Feature: Router security

jamie commented

2024-09-03 00:00:02 +00:00

(Migrated from git.hazaar.io)

Problem Statement

The new routing engines in Hazaar MVC currently lack the capability to define secure routes that require specific security profiles. Secure routes are essential for controlling access to sensitive parts of the application based on user roles or other security criteria. Adding support for secure routes will enhance the security framework of Hazaar MVC, ensuring that only authorized users can access certain routes.

Who will benefit?

Developers and system administrators using Hazaar MVC who need to implement security measures to restrict access to certain parts of their applications will benefit from this feature. It provides a way to enforce security policies at the route level, improving overall application security.

Benefits and risks

Benefits

Enhances security by allowing routes to be protected with specific security profiles.
Provides flexibility for developers to define and enforce access control directly within the routing configuration.
Improves maintainability by centralizing security configuration in the routing definitions.

Risks

Additional complexity in managing route definitions and security profiles.
Potential performance impact if security checks are not optimized, particularly in high-traffic scenarios.
Increased responsibility to ensure that security profiles are correctly configured to avoid unintended access.

Proposed solution

Security Middleware (Per Route)
- Implement a middleware system that checks security per route before dispatching requests.
- Middleware should validate the user’s authentication state, roles, or permissions against the security profile assigned to the route.
- If unauthorized, return a 403 Forbidden response or redirect (configurable).
Security Profile Definition
- Security profiles should be defined in a configuration file (config/security.php) or registered dynamically.
- Support both role-based (admin, user, editor) and permission-based (manage_users, edit_content) access control.
- Allow multiple profiles per route (security=["admin", "editor"]).
- Support custom validation callbacks for advanced access control.

Per-Route Security Configuration

Extend Annotated, JSON, and Custom route definitions to include a security attribute.
Middleware is applied only to routes that explicitly define security.

Examples:

Annotated Route:

@Route(path="/admin/dashboard", security="admin")

JSON Route Definition:

{
  "path": "/user/profile",
  "security": "authenticated_user"
}

Custom Route Definition:

[
  'path' => '/settings',
  'controller' => 'SettingsController',
  'security' => ['admin', 'moderator']
]

Middleware Execution

If the route does not specify security, middleware is skipped.
If security is required, it checks the user’s session/permissions.
Unauthorized users receive a 403 Forbidden response or are redirected.

Example Middleware Implementation (Simplified):

class SecurityMiddleware {
    public function handle($request, $next) {
        $route = $request->getRoute();
        $securityProfile = $route->getSecurity();

        if ($securityProfile && !$this->userHasAccess($securityProfile)) {
            return $this->denyAccess();
        }

        return $next($request);
    }
}

Integration with Existing Security Features
- Supports authentication via session, JWT, OAuth, or custom methods.
- Works seamlessly with existing Hazaar MVC authentication layers.
- Configurable handling for unauthorized access (403 JSON for APIs, redirect for web apps).

Open Questions

Should routes support multiple security conditions (e.g., "admin OR editor" vs. "admin AND editor")?
Should security profiles be cached for performance in high-traffic applications?
Should there be an option to bypass security (e.g., for maintenance/debugging)?

Priority/Severity

High (This will bring a huge increase in performance/productivity/usability/legislative cover)
Medium (This will bring a good increase in performance/productivity/usability)
Low (anything else e.g., trivial, minor improvements)

## Problem Statement The new routing engines in Hazaar MVC currently lack the capability to define secure routes that require specific security profiles. Secure routes are essential for controlling access to sensitive parts of the application based on user roles or other security criteria. Adding support for secure routes will enhance the security framework of Hazaar MVC, ensuring that only authorized users can access certain routes. ## Who will benefit? Developers and system administrators using Hazaar MVC who need to implement security measures to restrict access to certain parts of their applications will benefit from this feature. It provides a way to enforce security policies at the route level, improving overall application security. ## Benefits and risks ### Benefits - Enhances security by allowing routes to be protected with specific security profiles. - Provides flexibility for developers to define and enforce access control directly within the routing configuration. - Improves maintainability by centralizing security configuration in the routing definitions. ### Risks - Additional complexity in managing route definitions and security profiles. - Potential performance impact if security checks are not optimized, particularly in high-traffic scenarios. - Increased responsibility to ensure that security profiles are correctly configured to avoid unintended access. ## Proposed solution 1. **Security Middleware (Per Route)** - Implement a middleware system that checks security per route before dispatching requests. - Middleware should validate the user’s authentication state, roles, or permissions against the security profile assigned to the route. - If unauthorized, return a `403 Forbidden` response or redirect (configurable). 2. **Security Profile Definition** - Security profiles should be defined in a configuration file (`config/security.php`) or registered dynamically. - Support both role-based (`admin`, `user`, `editor`) and permission-based (`manage_users`, `edit_content`) access control. - Allow multiple profiles per route (`security=["admin", "editor"]`). - Support custom validation callbacks for advanced access control. 3. **Per-Route Security Configuration** - Extend Annotated, JSON, and Custom route definitions to include a `security` attribute. - Middleware is applied only to routes that explicitly define `security`. **Examples:** - **Annotated Route:** ```php @Route(path="/admin/dashboard", security="admin") ``` - **JSON Route Definition:** ```json { "path": "/user/profile", "security": "authenticated_user" } ``` - **Custom Route Definition:** ```php [ 'path' => '/settings', 'controller' => 'SettingsController', 'security' => ['admin', 'moderator'] ] ``` 4. **Middleware Execution** - If the route does not specify `security`, middleware is skipped. - If security is required, it checks the user’s session/permissions. - Unauthorized users receive a `403 Forbidden` response or are redirected. **Example Middleware Implementation (Simplified):** ```php class SecurityMiddleware { public function handle($request, $next) { $route = $request->getRoute(); $securityProfile = $route->getSecurity(); if ($securityProfile && !$this->userHasAccess($securityProfile)) { return $this->denyAccess(); } return $next($request); } } ``` 5. **Integration with Existing Security Features** - Supports authentication via session, JWT, OAuth, or custom methods. - Works seamlessly with existing Hazaar MVC authentication layers. - Configurable handling for unauthorized access (403 JSON for APIs, redirect for web apps). ## Open Questions * Should routes support multiple security conditions (e.g., "admin OR editor" vs. "admin AND editor")? * Should security profiles be cached for performance in high-traffic applications? * Should there be an option to bypass security (e.g., for maintenance/debugging)? ## Priority/Severity * [x] High (This will bring a huge increase in performance/productivity/usability/legislative cover) * [ ] Medium (This will bring a good increase in performance/productivity/usability) * [ ] Low (anything else e.g., trivial, minor improvements)

jamie commented

2024-09-03 00:00:02 +00:00

(Migrated from git.hazaar.io)

assigned to @jamie