Administration backend application for the Loki SSO service ecosystem.

• Create and update roles, permissions, scopes, users and tokens
• Comprehensive logging and telemetry support (OpenTelemetry) for easier monitoring and tracing
• Easily integrate into a microservices architecture

Before starting this application, you must have the loki-infrastructure running:

git clone [email protected]/tab/loki-infrastructure.git
cd loki-infrastructure

docker-compose up

Use .env files (e.g., .env.development) or provide environment variables for:

• DATABASE_DSN for PostgreSQL
• TELEMETRY_URI for OpenTelemetry
• GRPC_ADDRESS for communication with the main Loki service

mkdir -p certs/jwt

# Copy public key from Loki service
cp ../loki/certs/jwt/public.key ./certs/jwt/

For secure communication with the Loki service, you need to generate client certificates for mTLS:

# Create directory
mkdir -p certs

# Copy CA from Loki service
cp ../loki/certs/ca.pem ./certs/

# Generate Client Certificate
openssl genrsa -out certs/client.key 4096
openssl req -new -key certs/client.key -out certs/client.csr -config <(
cat <<-EOF
[req]
default_bits = 4096
prompt = no
default_md = sha256
distinguished_name = dn

[dn]
CN = loki-backoffice
EOF
)

openssl x509 -req -in certs/client.csr -CA certs/ca.pem -CAkey certs/ca.key -CAcreateserial -out certs/client.pem -days 825 -sha256

For more detailed information on certificates, see Documentation.

Run the following command to apply database migrations:

GO_ENV=development make db:drop db:create db:migrate

docker-compose build
docker-compose up

curl -X GET http://localhost:8081/live

curl -X GET http://localhost:8081/ready

Documentation

Swagger file is available at api/swagger.yaml

The Loki ecosystem consists of the following repositories:

• Loki - Loki SSO & RBAC application
• Loki Infrastructure - Infrastructure setup for the Loki ecosystem
• Loki Proto - Protocol buffer definitions
• Loki Frontend - Frontend application
• Smart-ID Client - Smart-ID client used for authentication
• Mobile-ID Client - Mobile-ID client used for authentication

The application follows a layered architecture and clean code principles:

• cmd/backoffice: Application entry point
• internal/app: Core application logic, including services, controllers, repositories, and DTOs
• internal/config: Configuration loading and setup, server startup, middleware, router initialization, and telemetry configuration
• pkg: Reusable utilities

Distributed under the MIT License. See LICENSE for more information.