Release 0.2.0 is out!
The release is already available for free from cloud.rapidrecast.io.
The admin credentials are admin
and password admin-password
.
The cloud API protocol has moved from port 80 to port 81 to accommodate the new Admin Console.
This is quite a significant release as it sets the groundwork for the security and API.
The download links are at the bottom of the page.
Features
Admin API
The new release includes a new admin API.
The purpose of the admin API is to control and configure RapidRecast.
In this initial release, you have the following endpoints:
Method | Endpoint | Description | Example Body |
---|
POST (will become GET) | /api/v1/auth | Using basic header authentication, you can get a Json Web Token (JWT) that can be used with other parts of the service. | N/A |
POST | /api/v1/policy | Add a new RBAC policy into the system. Provisioning permissions to other users/roles is only possible if the JWT you provide allows it. | {"subject": "anon", "object": "topic:some_namespace:some_topic", "action": "write"} |
Very rudimentary, and you cannot create new users from the Admin API yet.
For this release, it only matters that you can allow anonymous users to create topics.
Admin Console
I have included a user interface, also available on the root path of the Admin API address.
This authenticates using the auth in headers and sets a cookie with the JWT.
It allows listing topics, while I work on adding more features.
Authentication
Users can now authenticate with the Admin API using basic auth.
Credentials are stored with a random salt in the database using Argon 2 id algorithm.
While I do have the capabilities to create new users, this is not yet exposed.
Authorisation (RBAC)
This release introduces an offline authorisation system, leveraged by Casbin.
The idea behind RBAC is that every action has a subject (who you are), an object (what you are doing it to), and an action (what you are doing).
Currently, the available roles are anon
and admin
.
The available objects are topic-any
, and topic:default-namespace:<your-topic>
.
The available actions are:
create
read
write
update
(deliberately distinct from write)delete
list
rename
API testing script
You can test out the API with the below script.
Find the downloads below.