# ๐Ÿ›ก๏ธ AccessHandler A lightweight **Golang authentication and access management module** built with **Gin**, **GORM**, and **JWT**. It provides ready-to-use user authentication (login, refresh, logout, user info) with secure cookies and SQLite persistence. --- ## ๐Ÿš€ Features - ๐Ÿ” **JWT-based authentication** (access + refresh tokens) - ๐Ÿช **Secure HTTP-only cookies** - ๐Ÿงฉ **Modular handler design** (AccessHandler, DBHandler) - ๐Ÿ—ƒ๏ธ **SQLite via GORM** - ๐Ÿชต **Structured logging** - โš™๏ธ **Plug-and-play Gin integration** --- ## ๐Ÿ“‚ Project Structure ``` AccessHandler/ โ”œโ”€โ”€ handlers/ โ”‚ โ”œโ”€โ”€ access_handler.go # AccessHandler initialization โ”‚ โ”œโ”€โ”€ db_handler.go # Database handler using GORM โ”‚ โ”œโ”€โ”€ login.go # Login, Refresh, Me, Logout handlers โ”‚ โ”œโ”€โ”€ middleware.go # middleware authentification | โ”œโ”€โ”€ role.go # database handling for roles | โ”œโ”€โ”€ user.go # database users for roles | โ”œโ”€โ”€ models/ โ”‚ โ”œโ”€โ”€ jsonResponse.go # Json responses model โ”‚ โ”œโ”€โ”€ permission.go # Permission model โ”‚ โ”œโ”€โ”€ role.go # Role model + validation โ”‚ โ”œโ”€โ”€ settings.go # Settings model โ”‚ โ”œโ”€โ”€ user.go # User model + validation โ”‚ โ”œโ”€โ”€ utils/ โ”‚ โ”œโ”€โ”€ hash.go # Password hashing and verification โ”‚ โ”œโ”€โ”€ main.go # Gin server entry point (example) โ””โ”€โ”€ go.mod # Go module file ``` --- ## โš™๏ธ Installation ```bash git clone https://gitea.tecamino.com/paadi/AccessHandler.git cd AccessHandler go mod tidy ``` --- ## ๐Ÿงฑ Dependencies This project uses: - [Gin Web Framework](https://github.com/gin-gonic/gin) - [GORM ORM](https://gorm.io) - [SQLite Driver for GORM](https://github.com/glebarez/sqlite) - [Golang JWT v5](https://github.com/golang-jwt/jwt) - [Tecamino Logger (custom)](https://gitea.tecamino.com/paadi/tecamino-logger/logging) Install manually (if needed): ```bash go get github.com/gin-gonic/gin go get github.com/glebarez/sqlite go get gorm.io/gorm go get github.com/golang-jwt/jwt/v5 go get https://gitea.tecamino.com/paadi/tecamino-logger/logging ``` --- ## ๐Ÿ”‘ Authentication Constants In `handlers/login.go`: ```go // ----------------------------- // ๐Ÿ” AUTHENTICATION CONSTANTS // ----------------------------- var DOMAIN = "localhost" var ACCESS_TOKEN_TIME = 15 * time.Minute var REFRESH_TOKEN_TIME = 72 * time.Hour var ACCESS_SECRET = []byte("*") // replace "*" with strong random bytes var REFRESH_SECRET = []byte("*") ``` > ๐Ÿ’ก In production, **never hardcode secrets** โ€” use environment variables instead: > > ```go > var ACCESS_SECRET = []byte(os.Getenv("ACCESS_SECRET")) > var REFRESH_SECRET = []byte(os.Getenv("REFRESH_SECRET")) > ``` --- ## ๐Ÿง  API Endpoints | Method | Endpoint | Description | Auth Required | |--------|------------------|--------------------------------------|----------------| | `POST` | `/login` | Authenticate user, set JWT cookies | โŒ No | | `GET` | `/refresh` | Refresh access token using cookie | โœ… Yes (refresh token) | | `GET` | `/me` | Get current logged-in user info | โœ… Yes (access token) | | `POST` | `/logout` | Clear cookies and logout | โœ… Yes | --- ## ๐Ÿงช Example `main.go` ```go package main import ( "AccessHandler/handlers" "gitea.tecamino.com/paadi/tecamino-logger/logging" "github.com/gin-gonic/gin" "log" ) func main() { logger, _ := logging.NewLogger("server.log", nil) accessHandler, err := handlers.NewAccessHandler("access.db", logger) if err != nil { log.Fatal(err) } r := gin.Default() // Auth routes r.POST("/login", accessHandler.Login) r.GET("/refresh", accessHandler.Refresh) r.GET("/me", accessHandler.Me) r.POST("/logout", accessHandler.Logout) logger.Info("Server", "running on http://localhost:8080") r.Run(":8080") } ``` --- ## ๐Ÿ” Example Request **Login** ```bash curl -X POST http://localhost:8080/login -H "Content-Type: application/json" -d '{"user_name": "admin", "password": "1234"}' ``` **Response** ```json { "message": "login successful", "id": 1, "user": "admin", "role": "admin", "settings": "{}" } ``` --- ## ๐Ÿงน Database SQLite database is automatically created and migrated via: ```go gorm.Open(sqlite.Open("access.db"), &gorm.Config{}) ``` You can easily switch to another database by changing the driver. --- ## ๐Ÿชต Logging All actions are logged through the `tecamino-logger` package for full observability of access and errors. --- ## ๐Ÿงฐ Future Enhancements - โœ… Environment variable support for secrets - โœ… Role-based authorization middleware - โœ… Token revocation & blacklist - โœ… Unit tests for authentication flow