# Changelog All notable changes to this project will be documented in this file. ## [1.1.0] - 2026-02-04 ### Added - ✅ **Redis Integration**: Full Redis caching and session management - Session storage with Redis - User data caching - Token blacklist for logout - Email verification token cache - Password reset token cache - ✅ **Cache Service**: New dedicated cache service (`internal/services/cache_service.go`) - SetUser/GetUser/DeleteUser for user caching - Session management methods - Rate limiting support - Token blacklist operations - Email verification and password reset token management - ✅ **Rate Limiting**: API rate limiting with Redis backend - Login rate limiting: 5 attempts per minute - Registration rate limiting: 3 attempts per 5 minutes - General API rate limiting: 100 requests per minute - Graceful degradation when Redis is unavailable - ✅ **CORS Configuration**: Cross-Origin Resource Sharing support - Configurable allowed origins - Credentials support - Multiple HTTP methods allowed - ✅ **Docker Compose**: Complete Docker setup with 3 services - PostgreSQL 17 Alpine - Redis 7 Alpine with persistence - Application service with auto-restart - ✅ **Documentation**: - README.md with comprehensive project documentation - SETUP.md with detailed setup instructions - .env.example template file - Quick start script (start-with-docker.sh) ### Changed - 🔄 Updated `main.go` to initialize Redis connection - 🔄 Updated routes to include rate limiting middlewares - 🔄 Enhanced docker-compose.yml with Redis service ### Technical Details - **Redis Client**: go-redis/v9 - **CORS Middleware**: gin-contrib/cors - **Default CORS Origin**: http://localhost:3000 - **Redis Connection**: Gracefully handles unavailability ## [1.0.0] - Initial Release ### Added - JWT-based authentication - OAuth2 integration (Google, GitHub) - Email verification - PostgreSQL database with GORM - Swagger/OpenAPI documentation - User roles and permissions - Password hashing with bcrypt - Protected routes with middleware - Auto-migration and seeding ### Database Models - Users table with email verification - Social accounts for OAuth - Roles and permissions system - User-Role relationships ### API Endpoints - POST /v1/auth/register - User registration - POST /v1/auth/login - User login - GET /v1/auth/verify-email - Email verification - POST /v1/auth/refresh - Token refresh - GET /v1/auth/:provider - OAuth login - GET /v1/auth/:provider/callback - OAuth callback - GET /v1/auth/me - Get current user (protected) - GET /v1/auth/validate - Validate token (protected) --- ## Future Roadmap ### Planned Features - [ ] Email service integration (SMTP) - [ ] Password reset functionality - [ ] 2FA (Two-Factor Authentication) - [ ] User profile management - [ ] Admin dashboard - [ ] Audit logging - [ ] Metrics and monitoring (Prometheus) - [ ] API versioning - [ ] Webhook support - [ ] Multi-tenancy support ### Performance Improvements - [ ] Database query optimization - [ ] Redis clustering support - [ ] Connection pooling enhancements - [ ] Response compression ### Security Enhancements - [ ] IP whitelisting - [ ] Advanced rate limiting (per user, per endpoint) - [ ] Brute force protection - [ ] Session management dashboard - [ ] Security headers middleware - [ ] CSP (Content Security Policy) --- ## Version History - **v1.1.0** - Redis integration, CORS, Rate limiting, Complete documentation - **v1.0.0** - Initial release with basic authentication and OAuth