Initial Goa proof of concept

[thefirstofthe300]

Please feel free to critique the crap out of it. Right now, it has no interaction with a database, partially because I wanted to get this out there for people to start poking at and partly because I know that will take me a while.

I'm using github.com/golang/dep for dependency management since it now has stable toml and lock file formats as well as having the weight of the core Golang team.

Based on my reading, the initial auth flow should be easy enough to spec out with Goa, so that's a plus. Overall, I am liking Goa and think it has most of what we want/need, not that I should be the judge of these things (lack of experience is killer). :P

[thefirstofthe300]

So I'm up to having a basic auth scheme implemented. Right now, instead of granting or denying access based on username and password, it will only log the username and password that are passed in the HTTP headers. It's just a matter of logic so I don't see a need to add it for a POC (the concept is proved).

Next up is authorizing and denying access to certain endpoints based on authorization level using JWTs. Given Goa's library support, it seems fairly straightforward.

[thefirstofthe300]

With the most recent commit, this is now a full fix for #8.

[thefirstofthe300]

This would also partially address #5

[thefirstofthe300]

@eriknelson you had a chance to look at this yet?

[eriknelson]

Haven't had a chance to delve into this in-depth, but going to merge nonetheless. I'm very interested in seeing demos of various relationship types between models and how those work with clients. Could consider that a next step.

[thefirstofthe300]

Could you spin this into a new bug for discussion? I'm not quite seeing exactly what you are talking about. Plus, a bug gives me a scratchpad/discussion forum for how to work it out. :)

[eriknelson]

@thefirstofthe300 yep, will flesh that out in an issue and tag you.