fabio
/
backend-server-v2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

some docs

This commit is contained in:
fabio 2026-02-22 20:36:47 +01:00
parent 83e85bf899
commit 275d3df3f1
4 changed files with 165 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
pitch.md Normal file
View File

@ -0,0 +1,51 @@
## Technical Pitch
GoFiber Secure MVC Starter is a production-grade, server-first web application foundation.
It combines:
- Clean MVC layering
- HTMX progressive enhancement
- Web Components for reusable UI
- Secure authentication flows
- Role-based access control
- Full audit logging
- Environment-driven configuration
- Database abstraction via GORM
- Secure email workflows
It eliminates frontend complexity while maintaining modern UX.
---
## Business Pitch
This starter provides:
- Faster time-to-market
- Reduced security risk
- Maintainable architecture
- Easy onboarding for backend developers
- Lower frontend maintenance overhead
- Clear separation of public/private/admin areas
Ideal for:
- SaaS products
- Admin dashboards
- Internal enterprise tools
- Secure web platforms
---
# Stato del Progetto
You now have:
✔ Secure auth system
✔ Production-ready structure
✔ Audit traceability
✔ Modular extensibility
✔ Clear separation of concerns

77
security.md Normal file
View File

@ -0,0 +1,77 @@
# Security Policy
## Overview
This project implements a layered security model with:
- Secure password hashing (bcrypt)
- Hashed verification and reset tokens (SHA-256)
- Role-based authorization
- Audit logging
- Environment-based email handling
- Configurable CORS
---
## Authentication
Passwords are hashed using bcrypt before storage.
Email verification is required before login.
Reset and verification tokens:
- Random 32+ bytes
- SHA-256 hashed before database storage
- Expiration enforced
- One-time use
---
## Authorization
Access control enforced via middleware:
- RequireAuth
- RequireAdmin
No authorization logic is implemented in templates.
---
## Session Security
- HttpOnly cookies
- SameSite=Lax
- Secure flag enabled in production
- Session key configured via environment variable
---
## Email Security
Develop mode:
- Emails are written to filesystem
- No external transmission
Production mode:
- SMTP authenticated delivery
---
## Audit Logging
The system logs:
- Signup
- Login
- Email verification
- Password reset
- Admin actions
Logs contain:
- UserID
- Action
- Entity
- EntityID
- IP
- UserAgent
- Timestamp

37
secutity architecture.md Normal file
View File

@ -0,0 +1,37 @@
┌─────────────────────────────┐
│ Browser │
│ HTML + HTMX + UI Kit │
└──────────────┬──────────────┘
HTTPS (TLS)
┌──────────────▼──────────────┐
│ GoFiber App │
├─────────────────────────────┤
│ CORS Middleware │
│ Session Middleware │
│ CSRF (optional) │
│ Rate Limiter (Auth) │
└──────────────┬──────────────┘
┌───────────────────▼───────────────────┐
│ Auth & Authorization │
│ - RequireAuth │
│ - RequireAdmin │
│ - Role validation │
└───────────────────┬───────────────────┘
┌───────────────────▼───────────────────┐
│ Business Layer (Services) │
└───────────────────┬───────────────────┘
┌───────────────────▼───────────────────┐
│ Repository Layer (GORM) │
└───────────────────┬───────────────────┘
┌───────────────────▼───────────────────┐
│ Database │
│ - Users (bcrypt passwords) │
│ - Token hashes (SHA-256) │
│ - AuditLog │
└───────────────────────────────────────┘

13
temp.html
View File

@ -1,13 +0,0 @@
<nav class="flex items-center justify-between px-6 md:px-16 lg:px-24 xl:px-32 py-4 border-b border-gray-300 bg-white relative transition-all">
<a href="https://prebuiltui.com">
<img class="h-9" src="https://raw.githubusercontent.com/prebuiltui/prebuiltui/main/assets/dummyLogo/dummyLogoColored.svg" alt="dummyLogoColored">
</a>
<div class="hidden sm:flex items-center gap-8">
<button class="cursor-pointer px-8 py-2 bg-indigo-500 hover:bg-indigo-600 transition text-white rounded-full">
Login
</button>
</div>
</nav>