§01
Umumiy ko'rinish
- Bu nima: healthcare-platform healthcare ekotizimi ichidagi maxfiylik/anonimizatsiya mikroservisi (realm
healthcare-platform-internal-service).piiUserIdqabul qiladi → deterministik anonim UUID (anonUserId) qaytaradi; teskari qayta identifikatsiya (qat'iy cheklangan), rotatsiya va GDPR bo'yicha o'chirishni qo'llab-quvvatlaydi. Qardosh servislarpii-servicevaphi-servicebilan integratsiya qiladi (ular ham tahlil navbatida — #46, #44). - Turi / holati / roli: api (ichki REST mikroservis) / active (oxirgi kommit 2025-12-09, CI/deploy o'rnatilgan) / contributor — asosiy domen mantiqini Ramiro yozgan (28+1 kommit), foydalanuvchi Davron Yuldashev — 11 kommit, asosan DevOps/infra.
- Faol davri: 2025-10-13 → 2025-12-09 (~2 oy), 40 kommit,
fix/health-endpointsbranchi va merge oqimi bilan faol ishlab chiqish.
§02
Stek
- Tillar: TypeScript (strict), runtime Bun.
- Freymvorklar/kutubxonalar (`package.json` va koddan):
- Elysia 1.4 (+
@elysiajs/cors,@elysiajs/openapi/Swagger) — Bun ustidagi HTTP freymvork. - Drizzle ORM 0.44 +
drizzle-kit+postgres(postgres.js) — Postgres bilan ishlash va migratsiyalar. - HashiCorp Vault
node-vaultorqali — Transit shifrlash (AES-256-GCM) + KV + AppRole. - Keycloak +
jose6 — servislararo autentifikatsiya uchun JWKS orqali RS256 JWT tekshiruvi. - Biome — lint/format (ESLint/Prettier o'rniga).
- Infra/deploy: Docker multi-stage (
bun:1.3.3-slim, non-root foydalanuvchi), alohidaDockerfile.migrate, healthcheck'lar bilandocker-compose.yml+docker-compose-dev.yml. CI: GitLab CI (.gitlab/ci/_common.yml,build.yml,deploy.yml) + GitHub workflow'lar. Vault hosthttps://vt.ksa.healthcare-platform.com. - Ma'lumotlar: PostgreSQL. 2 ta jadval (
drizzle/schema.ts):id_mappings(ciphertext'lar + bytea blind index, status enum active/rotated/deleted, versiya, soft-deletedeletedAt) vamapping_audit(audit jurnali: caller, action, realm, faqat indekslar — plaintext yo'q).customTypeorqali maxsusbyteatipi (Drizzle uni tayyor holda bermaydi). - E'tiborga molik tooling: OpenAPI spetsifikatsiyasi (
docs/openapi.yaml), Mermaid bilan arxitektura hujjatlari (docs/ARCHITECTURE.md,DATA_FLOW.md,SEQUENCE_DIAGRAMS.md).
§03
Nima qilindi
Butun loyiha bo'yicha xronologiya (kontekst uchun) va alohida — foydalanuvchi nima qilgani.
Loyiha umuman (asosan Ramiro):
- Servisni ishga tushirish, yadro: app/db/vault/health (
cd4658a,366813a). - Auth + shifrlash + metrikalar: JWT tekshiruvi, HMAC, Transit encrypt/decrypt (
b8f608f). - Mappings kontroller → identities deb qayta nomlangan (GDPR semantikasi), create/lookup/delete endpoint'lari (
f8fa0c2,e8c5c3d). - Keycloak orqali servislararo auth + RBAC plaginlari (
f08945b), CORS + ichki route'lar (e97f8ff). - Vault/Keycloak konfiguratsiyasi, init/status skriptlari (
d0935fe); maxsus bytea + boolean success +created_atbo'yicha indeks (4b67b1a).
Foydalanuvchining hissasi (git log --author="Davron", 11 kommit — DevOps/infra tomonga og'gan):
- CI/CD + Docker dev muhiti (
1d99301, 8 fayl): GitLab CI pipeline (build/deploy bosqichlari), Postgres bilandocker-compose-dev.yml,Dockerfile.migrate, multi-stage Dockerfile. - Konteynerni mustahkamlash (
37c72d8,b9081c0): non-root foydalanuvchi (groupadd/useradd), ownership tuzatish, builder va prod uchunbun:1.3-slim. - Health probe'lar (
f0ae025, 385+/1492−): tiplashtirilgan javob sxemalari + OpenAPI tavsiflari bilan liveness/readiness endpoint'lari; bog'liqliklarni yangilash (bun.lockqayta qurish). - Swagger/config (
e674d63,c2b1e1a,47bbfc2), docker-compose depends_on/healthcheck (bc95012), yakuniy CI/deploy tuzatishlari (ae86fe6). - Vault path + debug logging (
4a1a524) — ⚠️ "Texnik chellenjlar" bo'limiga qarang. - Hajmi: 40 tadan 11 kommit (~28%), infratuzilma va operatsion tayyorlikka jamlangan, domen kripto mantig'iga emas.
§04
Texnik chellenjlar
Faqat kodda tasdiqlangan narsalar (path/hash'lar bilan).
- Shifrlangan ma'lumot ustidan deterministik qidiruv → blind index patterni:
pii_user_idshifrlangan holda saqlanadi (Vault Transit,crypto.ts/mapping-service.ts:62), lookup uchun esaHMAC-SHA256(key, value)hisoblanadi (services/hmac.ts:23) vabyteaustunga joylanadi. Lookup indeks orqali sodir bo'ladi (mapping-service.ts:41-44), DB'da plaintext yo'q. Kuchli privacy-engineering yechimi (Senior daraja) — *Ramiro mualliligi*. - PII sizib chiqmasdan audit →
mapping_auditjadvali faqat blind indekslar va metama'lumotlarni yozadi (caller, action, success), identifikatorlarning o'zini emas (schema.ts:43-55,mapping-service.ts:8-28). GDPR uchun qulay. *Ramiro mualliligi.* ⚠️audit()xatolarni bo'shcatch {}bilan yutib yuboradi — audit yozuvidagi nosozliklar sezilmay qoladi. - Keycloak ustida servislararo RBAC →
middleware/service-auth.ts:createRemoteJWKSetorqali RS256 tekshiruvi,isstekshiruvi, service-account talabi (preferred_usernameservice-account-bilan boshlanadi), realm + client rollarini ajratib olish; kompozitsiyalanadigan Elysia plaginlarirequireServiceRole/requireServiceClient/requireServiceClientWithRole. Toza va yaxshi tiplashtirilgan. *Ramiro mualliligi.* - Soft-delete + status mashinasi → enum
active/rotated/deleted, versiyalash,deletedAt(GDPR o'chirishni marker sifatida,mapping-service.ts:120-173). - Foydalanuvchining hissasi — operatsion tayyorlik: konteynerizatsiya (multi-stage, non-root), CI/CD pipeline (GitLab), Kubernetes uslubidagi liveness/readiness probe'lari OpenAPI sxemalari bilan, compose'da healthcheck bog'liqliklari. Xavfsizlik uchun kritik servis uchun haqiqiy DevOps/platform mahorati.
- ⚠️ Topilgan xavfsizlik muammolari (halol — omma oldida bu holicha KO'RSATMANG): 1.
config/vault.ts:31-33—strictSSL: false/rejectUnauthorized: false: Vault'ga TLS tekshiruvi o'chirilgan. 2.services/hmac.ts:8,11,19-22vamapping-service.ts:35-37—console.logHMAC kalitini, plaintext `piiUserId`ni, blind indeksni va Vault javobini chop etadi. Bu servis himoya qilishi kerak bo'lgan aynan o'sha sirlar/PII loglarga sizib chiqadi; README aniq "No raw IDs in logs" deb e'lon qiladi. Bu debug loglari foydalanuvchi tomonidan4a1a524kommitida qo'shilgan ("Added console logging ... of piiUserId and computed indices", "Enhanced logging in hmac service"). Haqiqiy bug + reputatsion risk.
§05
AI yordamida ishlab chiqish
- Topilgan sessiyalar: 0. Ushbu loyiha uchun to'liq-path normalizatsiya kaliti orqali tekshirildi — mos kelishlar yo'q. (Kommit-xabar uslubi va repodagi
.cursor/Cursor'dan foydalanilgan bo'lishi mumkinligiga ishora qiladi, ammo lokal Claude Code sessiyalari katalogida to'g'ridan-to'g'ri dalil yo'q.) - AI bilan nima qilingan: ma'lumot yo'q.
- AI-workflow patternlari: yo'q.
- Sessiyalar yo'q.
§06
Yutuqlar va metrikalar
Kod/hujjatlardan, taxminsiz:
- Identity mapping bo'yicha 5 ta rolga asoslangan operatsiya (write/read/reidentify/delete/rotate), Keycloak
anon:*rollariga bog'langan. - 2 ta jadval + 3 ta migratsiya; enum status mashinasi + versiyalash + soft-delete.
- To'liq health probe'lar to'plami:
/health/live,/health/ready,/api/v1/internal/health(+ JWKS statusi). - 3 ta tizim bilan integratsiya: Vault (Transit+KV+AppRole), Keycloak (JWKS/JWT), Postgres.
- 2 ta platformada CI/CD (GitLab + GitHub Actions), Docker multi-stage + migratsiya obrazi.
- Load/scale metrikalari yo'q (ichki proprietar servis).