A production-ready, scalable web application built with Go, following industry best practices and clean architecture principles.
- RESTful API with JSON responses and health check endpoints
- Template Rendering using Go's
html/templatepackage with intelligent caching - Session Management using industry-standard
alexedwards/scswith secure cookie-based sessions - CSRF Protection with cryptographically secure token generation and validation
- Security Headers middleware for XSS, clickjacking, and content-type protection
- Request Logging with rotating log files (size and age-based rotation)
- Clean Architecture with separation of concerns (cmd, pkg, internal)
- Production-Ready with configurable timeouts, error handling, and environment modes
- Modular Design with reusable packages and components
- Go 1.25.5 or higher
- Git
# Clone the repository
git clone https://github.com/dunky-star/modern-webapp-golang.git
cd modern-webapp-golang
# Install dependencies
go mod download
# Build the application
go build -o bin/api ./cmd/api
# Run the application
./bin/api# Run with default settings (port 3000)
go run ./cmd/api
# Run with custom port
go run ./cmd/api -port=8080
# Run in production mode
go run ./cmd/api -port=3000 -env=prodmodern-webapp-golang/
├── cmd/
│ └── api/ # Application entry point (handlers, routes, middleware, CSRF)
├── pkg/
│ └── render/ # Reusable template rendering package
├── internal/
│ └── data/ # Internal application packages (template data structures)
├── web/ # HTML templates
├── output/
│ └── logs/ # Rotating access logs
└── go.mod # Go module definition
| Method | Endpoint | Description |
|---|---|---|
GET |
/ |
Home page |
GET |
/v1/health |
Health check with uptime and status |
GET |
/v1/about |
About page |
GET |
/favicon.ico |
Favicon handler |
Version: 1.0.0
{
"status": "available",
"uptime": "2h15m30s",
"timestamp": "2025-01-02T22:30:00Z"
}This project follows the Standard Go Project Layout:
cmd/- Main applications for this projectpkg/- Library code that's ok to use by external applicationsinternal/- Private application and library codeweb/- Web assets and templatesoutput/- Generated output files (logs, etc.)
The application supports the following command-line flags:
-port- Server port (default: 3000)-env- Environment mode:dev,stage, orprod(default:dev)
dev- Development mode: templates reload on every request, logs to console and filestage- Staging mode: template caching enabled, logs to file onlyprod- Production mode: template caching enabled, secure cookies, logs to file only
The application uses a layered middleware approach (applied in order):
- Security Headers - Adds security headers (X-Content-Type-Options, X-Frame-Options, X-XSS-Protection, Referrer-Policy) to all responses
- Request Logging - Logs all HTTP requests to
output/logs/access.logwith rotating files (5MB/2 weeks max) - Session Management - Cookie-based sessions using
alexedwards/scs/v2with 24-hour lifetime and secure, HTTP-only cookies - CSRF Protection - Validates CSRF tokens (32-byte, constant-time comparison) for non-safe HTTP methods
- CSRF Token Generation - Generates and injects tokens into templates for GET requests
Additional Features:
- Template System: Caching in production, auto-reload in dev, automatic CSRF token injection, HTML escaping
- Logging: Structured logging with timestamps, separate loggers for application events and HTTP requests
- HTTP Timeouts:
- Read timeout: 10 seconds
- Write timeout: 30 seconds
- Idle timeout: 1 minute
- Error Handling: Comprehensive error handling and logging
- Environment-Aware: Different behaviors for dev, stage, and prod environments
This project is licensed under the MIT License - see the LICENSE file for details.
Dunky Star
- GitHub: @dunky-star
Contributions, issues, and feature requests are welcome! Feel free to check the issues page.
⭐ Star this repo if you find it helpful!