admin/hspguard
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: project init with decription

Browse Source
This commit is contained in:
Amir Adal
2025-05-17 23:03:18 +02:00
commit dd2abd2d81
1 changed files with 107 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

107
README.md Normal file
View File

@ -0,0 +1,107 @@
# HSP Guard
**HSP Guard** is an internal security service for your home lab, designed to manage user access to various home services and tools. It dynamically controls permissions and prevents unauthorized or unexpected users from accessing sensitive services.
---
## 📌 Overview
HSP Guard authorizes user requests and provides an efficient way to:
- Manage permissions for individual services/tools
- Define roles for easier access control
- Validate and authorize users via JWT tokens
- Securely integrate with new services during installation
---
## 📚 Concepts
### 🔐 Permission
Permissions define access to specific features or tools.
By default, HSP Guard includes predefined administrative permissions that allow an admin to log in and configure the system.
Once logged in, the admin can:
- Manually create new permissions for specific applications
- Allow new applications to register their own permissions
- Assign permissions to users, granting them access to corresponding tools
---
### 🧩 Role
A **Role** is a named collection of permissions (e.g., `GUEST`, `FRIEND`, `FAMILY_MEMBER`) created by the admin.
Roles simplify user management by allowing bulk assignment of permissions. Instead of assigning multiple permissions individually, a role bundles them under one label.
---
### 👥 Group *(Coming Soon)*
This feature is planned for future releases. Groups will help organize users or services into logical clusters for simplified access control.
---
## 📡 API
### ✅ User Authorization
To verify whether a request is made by a valid and authorized user, applications can require a **JWT token** as part of the request.
This token is sent to HSP Guard, which:
- Validates the token
- Returns user details (e.g., ID, name, email) for logging, auditing, or request tracing
---
### 🔑 Permission Checking
Applications can also verify whether a user holds specific permissions before granting access to certain services or features.
To do this, an app sends:
- The user's JWT token
- A list of required permissions
HSP Guard checks the users assigned permissions and responds with the authorization status.
> **Best Practice:** Applications should directly integrate with HSP Guard to enforce permission-based access control.
---
## ⚙️ Integrating New Services & Tools
When a new service or tool is installed:
1. It provides a configuration file to HSP Guard
2. Guard extracts and registers any defined permissions
3. These permissions are **isolated** — even if a name overlaps with existing permissions, a prefix is added to avoid conflicts
---
## 👤 User Registration & Onboarding
New users (e.g., family, friends, guests) must complete a registration process to access your home lab.
They can:
- Visit a user-friendly registration webpage
- Fill out a form with basic information (name, email, password, etc.)
Once registered, the admin can assign roles or individual permissions as needed.
---
## 🚧 Roadmap
- [ ] Group Management
- [ ] Web UI Enhancements
- [ ] Audit Logging
- [ ] Permission Expiry & Time-Based Access
---
## 📬 Feedback & Contribution
Feel free to open an issue or pull request if youd like to contribute or report bugs. HSP Guard is a personal home lab project, but feedback is always welcome!