Skip to content

Latest commit

 

History

History
221 lines (152 loc) · 5.54 KB

readme.md

File metadata and controls

221 lines (152 loc) · 5.54 KB

Role-Based Access Control (RBAC) System

Project Overview

This project demonstrates the implementation of an Authentication, Authorization, and Role-Based Access Control (RBAC) system. It ensures secure user authentication, role assignment, and access control to resources based on roles and permissions. The system is built with a focus on security best practices and modular design.


Live Website

Login Details

Admin Login:

  • Username: admin
  • Password: admin123

User Login:

  • Username: user
  • Password: user1234

Moderator Login:

  • Username: moderator
  • Password: moderator@123


Features

Authentication

  • User registration with secure password hashing.
  • User login with secure session management (JWT/OAuth).
  • Logout functionality to revoke access tokens or sessions.

Authorization

  • Role-based authorization (e.g., Admin, User, Moderator).
  • Access control to specific resources or endpoints based on roles and permissions.

Role-Based Access Control (RBAC)

  • Dynamic role assignment to users.
  • Permission-based access control tied to roles.
  • Middleware to enforce access restrictions based on user roles.

Additional Features

  • Password reset functionality.
  • Activity logging for user actions.
  • Secure API endpoints protected with JWT/OAuth.
  • Scalable and modular codebase.

Technologies Used

  • Backend Framework: Laravel / Express.js / php
  • Database: MySQL / PostgreSQL
  • Authentication: JSON Web Tokens (JWT) / OAuth
  • Frontend Framework: React.js / Vue.js / Angular
  • Other Tools: Middleware for request validation, bcrypt for password hashing, role and permission middleware.

System Architecture

The system is designed with a modular and scalable architecture:

  1. Authentication Module:

    • Handles user registration, login, and logout.
    • Uses hashed passwords and secure token-based session management.
  2. Authorization Module:

    • Ensures users can only access resources based on assigned roles.
    • Middleware enforces access restrictions dynamically.
  3. RBAC Module:

    • Role and permission management system.
    • Easily configurable for new roles and permissions.

How to Use

1. Registration and Login

  • Register as a new user at /register.

alt text

  • Login with your credentials at /login to receive an access token.

alt text

2. Role Management

  • Assign roles (Admin, User, Moderator) through the admin panel or API endpoints.

alt text

3. Access Restricted Endpoints

  • Access resources based on roles and permissions. Unauthorized users will receive a 403 Forbidden response. alt text

API Endpoints

Authentication

  • POST /api/register - Register a new user.
  • POST /api/login - Login and get an access token.
  • POST /api/logout - Logout and revoke the token.

Role Management

  • POST /api/roles - Create a new role.
  • GET /api/roles - View all roles.

Access Control

  • Protected routes based on user roles (e.g., /admin, /moderator, /user).

Installation

Prerequisites

  • PHP (v8.2 or later recommended)
  • Composer (for managing PHP dependencies)
  • MySQL or any SQL Database
  • Laravel Framework

Steps to Install

  1. Clone the repository:

    git clone https://github.com/ProgrammingPirates/VRV-Security-s.git
    cd vrv
  2. Install PHP dependencies using Composer:

    composer install
  3. Configure Environment Variables: Copy the example .env file to create a new .env file:

    cp .env.example .env

    Open the .env file and configure the following:

    DB_CONNECTION=mysql
    DB_HOST=127.0.0.1
    DB_PORT=3306
    DB_DATABASE=your_database_name
    DB_USERNAME=your_database_username
    DB_PASSWORD=your_database_password
    
    JWT_SECRET=your-secret-key
  4. Generate Laravel application key:

    php artisan key:generate
  5. Run migrations to create necessary database tables:

    php artisan migrate
  6. Start the development server:

    php artisan serve

    This will start the server on http://localhost:8000.

Demo

alt text

alt text

alt text

Dependencies

Core


Development Tools


Running Tests

Run the tests with:

php artisan test

Contributing

If you want to contribute to the project:

  1. Fork the repository.
  2. Create a new branch (git checkout -b feature-branch).
  3. Commit your changes (git commit -am 'Add feature').
  4. Push to the branch (git push origin feature-branch).
  5. Create a new pull request.