Added JWT authentication functions and models. Initiated ENV Variables for secrets. Formated go code.

Author: PythonHacker24

cmd/laclm/main.go

@@ -26,8 +26,8 @@ func exec() error {
 
 	/* exec() wraps run() protecting it with user interrupts  */
 
-	/* 
-		load config file 
+	/*
+		load config file
 		if there is an error in loading the config file, then it will exit with code 1
 	*/
 	config.LoadConfig("./config.yaml")
@@ -62,22 +62,22 @@ func run(ctx context.Context) error {
 	routes.RegisterRoutes(mux)
 
 	server := &http.Server{
-		Addr:	fmt.Sprintf("%s:%s", 
+		Addr: fmt.Sprintf("%s:%s",
 			config.BackendConfig.Server.Host,
-			config.BackendConfig.Server.Port,	
+			config.BackendConfig.Server.Port,
 		),
-        Handler: mux,
-    }
+		Handler: mux,
+	}
 
 	/* starting http server as a goroutine */
 	go func() {
-        zap.L().Info("HTTP REST API server starting on :8080")
+		zap.L().Info("HTTP REST API server starting on :8080")
 		if err = server.ListenAndServe(); err != http.ErrServerClosed {
-            zap.L().Error("ListenAndServe error", 
+			zap.L().Error("ListenAndServe error",
 				zap.Error(err),
 			)
-        }
-    }()
+		}
+	}()
 
 	/*
 		whatever written here will be protected by graceful shutdowns
@@ -86,24 +86,24 @@ func run(ctx context.Context) error {
 
 	<-ctx.Done()
 
-	/* 
+	/*
 		after this, exit signal is triggered
 		following code must be executed to shutdown graceful shutdown
 		call all the kill switches with context
 	*/
-	
+
 	/* graceful shutdown of http server */
 	shutdownCtx, shutdownCancel := context.WithTimeout(context.Background(), 5*time.Second)
 	defer shutdownCancel()
 
 	/* initiate http server shutdown */
 	if err = server.Shutdown(shutdownCtx); err != nil {
-        zap.L().Error("HTTP server shutdown error", 
+		zap.L().Error("HTTP server shutdown error",
 			zap.Error(err),
 		)
-    }
-	
+	}
+
 	zap.L().Info("HTTP server stopped")
 
-	return err 
+	return err
 }

config.yaml

@@ -37,3 +37,6 @@ filesystem_servers:
 # authentication information
 authentication:
   ldap:
+
+backend_security:
+  jwt_expiry:

config/config.go

@@ -1,6 +1,11 @@
 package config
 
-import "github.com/PythonHacker24/linux-acl-management-backend/internal/models"
+import (
+	"github.com/PythonHacker24/linux-acl-management-backend/internal/models"
+)
 
-/* globally accessible config */
-var BackendConfig models.Config 
+/* globally accessible yaml config */
+var BackendConfig models.Config
+
+/* globally accessible environment variables */
+var EnvConfig models.EnvConfig

config/loader.go

@@ -11,18 +11,30 @@ import (
 func LoadConfig(path string) {
 
 	/* read the yaml config file */
-    data, err := os.ReadFile(path)
-    if err != nil {
-        zap.L().Fatal("Failed to read config file",
+	data, err := os.ReadFile(path)
+	if err != nil {
+		zap.L().Fatal("Failed to read config file",
 			zap.Error(err),
 		)
-    }
+	}
 
 	/* unmarshal the yaml file to defined struct */
-    err = yaml.Unmarshal(data, &BackendConfig)
-    if err != nil {
-        zap.L().Fatal("Failed to parse YAML config", 
+	err = yaml.Unmarshal(data, &BackendConfig)
+	if err != nil {
+		zap.L().Fatal("Failed to parse YAML config",
 			zap.Error(err),
 		)
-    }
+	}
+}
+
+/* loads environment variables */
+func LoadEnv() {
+
+	/* get the JWT_SECRET_KEY from environment variable */
+	secret := os.Getenv("JWT_SECRET_KEY")
+	if secret == "" {
+		zap.L().Fatal("JWT_SECRET_KEY environment variable not set")
+	}
+
+	EnvConfig.JWTSecret = secret
 }

go.mod

@@ -7,6 +7,7 @@ require (
 	github.com/bufbuild/buf v1.53.0 // indirect
 	github.com/go-asn1-ber/asn1-ber v1.5.8-0.20250403174932-29230038a667 // indirect
 	github.com/go-ldap/ldap/v3 v3.4.11 // indirect
+	github.com/golang-jwt/jwt/v5 v5.2.2 // indirect
 	github.com/google/uuid v1.6.0 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
 	go.uber.org/zap v1.27.0 // indirect

go.sum

@@ -6,6 +6,8 @@ github.com/go-asn1-ber/asn1-ber v1.5.8-0.20250403174932-29230038a667 h1:BP4M0CvQ
 github.com/go-asn1-ber/asn1-ber v1.5.8-0.20250403174932-29230038a667/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0=
 github.com/go-ldap/ldap/v3 v3.4.11 h1:4k0Yxweg+a3OyBLjdYn5OKglv18JNvfDykSoI8bW0gU=
 github.com/go-ldap/ldap/v3 v3.4.11/go.mod h1:bY7t0FLK8OAVpp/vV6sSlpz3EQDGcQwc8pF0ujLgKvM=
+github.com/golang-jwt/jwt/v5 v5.2.2 h1:Rl4B7itRWVtYIHFrSNd7vhTiz9UpLdi6gZhZ3wEeDy8=
+github.com/golang-jwt/jwt/v5 v5.2.2/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=

internal/authentication/authentication.go

@@ -0,0 +1,23 @@
+package authentication
+
+import (
+	"time"
+
+	"github.com/PythonHacker24/linux-acl-management-backend/config"
+	"github.com/golang-jwt/jwt/v5"
+)
+
+/* generating jwt token for user identification with specified configs */
+func GenerateJWT(username string) (string, error) {
+	expiryHours := config.BackendConfig.BackendSecurity.JWTExpiry
+	if expiryHours == 0 {
+		expiryHours = 24
+	}
+
+	token := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{
+		"username": username,
+		"exp":      time.Now().Add(time.Hour * time.Duration(expiryHours)).Unix(),
+	})
+
+	return token.SignedString([]byte(config.EnvConfig.JWTSecret))
+}

internal/handlers/handlers.go

@@ -1,8 +1,8 @@
 package handlers
 
 import (
-	"net/http"
 	"encoding/json"
+	"net/http"
 
 	"go.uber.org/zap"
 
@@ -12,16 +12,16 @@ import (
 /* health handler provides status check on the backend server */
 func HealthHandler(w http.ResponseWriter, r *http.Request) {
 	var response models.HealthResponse
-    
-    w.Header().Set("Content-Type", "application/json")
-    w.WriteHeader(http.StatusOK)
 
-    response.Status = "ok"
-    if err := json.NewEncoder(w).Encode(response); err != nil {
-        zap.L().Error("Failed to send health response from the handler",
+	w.Header().Set("Content-Type", "application/json")
+	w.WriteHeader(http.StatusOK)
+
+	response.Status = "ok"
+	if err := json.NewEncoder(w).Encode(response); err != nil {
+		zap.L().Error("Failed to send health response from the handler",
 			zap.Error(err),
 		)
-    }
+	}
 }
 
 /* allows users to create a session */
@@ -30,48 +30,48 @@ func LoginHandler(w http.ResponseWriter, r *http.Request) {
 
 	/* decode json response*/
 	err := json.NewDecoder(r.Body).Decode(&user)
-    if err != nil {
+	if err != nil {
 		zap.L().Warn("A request with invalid body recieved")
-        http.Error(w, "Invalid request body", http.StatusBadRequest)
-        return
-    }
+		http.Error(w, "Invalid request body", http.StatusBadRequest)
+		return
+	}
 
 	/* check if username and password exists */
 	if user.Username == "" || user.Password == "" {
 		zap.L().Warn("A request with no username or password recieved")
-        http.Error(w, "Username and password are required", http.StatusBadRequest)
-        return
-    }
+		http.Error(w, "Username and password are required", http.StatusBadRequest)
+		return
+	}
 
 	/* authenticate the user with ldap */
 	authStatus := ldap.AuthenticateUser()
-    if !authStatus {
+	if !authStatus {
 		zap.L().Warn("A request with invalid credentials recieved")
-        http.Error(w, "Invalid credentials", http.StatusUnauthorized)
-        return
-    }
+		http.Error(w, "Invalid credentials", http.StatusUnauthorized)
+		return
+	}
 
 	/* create a session if user exists */
 	sessionmanager.CreateSession(user.Username)
 
 	/* create a JWT token for the user */
 	token, err := authentication.GenerateJWT(user.Username)
-    if err != nil {
-        zap.L().Error("Error generating token", 
+	if err != nil {
+		zap.L().Error("Error generating token",
 			zap.Error(err),
 		)
-        http.Error(w, "Error generating token", http.StatusInternalServerError)
-        return
-    }
+		http.Error(w, "Error generating token", http.StatusInternalServerError)
+		return
+	}
 
 	/* send response with JWT token to the user */
 	response := map[string]string{"token": token}
-    w.Header().Set("Content-Type", "application/json")
-    if err := json.NewEncoder(w).Encode(response); err != nil {
-        zap.L().Error("Failed to encode response", 
+	w.Header().Set("Content-Type", "application/json")
+	if err := json.NewEncoder(w).Encode(response); err != nil {
+		zap.L().Error("Failed to encode response",
 			zap.Error(err),
 		)
-        http.Error(w, "Failed to encode response", http.StatusInternalServerError)
-        return
-    }
+		http.Error(w, "Failed to encode response", http.StatusInternalServerError)
+		return
+	}
 }

internal/ldap/ldap.go

@@ -2,7 +2,7 @@ package ldap
 
 import (
 	"fmt"
-	"go.uber.org/zap"	
+	"go.uber.org/zap"
 
 	"github.com/go-ldap/ldap/v3"
 )
@@ -20,70 +20,70 @@ func AuthenticateUser(username, password, searchbase string) bool {
 
 	/* dial to the ldap server */
 	l, err := ldap.DialURL("")
-    if err != nil {
-        zap.L().Error("Failed to connect to LDAP Server", 
+	if err != nil {
+		zap.L().Error("Failed to connect to LDAP Server",
 			zap.Error(err),
 		)
-        return false
-    }
-    defer l.Close()
-	
+		return false
+	}
+	defer l.Close()
+
 	/* authenticating with the ldap server with admin */
 	err = l.Bind("", "")
-    if err != nil {
-        zap.L().Error("Admin authentication failed",
+	if err != nil {
+		zap.L().Error("Admin authentication failed",
 			zap.Error(err),
 		)
-        return false
-    }
+		return false
+	}
 
 	/* creating a search request for ldap server */
 	searchRequest := ldap.NewSearchRequest(
-        searchbase,
-        ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
+		searchbase,
+		ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
 
 		/* Searching by username */
-        fmt.Sprintf("(uid=%s)", username),
-		
+		fmt.Sprintf("(uid=%s)", username),
+
 		/* We only need the DN */
-        []string{"dn"}, 
-        nil,
-    )
+		[]string{"dn"},
+		nil,
+	)
 
 	/* searching the ldap server for credentials */
 	searchResult, err := l.Search(searchRequest)
-    if err != nil {
-        zap.L().Error("LDAP search failed",
+	if err != nil {
+		zap.L().Error("LDAP search failed",
 			zap.Error(err),
 		)
-        return false
-    }
+		return false
+	}
 
 	/* checking if search result is empty */
 	if len(searchResult.Entries) == 0 {
-        zap.L().Error("User not found in LDAP", 
+		zap.L().Error("User not found in LDAP",
 			zap.String("username", username),
 			zap.Error(err),
 		)
-        return false
-    }
+		return false
+	}
 
 	userDN := searchResult.Entries[0].DN
 
 	/* checking if the user exists */
 	err = l.Bind(userDN, password)
-    if err != nil {
-        zap.L().Error("User authentication failed", 
+	if err != nil {
+		zap.L().Error("User authentication failed",
 			zap.String("Username", username),
 			zap.Error(err),
 		)
-        return false
-    }
+		return false
+	}
 
 	/* authentication successful */
-	zap.L().Info("User authentication successful", 
+	zap.L().Info("User authentication successful",
 		zap.String("username", username),
 	)
 
-    return true
+	return true
 }