add:jwt middleware

Author: ir0m

part3/cmd/api/main.go

@@ -2,6 +2,7 @@ package main
 
 import (
 	"part3/internal/handler"
+	"part3/internal/middleware"
 	"part3/internal/model"
 	"part3/internal/repository"
 	"part3/internal/service"
@@ -19,38 +20,45 @@ func main() {
 	}
 
 	// Migrate the schema
-	db.AutoMigrate(&model.Task{}, &model.Schedule{})
+	db.AutoMigrate(&model.Task{}, &model.Schedule{}, &model.User{})
 
 	// Initialize repositories
 	taskRepo := repository.NewTaskRepository(db)
 	scheduleRepo := repository.NewScheduleRepository(db)
-
 	// Initialize services
 	taskService := service.NewTaskService(taskRepo)
 	scheduleService := service.NewScheduleService(scheduleRepo, taskRepo)
+	authService := service.NewAuthService(db)
 
 	// Initialize handlers
 	taskHandler := handler.NewTaskHandler(taskService)
 	scheduleHandler := handler.NewScheduleHandler(scheduleService)
+	authHandler := handler.NewAuthHandler(authService)
 
 	// Set up Gin router
 	r := gin.Default()
 
+	// Auth routes
+	r.POST("/register", authHandler.Register)
+	r.POST("/login", authHandler.Login)
+
 	// Task routes
+	authGroup := r.Group("/schedules")
+	authGroup.Use(middleware.AuthMiddleware())
+	{
+		authGroup.POST("/", scheduleHandler.CreateSchedule)
+		authGroup.GET("/:id", scheduleHandler.GetSchedule)
+		authGroup.GET("/tasks/:taskId/schedules", scheduleHandler.GetSchedulesByTask)
+		authGroup.PUT("/:id", scheduleHandler.UpdateSchedule)
+		authGroup.DELETE("/:id", scheduleHandler.DeleteSchedule)
+		authGroup.GET("/", scheduleHandler.ListSchedules)
+	}
 	r.POST("/tasks", taskHandler.CreateTask)
 	r.GET("/tasks/:id", taskHandler.GetTask)
 	r.PUT("/tasks/:id", taskHandler.UpdateTask)
 	r.DELETE("/tasks/:id", taskHandler.DeleteTask)
 	r.GET("/tasks", taskHandler.ListTasks)
 
-	// Schedule routes
-	r.POST("/schedules", scheduleHandler.CreateSchedule)
-	r.GET("/schedules/:id", scheduleHandler.GetSchedule)
-	r.GET("/tasks/:taskId/schedules", scheduleHandler.GetSchedulesByTask)
-	r.PUT("/schedules/:id", scheduleHandler.UpdateSchedule)
-	r.DELETE("/schedules/:id", scheduleHandler.DeleteSchedule)
-	r.GET("/schedules", scheduleHandler.ListSchedules)
-
 	// Start the server
 	r.Run(":8080")
 }

part3/go.mod

@@ -4,8 +4,10 @@ go 1.24.4
 
 require (
 	github.com/gin-gonic/gin v1.11.0
+	github.com/golang-jwt/jwt/v5 v5.3.0
 	github.com/stretchr/testify v1.11.1
 	go.uber.org/mock v0.6.0
+	golang.org/x/crypto v0.41.0
 	gorm.io/driver/sqlite v1.6.0
 	gorm.io/gorm v1.31.1
 )
@@ -38,7 +40,6 @@ require (
 	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
 	github.com/ugorji/go/codec v1.3.0 // indirect
 	golang.org/x/arch v0.20.0 // indirect
-	golang.org/x/crypto v0.41.0 // indirect
 	golang.org/x/mod v0.27.0 // indirect
 	golang.org/x/net v0.43.0 // indirect
 	golang.org/x/sync v0.16.0 // indirect

part3/go.sum

@@ -25,6 +25,8 @@ github.com/goccy/go-json v0.10.2 h1:CrxCmQqYDkv1z7lO7Wbh2HN93uovUHgrECaO5ZrCXAU=
 github.com/goccy/go-json v0.10.2/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
 github.com/goccy/go-yaml v1.18.0 h1:8W7wMFS12Pcas7KU+VVkaiCng+kG8QiFeFwzFb+rwuw=
 github.com/goccy/go-yaml v1.18.0/go.mod h1:XBurs7gK8ATbW4ZPGKgcbrY1Br56PdM69F7LkFRi1kA=
+github.com/golang-jwt/jwt/v5 v5.3.0 h1:pv4AsKCKKZuqlgs5sUmn4x8UlGa0kEVt/puTpKx9vvo=
+github.com/golang-jwt/jwt/v5 v5.3.0/go.mod h1:fxCRLWMO43lRc8nhHWY6LGqRcf+1gQWArsqaEUEa5bE=
 github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
 github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=

part3/internal/handler/auth.go

@@ -0,0 +1,52 @@
+package handler
+
+import (
+	"net/http"
+	"part3/internal/service"
+
+	"github.com/gin-gonic/gin"
+)
+
+type AuthHandler struct {
+	service service.AuthService
+}
+
+func NewAuthHandler(service service.AuthService) *AuthHandler {
+	return &AuthHandler{service: service}
+}
+
+type AuthRequest struct {
+	Username string `json:"username" binding:"required"`
+	Password string `json:"password" binding:"required"`
+}
+
+func (h *AuthHandler) Register(c *gin.Context) {
+	var req AuthRequest
+	if err := c.ShouldBindJSON(&req); err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+		return
+	}
+
+	if err := h.service.Register(req.Username, req.Password); err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "Failed to register user"})
+		return
+	}
+
+	c.Status(http.StatusCreated)
+}
+
+func (h *AuthHandler) Login(c *gin.Context) {
+	var req AuthRequest
+	if err := c.ShouldBindJSON(&req); err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+		return
+	}
+
+	token, err := h.service.Login(req.Username, req.Password)
+	if err != nil {
+		c.JSON(http.StatusUnauthorized, gin.H{"error": "Invalid credentials"})
+		return
+	}
+
+	c.JSON(http.StatusOK, gin.H{"token": token})
+}

part3/internal/middleware/auth.go

@@ -0,0 +1,50 @@
+package middleware
+
+import (
+	"fmt"
+	"net/http"
+	"strings"
+
+	"github.com/gin-gonic/gin"
+	"github.com/golang-jwt/jwt/v5"
+)
+
+var jwtSecretKey = []byte("your_secret_key") // Serviceと同じキーを使う
+
+func AuthMiddleware() gin.HandlerFunc {
+	return func(c *gin.Context) {
+		authHeader := c.GetHeader("Authorization")
+		if authHeader == "" {
+			c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "Authorization header is required"})
+			return
+		}
+
+		// "Bearer <token>" 形式からトークン部分のみ抽出
+		tokenString := strings.TrimPrefix(authHeader, "Bearer ")
+		if tokenString == authHeader {
+			c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "Bearer token format is required"})
+			return
+		}
+
+		token, err := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) {
+			if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
+				return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"])
+			}
+			return jwtSecretKey, nil
+		})
+
+		if err != nil || !token.Valid {
+			c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "Invalid token"})
+			return
+		}
+
+		// トークンからユーザーIDを取り出し、コンテキストにセット（後続のハンドラで利用可能）
+		if claims, ok := token.Claims.(jwt.MapClaims); ok && token.Valid {
+			if sub, ok := claims["sub"].(float64); ok {
+				c.Set("userID", uint(sub))
+			}
+		}
+
+		c.Next()
+	}
+}

part3/internal/model/user.go

@@ -0,0 +1,16 @@
+package model
+
+import (
+	"time"
+
+	"gorm.io/gorm"
+)
+
+type User struct {
+	ID        uint           `gorm:"primaryKey" json:"id"`
+	Username  string         `gorm:"unique;not null" json:"username"`
+	Password  string         `gorm:"not null" json:"-"` // JSONには含めない
+	CreatedAt time.Time      `json:"created_at"`
+	UpdatedAt time.Time      `json:"updated_at"`
+	DeletedAt gorm.DeletedAt `gorm:"index" json:"-"`
+}

part3/internal/service/auth.go

@@ -0,0 +1,67 @@
+package service
+
+import (
+	"errors"
+	"time"
+
+	"part3/internal/model"
+
+	"github.com/golang-jwt/jwt/v5"
+	"golang.org/x/crypto/bcrypt"
+	"gorm.io/gorm"
+)
+
+// 署名に使用する秘密鍵（本番環境では環境変数から読み込むべきです）
+var jwtSecretKey = []byte("your_secret_key")
+
+type AuthService interface {
+	Login(username, password string) (string, error)
+	Register(username, password string) error
+}
+
+type authService struct {
+	db *gorm.DB
+}
+
+func NewAuthService(db *gorm.DB) AuthService {
+	return &authService{db: db}
+}
+
+func (s *authService) Register(username, password string) error {
+	hashedPassword, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
+	if err != nil {
+		return err
+	}
+
+	user := model.User{
+		Username: username,
+		Password: string(hashedPassword),
+	}
+
+	return s.db.Create(&user).Error
+}
+
+func (s *authService) Login(username, password string) (string, error) {
+	var user model.User
+	if err := s.db.Where("username = ?", username).First(&user).Error; err != nil {
+		return "", errors.New("invalid credentials")
+	}
+
+	// パスワードの検証
+	if err := bcrypt.CompareHashAndPassword([]byte(user.Password), []byte(password)); err != nil {
+		return "", errors.New("invalid credentials")
+	}
+
+	// JWTトークンの生成
+	token := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{
+		"sub": user.ID,                               // Subject (ユーザーID)
+		"exp": time.Now().Add(time.Hour * 24).Unix(), // 有効期限 (24時間)
+	})
+
+	tokenString, err := token.SignedString(jwtSecretKey)
+	if err != nil {
+		return "", err
+	}
+
+	return tokenString, nil
+}

presentation-part3.typ

@@ -176,6 +176,14 @@ authGroup.Use(middleware.AuthMiddleware())
 }
 ```
 
+== ユーザー登録とログイン
+- internal/handler/auth.go
+```bash
+curl -X POST http://localhost:8080/login \
+  -H "Content-Type: application/json" \
+  -d '{"username":"user1","password":"pass123"}'
+```
+
 = 4. DB永続化(Docker Compose)
 == PostgreSQLの導入
 - Docker ComposeでPostgreSQLコンテナを起動