No shade to Rust, but our bidding platform using ONNX Runtime and Rust gave us endless compatibility headaches with outdated crates and poor performance we were stuck at 50ms P95 at 16k QPS. The bidder needed to consistently respond under 15ms, so we switched to Go. Fewer lines of code, and with every round of tuning, the latency kept dropping. We finally nailed 10ms-15ms P95 at 16k QPS.
Back in business
show & tell
I got tired of glueing together bcrypt + golang-jwt + oauth2 + sessions every time I added auth to a Go service, so I built . Tagged v0.1.0 today.
It's a composable auth library, and the core ships sessions/cookies/CSRF/rate-limiting, and each auth method is a separate module you compose in.
auth, _ := limen.New(&limen.Config{
BaseURL: "http://localhost:8080",
Database: sqladapter.NewPostgreSQL(db),
Plugins: []limen.Plugin{
credentialpassword.New(),
oauth.New(oauth.WithProviders(
oauthgoogle.New()
)),
twofactor.New(),
},
})
mux.Handle("/api/auth/", auth.Handler())
That's signup, signin, Google OAuth, and 2FA. auth.GetSession(r) works the same regardless of how they sigin-in. Framework-agnostic http.Handler, so it drops into net/http, Gin, Echo, Chi, Fiber.
Current plugins: credential/password, OAuth (10+ providers), 2FA (TOTP + backup codes). Adapters for database/sql and GORM
It's v0.1.0 — pre-1.0. I would love feedback on API ergonomics and security defaults, and things that can be better.
-
Repo:
-
Docs + writeup:
