This project demonstrates the implementation of an Authentication, Authorization, and Role-Based Access Control (RBAC) system. It ensures secure user authentication, role assignment, and access control to resources based on roles and permissions. The system is built with a focus on security best practices and modular design.
- Username:
admin - Password:
admin123
- Username:
user - Password:
user1234
- Username:
moderator - Password:
moderator@123
- User registration with secure password hashing.
- User login with secure session management (JWT/OAuth).
- Logout functionality to revoke access tokens or sessions.
- Role-based authorization (e.g., Admin, User, Moderator).
- Access control to specific resources or endpoints based on roles and permissions.
- Dynamic role assignment to users.
- Permission-based access control tied to roles.
- Middleware to enforce access restrictions based on user roles.
- Password reset functionality.
- Activity logging for user actions.
- Secure API endpoints protected with JWT/OAuth.
- Scalable and modular codebase.
- Backend Framework: Laravel / Express.js / php
- Database: MySQL / PostgreSQL
- Authentication: JSON Web Tokens (JWT) / OAuth
- Frontend Framework: React.js / Vue.js / Angular
- Other Tools: Middleware for request validation, bcrypt for password hashing, role and permission middleware.
The system is designed with a modular and scalable architecture:
-
Authentication Module:
- Handles user registration, login, and logout.
- Uses hashed passwords and secure token-based session management.
-
Authorization Module:
- Ensures users can only access resources based on assigned roles.
- Middleware enforces access restrictions dynamically.
-
RBAC Module:
- Role and permission management system.
- Easily configurable for new roles and permissions.
- Register as a new user at
/register.
- Login with your credentials at
/loginto receive an access token.
- Assign roles (Admin, User, Moderator) through the admin panel or API endpoints.
- Access resources based on roles and permissions. Unauthorized users will receive a
403 Forbiddenresponse.
POST /api/register- Register a new user.POST /api/login- Login and get an access token.POST /api/logout- Logout and revoke the token.
POST /api/roles- Create a new role.GET /api/roles- View all roles.
- Protected routes based on user roles (e.g.,
/admin,/moderator,/user).
- PHP (v8.2 or later recommended)
- Composer (for managing PHP dependencies)
- MySQL or any SQL Database
- Laravel Framework
-
Clone the repository:
git clone https://github.com/ProgrammingPirates/VRV-Security-s.git cd vrv -
Install PHP dependencies using Composer:
composer install
-
Configure Environment Variables: Copy the example
.envfile to create a new.envfile:cp .env.example .env
Open the
.envfile and configure the following:DB_CONNECTION=mysql DB_HOST=127.0.0.1 DB_PORT=3306 DB_DATABASE=your_database_name DB_USERNAME=your_database_username DB_PASSWORD=your_database_password JWT_SECRET=your-secret-key
-
Generate Laravel application key:
php artisan key:generate
-
Run migrations to create necessary database tables:
php artisan migrate
-
Start the development server:
php artisan serve
This will start the server on
http://localhost:8000.
- Laravel: PHP framework for building web applications.
- JWT-Auth: Package for handling JWT authentication.
- Spatie Laravel Permission: For handling roles and permissions.
- bcrypt: For securely hashing passwords.
- Laravel Tinker: For interacting with your application through the command line.
- Laravel Debugbar: For debugging and monitoring requests.
Run the tests with:
php artisan testIf you want to contribute to the project:
- Fork the repository.
- Create a new branch (
git checkout -b feature-branch). - Commit your changes (
git commit -am 'Add feature'). - Push to the branch (
git push origin feature-branch). - Create a new pull request.