Parallel Documentation

Appearance

IAM Service - Infrastructure

Infrastructure setup

Databases

Uses Prisma with PostgreSQL.

Schema Location: services/iam/prisma/schema.prisma

bash
docker compose -f 'docker-compose.yml' up -d --build 'databases'

to stop:

bash
docker compose -f 'docker-compose.yml' down 'databases'

Prisma Commands

bash
nx run iam:prisma:generate # generate types
nx run iam:prisma:reset # reset the database depending on the variable DATABASE_URL

Performing a Migration

  1. Modify the schema.prisma file of the service you're working with
  2. Trigger the nx command migrate:dev:create, which will automatically generate the migration file within the /migrations folder. Check the result as this command can be dangerous to merge/roll back
  3. Run the migration with the nx command migrate:dev
  4. Generate the schemas with the nx command prisma:generate.
  5. Obviously test your changes

You can then create your PR.

For deployment to the environments, you'll notice in the Dockerfile that a script entrypoint.sh is triggered. This script will automatically deploy your migration, meaning your migration will automatically be applied across the environments once the service starts.

Running the Service

Install Dependencies

bash
pnpm install

Environment variables

  1. Add a .env.dev at the service root
  2. Get the environment variables from 1password for the corresponding service

Commands

bash
# Development
nx run iam:dev

# Build
nx run iam:build

# Test
nx run iam:test

# Lint
nx run iam:lint

# Run in Docker
docker compose -f 'docker-compose.yml' up -d --build 'iam'

# Check dependencies
nx show project iam

# Show affected projects (based on git changes)
nx affected:graph

Shared Packages

The shared packages (dto, models, utils) are automatically linked and can be imported in both backend and frontend applications. Any changes to these packages will trigger rebuilds in dependent applications.

These packages mostly contain global functions (like logger, utils, ...) shared among services, providing common functionality and ensuring consistency across the monorepo.

Available Packages

  • dto - Data Transfer Objects
  • models - Shared data models
  • utils - Utility functions and helpers

Authentication & Authorization

The IAM service handles identity and access management for the entire platform using SuperTokens for authentication and a custom role-based permission system.

Key Features

  • Multi-tenant support: Users can belong to multiple tenants with different roles per tenant
  • Role-based access control (RBAC): Permissions are assigned to roles, not directly to users
  • SuperTokens integration: Handles session management, authentication, and JWT tokens
  • User management: CRUD operations for users, tenants, roles, and permissions
  • Membership management: Links users to tenants with specific roles

Database Schema

The IAM service uses the following core entities:

  • User: Represents a user in the system (email, firstName, lastName)
  • Tenant: Represents an organization/tenant
  • Role: Represents a role that can be assigned to users within a tenant
  • Permission: Represents a specific action/capability
  • Membership: Links a user to a tenant with a specific role (many-to-many relationship)

For more details on roles and permissions structure, see Roles and Permissions.