Background
There are three centralized component in this system: api, mq, coordinator. We need to add an authentication mechanism to ensure no unauthorized entity may access the resources.
Design
Each client must provide a valid user:pass pair when connecting to any central component after a secure connection is established (through tls). The credential contains a set of permissions of the client. A permission set is represented as a partial function whose domain are central components and codomain are read-only and read-write.
Example:
{
"API": "ro",
"MQ": "rw"
}
Note that the example client has read-only permission to API, read-write permission to MQ, and no permission to coordinator.
Bots are supposed to have read-write permission to API and read-only permission to MQ.
Workers are supposed to have read-only permission to coordinator.
Middlewares are supposed to have read-write permission to MQ.
Implementation
Database Schema
Add a new collection auth
to MongoDB. Its schema is defined as follows:
{
"username": <string>,
"hash": <pbkdf2 derived key>,
"permissions": {<permissions map>}
}
Only API, coordinator, and rmq auth server have read-only access to this collection.
Authentication Crate
A new crate is implemented to query the db with given credential and return granted permissions.
Coordinator & API
Credentials are attached through HTTP Basic Authentication. Only requests with proper permissions can be accepted and processed.
RabbitMQ
An rmq auth server is implemented to integrate the authentication mechanism into RabbitMQ.
See https://github.com/rabbitmq/rabbitmq-auth-backend-http.
RFC