Identity & Access Module (PostgreSQL Version) - Wiz-DevTech/prettygirllz GitHub Wiki

πŸ—οΈ Project Structure Deep Dive (PostgreSQL Version)

Copy
Download
identity-access/
β”œβ”€β”€ πŸ“ .github/
β”‚   └── πŸ“ workflows/
β”‚       └── πŸ› οΈ pipeline.yml          # CI/CD configuration
β”‚
β”œβ”€β”€ πŸ“ config/
β”‚   β”œβ”€β”€ πŸ”§ roles.js                 # RBAC role definitions
β”‚   β”œβ”€β”€ βš™οΈ security.js             # Encryption/JWT settings
β”‚   └── 🌐 server.js               # HTTP/gRPC server config
β”‚
β”œβ”€β”€ πŸ“ core/
β”‚   β”œβ”€β”€ πŸ“ auth/
β”‚   β”‚   β”œβ”€β”€ πŸ”‘ authenticator.js     # Main auth flow controller
β”‚   β”‚   β”œβ”€β”€ πŸ“ strategies/
β”‚   β”‚   β”‚   β”œβ”€β”€ πŸͺ™ jwt.js          # JWT validation logic
β”‚   β”‚   β”‚   └── πŸ” oauth.js        # Social login adapters
β”‚   β”‚   └── πŸ§ͺ auth.spec.js        # Auth unit tests
β”‚   β”‚
β”‚   β”œβ”€β”€ πŸ“ authz/
β”‚   β”‚   β”œβ”€β”€ πŸ›‘οΈ policy-manager.js   # RBAC/ABAC policy engine
β”‚   β”‚   β”œβ”€β”€ πŸ“ permission-map.js   # Action-to-role mappings
β”‚   β”‚   └── πŸ§ͺ authz.spec.js
β”‚   β”‚
β”‚   └── πŸ“ token/
β”‚       β”œβ”€β”€ πŸͺ™ token-provider.js   # Token generation/refresh
β”‚       └── πŸ§ͺ token.spec.js
β”‚
β”œβ”€β”€ πŸ“ adapters/
β”‚   β”œβ”€β”€ πŸ“ http/
β”‚   β”‚   β”œβ”€β”€ 🚦 auth-router.js      # Express/Fastify routes
β”‚   β”‚   β”œβ”€β”€ πŸ›‘οΈ rate-limiter.js    # API request throttling
β”‚   β”‚   └── βœ‰οΈ error-handler.js   # Standardized error responses
β”‚   β”‚
β”‚   β”œβ”€β”€ πŸ“ grpc/
β”‚   β”‚   β”œβ”€β”€ πŸ“œ auth.proto         # Protocol Buffer schema
β”‚   β”‚   β”œβ”€β”€ πŸ”Œ server.js         # gRPC service implementation
β”‚   β”‚   └── πŸ§ͺ grpc.spec.js
β”‚   β”‚
β”‚   └── πŸ“ database/
β”‚       β”œβ”€β”€ πŸ—ƒοΈ user-repository.js # PostgreSQL operations
β”‚       β”œβ”€β”€ πŸ—„οΈ session-store.js  # Active session management
β”‚       └── πŸ“ models/
β”‚           β”œβ”€β”€ πŸ‘€ user.js        # Sequelize model + encryption hooks
β”‚           └── πŸ”‘ api-key.js     # Service account keys
β”‚
β”œβ”€β”€ πŸ“ lib/
β”‚   β”œβ”€β”€ πŸ”’ encryption.js          # AES-256 field encryption
β”‚   β”œβ”€β”€ πŸ“œ logger.js              # Structured logging (JSON)
β”‚   └── πŸ•΅οΈ audit-trail.js        # Security event tracking
β”‚
β”œβ”€β”€ πŸ“„ index.js                   # Public API facade
β”œβ”€β”€ πŸ“œ Dockerfile                 # Container build config
β”œβ”€β”€ πŸ“œ README.md                  # Project documentation
└── πŸ“œ package.json               # Dependencies + scripts

πŸ” Key File Explanations (Updated for PostgreSQL)

  1. Core Authentication (core/auth/)

    • authenticator.js now uses PostgreSQL-aware queries:

      javascript
      Copy
      Download
      async function login(email, password) {
  // Uses Sequelize-style queries
  const user = await User.findOne({ 
    where: { email: encryptedEmail },
    paranoid: true // For soft-delete
  });
}

  2. Database Adapter (adapters/database/)

    • Updated with Sequelize models and transactions:

      javascript
      Copy
      Download
      // user-repository.js
async function createUser(userData) {
  return sequelize.transaction(async (t) => {
    return User.create({
      ...userData,
      email: encrypt(userData.email),
      ssn: encrypt(userData.ssn)
    }, { transaction: t });
  });
}

  3. Security Config (config/security.js)

    javascript
    Copy
    Download
    module.exports = {
  database: {
    dialect: 'postgres',
    ssl: process.env.NODE_ENV === 'production'
  },
  // Rest remains same
};

  4. gRPC Adapter remains unchanged as it's database-agnostic

🧩 Updated Module Interaction Flow

Diagram
Code
Download
DBCoregRPCHTTPClientDBCoregRPCHTTPClientPOST /loginauthenticate()findUserByEmail()Decrypted user dataverifyPassword()generateJWT()TokenSet-Cookie

πŸ“¦ Updated Critical Dependencies

Package | Purpose | Version -- | -- | -- jsonwebtoken | JWT handling | ^9.0.2 bcryptjs | Password hashing | ^2.4.3 sequelize | PostgreSQL ORM | ^6.37.1 pg | PostgreSQL driver | ^8.11.3 @grpc/grpc-js | gRPC implementation | ^1.8.0 aes-js | Field encryption | ^3.1.2

Key Changes Summary:

  1. Database Layer Overhaul

    • Replaced Mongoose with Sequelize ORM

    • Updated all repository patterns to use PostgreSQL-compatible queries

    • Implemented transaction support using Sequelize

    • Added paranoid deletion (soft-delete) capabilities

  2. Model Updates

    javascript
    Copy
    Download
    // user.js (Sequelize model)
module.exports = (sequelize, DataTypes) => {
  return sequelize.define('User', {
    email: {
      type: DataTypes.TEXT,
      allowNull: false,
      set(value) {
        this.setDataValue('email', encrypt(value));
      },
      get() {
        return decrypt(this.getDataValue('email'));
      }
    },
    // ... other fields
  }, {
    paranoid: true,
    indexes: [{ unique: true, fields: ['email'] }]
  });
};

  3. Session Management

    • Replaced MongoDB session store with PostgreSQL-compatible solution

    • Added connection pooling configuration

    javascript
    Copy
    Download
    // database.js
const sequelize = new Sequelize(process.env.POSTGRES_URI, {
  pool: {
    max: 5,
    min: 0,
    acquire: 30000,
    idle: 10000
  },
  dialectOptions: process.env.NODE_ENV === 'production' ? {
    ssl: { require: true }
  } : {}
});

  4. Testing Updates

    • Changed integration tests to use PostgreSQL test containers

    • Added transaction rollback in test teardowns

    javascript
    Copy
    Download
    describe('Auth Service', () => {
  let transaction;

    beforeEach(async () => {
transaction = await sequelize.transaction();
});
    

    afterEach(async () => {
await transaction.rollback();
});
});

  5. New Security Features

    • Added SSL support for production database connections

    • Implemented column-level encryption using Sequelize hooks

    • Added index optimizations for frequently queried fields

This structure maintains all original functionality while leveraging PostgreSQL's strengths like transactions, ACID compliance, and advanced indexing capabilities. The migration from document-based storage to relational structure enables better data integrity and complex query support.

⚠️ **GitHub.com Fallback** ⚠️