Golang

When designing Go APIs, you might think it’s harmless to return (nil, nil) when an object isn’t found. Many developers do this because it feels like “not found” shouldn’t be treated as an error. However, this approach often leads to one of the most frustrating runtime crashes in Go: panic: invalid memory address or nil pointer dereference In this post, we’ll cover: The problem — how (nil, nil) breeds fragile code Why this design creates real-world headaches Two solutions: Best practice (recommended): return a predefined error instead Alternative pattern: use an explicit existence flag An evolved, safer version of the code The goal isn’t just to fix mistakes, but to enhance API design to prevent misuse down the line. ...

Introduction For many Go developers, a recurring challenge has been: “What is the right way to handle multiple errors?” Whether it’s running several cleanup steps, processing batches of data, or validating various inputs, ensuring errors are handled correctly and efficiently has been crucial. Before Go 1.20, developers did not have a unified approach; each team created its own solution, often leading to awkward, unidiomatic, or even incorrect patterns. With Go 1.20, we now have a standard, pragmatic solution: errors.Join. This article will explore why older techniques were problematic, how the Go team designed a better approach, and how to apply this new solution effectively in your code. ...

Authentication on the web often feels confusing not because it is complicated, but because its core ideas are rarely explained in a clean order. This post builds that order. We will start from the nature of the web itself, explain cookies and server-side sessions as a single coherent model, then expand outward to JWT and why it fits modern distributed systems. The goal is not to overwhelm you, but to give you a mental model you can reuse. ...

Introducing OneClickTLS: Generate Self Signed TLS and mTLS Certificates Instantly If you have worked with Kubernetes, Docker, microservices, or local HTTPS development, you already know how frustrating it is to generate self signed TLS certificates. Searching for OpenSSL commands, adjusting SAN values, fixing errors, and repeating the entire process again and again. After dealing with this pain for years, I finally built a tool that removes all the friction: https://oneclicktls.com ...

When you first work on a Go project that uses the Kubernetes client SDK, you might feel lost about how to debug it on your local environment. Don’t panic. It’s actually very simple once you understand what’s happening behind the scenes. I’ll walk you through how to make it work using VSCode as an example. The Common Confusion When your program is designed to run inside a Kubernetes cluster, it usually connects to the cluster using rest.InClusterConfig(). This configuration relies on the ServiceAccount token mounted at /var/run/secrets/kubernetes.io/serviceaccount/token. When you run the same program locally, that path doesn’t exist, and the SDK will fail to initialize with an error like: ...

Introduction Today, we will dive into understanding the Observer Design Pattern with a Golang code example. This pattern is a cornerstone of software design, promoting flexibility and reuse in code by managing dependencies effectively. What Is the Observer Pattern? The Observer pattern defines a one-to-many dependency between objects, ensuring that when one object (the Subject) changes its state, all its dependents (Observers) are automatically notified. This pattern is pivotal in creating an efficient and decoupled architecture. ...

Introduction When working with strings in Go, you might reach for the strings.Split function to get the first part of a string before a known delimiter. However, this approach isn’t optimal for performance-sensitive code. In this post, we’ll explore why using strings.Cut can be a better choice and discuss some efficient alternatives for string parsing in Go. The Inefficiency of strings.Split While strings.Split is a straightforward choice for separating strings by a delimiter, it comes with drawbacks: ...

After updating the github.com/gorilla/csrf package in your Go backend from v1.7.2 to v1.7.3, you might suddenly notice that your Playwright tests start failing — specifically with 403 Forbidden responses. What Changed? This update addresses a security vulnerability: CVE-2024-24787. It’s a Golang backend issue, not related to WebSocket libraries like ws, despite what some GitHub advisory titles might misleadingly suggest. In v1.7.3, gorilla/csrf now strictly enforces same-site origin checks using the Origin and Referer headers. If these headers are missing or don’t match the expected host, CSRF validation fails, and the request is blocked with a 403. ...

Introduction Go 1.13 introduced powerful features for error wrapping and introspection — namely errors.Is and errors.As. While it’s tempting to reach for traditional type assertions (e.g., err.(*MyError)), there’s a safer and more idiomatic tool for the job: errors.As. This post explains why you should use errors.As over type assertions, with clear examples for both concrete error structs and interfaces like net.Error. The Problem with Type Assertions Consider the old way of checking if an error is of a specific type: ...

If you search Cors error, you can find tons of answers. But most of them are not clear enough to understand, especially you are new to web development. So I will explain what is Cors error and how to fix it in Golang. 1. What is Cors? CORS stands for Cross-Origin Resource Sharing. It is a security feature implemented by web browsers to control how web pages in one domain can request and interact with resources hosted on another domain. ...