goplt/docs/content/stories/phase2

Phase 2: Authentication & Authorization

Overview

Implement JWT authentication, create identity management (User CRUD), build role and permission system, add authorization middleware, and implement audit logging.

Tasks

2.1 Authentication (JWT)

• 2.1.1 - Install JWT Library
• 2.1.2 - Create Auth Interfaces
• 2.1.3 - Implement JWT Auth
• 2.1.4 - Create Auth Middleware
• 2.1.5 - Add Login Endpoint
• 2.1.6 - Add Refresh Endpoint

2.2 Identity Management

• 2.2.1 - Create Identity Interfaces
• 2.2.2 - Implement User Repository
• 2.2.3 - Implement User Service
• 2.2.4 - Add Endpoints

2.3 Roles & Permissions

• 2.3.1 - Create Permission Types
• 2.3.2 - Create Permission Resolver Interface
• 2.3.3 - Implement In-Memory Resolver
• 2.3.4 - Create Authorization Interface
• 2.3.5 - Implement RBAC Authorizer
• 2.3.6 - Create Authorization Middleware

2.4 Role Management

• 2.4.1 - Create Role Repository
• 2.4.2 - Add Endpoints

2.5 Audit Logging

• 2.5.1 - Create Audit Interface
• 2.5.2 - Implement Ent Auditor
• 2.5.3 - Add Audit Middleware
• 2.5.4 - Integrate with Auth Endpoints

2.6 Database Seeding

• 2.6.1 - Create Seed Script

Deliverables Checklist

• JWT authentication working (access + refresh tokens)
• User registration and management endpoints
• Role and permission system implemented
• Authorization middleware protecting endpoints
• Audit logging captures all auth actions
• Database seeding for initial admin user

Acceptance Criteria

• POST /api/v1/auth/login returns JWT tokens
• POST /api/v1/auth/refresh issues new access token
• Protected endpoints require valid JWT
• Authorization middleware checks permissions
• All auth actions are logged to audit table
• Admin user can be created via seed script