add: jwt for api access control

Author: virakthaka

README.md

@@ -1,6 +1,6 @@
 # Golang CRUD Service
 
-This is a sample CRUD service built with Golang, demonstrating a layered architecture that separates concerns into handler, service, repository, and model layers. The project uses **TiDB** as the relational database and **Redis** for caching and other in-memory operations.
+This is a sample CRUD service built with Golang, demonstrating a layered architecture that separates concerns into handler, service, repository, and model layers. The project uses **TiDB** as the relational database, **Redis** for caching and other in-memory operations, and **JWT** for authentication.
 
 ## 🚀 Project Purpose
 
@@ -15,6 +15,7 @@ Build a sample CRUD service API with Golang to showcase clean code structure and
 - **[Redis](https://redis.io)** — In-memory data store
 - **[Validator](https://github.com/go-playground/validator)** — Input validation
 - **[Copier](https://github.com/jinzhu/copier)** — Object copying for DTOs
+- **[JWT](https://github.com/golang-jwt/jwt)** — JSON Web Token implementation for authentication
 
 ## 📁 Project Structure
 
@@ -23,27 +24,29 @@ Build a sample CRUD service API with Golang to showcase clean code structure and
 │   └── app/
 │       └── main.go                # Application entry point
 ├── pkg/                           # Shared package configure
-│   └── bcrypt/
-|       └── bcrypt.go              # Bcrypt hashing                 
-│   └── redis/                     
-|       └── redis.go               # Redis configuration
-│   └── db/                        
-|       └── db.go                  # DB configuration
+│   └── crypto/
+│       └── aes.go                 # Advanced Encryption Standard encryption
+│       └── bcrypt.go              # Bcrypt hashing
+│   └── redis/
+│       └── redis.go               # Redis configuration
+│   └── db/
+│       └── db.go                  # DB configuration
 ├── api/
 │   └── student/
 │       ├── route.go               # Student-related endpoints
 │       └── handler.go             # Logic for handling student API requests
 ├── internal/
-│   ├── service/                   # Business logic, called from handler
+│   ├── middleware/                # HTTP middleware (e.g., auth, logging)
 │   ├── repository/                # Data access layer (calls GORM & queries DB)
+│   ├── service/                   # Business logic, called from handler
 │   ├── model/                     # Database models/entities
 │   └── dto/                       # DTOs for transforming request/response data
 ```
 
 ## 📌 Key Concepts
 
 - **Layered Architecture**: Divides the project into clear layers for maintainability and scalability.
-- **DTO Pattern**: Uses `copier` to map between internal models and response/request structures.
+- **DTO Pattern**: Uses `copier` to map between internal models and request/response structures.
 - **Validation**: Ensures request payloads are validated with `go-playground/validator`.
 - **ORM**: Leverages GORM to interact with TiDB in a concise and type-safe way.
 
@@ -63,10 +66,9 @@ Build a sample CRUD service API with Golang to showcase clean code structure and
 ## 🔧 Future Enhancements
 
 - Add unit tests and integration tests
-- Implement authentication and authorization
 - Dockerize the application
 - Add Swagger/OpenAPI documentation
 
 ## 📄 License
 
-This project is open-source and available under the [MIT License](LICENSE).
+This project is open-source and available under the [MIT License]().

api/auth/handler.go

@@ -1,40 +1,90 @@
 package auth
 
 import (
-	"learn-fiber/api/response"
-	"learn-fiber/config"
-	"learn-fiber/internal/util/common"
-	"time"
-
 	"github.com/gofiber/fiber/v2"
-	"github.com/golang-jwt/jwt/v5"
+	"github.com/jinzhu/copier"
 	"gorm.io/gorm"
+	"learn-fiber/api/response"
+	"learn-fiber/internal/constant"
+	"learn-fiber/internal/dto"
+	"learn-fiber/internal/ierror"
+	"learn-fiber/internal/service"
+	"learn-fiber/internal/util/common"
+	"learn-fiber/internal/util/validator"
 )
 
 type Handler struct {
-	db *gorm.DB
+	svc service.Auth
 }
 
 func NewHandler(db *gorm.DB) *Handler {
-	return &Handler{db: db}
+	svc := service.NewAuth(db)
+	return &Handler{svc: svc}
 }
 
 func (h *Handler) Login(c *fiber.Ctx) error {
-	req, err := common.GetRequestBody[Request](c)
+	req, _ := common.GetRequestBody[dto.LoginRequest](c)
+	if hasError, err := validator.V.Valid(req); hasError {
+		return ierror.NewValidationError(err)
+	}
+	result, err := h.svc.Login(req)
+	if err != nil {
+		return ierror.NewClientError(200, ierror.ErrCodeAuthenticationError, err.Error())
+	}
+	var res TokenResponse
+	if err = copier.Copy(&res, &result); err != nil {
+		return ierror.NewServerError(ierror.ErrCodeDtoError, err.Error())
+	}
+	return response.SendSuccessResponse(c, res)
+}
+
+func (h *Handler) Logout(c *fiber.Ctx) error {
+	token, err := common.GetAccessToken(c)
+	if err != nil {
+		return ierror.NewAuthenticationError(ierror.ErrCodeAuthenticationError, err.Error())
+	}
+	if err := h.svc.Logout(token); err != nil {
+		return ierror.NewServerError(ierror.ErrCodeTokenError, err.Error())
+	}
+	return response.SendSuccessResponse(c, constant.Success)
+}
+
+func (h *Handler) RenewToken(c *fiber.Ctx) error {
+	req, _ := common.GetRequestBody[dto.RenewTokenRequest](c)
+	if hasError, err := validator.V.Valid(req); hasError {
+		return ierror.NewValidationError(err)
+	}
+	result, err := h.svc.RenewToken(req)
 	if err != nil {
-		return err
+		return ierror.NewClientError(200, ierror.ErrCodeAuthenticationError, err.Error())
+	}
+	var res TokenResponse
+	if err = copier.Copy(&res, &result); err != nil {
+		return ierror.NewServerError(ierror.ErrCodeDtoError, err.Error())
 	}
+	return response.SendSuccessResponse(c, res)
 
-	token := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{
-		"username": req.Username,
-		"role":     "admin",
-		"exp":      time.Now().Add(time.Hour * 1).Unix(),
-	})
+}
 
-	secret := []byte(config.Cfg.JWT.Secret)
-	res, err := token.SignedString(secret)
+func (h *Handler) Info(c *fiber.Ctx) error {
+	result, err := h.svc.Info(common.GetUser(c))
 	if err != nil {
-		return c.Status(500).JSON(fiber.Map{"error": "Could not generate token"})
+		return ierror.NewClientError(200, ierror.ErrCodeAuthenticationError, err.Error())
+	}
+	var res UserResponse
+	if err = copier.Copy(&res, &result); err != nil {
+		return ierror.NewServerError(ierror.ErrCodeDtoError, err.Error())
 	}
 	return response.SendSuccessResponse(c, res)
 }
+
+func (h *Handler) ChangePassword(c *fiber.Ctx) error {
+	req, _ := common.GetRequestBody[dto.ChangePassRequest](c)
+	if hasError, err := validator.V.Valid(req); hasError {
+		return ierror.NewValidationError(err)
+	}
+	if err := h.svc.ChangePassword(common.GetUser(c), req); err != nil {
+		return ierror.NewClientError(200, ierror.ErrCodeValidationError, err.Error())
+	}
+	return response.SendSuccessResponse(c, constant.Success)
+}

api/auth/request.go

@@ -0,0 +1,13 @@
+package auth
+
+type TokenResponse struct {
+	Expired      int64  `json:"expired"`
+	AccessToken  string `json:"accessToken"`
+	RefreshToken string `json:"refreshToken"`
+}
+
+type UserResponse struct {
+	Id       uint   `json:"id"`
+	Username string `json:"username"`
+	Role     string `json:"role"`
+}

api/auth/response.go

@@ -3,10 +3,15 @@ package auth
 import (
 	"github.com/gofiber/fiber/v2"
 	"gorm.io/gorm"
+	"learn-fiber/internal/middleware"
 )
 
 func AddRoutes(r fiber.Router, db *gorm.DB) {
 	handler := NewHandler(db)
 	router := r.Group("/auth")
 	router.Post("login", handler.Login)
+	router.Post("renew-token", handler.RenewToken)
+	router.Get("info", middleware.JWTProtected(), handler.Info)
+	router.Post("logout", middleware.JWTProtected(), handler.Logout)
+	router.Post("change-password", middleware.JWTProtected(), handler.ChangePassword)
 }

api/auth/routes.go

@@ -1,7 +1,9 @@
 package department
 
 import (
+	"errors"
 	"learn-fiber/api/response"
+	"learn-fiber/internal/constant"
 	"learn-fiber/internal/dto"
 	"learn-fiber/internal/ierror"
 	"learn-fiber/internal/service"
@@ -14,36 +16,43 @@ import (
 )
 
 type Handler struct {
-	service service.Department
+	svc service.Department
 }
 
 func NewHandler(db *gorm.DB) *Handler {
 	svc := service.NewDepartment(db)
-	return &Handler{service: svc}
+	return &Handler{svc: svc}
 }
 
 func (h *Handler) GetList(c *fiber.Ctx) error {
 	query, _ := common.GetQueryParam[dto.QueryParams](c)
 	if hasError, err := validator.V.Valid(query); hasError {
 		return ierror.NewValidationError(err)
 	}
-	result, page, err := h.service.GetAllDepartment(query)
+	result, page, err := h.svc.GetAllDepartment(query)
 	if err != nil {
-		return response.SendFailResponse(c, err.Error())
+		return ierror.NewServerError(ierror.ErrCodeDatabaseError, err.Error())
 	}
 	var res []Response
-	_ = copier.Copy(&res, &result)
+	if err = copier.Copy(&res, &result); err != nil {
+		return ierror.NewServerError(ierror.ErrCodeDtoError, err.Error())
+	}
 	return response.SendSuccessResponsePaging(c, res, page)
 }
 
 func (h *Handler) GetById(c *fiber.Ctx) error {
 	id := c.Params("id")
-	result, err := h.service.GetDepartment(id)
+	result, err := h.svc.GetDepartment(id)
 	if err != nil {
-		return response.SendFailResponse(c, err.Error())
+		if errors.Is(err, gorm.ErrRecordNotFound) {
+			return response.SendSuccessResponse(c, err.Error())
+		}
+		return ierror.NewServerError(ierror.ErrCodeDatabaseError, err.Error())
 	}
 	var res Response
-	_ = copier.Copy(&res, &result)
+	if err = copier.Copy(&res, &result); err != nil {
+		return ierror.NewServerError(ierror.ErrCodeDtoError, err.Error())
+	}
 	return response.SendSuccessResponse(c, res)
 }
 
@@ -52,12 +61,14 @@ func (h *Handler) Create(c *fiber.Ctx) error {
 	if hasError, err := validator.V.Valid(req); hasError {
 		return ierror.NewValidationError(err)
 	}
-	result, err := h.service.CreateDepartment(req)
+	result, err := h.svc.CreateDepartment(req)
 	if err != nil {
-		return response.SendFailResponse(c, err.Error())
+		return ierror.NewServerError(ierror.ErrCodeDatabaseError, err.Error())
 	}
 	var res Response
-	_ = copier.Copy(&res, &result)
+	if err = copier.Copy(&res, &result); err != nil {
+		return ierror.NewServerError(ierror.ErrCodeDtoError, err.Error())
+	}
 	return response.SendSuccessResponse(c, res)
 }
 
@@ -66,17 +77,24 @@ func (h *Handler) Update(c *fiber.Ctx) error {
 	if hasError, err := validator.V.Valid(req); hasError {
 		return ierror.NewValidationError(err)
 	}
-	result, err := h.service.UpdateDepartment(req)
+	result, err := h.svc.UpdateDepartment(req)
 	if err != nil {
-		return response.SendFailResponse(c, err.Error())
+		if errors.Is(err, gorm.ErrRecordNotFound) {
+			return ierror.NewClientError(200, ierror.ErrCodeDataNotFound, err.Error())
+		}
+		return ierror.NewServerError(ierror.ErrCodeDatabaseError, err.Error())
 	}
 	var res Response
-	_ = copier.Copy(&res, &result)
+	if err = copier.Copy(&res, &result); err != nil {
+		return ierror.NewServerError(ierror.ErrCodeDtoError, err.Error())
+	}
 	return response.SendSuccessResponse(c, res)
 }
 
 func (h *Handler) Delete(c *fiber.Ctx) error {
 	id := c.Params("id")
-	_ = h.service.DeleteDepartment(id)
-	return response.SendSuccessResponse(c, nil)
+	if err := h.svc.DeleteDepartment(id); err != nil {
+		return ierror.NewServerError(ierror.ErrCodeDatabaseError, err.Error())
+	}
+	return response.SendSuccessResponse(c, constant.Success)
 }

api/department/handler.go

@@ -11,7 +11,7 @@ import (
 type SuccessResponse struct {
 	Message string                   `json:"message,omitempty"`
 	Paging  *pagination.PageResponse `json:"pagination,omitempty"`
-	Data    interface{}              `json:"data,omitempty"`
+	Data    interface{}              `json:"data"`
 }
 
 func SendSuccessResponse(c *fiber.Ctx, data interface{}) error {