x/web-app-template
Archived
Template
2
0
Fork 0
Code Issues 13 Pull Requests 4 Actions Packages Activity
This repository has been archived on 2025-08-09. You can view files and clone it. You cannot open issues or pull requests or push a commit.
280 Commits 12 Branches 0 Tags
bddcfc6778237aad4e1e016ec6c1804c638e1b03
Go to file Use this template
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Tim Wundenberg bddcfc6778
All checks were successful
Build Docker Image / Explore-Gitea-Actions (push) Successful in 48s
Details
chore: parametrize db path #181
2024-10-02 10:41:16 +02:00
.gitea/workflows
Update .gitea/workflows/buildAndPush.yaml
2024-09-16 11:30:00 +02:00
db
chore: update error names
2024-09-29 00:11:30 +02:00
handler
chore: parametrize db path #181
2024-10-02 10:41:16 +02:00
middleware
fix: restructure env handling for better testing capabillities #181
2024-09-29 23:55:47 +02:00
migration
fix: only use umami in prod and remove UNIQUE modifier
2024-09-12 18:08:10 +02:00
service
fix: restructure env handling for better testing capabillities #181
2024-09-29 23:55:47 +02:00
static
feat: added notification system with toasts #160
2024-09-11 15:06:04 +02:00
template
fix: restructure env handling for better testing capabillities #181
2024-09-29 23:55:47 +02:00
types
chore: parametrize db path #181
2024-10-02 10:41:16 +02:00
utils
fix: restructure env handling for better testing capabillities #181
2024-09-29 23:55:47 +02:00
.air.toml
chore: update air config
2024-09-29 23:11:57 +02:00
.gitignore
#109 switch svelte to SSR with go
2024-08-24 22:08:58 +02:00
Dockerfile
chore(deps): update node.js to 69e667a
2024-09-28 22:15:32 +00:00
go.mod
fix(deps): update module github.com/prometheus/client_golang to v1.20.4
2024-09-17 08:58:54 +00:00
go.sum
fix(deps): update module github.com/prometheus/client_golang to v1.20.4
2024-09-17 13:52:22 +02:00
main.go
chore: parametrize db path #181
2024-10-02 10:41:16 +02:00
package-lock.json
chore(deps): update dependency tailwindcss to v3.4.13
2024-09-24 15:24:05 +00:00
package.json
chore(deps): update dependency tailwindcss to v3.4.13
2024-09-24 15:24:05 +00:00
Readme.md
feat(mail): #132 unify env variables and send mails with smtp
2024-09-06 19:09:25 +02:00
renovate.json
Add renovate.json
2024-09-30 21:17:21 +00:00
tailwind.config.js
feat: added notification system with toasts #160
2024-09-11 15:06:04 +02:00

Readme.md

stackFAST

Your (almost) independent tech stack to host on a VPC.

Features

stackFAST includes everything you need to build your App. Focus yourself on developing your idea, instead of "wasting" time on things like setting up auth and observability. This blueprint tries to include as much as possible, but still keep it simple.

The blueprint contains the following features:

  • Authentication: Users can login, logout, register and reset their password. For increased security TOTP is available aswell.
  • Observability: The stack contains an Grafana+Prometheus instance for basic monitoring. You are able to add alerts and get notified on your phone. For web analytics umami is included, which is an lighweight self hosted alternative to google analytics.
  • Mail: You are able to send mail with SMTP. You still need an external Mail Server, but a guide on how to set that up with a custom domain is included.
  • SSL: This is included by using traefik as reverse proxy. It handles SSL certificates automatically. Furthermore all services are accessible through subdomains. Best thing is, you can add your more with 3 lines of code
  • Actual Stack: SSG SvelteKit + Tailwindcss + DaisyUI + GO Backend for easy and fast feature development

Architecture Design Decisions

Authentication

Authentication is a broad topic. Many people think you should not consider implementing authentication yourself. On the other hand, experts at OWASP don't recommend this in their cheat sheet on that topic. I'm going to explain my criterions and afterwards take a decision.

There are a few restrictions I would like to contain:

  • I want this blueprint do as much as as possible without relying on external services. This way the things needs to be done on other website are very minimal. Furthermore I would like to take back privacy from BigTech.
  • I think most cloud services are overpriced. I want to provide an alternative approach with self holsting. But I don't like the idea to spin up 30 services for a small app with 0 users. It should still be possible to run on a small VPC (2vcpu, 2GB).
  • It should be as secure as possible

As of 2024 there are 4 options:

  • Implement the authentication myself: If I'm holding thight to the cheat sheet, I "should" be able to doge "most" security risks and attacks according to this topic. Unfortanatly I'm not an expert in this field and will do some errors. If people will buy this blueprint, I probably can't sleep well. Especially if real users start using it. At least this has the advantage of not adding adittional services or configuration to the project.
  • Using OAuth2 with Google and Apple: Using OAuth2 is the standard for secure applications. Google and Apple has their experts. They deal with attacks every hour of the day. This has the advantage, that users don't have to create new credentials. The only disatvantage is my personal hate on big tech.
  • Using OAuth2 with Keycloak: Same as above, just that the OAuth2 endpoint is another self hosted service. The only advantage is, it's not proprietary and self hosted. But users are not used to get redirected to a key cloak on sign up. They are used to sign in with Google though. Furthermore Google et. al are protecting themselves against credential stuffing attacks etc.
  • Firebase, Clerk, etc.: Users have to sign up again AND blueprint users have to setup another project.

Even though I would really implement authentication myself, I think OAuth2 with external providers is the best bet. Especially because my reasoning is privacy, which most people just don't care about enough. Using this approach, adding in a keycloak is possible without breaking changes at a later point, as long as I keep the Google Sign In.

Email

For Email verification, etc. a mail server is needed, that can send a whole lot of mails. Aditionally, a mail account is needed for incoming mails. I thought about self hosting, but unfortunatly this is a hastle to maintain. Not only you have to setup a mail server, which is not as easy as it sounds, you also have to "register" your mail server for diffrent providers. Otherwise you are not able to send and receive emails. Thus, the first external service is needed.

In order to not vendor lock in, I decided to use an SMTP relay in favor of a vendor specific API. You are free to choose a transactional mail provider. I chose brevo.com. They have a generous free tier of 300 mails per day. You can either upgrade to a monthly plan 10$ for 20k mails or buy credits for 30$ for 5k mails. Most provider provide 100 mails / day for free.

Reference in New Issue View Git Blame Copy Permalink
Description
No description provided
https://me-fit.eu
Readme 6.9 MiB
Languages
Go 90.6%
templ 7.9%
Dockerfile 0.8%
JavaScript 0.5%
CSS 0.2%