- Add VerifyPassword RPC to Identity Service
- Added to proto file and generated code
- Implemented in Identity Service gRPC server
- Added to Identity Service client interface and gRPC client
- Complete RefreshToken implementation
- Store refresh tokens in database using RefreshToken entity
- Validate refresh tokens with expiration checking
- Revoke refresh tokens on logout and token rotation
- Integrate Authz Service for role retrieval
- Added AuthzServiceClient to Auth Service
- Get user roles during login and token refresh
- Gracefully handle Authz Service failures
- Require JWT secret in configuration
- Removed default secret fallback
- Service fails to start if JWT secret is not configured
- Fix Consul health checks for Docker
- Services now register with Docker service names (e.g., audit-service)
- Allows Consul (in Docker) to reach services via Docker DNS
- Health checks use gRPC service names instead of localhost
This completes all TODOs in auth_service_fx.go and fixes the Consul
health check failures in Docker environments.
- Add gRPC health check support to Consul registry
- Services are gRPC-only, not HTTP
- Consul was trying HTTP health checks which failed
- Now uses gRPC health checks via grpc.health.v1.Health service
- Update HealthCheckConfig to support both HTTP and gRPC
- Add GRPC field for gRPC service name
- Add UseGRPC flag to choose health check type
- Default to gRPC for services (use_grpc: true in config)
- Fix service address registration in Docker
- Services now register with Docker service name (e.g., auth-service)
- Allows Consul to reach services via Docker network DNS
- Falls back to localhost for local development
- Update default.yaml to enable gRPC health checks
- Set use_grpc: true
- Set grpc: grpc.health.v1.Health
This fixes services being deregistered from Consul due to failed
HTTP health checks. Services will now pass gRPC health checks.
- Add SetEnvKeyReplacer to convert underscores to dots
- Explicitly bind DATABASE_DSN, REGISTRY_CONSUL_ADDRESS, REGISTRY_TYPE
- Fixes database connection issues in Docker where services couldn't
read DATABASE_DSN environment variable
- Services in Docker can now connect to postgres:5432 instead of localhost
- Change from 'go run ./cmd/{service}/main.go' to 'go run ./cmd/{service}/*.go'
- go run with single file doesn't include other files in the package
- Service implementations are in separate _fx.go files
- Using wildcard includes all .go files in the package
- Update README.md and SUMMARY.md with correct commands
- Fixes 'undefined: provideXService' errors when running services
- Create Dockerfile for API Gateway
- Multi-stage build using golang:1.25-alpine
- Minimal runtime image using alpine:latest
- Exposes port 8080
- Add API Gateway service to docker-compose.yml
- Depends on Consul and all core services
- Environment variables for gateway configuration
- Port 8080 exposed
- Update SUMMARY.md
- Add API Gateway to service list
- Add API Gateway to Docker build instructions
- Update file structure to include API Gateway Dockerfile
- Change from fx.Provide to fx.Invoke for health registry registration
- CoreModule() already provides *health.Registry
- Services should register their database checkers with the existing registry
- Use fx.Invoke to register database health checkers instead of providing new registry
- Fixes duplicate provider error for *health.Registry
- All services now build and should start successfully
- Remove duplicate CoreModule() calls from all service main.go files
- NewContainer() already includes CoreModule() automatically
- This was causing duplicate ConfigProvider provider errors
- Update all _fx.go files to use *database.Client instead of *ent.Client
- database.Client embeds *ent.Client, so it can be used directly
- This fixes type mismatches between providers and consumers
- Keep ent import for constants like ent.Desc
- All services now build and should start successfully
- Add Core Services section highlighting Epic 2 completion
- Update directory structure to include all service entry points
- Add comprehensive Quick Start guide with:
- Prerequisites including NixOS support
- Installation steps with code generation
- Two deployment options (development vs full Docker)
- Service endpoints and ports
- Testing examples with grpcurl
- Update Architecture section with Core Services details
- Add Implementation Status section showing completed epics
- Update Configuration section with service-specific settings
- Add links to Epic 2 documentation
- Create Dockerfiles for all four services (auth, identity, authz, audit)
- Multi-stage builds using golang:1.25-alpine
- Minimal runtime images using alpine:latest
- Copy config files to runtime image
- Create docker-compose.dev.yml for development
- Only PostgreSQL and Consul
- Use when running services locally with 'go run'
- Update docker-compose.yml for full deployment
- All services + infrastructure
- Services build from Dockerfiles
- Health checks and dependencies configured
- Environment variables for service configuration
- Add .dockerignore to optimize build context
- Excludes docs, tests, IDE files, build artifacts
- Update SUMMARY.md
- Document both docker-compose files
- Add Docker deployment section
- Update file structure to include Dockerfiles
- Add Consul service to docker-compose.yml
- Running in dev mode on port 8500
- Health checks configured
- Persistent volume for data
- Web UI available at http://localhost:8500/ui
- Update SUMMARY.md
- Document Consul setup in docker-compose
- Add Consul verification steps
- Update prerequisites to include Docker Compose
- Add note about Consul Web UI
- Remove obsolete version field from docker-compose.yml
- Implement Audit Service (2.5)
- gRPC server with Record and Query operations
- Database persistence with audit schema
- Service registry integration
- Entry point: cmd/audit-service
- Implement Identity Service (2.2)
- User CRUD operations
- Password hashing with argon2id
- Email verification and password reset flows
- Entry point: cmd/identity-service
- Fix package naming conflicts in user_service.go
- Implement Auth Service (2.1)
- JWT token generation and validation
- Login, RefreshToken, ValidateToken, Logout RPCs
- Integration with Identity Service
- Entry point: cmd/auth-service
- Note: RefreshToken entity needs Ent generation
- Implement Authz Service (2.3, 2.4)
- Permission checking and authorization
- User roles and permissions retrieval
- RBAC-based authorization
- Entry point: cmd/authz-service
- Implement gRPC clients for all services
- Auth, Identity, Authz, and Audit clients
- Service discovery integration
- Full gRPC communication
- Add service configurations to config/default.yaml
- Create SUMMARY.md with implementation details and testing instructions
- Fix compilation errors in Identity Service (password package conflicts)
- All services build successfully and tests pass
- Fix errcheck: explicitly ignore tx.Rollback() error in defer
- When transaction commits successfully, Rollback() returns an error (expected)
- Use defer func() with explicit error assignment to satisfy linter
- Remove unused connectToService function
- Function is not currently used (proto files not yet generated)
- Commented out with TODO for future implementation
- Prevents unused function lint error
- Change version from number to string: version: "2"
- Remove deprecated exclude-use-default option
- Change exclude-rules to exclude (new format in v2.6)
- Remove deprecated output section (print-issued-lines, print-linter-name)
- Remove linters-settings (not allowed in v2.6 schema validation)
Fixes CI validation errors with golangci-lint v2.6.1:
- version type validation error
- exclude-use-default and exclude-rules not allowed
- output options not allowed
- linters-settings not allowed at root level
