Update 1.1 TODO
+88
-89
@@ -1,89 +1,88 @@
|
|||||||
# 1.1-TODO
|
# 1.1-TODO
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
## Already Implemented
|
## Already Implemented
|
||||||
|
|
||||||
### Authentication & Security
|
### Authentication & Security
|
||||||
|
|
||||||
- [x] JWT-based login/logout
|
- [x] JWT-based login/logout
|
||||||
- [x] Token blacklist for logout
|
- [x] Token blacklist for logout
|
||||||
- [x] Brute-force protection using RateLimiter
|
- [x] Brute-force protection using RateLimiter
|
||||||
- [x] HTTPS enforced in Spring Security
|
- [x] HTTPS enforced in Spring Security
|
||||||
- [x] `User` entity implementing `UserDetails`
|
- [x] `User` entity implementing `UserDetails`
|
||||||
- [x] Secure password storage using encoder
|
- [x] Secure password storage using encoder
|
||||||
- [x] Strong AES + RSA hybrid file encryption
|
- [x] Strong AES + RSA hybrid file encryption
|
||||||
- [x] Encrypted RSA private key stored with salt & IV
|
- [x] Encrypted RSA private key stored with salt & IV
|
||||||
- [x] Public RSA key stored per user
|
- [x] Public RSA key stored per user
|
||||||
- [x] AES key generated per file upload
|
- [x] AES key generated per file upload
|
||||||
|
|
||||||
### Encryption & Decryption
|
### Encryption & Decryption
|
||||||
|
|
||||||
- [x] RSA-encrypted AES key prepended to file
|
- [x] RSA-encrypted AES key prepended to file
|
||||||
- [x] Private key decrypted with password-derived AES key
|
- [x] Private key decrypted with password-derived AES key
|
||||||
- [x] File decrypted using AES key after RSA unwrap
|
- [x] File decrypted using AES key after RSA unwrap
|
||||||
|
|
||||||
### HDFS Integration
|
### HDFS Integration
|
||||||
|
|
||||||
- [x] File upload to HDFS
|
- [x] File upload to HDFS
|
||||||
- [x] File download from HDFS
|
- [x] File download from HDFS
|
||||||
- [x] Folder creation, file/folder deletion
|
- [x] Folder creation, file/folder deletion
|
||||||
- [x] List files and folders recursively
|
- [x] List files and folders recursively
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
## Partially Done or In Progress
|
## Done 👍
|
||||||
|
### Refresh Token Support
|
||||||
### Refresh Token Support
|
|
||||||
|
- [x] Refresh token mechanism (JWT renewal without re-login)
|
||||||
- [ ] Refresh token mechanism (JWT renewal without re-login)
|
|
||||||
|
- Partially mentioned, but not yet implemented
|
||||||
- Partially mentioned, but not yet implemented
|
|
||||||
|
### Caching Decrypted Private Keys
|
||||||
### Caching Decrypted Private Keys
|
|
||||||
|
- [x] Server-side caching of decrypted private key post-login
|
||||||
- [ ] Server-side caching of decrypted private key post-login
|
|
||||||
|
- To avoid decrypting private key on every download
|
||||||
- To avoid decrypting private key on every download
|
- Should auto-clear on logout or token expiry
|
||||||
- Should auto-clear on logout or token expiry
|
|
||||||
|
---
|
||||||
---
|
|
||||||
|
## Still Pending or Not Implemented
|
||||||
## Still Pending or Not Implemented
|
|
||||||
|
### Input Validation
|
||||||
### Input Validation
|
|
||||||
|
- [ ] Username validation: must be alphanumeric
|
||||||
- [ ] Username validation: must be alphanumeric
|
- [ ] Strong password policy: check against HaveIBeenPwned API
|
||||||
- [ ] Strong password policy: check against HaveIBeenPwned API
|
- [ ] File extension and path validation before HDFS operations
|
||||||
- [ ] File extension and path validation before HDFS operations
|
|
||||||
|
### Secret Key Management
|
||||||
### Secret Key Management
|
|
||||||
|
- [ ] Move JWT secret & encryption secrets to `.env` or Spring config (externalized config for production)
|
||||||
- [ ] Move JWT secret & encryption secrets to `.env` or Spring config (externalized config for production)
|
- [ ] Ensure secret key is 32-byte base64 (already discussed but may need verifying)
|
||||||
- [ ] Ensure secret key is 32-byte base64 (already discussed but may need verifying)
|
|
||||||
|
### Miscellaneous
|
||||||
### Miscellaneous
|
|
||||||
|
- [ ] Clean up obsolete code and files (e.g., old encryption logic, unused fields/methods)
|
||||||
- [ ] Clean up obsolete code and files (e.g., old encryption logic, unused fields/methods)
|
- [ ] Unit & integration tests for:
|
||||||
- [ ] Unit & integration tests for:
|
|
||||||
|
- Auth
|
||||||
- Auth
|
- Encryption logic
|
||||||
- Encryption logic
|
- HDFS controller
|
||||||
- HDFS controller
|
- [ ] Error handling standardization across services
|
||||||
- [ ] Error handling standardization across services
|
|
||||||
|
---
|
||||||
---
|
|
||||||
|
## Future Scope
|
||||||
## Future Scope
|
|
||||||
|
### User Features
|
||||||
### User Features
|
|
||||||
|
- [ ] User profile update API (change fullname/password)
|
||||||
- [ ] User profile update API (change fullname/password)
|
- [ ] Password reset (email or security question-based)
|
||||||
- [ ] Password reset (email or security question-based)
|
|
||||||
|
### File Features
|
||||||
### File Features
|
|
||||||
|
- [ ] View/download logs per file (audit trail)
|
||||||
- [ ] View/download logs per file (audit trail)
|
- [ ] File versioning or tagging
|
||||||
- [ ] File versioning or tagging
|
|
||||||
|
---
|
||||||
---
|
|
||||||
|
|||||||
Reference in New Issue
Block a user