warrant
Filestash
warrant | Filestash | |
---|---|---|
39 | 110 | |
1,035 | 9,608 | |
5.4% | - | |
8.8 | 9.3 | |
8 days ago | 7 days ago | |
Go | JavaScript | |
Apache License 2.0 | GNU Affero General Public License v3.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
warrant
-
A list of SaaS, PaaS and IaaS offerings that have free tiers of interest to devops and infradev
Warrant â Hosted enterprise-grade authorization and access control service for your apps. The free tier includes 1 million monthly API requests and 1,000 authz rules.
-
How Open ID Connect Works
The specific challenge with authz in the app layer is that different apps can have different access models with varying complexity, especially the more granular you get (e.g. implementing fine grained access to specific objects/resources - like Google Docs).
Personally, I think a rebac (relationship/graph based) approach works best for apps because permissions in applications are mostly relational and/or hierarchical (levels of groups). There are authz systems out there such as Warrant https://warrant.dev/ (I'm a founder) in which you can define a custom access model as a schema and enforce it in your app.
-
How to Do Authorization - A Decision Framework: Part 1
Let's use warrant.dev as an example. The system provides a set of REST APIs for you to define object types and access policies (called warrants). The general process is first to create object types using HTTP POST:
- Warrant â open-source Access Control Service
-
A guide to Auth & Access Control in web apps đ
https://warrant.dev/ (Provider) Relatively new authZ provider, they have a dashboard where you can manage your rules in a central location and then use them from multiple languages via their SDKs, even on the client to perform UI checks. Rules can also be managed programmatically via SDK.
- Warrant v1.0 - Highly scalable, centralized authorization service based on Google Zanzibar, now v1.0 and production-ready
-
warrant VS openfga - a user suggested alternative
2 projects | 15 Aug 2023
-
Policy as Code vs. Policy as Graph Comparison
I would describe this debate more as Policy-as-Data (Zanzibar) vs Policy-as-Code (OPA et al).
In Zanzibar, all of the information required to make an authorization decision (namespaces, relationship tuples, etc.) is stored in Zanzibar, and the decision engine resolves access checks based on this data. This data can be scaled horizontally (and consistently) as needed for an applicationâs needs. This makes Zanzibar a centralized, unified solution for all of an applicationâs authorization needs. Iâve found this approach more purpose built / well suited for application authorization.
With OPA and other policy engines, the data required for performing access checks lives somewhere else (maybe the applicationâs database) and must be separately queried and included as part of the authorization check because OPA et al. are stateless decision engines. This makes it such that you need to piece together data from different sources in order to get your final decision, which IMO is something most developers donât want to deal with.
On the flip side, Zanzibarâs ânamespacesâ are a very simple policy layer not well suited to querying against data outside of Zanzibarâs scope (e.g. geolocation, time, etc). For scenarios like this, a full fledged policy-as-code solution is great. However, it should be noted that some open source Zanzibar implementations like Warrant[1] and SpiceDB[2] (mentioned in the article) also offer a policy-as-code layer on top of Zanzibarâs graph-based/ReBAC approach to tackle these scenarios.
Disclaimer, Iâm one of the founders of Warrant.
[1] https://github.com/warrant-dev/warrant
[2] https://github.com/authzed/spicedb
-
Show HN: Open-Source, Google Zanzibar Inspired Authorization Service
Hey HN, I recently shared my thoughts on why Google Zanzibar is a great solution for implementing authorization[1] and why we decided to build Warrantâs core authz service using key concepts from the Zanzibar paper. As I mentioned in the post, we recently open sourced the authz service powering our managed cloud service, Warrant Cloud[2], so I thought Iâd share it with everyone here. Cheers!
[1] https://news.ycombinator.com/item?id=36470943
[2] https://warrant.dev/
-
Why Google Zanzibar Shines at Building Authorization
More than two years after choosing to build Warrant atop Zanzibarâs core principles, weâre extremely happy with our decision. Doing so gave us a solid technical foundation on which to tackle the various complex authorization challenges companies face today. As we continue to encounter new scenarios and use cases, weâll keep iterating on Warrant to ensure itâs the most capable authorization service. To share what we learn and what we build with the developer community, we recently open-sourced the core authorization engine that powers our fully managed authorization platform, Warrant Cloud. If youâre interested in authorization (or Zanzibar), check it out and give it a star!
Filestash
- Ask HN: What Underrated Open Source Project Deserves More Recognition?
-
A list of SaaS, PaaS and IaaS offerings that have free tiers of interest to devops and infradev
Filestash â A Dropbox-like file manager that connects to a range of protocols and platforms: S3, FTP, SFTP, Minio, Git, WebDAV, Backblaze, LDAP and more.
-
Ask HN: What apps have you created for your own use?
I made https://github.com/mickael-kerjean/filestash out of the need to collaborate on org mode documents with non emacs users. Once the first release was done, I got to reflect on the infamous top comment of the Dropbox HN to make an attempt at abstracting the storage aspect of Dropbox so those org document could be made stored on a FTP server, SFTP, S3, ....
-
Ask HN: Experience using your user's Google Drive instead of a database?
> we need an abstraction for just this. "Bring your own storage"
I made exactly this: https://github.com/mickael-kerjean/filestash and there's an API from which you can abstract any kind of storage: S3, SFTP, FTP, GIT, WebDav, Samba, Local FS, NFS, Backblaze, Storj, Artifactory, .... There's even some funky ones like Mysql from which you have an abstraction where first level folders are databases, second level folders are tables and files are the actual rows
-
Let's learn how modern JavaScript frameworks work by building one
Yes, I rewrote my react app onto vanilla JS using nothing else than rxjs, didn't have the time to document it all yet but it looks like this: https://github.com/mickael-kerjean/filestash/blob/master/pub...
-
Found the ultimate Nextcloud / Owncloud replacement!
I'm not familiar with Cloudreve, but FileStash is a similar application often recommended on this subreddit.
-
HTML Web Components
I do use them on my OSS work (https://github.com/mickael-kerjean/filestash/tree/master/pub...) which is used by many thousands of people
-
UI frameworks are stuck in the last decade
- [2] current state of the rewrite where you can see this pattern in action https://github.com/mickael-kerjean/filestash-rewrite/tree/ma...
-
Ask HN: Tell us about your project that's not done yet but you want feedback on
https://github.com/mickael-kerjean/filestash
This is what I wish Dropbox was, a simple layer that make interacting with your FTP server easy so nobody has to own your data. The end game is both to be feature complete with Dropbox and be able to change every aspect of the application through plugin so everyone can get out what they want from it.
-
Meta pledges Three-Year sponsorship for Python if GIL removal is accepted
> but I don't think its the companies responsibility to give back to open source just because they use it
As someone who does quite a bit of OSS, the reality is most people are asking for things but aren't willing to pay for it. Take Microsoft, I had one of their employee asking me to support their azure stuff: https://github.com/mickael-kerjean/filestash/issues/180. When I found out the dude was actually employed by Microsoft, he started to talk some nonsense and ended up running away.
What are some alternatives?
cerbos - Cerbos is the open core, language-agnostic, scalable authorization solution that makes user permissions and authorization simple to implement and manage by writing context-aware access control policies for your application resources.
filemanager - đ Web File Browser
OPAL - Policy and data administration, distribution, and real-time updates on top of Policy Agents (OPA, Cedar, ...)
SFTPGo - Full-featured and highly configurable SFTP, HTTP/S, FTP/S and WebDAV server - S3, Google Cloud Storage, Azure Blob
Ory Hydra - OpenID Certified⢠OpenID Connect and OAuth Provider written in Go - cloud native, security-first, open source API security for your infrastructure. SDKs for any language. Works with Hardware Security Modules. Compatible with MITREid.
filegator - Powerful Multi-User File Manager
sablier - Start your containers on demand, shut them down automatically when there's no activity. Docker, Docker Swarm Mode and Kubernetes compatible.
minio - The Object Store for AI Data Infrastructure
yai - Your AI powered terminal assistant.
h5ai - HTTP web server index for Apache httpd, lighttpd and nginx.
whisper - Pass secrets as environment variables to a process [Moved to: https://github.com/busser/murmur]
Apaxy - a simple, customisable theme for your apache directory listing