Skip to content

amritsingh183/go_auth

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
pkg
pkg
 
 
.gitignore
.gitignore
 
 
Readme.md
Readme.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 
schema.sql
schema.sql
 
 

Repository files navigation

go_auth

A minimal, secure authentication service in Go that issues and verifies tokens using an RSA key pair. Sample keys are included strictly for development; generate and secure your own keys for production use.

Features

  • Token issuance and verification using an RSA private/public key pair
  • Clean separation of configuration via environment variables
  • Ready-to-run local development setup
  • Security-first guidance for production hardening

Requirements

  • Go 1.20+ (recommended)
  • OpenSSL (for generating keys)

Quick start

Clone and download dependencies:

git clone https://github.com/amritsingh183/go_auth.git
cd go_auth
go mod tidy

Run locally:

go run .

Build a binary:

go build -o bin/go_auth .

Configuration

Create a .env (or use environment variables in your shell) with:

PORT=8080
PRIVATE_KEY_PATH=./keys/id_rsa
PUBLIC_KEY_PATH=./keys/id_rsa.pub
ACCESS_TOKEN_TTL=3600
REFRESH_TOKEN_TTL=86400

Notes:

  • PORT sets the HTTP port.
  • PRIVATE_KEY_PATH and PUBLIC_KEY_PATH point to the RSA keys used for signing and verification.
  • Token TTLs are in seconds.

Keys

The repository contains development-only sample keys under keys/. Do not use them in staging or production.

Generate your own keys:

# 4096-bit RSA private key
openssl genrsa -out id_rsa 4096

# Public key from private key
openssl rsa -in id_rsa -pubout -out id_rsa.pub

Recommended layout:

keys/
├── id_rsa        # private key (never commit to VCS)
└── id_rsa.pub    # public key

Production guidance:

  • Store secrets in a manager (e.g., AWS Secrets Manager, GCP Secret Manager, Vault) or mount via runtime environment.
  • Lock down file permissions (e.g., chmod 600 for private key).
  • Never commit private keys to version control.
  • Rotate keys periodically and document rotation procedures.

Usage

  • Start the service with valid PRIVATE_KEY_PATH and PUBLIC_KEY_PATH.
  • Issue tokens by signing with the private key; verify tokens with the public key.
  • Clients should store tokens securely (e.g., httpOnly, secure cookies when used in a web context).

Project layout

This repository is intentionally minimal to stay framework-agnostic. A typical layout looks like:

go_auth/
├── main.go
├── go.mod
├── go.sum
└── keys/
    ├── id_rsa        # dev only
    └── id_rsa.pub    # dev only

If you add folders such as internal/, pkg/, handlers/, middleware/, services/, or models/, update this section to reflect the structure.

Testing

Run all tests:

go test ./...

With coverage:

go test -cover ./...

Security hardening checklist

  • Use your own RSA keys; rotate regularly.
  • Serve over HTTPS and set secure transport headers.
  • Use short-lived access tokens and rotate refresh tokens.
  • Validate and sanitize all inputs; enforce strict content types.
  • Add rate limiting and lockout for authentication endpoints.
  • Log auth events securely; avoid logging secrets or full tokens.

Contributing

  1. Fork the repository
  2. Create a feature branch: git checkout -b feat/short-name
  3. Commit: git commit -m "feat: add short description"
  4. Push: git push origin feat/short-name
  5. Open a Pull Request

About

Authentication system built using golang

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages