- A centralized platform for busy airports and malls to manage parking zones, specifically handling the high-demand reservation of limited EV charging spots.
| Technology | Note |
|---|---|
| Go (Golang) | Version 1.22 or higher |
| Echo | github.com/labstack/echo/v5 (High performance, minimalist web framework) |
| GORM | gorm.io/gorm (ORM for Go, use PostgreSQL driver) |
| PostgreSQL | Relational database (NeonDB, or Supabase) |
| Validator | github.com/go-playground/validator/v10 (Struct validation, integrated with Echo) |
| JWT | github.com/golang-jwt/jwt/v5 (Standard token generation & verification) |
| bcrypt | golang.org/x/crypto/bcrypt (Password hashing, cost 10-12) |
You must separate your concerns into distinct layers. Handlers must NOT talk to the database directly.
| Layer | Directory | Responsibility |
|---|---|---|
| DTO | dto/ |
Data Transfer Objects. Define request payloads and response structures. Never expose GORM models directly to the API. |
| Handler | handler/ |
HTTP layer. Binds/validates DTOs, extracts JWT claims from Echo context, calls Service, returns HTTP JSON responses. |
| Service | service/ |
Business logic. Hashes passwords, generates JWTs, enforces rules (e.g., checking parking capacity), calls Repository. |
| Repository | repository/ |
Data access. All GORM database operations (CRUD, Transactions, Row Locks). |
| Models | models/ |
GORM structs representing database tables. |
💡 Dependency Injection: In your
main.go, you must manually wire the layers: Instantiate Repository → Pass to Service → Pass to Handler.
| Role | Allowed Actions |
|---|---|
| driver | • Register and log in • View all parking zones and availability • Reserve a parking/EV spot • View and cancel their own reservations |
| admin | • All driver permissions • Create, update, and delete parking zones • Set pricing for zones • View all reservations in the system |
- JWT Flow: Client sends credentials → Server validates & compares bcrypt hash → Server returns signed JWT → Client attaches token to
Authorization: Bearer <token>header → Server middleware verifies signature & injects user data into Echo Context. - Security Rules:
- Passwords are never exposed in responses or logs.
- Protected endpoints reject requests without a valid JWT (401 Unauthorized).
- Role verification occurs in the Handler or Middleware before calling the Service (403 Forbidden).