Update 1.1 TODO
+88
-89
@@ -1,89 +1,88 @@
|
||||
# 1.1-TODO
|
||||
|
||||
---
|
||||
|
||||
## Already Implemented
|
||||
|
||||
### Authentication & Security
|
||||
|
||||
- [x] JWT-based login/logout
|
||||
- [x] Token blacklist for logout
|
||||
- [x] Brute-force protection using RateLimiter
|
||||
- [x] HTTPS enforced in Spring Security
|
||||
- [x] `User` entity implementing `UserDetails`
|
||||
- [x] Secure password storage using encoder
|
||||
- [x] Strong AES + RSA hybrid file encryption
|
||||
- [x] Encrypted RSA private key stored with salt & IV
|
||||
- [x] Public RSA key stored per user
|
||||
- [x] AES key generated per file upload
|
||||
|
||||
### Encryption & Decryption
|
||||
|
||||
- [x] RSA-encrypted AES key prepended to file
|
||||
- [x] Private key decrypted with password-derived AES key
|
||||
- [x] File decrypted using AES key after RSA unwrap
|
||||
|
||||
### HDFS Integration
|
||||
|
||||
- [x] File upload to HDFS
|
||||
- [x] File download from HDFS
|
||||
- [x] Folder creation, file/folder deletion
|
||||
- [x] List files and folders recursively
|
||||
|
||||
---
|
||||
|
||||
## Partially Done or In Progress
|
||||
|
||||
### Refresh Token Support
|
||||
|
||||
- [ ] Refresh token mechanism (JWT renewal without re-login)
|
||||
|
||||
- Partially mentioned, but not yet implemented
|
||||
|
||||
### Caching Decrypted Private Keys
|
||||
|
||||
- [ ] Server-side caching of decrypted private key post-login
|
||||
|
||||
- To avoid decrypting private key on every download
|
||||
- Should auto-clear on logout or token expiry
|
||||
|
||||
---
|
||||
|
||||
## Still Pending or Not Implemented
|
||||
|
||||
### Input Validation
|
||||
|
||||
- [ ] Username validation: must be alphanumeric
|
||||
- [ ] Strong password policy: check against HaveIBeenPwned API
|
||||
- [ ] File extension and path validation before HDFS operations
|
||||
|
||||
### Secret Key Management
|
||||
|
||||
- [ ] Move JWT secret & encryption secrets to `.env` or Spring config (externalized config for production)
|
||||
- [ ] Ensure secret key is 32-byte base64 (already discussed but may need verifying)
|
||||
|
||||
### Miscellaneous
|
||||
|
||||
- [ ] Clean up obsolete code and files (e.g., old encryption logic, unused fields/methods)
|
||||
- [ ] Unit & integration tests for:
|
||||
|
||||
- Auth
|
||||
- Encryption logic
|
||||
- HDFS controller
|
||||
- [ ] Error handling standardization across services
|
||||
|
||||
---
|
||||
|
||||
## Future Scope
|
||||
|
||||
### User Features
|
||||
|
||||
- [ ] User profile update API (change fullname/password)
|
||||
- [ ] Password reset (email or security question-based)
|
||||
|
||||
### File Features
|
||||
|
||||
- [ ] View/download logs per file (audit trail)
|
||||
- [ ] File versioning or tagging
|
||||
|
||||
---
|
||||
# 1.1-TODO
|
||||
|
||||
---
|
||||
|
||||
## Already Implemented
|
||||
|
||||
### Authentication & Security
|
||||
|
||||
- [x] JWT-based login/logout
|
||||
- [x] Token blacklist for logout
|
||||
- [x] Brute-force protection using RateLimiter
|
||||
- [x] HTTPS enforced in Spring Security
|
||||
- [x] `User` entity implementing `UserDetails`
|
||||
- [x] Secure password storage using encoder
|
||||
- [x] Strong AES + RSA hybrid file encryption
|
||||
- [x] Encrypted RSA private key stored with salt & IV
|
||||
- [x] Public RSA key stored per user
|
||||
- [x] AES key generated per file upload
|
||||
|
||||
### Encryption & Decryption
|
||||
|
||||
- [x] RSA-encrypted AES key prepended to file
|
||||
- [x] Private key decrypted with password-derived AES key
|
||||
- [x] File decrypted using AES key after RSA unwrap
|
||||
|
||||
### HDFS Integration
|
||||
|
||||
- [x] File upload to HDFS
|
||||
- [x] File download from HDFS
|
||||
- [x] Folder creation, file/folder deletion
|
||||
- [x] List files and folders recursively
|
||||
|
||||
---
|
||||
|
||||
## Done 👍
|
||||
### Refresh Token Support
|
||||
|
||||
- [x] Refresh token mechanism (JWT renewal without re-login)
|
||||
|
||||
- Partially mentioned, but not yet implemented
|
||||
|
||||
### Caching Decrypted Private Keys
|
||||
|
||||
- [x] Server-side caching of decrypted private key post-login
|
||||
|
||||
- To avoid decrypting private key on every download
|
||||
- Should auto-clear on logout or token expiry
|
||||
|
||||
---
|
||||
|
||||
## Still Pending or Not Implemented
|
||||
|
||||
### Input Validation
|
||||
|
||||
- [ ] Username validation: must be alphanumeric
|
||||
- [ ] Strong password policy: check against HaveIBeenPwned API
|
||||
- [ ] File extension and path validation before HDFS operations
|
||||
|
||||
### Secret Key Management
|
||||
|
||||
- [ ] Move JWT secret & encryption secrets to `.env` or Spring config (externalized config for production)
|
||||
- [ ] Ensure secret key is 32-byte base64 (already discussed but may need verifying)
|
||||
|
||||
### Miscellaneous
|
||||
|
||||
- [ ] Clean up obsolete code and files (e.g., old encryption logic, unused fields/methods)
|
||||
- [ ] Unit & integration tests for:
|
||||
|
||||
- Auth
|
||||
- Encryption logic
|
||||
- HDFS controller
|
||||
- [ ] Error handling standardization across services
|
||||
|
||||
---
|
||||
|
||||
## Future Scope
|
||||
|
||||
### User Features
|
||||
|
||||
- [ ] User profile update API (change fullname/password)
|
||||
- [ ] Password reset (email or security question-based)
|
||||
|
||||
### File Features
|
||||
|
||||
- [ ] View/download logs per file (audit trail)
|
||||
- [ ] File versioning or tagging
|
||||
|
||||
---
|
||||
|
||||
Reference in New Issue
Block a user