wiki-cafe/member-console

Go to file

Christian Galo 227cadef99 Fix date format in DATE_TAG

2025-05-19 00:10:40 -05:00

Rename hostname to base-url for accuracy

2025-05-18 18:32:26 -05:00

Refactor navbar structure for better responsiveness and clarity

2025-05-19 00:06:38 -05:00

Rename hostname to base-url for accuracy

2025-05-18 18:32:26 -05:00

.dockerignore

Set up first container image build process with instructions.

2025-05-17 11:06:07 -05:00

.gitignore

Add decompression middleware and tests for gzip handling

2025-05-01 01:34:25 -05:00

Dockerfile

Set up first container image build process with instructions.

2025-05-17 11:06:07 -05:00

go.mod

Update go.mod and go.sum to remove indirect dependencies and add new ones

2025-05-01 01:38:12 -05:00

go.sum

Update go.mod and go.sum to remove indirect dependencies and add new ones

2025-05-01 01:38:12 -05:00

LICENSE

Add initial implementation of member-console application with basic commands

2025-02-20 00:25:58 -06:00

main.go

Add initial implementation of member-console application with basic commands

2025-02-20 00:25:58 -06:00

Makefile

Fix date format in DATE_TAG

2025-05-19 00:10:40 -05:00

README.md

Set up first container image build process with instructions.

2025-05-17 11:06:07 -05:00

README.md

member-console

Member console application for users to create, acccess, and manage their accounts associated with the Wiki Cafe MSC (multi-stakeholder co-operative).

Development notes:

Make sure viper's 'env' key will work correctly in production
Should session-secret and csrf-secret be generated on startup instead of in the config file? They should be persisted nonetheless. Do they need to be rotated?
Add remove trailing slash middleware if we start using more custom handlers that don't end with a slash
Add tests
- CSRF
- Logging
- compression
- recovery
- request ID
- timeout
- secure headers and CORS
Auth setup sanity check. Review code.
- Remove keycloak specific code
- Implement backchannel logout: When a user logs out of the application, the application should notify the identity provider to log the user out of the identity provider as well.
- Auth session timeout should match security policy
- Rate limiting on login attempts
- Subresource Integrity (SRI) for CDN assets
Serve HTMX assets not from CDN
Find out if timeout middleware is actually needed or if net/http handles it

Building and publishing container image

Building and publishing the container image is done using Docker Buildx. This allows us to build multi-platform images for both ARM64 and AMD64 architectures.

docker buildx build \
  --platform linux/arm64,linux/amd64 \
  -t git.coopcloud.tech/wiki-cafe/member-console:latest \
  -t git.coopcloud.tech/wiki-cafe/member-console:$(date +%Y-%m-%d) \
  --push \
  .

Deploying image to production

Generating Secrets

To generate secure values for session-secret and csrf-secret, use the following commands:

For session-secret (a base64-encoded random string):

openssl rand -base64 32

Example output:

rJcniy2aWl3vwBcrMJfqsTL+Wys7EwDx/RC+DRrKcYg=

For csrf-secret (a 32-character hexadecimal string):

openssl rand -hex 16

Example output:

e157b42a5b608882179cb4ac69c12f84

Ensure these secrets are securely stored and persisted for application use.