Gain Superpowers With Out-Of-The-Box Fundamental Backend Building Blocks.
Built-In
GraphQL Server
The GraphQL server receives and processes GraphQL requests from clients, retrieves the requested data from a data source, and returns the data in a structured format back to the client. It acts as an interface between the client and the data source, allowing clients to fetch precisely the data they need in a single request.
GraphQL to SQL Compiler
To improve the security and performance of your application, basebox contains a unique GraphQL to SQL compiler programmed in Rust. The compiler eliminates the need to hand-write many resolver functions. Added benefits are:
- Reduced attack surface
- Optimized SQL queries (automatic SQL joins)
- Input validation
- Rate limiting
- Simplicity
HTTP Server (Actix Web)
No need to put Apache or nginx in front of basebox - basebox contains a production grade HTTPS server based on Actix Web, one of the fastest HTTP servers around.
We chose it because of its:
- Speed
High performance and low overhead.
It is the only HTTP framework/server to finish in the top 10 of all TechEmpower HTTP framework benchmarks. - Concurrency
Supports asynchronous programming and multithreading. - Rust
Performance and safety.
PostgreSQL
The installation includes a PostgreSQL database, but you can easily connect your own – no matter where it is hosted. Describe your schema using GraphQL. The database will then configure itself automatically. You don't have to write resolvers anymore. You can update your schema at any time.
PostgreSQLGet Rid of Hidden Risks With Built-in Compliance and Security.
Features
GraphQL Compiler
basebox features a unique GraphQL to SQL compiler. It is run during the installation of basebox and converts a GraphQL schema file provided by you to a set of SQL template files that allow blazingly fast on-the-fly translation of your GraphQL operations to SQL queries. It creates automatic SQL joins that speed up database queries, avoiding unnecessary round trips.
Business Logic Layer
For many operations, the basebox compiler is enough to handle everything. However, if you need to provide business logic, like sending an email when a new user connects, you can add it using basebox' Business Logic Layer (BLL).
The BLL is a hook-based API that performs custom actions on specific operations. The BLL is optionally called once or twice for each operation:
- After the request is authorized, before the database is being hit
- After the database returns data
This way, as a developer, you can add all kinds of backend functionality.
Currently, the BLL supports Python, only. In other words, you implement your custom logic in Python code.
We are already working on a gRPC-based microservices architecture.
OpenID Connect
basebox uses OpenID Connect (OIDC) for authentication and authorization. OpenID Connect is an official, widely used OAuth 2.0 authorization framework extension. It allows computing clients to verify the identity of an end user based on the authentication performed by an authorization server (e.g. KeyCloak).
OpenID Connect is also a widely used single sign on-solution.
Optional 2FA
Two-Factor-Authorization (2FA) is set up via the OpenID Connect provider (e.g., Keycloak). Any app developed with basebox can enable and use 2FA. The setup is simple and harmonizes with the individual user and role management.
Input Validation
basebox uses input validation as another protection feature to guard against SQL injections.
In this process, we analyze inputs and disallow those considered unsuitable.
Defend Your Attack Vectors and, Thus, Your Data.
Security
100% Rust
You don't have to know Rust to use basebox, but since basebox is written in 100% Rust, your project benefits from Rust's speed and safety.
Penetration Tests
basebox is regularly subjected to extensive penetration tests (Pentests). These are the process steps:
-
Reconnaissance
Gathering information about the target system. -
Scanning
Identifying vulnerabilities in the system. -
Exploitation
Attempting to gain unauthorized access to the system. -
Escalation
Attempting to gain higher privileges within the system. -
Maintaining Access
Attempting to maintain access to the system. -
Reporting
Providing a report detailing findings and recommendations.
External Audits
basebox contains thousands of lines of code and developer hours. To avoid operational blindness, we regularly have external auditors perform various tests.
The Johner Institute has an excellent reputation. Since 2004 it has been pursuing its mission: Leveraging science and technology for a better life – for everyone. They know the typical dangers and critical points of data-sensitive products through their support of hundreds of customers developing regulated products. basebox is happy to work with Johner Institute.
Continuous Updates
We are constantly evolving basebox. Besides new functionality, we implement new developments to increase overall security – without you noticing anything. This is how we respond to new developments in the market, such as innovations in operating systems.
We provide the updates. As a basebox user, you can install them without any problems. Your backend remains secure and up-to-date.
Threat Modelling
In the context of updates, the threat model of basebox is adapted to prevent new danger points from being created.
Threat modeling is a structured approach to identifying potential security threats to basebox and assessing the risks they pose. It includes the following steps:
-
Identifying Assets
Identifying the valuable assets and data that need to be protected. -
Identifying Threats
Identifying potential threats to the assets and data. -
Identifying Vulnerabilities
Identifying weaknesses in the system that the identified threats could exploit. -
Assessing Risk
Evaluating the likelihood and impact of the identified threats and vulnerabilities. -
Developing Countermeasures
Developing and implementing strategies to mitigate the identified risks. -
Continuous Monitoring
Ongoing monitoring and updating of the threat model to reflect changes in the system and emerging threats.
Unit and Integration Tests
basebox contains an extensive set of unit and integration tests. As we further develop basebox, we constantly add new and extend existing tests to ensure high code quality and security.
White-/Black-Box Testing
White-Box testing is a method in which the code's internal structure is known and considered. This type of testing is also known as "structural testing" or "glass box testing" because the tester can see into the "box" (i.e., the code). It's usually done by developers and focuses on testing individual functions or methods and how they interact with one another.
On the other hand, Black-Box testing is a method in which the internal structure of the code is not known and not considered. This type of testing is also known as "functional testing" or "behavioral testing" because the tester only sees the input and output without knowing how the code works. It's usually done by QA testers and focuses on testing the software's functionality from the user's perspective without knowing the internal implementation.
Setup Is Lightweight and Relies on Standards.
System
Any 64bit Linux
basebox runs on virtually all Linux systems. A low-cost and simple server configuration is sufficient for many use cases, e.g.
- Ubuntu 20.04
- 4 GB Ram
- 40 GB hard disk
Installation
We will provide detailed installation instructions as soon as the beta is available. A Docker based installation for easy setup is also in the making.
Self-Hosted
Install basebox wherever you want.
On your terms. On-premise. In your cloud. It uses hardly any storage space and is powerful and fast, even on small servers.
We do not yet offer basebox as a cloud service. However, if there is enough demand, we will provide that.
For data-sensitive sectors, e.g., Health Tech, self-hosting has several advantages, mainly 100% authority over the data. For some use cases, self-hosting might even be mandatory for policy reasons.
More to Come.
Basebox Always Gets Better at No Additional Cost.
Coming Soon
gRPC Microservices
gRPC is a high-performance, open source, universal Remote-Procedure-Call (RPC) framework.
basebox integrates gRPC to support microservices for custom business logic and the like.
NoSQL/Multi-DB Support
basebox currently runs with a PostgreSQL database. We plan to add support for more database systems (NoSQL and others) or multiple databases for the same project.
Push Notifications
Push notifications for Android and iOS devices will be integrated into basebox, so you won't need to run a dedicated server.
GraphQL Subscriptions
basebox does currently not support GraphQL subscriptions; we will add them later.
Data migration
Changing your data model requires you to manually recompile basebox's SQL templates, schema, and resolver files. We will add a semi-automatic migration that creates ALTER TABLE ...
statements and updates all required files.
Dashboard
We will add a customizable dashboard to basebox to create individual dashboards for each user. The data displayed will depend on rights and needs and can be configured. The basebox dashboard editor will let you quickly build and graphically display the data. Due to the integration in basebox, you won't need to develop your own solution or search, install, and configure external ones.