HTTPS REST API for managing students, teachers, and executives (execs), with JWT cookie auth and a set of security/performance middlewares.
- Go: module
project-api(seego.mod) - Database: MySQL (
github.com/go-sql-driver/mysql) - Auth: JWT (cookie name:
JWT) - Server: HTTPS via
ListenAndServeTLS
GET /studentsPOST /studentsPUT /studentsPATCH /studentsDELETE /studentsGET /students/{id}PUT /students/{id}PATCH /students/{id}DELETE /students/{id}
GET /teachersPOST /teachersPUT /teachersPATCH /teachersDELETE /teachersGET /teachers/{id}PUT /teachers/{id}PATCH /teachers/{id}DELETE /teachers/{id}GET /teachers/{id}/students
GET /execsPOST /execsPATCH /execsGET /execs/{id}PATCH /execs/{id}DELETE /execs/{id}POST /execs/{id}/updatepasswordPOST /execs/login(public)POST /execs/logoutPOST /execs/forgotpassword(public)POST /execs/resetpassword/reset/{resetcode}(public)
The server reads configuration from environment variables (loaded from an embedded .env in cmd/api/.env during development).
DB_USER: MySQL usernameDB_PASS: MySQL passwordDB_NAME: database nameHOST: database host (example:127.0.0.1)DB_PORT: database port (example::3306)
SERVER_PORT: server listen address (example::3000)CERT_FILE: path to TLS certificate PEMKEY_FILE: path to TLS private key PEM
JWT_SECRET: HMAC secret for signing JWTsJWT_EXPIRY: Go duration string (examples:15m,24h,3000s)RESET_CODE_EXPIRY: Go duration string (example:300s)
-
Make sure MySQL is running and the target database exists.
-
Update
cmd/api/.envwith your local values (do not commit real secrets). -
Run:
go run ./cmd/apiThe server starts on SERVER_PORT and serves HTTPS.
This repo includes a multi-stage Dockerfile that builds a small runtime image.
docker build -t project-api .Mount TLS files and pass config via env vars:
docker run --rm -p 3000:3000 \
-e SERVER_PORT=":3000" \
-e CERT_FILE="/run/tls/cert.pem" \
-e KEY_FILE="/run/tls/key.pem" \
-e DB_USER="root" \
-e DB_PASS="your_password" \
-e DB_NAME="school" \
-e HOST="host.docker.internal" \
-e DB_PORT=":3306" \
-e JWT_SECRET="change_me" \
-e JWT_EXPIRY="15m" \
-e RESET_CODE_EXPIRY="300s" \
-v "$PWD/cmd/api/cert.pem:/run/tls/cert.pem:ro" \
-v "$PWD/cmd/api/key.pem:/run/tls/key.pem:ro" \
project-apiNotes:
- The server is HTTPS-only, so use
https://localhost:3000. - With a self-signed cert, clients must trust the cert or skip verification for local testing.
- Protected routes expect a
JWTcookie. - The following routes are intentionally excluded from JWT middleware:
POST /execs/loginPOST /execs/forgotpasswordPOST /execs/resetpassword/reset/{resetcode}