Validating the token on the back end

This commit is contained in:
2024-08-19 22:22:40 +02:00
parent 7ef68d030b
commit 4a756e850e
3 changed files with 69 additions and 3 deletions

View File

@ -2,11 +2,13 @@ package main
import (
"encoding/json"
"errors"
"fmt"
"myapp/internal/cards"
"myapp/internal/models"
"net/http"
"strconv"
"strings"
"time"
"github.com/go-chi/chi/v5"
@ -298,6 +300,46 @@ func (app *application) CreateAuthToken(w http.ResponseWriter, r *http.Request)
_ = app.writeJSON(w, http.StatusOK, payload)
}
func (app *application) CheckAuthentication(w http.ResponseWriter, r *http.Request) {
app.invalidCredentials(w)
func (app *application) authenticateToken(r *http.Request) (*models.User, error) {
authorizationHeader := r.Header.Get("Authorization")
if authorizationHeader == "" {
return nil, errors.New("no authorization header received")
}
headerParts := strings.Split(authorizationHeader, " ")
if len(headerParts) != 2 || headerParts[0] != "Bearer" {
return nil, errors.New("no authorization header received")
}
token := headerParts[1]
if len(token) != 26 {
return nil, errors.New("authentication token wrong size")
}
// get the user from the tokens table
user, err := app.DB.GetUserForToken(token)
if err != nil {
return nil, errors.New("no matching user found")
}
return user, nil
}
func (app *application) CheckAuthentication(w http.ResponseWriter, r *http.Request) {
// validate the token, and get associated user
user, err := app.authenticateToken(r)
if err != nil {
app.errorLog.Println(err)
app.invalidCredentials(w)
return
}
// valid user
var payload struct {
Error bool `json:"error"`
Message string `json:"message"`
}
payload.Error = false
payload.Message = fmt.Sprintf("authenticated user %s", user.Email)
app.writeJSON(w, http.StatusOK, payload)
}