</span> <span class="n">os</span><span class="o">.</span><span class="n">Getenv</span><span class="p">(</span><span class="s">"PRIV_KEY_FILE"</span><span class="p">)</span> <span class="n">priv</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">ioutil</span><span class="o">.</span><span class="n">ReadFile</span><span class="p">(</span><span class="n">privKeyFile</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Errorf</span><span class="p">(</span><span class="s">"could not read private key pem file: %w"</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span> <span class="p">}</span> <span class="n">privKey</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">jwt</span><span class="o">.</span><span class="n">ParseRSAPrivateKeyFromPEM</span><span class="p">(</span><span class="n">priv</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Errorf</span><span class="p">(</span><span class="s">"could not parse private key: %w"</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span> <span class="p">}</span> <span class="n">pubKeyFile</span> <span class="o">:=</span> <span class="n">os</span><span class="o">.</span><span class="n">Getenv</span><span class="p">(</span><span class="s">"PUB_KEY_FILE"</span><span class="p">)</span> <span class="n">pub</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">ioutil</span><span class="o">.</span><span class="n">ReadFile</span><span class="p">(</span><span class="n">pubKeyFile</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Errorf</span><span class="p">(</span><span class="s">"could not read public key pem file: %w"</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span> <span class="p">}</span> <span class="n">pubKey</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">jwt</span><span class="o">.</span><span class="n">ParseRSAPublicKeyFromPEM</span><span class="p">(</span><span class="n">pub</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Errorf</span><span class="p">(</span><span class="s">"could not parse public key: %w"</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span> <span class="p">}</span> <span class="c">// load refresh token secret from env variable</span> <span class="n">refreshSecret</span> <span class="o">:=</span> <span class="n">os</span><span class="o">.</span><span class="n">Getenv</span><span class="p">(</span><span class="s">"REFRESH_SECRET"</span><span class="p">)</span> <span class="n">tokenService</span> <span class="o">:=</span> <span class="n">service</span><span class="o">.</span><span class="n">NewTokenService</span><span class="p">(</span><span class="o">&amp;</span><span class="n">service</span><span class="o">.</span><span class="n">TSConfig</span><span class="p">{</span> <span class="n">PrivKey</span><span class="o">:</span> <span class="n">privKey</span><span class="p">,</span> <span class="n">PubKey</span><span class="o">:</span> <span class="n">pubKey</span><span class="p">,</span> <span class="n">RefreshSecret</span><span class="o">:</span> <span class="n">refreshSecret</span><span class="p">,</span> <span class="p">})</span> <span class="c">// initialize gin.Engine</span> <span class="n">router</span> <span class="o">:=</span> <span class="n">gin</span><span class="o">.</span><span class="n">Default</span><span class="p">()</span> <span class="n">handler</span><span class="o">.</span><span class="n">NewHandler</span><span class="p">(</span><span class="o">&amp;</span><span class="n">handler</span><span class="o">.</span><span class="n">Config</span><span class="p">{</span> <span class="n">R</span><span class="o">:</span> <span class="n">router</span><span class="p">,</span> <span class="n">UserService</span><span class="o">:</span> <span class="n">userService</span><span class="p">,</span> <span class="n">TokenService</span><span class="o">:</span> <span class="n">tokenService</span><span class="p">,</span> <span class="p">})</span> <span class="k">return</span> <span class="n">router</span><span class="p">,</span> <span class="no">nil</span> <span class="p">}</span> </code></pre> </div> <p>We'll initialize the router, or <code>*gin.Engine</code>, in this injection file instead of in the main file. </p> <p>This means we can remove the initialization of gin in <code>main.go</code>, and instead call this <code>inject</code> function.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="c">// router := gin.Default() &lt;- remove this line</span> <span class="n">router</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">inject</span><span class="p">(</span><span class="n">ds</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">log</span><span class="o">.</span><span class="n">Fatalf</span><span class="p">(</span><span class="s">"Failure to inject data sources: %v</span><span class="se">\n</span><span class="s">"</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span> <span class="p">}</span> <span class="n">srv</span> <span class="o">:=</span> <span class="o">&amp;</span><span class="n">http</span><span class="o">.</span><span class="n">Server</span><span class="p">{</span> <span class="n">Addr</span><span class="o">:</span> <span class="s">":8080"</span><span class="p">,</span> <span class="n">Handler</span><span class="o">:</span> <span class="n">router</span><span class="p">,</span> <span class="p">}</span> </code></pre> </div> <p>In our environment file, <code>.env.dev</code>, we reference a "dev.pem" file. So let's create a second key-pair, though in reality we could just use test keys that we created in the last tutorial.</p> <p><code>make create-keypair ENV=dev</code></p> <h2> Sending Requests </h2> <p>Let's send some requests to our application to make sure it works. I'll include the curl command here, but you can check out how to do this in Postman in the video.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>curl --location --request POST 'http://malcorp.test/api/account/signup' \ --header 'Content-Type: application/json' \ --data-raw '{ "email": "guy01@guy.com", "password":"validpassword123" }' </code></pre> </div> <p>You should get a response with an <code>idToken</code> and a <code>refreshToken</code>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"tokens"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"idToken"</span><span class="p">:</span><span class="w"> </span><span class="s2">"eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyIjp7InVpZCI6ImY2ZTUxOTVhLWMzYjgtNGE4YS1hNTU0LWMzNzgxMGYxOTZmZiIsImVtYWlsIjoiZ3V5MDFAZ3V5LmNvbSIsIm5hbWUiOiIiLCJpbWFnZVVybCI6IiIsIndlYnNpdGUiOiIifSwiZXhwIjoxNjA1OTE0NDk2LCJpYXQiOjE2MDU5MTM1OTZ9.Q62fFJLNkTpG1uoB5ikMG_N2KgDXPNz12rSuXjOImVxW_JWditBeE3pYo6AC89cadKtMbDDW9M4D5sCT43LKLVpB7TUuWkGRxMTakXmF_aBg-bWaQMcQHPi9qzWooc_Hpd0zfFA06-mZNJTwFXQhY_p1rfj-L0BFEqFmm9xmBj3xHQaH14elKkzxA8f4RY9ihjpDio_uo_xGjDWfqbhX4rSt_C5OgX5YgfzgywACMILFZ--KWucTWbcBHTwvyJMzggqYjqkHoykWX1Py7aod96Oa-YGMh_mBE8pAZrnQ9-6I2O45DDUZa-4ZiK40u_0Vu9VGuF39fhnaV1SyIpTuiA"</span><span class="p">,</span><span class="w"> </span><span class="nl">"refreshToken"</span><span class="p">:</span><span class="w"> </span><span class="s2">"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1aWQiOiJmNmU1MTk1YS1jM2I4LTRhOGEtYTU1NC1jMzc4MTBmMTk2ZmYiLCJleHAiOjE2MDYxNzI3OTYsImp0aSI6ImEzYjQ5ODQ4LTZiZTItNDVkOC05YmYzLTJkYjFiOTE5NGE0YiIsImlhdCI6MTYwNTkxMzU5Nn0.7oZRdPmEWjQnYsa1u19IiAspO__Q3vJzArbE8V9oBLU"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>Sweetness! I recommend you copy these tokens into the <a href="https://jwt.io/" rel="noopener noreferrer">jwt.io debugger</a> to see if the payloads are what you expect. You can even copy the key files or refresh secret into the debugger to verify the token signatures!</p> <p>If you try running the same request again, you should get a conflict error. since the user already exists.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"error"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"CONFLICT"</span><span class="p">,</span><span class="w"> </span><span class="nl">"message"</span><span class="p">:</span><span class="w"> </span><span class="s2">"resource: email with value: guy01@guy.com already exists"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <h2> Conclusion </h2> <p>That's it for today. I'm not gonna lie, these last three tutorials were kinda of a b!@#$! For any of you that have read or watched even a segment here or there, thanks so much! That makes doing this worth while! I hope you've learned half as much as I have!</p> <p>Next time, we'll do some cleanup. In two tutorials, we'll create a <code>TokenRepository</code> for storing refresh tokens in Redis. After that, we'll create a "handler timeout" middleware. While golang's http server has some nice settings for read and write timeouts between server and client, we want to create a timeout for the handler's themselves. While golang has <a href="https://golang.org/pkg/net/http/#TimeoutHandler" rel="noopener noreferrer">this</a>, it's not directly compatible with gin or with sending JSON responses.</p> <p>¡Bueno! De nuevo, les agradezco. ¡Chau!</p> go rest authentication tutorial 09 - Token Creation Jacob Goodwin Tue, 17 Nov 2020 16:58:59 +0000 https://dev.to/jacobsngoodwin/09-token-creation-gjh https://dev.to/jacobsngoodwin/09-token-creation-gjh <p>We just implemented a <code>Signup</code> method in our <code>UserService</code> and a <code>Create</code> method in our <code>UserRepository</code>. We can see these completed features in the diagram below!</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fnn3fpgujharedctsx4op.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fnn3fpgujharedctsx4op.png" alt="Account Progress"></a></p> <p>Referencing the diagram, we can see that we have two tasks to perform in order to send POST requests to our endpoint (/api/account/signup):</p> <ol> <li>Create an implementation of the NewPairFromUser method of the <code>TokenService</code>. </li> <li>Establish a connection to our development Postgres server from inside of our application, and perform dependency injection so that we can use concrete implementations of our services and repository. We should then be able to run <code>docker-compose up</code> to get our reload server environment running and make calls to our signup endpoint. </li> </ol> <p>We'll complete number 1 today!</p> <p>If at any point you are confused about file structure or code, go to <a href="https://github.com/JacobSNGoodwin/memrizr" rel="noopener noreferrer">Github repository</a> and check out the branch for the previous lesson to be in sync with me!</p> <p>If you prefer video, check out the video version below!<br> <iframe width="710" height="399" src="https://www.youtube.com/embed/Qb_eR2M4aGI"> </iframe> </p> <h2> Create NewPairFromUser in TokenService </h2> <p>Let's go back to the <code>Signup</code> handler in <code>~/model/interfaces.go</code> to remind ourselves of the call signature of <code>NewPairFromUser</code>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">type</span> <span class="n">TokenService</span> <span class="k">interface</span> <span class="p">{</span> <span class="n">NewPairFromUser</span><span class="p">(</span><span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">,</span> <span class="n">u</span> <span class="o">*</span><span class="n">User</span><span class="p">,</span> <span class="n">prevTokenID</span> <span class="kt">string</span><span class="p">)</span> <span class="p">(</span><span class="o">*</span><span class="n">TokenPair</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">}</span> </code></pre> </div> <p>The second parameter is a <code>User</code>. This user will be created in the <code>Signup</code> handler before we call <code>NewPairFromUser</code>. The final parameter, <code>prevTokenID</code> is for passing the ID of the user's current refresh token so that it can be invalidated before providing a new refresh token. We pass an empty string for this parameter when signing up a user as the user won't yet have a token. </p> <p>We're not going handle this token ID for a couple of tutorials, as it requires setting up a Redis database and a <code>TokenRepository</code>.</p> <p>Let's create a file, <code>~/service/token_service.go</code>, for our <code>TokenService</code> implementation.</p> <p>Inside, create a <code>TokenService struct</code> to define this service's dependencies.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="c">// TokenService used for injecting an implementation of TokenRepository</span> <span class="c">// for use in service methods along with keys and secrets for</span> <span class="c">// signing JWTs</span> <span class="k">type</span> <span class="n">TokenService</span> <span class="k">struct</span> <span class="p">{</span> <span class="c">// TokenRepository model.TokenRepository</span> <span class="n">PrivKey</span> <span class="o">*</span><span class="n">rsa</span><span class="o">.</span><span class="n">PrivateKey</span> <span class="n">PubKey</span> <span class="o">*</span><span class="n">rsa</span><span class="o">.</span><span class="n">PublicKey</span> <span class="n">RefreshSecret</span> <span class="kt">string</span> <span class="p">}</span> <span class="c">// TSConfig will hold repositories that will eventually be injected into this</span> <span class="c">// this service layer</span> <span class="k">type</span> <span class="n">TSConfig</span> <span class="k">struct</span> <span class="p">{</span> <span class="c">// TokenRepository model.TokenRepository</span> <span class="n">PrivKey</span> <span class="o">*</span><span class="n">rsa</span><span class="o">.</span><span class="n">PrivateKey</span> <span class="n">PubKey</span> <span class="o">*</span><span class="n">rsa</span><span class="o">.</span><span class="n">PublicKey</span> <span class="n">RefreshSecret</span> <span class="kt">string</span> <span class="p">}</span> <span class="c">// NewTokenService is a factory function for</span> <span class="c">// initializing a UserService with its repository layer dependencies</span> <span class="k">func</span> <span class="n">NewTokenService</span><span class="p">(</span><span class="n">c</span> <span class="o">*</span><span class="n">TSConfig</span><span class="p">)</span> <span class="n">model</span><span class="o">.</span><span class="n">TokenService</span> <span class="p">{</span> <span class="k">return</span> <span class="o">&amp;</span><span class="n">TokenService</span><span class="p">{</span> <span class="n">PrivKey</span><span class="o">:</span> <span class="n">c</span><span class="o">.</span><span class="n">PrivKey</span><span class="p">,</span> <span class="n">PubKey</span><span class="o">:</span> <span class="n">c</span><span class="o">.</span><span class="n">PubKey</span><span class="p">,</span> <span class="n">RefreshSecret</span><span class="o">:</span> <span class="n">c</span><span class="o">.</span><span class="n">RefreshSecret</span><span class="p">,</span> <span class="p">}</span> <span class="p">}</span> <span class="c">// NewPairFromUser creates fresh id and refresh tokens for the current user</span> <span class="c">// If a previous token is included, the previous token is removed from</span> <span class="c">// the tokens repository</span> <span class="k">func</span> <span class="p">(</span><span class="n">s</span> <span class="o">*</span><span class="n">TokenService</span><span class="p">)</span> <span class="n">NewPairFromUser</span><span class="p">(</span><span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">,</span> <span class="n">u</span> <span class="o">*</span><span class="n">model</span><span class="o">.</span><span class="n">User</span><span class="p">,</span> <span class="n">prevTokenID</span> <span class="kt">string</span><span class="p">)</span> <span class="p">(</span><span class="o">*</span><span class="n">model</span><span class="o">.</span><span class="n">TokenPair</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span> <span class="nb">panic</span><span class="p">(</span><span class="s">"Not implemented"</span><span class="p">)</span> <span class="p">}</span> </code></pre> </div> <blockquote> <p>Note: I've been making a mistake in creating the struct containers for the various services and repository. The <code>TokenService</code> should be package private, and therefore lowercase. The factory will return a <code>model.TokenService</code> interface. Making the <code>TokenService struct</code> package private will make it so the only way to instantiate the service is through the factory, and not by directly creating a struct. I'll clean this up in two tutorials!</p> </blockquote> <p>What are the public and private keys, and refresh secret, in the <code>TokenService</code>? We'll be using JSON Web Tokens as our authorization mechanism. Let's do a little primer about what these are so we can then fill in the implementation details for the <code>NewPairFromUser</code> method.</p> <h2> JSON Web Token (JWT) Explanation </h2> <p>I highly recommend you check out the <a href="https://jwt.io/introduction/" rel="noopener noreferrer">jwt.io Introduction</a> as that's what I'm using for this explanation.</p> <h3> How They Are Used </h3> <p>For authorizing users to use resources in this application, or other applications/services within our organization. From <a href="https://jwt.io/introduction/" rel="noopener noreferrer">jwt.io</a>: "Once the user is logged in, each subsequent request will include the JWT, allowing the user to access routes, services, and resources that are permitted with that token."</p> <h3> Token Structure </h3> <p>It's just a 3-part string, <code>xxxxx.yyyyy.zzzzz</code>, where:</p> <ul> <li> <code>xxxxx</code> represents a "header".</li> <li> <code>yyyyy</code> represents a "payload".</li> <li> <code>zzzzz</code> represents a "signature".</li> </ul> <p>The header and payload are written in JSON, and then encoded as Base64URLs. When the JWT is encoded and signed, it looks something like:<br> <code>eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c</code>.</p> <h4> Header </h4> <p>The header tells what signing algorithm was used.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"alg"</span><span class="p">:</span><span class="w"> </span><span class="s2">"HS256"</span><span class="p">,</span><span class="w"> </span><span class="nl">"typ"</span><span class="p">:</span><span class="w"> </span><span class="s2">"JWT"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>We're going to use RS256 (RSA) for signing the <code>idToken</code> and HS256 (HMAC) for signing the <code>refreshToken</code>.</p> <h4> Payload </h4> <p>The payload's JSON keys provide information about the user. There are some <a href="https://tools.ietf.org/html/rfc7519#section-4.1" rel="noopener noreferrer">registered claims</a> which most JWT libraries support by default (like "exp," the expiration time). You can add your own set of claims, some of which are standardized, or <a href="https://www.iana.org/assignments/jwt/jwt.xhtml" rel="noopener noreferrer">registered</a>. </p> <h4> Signature </h4> <p>From <a href="https://jwt.io/introduction/" rel="noopener noreferrer">jwt.io</a>:</p> <p>"The signature is used to verify the message wasn't changed along the way, and, in the case of tokens signed with a private key, it can also verify that the sender of the JWT is who it says it is."</p> <p>As an example, let's say the payload has an <code>isAdmin</code> boolean key that is set to false. If someone were to steal this token and attempt to change <code>isAdmin</code> to true, the token would no longer be valid with the given signature and private signing key.</p> <p>Note however, that the JWT is easily readable since Base64Urls can easily be read (for example, by copying it into a converter online or in libraries in most programming languages). Therefore, you do not want to include sensitive information in the token (like a National ID or SSN, date of birth, etc).</p> <h2> ID and RefreshTokens in Our App </h2> <p>Remember that we have defined a <code>TokenPair</code> to return upon successful signup. Let's take a look at another diagram of our authorization flow to understand how these are used.</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fti85be1oto4xm0avyi87.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fti85be1oto4xm0avyi87.png" alt="Token Auth Scheme"></a></p> <p>One of the two purposes of this account application is to authorize users to access various services or applications in our domain. </p> <p>When a user supplies a valid email and password combination (authenticated), the account application provides two tokens. Both of these tokens are JWTs, but they serve different purposes. </p> <h3> idToken </h3> <p>The <code>idToken</code> provides the information from the <code>model.User</code> we've been using in our application. Be careful not to return any sensitive user information as I previously mentioned.</p> <p>The <code>idToken</code> is "short-lived." We'll make this token valid for 15 minutes to limit the time frame over which damage can be done if this token is stolen. You can make this longer or shorter in your application. </p> <p>The <code>idToken</code> will be signed with an <em>rsa private key</em>, and verified with an <em>rsa public key</em>. We'll create this "key pair" soon. The public key will be provided to the various applications in our organization that need to verify that a user is authorized.</p> <h3> refreshToken </h3> <p>The <code>refreshToken</code> will be valid for a longer time frame. We'll set it to 3 days in our application. The purpose of this token is to improve the user-experience of the application so that they need not continually log in. If the user's <code>idToken</code> is expired, or if a client application loads for the first time, it may send its <code>refreshToken</code> to our Account Application to request a new <code>idToken.</code> </p> <p>There are some major differences between these 2 tokens. </p> <ul> <li>The refreshToken will not hold any user information beyond an id.</li> <li>The refreshToken is only verified in the account application. We don't provide the secret to other applications or services. We'll also sign this token with a secret string (HMAC), instead of an RSA key. This is a symmetric signing algorithm, meaning the same key is used for signing and verifying JWTs.</li> <li>We'll eventually store a list of valid refresh tokens in Redis. If a user feels their account is compromised, they can authenticate by logging in, and choose to log out of all devices. This will invalidate all of their refresh tokens. <code>idTokens</code> are not stored anywhere, but expire in 15 minutes.</li> </ul> <h3> An Important Note </h3> <p>There is a "friendly" debate about the failings of JWTs as well as how to store them client-side. I previously addressed this at the end of <a href="https://dev.to/jacobsngoodwin/07-completing-signup-handler-in-gin-token-creation-1ikc">Tutorial 07</a>.</p> <p>Beyond using JWTs for authorization, you might consider requiring re-authentication for important actions like changing sensitive user details or performing financial transactions. There are also considerations such as using 2-factor authentication, which we won't implement. </p> <h2> Adding Token Utility Functions </h2> <p>We'll create some token utility functions in the same way we did for passwords.</p> <p>Create <code>~/service/tokens.go</code>. </p> <p>We'll be working with a new package called <code>github.com/dgrijalva/jwt-go</code>. So make sure to include this in your imports and/or run <code>go get github.com/dgrijalva/jwt-go</code>.</p> <p>Let's now add code for <em>generating</em> tokens. We'll add some functions for <em>verifying</em> tokens when we add signin and token refreshing features to our API.</p> <h3> idToken Generation </h3> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">package</span> <span class="n">service</span> <span class="k">import</span> <span class="p">(</span> <span class="s">"crypto/rsa"</span> <span class="s">"log"</span> <span class="s">"time"</span> <span class="s">"github.com/dgrijalva/jwt-go"</span> <span class="s">"github.com/google/uuid"</span> <span class="s">"github.com/jacobsngoodwin/memrizr/account/model"</span> <span class="p">)</span> <span class="c">// IDTokenCustomClaims holds structure of jwt claims of idToken</span> <span class="k">type</span> <span class="n">IDTokenCustomClaims</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">User</span> <span class="o">*</span><span class="n">model</span><span class="o">.</span><span class="n">User</span> <span class="s">`json:"user"`</span> <span class="n">jwt</span><span class="o">.</span><span class="n">StandardClaims</span> <span class="p">}</span> <span class="c">// generateIDToken generates an IDToken which is a jwt with myCustomClaims</span> <span class="c">// Could call this GenerateIDTokenString, but the signature makes this fairly clear</span> <span class="k">func</span> <span class="n">generateIDToken</span><span class="p">(</span><span class="n">u</span> <span class="o">*</span><span class="n">model</span><span class="o">.</span><span class="n">User</span><span class="p">,</span> <span class="n">key</span> <span class="o">*</span><span class="n">rsa</span><span class="o">.</span><span class="n">PrivateKey</span><span class="p">)</span> <span class="p">(</span><span class="kt">string</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span> <span class="n">unixTime</span> <span class="o">:=</span> <span class="n">time</span><span class="o">.</span><span class="n">Now</span><span class="p">()</span><span class="o">.</span><span class="n">Unix</span><span class="p">()</span> <span class="n">tokenExp</span> <span class="o">:=</span> <span class="n">unixTime</span> <span class="o">+</span> <span class="m">60</span><span class="o">*</span><span class="m">15</span> <span class="c">// 15 minutes from current time</span> <span class="n">claims</span> <span class="o">:=</span> <span class="n">IDTokenCustomClaims</span><span class="p">{</span> <span class="n">User</span><span class="o">:</span> <span class="n">u</span><span class="p">,</span> <span class="n">StandardClaims</span><span class="o">:</span> <span class="n">jwt</span><span class="o">.</span><span class="n">StandardClaims</span><span class="p">{</span> <span class="n">IssuedAt</span><span class="o">:</span> <span class="n">unixTime</span><span class="p">,</span> <span class="n">ExpiresAt</span><span class="o">:</span> <span class="n">tokenExp</span><span class="p">,</span> <span class="p">},</span> <span class="p">}</span> <span class="n">token</span> <span class="o">:=</span> <span class="n">jwt</span><span class="o">.</span><span class="n">NewWithClaims</span><span class="p">(</span><span class="n">jwt</span><span class="o">.</span><span class="n">SigningMethodRS256</span><span class="p">,</span> <span class="n">claims</span><span class="p">)</span> <span class="n">ss</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">token</span><span class="o">.</span><span class="n">SignedString</span><span class="p">(</span><span class="n">key</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">log</span><span class="o">.</span><span class="n">Println</span><span class="p">(</span><span class="s">"Failed to sign id token string"</span><span class="p">)</span> <span class="k">return</span> <span class="s">""</span><span class="p">,</span> <span class="n">err</span> <span class="p">}</span> <span class="k">return</span> <span class="n">ss</span><span class="p">,</span> <span class="no">nil</span> <span class="p">}</span> </code></pre> </div> <p>Inside we do the following:</p> <ol> <li>Define the structure of the payload portion the the JWT. If you recall, there are some predefined claims that JWTs can use, which our imported JWT library implements with <code>jwt.StandardClaims</code>. We also add properties of our User model as "public" or "custom" claims.</li> <li>We set an expiry time of 15 minutes, using Unix time in seconds. (Don't let me forget to set this with an environment variable at some point 🤣).</li> <li>We then create a <code>Token</code>, which is a type from the JWT library, then call the <code>SignedString</code> method to sign it with our RSA private key.</li> <li>We return this signed string, <code>ss</code>.</li> </ol> <h2> refreshToken Generation </h2> <p>Refresh tokens will be generated in a similar manner with a few differences.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="c">// RefreshToken holds the actual signed jwt string along with the ID</span> <span class="c">// We return the id so it can be used without re-parsing the JWT from signed string</span> <span class="k">type</span> <span class="n">RefreshToken</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">SS</span> <span class="kt">string</span> <span class="n">ID</span> <span class="kt">string</span> <span class="n">ExpiresIn</span> <span class="n">time</span><span class="o">.</span><span class="n">Duration</span> <span class="p">}</span> <span class="c">// RefreshTokenCustomClaims holds the payload of a refresh token</span> <span class="c">// This can be used to extract user id for subsequent</span> <span class="c">// application operations (IE, fetch user in Redis)</span> <span class="k">type</span> <span class="n">RefreshTokenCustomClaims</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">UID</span> <span class="n">uuid</span><span class="o">.</span><span class="n">UUID</span> <span class="s">`json:"uid"`</span> <span class="n">jwt</span><span class="o">.</span><span class="n">StandardClaims</span> <span class="p">}</span> <span class="c">// generateRefreshToken creates a refresh token</span> <span class="c">// The refresh token stores only the user's ID, a string</span> <span class="k">func</span> <span class="n">generateRefreshToken</span><span class="p">(</span><span class="n">uid</span> <span class="n">uuid</span><span class="o">.</span><span class="n">UUID</span><span class="p">,</span> <span class="n">key</span> <span class="kt">string</span><span class="p">)</span> <span class="p">(</span><span class="o">*</span><span class="n">RefreshToken</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span> <span class="n">currentTime</span> <span class="o">:=</span> <span class="n">time</span><span class="o">.</span><span class="n">Now</span><span class="p">()</span> <span class="n">tokenExp</span> <span class="o">:=</span> <span class="n">currentTime</span><span class="o">.</span><span class="n">AddDate</span><span class="p">(</span><span class="m">0</span><span class="p">,</span> <span class="m">0</span><span class="p">,</span> <span class="m">3</span><span class="p">)</span> <span class="c">// 3 days</span> <span class="n">tokenID</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">uuid</span><span class="o">.</span><span class="n">NewRandom</span><span class="p">()</span> <span class="c">// v4 uuid in the google uuid lib</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">log</span><span class="o">.</span><span class="n">Println</span><span class="p">(</span><span class="s">"Failed to generate refresh token ID"</span><span class="p">)</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">err</span> <span class="p">}</span> <span class="n">claims</span> <span class="o">:=</span> <span class="n">RefreshTokenCustomClaims</span><span class="p">{</span> <span class="n">UID</span><span class="o">:</span> <span class="n">uid</span><span class="p">,</span> <span class="n">StandardClaims</span><span class="o">:</span> <span class="n">jwt</span><span class="o">.</span><span class="n">StandardClaims</span><span class="p">{</span> <span class="n">IssuedAt</span><span class="o">:</span> <span class="n">currentTime</span><span class="o">.</span><span class="n">Unix</span><span class="p">(),</span> <span class="n">ExpiresAt</span><span class="o">:</span> <span class="n">tokenExp</span><span class="o">.</span><span class="n">Unix</span><span class="p">(),</span> <span class="n">Id</span><span class="o">:</span> <span class="n">tokenID</span><span class="o">.</span><span class="n">String</span><span class="p">(),</span> <span class="p">},</span> <span class="p">}</span> <span class="n">token</span> <span class="o">:=</span> <span class="n">jwt</span><span class="o">.</span><span class="n">NewWithClaims</span><span class="p">(</span><span class="n">jwt</span><span class="o">.</span><span class="n">SigningMethodHS256</span><span class="p">,</span> <span class="n">claims</span><span class="p">)</span> <span class="n">ss</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">token</span><span class="o">.</span><span class="n">SignedString</span><span class="p">([]</span><span class="kt">byte</span><span class="p">(</span><span class="n">key</span><span class="p">))</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">log</span><span class="o">.</span><span class="n">Println</span><span class="p">(</span><span class="s">"Failed to sign refresh token string"</span><span class="p">)</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">err</span> <span class="p">}</span> <span class="k">return</span> <span class="o">&amp;</span><span class="n">RefreshToken</span><span class="p">{</span> <span class="n">SS</span><span class="o">:</span> <span class="n">ss</span><span class="p">,</span> <span class="n">ID</span><span class="o">:</span> <span class="n">tokenID</span><span class="o">.</span><span class="n">String</span><span class="p">(),</span> <span class="n">ExpiresIn</span><span class="o">:</span> <span class="n">tokenExp</span><span class="o">.</span><span class="n">Sub</span><span class="p">(</span><span class="n">currentTime</span><span class="p">),</span> <span class="p">},</span> <span class="no">nil</span> <span class="p">}</span> </code></pre> </div> <ol> <li>We will not return the signed string directly. Instead, we return a <code>RefreshToken</code> that we define in a struct. We do this to make reaching out to a <code>TokenRepository</code> (we'll implement this later) a bit easier. We also return an <code>ExpiresIn</code> field as we will use this for expiring old refresh tokens in Redis. We'll still only send the "signed string" in the HTTP response, as shown in our previous diagram.</li> <li>We make use of the <code>ID</code> property (a stringified UUID) in standard claims. This id will be used to identify valid tokens in Redis.</li> <li>We sign the token using the HS256 algorithm by using passing in our secret as a byte slice. </li> </ol> <p>Now let's see how we can generate the RSA key pair!</p> <h2> Generating Public and Private Keys </h2> <p>I'm going to use the technique recommended by <a href="https://cloud.google.com/iot/docs/how-tos/credentials/keys" rel="noopener noreferrer">Google Cloud</a> for generating 2048-bit RSA Key pairs. We'll then add these lines to a Makefile at our project root as follows:</p> <p><em>You may need to download Make and OpenSSL to get this to work in Windows. I did it once, and it was a pain in the butt. Sorry I'm too lazy to write a tutorial now 😢. But it is possible, and probably easier than these tutorials!</em></p> <p>Create a "Makefile" at project root (one directory above "account").<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight make"><code><span class="nl">.PHONY</span><span class="o">:</span> <span class="nf">create-keypair</span> <span class="nv">PWD</span> <span class="o">=</span> <span class="p">$(</span>shell <span class="nb">pwd</span><span class="p">)</span> <span class="nv">ACCTPATH</span> <span class="o">=</span> <span class="p">$(</span>PWD<span class="p">)</span>/account <span class="nl">create-keypair</span><span class="o">:</span> <span class="p">@</span><span class="nb">echo</span> <span class="s2">"Creating an rsa 256 key pair"</span> openssl genpkey <span class="nt">-algorithm</span> RSA <span class="nt">-out</span> <span class="p">$(</span>ACCTPATH<span class="p">)</span>/rsa_private_<span class="p">$(</span>ENV<span class="p">)</span>.pem <span class="nt">-pkeyopt</span> rsa_keygen_bits:2048 openssl rsa <span class="nt">-in</span> <span class="p">$(</span>ACCTPATH<span class="p">)</span>/rsa_private_<span class="p">$(</span>ENV<span class="p">)</span>.pem <span class="nt">-pubout</span> <span class="nt">-out</span> <span class="p">$(</span>ACCTPATH<span class="p">)</span>/rsa_public_<span class="p">$(</span>ENV<span class="p">)</span>.pem </code></pre> </div> <p>Make sure to add <code>*.pem</code> to your .gitignore file at the project root to exclude all keys from being committed to your repository!<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>.env.dev *.pem </code></pre> </div> <p>We can then create keys with <code>make create-keypair ENV=test</code>, where you can replace the value of ENV with the environment for which you want to create the keypair. </p> <h2> Call Utility Methods in TokenService </h2> <p>With our utility functions completed, we can complete the implementation of <code>NewPairFromUser</code>! We'll generate both of our tokens and check for any errors. If everything works, we return the <code>TokenPair</code>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">func</span> <span class="p">(</span><span class="n">s</span> <span class="o">*</span><span class="n">TokenService</span><span class="p">)</span> <span class="n">NewPairFromUser</span><span class="p">(</span><span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">,</span> <span class="n">u</span> <span class="o">*</span><span class="n">model</span><span class="o">.</span><span class="n">User</span><span class="p">,</span> <span class="n">prevTokenID</span> <span class="kt">string</span><span class="p">)</span> <span class="p">(</span><span class="o">*</span><span class="n">model</span><span class="o">.</span><span class="n">TokenPair</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span> <span class="c">// No need to use a repository for idToken as it is unrelated to any data source</span> <span class="n">idToken</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">generateIDToken</span><span class="p">(</span><span class="n">u</span><span class="p">,</span> <span class="n">s</span><span class="o">.</span><span class="n">PrivKey</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">log</span><span class="o">.</span><span class="n">Printf</span><span class="p">(</span><span class="s">"Error generating idToken for uid: %v. Error: %v</span><span class="se">\n</span><span class="s">"</span><span class="p">,</span> <span class="n">u</span><span class="o">.</span><span class="n">UID</span><span class="p">,</span> <span class="n">err</span><span class="o">.</span><span class="n">Error</span><span class="p">())</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">apperrors</span><span class="o">.</span><span class="n">NewInternal</span><span class="p">()</span> <span class="p">}</span> <span class="n">refreshToken</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">generateRefreshToken</span><span class="p">(</span><span class="n">u</span><span class="o">.</span><span class="n">UID</span><span class="p">,</span> <span class="n">s</span><span class="o">.</span><span class="n">RefreshSecret</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">log</span><span class="o">.</span><span class="n">Printf</span><span class="p">(</span><span class="s">"Error generating refreshToken for uid: %v. Error: %v</span><span class="se">\n</span><span class="s">"</span><span class="p">,</span> <span class="n">u</span><span class="o">.</span><span class="n">UID</span><span class="p">,</span> <span class="n">err</span><span class="o">.</span><span class="n">Error</span><span class="p">())</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">apperrors</span><span class="o">.</span><span class="n">NewInternal</span><span class="p">()</span> <span class="p">}</span> <span class="c">// TODO: store refresh tokens by calling TokenRepository methods</span> <span class="k">return</span> <span class="o">&amp;</span><span class="n">model</span><span class="o">.</span><span class="n">TokenPair</span><span class="p">{</span> <span class="n">IDToken</span><span class="o">:</span> <span class="n">idToken</span><span class="p">,</span> <span class="n">RefreshToken</span><span class="o">:</span> <span class="n">refreshToken</span><span class="o">.</span><span class="n">SS</span><span class="p">,</span> <span class="p">},</span> <span class="no">nil</span> <span class="p">}</span> </code></pre> </div> <h2> Add Test for NewTokenPairFromUser </h2> <p>Let's create the test file for this service, <code>~/service/token_service_test.go</code>, and add a single test case to make sure we get a token pair when we call <code>NewPairFromUser</code>!<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">package</span> <span class="n">service</span> <span class="k">import</span> <span class="p">(</span> <span class="s">"context"</span> <span class="s">"io/ioutil"</span> <span class="s">"testing"</span> <span class="s">"time"</span> <span class="s">"github.com/stretchr/testify/assert"</span> <span class="s">"github.com/dgrijalva/jwt-go"</span> <span class="s">"github.com/google/uuid"</span> <span class="s">"github.com/jacobsngoodwin/memrizr-tutorial-script/account/model"</span> <span class="p">)</span> <span class="k">func</span> <span class="n">TestNewPairFromUser</span><span class="p">(</span><span class="n">t</span> <span class="o">*</span><span class="n">testing</span><span class="o">.</span><span class="n">T</span><span class="p">)</span> <span class="p">{</span> <span class="n">priv</span><span class="p">,</span> <span class="n">_</span> <span class="o">:=</span> <span class="n">ioutil</span><span class="o">.</span><span class="n">ReadFile</span><span class="p">(</span><span class="s">"../rsa_private_test.pem"</span><span class="p">)</span> <span class="n">privKey</span><span class="p">,</span> <span class="n">_</span> <span class="o">:=</span> <span class="n">jwt</span><span class="o">.</span><span class="n">ParseRSAPrivateKeyFromPEM</span><span class="p">(</span><span class="n">priv</span><span class="p">)</span> <span class="n">pub</span><span class="p">,</span> <span class="n">_</span> <span class="o">:=</span> <span class="n">ioutil</span><span class="o">.</span><span class="n">ReadFile</span><span class="p">(</span><span class="s">"../rsa_public_test.pem"</span><span class="p">)</span> <span class="n">pubKey</span><span class="p">,</span> <span class="n">_</span> <span class="o">:=</span> <span class="n">jwt</span><span class="o">.</span><span class="n">ParseRSAPublicKeyFromPEM</span><span class="p">(</span><span class="n">pub</span><span class="p">)</span> <span class="n">secret</span> <span class="o">:=</span> <span class="s">"anotsorandomtestsecret"</span> <span class="c">// instantiate a common token service to be used by all tests</span> <span class="n">tokenService</span> <span class="o">:=</span> <span class="n">NewTokenService</span><span class="p">(</span><span class="o">&amp;</span><span class="n">TSConfig</span><span class="p">{</span> <span class="n">PrivKey</span><span class="o">:</span> <span class="n">privKey</span><span class="p">,</span> <span class="n">PubKey</span><span class="o">:</span> <span class="n">pubKey</span><span class="p">,</span> <span class="n">RefreshSecret</span><span class="o">:</span> <span class="n">secret</span><span class="p">,</span> <span class="p">})</span> <span class="c">// include password to make sure it is not serialized</span> <span class="c">// since json tag is "-"</span> <span class="n">uid</span><span class="p">,</span> <span class="n">_</span> <span class="o">:=</span> <span class="n">uuid</span><span class="o">.</span><span class="n">NewRandom</span><span class="p">()</span> <span class="n">u</span> <span class="o">:=</span> <span class="o">&amp;</span><span class="n">model</span><span class="o">.</span><span class="n">User</span><span class="p">{</span> <span class="n">UID</span><span class="o">:</span> <span class="n">uid</span><span class="p">,</span> <span class="n">Email</span><span class="o">:</span> <span class="s">"bob@bob.com"</span><span class="p">,</span> <span class="n">Password</span><span class="o">:</span> <span class="s">"blarghedymcblarghface"</span><span class="p">,</span> <span class="p">}</span> <span class="n">t</span><span class="o">.</span><span class="n">Run</span><span class="p">(</span><span class="s">"Returns a token pair with values"</span><span class="p">,</span> <span class="k">func</span><span class="p">(</span><span class="n">t</span> <span class="o">*</span><span class="n">testing</span><span class="o">.</span><span class="n">T</span><span class="p">)</span> <span class="p">{</span> <span class="n">ctx</span> <span class="o">:=</span> <span class="n">context</span><span class="o">.</span><span class="n">TODO</span><span class="p">()</span> <span class="n">tokenPair</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">tokenService</span><span class="o">.</span><span class="n">NewPairFromUser</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="n">u</span><span class="p">,</span> <span class="s">""</span><span class="p">)</span> <span class="n">assert</span><span class="o">.</span><span class="n">NoError</span><span class="p">(</span><span class="n">t</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span> <span class="k">var</span> <span class="n">s</span> <span class="kt">string</span> <span class="n">assert</span><span class="o">.</span><span class="n">IsType</span><span class="p">(</span><span class="n">t</span><span class="p">,</span> <span class="n">s</span><span class="p">,</span> <span class="n">tokenPair</span><span class="o">.</span><span class="n">IDToken</span><span class="p">)</span> <span class="c">// decode the Base64URL encoded string</span> <span class="c">// simpler to use jwt library which is already imported</span> <span class="n">idTokenClaims</span> <span class="o">:=</span> <span class="o">&amp;</span><span class="n">IDTokenCustomClaims</span><span class="p">{}</span> <span class="n">_</span><span class="p">,</span> <span class="n">err</span> <span class="o">=</span> <span class="n">jwt</span><span class="o">.</span><span class="n">ParseWithClaims</span><span class="p">(</span><span class="n">tokenPair</span><span class="o">.</span><span class="n">IDToken</span><span class="p">,</span> <span class="n">idTokenClaims</span><span class="p">,</span> <span class="k">func</span><span class="p">(</span><span class="n">token</span> <span class="o">*</span><span class="n">jwt</span><span class="o">.</span><span class="n">Token</span><span class="p">)</span> <span class="p">(</span><span class="k">interface</span><span class="p">{},</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="n">pubKey</span><span class="p">,</span> <span class="no">nil</span> <span class="p">})</span> <span class="n">assert</span><span class="o">.</span><span class="n">NoError</span><span class="p">(</span><span class="n">t</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span> <span class="c">// assert claims on idToken</span> <span class="n">expectedClaims</span> <span class="o">:=</span> <span class="p">[]</span><span class="k">interface</span><span class="p">{}{</span> <span class="n">u</span><span class="o">.</span><span class="n">UID</span><span class="p">,</span> <span class="n">u</span><span class="o">.</span><span class="n">Email</span><span class="p">,</span> <span class="n">u</span><span class="o">.</span><span class="n">Name</span><span class="p">,</span> <span class="n">u</span><span class="o">.</span><span class="n">ImageURL</span><span class="p">,</span> <span class="n">u</span><span class="o">.</span><span class="n">Website</span><span class="p">,</span> <span class="p">}</span> <span class="n">actualIDClaims</span> <span class="o">:=</span> <span class="p">[]</span><span class="k">interface</span><span class="p">{}{</span> <span class="n">idTokenClaims</span><span class="o">.</span><span class="n">User</span><span class="o">.</span><span class="n">UID</span><span class="p">,</span> <span class="n">idTokenClaims</span><span class="o">.</span><span class="n">User</span><span class="o">.</span><span class="n">Email</span><span class="p">,</span> <span class="n">idTokenClaims</span><span class="o">.</span><span class="n">User</span><span class="o">.</span><span class="n">Name</span><span class="p">,</span> <span class="n">idTokenClaims</span><span class="o">.</span><span class="n">User</span><span class="o">.</span><span class="n">ImageURL</span><span class="p">,</span> <span class="n">idTokenClaims</span><span class="o">.</span><span class="n">User</span><span class="o">.</span><span class="n">Website</span><span class="p">,</span> <span class="p">}</span> <span class="n">assert</span><span class="o">.</span><span class="n">ElementsMatch</span><span class="p">(</span><span class="n">t</span><span class="p">,</span> <span class="n">expectedClaims</span><span class="p">,</span> <span class="n">actualIDClaims</span><span class="p">)</span> <span class="n">assert</span><span class="o">.</span><span class="n">Empty</span><span class="p">(</span><span class="n">t</span><span class="p">,</span> <span class="n">idTokenClaims</span><span class="o">.</span><span class="n">User</span><span class="o">.</span><span class="n">Password</span><span class="p">)</span> <span class="c">// password should never be encoded to json</span> <span class="n">expiresAt</span> <span class="o">:=</span> <span class="n">time</span><span class="o">.</span><span class="n">Unix</span><span class="p">(</span><span class="n">idTokenClaims</span><span class="o">.</span><span class="n">StandardClaims</span><span class="o">.</span><span class="n">ExpiresAt</span><span class="p">,</span> <span class="m">0</span><span class="p">)</span> <span class="n">expectedExpiresAt</span> <span class="o">:=</span> <span class="n">time</span><span class="o">.</span><span class="n">Now</span><span class="p">()</span><span class="o">.</span><span class="n">Add</span><span class="p">(</span><span class="m">15</span> <span class="o">*</span> <span class="n">time</span><span class="o">.</span><span class="n">Minute</span><span class="p">)</span> <span class="n">assert</span><span class="o">.</span><span class="n">WithinDuration</span><span class="p">(</span><span class="n">t</span><span class="p">,</span> <span class="n">expectedExpiresAt</span><span class="p">,</span> <span class="n">expiresAt</span><span class="p">,</span> <span class="m">5</span><span class="o">*</span><span class="n">time</span><span class="o">.</span><span class="n">Second</span><span class="p">)</span> <span class="n">refreshTokenClaims</span> <span class="o">:=</span> <span class="o">&amp;</span><span class="n">RefreshTokenCustomClaims</span><span class="p">{}</span> <span class="n">_</span><span class="p">,</span> <span class="n">err</span> <span class="o">=</span> <span class="n">jwt</span><span class="o">.</span><span class="n">ParseWithClaims</span><span class="p">(</span><span class="n">tokenPair</span><span class="o">.</span><span class="n">RefreshToken</span><span class="p">,</span> <span class="n">refreshTokenClaims</span><span class="p">,</span> <span class="k">func</span><span class="p">(</span><span class="n">token</span> <span class="o">*</span><span class="n">jwt</span><span class="o">.</span><span class="n">Token</span><span class="p">)</span> <span class="p">(</span><span class="k">interface</span><span class="p">{},</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="p">[]</span><span class="kt">byte</span><span class="p">(</span><span class="n">secret</span><span class="p">),</span> <span class="no">nil</span> <span class="p">})</span> <span class="n">assert</span><span class="o">.</span><span class="n">IsType</span><span class="p">(</span><span class="n">t</span><span class="p">,</span> <span class="n">s</span><span class="p">,</span> <span class="n">tokenPair</span><span class="o">.</span><span class="n">RefreshToken</span><span class="p">)</span> <span class="c">// assert claims on refresh token</span> <span class="n">assert</span><span class="o">.</span><span class="n">NoError</span><span class="p">(</span><span class="n">t</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span> <span class="n">assert</span><span class="o">.</span><span class="n">Equal</span><span class="p">(</span><span class="n">t</span><span class="p">,</span> <span class="n">u</span><span class="o">.</span><span class="n">UID</span><span class="p">,</span> <span class="n">refreshTokenClaims</span><span class="o">.</span><span class="n">UID</span><span class="p">)</span> <span class="n">expiresAt</span> <span class="o">=</span> <span class="n">time</span><span class="o">.</span><span class="n">Unix</span><span class="p">(</span><span class="n">refreshTokenClaims</span><span class="o">.</span><span class="n">StandardClaims</span><span class="o">.</span><span class="n">ExpiresAt</span><span class="p">,</span> <span class="m">0</span><span class="p">)</span> <span class="n">expectedExpiresAt</span> <span class="o">=</span> <span class="n">time</span><span class="o">.</span><span class="n">Now</span><span class="p">()</span><span class="o">.</span><span class="n">Add</span><span class="p">(</span><span class="m">3</span> <span class="o">*</span> <span class="m">24</span> <span class="o">*</span> <span class="n">time</span><span class="o">.</span><span class="n">Hour</span><span class="p">)</span> <span class="n">assert</span><span class="o">.</span><span class="n">WithinDuration</span><span class="p">(</span><span class="n">t</span><span class="p">,</span> <span class="n">expectedExpiresAt</span><span class="p">,</span> <span class="n">expiresAt</span><span class="p">,</span> <span class="m">5</span><span class="o">*</span><span class="n">time</span><span class="o">.</span><span class="n">Second</span><span class="p">)</span> <span class="p">})</span> <span class="p">}</span> </code></pre> </div> <p>In the test we do the following:</p> <ol> <li>Add setup code which reads in our test RSA keys and secret, initializes a <code>TokenService</code>, and creates an example <code>User</code>.</li> <li>We assert that the returned <code>idToken</code> is a string.</li> <li>We then parse the JWT (decode the Base64-encoded value), and verify that the token's "claims" contain the fields from the user. </li> <li>However, we also assert <strong>that the password is not part of the claims</strong> as that would be very, very bad! Our <code>User</code> model's JSON tags are set so that the password should never be sent as JSON.</li> <li>We check that the expiration time is within 5 seconds of 15 minutes.</li> <li>We make the same steps for the <code>refreshToken</code>, except we don't have as many fields to verify, and assert an expiry time of 3 days.</li> </ol> <h2> Conclusion </h2> <p>Next time, we're going to create to run our Postgres database and create a users table with columns corresponding to the fields of our <code>User</code> model. After we successfully migrate create this table, we'll initialize a database connection and perform dependency injection. </p> <p>With any luck, we'll then be able to fire up our application and sign up an actual user!</p> <p>After that, I think we'll do a little bit of cleanup and maintenance before moving on to adding more functionality.</p> <p>To be honest, it you get this part, the rest should begin to move a bit more quickly!</p> <p>See you next time!</p> go testing authentication tutorial 08 - Implement Signup in Service and Repository Layers Jacob Goodwin Thu, 12 Nov 2020 04:27:17 +0000 https://dev.to/jacobsngoodwin/08-implement-signup-in-service-and-repository-layers-4coe https://dev.to/jacobsngoodwin/08-implement-signup-in-service-and-repository-layers-4coe <p>The last thing we did in our account application was to create and test a <code>Signup</code> handler. In this tutorial, we'll get work on the logic for signing up a user by adding service and repository layer method implementations. </p> <p>Our goal over the next 3 tutorials will be to get the application working for signing up a user, including storing a newly created user in a database, and creating authorization tokens for a newly signed up, or a signed in user. </p> <p>If at any point you are confused about file structure or code, go to <a href="https://github.com/JacobSNGoodwin/memrizr" rel="noopener noreferrer">Github repository</a> and check out the branch for the previous lesson to be in sync with me!</p> <p>If you prefer video, check out the video version below!<br> <iframe width="710" height="399" src="https://www.youtube.com/embed/1HldvZUdaP4"> </iframe> </p> <p>And for an overview of what the app we're building, see this.<br> <iframe width="710" height="399" src="https://www.youtube.com/embed/Ez2dOyxmGDE"> </iframe> </p> <h2> Current Progress </h2> <p>The diagram below shows the methods in each application layer that we'll eventually need to implement, along with check marks next to those we've already completed. We started out by working on the <code>me</code> handler and <code>UserService.Get</code> method. We did this first just do get a feel for creating and unit testing handlers and services.</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2F4f0jheocionotzm6oquv.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2F4f0jheocionotzm6oquv.png" alt="08 Account Application Progress"></a></p> <p>Now, though, we want to learn how to put these pieces together into a functioning web API application!</p> <p>Looking at the code code inside of the <code>Signup</code> handler, we see that we reached out to <code>UserService.Signup</code> and <code>TokenService.NewPairFromUser</code>. We'll be working on creating concrete implementations of these methods in the next two tutorials so that we can send HTTP requests to our application and create real users inside of a PostgresQL database!<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code> <span class="c">// ...data binding and instantiation of User model...</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">h</span><span class="o">.</span><span class="n">UserService</span><span class="o">.</span><span class="n">Signup</span><span class="p">(</span><span class="n">c</span><span class="p">,</span> <span class="n">u</span><span class="p">)</span> <span class="c">// ...error handling ...</span> <span class="c">// ...create token pair as strings</span> <span class="n">tokens</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">h</span><span class="o">.</span><span class="n">TokenService</span><span class="o">.</span><span class="n">NewPairFromUser</span><span class="p">(</span><span class="n">c</span><span class="p">,</span> <span class="n">u</span><span class="p">,</span> <span class="s">""</span><span class="p">)</span> </code></pre> </div> <p>In order to store users in an actual database, we'll need to implement a <code>UserRepository</code>, along with its <code>Create</code> method. This repository will accept a connection to a Postgres database. This Postgres database will be created inside of a docker container. I know it's been a while, but recall that we do have a <code>docker-compose.yml</code> file at the root of the project for defining the containers required to run our application.</p> <p>In the next tutorial we'll work on creating tokens in the <code>NewPairFromUser</code> method. There's a little bit of context I'll need to provide on these token pairs, so it will require a second tutorial. </p> <p>In the third tutorial, we're going to connect all of these pieces together by injecting a database connection into our UserRepository, injecting the UserRepository into the UserService, and then injecting the TokenService and UserService into the handler layer. </p> <p>At that point, we'll finally be able to fire up our live reload environment and send requests to sign up users!</p> <p>Are you intimidated yet? ... Or are you significantly more resilient than me?</p> <p>After we have these pieces in place, we'll have implemented some of the most difficult parts of this project.</p> <h2> Add Create to UserRepository Interface </h2> <p>Let's add the expectation that our <code>UserRepository</code> should <code>Create</code> users inside of <code>~/model/interfaces.go</code>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="c">// UserRepository defines methods the service layer expects</span> <span class="c">// any repository it interacts with to implement</span> <span class="k">type</span> <span class="n">UserRepository</span> <span class="k">interface</span> <span class="p">{</span> <span class="n">FindByID</span><span class="p">(</span><span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">,</span> <span class="n">uid</span> <span class="n">uuid</span><span class="o">.</span><span class="n">UUID</span><span class="p">)</span> <span class="p">(</span><span class="o">*</span><span class="n">User</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="n">Create</span><span class="p">(</span><span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">,</span> <span class="n">u</span> <span class="o">*</span><span class="n">User</span><span class="p">)</span> <span class="kt">error</span> <span class="p">}</span> </code></pre> </div> <p>If a user is successfully created, it should update the underlying <code>User</code> passed to <code>Create</code>, otherwise an error should be returned.</p> <h3> Add Create to Mock Implementation </h3> <p>You're probably getting a warning now since our <code>mockUserRepository</code> does not yet implement the <code>Get</code> method. We add the implementation inside <code>~/mocks/user_repository.go</code>. This will also allow us to test our <code>UserService.Signup</code> method. As always, check out the <a href="https://pkg.go.dev/github.com/stretchr/testify" rel="noopener noreferrer">testify docs</a> for more information about creating these mocks.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="c">// Create is a mock for UserRepository Create</span> <span class="k">func</span> <span class="p">(</span><span class="n">m</span> <span class="o">*</span><span class="n">MockUserRepository</span><span class="p">)</span> <span class="n">Create</span><span class="p">(</span><span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">,</span> <span class="n">u</span> <span class="o">*</span><span class="n">model</span><span class="o">.</span><span class="n">User</span><span class="p">)</span> <span class="kt">error</span> <span class="p">{</span> <span class="n">ret</span> <span class="o">:=</span> <span class="n">m</span><span class="o">.</span><span class="n">Called</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="n">u</span><span class="p">)</span> <span class="k">var</span> <span class="n">r0</span> <span class="kt">error</span> <span class="k">if</span> <span class="n">ret</span><span class="o">.</span><span class="n">Get</span><span class="p">(</span><span class="m">0</span><span class="p">)</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">r0</span> <span class="o">=</span> <span class="n">ret</span><span class="o">.</span><span class="n">Get</span><span class="p">(</span><span class="m">0</span><span class="p">)</span><span class="o">.</span><span class="p">(</span><span class="kt">error</span><span class="p">)</span> <span class="p">}</span> <span class="k">return</span> <span class="n">r0</span> <span class="p">}</span> </code></pre> </div> <h2> UserService Signup </h2> <p>We've already scaffolded out this method inside of <code>~/service/user_service.go</code>. Let's now add the implementation details. </p> <p>If you look at the top of the file, you'll see that we've already provided access to a <code>model.UserRepository</code> in our <code>UserService struct</code> which will allow us to access the <code>Create</code> method.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="c">// Signup reaches our to a UserRepository to sign up the user.</span> <span class="c">// UserRepository Create should handle checking for user exists conflicts</span> <span class="k">func</span> <span class="p">(</span><span class="n">s</span> <span class="o">*</span><span class="n">UserService</span><span class="p">)</span> <span class="n">Signup</span><span class="p">(</span><span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">,</span> <span class="n">u</span> <span class="o">*</span><span class="n">model</span><span class="o">.</span><span class="n">User</span><span class="p">)</span> <span class="kt">error</span> <span class="p">{</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">s</span><span class="o">.</span><span class="n">UserRepository</span><span class="o">.</span><span class="n">Create</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="n">u</span><span class="p">);</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="n">err</span> <span class="p">}</span> <span class="c">// If we get around to adding events, we'd Publish it here</span> <span class="c">// err := s.EventsBroker.PublishUserUpdated(u, true)</span> <span class="c">// if err != nil {</span> <span class="c">// return nil, apperrors.NewInternal()</span> <span class="c">// }</span> <span class="k">return</span> <span class="no">nil</span> <span class="p">}</span> </code></pre> </div> <p>Wow! That was really easy! </p> <p>Not so fast! We don't want to store passwords as plain text because that would make life really easy for hackers if our database were breached. </p> <p>A few tutorials back, I said that we'd have to add more complexity and logic to some of our service methods, so here we go! We're going to add a functions for encrypting a password and another for comparing a supplied password with the encrypted password.</p> <p>Before continuing, let me warn you that I'm not even a cryptography novice, but I'm going to add some code based on what I've found out there for generating a "salt" and then hashing the password with <a href="https://en.wikipedia.org/wiki/Scrypt" rel="noopener noreferrer">scrypt</a>. </p> <h2> Password Utility Functions </h2> <p>Lets add a file called <code>~/service/passwords.go</code>. You could also create a sub-package or a root-level package. There are many opinions on how to structure utility applications out there, but I'm just going to created a file inside of our service layer as we don't plan to use this code elsewhere (maybe this is a dumb decision).<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">package</span> <span class="n">service</span> <span class="k">import</span> <span class="p">(</span> <span class="s">"crypto/rand"</span> <span class="s">"encoding/hex"</span> <span class="s">"fmt"</span> <span class="s">"strings"</span> <span class="s">"golang.org/x/crypto/scrypt"</span> <span class="p">)</span> <span class="k">func</span> <span class="n">hashPassword</span><span class="p">(</span><span class="n">password</span> <span class="kt">string</span><span class="p">)</span> <span class="p">(</span><span class="kt">string</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span> <span class="c">// example for making salt - https://play.golang.org/p/_Aw6WeWC42I</span> <span class="n">salt</span> <span class="o">:=</span> <span class="nb">make</span><span class="p">([]</span><span class="kt">byte</span><span class="p">,</span> <span class="m">32</span><span class="p">)</span> <span class="n">_</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">rand</span><span class="o">.</span><span class="n">Read</span><span class="p">(</span><span class="n">salt</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="s">""</span><span class="p">,</span> <span class="n">err</span> <span class="p">}</span> <span class="c">// using recommended cost parameters from - https://godoc.org/golang.org/x/crypto/scrypt</span> <span class="n">shash</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">scrypt</span><span class="o">.</span><span class="n">Key</span><span class="p">([]</span><span class="kt">byte</span><span class="p">(</span><span class="n">password</span><span class="p">),</span> <span class="n">salt</span><span class="p">,</span> <span class="m">32768</span><span class="p">,</span> <span class="m">8</span><span class="p">,</span> <span class="m">1</span><span class="p">,</span> <span class="m">32</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="s">""</span><span class="p">,</span> <span class="n">err</span> <span class="p">}</span> <span class="c">// return hex-encoded string with salt appended to password</span> <span class="n">hashedPW</span> <span class="o">:=</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Sprintf</span><span class="p">(</span><span class="s">"%s.%s"</span><span class="p">,</span> <span class="n">hex</span><span class="o">.</span><span class="n">EncodeToString</span><span class="p">(</span><span class="n">shash</span><span class="p">),</span> <span class="n">hex</span><span class="o">.</span><span class="n">EncodeToString</span><span class="p">(</span><span class="n">salt</span><span class="p">))</span> <span class="k">return</span> <span class="n">hashedPW</span><span class="p">,</span> <span class="no">nil</span> <span class="p">}</span> <span class="k">func</span> <span class="n">comparePasswords</span><span class="p">(</span><span class="n">storedPassword</span> <span class="kt">string</span><span class="p">,</span> <span class="n">suppliedPassword</span> <span class="kt">string</span><span class="p">)</span> <span class="p">(</span><span class="kt">bool</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span> <span class="n">pwsalt</span> <span class="o">:=</span> <span class="n">strings</span><span class="o">.</span><span class="n">Split</span><span class="p">(</span><span class="n">storedPassword</span><span class="p">,</span> <span class="s">"."</span><span class="p">)</span> <span class="c">// check supplied password salted with hash</span> <span class="n">salt</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">hex</span><span class="o">.</span><span class="n">DecodeString</span><span class="p">(</span><span class="n">pwsalt</span><span class="p">[</span><span class="m">1</span><span class="p">])</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="no">false</span><span class="p">,</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Errorf</span><span class="p">(</span><span class="s">"Unable to verify user password"</span><span class="p">)</span> <span class="p">}</span> <span class="n">shash</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">scrypt</span><span class="o">.</span><span class="n">Key</span><span class="p">([]</span><span class="kt">byte</span><span class="p">(</span><span class="n">suppliedPassword</span><span class="p">),</span> <span class="n">salt</span><span class="p">,</span> <span class="m">32768</span><span class="p">,</span> <span class="m">8</span><span class="p">,</span> <span class="m">1</span><span class="p">,</span> <span class="m">32</span><span class="p">)</span> <span class="k">return</span> <span class="n">hex</span><span class="o">.</span><span class="n">EncodeToString</span><span class="p">(</span><span class="n">shash</span><span class="p">)</span> <span class="o">==</span> <span class="n">pwsalt</span><span class="p">[</span><span class="m">0</span><span class="p">],</span> <span class="no">nil</span> <span class="p">}</span> </code></pre> </div> <p>The <code>hashPassword</code> function creates a hashed version of the provided password by:</p> <ol> <li>Creating a 32-byte salt using golang's random package. </li> <li>Creating a key, or hash, from a byte slice of the provided password, the salt we just created, and so-called <em>cost parameters</em>. The cost parameters provide a tradeoff between computational power required to encrypt the password and difficulty of recreating the encrypted password via brute-force attacks. We'll use the cost parameters recommended by the <a href="https://pkg.go.dev/golang.org/x/crypto/scrypt" rel="noopener noreferrer">scrypt docs</a>. The final parameter, 32, corresponds to the number of bytes for the key/hash.</li> <li>In order to check a user's password when they try to login at a later date, we'll need the same salt we just generated. So what we'll do is store the salt with the hashed password. We do this by using <code>fmt.Sprintf</code>, appending the salt to the hashed password with a "." in between. We encode both the hash and salt as hexadecimal strings. </li> </ol> <p>We also create a comparePassword function. This function:</p> <ol> <li>Splits the string we created in the previous function to separate the salt and hashed password.</li> <li>Hashes the supplied password, or what the user enters when logging in with the salt. </li> <li>Compares the above value with the hashed password from the database. If the two match, we know the user has entered the correct password!</li> </ol> <h2> Applying hashPassword to Signup </h2> <p>Let's update our <code>Signup</code> method to use the hashed password!<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">func</span> <span class="p">(</span><span class="n">s</span> <span class="o">*</span><span class="n">UserService</span><span class="p">)</span> <span class="n">Signup</span><span class="p">(</span><span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">,</span> <span class="n">u</span> <span class="o">*</span><span class="n">model</span><span class="o">.</span><span class="n">User</span><span class="p">)</span> <span class="kt">error</span> <span class="p">{</span> <span class="n">pw</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">hashPassword</span><span class="p">(</span><span class="n">u</span><span class="o">.</span><span class="n">Password</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">log</span><span class="o">.</span><span class="n">Printf</span><span class="p">(</span><span class="s">"Unable to signup user for email: %v</span><span class="se">\n</span><span class="s">"</span><span class="p">,</span> <span class="n">u</span><span class="o">.</span><span class="n">Email</span><span class="p">)</span> <span class="k">return</span> <span class="n">apperrors</span><span class="o">.</span><span class="n">NewInternal</span><span class="p">()</span> <span class="p">}</span> <span class="c">// now I realize why I originally used Signup(ctx, email, password)</span> <span class="c">// then created a user. It's somewhat un-natural to mutate the user here</span> <span class="n">u</span><span class="o">.</span><span class="n">Password</span> <span class="o">=</span> <span class="n">pw</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">s</span><span class="o">.</span><span class="n">UserRepository</span><span class="o">.</span><span class="n">Create</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="n">u</span><span class="p">);</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="n">err</span> <span class="p">}</span> <span class="c">// ...</span> <span class="k">return</span> <span class="no">nil</span> <span class="p">}</span> </code></pre> </div> <p>That's it for this service method. We'll be able to test it by using the UserRepository mock we previously updated!</p> <h2> Unit Test UserService Signup </h2> <p>Unit tests for the Signup method have been added below and can be found in <code>~/service/user_service_test.go</code>. I want to mention that I did learn something new in creating this test. </p> <p>In the success case, we chain on a <code>Run</code> method to our testify mock call, which executes some code on the provided arguments to the <code>Create</code> method call. In this case, we add a <code>UID</code> to the user, which mocks actual repository behavior.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">func</span> <span class="n">TestSignup</span><span class="p">(</span><span class="n">t</span> <span class="o">*</span><span class="n">testing</span><span class="o">.</span><span class="n">T</span><span class="p">)</span> <span class="p">{</span> <span class="n">t</span><span class="o">.</span><span class="n">Run</span><span class="p">(</span><span class="s">"Success"</span><span class="p">,</span> <span class="k">func</span><span class="p">(</span><span class="n">t</span> <span class="o">*</span><span class="n">testing</span><span class="o">.</span><span class="n">T</span><span class="p">)</span> <span class="p">{</span> <span class="n">uid</span><span class="p">,</span> <span class="n">_</span> <span class="o">:=</span> <span class="n">uuid</span><span class="o">.</span><span class="n">NewRandom</span><span class="p">()</span> <span class="n">mockUser</span> <span class="o">:=</span> <span class="o">&amp;</span><span class="n">model</span><span class="o">.</span><span class="n">User</span><span class="p">{</span> <span class="n">Email</span><span class="o">:</span> <span class="s">"bob@bob.com"</span><span class="p">,</span> <span class="n">Password</span><span class="o">:</span> <span class="s">"howdyhoneighbor!"</span><span class="p">,</span> <span class="p">}</span> <span class="n">mockUserRepository</span> <span class="o">:=</span> <span class="nb">new</span><span class="p">(</span><span class="n">mocks</span><span class="o">.</span><span class="n">MockUserRepository</span><span class="p">)</span> <span class="n">us</span> <span class="o">:=</span> <span class="n">NewUserService</span><span class="p">(</span><span class="o">&amp;</span><span class="n">USConfig</span><span class="p">{</span> <span class="n">UserRepository</span><span class="o">:</span> <span class="n">mockUserRepository</span><span class="p">,</span> <span class="p">})</span> <span class="c">// We can use Run method to modify the user when the Create method is called.</span> <span class="c">// We can then chain on a Return method to return no error</span> <span class="n">mockUserRepository</span><span class="o">.</span> <span class="n">On</span><span class="p">(</span><span class="s">"Create"</span><span class="p">,</span> <span class="n">mock</span><span class="o">.</span><span class="n">AnythingOfType</span><span class="p">(</span><span class="s">"*context.emptyCtx"</span><span class="p">),</span> <span class="n">mockUser</span><span class="p">)</span><span class="o">.</span> <span class="n">Run</span><span class="p">(</span><span class="k">func</span><span class="p">(</span><span class="n">args</span> <span class="n">mock</span><span class="o">.</span><span class="n">Arguments</span><span class="p">)</span> <span class="p">{</span> <span class="n">userArg</span> <span class="o">:=</span> <span class="n">args</span><span class="o">.</span><span class="n">Get</span><span class="p">(</span><span class="m">1</span><span class="p">)</span><span class="o">.</span><span class="p">(</span><span class="o">*</span><span class="n">model</span><span class="o">.</span><span class="n">User</span><span class="p">)</span> <span class="c">// arg 0 is context, arg 1 is *User</span> <span class="n">userArg</span><span class="o">.</span><span class="n">UID</span> <span class="o">=</span> <span class="n">uid</span> <span class="p">})</span><span class="o">.</span><span class="n">Return</span><span class="p">(</span><span class="no">nil</span><span class="p">)</span> <span class="n">ctx</span> <span class="o">:=</span> <span class="n">context</span><span class="o">.</span><span class="n">TODO</span><span class="p">()</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">us</span><span class="o">.</span><span class="n">Signup</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="n">mockUser</span><span class="p">)</span> <span class="n">assert</span><span class="o">.</span><span class="n">NoError</span><span class="p">(</span><span class="n">t</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span> <span class="c">// assert user now has a userID</span> <span class="n">assert</span><span class="o">.</span><span class="n">Equal</span><span class="p">(</span><span class="n">t</span><span class="p">,</span> <span class="n">uid</span><span class="p">,</span> <span class="n">mockUser</span><span class="o">.</span><span class="n">UID</span><span class="p">)</span> <span class="n">mockUserRepository</span><span class="o">.</span><span class="n">AssertExpectations</span><span class="p">(</span><span class="n">t</span><span class="p">)</span> <span class="p">})</span> <span class="n">t</span><span class="o">.</span><span class="n">Run</span><span class="p">(</span><span class="s">"Error"</span><span class="p">,</span> <span class="k">func</span><span class="p">(</span><span class="n">t</span> <span class="o">*</span><span class="n">testing</span><span class="o">.</span><span class="n">T</span><span class="p">)</span> <span class="p">{</span> <span class="n">mockUser</span> <span class="o">:=</span> <span class="o">&amp;</span><span class="n">model</span><span class="o">.</span><span class="n">User</span><span class="p">{</span> <span class="n">Email</span><span class="o">:</span> <span class="s">"bob@bob.com"</span><span class="p">,</span> <span class="n">Password</span><span class="o">:</span> <span class="s">"howdyhoneighbor!"</span><span class="p">,</span> <span class="p">}</span> <span class="n">mockUserRepository</span> <span class="o">:=</span> <span class="nb">new</span><span class="p">(</span><span class="n">mocks</span><span class="o">.</span><span class="n">MockUserRepository</span><span class="p">)</span> <span class="n">us</span> <span class="o">:=</span> <span class="n">NewUserService</span><span class="p">(</span><span class="o">&amp;</span><span class="n">USConfig</span><span class="p">{</span> <span class="n">UserRepository</span><span class="o">:</span> <span class="n">mockUserRepository</span><span class="p">,</span> <span class="p">})</span> <span class="n">mockErr</span> <span class="o">:=</span> <span class="n">apperrors</span><span class="o">.</span><span class="n">NewConflict</span><span class="p">(</span><span class="s">"email"</span><span class="p">,</span> <span class="n">mockUser</span><span class="o">.</span><span class="n">Email</span><span class="p">)</span> <span class="c">// We can use Run method to modify the user when the Create method is called.</span> <span class="c">// We can then chain on a Return method to return no error</span> <span class="n">mockUserRepository</span><span class="o">.</span> <span class="n">On</span><span class="p">(</span><span class="s">"Create"</span><span class="p">,</span> <span class="n">mock</span><span class="o">.</span><span class="n">AnythingOfType</span><span class="p">(</span><span class="s">"*context.emptyCtx"</span><span class="p">),</span> <span class="n">mockUser</span><span class="p">)</span><span class="o">.</span> <span class="n">Return</span><span class="p">(</span><span class="n">mockErr</span><span class="p">)</span> <span class="n">ctx</span> <span class="o">:=</span> <span class="n">context</span><span class="o">.</span><span class="n">TODO</span><span class="p">()</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">us</span><span class="o">.</span><span class="n">Signup</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="n">mockUser</span><span class="p">)</span> <span class="c">// assert error is error we response with in mock</span> <span class="n">assert</span><span class="o">.</span><span class="n">EqualError</span><span class="p">(</span><span class="n">t</span><span class="p">,</span> <span class="n">err</span><span class="p">,</span> <span class="n">mockErr</span><span class="o">.</span><span class="n">Error</span><span class="p">())</span> <span class="n">mockUserRepository</span><span class="o">.</span><span class="n">AssertExpectations</span><span class="p">(</span><span class="n">t</span><span class="p">)</span> <span class="p">})</span> <span class="p">}</span> </code></pre> </div> <p>Make sure to run the tests, and also fail them, to make sure the tests work as expected.</p> <p><code>go test -v ./service</code>. </p> <h2> PGUserRepository Get and FindByID </h2> <p>We can now take a couple of different paths. We can either work on the TokenService or on the UserRepository. We'll work on the TokenService next time as it requires a decent amount of explanation.</p> <p>Let's create a new folder called <code>repository</code> for our concrete repository implementations. Inside, add <code>pg_user_repository.go</code>, where we clearly name this implementation as one which uses Postgres.</p> <p>Inside of this file, we're going to add an import to a new package called SQLX, which adds some utility methods on top of the built-in golang SQL library. This SQLX will be the only dependency of our UserRepository.</p> <p>We'll also use a factory to initialize our UserRepository as in the service layer implementations.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">package</span> <span class="n">repository</span> <span class="k">import</span> <span class="p">(</span> <span class="s">"github.com/jmoiron/sqlx"</span> <span class="p">)</span> <span class="c">// PGUserRepository is data/repository implementation</span> <span class="c">// of service layer UserRepository</span> <span class="k">type</span> <span class="n">PGUserRepository</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">DB</span> <span class="o">*</span><span class="n">sqlx</span><span class="o">.</span><span class="n">DB</span> <span class="p">}</span> <span class="c">// NewUserRepository is a factory for initializing User Repositories</span> <span class="k">func</span> <span class="n">NewUserRepository</span><span class="p">(</span><span class="n">db</span> <span class="o">*</span><span class="n">sqlx</span><span class="o">.</span><span class="n">DB</span><span class="p">)</span> <span class="n">model</span><span class="o">.</span><span class="n">UserRepository</span> <span class="p">{</span> <span class="k">return</span> <span class="o">&amp;</span><span class="n">PGUserRepository</span><span class="p">{</span> <span class="n">DB</span><span class="o">:</span> <span class="n">db</span><span class="p">,</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <blockquote> <p>Also, I recently realized that my service and repository structs should probably be package private (starting with a lower-case letter). Our factories return an interface, and we don't want users to instantiate repository or service structs manually. That's the whole purpose of this factory pattern! We'll fix this in a few tutorials. </p> </blockquote> <p>If your IDE or editor is any good, you should see an error because our implementation of a UserRepository does not have a <code>Create</code> method! We'll also need a <code>FindByID</code> method since we defined that method in our <code>UserRepository</code> interface while working on the "me" handler.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="c">// Create reaches out to database SQLX api</span> <span class="k">func</span> <span class="p">(</span><span class="n">r</span> <span class="o">*</span><span class="n">PGUserRepository</span><span class="p">)</span> <span class="n">Create</span><span class="p">(</span><span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">,</span> <span class="n">u</span> <span class="o">*</span><span class="n">model</span><span class="o">.</span><span class="n">User</span><span class="p">)</span> <span class="kt">error</span> <span class="p">{</span> <span class="n">query</span> <span class="o">:=</span> <span class="s">"INSERT INTO users (email, password) VALUES ($1, $2) RETURNING *"</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">r</span><span class="o">.</span><span class="n">DB</span><span class="o">.</span><span class="n">Get</span><span class="p">(</span><span class="n">u</span><span class="p">,</span> <span class="n">query</span><span class="p">,</span> <span class="n">u</span><span class="o">.</span><span class="n">Email</span><span class="p">,</span> <span class="n">u</span><span class="o">.</span><span class="n">Password</span><span class="p">);</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="c">// check unique constraint</span> <span class="k">if</span> <span class="n">err</span><span class="p">,</span> <span class="n">ok</span> <span class="o">:=</span> <span class="n">err</span><span class="o">.</span><span class="p">(</span><span class="o">*</span><span class="n">pq</span><span class="o">.</span><span class="n">Error</span><span class="p">);</span> <span class="n">ok</span> <span class="o">&amp;&amp;</span> <span class="n">err</span><span class="o">.</span><span class="n">Code</span><span class="o">.</span><span class="n">Name</span><span class="p">()</span> <span class="o">==</span> <span class="s">"unique_violation"</span> <span class="p">{</span> <span class="n">log</span><span class="o">.</span><span class="n">Printf</span><span class="p">(</span><span class="s">"Could not create a user with email: %v. Reason: %v</span><span class="se">\n</span><span class="s">"</span><span class="p">,</span> <span class="n">u</span><span class="o">.</span><span class="n">Email</span><span class="p">,</span> <span class="n">err</span><span class="o">.</span><span class="n">Code</span><span class="o">.</span><span class="n">Name</span><span class="p">())</span> <span class="k">return</span> <span class="n">apperrors</span><span class="o">.</span><span class="n">NewConflict</span><span class="p">(</span><span class="s">"email"</span><span class="p">,</span> <span class="n">u</span><span class="o">.</span><span class="n">Email</span><span class="p">)</span> <span class="p">}</span> <span class="n">log</span><span class="o">.</span><span class="n">Printf</span><span class="p">(</span><span class="s">"Could not create a user with email: %v. Reason: %v</span><span class="se">\n</span><span class="s">"</span><span class="p">,</span> <span class="n">u</span><span class="o">.</span><span class="n">Email</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span> <span class="k">return</span> <span class="n">apperrors</span><span class="o">.</span><span class="n">NewInternal</span><span class="p">()</span> <span class="p">}</span> <span class="k">return</span> <span class="no">nil</span> <span class="p">}</span> <span class="c">// FindByID fetches user by id</span> <span class="k">func</span> <span class="p">(</span><span class="n">r</span> <span class="o">*</span><span class="n">PGUserRepository</span><span class="p">)</span> <span class="n">FindByID</span><span class="p">(</span><span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">,</span> <span class="n">uid</span> <span class="n">uuid</span><span class="o">.</span><span class="n">UUID</span><span class="p">)</span> <span class="p">(</span><span class="o">*</span><span class="n">model</span><span class="o">.</span><span class="n">User</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span> <span class="n">user</span> <span class="o">:=</span> <span class="o">&amp;</span><span class="n">model</span><span class="o">.</span><span class="n">User</span><span class="p">{}</span> <span class="n">query</span> <span class="o">:=</span> <span class="s">"SELECT * FROM users WHERE uid=$1"</span> <span class="c">// we need to actually check errors as it could be something other than not found</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">r</span><span class="o">.</span><span class="n">DB</span><span class="o">.</span><span class="n">Get</span><span class="p">(</span><span class="n">user</span><span class="p">,</span> <span class="n">query</span><span class="p">,</span> <span class="n">uid</span><span class="p">);</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="n">user</span><span class="p">,</span> <span class="n">apperrors</span><span class="o">.</span><span class="n">NewNotFound</span><span class="p">(</span><span class="s">"uid"</span><span class="p">,</span> <span class="n">uid</span><span class="o">.</span><span class="n">String</span><span class="p">())</span> <span class="p">}</span> <span class="k">return</span> <span class="n">user</span><span class="p">,</span> <span class="no">nil</span> <span class="p">}</span> </code></pre> </div> <p>In these methods, we create query strings, then execute them with application data by calling SQLX methods. </p> <p>The <code>Get</code> method on the DB (sqlx connection) for inserting may seem a little strange, but this is a way we can use "Returning" in the SQL query and apply it to the user, <code>u</code>.</p> <p>We then check for a very specific error returned by the SQL library when a unique violation occurs. If that is the case, let's return an <code>apperrors.NewConflict</code> error. Otherwise, we'll return an InternalServerError. </p> <p>We'll configure the "email" column of our user database table to be unique in a couple of tutorials, so any attempt to add an existing email will produce a unique violation error. </p> <p>Let's leave this for now. We'll inject a db connection, and in turn inject this repository into the UserService in a couple tutorials. I just wanted to give you an idea of what the repository layer will look like. </p> <h2> Setup a Docker Container for Postgres </h2> <p>Now I want to do something that doesn't necessarily fit in with this tutorial, but will save us some time later. Let's set up a Postgres container for our docker development environment. </p> <p>We can setup a basic development Postgres container by adding the following to our <em>docker-compose.yml</em> file (at the project root).</p> <p>Make sure to add the <code>dependency</code> key to the config of our <code>account</code> service. This makes sure to not spin up the container if there's an issue spinning up the <code>postgres-auth</code> container. </p> <p>Also set up a named volume for the Postgres container's data. You can add this volume under the <code>volumes</code> key with no indentation (at the same indentation as the <code>services</code> key).<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code> <span class="nn">...</span> <span class="na">postgres-auth</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s2">"</span><span class="s">postgres:alpine"</span> <span class="na">environment</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">POSTGRES_PASSWORD=password</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">5432:5432"</span> <span class="c1"># Set a volume for data and initial sql script</span> <span class="c1"># May configure initial db for future demo</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">pgdata_auth:/var/lib/postgresql/data"</span> <span class="c1"># - ./init:/docker-entrypoint-initdb.d/</span> <span class="na">command</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">postgres"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">-c"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">log_statement=all"</span><span class="pi">]</span> <span class="nn">...</span> <span class="na">account</span><span class="pi">:</span> <span class="na">build</span><span class="pi">:</span> <span class="na">context</span><span class="pi">:</span> <span class="s">./auth</span> <span class="na">target</span><span class="pi">:</span> <span class="s">builder</span> <span class="na">image</span><span class="pi">:</span> <span class="s">account</span> <span class="c1"># if we don't give image name, traefik won't create router 🤷‍♂️</span> <span class="na">expose</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">8080"</span> <span class="c1"># seems necessary for Traefik to have internal expose of port</span> <span class="na">labels</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.enable=true"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.account.rule=Host(`wordmem.test`)</span><span class="nv"> </span><span class="s">&amp;&amp;</span><span class="nv"> </span><span class="s">PathPrefix(`/api/account`)"</span> <span class="na">environment</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">ENV=dev</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">./auth:/go/src/app</span> <span class="na">depends_on</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">postgres-auth</span> <span class="na">volumes</span><span class="pi">:</span> <span class="na">pgdata_auth</span><span class="pi">:</span> </code></pre> </div> <p>Let's make sure we can run this. </p> <p><code>cd ..</code> to get to the root folder and run</p> <p><code>docker-compose up</code>.</p> <p>Hopefully you get logs showing your account and postgres containers up and running!</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fb5kh5st0hqbsx60pywte.PNG" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fb5kh5st0hqbsx60pywte.PNG" alt="Docker Logs"></a>)</p> <h2> Conclusion </h2> <p>Alright, I'm going to make an abrupt stop here. Thanks again for joining along!</p> <p>Next time we're going to work on creating our idToken (which also serves as an access token), as well as a refreshToken. We'll describe the differences between these tokens and how to create them.</p> <p>Until then, ¡cuídense!</p> go postgres authentication docker