Skip to content

shubh1855/chirpy-api

Repository files navigation

A Twitter-like social media backend built with Go and PostgreSQL.

Go Version Release CI License Last Commit


Overview

Chirpy API is a production-style REST backend inspired by Twitter. The project was built as part of the Boot.dev Backend Path and expanded into a complete social media API featuring authentication, authorization, refresh tokens, webhooks, and PostgreSQL persistence.

The project demonstrates modern backend engineering practices in Go, including:

  • JWT authentication and authorization
  • Refresh token sessions
  • Argon2 password hashing
  • Type-safe database queries with SQLC
  • Database migrations with Goose
  • Webhook integrations
  • Automated releases with GitHub Actions RESTful API design

Features

Authentication & Security

  • User registration
  • User login
  • Argon2 password hashing
  • JWT access tokens
  • Refresh token authentication
  • Refresh token revocation
  • Protected endpoints
  • Resource ownership authorization

Chirps

  • Create chirps
  • Retrieve all chirps
  • Retrieve a chirp by ID
  • Delete chirps
  • Filter chirps by author
  • Sort chirps by creation date
  • Profanity filtering

User Management

  • Register users
  • Update email and password
  • Chirpy Red memberships

Admin

  • Health check endpoint
  • Metrics endpoint
  • Development reset endpoint

Integrations

  • Polka webhook integration
  • API key authentication for webhooks

Tech Stack

Category Technology
Language Go
Database PostgreSQL
Authentication JWT
Password Hashing Argon2id
Query Generation SQLC
Database Migrations Goose
CI/CD GitHub Actions
API Style REST

Architecture

Client
   │
   ▼
REST API (Go)
   │
   ├── Authentication (JWT + Refresh Tokens)
   ├── Business Logic
   ├── Webhooks
   └── PostgreSQL

Project Structure

.
├── assets
│   └── logo.png
├── internal
│   ├── auth
│   │   ├── apikey.go
│   │   ├── bearer.go
│   │   ├── jwt.go
│   │   ├── passwords.go
│   │   └── refresh.go
│   └── database
│       ├── chirps.sql.go
│       ├── refresh_tokens.sql.go
│       ├── users.sql.go
│       └── models.go
├── sql
│   ├── queries
│   └── schema
├── main.go
├── go.mod
├── sqlc.yaml
└── README.md

Requirements

  • Go 1.26+
  • PostgreSQL
  • SQLC
  • Goose

Environment Variables

Create a .env file:

DB_URL=postgres://postgres:postgres@localhost:5432/chirpy?sslmode=disable

JWT_SECRET=your-super-secret-jwt-key

POLKA_KEY=f271c81ff7084ee5b99a5091b42d486e

PLATFORM=dev

Important

Never commit your real .env file. Create a .env.example file and commit that instead.


Installation

Clone the Repository

git clone https://github.com/shubh1855/chirpy-api.git
cd chirpy-api

Install Dependencies

go mod download

Create the Database

CREATE DATABASE chirpy;

Run Migrations

goose postgres "$DB_URL" up

Generate SQLC Code

sqlc generate

Start the Server

go run .

The server will be available at:

http://localhost:8080

Running Tests

go test ./...

API Summary

Method Endpoint Description
POST /api/users Register a user
POST /api/login Login
POST /api/refresh Refresh access token
POST /api/revoke Revoke refresh token
PUT /api/users Update user
POST /api/chirps Create chirp
GET /api/chirps Get all chirps
GET /api/chirps/{chirpID} Get chirp by ID
DELETE /api/chirps/{chirpID} Delete chirp
POST /api/polka/webhooks Process webhook
GET /api/healthz Health check
GET /admin/metrics Metrics
POST /admin/reset Reset database (dev only)

API Reference

Authentication

Register User

POST /api/users

Request:

{
  "email": "[email protected]",
  "password": "super-secret-password"
}

Response:

{
  "id": "uuid",
  "created_at": "2025-01-01T00:00:00Z",
  "updated_at": "2025-01-01T00:00:00Z",
  "email": "[email protected]",
  "is_chirpy_red": false
}

Login

POST /api/login

Request:

{
  "email": "[email protected]",
  "password": "super-secret-password"
}

Response:

{
  "id": "uuid",
  "created_at": "2025-01-01T00:00:00Z",
  "updated_at": "2025-01-01T00:00:00Z",
  "email": "[email protected]",
  "is_chirpy_red": false,
  "token": "<jwt>",
  "refresh_token": "<refresh-token>"
}

Refresh Access Token

POST /api/refresh

Headers:

Authorization: Bearer <refresh-token>

Response:

{
  "token": "<new-jwt>"
}

Revoke Refresh Token

POST /api/revoke

Headers:

Authorization: Bearer <refresh-token>

Response:

204 No Content

Users

Update User

PUT /api/users

Headers:

Authorization: Bearer <jwt>

Request:

{
  "email": "[email protected]",
  "password": "new-password"
}

Response:

{
  "id": "uuid",
  "created_at": "2025-01-01T00:00:00Z",
  "updated_at": "2025-01-02T00:00:00Z",
  "email": "[email protected]",
  "is_chirpy_red": false
}

Chirps

Create Chirp

POST /api/chirps

Headers:

Authorization: Bearer <jwt>

Request:

{
  "body": "Hello Chirpy!"
}

Response:

{
  "id": "uuid",
  "created_at": "2025-01-01T00:00:00Z",
  "updated_at": "2025-01-01T00:00:00Z",
  "body": "Hello Chirpy!",
  "user_id": "uuid"
}

Get All Chirps

GET /api/chirps

Optional query parameters:

author_id=<user-id>
sort=asc
sort=desc

Examples:

GET /api/chirps
GET /api/chirps?sort=desc
GET /api/chirps?author_id=<user-id>
GET /api/chirps?author_id=<user-id>&sort=desc

Get Chirp By ID

GET /api/chirps/{chirpID}

Delete Chirp

DELETE /api/chirps/{chirpID}

Headers:

Authorization: Bearer <jwt>

Responses:

204 No Content
403 Forbidden
404 Not Found

Admin Endpoints

Health Check

GET /api/healthz

Response:

OK

Metrics

GET /admin/metrics

Returns an HTML page showing application metrics.


Reset

POST /admin/reset

Development mode only.


Polka Webhooks

Upgrade User to Chirpy Red

POST /api/polka/webhooks

Headers:

Authorization: ApiKey <polka-api-key>

Request:

{
  "event": "user.upgraded",
  "data": {
    "user_id": "uuid"
  }
}

Response:

204 No Content

Authentication Schemes

JWT Access Tokens

Authorization: Bearer <jwt>

Used for:

  • Creating chirps
  • Updating users
  • Deleting chirps

Refresh Tokens

Authorization: Bearer <refresh-token>

Used for:

  • Refreshing access tokens
  • Revoking refresh tokens

Polka API Keys

Authorization: ApiKey <polka-key>

Used for:

  • Webhook authentication

CI/CD

The project uses GitHub Actions for automated releases.

Every merge into the release branch:

  • Runs tests
  • Builds the application
  • Generates the next semantic version
  • Creates a GitHub Release
  • Publishes release binaries

Roadmap

  • Chirp editing
  • Pagination
  • Rate limiting
  • Docker support
  • OpenAPI/Swagger documentation
  • Structured logging
  • Role-based authorization

License

This project was built as part of the Boot.dev Backend Development curriculum and expanded into a complete REST API backend in Go.

About

A Twitter-like REST API backend in Go featuring JWT authentication, refresh tokens, PostgreSQL, SQLC, Goose migrations, and webhook integrations.

Resources

Stars

0 stars

Watchers

0 watching

Forks

Packages

 
 
 

Contributors