A secure QUIC-based RPC server for NanaSQLite

Navigation

Verified details

These details have been verified by PyPI
Project links
Owner
GitHub Statistics

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT License
  • Author: NanaSQLite-Project
  • Requires: Python >=3.9
  • Provides-Extra: speed , dev
Classifiers
Report project as malware

Project description

NanaSQLite-Server

English | 日本語

English

A secure, high-performance, QUIC-based RPC server for NanaSQLite.

⚠️ Security Warning

The security of this server depends on the method structure of the NanaSQLite class. While we use a dynamic protection mechanism, updates to NanaSQLite may introduce new methods that could potentially bypass current security restrictions. Always review the FORBIDDEN_METHODS in server.py when updating the underlying nanasqlite library.

Current Supported NanaSQLite Version: v1.3.2+

Features

  • QUIC Protocol: Built on top of HTTP/3 technology for low latency and high reliability.
  • Ed25519 Passkey Authentication: Secure challenge-response authentication.
  • Role-Based Access Control (RBAC): Manage allowed/forbidden methods per account.
  • Multi-DB Support: Securely access multiple databases within a designated directory.
  • Dynamic Protection: Automatically adapts to updates while strictly controlling method access.
  • Cross-Platform: Optimized for Windows, Linux, and macOS.
  • Non-Blocking IO: Database operations run in a thread pool.

Quick Start

pip install nanasqlite-server
nanasqlite-cert-gen
nanasqlite-key-gen
nanasqlite-server

Multi-Database & RBAC Configuration

Configure accounts and database access in accounts.json:

{
    "db_dir": "./data",
    "accounts": [
        {
            "name": "admin",
            "public_key": "ssh-ed25519 ...",
            "allowed_methods": null,
            "allowed_dbs": ["main.sqlite", "logs.sqlite"]
        },
        {
            "name": "readonly_user",
            "public_key": "ssh-ed25519 ...",
            "allowed_methods": ["get_item_async", "list_tables"],
            "allowed_dbs": ["main.sqlite"]
        }
    ]
}

Note: db_dir is the base directory. Remote clients can only access databases explicitly listed in their allowed_dbs.

Customizing Allowed Methods

You can customize the allowed/forbidden methods when starting the server programmatically:

import asyncio
from nanasqlite_server.server import main

async def start_server():
    # Explicitly allow 'close' and forbid '__setitem__'
    await main(
        allowed_methods={"close"},
        forbidden_methods={"__setitem__"}
    )

if __name__ == "__main__":
    asyncio.run(start_server())

日本語

NanaSQLite のためのセキュアで高速な QUIC ベースの RPC サーバーです。

⚠️ セキュリティに関する重要な警告

このサーバーのセキュリティは NanaSQLite クラスのメソッド構造に依存しています。動的な保護メカニズムを採用していますが、NanaSQLite のアップデートにより、現在の制限を回避できる新しいメソッドが導入される可能性があります。 nanasqlite ライブラリを更新する際は、必ず server.py 内の FORBIDDEN_METHODS を確認し、必要に応じて更新してください。

現在対応している NanaSQLite バージョン: v1.3.2+

特徴

  • QUIC プロトコル: HTTP/3 テクノロジーをベースにした低遅延で信頼性の高い通信。
  • Ed25519 パスキー認証: チャレンジ/レスポンス方式によるセキュアな認証。
  • ロールベースアクセス制御 (RBAC): アカウントごとの許可/禁止メソッドの管理。
  • マルチDB対応: 指定したディレクトリ内の複数のDBへ安全にアクセス。
  • 動的保護: ライブラリの更新に自動対応しつつ、許可されたメソッドのみを実行可能。
  • マルチプラットフォーム: Windows, Linux, macOS に最適化。
  • 非ブロッキング I/O: すべての DB 操作をスレッドプールで実行し、イベントループを停止させません。

クイックスタート

pip install nanasqlite-server
# 証明書と鍵の生成
nanasqlite-cert-gen
nanasqlite-key-gen
# サーバーの起動
nanasqlite-server

マルチDB & RBAC 設定

accounts.json でアカウントとアクセス可能なDBを構成します:

{
    "db_dir": "./data",
    "accounts": [
        {
            "name": "admin",
            "public_key": "ssh-ed25519 ...",
            "allowed_methods": null,
            "allowed_dbs": ["main.sqlite", "logs.sqlite"]
        },
        {
            "name": "readonly_user",
            "public_key": "ssh-ed25519 ...",
            "allowed_methods": ["get_item_async", "list_tables"],
            "allowed_dbs": ["main.sqlite"]
        }
    ]
}

注: db_dir はベースディレクトリです。クライアントは allowed_dbs に明記されたDBにのみアクセス可能です。

許可メソッドのカスタマイズ

プログラムからサーバーを起動する場合、許可または禁止するメソッドをカスタマイズできます。

import asyncio
from nanasqlite_server.server import main

async def start_server():
    # 'close' を明示的に許可し、'__setitem__' を禁止する例
    await main(
        allowed_methods={"close"},
        forbidden_methods={"__setitem__"}
    )

if __name__ == "__main__":
    asyncio.run(start_server())

クライアントの使用例

import asyncio
from nanasqlite_server.client import RemoteNanaSQLite

async def main():
    db = RemoteNanaSQLite(host="127.0.0.1", port=4433)
    await db.connect()
    await db.set_item_async("key", "value")
    print(await db.get_item_async("key"))
    await db.close()

asyncio.run(main())

License

MIT License

Project details

Verified details

These details have been verified by PyPI
Project links
Owner
GitHub Statistics

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT License
  • Author: NanaSQLite-Project
  • Requires: Python >=3.9
  • Provides-Extra: speed , dev
Classifiers

Release history Release notifications | RSS feed

1.3.4

1.3.3

1.3.1

1.3.0

1.2.2

1.2.1

1.1.1

1.1.1.dev2 pre-release

This version

1.1.1.dev1 pre-release

1.1.0

1.0.1.dev1 pre-release

1.0.1.dev0 pre-release

1.0.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

nanasqlite_server-1.1.1.dev1.tar.gz (27.9 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

nanasqlite_server-1.1.1.dev1-py3-none-any.whl (21.2 kB view details)

Uploaded Python 3

File details

Details for the file nanasqlite_server-1.1.1.dev1.tar.gz.

File metadata

  • Download URL: nanasqlite_server-1.1.1.dev1.tar.gz
  • Upload date:
  • Size: 27.9 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for nanasqlite_server-1.1.1.dev1.tar.gz
Algorithm Hash digest
SHA256 6e815ae05a3094cdc07bfbbee2deaa3844da48d09cae1926d5a6cef6157d6a7d
MD5 94adf10c922b93914f17d3c23f724989
BLAKE2b-256 d7b3541253e86f8300325e45eaf50661924caa43cf09bab7ccd12575e79ea333

See more details on using hashes here.

Provenance

The following attestation bundles were made for nanasqlite_server-1.1.1.dev1.tar.gz:

Publisher: ci.yml on disnana/NanaSQLite-Server

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file nanasqlite_server-1.1.1.dev1-py3-none-any.whl.

File metadata

File hashes

Hashes for nanasqlite_server-1.1.1.dev1-py3-none-any.whl
Algorithm Hash digest
SHA256 3d9a8df0258be84350a7bd78ae9e3cb7c8357461d361f5bed8db396c0dc4d615
MD5 9ed28fa70551e327a919bfa29a501bf3
BLAKE2b-256 bd257fdc1b8cb072940f5b4ed408b91189424690886053e85a2d99ee481a9e79

See more details on using hashes here.

Provenance

The following attestation bundles were made for nanasqlite_server-1.1.1.dev1-py3-none-any.whl:

Publisher: ci.yml on disnana/NanaSQLite-Server

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page