https://github.com/mjah/jwt-auth
A JWT based authentication server.
https://github.com/mjah/jwt-auth
authentication golang jwt postgresql rabbitmq
Last synced: 3 months ago
JSON representation
A JWT based authentication server.
- Host: GitHub
- URL: https://github.com/mjah/jwt-auth
- Owner: mjah
- License: mit
- Created: 2019-07-17T15:16:02.000Z (almost 7 years ago)
- Default Branch: master
- Last Pushed: 2020-03-17T21:50:47.000Z (over 6 years ago)
- Last Synced: 2024-06-20T17:41:22.037Z (about 2 years ago)
- Topics: authentication, golang, jwt, postgresql, rabbitmq
- Language: Go
- Homepage:
- Size: 195 KB
- Stars: 4
- Watchers: 1
- Forks: 0
- Open Issues: 6
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# JWT Authentication Microservice
[![GoDoc Badge]][GoDoc] [![GoReportCard Badge]][GoReportCard]
[GoDoc]: https://godoc.org/github.com/mjah/jwt-auth
[GoDoc Badge]: https://godoc.org/github.com/mjah/jwt-auth?status.svg
[GoReportCard]: https://goreportcard.com/report/github.com/mjah/jwt-auth
[GoReportCard Badge]: https://goreportcard.com/badge/github.com/mjah/jwt-auth
A simple JWT based authentication server.
Features:
* Token based stateless authentication.
* User sign up, sign in, sign out, update, confirm, delete, and reset password.
* Send welcome, confirm, and reset password emails.
* Issue access and refresh token on signin.
* Ability to store tokens in HTTPOnly cookies and/or receive in JSON response.
* Refresh token revocation on sign out and ability to revoke all refresh tokens on sign out everywhere.
* JWT signed using RS256 signing algorithm for asymmetric encryption.
## Quick Start
This section will guide you through getting this project up and running as quickly as possible. It will only require that [docker](https://www.docker.com/) is installed and nothing else.
**This quick start is recommended for experimenting/testing purposes only.**
### Run Postgresql
```sh
docker run -it --rm \
--name postgres \
-p 5432:5432 \
-e POSTGRES_DB=jwt-auth \
-e POSTGRES_USER=postgres \
-e POSTGRES_PASSWORD=postgres \
postgres:11-alpine
```
Note: If you want to use an existing Postgresql setup with same port, then ensure that the jwt-auth database is created.
### Run Rabbitmq
```sh
docker run -it --rm \
--name rabbitmq \
-p 5672:5672 \
-p 15672:15672 \
rabbitmq:3-management
```
### Generate an RSA keypair with a 2048 bit private key
```sh
JA_KEYS_DIR="$HOME/.jwt-auth/keys"
mkdir -p "$JA_KEYS_DIR"
openssl genpkey -algorithm RSA -out "$JA_KEYS_DIR/private_key.pem" -pkeyopt rsa_keygen_bits:2048
openssl rsa -pubout -in "$JA_KEYS_DIR/private_key.pem" -out "$JA_KEYS_DIR/public_key.pem"
```
### Run application
```sh
docker run \
--network host \
--volume "$JA_KEYS_DIR":/keys \
-e JA_TOKEN_PRIVATE_KEY_PATH=/keys/private_key.pem \
-e JA_TOKEN_PUBLIC_KEY_PATH=/keys/public_key.pem \
docker.pkg.github.com/mjah/jwt-auth/jwt-auth:latest serve
```
Go to [localhost:9096/ping](http://localhost:9096/ping), if you receive a pong then you are now up and running.
## Configuration
See the [config.example.yml](https://github.com/mjah/jwt-auth/blob/master/config.example.yml) file for an example of the configuration.
Environment variables are also supported. This will be the configuration name in all capital letters, 'JA\_' prefixed, and '.' replaced with '\_'. E.g. *email.smtp_host* becomes *JA_EMAIL_SMTP_HOST*.
## API
### Public Routes
Path
Method
JSON Data
Shared Error Responses
Further Error Responses
/signup
POST
email (string, required)
username (string, required)
password (string, required)
first_name (string, required)
last_name (string, required)
confirm_email_url (string, required)
DetailsInvalid
DatabaseConnectionFailed
DatabaseQueryFailed
EmailAndUsernameAlreadyExists
EmailAlreadyExists
UsernameAlreadyExists
DefaultRoleAssignFailed
PasswordGenerationFailed
MessageQueueFailed
/signin
POST
email (string, required)
password (string, required)
remember_me (bool, required)
EmailDoesNotExist
PasswordInvalid
AccessTokenIssueFailed
RefreshTokenIssueFailed
/confirm-email
POST
email (string, required)
confirm_email_token (string, required)
EmailDoesNotExist
EmailAlreadyConfirmed
UUIDTokenDoesNotMatch
UUIDTokenExpired
/reset-password
POST
email (string, required)
reset_password_token (string, required)
password (string, required)
EmailDoesNotExist
UUIDTokenDoesNotMatch
UUIDTokenExpired
PasswordGenerationFailed
/send-confirm-email
POST
email (string, required)
confirm_email_url (string, required)
EmailDoesNotExist
EmailAlreadyConfirmed
MessageQueueFailed
/send-reset-password
POST
email (string, required)
reset_password_url (string, required)
EmailDoesNotExist
MessageQueueFailed
### Private Routes
Accessing private routes will require the refresh token in the authorization bearer.
Path
Method
JSON Data
Shared Error Responses
Further Error Responses
/user
GET
AuthorizationBearerTokenEmpty
RefreshTokenCookieEmpty
JWTTokenInvalid
DatabaseConnectionFailed
DatabaseQueryFailed
UserDoesNotExist
UserIsNotActive
RefreshTokenIsRevoked
/user
PATCH
email (string, optional)
username (string, optional)
password (string, optional)
first_name (string, optional)
last_name (string, optional)
DetailsInvalid
EmailAndUsernameAlreadyExists
EmailAlreadyExists
UsernameAlreadyExists
PasswordGenerationFailed
/user
DELETE
/signout
GET
/signout-all
GET
/refresh-token
GET
AccessTokenIssueFailed
### Error Responses
Error responses and their codes can be seen in [errors/codes.go](https://github.com/mjah/jwt-auth/blob/master/errors/codes.go)
## Example Client
To see an implementation of the jwt-auth API, please see the following [example client](https://github.com/mjah/jwt-auth-client-example).
## Contributing
Any feedback and pull requests are welcome and highly appreciated. Please open an issue first if you intend to send in a larger pull request or want to add additional features.
## License
This project is licensed under the MIT License - see the [LICENSE](https://github.com/mjah/jwt-auth/blob/master/LICENSE) file for details.