Final project for csec-380
Authors:
Concept art only. Final version will be different, see below for project description.
How to run:
To run this script, simpily go into the Docker folder and in your terminal run:
bash build.sh
This will change your teminal to allow elasticsearch to have the memory it needs, and will build all docker files for you, once it is complete, it will run "docker-compose up". Once that completes you will be able to interact with the project
To exit, press CTRL+C, once it exits, enter the command "docker-compose down"
Description:
(WIP) Skitter is a platform for RIT users to communicate their thoughts via short skits. A skit is a short text only message of 140 characters or less. Users will be able to create a custom display name, designate an email and upload a profile picture via settings. They will also be able to follow/unfollow other users so that those users messages will appear on their main message feed. Users will be able to add new skits or delete their own skits either as a new skit, or as a reply to an existing skit. Users will authenticate to the system using RIT's exposed LDAP server.(WIP)
Objectives/Goal:
You are charged with developing a heavily user-centric web application. This web application will demonstrate fluency in complex web application security notions across various platforms. This will be accomplished by using multiple different platforms as part of web application designed around the micro-service architecture concept. Students will also demonstrate their familiarity with industry accepted development practices by using common development techniques as part of the project.
Deliverables:
Requirements:
Authentication
Authentication is peformed via a Java microservice using Maven and the Spring framework. The authentication service should run locally, with no public access using proper docker settings. When a request is made to the /login page of the service with credentials, the service will respond back with true or false indicating successful authentication. Credentials are not stored anywhere in the system and are used only to communicate to RITs LDAP server. Entry Points:
/isAuthenticated - WIP - This feature works locally but it is unknown if it works for multiple sessions yet.
Authentication currently works when run locally outside of the app, as a standalone service. Currently in progress: Wiring skitter so it can obtain a JSESSIONID on behalf of the user and use that along with the provided user credentials to login via LDAP. For testing purposes, currently all login attempts to skitter will be successful regardless of credentials.
Settings
Users are able to change the settings for their account through two endpoints. These endpoints are called though forms on the settings.html page and will not run until the user's session is validated. Settings are stored in a MySQL database.
Session Management Sessions are managed using PHPs built in session management, and Spring frameworks security configuration during authentication.
Following/Unfollowing Users
Users are able to follow and unfollow other users. This functionality is implemented using Flask and MySQL. These endpoints will not run until the user's session has been validated. Endpoints:
/following - (POST) returns all users the the given user_id is following
Skit Creation/Deletion
TODO: Requirements and instructions for use will go here as the project develops.