Logo
Noddev
ShowcaseDocsBlog
Go to Docs

Welcome

IntroductionEcosystem Overview

Omni (OSINT Platform)

OverviewCore ConceptsSteganographySocial Recon

ApiShield (Security)

Getting StartedRate LimitingThreat Models

Terminal-RichJS (CLI)

IntroductionInstallationComponentsLayouts

Ready to secure your next project?

GitHub Profile

© 2026 NODDEV. All rights reserved.

GitHubTwitterWhatsApp

Core Concepts

Authentication, authorization, and frontend architecture in Omni.

Authentication & Authorization

Auth Providers

Configured in src/auth.ts using NextAuth:

  • Credentials: Email/password with bcrypt verification.
  • OAuth: Google + GitHub, with allowDangerousEmailAccountLinking enabled.

Session Strategy

  • JWT-based session strategy.
  • JWT callback hydrates id, role, creditsRemaining, and mfaEnabled.
  • Session callback injects the same fields into session.user.

User Roles

RoleDescription
OPERATIVEDefault role for standard users
ADMINAdministrative access to Command Center

API Keys

  • Each user receives a generated API key (omni_live_<hex>) on creation.
  • The key can be rotated via /api/user/rotate-key.

Credits System

  • Stored per user in users.creditsRemaining.
  • Each investigation consumes 1 credit.
  • Admins can inject credits from the Command Center.
  • Atomic credit check prevents overdrafts.

Frontend Modules

Main UI (src/app/page.tsx)

  • Single-page view switcher controlled by view state.
  • Search input auto-detects query type:
    • Social username, email, phone, URL, IPv4/IPv6, domain
  • Protected views (auth required): metadata, dns, breach, url, history, admin, fingerprint.
  • Auth modal for sign-in/sign-up.

IP Intelligence

  • ResultsPage fetches /api/investigate (IP) with fallback to ipapi.co when unauthenticated.
  • IPResults renders data, security assessment, and exports PDF.

DNS Audit

  • DNSRecords fetches /api/investigate (DOMAIN) or falls back to Google DNS.
  • DNSResults displays A/AAAA/MX/TXT/NS records and PDF export.

Breach Search

  • BreachSearch fetches /api/investigate (BREACH).
  • BreachResults renders summary, breach list, recommendations, and PDF export.

Malware Sandbox

  • URLSearch calls /api/investigate (URL).
  • URLResults shows live submission status + last scan details.

History

  • HistoryPage fetches /api/history and allows drilling into detailed report view.

Admin Command Center

  • AdminDashboard displays user table and audit logs.
  • CreditInjectionModal enforces max quotas (ADMIN 10k / OPERATIVE 1k).
  • AdminAuditLogs shows audit stream.

Security & Middleware

  • middleware.ts enforces anti-scraping checks, simple rate limiting, and security headers.
  • Auth gating for /admin and /history is done by checking NextAuth session cookies in middleware (Edge-safe).

Utility Modules

ModulePurpose
src/utils/exportPdf.tsGenerates branded forensic PDFs with jsPDF + autoTable
src/utils/fingerprint.tsBrowser fingerprint data collection
PreviousOverviewNextSteganography
Was this helpful?

On This Page

Authentication & AuthorizationAuth ProvidersSession StrategyUser RolesAPI KeysCredits SystemFrontend ModulesMain UI (`src/app/page.tsx`)IP IntelligenceDNS AuditBreach SearchMalware SandboxHistoryAdmin Command CenterSecurity & MiddlewareUtility Modules