• Stars
    star
    55
  • Rank 537,381 (Top 11 %)
  • Language
    Crystal
  • License
    MIT License
  • Created over 4 years ago
  • Updated 4 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Comprehensive security for Lucky framework

Shield

Shield is a comprehensive Identity & Access Management solution for Lucky framework. It features robust authentication and authorization, including user registrations, logins and logouts, password resets and more.

Shield is secure by default, and exploits defence-in-depth strategies, including the option to pin an authentication session to the IP address that started it -- the session is invalidated if the IP address changes.

User IDs are never saved in session. Instead, each authentication gets a unique ID and token, which is saved in session, and checked against their corresponding salted SHA-256 digests in the database.

When a user changes their password, Shield logs out the user on all devices (except the current one), to ensure that an attacker no longer has access to a previously compromised account.

Shield supports API authentication, with regular passwords or with user-generated bearer tokens. In addition, Shield comes with tools to build your own OAuth 2.0 authorization server.

Shield is designed to be resilient against critical application vulnerabilities, including brute force, user enumeration, denial of service and timing attacks.

On top of these, Shield offers seamless integration with your application. For the most part, include a bunch of modules in the appropriate classes, and you are good to go!

Design principles

  • Zero knowledge

    Shield maintains no knowledge of any secrets, and stores them such that they are irrecoverable, either by the application or by the user, if the user loses them.

  • Hashing over encryption

    In line with the Zero Knowledge principle, Shield prefers hashing to encryption, keeping knowledge of all secrets to the user that generated them.

  • Handles over assertions

    In Shield, the server is the source of truth, ensuring that all secrets can be revoked server-side, and instantly, whenever the need arises.

  • Deny by default

    Shield locks everything down, by default, and requires explicit action by the developer. This posture makes it difficult for an application to be insecure by accident.

Quick Start

Get started quickly using Penny. Penny is a Lucky application scaffold that gets you up and running with Shield.

Documentation

Find the complete documentation of Shield in the docs/ directory of this repository.

Development

Create a .env file:

DATABASE_URL=postgres://postgres:password@localhost:5432/shield_spec

Update the file with your own details. Then run tests with crystal spec.

Contributing

  1. Fork it
  2. Switch to the master branch: git checkout master
  3. Create your feature branch: git checkout -b my-new-feature
  4. Make your changes, updating changelog and documentation as appropriate.
  5. Commit your changes: git commit
  6. Push to the branch: git push origin my-new-feature
  7. Submit a new Pull Request against the GrottoPress:master branch.

More Repositories

1

mel

A scalable asynchronous event-driven jobs engine
Crystal
36
star
2

pond

Crystal WaitGroups without channels or counters
Crystal
25
star
3

markout

Markout is an awesome Crystal DSL for HTML
Crystal
22
star
4

annotation.cr

Crystal annotations
Crystal
22
star
5

kitty

Kitty is a collection of utilities for SvelteKit
TypeScript
16
star
6

cryflare

A low-level API client for Cloudflare® v4
Crystal
9
star
7

lucille

Utilities for Lucky framework
Crystal
8
star
8

bill

Accounts Receivable automation for Lucky framework
Crystal
8
star
9

envy

Load environment variables from YAML
Crystal
7
star
10

jentil

Jentil is a modern framework for rapid WordPress theme development
PHP
6
star
11

pawn

A low-level API client for Pwned Passwords
Crystal
6
star
12

wordpress-field

A library to render form fields in WordPress.
PHP
6
star
13

penny

Get up and running with Lucky framework and Shield
Crystal
5
star
14

simple_ssh

Simple stateless SSH communication
Crystal
5
star
15

haystack

A low-level API client for Paystack
Crystal
5
star
16

samba

Single Sign On authentication for Lucky framework
Crystal
4
star
17

lester

A low-level API client for LXD
Crystal
3
star
18

wordpress-breadcrumbs

A library to render breadcrumbs for a WordPress page.
PHP
3
star
19

guru

[DEPRECATED] See Mel: https://github.com/GrottoPress/mel
Crystal
2
star
20

wordpress-meta-box

A utility to set up meta boxes in WordPress
PHP
1
star
21

hapi

A low-level API client architecture for Crystal
Crystal
1
star
22

jentil-theme

A starter for building WordPress themes with Jentil
PHP
1
star
23

rex

A simple i18n adapter interface for Crystal
Crystal
1
star
24

form-field

A library to render HTML form fields.
PHP
1
star
25

wordpress-suv

A scaffold for implementing the SUV architecture
PHP
1
star
26

wordpress-posts

Query and display posts in WordPress
PHP
1
star
27

halo

SMTP adapter for Carbon mailer
Crystal
1
star