π A Golang backend for user management where users are identified only by random 20-digit numbers. No names, emails, passwords, or any personal information is stored - maximum privacy!
- π² Create users with auto-generated 20-digit cryptographically secure identifiers
- π Separate public ID for enhanced security - JWT tokens contain only public ID and nickname, never the internal user ID
- π Optional nickname field with random emoticon generation when not provided
- π Authenticate using just the user ID - get a JWT token back (contains public ID and nickname)
- β Verify JWT tokens - returns public ID and nickname directly from token claims (no database lookup needed)
- π‘οΈ Authentication middleware for protecting endpoints
- π Retrieve user information by ID (only ID, public ID, nickname, and timestamps)
- π List all users
- ποΈ Delete users
- π RESTful API
- πΎ SQLite and PostgreSQL database support
- π Complete privacy - no personal data stored
POST /users- Create a new user (optional nickname can be provided)POST /auth- Authenticate with user ID and get JWT tokenPOST /verify- Verify JWT token validityGET /health- Health check
All admin endpoints require HTTP Basic Authentication with admin credentials.
GET /admin/users- List all usersGET /admin/users/{id}- Get user by 20-digit IDDELETE /admin/users/{id}- Delete user by ID
- Copy the example environment file:
cp .env.example .env- Edit
.envto configure your settings:
PORT=3690
DB_TYPE=sqlite
DB_PATH=./users.db
JWT_SECRET=your-super-secret-key- Install dependencies and run:
go mod download
go run main.goThe server will start on the port specified in .env (default: http://localhost:3690)
Create a user (no input needed - gets random emoticon!):
curl -X POST http://localhost:8080/usersResponse (with auto-generated emoticon):
{
"message": "User created successfully",
"data": {
"id": "12345678901234567890",
"public_id": "98765432109876543210",
"nickname": "π±",
"created_at": "2025-12-20T10:30:00Z",
"updated_at": "2025-12-20T10:30:00Z"
}
}Or with a custom nickname:
curl -X POST http://localhost:8080/users \
-H "Content-Type: application/json" \
-d '{"nickname":"alice"}'Response:
{
"message": "User created successfully",
"data": {
"id": "98765432109876543210",
"public_id": "11223344556677889900",
"nickname": "alice",
"created_at": "2025-12-20T10:30:00Z",
"updated_at": "2025-12-20T10:30:00Z"
}
}Authenticate with user ID:
curl -X POST http://localhost:8080/auth \
-H "Content-Type: application/json" \
-d '{"user_id":"12345678901234567890"}'Response:
{
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"user_id": "12345678901234567890",
"nickname": "π±",
"expires_at": "2025-12-21T10:30:00Z"
}Verify a JWT token:
curl -X POST http://localhost:3690/verify \
-H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."Response:
{
"valid": true,
"public_id": "98765432109876543210",
"nickname": "π±",
"expires_at": "2025-12-21T10:30:00Z"
}Note: JWT tokens contain both public_id and nickname in their claims. The /verify endpoint extracts and returns these values directly from the token without requiring a database lookup, providing fast token verification. The internal user ID is never exposed in tokens or verification responses, ensuring maximum security and privacy.
List all users (admin only):
curl -u admin:your-password http://localhost:3690/admin/usersGet a user by ID (admin only):
curl -u admin:your-password http://localhost:3690/admin/users/12345678901234567890Delete a user (admin only):
curl -u admin:your-password -X DELETE http://localhost:3690/admin/users/12345678901234567890The application uses a .env file for configuration. Copy .env.example to .env and customize:
# Server Configuration
PORT=3690 # Server port
# Database Configuration
DB_TYPE=sqlite # Database type: "sqlite" or "postgres"
DB_PATH=./users.db # SQLite database file path (when DB_TYPE=sqlite)
POSTGRES_URL=postgres://... # PostgreSQL connection string (when DB_TYPE=postgres)
# JWT Configuration
JWT_SECRET=your-secret # Secret key for JWT signing (CHANGE IN PRODUCTION!)
# Admin Configuration
ADMIN_USERNAME=admin # Admin username for protected endpoints
ADMIN_PASSWORD=secret # Admin password (CHANGE IN PRODUCTION!)All settings can also be set via environment variables (which override .env file):
PORT- Server port (default: 3690)DB_TYPE- Database type: "sqlite" or "postgres" (default: sqlite)DB_PATH- SQLite database file path (default: ./users.db)POSTGRES_URL- PostgreSQL connection string (required when DB_TYPE=postgres)JWT_SECRET- Secret key for JWT signing (default: development key)ADMIN_USERNAME- Admin username (default: admin)ADMIN_PASSWORD- Admin password (default: admin)
Example using environment variables:
export JWT_SECRET="your-super-secret-key"
export PORT=8080
export DB_TYPE=postgres
export POSTGRES_URL="postgres://user:pass@localhost:5432/unknown_id?sslmode=disable"
go run main.goAdmin endpoints use HTTP Basic Authentication to protect sensitive operations like listing and deleting users.
- π Public endpoints - User creation and authentication (no admin needed)
- π Admin endpoints - All GET and DELETE operations require admin credentials
- π‘οΈ Uses constant-time comparison to prevent timing attacks
- π Credentials stored in environment variables
- Set admin credentials in your
.envfile:
ADMIN_USERNAME=admin
ADMIN_PASSWORD=your-secure-password- Access admin endpoints using basic auth:
curl -u admin:your-secure-password http://localhost:3690/admin/usersThe project includes comprehensive Go unit tests covering all packages:
go test ./...go test ./... -vgo test ./models -v
go test ./auth -v
go test ./database -v
go test ./handlers -vThe test suite covers:
- β User ID generation (20-digit uniqueness, cryptographic security)
- β JWT token generation and validation
- β Token expiration and security
- β Database CRUD operations
- β HTTP endpoint handlers
- β Admin authentication middleware
- β Error handling and edge cases
go test ./... -coverFor detailed coverage:
go test ./... -coverprofile=coverage.out
go tool cover -html=coverage.out