PassGuardia is a HTTP API for password management. With PassGuardia you can store your passwords in a secure way and share them.
- user will be able to store his password securely and receive a unique link to access it
- user will be able to share his password with other users
- user is able to restore his password with a unique link received below
- user will be able to create private, public and shared passwords
- password owners are able to revoke access to their passwords and change visibility
- all requests/responses should be audited in a secure way (without showing the password)
- only signed-in users are able to create passwords
- private passwords are only visible to the owner
- shared passwords are visible to the owner and users who have access to it
- public passwords are visible to all users (even unauthorized ones)
- valid password should be non-empty string and max 100 characters
- shared password visibility cannot be changed to private or public
- there are two user roles:
adminanduser - Admin is able to see audit logs
- Username length from 5 to 20 characters. English letters, numbers, and underscore are allowed.
- Password length from 8 to 100 characters. English letters, numbers, special characters and underscore are allowed.
- all passwords should be encrypted (use AES algorithm)
- use PostgreSQL as a database
- authentication should be done with JWT in Header
- unit/integration tests should be written
- caching layer should be present
- logging should be present
- method:
POST - path:
/passwords - body:
{ password: string, visibility: enum { public, private, shared } }
- status:
201 - headers:
{ Location: string } - response:
{ passwordId: guid }
- status:
400 - response:
{ errors: string[] }
- method:
GET - path:
/passwords/{passwordId}
- status:
200 - response:
{ password: string }
- status:
400 - response:
{ errors: string[] }
- method:
PUT - path:
/passwords/{passwordId} - body:
{ visibility: enum { public, private, shared }, sharedWith: string[] }
- status:
204
- status:
400 - response:
{ errors: string[] }
- status:
400 - response:
{ errors: string[] }
- method:
POST - path:
/users
- status:
201 - response:
{ userId: guid }
- status:
400 - response:
{ errors: string[] }
- method:
POST - path:
/users/authenticate
- status:
200 - response:
{ token: string }
- status:
400 - response:
{ errors: string[] }
- method:
GET - path:
/audit?pageNumber={pageNumber}&pageSize={pageSize} - notes:
pageNumber and pageSize are optional (defaults are 1 and 100) and positive integers. Page size should be less than 1000.
- status:
400 - response:
{ errors: string[] }
- status:
200 - response:
{ audit: { id: string, requestPath: string, requestMethod: string, exception: string, statusCode: int, timestamp: string }[] }
- status:
500 - response:
{ errors: string[] }