kalzu-value-store/issues/4.md

# Issue #4: Secure User and Group Management Endpoints with Authentication Middleware

**Status:** Open  
**Author:** MrKalzu  
**Created:** 2025-09-12  
**Assignee:** ryyst  
**Repository:** https://git.rauhala.info/ryyst/kalzu-value-store/issues/4

## Description

**Security Vulnerability:** User, group, and token management API endpoints are currently exposed without authentication, creating a significant security risk.

## Current Problem

The following administrative endpoints are accessible without authentication:
- User management endpoints (`createUserHandler`, `getUserHandler`, etc.)
- Group management endpoints 
- Token management endpoints

## Proposed Solution

### 1. Define Granular Administrative Scopes

Create specific administrative scopes for fine-grained access control:
- `admin:users:create` - Create new users
- `admin:users:read` - View user information
- `admin:users:update` - Modify user data
- `admin:users:delete` - Remove users
- `admin:groups:create` - Create new groups
- `admin:groups:read` - View group information
- `admin:groups:update` - Modify group membership
- `admin:groups:delete` - Remove groups
- `admin:tokens:create` - Generate API tokens
- `admin:tokens:revoke` - Revoke API tokens

### 2. Apply Authentication Middleware

Wrap all administrative handlers with `authMiddleware` and specific scope requirements:

```go
// Example implementation
router.Handle("/auth/users", authMiddleware("admin:users:create")(createUserHandler))
router.Handle("/auth/users/{id}", authMiddleware("admin:users:read")(getUserHandler))
```

## Dependencies

- **Depends on Issue #3**: Requires implementation of autogenerated root account for initial setup

## Security Benefits

- Prevents unauthorized administrative access
- Implements principle of least privilege
- Provides audit trail for administrative operations
- Protects against privilege escalation attacks

## Implementation Priority

**High Priority** - This addresses a critical security vulnerability that could allow unauthorized access to administrative functions.