Crate citadel_user

Source
Expand description

§Citadel User Management System

A comprehensive user and account management system for the Citadel Protocol, handling both network nodes and client accounts within the VPN architecture. This crate provides the foundational user management layer for the entire Citadel Protocol ecosystem.

§Features

  • Account System:

    • Network Accounts: Core network identity
    • Client Accounts: Per-connection user accounts

  • Backend Support:

    • File System Storage: Persistent local storage
    • Redis Database: High-performance caching
    • SQL Database: Relational data storage
    • In-Memory Storage: Fast temporary storage

  • Authentication:

    • Secure Credential Management: Password and key handling
    • Google Authentication: OAuth and service account support
    • Custom Authentication: Extensible provider system

  • External Services:

    • Google Services: Cloud service integration
    • Firebase RTDB: Real-time data synchronization
    • Service Interface: Common communication layer

  • Account Management:

    • Account Creation: Secure account initialization
    • Credential Updates: Safe password and key rotation
    • State Management: Account lifecycle handling
    • Account Recovery: Backup and restore features

§Architecture

The system is built on a network-client account structure:

Network Account (NAC)
└── Client Account (CNAC)
    ├── Connection Metadata
    ├── Credentials
    └── External Services

§Security Features

  • Zero-trust architecture
  • Post-quantum cryptography support
  • Secure credential storage
  • Safe account recovery
  • Encrypted data transmission

§Important Notes

  • Multiple ClientAccounts can exist per node
  • All operations are safe and secure by default
  • File system operations are feature-gated, enabled by default
  • External services require appropriate feature flags
  • citadel_crypt: Cryptographic operations
  • [citadel_wire]: Network communication
  • citadel_types: Common type definitions
  • [citadel_pqcrypto]: Post-quantum cryptography

§Feature Flags

  • filesystem: Enable file system storage
  • google-services: Enable Google service integration
  • redis: Enable Redis database support
  • sql: Enable SQL database support

Modules§

account_loader
This provides methods to load all locally-stored files Account Loading and File Management
account_manager
The server in legacy_citadel_proto requires a means of handling the user database. This module contains the means of achieving this
auth
For authentication Authentication Mode Management
backend
For handling different I/O operations Backend Storage and Persistence Layer
client_account
Each client within a VPN has a unique ClientAccount. Multiple CAC’s are possible per node.
connection_metadata
Each node must necessarily have a NetworkAccount that is invariant to any ClientAccounts. See the description for client_account below for more information.
credentials
Credential Management
directory_store
Environmental constants and subroutines for pre-checking the system
external_services
For services
hypernode_account
The general trait for creating account types
misc
For errors Miscellaneous Utilities and Error Handling
prelude
Standard imports for this library
re_exports
Serde and others
serialization
Contains basic subroutines for serialization
server_misc_settings
Server Miscellaneous Settings Management