Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/sixcolors/fiber-jwt-auth-example

Example Fiber JWT Auth App with RBAC
https://github.com/sixcolors/fiber-jwt-auth-example

Last synced: 11 days ago
JSON representation

Example Fiber JWT Auth App with RBAC

Host: GitHub
URL: https://github.com/sixcolors/fiber-jwt-auth-example
Owner: sixcolors
Created: 2024-06-15T20:40:21.000Z (5 months ago)
Default Branch: main
Last Pushed: 2024-06-15T20:45:58.000Z (5 months ago)
Last Synced: 2024-10-06T17:41:35.911Z (about 1 month ago)
Language: Go
Size: 4.88 KB
Stars: 1
Watchers: 1
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

        # GoFiber JWT Role-Based Access Control (RBAC) Example

This is a simple example of a Go application using the GoFiber framework, JWT (JSON Web Tokens), and a custom middleware function to implement Role-Based Access Control (RBAC).

## Overview

The application sets up a few routes:

- `/login`: This route accepts POST requests with a user and pass form data. If the credentials match a hardcoded "john" and "doe", it generates a JWT with claims including the user's name and roles, and returns it in the response. The JWT is signed with a secret key.

- `/`: This is an unauthenticated route that anyone can access.

- `/restricted`: This route is protected by a JWT middleware and a custom hasRole middleware. The JWT middleware checks if the request has a valid JWT in the Authorization header. The hasRole middleware checks if the JWT has a claim of a specific role.

## Middleware

The hasRole middleware function checks if the JWT has a claim of a specific role. It can be applied to any route. If the JWT does not have the required role, it returns a 403 Forbidden status.

## JWT

The JWT is generated in the /login route. It includes claims of the user's name and roles. The JWT is signed with a secret key.

## Running the Application

To run the application, you need to have Go installed. You can run the following commands:

```bash

go run main.go

```

The application will start on port 3000.

## Testing

You can test the application with curl:

```bash

# and get a token

curl --data "user=john&pass=doe" http://localhost:3000/login

# Access the restricted route with the token

curl localhost:3000/restricted -H "Authorization: Bearer "

```

## License

This project is licensed under the MIT License