feat: basic session auth implemented

Author: tanmoysrt

swiftwave_service/core/models.go

@@ -37,12 +37,21 @@ type ServerLog struct {
 
 // User hold information about user
 type User struct {
-	ID           uint     `json:"id" gorm:"primaryKey"`
-	Username     string   `json:"username" gorm:"unique"`
-	Role         UserRole `json:"role" gorm:"default:'user'"`
-	PasswordHash string   `json:"password_hash"`
-	TotpEnabled  bool     `json:"totp_enabled" gorm:"default:false"`
-	TotpSecret   string   `json:"totp_secret"`
+	ID           uint          `json:"id" gorm:"primaryKey"`
+	Username     string        `json:"username" gorm:"unique"`
+	Role         UserRole      `json:"role" gorm:"default:'user'"`
+	PasswordHash string        `json:"password_hash"`
+	TotpEnabled  bool          `json:"totp_enabled" gorm:"default:false"`
+	TotpSecret   string        `json:"totp_secret"`
+	Sessions     []UserSession `json:"sessions" gorm:"foreignKey:UserID;constraint:OnUpdate:CASCADE,OnDelete:CASCADE"`
+}
+
+// UserSession hold information about
+type UserSession struct {
+	ID        uint      `json:"id" gorm:"primaryKey"`
+	UserID    uint      `json:"user_id"`
+	SessionID string    `json:"session_id" gorm:"index"`
+	ExpiresAt time.Time `json:"expires_at"`
 }
 
 // ************************************************************************************* //

swiftwave_service/core/user_session.operations.go

@@ -0,0 +1,40 @@
+package core
+
+import (
+	"context"
+	"errors"
+	"github.com/labstack/gommon/random"
+	"gorm.io/gorm"
+	"time"
+)
+
+// This file contains the operations for the User Sessions model.
+// This functions will perform necessary validation before doing the actual database operation.
+
+// Each function's argument format should be (ctx context.Context, db gorm.DB, ...)
+// context used to pass some data to the function e.g. user id, auth info, etc.
+
+// CreateSession : create session for user
+func CreateSession(ctx context.Context, db gorm.DB, user User) (string, error) {
+	sessionRecord := &UserSession{
+		UserID:    user.ID,
+		SessionID: random.String(128),
+		ExpiresAt: time.Now().Add(time.Hour * 720),
+	}
+	// Create record
+	err := db.Create(sessionRecord).Error
+	if err != nil {
+		return "", err
+	}
+	return sessionRecord.SessionID, nil
+}
+
+// GetUserIDBySessionID : get user by session id
+func GetUserIDBySessionID(ctx context.Context, db gorm.DB, sessionID string) (uint, error) {
+	var session UserSession
+	err := db.Where("session_id = ?", sessionID).Select("user_id").First(&session).Error
+	if err != nil {
+		return 0, errors.New("invalid session")
+	}
+	return session.UserID, nil
+}

swiftwave_service/db/migrations/20250213190430_test.down.sql

@@ -0,0 +1,4 @@
+-- reverse: create index "idx_user_sessions_session_id" to table: "user_sessions"
+DROP INDEX "public"."idx_user_sessions_session_id";
+-- reverse: create "user_sessions" table
+DROP TABLE "public"."user_sessions";

swiftwave_service/db/migrations/20250213190430_test.up.sql

@@ -0,0 +1,11 @@
+-- create "user_sessions" table
+CREATE TABLE "public"."user_sessions" (
+  "id" bigserial NOT NULL,
+  "user_id" bigint NULL,
+  "session_id" text NULL,
+  "expires_at" timestamptz NULL,
+  PRIMARY KEY ("id"),
+  CONSTRAINT "fk_users_sessions" FOREIGN KEY ("user_id") REFERENCES "public"."users" ("id") ON UPDATE CASCADE ON DELETE CASCADE
+);
+-- create index "idx_user_sessions_session_id" to table: "user_sessions"
+CREATE INDEX "idx_user_sessions_session_id" ON "public"."user_sessions" ("session_id");

swiftwave_service/db/migrations/atlas.sum

@@ -1,4 +1,4 @@
-h1:dFMxl02tstPc5Nmao8FA3S7sM7mIXqsSy34VElMP2gk=
+h1:SwRv04ZCBJM2kVRlT9CroRjbfMlf4sOror5mPG2X/EM=
 20240413191732_init.down.sql h1:HoitObGwuKF/akF4qg3dol2FfNTLCEuf6wHYDuCez8I=
 20240413191732_init.up.sql h1:USKdQx/yTz1KJ0+mDwYGhKm3WzX7k+I9+6B6SxImwaE=
 20240414051823_server_custom_ssh_port_added.down.sql h1:IC1DFQBQceTPTRdZOo5/WqytH+ZbgcKrQuMCkhArF/0=
@@ -47,3 +47,5 @@ h1:dFMxl02tstPc5Nmao8FA3S7sM7mIXqsSy34VElMP2gk=
 20240628175617_add_extra_fields_in_app_group.up.sql h1:+qBOQc/2bhG1igFdUbWSsZEy01aORuPyBPvxKVXJJoA=
 20240906153014_add_hostname_in_application.down.sql h1:tFY94wo3G+UYA51UYt9jbfwwPTS/hCd3pG2F7smUEB8=
 20240906153014_add_hostname_in_application.up.sql h1:JAhs73vgSIUzt0l8M8ltRp98dVkwL5lXrdkfHvJ+arE=
+20250213190430_test.down.sql h1:ra8BJ92iaL0/Kc7MThF+wzbM1/szBVKHxJUWLq1hf5o=
+20250213190430_test.up.sql h1:EDgRcbJknAyddUQ9X3+uGw/MNDilVWHRKcC+9Xuxuxg=

swiftwave_service/db_models_loader/main.go

@@ -17,6 +17,7 @@ func main() {
 		&core.Server{},
 		&core.ServerLog{},
 		&core.User{},
+		&core.UserSession{},
 		&core.Domain{},
 		&core.RedirectRule{},
 		&core.PersistentVolume{},

swiftwave_service/graphql/authentication.resolvers.go

@@ -0,0 +1,9 @@
+input UserCredential {
+    username: String!
+    password: String!
+}
+
+
+extend type Mutation {
+    login(input: UserCredential!): String!
+}