Microservices #

• Building a global services network using Go, QUIC and Micro

• Microservices on Go with the Go Kit

• How I’m writing Serverless services in Golang

  Service discovery allows you to register the location of services, with a user friendly name, so that you can find other services by name. AWS provides a Serverless offering for this, called Cloudmap

  cloud application library

  The most important lesson I hope you take away from this, however, is protecting your business logic from the sea of AWS services and technologies. Treat Lambda as an unimportant detail, treat DynamoDB as an unimportant detail

• Building a global services network using Go, QUIC and Micro

• Make resilient Go net/http servers using timeouts, deadlines and context cancellation Initialize net/http server with timeouts:

  1 2 3 4 5 6 7 8

  srv := &http.Server{ ReadTimeout: 1 * time.Second, WriteTimeout: 1 * time.Second, IdleTimeout: 30 * time.Second, ReadHeaderTimeout: 2 * time.Second, TLSConfig: tlsConfig, Handler: srvMux, }

  • the net/http packages provide a TimeoutHandler
  • it returns a handler that runs a handler within the given time limit
  • use Context to be aware of request

• A clean way to pass configs in a Go application

AppSec #

• Implementing JWT based authentication in Golang

Beyondcorp #

• ory.sh

  ORY is the open source and cloud native identity infrastructure. ORY is written in Go and open standards and consensus are the foundation. It is language and platform independent, extremely lightweight, starts up in seconds and doesn’t interfere with your code

  Inspired by Google’s BeyondCorp

TODO ory ecosystem #

AWS #

• API Gateway Authorizer Blueprint in Golang
• API Gateway Custom Authorizer
• A simple AWS API Gateway Authoriser in Go
• expressive DynamoDB library for Go

CDK #

• Getting started with CDK and Golang
• Using AWS CDK to configure deploy a Golang Lambda with API Gateway

Books #

• List of interesting Golang Books

Configuration #

Spacemacs #

Pre-requisites to use the go-layer inside spacemacs:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15

GO111MODULE=on go get -v golang.org/x/tools/gopls@latest
GO111MODULE=on CGO_ENABLED=0 go get -v -trimpath -ldflags '-s -w' github.com/golangci/golangci-lint/cmd/golangci-lint
go get -u -v golang.org/x/tools/cmd/godoc
go get -u -v golang.org/x/tools/cmd/goimports
go get -u -v golang.org/x/tools/cmd/gorename
go get -u -v golang.org/x/tools/cmd/guru
go get -u -v github.com/cweill/gotests/...
go get -u -v github.com/davidrjenni/reftools/cmd/fillstruct
go get -u -v github.com/fatih/gomodifytags
go get -u -v github.com/godoctor/godoctor
go get -u -v github.com/haya14busa/gopkgs/cmd/gopkgs
go get -u -v github.com/josharian/impl
go get -u -v github.com/mdempsky/gocode
go get -u -v github.com/rogpeppe/godef
go get -u -v github.com/zmb3/gogetdoc

doom emacs #

• Ladicle Golang Doom Emacs customizations

GTAGS #

gtags will create CTAGS files to global. For Go you can use gogtags to generate the files. It also works well with helm-gtags.

Code Examples #

• l3x.github.io/golang-code-examples/

Code Style #

• Cleaner go code with golines
• Effective Go (golang.org)
• Darker Corners of Go
  • covers most of the 101 topics beginners should know about Golang

Clean Code Examples #

• github.com/ahmetb/kubectx
• github.com/gojek/heimdall
• github.com/ethereum/go-ethereum
• github.com/drone/drone
• github.com/google/exposure-notifications-server

Design #

• SOLID Go Design
• The Zen of Go
  • more detailed version
• Design Patterns by refactoring.guru
• Hexagonal Architecture in Go

Fun #

• Evolution of a Go programmer

Internals #

• A recap of request handling in Go
• Diving deep into net/http : A look at http.RoundTripper
• Dissecting golang’s HandlerFunc, Handle and DefaultServeMux
• Requests richtig verarbeiten: Keine Sorge beim Multiplexen in Go
• How to handle signals with Go to graceful shutdown HTTP server
• Life of an HTTP request in a Go server - Eli Bendersky’s website

Context #

• Contexts and structs

  Context provides a means of transmitting deadlines, caller cancellations, and other request-scoped values across API boundaries and between processes. It is often used when a library interacts — directly or transitively — with remote servers, such as databases, APIs

  When designing an API with context, remember the advice: pass context.Context in as an argument; don’t store it in structs.

• How to use context in different uses cases

Interviews #

• 2020-05 | Rob Pike interview for Evrone: “Go has become the language of cloud infrastructure”

Messaging #

Bots #

Slack #

• slack-go/slack examples
• Create a Slack bot using Golang
• Write an interactive message bot for Slack in Golang
  • full code: go-slack-interactive
• bot tokens
• slack-message-builder
• message attachments
• block kit builder
• Frameworks
  • github.com/shomali11/slacker
• github.com/go-chat-bot/bot
  • IRC, SLACK, Telegram and RocketChat bot written in Go
• github.com/alexandre-normand/slackscot
  • Slack bot core/framework written in Go with support for reactions to message updates/deletes

Malware #

• Blackrota, a heavily obfuscated backdoor written in Go

Modules #

• How I Structure Go Packages Some great advice about logging and package structure
• Go best practices, 6 years in

Testing #

• Learn go with test-driven development (TDD)
• Testing Go services using interfaces (deliveroo)
• Building and Testing a REST API in GoLang using Gorilla Mux and MySQL
• Testing with GoMock: A Tutorial - codecentric AG Blog
• GoMock vs. Testify: Mocking frameworks for Go
  • learn how to use mockery and testify
  • 3 classes fo failures:
    • Unexpected calls
    • Missing calls (expected, but not occurred)
    • Expected calls with unexpected parameter values
• Golang basics - writing unit tests
• Testing HTTP Handlers in Go
• Testing Clients to an HTTP API in Go
• Writing good unit tests for SOLID go
  • structs will depend on interfaces instead of structs (easy for dependency injection)
  • What should be tested:
    • when testing, you can think of it as sending and receiving messages
    • incoming messages refer to calls to methods
    • outgoing messages refers to calls from the tested object on its dependencies
  • most people go first to integration tests
• Testing Go at Stream
• Using Go Interfaces for Testable Code - The Startup - Medium
  • using interfaces for stubbing
• 2020-05 | How I write my unit tests in Go quickly
  • on dependency injection
  • duck typing interfaces
  • BDD (Behaviour Driven Development)

Fuzzing #

• Go: Fuzz Testing in Go - A Journey With Go

TDD #

• More on TDD

Great resources:

• github.com/quii/learn-go-with-tests
• leanpub.com/golang-tdd/read
  • really good explanations

Tools #

• An overview of Go’s tooling

• Emacs and Go mode

• gojson: Automatically generate Go (golang) struct definitions from example JSON

• golang.org/x/tools

  • go-guru

• go-spew: Implements a deep pretty printer for Go data structures to aid in debugging

• godocgen

  Godocgen is an app built using Go programming language to generate Go module package’s documentations. It parses the packages documentation data and facilitates custom rendering, enabling Gopher to use other hosting solution like Hugo to host the documents.

• 3mux: Terminal multiplexer inspired by i3

• tspur: Terminal Screen with Protected User Records (TSPUR)

• json-to-go

  • This tool instantly converts JSON into a Go type definition

Templates #

• Using go templates

Logging #

• About Go logging for reusable packages

  Use some global variadic function:

  1 2 3 4 5

  package mypkg // LogFunc is a function that logs the provided message with optional // fmt.Sprintf-style arguments. By default, logs to the default log.Logger. var LogFunc func(string, ...interface{}) = log.Printf

• Some words about logging

  • Some tips:
    • Never log in a package that isn’t main
    • Don’t log things if the program is operating normally
    • only log in package main

• Let’s talk about logging

• go-kit/log

OO #

• Object Oriented Go - The Basics

Packaging #

• Zombie Zen - How I packaged a Go program for Windows and Linux
• Packages as layers, not groups
  • How to think of your modules as layers and not as groups
  • by Ben Johnson (wo wrote the standard package layout)
• How to Structure a Go Command-Line Project
• Go best practices, six years in

Serialization #

• Custom JSON Marshalling in Go

  • Nice elegant solution using aliases, e.g.

  1 2 3 4 5 6 7 8 9 10

  func (u *MyUser) MarshalJSON() ([]byte, error) { type Alias MyUser return json.Marshal(&struct { LastSeen int64 `json:"lastSeen"` *Alias }{ LastSeen: u.LastSeen.Unix(), Alias: (*Alias)(u), }) }

• Golang JSON Serialization With Interfaces

  • Working with plants and animals
  • adds extra field type to know which struct to use

• Is there a way to have json.Unmarshal() select struct type based on “type” property?

  • how to do deserialization when field is a list of interfaces
  • implement UnmarshalJSON on slice of interfaces
  • Example with []vehicle

Security #

• Security assessment techniques for go projects
  • static analysis, fuzzing, dynamic testing etc.
• CSRF Attacks
  • Implementing CSRF, auth handler

Pentest #

• github.com/sysdream/hershell
• github.com/sysdream/chashell
  • using DNS as reverse shell
• github.com/sysdream/ligolo

Botnets #

• github.com/gnxbr/Unbreakable-Botnet-C2
  • using Blockchains for communication channel

Scanners #

• github.com/v-byte-cpu/sx

Surveys #

• State of Go in 2021

UI #

• Vugu
  • A modern UI library for Go+WebAssembly