Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Organise env variables and authorization #60

Merged
merged 8 commits into from
Oct 26, 2024
Merged

Organise env variables and authorization #60

merged 8 commits into from
Oct 26, 2024

Conversation

samuelim01
Copy link

@samuelim01 samuelim01 commented Oct 24, 2024
edited
Loading

Description

  • Organise environment variables into single file per service
  • Decouple authorization such that each service can perform the role of authorization
  • Ensure only admins can create, update, or delete questions

Spreading the use of environment variables across source files is messy and unmaintainable. Let's compact them into a single file, and use Zod to validate them upon service start up.

Asserting that authorization must be done by the user service creates a tight coupling between services. Let's pass the JWT_SECRET to each service, such that

  • Only the user service creates authorization tokens
  • The other services can authorize these claims using the JWT_SECRET

Given that authorization is now handled within each service, let's

  • Authorize match requests without calling the user service
  • Restrict creation, updating, and deletion of questions to admins

Checklist

  • I have updated documentation
  • All tests passing

Screenshots (if applicable)

@samuelim01
User: Centralize env variables
b074d18
@samuelim01
Question: Centralize env variables
89fde3e
@samuelim01
Match: Centralize env variables
3e0a0e5
@samuelim01
Precalculate DB_URI in services
0df5564
@samuelim01
Rename match broker
e793ef8
@samuelim01
Decouple match authorization
5aba80e 
Let's pass the JWT_SECRET to the match service. This means only the user service will issue authorization tokens, but the service can verify the claims without depending on the user service.
@samuelim01
Add question service RBAC
966a859 
Ensure that the creation, updating, and deletion of questions can only
be done by admins.
@samuelim01 samuelim01 self-assigned this Oct 24, 2024
@McNaBry McNaBry self-requested a review October 26, 2024 01:51
McNaBry
McNaBry approved these changes Oct 26, 2024
View reviewed changes
Copy link

@McNaBry McNaBry left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@samuelim01 samuelim01 merged commit 6bf6136 into main Oct 26, 2024
4 checks passed
@samuelim01 samuelim01 deleted the backend-auth branch October 26, 2024 01:57
KhoonSun47 added a commit to KhoonSun47/cs3219-ay2425s1-project-g03 that referenced this pull request Oct 26, 2024
@KhoonSun47
Merge branch 'main' into collab-service-2-1-2
88abf43 
* main:
  Enhance Login & Registration Pages (CS3219-AY2425S1#57)
  Organise env variables and authorization (CS3219-AY2425S1#60)
  Add dozzle (CS3219-AY2425S1#59)

# Conflicts:
#	.env.sample
#	compose.yml
#	services/match/.env.sample
#	services/match/src/events/broker.ts
#	services/question/src/models/index.ts
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@McNaBry McNaBry McNaBry approved these changes

Assignees

@samuelim01 samuelim01

Labels
service.Match service.Question service.User
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@samuelim01 @McNaBry