Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
projects:member_portal:home [2025/10/12 12:21] samp20projects:member_portal:home [2025/10/24 00:15] (current) samp20
Line 13: Line 13:
 {{drawio>projects:member_portal:modules.png}} {{drawio>projects:member_portal:modules.png}}
  
-===== Tasks =====+===== Left to do =====
  
-^ Description ^ Depends on ^ Assigned to ^ +Required for initial demo:
-| Implement [[projects:member_portal:session|]] | | samp20 | +
-| Email Authentication | | samp20 | +
-| Rate limiter | | - | +
-| Initial [[projects:member_portal:oauth|]] implementation | Session management | - | +
-| [[projects:member_portal:jwk|]] implementation | | - | +
-| TOTP Authentication | | - | +
-| Keyfob authentication | | - |+
  
 +  * Portal homepage
 +  * Hardcode OAuth permissions for demo
 +  * Logout
 +  * Host demo under Hackspace beta domain
 +  * Sample OpenID compatible application (suggestions welcome)
 +
 +Shortly after:
 +  * Rate limiter
 +    * By attempted email address
 +    * By IP address
 +  * Object cleanup system
 +
 +Future work:
 +  * Permissions system
 +  * PKCE
 +  * View/edit personal details
 +  * View/delete active sessions
 +  * External logins (keyfob)
 +  * Admin pages
 +    * Clients
 +    * Roles
 +    * Members
  
 ===== Project layout ===== ===== Project layout =====
Line 74: Line 89:
  
 For now we can probably use an in-memory SQLite database for testing. We may need to switch to a proper PostgreSQL database if we start to depend on DB specific features, at which point we'll need to clean the database before every test run. For now we can probably use an in-memory SQLite database for testing. We may need to switch to a proper PostgreSQL database if we start to depend on DB specific features, at which point we'll need to clean the database before every test run.
 +
 +===== Models =====
 +
 +{{drawio>projects:member_portal:models.png}}
 +
 +===== Tokens =====
 +
 +A common pattern that's required is to store an external reference to a table row in a secure way. The pattern we use is to store an ''id'' of type UUID and a ''token_hash'' of type string in the table. The external token will refer to this using the string format ''{id.hex}:{token}''. The ID is used to select the correct row and the SHA256 of ''token'' is compared against ''token_hash''. The ''token'' is required as a layer of security as we cannot guarantee the ''id'' generation is cryptographically secure. It also allows us to rotate the ''token'' while still referring to the same row, for example cookie rotation.
 +
  • projects/member_portal/home.1760271716
  • Last modified: 8 weeks ago
  • by samp20