Learn how to attract and retain top Golang talent with Cerebraix. Discover expert tips for building your dream team. Elevate your projects with the best in the industry.

Definitely this counts as productive night of studies.

I arrived early, grabbed my seat, and dive into another incredible Golang SP event at Microsoft Reactor.

During the event, we discussed the simplicity of error handling in Go, which was practically reinforced by creating a CSV file parser, ensuring that any issues encountered are well identified and handled.

Do You Want Some Cookies?

Doing the project-extrovert is being an interesting challenge. Since the scope of this project shrunk down a lot since the first idea, one of the main things I dropped is the use of a database, mostly to reduce any cost I would have with hosting one. So things like authentication needs to be fully client-side and/or client-stored. However, this is an application that doesn't rely on JavaScript, so how I can store in the client without it? Well, do you want some cookies?

Why Cookies

I never actually used cookies in one of my projects before, mostly because all of them used JavaScript (and a JS framework), so I could just store everything using the Web Storage API (mainly localstorage). But now, everything is server-driven, and any JavaScript that I will add to this project, is to enhance the experience, and shouldn't be necessary to use the application. So the only way to store something in the client, using the server, are Cookies.

TL;DR Of How Cookies Work

A cookie, in some sense or another, is just an HTTP Header that is sent every time the browser/client makes a request to the server. The server sends a Set-Cookie header on the first response, containing the value and optional "rules" for the cookie(s), which then the browser stores locally. After the cookie(s) is stored in the browser, on every subsequent request to the server, a Cookie header will be sent together, which then the server can read the values from.

Pretty much all websites use cookies some way or another, they're one of the first implementations of state/storage on the web, and every browser supports them pretty much. Also, fun note, because it was one of the first ways to know what user is accessing the website, it was also heavy abused by companies to track you on any website, the term "third-party cookie" comes from the fact that a cookie, without the proper rules or browser protection, can be [in summary] read from any server that the current websites calls. So things like advertising networks can set cookies on your browser to know and track your profile on the internet, without you even knowing or acknowledging. Nowadays, there are some regulations, primarily in Europe with the General Data Privacy Regulation (GDPR), that's why nowadays you always see the "We use Cookies" pop-up in websites you visit, which I beg you to actually click "Decline" or "More options" and remove any cookie labeled "Non-essential".

Small Challenges and Workarounds

But returning to the topic, using this simple standard wasn't so easy as I thought. The code itself isn't that difficult, and thankfully Go has an incredible standard library for handling HTTP requests and responses. The most difficult part was working around limitations and some security concerns.

Cookie Limitations

The main limitation that I stumbled was trying to have structured data in a cookie. JSON is pretty much the standard for storing and transferring structured data on the web, so that was my first go-to. However, as you may know, cookies can't use any of these characters: ( ) < > @ , ; : \ " / [ ] ? = { }. And well, when a JSON file looks {"like":"this"}, you can think that using JSON is pretty much impossible. Go's http.SetCookie function automatically strips " from the cookie's value, and the other characters can go in the Set-Cookie header, but can cause problems.

On my first try, I just noticed about the stripping of the " character (and not the other characters), so I needed to find a workaround. And after some thinking, I started to try implementing my own data structure format, I'm learning Go, and this could be an opportunity to also understand how Go's JSON parsing and how mostly struct tags works and try to implement something similar.

My idea was to make something similar to JSON in one way or another, and I ended up with:

Which, for reference, in JSON would be:

This format is something very easy to implement, just using strings.Split does most of the job of extracting the values and strings.Join to "encode" the values back. Yes, this isn't a "production ready" format or anything like that, but it is hacky and just a small fix for small amounts of structured data.

Go's Struct Tags

Go has an interesting and, to be honest, very clever feature called Struct Tags, which are a simple way to add metadata to Structs. They are simple strings that are added to each field and can contain key-value data:

Said metadata can be used by things such the encoding/json package to transform said struct into a JSON object with the correct field names:

Without said tags, the output JSON would be:

This works both for encoding and decoding the data, so the package can correctly map the JSON field "access_token" to the struct field "Token".

And well, these tokens aren't limited or some sort of special syntax, any key-value pair can be added and accessed by the reflect package, something like this:

Learning this feature and the reflect package itself, empowered me to do a very simple encoding and decoding of the format where:

Can be transformed into:

And that's what I did, and the [basic] implementation source code just has 150 lines of code, not counting the test file to be sure it worked. It works, and now I can store structured data in cookies.

Legacy in Less Than 3 Weeks

And today, I found that I can just use url.PathEscape, and it escapes all ( ) < > @ , ; : \ " / [ ] ? = { } characters, so it can be used both in URLs and, surprise, cookie values. Not only that, but something like base64.URLEncoding would also work just fine. You live, and you learn y'know, that's what I love about engineering.

Security Concerns and Refactoring Everything

Another thing that was a limitation and mostly worry about me, is storing access tokens on cookies. A cookie by default isn't that secure, and can be easily accessed by JavaScript and browser extensions, there are ways to block and secure cookies, but even then, you can just open the developer tools of the browser and see them easily. Even though the only way to something malicious end up happening with these tokens are if the actual client end up being compromised, which means the user has bigger problems than just a social media token being leaked, it's better to try preventing these issues nonetheless (and learn something new as always).

The encryption and decryption part isn't so difficult, Go already provides packages for encryption under the crypto module. So I just implemented an encryption that cyphers a string based on a key environment variable, which I will change every month or so to improve security even more.

Doing this encryption on every endpoint would be repetitive, so adding a middleware would be a solution. I already made a small abstraction over the default Go's router (the DefaultMuxServer struct), which I'm going to be honest, wasn't the best abstraction, since it deviated a lot from Go's default HTTP package conventions. This deviation also would difficult the implementation of a generic middleware that I could use in any route or even any function that handles HTTP requests, a refactor was needed. Refactoring made me end up rewriting a lot of code and simplifying a lot of the code from the project. All routes now are structs that implement the http.Handler interface, so I can use them outside the application router and test them if needed; The router ends up being just a helper for having all routes in a struct, instead of multiple mux.HandleFunc calls in a function, and also handles adding middlewares to all routes; Middlewares end up being just a struct that can return a wrapped HandlerFunc function, which the router calls using a custom/wrapped implementation of the http.ResponseWriter interface, so middlewares can actually modify the content and headers of the response. The refactor had 1148 lines added, and 524 removed, and simplified a lot of the code.

For the encryption middleware, it encrypts all cookie values that are set in the Set-Cookie header, and decrypts any incoming cookie. Also, the encrypted result is encoded to base64, so it can safely be set in the Set-Cookie header after being cyphered.

---

And that's what I worked in around these last three days, today being the one where I actually used all this functionality and actually implemented the OAuth2 process, using an interface and a default implementation that I can easily reimplement for some special cases like Mastodon's OAuth process (since the token and OAuth application needs to be created on each instance separately). It's being interesting learning Go and trying to be more effective and implement things the way the language wants. Everything is being very simple nonetheless, just needing to align my mind with the language mostly.

It has been a while since I wrote one of these long posts, and I remembered why, it takes hours to do, but it's worth the work I would say. Unfortunately I can't write these every day, but hopefully they will become more common, so I can log better the process of working on the projects. Also, for the 2 persons that read this blog, give me some feedback! I really would like to know if there's anything I could improve in the writing, anything that ended up being confusing, or even how I could write the image description for the code snippets, I'm not sure how to make them more accessible for screen reader users.

Nevertheless, completing this project will also help to make these post, since the conversion for Markdown to Tumblr's NPF in the web editor sucks ass, and I know I can do it better.

Hire Golang Developers: Elevate Your Software Development

Looking to build robust and high-performance applications? Hire Golang developers who excel in creating efficient, scalable, and reliable solutions. Discover the benefits of using Go, a language designed for concurrency and simplicity, and find the right talent to bring your project to life.

Unlike 99% of human languages, computer languages are designed. Many of them never catch on for real applications. So what makes a computer language successful? Here's one case study...

Making a compiler

Every programmer out there, new or experienced longs for a chance to create their own programming language and compiler. I am no exception. Months ago I decided to fork an old project on github and develop it in my image. The project was a golang-like unfinished compiler, so I dug in and made changes. I changed the language to resemble a subset of rust, go and ocaml. I plan to add a LLVM backend inspired by the tre golang compiler. I will continue working on it until it kinda works. I still have a lot to do. check out the project on the link below. If you want to contribute submit a pull request.

Jellyfish Technologies builds digital products and software. They offer many services like making software looking at data, working with clouds, updating old apps creating AI, and helping with DevOps. They've been around for more than 13 years and have 150+ experts on their team. So far, they've finished over 4000 projects. They work with different types of businesses such as healthcare, fintech, and retail, among others. People know Jellyfish Technologies for doing good work finishing projects on time, and keeping their clients happy. They come up with special solutions using the latest tech to help companies reach their digital goals.

Jellyfish Technologies, a top Golang development company, delivers high-performance, scalable solutions tailored to your business needs. Our expert developers build robust applications with seamless integrations, ensuring efficiency and reliability. Partner with us for cutting-edge Golang development that accelerates innovation and drives long-term success in a competitive digital landscape.

🚀 Supercharge Your Golang + PostgreSQL Performance with PGX!

If you are struggling with slow queries and inefficient connections, PGX is the game-changer you need! ⚡

Hello there!

Any accounts that I could follow to get a #tech feed?

Top Go Frameworks !

Los Mejores Frameworks de Go !

Join our #NewBatch and master #goprogramming! Unlock top skills, build scalable apps, and boost your career. Enroll today and shape your coding future!"

Golang Online New Batch

Join Now: https://meet.goto.com/448961757

Attend Online #NewBatch on #Golang by Mr.kumar

Batch on: 25th November 2024 @ 8:00 PM (IST)

Contact us: +91 9989971070

Blog link: https://visualpathblogs.com/

WhatsApp: https://www.whatsapp.com/catalog/919989971070Visit: https://www.visualpath.in/online-golang-training.html

Does anyone on here have any experience with ebitengine? It seems like such a cool framework and I think Go might be a good language for game development so I'd be curious if anyone has used it and what their thoughts are

“Any application that can be written in JavaScript, will eventually be written in JavaScript.” - Jeff Atwood