Prism Auth Service | Lumina Enterprise Solutions

Enterprise-Grade Features

Built for scalability, security, and seamless integration with modern Go backends

🔑

JWT Authentication

Secure access and refresh token flow with configurable expiration times

• RS256 signature algorithm
• Automatic token rotation
• Blacklist support

🛡️

Two-Factor Auth (2FA)

TOTP-based 2FA with QR code generation for enhanced security

• Google Authenticator support
• Backup codes generation
• Rate limiting protection

🌐

OAuth 2.0 Integration

Ready-to-use social logins with popular providers

• Google OAuth 2.0
• Microsoft OAuth 2.0
• Custom provider support

🎭

User Impersonation

Secure admin functionality for support and debugging

• gRPC endpoint
• Audit logging
• Permission-based access

⚡

High Performance

Optimized Go implementation with Redis caching

• Sub-50ms response times
• Connection pooling
• Horizontal scaling

🔒

Security First

Enterprise security with HashiCorp Vault integration

• Secret management
• Encryption at rest
• Audit trails

📊

Monitoring & Analytics

Comprehensive metrics and logging for observability

• Prometheus metrics
• Structured logging
• Health checks

🚀

Easy Deployment

Docker-ready with Kubernetes manifests included

• Multi-stage Dockerfile
• Helm charts
• CI/CD pipelines

Built with Modern Go Stack

Leveraging the best tools and libraries for backend development

🐹

Go 1.21+

Runtime

🐘

PostgreSQL

Database

🗄️

Redis

Cache

🏛️

Vault

Secrets

🔌

gRPC

RPC

🐳

Docker

Container

Clean Architecture

Built following Go best practices with clean architecture principles for maintainability and testability

                    graph TD
    %% Styling definitions
    classDef external fill:#e1f5fe,stroke:#0277bd,stroke-width:2px,color:#000
    classDef handler fill:#f3e5f5,stroke:#7b1fa2,stroke-width:2px,color:#000
    classDef service fill:#e8f5e8,stroke:#388e3c,stroke-width:2px,color:#000
    classDef repository fill:#fff3e0,stroke:#f57c00,stroke-width:2px,color:#000
    classDef client fill:#fce4ec,stroke:#c2185b,stroke-width:2px,color:#000
    classDef database fill:#f1f8e9,stroke:#689f38,stroke-width:2px,color:#000
    classDef cache fill:#ffebee,stroke:#d32f2f,stroke-width:2px,color:#000
    classDef vault fill:#f9fbe7,stroke:#827717,stroke-width:2px,color:#000
    classDef main fill:#e3f2fd,stroke:#1976d2,stroke-width:3px,color:#000
    classDef microservice fill:#f8bbd9,stroke:#e91e63,stroke-width:2px,color:#000

    %% External Layer
    subgraph EXT ["🌐 External World"]
        direction TB
        Frontend["📱 Frontend/Mobile App
• Login/logout interface
• Token management
• Session handling"]
        OtherServices["🔗 Other Microservices
• Service-to-service auth
• Token validation
• User impersonation"]
    end

    %% Main Application Entry Point
    subgraph MAIN ["🔐 prism-auth-service"]
        direction TB
        MainGo["📋 main.go
• Server initialization
• Configuration loading
• Dependency injection
• Graceful shutdown"]
        
        %% Handler Layer
        subgraph HANDLER ["🎯 Handler Layer"]
            direction LR
            HTTPHandlers["🌐 HTTP Handlers
internal/handler
• REST endpoints
• Login/logout/refresh
• Request validation
• Response formatting"]
            GRPCServer["⚡ gRPC Server
internal/grpc_server
• Service authentication
• Token validation
• User verification
• Interceptors"]
        end
        
        %% Service Layer
        subgraph SERVICE ["🧠 Service Layer (Business Logic)"]
            direction TB
            AuthService["🔑 Auth Service
internal/service
• JWT token generation
• Password validation
• Session management
• Authentication logic
• Token refresh
• User authorization"]
        end
        
        %% Repository Layer
        subgraph REPO ["💾 Repository Layer (Data Access)"]
            direction TB
            Repositories["📊 Repositories
internal/repository
• User credential storage
• Session persistence
• Token blacklisting
• Audit logging
• Database transactions"]
        end
        
        %% Client Layer
        subgraph CLIENT ["🔌 Client Layer (External Communication)"]
            direction TB
            ServiceClients["📡 Service Clients
internal/client
• HTTP client wrapper
• gRPC client connections
• Circuit breaker pattern
• Retry mechanisms
• Request/response logging"]
        end
    end

    %% Dependencies & External Services
    subgraph DEPS ["🔧 Dependencies"]
        direction TB
        PostgresDB["🐘 PostgreSQL DB
• User credentials
• Session storage
• Audit trails
• ACID compliance"]
        RedisCache["🔴 Redis Cache
• Session storage
• Token blacklist
• Rate limiting
• Temporary data"]
        UserServiceExt["👤 prism-user-service
• User profile data
• User validation
• Account management"]
        NotificationServiceExt["📢 prism-notification-service
• Login notifications
• Security alerts
• Authentication events"]
        VaultService["🔐 HashiCorp Vault
• JWT signing keys
• Database credentials
• API secrets
• Encryption keys"]
    end

    %% Connections with labels
    Frontend -- "🌐 REST API
Login/Logout
Token Management" --> HTTPHandlers
    OtherServices -- "⚡ gRPC Calls
Token Validation
User Authentication" --> GRPCServer
    
    MainGo --> HTTPHandlers
    MainGo --> GRPCServer
    MainGo -- "🔑 Load Secrets
JWT Keys
DB Credentials" --> VaultService
    
    HTTPHandlers --> AuthService
    GRPCServer --> AuthService
    
    AuthService --> Repositories
    AuthService --> ServiceClients
    
    Repositories --> PostgresDB
    Repositories --> RedisCache
    
    ServiceClients -- "👤 HTTP/gRPC Out
User Validation
Profile Data" --> UserServiceExt
    ServiceClients -- "📢 HTTP/gRPC Out
Security Notifications
Login Alerts" --> NotificationServiceExt

    %% Apply styles
    class Frontend,OtherServices external
    class HTTPHandlers,GRPCServer handler
    class AuthService service
    class Repositories repository
    class ServiceClients client
    class PostgresDB database
    class RedisCache cache
    class VaultService vault
    class MainGo main
    class UserServiceExt,NotificationServiceExt microservice

🏗️ Clean Architecture

Layered architecture with clear separation of concerns

• Handler → Service → Repository
• Dependency injection
• Interface-based design
• Testable components

🔄 Microservices Ready

Built for distributed systems and service mesh

• gRPC inter-service communication
• Circuit breaker patterns
• Distributed tracing
• Service discovery

📊 Observability

Full observability stack for production monitoring

• Prometheus metrics
• Structured logging (zerolog)
• OpenTelemetry tracing
• Health check endpoints

Quick Start Guide

Get up and running in minutes with Docker

1️⃣

Clone Repository

Download the source code and dependencies

2️⃣

Configure Environment

Set up database and environment variables

3️⃣

Start Services

Launch with Docker Compose

Terminal

# Clone the repository
git clone https://github.com/Lumina-Enterprise-Solutions/prism-auth-service.git
cd prism-auth-service

# Copy environment configuration
cp .env.example .env

# Start all services with Docker Compose
docker-compose up -d

# Check service health
curl http://localhost:8080/health

Go Development

// Example: Using the auth service client in your Go application
package main

import (
    "context"
    "log"
    
    authpb "github.com/Lumina-Enterprise-Solutions/prism-auth-service/proto"
    "google.golang.org/grpc"
)

func main() {
    // Connect to auth service
    conn, err := grpc.Dial("localhost:50051", grpc.WithInsecure())
    if err != nil {
        log.Fatal(err)
    }
    defer conn.Close()
    
    // Create auth client
    client := authpb.NewAuthServiceClient(conn)
    
    // Validate token
    resp, err := client.ValidateToken(context.Background(), &authpb.ValidateTokenRequest{
        Token: "your-jwt-token-here",
    })
    if err != nil {
        log.Fatal(err)
    }
    
    log.Printf("Token valid: %v, User ID: %s", resp.Valid, resp.UserId)
}

API Documentation

Comprehensive REST and gRPC API documentation

🌐 REST API Endpoints

POST /api/v1/auth/login

Authenticate user with email/password

POST /api/v1/auth/refresh

Refresh access token using refresh token

GET /api/v1/auth/me

Get current user information

POST /api/v1/auth/2fa/enable

Enable two-factor authentication

POST /api/v1/oauth/google

Authenticate with Google OAuth

View Full REST API Docs

⚡ gRPC Methods

RPC ValidateToken

Validate JWT token and return user claims

RPC GenerateImpersonationToken

Generate impersonation token for admin users

RPC InvalidateSession

Invalidate user session and tokens

RPC GetUserPermissions

Retrieve user permissions and roles

RPC HealthCheck

Service health status and metrics

View gRPC Proto Files

🔒 Enterprise Security

Built with security-first mindset for enterprise applications

🔐

Encryption & Hashing

• bcrypt password hashing
• AES-256 data encryption
• TLS 1.3 in transit
• Database encryption at rest

🛡️

Attack Prevention

• Rate limiting & DDoS protection
• SQL injection prevention
• XSS protection headers
• CSRF token validation

📊

Audit & Compliance

• Complete audit trails
• Login attempt tracking
• GDPR compliance features
• SOC 2 Type II ready

⚡ Performance Metrics

Optimized for high-throughput enterprise workloads

< 50ms

Response Time

P95 authentication latency

10K+

Requests/min

Sustained throughput

99.9%

Uptime SLA

Production availability

< 100MB

Memory Usage

Optimized resource usage

🤝 Community & Support

Join our growing community of Go developers

📚

Documentation

Comprehensive guides, API docs, and tutorials

View Docs

💬

Discord Community

Chat with other developers and get real-time help

Join Discord

🐛

Issue Tracking

Report bugs, request features, and contribute

GitHub Issues