esante-iam v3.0.9
eSante IAM API
Overview
This repo contains the esante-iam api which handles everything related to
Users, Orgs, Roles, Permissions, and Authentication. IAM has three distinct microservices.
- Auth microservice
- Organizations microservice
- Users microservice
Auth microservice
Handles authentication and authorization operations across the entire eSante system.
Organizations microservice
Manages creating and querying eSante organizations managed within the eSante portal.
Users microservice
Handles creating and querying eSante users likewise managed within the eSante portal.
Project Structure
| path | description |
|---|---|
| .githooks | git hooks folder |
| .circlei | circle ci pipeline configs |
| server.js | local development server entrypoint |
| lambda.js | serverless lambda fn entrypoint |
| serverless.yml | serverless deployment configuration |
| .environ | per env serverless configs |
| src | source code folder |
| src/index.js | app api entrypoint |
| src/_app | app api endpoint init code |
| src/auth | auth microservice code |
| src/organizations | organizations microservice code |
| src/users | users microservice code |
| src/utils | utility/helper code |
Running Locally
Please follow these steps to run the service locally:
- create ssh tunnel to devleopment database
pg_tunnel esante-dev dev-pg-cluster.cluster-cqkfvl6ken4r.us-east-2.rds.amazonaws.com localhostnote! please see confluence R&D guides for explanation of how to setup ssh tunnels for development databases
Create .env file to point api to dev enrironment
touch .envset contents to
GRAPHQL_INTROSPECTION=true
SECRET_ENV_NAME=dev/esante
TENANTS_TABLE="dev-esante-tenants"
SERVICES_TABLE="dev-esante-services"
AWS_REGION=us-east-2Set AWS credentails
open your aws sso account panel to grab your AWS export statements to set your aws credentails in the terminal
export AWS_ACCESS_KEY_ID="XXX"
export AWS_SECRET_ACCESS_KEY="XXX"
export AWS_SESSION_TOKEN="XXX"Run start script
npm starton startup you should see similar output as below
> esante-iam@2.0.62 start
> nodemon --watch src ./server.js
[nodemon] 2.0.22
[nodemon] to restart at any time, enter `rs`
[nodemon] watching path(s): src/**/*
[nodemon] watching extensions: js,mjs,json
[nodemon] starting `node ./server.js`
esante:env INFO - Loaded 81 environment variables
esante:api INFO - Configuring GRAPHQL endpoint
esante:api INFO - Configuring REST endpoint
esante:app:server INFO - 🚀 Server be4b55afc3f247279d3fc8b61e851230 started in 357 ms on port 9012Done
now you can point your insonmia or postman at the localport and execute api calls 🥳
Endpoints
Is Authorized
For checking if a user is authorized to perform specific task based on the permissions it has on record.
Method: GET
{{IAM_API}}/auth/isAuthorized
Headers
| Content-Type | Value |
|---|---|
| tenantId | p3n |
Get Permissions
For retriveing a list of permissions that a user has on record.
Method: POST
{{IAM_API}}/auth/permissions
Headers
| Content-Type | Value |
|---|---|
| tenantId | p3n |
User Microservice
Who Am I
Can be queried to return information on the user making the request.
Method: GET
{{IAM_API}}/user/whoami
Headers
| Content-Type | Value |
|---|---|
| tenantId | p3n |
Graphql
Beyond the previously listed rest endpoints there are many more graphql endpoints, however, since graphql is self documenting they are not listed here.
6 months ago