festivals-identity-server

README

FestivalsApp Identity Server

A lightweight go server app providing a RESTful API, called FestivalsIdentityAPI. The FestivalsIdentityAPI exposes all authorization and authentication functions needed by the FestivalsApp components.

---

Development • Deployment • FestivalsIdentityAPI • Architecture • Engage

---

Development

1. Make server run ✅
2. Make server serves tls ✅
3. Make other server serve tls ✅
4. implement jwt to validate requests to other partys (especialy for admin requests) ✅

Requirements

• Golang Version 1.23.0+
• Visual Studio Code 1.92.2+
  • Plugin recommendations are managed via workspace recommendations.
• Bash script friendly environment

Deployment

The Go binaries are able to run without system dependencies so there are not many requirements for the system to run the festivals-identity-server binary. The config file needs to be placed at /etc/festivals-identity-server.conf or the template config file needs to be present in the directory the binary runs in.

You also need to provide certificates in the right format and location:

• The default path to the root CA certificate is /usr/local/festivals-identity-server/ca.crt
• The default path to the server certificate is /usr/local/festivals-identity-server/server.crt
• The default path to the corresponding key is /usr/local/festivals-identity-server/server.key
• The default path to the authentication certificate is /usr/local/festivals-identity-server/authentication.pem
• The default path to the corresponding key is /usr/local/festivals-identity-server/authentication-key.pem

Where the root CA certificate is required to validate incoming requests, the server certificate and key is required to make outgoing connections and the authentication certificate and key is required to create and validate JSON Web Token (JWT) for the authentication API. For instructions on how to manage and create the certificates see the festivals-pki repository.

VM

#Installing
curl -o install.sh https://raw.githubusercontent.com/Festivals-App/festivals-identity-server/master/operation/install.sh
chmod +x install.sh
sudo ./install.sh <mysql_root_pw> <mysql_backup_pw> <read_write_pw>
sudo nano /etc/mysql/mysql.conf.d/mysqld.cnf          // edit bind-address=<private-ip>

#Updating
curl -o update.sh https://raw.githubusercontent.com/Festivals-App/festivals-identity-server/master/operation/update.sh
chmod +x update.sh
sudo ./update.sh

#To see if the server is running use:
sudo systemctl status festivals-identity-server

Build and run using make

make build
make run
# Default API Endpoint : http://localhost:22580

FestivalsIdentityAPI

The FestivalsIdentityAPI is documented in detail here.

Architecture

There are a three diffrent security mechanisms to secure the festivalsapp backend, at first every party needs a valid client certificate from the FestivalsApp Root CA to communicate with other partys via mTLS, for more information see the festivals-pki repository. After secure communication is established, clients need either an API key for the read-only parts of the FestivalsAPI or an JSON Web Token (JWT) for everything else. The JWT is used to implement a role-based access control (RBAC) to decide whether the user is authorized to access the given function.

The general documentation for the Festivals App is in the festivals-documentation repository. The documentation repository contains architecture information, general deployment documentation, templates and other helpful documents.

Engage

I welcome every contribution, whether it is a pull request or a fixed typo. The best place to discuss questions and suggestions regarding the festivals-identity-server is the issues section. More general information and a good starting point if you want to get involved is the festival-documentation repository.

The following channels are available for discussions, feedback, and support requests:

Type	Channel
General Discussion
Other Requests

Licensing

Copyright (c) 2020-2024 Simon Gaus. Licensed under the GNU Lesser General Public License v3.0