chang routing files palce

api/src/rt/auth/Login.go

@@ -0,0 +1,57 @@
+package auth
+
+import (
+	"api/src/models"
+	"api/src/storages/psql"
+	"encoding/json"
+	"net/http"
+	"os"
+	"time"
+
+	"github.com/golang-jwt/jwt/v4"
+	"golang.org/x/crypto/bcrypt"
+)
+
+var jwtKey = []byte(os.Getenv("SECRET_KEY"))
+
+func Login(w http.ResponseWriter, r *http.Request) {
+	var creds models.Crenetials
+	if err := json.NewDecoder(r.Body).Decode(&creds); err != nil {
+		w.WriteHeader(http.StatusInternalServerError)
+		return
+	}
+	// check user
+	var user models.User
+	if result := psql.PSQL_GORM_DB.Where("email = ?", creds.Email).First(&user); result.Error != nil || !checkPasswordHash(creds.Password, user.Password) {
+		w.WriteHeader(http.StatusInternalServerError)
+		return
+	}
+
+	// create jwt token
+	expirationtime := time.Now().Add(5 * time.Minute)
+	claims := &models.Claims{
+		RegisteredClaims: jwt.RegisteredClaims{
+			ExpiresAt: jwt.NewNumericDate(expirationtime),
+		},
+		Email: user.Email,
+	}
+
+	token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
+	tokenString, err := token.SignedString(jwtKey)
+	if err != nil {
+		w.WriteHeader(http.StatusInternalServerError)
+		return
+	}
+
+	http.SetCookie(w, &http.Cookie{
+		Name:    "token",
+		Value:   tokenString,
+		Expires: expirationtime,
+	})
+	w.WriteHeader(http.StatusOK)
+}
+
+func checkPasswordHash(password, hash string) bool {
+	err := bcrypt.CompareHashAndPassword([]byte(hash), []byte(password))
+	return err == nil
+}

api/src/rt/auth/Registr.go

@@ -0,0 +1,48 @@
+package auth
+
+import (
+	"api/src/models"
+	"api/src/storages/psql"
+	"encoding/json"
+	"net/http"
+
+	"github.com/google/uuid"
+
+	"golang.org/x/crypto/bcrypt"
+)
+
+func Register(w http.ResponseWriter, r *http.Request) {
+	var Crenetials models.Crenetials
+	// Decoe body
+	if err := json.NewDecoder(r.Body).Decode(&Crenetials); err != nil {
+		w.WriteHeader(http.StatusBadRequest)
+		return
+	}
+
+	// shep password
+	hashedPassword, err := hashPassword(Crenetials.Password)
+	if err != nil {
+		w.WriteHeader(http.StatusInternalServerError)
+		return
+	}
+
+	id := uuid.New()
+
+	user := models.User{
+		Id:       id,
+		Name:     Crenetials.Name,
+		Email:    Crenetials.Email,
+		Password: hashedPassword,
+		Phone:    Crenetials.Phone,
+	}
+	if result := psql.PSQL_GORM_DB.Create(&user); result.Error != nil {
+		w.WriteHeader(http.StatusInternalServerError)
+		return
+	}
+	w.WriteHeader(http.StatusCreated)
+}
+
+func hashPassword(password string) (string, error) {
+	bytes, err := bcrypt.GenerateFromPassword([]byte(password), 14)
+	return string(bytes), err
+}

api/src/rt/auth/authMiddleware.go

@@ -0,0 +1,45 @@
+package auth
+
+import (
+	"api/src/models"
+	"context"
+	"net/http"
+
+	"github.com/golang-jwt/jwt/v4"
+)
+
+func AuthMiddleware(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		c, err := r.Cookie("token")
+		if err != nil {
+			if err == http.ErrNoCookie {
+				w.WriteHeader(http.StatusUnauthorized)
+				return
+			}
+			w.WriteHeader(http.StatusBadRequest)
+			return
+		}
+
+		tknStr := c.Value
+		claims := &models.Claims{}
+
+		tkn, err := jwt.ParseWithClaims(tknStr, claims, func(token *jwt.Token) (interface{}, error) {
+			return jwtKey, nil
+		})
+
+		if err != nil {
+			if err == jwt.ErrSignatureInvalid {
+				w.WriteHeader(http.StatusUnauthorized)
+				return
+			}
+			w.WriteHeader(http.StatusBadRequest)
+			return
+		}
+		if !tkn.Valid {
+			w.WriteHeader(http.StatusUnauthorized)
+			return
+		}
+		ctx := context.WithValue(r.Context(), "email", claims.Email)
+		next.ServeHTTP(w, r.WithContext(ctx))
+	})
+}

api/src/rt/auth/auth_test.go

@@ -0,0 +1,16 @@
+package auth
+
+import (
+	"testing"
+
+	"golang.org/x/crypto/bcrypt"
+)
+
+func Test_hashPass(t *testing.T) {
+	password := "some hard password"
+	hash, _ := hashPassword(password)
+	err := bcrypt.CompareHashAndPassword([]byte(hash), []byte(password))
+	if err != nil {
+		t.Errorf("Falis by: %s", err)
+	}
+}