Skip to content

mithila-abhayasinghe/GIAM

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
cmd/server
cmd/server
 
 
internal
internal
 
 
migrations
migrations
 
 
.env.example
.env.example
 
 
Dockerfile
Dockerfile
 
 
README.md
README.md
 
 
docker-compose.yml
docker-compose.yml
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 

Repository files navigation

GIAM — Go Identity & Access Management

A simple Identity and Access Management (IAM) system built with Go. This project shows how to handle user authentication, roles, and permissions in a backend service.

This is a learning project. Some parts are simplified for clarity.

What is this?

An IAM system manages who users are and what they can do:

  • Login/Register: Users create accounts and log in
  • Roles: Assign roles like "admin" or "user" to people
  • Permissions: Control what each role can do (read users, delete users, etc.)
  • Audit logs: Track who did what and when

Architecture Idea

The project uses something called Hexagonal Architecture. The idea is simple:

  • Core (middle): All the business logic. No database stuff, no HTTP stuff.
  • Ports (circle edge): Interfaces that say "I need a way to store users" or "I need a way to generate tokens"
  • Adapters (outside): Actual implementations. PostgreSQL adapter for storing users, JWT adapter for tokens, etc.

Why? Makes testing easy. Want to test login without a real database? Use a fake adapter. Want to switch databases? Just swap the adapter.

Getting Started

Quick Start

# Using Docker
docker-compose up

# Server runs on http://localhost:8080

Manual Setup

  1. Start PostgreSQL and Redis

  2. Create database:

    psql -U postgres
CREATE DATABASE iam;

  3. Run migrations:

    psql -U iam -d iam -f migrations/001_init.sql

  4. Run the server:

    go run cmd/server/main.go

API Endpoints

Auth

  • POST /auth/register - Create account
  • POST /auth/login - Get tokens
  • POST /auth/refresh - Get new access token

Users

  • GET /users/me - Get current user
  • GET /users - List all users
  • PUT /users/:id - Update user

Roles

  • POST /roles - Create role
  • GET /roles - List roles
  • POST /roles/:id/permissions - Add permission to role

Audit

  • GET /audit - View audit logs

How It Works

  1. User registers with email and password
  2. Password is hashed with bcrypt and stored
  3. User logs in with email/password
  4. Server creates JWT token and returns it
  5. User sends token in Authorization: Bearer <token> header
  6. Server validates token and lets request through
  7. All actions (login, create user, etc.) are logged to audit table

Key Files

  • internal/core/services/auth_service.go - Login/register logic
  • internal/core/services/rbac_service.go - Role/permission logic
  • internal/adapters/postgres/ - Database queries
  • internal/adapters/http/ - REST endpoints
  • internal/adapters/auth/jwt/ - JWT token stuff

Environment Variables

SERVER_ADDR=:8080
DB_HOST=localhost
DB_PORT=5432
DB_USER=iam
DB_PASS=iam
DB_NAME=iam
REDIS_ADDR=localhost:6379
JWT_SECRET=super-secret-key

Testing

go test ./...

Tests use mock adapters instead of real database.

What I Learned

Building this project taught me:

  • Implementing GO backends
  • Separation of concerns (core logic vs infrastructure)
  • Advanced JWT Tokens
  • role-based access control

Future Ideas

  • Add SAML support
  • Add OAuth2 flows
  • Add 2FA
  • Better error messages
  • Rate limiting

About

Go Identity & Access Management System

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages