A Go-based REST API server for managing users and projects with sharing capabilities. Built with Gin framework and SQLite database.
- User Management: Registration, authentication, and profile management
- Project Management: Create, read, update, and delete projects
- Project Sharing: Share projects with other users with read/write permissions
- Web Interface: Complete frontend with responsive design
- Authentication: JWT-based authentication with secure password hashing
- Database: SQLite with proper schema and migrations
- Security: CORS support, input validation, and SQL injection protection
- Real-time Updates: Dynamic content loading and user feedback
- Go 1.21 or higher
- SQLite3
- Clone the repository:
git clone <repository-url>
cd coral-remote-server- Install dependencies:
go mod tidy- Build and run:
go run .The server will start on http://localhost:8080 by default.
You can run the application using Docker Compose without installing Go locally.
- Start the server:
docker-compose up -d- To compile the latest changes, rebuild the container with:
docker-compose up -d --buildVisit http://localhost:8080 to access the web interface:
- Dashboard: View and manage all your projects
- User Registration/Login: Create account or sign in
- Project Management: Create, edit, and delete projects
- Project Sharing: Share projects with other users and manage permissions
- User Profile: Manage your account information
- Responsive Design: Works on desktop and mobile devices
| Variable | Default | Description |
|---|---|---|
PORT |
8080 |
Server port |
DB_PATH |
coral.db |
SQLite database file path |
JWT_SECRET |
your-secret-key-change-this-in-production |
JWT signing secret |
GIN_MODE |
debug |
Gin mode (debug or release) |
http://localhost:8080/swagger/index.html
After installing swaggo run:
swag inithttp://localhost:8080/api
All protected endpoints require a JWT token in the Authorization header:
Authorization: Bearer <your-jwt-token>
GET /alive- Server health check with database statistics
Public Endpoints:
-
POST /api/users/register- Register a new user{ "username": "johndoe", "email": "john@example.com", "password": "password123" } -
POST /api/users/login- User login{ "username": "johndoe", "password": "password123" }
Protected Endpoints:
GET /api/users/profile- Get current user profilePUT /api/users/profile- Update current user profile{ "username": "newusername", "email": "newemail@example.com" }
Protected Endpoints:
-
POST /api/projects- Create a new project{ "name": "My Project", "description": "Project description" } -
GET /api/projects- Get all projects accessible to the user -
GET /api/projects/:id- Get a specific project -
PUT /api/projects/:id- Update a project (owner only){ "name": "Updated Project Name", "description": "Updated description" } -
DELETE /api/projects/:id- Delete a project (owner only)
Protected Endpoints:
-
POST /api/projects/:id/share- Share project with a user (owner only){ "user_id": 2, "permission_level": "read" } -
PUT /api/projects/:id/share/:userId- Update user permission (owner only){ "permission_level": "write" } -
DELETE /api/projects/:id/share/:userId- Remove user access (owner only) -
GET /api/projects/:id/shares- Get all users with project access -
GET /api/users/search?q=query- Search users to share with
CREATE TABLE users (
id INTEGER PRIMARY KEY AUTOINCREMENT,
username TEXT UNIQUE NOT NULL,
email TEXT UNIQUE NOT NULL,
password_hash TEXT NOT NULL,
created_at DATETIME DEFAULT CURRENT_TIMESTAMP,
updated_at DATETIME DEFAULT CURRENT_TIMESTAMP
);CREATE TABLE projects (
id INTEGER PRIMARY KEY AUTOINCREMENT,
name TEXT NOT NULL,
description TEXT,
owner_id INTEGER NOT NULL,
created_at DATETIME DEFAULT CURRENT_TIMESTAMP,
updated_at DATETIME DEFAULT CURRENT_TIMESTAMP,
FOREIGN KEY (owner_id) REFERENCES users(id) ON DELETE CASCADE,
UNIQUE(owner_id, name)
);CREATE TABLE project_users (
project_id INTEGER NOT NULL,
user_id INTEGER NOT NULL,
permission_level TEXT NOT NULL CHECK(permission_level IN ('read', 'write')),
created_at DATETIME DEFAULT CURRENT_TIMESTAMP,
PRIMARY KEY (project_id, user_id),
FOREIGN KEY (project_id) REFERENCES projects(id) ON DELETE CASCADE,
FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE
);- Password Hashing: Uses bcrypt for secure password storage
- JWT Authentication: Stateless authentication with configurable expiration
- Input Validation: Comprehensive request validation using Gin binding
- SQL Injection Protection: Uses parameterized queries
- CORS Support: Configurable CORS headers for web clients
- Rate Limiting: Can be easily added with middleware
curl -X POST http://localhost:8080/api/users/register \
-H "Content-Type: application/json" \
-d '{
"username": "alice",
"email": "alice@example.com",
"password": "password123"
}'curl -X POST http://localhost:8080/api/users/login \
-H "Content-Type: application/json" \
-d '{
"username": "alice",
"password": "password123"
}'curl -X POST http://localhost:8080/api/projects \
-H "Content-Type: application/json" \
-H "Authorization: Bearer <your-jwt-token>" \
-d '{
"name": "My First Project",
"description": "A sample project"
}'curl -X POST http://localhost:8080/api/projects/1/share \
-H "Content-Type: application/json" \
-H "Authorization: Bearer <your-jwt-token>" \
-d '{
"user_id": 2,
"permission_level": "write"
}'coral-remote-server/
├── main.go # Application entry point
├── go.mod # Go module file
├── go.sum # Go dependencies checksum
├── README.md # This file
├── auth/ # Authentication utilities
│ └── auth.go
├── database/ # Database connection and schema
│ └── database.go
├── handlers/ # HTTP request handlers
│ ├── user_handler.go
│ ├── project_handler.go
│ └── sharing_handler.go
├── middleware/ # HTTP middleware
│ └── middleware.go
├── models/ # Data models and structs
│ └── models.go
└── static/ # Frontend assets
├── css/
│ └── style.css # Main stylesheet
├── js/
│ ├── api.js # API utilities
│ ├── auth.js # Authentication management
│ ├── projects.js # Project management
│ └── sharing.js # Project sharing
└── pages/
├── index.html # Dashboard
├── login.html # Login/Register
├── profile.html # User profile
└── project.html # Project detail
The web frontend is built with vanilla JavaScript and modern CSS:
- Component-based: Modular JavaScript files for different features
- Responsive Design: Mobile-first approach with CSS Grid and Flexbox
- API Integration: RESTful API calls with proper error handling
- State Management: Client-side authentication and data management
- User Experience: Loading states, form validation, and feedback messages
- Security: XSS protection and input sanitization
go test ./...# Set production mode
export GIN_MODE=release
export JWT_SECRET=your-secure-secret-key
# Build the binary
go build -o coral-server .
# Run the server
./coral-serverThis project is licensed under the MIT License.