How to use the Go Fiber JWT middleware

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Pretty simple video where I show what you can find in the recipes but with some other stuff :) Hope you enjoy :)

👍︎︎ 2 👤︎︎ u/EQuimper 📅︎︎ Jul 30 2020 🗫︎ replies

This was pretty helpful, thanks. I have a question though, if I needed to pass a value from the middleware to the route, so I just add it on the ctx object?

👍︎︎ 1 👤︎︎ u/Raene_ 📅︎︎ Aug 15 2020 🗫︎ replies

Captions

hello everyone hope you're doing well in this video we're gonna uh just talk about using gwt with the fiber so it's gonna be a pretty simple video we are we're just gonna see how we can protect some raw and how we can after that get the the the user from the the gwt token claim and stuff like that it's gonna be a pretty simple one you can have just look at the recipe uh fiber app they have a lot of recipes if you go to go fiber recipe they have a lot of that with the hwt and other gwt and stuff like that i really encourage you to look at those but i mean i'm gonna just make a video and maybe just show you some stuff you maybe don't see there and i take a lot of id from them but i'm gonna show you how i've used it in uh some of stuff so uh as you know go fiber fiber is the uh it's an express like uh framework for uh golem so in express we use a lot of the time passport and other stuff like that but i mean sometime passport is kind of like not overkill but it's when you just want to have a gwt middleware it's not something like i think it's pretty it's uh big so but in this one you're gonna see then you can have done almost the same pattern in express but without any library so uh go fiber i've created this gwt middleware that's gonna be the one we're gonna use they have a lot of stuff pretty nice like a lot of stuff we can use uh and make our life a lot simpler and yeah it's really really good and i feel like uh i'm really excited with fibers so i hope you're gonna be too so we're gonna start the project the first thing we're gonna do is we i'm gonna create a project i'm gonna use golan you can use vs code what whatever you use i'm gonna make it like a go module i'm gonna say uh go fiber gwt tutorial you can call that the name as you want i'm using a go version 1.14.5 okay so golan did create for me the module you can do the same for you if you do go mod in it so in your project you do go mod in it and uh whatever the name you want to put there so the first thing i want to install it's going to be air so air for those coming from node it's like an old man and also i did show you that in my introduction to fiber uh other video i'm gonna link the video in the description if you want to look at that it's like an introduction to fiber himself and air and stuff like that but yeah this video is going to really just focus on the gwd part after that i want to also get the fiber so it's the two thing we want so now we get air we get the fiber it's good to go and that was a really bad joke i'm gonna create a main file with the package main we're gonna put that everything in the same file you should not do this i just do this because the tutorial is going to be pretty simple so the first thing we want to do is to create a main function and after that what we want to do is to create our app so for creating our app what we need to do is to create a fiber new uh application like that after that um what i'm gonna do is i'm gonna create here a route just slash who's going to take a function with the context fiber and his only job is going to be to send not send status but some hello world so this one's going to be to test the fact that just a slash is not authenticate and you can get hello world without getting auto tk and after that here we're gonna listen so like we do in express and everything and this thing can return an error and when you have an error for now we're going to just panic with the error okay you can run your project with go uh go around and etc or clicking on the plus the play here but i think it's i want to get the auto refresh so i'm gonna just put air so they're gonna do a live reload and now we're gonna be able to use it in postman so if you go to post mail and you type http uh localhost 3000 and you click send we're gonna get elul now i just want to get some middleware we're gonna help us and one of them is gonna be the logger so by having the logo at least we're gonna be able to see the route and everything plus the status right there so we get a 200 on get slash that's perfect so now we want to create a route with a product route for the prototype route what we're going to do is we're gonna create that right there and that's gonna be get slash and we're gonna say hello okay so that this route we want to say hello to a certain user but we also want to make sure that this route is not accessible for those who are not logged in our app so the first thing we should do is to uh create our login handler so where we're going to get back the gwt token so for now i'm gonna do a a post request slash login and i'm gonna do a login like that i'm gonna after that create the function and now i'm gonna get with the ctx fiber and i don't care to get uh uppercase l because we don't gonna export this thing and uh uh let me one sec i'm gonna just put that in the zen zen mode that's gonna be easier for you perfect so now what we can do with the logging is gonna be a pretty simple job of just getting uh email and password and just check if the email and password match a certain one we don't gonna create a user in the database and stuff like that that's gonna be inside another video for this video we just want it simple so we're gonna do a type request it's gonna be a stroke with an email type of string and a password string like that after that uh we're gonna create our body variable it's gonna be a type of request and after that i'm gonna do a ctx that body parser like i show you in the other video this is how you can after that parse the json this thing can return an error if you have an error here we're gonna send a ctx status fiverr uh bad request so for 400 and we're gonna send a json response with a fiber that map so that let you create an alia map to return for your json and here inside the error we're gonna say cannot parse jason again this thing like i showed you in the other video should have been done not show you but told you it you should create some helper it's gonna help you a lot so now i'm gonna return to make sure a stop by function if we get there so this thing's gonna happen if the user send an empty uh an empty json request so not even an object so that's gonna be where when that's gonna happen after that here we have access after that to the email and password of the user of this request so now we're going to just check if the body body that email do not match bob.gmail.com or the body that password do not match password one two three so if they don't match those things we're gonna send a status of five bar unitarize to get a full one and we're gonna send after that a json with a fiber map error you know terrain uh not unitarized but bad credential we don't want to say i see a lot of app we say a bad email and bad password stuff like that you should not you should always send the same message for both if this is the email or password the reason why it's because if you say it's a bad email the icard no okay so i can try another email and find the user but after that if you say hey it's a bad password they know oh now i got those this email it's a real one so now i just need to find a password so it's oh i feel about it so now we have the return perfect and now this is where we want to create the token so for that we're going to use a library called gwt go it's 8 000 star so it's i think it's pretty much the the the most used one so for that i'm gonna just copy uh this uh link right there i'm gonna go at the import i'm gonna show you or you can import that pretty easily i'm gonna just remove the https like that and now here i can do sync dependency so now they install the dependency for me in my go mod and now i can use it so for that to create a token it's pretty simple you say token equal gwt.new and here you need to put this natural method so for that i'm going to use a hs256 if you want to read about those you can just uh like find what they do and stuff like that you can read them online and stuff like that they just use like a kind of a crypto ash and yeah it's not my cup of tea so here after that i'm gonna create the claims so for the claims you do token claims like that and you want to uh to uh i don't know how to say that easily but you want to finally map that to a type so uh here that's going to be a map claim and after that this claim we can uh append some of the stuff so this claim here i'm gonna say to the sub so sub mean subject it's gonna be equal to a certain thing i don't want to put a number and stuff like that because you're gonna need to put put that back at float64 and stuff like that and i just find it like simpler to go with the string plus if you read the gwt spec they're gonna say some our subject should be a string so after i'm going to do a claim with an expired date for now we're going to just use a really bad one where we're going to say we just won time now so right now we want to add an hour multiplied by 24 so we want a full day multiple by seven so we want a week finally so you can put a comment and say a week after that here this is where we're going to create the jubilee tool can we get a return so the assign assign it a string so for that you just do token that sign it string and now you need to put a key interface uh who's going to be finally your signature key so to have my 12 myself here i'm going to create it as a constant i'm going to just say gwt secret and i'm going to just say a sequel it's a really really awesome secret you should not do this but for this video we gonna do that like that so we're gonna create the token with this secret and the important part is you want the secret to be the same when you create the token and the same when you read the token so this way you know then this is yours after that if this thing returned an error i'm going to just return back sm status of fiber internal server error so a 500 sorry and after that here this is where we're going to return back a fiber okay so that is ok 200 with a json with a fiber lab map so an object back here we're going to send back the token so that's going to be equal to the s right there and after i want to send our users we're going to fake back the fact that we return a user so we're going to return an inline struct where a user is going to have an id type of in json id and an email type of string which is an email and we already know for the id we're going to put one so that's gonna be the same idea we put there i don't really care about the fact then it's just like a demo so just about all the gwd is gonna work not really best practice in this case and for the email we know for sure that's gonna be above that gmail that's it okay uh so now everything should work so i'm gonna go to the post request slash login and i'm gonna click send now we get cannot parse json like i told you we do send an empty json uh request so we are not able to parse this thing so i'm gonna send arrow json i'm gonna make it a bit smaller and i'm gonna send email so if i send just bob and uh password password one two three i should get back a 401 because we get bad credential but if i send bob that gmail.com now we get back a token and a user like that and now we want to use this token to be able to go to our route but before that we want to make sure that we're gonna protect the route to see if this token is working so if i go back to um to uh the project i'm gonna need first to install the go fiber gwt middleware so i'm gonna take this link right there oh i think i can just take it right there so i don't gonna have the gwt i'm gonna put another jwt but the https so now i'm gonna sync those uh uh and i'm going to create my middleware i'm going to create that right there i'm going to call that out require you can call that whatever you want in this case we don't really care and this thing is going to return another function we're going to return a context with the fiber that context so now here we need to return the gwt work so as if you look at the docs they uh call it gwt war like that the alaska because if not that's gonna have the same name as the gwt so we're gonna do like that so we want to return gwt war new and now this thing gonna have access to some config and if we fill all the the field this is everything we can fill up if you look at the docks uh here are all the stuff you you can have they have some error handler we're gonna use it in a moment and they have like the signing uh key so sending keys to validate token use so that's gonna be the thing we need to pass with the gwdt token so here is the way to say hey i want you to validate this this token against which uh secret or key or stuff like that so you just put back the gwd secret like that with a slice of bite after that you see here the user out scheme so alt scheme is to be using the authorization editor so they want you to pre uh to prepare the gwt token with a viewer so it's kind of a best practice but not the best picture but like a standard so it's something you should uh not really change i mean if you want you can but by default it's going to be be rare so when you put it at there there that's going to be the token lockout is the other key you want to use when you want to uh uh finally the key the user going to put this token inside that by default authorization again it is a pretty it's a sender after that the context i'm gonna show you what is this context key in a moment you see here the signing method by default they use the hs256 so that's the one we did use right there so 256. and yes so right now we're going to delete everything else than the signing key we're going to get some issue don't worry we're going to fix something in in a moment so now i'm going to go back to this out yellow and i'm gonna put this out we require at delaware so here for now we're gonna just send um sen hello that's it and now if i go to the get request i'm going to keep the pose i'm going to copy that i'm going to do another one so if i go to hello and i have no no gwt token at all we get this error missing or malfunctioning with a 400 bad request this is not something i like for me i don't care about like if my route say hey you should be authenticated i don't want to have a layer who say hey you miss your jwt and stuff like that i just want to send you like a full one and say hey you should not go there and how you fix that it's pretty simple that was in the error end link i'm going to put that there to be in in order and this error and r take a function with two arguments the context and the error you can do a if error that error and it's equal to this error right there i can do something like that but in my case i don't care if i have an error the only thing i want to send it's always going to be a a fiber unit array so 401 with that json sorry it should be status with a json with a fiber map we say error and you know the rise that's it i don't want more so uh now if i go back to postman and i click send now i get for one unitaries hey you don't have the token that's it you don't go there so now if i take the token i have right there i did get when we log and i go to my headers and i click on authorization and i append that and i send i get again you're not right the reason why it's because like uh i told you you need to prepend this thing with the bearer so you need to put there in front of it and now if you send it uh we still get for one one sec did i make a mistake i'm gonna just log again back i'm gonna take this new token okay now i worked i don't know maybe i did badly copy paste and stuff like that so now you see we get hello so now we know we can stop a user who don't have a right gwt token or no token to go to this route but now we are about to go there but now how can we get the user information and be able to do some stuff with that from this gwt token it's going to be pretty simple okay in your app that get here in your context and because of the odd required stuff now here you're gonna be able to get the token by doing ctx that locals and now here it's the key they put and this key is the key they have ad right there context key context key to store user information from the token in photo context so it's the user so i should call that user like that and now after that you get the claim from the user that claims uh sorry here i need to um and i need to cast the type so it's going to be a pointer to a gwd token like that so now here i can do user like claim and claim i'm going to cast that to gw team matlane and now here i'm going to be able to get my id by doing claims dot id and remember i make it as a type string when you look back right there and this is not id sorry it's sub so now here i can format a string essay hello user with id and now i'm going to put a percent s to put the id right there so now if i go back to postman and i click get you see now i get hello user with id one because that was the id we did put in the gwt uh token hope you enjoyed this video was pretty simple one i'm gonna put the all the link in the description and also i'm gonna uh put this code on github if you want to look a little it's pretty simple i don't think you're gonna need it it's really really simple so uh yeah i hope you enjoy and i'm gonna talk in the next one bye everyone

Info

Channel: EQuimper

Views: 7,683

Rating: undefined out of 5

Keywords: javascript, react-native, reactjs, es6, nodejs, javascript (programming language), learn to code, coding, programmer, mobile app, application, equimper, graphql, golang, golang tutorial, go-jwt, go fiber, fiber, fiber jwt

Id: ejEizICXm9w

Channel Id: undefined

Length: 22min 21sec (1341 seconds)

Published: Thu Jul 30 2020