Authentication & Roles

Session model, user management, and role-based access control.

Session Model

GSNOC uses iron-session for stateless encrypted sessions:

• Encryption: AES-256-CBC with HMAC-SHA256
• Storage: Signed cookie (no server-side session store required)
• Lifetime: 24 hours by default (SESSION_TTL=86400)

Adding Users

Hash a password with bcrypt (cost 12) and add to config/users.json:

npm run add-user -- --username alice --role operator
# Prompts for password, writes hashed entry to users.json

Or manually:

node -e "const b=require('bcrypt'); b.hash('mypassword',12).then(console.log)"

Then add to config/users.json:

{
  "username": "alice",
  "passwordHash": "$2b$12$<hash>",
  "role": "operator"
}

Role-Based Access

| Role | Dashboard | CDR | Carriers | Tickets | Detection | Config | Users | |---|---|---|---|---|---|---|---| | admin | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | | operator | ✓ | ✓ | ✓ | ✓ | ✓ | — | — | | viewer | ✓ | ✓ (read) | ✓ (read) | ✓ (read) | ✓ (read) | — | — |