From 655dd3221b63413b3b6ddfec76f2d6a87bf7c243 Mon Sep 17 00:00:00 2001 From: Seyora24 Date: Thu, 6 Jul 2023 10:19:37 +0700 Subject: [PATCH] JWT Authorization --- controllers/postController.go | 167 ++++++++++++++++++++++++++++++---- 1 file changed, 148 insertions(+), 19 deletions(-) diff --git a/controllers/postController.go b/controllers/postController.go index e2ffb75..fd904cc 100644 --- a/controllers/postController.go +++ b/controllers/postController.go @@ -1,27 +1,33 @@ package controllers import ( + "net/http" + "os" + "time" "tugas1/initializers" "tugas1/models" "github.com/gin-gonic/gin" + "github.com/golang-jwt/jwt/v4" + "golang.org/x/crypto/bcrypt" ) func PostsCreate(c *gin.Context) { // Get dataoff req body var body struct { - Name string - Email string - Gender string - Address string - Tempat string - TLahir string + Name string + Email string + Password string + Gender string + Address string + Tempat string + TLahir string } c.Bind((&body)) // Create a post - post := models.Post{Name: body.Name, Email: body.Email, Gender: body.Gender, + post := models.Post{Name: body.Name, Email: body.Email, Password: body.Password, Gender: body.Gender, Address: body.Address, Tempat: body.Tempat, TLahir: body.TLahir} result := initializers.DB.Create(&post) @@ -68,12 +74,13 @@ func PostsUpdate(c *gin.Context) { // Get the data off req body var body struct { - Name string - Email string - Gender string - Address string - Tempat string - TLahir string + Name string + Email string + Password string + Gender string + Address string + Tempat string + TLahir string } c.Bind(&body) @@ -84,12 +91,13 @@ func PostsUpdate(c *gin.Context) { // Updated it initializers.DB.Model(&post).Updates(models.Post{ - Name: body.Name, - Email: body.Email, - Gender: body.Gender, - Address: body.Address, - Tempat: body.Tempat, - TLahir: body.TLahir, + Name: body.Name, + Email: body.Email, + Password: body.Password, + Gender: body.Gender, + Address: body.Address, + Tempat: body.Tempat, + TLahir: body.TLahir, }) // Respond with it @@ -108,3 +116,124 @@ func PostsDelete(c *gin.Context) { // Respond c.Status(200) } + +func SignUp(c *gin.Context) { + // Get the email/pass of req body + var body struct { + Name string + Email string + Password string + Gender string + Address string + Tempat string + TLahir string + } + + if c.Bind(&body) != nil { + c.JSON(http.StatusBadRequest, gin.H{ + "error": "Failed to read body", + }) + + return + } + + // Hash the password + hash, err := bcrypt.GenerateFromPassword([]byte(body.Password), 10) + + if err != nil { + c.JSON(http.StatusBadRequest, gin.H{ + "error": "Failed to hash password", + }) + + return + } + + // Create the user + user := models.Post{Name: body.Name, Email: body.Email, Password: string(hash), Gender: body.Gender, + Address: body.Address, Tempat: body.Tempat, TLahir: body.TLahir} + result := initializers.DB.Create(&user) + + if result.Error != nil { + c.JSON(http.StatusBadRequest, gin.H{ + "error": "Failed to create user", + }) + + return + } + + // Respond + c.JSON(http.StatusOK, gin.H{}) +} + +func Login(c *gin.Context) { + // Get the email and password for req body + var body struct { + Name string + Email string + Password string + Gender string + Address string + Tempat string + TLahir string + } + + if c.Bind(&body) != nil { + c.JSON(http.StatusBadRequest, gin.H{ + "error": "Failed to read body", + }) + + return + } + // Look up requested user + var user models.Post + initializers.DB.First(&user, "email = ?", body.Email) + + if user.ID == 0 { + c.JSON(http.StatusBadRequest, gin.H{ + "error": "Invalid email", + }) + + return + } + // Compare sent in password with saved user password hash + err := bcrypt.CompareHashAndPassword([]byte(user.Password), []byte(body.Password)) + + if err != nil { + c.JSON(http.StatusBadRequest, gin.H{ + "error": "Invalid password", + }) + + return + } + + // Generate a jwt token + token := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{ + "sub": user.ID, + "exp": time.Now().Add(time.Hour * 24 * 30).Unix(), + }) + + // Sign and get the complete encoded token as a string using the secret + tokenString, err := token.SignedString([]byte(os.Getenv("SECRET"))) + + if err != nil { + c.JSON(http.StatusBadRequest, gin.H{ + "error": "Failed to create token", + }) + + return + } + + // Send it back + c.SetSameSite(http.SameSiteLaxMode) + c.SetCookie("Authorization", tokenString, 3600*24*30, "", "", false, true) + + c.JSON(http.StatusOK, gin.H{}) +} + +func Validate(c *gin.Context) { + user, _ := c.Get("user") + + c.JSON(http.StatusOK, gin.H{ + "message": user, + }) +}