From 0132e27456b058b31ae13c486faccde59429727d Mon Sep 17 00:00:00 2001 From: Daison Carino Date: Tue, 28 May 2024 10:36:58 +0800 Subject: [PATCH] Initialize project --- .github/workflows/go.yml | 32 ++++ .vscode/extensions.json | 12 ++ .vscode/settings.json | 3 + Dockerfile | 38 +++++ LICENSE | 201 ++++++++++++++++++++++++ Makefile | 43 ++++++ README.MD | 69 +++++++++ cmd/cli/.gitkeep | 5 + cmd/http/admin_routes.go | 15 ++ cmd/http/api_routes.go | 83 ++++++++++ cmd/http/main.go | 95 ++++++++++++ cmd/http/web_routes.go | 15 ++ fly.toml | 28 ++++ go.mod | 43 ++++++ go.sum | 96 ++++++++++++ internal/auth/jwt.go | 88 +++++++++++ internal/auth/login.go | 91 +++++++++++ internal/auth/register.go | 167 ++++++++++++++++++++ internal/auth/register_template.html | 65 ++++++++ internal/auth/user_model.go | 43 ++++++ internal/auth/verify_email.go | 47 ++++++ internal/mailer/mailer.go | 39 +++++ migrations/20240525023848_init.sql | 51 ++++++ migrations/20240526152258_api_keys.sql | 18 +++ migrations/fly.toml | 69 +++++++++ pkg/db/db.go | 19 +++ pkg/utils/crypt.go | 148 ++++++++++++++++++ pkg/utils/crypt_test.go | 48 ++++++ pkg/utils/helpers.go | 92 +++++++++++ pkg/utils/log.go | 68 ++++++++ pkg/utils/middlewares.go | 205 +++++++++++++++++++++++++ pkg/utils/response.go | 83 ++++++++++ pkg/utils/types.go | 7 + sqlc.yaml | 12 ++ sqlc/api_keys_query.sql | 8 + sqlc/queries/api_keys_query.sql.go | 52 +++++++ sqlc/queries/db.go | 31 ++++ sqlc/queries/models.go | 30 ++++ sqlc/queries/users_query.sql.go | 76 +++++++++ sqlc/users_query.sql | 11 ++ 40 files changed, 2346 insertions(+) create mode 100644 .github/workflows/go.yml create mode 100644 .vscode/extensions.json create mode 100644 .vscode/settings.json create mode 100644 Dockerfile create mode 100644 LICENSE create mode 100644 Makefile create mode 100644 README.MD create mode 100644 cmd/cli/.gitkeep create mode 100644 cmd/http/admin_routes.go create mode 100644 cmd/http/api_routes.go create mode 100644 cmd/http/main.go create mode 100644 cmd/http/web_routes.go create mode 100644 fly.toml create mode 100644 go.mod create mode 100644 go.sum create mode 100644 internal/auth/jwt.go create mode 100644 internal/auth/login.go create mode 100644 internal/auth/register.go create mode 100644 internal/auth/register_template.html create mode 100644 internal/auth/user_model.go create mode 100644 internal/auth/verify_email.go create mode 100644 internal/mailer/mailer.go create mode 100644 migrations/20240525023848_init.sql create mode 100644 migrations/20240526152258_api_keys.sql create mode 100644 migrations/fly.toml create mode 100644 pkg/db/db.go create mode 100644 pkg/utils/crypt.go create mode 100644 pkg/utils/crypt_test.go create mode 100644 pkg/utils/helpers.go create mode 100644 pkg/utils/log.go create mode 100644 pkg/utils/middlewares.go create mode 100644 pkg/utils/response.go create mode 100644 pkg/utils/types.go create mode 100644 sqlc.yaml create mode 100644 sqlc/api_keys_query.sql create mode 100644 sqlc/queries/api_keys_query.sql.go create mode 100644 sqlc/queries/db.go create mode 100644 sqlc/queries/models.go create mode 100644 sqlc/queries/users_query.sql.go create mode 100644 sqlc/users_query.sql diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml new file mode 100644 index 0000000..e530729 --- /dev/null +++ b/.github/workflows/go.yml @@ -0,0 +1,32 @@ +name: Go + +on: + push: + branches: [ '**' ] + pull_request: + branches: [ '**' ] + +jobs: + + build: + name: Build + runs-on: ubuntu-latest + steps: + + - name: Set up Go 1.x + uses: actions/setup-go@v2 + with: + go-version: ^1.13 + id: go + + - name: Check out code into the Go module directory + uses: actions/checkout@v2 + + - name: Get dependencies + run: go get -v -t -d ./... + + - name: Test + run: go test -v -coverprofile cover.out ./internal/... ./pkg/... + + - name: Generate coverage report + run: go tool cover -html cover.out -o cover.html diff --git a/.vscode/extensions.json b/.vscode/extensions.json new file mode 100644 index 0000000..577edaf --- /dev/null +++ b/.vscode/extensions.json @@ -0,0 +1,12 @@ +{ + "recommendations": [ + "golang.go", + "msyrus.go-doc", + "766b.go-outliner", + "premparihar.gotestexplorer", + "xiaoxin-technology.goctl", + "casualjim.gotemplate", + "dunstontc.vscode-go-syntax", + "eamodio.gitlens" + ] +} diff --git a/.vscode/settings.json b/.vscode/settings.json new file mode 100644 index 0000000..02b7cd0 --- /dev/null +++ b/.vscode/settings.json @@ -0,0 +1,3 @@ +{ + "go.testFlags": ["-v"] +} diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..4637f46 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,38 @@ +# ------------------------------------------------------------------------------------ +# BUILDER +# ------------------------------------------------------------------------------------ + +FROM golang:alpine AS builder + +WORKDIR /app + +COPY cmd/ /app/cmd/ +COPY internal/ /app/internal/ +COPY pkg/ /app/pkg/ +COPY sqlc/ /app/sqlc/ +COPY go.mod /app/ +COPY go.sum /app/ + +RUN (cd /app && go mod download) +RUN (cd /app/cmd/http/ && CGO_ENABLED=0 GOOS=linux go build -a -o main) + +# for cgo enabled, uncomment below +# RUN apk add --no-cache gcc g++ libc-dev +# RUN (cd /app/cmd/http/ && CGO_ENABLED=1 GOOS=linux go build -a -o main) + +# ------------------------------------------------------------------------------------ +# RUNNER +# ------------------------------------------------------------------------------------ + +FROM alpine:latest + +RUN apk --no-cache add ca-certificates + +WORKDIR /root + +COPY dumps/ /root/dumps/ +COPY --from=builder /app/cmd/http/main /root/ + +EXPOSE 8080 + +CMD /root/main diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..261eeb9 --- /dev/null +++ b/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..b673a7b --- /dev/null +++ b/Makefile @@ -0,0 +1,43 @@ +run: + LOG_LEVEL="debug" \ + JWT_KEY="YourJWTKeyHere" \ + APP_KEY="YourAPPKeyHere" \ + MAILGUN_DOMAIN="mailer.acme.com" \ + MAILGUN_API_KEY="YourMailgunAPIKey" \ + MAIL_FROM="no-reply@acme.com" \ + DB_STRING="postgres://postgres:YourPostgresPassword@localhost:5432/acme_dev?sslmode=disable" \ + go run ./cmd/http + +build-individual: + (cd ./cmd/$(dir)/ && GOOS=darwin GOARCH=amd64 go build -o main-darwin.bin) + (cd ./cmd/$(dir)/ && GOOS=linux GOARCH=arm64 go build -o main-linux-arm64.bin) + +build: + for dir in $$(ls -d ./cmd/*/); do \ + make build-individual dir=$$(basename $$dir); \ + done + +clean: + rm -f ./cmd/*/*.bin + +deploy: + fly deploy + +remove-ds-store: + find . -name .DS_Store -delete + +dbproxy: + make dbstart && fly proxy 5432 -a pg-prod-acme-com + +dbstart: + (cd migrations && fly machines start) + +dbstop: + (cd migrations && fly machines stop) + +goose: + GOOSE_DRIVER=postgres GOOSE_DBSTRING="postgres://postgres:YourPostgresPassword@localhost:5432/acme_dev" goose -dir=migrations $(filter-out $@,$(MAKECMDGOALS)) + +%: + @: + diff --git a/README.MD b/README.MD new file mode 100644 index 0000000..c709bf4 --- /dev/null +++ b/README.MD @@ -0,0 +1,69 @@ +# Web Golang 101 + +Web Golang 101 is an open-source project designed to provide a practical and direct approach to integrating Golang into your web platform. It offers a robust set of features including Sentry DSN, Zero Log, Mailgun, Goose Migration, SQLc, and AES-CBC-256 Encryption, all designed to align with the standards of popular web frameworks like Laravel. + +The project now includes prebuilt endpoints for registration, email verification, login, and token refresh. These endpoints utilize JSON Web Tokens (JWT) for secure authentication and session management, serving as a comprehensive starting point for building secure and efficient web applications with Golang. This JWT-based approach ensures a stateless, scalable solution that can easily integrate with various front-end frameworks. + +The project also integrates with SENTRY_LEVEL (default: "warn") and includes an encrypted users table where the email is stored as an encrypted value. + +## Features + +- :white_check_mark: Sentry DSN +- :white_check_mark: Zero Log + - integrated with `SENTRY_LEVEL` (default: "warn") +- :white_check_mark: Mailgun +- :white_check_mark: Goose Migration +- :white_check_mark: SQLc +- :white_check_mark: AES-CBC-256 Encryption + - Follows most of web frameworks standards such as Laravel +- :white_check_mark: Encrypted `users` table + - This is where the `email` and password are stored in encrypted value + - The `email_hash` is also stored as sha256 for filtering purposes + +## ENV Vars + +``` +APP_KEY="YourAPPKeyHere" +CORS_ORIGIN=api.acme.com +DB_STRING="postgres://postgres:YourPostgresPassword@localhost:5432/acme_dev?sslmode=disable" +IP_CLIENT_HEADER_KEY="Fly-Client-IP" +JWT_KEY="YourJWTKeyHere" +LOG_LEVEL="warn" +MAIL_FROM="no-reply@acme.com" +MAILGUN_API_KEY="YourMailgunAPIKey" +MAILGUN_DOMAIN="mailer.acme.com" +PORT="8080" +SENTRY_DSN="" +SENTRY_LEVEL="warn" +``` + +## Prebuilt Endpoints + +- :white_check_mark: /register +- :white_check_mark: /verify-email/{token} +- :white_check_mark: /login +- :white_check_mark: /refresh-token + +## Makefile + +To run a local server + +```bash +make run +``` + +To tunnel the database (via fly.io) + +```bash +make dbproxy +``` + +Calling goose + +```bash +make goose +``` + +## License + +This project is licensed under the terms of the Apache 2.0 license. For more details, see the [LICENSE](LICENSE) file in the project root. diff --git a/cmd/cli/.gitkeep b/cmd/cli/.gitkeep new file mode 100644 index 0000000..6950fb7 --- /dev/null +++ b/cmd/cli/.gitkeep @@ -0,0 +1,5 @@ +This is where we will create main files for doing cli based apps, such as: +- patching database records +- downloading information +- background jobs +- etc. diff --git a/cmd/http/admin_routes.go b/cmd/http/admin_routes.go new file mode 100644 index 0000000..a7aec0b --- /dev/null +++ b/cmd/http/admin_routes.go @@ -0,0 +1,15 @@ +package main + +import ( + "net/http" + + "github.com/go-chi/chi/v5" +) + +func adminRoutes() *chi.Mux { + r := chi.NewRouter() + r.Get("/", func(w http.ResponseWriter, r *http.Request) { + w.Write([]byte("Admin route")) + }) + return r +} diff --git a/cmd/http/api_routes.go b/cmd/http/api_routes.go new file mode 100644 index 0000000..264fbca --- /dev/null +++ b/cmd/http/api_routes.go @@ -0,0 +1,83 @@ +package main + +import ( + "net/http" + + "web-golang-101/internal/auth" + "web-golang-101/pkg/utils" + + "github.com/go-chi/chi/v5" +) + +func apiRoutes() *chi.Mux { + apiRouter := chi.NewRouter() + apiRouter.Get("/", func(w http.ResponseWriter, r *http.Request) { + w.Write([]byte("API Route")) + }) + + apiRouter.Post("/register", registerHandler) + apiRouter.Get("/verify-email/{token}", verifyEmailHandler) + apiRouter.Post("/login", loginHandler) + apiRouter.Post("/refresh-token", refreshTokenHandler) + + apiRouter.Route("/", func(r chi.Router) { + r.Use(utils.ApiKeyMiddleware) + + // you can add endpoints here to be protected by the API key + // basically they need to provide the API key for them to + // access the endpoint + // r.Post("/my-paid-api-service", myPaidApiServiceHandler) + }) + + return apiRouter +} + +// registerHandler +func registerHandler(w http.ResponseWriter, r *http.Request) { + logic := func(body []byte) (any, error) { + return auth.Register(r, body) + } + + data, err := utils.CommonJsonHandler(r, logic) + resp := utils.NewResponse(w) + + if err != nil { + if ok := resp.WriteValidationError(err); ok { + return + } + + resp.WriteErrorResponse(err.Error(), http.StatusInternalServerError) + return + } + + resp.WriteSuccessResponse("Registered successfully", data) +} + +// loginHandler +func loginHandler(w http.ResponseWriter, r *http.Request) { + logic := func(body []byte) (any, error) { + return auth.Login(r, body) + } + utils.CommonHandler(w, r, "Logged in successfully", logic) +} + +// refreshTokenHandler +func refreshTokenHandler(w http.ResponseWriter, r *http.Request) { + logic := func(body []byte) (any, error) { + return auth.RefreshToken(r, body) + } + utils.CommonHandler(w, r, "Token refreshed successfully", logic) +} + +// verifyEmailHandler +func verifyEmailHandler(w http.ResponseWriter, r *http.Request) { + token := chi.URLParam(r, "token") + logic := func(body []byte) (any, error) { + result, err := auth.VerifyEmail(token) + if !result { + return nil, err + } + return nil, nil + } + utils.CommonHandler(w, r, "Verified email successfully", logic) +} diff --git a/cmd/http/main.go b/cmd/http/main.go new file mode 100644 index 0000000..c128ab7 --- /dev/null +++ b/cmd/http/main.go @@ -0,0 +1,95 @@ +package main + +import ( + "flag" + "fmt" + "log" + "net/http" + "os" + "regexp" + "time" + + "web-golang-101/pkg/utils" + + "github.com/go-chi/chi/v5" + "github.com/go-chi/httprate" + _ "github.com/lib/pq" +) + +var port string +var dsn string +var appKey string + +func init() { + flag.StringVar(&port, "port", "", "Port to run the server on") + flag.StringVar(&dsn, "dsn", "", "Sentry DSN") + flag.StringVar(&appKey, "appKey", "", "Application Key") + flag.Parse() + + if port == "" { + port = utils.GetEnvWithDefault("PORT", "8080") + } + if dsn == "" { + dsn = os.Getenv("SENTRY_DSN") + } + if appKey == "" { + appKey = os.Getenv("APP_KEY") + } + + utils.InitializeSentry(dsn) + utils.InitializeAppKey(appKey) +} + +func main() { + r := chi.NewRouter() + + r.Use(httprate.Limit(30, 1*time.Minute, httprate.WithKeyFuncs(utils.KeyByRealIP))) + r.Use(utils.CaptureErrors) + r.Use(utils.CorsMiddleware) + r.Use(utils.LogRequest) + + apiRouter := apiRoutes() + webRouter := webRoutes() + adminRouter := adminRoutes() + + // Localhost routes + localhostRouter := chi.NewRouter() + localhostRouter.Mount("/api", apiRouter) + localhostRouter.Mount("/admin", adminRouter) + localhostRouter.Mount("/", webRouter) + + hr := &HostRouter{} + hr.Map("^localhost:\\d+$", localhostRouter) + hr.Map("api\\.(.*)", apiRouter) + hr.Map("admin\\.(.*)", adminRouter) + hr.Map("(.*)", webRouter) + r.Mount("/", hr) + + fmt.Printf("Server is listening on port %s...\n", port) + log.Fatal(http.ListenAndServe(":"+port, r)) +} + +type Route struct { + Pattern *regexp.Regexp + Handler http.Handler +} + +type HostRouter struct { + Routes []*Route +} + +func (hr *HostRouter) Map(pattern string, handler http.Handler) { + re := regexp.MustCompile(pattern) + route := &Route{Pattern: re, Handler: handler} + hr.Routes = append(hr.Routes, route) +} + +func (hr *HostRouter) ServeHTTP(w http.ResponseWriter, r *http.Request) { + for _, route := range hr.Routes { + if route.Pattern.MatchString(r.Host) { + route.Handler.ServeHTTP(w, r) + return + } + } + http.NotFound(w, r) +} diff --git a/cmd/http/web_routes.go b/cmd/http/web_routes.go new file mode 100644 index 0000000..d97e9da --- /dev/null +++ b/cmd/http/web_routes.go @@ -0,0 +1,15 @@ +package main + +import ( + "net/http" + + "github.com/go-chi/chi/v5" +) + +func webRoutes() *chi.Mux { + r := chi.NewRouter() + r.Get("/", func(w http.ResponseWriter, r *http.Request) { + w.Write([]byte("Web route")) + }) + return r +} diff --git a/fly.toml b/fly.toml new file mode 100644 index 0000000..17f4a44 --- /dev/null +++ b/fly.toml @@ -0,0 +1,28 @@ +# fly.toml app configuration file generated for api-acme-com on 2024-05-25T09:11:28+08:00 +# +# See https://fly.io/docs/reference/configuration/ for information about how to use this file. +# + +app = 'api-acme-com' +kill_signal = 'SIGINT' +kill_timeout = '5s' + +[[services]] + protocol = 'tcp' + internal_port = 8080 + + [[services.ports]] + port = 80 + handlers = ['http'] + + [[services.ports]] + port = 443 + handlers = ['tls', 'http'] + + [services.concurrency] + hard_limit = 25 + soft_limit = 20 + + [[services.tcp_checks]] + interval = '10s' + timeout = '2s' diff --git a/go.mod b/go.mod new file mode 100644 index 0000000..6e7891c --- /dev/null +++ b/go.mod @@ -0,0 +1,43 @@ +module web-golang-101 + +go 1.21.1 + +require ( + github.com/go-chi/chi/v5 v5.0.8 + github.com/go-playground/locales v0.14.1 + github.com/go-playground/universal-translator v0.18.1 + golang.org/x/time v0.3.0 +) + +require ( + github.com/cespare/xxhash/v2 v2.1.2 // indirect + github.com/davecgh/go-spew v1.1.1 // indirect + github.com/json-iterator/go v1.1.12 // indirect + github.com/kr/pretty v0.2.1 // indirect + github.com/leodido/go-urn v1.4.0 // indirect + github.com/mattn/go-colorable v0.1.13 // indirect + github.com/mattn/go-isatty v0.0.20 // indirect + github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect + github.com/modern-go/reflect2 v1.0.2 // indirect + github.com/pkg/errors v0.9.1 // indirect + github.com/pmezard/go-difflib v1.0.0 // indirect + golang.org/x/sys v0.20.0 // indirect + gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 // indirect + gopkg.in/go-playground/assert.v1 v1.2.1 // indirect + gopkg.in/yaml.v3 v3.0.1 // indirect +) + +require ( + github.com/forgoer/openssl v1.6.0 + github.com/getsentry/sentry-go v0.27.0 + github.com/go-chi/httprate v0.9.0 + github.com/go-playground/validator v9.31.0+incompatible + github.com/golang-jwt/jwt/v5 v5.2.1 + github.com/lib/pq v1.10.9 + github.com/mailgun/mailgun-go/v4 v4.12.0 + github.com/patrickmn/go-cache v2.1.0+incompatible + github.com/rs/zerolog v1.32.0 + github.com/stretchr/testify v1.9.0 + golang.org/x/crypto v0.23.0 + golang.org/x/text v0.15.0 // indirect +) diff --git a/go.sum b/go.sum new file mode 100644 index 0000000..6656320 --- /dev/null +++ b/go.sum @@ -0,0 +1,96 @@ +github.com/cespare/xxhash/v2 v2.1.2 h1:YRXhKfTDauu4ajMg1TPgFO5jnlC2HCbmLXMcTG5cbYE= +github.com/cespare/xxhash/v2 v2.1.2/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= +github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= +github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= +github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/facebookgo/ensure v0.0.0-20160127193407-b4ab57deab51 h1:0JZ+dUmQeA8IIVUMzysrX4/AKuQwWhV2dYQuPZdvdSQ= +github.com/facebookgo/ensure v0.0.0-20160127193407-b4ab57deab51/go.mod h1:Yg+htXGokKKdzcwhuNDwVvN+uBxDGXJ7G/VN1d8fa64= +github.com/facebookgo/stack v0.0.0-20160209184415-751773369052 h1:JWuenKqqX8nojtoVVWjGfOF9635RETekkoH6Cc9SX0A= +github.com/facebookgo/stack v0.0.0-20160209184415-751773369052/go.mod h1:UbMTZqLaRiH3MsBH8va0n7s1pQYcu3uTb8G4tygF4Zg= +github.com/facebookgo/subset v0.0.0-20150612182917-8dac2c3c4870 h1:E2s37DuLxFhQDg5gKsWoLBOB0n+ZW8s599zru8FJ2/Y= +github.com/facebookgo/subset v0.0.0-20150612182917-8dac2c3c4870/go.mod h1:5tD+neXqOorC30/tWg0LCSkrqj/AR6gu8yY8/fpw1q0= +github.com/forgoer/openssl v1.6.0 h1:IueL+UfH0hKo99xFPojHLlO3QzRBQqFY+Cht0WwtOC0= +github.com/forgoer/openssl v1.6.0/go.mod h1:9DZ4yOsQmveP0aXC/BpQ++Y5TKaz5yR9+emcxmIZNZs= +github.com/getsentry/sentry-go v0.27.0 h1:Pv98CIbtB3LkMWmXi4Joa5OOcwbmnX88sF5qbK3r3Ps= +github.com/getsentry/sentry-go v0.27.0/go.mod h1:lc76E2QywIyW8WuBnwl8Lc4bkmQH4+w1gwTf25trprY= +github.com/go-chi/chi/v5 v5.0.8 h1:lD+NLqFcAi1ovnVZpsnObHGW4xb4J8lNmoYVfECH1Y0= +github.com/go-chi/chi/v5 v5.0.8/go.mod h1:DslCQbL2OYiznFReuXYUmQ2hGd1aDpCnlMNITLSKoi8= +github.com/go-chi/httprate v0.9.0 h1:21A+4WDMDA5FyWcg7mNrhj63aNT8CGh+Z1alOE/piU8= +github.com/go-chi/httprate v0.9.0/go.mod h1:6GOYBSwnpra4CQfAKXu8sQZg+nZ0M1g9QnyFvxrAB8A= +github.com/go-errors/errors v1.4.2 h1:J6MZopCL4uSllY1OfXM374weqZFFItUbrImctkmUxIA= +github.com/go-errors/errors v1.4.2/go.mod h1:sIVyrIiJhuEF+Pj9Ebtd6P/rEYROXFi3BopGUQ5a5Og= +github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA= +github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY= +github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY= +github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY= +github.com/go-playground/validator v9.31.0+incompatible h1:UA72EPEogEnq76ehGdEDp4Mit+3FDh548oRqwVgNsHA= +github.com/go-playground/validator v9.31.0+incompatible/go.mod h1:yrEkQXlcI+PugkyDjY2bRrL/UBU4f3rvrgkN3V8JEig= +github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= +github.com/golang-jwt/jwt/v5 v5.2.1 h1:OuVbFODueb089Lh128TAcimifWaLhJwVflnrgM17wHk= +github.com/golang-jwt/jwt/v5 v5.2.1/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk= +github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= +github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= +github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= +github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= +github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= +github.com/kr/pretty v0.2.1 h1:Fmg33tUaq4/8ym9TJN1x7sLJnHVwhP33CNkpYV/7rwI= +github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= +github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= +github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE= +github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= +github.com/leodido/go-urn v1.4.0 h1:WT9HwE9SGECu3lg4d/dIA+jxlljEa1/ffXKmRjqdmIQ= +github.com/leodido/go-urn v1.4.0/go.mod h1:bvxc+MVxLKB4z00jd1z+Dvzr47oO32F/QSNjSBOlFxI= +github.com/lib/pq v1.10.9 h1:YXG7RB+JIjhP29X+OtkiDnYaXQwpS4JEWq7dtCCRUEw= +github.com/lib/pq v1.10.9/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o= +github.com/mailgun/mailgun-go/v4 v4.12.0 h1:TtuQCgqSp4cB6swPxP5VF/u4JeeBIAjTdpuQ+4Usd/w= +github.com/mailgun/mailgun-go/v4 v4.12.0/go.mod h1:L9s941Lgk7iB3TgywTPz074pK2Ekkg4kgbnAaAyJ2z8= +github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA= +github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg= +github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= +github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= +github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= +github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= +github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= +github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= +github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= +github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= +github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M= +github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= +github.com/patrickmn/go-cache v2.1.0+incompatible h1:HRMgzkcYKYpi3C8ajMPV8OFXaaRUnok+kx1WdO15EQc= +github.com/patrickmn/go-cache v2.1.0+incompatible/go.mod h1:3Qf8kWWT7OJRJbdiICTKqZju1ZixQ/KpMGzzAfe6+WQ= +github.com/pingcap/errors v0.11.4 h1:lFuQV/oaUMGcD2tqt+01ROSmJs75VG1ToEOkZIZ4nE4= +github.com/pingcap/errors v0.11.4/go.mod h1:Oi8TUi2kEtXXLMJk9l1cGmz20kV3TaQ0usTwv5KuLY8= +github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= +github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= +github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/rs/xid v1.5.0/go.mod h1:trrq9SKmegXys3aeAKXMUTdJsYXVwGY3RLcfgqegfbg= +github.com/rs/zerolog v1.32.0 h1:keLypqrlIjaFsbmJOBdB/qvyF8KEtCWHwobLp5l/mQ0= +github.com/rs/zerolog v1.32.0/go.mod h1:/7mN4D5sKwJLZQ2b/znpjC3/GQWY/xaDXUM0kKWRHss= +github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= +github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= +github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= +github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= +golang.org/x/crypto v0.23.0 h1:dIJU/v2J8Mdglj/8rJ6UUOM3Zc9zLZxVZwwxMooUSAI= +golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8= +golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y= +golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/text v0.15.0 h1:h1V/4gjBv8v9cjcR6+AR5+/cIYK5N/WAgiv4xlsEtAk= +golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= +golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4= +golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY= +gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/go-playground/assert.v1 v1.2.1 h1:xoYuJVE7KT85PYWrN730RguIQO0ePzVRfFMXadIrXTM= +gopkg.in/go-playground/assert.v1 v1.2.1/go.mod h1:9RXL0bg/zibRAgZUYszZSwO/z8Y/a8bDuhia5mkpMnE= +gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= +gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= diff --git a/internal/auth/jwt.go b/internal/auth/jwt.go new file mode 100644 index 0000000..16dd74c --- /dev/null +++ b/internal/auth/jwt.go @@ -0,0 +1,88 @@ +package auth + +import ( + "errors" + "os" + "time" + + "github.com/golang-jwt/jwt/v5" +) + +func getJWTKey() []byte { + jwtKey := os.Getenv("JWT_KEY") + if jwtKey == "" { + panic("JWT_KEY is not set") + } + return []byte(jwtKey) +} + +type Claims struct { + UserID string `json:"user_id"` + For string `json:"for"` + jwt.RegisteredClaims +} + +func GenerateToken(userID string) (string, error) { + // Generate access token + expirationTime := time.Now().Add(1 * time.Hour) + claims := &Claims{ + UserID: userID, + For: "access_token", + RegisteredClaims: jwt.RegisteredClaims{ + ExpiresAt: jwt.NewNumericDate(expirationTime), + }, + } + + token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims) + tokenString, err := token.SignedString(getJWTKey()) + if err != nil { + return "", err + } + + return tokenString, nil +} + +func GenerateRefreshToken(userID string) (string, error) { + // Generate refresh token + refreshExpirationTime := time.Now().Add(30 * 24 * time.Hour) + refreshClaims := &Claims{ + UserID: userID, + For: "refresh_token", + RegisteredClaims: jwt.RegisteredClaims{ + ExpiresAt: jwt.NewNumericDate(refreshExpirationTime), + }, + } + + refreshToken := jwt.NewWithClaims(jwt.SigningMethodHS256, refreshClaims) + refreshTokenString, err := refreshToken.SignedString(getJWTKey()) + if err != nil { + return "", err + } + + return refreshTokenString, nil +} + +func VerifyRefreshToken(refreshTokenString string) (string, error) { + // Verify the refresh token + claims := &Claims{} + tkn, err := jwt.ParseWithClaims(refreshTokenString, claims, func(token *jwt.Token) (interface{}, error) { + return getJWTKey(), nil + }) + + if err != nil { + if err == jwt.ErrSignatureInvalid { + return "", errors.New("refresh token is invalid") + } + return "", err + } + + if !tkn.Valid { + return "", errors.New("refresh token is invalid") + } + + if claims.For != "refresh_token" { + return "", errors.New("claim `for` is not 'refresh_token'") + } + + return claims.UserID, nil +} diff --git a/internal/auth/login.go b/internal/auth/login.go new file mode 100644 index 0000000..9d61d39 --- /dev/null +++ b/internal/auth/login.go @@ -0,0 +1,91 @@ +package auth + +import ( + "context" + "encoding/json" + "errors" + "net/http" + "strings" + + "web-golang-101/pkg/db" + "web-golang-101/pkg/utils" + "web-golang-101/sqlc/queries" +) + +type loginInput struct { + Email string `json:"email"` + Password string `json:"password"` +} + +type TokenResponse struct { + AccessToken string `json:"access_token"` + RefreshToken string `json:"refresh_token"` +} + +func Login(r *http.Request, body []byte) (*TokenResponse, error) { + var input loginInput + err := json.Unmarshal(body, &input) + if err != nil { + return nil, err + } + + conn, err := db.NewConnection() + if err != nil { + return nil, err + } + defer conn.DB.Close() + + q := queries.New(conn.DB) + user, err := q.FindByEmail(context.Background(), utils.HashStr(input.Email)) + if err != nil { + return nil, err + } + + if !utils.CheckPassword(user.Password, input.Password) { + return nil, errors.New("email or password is invalid") + } + + tokenString, err := GenerateToken(user.ID) + if err != nil { + return nil, err + } + + refreshTokenString, err := GenerateRefreshToken(user.ID) + if err != nil { + return nil, err + } + + return &TokenResponse{ + AccessToken: tokenString, + RefreshToken: refreshTokenString, + }, nil +} + +func RefreshToken(r *http.Request, body []byte) (*TokenResponse, error) { + bearer := r.Header.Get("Authorization") + if bearer == "" { + return nil, errors.New("authorization header is required") + } + + refreshToken := strings.TrimPrefix(bearer, "Bearer ") + + userID, err := VerifyRefreshToken(refreshToken) + if err != nil { + return nil, err + } + + tokenString, err := GenerateToken(userID) + if err != nil { + return nil, err + } + + refreshTokenString, err := GenerateRefreshToken(userID) + if err != nil { + return nil, err + } + + return &TokenResponse{ + AccessToken: tokenString, + RefreshToken: refreshTokenString, + }, nil +} diff --git a/internal/auth/register.go b/internal/auth/register.go new file mode 100644 index 0000000..ecf9cbc --- /dev/null +++ b/internal/auth/register.go @@ -0,0 +1,167 @@ +package auth + +import ( + "bytes" + "context" + "database/sql" + "embed" + "encoding/json" + "errors" + "fmt" + "net/http" + "text/template" + + "web-golang-101/internal/mailer" + "web-golang-101/pkg/db" + "web-golang-101/pkg/utils" + "web-golang-101/sqlc/queries" +) + +// TODO +// 1. Validate the input using golvalidator +type registerInput struct { + Email string `json:"email" validate:"required,email"` + Password string `json:"password" validate:"required"` + PasswordConfirm string `json:"password_confirm" validate:"required,eqfield=Password"` + FirstName string `json:"first_name,omitempty" validate:"required"` + LastName string `json:"last_name,omitempty" validate:"required"` +} + +func Register(r *http.Request, body []byte) (*User, error) { + var input registerInput + err := json.Unmarshal(body, &input) + if err != nil { + return nil, err + } + + err = utils.Validator().Struct(input) + if err != nil { + return nil, err + } + + c := utils.NewCrypt() + email, err := c.Encrypt(input.Email) + if err != nil { + return nil, err + } + + password, err := utils.HashPassword(input.Password) + if err != nil { + return nil, err + } + + user := &User{ + Email: email, + EmailHash: utils.HashStr(input.Email), + Password: password, + FirstName: sql.NullString{String: input.FirstName, Valid: input.FirstName != ""}, + LastName: sql.NullString{String: input.LastName, Valid: input.LastName != ""}, + } + + conn, err := db.NewConnection() + if err != nil { + return nil, err + } + defer conn.DB.Close() + + err = createUser(conn, user) + if err != nil { + return nil, err + } + + go func() { + if err := sendConfirmationEmail(r, user); err != nil { + utils.Logger().Error().Msgf("failed to send confirmation email %v", err) + } + }() + + return user, nil +} + +func createUser(conn *db.DBC, user *User) error { + q := queries.New(conn.DB) + + // Start a new transaction + tx, err := conn.DB.Begin() + if err != nil { + return err + } + + exists, err := q.UserExists(context.Background(), user.EmailHash) + if err != nil { + return fmt.Errorf("failed to check if email exists: %w", err) + } + + if exists { + return errors.New("email already exists") + } + + err = q.InsertUser(context.Background(), queries.InsertUserParams{ + Email: user.Email, + EmailHash: user.EmailHash, + Password: user.Password, + FirstName: user.FirstName, + LastName: user.LastName, + }) + if err != nil { + // If there is an error, rollback the transaction + tx.Rollback() + return fmt.Errorf("failed to insert user: %w", err) + } + + // If everything is fine, commit the transaction + err = tx.Commit() + if err != nil { + return err + } + + return nil +} + +type confirmationEmailData struct { + Name string + VerificationLink string +} + +//go:embed register_template.html +var tmplFS embed.FS + +func sendConfirmationEmail(r *http.Request, user *User) error { + name := fmt.Sprintf("%s %s", user.FirstName.String, user.LastName.String) + to, err := user.DecryptEmail() + if err != nil { + return err + } + + c := utils.NewCrypt() + verifyEmail, err := c.Encrypt(user.EmailHash) + if err != nil { + return err + } + + tmpl, err := template.ParseFS(tmplFS, "register_template.html") + if err != nil { + return err + } + + data := confirmationEmailData{ + Name: name, + VerificationLink: fmt.Sprintf("%s/verify-email/%s", utils.GetHost(r), verifyEmail), + } + + var tpl bytes.Buffer + if err := tmpl.Execute(&tpl, data); err != nil { + return err + } + + htmlBody := tpl.String() + + m := mailer.New() + resp, err := m.SendEmail(to, "Confirm your Registration", htmlBody) + if err != nil { + return err + } + utils.Logger().Debug().Msgf("Email sent %s", resp) + + return nil +} diff --git a/internal/auth/register_template.html b/internal/auth/register_template.html new file mode 100644 index 0000000..33438e9 --- /dev/null +++ b/internal/auth/register_template.html @@ -0,0 +1,65 @@ + + + + + + +
+
+

Hello, {{.Name}}!

+

Thank you for registering. Please click the link below to verify your email address:

+ Verify Email +
+ +
+ + diff --git a/internal/auth/user_model.go b/internal/auth/user_model.go new file mode 100644 index 0000000..86afe3e --- /dev/null +++ b/internal/auth/user_model.go @@ -0,0 +1,43 @@ +package auth + +import ( + "database/sql" + "encoding/json" + + "web-golang-101/pkg/utils" +) + +// User a clone of queries.User{} from sqlc/queries/models.go +type User struct { + ID string `json:"id"` + FirstName sql.NullString `json:"first_name"` + LastName sql.NullString `json:"last_name"` + Email string `json:"email"` + EmailHash string `json:"-"` + EmailVerifiedAt sql.NullTime `json:"email_verified_at"` + Password string `json:"-"` + CreatedAt sql.NullTime `json:"created_at"` + UpdatedAt sql.NullTime `json:"updated_at"` + DeletedAt sql.NullTime `json:"deleted_at"` +} + +func (u *User) MarshalJSON() ([]byte, error) { + decryptedEmail, err := u.DecryptEmail() + if err != nil { + return nil, err + } + + type Alias User + return json.Marshal(&struct { + *Alias + Email string `json:"email"` + }{ + Alias: (*Alias)(u), + Email: decryptedEmail, + }) +} + +func (u *User) DecryptEmail() (string, error) { + c := utils.NewCrypt() + return c.Decrypt(u.Email) +} diff --git a/internal/auth/verify_email.go b/internal/auth/verify_email.go new file mode 100644 index 0000000..ccbb942 --- /dev/null +++ b/internal/auth/verify_email.go @@ -0,0 +1,47 @@ +package auth + +import ( + "context" + "errors" + + "web-golang-101/pkg/db" + "web-golang-101/pkg/utils" + "web-golang-101/sqlc/queries" +) + +func VerifyEmail(token string) (bool, error) { + if token == "" { + return false, errors.New("token is required") + } + + emailHash, err := utils.NewCrypt().Decrypt(token) + if err != nil { + return false, err + } + + conn, err := db.NewConnection() + if err != nil { + return false, err + } + defer conn.DB.Close() + + q := queries.New(conn.DB) + + user, err := q.FindByEmail(context.Background(), emailHash) + if err != nil { + return false, err + } + if user.EmailHash == "" { + return false, errors.New("verification token not found") + } + if !user.EmailVerifiedAt.Time.IsZero() { + return false, errors.New("account is already verified") + } + + err = q.UpdateVerifiedAt(context.Background(), emailHash) + if err != nil { + return false, err + } + + return true, nil +} diff --git a/internal/mailer/mailer.go b/internal/mailer/mailer.go new file mode 100644 index 0000000..e19ef87 --- /dev/null +++ b/internal/mailer/mailer.go @@ -0,0 +1,39 @@ +package mailer + +import ( + "context" + "os" + "time" + + "github.com/mailgun/mailgun-go/v4" +) + +type Mailer struct { + mg mailgun.Mailgun + Timeout time.Duration +} + +func New() *Mailer { + mg := mailgun.NewMailgun( + os.Getenv("MAILGUN_DOMAIN"), + os.Getenv("MAILGUN_API_KEY"), + ) + return &Mailer{ + mg: mg, + Timeout: 5 * time.Second, + } +} + +func (m *Mailer) SendEmail(to, subject, htmlBody string) (string, error) { + message := m.mg.NewMessage(os.Getenv("MAIL_FROM"), subject, "", to) + message.SetHtml(htmlBody) + + ctx, cancel := context.WithTimeout(context.Background(), m.Timeout) + defer cancel() + + resp, id, err := m.mg.Send(ctx, message) + if err != nil { + return "", err + } + return "ID: " + id + ", Response: " + resp, nil +} diff --git a/migrations/20240525023848_init.sql b/migrations/20240525023848_init.sql new file mode 100644 index 0000000..2dab575 --- /dev/null +++ b/migrations/20240525023848_init.sql @@ -0,0 +1,51 @@ +-- +goose Up +-- +goose StatementBegin + CREATE EXTENSION IF NOT EXISTS pgcrypto; + CREATE OR REPLACE FUNCTION generate_ulid() RETURNS TEXT AS $$ + DECLARE + time_part TEXT; + random_part TEXT; + BEGIN + SELECT TO_HEX(EXTRACT(EPOCH FROM NOW())::BIGINT) INTO time_part; + SELECT SUBSTRING(ENCODE(GEN_RANDOM_BYTES(10), 'hex') FROM 1 FOR 16) INTO random_part; + RETURN time_part || random_part; + END; + $$ language 'plpgsql'; + + CREATE OR REPLACE FUNCTION update_updated_at_column() + RETURNS TRIGGER AS $$ + BEGIN + NEW.updated_at = NOW(); + RETURN NEW; + END; + $$ language 'plpgsql'; + + CREATE TABLE users ( + id VARCHAR(26) DEFAULT generate_ulid() PRIMARY KEY, + first_name VARCHAR(255) NULL DEFAULT NULL, + last_name VARCHAR(255) NULL DEFAULT NULL, + email TEXT NOT NULL, + email_hash VARCHAR(255) UNIQUE NOT NULL, + email_verified_at TIMESTAMP(3) NULL DEFAULT NULL, + password VARCHAR(255) NOT NULL, + created_at TIMESTAMP(3) WITH TIME ZONE DEFAULT CURRENT_TIMESTAMP, + updated_at TIMESTAMP(3) WITH TIME ZONE DEFAULT CURRENT_TIMESTAMP, + deleted_at TIMESTAMP(3) WITH TIME ZONE NULL DEFAULT NULL + ); + + CREATE INDEX idx_users_email_hash ON users(email_hash); + CREATE INDEX idx_users_deleted_at ON users(deleted_at); + + CREATE TRIGGER update_timestamp + BEFORE UPDATE ON users + FOR EACH ROW + EXECUTE PROCEDURE update_updated_at_column(); +-- +goose StatementEnd + +-- +goose Down +-- +goose StatementBegin + -- DROP FUNCTION generate_ulid; + DROP TRIGGER update_timestamp ON users; + DROP FUNCTION update_updated_at_column; + DROP TABLE users; +-- +goose StatementEnd diff --git a/migrations/20240526152258_api_keys.sql b/migrations/20240526152258_api_keys.sql new file mode 100644 index 0000000..254a117 --- /dev/null +++ b/migrations/20240526152258_api_keys.sql @@ -0,0 +1,18 @@ +-- +goose Up +-- +goose StatementBegin +CREATE TABLE api_keys ( + id VARCHAR(26) DEFAULT generate_ulid() PRIMARY KEY, + user_id VARCHAR(26) NOT NULL REFERENCES users(id), + key VARCHAR(30) NOT NULL, + created_at TIMESTAMP(3) WITH TIME ZONE DEFAULT CURRENT_TIMESTAMP, + deleted_at TIMESTAMP(3) WITH TIME ZONE NULL DEFAULT NULL +); + +CREATE INDEX idx_api_keys_key ON api_keys(key); +CREATE INDEX idx_api_keys_user_id ON api_keys(user_id); +-- +goose StatementEnd + +-- +goose Down +-- +goose StatementBegin +DROP TABLE api_keys; +-- +goose StatementEnd diff --git a/migrations/fly.toml b/migrations/fly.toml new file mode 100644 index 0000000..cbcebb5 --- /dev/null +++ b/migrations/fly.toml @@ -0,0 +1,69 @@ +# fly.toml app configuration file generated for pg-prod-acme-com on 2024-05-25T10:04:46+08:00 +# +# See https://fly.io/docs/reference/configuration/ for information about how to use this file. +# + +app = 'pg-prod-acme-com' +primary_region = 'sin' + +[env] + FLY_SCALE_TO_ZERO = '1h' + PRIMARY_REGION = 'sin' + +[[mounts]] + source = 'pg_data' + destination = '/data' + +[[services]] + protocol = 'tcp' + internal_port = 5432 + auto_start_machines = true + + [[services.ports]] + port = 5432 + handlers = ['pg_tls'] + + [services.concurrency] + type = 'connections' + hard_limit = 1000 + soft_limit = 1000 + +[[services]] + protocol = 'tcp' + internal_port = 5433 + auto_start_machines = true + + [[services.ports]] + port = 5433 + handlers = ['pg_tls'] + + [services.concurrency] + type = 'connections' + hard_limit = 1000 + soft_limit = 1000 + +[checks] + [checks.pg] + port = 5500 + type = 'http' + interval = '15s' + timeout = '10s' + path = '/flycheck/pg' + + [checks.role] + port = 5500 + type = 'http' + interval = '15s' + timeout = '10s' + path = '/flycheck/role' + + [checks.vm] + port = 5500 + type = 'http' + interval = '15s' + timeout = '10s' + path = '/flycheck/vm' + +[[metrics]] + port = 9187 + path = '/metrics' diff --git a/pkg/db/db.go b/pkg/db/db.go new file mode 100644 index 0000000..48817bc --- /dev/null +++ b/pkg/db/db.go @@ -0,0 +1,19 @@ +package db + +import ( + "database/sql" + "os" +) + +type DBC struct { + DB *sql.DB +} + +func NewConnection() (*DBC, error) { + connStr := os.Getenv("DB_STRING") + db, err := sql.Open("postgres", connStr) + if err != nil { + return nil, err + } + return &DBC{DB: db}, nil +} diff --git a/pkg/utils/crypt.go b/pkg/utils/crypt.go new file mode 100644 index 0000000..5c7398d --- /dev/null +++ b/pkg/utils/crypt.go @@ -0,0 +1,148 @@ +package utils + +import ( + "crypto/hmac" + "crypto/rand" + "crypto/sha256" + "encoding/base64" + "encoding/hex" + "encoding/json" + "errors" + + "github.com/forgoer/openssl" + "golang.org/x/crypto/bcrypt" +) + +func HashStr(v string) string { + hasher := sha256.New() + hasher.Write([]byte(v)) + return hex.EncodeToString(hasher.Sum(nil)) +} + +func HashPassword(password string) (string, error) { + bytes, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost) + if err != nil { + return "", err + } + + return string(bytes), nil +} + +func CheckPassword(hashedPassword, password string) bool { + err := bcrypt.CompareHashAndPassword([]byte(hashedPassword), []byte(password)) + return err == nil +} + +type Crypt struct { + Key string +} + +func NewCrypt() *Crypt { + appKey := GetEnvWithDefault("APP_KEY", "") + if appKey == "" { + panic("APP_KEY is not set") + } + return &Crypt{Key: appKey} +} + +func NewCryptWithKey(key string) *Crypt { + return &Crypt{Key: key} +} + +// Encrypt takes a value and a key, both of type string, and returns the encrypted value as a string. +// It uses AES CBC encryption with PKCS7 padding. +func (c *Crypt) Encrypt(value string) (string, error) { + iv := make([]byte, 16) + _, err := rand.Read(iv) + if err != nil { + return "", err + } + + valueBytes := []byte(value) + keyBytes := []byte(c.Key) + + res, err := openssl.AesCBCEncrypt(valueBytes, keyBytes, iv, openssl.PKCS7_PADDING) + if err != nil { + return "", err + } + + resVal := base64.StdEncoding.EncodeToString(res) + resIv := base64.StdEncoding.EncodeToString(iv) + + data := resIv + resVal + mac := computeHmacSha256(data, keyBytes) + + ticket := make(map[string]interface{}) + ticket["iv"] = resIv + ticket["mac"] = mac + ticket["value"] = resVal + + resTicket, err := json.Marshal(ticket) + if err != nil { + return "", err + } + + ticketR := base64.StdEncoding.EncodeToString(resTicket) + + return ticketR, nil +} + +// Decrypt takes an encrypted value and a key, both of type string, and returns the decrypted value as a string. +// It uses AES CBC decryption with PKCS7 padding. +func (c *Crypt) Decrypt(value string) (string, error) { + token, err := base64.StdEncoding.DecodeString(value) + if err != nil { + return "", err + } + + tokenJson := make(map[string]string) + err = json.Unmarshal(token, &tokenJson) + if err != nil { + return "", err + } + + tokenJsonIv, okIv := tokenJson["iv"] + tokenJsonValue, okValue := tokenJson["value"] + tokenJsonMac, okMac := tokenJson["mac"] + if !okIv || !okValue || !okMac { + return "", errors.New("invalid token: missing iv, value, or mac") + } + + keyBytes := []byte(c.Key) + + data := tokenJsonIv + tokenJsonValue + check := checkMAC(data, tokenJsonMac, keyBytes) + if !check { + return "", errors.New("invalid token: MAC check failed") + } + + tokenIv, err := base64.StdEncoding.DecodeString(tokenJsonIv) + if err != nil { + return "", err + } + tokenValue, err := base64.StdEncoding.DecodeString(tokenJsonValue) + if err != nil { + return "", err + } + + dst, err := openssl.AesCBCDecrypt(tokenValue, keyBytes, tokenIv, openssl.PKCS7_PADDING) + if err != nil { + return "", err + } + + return string(dst), nil +} + +// checkMAC compares the expected hash with the actual hash. +func checkMAC(message string, msgMac string, secret []byte) bool { + expectedMAC := computeHmacSha256(message, secret) + return hmac.Equal([]byte(expectedMAC), []byte(msgMac)) +} + +// computeHmacSha256 calculates the HMAC SHA256 value. +func computeHmacSha256(message string, secret []byte) string { + h := hmac.New(sha256.New, secret) + h.Write([]byte(message)) + sha := hex.EncodeToString(h.Sum(nil)) + return sha +} diff --git a/pkg/utils/crypt_test.go b/pkg/utils/crypt_test.go new file mode 100644 index 0000000..4ef121c --- /dev/null +++ b/pkg/utils/crypt_test.go @@ -0,0 +1,48 @@ +package utils + +import ( + "testing" + + "github.com/stretchr/testify/assert" +) + +func TestEncryptDecrypt(t *testing.T) { + secretKey := "Th!sIsYour@ppKey&~" + plaintext := "Hello, World!" + + c := NewCryptWithKey(secretKey) + encrypted, err := c.Encrypt(plaintext) + assert.NoError(t, err, "Error encrypting") + + decrypted, err := c.Decrypt(encrypted) + assert.NoError(t, err, "Error decrypting") + + assert.Equal(t, plaintext, decrypted, "Decrypted text does not match the original text") +} + +func TestHashStr(t *testing.T) { + str := "Hello, World!" + hashedStr := HashStr(str) + assert.NotEqual(t, str, hashedStr, "Hashed string should not be the same as the original string") + assert.Equal(t, len(hashedStr), 64, "SHA-256 hash should be 64 characters long") + + hashedStr2 := HashStr(str) + assert.Equal(t, hashedStr, hashedStr2, "Hashed string should be the same for the same input") +} + +func TestHashPassword(t *testing.T) { + password := "password123" + hashedPassword, err := HashPassword(password) + assert.NoError(t, err, "Error hashing password") + assert.NotEqual(t, password, hashedPassword, "Hashed password should not be the same as the original password") +} + +func TestCheckPassword(t *testing.T) { + password := "password123" + hashedPassword, _ := HashPassword(password) + isValid := CheckPassword(hashedPassword, password) + assert.True(t, isValid, "Password should be valid") + + isValid = CheckPassword(hashedPassword, "wrongpassword") + assert.False(t, isValid, "Password should not be valid") +} diff --git a/pkg/utils/helpers.go b/pkg/utils/helpers.go new file mode 100644 index 0000000..6873415 --- /dev/null +++ b/pkg/utils/helpers.go @@ -0,0 +1,92 @@ +package utils + +import ( + "fmt" + "io" + "log" + "net/http" + "os" + "reflect" + "strings" + + "github.com/getsentry/sentry-go" + "github.com/go-playground/validator" +) + +func GetEnvWithDefault(key, defaultValue string) string { + value := os.Getenv(key) + if value == "" { + return defaultValue + } + return value +} + +func InitializeSentry(dsn string) { + if dsn == "" { + Logger().Info().Msg("Sentry DSN is empty. Skipping Sentry initialization.") + return + } + + Logger().Info().Msg("Initializing Sentry...") + err := sentry.Init(sentry.ClientOptions{ + Dsn: dsn, + AttachStacktrace: true, + Debug: true, + }) + + if err != nil { + log.Fatalf("sentry.Init: %s", err) + } +} + +func InitializeAppKey(appKey string) { + if appKey == "" { + Logger().Info().Msg("Application Key is empty. Skipping initialization.") + return + } + + Logger().Info().Msg("Initializing Application Key...") + os.Setenv("APP_KEY", appKey) +} + +func GetHost(r *http.Request) string { + if r.TLS != nil { + return fmt.Sprintf("https://%s", r.Host) + } + return fmt.Sprintf("http://%s", r.Host) +} + +// HandlerFunc is a type that defines a function that takes a byte slice and returns an interface and an error. +type HandlerFunc func([]byte) (interface{}, error) + +func CommonJsonHandler(r *http.Request, logic HandlerFunc) (interface{}, error) { + body, err := io.ReadAll(r.Body) + if err != nil { + return nil, err + } + return logic(body) +} + +// commonHandler is a function that handles common logic for HTTP handlers. +func CommonHandler(w http.ResponseWriter, r *http.Request, msg string, logic HandlerFunc) { + response := NewResponse(w) + data, err := CommonJsonHandler(r, logic) + if err != nil { + response.WriteErrorResponse(err.Error(), http.StatusInternalServerError) + return + } + + response.WriteSuccessResponse(msg, data) +} + +func Validator() *validator.Validate { + validate := validator.New() + validate.RegisterTagNameFunc(func(fld reflect.StructField) string { + name := strings.SplitN(fld.Tag.Get("json"), ",", 2)[0] + if name == "-" { + return fld.Name + } + return name + }) + return validate +} diff --git a/pkg/utils/log.go b/pkg/utils/log.go new file mode 100644 index 0000000..b660dbe --- /dev/null +++ b/pkg/utils/log.go @@ -0,0 +1,68 @@ +package utils + +import ( + "os" + "testing" + + "github.com/getsentry/sentry-go" + "github.com/rs/zerolog" + "github.com/rs/zerolog/log" +) + +func DebugTest(t *testing.T, data interface{}, name string) { + t.Logf("\n\n [%v]:\n\t\t > %+v\n\n", name, data) +} + +var isLoggerInit = false + +func Logger() *zerolog.Logger { + if isLoggerInit { + log.Debug().Msg("Logger reused") + return &log.Logger + } + + envLogLevel := GetEnvWithDefault("LOG_LEVEL", "debug") + log.Logger = log.Output(zerolog.ConsoleWriter{Out: os.Stderr}).Level(getLogLevel(envLogLevel)) + + if os.Getenv("SENTRY_DSN") != "" { + envSentryLevel := GetEnvWithDefault("SENTRY_LEVEL", "warn") + sentryLevel := getLogLevel(envSentryLevel) + log.Logger = log.Hook(sentryHook{minLevel: sentryLevel}) + } + + isLoggerInit = true + log.Debug().Msg("Logger initialized") + + return &log.Logger +} + +func getLogLevel(level string) zerolog.Level { + switch level { + case "trace": + return zerolog.TraceLevel + case "debug": + return zerolog.DebugLevel + case "info": + return zerolog.InfoLevel + case "warn": + return zerolog.WarnLevel + case "error": + return zerolog.ErrorLevel + case "fatal": + return zerolog.FatalLevel + case "panic": + return zerolog.PanicLevel + default: + return zerolog.DebugLevel + } +} + +type sentryHook struct { + minLevel zerolog.Level +} + +func (sh sentryHook) Run(e *zerolog.Event, level zerolog.Level, msg string) { + if level >= sh.minLevel { + sentry.CaptureMessage(msg) + } +} diff --git a/pkg/utils/middlewares.go b/pkg/utils/middlewares.go new file mode 100644 index 0000000..4cca137 --- /dev/null +++ b/pkg/utils/middlewares.go @@ -0,0 +1,205 @@ +package utils + +import ( + "context" + "fmt" + "net" + "net/http" + "runtime" + "strings" + "time" + + "web-golang-101/pkg/db" + "web-golang-101/sqlc/queries" + + "github.com/getsentry/sentry-go" + "github.com/patrickmn/go-cache" + "golang.org/x/time/rate" +) + +func EnableCors(w *http.ResponseWriter) { + (*w).Header().Set("Access-Control-Allow-Origin", GetEnvWithDefault("CORS_ORIGIN", "*")) + (*w).Header().Set("Access-Control-Allow-Methods", "POST, GET, OPTIONS, PUT, DELETE") + (*w).Header().Set("Access-Control-Allow-Headers", "Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization") +} + +func CorsMiddleware(next http.Handler) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + EnableCors(&w) + if r.Method == "OPTIONS" { + w.WriteHeader(http.StatusOK) + return + } + next.ServeHTTP(w, r) + }) +} + +func LogRequest(next http.Handler) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + start := time.Now() + + // Get memory stats before processing the request + var m1 runtime.MemStats + runtime.ReadMemStats(&m1) + + next.ServeHTTP(w, r) + + // Get memory stats after processing the request + var m2 runtime.MemStats + runtime.ReadMemStats(&m2) + + duration := time.Since(start) + + // Calculate the memory used to process the request (in bytes) + memUsed := float64(m2.Alloc - m1.Alloc) + + // Convert memory usage to MB + memUsedMB := fmt.Sprintf("%.4f", memUsed/1024/1024) + "MB" + + Logger().Info(). + Str("memory_used", memUsedMB). + Float64("duration", duration.Seconds()). + Str("url", r.URL.String()). + Str("method", r.Method). + Msg("Incoming request") + }) +} + +func CaptureErrors(handler http.Handler) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + defer func() { + if r := recover(); r != nil { + var err error + + switch t := r.(type) { + case ErrorStatus: + http.Error(w, t.Message, t.Status) + err = t.Error + case error: + err = t + default: + err = fmt.Errorf("unknown error: %v", r) + } + + http.Error(w, "Internal Server Error", http.StatusInternalServerError) + sentry.CaptureException(err) + } + }() + + handler.ServeHTTP(w, r) + }) +} + +// KeyByRealIP copied from httprate.KeyByRealIP +// this is to fully support other platforms, especially Fly-Client-IP +func KeyByRealIP(r *http.Request) (string, error) { + var ip string + + if fcip := r.Header.Get(GetEnvWithDefault("IP_CLIENT_HEADER_KEY", "Fly-Client-IP")); fcip != "" { + ip = fcip + } else if tcip := r.Header.Get("True-Client-IP"); tcip != "" { + ip = tcip + } else if xrip := r.Header.Get("X-Real-IP"); xrip != "" { + ip = xrip + } else if xff := r.Header.Get("X-Forwarded-For"); xff != "" { + i := strings.Index(xff, ", ") + if i == -1 { + i = len(xff) + } + ip = xff[:i] + } else { + var err error + ip, _, err = net.SplitHostPort(r.RemoteAddr) + if err != nil { + ip = r.RemoteAddr + } + } + + return ip, nil +} + +var apikeyCache = cache.New(10*time.Minute, 15*time.Minute) + +func ApiKeyMiddleware(next http.Handler) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + userIP, err := KeyByRealIP(r) + if err != nil { + http.Error(w, "Error getting IP address", http.StatusInternalServerError) + return + } + + var apikey string + combiKeys := []string{"apiKey", "apikey", "api-key", "api_key"} + + for _, combiKey := range combiKeys { + apikey = r.URL.Query().Get(combiKey) + if apikey != "" { + break + } + } + + if apikey == "" { + apikey = r.Header.Get("X-API-KEY") + } + + if apikey == "" { + http.Error(w, "Missing API key", http.StatusUnauthorized) + return + } + + // Check the cache first + _, found := apikeyCache.Get(apikey) + if found { + releaseLimiter(userIP) + next.ServeHTTP(w, r) + return + } + + lim := getLimiter(userIP) + if !lim.Allow() { + http.Error(w, "Too Many Requests", http.StatusTooManyRequests) + return + } + + conn, err := db.NewConnection() + if err != nil { + http.Error(w, "Error connecting to database", http.StatusInternalServerError) + return + } + defer conn.DB.Close() + + q := queries.New(conn.DB) + exists, err := q.ApiKeyExists(context.Background(), apikey) + if err != nil { + http.Error(w, "Error checking API key", http.StatusInternalServerError) + return + } + if !exists { + http.Error(w, "Invalid API key", http.StatusUnauthorized) + return + } + + // Add the valid API key to the cache + apikeyCache.Set(apikey, true, cache.DefaultExpiration) + releaseLimiter(userIP) + next.ServeHTTP(w, r) + }) +} + +var limiterCache = cache.New(10*time.Minute, 15*time.Minute) + +func getLimiter(ip string) *rate.Limiter { + limiter, found := limiterCache.Get(ip) + if found { + return limiter.(*rate.Limiter) + } + + newLimiter := rate.NewLimiter(1, 2) // This creates a rate limiter that allows 1 request per second with a burst of 2 + limiterCache.Set(ip, newLimiter, cache.DefaultExpiration) + + return newLimiter +} + +func releaseLimiter(ip string) { + limiterCache.Delete(ip) +} diff --git a/pkg/utils/response.go b/pkg/utils/response.go new file mode 100644 index 0000000..243da57 --- /dev/null +++ b/pkg/utils/response.go @@ -0,0 +1,83 @@ +package utils + +import ( + "encoding/json" + "net/http" + + "github.com/go-playground/locales/en" + ut "github.com/go-playground/universal-translator" + "github.com/go-playground/validator" +) + +type Response struct { + Success bool `json:"success"` + Message string `json:"message"` + Data interface{} `json:"data"` + w http.ResponseWriter +} + +func NewResponse(w http.ResponseWriter) *Response { + return &Response{w: w} +} + +func (r *Response) WriteErrorResponse(message string, statusCode int) { + r.Success = false + r.Message = message + r.Data = nil + r.writeResponse(statusCode) +} + +func (r *Response) WriteSuccessResponse(message string, data interface{}) { + r.Success = true + r.Message = message + r.Data = data + r.writeResponse(http.StatusOK) +} + +func (r *Response) WriteValidationError(err error) bool { + if errValidator, ok := err.(validator.ValidationErrors); ok { + errors := make(map[string]any) + english := en.New() + uni := ut.New(english, english) + trans, _ := uni.GetTranslator("en") + + for _, err := range errValidator { + errors[err.Field()] = map[string]any{ + "tag": err.Tag(), + "actualtag": err.ActualTag(), + "param": err.Param(), + "translation": err.Translate(trans), + // "kind": err.Kind(), + // "type": err.Type(), + // "value": err.Value(), + // "namespace": err.Namespace(), + // "structnamespace": err.StructNamespace(), + // "structfield": err.StructField(), + } + } + + r.WriteValidationResponse("Validation error", errors) + return true + } + + return false +} + +func (r *Response) WriteValidationResponse(message string, data interface{}) { + r.Success = false + r.Message = message + r.Data = data + r.writeResponse(http.StatusBadRequest) +} + +func (r *Response) writeResponse(statusCode int) { + js, err := json.Marshal(r) + if err != nil { + http.Error(r.w, "Internal Server Error", http.StatusInternalServerError) + return + } + + r.w.Header().Set("Content-Type", "application/json") + r.w.WriteHeader(statusCode) + r.w.Write(js) +} diff --git a/pkg/utils/types.go b/pkg/utils/types.go new file mode 100644 index 0000000..fe89c67 --- /dev/null +++ b/pkg/utils/types.go @@ -0,0 +1,7 @@ +package utils + +type ErrorStatus struct { + Error error + Message string + Status int +} diff --git a/sqlc.yaml b/sqlc.yaml new file mode 100644 index 0000000..8666788 --- /dev/null +++ b/sqlc.yaml @@ -0,0 +1,12 @@ +version: "2" +sql: + - engine: "postgresql" + queries: + - "sqlc/api_keys_query.sql" + - "sqlc/users_query.sql" + schema: "migrations" + gen: + go: + package: "queries" + out: "sqlc/queries" + # emit_json_tags: true # we wont be adding json tags to our structs diff --git a/sqlc/api_keys_query.sql b/sqlc/api_keys_query.sql new file mode 100644 index 0000000..479adc8 --- /dev/null +++ b/sqlc/api_keys_query.sql @@ -0,0 +1,8 @@ +-- name: ApiKeyExists :one +select exists(select 1 from api_keys where key = $1 and deleted_at is null) as exists; + +-- name: FindByApiKey :one +select * from api_keys where key = $1 and deleted_at is null; + +-- name: InsertApiKey :exec +insert into api_keys (user_id, key) values ($1, $2); diff --git a/sqlc/queries/api_keys_query.sql.go b/sqlc/queries/api_keys_query.sql.go new file mode 100644 index 0000000..d8d53af --- /dev/null +++ b/sqlc/queries/api_keys_query.sql.go @@ -0,0 +1,52 @@ +// Code generated by sqlc. DO NOT EDIT. +// versions: +// sqlc v1.21.0 +// source: api_keys_query.sql + +package queries + +import ( + "context" +) + +const apiKeyExists = `-- name: ApiKeyExists :one +select exists(select 1 from api_keys where key = $1 and deleted_at is null) as exists +` + +func (q *Queries) ApiKeyExists(ctx context.Context, key string) (bool, error) { + row := q.db.QueryRowContext(ctx, apiKeyExists, key) + var exists bool + err := row.Scan(&exists) + return exists, err +} + +const findByApiKey = `-- name: FindByApiKey :one +select id, user_id, key, created_at, deleted_at from api_keys where key = $1 and deleted_at is null +` + +func (q *Queries) FindByApiKey(ctx context.Context, key string) (ApiKey, error) { + row := q.db.QueryRowContext(ctx, findByApiKey, key) + var i ApiKey + err := row.Scan( + &i.ID, + &i.UserID, + &i.Key, + &i.CreatedAt, + &i.DeletedAt, + ) + return i, err +} + +const insertApiKey = `-- name: InsertApiKey :exec +insert into api_keys (user_id, key) values ($1, $2) +` + +type InsertApiKeyParams struct { + UserID string + Key string +} + +func (q *Queries) InsertApiKey(ctx context.Context, arg InsertApiKeyParams) error { + _, err := q.db.ExecContext(ctx, insertApiKey, arg.UserID, arg.Key) + return err +} diff --git a/sqlc/queries/db.go b/sqlc/queries/db.go new file mode 100644 index 0000000..1407ad0 --- /dev/null +++ b/sqlc/queries/db.go @@ -0,0 +1,31 @@ +// Code generated by sqlc. DO NOT EDIT. +// versions: +// sqlc v1.21.0 + +package queries + +import ( + "context" + "database/sql" +) + +type DBTX interface { + ExecContext(context.Context, string, ...interface{}) (sql.Result, error) + PrepareContext(context.Context, string) (*sql.Stmt, error) + QueryContext(context.Context, string, ...interface{}) (*sql.Rows, error) + QueryRowContext(context.Context, string, ...interface{}) *sql.Row +} + +func New(db DBTX) *Queries { + return &Queries{db: db} +} + +type Queries struct { + db DBTX +} + +func (q *Queries) WithTx(tx *sql.Tx) *Queries { + return &Queries{ + db: tx, + } +} diff --git a/sqlc/queries/models.go b/sqlc/queries/models.go new file mode 100644 index 0000000..590ddaf --- /dev/null +++ b/sqlc/queries/models.go @@ -0,0 +1,30 @@ +// Code generated by sqlc. DO NOT EDIT. +// versions: +// sqlc v1.21.0 + +package queries + +import ( + "database/sql" +) + +type ApiKey struct { + ID string + UserID string + Key string + CreatedAt sql.NullTime + DeletedAt sql.NullTime +} + +type User struct { + ID string + FirstName sql.NullString + LastName sql.NullString + Email string + EmailHash string + EmailVerifiedAt sql.NullTime + Password string + CreatedAt sql.NullTime + UpdatedAt sql.NullTime + DeletedAt sql.NullTime +} diff --git a/sqlc/queries/users_query.sql.go b/sqlc/queries/users_query.sql.go new file mode 100644 index 0000000..a5bc8a5 --- /dev/null +++ b/sqlc/queries/users_query.sql.go @@ -0,0 +1,76 @@ +// Code generated by sqlc. DO NOT EDIT. +// versions: +// sqlc v1.21.0 +// source: users_query.sql + +package queries + +import ( + "context" + "database/sql" +) + +const findByEmail = `-- name: FindByEmail :one +select id, first_name, last_name, email, email_hash, email_verified_at, password, created_at, updated_at, deleted_at from users where email_hash = $1 and deleted_at is null +` + +func (q *Queries) FindByEmail(ctx context.Context, emailHash string) (User, error) { + row := q.db.QueryRowContext(ctx, findByEmail, emailHash) + var i User + err := row.Scan( + &i.ID, + &i.FirstName, + &i.LastName, + &i.Email, + &i.EmailHash, + &i.EmailVerifiedAt, + &i.Password, + &i.CreatedAt, + &i.UpdatedAt, + &i.DeletedAt, + ) + return i, err +} + +const insertUser = `-- name: InsertUser :exec +insert into users (email, email_hash, password, first_name, last_name) values ($1, $2, $3, $4, $5) +` + +type InsertUserParams struct { + Email string + EmailHash string + Password string + FirstName sql.NullString + LastName sql.NullString +} + +func (q *Queries) InsertUser(ctx context.Context, arg InsertUserParams) error { + _, err := q.db.ExecContext(ctx, insertUser, + arg.Email, + arg.EmailHash, + arg.Password, + arg.FirstName, + arg.LastName, + ) + return err +} + +const updateVerifiedAt = `-- name: UpdateVerifiedAt :exec +update users set email_verified_at = now() where email_hash = $1 +` + +func (q *Queries) UpdateVerifiedAt(ctx context.Context, emailHash string) error { + _, err := q.db.ExecContext(ctx, updateVerifiedAt, emailHash) + return err +} + +const userExists = `-- name: UserExists :one +select exists(select 1 from users where id = $1 and deleted_at is null) as exists +` + +func (q *Queries) UserExists(ctx context.Context, id string) (bool, error) { + row := q.db.QueryRowContext(ctx, userExists, id) + var exists bool + err := row.Scan(&exists) + return exists, err +} diff --git a/sqlc/users_query.sql b/sqlc/users_query.sql new file mode 100644 index 0000000..9a7556f --- /dev/null +++ b/sqlc/users_query.sql @@ -0,0 +1,11 @@ +-- name: UserExists :one +select exists(select 1 from users where id = $1 and deleted_at is null) as exists; + +-- name: FindByEmail :one +select * from users where email_hash = $1 and deleted_at is null; + +-- name: InsertUser :exec +insert into users (email, email_hash, password, first_name, last_name) values ($1, $2, $3, $4, $5); + +-- name: UpdateVerifiedAt :exec +update users set email_verified_at = now() where email_hash = $1;