10 releases (5 breaking)
new 0.9.0 | Mar 28, 2025 |
---|---|
0.8.2 | Mar 28, 2025 |
0.7.1 | Mar 28, 2025 |
0.6.1 | Feb 27, 2025 |
0.4.0 |
|
#824 in HTTP server
321 downloads per month
91KB
2K
SLoC
PAAS server
This project contains the server implementation for PAAS, the PEP Authorisation API Service (or Pseudonymization as a Service).
The PAAS server provides a REST API to transcrypt pseudonyms between different domains.
It wraps around the libpep
library, which provides homomorphic pseudonymization.
Moreover, it performs access control on whether pseudonymization is allowed between certain domains.
The server is built in Rust, using the actix-web
framework.
Sessions can be stored in memory or in a Redis database.
User authentication is done using JWT tokens (but can be easily extended to other methods), that are expected to be passed in the Authorization
header as a Bearer token.
The JWTs should contain the sub
field, which is used to identify the user, and a groups
field, which is used to identify the user's roles.
Access rules are loaded from a yml file, describing which groups are allowed to pseudonymize between which domains.
The expected signing key is read from a file.
Docker build
A Dockerfile is provided to build a server image.
docker build -t paas-server
Dependencies
~23–37MB
~678K SLoC