Generic Backend Server Documents Messages Accounts Blobs PDF SVG Sendmail Submit UDP

Accounts

Accounts are used to authenticate users of server-side services.

Configuration

In the root document, every application can define an account list:

{ "apps": [{ "account list": { "prefix": "candy/", "read token": "RANDOMHEX(16)" }, "name": "Candy Factory", "root": { "read token": "RANDOMHEX(16)" } }, { "account list": { "prefix": "club42/", "read token": "RANDOMHEX(16)" }, "name": "Club 42", "root": { "read token": "RANDOMHEX(16)" } }, { "account list": { "prefix": "UDP/", "read token": "RANDOMHEX(16)" }, "name": "Sensors", "root": { "read token": "RANDOMHEX(16)" } }, "..."] }

An account list can optionally be prefixed, in which case all accounts must start with this prefix.

The linked document contains a set of accounts:

{ "accounts": { "candy/margrit": { "SVG to PDF": false, "key": "RANDOMHEX(32)", "sendmail": true }, "candy/paul": { "SVG to PDF": true, "key": "RANDOMHEX(32)", "sendmail": true }, "...": null } }

Every account must contain a 64-hexdigit random key, which is used to sign requests.

Nested account lists

An account list document can optionally link other account lists:

{ "account lists": [{ "prefix": "candy/hr/", "read token": "RANDOMHEX(16)" }, { "read token": "RANDOMHEX(16)" }, "..."], "accounts": {} }

Signatures

Requests are signed by adding the following header fields:

POST /backend/...
Account: ACCOUNT ID
Timestamp: TIMESTAMP
Signature: SHA256HMAC(ACCOUNT ID | "\0" | HOST | "\0" | METHOD | "\0" | PATH | "\0" | TIMESTAMP | "\0" | DATA, KEY)
...

TIMESTAMP is a Unix timestamp in milliseconds, written as decimal integer. The timestamp must be close to the actual time, and strictly increasing.

HOST is as provided in the request. METHOD is written in uppercase letters. PATH is the URI-decoded request path.

DATA is the raw PUT or POST data submitted with the request.

The signature is hex-encoded.

Signature calculator

Account ID
Key
Method
URL
Data

JavaScript

Using GenericBackend.js, an account object is created as follows:

const backend = new GenericBackend('https://viereck.ch/backend');
const account = backend.account('your-account-id', '44705748... your-account-key');
Generic Backend Server
Version 2023-10-08, dd42e2e9f0ed9642
The latest version is available on viereck.ch.
Code and documentation may be used free of charge under the CC-BY-SA license.