Create accurate description of what WALNUT is

This commit is contained in:
AJ ONeal 2017-07-28 17:16:13 -06:00
parent 2ecfbc1e98
commit 47e73ceee8
1 changed files with 52 additions and 35 deletions

View File

@ -1,19 +1,47 @@
walnut
======
Small, light, and secure iot application framework.
An opinionated, constrained, secure application framework with a hard shell - like iOS, but for a home server.
Security Features
* JSON-only APIs
* JWT (not cookie*) authentication
* no server-rendered html
* disallows urlencoded forms, except for secured webhooks
* disallows cookies, except for protected static assets
* api.* subdomain for apis
* assets.* subdomain for protected assets
* *must* sit behind a trusted https proxy (such as [Goldilocks](https://git.daplie.com/Daplie/goldilocks.js)
* HTTPS-only (checks for X-Forwarded-For)
* AES, RSA, and ECDSA encryption and signing
* Safe against CSRF, XSS, and SQL injection
* Safe against Compression attacks
\*Cookies are used only for GETs and only where using a token would be less secure -
such as images which would otherwise require the token to be passed into the img src.
They are also scoped such that CSRF attacks are not possible.
Application Features
* JSON-only expressjs APIs
* Capability-based permissions system for (oauth3-discoverable) packages such as
* large file access (files@daplie.com)
* database access (data@daplie.com)
* scheduling (for background tasks, alerts, alarms, calendars, reminders, etc) (events@daplie.com)
* payments (credit card) (payments@daplie.com)
* email (email@daplie.com)
* SMS (texting) (tel@daplie.com)
* voice (calls and answering machine) (tel@daplie.com)
* lamba-style functions (functions@daplie.com)
* Per-app, per-site, and per-user configurations
* Multi-Tentated Application Management
* Built-in OAuth2 & OAuth3 support
```bash
curl https://daplie.me/install-scripts | bash
daplie-install-cloud
```
If the pretty url isn't working, for whatever reason, you also try the direct one
```bash
# curl https://git.daplie.com/Daplie/daplie-snippets/raw/master/install.sh | bash
# daplie-install-cloud
daplie-install-walnut
```
You could also, of course, try installing from the repository directly
@ -25,36 +53,17 @@ git clone git@git.daplie.com:Daplie/walnut.js.git /srv/walnut/core
pushd /srv/walnut/core
git checkout v1
popd
bash /srv/walnut/core/install.sh
bash /srv/walnut/core/install-helper.sh
```
Features
------
Initial Configuration
-------------
* Works with Goldilocks for secure, Let's Encrypt maneged, https-only serving
Once installed and started you can visit <https://localhost.daplie.me:3000>.
* IOT Application server written in [Node.js](https://nodejs.org)
* Small memory footprint (for a node app)
* Secure
* Uses JWT, not Cookies\*
* HTTPS-only (checks for X-Forwarded-For)
* AES, RSA, and ECDSA encryption and signing
* Safe against CSRF, XSS, and SQL injection
* Safe against Compression attacks
* Multi-Tentated Application Management
* Built-in OAuth2 & OAuth3 support
\*Cookies are used only for GETs and only where using a token would be less secure
such as images which would otherwise require the token to be passed into the img src.
They are also scoped such that CSRF attacks are not possible.
In Progress
-----------
* HTTPS Key Pinning
* Heroku (pending completion of PostgreSQL support)
* [GunDB](https://gundb.io) Support
* OpenID support
```
curl http://localhost.daplie.me:3000 -H 'X-Forwarded-Proto: https'
```
API
---
@ -258,3 +267,11 @@ API
```
req.apiUrlPrefix => https://api.example.com/api/tld.domain.pkg
```
TODO
----
* HTTPS Key Pinning
* Heroku (pending completion of PostgreSQL support)
* [GunDB](https://gundb.io) Support
* OpenID support