Production-ready, multi-tenant authentication platform with Clerk.js compatibility (WIP)
Frank Auth SaaS is a comprehensive, enterprise-ready authentication platform designed to provide seamless user management, multi-factor authentication, and advanced security features for modern applications. Built with a three-tier user system and multi-tenant architecture, it offers enhanced security and compliance features. It's can be embedded to your GoLang Backend or just hosted standalone.
- Go 1.21+ - Install Go
- PostgreSQL 14+ - Install PostgreSQL
- Redis 6+ - Install Redis
# Clone the repository
git clone https://github.com/juicycleff/frank.git
cd frank
# Install dependencies
go mod download
# Copy configuration template
cp configs/config.yaml.example configs/config.yaml
# Setup database
make migrate-up
# Seed initial data (optional)
make seed
# Start the server
make run# Start all services
docker-compose up -d
# Initialize database
docker-compose exec app make migrate-up
# View logs
docker-compose logs -f appFrank Auth SaaS implements a sophisticated three-tier user system designed for maximum flexibility and security:
- Your company employees managing the SaaS platform
userstable withuser_type = "internal"- Full platform management permissions
- Access to analytics, billing, and system administration
- Customer developers/admins managing their authentication service
userstable withuser_type = "external"- Organization-scoped permissions
- Manage their organization's end users and settings
- Actual users of customer applications
- Separate
end_userstable (isolated per organization) - Self-access permissions only
- The users that your customers' applications authenticate
┌─────────────────────────────────────────────────────────────┐
│ Frank Auth Platform │
├─────────────────────────────────────────────────────────────┤
│ Internal Users (Platform Staff) │
│ • Platform Management • Analytics • Billing │
└─────────────────────────────────────────────────────────────┘
│
├── Organization A ──────────────────────────────────┐
│ │ │
│ ├── External Users (Customer Staff) │
│ │ • Manage End Users • Configure Auth │
│ │ │
│ └── End Users (Application Users) │
│ • Login to Apps • Self-Management │
│ │
└── Organization B ──────────────────────────────────┤
│ │
├── External Users (Customer Staff) │
│ • Manage End Users • Configure Auth │
│ │
└── End Users (Application Users) │
• Login to Apps • Self-Management │
- Traditional: Email/password with robust security
- Passwordless: Magic links and OTP via email/SMS
- Social OAuth: Google, GitHub, Microsoft, Apple, and 20+ providers
- Enterprise SSO: SAML 2.0 and OpenID Connect
- Passkeys: WebAuthn/FIDO2 for modern authentication
- API Keys: Secure programmatic access
- Multi-Factor Authentication: TOTP, SMS, Email, and backup codes
- Session Management: Secure, scalable session handling
- Rate Limiting: Intelligent throttling and DDoS protection
- Audit Logging: Comprehensive security event tracking
- SOC 2 Compliance: Built-in compliance features
- Zero-Trust Architecture: Verify everything, trust nothing
- Multi-Tenant Architecture: Complete organization isolation
- Role-Based Access Control: Granular permissions system
- Member Management: Invitations, roles, and billing seats
- Team Collaboration: Organization-scoped resources
- Billing Integration: Usage-based pricing support
- RESTful API: Comprehensive REST API with OpenAPI docs
- WebSocket Support: Real-time authentication events
- Webhooks: Event-driven integrations
- SDK Support: Official SDKs for popular languages
- Clerk.js Compatibility: Drop-in replacement for existing apps
- User Analytics: Login patterns, device tracking, geolocation
- Security Monitoring: Failed attempts, suspicious activity
- Performance Metrics: Response times, throughput, errors
- Compliance Reports: Automated audit trail generation
# Database Configuration
DATABASE_URL=postgres://user:password@localhost:5432/frank_auth
REDIS_URL=redis://localhost:6379
# Server Configuration
SERVER_PORT=8080
SERVER_HOST=0.0.0.0
ENVIRONMENT=development
# Authentication
JWT_SECRET=your-super-secure-jwt-secret
JWT_EXPIRY=24h
REFRESH_TOKEN_EXPIRY=7d
# External Services
SMTP_HOST=smtp.gmail.com
SMTP_PORT=587
SMTP_USERNAME=your-email@gmail.com
SMTP_PASSWORD=your-app-password
# OAuth Providers
GOOGLE_CLIENT_ID=your-google-client-id
GOOGLE_CLIENT_SECRET=your-google-client-secret
# Security
RATE_LIMIT_ENABLED=true
RATE_LIMIT_REQUESTS_PER_MINUTE=100
CORS_ALLOWED_ORIGINS=http://localhost:3000,https://yourdomain.com# configs/config.yaml
server:
port: 8080
host: "0.0.0.0"
timeout: 30s
database:
host: "localhost"
port: 5432
name: "frank_auth"
user: "postgres"
password: "password"
ssl_mode: "disable"
max_connections: 100
auth:
jwt_secret: "your-jwt-secret"
jwt_expiry: "24h"
password_policy:
min_length: 8
require_uppercase: true
require_lowercase: true
require_digit: true
require_special: false
mfa:
totp_issuer: "Frank Auth"
totp_digits: 6
totp_period: 30
backup_codes_count: 10
security:
rate_limit_enabled: true
rate_limit_per_second: 10
rate_limit_burst: 50
cors_enabled: true
security_headers_enabled: true# Register a new user
curl -X POST https://api.frankauth.com/v1/auth/register \
-H "Content-Type: application/json" \
-d '{
"email": "user@example.com",
"password": "securepassword123",
"first_name": "John",
"last_name": "Doe"
}'
# Login
curl -X POST https://api.frankauth.com/v1/auth/login \
-H "Content-Type: application/json" \
-d '{
"email": "user@example.com",
"password": "securepassword123"
}'
# Get current user
curl -X GET https://api.frankauth.com/v1/auth/me \
-H "Authorization: Bearer YOUR_JWT_TOKEN"# Create organization
curl -X POST https://api.frankauth.com/v1/organizations \
-H "Authorization: Bearer YOUR_JWT_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"name": "Acme Corp",
"slug": "acme-corp"
}'
# Invite user to organization
curl -X POST https://api.frankauth.com/v1/organizations/acme-corp/invitations \
-H "Authorization: Bearer YOUR_JWT_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"email": "newuser@example.com",
"role": "member"
}'- API Documentation - Complete OpenAPI/Swagger docs
- Integration Guide - Step-by-step integration instructions
- Migration Guide - Migrating from other auth providers
- Security Guide - Security best practices
- Compliance Documentation - SOC 2 and other compliance info
- Deployment Guide - Production deployment instructions
frank/
├── cmd/ # Application entrypoints
├── internal/ # Private application code
│ ├── routes/ # API route handlers
│ ├── services/ # Business logic
│ ├── repository/ # Data access layer
│ ├── middleware/ # HTTP middleware
│ └── config/ # Configuration
├── ent/ # Database schema & ORM
├── pkg/ # Public packages
├── migrations/ # Database migrations
├── docs/ # Documentation
└── tests/ # Test files
# Install development dependencies
make dev-deps
# Generate code (Ent ORM, Wire DI)
make generate
# Run tests
make test
# Run tests with coverage
make test-coverage
# Lint code
make lint
# Format code
make fmt
# Start development server with hot reload
make dev
# Build for production
make build
# Run database migrations
make migrate-up
# Rollback migrations
make migrate-down# Run all tests
go test ./...
# Run tests with coverage
go test -cover ./...
# Run integration tests
go test -tags=integration ./tests/integration/...
# Run specific test
go test -run TestUserRegistration ./internal/services/auth/Frank Auth SaaS is designed for production deployment with Docker and Kubernetes support.
# Build production image
docker build -t frank-auth:latest .
# Run with docker-compose
docker-compose -f docker-compose.prod.yml up -d# Apply Kubernetes manifests
kubectl apply -f k8s/
# Check deployment status
kubectl get pods -l app=frank-auth- Development:
configs/config.yaml - Staging:
configs/config.staging.yaml - Production:
configs/config.prod.yaml
Frank Auth SaaS takes security seriously and implements multiple layers of protection:
- Encryption: All data encrypted at rest and in transit
- Password Security: Argon2id hashing with salt
- Rate Limiting: Intelligent request throttling
- Session Security: Secure session management with rotation
- CSRF Protection: Built-in CSRF token validation
- XSS Prevention: Content Security Policy headers
- SQL Injection: Parameterized queries and ORM protection
- SOC 2 Type II: Comprehensive security controls
- GDPR: Data privacy and user rights compliance
- CCPA: California Consumer Privacy Act compliance
- HIPAA: Healthcare data protection (optional module)
We welcome contributions to Frank Auth SaaS! Please see our Contributing Guide for details.
- Fork the repository
- Create a feature branch:
git checkout -b feature/amazing-feature - Make your changes: Implement your feature or fix
- Add tests: Ensure your changes are tested
- Commit your changes:
git commit -m 'Add amazing feature' - Push to the branch:
git push origin feature/amazing-feature - Open a Pull Request: Submit your changes for review
- Follow Go best practices and conventions
- Write comprehensive tests for new features
- Update documentation for user-facing changes
- Use conventional commit messages
- Ensure all CI checks pass
This project is licensed under the MIT License - see the LICENSE file for details.
- GitHub Issues: Report bugs or request features
- GitHub Discussions: Ask questions and share ideas
- Discord: Join our community
For enterprise customers, we offer:
- Priority Support: 24/7 technical support
- Custom Integrations: Tailored solutions for your needs
- Professional Services: Implementation and consulting
- SLA Guarantees: Uptime and response time guarantees
Contact us at enterprise@xraph.com for more information.
Frank Auth SaaS is built on the shoulders of giants. We'd like to thank:
- Huma - Modern HTTP API framework
- Ent - Entity framework for Go
- Chi - Lightweight HTTP router
- Viper - Configuration management
- Zap - Structured logging
- Version: 1.0.0
- Status: Production Ready
- Go Version: 1.21+
- Database: PostgreSQL 14+
- Cache: Redis 6+
- License: MIT
Built with ❤️ by the XRaph team
For more information, visit xraph.com or check out our documentation.