kitos/Aegis
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

feat: Phase 2 - Authentication and authorization (T-010 to T-013)

Browse Source
This commit is contained in:
Kitos
2026-02-06 13:15:25 +01:00
parent ec65991ac1
commit 508f0723af
11 changed files with 321 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

71
README.md
View File

@@ -45,13 +45,34 @@ docker-compose up -d
docker exec -w /app aegis-backend-1 alembic upgrade head
```
4. Verify the installation:
4. Seed the admin user:
```bash
docker exec -w /app aegis-backend-1 python -m app.seed
```
5. Verify the installation:
```bash
# Check backend health
curl http://localhost:8000/health
# Expected: {"status":"ok"}
```
### Authentication
The platform uses JWT-based authentication. After seeding, log in with the default admin credentials:
```bash
# Obtain a token
curl -X POST http://localhost:8000/api/v1/auth/login \
-d "username=admin&password=admin123"
# Use the token to access protected endpoints
curl http://localhost:8000/api/v1/auth/me \
-H "Authorization: Bearer <your-token>"
```
> **Important:** Change the default `admin123` password and `SECRET_KEY` in production.
## Services
| Service | Port | Description |
@@ -72,31 +93,39 @@ Once the backend is running, access the interactive API documentation at:
```
Aegis/
├── docker-compose.yml # Docker services configuration
├── docker-compose.yml # Docker services configuration
├── backend/
│ ├── Dockerfile # Backend container definition
│ ├── requirements.txt # Python dependencies
│ ├── alembic.ini # Alembic configuration
│ ├── alembic/ # Database migrations
│ ├── Dockerfile # Backend container definition
│ ├── requirements.txt # Python dependencies
│ ├── alembic.ini # Alembic configuration
│ ├── alembic/ # Database migrations
│ │ ├── env.py
│ │ ├── versions/ # Migration files
│ │ ├── versions/ # Migration files
│ │ └── ...
│ └── app/
│ ├── __init__.py
│ ├── main.py # FastAPI application entry point
│ ├── config.py # Application settings
│ ├── database.py # SQLAlchemy configuration
│ ├── models/ # SQLAlchemy models
├── user.py # User authentication model
│ ├── technique.py # MITRE ATT&CK techniques
│ │ ├── test.py # Security tests
│ │ ├── evidence.py # Test evidence files
│ │ ├── intel.py # Threat intelligence items
│ │ ├── audit.py # Audit logging
│ │ ── enums.py # Shared enumerations
└── services/ # Business logic services
│ ├── main.py # FastAPI application entry point
│ ├── config.py # Application settings
│ ├── database.py # SQLAlchemy configuration
│ ├── auth.py # Password hashing & JWT utilities
│ ├── seed.py # Admin seed script (python -m app.seed)
├── models/ # SQLAlchemy models
│ │ ├── user.py # User authentication model
│ │ ├── technique.py # MITRE ATT&CK techniques
│ │ ├── test.py # Security tests
│ │ ├── evidence.py # Test evidence files
│ │ ── intel.py # Threat intelligence items
│ ├── audit.py # Audit logging
│ │ └── enums.py # Shared enumerations
│ ├── schemas/ # Pydantic request/response schemas
│ │ └── auth.py # LoginRequest, TokenResponse, UserOut
│ ├── routers/ # API endpoint routers
│ │ └── auth.py # POST /auth/login, GET /auth/me
│ ├── dependencies/ # FastAPI dependencies (DI)
│ │ └── auth.py # get_current_user, require_role (RBAC)
│ └── services/ # Business logic services
│ └── audit_service.py
└── frontend/ # React frontend (coming soon)
└── frontend/ # React frontend (coming soon)
```
## Database Schema
@@ -120,6 +149,8 @@ The application can be configured via environment variables:
|----------|---------|-------------|
| `DATABASE_URL` | `postgresql://postgres:postgres@postgres:5432/attackdb` | PostgreSQL connection string |
| `SECRET_KEY` | `change-me-in-production` | JWT signing key |
| `ALGORITHM` | `HS256` | JWT signing algorithm |
| `ACCESS_TOKEN_EXPIRE_MINUTES` | `60` | JWT token lifetime in minutes |
| `MINIO_ENDPOINT` | `minio:9000` | MinIO server endpoint |
| `MINIO_ACCESS_KEY` | `minioadmin` | MinIO access key |
| `MINIO_SECRET_KEY` | `minioadmin` | MinIO secret key |