A Random API key generator/validator.
This can sit in the private layer without public access, other applications talks to it.
Steps:
- Every response from the web application, before serving back the response, request a key from keymaker
- Keymaker returns with a key
- Web application serves up the response with the generated key
- Client has the API url and the key, makes the request to the API
- API validates the key with keymaker
- if key valid, return the request
- if key invalid, ignore the request
- Client gets their response from the API, if key valid
Currently, it is using Go version 1.8
- air - simple http server, route handler
- beego/orm - Database ORM
- go-sqlite3 - Go sqlite library (this data store could be swap out)
- go-flow - workflow for goroutine
- keymaker.go - Everything is written in one file, could be refactored
- init - initialize the application
- main - the main application, triggers the application to run
- keygetter - main function for the /get http request
- keyvalidate - main function for the /validate http request
- RandStringBytesMaskImprSrc - Random Hash Generator
- newKeyWorker - workflow goroutine, this function is called with a goroutine and will follow the workflow of active, inactive, killed
- Active - This is when the random key is first generated, it gets stored in the database with the active status
- Inactive - This is when 30 seconds have passed after it has been active, we disable the key and make it invalid
- Killed - This is when 60 seconds have passed after it has been active, we remove the key from the database, cleaning things up
Please contact me with regards to implementation and details