A lightweight Golang authentication and access management module built with Gin, GORM, and JWT.
It provides ready-to-use user authentication (login, refresh, logout, user info) with secure cookies and SQLite persistence.

🚀 Features

🔐 JWT-based authentication (access + refresh tokens)
🍪 Secure HTTP-only cookies
🧩 Modular handler design (AccessHandler, DBHandler)
🗃️ SQLite via GORM
🪵 Structured logging
⚙️ Plug-and-play Gin integration

📂 Project Structure

AccessHandler/
├── access_handler.go      # AccessHandler initialization
├── db_handler.go          # Database handler using GORM
├── login.go               # Login, Refresh, Me, Logout handlers
├── middleware.go          # middleware authentification
├── role.go                # database handling for roles
├── user.go                # database users for roles
|
├── models/
│   ├── jsonResponse.go        # Json responses model
│   ├── permission.go          # Permission model
│   ├── role.go                # Role model + validation
│   ├── settings.go            # Settings model
│   ├── user.go                # User model + validation
│
├── utils/
│   ├── hash.go                # Password hashing and verification
│
├── main.go                    # Gin server entry point (example)
└── go.mod                     # Go module file

⚙️ Installation

git clone https://gitea.tecamino.com/paadi/AccessHandler.git
cd AccessHandler
go mod tidy

🧱 Dependencies

This project uses:

Install manually (if needed):

go get github.com/gin-gonic/gin
go get github.com/glebarez/sqlite
go get gorm.io/gorm
go get github.com/golang-jwt/jwt/v5
go get https://gitea.tecamino.com/paadi/tecamino-logger/logging

🔑 Authentication Constants

In login.go:

// -----------------------------
// 🔐 AUTHENTICATION CONSTANTS
// -----------------------------
var DOMAIN = "localhost"
var ACCESS_TOKEN_TIME = 15 * time.Minute
var REFRESH_TOKEN_TIME = 72 * time.Hour

var ACCESS_SECRET = []byte("*")    // replace "*" with strong random bytes
var REFRESH_SECRET = []byte("*")

💡 In production, never hardcode secrets — use environment variables instead:
var ACCESS_SECRET = []byte(os.Getenv("ACCESS_SECRET"))
var REFRESH_SECRET = []byte(os.Getenv("REFRESH_SECRET"))

🧠 API Endpoints

Method	Endpoint	Description	Auth Required
`POST`	`/login`	Authenticate user, set JWT cookies	❌ No
`GET`	`/refresh`	Refresh access token using cookie	✅ Yes (refresh token)
`GET`	`/me`	Get current logged-in user info	✅ Yes (access token)
`POST`	`/logout`	Clear cookies and logout	✅ Yes

🧪 Example `main.go`

package main

import (
    "gitea.tecamino.com/paadi/tecamino-logger/logging"
    "github.com/gin-gonic/gin"
    "log"
)

func main() {
    logger, _ := logging.NewLogger("server.log", nil)
    accessHandler, err := NewAccessHandler("access.db", logger)
    if err != nil {
        log.Fatal(err)
    }

    r := gin.Default()

    // Auth routes
    r.POST("/login", accessHandler.Login)
    r.GET("/refresh", accessHandler.Refresh)
    r.GET("/me", accessHandler.Me)
    r.POST("/logout", accessHandler.Logout)

    logger.Info("Server", "running on http://localhost:8080")
    r.Run(":8080")
}

🔍 Example Request

Login

curl -X POST http://localhost:8080/login   -H "Content-Type: application/json"   -d '{"user_name": "admin", "password": "1234"}'

Response

{
  "message": "login successful",
  "id": 1,
  "user": "admin",
  "role": "admin",
  "settings": "{}"
}

🧹 Database

SQLite database is automatically created and migrated via:

gorm.Open(sqlite.Open("access.db"), &gorm.Config{})

You can easily switch to another database by changing the driver.

🪵 Logging

All actions are logged through the tecamino-logger package for full observability of access and errors.

🧰 Future Enhancements

✅ Environment variable support for secrets
✅ Role-based authorization middleware
✅ Token revocation & blacklist
✅ Unit tests for authentication flow

README.md

🛡️ AccessHandler