hailin
/
rwadurian
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
rwadurian/backend/services/backup-service/docs
History
Developer 66199cc93e feat(backup-service): Implement MPC backup share storage service 
- Add DDD + Hexagonal architecture with NestJS 11.x
- Implement store/retrieve/revoke backup share endpoints
- Add AES-256-GCM double encryption for secure storage
- Add service-to-service JWT authentication
- Add rate limiting (3 retrieves per user per day)
- Add comprehensive audit logging
- Add test suite (37 unit + 21 mock E2E + 20 real DB E2E = 78 tests)
- Add documentation (architecture, API, development, testing, deployment)
- Add Docker and Kubernetes deployment configuration
- Add Prisma 7.x with @prisma/adapter-pg for PostgreSQL

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 		2025-11-29 22:12:41 -08:00
..
API.md feat(backup-service): Implement MPC backup share storage service 2025-11-29 22:12:41 -08:00
ARCHITECTURE.md feat(backup-service): Implement MPC backup share storage service 2025-11-29 22:12:41 -08:00
DEPLOYMENT.md feat(backup-service): Implement MPC backup share storage service 2025-11-29 22:12:41 -08:00
DEVELOPMENT.md feat(backup-service): Implement MPC backup share storage service 2025-11-29 22:12:41 -08:00
README.md feat(backup-service): Implement MPC backup share storage service 2025-11-29 22:12:41 -08:00
TESTING.md feat(backup-service): Implement MPC backup share storage service 2025-11-29 22:12:41 -08:00

README.md

Backup Service Documentation

Welcome to the backup-service documentation. This service is responsible for securely storing MPC backup shares (Party 2/3) for the RWA Durian platform.

Documentation Index

Document Description
ARCHITECTURE.md DDD + Hexagonal architecture, design patterns, directory structure, domain layer details
API.md API endpoints reference, authentication, request/response formats, SDK examples
DEVELOPMENT.md Development setup, environment configuration, adding features, debugging
TESTING.md Unit tests, E2E tests, test utilities, running tests, writing good tests
DEPLOYMENT.md Docker, Kubernetes deployment, environment variables, security, monitoring

Quick Links

Getting Started

  1. Development Setup
  2. Environment Variables
  3. Running Tests

API Reference

  1. Store Backup Share
  2. Retrieve Backup Share
  3. Revoke Backup Share
  4. Health Endpoints

Architecture

  1. Hexagonal Architecture
  2. Domain Layer
  3. Database Schema
  4. Key Decisions

Deployment

  1. Docker Deployment
  2. Kubernetes Deployment
  3. Security Considerations

Service Overview

Purpose: Securely store and manage MPC backup shares (Party 2) for account recovery

Key Features:

  • Double encryption (AES-256-GCM)
  • Service-to-service JWT authentication
  • Rate limiting (3 retrieves per user per day)
  • Comprehensive audit logging
  • Physical server isolation from identity-service

Technology Stack:

  • NestJS 11.x (TypeScript)
  • Prisma 7.x ORM
  • PostgreSQL 15
  • Docker / Kubernetes

Test Summary

Category Tests
Unit Tests 37
Mock E2E Tests 21
Real DB E2E Tests 20
Total 78

Critical Security Note

The backup-service MUST be deployed on a physically separate server from identity-service. This is mandatory for maintaining MPC security:

  • Party 0 (Server Share): identity-service (Server A)
  • Party 1 (Client Share): User device
  • Party 2 (Backup Share): backup-service (Server B)

If only one server is compromised, attackers can only obtain 1 of 3 shares, making key reconstruction impossible (2-of-3 threshold).