diogox / base-golang-rest-jwt Goto Github PK
View Code? Open in Web Editor NEWA boilerplate for any REST API projects that require a login system with (JWT) token authentication.
A boilerplate for any REST API projects that require a login system with (JWT) token authentication.
Should limit the amount of failed login attempts.
This could be done on the server side by blocking the IP temporarily, blocking the account temporarily or, on the client side, by adding a captcha after a few failed attempts.
The one on the client side may be the least secure since one could possibly alter the javascript to be able to brute-force the account (maybe?). On the other hand, blocking the account may be an inconvenience to the affected user.
Right now, the duration of the auth tokens is being used for all tokens, but we might want to give the user more time to use their Email Verification
token, for example, due to the slowness inherent to email.
Make sure the usernames have a minimum length. Like 3, for example...
Create endpoints to deal with a user's info. A user should be able add/modify their:
Right now, only the token is being sent. We should send the whole link of the website instead.
Right now, the refresh
endpoint takes the auth token an spits out a new one with a longer expiration date.
It shouldn't take the auth token, it should take a refresh token instead.
(Research refresh token
to know more.)
Right now, when we sign in, we receive an email prompting use to verify our email before we can use the account.
If the account doesn't get verified then it just stays unverified indefinitely. This behaviour is not optimal, the account should probably get deleted after a defined interval.
According to the OAuth specification, we should unlock locked accounts, when the password is reset. And it makes sense to do so...
Do what's in the title for testing purposes
What the title says...
The following tokens are remaining valid after being used:
Right now, we're only using the auth token, we don't even acknowledge the existence of the refresh token on the frontend...
Add Paypal support to allow users to go Premium. Related to #12.
Add user roles, for example:
Should probably have a 'Token Blacklist' so that I can invalidate tokens while they don't expire.
Some places where this would be useful:
Logout
-like functionality.A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.