SSO Engine API — Architecture

Nutech Integrasi · Single Sign-On Engine · Node.js 20 · Express · PostgreSQL · Redis

Server: 43.157.225.229 · Docker Swarm GitLab CI/CD Pipeline Users Browser / Mobile Third-Party Apps Gooing, TaaS, Internal GitLab Repository gitlab.nutech-integrasi.com HTTPS API Call Nginx Reverse Proxy Port 80 / 443 · SSL · Let's Encrypt SSO Engine API Express 4.19 · Node 20 · Port 7170 · Docker Container sso-engine Module POST /generate-url GET /sso-data Controller → Model → PostgresMS Helpers & Libraries JWT (access/refresh/OTP) AES Encrypt/Decrypt bcrypt · Hashids · OTP · Socket.IO PostgreSQL — Master INSERT · UPDATE · DELETE master.t_mtr_third_party PostgreSQL — Slave SELECT (failover → Master) membership.t_mtr_user Repl. Redis Cache · URL Code Store Socket.IO Adapter (DB 1) MinIO Object Storage File Upload · Express-Fileupload SMTP Mail Server Nodemailer OTP · Registration · Reset PW Write Read Redis Upload Email Auth / SSO Flow ① Generate URL ② Login + JWT ③ Get SSO Data Push GitLab CI Runner Manual Trigger Docker Build node:20-slim :7170 Docker Swarm Deploy 0.5 CPU · 250MB RAM Nginx Auto-Config reverse-proxy.template Branch Mapping develop → dev main → prod Runners Dev: runner-1-sims-psm Prod: server-sso-prod Deploy Image Legend Client Security/Proxy Backend Database Cache Infra/CI-CD External Data Flow Auth Flow CI/CD Flow DB Replication

SSO Engine API

  • • Express 4.19 · Node 20 · Port 7170
  • POST /generate-url — Generate login URL for third-party
  • GET /sso-data — Fetch user data via JWT token
  • • Modular architecture: modules auto-loader
  • • JWT multi-tier: access, refresh, OTP, basic
  • • AES encryption for sensitive payload

Data Layer

  • PostgreSQL Master-Slave via pg-promise
  • • Master: INSERT / UPDATE / DELETE
  • • Slave: SELECT (auto-failover to master)
  • Redis: cache, URL code store, Socket.IO adapter
  • MinIO: object storage for file uploads
  • SMTP: OTP, registration, forgot password

CI/CD & Deployment

  • • GitLab CI — 4 stage pipeline (manual trigger)
  • • Docker build (node:20-slim)
  • • Docker Swarm deploy (0.5 CPU, 250MB RAM)
  • • Auto Nginx reverse-proxy from template
  • • Dev: runner-1-sims-psm (develop branch)
  • • Prod: server-sso-prod (main branch)

SSO Authentication Flow

  • Third-party app sends POST /generate-url with access_key + hash_code (AES encrypted)
  • API validates access_key from DB, decrypts hash_code, generates unique URL code → stores in Redis
  • User opens URL → login page → after auth, client gets JWT OTP token
  • Third-party calls GET /sso-data with JWT → API decrypts email + party code → returns user + group data

SSO Engine API · Nutech Integrasi · nutech-dev · GitLab: gitlab.nutech-integrasi.com/nutech/sso-engine-api