- Add VerifyPassword RPC to Identity Service
- Added to proto file and generated code
- Implemented in Identity Service gRPC server
- Added to Identity Service client interface and gRPC client
- Complete RefreshToken implementation
- Store refresh tokens in database using RefreshToken entity
- Validate refresh tokens with expiration checking
- Revoke refresh tokens on logout and token rotation
- Integrate Authz Service for role retrieval
- Added AuthzServiceClient to Auth Service
- Get user roles during login and token refresh
- Gracefully handle Authz Service failures
- Require JWT secret in configuration
- Removed default secret fallback
- Service fails to start if JWT secret is not configured
- Fix Consul health checks for Docker
- Services now register with Docker service names (e.g., audit-service)
- Allows Consul (in Docker) to reach services via Docker DNS
- Health checks use gRPC service names instead of localhost
This completes all TODOs in auth_service_fx.go and fixes the Consul
health check failures in Docker environments.
- Implement Audit Service (2.5)
- gRPC server with Record and Query operations
- Database persistence with audit schema
- Service registry integration
- Entry point: cmd/audit-service
- Implement Identity Service (2.2)
- User CRUD operations
- Password hashing with argon2id
- Email verification and password reset flows
- Entry point: cmd/identity-service
- Fix package naming conflicts in user_service.go
- Implement Auth Service (2.1)
- JWT token generation and validation
- Login, RefreshToken, ValidateToken, Logout RPCs
- Integration with Identity Service
- Entry point: cmd/auth-service
- Note: RefreshToken entity needs Ent generation
- Implement Authz Service (2.3, 2.4)
- Permission checking and authorization
- User roles and permissions retrieval
- RBAC-based authorization
- Entry point: cmd/authz-service
- Implement gRPC clients for all services
- Auth, Identity, Authz, and Audit clients
- Service discovery integration
- Full gRPC communication
- Add service configurations to config/default.yaml
- Create SUMMARY.md with implementation details and testing instructions
- Fix compilation errors in Identity Service (password package conflicts)
- All services build successfully and tests pass
Implemented Epic 1 core kernel and infrastructure stories:
Story 1.1: Enhanced DI Container
- Added providers for database, health, metrics, and error bus
- Extended CoreModule to include all core services
Story 1.2: Database Layer with Ent ORM
- Created Ent schema for User, Role, Permission, AuditLog entities
- Implemented many-to-many relationships (User-Role, Role-Permission)
- Created database client wrapper with connection pooling
- Added database provider to DI container with migration support
Story 1.3: Health Monitoring and Metrics System
- Implemented health check registry and interface
- Added database health checker
- Created Prometheus metrics system with HTTP instrumentation
- Added health and metrics providers to DI container
Story 1.4: Error Handling and Error Bus
- Implemented channel-based error bus
- Created ErrorPublisher interface
- Added error bus provider with lifecycle management
Story 1.5: HTTP Server Foundation
- Created HTTP server with Gin framework
- Implemented comprehensive middleware stack:
- Request ID generation
- Structured logging
- Panic recovery with error bus integration
- Prometheus metrics collection
- CORS support
- Registered core routes: /healthz, /ready, /metrics
- Integrated with FX lifecycle for graceful shutdown
All components are integrated via DI container and ready for use.
