all repos — litestore @ ceab78343a3eeb5011601fd4e8ca2588407ba910

A minimalist nosql document store.

Documented auth support.
Cevasco, Fabio fabio.cevasco@siemens.com
Sat, 14 Dec 2019 00:14:57 +0100
commit

ceab78343a3eeb5011601fd4e8ca2588407ba910

parent

fc7d4a0cbb5a9533c1aad681e3b53615f65da71e

M build_guidebuild_guide

@@ -6,6 +6,7 @@ md/use-cases.md

md/architecture.md md/getting-started.md md/usage.md + md/auth.md md/admin_app.md md/api.md md/api_info.md

@@ -22,7 +23,7 @@ for page in ${pages[@]}

do (cat "${page}"; printf "\n\n") >> LiteStore_UserGuide.md done -hastyscribe --field/version:1.5.1 LiteStore_UserGuide.md +hastyscribe --field/version:1.6.0 LiteStore_UserGuide.md rm LiteStore_UserGuide.md mv LiteStore_UserGuide.htm .. cd ../..
M src/admin/js/components/navbar.jssrc/admin/js/components/navbar.js

@@ -17,6 +17,7 @@ {path: "/guide/architecture", title: caret+"Architecture"},

{path: "/guide/data_model", title: caret+"Data Model"}, {path: "/guide/getting-started", title: "Getting Started"}, {path: "/guide/usage", title: "Usage"}, + {path: "/guide/auth", title: "Authorization"}, {path: "/guide/admin_app", title: "Administration App"}, {path: "/guide/api", title: "HTTP API Reference"}, {path: "/guide/api_info", title: caret+"info (LiteStore Information)"},

@@ -118,4 +119,4 @@ ])

]); } }; -}()); +}());
A src/admin/md/auth.md

@@ -0,0 +1,42 @@

+## Authorization + +LiteStore can be configured to automatically validate [JWT](https://jwt.io/) tokens and authorize authenticated users on specific resources (and specific resource verbs even) based on their [OAuth2 scopes](https://oauth.net/2/scope/) specified in the token itself. + +To configure authorization, create an **auth.json** file like the following: + +``` +{ + "access": { + "/info": { + "GET": ["admin:server"] + }, + "/docs/*": { + "POST": ["admin:server"], + "PATCH": ["admin:server"], + "PUT": ["admin:server"], + "DELETE": ["admin:server"] + }, + "/docs/wiki/*": { + "POST": ["admin:wiki"], + "PUT": ["admin:wiki"], + "PATCH": ["admin:wiki"], + "DELETE": ["admin:wiki"] + } + }, + "signature": "\n-----BEGIN CERTIFICATE-----\n<certificate text goes here>\n-----END CERTIFICATE-----\n" +} +``` + +The **access** property is a dictionary of endpoints to which only users that have one of the specified scopes can access. + +For example, in this case only users with the **admin:server** scope will be able to access /info, and any /docs/ document. + +However, users with the **admin:wiki** scope will be able to access documents located under the /docs/wiki/ folder. + +Finally, specify the public signature to be used to validate JWT tokens using the **signature** property. Typically, its value should be set to the first value of the [x.509 certificate chain](https://auth0.com/docs/tokens/reference/jwt/jwks-properties) specified in the [JSON Web Key Set](https://auth0.com/docs/jwks) of your API. + +To use this configuration at runtime, specify it through the **--auth** option, like this: + +`litestore --auth:auth.json` + +Once enabled, LiteStore will return HTTP 401 error codes if an invalid token or no token is included in the HTTP Authorization header of the request accessing the resource or HTTP 403 error codes in case an authenticated user does not have a valid scope to access a specified resource.
M src/admin/md/usage.mdsrc/admin/md/usage.md

@@ -17,6 +17,7 @@

#### Options * **-a**, **-\-address** &mdash; Specify server address (default: 127.0.0.1). +* **--auth** &mdash; Specify an authorization configuration file. * **-b**, **--body** &mdash; Specify a string containing input data for an operation to be executed. * **-d**, **-\-directory** &mdash; Specify a directory to serve, import, export, delete, or mount. * **-f**, **--file** &mdash; Specify a file containing input data for an operation to be executed.

@@ -90,4 +91,4 @@ [litestore execute -o:get -u:docs?tags=$subtype:json](class:cmd)

* Add a new document from a JSON file: - [litestore execute -o:put -u:docs/test-doc -f:test.json -t:application/json](class:cmd) + [litestore execute -o:put -u:docs/test-doc -f:test.json -t:application/json](class:cmd)
M src/litestorepkg/lib/config.nimsrc/litestorepkg/lib/config.nim

@@ -1,6 +1,6 @@

const pkgName* = "litestore" - pkgVersion* = "1.5.1" + pkgVersion* = "1.6.0" pkgAuthor* = "Fabio Cevasco" pkgDescription* = "Self-contained, lightweight, RESTful document store." pkgLicense* = "MIT"