Generate a Go Server with JWT Authorisation using OpenAPI 3

While the OpenAPI standard allows for defining JWT authorisation for endpoints, the Go server generator which is part of the OpenAPI Generator does not support that specification and will nto generate any JWT authorisation code. However, despite the generator having a few limitations, most of the code generation comes down to processing Mustache templates which can be exported and modified. This post will go through the process of creating templates which introduce selective JWT authorisation step by step. Continue reading

Static website in S3 with Password Protection

Coming from Apache or NginX, you would think of adding password protection to a static website as a trivial problem. All you do is generate a file containing usernames and password hashes and then reference it in the web server configuration or (in Apache) possible a .htaccess file. Unfortunately, adding password protection to a static website hosted in AWS S3 behind CloudFront isn’t quite as simple. You will have to use a Lambda which authenticates and passes through the request or rejects it as unauthorised. Continue reading