uebliche

Appearance

Feature Plan: Auth Service โ€‹

Summary โ€‹

  • Owner: Freddi
  • Status: Delivery
  • Target Release: Rolling
  • Backlog Entry: Projects/Uebliche/agendas.md โ–ธ ๐Ÿ“ฆ Backlog โ–ธ Auth service hardening

Goals โ€‹

  • Provide a secure sign-in flow between the desktop app and the Minestom backend.
  • Issue and validate JWTs for REST and WebSocket calls without external auth providers.
  • Allow administrators to revoke tokens instantly across the network.

Scope โ€‹

  • Generate time-boxed SignInCode values and surface them via the /api/auth WebSocket.
  • Persist auth tokens in MongoDB and expose JWT validation through JwtContext.
  • Maintain /api/auth/revoke-all endpoint and propagate revocation to active sessions.
  • Ensure the desktop app login view and connectivity store reflect token states.
  • Out of scope: third-party identity providers, fine-grained permission roles (handled elsewhere).

Implementation Outline โ€‹

  1. features/auth/AuthService.java handles code issuance, token creation, and persistence.
  2. platform/rest/WebServer.java wires WebSocket and REST routes, applying JwtContext for authz.
  3. Mongo managers under platform/data/mongo maintain indexes and TTLs for auth artifacts.
  4. Desktop app (views/Login.vue, connectivityStore.ts) consumes the WebSocket handshake.
  5. Document any protocol or payload changes in docs/gameserver/features/auth/plan.md and the vault mirror.

Dependencies โ€‹

  • MongoDB for storing SignInCode, AuthToken, and revocation state.
  • Javalin WebSocket infrastructure and the desktop client for user-facing flows.
  • Docker secrets supplying the JWT signing key material.
  • Agenda coordination for backlog and decision tracking.

Risks & Mitigations โ€‹

  • Stolen tokens: Refresh secrets regularly and keep revocation endpoint fast; plan integration tests.
  • Clock skew: Leverage server-side timestamps and short validity for SignInCode.
  • Schema drift: Version Mongo documents via CollectionManager migrations; add guard rails in code review.

Validation Plan โ€‹

  • Unit-test token serialization and signature checks (add under services/gameserver/src/test/java/net/uebliche/features/auth).
  • End-to-end test by logging in through the desktop app with dev-compose services.
  • Monitor auth metrics once features/monitoring exposes counters for token issuance.

Notes & Decisions โ€‹

  • Record decisions about JWT algorithm changes or token lifetime updates under agenda โš–๏ธ Decisions.
  • Mirror this document to /Projects/Uebliche/docs/gameserver/features/auth/plan.md whenever edits occur.

References โ€‹

  • services/gameserver/src/main/java/net/uebliche/features/auth/AuthService.java
  • services/gameserver/src/main/java/net/uebliche/platform/rest/WebServer.java
  • Desktop login flow in app/dashboard/src/views/Login.vue