notkshitij/SkycrateBackend
1
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity
Page: 1.1 TODO
Pages
1.1 TODO 1.2 BACKEND APIs Home
Clone
2
1.1 TODO
SonaliChaudhari edited this page 2025-07-27 15:08:31 +05:30
Table of Contents

1.1-TODO

Already Implemented

Authentication & Security

  • JWT-based login/logout
  • Token blacklist for logout
  • Brute-force protection using RateLimiter
  • HTTPS enforced in Spring Security
  • User entity implementing UserDetails
  • Secure password storage using encoder
  • Strong AES + RSA hybrid file encryption
  • Encrypted RSA private key stored with salt & IV
  • Public RSA key stored per user
  • AES key generated per file upload

Encryption & Decryption

  • RSA-encrypted AES key prepended to file
  • Private key decrypted with password-derived AES key
  • File decrypted using AES key after RSA unwrap

HDFS Integration

  • File upload to HDFS
  • File download from HDFS
  • Folder creation, file/folder deletion
  • List files and folders recursively

Done 👍

Refresh Token Support

  • Refresh token mechanism (JWT renewal without re-login)

    • Partially mentioned, but not yet implemented

Caching Decrypted Private Keys

  • Server-side caching of decrypted private key post-login

    • To avoid decrypting private key on every download
    • Should auto-clear on logout or token expiry

Still Pending or Not Implemented

Input Validation

  • Username validation: must be alphanumeric
  • Strong password policy: check against HaveIBeenPwned API
  • File extension and path validation before HDFS operations

Secret Key Management

  • Move JWT secret & encryption secrets to .env or Spring config (externalized config for production)
  • Ensure secret key is 32-byte base64 (already discussed but may need verifying)

Miscellaneous

  • Clean up obsolete code and files (e.g., old encryption logic, unused fields/methods)

  • Unit & integration tests for:

    • Auth
    • Encryption logic
    • HDFS controller

  • Error handling standardization across services

Future Scope

User Features

  • User profile update API (change fullname/password)
  • Password reset (email or security question-based)

File Features

  • View/download logs per file (audit trail)
  • File versioning or tagging