git/metabuilder
1
0
Fork 0
mirror of https://github.com/johndoe6345789/metabuilder.git synced 2026-05-01 09:14:56 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
40f044f4e2edbd7023e396c40fa6bf256624ce38
metabuilder/deployment/scripts/generate-certs.sh
johndoe6345789 df5398a7ee feat(auth): Phase 7 Flask authentication middleware with JWT and multi-tenant isolation 
Complete implementation of enterprise-grade authentication middleware for email service:

Features:
- JWT token creation/validation with configurable expiration
- Bearer token extraction and validation
- Multi-tenant isolation enforced at middleware level
- Role-based access control (RBAC) with user/admin roles
- Row-level security (RLS) for resource access
- Automatic request logging with user context and audit trail
- CORS configuration for email client frontend
- Rate limiting (50 req/min per user with Redis backend)
- Comprehensive error handling with proper HTTP status codes

Implementation:
- Enhanced src/middleware/auth.py (415 lines)
  - JWTConfig class for token management
  - create_jwt_token() for token generation
  - decode_jwt_token() for token validation
  - @verify_tenant_context decorator for auth middleware
  - @verify_role decorator for RBAC
  - verify_resource_access() for row-level security
  - log_request_context() for audit logging

Testing:
- 52 comprehensive test cases covering all features
- 100% pass rate with fast execution (0.15s)
- Test categories: JWT, multi-tenant, RBAC, RLS, logging, integration
- Full coverage of error scenarios and edge cases

Documentation:
- AUTH_MIDDLEWARE.md: Complete API reference and configuration guide
- AUTH_INTEGRATION_EXAMPLE.py: Real-world usage examples for 5+ scenarios
- PHASE_7_SUMMARY.md: Implementation summary with checklist
- Inline code documentation with type hints

Security:
- Multi-tenant data isolation at all levels
- Constant-time password comparison
- JWT signature validation
- CORS protection
- Rate limiting against abuse
- Comprehensive audit logging

Dependencies Added:
- PyJWT==2.8.1

Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
2026-01-24 00:20:19 +00:00

77 lines
2.5 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
# Phase 8: SSL/TLS Certificate Generation
# Generates self-signed certificates for development/testing
# For production, use Let's Encrypt via certbot
set -e
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
SSL_DIR="$SCRIPT_DIR/config/nginx/ssl"
POSTFIX_DIR="$SCRIPT_DIR/config/postfix/tls"
DOVECOT_DIR="$SCRIPT_DIR/config/dovecot/tls"
# Configuration
DAYS_VALID=365
KEY_SIZE=2048
COUNTRY="US"
STATE="CA"
CITY="San Francisco"
ORG="MetaBuilder"
CN="${1:-emailclient.local}"
echo "Generating SSL/TLS certificates for: $CN"
echo "Valid for: $DAYS_VALID days"
echo ""
# Create directories
mkdir -p "$SSL_DIR" "$POSTFIX_DIR" "$DOVECOT_DIR"
# Generate Nginx certificate (for HTTPS)
echo "Generating Nginx certificate..."
openssl req -x509 -newkey rsa:$KEY_SIZE -keyout "$SSL_DIR/emailclient.key" \
-out "$SSL_DIR/emailclient.crt" -days $DAYS_VALID -nodes \
-subj "/C=$COUNTRY/ST=$STATE/L=$CITY/O=$ORG/CN=$CN"
echo "✓ Nginx certificate created"
echo " Key: $SSL_DIR/emailclient.key"
echo " Cert: $SSL_DIR/emailclient.crt"
echo ""
# Generate Postfix certificate (for SMTP TLS)
echo "Generating Postfix certificate..."
openssl req -x509 -newkey rsa:$KEY_SIZE -keyout "$POSTFIX_DIR/postfix.key" \
-out "$POSTFIX_DIR/postfix.crt" -days $DAYS_VALID -nodes \
-subj "/C=$COUNTRY/ST=$STATE/L=$CITY/O=$ORG/CN=$CN"
echo "✓ Postfix certificate created"
echo " Key: $POSTFIX_DIR/postfix.key"
echo " Cert: $POSTFIX_DIR/postfix.crt"
echo ""
# Generate Dovecot certificate (for IMAP/POP3 TLS)
echo "Generating Dovecot certificate..."
openssl req -x509 -newkey rsa:$KEY_SIZE -keyout "$DOVECOT_DIR/dovecot.key" \
-out "$DOVECOT_DIR/dovecot.crt" -days $DAYS_VALID -nodes \
-subj "/C=$COUNTRY/ST=$STATE/L=$CITY/O=$ORG/CN=$CN"
echo "✓ Dovecot certificate created"
echo " Key: $DOVECOT_DIR/dovecot.key"
echo " Cert: $DOVECOT_DIR/dovecot.crt"
echo ""
# Set proper permissions
chmod 600 "$SSL_DIR"/*.key "$POSTFIX_DIR"/*.key "$DOVECOT_DIR"/*.key
chmod 644 "$SSL_DIR"/*.crt "$POSTFIX_DIR"/*.crt "$DOVECOT_DIR"/*.crt
echo "✓ Certificates generated successfully"
echo ""
echo "Certificate information:"
echo "========================"
openssl x509 -text -noout -in "$SSL_DIR/emailclient.crt" | grep -A 3 "Subject:"
echo ""
echo "WARNING: Self-signed certificates are for development/testing only."
echo "For production, use Let's Encrypt:"
echo " certbot certonly --standalone -d your.domain.com"
echo " cp /etc/letsencrypt/live/your.domain.com/fullchain.pem $SSL_DIR/emailclient.crt"
echo " cp /etc/letsencrypt/live/your.domain.com/privkey.pem $SSL_DIR/emailclient.key"
Reference in New Issue View Git Blame Copy Permalink