This project demonstrate how to create api and secure it with jwt token. The project also has capability of caching mechanism using redis. I've implemented clean architecture in this project that contains 4 layers namely repository, usecase, delivery and entity. If you are interested to the architecture that i have implemented, you can refer to this article : https://blog.cleancoder.com/uncle-bob/2012/08/13/the-clean-architecture.html
- /api/auth/login(public)
- /api/auth/logout(require token)
- /api/user(require token)
- When user login, user will passing 2 required field namely username and password, actually in this project I haven't implemented sql database. This project only focus how to secure api using jwt and how the caching mechanism using redis. App will receive the username and password and compare it with the username and password that i have harcoded in the code. If the credential is matched, then app will generate token and store the user uuid generated by app to redis.
- When user access private endpoint, user must provide Authorization header. App will validate that token. Before validating the token, the app will check whether that token is owned by logged user by checking the user uuid is exist or not in redis. So there is no way we can use token from logged out user
- When user logout, app will remove user uuid from redis.
You need to provide .env file that has these variable
APP_NAME=
JWT_SIGNATURE_KEY=
REDIS_HOST=
REDIS_PORT=
API_HOST=
API_PORT=
Download project dependencies
go mod tidyrun the project
go run .- Redis version >= 5.0.7
- Go version >= go1.17.3