A simple gRPC-based schedule indexer with built-in encryption and SQLite storage. This service allows you to securely store and retrieve user schedules (JSON data) with automatic encryption/decryption.
- 🚀 Fast gRPC API - Built with Tonic for high-performance communication
- 🔐 Secure Encryption - AES-256-GCM encryption for all stored data
- 💾 SQLite Storage - Simple, reliable persistence
- 📝 JSON Support - Store complex schedule data as JSON
- 🔑 Admin Authentication - Protect write operations with admin key
gRPC API
│
┌─────────────┼─────────────┐
│ │ │
StoreSchedule GetSchedule Server
│ │ │
└─────────────┼─────────────┘
│
Encryption
│
SQLite DB
- Rust 1.70+ (2021 edition)
- SQLite3 (usually pre-installed on most systems)
Clone the repository and build:
git clone <your-repo-url>
cd gei
cargo build --releaseCreate a .env file (or copy .env.example):
DATABASE_URL=sqlite://schedules.db
ENCRYPTION_KEY=your-encryption-key-here
ADMIN_KEY=your-admin-key-hereGenerate a secure admin key:
openssl rand -base64 32cargo run --bin gei-serverThe server will start on 0.0.0.0:50053 and create a schedules.db file in the current directory.
You can interact with the server using any gRPC client. Here are examples using different tools:
Store a schedule (requires admin key):
grpcurl -plaintext \
-H "admin-key: your-admin-key" \
-d '{
"username": "alice",
"schedule_json": "{\"monday\":\"Math 9AM\",\"tuesday\":\"Physics 10AM\"}"
}' localhost:50053 schedule.ScheduleIndexer/StoreScheduleRetrieve a schedule (no auth required):
grpcurl -plaintext -d '{
"username": "alice"
}' localhost:50053 schedule.ScheduleIndexer/GetScheduleSee proto/schedule.proto for the service definition and implement your client in any language that supports gRPC.
| Variable | Description | Default | Required |
|---|---|---|---|
DATABASE_URL |
SQLite database path | sqlite://schedules.db |
No |
ENCRYPTION_KEY |
Custom encryption key | Auto-generated | No |
ADMIN_KEY |
Admin key for write operations | None | Yes* |
*Required for StoreSchedule operations
Custom database location:
DATABASE_URL="sqlite:///var/lib/gei/schedules.db" cargo run --bin gei-serverCustom encryption key:
ENCRYPTION_KEY="my-super-secret-key" cargo run --bin gei-serverservice ScheduleIndexer {
rpc StoreSchedule(StoreScheduleRequest) returns (StoreScheduleResponse);
rpc GetSchedule(GetScheduleRequest) returns (GetScheduleResponse);
}Stores or updates a user's schedule with automatic encryption.
Authentication: Requires admin-key in request metadata.
Request:
username(string): Unique identifier for the userschedule_json(string): Schedule data in JSON format
Metadata:
admin-key(string): Admin authentication key
Response:
success(bool): Operation statusmessage(string): Success/error message
Errors:
UNAUTHENTICATED: Admin key not providedPERMISSION_DENIED: Invalid admin key
Retrieves and decrypts a user's schedule.
Authentication: None required (public read access).
Request:
username(string): Username to retrieve
Response:
success(bool): Operation statusschedule_json(string): Decrypted schedule datamessage(string): Error message if failed
Write operations (StoreSchedule) require admin authentication to prevent unauthorized database modifications:
- Admin key must be sent in the
admin-keymetadata header - Read operations (
GetSchedule) remain publicly accessible - See
QUICKSTART_ADMIN.mdfor quick setup guide - See
ADMIN_AUTH.mdfor complete documentation and examples
Quick example:
# Test with example client
export ADMIN_KEY="your-admin-key"
cargo run --example client_with_admin
# Or run the test script
./test_admin_auth.sh- Algorithm: AES-256-GCM
- Nonce: Random 12-byte nonce per encryption
- Storage: Nonce prepended to ciphertext
-
Always set a custom encryption key in production:
export ENCRYPTION_KEY="your-secure-random-key"
-
Always set a strong admin key:
export ADMIN_KEY="$(openssl rand -base64 32)"
-
Protect your database file:
chmod 600 schedules.db
-
Use TLS for gRPC in production
-
Rotate encryption keys periodically
-
Never commit
.envto version control
gei/
├── proto/
│ └── schedule.proto # gRPC service definition
├── src/
│ ├── crypto.rs # Encryption/decryption logic
│ ├── db.rs # SQLite database operations
│ ├── service.rs # gRPC service implementation
│ ├── server.rs # Server binary
│ └── lib.rs # Library module
├── examples/
│ └── client_with_admin.rs # Example client with admin auth
├── build.rs # Protobuf compilation
├── Cargo.toml # Dependencies
├── ADMIN_AUTH.md # Admin auth documentation
├── QUICKSTART_ADMIN.md # Quick setup guide
├── test_admin_auth.sh # Test script for admin auth
└── README.md # This file
cargo testcargo build --releaseBinary will be in target/release/gei-server
# Build the image
docker build -t gei-server .
# Run the container
docker run -p 50053:50053 -e ENCRYPTION_KEY="your-key" gei-serverOr use docker-compose:
docker-compose up -d{
"monday": [
{
"time": "09:00-10:30",
"class": "Data Structures",
"room": "A-301"
}
],
"tuesday": [
{
"time": "10:00-11:30",
"class": "Algorithms",
"room": "A-401"
}
]
}MIT License - See LICENSE file for details
Contributions are welcome! Please feel free to submit a Pull Request.