Proof of concept microservices project with Deno.
- download vscode.
- install Docker.
- install vscode remote container extension.
- clone this repository.
- open repository folder in vscode dev container.
- run script
./certificates.sh
to generate public certificate and private key forlocalhost
domain.
- run script
./starting.sh
. - run http request step by step starting with
.http-client/identity.http
and thennotifications.http
andloans.http
.
- identity microservice: identity api [support/public].
- register account.
- change account password.
- login user.
- register activation link and send an activation link email to notification service.
- use activation link to activate account.
- generate jwt authentication token [testing purpose].
- get activation link [testing purpose].
- loans microservice: loans api [business/public].
- register contract and calculate interest rate.
- approve contract.
- reject contract.
- notifications microservice: notifications api [support/private].
- register notifications.
- send notifications to external services.
- monitor microservices: monitoring api [support/public].
- monitor microservices health (live health).
- std-modules contains independent standard modules (some depending only on
std-errors
). - webapi-modules contains webapi modules shared by all microservices.
- identity microservice use mediator to publish internal messages and to chain message handlers. Use scheduler to resume failed handled messages.
- loans microservice use in-process caching for discout and interest types [rarely changed].
- notifications microservice use jwt authentication with tokens generated by identity microservice. Like identity microservice use mediator to chain message handlers.
- identity microservice and monitor microservice use resilient fetch to communicate with other microservices.
idempotency
is implemented by all message handlers and by notifications microservice endpoint to deduplicate notifications.
- public microservices use cookie as authentication mechanism.
- private microservice(s) use jwt as authentication mechanism.
- microservices use a distributed authorization mechanism based on account roles.
- public microservices use rate limiting per ip/global to avoid dos/ddos attacks.
- db queries use parameters [no sql query concatenations].
- use encryption key to encrypt/decrypt authentication/identity cookies.
- use signing key to sign/verify jwt authentication/identity tokens.
wip [cors, http cache, logging]