Version | Skills | Done? |
---|---|---|
v1.1 | Postresq, migration, Testing_enviroments, Sqlc, Git-Workflow | ✅ |
v1.2 | Gin, Viper, Gomock, Postresq, migration, Testing_enviroments, Sqlc, Git-Workflow | ✅ |
v1.3 | Bcrypt, Gin, Viper, Gomock, Postresq, migration, Testing_enviroments, Sqlc, Git-Workflow | ✅ |
v1.4 | Logger, NGINX, Kubernetes, AWS, JQ, Docker, JWT, PASETO, Bcrypt, Gin, Viper, Gomock, Postresq, migration, Testing_enviroments, Sqlc, Git-Workflow | ✅ |
All Details and Studies in wiki
- Kubernetes Cluster 설정
- Set aws-ath.yaml to access AWS-EKS(with granted user)
- Set deployment.yaml to get image from AWS-ECR and run with 2 replica(pod)
- Set issuer.yaml to issue TLS certificate
- get certificate from 'letsencrypt' with domain 'api.hwangbogyumin.com'(free)
- Set ingress.yaml with Nginx ingress controller
- request -> api.hwangbogyumin.com
- api.hwangbogyumin.com -> aws-route-53 my arn
- aws-route-53 my arn -> nginx-ingress address
- nginx-ingress address -> ingress-service(TLS)
- ingress-service ->> server pods(1,2)
- AWS-Route-53에서 Domain 생성 및 Kubernetes Ingress-service pods 연결
- Github action으로 자동 AWS docker image upload
- Set Configure AWS credentials
- Add AWS_ACCESS_KEY_ID, KEY in Github Repositry secrets
- AWS-IAM secrets:AWS_ACCESS_KEY_ID, AWS_ACCESS_KEY
- Launch deploy action
- Get secrets from Git and Access with token
- Login
- build images and Deploy to AWS-ECR ap-northeast-2
- AWS-ECR, AWS-Secrets Manager, AWS-IAM, AWS-RDS 추가
- Secrets Manager로 Paseto의 Payload를 encrypt/decrypt하는 symmetric_key 및 RDS port, RDS root, key 관리
- Set IAM(Identity and Access Management) for safe AWS resource access
- Set ECR(Elastic Container Registry) in ap-northeast-2
- Set RDS(Relational Database Storage) in us-west-1, postgres12
- JQ
- Get RDS informations and etc. from AWS secrets manager
- Transform AWS secrets format into JSON format using JQ
- Based on json data, set app.env with corresponding data
- Dockerfile & Docker-compose 수정
- Set shell script(wait-for-it.sh) to wait until postgres is readyDetail
- As we alpine image, 'apk add bash' needed
- Set shell script(start.sh) to migrate db up
- Edit Dockerfile to add needed files
- migrate, app.env, main(object file), pre-setting shell script(wait-for-it.sh, start.sh)
- Make docker-compose.yaml to specify services name and environment variables
- Token Authentication Middleware 추가
- Set user.go/loginUser for create/verify TOKEN
- Set Route(createAccounts, transferMoney, etc.) Group that need authorization.
- Make authMiddleware for pre-check requests whether they have TOKEN for authorization
- Edit api/server.go
- Before get request, check and verify http header's authorized part.
- If there is a TOKEN that server created, pass request to actual handler.
- If no TOKEN exists, abort session and send response.
- 위의 http통신은 TLS로 encrypt되었음을 가정한다. TLS Details
- TLS가 적용되지 않았으면 TOKEN가 탈취되었을 때, Server에 권한없이 RPC 통신하여 DB 탐색가능.
- Testcase정의
1. User ----- Login --> Server [LoginParams] = username, password
2. User <---- TOKEN --- Server [TOKEN] = chacha20poly1305(nonce, Server's Key, AEAD, Payload{username, duration})
3. User ----- CreateAccount --> Server [Params] = currency, TOKEN
4. User <---- Account's Info --- Server [Account] = verifyToken(Server's Key, TOKEN)
- JWT(JSON Web Token)의 HMAC-SHA256(HS256) algorithm를 통한 payload+header 'Encryption' and 'MAC' 생성
- Set secretKey as random 256 bits(As we use HS256, Key should be 256 bits) Temporary!
- Make CreateToken function(interface)
- ( [HEADER]:'alg:HS256,typ:jwt', [PAYLOAD]:'id:string, name:string, expiredAt:time', [SIGNATURE]:'HMAC([HEADER],[PAYLOAD]).TAG' )
- Make VerifyToken function(interface)
- Check HEADER, SIGNATURE, ...
- Set test enviroments
- case Invalid Header algorithm, MAC failed, Expiration, etc.
- PASETO(Platform-Agnostic Security Tokens)의 chacha20Poly1305 algorithm를 통한 payload+header+nonce 'Encryption' and 'MAC' 생성
- Set secretKey as random 256 bits(As we use chacha20Poly1305, Key should be 256 bits) Temporary!
- Make CreateToken function(interface)
- Make VerifyToken function(interface)
- Set test env.
- User password의 Testcases 정의
- Set api/user_test.go TestCreateUserAPI test function
- cases: "OK", "InternalError", "DuplicateUsername", "InvalidUsername", "InvalidEmail", "TooShortPassword"
- Set Custom reply matcher(gomock)
- Bcrypt로 사용자 PW 저장(Blowfish encryption algorithm)(Detail)
- Set util/password.go using bcrypt which can randomly generate cost, salt to get hashed password with params
- Set util/password_test.go for testing
- Make api/user.go to set createUser handler
- Set routes("/user") for request from clients
- Gin으로 RPC 통신 추가 (Details)
- Set router, routes
- Set various handler
- Get http request
- Use custom validator to check if it is a valid request.
- Binding JSON to STRUCT(request)
- Access Local Database -> Execute transactions -> Get results(all process can handle with error)
- Response
- Viper으로 configuration 자동설정 (Details)
- Set /app.env
- Set /util/config.go
- import configurations in /main.go
- Gomock으로 서비스 레이어의 테스트에서 DB 의존성을 제거 (Details)
- Use sqlc interface with all query functions to interface
- Edit /.bash_profile for PATH to go/bin(to using mockgen)
- Execute mockgen to generate mock functions
- Set APIs for testing(TestGetAccountAPI)
- go test -run "function name" -v(detaily describe) -cover(coverage) 명령어는 Makefile에 정의 Work in VScode and Extensions below
- Go Coverage Viewer
- Go Extension Pack
- Go Test Explorer
- Git Extension Pack