Kriyaetive Vaultify

Vaultify: Authentication and Authorization Service

Vaultify is a high-performance authentication and authorization service built with Rust and Cap'n Proto. It provides a secure, scalable, and modular foundation for managing user identities, role-based access control (RBAC), and session management in distributed systems. With built-in support for JWT (JSON Web Tokens) and PostgreSQL, Vaultify ensures that applications can handle user authentication efficiently, while offering the flexibility to extend functionality through plugins.

Key Features:

• User Registration and Login: Vaultify enables user sign-up and login functionalities, securely storing user credentials and roles in a PostgreSQL database.

• JWT-Based Authentication: After successful login, Vaultify generates JWT tokens for session management, allowing easy integration with other services through token-based authentication.

• Role-Based Access Control (RBAC): Define user roles (e.g., admin, vendor, customer) and manage access permissions at scale. This allows secure access control based on roles, ensuring users have appropriate permissions.

• Cap'n Proto RPC Communication: Vaultify leverages Cap'n Proto for high-performance, low-latency remote procedure calls (RPCs) between services, making it ideal for microservices architectures.

• Extensible and Modular: Built with future extensibility in mind, Vaultify allows easy integration of additional authentication features, such as OAuth2, 2FA (two-factor authentication), or custom plugins.

• Scalable and Lightweight: Vaultify is designed to be lightweight and highly performant, making it suitable for distributed, cloud-based environments with horizontal scalability.

Use Cases:

• Secure Authentication for Microservices: Vaultify provides a unified authentication system for microservice-based architectures, ensuring secure communication between services using Cap’n Proto and JWT.

• Authorization and Role Management: Simplify user management with customizable roles and permissions for applications needing flexible access control.

• Modular Authentication Gateway: Easily integrate additional authentication methods or third-party services through Vaultify’s plugin system.

Technology Stack:

• Language: Rust
• RPC Framework: Cap’n Proto
• Database: PostgreSQL
• Authentication: JWT (JSON Web Token)
• Storage: SQLx (PostgreSQL ORM)

Why Vaultify?

Vaultify is designed to solve common authentication challenges in modern web and distributed applications. It provides developers with the tools to implement secure user login, registration, and role-based access control using state-of-the-art technology in a high-performance, low-latency environment. With its extensibility and scalability, Vaultify can grow alongside your application, whether you're building a small startup or scaling to millions of users.

Vaultify Developer Guide

Overview

Vaultify is a microservice built using Rust and Cap'n Proto for authentication and authorization. It provides a foundation for managing user registration, login, and role-based access control using JWT. The service communicates via Cap’n Proto RPC, using PostgreSQL for data storage and JWT for user session management.

---

1. System Requirements

To run and contribute to Vaultify, ensure you have the following installed on your system:

• Rust (latest stable version)
• Cap’n Proto (for schema compilation)
  • Install via sudo apt install capnproto (Linux) or using Homebrew on macOS.
• PostgreSQL (as the database)
• Cargo (Rust's package manager)
• Docker (optional, if using containers for development)

---

2. Setting Up the Development Environment

2.1 Clone the Repository

git clone https://github.com/your-organization/vaultify.git
cd vaultify

2.2 Install Rust and Cap’n Proto

Ensure you have Rust installed. If not, you can install it via rustup:

curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh

Install Cap’n Proto for schema compilation:

sudo apt install capnproto

2.3 Install PostgreSQL

Ensure you have PostgreSQL installed and running. You can use Docker to run a PostgreSQL instance easily:

docker run --name vaultify-db -e POSTGRES_USER=user -e POSTGRES_PASSWORD=password -e POSTGRES_DB=vaultify_db -p 5432:5432 -d postgres

2.4 Set Environment Variables

Create a .env file in the root of the project:

DATABASE_URL=postgres://user:password@localhost/vaultify_db
JWT_SECRET=your_jwt_secret_key

You can also export them directly for the session:

export DATABASE_URL="postgres://user:password@localhost/vaultify_db"
export JWT_SECRET="your_jwt_secret_key"

2.5 Database Setup

Execute the SQL commands from the migrations/20241016-create-user.sql file to create the required tables in the database.

2.6 Compile the Cap’n Proto Schemas

The Cap’n Proto schemas (vaultify.capnp) define the RPC interfaces for Vaultify. Compile them to generate the necessary Rust files:

capnp compile -o rust src/capnp/vaultify.capnp

This generates the necessary Rust bindings in the src/capnp/ directory.

---

3. Running the Vaultify Service

To run the Vaultify service locally:

cargo run

This will start the Vaultify service on 127.0.0.1:4000, listening for Cap’n Proto RPC requests.

Testing the Service

You can write Cap’n Proto clients to test the RPC methods (login, registerUser, validateToken). Here's a quick example of how to interact with Vaultify from a Cap’n Proto client.

use capnp_rpc::{twoparty, RpcSystem};
use tokio::net::TcpStream;
use vaultify_capnp::vaultify_service;

#[tokio::main]
async fn main() -> Result<(), Box<dyn std::error::Error>> {
    let stream = TcpStream::connect("127.0.0.1:4000").await?;
    let network = twoparty::VatNetwork::new(
        stream,
        rpc_twoparty_capnp::Side::Client,
        Default::default(),
    );
    let mut rpc_system = RpcSystem::new(network, None);
    let vaultify_client: vaultify_service::Client = rpc_system.bootstrap(rpc_twoparty_capnp::Side::Server);

    // Example: Perform login via Cap’n Proto
    let mut request = vaultify_client.login_request();
    request.get().set_email("user@example.com");
    request.get().set_password("password123");
    let response = request.send().promise.await?;
    let token = response.get()?.get_token()?;

    println!("Received token: {}", token);
    Ok(())
}

---

4. Project Structure

Here’s a breakdown of the project structure:

vaultify/
├── src/
│   ├── capnp/                    # Contains Cap'n Proto schema files
│   │   └── vaultify.capnp         # Cap'n Proto schema for Vaultify service
│   ├── db/
│   │   └── mod.rs                 # Database interaction (PostgreSQL queries)
│   ├── rpc/
│   │   └── vaultify_service.rs    # Cap'n Proto RPC service implementation
│   ├── models/
│   │   └── user.rs                # User model (data structures)
│   ├── utils/
│   │   └── jwt.rs                 # Utility functions for JWT generation/validation
│   ├── main.rs                    # Main entry point (sets up server and runs Vaultify service)
│   ├── config.rs                  # Configuration handling (e.g., database settings, secret keys)
├── migrations/                    # SQL migration scripts
│   └── 20241016-create-users.sql  # SQL migration for creating the users table
├── .env                           # Environment variables (ignored in version control)
├── .gitignore                     # Files to ignore in version control
├── Cargo.toml                     # Rust dependencies and project settings
├── Capfile                        # Cap'n Proto build configuration

Key Files:

• main.rs: Entry point of the service. Initializes the database connection, starts the Cap’n Proto server, and listens for incoming RPC requests.
• vaultify_service.rs: Contains the actual logic for the RPC methods (login, registerUser, validateToken).
• db/mod.rs: Handles database queries using SQLx.
• models/user.rs: Defines the User struct, which maps to the PostgreSQL users table.
• utils/jwt.rs: Contains utility functions to generate and validate JWT tokens.

---

5. Contributing to Vaultify

If you are contributing to Vaultify, follow these guidelines:

5.1 Code Style

• Stick to Rust best practices and idiomatic patterns.
• Ensure your code is well-documented and uses clear, meaningful variable names.

5.2 Writing Tests

• Write unit and integration tests for any new functionality you add.
• Use the built-in Rust testing framework by placing tests in a tests directory or directly within the module files using the #[cfg(test)] attribute.

5.3 Submitting a Pull Request

• Ensure all tests pass by running:

cargo test --test vaultify_service_tests

• Submit your pull request with a clear description of the changes made.
• Ensure your branch is up to date with the main branch.

---

6. Common Issues and Debugging

6.1 Database Connection Issues

• Ensure your PostgreSQL server is running and that the DATABASE_URL in the .env file is correct.

6.2 Cap’n Proto Schema Compilation

• If Cap’n Proto schemas aren’t compiling, ensure Cap’n Proto is installed on your system and that the schema file paths are correct.

capnp compile -o rust src/capnp/vaultify.capnp

6.3 JWT Token Validation Issues

• Ensure that the JWT_SECRET in the .env file matches the one being used for generating tokens.

---

7. Future Enhancements

Vaultify is designed to be extensible. Some potential future features include:

• OAuth2 integration for social logins.
• Two-factor authentication (2FA) for enhanced security.
• Admin panel for managing users and roles.

---

8. Additional Resources

• Rust Documentation: https://doc.rust-lang.org/
• Cap’n Proto Documentation: https://capnproto.org/
• SQLx Documentation: https://docs.rs/sqlx/
• jsonwebtoken Crate Documentation: https://docs.rs/jsonwebtoken/