Add JWT authentication

Author: solomonng2001

apps/config/.gitignore

@@ -0,0 +1 @@
+.env

apps/question-service/.gitignore

@@ -1,5 +1,6 @@
 # Ignore private key json file
 cs3219-g24-firebase-adminsdk-9cm7h-b1675603ab.json
+cs3219-g24-staging-firebase-adminsdk-suafv-9c0d1b2299.json
 test_create_api_results.txt
 test_list_api_results.txt
 test_update_api_results.txt

apps/question-service/go.mod

@@ -25,7 +25,7 @@ require (
 	github.com/go-chi/cors v1.2.1
 	github.com/go-logr/logr v1.4.2 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
-	github.com/golang-jwt/jwt/v4 v4.5.0 // indirect
+	github.com/golang-jwt/jwt/v4 v4.5.0
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.4 // indirect
 	github.com/google/s2a-go v0.1.8 // indirect

apps/question-service/main.go

@@ -8,6 +8,7 @@ import (
 	"net/http"
 	"os"
 	"question-service/handlers"
+	mymiddleware "question-service/middleware"
 	"question-service/utils"
 	"time"
 
@@ -42,6 +43,12 @@ func main() {
 		log.Fatal("Error loading .env file")
 	}
 
+	// Load config/.env file
+	err = godotenv.Load("../config/.env")
+	if err != nil {
+		log.Fatal("Error loading .env file")
+	}
+
 	// Initialize Firestore client
 	ctx := context.Background()
 	firebaseCredentialPath := os.Getenv("FIREBASE_CREDENTIAL_PATH")
@@ -65,6 +72,7 @@ func main() {
 	r := chi.NewRouter()
 	r.Use(middleware.Logger)
 	r.Use(middleware.Timeout(60 * time.Second))
+	r.Use(mymiddleware.VerifyJWT)
 
 	r.Use(cors.Handler(cors.Options{
 		// AllowedOrigins: []string{"http://localhost:3000"}, // Use this to allow specific origin hosts

apps/question-service/middleware/basic-access-control.go

@@ -0,0 +1,45 @@
+package middleware
+
+import (
+	"github.com/golang-jwt/jwt/v4"
+	"net/http"
+	"os"
+	"strings"
+)
+
+func VerifyJWT(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		// Get the token from the Authorization header
+		authHeader := r.Header.Get("Authorization")
+		if authHeader == "" {
+			http.Error(w, "Authorization header is missing", http.StatusUnauthorized)
+			return
+		}
+
+		// Split the header to get the token
+		tokenString := strings.Split(authHeader, " ")[1]
+
+		// Retrieve the JWT secret from environment variables
+		jwtSecret := []byte(os.Getenv("JWT_SECRET"))
+		if jwtSecret == nil {
+			http.Error(w, "JWT secret is not set", http.StatusInternalServerError)
+			return
+		}
+
+		// Parse the token
+		token, err := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) {
+			if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
+				return nil, http.ErrNotSupported
+			}
+			return jwtSecret, nil
+		})
+
+		if err != nil || !token.Valid {
+			http.Error(w, "Invalid token", http.StatusUnauthorized)
+			return
+		}
+
+		// Optionally, you can extract claims from the token and attach them to the request context
+		next.ServeHTTP(w, r)
+	})
+}