{"id":21916201,"url":"https://github.com/youngermaster/go-fiber-auth-docker-postgres-jwt","last_synced_at":"2026-05-07T13:10:30.790Z","repository":{"id":234971578,"uuid":"789833611","full_name":"Youngermaster/go-fiber-auth-docker-postgres-jwt","owner":"Youngermaster","description":"This boilerplate provides a starting point for Go Fiber that utilizes Docker, PostgreSQL, JWT for authentication, and PgAdmin for database management.","archived":false,"fork":false,"pushed_at":"2024-04-21T17:31:11.000Z","size":17,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-07-02T14:11:16.775Z","etag":null,"topics":["backend-template","go","go-auth","go-docker","go-fiber","go-postgresql"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Youngermaster.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-04-21T17:18:10.000Z","updated_at":"2024-04-21T17:31:14.000Z","dependencies_parsed_at":null,"dependency_job_id":"75b6e5d6-be0a-48d4-b752-0fd15c117f4f","html_url":"https://github.com/Youngermaster/go-fiber-auth-docker-postgres-jwt","commit_stats":null,"previous_names":["youngermaster/go-fiber-auth-docker-postgres-jwt"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/Youngermaster/go-fiber-auth-docker-postgres-jwt","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Youngermaster%2Fgo-fiber-auth-docker-postgres-jwt","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Youngermaster%2Fgo-fiber-auth-docker-postgres-jwt/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Youngermaster%2Fgo-fiber-auth-docker-postgres-jwt/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Youngermaster%2Fgo-fiber-auth-docker-postgres-jwt/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Youngermaster","download_url":"https://codeload.github.com/Youngermaster/go-fiber-auth-docker-postgres-jwt/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Youngermaster%2Fgo-fiber-auth-docker-postgres-jwt/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":273220513,"owners_count":25066401,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-02T02:00:09.530Z","response_time":77,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["backend-template","go","go-auth","go-docker","go-fiber","go-postgresql"],"created_at":"2024-11-28T19:16:57.548Z","updated_at":"2026-05-07T13:10:30.783Z","avatar_url":"https://github.com/Youngermaster.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Go Fiber + JWT Auth + Docker + PostgreSQL + PgAdmin Boilerplate\n\nA production-ready Go Fiber boilerplate with secure JWT authentication, refresh token system, session management, and comprehensive security features.\n\n## Features\n\n- **Dual-Token Authentication**: Short-lived access tokens (15 min) and long-lived refresh tokens (7 days)\n- **Automatic Token Rotation**: Refresh tokens are automatically rotated on each use to prevent replay attacks\n- **Session Management**: Track and manage user sessions across multiple devices with logout and logout-all capabilities\n- **Configuration Validation**: Application validates all environment variables and JWT secrets at startup\n- **Rate Limiting**: 5 requests per minute on authentication endpoints to prevent brute force attacks\n- **Password Security**: Bcrypt hashing with cost factor 14\n- **API Versioning**: All routes are versioned under `/api/v1` for future compatibility\n- **Health Checks**: Readiness and liveness probes for orchestration platforms\n- **Docker Support**: Fully containerized development environment with hot-reloading\n\n## Development Setup\n\n### Prerequisites\n\n- Docker must be installed on your system for an optimal development experience.\n- Clone the repository and navigate to the project directory.\n\n### Environment Configuration\n\nCopy the `.env.example` file to a new file named `.env` and configure the environment variables.\n\n**CRITICAL**: Generate strong, unique secrets for production. All three JWT secrets must be different and at least 32 characters long:\n\n```bash\n# Generate three different secrets (run this command 3 times)\nopenssl rand -base64 32\n```\n\nConfigure your `.env` file with the generated secrets:\n\n```sh\n# Database Configuration\nDB_HOST=db\nDB_PORT=5432\nDB_USER=example_user\nDB_PASSWORD=example_password\nDB_NAME=example_db\n\n# JWT Secrets - MUST be different and 32+ characters\nSECRET=\u003cpaste-first-generated-secret\u003e\nACCESS_TOKEN_SECRET=\u003cpaste-second-generated-secret\u003e\nREFRESH_TOKEN_SECRET=\u003cpaste-third-generated-secret\u003e\n\n# PgAdmin Configuration\nPGADMIN_DEFAULT_EMAIL=user@domain.com\nPGADMIN_DEFAULT_PASSWORD=SecurePassword\n```\n\nThe application will validate your configuration at startup and refuse to start if:\n\n- Any required environment variable is missing\n- JWT secrets are less than 32 characters\n- JWT secrets contain weak/default values (e.g., \"password\", \"secret\", \"test\")\n- All three JWT secrets are not different from each other\n\nEnsure there are no port conflicts or conflicting Docker containers running. If necessary, adjust the ports in the `.env` file and `docker-compose.yml`.\n\n### Starting the Services\n\nRun the following command to start all services defined in the `docker-compose.yml`:\n\n```sh\ndocker-compose up -d\n```\n\nThis command will start the API, PostgreSQL database, and PgAdmin.\n\n## Database Management\n\n### Using PgAdmin\n\nPgAdmin is configured to run on port 5050. Access it by navigating to `http://localhost:5050` in your web browser. Login\nwith the PGADMIN_DEFAULT_EMAIL and PGADMIN_DEFAULT_PASSWORD specified in your `.env` file.\n\n#### Connecting to PostgreSQL through PgAdmin\n\n1. Open PgAdmin and login.\n2. Right-click on 'Servers' in the left sidebar and select 'Create' -\u003e 'Server'.\n3. Enter a name for the connection in the 'General' tab.\n4. Switch to the 'Connection' tab:\n\n- Hostname/address: `db`\n- Port: `5432` (or your custom DB_PORT)\n- Username: as per `DB_USER`\n- Password: as per `DB_PASSWORD`\n- Save the password for ease of use.\n\n### Using psql\n\nTo connect directly to the database via `psql`, use the script provided:\n\n```sh\n./manually_connect_to_db.sh\n```\n\nOr use Docker Compose:\n\n```sh\ndocker-compose exec db psql -U \u003cDB_USER\u003e\n```\n\nReplace `\u003cDB_USER\u003e` with the actual database user name from your `.env` file.\n\n## API Usage\n\nThe API is versioned and accessible at `http://localhost:3000/api/v1`. All authentication endpoints are rate-limited to 5 requests per minute per IP address.\n\n### Authentication Endpoints\n\n| Method | Endpoint | Auth Required | Description |\n|--------|----------|---------------|-------------|\n| POST | `/auth/login` | No | Login and receive access + refresh tokens |\n| POST | `/auth/refresh` | No | Exchange refresh token for new token pair |\n| POST | `/auth/logout` | Yes | Logout from current device |\n| POST | `/auth/logout-all` | Yes | Logout from all devices |\n| GET | `/auth/sessions` | Yes | Get all active sessions |\n\n### User Management Endpoints\n\n| Method | Endpoint | Auth Required | Description |\n|--------|----------|---------------|-------------|\n| POST | `/users` | No | Create a new user (registration) |\n| GET | `/users/:id` | Yes | Get user by ID |\n| PATCH | `/users/:id` | Yes | Update user (ownership enforced) |\n| DELETE | `/users/:id` | Yes | Delete user (ownership enforced) |\n\n### Product Endpoints\n\n| Method | Endpoint | Auth Required | Description |\n|--------|----------|---------------|-------------|\n| POST | `/product` | Yes | Create a product |\n| GET | `/product` | No | Get all products (paginated) |\n| GET | `/product/:id` | No | Get product by ID |\n| PATCH | `/product/:id` | Yes | Update product (ownership enforced) |\n| DELETE | `/product/:id` | Yes | Delete product (ownership enforced) |\n\n### Health Check Endpoints\n\n| Method | Endpoint | Description |\n|--------|----------|-------------|\n| GET | `/health` | Basic health check |\n| GET | `/health/ready` | Readiness probe (checks database) |\n| GET | `/health/live` | Liveness probe for Kubernetes |\n\n### Example: Authentication Flow\n\n**1. Login**\n```bash\ncurl -X POST http://localhost:3000/api/v1/auth/login \\\n  -H \"Content-Type: application/json\" \\\n  -d '{\n    \"identity\": \"user@example.com\",\n    \"password\": \"your_password\"\n  }'\n```\n\nResponse includes `access_token` (15-minute lifespan) and `refresh_token` (7-day lifespan).\n\n**2. Use Access Token**\n```bash\ncurl -X GET http://localhost:3000/api/v1/auth/sessions \\\n  -H \"Authorization: Bearer YOUR_ACCESS_TOKEN\"\n```\n\n**3. Refresh Tokens**\n```bash\ncurl -X POST http://localhost:3000/api/v1/auth/refresh \\\n  -H \"Content-Type: application/json\" \\\n  -d '{\n    \"refresh_token\": \"YOUR_REFRESH_TOKEN\"\n  }'\n```\n\nThis returns a new token pair and automatically revokes the old refresh token (token rotation).\n\nFor comprehensive API documentation and examples, see [AUTH_GUIDE.md](AUTH_GUIDE.md).\n\n## Project Structure\n\n```plaintext\n.\n├── cmd/\n│   └── main.go                 # Application entry point with config validation\n├── config/\n│   └── validation.go           # Environment and JWT secret validation\n├── database/\n│   └── connect.go              # Database connection and migration\n├── handler/\n│   ├── auth.go                 # Authentication handlers (login, logout, refresh)\n│   ├── token.go                # Token generation, validation, and rotation\n│   ├── user.go                 # User management handlers\n│   ├── product.go              # Product handlers\n│   ├── password.go             # Password hashing and validation\n│   ├── validation.go           # Input validation helpers\n│   └── response.go             # Standardized response utilities\n├── middleware/\n│   └── auth.go                 # JWT authentication middleware\n├── model/\n│   ├── user.go                 # User model\n│   ├── product.go              # Product model\n│   └── session.go              # Session/refresh token model\n├── router/\n│   ├── router.go               # Main router setup\n│   ├── auth.go                 # Authentication routes\n│   ├── user.go                 # User routes\n│   ├── product.go              # Product routes\n│   └── health.go               # Health check routes\n├── docker-compose.yml          # Docker services configuration\n├── Dockerfile                  # Application container definition\n├── .env.example                # Example environment configuration\n└── go.mod                      # Go module dependencies\n```\n\n## Documentation\n\n- **[AUTH_GUIDE.md](AUTH_GUIDE.md)** - Comprehensive authentication guide with API examples\n- **[SECURITY.md](SECURITY.md)** - Security features and best practices\n- **[SECURITY_AUDIT_AND_IMPROVEMENTS.md](SECURITY_AUDIT_AND_IMPROVEMENTS.md)** - Complete security audit and improvements log\n\n## Troubleshooting\n\n### Configuration Validation Failed\n\nIf the application refuses to start with configuration errors:\n\n1. Generate proper secrets: `openssl rand -base64 32`\n2. Ensure all three JWT secrets are different\n3. Verify all required environment variables are set in `.env`\n4. Check that secrets are at least 32 characters long\n\n### Invalid or Expired Refresh Token\n\nIf refresh endpoint returns 401:\n\n- Token may have expired (older than 7 days)\n- Token was already used and rotated to a new one\n- User logged out or logged out from all devices\n- Solution: User must login again\n\n### Rate Limit Exceeded\n\nIf receiving 429 status code:\n\n- Wait 1 minute before retrying\n- Implement exponential backoff in your client\n- Authentication endpoints are limited to 5 requests per minute per IP\n\n### Docker Issues\n\nCheck the Docker logs if any service fails to start:\n\n```sh\ndocker-compose logs \u003cservice-name\u003e\n```\n\nReplace `\u003cservice-name\u003e` with `web`, `db`, or `pgadmin` to view logs for a specific service.\n\nEnsure all environment variables are set correctly in your `.env` file, as incorrect settings may prevent the services from starting properly.\n\n## Technology Stack\n\n- **Go 1.24** - Programming language\n- **Fiber v2.52.9** - Web framework\n- **GORM v1.31.1** - ORM for database operations\n- **PostgreSQL 18** - Primary database\n- **Docker \u0026 Docker Compose** - Containerization\n- **JWT** - Token-based authentication\n- **Bcrypt** - Password hashing\n\n## Security Features\n\n- Dual-token authentication with automatic rotation\n- Session tracking and management\n- Rate limiting on authentication endpoints\n- Configuration validation at startup\n- Password hashing with bcrypt (cost 14)\n- Input validation and sanitization\n- Ownership enforcement on resource operations\n- CORS with secure defaults\n\n## Production Deployment\n\nBefore deploying to production:\n\n1. **Use HTTPS**: Configure TLS/SSL via reverse proxy (Nginx, Caddy)\n2. **Generate Strong Secrets**: Use `openssl rand -base64 32` for all JWT secrets\n3. **Database SSL**: Enable SSL for PostgreSQL connections\n4. **Environment Variables**: Use secret managers (AWS Secrets Manager, HashiCorp Vault)\n5. **Monitor Sessions**: Implement session cleanup and suspicious activity alerts\n6. **Update Dependencies**: Keep all dependencies up to date\n\nFor detailed production deployment guidance, see [SECURITY.md](SECURITY.md).\n\n## License\n\nMIT\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fyoungermaster%2Fgo-fiber-auth-docker-postgres-jwt","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fyoungermaster%2Fgo-fiber-auth-docker-postgres-jwt","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fyoungermaster%2Fgo-fiber-auth-docker-postgres-jwt/lists"}