Build a robust containerized task management system to handle user authentication, authorization and access management.
- Secure user registration and authentication
- Account Deactivation and Deletion: Allow users to deactivate or delete their accounts, if applicable. Implement a mechanism to handle account deletion securely while considering data retention policies.
- Role-based and Group-based access management on resources(Tasks) with ability to create custom roles and groups (Need to make sure endpoints are secure)
- Protection against vulnerabilities like SQL injection attacks
- Support for bulk upload using CSV(Both users and tasks) making sure all the relationships are preserved accurately
- GoLang - Used for developing efficient and fast server-side applications due to its compiled nature and strong concurrency support.
- AWS RDS (PostgreSQL Instance) - Utilized as a managed database service to provide scalable, reliable, and performant storage for the application.
- Docker - Employed for containerizing the application, ensuring consistency across different environments and facilitating easy deployment and scaling.
- Nginx - Used as a reverse proxy to efficiently handle client requests, load balance, and improve security by serving as a barrier between clients and the application server.
- uuid - Generates unique identifiers for entities.
- jwt - Creates secure JSON Web Tokens for authentication.
- bcrypt - Hashes and encrypts passwords securely.
- gorm - Simplifies database interactions with an ORM in Go. It also protects from SQL Injection.
- gofiber - Fast and efficient web framework for building APIs in Go.
- godotenv - Loads environment variables from a .env file.
- postgres - Robust and scalable relational database management system.
To get a local copy up and running follow these simple steps.
In order to get a copy of the project and run it locally, you'll need to have Go (v1.15 or later) and Docker installed on your machine.
If you don't have Go installed, you can download it from the official Go website. After installation, you can verify it by typing go version in your terminal. It should display the installed version of Go.
For Docker, you can download it from the official Docker website. After installation, you can verify it by typing docker --version in your terminal. It should display the installed version of Docker.
Make sure you also have a working Docker Compose. Docker Desktop installs Docker Compose by default on Mac and Windows, but you might need to add it separately in some Linux distributions. You can check its availability by typing docker-compose --version in your terminal.
- Clone the Repository
git clone https://github.com/prasoonsoni/FortiSafe- Change the directory
cd FortiSafe- Change the name of
.env.exampleto.env - Add the following variables to
.envfile
DB_HOST = <your-db-host>
DB_NAME = <your-db-name>
DB_USER = <your-db-user>
DB_PASSWORD = <your-db-password>
DB_PORT= <your-db-port>
JWT_SECRET = <your-jwt-secret>
ADMIN_EMAIL = <your-admin-email>
ADMIN_PASSWORD = <your-admin-password>In order to test our service we first need to build and run docker-compose. Docker-compose will automate the build and the run of our two Dockerfile. To run this commands you must be in the repository’s root.
- Build the Image
docker-compose build- Start the service
docker-compose up -dNow we have and built the image and service is started for both go and nginx (used for reverse-proxy).
The Nginx reverse proxy will send all request from localhost/fortisafe/ to Golang service on port 3000.
Backend is accessible at http://localhost/fortisafe/
- Download the required packages
go mod download- Run the
main.go
go run main.goNote - When running without Docker we don't have access to reverse proxy (nginx) service.
Backend is accessible at http://localhost:3000/
├── .env
├── .env.example
├── .gitignore
├── docker-compose.yaml
├── Dockerfile
├── go.mod
├── go.sum
├── main.go
├── README.md
│
├── controllers
│ ├── groupController.go
│ ├── permissionController.go
│ ├── resourceController.go
│ ├── roleController.go
│ └── userController.go
│
├── db
│ ├── db.go
│ └── migrate.go
│
├── middlewares
│ ├── authenticateAdmin.go
│ └── authenticateUser.go
│
├── models
│ ├── account_status_logs.go
│ ├── body.go
│ ├── group.go
│ ├── permission.go
│ ├── resource.go
│ ├── response.go
│ ├── role.go
│ ├── role_permission.go
│ └── user.go
│
├── nginx
│ ├── Dockerfile
│ └── nginx.conf
│
└── routes
├── groupRoutes.go
├── permissionRoutes.go
├── resourceRoutes.go
├── roleRoutes.go
└── userRoutes.go
Note - These are the basic permissions considered while creating this project.
- create: This permission allows a user to create new resources or data in the system.
- read: This permission gives a user the ability to read and retrieve existing resources or data.
- update: This permission grants a user the ability to modify or update existing resources or data.
- delete: This permission enables a user to remove existing resources or data from the system.
POST /api/user/createBody
| Parameter | Type |
|---|---|
name |
string |
email |
string |
password |
string |
role_id |
string |
group_id |
string |
POST /api/user/loginBody
| Parameter | Type |
|---|---|
email |
string |
password |
string |
GET /api/user/getHeader
| Key | Value |
|---|---|
Authorization |
Bearer <user-auth-token> |
PUT /api/user/deactivateHeader
| Key | Value |
|---|---|
Authorization |
Bearer <user-auth-token> |
PUT /api/user/activateHeader
| Key | Value |
|---|---|
Authorization |
Bearer <your-auth-token> |
DELETE /api/user/deleteHeader
| Key | Value |
|---|---|
Authorization |
Bearer <your-auth-token> |
POST /api/user/create/bulkHeader
| Key | Value |
|---|---|
Authorization |
Bearer <admin-auth-token> |
Form Data
| Key | Value |
|---|---|
users |
.csv file |
POST /api/admin/loginBody
| Parameter | Type |
|---|---|
email |
string |
password |
string |
POST /api/permission/createHeader
| Key | Value |
|---|---|
Authorization |
Bearer <admin-auth-token> |
Body
| Parameter | Type |
|---|---|
name |
string |
description |
string |
GET /api/permission/allHeader
| Key | Value |
|---|---|
Authorization |
Bearer <admin-auth-token> |
POST /api/role/createHeader
| Key | Value |
|---|---|
Authorization |
Bearer <admin-auth-token> |
Body
| Parameter | Type |
|---|---|
name |
string |
description |
string |
permissions |
[<permission-id>, <permission-id>...] |
PUT /api/role/permission/addHeader
| Key | Value |
|---|---|
Authorization |
Bearer <admin-auth-token> |
Body
| Parameter | Type |
|---|---|
role_id |
string |
permissions |
[<permission-id>, <permission-id>...] |
GET /api/role/get/allHeader
| Key | Value |
|---|---|
Authorization |
Bearer <admin-auth-token> |
DELETE /api/role/permission/removeHeader
| Key | Value |
|---|---|
Authorization |
Bearer <admin-auth-token> |
Body
| Parameter | Type |
|---|---|
role_id |
string |
permission_id |
string |
PUT /api/role/assignHeader
| Key | Value |
|---|---|
Authorization |
Bearer <admin-auth-token> |
Body
| Parameter | Type |
|---|---|
user_id |
string |
role_id |
string |
PUT /api/role/unassign?user_id=<user-id>Header
| Key | Value |
|---|---|
Authorization |
Bearer <admin-auth-token> |
Query Params
| Parameter | Type |
|---|---|
user_id |
string |
POST /api/resource/createHeader
| Key | Value |
|---|---|
Authorization |
Bearer <user-auth-token> |
Body
| Parameter | Type |
|---|---|
name |
string |
description |
string |
GET /api/resource/get/:resource_idHeader
| Key | Value |
|---|---|
Authorization |
Bearer <user-auth-token> |
Path Variables
| Parameter | Type |
|---|---|
resource_id |
string |
PUT /api/resource/update/:resource_idHeader
| Key | Value |
|---|---|
Authorization |
Bearer <user-auth-token> |
Path Variables
| Parameter | Type |
|---|---|
resource_id |
string |
DELETE /api/resource/delete/:resource_idHeader
| Key | Value |
|---|---|
Authorization |
Bearer <user-auth-token> |
Path Variables
| Parameter | Type |
|---|---|
resource_id |
string |
PUT /api/resource/role/addHeader
| Key | Value |
|---|---|
Authorization |
Bearer <admin-auth-token> |
Body
| Parameter | Type |
|---|---|
resource_id |
string |
roles |
[<role-id>, <role-id>...] |
DELETE /api/resource/role/removeHeader
| Key | Value |
|---|---|
Authorization |
Bearer <admin-auth-token> |
Body
| Parameter | Type |
|---|---|
resource_id |
string |
role_id |
string |
POST /api/user/create/bulkHeader
| Key | Value |
|---|---|
Authorization |
Bearer <user-auth-token> |
Form Data
| Key | Value |
|---|---|
resources |
.csv file |
PUT /api/resource/group/addHeader
| Key | Value |
|---|---|
Authorization |
Bearer <admin-auth-token> |
Body
| Parameter | Type |
|---|---|
resource_id |
string |
groups |
[<group-id>, <group-id>...] |
DELETE /api/resource/group/removeHeader
| Key | Value |
|---|---|
Authorization |
Bearer <admin-auth-token> |
Body
| Parameter | Type |
|---|---|
resource_id |
string |
group_id |
string |
POST /api/group/createHeader
| Key | Value |
|---|---|
Authorization |
Bearer <admin-auth-token> |
Body
| Parameter | Type |
|---|---|
name |
string |
description |
string |
permissions |
[<permission-id>, <permission-id>...] |
PUT /api/group/permission/addHeader
| Key | Value |
|---|---|
Authorization |
Bearer <admin-auth-token> |
Body
| Parameter | Type |
|---|---|
group_id |
string |
permissions |
[<permission-id>, <permission-id>...] |
DELETE /api/group/permission/removeHeader
| Key | Value |
|---|---|
Authorization |
Bearer <admin-auth-token> |
Body
| Parameter | Type |
|---|---|
group_id |
string |
permission_id |
string |
PUT /api/group/assignHeader
| Key | Value |
|---|---|
Authorization |
Bearer <admin-auth-token> |
Body
| Parameter | Type |
|---|---|
user_id |
string |
group_id |
string |
PUT /api/group/unassign?user_id=<user-id>Header
| Key | Value |
|---|---|
Authorization |
Bearer <admin-auth-token> |
Query Params
| Parameter | Type |
|---|---|
user_id |
string |
-
Building Docker Image
-
Running Docker Image
-
Accessing host using reverse proxy
