Security

  https://docs.google.com/document/d/1tVIsBVRwF9cESAvhBLbqwJftuJtXcx8t-fO4KmB1QaQ/edit?usp=sharing API Routes /api/signup : Handles user signup. Validates email and password, checks if the email is allowed, hashes the password, stores user data in the database, and sends a welcome email. /api/enroll : Handles TOTP enrollment. Generates a TOTP secret, stores it, and returns a QR code for 2FA setup. /api/login : Handles user login. Validates credentials, checks account lock status, generates tokens, and sets them as cookies. /api/validate : Validates the access token and returns user information if valid. /api/token/refresh : Refreshes the access token using a valid refresh token. /api/update_role : Updates the role of a user. /api/logout : Logs out the user by revoking tokens and clearing cookies. /api/request_reset : Initiates a password reset by generating a reset token and sending it via email. /api/reset_password/ : Resets the user's password using a valid reset token.

 sequenceDiagram     participant User     participant Browser     participant AuthServer     participant Database     % Login Flow     User->>Browser: Enter Credentials     Browser->>AuthServer: POST /api/login     AuthServer->>Database: Validate Credentials     alt Credentials Valid         Database-->>AuthServer: User Found         AuthServer->>AuthServer: Generate Access Token         AuthServer->>AuthServer: Generate Refresh Token         AuthServer->>Database: Store Refresh Token         AuthServer-->>Browser: Return Tokens         Browser->>Browser: Store Tokens in HTTP-only Cookies         Browser-->>User: Login Successful     else Credentials Invalid         D...

Enhancing Flask SSO with Role-Based Access Control (RBAC) Enhancing Flask SSO with Role-Based Access Control (RBAC) To enhance your Single Sign-On (SSO) application with Role-Based Access Control (RBAC), you need to implement a mechanism to assign roles to users and control access to different routes or resources based on those roles. Here's how you can do it step by step: 1. Extend the Database Schema You'll need to add a role column to the users table so that each user can be assigned a role, such as "admin," "user," or any other custom role. def init_db(): try: with sqlite3.connect('sso_service.db') as conn: c = conn.cursor() c.execute('''CREATE TABLE IF NOT EXISTS tokens (token TEXT PRIMARY KEY, username TEXT, token_type TEXT, expiration DATETIME)''') c.execute('''CREATE TABLE IF NOT EXISTS totp_secrets (username TEXT ...

 

Poll-monitor/SSH remote access to WSL (Windows Subsystem for Linux) Windows 2022 server and enable wsl.exe automatically during Windows 2022 server restart/reboot from remote Ubuntu 22.04 LTS Shell Script Copy Code #!/bin/bash # Log file location LOG_FILE="/var/log/ping_monitor.log" SERVICE_NAME="ping_monitor.service" # Function to log messages with timestamps log_message() { echo "$(date +"%Y-%m-%d %H:%M:%S") - $1" >> $LOG_FILE } # IP address to ping IP_ADDRESS="A.B.C.D" # Number of timeouts and replies to check TIMEOUT_COUNT=2 # Adjust this as needed REPLY_COUNT=4 # Initialize counters timeout_counter=0 reply_counter=0 # Infinite loop to monitor the ping status while true; do # Ping the IP address once ping -c 1 $IP_ADDRESS > /dev/null 2>&1 # Check the exit status of the ping command if [ $? -ne 0 ]; then # Increment the timeout counter if the pi...

Automatic trigger enabling of Openresty during WSL (Windows Subsystem of Linux) startup in Windows 2022 Server Step 1: Login as Sudo user in WSL and Install the below package first Copy Code sudo apt install expect Step 2: Create the shell script as below Copy Code nano start_openresty_expect.sh #!/usr/bin/expect -f set timeout 10 spawn sudo service openresty start expect "password for jegan:" send "jegan@123\r" expect eof Step 3: Provide executable permission to the shell script start_openresty_expect.sh Copy Code chmod +x start_openresty_expect.sh Step 4: Go to bashrc file Copy Code nano ~/.bashrc Step 5: Add the below at the end of the bashrc file, then save and exit Copy Code ~/start_openresty_expect.sh Step 6: Update bashrc Copy Code source ~/.bashrc Whenever the WSL restarts/reboots/starts Openresty will be automat...