Skip to content

feat: Phase 1 Week 1 - User Service Foundation #167

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
lakshayman wants to merge 1 commit into
base: chore-take-to-prod
Choose a base branch
from
Draft

feat: Phase 1 Week 1 - User Service Foundation #167

lakshayman wants to merge 1 commit into from

Conversation

@lakshayman
Copy link
Contributor

@lakshayman lakshayman commented Jan 16, 2026

Date: 16 Jan 2025

Developer Name: @lakshayman

Description

This PR implements Phase 1, Week 1: User Service Foundation for the Feature Flag Backend. It establishes a standalone user authentication system, enabling the service to manage users independently without relying on external RDS authentication.

Key Features Implemented:

  1. User Data Model

    • Created User model with fields: id, email, passwordHash, role, createdAt, updatedAt, isActive
    • Added role constants: ADMIN, DEVELOPER, VIEWER
    • User table schema with email-index GSI for efficient lookups

  2. Password Security

    • Implemented bcrypt password hashing utilities
    • HashPassword() and CheckPasswordHash() functions for secure password management

  3. User Registration Endpoint

    • POST /users/register - Register new users
    • Email validation and password strength requirements (min 8 characters)
    • Default role assignment (VIEWER if not specified)
    • Duplicate email detection

  4. User Login Endpoint

    • POST /users/login - Authenticate users and generate JWT tokens
    • Password verification
    • JWT token generation with user ID and role claims
    • Returns token and user profile

  5. User Profile Management

    • GET /users/{userId} - Retrieve user profile (excludes password hash)
    • PUT /users/{userId} - Update user profile (email, role, isActive status)
    • JWT authentication required

  6. JWT Token Generation

    • Extended JWTUtils to support private key loading from SSM Parameter Store
    • Added GenerateToken() method for creating JWT tokens
    • Supports PROD, STAGING, and LOCAL environments
    • Token includes userId and role claims with 1-year expiration

  7. Infrastructure Updates

    • Added user table creation to setup-dynamodb-tables.sh with email-index GSI
    • Added RegisterUserFunction, LoginUserFunction, GetUserByIdFunction, and UpdateUserFunction to SAM template
    • Configured IAM policies for DynamoDB and SSM access
    • Added SSM parameter constants for private key storage

Documentation Updated?

  • Yes
  • No

Under Feature Flag

  • Yes
  • No

Database Changes

  • Yes
  • No

Database Changes:

  • New user table with partition key id and GSI on email field
  • Table creation script updated to include user table setup

Breaking Changes

  • Yes
  • No

Development Tested?

  • Yes
  • No

Testing:

  • ✅ SAM build passes successfully
  • ✅ Go compilation verified for all new functions
  • ✅ Code follows existing patterns and conventions

Screenshots

Screenshot 1

Test Coverage

Test Coverage Details

Additional Notes

Setup Requirements

  1. DynamoDB Table Creation:
    ./setup-dynamodb-tables.sh
    This will create the user table with email-index GSI.

  2. SSM Parameter Setup:
    Private keys need to be stored in SSM Parameter Store:

    • PROD_RDS_BACKEND_PRIVATE_KEY (for production)
    • STAGING_RDS_BACKEND_PRIVATE_KEY (for staging)

    The public key should already exist from previous setup.

  3. API Endpoints:

    • POST /users/register - No authentication required
    • POST /users/login - No authentication required
    • GET /users/{userId} - JWT authentication required
    • PUT /users/{userId} - JWT authentication required

Next Steps (Week 2)

  • Migrate existing endpoints to use new authentication system
  • Implement role-based access control (RBAC) for feature flag management
  • Add comprehensive test coverage

Security Considerations

  • Passwords are hashed using bcrypt before storage
  • JWT tokens include user ID and role for authorization
  • Private keys are stored securely in SSM Parameter Store
  • Password hashes are never returned in API responses

Files Changed

  • layer/models/user.go (new)
  • layer/utils/password.go (new)
  • layer/utils/RequestResponse.go (updated)
  • layer/utils/Constants.go (updated)
  • layer/utils/ErrorOutput.go (updated)
  • layer/jwt/jwt.go (updated)
  • registerUser/main.go (new)
  • loginUser/main.go (new)
  • getUserById/main.go (new)
  • updateUser/main.go (new)
  • setup-dynamodb-tables.sh (updated)
  • template.yaml (updated)
  • go.mod (updated)

@lakshayman
feat: Phase 1 Week 1 - User Service Foundation
46dae64 
- Add User data model with role-based access (ADMIN, DEVELOPER, VIEWER)
- Implement password hashing with bcrypt
- Create user registration endpoint (POST /users/register)
- Create user login endpoint (POST /users/login) with JWT token generation
- Add user profile management endpoints (GET/PUT /users/{userId})
- Extend JWT utils to support private key loading from SSM for token generation
- Add user table creation to DynamoDB setup script with email-index GSI
- Add request/response models for user operations
- Update SAM template with new Lambda functions and IAM policies
@lakshayman lakshayman self-assigned this Jan 16, 2026
@coderabbitai
Copy link

coderabbitai bot commented Jan 16, 2026

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@lakshayman lakshayman

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@lakshayman