wiki-cafe/member-console
0
0
Fork 0
Code Issues Pull Requests Packages Projects 1 Releases Activity
63 Commits 1 Branch 0 Tags
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE

README.md

member-console

Member console application for users to create, acccess, and manage their accounts associated with the Wiki Cafe MSC (multi-stakeholder co-operative).

Database Management

This project uses pressly/goose for database migrations and sqlc for type-safe SQL code generation.

Database Migrations

Migrations are embedded in the binary and run automatically on application startup. The CLI also provides migration management commands (migrate up, migrate down, migrate status).

Creating New Migrations

# Install goose CLI tool
go install github.com/pressly/goose/v3/cmd/goose@latest

# Create a new migration
cd internal/db/migrations
goose create your_migration_name sql

sqlc Code Generation

sqlc generates type-safe Go code from SQL queries and migration files. Database models and query methods are automatically generated from the migration schema and SQL files in internal/db/queries/.

# Regenerate sqlc code after schema or query changes
cd internal/db && sqlc generate

Building and publishing container image

Building and publishing the container image is done using Docker Buildx. This allows us to build multi-platform images for both ARM64 and AMD64 architectures.

docker buildx build \
  --platform linux/arm64,linux/amd64 \
  -t git.coopcloud.tech/wiki-cafe/member-console:latest \
  -t git.coopcloud.tech/wiki-cafe/member-console:$(date +%Y-%m-%d) \
  --push \
  .

Deploying image to production

Generating Secrets

To generate secure values for session-secret and csrf-secret, use the following commands:

For session-secret (a base64-encoded random string):

openssl rand -base64 32

Example output:

rJcniy2aWl3vwBcrMJfqsTL+Wys7EwDx/RC+DRrKcYg=

For csrf-secret (a 32-character hexadecimal string):

openssl rand -hex 16

Example output:

e157b42a5b608882179cb4ac69c12f84

Ensure these secrets are securely stored and persisted for application use.

Development notes:

  • Make sure viper's 'env' key will work correctly in production
  • Should session-secret and csrf-secret be generated on startup instead of in the config file? They should be persisted nonetheless. Do they need to be rotated?
  • Add remove trailing slash middleware if we start using more custom handlers that don't end with a slash
  • Add tests
    • CSRF
    • Logging
    • compression
    • recovery
    • request ID
    • timeout
    • secure headers and CORS
  • Auth setup sanity check. Review code.
    • Remove keycloak specific code
    • Implement backchannel logout: When a user logs out of the application, the application should notify the identity provider to log the user out of the identity provider as well.
    • Auth session timeout should match security policy
    • Rate limiting on login attempts
    • Subresource Integrity (SRI) for CDN assets
  • Serve HTMX assets not from CDN
  • Find out if timeout middleware is actually needed or if net/http handles it
  • Custom error pages
  • ConnectAndMigrate should make a backup of the database before running migrations
Description
Member console application for users to create, acccess, and manage their accounts associated with the Wiki Cafe MSC.
Readme 527 KiB
Languages
Go 93.1%
HTML 4.8%
Dockerfile 1.3%
Makefile 0.8%