Identity & Access Module ‐ Postgresql ‐ ReadMe.md - Wiz-DevTech/prettygirllz GitHub Wiki

Identity & Access Module
CI/CD Pipeline
Coverage Status
License: MIT

A secure authentication and authorization module for PrettyGirlz LLC applications featuring:

PostgreSQL persistence with field-level encryption

JWT authentication strategy

Dual REST/gRPC interfaces

Role-based access control (RBAC)

📦 Installation

# As npm package
npm install @prettygirllz/identity-access

# As Docker container
docker pull prettygirllz/identity-access:latest

# As git submodule
git submodule add https://github.com/prettygirllz/identity-access.git
🔧 Configuration
Create .env file:

```ini
POSTGRES_URI=postgresql://user:password@localhost:5432/db_name
JWT_SECRET=your_secure_key_here
ENCRYPTION_KEY=32_char_encryption_key_here
PORT=3000
GRPC_PORT=50051

🏗️ Module Structure

identity-access/
├── core/                          # Business logic
│   ├── auth/                      # Authentication
│   │   ├── authenticator.js       # Main auth logic
│   │   ├── strategies/            # Auth strategies
│   │   └── auth.spec.js           # Unit tests
│   ├── authz/                     # Authorization
│   │   ├── policy-manager.js      # RBAC/ABAC policies
│   │   └── authz.spec.js
│   └── token/                     # Token service
│       ├── token-provider.js      # JWT tokens
│       └── token.spec.js
├── adapters/                      # External integrations
│   ├── http/                      # REST API
│   ├── grpc/                      # gRPC service
│   └── database/                  # PostgreSQL persistence
├── config/                        # Configuration
├── lib/                           # Shared utilities
└── index.js                       # Public API

🚀 Quick Start

const iam = require('@prettygirllz/identity-access')({
  postgresUri: process.env.POSTGRES_URI,
  jwtSecret: process.env.JWT_SECRET
});

// Express middleware example
app.post('/login', async (req, res) => {
  try {
    const { email, password } = req.body;
    const token = await iam.auth.login(email, password);
    res.json({ token });
  } catch (err) {
    res.status(401).json({ error: err.message });
  }
});

🔐 Security Features
Field-level encryption for sensitive data

Secure JWT implementation with configurable expiration

Password hashing using bcrypt

Automatic CSRF protection

Rate limiting for auth endpoints

📚 API Documentation
REST Endpoints
POST /auth/login – User authentication

POST /auth/register – User registration

GET /auth/me – Get current user info

POST /auth/refresh – Refresh token

gRPC Services
AuthService – Authentication operations

AuthzService – Authorization checks

🧪 Testing

# Unit tests
npm test

# Integration tests (requires PostgreSQL)
npm run test:integration

# Test coverage
npm run coverage

# Security audit
npm audit

🛠️ Development
Clone the repository

Install dependencies: npm install

Start PostgreSQL:

docker-compose up -d postgres
Run dev server: npm run dev

🚀 Deployment
The module includes CI/CD pipelines for:

Automated testing on push

Docker image building

NPM package publishing

Deployment to AWS ECS

📜 License
MIT © [PrettyGirlz LLC](https://prettygirllz.com/)

⚠️ **GitHub.com Fallback** ⚠️