ores.iam.core

Table of Contents

Diagram

ores.iam.core component diagram

Figure 1: ores.iam.core

Summary

ores.iam.core provides identity and access management for ORE Studio: user account lifecycle (creation, listing, deletion), secure password authentication (scrypt), account locking on failed login attempts, session and role management, and multi-tenancy / multi-party support. Business logic is exposed as NATS message handlers in the 0x2000–0x2FFF range. A synthetic- data generator produces test accounts for development and CI use.

Inputs

  • NATS request messages from Qt clients and peer services (account CRUD, login, authorisation queries, bootstrap, reset) in the 0x2000–0x2FFF range.
  • PostgreSQL connections to ores_iam_* tables with temporal versioning.

Outputs

  • Account, role, party, session, and tenant records persisted to the ores_iam schema with bitemporal history.
  • Authentication tokens and session state returned to callers via NATS.
  • NATS response messages for all IAM operations.

Entry points

  • include/ores.iam.core/ores.iam.hpp — aggregate include.
  • include/ores.iam.core/messaging/registrar.hpp — registers all NATS handlers (account, auth, session, role, tenant, bootstrap, reset).
  • include/ores.iam.core/service/account_service.hpp — account management entry point.
  • include/ores.iam.core/service/authorization_service.hpp — authorisation and role-check entry point.

Dependencies

  • ores.iam.api — shared domain types and NATS protocol schemas.
  • ores.dq — ORM base classes and data-quality infrastructure.
  • rfl — JSON serialisation via reflection.
  • soci — SQL ORM for PostgreSQL persistence.
  • nats.c — NATS messaging client.
  • libsodium / scrypt — secure password hashing.

See also

Emacs 29.1 (Org mode 9.6.6)