Skip to content

truegoodcraft/BUS-Core-PRO-auth

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

66 Commits
migrations
migrations
Β 
Β 
src
src
Β 
Β 
.gitignore
.gitignore
Β 
Β 
README.md
README.md
Β 
Β 
package.json
package.json
Β 
Β 
wrangler.toml
wrangler.toml
Β 
Β 

Repository files navigation

πŸ” BUS Core Auth (bus-auth) πŸ”

πŸš€ Status: Production Ready πŸ›‘οΈ Service Role: Identity + Entitlement Authority

✨ 1. Overview ✨

bus-auth is the central gateway for BUS Core Pro. It operates on the philosophy of "Gate Key, Not Hall Monitor". The service is responsible for:

  • πŸ†” Identity: Issuing tokens that prove email ownership.

  • 🎟️ Entitlements: Verifying subscription status via Stripe and issuing signed entitlement tokens.

  • ⏳ Persistence: Clients are encouraged to trust token expiry (exp) for offline grace periods.

πŸ› οΈ 2. Technology Stack πŸ› οΈ

  • ⚑ Runtime: Cloudflare Workers

  • πŸ”₯ Framework: Hono (TypeScript)

  • πŸ—„οΈ Database: Cloudflare D1

  • ⚑ Cache: Cloudflare KV

  • πŸ’³ Billing: Stripe (Checkout + Webhooks)

  • ✍️ Signing: Ed25519 Asymmetric Signing

πŸ“‘ 3. API Reference πŸ“‘

🌐 Public Endpoints

Method Path Purpose
πŸ₯ GET /health Service health check

| | πŸͺ„ POST | /auth/magic/start | Trigger a 6-digit magic code email

| | βœ… POST | /auth/magic/verify | Exchange code for an Identity Token

| | πŸ” POST | /entitlement | Public eligibility check

| | πŸ”‘ GET | /.well-known/identity-public-key | Verification key for Identity Tokens

| | πŸ”‘ GET | /.well-known/entitlement-public-key | Verification key for Entitlement Tokens

|

πŸ”’ Authenticated Endpoints

Requires a valid Bearer Identity Token

Method Path Purpose
πŸ’Ž POST /entitlement/token Mint a signed Entitlement Token

| | πŸ›’ POST | /checkout/session | Create a Stripe Checkout session

|

πŸ›‘οΈ 4. Security & Authentication πŸ›‘οΈ

  • πŸ”’ Magic Codes: 6-digit numeric codes with a 15-minute expiry.

  • ⏱️ Token TTL: Identity tokens are valid for 7 days.

  • πŸ—“οΈ Entitlement Grace: Tokens include a built-in 7-day grace period beyond the current_period_end to handle intermittent connectivity.

  • πŸ–ŠοΈ Verification: All tokens are signed using Ed25519.

πŸš€ 5. Development & Deployment πŸš€

βš™οΈ Required Environment Variables (wrangler.toml)

Ensure the following variables are defined in your environment:

  • πŸ“§ EMAIL_FROM: The sender address for magic links.
  • πŸ”— CHECKOUT_SUCCESS_URL / CHECKOUT_CANCEL_URL: Stripe redirect paths.
  • πŸ”‘ IDENTITY_PUBLIC_KEY / ENTITLEMENT_PUBLIC_KEY: The public half of your Ed25519 pairs.

🀐 Secrets Management

The following secrets must be set via wrangler secret put:

  • πŸ—οΈ IDENTITY_PRIVATE_KEY / ENTITLEMENT_PRIVATE_KEY
  • πŸ’³ STRIPE_SECRET_KEY / STRIPE_WEBHOOK_SECRET
  • βœ‰οΈ RESEND_API_KEY
  • πŸ‘” ADMIN_API_KEY

About

BUS-Core-Auth

buscore.ca/

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages