Refactor project structure and fix issues #60 and #67 (#70)

* Refactor project structure and fix issues #60 and #67

- Reorganized code into cmd/ and internal/ directories following Go best practices
- Split authentication logic into separate modules (claims, middleware, validator)
- Extracted configuration into dedicated config package
- Moved API handlers into separate handlers package
- Updated dependencies and build configurations
- Fixed issue #67: Added CORS support with WithValidateOnOptions(false) to allow OPTIONS preflight requests
- Fixed issue #60: Added comprehensive setup documentation for RBAC and M2M permissions
- Added screenshots showing Auth0 Dashboard configuration steps
- Updated README with detailed instructions to prevent empty permissions array

Closes #60
Closes #67

* Migrate from CircleCI to GitHub Actions

- Added GitHub Actions workflow for automated testing
- Uses ubuntu-20.04 runner with Go 1.24 and Node.js 20
- Clones latest test scripts from main branch
- Removed CircleCI configuration
- Removed semgrep workflow
- Maintains same test coverage with modern CI/CD platform

* Add pull request template

* Switch to ubuntu-latest runner for better availability

* Refactor CI workflow to build and start Docker image for API tests

* Add 01-Quickstart-Go-API with modern structure and test both versions

- Created new 01-Quickstart-Go-API folder with refactored code using Go 1.24 and v3 SDK
- Reverted 01-Authorization-RS256 to original state for backward compatibility
- Updated GitHub Actions workflow to test both samples independently
- Fixed all module paths and import references in new folder
- Added CORS support with WithValidateOnOptions(false)
- Enhanced RBAC documentation with setup screenshots
- Updated .gitignore and dependabot.yml for dual-folder structure
- Removed 'Available Samples' section from main README

* Fix port mapping for legacy sample (3010 vs 8080)

Author: developerkunal

.circleci/config.yml

@@ -0,0 +1,42 @@
+<!--
+❗ For general support or usage questions, use the Auth0 Community forums or raise a support ticket.
+
+By submitting a pull request to this repository, you agree to the terms within the Auth0 Code of Conduct: https://github.com/auth0/open-source-template/blob/master/CODE-OF-CONDUCT.md.
+-->
+
+### 🔧 Changes
+
+<!--
+Describe both what is changing and why this is important. Include:
+
+- Types and methods added, deleted, deprecated, or changed
+- A summary of usage if this is a new feature or a change to a public API
+-->
+
+### 📚 References
+
+<!--
+Add relevant links supporting this change, such as:
+
+- GitHub issue/PR number addressed or fixed
+- Auth0 Community post
+- StackOverflow answer
+- Related pull requests/issues from other repositories
+
+If there are no references, simply delete this section.
+-->
+
+### 🔬 Testing
+
+<!--
+Describe how this can be tested by reviewers. Be specific about anything not tested and why. Include any manual steps for testing end-to-end, or for testing functionality not covered by unit tests.
+-->
+
+### 📝 Checklist
+
+- [ ] All new/changed/fixed functionality is covered by tests (or N/A)
+- [ ] I have added documentation for all new/changed functionality (or N/A)
+
+<!--
+❗ All the above items are required. Pull requests with an incomplete or missing checklist will be closed.
+-->

.github/PULL_REQUEST_TEMPLATE.md

@@ -1,10 +1,19 @@
 version: 2
 updates:
+  - package-ecosystem: "gomod"
+    directory: "/01-Authorization-RS256"
+    schedule:
+      interval: "daily"
+    ignore:
+      - dependency-name: "*"
+        update-types:
+          ["version-update:semver-major", "version-update:semver-patch"]
 
-  - package-ecosystem: "gomod" 
-    directory: "/01-Authorization-RS256" 
+  - package-ecosystem: "gomod"
+    directory: "/01-Quickstart-Go-API"
     schedule:
       interval: "daily"
     ignore:
       - dependency-name: "*"
-        update-types: ["version-update:semver-major", "version-update:semver-patch"]
+        update-types:
+          ["version-update:semver-major", "version-update:semver-patch"]

.github/dependabot.yml

@@ -0,0 +1,170 @@
+name: API Tests
+
+on:
+  push:
+    branches: [master, main]
+  pull_request:
+    branches: [master, main]
+
+jobs:
+  test-01-authorization-rs256:
+    runs-on: ubuntu-latest
+
+    env:
+      AUTH0_CFG: 01-Authorization-RS256
+      SAMPLE_PATH: 01-Authorization-RS256
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: "1.19"
+
+      - name: Set up Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: "20"
+
+      - name: Clone test scripts
+        run: git clone --depth 1 https://github.com/auth0-samples/api-quickstarts-tests test
+
+      - name: Prepare environment variables
+        env:
+          AUTH0_DOMAIN: ${{ secrets.AUTH0_DOMAIN }}
+          API_IDENTIFIER: ${{ secrets.API_IDENTIFIER }}
+        run: |
+          cd $AUTH0_CFG
+          mv .env.example .env
+          sed -i 's|{DOMAIN}|'$AUTH0_DOMAIN'|g' .env
+          sed -i 's|{API_IDENTIFIER}|'$API_IDENTIFIER'|g' .env
+
+      - name: Install Go dependencies
+        run: cd $AUTH0_CFG && go mod download
+
+      - name: Build Docker image
+        run: cd $AUTH0_CFG && docker build -t auth0-golang-api .
+
+      - name: Start server in detached mode
+        run: cd $AUTH0_CFG && docker run -d --env-file .env -p 3010:3010 auth0-golang-api
+
+      - name: Wait for server to be ready
+        run: |
+          sleep 3
+          until $(curl --silent --head --output /dev/null --fail http://localhost:3010/api/public); do
+            echo "Waiting for server to start..."
+            sleep 5
+          done
+
+      - name: Prepare test environment
+        env:
+          AUTH0_DOMAIN: ${{ secrets.AUTH0_DOMAIN }}
+          API_IDENTIFIER: ${{ secrets.API_IDENTIFIER }}
+          CLIENT_ID_SCOPES_NONE: ${{ secrets.CLIENT_ID_SCOPES_NONE }}
+          CLIENT_SECRET_SCOPES_NONE: ${{ secrets.CLIENT_SECRET_SCOPES_NONE }}
+          CLIENT_ID_SCOPES_READ: ${{ secrets.CLIENT_ID_SCOPES_READ }}
+          CLIENT_SECRET_SCOPES_READ: ${{ secrets.CLIENT_SECRET_SCOPES_READ }}
+          CLIENT_ID_SCOPES_WRITE: ${{ secrets.CLIENT_ID_SCOPES_WRITE }}
+          CLIENT_SECRET_SCOPES_WRITE: ${{ secrets.CLIENT_SECRET_SCOPES_WRITE }}
+          CLIENT_ID_SCOPES_READWRITE: ${{ secrets.CLIENT_ID_SCOPES_READWRITE }}
+          CLIENT_SECRET_SCOPES_READWRITE: ${{ secrets.CLIENT_SECRET_SCOPES_READWRITE }}
+        run: |
+          cd test
+          echo "AUTH0_DOMAIN=$AUTH0_DOMAIN" >> .env
+          echo "API_IDENTIFIER=$API_IDENTIFIER" >> .env
+          echo "AUTH0_CLIENT_ID_1=$CLIENT_ID_SCOPES_NONE" >> .env
+          echo "AUTH0_CLIENT_SECRET_1=$CLIENT_SECRET_SCOPES_NONE" >> .env
+          echo "AUTH0_CLIENT_ID_2=$CLIENT_ID_SCOPES_READ" >> .env
+          echo "AUTH0_CLIENT_SECRET_2=$CLIENT_SECRET_SCOPES_READ" >> .env
+          echo "AUTH0_CLIENT_ID_3=$CLIENT_ID_SCOPES_WRITE" >> .env
+          echo "AUTH0_CLIENT_SECRET_3=$CLIENT_SECRET_SCOPES_WRITE" >> .env
+          echo "AUTH0_CLIENT_ID_4=$CLIENT_ID_SCOPES_READWRITE" >> .env
+          echo "AUTH0_CLIENT_SECRET_4=$CLIENT_SECRET_SCOPES_READWRITE" >> .env
+          echo "API_URL=http://localhost:3010" >> .env
+          npm install
+
+      - name: Run automated tests
+        run: cd test && npm test
+
+  test-01-quickstart-go-api:
+    runs-on: ubuntu-latest
+
+    env:
+      AUTH0_CFG: 01-Quickstart-Go-API
+      SAMPLE_PATH: 01-Quickstart-Go-API
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: "1.24"
+
+      - name: Set up Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: "20"
+
+      - name: Clone test scripts
+        run: git clone --depth 1 https://github.com/auth0-samples/api-quickstarts-tests test
+
+      - name: Prepare environment variables
+        env:
+          AUTH0_DOMAIN: ${{ secrets.AUTH0_DOMAIN }}
+          API_IDENTIFIER: ${{ secrets.API_IDENTIFIER }}
+        run: |
+          cd $AUTH0_CFG
+          mv .env.example .env
+          sed -i 's|{DOMAIN}|'$AUTH0_DOMAIN'|g' .env
+          sed -i 's|{API_IDENTIFIER}|'$API_IDENTIFIER'|g' .env
+
+      - name: Install Go dependencies
+        run: cd $AUTH0_CFG && go mod download
+
+      - name: Build Docker image
+        run: cd $AUTH0_CFG && docker build -t auth0-golang-api .
+
+      - name: Start server in detached mode
+        run: cd $AUTH0_CFG && docker run -d --env-file .env -p 8080:8080 auth0-golang-api
+
+      - name: Wait for server to be ready
+        run: |
+          sleep 3
+          until $(curl --silent --head --output /dev/null --fail http://localhost:8080/api/public); do
+            echo "Waiting for server to start..."
+            sleep 5
+          done
+
+      - name: Prepare test environment
+        env:
+          AUTH0_DOMAIN: ${{ secrets.AUTH0_DOMAIN }}
+          API_IDENTIFIER: ${{ secrets.API_IDENTIFIER }}
+          CLIENT_ID_SCOPES_NONE: ${{ secrets.CLIENT_ID_SCOPES_NONE }}
+          CLIENT_SECRET_SCOPES_NONE: ${{ secrets.CLIENT_SECRET_SCOPES_NONE }}
+          CLIENT_ID_SCOPES_READ: ${{ secrets.CLIENT_ID_SCOPES_READ }}
+          CLIENT_SECRET_SCOPES_READ: ${{ secrets.CLIENT_SECRET_SCOPES_READ }}
+          CLIENT_ID_SCOPES_WRITE: ${{ secrets.CLIENT_ID_SCOPES_WRITE }}
+          CLIENT_SECRET_SCOPES_WRITE: ${{ secrets.CLIENT_SECRET_SCOPES_WRITE }}
+          CLIENT_ID_SCOPES_READWRITE: ${{ secrets.CLIENT_ID_SCOPES_READWRITE }}
+          CLIENT_SECRET_SCOPES_READWRITE: ${{ secrets.CLIENT_SECRET_SCOPES_READWRITE }}
+        run: |
+          cd test
+          echo "AUTH0_DOMAIN=$AUTH0_DOMAIN" >> .env
+          echo "API_IDENTIFIER=$API_IDENTIFIER" >> .env
+          echo "AUTH0_CLIENT_ID_1=$CLIENT_ID_SCOPES_NONE" >> .env
+          echo "AUTH0_CLIENT_SECRET_1=$CLIENT_SECRET_SCOPES_NONE" >> .env
+          echo "AUTH0_CLIENT_ID_2=$CLIENT_ID_SCOPES_READ" >> .env
+          echo "AUTH0_CLIENT_SECRET_2=$CLIENT_SECRET_SCOPES_READ" >> .env
+          echo "AUTH0_CLIENT_ID_3=$CLIENT_ID_SCOPES_WRITE" >> .env
+          echo "AUTH0_CLIENT_SECRET_3=$CLIENT_SECRET_SCOPES_WRITE" >> .env
+          echo "AUTH0_CLIENT_ID_4=$CLIENT_ID_SCOPES_READWRITE" >> .env
+          echo "AUTH0_CLIENT_SECRET_4=$CLIENT_SECRET_SCOPES_READWRITE" >> .env
+          echo "API_URL=http://localhost:8080" >> .env
+          npm install
+
+      - name: Run automated tests
+        run: cd test && npm test

.github/workflows/semgrep.yml

@@ -1,3 +1,5 @@
 .DS_Store
 01-Authorization-RS256/.env
 01-Authorization-RS256/vendor/
+01-Quickstart-Go-API/.env
+01-Quickstart-Go-API/vendor/

.github/workflows/test.yml

@@ -0,0 +1,3 @@
+README.md
+exec.sh
+exec.ps1

.gitignore

@@ -0,0 +1,2 @@
+AUTH0_DOMAIN={DOMAIN}
+AUTH0_AUDIENCE={API_IDENTIFIER}

01-Quickstart-Go-API/.dockerignore

@@ -0,0 +1,23 @@
+FROM golang:1.24-alpine
+
+# Install git
+RUN apk --update add \
+        git openssl \
+        && rm /var/cache/apk/*
+
+# Define current working directory
+WORKDIR /01-Quickstart-Go-API
+
+# Download modules to local cache so we can skip re-
+# downloading on consecutive docker build commands
+COPY go.mod .
+COPY go.sum .
+RUN go mod download
+
+# Add sources
+COPY . .
+
+# Expose port 8080 for our api binary
+EXPOSE 8080
+
+CMD ["go", "run", "cmd/server/main.go"]