Giters

fanesz / Advance-Auth

An Advance Auth for backend microservice using Golang.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

gin-gonicgolanggormpostgresql

Update: Take a look for the newest version: golang-restful-api-templete

ADVANCE AUTH with Golang

This is a personal project I created for learning the Go programming language. I built this project over 3 days with no prior experience or knowledge of the Go language. I used online resources such as YouTube for basic concepts and project flow. I also learned about working with databases by reading the documentation provided by the library. All the features in this project were developed from scratch based on my own ideas and have not been implemented in real-world cases before.

Login-Logic

Tech Stack

Routes

  • /auth/login - For user login
  • /auth/logout - For user logout
  • /auth/isLogin - To check if a user is already logged in
  • /user/register - To create a new account
  • /update/username - To update the username of an account
  • /resetpw/request - To request a password reset token
  • /resetpw/validate - To validate the password reset token
  • /resetpw/reset - To reset the password
  • /verify/resend - To resend an account verify link
  • /verify/validate - To validate the verify token

Feature

  • Middleware - Auth middleware feature using JSON Web Token (JWT) that stores the user's UUID with an expiration date of 14 days.
  • Mailer - Uses SMTP API to send emails to users.
  • Check IP Address and Device when performing actions related to user account data.
  • Email notifications if there is a login from a different IP Address or Device.
  • Action termination if the JWT token stored in the client's browser is stolen and used by a different IP Address or Device, along with email notifications.
  • Password reset with a reset link sent via email with a 10-minute time limit for using the reset token and a limit of 3 request attempts with a 10-minute cooldown.
  • Automatic database migration by GORM using models.
  • Account Validator - Users can still log in, but they will have a label 'is_verified.' Users can resend the verification token to their email with a limit of 3 times per day.

Error Code

Equipped with Response Error Codes used in the API Response when an error occurs:

  • [1] REQ_WRONG_BODY_FORMAT - Frontend sends a request with an incorrect body format.
  • [2] REQ_FIELD_ERROR - Data duplication occurs that does not comply with the database field requirements.
  • [3] DB_QUERY_ERROR - An error occurs in the database request.
  • [4] AUTH_MISSING_JWT - Accessing the API without JWT.
  • [5] AUTH_WRONG_JWT - Accessing the API with an incorrect JWT.
  • [6] AUTH_TOKEN_EXPIRED - Accessing the API with an expired JWT.
  • [7] AUTH_EMAIL_NOT_FOUND - Email used for login does not match the database.
  • [8] AUTH_WRONG_PASSWORD - Incorrect password.
  • [9] AUTH_USER_NOT_LOGGEDIN - User has not logged in.
  • [10] AUTH_DIFFERENT_IP_OR_DEVICE - Action from a different IP Address or Device.
  • [11] RESETPW_INVALID_TOKEN - Invalid Token during password reset.
  • [12] RESETPW_EXPIRED_TOKEN - Expired Token during password reset.
  • [13] RESETPW_MAX_LIMIT_REQUEST - Maximum limit for password reset requests.
  • [14] FAILED_GENERATE_JWT - Failed to generate JWT.
  • [15] FAILED_ENCRYPT - Failed to encrypt the password.
  • [16] VERIFY_INVALID_TOKEN - Invalid token during validating account.
  • [17] VERIFY_MAX_LIMIT_REQUEST - Maximum limit for verify resend.
  • [18] VERIFY_ALREADY_VERIFIED - Resend a verifying token when user already verified.

About

An Advance Auth for backend microservice using Golang.

gin-gonicgolanggormpostgresql

License:BSD 3-Clause "New" or "Revised" License

Languages

Language:Go 100.0%