|
| 1 | +# Authula Project Guidelines |
| 2 | + |
| 3 | +**Authula** is an open-source authentication solution that scales with you. Embed it as a library in your Go app, or run it as a standalone auth server with any tech stack. It simplifies adding robust authentication to backend services, empowering developers to build secure applications faster. |
| 4 | + |
| 5 | +--- |
| 6 | + |
| 7 | +## Code Style Guide |
| 8 | + |
| 9 | +- Always write clean code that is easy to read and maintain. |
| 10 | +- Follow consistent naming conventions for variables, functions, and structs. |
| 11 | +- Include comments where necessary to explain complex logic. DO NOT write comments for every line of code, only for parts that are not immediately clear. The code should be self-explanatory as much as possible. |
| 12 | +- Ensure proper error handling throughout the codebase. |
| 13 | +- Follow best practices and concepts from SOLID principles for better software design. |
| 14 | +- Use Go modules for dependency management. |
| 15 | +- Adhere to idiomatic Go practices as outlined in the official Go documentation. |
| 16 | +- Use `gofmt` to format your code and run `make lint` and fix any linting errors before committing. |
| 17 | +- Avoid global variables unless absolutely necessary. |
| 18 | +- Use interfaces to define behavior and promote decoupling. Never code to implementations. When writing services, make sure they implement an interface of a repository e.g. `UserService` imports `UserRepository`. This ensures that the service can be easily tested and swapped out with different implementations if needed. |
| 19 | +- For other services, define interfaces in the `interfaces.go` file within the `services` package and implement them in separate files just like the password service is an interface which has an argon2 implementation. So now it can easily be swapped out for another implementation if needed without changing the rest of the code that depends on it. |
| 20 | + |
| 21 | +--- |
| 22 | + |
| 23 | +## Testing Guidelines |
| 24 | + |
| 25 | +- Write unit tests for as many components as possible to ensure reliability such as repositories, services and handlers as well as plugins. |
| 26 | +- Use descriptive names for test cases to clearly indicate their purpose. |
| 27 | +- Maintain a high level of code coverage to catch potential issues early. |
| 28 | +- A good way to ensure high quality code is to write unit tests first to outline the feature and behaviour you want before implementing it. Then implement the code to make the tests pass. Finally, refactor the code while ensuring all tests still pass. |
| 29 | +- Use table-driven tests to cover multiple scenarios in a concise manner. |
| 30 | +- Mock external dependencies to isolate the unit being tested. |
| 31 | +- Regularly run tests during development to catch issues early. |
| 32 | +- Run `make build` to ensure the project builds successfully after changes. |
| 33 | +- Then run `make test` to run all tests in the project. |
| 34 | + |
| 35 | +--- |
| 36 | + |
| 37 | +## Documentation Guidelines |
| 38 | + |
| 39 | +- Keep documentation up to date with code changes. |
| 40 | +- Use clear and concise language in documentation. |
| 41 | +- Include examples where applicable to illustrate usage. |
| 42 | +- Document public APIs, functions, and complex logic thoroughly. |
| 43 | +- Use markdown format for README files and other documentation. |
| 44 | +- Maintain a changelog to track significant changes and updates in the project. |
| 45 | +- Use inline code comments to explain non-obvious parts of the code. |
| 46 | +- When updating a feature, ensure that any related documentation is also updated to reflect the changes. |
| 47 | +- Create all docs in markdown format and within a top level docs/ directory. |
| 48 | + |
| 49 | +--- |
| 50 | + |
| 51 | +## Security Guidelines |
| 52 | + |
| 53 | +- Follow best practices for secure coding to prevent vulnerabilities. |
| 54 | +- Regularly review and update dependencies to address security issues. |
| 55 | +- Make sure to always follow defensive programming practices to prevent potential security breaches. |
| 56 | +- Use secure libraries and frameworks that are well-maintained and widely used in the community. |
| 57 | +- Implement proper authentication and authorization mechanisms to protect sensitive data and resources. |
| 58 | +- Take into account the principle of least privilege when designing access controls. |
| 59 | +- Always take into consideration edge cases and loopholes that could be exploited by attackers and implement safeguards against them. |
| 60 | + |
| 61 | +--- |
| 62 | + |
| 63 | +## Agent Skills |
| 64 | + |
| 65 | +Always follow the Agent Skills located in the folder `.github/skills/` as it contains all the skills and playbooks you need to follow to make sure you are adhering to the project guidelines and best practices. |
0 commit comments