github.com/dhax/go-base@v0.0.0-20231004214136-8be7e5c1972b/README.md (about) 1 # Go Restful API Boilerplate 2 3 [![GoDoc Badge]][godoc] [![GoReportCard Badge]][goreportcard] 4 5 Easily extendible RESTful API boilerplate aiming to follow idiomatic go and best practice. 6 7 The goal of this boiler is to have a solid and structured foundation to build upon on. 8 9 Any feedback and pull requests are welcome and highly appreciated. Feel free to open issues just for comments and discussions. 10 11 ## Features 12 13 The following feature set is a minimal selection of typical Web API requirements: 14 15 - Configuration using [viper](https://github.com/spf13/viper) 16 - CLI features using [cobra](https://github.com/spf13/cobra) 17 - PostgreSQL support including migrations using [go-pg](https://github.com/go-pg/pg) 18 - Structured logging with [Logrus](https://github.com/sirupsen/logrus) 19 - Routing with [chi router](https://github.com/go-chi/chi) and middleware 20 - JWT Authentication using [lestrrat-go/jwx](https://github.com/lestrrat-go/jwx) with example passwordless email authentication 21 - Request data validation using [ozzo-validation](https://github.com/go-ozzo/ozzo-validation) 22 - HTML emails with [go-mail](https://github.com/go-mail/mail) 23 24 ## Start Application 25 26 - Clone and change into this repository 27 28 ### Local 29 30 - Create a postgres database and set environment variables for your database accordingly if not using below defaults 31 - Run the application to see available commands: `go run main.go` 32 - Run all migrations from database/migrate folder: `go run main.go migrate` 33 - Run the application with command _serve_: `go run main.go serve` 34 35 ### Using Docker Compose 36 37 - First start the database only: `docker compose up -d postgres` 38 - Once initialize the database by running all migrations in database/migrate folder: `docker compose exec server ./main migrate` 39 - Start the api server: `docker compose up server` 40 41 ## API Routes 42 43 ### Authentication 44 45 For passwordless login following routes are available: 46 47 | Path | Method | Required JSON | Header | Description | 48 | ------------- | ------ | ------------- | ------------------------------------- | ----------------------------------------------------------------------- | 49 | /auth/login | POST | email | | the email you want to login with (see below) | 50 | /auth/token | POST | token | | the token you received via email (or printed to stdout if smtp not set) | 51 | /auth/refresh | POST | | Authorization: "Bearer refresh_token" | refresh JWTs | 52 | /auth/logout | POST | | Authorizaiton: "Bearer refresh_token" | logout from this device | 53 54 ### Example API 55 56 Besides /auth/_ the API provides two main routes /api/_ and /admin/\*, as an example to separate application and administration context. The latter requires to be logged in as administrator by providing the respective JWT in Authorization Header. 57 58 Check [routes.md](routes.md) for a generated overview of the provided API routes. 59 60 ### Client API Access and CORS 61 62 The server is configured to serve a Progressive Web App (PWA) client from _./public_ folder (this repo only serves an example index.html, see below for a demo PWA client to put here). In this case enabling CORS is not required, because the client is served from the same host as the api. 63 64 If you want to access the api from a client that is serverd from a different host, including e.g. a development live reloading server with below demo client, you must enable CORS on the server first by setting environment variable _ENABLE_CORS=true_ on the server to allow api connections from clients serverd by other hosts. 65 66 #### Demo client application 67 68 For demonstration of the login and account management features this API serves a demo [Vue.js](https://vuejs.org) PWA. The client's source code can be found [here](https://github.com/dhax/go-base-vue). Build and put it into the api's _./public_ folder, or use the live development server (requires CORS enabled). 69 70 Outgoing emails containing the login token will be print to stdout if no valid email smtp settings are provided by environment variables (see table below). If _EMAIL_SMTP_HOST_ is set but the host can not be reached the application will exit immediately at start. 71 72 Use one of the following bootstrapped users for login: 73 74 - admin@boot.io (has access to admin panel) 75 - user@boot.io 76 77 A deployed version can also be found on [Heroku](https://govue.herokuapp.com) 78 79 ### Testing 80 81 Package auth/pwdless contains example api tests using a mocked database. Run them with: `go test -v ./...` 82 83 ### Environment Variables 84 85 By default viper will look at $HOME/.go-base.yaml for a config file. Setting your config as Environment Variables is recommended as by 12-Factor App. 86 87 | Name | Type | Default | Description | 88 | ----------------------- | ------------- | --------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | 89 | PORT | string | localhost:3000 | http address (accepts also port number only for heroku compability) | 90 | LOG_LEVEL | string | debug | log level | 91 | LOG_TEXTLOGGING | bool | false | defaults to json logging | 92 | DB_NETWORK | string | tcp | database 'tcp' or 'unix' connection | 93 | DB_ADDR | string | localhost:5432 | database tcp address or unix socket | 94 | DB_USER | string | postgres | database user name | 95 | DB_PASSWORD | string | postgres | database user password | 96 | DB_DATABASE | string | postgres | database shema name | 97 | AUTH_LOGIN_URL | string | http://localhost:3000/login | client login url as sent in login token email | 98 | AUTH_LOGIN_TOKEN_LENGTH | int | 8 | length of login token | 99 | AUTH_LOGIN_TOKEN_EXPIRY | time.Duration | 11m | login token expiry | 100 | AUTH_JWT_SECRET | string | random | jwt sign and verify key - value "random" creates random 32 char secret at startup (and automatically invalidates existing tokens on app restarts, so during dev you might want to set a fixed value here) | 101 | AUTH_JWT_EXPIRY | time.Duration | 15m | jwt access token expiry | 102 | AUTH_JWT_REFRESH_EXPIRY | time.Duration | 1h | jwt refresh token expiry | 103 | EMAIL_SMTP_HOST | string | | email smtp host (if set and connection can't be established then app exits) | 104 | EMAIL_SMTP_PORT | int | | email smtp port | 105 | EMAIL_SMTP_USER | string | | email smtp username | 106 | EMAIL_SMTP_PASSWORD | string | | email smtp password | 107 | EMAIL_FROM_ADDRESS | string | | from address used in sending emails | 108 | EMAIL_FROM_NAME | string | | from name used in sending emails | 109 | ENABLE_CORS | bool | false | enable CORS requests | 110 111 [godoc]: https://godoc.org/github.com/dhax/go-base 112 [godoc badge]: https://godoc.org/github.com/dhax/go-base?status.svg 113 [goreportcard]: https://goreportcard.com/report/github.com/dhax/go-base 114 [goreportcard badge]: https://goreportcard.com/badge/github.com/dhax/go-base