bakery-ia/services/auth/README.md

# ================================================================
# services/auth/README.md
# ================================================================
# Authentication Service

Microservice for user authentication and authorization in the bakery forecasting platform.

## Features

- User registration and login
- JWT access and refresh tokens
- Password security validation
- Rate limiting and login attempt tracking
- Multi-tenant user management
- Session management
- Event publishing for user actions

## Quick Start

### Development

```bash
# Start dependencies
docker-compose up -d auth-db redis rabbitmq

# Install dependencies
pip install -r requirements.txt

# Run migrations
alembic upgrade head

# Start service
uvicorn app.main:app --reload --host 0.0.0.0 --port 8001
```

### With Docker

```bash
# Start everything
docker-compose up -d

# View logs
docker-compose logs -f auth-service

# Run tests
docker-compose exec auth-service pytest
```

## API Endpoints

### Authentication
- `POST /api/v1/auth/register` - Register new user
- `POST /api/v1/auth/login` - User login
- `POST /api/v1/auth/refresh` - Refresh access token
- `POST /api/v1/auth/verify` - Verify token
- `POST /api/v1/auth/logout` - Logout user

### User Management
- `GET /api/v1/users/me` - Get current user
- `PUT /api/v1/users/me` - Update current user
- `POST /api/v1/users/change-password` - Change password

### Health
- `GET /health` - Health check
- `GET /metrics` - Prometheus metrics

## Configuration

Set these environment variables:

```bash
DATABASE_URL=postgresql+asyncpg://auth_user:auth_pass123@auth-db:5432/auth_db
REDIS_URL=redis://redis:6379/0
RABBITMQ_URL=amqp://bakery:forecast123@rabbitmq:5672/
JWT_SECRET_KEY=your-super-secret-jwt-key
JWT_ACCESS_TOKEN_EXPIRE_MINUTES=30
JWT_REFRESH_TOKEN_EXPIRE_DAYS=7
MAX_LOGIN_ATTEMPTS=5
LOCKOUT_DURATION_MINUTES=30
```

## Testing

```bash
# Run all tests
pytest

# Run with coverage
pytest --cov=app

# Run specific test file
pytest tests/test_auth.py -v
```

## Database Migrations

```bash
# Create migration
alembic revision --autogenerate -m "description"

# Apply migrations
alembic upgrade head

# Rollback
alembic downgrade -1
```

## Monitoring

- Health endpoint: `/health`
- Metrics endpoint: `/metrics` (Prometheus format)
- Logs: Structured JSON logging
- Tracing: Request ID tracking

## Security Features

- Bcrypt password hashing
- JWT tokens with expiration
- Rate limiting on login attempts
- Account lockout protection
- IP and user agent tracking
- Token revocation support

## Events Published

- `user.registered` - When user registers
- `user.login` - When user logs in
- `user.logout` - When user logs out
- `user.password_changed` - When password changes
Adds auth module 2025-07-17 21:25:27 +02:00			`# ================================================================`
			`# services/auth/README.md`
			`# ================================================================`
			`# Authentication Service`

			`Microservice for user authentication and authorization in the bakery forecasting platform.`

			`## Features`

			`- User registration and login`
			`- JWT access and refresh tokens`
			`- Password security validation`
			`- Rate limiting and login attempt tracking`
			`- Multi-tenant user management`
			`- Session management`
			`- Event publishing for user actions`

			`## Quick Start`

			`### Development`

			```bash
			`# Start dependencies`
			`docker-compose up -d auth-db redis rabbitmq`

			`# Install dependencies`
			`pip install -r requirements.txt`

			`# Run migrations`
			`alembic upgrade head`

			`# Start service`
			`uvicorn app.main:app --reload --host 0.0.0.0 --port 8001`
			```

			`### With Docker`

			```bash
			`# Start everything`
			`docker-compose up -d`

			`# View logs`
			`docker-compose logs -f auth-service`

			`# Run tests`
			`docker-compose exec auth-service pytest`
			```

			`## API Endpoints`

			`### Authentication`
			- `POST /api/v1/auth/register` - Register new user
			- `POST /api/v1/auth/login` - User login
			- `POST /api/v1/auth/refresh` - Refresh access token
			- `POST /api/v1/auth/verify` - Verify token
			- `POST /api/v1/auth/logout` - Logout user

			`### User Management`
			- `GET /api/v1/users/me` - Get current user
			- `PUT /api/v1/users/me` - Update current user
			- `POST /api/v1/users/change-password` - Change password

			`### Health`
			- `GET /health` - Health check
			- `GET /metrics` - Prometheus metrics

			`## Configuration`

			`Set these environment variables:`

			```bash
			`DATABASE_URL=postgresql+asyncpg://auth_user:auth_pass123@auth-db:5432/auth_db`
			`REDIS_URL=redis://redis:6379/0`
			`RABBITMQ_URL=amqp://bakery:forecast123@rabbitmq:5672/`
			`JWT_SECRET_KEY=your-super-secret-jwt-key`
			`JWT_ACCESS_TOKEN_EXPIRE_MINUTES=30`
			`JWT_REFRESH_TOKEN_EXPIRE_DAYS=7`
			`MAX_LOGIN_ATTEMPTS=5`
			`LOCKOUT_DURATION_MINUTES=30`
			```

			`## Testing`

			```bash
			`# Run all tests`
			`pytest`

			`# Run with coverage`
			`pytest --cov=app`

			`# Run specific test file`
			`pytest tests/test_auth.py -v`
			```

			`## Database Migrations`

			```bash
			`# Create migration`
			`alembic revision --autogenerate -m "description"`

			`# Apply migrations`
			`alembic upgrade head`

			`# Rollback`
			`alembic downgrade -1`
			```

			`## Monitoring`

			- Health endpoint: `/health`
			- Metrics endpoint: `/metrics` (Prometheus format)
			`- Logs: Structured JSON logging`
			`- Tracing: Request ID tracking`

			`## Security Features`

			`- Bcrypt password hashing`
			`- JWT tokens with expiration`
			`- Rate limiting on login attempts`
			`- Account lockout protection`
			`- IP and user agent tracking`
			`- Token revocation support`

			`## Events Published`

			- `user.registered` - When user registers
			- `user.login` - When user logs in
			- `user.logout` - When user logs out
			- `user.password_changed` - When password changes