Initial. API with JWT Authentication

Author: Raul-diffindo

.gitignore

@@ -0,0 +1,28 @@
+# Created by https://www.gitignore.io
+
+### Go ###
+# Compiled Object files, Static and Dynamic libs (Shared Objects)
+*.o
+*.a
+*.so
+
+# Folders
+_obj
+_test
+
+# Architecture specific extensions/prefixes
+*.[568vq]
+[568vq].out
+
+*.cgo1.go
+*.cgo2.c
+_cgo_defun.c
+_cgo_gotypes.go
+_cgo_export.*
+
+_testmain.go
+
+*.exe
+*.test
+*.prof
+.vagrant

Vagrantfile

@@ -0,0 +1,29 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+# Vagrantfile API/syntax version. Don't touch unless you know what you're doing!
+VAGRANTFILE_API_VERSION = "2"
+
+Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
+  # Every Vagrant virtual environment requires a box to build off of.
+  config.vm.box = "https://cloud-images.ubuntu.com/vagrant/trusty/current/trusty-server-cloudimg-amd64-vagrant-disk1.box"
+  config.vm.synced_folder '.', '/home/vagrant/go/src/api.jwt.auth/'
+
+
+  # Create a forwarded port mapping which allows access to a specific port
+  # within the machine from a port on the host machine. In the example below,
+  # accessing "localhost:8080" will access port 80 on the guest machine.
+  #config.vm.network "forwarded_port", guest: 8000, host: 8080
+
+  # Create a public network, which generally matched to bridged network.
+  # Bridged networks make the machine appear as another physical device on
+  # your network.
+  config.vm.network "public_network", ip: "192.168.1.210"
+
+  config.vm.provision "ansible" do |ansible|
+    ansible.playbook = "provision/playbook.yml"
+    ansible.host_key_checking = false
+    ansible.verbose = "vvvv"
+  end
+  
+end

api/parameters/auth.go

@@ -0,0 +1,7 @@
+package parameters
+
+import ()
+
+type TokenAuthentication struct {
+	Token string `json:"token" form:"token"`
+}

controllers/auth_controller.go

@@ -0,0 +1,41 @@
+package controllers
+
+import (
+	"api.jwt.auth/api/parameters"
+	"api.jwt.auth/core/authentication"
+	"api.jwt.auth/services/models"
+	"encoding/json"
+	"net/http"
+)
+
+func Login(w http.ResponseWriter, r *http.Request) {
+	request_user := new(models.User)
+	decoder := json.NewDecoder(r.Body)
+	decoder.Decode(&request_user)
+
+	authBackend := authentication.InitJWTAuthenticationBackend()
+
+	if authBackend.Authenticate(request_user) {
+		token := parameters.TokenAuthentication{authBackend.GenerateToken()}
+		response, _ := json.Marshal(token)
+		w.Header().Set("Content-Type", "application/json")
+		w.Write(response)
+
+	} else {
+		w.Header().Set("Content-Type", "application/json")
+		w.WriteHeader(http.StatusUnauthorized)
+		w.Write([]byte("Unauthorized"))
+	}
+}
+
+func RefresfhToken(w http.ResponseWriter, r *http.Request, next http.HandlerFunc) {
+	authBackend := authentication.InitJWTAuthenticationBackend()
+	token := parameters.TokenAuthentication{authBackend.GenerateToken()}
+	response, _ := json.Marshal(token)
+	w.Header().Set("Content-Type", "application/json")
+	w.Write(response)
+}
+
+func Logout(w http.ResponseWriter, r *http.Request, next http.HandlerFunc) {
+	w.Write([]byte("Unauthorized"))
+}

controllers/hello_controller.go

@@ -0,0 +1,9 @@
+package controllers
+
+import (
+	"net/http"
+)
+
+func HelloController(w http.ResponseWriter, r *http.Request, next http.HandlerFunc) {
+	w.Write([]byte("Hello, World!"))
+}

core/authentication/jwt_backend.go

@@ -0,0 +1,45 @@
+package authentication
+
+import (
+	"api.jwt.auth/services/models"
+	jwt "github.com/dgrijalva/jwt-go"
+	"golang.org/x/crypto/bcrypt"
+	"io/ioutil"
+	"path/filepath"
+)
+
+type JWTAuthenticationBackend struct {
+	privateKey []byte
+	PublicKey  []byte
+}
+
+func InitJWTAuthenticationBackend() *JWTAuthenticationBackend {
+	authBack := new(JWTAuthenticationBackend)
+	privateKeyPath, _ := filepath.Abs("./core/authentication/keys/private_key")
+	publicKeyPath, _ := filepath.Abs("./core/authentication/keys/public_key.pub")
+	authBack.privateKey, _ = ioutil.ReadFile(privateKeyPath)
+	authBack.PublicKey, _ = ioutil.ReadFile(publicKeyPath)
+
+	return authBack
+}
+
+func (backend *JWTAuthenticationBackend) GenerateToken() string {
+	token := jwt.New(jwt.GetSigningMethod("RS256"))
+	tokenString, _ := token.SignedString(backend.privateKey)
+	return tokenString
+}
+
+func (backend *JWTAuthenticationBackend) Authenticate(user *models.User) bool {
+	hashedPassword, _ := bcrypt.GenerateFromPassword([]byte("testing"), 10)
+
+	testUser := models.User{
+		Username: "haku",
+		Password: string(hashedPassword),
+	}
+
+	return user.Username == testUser.Username && bcrypt.CompareHashAndPassword([]byte(testUser.Password), []byte(user.Password)) == nil
+}
+
+func (backend *JWTAuthenticationBackend) Logout(token string) error {
+	return nil
+}

core/authentication/keys/private_key

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEA4w5xhil8YFSLptRxzQsiJgQm7DxfVx7nEFAndQDw/7a1VfIf
+hhzZlUYx6u+57kP4+JPhqLMl9hEPnJh2DMPV4wrQAOSe6pDK5UP/xZQx8ygy70lG
+fJ6MVo7mkXKaofKobOhkFIOhqtLU/6CrzFl+KdFIsD7pt+FxV6mMmPbnAvDN+hF5
+NwU6N61WGAZER8z7SSTgayGpuHdUKCdPwfuiUIEX3GxhskzV/ROiS+R/NbQZlsfm
+QqcBJ5FxhOtAVevi9s7x6LLTSQKopuuunSTTtu3ys/hs5m6AqNPPkLKqp6R8iXF1
+Lg0DMeQlFHYwEo3oRweMNhfYRzC3ukioSf+GuwIDAQABAoIBADlemeKLMujoE80Y
+WpSzXnJ6lBcWfgR2Q23EwuN2VG5YDONlZP+u5G8qKEyzO6hvNkYgn2DPuyS8VNR9
+VT6OcMmIHtxK57he01UwZDzY3/IPUydQvWWZbd4lBy7y5Q1MUbAK29avF7cgxD6+
+qwncBtusDJCzpLwYU1oR9ftkTyRXl8WzHUQ+/QILNnSCDsTrP8JsVaVxbd6FhKKn
+5sSyqM+dX7mtvVAOcj0OJSHZiit7fk5QG9Pi/5iP4pCdZf42sImsr++2GFOezfJd
+H5UU+ujTf+b4oGirnqgEDRrSr5IyykagWc07D2KJgyPzrkfFDxoB5C/ZC3C6C9AA
+Xwzd+GECgYEA5SPDfCMVBRFkYBoxKgbWEElquGiPMDSe+p6QSlX24UXFv8gzdtbT
+f33d27v2cpIOWYym3Er5JiSFq6oCr1cg9+mLP/tNc50sHrdHb8vRfn190nawFJHa
+eOe0b3ZePUtAxdd1HaZgq4bNnLYSbi//spdHuu6E1jZrzcmbvIm7PJECgYEA/awp
+rILMDvqHuGNlVr+kdcGfmFxA8y9Z1tZHLgqNjPQQlaOuyJn1cfYbIqghMLjk//Au
+VQ5gfKLc2abHQaVQ2dLqV846eNQvr+cnLQUrUqk41IZuN0HTMbvLHgOLkQNdsUMs
+1TmmPeMxh9X9cLqp7mZoY5CeWeWFOe3EJA1dZIsCgYEAklbf3yUMpJrx7wprQbrx
+9Z7dwH5OjGve6JJh9oemT0LfQ1dZvtj+ZBr/mPkXMR6keX6Bhol/S2Ph1ruSUWck
+0A/gdfFKCr9jUQ6eWgDif5UnyUUxuUFZNQRN0S3Yi+7GpFOxIUmDzagfIqmJZcPT
+2rwQ/IqeXayN9vR+ONABu3ECgYAECn4PdXXytyL6WPsASsU/6vmz36RZO2Pe/ELe
+BOUEXc7100mxgGJckmMURkFhGVDsktLqH/SBh8ak4PdDoHKNRcLd6zcbPaYU00XY
+fcCW7IMvP4T59F586FTwAXZztO4FKODJ9MUlLz1WwJ3s8cxLM+5tx5v+Kp3YsmTx
+fhUCyQKBgDCEkFexrqC2a1rHLh+pwTyvnE4JCVNt72FF8L51aEsG5tGGFvTvgUN6
+IlRCYASNhUK/3+hu337uOSolKXu0W+dFnp1/OLo6sUkuhxWGx3YLwGJygjSrOl5f
+3wIikQ0U/RjRr+/pI0/yw/w3Xcr7iUjei6SBxkiIeZL/749EcLNB
+-----END RSA PRIVATE KEY-----

core/authentication/keys/public_key.pub

@@ -0,0 +1,9 @@
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4w5xhil8YFSLptRxzQsi
+JgQm7DxfVx7nEFAndQDw/7a1VfIfhhzZlUYx6u+57kP4+JPhqLMl9hEPnJh2DMPV
+4wrQAOSe6pDK5UP/xZQx8ygy70lGfJ6MVo7mkXKaofKobOhkFIOhqtLU/6CrzFl+
+KdFIsD7pt+FxV6mMmPbnAvDN+hF5NwU6N61WGAZER8z7SSTgayGpuHdUKCdPwfui
+UIEX3GxhskzV/ROiS+R/NbQZlsfmQqcBJ5FxhOtAVevi9s7x6LLTSQKopuuunSTT
+tu3ys/hs5m6AqNPPkLKqp6R8iXF1Lg0DMeQlFHYwEo3oRweMNhfYRzC3ukioSf+G
+uwIDAQAB
+-----END PUBLIC KEY-----

core/authentication/middlewares.go

@@ -0,0 +1,20 @@
+package authentication
+
+import (
+	jwt "github.com/dgrijalva/jwt-go"
+	"net/http"
+)
+
+func RequireTokenAuthentication(rw http.ResponseWriter, req *http.Request, next http.HandlerFunc) {
+	authBackend := InitJWTAuthenticationBackend()
+
+	token, err := jwt.ParseFromRequest(req, func(token *jwt.Token) (interface{}, error) {
+		return authBackend.PublicKey, nil
+	})
+
+	if err == nil && token.Valid {
+		next(rw, req)
+	} else {
+		rw.WriteHeader(http.StatusUnauthorized)
+	}
+}

provision/playbook.yml

@@ -0,0 +1,15 @@
+- name: Create a {{ application_name }} virtual machine via vagrant
+  hosts: all
+  sudo: yes
+  sudo_user: root
+  remote_user: vagrant
+  vars:
+    - update_apt_cache: yes
+  vars_files:
+    - vars.yml
+
+  roles:
+    - base
+    - postgresql
+    - golang
+    - redis

provision/roles/base/tasks/main.yml

@@ -0,0 +1,18 @@
+- name: Ensure OpenSSl and libssl are the latest versions
+  apt: name={{ item }} update_cache=yes state=latest
+  with_items:
+    - openssl
+    - libssl-dev
+    - libssl-doc
+  tags: packages
+
+- name: Install base packages
+  apt: name={{ item }} update_cache=yes force=yes state=installed
+  with_items:
+    - build-essential
+    - ntp
+    - htop
+    - git
+    - meld 
+    - mercurial
+  tags: packages

provision/roles/golang/files/go-bin.sh

@@ -0,0 +1 @@
+export PATH=$PATH:/usr/local/go/bin

provision/roles/golang/files/go-path.sh

@@ -0,0 +1,2 @@
+export GOPATH=$HOME/go
+export PATH=$GOPATH/bin:$PATH

provision/roles/golang/tasks/main.yml

@@ -0,0 +1,23 @@
+---
+- name: Download the Go tarball
+  get_url: url={{ go_download_location }}
+           dest=/usr/local/src/{{ go_tarball }}
+           sha256sum={{ go_tarball_checksum }}
+
+- name: Register the current Go version (if any)
+  command: /usr/local/go/bin/go version
+  ignore_errors: yes
+  register: go_version
+
+- name: Extract the Go tarball if Go is not yet installed or if it is not the desired version
+  command: tar -C /usr/local -xf /usr/local/src/{{ go_tarball }}
+  when: go_version|failed or go_version.stdout != go_version_target
+
+- name: Add the Go bin directory to the PATH environment variable for all users
+  copy: src=go-bin.sh
+        dest=/etc/profile.d
+
+- name: Set GOPATH for all users
+  copy: src=go-path.sh
+        dest=/etc/profile.d
+

provision/roles/golang/vars/main.yml

@@ -0,0 +1,5 @@
+go_tarball: "go1.4.2.linux-amd64.tar.gz"
+go_tarball_checksum: "141b8345932641483c2437bdbd65488a269282ac85f91170805c273f03dd223b"
+go_version_target: "go version go1.4.2 linux/amd64"
+
+go_download_location: "http://golang.org/dl/{{ go_tarball }}"

provision/roles/postgresql/handlers/main.yml

@@ -0,0 +1,8 @@
+---
+# handlers file for postgresql
+- name: restart postgresql
+  service:
+    name: postgresql
+    state: restarted
+    arguments: "{{ pg_version }}"
+  sudo: true

provision/roles/postgresql/tasks/extensions_common.yml

@@ -0,0 +1,14 @@
+---
+- name: Install development headers
+  apt: pkg="libpq-dev"
+  sudo: yes
+  when: pg_dev_headers == True
+  tags:
+    - postgresql
+
+- name: Install PostgreSQL contribs
+  apt: pkg="postgresql-contrib-{{ pg_version }}"
+  sudo: yes
+  when: pg_contrib
+  tags:
+    - postgresql