{"id":13486410,"url":"https://github.com/grottopress/shield","last_synced_at":"2025-05-08T03:58:16.717Z","repository":{"id":48280724,"uuid":"266109055","full_name":"GrottoPress/shield","owner":"GrottoPress","description":"Comprehensive security for Lucky framework","archived":false,"fork":false,"pushed_at":"2025-05-07T20:36:50.000Z","size":2116,"stargazers_count":55,"open_issues_count":5,"forks_count":8,"subscribers_count":4,"default_branch":"master","last_synced_at":"2025-05-08T03:58:11.086Z","etag":null,"topics":["authentication","crystal","lucky-framework","oauth2","security"],"latest_commit_sha":null,"homepage":"","language":"Crystal","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/GrottoPress.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2020-05-22T12:48:25.000Z","updated_at":"2025-05-07T20:36:54.000Z","dependencies_parsed_at":"2023-02-11T15:00:46.299Z","dependency_job_id":"7d673cef-fdb3-467a-ac56-e90c252d2b18","html_url":"https://github.com/GrottoPress/shield","commit_stats":{"total_commits":1107,"total_committers":1,"mean_commits":1107.0,"dds":0.0,"last_synced_commit":"1fa98bd5c68cfb1d0e81363adc147a023ebe02db"},"previous_names":[],"tags_count":36,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GrottoPress%2Fshield","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GrottoPress%2Fshield/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GrottoPress%2Fshield/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GrottoPress%2Fshield/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/GrottoPress","download_url":"https://codeload.github.com/GrottoPress/shield/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252996334,"owners_count":21837621,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authentication","crystal","lucky-framework","oauth2","security"],"created_at":"2024-07-31T18:00:45.322Z","updated_at":"2025-05-08T03:58:16.700Z","avatar_url":"https://github.com/GrottoPress.png","language":"Crystal","funding_links":[],"categories":[":gem: Lucky Shards","Framework Components"],"sub_categories":[],"readme":"# Shield\n\n*Shield* is a comprehensive Identity \u0026 Access Management solution for [*Lucky* framework](https://luckyframework.org). It features robust authentication and authorization, including user registrations, logins and logouts, password resets and more.\n\n*Shield* is secure by default, and exploits defence-in-depth strategies, including the option to pin an authentication session to the IP address that started it -- the session is invalidated if the IP address changes.\n\nUser IDs are never saved in session. Instead, each authentication gets a unique ID and token, which is saved in session, and checked against their corresponding salted SHA-256 digests in the database.\n\nWhen a user changes their password, *Shield* logs out the user on all devices (except the current one), to ensure that an attacker no longer has access to a previously compromised account.\n\n*Shield* supports API authentication, with regular passwords or with user-generated bearer tokens. In addition, *Shield* comes with tools to build your own OAuth 2.0 authorization server.\n\n*Shield* is designed to be resilient against critical application vulnerabilities, including brute force, user enumeration, denial of service and timing attacks.\n\nOn top of these, *Shield* offers seamless integration with your application. For the most part, `include` a bunch of `module`s in the appropriate `class`es, and you are good to go!\n\n### Design principles\n\n- #### Zero knowledge\n\n  *Shield* maintains no knowledge of any secrets, and stores them such that they are irrecoverable, either by the application or by the user, if the user loses them.\n\n- #### Hashing over encryption\n\n  In line with the *Zero Knowledge* principle, *Shield* prefers hashing to encryption, keeping knowledge of all secrets to the user that generated them.\n\n- #### Handles over assertions\n\n  In *Shield*, the server is the source of truth, ensuring that all secrets can be revoked server-side, and instantly, whenever the need arises.\n\n- #### Deny by default\n\n  *Shield* locks everything down, by default, and requires explicit action by the developer. This posture makes it difficult for an application to be *insecure by accident*.\n\n## Quick Start\n\nGet started quickly using [*Penny*](https://github.com/GrottoPress/penny). *Penny* is a *Lucky* application scaffold that gets you up and running with *Shield*.\n\n## Documentation\n\nFind the complete documentation of *Shield* in the `docs/` directory of this repository.\n\n## Development\n\nCreate a `.env` file:\n\n```env\nDATABASE_URL=postgres://postgres:password@localhost:5432/shield_spec\n```\n\nUpdate the file with your own details. Then run tests with `crystal spec`.\n\n## Contributing\n\n1. [Fork it](https://github.com/GrottoPress/shield/fork)\n1. Switch to the `master` branch: `git checkout master`\n1. Create your feature branch: `git checkout -b my-new-feature`\n1. Make your changes, updating changelog and documentation as appropriate.\n1. Commit your changes: `git commit`\n1. Push to the branch: `git push origin my-new-feature`\n1. Submit a new *Pull Request* against the `GrottoPress:master` branch.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgrottopress%2Fshield","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgrottopress%2Fshield","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgrottopress%2Fshield/lists"}