78 lines
2.8 KiB
Markdown
78 lines
2.8 KiB
Markdown
# Backup Service Documentation
|
|
|
|
Welcome to the backup-service documentation. This service is responsible for securely storing MPC backup shares (Party 2/3) for the RWA Durian platform.
|
|
|
|
## Documentation Index
|
|
|
|
| Document | Description |
|
|
|----------|-------------|
|
|
| [ARCHITECTURE.md](./ARCHITECTURE.md) | DDD + Hexagonal architecture, design patterns, directory structure, domain layer details |
|
|
| [API.md](./API.md) | API endpoints reference, authentication, request/response formats, SDK examples |
|
|
| [DEVELOPMENT.md](./DEVELOPMENT.md) | Development setup, environment configuration, adding features, debugging |
|
|
| [TESTING.md](./TESTING.md) | Unit tests, E2E tests, test utilities, running tests, writing good tests |
|
|
| [DEPLOYMENT.md](./DEPLOYMENT.md) | Docker, Kubernetes deployment, environment variables, security, monitoring |
|
|
|
|
## Quick Links
|
|
|
|
### Getting Started
|
|
|
|
1. [Development Setup](./DEVELOPMENT.md#quick-start)
|
|
2. [Environment Variables](./DEVELOPMENT.md#environment-variables)
|
|
3. [Running Tests](./TESTING.md#running-tests)
|
|
|
|
### API Reference
|
|
|
|
1. [Store Backup Share](./API.md#1-store-backup-share)
|
|
2. [Retrieve Backup Share](./API.md#2-retrieve-backup-share)
|
|
3. [Revoke Backup Share](./API.md#3-revoke-backup-share)
|
|
4. [Health Endpoints](./API.md#4-health-check)
|
|
|
|
### Architecture
|
|
|
|
1. [Hexagonal Architecture](./ARCHITECTURE.md#ddd--hexagonal-architecture)
|
|
2. [Domain Layer](./ARCHITECTURE.md#domain-layer-details)
|
|
3. [Database Schema](./ARCHITECTURE.md#database-schema)
|
|
4. [Key Decisions](./ARCHITECTURE.md#key-architectural-decisions)
|
|
|
|
### Deployment
|
|
|
|
1. [Docker Deployment](./DEPLOYMENT.md#docker-deployment)
|
|
2. [Kubernetes Deployment](./DEPLOYMENT.md#kubernetes-deployment)
|
|
3. [Security Considerations](./DEPLOYMENT.md#security-considerations)
|
|
|
|
## Service Overview
|
|
|
|
**Purpose:** Securely store and manage MPC backup shares (Party 2) for account recovery
|
|
|
|
**Key Features:**
|
|
- Double encryption (AES-256-GCM)
|
|
- Service-to-service JWT authentication
|
|
- Rate limiting (3 retrieves per user per day)
|
|
- Comprehensive audit logging
|
|
- Physical server isolation from identity-service
|
|
|
|
**Technology Stack:**
|
|
- NestJS 11.x (TypeScript)
|
|
- Prisma 7.x ORM
|
|
- PostgreSQL 15
|
|
- Docker / Kubernetes
|
|
|
|
## Test Summary
|
|
|
|
| Category | Tests |
|
|
|----------|-------|
|
|
| Unit Tests | 37 |
|
|
| Mock E2E Tests | 21 |
|
|
| Real DB E2E Tests | 20 |
|
|
| **Total** | **78** |
|
|
|
|
## Critical Security Note
|
|
|
|
The backup-service MUST be deployed on a **physically separate server** from identity-service. This is mandatory for maintaining MPC security:
|
|
|
|
- Party 0 (Server Share): identity-service (Server A)
|
|
- Party 1 (Client Share): User device
|
|
- Party 2 (Backup Share): backup-service (Server B)
|
|
|
|
If only one server is compromised, attackers can only obtain 1 of 3 shares, making key reconstruction impossible (2-of-3 threshold).
|