DEV Community: Lakhan Samani The latest articles on DEV Community by Lakhan Samani (@lakhansamani). https://dev.to/lakhansamani https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F127869%2F0ca7db15-6ea6-4767-b98e-55adbccc214b.jpg DEV Community: Lakhan Samani https://dev.to/lakhansamani en Authorizer v2 Is Here: Self-Hosted Auth, Rebuilt From the Ground Up Lakhan Samani Wed, 01 Apr 2026 12:41:18 +0000 https://dev.to/lakhansamani/authorizer-v2-is-here-self-hosted-auth-rebuilt-from-the-ground-up-184a https://dev.to/lakhansamani/authorizer-v2-is-here-self-hosted-auth-rebuilt-from-the-ground-up-184a <p>We just shipped <strong>Authorizer v2</strong> — a major rewrite of our open-source, self-hosted authentication and authorization server.</p> <p>If you've ever been frustrated by per-seat auth pricing, vendor lock-in, or shipping your users' data to someone else's cloud — this release is for you.</p> <p><strong>TL;DR</strong>: Single Go binary. 13+ database backends. CLI-driven config. OAuth 2.0/OIDC compliant. Deploy in 5 minutes. Free forever.</p> <p><a href="https://github.com/authorizerdev/authorizer" rel="noopener noreferrer">GitHub</a> | <a href="https://docs.authorizer.dev" rel="noopener noreferrer">Docs</a> | <a href="https://authorizer.dev" rel="noopener noreferrer">Website</a> | <a href="https://www.youtube.com/watch?v=aQrpYCyrDjU" rel="noopener noreferrer">Migration Video</a></p> <h2> Why We Built v2 </h2> <p>Authorizer v1 worked. Teams used it in production. But we kept hearing the same feedback:</p> <blockquote> <p>"Config stored in the database felt fragile."<br> "I want to manage auth config the same way I manage everything else — through code."<br> "It's hard to audit what changed and when."</p> </blockquote> <p>So we rethought the entire configuration model.</p> <p><strong>v1</strong>: Configuration lived in the database, encrypted. You changed settings through the dashboard UI or a GraphQL mutation. Convenient, but opaque — you couldn't version-control your auth config, couldn't audit changes easily, and secrets sat in a persistent store.</p> <p><strong>v2</strong>: <strong>All configuration is passed via CLI flags at startup.</strong> That's it. No <code>.env</code> files. No database-stored config. No mutation to accidentally expose secrets. Your auth server is configured the same way you configure every other 12-factor service.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>authorizer <span class="se">\</span> <span class="nt">--database-type</span> postgres <span class="se">\</span> <span class="nt">--database-url</span> <span class="s2">"postgres://user:pass@localhost:5432/auth"</span> <span class="se">\</span> <span class="nt">--jwt-type</span><span class="o">=</span>HS256 <span class="se">\</span> <span class="nt">--jwt-secret</span><span class="o">=</span><span class="nb">test</span> <span class="se">\</span> <span class="nt">--admin-secret</span><span class="o">=</span>admin <span class="se">\</span> <span class="nt">--client-id</span><span class="o">=</span>123456 <span class="se">\</span> <span class="nt">--client-secret</span><span class="o">=</span>secret </code></pre> </div> <p>That's a production-ready auth server. One command. No magic.</p> <h2> What's in v2 </h2> <h3> 13+ Database Backends </h3> <p>Use whatever database your team already runs:</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Category</th> <th>Supported</th> </tr> </thead> <tbody> <tr> <td><strong>SQL</strong></td> <td>PostgreSQL, MySQL, SQLite, SQL Server, MariaDB, YugabyteDB, PlanetScale, CockroachDB, LibSQL</td> </tr> <tr> <td><strong>NoSQL</strong></td> <td>MongoDB, ArangoDB, CassandraDB, ScyllaDB</td> </tr> <tr> <td><strong>Cloud</strong></td> <td>AWS DynamoDB, Couchbase</td> </tr> </tbody> </table></div> <p>No other open-source auth server supports this many backends. If you're already running MongoDB or DynamoDB — you don't need to spin up a separate Postgres just for auth.</p> <h3> 11 Social Login Providers </h3> <p>Google, GitHub, Facebook, Apple, LinkedIn, Microsoft, Discord, Twitter, Twitch, Roblox — all configured with a pair of CLI flags:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nt">--google-client-id</span> <span class="s2">"..."</span> <span class="nt">--google-client-secret</span> <span class="s2">"..."</span> <span class="nt">--github-client-id</span> <span class="s2">"..."</span> <span class="nt">--github-client-secret</span> <span class="s2">"..."</span> </code></pre> </div> <h3> Multi-Factor Authentication </h3> <ul> <li> <strong>TOTP</strong> — Google Authenticator, Authy, 1Password</li> <li> <strong>Email OTP</strong> — One-time codes via email</li> <li> <strong>SMS OTP</strong> — Via Twilio integration</li> <li>Enforceable globally with <code>--enforce-mfa</code> </li> </ul> <h3> Full OAuth 2.0 / OIDC Compliance </h3> <ul> <li>Authorization code flow with PKCE (RFC 7636)</li> <li>Implicit token and ID token flows</li> <li>JWKS endpoint (<code>/.well-known/jwks.json</code>)</li> <li>9 JWT signing algorithms (HS256/384/512, RS256/384/512, ES256/384/512)</li> <li>Custom access token claims via JavaScript scripts</li> </ul> <h3> Developer Experience </h3> <ul> <li> <strong>GraphQL API</strong> — Introspectable schema, admin operations prefixed with <code>_</code> </li> <li> <strong>REST endpoints</strong> — Standard OAuth 2.0/OIDC paths</li> <li> <strong>SDKs</strong> — React, JavaScript, Go, Svelte, Vue, Flutter</li> <li> <strong>Built-in UI</strong> — Login/signup pages out of the box, themeable</li> <li> <strong>Admin dashboard</strong> — User management, role assignment, email templates</li> <li> <strong>Webhooks</strong> — 8 event types for real-time integrations</li> </ul> <h3> Role-Based Access Control </h3> <p>Define roles, set defaults, protect sensitive ones:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nt">--roles</span> <span class="s2">"user,admin,editor"</span> <span class="se">\</span> <span class="nt">--default-roles</span> <span class="s2">"user"</span> <span class="se">\</span> <span class="nt">--protected-roles</span> <span class="s2">"admin"</span> </code></pre> </div> <h3> One-Command Deployment </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Docker</span> docker run <span class="nt">-p</span> 8080:8080 <span class="nt">-u</span> root <span class="se">\</span> <span class="nt">-v</span> authorizer_data:/authorizer/data <span class="se">\</span> lakhansamani/authorizer <span class="se">\</span> <span class="nt">--database-type</span><span class="o">=</span>sqlite <span class="se">\</span> <span class="nt">--database-url</span><span class="o">=</span>/authorizer/data/data.db <span class="se">\</span> <span class="nt">--client-id</span><span class="o">=</span>123456 <span class="se">\</span> <span class="nt">--client-secret</span><span class="o">=</span>secret <span class="se">\</span> <span class="nt">--admin-secret</span><span class="o">=</span>admin <span class="se">\</span> <span class="nt">--jwt-type</span><span class="o">=</span>HS256 <span class="se">\</span> <span class="nt">--jwt-secret</span><span class="o">=</span><span class="nb">test</span> <span class="c"># Or one-click deploy on Railway, Heroku, Render, Koyeb</span> </code></pre> </div> <p>Single binary. No JVM. No app server. No runtime dependencies.</p> <h2> What Changed From v1 </h2> <p>If you're upgrading, here's what matters:</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th></th> <th>v1</th> <th>v2</th> </tr> </thead> <tbody> <tr> <td><strong>Configuration</strong></td> <td>Stored in DB, editable via dashboard</td> <td>CLI flags only, immutable at runtime</td> </tr> <tr> <td><strong>Binary name</strong></td> <td><code>server</code></td> <td><code>authorizer</code></td> </tr> <tr> <td><strong>Env vars</strong></td> <td>Read from <code>.env</code> and OS</td> <td>Pass as CLI arguments</td> </tr> <tr> <td><strong>Dashboard</strong></td> <td>Can change server config</td> <td>Read-only (user management only)</td> </tr> <tr> <td><strong>Mobile auth</strong></td> <td>Separate <code>mobile_signup</code>/<code>mobile_login</code> </td> <td>Use <code>signup</code>/<code>login</code> with <code>phone_number</code> </td> </tr> <tr> <td><strong>Admin auth</strong></td> <td>Header always enabled</td> <td>Can disable header auth for security</td> </tr> <tr> <td><strong>SDK versions</strong></td> <td>authorizer-js v2, authorizer-react v1</td> <td>authorizer-js v3, authorizer-react v2</td> </tr> </tbody> </table></div> <p>We wrote a detailed <a href="https://github.com/authorizerdev/authorizer/blob/main/MIGRATION.md" rel="noopener noreferrer">migration guide</a> covering every breaking change. Prefer video? Here's a <a href="https://www.youtube.com/watch?v=aQrpYCyrDjU" rel="noopener noreferrer">step-by-step migration walkthrough on YouTube</a>.</p> <h2> What's Coming Next: The Roadmap </h2> <p>We're not stopping here. Here's what's planned across five phases:</p> <h3> Phase 1: Security Hardening </h3> <p>The foundation for enterprise adoption:</p> <ul> <li> <strong>Rate limiting &amp; brute force protection</strong> — Per-IP, per-user throttling and account lockout</li> <li> <strong>CAPTCHA integration</strong> — Cloudflare Turnstile and Google reCAPTCHA v3</li> <li> <strong>Leaked password detection</strong> — Have I Been Pwned API integration</li> <li> <strong>Structured audit logs</strong> — Queryable event trail for compliance</li> <li> <strong>Prometheus metrics</strong> — <code>/metrics</code> endpoint for observability</li> <li> <strong>Session security</strong> — Device fingerprinting, unrecognized device alerts, remote revocation</li> </ul> <h3> Phase 2: Authorization &amp; Machine-to-Machine </h3> <p>Moving beyond basic RBAC:</p> <ul> <li> <strong>Fine-grained permissions</strong> — Resource-level access control (<code>document:read</code>, <code>project:admin</code>)</li> <li> <strong>M2M authentication</strong> — OAuth 2.0 client credentials grant for service-to-service</li> <li> <strong>Service accounts</strong> — Application identities that aren't tied to humans</li> <li> <strong>API key management</strong> — Let your users create and manage their own API keys</li> <li> <strong>Organization enhancements</strong> — Domain-based routing, org-level policies, invitations</li> </ul> <h3> Phase 3: Enterprise SSO &amp; Federation </h3> <p>What enterprise buyers ask for on day one:</p> <ul> <li> <strong>SAML 2.0</strong> — Connect to Okta, Azure AD, OneLogin</li> <li> <strong>SCIM 2.0 / Directory Sync</strong> — Automated user provisioning and deprovisioning</li> <li> <strong>Authorizer as OIDC Provider</strong> — Issue tokens for downstream services</li> <li> <strong>Self-service admin portal</strong> — Let customer IT teams configure their own SSO</li> </ul> <h3> Phase 4: AI-Era Authentication </h3> <p>Auth is changing. AI agents need identity too:</p> <ul> <li> <strong>MCP (Model Context Protocol) authorization</strong> — Secure tool access for AI agents</li> <li> <strong>Agent-to-Agent (A2A) authentication</strong> — Identity and delegation for autonomous agents</li> <li> <strong>OAuth 2.1 compliance</strong> — Mandatory PKCE, no implicit grant, refresh token rotation</li> <li> <strong>Token exchange (RFC 8693)</strong> — Delegation and impersonation flows</li> <li> <strong>Dynamic client registration (RFC 7591)</strong> — Programmatic OAuth client creation</li> </ul> <h3> Phase 5: Advanced Security &amp; Modern Standards (Q2-Q3 2027) </h3> <ul> <li> <strong>Passkeys / WebAuthn (FIDO2)</strong> — Passwordless with hardware keys</li> <li> <strong>DPoP (RFC 9449)</strong> — Proof-of-possession tokens to prevent token theft</li> <li> <strong>Advanced bot protection</strong> — Risk scoring, credential stuffing detection</li> <li> <strong>SIEM integration</strong> — Stream logs to Datadog, Splunk, Elastic</li> </ul> <p>The full roadmap is on <a href="https://github.com/authorizerdev/authorizer/blob/main/ROADMAP_V2.md" rel="noopener noreferrer">GitHub</a>.</p> <h2> Why Self-Hosted Auth Matters in 2026 </h2> <p>Three trends are making self-hosted auth more relevant than ever:</p> <p><strong>1. Data sovereignty isn't optional anymore.</strong> GDPR enforcement is accelerating. New regulations in India, Brazil, and across APAC require data residency. If your auth provider stores user data in a region you can't control, you have a compliance problem.</p> <p><strong>2. Auth pricing doesn't scale.</strong> Hosted auth providers get expensive fast — they charge per user, per connection, or per feature. With Authorizer, you pay for a server. That's it.</p> <p><strong>3. AI agents need auth too.</strong> MCP, A2A, and OAuth 2.1 are the emerging standards for agent authentication. The auth layer needs to evolve — and you want that evolution to happen on infrastructure you control.</p> <h2> Get Started </h2> <p><strong>5-minute quickstart:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>docker run <span class="nt">-p</span> 8080:8080 <span class="nt">-u</span> root <span class="se">\</span> <span class="nt">-v</span> authorizer_data:/authorizer/data <span class="se">\</span> lakhansamani/authorizer <span class="se">\</span> <span class="nt">--database-type</span><span class="o">=</span>sqlite <span class="se">\</span> <span class="nt">--database-url</span><span class="o">=</span>/authorizer/data/data.db <span class="se">\</span> <span class="nt">--client-id</span><span class="o">=</span>123456 <span class="se">\</span> <span class="nt">--client-secret</span><span class="o">=</span>secret <span class="se">\</span> <span class="nt">--admin-secret</span><span class="o">=</span>admin <span class="se">\</span> <span class="nt">--jwt-type</span><span class="o">=</span>HS256 <span class="se">\</span> <span class="nt">--jwt-secret</span><span class="o">=</span><span class="nb">test</span> </code></pre> </div> <p>Open <code>http://localhost:8080</code> — you have a working auth server with a login page.</p> <p><strong>Add it to your React app:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm <span class="nb">install</span> @authorizerdev/authorizer-react </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight jsx"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">AuthorizerProvider</span><span class="p">,</span> <span class="nx">Authorizer</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@authorizerdev/authorizer-react</span><span class="dl">'</span><span class="p">;</span> <span class="kd">function</span> <span class="nf">App</span><span class="p">()</span> <span class="p">{</span> <span class="k">return </span><span class="p">(</span> <span class="p">&lt;</span><span class="nc">AuthorizerProvider</span> <span class="na">config</span><span class="p">=</span><span class="si">{</span><span class="p">{</span> <span class="na">authorizerURL</span><span class="p">:</span> <span class="dl">'</span><span class="s1">http://localhost:8080</span><span class="dl">'</span><span class="p">,</span> <span class="na">redirectURL</span><span class="p">:</span> <span class="nb">window</span><span class="p">.</span><span class="nx">location</span><span class="p">.</span><span class="nx">origin</span><span class="p">,</span> <span class="na">clientID</span><span class="p">:</span> <span class="dl">'</span><span class="s1">my-app</span><span class="dl">'</span><span class="p">,</span> <span class="p">}</span><span class="si">}</span> <span class="p">&gt;</span> <span class="p">&lt;</span><span class="nc">Authorizer</span> <span class="p">/&gt;</span> <span class="p">&lt;/</span><span class="nc">AuthorizerProvider</span><span class="p">&gt;</span> <span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>That's email/password auth, social logins, and session management — in 15 lines.</p> <p><strong>One-click cloud deploy:</strong></p> <ul> <li><a href="https://railway.com/deploy/nwXp1C?referralCode=FEF4uT&amp;utm_medium=integration&amp;utm_source=template&amp;utm_campaign=generic" rel="noopener noreferrer">Railway</a></li> <li><a href="https://github.com/authorizerdev/authorizer-heroku" rel="noopener noreferrer">Heroku</a></li> <li><a href="https://render.com/deploy?repo=https://github.com/authorizerdev/authorizer-render" rel="noopener noreferrer">Render</a></li> </ul> <h2> Join the Community </h2> <ul> <li> <strong>Star us on GitHub</strong>: <a href="https://github.com/authorizerdev/authorizer" rel="noopener noreferrer">github.com/authorizerdev/authorizer</a> </li> <li> <strong>Website</strong>: <a href="https://authorizer.dev" rel="noopener noreferrer">authorizer.dev</a> </li> <li> <strong>Read the docs</strong>: <a href="https://docs.authorizer.dev" rel="noopener noreferrer">docs.authorizer.dev</a> </li> <li> <strong>Watch the migration video</strong>: <a href="https://www.youtube.com/watch?v=aQrpYCyrDjU" rel="noopener noreferrer">YouTube — v1 to v2 migration</a> </li> <li> <strong>Join Discord</strong>: <a href="https://discord.gg/n7DfTjCAn" rel="noopener noreferrer">discord.gg/n7DfTjCAn</a> — Chat with the team and other developers</li> <li> <strong>Contribute</strong>: Check out our <a href="https://github.com/authorizerdev/authorizer/blob/main/.github/CONTRIBUTING.md" rel="noopener noreferrer">contributing guide</a> </li> </ul> <p>Authorizer is Apache 2.0 licensed. It's free, it's open source, and your data stays yours.</p> <p>We'd love your feedback, bug reports, and contributions. If this solves a problem for you — give us a star. It helps more than you think.</p> <h2> Sponsor Authorizer </h2> <p>Authorizer is built and maintained by the community. If it saves you time or money, consider sponsoring the project to keep development going:</p> <p><a href="https://github.com/sponsors/authorizerdev" rel="noopener noreferrer">Sponsor Authorizer on GitHub</a></p> <p><em>Built with Go. Powered by the community. Owned by you.</em></p> <p><strong>About the author</strong>: I'm <a href="https://lakhan.me" rel="noopener noreferrer">Lakhan Samani</a>, creator of Authorizer. Connect with me on <a href="https://linkedin.com/in/lakhansamani" rel="noopener noreferrer">LinkedIn</a> or <a href="https://x.com/lakhansamani" rel="noopener noreferrer">X/Twitter</a>.</p> webdev ai opensource authentication Deploying Our Distributed System on Kubernetes with Kind - Part 7 Lakhan Samani Mon, 17 Mar 2025 09:59:26 +0000 https://dev.to/lakhansamani/deploying-our-distributed-system-on-kubernetes-with-kind-part-7-36d3 https://dev.to/lakhansamani/deploying-our-distributed-system-on-kubernetes-with-kind-part-7-36d3 <p>In the previous blog posts, we designed and implemented a distributed system comprising <strong><a href="https://github.com/lakhansamani/ecom-grpc-userd" rel="noopener noreferrer">User Service (users)</a></strong> and <strong><a href="https://github.com/lakhansamani/ecom-grpc-orderd" rel="noopener noreferrer">Order Service (ordered)</a></strong> with observability using <strong>OpenTelemetry</strong>, <strong>Jaeger</strong>, <strong>Prometheus</strong>, and <strong>Alertmanager</strong>. In this final part, we'll deploy the entire system on <strong>Kubernetes (Kind)</strong> and demonstrate how it benefits distributed systems.</p> <h2> Why Deploy on Kubernetes? </h2> <p>Deploying our distributed system on <strong>Kubernetes</strong> offers several benefits:</p> <ul> <li> <strong>Scalability</strong>: Easily scale services as traffic grows.</li> <li> <strong>Fault Tolerance</strong>: Kubernetes ensures services restart on failure.</li> <li> <strong>Observability</strong>: Seamless monitoring using <strong>Prometheus</strong> and <strong>Jaeger</strong>.</li> <li> <strong>Portability</strong>: Deploy the same stack in any cloud or local environment.</li> </ul> <h2> Setting Up the Kind Cluster </h2> <p>We'll use <strong>Kind</strong> (Kubernetes in Docker) to set up a local Kubernetes cluster.</p> <h3> <strong>Step 1: Install Kind &amp; kubectl</strong> </h3> <p>Ensure <strong>Kind</strong> and <strong>kubectl</strong> are installed:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Install Kind</span> curl <span class="nt">-Lo</span> ./kind https://kind.sigs.k8s.io/dl/v0.20.0/kind-linux-amd64 <span class="nb">chmod</span> +x kind <span class="nb">mv </span>kind /usr/local/bin/ <span class="c"># Install kubectl</span> curl <span class="nt">-LO</span> <span class="s2">"https://dl.k8s.io/release/</span><span class="si">$(</span>curl <span class="nt">-L</span> <span class="nt">-s</span> https://dl.k8s.io/release/stable.txt<span class="si">)</span><span class="s2">/bin/linux/amd64/kubectl"</span> <span class="nb">chmod</span> +x kubectl <span class="nb">mv </span>kubectl /usr/local/bin/ </code></pre> </div> <h3> <strong>Step 2: Create a Kind Cluster</strong> </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>kind create cluster <span class="nt">--name</span> distributed-system <span class="nt">--config</span> kind.yaml </code></pre> </div> <p><code>kind.yaml</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">kind</span><span class="pi">:</span> <span class="s">Cluster</span> <span class="na">apiVersion</span><span class="pi">:</span> <span class="s">kind.x-k8s.io/v1alpha4</span> <span class="na">nodes</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">role</span><span class="pi">:</span> <span class="s">control-plane</span> <span class="na">extraPortMappings</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">containerPort</span><span class="pi">:</span> <span class="m">5432</span> <span class="c1"># postgres</span> <span class="na">hostPort</span><span class="pi">:</span> <span class="m">5432</span> <span class="pi">-</span> <span class="na">containerPort</span><span class="pi">:</span> <span class="m">50051</span> <span class="c1"># userd grpc</span> <span class="na">hostPort</span><span class="pi">:</span> <span class="m">50051</span> <span class="pi">-</span> <span class="na">containerPort</span><span class="pi">:</span> <span class="m">50052</span> <span class="c1"># orderd grpc</span> <span class="na">hostPort</span><span class="pi">:</span> <span class="m">50052</span> <span class="pi">-</span> <span class="na">containerPort</span><span class="pi">:</span> <span class="m">9091</span> <span class="c1"># userd metrics</span> <span class="na">hostPort</span><span class="pi">:</span> <span class="m">9091</span> <span class="pi">-</span> <span class="na">containerPort</span><span class="pi">:</span> <span class="m">9092</span> <span class="c1"># orderd metrics</span> <span class="na">hostPort</span><span class="pi">:</span> <span class="m">9092</span> <span class="pi">-</span> <span class="na">containerPort</span><span class="pi">:</span> <span class="m">16686</span> <span class="c1"># jaeger ui</span> <span class="na">hostPort</span><span class="pi">:</span> <span class="m">16686</span> <span class="pi">-</span> <span class="na">containerPort</span><span class="pi">:</span> <span class="m">4317</span> <span class="c1"># jaeger grpc</span> <span class="na">hostPort</span><span class="pi">:</span> <span class="m">4317</span> <span class="pi">-</span> <span class="na">containerPort</span><span class="pi">:</span> <span class="m">4318</span> <span class="c1"># jaeger http</span> <span class="na">hostPort</span><span class="pi">:</span> <span class="m">4318</span> <span class="pi">-</span> <span class="na">containerPort</span><span class="pi">:</span> <span class="m">9090</span> <span class="c1"># prometheus</span> <span class="na">hostPort</span><span class="pi">:</span> <span class="m">9090</span> <span class="pi">-</span> <span class="na">containerPort</span><span class="pi">:</span> <span class="m">9093</span> <span class="c1"># alertmanager</span> <span class="na">hostPort</span><span class="pi">:</span> <span class="m">9093</span> </code></pre> </div> <h2> Deploying Databases (PostgreSQL) </h2> <p>We need <strong>userdb</strong> and <strong>orderdb</strong> for our services.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">apps/v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Deployment</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">postgres</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">replicas</span><span class="pi">:</span> <span class="m">1</span> <span class="na">selector</span><span class="pi">:</span> <span class="na">matchLabels</span><span class="pi">:</span> <span class="na">app</span><span class="pi">:</span> <span class="s">postgres</span> <span class="na">template</span><span class="pi">:</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">labels</span><span class="pi">:</span> <span class="na">app</span><span class="pi">:</span> <span class="s">postgres</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">containers</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">postgres</span> <span class="na">image</span><span class="pi">:</span> <span class="s">postgres:latest</span> <span class="na">env</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">POSTGRES_USER</span> <span class="na">value</span><span class="pi">:</span> <span class="s">postgres</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">POSTGRES_PASSWORD</span> <span class="na">value</span><span class="pi">:</span> <span class="s">postgres</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">containerPort</span><span class="pi">:</span> <span class="m">5432</span> <span class="nn">---</span> <span class="na">apiVersion</span><span class="pi">:</span> <span class="s">v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Service</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">postgres</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">protocol</span><span class="pi">:</span> <span class="s">TCP</span> <span class="na">port</span><span class="pi">:</span> <span class="m">5432</span> <span class="na">targetPort</span><span class="pi">:</span> <span class="m">5432</span> <span class="na">selector</span><span class="pi">:</span> <span class="na">app</span><span class="pi">:</span> <span class="s">postgres</span> <span class="nn">---</span> <span class="na">apiVersion</span><span class="pi">:</span> <span class="s">v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">PersistentVolumeClaim</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">userdb-pvc</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">accessModes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">ReadWriteOnce</span> <span class="na">resources</span><span class="pi">:</span> <span class="na">requests</span><span class="pi">:</span> <span class="na">storage</span><span class="pi">:</span> <span class="s">1Gi</span> <span class="nn">---</span> <span class="na">apiVersion</span><span class="pi">:</span> <span class="s">batch/v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Job</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">create-userdb</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">template</span><span class="pi">:</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">containers</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">create-userdb</span> <span class="na">image</span><span class="pi">:</span> <span class="s">postgres:latest</span> <span class="na">command</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">/bin/sh"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">-c"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">psql</span><span class="nv"> </span><span class="s">-U</span><span class="nv"> </span><span class="s">postgres</span><span class="nv"> </span><span class="s">-h</span><span class="nv"> </span><span class="s">postgres</span><span class="nv"> </span><span class="s">-c</span><span class="nv"> </span><span class="s">'CREATE</span><span class="nv"> </span><span class="s">DATABASE</span><span class="nv"> </span><span class="s">userdb;'"</span> <span class="pi">]</span> <span class="na">env</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">PGPASSWORD</span> <span class="na">value</span><span class="pi">:</span> <span class="s">postgres</span> <span class="na">restartPolicy</span><span class="pi">:</span> <span class="s">Never</span> <span class="nn">---</span> <span class="na">apiVersion</span><span class="pi">:</span> <span class="s">batch/v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Job</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">create-orderdb</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">template</span><span class="pi">:</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">containers</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">create-orderdb</span> <span class="na">image</span><span class="pi">:</span> <span class="s">postgres:latest</span> <span class="na">command</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">/bin/sh"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">-c"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">psql</span><span class="nv"> </span><span class="s">-U</span><span class="nv"> </span><span class="s">postgres</span><span class="nv"> </span><span class="s">-h</span><span class="nv"> </span><span class="s">postgres</span><span class="nv"> </span><span class="s">-c</span><span class="nv"> </span><span class="s">'CREATE</span><span class="nv"> </span><span class="s">DATABASE</span><span class="nv"> </span><span class="s">orderdb;'"</span> <span class="pi">]</span> <span class="na">env</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">PGPASSWORD</span> <span class="na">value</span><span class="pi">:</span> <span class="s">postgres</span> <span class="na">restartPolicy</span><span class="pi">:</span> <span class="s">Never</span> </code></pre> </div> <p>Apply the database setup:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>kubectl apply <span class="nt">-f</span> postgres.yaml </code></pre> </div> <h2> Deploying the User and Order Services </h2> <p>Each service will be exposed via a <strong>Kubernetes Service</strong>.</p> <h3> <strong>userd Deployment &amp; Service <code>userd.yaml</code></strong> </h3> <p>Before deploying this service, we have created docker image and pushed to docker hub<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># build image</span> docker build <span class="nt">--platform</span> linux/amd64 <span class="nt">-t</span> lakhansamani/ecom-grpc-userd:0.1.0 <span class="nb">.</span> <span class="c">#push image</span> docker push lakhansamani/ecom-grpc-userd:0.1.0 </code></pre> </div> <blockquote> <p>Note you can use your docker hub account or any other container registry to push image.<br> </p> </blockquote> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">apps/v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Deployment</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">userd</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">replicas</span><span class="pi">:</span> <span class="m">1</span> <span class="na">selector</span><span class="pi">:</span> <span class="na">matchLabels</span><span class="pi">:</span> <span class="na">app</span><span class="pi">:</span> <span class="s">userd</span> <span class="na">template</span><span class="pi">:</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">labels</span><span class="pi">:</span> <span class="na">app</span><span class="pi">:</span> <span class="s">userd</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">containers</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">userd</span> <span class="na">image</span><span class="pi">:</span> <span class="s">lakhansamani/ecom-grpc-userd:0.1.0</span> <span class="na">env</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">DB_URL</span> <span class="na">value</span><span class="pi">:</span> <span class="s2">"</span><span class="s">postgres://postgres:postgres@postgres:5432/userdb"</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">JWT_SECRET</span> <span class="na">value</span><span class="pi">:</span> <span class="s2">"</span><span class="s">secret"</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">JAEGER_URL</span> <span class="na">value</span><span class="pi">:</span> <span class="s2">"</span><span class="s">jaeger:4317"</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">containerPort</span><span class="pi">:</span> <span class="m">50051</span> <span class="pi">-</span> <span class="na">containerPort</span><span class="pi">:</span> <span class="m">9091</span> <span class="nn">---</span> <span class="na">apiVersion</span><span class="pi">:</span> <span class="s">v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Service</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">userd</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">grpc</span> <span class="na">port</span><span class="pi">:</span> <span class="m">50051</span> <span class="na">targetPort</span><span class="pi">:</span> <span class="m">50051</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">metrics</span> <span class="na">port</span><span class="pi">:</span> <span class="m">9091</span> <span class="na">targetPort</span><span class="pi">:</span> <span class="m">9091</span> <span class="na">selector</span><span class="pi">:</span> <span class="na">app</span><span class="pi">:</span> <span class="s">userd</span> </code></pre> </div> <p>Apply the deployment:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>kubectl apply <span class="nt">-f</span> userd.yaml </code></pre> </div> <h3> <strong>orderd Deployment &amp; Service <code>orderd.yaml</code></strong> </h3> <p>Before deploying this service, we have created docker image and pushed to docker hub<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># build image</span> docker build <span class="nt">--platform</span> linux/amd64 <span class="nt">-t</span> lakhansamani/ecom-grpc-orderd:0.1.0 <span class="nb">.</span> <span class="c">#push image</span> docker push lakhansamani/ecom-grpc-orderd:0.1.0 </code></pre> </div> <blockquote> <p>Note you can use your docker hub account or any other container registry to push image.<br> </p> </blockquote> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">apps/v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Deployment</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">orderd</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">replicas</span><span class="pi">:</span> <span class="m">1</span> <span class="na">selector</span><span class="pi">:</span> <span class="na">matchLabels</span><span class="pi">:</span> <span class="na">app</span><span class="pi">:</span> <span class="s">orderd</span> <span class="na">template</span><span class="pi">:</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">labels</span><span class="pi">:</span> <span class="na">app</span><span class="pi">:</span> <span class="s">orderd</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">containers</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">orderd</span> <span class="na">image</span><span class="pi">:</span> <span class="s">lakhansamani/ecom-grpc-orderd:0.1.0</span> <span class="na">env</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">DB_URL</span> <span class="na">value</span><span class="pi">:</span> <span class="s2">"</span><span class="s">postgres://postgres:postgres@postgres:5432/orderdb"</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">USER_SERVICE_URL</span> <span class="na">value</span><span class="pi">:</span> <span class="s2">"</span><span class="s">userd:50051"</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">JAEGER_URL</span> <span class="na">value</span><span class="pi">:</span> <span class="s2">"</span><span class="s">jaeger:4317"</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">containerPort</span><span class="pi">:</span> <span class="m">50052</span> <span class="pi">-</span> <span class="na">containerPort</span><span class="pi">:</span> <span class="m">9092</span> <span class="nn">---</span> <span class="na">apiVersion</span><span class="pi">:</span> <span class="s">v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Service</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">orderd</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">grpc</span> <span class="na">port</span><span class="pi">:</span> <span class="m">50052</span> <span class="na">targetPort</span><span class="pi">:</span> <span class="m">50052</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">metrics</span> <span class="na">port</span><span class="pi">:</span> <span class="m">9092</span> <span class="na">targetPort</span><span class="pi">:</span> <span class="m">9092</span> <span class="na">selector</span><span class="pi">:</span> <span class="na">app</span><span class="pi">:</span> <span class="s">orderd</span> </code></pre> </div> <p>Apply the file:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>kubectl apply <span class="nt">-f</span> orderd.yaml </code></pre> </div> <h2> Deploying Observability Stack </h2> <h3> <strong>Jaeger (Tracing) <code>jaeger.yaml</code></strong> </h3> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">apps/v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Deployment</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">jaeger</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">replicas</span><span class="pi">:</span> <span class="m">1</span> <span class="na">selector</span><span class="pi">:</span> <span class="na">matchLabels</span><span class="pi">:</span> <span class="na">app</span><span class="pi">:</span> <span class="s">jaeger</span> <span class="na">template</span><span class="pi">:</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">labels</span><span class="pi">:</span> <span class="na">app</span><span class="pi">:</span> <span class="s">jaeger</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">containers</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">jaeger</span> <span class="na">image</span><span class="pi">:</span> <span class="s">jaegertracing/all-in-one:latest</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">containerPort</span><span class="pi">:</span> <span class="m">16686</span> <span class="pi">-</span> <span class="na">containerPort</span><span class="pi">:</span> <span class="m">4317</span> <span class="pi">-</span> <span class="na">containerPort</span><span class="pi">:</span> <span class="m">4318</span> <span class="na">env</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">COLLECTOR_OTLP_ENABLED</span> <span class="na">value</span><span class="pi">:</span> <span class="s2">"</span><span class="s">true"</span> <span class="nn">---</span> <span class="na">apiVersion</span><span class="pi">:</span> <span class="s">v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Service</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">jaeger</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">selector</span><span class="pi">:</span> <span class="na">app</span><span class="pi">:</span> <span class="s">jaeger</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">ui</span> <span class="na">port</span><span class="pi">:</span> <span class="m">16686</span> <span class="na">targetPort</span><span class="pi">:</span> <span class="m">16686</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">grpc</span> <span class="na">port</span><span class="pi">:</span> <span class="m">4317</span> <span class="na">targetPort</span><span class="pi">:</span> <span class="m">4317</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">http</span> <span class="na">port</span><span class="pi">:</span> <span class="m">4318</span> <span class="na">targetPort</span><span class="pi">:</span> <span class="m">4318</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>kubectl apply <span class="nt">-f</span> jaeger.yaml </code></pre> </div> <h3> <strong>Prometheus (Metrics) <code>prometheus.yaml</code></strong> </h3> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">ConfigMap</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">prometheus-config</span> <span class="na">data</span><span class="pi">:</span> <span class="na">prometheus.yml</span><span class="pi">:</span> <span class="pi">|</span> <span class="s">global:</span> <span class="s">scrape_interval: 5s</span> <span class="s">alerting:</span> <span class="s">alertmanagers:</span> <span class="s">- static_configs:</span> <span class="s">- targets: ["alertmanager:9093"]</span> <span class="s">rule_files:</span> <span class="s">- alert_rules.yaml</span> <span class="s">scrape_configs:</span> <span class="s">- job_name: "userd"</span> <span class="s">static_configs:</span> <span class="s">- targets: ["userd:9091"]</span> <span class="s">- job_name: "orderd"</span> <span class="s">static_configs:</span> <span class="s">- targets: ["orderd:9092"]</span> <span class="na">alert_rules.yaml</span><span class="pi">:</span> <span class="pi">|</span> <span class="s">groups:</span> <span class="s">- name: userd</span> <span class="s">rules:</span> <span class="s">- alert: HighInvalidLoginAttempts</span> <span class="s">expr: increase(userd_service_login_handler{result="invalid_password"}[1m]) &gt; 3</span> <span class="s">for: 1m</span> <span class="s">labels:</span> <span class="s">severity: warning</span> <span class="s">annotations:</span> <span class="s">summary: "High Invalid Login Attempts"</span> <span class="s">description: "More than 3 invalid login attempts detected in the last minute."</span> <span class="s">---</span> <span class="na">apiVersion</span><span class="pi">:</span> <span class="s">apps/v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Deployment</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">prometheus</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">replicas</span><span class="pi">:</span> <span class="m">1</span> <span class="na">selector</span><span class="pi">:</span> <span class="na">matchLabels</span><span class="pi">:</span> <span class="na">app</span><span class="pi">:</span> <span class="s">prometheus</span> <span class="na">template</span><span class="pi">:</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">labels</span><span class="pi">:</span> <span class="na">app</span><span class="pi">:</span> <span class="s">prometheus</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">containers</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">prometheus</span> <span class="na">image</span><span class="pi">:</span> <span class="s">prom/prometheus:v2.37.0</span> <span class="na">args</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--config.file=/etc/prometheus/prometheus.yml"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--storage.tsdb.path=/prometheus"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--web.enable-lifecycle"</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">http</span> <span class="na">containerPort</span><span class="pi">:</span> <span class="m">9090</span> <span class="na">volumeMounts</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">prometheus-config-volume</span> <span class="na">mountPath</span><span class="pi">:</span> <span class="s">/etc/prometheus/prometheus.yml</span> <span class="na">subPath</span><span class="pi">:</span> <span class="s">prometheus.yml</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">prometheus-config-volume</span> <span class="na">mountPath</span><span class="pi">:</span> <span class="s">/etc/prometheus/alert_rules.yaml</span> <span class="na">subPath</span><span class="pi">:</span> <span class="s">alert_rules.yaml</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">prometheus-config-volume</span> <span class="na">configMap</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">prometheus-config</span> <span class="nn">---</span> <span class="na">apiVersion</span><span class="pi">:</span> <span class="s">v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Service</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">prometheus</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">selector</span><span class="pi">:</span> <span class="na">app</span><span class="pi">:</span> <span class="s">prometheus</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">http</span> <span class="na">port</span><span class="pi">:</span> <span class="m">9090</span> <span class="na">targetPort</span><span class="pi">:</span> <span class="m">9090</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>kubectl apply <span class="nt">-f</span> prometheus.yaml </code></pre> </div> <h3> <strong>Alertmanager (Alerts) <code>alertmanager.yaml</code></strong> </h3> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">ConfigMap</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">alertmanager-config</span> <span class="na">data</span><span class="pi">:</span> <span class="na">alertmanager.yml</span><span class="pi">:</span> <span class="pi">|</span> <span class="s">global:</span> <span class="s">resolve_timeout: 5m</span> <span class="s">route:</span> <span class="s">receiver: "slack-notifications"</span> <span class="s">receivers:</span> <span class="s">- name: "slack-notifications"</span> <span class="s">slack_configs:</span> <span class="s">- channel: "#alerts"</span> <span class="s">send_resolved: true</span> <span class="s">username: "prometheus"</span> <span class="s">api_url: "https://hooks.slack.com/services/YOUR/SLACK/WEBHOOK"</span> <span class="s">---</span> <span class="na">apiVersion</span><span class="pi">:</span> <span class="s">apps/v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Deployment</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">alertmanager</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">replicas</span><span class="pi">:</span> <span class="m">1</span> <span class="na">selector</span><span class="pi">:</span> <span class="na">matchLabels</span><span class="pi">:</span> <span class="na">app</span><span class="pi">:</span> <span class="s">alertmanager</span> <span class="na">template</span><span class="pi">:</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">labels</span><span class="pi">:</span> <span class="na">app</span><span class="pi">:</span> <span class="s">alertmanager</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">containers</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">alertmanager</span> <span class="na">image</span><span class="pi">:</span> <span class="s">prom/alertmanager:v0.25.0</span> <span class="na">args</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--config.file=/etc/alertmanager/alertmanager.yml"</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">containerPort</span><span class="pi">:</span> <span class="m">9093</span> <span class="na">volumeMounts</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">config-volume</span> <span class="na">mountPath</span><span class="pi">:</span> <span class="s">/etc/alertmanager</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">config-volume</span> <span class="na">configMap</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">alertmanager-config</span> <span class="nn">---</span> <span class="na">apiVersion</span><span class="pi">:</span> <span class="s">v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Service</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">alertmanager</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">selector</span><span class="pi">:</span> <span class="na">app</span><span class="pi">:</span> <span class="s">alertmanager</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">http</span> <span class="na">port</span><span class="pi">:</span> <span class="m">9093</span> <span class="na">targetPort</span><span class="pi">:</span> <span class="m">9093</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>kubectl apply <span class="nt">-f</span> alertmanager.yaml </code></pre> </div> <h2> Accessing Services </h2> <p>After deployment, access services on localhost:</p> <ul> <li> <strong>User Service</strong>: <code>grpcurl -plaintext localhost:50051 list</code> </li> <li> <strong>Order Service</strong>: <code>grpcurl -plaintext localhost:50052 list</code> </li> <li> <strong>Jaeger UI</strong>: <a href="http://localhost:16686" rel="noopener noreferrer">http://localhost:16686</a> </li> <li> <strong>Prometheus</strong>: <a href="http://localhost:9090" rel="noopener noreferrer">http://localhost:9090</a> </li> <li> <strong>Alertmanager</strong>: <a href="http://localhost:9093" rel="noopener noreferrer">http://localhost:9093</a> </li> </ul> <blockquote> <p>Note: if it does not work, try port forwarding those port to local ports. eg <code>kubectl port-forward svc/jaeger 16686:16686</code></p> </blockquote> <h2> Repository </h2> <p>All configuration files has been published here:</p> <p><a href="https://github.com/lakhansamani/ecom-k8s" rel="noopener noreferrer">Github Repo</a></p> <h2> Conclusion </h2> <p>With <strong>Kubernetes and Kind</strong>, we've successfully deployed our distributed system with observability and monitoring. This setup provides scalability, resilience, and detailed insights into system health. From here, you can:</p> <ul> <li> <strong>Scale the services</strong> using <code>kubectl scale deployment userd --replicas=3</code> </li> <li> <strong>Deploy to the cloud</strong> using Kubernetes clusters like GKE or EKS.</li> </ul> <p>This marks the end of our distributed system journey. Happy coding! 🚀</p> kubernetes distributedsystems go microservices Implementing monitoring and alerting for distributed system - Part 6 Lakhan Samani Tue, 11 Mar 2025 08:25:47 +0000 https://dev.to/lakhansamani/implementing-monitoring-and-alerting-for-distributed-system-part-6-lha https://dev.to/lakhansamani/implementing-monitoring-and-alerting-for-distributed-system-part-6-lha <h2> Introduction </h2> <p>In <a href="https://www.lakhan.me/posts/implementing-tracing-part-5/" rel="noopener noreferrer">Part 5</a>, we implemented the tracing in <code>userd</code> &amp; <code>orderd</code> services. In a distributed system, tracing helps follow a request's journey across services, while metrics play a crucial role in observability by providing visibility into system behavior, performance, and health. In distributed systems, they help with:</p> <ul> <li>Performance Monitoring – Detect bottlenecks and optimize services.</li> <li>Latency Tracking – Identify slow services in request chains.</li> <li>Error Detection – Spot failing components before they cause outages.</li> <li>Capacity Planning – Predict resource needs to avoid over/under-provisioning.</li> <li>Alerting &amp; Troubleshooting – Enable proactive issue resolution.</li> </ul> <p>In this post, we will set up metrics and alerting in our e-commerce system <a href="https://github.com/lakhansamani/ecom-grpc-userd" rel="noopener noreferrer">userd</a> and <a href="https://github.com/lakhansamani/ecom-grpc-orderd" rel="noopener noreferrer">orderd</a> services using <a href="https://prometheus.io/" rel="noopener noreferrer">Prometheus</a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fz850olo5hwppnrwce2ei.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fz850olo5hwppnrwce2ei.png" alt="img" width="800" height="298"></a></p> <h2> Why Prometheus? </h2> <p>Prometheus is one of the best tools for monitoring gRPC-based distributed systems because of its scalability, pull-based model, efficient storage, and powerful query language (PromQL). Here’s why it’s widely used:</p> <ol> <li>Pull-Based Model for Scalability</li> <li>Efficient Storage &amp; Retrieval</li> <li>gRPC-Native Support</li> <li>Powerful Query Language (PromQL)</li> <li>Easy Integration with Alerting &amp; Dashboards</li> </ol> <h2> What kind of metrics are we interested in? </h2> <ol> <li>Request Metrics <ul> <li>Total Requests (grpc_server_requests_total): Number of gRPC requests received.</li> <li>Request Rate: Requests per second (RPS).</li> </ul> </li> <li>Latency Metrics <ul> <li>Request Duration (grpc_server_handling_seconds): Time taken to handle each request.</li> </ul> </li> <li>Error Metrics <ul> <li>gRPC Status Codes (grpc_server_responses_total with labels for status_code)</li> </ul> </li> <li>Custom Business Metrics <ul> <li>Login API failure / success counter</li> <li>Invalid login attempts counter</li> <li>Register API failure / success counter</li> <li>Me API failure / success counter</li> <li>Create Order API failure / success counter</li> <li>Fetch Order API failure / success counter</li> </ul> </li> </ol> <h2> Integrating Metrics in <a href="https://github.com/lakhansamani/ecom-grpc-userd" rel="noopener noreferrer">userd</a> </h2> <p>We updated <a href="https://github.com/lakhansamani/ecom-grpc-userd" rel="noopener noreferrer">userd</a> to start an HTTP metrics server that Prometheus can scrape.</p> <h3> Step 1: Configure Prometheus Go Client </h3> <p>We will be using <a href="//github.com/prometheus/client_golang">prometheus</a> client to start metrics server as a go routine that can run in background.</p> <p>This endpoint is then scraped by prometheus.</p> <p>We will be using <a href="//github.com/grpc-ecosystem/go-grpc-middleware/providers/prometheus">go-grpc-middleware</a> for registering the standard metrics of grpc server.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code> <span class="k">import</span> <span class="p">(</span> <span class="s">"github.com/prometheus/client_golang/prometheus/promhttp"</span> <span class="n">grpcprom</span> <span class="s">"github.com/grpc-ecosystem/go-grpc-middleware/providers/prometheus"</span> <span class="p">)</span> <span class="k">const</span> <span class="p">(</span> <span class="n">metricsPort</span> <span class="o">=</span> <span class="s">":9092"</span> <span class="p">)</span> <span class="k">var</span> <span class="p">(</span> <span class="n">grpcMetrics</span> <span class="o">=</span> <span class="n">grpcprom</span><span class="o">.</span><span class="n">NewServerMetrics</span><span class="p">()</span> <span class="p">)</span> <span class="k">func</span> <span class="n">main</span><span class="p">()</span> <span class="p">{</span> <span class="o">....</span> <span class="c">// Create a new gRPC server</span> <span class="n">server</span> <span class="o">:=</span> <span class="n">grpc</span><span class="o">.</span><span class="n">NewServer</span><span class="p">(</span> <span class="n">grpc</span><span class="o">.</span><span class="n">StatsHandler</span><span class="p">(</span><span class="n">serverHandler</span><span class="p">),</span> <span class="n">grpc</span><span class="o">.</span><span class="n">ChainUnaryInterceptor</span><span class="p">(</span> <span class="n">grpcMetrics</span><span class="o">.</span><span class="n">UnaryServerInterceptor</span><span class="p">(),</span> <span class="p">),</span> <span class="n">grpc</span><span class="o">.</span><span class="n">ChainStreamInterceptor</span><span class="p">(</span> <span class="n">grpcMetrics</span><span class="o">.</span><span class="n">StreamServerInterceptor</span><span class="p">(),</span> <span class="p">),</span> <span class="p">)</span> <span class="c">// Start Prometheus HTTP server</span> <span class="k">go</span> <span class="k">func</span><span class="p">()</span> <span class="p">{</span> <span class="n">http</span><span class="o">.</span><span class="n">Handle</span><span class="p">(</span><span class="s">"/metrics"</span><span class="p">,</span> <span class="n">promhttp</span><span class="o">.</span><span class="n">Handler</span><span class="p">())</span> <span class="n">log</span><span class="o">.</span><span class="n">Println</span><span class="p">(</span><span class="s">"Prometheus metrics server running on port"</span><span class="p">,</span> <span class="n">metricsPort</span><span class="p">)</span> <span class="n">log</span><span class="o">.</span><span class="n">Fatal</span><span class="p">(</span><span class="n">http</span><span class="o">.</span><span class="n">ListenAndServe</span><span class="p">(</span><span class="n">metricsPort</span><span class="p">,</span> <span class="no">nil</span><span class="p">))</span> <span class="p">}()</span> <span class="p">}</span> </code></pre> </div> <blockquote> <p>Note we will have similar change in <code>orderd</code> service for server setting in main.go file</p> </blockquote> <h3> Step 2: Define custom metrics for API service for <code>userd</code> service </h3> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">package</span> <span class="n">service</span> <span class="k">import</span> <span class="s">"github.com/prometheus/client_golang/prometheus"</span> <span class="k">const</span> <span class="p">(</span> <span class="n">serviceName</span> <span class="o">=</span> <span class="s">"userd"</span> <span class="n">component</span> <span class="o">=</span> <span class="s">"service"</span> <span class="n">loginHandlerLabel</span> <span class="o">=</span> <span class="s">"login_handler"</span> <span class="n">registerHandlerLabel</span> <span class="o">=</span> <span class="s">"register_handler"</span> <span class="n">meHandlerLabel</span> <span class="o">=</span> <span class="s">"me_handler"</span> <span class="n">successResultLabel</span> <span class="o">=</span> <span class="s">"success"</span> <span class="n">userNotFoundResultLabel</span> <span class="o">=</span> <span class="s">"user_not_found"</span> <span class="n">invalidPasswordResultLabel</span> <span class="o">=</span> <span class="s">"invalid_password"</span> <span class="n">userExistsResultLabel</span> <span class="o">=</span> <span class="s">"user_exists"</span> <span class="n">invalidTokenResultLabel</span> <span class="o">=</span> <span class="s">"invalid_token"</span> <span class="n">missingTokenResultLabel</span> <span class="o">=</span> <span class="s">"missing_token"</span> <span class="p">)</span> <span class="k">var</span> <span class="p">(</span> <span class="c">// Metrics for login API</span> <span class="n">loginMetrics</span> <span class="o">=</span> <span class="n">prometheus</span><span class="o">.</span><span class="n">NewCounterVec</span><span class="p">(</span><span class="n">prometheus</span><span class="o">.</span><span class="n">CounterOpts</span><span class="p">{</span> <span class="n">Namespace</span><span class="o">:</span> <span class="n">serviceName</span><span class="p">,</span> <span class="n">Subsystem</span><span class="o">:</span> <span class="n">component</span><span class="p">,</span> <span class="n">Name</span><span class="o">:</span> <span class="n">loginHandlerLabel</span><span class="p">,</span> <span class="p">},</span> <span class="p">[]</span><span class="kt">string</span><span class="p">{</span><span class="s">"result"</span><span class="p">})</span> <span class="n">registerMetrics</span> <span class="o">=</span> <span class="n">prometheus</span><span class="o">.</span><span class="n">NewCounterVec</span><span class="p">(</span><span class="n">prometheus</span><span class="o">.</span><span class="n">CounterOpts</span><span class="p">{</span> <span class="n">Namespace</span><span class="o">:</span> <span class="n">serviceName</span><span class="p">,</span> <span class="n">Subsystem</span><span class="o">:</span> <span class="n">component</span><span class="p">,</span> <span class="n">Name</span><span class="o">:</span> <span class="n">registerHandlerLabel</span><span class="p">,</span> <span class="p">},</span> <span class="p">[]</span><span class="kt">string</span><span class="p">{</span><span class="s">"result"</span><span class="p">})</span> <span class="n">meMetrics</span> <span class="o">=</span> <span class="n">prometheus</span><span class="o">.</span><span class="n">NewCounterVec</span><span class="p">(</span><span class="n">prometheus</span><span class="o">.</span><span class="n">CounterOpts</span><span class="p">{</span> <span class="n">Namespace</span><span class="o">:</span> <span class="n">serviceName</span><span class="p">,</span> <span class="n">Subsystem</span><span class="o">:</span> <span class="n">component</span><span class="p">,</span> <span class="n">Name</span><span class="o">:</span> <span class="n">meHandlerLabel</span><span class="p">,</span> <span class="p">},</span> <span class="p">[]</span><span class="kt">string</span><span class="p">{</span><span class="s">"result"</span><span class="p">})</span> <span class="p">)</span> </code></pre> </div> <h3> Step 3: Call metrics in service handlers </h3> <p>Example: Login <code>service/login.go</code><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="c">// Get user by email</span> <span class="n">resUser</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">s</span><span class="o">.</span><span class="n">DBProvider</span><span class="o">.</span><span class="n">GetUserByEmail</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="n">email</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">if</span> <span class="n">errors</span><span class="o">.</span><span class="n">Is</span><span class="p">(</span><span class="n">err</span><span class="p">,</span> <span class="n">gorm</span><span class="o">.</span><span class="n">ErrRecordNotFound</span><span class="p">)</span> <span class="p">{</span> <span class="n">loginMetrics</span><span class="o">.</span><span class="n">WithLabelValues</span><span class="p">(</span><span class="n">userNotFoundResultLabel</span><span class="p">)</span><span class="o">.</span><span class="n">Inc</span><span class="p">()</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">errors</span><span class="o">.</span><span class="n">New</span><span class="p">(</span><span class="s">"user not found"</span><span class="p">)</span> <span class="p">}</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">err</span> <span class="p">}</span> <span class="c">// Match password</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">bcrypt</span><span class="o">.</span><span class="n">CompareHashAndPassword</span><span class="p">([]</span><span class="kt">byte</span><span class="p">(</span><span class="n">resUser</span><span class="o">.</span><span class="n">Password</span><span class="p">),</span> <span class="p">[]</span><span class="kt">byte</span><span class="p">(</span><span class="n">password</span><span class="p">));</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">loginMetrics</span><span class="o">.</span><span class="n">WithLabelValues</span><span class="p">(</span><span class="n">invalidPasswordResultLabel</span><span class="p">)</span><span class="o">.</span><span class="n">Inc</span><span class="p">()</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">errors</span><span class="o">.</span><span class="n">New</span><span class="p">(</span><span class="s">"invalid password"</span><span class="p">)</span> <span class="p">}</span> <span class="c">// Generate JWT token</span> <span class="n">token</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">utils</span><span class="o">.</span><span class="n">GenerateJWT</span><span class="p">(</span><span class="n">s</span><span class="o">.</span><span class="n">JWTSecret</span><span class="p">,</span> <span class="n">resUser</span><span class="o">.</span><span class="n">ID</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">err</span> <span class="p">}</span> <span class="n">loginMetrics</span><span class="o">.</span><span class="n">WithLabelValues</span><span class="p">(</span><span class="n">successResultLabel</span><span class="p">)</span><span class="o">.</span><span class="n">Inc</span><span class="p">()</span> </code></pre> </div> <h2> Integrating Metrics in <a href="https://github.com/lakhansamani/ecom-grpc-orderd" rel="noopener noreferrer">orderd</a> </h2> <p><a href="https://github.com/lakhansamani/ecom-grpc-orderd" rel="noopener noreferrer">orderd</a> needs both server-side and client-side metrics calls for grpc <a href="https://github.com/lakhansamani/ecom-grpc-userd" rel="noopener noreferrer">userd</a>.</p> <h3> Step 1 remains same as <code>userd</code> service. </h3> <h3> Step 2: Add gRPC Client Interceptors </h3> <p>gRPC client interceptor helps in collecting grpc metrics while making call to <code>userd</code> service here.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">var</span> <span class="p">(</span> <span class="n">grpcClientMetrics</span> <span class="o">=</span> <span class="n">grpcprom</span><span class="o">.</span><span class="n">NewClientMetrics</span><span class="p">()</span> <span class="p">)</span> <span class="c">// Create UserServiceClient using grpc</span> <span class="n">grpcConn</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">grpc</span><span class="o">.</span><span class="n">NewClient</span><span class="p">(</span> <span class="n">userServiceURL</span><span class="p">,</span> <span class="n">grpc</span><span class="o">.</span><span class="n">WithTransportCredentials</span><span class="p">(</span><span class="n">insecure</span><span class="o">.</span><span class="n">NewCredentials</span><span class="p">()),</span> <span class="n">grpc</span><span class="o">.</span><span class="n">WithStatsHandler</span><span class="p">(</span><span class="n">openTelemetryClientHandler</span><span class="p">),</span> <span class="c">// Add gRPC Client Interceptors for Prometheus Metrics</span> <span class="n">grpc</span><span class="o">.</span><span class="n">WithUnaryInterceptor</span><span class="p">(</span><span class="n">grpcClientMetrics</span><span class="o">.</span><span class="n">UnaryClientInterceptor</span><span class="p">()),</span> <span class="n">grpc</span><span class="o">.</span><span class="n">WithStreamInterceptor</span><span class="p">(</span><span class="n">grpcClientMetrics</span><span class="o">.</span><span class="n">StreamClientInterceptor</span><span class="p">()),</span> <span class="p">)</span> <span class="n">userServiceClient</span> <span class="o">:=</span> <span class="n">user</span><span class="o">.</span><span class="n">NewUserServiceClient</span><span class="p">(</span><span class="n">grpcConn</span><span class="p">)</span> </code></pre> </div> <h3> Step 3: Define metrics for <code>orderd</code> services </h3> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">package</span> <span class="n">service</span> <span class="k">import</span> <span class="s">"github.com/prometheus/client_golang/prometheus"</span> <span class="k">const</span> <span class="p">(</span> <span class="n">serviceName</span> <span class="o">=</span> <span class="s">"orderd"</span> <span class="n">component</span> <span class="o">=</span> <span class="s">"service"</span> <span class="n">totalOrdersCreatedMetric</span> <span class="o">=</span> <span class="s">"total_orders"</span> <span class="n">totalFetchedOrdersMetric</span> <span class="o">=</span> <span class="s">"total_fetched_orders"</span> <span class="n">successResultLabel</span> <span class="o">=</span> <span class="s">"success"</span> <span class="n">failedResultLabel</span> <span class="o">=</span> <span class="s">"failed"</span> <span class="p">)</span> <span class="k">var</span> <span class="p">(</span> <span class="n">ordersCreatedMetrics</span> <span class="o">=</span> <span class="n">prometheus</span><span class="o">.</span><span class="n">NewCounterVec</span><span class="p">(</span><span class="n">prometheus</span><span class="o">.</span><span class="n">CounterOpts</span><span class="p">{</span> <span class="n">Namespace</span><span class="o">:</span> <span class="n">serviceName</span><span class="p">,</span> <span class="n">Subsystem</span><span class="o">:</span> <span class="n">component</span><span class="p">,</span> <span class="n">Name</span><span class="o">:</span> <span class="n">totalOrdersCreatedMetric</span><span class="p">,</span> <span class="p">},</span> <span class="p">[]</span><span class="kt">string</span><span class="p">{</span><span class="s">"result"</span><span class="p">})</span> <span class="n">ordersFetchedMetrics</span> <span class="o">=</span> <span class="n">prometheus</span><span class="o">.</span><span class="n">NewCounterVec</span><span class="p">(</span><span class="n">prometheus</span><span class="o">.</span><span class="n">CounterOpts</span><span class="p">{</span> <span class="n">Namespace</span><span class="o">:</span> <span class="n">serviceName</span><span class="p">,</span> <span class="n">Subsystem</span><span class="o">:</span> <span class="n">component</span><span class="p">,</span> <span class="n">Name</span><span class="o">:</span> <span class="n">totalFetchedOrdersMetric</span><span class="p">,</span> <span class="p">},</span> <span class="p">[]</span><span class="kt">string</span><span class="p">{</span><span class="s">"result"</span><span class="p">,</span> <span class="s">"order_id"</span><span class="p">})</span> <span class="p">)</span> </code></pre> </div> <h2> Step 4: Example integration of metrics in api services </h2> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="n">resOrder</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">s</span><span class="o">.</span><span class="n">DBProvider</span><span class="o">.</span><span class="n">GetOrderById</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="n">orderID</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">ordersFetchedMetrics</span><span class="o">.</span><span class="n">WithLabelValues</span><span class="p">(</span><span class="n">failedResultLabel</span><span class="p">,</span> <span class="n">orderID</span><span class="p">)</span><span class="o">.</span><span class="n">Inc</span><span class="p">()</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">err</span> <span class="p">}</span> <span class="n">ordersFetchedMetrics</span><span class="o">.</span><span class="n">WithLabelValues</span><span class="p">(</span><span class="n">successResultLabel</span><span class="p">,</span> <span class="n">orderID</span><span class="p">)</span><span class="o">.</span><span class="n">Inc</span><span class="p">()</span> </code></pre> </div> <h2> Setting Up Prometheus </h2> <h3> Step 1: Define Prometheus configurations </h3> <p>Create a file called <code>prometheus.yml</code> with following configurations<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">global</span><span class="pi">:</span> <span class="na">scrape_interval</span><span class="pi">:</span> <span class="s">5s</span> <span class="na">scrape_configs</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">job_name</span><span class="pi">:</span> <span class="s2">"</span><span class="s">userd"</span> <span class="na">static_configs</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">targets</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">host.docker.internal:9091"</span><span class="pi">]</span> <span class="pi">-</span> <span class="na">job_name</span><span class="pi">:</span> <span class="s2">"</span><span class="s">orderd"</span> <span class="na">static_configs</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">targets</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">host.docker.internal:9092"</span><span class="pi">]</span> </code></pre> </div> <p>Here we are configuring targets that prometheus will scrape for metrics, note we are using <code>host.docker.internal</code> as we are going to setup with docker, if service and prometheus are on same network you can also use localhost there.</p> <h3> Step 2: Run prometheus using docker </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>docker run <span class="nt">-d</span> <span class="nt">--name</span><span class="o">=</span>prometheus <span class="nt">-p</span> 9090:9090 <span class="nt">-v</span> <span class="si">$(</span><span class="nb">pwd</span><span class="si">)</span>/prometheus.yml:/etc/prometheus/prometheus.yml prom/prometheus </code></pre> </div> <p>Note: we are using the path for above defined <code>prometheus.yml</code> here.</p> <p>Open <a href="http://localhost:9090" rel="noopener noreferrer">http://localhost:9090</a> in your browser to visualize metrics.</p> <h2> Setting up Alerts using prometheus </h2> <p>Lets try to setup alert for invalid password attempts &gt; 3</p> <h3> Step 1: Create <code>alert_rules.yml</code> </h3> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">groups</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">grpc_alerts</span> <span class="na">rules</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">alert</span><span class="pi">:</span> <span class="s">HighGRPCFailures</span> <span class="na">expr</span><span class="pi">:</span> <span class="s">increase(grpc_client_failed_requests_total[1m]) &gt; </span><span class="m">5</span> <span class="na">for</span><span class="pi">:</span> <span class="s">1m</span> <span class="na">labels</span><span class="pi">:</span> <span class="na">severity</span><span class="pi">:</span> <span class="s">critical</span> <span class="na">annotations</span><span class="pi">:</span> <span class="na">summary</span><span class="pi">:</span> <span class="s2">"</span><span class="s">High</span><span class="nv"> </span><span class="s">gRPC</span><span class="nv"> </span><span class="s">Client</span><span class="nv"> </span><span class="s">Failures"</span> <span class="na">description</span><span class="pi">:</span> <span class="s2">"</span><span class="s">More</span><span class="nv"> </span><span class="s">than</span><span class="nv"> </span><span class="s">5</span><span class="nv"> </span><span class="s">gRPC</span><span class="nv"> </span><span class="s">client</span><span class="nv"> </span><span class="s">failures</span><span class="nv"> </span><span class="s">detected</span><span class="nv"> </span><span class="s">in</span><span class="nv"> </span><span class="s">the</span><span class="nv"> </span><span class="s">last</span><span class="nv"> </span><span class="s">minute."</span> </code></pre> </div> <h3> Step 2: Create <code>alertmanager.yml</code> </h3> <p>Just a dummy example to setup slack alerts<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">global</span><span class="pi">:</span> <span class="na">resolve_timeout</span><span class="pi">:</span> <span class="s">5m</span> <span class="na">route</span><span class="pi">:</span> <span class="na">receiver</span><span class="pi">:</span> <span class="s2">"</span><span class="s">slack-notifications"</span> <span class="na">receivers</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s2">"</span><span class="s">slack-notifications"</span> <span class="na">slack_configs</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">channel</span><span class="pi">:</span> <span class="s2">"</span><span class="s">#alerts"</span> <span class="na">send_resolved</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">username</span><span class="pi">:</span> <span class="s2">"</span><span class="s">prometheus"</span> <span class="na">api_url</span><span class="pi">:</span> <span class="s2">"</span><span class="s">https://hooks.slack.com/services/YOUR/SLACK/WEBHOOK"</span> </code></pre> </div> <h3> Step 3: Update <code>prometheus.yml</code> </h3> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">global</span><span class="pi">:</span> <span class="na">scrape_interval</span><span class="pi">:</span> <span class="s">5s</span> <span class="na">alerting</span><span class="pi">:</span> <span class="na">alertmanagers</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">static_configs</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">targets</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">host.docker.internal:9093"</span><span class="pi">]</span> <span class="na">rule_files</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">alert_rules.yml</span> <span class="na">scrape_configs</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">job_name</span><span class="pi">:</span> <span class="s2">"</span><span class="s">userd"</span> <span class="na">static_configs</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">targets</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">host.docker.internal:9091"</span><span class="pi">]</span> <span class="pi">-</span> <span class="na">job_name</span><span class="pi">:</span> <span class="s2">"</span><span class="s">orderd"</span> <span class="na">static_configs</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">targets</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">host.docker.internal:9092"</span><span class="pi">]</span> </code></pre> </div> <h3> Step 4: Start <code>alertmanager</code> &amp; Restart <code>prometheus</code> </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>docker run <span class="nt">-d</span> <span class="nt">--name</span><span class="o">=</span>alertmanager <span class="se">\</span> <span class="nt">-p</span> 9093:9093 <span class="se">\</span> <span class="nt">-v</span> <span class="si">$(</span><span class="nb">pwd</span><span class="si">)</span>/alertmanager.yml:/etc/alertmanager/alertmanager.yml <span class="se">\</span> prom/alertmanager </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>docker run <span class="nt">-d</span> <span class="nt">--name</span><span class="o">=</span>prometheus <span class="nt">-p</span> 9090:9090 <span class="nt">-v</span> <span class="si">$(</span><span class="nb">pwd</span><span class="si">)</span>/prometheus.yml:/etc/prometheus/prometheus.yml <span class="nt">-v</span> <span class="si">$(</span><span class="nb">pwd</span><span class="si">)</span>/alert_rules.yml:/etc/prometheus/alert_rules.yml prom/prometheus </code></pre> </div> <h2> Code Links </h2> <p>For complete change log, pls check</p> <ul> <li><a href="https://github.com/lakhansamani/ecom-grpc-userd/commit/07975bbf5483c3864d42abd20b71b3df98672958" rel="noopener noreferrer">userd commit</a></li> <li><a href="https://github.com/lakhansamani/ecom-grpc-orderd/commit/2130b354b6b37f6958d0f0decb450f6238795f5a" rel="noopener noreferrer">orderd commit</a></li> </ul> <p>Conclusion</p> <p>We successfully added monitoring and alerting using prometheus metrics and alertmanager to our distributed app</p> <h2> Next Steps: </h2> <p>Explore deploying distributed app on k8s</p> <p>Stay tuned for the next post! 🚀</p> monitoring alerting observability distributedsystems Implementing tracing in distributed systems - Part 5 Lakhan Samani Fri, 07 Mar 2025 18:11:09 +0000 https://dev.to/lakhansamani/implementing-tracing-in-distributed-systems-part-5-1a40 https://dev.to/lakhansamani/implementing-tracing-in-distributed-systems-part-5-1a40 <h2> Introduction </h2> <p>In <a href="https://www.lakhan.me/posts/implementing-orderd-part-4/" rel="noopener noreferrer">Part 4</a>, we implemented the orderd service. In a distributed system, tracking what happens across multiple services is crucial. Logging provides insights into what occurred, while tracing helps follow a request's journey across services.</p> <p>In this post, we will set up distributed tracing in our e-commerce system <a href="https://github.com/lakhansamani/ecom-grpc-userd" rel="noopener noreferrer">userd</a> and <a href="https://github.com/lakhansamani/ecom-grpc-orderd" rel="noopener noreferrer">orderd</a> services using OpenTelemetry and Jaeger. This will help us visualize the flow of requests and debug performance bottlenecks.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F62vff25yoa5brat4dkc5.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F62vff25yoa5brat4dkc5.png" alt="img" width="800" height="433"></a></p> <blockquote> <p>Check when get order service is called how the trace is made to user service and db methods.</p> </blockquote> <h2> Why OpenTelemetry and Jaeger? </h2> <p>OpenTelemetry (OTel) is a vendor-neutral observability framework that provides standardized tools for metrics, logs, and traces. Jaeger, originally developed at Uber, is a distributed tracing tool that helps monitor and troubleshoot transactions in microservices-based systems.</p> <h2> Why not just logs? </h2> <ul> <li>Logs capture discrete events but do not provide a structured way to see how a request moves across multiple services.</li> <li>Tracing provides an end-to-end view of a request and shows where delays occur.</li> </ul> <p>Benefits of OpenTelemetry and Jaeger:</p> <ul> <li>✅ End-to-end tracing: Tracks requests across microservices.</li> <li>✅ Root cause analysis: Helps find performance bottlenecks.</li> <li>✅ Open standard: Works with multiple backends like Jaeger, Zipkin, Prometheus, and Datadog.</li> <li>✅ Automatic instrumentation: Hooks into gRPC, HTTP, and database calls without major code changes.</li> </ul> <h2> Implementing Tracing in <a href="https://github.com/lakhansamani/ecom-grpc-userd" rel="noopener noreferrer">userd</a> </h2> <p>We update <a href="https://github.com/lakhansamani/ecom-grpc-userd" rel="noopener noreferrer">userd</a> to send traces using OpenTelemetry.</p> <h3> Step 1: Configure OpenTelemetry in main.go </h3> <p>Check the exporter here, we will exporting trace to Jaeger endpoint that way it can collect all the traces.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="n">ctx</span> <span class="o">:=</span> <span class="n">context</span><span class="o">.</span><span class="n">Background</span><span class="p">()</span> <span class="n">exporter</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">otlptracegrpc</span><span class="o">.</span><span class="n">New</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="n">otlptracegrpc</span><span class="o">.</span><span class="n">WithInsecure</span><span class="p">(),</span> <span class="n">otlptracegrpc</span><span class="o">.</span><span class="n">WithEndpoint</span><span class="p">(</span><span class="s">"localhost:4317"</span><span class="p">))</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">log</span><span class="o">.</span><span class="n">Fatalf</span><span class="p">(</span><span class="s">"failed to create OTLP trace exporter: %v"</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span> <span class="p">}</span> <span class="n">tracerProvider</span> <span class="o">:=</span> <span class="n">trace</span><span class="o">.</span><span class="n">NewTracerProvider</span><span class="p">(</span> <span class="n">trace</span><span class="o">.</span><span class="n">WithBatcher</span><span class="p">(</span><span class="n">exporter</span><span class="p">),</span> <span class="n">trace</span><span class="o">.</span><span class="n">WithResource</span><span class="p">(</span><span class="n">resource</span><span class="o">.</span><span class="n">NewWithAttributes</span><span class="p">(</span> <span class="n">semconv</span><span class="o">.</span><span class="n">SchemaURL</span><span class="p">,</span> <span class="n">semconv</span><span class="o">.</span><span class="n">ServiceNameKey</span><span class="o">.</span><span class="n">String</span><span class="p">(</span><span class="s">"userd"</span><span class="p">),</span> <span class="p">)),</span> <span class="p">)</span> <span class="n">otel</span><span class="o">.</span><span class="n">SetTracerProvider</span><span class="p">(</span><span class="n">tracerProvider</span><span class="p">)</span> </code></pre> </div> <h3> Step 2: Add Tracing to gRPC Server </h3> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="n">serverHandler</span> <span class="o">:=</span> <span class="n">otelgrpc</span><span class="o">.</span><span class="n">NewServerHandler</span><span class="p">(</span> <span class="n">otelgrpc</span><span class="o">.</span><span class="n">WithTracerProvider</span><span class="p">(</span><span class="n">tracerProvider</span><span class="p">),</span> <span class="p">)</span> <span class="n">server</span> <span class="o">:=</span> <span class="n">grpc</span><span class="o">.</span><span class="n">NewServer</span><span class="p">(</span> <span class="n">grpc</span><span class="o">.</span><span class="n">StatsHandler</span><span class="p">(</span><span class="n">serverHandler</span><span class="p">),</span> <span class="p">)</span> </code></pre> </div> <h3> Step 3: Add Trace Spans in UserService methods </h3> <p>example, adding trace span to <code>Register</code> service in <code>service/register.go</code><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>ctx, span := s.trace.Start(ctx, "Register") defer span.End() </code></pre> </div> <h3> Step 4: Add trace to db calls. </h3> <p>In order to achieve this, we need to add plugin and call db methods with context</p> <p>Updated <code>db/db.go</code> db provider<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="c">// New creates new database provider</span> <span class="c">// connects to db and returns the provider</span> <span class="k">func</span> <span class="n">New</span><span class="p">(</span><span class="n">dbURL</span> <span class="kt">string</span><span class="p">)</span> <span class="n">Provider</span> <span class="p">{</span> <span class="n">db</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">gorm</span><span class="o">.</span><span class="n">Open</span><span class="p">(</span><span class="n">postgres</span><span class="o">.</span><span class="n">Open</span><span class="p">(</span><span class="n">dbURL</span><span class="p">),</span> <span class="o">&amp;</span><span class="n">gorm</span><span class="o">.</span><span class="n">Config</span><span class="p">{})</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">log</span><span class="o">.</span><span class="n">Fatalf</span><span class="p">(</span><span class="s">"Failed to connect to database: %v"</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span> <span class="p">}</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">db</span><span class="o">.</span><span class="n">Use</span><span class="p">(</span><span class="n">tracing</span><span class="o">.</span><span class="n">NewPlugin</span><span class="p">());</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">log</span><span class="o">.</span><span class="n">Fatalf</span><span class="p">(</span><span class="s">"Failed to use tracing plugin: %v"</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span> <span class="p">}</span> <span class="c">// Auto-migrate User model</span> <span class="n">db</span><span class="o">.</span><span class="n">AutoMigrate</span><span class="p">(</span><span class="o">&amp;</span><span class="n">User</span><span class="p">{})</span> <span class="k">return</span> <span class="o">&amp;</span><span class="n">provider</span><span class="p">{</span><span class="n">db</span><span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h2> Implementing Tracing in <a href="https://github.com/lakhansamani/ecom-grpc-orderd" rel="noopener noreferrer">orderd</a> </h2> <p><a href="https://github.com/lakhansamani/ecom-grpc-orderd" rel="noopener noreferrer">orderd</a> needs both server-side and client-side tracing since it calls <a href="https://github.com/lakhansamani/ecom-grpc-userd" rel="noopener noreferrer">userd</a>.</p> <h3> Step 1,2,3,4 remains same as userd service. </h3> <h3> Step 5: Add gRPC Client Tracing for userd </h3> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="n">openTelemetryClientHandler</span> <span class="o">:=</span> <span class="n">otelgrpc</span><span class="o">.</span><span class="n">NewClientHandler</span><span class="p">(</span> <span class="n">otelgrpc</span><span class="o">.</span><span class="n">WithTracerProvider</span><span class="p">(</span><span class="n">tracerProvider</span><span class="p">),</span> <span class="p">)</span> <span class="n">grpcConn</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">grpc</span><span class="o">.</span><span class="n">NewClient</span><span class="p">(</span> <span class="n">userServiceURL</span><span class="p">,</span> <span class="n">grpc</span><span class="o">.</span><span class="n">WithTransportCredentials</span><span class="p">(</span><span class="n">insecure</span><span class="o">.</span><span class="n">NewCredentials</span><span class="p">()),</span> <span class="n">grpc</span><span class="o">.</span><span class="n">WithStatsHandler</span><span class="p">(</span><span class="n">openTelemetryClientHandler</span><span class="p">),</span> <span class="p">)</span> <span class="n">userServiceClient</span> <span class="o">:=</span> <span class="n">user</span><span class="o">.</span><span class="n">NewUserServiceClient</span><span class="p">(</span><span class="n">grpcConn</span><span class="p">)</span> </code></pre> </div> <h2> Setting Up Jaeger </h2> <h3> Step 1: Run Jaeger using Docker </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>docker run <span class="nt">-d</span> <span class="nt">--name</span> jaeger <span class="se">\</span> <span class="nt">-e</span> <span class="nv">COLLECTOR_OTLP_ENABLED</span><span class="o">=</span><span class="nb">true</span> <span class="se">\</span> <span class="nt">-p</span> 16686:16686 <span class="se">\</span> <span class="nt">-p</span> 4317:4317 <span class="se">\</span> <span class="nt">-p</span> 4318:4318 <span class="se">\</span> jaegertracing/all-in-one:latest </code></pre> </div> <h3> Step 2: View Traces in Jaeger UI </h3> <p>Open <a href="http://localhost:16686" rel="noopener noreferrer">http://localhost:16686</a> in your browser to visualize traces.</p> <h2> Code Links </h2> <p>For complete change log, pls check</p> <ul> <li><a href="https://github.com/lakhansamani/ecom-grpc-userd/commit/927cb2d46250d87957c4754419aa5e16baf391f6" rel="noopener noreferrer">userd commit</a></li> <li><a href="https://github.com/lakhansamani/ecom-grpc-orderd/commit/d72ad99ad1af3803dab414abbef5b0305de14461" rel="noopener noreferrer">orderd commit</a></li> </ul> <p>Conclusion</p> <p>We successfully added OpenTelemetry tracing to our userd and orderd services. By using Jaeger, we can visualize request flows, diagnose bottlenecks, and improve performance in our distributed system.</p> <h2> Next Steps: </h2> <p>Explore monitoring and metrics collection using Prometheus.</p> <p>Stay tuned for the next post! 🚀</p> observability grpc microservices traceability Implementing Order Service with Golang, gRPC and PostgreSQL - Part 4 Lakhan Samani Thu, 06 Mar 2025 15:22:44 +0000 https://dev.to/lakhansamani/implementing-order-service-with-golang-grpc-and-postgresql-part-4-1f12 https://dev.to/lakhansamani/implementing-order-service-with-golang-grpc-and-postgresql-part-4-1f12 <h2> Introduction </h2> <p>In <a href="https://www.lakhan.me/posts/implementing-userd-part-3/" rel="noopener noreferrer">Part 3</a> we implemented user service. In this post, we will implement an <strong>Order Service</strong> using <strong>Golang, gRPC, PostgreSQL, and GORM</strong>.</p> <blockquote> <p>Note: We are using static price here for product passed in create order request and we will be connecting to user service via grpc to authorize user.</p> </blockquote> <h2> Project Structure </h2> <p>The folder structure for the service is as follows:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>ecom-grpc/orderd/ │-- db/ │ │-- db.go │ │-- order.go │-- service/ │ │-- service.go │ │-- create_order.go │ │-- get_order.go │-- main.go │-- .env │-- Dockerfile │-- .dockerignore </code></pre> </div> <p>Each file serves a specific purpose in maintaining a clean and modular design.</p> <h2> Setting Up the Database </h2> <p>We'll use <strong>PostgreSQL</strong> as our database. If you don’t have PostgreSQL installed, you can run it using Docker:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>docker run <span class="nt">--name</span> postgres-cluster <span class="nt">-e</span> <span class="nv">POSTGRES_PASSWORD</span><span class="o">=</span>postgres <span class="nt">-p</span> 5432:5432 <span class="nt">-d</span> postgres docker <span class="nb">exec</span> <span class="nt">-it</span> postgres-cluster psql <span class="nt">-U</span> postgres <span class="nt">-c</span> <span class="s2">"CREATE DATABASE orderdb;"</span> </code></pre> </div> <h2> Database Layer (<code>db/</code>) </h2> <p>The <strong>db package</strong> handles all interactions with PostgreSQL.</p> <h3> <code>db/db.go</code> - Database Connection </h3> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">package</span> <span class="n">db</span> <span class="k">import</span> <span class="p">(</span> <span class="s">"log"</span> <span class="s">"gorm.io/driver/postgres"</span> <span class="s">"gorm.io/gorm"</span> <span class="p">)</span> <span class="c">// Provider defines the interface for the database provider</span> <span class="k">type</span> <span class="n">Provider</span> <span class="k">interface</span> <span class="p">{</span> <span class="n">CreateOrder</span><span class="p">(</span><span class="n">order</span> <span class="o">*</span><span class="n">Order</span><span class="p">)</span> <span class="p">(</span><span class="o">*</span><span class="n">Order</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="n">GetOrderById</span><span class="p">(</span><span class="n">id</span> <span class="kt">string</span><span class="p">)</span> <span class="p">(</span><span class="o">*</span><span class="n">Order</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">}</span> <span class="c">// provider implements the Provider interface</span> <span class="k">type</span> <span class="n">provider</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">db</span> <span class="o">*</span><span class="n">gorm</span><span class="o">.</span><span class="n">DB</span> <span class="p">}</span> <span class="c">// New creates new database provider</span> <span class="c">// connects to db and returns the provider</span> <span class="k">func</span> <span class="n">New</span><span class="p">(</span><span class="n">dbURL</span> <span class="kt">string</span><span class="p">)</span> <span class="n">Provider</span> <span class="p">{</span> <span class="n">db</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">gorm</span><span class="o">.</span><span class="n">Open</span><span class="p">(</span><span class="n">postgres</span><span class="o">.</span><span class="n">Open</span><span class="p">(</span><span class="n">dbURL</span><span class="p">),</span> <span class="o">&amp;</span><span class="n">gorm</span><span class="o">.</span><span class="n">Config</span><span class="p">{})</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">log</span><span class="o">.</span><span class="n">Fatalf</span><span class="p">(</span><span class="s">"Failed to connect to database: %v"</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span> <span class="p">}</span> <span class="c">// Auto-migrate User model</span> <span class="n">db</span><span class="o">.</span><span class="n">AutoMigrate</span><span class="p">(</span><span class="o">&amp;</span><span class="n">Order</span><span class="p">{})</span> <span class="k">return</span> <span class="o">&amp;</span><span class="n">provider</span><span class="p">{</span><span class="n">db</span><span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h3> <code>db/order.go</code> - Order Model </h3> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">package</span> <span class="n">db</span> <span class="k">import</span> <span class="p">(</span> <span class="s">"github.com/google/uuid"</span> <span class="s">"gorm.io/gorm"</span> <span class="n">order</span> <span class="s">"github.com/lakhansamani/ecom-grpc-apis/order/v1"</span> <span class="p">)</span> <span class="c">// Order represents the Order model in DB</span> <span class="k">type</span> <span class="n">Order</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">ID</span> <span class="kt">string</span> <span class="s">`gorm:"primaryKey"`</span> <span class="n">UserID</span> <span class="kt">string</span> <span class="n">Product</span> <span class="kt">string</span> <span class="n">Quantity</span> <span class="kt">int32</span> <span class="n">UnitPrice</span> <span class="kt">float64</span> <span class="p">}</span> <span class="c">// AsAPIOrder converts the Order model to API Order</span> <span class="k">func</span> <span class="p">(</span><span class="n">o</span> <span class="o">*</span><span class="n">Order</span><span class="p">)</span> <span class="n">AsAPIOrder</span><span class="p">()</span> <span class="o">*</span><span class="n">order</span><span class="o">.</span><span class="n">Order</span> <span class="p">{</span> <span class="k">return</span> <span class="o">&amp;</span><span class="n">order</span><span class="o">.</span><span class="n">Order</span><span class="p">{</span> <span class="n">Id</span><span class="o">:</span> <span class="n">o</span><span class="o">.</span><span class="n">ID</span><span class="p">,</span> <span class="n">UserId</span><span class="o">:</span> <span class="n">o</span><span class="o">.</span><span class="n">UserID</span><span class="p">,</span> <span class="n">Product</span><span class="o">:</span> <span class="n">o</span><span class="o">.</span><span class="n">Product</span><span class="p">,</span> <span class="n">Quantity</span><span class="o">:</span> <span class="n">o</span><span class="o">.</span><span class="n">Quantity</span><span class="p">,</span> <span class="n">UnitPrice</span><span class="o">:</span> <span class="n">o</span><span class="o">.</span><span class="n">UnitPrice</span><span class="p">,</span> <span class="p">}</span> <span class="p">}</span> <span class="c">// Before create</span> <span class="k">func</span> <span class="p">(</span><span class="n">o</span> <span class="o">*</span><span class="n">Order</span><span class="p">)</span> <span class="n">BeforeCreate</span><span class="p">(</span><span class="n">tx</span> <span class="o">*</span><span class="n">gorm</span><span class="o">.</span><span class="n">DB</span><span class="p">)</span> <span class="p">(</span><span class="n">err</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span> <span class="c">// Generate UUID</span> <span class="n">o</span><span class="o">.</span><span class="n">ID</span> <span class="o">=</span> <span class="n">uuid</span><span class="o">.</span><span class="n">NewString</span><span class="p">()</span> <span class="k">return</span> <span class="p">}</span> <span class="c">// CreateOrder creates a new order in the database</span> <span class="k">func</span> <span class="p">(</span><span class="n">p</span> <span class="o">*</span><span class="n">provider</span><span class="p">)</span> <span class="n">CreateOrder</span><span class="p">(</span><span class="n">o</span> <span class="o">*</span><span class="n">Order</span><span class="p">)</span> <span class="p">(</span><span class="o">*</span><span class="n">Order</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">p</span><span class="o">.</span><span class="n">db</span><span class="o">.</span><span class="n">Create</span><span class="p">(</span><span class="n">o</span><span class="p">)</span><span class="o">.</span><span class="n">Error</span> <span class="k">return</span> <span class="n">o</span><span class="p">,</span> <span class="n">err</span> <span class="p">}</span> <span class="c">// GetOrderById fetches a order by ID from the database</span> <span class="k">func</span> <span class="p">(</span><span class="n">p</span> <span class="o">*</span><span class="n">provider</span><span class="p">)</span> <span class="n">GetOrderById</span><span class="p">(</span><span class="n">id</span> <span class="kt">string</span><span class="p">)</span> <span class="p">(</span><span class="o">*</span><span class="n">Order</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span> <span class="k">var</span> <span class="n">o</span> <span class="n">Order</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">p</span><span class="o">.</span><span class="n">db</span><span class="o">.</span><span class="n">Where</span><span class="p">(</span><span class="s">"id = ?"</span><span class="p">,</span> <span class="n">id</span><span class="p">)</span><span class="o">.</span><span class="n">First</span><span class="p">(</span><span class="o">&amp;</span><span class="n">o</span><span class="p">)</span><span class="o">.</span><span class="n">Error</span> <span class="k">return</span> <span class="o">&amp;</span><span class="n">o</span><span class="p">,</span> <span class="n">err</span> <span class="p">}</span> </code></pre> </div> <h2> Service Layer (<code>service/</code>) </h2> <p>This layer implements the gRPC server and business logic.</p> <h3> <code>service/service.go</code> - Service Dependencies </h3> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">package</span> <span class="n">service</span> <span class="k">import</span> <span class="p">(</span> <span class="s">"context"</span> <span class="s">"errors"</span> <span class="s">"google.golang.org/grpc/metadata"</span> <span class="n">order</span> <span class="s">"github.com/lakhansamani/ecom-grpc-apis/order/v1"</span> <span class="n">user</span> <span class="s">"github.com/lakhansamani/ecom-grpc-apis/user/v1"</span> <span class="s">"github.com/lakhansamani/ecom-grpc-orderd/db"</span> <span class="p">)</span> <span class="k">type</span> <span class="n">Config</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">UserServiceAddress</span> <span class="kt">string</span> <span class="p">}</span> <span class="k">type</span> <span class="n">Dependencies</span> <span class="k">struct</span> <span class="p">{</span> <span class="c">// Add dependencies here</span> <span class="n">DBProvider</span> <span class="n">db</span><span class="o">.</span><span class="n">Provider</span> <span class="c">// UserService user.Service</span> <span class="n">UserService</span> <span class="n">user</span><span class="o">.</span><span class="n">UserServiceClient</span> <span class="p">}</span> <span class="c">// Service implements the Order service.</span> <span class="k">type</span> <span class="n">Service</span> <span class="k">interface</span> <span class="p">{</span> <span class="n">order</span><span class="o">.</span><span class="n">OrderServiceServer</span> <span class="p">}</span> <span class="k">type</span> <span class="n">service</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">Config</span> <span class="n">Dependencies</span> <span class="p">}</span> <span class="c">// New creates a new Order service.</span> <span class="k">func</span> <span class="n">New</span><span class="p">(</span><span class="n">cfg</span> <span class="n">Config</span><span class="p">,</span> <span class="n">deps</span> <span class="n">Dependencies</span><span class="p">)</span> <span class="n">Service</span> <span class="p">{</span> <span class="k">return</span> <span class="o">&amp;</span><span class="n">service</span><span class="p">{</span> <span class="n">Config</span><span class="o">:</span> <span class="n">cfg</span><span class="p">,</span> <span class="n">Dependencies</span><span class="o">:</span> <span class="n">deps</span><span class="p">,</span> <span class="p">}</span> <span class="p">}</span> <span class="c">// authorize verifies user using the user service and gets userID</span> <span class="k">func</span> <span class="p">(</span><span class="n">s</span> <span class="o">*</span><span class="n">service</span><span class="p">)</span> <span class="n">authorize</span><span class="p">(</span><span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">)</span> <span class="p">(</span><span class="kt">string</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span> <span class="n">md</span><span class="p">,</span> <span class="n">ok</span> <span class="o">:=</span> <span class="n">metadata</span><span class="o">.</span><span class="n">FromIncomingContext</span><span class="p">(</span><span class="n">ctx</span><span class="p">)</span> <span class="k">if</span> <span class="o">!</span><span class="n">ok</span> <span class="p">{</span> <span class="k">return</span> <span class="s">""</span><span class="p">,</span> <span class="n">errors</span><span class="o">.</span><span class="n">New</span><span class="p">(</span><span class="s">"missing metadata"</span><span class="p">)</span> <span class="p">}</span> <span class="n">authHeader</span><span class="p">,</span> <span class="n">exists</span> <span class="o">:=</span> <span class="n">md</span><span class="p">[</span><span class="s">"authorization"</span><span class="p">]</span> <span class="k">if</span> <span class="o">!</span><span class="n">exists</span> <span class="o">||</span> <span class="nb">len</span><span class="p">(</span><span class="n">authHeader</span><span class="p">)</span> <span class="o">==</span> <span class="m">0</span> <span class="p">{</span> <span class="k">return</span> <span class="s">""</span><span class="p">,</span> <span class="n">errors</span><span class="o">.</span><span class="n">New</span><span class="p">(</span><span class="s">"missing authorization token"</span><span class="p">)</span> <span class="p">}</span> <span class="n">token</span> <span class="o">:=</span> <span class="n">authHeader</span><span class="p">[</span><span class="m">0</span><span class="p">]</span> <span class="c">// add token to outgoing context</span> <span class="n">ctx</span> <span class="o">=</span> <span class="n">metadata</span><span class="o">.</span><span class="n">AppendToOutgoingContext</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="s">"authorization"</span><span class="p">,</span> <span class="n">token</span><span class="p">)</span> <span class="c">// Call user service to get user</span> <span class="n">userResp</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">s</span><span class="o">.</span><span class="n">UserService</span><span class="o">.</span><span class="n">Me</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="o">&amp;</span><span class="n">user</span><span class="o">.</span><span class="n">MeRequest</span><span class="p">{})</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="s">""</span><span class="p">,</span> <span class="n">err</span> <span class="p">}</span> <span class="k">return</span> <span class="n">userResp</span><span class="o">.</span><span class="n">GetUser</span><span class="p">()</span><span class="o">.</span><span class="n">GetId</span><span class="p">(),</span> <span class="no">nil</span> <span class="p">}</span> </code></pre> </div> <h3> <code>service/create_order.go</code> - Create Order API </h3> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">package</span> <span class="n">service</span> <span class="k">import</span> <span class="p">(</span> <span class="s">"context"</span> <span class="s">"errors"</span> <span class="n">order</span> <span class="s">"github.com/lakhansamani/ecom-grpc-apis/order/v1"</span> <span class="s">"github.com/lakhansamani/ecom-grpc-orderd/db"</span> <span class="p">)</span> <span class="c">// CreateOrder API to create a new order</span> <span class="c">// Permission: authenticated user</span> <span class="k">func</span> <span class="p">(</span><span class="n">s</span> <span class="o">*</span><span class="n">service</span><span class="p">)</span> <span class="n">CreateOrder</span><span class="p">(</span><span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">,</span> <span class="n">req</span> <span class="o">*</span><span class="n">order</span><span class="o">.</span><span class="n">CreateOrderRequest</span><span class="p">)</span> <span class="p">(</span><span class="o">*</span><span class="n">order</span><span class="o">.</span><span class="n">CreateOrderResponse</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span> <span class="c">// Authorizer user</span> <span class="n">userID</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">s</span><span class="o">.</span><span class="n">authorize</span><span class="p">(</span><span class="n">ctx</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">err</span> <span class="p">}</span> <span class="c">// Validate request</span> <span class="n">product</span> <span class="o">:=</span> <span class="n">req</span><span class="o">.</span><span class="n">GetProduct</span><span class="p">()</span> <span class="n">quantity</span> <span class="o">:=</span> <span class="n">req</span><span class="o">.</span><span class="n">GetQuantity</span><span class="p">()</span> <span class="k">if</span> <span class="n">product</span> <span class="o">==</span> <span class="s">""</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">errors</span><span class="o">.</span><span class="n">New</span><span class="p">(</span><span class="s">"product is required"</span><span class="p">)</span> <span class="p">}</span> <span class="k">if</span> <span class="n">quantity</span> <span class="o">&lt;=</span> <span class="m">0</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">errors</span><span class="o">.</span><span class="n">New</span><span class="p">(</span><span class="s">"quantity should be greater than 0"</span><span class="p">)</span> <span class="p">}</span> <span class="c">// Static Price</span> <span class="n">price</span> <span class="o">:=</span> <span class="kt">float64</span><span class="p">(</span><span class="m">10.5</span><span class="p">)</span> <span class="c">// Save order to database</span> <span class="n">resOrder</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">s</span><span class="o">.</span><span class="n">DBProvider</span><span class="o">.</span><span class="n">CreateOrder</span><span class="p">(</span><span class="o">&amp;</span><span class="n">db</span><span class="o">.</span><span class="n">Order</span><span class="p">{</span> <span class="n">UserID</span><span class="o">:</span> <span class="n">userID</span><span class="p">,</span> <span class="n">Product</span><span class="o">:</span> <span class="n">product</span><span class="p">,</span> <span class="n">Quantity</span><span class="o">:</span> <span class="n">quantity</span><span class="p">,</span> <span class="n">UnitPrice</span><span class="o">:</span> <span class="n">price</span><span class="p">,</span> <span class="p">})</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">err</span> <span class="p">}</span> <span class="k">return</span> <span class="o">&amp;</span><span class="n">order</span><span class="o">.</span><span class="n">CreateOrderResponse</span><span class="p">{</span> <span class="n">Order</span><span class="o">:</span> <span class="n">resOrder</span><span class="o">.</span><span class="n">AsAPIOrder</span><span class="p">(),</span> <span class="p">},</span> <span class="no">nil</span> <span class="p">}</span> </code></pre> </div> <h3> <code>service/get_order.go</code> - Get Order API </h3> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">package</span> <span class="n">service</span> <span class="k">import</span> <span class="p">(</span> <span class="s">"context"</span> <span class="s">"errors"</span> <span class="n">order</span> <span class="s">"github.com/lakhansamani/ecom-grpc-apis/order/v1"</span> <span class="p">)</span> <span class="c">// GetOrder API to get order details</span> <span class="c">// Permission: authenticated user who created the order</span> <span class="k">func</span> <span class="p">(</span><span class="n">s</span> <span class="o">*</span><span class="n">service</span><span class="p">)</span> <span class="n">GetOrder</span><span class="p">(</span><span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">,</span> <span class="n">req</span> <span class="o">*</span><span class="n">order</span><span class="o">.</span><span class="n">GetOrderRequest</span><span class="p">)</span> <span class="p">(</span><span class="o">*</span><span class="n">order</span><span class="o">.</span><span class="n">GetOrderResponse</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span> <span class="c">// Authorizer user</span> <span class="n">userID</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">s</span><span class="o">.</span><span class="n">authorize</span><span class="p">(</span><span class="n">ctx</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">err</span> <span class="p">}</span> <span class="c">// Get order from database</span> <span class="n">orderID</span> <span class="o">:=</span> <span class="n">req</span><span class="o">.</span><span class="n">GetId</span><span class="p">()</span> <span class="k">if</span> <span class="n">orderID</span> <span class="o">==</span> <span class="s">""</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">errors</span><span class="o">.</span><span class="n">New</span><span class="p">(</span><span class="s">"order id is required"</span><span class="p">)</span> <span class="p">}</span> <span class="n">resOrder</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">s</span><span class="o">.</span><span class="n">DBProvider</span><span class="o">.</span><span class="n">GetOrderById</span><span class="p">(</span><span class="n">orderID</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">err</span> <span class="p">}</span> <span class="c">// Check if user is authorized to get the order</span> <span class="k">if</span> <span class="n">resOrder</span><span class="o">.</span><span class="n">UserID</span> <span class="o">!=</span> <span class="n">userID</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">errors</span><span class="o">.</span><span class="n">New</span><span class="p">(</span><span class="s">"unauthorized"</span><span class="p">)</span> <span class="p">}</span> <span class="k">return</span> <span class="o">&amp;</span><span class="n">order</span><span class="o">.</span><span class="n">GetOrderResponse</span><span class="p">{</span> <span class="n">Order</span><span class="o">:</span> <span class="n">resOrder</span><span class="o">.</span><span class="n">AsAPIOrder</span><span class="p">(),</span> <span class="p">},</span> <span class="no">nil</span> <span class="p">}</span> </code></pre> </div> <h2> Main Entry Point (<code>main.go</code>) </h2> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">package</span> <span class="n">main</span> <span class="k">import</span> <span class="p">(</span> <span class="s">"log"</span> <span class="s">"net"</span> <span class="s">"os"</span> <span class="s">"github.com/joho/godotenv"</span> <span class="s">"google.golang.org/grpc"</span> <span class="s">"google.golang.org/grpc/credentials/insecure"</span> <span class="n">order</span> <span class="s">"github.com/lakhansamani/ecom-grpc-apis/order/v1"</span> <span class="n">user</span> <span class="s">"github.com/lakhansamani/ecom-grpc-apis/user/v1"</span> <span class="s">"github.com/lakhansamani/ecom-grpc-orderd/db"</span> <span class="s">"github.com/lakhansamani/ecom-grpc-orderd/service"</span> <span class="p">)</span> <span class="k">func</span> <span class="n">main</span><span class="p">()</span> <span class="p">{</span> <span class="c">// Read .env file as environment variables</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">godotenv</span><span class="o">.</span><span class="n">Load</span><span class="p">()</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">log</span><span class="o">.</span><span class="n">Println</span><span class="p">(</span><span class="s">".env file not found, using environment variables"</span><span class="p">)</span> <span class="p">}</span> <span class="c">// DB URL</span> <span class="n">dbURL</span> <span class="o">:=</span> <span class="n">os</span><span class="o">.</span><span class="n">Getenv</span><span class="p">(</span><span class="s">"DB_URL"</span><span class="p">)</span> <span class="k">if</span> <span class="n">dbURL</span> <span class="o">==</span> <span class="s">""</span> <span class="p">{</span> <span class="n">log</span><span class="o">.</span><span class="n">Fatal</span><span class="p">(</span><span class="s">"DB_URL is required"</span><span class="p">)</span> <span class="p">}</span> <span class="c">// Initialize database</span> <span class="n">dbProvider</span> <span class="o">:=</span> <span class="n">db</span><span class="o">.</span><span class="n">New</span><span class="p">(</span><span class="n">dbURL</span><span class="p">)</span> <span class="c">// Get User Service URL</span> <span class="n">userServiceURL</span> <span class="o">:=</span> <span class="n">os</span><span class="o">.</span><span class="n">Getenv</span><span class="p">(</span><span class="s">"USER_SERVICE_URL"</span><span class="p">)</span> <span class="k">if</span> <span class="n">userServiceURL</span> <span class="o">==</span> <span class="s">""</span> <span class="p">{</span> <span class="n">log</span><span class="o">.</span><span class="n">Fatal</span><span class="p">(</span><span class="s">"USER_SERVICE_URL is required"</span><span class="p">)</span> <span class="p">}</span> <span class="c">// Create UserServiceClient using grpc</span> <span class="n">grpcConn</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">grpc</span><span class="o">.</span><span class="n">NewClient</span><span class="p">(</span><span class="n">userServiceURL</span><span class="p">,</span> <span class="n">grpc</span><span class="o">.</span><span class="n">WithTransportCredentials</span><span class="p">(</span> <span class="n">insecure</span><span class="o">.</span><span class="n">NewCredentials</span><span class="p">(),</span> <span class="p">))</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">log</span><span class="o">.</span><span class="n">Fatalf</span><span class="p">(</span><span class="s">"Failed to dial UserService: %v"</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span> <span class="p">}</span> <span class="k">defer</span> <span class="n">grpcConn</span><span class="o">.</span><span class="n">Close</span><span class="p">()</span> <span class="n">userServiceClient</span> <span class="o">:=</span> <span class="n">user</span><span class="o">.</span><span class="n">NewUserServiceClient</span><span class="p">(</span><span class="n">grpcConn</span><span class="p">)</span> <span class="c">// Create a new gRPC server</span> <span class="n">server</span> <span class="o">:=</span> <span class="n">grpc</span><span class="o">.</span><span class="n">NewServer</span><span class="p">()</span> <span class="c">// Register OrderService with gRPC</span> <span class="n">orderService</span> <span class="o">:=</span> <span class="n">service</span><span class="o">.</span><span class="n">New</span><span class="p">(</span> <span class="n">service</span><span class="o">.</span><span class="n">Config</span><span class="p">{},</span> <span class="n">service</span><span class="o">.</span><span class="n">Dependencies</span><span class="p">{</span> <span class="n">DBProvider</span><span class="o">:</span> <span class="n">dbProvider</span><span class="p">,</span> <span class="n">UserService</span><span class="o">:</span> <span class="n">userServiceClient</span><span class="p">,</span> <span class="p">})</span> <span class="n">order</span><span class="o">.</span><span class="n">RegisterOrderServiceServer</span><span class="p">(</span><span class="n">server</span><span class="p">,</span> <span class="n">orderService</span><span class="p">)</span> <span class="c">// Start gRPC server</span> <span class="n">listener</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">net</span><span class="o">.</span><span class="n">Listen</span><span class="p">(</span><span class="s">"tcp"</span><span class="p">,</span> <span class="s">":50052"</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">log</span><span class="o">.</span><span class="n">Fatalf</span><span class="p">(</span><span class="s">"Failed to listen: %v"</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span> <span class="p">}</span> <span class="n">log</span><span class="o">.</span><span class="n">Println</span><span class="p">(</span><span class="s">"gRPC Server is running on port 50052..."</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">server</span><span class="o">.</span><span class="n">Serve</span><span class="p">(</span><span class="n">listener</span><span class="p">);</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">log</span><span class="o">.</span><span class="n">Fatalf</span><span class="p">(</span><span class="s">"Failed to serve: %v"</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h2> Environment Configuration (<code>.env</code>) </h2> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>DB_URL=postgres://postgres:postgres@localhost:5432/orderdb USER_SERVICE_URL=0.0.0.0:50051 </code></pre> </div> <h2> Docker Setup </h2> <h3> <code>.dockerignore</code> </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>/bin /pkg </code></pre> </div> <h3> <code>Dockerfile</code> </h3> <div class="highlight js-code-highlight"> <pre class="highlight docker"><code><span class="k">FROM</span><span class="w"> </span><span class="s">golang:1.23</span><span class="w"> </span><span class="k">AS</span><span class="w"> </span><span class="s">builder</span> <span class="k">WORKDIR</span><span class="s"> /app</span> <span class="k">COPY</span><span class="s"> go.mod go.sum ./</span> <span class="k">RUN </span>go mod download <span class="k">COPY</span><span class="s"> . .</span> <span class="k">RUN </span><span class="nv">CGO_ENABLED</span><span class="o">=</span>0 <span class="nv">GOOS</span><span class="o">=</span>linux go build <span class="nt">-o</span> orderd ./main.go <span class="k">FROM</span><span class="s"> alpine:latest</span> <span class="k">WORKDIR</span><span class="s"> /app</span> <span class="k">RUN </span>apk add <span class="nt">--no-cache</span> ca-certificates <span class="k">COPY</span><span class="s"> --from=builder /app/orderd .</span> <span class="k">EXPOSE</span><span class="s"> 50052</span> <span class="k">CMD</span><span class="s"> ["./orderd"]</span> </code></pre> </div> <h2> Running the Service </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>go run main.go </code></pre> </div> <p>OR<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>docker build <span class="nt">-t</span> order-service <span class="nb">.</span> docker run <span class="nt">--env-file</span> .env <span class="nt">-p</span> 50052:50052 order-service </code></pre> </div> <p>Here are the commands to test it<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>grpcurl <span class="nt">-plaintext</span> <span class="nt">-H</span> <span class="s2">"authorization: bearer JWT_TOKEN"</span> <span class="nt">-d</span> <span class="s1">'{ "product": "book 1", "quantity": 1 }'</span> <span class="nt">-proto</span><span class="o">=</span>apis/order/v1/order.proto localhost:50052 order.v1.OrderService/CreateOrder grpcurl <span class="nt">-plaintext</span> <span class="nt">-H</span> <span class="s2">"authorization: bearer JWT_TOKEN"</span> <span class="nt">-d</span> <span class="s1">'{ "id": "ID" }'</span> <span class="nt">-proto</span><span class="o">=</span>apis/order/v1/order.proto localhost:50052 order.v1.OrderService/GetOrder </code></pre> </div> <h2> Code Link </h2> <ul> <li><a href="https://github.com/lakhansamani/ecom-grpc-orderd" rel="noopener noreferrer">Github APIs repo</a></li> </ul> <h2> Conclusion </h2> <ul> <li>Built an <strong>Order Service</strong> with authentication.</li> <li>Used <strong>gRPC metadata</strong> for authorization.</li> <li>Stored orders in <strong>PostgreSQL</strong> with <strong>GORM</strong>.</li> </ul> <p>Next: We will learn Logging &amp; Tracing!</p> <p>Stay Tuned</p> grpc postgres go docker Implementing User Service with go, gRPC and PostgreSQL - Part 3 Lakhan Samani Wed, 05 Mar 2025 16:37:50 +0000 https://dev.to/lakhansamani/implementing-user-service-with-go-grpc-and-postgresql-part-3-3i75 https://dev.to/lakhansamani/implementing-user-service-with-go-grpc-and-postgresql-part-3-3i75 <p>In <a href="https://www.lakhan.me/posts/distributed-system-api-definition-part-2/" rel="noopener noreferrer">Part 2</a> we introduced apis for User service, this post walks through implementing a <strong>User Service</strong> in Go using <strong>gRPC</strong> with <strong>PostgreSQL</strong> as the database. The service provides user authentication with JWT-based authentication. The implementation includes:</p> <ul> <li>gRPC service definition</li> <li>Database integration using GORM</li> <li>JWT-based authentication</li> <li>A structured service layer</li> </ul> <blockquote> <p>Note: Please replace the github user name and repo in each of the following folder</p> </blockquote> <h2> Project Structure </h2> <p>The folder structure for the service is as follows:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>ecom-grpc/userd/ │-- db/ │ │-- db.go │ │-- user.go │-- service/ │ │-- service.go │ │-- login.go │ │-- register.go │ │-- me.go │-- utils/ │ │-- jwt.go │-- main.go │-- .env │-- Dockerfile │-- .dockerignore </code></pre> </div> <h3> Database Provider (<code>db/db.go</code>) </h3> <p>This file defines the interface for database operations and initializes the connection to PostgreSQL using GORM.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">package</span> <span class="n">db</span> <span class="k">import</span> <span class="p">(</span> <span class="s">"log"</span> <span class="s">"gorm.io/driver/postgres"</span> <span class="s">"gorm.io/gorm"</span> <span class="p">)</span> <span class="c">// Provider defines the interface for the database provider</span> <span class="k">type</span> <span class="n">Provider</span> <span class="k">interface</span> <span class="p">{</span> <span class="n">CreateUser</span><span class="p">(</span><span class="n">user</span> <span class="o">*</span><span class="n">User</span><span class="p">)</span> <span class="p">(</span><span class="o">*</span><span class="n">User</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="n">GetUserByEmail</span><span class="p">(</span><span class="n">email</span> <span class="kt">string</span><span class="p">)</span> <span class="p">(</span><span class="o">*</span><span class="n">User</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="n">GetUserByID</span><span class="p">(</span><span class="n">id</span> <span class="kt">string</span><span class="p">)</span> <span class="p">(</span><span class="o">*</span><span class="n">User</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">}</span> <span class="c">// provider implements the Provider interface</span> <span class="k">type</span> <span class="n">provider</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">db</span> <span class="o">*</span><span class="n">gorm</span><span class="o">.</span><span class="n">DB</span> <span class="p">}</span> <span class="c">// New creates new database provider</span> <span class="c">// connects to db and returns the provider</span> <span class="k">func</span> <span class="n">New</span><span class="p">(</span><span class="n">dbURL</span> <span class="kt">string</span><span class="p">)</span> <span class="n">Provider</span> <span class="p">{</span> <span class="n">db</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">gorm</span><span class="o">.</span><span class="n">Open</span><span class="p">(</span><span class="n">postgres</span><span class="o">.</span><span class="n">Open</span><span class="p">(</span><span class="n">dbURL</span><span class="p">),</span> <span class="o">&amp;</span><span class="n">gorm</span><span class="o">.</span><span class="n">Config</span><span class="p">{})</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">log</span><span class="o">.</span><span class="n">Fatalf</span><span class="p">(</span><span class="s">"Failed to connect to database: %v"</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span> <span class="p">}</span> <span class="c">// Auto-migrate User model</span> <span class="n">db</span><span class="o">.</span><span class="n">AutoMigrate</span><span class="p">(</span><span class="o">&amp;</span><span class="n">User</span><span class="p">{})</span> <span class="k">return</span> <span class="o">&amp;</span><span class="n">provider</span><span class="p">{</span><span class="n">db</span><span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h3> Database User Methods (<code>db/user.go</code>) </h3> <p>This file implements the methods to interact with the <code>users</code> table.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">package</span> <span class="n">db</span> <span class="k">import</span> <span class="p">(</span> <span class="s">"github.com/google/uuid"</span> <span class="s">"golang.org/x/crypto/bcrypt"</span> <span class="s">"gorm.io/gorm"</span> <span class="n">user</span> <span class="s">"github.com/lakhansamani/ecom-grpc-apis/user/v1"</span> <span class="p">)</span> <span class="c">// User represents the User model in DB</span> <span class="k">type</span> <span class="n">User</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">ID</span> <span class="kt">string</span> <span class="s">`gorm:"primaryKey"`</span> <span class="n">Name</span> <span class="kt">string</span> <span class="n">Email</span> <span class="kt">string</span> <span class="s">`gorm:"unique"`</span> <span class="n">Password</span> <span class="kt">string</span> <span class="p">}</span> <span class="c">// AsAPIUser converts the User model to API User</span> <span class="k">func</span> <span class="p">(</span><span class="n">u</span> <span class="o">*</span><span class="n">User</span><span class="p">)</span> <span class="n">AsAPIUser</span><span class="p">()</span> <span class="o">*</span><span class="n">user</span><span class="o">.</span><span class="n">User</span> <span class="p">{</span> <span class="k">return</span> <span class="o">&amp;</span><span class="n">user</span><span class="o">.</span><span class="n">User</span><span class="p">{</span> <span class="n">Id</span><span class="o">:</span> <span class="n">u</span><span class="o">.</span><span class="n">ID</span><span class="p">,</span> <span class="n">Name</span><span class="o">:</span> <span class="n">u</span><span class="o">.</span><span class="n">Name</span><span class="p">,</span> <span class="n">Email</span><span class="o">:</span> <span class="n">u</span><span class="o">.</span><span class="n">Email</span><span class="p">,</span> <span class="p">}</span> <span class="p">}</span> <span class="c">// BeforeSave GORM hook to hash password only if it's changed</span> <span class="k">func</span> <span class="p">(</span><span class="n">u</span> <span class="o">*</span><span class="n">User</span><span class="p">)</span> <span class="n">BeforeSave</span><span class="p">(</span><span class="n">tx</span> <span class="o">*</span><span class="n">gorm</span><span class="o">.</span><span class="n">DB</span><span class="p">)</span> <span class="p">(</span><span class="n">err</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span> <span class="c">// Hash the new password</span> <span class="n">hashedPassword</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">bcrypt</span><span class="o">.</span><span class="n">GenerateFromPassword</span><span class="p">([]</span><span class="kt">byte</span><span class="p">(</span><span class="n">u</span><span class="o">.</span><span class="n">Password</span><span class="p">),</span> <span class="n">bcrypt</span><span class="o">.</span><span class="n">DefaultCost</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="n">err</span> <span class="p">}</span> <span class="n">u</span><span class="o">.</span><span class="n">Password</span> <span class="o">=</span> <span class="kt">string</span><span class="p">(</span><span class="n">hashedPassword</span><span class="p">)</span> <span class="k">return</span> <span class="no">nil</span> <span class="p">}</span> <span class="c">// Before create</span> <span class="k">func</span> <span class="p">(</span><span class="n">u</span> <span class="o">*</span><span class="n">User</span><span class="p">)</span> <span class="n">BeforeCreate</span><span class="p">(</span><span class="n">tx</span> <span class="o">*</span><span class="n">gorm</span><span class="o">.</span><span class="n">DB</span><span class="p">)</span> <span class="p">(</span><span class="n">err</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span> <span class="c">// Generate UUID</span> <span class="n">u</span><span class="o">.</span><span class="n">ID</span> <span class="o">=</span> <span class="n">uuid</span><span class="o">.</span><span class="n">NewString</span><span class="p">()</span> <span class="k">return</span> <span class="p">}</span> <span class="c">// CreateUser creates a new user in the database</span> <span class="k">func</span> <span class="p">(</span><span class="n">p</span> <span class="o">*</span><span class="n">provider</span><span class="p">)</span> <span class="n">CreateUser</span><span class="p">(</span><span class="n">u</span> <span class="o">*</span><span class="n">User</span><span class="p">)</span> <span class="p">(</span><span class="o">*</span><span class="n">User</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">p</span><span class="o">.</span><span class="n">db</span><span class="o">.</span><span class="n">Create</span><span class="p">(</span><span class="n">u</span><span class="p">)</span><span class="o">.</span><span class="n">Error</span> <span class="k">return</span> <span class="n">u</span><span class="p">,</span> <span class="n">err</span> <span class="p">}</span> <span class="c">// GetUserByEmail fetches a user by email from the database</span> <span class="k">func</span> <span class="p">(</span><span class="n">p</span> <span class="o">*</span><span class="n">provider</span><span class="p">)</span> <span class="n">GetUserByEmail</span><span class="p">(</span><span class="n">email</span> <span class="kt">string</span><span class="p">)</span> <span class="p">(</span><span class="o">*</span><span class="n">User</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span> <span class="k">var</span> <span class="n">u</span> <span class="n">User</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">p</span><span class="o">.</span><span class="n">db</span><span class="o">.</span><span class="n">Where</span><span class="p">(</span><span class="s">"email = ?"</span><span class="p">,</span> <span class="n">email</span><span class="p">)</span><span class="o">.</span><span class="n">First</span><span class="p">(</span><span class="o">&amp;</span><span class="n">u</span><span class="p">)</span><span class="o">.</span><span class="n">Error</span> <span class="k">return</span> <span class="o">&amp;</span><span class="n">u</span><span class="p">,</span> <span class="n">err</span> <span class="p">}</span> <span class="c">// GetUserByID fetches a user by ID from the database</span> <span class="k">func</span> <span class="p">(</span><span class="n">p</span> <span class="o">*</span><span class="n">provider</span><span class="p">)</span> <span class="n">GetUserByID</span><span class="p">(</span><span class="n">id</span> <span class="kt">string</span><span class="p">)</span> <span class="p">(</span><span class="o">*</span><span class="n">User</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span> <span class="k">var</span> <span class="n">u</span> <span class="n">User</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">p</span><span class="o">.</span><span class="n">db</span><span class="o">.</span><span class="n">Where</span><span class="p">(</span><span class="s">"id = ?"</span><span class="p">,</span> <span class="n">id</span><span class="p">)</span><span class="o">.</span><span class="n">First</span><span class="p">(</span><span class="o">&amp;</span><span class="n">u</span><span class="p">)</span><span class="o">.</span><span class="n">Error</span> <span class="k">return</span> <span class="o">&amp;</span><span class="n">u</span><span class="p">,</span> <span class="n">err</span> <span class="p">}</span> </code></pre> </div> <h3> User Service (<code>service/service.go</code>) </h3> <p>This file defines the service layer for user operations. It holds configurations and dependencies.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">package</span> <span class="n">service</span> <span class="k">import</span> <span class="p">(</span> <span class="n">user</span> <span class="s">"github.com/lakhansamani/ecom-grpc-apis/user/v1"</span> <span class="s">"github.com/lakhansamani/ecom-grpc-userd/db"</span> <span class="p">)</span> <span class="k">type</span> <span class="n">Config</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">JWTSecret</span> <span class="kt">string</span> <span class="p">}</span> <span class="k">type</span> <span class="n">Dependencies</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">DBProvider</span> <span class="n">db</span><span class="o">.</span><span class="n">Provider</span> <span class="p">}</span> <span class="c">// Service implements the User service.</span> <span class="k">type</span> <span class="n">Service</span> <span class="k">interface</span> <span class="p">{</span> <span class="n">user</span><span class="o">.</span><span class="n">UserServiceServer</span> <span class="p">}</span> <span class="k">type</span> <span class="n">service</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">Config</span> <span class="n">Dependencies</span> <span class="p">}</span> <span class="c">// New creates a new User service.</span> <span class="k">func</span> <span class="n">New</span><span class="p">(</span><span class="n">cfg</span> <span class="n">Config</span><span class="p">,</span> <span class="n">deps</span> <span class="n">Dependencies</span><span class="p">)</span> <span class="n">Service</span> <span class="p">{</span> <span class="k">return</span> <span class="o">&amp;</span><span class="n">service</span><span class="p">{</span> <span class="n">Config</span><span class="o">:</span> <span class="n">cfg</span><span class="p">,</span> <span class="n">Dependencies</span><span class="o">:</span> <span class="n">deps</span><span class="p">,</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h3> Register API (<code>service/register.go</code>) </h3> <p>Handles user registration.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">package</span> <span class="n">service</span> <span class="k">import</span> <span class="p">(</span> <span class="s">"context"</span> <span class="s">"errors"</span> <span class="s">"strings"</span> <span class="n">user</span> <span class="s">"github.com/lakhansamani/ecom-grpc-apis/user/v1"</span> <span class="s">"github.com/lakhansamani/ecom-grpc-userd/db"</span> <span class="p">)</span> <span class="c">// Register API to register a new user</span> <span class="c">// Permission: none</span> <span class="k">func</span> <span class="p">(</span><span class="n">s</span> <span class="o">*</span><span class="n">service</span><span class="p">)</span> <span class="n">Register</span><span class="p">(</span><span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">,</span> <span class="n">req</span> <span class="o">*</span><span class="n">user</span><span class="o">.</span><span class="n">RegisterRequest</span><span class="p">)</span> <span class="p">(</span><span class="o">*</span><span class="n">user</span><span class="o">.</span><span class="n">RegisterResponse</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span> <span class="n">name</span> <span class="o">:=</span> <span class="n">req</span><span class="o">.</span><span class="n">GetName</span><span class="p">()</span> <span class="n">email</span> <span class="o">:=</span> <span class="n">req</span><span class="o">.</span><span class="n">GetEmail</span><span class="p">()</span> <span class="n">password</span> <span class="o">:=</span> <span class="n">req</span><span class="o">.</span><span class="n">GetPassword</span><span class="p">()</span> <span class="k">if</span> <span class="n">strings</span><span class="o">.</span><span class="n">TrimSpace</span><span class="p">(</span><span class="n">name</span><span class="p">)</span> <span class="o">==</span> <span class="s">""</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">errors</span><span class="o">.</span><span class="n">New</span><span class="p">(</span><span class="s">"name is required"</span><span class="p">)</span> <span class="p">}</span> <span class="k">if</span> <span class="n">strings</span><span class="o">.</span><span class="n">TrimSpace</span><span class="p">(</span><span class="n">email</span><span class="p">)</span> <span class="o">==</span> <span class="s">""</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">errors</span><span class="o">.</span><span class="n">New</span><span class="p">(</span><span class="s">"email is required"</span><span class="p">)</span> <span class="p">}</span> <span class="k">if</span> <span class="n">strings</span><span class="o">.</span><span class="n">TrimSpace</span><span class="p">(</span><span class="n">password</span><span class="p">)</span> <span class="o">==</span> <span class="s">""</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">errors</span><span class="o">.</span><span class="n">New</span><span class="p">(</span><span class="s">"password is required"</span><span class="p">)</span> <span class="p">}</span> <span class="n">resUser</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">s</span><span class="o">.</span><span class="n">DBProvider</span><span class="o">.</span><span class="n">CreateUser</span><span class="p">(</span><span class="o">&amp;</span><span class="n">db</span><span class="o">.</span><span class="n">User</span><span class="p">{</span> <span class="n">Name</span><span class="o">:</span> <span class="n">name</span><span class="p">,</span> <span class="n">Email</span><span class="o">:</span> <span class="n">email</span><span class="p">,</span> <span class="n">Password</span><span class="o">:</span> <span class="n">password</span><span class="p">,</span> <span class="p">})</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">err</span> <span class="p">}</span> <span class="k">return</span> <span class="o">&amp;</span><span class="n">user</span><span class="o">.</span><span class="n">RegisterResponse</span><span class="p">{</span> <span class="n">UserId</span><span class="o">:</span> <span class="n">resUser</span><span class="o">.</span><span class="n">ID</span><span class="p">,</span> <span class="p">},</span> <span class="no">nil</span> <span class="p">}</span> </code></pre> </div> <h3> Login API (<code>service/login.go</code>) </h3> <p>Handles user login and JWT generation.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">package</span> <span class="n">service</span> <span class="k">import</span> <span class="p">(</span> <span class="s">"context"</span> <span class="s">"errors"</span> <span class="s">"strings"</span> <span class="s">"golang.org/x/crypto/bcrypt"</span> <span class="n">user</span> <span class="s">"github.com/lakhansamani/ecom-grpc-apis/user/v1"</span> <span class="s">"github.com/lakhansamani/ecom-grpc-userd/utils"</span> <span class="p">)</span> <span class="c">// Login API to login a user</span> <span class="c">// Permission: none</span> <span class="k">func</span> <span class="p">(</span><span class="n">s</span> <span class="o">*</span><span class="n">service</span><span class="p">)</span> <span class="n">Login</span><span class="p">(</span><span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">,</span> <span class="n">req</span> <span class="o">*</span><span class="n">user</span><span class="o">.</span><span class="n">LoginRequest</span><span class="p">)</span> <span class="p">(</span><span class="o">*</span><span class="n">user</span><span class="o">.</span><span class="n">LoginResponse</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span> <span class="n">email</span> <span class="o">:=</span> <span class="n">req</span><span class="o">.</span><span class="n">GetEmail</span><span class="p">()</span> <span class="n">password</span> <span class="o">:=</span> <span class="n">req</span><span class="o">.</span><span class="n">GetPassword</span><span class="p">()</span> <span class="k">if</span> <span class="n">strings</span><span class="o">.</span><span class="n">TrimSpace</span><span class="p">(</span><span class="n">email</span><span class="p">)</span> <span class="o">==</span> <span class="s">""</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">errors</span><span class="o">.</span><span class="n">New</span><span class="p">(</span><span class="s">"email is required"</span><span class="p">)</span> <span class="p">}</span> <span class="k">if</span> <span class="n">strings</span><span class="o">.</span><span class="n">TrimSpace</span><span class="p">(</span><span class="n">password</span><span class="p">)</span> <span class="o">==</span> <span class="s">""</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">errors</span><span class="o">.</span><span class="n">New</span><span class="p">(</span><span class="s">"password is required"</span><span class="p">)</span> <span class="p">}</span> <span class="c">// Get user by email</span> <span class="n">resUser</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">s</span><span class="o">.</span><span class="n">DBProvider</span><span class="o">.</span><span class="n">GetUserByEmail</span><span class="p">(</span><span class="n">email</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">err</span> <span class="p">}</span> <span class="c">// Match password</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">bcrypt</span><span class="o">.</span><span class="n">CompareHashAndPassword</span><span class="p">([]</span><span class="kt">byte</span><span class="p">(</span><span class="n">resUser</span><span class="o">.</span><span class="n">Password</span><span class="p">),</span> <span class="p">[]</span><span class="kt">byte</span><span class="p">(</span><span class="n">password</span><span class="p">));</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">errors</span><span class="o">.</span><span class="n">New</span><span class="p">(</span><span class="s">"invalid password"</span><span class="p">)</span> <span class="p">}</span> <span class="c">// Generate JWT token</span> <span class="n">token</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">utils</span><span class="o">.</span><span class="n">GenerateJWT</span><span class="p">(</span><span class="n">s</span><span class="o">.</span><span class="n">JWTSecret</span><span class="p">,</span> <span class="n">resUser</span><span class="o">.</span><span class="n">ID</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">err</span> <span class="p">}</span> <span class="k">return</span> <span class="o">&amp;</span><span class="n">user</span><span class="o">.</span><span class="n">LoginResponse</span><span class="p">{</span> <span class="n">Token</span><span class="o">:</span> <span class="n">token</span><span class="p">,</span> <span class="p">},</span> <span class="no">nil</span> <span class="p">}</span> </code></pre> </div> <h3> Me API (<code>service/me.go</code>) </h3> <p>Retrieves the currently authenticated user.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">package</span> <span class="n">service</span> <span class="k">import</span> <span class="p">(</span> <span class="s">"context"</span> <span class="s">"errors"</span> <span class="s">"strings"</span> <span class="n">user</span> <span class="s">"github.com/lakhansamani/ecom-grpc-apis/user/v1"</span> <span class="s">"github.com/lakhansamani/ecom-grpc-userd/utils"</span> <span class="s">"google.golang.org/grpc/metadata"</span> <span class="p">)</span> <span class="c">// Me API to get user details</span> <span class="c">// Permission: authenticated user</span> <span class="k">func</span> <span class="p">(</span><span class="n">s</span> <span class="o">*</span><span class="n">service</span><span class="p">)</span> <span class="n">Me</span><span class="p">(</span><span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">,</span> <span class="n">req</span> <span class="o">*</span><span class="n">user</span><span class="o">.</span><span class="n">MeRequest</span><span class="p">)</span> <span class="p">(</span><span class="o">*</span><span class="n">user</span><span class="o">.</span><span class="n">MeResponse</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span> <span class="c">// Get the Authorization bearer token from the context</span> <span class="c">// Extract the token from the header</span> <span class="n">md</span><span class="p">,</span> <span class="n">ok</span> <span class="o">:=</span> <span class="n">metadata</span><span class="o">.</span><span class="n">FromIncomingContext</span><span class="p">(</span><span class="n">ctx</span><span class="p">)</span> <span class="k">if</span> <span class="o">!</span><span class="n">ok</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">errors</span><span class="o">.</span><span class="n">New</span><span class="p">(</span><span class="s">"missing metadata"</span><span class="p">)</span> <span class="p">}</span> <span class="n">authHeader</span><span class="p">,</span> <span class="n">exists</span> <span class="o">:=</span> <span class="n">md</span><span class="p">[</span><span class="s">"authorization"</span><span class="p">]</span> <span class="k">if</span> <span class="o">!</span><span class="n">exists</span> <span class="o">||</span> <span class="nb">len</span><span class="p">(</span><span class="n">authHeader</span><span class="p">)</span> <span class="o">==</span> <span class="m">0</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">errors</span><span class="o">.</span><span class="n">New</span><span class="p">(</span><span class="s">"missing authorization token"</span><span class="p">)</span> <span class="p">}</span> <span class="n">token</span> <span class="o">:=</span> <span class="n">authHeader</span><span class="p">[</span><span class="m">0</span><span class="p">]</span> <span class="c">// Make sure the token is not empty and is bearer token</span> <span class="k">if</span> <span class="n">token</span> <span class="o">==</span> <span class="s">""</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">errors</span><span class="o">.</span><span class="n">New</span><span class="p">(</span><span class="s">"missing token"</span><span class="p">)</span> <span class="p">}</span> <span class="n">tokenSplit</span> <span class="o">:=</span> <span class="n">strings</span><span class="o">.</span><span class="n">Split</span><span class="p">(</span><span class="n">token</span><span class="p">,</span> <span class="s">" "</span><span class="p">)</span> <span class="k">if</span> <span class="nb">len</span><span class="p">(</span><span class="n">tokenSplit</span><span class="p">)</span> <span class="o">!=</span> <span class="m">2</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">errors</span><span class="o">.</span><span class="n">New</span><span class="p">(</span><span class="s">"invalid token"</span><span class="p">)</span> <span class="p">}</span> <span class="k">if</span> <span class="n">strings</span><span class="o">.</span><span class="n">ToLower</span><span class="p">(</span><span class="n">tokenSplit</span><span class="p">[</span><span class="m">0</span><span class="p">])</span> <span class="o">!=</span> <span class="s">"bearer"</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">errors</span><span class="o">.</span><span class="n">New</span><span class="p">(</span><span class="s">"invalid token"</span><span class="p">)</span> <span class="p">}</span> <span class="n">token</span> <span class="o">=</span> <span class="n">tokenSplit</span><span class="p">[</span><span class="m">1</span><span class="p">]</span> <span class="n">userID</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">utils</span><span class="o">.</span><span class="n">VerifyJWT</span><span class="p">(</span><span class="n">s</span><span class="o">.</span><span class="n">JWTSecret</span><span class="p">,</span> <span class="n">token</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">err</span> <span class="p">}</span> <span class="c">// Fetch the user from the database</span> <span class="n">resUser</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">s</span><span class="o">.</span><span class="n">DBProvider</span><span class="o">.</span><span class="n">GetUserByID</span><span class="p">(</span><span class="n">userID</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">err</span> <span class="p">}</span> <span class="c">// Return the user details</span> <span class="k">return</span> <span class="o">&amp;</span><span class="n">user</span><span class="o">.</span><span class="n">MeResponse</span><span class="p">{</span> <span class="n">User</span><span class="o">:</span> <span class="n">resUser</span><span class="o">.</span><span class="n">AsAPIUser</span><span class="p">(),</span> <span class="p">},</span> <span class="no">nil</span> <span class="p">}</span> </code></pre> </div> <h3> JWT Utility (<code>utils/jwt.go</code>) </h3> <p>Handles JWT generation and verification.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">package</span> <span class="n">utils</span> <span class="k">import</span> <span class="p">(</span> <span class="s">"time"</span> <span class="s">"github.com/golang-jwt/jwt"</span> <span class="p">)</span> <span class="c">// Generate JWT token</span> <span class="k">func</span> <span class="n">GenerateJWT</span><span class="p">(</span><span class="n">secret</span><span class="p">,</span> <span class="n">userID</span> <span class="kt">string</span><span class="p">)</span> <span class="p">(</span><span class="kt">string</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span> <span class="n">token</span> <span class="o">:=</span> <span class="n">jwt</span><span class="o">.</span><span class="n">NewWithClaims</span><span class="p">(</span><span class="n">jwt</span><span class="o">.</span><span class="n">SigningMethodHS256</span><span class="p">,</span> <span class="n">jwt</span><span class="o">.</span><span class="n">MapClaims</span><span class="p">{</span> <span class="s">"user_id"</span><span class="o">:</span> <span class="n">userID</span><span class="p">,</span> <span class="s">"exp"</span><span class="o">:</span> <span class="n">time</span><span class="o">.</span><span class="n">Now</span><span class="p">()</span><span class="o">.</span><span class="n">Add</span><span class="p">(</span><span class="n">time</span><span class="o">.</span><span class="n">Hour</span> <span class="o">*</span> <span class="m">24</span><span class="p">)</span><span class="o">.</span><span class="n">Unix</span><span class="p">(),</span> <span class="p">})</span> <span class="k">return</span> <span class="n">token</span><span class="o">.</span><span class="n">SignedString</span><span class="p">([]</span><span class="kt">byte</span><span class="p">(</span><span class="n">secret</span><span class="p">))</span> <span class="p">}</span> <span class="c">// VerifyJWT verifies the JWT token</span> <span class="k">func</span> <span class="n">VerifyJWT</span><span class="p">(</span><span class="n">secret</span><span class="p">,</span> <span class="n">tokenString</span> <span class="kt">string</span><span class="p">)</span> <span class="p">(</span><span class="kt">string</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span> <span class="n">token</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">jwt</span><span class="o">.</span><span class="n">Parse</span><span class="p">(</span><span class="n">tokenString</span><span class="p">,</span> <span class="k">func</span><span class="p">(</span><span class="n">token</span> <span class="o">*</span><span class="n">jwt</span><span class="o">.</span><span class="n">Token</span><span class="p">)</span> <span class="p">(</span><span class="k">interface</span><span class="p">{},</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="p">[]</span><span class="kt">byte</span><span class="p">(</span><span class="n">secret</span><span class="p">),</span> <span class="no">nil</span> <span class="p">})</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="s">""</span><span class="p">,</span> <span class="n">err</span> <span class="p">}</span> <span class="n">claims</span><span class="p">,</span> <span class="n">ok</span> <span class="o">:=</span> <span class="n">token</span><span class="o">.</span><span class="n">Claims</span><span class="o">.</span><span class="p">(</span><span class="n">jwt</span><span class="o">.</span><span class="n">MapClaims</span><span class="p">)</span> <span class="k">if</span> <span class="o">!</span><span class="n">ok</span> <span class="p">{</span> <span class="k">return</span> <span class="s">""</span><span class="p">,</span> <span class="n">err</span> <span class="p">}</span> <span class="c">// Check if token is valid</span> <span class="k">if</span> <span class="o">!</span><span class="n">token</span><span class="o">.</span><span class="n">Valid</span> <span class="p">{</span> <span class="k">return</span> <span class="s">""</span><span class="p">,</span> <span class="n">err</span> <span class="p">}</span> <span class="k">return</span> <span class="n">claims</span><span class="p">[</span><span class="s">"user_id"</span><span class="p">]</span><span class="o">.</span><span class="p">(</span><span class="kt">string</span><span class="p">),</span> <span class="no">nil</span> <span class="p">}</span> </code></pre> </div> <h3> Main File (<code>main.go</code>) </h3> <p>Starts the gRPC server and initializes dependencies.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">package</span> <span class="n">main</span> <span class="k">import</span> <span class="p">(</span> <span class="s">"log"</span> <span class="s">"net"</span> <span class="s">"os"</span> <span class="s">"github.com/joho/godotenv"</span> <span class="s">"google.golang.org/grpc"</span> <span class="n">userpb</span> <span class="s">"github.com/lakhansamani/ecom-grpc-apis/user/v1"</span> <span class="s">"github.com/lakhansamani/ecom-grpc-userd/db"</span> <span class="s">"github.com/lakhansamani/ecom-grpc-userd/service"</span> <span class="p">)</span> <span class="k">func</span> <span class="n">main</span><span class="p">()</span> <span class="p">{</span> <span class="c">// Read .env file as environment variables</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">godotenv</span><span class="o">.</span><span class="n">Load</span><span class="p">()</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">log</span><span class="o">.</span><span class="n">Println</span><span class="p">(</span><span class="s">".env file not found, using environment variables"</span><span class="p">)</span> <span class="p">}</span> <span class="c">// DB URL</span> <span class="n">dbURL</span> <span class="o">:=</span> <span class="n">os</span><span class="o">.</span><span class="n">Getenv</span><span class="p">(</span><span class="s">"DB_URL"</span><span class="p">)</span> <span class="k">if</span> <span class="n">dbURL</span> <span class="o">==</span> <span class="s">""</span> <span class="p">{</span> <span class="n">log</span><span class="o">.</span><span class="n">Fatal</span><span class="p">(</span><span class="s">"DB_URL is required"</span><span class="p">)</span> <span class="p">}</span> <span class="c">// JWT Secret</span> <span class="n">jwtSecret</span> <span class="o">:=</span> <span class="n">os</span><span class="o">.</span><span class="n">Getenv</span><span class="p">(</span><span class="s">"JWT_SECRET"</span><span class="p">)</span> <span class="k">if</span> <span class="n">jwtSecret</span> <span class="o">==</span> <span class="s">""</span> <span class="p">{</span> <span class="n">log</span><span class="o">.</span><span class="n">Fatal</span><span class="p">(</span><span class="s">"JWT_SECRET is required"</span><span class="p">)</span> <span class="p">}</span> <span class="c">// Initialize database</span> <span class="n">dbProvider</span> <span class="o">:=</span> <span class="n">db</span><span class="o">.</span><span class="n">New</span><span class="p">(</span><span class="n">dbURL</span><span class="p">)</span> <span class="c">// Create a new gRPC server</span> <span class="n">server</span> <span class="o">:=</span> <span class="n">grpc</span><span class="o">.</span><span class="n">NewServer</span><span class="p">()</span> <span class="c">// Register UserService with gRPC</span> <span class="n">userService</span> <span class="o">:=</span> <span class="n">service</span><span class="o">.</span><span class="n">New</span><span class="p">(</span> <span class="n">service</span><span class="o">.</span><span class="n">Config</span><span class="p">{</span> <span class="n">JWTSecret</span><span class="o">:</span> <span class="n">jwtSecret</span><span class="p">,</span> <span class="p">},</span> <span class="n">service</span><span class="o">.</span><span class="n">Dependencies</span><span class="p">{</span> <span class="n">DBProvider</span><span class="o">:</span> <span class="n">dbProvider</span><span class="p">,</span> <span class="p">})</span> <span class="n">userpb</span><span class="o">.</span><span class="n">RegisterUserServiceServer</span><span class="p">(</span><span class="n">server</span><span class="p">,</span> <span class="n">userService</span><span class="p">)</span> <span class="c">// Start gRPC server</span> <span class="n">listener</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">net</span><span class="o">.</span><span class="n">Listen</span><span class="p">(</span><span class="s">"tcp"</span><span class="p">,</span> <span class="s">":50051"</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">log</span><span class="o">.</span><span class="n">Fatalf</span><span class="p">(</span><span class="s">"Failed to listen: %v"</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span> <span class="p">}</span> <span class="n">log</span><span class="o">.</span><span class="n">Println</span><span class="p">(</span><span class="s">"gRPC Server is running on port 50051..."</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">server</span><span class="o">.</span><span class="n">Serve</span><span class="p">(</span><span class="n">listener</span><span class="p">);</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">log</span><span class="o">.</span><span class="n">Fatalf</span><span class="p">(</span><span class="s">"Failed to serve: %v"</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h3> Dockerfile (Dockerfile) </h3> <p>This file helps in creating <code>userd</code> container image that we can use in future with kubernetes.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight docker"><code><span class="c"># Build Stage</span> <span class="k">FROM</span><span class="w"> </span><span class="s">golang:1.23</span><span class="w"> </span><span class="k">AS</span><span class="w"> </span><span class="s">builder</span> <span class="k">WORKDIR</span><span class="s"> /app</span> <span class="c"># Copy go.mod and go.sum and download dependencies</span> <span class="k">COPY</span><span class="s"> go.mod go.sum ./</span> <span class="k">RUN </span>go mod download <span class="c"># Copy source code</span> <span class="k">COPY</span><span class="s"> . .</span> <span class="c"># Build the Go binary with static linking (Alpine compatible)</span> <span class="k">RUN </span><span class="nv">CGO_ENABLED</span><span class="o">=</span>0 <span class="nv">GOOS</span><span class="o">=</span>linux <span class="nv">GOARCH</span><span class="o">=</span>amd64 go build <span class="nt">-o</span> userd ./main.go <span class="c"># Final Runtime Stage (Alpine)</span> <span class="k">FROM</span><span class="s"> alpine:latest</span> <span class="k">WORKDIR</span><span class="s"> /app</span> <span class="c"># Install certificates (required for HTTPS calls)</span> <span class="k">RUN </span>apk add <span class="nt">--no-cache</span> ca-certificates <span class="c"># Copy binary from builder</span> <span class="k">COPY</span><span class="s"> --from=builder /app/userd .</span> <span class="c"># Expose gRPC port</span> <span class="k">EXPOSE</span><span class="s"> 50051</span> <span class="c"># Run the application</span> <span class="k">CMD</span><span class="s"> ["./userd"]</span> </code></pre> </div> <h3> Docker ignore file (.dockerignore) </h3> <p>This file helps ignoring development files example .env in production build<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>.env </code></pre> </div> <p>Here is <code>.env</code> file for local development<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>DB_URL=postgres://postgres:postgres@localhost:5432/userdb JWT_SECRET=secret </code></pre> </div> <h3> Running the Service </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>docker run <span class="nt">--name</span> postgres-cluster <span class="nt">-e</span> <span class="nv">POSTGRES_PASSWORD</span><span class="o">=</span>postgres <span class="nt">-p</span> 5432:5432 <span class="nt">-d</span> postgres docker <span class="nb">exec</span> <span class="nt">-it</span> postgres-cluster psql <span class="nt">-U</span> postgres <span class="nt">-c</span> <span class="s2">"CREATE DATABASE userdb;"</span> go run main.go </code></pre> </div> <p>Now, your <strong>User Service</strong> is live with <strong>gRPC, PostgreSQL, and JWT authentication</strong>! 🚀</p> <p>You can try following commands with correct <code>.proto</code> file path<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>grpcurl -plaintext -d '{ "name": "John Doe", "email": "john@example.com", "password": "securepass" }' -proto=apis/user/v1/user.proto localhost:50051 user.v1.UserService/Register grpcurl -plaintext -d '{ "email": "john@example.com", "password": "securepass" }' -proto=apis/user/v1/user.proto localhost:50051 user.v1.UserService/Login grpcurl -plaintext -H "authorization: bearer JWT_TOKEN" -proto=apis/user/v1/user.proto localhost:50051 user.v1.UserService/Me </code></pre> </div> <h2> Code Link </h2> <ul> <li><a href="https://github.com/lakhansamani/ecom-grpc-userd" rel="noopener noreferrer">Github APIs repo</a></li> </ul> <h2> 🎯 Next Steps </h2> <ul> <li>🚀 Now that we have the User Service implemented, in Part 4, we will:</li> <li>✅ Implement Order Service.</li> </ul> go grpc postgres containers Defining gRPC APIs with Protobuf - Part 2 Lakhan Samani Tue, 04 Mar 2025 11:43:39 +0000 https://dev.to/lakhansamani/defining-grpc-apis-with-protobuf-part-2-5dj4 https://dev.to/lakhansamani/defining-grpc-apis-with-protobuf-part-2-5dj4 <p>In <a href="https://dev.to/lakhansamani/building-a-distributed-e-commerce-app-with-go-and-grpc-part-1-3614">Part 1</a>, we set up our project structure. Now, we’ll:<br> ✅ Define User and Order APIs<br> ✅ Generate gRPC code from .proto files.</p> <p>We have created <code>apis</code> folder so lets navigate to that folder and define our apis there.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>cd ecom-grpc/apis </code></pre> </div> <blockquote> <p>Note: Please replace the github user name and repo in each of the following folder</p> </blockquote> <h2> Step 1: Install Protobuf Compiler </h2> <p>Before writing .proto files, install protoc:</p> <h3> 🔹 Mac (Homebrew) </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>brew <span class="nb">install </span>protobuf </code></pre> </div> <h3> 🔹 Ubuntu/Linux </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>apt update <span class="o">&amp;&amp;</span> <span class="nb">sudo </span>apt <span class="nb">install</span> <span class="nt">-y</span> protobuf-compiler </code></pre> </div> <h3> 🔹 Windows </h3> <p>Download from protobuf releases.</p> <p>Verify installation:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>protoc <span class="nt">--version</span> </code></pre> </div> <h2> Step 2: Define User Service API </h2> <p>create <code>user/v1/user.proto</code> file in <code>apis</code> repo<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">mkdir</span> <span class="nt">-p</span> user/v1/ <span class="nb">touch </span>user/v1/user.proto </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight protobuf"><code><span class="na">syntax</span> <span class="o">=</span> <span class="s">"proto3"</span><span class="p">;</span> <span class="kn">package</span> <span class="nn">user</span><span class="o">.</span><span class="n">v1</span><span class="p">;</span> <span class="k">option</span> <span class="na">go_package</span> <span class="o">=</span> <span class="s">"github.com/lakhansamani/ecom-grpc-apis/user/v1"</span><span class="p">;</span> <span class="c1">// User Service definition</span> <span class="kd">service</span> <span class="n">UserService</span> <span class="p">{</span> <span class="c1">// Register API to register a new user</span> <span class="c1">// Permission: none</span> <span class="k">rpc</span> <span class="n">Register</span><span class="p">(</span><span class="n">RegisterRequest</span><span class="p">)</span> <span class="k">returns</span> <span class="p">(</span><span class="n">RegisterResponse</span><span class="p">);</span> <span class="c1">// Login API to login a user</span> <span class="c1">// Permission: none</span> <span class="k">rpc</span> <span class="n">Login</span><span class="p">(</span><span class="n">LoginRequest</span><span class="p">)</span> <span class="k">returns</span> <span class="p">(</span><span class="n">LoginResponse</span><span class="p">);</span> <span class="c1">// Me API to get user details</span> <span class="c1">// Permission: authenticated user</span> <span class="k">rpc</span> <span class="n">Me</span><span class="p">(</span><span class="n">MeRequest</span><span class="p">)</span> <span class="k">returns</span> <span class="p">(</span><span class="n">MeResponse</span><span class="p">);</span> <span class="p">}</span> <span class="c1">// User model</span> <span class="kd">message</span> <span class="nc">User</span> <span class="p">{</span> <span class="kt">string</span> <span class="na">id</span> <span class="o">=</span> <span class="mi">1</span><span class="p">;</span> <span class="kt">string</span> <span class="na">name</span> <span class="o">=</span> <span class="mi">2</span><span class="p">;</span> <span class="kt">string</span> <span class="na">email</span> <span class="o">=</span> <span class="mi">3</span><span class="p">;</span> <span class="p">}</span> <span class="c1">// Register API</span> <span class="kd">message</span> <span class="nc">RegisterRequest</span> <span class="p">{</span> <span class="kt">string</span> <span class="na">name</span> <span class="o">=</span> <span class="mi">1</span><span class="p">;</span> <span class="kt">string</span> <span class="na">email</span> <span class="o">=</span> <span class="mi">2</span><span class="p">;</span> <span class="kt">string</span> <span class="na">password</span> <span class="o">=</span> <span class="mi">3</span><span class="p">;</span> <span class="p">}</span> <span class="kd">message</span> <span class="nc">RegisterResponse</span> <span class="p">{</span> <span class="kt">string</span> <span class="na">user_id</span> <span class="o">=</span> <span class="mi">1</span><span class="p">;</span> <span class="p">}</span> <span class="c1">// Login API</span> <span class="kd">message</span> <span class="nc">LoginRequest</span> <span class="p">{</span> <span class="kt">string</span> <span class="na">email</span> <span class="o">=</span> <span class="mi">1</span><span class="p">;</span> <span class="kt">string</span> <span class="na">password</span> <span class="o">=</span> <span class="mi">2</span><span class="p">;</span> <span class="p">}</span> <span class="kd">message</span> <span class="nc">LoginResponse</span> <span class="p">{</span> <span class="kt">string</span> <span class="na">token</span> <span class="o">=</span> <span class="mi">1</span><span class="p">;</span> <span class="p">}</span> <span class="c1">// Me API (token will be taken from gRPC metadata)</span> <span class="kd">message</span> <span class="nc">MeRequest</span> <span class="p">{}</span> <span class="kd">message</span> <span class="nc">MeResponse</span> <span class="p">{</span> <span class="n">User</span> <span class="na">user</span> <span class="o">=</span> <span class="mi">1</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <h3> New API methods </h3> <ul> <li>Register → Registers a new user and returns a JWT token.</li> <li>Login → Authenticates a user and returns a JWT token.</li> <li>Me → Returns user details using the JWT token.</li> </ul> <h2> 🔹 Step 3: Define Order Service API </h2> <p>create <code>order/v1/order.proto</code> file in <code>apis</code> repo<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">mkdir</span> <span class="nt">-p</span> order/v1/ <span class="nb">touch </span>order/v1/order.proto </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight protobuf"><code><span class="na">syntax</span> <span class="o">=</span> <span class="s">"proto3"</span><span class="p">;</span> <span class="kn">package</span> <span class="nn">order</span><span class="o">.</span><span class="n">v1</span><span class="p">;</span> <span class="k">option</span> <span class="na">go_package</span> <span class="o">=</span> <span class="s">"github.com/lakhansamani/ecom-grpc-apis/order/v1"</span><span class="p">;</span> <span class="kd">service</span> <span class="n">OrderService</span> <span class="p">{</span> <span class="c1">// CreateOrder API to create a new order</span> <span class="c1">// Permission: authenticated user</span> <span class="k">rpc</span> <span class="n">CreateOrder</span><span class="p">(</span><span class="n">CreateOrderRequest</span><span class="p">)</span> <span class="k">returns</span> <span class="p">(</span><span class="n">CreateOrderResponse</span><span class="p">);</span> <span class="c1">// GetOrder API to get order details</span> <span class="c1">// Permission: authenticated user who created the order</span> <span class="k">rpc</span> <span class="n">GetOrder</span><span class="p">(</span><span class="n">GetOrderRequest</span><span class="p">)</span> <span class="k">returns</span> <span class="p">(</span><span class="n">GetOrderResponse</span><span class="p">);</span> <span class="p">}</span> <span class="c1">// Order model</span> <span class="kd">message</span> <span class="nc">Order</span> <span class="p">{</span> <span class="kt">string</span> <span class="na">id</span> <span class="o">=</span> <span class="mi">1</span><span class="p">;</span> <span class="kt">string</span> <span class="na">user_id</span> <span class="o">=</span> <span class="mi">2</span><span class="p">;</span> <span class="kt">string</span> <span class="na">product</span> <span class="o">=</span> <span class="mi">3</span><span class="p">;</span> <span class="kt">int32</span> <span class="na">quantity</span> <span class="o">=</span> <span class="mi">4</span><span class="p">;</span> <span class="kt">double</span> <span class="na">unit_price</span> <span class="o">=</span> <span class="mi">5</span><span class="p">;</span> <span class="p">}</span> <span class="c1">// CreateOrder request API</span> <span class="kd">message</span> <span class="nc">CreateOrderRequest</span> <span class="p">{</span> <span class="kt">string</span> <span class="na">product</span> <span class="o">=</span> <span class="mi">1</span><span class="p">;</span> <span class="kt">int32</span> <span class="na">quantity</span> <span class="o">=</span> <span class="mi">2</span><span class="p">;</span> <span class="p">}</span> <span class="c1">// CreateOrder response API</span> <span class="kd">message</span> <span class="nc">CreateOrderResponse</span> <span class="p">{</span> <span class="n">Order</span> <span class="na">order</span> <span class="o">=</span> <span class="mi">1</span><span class="p">;</span> <span class="p">}</span> <span class="c1">// GetOrder request API</span> <span class="kd">message</span> <span class="nc">GetOrderRequest</span> <span class="p">{</span> <span class="kt">string</span> <span class="na">id</span> <span class="o">=</span> <span class="mi">1</span><span class="p">;</span> <span class="p">}</span> <span class="c1">// GetOrder response API</span> <span class="kd">message</span> <span class="nc">GetOrderResponse</span> <span class="p">{</span> <span class="n">Order</span> <span class="na">order</span> <span class="o">=</span> <span class="mi">1</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <h3> New API methods </h3> <ul> <li>CreateOrder - to create order</li> <li>GetOrder - to get order information</li> </ul> <h2> 🔹 Step 4: Generate gRPC Code </h2> <p>To simplify the process lets create a <code>Makefile</code> at the root of <code>apis</code> repo which we can run to generate the go-grpc code.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>touch Makefile </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight make"><code><span class="nl">all</span><span class="o">:</span> <span class="nf">build</span> <span class="nl">build</span><span class="o">:</span> protoc <span class="nt">--go_out</span><span class="o">=</span><span class="nb">.</span> <span class="nt">--go_opt</span><span class="o">=</span><span class="nv">paths</span><span class="o">=</span>source_relative <span class="nt">--go-grpc_out</span><span class="o">=</span><span class="nv">require_unimplemented_servers</span><span class="o">=</span><span class="nb">false</span>:. <span class="nt">--go-grpc_opt</span><span class="o">=</span><span class="nv">paths</span><span class="o">=</span>source_relative user/v1/user.proto protoc <span class="nt">--go_out</span><span class="o">=</span><span class="nb">.</span> <span class="nt">--go_opt</span><span class="o">=</span><span class="nv">paths</span><span class="o">=</span>source_relative <span class="nt">--go-grpc_out</span><span class="o">=</span><span class="nv">require_unimplemented_servers</span><span class="o">=</span><span class="nb">false</span>:. <span class="nt">--go-grpc_opt</span><span class="o">=</span><span class="nv">paths</span><span class="o">=</span>source_relative order/v1/order.proto </code></pre> </div> <p>Run <code>make</code> command to generate the files and push to github.</p> <h2> Code Link </h2> <ul> <li><a href="https://github.com/lakhansamani/ecom-grpc-apis" rel="noopener noreferrer">Github APIs repo</a></li> </ul> <h2> 🎯 Next Steps </h2> <ul> <li>🚀 Now that we have the User &amp; Order Service protobuf, in Part 3, we will:</li> <li>✅ Implement User Service.</li> <li>✅ Implement Order Service.</li> </ul> <p>Stay tuned! 🚀</p> protobuf grpc go microservices Building a Distributed E-commerce App with Go and gRPC – Part 1 Lakhan Samani Mon, 03 Mar 2025 13:13:56 +0000 https://dev.to/lakhansamani/building-a-distributed-e-commerce-app-with-go-and-grpc-part-1-3614 https://dev.to/lakhansamani/building-a-distributed-e-commerce-app-with-go-and-grpc-part-1-3614 <h2> Introduction &amp; Project Overview </h2> <h3> 🚀 Why Build a Distributed System with Go &amp; gRPC? </h3> <p>Modern applications need to be scalable, fast, and efficient. A monolithic approach may work initially, but as your app grows, it becomes hard to maintain. This is where microservices come in!</p> <p>In this series, we’ll build a simple distributed e-commerce system using Go, gRPC, PostgreSQL, and Kubernetes. By the end of this series, you’ll understand how to:</p> <ul> <li>✅ Design gRPC APIs for communication between services.</li> <li>✅ Implement services with Go and handle user authentication.</li> <li>✅ Use middleware for logging, monitoring, and security.</li> <li>✅ Deploy services to Kubernetes and scale them dynamically.</li> </ul> <h2> 📌 Project Overview: What Are We Building? </h2> <p>We’ll build a simplified e-commerce backend with two core services:</p> <p>User Service 🧑‍💻<br> - Create users<br> - Authenticate users with JWT<br> - Retrieve user details</p> <p>Order Service 📦<br> - Place an order (linked to a user)<br> - Get order details</p> <h3> 🛠 Tech Stack </h3> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Technology</th> <th>Purpose</th> </tr> </thead> <tbody> <tr> <td>Go</td> <td>Backend services</td> </tr> <tr> <td>gRPC</td> <td>Communication between services</td> </tr> <tr> <td>PostgreSQL</td> <td>Database for users &amp; orders</td> </tr> <tr> <td>Redis</td> <td>Caching &amp; rate-limiting</td> </tr> <tr> <td>Prometheus &amp; Grafana</td> <td>Monitoring &amp; metrics</td> </tr> <tr> <td>Prometheus &amp; Alertmanager</td> <td>Setting up alerts for failures</td> </tr> <tr> <td>Kubernetes (K8s)</td> <td>Deployment &amp; auto-scaling</td> </tr> </tbody> </table></div> <h3> 🌍 System Architecture </h3> <p>Here’s how the services interact:</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fgm49ydwys6ezssnsl338.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fgm49ydwys6ezssnsl338.jpg" alt="services-architecture" width="800" height="452"></a></p> <ul> <li>The User Service stores user data in PostgreSQL.</li> <li>The Order Service processes orders and links them to users.</li> <li>Both services communicate via gRPC instead of REST for high performance.</li> </ul> <h2> 📝 Step 1: Setting Up the Project </h2> <h3> 1️⃣ Install Dependencies </h3> <p>Make sure you have Go installed (v1.23+ recommended). Then install proto buff:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>go <span class="nb">install </span>google.golang.org/protobuf/cmd/protoc-gen-go@latest go <span class="nb">install </span>google.golang.org/grpc/cmd/protoc-gen-go-grpc@latest </code></pre> </div> <p>Now add them to your <code>PATH</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">export </span><span class="nv">PATH</span><span class="o">=</span><span class="s2">"</span><span class="nv">$PATH</span><span class="s2">:</span><span class="si">$(</span>go <span class="nb">env </span>GOPATH<span class="si">)</span><span class="s2">/bin"</span> </code></pre> </div> <h3> 2️⃣ Create the Project Structure </h3> <p>Run the following to set up the project:</p> <blockquote> <p>Note: please replace github.com/lakhansamani with your github or go package URL.<br> </p> </blockquote> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">mkdir </span>ecom-grpc <span class="nb">cd </span>ecom-grpc <span class="nb">mkdir </span>apis userd orderd <span class="nb">cd </span>apis <span class="c"># common repo for all the service apis </span> go mod init github.com/lakhansamani/ecom-grpc-apis <span class="nb">cd</span> .. <span class="nb">cd </span>userd <span class="c"># user service</span> go mod init github.com/lakhansamani/ecom-grpc-userd <span class="nb">cd</span> .. <span class="nb">cd </span>orderd <span class="c"># order service</span> go mod init github.com/lakhansamani/ecom-grpc-orderd </code></pre> </div> <p>🎯 Next Steps<br> In Part 2, we’ll define our gRPC APIs using Protobuf and implement the User Service in Go. Stay tuned! 🚀</p> microservices grpc go webdev Why Microservices Are Important Compared to Monolithic Architecture Lakhan Samani Sun, 25 Aug 2024 05:47:40 +0000 https://dev.to/lakhansamani/why-microservices-are-important-compared-to-monolithic-architecture-34ne https://dev.to/lakhansamani/why-microservices-are-important-compared-to-monolithic-architecture-34ne <p>In today's fast-paced technological landscape, businesses need scalable and flexible solutions to adapt quickly to changing demands. This is where microservices architecture shines compared to the traditional monolithic approach.</p> <h2> 1. What is Monolithic Architecture? </h2> <p>Monolithic architecture is a single, unified system where all components are interconnected and interdependent. This means that any changes or updates to the system require the entire application to be rebuilt and redeployed. While this approach may work for smaller projects, it can become a bottleneck as the system grows.</p> <h2> 2. What is Microservices Architecture? </h2> <p>Microservices architecture, on the other hand, breaks down a large application into smaller, independent services that can be developed, deployed, and scaled independently. Each service focuses on a specific business functionality and communicates with other services through APIs. This modular approach offers several advantages:</p> <h2> 3. Benefits of Microservices over Monolithic Architecture </h2> <ul> <li><p>Scalability: Microservices allow you to scale specific parts of your application independently, rather than scaling the entire system. This targeted scaling can lead to more efficient resource usage and cost savings.</p></li> <li><p>Flexibility and Agility: With microservices, different teams can work on different services simultaneously, using different technologies if needed. This accelerates development and allows for faster iteration and deployment.</p></li> <li><p>Improved Fault Isolation: In a microservices architecture, if one service fails, it doesn't necessarily bring down the entire application. This isolation makes the system more resilient and easier to maintain.</p></li> <li><p>Technology Diversity: Microservices enable the use of different programming languages, frameworks, or databases for different services, making it easier to adopt new technologies.</p></li> </ul> <h2> How Golang Helps in Microservices </h2> <p>Golang (Go) has become a popular choice for developing microservices due to its simplicity, performance, and concurrency model. Here's how Golang fits well with the microservices architecture:</p> <ul> <li><p>Performance: Go's lightweight nature and efficient execution model make it ideal for building high-performance microservices. Its compiled binaries are fast and have a small memory footprint.</p></li> <li><p>Concurrency: Go's goroutines and channels provide a simple yet powerful way to handle concurrent tasks, which is a common requirement in microservices for handling multiple requests simultaneously.</p></li> <li><p>Scalability: Go's efficient resource management and quick start-up time make it easier to scale services. Its built-in tools and libraries simplify the process of scaling and deploying microservices.</p></li> <li><p>Simplicity and Maintainability: Go's straightforward syntax and minimalistic design make it easier to read, understand, and maintain code, which is crucial in a microservices environment where multiple teams may be working on different services.</p></li> </ul> <h2> Common Mistakes in Microservices </h2> <p>While microservices offer many benefits, there are also pitfalls to watch out for:</p> <ul> <li><p>Over-Engineering: One of the common mistakes is creating too many microservices from the start. It's essential to find the right balance and avoid unnecessary complexity.</p></li> <li><p>Poor Service Boundaries: Defining clear boundaries for each service is critical. Overlapping responsibilities or tightly coupled services can lead to the same problems as monolithic architecture.</p></li> <li><p>Inefficient Communication: Microservices rely on network communication, which can introduce latency and increase the complexity of the system. It's essential to optimize communication and handle network failures gracefully.</p></li> <li><p>Lack of Monitoring and Logging: With many services running independently, monitoring and logging are crucial for tracking performance and diagnosing issues. Without proper observability, it becomes challenging to maintain the system.</p></li> <li><p>Ignoring Data Management Challenges: Managing data consistency across services can be challenging. It's important to design with eventual consistency in mind and use appropriate strategies for data synchronization.</p></li> </ul> <h2> Conclusion </h2> <p>Microservices architecture offers a scalable, flexible, and resilient approach to building modern applications. Golang's performance, concurrency model, and simplicity make it a great choice for developing microservices. However, careful planning and execution are required to avoid common pitfalls and fully leverage the benefits of microservices. By understanding these challenges and making informed decisions, organizations can successfully transition from monolithic to microservices architecture.</p> microservices go softwareengineering webdev Authorize NodeJS APIs using Authorizer Lakhan Samani Tue, 23 May 2023 08:35:04 +0000 https://dev.to/lakhansamani/authorize-nodejs-apis-using-authorizer-3ncf https://dev.to/lakhansamani/authorize-nodejs-apis-using-authorizer-3ncf <p>In this blog post, we will learn how to authorize users for API calls, based on valid sessions and roles using <a href="http://authorizer.dev/" rel="noopener noreferrer">Authorizer</a>. <a href="http://authorizer.dev/" rel="noopener noreferrer">Authorizer</a> is an open-source database-independent auth solution. You can bring your database and have authentication and authorization service ready out of the box.</p> <p>For the demo purpose, we will be using [Express](<a href="https://expressjs.com/" rel="noopener noreferrer">https://expressjs.com/</a>) server and writing a middleware that will validate user sessions &amp; roles based on the JWT (JSON Web Token) in the <code>Authorization</code> header.</p> <p>Refer to the source code on <a href="https://github.com/authorizerdev/examples/tree/main/with-express-js" rel="noopener noreferrer">github</a>.</p> <h2> Step 1: Setup Authorizer Instance </h2> <p>Deploy production-ready Authorizer instance using one-click deployment options available below</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th><strong>Infra provider</strong></th> <th><strong>One-click link</strong></th> <th><strong>Additional information</strong></th> </tr> </thead> <tbody> <tr> <td>Railway.app</td> <td><a href="https://railway.app/new/template/nwXp1C?referralCode=FEF4uT" rel="noopener noreferrer"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Frailway.app%2Fbutton.svg" alt="Deploy on Railway" width="183" height="40"></a></td> <td><a href="https://docs.authorizer.dev/deployment/railway" rel="noopener noreferrer">docs</a></td> </tr> <tr> <td>Heroku</td> <td><a href="https://heroku.com/deploy?template=https://github.com/authorizerdev/authorizer-heroku" rel="noopener noreferrer"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fwww.herokucdn.com%2Fdeploy%2Fbutton.svg" alt="Deploy to Heroku" width="147" height="32"></a></td> <td><a href="https://docs.authorizer.dev/deployment/heroku" rel="noopener noreferrer">docs</a></td> </tr> <tr> <td>Render</td> <td><a href="https://render.com/deploy?repo=https://github.com/authorizerdev/authorizer-render" rel="noopener noreferrer"><img alt="render button" src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Frender.com%2Fimages%2Fdeploy-to-render-button.svg" width="800" height="400"></a></td> <td><a href="https://docs.authorizer.dev/deployment/render" rel="noopener noreferrer">docs</a></td> </tr> </tbody> </table></div> <p>For more information &amp; deployment options like docker / Kubernetes / helm charts refer to the <a href="https://docs.authorizer.dev/deployment" rel="noopener noreferrer">docs</a></p> <p><strong>Configure Instance</strong></p> <ul> <li><p>Open the Authorizer instance endpoint in a browser</p></li> <li><p>SignUp as an Admin with a secure password</p></li> <li> <p>Configure environment variables from the dashboard. Check <a href="https://docs.authorizer.dev/core/env" rel="noopener noreferrer">env docs</a> for more information.</p> <blockquote> <p>Note: <code>DATABASE_URL</code> , <code>DATABASE_TYPE</code> , <code>REDIS_URL</code> are the variables that can only be configured as the authorizer instance's system environment variable.</p> </blockquote> </li> </ul> <h2> Step 2: Create Express App </h2> <blockquote> <p>Note: This step is optional if you already have a Nodejs application up and running</p> </blockquote> <ul> <li> <p>Setup project<br> </p> <pre class="highlight shell"><code><span class="c"># Create directory</span> <span class="nb">mkdir </span>my-apis <span class="c"># Change directory</span> <span class="nb">cd </span>my-apis <span class="c"># Initialize nodejs APP</span> npm init <span class="nt">-y</span> <span class="c"># Install express</span> npm <span class="nb">install </span>express <span class="c"># Create index.js</span> <span class="nb">touch </span>index.js </code></pre> </li> <li> <p>Add Start Command to <code>package.json</code><br> </p> <pre class="highlight javascript"><code><span class="p">{</span> <span class="dl">"</span><span class="s2">name</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">my-apis</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">version</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">1.0.0</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">description</span><span class="dl">"</span><span class="p">:</span> <span class="dl">""</span><span class="p">,</span> <span class="dl">"</span><span class="s2">main</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">index.js</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">scripts</span><span class="dl">"</span><span class="p">:</span> <span class="p">{</span> <span class="dl">"</span><span class="s2">start</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">node index.js</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">test</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">echo </span><span class="se">\"</span><span class="s2">Error: no test specified</span><span class="se">\"</span><span class="s2"> &amp;&amp; exit 1</span><span class="dl">"</span> <span class="p">},</span> <span class="dl">"</span><span class="s2">keywords</span><span class="dl">"</span><span class="p">:</span> <span class="p">[],</span> <span class="dl">"</span><span class="s2">author</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Lakhan Samani</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">license</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">ISC</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">dependencies</span><span class="dl">"</span><span class="p">:</span> <span class="p">{</span> <span class="dl">"</span><span class="s2">express</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">^4.18.2</span><span class="dl">"</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </li> <li> <p>Setup Express App and Create a basic API in <code>index.js</code><br> </p> <pre class="highlight javascript"><code><span class="c1">// index.js</span> <span class="kd">const</span> <span class="nx">express</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">express</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">app</span> <span class="o">=</span> <span class="nf">express</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">port</span> <span class="o">=</span> <span class="s2">`3000`</span><span class="p">;</span> <span class="nx">app</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">/</span><span class="dl">'</span><span class="p">,</span> <span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">res</span><span class="p">.</span><span class="nf">send</span><span class="p">(</span><span class="dl">'</span><span class="s1">Hello World</span><span class="dl">'</span><span class="p">);</span> <span class="p">});</span> <span class="nx">app</span><span class="p">.</span><span class="nf">listen</span><span class="p">(</span><span class="nx">port</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="s2">`[server]: Server is running at http://localhost:</span><span class="p">${</span><span class="nx">port</span><span class="p">}</span><span class="s2">`</span><span class="p">);</span> <span class="p">});</span> </code></pre> </li> </ul> <h2> Step 3: Create Authorization Middleware </h2> <ul> <li> <p>Install <code>@authorizerdev/authorizer-js</code><br> </p> <pre class="highlight shell"><code>npm i <span class="nt">--save</span> @authorizerdev/authorizer-js </code></pre> </li> <li> <p>Create <code>auth_middleware.js</code><br> </p> <pre class="highlight shell"><code><span class="nb">touch </span>auth_middleware.js </code></pre> </li> <li> <p>Implement authorization middleware<br> </p> <pre class="highlight javascript"><code><span class="c1">// auth_middleware.js</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">Authorizer</span> <span class="p">}</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">"</span><span class="s2">@authorizerdev/authorizer-js</span><span class="dl">"</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">authRef</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Authorizer</span><span class="p">({</span> <span class="na">authorizerURL</span><span class="p">:</span> <span class="dl">"</span><span class="s2">AUTHORIZER_URL_FROM_STEP 1</span><span class="dl">"</span><span class="p">,</span> <span class="na">redirectURL</span><span class="p">:</span> <span class="dl">"</span><span class="s2">FRONTEND_URL</span><span class="dl">"</span><span class="p">,</span> <span class="na">clientID</span><span class="p">:</span> <span class="dl">"</span><span class="s2">AUTHORIZER_CLIENT_ID FROM DASHBOARD</span><span class="dl">"</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">authMiddleware</span> <span class="o">=</span> <span class="k">async </span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">,</span> <span class="nx">next</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">authHeader</span> <span class="o">=</span> <span class="nx">req</span><span class="p">.</span><span class="nx">headers</span><span class="p">.</span><span class="nx">authorization</span><span class="p">;</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">authHeader</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">403</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Authorization not found</span><span class="dl">"</span> <span class="p">});</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">splitHeader</span> <span class="o">=</span> <span class="nx">authHeader</span><span class="p">.</span><span class="nf">split</span><span class="p">(</span><span class="dl">"</span><span class="s2"> </span><span class="dl">"</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="nx">splitHeader</span><span class="p">.</span><span class="nx">length</span> <span class="o">!=</span> <span class="mi">2</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">403</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Invalid auth header</span><span class="dl">"</span> <span class="p">});</span> <span class="p">}</span> <span class="k">if </span><span class="p">(</span><span class="nx">splitHeader</span><span class="p">[</span><span class="mi">0</span><span class="p">].</span><span class="nf">toLowerCase</span><span class="p">()</span> <span class="o">!=</span> <span class="dl">"</span><span class="s2">bearer</span><span class="dl">"</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">403</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Bearer token not found</span><span class="dl">"</span> <span class="p">});</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">token</span> <span class="o">=</span> <span class="nx">splitHeader</span><span class="p">[</span><span class="mi">1</span><span class="p">];</span> <span class="c1">// Validate jwt token via authorizer sdk</span> <span class="k">try</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">res</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">authRef</span><span class="p">.</span><span class="nf">validateJWTToken</span><span class="p">({</span> <span class="nx">token</span><span class="p">,</span> <span class="na">token_type</span><span class="p">:</span> <span class="dl">"</span><span class="s2">id_token</span><span class="dl">"</span><span class="p">,</span> <span class="c1">// This can be access_token, refresh_token</span> <span class="c1">// roles: [user] // specify roles that you want to validate jwt for, by default it will just verify jwt.</span> <span class="p">});</span> <span class="nx">req</span><span class="p">.</span><span class="nx">user</span> <span class="o">=</span> <span class="nx">res</span><span class="p">.</span><span class="nx">claims</span><span class="p">;</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">err</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="nx">err</span><span class="p">);</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">403</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Invalid JWT token</span><span class="dl">"</span> <span class="p">});</span> <span class="p">}</span> <span class="nf">next</span><span class="p">();</span> <span class="p">}</span> <span class="nx">module</span><span class="p">.</span><span class="nx">exports</span> <span class="o">=</span> <span class="nx">authMiddleware</span> </code></pre> </li> </ul> <h2> Step 4: Add auth middleware to APIs </h2> <p>Update <code>index.js</code> with following content<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// index.js</span> <span class="kd">const</span> <span class="nx">express</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">express</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">authMiddleware</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">./auth_middleware</span><span class="dl">'</span><span class="p">)</span> <span class="kd">const</span> <span class="nx">app</span> <span class="o">=</span> <span class="nf">express</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">port</span> <span class="o">=</span> <span class="s2">`3000`</span><span class="p">;</span> <span class="nx">app</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">/</span><span class="dl">'</span><span class="p">,</span> <span class="nx">authMiddleware</span><span class="p">,</span> <span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">res</span><span class="p">.</span><span class="nf">send</span><span class="p">(</span><span class="dl">'</span><span class="s1">Hello World</span><span class="dl">'</span><span class="p">);</span> <span class="p">});</span> <span class="nx">app</span><span class="p">.</span><span class="nf">listen</span><span class="p">(</span><span class="nx">port</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="s2">`[server]: Server is running at http://localhost:</span><span class="p">${</span><span class="nx">port</span><span class="p">}</span><span class="s2">`</span><span class="p">);</span> <span class="p">});</span> </code></pre> </div> <h2> Step 5: Test the API </h2> <ul> <li> <p>Start API Server<br> </p> <pre class="highlight shell"><code>npm start </code></pre> </li> <li> <p>Make a curl request<br> </p> <pre class="highlight shell"><code>curl http://localhost:3000 </code></pre> </li> </ul> <blockquote> <p>Note: This will return an error, as we have not specified the Authorization header with a valid JWT token</p> </blockquote> <ul> <li> <p>For this test to pass we need to have a valid JWT token, so let's generate a valid JWT by making a login call to the authorizer server<br> </p> <pre class="highlight shell"><code><span class="c"># Replace Authorizer URL from step 1</span> <span class="c"># Replace credentials with right credentials in --data-raw (demo@yopmail.com, Test@123#)</span> <span class="c"># If you have no user on your instance, first signup using AUTHORIZER_URL_FROM_STEP_1/app?redirect_uri=AUTHORIZER_URL_FROM_STEP_1/app</span> curl <span class="nt">--location</span> <span class="nt">--request</span> POST <span class="s1">'AUTHORIZER_URL_FROM_STEP_1/graphql'</span> <span class="se">\</span> <span class="nt">--header</span> <span class="s1">'Content-Type: application/json'</span> <span class="se">\</span> <span class="nt">--data-raw</span> <span class="s1">'{"query":"mutation login {\n login(params: {\n email: \"demo@yopmail.com\",\n password: \"Test@123#\"\n }) {\n id_token\n }\n}","variables":{}}'</span> </code></pre> <p>This should return an <code>id_token</code> in response, as shown in the screenshot below. Copy the <code>id_token</code> from the response and pass it to our nodeJS API server</p> </li> <li> <p>Test the API<br> </p> <pre class="highlight shell"><code>curl <span class="nt">--header</span> <span class="s1">'Authorization: Bearer TOKEN_COPIED_FROM_ABOVE_STEP'</span> http://localhost:3000 </code></pre> </li> </ul> <p>That's all I hope this helps you authorize your APIs easily and make them secure based on the correct session and roles.</p> <p><strong>For more information check out the links below.</strong></p> <ul> <li><p>Website: <a href="https://authorizer.dev" rel="noopener noreferrer">https://authorizer.dev</a></p></li> <li><p>Docs: <a href="https://docs.authorizer.dev" rel="noopener noreferrer">https://docs.authorizer.dev</a></p></li> <li><p>Github: <a href="https://github.com/authorizerdev/authorizer" rel="noopener noreferrer">https://github.com/authorizerdev/authorizer</a></p></li> <li><p>React SDK: <a href="https://github.com/authorizerdev/authorizer-react" rel="noopener noreferrer">https://github.com/authorizerdev/authorizer-react</a></p></li> <li><p>Javascript SDK: <a href="https://github.com/authorizerdev/authorizer-js" rel="noopener noreferrer">https://github.com/authorizerdev/authorizer-js</a></p></li> <li><p>Youtube: <a href="https://youtube.com/playlist?list=PLSQGbUjHc6bpaAgCiQPzNxiUPr7SkDAFR" rel="noopener noreferrer">https://youtube.com/playlist?list=PLSQGbUjHc6bpaAgCiQPzNxiUPr7SkDAFR</a></p></li> <li><p>Examples: <a href="https://github.com/authorizerdev/examples/" rel="noopener noreferrer">https://github.com/authorizerdev/examples/</a></p></li> <li><p>Discord: <a href="https://discord.gg/Zv2D5h6kkK" rel="noopener noreferrer">https://discord.gg/Zv2D5h6kkK</a></p></li> <li><p>Github Sponsorship: <a href="https://github.com/sponsors/authorizerdev/" rel="noopener noreferrer">https://github.com/sponsors/authorizerdev/</a></p></li> <li><p>Buy me Coffee: <a href="https://www.buymeacoffee.com/lakhansamani" rel="noopener noreferrer">https://www.buymeacoffee.com/lakhansamani</a></p></li> </ul> opensource javascript auth node Using Authorizer with DynamoDB and EKS Lakhan Samani Fri, 18 Nov 2022 12:57:53 +0000 https://dev.to/lakhansamani/using-authorizer-with-dynamodb-and-eks-3hl7 https://dev.to/lakhansamani/using-authorizer-with-dynamodb-and-eks-3hl7 <p>Hello people, on 3rd November 2022 I had amazing opportunity to speak at AWS community (Vadodara) event happening in my city. I presented on using <a href="https://authorizer.dev" rel="noopener noreferrer">Authorizer</a> with DynamoDB and EKS.</p> <p><a href="https://authorizer.dev" rel="noopener noreferrer">Authorizer</a> is database independent open source auth solution. It supports 12+ databases including all the major SQL, NoSQL and Graph databases.</p> <p>So, as a part of demo I created a Task Manager (TODO) application, which will allow authenticated user to</p> <ul> <li>Create Task</li> <li>Watch their own tasks</li> <li>Mark Task as done</li> <li>Delete Task</li> </ul> <p>The tech stack we will be using is:</p> <ul> <li> <a href="https://aws.amazon.com/dynamodb/" rel="noopener noreferrer">DynamoDB</a> to store user information and tasks</li> <li> <a href="https://authorizer.dev" rel="noopener noreferrer">Authorizer</a> to authenticate and authorize users</li> <li> <a href="https://github.com/gin-gonic/gin" rel="noopener noreferrer">GoLang Gin Server</a> to create tasks apis</li> <li> <a href="https://reactjs.org/" rel="noopener noreferrer">React</a> to create frontend application</li> <li> <a href="https://aws.amazon.com/eks/" rel="noopener noreferrer">EKS</a> to deploy authorizer &amp; go-gin server</li> <li> <a href="https://www.netlify.com/" rel="noopener noreferrer">Netlify</a> to deploy frontend application</li> </ul> <p>Here is a small architecture diagram demonstrating how the overall application will look like</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fa9fngsz57fz8xywpmby6.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fa9fngsz57fz8xywpmby6.png" alt="architecture-image" width="800" height="398"></a></p> <h2> Code Repository </h2> <p><a href="https://github.com/lakhansamani/authorizer-aws-demo" rel="noopener noreferrer">Github Repository</a>: This repository contains code for <a href="https://github.com/lakhansamani/authorizer-aws-demo/tree/main/apis" rel="noopener noreferrer">TODO API</a>, <a href="https://github.com/lakhansamani/authorizer-aws-demo/tree/main/todo-app" rel="noopener noreferrer">Frontend Application</a>, <a href="https://github.com/lakhansamani/authorizer-aws-demo/blob/main/eks.yaml" rel="noopener noreferrer">EKS Cluster Creation</a>, <a href="https://github.com/lakhansamani/authorizer-aws-demo/blob/main/authorizer_ingress.yaml" rel="noopener noreferrer">Ingress / Domain Setup</a></p> <h2> Let's Get Started </h2> <h3> Prerequisite </h3> <ul> <li><a href="https://aws.amazon.com/" rel="noopener noreferrer">aws account</a></li> <li> <a href="https://aws.amazon.com/iam/" rel="noopener noreferrer">iam</a> user with permission for DynamoDB, EKS, EC2, IAM Policy Creation, Route53, EBS Controller</li> <li><a href="https://kubernetes.io/docs/tasks/tools/" rel="noopener noreferrer">kubectl</a></li> <li><a href="https://aws.amazon.com/cli/" rel="noopener noreferrer">awscli</a></li> <li><a href="https://eksctl.io/" rel="noopener noreferrer">eksctl</a></li> <li><a href="https://helm.sh/" rel="noopener noreferrer">helm</a></li> <li>Configure AWS profile on your machine with user credentials</li> <li>Export your AWS credentials </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> aws configure <span class="nt">--profile</span> PROFILE_NAME <span class="nb">export </span><span class="nv">AWS_PROFILE</span><span class="o">=</span>PROFILE_NAME <span class="nb">export </span><span class="nv">AWS_ACCESS_KEY_ID</span><span class="o">=</span>YOUR_ACCESS_KEY_ID <span class="nb">export </span><span class="nv">AWS_SECRET_ACCESS_KEY</span><span class="o">=</span>YOUR_SECRET_ACCESS_KEY </code></pre> </div> <h3> Step 1: Clone the Repository </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>git clone https://github.com/lakhansamani/authorizer-aws-demo.git <span class="nb">cd </span>authorizer-aws-demo </code></pre> </div> <h3> Step 2: Create EKS Cluster </h3> <blockquote> <p>Note: You can update machine configuration in eks.yaml file.<br> </p> </blockquote> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>eksctl create cluster <span class="nt">-f</span> eks.yaml </code></pre> </div> <h3> Step 3: Install Nginx Ingress </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx helm repo update helm upgrade <span class="nt">--install</span> ingress-nginx ingress-nginx/ingress-nginx <span class="se">\</span> <span class="nt">--namespace</span> ingress-nginx <span class="se">\</span> <span class="nt">--create-namespace</span> <span class="se">\</span> <span class="nt">--timeout</span> 600s <span class="se">\</span> <span class="nt">--debug</span> <span class="se">\</span> <span class="nt">--set</span> controller.publishService.enabled<span class="o">=</span><span class="nb">true</span> </code></pre> </div> <h3> Step 4: Install Cert Manager </h3> <p>Cert manager is used to generate TLS certificate<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>helm repo add jetstack https://charts.jetstack.io helm repo update kubectl apply <span class="nt">-f</span> https://github.com/cert-manager/cert-manager/releases/download/v1.8.2/cert-manager.crds.yaml helm <span class="nb">install</span> <span class="se">\</span> cert-manager jetstack/cert-manager <span class="se">\</span> <span class="nt">--namespace</span> cert-manager <span class="se">\</span> <span class="nt">--create-namespace</span> <span class="se">\</span> <span class="nt">--version</span> v1.8.2 </code></pre> </div> <h3> Step 5: Install Authorizer </h3> <blockquote> <p>Note: Please change <code>authorizer.authorizer_url</code> as per your domain and URL.<br> </p> </blockquote> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>helm repo add authorizer https://helm-charts.authorizer.dev helm repo update helm <span class="nb">install</span> <span class="se">\</span> <span class="nt">--set</span> authorizer.database_type<span class="o">=</span>dynamodb <span class="se">\</span> <span class="nt">--set</span> authorizer.aws_access_key_id<span class="o">=</span><span class="k">${</span><span class="nv">AWS_ACCESS_KEY_ID</span><span class="k">}</span> <span class="se">\</span> <span class="nt">--set</span> authorizer.aws_secret_access_key<span class="o">=</span><span class="k">${</span><span class="nv">AWS_SECRET_ACCESS_KEY</span><span class="k">}</span> <span class="se">\</span> <span class="nt">--set</span> authorizer.aws_region<span class="o">=</span>us-east-1 <span class="se">\</span> <span class="nt">--set</span> authorizer.authorizer_url<span class="o">=</span>https://auth.aws-demo.authorizer.dev <span class="se">\</span> <span class="nt">--set</span> redis.install<span class="o">=</span><span class="nb">true</span> <span class="se">\</span> <span class="nt">--set</span> redis.storage<span class="o">=</span>5Gi <span class="se">\</span> <span class="nt">--set</span> redis.storageClassName<span class="o">=</span>gp2 <span class="se">\</span> <span class="nt">--set</span> securityContext.readOnlyRootFilesystem<span class="o">=</span><span class="nb">false</span> <span class="se">\</span> authorizer authorizer/authorizer </code></pre> </div> <h3> Step 6: Create Route53 Hosted Zone </h3> <ul> <li>Create Hosted Zone</li> <li>Create Subdomain Record with classic load balancer and select loadbalancer created by nginx</li> </ul> <p>Example: <code>auth.aws-demo.authorizer.dev</code> in below screenshot</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fqyeyu7ygmnts9qenu5zt.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fqyeyu7ygmnts9qenu5zt.png" alt="route53" width="800" height="476"></a></p> <h3> Step 7: Create Cluster Issuer with dns01 challenge </h3> <blockquote> <p>Note: Change email &amp; hostzoneID as per step5 in <code>cluster_issuer.yaml</code></p> </blockquote> <p>Cert manager will add txt record and will verify the domain details using this issuer.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>kubectl apply <span class="nt">-f</span> cluster_issuer.yaml </code></pre> </div> <h3> Step 8: Create Ingress for authorizer </h3> <blockquote> <p>Note: Change authorizer domain as per your auth domain in <code>authorizer_ingress.yaml</code><br> </p> </blockquote> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>kubectl apply <span class="nt">-f</span> authorizer_ingress.yaml </code></pre> </div> <p>Open your authorizer dashboard, configure admin password and get client ID.</p> <h3> Step 9: Deploy API resources </h3> <blockquote> <p>Note: Change <code>authorizer_client_id</code> to based64 encoded value authorizer client_id value obtained in step 7 in api.yaml L:8. Also change domain name in ingress section.<br> </p> </blockquote> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>kubectl apply <span class="nt">-f</span> api.yaml </code></pre> </div> <h3> Step 10: Deploy frontend </h3> <p>You can deploy frontend to provider of your choice OR on the same stack. For demo purpose I have deployed it on Netlify and connected subdomain there.</p> <p>Thats all you need. Hope it makes your life easier to deploy authorizer + any other service on AWS</p> <p><strong>For more information check</strong></p> <ul> <li>Website: <a href="https://authorizer.dev" rel="noopener noreferrer">https://authorizer.dev</a> </li> <li>Docs: <a href="https://docs.authorizer.dev" rel="noopener noreferrer">https://docs.authorizer.dev</a> </li> <li>Github: <a href="https://github.com/authorizerdev/authorizer" rel="noopener noreferrer">https://github.com/authorizerdev/authorizer</a> </li> <li>React-SDK: <a href="https://github.com/authorizerdev/authorizer-react" rel="noopener noreferrer">https://github.com/authorizerdev/authorizer-react</a> </li> <li>JS-SDK: <a href="https://github.com/authorizerdev/authorizer-js" rel="noopener noreferrer">https://github.com/authorizerdev/authorizer-js</a> </li> <li>Youtube: <a href="https://youtube.com/playlist?list=PLSQGbUjHc6bpaAgCiQPzNxiUPr7SkDAFR" rel="noopener noreferrer">https://youtube.com/playlist?list=PLSQGbUjHc6bpaAgCiQPzNxiUPr7SkDAFR</a> </li> <li>Discord: <a href="https://discord.gg/Zv2D5h6kkK" rel="noopener noreferrer">https://discord.gg/Zv2D5h6kkK</a> </li> <li>Github Sponsorship: <a href="https://github.com/sponsors/authorizerdev" rel="noopener noreferrer">https://github.com/sponsors/authorizerdev</a> </li> <li>Buy me coffee: <a href="https://www.buymeacoffee.com/lakhansamani" rel="noopener noreferrer">https://www.buymeacoffee.com/lakhansamani</a> </li> </ul> react javascript webdev Introducing Authorizer 1.0 Lakhan Samani Mon, 15 Aug 2022 16:31:00 +0000 https://dev.to/lakhansamani/introducing-authorizer-10-j3 https://dev.to/lakhansamani/introducing-authorizer-10-j3 <p>We’re excited to announce the stable version of <a href="https://authorizer.dev" rel="noopener noreferrer">https://authorizer.dev</a> with the most significant updates 🥳. The most complex part of your application, i.e. auth has never been this simple in the open-source space before. Bring your database and have auth layer ready for the application within minutes 🚀.</p> <h2> You can get started in 3 easy steps </h2> <p><strong>Step 1:</strong> <a href="https://docs.authorizer.dev/getting-started" rel="noopener noreferrer">Deploy Authorizer Instance</a></p> <p><strong>Step 2:</strong> <a href="https://docs.authorizer.dev/getting-started" rel="noopener noreferrer">Setup the instance using built-in dashboard</a></p> <p><strong>Step 3</strong>: <a href="https://docs.authorizer.dev/getting-started" rel="noopener noreferrer">Integrate the universal login page with your application</a></p> <p>Let’s have a look at the amazing set of features 🚀</p> <h2> Secure Session Management </h2> <p>Authorizer follows the best practices in the auth space and gives you secure session management using</p> <ul> <li>HTTP only cookies (Recommended for web)</li> <li> <a href="https://oauth.net/2/pkce/" rel="noopener noreferrer">Authorization Code Flow</a> (Recommended for mobile applications)</li> <li>OAuth2 with Open ID compatible APIs</li> </ul> <h2> Multiple Auth Recipes </h2> <p>Authorizer comes with an amazing set of auth recipes out of the box, which includes major social media logins, magic link login, and basic authentication. You can easily configure this recipe using the dashboard that is shipped with every instance of Authorizer. </p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fzi8ls2q0xh29wqnnxgwf.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fzi8ls2q0xh29wqnnxgwf.png" alt="Image description" width="800" height="422"></a></p> <h2> Myriad Database Support </h2> <p>Authorizer now supports 11+ databases including major SQL, NoSQL, and GraphDB with the motive <strong>Your Data Your Control</strong>. Bring your database and it will just add a few tables/collections in your database to generate auth layer for you.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fc9vm24aswwxy3r5cmn73.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fc9vm24aswwxy3r5cmn73.png" alt="Image description" width="800" height="169"></a></p> <h2> Role Base Access Control </h2> <p>Secure your APIs and UI depending on various roles for your application. You can easily configure the user roles in your dashboard and have them validated in the JWT tokens.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F49fk0xg147mvyls0v1uv.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F49fk0xg147mvyls0v1uv.png" alt="Image description" width="800" height="432"></a> </p> <h2> Integrate / Implement </h2> <p>Every instance of Authorizer comes with a universal login page which you can integrate in your application with a few lines of code. This page is rendered based on the configuration you have in the dashboard. Still, if you need to build the custom UI then we have React SDK and JS SDK which you can leverage.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F1fr5m7ktmz3z5qqs2uxd.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F1fr5m7ktmz3z5qqs2uxd.png" alt="Image description" width="800" height="411"></a></p> <h2> Custom Emails </h2> <p>Now you can send emails for various Authorizer events with your own design and messaging. You can also give personal touch to this emails with the help of dynamic variables that will be replaced before sending emails</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fqlaao08mvfita7buoy56.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fqlaao08mvfita7buoy56.png" alt="Image description" width="800" height="438"></a> </p> <h2> Multi-factor Authentication </h2> <p>Now you can add one more layer of security by enabling multi-factor authentication which will send one time passwords (OTP) via emails to users and after entering that password only user will be able to access your application. This feature is enabled for basic authentication at the moment.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F8vrifkrm2tykiwsi58gx.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F8vrifkrm2tykiwsi58gx.png" alt="Image description" width="800" height="392"></a> </p> <h2> Listen to events </h2> <p>Most advanced feature of Authorizer. You can now listen to various Authorizer events in your APIs with the help of webhooks and take further actions if required</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F4snaxte5vzw52mywz1c9.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F4snaxte5vzw52mywz1c9.png" alt="Image description" width="800" height="436"></a> </p> <p>With all this amazing set of features, you can deploy Authorizer instances on your infrastructure using Docker, Kubernetes, or Binaries. Also, you can use the one-click deployment options that we offer to get started quickly 🚀</p> <p><iframe width="710" height="399" src="https://www.youtube.com/embed/DFgo0TuA4c8"> </iframe> </p> <p>I hope you like it and give it a try. You can support our work by contributing to the project, sending Github sponsorship, buying us coffee, or giving us a star on Github. For more information check out the links below.</p> <p>Website: <a href="https://authorizer.dev" rel="noopener noreferrer">https://authorizer.dev</a> </p> <p>Docs: <a href="https://docs.authorizer.dev" rel="noopener noreferrer">https://docs.authorizer.dev</a> </p> <p>Github: <a href="https://github.com/authorizerdev/authorizer" rel="noopener noreferrer">https://github.com/authorizerdev/authorizer</a> </p> <p>React SDK: <a href="https://github.com/authorizerdev/authorizer-react" rel="noopener noreferrer">https://github.com/authorizerdev/authorizer-react</a></p> <p>Javascript SDK: <a href="https://github.com/authorizerdev/authorizer-js" rel="noopener noreferrer">https://github.com/authorizerdev/authorizer-js</a></p> <p>Youtube: <a href="https://youtube.com/playlist?list=PLSQGbUjHc6bpaAgCiQPzNxiUPr7SkDAFR" rel="noopener noreferrer">https://youtube.com/playlist?list=PLSQGbUjHc6bpaAgCiQPzNxiUPr7SkDAFR</a> </p> <p>Examples: <a href="https://github.com/authorizerdev/examples/" rel="noopener noreferrer">https://github.com/authorizerdev/examples/</a></p> <p>Discord: <a href="https://discord.gg/Zv2D5h6kkK" rel="noopener noreferrer">https://discord.gg/Zv2D5h6kkK</a></p> <p>Github Sponsorship: <a href="https://github.com/sponsors/authorizerdev/" rel="noopener noreferrer">https://github.com/sponsors/authorizerdev/</a></p> <p>Buy me Coffee: <a href="https://www.buymeacoffee.com/lakhansamani" rel="noopener noreferrer">https://www.buymeacoffee.com/lakhansamani</a></p> authorizer javascript authentication authorization