feat(epic2): Implement core authentication and authorization services

- Implement Audit Service (2.5) - gRPC server with Record and Query operations - Database persistence with audit schema - Service registry integration - Entry point: cmd/audit-service - Implement Identity Service (2.2) - User CRUD operations - Password hashing with argon2id - Email verification and password reset flows - Entry point: cmd/identity-service - Fix package naming conflicts in user_service.go - Implement Auth Service (2.1) - JWT token generation and validation - Login, RefreshToken, ValidateToken, Logout RPCs - Integration with Identity Service - Entry point: cmd/auth-service - Note: RefreshToken entity needs Ent generation - Implement Authz Service (2.3, 2.4) - Permission checking and authorization - User roles and permissions retrieval - RBAC-based authorization - Entry point: cmd/authz-service - Implement gRPC clients for all services - Auth, Identity, Authz, and Audit clients - Service discovery integration - Full gRPC communication - Add service configurations to config/default.yaml - Create SUMMARY.md with implementation details and testing instructions - Fix compilation errors in Identity Service (password package conflicts) - All services build successfully and tests pass
2025-11-06 20:07:20 +01:00
parent da7a4e3703
commit b1b895e818
91 changed files with 19502 additions and 375 deletions
--- a/internal/ent/auditlog.go
+++ b/internal/ent/auditlog.go
@@ -19,11 +19,17 @@ type AuditLog struct {
 	// ID of the ent.
 	ID string `json:"id,omitempty"`
 	// ID of the user/actor performing the action
-	ActorID string `json:"actor_id,omitempty"`
-	// Action performed (e.g., create, update, delete)
+	UserID string `json:"user_id,omitempty"`
+	// Action performed (e.g., user.create, user.update)
 	Action string `json:"action,omitempty"`
+	// Resource type (e.g., user, role)
+	Resource string `json:"resource,omitempty"`
 	// ID of the target resource
-	TargetID string `json:"target_id,omitempty"`
+	ResourceID string `json:"resource_id,omitempty"`
+	// IP address of the client
+	IPAddress string `json:"ip_address,omitempty"`
+	// User agent of the client
+	UserAgent string `json:"user_agent,omitempty"`
 	// Additional metadata as JSON
 	Metadata map[string]interface{} `json:"metadata,omitempty"`
 	// Timestamp holds the value of the "timestamp" field.
@@ -38,7 +44,7 @@ func (*AuditLog) scanValues(columns []string) ([]any, error) {
 		switch columns[i] {
 		case auditlog.FieldMetadata:
 			values[i] = new([]byte)
-		case auditlog.FieldID, auditlog.FieldActorID, auditlog.FieldAction, auditlog.FieldTargetID:
+		case auditlog.FieldID, auditlog.FieldUserID, auditlog.FieldAction, auditlog.FieldResource, auditlog.FieldResourceID, auditlog.FieldIPAddress, auditlog.FieldUserAgent:
 			values[i] = new(sql.NullString)
 		case auditlog.FieldTimestamp:
 			values[i] = new(sql.NullTime)
@@ -63,11 +69,11 @@ func (_m *AuditLog) assignValues(columns []string, values []any) error {
 			} else if value.Valid {
 				_m.ID = value.String
 			}
-		case auditlog.FieldActorID:
+		case auditlog.FieldUserID:
 			if value, ok := values[i].(*sql.NullString); !ok {
-				return fmt.Errorf("unexpected type %T for field actor_id", values[i])
+				return fmt.Errorf("unexpected type %T for field user_id", values[i])
 			} else if value.Valid {
-				_m.ActorID = value.String
+				_m.UserID = value.String
 			}
 		case auditlog.FieldAction:
 			if value, ok := values[i].(*sql.NullString); !ok {
@@ -75,11 +81,29 @@ func (_m *AuditLog) assignValues(columns []string, values []any) error {
 			} else if value.Valid {
 				_m.Action = value.String
 			}
-		case auditlog.FieldTargetID:
+		case auditlog.FieldResource:
 			if value, ok := values[i].(*sql.NullString); !ok {
-				return fmt.Errorf("unexpected type %T for field target_id", values[i])
+				return fmt.Errorf("unexpected type %T for field resource", values[i])
 			} else if value.Valid {
-				_m.TargetID = value.String
+				_m.Resource = value.String
+			}
+		case auditlog.FieldResourceID:
+			if value, ok := values[i].(*sql.NullString); !ok {
+				return fmt.Errorf("unexpected type %T for field resource_id", values[i])
+			} else if value.Valid {
+				_m.ResourceID = value.String
+			}
+		case auditlog.FieldIPAddress:
+			if value, ok := values[i].(*sql.NullString); !ok {
+				return fmt.Errorf("unexpected type %T for field ip_address", values[i])
+			} else if value.Valid {
+				_m.IPAddress = value.String
+			}
+		case auditlog.FieldUserAgent:
+			if value, ok := values[i].(*sql.NullString); !ok {
+				return fmt.Errorf("unexpected type %T for field user_agent", values[i])
+			} else if value.Valid {
+				_m.UserAgent = value.String
 			}
 		case auditlog.FieldMetadata:
 			if value, ok := values[i].(*[]byte); !ok {
@@ -131,14 +155,23 @@ func (_m *AuditLog) String() string {
 	var builder strings.Builder
 	builder.WriteString("AuditLog(")
 	builder.WriteString(fmt.Sprintf("id=%v, ", _m.ID))
-	builder.WriteString("actor_id=")
-	builder.WriteString(_m.ActorID)
+	builder.WriteString("user_id=")
+	builder.WriteString(_m.UserID)
 	builder.WriteString(", ")
 	builder.WriteString("action=")
 	builder.WriteString(_m.Action)
 	builder.WriteString(", ")
-	builder.WriteString("target_id=")
-	builder.WriteString(_m.TargetID)
+	builder.WriteString("resource=")
+	builder.WriteString(_m.Resource)
+	builder.WriteString(", ")
+	builder.WriteString("resource_id=")
+	builder.WriteString(_m.ResourceID)
+	builder.WriteString(", ")
+	builder.WriteString("ip_address=")
+	builder.WriteString(_m.IPAddress)
+	builder.WriteString(", ")
+	builder.WriteString("user_agent=")
+	builder.WriteString(_m.UserAgent)
 	builder.WriteString(", ")
 	builder.WriteString("metadata=")
 	builder.WriteString(fmt.Sprintf("%v", _m.Metadata))