SergeychWorks/superlogin
1
0
Fork 0
Code Issues 1 Pull Requests Packages Projects Releases 1 Wiki Activity
parsec3 based login library for JVM and JS
21 Commits 1 Branch 2 Tags 221 KiB
Kotlin 99.9%
ba7fcb947e
Go to file
sergeych ba7fcb947e v0.2.1: data key is not in the client saved state (less secure but does not require the password all the time)
2022-12-19 13:44:26 +01:00
gradle/wrapper Initial commit 2022-11-11 00:22:26 +01:00
kotlin-js-store RC-2 passing all tests in js too 2022-12-02 21:32:58 +01:00
src v0.2.1: data key is not in the client saved state (less secure but does not require the password all the time) 2022-12-19 13:44:26 +01:00
webpack.config.d RC-2 passing all tests in js too 2022-12-02 21:32:58 +01:00
.gitignore finally, minimal and straight registration schema and client implementation 2022-11-20 20:53:59 +01:00
build.gradle.kts v0.2.1: data key is not in the client saved state (less secure but does not require the password all the time) 2022-12-19 13:44:26 +01:00
gradle.properties Initial commit 2022-11-11 00:22:26 +01:00
gradlew Initial commit 2022-11-11 00:22:26 +01:00
gradlew.bat Initial commit 2022-11-11 00:22:26 +01:00
README.md +implemented automatic relogin on connection restore and better connection tracking. 2022-12-18 21:48:39 +01:00
settings.gradle.kts Initial commit 2022-11-11 00:22:26 +01:00

README.md

Superlogin utilities

Work in progress, too early to use.

This project targets to provide command set of multiplatform tools to faciliate restore access with non-recoverable passwords by providing a backup secret string as the only way to reset the password.

This technology is required in the systems where user data are not disclosed to anybody else, as an attempt to allow lost password reset by mean of a secret string that could be kept somewhere in a safe place. It allows password and protected content updates to be recoverable with a secret.

It also contains useful tools for this type of application:

  • BackgroundKeyGeneretor allows to accumulate the entropy from user events and perform ahead private key generation in the background (also in JS).

  • DerivedKeys simplify processing passwords in a safe and smart manner.

  • AccessControlObject to contain recoverable password-protected data with a backup secret word to restore access.

Setup

Currently, complie it and publish into mavenLocal, and use from there. Soon will be published to some public maven repo.

Usage with ktor server

Use module for initialization like this:

fun Application.testServerModule() {
    superloginServer(TestApiServer<TestSession>(), { TestSession() }) {
        // This is a sample of your porvate API implementation:
        on(api.loginName) {
            currentLoginName
        }
    }
}

Nothe that your test session should inhert from and implement all abstract methods of SLServerSession abstract class to work properly.

Now you can just use the module in your ktor server initialization:

embeddedServer(Netty, port = 8082, module = Application::testServerModule).start()

Of course you can initialize superlogin server separately. In any case see autodocs for superloginServer() function.

On the client side it could look like:

    val api = TestApiServer<WithAdapter>()
    val slc = SuperloginClient<TestData, S1>(client)
    var rt = slc.register("foo", "passwd", TestData("bar!"))

See autodocs for SuperloginClient for more.

License

Will be published under MIT as soon as first RC will be published.