A simple lightweight authentication API built in Golang designed to be a fast and easy start for other projects. It includes JWT token generation for secure authentication, bcrypt cryptography for password hashing, and MongoDB for storing user credentials. This API also tries to avoid CSRF and XSS attacks to ensure basic levels of security.
The project focuses on enabling a fast and easy start. Thinking on that, nothing better than the golang standards project layout. A well known layout among Go users that encourages best practices like modularization and separation of concerns, which can improve code quality and scalability.
So, if you have questions about the layout check the link above!
-
GIN (Web Framework): The application leverages the Gin web framework to handle HTTP requests, routing, and middleware, ensuring fast and scalable API development.
-
JWT (JSON Web Token): JWT token creation, validation, and parsing to provide a secure and efficient way to manage authentication and authorization in the application.
-
Bcrypt (Cryptography package): Securely hash and compare passwords providing a reliable method for storing and verifying passwords, ensuring that user credentials are protected against unauthorized access.
-
Testcontainers: Testcontainers is a library for creating lightweight, disposable Docker containers for automated tests. It enables reliable and reproducible test environments, ensuring consistent integration testing by mimicking production-like setups.
-
Docker: Docker is used to containerize the application, making it easy to manage dependencies and ensure consistency across different environments.
-
MongoDB: NoSQL database with a robust and efficient way to perform CRUD operations, query data, and manage transactions in the application.
To get started with the authentication api, follow these steps:
-
Clone the repository to your local machine.
-
Ensure you have Golang and Docker installed.
-
Build and run the application using Docker Compose.
docker compose up -d --build
-
Access the application's API endpoints from localhost:8080 to interact with the authetication api.
Use the API endpoints to manage your users effectively.
GET /user?id=<userId>: Get user infos.GET /refreshToken: Refresh access token using refresh token.POST /login: Login with user credentials (returns JWT with user ID claim).POST /save: Create a new user.PUT /update?id=<userId>: Update user data.DELETE /delete?id=<userId>: Delete user.
OBS: Passwords must be at least 8 characters long
The application is covered by integration tests focused on verifying that the application works correctly as a whole.
Run integration tests:
go test github.com/Beretta350/authentication/tests/integration
OBS: Becareful with timeout setted, the integration tests running time is arround 100s
We welcome contributions to this authentication api. If you're interested in enhancing or extending its functionality, feel free to create pull requests or open issues on the repository.
Enjoy using this simple lightweight authentication API built with Golang and Gin!