- Add VerifyPassword RPC to Identity Service
- Added to proto file and generated code
- Implemented in Identity Service gRPC server
- Added to Identity Service client interface and gRPC client
- Complete RefreshToken implementation
- Store refresh tokens in database using RefreshToken entity
- Validate refresh tokens with expiration checking
- Revoke refresh tokens on logout and token rotation
- Integrate Authz Service for role retrieval
- Added AuthzServiceClient to Auth Service
- Get user roles during login and token refresh
- Gracefully handle Authz Service failures
- Require JWT secret in configuration
- Removed default secret fallback
- Service fails to start if JWT secret is not configured
- Fix Consul health checks for Docker
- Services now register with Docker service names (e.g., audit-service)
- Allows Consul (in Docker) to reach services via Docker DNS
- Health checks use gRPC service names instead of localhost
This completes all TODOs in auth_service_fx.go and fixes the Consul
health check failures in Docker environments.
Refactor core kernel and infrastructure to support true microservices
architecture where services are independently deployable.
Phase 1: Core Kernel Cleanup
- Remove database provider from CoreModule (services create their own)
- Update ProvideHealthRegistry to not depend on database
- Add schema support to database client (NewClientWithSchema)
- Update main entry point to remove database dependency
- Core kernel now provides only: config, logger, error bus, health, metrics, tracer, service registry
Phase 2: Service Registry Implementation
- Create ServiceRegistry interface (pkg/registry/registry.go)
- Implement Consul registry (internal/registry/consul/consul.go)
- Add Consul dependency (github.com/hashicorp/consul/api)
- Add registry configuration to config/default.yaml
- Add ProvideServiceRegistry() to DI container
Phase 3: Service Client Interfaces
- Create service client interfaces:
- pkg/services/auth.go - AuthServiceClient
- pkg/services/identity.go - IdentityServiceClient
- pkg/services/authz.go - AuthzServiceClient
- pkg/services/audit.go - AuditServiceClient
- Create ServiceClientFactory (internal/client/factory.go)
- Create stub gRPC client implementations (internal/client/grpc/)
- Add ProvideServiceClientFactory() to DI container
Phase 4: gRPC Service Definitions
- Create proto files for all core services:
- api/proto/auth.proto
- api/proto/identity.proto
- api/proto/authz.proto
- api/proto/audit.proto
- Add generate-proto target to Makefile
Phase 5: API Gateway Implementation
- Create API Gateway service entry point (cmd/api-gateway/main.go)
- Create Gateway implementation (services/gateway/gateway.go)
- Add gateway configuration to config/default.yaml
- Gateway registers with Consul and routes requests to backend services
All code compiles successfully. Core services (Auth, Identity, Authz, Audit)
will be implemented in Epic 2 using these foundations.
