User Authentication System in GO [closed]

Question

Does a pre-made user authentication system exist in Go?

I am coming from a Ruby background, and I would really like to see something similar to Ruby on Rails' device which is a complete user management system. It takes care of everything from creating forms to hashing and salting passwords. It also takes care of storing data to the database, setting up sessions and more.

I have found that there is package called goth which allows for social logins (facebook, twitter ++) but it does not handle storage of the user credentials. It also does not allow for "normal" signup with email + password.

All I can seem to find on this topic for Go is some tutorials on how to make your own basic, very unsafe, user login system.

I would really love to see a system which takes care of the user auth as well as allows for social login via OAuth/OAuth2. Does anything like this exist?

The solution I am after would most likely be part of, or a plugin for, a Go web framework.

Background

I am considering moving my Rails app over to a higher performance framework because my current rails app is using way to much RAM. Thus my eyes went to Go. However, without a solid user auth system I can't convert to Go. To make your own user auth system is not a very good practice.

Answer 1

Short answer: no.

Long answer: Ruby on Rails is a framework, Go is a language. Making a "universal" authentication system for Go would be a huge task and/or would have to be very opinionated by design, as most auth systems rely on a session store and/or database. Rails can do this (with libs. like Devise) because parts of the framework like ActiveRecord and ActionController provide an abstract API that Devise can talk to.

For the most part, you'll need to tie together a few libraries to get what you need w/ Go. "Gluing" things together is a commonly preferred way to do things, and monolithic/kitchen sink frameworks aren't typically favoured.

Some suggestions for libraries:

• https://github.com/markbates/goth (an OAuth/OAuth2 package)
• http://www.gorillatoolkit.org/pkg/sessions (user sessions)
• https://godoc.org/golang.org/x/crypto/bcrypt (password hashing)
• https://goji.io/ (a micro-framework [think: Sinatra-level] w/ a solid middleware API)
• https://github.com/jmoiron/sqlx (a convenience wrapper for Go's standard database/sql package)
• http://www.gorillatoolkit.org/pkg/schema (a POST form to Go struct library)

These won't give you distinct user types, write your queries for you, etc. I found writing my own "two user level" (regular vs. admin) auth to be fairly straightforward using server-side sessions, a single User table and a piece of HTTP middleware that wraps "need auth" routes and inspects the session, else it re-directs users to a login page (and saves the current URL for a re-direct after).