This is a feature-bound auth example. The .gwdk files declare the login
actions and session API, and GOWDK discovers matching Go handlers in the same
feature package.
- One generated binary is the default.
src/features/auth/auth.goimplementsLogin,Logout, andSession.- Split frontend/backend binaries are optional and generated from the same declarations.
- No hand-written JavaScript is used.
- No HTML lives in Go code.
gowdk.config.go: configures one-binary and split generated targets.src/features/auth/login.page.gwdk: root login page withact loginandapi session.src/features/auth/dashboard.page.gwdk: dashboard page withact logout.src/features/auth/auth.go: same-package feature-bound handlers.src/features/auth/login-app.cmp.gwdk: reusable login panel component.src/features/auth/login-error.page.gwdk: failed-login route.styles/auth.css: CSS input selected by pages withcss auth..gowdk/output/login: inferred generated output for the one-binary target..gowdk/output/split: inferred generated output for the split target..gowdk/login: generated one-binary Go app source..gowdk/login-frontendand.gowdk/login-backend: generated split app sources.bin/login: generated one-binary app.bin/login-frontendandbin/login-backend: generated split binaries.
This example fails closed: it refuses to authenticate unless you configure a
signing secret and the demo password. The session cookie is Secure by
default; over plain HTTP for local development you must opt out explicitly.
From this directory:
cd examples/login
export GOWDK_LOGIN_SECRET="$(head -c 32 /dev/urandom | base64)" # required, >=32 bytes
export GOWDK_LOGIN_PASSWORD="demo-password" # required, no default
export GOWDK_COOKIE_INSECURE=true # local HTTP only; omit in production
make serveOpen http://127.0.0.1:8090/.
Use:
email: demo@example.com # override with GOWDK_LOGIN_EMAIL
password: <GOWDK_LOGIN_PASSWORD>
The generated app calls auth.Login, sets a signed HttpOnly SameSite session
cookie, and redirects to /dashboard. GET /api/session calls auth.Session.
A real app must set a unique, high-entropy GOWDK_LOGIN_SECRET, use real
credentials, and leave the cookie Secure (serve over HTTPS).
Split mode keeps the same .gwdk declarations but generates separate frontend
and backend binaries. The frontend serves app output and proxies action/API
routes to GOWDK_BACKEND_ORIGIN.
cd examples/login
make serve-splitOpen:
frontend: http://127.0.0.1:8090/
backend: http://127.0.0.1:8091/
cd examples/login
go run ../../cmd/gowdk build --target login
GOWDK_ADDR=127.0.0.1:8090 bin/loginFor split mode:
go run ../../cmd/gowdk build --target split
GOWDK_ADDR=127.0.0.1:8091 bin/login-backend
GOWDK_ADDR=127.0.0.1:8090 GOWDK_BACKEND_ORIGIN=http://127.0.0.1:8091 bin/login-frontendPOST /: bound fromact logintoauth.Login.POST /dashboard: bound fromact logouttoauth.Logout.GET /api/session: bound fromapi sessiontoauth.Session.
This example demonstrates action/API/session plumbing with signed cookies. The
dashboard remains public so gowdk build works without generated-app guard
hooks. For protected pages, the built-in auth addon, and native role guards, see
examples/auth-guard/.