authd/README.md

# authd

authd is a token-based authentication micro-service.

> TODO: explain basic concepts behind `authd`.

## Build

`authd` is written in Crystal.
You’ll need the following tools:

  - crystal
  - shards
  - make

To build authd, run the following commands:

```
make
```

## Deployment

```
$ authd --help
```

> TODO: documentation on how to deploy, including with the mail server and tools.

### Users storage

The storage directory will default to `./storage`.

No SQL database, database management system or other kind of setup is required to run authd and store users.

To migrate an instance of authd, a simple copy of the storage directory will be enough.

### Administrating users

> TODO: document how to manage users through `authc`.


## APIs

### Protocol

authd’s protocol is still subject to change.

> TODO: document messages.

### Libraries

> TODO: document basic functions in the `AuthD::Client` class to exchange messages with `authd`.

A `AuthD::Client` Crystal class is available to build synchronous clients in Crystal.

# Authorization rules

Logged users can:
- retrieve public data of any user **individually**
- change their own data: password, email address, profile entries (except the read-only ones)
- delete their account
- check their own permissions

Admins with 'Read' permission on the '*' resource can:
- list users
- check permissions of other users

Admins with 'Edit' permission on the '*' resource can:
- change data of another user

Admins with 'Admin' permission on the '*' resource (or the 'admin' boolean) can:
- change read-only profile entries
- change permissions
- delete a user
- uprank and downrank admins

## Contributing

Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.

Please make sure to update tests as appropriate.

# WIP: design choices

An user has a number, a login, an email address, a profile (`Hash(String, JSON::Any)`) and permissions.
An `admin` boolean also tells weither or not the user is an administrator.

**Requests work mostly on current user**.
Some take a *UserID* to identify another user (its number or its login, both are valid), which often implies admin permissions.

**Permissions** are: None, Read, Edit, Admin.
Plus, the `admin` boolean value in the `AuthD::User` class.

> TODO: continue explaining design choices.
-												README re-introduced.

											
										
										
											2019-12-17 16:18:29 +01:00
+								# authd
 								authd is a token-based authentication micro-service.
-												README: add + update + fix most explanations. Sill very much WIP.

											
										
										
											2023-06-13 18:15:47 +02:00
+								> TODO: explain basic concepts behind `authd`.
-												README re-introduced.

											
										
										
											2019-12-17 16:18:29 +01:00
-												README: add + update + fix most explanations. Sill very much WIP.

											
										
										
											2023-06-13 18:15:47 +02:00
+								## Build
-												README re-introduced.

											
										
										
											2019-12-17 16:18:29 +01:00
-												README: add + update + fix most explanations. Sill very much WIP.

											
										
										
											2023-06-13 18:15:47 +02:00
+								`authd` is written in Crystal.
 								You’ll need the following tools:
-												README re-introduced.

											
										
										
											2019-12-17 16:18:29 +01:00
 								  - crystal
 								  - shards
 								  - make
 								To build authd, run the following commands:
 								```
 								make
 								```
 								## Deployment
 								```
 								$ authd --help
 								```
-												README: add + update + fix most explanations. Sill very much WIP.

											
										
										
											2023-06-13 18:15:47 +02:00
+								> TODO: documentation on how to deploy, including with the mail server and tools.
-												README re-introduced.

											
										
										
											2019-12-17 16:18:29 +01:00
+								### Users storage
 								The storage directory will default to `./storage`.
 								No SQL database, database management system or other kind of setup is required to run authd and store users.
 								To migrate an instance of authd, a simple copy of the storage directory will be enough.
 								### Administrating users
-												README: add + update + fix most explanations. Sill very much WIP.

											
										
										
											2023-06-13 18:15:47 +02:00
+								> TODO: document how to manage users through `authc`.
-												README re-introduced.

											
										
										
											2019-12-17 16:18:29 +01:00
 								## APIs
 								### Protocol
 								authd’s protocol is still subject to change.
-												README: add + update + fix most explanations. Sill very much WIP.

											
										
										
											2023-06-13 18:15:47 +02:00
+								> TODO: document messages.
-												README re-introduced.

											
										
										
											2019-12-17 16:18:29 +01:00
+								### Libraries
-												README: add + update + fix most explanations. Sill very much WIP.

											
										
										
											2023-06-13 18:15:47 +02:00
+								> TODO: document basic functions in the `AuthD::Client` class to exchange messages with `authd`.
-												README re-introduced.

											
										
										
											2019-12-17 16:18:29 +01:00
+								A `AuthD::Client` Crystal class is available to build synchronous clients in Crystal.
-												README: add + update + fix most explanations. Sill very much WIP.

											
										
										
											2023-06-13 18:15:47 +02:00
+								# Authorization rules
-												README re-introduced.

											
										
										
											2019-12-17 16:18:29 +01:00
-												README: add + update + fix most explanations. Sill very much WIP.

											
										
										
											2023-06-13 18:15:47 +02:00
+								Logged users can:
 								- retrieve public data of any user **individually**
 								- change their own data: password, email address, profile entries (except the read-only ones)
 								- delete their account
 								- check their own permissions
-												README re-introduced.

											
										
										
											2019-12-17 16:18:29 +01:00
-												README: add + update + fix most explanations. Sill very much WIP.

											
										
										
											2023-06-13 18:15:47 +02:00
+								Admins with 'Read' permission on the '*' resource can:
 								- list users
-												README: talk about permissions.

											
										
										
											2023-06-13 18:34:51 +02:00
+								- check permissions of other users
-												README re-introduced.

											
										
										
											2019-12-17 16:18:29 +01:00
-												README: add + update + fix most explanations. Sill very much WIP.

											
										
										
											2023-06-13 18:15:47 +02:00
+								Admins with 'Edit' permission on the '*' resource can:
 								- change data of another user
-												README re-introduced.

											
										
										
											2019-12-17 16:18:29 +01:00
-												README: add + update + fix most explanations. Sill very much WIP.

											
										
										
											2023-06-13 18:15:47 +02:00
+								Admins with 'Admin' permission on the '*' resource (or the 'admin' boolean) can:
-												README: talk about permissions.

											
										
										
											2023-06-13 18:34:51 +02:00
+								- change read-only profile entries
 								- change permissions
-												README: add + update + fix most explanations. Sill very much WIP.

											
										
										
											2023-06-13 18:15:47 +02:00
+								- delete a user
 								- uprank and downrank admins
-												README re-introduced.

											
										
										
											2019-12-17 16:18:29 +01:00
 								## Contributing
 								Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.
 								Please make sure to update tests as appropriate.
-												README: add + update + fix most explanations. Sill very much WIP.

											
										
										
											2023-06-13 18:15:47 +02:00
 								# WIP: design choices
 								An user has a number, a login, an email address, a profile (`Hash(String, JSON::Any)`) and permissions.
 								An `admin` boolean also tells weither or not the user is an administrator.
 								**Requests work mostly on current user**.
 								Some take a *UserID* to identify another user (its number or its login, both are valid), which often implies admin permissions.
 								**Permissions** are: None, Read, Edit, Admin.
 								Plus, the `admin` boolean value in the `AuthD::User` class.
 								> TODO: continue explaining design choices.