PEAR User Service is a microservice for managing user-related data. This repository provides the setup and development instructions to get the service running locally.
Keep any keys that you set in env secret especially when in production. This uses a symmetric key algorithm so leaking the key will leak every possible password too.
Environment Configuration Fill up the configuration file in .env.example
docker compose up --buildClone the repository using the following command:
git clone https://github.com/ntu-pear/PEAR_user_service.git
cd PEAR_user_serviceSetting Up Your Environment
- Create a Virtual Environment: Conda:
# This is to set the python version in your conda environment to 3.9.19
conda create -n pear_user_service python=3.9.19
conda activate pear_user_servicePython
python -m venv pear_user_service
pear_user_service/Scripts/activate #for windows
# source pear_patient_service/bin/activate for linuxInstall the required dependencies
#install the necessary requirements in the conda environment
pip install -r requirements.txtEnvironment Configuration Fill up the configuration file in .env.example
Running the Application After the installation is completed, run the application on your machine
uvicorn app.main:app --reload- Deploy user service
- Create SMTP service to replace email sending
- Populate Database
- Add in 2FA authorization (pending if needed)
- Add in security level check in functions (Should be done after gateway is completed?)
- NRIC returned as masked depending on security level
Project structure was taken from: https://medium.com/@amirm.lavasani/how-to-structure-your-fastapi-projects-0219a6600a8f
Functions related to user authorization is in the ./service/user_auth_service.py
NOTE: DO NOT refer to the old codebase to implement the email service for this. The method has been discontinued by Google and will be permanently disabled for use fully by Jan 2025. There is also security risk involved when doing it as it involved turning down ur security level to allow any application to login to your main account.
NOTE: Requires 2FA authorization linked account
The main code is in service/email_service.py How to set up Email to send:
- Go to your Google Account.
- Click on Security on the left menu.
- Under the "Signing in to Google" section, enable 2-Step Verification (if not already enabled).
- After enabling 2-Step Verification, you will see an option to "App passwords".
- Click on App passwords, and you can generate a password specifically for your FastAPI email service (select Mail as the app and Other for the device).
- Google will generate a 16-character password. Use this password in place of your Gmail password.
- Put it in .env file as GOOGLE_SERVICE_ACCOUNT_KEY and the email that is sending as MAIL_USERNAME and MAIL_FROM
Another set of code to work around is in service/googleemail_service.py which is not implemented in as it is more or less a roundabout method for the same result as the current method unless a Google Organization account is created.
How to set up Email to send: This uses Google Workspace to send out emails to users using a service account for security issues. It requires user to be under and organization too or verified too so either ways some method of authorization is needed.
As per prof request, this should be shifted to creating a SMTP server. This is basically creating a seperate email service entity that handles just the sending of email.
- User For the simple CRUD of user
- Role To store all the roles availble like Caregiver and Administrator
- Secret Question To make default secret questions for users to answer and store as an identity
- User Role Maps user to their role
- User Secret Question Maps user to their secret question and answer