https://github.com/technetos/iot_final_project
A client-server rfid authentication system
https://github.com/technetos/iot_final_project
Last synced: 7 months ago
JSON representation
A client-server rfid authentication system
- Host: GitHub
- URL: https://github.com/technetos/iot_final_project
- Owner: technetos
- License: apache-2.0
- Created: 2018-11-23T20:02:01.000Z (over 7 years ago)
- Default Branch: master
- Last Pushed: 2018-12-05T23:54:24.000Z (over 7 years ago)
- Last Synced: 2024-12-29T05:44:02.359Z (over 1 year ago)
- Language: Python
- Size: 39.1 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# IoT RFID Security System
A general purpose rfid based authentication system for protecting anything with
a plastic card :rofl:
# Getting Started
## Setting up the auth service
The core of the authentication service is provided by [heatshield][1].
The following tasks need to be achieved before the auth service can be used:
### Set the database urls
```
$ cd rfid_auth_server
$ source setup.sh
```
### Add a client and user to the database
This can be done with [heatshield-cli][2].
# Infrastructure
## Backend
The backend server is implemented in the Rust Programming Language and provides
access to a number of different functions the client can request.
## Frontend
The frontend is a command line client implemented in Python that talks to the
backend to perform operations. Actions performed using the client require key card access.
### Actions
The table below describes the actions available in this PoC.
Action | Description | Requires Key Card
--- | --- | ---
`file` | Request a file given an id card and filename. Acts like a single flat directory for a users files, text only | yes
`door` | Request that a door be opened. Actual implementation only prints `Opening Door` on the server and serves as an example that anything can be put behind a protected route. | yes
# Authentication & Authorization
When an rfid card/token is scanned the data stored on a section of the storage
is read, parsed, and sent to the backend as a set of credentials. Assuming that
the username and password supplied on the rfid card/token are valid, an access
token is generated and stored in the backend database and then sent to the
client. The client is then able to make requests to a protected route with the
access token in the header of the request like this:
```
Authorization: Bearer ey.........................
```
An authorized user will have a valid access token that matches the access token
in the backend database and will not be rejected.
A user with username and password that are not in the database, that is they do
not have an account, will not be granted an access token.
# Protected Routes
Any route can be a protected route by adding `policy: Bearer` as an argument to
the function. The Bearer policy is what is known as a RequestGuard in the
Rocket HTTP framework. When a RequestGuard fails, the route that its used on is
never evaluated, this allows us to use our Bearer policy to protect routes.
As in the aforementioned `door` example, if the user does not have an access
token, the door route is never evaluated and thus never unlocked.
[1]: https://github.com/technetos/heatshield
[2]: https://github.com/technetos/heatshield-cli