go/todo-api
1
0
Fork 0
Code Issues Pull Requests Packages Releases Activity

feat(todo-api): add full-stack POC demonstrating micro-lib v0.9.0

Browse Source 
Runnable REST API exercising every micro-lib tier in a containerless setup: N-layer architecture, SQLite persistence, header-based auth simulating Firebase output, and bit-mask RBAC enforcement.

What's included:
- cmd/todo-api: minimal main delegating to application.Run
- internal/application: full object graph wiring — launcher, sqlite, httpserver, httpmw stack, routes in BeforeStart
- internal/domain: User entity, ResourceTodos constant, PermReadTodo/PermWriteTodo bit positions
- internal/repository: TodoRepository, UserRepository, DBPermissionProvider (SQLite via modernc)
- internal/service: TodoService, UserService with interface-based dependencies
- internal/handler: TodoHandler, UserHandler using httputil adapters and valid for input validation
- internal/middleware: Auth (X-User-ID → rbac.Identity) and Require (bit-mask permission gate)
- logAdapter: bridges logz.Logger.With return type to httpmw.Logger interface
- SQLite schema: users, user_role (bitmask), todos; migrations run in BeforeStart
- Routes: POST /users (open), GET+POST /todos (RBAC), GET /users (RBAC)

Tested-via: todo-api POC integration
Reviewed-against: docs/adr/
This commit is contained in:
Rene Nochebuena
2026-03-19 13:55:08 +00:00
commit 3fcba82448
23 changed files with 1143 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

65
internal/service/user_service.go Normal file
View File

@@ -0,0 +1,65 @@
package service
import (
"context"
"code.nochebuena.dev/go/rbac"
"code.nochebuena.dev/go/todo-api/internal/domain"
"code.nochebuena.dev/go/todo-api/internal/repository"
)
// CreateUserRequest is the input for creating a new user.
// CanRead / CanWrite seed the permission bits for the todos resource immediately.
type CreateUserRequest struct {
Name string `json:"name" validate:"required,min=1,max=100"`
Email string `json:"email" validate:"required,email"`
CanRead bool `json:"can_read"`
CanWrite bool `json:"can_write"`
}
// UserService handles user business logic.
type UserService interface {
FindAll(ctx context.Context) ([]domain.User, error)
Create(ctx context.Context, req CreateUserRequest) (domain.User, error)
}
type userService struct {
repo repository.UserRepository
idGen func() string
}
// NewUserService returns a UserService. idGen is called to mint new user IDs (e.g. uuid.NewString).
func NewUserService(repo repository.UserRepository, idGen func() string) UserService {
return &userService{repo: repo, idGen: idGen}
}
func (s *userService) FindAll(ctx context.Context) ([]domain.User, error) {
return s.repo.FindAll(ctx)
}
func (s *userService) Create(ctx context.Context, req CreateUserRequest) (domain.User, error) {
user, err := s.repo.Create(ctx, domain.User{
ID: s.idGen(),
Name: req.Name,
Email: req.Email,
})
if err != nil {
return domain.User{}, err
}
// Build and persist permission mask from the request flags.
var mask rbac.PermissionMask
if req.CanRead {
mask = mask.Grant(domain.PermReadTodo)
}
if req.CanWrite {
mask = mask.Grant(domain.PermWriteTodo)
}
if mask != 0 {
if err := s.repo.SetPermissions(ctx, user.ID, domain.ResourceTodos, mask); err != nil {
return domain.User{}, err
}
}
return user, nil
}