A secure QUIC-based RPC server for NanaSQLite

Navigation

Verified details

These details have been verified by PyPI
Project links
Owner
GitHub Statistics

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT License
  • Author: NanaSQLite-Project
  • Requires: Python >=3.9
  • Provides-Extra: speed , dev
Classifiers
Report project as malware

Project description

NanaSQLite-Server

English | 日本語

English

A secure, high-performance, QUIC-based RPC server for NanaSQLite.

⚠️ Security Warning

The security of this server depends on the method structure of the NanaSQLite class. While we use a dynamic protection mechanism, updates to NanaSQLite may introduce new methods that could potentially bypass current security restrictions. Always review the FORBIDDEN_METHODS in server.py when updating the underlying nanasqlite library.

Current Supported NanaSQLite Version: v1.3.2+

Features

  • QUIC Protocol: Built on top of HTTP/3 technology for low latency and high reliability.
  • Ed25519 Passkey Authentication: Secure challenge-response authentication.
  • Role-Based Access Control (RBAC): Manage allowed/forbidden methods per account.
  • Multi-DB Support: Securely access multiple databases within a designated directory.
  • Dynamic Protection: Automatically adapts to updates while strictly controlling method access.
  • Cross-Platform: Optimized for Windows, Linux, and macOS.
  • Non-Blocking IO: Database operations run in a thread pool.

Quick Start

pip install nanasqlite-server
nanasqlite-cert-gen
nanasqlite-key-gen
nanasqlite-server

Multi-Database & RBAC Configuration

Configure accounts and database access in accounts.json:

{
    "db_dir": "./data",
    "accounts": [
        {
            "name": "admin",
            "public_key": "ssh-ed25519 ...",
            "allowed_methods": null,
            "allowed_dbs": ["main.sqlite", "logs.sqlite"]
        },
        {
            "name": "readonly_user",
            "public_key": "ssh-ed25519 ...",
            "allowed_methods": ["get_item_async", "list_tables"],
            "allowed_dbs": ["main.sqlite"]
        }
    ]
}

Note: db_dir is the base directory. Remote clients can only access databases explicitly listed in their allowed_dbs.

Customizing Allowed Methods

You can customize the allowed/forbidden methods when starting the server programmatically:

import asyncio
from nanasqlite_server.server import main

async def start_server():
    # Explicitly allow 'close' and forbid '__setitem__'
    await main(
        allowed_methods={"close"},
        forbidden_methods={"__setitem__"}
    )

if __name__ == "__main__":
    asyncio.run(start_server())

日本語

NanaSQLite のためのセキュアで高速な QUIC ベースの RPC サーバーです。

⚠️ セキュリティに関する重要な警告

このサーバーのセキュリティは NanaSQLite クラスのメソッド構造に依存しています。動的な保護メカニズムを採用していますが、NanaSQLite のアップデートにより、現在の制限を回避できる新しいメソッドが導入される可能性があります。 nanasqlite ライブラリを更新する際は、必ず server.py 内の FORBIDDEN_METHODS を確認し、必要に応じて更新してください。

現在対応している NanaSQLite バージョン: v1.3.2+

特徴

  • QUIC プロトコル: HTTP/3 テクノロジーをベースにした低遅延で信頼性の高い通信。
  • Ed25519 パスキー認証: チャレンジ/レスポンス方式によるセキュアな認証。
  • ロールベースアクセス制御 (RBAC): アカウントごとの許可/禁止メソッドの管理。
  • マルチDB対応: 指定したディレクトリ内の複数のDBへ安全にアクセス。
  • 動的保護: ライブラリの更新に自動対応しつつ、許可されたメソッドのみを実行可能。
  • マルチプラットフォーム: Windows, Linux, macOS に最適化。
  • 非ブロッキング I/O: すべての DB 操作をスレッドプールで実行し、イベントループを停止させません。

クイックスタート

pip install nanasqlite-server
# 証明書と鍵の生成
nanasqlite-cert-gen
nanasqlite-key-gen
# サーバーの起動
nanasqlite-server

マルチDB & RBAC 設定

accounts.json でアカウントとアクセス可能なDBを構成します:

{
    "db_dir": "./data",
    "accounts": [
        {
            "name": "admin",
            "public_key": "ssh-ed25519 ...",
            "allowed_methods": null,
            "allowed_dbs": ["main.sqlite", "logs.sqlite"]
        },
        {
            "name": "readonly_user",
            "public_key": "ssh-ed25519 ...",
            "allowed_methods": ["get_item_async", "list_tables"],
            "allowed_dbs": ["main.sqlite"]
        }
    ]
}

注: db_dir はベースディレクトリです。クライアントは allowed_dbs に明記されたDBにのみアクセス可能です。

許可メソッドのカスタマイズ

プログラムからサーバーを起動する場合、許可または禁止するメソッドをカスタマイズできます。

import asyncio
from nanasqlite_server.server import main

async def start_server():
    # 'close' を明示的に許可し、'__setitem__' を禁止する例
    await main(
        allowed_methods={"close"},
        forbidden_methods={"__setitem__"}
    )

if __name__ == "__main__":
    asyncio.run(start_server())

クライアントの使用例

import asyncio
from nanasqlite_server.client import RemoteNanaSQLite

async def main():
    # 接続情報の指定
    db = RemoteNanaSQLite(host="127.0.0.1", port=4433)
    
    # 接続と認証(秘密鍵 nana_private.pem が必要)
    await db.connect()
    
    # 非同期メソッドによるデータ操作
    await db.set_item_async("key", "value")
    val = await db.get_item_async("key")
    print(f"Read back: {val}")
    
    # 終了
    await db.close()

if __name__ == "__main__":
    asyncio.run(main())

注: サーバー側で DB が指定されていない場合、またはアカウントの allowed_dbs が設定されていない場合、サーバー起動時に --db で指定されたデータベースがデフォルトとして使用されます。

License

MIT License

Project details

Verified details

These details have been verified by PyPI
Project links
Owner
GitHub Statistics

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT License
  • Author: NanaSQLite-Project
  • Requires: Python >=3.9
  • Provides-Extra: speed , dev
Classifiers

Release history Release notifications | RSS feed

1.3.4

1.3.3

1.3.1

1.3.0

1.2.2

1.2.1

1.1.1

This version

1.1.1.dev2 pre-release

1.1.1.dev1 pre-release

1.1.0

1.0.1.dev1 pre-release

1.0.1.dev0 pre-release

1.0.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

nanasqlite_server-1.1.1.dev2.tar.gz (28.4 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

nanasqlite_server-1.1.1.dev2-py3-none-any.whl (21.4 kB view details)

Uploaded Python 3

File details

Details for the file nanasqlite_server-1.1.1.dev2.tar.gz.

File metadata

  • Download URL: nanasqlite_server-1.1.1.dev2.tar.gz
  • Upload date:
  • Size: 28.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for nanasqlite_server-1.1.1.dev2.tar.gz
Algorithm Hash digest
SHA256 18e063c5b246e2a4124cc352f8f690234a02872cfdf1e9e0cb74ad6f5caf9155
MD5 051b8728c8d5b837a52c66d918625368
BLAKE2b-256 fdcb98f7a76a7f4fdf099d6c1450a381bbf48c6a2a449e60c9fcecd27748628e

See more details on using hashes here.

Provenance

The following attestation bundles were made for nanasqlite_server-1.1.1.dev2.tar.gz:

Publisher: ci.yml on disnana/NanaSQLite-Server

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file nanasqlite_server-1.1.1.dev2-py3-none-any.whl.

File metadata

File hashes

Hashes for nanasqlite_server-1.1.1.dev2-py3-none-any.whl
Algorithm Hash digest
SHA256 76d042e97c3baf2b5a9523ecdf10332313c9ca94a8faad12212e3d4ba67edbe0
MD5 a251b61eed24d02ced86ea5c43701476
BLAKE2b-256 8c497c764f45347b7c967c1bfc4e011ae0eab8f15ca8cc35bf56423936d90024

See more details on using hashes here.

Provenance

The following attestation bundles were made for nanasqlite_server-1.1.1.dev2-py3-none-any.whl:

Publisher: ci.yml on disnana/NanaSQLite-Server

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page