Skip to content

progmamun/SpotSync-Golang-Backend

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

20 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

SpotSync-Golang-Backend

  • A centralized platform for busy airports and malls to manage parking zones, specifically handling the high-demand reservation of limited EV charging spots.


🛠️ Technology Stack

Technology Note
Go (Golang) Version 1.22 or higher
Echo github.com/labstack/echo/v5 (High performance, minimalist web framework)
GORM gorm.io/gorm (ORM for Go, use PostgreSQL driver)
PostgreSQL Relational database (NeonDB, or Supabase)
Validator github.com/go-playground/validator/v10 (Struct validation, integrated with Echo)
JWT github.com/golang-jwt/jwt/v5 (Standard token generation & verification)
bcrypt golang.org/x/crypto/bcrypt (Password hashing, cost 10-12)

🏛️ Clean Architecture Rules (Strict)

You must separate your concerns into distinct layers. Handlers must NOT talk to the database directly.

Layer Directory Responsibility
DTO dto/ Data Transfer Objects. Define request payloads and response structures. Never expose GORM models directly to the API.
Handler handler/ HTTP layer. Binds/validates DTOs, extracts JWT claims from Echo context, calls Service, returns HTTP JSON responses.
Service service/ Business logic. Hashes passwords, generates JWTs, enforces rules (e.g., checking parking capacity), calls Repository.
Repository repository/ Data access. All GORM database operations (CRUD, Transactions, Row Locks).
Models models/ GORM structs representing database tables.

💡 Dependency Injection: In your main.go, you must manually wire the layers: Instantiate Repository → Pass to Service → Pass to Handler.


👥 User Roles & Permissions

Role Allowed Actions
driver • Register and log in
• View all parking zones and availability
• Reserve a parking/EV spot
• View and cancel their own reservations
admin • All driver permissions
• Create, update, and delete parking zones
• Set pricing for zones
• View all reservations in the system

🔐 Authentication & Authorization System

  • JWT Flow: Client sends credentials → Server validates & compares bcrypt hash → Server returns signed JWT → Client attaches token to Authorization: Bearer <token> header → Server middleware verifies signature & injects user data into Echo Context.
  • Security Rules:
    • Passwords are never exposed in responses or logs.
    • Protected endpoints reject requests without a valid JWT (401 Unauthorized).
    • Role verification occurs in the Handler or Middleware before calling the Service (403 Forbidden).

About

No description, website, or topics provided.

Resources

Stars

0 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors

Languages