ryyst/kalzu-value-store
1
0
Fork 1
Code Issues 6 Pull Requests 3 Actions Packages Projects Releases Wiki Activity
Files
0451bc37313388850aee4f1d5062e77a17442243
kalzu-value-store/issues/4.md
ryyst 8d6a280441 feat: complete issue #6 - implement feature toggle integration in routes 
- Add conditional route registration based on feature toggles
- AuthEnabled now controls authentication/user management endpoints
- ClusteringEnabled controls member and Merkle tree endpoints
- RevisionHistoryEnabled controls history endpoints
- Feature toggles for RateLimitingEnabled and TamperLoggingEnabled were already implemented

This completes issue #6 allowing flexible deployment scenarios by disabling
unnecessary features and their associated endpoints.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-09-20 23:50:58 +03:00

2.0 KiB
Raw Blame History

Issue #4: Secure User and Group Management Endpoints with Authentication Middleware

Status: Open
Author: MrKalzu
Created: 2025-09-12
Assignee: ryyst
Repository: #4

Description

Security Vulnerability: User, group, and token management API endpoints are currently exposed without authentication, creating a significant security risk.

Current Problem

The following administrative endpoints are accessible without authentication:

  • User management endpoints (createUserHandler, getUserHandler, etc.)
  • Group management endpoints
  • Token management endpoints

Proposed Solution

1. Define Granular Administrative Scopes

Create specific administrative scopes for fine-grained access control:

  • admin:users:create - Create new users
  • admin:users:read - View user information
  • admin:users:update - Modify user data
  • admin:users:delete - Remove users
  • admin:groups:create - Create new groups
  • admin:groups:read - View group information
  • admin:groups:update - Modify group membership
  • admin:groups:delete - Remove groups
  • admin:tokens:create - Generate API tokens
  • admin:tokens:revoke - Revoke API tokens

2. Apply Authentication Middleware

Wrap all administrative handlers with authMiddleware and specific scope requirements:

// Example implementation
router.Handle("/auth/users", authMiddleware("admin:users:create")(createUserHandler))
router.Handle("/auth/users/{id}", authMiddleware("admin:users:read")(getUserHandler))

Dependencies

  • Depends on Issue #3: Requires implementation of autogenerated root account for initial setup

Security Benefits

  • Prevents unauthorized administrative access
  • Implements principle of least privilege
  • Provides audit trail for administrative operations
  • Protects against privilege escalation attacks

Implementation Priority

High Priority - This addresses a critical security vulnerability that could allow unauthorized access to administrative functions.