Learning project — building an HTTP server from scratch in Go. No frameworks, just the standard library + a few packages for auth.
It's a mini social network called Chirpy: users, short posts (chirps), JWT auth, and a fake payment webhook.
net/http— router and file server- PostgreSQL +
sqlc— type-safe DB queries argon2id— password hashing- JWT (HS256) — access tokens
Create a .env file:
DB_URL=postgres://postgres:postgres@localhost:5432/chirpy?sslmode=disable
PLATFORM=dev
API_SECRET=your-secret-here
POLKA_KEY=your-polka-key-hereThen:
go run .
# listening on :8080GET /api/healthz health check
POST /api/users create user
POST /api/login login → JWT + refresh token
POST /api/refresh get new access token
POST /api/revoke revoke refresh token
PUT /api/users update email/password [JWT]
POST /api/chirps create chirp (max 140 chars) [JWT]
GET /api/chirps list all chirps
GET /api/chirps/{id} get one chirp
DELETE /api/chirps/{id} delete own chirp [JWT]
POST /api/polka/webhooks upgrade user to Chirpy Red [ApiKey]
GET /admin/metrics hit counter
POST /admin/reset wipe users + reset counter (dev only)
go test ./...Covers the auth package — hashing, JWT signing/validation, expiry, wrong secrets.