Go RESTful API starter kit with Gin, JWT, GORM (MySQL, PostgreSQL, SQLite), Redis, Mongo, 2FA, email verification, password recovery
MIT License
Bot releases are visible (Hide)
Published by pilinux about 1 year ago
Full Changelog: https://github.com/pilinux/gorest/compare/v1.6.20...v1.6.21
Published by pilinux about 1 year ago
delete all hashes of active 2FA backup codes (if any) of a user when the user disables 2FA
Full Changelog: https://github.com/pilinux/gorest/compare/v1.6.19...v1.6.20
Published by pilinux about 1 year ago
time.Now()
throughout the project to select current local timego.sum
filesPublished by pilinux about 1 year ago
option to save user email in encrypted form at rest
by setting ACTIVATE_CIPHER=yes
and adding a random
secret to CIPHER_KEY
. If there are existing accounts,
the auth functionality will still work properly. Once
encryption at rest is enabled and a new user account
is registered, it is not possible to downgrade to
insecure plaintext mode.
option to harden SHA-based hashing algorithm for 2FA
by setting TWO_FA_DOUBLE_HASH=yes
.
optionally use secrets BLAKE2B_SECRET
for blake2b
hashing.
if ACTIVATE_CIPHER=yes
, ChaCha20-Poly1305 (256-bit)
is used for email encryption.
for 2FA keys, AES-256 is used as before.
a new controller and services are included to generate
backup codes for 2FA.
an improved go doc.
Published by pilinux about 1 year ago
HASH_SECRET
HASH_SECRET
empty will not break the auth functionalityPublished by pilinux about 1 year ago
Load hostname or IP from .env
.
To listen to all interfaces, keep APP_HOST
empty.
Published by pilinux about 1 year ago
chore(deps): bump go.mongodb.org/mongo-driver from 1.12.0 to 1.12.1
access
refresh
]JWT middleware
Published by pilinux about 1 year ago
Client can send the refresh token from HttpOnly cookie, as a Bearer token in the Authorization header, or in the body as JSON.
User can remove all unused variables from the .env
file to keep it clean
Published by pilinux over 1 year ago
Bumps github.com/qiniu/qmgo from 1.1.7 to 1.1.8.
Bumps go.mongodb.org/mongo-driver from 1.11.7 to 1.12.0.
Bumps github.com/mediocregopher/radix/v4 from 4.1.2 to 4.1.3.
Bumps gorm.io/gorm from 1.25.1 to 1.25.2.
Bumps gorm.io/driver/sqlite from 1.5.1 to 1.5.2.
Bumps github.com/alexedwards/argon2id from v0.0.0-20211130144151-3585854a6387 to v0.0.0-20230305115115-4b3c3280a736.
Bumps github.com/lib/pq from v1.10.4 to v1.10.9.
Bumps github.com/rogpeppe/go-internal from v1.10.0 to v1.11.0.
Published by pilinux over 1 year ago
⚡ github.com/qiniu/qmgo: v1.1.6 -> v1.1.7
gosec
security scanner Github action added⚡ ValidateAccessJWT
and ValidateRefreshJWT
functions are now exported
Published by pilinux over 1 year ago
Published by pilinux over 1 year ago
⚡ handle authentication tokens on client devices' cookies
⚡ logout (individually enable option - delete tokens from cookies, ban active tokens)
Published by pilinux over 1 year ago
⚡ option to use encrypted connections to MySQL instance
please check newly added environment variables for .env
file
⚡ bumped gin from v1.8.2
to v1.9.0
⚡ bumped golang-jwt/jwt/v4 from v4.4.3
to v4.5.0
⚡ when environment variables are loaded during config settings,
remove leading and trailing whitespaces
⚡ new test files added for lib
middleware
Published by pilinux over 1 year ago
⚡ github.com/qiniu/qmgo from v1.1.4
to v1.1.5
⚡ github.com/mediocregopher/radix/v4 from v4.1.1
to v4.1.2
⚡ gorm.io/gorm from v1.24.3
to v1.24.5
⚡ github.com/joho/godotenv from v1.4.0
to v1.5.1
⚡ gorm.io/driver/mysql from v1.4.5
to v1.4.7
⚡ gorm.io/driver/postgres from v1.4.6
to v1.4.8
⚡ go.mongodb.org/mongo-driver from v1.11.1
to v1.11.2
⚡ github.com/jackc/pgx/v5 from v5.2.0
to v5.3.0
⚡ github.com/lib/pq from v1.10.2
to v1.10.4
⚡ github.com/youmark/pkcs8 set to v0.0.0-20181117223130-1be2e3e5546d
⚡ golang.org/x/crypto from v0.4.0
to v0.6.0
⚡ golang.org/x/net from v0.4.0
to v0.7.0
⚡ golang.org/x/sync from v0.0.0-20220923202941-7f9b1623fab7
to v0.1.0
⚡ golang.org/x/sys from v0.3.0
to v0.5.0
⚡ golang.org/x/text from v0.5.0
to v0.7.0
CWE-400
Details: https://cwe.mitre.org/data/definitions/400.html
added test files for middleware
package
Published by pilinux almost 2 years ago
⚡ gin
bumped to v1.8.2
⚡ gorm
bumped to 1.24.3
⚡ gorm mysql
driver bumped to 1.4.5
⚡ gorm postgres
driver bumped to 1.4.6
⚡ gorm sqlite
driver bumped to 1.4.4
⚡ mongodb mongo
driver bumped to 1.11.1
⚡ after activating 2-FA for an account, JSON was sending wrong 2-FA status
⚡ abort when sentry NewHook
fails
⚡ perform all checks in TwoFA
middleware
⚡ handle and return the error from config
Please modify your existing code to load all environment variables properly
import (
"fmt"
gconfig "github.com/pilinux/gorest/config"
)
func main() {
// set configs
err := gconfig.Config()
if err != nil {
fmt.Println(err)
return
}
// read configs
configure := gconfig.GetConfig()
... ...
}
If you need to add additional environment variables for your application,
⚡ add them to the .env file
⚡ create a separate internal package
⚡ implement your own logic
⚡ and use gconfig.Env()
to load your custom environment variables
You can study config
package to get a better understanding of the process.
Published by pilinux almost 2 years ago
💎 go
bumped to v1.19
🔑 golang-jwt/jwt
bumped to v4.4.3
📚 gorm.io/gorm
bumped to v1.24.2
📒 getsentry/sentry-go
sdk bumped to v0.15.0
🎨 flosch/pongo2
bumped to v6.0.0
Published by pilinux almost 2 years ago
⚡ gorm
updated to 1.24.1
⚡ gorm mysql
driver updated to 1.4.4
⚡ gorm postgres
driver updated to 1.4.5
⚡ gorm sqlite
driver updated to 1.4.3
⚡ mongodb mongo
driver updated to 1.11.0
⚡ Qmgo
updated to 1.1.4
⚡ mrz1836 postmark
driver updated to 1.3.0
Published by pilinux about 2 years ago
🧱 CORS updated for OPTIONS
method - used by browser-based HTTP clients
Published by pilinux about 2 years ago
🕵️ tuned CORS implementation