package main import ( "context" "encoding/json" "fmt" "net/http" "strings" "time" "github.com/dgrijalva/jwt-go" "golang.org/x/crypto/bcrypt" ) // Define contextKey globally within the package type contextKey string // Define your key as a constant of the custom type const userKey contextKey = "user" // LoginRequest represents the request body for the /login endpoint. type LoginRequest struct { Username string `json:"username"` Password string `json:"password"` } // LoginResponse represents the response body for the /login endpoint. type LoginResponse struct { Token string `json:"token"` } func init() { fmt.Printf("handlers.go init: config = %+v", config) } // loginHandler handles the /login endpoint. // LoginHandler handles the /login endpoint. func LoginHandler(w http.ResponseWriter, r *http.Request) { var req LoginRequest //fmt.Println("db is ", db) //fmt.Println("config is ", config) if db == nil { fmt.Println("DB is nil") http.Error(w, "Database not initialized", http.StatusInternalServerError) return } fmt.Println("DB is not nil") //if config == nil { //fmt.Println("Config is nil in LoginHandler") //h//ttp.Error(w, "Configuration not loaded", http.StatusInternalServerError) //return //} //fmt.Println("Config is not nil") fmt.Printf("DB: %+v\n", db) //fmt.Printf("Config: %+v\n", config) fmt.Println("LoginHandler called") err := json.NewDecoder(r.Body).Decode(&req) if err != nil { http.Error(w, "Invalid request body", http.StatusBadRequest) return } // Check if the user exists and the password matches var user User db.Where("username = ?", req.Username).First(&user) if user.ID == 0 { http.Error(w, "Invalid username or password", http.StatusUnauthorized) return } // Compare the provided password with the stored hashed password err = bcrypt.CompareHashAndPassword([]byte(user.Password), []byte(req.Password)) if err != nil { http.Error(w, "Invalid username or password", http.StatusUnauthorized) return } // Generate JWT token token := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{ "username": user.Username, "exp": time.Now().Add(time.Hour * 24).Unix(), // Token expires in 24 hours }) tokenString, err := token.SignedString(*JWTSecret) if err != nil { http.Error(w, "Failed to generate token", http.StatusInternalServerError) return } // Return the token in the response json.NewEncoder(w).Encode(LoginResponse{Token: tokenString}) } // authMiddleware is a middleware function that checks for a valid JWT token in the request header and enables CORS. func AuthMiddleware(next http.Handler) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { // Set CORS headers w.Header().Set("Access-Control-Allow-Origin", "*") // Replace "*" with your allowed frontend origin if needed w.Header().Set("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS") w.Header().Set("Access-Control-Allow-Headers", "Content-Type, Authorization") // Handle preflight request for CORS if r.Method == http.MethodOptions { w.WriteHeader(http.StatusOK) return } // Get the token from the request header tokenString := r.Header.Get("Authorization") if tokenString == "" { http.Error(w, "Authorization header missing", http.StatusUnauthorized) return } // Remove "Bearer " prefix from token string tokenString = strings.Replace(tokenString, "Bearer ", "", 1) // Parse and validate the JWT token token, err := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) { // Make sure that the signing method is HMAC if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok { return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"]) } return *JWTSecret, nil }) if err != nil || !token.Valid { http.Error(w, "Invalid token", http.StatusUnauthorized) return } // Extract the user claims from the token if claims, ok := token.Claims.(jwt.MapClaims); ok { // Add the "user" claim to the request context newCtx := context.WithValue(r.Context(), userKey, claims["username"]) r = r.WithContext(newCtx) } else { http.Error(w, "Invalid token claims", http.StatusUnauthorized) return } // Call the next handler in the chain next.ServeHTTP(w, r) }) }