Skip to content

mojaloop/security-bc

Repository files navigation

security-bc

EXPERIMENTAL vNext Security Bounded Context Mono Repository

The security bc is responsible for authorization and authentication of the internal and external services and identity management

It implements the following usecases :

  • BC User / Operator Authentication
  • BC Authorization Model
  • BC Bootstrapping
  • Role / Privilege association

See the Reference Architecture documentation security section for context on this vNext implementation guidelines.

Contents

Packages

The Security BC consists of the following packages;

authentication-svc Authentication Service. README

authorization-svc Authorization Service. README

builtin-identity-svc Builtin Identity Service. README

client-lib Client library types. README

public-types-lib Security BC Public Types. README

Running Locally

Please follow the instruction in Onboarding Document to setup and run the service locally.

Configuration

See the README.md file on each services for more Environment Variable Configuration options.

Logging

Logs are sent to standard output by default.

Tests

Unit Tests

npm run test:unit

Run Integration Tests

npm run test:integration

Run all tests at once

Requires integration tests pre-requisites

npm run test

Collect coverage (from both unit and integration test types)

After running the unit and/or integration tests:

npm run posttest

You can then consult the html report in:

coverage/lcov-report/index.html

Auditing Dependencies

We use npm audit to check dependencies for node vulnerabilities.

To start a new resolution process, run:

npm run audit:fix

You can check to see if the CI will pass based on the current dependencies with:

npm run audit:check

CI/CD Pipelines

Execute locally the pre-commit checks - these will be executed with every commit and in the default CI/CD pipeline

Make sure these pass before committing any code

npm run pre_commit_check

Work Flow

As part of our CI/CD process, we use CircleCI. The CircleCI workflow automates the process of publishing changed packages to the npm registry and building Docker images for select packages before publishing them to DockerHub. It also handles versioning, tagging commits, and pushing changes back to the repository.

The process includes five phases.

  1. Setup : This phase initializes the environment, loads common functions, and retrieves commits and git change history since the last successful CI build.

  2. Detecting Changed Package.

  3. Publishing Changed Packages to NPM.

  4. Building Docker Images and Publishing to DockerHub.

  5. Pushing Commits to Git.

All code is automatically linted, built, and unit tested by CircleCI pipelines, where unit test results are kept for all runs. All libraries are automatically published to npm.js, and all Docker images are published to Docker Hub.

Documentation

The following documentation provides insight into the Settlements Bounded Context.