Skip to content
This repository has been archived by the owner on Aug 6, 2020. It is now read-only.

Users Sessions

Jump to bottom
MattMoony edited this page Jan 16, 2020 · 4 revisions

Users / Sessions

Please, identify yourself!

User-Accounts are only createable by KainPlan administrators, since they are only to be used for management purposes. At least in the current version, we don't plan on adding a "register" / "sign-up" page, since common users do not need to be identified.

Overview

Both user accounts and sessions are stored in a MySQL-Database which is accessed via the [[db.js module|Server-Side-Files-Documentation]].

Users

User-entities are stored in the users table and contain the user's login credentials, as well as further information relevant to KainPlan's functionality.

-----------------------------
|           User            |
-----------------------------
| uname:        varchar(32) |
| pwd:          varchar(64) |
| priv: tinyint(3) unsigned |
-----------------------------

Attributes

uname

... contains the username of the given user. A string with a maximum length of 32 characters.

pwd

... contains the bcrypt-hashed password of the corresponding user.

priv

... is the id of a privilege-pattern. Privileges are explained here.

Privileges

Privilege-entities are stored in the privs table. At the moment, the amount of attributes for a privilege-pattern is still very small, however, we hope to improve it in the near future.

----------------------------
|        Privilege         |
----------------------------
| id:  tinyint(3) unsigned |
| admin:        tinyint(1) |
----------------------------

Attributes

id

... the unique identifier of the given privilege-pattern.

admin

... defines, whether or not the this privilege-pattern grants a user admin rights.

Sessions

Session-entities are stored in the sessions table and contain information critical to keeping track of sessions.

-------------------------
|        Session        |
-------------------------
| ip:       varchar(39) |
| token:    varchar(16) |
| uname:    varchar(32) |
| timestamp:   datetime |
-------------------------

Attributes

ip

... stores the ip address that initiated the session as a simple defence mechanism against XSS. The length of 39 characters is chosen, because that is the maximum length of an IPv6 address in regular format (32 hex-characters + 7 colons).

token

... contains the random, hex-encoded 8-byte value that was assigned to this session at its creation.

uname

... stores the username used in the given session. See Users for more information.

timestamp

... contains a datetime value representing the last time the session was used. This value is the keyfactor for deciding whether or not the session has timed out and should therefore be deleted. timestamp will be initiated with the current date-time.

ER-Diagram

Here is the summarization of the entities mentioned above and their relationships:

erd

Clone this wiki locally