This installment details implementing OTP delivery via Twilio, optimizing OTP sending asynchronously using goroutines, and establishing a robust token-based authentication system.
Sending OTPs with Twilio
The core function for sending OTPs using Twilio's messaging API is presented below:
func (app *application) sendOTPViaTwilio(otp, phoneNumber string) error {
client := twilio.NewRestClientWithParams(twilio.ClientParams{
Username: os.Getenv("TWILIO_SID"),
Password: os.Getenv("TWILIO_API_KEY"),
})
params := &api.CreateMessageParams{}
params.SetBody(fmt.Sprintf(
"Thank you for choosing Cheershare! Your one-time password is %v.",
otp,
))
params.SetFrom(os.Getenv("TWILIO_PHONE_NUMBER"))
params.SetTo(fmt.Sprintf("+91%v", phoneNumber))
const maxRetries = 3
var lastErr error
for attempt := 1; attempt <= maxRetries; attempt++ {
resp, err := client.SendSms(params)
if err == nil {
app.logger.Printf("Message SID: %s", resp.Sid)
return nil
}
lastErr = err
time.Sleep(time.Duration(attempt) * 100 * time.Millisecond)
}
return fmt.Errorf("failed to send OTP after %d retries: %w", maxRetries, lastErr)
}
This function utilizes Twilio's Go SDK to send messages. The from number is a pre-configured Twilio number. A retry mechanism is included for reliability.
Asynchronous OTP Sending with Goroutines
Sequential OTP sending hinders server performance. The solution involves utilizing goroutines to handle OTP delivery concurrently. The application struct is updated:
type application struct {
wg sync.WaitGroup
config config
models data.Models
logger *log.Logger
cache *redis.Client
}
A helper function facilitates background task execution:
func (app *application) background(fn func()) {
app.wg.Add(1)
go func() {
defer app.wg.Done()
defer func() {
if err := recover(); err != nil {
app.logger.Printf("Error in background function: %v\n", err)
}
}()
fn()
}()
}
This uses sync.WaitGroup to manage goroutines, ensuring completion before shutdown.
Database Token Table
A new database table is created to store user tokens:
-- 000002_create-token.up.sql
CREATE TABLE IF NOT EXISTS tokens (
hash bytea PRIMARY KEY,
user_id bigint NOT NULL REFERENCES users ON DELETE CASCADE,
expiry timestamp(0) with time zone NOT NULL,
scope text NOT NULL
);
-- 000002_create-token.down.sql
DROP TABLE IF EXISTS tokens;
This table stores hashed tokens, user IDs, expiry times, and token scopes. Database migration is performed using migrate.
Token Model and Functions
The data/models.go file includes functions for token generation, insertion, and retrieval:
// ... (other imports) ...
package data
// ... (other code) ...
func generateToken(userId int64, ttl time.Duration, scope string) (*Token, error) {
// ... (token generation logic) ...
}
func (m TokenModel) Insert(token *Token) error {
// ... (database insertion logic) ...
}
func (m TokenModel) DeleteAllForUser(scope string, userID int64) error {
// ... (database deletion logic) ...
}
func (m TokenModel) New(userId int64, ttl time.Duration, scope string) (*Token, error) {
// ... (token creation and insertion logic) ...
}
This code handles token creation, hashing, and database interaction. The New function creates and stores new tokens.
Signup Handler Updates
The cmd/api/user.go file's signup handler is modified to issue tokens upon successful OTP verification:
// ... (other functions) ...
func (app *application) handleUserSignupAndVerification(w http.ResponseWriter, r *http.Request) {
// ... (input parsing and validation) ...
// ... (OTP generation and sending logic) ...
// ... (OTP verification logic) ...
// ... (user creation or retrieval) ...
token, err := app.generateTokenForUser(user.ID)
if err != nil {
// ... (error handling) ...
}
// ... (success response with token) ...
}
This integrates token generation into the signup flow.
Middleware Layers
Three middleware layers enhance security and request handling: recoverPanic, authenticate, and requireAuthenticatedUser. These are implemented and applied to routes as shown in the original text. Context management functions (contextSetUser and contextGetUser) are used to store and retrieve user data within the request context.
The server configuration integrates these middlewares, and the example shows how to protect routes using requireAuthenticatedUser. Future enhancements include file uploading, graceful shutdown, and metrics integration. The complete code is available on GitHub.
The above is the detailed content of Build an OTP-Based Authentication Server with Go: Part 3. For more information, please follow other related articles on the PHP Chinese website!
Golang vs. Python: The Pros and ConsApr 21, 2025 am 12:17 AMGolangisidealforbuildingscalablesystemsduetoitsefficiencyandconcurrency,whilePythonexcelsinquickscriptinganddataanalysisduetoitssimplicityandvastecosystem.Golang'sdesignencouragesclean,readablecodeanditsgoroutinesenableefficientconcurrentoperations,t
Golang and C : Concurrency vs. Raw SpeedApr 21, 2025 am 12:16 AMGolang is better than C in concurrency, while C is better than Golang in raw speed. 1) Golang achieves efficient concurrency through goroutine and channel, which is suitable for handling a large number of concurrent tasks. 2)C Through compiler optimization and standard library, it provides high performance close to hardware, suitable for applications that require extreme optimization.
Why Use Golang? Benefits and Advantages ExplainedApr 21, 2025 am 12:15 AMReasons for choosing Golang include: 1) high concurrency performance, 2) static type system, 3) garbage collection mechanism, 4) rich standard libraries and ecosystems, which make it an ideal choice for developing efficient and reliable software.
Golang vs. C : Performance and Speed ComparisonApr 21, 2025 am 12:13 AMGolang is suitable for rapid development and concurrent scenarios, and C is suitable for scenarios where extreme performance and low-level control are required. 1) Golang improves performance through garbage collection and concurrency mechanisms, and is suitable for high-concurrency Web service development. 2) C achieves the ultimate performance through manual memory management and compiler optimization, and is suitable for embedded system development.
Is Golang Faster Than C ? Exploring the LimitsApr 20, 2025 am 12:19 AMGolang performs better in compilation time and concurrent processing, while C has more advantages in running speed and memory management. 1.Golang has fast compilation speed and is suitable for rapid development. 2.C runs fast and is suitable for performance-critical applications. 3. Golang is simple and efficient in concurrent processing, suitable for concurrent programming. 4.C Manual memory management provides higher performance, but increases development complexity.
Golang: From Web Services to System ProgrammingApr 20, 2025 am 12:18 AMGolang's application in web services and system programming is mainly reflected in its simplicity, efficiency and concurrency. 1) In web services, Golang supports the creation of high-performance web applications and APIs through powerful HTTP libraries and concurrent processing capabilities. 2) In system programming, Golang uses features close to hardware and compatibility with C language to be suitable for operating system development and embedded systems.
Golang vs. C : Benchmarks and Real-World PerformanceApr 20, 2025 am 12:18 AMGolang and C have their own advantages and disadvantages in performance comparison: 1. Golang is suitable for high concurrency and rapid development, but garbage collection may affect performance; 2.C provides higher performance and hardware control, but has high development complexity. When making a choice, you need to consider project requirements and team skills in a comprehensive way.
Golang vs. Python: A Comparative AnalysisApr 20, 2025 am 12:17 AMGolang is suitable for high-performance and concurrent programming scenarios, while Python is suitable for rapid development and data processing. 1.Golang emphasizes simplicity and efficiency, and is suitable for back-end services and microservices. 2. Python is known for its concise syntax and rich libraries, suitable for data science and machine learning.
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
Dreamweaver Mac version
Visual web development tools
ZendStudio 13.5.1 Mac
Powerful PHP integrated development environment
SAP NetWeaver Server Adapter for Eclipse
Integrate Eclipse with SAP NetWeaver application server.
DVWA
Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is very vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, to help web developers better understand the process of securing web applications, and to help teachers/students teach/learn in a classroom environment Web application security. The goal of DVWA is to practice some of the most common web vulnerabilities through a simple and straightforward interface, with varying degrees of difficulty. Please note that this software
