User Authentication System

A complete authentication system built with Go, featuring email/password login, Google OAuth, and profile management.

What's Inside:

This is a straightforward auth system that handles:

• User signup and login with email/password
• Google OAuth integration
• User profiles with editing capabilities
• Session management
• Protected routes

The backend is pure Go (no frameworks), with MySQL for data storage and server-rendered HTML templates for the frontend.

Tech Stack:

Backend:

• Go 1.21+ (standard library only, no frameworks)
• MySQL/ TiDB(cloud mysql instance) for database.
• JWT tokens for API authentication.
• Session cookies for web authentication.

Frondend/ui:

• Go HTML templates
• Vanilla JavaScript (no frameworks)
• Basic CSS

Project Structure:

├── cmd/
│   ├── api/          # REST API server
│   ├── web/          # Web application server
│   └── setup/        # Database setup utility
├── internal/
│   ├── api/          # API handlers and routes
│   ├── web/          # Web handlers and routes
│   ├── models/       # Data structures
│   ├── services/     # Business logic
│   ├── repository/   # Database operations
│   ├── database/     # DB connection
│   └── utils/        # Helper functions
├── web/
│   ├── templates/    # HTML templates
│   └── static/       # CSS and JS files
└── tests/            # Unit tests

Set up :

Prerequisites:

• Go 1.21 or higher
• MySQL 5.7+ or TiDB Cloud account
• (Optional) Google OAuth credentials for social login

Installation:

1. Clone the repository:

git clone https://bitbucket.org/kunalkumar-1/ku_ku.git
cd ku_ku

2. Install dependencies:

go mod download

3. Set up your database. If using TiDB Cloud or remote MySQL:

go run cmd/setup/main.go

Or if using local MySQL:

mysql -u root -p < scripts/setup_db.sql

4. Configure environment variables:

export DB_HOST=your-db-host
export DB_PORT=4000
export DB_USER=your-db-user
export DB_PASSWORD=your-db-password
export DB_NAME=test
export JWT_SECRET=some-random-secret-key
export SESSION_KEY=another-random-secret

For Google OAuth (optional):

export GOOGLE_CLIENT_ID=your-client-id
export GOOGLE_CLIENT_SECRET=your-client-secret
export GOOGLE_REDIRECT_URL=http://localhost:8081/auth/google/callback

Running Locally:

You need two terminals - one for the API server, one for the web server.

Terminal 1 (API):

go run cmd/api/main.go

Terminal 2 (Web):

go run cmd/web/main.go

Open your browser to http://localhost:8081

How It Works:

User Flow:

1. User visits the site and sees the login page
2. New users click "Sign up" and create an account
3. After signup, they're directed to fill in their profile (name, phone, email)
4. Once saved, they see their profile page
5. They can edit their profile anytime or logout

Security Features:

• Passwords are hashed with bcrypt (cost factor 14)
• Sessions expire after 24 hours
• Protected routes redirect to login if not authenticated
• JWT tokens for API access
• HttpOnly cookies prevent XSS attacks
• Users can't access profile pages by URL manipulation

API Endpoints:

All API endpoints return JSON.

Health

GET /api/health                #returns the active status

Authentication:

POST /api/auth/signup          # Create new account
POST /api/auth/login           # Login with credentials
POST /api/auth/google/callback # Google OAuth callback

Profile (requires auth header):

GET  /api/profile              # Get user profile
POST /api/profile              # Create profile
PUT  /api/profile              # Update profile

Example API usage: Example API usage:

# Signup (returns JWT token and user_id)
curl -X POST http://localhost:8080/api/auth/signup \
  -H "Content-Type: application/json" \
  -d '{"email":"api@example.com","password":"password123"}'

# Store the token from signup response
TOKEN=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...

# Create profile (required before accessing profile)
curl -X POST http://localhost:8080/api/profile \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"full_name":"API User","telephone":"9876543210","email":"api@example.com"}'

# Get profile
curl -X GET http://localhost:8080/api/profile \
  -H "Authorization: Bearer $TOKEN"

# Update profile
curl -X PUT http://localhost:8080/api/profile \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"full_name":"Updated Name","telephone":"1111111111","email":"api@example.com"}'

# Login (returns JWT token if you need to login again)
curl -X POST http://localhost:8080/api/auth/login \
  -H "Content-Type: application/json" \
  -d '{"email":"api@example.com","password":"password123"}'

Testing:

Run the unit tests:

go test ./tests/unit/...

Tests cover password hashing, input validation.

Deployment:

Live at:

• API: https://ku-ku.onrender.com/
• Web: https://authui.onrender.com

Environment Variables for Production:

Make sure to use strong secrets in production:

# Generate random secrets
openssl rand -base64 32  # for JWT_SECRET
openssl rand -base64 32  # for SESSION_KEY

Database Schema:

users table:

• id - Primary key
• email - Unique, used for login
• password_hash - Bcrypt hashed password
• auth_provider - 'local' or 'google'
• google_id - Google user ID (if using OAuth)
• created_at / updated_at - Timestamps

profiles table:

• id - Primary key
• user_id - Foreign key to users
• full_name - User's full name
• telephone - Phone number
• email - Contact email (can differ from login email)
• created_at / updated_at - Timestamps

Troubleshooting:

"if failed to connect to database"

• Check your DB credentials
• Make sure the database server is running
• Verify network connectivity if using cloud database

"if template not found"

• Make sure you're running from the project root
• Check that web/templates/ directory exists

"if failed to load profile"

• This usually means the profile doesn't exist yet
• You should be redirected to the edit page automatically

if google OAuth not working

• Verify your client ID and secret are correct
• Check the redirect URL matches exactly in Google Console
• Make sure the redirect URL environment variable is set