https://github.com/adit019/secure-authz-service-cpp
C++ authentication and authorization microservice using salted SHA-256.
https://github.com/adit019/secure-authz-service-cpp
authentication authorization c-plus-plus jwt microservice security sha256 systems-programming
Last synced: 5 days ago
JSON representation
C++ authentication and authorization microservice using salted SHA-256.
- Host: GitHub
- URL: https://github.com/adit019/secure-authz-service-cpp
- Owner: adit019
- License: other
- Created: 2025-10-04T06:07:47.000Z (9 months ago)
- Default Branch: master
- Last Pushed: 2025-10-05T08:40:19.000Z (9 months ago)
- Last Synced: 2025-10-05T09:20:45.728Z (9 months ago)
- Topics: authentication, authorization, c-plus-plus, jwt, microservice, security, sha256, systems-programming
- Language: C++
- Homepage:
- Size: 5.85 MB
- Stars: 0
- Watchers: 0
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
ο»Ώ# π Secure Authentication & Authorization Service (C++17)
[](https://github.com/adit019/secure-authz-service-cpp/actions)
A high-performance **identity service** showcasing **AuthN/AuthZ** patterns in modern C++:
- **Authentication** with salted **SHA-256** password hashes *(OpenSSL when available)*
- **Authorization** via role checks (RBAC)
- **SDL Threat Model** applied β mitigates **3 critical risks**
- **GDB + Valgrind** verified; **500+ concurrent sessions** load-tested
> **License:** Proprietary. All rights reserved. See [LICENSE](LICENSE).
---
## Architecture
` ext
Client CLI / Tests
β
βΌ
+---------------------+ +---------------------+
| Authentication API | | Authorization API |
| - salt generation | | - role checks |
| - SHA-256 hashing | | - RBAC policy |
+----------+----------+ +----------+----------+
\ /
\ /
\ /
+---------+---------+
|
InMemoryUserStore
(thread-safe map)
Quick Start
Prereqs
CMake β₯ 3.16, C++17 compiler
(Optional) OpenSSL headers/libs for real SHA-256
Ubuntu: sudo apt-get update && sudo apt-get install -y libssl-dev
macOS (brew): brew install openssl
---
## Example Results
### Secure Authentication Flow
Demonstrates salted SHA-256 hashing, user verification, and role-based access (RBAC) for βadminβ users.
---
Build
bash
Copy code
git clone https://github.com/adit019/secure-authz-service-cpp.git
cd secure-authz-service-cpp
cmake -S . -B build -DUSE_OPENSSL=ON
cmake --build build -j
Run
bash
Copy code
# Demo CLI (register/login/authorize)
./build/auth_service
# Unit tests
ctest --test-dir build --output-on-failure
# Load test (600 sessions)
./build/load_test
βοΈ SDL Threat Model (Summary)
Credential Theft (MITM / replay)
Mitigation: salted hashes, recommend TLS for transport.
Privilege Escalation
Mitigation: explicit RBAC checks per action; least privilege defaults.
Memory Safety / UAF
Mitigation: C++17 RAII, thread-safe store, CI sanitizers/Valgrind guidance.
See [THREAT_MODEL.md](docs/THREAT_MODEL.md) for details.
Debugging & Verification
gdb: gdb --args ./build/auth_service β run β bt on crash
Valgrind (Linux): valgrind --leak-check=full ./build/unit_tests
Sanitizers: enable with -DCMAKE_CXX_FLAGS="-fsanitize=address,undefined -O1 -g"
Project Structure
ruby
Copy code
$ tree -L 2
.
βββ CMakeLists.txt
βββ include/
β βββ Auth.h
βββ src/
β βββ Auth.cpp
β βββ Hash.cpp
β βββ main.cpp
βββ tests/
β βββ test_auth.cpp
βββ tools/
β βββ load_test.cpp
βββ docs/
β βββ THREAT_MODEL.md
βββ .github/workflows/cmake.yml
CI (GitHub Actions)
Build on Ubuntu with libssl-dev
Run unit tests and load test
Artifact: (optional) add later
License
Copyright Β© 2025 Adit Sharma.
All rights reserved. See [LICENSE](LICENSE).