shield

Comprehensive security for Lucky framework lucky-framework crystal-shards
0.1.0 released
GrottoPress/shield
24 2 1
GrottoPress

Shield

Shield is a comprehensive security solution for Lucky framework. It features robust authentication and authorization, including user registrations, logins and logouts, password resets and more.

Shield is secure by default, and exploits defence-in-depth strategies, including pinning an authentication session to the IP address that started it -- the session is invalidated if the IP address changes.

User IDs are never saved in session. Instead, each authentication gets a unique ID and token, which is saved in session, and checked against corresponding values (hashed) in the database.

Shield is designed to be resilient against critical application vulnerabilities, including brute force, user enumeration, denial of service and timing attacks.

On top of these, Shield offers seamless integration with your application. For the most part, include a bunch of modules in the appropriate classes, and you are good to go!

Documentation

Find the complete documentation of Shield in the docs/ directory of this repository.

Development

Run tests with docker-compose -f spec/docker-compose.yml run --rm spec. If you need to update shards before that, run docker-compose -f spec/docker-compose.yml run --rm shards.

If you would rather run tests on your local machine (ie, without docker), create a .env.sh file:

#!bin/bash

export APP_DOMAIN=http://localhost:5000
export DATABASE_URL='postgres://postgres:password@localhost:5432/shield_spec'
export SECRET_KEY_BASE='XeqAgSy5QQ+dWe8ruOBUMrz9XPbPZ7chPVtz2ecDGss='
export SERVER_HOST='0.0.0.0'
export SERVER_PORT=5000

Update the file with your own details. Then run tests with source .env.sh && crystal spec.

Todo

  • [x] User registrations
  • [x] Logins and logouts
  • [x] Password resets
  • [x] Login notifications
  • [x] Password change notifications
  • [x] Pin authentication session to its IP address
  • [x] Authorization
  • [ ] Email confirmation (verification)
  • [ ] Anti-spam
  • [ ] Web Application Firewall (WAF)
  • [ ] Multi-factor authentication

Contributing

  1. Fork it
  2. Create your feature branch: git checkout -b my-new-feature
  3. Commit your changes: git commit -am 'Add some feature'
  4. Push to the branch: git push origin my-new-feature
  5. Create a new Pull Request

Security

Kindly report suspected security vulnerabilities in private, via contact details outlined in this repository's .security.txt file.

shield:
  github: GrottoPress/shield
  version: ~> 0.1.0
License MIT
Crystal 0.35.0

Authors

Dependencies 0

Development Dependencies 2

  • carbon ~> 0.1.0
    {'github' => 'luckyframework/carbon', 'version' => '~> 0.1.0'}
  • lucky ~> 0.23.0
    {'github' => 'luckyframework/lucky', 'version' => '~> 0.23.0'}

Dependents 0

Last synced .
search fire star recently