When diving into building a REST API with Golang using the Gin framework, you definitely want something solid for client authentication. One of the best ways to nail this is with Bearer Tokens, specifically JSON Web Tokens (JWT). Here’s a laid-back guide on getting that setup going in your Golang project.
Setting Up Your Golang Project
First things first, make sure Golang is installed. You’re going to create a new directory for your project and initialize it with go mod init. You’ll need the Gin framework and a JWT package, so pop open your terminal and run:
go get -u github.com/gin-gonic/gin
go get -u github.com/dgrijalva/jwt-go
Creating the Gin Router
Your Gin router will be the core of your API, handling incoming requests and routing them. Start with setting up that router:
package main
import (
"github.com/gin-gonic/gin"
"net/http"
)
func main() {
port := "8000"
router := gin.New()
router.Use(gin.Logger(), gin.Recovery())
router.GET("/api-1", func(c *gin.Context) {
c.JSON(200, gin.H{"success": "Access granted for api-1"})
})
router.GET("/api-2", func(c *gin.Context) {
c.JSON(200, gin.H{"success": "Access granted for api-2"})
})
router.Run(":" + port)
}
Implementing JWT Authentication
To lock down your API endpoints, you’ll use JWTs. This involves generating a JWT token when a user logs in and validating this token for all their future requests.
Generating JWT Tokens
When a user logs in, you need to generate a JWT token that contains their details. Here’s how you might handle creating a JWT token:
package main
import (
"github.com/dgrijalva/jwt-go"
"github.com/gin-gonic/gin"
"time"
)
type Claims struct {
Email string `json:"email"`
jwt.StandardClaims
}
func GenerateToken(email string) (string, error) {
claims := Claims{
Email: email,
StandardClaims: jwt.StandardClaims{
ExpiresAt: time.Now().Add(time.Hour * 72).Unix(),
Issuer: "your-issuer",
},
}
token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
return token.SignedString([]byte("your-secret-key"))
}
Creating Bearer Token Middleware
Next up, you need middleware to check for the Bearer token in the Authorization header of incoming requests. Here’s how that might look:
package middleware
import (
"github.com/dgrijalva/jwt-go"
"github.com/gin-gonic/gin"
"net/http"
)
func Authenticate() gin.HandlerFunc {
return func(c *gin.Context) {
clientToken := c.Request.Header.Get("Authorization")
if clientToken == "" {
c.JSON(http.StatusInternalServerError, gin.H{"error": "No Authorization Header Provided"})
c.Abort()
return
}
tokenString := clientToken[7:] // Remove "Bearer " prefix
token, err := jwt.ParseWithClaims(tokenString, &Claims{}, func(token *jwt.Token) (interface{}, error) {
return []byte("your-secret-key"), nil
})
if err != nil {
c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
c.Abort()
return
}
claims, ok := token.Claims.(*Claims)
if !ok || !token.Valid {
c.JSON(http.StatusInternalServerError, gin.H{"error": "Invalid token"})
c.Abort()
return
}
c.Set("email", claims.Email)
c.Next()
}
}
Securing API Endpoints
With the middleware set, you can secure your API endpoints by applying this middleware to specific routes or route groups:
package main
import (
"github.com/gin-gonic/gin"
"middleware"
)
func main() {
port := "8000"
router := gin.New()
router.Use(gin.Logger(), gin.Recovery())
securedRoutes := router.Group("/secured")
securedRoutes.Use(middleware.Authenticate())
securedRoutes.GET("/api-1", func(c *gin.Context) {
email, _ := c.Get("email")
c.JSON(200, gin.H{"success": "Access granted for api-1", "email": email})
})
securedRoutes.GET("/api-2", func(c *gin.Context) {
email, _ := c.Get("email")
c.JSON(200, gin.H{"success": "Access granted for api-2", "email": email})
})
router.Run(":" + port)
}
Testing Your API
To test your API, grab tools like Postman or cURL. Here’s a quick cURL example:
-
Generate a JWT Token:
curl -X POST http://localhost:8000/login -H "Content-Type: application/json" -d '{"email": "[email protected]", "password": "password"}'This should return your JWT token.
-
Use the JWT Token to Access Secured Endpoints:
curl -X GET http://localhost:8000/secured/api-1 -H "Authorization: Bearer your-jwt-token"This should get you a response from the secured endpoint.
Handling User Data
Typically, you’d store user data in a database and grab it based on the JWT token. Here’s a quick example using GORM to interact with a database:
package main
import (
"gorm.io/gorm"
"gorm.io/gorm/sqlite"
)
type User struct {
gorm.Model
Email string `json:"email"`
// Other fields...
}
func main() {
db, err := gorm.Open(sqlite.Open("test.db"), &gorm.Config{})
if err != nil {
panic("failed to connect database")
}
db.AutoMigrate(&User{})
}
When a user logs in, you’d fetch their details from the database and create a JWT token with those details.
Summary
Implementing Bearer Token middleware in your Golang API using the Gin framework is a rock-solid way to keep your endpoints secure. By generating JWT tokens at login and validating them with middleware, you ensure only the right folks have access. This approach is not just scalable but also ticks all the boxes when it comes to industry standards for securing REST APIs.
Make sure you keep your secret key super safe and handle errors properly to ensure the integrity of your auth system. With these steps, you’re good to go in building a secure and reliable API, keeping all that sensitive data out of the wrong hands.