Work in progress: /authenticate endpoint handler

go.mod

@@ -2,6 +2,7 @@ module git.rwth-aachen.de/acs/public/villas/villasweb-backend-go
 
 require (
 	github.com/denisenkom/go-mssqldb v0.0.0-20190401154936-ce35bd87d4b3 // indirect
+	github.com/dgrijalva/jwt-go v3.2.0+incompatible
 	github.com/erikstmartin/go-testdb v0.0.0-20160219214506-8d10e4a1bae5 // indirect
 	github.com/gin-contrib/sse v0.0.0-20190301062529-5545eab6dad3 // indirect
 	github.com/gin-gonic/gin v1.3.0

go.sum

@@ -20,6 +20,8 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/denisenkom/go-mssqldb v0.0.0-20190401154936-ce35bd87d4b3 h1:3mNLx0iFqaq/Ssxqkjte26072KMu96uz1VBlbiZhQU4=
 github.com/denisenkom/go-mssqldb v0.0.0-20190401154936-ce35bd87d4b3/go.mod h1:EcO5fNtMZHCMjAvj8LE6T+5bphSdR6LQ75n+m1TtsFI=
+github.com/dgrijalva/jwt-go v3.2.0+incompatible h1:7qlOGliEKZXTDg6OTjfoBKDXWrumCAMpl/TFQ4/5kLM=
+github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
 github.com/eapache/go-resiliency v1.1.0/go.mod h1:kFI+JgMyC7bLPUVY133qvEBtVayf5mFgVsvEsIPBvNs=
 github.com/eapache/go-xerial-snappy v0.0.0-20180814174437-776d5712da21/go.mod h1:+020luEh2TKB4/GOp8oxxtq0Daoen/Cii55CzbTV6DU=
 github.com/eapache/queue v1.1.0/go.mod h1:6eCeP0CKFpHLu8blIFXhExK/dRa7WDZfr6jVFPTqq+I=

routes/user/userEndpoints.go

@@ -1,11 +1,20 @@
 package user
 
 import (
+	"git.rwth-aachen.de/acs/public/villas/villasweb-backend-go/common"
 	"github.com/gin-gonic/gin"
 	"net/http"
 )
 
+type Credentials struct {
+	Username string `form:"Username"`
+	Password string `form:"Password"`
+	Role     string `form:"Role"`
+	Mail     string `form:"Mail"`
+}
+
 func UsersRegister(r *gin.RouterGroup) {
+	r.POST("/authenticate", authenticationEp)
 	r.GET("/", usersReadEp)
 	r.POST("/", userRegistrationEp)
 	r.PUT("/:UserID", userUpdateEp)
@@ -14,6 +23,48 @@ func UsersRegister(r *gin.RouterGroup) {
 	//r.GET("/me", userSelfEp) // TODO: this conflicts with GET /:userID
 }
 
+func authenticationEp(c *gin.Context) {
+
+	// Bind the response (context) with the Credentials struct
+	var userLogin Credentials
+	err := c.BindJSON(&userLogin)
+	if err != nil {
+		panic(err)
+	}
+
+	// Check if the Username or Password are empty
+	if userLogin.Username == "" || userLogin.Password == "" {
+		c.JSON(http.StatusUnauthorized, gin.H{
+			"success": false,
+			"message": "Invalid credentials",
+		})
+		return
+	}
+
+	// Find the username in the database
+	db := common.GetDB()
+	var user common.User
+	err = db.Find(&user, "Username = ?", userLogin.Username).Error
+	if err != nil {
+		c.JSON(http.StatusNotFound, gin.H{
+			"success": false,
+			"message": "User not found",
+		})
+		return
+	}
+
+	// TODO: Validate password
+
+	// TODO: generate jwt
+
+	c.JSON(http.StatusOK, gin.H{
+		"success":          true,
+		"message":          "Authenticated",
+		"token":            "NOT yet implemented",
+		"Original request": userLogin, // TODO: remove that
+	})
+}
+
 func usersReadEp(c *gin.Context) {
 	allUsers, _, _ := FindAllUsers()
 	serializer := UsersSerializer{c, allUsers}
@@ -23,6 +74,13 @@ func usersReadEp(c *gin.Context) {
 }
 
 func userRegistrationEp(c *gin.Context) {
+	//// dummy TODO: check in the middleware if the user is authorized
+	//authorized := false
+	//// TODO: move this redirect in the authentication middleware
+	//if !authorized {
+	//c.Redirect(http.StatusSeeOther, "/authenticate")
+	//return
+	//}
 	c.JSON(http.StatusOK, gin.H{
 		"message": "NOT implemented",
 	})

start.go

@@ -15,16 +15,18 @@ import (
 
 func main() {
 	// Testing
-	db := common.InitDB()
+	db := common.DummyInitDB()
 	common.MigrateModels(db)
 	defer db.Close()
 
+	common.DummyPopulateDB(db)
+
 	r := gin.Default()
 
 	api := r.Group("/api/v1")
 
 	// All endpoints require authentication TODO: except /authenticate
-	api.Use(user.Authentication(true))
+	//api.Use(user.Authentication(false))
 
 	user.UsersRegister(api.Group("/users"))
 	file.FilesRegister(api.Group("/files"))