A RESTful ecommerce API built with Go, Gin, GORM, and PostgreSQL.
Warning
This project was partially vibe-coded. I have not reviewed all of the code, I cannot guarantee quality, use at your own risk.
See frontend/README.md for details about the frontend.
-
Authentication & Authorization
- Cookie-based authentication (HttpOnly session cookie)
- User registration and login
- Role-based access control (admin/customer)
- OpenID Connect support
-
Product Management
- Product CRUD operations (admin)
- Product search and filtering
- Pagination support
- Price range filtering
- Sorting (by price, name, date)
- Stock/inventory management
-
Shopping Cart
- Add items to cart
- Update cart item quantities
- Remove items from cart
- View cart
-
Order Management
- Create orders
- View order history
- Order status tracking (PENDING, PAID, FAILED)
- Mock payment processing
- Admin order management
-
User Management
- User profiles
- Profile updates
- Admin user management
- Go 1.21 or higher
- Docker or Podman (for running Postgres database)
- Make
- FFmpeg (for media processing)
- NPM/Bun/Yarn/PNPM (for frontend)
-
Clone the repository
git clone https://git.colormatic.org/ColormaticStudios/ecommerce.git cd ecommerce -
Install dependencies
go mod download
-
Set up environment variables
cp .env.example .env # Edit .env with your configurationOptional non-secret defaults via TOML:
cp config/config.example.toml config.toml # Edit config.toml with non-secret settings -
Run a temporary database
sudo scripts/run-dev-db-docker.sh # Or scripts/run-dev-db-podman.sh -
Start the backend
make run
Or build and run:
make api bin/ecommerce-api
-
Populate the database with placeholder products
scripts/populate-test-database.sh
-
Start the frontend
cd frontend bun install bun run dev --open
Note: the storefront placeholders that the AI generated are cringe but funny, so I left them in. The example products are certified artisan humanslop.
See .env.example for all required environment variables.
You can also provide non-secret defaults in config.toml (see
config/config.example.toml). Config precedence is:
- Environment variables (highest priority)
.envconfig.toml(lowest priority)
DATABASE_URL: PostgreSQL connection stringPORT: Server port (default: 3000)JWT_SECRET: Secret key for JWT token signingDISABLE_LOCAL_SIGN_IN: Disable local sign-in (default: false)OIDC_PROVIDER: OIDC provider URL (optional)OIDC_CLIENT_ID: OIDC client ID (optional)OIDC_CLIENT_SECRET: OIDC client secret (optional)OIDC_REDIRECT_URI: OIDC redirect URI (optional)DEV_MODE: Whether to allow connections from localhost (optional)PUBLIC_URL: What host to allow connections from in production
- Development (
DEV_MODE=true): auth cookie isHttpOnly,SameSite=Lax,Secure=falseso login works overhttp://localhost. - Production (
DEV_MODE=false): auth cookie isHttpOnly,SameSite=None,Secure=true. - Frontend requests must include credentials (for example
fetch(..., { credentials: "include" })).
See API.md for documentation on the API.
The repository now includes an OpenAPI contract at api/openapi.yaml used to
generate shared backend and frontend types.
-
Generate all contract artifacts:
make openapi-gen
-
Validate generated files are up to date (CI-friendly):
make openapi-check
-
Generate API documentation from the OpenAPI contract:
make openapi-docs
The following files/routes are intentionally for testing only and are not production runtime features:
cmd/e2e-server/main.go: dedicated local/CI E2E backend server using SQLite test data.GET /__test/summary(fromcmd/e2e-server/main.go): test-only DB summary assertions.GET /__test/login(fromcmd/e2e-server/main.go): test-only session bootstrap helper.POST /__test/cart-item(fromcmd/e2e-server/main.go): test-only cart seeding helper.POST /__test/saved-checkout-data(fromcmd/e2e-server/main.go): test-only checkout-data seeding helper.handlers/critical_journeys_integration_test.go: backend critical-journey integration tests.frontend/playwright.config.ts: Playwright test runner config.frontend/e2e/critical-journeys.spec.ts: browser E2E specs for critical user journeys.
The project includes a command-line tool for administrative tasks.
make cliSet a user as admin:
bin/ecommerce-cli user set-admin --email user@example.com
# or by username
bin/ecommerce-cli user set-admin --username johndoeCreate a new user:
bin/ecommerce-cli user create \
--email admin@example.com \
--username admin \
--password securepassword \
--name "Admin User" \
--role adminList all users:
bin/ecommerce-cli user list
# Filter by role
bin/ecommerce-cli user list --role adminDelete a user:
bin/ecommerce-cli user delete --email user@example.com
# Skip confirmation
bin/ecommerce-cli user delete --email user@example.com --yesCreate a product:
bin/ecommerce-cli product create \
--sku PROD-001 \
--name "Product Name" \
--description "Product description" \
--price 29.99 \
--stock 100List products:
bin/ecommerce-cli product list
# Limit results
bin/ecommerce-cli product list --limit 10Edit a product:
# Change stock to 20
bin/ecommerce-cli product edit \
--id 1 \
--stock 20
# Products can be identified by either ID or SKU
# Change SKU
bin/ecommerce-cli product edit \
--sku PROD-001 \
--new-sku PROD-002Set related products:
bin/ecommerce-cli product related-set --id 1 --related-id 2,3,4
# or by SKU
bin/ecommerce-cli product related-set --sku PROD-001 --related-sku PROD-002 --related-sku PROD-003Upload media and attach to a product:
bin/ecommerce-cli product media-upload \
--id 1 \
--file ./path/to/image.jpg \
--api-base http://localhost:3000 \
--token <admin-jwt>Delete a product:
bin/ecommerce-cli product delete --id 1
# or by SKU
bin/ecommerce-cli product delete --sku PROD-001Get help for any command:
bin/ecommerce-cli --help
bin/ecommerce-cli user --help
bin/ecommerce-cli user set-admin --help# Backend: run all Go tests (unit + integration tests)
make testYou can also run targeted suites:
# Backend: critical journey integration tests only
GOCACHE=/tmp/go-build-cache go test ./handlers -run TestCriticalJourney -count=1# Backend: generated API migration/parity tests
go test ./handlers -run TestGenerated -count=1# Frontend: type checking + linting (static test gates)
cd frontend
bun run check
bun run lint# Frontend + backend: browser E2E tests (Playwright)
cd frontend
bun run test:e2e# Frontend + backend: browser E2E tests (headed mode)
cd frontend
bun run test:e2e:headedCurrent automated test coverage in this repository includes:
- Backend unit tests (handler logic, auth helpers, middleware behavior, config/model helpers).
- Backend integration tests against in-memory SQLite (
handlers/*_test.gointegration-focused suites). - Backend critical journey integration tests (
handlers/critical_journeys_integration_test.go). - Generated OpenAPI router parity/migration tests (
handlers/generated_api_server*_test.go). - Frontend static quality gates (
bun run check,bun run lint). - Frontend browser E2E critical journeys (
frontend/e2e/critical-journeys.spec.ts) using the test-only server incmd/e2e-server/main.go.
API Server:
go build -o bin/ecommerce-api -ldflags="-s -w" main.goCLI Tool:
go build -o bin/ecommerce-cli -ldflags="-s -w" ./cmd/cliMigrations are handled automatically by GORM on server start.

