Improve tracing

Reviewed-on: microfilm/mf-users#1

Dockerfile

@@ -1,7 +1,9 @@
 FROM golang:alpine as build
+RUN apk add --no-cache git
 WORKDIR /app
 COPY go.sum /app/go.sum
 COPY go.mod /app/go.mod
+ENV GOPRIVATE=git.t-juice.club
 RUN go mod download
 COPY . /app
 RUN go build -o mf-users cmd/main.go

README.md

@@ -0,0 +1,3 @@
+# mf-users
+
+Users microservice for microfilm.

go.mod

@@ -1,18 +1,40 @@
 module git.t-juice.club/microfilm/users
 
-go 1.21
+go 1.21.3
 
 require (
+	git.t-juice.club/microfilm/auth v0.1.5
 	github.com/go-chi/chi/v5 v5.0.10
 	github.com/google/uuid v1.3.1
 	github.com/nats-io/nats.go v1.31.0
+	github.com/nats-io/nkeys v0.4.5
 	github.com/pelletier/go-toml/v2 v2.1.0
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.45.0
+	go.opentelemetry.io/otel v1.19.0
+	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.19.0
+	go.opentelemetry.io/otel/sdk v1.19.0
 	golang.org/x/crypto v0.14.0
 )
 
 require (
+	github.com/cenkalti/backoff/v4 v4.2.1 // indirect
+	github.com/felixge/httpsnoop v1.0.3 // indirect
+	github.com/go-logr/logr v1.2.4 // indirect
+	github.com/go-logr/stdr v1.2.2 // indirect
+	github.com/golang-jwt/jwt/v5 v5.0.0 // indirect
+	github.com/golang/protobuf v1.5.3 // indirect
+	github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0 // indirect
 	github.com/klauspost/compress v1.17.0 // indirect
-	github.com/nats-io/nkeys v0.4.5 // indirect
 	github.com/nats-io/nuid v1.0.1 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.19.0 // indirect
+	go.opentelemetry.io/otel/metric v1.19.0 // indirect
+	go.opentelemetry.io/otel/trace v1.19.0 // indirect
+	go.opentelemetry.io/proto/otlp v1.0.0 // indirect
+	golang.org/x/net v0.12.0 // indirect
 	golang.org/x/sys v0.13.0 // indirect
+	golang.org/x/text v0.13.0 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20230711160842-782d3b101e98 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20230711160842-782d3b101e98 // indirect
+	google.golang.org/grpc v1.58.2 // indirect
+	google.golang.org/protobuf v1.31.0 // indirect
 )

go.sum

@@ -1,10 +1,33 @@
+git.t-juice.club/microfilm/auth v0.1.5 h1:F3FZ4FDx8DLapRtDQf2jguw3ZPNw70mo6GNeLqLhWzs=
+git.t-juice.club/microfilm/auth v0.1.5/go.mod h1:2ZEYgFNLSMPQO3KdlhEXzsbXLOWlPkrAsgxyZ5I68v4=
+github.com/cenkalti/backoff/v4 v4.2.1 h1:y4OZtCnogmCPw98Zjyt5a6+QwPLGkiQsYW5oUqylYbM=
+github.com/cenkalti/backoff/v4 v4.2.1/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/felixge/httpsnoop v1.0.3 h1:s/nj+GCswXYzN5v2DpNMuMQYe+0DDwt5WVCU6CWBdXk=
+github.com/felixge/httpsnoop v1.0.3/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
 github.com/go-chi/chi/v5 v5.0.10 h1:rLz5avzKpjqxrYwXNfmjkrYYXOyLJd37pz53UFHC6vk=
 github.com/go-chi/chi/v5 v5.0.10/go.mod h1:DslCQbL2OYiznFReuXYUmQ2hGd1aDpCnlMNITLSKoi8=
+github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
+github.com/go-logr/logr v1.2.4 h1:g01GSCwiDw2xSZfjJ2/T9M+S6pFdcNtFYsp+Y43HYDQ=
+github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
+github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
+github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
+github.com/golang-jwt/jwt/v5 v5.0.0 h1:1n1XNM9hk7O9mnQoNBGolZvzebBQ7p93ULHRc28XJUE=
+github.com/golang-jwt/jwt/v5 v5.0.0/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
+github.com/golang/glog v1.1.0 h1:/d3pCKDPWNnvIWe0vVUpNP32qc8U3PDVxySP/y360qE=
+github.com/golang/glog v1.1.0/go.mod h1:pfYeQZ3JWZoXTV5sFc986z3HTpwQs9At6P4ImfuP3NQ=
+github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
+github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg=
+github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
+github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
+github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/uuid v1.3.1 h1:KjJaJ9iWZ3jOFZIf1Lqf4laDRCasjl0BCmnEGxkdLb4=
 github.com/google/uuid v1.3.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0 h1:YBftPWNWd4WwGqtY2yeZL2ef8rHAxPBD8KFhJpmcqms=
+github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0/go.mod h1:YN5jB8ie0yfIUg6VvR9Kz84aCaG7AsGZnLjhHbUqwPg=
 github.com/klauspost/compress v1.17.0 h1:Rnbp4K9EjcDuVuHtd0dgA4qNuv9yKDYKK1ulpJwgrqM=
 github.com/klauspost/compress v1.17.0/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE=
 github.com/nats-io/nats.go v1.31.0 h1:/WFBHEc/dOKBF6qf1TZhrdEfTmOZ5JzdJ+Y3m6Y/p7E=
@@ -24,10 +47,43 @@ github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
 github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.45.0 h1:x8Z78aZx8cOF0+Kkazoc7lwUNMGy0LrzEMxTm4BbTxg=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.45.0/go.mod h1:62CPTSry9QZtOaSsE3tOzhx6LzDhHnXJ6xHeMNNiM6Q=
+go.opentelemetry.io/otel v1.19.0 h1:MuS/TNf4/j4IXsZuJegVzI1cwut7Qc00344rgH7p8bs=
+go.opentelemetry.io/otel v1.19.0/go.mod h1:i0QyjOq3UPoTzff0PJB2N66fb4S0+rSbSB15/oyH9fY=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.19.0 h1:Mne5On7VWdx7omSrSSZvM4Kw7cS7NQkOOmLcgscI51U=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.19.0/go.mod h1:IPtUMKL4O3tH5y+iXVyAXqpAwMuzC1IrxVS81rummfE=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.19.0 h1:IeMeyr1aBvBiPVYihXIaeIZba6b8E1bYp7lbdxK8CQg=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.19.0/go.mod h1:oVdCUtjq9MK9BlS7TtucsQwUcXcymNiEDjgDD2jMtZU=
+go.opentelemetry.io/otel/metric v1.19.0 h1:aTzpGtV0ar9wlV4Sna9sdJyII5jTVJEvKETPiOKwvpE=
+go.opentelemetry.io/otel/metric v1.19.0/go.mod h1:L5rUsV9kM1IxCj1MmSdS+JQAcVm319EUrDVLrt7jqt8=
+go.opentelemetry.io/otel/sdk v1.19.0 h1:6USY6zH+L8uMH8L3t1enZPR3WFEmSTADlqldyHtJi3o=
+go.opentelemetry.io/otel/sdk v1.19.0/go.mod h1:NedEbbS4w3C6zElbLdPJKOpJQOrGUJ+GfzpjUvI0v1A=
+go.opentelemetry.io/otel/trace v1.19.0 h1:DFVQmlVbfVeOuBRrwdtaehRrWiL1JoVs9CPIQ1Dzxpg=
+go.opentelemetry.io/otel/trace v1.19.0/go.mod h1:mfaSyvGyEJEI0nyV2I4qhNQnbBOUUmYZpYojqMnX2vo=
+go.opentelemetry.io/proto/otlp v1.0.0 h1:T0TX0tmXU8a3CbNXzEKGeU5mIVOdf0oykP+u2lIVU/I=
+go.opentelemetry.io/proto/otlp v1.0.0/go.mod h1:Sy6pihPLfYHkr3NkUbEhGHFhINUSI/v80hjKIs5JXpM=
 golang.org/x/crypto v0.14.0 h1:wBqGXzWJW6m1XrIKlAH0Hs1JJ7+9KBwnIO8v66Q9cHc=
 golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4=
+golang.org/x/net v0.12.0 h1:cfawfvKITfUsFCeJIHJrbSxpeu/E81khclypR0GVT50=
+golang.org/x/net v0.12.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA=
 golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE=
 golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k=
+golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
+golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+google.golang.org/genproto v0.0.0-20230711160842-782d3b101e98 h1:Z0hjGZePRE0ZBWotvtrwxFNrNE9CUAGtplaDK5NNI/g=
+google.golang.org/genproto v0.0.0-20230711160842-782d3b101e98/go.mod h1:S7mY02OqCJTD0E1OiQy1F72PWFB4bZJ87cAtLPYgDR0=
+google.golang.org/genproto/googleapis/api v0.0.0-20230711160842-782d3b101e98 h1:FmF5cCW94Ij59cfpoLiwTgodWmm60eEV0CjlsVg2fuw=
+google.golang.org/genproto/googleapis/api v0.0.0-20230711160842-782d3b101e98/go.mod h1:rsr7RhLuwsDKL7RmgDDCUc6yaGr1iqceVb5Wv6f6YvQ=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20230711160842-782d3b101e98 h1:bVf09lpb+OJbByTj913DRJioFFAjf/ZGxEz7MajTp2U=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20230711160842-782d3b101e98/go.mod h1:TUfxEVdsvPg18p6AslUXFoLdpED4oBnGwyqk3dV1XzM=
+google.golang.org/grpc v1.58.2 h1:SXUpjxeVF3FKrTYQI4f4KvbGD5u2xccdYdurwowix5I=
+google.golang.org/grpc v1.58.2/go.mod h1:tgX3ZQDlNJGU96V6yHh1T/JeoBQ2TXdr43YbYSsCJk0=
+google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
+google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
+google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8=
+google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=

mf-users.toml

@@ -1,3 +1,6 @@
 ListenAddr = ":8080"
-NATSAddr = "nats:4222"
+[NATS]
-NATSSubject = "microfilm.users.v1"
+Enabled = true
+Addr = "nats://nats1:4222,nats://nats2:4222,nats://nats3:4222"
+NKeySeed = "SUAOUHJPINF4CK6TSNZMRR5G4DKGW5S76XRNIYURPEISNMWXJIXSVWIO7Y"
+Subject = "microfilm.users.v1"

model.go

@@ -5,6 +5,7 @@ import "golang.org/x/crypto/bcrypt"
 type User struct {
 	ID             string `json:"id"`
 	Username       string `json:"username"`
+	Role           string `json:"role"`
 	HashedPassword []byte `json:"-"`
 }
 
@@ -35,6 +36,7 @@ type ErrorResponse struct {
 type CreateUserRequest struct {
 	Username string `json:"username"`
 	Password string `json:"password"`
+	Role     string `json:"role"`
 }
 
 type CreateUserResponse struct {

server/config.go

@@ -7,9 +7,15 @@ import (
 )
 
 type Config struct {
-	ListenAddr  string `toml:"ListenAddr"`
+	ListenAddr string      `toml:"ListenAddr"`
-	NATSAddr    string `toml:"NATSAddr"`
+	NATS       *NATSConfig `toml:"NATS"`
-	NATSSubject string `toml:"NATSSubject"`
+}
+
+type NATSConfig struct {
+	Enabled  bool   `toml:"Enabled"`
+	NKeySeed string `toml:"NKeySeed"`
+	Addr     string `toml:"Addr"`
+	Subject  string `toml:"Subject"`
 }
 
 func ConfigFromReader(r io.Reader) (*Config, error) {

server/middleware.go

@@ -0,0 +1,36 @@
+package server
+
+import (
+	"fmt"
+	"net/http"
+	"time"
+
+	"github.com/go-chi/chi/v5/middleware"
+	"go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp"
+)
+
+func (s *UserServer) MiddlewareLogging(next http.Handler) http.Handler {
+	fn := func(w http.ResponseWriter, r *http.Request) {
+		ww := middleware.NewWrapResponseWriter(w, r.ProtoMajor)
+
+		t1 := time.Now()
+		defer func(ww middleware.WrapResponseWriter) {
+			s.Logger.Info("Served request.",
+				"status", ww.Status(),
+				"method", r.Method,
+				"path", r.URL.Path,
+				"duration", time.Since(t1),
+				"written", ww.BytesWritten())
+		}(ww)
+		next.ServeHTTP(ww, r)
+	}
+	return http.HandlerFunc(fn)
+}
+
+func (s *UserServer) MiddlewareTracing(next http.Handler) http.Handler {
+	fn := func(w http.ResponseWriter, r *http.Request) {
+		h := otelhttp.NewHandler(next, fmt.Sprintf("%s %s", r.Method, r.URL.Path))
+		h.ServeHTTP(w, r)
+	}
+	return http.HandlerFunc(fn)
+}

server/server.go

@@ -2,17 +2,28 @@ package server
 
 import (
 	"bytes"
+	"context"
 	"encoding/json"
 	"fmt"
 	"log/slog"
 	"net/http"
 	"os"
+	"time"
 
+	"git.t-juice.club/microfilm/auth"
+	"git.t-juice.club/microfilm/auth/authmw"
 	"git.t-juice.club/microfilm/users"
 	"git.t-juice.club/microfilm/users/store"
 	"github.com/go-chi/chi/v5"
 	"github.com/google/uuid"
 	"github.com/nats-io/nats.go"
+	"github.com/nats-io/nkeys"
+	"go.opentelemetry.io/otel"
+	"go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp"
+	"go.opentelemetry.io/otel/propagation"
+	"go.opentelemetry.io/otel/sdk/resource"
+	sdktrace "go.opentelemetry.io/otel/sdk/trace"
+	semconv "go.opentelemetry.io/otel/semconv/v1.21.0"
 )
 
 type UserServer struct {
@@ -20,35 +31,100 @@ type UserServer struct {
 	store  store.UserStore
 	config *Config
 	nats   *nats.Conn
-	logger *slog.Logger
+	Logger *slog.Logger
 }
 
 func NewServer(config *Config) (*UserServer, error) {
 	r := chi.NewRouter()
 	srv := &UserServer{}
+
+	tp, err := tracerProvider("jaeger:4318")
+	if err != nil {
+		return nil, err
+	}
+	otel.SetTracerProvider(tp)
+
 	srv.config = config
 
-	srv.logger = slog.New(slog.NewTextHandler(os.Stdout, &slog.HandlerOptions{
+	srv.Logger = slog.New(slog.NewTextHandler(os.Stdout, &slog.HandlerOptions{
 		Level: slog.LevelDebug,
 	}))
 
-	r.Get("/", InfoHandler)
+	r.Use(srv.MiddlewareLogging)
-	r.Post("/users", srv.CreateUserHandler)
+	r.Use(srv.MiddlewareTracing)
-	r.Post("/users/:id/password", srv.SetPasswordHandler)
+
+	verifyAdmin := authmw.VerifyToken("http://mf-auth:8082", []string{auth.RoleAdmin})
+
+	r.Get("/info", InfoHandler)
+	r.With(verifyAdmin).Post("/", srv.CreateUserHandler)
+	r.Get("/{identifier}", srv.GetUserHandler)
+	r.Post("/{identifier}/password", srv.SetPasswordHandler)
+	r.Post("/{identifier}/verify", srv.VerifyHandler)
 
 	srv.Addr = config.ListenAddr
 
 	srv.Handler = r
 	srv.store = store.NewMemoryStore()
 
-	conn, err := nats.Connect(config.NATSAddr)
+	// Add initial admin-user
+	u := users.User{
+		ID:       uuid.Must(uuid.NewRandom()).String(),
+		Username: "admin",
+		Role:     "admin",
+	}
+	// TODO: Use random pw
+	// password := uuid.Must(uuid.NewRandom()).String()
+	password := "admin"
+	_ = u.SetPassword(password)
+	_ = srv.store.AddUser(u)
+
+	srv.Logger.Warn("Initial admin-user created.", "username", u.Username, "password", password)
+
+	if config.NATS.Enabled {
+		var opts []nats.Option
+		if config.NATS.NKeySeed != "" {
+			keys, err := nkeys.FromSeed([]byte(config.NATS.NKeySeed))
+			if err != nil {
+				return nil, err
+			}
+			pubkey, err := keys.PublicKey()
+			if err != nil {
+				return nil, err
+			}
+			srv.Logger.Debug("NATS enabled with NKeys", "pubkey", pubkey)
+			creds := nats.Nkey(pubkey, keys.Sign)
+			opts = append(opts, creds)
+		}
+
+		conn, err := nats.Connect(config.NATS.Addr, opts...)
+		if err != nil {
+			return nil, err
+		}
+
+		srv.nats = conn
+	}
+
+	return srv, nil
+}
+
+func tracerProvider(url string) (*sdktrace.TracerProvider, error) {
+	exp, err := otlptracehttp.New(context.Background(), otlptracehttp.WithEndpoint(url), otlptracehttp.WithInsecure())
 	if err != nil {
 		return nil, err
 	}
 
-	srv.nats = conn
+	res := resource.NewWithAttributes(semconv.SchemaURL,
+		semconv.ServiceName("mf-users"),
+		semconv.ServiceVersion(users.Version),
+	)
+	tp := sdktrace.NewTracerProvider(
+		sdktrace.WithBatcher(exp, sdktrace.WithBatchTimeout(time.Second)),
+		sdktrace.WithResource(res),
+	)
+	otel.SetTracerProvider(tp)
+	otel.SetTextMapPropagator(propagation.NewCompositeTextMapPropagator(propagation.TraceContext{}, propagation.Baggage{}))
 
-	return srv, nil
+	return tp, nil
 }
 
 func InfoHandler(w http.ResponseWriter, r *http.Request) {
@@ -62,8 +138,9 @@ func InfoHandler(w http.ResponseWriter, r *http.Request) {
 }
 
 func WriteError(w http.ResponseWriter, response users.ErrorResponse) {
-	encoder := json.NewEncoder(w)
 	w.WriteHeader(response.Status)
+
+	encoder := json.NewEncoder(w)
 	_ = encoder.Encode(&response)
 }
 
@@ -96,7 +173,7 @@ func (s *UserServer) CreateUserHandler(w http.ResponseWriter, r *http.Request) {
 	}
 
 	if err := s.store.AddUser(u); err != nil {
-		s.logger.Warn("Error storing user", "error", err)
+		s.Logger.Warn("Error storing user", "error", err)
 		WriteError(w, users.ErrorResponse{
 			Status:  http.StatusInternalServerError,
 			Message: fmt.Sprintf("Error storing user: %s", err),
@@ -105,7 +182,7 @@ func (s *UserServer) CreateUserHandler(w http.ResponseWriter, r *http.Request) {
 	}
 
 	// Message
-	sub := fmt.Sprintf("%s.%s", s.config.NATSSubject, "create")
+	sub := fmt.Sprintf("%s.%s", s.config.NATS.Subject, "create")
 
 	var buf bytes.Buffer
 	msg := &users.MsgUserCreate{
@@ -115,10 +192,10 @@ func (s *UserServer) CreateUserHandler(w http.ResponseWriter, r *http.Request) {
 	encoder := json.NewEncoder(&buf)
 	_ = encoder.Encode(&msg)
 	if err := s.nats.Publish(sub, buf.Bytes()); err != nil {
-		s.logger.Warn("Error publishing message", "error", err)
+		s.Logger.Warn("Error publishing message", "error", err)
 	}
 
-	s.logger.Info("User created.", "username", u.Username, "id", u.ID)
+	s.Logger.Info("User created.", "username", u.Username, "id", u.ID)
 
 	response := &users.CreateUserResponse{
 		Message: "User created.",
@@ -129,6 +206,29 @@ func (s *UserServer) CreateUserHandler(w http.ResponseWriter, r *http.Request) {
 	_ = encoder.Encode(&response)
 }
 
+func (s *UserServer) GetUserHandler(w http.ResponseWriter, r *http.Request) {
+	identifier := chi.URLParam(r, "identifier")
+	u, err := s.store.GetUser(identifier)
+	if err != nil {
+		switch err {
+		case store.ErrNoSuchUser:
+			WriteError(w, users.ErrorResponse{
+				Message: fmt.Sprintf("No such user: %s", identifier),
+				Status:  http.StatusNotFound,
+			})
+			return
+		}
+		WriteError(w, users.ErrorResponse{
+			Message: fmt.Sprintf("Unable to get user: %s", err),
+			Status:  http.StatusInternalServerError,
+		})
+		return
+	}
+
+	encoder := json.NewEncoder(w)
+	_ = encoder.Encode(&u)
+}
+
 func (s *UserServer) SetPasswordHandler(w http.ResponseWriter, r *http.Request) {
 	decoder := json.NewDecoder(r.Body)
 	defer r.Body.Close()
@@ -143,12 +243,13 @@ func (s *UserServer) SetPasswordHandler(w http.ResponseWriter, r *http.Request)
 		return
 	}
 
-	id := chi.URLParam(r, "id")
+	id := chi.URLParam(r, "identifier")
 	if id == "" {
 		WriteError(w, users.ErrorResponse{
 			Status:  http.StatusBadRequest,
 			Message: fmt.Sprintf("Invalid user ID: %s", id),
 		})
+		return
 	}
 
 	u, err := s.store.GetUser(id)
@@ -174,33 +275,39 @@ func (s *UserServer) SetPasswordHandler(w http.ResponseWriter, r *http.Request)
 			Status:  http.StatusBadRequest,
 			Message: fmt.Sprintf("Unable to set password: %s", id),
 		})
+		return
 	}
 
 	if err := s.store.UpdateUser(u); err != nil {
-		s.logger.Warn("Unable to update user.", "id", u.ID, "error", err)
+		s.Logger.Warn("Unable to update user.", "id", u.ID, "error", err)
 		WriteError(w, users.ErrorResponse{
 			Status:  http.StatusInternalServerError,
 			Message: fmt.Sprintf("Unable to set password: %s", id),
 		})
+		return
 	}
 
-	sub := fmt.Sprintf("%s.%s", s.config.NATSSubject, "update")
+	sub := fmt.Sprintf("%s.%s", s.config.NATS.Subject, "update")
 	var buf bytes.Buffer
 	encoder := json.NewEncoder(&buf)
 	_ = encoder.Encode(&users.MsgUserUpdate{Message: "Password updated", ID: u.ID})
 
 	if err := s.nats.Publish(sub, buf.Bytes()); err != nil {
-		s.logger.Warn("Error publishing message", "error", err)
+		s.Logger.Warn("Error publishing message", "error", err)
 	}
-	s.logger.Info("User password updated.", "id", u.ID)
+	s.Logger.Info("User password updated.", "id", u.ID)
 }
 
 func (s *UserServer) VerifyHandler(w http.ResponseWriter, r *http.Request) {
+	_, span := otel.GetTracerProvider().Tracer("").Start(r.Context(), "Verify password")
+	defer span.End()
+
 	decoder := json.NewDecoder(r.Body)
 	defer r.Body.Close()
 
 	var request users.VerifyRequest
 
+	span.AddEvent("Start decoding request")
 	if err := decoder.Decode(&request); err != nil {
 		WriteError(w, users.ErrorResponse{
 			Status:  http.StatusBadRequest,
@@ -209,14 +316,16 @@ func (s *UserServer) VerifyHandler(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	id := chi.URLParam(r, "id")
+	id := chi.URLParam(r, "identifier")
 	if id == "" {
 		WriteError(w, users.ErrorResponse{
 			Status:  http.StatusBadRequest,
 			Message: fmt.Sprintf("Invalid user ID: %s", id),
 		})
+		return
 	}
 
+	span.AddEvent("Fetch user")
 	u, err := s.store.GetUser(id)
 	if err != nil {
 		msg := fmt.Sprintf("Server error: %s", err)
@@ -235,11 +344,15 @@ func (s *UserServer) VerifyHandler(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	span.AddEvent("Verify password")
 	err = u.ComparePassword(request.Password)
 	if err != nil {
 		WriteError(w, users.ErrorResponse{
 			Status:  http.StatusUnauthorized,
 			Message: "Password verification failed.",
 		})
+		return
 	}
+	span.AddEvent("Write response")
+	w.WriteHeader(http.StatusOK)
 }

store/memory.go

@@ -51,9 +51,16 @@ func (s *MemoryStore) UpdateUser(u users.User) error {
 	return nil
 }
 
-func (s *MemoryStore) GetUser(id string) (users.User, error) {
+func (s *MemoryStore) GetUser(identifier string) (users.User, error) {
-	u, ok := s.Users[id]
+	u, ok := s.Users[identifier]
 	if !ok {
+		// Check if identifier is username
+		for _, u := range s.Users {
+			if u.Username == identifier {
+				return u, nil
+			}
+		}
+
 		return u, ErrNoSuchUser
 	}
 

store/store.go

@@ -6,5 +6,5 @@ type UserStore interface {
 	AddUser(users.User) error
 	DeleteUser(id string) error
 	UpdateUser(users.User) error
-	GetUser(id string) (users.User, error)
+	GetUser(identifier string) (users.User, error)
 }

version.go

@@ -1,3 +1,3 @@
 package users
 
-const Version = "v0.1.0"
+const Version = "v0.1.3"