Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/prasoonsoni/fortisafe
FortiSafe is a secure and efficient resource management platform. The system offers role and group based access control for resources. It features robust user registration and authentication, allowing seamless account deactivation and deletion while adhering to data retention policies. It guards against vulnerabilities like SQL injection attacks.
https://github.com/prasoonsoni/fortisafe
aws-rds docker docker-compose gofiber golang gorm jwt nginx postgresql reverse-proxy
Last synced: 2 months ago
JSON representation
FortiSafe is a secure and efficient resource management platform. The system offers role and group based access control for resources. It features robust user registration and authentication, allowing seamless account deactivation and deletion while adhering to data retention policies. It guards against vulnerabilities like SQL injection attacks.
- Host: GitHub
- URL: https://github.com/prasoonsoni/fortisafe
- Owner: prasoonsoni
- License: mit
- Created: 2023-07-25T06:09:51.000Z (over 1 year ago)
- Default Branch: main
- Last Pushed: 2023-07-29T05:12:42.000Z (over 1 year ago)
- Last Synced: 2024-05-28T22:14:06.110Z (8 months ago)
- Topics: aws-rds, docker, docker-compose, gofiber, golang, gorm, jwt, nginx, postgresql, reverse-proxy
- Language: Go
- Homepage: https://documenter.getpostman.com/view/28558819/2s946mZ9Ld
- Size: 65.4 KB
- Stars: 11
- Watchers: 2
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# FortiSafe
## βΉοΈ Problem Statement
Build a robust containerized task management system to handle user authentication, authorization and access management.
## π Key Features
- Secure user registration and authentication
- Account Deactivation and Deletion: Allow users to deactivate or delete their accounts, if applicable. Implement a mechanism to handle account deletion securely while considering data retention policies.
- Role-based and Group-based access management on resources(Tasks) with ability to create custom roles and groups (Need to make sure endpoints are secure)
- Protection against vulnerabilities like SQL injection attacks
- Support for bulk upload using CSV(Both users and tasks) making sure all the relationships are preserved accurately
## βοΈ Tech Stack
- **GoLang** - Used for developing efficient and fast server-side applications due to its compiled nature and strong concurrency support.
- **AWS RDS (PostgreSQL Instance)** - Utilized as a managed database service to provide scalable, reliable, and performant storage for the application.
- **Docker** - Employed for containerizing the application, ensuring consistency across different environments and facilitating easy deployment and scaling.
- **Nginx** - Used as a reverse proxy to efficiently handle client requests, load balance, and improve security by serving as a barrier between clients and the application server.
## βοΈ Go Packages Used
- **uuid** - Generates unique identifiers for entities.
- **jwt** - Creates secure JSON Web Tokens for authentication.
- **bcrypt** - Hashes and encrypts passwords securely.
- **gorm** - Simplifies database interactions with an ORM in Go. It also protects from **SQL Injection**.
- **gofiber** - Fast and efficient web framework for building APIs in Go.
- **godotenv** - Loads environment variables from a .env file.
- **postgres** - Robust and scalable relational database management system.
## π§ Getting Started
To get a local copy up and running follow these simple steps.
### ππ» Prerequisites
In order to get a copy of the project and run it locally, you'll need to have Go (v1.15 or later) and Docker installed on your machine.
If you don't have Go installed, you can download it from the [official Go website](https://go.dev/doc/install). After installation, you can verify it by typing `go version` in your terminal. It should display the installed version of Go.
For Docker, you can download it from the [official Docker website](https://www.docker.com/products/docker-desktop/). After installation, you can verify it by typing `docker --version` in your terminal. It should display the installed version of Docker.
Make sure you also have a working Docker Compose. Docker Desktop installs Docker Compose by default on Mac and Windows, but you might need to add it separately in some Linux distributions. You can check its availability by typing `docker-compose --version` in your terminal.
### ππ» Get Local Copy
1. Clone the Repository
```bash
git clone https://github.com/prasoonsoni/FortiSafe
```
2. Change the directory
```bash
cd FortiSafe
```
### ππ» Create Environment Variables
1. Change the name of `.env.example` to `.env`
2. Add the following variables to `.env` file
```env
DB_HOST =
DB_NAME =
DB_USER =
DB_PASSWORD =
DB_PORT=
JWT_SECRET =
ADMIN_EMAIL =
ADMIN_PASSWORD =
```
### ππ» Running the Project
#### 1. Using Docker
In order to test our service we first need to build and run docker-compose. Docker-compose will automate the build and the run of our two Dockerfile.
To run this commands you must be in the repositoryβs root.
1. Build the Image
```bash
docker-compose build
```
2. Start the service
```bash
docker-compose up -d
```
Now we have and built the image and service is started for both **go** and **nginx** (used for reverse-proxy).
The Nginx reverse proxy will send all request from `localhost/fortisafe/` to Golang service on port `3000`.
Backend is accessible at `http://localhost/fortisafe/`
#### 2. Without Docker
1. Download the required packages
```bash
go mod download
```
2. Run the `main.go`
```bash
go run main.go
```
> Note - When running without Docker we don't have access to reverse proxy (nginx) service.
Backend is accessible at `http://localhost:3000/`
## π Complete Project Folder Structure
```
βββ .env
βββ .env.example
βββ .gitignore
βββ docker-compose.yaml
βββ Dockerfile
βββ go.mod
βββ go.sum
βββ main.go
βββ README.md
β
βββ controllers
β βββ groupController.go
β βββ permissionController.go
β βββ resourceController.go
β βββ roleController.go
β βββ userController.go
β
βββ db
β βββ db.go
β βββ migrate.go
β
βββ middlewares
β βββ authenticateAdmin.go
β βββ authenticateUser.go
β
βββ models
β βββ account_status_logs.go
β βββ body.go
β βββ group.go
β βββ permission.go
β βββ resource.go
β βββ response.go
β βββ role.go
β βββ role_permission.go
β βββ user.go
β
βββ nginx
β βββ Dockerfile
β βββ nginx.conf
β
βββ routes
βββ groupRoutes.go
βββ permissionRoutes.go
βββ resourceRoutes.go
βββ roleRoutes.go
βββ userRoutes.go
```
## π Pre Configured Permissions
> Note - These are the basic permissions considered while creating this project.
1. **create**: This permission allows a user to create new resources or data in the system.
2. **read**: This permission gives a user the ability to read and retrieve existing resources or data.
3. **update**: This permission grants a user the ability to modify or update existing resources or data.
4. **delete**: This permission enables a user to remove existing resources or data from the system.
## π¦ Basic Workflow
## π API References
[](https://app.getpostman.com/run-collection/28558819-fbc27156-acd1-40fb-911f-053538bf7dda?action=collection%2Ffork&source=rip_markdown&collection-url=entityId%3D28558819-fbc27156-acd1-40fb-911f-053538bf7dda%26entityType%3Dcollection%26workspaceId%3D7daa153e-aea8-4ce7-a519-f33bbddc43eb)
[](https://documenter.getpostman.com/view/28558819/2s946mZ9Ld)
### User
#### 1. Create User
```http
POST /api/user/create
```
Body
| Parameter | Type |
| :-------- | :------- |
| `name` | `string` |
| `email` | `string` |
| `password` | `string` |
| `role_id` | `string` |
| `group_id` | `string` |
#### 2. Login User
```http
POST /api/user/login
```
Body
| Parameter | Type |
| :-------- | :------- |
| `email` | `string` |
| `password` | `string` |
#### 3. Get User
```http
GET /api/user/get
```
Header
| Key | Value |
| :-------- | :------- |
| `Authorization` | `Bearer ` |
#### 4. Deactivate User
```http
PUT /api/user/deactivate
```
Header
| Key | Value |
| :-------- | :------- |
| `Authorization` | `Bearer ` |
#### 5. Activate User
```http
PUT /api/user/activate
```
Header
| Key | Value |
| :-------- | :------- |
| `Authorization` | `Bearer ` |
#### 6. Delete User
```http
DELETE /api/user/delete
```
Header
| Key | Value |
| :-------- | :------- |
| `Authorization` | `Bearer ` |
#### 7. Bulk Create User
```http
POST /api/user/create/bulk
```
Header
| Key | Value |
| :-------- | :------- |
| `Authorization` | `Bearer ` |
Form Data
| Key | Value |
| :-------- | :------- |
| `users` | `.csv file` |
#### 8. Login Admin
```http
POST /api/admin/login
```
Body
| Parameter | Type |
| :-------- | :------- |
| `email` | `string` |
| `password` | `string` |
### Permission
#### 1. Create Permission
```http
POST /api/permission/create
```
Header
| Key | Value |
| :-------- | :------- |
| `Authorization` | `Bearer ` |
Body
| Parameter | Type |
| :-------- | :------- |
| `name` | `string` |
| `description` | `string` |
#### 2. Get All Permissions
```http
GET /api/permission/all
```
Header
| Key | Value |
| :-------- | :------- |
| `Authorization` | `Bearer ` |
### Role
#### 1. Create Role
```http
POST /api/role/create
```
Header
| Key | Value |
| :-------- | :------- |
| `Authorization` | `Bearer ` |
Body
| Parameter | Type |
| :-------- | :------- |
| `name` | `string` |
| `description` | `string` |
| `permissions` | `[, ...]` |
#### 2. Add Permission
```http
PUT /api/role/permission/add
```
Header
| Key | Value |
| :-------- | :------- |
| `Authorization` | `Bearer ` |
Body
| Parameter | Type |
| :-------- | :------- |
| `role_id` | `string` |
| `permissions` | `[, ...]` |
#### 3. Get All Roles
```http
GET /api/role/get/all
```
Header
| Key | Value |
| :-------- | :------- |
| `Authorization` | `Bearer ` |
#### 4. Remove Permission
```http
DELETE /api/role/permission/remove
```
Header
| Key | Value |
| :-------- | :------- |
| `Authorization` | `Bearer ` |
Body
| Parameter | Type |
| :-------- | :------- |
| `role_id` | `string` |
| `permission_id` | `string` |
#### 5. Assign Role
```http
PUT /api/role/assign
```
Header
| Key | Value |
| :-------- | :------- |
| `Authorization` | `Bearer ` |
Body
| Parameter | Type |
| :-------- | :------- |
| `user_id` | `string` |
| `role_id` | `string` |
#### 6. Unassign Role
```http
PUT /api/role/unassign?user_id=
```
Header
| Key | Value |
| :-------- | :------- |
| `Authorization` | `Bearer ` |
Query Params
| Parameter | Type |
| :-------- | :------- |
| `user_id` | `string` |
### Resource
#### 1. Create Resource
```http
POST /api/resource/create
```
Header
| Key | Value |
| :-------- | :------- |
| `Authorization` | `Bearer ` |
Body
| Parameter | Type |
| :-------- | :------- |
| `name` | `string` |
| `description` | `string` |
#### 2. Get Resource
```http
GET /api/resource/get/:resource_id
```
Header
| Key | Value |
| :-------- | :------- |
| `Authorization` | `Bearer ` |
Path Variables
| Parameter | Type |
| :-------- | :------- |
| `resource_id` | `string` |
#### 3. Update Resource
```http
PUT /api/resource/update/:resource_id
```
Header
| Key | Value |
| :-------- | :------- |
| `Authorization` | `Bearer ` |
Path Variables
| Parameter | Type |
| :-------- | :------- |
| `resource_id` | `string` |
#### 4. Delete Resource
```http
DELETE /api/resource/delete/:resource_id
```
Header
| Key | Value |
| :-------- | :------- |
| `Authorization` | `Bearer ` |
Path Variables
| Parameter | Type |
| :-------- | :------- |
| `resource_id` | `string` |
#### 5. Add Associated Role
```http
PUT /api/resource/role/add
```
Header
| Key | Value |
| :-------- | :------- |
| `Authorization` | `Bearer ` |
Body
| Parameter | Type |
| :-------- | :------- |
| `resource_id` | `string` |
| `roles` | `[, ...]` |
#### 6. Remove Associated Role
```http
DELETE /api/resource/role/remove
```
Header
| Key | Value |
| :-------- | :------- |
| `Authorization` | `Bearer ` |
Body
| Parameter | Type |
| :-------- | :------- |
| `resource_id` | `string` |
| `role_id` | `string` |
#### 7. Bulk Create Resource
```http
POST /api/user/create/bulk
```
Header
| Key | Value |
| :-------- | :------- |
| `Authorization` | `Bearer ` |
Form Data
| Key | Value |
| :-------- | :------- |
| `resources` | `.csv file` |
#### 8. Add Associated Group
```http
PUT /api/resource/group/add
```
Header
| Key | Value |
| :-------- | :------- |
| `Authorization` | `Bearer ` |
Body
| Parameter | Type |
| :-------- | :------- |
| `resource_id` | `string` |
| `groups` | `[, ...]` |
#### 9. Remove Associated Group
```http
DELETE /api/resource/group/remove
```
Header
| Key | Value |
| :-------- | :------- |
| `Authorization` | `Bearer ` |
Body
| Parameter | Type |
| :-------- | :------- |
| `resource_id` | `string` |
| `group_id` | `string` |
### Group
#### 1. Create Group
```http
POST /api/group/create
```
Header
| Key | Value |
| :-------- | :------- |
| `Authorization` | `Bearer ` |
Body
| Parameter | Type |
| :-------- | :------- |
| `name` | `string` |
| `description` | `string` |
| `permissions` | `[, ...]` |
#### 2. Add Permission
```http
PUT /api/group/permission/add
```
Header
| Key | Value |
| :-------- | :------- |
| `Authorization` | `Bearer ` |
Body
| Parameter | Type |
| :-------- | :------- |
| `group_id` | `string` |
| `permissions` | `[, ...]` |
#### 3. Remove Permission
```http
DELETE /api/group/permission/remove
```
Header
| Key | Value |
| :-------- | :------- |
| `Authorization` | `Bearer ` |
Body
| Parameter | Type |
| :-------- | :------- |
| `group_id` | `string` |
| `permission_id` | `string` |
#### 4. Assign Group
```http
PUT /api/group/assign
```
Header
| Key | Value |
| :-------- | :------- |
| `Authorization` | `Bearer ` |
Body
| Parameter | Type |
| :-------- | :------- |
| `user_id` | `string` |
| `group_id` | `string` |
#### 5. Unassign Group
```http
PUT /api/group/unassign?user_id=
```
Header
| Key | Value |
| :-------- | :------- |
| `Authorization` | `Bearer ` |
Query Params
| Parameter | Type |
| :-------- | :------- |
| `user_id` | `string` |
## π· Screenshots
1. Building Docker Image
2. Running Docker Image
3. Accessing host using reverse proxy
