walnut.js/README.md

walnut
======

Small, light, and secure iot application framework.

```bash
curl https://git.daplie.com/Daplie/daplie-snippets/raw/master/install.sh | bash

daplie-install-cloud
```

Features
------

* Works with Goldilocks for secure, Let's Encrypt maneged, https-only serving

* IOT Application server written in [Node.js](https://nodejs.org)
* Small memory footprint (for a node app)
* Secure
  * Uses JWT, not Cookies\*
  * HTTPS-only (checks for X-Forwarded-For)
  * AES, RSA, and ECDSA encryption and signing
  * Safe against CSRF, XSS, and SQL injection
  * Safe against Compression attacks
* Multi-Tentated Application Management
* Built-in OAuth2 & OAuth3 support

\*Cookies are used only for GETs and only where using a token would be less secure
such as images which would otherwise require the token to be passed into the img src.
They are also scoped such that CSRF attacks are not possible.

In Progress
-----------

* HTTPS Key Pinning
* Heroku (pending completion of PostgreSQL support)
* [GunDB](https://gundb.io) Support
* OpenID support

Structure
=====

Currently being tested with Ubuntu, Raspbian, and Debian on Digital Ocean, Raspberry Pi, and Heroku.

```
/srv/walnut/
├── setup.sh (in-progress)
├── core
│   ├── bin
│   ├── boot
│   ├── holepunch
│   └── lib
├── node_modules
├── packages
│   ├── apis
│   ├── pages
│   └── services
└── var
```

* `core` contains all walnut code
* `node_modules` is a flat installation of all dependencies
* `certs` is a directory for Let's Encrypt (or custom) certificates
* `var` is a directory for database files and such
* `packages` contains 3 types of packages

Will install to
---------------

```
/srv/walnut/core/
/etc/walnut
/opt/walnut
/var/log/walnut
/etc/systemd/system/walnut.service
/etc/tmpfiles.d/walnut.conf
```

Implementation details
----------------

Initialization
--------------

needs to know its primary domain

```
POST https://api.<domain.tld>/api/com.daplie.walnut.init

{ "domain": "<domain.tld>" }
```

Resetting the Initialization
----------------------------

Once you run the app the initialization files will appear in these locations

```
/srv/walnut/var/com.daplie.walnut.config.sqlite3
/srv/walnut/config/<domain.tld>.json
```

Deleting those files will rese
begin documentation 2015-11-28 07:40:33 +00:00			`walnut`
			`======`

			`Small, light, and secure iot application framework.`

add some installer stuff 2017-05-05 14:03:02 -06:00			```bash
			`curl https://git.daplie.com/Daplie/daplie-snippets/raw/master/install.sh \| bash`

			`daplie-install-cloud`
			```

begin documentation 2015-11-28 07:40:33 +00:00			`Features`
			`------`

document and update 2017-05-19 05:20:09 +00:00			`* Works with Goldilocks for secure, Let's Encrypt maneged, https-only serving`

begin documentation 2015-11-28 07:40:33 +00:00			`* IOT Application server written in [Node.js](https://nodejs.org)`
document and update 2017-05-19 05:20:09 +00:00			`* Small memory footprint (for a node app)`
begin documentation 2015-11-28 07:40:33 +00:00			`* Secure`
			`* Uses JWT, not Cookies\*`
document and update 2017-05-19 05:20:09 +00:00			`* HTTPS-only (checks for X-Forwarded-For)`
begin documentation 2015-11-28 07:40:33 +00:00			`* AES, RSA, and ECDSA encryption and signing`
			`* Safe against CSRF, XSS, and SQL injection`
			`* Safe against Compression attacks`
			`* Multi-Tentated Application Management`
			`* Built-in OAuth2 & OAuth3 support`

			`\*Cookies are used only for GETs and only where using a token would be less secure`
			`such as images which would otherwise require the token to be passed into the img src.`
			`They are also scoped such that CSRF attacks are not possible.`

			`In Progress`
			`-----------`

			`* HTTPS Key Pinning`
			`* Heroku (pending completion of PostgreSQL support)`
			`* [GunDB](https://gundb.io) Support`
			`* OpenID support`

			`Structure`
			`=====`

			`Currently being tested with Ubuntu, Raspbian, and Debian on Digital Ocean, Raspberry Pi, and Heroku.`

			```
			`/srv/walnut/`
			`├── setup.sh (in-progress)`
			`├── core`
document and update 2017-05-19 05:20:09 +00:00			`│ ├── bin`
			`│ ├── boot`
			`│ ├── holepunch`
			`│ └── lib`
begin documentation 2015-11-28 07:40:33 +00:00			`├── node_modules`
			`├── packages`
document and update 2017-05-19 05:20:09 +00:00			`│ ├── apis`
			`│ ├── pages`
			`│ └── services`
begin documentation 2015-11-28 07:40:33 +00:00			`└── var`
			```

			* `core` contains all walnut code
			* `node_modules` is a flat installation of all dependencies
			* `certs` is a directory for Let's Encrypt (or custom) certificates
			* `var` is a directory for database files and such
			* `packages` contains 3 types of packages

document and update 2017-05-19 05:20:09 +00:00			`Will install to`
			`---------------`

			```
			`/srv/walnut/core/`
			`/etc/walnut`
			`/opt/walnut`
			`/var/log/walnut`
			`/etc/systemd/system/walnut.service`
			`/etc/tmpfiles.d/walnut.conf`
			```

			`Implementation details`
			`----------------`

			`Initialization`
			`--------------`
begin documentation 2015-11-28 07:40:33 +00:00
document and update 2017-05-19 05:20:09 +00:00			`needs to know its primary domain`

			```
			`POST https://api.<domain.tld>/api/com.daplie.walnut.init`

			`{ "domain": "<domain.tld>" }`
			```

			`Resetting the Initialization`
			`----------------------------`

			`Once you run the app the initialization files will appear in these locations`

			```
			`/srv/walnut/var/com.daplie.walnut.config.sqlite3`
			`/srv/walnut/config/<domain.tld>.json`
			```
begin documentation 2015-11-28 07:40:33 +00:00
document and update 2017-05-19 05:20:09 +00:00			`Deleting those files will rese`