From dde454d54147d8fba5ea263bdf66d1cc48c44968 Mon Sep 17 00:00:00 2001 From: Lars Wirzenius Date: Sun, 30 Dec 2018 18:40:53 +0200 Subject: Add: initial commit --- Makefile | 7 +++ arch.css | 15 ++++++ arch.diag | 12 +++++ arch.html | 145 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ arch.png | Bin 0 -> 4856 bytes architecture.mdwn | 111 +++++++++++++++++++++++++++++++++++++++++ build.sh | 14 ++++++ ikiwiki.setup | 36 ++++++++++++++ index.mdwn | 12 +++++ 9 files changed, 352 insertions(+) create mode 100644 Makefile create mode 100644 arch.css create mode 100644 arch.diag create mode 100644 arch.html create mode 100644 arch.png create mode 100644 architecture.mdwn create mode 100755 build.sh create mode 100644 ikiwiki.setup create mode 100644 index.mdwn diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..14078f5 --- /dev/null +++ b/Makefile @@ -0,0 +1,7 @@ +yarns = $(wildcard *.yarn) +images = $(wildcard *.diag) + +all: arch.html + +arch.html: $(yarns) $(images) arch.css + ./build.sh diff --git a/arch.css b/arch.css new file mode 100644 index 0000000..25720b2 --- /dev/null +++ b/arch.css @@ -0,0 +1,15 @@ +html { + font-family: serif; + margin-left: 4em; + margin-right: 4em; +} + +h1, h2, h3 { + font-family: sans-serif; + margin-top: 2em; +} + + +h1 { font-size: 3em; } +h2 { font-size: 2em; } +h3 { font-size: 1em; } diff --git a/arch.diag b/arch.diag new file mode 100644 index 0000000..d1e0f1e --- /dev/null +++ b/arch.diag @@ -0,0 +1,12 @@ +blockdiag { + browser; + qvisqve; + effiweb; + effiapi; + muck; + + browser -> effiweb; + browser -> qvisqve; + effiweb -> effiapi; + effiapi -> muck; +} diff --git a/arch.html b/arch.html new file mode 100644 index 0000000..5e9f8ac --- /dev/null +++ b/arch.html @@ -0,0 +1,145 @@ + + + + + + + + Effireg architecture + + + + +
+

Effireg architecture

+

Lars Wirzenius

+

Version: trial-1-g4f2e1de-dirty

+
+ +

Introduction

+

Effireg is a web-based membership register for the Effi non-profit association. See https://effi.org/ for more information about Effi.

+

Effireg is written for Effi, but it is free software, released under the Affero GPL v3 license, and may be used by others. No guarantees of quality.

+

Architecture overview

+

Assumptions

+

The architecture has been designed under the following assumptions:

+ +

Components

+
+Architectural components
Architectural components
+
+

Effireg consists of four main components:

+ +

Authentication

+

End-users are authenticated using the OpenID Connect protocol, specifically the authorization code flow. In this flow, Qvisqve provides cryptographically signed access tokens, which identify the user and specify a list of things the user may do. The signature guarantees the token comes from Qvisqve.

+

Non-interactive API clients are authenticated using the OAuth2 protocol, specifically using client credential grants. This also provides an access token, similar to the one from end-user authentication.

+

Data model

+

The membership register stores data as “resources” in Muck-POC. Each resource is a JSON object. The following types of objects are supported:

+ +

Subject resource

+

A subject resource has the following fields:

+ +

The subject resource does not have any data that isn’t needed for end-user identification. Effiapi manages and Qvisqve uses the subject resource.

+

Password resource

+

A password resource has the following fields:

+ +

Effiapi manages and Qvisqve uses the password resource.

+

Member resource (memb)

+

A membership resource has the following fields:

+ +

Effiapi manages and uses the memb resource. Effiweb renders it for the user.

+

effiapi

+

This chapter descibes the effiapi API, as a yarn automated scenario test. It is meant to be understandable to Effi sysadmins, as well as be an executable test suite for the API.

+

The API is a simple RESTful HTTP API using JSON. This means that:

+ +

Manage memberships

+

This section shows the API calls to manage a memberhip: to create the member, to update and retrieve it, and to search memberships.

+
SCENARIO Manage memberships
+
+GIVEN An effiapi instance
+WHEN admin requests POST /memb with body { "fullname": "James Bond" }
+THEN the member id is ID
+
+WHEN admin requests GET /memb with header Muck-Id: ${ID}
+THEN HTTP status 200
+AND HTTP body matches { "fullname": "James Bond" }
+

TODO:

+ +

Appendix: Yarn scenario step implementations

+ + diff --git a/arch.png b/arch.png new file mode 100644 index 0000000..f86d22f Binary files /dev/null and b/arch.png differ diff --git a/architecture.mdwn b/architecture.mdwn new file mode 100644 index 0000000..fccf309 --- /dev/null +++ b/architecture.mdwn @@ -0,0 +1,111 @@ +[[!meta title="Architecture"]] + +[[!toc ]] + +# Architecture overview + +## Assumptions + +The architecture has been designed under the following assumptions: + +* Privacy is important, and should be the default. People should only + have access to the information they are authorized to access. + +* Members should be able to see their own information, without having + to go through the Effi membership register admin. + +* It's not practical to have every member have a password. + Authentication can be done by sending the member a unique, + single-use link when they want to log in. + +## Components + +[[!img arch.png]] + +Effireg consists of four main components: + +* **effiapi** provides a RESTful HTTP API for managing the membership + data, and for doing things with or to the data. All operations go + via the API. + +* **effiweb** provides the frontend for the web application to use the + membership register. It renders HTML to the user, is accesses via a + web browser, and generally is the user-visible part of Effireg. + +* **Qvisqve** provides authentication of end-users (the members, and + admins). It lets users log in, and keeps track of what each user is + allowed to do. + +* **Muck-POC** stores the actual membership register data, and + controls access to it, based on access tokens from Qvisqve. + +## Authentication + +[OpenID Connect]: https://openid.net/specs/openid-connect-core-1_0.html +[OAuth2]: https://oauth.net/2/ + +End-users are authenticated using the [OpenID Connect][] protocol, +specifically the authorization code flow. In this flow, Qvisqve +provides cryptographically signed access tokens, which identify the +user and specify a list of things the user may do. The signature +guarantees the token comes from Qvisqve. + +Non-interactive API clients are authenticated using the [OAuth2][] +protocol, specifically using client credential grants. This also +provides an access token, similar to the one from end-user +authentication. + +# Data model + +The membership register stores data as "resources" in Muck-POC. Each +resource is a JSON object. The following types of objects are +supported: + +* **subject** represents a person who is allowed to use the register; + it it used to identify the user for authentication +* **password** stores the encrypted password for a subject +* **memb** represets a subject's membership in Effi + +### Subject resource + +A subject resource has the following fields: + +* `username` — the username of the subject; this can change, the + subject is identified by the resource identifier in the register, + not by the username + +The subject resource does not have any data that isn't needed for +end-user identification. Effiapi manages and Qvisqve uses the subject +resource. + +### Password resource + +A password resource has the following fields: + +* `subject_id` — resource id of the subject whose password this + is +* `version` — version of the password resource (identifies + algorithm); must be 1 +* `hash` — the password, encrypted with the scrypt algorithm +* `salt` — a random string to prevent dictionary attacks +* `key_len` — parameter for scrypt +* `N` — parameter for scrypt +* `r` — parameter for scrypt +* `p` — parameter for scrypt + +Effiapi manages and Qvisqve uses the password resource. + +### Member resource (memb) + +A membership resource has the following fields: + +* `subject-id` — the resource id of the subject resource for + the member +* `fullname` — the full name of the member +* `primary-email` — the primary email address for the member + (and currently the only one) +* `years-paid` — list of integers for the years for which the + member has paid their membership + +Effiapi manages and uses the memb resource. Effiweb renders it for the +user. diff --git a/build.sh b/build.sh new file mode 100755 index 0000000..8a04877 --- /dev/null +++ b/build.sh @@ -0,0 +1,14 @@ +#!/bin/sh + +set -eu + +version="$(git describe --dirty)" +blockdiag3 arch.diag +pandoc \ + -Vdate="Version: $version" \ + --toc \ + --standalone \ + --self-contained \ + --css arch.css \ + -o arch.html \ + *.yarn diff --git a/ikiwiki.setup b/ikiwiki.setup new file mode 100644 index 0000000..43727ba --- /dev/null +++ b/ikiwiki.setup @@ -0,0 +1,36 @@ +# IkiWiki::Setup::Yaml - YAML formatted setup file + +wikiname: Effireg +url: https://icv-biz.liw.fi +srcdir: . +destdir: /home/liw/sites/effireg.liw.fi/html +add_plugins: +- goodstuff +- inline +- attachment +- remove +- rename +- tag +- orphans +- brokenlinks +- trail +- sidebar +- toc +- highlight +- format +- graphviz +disable_plugins: +- smiley +- rawhtml +- html +- tidy +html5: yes +timeformat: '%Y-%m-%d %H:%M' +exclude: 'favicon\.ico' +allowed_attachments: mimetype(image/*) +tagbase: tag +discussion: no +allowrss: yes +allowatom: yes +rss: yes +atom: yes diff --git a/index.mdwn b/index.mdwn new file mode 100644 index 0000000..10925eb --- /dev/null +++ b/index.mdwn @@ -0,0 +1,12 @@ +[[!meta title="Effireg - privacy-aware register of members for associations"]] + +Effireg is a web-based membership register for the Effi non-profit +association. See for more information about Effi. + +Effireg is written for Effi, but it is free software, released under +the Affero GPL v3 license, and may be used by others. No guarantees of +quality. + + +* [[architecture]] + -- cgit v1.2.1