A simplified Role-Based Access Control (RBAC) system built with Go and MongoDB featuring multi-tenancy, organization management, and third-party authentication.
This RBAC system provides a lightweight alternative to more complex systems like Keycloak, focusing on core identity and access management capabilities. It's designed to be easily integrable with web applications while maintaining a small footprint.
- User Management: Create, read, update, and delete users
- Role-Based Access Control: Define and manage roles with specific permissions
- Organization Multi-tenancy: Support for multiple organizations with isolated resources
- Authentication:
- Local username/password authentication
- Third-party OAuth (Google, GitHub)
- JWT-based Authorization: Securely manage sessions with JSON Web Tokens
- RESTful API: Modern API design following REST principles
- React Frontend: Clean and intuitive user interface built with React and Tailwind CSS
- Language: Go 1.23+
- Web Framework: Fiber
- Database: MongoDB
- Authentication: JWT, OAuth2 (via Goth library)
- Documentation: OpenAPI (Swagger)
- Framework: React with TypeScript
- State Management: React Context API
- Styling: Tailwind CSS
- HTTP Client: Axios
- Routing: React Router
.
├── config/ # Application configuration
├── database/ # Database connection and utilities
├── frontend/ # React frontend application
│ ├── public/ # Static assets
│ └── src/ # React source code
│ ├── components/ # Reusable UI components
│ ├── context/ # React context providers
│ ├── pages/ # Page components
│ ├── services/ # API services
│ └── types/ # TypeScript type definitions
├── handlers/ # HTTP request handlers
├── middleware/ # HTTP middleware
├── models/ # Data models
├── routes/ # API route definitions
├── scripts/ # Utility scripts
├── services/ # Business logic
└── utils/ # Helper functions
- Go 1.23 or later
- Node.js 18 or later
- MongoDB instance (local or Atlas)
Create a .env file in the root directory with the following variables:
PORT=5000
MONGO_URI=your_mongodb_connection_string
DATABASE_NAME=rbac_system
JWT_SECRET=your_secure_jwt_secret_key
JWT_EXPIRATION_HOURS=24
CORS_ALLOW_ORIGINS=*
# OAuth2 credentials (optional)
GOOGLE_CLIENT_ID=your_google_client_id
GOOGLE_CLIENT_SECRET=your_google_client_secret
GITHUB_CLIENT_ID=your_github_client_id
GITHUB_CLIENT_SECRET=your_github_client_secret
-
Clone the repository:
git clone https://github.com/yourusername/rbac-system.git cd rbac-system -
Install backend dependencies:
go mod download
-
Install frontend dependencies:
cd frontend npm install cd ..
-
Build the frontend:
cd frontend npm run build cd ..
-
Start the application:
go run main.go
The application will be accessible at http://localhost:5000.
For detailed documentation, please check the following:
- API Documentation - Detailed API reference for all endpoints
- Architecture Guide - System design and component architecture
- Integration Guide - How to integrate with other applications
- Contributing Guide - Guidelines for contributing to the project
The above documentation provides comprehensive details about the system. Below is a brief overview of the available API endpoints.
{
"id": "string",
"username": "string",
"email": "string",
"firstName": "string",
"lastName": "string",
"active": "boolean",
"emailVerified": "boolean",
"roleIds": ["string"],
"organizationIds": ["string"],
"authProvider": "string",
"createdAt": "string",
"updatedAt": "string",
"lastLogin": "string"
}{
"id": "string",
"name": "string",
"description": "string",
"organizationId": "string",
"permissionIds": ["string"],
"isSystemDefault": "boolean",
"createdAt": "string",
"updatedAt": "string"
}{
"id": "string",
"name": "string",
"description": "string",
"resource": "string",
"action": "string",
"organizationId": "string",
"isSystemDefault": "boolean",
"createdAt": "string",
"updatedAt": "string"
}{
"id": "string",
"name": "string",
"description": "string",
"domain": "string",
"active": "boolean",
"adminIds": ["string"],
"createdAt": "string",
"updatedAt": "string"
}- All endpoints (except authentication) require a valid JWT token.
- Passwords are hashed using bcrypt before storage.
- Role-based authorization limits access to sensitive operations.
- API requests are validated to prevent injection attacks.
- Cross-Origin Resource Sharing (CORS) is configured to restrict unauthorized domains.
Start the frontend development server:
cd frontend
npm startThis will start the React development server on port 3000 with hot reloading.
For hot reloading during backend development, you can use tools like Air:
airRun backend tests:
go test ./...Run frontend tests:
cd frontend
npm testThe application can be deployed as a single binary with the frontend assets embedded.
-
Build the frontend:
cd frontend npm run build cd ..
-
Build the Go application:
go build -o rbac-system
-
Deploy the binary along with your
.envfile to your server.
- Define new permission constants in
models/permission.go - Create migration scripts to add these permissions to the database
- Update relevant handlers to check for these permissions
- Add the provider's configuration to the
.envfile - Import the provider from the Goth library in
handlers/auth_handler.go - Add the provider to the
goth.UseProviders()call in theNewAuthHandlerfunction - Create new handler methods for the OAuth flow
- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add some amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
This project is licensed under the MIT License - see the LICENSE file for details.
- Fiber - Express-inspired web framework for Go
- Goth - Multi-provider authentication for Go
- MongoDB Go Driver - Official MongoDB driver for Go
- React - JavaScript library for building user interfaces
- Tailwind CSS - Utility-first CSS framework