使用 Go 构建基于 OTP 的身份验证服务器：第 3 部分

this article details building an otp-based authentication server using go, focusing on twilio otp integration, asynchronous processing with goroutines, and token-based user authentication. let's break down the key improvements and additions to the system.

Twilio OTP Integration

The core functionality involves sending OTPs via Twilio's Messaging API. The sendotpviatwilio function uses the Twilio Go SDK to achieve this, incorporating a retry mechanism for robust delivery. Crucially, the code emphasizes the performance optimization of asynchronous OTP sending using goroutines.

Asynchronous OTP Sending with Goroutines

Sequential OTP sending is inefficient. The solution leverages goroutines to offload this task to separate routines. A sync.WaitGroup is introduced to manage concurrent goroutines, ensuring all OTP sending operations complete before the server shuts down. A helper function, background, is created to simplify the launching of background tasks within goroutines.

Database Token Table Creation

A new table, tokens, is added to the database to store user authentication tokens. This table includes the token hash, user ID, expiry time, and scope. Migration scripts (000002_create-token.up.sql and 000002_create-token.down.sql) are provided for database schema management.

Token Model and Functionality

A tokenmodel struct and associated functions (generatetoken, insert, deleteallforuser, new) are implemented within internals/data/models.go. These handle token generation (using SHA-256 hashing and base32 encoding), insertion into the database, and deletion.

Updated User Registration Handler (handleusersignupandverification)

The registration handler is enhanced to manage both OTP generation/sending and verification. It uses Redis for temporary OTP storage, and it handles both scenarios:

1. OTP Generation: If no OTP is provided, a new OTP is generated, stored in Redis with a 5-minute expiry, and sent asynchronously using Twilio and a goroutine.
2. OTP Verification: If an OTP is provided, it's validated against the Redis store. Upon successful validation, the user is created or retrieved from the database, an authentication token is generated using generatetokenforuser, and this token is returned to the client.

Middleware Layer

Three key middleware functions are implemented:

• recoverpanic: Catches panics during request processing and returns a 500 error, preventing server crashes.
• authenticate: Validates bearer tokens from the Authorization header, retrieves the associated user from the database, and adds it to the request context.
• requireauthenticateduser: Checks for a valid authenticated user in the request context; returns a 401 error if the user is anonymous.

Context Management

The context.go file provides helper functions (contextsetuser, contextgetuser) to manage user data within the request context using a custom contextkey. This allows handlers to access user information easily.

Server Configuration

The server configuration integrates the middleware functions, applying recoverpanic and authenticate globally, and requireauthenticateduser to protected routes. Timeouts are also configured for robust server operation. An example of using requireauthenticateduser on a protected route (/protected) is shown.

Future Steps

The article outlines future enhancements, including file uploads, graceful server shutdown, and metrics integration. The complete code is available on GitHub (link provided).

This revised explanation provides a more structured and detailed overview of the article's content.

以上就是使用 Go 构建基于 OTP 的身份验证服务器：第 3 部分的详细内容，更多请关注php中文网其它相关文章！