feat: user login/logout (#5)

Author: lianjin

.github/ci/docker-compose.yml

@@ -17,14 +17,17 @@ services:
       context: ../../server
       dockerfile: Dockerfile
     container_name: ceramicraft-user-mservice
+    environment:
+      - MYSQL_PASSWORD=${MYSQL_PASSWORD}
+      - SMTP_PASSWORD=${SMTP_PASSWORD}
+      - SMTP_EMAIL_FROM=${SMTP_EMAIL_FROM}
+      - JWT_SECRET=${JWT_SECRET}
     depends_on:
       - mysql
     networks:
       - ci-net
     ports:
       - "8080:8080"   # 只给宿主机（ZAP）用
-    environment:
-      - MYSQL_PASSWORD=${MYSQL_PASSWORD}
     command: ["sh", "-c", "apt-get update && apt-get install -y netcat-openbsd && chmod +x /app/wait-for.sh && ./wait-for.sh mysql-container 3306 ./main"]
     volumes:
       - ./wait-for.sh:/app/wait-for.sh   # CI 专用配置

.github/workflows/deploy.yml

@@ -19,6 +19,23 @@ on:
           - rollback
 
 jobs:
+  generate-env:
+    name: Generate .env file
+    runs-on: ubuntu-latest
+    outputs:
+      env-path: ${{ steps.set-output.outputs.env-path }}
+    steps:
+      - name: Generate .env file
+        run: |
+          echo "MYSQL_PASSWORD=${{ secrets.MYSQL_PASSWORD }}" >> env-file
+          echo "SMTP_PASSWORD=${{ secrets.SMTP_PASSWORD }}" >> env-file
+          echo "SMTP_EMAIL_FROM=${{ secrets.SMTP_EMAIL_FROM }}" >> env-file
+          echo "JWT_SECRET=${{ secrets.JWT_SECRET }}" >> env-file
+      - name: Upload env-file as artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: env-file
+          path: env-file
   build:
     if: ${{ github.event.inputs.command == 'deploy' }} # ← 仅在 deploy 时构建
     runs-on: ubuntu-latest
@@ -40,19 +57,26 @@ jobs:
           docker push "${DOCKER_HUB_USERNAME}/ceramicraft-user-mservice:${{ github.event.inputs.version }}"
   deploy:
     if: ${{ github.event.inputs.command == 'deploy' }}
-    needs: build
+    needs: 
+        - build
+        - generate-env
     runs-on: self-hosted
     env:
       DOCKER_HUB_USERNAME: ${{ secrets.DOCKER_HUB_USERNAME }}
     steps:
+      - name: Download .env file
+        uses: actions/download-artifact@v4
+        with:
+          name: env-file
+          path: .
       - name: pull the docker image
         run: |
           docker pull "${DOCKER_HUB_USERNAME}/ceramicraft-user-mservice:${{ github.event.inputs.version }}"
       - name: run docker container
         run: |
           docker stop ceramicraft-user-mservice || true
           docker rm ceramicraft-user-mservice || true
-          docker run -d --name ceramicraft-user-mservice --network ceramicraft-network -e MYSQL_PASSWORD=${{ secrets.MYSQL_PASSWORD }} -p 8080:8080 "${DOCKER_HUB_USERNAME}/ceramicraft-user-mservice:${{ github.event.inputs.version }}"
+          docker run -d --name ceramicraft-user-mservice --network ceramicraft-network --env-file env-file "${DOCKER_HUB_USERNAME}/ceramicraft-user-mservice:${{ github.event.inputs.version }}"
   restart:
     if: ${{ github.event.inputs.command == 'restart' }}
     runs-on: self-hosted
@@ -63,14 +87,20 @@ jobs:
   rollback:
     if: ${{ github.event.inputs.command == 'rollback' }}
     runs-on: self-hosted
+    needs: generate-env
     env:
       DOCKER_HUB_USERNAME: ${{ secrets.DOCKER_HUB_USERNAME }}
     steps:
+      - name: Download .env file
+        uses: actions/download-artifact@v4
+        with:
+          name: env-file
+          path: .
       - name: pull the docker image
         run: |
           docker pull "${DOCKER_HUB_USERNAME}/ceramicraft-user-mservice:${{ github.event.inputs.version }}"
       - name: run docker container
         run: |
           docker stop ceramicraft-user-mservice || true
           docker rm ceramicraft-user-mservice || true
-          docker run -d --name ceramicraft-user-mservice --network ceramicraft-network -p 8080:8080 "${DOCKER_HUB_USERNAME}/ceramicraft-user-mservice:${{ github.event.inputs.version }}"
+          docker run -d --name ceramicraft-user-mservice --network ceramicraft-network --env-file env-file "${DOCKER_HUB_USERNAME}/ceramicraft-user-mservice:${{ github.event.inputs.version }}"

.github/workflows/zap.yml

@@ -9,32 +9,55 @@ on:
             - main
 
 jobs:
-    zap:
-        name: ZAP Scan
-        runs-on: ubuntu-latest
-        steps:
-            - name: Checkout code
-              uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
-            - name: Set up Docker Buildx
-              uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435
-            
-            - name: Build and run Docker Compose
-              run: |
-                MYSQL_PASSWORD=${{ secrets.MYSQL_PASSWORD }} docker compose -f .github/ci/docker-compose.yml up --build -d
-                timeout 180 bash -c 'until [ "$(docker compose -f .github/ci/docker-compose.yml ps ceramicraft-user-mservice --format json | jq -r .Health)" = "healthy" ]; do sleep 2; done'
-            - name: Check Docker Compose Logs
-              if: failure()
-              run: |
-                docker compose -f .github/ci/docker-compose.yml logs
-            - name: Run ZAP Scan
-              uses: zaproxy/action-full-scan@75ee1686750ab1511a73b26b77a2aedd295053ed
-              with:
-                target: 'http://localhost:8080'   # ZAP accesses the host-mapped port
-                cmd_options: '-s'
-                fail_action: false                  # Do not fail CI even if vulnerabilities are found
-                allow_issue_writing: false           # Disable automatic creation of GitHub Issues
-                issue_title: 'ZAP Security Scan Alert'
-                artifact_name: 'zap-report'         # Attachment report
-            - name: Tear down
-              if: always()
-              run: docker compose -f .github/ci/docker-compose.yml down --volumes --remove-orphans
+  generate-env:
+    name: Generate .env file
+    runs-on: ubuntu-latest
+    outputs:
+      env-path: ${{ steps.set-output.outputs.env-path }}
+    steps:
+      - name: Generate .env file
+        run: |
+          echo "MYSQL_PASSWORD=${{ secrets.MYSQL_PASSWORD }}" >> env-file
+          echo "SMTP_PASSWORD=${{ secrets.SMTP_PASSWORD }}" >> env-file
+          echo "SMTP_EMAIL_FROM=${{ secrets.SMTP_EMAIL_FROM }}" >> env-file
+          echo "JWT_SECRET=${{ secrets.JWT_SECRET }}" >> env-file
+      - name: Upload env-file as artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: env-file
+          path: env-file
+  zap:
+    name: ZAP Scan
+    runs-on: ubuntu-latest
+    needs: 
+      - generate-env
+    steps:
+        - name: Checkout code
+          uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
+        - name: Set up Docker Buildx
+          uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435
+        - name: Download .env file
+          uses: actions/download-artifact@v4
+          with:
+            name: env-file
+            path: .
+        - name: Build and run Docker Compose
+          run: |
+            docker compose -f .github/ci/docker-compose.yml --env-file env-file up --build -d
+            timeout 180 bash -c 'until [ "$(docker compose -f .github/ci/docker-compose.yml ps ceramicraft-user-mservice --format json | jq -r .Health)" = "healthy" ]; do sleep 2; done'
+        - name: Check Docker Compose Logs
+          if: failure()
+          run: |
+            docker compose -f .github/ci/docker-compose.yml logs
+        - name: Run ZAP Scan
+          uses: zaproxy/action-full-scan@75ee1686750ab1511a73b26b77a2aedd295053ed
+          with:
+            target: 'http://localhost:8080'   # ZAP accesses the host-mapped port
+            cmd_options: '-s'
+            fail_action: false                  # Do not fail CI even if vulnerabilities are found
+            allow_issue_writing: false           # Disable automatic creation of GitHub Issues
+            issue_title: 'ZAP Security Scan Alert'
+            artifact_name: 'zap-report'         # Attachment report
+        - name: Tear down
+          if: always()
+          run: docker compose -f .github/ci/docker-compose.yml down --volumes --remove-orphans

.gitignore

@@ -32,3 +32,4 @@ go.work.sum
 .vscode/
 
 server/logs
+.env

README.md

@@ -1 +1,23 @@
-# ceramicraft-user-mservice
+# ceramicraft-user-mservice
+## Functional Features
+1. support customer/platform admin login/logout, same API with cookie setted under different domain
+2. authenticate with jwt token
+3. support new customer registration, verified by email opt code
+4. provide auth filter for other microservice use
+
+## Detail Disign
+[see the document](https://cerami-craft.atlassian.net/wiki/spaces/swe5006gro/pages/4554754/UserService)
+
+## startup dependency
+1. Mysql
+2. email sending config
+3. docker startup
+```
+cd server
+docker build -t ${DOCKER_HUB_USERNAME}/ceramicraft-user-mservice:<version> .
+docker run -d --name ceramicraft-user-mservice -e MYSQL_PASSWORD=${{ secrets.MYSQL_PASSWORD }} -e SMTP_PASSWORD=${{ secrets.SMTP_PASSWORD }} -e SMTP_EMAIL_FROM=${{ secrets.SMTP_EMAIL_FROM }} "${DOCKER_HUB_USERNAME}/ceramicraft-user-mservice:${{ github.event.inputs.version }}"
+```
+4. non-containerized startup
+```
+MYSQL_PASSWORD=your_password SMTP_PASSWORD=your_smtp_password SMTP_EMAIL_FROM=your_email@example.com go run server/main.go
+```

common/bo/user.go

@@ -0,0 +1,7 @@
+package bo
+
+type UserBO struct {
+	ID       int    `json:"id"`
+	Email    string `json:"email"`
+	Password string `json:"password"`
+}

common/go.mod

@@ -3,13 +3,42 @@ module github.com/NUS-ISS-Agile-Team/ceramicraft-user-mservice/common
 go 1.24.0
 
 require (
+	github.com/gin-gonic/gin v1.11.0
+	github.com/golang-jwt/jwt/v5 v5.2.2
 	google.golang.org/grpc v1.75.1
 	google.golang.org/protobuf v1.36.9
 )
 
 require (
-	golang.org/x/net v0.41.0 // indirect
-	golang.org/x/sys v0.33.0 // indirect
-	golang.org/x/text v0.26.0 // indirect
+	github.com/bytedance/sonic v1.14.0 // indirect
+	github.com/bytedance/sonic/loader v0.3.0 // indirect
+	github.com/cloudwego/base64x v0.1.6 // indirect
+	github.com/gabriel-vasile/mimetype v1.4.8 // indirect
+	github.com/gin-contrib/sse v1.1.0 // indirect
+	github.com/go-playground/locales v0.14.1 // indirect
+	github.com/go-playground/universal-translator v0.18.1 // indirect
+	github.com/go-playground/validator/v10 v10.27.0 // indirect
+	github.com/goccy/go-json v0.10.2 // indirect
+	github.com/goccy/go-yaml v1.18.0 // indirect
+	github.com/json-iterator/go v1.1.12 // indirect
+	github.com/klauspost/cpuid/v2 v2.3.0 // indirect
+	github.com/leodido/go-urn v1.4.0 // indirect
+	github.com/mattn/go-isatty v0.0.20 // indirect
+	github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421 // indirect
+	github.com/modern-go/reflect2 v1.0.2 // indirect
+	github.com/pelletier/go-toml/v2 v2.2.4 // indirect
+	github.com/quic-go/qpack v0.5.1 // indirect
+	github.com/quic-go/quic-go v0.54.0 // indirect
+	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
+	github.com/ugorji/go/codec v1.3.0 // indirect
+	go.uber.org/mock v0.5.0 // indirect
+	golang.org/x/arch v0.20.0 // indirect
+	golang.org/x/crypto v0.40.0 // indirect
+	golang.org/x/mod v0.25.0 // indirect
+	golang.org/x/net v0.42.0 // indirect
+	golang.org/x/sync v0.16.0 // indirect
+	golang.org/x/sys v0.35.0 // indirect
+	golang.org/x/text v0.27.0 // indirect
+	golang.org/x/tools v0.34.0 // indirect
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20250707201910-8d1bb00bc6a7 // indirect
 )