README
¶
-
User Registration
Basic Registration: Allow users to register with their email, password, and personal information. OTP Verification: Send a One-Time Password (OTP) to the user's email or phone to verify their identity during registration. Social Media Login: Allow users to sign up using social accounts like Google, Facebook, or Twitter for easier onboarding.
-
Login & Authentication
Username/Password Login: Standard login with email and password. Token-Based Authentication: Use JSON Web Tokens (JWT) to authenticate and manage user sessions securely. Multi-Factor Authentication (MFA): Provide an option to enable MFA to improve account security by requiring an additional verification step.
-
Password Management
Forgot Password: Allow users to reset their password by sending a password reset link or OTP to their registered email or phone. Change Password: Allow logged-in users to change their password. Password Strength Check: Encourage strong passwords by implementing a strength meter and enforcing certain complexity rules.
-
Profile Management
View/Edit Profile: Users should be able to view and edit their profile details, such as name, contact information, and other personal preferences. Upload Profile Picture: Allow users to upload a profile picture for better personalization.
-
Email & Notification Settings
Email Verification: Require users to verify their email during registration. Notification Preferences: Let users manage their notification settings to control how they receive updates (email, SMS, etc.).
-
User Roles & Permissions
Account Levels: Implement different account levels (e.g., standard user, verified user, premium user) with associated benefits and access rights. Role Assignment: Assign specific roles to users, such as "trader", "viewer", or "admin". Supabase can help manage roles and permissions.
-
Activity Logs & Security
Login History: Record user login activity and allow users to see when and from where their account was accessed. Account Lockout: Lock accounts after a certain number of failed login attempts to prevent brute-force attacks.
-
Admin-Level Account Functions
Admin Dashboard: Allow admins to view registered users, approve new accounts, or suspend users. Role Management: Allow admins to assign or change user roles and permissions. User Statistics: Provide information about user activity, trading volumes, and other platform usage data.
-
Account Deletion
Self-Deletion: Allow users to delete their account while providing a warning about the consequences (loss of data, etc.). Admin-Level Deletion: Allow admins to deactivate or delete user accounts for security or policy violations.
-
Verification & KYC
Identity Verification: To meet regulatory requirements for carbon rights exchange, you may want to implement KYC (Know Your Customer) verification for specific account types. Document Upload: Allow users to upload identity documents (e.g., passport, utility bill) for verification.
-
Account Recovery
Recovery Questions: Optionally provide security questions to help recover accounts. Alternate Recovery Email: Allow users to add an alternate email for account recovery.
-
API Rate Limiting & Security
Rate Limiting: Apply rate limiting for sensitive operations (e.g., login, registration) to prevent abuse. Captcha: Add CAPTCHA during registration and login to prevent bot attacks.
-
Project Structure: Generally good. Got separate directories for different concerns, Here's the breakdown:
-
middleware: For HTTP middleware
-
config: For configuration-related code
-
utils: For utility functions
-
models: For data models
-
db: For database-related code
-
controllers: For request handlers
-
routes: For defining API routes
-
Key Files:
-
main.go: This is likely your entry point
-
go.mod and go.sum: For dependency management
-
.env: For environment variables (make sure this is in .gitignore)
-
Procfile: Suggests you might be deploying to a platform like Heroku
-
Package Structure: Packages seem to be organized logically. The db.go file is in its own db directory, which is good.
Documentation
¶
There is no documentation for this package.
Source Files
Directories