Golang Course With Building a Fintech Banking App – Lesson 4: User Authentication and Bank Transactions PART 1

by Radek Fabisiak

Intro to Golang user authentication

In Lesson 4 of the Golang course, we will talk about user authentication and banking transactions.

In the previous episodes of the course, we learned how to do migrations:

Golang course with building a fintech banking app – Lesson 1: Start the project

We learned how to do user login:

Golang course with building a fintech banking app – Lesson 2: Login and REST API

And, we learned how to do user registration:

Golang course with building a fintech banking app – Lesson 3: User registration

As well you need to remember about Angular 9 course created by my friend Anna:

Angular Course with building a banking application with Tailwind CSS – Lesson 1: Start the project

Today, we can focus on something crazy interesting, that is one of the main functionality in our project.

Of course, I mean bank transfers that I’ve told you about in the previous episode.

But not only!

In this lesson of the Golang course, we will learn how to get users and refactor a bit of the code.

I will teach you how yo use user authentication with JWT token as well.

Let’s start!

If you prefer video, here is the youtube version:

Create readBody in api.go

In the first step of this Golang course lesson, we need to refactor our api.go file a bit.

Most of the API calls have a very similar structure, so we do not need to duplicate the same code all the time.

We can refactor the logic that we use to reading the body.

Let’s create the readBody function in api.go, and move there the logic from the login and register functions.

func readBody(r *http.Request) []byte {
    body, err := ioutil.ReadAll(r.Body)
    helpers.HandleErr(err)
    
    return body
}

Create apiResponse in api.go

The next logic that we often use in the API calls is logically related to the API response.

We can do similar action, let’s create the function named apiResponse.

Next, move all the functions related to call response into and change the name of the objects from “login”, “register” to “call”.

func apiResponse(call map[string]interface{}, w http.ResponseWriter) {
    if call["message"] == "all is fine" {
        resp := call
        json.NewEncoder(w).Encode(resp)
        // Handle error in else
    } else {
        resp := interfaces.ErrResponse{Message: "Wrong username or password"}
        json.NewEncoder(w).Encode(resp)
    }
}

Refactor login in api.go to use readBody and apiResponse

Fine, our cleaner code is ready.

Now, we need to clean the login function and replace all of the code by our functions.

Replace the logic related to the reading body and the logic related to the response.

func login(w http.ResponseWriter, r *http.Request) {
    // Refactor login to use readBody
    body := readBody(r)

    var formattedBody Login
    err := json.Unmarshal(body, &formattedBody)
    helpers.HandleErr(err)

    login := users.Login(formattedBody.Username, formattedBody.Password)
    // Refactor login to use apiResponse function
    apiResponse(login, w)
}

Refactor register in api.go to use readBody and apiResponse

The function “register” should be cleaned in the same way that we did it with the “login” one.

Just replace the reading body and the response.

func register(w http.ResponseWriter, r *http.Request) {
    body := readBody(r)

    var formattedBody Register
    err := json.Unmarshal(body, &formattedBody)
    helpers.HandleErr(err)

    register := users.Register(formattedBody.Username, formattedBody.Email, formattedBody.Password)
    // Refactor register to use apiResponse function
    apiResponse(register, w)
}

Create PanicHandler middleware to handle internal errors

In the next step, we should focus on handling our “panic” logs.

These are not very good because if something happens, the app starts panicking.

It would be great to let users know something is wrong and its internal error in most cases.

We will not handle all of the errors separately yet, but we will handle the internal ones.

To do that, we need to go into the helpers.go and create some middleware named “PanicHandler”.

The middleware will intercept our HTTP calls.

Next, it will recover from the panic. It will return a response to the user with the message “Internal server error”.

func PanicHandler(next http.Handler) http.Handler{
    return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
        defer func() {
            error := recover()
            if error != nil {
                log.Println(error)
    
                resp := interfaces.ErrResponse{Message: "Internal server error"}
                json.NewEncoder(w).Encode(resp)
            }
        }()
        next.ServeHTTP(w, r)
    })
}

Add PanicHandler in api.go startApi function

When our code is ready, we should go into the api.go and add it in the “startApi” function after the router’s declaration.

func StartApi() {
    router := mux.NewRouter()
    // Add panic handler middleware
    router.Use(helpers.PanicHandler)
    router.HandleFunc("/login", login).Methods("POST")
    router.HandleFunc("/register", register).Methods("POST")
    fmt.Println("App is working on port :8888")
    log.Fatal(http.ListenAndServe(":8888", router))
}

Move ErrResponse to interfaces

In this step, we need to move the “ErrResponse” interface from the “api.go”.

Le’ ts move it into the interfaces.go file.

Create GetUser function in users.go

Great!

Refactoring is almost finished, now we can go into the users-related stuff.

The first step should be to go into the users.go and create the function named “GetUser”.

That function should take two params, both as strings, the first one should be “id”, and the second one should be “jwt”.

GetUser function should return „map[string]interface{}.

func GetUser(id string, jwt string) map[string]interface{} {
    
}

Validate jwt token

If we would like to do any activity related to the user, the application needs to know if we are the owner of the account.

We can verify that by validating the JWT token.

To create JWT validation, we need to go into the helpers.go and create a function named “ValidateToken”.

The function should take id, and jwtToken as strings, and return a bool.

Inside the body, we need to remove “Bearer” from our token and verify the JWT token.

Next, we should verify if the id from the authenticated token is the same as an id that we sent to the API.

func ValidateToken(id string, jwtToken string) bool {
    cleanJWT := strings.Replace(jwtToken, "Bearer ", "", -1)
    tokenData := jwt.MapClaims{}
    token, err := jwt.ParseWithClaims(cleanJWT, tokenData, func(token *jwt.Token) (interface{}, error) {
            return []byte("TokenPassword"), nil
    })
    HandleErr(err)
    var userId, _ = strconv.ParseFloat(id, 8)
    if token.Valid && tokenData["user_id"] == userId {
        return true
    } else {
        return false
    }
}

Add withToken feature to prepareResponse

Now, we can come back to the users.go, and refactor “prepareResponse”.

We need to add a little change, that will be the third param named “withToken” as a bool.

And, we need to create token only if the withToken will be true.

func prepareResponse(user *interfaces.User, accounts []interfaces.ResponseAccount, withToken bool) map[string]interface{} {
    responseUser := &interfaces.ResponseUser{
        ID: user.ID,
        Username: user.Username,
        Email: user.Email,
        Accounts: accounts,
    }
    var response = map[string]interface{}{"message": "all is fine"}
    // Add withToken feature to prepare response
    if withToken {
        var token = prepareToken(user);
        response["jwt"] = token
    }
    response["data"] = responseUser
    return response
}

Change prepare response in login and register in users.go

Don’t forget to add the change into the login, and register functions inside the users.go.

Just add “true” in both of cases into the call to the “prepareResponse”, as a third param.

func Login(username string, pass string) map[string]interface{} {
    // Add validation to login
    valid := helpers.Validation(
        []interfaces.Validation{
            {Value: username, Valid: "username"},
            {Value: pass, Valid: "password"},
        })
    if valid {
        // Connect DB
        db := helpers.ConnectDB()
        user := &interfaces.User{}
        if db.Where("username = ? ", username).First(&user).RecordNotFound() {
            return map[string]interface{}{"message": "User not found"}
        }
        // Verify password
        passErr := bcrypt.CompareHashAndPassword([]byte(user.Password), []byte(pass))

        if passErr == bcrypt.ErrMismatchedHashAndPassword && passErr != nil {
            return map[string]interface{}{"message": "Wrong password"}
        }
        // Find accounts for the user
        accounts := []interfaces.ResponseAccount{}
        db.Table("accounts").Select("id, name, balance").Where("user_id = ? ", user.ID).Scan(&accounts)

        defer db.Close()

        var response = prepareResponse(user, accounts, true);

        return response
    } else {
        return map[string]interface{}{"message": "not valid values"}
    }
}

// Create registration function
func Register(username string, email string, pass string) map[string]interface{} {
    // Add validation to registration
    valid := helpers.Validation(
        []interfaces.Validation{
            {Value: username, Valid: "username"},
            {Value: email, Valid: "email"},
            {Value: pass, Valid: "password"},
        })
    if valid {
        // Create registration logic
        // Connect DB
        db := helpers.ConnectDB()
        generatedPassword := helpers.HashAndSalt([]byte(pass))
        user := &interfaces.User{Username: username, Email: email, Password: generatedPassword}
        db.Create(&user)

        account := &interfaces.Account{Type: "Daily Account", Name: string(username + "'s" + " account"), Balance: 0, UserID: user.ID}
        db.Create(&account)

        defer db.Close()
        accounts := []interfaces.ResponseAccount{}
        respAccount := interfaces.ResponseAccount{ID: account.ID, Name: account.Name, Balance: int(account.Balance)}
        accounts = append(accounts, respAccount)
        var response = prepareResponse(user, accounts, true)

        return response
    } else {
        return map[string]interface{}{"message": "not valid values"}
    }
    
}

Add User authentication with JWT to getUser

In this step, we are ready to come back to getUser.

The first what we will do here is to add the token validation.

func GetUser(id string, jwt string) map[string]interface{} {
    isValid := helpers.ValidateToken(id, jwt)
    if isValid {
        
    } else {
        return map[string]interface{}{"message": "Not valid token"}
    }
}

Find and return user

If the token is validated, we can start the logic.

If not, we should return the response with the information about that fact.

As a logic, we actually should add almost the same logic as for the function “Login”.

We need to find user. In this case, by ID, next find accounts for that user, and that’s it.

Just in the “prepareResponse” call, the last param will be “false”.

func GetUser(id string, jwt string) map[string]interface{} {
    isValid := helpers.ValidateToken(id, jwt)
    // Find and return user
    if isValid {
        db := helpers.ConnectDB()
        user := &interfaces.User{}
        if db.Where("id = ? ", id).First(&user).RecordNotFound() {
            return map[string]interface{}{"message": "User not found"}
        }
        accounts := []interfaces.ResponseAccount{}
        db.Table("accounts").Select("id, name, balance").Where("user_id = ? ", user.ID).Scan(&accounts)

        defer db.Close()

        var response = prepareResponse(user, accounts, false);
        return response
    } else {
        return map[string]interface{}{"message": "Not valid token"}
    }
}

Create getUser function in api.go

We are done with users.go, let’s move back into the api.go.

As the first step in that file, we need to create a function named “getUser”, and as a standard API call, we take response and request as params.

Inside the function, we will use mux vars to take the user’s ID that we need to pull from the DB.

The next important thing is to take authorization from our headers and pass it to the GetUser function.

func getUser(w http.ResponseWriter, r *http.Request) {
    vars := mux.Vars(r)
    userId := vars["id"]
    auth := r.Header.Get("Authorization")

    user := users.GetUser(userId, auth)
    apiResponse(user, w)
}

Add router.Handle func for getting the user in api.go

Now we can add the next API endpoint into the routing.

Add that inside the “StartApi”, and remember to set up the Methods, as “GET”. 

func StartApi() {
    router := mux.NewRouter()
    router.Use(helpers.PanicHandler)
    router.HandleFunc("/login", login).Methods("POST")
    router.HandleFunc("/register", register).Methods("POST")
    router.HandleFunc("/user/{id}", getUser).Methods("GET")
    fmt.Println("App is working on port :8888")
    log.Fatal(http.ListenAndServe(":8888", router))
}

Create directory useraccounts

We are done with getting users, and we move into the bank accounts.

As the first step, we should create a directory named “useraccounts”.

Create that directory inside the root of the project.

Create file useraccounts.go and package useraccounts

Next, we need to create a file named “useraccounts.go” inside that directory.

Inside the file, we need to declare a package named “useraccounts”.

package useraccounts

Create function updateAccount

The last step inside today’s lesson of the Golang course is to create the function that gives the possibility of updating the user’s bank account.

Let’s go into the useraccounts.go, and create the function named “updateAccount”.

Inside the function, we need to connect DB, update the account, and close DB.

Don’t worry about connecting/disconnecting DB so often. We will work on connection pools in the next episodes.

func updateAccount(id uint, amount int) {
    db := helpers.ConnectDB()
    db.Model(&interfaces.Account{}).Where("id = ?", id).Update("balance", amount)
    defer db.Close()
}

Golang user authentication conclusion

Congratulations, your project is going much more functional now!

I’m very, you know how to use user authentication with JWT token, and started building bank transfers feature.

Here is the code repository for the current lesson:

https://github.com/Duomly/go-bank-backend/tree/Golang-course-Lesson-4

In the next episode, we will continue working on the bank transfers and will focus on the REST API for that feature.

I cannot wait until I teach you all of these things, and you will do the first bank transfer!

Stay updated, because the next episodes will be the most crucial for that Golang course, and we will build the most important features.

Thanks for reading,

Radek from Duomly

Radek Fabisiak

If you liked it share and comment!