Files

IGNY8 VPS (Salman) ab0d6469d4 bulk actions & some next audits docs

2025-12-20 02:46:00 +00:00

20 KiB

Raw Blame History

AWS-ADMIN Account & Superuser Audit Report

Date: December 20, 2025
Scope: Complete audit of aws-admin account, superuser permissions, and special configurations
Environment: Production IGNY8 Platform

Executive Summary

The aws-admin account is a special system account with elevated privileges designed for platform administration, development, and system-level operations. This audit documents all special permissions, configurations, and security controls associated with this account.

Current Status

Account Name: AWS Admin
Account Slug: aws-admin
Status: Active
Plan: Internal (System/Superuser) - unlimited resources
Credits: 333
Users: 1 user (developer role, superuser)
Created: Via management command create_aws_admin_tenant.py

1. Backend Configuration

1.1 Account Model Special Permissions

File: backend/igny8_core/auth/models.py

System Account Detection (Line 155-158):

def is_system_account(self):
    """Check if this account is a system account with highest access level."""
    return self.slug in ['aws-admin', 'default-account', 'default']

Special Behaviors:

✅ Cannot be deleted - Soft delete is blocked with PermissionDenied
✅ Unlimited access - Bypasses all filtering restrictions
✅ Multi-tenant access - Can view/edit data across all accounts

Account Slug Variants Recognized:

aws-admin (primary)
default-account (legacy)
default (legacy)

1.2 User Model Special Permissions

File: backend/igny8_core/auth/models.py

System Account User Detection (Line 738-743):

def is_system_account_user(self):
    """Check if user belongs to a system account with highest access level."""
    try:
        return self.account and self.account.is_system_account()
    except (AttributeError, Exception):
        return False

Developer Role Detection (Line 730-732):

def is_developer(self):
    """Check if user is a developer/super admin with full access."""
    return self.role == 'developer' or self.is_superuser

Site Access Override (Line 747-755):

def get_accessible_sites(self):
    """Get all sites the user can access."""
    if self.role in ['owner', 'admin', 'developer'] or self.is_superuser or self.is_system_account_user():
        return base_sites  # ALL sites in account
    # Other users need explicit SiteUserAccess grants

1.3 Admin Panel Permissions

File: backend/igny8_core/admin/base.py

QuerySet Filtering Bypass (8 instances, Lines 18, 31, 43, 55, 72, 83, 93, 103):

if request.user.is_superuser or (hasattr(request.user, 'is_developer') and request.user.is_developer()):
    return qs  # No filtering - see all data

Special Privileges:

✅ View all objects across all accounts
✅ Edit all objects across all accounts
✅ Delete all objects across all accounts
✅ Access all admin models without filtering

1.4 API Permissions

File: backend/igny8_core/api/permissions.py

HasTenantAccess Permission

Bypass Conditions (Lines 54-68):

is_superuser == True → ALLOWED
role == 'developer' → ALLOWED
is_system_account_user() == True → ALLOWED

IsSystemAccountOrDeveloper Permission

File: backend/igny8_core/api/permissions.py (Lines 190-208)

class IsSystemAccountOrDeveloper(permissions.BasePermission):
    """
    Allow only system accounts (aws-admin/default-account/default) or developer role.
    Use for sensitive, globally-scoped settings like integration API keys.
    """
    def has_permission(self, request, view):
        account_slug = getattr(getattr(user, "account", None), "slug", None)
        if user.role == "developer":
            return True
        if account_slug in ["aws-admin", "default-account", "default"]:
            return True
        return False

Usage: Protects sensitive endpoints like:

Global integration settings
System-wide API keys
Platform configuration

Permission Bypasses Summary

Permission Class	Bypass for Superuser	Bypass for Developer	Bypass for aws-admin
HasTenantAccess	✅ Yes	✅ Yes	✅ Yes
IsViewerOrAbove	✅ Yes	✅ Yes	✅ Yes (via developer)
IsEditorOrAbove	✅ Yes	✅ Yes	✅ Yes (via developer)
IsAdminOrOwner	✅ Yes	✅ Yes	✅ Yes (via developer)
IsSystemAccountOrDeveloper	✅ Yes	✅ Yes	✅ Yes (explicit)

1.5 Rate Limiting & Throttling

File: backend/igny8_core/api/throttles.py

Current Status: DISABLED - All rate limiting bypassed

Throttle Bypass Logic (Lines 22-39):

def allow_request(self, request, view):
    """
    Check if request should be throttled.
    DISABLED - Always allow all requests.
    """
    return True  # ALWAYS ALLOWED
    
    # OLD CODE (DISABLED):
    # if request.user.is_superuser: return True
    # if request.user.role == 'developer': return True
    # if request.user.is_system_account_user(): return True

Security Note: Rate limiting is currently disabled for ALL users, not just aws-admin.

1.6 AI Settings & API Keys

File: backend/igny8_core/ai/settings.py

Fallback to System Account (Lines 53-65):

# Fallback to system account (aws-admin, default-account, or default)
if not settings_obj:
    from igny8_core.auth.models import Account
    IntegrationSettings = apps.get_model('system', 'IntegrationSettings')
    
    for slug in ['aws-admin', 'default-account', 'default']:
        system_account = Account.objects.filter(slug=slug).first()
        if system_account:
            settings_obj = IntegrationSettings.objects.filter(account=system_account).first()
            if settings_obj:
                break

Special Behavior:

If an account doesn't have integration settings, aws-admin's settings are used as fallback
This allows system-wide default API keys (OpenAI, DALL-E, etc.)

1.7 Middleware Bypass

File: backend/igny8_core/auth/middleware.py

Account Injection Bypass (Lines 146-157):

if getattr(user, 'is_superuser', False):
    # Superuser - no filtering
    return None

# Developer or system account user - no filtering
if hasattr(user, 'is_system_account_user') and user.is_system_account_user():
    return None

Effect: Request-level account filtering disabled for aws-admin users.

1.8 Management Command

File: backend/igny8_core/auth/management/commands/create_aws_admin_tenant.py

Purpose: Creates or updates aws-admin account with unlimited resources

What It Does:

Creates/gets Enterprise plan with unlimited limits (999999 for all resources)
Creates/gets aws-admin account linked to Enterprise plan
Moves all superuser and developer role users to aws-admin account
Sets 999999 credits for the account

Usage:

python manage.py create_aws_admin_tenant

Plan Limits (Lines 26-40):

max_users: 999,999
max_sites: 999,999
max_keywords: 999,999
max_clusters: 999,999
monthly_word_count_limit: 999,999,999
daily_content_tasks: 999,999
daily_ai_requests: 999,999
monthly_ai_credit_limit: 999,999
included_credits: 999,999
All features enabled: ['ai_writer', 'image_gen', 'auto_publish', 'custom_prompts', 'unlimited']

2. Frontend Configuration

File: frontend/src/layout/AppSidebar.tsx

Access Control (Lines 46-52):

const isAwsAdminAccount = Boolean(
  user?.account?.slug === 'aws-admin' ||
  user?.account?.slug === 'default-account' ||
  user?.account?.slug === 'default' ||
  user?.role === 'developer'
);

Admin Section Display (Lines 258-355):

System Dashboard - /admin/dashboard
Account Management - All accounts, subscriptions, limits
Billing Administration - Invoices, payments, credit configs
User Administration - All users, roles, activity logs
System Configuration - System settings, AI settings, module settings
Monitoring - System health, API monitor, debug status
Developer Tools - Function testing, system testing
UI Elements - Complete UI component library (22 pages)

Total Admin Menu Items: 50+ pages accessible only to aws-admin users

2.2 Route Protection

File: frontend/src/components/auth/AdminGuard.tsx

Guard Logic (Lines 12-18):

export default function AdminGuard({ children }: AdminGuardProps) {
  const { user } = useAuthStore();
  const role = user?.role;
  const accountSlug = user?.account?.slug;
  const isSystemAccount = accountSlug === 'aws-admin' || accountSlug === 'default-account' || accountSlug === 'default';
  const allowed = role === 'developer' || isSystemAccount;

  if (!allowed) {
    return <Navigate to="/" replace />;  // Redirect to home
  }
  return <>{children}</>;
}

Protected Routes: All /admin/* routes wrapped with AdminGuard

2.3 API Status Indicator

File: frontend/src/components/sidebar/ApiStatusIndicator.tsx

Visibility Control (Lines 130-131):

// Only show and run for aws-admin accounts
const isAwsAdmin = user?.account?.slug === 'aws-admin';

Special Feature:

Real-time API health monitoring component
Checks 100+ API endpoints across all modules
Only visible/functional for aws-admin users
Displays endpoint status (healthy/warning/error)

2.4 Debug Tools Access

File: frontend/src/components/debug/ResourceDebugOverlay.tsx

Access Control (Line 46):

const isAdminOrDeveloper = user?.role === 'admin' || user?.role === 'developer';

Debug Features Available:

Resource debugging overlay
Network request inspection
State inspection
Performance monitoring

2.5 Protected Route Privileges

File: frontend/src/components/auth/ProtectedRoute.tsx

Privileged Access (Line 127):

const isPrivileged = user?.role === 'developer' || user?.is_superuser;

Special Behaviors:

Access to all routes regardless of module enable settings
Bypass certain validation checks
Access to system-level features

2.6 API Request Handling

File: frontend/src/services/api.ts

Comment Blocks (Lines 640-641, 788-789, 1011-1012, 1169-1170):

// Always add site_id if there's an active site (even for admin/developer)
// The backend will respect it appropriately - admin/developer can still see all sites

Behavior:

Frontend still sends site_id parameter
Backend ignores it for aws-admin users (shows all data)
This maintains consistent API interface while allowing privileged access

3. Security Analysis

3.1 Current User Details

Retrieved from Database:

Username: developer
Email: [from database]
Role: developer
Superuser: True
Account: AWS Admin (aws-admin)
Account Status: active
Account Credits: 333

3.2 Permission Matrix

Operation	Regular User	Admin Role	Developer Role	Superuser	aws-admin User
View own account data	✅ Yes	✅ Yes	✅ Yes	✅ Yes	✅ Yes
View other accounts	❌ No	❌ No	✅ Yes	✅ Yes	✅ Yes
Edit other accounts	❌ No	❌ No	✅ Yes	✅ Yes	✅ Yes
Delete accounts	❌ No	❌ No	⚠️ Limited	✅ Yes	✅ Yes (except self)
Access Django admin	❌ No	⚠️ Limited	✅ Full	✅ Full	✅ Full
Access admin dashboard	❌ No	❌ No	✅ Yes	✅ Yes	✅ Yes
View all users	❌ No	⚠️ Own account	✅ All	✅ All	✅ All
Manage billing (all accounts)	❌ No	❌ No	✅ Yes	✅ Yes	✅ Yes
System settings	❌ No	❌ No	✅ Yes	✅ Yes	✅ Yes
API monitoring	❌ No	❌ No	✅ Yes	✅ Yes	✅ Yes
Debug tools	❌ No	⚠️ Limited	✅ Full	✅ Full	✅ Full
Rate limiting	✅ Applied*	✅ Applied*	✅ Bypassed*	✅ Bypassed*	✅ Bypassed*
Credit deduction	✅ Yes	✅ Yes	⚠️ Check needed	⚠️ Check needed	⚠️ Check needed
AI API fallback	❌ No	❌ No	✅ Yes	✅ Yes	✅ Yes (system default)

*Currently all rate limiting is disabled globally

3.3 Security Strengths

✅ Good Practices

Multiple authentication layers - Role, superuser, and account slug checks
Explicit permission classes - IsSystemAccountOrDeveloper for sensitive endpoints
Frontend route guards - AdminGuard prevents unauthorized access
Account isolation - Regular users strictly isolated to their account
Cannot delete system account - Protected from accidental deletion
Audit trail - Django admin logs all actions
Middleware protection - Request-level filtering for non-privileged users

3.4 Security Concerns & Recommendations

⚠️ Areas for Improvement

1. Rate Limiting Disabled (HIGH PRIORITY)

Issue: All rate limiting bypassed globally, not just for aws-admin
Risk: API abuse, DoS attacks, resource exhaustion
Recommendation: Re-enable rate limiting with proper exemptions for aws-admin

# Recommended fix in throttles.py
def allow_request(self, request, view):
    # Bypass for system accounts only
    if request.user and request.user.is_authenticated:
        if getattr(request.user, 'is_superuser', False):
            return True
        if hasattr(request.user, 'role') and request.user.role == 'developer':
            return True
        if hasattr(request.user, 'is_system_account_user') and request.user.is_system_account_user():
            return True
    
    # Apply normal throttling for all other users
    return super().allow_request(request, view)

2. AI API Key Fallback (MEDIUM PRIORITY)

Issue: All accounts fall back to aws-admin's API keys if not configured
Risk: Unexpected costs, quota exhaustion, key exposure
Recommendation:
- Add explicit opt-in for fallback behavior
- Alert when fallback keys are used
- Track usage per account even with fallback keys

3. Credit Deduction Unclear (MEDIUM PRIORITY)

Issue: Not clear if aws-admin users are charged credits for operations
Risk: Potential cost tracking issues
Recommendation:
- Audit credit deduction logic for system accounts
- Document whether aws-admin is exempt from credit charges
- If exempt, ensure credit balance never depletes

4. Multiple System Account Slugs (LOW PRIORITY)

Issue: Three different slugs recognized (aws-admin, default-account, default)
Risk: Confusion, inconsistent behavior
Recommendation: Standardize on aws-admin only, deprecate others

5. is_superuser Flag (LOW PRIORITY)

Issue: Both is_superuser flag and developer role grant same privileges
Risk: Redundant permission checks, potential bypass
Recommendation: Use one permission model (recommend role-based)

6. UI Elements in Production (INFORMATIONAL)

Issue: 22 UI element demo pages accessible in admin menu
Risk: Potential information disclosure
Recommendation: Move to separate route or remove from production

3.5 Access Log Review Recommendations

Recommended Monitoring:

Admin Actions - Review django_admin_log table regularly
API Access - Log all requests from aws-admin users
Failed Permissions - Alert on permission denied for system account
Multi-Account Data Access - Log when aws-admin views other accounts' data
System Settings Changes - Require approval/notification for critical changes

Suggested Audit Queries:

-- All actions by aws-admin users (last 30 days)
SELECT * FROM django_admin_log 
WHERE user_id IN (SELECT id FROM igny8_core_auth_user WHERE account_id = (SELECT id FROM igny8_core_auth_account WHERE slug='aws-admin'))
AND action_time > NOW() - INTERVAL '30 days'
ORDER BY action_time DESC;

-- All accounts accessed by developers
SELECT DISTINCT object_repr, content_type_id, action_flag
FROM django_admin_log 
WHERE user_id IN (SELECT id FROM igny8_core_auth_user WHERE role='developer' OR is_superuser=true)
AND content_type_id = (SELECT id FROM django_content_type WHERE app_label='igny8_core_auth' AND model='account');

4. Compliance & Best Practices

4.1 Principle of Least Privilege

⚠️ Current: aws-admin has unlimited access to everything
✅ Recommendation: Consider creating sub-roles:
- system-admin: Account/user management only
- billing-admin: Billing and payments only
- platform-admin: System settings only
- developer: Full access (current state)

4.2 Separation of Duties

⚠️ Current: Single developer user has all permissions
✅ Recommendation:
- Create separate accounts for different admin tasks
- Require MFA for aws-admin users
- Log all sensitive operations with approval workflow

4.3 Data Protection

✅ Good: Account deletion protection for system account
✅ Good: Soft delete implementation preserves audit trail
⚠️ Improvement: Add data export restrictions for sensitive PII

5. Recommendations Summary

Immediate Actions (Within 1 Week)

✅ Re-enable rate limiting with proper system account exemptions
✅ Audit credit deduction logic for aws-admin account
✅ Document which operations are logged and where

Short-term Actions (Within 1 Month)

⚠️ Review AI API key fallback behavior and add tracking
⚠️ Standardize system account slug to aws-admin only
⚠️ Implement MFA requirement for aws-admin users
⚠️ Add alerts for sensitive operations (account deletion, plan changes, etc.)

Long-term Actions (Within 3 Months)

📋 Create sub-admin roles with limited scope
📋 Implement approval workflow for critical system changes
📋 Add audit dashboard showing aws-admin activity
📋 Security review of all permission bypass points
📋 Penetration testing focused on privilege escalation

6. Conclusion

The aws-admin account is properly configured with extensive privileges necessary for platform administration. The implementation follows a clear pattern of permission checks across backend and frontend.

Key Strengths:

Multi-layered permission checks
System account protection from deletion
Clear separation between system and tenant data
Comprehensive admin interface

Key Risks:

Global rate limiting disabled
AI API key fallback may cause unexpected costs
Multiple system account slugs create confusion
No sub-admin roles for separation of duties

Overall Security Posture: MODERATE

System account is properly protected and identified
Permissions are consistently enforced
Some security controls (rate limiting) need re-enabling
Monitoring and audit trails need enhancement

Appendix A: Code Locations Reference

Backend Permission Checks

auth/models.py - Lines 155-158, 738-743, 730-732, 747-755
admin/base.py - Lines 18, 31, 43, 55, 72, 83, 93, 103
api/permissions.py - Lines 54-68, 190-208
api/throttles.py - Lines 22-39
api/base.py - Lines 25, 34, 259
auth/middleware.py - Lines 146, 155
ai/settings.py - Lines 53-65

Frontend Access Controls

layout/AppSidebar.tsx - Lines 46-52, 258-355
components/auth/AdminGuard.tsx - Lines 12-18
components/auth/ProtectedRoute.tsx - Line 127
components/sidebar/ApiStatusIndicator.tsx - Lines 130-131
components/debug/* - Line 46
services/api.ts - Multiple locations (640, 788, 1011, 1169)

Management Commands

auth/management/commands/create_aws_admin_tenant.py - Full file

Report Generated: December 20, 2025
Generated By: Security Audit Process
Classification: Internal Use Only
Next Review Date: March 20, 2026

End of Audit Report

20 KiB Raw Blame History