Fix/backend/session management for auth

.github/workflows/deploy-golang-develop.yml

@@ -69,7 +69,7 @@ jobs:
 
     - name: Run tests
       run: |
-        go test -v -coverpkg=github.com/COS301-SE-2024/occupi/occupi-backend/pkg/utils,github.com/COS301-SE-2024/occupi/occupi-backend/pkg/handlers ./tests/... -coverprofile=coverage.out
+        go test -v -coverpkg=github.com/COS301-SE-2024/occupi/occupi-backend/pkg/utils,github.com/COS301-SE-2024/occupi/occupi-backend/pkg/authenticator,github.com/COS301-SE-2024/occupi/occupi-backend/pkg/middleware ./tests/... -coverprofile=coverage.out
 
     - name: Upload coverage reports to Codecov
       uses: codecov/[email protected]

.github/workflows/deploy-golang-prod.yml

@@ -61,7 +61,7 @@ jobs:
 
     - name: Run tests
       run: |
-        go test -v -coverpkg=github.com/COS301-SE-2024/occupi/occupi-backend/pkg/utils,github.com/COS301-SE-2024/occupi/occupi-backend/pkg/handlers ./tests/... -coverprofile=coverage.out
+        go test -v -coverpkg=github.com/COS301-SE-2024/occupi/occupi-backend/pkg/utils,github.com/COS301-SE-2024/occupi/occupi-backend/pkg/authenticator,github.com/COS301-SE-2024/occupi/occupi-backend/pkg/middleware ./tests/... -coverprofile=coverage.out
 
     - name: Upload coverage reports to Codecov
       uses: codecov/[email protected]

.github/workflows/lint-test-build-golang.yml

@@ -67,7 +67,7 @@ jobs:
 
     - name: Run tests
       run: |
-        go test -v -coverpkg=github.com/COS301-SE-2024/occupi/occupi-backend/pkg/utils,github.com/COS301-SE-2024/occupi/occupi-backend/pkg/handlers ./tests/... -coverprofile=coverage.out
+        go test -v -coverpkg=github.com/COS301-SE-2024/occupi/occupi-backend/pkg/utils,github.com/COS301-SE-2024/occupi/occupi-backend/pkg/authenticator,github.com/COS301-SE-2024/occupi/occupi-backend/pkg/middleware ./tests/... -coverprofile=coverage.out
 
     - name: Upload coverage reports to Codecov
       uses: codecov/[email protected]

documentation/occupi-docs/pages/api-documentation/api-usage.mdx

@@ -11,10 +11,15 @@ The API also allows you to retrieve information about these resources.
   - [Table of Contents](#table-of-contents)
     - [Base URL](#base-url)
     - [Ping](#ping)
+      - [Ping](#ping-1)
+      - [Ping-Auth](#ping-auth)
+      - [Ping-Admin](#ping-admin)
     - [Authentication](#authentication)
       - [Register](#register)
       - [Login](#login)
+      - [Login-Admin](#login-admin)
       - [Verify OTP](#verify-otp)
+      - [Logout](#logout)
     - [Api](#api)
       - [Resources](#resources)
       - [BookRoom](#BookRoom)
@@ -26,10 +31,12 @@ The API also allows you to retrieve information about these resources.
 
 ## Base URL
 
-The base URL for the Occupi API is `https://occupi.tech` or `https://localhost:8080` if you are in develop mode.
+The base URL for the Occupi API is `https://occupi.tech`, `https://dev.occupi.tech` or `https://localhost:8080` if you are in develop mode.
 
 ## Ping
 
+### Ping
+
 The ping endpoint is used to check if the API is up and running.
 
 - **URL**
@@ -43,7 +50,7 @@ The ping endpoint is used to check if the API is up and running.
 - **Success Response**
 
   - **Code:** 200
-  - **Content:** `{ "message": "pong -> I am alive and kicking" }`
+  - **Content:** `{ "status":  200, "message": "pong -> I am alive and kicking", "data": {}, }`
 
 - **Error Response**
   - **Code:** 404
@@ -55,9 +62,65 @@ The ping endpoint is used to check if the API is up and running.
 {}
 ```
 
+### Ping-Auth
+
+The ping-auth endpoint is used to check if the API is up and running and also to check if the user is authenticated.
+
+- **URL**
+
+  `/ping-auth`
+
+- **Method**
+
+    `GET`
+
+- **Success Response**
+
+    - **Code:** 200
+    - **Content:** `{ "status":  200, "message": "pong -> I am alive and kicking and you are auth'd", "data": {}, }`
+
+- **Error Response**
+
+      - **Code:** 401
+      - **Content:** `{\"error\":{\"code\":\"INVALID_AUTH\",\"details\":null,\"message\":\"User not authorized\"},\"message\":\"Bad Request\",\"status\":401}`
+
+**_Example json to send:_**
+
+  ```json copy
+  {}
+  ```
+
+### Ping-Admin
+
+The ping-admin endpoint is used to check if the API is up and running and also to check if the user is an admin.
+
+- **URL**
+
+  `/ping-admin`
+
+- **Method**
+
+    `GET`
+
+- **Success Response**
+
+    - **Code:** 200
+    - **Content:** `{ "status":  200, "message": "pong -> I am alive and kicking and you are an admin", "data": {}, }`
+
+- **Error Response**
+
+      - **Code:** 401
+      - **Content:** `{\"error\":{\"code\":\"INVALID_AUTH\",\"details\":null,\"message\":\"User not authorized to access admin route\"},\"message\":\"Bad Request\",\"status\":401}`
+
+**_Example json to send:_**
+
+  ```json copy
+  {}
+  ```
+
 ## Authentication
 
-The authentication endpoints are used to register, login, and verify users. Only POST requests are used for these endpoints.
+The authentication endpoints are used to register, login, login-admin, logout, and verify users. Only POST requests are used for these endpoints.
 
 ### Register
 
@@ -125,6 +188,39 @@ The authentication endpoints are used to register, login, and verify users. Only
 }
 ```
 
+### Login-Admin
+
+- **URL**
+
+  `/auth/login-admin`
+
+- **Method**
+
+    `POST`
+
+- **Success Response**
+
+    - **Code:** 200
+    - **Content:** `{ "status":  200, "message": "Successful login!", "data": {}, }`
+
+- **Error Response**
+
+      - **Code:** 400
+      - **Content:** `{"status":  400, "message": "Invalid email address": {"code": "INVALID_REQUEST_PAYLOAD","message": "Expected a valid format for email address": {}}}`
+
+- **Error Response**
+  - **Code:** 500
+  - **Content:** `{"status":  500, "message": "Internal Server Error","error": {"code": "INTERNAL_SERVER_ERROR","message": "Internal Server Error","details": {}}}`
+
+**_Example json to send:_**
+
+```json copy
+{
+  "email": "[email protected]",
+  "password": "123456"
+}
+```
+
 ### Verify OTP
 
 - **URL**
@@ -158,6 +254,35 @@ The authentication endpoints are used to register, login, and verify users. Only
 }
 ```
 
+### Logout
+
+- **URL**
+
+  `/auth/logout`
+
+- **Method**
+
+    `POST`
+
+- **Success Response**
+
+  - **Code:** 200
+  - **Content:** `{ "status":  200, "message": "Logout successful!", "data": {}, }`
+
+- **Error Response**
+
+  - **Code:** 400
+  - **Content:** `{\"error\":{\"code\":\"INVALID_AUTH\",\"details\":null,\"message\":\"Authorized user can't access this route\"},\"message\":\"Bad Request\",\"status\":401}`
+
+- **Error Response**
+  - **Code:** 500
+  - **Content:** `{"status":  500, "message": "Internal Server Error","error": {"code": "INTERNAL_SERVER_ERROR","message": "Internal Server Error","details": {}}}`
+
+**_Example json to send:_**
+```json copy
+{}
+```
+
 ## Api
 
 The API endpoints are used to interact with the Occupi platform. Mainly GET, POST, PUT, DELETE requests are used.

documentation/occupi-docs/theme.config.jsx

@@ -1,7 +1,13 @@
 export default {
-    title: 'Occupi',
-    favicon: 'https://raw.githubusercontent.com/COS301-SE-2024/occupi/5f614e7d881c9d4f65ec2cf6ea60bf5542eb77a7/presentation/Occupi/image_2024-05-21_213821107.svg',
-    description: 'This is occupi-s documentation site',
+    head: (
+        <>
+            <meta name="description" content="This is occupi-s documentation site" />
+            <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+            <meta property="og:title" content="occupi" />
+            <meta property="og:description" content="This is occupi-s documentation site" />
+            <link rel="icon" type="image/svg+xml" href="https://raw.githubusercontent.com/COS301-SE-2024/occupi/5f614e7d881c9d4f65ec2cf6ea60bf5542eb77a7/presentation/Occupi/image_2024-05-21_213821107.svg" />
+        </>
+    ),
     logo: (
         <>
             <img 
@@ -20,7 +26,5 @@ export default {
         link: 'https://discord.com',
     },
     docsRepositoryBase: 'https://github.com/COS301-SE-2024/occupi/documentation/occupi-docs',
-    footer: {
-        text: 'Occupi Documentation',
-    },
+    footerText: `MIT ${new Date().getFullYear()} © Occupi.`,
 }

occupi-backend/configs/config.go

@@ -150,34 +150,18 @@ func GetTrustedProxies() []string {
 	return []string{""}
 }
 
-func GetAuth0Domain() string {
-	auth0Domain := os.Getenv("AUTH0_DOMAIN")
-	if auth0Domain == "" {
-		auth0Domain = ""
+func GetJWTSecret() string {
+	secret := os.Getenv("JWT_SECRET")
+	if secret == "" {
+		secret = "JWT_SECRET"
 	}
-	return auth0Domain
+	return secret
 }
 
-func GetAuth0ClientID() string {
-	auth0ClientID := os.Getenv("AUTH0_CLIENT_ID")
-	if auth0ClientID == "" {
-		auth0ClientID = ""
+func GetSessionSecret() string {
+	secret := os.Getenv("SESSION_SECRET")
+	if secret == "" {
+		secret = "SESSION_SECRET"
 	}
-	return auth0ClientID
-}
-
-func GetAuth0ClientSecret() string {
-	auth0ClientSecret := os.Getenv("AUTH0_CLIENT_SECRET")
-	if auth0ClientSecret == "" {
-		auth0ClientSecret = ""
-	}
-	return auth0ClientSecret
-}
-
-func GetAuth0CallbackURL() string {
-	auth0CallbackURL := os.Getenv("AUTH0_CALLBACK_URL")
-	if auth0CallbackURL == "" {
-		auth0CallbackURL = ""
-	}
-	return auth0CallbackURL
+	return secret
 }

occupi-backend/go.mod

@@ -26,6 +26,7 @@ require (
 	github.com/cloudwego/base64x v0.1.4 // indirect
 	github.com/cloudwego/iasm v0.2.0 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/dgrijalva/jwt-go v3.2.0+incompatible // indirect
 	github.com/gabriel-vasile/mimetype v1.4.4 // indirect
 	github.com/gin-contrib/sse v0.1.0 // indirect
 	github.com/go-jose/go-jose/v4 v4.0.1 // indirect

occupi-backend/go.sum

@@ -16,6 +16,8 @@ github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ3
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/dgrijalva/jwt-go v3.2.0+incompatible h1:7qlOGliEKZXTDg6OTjfoBKDXWrumCAMpl/TFQ4/5kLM=
+github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
 github.com/gabriel-vasile/mimetype v1.4.4 h1:QjV6pZ7/XZ7ryI2KuyeEDE8wnh7fHP9YnQy+R0LnH8I=
 github.com/gabriel-vasile/mimetype v1.4.4/go.mod h1:JwLei5XPtWdGiMFB5Pjle1oEeoSeEuJfJE+TtfvdB/s=
 github.com/gin-contrib/sessions v1.0.1 h1:3hsJyNs7v7N8OtelFmYXFrulAf6zSR7nW/putcPEHxI=

occupi-backend/occupi.bat

@@ -23,7 +23,7 @@ if "%1 %2" == "run dev" (
     go test -v ./tests/...
     exit /b 0
 ) else if "%1 %2" == "test codecov" (
-    go test -v -coverpkg=github.com/COS301-SE-2024/occupi/occupi-backend/pkg/utils,github.com/COS301-SE-2024/occupi/occupi-backend/pkg/handlers ./tests/... -coverprofile=coverage.out
+    go test -v -coverpkg=github.com/COS301-SE-2024/occupi/occupi-backend/pkg/utils,github.com/COS301-SE-2024/occupi/occupi-backend/pkg/authenticator,github.com/COS301-SE-2024/occupi/occupi-backend/pkg/middleware ./tests/... -coverprofile=coverage.out
     exit /b 0
 ) else if "%1" == "lint" (
     golangci-lint run

occupi-backend/occupi.sh

@@ -31,7 +31,7 @@ elif [ "$1" = "docker" ] && [ "$2" = "up" ]; then
 elif [ "$1" = "test" ]; then
     go test -v ./tests/...
 elif [ "$1" = "test" ] && [ "$2" = "codecov" ]; then
-    go test -v -coverpkg=github.com/COS301-SE-2024/occupi/occupi-backend/pkg/utils,github.com/COS301-SE-2024/occupi/occupi-backend/pkg/handlers ./tests/... -coverprofile=coverage.out
+    go test -v -coverpkg=github.com/COS301-SE-2024/occupi/occupi-backend/pkg/utils,github.com/COS301-SE-2024/occupi/occupi-backend/pkg/authenticator,github.com/COS301-SE-2024/occupi/occupi-backend/pkg/middleware ./tests/... -coverprofile=coverage.out
 elif [ "$1" = "lint" ]; then
     golangci-lint run
 elif [ "$1" = "help" ] || [ -z "$1" ]; then