feat: Phase 1 Week 1 - User Service Foundation

[lakshayman]

Date: 16 Jan 2025

Developer Name: @lakshayman

---

Description

This PR implements Phase 1, Week 1: User Service Foundation for the Feature Flag Backend. It establishes a standalone user authentication system, enabling the service to manage users independently without relying on external RDS authentication.

Key Features Implemented:

1. User Data Model

   • Created User model with fields: id, email, passwordHash, role, createdAt, updatedAt, isActive
   • Added role constants: ADMIN, DEVELOPER, VIEWER
   • User table schema with email-index GSI for efficient lookups

2. Password Security

   • Implemented bcrypt password hashing utilities
   • HashPassword() and CheckPasswordHash() functions for secure password management

3. User Registration Endpoint

   • POST /users/register - Register new users
   • Email validation and password strength requirements (min 8 characters)
   • Default role assignment (VIEWER if not specified)
   • Duplicate email detection

4. User Login Endpoint

   • POST /users/login - Authenticate users and generate JWT tokens
   • Password verification
   • JWT token generation with user ID and role claims
   • Returns token and user profile

5. User Profile Management

   • GET /users/{userId} - Retrieve user profile (excludes password hash)
   • PUT /users/{userId} - Update user profile (email, role, isActive status)
   • JWT authentication required

6. JWT Token Generation

   • Extended JWTUtils to support private key loading from SSM Parameter Store
   • Added GenerateToken() method for creating JWT tokens
   • Supports PROD, STAGING, and LOCAL environments
   • Token includes userId and role claims with 1-year expiration

7. Infrastructure Updates

   • Added user table creation to setup-dynamodb-tables.sh with email-index GSI
   • Added RegisterUserFunction, LoginUserFunction, GetUserByIdFunction, and UpdateUserFunction to SAM template
   • Configured IAM policies for DynamoDB and SSM access
   • Added SSM parameter constants for private key storage

Documentation Updated?

• Yes
• No

Under Feature Flag

• Yes
• No

Database Changes

• Yes
• No

Database Changes:

• New user table with partition key id and GSI on email field
• Table creation script updated to include user table setup

Breaking Changes

• Yes
• No

Development Tested?

• Yes
• No

Testing:

• ✅ SAM build passes successfully
• ✅ Go compilation verified for all new functions
• ✅ Code follows existing patterns and conventions

Screenshots

Screenshot 1

Test Coverage

Test Coverage Details

Additional Notes

Setup Requirements

1. DynamoDB Table Creation:
   ./setup-dynamodb-tables.sh
   This will create the user table with email-index GSI.

2. SSM Parameter Setup:
   Private keys need to be stored in SSM Parameter Store:

   • PROD_RDS_BACKEND_PRIVATE_KEY (for production)
   • STAGING_RDS_BACKEND_PRIVATE_KEY (for staging)

   The public key should already exist from previous setup.

3. API Endpoints:

   • POST /users/register - No authentication required
   • POST /users/login - No authentication required
   • GET /users/{userId} - JWT authentication required
   • PUT /users/{userId} - JWT authentication required

Next Steps (Week 2)

• Migrate existing endpoints to use new authentication system
• Implement role-based access control (RBAC) for feature flag management
• Add comprehensive test coverage

Security Considerations

• Passwords are hashed using bcrypt before storage
• JWT tokens include user ID and role for authorization
• Private keys are stored securely in SSM Parameter Store
• Password hashes are never returned in API responses

Files Changed

• layer/models/user.go (new)
• layer/utils/password.go (new)
• layer/utils/RequestResponse.go (updated)
• layer/utils/Constants.go (updated)
• layer/utils/ErrorOutput.go (updated)
• layer/jwt/jwt.go (updated)
• registerUser/main.go (new)
• loginUser/main.go (new)
• getUserById/main.go (new)
• updateUser/main.go (new)
• setup-dynamodb-tables.sh (updated)
• template.yaml (updated)
• go.mod (updated)

[coderabbitai]

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}