victorsteven / go-jwt-postgres-mysql-restful-api Goto Github PK
View Code? Open in Web Editor NEWThis is an API built with golang, jwt, gorm, postgresql, mysql
This is an API built with golang, jwt, gorm, postgresql, mysql
I think it would be better practice in login_controller.go to only issue a bearer token after explicitely checking that the user-provided password matches the hash after using bcrypt. In its current state the default is to provide a token if one specific error is not met.
if err != nil && err == bcrypt.ErrMismatchedHashAndPassword {
From what I understand the only case where this might be kind of exploited is, when the DB-stored passwords are not bcrypt hashes, which results in:
var ErrHashTooShort = "crypto/bcrypt: hashedSecret too short to be a bcrypted password"
I had that case because I had unencrypted test-data in my database.
Eventhough the attack surface might be limited here I would suggest to modify the code to teach and encourage safe best-practices.
How to validate:
`We are getting the env values
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0xb0 pc=0x434d526]
goroutine 1 [running]:
github.com/jinzhu/gorm.(*DB).clone(0x0, 0x0)
/Users/go/src/github.com/jinzhu/gorm/main.go:856 +0x26
github.com/jinzhu/gorm.(*DB).Debug(...)
/Users/go/src/github.com/jinzhu/gorm/main.go:531
github.com/gouthamjm/backend/crud/api/controllers.(*Server).Initialize(0x487f090, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ...)
/Users/go/src/github.com/gouthamjm/backend/crud/api/controllers/base.go:59 +0xc5
github.com/gouthamjm/backend/crud/api.Run()
/Users/go/src/github.com/gouthamjm/backend/crud/api/server.go:32 +0x265
main.main()
/Users/go/src/github.com/gouthamjm/backend/crud/main.go:6 +0x25
exit status 2
`
I run into the following issue when using MySQL 5.7 and MariaDB 10.4
go test -v --run TestFindAllUsers
We are connected to the mysql database
=== RUN TestFindAllUsers
2020/03/05 11:23:21 Error 1217: Cannot delete or update a parent row: a foreign key constraint fails
exit status 1
Disable foreign_key_checks before dropping the table then re-enable them.
server.DB.Exec("SET foreign_key_checks=0")
err := server.DB.Debug().DropTableIfExists(&models.User{}).Error
if err != nil {
return err
}
server.DB.Exec("SET foreign_key_checks=1")
Can errorMessage be omitted from the TestGetPostByID Method? Its not used anywhere else other than the struct.
Hello,
When I do go run main.go (on windows) I have error :
PS C:\www\SILVER\go> go run .\main.go
# github.com/mattn/go-sqlite3
/usr/lib/gcc/x86_64-pc-cygwin/10/../../../../x86_64-pc-cygwin/bin/ld: cannot find -lmingwex
/usr/lib/gcc/x86_64-pc-cygwin/10/../../../../x86_64-pc-cygwin/bin/ld: cannot find -lmingw32
collect2: error: ld returned 1 exit status
# github.com/mattn/go-sqlite3
sqlite3-binding.c: In function 'sqlite3SelectNew':
sqlite3-binding.c:123303:10: warning: function may return address of local variable [-Wreturn-local-addr]
123303 | return pNew;
| ^~~~
sqlite3-binding.c:123263:10: note: declared here
123263 | Select standin;
| ^~~~~~~
Thanks
I moved Server Struc to config/config.go
but it does not work
Unresolved type 'Server'
Hello Victor nice work with your code. When I try to pull down the package in main.go I get this error
Repository not found.
fatal: repository 'https://github.com/victorsteven/fullstack/' not found
package github.com/victorsteven/fullstack/api: exit status 128
I see you import "github.com/jinzhu/gorm"
and not gorm.io/gorm
It is the same ?
Thanks
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.