Chirpy

A simple Twitter-like API built with Go, PostgreSQL, and JWT authentication.

Features

• 🔐 JWT-based authentication with refresh tokens
• 📝 Create, read, and delete chirps (tweets)
• 👤 User management (create, update)
• 🔄 Token refresh and revocation
• 🛡️ Password hashing with Argon2id
• 📊 Admin metrics endpoint
• ✅ Integration tests

Tech Stack

• Language: Go 1.25+
• Database: PostgreSQL
• Authentication: JWT (JSON Web Tokens)
• Password Hashing: Argon2id
• SQL Code Generation: sqlc
• Migrations: goose

Project Structure

chirpy/
├── internal/
│   ├── api/          # HTTP handlers and routes
│   │   ├── auth.go   # Authentication handlers
│   │   ├── chirps.go # Chirp CRUD handlers
│   │   ├── users.go  # User management handlers
│   │   └── ...
│   ├── auth/         # Authentication utilities
│   └── database/     # Generated database code (sqlc)
├── sql/
│   ├── schema/       # Database migrations
│   └── queries/      # SQL queries for sqlc
├── main.go           # Application entry point
└── Makefile          # Build and development commands

Prerequisites

• Go 1.25 or higher
• PostgreSQL 12+
• Make (optional, for using Makefile commands)

Installation

1. Clone the repository:

git clone <repository-url>
cd chirpy

2. Install dependencies:

go mod download

3. Set up PostgreSQL database:

createdb chirpy

4. Create a .env file in the root directory:

DB_URL=postgres://username:password@localhost:5432/chirpy?sslmode=disable
JWT_SECRET=your-secret-key-here
PLATFORM=development

5. Run database migrations:

make migration-up

6. Generate database code:

make gen

Running the Application

Start the server:

go run .

The server will start on http://localhost:8080

API Endpoints

Health Check

• GET /api/healthz - Health check endpoint

Authentication

• POST /api/users - Create a new user

  {
    "email": "user@example.com",
    "password": "password123"
  }

• POST /api/login - Login and get tokens

  {
    "email": "user@example.com",
    "password": "password123"
  }

  Returns: token (access token) and refresh_token

• POST /api/refresh - Refresh access token Headers: Authorization: Bearer <refresh_token> Returns: new token

• POST /api/revoke - Revoke refresh token Headers: Authorization: Bearer <refresh_token>

Chirps

• GET /api/chirps - Get all chirps
• GET /api/chirps/{id} - Get a specific chirp
• POST /api/chirps - Create a new chirp (requires authentication)

  {
    "body": "Your chirp text here"
  }

• DELETE /api/chirps/{chirpID} - Delete a chirp (requires authentication, owner only)

Users

• PUT /api/users - Update user (requires authentication)

  {
    "email": "newemail@example.com",
    "password": "newpassword123"
  }

Admin

• GET /admin/metrics - Get server metrics
• POST /admin/reset - Reset database (development only)

Development

Available Make Commands

# Run database migrations
make migration-up
make migration-down

# Generate database code from SQL queries
make gen

# Run all tests
make test

# Run API integration tests
make test-api

Running Tests

Integration tests require a test database. Set the TEST_DB_URL environment variable:

TEST_DB_URL="postgres://user:pass@localhost:5432/chirpy_test?sslmode=disable" go test -v ./internal/api

Or use the Makefile command:

make test-api

Database Schema

The application uses PostgreSQL with the following main tables:

• users - User accounts
• chirps - Chirp posts
• refresh_tokens - Refresh tokens for authentication

See sql/schema/ for migration files.

Security Features

• Passwords are hashed using Argon2id
• JWT tokens with expiration
• Refresh token rotation
• Token revocation support
• SQL injection protection via sqlc (type-safe queries)

License

MIT