A secure, flexible, rapid Go web framework


A secure, flexible, rapid Go web framework

Visit aah's official website https://aahframework.org to learn more

Build Status Code Coverage Go Report Card Release Version Godoc Twitter @aahframework


  • v0.12.3 released and tagged on Feb 06, 2019.
  • v0.12.2 released and tagged on Dec 13, 2018.
  • v0.12.0 released and tagged on Dec 02, 2018.
  • v0.11.4 released and tagged on Aug 27, 2018.

Stargazers over time

Stargazers over time


aah aims to provide necessary components to build modern Web, API and WebSocket applications. aah framework is secure, rapid and extensible. It takes full care of infrastructure, boilerplate code, repetitive activities, reusable components, etc.

aah is feature packed framework with nature of micro framework.

Have a look at the aah features to know the benefits of using aah and it is very well documented.

  • Truly easy to use and configuration driven.
  • Security aware framework, secure session, CSRF prevention, XSS prevention, authentication, authorization, etc.
  • Build powerful end-user product and ship it.
  • Extensible at module level. If not, then immediately raise an issue.
  • Highly maintainable, reduced delivery time, shines with application growth.
  • Steadily maturing framework and the feature-sets are getting enhanced release by release.

aah's initial stable version 0.5.0 was released on May 19, 2017.

  • Binary resource packaging

    Binary resource packaging

    Can there be an option at build time to package resources (views, css,js,img and config) into the executable for easy one file deployment?

    There are numerous packaging libraries/applications available:

    • https://github.com/gobuffalo/packr
    • https://github.com/GeertJohan/go.rice
    • https://github.com/go-bindata/go-bindata

    to name but a few.


    • [x] Feature implemented, available on edge - command is aah build --single or aah b -s
    • [x] Documentation
    feature cli-tool aah 
    opened by pharrisee 20
  • REST API with Generic Auth tutorial?

    REST API with Generic Auth tutorial?


    I cannot create new tag on stackoverflow. And I'm not pretty sure if I can ask question here.

    I really like this project structure and everything you guys have integrated like Authentication & Authorization.

    I'm new to Go. I trying to make a blog with rest api server. What should I do to get the token when using Generic Auth. Make a POST Request to /login route and what should I write in the controller?

      "username": "demo",
      "password": "demo"

    By the way if I want to use gorm for my project. How should I structure my aah project. I don't want to mess everything up :)


    opened by kieusonlam 20
  • template authenticated bug fix

    template authenticated bug fix

    func (ctx *LoginController) Login() {
          ctx.Session().IsAuthenticated = true
    func (ctx *LoginController) Logout() {
       ctx.Session().IsAuthenticated = false
    {{ if isauthenticated . }}
      <a href="/logout">Logout</a>
    {{ end }}

    IsAuthenticated = false; show logout option ?

    bug aah 
    opened by ghost 14
  • Choosing Feature, Enhancement for v0.9 iteration

    Choosing Feature, Enhancement for v0.9 iteration

    I would like to get aah users inputs before starting the v0.9 iteration development. Please have a look roadmap and share your input.

    I'm thinking of:

    Enhancements (planning to pick 2 items)

    • Adding password encoders scrypt, pbkdf2 for authentication
      • Not decided yet for these two sha, md5
    • Context based logger enhancement and fields
    • HTTP -> HTTPS redirects support

    Features (planning to pick 2 items)

    • TestSuite for integration test case and function test case
    • Websocket Module
    • Server Sent Events (SSE) Module
    • Validation Module
    • CSRF

    Also if anyone interested in contributing, please pick an area, besides my number. So that v0.9 release will have more things 4+.

    Please post input via comments and thumps up for that comment.

    interaction community 
    opened by jeevatkm 12
  • Envprofile auto-set in all console commands

    Envprofile auto-set in all console commands

    Envprofile should be transmitted automatically, somehow, to all Console commands.

    This way we can avoid adding

                Name:  "envprofile, e", // long and short posix flag name
                Value: aah.App().Config().StringDefault("env.active", "dev"),           // default flag value
                Usage: "Environment profile name to activate (e.g: dev, prod)",

    to every command.

    The commands are part of the built binary, so it makes sense to have the envprofile in all commands as well.

    A solution would be to append the EnvProfile StringFlag to Flags, when the command is added in init.

    enhancement lib-console 
    opened by radutopala 11
  • [v0.10] wildcard route ':country_id' conflicts with existing edges in path '/country/:country_id/edit'

    [v0.10] wildcard route ':country_id' conflicts with existing edges in path '/country/:country_id/edit'


    I'm trying to make a "Restful Web" and I followed the documentation to do these End-Points:

    • List Countries - GET /country
    • Show Create Form - GET /country/create
    • Create Country - POST /country
    • Get Country - GET /country/:country_id
    • Show Country Edit Form - GET /country/:country_id/edit
    • Update Country - PUT /country/:country_id
    • Delete Country - DELETE /country/:country_id

    But I can't make it right, here is my routes:

    domains {
      localhost {
        static {
          # ..
        routes {
            # ..
            index {
                # ..
                path = "/country"
                controller = "CountryController"
                   path = "/"
                        path = "/create"
                        action = "Create"
                        action = "Store"
                        method = "POST"
                        path = "/:country_id"
                                action = "Show"
                                path = "/edit"
                                action = "Edit"
                                method = "PUT"
                                method = "Delete"
        } # end - routes
      } # end - localhost
    } # end - domains

    And here is my controller:

    package controllers
    import (
    // CountryController struct application controller
    type CountryController struct {
    // Index method is country list page.
    func (a *CountryController) Index() {
    	a.Reply().Ok().Text("Country Index Page")
    // Create method is a form to create new country record page.
    func (a *CountryController) Create() {
    	a.Reply().Ok().Text("Country Create Page")
    // Store method is country create record.
    func (a *CountryController) Store() {
    	a.Reply().Ok().Text("Country Store Page")
    // Show method is country one record page.
    func (a *CountryController) Show() {
    	a.Reply().Ok().Text("Country Show Page")
    // Edit method is country edit form record page.
    func (a *CountryController) Edit() {
    	a.Reply().Ok().Text("Country Edit Page")
    // Update method is country to do update record page.
    func (a *CountryController) Update() {
    	a.Reply().Ok().Text("Country Update Page")
    // Delete method is country to delete record.
    func (a *CountryController) Delete() {
    	a.Reply().Ok().Text("Country Delete Page")

    What I did wrong?


    opened by vzool 11
  • Dynamic Subdomain - Routes Configuration

    Dynamic Subdomain - Routes Configuration

    localhost { host = "localhost,,a.com" ? } admin_localhost { host = "admin.localhost" }

    How can I support multiple domain names?

    Thank you!

    support documentation 
    opened by ghost 11
  • Support for partials

    Support for partials

    It will be good to have support for partial templates. As far as I can, at this moment, you can only include templates from "common" folder which is good but It's not enough in a large web application.

    Need to be able to do something like this:

    {{ partial("users/form.html") }}

    Right now I'm just duplicating code because I don't want to put all the partials inside common folder since those templates only makes sense in user context and I will not use them anywhere else.


    • [x] Implementation
    • [x] Documentation
    feature lib-view 
    opened by vcraescu 10
  • Add Custom Render Support via Reply

    Add Custom Render Support via Reply

    Add custom render support via Reply. So that aah user can implement interface aah.Render and supply it as custom render.

    Classic real time usage is JSON API response - https://github.com/google/jsonapi.


    Sample 1

    // CustomRender implements the interface `aah.Render`.
    type CustomRender struct {
        // ... your fields goes here
    func (cr *CustomRender) Render(w io.Writer) error {
        // implement your rendering
        fmt.Fprint(w, "This is custom render struct")
        return nil
    // Using it via Reply()
        // your fields initialize goes here

    Sample 2

    	Render(aah.RenderFunc(func(w io.Writer) error {
    		// implement your rendering
    		fmt.Fprint(w, "This is custom render func")
    		return nil
    enhancement aah 
    opened by jeevatkm 10
  • Possibility of directory traversal vulnerability on Static File delivery

    Possibility of directory traversal vulnerability on Static File delivery

    On Reddit user epiris reported the possibility of directory traversal vulnerability on Static File delivery.

    I have analyzed the issue and pointers from epiris. aah framework uses http.Dir internally for serving directory listing. http.Dir has checks for Dot-Dot, \ path separator and \x00 char to prevent directory traversal vulnerability.

    However it is good to place the check at framework before processing an incoming directory listing request.

    Thanks to epiris for taking out his time.

    Note: Static file/directory delivery scenario's protected by http.Dir.

    ~~Note: As per framework design, this issue possibility is only applicable to directory listing, not for static file serve. Since static file config is defined by application user in the routes.conf. aah framework will not entertaint any request if the definition doesn't match from routes.conf.~~

    opened by jeevatkm 10
  • Hot reload does not detect changes

    Hot reload does not detect changes


    I'm using a docker image to fire up aah framework https://hub.docker.com/_/golang/ but hot reload not always detect the changes. This is my Dockerfile:

    FROM golang:1.11
    RUN go get -u aahframework.org/tools.v0/aah
    WORKDIR /go/src/github.com/foobar/foobar
    COPY . .
    RUN go get -d -v ./...
    RUN go install -v ./... || true
    CMD ["aah", "run"]

    This is very frustrating and I can't figure out why is that happening. Makes developing a cumbersome especially when I do some refactoring cause I don't know If I did broke something or just the old code running. I have to restart the container from time to time to be sure I'm running the latest changes.

    I'm using aah version 0.11 on a Linux machine:

     Version:           18.06.1-ce
     API version:       1.38
     Go version:        go1.11
     Git commit:        e68fc7a215
     Built:             Fri Sep  7 11:26:59 2018
     OS/Arch:           linux/amd64
     Experimental:      false
      Version:          18.06.1-ce
      API version:      1.38 (minimum version 1.12)
      Go version:       go1.11
      Git commit:       e68fc7a215
      Built:            Fri Sep  7 11:26:11 2018
      OS/Arch:          linux/amd64
      Experimental:     false


    bug enhancement cli-tool 
    opened by vcraescu 9
  • Support Go Mod

    Support Go Mod

    hi I get a new aah project instance and run go mod init to add Go Module to the project after I run aah run I get

                           aah framework v
    # Report improvements/bugs at https://aahframework.org/issues #
    FATAL Given import path '' does not exist
    go: finding module for package aahframework.org/aah.v0
    go: found aahframework.org/aah.v0 in aahframework.org/aah.v0 v0.12.5
    go: aahframework.org/aah.v0: aahframework.org/[email protected]: parsing go.mod:
    	module declares its path as: aahframe.work
    	        but was required as: aahframework.org/aah.v0
    opened by sagadsalem 1
  • Flash messages are not deleted after read

    Flash messages are not deleted after read

    What version of aah are you using (aah --version)?

    aah v0.12.2 cli v0.13.4 go v1.13.7

    Does this issue reproduce with the latest release?


    What operating system are you using (such as macOS, Linux and Windows)?

    macOS, Linux

    What did you do?

    In controller:

    c.Session().SetFlash("error", "Some error message")

    In view:

    {{ flash . "error" }}

    What did you expect to see?

    I expect to get the flash message only once but when I refresh the page the flash message is still present in the session.

    What did you see instead?

    The flash message should be removed from the session if it is read once. It is removed from memory but it is not removed from file session.

    opened by vcraescu 5
  • Notification to aah users :)

    Notification to aah users :)

    Hello aah users -

    Thank you for using aah framework.

    I want to keep you informed about the upcoming aah directions and goals. Also, I would like to convey my apologies for the unexpected in-activeness that happened in aah development due to my day work priorities and commitments.

    I want to bring the following improvements and changes in aah framework direction.

    • Performing foundation level improvements and organizing the modules with Dependency Injection (DI)
    • Optimize, streamline aah code generations for aah user codebase
    • Planning to do frequent releases after v0.14.0 release and engaging with user feedback. I know this is going to be a challenging one, but I'm going to aim for it
    • Make aah further modular and publish aah developer documentations. Encouraging contributors and creating minimal entry path to contribute. It sparked from aah health module contribution by @adrianlop.

    I'm going to make v0.13.0 release as soon as possible with currently completed enhancements, catch up few issues and bug fixes.

    I am aiming to release v0.14.0 anytime before the end of the year.

    I'm looking forward to your support and co-operation.

    ~ Jeeva

    opened by jeevatkm 2
  • Expose an aah TestServer for aah users to thoroughly test aah applications

    Expose an aah TestServer for aah users to thoroughly test aah applications

    hi @jeevatkm, it might be nice to have a package in aah with testing tools/functions, for example to initialize an aah server/app so the aah users are able to test controller methods, etc

    opened by adrianlop 0
  • Add pluggable component for health check feature

    Add pluggable component for health check feature

    The goal is to create a pluggable component for health check feature in aah.



    • Create a go library
      • Repo: https://github.com/go-aah/ec-healthcheck-provider - created, ready to use
      • Go Vanity for release: aahframe.work/ec/healthcheck - yet to be done
    • Spec:
      • Provide an interface for implementing health check reporter
        • interface method func Check() error
      • Provide a method to create new health check component
      • Provide methods to add one or more health check reporter into health check registry with or without interval duration to call
        • e.g.: hc.AddReporter(healthcheck.Config{/* report name, implementation based on above interface, duration, skip on error, etc... */})
      • Provide a method to register controller and route for the aah application (by domain name if multiple domains application)
        • For non-Kubernetes - accept URL relative path for the route - returns the response payload with status code
        • For Kubernetes - to add liveness and readiness endpoints (accept URL relative path for the route for both endpoints) - return only status code with empty body since Kubernetes only cares about status code
    • Status Codes for response
      • 200 OK if every registered health checker/reporter returns nil
      • 503 Service Unavailable if any registered checker/reporter return non-nil except skip on error

    Sample response payload (a conceptual idea, yet to be finalized)

    	"status": "OK", // OK or Service Unavailable
    	"timestamp": "RFC3339 or ISO 8061", // yet to be decided
    	"reportname": bool, // true or false, this line will be repeated for all registered health checker/reporter
    opened by jeevatkm 3
  • v0.12.5(Mar 4, 2020)

  • v0.12.4(Mar 3, 2020)

  • v0.12.3(Feb 7, 2019)

  • v0.12.2(Dec 13, 2018)


    Bug Fixes

    • Fixed - the router when static doesn't match then use param/wild node from parent node #228
    • Fixed - External config file load issue in cmd run --config file #226
    • http header names canonicalized and code quality updates goreport, etc
    Source code(tar.gz)
    Source code(zip)
  • v0.12.1(Dec 8, 2018)


    • VFS path handling fix and improvement
    • forge library version update to v0.7.0

    Release Notes


    I appreciate your feedback, thank you 😄

    Source code(tar.gz)
    Source code(zip)
  • v0.12.0(Dec 2, 2018)

  • v0.11.4(Aug 28, 2018)

  • v0.11.3(Aug 18, 2018)

  • v0.11.2(Jul 28, 2018)

  • v0.11.1(Jul 22, 2018)

  • v0.11.0(Jul 7, 2018)

  • v0.10.1(Apr 24, 2018)

  • v0.10(Mar 29, 2018)

  • v0.9(Oct 4, 2017)

  • v0.8(Sep 1, 2017)

  • v0.7(Aug 1, 2017)

  • v0.6(Jun 7, 2017)

  • v0.5.1(May 21, 2017)

  • v0.5(May 19, 2017)

    This is first public release, changelog is just for reference:

    • #34 let's encrpyt certs support added
    • #35 pidfile and config values
    • #40 added configuration to disable HTTP/2
    • #41 adding support overriding viewarg via aah.Data
    • Per request gzip disable option
    • isauthenticated tmpl func added
    • Added SubscribeEventf method
    • Sanatize values for tmpl funcs
    • Added app build info to viewargs
    • Derive locale from lang query param if present
    • IsAJAX value into viewargs
    Source code(tar.gz)
    Source code(zip)
  • v0.4(Apr 15, 2017)


    • #15 exposed keepalive and max header bytes size server properties
    • #10 onafterreply server extension point added and decorated methods seturl and setmethod added to context
    • #13 cookie method added to reply builder and test case update
    • #16 added gzip response with configurable level
    • #19 expanding possibilities - handler, handlerfunc to aah middleware
    • #21 unique request id implemented
    • #17 pool size value made configurable
    • #23 onshutdown event added
    • #23 listening signals, go1.8 grace shutdown and publish shutdown event
    • #20 session and session store is done
    • #25 view library is extensible
    • #29 migrated session lib into security lib
    • Code improvements
    Source code(tar.gz)
    Source code(zip)
  • v0.3(Mar 24, 2017)



    • #6 Controllers Namespace with Sub Package support added
    • #12 Event Publisher/Emitter added
    • #10 Expose Request & Response Lifecycle as server extension points - OnInit, OnStart, OnRequest, OnPreReply
    • #9 Abort support for middleware, action and intercepters added
    • #8 Redirect support on Reply interface added


    • #7 List config value is not returned when profile is enabled
    Source code(tar.gz)
    Source code(zip)
  • v0.2(Mar 8, 2017)

  • v0.1(Feb 12, 2017)

    This is initial pre-release of aah framework.

    Actively working towards better, flexible and production-ready framework for Go in Web and API space. Working on website and framework documentation.

    Stay tuned on twitter - Follow @aahframework

    Source code(tar.gz)
    Source code(zip)
aah framework
A secure, flexible, rapid Go web framework
aah framework
Rapid Web Development w/ Go

Buffalo A Go web development eco-system, designed to make your project easier. Buffalo helps you to generate a web project that already has everything

Buffalo - The Go Web Eco-System 6.9k Aug 4, 2022
Flamingo Framework and Core Library. Flamingo is a go based framework for pluggable web projects. It is used to build scalable and maintainable (web)applications.

Flamingo Framework Flamingo is a web framework based on Go. It is designed to build pluggable and maintainable web projects. It is production ready, f

Flamingo 305 Aug 4, 2022
Golanger Web Framework is a lightweight framework for writing web applications in Go.

/* Copyright 2013 Golanger.com. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except

golanger 299 Mar 3, 2022
The jin is a simplified version of the gin web framework that can help you quickly understand the core principles of a web framework.

jin About The jin is a simplified version of the gin web framework that can help you quickly understand the core principles of a web framework. If thi

null 8 Jul 14, 2022
Flexible E-Commerce Framework on top of Flamingo. Used to build E-Commerce "Portals" and connect it with the help of individual Adapters to other services.

Flamingo Commerce With "Flamingo Commerce" you get your toolkit for building fast and flexible commerce experience applications. A demoshop using the

Flamingo 338 Aug 4, 2022
Headless CMS with automatic JSON API. Featuring auto-HTTPS from Let's Encrypt, HTTP/2 Server Push, and flexible server framework written in Go.

Ponzu Watch the video introduction Ponzu is a powerful and efficient open-source HTTP server framework and CMS. It provides automatic, free, and secur

Ponzu 5.5k Jul 30, 2022
⚡ Rux is an simple and fast web framework. support middleware, compatible http.Handler interface. 简单且快速的 Go web 框架,支持中间件,兼容 http.Handler 接口

Rux Simple and fast web framework for build golang HTTP applications. NOTICE: v1.3.x is not fully compatible with v1.2.x version Fast route match, sup

Gookit 81 Jul 20, 2022
henrylee2cn 1.6k Jul 27, 2022
Roche is a Code Generator and Web Framework, makes web development super concise with Go, CleanArch

It is still under development, so please do not use it. We plan to release v.1.0.0 in the summer. roche is a web framework optimized for microservice

Riita 15 May 21, 2022
A powerful go web framework for highly scalable and resource efficient web application

webfr A powerful go web framework for highly scalable and resource efficient web application Installation: go get -u github.com/krishpranav/webfr Exa

Krisna Pranav 13 Nov 28, 2021
A powerful go web framework for highly scalable and resource efficient web application

A powerful go web framework for highly scalable and resource efficient web application

null 21 May 25, 2022
A web app built using Go Buffalo web framework

Welcome to Buffalo Thank you for choosing Buffalo for your web development needs. Database Setup It looks like you chose to set up your application us

Mike Okoth 0 Feb 7, 2022
laravel for golang,goal,fullstack framework,api framework

laravel for golang,goal,fullstack framework,api framework

桥边红药 17 Feb 24, 2022
Gin is a HTTP web framework written in Go (Golang).

Gin is a HTTP web framework written in Go (Golang). It features a Martini-like API with much better performance -- up to 40 times faster. If you need smashing performance, get yourself some Gin.

Gin-Gonic 61.7k Aug 7, 2022
An ideally refined web framework for Go.

Air An ideally refined web framework for Go. High-performance? Fastest? Almost all web frameworks are using these words to tell people that they are t

Aofei Sheng 417 Jul 3, 2022
An opinionated productive web framework that helps scaling business easier.

appy An opinionated productive web framework that helps scaling business easier, i.e. focus on monolith first, only move to microservices with GRPC la

appist 124 Aug 3, 2022
BANjO is a simple web framework written in Go (golang)

BANjO banjo it's a simple web framework for building simple web applications Install $ go get github.com/nsheremet/banjo Example Usage Simple Web App

Nazarii Sheremet 19 Jan 24, 2022
beego is an open-source, high-performance web framework for the Go programming language.

Beego Beego is used for rapid development of enterprise application in Go, including RESTful APIs, web apps and backend services. It is inspired by To

astaxie 498 Aug 2, 2022
High performance, minimalist Go web framework

Supported Go versions As of version 4.0.0, Echo is available as a Go module. Therefore a Go version capable of understanding /vN suffixed imports is r

LabStack LLC 23k Aug 4, 2022