Adding Google authentication via Goth. All endpoints can now be authenticated.

Other changes include:
* Also removing httprouter mux in favour of gorilla for being more mature and having more integrations and resources available for debugging.
* Adding http middlewares for logging req processing time and handling authentication.

TODO: Need to add context in the middleware as well. Will be useful for logging and debugging.

app/server/api/components.go

@@ -8,13 +8,12 @@ import (
 
 	"net/http"
 
-	"github.com/julienschmidt/httprouter"
 	"gitlab.com/mobtools/internal-tools-server/models"
 	"gitlab.com/mobtools/internal-tools-server/services"
 )
 
 // GetComponents fetches the list of components from the DB
-func GetComponents(w http.ResponseWriter, r *http.Request, params httprouter.Params) {
+func GetComponents(w http.ResponseWriter, r *http.Request) {
 	queryValues := r.URL.Query()
 
 	components, err := services.GetComponent(queryValues)
@@ -31,7 +30,7 @@ func GetComponents(w http.ResponseWriter, r *http.Request, params httprouter.Par
 }
 
 // CreateComponents creates components in the DB
-func CreateComponents(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
+func CreateComponents(w http.ResponseWriter, r *http.Request) {
 	component := models.Component{}
 	err := json.NewDecoder(r.Body).Decode(&component)
 	if err != nil {
@@ -52,7 +51,7 @@ func CreateComponents(w http.ResponseWriter, r *http.Request, _ httprouter.Param
 	fmt.Fprintf(w, "%s", componentJSON)
 }
 
-func UpdateComponent(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
+func UpdateComponent(w http.ResponseWriter, r *http.Request) {
 	component := models.Component{}
 	err := json.NewDecoder(r.Body).Decode(&component)
 	if err != nil {

app/server/api/login.go

@@ -0,0 +1,135 @@
+package api
+
+import (
+	"encoding/json"
+	"fmt"
+	"log"
+	"net/http"
+
+	"github.com/gorilla/mux"
+	"github.com/markbates/goth"
+	"github.com/markbates/goth/gothic"
+	"gitlab.com/mobtools/internal-tools-server/models"
+	"gitlab.com/mobtools/internal-tools-server/url"
+)
+
+func Login(res http.ResponseWriter, req *http.Request) {
+	//TODO: If the user is logged in, redirect to the home page
+	log.Println("In the login page")
+	res.Header().Set("Content-Type", "text/html")
+	res.WriteHeader(200)
+	fmt.Fprintf(res, "%s", "<p>Click <a href='/auth/google'>here</a> to login via Google</p>")
+}
+
+func InitiateAuth(res http.ResponseWriter, req *http.Request) {
+	log.Println("In the initiateAuth fxn")
+	gothic.BeginAuthHandler(res, req)
+}
+
+func AuthCallback(res http.ResponseWriter, req *http.Request) {
+	log.Println("In the AuthCallback fxn")
+	user, err := completeAuthCallback(res, req)
+
+	if err != nil {
+		fmt.Fprintln(res, err)
+		return
+	}
+	res.Header().Set("Content-Type", "application/json")
+	res.WriteHeader(200)
+	fmt.Fprintf(res, "%s", user.Email)
+}
+
+func Logout(res http.ResponseWriter, req *http.Request) {
+	gothic.Logout(res, req)
+	res.Header().Set("Location", url.LoginURL)
+	res.WriteHeader(http.StatusTemporaryRedirect)
+}
+
+func GetUserProfile(res http.ResponseWriter, req *http.Request) {
+	vars := mux.Vars(req)
+	providerName := vars["provider"]
+	provider, err := goth.GetProvider(providerName)
+	if err != nil {
+		fmt.Fprintf(res, "%s", err)
+	}
+
+	value, err := gothic.GetFromSession(providerName, req)
+	if err != nil {
+		fmt.Fprintf(res, "%s", err)
+	}
+
+	log.Printf("Got the session value: %+v\n", value)
+
+	sess, err := provider.UnmarshalSession(value)
+	if err != nil {
+		fmt.Fprintf(res, "%s", err)
+	}
+	log.Printf("Got the session: %+v\n", sess)
+
+	user, err := provider.FetchUser(sess)
+	if err == nil {
+		// user can be found with existing session data
+		fmt.Fprintf(res, "%s", err)
+	}
+	log.Printf("Got the user: %+v", user)
+
+	fmt.Fprintf(res, "%s", user.Email)
+}
+
+func completeAuthCallback(res http.ResponseWriter, req *http.Request) (goth.User, error) {
+	log.Println("In the custom callback fxn")
+	providerName, err := gothic.GetProviderName(req)
+	if err != nil {
+		return goth.User{}, err
+	}
+
+	provider, err := goth.GetProvider(providerName)
+	if err != nil {
+		return goth.User{}, err
+	}
+
+	value, err := gothic.GetFromSession(providerName, req)
+	if err != nil {
+		return goth.User{}, err
+	}
+	log.Printf("Session Value: %+v\n", value)
+
+	sess, err := provider.UnmarshalSession(value)
+	if err != nil {
+		return goth.User{}, err
+	}
+
+	// get new token and retry fetch
+	_, err = sess.Authorize(provider, req.URL.Query())
+	if err != nil {
+		return goth.User{}, err
+	}
+
+	gu, err := provider.FetchUser(sess)
+	if err != nil {
+		return goth.User{}, err
+	}
+	log.Printf("Got the gu as: %+v", gu)
+
+	user := models.User{
+		Username: gu.Email,
+		Email:    gu.Email,
+		GothUser: gu,
+	}
+
+	userJSON, _ := json.Marshal(user)
+	log.Printf("userJSON Value: %+v\n", string(userJSON))
+
+	err = gothic.StoreInSession(providerName, string(userJSON), req, res)
+
+	return gu, err
+}
+
+func getAuthenticatedUser(res http.ResponseWriter, req *http.Request) (string, error) {
+	sess, err := gothic.GetFromSession("google", req)
+	if err != nil {
+		return "", err
+	}
+	log.Printf("Got the authenticated user: %+v\n", sess)
+	return sess, nil
+}

app/server/api/middleware/middleware.go

@@ -0,0 +1,81 @@
+package middleware
+
+import (
+	"log"
+	"net/http"
+	"time"
+
+	"github.com/markbates/goth/gothic"
+)
+
+type Middleware func(http.HandlerFunc) http.HandlerFunc
+
+// Logging logs all requests with its path and the time it took to process
+func Logging() Middleware {
+
+	// Create a new Middleware
+	return func(f http.HandlerFunc) http.HandlerFunc {
+
+		// Define the http.HandlerFunc
+		return func(w http.ResponseWriter, r *http.Request) {
+
+			// Do middleware things
+			start := time.Now()
+			defer func() { log.Println(r.URL.Path, time.Since(start)) }()
+
+			// Call the next middleware/handler in chain
+			f(w, r)
+		}
+	}
+}
+
+// Method ensures that url can only be requested with a specific method, else returns a 400 Bad Request
+func Method(m string) Middleware {
+
+	// Create a new Middleware
+	return func(f http.HandlerFunc) http.HandlerFunc {
+
+		// Define the http.HandlerFunc
+		return func(w http.ResponseWriter, r *http.Request) {
+
+			// Do middleware things
+			if r.Method != m {
+				http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest)
+				return
+			}
+
+			// Call the next middleware/handler in chain
+			f(w, r)
+		}
+	}
+}
+
+func Authenticated() Middleware {
+
+	// Create a new Middleware
+	return func(f http.HandlerFunc) http.HandlerFunc {
+
+		// Define the http.HandlerFunc
+		return func(w http.ResponseWriter, r *http.Request) {
+			sess, err := gothic.GetFromSession("google", r)
+			if err != nil {
+				// Write an error and stop the handler chain
+				http.Error(w, http.StatusText(http.StatusForbidden), http.StatusForbidden)
+				return
+			}
+
+			log.Printf("Got the authenticated user: %s", sess)
+
+			f(w, r)
+		}
+	}
+
+}
+
+// Chain applies middlewares to a http.HandlerFunc
+func Chain(f http.HandlerFunc, middlewares ...Middleware) http.HandlerFunc {
+	for _, m := range middlewares {
+		f = m(f)
+	}
+	return f
+}

app/server/api/query.go

@@ -5,7 +5,6 @@ import (
 	"fmt"
 	"net/http"
 
-	"github.com/julienschmidt/httprouter"
 	"gitlab.com/mobtools/internal-tools-server/models"
 	"gitlab.com/mobtools/internal-tools-server/services"
 )
@@ -16,7 +15,7 @@ import (
 */
 
 // PostQuery executes a custom sql query on the client database
-func PostQuery(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
+func PostQuery(w http.ResponseWriter, r *http.Request) {
 	queryBody := models.ExecQuery{}
 	err := json.NewDecoder(r.Body).Decode(&queryBody)
 	if err != nil {
@@ -39,7 +38,7 @@ func PostQuery(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
 }
 
 // CreateQuery creates a new query for the user in the table
-func CreateQuery(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
+func CreateQuery(w http.ResponseWriter, r *http.Request) {
 	queryBody := models.Query{}
 	err := json.NewDecoder(r.Body).Decode(&queryBody)
 	if err != nil {
@@ -61,7 +60,7 @@ func CreateQuery(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
 }
 
 // UpdateQuery updates a given query in the database for a given account
-func UpdateQuery(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
+func UpdateQuery(w http.ResponseWriter, r *http.Request) {
 	queryBody := models.Query{}
 	err := json.NewDecoder(r.Body).Decode(&queryBody)
 	if err != nil {

app/server/config.yml

@@ -10,3 +10,10 @@ datastore:
   password: root
   schema: mobtools
   maxOpenConnections: 5
+
+auth:
+  provider: google
+  key: 447275779593-5gd5vlqtofcmstit1et2gh949b8m8ss2.apps.googleusercontent.com
+  secret: xJpQZ1Xd5YvJZ6gcVMmBVqFz
+  callbackUrl: /auth/google/callback
+  sessionSecret: (Nm<7b4Sa$

app/server/go.mod

@@ -1,9 +1,11 @@
 module gitlab.com/mobtools/internal-tools-server
 
 require (
+	github.com/gorilla/mux v1.6.2
 	github.com/jinzhu/gorm v1.9.2
 	github.com/jinzhu/inflection v0.0.0-20180308033659-04140366298a // indirect
 	github.com/julienschmidt/httprouter v1.2.0
 	github.com/lib/pq v1.0.0 // indirect
+	github.com/markbates/goth v1.49.0
 	github.com/spf13/viper v1.3.1
 )

app/server/go.sum

@@ -1,26 +1,44 @@
+cloud.google.com/go v0.30.0 h1:xKvyLgk56d0nksWq49J0UyGEeUIicTl4+UBiX1NPX9g=
+cloud.google.com/go v0.30.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
 github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8=
 github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
 github.com/coreos/go-etcd v2.0.0+incompatible/go.mod h1:Jez6KQU2B/sWsbdaef3ED8NzMklzPG4d5KIOhIy30Tk=
 github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/fsnotify/fsnotify v1.4.7 h1:IXs+QLmnXW2CcXuY+8Mzv/fWEsPGWxqefPtCP5CnV9I=
 github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
+github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/gorilla/context v1.1.1 h1:AWwleXJkX/nhcU9bZSnZoi3h/qGYqQAGhq6zZe/aQW8=
+github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg=
+github.com/gorilla/mux v1.6.2 h1:Pgr17XVTNXAk3q/r4CpKzC5xBM/qW1uVLV+IhRZpIIk=
+github.com/gorilla/mux v1.6.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
+github.com/gorilla/pat v0.0.0-20180118222023-199c85a7f6d1/go.mod h1:YeAe0gNeiNT5hoiZRI4yiOky6jVdNvfO2N6Kav/HmxY=
+github.com/gorilla/securecookie v1.1.1 h1:miw7JPhV+b/lAHSXz4qd/nN9jRiAFV5FwjeKyCS8BvQ=
+github.com/gorilla/securecookie v1.1.1/go.mod h1:ra0sb63/xPlUeL+yeDciTfxMRAA+MP+HVt/4epWDjd4=
+github.com/gorilla/sessions v1.1.1 h1:YMDmfaK68mUixINzY/XjscuJ47uXFWSSHzFbBQM0PrE=
+github.com/gorilla/sessions v1.1.1/go.mod h1:8KCfur6+4Mqcc6S0FEfKuN15Vl5MgXW92AE8ovaJD0w=
 github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
 github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
+github.com/jarcoal/httpmock v0.0.0-20180424175123-9c70cfe4a1da/go.mod h1:ks+b9deReOc7jgqp+e7LuFiCBH6Rm5hL32cLcEAArb4=
 github.com/jinzhu/gorm v1.9.2 h1:lCvgEaqe/HVE+tjAR2mt4HbbHAZsQOv3XAZiEZV37iw=
 github.com/jinzhu/gorm v1.9.2/go.mod h1:Vla75njaFJ8clLU1W44h34PjIkijhjHIYnZxMqCdxqo=
 github.com/jinzhu/inflection v0.0.0-20180308033659-04140366298a h1:eeaG9XMUvRBYXJi4pg1ZKM7nxc5AfXfojeLLW7O5J3k=
 github.com/jinzhu/inflection v0.0.0-20180308033659-04140366298a/go.mod h1:h+uFLlag+Qp1Va5pdKtLDYj+kHp5pxUVkryuEj+Srlc=
-github.com/julienschmidt/httprouter v1.2.0 h1:TDTW5Yz1mjftljbcKqRcrYhd4XeOoI98t+9HbQbYf7g=
 github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
 github.com/lib/pq v1.0.0 h1:X5PMW56eZitiTeO7tKzZxFCSpbFZJtkMMooicw2us9A=
 github.com/lib/pq v1.0.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
 github.com/magiconair/properties v1.8.0 h1:LLgXmsheXeRoUOBOjtwPQCWIYqM/LU1ayDtDePerRcY=
 github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
+github.com/markbates/going v1.0.0/go.mod h1:I6mnB4BPnEeqo85ynXIx1ZFLLbtiLHNXVgWeFO9OGOA=
+github.com/markbates/goth v1.49.0 h1:qQ4Ti4WaqAxNAggOC+4s5M85sMVfMJwQn/Xkp73wfgI=
+github.com/markbates/goth v1.49.0/go.mod h1:zZmAw0Es0Dpm7TT/4AdN14QrkiWLMrrU9Xei1o+/mdA=
 github.com/mitchellh/mapstructure v1.1.2 h1:fmNYVwqnSfB9mZU6OS2O6GsXM+wcskZDuKQzvN1EDeE=
 github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
+github.com/mrjones/oauth v0.0.0-20180629183705-f4e24b6d100c/go.mod h1:skjdDftzkFALcuGzYSklqYd8gvat6F1gZJ4YPVbkZpM=
 github.com/pelletier/go-toml v1.2.0 h1:T5zMGML61Wp+FlcbWjRDT7yAxhJNAiPPLOFECq181zc=
 github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/spf13/afero v1.1.2 h1:m8/z1t7/fwjysjQRYbP0RD+bUIF/8tJwPdEZsI83ACI=
 github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ=
@@ -32,14 +50,21 @@ github.com/spf13/pflag v1.0.3 h1:zPAT6CGy6wXeQ7NtTnaTerfKOsV6V6F8agHXFiazDkg=
 github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
 github.com/spf13/viper v1.3.1 h1:5+8j8FTpnFV4nEImW/ofkzEt8VoOiLXxdYIDsB73T38=
 github.com/spf13/viper v1.3.1/go.mod h1:ZiWeW+zYFKm7srdB9IoDzzZXaJaI5eL9QjNiN/DMA2s=
+github.com/stretchr/testify v1.2.2 h1:bSDNvY7ZPG5RlJ8otE/7V6gMiyenm9RtJ7IUVIAoJ1w=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0=
 github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q=
 golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
+golang.org/x/net v0.0.0-20180724234803-3673e40ba225 h1:kNX+jCowfMYzvlSvJu5pQWEmyWFrBXJ3PBy10xKMXK8=
+golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/oauth2 v0.0.0-20180620175406-ef147856a6dd h1:QQhib242ErYDSMitlBm8V7wYCm/1a25hV8qMadIKLPA=
+golang.org/x/oauth2 v0.0.0-20180620175406-ef147856a6dd/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
+golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20181205085412-a5c9d58dba9a h1:1n5lsVfiQW3yfsRGu98756EH1YthsFqr/5mxHduZW2A=
 golang.org/x/sys v0.0.0-20181205085412-a5c9d58dba9a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/text v0.3.0 h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+google.golang.org/appengine v1.2.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=

app/server/models/components.go

@@ -30,23 +30,6 @@ type (
 		Name string `json:"name" sql:"name"`
 	}
 
-	User struct {
-		ID        int64     `json:"id,omitempty" sql:"id"`
-		CreatedAt time.Time `json:"created_at,omitempty" sql:"created_at"`
-		UpdatedAt time.Time `json:"updated_at,omitempty" sql:"updated_at"`
-
-		Username string `json:"username" sql:"username"`
-		Email    string `json:"email" sql:"email"`
-	}
-
-	Role struct {
-		ID        int64     `json:"id,omitempty" sql:"id"`
-		CreatedAt time.Time `json:"created_at,omitempty" sql:"created_at"`
-		UpdatedAt time.Time `json:"updated_at,omitempty" sql:"updated_at"`
-
-		Name string `json:"name" sql:"name"`
-	}
-
 	Page struct {
 		ID        int64     `json:"id,omitempty" sql:"id"`
 		CreatedAt time.Time `json:"created_at,omitempty" sql:"created_at"`

app/server/models/user.go

@@ -0,0 +1,28 @@
+package models
+
+import (
+	"time"
+
+	"github.com/markbates/goth"
+)
+
+type (
+	User struct {
+		ID        int64     `json:"id,omitempty" sql:"id"`
+		CreatedAt time.Time `json:"created_at,omitempty" sql:"created_at"`
+		UpdatedAt time.Time `json:"updated_at,omitempty" sql:"updated_at"`
+
+		Username string `json:"username" sql:"username"`
+		Email    string `json:"email" sql:"email"`
+
+		GothUser goth.User `json:"gothUser,omitempty"`
+	}
+
+	Role struct {
+		ID        int64     `json:"id,omitempty" sql:"id"`
+		CreatedAt time.Time `json:"created_at,omitempty" sql:"created_at"`
+		UpdatedAt time.Time `json:"updated_at,omitempty" sql:"updated_at"`
+
+		Name string `json:"name" sql:"name"`
+	}
+)

app/server/server.go

@@ -4,16 +4,21 @@ import (
 	"fmt"
 	"log"
 	"net/http"
+	"os"
 
-	"github.com/julienschmidt/httprouter"
+	"github.com/gorilla/mux"
+	"github.com/markbates/goth"
+	"github.com/markbates/goth/providers/google"
 	"github.com/spf13/viper"
 	"gitlab.com/mobtools/internal-tools-server/api"
+	"gitlab.com/mobtools/internal-tools-server/api/middleware"
 	"gitlab.com/mobtools/internal-tools-server/models"
 	"gitlab.com/mobtools/internal-tools-server/storage"
 	"gitlab.com/mobtools/internal-tools-server/url"
 )
 
-const baseURL = "/api"
+const baseURL = "/"
+const baseAPIURL = "/api"
 const apiVersion = "/v1"
 
 func main() {
@@ -34,22 +39,36 @@ func main() {
 	log.Fatal(http.ListenAndServe(host+":"+port, router))
 }
 
-func intializeServer() *httprouter.Router {
-	router := httprouter.New()
+func intializeServer() *mux.Router {
+	router := mux.NewRouter()
+	authProvider := viper.GetString("auth.provider")
+	if authProvider == "google" {
+		goth.UseProviders(
+			google.New(viper.GetString("auth.key"), viper.GetString("auth.secret"), "http://localhost:"+viper.GetString("server.port")+viper.GetString("auth.callbackUrl")),
+		)
+	}
+
+	// Auth Endpoints
+	router.HandleFunc(url.LoginURL, middleware.Chain(api.Login, middleware.Method("GET"), middleware.Logging()))
+	router.HandleFunc(url.AuthURL, middleware.Chain(api.InitiateAuth, middleware.Method("GET"), middleware.Logging()))
+	router.HandleFunc(url.AuthCallbackURL, middleware.Chain(api.AuthCallback, middleware.Method("GET"), middleware.Logging()))
+	router.HandleFunc(url.LogoutURL, middleware.Chain(api.Logout, middleware.Method("GET"), middleware.Logging()))
+	router.HandleFunc(url.ProfileURL, middleware.Chain(api.GetUserProfile, middleware.Method("GET"), middleware.Logging()))
 
 	// Account CRUD Endpoints
 
 	// Component CRUD Endpoints
-	router.GET(baseURL+apiVersion+url.ComponentURL, api.GetComponents)
-	router.POST(baseURL+apiVersion+url.ComponentURL, api.CreateComponents)
-	router.PUT(baseURL+apiVersion+url.ComponentURL, api.UpdateComponent)
+	router.HandleFunc(baseAPIURL+apiVersion+url.ComponentURL, middleware.Chain(api.GetComponents, middleware.Method("GET"), middleware.Authenticated(), middleware.Logging()))
+	router.HandleFunc(baseAPIURL+apiVersion+url.ComponentURL, middleware.Chain(api.CreateComponents, middleware.Method("POST"), middleware.Authenticated(), middleware.Logging()))
+	router.HandleFunc(baseAPIURL+apiVersion+url.ComponentURL, middleware.Chain(api.UpdateComponent, middleware.Method("PUT"), middleware.Authenticated(), middleware.Logging()))
 
 	// Page CRUD Endpoints
 
 	// Query CRUD Endpoints
-	router.POST(baseURL+apiVersion+url.QueryURL+"/execute", api.PostQuery)
-	router.POST(baseURL+apiVersion+url.QueryURL, api.CreateQuery)
-	router.PUT(baseURL+apiVersion+url.QueryURL, api.UpdateQuery)
+	router.HandleFunc(baseAPIURL+apiVersion+url.QueryURL+"/execute", middleware.Chain(api.PostQuery, middleware.Method("POST"), middleware.Authenticated(), middleware.Logging()))
+	router.HandleFunc(baseAPIURL+apiVersion+url.QueryURL, middleware.Chain(api.CreateQuery, middleware.Method("POST"), middleware.Authenticated(), middleware.Logging()))
+	router.HandleFunc(baseAPIURL+apiVersion+url.QueryURL, middleware.Chain(api.UpdateQuery, middleware.Method("PUT"), middleware.Authenticated(), middleware.Logging()))
+
 	return router
 }
 
@@ -69,6 +88,12 @@ func parseConfig() {
 	if err != nil {
 		panic(fmt.Errorf("Fatal error while reading config file: %s", err))
 	}
+	if viper.IsSet("auth.sessionSecret") {
+		log.Printf("Setting the session secret to %s", viper.GetString("auth.sessionSecret"))
+		os.Setenv("SESSION_SECRET", viper.GetString("auth.sessionSecret"))
+	} else {
+		os.Setenv("SESSION_SECRET", "123abc")
+	}
 }
 
 func runMigrations() {

app/server/url/constants.go

@@ -2,3 +2,8 @@ package url
 
 const ComponentURL = "/components"
 const QueryURL = "/query"
+const LoginURL = "/login"
+const AuthURL = "/auth/{provider}"
+const AuthCallbackURL = "/auth/{provider}/callback"
+const LogoutURL = "/logout/{provider}"
+const ProfileURL = "/auth/{provider}/user"