This service authenticates users against records in a MongoDB. When authenticated, users are issued a JWT token with a set of claims describing operations a user can perform. It's designed to be used in a microservice architecture where claims are defined by associated services other than a core claims for managing users and claims.
This project is part of a collection of microservices for supporting a larger project.
The application was tested with these major versions:
- MongoDB 4.2
- Node.js 14 & 16
- Docker
- Kubernetes Provider
This package doesn't target any specific platform or provider. Sample files for Kubernetes deployment are included.
cd node-user-service
npm installCreate the user service database and a user that can access it.
use userServiceDB
db.createUser(
{
user: "userService",
pwd: "[STRONG PASSWORD]",
roles: [
{ role: "readWrite", db: "userServiceDB" }
]
}
)To add users and authorization claims, populate a yaml file with seed claims and users. See SampleClaims.yaml and SampleUsers.yaml for an example of the data format. Seed the database with the initial user and claims.
npm run addClaims -- MyClaims.yaml
npm run addUsers -- MyUsers.yamlYou will need to generate a private/public key pair. This is used to sign the JWT tokens. The node-user-service uses the private key to sign while the consuming services will use the public key to validate.
ssh-keygen -t rsa -b 4096 -m PEM -f jwtRS256.key
openssl rsa -in jwtRS256.key -pubout -outform PEM -out jwtRS256.key.pubA few environmental variables are required for the application to run. Create a .env file in the root of the project directory and refer to template.env for allowed values.
cp template.env .env
# Edit .envThe application should now be runnable locally.
npm startDocker isn't required to run this service, but in a microservice architecture, use of containers has become ubiquitous. Create the Docker image and push it up to a Docker registry.
docker build -t linkedmink/node-user-service
docker push linkedmink/node-user-serviceYou can run the images directly for testing or simplicity.
docker run -d \
-p 80:8080 \
-e ALLOWED_ORIGINS=https://mydomain.com \
-e MONGO_DB_CONNECTION_STRING=... \
-e JWT_SECRET_KEY_FILE=... \
-e JWT_AUDIENCE=... \
-e JWT_ISSUER=... \
--name node-user-service \
linkedmink/node-user-serviceThe project contains a sample deployment.yaml file for deploying to a Kubernetes cluster. Edit the file as necessary. Then apply the changes to your cluster.
kubectl create secret generic jwt-private-key \
--namespace necro-automobilia \
--from-file=../../keys/jwtRS256.key
kubectl apply -f ./deployment.yamlAdditionally, there's a basic build script that constructs a multi-platform docker image and rolls out the latest version to a Kubernetes cluster.
# Edit build.sh or supply environment variables to override
KUBERNETES_NAMESPACE=my-app deploy/k8s-build.sh deploy