diff --git a/1.1-TODO.md b/1.1-TODO.md new file mode 100644 index 0000000..064ab56 --- /dev/null +++ b/1.1-TODO.md @@ -0,0 +1,89 @@ +# 1.1-TODO + +--- + +## Already Implemented + +### Authentication & Security + +- [x] JWT-based login/logout +- [x] Token blacklist for logout +- [x] Brute-force protection using RateLimiter +- [x] HTTPS enforced in Spring Security +- [x] `User` entity implementing `UserDetails` +- [x] Secure password storage using encoder +- [x] Strong AES + RSA hybrid file encryption +- [x] Encrypted RSA private key stored with salt & IV +- [x] Public RSA key stored per user +- [x] AES key generated per file upload + +### Encryption & Decryption + +- [x] RSA-encrypted AES key prepended to file +- [x] Private key decrypted with password-derived AES key +- [x] File decrypted using AES key after RSA unwrap + +### HDFS Integration + +- [x] File upload to HDFS +- [x] File download from HDFS +- [x] Folder creation, file/folder deletion +- [x] List files and folders recursively + +--- + +## Partially Done or In Progress + +### Refresh Token Support + +- [ ] Refresh token mechanism (JWT renewal without re-login) + + - Partially mentioned, but not yet implemented + +### Caching Decrypted Private Keys + +- [ ] Server-side caching of decrypted private key post-login + + - To avoid decrypting private key on every download + - Should auto-clear on logout or token expiry + +--- + +## Still Pending or Not Implemented + +### Input Validation + +- [ ] Username validation: must be alphanumeric +- [ ] Strong password policy: check against HaveIBeenPwned API +- [ ] File extension and path validation before HDFS operations + +### Secret Key Management + +- [ ] Move JWT secret & encryption secrets to `.env` or Spring config (externalized config for production) +- [ ] Ensure secret key is 32-byte base64 (already discussed but may need verifying) + +### Miscellaneous + +- [ ] Clean up obsolete code and files (e.g., old encryption logic, unused fields/methods) +- [ ] Unit & integration tests for: + + - Auth + - Encryption logic + - HDFS controller +- [ ] Error handling standardization across services + +--- + +## Future Scope + +### User Features + +- [ ] User profile update API (change fullname/password) +- [ ] Password reset (email or security question-based) + +### File Features + +- [ ] View/download logs per file (audit trail) +- [ ] File versioning or tagging + +--- diff --git a/Home.md b/Home.md index 5d08b7b..5f2110c 100644 --- a/Home.md +++ b/Home.md @@ -1 +1,7 @@ -Welcome to the Wiki. \ No newline at end of file +# Skycrate + +Welcome to the Wiki. + +--- + +## [1.1-TODO](1.1-TODO.md)