AeThex-Labs/AeThex-Engine-Core
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2
AeThex-Engine-Core/services/auth-service/README.md

318 lines
5.8 KiB
Markdown
Raw Blame History

# AeThex Authentication Service
Cloud authentication service for AeThex Engine.
## Features
- ✅ Email/Password authentication
- ✅ JWT token-based sessions
- ✅ Refresh token rotation
- ✅ OAuth (Google, GitHub)
- ✅ Password reset flow
- ✅ Rate limiting
- ✅ Security headers (Helmet)
- ✅ Input validation
## Quick Start
### Prerequisites
- Node.js 18+
- Docker & Docker Compose
- PostgreSQL 16 (or use Docker)
### Setup
```bash
cd services/auth-service
# Install dependencies
npm install
# Copy environment variables
cp .env.example .env
# Edit .env with your configuration
nano .env
# Start database
docker-compose up -d postgres
# Run migrations
npm run migrate
# Start development server
npm run dev
```
The service will be available at `http://localhost:3000`
### Using Docker Compose (Recommended)
```bash
# Start all services
docker-compose up -d
# View logs
docker-compose logs -f
# Stop services
docker-compose down
```
## API Endpoints
### Authentication
#### Register User
```http
POST /api/v1/auth/register
Content-Type: application/json
{
"email": "user@example.com",
"username": "johndoe",
"password": "SecurePass123"
}
```
**Response:**
```json
{
"user": {
"id": "uuid",
"email": "user@example.com",
"username": "johndoe"
},
"accessToken": "jwt_token",
"refreshToken": "refresh_token"
}
```
#### Login
```http
POST /api/v1/auth/login
Content-Type: application/json
{
"email": "user@example.com",
"password": "SecurePass123"
}
```
#### Get Current User
```http
GET /api/v1/auth/me
Authorization: Bearer {access_token}
```
#### Refresh Token
```http
POST /api/v1/auth/refresh
Content-Type: application/json
{
"refreshToken": "your_refresh_token"
}
```
#### Logout
```http
POST /api/v1/auth/logout
Authorization: Bearer {access_token}
```
### OAuth
#### Google OAuth
```http
GET /api/v1/auth/google
```
Redirects to Google OAuth consent screen.
#### GitHub OAuth
```http
GET /api/v1/auth/github
```
Redirects to GitHub OAuth consent screen.
### Password Reset
#### Request Password Reset
```http
POST /api/v1/auth/forgot-password
Content-Type: application/json
{
"email": "user@example.com"
}
```
#### Reset Password
```http
POST /api/v1/auth/reset-password
Content-Type: application/json
{
"token": "reset_token_from_email",
"password": "NewSecurePass123"
}
```
## Engine Integration
### GDScript Example
```gdscript
extends Node
func _ready():
# Initialize cloud service
AeThexCloud.auth.set_api_url("http://localhost:3000")
# Register new user
var result = await AeThexCloud.auth.register_async(
"user@example.com",
"username",
"SecurePass123"
)
if result.success:
print("Registered! Token: ", result.access_token)
else:
print("Error: ", result.error)
# Login
result = await AeThexCloud.auth.login_async(
"user@example.com",
"SecurePass123"
)
if result.success:
print("Logged in as: ", result.user.username)
# Token is automatically stored
# Check if logged in
if AeThexCloud.auth.is_logged_in():
var user = AeThexCloud.auth.get_current_user()
print("Welcome back, ", user.username)
```
## Development
### Project Structure
```
src/
├── index.ts # Application entry point
├── routes/
│ ├── auth.ts # Auth endpoints
│ └── user.ts # User management
├── controllers/
│ ├── authController.ts
│ └── userController.ts
├── middleware/
│ ├── authenticateToken.ts
│ ├── validateRequest.ts
│ └── errorHandler.ts
├── models/
│ └── User.ts # User model (Prisma)
├── services/
│ ├── tokenService.ts # JWT handling
│ └── emailService.ts # Email sending
└── utils/
├── logger.ts
└── validators.ts
```
### Running Tests
```bash
npm test
```
### Database Migrations
```bash
# Create new migration
npx prisma migrate dev --name add_user_table
# Apply migrations
npm run migrate
# Reset database
npx prisma migrate reset
```
## Security Considerations
1. **JWT Secrets**: Change `JWT_SECRET` and `REFRESH_TOKEN_SECRET` in production
2. **Database Password**: Use strong password for PostgreSQL
3. **HTTPS**: Always use HTTPS in production
4. **Rate Limiting**: Configured for 100 requests per 15 minutes
5. **OAuth Secrets**: Keep OAuth client secrets secure
6. **Password Policy**: Enforces 8+ chars with uppercase, lowercase, and numbers
## Environment Variables
| Variable | Description | Default |
|----------|-------------|---------|
| `PORT` | Server port | 3000 |
| `DATABASE_URL` | PostgreSQL connection string | - |
| `JWT_SECRET` | Secret for access tokens | - |
| `JWT_EXPIRES_IN` | Token expiration | 7d |
| `REFRESH_TOKEN_SECRET` | Secret for refresh tokens | - |
| `GOOGLE_CLIENT_ID` | Google OAuth client ID | - |
| `GOOGLE_CLIENT_SECRET` | Google OAuth secret | - |
| `GITHUB_CLIENT_ID` | GitHub OAuth client ID | - |
| `GITHUB_CLIENT_SECRET` | GitHub OAuth secret | - |
| `FRONTEND_URL` | Frontend URL for CORS | http://localhost:9002 |
## Production Deployment
### Docker
```bash
# Build image
docker build -t aethex-auth-service .
# Run container
docker run -d \
-p 3000:3000 \
-e DATABASE_URL=postgresql://... \
-e JWT_SECRET=your-secret \
aethex-auth-service
```
### Kubernetes
```bash
kubectl apply -f k8s/deployment.yml
kubectl apply -f k8s/service.yml
```
## Monitoring
Health check endpoint:
```http
GET /health
```
Response:
```json
{
"status": "healthy",
"service": "aethex-auth-service",
"timestamp": "2026-02-24T10:30:00.000Z"
}
```
## License
MIT License - See LICENSE file for details
## Support
- Documentation: https://docs.aethex.dev
- Issues: https://github.com/AeThex-LABS/AeThex-Engine-Core/issues
- Discord: https://discord.gg/aethex
Reference in a new issue View git blame Copy permalink