Create a Golang Webserver with jwt authentication using go-fiber 2/2

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hey everyone welcome back to part two to this video so we're just going to um wrap this thing up by creating our database and we're going to connect to it and make sure we can store our users and protect our routes if you haven't watched the first video i highly recommend if we went through a bunch of setup and it wouldn't make sense to start from this video but anyways let's get started [Music] okay cool so i told you we're using docker to set up our database to set up our database so i'm going to use docker compose so i'm just going to say touch docker dash hyphen compose dot yaml so this creates our docker compose file i like document compose because you can set up a bunch of um services that you need in like under 15 lines of code which is crazy um like i'm gonna set up a whole database now so first and foremost let's go to version is one um so now we have to create our services and this service i'll just call it db and now this service is gonna use an image obviously i don't expect everyone to remember this but it's postgres colon 14 beta 2 hyphen alpine 3.14 alpine pi i just really i just realized that 3.14 is pi okay so now we're also going to restart always so if there's any issues just all this restart um environment and by room run mint well i can't spell so this is going to be our environment variables that we can set if you read the documentation on docker for all these images it tells you the environment names so the first one is postgres um password and our password is going to be password we're going to have a postgres user i'm going to name this user root and then finally our database name so that's going to be postgres um the b and that's just going to be uh server um and now finally our ports so now we're going to map our ports so in this case our ports are going to be the classic um um postgres support so 5432 5432 or over here and we're pretty much done in 12 lines of code we have set up our database so now all we have to do to set this up is say let's clear this um docker compose up now i'm going to write it like this because i want to see all the terminal output to make sure everything is done correctly and we see that we have no errors so everything is good so i'm just going to cancel out of this control c kills me out of the terminal and i'll do dot the same command but i'll do dash d it actually sets it up on a different process and doesn't really interrupt my terminal so that's good i don't really want to see it so now we know that docker is running with the container in the background so now if we run go run main.go we see that we have we aren't getting the same database um error we were getting before because we added code here to stop us right so we said if if the create engine doesn't go through correctly which does a ping um it's gonna kill the the process so over here this ensures that we are connected to the the database and because we are using sync as well we are also creating tables on the fly which is great you know i wouldn't personally use sync in production or in a real application but for a quick app like it's beautiful okay so where are we alright so we need to check whether the sign up and the login work correctly one thing i'm going to do before that is going to protect our routes right now so what i'm going to do right now is protect our routes so um one thing i just noticed that we're basing it off the same app instance what usually happens in your real apps is that you have a group of routes that are protected and a group of routes that are private and a group of routes that require extra middlewares so one thing great that fiber has it allows you to group your routes by variables or by name so the way i'm going to do that over here is here's my private route i'm going to say private private is equal to app.group and i'm just going to name this forward slash private private cool so that's going to be our private group over here and i'm just going to copy that and paste that in here so that this gets used so now since this has the name private i don't want me to call this endpoint by private forward slash private so i'm just going to delete this or over here i'm going to do the same thing with the public route at the bottom so i'm just going to go over here just do this as public over here and then public as well over here cool so that does it for that um so now we have to attach our middlewares now again fiber is amazing it's just with the amount of lines of code to set up your authentication through jwt is like amazing so over here all we have to do is private.use it's going to use a middleware and this middleware is going to be provided by um the fiber um the fiber jwt package so let's see if i'm using it here i am not so i'm just going to copy this down because it's going to be easier over here jwt where if i save it it goes away so i just want to do that and then i'll just copy this jwt where and i'll bring that down jwt where dot on you so jwt yeah jwtware.new and this from our fiber package and then we're going to use the jwt where dot config and this is going to be an object so um this has red squiggly lines over here that means that the packages aren't really imported so again go mod tidy and goes amazing tool chain just kicks in go mod tidy it kicks in and pulls in the packages and there you go so now we have our jwt wear over here so now all you have to do in the config is to specify one thing and that is our secret so um signed sign in key no what is it called yeah it's called signing key so our signing key is going to be an array of bytes and again this is going to be the same secret we use um for creating our token just for this use case i'm going to um not make the name same so this has secret i'm gonna name this secrets cool and so now private uses our jwt middleware and our public doesn't so it shouldn't be protected so let's go over here and run go run main.go so this creates our go server so now we can go over here and create our user so our user needs a name it's going to be t dot code it's going to take in an email which is uh it's going to be floyd jones and then finally oops whoa intellisense i don't even have github copilot and then our password is going to be password over here cool so now let's send this request and see what we get if everything goes smooth then it usually doesn't because this is programming okay cool so let's debug now header name must be valid http token um header must be valid http token so post 3000 localhost blah blah blah content type application json uh we got our body over here okay oh there we go so it went through um pq relation does not exist so there's something going on with the users because it sets up the database correctly and then it goes through our sign up and inserts the user over here so let's see what is um causing the hold up with this so we go to our data we have our id name email password and we sync the user over here so let's check our database so if we go over here and go to our odd server and we go over here we have our email name and password we open the structure and that all looks good to me let's try once more let's stop our server start again and let's make this request once more so send and we have this going on all right so let me debug and let me come right back uh okay i see what's going on yeah again a pointer to a pointer i forget um we only need to pass in a pointer to a memory address so let's um restart this and that should fix that so if we send that request and there we go so now we get our user back we don't get the password back remember what we did um a few minutes ago we get our token back and that's all cool all right so this is our token now i could yeah let's let's use this token over here let's use this token over here in our private route so the way we do that is we say authorization and we go bearer and then we paste that in here so now let's send the request and it says invalid or expired jwt now remember what we did we made some differences between our actual secret and then the secret that is protecting the routes so let's bring this back to what it actually is which is just secret restarting the server send the request and there we go a successful request we have a 200 status code response and we get this back and if you notice on our public route there is no jwt token present and but we can send the request and it cannot get back properly oh it's a 404 it just means that the name is wrong oh yeah it's public public so if i go over here save that restart and then send request there you go it's completely good so now let's test our login right we've done our sign up let's test our login so our login is going to be the same body minus the name the password should be the same and just to make sure the password mechanism actually works let's actually make this different so we'll call this password one we'll send the request in and that isn't right we aren't properly hashing correct uh correctly checking the passwords which is true i don't remember actually implementing that yeah we did not so just when we checked if the user exists which it does we just straight up um check for the token so we still need to verify the password and stuff so we're just going to do that so if error is equal to is equal to be crypt dot compare hash and password so we're going to pass in our hash which is going to be from our user.password so it's going to be an array of bytes and it's going to come from our user.password and then we are also going to pass in our array of array of bytes oops what happened there array of bytes and it's going to be the password that was sent in in the request so we'll do request.password over here we'll check if there is an error and if there is an error we're just going to be returning the error over here so now let's restart this over here the server let's actually clear this and then restart the server and now if we send a request in we see that the hash password is not um sorry hash password is not the hash of the given password so so this we know that it's working correctly we change this to the actual password we save it and send the request we get a successful response back with a correct token which we can verify as well as copy that token over here and paste that token in the header now finally let's send a request and we get our 200 response over here and that is it this is how you create a golang web server um and you attach some authentication behind it through jwt and you see how easy it is with fiber in all of my golang personal projects i do use fiber um it has very simple api with in um with also its good library support like there's a bunch of third-party fiber supported packages that you can use outside of even outside of even middleware jwt support there's a bunch of other things that people make and are open source just for fiber and it's also blazing fast which i like to talk about all right so um that is pretty much the end of this video we created a golang web server with fiber we used xorm as our database client and we use docker to instantial instantiate our database and make calls to it and that's pretty much it guys if you did like this video please show your support down in the comment section or give me a thumbs up really goes a long way and i will see you in my next video peace

Info

Channel: TDot Code

Views: 503

Rating: undefined out of 5

Keywords: jwt, authenticaion, golang, go-fiber, middleware

Id: w_s0fueE_Tw

Channel Id: undefined

Length: 14min 21sec (861 seconds)

Published: Wed Sep 08 2021