A modern, enterprise-grade TypeScript application demonstrating federated authentication with comprehensive AWS cloud infrastructure. The system enables users to authenticate via Google or Microsoft accounts and securely upload files through a React-based web interface.
This is a monorepo containing three main projects:
typescript-demo/
├── web-app/ # React frontend application
├── api/ # Lambda functions and API logic
├── infrastructure/ # AWS CDK infrastructure code
├── docker-compose.yml # Local development environment
└── README.md
- Node.js 20+
- npm
- Docker and Docker Compose (for local development)
- AWS CLI (for deployment)
- AWS CDK CLI (for infrastructure deployment)
# Install root dependencies and all workspace dependencies
npm installnpm run buildnpm run testnpm run lint
# Auto-fix linting issues
npm run lint:fixnpm run formatStart the local development environment with all services:
# Start all services and wait for them to be ready
npm run docker:start
# Or start services in detached mode
npm run docker:up
# View logs
npm run docker:logs
# Stop services
npm run docker:down
# Clean up (remove volumes)
npm run docker:cleanThis will start:
- Web application on http://localhost:3000
- API server on http://localhost:4000
- PostgreSQL database on localhost:5432
- LocalStack (AWS services mock) on localhost:4566
- Email: test@example.com
- Password: TestPass123!
The Docker environment automatically:
- Initializes PostgreSQL with the database schema
- Creates sample test users
- Sets up LocalStack with S3 buckets, Secrets Manager, and Cognito
- Enables hot-reload for both web and API
- Configures networking between all services
For more details, see docker/README.md
cd web-app
npm run dev # Start development server
npm run build # Production build
npm run test # Run tests
npm run lint # Lint codecd api
npm run dev # Start local API server
npm run build # Compile TypeScript
npm run test # Run tests
npm run lint # Lint codecd infrastructure
npm run build # Compile CDK code
cdk synth # Synthesize CloudFormation
cdk diff # Show changes
cdk deploy # Deploy to AWS
cdk destroy # Tear down stack- React 18+
- TypeScript 5+ (strict mode)
- React Router
- Axios
- AWS Amplify
- Material-UI or Tailwind CSS
- Jest + React Testing Library
- Node.js 20+
- TypeScript 5+ (strict mode)
- AWS SDK v3
- pg (PostgreSQL)
- Jest
- AWS CDK 2.x
- TypeScript 5+
- AWS Services: CloudFront, WAF, Cognito, API Gateway, Lambda, S3, RDS PostgreSQL, Secrets Manager, CloudTrail, Config
- Docker + Docker Compose
- LocalStack for AWS service mocking
- ESLint + Prettier
- Husky for git hooks
- lint-staged
Git hooks are automatically installed via Husky. Before each commit:
- Code is linted and auto-fixed where possible
- Code is formatted with Prettier
All projects use TypeScript 5+ with strict mode enabled:
strict: truenoUnusedLocals: truenoUnusedParameters: truenoImplicitReturns: truenoFallthroughCasesInSwitch: true
All code follows SOLID design principles:
- Single Responsibility: Each class has one reason to change
- Open-Closed: Extension without modification
- Liskov Substitution: Derived classes are substitutable
- Interface Segregation: Focused interfaces
- Dependency Inversion: Depend on abstractions, not concretions
REACT_APP_API_URL- API Gateway endpointREACT_APP_COGNITO_USER_POOL_ID- Cognito User Pool IDREACT_APP_COGNITO_CLIENT_ID- Cognito Client IDREACT_APP_COGNITO_DOMAIN- Cognito domain for OAuth
DATABASE_URL- PostgreSQL connection stringAWS_REGION- AWS regionS3_BUCKET_NAME- File storage bucket nameCOGNITO_USER_POOL_ID- For token validation
AWS_ACCOUNT- AWS account IDAWS_REGION- Deployment regionENVIRONMENT- dev/staging/prod
npm run install:all- Install all dependenciesnpm run build- Build all projectsnpm run test- Run all testsnpm run lint- Lint all projectsnpm run lint:fix- Auto-fix linting issuesnpm run format- Format all code with Prettier
npm run docker:start- Start Docker environment and wait for servicesnpm run docker:up- Start Docker environment in detached modenpm run docker:down- Stop Docker environmentnpm run docker:logs- View logs from all servicesnpm run docker:restart- Restart all servicesnpm run docker:clean- Stop and remove all volumesnpm run docker:build- Rebuild Docker imagesnpm run docker:ps- Show running containersnpm run docker:wait- Wait for services to be healthy
Comprehensive security validation tools and documentation:
Run automated security validation:
cd infrastructure
npm run validate:security- Security Checklist - Complete security verification procedures
- Security Validation Usage - Detailed validation guide
- ✅ S3 bucket security (encryption, public access blocking)
- ✅ RDS security (encryption, private subnets, access control)
- ✅ VPC and network configuration (subnets, NACLs, security groups)
- ✅ IAM roles and policies (least privilege)
- ✅ WAF rules (SQL injection, XSS, rate limiting)
- ✅ Cognito configuration (password policy, federated providers)
- ✅ CloudTrail and logging (audit trails, VPC flow logs)
- ✅ Encryption in transit (TLS 1.2+)
See SECURITY_CHECKLIST.md for complete details.
Comprehensive end-to-end integration testing documentation and tools are available:
Run automated integration tests:
./run-integration-tests.sh dev- Integration Testing Guide - Complete testing procedures
- Automated Test Script - Automated verification
- Test Report Template - Document test results
- Manual Testing Checklist - Quick reference for manual tests
- Testing README - Overview of all testing resources
- ✅ Federated authentication (Google, Microsoft)
- ✅ File upload and storage (S3)
- ✅ Database operations (RDS)
- ✅ API functionality
- ✅ Security controls (WAF, NACLs, Security Groups)
- ✅ Network isolation (VPC)
- ✅ Encryption (at rest and in transit)
- ✅ Monitoring and logging
See INTEGRATION_TESTING_README.md for complete details.
For detailed deployment instructions, see DEPLOYMENT_GUIDE.md.
# Set environment
export AWS_PROFILE=dev
export ENVIRONMENT=dev
export AWS_ACCOUNT=123456789012
export AWS_REGION=us-east-1
# Deploy infrastructure
cd infrastructure
npm run build
npx cdk deploy --all
# Deploy application
cd ../web-app
npm run build
# Upload to S3 (see deployment guide)- Deployment Guide - Complete deployment instructions for all environments
- Environment Variables - Comprehensive environment variable reference
- Troubleshooting Guide - Solutions to common issues
- Security Checklist - Security verification procedures
This project uses GitHub Actions for continuous integration and deployment. See CI/CD Documentation for details.
Workflows:
- CI Pipeline: Runs on all PRs and pushes - linting, type checking, tests, security scans
- Security Scanning: Daily security scans and vulnerability checks
- Deploy to Development: Automatic deployment on push to
developbranch - Deploy to Staging: Automatic deployment on push to
mainbranch - Deploy to Production: Manual deployment with approval required
Setup: See CI/CD Setup Instructions
- Review the requirements document:
.kiro/specs/federated-auth-typescript-app/requirements.md - Review the design document:
.kiro/specs/federated-auth-typescript-app/design.md - Follow the implementation tasks:
.kiro/specs/federated-auth-typescript-app/tasks.md - Configure GitHub secrets for CI/CD: CI/CD Setup
Private - All rights reserved by Brian Byrne