![\"Implementing](\"https:\/\/img.php.cn\/upload\/article\/000\/000\/000\/173530417964071.jpg\")
<\/p>![\"Implementing](\"https:\/\/img.php.cn\/upload\/article\/000\/000\/000\/173530418038088.jpg\")
<\/p>\n\n![\"Implementing](\"https:\/\/img.php.cn\/upload\/article\/000\/000\/000\/173530418193689.jpg\")
<\/p>\n\n![\"Implementing](\"https:\/\/img.php.cn\/upload\/article\/000\/000\/000\/173530418226924.jpg\")
<\/p>\n\n
JWT (JSON Web Token) is a highly effective method for securing APIs through token-based authentication, ensuring that only authenticated users can access your API endpoints. Unlike traditional session-based approaches, JWT is stateless, eliminating the need for server-side session storage, which makes it ideal for scalable and performant applications. In this guide, we'll walk you through implementing JWT authentication in a Go API, from generating tokens upon user login to securing your endpoints by validating these tokens, ultimately enhancing the security and robustness of your application's data and resources.
Prerequisites
- Go 1.21
Setup project
go mod init app go get github.com/gin-gonic/gin@v1.5.0 go get github.com/golang-jwt/jwt go get github.com/joho/godotenv
Project structure
├─ .env ├─ main.go ├─ middleware │ └─ authenticate.go └─ public ├─ index.html └─ login.html
Project files
.env
jwt_secret = b0WciedNJvFCqFRbB2A1QhZoCDnutAOen5g1FEDO0HsLTwGINp04GXh2OXVpTqQL
This .env file contains a single environment variable jwt_secret, which holds a secret key used for signing and verifying JWT tokens in the application.
authenticate.go
package middleware
import (
"net/http"
"os"
"strings"
"github.com/gin-gonic/gin"
"github.com/golang-jwt/jwt"
)
type Claims struct {
Id int `json:"id"`
Name string `json:"name"`
jwt.StandardClaims
}
func Authenticate() gin.HandlerFunc {
return func(c *gin.Context) {
if c.Request.URL.Path == "/" || c.Request.URL.Path == "/login" {
c.Next()
return
}
authHeader := c.GetHeader("Authorization")
if authHeader == "" {
c.Status(http.StatusUnauthorized)
c.Abort()
return
}
tokenString := strings.TrimPrefix(authHeader, "Bearer ")
token, err := jwt.ParseWithClaims(tokenString, &Claims{}, func(token *jwt.Token) (interface{}, error) {
return []byte(os.Getenv("jwt_secret")), nil
})
if err != nil || !token.Valid {
c.Status(http.StatusUnauthorized)
c.Abort()
return
}
if claims, ok := token.Claims.(*Claims); ok {
c.Set("user", claims)
} else {
c.Status(http.StatusUnauthorized)
c.Abort()
return
}
c.Next()
}
}
The authenticate.go middleware defines a function for JWT authentication in a Go API using the Gin framework. It checks if the request is for the / or /login paths, in which case no authentication is needed. For other routes, it retrieves the Authorization header, expecting a Bearer token. The token is parsed and validated using the jwt package and a secret key from environment variables. If the token is invalid or missing, the request is aborted with a 401 Unauthorized status. If valid, the user claims (such as id and name) are extracted and added to the Gin context, allowing access to protected routes.
main.go
package main
import (
"app/middleware"
"net/http"
"os"
"time"
"github.com/gin-gonic/gin"
"github.com/golang-jwt/jwt"
"github.com/joho/godotenv"
)
func main() {
godotenv.Load()
router := gin.Default()
router.Use(middleware.Authenticate())
router.LoadHTMLFiles("public/index.html", "public/login.html")
router.GET("/", func(c *gin.Context) {
c.HTML(http.StatusOK, "index.html", nil)
})
router.GET("/login", func(c *gin.Context) {
c.HTML(http.StatusOK, "login.html", nil)
})
router.GET("/user", func(c *gin.Context) {
user, _ := c.Get("user")
claims := user.(*middleware.Claims)
c.JSON(http.StatusOK, gin.H{"name": claims.Name})
})
router.POST("/login", func(c *gin.Context) {
var login map[string]string
c.BindJSON(&login)
if login["name"] == "admin" && login["password"] == "1234" {
token := jwt.NewWithClaims(jwt.SigningMethodHS256, &middleware.Claims{
Id: 1,
Name: login["name"],
StandardClaims: jwt.StandardClaims{
IssuedAt: time.Now().Unix(),
ExpiresAt: time.Now().Add(24 * time.Hour).Unix(),
},
})
tokenString, _ := token.SignedString([]byte(os.Getenv("jwt_secret")))
c.JSON(http.StatusOK, gin.H{"token": tokenString})
} else {
c.Status(http.StatusBadRequest)
}
})
router.Run()
}
The main.go file sets up a Go web server using the Gin framework to handle routes with JWT-based authentication. It uses middleware for authentication, which checks for valid JWT tokens in requests. The server serves two HTML pages: index.html and login.html, which are accessible via the / and /login routes.
For the /user route, the server retrieves the authenticated user's name from the JWT claims and returns it in the response. For the /login POST route, the server validates user credentials (name and password) and, if valid, generates a JWT token, signing it with a secret key and sending it back to the client. The server is configured to listen for requests and run on the default port.
index.html
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width,initial-scale=1">
<link href="https://cdnjs.cloudflare.com/ajax/libs/bootstrap/5.3.3/css/bootstrap.min.css" rel="stylesheet">
<link href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.0/css/all.min.css" rel="stylesheet">
</head>
<body>
<div>
<p>The index.html is a simple web page that provides a user interface for displaying the login status of a user. It uses Bootstrap for styling and Font Awesome for icons. On page load, it checks the user's authentication status by sending a request to the server with a JWT token stored in localStorage. If the user is logged in, it shows a success message with the user's name and a logout button. If not logged in, it shows a message indicating the user is not logged in and redirects them to the login page after a few seconds.</p>
<h3>
login.html
</h3>
<pre class="brush:php;toolbar:false"><!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width,initial-scale=1">
<link href="https://cdnjs.cloudflare.com/ajax/libs/bootstrap/5.3.3/css/bootstrap.min.css" rel="stylesheet">
<link href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.0/css/all.min.css" rel="stylesheet">
</head>
<body>
<div>
<p>The login.html page provides a simple login form where users can input their username and password. It uses Bootstrap for styling and Font Awesome for icons. When the user submits the form, a JavaScript function login() sends a POST request to the /login endpoint with the entered credentials. If the login is successful, the server returns a JWT token, which is stored in localStorage. The page then redirects the user to the home page (/). If the login fails, an error message is displayed.</p>
<h2>
Run project
</h2>
<pre class="brush:php;toolbar:false">go run main.go
Open the web browser and goto http://localhost:8080
You will find this test page.
Testing
After a few seconds, you will be redirected to the login page.
Press the login button, and you will be logged in to the home page, which will display the logged-in user's name.
Try refreshing the browser, and you will see that you're still logged in. Then, press the logout button, the JWT token will be removed, and you will be redirected to the login page again.
Conclusion
In conclusion, implementing JWT authentication in a Go API provides a secure and scalable approach to handle user authentication. By using the Gin framework alongside the golang-jwt/jwt package, we can easily integrate token-based authentication into our application. JWT tokens are generated during login, securely validating user credentials, and granting access to protected routes. The middleware ensures that only authenticated users can access these routes by verifying the token’s validity. This stateless authentication mechanism offers enhanced performance and flexibility, making it an ideal choice for modern API architectures.
Source code: https://github.com/stackpuz/Example-JWT-Go
Create a CRUD Web App in Minutes: https://stackpuz.com
The above is the detailed content of Implementing JWT Authentication in Go API. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undress AI Tool
Undress images for free
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
What are the implications of Go's static linking by default?
Jun 19, 2025 am 01:08 AM
Go compiles the program into a standalone binary by default, the main reason is static linking. 1. Simpler deployment: no additional installation of dependency libraries, can be run directly across Linux distributions; 2. Larger binary size: Including all dependencies causes file size to increase, but can be optimized through building flags or compression tools; 3. Higher predictability and security: avoid risks brought about by changes in external library versions and enhance stability; 4. Limited operation flexibility: cannot hot update of shared libraries, and recompile and deployment are required to fix dependency vulnerabilities. These features make Go suitable for CLI tools, microservices and other scenarios, but trade-offs are needed in environments where storage is restricted or relies on centralized management.
How does Go ensure memory safety without manual memory management like in C?
Jun 19, 2025 am 01:11 AM
Goensuresmemorysafetywithoutmanualmanagementthroughautomaticgarbagecollection,nopointerarithmetic,safeconcurrency,andruntimechecks.First,Go’sgarbagecollectorautomaticallyreclaimsunusedmemory,preventingleaksanddanglingpointers.Second,itdisallowspointe
How do I create a buffered channel in Go? (e.g., make(chan int, 10))
Jun 20, 2025 am 01:07 AM
To create a buffer channel in Go, just specify the capacity parameters in the make function. The buffer channel allows the sending operation to temporarily store data when there is no receiver, as long as the specified capacity is not exceeded. For example, ch:=make(chanint,10) creates a buffer channel that can store up to 10 integer values; unlike unbuffered channels, data will not be blocked immediately when sending, but the data will be temporarily stored in the buffer until it is taken away by the receiver; when using it, please note: 1. The capacity setting should be reasonable to avoid memory waste or frequent blocking; 2. The buffer needs to prevent memory problems from being accumulated indefinitely in the buffer; 3. The signal can be passed by the chanstruct{} type to save resources; common scenarios include controlling the number of concurrency, producer-consumer models and differentiation
How can you use Go for system programming tasks?
Jun 19, 2025 am 01:10 AM
Go is ideal for system programming because it combines the performance of compiled languages ??such as C with the ease of use and security of modern languages. 1. In terms of file and directory operations, Go's os package supports creation, deletion, renaming and checking whether files and directories exist. Use os.ReadFile to read the entire file in one line of code, which is suitable for writing backup scripts or log processing tools; 2. In terms of process management, the exec.Command function of the os/exec package can execute external commands, capture output, set environment variables, redirect input and output flows, and control process life cycles, which are suitable for automation tools and deployment scripts; 3. In terms of network and concurrency, the net package supports TCP/UDP programming, DNS query and original sets.
How do I call a method on a struct instance in Go?
Jun 24, 2025 pm 03:17 PM
In Go language, calling a structure method requires first defining the structure and the method that binds the receiver, and accessing it using a point number. After defining the structure Rectangle, the method can be declared through the value receiver or the pointer receiver; 1. Use the value receiver such as func(rRectangle)Area()int and directly call it through rect.Area(); 2. If you need to modify the structure, use the pointer receiver such as func(r*Rectangle)SetWidth(...), and Go will automatically handle the conversion of pointers and values; 3. When embedding the structure, the method of embedded structure will be improved, and it can be called directly through the outer structure; 4. Go does not need to force use getter/setter,
What are interfaces in Go, and how do I define them?
Jun 22, 2025 pm 03:41 PM
In Go, an interface is a type that defines behavior without specifying implementation. An interface consists of method signatures, and any type that implements these methods automatically satisfy the interface. For example, if you define a Speaker interface that contains the Speak() method, all types that implement the method can be considered Speaker. Interfaces are suitable for writing common functions, abstract implementation details, and using mock objects in testing. Defining an interface uses the interface keyword and lists method signatures, without explicitly declaring the type to implement the interface. Common use cases include logs, formatting, abstractions of different databases or services, and notification systems. For example, both Dog and Robot types can implement Speak methods and pass them to the same Anno
How do I use string functions from the strings package in Go? (e.g., len(), strings.Contains(), strings.Index(), strings.ReplaceAll())
Jun 20, 2025 am 01:06 AM
In Go language, string operations are mainly implemented through strings package and built-in functions. 1.strings.Contains() is used to determine whether a string contains a substring and returns a Boolean value; 2.strings.Index() can find the location where the substring appears for the first time, and if it does not exist, it returns -1; 3.strings.ReplaceAll() can replace all matching substrings, and can also control the number of replacements through strings.Replace(); 4.len() function is used to obtain the length of the bytes of the string, but when processing Unicode, you need to pay attention to the difference between characters and bytes. These functions are often used in scenarios such as data filtering, text parsing, and string processing.
How do I use the io package to work with input and output streams in Go?
Jun 20, 2025 am 11:25 AM
TheGoiopackageprovidesinterfaceslikeReaderandWritertohandleI/Ooperationsuniformlyacrosssources.1.io.Reader'sReadmethodenablesreadingfromvarioussourcessuchasfilesorHTTPresponses.2.io.Writer'sWritemethodfacilitateswritingtodestinationslikestandardoutpu
