README
About
FutoIn Security Concept is alternative to token based authentication & authorization mechanisms.
Features:
- FutoIn SecVault sensitive data storage security
- User & configuration management (FTN8):
- Stateless Authentication (FTN8.1):
- Clear text
- Message Authentication Code (HMAC with static key)
- Master Secret Authentication (FTN8.2):
- multiple master keys with custom scope support
- derived key per each peer
- automatic time-based derived key rotation
- optional automatic master key rotation
Documentation --> FutoIn Guide
Reference implementation of:
Author: Andrey Galkin
Installation for Node.js
Command line:
$ npm install @futoin/security --save
or:
$ yarn add @futoin/security --save
Examples
API documentation
Classes
- CachedManageService
FTN8: Cached Manage Service
- ManageFace
Manage Face
- ManageService
FTN8: main Manage Service
- MasterAutoregFace
FTN8.2: Master Auth Face
- MasterAuthService
FTN8.2: Master Auth Service
- MasterAutoregFace
FTN8.2: Master Auth Auto-registration Face
- MasterAutoregService
FTN8.2: Master Auth Auto-registration Service
- MasterManageFace
FTN8.2: Master Auth Manage Face
- MasterManageService
FTN8.2: Master Auth Manage Service
- ServiceApp
All-in-one AuthService initialization
- SimpleSecurityProvider
Simple passthru FTN8 security provider for Executor.
NOTE: it's suitable for lightweight services without own SecVault.
- SatelessAuthFace
FTN8.1: Stateless AuthService Face
- StatelessAuthService
Manage Service
- StatelessManageFace
FTN8.1: Stateless Manage Face
- StatelessManageService
FTN8.1.: Stateless Manage Service
- StaticMasterAuth
MasterAuth implementation for AdvancedCCM with static Master Key
NOTE: this implementation rotates only derived keys
- BaseFace
Base Face with neutral common registration functionality
- BaseService
Base Service with common registration logic
CachedManageService
FTN8: Cached Manage Service
new CachedManageService(scope, options)
C-tor
| Param | Type | Default | Description |
|---|---|---|---|
| scope | object |
scope of related services | |
| options | object |
passed to superclass c-tor | |
| options.scope | integer |
main.globalScope |
scope state |
ManageFace
Manage Face
ManageService
FTN8: main Manage Service
MasterAutoregFace
FTN8.2: Master Auth Face
MasterAuthService
FTN8.2: Master Auth Service
MasterAutoregFace
FTN8.2: Master Auth Auto-registration Face
MasterAutoregService
FTN8.2: Master Auth Auto-registration Service
MasterManageFace
FTN8.2: Master Auth Manage Face
MasterManageService
FTN8.2: Master Auth Manage Service
ServiceApp
All-in-one AuthService initialization
Kind: global class
- ServiceApp
- new ServiceApp(as, options)
- .ccm() ⇒
AdvancedCCM - .executor() ⇒
Executor - .close([done])
new ServiceApp(as, options)
C-tor
| Param | Type | Default | Description |
|---|---|---|---|
| as | AsyncSteps |
AsyncSteps interface | |
| options | object |
{} |
options |
| [options.ccm] | AdvancedCCM |
external CCM instance | |
| [options.publicExecutor] | Executor |
external public executor instance | |
| [options.privateExecutor] | Executor |
external private executor instance | |
| [options.storagePassword] | string |
Base64 encoded KEK for storage | |
| [options.config] | object |
config overrides for MasterService | |
| [options.ccmOptions] | object |
auto-CCM options | |
| [options.notExpectedHandler] | callable |
'notExpected' error handler | |
| [options.privateExecutorOptions] | object |
private auto-Executor options | |
| [options.publicExecutorOptions] | object |
public auto-Executor options | |
| [options.evtOptions] | object |
eventstream options | |
| [options.secVaultOptions] | object |
secure vault options | |
| [options.securityOptions] | object |
security interface options |
serviceApp.ccm() ⇒ AdvancedCCM
CCM instance accessor
Kind: instance method of ServiceApp
Returns: AdvancedCCM - instance
serviceApp.executor() ⇒ Executor
Executor instance accessor
Kind: instance method of ServiceApp
Returns: Executor - instance
serviceApp.close([done])
Shutdown of app and related instances
Kind: instance method of ServiceApp
| Param | Type | Default | Description |
|---|---|---|---|
| [done] | callable |
|
done callback |
SimpleSecurityProvider
Simple passthru FTN8 security provider for Executor.
NOTE: it's suitable for lightweight services without own SecVault.
SatelessAuthFace
FTN8.1: Stateless AuthService Face
StatelessAuthService
Manage Service
StatelessManageFace
FTN8.1: Stateless Manage Face
StatelessManageService
FTN8.1.: Stateless Manage Service
StaticMasterAuth
MasterAuth implementation for AdvancedCCM with static Master Key
NOTE: this implementation rotates only derived keys
new StaticMasterAuth(options, keyId, keyData, [paramFormat], [kds], [macAlgo])
C-tor
| Param | Type | Default | Description |
|---|---|---|---|
| options | object |
Options | |
| keyId | string |
master key ID | |
| keyData | string |
master key data in Base64 | |
| [paramFormat] | string |
"YYYYMMDD" |
format for derivation parameter |
| [kds] | string |
"HKDF256" |
key derivation strategy |
| [macAlgo] | string |
"HS256" |
MAC algorithm |
BaseFace
Base Face with neutral common registration functionality
Kind: global class
Note: Not official API
BaseFace.LATEST_VERSION
Latest supported FTN13 version
Kind: static property of BaseFace
BaseFace.PING_VERSION
Latest supported FTN4 version
Kind: static property of BaseFace
BaseFace.register(as, ccm, name, endpoint, [credentials], [options])
CCM registration helper
Kind: static method of BaseFace
| Param | Type | Default | Description |
|---|---|---|---|
| as | AsyncSteps |
steps interface | |
| ccm | AdvancedCCM |
CCM instance | |
| name | string |
CCM registration name | |
| endpoint | * |
see AdvancedCCM#register | |
| [credentials] | * |
|
see AdvancedCCM#register |
| [options] | object |
{} |
interface options |
| [options.version] | string |
"1.0" |
interface version to use |
BaseService
Base Service with common registration logic
Kind: global class
new BaseService(scope, options)
C-tor
| Param | Type | Description |
|---|---|---|
| scope | object |
scope of related services |
| options | object |
passed to superclass c-tor |
BaseService.register(as, executor, scope, options) ⇒ LimitsService
Register Service with Executor
Kind: static method of BaseService
Returns: LimitsService - instance
| Param | Type | Description |
|---|---|---|
| as | AsyncSteps |
steps interface |
| executor | Executor |
executor instance |
| scope | object |
scope of related services |
| options | object |
implementation defined options |