Add auth endpoints and user migrations

simondanielsson · simondanielsson · commit d0d87aa553d6 · 2025-08-28T16:50:35.000+02:00
diff --git a/cmd/internal/queries/models.go b/cmd/internal/queries/models.go
diff --git a/cmd/internal/queries/query.sql.go b/cmd/internal/queries/query.sql.go
diff --git a/cmd/internal/routes/routes.go b/cmd/internal/routes/routes.go
@@ -30,6 +30,8 @@ func RegisterRoutes(mux *http.ServeMux, logger logging.Logger) {
 	mux.Handle("DELETE /api/v1/recitals/{id}", deleteRecitalHandler(logger))
 	mux.Handle("GET /api/v1/recitals/{id}/listen", mainpageHandler(logger))
 	mux.Handle("GET /api/v1/recitals/{id}/audio", streamRecitalAudioHandler(logger))
+	mux.Handle("POST /api/v1/users", createUserHandler(logger))
+	mux.Handle("GET /api/v1/auth", loginUserHandler(logger))
 }
 
 func mainpageHandler(logger logging.Logger) http.Handler {
diff --git a/cmd/internal/routes/user_routes.go b/cmd/internal/routes/user_routes.go
@@ -0,0 +1,86 @@
+package routes
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"time"
+
+	"github.com/jackc/pgx/v5/pgtype"
+	constants "github.com/simondanielsson/recite/cmd/internal"
+	"github.com/simondanielsson/recite/cmd/internal/logging"
+	"github.com/simondanielsson/recite/cmd/internal/queries"
+	"github.com/simondanielsson/recite/cmd/internal/utils"
+)
+
+func createUserHandler(logger logging.Logger) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		email := r.FormValue("email")
+		password := r.FormValue("password")
+
+		ctx := r.Context()
+
+		passwordHash, err := utils.HashPassword(password)
+		if err != nil {
+			respondWithOpaqueMessage(ctx, w, r, err, logger)
+			return
+		}
+
+		repository, ok := ctx.Value(constants.RepositoryKey).(*queries.Queries)
+		if !ok {
+			respondWithOpaqueMessage(ctx, w, r, fmt.Errorf("failed loading repository"), logger)
+			return
+		}
+
+		userArgs := queries.CreateUserParams{
+			Email:        email,
+			PasswordHash: passwordHash,
+			CreatedAt:    pgtype.Date{Time: time.Now(), InfinityModifier: pgtype.Finite, Valid: true},
+		}
+		_, err = repository.CreateUser(ctx, userArgs)
+		if err != nil {
+			repondWithErrorMessage(w, r, "Failed creating user", http.StatusInternalServerError, logger)
+			return
+		}
+
+		status := http.StatusOK
+		w.WriteHeader(status)
+		// A bit hacky way towrite override the existing context
+		ctx = context.WithValue(ctx, constants.StatusCodeKey, status)
+		*r = *(r.WithContext(ctx))
+	})
+}
+
+func loginUserHandler(logger logging.Logger) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		ctx := r.Context()
+		repository, ok := ctx.Value(constants.RepositoryKey).(*queries.Queries)
+		if !ok {
+			respondWithOpaqueMessage(ctx, w, r, fmt.Errorf("failed loading repository"), logger)
+			return
+		}
+
+		email, password, ok := r.BasicAuth()
+		if !ok {
+			repondWithErrorMessage(w, r, "could not get credentials", http.StatusBadRequest, logger)
+			return
+		}
+
+		user, err := repository.GetUser(ctx, email)
+		if err != nil {
+			message := fmt.Sprintf("User with email %s not found", email)
+			repondWithErrorMessage(w, r, message, http.StatusNotFound, logger)
+			return
+		}
+		if err := utils.ValidatePassword(password, user.PasswordHash); err != nil {
+			repondWithErrorMessage(w, r, "Incorrect password", http.StatusBadRequest, logger)
+			return
+		}
+
+		status := http.StatusOK
+		w.WriteHeader(status)
+		// A bit hacky way towrite override the existing context
+		ctx = context.WithValue(ctx, constants.StatusCodeKey, status)
+		*r = *(r.WithContext(ctx))
+	})
+}
diff --git a/cmd/internal/server/server.go b/cmd/internal/server/server.go
@@ -5,6 +5,7 @@ import (
 	"net/http"
 
 	"github.com/jackc/pgx/v5/pgxpool"
+	"github.com/rs/cors"
 	"github.com/simondanielsson/recite/cmd/internal/config"
 	"github.com/simondanielsson/recite/cmd/internal/db"
 	"github.com/simondanielsson/recite/cmd/internal/logging"
@@ -23,6 +24,7 @@ func New(config config.Config, DB *pgxpool.Pool, logger logging.Logger) App {
 	var handler http.Handler = mux
 	handler = logging.AddLoggingMiddleware(handler, logger)
 	handler = db.AddDatabaseMiddleware(handler, DB, logger)
+	handler = cors.AllowAll().Handler(handler)
 
 	return App{
 		Server: http.Server{
diff --git a/cmd/internal/utils/jwt.go b/cmd/internal/utils/jwt.go
@@ -0,0 +1,53 @@
+package utils
+
+import (
+	"time"
+
+	"github.com/golang-jwt/jwt"
+)
+
+type JWTClaims struct {
+	UserID uint `json:"user_id"`
+	jwt.StandardClaims
+}
+
+var jwtKey []byte
+
+func SetJWTKey(key string) {
+	jwtKey = []byte(key)
+}
+
+// CreateJWTToken creates a JWT token with the given user ID
+func CreateJWTToken(userID uint) (string, error) {
+	expirationTime := time.Now().Add(1 * time.Hour)
+	claims := &JWTClaims{
+		UserID: userID,
+		StandardClaims: jwt.StandardClaims{
+			ExpiresAt: expirationTime.Unix(),
+		},
+	}
+
+	token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
+	token_string, err := token.SignedString(jwtKey)
+	if err != nil {
+		return "", err
+	}
+
+	return token_string, nil
+}
+
+// ParseJWTToken parses a JWT token and returns the claims
+func ParseJWTToken(token string) (*JWTClaims, error) {
+	claims := &JWTClaims{}
+	tkn, err := jwt.ParseWithClaims(token, claims, func(token *jwt.Token) (any, error) {
+		return jwtKey, nil
+	})
+	if err != nil {
+		return nil, err
+	}
+	if !tkn.Valid {
+		return nil, err
+	}
+
+	return claims, nil
+}
diff --git a/cmd/internal/utils/password.go b/cmd/internal/utils/password.go
@@ -0,0 +1,15 @@
+package utils
+
+import "golang.org/x/crypto/bcrypt"
+
+func HashPassword(password string) (string, error) {
+	hashedPassword, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
+	if err != nil {
+		return "", err
+	}
+	return string(hashedPassword), nil
+}
+
+func ValidatePassword(password, hashedPassword string) error {
+	return bcrypt.CompareHashAndPassword([]byte(hashedPassword), []byte(password))
+}
diff --git a/db/migrations/20250828135954_create_users_table.sql b/db/migrations/20250828135954_create_users_table.sql
@@ -0,0 +1,10 @@
+-- migrate:up
+CREATE TABLE users (
+  id SERIAL PRIMARY KEY,
+  email TEXT NOT NULL,
+  password_hash TEXT NOT NULL,
+  created_at DATE NOT NULL
+);
+
+-- migrate:down
+DROP TABLE users;
diff --git a/db/query.sql b/db/query.sql
@@ -22,3 +22,11 @@ RETURNING *;
 -- name: DeleteRecital :exec
 DELETE FROM recitals WHERE id = $1
 RETURNING *;
+
+-- name: GetUser :one
+SELECT * FROM users WHERE email = $1;
+
+-- name: CreateUser :one
+INSERT INTO users (email, password_hash, created_at)
+VALUES ($1, $2, $3)
+RETURNING *;
diff --git a/go.mod b/go.mod
@@ -14,13 +14,15 @@ require (
 require (
 	github.com/andybalholm/cascadia v1.3.3 // indirect
 	github.com/ebitengine/purego v0.8.0 // indirect
+	github.com/golang-jwt/jwt v3.2.2+incompatible // indirect
 	github.com/goph/emperror v0.17.1 // indirect
 	github.com/jackc/pgpassfile v1.0.0 // indirect
 	github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761 // indirect
 	github.com/jackc/pgx/v5 v5.7.5 // indirect
 	github.com/jackc/puddle/v2 v2.2.2 // indirect
 	github.com/konsorten/go-windows-terminal-sequences v1.0.1 // indirect
 	github.com/pkg/errors v0.8.1 // indirect
+	github.com/rs/cors v1.11.1 // indirect
 	github.com/sirupsen/logrus v1.3.0 // indirect
 	github.com/tidwall/gjson v1.14.4 // indirect
 	github.com/tidwall/match v1.1.1 // indirect
diff --git a/go.sum b/go.sum
@@ -21,6 +21,8 @@ github.com/getsentry/raven-go v0.2.0/go.mod h1:KungGk8q33+aIAZUIVWZDr2OfAEBsO49P
 github.com/go-check/check v0.0.0-20180628173108-788fd7840127 h1:0gkP6mzaMqkmpcJYCFOLkIBwI7xFExG03bbkOkCvUPI=
 github.com/go-check/check v0.0.0-20180628173108-788fd7840127/go.mod h1:9ES+weclKsC9YodN5RgxqK/VD9HM9JsCSh7rNhMZE98=
 github.com/gofrs/uuid v3.2.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=
+github.com/golang-jwt/jwt v3.2.2+incompatible h1:IfV12K8xAKAnZqdXVzCZ+TOjboZ2keLg81eXfW3O+oY=
+github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I=
 github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/goph/emperror v0.17.1 h1:6lOybhIvG/BB6VGoWfdv30FVZeZFBBZ9VvgzGXLVkyY=
@@ -64,6 +66,8 @@ github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINE
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/rollbar/rollbar-go v1.0.2/go.mod h1:AcFs5f0I+c71bpHlXNNDbOWJiKwjFDtISeXco0L5PKQ=
+github.com/rs/cors v1.11.1 h1:eU3gRzXLRK57F5rKMGMZURNdIG4EoAmX8k94r9wXWHA=
+github.com/rs/cors v1.11.1/go.mod h1:XyqrcTp5zjWr1wsJ8PIRZssZ8b/WMcMf71DJnit4EMU=
 github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
 github.com/sirupsen/logrus v1.3.0 h1:hI/7Q+DtNZ2kINb6qt/lS+IyXnHQe9e90POfeewL/ME=
 github.com/sirupsen/logrus v1.3.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=

Original file line number	Diff line number	Diff line change
`@@ -30,6 +30,8 @@ func RegisterRoutes(mux *http.ServeMux, logger logging.Logger) {`
`30`	`30`	`mux.Handle("DELETE /api/v1/recitals/{id}", deleteRecitalHandler(logger))`
`31`	`31`	`mux.Handle("GET /api/v1/recitals/{id}/listen", mainpageHandler(logger))`
`32`	`32`	`mux.Handle("GET /api/v1/recitals/{id}/audio", streamRecitalAudioHandler(logger))`
	`33`	`+ mux.Handle("POST /api/v1/users", createUserHandler(logger))`
	`34`	`+ mux.Handle("GET /api/v1/auth", loginUserHandler(logger))`
`33`	`35`	`}`
`34`	`36`
`35`	`37`	`func mainpageHandler(logger logging.Logger) http.Handler {`