Home > Backend Development > Golang > Implementing JWT Authentication in Go API

Implementing JWT Authentication in Go API

Susan Sarandon
Release: 2024-12-27 20:56:14
Original
435 people have browsed it

Implementing JWT Authentication in Go API

JWT (JSON Web Token) is a highly effective method for securing APIs through token-based authentication, ensuring that only authenticated users can access your API endpoints. Unlike traditional session-based approaches, JWT is stateless, eliminating the need for server-side session storage, which makes it ideal for scalable and performant applications. In this guide, we'll walk you through implementing JWT authentication in a Go API, from generating tokens upon user login to securing your endpoints by validating these tokens, ultimately enhancing the security and robustness of your application's data and resources.

Prerequisites

  • Go 1.21

Setup project

go mod init app
go get github.com/gin-gonic/gin@v1.5.0
go get github.com/golang-jwt/jwt
go get github.com/joho/godotenv 
Copy after login

Project structure

├─ .env
├─ main.go
├─ middleware
│  └─ authenticate.go
└─ public
   ├─ index.html
   └─ login.html
Copy after login

Project files

.env

jwt_secret = b0WciedNJvFCqFRbB2A1QhZoCDnutAOen5g1FEDO0HsLTwGINp04GXh2OXVpTqQL
Copy after login

This .env file contains a single environment variable jwt_secret, which holds a secret key used for signing and verifying JWT tokens in the application.

authenticate.go

package middleware

import (
    "net/http"
    "os"
    "strings"

    "github.com/gin-gonic/gin"
    "github.com/golang-jwt/jwt"
)

type Claims struct {
    Id int `json:"id"`
    Name string `json:"name"`
    jwt.StandardClaims
}

func Authenticate() gin.HandlerFunc {
    return func(c *gin.Context) {
        if c.Request.URL.Path == "/" || c.Request.URL.Path == "/login" {
            c.Next()
            return
        }
        authHeader := c.GetHeader("Authorization")
        if authHeader == "" {
            c.Status(http.StatusUnauthorized)
            c.Abort()
            return
        }
        tokenString := strings.TrimPrefix(authHeader, "Bearer ")
        token, err := jwt.ParseWithClaims(tokenString, &Claims{}, func(token *jwt.Token) (interface{}, error) {
            return []byte(os.Getenv("jwt_secret")), nil
        })
        if err != nil || !token.Valid {
            c.Status(http.StatusUnauthorized)
            c.Abort()
            return
        }
        if claims, ok := token.Claims.(*Claims); ok {
            c.Set("user", claims)
        } else {
            c.Status(http.StatusUnauthorized)
            c.Abort()
            return
        }
        c.Next()
    }
}
Copy after login

The authenticate.go middleware defines a function for JWT authentication in a Go API using the Gin framework. It checks if the request is for the / or /login paths, in which case no authentication is needed. For other routes, it retrieves the Authorization header, expecting a Bearer token. The token is parsed and validated using the jwt package and a secret key from environment variables. If the token is invalid or missing, the request is aborted with a 401 Unauthorized status. If valid, the user claims (such as id and name) are extracted and added to the Gin context, allowing access to protected routes.

main.go

package main

import (
    "app/middleware"
    "net/http"
    "os"
    "time"

    "github.com/gin-gonic/gin"
    "github.com/golang-jwt/jwt"
    "github.com/joho/godotenv"
)

func main() {
    godotenv.Load()
    router := gin.Default()
    router.Use(middleware.Authenticate())
    router.LoadHTMLFiles("public/index.html", "public/login.html")

    router.GET("/", func(c *gin.Context) {
        c.HTML(http.StatusOK, "index.html", nil)
    })

    router.GET("/login", func(c *gin.Context) {
        c.HTML(http.StatusOK, "login.html", nil)
    })

    router.GET("/user", func(c *gin.Context) {
        user, _ := c.Get("user")
        claims := user.(*middleware.Claims)
        c.JSON(http.StatusOK, gin.H{"name": claims.Name})
    })

    router.POST("/login", func(c *gin.Context) {
        var login map[string]string
        c.BindJSON(&login)
        if login["name"] == "admin" && login["password"] == "1234" {
            token := jwt.NewWithClaims(jwt.SigningMethodHS256, &middleware.Claims{
                Id: 1,
                Name: login["name"],
                StandardClaims: jwt.StandardClaims{
                    IssuedAt: time.Now().Unix(),
                    ExpiresAt: time.Now().Add(24 * time.Hour).Unix(),
                },
            })
            tokenString, _ := token.SignedString([]byte(os.Getenv("jwt_secret")))
            c.JSON(http.StatusOK, gin.H{"token": tokenString})
        } else {
            c.Status(http.StatusBadRequest)
        }
    })
    router.Run()
}
Copy after login

The main.go file sets up a Go web server using the Gin framework to handle routes with JWT-based authentication. It uses middleware for authentication, which checks for valid JWT tokens in requests. The server serves two HTML pages: index.html and login.html, which are accessible via the / and /login routes.

For the /user route, the server retrieves the authenticated user's name from the JWT claims and returns it in the response. For the /login POST route, the server validates user credentials (name and password) and, if valid, generates a JWT token, signing it with a secret key and sending it back to the client. The server is configured to listen for requests and run on the default port.

index.html

<!DOCTYPE html>
<html>
<head>
    <meta charset="utf-8">
    <meta name="viewport" content="width=device-width,initial-scale=1">
    <link href="https://cdnjs.cloudflare.com/ajax/libs/bootstrap/5.3.3/css/bootstrap.min.css" rel="stylesheet">
    <link href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.0/css/all.min.css" rel="stylesheet">
</head>
<body>
    <div>



<p>The index.html is a simple web page that provides a user interface for displaying the login status of a user. It uses Bootstrap for styling and Font Awesome for icons. On page load, it checks the user's authentication status by sending a request to the server with a JWT token stored in localStorage. If the user is logged in, it shows a success message with the user's name and a logout button. If not logged in, it shows a message indicating the user is not logged in and redirects them to the login page after a few seconds.</p>

<h3>
  
  
  login.html
</h3>



<pre class="brush:php;toolbar:false"><!DOCTYPE html>
<html>
<head>
    <meta charset="utf-8">
    <meta name="viewport" content="width=device-width,initial-scale=1">
    <link href="https://cdnjs.cloudflare.com/ajax/libs/bootstrap/5.3.3/css/bootstrap.min.css" rel="stylesheet">
    <link href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.0/css/all.min.css" rel="stylesheet">
</head>
<body>
    <div>



<p>The login.html page provides a simple login form where users can input their username and password. It uses Bootstrap for styling and Font Awesome for icons. When the user submits the form, a JavaScript function login() sends a POST request to the /login endpoint with the entered credentials. If the login is successful, the server returns a JWT token, which is stored in localStorage. The page then redirects the user to the home page (/). If the login fails, an error message is displayed.</p>

<h2>
  
  
  Run project
</h2>



<pre class="brush:php;toolbar:false">go run main.go
Copy after login

Open the web browser and goto http://localhost:8080

You will find this test page.

Implementing JWT Authentication in Go API

Testing

After a few seconds, you will be redirected to the login page.

Implementing JWT Authentication in Go API

Press the login button, and you will be logged in to the home page, which will display the logged-in user's name.

Implementing JWT Authentication in Go API

Try refreshing the browser, and you will see that you're still logged in. Then, press the logout button, the JWT token will be removed, and you will be redirected to the login page again.

Implementing JWT Authentication in Go API

Conclusion

In conclusion, implementing JWT authentication in a Go API provides a secure and scalable approach to handle user authentication. By using the Gin framework alongside the golang-jwt/jwt package, we can easily integrate token-based authentication into our application. JWT tokens are generated during login, securely validating user credentials, and granting access to protected routes. The middleware ensures that only authenticated users can access these routes by verifying the token’s validity. This stateless authentication mechanism offers enhanced performance and flexibility, making it an ideal choice for modern API architectures.

Source code: https://github.com/stackpuz/Example-JWT-Go

Create a CRUD Web App in Minutes: https://stackpuz.com

The above is the detailed content of Implementing JWT Authentication in Go API. For more information, please follow other related articles on the PHP Chinese website!

source:dev.to
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Latest Articles by Author
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template