Merge pull request #21 from ybkuroki/auth

Implement authentication and authorization
ybkuroki · Jul 19, 2020 · 3d52cb9 · 3d52cb9
2 parents 2edd5dc + 20ecca6
commit 3d52cb9
Show file tree

Hide file tree

Showing 18 changed files with 444 additions and 18 deletions.
diff --git a/README.md b/README.md
@@ -1,6 +1,7 @@
 # go-webapp-sample
 
 [![license](https://img.shields.io/github/license/ybkuroki/go-webapp-sample?style=for-the-badge)](https://github.com/ybkuroki/go-webapp-sample/blob/master/LICENSE)
+[![report](https://goreportcard.com/badge/github.com/ybkuroki/go-webapp-sample?style=for-the-badge)](https://goreportcard.com/report/github.com/ybkuroki/go-webapp-sample)
 [![workflow](https://img.shields.io/github/workflow/status/ybkuroki/go-webapp-sample/check?label=check&style=for-the-badge&logo=github)](https://github.com/ybkuroki/go-webapp-sample/actions?query=workflow%3Acheck)
 [![release](https://img.shields.io/github/release/ybkuroki/go-webapp-sample?style=for-the-badge&logo=github)](https://github.com/ybkuroki/go-webapp-sample/releases)
 
@@ -51,6 +52,8 @@ The follwing figure is the map of this sample project.
   + model                   … Define models.
   + repository              … Provide a service of database access.
   + service                 … Provide a service of book management.
+  + session                 … Provide session management.
+  + test                    … for unit test
   - main.go                 … Entry Point.
 ```
 
@@ -73,6 +76,8 @@ There are the following services in the Account management.
 
 |Service Name|HTTP Method|URL|Parameter|Summary|
 |:---|:---:|:---|:---|:---|
+|Login Service|POST|``/api/account/login``|Session ID, User Name, Password|Session authentication with username and password.|
+|Logout Service|POST|``/api/account/logout``|Session ID|Logout a user.|
 |Login Status Check Service|GET|``/api/account/loginStatus``|Session ID|Check if the user is logged in.|
 |Login Username Service|GET|``/api/account/loginAccount``|Session ID|Get the login user's username.|
 

diff --git a/application.develop.yml b/application.develop.yml
@@ -10,8 +10,22 @@ database:
 extension:
   master_generator: true
   cors_enabled: true
+  security_enabled: true
 
 log:
   format: ${time_rfc3339} [${level}] ${remote_ip} ${method} ${uri} ${status}
   level: 1
   file_path: 
+
+security:
+  exclude_path:
+    - /api/account/login$
+    - /api/account/logout$
+    - /api/health$
+  user_path:
+    - /api/account/.*
+    - /api/master/.*
+    - /api/book/list
+    - /api/book/search.*
+  admin_path:
+    - /api/.*
diff --git a/application.docker.yml b/application.docker.yml
@@ -10,8 +10,22 @@ database:
 extension:
   master_generator: false
   cors_enabled: false
+  security_enabled: true
 
 log:
   format: ${time_rfc3339} [${level}] ${remote_ip} ${method} ${uri} ${status}
   level: 2
-  file_path: ./application.log
+  file_path: ./application.log
+
+security:
+  exclude_path:
+    - /api/account/login$
+    - /api/account/logout$
+    - /api/health$
+  user_path:
+    - /api/account/.*
+    - /api/master/.*
+    - /api/book/list
+    - /api/book/search.*
+  admin_path:
+    - /api/.*
diff --git a/config/config.go b/config/config.go
@@ -22,12 +22,18 @@ type Config struct {
 	Extension struct {
 		MasterGenerator bool `yaml:"master_generator" default:"false"`
 		CorsEnabled     bool `yaml:"cors_enabled" default:"false"`
+		SecurityEnabled bool `yaml:"security_enabled" default:"false"`
 	}
 	Log struct {
 		Format   string  `default:"${time_rfc3339} [${level}] ${remote_ip} ${method} ${uri} ${status}"`
 		Level    log.Lvl `default:"2"`
 		FilePath string  `yaml:"file_path"`
 	}
+	Security struct {
+		ExculdePath []string `yaml:"exclude_path"`
+		UserPath    []string `yaml:"user_path"`
+		AdminPath   []string `yaml:"admin_path"`
+	}
 }
 
 const (

diff --git a/controller/account.go b/controller/account.go
@@ -4,24 +4,56 @@ import (
 	"net/http"
 
 	"github.com/labstack/echo/v4"
+	"github.com/ybkuroki/go-webapp-sample/config"
+	"github.com/ybkuroki/go-webapp-sample/model"
+	"github.com/ybkuroki/go-webapp-sample/service"
+	"github.com/ybkuroki/go-webapp-sample/session"
 )
 
-// GetLoginStatus is
+var dummyAccount = model.NewAccountWithPlainPassword("test", "test", model.NewAuthority("Admin"))
+
+// GetLoginStatus returns the status of login.
 func GetLoginStatus() echo.HandlerFunc {
 	return func(c echo.Context) error {
 		return c.JSON(http.StatusOK, true)
 	}
 }
 
-// GetLoginAccount is
+// GetLoginAccount returns the account data of logged in user.
 func GetLoginAccount() echo.HandlerFunc {
 	return func(c echo.Context) error {
-		return c.JSON(http.StatusOK, &Account{ID: 1, Name: "test"})
+		if !config.GetConfig().Extension.SecurityEnabled {
+			return c.JSON(http.StatusOK, dummyAccount)
+		}
+		return c.JSON(http.StatusOK, session.GetAccount(c))
+	}
+}
+
+// PostLogin is the method to login using username and password by http post.
+func PostLogin() echo.HandlerFunc {
+	return func(c echo.Context) error {
+		username := c.FormValue("username")
+		password := c.FormValue("password")
+
+		account := session.GetAccount(c)
+		if account == nil {
+			authenticate, a := service.AuthenticateByUsernameAndPassword(username, password)
+			if authenticate {
+				_ = session.SetAccount(c, a)
+				_ = session.Save(c)
+				return c.JSON(http.StatusOK, a)
+			}
+			return c.NoContent(http.StatusUnauthorized)
+		}
+		return c.JSON(http.StatusOK, account)
 	}
 }
 
-// Account is struct (TODO)
-type Account struct {
-	ID   uint   `json:"id"`
-	Name string `json:"name"`
+// PostLogout is the method to logout by http post.
+func PostLogout() echo.HandlerFunc {
+	return func(c echo.Context) error {
+		_ = session.SetAccount(c, nil)
+		_ = session.Save(c)
+		return c.NoContent(http.StatusOK)
+	}
 }
diff --git a/controller/account_test.go b/controller/account_test.go
@@ -6,6 +6,7 @@ import (
 	"testing"
 
 	"github.com/stretchr/testify/assert"
+	"github.com/ybkuroki/go-webapp-sample/model"
 	"github.com/ybkuroki/go-webapp-sample/test"
 )
 
@@ -31,6 +32,7 @@ func TestGetLoginAccount(t *testing.T) {
 
 	router.ServeHTTP(rec, req)
 
+	account := model.NewAccountWithPlainPassword("test", "test", model.NewAuthority("Admin"))
 	assert.Equal(t, http.StatusOK, rec.Code)
-	assert.JSONEq(t, test.ConvertToString(&Account{ID: 1, Name: "test"}), rec.Body.String())
+	assert.JSONEq(t, test.ConvertToString(account), rec.Body.String())
 }
diff --git a/controller/api_const.go b/controller/api_const.go
@@ -33,6 +33,10 @@ const (
 	APIAccountLoginStatus = APIAccount + "/loginStatus"
 	// APIAccountLoginAccount is
 	APIAccountLoginAccount = APIAccount + "/loginAccount"
+	// APIAccountLogin is
+	APIAccountLogin = APIAccount + "/login"
+	// APIAccountLogout is
+	APIAccountLogout = APIAccount + "/logout"
 )
 
 const (

diff --git a/go.mod b/go.mod
@@ -4,16 +4,22 @@ go 1.14
 
 require (
 	github.com/go-playground/universal-translator v0.17.0 // indirect
+	github.com/gorilla/sessions v1.2.0
 	github.com/jinzhu/configor v1.2.0
 	github.com/jinzhu/gorm v1.9.12
+	github.com/labstack/echo-contrib v0.9.0
 	github.com/labstack/echo/v4 v4.1.16
 	github.com/labstack/gommon v0.3.0
 	github.com/leodido/go-urn v1.2.0 // indirect
+	github.com/lib/pq v1.7.0 // indirect
+	github.com/mattn/go-colorable v0.1.7 // indirect
 	github.com/mattn/go-sqlite3 v2.0.3+incompatible // indirect
 	github.com/stretchr/testify v1.6.1
-	golang.org/x/crypto v0.0.0-20200423211502-4bdfaf469ed5 // indirect
-	golang.org/x/net v0.0.0-20200421231249-e086a090c8fd // indirect
-	golang.org/x/sys v0.0.0-20200420163511-1957bb5e6d1f // indirect
+	github.com/valyala/fasttemplate v1.1.1 // indirect
+	golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9
+	golang.org/x/net v0.0.0-20200625001655-4c5254603344 // indirect
+	golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae // indirect
+	golang.org/x/text v0.3.3 // indirect
 	gopkg.in/go-playground/assert.v1 v1.2.1 // indirect
 	gopkg.in/go-playground/validator.v9 v9.31.0
 	gopkg.in/yaml.v2 v2.2.8 // indirect