API service for user and role management.
The project was created as homework for {{ Comapny Name }}.
Below is a table of available REST API endpoints and their description.
name endpoint description request response status codes
| Name | Endpoint | Method | Auth method | Description | Request schema | Response schema |
|---|---|---|---|---|---|---|
| Create user | /user |
POST | no | Body: {username: string, password: string} |
{username: string} |
|
| Delete user | /user/{username} |
DELETE | no | Path: {username: string} |
no content | |
| Create role | /role |
POST | no | Body: {role_name: string} |
{role_name: string} |
|
| Delete role | /role/{role_name} |
DELETE | no | Path: {role_name: string} |
no content | |
| Add role to user | /user/role |
POST | no | Body:{role_name: string} |
no content | |
| SignIn | /signin |
POST | no | Body: {username: string, password: string} |
{token: string} |
|
| SingOut | /signout |
POST | auth token | no content | ||
| UserHasRole | /user/role/{role_name} |
HEAD | auth token | Body: {role_name: string} |
{result: bool} |
|
| Get User roles | /user/role |
GET | auth token | {roles: Array<string>} |
In order to build and run the service you only need to have the latest version of golang on your machine.
- Echo web framework - better alternative to the standard library's http server mux to avoid a lot of boilerplate code.
- golang crypto - experimental crypto library for hashing the passwords with salt and comparing them in constant time to secure the server from time-based brute force attacks.
Run the command below to build the app:
go build -o app ./cmd/app/main.goYou can run the executable built earlier or use go run command:
go run ./cmd/app/main.goRun the command below to run the tests:
go test -v -count=1 -race ./...- Add more tests for edge cases.
- Make full test coverage for API server, though the underlying services logic is tested.
- Use
context.Contextfor service and store as we might use real database in the future the fore request cancellation is must have. - Implement transactional operations for in-memory database. Current version doesn't have transaction and might lead to data races in some cases.
- Make application configurable through CLI flags or config file.