Authentication and restricting read access about atomic-server HOT 5 CLOSED

I think we could have Commits without conventional authentication, since these Commits use signatures. This should still be implemented, though, but it solves the write part, at least.

from atomic-server.

I'm looking for a clean, simple way to let the server know which agent is making some request. Usually what happens, is that the one making the request has to sign some message from the server to prove ownership over some key, and after that a temporarily usable token is stored as a session / device cookie.

If the client posesses a private key (which is currenlty used in Commits, too), we could use that key to sign a request. Perhaps have a signature and agent HTTP header, after which the server checks if the agent's public key and the signature are OK. The signature message source could be the requested subject + the current timestamp + the agent subject. This combination should be unique for each request.

Checking this for every single request seems a bit tedious, so we should probably use a session token, so the server only has to do the signature checking once for every session.

from atomic-server.

So a couple of methods exist to sign HTTP requests. One is to add a Digest and Authorization HTTP header. Another way is to add a Body with a JWS (or other signature) that contains information about the request, such as the requested resource and some fleeting identifier (timestamp).

from atomic-server.

I think the sign(timestamp + subject) approach is pretty valid. I'll start working on an implementation.

The request needs to include the signature, the timestamp, and the public key of the agent.

  const privateKey = agent.privateKey;
  const timestamp = getTimestampNow();
  const message = `${subject} ${timestamp}`;
  const signed = await signToBase64(message, privateKey);
  headers.set('x-atomic-public-key', await agent.getPublicKey());
  headers.set('x-atomic-signature', signed);
  headers.set('x-atomic-timestamp', timestamp.toString());

from atomic-server.

Authorization can be costly, so let's make some simple optimizations to prevent large performance regressions.

First, the server needs to decide whether authentication is necessary at all. If a resource is public, skip it. Also, if the user is an admin, skip further checks.

If the resource is for specific eyes only (recursively check parents for read rights), continue.

The server needs to parse three headers.

After that, the server needs to find the Agent corresponding to the public key. This could be a ValueIndex request.

from atomic-server.