NASS' SCV System - Naflows/naflows-auth GitHub Wiki
NASS' Secure Connection Verification Process
About
This is the first step of the NASS' verification process before executing a request. The whole point of the SCV is to validate the secure tunnel between backends and NASS.
.env variables
The following variables are used in the SVC process.
| Variable | Type | Usage | Default value |
|---|---|---|---|
| NASS_SCV_ENABLED | boolean | Enable or disable the SCV process | "true" |
| NASS_UCR_ENABLED | boolean | Enable or disable the UCR format check | "true" |
| NASS_RATES_LIMIT_ENABLED | boolean | Enable or disable the rates limitation | "true" |
| NASS_BLACKLIST_ENABLED | boolean | Enable or disable the blacklist checks | "true" |
| NASS_SERVICE_FILTER | boolean | Enable or disable the service verification | "true" |
| BLACKLIST_RATES_TIMEOUT | number | Time in seconds before the blacklist rate is reset | 60 |
| BLACKLIST_RATES | number | Maximum number of connections per BLACKLIST_RATES_TIMEOUTbefore an IP gets blacklisted |
30 |
| SERVICE_TOKEN_MAXIMAL_RATES | number | Maximum number of connections from a backend before forcing a new token | 1000 |
Error codes
The following error codes are the one that can be returned by the NASS during the SCV:
| Code | Message | Reason |
|---|---|---|
| 400 | Invalid request format | UCR Format is not respected |
| 403 | Your IP is blacklisted | The IP Adress that sent the request is blacklisted from the NASS |
| 403 | Invalid service token | The given service token is not valid (doesn't exist or is expired) |
| 403 | Unauthorized service access | The given service does not exist |
| 500 | Internal server error. [Collection Name] collection is not found.` | NASS failed to load a data collection |
| 429 | Rate limit exceeded. Too many requests. | User exceeded the maximal rate limit |
| 409 | Conflict between service's token and NASS. Forcing reload. This might take a few seconds | Service token is expired, so the NASS is loading a new one |