Final

Author: RaimonxDev

README.MD

@@ -0,0 +1,11 @@
+Generar un clave rsa 1024 bits
+```shell openssl genrsa -out app.rsa 1024 ```
+Nota: -out: indica donde se va a guardar la clave privada.
+1024 : Es el tamaño en bits de la clave privada
+
+Generar una clave publica a la clave privada
+
+```shell openssl rsa -in app.rsa -pubout > app.rsa.pub ```
+Syntax:
+-in: indica la ruta de la clave privada
+-pubout: indica cual va ser la salida y el nombre de la clave publica generada

certificates/app.rsa

@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQDGdyI2sfR/np6ryjkmFKjEUc4JBQlrc5OrOdoq/6J/VyQW/VpS
+LNNwrjwtUP3UpP6Xk9dAynXiMmRF+jmd0bk0uitmiVVionz18kigl+b78u3VzJox
+ra0rC5K5UuRI7aMpzePcD3W1Igg19hBXzyPWntJXFz5yXRekFq7VuF3QrwIDAQAB
+AoGADbGmsLNytWOSezQG4XPHeVRTrRel4L4m0Ee7n//njHXMzbFJjCX/qOS8zjuq
+aAPCdV8EGTpfC+6CMLnlQ9h2uOd/a4YicuproMtBu2XWdk9TGosf2chfTmbL3I+9
+jYVPhrnh5gLLDLul4Fo77c1mpF8uYahGD8evIYE/GponBRECQQDuse1Ab60F83Mr
+R8+imjlyhdZPFXKxiDSKELI270tIaztWKI/CjQSa+RZP+i2MQbYnLs2265w7UOMg
+xPqrCTRzAkEA1NqP9G79r6Qpu6anFu90Y5E4FupBvw4MPTgD9iI1h36U09xdlabu
+3+fVtQQpDcGH9tw26XQ8DFNPmg3emqff1QJBAJBcI7UY1XgH6NuALt+UjrHop9hk
+jF06lyv5NQ9sYgeGcviEx41OZD6l7wynrexpwZSpBdlfXbmyDeu/tirDAmkCQFEU
+QCmX7cJuAgec36D47ZjPxFHWQd0I+NiI8dlcBo/qQ76//lX3FJ7trJYbU5gN1EDQ
+eYpL4GPBiFziU50NvVECQBRNbIk0ucX3uMky+IFQHJmkEXfhxirEXK6cyDxiky/1
+t/jpuki96Kz53vmq1GYiOt0kZLUv/hYzwhz0Y7wSE6Y=
+-----END RSA PRIVATE KEY-----

certificates/app.rsa.pub

@@ -0,0 +1,6 @@
+-----BEGIN PUBLIC KEY-----
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDGdyI2sfR/np6ryjkmFKjEUc4J
+BQlrc5OrOdoq/6J/VyQW/VpSLNNwrjwtUP3UpP6Xk9dAynXiMmRF+jmd0bk0uitm
+iVVionz18kigl+b78u3VzJoxra0rC5K5UuRI7aMpzePcD3W1Igg19hBXzyPWntJX
+Fz5yXRekFq7VuF3QrwIDAQAB
+-----END PUBLIC KEY-----

go.mod

@@ -1,3 +1,5 @@
 module FirstCrud
 
 go 1.19
+
+require github.com/golang-jwt/jwt/v4 v4.4.2 // indirect

go.sum

@@ -0,0 +1,2 @@
+github.com/golang-jwt/jwt/v4 v4.4.2 h1:rcc4lwaZgFMCZ5jxF9ABolDcIHdBytAFgqFPbSJQAYs=
+github.com/golang-jwt/jwt/v4 v4.4.2/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=

internal/auth/certificates.go

@@ -0,0 +1,53 @@
+package auth
+
+import (
+	"crypto/rsa"
+	"github.com/golang-jwt/jwt/v4"
+	"os"
+	"sync"
+)
+
+// Las dejamos privadas para que ningun paquete las pueda usar
+var (
+	signKey   *rsa.PrivateKey
+	verifyKey *rsa.PublicKey
+	once      sync.Once
+)
+
+// LoadFiles sus argumentos
+// son de tipo string porque le enviamos solo la ruta del archivo
+func LoadFiles(privateFile, publicFile string) error {
+	var err error
+	once.Do(func() {
+		err = readAndLoadFiles(privateFile, publicFile)
+	})
+	return err
+}
+
+func readAndLoadFiles(privateFile, publicFile string) error {
+
+	privateBytes, err := os.ReadFile(privateFile)
+	if err != nil {
+		return err
+	}
+	publicBytes, err := os.ReadFile(publicFile)
+	if err != nil {
+		return err
+	}
+	return parseRSA(privateBytes, publicBytes)
+}
+
+// Function parse rsa keys
+
+func parseRSA(privateBytes, publicBytes []byte) error {
+	var err error
+	signKey, err = jwt.ParseRSAPrivateKeyFromPEM(privateBytes)
+	if err != nil {
+		return err
+	}
+	verifyKey, err = jwt.ParseRSAPublicKeyFromPEM(publicBytes)
+	if err != nil {
+		return err
+	}
+	return nil
+}

internal/auth/token.go

@@ -0,0 +1,48 @@
+package auth
+
+import (
+	model "FirstCrud/internal/model"
+	"errors"
+	"github.com/golang-jwt/jwt/v4"
+	"time"
+)
+
+func GenerateToken(login *model.Login) (string, error) {
+
+	claim := model.Claims{
+		Email: login.Email,
+		RegisteredClaims: jwt.RegisteredClaims{
+			ExpiresAt: jwt.NewNumericDate(time.Now().Add(time.Hour * 24)),
+			Issuer:    "FirstCrud",
+		},
+	}
+	token := jwt.NewWithClaims(jwt.SigningMethodRS256, claim)
+
+	signedToken, err := token.SignedString(signKey)
+	if err != nil {
+		return "", err
+	}
+	return signedToken, nil
+}
+
+func ValidateToken(t string) (model.Claims, error) {
+	token, err := jwt.ParseWithClaims(t, &model.Claims{}, verifyToken)
+	if err != nil {
+		return model.Claims{}, nil
+	}
+
+	if !token.Valid {
+		return model.Claims{}, errors.New("Token not valid")
+	}
+
+	claim, ok := token.Claims.(*model.Claims)
+
+	if !ok {
+		return model.Claims{}, errors.New("Claims no valid")
+	}
+	return *claim, nil
+}
+
+func verifyToken(t *jwt.Token) (interface{}, error) {
+	return verifyKey, nil
+}

internal/handler/login.go

@@ -0,0 +1,70 @@
+package handler
+
+import (
+	"FirstCrud/internal/auth"
+	"FirstCrud/internal/model"
+	"encoding/json"
+	"net/http"
+)
+
+type login struct {
+	storage Storage
+}
+
+func newLogin(s Storage) login {
+	return login{s}
+}
+
+func (l *login) login(w http.ResponseWriter, r *http.Request) {
+
+	if r.Method != http.MethodPost {
+		response := NewResponse(
+			"METHOD NO ALLOWED",
+			http.StatusBadRequest, "Bad Request", nil)
+		response.ToJSON(w)
+		return
+	}
+	if r.Header.Get("Authorization") == "" {
+		response := NewResponse("MISSING TOKEN", http.StatusBadRequest, "Bad request", nil)
+		response.ToJSON(w)
+		return
+	}
+
+	data := model.Login{}
+	err := json.NewDecoder(r.Body).Decode(&data)
+	if err != nil {
+		respose := NewResponse("JSON NO VALID", http.StatusBadRequest, "Bad Request", nil)
+		respose.ToJSON(w)
+		return
+	}
+
+	if !isLoginValid(data) {
+		response := NewResponse("Email or Password no valid", http.StatusBadRequest, "Bad Request", nil)
+		response.ToJSON(w)
+		return
+	}
+	token, err := auth.GenerateToken(&data)
+	if err != nil {
+		response := NewResponse("Error to generate token", http.StatusInternalServerError, "Internal Server Error", nil)
+		response.ToJSON(w)
+		return
+	}
+	dataToken := map[string]string{
+		"token": token,
+		"user":  data.Email,
+	}
+	response := NewResponse("Login OK", http.StatusOK, nil, dataToken)
+	response.ToJSON(w)
+	return
+}
+
+// Simulate a login
+func isLoginValid(data model.Login) bool {
+	if data.Email == "" {
+		return false
+	}
+	if data.Password == "" {
+		return false
+	}
+	return data.Email == "[email protected]" && data.Password == "123456"
+}

internal/handler/route.go

@@ -7,9 +7,15 @@ import (
 
 func RoutePerson(mux *http.ServeMux, storage Storage) {
 	person := newPerson(storage)
-	mux.HandleFunc("/v1/persons", middleware.Log(person.GetAll))
+	mux.HandleFunc("/v1/persons", middleware.Authentication(person.GetAll))
 	mux.HandleFunc("/v1/persons/create", middleware.Authentication(person.Create))
 	mux.HandleFunc("/v1/persons/update", middleware.Log(person.Update))
 	mux.HandleFunc("/v1/persons/delete", middleware.Log(person.Delete))
 	mux.HandleFunc("/v1/persons/person", middleware.Log(person.GetByID))
 }
+
+// Route Login
+func RouteLogin(mux *http.ServeMux, storage Storage) {
+	login := newLogin(storage)
+	mux.HandleFunc("/v1/login", login.login)
+}

internal/middleware/middlewares.go

@@ -1,6 +1,7 @@
 package middleware
 
 import (
+	"FirstCrud/internal/auth"
 	"log"
 	"net/http"
 	"time"
@@ -23,15 +24,18 @@ func timeTrack(start time.Time, name string) {
 func Authentication(next http.HandlerFunc) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		token := r.Header.Get("Authorization")
-		if token == "" {
-			http.Error(w, "Forbidden", http.StatusForbidden)
-			return
-		}
-		// Simulate authentication
-		if token != "Bearer 123456789" {
+
+		_, err := auth.ValidateToken(token)
+
+		if err != nil {
 			http.Error(w, "Forbidden", http.StatusForbidden)
 			return
 		}
+		//// Simulate authentication
+		//if token != "Bearer 123456789" {
+		//	http.Error(w, "Forbidden", http.StatusForbidden)
+		//	return
+		//}
 		next(w, r)
 	}
 }

internal/model/login.go

@@ -0,0 +1,13 @@
+package model
+
+import "github.com/golang-jwt/jwt/v4"
+
+type Login struct {
+	Email    string `json:"email"`
+	Password string `json:"password"`
+}
+
+type Claims struct {
+	Email string `json:"email"`
+	jwt.RegisteredClaims
+}

main.go

@@ -1,24 +1,30 @@
 package main
 
 import (
+	"FirstCrud/internal/auth"
 	"FirstCrud/internal/handler"
 	"FirstCrud/internal/storage"
 	"log"
 	"net/http"
 )
 
 func main() {
+	err := auth.LoadFiles("certificates/app.rsa", "certificates/app.rsa.pub")
+	if err != nil {
+		log.Fatal("Can't load certificates")
+	}
+
 	store := storage.NewMemory()
 	mux := http.NewServeMux()
-
 	//Init routes and storage
 	handler.RoutePerson(mux, &store)
+	// register login route
+	handler.RouteLogin(mux, &store)
 	log.Printf("Server running on port %s", ":8080")
-	err := http.ListenAndServe(":8080", mux)
+	err = http.ListenAndServe(":8080", mux)
 	if err != nil {
 		log.Fatal(err)
 	}
-
 	// Example of how to use the middleware
 	//execute("John", middleware.Log(middleware.Greeter))
 	//execute("John", middleware.Log(middleware.Bye))