From fb7c75bce25403508940444c3e623207c123514e Mon Sep 17 00:00:00 2001 From: SOUKUM Date: Sun, 13 Nov 2022 23:56:55 +0530 Subject: [PATCH] Update README.md --- README.md | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 9cb1494..29f90e7 100644 --- a/README.md +++ b/README.md @@ -48,11 +48,11 @@ or - REQUIRE_DB_MIGRATIONS - REQUIRE_DB_INSERT - SENDGRID_API_KEY_PROD -- FIREBASE_PROFILE_PIC_PATH - REDIS_URL - NOTIFICATION_INTERNAL_URL - HEROKU_API_KEY - SECRET_KEY +- OIDC_CONFIG ### Microservices: @@ -75,14 +75,18 @@ breaking existing functionality. - Every push to master branch triggers github Makefile CI actions workflow which builds, test and deploy container images. - Additional code quality checks via [SONAR quality checks](https://sonarcloud.io/project/overview?id=souravs17031999_opioner-backend) have been integrated. +@deprecated ### New Relic Monitoring - We already have integrated new relic monitoring dashboards but configuration file `newrelic.ini` will have to be provided (inserted at each service root dir) and set `APM_MONITORING_NEWRELIC` to "True" to start application service with monitoring enabled. (for security reasons, configuration file will not be commited to this repo) -### Token based authentication -- All authorized routes are protected with JWT based token authentication which is expected by client to send in `Authorization` headers containing claims such as `user-id` and `roles` which can be fetched by first authorized login response token. - It requires `SECRET_KEY` (random hard password string) for authentication to work properly. +### [Keycloak](https://github.com/souravs17031999/keycloak-opioner) based authentication and authorization +- All routes are protected with JWT based token authentication issued by Keycloak. +- Authn and Authz are decoupled from the business logic of the microservices and terminated at the + entrypoints of the microservices. +- Various types of checks such as token signature, expiration, roles etc are checked before request is sent + forward to actual view mapped for the route. ### Pagination in API's - Some API's such as for fetching public feeds which contains long lists of feeds data generated by various users is paginated for better client side experience @@ -92,7 +96,8 @@ breaking existing functionality. - Currently, I have explored and made available instances of [Heroku postgresDB](https://devcenter.heroku.com/articles/heroku-postgresql) and [Amazon RDS postgresDB](https://aws.amazon.com/rds/postgresql/) in production. - For developmental debugging, volumes persistence (bind mounts/named volumes) is included in docker-compose.yml (using docker-compose) -### Firebase storage +@deprecated +### Firebase storage - Firebase is used for storage of profile pictures. ## Useful: @@ -101,6 +106,7 @@ breaking existing functionality. - Final built image (for every service) contains the ENTRYPOINT which starts the flask api service and runs any scripts supplied before actually starting the service. - Every service waits for the postgres service to start first (controlled by script), as every service depends on this one. - Repo contains db migration scripts for local setup. +- Migration scripts take care of creating initial schema on local setup (from postgres DB docker) and production setup (from auth service migrations phase). ## Docker container optimization - We have developed base-python-image which contains all the dependencies pre-installed specific to opioner application requirements that are common for consistency among all microservices and improves build time execution.