Skip to content

User Authentication and Authorization using JWT#2

Open
sagar23sj wants to merge 51 commits into
developmentfrom
User_Operations
Open

User Authentication and Authorization using JWT#2
sagar23sj wants to merge 51 commits into
developmentfrom
User_Operations

Conversation

@sagar23sj

Copy link
Copy Markdown

Tasks Completed :

  1. Generate JWT Token
  2. Added JWT Middleware for Authentication and Authorization
  3. Login and Logout Handler

Comment thread db/user.go Outdated
Country string `db:"country" json:"country"`
State string `db:"state" json:"state"`
City string `db:"city" json:"city"`
CreatedAt string `db:"created_at" json:"created_at"`

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can we use time.Time instead of string?

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actually we are thinking of removing it since we are neither accepting it from the frontend nor we are sending it back.

Comment thread service/user_http.go Outdated
return
}

user, err1 := deps.Store.GetUser(req.Context(), int(userID))

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can we rename it to err instead of err1?

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes Sure

Comment thread service/user_http.go Outdated
func getUserHandler(deps Dependencies) http.HandlerFunc {
return http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
//fetch usedId from request
authToken := req.Header["Token"]

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

there is a Get method on this Header map, can we use that instead of accessing it directly

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes On it

Comment thread service/user_http.go Outdated
Comment thread service/session_http.go
}

//generateJWT function generates and return a new JWT token
func generateJwt(userID int) (tokenString string, err error) {

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

IMO, Naked returns are okay for smaller functions.. however we should avoid them for longer functions..

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes Indeed, Will change this in the next commit.

Comment thread service/session_http.go Outdated
}

respBytes, err := json.Marshal(authbody)
if err != nil {

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Generally json.Marshal doesn't fail.. however we shouldn't ignore this error..
can we return 5xx from here?

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sure will return from here.

Comment thread service/session_http.go Outdated
err = deps.Store.CreateBlacklistedToken(req.Context(), userBlackListedToken)
if err != nil {
ae.Error(ae.ErrFailedToCreate, "Error creating blaclisted token record", err)
rw.Header().Add("Content-Type", "application/json")

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can we use Header.Set method instead of Header.Add?

because multiple Content-Type doesn't make sense here..

Set method replaces the value of existing.. and Add method appends the value..

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, will use Header.Set method

Comment thread service/session_http.go Outdated
authToken := req.Header["Token"]

//fetching details from the token
userID, expirationTimeStamp, err := getDataFromToken(authToken[0])

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Here, authToken[0] will be index out of range if we don't pass the Token in header.. can we fix this?

or we can use Header.Get method

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We will use Header.Get method

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants