blob: 7b9b8abe5c8119525a82ab4aea9b8967ade4ff4c (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
|
# Database
This app uses MongoDB to store the certificates. It does so because the processed certificates from the
sec-certs tool itself are quite dynamic JSON documents and thus a NoSQL database like MongoDB fits perfectly.
## Database structure
The app uses the following collections:
- `cc`: To store the Common Criteria certificate documents.
- `cc_diff`: To store the "diffs" of how the Common Criteria certificate documents in `cc` changed over time
with periodic updates done by a background Celery task (see `sec_certs_page.cc.tasks.update_data`).
- `cc_log`: To store a log of "runs" of the background update Celery task mentioned above.
- `cc_old`: To store the mapping of old CC ids and new CC dgsts.
- `cc_scheme`: To store the dump of CC scheme websites. **Unused**
- `fips`: To store the FIPS 140 certificate documents.
- `fips_diff`: Same as `cc_diff` above but instead for FIPS.
- `fips_log`: Same as `cc_log` above but instead for FIPS.
- `fips_old`: To store the mapping of old FIPS ids and new FIPS dgsts.
- `fips_mip`: To store the modules-in-process data from FIPS.
- `fips_iut`: To store the implementation-under-test data from FIPS.
- `pp`: To store the protection profile documents.
- `pp_diff`: Same as `cc_diff` above but instead for protection profiles.
- `pp_log`: Same as `cc_log` above but instead for protection profiles.
- `users`: To store the registered users of the site (admins and regular users with extended schema for user accounts)
- `email_tokens`: To store temporary email tokens for email confirmation, password reset, and magic link login.
- `subs`: To store the confirmed and unconfirmed notification subscriptions.
- `accounting`: To store accounting data for users.
- `cve`: To store the CVE dataset entries.
- `cpe`: To store the CPE dataset entries
## User Account Schema
The `users` collection stores user account information:
```javascript
{
_id: ObjectId;
username: String; // Unique username
email: String; // User email address
pwhash: String; // Password hash (empty string for OAuth-only users)
roles: Array; // Array of roles ["admin"] for administrators, [] for regular users
email_confirmed: Boolean; // Whether email is confirmed
created_at: Date; // Account creation timestamp
github_id: String; // GitHub user ID (optional)
}
```
### User Roles
- **Admin users**: Have `role: "admin"` and access to admin dashboard
- **Regular users**: No role field or `role: undefined`, standard user access
- Both user types use the same authentication system
- There is also a `chat` role, that allows the user access to the chat interface
## Email Tokens Schema
The `email_tokens` collection stores temporary tokens for email-based operations:
```javascript
{
_id: ObjectId;
token: String; // URL-safe token
username: String; // Username of token owner
type: String; // "email_confirmation", "password_reset", or "magic_link"
expires_at: Date; // Token expiry time
created_at: Date; // Token creation timestamp
}
```
## Notification Subscriptions Schema
The `subs` collection stores user notification subscriptions. There are generally two types of subscriptions:
- Subscriptions for changes to a specific certificate (identified by its digest)
- Subscriptions for new certificates
### Change Subscriptions
```javascript
{
_id: ObjectId;
username: String;
timestamp: Date;
type: "changes";
updates: "all" | "vuln";
certificate: {
name: String;
hashid: String;
type: "cc" | "fips" | "pp";
}
}
```
### New Certificate Subscriptions
```javascript
{
_id: ObjectId;
username: String;
timestamp: Date;
type: "new";
which: "cc" | "fips" | "pp";
}
```
## Accounting Schema
The `accounting` collection stores user accounting data:
```javascript
{
_id: ObjectId;
username: String | null; // The username, or null for anonymous users
ip: String | null; // The IP address for anonymous users, or null for registered users
period: Date | null; // The accounting period (e.g., month)
count: int; // The number of actions in this period
endpoint: String; // The endpoint accessed
}
```
|
