DataSetu Authentication, Authorization, and Accounting (AAA) Server

DataSetu-AAA is the Authentication, Authorization, and Accounting server for accessing DataSetu services.

1. Read the API documentation

Please visit DataSetu Auth server for APIs and flows.

2. Installation

2.1 Install OpenBSD 6.7 (prerequisite)

Please see OpenBSD FAQ - Installation Guide. e.g. INSTALLATION NOTES for OpenBSD/amd64 6.7

2.2 Installation of DataSetu Auth server (as root)

After installing OpenBSD, please run the command as root:

ftp -o - https://datasetu.org/install/auth | sh

This will install the Auth server at /home/datasetu-auth-server/.

The system will reboot after the setup; after which, the Auth server should be ready at https://localhost.

2.3 Setup telegram (as root)

You may add the telegram apikey and chat id in:

/home/datasetu-auth-server/config-prod.js

to get telegram notifications.

3. After install (as root)

You may run the command

tmux ls

to find the tmux sessions to manage.

Also, change the /home/datasetu-auth-server/https-certificate.pem and /home/datasetu-auth-server/https-key.pem with real TLS certificate and key.

4. Setup backups on tarsnap (as root)

cd /home/datasetu-auth-server
./setup-backup.sh

This will store backups on /root/backups

5. LICENSE

This project is released under ISC license; and the node-aperture is released under Mozilla Public License 2.0.

6. Contribute

Please run ./check.sh with NO warnings and NO errors before sending pull requests.

7. Database structure

Below is the list of tables used. There are no join queries in the project.

8. Project organization

.
|-- CCAIndia2014.cer		// CCA's 2014 certificate
|-- CCAIndia2015.cer		// CCA's 2015 certificate
|-- LICENSE			// ISC License
|-- README.md			// Readme file
|-- er.plantuml			// The database structure in plantuml 
|-- er.svg			// The database structure in svg format 
|-- ca.datasetu.org.crt		// ca.datasetu.org's certificate
|-- check.sh			// JavaScript linter
|-- crl.js			// stores the certificate revocation list in DB
|-- db-cleanup.sql		// cleans non-introspected tokens
|-- formal-proof		// WIP formal proof of Auth server code
|   |-- header
|   |-- input
|   |-- run.sh
|   `-- to-prove
|-- main.js			// the main Auth server code
|-- install			// the install script for the Auth server	
|-- pf.conf			// the firewall rules to be copied to /etc
|-- schema.sql			// the database schema
|-- rc.local			// the code to be run at every startup (dest = /etc)
|-- run				// the nodejs main.js shell script
|-- run.crl			// the nodejs crl.js shell script 
|-- run.crl.tmux		// run the 'run.crl' file in tmux
|-- run.tmux			// run the 'run' file in tmux
|-- setup			// sets up the Auth server
|-- setup.postgresql.openbsd	// sets up the postgresql server
|-- test			// test cases
|   |-- auth.py			// SDK file from pyIUDX
|   |-- check			// linter for test cases	
|   |-- init.py			// initialization of testing code 
|   |-- run			// runs the test
|   |-- test-groups.py		// test cases for group based access control
|   `-- test-tokens.py		// general test cases
`---'