ref-app

module
v0.0.0-...-c157d14 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 27, 2025 License: MIT

README ΒΆ

ref-app

Go Version PostgreSQL License

Reference Application Template - A production-ready Go web application foundation with complete authentication, security, and internationalization. Clone this template to quickly start new projects with a solid foundation.

🎯 What is ref-app?

ref-app is a template, not a framework. It's a complete, working web application that you clone and customize for your specific needs. Unlike starting from scratch, you get:

  • βœ… Complete authentication system - Login, registration, 2FA, password reset
  • βœ… Admin panel - User management, role-based access control
  • βœ… Internationalization - 4 languages (German default: DE, EN, NL, AF)
  • βœ… Security - CSRF protection, rate limiting, encryption
  • βœ… Modern UI - htmx + Alpine.js + Tailwind CSS
  • βœ… Production-ready - Logging, migrations, health checks

Don't rebuild what already works. Clone ref-app, build your features on top.

πŸš€ Quick Start: Clone a New Project

Step 1: Clone ref-app for your project
cd /path/to/ref-app/clone
./clone_ref_app.sh myproject "My awesome project description"
Step 2: Set up your new project
cd myproject
cp .env.example .env
# Edit .env - set database credentials, generate encryption keys

createdb myproject
make migrate-up

go build -o bin/myproject cmd/api/main.go
./bin/myproject
Step 3: Start building features

The foundation is ready - now build your project-specific features!

πŸ“š Documentation

✨ What's Included

Authentication & Security

  • User Management

    • Registration and login
    • Email verification workflow
    • Password reset with tokens
    • Secure password hashing (bcrypt cost 12)

  • Two-Factor Authentication (2FA)

    • TOTP-based (works with Google Authenticator, Authy, etc.)
    • QR code setup
    • Recovery codes
    • Mandatory 2FA enforcement

  • Session Management

    • Secure session cookies
    • Session cleanup (automatic)
    • Multi-device support
    • Activity logging

  • Security Features

    • CSRF protection
    • Rate limiting (configurable per endpoint)
    • AES-256-GCM encryption for sensitive data
    • Secure headers (CSP, X-Frame-Options, etc.)
    • Activity audit logging
Admin Panel

  • User Management

    • List, search, filter users
    • Create, edit, deactivate users
    • Role management (super_admin, admin, moderator, customer)
    • Session monitoring
    • View user activity history

  • System Configuration

    • Email server settings (SMTP)
    • Site branding (name, colors, logo)
    • Feature flags
    • Health monitoring
Internationalization (i18n)

  • 4 Languages Supported

    • πŸ‡©πŸ‡ͺ German (default)
    • πŸ‡¬πŸ‡§ English
    • πŸ‡³πŸ‡± Dutch
    • πŸ‡ΏπŸ‡¦ Afrikaans

  • 544 translation keys per language

  • Language switcher component

  • User-specific language preferences

  • URL/cookie/database preference support

Developer Experience

  • Database

    • PostgreSQL with migrations (golang-migrate)
    • Connection pooling
    • Prepared statements
    • GORM-free (uses database/sql)

  • Testing

    • Unit tests
    • Integration tests with testcontainers
    • Handler tests
    • Code coverage reporting

  • Development Tools

    • Hot reload with air
    • Makefile for common tasks
    • Database migrations up/down
    • Seed data scripts

  • CI/CD

    • GitHub Actions workflow
    • Automated testing
    • Security scanning (gosec, govulncheck)
    • Multi-platform builds
Tech Stack
  • Backend: Go 1.21+ with PostgreSQL 15+
  • Frontend: HTML templates + htmx 2.0 + Alpine.js 3.14 + Tailwind CSS
  • Auth: Session-based (not JWT)
  • Email: SMTP with templates
  • Logging: Structured logging with zerolog

πŸ› οΈ Development

Prerequisites
  • Go 1.21 or higher
  • PostgreSQL 15 or higher
  • make (optional, for Makefile commands)
Local Development
# Clone the repository (for development on ref-app itself)
git clone https://github.com/namaqua/ref-app.git
cd ref-app

# Set up environment
cp .env.example .env
# Edit .env with your settings

# Create database
createdb ref_app
make migrate-up

# Run with hot reload
air

# Or build and run
go build -o bin/ref-app cmd/api/main.go
./bin/ref-app
Running Tests
# All tests
go test ./...

# With coverage
go test -cover ./...

# Specific package
go test ./internal/auth -v

# Integration tests (requires Docker)
go test -tags=integration ./tests/integration/...
Database Migrations
# Create new migration
make migrate-create name=add_users_table

# Run migrations
make migrate-up

# Rollback
make migrate-down

# Check status
make migrate-status

🎨 UI/UX Design

ref-app follows modern web design principles:

  • Clean & Minimal - Focused, uncluttered interfaces
  • Responsive - Works on mobile, tablet, desktop
  • Accessible - WCAG 2.1 AA compliant
  • Modern Stack - htmx for interactivity, Alpine.js for reactivity, Tailwind for styling

Design System: See notes/engine-ui.md for colors, typography, and component guidelines

πŸ“ Project Structure

ref-app/
β”œβ”€β”€ cmd/
β”‚   └── api/              # Application entry point
β”œβ”€β”€ internal/             # Private application code
β”‚   β”œβ”€β”€ auth/            # Authentication & authorization
β”‚   β”œβ”€β”€ twofa/           # Two-factor authentication
β”‚   β”œβ”€β”€ admin/           # Admin panel handlers
β”‚   β”œβ”€β”€ customer/        # Customer dashboard
β”‚   β”œβ”€β”€ settings/        # User settings
β”‚   β”œβ”€β”€ i18n/            # Internationalization
β”‚   β”œβ”€β”€ templates/       # Template system
β”‚   β”œβ”€β”€ email/           # Email service
β”‚   β”œβ”€β”€ encryption/      # Data encryption
β”‚   β”œβ”€β”€ ratelimit/       # Rate limiting
β”‚   β”œβ”€β”€ logging/         # Structured logging
β”‚   β”œβ”€β”€ audit/           # Activity auditing
β”‚   └── middleware/      # HTTP middleware
β”œβ”€β”€ migrations/          # Database migrations
β”œβ”€β”€ internal/templates/  # HTML templates
β”œβ”€β”€ static/             # Static assets (CSS, JS, fonts)
β”œβ”€β”€ tests/              # Integration tests
β”œβ”€β”€ clone/              # πŸ“¦ Cloning tools
β”‚   β”œβ”€β”€ clone_ref_app.sh
β”‚   β”œβ”€β”€ README.md
β”‚   └── USAGE.md
β”œβ”€β”€ .claude/            # AI assistant agents
└── notes/              # Documentation & scripts

πŸ” Security

ref-app takes security seriously:

  • βœ… Secure by default - CSRF, secure headers, HTTPS redirect
  • βœ… No SQL injection - Prepared statements everywhere
  • βœ… No XSS - Template auto-escaping
  • βœ… Rate limiting - Protect against brute force
  • βœ… Encryption - AES-256-GCM for sensitive data
  • βœ… Audit logging - Track all security-relevant events
  • βœ… Regular scanning - gosec and govulncheck in CI
Security Scanning
# Run security scanner
make security-scan

# Check for vulnerabilities
make vuln-check

🌍 Internationalization

Adding new languages:

  1. Copy an existing TOML file: internal/i18n/locales/en.toml
  2. Translate all keys to your language
  3. Add language code to IsValidLanguage() in middleware.go
  4. Test with ?lang=xx URL parameter

πŸ“¦ Cloning for New Projects

This is the recommended way to use ref-app:

cd ref-app/clone
./clone_ref_app.sh mynewapp "My new application description"

The script will:

  • Copy the entire ref-app directory
  • Update all references (go.mod, README, etc.)
  • Create fresh documentation
  • Initialize a clean git repository
  • Commit with descriptive message

See clone/README.md for full documentation.

🀝 Contributing

We welcome contributions! See CONTRIBUTING.md for guidelines.

Development Workflow
  1. Fork the repository
  2. Create a feature branch
  3. Make your changes
  4. Run tests and linters
  5. Submit a pull request
Code Standards
  • Go code formatted with gofmt
  • Run go vet and fix issues
  • Test coverage > 70%
  • All public functions documented
  • Commit messages follow conventional commits

πŸ“„ License

MIT License - see LICENSE file for details.

πŸ™ Acknowledgments

ref-app builds on excellent open-source projects:

πŸ†˜ Support

Remember: ref-app is a template, not a framework. Clone it, customize it, make it yours!

πŸš€ Ready to start? cd clone && ./clone_ref_app.sh myproject "My project"

Directories ΒΆ

Path Synopsis
cmd
api command
tools/data-retention command
Data Retention Tool
 Data Retention Tool
tools/migrate-encryption command
tools/rotate-keys command
rotate-keys is a command-line tool for rotating encryption keys.
 rotate-keys is a command-line tool for rotating encryption keys.
tools/test-totp command
internal
activity
admin
audit
auth
cache
compliance
Package compliance implements GDPR/CCPA data export and compliance features.
 Package compliance implements GDPR/CCPA data export and compliance features.
config
customer
database
email
encryption
Package encryption provides field-level encryption for sensitive data at rest.
 Package encryption provides field-level encryption for sensitive data at rest.
httputil
i18n
logging
middleware
ratelimit
services
settings
sitesettings
templates
twofa
validation
tests
integration
mocks

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.