Enhance security architecture and guidelines across documentation and middleware; implement input validation, logging improvements, and security headers in API handlers.
This commit is contained in:
Leon Bösche
@@ -174,6 +174,60 @@ SSL termination and request routing.
|
||||
│◀─────────────────────────────│
|
||||
```
|
||||
|
||||
## Security Architecture
|
||||
|
||||
### Authentication & Authorization
|
||||
|
||||
- **Passkeys (WebAuthn)**: Primary authentication method using FIDO2/U2F security keys
|
||||
- **JWT Tokens**: Session-based tokens with configurable expiration
|
||||
- **Role-Based Access Control (RBAC)**: Owner, Admin, Member roles for organizations
|
||||
- **Permission System**: Granular permissions for file operations (read, write, view, edit)
|
||||
|
||||
### Input Validation & Sanitization
|
||||
|
||||
- **Path Traversal Protection**: All file paths are sanitized to prevent directory traversal attacks
|
||||
- **UUID Validation**: All resource IDs (users, orgs, files) are validated as proper UUIDs
|
||||
- **JSON Schema Validation**: API inputs are validated for correct structure and types
|
||||
|
||||
### Network Security
|
||||
|
||||
- **HTTPS Only**: All external traffic is encrypted via TLS
|
||||
- **CORS Policy**: Restricted to allowed origins with credentials support
|
||||
- **Rate Limiting**: 100 requests/minute general, 10 requests/minute for auth endpoints
|
||||
- **Security Headers**:
|
||||
- `X-Content-Type-Options: nosniff`
|
||||
- `X-Frame-Options: DENY` (except for WOPI/Collabora)
|
||||
- `X-XSS-Protection: 1; mode=block`
|
||||
- `Content-Security-Policy`: Restrictive policy allowing only necessary sources
|
||||
- `Referrer-Policy: strict-origin-when-cross-origin`
|
||||
|
||||
### Data Protection
|
||||
|
||||
- **Encrypted Storage**: Files stored encrypted in Nextcloud
|
||||
- **Secure Passwords**: Auto-generated secure passwords for Nextcloud user accounts
|
||||
- **Audit Logging**: All operations logged with user/org context
|
||||
- **No Secrets in Logs**: Sensitive data never logged
|
||||
|
||||
### API Security
|
||||
|
||||
- **Token Validation**: Every protected endpoint validates JWT tokens
|
||||
- **Session Management**: Secure session handling with database-backed validation
|
||||
- **Error Handling**: Safe error responses that don't leak internal details
|
||||
|
||||
### File Security
|
||||
|
||||
- **Scoped Access**: Users can only access files within their personal workspace or authorized organizations
|
||||
- **Share Tokens**: Public shares use short-lived, single-use tokens
|
||||
- **Nextcloud Integration**: Leverages Nextcloud's security features for file access
|
||||
|
||||
### Infrastructure Security
|
||||
|
||||
- **Container Security**: Docker images run as non-root where possible
|
||||
- **Network Isolation**: Internal Docker networks prevent direct external access
|
||||
- **Deployment Security**: Automated deployments with health checks
|
||||
|
||||
## Data Flow
|
||||
|
||||
### File Upload Flow
|
||||
|
||||
```
|
||||
|
||||
Reference in New Issue
Block a user