v1.5.1

middleware, renderer and commonly used functions moved to this project

.env.sample

@@ -41,9 +41,9 @@ REFRESH_KEY_TTL=60
 AUDIENCE=
 ISSUER=gorest
 # NotBefore for ACCESS_KEY in seconds
-NOT_BEFORE_ACC=
+NOT_BEFORE_ACC=0
 # NotBefore for REFRESH_KEY in seconds
-NOT_BEFORE_REF=
+NOT_BEFORE_REF=0
 SUBJECT=
 
 #

README.md

@@ -29,7 +29,7 @@ git remote set-head origin -a
 
 _Note:_ For version `<= 1.4.5`: https://github.com/pilinux/gorest/tree/v1.4.5
 
-For new projects, it is recommended to use `v1.5.x`
+For new projects, it is recommended to use `>= v1.5.1`
 
 ## Start building
 
@@ -39,7 +39,7 @@ For new projects, it is recommended to use `v1.5.x`
 import (
   "github.com/pilinux/gorest/config"
   "github.com/pilinux/gorest/database"
-  "github.com/pilinux/gorestlib/middleware"
+  "github.com/pilinux/gorest/lib/middleware"
 
   "github.com/gin-gonic/gin"
 )
@@ -49,9 +49,19 @@ _Quick tutorial:_ [Wiki][10] + this README.md file
 
 ## Updates
 
-### v1.5.0 [Jul 23 - 2022]
+### v1.5.1 [Jul 23 - 2022]
 
-Link: https://github.com/pilinux/gorest/releases/tag/v1.5.0
+Link: https://github.com/pilinux/gorest/releases/tag/v1.5.1
+
+&#9889; middleware, renderer and commonly used functions merged here
+
+After hours of testing, it felt more intuitive
+to have all middleware inside `gorest`.
+There is no need to import anything from `gorestlib` anymore.
+
+### v1.5.0 [Jul 23 - 2022] [_Do not use this version_]
+
+- Release and tag removed from github to avoid import
 
 &#9889; middleware, renderer and commonly used functions moved to a separate repo `github.com/pilinux/gorestlib`
 
@@ -250,7 +260,26 @@ Accessible endpoints of the test instance:
 - https://goapi.pilinux.me/api/v1/posts/:id
 - https://goapi.pilinux.me/api/v1/hobbies
 
-To prevent abuse, only HTTP `GET` requests are accepted by the demo server.
+To prevent abuse, HTTP `GET` requests are accepted by the demo server.
+
+Only the following endpoints accept HTTP `POST` requests to test JWT:
+
+- https://goapi.pilinux.me/api/v1/login
+
+```
+{
+    "Email": "[email protected]",
+    "Password": "1234.."
+}
+```
+
+- https://goapi.pilinux.me/api/v1/refresh
+
+```
+{
+    "RefreshJWT": "",
+}
+```
 
 <img width="650px" src="https://cdn.pilinux.workers.dev/images/GoREST/screenshot/GoREST.API.Demo.PNG">
 
@@ -559,6 +588,7 @@ gorest
 │---LICENSE
 │---CONTRIBUTING.md
 │---CODE_OF_CONDUCT.md
+│---SECURITY.md
 │---.gitattributes
 │---.gitignore
 │---.env.sample
@@ -574,7 +604,7 @@ gorest
 │    └---server.go
 │    └---view.go
 │
-│───controller
+└───controller
 │    └---auth.go
 │    └---login.go
 │    └---user.go
@@ -598,6 +628,21 @@ gorest
 │         └---hobby.go
 │         └---userHobby.go
 │
+└───lib
+│    └---hashing.go
+│    └---validateEmail.go
+│    └---removeAllSpace.go
+│    │
+│    └───middleware
+│    │    └---cors.go
+│    │    └---firewall.go
+│    │    └---ginpongo2.go
+│    │    └---jwt.go
+│    │    └---sentry.go
+│    │
+│    └───renderer
+│         └---render.go
+│
 └───logs
 │    └---README.md
 │
@@ -664,7 +709,7 @@ Default path to the HTML template files: `templates/`
 
 ### Step 4
 
-- `middleware`: Import from `github.com/pilinux/gorestlib/middleware`
+- `middleware`: All middleware should belong to this package.
 
 ### Step 5 (final step)
 

SECURITY.md

@@ -4,7 +4,7 @@
 
 | Version | Supported          |
 | ------- | ------------------ |
-| 1.5.x   | :white_check_mark: |
+| >=1.5.1 | :white_check_mark: |
 | 1.4.x   | :white_check_mark: |
 | < 1.4   | :x:                |
 

config/security.go

@@ -1,5 +1,9 @@
 package config
 
+import (
+	"github.com/pilinux/gorest/lib"
+)
+
 // SecurityConfig ...
 type SecurityConfig struct {
 	BasicAuth struct {
@@ -18,13 +22,7 @@ type SecurityConfig struct {
 		RefNbf   int
 		Subject  string
 	}
-	HashPass struct {
-		Memory      uint32
-		Iterations  uint32
-		Parallelism uint8
-		SaltLength  uint32
-		KeyLength   uint32
-	}
+	HashPass lib.HashPassConfig
 	Firewall struct {
 		ListType string
 		IP       string

controller/auth.go

@@ -5,8 +5,8 @@ import (
 
 	"github.com/pilinux/gorest/database"
 	"github.com/pilinux/gorest/database/model"
-	"github.com/pilinux/gorestlib"
-	"github.com/pilinux/gorestlib/renderer"
+	"github.com/pilinux/gorest/lib"
+	"github.com/pilinux/gorest/lib/renderer"
 
 	"github.com/gin-gonic/gin"
 	log "github.com/sirupsen/logrus"
@@ -25,7 +25,7 @@ func CreateUserAuth(c *gin.Context) {
 	}
 
 	// email validation
-	if !gorestlib.ValidateEmail(auth.Email) {
+	if !lib.ValidateEmail(auth.Email) {
 		renderer.Render(c, gin.H{"msg": "wrong email address"}, http.StatusBadRequest)
 		return
 	}

controller/hobby.go

@@ -5,7 +5,7 @@ import (
 
 	"github.com/pilinux/gorest/database"
 	"github.com/pilinux/gorest/database/model"
-	"github.com/pilinux/gorestlib/renderer"
+	"github.com/pilinux/gorest/lib/renderer"
 
 	"github.com/gin-gonic/gin"
 )

controller/login.go

@@ -3,10 +3,10 @@ package controller
 import (
 	"net/http"
 
+	"github.com/pilinux/gorest/lib"
+	"github.com/pilinux/gorest/lib/middleware"
+	"github.com/pilinux/gorest/lib/renderer"
 	"github.com/pilinux/gorest/service"
-	"github.com/pilinux/gorestlib"
-	"github.com/pilinux/gorestlib/middleware"
-	"github.com/pilinux/gorestlib/renderer"
 
 	"github.com/alexedwards/argon2id"
 	"github.com/gin-gonic/gin"
@@ -27,7 +27,7 @@ func Login(c *gin.Context) {
 		return
 	}
 
-	if !gorestlib.ValidateEmail(payload.Email) {
+	if !lib.ValidateEmail(payload.Email) {
 		renderer.Render(c, gin.H{"msg": "wrong email address"}, http.StatusBadRequest)
 		return
 	}

controller/playground.go

@@ -10,7 +10,7 @@ import (
 	log "github.com/sirupsen/logrus"
 
 	"github.com/pilinux/gorest/database"
-	"github.com/pilinux/gorestlib/renderer"
+	"github.com/pilinux/gorest/lib/renderer"
 )
 
 // RedisData - key:value

controller/playgroundMongo.go

@@ -14,7 +14,7 @@ import (
 	log "github.com/sirupsen/logrus"
 
 	"github.com/pilinux/gorest/database"
-	"github.com/pilinux/gorestlib/renderer"
+	"github.com/pilinux/gorest/lib/renderer"
 )
 
 // Geocoding - struct for address

controller/post.go

@@ -6,8 +6,8 @@ import (
 
 	"github.com/pilinux/gorest/database"
 	"github.com/pilinux/gorest/database/model"
-	"github.com/pilinux/gorestlib/middleware"
-	"github.com/pilinux/gorestlib/renderer"
+	"github.com/pilinux/gorest/lib/middleware"
+	"github.com/pilinux/gorest/lib/renderer"
 
 	"github.com/gin-gonic/gin"
 	log "github.com/sirupsen/logrus"

controller/user.go

@@ -6,8 +6,8 @@ import (
 
 	"github.com/pilinux/gorest/database"
 	"github.com/pilinux/gorest/database/model"
-	"github.com/pilinux/gorestlib/middleware"
-	"github.com/pilinux/gorestlib/renderer"
+	"github.com/pilinux/gorest/lib/middleware"
+	"github.com/pilinux/gorest/lib/renderer"
 
 	"github.com/gin-gonic/gin"
 	log "github.com/sirupsen/logrus"

database/migrate/.env.sample

@@ -41,9 +41,9 @@ REFRESH_KEY_TTL=60
 AUDIENCE=
 ISSUER=gorest
 # NotBefore for ACCESS_KEY in seconds
-NOT_BEFORE_ACC=
+NOT_BEFORE_ACC=0
 # NotBefore for REFRESH_KEY in seconds
-NOT_BEFORE_REF=
+NOT_BEFORE_REF=0
 SUBJECT=
 
 #

database/model/auth.go

@@ -8,7 +8,7 @@ import (
 	"gorm.io/gorm"
 
 	"github.com/pilinux/gorest/config"
-	"github.com/pilinux/gorestlib"
+	"github.com/pilinux/gorest/lib"
 )
 
 // Auth model - `auths` table
@@ -43,14 +43,14 @@ func (v *Auth) UnmarshalJSON(b []byte) error {
 	v.AuthID = aux.AuthID
 	v.Email = aux.Email
 
-	config := gorestlib.HashPassConfig{
+	config := lib.HashPassConfig{
 		Memory:      config.Security().HashPass.Memory,
 		Iterations:  config.Security().HashPass.Iterations,
 		Parallelism: config.Security().HashPass.Parallelism,
 		SaltLength:  config.Security().HashPass.SaltLength,
 		KeyLength:   config.Security().HashPass.KeyLength,
 	}
-	pass, err := gorestlib.HashPass(config, aux.Password)
+	pass, err := lib.HashPass(config, aux.Password)
 	if err != nil {
 		return err
 	}

go.mod

@@ -4,11 +4,15 @@ go 1.17
 
 require (
 	github.com/alexedwards/argon2id v0.0.0-20211130144151-3585854a6387
+	github.com/flosch/pongo2 v0.0.0-20200913210552-0d938eb266f3
 	github.com/gin-gonic/gin v1.8.1
+	github.com/golang-jwt/jwt v3.2.2+incompatible
+	github.com/google/uuid v1.3.0
 	github.com/jinzhu/gorm v1.9.16
 	github.com/joho/godotenv v1.4.0
 	github.com/mediocregopher/radix/v4 v4.1.0
-	github.com/pilinux/gorestlib v0.0.10
+	github.com/onrik/logrus v0.9.0
+	github.com/pilinux/structs v1.1.1
 	github.com/qiniu/qmgo v1.1.1
 	github.com/sirupsen/logrus v1.9.0
 	go.mongodb.org/mongo-driver v1.10.0
@@ -18,18 +22,17 @@ require (
 	gorm.io/gorm v1.23.8
 )
 
+retract v1.5.0
+
 require (
-	github.com/flosch/pongo2 v0.0.0-20200913210552-0d938eb266f3 // indirect
 	github.com/getsentry/sentry-go v0.13.0 // indirect
 	github.com/gin-contrib/sse v0.1.0 // indirect
 	github.com/go-playground/locales v0.14.0 // indirect
 	github.com/go-playground/universal-translator v0.18.0 // indirect
 	github.com/go-playground/validator/v10 v10.10.0 // indirect
 	github.com/go-sql-driver/mysql v1.6.0 // indirect
 	github.com/goccy/go-json v0.9.7 // indirect
-	github.com/golang-jwt/jwt v3.2.2+incompatible // indirect
 	github.com/golang/snappy v0.0.1 // indirect
-	github.com/google/uuid v1.3.0 // indirect
 	github.com/jackc/chunkreader/v2 v2.0.1 // indirect
 	github.com/jackc/pgconn v1.12.1 // indirect
 	github.com/jackc/pgio v1.0.0 // indirect
@@ -49,9 +52,7 @@ require (
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/montanaflynn/stats v0.0.0-20171201202039-1bf9dbcd8cbe // indirect
-	github.com/onrik/logrus v0.9.0 // indirect
 	github.com/pelletier/go-toml/v2 v2.0.1 // indirect
-	github.com/pilinux/structs v1.1.1 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/tilinna/clock v1.0.2 // indirect
 	github.com/ugorji/go/codec v1.2.7 // indirect

go.sum

@@ -242,8 +242,6 @@ github.com/pelletier/go-toml v1.2.0 h1:T5zMGML61Wp+FlcbWjRDT7yAxhJNAiPPLOFECq181
 github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
 github.com/pelletier/go-toml/v2 v2.0.1 h1:8e3L2cCQzLFi2CR4g7vGFuFxX7Jl1kKX8gW+iV0GUKU=
 github.com/pelletier/go-toml/v2 v2.0.1/go.mod h1:r9LEWfGN8R5k0VXJ+0BkIe7MYkRdwZOjgMj2KwnJFUo=
-github.com/pilinux/gorestlib v0.0.10 h1:oZV9gy+Ur3DXPdwVZsNGuEBegNH8YvhTb3icQuFxSMc=
-github.com/pilinux/gorestlib v0.0.10/go.mod h1:9KCdAMcYjI+LUhR4dj21mIJ6v1PT7pM+/5ZKo4ljFmY=
 github.com/pilinux/structs v1.1.1 h1:oab30yWZjsxSWCA8bHdCB4yUcB0qMSE8QVvgGSPEYxY=
 github.com/pilinux/structs v1.1.1/go.mod h1:Gm07WsM5mG+wZAqX2I4y5PoW4zvLhzDR+YoWm1c1BBk=
 github.com/pingcap/errors v0.11.4 h1:lFuQV/oaUMGcD2tqt+01ROSmJs75VG1ToEOkZIZ4nE4=

lib/hashing.go

@@ -0,0 +1,32 @@
+package lib
+
+// github.com/pilinux/gorest
+// The MIT License (MIT)
+// Copyright (c) 2022 pilinux
+
+import "github.com/alexedwards/argon2id"
+
+// HashPassConfig - params for argon2id
+type HashPassConfig struct {
+	Memory      uint32
+	Iterations  uint32
+	Parallelism uint8
+	SaltLength  uint32
+	KeyLength   uint32
+}
+
+// HashPass - securely hash passwords using Argon2id
+func HashPass(config HashPassConfig, pass string) (string, error) {
+	params := &argon2id.Params{
+		Memory:      config.Memory * 1024, // the amount of memory used by the Argon2 algorithm (in kibibytes)
+		Iterations:  config.Iterations,    // the number of iterations (or passes) over the memory
+		Parallelism: config.Parallelism,   // the number of threads (or lanes) used by the algorithm
+		SaltLength:  config.SaltLength,    // length of the random salt. 16 bytes is recommended for password hashing
+		KeyLength:   config.KeyLength,     // length of the generated key (or password hash). 16 bytes or more is recommended
+	}
+	h, err := argon2id.CreateHash(pass, params)
+	if err != nil {
+		return "", err
+	}
+	return h, err
+}