From go-studio
Add JWT + magic link + OAuth (Google/GitHub) + optional TOTP auth to an existing Go app.
npx claudepluginhub dvrd/ui-studio --plugin dvrdThis skill uses the workspace's default tool permissions.
Adds a complete authentication system to an existing Go SaaS app.
Scaffolds signin and signup authentication endpoints for Next.js, Express, FastAPI, Go projects with Prisma, Drizzle, PostgreSQL, SQLAlchemy, and database/JWT sessions. Use for adding login/register flows from scratch.
Implements framework-agnostic TypeScript authentication with email/password, OAuth (Google, GitHub, Discord), 2FA (TOTP, SMS), passkeys/WebAuthn, session management, RBAC, rate limiting, and database adapters. Use for secure auth systems.
Adds complete user authentication system with login/registration, OAuth, JWT tokens, permission controls, and protected routes. Detects stacks like React/Vue frontend and FastAPI/Express/Next.js backend.
Share bugs, ideas, or general feedback.
Adds a complete authentication system to an existing Go SaaS app.
Confirm with user before proceeding:
Read patterns:
go-stack: pattern://auth-jwt.mdgo-stack: pattern://auth-magic-link.mdgo-stack: pattern://auth-oauth.md (if OAuth enabled)pquerna/otp library — no dedicated pattern file yet, follow go-stack: guide://review-checklists.md security sectionAdd dependencies to go.mod:
github.com/golang-jwt/jwt/v5golang.org/x/oauth2 (if OAuth)github.com/pquerna/otp (if TOTP)Write migration: internal/migrations/002_auth.sql
magic_link_tokens table (id, user_id, token_hash, expires_at, used_at)refresh_tokens table (id, user_id, token_hash, expires_at)totp_secrets table (if TOTP)Write internal/repositories/auth.go:
FindUserByEmail(ctx, email)CreateMagicLinkToken(ctx, userID, tokenHash, expiresAt)ConsumeMagicLinkToken(ctx, tokenHash) — marks used, returns userCreateRefreshToken(ctx, userID, tokenHash)RotateRefreshToken(ctx, oldHash, newHash)Write internal/services/auth.go:
SendMagicLink(ctx, email) — generates token, sends via ResendVerifyMagicLink(ctx, token) — returns JWT pairRefreshTokens(ctx, refreshToken) — rotates and returns new pairOAuthCallback(ctx, provider, code) (if OAuth)Write internal/handlers/auth.go:
POST /auth/magic-link — request magic linkGET /auth/verify?token=... — verify and set cookiesPOST /auth/refresh — rotate tokensGET /auth/logout — clear cookiesGET /auth/oauth/{provider} (if OAuth)GET /auth/oauth/{provider}/callback (if OAuth)Write internal/middleware/auth.go:
RequireAuth middleware — validates JWT from cookie, sets user in contextOptionalAuth middleware — sets user if token present, continues either wayWrite auth Templ pages:
internal/ui/pages/login.templ — email form for magic linkinternal/ui/pages/verify-sent.templ — "check your email" confirmationWire auth handler to chi router in cmd/server/main.go
Add auth config fields to internal/config/config.go:
JWTSecret, JWTAccessExpiry, JWTRefreshExpiryMagicLinkExpiry, BaseURLGoogleClientID, GoogleClientSecret (if OAuth)GitHubClientID, GitHubClientSecret (if OAuth)Run go build ./... + templ generate
go build ./... passesRequireAuth middleware available for protecting routes