Identity & Access Module (PostgreSQL Version) ReadMe - Wiz-DevTech/prettygirllz GitHub Wiki

Identity & Access Module

CI/CD Pipeline Coverage Status

Reusable authentication/authorization module with:

  • PostgreSQL persistence
  • JWT strategy
  • gRPC/REST interfaces
  • Built-in encryption

๐Ÿ› ๏ธ Implementation

1. PostgreSQL Adapter

// adapters/database/user-repository.js
const { Client } = require('pg');
const bcrypt = require('bcrypt');

class UserRepository {
  constructor({ config, encryption }) {
    this.client = new Client({
      connectionString: config.postgresUri,
      ssl: config.env === 'production'
    });
    this.encryption = encryption;
  }

  async connect() {
    await this.client.connect();
  }

  async findByEmail(email) {
    const encryptedEmail = this.encryption.encrypt(email);
    const res = await this.client.query(
      'SELECT * FROM users WHERE email = $1',
      [encryptedEmail]
    );
    return res.rows[0] ? this._decryptUser(res.rows[0]) : null;
  }

  _decryptUser(user) {
    return {
      ...user,
      email: this.encryption.decrypt(user.email),
      sensitive_data: user.sensitive_data 
        ? this.encryption.decrypt(user.sensitive_data)
        : null
    };
  }

  // ...other CRUD operations with parameterized queries
}

module.exports = (deps) => new UserRepository(deps);
2. JWT Strategy (PostgreSQL Integrated)
javascript
// core/auth/strategies/jwt-strategy.js
const jwt = require('jsonwebtoken');

class JwtStrategy {
  constructor({ config, userRepository }) {
    this.secret = config.jwtSecret;
    this.userRepo = userRepository;
  }

  async verify(token) {
    try {
      const decoded = jwt.verify(token, this.secret);
      const user = await this.userRepo.findById(decoded.sub);
      return { isValid: !!user, credentials: user };
    } catch (err) {
      return { isValid: false };
    }
  }

  generateToken(payload) {
    return jwt.sign(payload, this.secret, { 
      expiresIn: '1h',
      issuer: 'identity-access'
    });
  }
}
๐Ÿš€ CI/CD Pipeline
.github/workflows/pipeline.yml:

yaml
name: CI/CD Pipeline

on: [push, pull_request]

jobs:
  test:
    runs-on: ubuntu-latest
    services:
      postgres:
        image: postgres:15
        env:
          POSTGRES_PASSWORD: postgres
          POSTGRES_DB: testdb
        ports: ["5432:5432"]
        options: >-
          --health-cmd pg_isready
          --health-interval 10s
          --health-timeout 5s
          --health-retries 5
    steps:
      - uses: actions/checkout@v3
      - run: npm install
      - run: npm test
      - name: Coveralls
        uses: coverallsapp/github-action@master
        with:
          github-token: ${{ secrets.GITHUB_TOKEN }}

  deploy:
    needs: test
    runs-on: ubuntu-latest
    if: github.ref == 'refs/heads/main'
    steps:
      - uses: actions/checkout@v3
      - run: npm publish --access public
      - name: Docker Build
        run: docker build -t yourorg/identity-access:${{ github.sha }} .
      - name: Push to Registry
        run: |
          echo "${{ secrets.DOCKER_TOKEN }}" | docker login -u ${{ secrets.DOCKER_USER }} --password-stdin
          docker push yourorg/identity-access:${{ github.sha }}
๐Ÿ“ฆ Installation
bash
npm install @yourorg/identity-access
# or using Docker
docker pull yourorg/identity-access:latest
๐Ÿ”ง Configuration
.env template:

ini
POSTGRES_URI=postgresql://user:password@localhost:5432/dbname
JWT_SECRET=your_secure_key
ENCRYPTION_KEY=32_char_encryption_key
๐Ÿงช Testing
bash
# Unit tests
npm test

# Integration tests (requires PostgreSQL)
npm run test:integration

# Test coverage
npm run coverage
๐Ÿ“š Documentation
[API Reference](https://docs/API.md) | [Architecture Decision Records](https://docs/ADRs)

๐Ÿ” Security Considerations
Enable SSL for PostgreSQL connections in production

Use connection pooling for database access

Store encryption keys in secret manager (AWS SecretsManager, HashiCorp Vault)

Rotate JWT secrets periodically


---

### Key PostgreSQL Implementation Notes:

1. **Database Adapter Features**:
   - Parameterized SQL queries to prevent injection
   - Connection SSL configuration
   - Row-level encryption using pgcrypto extension
   - Transaction support with BEGIN/COMMIT

2. **Performance Enhancements**:
   ```sql
   CREATE INDEX idx_users_email ON users USING hash(email);
   CREATE INDEX idx_users_created_at ON users (created_at);
Schema Management:

sql
CREATE TABLE users (
  id SERIAL PRIMARY KEY,
  email TEXT NOT NULL UNIQUE,
  password_hash TEXT NOT NULL,
  sensitive_data TEXT,
  roles TEXT[],
  created_at TIMESTAMPTZ DEFAULT NOW(),
  updated_at TIMESTAMPTZ DEFAULT NOW()
);
Security Additions:

Database roles with least privilege

Column privileges management

Audit triggers for sensitive operations

CI/CD Improvements:

PostgreSQL health checks in workflow

Schema migration testing

Connection pool stress testing

New Dependencies:

json
"dependencies": {
  "pg": "^8.11.3",
  "pg-connection-string": "^2.5.0",
  "sequelize": "^6.37.1"
}
This implementation maintains all original functionality while leveraging PostgreSQL's relational capabilities, ACID compliance, and advanced security features.