.gitea/workflows/build.yaml

@@ -11,5 +11,5 @@ jobs:
     steps:
       - name: Check out repository code
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
-      - run: docker build . -t me-fit-test
+      - run: docker build . -t web-app-template-test
-      - run: docker rmi me-fit-test
+      - run: docker rmi web-app-template-test

.gitea/workflows/buildAndPush.yaml

@@ -11,8 +11,8 @@ jobs:
       - name: Check out repository code
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
       - run: docker login git.wundenbergs.de -u tim -p ${{ secrets.DOCKER_GITEA_TOKEN }}
-      - run: docker build . -t git.wundenbergs.de/x/me-fit:latest -t git.wundenbergs.de/x/me-fit:$GITHUB_SHA
+      - run: docker build . -t git.wundenbergs.de/x/web-app-template:latest -t git.wundenbergs.de/x/web-app-template:$GITHUB_SHA
-      - run: docker push git.wundenbergs.de/x/me-fit:latest
+      - run: docker push git.wundenbergs.de/x/web-app-template:latest
-      - run: docker push git.wundenbergs.de/x/me-fit:$GITHUB_SHA
+      - run: docker push git.wundenbergs.de/x/web-app-template:$GITHUB_SHA
-      - run: docker rmi git.wundenbergs.de/x/me-fit:latest git.wundenbergs.de/x/me-fit:$GITHUB_SHA
+      - run: docker rmi git.wundenbergs.de/x/web-app-template:latest git.wundenbergs.de/x/web-app-template:$GITHUB_SHA
 

.mockery.yaml

@@ -3,11 +3,11 @@ dir: mocks/
 outpkg: mocks
 issue-845-fix: True
 packages:
-  me-fit/service:
+  web-app-template/service:
     interfaces:
       Random:
       Clock:
       Mail:
-  me-fit/db:
+  web-app-template/db:
     interfaces:
       Auth:

Dockerfile

@@ -1,5 +1,5 @@
 FROM golang:1.23.4@sha256:7ea4c9dcb2b97ff8ee80a67db3d44f98c8ffa0d191399197007d8459c1453041 AS builder_go
-WORKDIR /me-fit
+WORKDIR /web-app-template
 RUN curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin v1.62.2
 RUN go install github.com/a-h/templ/cmd/templ@latest
 RUN go install github.com/vektra/mockery/v2@latest
@@ -10,11 +10,11 @@ RUN templ generate
 RUN mockery --log-level warn
 RUN go test ./...
 RUN golangci-lint run ./...
-RUN go build -o /me-fit/me-fit .
+RUN go build -o /web-app-template/web-app-template .
 
 
 FROM node:22.12.0@sha256:0e910f435308c36ea60b4cfd7b80208044d77a074d16b768a81901ce938a62dc AS builder_node
-WORKDIR /me-fit
+WORKDIR /web-app-template
 COPY package.json package-lock.json ./
 RUN npm clean-install
 COPY . ./
@@ -22,11 +22,11 @@ RUN npm run build
 
 
 FROM debian:12.8@sha256:b877a1a3fdf02469440f1768cf69c9771338a875b7add5e80c45b756c92ac20a
-WORKDIR /me-fit
+WORKDIR /web-app-template
 RUN apt-get update && apt-get install -y ca-certificates && echo "" > .env
 COPY migration ./migration
-COPY --from=builder_go /me-fit/me-fit ./me-fit
+COPY --from=builder_go /web-app-template/web-app-template ./web-app-template
-COPY --from=builder_node /me-fit/static ./static
+COPY --from=builder_node /web-app-template/static ./static
 EXPOSE 8080
-ENTRYPOINT ["/me-fit/me-fit"]
+ENTRYPOINT ["/web-app-template/web-app-template"]
 

Readme.md

@@ -1,44 +1,98 @@
 
-# stackFAST
+# Web-App-Template
 
-Your (almost) independent tech stack to host on a VPC.
+A basic template with authentication to easily host on a VPC.
 
 ## Features
 
-stackFAST includes everything you need to build your App. Focus yourself on developing your idea, instead of "wasting" time on things like setting up auth and observability. This blueprint tries to include as much as possible, but still keep it simple.
+This template includes everything essential to build an app. It includes the following features:
 
-The blueprint contains the following features:
 - Authentication: Users can login, logout, register and reset their password. For increased security TOTP is available aswell.
 - Observability: The stack contains an Grafana+Prometheus instance for basic monitoring. You are able to add alerts and get notified on your phone. 
 - Mail: You are able to send mail with SMTP. You still need an external Mail Server, but a guide on how to set that up with a custom domain is included.
 - SSL: This is included by using traefik as reverse proxy. It handles SSL certificates automatically. Furthermore all services are accessible through subdomains. Best thing is, you can add your more with 3 lines of code
-- Actual Stack: SSG SvelteKit + Tailwindcss + DaisyUI + GO Backend for easy and fast feature development
+- Actual Stack: Tailwindcss + HTMX + DaisyUI + GO Backend with templ and sqlite
 
 
 ## Architecture Design Decisions
 
 ### Authentication
 
-Authentication is a broad topic. Many people think you should not consider implementing authentication yourself. On the other hand, experts at OWASP don't recommend this in their cheat sheet on that topic. I'm going to explain my criterions and afterwards take a decision.
+Authentication is a broad topic. Many people think you should not consider implementing authentication yourself. On the other hand, If only security experts are allowed to write software, what does that result in? I'm going to explain my criterions and afterwards take a decision.
 
 There are a few restrictions I would like to contain:
-- I want this blueprint do as much as as possible without relying on external services. This way the things needs to be done on other website are very minimal. Furthermore I would like to take back privacy from BigTech.
+- I want this template do as much as as possible without relying on external services. This way the setup cost and dependencies can be minimized.
-- I think most cloud services are overpriced. I want to provide an alternative approach with self holsting. But I don't like the idea to spin up 30 services for a small app with 0 users. It should still be possible to run on a small VPC (2vcpu, 2GB).
+- It should still be possible to run on a small VPC (2vcpu, 2GB).
 - It should be as secure as possible
 
-As of 2024 there are 4 options:
+I determined 4 options:
-- Implement the authentication myself: If I'm holding thight to the cheat sheet, I "should" be able to doge "most" security risks and attacks according to this topic. Unfortanatly I'm not an expert in this field and will do some errors. If people will buy this blueprint, I probably can't sleep well. Especially if real users start using it. At least this has the advantage of not adding adittional services or configuration to the project.
+1. Implement the authentication myself
-- Using OAuth2 with Google and Apple: Using OAuth2 is the standard for secure applications. Google and Apple has their experts. They deal with attacks every hour of the day. This has the advantage, that users don't have to create new credentials. The only disatvantage is my personal hate on big tech.
+2. Using OAuth2 with Keycloak
-- Using OAuth2 with Keycloak: Same as above, just that the OAuth2 endpoint is another self hosted service. The only advantage is, it's not proprietary and self hosted. But users are not used to get redirected to a key cloak on sign up. They are used to sign in with Google though. Furthermore Google et. al are protecting themselves against credential stuffing attacks etc.
+3. Using OAuth2 with Google and Apple
-- Firebase, Clerk, etc.: Users have to sign up again AND blueprint users have to setup another project.
+4. Firebase, Clerk, etc.
 
-Even though I would really implement authentication myself, I think OAuth2 with external providers is the best bet. Especially because my reasoning is privacy, which most people just don't care about enough. Using this approach, adding in a keycloak is possible without breaking changes at a later point, as long as I keep the Google Sign In.
+
+#### 1. Implement the authentication myself 
+
+It's always possible to implement it myself. The topic of authentication is something special though.
+
+Pros:
+    - Great Cheat cheets from OWASP
+    - No adittional configuration or services needed
+    - Great learning experience on the topic "security"
+Cons: 
+    - Great attack vector
+    - Introcution of vlunerabillities is possible
+    - No DDOS protection
+
+#### 2. Using OAuth2 with Google and Apple
+
+Instead of implementing authentication from scratch, an external OAuth2 provider is embedded into the application.
+
+Pros:
+    - The Systems of BigTech are probably safer. They have security experts employed.
+    - The other external system needs to prevent credential stuffing attacks, etc.
+    - Users don't have to create new credentials
+Cons:
+    - High dependency on those providers
+    - Single Point of failure (If your account is banned, your application access get's lost as well)
+    - It's possible that these providers ban the whole application
+    - There still needs to be implemented some logic server side
+    - Full application integration can be difficult
+
+#### 3. Using OAuth2 with Keycloak 
+
+This option is almost identical with the previois one, but the provider is self hosted.
+
+Pros:
+    - Indipendent from 3rd party providers
+    - The credentials are stored safly
+Cons:
+    - Self hosted (no DDOS protection, etc.)
+    - There still needs to be implemented some logic server side
+    - Full application integration can be difficult
+
+
+#### 4. Firebase, Clerk, etc.
+
+Users can sign in with a seperate sdk on your website 
+
+Pros:
+    - Safe and Sound authentication
+Cons:
+    - Dependent on those providers / adittional setup needed
+    - Application can be banned
+    - Still some integration code needed
+
+#### Decision
+
+I've decided on implementing authentication myself, as this is a great learning opportunity. It may not be as secure as other solutions, but if I keep tighly to the OWASP recommendations, it should should good enough.
 
 
 ### Email
 
-For Email verification, etc. a mail server is needed, that can send a whole lot of mails. Aditionally, a mail account is needed for incoming mails. I thought about self hosting, but unfortunatly this is a hastle to maintain. Not only you have to setup a mail server, which is not as easy as it sounds, you also have to "register" your mail server for diffrent providers. Otherwise you are not able to send and receive emails. Thus, the first external service is needed.
+For Email verification, etc. a mail server is needed, that can send a whole lot of mails. Aditionally, a mail account is needed for incoming emails. I thought about self hosting, but unfortunatly this is a hastle to maintain. Not only you have to setup a mail server, which is not as easy as it sounds, you also have to "register" your mail server for diffrent providers. Otherwise you are not able to send and receive emails.
 
-In order to not vendor lock in, I decided to use an SMTP relay in favor of a vendor specific API. You are free to choose a transactional mail provider. I chose brevo.com. They have a generous free tier of 300 mails per day. You can either upgrade to a monthly plan 10$ for 20k mails or buy credits for 30$ for 5k mails. Most provider provide 100 mails / day for free.
+In order to not vendor lock in, I decided to use an SMTP relay in favor of a vendor specific API. I chose brevo.com. They have a generous free tier of 300 mails per day. You can either upgrade to a monthly plan 10$ for 20k mails or buy credits for 30$ for 5k mails.
 
 

db/auth.go

@@ -1,8 +1,8 @@
 package db
 
 import (
-	"me-fit/log"
+	"web-app-template/log"
-	"me-fit/types"
+	"web-app-template/types"
 
 	"database/sql"
 	"errors"

db/auth_test.go

@@ -2,7 +2,7 @@ package db
 
 import (
 	"database/sql"
-	"me-fit/types"
+	"web-app-template/types"
 	"testing"
 	"time"
 

db/default.go

@@ -1,8 +1,8 @@
 package db
 
 import (
-	"me-fit/log"
+	"web-app-template/log"
-	"me-fit/types"
+	"web-app-template/types"
 
 	"database/sql"
 	"errors"

db/workout.go

@@ -1,8 +1,8 @@
 package db
 
 import (
-	"me-fit/log"
+	"web-app-template/log"
-	"me-fit/types"
+	"web-app-template/types"
 
 	"database/sql"
 	"errors"

go.mod

@@ -1,4 +1,4 @@
-module me-fit
+module web-app-template
 
 go 1.22.5
 

handler/auth.go

@@ -1,12 +1,12 @@
 package handler
 
 import (
-	"me-fit/handler/middleware"
+	"web-app-template/handler/middleware"
-	"me-fit/log"
+	"web-app-template/log"
-	"me-fit/service"
+	"web-app-template/service"
-	"me-fit/template/auth"
+	"web-app-template/template/auth"
-	"me-fit/types"
+	"web-app-template/types"
-	"me-fit/utils"
+	"web-app-template/utils"
 
 	"errors"
 	"net/http"

handler/index_and_404.go

@@ -1,9 +1,9 @@
 package handler
 
 import (
-	"me-fit/handler/middleware"
+	"web-app-template/handler/middleware"
-	"me-fit/service"
+	"web-app-template/service"
-	"me-fit/template"
+	"web-app-template/template"
 
 	"net/http"
 

handler/middleware/authenticate.go

@@ -4,8 +4,8 @@ import (
 	"context"
 	"net/http"
 
-	"me-fit/service"
+	"web-app-template/service"
-	"me-fit/types"
+	"web-app-template/types"
 )
 
 type ContextKey string

handler/middleware/cross_site_request_forgery.go

@@ -5,10 +5,10 @@ import (
 	"net/http"
 	"strings"
 
-	"me-fit/log"
+	"web-app-template/log"
-	"me-fit/service"
+	"web-app-template/service"
-	"me-fit/types"
+	"web-app-template/types"
-	"me-fit/utils"
+	"web-app-template/utils"
 )
 
 type csrfResponseWriter struct {

handler/middleware/logger.go

@@ -5,7 +5,7 @@ import (
 	"strconv"
 	"time"
 
-	"me-fit/log"
+	"web-app-template/log"
 
 	"github.com/prometheus/client_golang/prometheus"
 	"github.com/prometheus/client_golang/prometheus/promauto"

handler/middleware/security_headers.go

@@ -3,7 +3,7 @@ package middleware
 import (
 	"net/http"
 
-	"me-fit/types"
+	"web-app-template/types"
 )
 
 func SecurityHeaders(serverSettings *types.Settings) func(http.Handler) http.Handler {

handler/render.go

@@ -1,10 +1,10 @@
 package handler
 
 import (
-	"me-fit/log"
+	"web-app-template/log"
-	"me-fit/template"
+	"web-app-template/template"
-	"me-fit/template/auth"
+	"web-app-template/template/auth"
-	"me-fit/types"
+	"web-app-template/types"
 
 	"net/http"
 

handler/workout.go

@@ -1,10 +1,10 @@
 package handler
 
 import (
-	"me-fit/handler/middleware"
+	"web-app-template/handler/middleware"
-	"me-fit/service"
+	"web-app-template/service"
-	"me-fit/template/workout"
+	"web-app-template/template/workout"
-	"me-fit/utils"
+	"web-app-template/utils"
 
 	"net/http"
 	"strconv"

main.go

@@ -1,12 +1,12 @@
 package main
 
 import (
-	"me-fit/db"
+	"web-app-template/db"
-	"me-fit/handler"
+	"web-app-template/handler"
-	"me-fit/handler/middleware"
+	"web-app-template/handler/middleware"
-	"me-fit/log"
+	"web-app-template/log"
-	"me-fit/service"
+	"web-app-template/service"
-	"me-fit/types"
+	"web-app-template/types"
 
 	"context"
 	"database/sql"

main_test.go

@@ -11,8 +11,8 @@ import (
 	"testing"
 	"time"
 
-	"me-fit/service"
+	"web-app-template/service"
-	"me-fit/types"
+	"web-app-template/types"
 
 	"github.com/google/uuid"
 	"github.com/stretchr/testify/assert"

package-lock.json

@@ -1,11 +1,11 @@
 {
-  "name": "me-fit",
+  "name": "web-app-template",
   "version": "1.0.0",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
-      "name": "me-fit",
+      "name": "web-app-template",
       "version": "1.0.0",
       "license": "ISC",
       "devDependencies": {

package.json

@@ -1,5 +1,5 @@
 {
-  "name": "me-fit",
+  "name": "web-app-template",
   "version": "1.0.0",
   "description": "Your (almost) independent tech stack to host on a VPC.",
   "main": "index.js",

service/auth.go

@@ -8,10 +8,10 @@ import (
 	"strings"
 	"time"
 
-	"me-fit/db"
+	"web-app-template/db"
-	"me-fit/log"
+	"web-app-template/log"
-	mailTemplate "me-fit/template/mail"
+	mailTemplate "web-app-template/template/mail"
-	"me-fit/types"
+	"web-app-template/types"
 
 	"github.com/google/uuid"
 	"golang.org/x/crypto/argon2"
@@ -249,7 +249,7 @@ func (service AuthImpl) SendVerificationMail(userId uuid.UUID, email string) {
 		return
 	}
 
-	service.mail.SendMail(email, "Welcome to ME-FIT", w.String())
+	service.mail.SendMail(email, "Welcome to web-app-template", w.String())
 }
 
 func (service AuthImpl) VerifyUserEmail(tokenStr string) error {

service/auth_test.go

@@ -1,9 +1,9 @@
 package service
 
 import (
-	"me-fit/db"
+	"web-app-template/db"
-	"me-fit/mocks"
+	"web-app-template/mocks"
-	"me-fit/types"
+	"web-app-template/types"
 
 	"strings"
 	"testing"
@@ -127,7 +127,7 @@ func TestSendVerificationMail(t *testing.T) {
 
 		mockAuthDb.EXPECT().GetTokensByUserIdAndType(userId, types.TokenTypeEmailVerify).Return(tokens, nil)
 
-		mockMail.EXPECT().SendMail(email, "Welcome to ME-FIT", mock.MatchedBy(func(message string) bool {
+		mockMail.EXPECT().SendMail(email, "Welcome to web-app-template", mock.MatchedBy(func(message string) bool {
 			return strings.Contains(message, token.Token)
 		})).Return()
 

service/mail.go

@@ -1,8 +1,8 @@
 package service
 
 import (
-	"me-fit/log"
+	"web-app-template/log"
-	"me-fit/types"
+	"web-app-template/types"
 
 	"fmt"
 	"net/smtp"

service/random_generator.go

@@ -1,8 +1,8 @@
 package service
 
 import (
-	"me-fit/log"
+	"web-app-template/log"
-	"me-fit/types"
+	"web-app-template/types"
 
 	"crypto/rand"
 	"encoding/base64"

service/workout.go

@@ -1,8 +1,8 @@
 package service
 
 import (
-	"me-fit/db"
+	"web-app-template/db"
-	"me-fit/types"
+	"web-app-template/types"
 
 	"errors"
 	"strconv"

template/index.templ

@@ -1,16 +1,16 @@
 package template
 
 templ Index() {
-	<div class="hero bg-base-200 h-full">
+<div class="hero bg-base-200 h-full">
-		<div class="hero-content text-center">
+	<div class="hero-content text-center">
-			<div class="max-w-md">
+		<div class="max-w-md">
-				<h1 class="text-5xl font-bold">Next Level Workout Tracker</h1>
+			<h1 class="text-5xl font-bold">Next Level Workout Tracker</h1>
-				<p class="py-6">
+			<p class="py-6">
-					Ever wanted to track your workouts and see your progress over time? ME-FIT is the perfect
+				Ever wanted to track your workouts and see your progress over time? web-app-template is the perfect
-					solution for you.
+				solution for you.
-				</p>
+			</p>
-				<a href="/workout" class="btn btn-primary">Get Started</a>
+			<a href="/workout" class="btn btn-primary">Get Started</a>
-			</div>
 		</div>
 	</div>
+</div>
 }

template/layout.templ

@@ -6,7 +6,7 @@ templ Layout(slot templ.Component, user templ.Component) {
 
 <head>
 	<meta charset="utf-8" />
-	<title>ME-FIT</title>
+	<title>web-app-template</title>
 	<link rel="icon" href="/static/favicon.svg" />
 	<link rel="stylesheet" href="/static/css/tailwind.css" />
 	<meta name="viewport" content="width=device-width, initial-scale=1" />
@@ -23,8 +23,8 @@ templ Layout(slot templ.Component, user templ.Component) {
 	<div class="h-screen flex flex-col">
 		<div class="flex justify-end items-center gap-2 py-1 px-2 h-12 md:gap-10 md:px-10 md:py-2 shadow">
 			<a href="/" class="flex-1 flex gap-2">
-				<img src="/static/favicon.svg" alt="ME-FIT logo" />
+				<img src="/static/favicon.svg" alt="web-app-template logo" />
-				<span>ME-FIT</span>
+				<span>web-app-template</span>
 			</a>
 			@user
 		</div>

types/settings.go

@@ -1,7 +1,7 @@
 package types
 
 import (
-	"me-fit/log"
+	"web-app-template/log"
 )
 
 type Settings struct {

utils/http.go

@@ -5,7 +5,7 @@ import (
 	"net/http"
 	"time"
 
-	"me-fit/log"
+	"web-app-template/log"
 )
 
 func TriggerToast(w http.ResponseWriter, r *http.Request, class string, message string, statusCode int) {