🏠 Overview 🧩 Components 🧩 Auth Service

Auth Service

Component Detail

Service Layer high complexity backend
0
Dependencies
0
Dependents
4
Entities
0
Integrations

Description

Backend service responsible for validating email/password credentials, issuing JWT access and refresh tokens, enforcing rate limiting and account lockout policies, and handling token refresh. Runs on the Next.js REST API layer.

Feature: Email & Password Login

auth-service

Responsibilities

  • Validate email/password credentials against bcrypt-hashed passwords in the database
  • Issue short-lived JWT access tokens and longer-lived refresh tokens on successful login
  • Enforce per-IP and per-account rate limiting to prevent brute-force attacks
  • Lock accounts after repeated failed attempts and provide unlock mechanisms
  • Handle refresh token rotation and invalidation for session management

Interfaces

POST /api/v1/auth/login -> { access_token, refresh_token, user }
POST /api/v1/auth/refresh -> { access_token }
POST /api/v1/auth/logout -> void
validateCredentials(email: string, password: string) -> Promise<User>
issueTokenPair(userId: string, orgId: string, roles: string[]) -> TokenPair
revokeRefreshToken(token: string) -> Promise<void>

Related Data Entities (4)

Data entities managed by this component

Audit Log 17 fields audit Device Token 12 fields core Session 19 fields core User 26 fields core