DEV Community: Marcos Fonseca

Nem todo dev quer ser CTO, e tudo bem!

Marcos Fonseca — Tue, 21 Nov 2023 09:53:13 +0000

Eu sei, isso pode parecer estranho vindo de alguém envolvido no mundo tech, mas se você, como desenvolvedor(a), está pensando em se tornar sócio(a) de uma startup e assumir o papel de diretor(a) técnico(a), por favor, leia até o final.

Entenda que ser CTO vai muito além de habilidades técnicas. Demanda anos de experiência em tecnologia e, crucialmente, em gestão e liderança. Você precisará tomar decisões difíceis quase que diariamente, o tempo todo, desde contratações até mesmo a difícil tarefa de demitir pessoas.

A diferença entre ser um profissional sênior e um CTO é absurdamente grande. Imagine gerenciar uma operação que funciona 24/7, com a responsabilidade de supervisionar todas as áreas. Mesmo tendo uma ou mais equipes abaixo de você, essas preocupações, principalmente técnicas, serão suas também.

Além de todas as questões de desenvolvimento e produto, você terá que lidar com questões críticas como:

🚩 Segurança: Proteger a empresa contra ameaças e garantir a segurança de dados.

🚩 Performance e Disponibilidade do Sistema: Assegurar que os sistemas estejam sempre funcionando eficientemente.

🚩 Gestão de Equipe e Cultura: Desenvolver uma cultura que promova inovação e gerenciar as dinâmicas da equipe.

🚩 Estratégia Tecnológica e Inovação: Definir a direção tecnológica da empresa e incorporar inovações.

🚩 Alocação de Recursos: Gerenciar recursos de forma eficaz para maximizar o retorno.

🚩 Compliance e Regulamentações: Assegurar que a empresa esteja em conformidade com leis e regulamentos.

🚩 Comunicação: Manter uma comunicação clara e eficaz com outros diretores, stakeholders e a equipe.

Além disso, você precisará focar no desenvolvimento da equipe, abordando aspectos como competências, objetivos individuais, aprendizado contínuo, mentoria, feedback e progressão de carreira, etc.

É muita coisa. Acha que acabou?

Entrar em uma startup como sócio também traz seus desafios, como a possibilidade de opressão ao minoritário e abuso de poder. É fundamental ter contratos sólidos e conhecer bem seus futuros sócios.

Entenda, o objetivo não é desmotivar, mas sim alertar sobre pontos que talvez você não esteja refletindo agora.

Mas, se você optar por não seguir um caminho de gestão, lembre-se de que há muitos outros caminhos possíveis na área de desenvolvimento de software, desde desenvolvedor júnior até engenheiro fellow, cada um com suas próprias responsabilidades e oportunidades de crescimento.

Como CTO, você será o ponto central por trás da visão e estratégia tecnológica da empresa, um papel que exige não apenas habilidade, mas uma verdadeira paixão por liderança e inovação, além de muito jogo de cintura para lidar com situações adversas.

Independentemente do caminho que escolher, esteja preparado(a) para os desafios e recompensas que cada nível traz. Não existe um caminho certo ou errado; existe o que você deseja no momento.

If you're a developer and care about code quality, here are some tips for you

Marcos Fonseca — Sat, 30 Sep 2023 19:29:37 +0000

Ever had that nagging feeling when looking at someone else's code, realizing they missed some basic concepts? To sidestep that, when you're coding, make sure you're following these principles:

💻 Readable Code: Write so that your peers can easily understand. Remember: we often spend more time reading code than writing it. Don't be the one who confuses everyone.

⏱ Variable and Function Naming: Pick clear and descriptive names. If a variable signifies a duration, "duration" is way clearer than just "d". Steer clear of ambiguity.

🙅🏾‍♂️ Small and Focused Functions: Keep your functions short with a single purpose. They'll be more comprehensible, easy to test, and reusable.

Regarding function arguments, less truly is more. Ideally, go without; but when necessary, cap it at three. No one's a fan of convoluted functions, but yes, there are always exceptions.

Steer clear of functions with unpredictable side effects. A function should deliver exactly what it promises.

On the topic of classes, adhere to the single responsibility principle. It'll save you headaches down the road.

Avoid unnecessary comments. Your code should speak for itself. If you're explaining too much in comments, you might need to rethink something.

Proper error handling is a must. Stay true to best practices and avoid vague returns. Your team will be grateful.

Leaving behind dead (unused) code? It's akin to a messy room. Keep your coding space neat.

✅ Uniform formatting is akin to maintaining a professional demeanor, much like adhering to a dress code.

Never doubt that the caliber of your code mirrors your prowess as a developer. Stand tall, champion quality, and let your professionalism shine through.

Building JWT Authentication in Go: A guide with middleware and helper packages

Marcos Fonseca — Wed, 19 Jul 2023 19:27:12 +0000

In this project, we dive deeply into one of the most critical aspects of any web application: authentication. However, instead of taking the more traditional route, we explore the implementation of JWT authentication in Go, a modern and secure approach to keeping our users authenticated.

The JSON Web Token (JWT) provides a robust and scalable method for handling user authentication and the secure transmission of information between parties. We use the "github.com/golang-jwt/jwt/v4" package to handle the creation and validation of our tokens.

A highlight of the project is the use of middleware to handle the authentication of each request. This allowed the authentication logic to be separated from the rest of the code, improving readability and maintenance.

In addition, we used a variety of helper packages to optimize our application. The Gorilla Mux router, "github.com/gorilla/mux", provides flexible and powerful HTTP request routing. The "github.com/joho/godotenv" package is used for managing environment variables, simplifying the configuration across different development environments.

We adopted "github.com/sirupsen/logrus" to handle server logs, providing flexibility for logging debug events, errors, and general information.

This project is an excellent reference for developers looking to understand how to implement JWT authentication in Go, offering a detailed view of how these concepts can be used in practice. Furthermore, it demonstrates the power of middleware in separating responsibilities and creating clean, easy-to-maintain code.

JWT Auth Server

This is a simple authentication server in Golang using JWT (JSON Web Tokens) for user authentication. The project is made up of different routes and handlers for signing in, welcoming, refreshing token, and logging out.

Methods

main()

This is the entry point for the server. It sets up the log format, loads environment variables from the .env file, initializes a router, sets up routes, and starts the server.

Welcome(w http.ResponseWriter, r *http.Request)

This handler is responsible for welcoming the user. It fetches a token from the cookie, verifies the token's validity, extracts the claims, and returns a welcome message to the user.

Signin(w http.ResponseWriter, r *http.Request)

This handler is responsible for logging the user in. It reads credentials from the request body, validates these credentials, creates a JWT token, and returns it in a cookie.

Refresh(w http.ResponseWriter, r *http.Request)

This handler is responsible for refreshing the user's JWT token. It fetches the token from the cookie, verifies its validity, creates a new token, and returns it in a cookie.

Logout(w http.ResponseWriter, r *http.Request)

This handler is responsible for logging the user out. It simply removes the cookie, effectively invalidating the user's JWT token.

AuthenticationMiddleware(next http.Handler) http.Handler

This middleware is responsible for verifying the user's authentication. It's used on routes that require authentication.

Installation Instructions

First, clone the repository with git clone.

Then, at the root of the project, create a .env file with the secret key for the JWT like so: JWT_KEY=yoursecretkey.

Run the command go build to compile the code.

Finally, run the command ./yourfilename to start the server.

Testing Instructions

Use a tool like Postman or cURL to make a POST request to localhost:8080/signin with a JSON body containing username and password. You should receive a cookie with a JWT token.

{
    "username": "admin",
    "password": "123456"
}

Make a GET request to localhost:8080/welcome with the JWT token you received. You should receive a welcome message with the username.

Make a POST request to localhost:8080/refresh with the JWT token to receive a new token.

Make a GET request to localhost:8080/logout to invalidate the token.

The following packages are used in this application:

"net/http": This is a native Go package that provides HTTP client and server implementations.
"github.com/golang-jwt/jwt/v4": This package provides the implementation of JWTs (JSON Web Tokens), which are used for user authentication.
"github.com/gorilla/mux": This package is a powerful URL router and dispatcher. It's used to route incoming HTTP requests to their corresponding handler functions.
"github.com/joho/godotenv": This package is used to read environment variables from a .env file, which is a common method for configuration in development environments.
"encoding/json": This is a native Go package that's used for encoding and decoding JSON.
"os" and "time": These are native Go packages used for operating system functionality and time manipulation respectively.
"github.com/sirupsen/logrus": This package is a flexible logging library. It's used for logging debug information, errors, and general server events.

All code is available at https://github.com/mffonseca/golang-jwt-authentication