Golang is an emerging language, especially suitable for implementing Web services. In Web services, authentication and authorization are very important security mechanisms. This article will introduce how to implement Web server authentication and authorization in Golang.
Authentication (Authentication) refers to verifying the user's identity and determining whether he has the right to access resources. Common authentication methods include username and password, token, etc. Authorization refers to determining whether a user has the permission to access a resource. Usually includes role-based access control and resource-based access control authorization methods.
A variety of frameworks and libraries can be used in Golang to implement authentication and authorization of Web services. This article takes the Gin framework as an example to introduce how to implement token-based authentication and role-based authorization.
1. Token-based authentication
In the Gin framework, JWT (Json Web Token) can be used to implement token-based authentication. JWT is an open standard that defines a concise, self-contained way to securely transmit information over the web. JWT consists of three parts: Header, Payload and Signature.
The header is used to describe the type of token and the signature algorithm, for example:
{"alg": "HS256", "typ": "JWT"}
The payload is used to store information that needs to be transmitted, such as user name, role, etc., for example:
{"sub": "123456789", "name": "John Doe", "iat": 1516239022}
Signature is used to prevent information from being tampered with and requires the use of a private key for signature, for example:
HMACSHA256(
base64UrlEncode(header) "."
base64UrlEncode(payload),
secret)
In Golang, you can use the github.com/dgrijalva/jwt-go library to achieve JWT generation and verification. For example:
// Create a new token object, specifying signing method and the claims you would like it to contain.
token := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{
"sub": "1234567890",
"name": "John Doe",
"iat": 1516239022,
Copy after login
})
// Sign and get the complete encoded token as a string using the secret
tokenString, err := token.SignedString([]byte("secret"))
// Parse the token to verify its validity and extract the claims
token, err := jwt.ParseWithClaims(tokenString, &MyCustomClaims{}, func(token *jwt.Token) (interface{}, error) {
return []byte("secret"), nilCopy after login
})
In the Gin framework, you can use the gin-jwt library to quickly build a JWT-based authentication mechanism. For example:
// Create a new JWT middleware with the specified signing key
middleware := jwtmiddleware.New(jwtmiddleware.Options{
SigningMethod: jwt.SigningMethodHS256,
Claims: &CustomClaims{},
KeyFunc: func(token *jwt.Token) (interface{}, error) {
// Check the signing method and return the key for verifying the signature
if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"])
}
return []byte("secret"), nil
},Copy after login
})
/ / Use the middleware in a Gin route to protect the resource
router.GET("/protected", middleware.MiddlewareFunc(), func(c *gin.Context) {
claims := jwtmiddleware.ExtractClaims(c)
user := claims["user"].(string)
c.JSON(200, gin.H{
"user": user,
"message": "Hello, World!",
})Copy after login
})
2. Role-based authorization
In the Gin framework, role-based authorization can be used to restrict user access to resources. For example, in a blog application, roles are used to distinguish ordinary users and administrators. Administrators can access all Blog resources, while ordinary users can only access Blog resources published by themselves.
You can use the gin-authz library to implement role-based authorization. For example:
// Define the authorization middleware to enforce the role-based access
authMiddleware := authz.NewAuthorizer(authz.BuiltinRolebased())
// Define a role-based policy to grant the "admin" role access to all resources
adminRole := authz.NewRole("admin", []string{"*"})
policy := authz.NewPolicy()
policy .AddRole(adminRole)
// Use the policy middleware in a Gin route to enforce the role-based access control
router.GET("/blogs", authMiddleware.CheckPermission(policy, "admin" ), func(c *gin.Context) {
// Return the list of all blogs
Copy after login
})
router.GET("/blog/:id", authMiddleware.CheckPermission(policy, "read"), func (c *gin.Context) {
// Return the specified blog
Copy after login
})
router.POST("/blog", authMiddleware.CheckPermission(policy, "write"), func(c *gin.Context ) {
// Create a new blog
Copy after login
})
In the above code, a role named "admin" is defined, which has access to all resources ("*"). Then, in each route, check whether the user's role has access to the resource by using the authMiddleware.CheckPermission function.
Summary
This article introduces how to implement Web server authentication and authorization in Golang. By using the Gin framework and related libraries, we can quickly build secure and reliable web services.
The above is the detailed content of Golang learning Web server authentication and authorization. For more information, please follow other related articles on the PHP Chinese website!
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
