From 636a0266975e25b49770ecc072360fd91bd1b225 Mon Sep 17 00:00:00 2001 From: Kshitij <160704796+kshitij-ka@users.noreply.github.com> Date: Fri, 4 Jul 2025 01:32:07 +0530 Subject: [PATCH] Added TODO page. --- 1.1-TODO.md | 89 +++++++++++++++++++++++++++++++++++++++++++++++++++++ Home.md | 8 ++++- 2 files changed, 96 insertions(+), 1 deletion(-) create mode 100644 1.1-TODO.md diff --git a/1.1-TODO.md b/1.1-TODO.md new file mode 100644 index 0000000..064ab56 --- /dev/null +++ b/1.1-TODO.md @@ -0,0 +1,89 @@ +# 1.1-TODO + +--- + +## Already Implemented + +### Authentication & Security + +- [x] JWT-based login/logout +- [x] Token blacklist for logout +- [x] Brute-force protection using RateLimiter +- [x] HTTPS enforced in Spring Security +- [x] `User` entity implementing `UserDetails` +- [x] Secure password storage using encoder +- [x] Strong AES + RSA hybrid file encryption +- [x] Encrypted RSA private key stored with salt & IV +- [x] Public RSA key stored per user +- [x] AES key generated per file upload + +### Encryption & Decryption + +- [x] RSA-encrypted AES key prepended to file +- [x] Private key decrypted with password-derived AES key +- [x] File decrypted using AES key after RSA unwrap + +### HDFS Integration + +- [x] File upload to HDFS +- [x] File download from HDFS +- [x] Folder creation, file/folder deletion +- [x] List files and folders recursively + +--- + +## Partially Done or In Progress + +### Refresh Token Support + +- [ ] Refresh token mechanism (JWT renewal without re-login) + + - Partially mentioned, but not yet implemented + +### Caching Decrypted Private Keys + +- [ ] Server-side caching of decrypted private key post-login + + - To avoid decrypting private key on every download + - Should auto-clear on logout or token expiry + +--- + +## Still Pending or Not Implemented + +### Input Validation + +- [ ] Username validation: must be alphanumeric +- [ ] Strong password policy: check against HaveIBeenPwned API +- [ ] File extension and path validation before HDFS operations + +### Secret Key Management + +- [ ] Move JWT secret & encryption secrets to `.env` or Spring config (externalized config for production) +- [ ] Ensure secret key is 32-byte base64 (already discussed but may need verifying) + +### Miscellaneous + +- [ ] Clean up obsolete code and files (e.g., old encryption logic, unused fields/methods) +- [ ] Unit & integration tests for: + + - Auth + - Encryption logic + - HDFS controller +- [ ] Error handling standardization across services + +--- + +## Future Scope + +### User Features + +- [ ] User profile update API (change fullname/password) +- [ ] Password reset (email or security question-based) + +### File Features + +- [ ] View/download logs per file (audit trail) +- [ ] File versioning or tagging + +--- diff --git a/Home.md b/Home.md index 5d08b7b..5f2110c 100644 --- a/Home.md +++ b/Home.md @@ -1 +1,7 @@ -Welcome to the Wiki. \ No newline at end of file +# Skycrate + +Welcome to the Wiki. + +--- + +## [1.1-TODO](1.1-TODO.md)