Add backend JWT initial implimentation

README.md

@@ -1,4 +1,4 @@
-# Framingo Armond
+# Flamingo Armond
 🔥Tinder like Flashcard App. 
 
 ![flamingo-armond backend](https://github.com/yasuflatland-lf/flamingo-armond/actions/workflows/backend.yml/badge.svg)
@@ -37,11 +37,19 @@ The `render.yaml` is where all configurations are gathered and assosiated with t
 `Flamingo Armond` uses [Superbase](https://supabase.com/) for the [Database (Postgres)](https://supabase.com/database) and [Auth](https://supabase.com/auth). All configurations and environment valuables are configured on the dashboard. Grab configurations from `.env` file and apply them here, such as database name, user name, user password, SSL enablement, e.g.
 
 ## Set up Auth on Superbase
-1. Create `Client ID` and `Client Secret` on `Google`
+### Set up OAuth API on Google Cloud
+Create `Client ID` and `Client Secret` on `Google`
+
+Refer [this document](https://support.google.com/workspacemigrate/answer/9222992?hl=ja) for the details of set up.
+
+#### Check scope.
+Please see [this page](https://supabase.com/docs/guides/auth/social-login/auth-google?queryGroups=platform&platform=web&queryGroups=environment&environment=client&queryGroups=framework&framework=sveltekit#application-code-configuration) for the OAuth scope to be configured for `Superbase`
+
+### Set up Auth on Superbase
 1. Navigate to the dashboard on `Superbase` and chose `Google Auth`
-1. Fill out `Client ID` , `Client Secret` and `Authorized Client IDs`
+2. Fill out `Client ID` , `Client Secret` and `Authorized Client IDs`
 
 # Run Locally
 ```
 make server
-```
+```

backend/.env.example

@@ -1,5 +1,6 @@
 # No double quote needed for the text. Database will fail.
 PORT=1323
+# Environment is either dev, production or test see more details in config.go
 GO_ENV=dev
 GQL_COMPLEXITY=10
 PG_HOST=localhost

backend/go.mod

@@ -7,11 +7,11 @@ require (
 	github.com/caarlos0/env/v11 v11.1.0
 	github.com/docker/go-connections v0.5.0
 	github.com/go-playground/validator/v10 v10.22.0
-	github.com/golang-jwt/jwt/v5 v5.2.1
 	github.com/google/uuid v1.6.0
 	github.com/gorilla/websocket v1.5.0
 	github.com/graph-gophers/dataloader/v7 v7.1.0
 	github.com/joho/godotenv v1.5.1
+	github.com/labstack/echo-jwt/v4 v4.2.0
 	github.com/labstack/echo/v4 v4.12.0
 	github.com/labstack/gommon v0.4.2
 	github.com/lib/pq v1.10.9
@@ -49,6 +49,7 @@ require (
 	github.com/go-playground/universal-translator v0.18.1 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang-jwt/jwt v3.2.2+incompatible // indirect
+	github.com/golang-jwt/jwt/v5 v5.2.1 // indirect
 	github.com/hashicorp/golang-lru/v2 v2.0.7 // indirect
 	github.com/jackc/pgpassfile v1.0.0 // indirect
 	github.com/jackc/pgservicefile v0.0.0-20221227161230-091c0ba34f0a // indirect

backend/go.sum

@@ -106,6 +106,8 @@ github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0=
 github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
+github.com/labstack/echo-jwt/v4 v4.2.0 h1:odSISV9JgcSCuhgQSV/6Io3i7nUmfM/QkBeR5GVJj5c=
+github.com/labstack/echo-jwt/v4 v4.2.0/go.mod h1:MA2RqdXdEn4/uEglx0HcUOgQSyBaTh5JcaHIan3biwU=
 github.com/labstack/echo/v4 v4.12.0 h1:IKpw49IMryVB2p1a4dzwlhP1O2Tf2E0Ir/450lH+kI0=
 github.com/labstack/echo/v4 v4.12.0/go.mod h1:UP9Cr2DJXbOK3Kr9ONYzNowSh7HP0aG0ShAyycHSJvM=
 github.com/labstack/gommon v0.4.2 h1:F8qTUNXgG1+6WQmqoUWnz8WiEU60mXVVw0P4ht1WRA0=

backend/pkg/config/config.go

@@ -9,13 +9,16 @@ import (
 const (
 	APP_MODE_DEV  = "dev"
 	APP_MODE_PROD = "production"
+	APP_MODE_TEST = "test"
 )
 
+var validEnvs = []string{APP_MODE_DEV, APP_MODE_PROD, APP_MODE_TEST}
+
 // Config structure holds all the configuration values
 type Config struct {
 	// System Settings
 	Port  int    `env:"PORT,notEmpty" envDefault:"1323"`
-	GoEnv string `env:"GO_ENV,notEmpty" envDefault:"dev"`
+	GoEnv string `env:"GO_ENV,notEmpty" envDefault:"test"`
 
 	// GraphQL related configurations
 	GQLComplexity int `env:"GQL_COMPLEXITY,notEmpty" envDefault:"10"`
@@ -43,10 +46,26 @@ func init() {
 		slog.Error("Failed to parse environment variables: %+v", err)
 	}
 
+	if !isValidEnv(Cfg.GoEnv) {
+		slog.Error(fmt.Sprintf("Invalid GO_ENV value: %s. Must be one of %v", Cfg.GoEnv, validEnvs))
+	}
+
 	if Cfg.PGQueryLimit <= Cfg.FLBatchDefaultAmount {
-		slog.Error(fmt.
-			Sprintf("FLBatchDefaultAmount<%d> must be smaller than"+
-				" PGQueryLimit<%d>",
-				Cfg.FLBatchDefaultAmount, Cfg.PGQueryLimit))
+		slog.Error(fmt.Sprintf("FLBatchDefaultAmount<%d> must be smaller than PGQueryLimit<%d>",
+			Cfg.FLBatchDefaultAmount, Cfg.PGQueryLimit))
+	}
+}
+
+// isValidEnv checks if the provided env is valid
+func isValidEnv(env string) bool {
+	for _, v := range validEnvs {
+		if env == v {
+			return true
+		}
 	}
+	return false
+}
+
+func IsTest() bool {
+	return Cfg.GoEnv == APP_MODE_TEST
 }

backend/pkg/config/config_test.go

@@ -27,7 +27,7 @@ func TestConfigDefaults(t *testing.T) {
 
 	// Verify default values
 	assert.Equal(t, 1323, config.Cfg.Port, "Default Port should be 1323")
-	assert.Equal(t, "dev", config.Cfg.GoEnv, "Default GoEnv should be 'dev'")
+	assert.Equal(t, "test", config.Cfg.GoEnv, "Default GoEnv should be 'dev'")
 	assert.Equal(t, 10, config.Cfg.GQLComplexity, "Default GQLComplexity should be 10")
 	assert.Equal(t, "localhost", config.Cfg.PGHost, "Default PGHost should be 'localhost'")
 	assert.Equal(t, "testuser", config.Cfg.PGUser, "Default PGUser should be 'testuser'")

backend/web/server/server.go

@@ -9,6 +9,7 @@ import (
 	"backend/pkg/usecases"
 	"backend/pkg/validator"
 	"github.com/99designs/gqlgen/graphql/handler/extension"
+	echojwt "github.com/labstack/echo-jwt/v4"
 	"log"
 	"net/http"
 	"strconv"
@@ -40,6 +41,21 @@ func NewRouter(db *gorm.DB) *echo.Echo {
 	// Create usecases
 	usecase := usecases.New(service)
 
+	// Configure Auth
+	if !config.IsTest() {
+		e.Use(echojwt.WithConfig(echojwt.Config{
+			SigningKey:  []byte(config.Cfg.JWTSecret),
+			TokenLookup: "cookie:jwt",
+		}))
+	} else {
+		e.Use(func(next echo.HandlerFunc) echo.HandlerFunc {
+			return func(c echo.Context) error {
+				// Skip Auth in the Testing Environment
+				return next(c)
+			}
+		})
+	}
+
 	// Validator
 	validateWrapper := validator.NewValidateWrapper()