🔐 AuthAPI

A lightweight, secure authentication API built with Go that provides user registration, login, session management, and user data retrieval capabilities.

📋 Table of Contents

• 🔐 AuthAPI
  • ✨ Features
  • 🔧 Prerequisites
  • 📦 Installation
    • Option 1: Local Development
    • Option 2: Docker
  • 🚀 Quick Start
  • 📚 API Reference
    • 1. Register
    • 2. Login
    • 3. Authorized
    • 4. Logout
    • 5. Get User Data
  • 📁 Project Structure
  • 🛠️ Development
    • Dependencies
    • Building from Source
    • Running with Docker
  • 🧪 Testing
    • 1. Register a New User
    • 2. Login
    • 3. Check Authorization (Use sessionID from login response)
    • 4. Get User Data
    • 5. Logout
  • 🤝 Contributing

✨ Features

• User Registration: Secure user account creation with password hashing (bcrypt)
• User Authentication: Login with email/nickname and password
• Session Management: UUID-based sessions with 24-hour expiration
• Authorization Validation: Verify active sessions
• User Data Retrieval: Get authenticated user information
• Secure Logout: Session termination and cleanup
• SQLite Database: Lightweight, embedded database storage
• Docker Support: Containerized deployment ready

🔧 Prerequisites

• Go 1.20 or higher
• SQLite3
• Docker (optional, for containerized deployment)

📦 Installation

Option 1: Local Development

1. Clone the repository

   git clone <your-repo-url>
   cd authAPI

2. Install dependencies

   go mod download

   Or install packages individually:

   go get golang.org/x/crypto/bcrypt
   go get github.com/mattn/go-sqlite3
   go get github.com/google/uuid

3. Run the server

   go run main.go

   Note: The database will be automatically created on first run in ./databases/auth.db

Option 2: Docker

1. Build the Docker image

   docker build -t authapi .

2. Run the container

   docker run -p 8081:8081 -v $(pwd)/databases:/app/databases authapi

🚀 Quick Start

1. Start the server

   go run main.go

2. Server will be available at

   http://localhost:8081
   

3. Test the API

   # Register a new user
   curl -X POST http://localhost:8081/ \
     -H "Content-Type: application/json" \
     -d '{
       "action": "register",
       "body": {
         "nickname": "johndoe",
         "age": 30,
         "gender": "male",
         "firstName": "John",
         "lastName": "Doe",
         "email": "john.doe@example.com",
         "password": "securePassword123"
       }
     }'

📚 API Reference

All requests are sent as POST to the root endpoint (/) with a JSON body containing an action field and a body field.

1. Register

Create a new user account.

Request:

{
  "action": "register",
  "body": {
    "nickname": "string",
    "age": "int",
    "gender": "string",
    "firstName": "string",
    "lastName": "string",
    "email": "string",
    "password": "string"
  }
}

Response:

• Status: 201 Created
• Body: "New user created"

Example:

curl -X POST http://localhost:8081/ \
  -H "Content-Type: application/json" \
  -d '{
    "action": "register",
    "body": {
      "nickname": "exampleNickname",
      "age": 30,
      "gender": "male",
      "firstName": "John",
      "lastName": "Doe",
      "email": "john.doe@example.com",
      "password": "securePassword123"
    }
  }'

---

2. Login

Authenticate a user and receive session information.

Request:

{
  "action": "login",
  "body": {
    "identifier": "string (email or nickname)",
    "password": "string"
  }
}

Response:

• Status: 200 OK
• Body: User data object with session information

Example:

curl -X POST http://localhost:8081/ \
  -H "Content-Type: application/json" \
  -d '{
    "action": "login",
    "body": {
      "identifier": "john.doe@example.com",
      "password": "securePassword123"
    }
  }'

---

3. Authorized

Verify if a session is valid.

Request:

{
  "action": "authorized",
  "body": {
    "sessionID": "string (UUID)"
  }
}

Response:

• Status: 202 Accepted
• Body: "The session is valid"

Example:

curl -X POST http://localhost:8081/ \
  -H "Content-Type: application/json" \
  -d '{
    "action": "authorized",
    "body": {
      "sessionID": "6a09a3da-26ee-4b35-870c-d7a4f22f939c"
    }
  }'

---

4. Logout

Terminate a user session.

Request:

{
  "action": "logout",
  "body": {
    "sessionID": "string (UUID)"
  }
}

Response:

• Status: 200 OK
• Body: "The session is deleted"

Example:

curl -X POST http://localhost:8081/ \
  -H "Content-Type: application/json" \
  -d '{
    "action": "logout",
    "body": {
      "sessionID": "6a09a3da-26ee-4b35-870c-d7a4f22f939c"
    }
  }'

---

5. Get User Data

Retrieve authenticated user information.

Request:

{
  "action": "getUserData",
  "body": {
    "sessionID": "string (UUID)"
  }
}

Response:

• Status: 200 OK
• Body: User data object

Example:

curl -X POST http://localhost:8081/ \
  -H "Content-Type: application/json" \
  -d '{
    "action": "getUserData",
    "body": {
      "sessionID": "6a09a3da-26ee-4b35-870c-d7a4f22f939c"
    }
  }'

📁 Project Structure

authAPI/
├── main.go                 # Application entry point
├── go.mod                  # Go module definition
├── go.sum                  # Go dependencies checksum
├── Dockerfile              # Docker configuration
├── README.md               # This file
├── databases/              # Database files and SQL scripts
│   └── sqlRequests/
│       ├── createTable.sql
│       ├── insertNewSession.sql
│       └── insertNewUser.sql
├── internals/              # Internal application logic
│   ├── dbManager/          # Database initialization
│   │   └── initDB.go
│   ├── handlers/           # HTTP request handlers
│   │   ├── mainHandler.go
│   │   ├── registerHandler.go
│   │   ├── loginHandler.go
│   │   ├── authorized.go
│   │   ├── logoutHandler.go
│   │   └── getUserDataHandler.go
│   └── tools/              # Utility functions
│       └── utils.go
├── models/                 # Data models
│   ├── user.go
│   ├── session.go
│   └── request.go
└── script/                 # Utility scripts
    ├── init.sh
    └── push.sh

🛠️ Development

Dependencies

This project uses the following Go packages:

• bcrypt: Password hashing and verification
• go-sqlite3: SQLite database driver
• uuid: UUID generation for sessions

Building from Source

# Build the binary
go build -o authapi-server

# Run the binary
./authapi-server

Running with Docker

# Build and run with Docker
docker build -t authapi .
docker run -p 8081:8081 -v $(pwd)/databases:/app/databases authapi

🧪 Testing

Complete test suite with example commands:

1. Register a New User

curl -X POST http://localhost:8081/ \
  -H "Content-Type: application/json" \
  -d '{
    "action": "register",
    "body": {
      "nickname": "testuser",
      "age": 25,
      "gender": "female",
      "firstName": "Jane",
      "lastName": "Smith",
      "email": "jane.smith@example.com",
      "password": "testPassword456"
    }
  }'

2. Login

curl -X POST http://localhost:8081/ \
  -H "Content-Type: application/json" \
  -d '{
    "action": "login",
    "body": {
      "identifier": "jane.smith@example.com",
      "password": "testPassword456"
    }
  }'

3. Check Authorization (Use sessionID from login response)

curl -X POST http://localhost:8081/ \
  -H "Content-Type: application/json" \
  -d '{
    "action": "authorized",
    "body": {
      "sessionID": "YOUR_SESSION_ID_HERE"
    }
  }'

4. Get User Data

curl -X POST http://localhost:8081/ \
  -H "Content-Type: application/json" \
  -d '{
    "action": "getUserData",
    "body": {
      "sessionID": "YOUR_SESSION_ID_HERE"
    }
  }'

5. Logout

curl -X POST http://localhost:8081/ \
  -H "Content-Type: application/json" \
  -d '{
    "action": "logout",
    "body": {
      "sessionID": "YOUR_SESSION_ID_HERE"
    }
  }'

🤝 Contributing

Contributions are welcome! Please feel free to submit a Pull Request.

1. Fork the repository
2. Create a feature branch (git checkout -b feature/AmazingFeature)
3. Commit your changes (git commit -m 'Add some AmazingFeature')
4. Push to the branch (git push origin feature/AmazingFeature)
5. Open a Pull Request

---

Note: This API is designed for educational purposes. For production use, consider additional security measures such as HTTPS, rate limiting, input validation, and comprehensive error handling.

---

⭐ Star this repository if you found it helpful! ⭐

Made with ❤️ from 🇸🇳