amitshekhariitbhu / go-backend-clean-architecture Goto Github PK

Hello! Thank you for this repo, it is really helpful. 🎉

I want to ask you about the responsibilities of use cases and controller. If I understood correctly, the controller should have the responsibility of sanitising the input from the route, calling the use case and then returning the response. The use case is the one that contains the business logic.

However, the login use case, is just a wrapper around UserRepository and the actual business logic happens in the LoginController:

[...]
user, err := lc.LoginUsecase.GetUserByEmail(c, request.Email)
	if err != nil {
		c.JSON(http.StatusNotFound, domain.ErrorResponse{Message: "User not found with the given email"})
		return
	}

	if bcrypt.CompareHashAndPassword([]byte(user.Password), []byte(request.Password)) != nil {
		c.JSON(http.StatusUnauthorized, domain.ErrorResponse{Message: "Invalid credentials"})
		return
	}

	accessToken, err := lc.LoginUsecase.CreateAccessToken(&user, lc.Env.AccessTokenSecret, lc.Env.AccessTokenExpiryHour)
	if err != nil {
		c.JSON(http.StatusInternalServerError, domain.ErrorResponse{Message: err.Error()})
		return
	}

	refreshToken, err := lc.LoginUsecase.CreateRefreshToken(&user, lc.Env.RefreshTokenSecret, lc.Env.RefreshTokenExpiryHour)
	if err != nil {
		c.JSON(http.StatusInternalServerError, domain.ErrorResponse{Message: err.Error()})
		return
	}
[...]

Here, the controller decides that first we should fetch the user, then we check if the password is correct and if it is, we generate both an access token and a refresh token. This is the business logic of a login and I feel like it should be in the use case.

Hi Amit!

Thanks for this project! It's a perfect start for newcomers on Go backend development!

I'm preparing a Medium post about DevSecOps best practices and I took your project since you released it recently and have enough code to show security use cases.

I was not able to do that with a fork since most of the tools are not supporting it, but I will create PR to help implement automation if you are OK 👍

This is the list of the changes I already made to my cloned project:

• Use Renovate to update the dependency vulnerabilities with automated PR
• Added pre-commit to enforce check + security scan before committing (Go fmt, GoSec, Checkov, Hadolint, etc.)
• Created a Makefile to the same commands between the local dev and CI/CD pipelines
• Added a GitHub Workflow to test and build the app + code coverage + SonarCloud + SAST scan + versioning + CHANGELOG
• Added a GitHub Workflow to review the PR with ReviewDog
• Added a GitHub Workflow to provide the ScoreCard of the project (how secure is it)
• Added a GitHub Workflow to test the project with GitHub CodeQL (detect security issues like SQL injection, etc.)

These changes are already on the following repo: https://github.com/timoa/secure-go-backend-clean-architecture

I will add the following:

• Postman collection to run the API testing on the CI/CD
• Smoke tests
• OWASP ZAP Proxy scan to check the security of the API (HTTP headers, cookies, etc.)

Hi folks and the author of this project,

I was wondering, while working with my services, I could be to call external APIs using various methods such as REST, RPC, queue, pubsub patterns, etc. And I want to know where put this?

Can you please help me figure this out and make it better?

Hi!
It is considered good form to do code checks with a linter.
I can offer golangci-lint for a typical project.
Arrange a PR?

GiorgosXou/TUIFIManager#84

Hello,
I love your instruction for building this code structure.
Would you mind help us to make codes to connect to the mysqlDb?

Hi,

We have a MongoDB dependency in the controller. You can see here: https://github.com/amitshekhariitbhu/go-backend-clean-architecture/blob/main/api/controller/task_controller.go#L8
Maybe we should consider move the code bellow to other layer:

task.ID = primitive.NewObjectID()
task.UserID, err = primitive.ObjectIDFromHex(userID)

What's your thoughts?

Hi Amit!

Thanks for this perfect project!

May I know how to build mongo db index in this project? Which file should it be in?