Blame
727dc5 | Hargata Softworks | 2024-01-29 03:40:05 | 1 | # Technical Documentation |
2 | ||||
3 | This is pretty much a list of notes and whatnot that offers the insight of how things operate under the hood(pun intended). | |||
4 | ||||
5 | ## Locale | |||
6 | Locale is decided based on either the locale defined in the .env file or if running on bare metal, the system locale. Locale should stay consistent once the LubeLogger instance is set up, switching locales on the fly can result in numerical data not being parsed properly, especially between North American/British locales that use "." as decimal separator to European locales that use "," as decimal separator. | |||
7 | ||||
8 | LubeLogger supports numerical data input that uses either "," or "." as decimal separators as long as the locale is set up properly. i.e.: 18,99 will only be parsed as 18.99 if you're in a locale that uses "," as a decimal separator. Trying to parse 18,99 in an American locale will be treated as 1899. | |||
9 | ||||
1dceb2 | Hargata Softworks | 2024-01-29 17:05:31 | 10 | ## Max File Size Upload |
734333 | Hargata Softworks | 2024-02-09 22:17:51 | 11 | Pre 1.1.3, the maximum attachment size you can upload to LubeLogger's records is 28.6MB, the reason for this is due to the [default request size limit set by .NET](https://learn.microsoft.com/en-us/iis/configuration/system.webserver/security/requestfiltering/requestlimits/), attempting to upload files larger than this will yield a 413 HTTP error and an error message on the front end. |
12 | ||||
13 | These limits have been removed for versions post 1.1.3, if you still encounter 413 HTTP errors, it could be due to a limitation imposed by a reverse proxy such as NGINX, see below. | |||
1dceb2 | Hargata Softworks | 2024-01-29 17:05:31 | 14 | |
15 | ### Uploading Larger Files | |||
734333 | Hargata Softworks | 2024-02-09 22:17:51 | 16 | Without upgrading to 1.1.3, there are a few approaches to uploading larger files: |
1dceb2 | Hargata Softworks | 2024-01-29 17:05:31 | 17 | 1. Compressing the file into .zip archives(only works up to a certain extent). |
18 | 2. Uploading the file to a different service and include the link in the Notes section. | |||
19 | 3. Uploading the file in parts. | |||
20 | ||||
21 | ### Reverse Proxy(NGINX Request Limit) | |||
22 | On top of the Kestrel file size limits, LubeLogger might also be subjected to request size limits set by reverse proxies such as NGINX. These need to be configured separately, the default file size in NGINX is 1MB. | |||
23 | ||||
580669 | Hargata Softworks | 2024-02-11 03:43:51 | 24 | ## Default Allowed File Formats |
25 | By default, the file selector filters out of files that aren't in the following formats | |||
1dceb2 | Hargata Softworks | 2024-01-29 17:05:31 | 26 | - png |
27 | - jpeg/jpg | |||
28 | - pdf | |||
29 | - xlsx/xls | |||
30 | - docx | |||
31 | ||||
8985bb | Hargata Softworks | 2024-03-06 15:39:12 | 32 | However, you can always select "All Files" in the file selector and it will allow you to upload files of all formats. You can also inject the environment variable LUBELOGGER_ALLOWED_FILE_EXTENSIONS to configure your own acceptable file extensions. If the environment variable is left blank, it defaults to `.png,.jpg,.jpeg,.pdf,.xls,.xlsx,.docx` |
580669 | Hargata Softworks | 2024-02-11 03:43:51 | 33 | |
1dceb2 | Hargata Softworks | 2024-01-29 17:05:31 | 34 | ::: danger |
35 | # Security | |||
36 | The following sections describes how security is handled internally. | |||
37 | ::: | |||
38 | ||||
39 | ## User Credentials | |||
40 | User passwords are hashed using SHA256 and only stored in hashed forms for non-root users. The usernames and emails are stored in plain text. What this means is that in the event of a data breach, the user passwords are still secure since they cannot be reversed. | |||
41 | ||||
42 | ## Root User Credentials | |||
43 | Root user credentials are hashed using SHA256 for both username and password. These credentials are not stored in the database and instead are stored in a separate config json file. What this means is that in the event of a data breach, the root user credentials are still going to be very secure. | |||
44 | ||||
b70598 | Hargata Softworks | 2024-02-17 00:12:34 | 45 | ## OpenID Connect(OIDC) User Credentials |
2b40a9 | DESKTOP-T0O5CDB\DESK-555BD | 2024-09-20 15:19:12 | 46 | If a user registered via OIDC by logging in via the OIDC Provider and then providing a registration token, a randomized hashed password is generated on their behalf. See [[OpenID|Advanced/OpenID]] |
b70598 | Hargata Softworks | 2024-02-17 00:12:34 | 47 | |
1dceb2 | Hargata Softworks | 2024-01-29 17:05:31 | 48 | ## Email/SMTP Credentials |
49 | LubeLogger does not store SMTP credentials and in fact should NOT be responsible for storing SMTP credentials. SMTP credentials can only be injected via environment variables or appsettings. | |||
50 | ||||
51 | ### Why We Don't Store SMTP Credentials | |||
52 | Unlike user credentials which can be hashed one-way, SMTP credentials need to be encrypted and then decrypted in order to authenticate with the SMTP server, which necessitates a two-way encryption/decryption algorithm. | |||
53 | ||||
54 | LubeLogger is not, and will never be a cryptography software, as there is simply no point in tryin to roll our own cryptography algorithm when there are so many services out there that can provide peace of mind secret vaults such as Bitwarden and Hashicorp. The best practice would be to set up a secrets vault and then inject those variables into LubeLogger upon deployment. | |||
55 | ||||
56 | ::: warning | |||
57 | # Potential Scalability Issues | |||
58 | The following sections describes potential scalability and bottlenecking issues. | |||
59 | ::: | |||
60 | ||||
61 | ## Database | |||
62 | ||||
25fc8e | Hargata Softworks | 2024-02-09 22:14:44 | 63 | LubeLogger utilizes LiteDB, a sqlite-like noSQL file-based database. Generally this is a non-issue due to how efficient the DB is at indexing, but relying on a file database means that LubeLogger can potentially be subjected to file locks and access issues if there are enough concurrent requests made to the database. |
64 | ||||
2b40a9 | DESKTOP-T0O5CDB\DESK-555BD | 2024-09-20 15:19:12 | 65 | If you find yourself needing more scalability for the database backend, consider configuring LubeLogger to utilize a [[PostgreSQL backend|Advanced/Postgres]]. |
1dceb2 | Hargata Softworks | 2024-01-29 17:05:31 | 66 | |
727dc5 | Hargata Softworks | 2024-01-29 03:40:05 | 67 | ## Reminder Urgencies |
1dceb2 | Hargata Softworks | 2024-01-29 17:05:31 | 68 | Reminder urgencies are calculated at every tab load. i.e.: whenever a tab is loaded in the vehicle details page, an async method retrieves the reminders, calculates their urgencies and automatically refresh past due reminders(if enabled). This can potentially present scalability issues if a vehicle has a large amount of recurring reminders. |
727dc5 | Hargata Softworks | 2024-01-29 03:40:05 | 69 | |
70 | ## Recurring Taxes | |||
1dceb2 | Hargata Softworks | 2024-01-29 17:05:31 | 71 | Recurring taxes are checked every single time the user clicks into the vehicle details page. It retrieves and checks if any recurring tax records are past due and automatically "refreshes" them by cloning the record. This can potentially present scalability issues if a vehicle has a large amount of recurring taxes. |