Merge pull request #5 from itishrishikesh/auth

custom authentication mechanism added

auth/auth.go

@@ -0,0 +1,25 @@
+package auth
+
+import (
+	"errors"
+	"net/http"
+	"strings"
+)
+
+// GetAPIKey extracts an API key from the header of an HTTP request
+// Example:
+// Authorization: ApiKey {insert apikey here}
+func GetAPIKey(header http.Header) (string, error) {
+	val := header.Get("Authorization")
+	if val == "" {
+		return "", errors.New("E#1OTELT - No authentication info found!")
+	}
+	vals := strings.Split(val, " ")
+	if len(vals) != 2 {
+		return "", errors.New("E#1OTEM0 - Malformed auth header")
+	}
+	if vals[0] != "ApiKey" {
+		return "", errors.New("E#1OTEM5 - Malformed auth header")
+	}
+	return vals[1], nil
+}

main.go

@@ -60,6 +60,7 @@ func main() {
 	v1Router.Get("/healthz", healthCheckHandler)
 	v1Router.Get("/err", errorHandler)
 	v1Router.Post("/users", apiCfg.createUserHandler)
+	v1Router.Get("/users", apiCfg.getUserHandler)
 	router.Mount("/v1", v1Router)
 
 	server := &http.Server{

models.go

@@ -0,0 +1,26 @@
+package main
+
+import (
+	"time"
+
+	"github.com/google/uuid"
+	"github.com/itishrishikesh/gofeed/internal/database"
+)
+
+type User struct {
+	ID        uuid.UUID `json:"id"`
+	CreatedAt time.Time `json:"created_at"`
+	UpdatedAt time.Time `json:"updated_at"`
+	Name      string    `json:"name"`
+	ApiKey    string    `json:"api_key"`
+}
+
+func databaseUserToUser(dbUser database.User) User {
+	return User{
+		ID:        dbUser.ID,
+		CreatedAt: dbUser.CreatedAt,
+		UpdatedAt: dbUser.UpdatedAt,
+		Name:      dbUser.Name,
+		ApiKey:    dbUser.ApiKey,
+	}
+}

sql/queries/users.sql

@@ -1,4 +1,7 @@
 -- name: CreateUser :one
-INSERT INTO users (id, created_at, updated_at, name)
-VALUES ($1, $2, $3, $4)
-RETURNING *;
+INSERT INTO users (id, created_at, updated_at, name, api_key)
+VALUES ($1, $2, $3, $4, encode(sha256(random()::text::bytea), 'hex'))
+RETURNING *;
+
+-- name: GetUserByAPIKey :one
+SELECT * FROM users WHERE api_key = $1;

sql/schema/002_users_apikey.sql

@@ -0,0 +1,7 @@
+-- +goose Up
+ALTER TABLE users ADD COLUMN api_key VARCHAR(64) UNIQUE NOT NULL DEFAULT (
+    encode(sha256(random()::text::bytea), 'hex')
+);
+
+-- +goose Down
+ALTER TABLE users DROP COLUMN api_key;

user_handler.go

@@ -8,6 +8,7 @@ import (
 	"time"
 
 	"github.com/google/uuid"
+	"github.com/itishrishikesh/gofeed/auth"
 	"github.com/itishrishikesh/gofeed/constants"
 	"github.com/itishrishikesh/gofeed/internal/database"
 )
@@ -38,5 +39,20 @@ func (apiCfg *apiConfig) createUserHandler(writer http.ResponseWriter, request *
 		return
 	}
 
+	respondWithJSON(writer, constants.HTTP_SUCCESS, databaseUserToUser(user))
+}
+
+func (apiCfg *apiConfig) getUserHandler(writer http.ResponseWriter, request *http.Request) {
+	apiKey, err := auth.GetAPIKey(request.Header)
+	if err != nil {
+		respondWithError(writer, 403, fmt.Sprintf("E#1OTELA - Auth Error: %v", err))
+		return
+	}
+	user, err := apiCfg.DB.GetUserByAPIKey(request.Context(), apiKey)
+	if err != nil {
+		respondWithError(writer, constants.HTTP_ERROR, fmt.Sprintf("E#1OTELI - Couldn't get user: %v", err))
+		return
+	}
+
 	respondWithJSON(writer, constants.HTTP_SUCCESS, user)
 }