A secure QUIC-based RPC server for NanaSQLite

Navigation

Verified details

These details have been verified by PyPI
Project links
Owner
GitHub Statistics

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT License
  • Author: NanaSQLite-Project
  • Requires: Python >=3.9
  • Provides-Extra: speed , dev
Classifiers
Report project as malware

Project description

NanaSQLite-Server

English | 日本語

English

A secure, high-performance, QUIC-based RPC server for NanaSQLite.

⚠️ Security Warning

The security of this server depends on the method structure of the NanaSQLite class. While we use a dynamic protection mechanism, updates to NanaSQLite may introduce new methods that could potentially bypass current security restrictions. Always review the FORBIDDEN_METHODS in server.py when updating the underlying nanasqlite library.

Current Supported NanaSQLite Version: v1.3.2+

Features

  • QUIC Protocol: Built on top of HTTP/3 technology for low latency and high reliability.
  • Ed25519 Passkey Authentication: Secure challenge-response authentication.
  • Role-Based Access Control (RBAC): Manage allowed/forbidden methods per account.
  • Multi-DB Support: Securely access multiple databases within a designated directory.
  • Dynamic Protection: Automatically adapts to updates while strictly controlling method access.
  • Cross-Platform: Optimized for Windows, Linux, and macOS.
  • Non-Blocking IO: Database operations run in a thread pool.

Quick Start

pip install nanasqlite-server
nanasqlite-cert-gen
nanasqlite-key-gen
nanasqlite-server

Multi-Database & RBAC Configuration

Configure accounts and database access in accounts.json:

{
    "db_dir": "./data",
    "accounts": [
        {
            "name": "admin",
            "public_key": "ssh-ed25519 ...",
            "allowed_methods": null,
            "allowed_dbs": ["main.sqlite", "logs.sqlite"]
        },
        {
            "name": "readonly_user",
            "public_key": "ssh-ed25519 ...",
            "allowed_methods": ["get_item_async", "list_tables"],
            "allowed_dbs": ["main.sqlite"]
        }
    ]
}

Note: db_dir is the base directory. Remote clients can only access databases explicitly listed in their allowed_dbs.

Customizing Allowed Methods

You can customize the allowed/forbidden methods when starting the server programmatically:

import asyncio
from nanasqlite_server.server import main

async def start_server():
    # Explicitly allow 'close' and forbid '__setitem__'
    await main(
        allowed_methods={"close"},
        forbidden_methods={"__setitem__"}
    )

if __name__ == "__main__":
    asyncio.run(start_server())

日本語

NanaSQLite のためのセキュアで高速な QUIC ベースの RPC サーバーです。

⚠️ セキュリティに関する重要な警告

このサーバーのセキュリティは NanaSQLite クラスのメソッド構造に依存しています。動的な保護メカニズムを採用していますが、NanaSQLite のアップデートにより、現在の制限を回避できる新しいメソッドが導入される可能性があります。 nanasqlite ライブラリを更新する際は、必ず server.py 内の FORBIDDEN_METHODS を確認し、必要に応じて更新してください。

現在対応している NanaSQLite バージョン: v1.3.2+

特徴

  • QUIC プロトコル: HTTP/3 テクノロジーをベースにした低遅延で信頼性の高い通信。
  • Ed25519 パスキー認証: チャレンジ/レスポンス方式によるセキュアな認証。
  • ロールベースアクセス制御 (RBAC): アカウントごとの許可/禁止メソッドの管理。
  • マルチDB対応: 指定したディレクトリ内の複数のDBへ安全にアクセス。
  • 動的保護: ライブラリの更新に自動対応しつつ、許可されたメソッドのみを実行可能。
  • マルチプラットフォーム: Windows, Linux, macOS に最適化。
  • 非ブロッキング I/O: すべての DB 操作をスレッドプールで実行し、イベントループを停止させません。

クイックスタート

pip install nanasqlite-server
# 証明書と鍵の生成
nanasqlite-cert-gen
nanasqlite-key-gen
# サーバーの起動
nanasqlite-server

マルチDB & RBAC 設定

accounts.json でアカウントとアクセス可能なDBを構成します:

{
    "db_dir": "./data",
    "accounts": [
        {
            "name": "admin",
            "public_key": "ssh-ed25519 ...",
            "allowed_methods": null,
            "allowed_dbs": ["main.sqlite", "logs.sqlite"]
        },
        {
            "name": "readonly_user",
            "public_key": "ssh-ed25519 ...",
            "allowed_methods": ["get_item_async", "list_tables"],
            "allowed_dbs": ["main.sqlite"]
        }
    ]
}

注: db_dir はベースディレクトリです。クライアントは allowed_dbs に明記されたDBにのみアクセス可能です。

許可メソッドのカスタマイズ

プログラムからサーバーを起動する場合、許可または禁止するメソッドをカスタマイズできます。

import asyncio
from nanasqlite_server.server import main

async def start_server():
    # 'close' を明示的に許可し、'__setitem__' を禁止する例
    await main(
        allowed_methods={"close"},
        forbidden_methods={"__setitem__"}
    )

if __name__ == "__main__":
    asyncio.run(start_server())

クライアントの使用例

import asyncio
from nanasqlite_server.client import RemoteNanaSQLite

async def main():
    # 接続情報の指定
    db = RemoteNanaSQLite(host="127.0.0.1", port=4433)
    
    # 接続と認証(秘密鍵 nana_private.pem が必要)
    await db.connect()
    
    # 非同期メソッドによるデータ操作
    await db.set_item_async("key", "value")
    val = await db.get_item_async("key")
    print(f"Read back: {val}")
    
    # 終了
    await db.close()

if __name__ == "__main__":
    asyncio.run(main())

注: サーバー側で DB が指定されていない場合、またはアカウントの allowed_dbs が設定されていない場合、サーバー起動時に --db で指定されたデータベースがデフォルトとして使用されます。

License

MIT License

Project details

Verified details

These details have been verified by PyPI
Project links
Owner
GitHub Statistics

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT License
  • Author: NanaSQLite-Project
  • Requires: Python >=3.9
  • Provides-Extra: speed , dev
Classifiers

Release history Release notifications | RSS feed

1.3.4

1.3.3

1.3.1

1.3.0

1.2.2

1.2.1

This version

1.1.1

1.1.1.dev2 pre-release

1.1.1.dev1 pre-release

1.1.0

1.0.1.dev1 pre-release

1.0.1.dev0 pre-release

1.0.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

nanasqlite_server-1.1.1.tar.gz (28.3 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

nanasqlite_server-1.1.1-py3-none-any.whl (21.4 kB view details)

Uploaded Python 3

File details

Details for the file nanasqlite_server-1.1.1.tar.gz.

File metadata

  • Download URL: nanasqlite_server-1.1.1.tar.gz
  • Upload date:
  • Size: 28.3 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for nanasqlite_server-1.1.1.tar.gz
Algorithm Hash digest
SHA256 c501b519c40571bfbb204a3df3e14952fa843ff0e2c09e3dd111deee05abab26
MD5 ac8dded685e9627575b9c88e5ffa8abe
BLAKE2b-256 b205d4767ad63e9fe432536e644f70936185cd188ac5ec96a618c23c6681aa46

See more details on using hashes here.

Provenance

The following attestation bundles were made for nanasqlite_server-1.1.1.tar.gz:

Publisher: ci.yml on disnana/NanaSQLite-Server

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file nanasqlite_server-1.1.1-py3-none-any.whl.

File metadata

File hashes

Hashes for nanasqlite_server-1.1.1-py3-none-any.whl
Algorithm Hash digest
SHA256 7f53937946b3cd292118c57946f7a5e95e6606ef9ff64725d937902697cc7742
MD5 0d7b3463e8d4e87860891a8dc1b83647
BLAKE2b-256 94993d4992c99da7dc4ebe7a519cb98512a12fb087bc0ccb3af6f74654bccf7c

See more details on using hashes here.

Provenance

The following attestation bundles were made for nanasqlite_server-1.1.1-py3-none-any.whl:

Publisher: ci.yml on disnana/NanaSQLite-Server

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page