Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

DynamoDB #6

Merged
merged 7 commits into from
Dec 30, 2024
Merged

DynamoDB #6

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
d8fb517
Add DynamoDB integration and refactor user management.
arkavo-com Dec 28, 2024
222d2f1
Handle DynamoDB errors and update build settings
arkavo-com Dec 29, 2024
37bf759
Add logging for DynamoDB operations and update README examples
arkavo-com Dec 29, 2024
872c3b3
Update WebAuthn RP values and enhance README example
arkavo-com Dec 29, 2024
dd2f0d0
Improve error handling and logging for user operations
arkavo-com Dec 30, 2024
1cdff2b
Add comprehensive user credential handling in database
arkavo-com Dec 30, 2024
3b28196
Refactor credential handling and update table configurations
arkavo-com Dec 30, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 10 additions & 6 deletions Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,14 +1,14 @@
[package]
name = "authnz-rs"
version = "0.3.0"
version = "0.4.0"
edition = "2021"
license = "BSD-2"
rust-version = "1.80.0"
rust-version = "1.83.0"

[profile.release]
opt-level = 3
lto = true
codegen-units = 1
opt-level = 2 # Lower optimization level
lto = false # Disable LTO
codegen-units = 16 # Increase parallelism

[dependencies]
tokio = { version = "1.39.3", features = ["rt", "rt-multi-thread", "macros", "fs"] }
Expand All @@ -30,4 +30,8 @@ uuid = { version = "1.10.0", features = ["v4"] }
jsonwebtoken = { version = "9.3.0", features = ["use_pem"] }
chrono = "0.4.38"
form_urlencoded = "1.2.1"
http = "1.1.0"
http = "1.1.0"
aws-config = "1.5.12"
aws-sdk-dynamodb = "1.57.0"
did-key = "0.2.1"
base58 = "0.2.0"
185 changes: 165 additions & 20 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,53 +2,193 @@

Authentication and Entitlement WebAuthn and Smart Contract

## Getting Started
## Deployment

### Prerequisites
### Environment Variables

#### Create keys
```env
# Server Configuration
export PORT=8443
export TLS_CERT_PATH=/path/to/fullchain.pem
export TLS_KEY_PATH=/path/to/privkey.pem

# Cryptographic Keys
export SIGN_KEY_PATH=/path/to/signkey.pem
export ENCODING_KEY_PATH=/path/to/encodekey.pem
export DECODING_KEY_PATH=/path/to/decodekey.pem

# DynamoDB Configuration
export DYNAMODB_CREDENTIALS_TABLE=prod-credentials
export DYNAMODB_HANDLES_TABLE=prod-handles
export AWS_REGION=your-region
```

SIGN_KEY_PATH
### DynamoDB

```shell
openssl ecparam -genkey -name prime256v1 -noout -out signkey.pem
aws dynamodb create-table \
--table-name credentials \
--attribute-definitions \
AttributeName=user_id,AttributeType=S \
AttributeName=username,AttributeType=S \
--key-schema AttributeName=user_id,KeyType=HASH \
--global-secondary-indexes \
"[{
\"IndexName\": \"username-index\",
\"KeySchema\": [{\"AttributeName\":\"username\",\"KeyType\":\"HASH\"}],
\"Projection\":{\"ProjectionType\":\"ALL\"}
}]" \
--billing-mode PAY_PER_REQUEST
```


## Testing

### Unit Tests

Run the unit test suite:
```shell
cargo test
```

### Integration Tests

1. Set up local DynamoDB:
```shell
docker run -p 8000:8000 amazon/dynamodb-local
```

2. Run integration tests:
```shell
export DYNAMODB_ENDPOINT=http://localhost:8000
cargo test --test '*' --features integration
```

### Manual Testing

1. Register a new user:

```shell
curl http://localhost:8080/register/testuser
```

```shell
curl -X POST http://localhost:8080/register/testuser \
-H "Content-Type: application/json" \
-d '{"challenge": "..."}'
```

2. Authenticate:

```shell
curl http://localhost:8080/authenticate/testuser
```

ENCODING_KEY_PATH
```shell
curl -X POST http://localhost:8080/authenticate/testuser \
-H "Content-Type: application/json" \
-d '{"challenge": "..."}'
```

## Development

### Setup

#### Generate Cryptographic Keys

1. Create signing key (SIGN_KEY_PATH):
```shell
openssl ecparam -genkey -name prime256v1 -noout -out signkey.pem
```

2. Create encoding key (ENCODING_KEY_PATH):
```shell
openssl ecparam -genkey -noout -name prime256v1 \
| openssl pkcs8 -topk8 -nocrypt -out encodekey.pem
```

DECODING_KEY_PATH

3. Create decoding key (DECODING_KEY_PATH):
```shell
openssl ec -in encodekey.pem -pubout -out decodekey.pem
```

#### Verify keys

4. Verify keys:
```shell
openssl ec -in signkey.pem -text -noout
openssl ec -in encodekey.pem -text -noout
openssl ec -in decodekey.pem -text -noout
```

## Usage
#### Set Up DynamoDB Tables

```env
export PORT=8443
export TLS_CERT_PATH=/path/to/fullchain.pem
export TLS_KEY_PATH=/path/to/privkey.pem
export SIGN_KEY_PATH=/path/to/signkey.pem
export ENCODING_KEY_PATH=/path/to/encodekey.pem
export DECODING_KEY_PATH=/path/to/decodekey.pem
1. Create Credentials Table:
```shell
aws dynamodb create-table \
--endpoint-url http://localhost:8000 \
--table-name credentials \
--attribute-definitions \
AttributeName=user_id,AttributeType=S \
AttributeName=username,AttributeType=S \
--key-schema AttributeName=user_id,KeyType=HASH \
--global-secondary-indexes \
"[{
\"IndexName\": \"username-index\",
\"KeySchema\": [{\"AttributeName\":\"username\",\"KeyType\":\"HASH\"}],
\"Projection\":{\"ProjectionType\":\"ALL\"},
\"ProvisionedThroughput\":{\"ReadCapacityUnits\":5,\"WriteCapacityUnits\":5}
}]" \
--billing-mode PAY_PER_REQUEST
```

2. Create Handles Table:
```shell
aws dynamodb create-table \
--endpoint-url http://localhost:8000 \
--table-name handles \
--attribute-definitions \
AttributeName=handle,AttributeType=S \
--key-schema AttributeName=handle,KeyType=HASH \
--billing-mode PAY_PER_REQUEST
```

### AWS Configuration

Configure AWS credentials using one of:

1. Environment variables:
```shell
export AWS_ACCESS_KEY_ID=your-access-key
export AWS_SECRET_ACCESS_KEY=your-secret-key
```

## Notes
2. AWS credentials file (~/.aws/credentials)
3. IAM role when running on AWS services
4. AWS SSO configuration

### Code Style

Format code using:
```shell
cargo fmt
```

Run clippy lints:
```shell
cargo clippy
```

### Security Considerations

1. Always use HTTPS in production
2. Keep AWS credentials secure and rotate regularly
3. Monitor DynamoDB table usage and costs
4. Consider enabling DynamoDB encryption at rest
5. Use VPC endpoints for DynamoDB in production
6. Implement proper request rate limiting
7. Monitor and log authentication attempts
8. Regularly update dependencies

The next steps to further improve the server:
## Future Improvements

- Implement key rotation
- Add an endpoint to retrieve public keys
Expand All @@ -58,3 +198,8 @@ The next steps to further improve the server:
- Implement secure key deletion
- Add support for additional cryptographic algorithms as needed
- Implement a mechanism to revoke or update signed tokens if necessary
- Add table backups and point-in-time recovery for DynamoDB tables
- Implement DynamoDB auto-scaling policies
- Add monitoring and alerting for DynamoDB operations
- Configure DynamoDB DAX for caching if needed
- Add retries and circuit breakers for DynamoDB operations
Loading
Loading