{"id":29840803,"url":"https://github.com/recheck-io/iob-log-service","last_synced_at":"2025-07-29T14:32:54.679Z","repository":{"id":306409917,"uuid":"1023546436","full_name":"ReCheck-io/iob-log-service","owner":"ReCheck-io","description":"A secure Node.js API with mTLS authentication for immutable audit logging on the Internet Computer Protocol (ICP).","archived":false,"fork":false,"pushed_at":"2025-07-25T09:37:17.000Z","size":129,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-07-25T15:41:44.120Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ReCheck-io.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-07-21T10:21:16.000Z","updated_at":"2025-07-25T09:40:03.000Z","dependencies_parsed_at":"2025-07-25T15:55:50.389Z","dependency_job_id":null,"html_url":"https://github.com/ReCheck-io/iob-log-service","commit_stats":null,"previous_names":["recheck-io/iob-log-service"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/ReCheck-io/iob-log-service","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ReCheck-io%2Fiob-log-service","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ReCheck-io%2Fiob-log-service/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ReCheck-io%2Fiob-log-service/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ReCheck-io%2Fiob-log-service/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ReCheck-io","download_url":"https://codeload.github.com/ReCheck-io/iob-log-service/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ReCheck-io%2Fiob-log-service/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":267703074,"owners_count":24130464,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-07-29T02:00:12.549Z","response_time":2574,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-07-29T14:32:35.950Z","updated_at":"2025-07-29T14:32:54.661Z","avatar_url":"https://github.com/ReCheck-io.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# IoB Chain Logger\n\nA secure Node.js API with mTLS authentication for immutable audit logging on the Internet Computer Protocol (ICP).\n\n## What it does\n\nIoB Chain Logger provides tamper-proof audit logging for Internet of Buildings (IoB) protocol by:\n\n- **Capturing user actions** (create, update, delete) with mTLS client certificate authentication\n- **Computing cryptographic hashes** using keccak256 for data integrity\n- **Storing immutable logs** on ICP blockchain canisters written in Azle\n- **Providing query APIs** to retrieve logs by UUID, action type, user, or object\n\n## Key Features\n\n- 🔐 **mTLS Authentication** - Client certificate-based user identification\n- 🔗 **ICP Integration** - Immutable storage on Internet Computer blockchain  \n- 🔒 **Cryptographic Integrity** - keccak256 hashing of all log components\n- 🚀 **Production Ready** - nginx + Certbot for automatic certificate management\n- 🛠️ **Development Friendly** - Direct TLS mode for local development and testing\n- 📋 **Flexible Queries** - Multiple log retrieval methods\n- 🛡️ **Secure by Design** - Service identity authorization and controller access\n\n## Architecture\n\n```\n[Client Certificate] → [nginx + mTLS] → [Node.js API] → [ICP Canister]\n                                            ↓\n                                   [keccak256 Hash] → [Immutable Log]\n```\n\n## API Endpoints\n\n- `POST /api/register` - Register a new audit log entry\n- `POST /api/verify` - Verify an existing log entry\n- `GET /api/logs/uuid/:uuid` - Get logs by data UUID  \n- `GET /api/logs/action/:action` - Get logs by action type\n- `GET /health` - Health check endpoint\n\n## Hash Composition\n\nEach log entry generates a keccak256 hash from:\n```\nhash = keccak256(uuid + action + userFingerprint)\n```\n\nWhere:\n- `uuid` - Unique identifier for the data object\n- `action` - Operation performed (`create`, `update`, `delete`)\n- `userFingerprint` - SHA-256 fingerprint of user's mTLS certificate\n\n## Quick Start\n\n### Development Mode (Local Testing)\n```bash\n# Install dependencies\nnpm install\n\n# Generate test certificates for development\n./scripts/generate-test-certs.sh\n\n# Configure for direct TLS mode\ncp .env.example .env\n# Set CERT_MODE=direct in .env\n\n# Start development server with HTTPS\nnpm run dev\n\n# Test with client certificate\ncurl -k --cert certs/client.crt --key certs/client.key https://localhost:4000/cert-info\n```\n\n### Production Mode (nginx Proxy)\n```bash\n# Install dependencies\nnpm install\n\n# Start Node.js service (displays service principal)\nnpm run dev\n\n# Deploy ICP canister with service authorization\ndfx deploy --argument \"(opt principal \\\"YOUR_SERVICE_PRINCIPAL\\\")\"\n\n# Configure environment and restart\ncp .env.example .env\n# Edit .env with your CANISTER_ID_IOB and CERT_MODE=nginx\nnpm start\n```\n\n## Documentation\n\n- **[Setup Guide](SETUP.md)** - Complete installation and deployment instructions\n- **[Development Guide](DEVELOPMENT.md)** - Certificate modes, local development, and testing\n- **[API Documentation](API.md)** - Complete REST API reference with endpoints, authentication, examples, and response formats\n- **[nginx Configuration](nginx/setup-nginx.md)** - Production deployment with mTLS\n\n## Tech Stack\n\n- **Backend**: Node.js + Express.js\n- **Blockchain**: Internet Computer Protocol (ICP)\n- **Canister Framework**: Azle (TypeScript/JavaScript for ICP)\n- **Authentication**: mTLS with X.509 client certificates\n- **Cryptography**: keccak256 hashing\n- **Validation**: yup schema validation\n- **Production**: nginx + Certbot for certificate management\n\n## License\n\nMIT License - see [LICENSE](LICENSE) file for details.\n\n## Support\n\nFor setup issues, see [SETUP.md](SETUP.md).","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frecheck-io%2Fiob-log-service","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frecheck-io%2Fiob-log-service","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frecheck-io%2Fiob-log-service/lists"}