feat: reword phase to epic, update mkdocs
This commit is contained in:
52
docs/content/stories/epic2/README.md
Normal file
52
docs/content/stories/epic2/README.md
Normal file
@@ -0,0 +1,52 @@
|
||||
# Epic 2: Authentication & Authorization
|
||||
|
||||
## Overview
|
||||
Implement complete JWT-based authentication system, build comprehensive identity management with user lifecycle, create role-based access control (RBAC) system, implement authorization middleware and permission checks, add comprehensive audit logging for security compliance, and provide database seeding for initial setup. All core services (Auth, Identity, Authz, Audit) are independent microservices that expose gRPC servers and register with the service registry.
|
||||
|
||||
## Stories
|
||||
|
||||
### 2.1 JWT Authentication System
|
||||
- [Story: 2.1 - JWT Authentication](./2.1-jwt-authentication.md)
|
||||
- **Goal:** Implement a complete JWT-based authentication system with access tokens, refresh tokens, and secure token management.
|
||||
- **Deliverables:** Authentication interfaces, JWT implementation, authentication middleware, login/refresh endpoints
|
||||
|
||||
### 2.2 Identity Management System
|
||||
- [Story: 2.2 - Identity Management](./2.2-identity-management.md)
|
||||
- **Goal:** Build a complete user identity management system with registration, email verification, password management, and user CRUD operations.
|
||||
- **Deliverables:** Identity interfaces, user repository, user service, user management API endpoints
|
||||
|
||||
### 2.3 Role-Based Access Control (RBAC) System
|
||||
- [Story: 2.3 - RBAC System](./2.3-rbac-system.md)
|
||||
- **Goal:** Implement a complete RBAC system with permissions, role management, and authorization middleware.
|
||||
- **Deliverables:** Permission system, permission resolver, authorization system, authorization middleware
|
||||
|
||||
### 2.4 Role Management API
|
||||
- [Story: 2.4 - Role Management](./2.4-role-management.md)
|
||||
- **Goal:** Provide complete API for managing roles, assigning permissions to roles, and assigning roles to users.
|
||||
- **Deliverables:** Role repository, role management API endpoints, authorization and validation
|
||||
|
||||
### 2.5 Audit Logging System
|
||||
- [Story: 2.5 - Audit Logging](./2.5-audit-logging.md)
|
||||
- **Goal:** Implement comprehensive audit logging that records all security-sensitive actions for compliance and security monitoring.
|
||||
- **Deliverables:** Audit interface, audit implementation, audit middleware, audit log query API
|
||||
|
||||
### 2.6 Database Seeding and Initialization
|
||||
- [Story: 2.6 - Database Seeding](./2.6-database-seeding.md)
|
||||
- **Goal:** Provide database seeding functionality to create initial admin user, default roles, and core permissions.
|
||||
- **Deliverables:** Seed script, seed command, integration with application startup
|
||||
|
||||
## Deliverables Checklist
|
||||
- [ ] JWT authentication with access/refresh tokens
|
||||
- [ ] User CRUD with email verification
|
||||
- [ ] Role and permission management
|
||||
- [ ] Authorization middleware
|
||||
- [ ] Audit logging for all actions
|
||||
- [ ] Seed script for initial data
|
||||
|
||||
## Acceptance Criteria
|
||||
- User can register and login
|
||||
- JWT tokens are validated on protected routes
|
||||
- Users without permission get 403
|
||||
- All actions are logged in audit table
|
||||
- Admin can create roles and assign permissions
|
||||
- Integration test: user without permission cannot access protected resource
|
||||
Reference in New Issue
Block a user