4. Identity & Access Module's ‐ Project Structure - Wiz-DevTech/prettygirllz GitHub Wiki
Here's a detailed breakdown of the Identity & Access Module's project structure with explanations for each component:
🏗️ Project Structure Deep Dive
identity-access/
├── 📁 .github/
│ └── 📁 workflows/
│ └── 🛠️ pipeline.yml # CI/CD configuration
│
├── 📁 config/
│ ├── 🔧 roles.js # RBAC role definitions
│ ├── ⚙️ security.js # Encryption/JWT settings
│ └── 🌐 server.js # HTTP/gRPC server config
│
├── 📁 core/
│ ├── 📁 auth/
│ │ ├── 🔑 authenticator.js # Main auth flow controller
│ │ ├── 📁 strategies/
│ │ │ ├── 🪙 jwt.js # JWT validation logic
│ │ │ └── 🔐 oauth.js # Social login adapters
│ │ └── 🧪 auth.spec.js # Auth unit tests
│ │
│ ├── 📁 authz/
│ │ ├── 🛡️ policy-manager.js # RBAC/ABAC policy engine
│ │ ├── 📝 permission-map.js # Action-to-role mappings
│ │ └── 🧪 authz.spec.js
│ │
│ └── 📁 token/
│ ├── 🪙 token-provider.js # Token generation/refresh
│ └── 🧪 token.spec.js
│
├── 📁 adapters/
│ ├── 📁 http/
│ │ ├── 🚦 auth-router.js # Express/Fastify routes
│ │ ├── 🛡️ rate-limiter.js # API request throttling
│ │ └── ✉️ error-handler.js # Standardized error responses
│ │
│ ├── 📁 grpc/
│ │ ├── 📜 auth.proto # Protocol Buffer schema
│ │ ├── 🔌 server.js # gRPC service implementation
│ │ └── 🧪 grpc.spec.js
│ │
│ └── 📁 database/
│ ├── 🗃️ user-repository.js # MongoDB operations
│ ├── 🗄️ session-store.js # Active session management
│ └── 📁 models/
│ ├── 👤 user.js # User schema + encryption hooks
│ └── 🔑 api-key.js # Service account keys
│
├── 📁 lib/
│ ├── 🔒 encryption.js # AES-256 field encryption
│ ├── 📜 logger.js # Structured logging (JSON)
│ └── 🕵️ audit-trail.js # Security event tracking
│
├── 📄 index.js # Public API facade
├── 📜 Dockerfile # Container build config
├── 📜 README.md # Project documentation
└── 📜 package.json # Dependencies + scripts
🔍 Key File Explanations
-
Core Authentication (
core/auth/)authenticator.js: Main coordinator for:async function login(email, password) { // 1. Validate credentials // 2. Check MFA requirements // 3. Generate tokens // 4. Record audit trail }
-
Database Adapter (
adapters/database/)- Implements encrypted field handling:
// user-repository.js async function createUser(userData) { return { ...userData, email: encrypt(userData.email), ssn: encrypt(userData.ssn), _encryptedFields: ['email', 'ssn'] // Metadata } }
- Implements encrypted field handling:
-
Security Config (
config/security.js)module.exports = { jwt: { algorithm: 'ES256', // ECDSA for better security expiresIn: '1h', issuer: 'identity-access' }, encryption: { keyVersion: 1, // Enables key rotation currentKey: process.env.ENCRYPTION_KEY } }; -
gRPC Adapter (
adapters/grpc/)- Protocol Buffer definition example:
service AuthService { rpc Login (LoginRequest) returns (AuthResponse) { option (google.api.http) = { post: "/v1/login" body: "*" }; } }
- Protocol Buffer definition example:
🧩 Module Interaction Flow
sequenceDiagram
participant Client
participant HTTP
participant gRPC
participant Core
participant DB
Client->>HTTP: POST /login
HTTP->>Core: authenticate()
Core->>DB: getUserByEmail()
DB-->>Core: Encrypted user data
Core->>Core: verifyPassword()
Core->>Core: generateJWT()
Core-->>HTTP: Token
HTTP-->>Client: Set-Cookie
📦 Critical Dependencies
| Package | Purpose | Version |
|---|---|---|
jsonwebtoken |
JWT handling | ^9.0.2 |
bcryptjs |
Password hashing | ^2.4.3 |
mongoose |
MongoDB ODM | ^7.6.0 |
@grpc/grpc-js |
gRPC implementation | ^1.8.0 |
aes-js |
Field encryption | ^3.1.2 |
🛠️ Build Tools
- Testing: Jest + Supertest
- Linting: ESLint + Prettier
- Docs: Swagger for REST, gRPCurl for gRPC
- Monitoring: Prometheus metrics endpoint
This structure follows Clean Architecture principles with:
- Clear separation of concerns
- Framework-independent core
- Testable components
- Secure defaults at every layer