Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/ilramdhan/holidayapi

Holiday API Indonesia ๐Ÿ‡ฎ๐Ÿ‡ฉ API untuk mendapatkan informasi hari libur nasional dan cuti bersama Indonesia berdasarkan SKB 3 Menteri.
https://github.com/ilramdhan/holidayapi

api go golang golang-api golang-examples holiday-api holidays-api

Last synced: 5 months ago
JSON representation

Holiday API Indonesia ๐Ÿ‡ฎ๐Ÿ‡ฉ API untuk mendapatkan informasi hari libur nasional dan cuti bersama Indonesia berdasarkan SKB 3 Menteri.

Awesome Lists containing this project

README 

          
# Holiday API Indonesia ๐Ÿ‡ฎ๐Ÿ‡ฉ



API untuk mendapatkan informasi hari libur nasional dan cuti bersama Indonesia berdasarkan SKB 3 Menteri.



## โœจ Features



### ๐Ÿ” **Authentication & Security**

- โœ… **JWT Authentication** dengan access & refresh tokens

- โœ… **Role-Based Access Control (RBAC)** - Super Admin & Admin roles

- โœ… **User Management** - Registration, login, profile management

- โœ… **Password Security** - Bcrypt hashing dengan password policy

- โœ… **Comprehensive Audit Logging** - Track semua user actions

- โœ… **Security Headers** - XSS, CSRF, Content Security Policy protection

- โœ… **Input Sanitization** - Protection dari injection attacks

- โœ… **Enhanced Rate Limiting** - Per-user rate limiting



### ๐Ÿš€ **API Features**

- โœ… **REST API** dengan versioning (v1)

- โœ… **CRUD operations** untuk admin (JWT protected)

- โœ… **Filter berdasarkan jenis** holiday (libur nasional, cuti bersama, atau keduanya)

- โœ… **Filter berdasarkan periode** (tahun, bulan, hari)

- โœ… **Swagger documentation** dengan authentication

- โœ… **SQLite database** (pure Go, no CGO required)

- โœ… **Comprehensive logging** dengan structured format

- โœ… **Input validation** dengan custom validators

- โœ… **Docker support** dengan production-ready configuration

- โœ… **Unit & Integration tests** dengan mocking



## ๐Ÿš€ Quick Start



### Prerequisites

- Go 1.21 or higher

- Git



### Installation & Running



1. **Clone the repository**

```bash

git clone 

cd holidayApi

```



2. **Install dependencies**

```bash

go mod tidy

```



3. **Run the application**



**Option 1: Using Go directly**

```bash

# Windows

scripts/run.bat



# Linux/Mac

chmod +x scripts/run.sh

./scripts/run.sh

```



**Option 2: Using environment variables**

```bash

export SERVER_HOST=localhost

export SERVER_PORT=8080

export DATABASE_PATH=./data/holidays.db

export MIGRATIONS_PATH=./migrations

export ADMIN_API_KEY=your-secret-key



go run cmd/server/main.go

```



**Option 3: Using Docker**

```bash

docker-compose up --build

```



4. **Access the API**

- **API Base URL**: http://localhost:8080/api/v1

- **Swagger Documentation**: http://localhost:8080/swagger/index.html

- **Health Check**: http://localhost:8080/health



5. **Setup Admin User**

```bash

# First, create your admin user via API or database

# See DEPLOYMENT.md for secure setup instructions

```



6. **Login & Get JWT Token**

```bash

curl -X POST "http://localhost:8080/api/v1/auth/login" \

  -H "Content-Type: application/json" \

  -d '{

    "username": "your-admin-username",

    "password": "your-secure-password"

  }'

```



## ๐Ÿ“‹ API Endpoints



### ๐Ÿ”“ **Public Endpoints (No Authentication Required)**

```

GET /api/v1/holidays                    - Get all holidays with filters

GET /api/v1/holidays/year/{year}        - Get holidays by year

GET /api/v1/holidays/month/{year}/{month} - Get holidays by month

GET /api/v1/holidays/today              - Get today's holiday (if any)

GET /api/v1/holidays/this-year          - Get holidays for current year

GET /api/v1/holidays/this-month         - Get holidays for current month

GET /api/v1/holidays/upcoming           - Get upcoming holidays

GET /health                             - Health check endpoint

```



### ๐Ÿ” **Authentication Endpoints**

```

POST /api/v1/auth/login                 - User login (get JWT tokens)

POST /api/v1/auth/refresh               - Refresh access token

GET  /api/v1/auth/profile               - Get user profile (JWT required)

POST /api/v1/auth/change-password       - Change password (JWT required)

GET  /api/v1/auth/audit-logs            - Get my audit logs (JWT required)

```



### ๐Ÿ‘‘ **Super Admin Only Endpoints**

```

POST /api/v1/auth/register              - Register new user

GET  /api/v1/auth/users                 - Get all users

DELETE /api/v1/auth/users/{id}          - Delete user

```



### ๐Ÿ›ก๏ธ **Admin Endpoints (JWT Required - Admin/Super Admin)**

```

POST /api/v1/admin/holidays             - Create new holiday

GET  /api/v1/admin/holidays/{id}        - Get holiday by ID

PUT  /api/v1/admin/holidays/{id}        - Update holiday

DELETE /api/v1/admin/holidays/{id}      - Delete holiday

GET  /api/v1/admin/audit-logs           - Get all audit logs

GET  /api/v1/admin/audit-logs/user/{id} - Get user audit logs

```



## ๐Ÿ”ง Configuration



Environment variables:



| Variable | Default | Description |

|----------|---------|-------------|

| `SERVER_HOST` | `localhost` | Server host |

| `SERVER_PORT` | `8080` | Server port |

| `DATABASE_PATH` | `./data/holidays.db` | SQLite database path |

| `MIGRATIONS_PATH` | `./migrations` | Database migrations path |

| `RATE_LIMIT_RPM` | `60` | Rate limit requests per minute |

| `RATE_LIMIT_BURST` | `10` | Rate limit burst size |

| `JWT_SECRET_KEY` | `your-secret-key` | JWT signing secret key |

| `JWT_ACCESS_TOKEN_TTL` | `15m` | Access token expiration time |

| `JWT_REFRESH_TOKEN_TTL` | `168h` | Refresh token expiration time (7 days) |

| `ADMIN_API_KEY` | `admin-secret-key` | Legacy admin API key (backward compatibility) |



## ๐Ÿ“– Usage Examples



### ๐Ÿ”“ **Public API Usage (No Authentication)**



#### Get all holidays for 2024

```bash

curl "http://localhost:8080/api/v1/holidays/year/2024"

```



#### Get only national holidays for 2024

```bash

curl "http://localhost:8080/api/v1/holidays/year/2024?type=national"

```



#### Get today's holiday

```bash

curl "http://localhost:8080/api/v1/holidays/today"

```



### ๐Ÿ” **Authentication Examples**



#### 1. Login and get JWT tokens

```bash

curl -X POST "http://localhost:8080/api/v1/auth/login" \

  -H "Content-Type: application/json" \

  -d '{

    "username": "admin",

    "password": "Admin123!"

  }'

```



**Response:**

```json

{

  "success": true,

  "data": {

    "user": {

      "id": 1,

      "username": "admin",

      "role": "super_admin"

    },

    "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",

    "refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",

    "expires_in": 900,

    "token_type": "Bearer"

  }

}

```



#### 2. Use JWT token for admin operations

```bash

# Save the access_token from login response

ACCESS_TOKEN="eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."



# Create a new holiday

curl -X POST "http://localhost:8080/api/v1/admin/holidays" \

  -H "Authorization: Bearer $ACCESS_TOKEN" \

  -H "Content-Type: application/json" \

  -d '{

    "name": "Hari Libur Khusus",

    "date": "2024-12-31",

    "type": "national",

    "description": "Hari libur khusus akhir tahun"

  }'

```



#### 3. Get user profile

```bash

curl -X GET "http://localhost:8080/api/v1/auth/profile" \

  -H "Authorization: Bearer $ACCESS_TOKEN"

```



#### 4. View audit logs

```bash

curl -X GET "http://localhost:8080/api/v1/admin/audit-logs" \

  -H "Authorization: Bearer $ACCESS_TOKEN"

```



#### 5. Register new user (Super Admin only)

```bash

curl -X POST "http://localhost:8080/api/v1/auth/register" \

  -H "Authorization: Bearer $ACCESS_TOKEN" \

  -H "Content-Type: application/json" \

  -d '{

    "username": "newadmin",

    "email": "newadmin@holidayapi.com",

    "password": "NewAdmin123!",

    "role": "admin"

  }'

```



## ๐Ÿ—๏ธ Project Structure



```

holidayapi/

โ”œโ”€โ”€ cmd/

โ”‚   โ””โ”€โ”€ server/          # Application entrypoints

โ”œโ”€โ”€ internal/

โ”‚   โ”œโ”€โ”€ config/          # Configuration

โ”‚   โ”œโ”€โ”€ database/        # Database setup and migrations

โ”‚   โ”œโ”€โ”€ handlers/        # HTTP handlers

โ”‚   โ”œโ”€โ”€ middleware/      # HTTP middleware

โ”‚   โ”œโ”€โ”€ models/          # Data models

โ”‚   โ”œโ”€โ”€ repository/      # Data access layer

โ”‚   โ””โ”€โ”€ services/        # Business logic

โ”œโ”€โ”€ pkg/

โ”‚   โ””โ”€โ”€ utils/           # Shared utilities

โ”œโ”€โ”€ api/

โ”‚   โ””โ”€โ”€ swagger/         # API documentation

โ”œโ”€โ”€ migrations/          # Database migrations

โ”œโ”€โ”€ scripts/             # Helper scripts

โ””โ”€โ”€ docs/               # Additional documentation

```



## ๐Ÿงช Testing



```bash

# Run all tests

go test ./...



# Run tests with coverage

go test -v -coverprofile=coverage.out ./...

go tool cover -html=coverage.out -o coverage.html



# Run specific test

go test -v ./internal/services/

```



## ๐Ÿณ Docker



```bash

# Build and run with Docker Compose

docker-compose up --build



# Build Docker image

docker build -t holidayapi .



# Run Docker container

docker run -p 8080:8080 holidayapi

```



## ๐Ÿ“š Documentation



- **API Documentation**: Available at `/swagger/index.html` when server is running

- **Detailed API Guide**: See [docs/API.md](docs/API.md)



## ๐Ÿ”’ Security Features



### ๐Ÿ›ก๏ธ **Authentication & Authorization**

- **JWT Authentication**: Secure token-based authentication

- **Role-Based Access Control**: Super Admin, Admin roles with different permissions

- **Password Security**: Bcrypt hashing with strong password policy

- **Token Management**: Access tokens (15min) + Refresh tokens (7 days)

- **Session Security**: Secure token validation and refresh mechanism



### ๐Ÿ” **Security Middleware**

- **Security Headers**: XSS protection, CSRF protection, Content Security Policy

- **Input Sanitization**: Protection from XSS and injection attacks

- **SQL Injection Protection**: Pattern detection and prevention

- **Rate Limiting**: 60 requests per minute per user/IP

- **CORS Protection**: Proper cross-origin resource sharing

- **Request Validation**: Comprehensive input validation



### ๐Ÿ“Š **Audit & Monitoring**

- **Comprehensive Audit Logging**: All user actions tracked

- **Security Events**: Login attempts, failed authentications

- **User Activity**: CRUD operations, system access

- **Audit Trail**: User, IP, User-Agent, timestamp, success/failure status



## ๐ŸŽฏ Holiday Types



- **`national`**: Libur Nasional (National Holiday) - Berdasarkan SKB 3 Menteri

- **`collective_leave`**: Cuti Bersama (Collective Leave) - Berdasarkan SKB 3 Menteri



## ๐Ÿ“… Sample Data



API sudah termasuk data hari libur Indonesia untuk tahun 2024-2025 berdasarkan SKB 3 Menteri:



**Libur Nasional 2024:**

- Tahun Baru Masehi (1 Januari)

- Isra Mikraj (8 Februari)

- Tahun Baru Imlek (10 Februari)

- Hari Raya Nyepi (11 Maret)

- Wafat Isa Almasih (29 Maret)

- Hari Raya Idul Fitri (10-11 April)

- Hari Buruh (1 Mei)

- Kenaikan Isa Almasih (9 Mei)

- Hari Raya Waisak (23 Mei)

- Hari Lahir Pancasila (1 Juni)

- Hari Raya Idul Adha (17 Juni)

- Tahun Baru Islam (7 Juli)

- HUT RI ke-79 (17 Agustus)

- Maulid Nabi (16 September)

- Hari Raya Natal (25 Desember)



**Cuti Bersama 2024:**

- Berbagai tanggal cuti bersama sesuai SKB 3 Menteri



## ๐Ÿค Contributing



1. Fork the repository

2. Create your feature branch (`git checkout -b feature/amazing-feature`)

3. Commit your changes (`git commit -m 'Add some amazing feature'`)

4. Push to the branch (`git push origin feature/amazing-feature`)

5. Open a Pull Request



## ๐Ÿ“„ License



This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.



## ๐Ÿ™ Acknowledgments



- Data hari libur berdasarkan SKB 3 Menteri Republik Indonesia

- Built with Go, Gin, SQLite, dan Swagger