2.7 KiB
2.7 KiB
Backup Service Documentation
Welcome to the backup-service documentation. This service is responsible for securely storing MPC backup shares (Party 2/3) for the RWA Durian platform.
Documentation Index
| Document | Description |
|---|---|
| ARCHITECTURE.md | DDD + Hexagonal architecture, design patterns, directory structure, domain layer details |
| API.md | API endpoints reference, authentication, request/response formats, SDK examples |
| DEVELOPMENT.md | Development setup, environment configuration, adding features, debugging |
| TESTING.md | Unit tests, E2E tests, test utilities, running tests, writing good tests |
| DEPLOYMENT.md | Docker, Kubernetes deployment, environment variables, security, monitoring |
Quick Links
Getting Started
API Reference
Architecture
Deployment
Service Overview
Purpose: Securely store and manage MPC backup shares (Party 2) for account recovery
Key Features:
- Double encryption (AES-256-GCM)
- Service-to-service JWT authentication
- Rate limiting (3 retrieves per user per day)
- Comprehensive audit logging
- Physical server isolation from identity-service
Technology Stack:
- NestJS 11.x (TypeScript)
- Prisma 7.x ORM
- PostgreSQL 15
- Docker / Kubernetes
Test Summary
| Category | Tests |
|---|---|
| Unit Tests | 37 |
| Mock E2E Tests | 21 |
| Real DB E2E Tests | 20 |
| Total | 78 |
Critical Security Note
The backup-service MUST be deployed on a physically separate server from identity-service. This is mandatory for maintaining MPC security:
- Party 0 (Server Share): identity-service (Server A)
- Party 1 (Client Share): User device
- Party 2 (Backup Share): backup-service (Server B)
If only one server is compromised, attackers can only obtain 1 of 3 shares, making key reconstruction impossible (2-of-3 threshold).