x/web-app-template
Archived
Template
2
0
Fork 0
Code Issues 13 Pull Requests 4 Actions Packages Activity
This repository has been archived on 2025-08-09. You can view files and clone it. You cannot open issues or pull requests or push a commit.
187 Commits 12 Branches 0 Tags
de8a5051e7ef3223071b0682d87e33447e4ffe73
Go to file Use this template
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Tim Wundenberg de8a5051e7
Some checks failed
Build Docker Image / Explore-Gitea-Actions (push) Failing after 5s
Details
#109 some work on index.templ
2024-08-22 18:18:37 +02:00
.gitea/workflows
cleanup pipeline
2024-07-31 22:57:32 +02:00
middleware
#109 begin migration
2024-08-21 23:33:06 +02:00
migrations
#109 begin migration
2024-08-21 23:33:06 +02:00
static
#109 begin migration
2024-08-21 23:33:06 +02:00
templates
#109 some work on index.templ
2024-08-22 18:18:37 +02:00
utils
#109 begin migration
2024-08-21 23:33:06 +02:00
view
#109 begin migration
2024-08-21 23:33:06 +02:00
workout
#109 begin migration
2024-08-21 23:33:06 +02:00
.gitignore
#109 begin migration
2024-08-21 23:33:06 +02:00
Dockerfile
#109 begin migration
2024-08-21 23:33:06 +02:00
go.mod
#109 begin migration
2024-08-21 23:33:06 +02:00
go.sum
#109 begin migration
2024-08-21 23:33:06 +02:00
main.go
#109 some work on index.templ
2024-08-22 18:18:37 +02:00
Readme.md
#73 take decision on authentication
2024-08-12 19:16:02 +02:00
renovate.json
Update renovate.json
2024-08-07 08:44:19 +02:00
router.go
#109 begin migration
2024-08-21 23:33:06 +02:00

Readme.md

stackFAST

Your (almost) independent tech stack to host on a VPC.

Features

stackFAST includes everything you need to build your App. Focus yourself on developing your idea, instead of "wasting" time on things like setting up auth and observability. This blueprint tries to include as much as possible, but still keep it simple.

The blueprint contains the following features:

  • Authentication: Users can login, logout, register and reset their password. For increased security TOTP is available aswell.
  • Observability: The stack contains an Grafana+Prometheus instance for basic monitoring. You are able to add alerts and get notified on your phone. For web analytics umami is included, which is an lighweight self hosted alternative to google analytics.
  • Mail: You are able to send mail with SMTP. You still need an external Mail Server, but a guide on how to set that up with a custom domain is included.
  • SSL: This is included by using traefik as reverse proxy. It handles SSL certificates automatically. Furthermore all services are accessible through subdomains. Best thing is, you can add your more with 3 lines of code
  • Actual Stack: SSG SvelteKit + Tailwindcss + DaisyUI + GO Backend for easy and fast feature development

Architecture Design Decisions

Authentication

Authentication is a broad topic. Many people think you should not consider implementing authentication yourself. On the other hand, experts at OWASP don't recommend this in their cheat sheet on that topic. I'm going to explain my criterions and afterwards take a decision.

There are a few restrictions I would like to contain:

  • I want this blueprint do as much as as possible without relying on external services. This way the things needs to be done on other website are very minimal. Furthermore I would like to take back privacy from BigTech.
  • I think most cloud services are overpriced. I want to provide an alternative approach with self holsting. But I don't like the idea to spin up 30 services for a small app with 0 users. It should still be possible to run on a small VPC (2vcpu, 2GB).
  • It should be as secure as possible

As of 2024 there are 4 options:

  • Implement the authentication myself: If I'm holding thight to the cheat sheet, I "should" be able to doge "most" security risks and attacks according to this topic. Unfortanatly I'm not an expert in this field and will do some errors. If people will buy this blueprint, I probably can't sleep well. Especially if real users start using it. At least this has the advantage of not adding adittional services or configuration to the project.
  • Using OAuth2 with Google and Apple: Using OAuth2 is the standard for secure applications. Google and Apple has their experts. They deal with attacks every hour of the day. This has the advantage, that users don't have to create new credentials. The only disatvantage is my personal hate on big tech.
  • Using OAuth2 with Keycloak: Same as above, just that the OAuth2 endpoint is another self hosted service. The only advantage is, it's not proprietary and self hosted. But users are not used to get redirected to a key cloak on sign up. They are used to sign in with Google though. Furthermore Google et. al are protecting themselves against credential stuffing attacks etc.
  • Firebase, Clerk, etc.: Users have to sign up again AND blueprint users have to setup another project.

Even though I would really implement authentication myself, I think OAuth2 with external providers is the best bet. Especially because my reasoning is privacy, which most people just don't care about enough. Using this approach, adding in a keycloak is possible without breaking changes at a later point, as long as I keep the Google Sign In.

Reference in New Issue View Git Blame Copy Permalink
Description
No description provided
https://me-fit.eu
Readme 6.9 MiB
Languages
Go 90.6%
templ 7.9%
Dockerfile 0.8%
JavaScript 0.5%
CSS 0.2%