Skip to content
This repository has been archived by the owner on Nov 10, 2023. It is now read-only.

Create a authentication service #8

Merged
merged 25 commits into from
Nov 21, 2022
Merged

Create a authentication service #8

merged 25 commits into from
Nov 21, 2022

Conversation

riflowth
Copy link
Member

@riflowth riflowth commented Nov 12, 2022
edited
Loading

Feature description

What

Allow users to log in with Google and their email & password which have registered on Codern.

Why

We need authentication & authorization to identify a user and grant access to our internal sub-services.

How

Create a new service named auth service to be independently scaled which communicates between API gateway by using gRPC as a transport layer.

The gRPC uses Protocol Buffers behind the screen, so they need the .proto file to define the structure of data to serialize. Beforehand I use the default transport layer of NestJS (TCP). I realized that if we create a new service that not build with NestJS, how do we serialize the NestJS's TCP? Because of that, we must know how NestJS serialize/deserialize data when sending via TCP. It will be easier if we used the standard protocol. So I choose gRRC for that way.

The reason why I choose gRPC for communication between the API gateway and first layer service:
The API gateway is a single entry point for clients to communicate with our services. The gateway needs to pass an incoming request to the sub-service with a synchronous communication strategy to instantly acknowledge the client to know their request has been received and will do the requesting task later and ensure the service is ready to work (I planned to implement circuit breaker soon). In the sub-sequence call, it must use asynchronous message-based communication for scalability and decoupling of our services.

I select session cookie-based with a server-signed signature for the authentication mechanism.
So the malicious request will be rejected by the server before querying the database to check the session, this implementation reduces the latency and database resources. (I planned to cache the session / user in some ways on the future).

When user register, their profile image will be generated with the local version of boring-avatar and saved as an output SVG file into our file storage system (SeaweedFS) with filer API.

The code guidelines and best practices will be added soon.

Todo list (if applicable)

  • Open my computer
  • Create auth service and connect to API gateway with gRPC
  • Create a database schema for auth service
  • Create the internal authorization
  • Caching on API gateway

Checklist

  • Drink juicy beverage when coding ☕️
  • Explained the purpose of this PR
  • Tested on Local machine and verified that there're no visible errors
  • Tested on Staging server and verified that there're no visible errors

Associated Tracking

@riflowth riflowth added type: enhancement New feature or request help wanted Extra attention is needed labels Nov 12, 2022
@riflowth riflowth added this to the v1.0.0-alpha milestone Nov 12, 2022
@riflowth riflowth self-assigned this Nov 12, 2022
@riflowth riflowth changed the title Add Google & Local authentication strategy Create a authentication service Nov 13, 2022
@riflowth riflowth requested review from eltfshr, Porama6400 and XiaoXuxxxx and removed request for eltfshr and Porama6400 November 13, 2022 13:07
@riflowth riflowth closed this Nov 13, 2022
@riflowth riflowth reopened this Nov 13, 2022
@riflowth
Copy link
Member Author

I will do Caching on API gateway later, maybe in the future pull request.
For now, it is ready to merge.

@riflowth riflowth merged commit d8bf43d into main Nov 21, 2022
@riflowth riflowth deleted the feat/auth branch November 21, 2022 11:48
@riflowth riflowth mentioned this pull request Nov 21, 2022
Merged
7 tasks
@riflowth riflowth removed the help wanted Extra attention is needed label Nov 26, 2022
riflowth added a commit that referenced this pull request Nov 28, 2022
@riflowth
Create a authentication service (#8)
b7e6d30 
* docs: add readme

* docs: add pull request template

* feat: add avatar generator from boring-avatar

* build(deps): add package for authentication

* refactor: reforming database schema & proto

* fix: json module and decorator linting issues

* fix: log not transport to console on production

* refactor: use real backend connection

* feat: add google auth

* style: add eslint on `api-types`

* refactor: add grpc error code

* refactor: more consistency controller code style

* fix: wrong date comparing logic

* feat: add working logout button

* fix: wrong logic cause from parameter

* perf: reduce round-trip for get user data

* feat: add `/me` to get authenticated user data

* refactor: add related grpc and error types

* fix(api-types): build issues

* refactor: error handling and exception filter

* refactor: add example env

* feat: add workspace backend service

* refactor: fix auth service grpc port

* refactor: auth logic with nestjs's guard feature
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@XiaoXuxxxx XiaoXuxxxx Awaiting requested review from XiaoXuxxxx

Assignees

@riflowth riflowth

Labels
type: enhancement New feature or request
Projects
None yet
Milestone
v1.0.0-alpha
Development

Successfully merging this pull request may close these issues.

Google Authentication
1 participant
@riflowth