From ea754c9aef37a504ca7e3fc5689d89af73eb3cda Mon Sep 17 00:00:00 2001
From: Sosokker <sirinza29@gmail.com>
Date: Thu, 13 Feb 2025 03:14:26 +0700
Subject: [PATCH] feat: add authentication endpoint

---
 backend/go.mod                       |  12 +++
 backend/go.sum                       |  24 ++++++
 backend/internal/api/api.go          |  31 ++++++--
 backend/internal/api/auth.go         | 115 +++++++++++++++++++++++++++
 backend/internal/cmd/api.go          |   2 +-
 backend/internal/cmd/root.go         |   5 --
 backend/internal/middlewares/auth.go |  35 ++++++++
 backend/internal/utilities/jwt.go    |  45 +++++++++++
 8 files changed, 256 insertions(+), 13 deletions(-)
 create mode 100644 backend/internal/api/auth.go
 create mode 100644 backend/internal/middlewares/auth.go
 create mode 100644 backend/internal/utilities/jwt.go

diff --git a/backend/go.mod b/backend/go.mod
index 1280452..c211bb4 100644
--- a/backend/go.mod
+++ b/backend/go.mod
@@ -5,25 +5,37 @@ go 1.23.5
 require (
 	github.com/danielgtaylor/huma/v2 v2.28.0
 	github.com/go-chi/chi/v5 v5.2.1
+	github.com/go-chi/jwtauth/v5 v5.3.2
 	github.com/go-ozzo/ozzo-validation/v4 v4.3.0
+	github.com/golang-jwt/jwt/v5 v5.2.1
 	github.com/google/uuid v1.6.0
 	github.com/jackc/pgx/v5 v5.7.2
 	github.com/joho/godotenv v1.5.1
+	github.com/lestrrat-go/jwx/v2 v2.1.3
 	github.com/pressly/goose/v3 v3.24.1
 	github.com/spf13/cobra v1.8.1
 )
 
 require (
 	github.com/asaskevich/govalidator v0.0.0-20200108200545-475eaeb16496 // indirect
+	github.com/decred/dcrd/dcrec/secp256k1/v4 v4.3.0 // indirect
+	github.com/goccy/go-json v0.10.3 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/jackc/pgpassfile v1.0.0 // indirect
 	github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761 // indirect
 	github.com/jackc/puddle/v2 v2.2.2 // indirect
+	github.com/lestrrat-go/blackmagic v1.0.2 // indirect
+	github.com/lestrrat-go/httpcc v1.0.1 // indirect
+	github.com/lestrrat-go/httprc v1.0.6 // indirect
+	github.com/lestrrat-go/iter v1.0.2 // indirect
+	github.com/lestrrat-go/option v1.0.1 // indirect
 	github.com/mfridman/interpolate v0.0.2 // indirect
+	github.com/segmentio/asm v1.2.0 // indirect
 	github.com/sethvargo/go-retry v0.3.0 // indirect
 	github.com/spf13/pflag v1.0.6 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
 	golang.org/x/crypto v0.31.0 // indirect
 	golang.org/x/sync v0.10.0 // indirect
+	golang.org/x/sys v0.28.0 // indirect
 	golang.org/x/text v0.21.0 // indirect
 )
diff --git a/backend/go.sum b/backend/go.sum
index 8459453..c1e8c76 100644
--- a/backend/go.sum
+++ b/backend/go.sum
@@ -6,12 +6,20 @@ github.com/danielgtaylor/huma/v2 v2.28.0/go.mod h1:67KO0zmYEkR+LVUs8uqrcvf44G1wX
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/decred/dcrd/dcrec/secp256k1/v4 v4.3.0 h1:rpfIENRNNilwHwZeG5+P150SMrnNEcHYvcCuK6dPZSg=
+github.com/decred/dcrd/dcrec/secp256k1/v4 v4.3.0/go.mod h1:v57UDF4pDQJcEfFUCRop3lJL149eHGSe9Jvczhzjo/0=
 github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY=
 github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto=
 github.com/go-chi/chi/v5 v5.2.1 h1:KOIHODQj58PmL80G2Eak4WdvUzjSJSm0vG72crDCqb8=
 github.com/go-chi/chi/v5 v5.2.1/go.mod h1:L2yAIGWB3H+phAw1NxKwWM+7eUH/lU8pOMm5hHcoops=
+github.com/go-chi/jwtauth/v5 v5.3.2 h1:s+ON3ATyyMs3Me0kqyuua6Rwu+2zqIIkL0GCaMarwvs=
+github.com/go-chi/jwtauth/v5 v5.3.2/go.mod h1:O4QvPRuZLZghl9WvfVaON+ARfGzpD2PBX/QY5vUz7aQ=
 github.com/go-ozzo/ozzo-validation/v4 v4.3.0 h1:byhDUpfEwjsVQb1vBunvIjh2BHQ9ead57VkAEY4V+Es=
 github.com/go-ozzo/ozzo-validation/v4 v4.3.0/go.mod h1:2NKgrcHl3z6cJs+3Oo940FPRiTzuqKbvfrL2RxCj6Ew=
+github.com/goccy/go-json v0.10.3 h1:KZ5WoDbxAIgm2HNbYckL0se1fHD6rz5j4ywS6ebzDqA=
+github.com/goccy/go-json v0.10.3/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PULtXL6M=
+github.com/golang-jwt/jwt/v5 v5.2.1 h1:OuVbFODueb089Lh128TAcimifWaLhJwVflnrgM17wHk=
+github.com/golang-jwt/jwt/v5 v5.2.1/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/hashicorp/golang-lru/v2 v2.0.7 h1:a+bsQ5rvGLjzHuww6tVxozPZFVghXaHOwFs4luLUK2k=
@@ -28,6 +36,18 @@ github.com/jackc/puddle/v2 v2.2.2 h1:PR8nw+E/1w0GLuRFSmiioY6UooMp6KJv0/61nB7icHo
 github.com/jackc/puddle/v2 v2.2.2/go.mod h1:vriiEXHvEE654aYKXXjOvZM39qJ0q+azkZFrfEOc3H4=
 github.com/joho/godotenv v1.5.1 h1:7eLL/+HRGLY0ldzfGMeQkb7vMd0as4CfYvUVzLqw0N0=
 github.com/joho/godotenv v1.5.1/go.mod h1:f4LDr5Voq0i2e/R5DDNOoa2zzDfwtkZa6DnEwAbqwq4=
+github.com/lestrrat-go/blackmagic v1.0.2 h1:Cg2gVSc9h7sz9NOByczrbUvLopQmXrfFx//N+AkAr5k=
+github.com/lestrrat-go/blackmagic v1.0.2/go.mod h1:UrEqBzIR2U6CnzVyUtfM6oZNMt/7O7Vohk2J0OGSAtU=
+github.com/lestrrat-go/httpcc v1.0.1 h1:ydWCStUeJLkpYyjLDHihupbn2tYmZ7m22BGkcvZZrIE=
+github.com/lestrrat-go/httpcc v1.0.1/go.mod h1:qiltp3Mt56+55GPVCbTdM9MlqhvzyuL6W/NMDA8vA5E=
+github.com/lestrrat-go/httprc v1.0.6 h1:qgmgIRhpvBqexMJjA/PmwSvhNk679oqD1RbovdCGW8k=
+github.com/lestrrat-go/httprc v1.0.6/go.mod h1:mwwz3JMTPBjHUkkDv/IGJ39aALInZLrhBp0X7KGUZlo=
+github.com/lestrrat-go/iter v1.0.2 h1:gMXo1q4c2pHmC3dn8LzRhJfP1ceCbgSiT9lUydIzltI=
+github.com/lestrrat-go/iter v1.0.2/go.mod h1:Momfcq3AnRlRjI5b5O8/G5/BvpzrhoFTZcn06fEOPt4=
+github.com/lestrrat-go/jwx/v2 v2.1.3 h1:Ud4lb2QuxRClYAmRleF50KrbKIoM1TddXgBrneT5/Jo=
+github.com/lestrrat-go/jwx/v2 v2.1.3/go.mod h1:q6uFgbgZfEmQrfJfrCo90QcQOcXFMfbI/fO0NqRtvZo=
+github.com/lestrrat-go/option v1.0.1 h1:oAzP2fvZGQKWkvHa1/SAcFolBEca1oN+mQ7eooNBEYU=
+github.com/lestrrat-go/option v1.0.1/go.mod h1:5ZHFbivi4xwXxhxY9XHDe2FHo6/Z7WWmtT7T5nBBp3I=
 github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
 github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
 github.com/mfridman/interpolate v0.0.2 h1:pnuTK7MQIxxFz1Gr+rjSIx9u7qVjf5VOoM/u6BbAxPY=
@@ -41,6 +61,8 @@ github.com/pressly/goose/v3 v3.24.1/go.mod h1:rEWreU9uVtt0DHCyLzF9gRcWiiTF/V+528
 github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec h1:W09IVJc94icq4NjY3clb7Lk8O1qJ8BdBEF8z0ibU0rE=
 github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec/go.mod h1:qqbHyh8v60DhA7CoWK5oRCqLrMHRGoxYCSS9EjAz6Eo=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
+github.com/segmentio/asm v1.2.0 h1:9BQrFxC+YOHJlTlHGkTrFWf59nbL3XnCoFLTwDCI7ys=
+github.com/segmentio/asm v1.2.0/go.mod h1:BqMnlJP91P8d+4ibuonYZw9mfnzI9HfxselHZr5aAcs=
 github.com/sethvargo/go-retry v0.3.0 h1:EEt31A35QhrcRZtrYFDTBg91cqZVnFL2navjDrah2SE=
 github.com/sethvargo/go-retry v0.3.0/go.mod h1:mNX17F0C/HguQMyMyJxcnU471gOZGxCLyYaFyAZraas=
 github.com/spf13/cobra v1.8.1 h1:e5/vxKd/rZsfSJMUX1agtjeTDf+qv1/JdBF8gg5k9ZM=
@@ -51,7 +73,9 @@ github.com/spf13/pflag v1.0.6/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
+github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
 github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
diff --git a/backend/internal/api/api.go b/backend/internal/api/api.go
index 2e4e5ee..efc9818 100644
--- a/backend/internal/api/api.go
+++ b/backend/internal/api/api.go
@@ -10,20 +10,31 @@ import (
 	"github.com/danielgtaylor/huma/v2/adapters/humachi"
 	"github.com/go-chi/chi/v5"
 	"github.com/go-chi/chi/v5/middleware"
+	"github.com/jackc/pgx/v5/pgxpool"
+
+	"github.com/forfarm/backend/internal/domain"
+	m "github.com/forfarm/backend/internal/middlewares"
+	"github.com/forfarm/backend/internal/repository"
 )
 
 type api struct {
 	logger     *slog.Logger
 	httpClient *http.Client
+
+	userRepo domain.UserRepository
 }
 
-func NewAPI(ctx context.Context, logger *slog.Logger) *api {
+func NewAPI(ctx context.Context, logger *slog.Logger, pool *pgxpool.Pool) *api {
 
 	client := &http.Client{}
 
+	userRepository := repository.NewPostgresUser(pool)
+
 	return &api{
 		logger:     logger,
 		httpClient: client,
+
+		userRepo: userRepository,
 	}
 }
 
@@ -34,14 +45,20 @@ func (a *api) Server(port int) *http.Server {
 }
 
 func (a *api) Routes() *chi.Mux {
-	r := chi.NewRouter()
+	router := chi.NewRouter()
+	router.Use(middleware.Logger)
 
-	r.Use(middleware.Logger)
+	config := huma.DefaultConfig("ForFarm Public API", "v1.0.0")
+	api := humachi.New(router, config)
 
-	api := humachi.New(r, huma.DefaultConfig("ForFarm API", "v1.0.0"))
-	huma.Get(api, "/helloworld", a.helloWorldHandler)
+	router.Group(func(r chi.Router) {
+		a.registerAuthRoutes(r, api)
+	})
 
-	// r.Get("/helloworld", a.helloWorldHandler)
+	router.Group(func(r chi.Router) {
+		api.UseMiddleware(m.AuthMiddleware(api))
+		a.registerHelloRoutes(r, api)
+	})
 
-	return r
+	return router
 }
diff --git a/backend/internal/api/auth.go b/backend/internal/api/auth.go
new file mode 100644
index 0000000..b202f83
--- /dev/null
+++ b/backend/internal/api/auth.go
@@ -0,0 +1,115 @@
+package api
+
+import (
+	"context"
+	"errors"
+	"net/http"
+
+	"github.com/danielgtaylor/huma/v2"
+	"github.com/forfarm/backend/internal/domain"
+	"github.com/forfarm/backend/internal/utilities"
+	"github.com/go-chi/chi/v5"
+	"golang.org/x/crypto/bcrypt"
+)
+
+func (a *api) registerAuthRoutes(_ chi.Router, api huma.API) {
+	tags := []string{"auth"}
+
+	prefix := "/auth"
+
+	huma.Register(api, huma.Operation{
+		OperationID: "register",
+		Method:      http.MethodPost,
+		Path:        prefix + "/register",
+		Tags:        tags,
+	}, a.registerHandler)
+
+	huma.Register(api, huma.Operation{
+		OperationID: "login",
+		Method:      http.MethodPost,
+		Path:        prefix + "/login",
+		Tags:        tags,
+	}, a.loginHandler)
+}
+
+type LoginInput struct {
+	Body struct {
+		Email    string `json:"email" example:" Email address of the user"`
+		Password string `json:"password" example:" Password of the user"`
+	}
+}
+
+type LoginOutput struct {
+	Body struct {
+		Token string `json:"token" example:" JWT token for the user"`
+	}
+}
+
+type RegisterInput struct {
+	Body struct {
+		Email    string `json:"email" example:" Email address of the user"`
+		Password string `json:"password" example:" Password of the user"`
+	}
+}
+
+type RegisterOutput struct {
+	Body struct {
+		Token string `json:"token" example:" JWT token for the user"`
+	}
+}
+
+func (a *api) registerHandler(ctx context.Context, input *RegisterInput) (*RegisterOutput, error) {
+	resp := &RegisterOutput{}
+
+	// TODO: Validate input data
+
+	_, err := a.userRepo.GetByEmail(ctx, input.Body.Email)
+	if err == domain.ErrNotFound {
+		hashedPassword, err := bcrypt.GenerateFromPassword([]byte(input.Body.Password), bcrypt.DefaultCost)
+		if err != nil {
+			return nil, err
+		}
+
+		err = a.userRepo.CreateOrUpdate(ctx, &domain.User{
+			Email:    input.Body.Email,
+			Password: string(hashedPassword),
+		})
+		if err != nil {
+			return nil, err
+		}
+
+		token, err := utilities.CreateJwtToken(input.Body.Email)
+		if err != nil {
+			return nil, err
+		}
+
+		resp.Body.Token = token
+		return resp, nil
+	}
+
+	return nil, errors.New("user already exists")
+}
+
+func (a *api) loginHandler(ctx context.Context, input *LoginInput) (*LoginOutput, error) {
+	resp := &LoginOutput{}
+
+	// TODO: Validate input data
+
+	user, err := a.userRepo.GetByEmail(ctx, input.Body.Email)
+	if err != nil {
+		return nil, err
+	}
+
+	// verify password hash
+	if err := bcrypt.CompareHashAndPassword([]byte(user.Password), []byte(input.Body.Password)); err != nil {
+		return nil, err
+	}
+
+	token, err := utilities.CreateJwtToken(user.UUID)
+	if err != nil {
+		return nil, err
+	}
+
+	resp.Body.Token = token
+	return resp, nil
+}
diff --git a/backend/internal/cmd/api.go b/backend/internal/cmd/api.go
index 2855e7a..816b457 100644
--- a/backend/internal/cmd/api.go
+++ b/backend/internal/cmd/api.go
@@ -29,7 +29,7 @@ func APICmd(ctx context.Context) *cobra.Command {
 			}
 			defer pool.Close()
 
-			api := api.NewAPI(ctx, logger)
+			api := api.NewAPI(ctx, logger, pool)
 			server := api.Server(port)
 
 			go func() {
diff --git a/backend/internal/cmd/root.go b/backend/internal/cmd/root.go
index af7086a..9dd0d88 100644
--- a/backend/internal/cmd/root.go
+++ b/backend/internal/cmd/root.go
@@ -2,7 +2,6 @@ package cmd
 
 import (
 	"context"
-	"net/http"
 	"os"
 
 	"github.com/joho/godotenv"
@@ -20,10 +19,6 @@ func Execute(ctx context.Context) int {
 	rootCmd.AddCommand(APICmd(ctx))
 	rootCmd.AddCommand(MigrateCmd(ctx, "pgx", os.Getenv("DATABASE_URL")))
 
-	go func() {
-		_ = http.ListenAndServe("localhost:8000", nil)
-	}()
-
 	if err := rootCmd.Execute(); err != nil {
 		return 1
 	}
diff --git a/backend/internal/middlewares/auth.go b/backend/internal/middlewares/auth.go
new file mode 100644
index 0000000..058e07f
--- /dev/null
+++ b/backend/internal/middlewares/auth.go
@@ -0,0 +1,35 @@
+package middlewares
+
+import (
+	"net/http"
+	"strings"
+
+	"github.com/danielgtaylor/huma/v2"
+	"github.com/forfarm/backend/internal/utilities"
+)
+
+func AuthMiddleware(api huma.API) func(ctx huma.Context, next func(huma.Context)) {
+	return func(ctx huma.Context, next func(huma.Context)) {
+		authHeader := ctx.Header("Authorization")
+		if authHeader == "" {
+			huma.WriteErr(api, ctx, http.StatusUnauthorized, "No token provided")
+			return
+		}
+
+		tokenStr := strings.TrimPrefix(authHeader, "Bearer ")
+		if tokenStr == "" {
+			huma.WriteErr(api, ctx, http.StatusUnauthorized, "No token provided")
+			return
+		}
+
+		err := utilities.VerifyJwtToken(tokenStr)
+
+		if err != nil {
+			huma.WriteErr(api, ctx, http.StatusUnauthorized, "Invalid token")
+			return
+		}
+
+		next(ctx)
+	}
+
+}
diff --git a/backend/internal/utilities/jwt.go b/backend/internal/utilities/jwt.go
new file mode 100644
index 0000000..95fbbb0
--- /dev/null
+++ b/backend/internal/utilities/jwt.go
@@ -0,0 +1,45 @@
+package utilities
+
+import (
+	"time"
+
+	"github.com/golang-jwt/jwt/v5"
+)
+
+// TODO: Change later
+var secretKey = []byte("secret-key")
+
+func CreateJwtToken(uuid string) (string, error) {
+	token := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{
+		"uuid": uuid,
+		"exp":  time.Now().Add(time.Hour * 24).Unix(),
+	})
+
+	tokenString, err := token.SignedString(secretKey)
+	if err != nil {
+		return "", err
+	}
+
+	return tokenString, nil
+}
+
+func VerifyJwtToken(tokenString string) error {
+	token, err := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) {
+		if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
+			return nil, jwt.ErrSignatureInvalid
+		}
+
+		// TODO: CHANGE SECRET KEY
+		return secretKey, nil
+	})
+
+	if err != nil {
+		return err
+	}
+
+	if !token.Valid {
+		return jwt.ErrSignatureInvalid
+	}
+
+	return nil
+}