Authentication

[lewinkedrs]

Hey there, really enjoying your project. How do you recommend the best way to go about authentication would be? Escape into javascript and handle it in the client? Call on a go route and handle on the server? It would be really cool in the htmgo template starter to see your opinionated way of doing auth just with something basic like sqlite. That takes a lot of boilerplate out of things kind of like rails, django, etc. I do understand that generally in the go ecosystem we keep these things more flexible. Just was curious on your opinions, again thanks for making this!

[maddalax]

Hey, thanks for using it!

For authentication, I think the simplest route would be to store users in your database (sqlite or pg, or whatever), and use cookies to store a sessionId

Something like:

users:
id
username (or email)
password (hashed with bcrypt or some good algo)

auth_tokens:
user_id
token

Have a page that allows a user to register acc / login, and then the backend can verify the password, create an auth token, and use the h.RequestContext to set the auth token as a cookie on the response

From there on you can look up the auth token from the cookie and get the user id associated from that

I could probably make a sample authentication flow using it to show how it may work

[lewinkedrs]

A sample would be awesome! But totally understand there are probably a hundred other things to prioritize first. Cheers!

[maddalax]

I'l see if I can get something built in the next couple days, its definitely useful to see authentication, as every app needs it

[maddalax]

@lewinkedrs I just released a new example for basic authentication in htmgo, https://htmgo.dev/examples here at the top of the examples page

[lewinkedrs]

Wow thanks for this, exactly what I was looking for and simpler than I thought.