Security - Implement RBAC to protect endpoints

dmarro89 / dare-db

Dare-DB is a lightweight in-memory database written in Go, featuring Redis-inspired hashtables and HTTP/HTTPS endpoints for seamless data storage and retrieval, with Docker support for easy deployment

MIT License

16 stars 1 forks source link

Security - Implement RBAC to protect endpoints #7

Closed dmarro89 closed 1 week ago

dmarro89 commented 1 month ago

Let's start with a single kind of user -> only authenticated users can perform operations
Define permissions -> currently just read - write - delete
Authentication : let's start with JWT (https://medium.com/@cheickzida/golang-implementing-jwt-token-authentication-bba9bfd84d60)
- Create login endpoint and business logic / infrastructure to support login
- Secure protected endpoints

vdmitriyev commented 2 weeks ago

Materials to consider for RBAC implementation:

Building RBAC in Go - https://www.aserto.com/blog/building-rbac-in-go

go-while commented 2 weeks ago

i think we can authenticate peers by:

1) simple via ip address / cidr range 2) user/pass/anykey on every request 3) provide sessions with active/open connections for peers which are valid as long as connection is kept alive: less SYN paketstorm for opening new connections every request.

with any of the 3 options we can provide different access control levels, allow/deny specific commands for peers.

SSL to secure credentials (and transport)

Cheers!

dmarro89 commented 2 weeks ago

Thanks @go-while

vdmitriyev commented 2 weeks ago

@go-while thanks for your ideas. Could I ask you to also reflect them in a discussion thread here (so we are going to have all related ideas in one place): https://github.com/dmarro89/dare-db/discussions/4

vdmitriyev commented 1 week ago

Moved to backlog. See https://github.com/dmarro89/dare-db/issues/33