This project provides a simple REST API designed for user authentication and secure access to protected resources. It includes endpoints for user registration, login, and accessing protected resources. Ideal for developers needing a foundational backend service to handle user authentication in their applications. The API ensures secure storage of user credentials, supports authentication through access tokens, and demonstrates best practices in API security and user management.
To ensure a structured and maintainable development process, this project follows the principle of separation of concerns. The system is divided into three main components:
-
Database Layer: Responsible for interacting with the database, including storing and retrieving user data. This layer ensures that data-related logic is managed separately from the application logic.
-
Routing Layer: Manages API routes and directs requests to the appropriate controllers. This layer is responsible for determining which endpoint should be accessed based on the URL and HTTP method used.
-
Controller Layer: Handles business logic and application flow. The controller receives requests from the routing layer, interacts with the database layer to access or modify data, and returns the appropriate response to the client.
By separating these components, the project not only ensures cleaner and more manageable code but also enhances the security and scalability of the application.
For this project, the following technologies and libraries have been utilized:
-
Golang: The entire backend service is implemented using Golang. Golang was chosen for its efficiency, performance, and strong support for concurrent programming, which is ideal for building scalable and high-performance APIs.
-
MySQL: MySQL is used as the database for storing user information. MySQL was selected for its reliability, robustness, and extensive support for data management, which ensures secure and efficient handling of user data.
One of the primary challenges faced during this project was organizing the code to adhere to the principle of separation of concerns. Ensuring that the logic for database interactions, routing, and application control was distinctly separated required careful planning and refactoring.
The main difficulty was structuring the codebase so that each component—database layer, routing layer, and controller layer—was effectively isolated, yet functioned seamlessly together. This involved creating clear boundaries between different layers, avoiding tight coupling, and ensuring that each component was responsible for a specific aspect of the application’s functionality.
By addressing these challenges, the project achieved a well-organized and maintainable codebase, enhancing both its security and scalability.
This API provides the following endpoints:
- '/signin' : Used for user authentication. You need to provide the email and password in JSON format to receive an access token.
Request:
{
"email": "user@example.com",
"password": "yourpassword"
}- '/signup' : Used for user registration. You need to provide username, email, and password in JSON format.
Request:
{
"username": "yourusername",
"email": "user@example.com",
"password": "yourpassword"
}- '/user' : A protected route that requires a bearer token obtained from the /signin route. The token must be included in the Authorization header as a Bearer token.
Request Header:
Authorization: Bearer <your_access_token>
To run this project, you will need to add the following environment variables to your .env file example file
SERVER_HOST
SERVER_PORT
DB_HOST
DB_PORT
DB_USERNAME
DB_PASSWORD
DB_NAME
Follow these steps:
- Clone the repository:
git clone https://github.com/fossyy/AuthServiceAPI.git- Install dependencies::
cd AuthServiceAPI
go mod tidy- Build and run the application:
go run main.go- Access the application in Postman or a similar tool: http://localhost:8000
Alternatively, you can download the pre-built binary:
-
Download the binary from the repository's releases.
-
Run the binary directly:
./AuthServiceAPI- Access the application in Postman or a similar tool: http://localhost:8000