From 275d3df3f10941eee55bf7e0dd97a3a9b21ae0bf Mon Sep 17 00:00:00 2001
From: fabio <prada.fabio@gmail.com>
Date: Sun, 22 Feb 2026 20:36:47 +0100
Subject: [PATCH] some docs

---
 pitch.md                 | 51 ++++++++++++++++++++++++++
 security.md              | 77 ++++++++++++++++++++++++++++++++++++++++
 secutity architecture.md | 37 +++++++++++++++++++
 temp.html                | 13 -------
 4 files changed, 165 insertions(+), 13 deletions(-)
 create mode 100644 pitch.md
 create mode 100644 security.md
 create mode 100644 secutity architecture.md
 delete mode 100644 temp.html

diff --git a/pitch.md b/pitch.md
new file mode 100644
index 0000000..4b79ba8
--- /dev/null
+++ b/pitch.md
@@ -0,0 +1,51 @@
+
+
+## Technical Pitch
+
+GoFiber Secure MVC Starter is a production-grade, server-first web application foundation.
+
+It combines:
+
+- Clean MVC layering
+- HTMX progressive enhancement
+- Web Components for reusable UI
+- Secure authentication flows
+- Role-based access control
+- Full audit logging
+- Environment-driven configuration
+- Database abstraction via GORM
+- Secure email workflows
+
+It eliminates frontend complexity while maintaining modern UX.
+
+---
+
+## Business Pitch
+
+This starter provides:
+
+- Faster time-to-market
+- Reduced security risk
+- Maintainable architecture
+- Easy onboarding for backend developers
+- Lower frontend maintenance overhead
+- Clear separation of public/private/admin areas
+
+Ideal for:
+- SaaS products
+- Admin dashboards
+- Internal enterprise tools
+- Secure web platforms
+
+---
+
+# Stato del Progetto
+
+You now have:
+
+✔ Secure auth system  
+✔ Production-ready structure  
+✔ Audit traceability  
+✔ Modular extensibility  
+✔ Clear separation of concerns  
+
diff --git a/security.md b/security.md
new file mode 100644
index 0000000..332eb64
--- /dev/null
+++ b/security.md
@@ -0,0 +1,77 @@
+# Security Policy
+
+## Overview
+
+This project implements a layered security model with:
+
+- Secure password hashing (bcrypt)
+- Hashed verification and reset tokens (SHA-256)
+- Role-based authorization
+- Audit logging
+- Environment-based email handling
+- Configurable CORS
+
+---
+
+## Authentication
+
+Passwords are hashed using bcrypt before storage.
+
+Email verification is required before login.
+
+Reset and verification tokens:
+- Random 32+ bytes
+- SHA-256 hashed before database storage
+- Expiration enforced
+- One-time use
+
+---
+
+## Authorization
+
+Access control enforced via middleware:
+
+- RequireAuth
+- RequireAdmin
+
+No authorization logic is implemented in templates.
+
+---
+
+## Session Security
+
+- HttpOnly cookies
+- SameSite=Lax
+- Secure flag enabled in production
+- Session key configured via environment variable
+
+---
+
+## Email Security
+
+Develop mode:
+- Emails are written to filesystem
+- No external transmission
+
+Production mode:
+- SMTP authenticated delivery
+
+---
+
+## Audit Logging
+
+The system logs:
+- Signup
+- Login
+- Email verification
+- Password reset
+- Admin actions
+
+Logs contain:
+- UserID
+- Action
+- Entity
+- EntityID
+- IP
+- UserAgent
+- Timestamp
diff --git a/secutity architecture.md b/secutity architecture.md
new file mode 100644
index 0000000..03e823c
--- /dev/null
+++ b/secutity architecture.md	
@@ -0,0 +1,37 @@
+                          ┌─────────────────────────────┐
+                          │           Browser           │
+                          │  HTML + HTMX + UI Kit       │
+                          └──────────────┬──────────────┘
+                                         │
+                                 HTTPS (TLS)
+                                         │
+                          ┌──────────────▼──────────────┐
+                          │        GoFiber App          │
+                          ├─────────────────────────────┤
+                          │  CORS Middleware            │
+                          │  Session Middleware         │
+                          │  CSRF (optional)            │
+                          │  Rate Limiter (Auth)        │
+                          └──────────────┬──────────────┘
+                                         │
+                     ┌───────────────────▼───────────────────┐
+                     │        Auth & Authorization            │
+                     │  - RequireAuth                        │
+                     │  - RequireAdmin                       │
+                     │  - Role validation                    │
+                     └───────────────────┬───────────────────┘
+                                         │
+                     ┌───────────────────▼───────────────────┐
+                     │        Business Layer (Services)      │
+                     └───────────────────┬───────────────────┘
+                                         │
+                     ┌───────────────────▼───────────────────┐
+                     │        Repository Layer (GORM)        │
+                     └───────────────────┬───────────────────┘
+                                         │
+                     ┌───────────────────▼───────────────────┐
+                     │              Database                 │
+                     │ - Users (bcrypt passwords)            │
+                     │ - Token hashes (SHA-256)              │
+                     │ - AuditLog                            │
+                     └───────────────────────────────────────┘
\ No newline at end of file
diff --git a/temp.html b/temp.html
deleted file mode 100644
index 6116e8a..0000000
--- a/temp.html
+++ /dev/null
@@ -1,13 +0,0 @@
-<nav class="flex items-center justify-between px-6 md:px-16 lg:px-24 xl:px-32 py-4 border-b border-gray-300 bg-white relative transition-all">
-    <a href="https://prebuiltui.com">
-        <img class="h-9" src="https://raw.githubusercontent.com/prebuiltui/prebuiltui/main/assets/dummyLogo/dummyLogoColored.svg" alt="dummyLogoColored">
-    </a>
-
-    
-    <div class="hidden sm:flex items-center gap-8">
-
-        <button class="cursor-pointer px-8 py-2 bg-indigo-500 hover:bg-indigo-600 transition text-white rounded-full">
-            Login
-        </button>
-    </div>
-</nav>
\ No newline at end of file