Web application backend authentication and interaction

Question

I'm currently writing a Web application backend in Go. What is the best way to make some kind of API available for a standard jQuery AJAX frontend to interact with my backend?

Right now, I have some functions that accept some data, perform operations, and return other data, but where exactly should I go from there? I have a vague idea of listening in on some port for a JSON-encoded function call and returning the JSON-encoded output of that function, but (if this is a good way of accomplishing this) what is the best way of accomplishing this?

Furthermore, how exactly should I handle a login system and/or authentication with Go/AJAX? Would it make sense to return some unique hash key for that user, (save it to a cookie if persistent login is selected,) store that key in memory, and send that key as a parameter of every JSON-encoded function call sent to the server? Or, is there a better way of accomplishing this (I'm not knowledgeable on login systems) or possibly a solution already developed for Go?

Answer 1

Goajax is a JSON-RPC package for go. The style is somewhat you pass it function names and parameters via JSON, and it returns JSON as answer.

Personally though, I prefer REST-services. REST uses standard web technologies, especially HTTP and URI for passing resources and what to do on them. JSON is very efficient for this as well. For a REST-service, there is the rest.go library (also, a fork).

For authentification, you may want to look at authcookie. "implements creation and verification of signed authentication cookies."

Using an auth-hash via cookie (or param as alternative) is a common way. Make sure you are aware though, that you make them secure. Use HTTPS to prevent eavesdropping (WLANs, pub-nets, man-in-the-middles). How you first validate them depends on what you’re actually doing. Also make sure to think about session lifetimes.