Restructure Project Structure/Infrastructure

[NilsG-S]

Repos:

• [ ] cpceed-student-app:
• [ ] cpceed-admin-app
• [ ] cpceed-auth-service
• [ ] cpceed-user-service
• [ ] cpceed-event-service
• [ ] cpceed-report-service
• [ ] cpceed-common

Tasks (per-repo):

• [ ] Clean server out dependencies
• [ ] Clean out unnecessary dependencies
• [ ] Switch common to submodule
• [ ] Set up doc site
• [ ] Set up Travis

Tasks (overall):

• [ ] API gateway
• [ ] Infrastructure (as code)
• [ ] Production Swarm configuration
• [ ] Move server to common

Authentication:

There are a few options for how to conduct authentication in this app.

1. Identity microservice with centralized authorization checks. Basically there's a single identity microservice that all of the other microservices contact whenever someone attempts to access a restricted resource.

• Not very efficient because a single request could generate multiple requests to the identity microservice.

2. Identity microservice with API gateway. Basically only the API gateway checks authorization. Any activity beyond the gateway is assumed to be authorized.

3. Identity microservice with distributed authorization checks. Basically the identity microservice issues tokens sized with some secret value. All microservices have this secret value so they can check the validity of tokens sent to them.

• A single insecure microservice would compromise the whole system.

Note: all of the above assume we don't want SSO for our different front-ends (which we don't). SSO would require oAuth/OpenID Connect. See https://www.coreblox.com/blog/2018/2/identity-as-a-microservice

Resources:

• https://www.nginx.com/blog/building-microservices-using-an-api-gateway/
• https://stackoverflow.com/questions/31044380/microservices-authentication/42734113#42734113
• https://blog.leanix.net/en/authorization-authentication-with-microservices

[ynigoreyes]

Microservices, Yarn, Material UI, compose in production and development

[NilsG-S]

Individual package.json files

[NilsG-S]

@ynigoreyes Here's some API gateway software I've found:

• https://tyk.io/
  • https://github.com/TykTechnologies/tyk
• https://konghq.com/kong-community-edition/
  • https://github.com/Kong/kong
• https://github.com/Netflix/zuul

https://stackoverflow.com/questions/46769814/is-there-a-comprehensive-comparison-between-tyk-vs-kong

[NilsG-S]

I'm liking Tyk. It's fast, accepts plugins in many languages, and seems relatively simple.

Here's the basic authentication structure I was looking at: https://tyk.io/docs/security/your-apis/json-web-tokens/

[ynigoreyes]

What is 3rd party/custom idp??? is that equivalent to what our auth micro is going to be?

[NilsG-S]

That's the impression I got

EDIT

We'll also need this to handle updates: https://tyk.io/docs/ensure-high-availability/service-discovery/

[NilsG-S]

Remaining work on cpceed-student-app: [see first post]