new-home-proxy 0.1.2

This is a part of the New Home IoT System. It is used to make the core available in the www.
Documentation 
[![Pipeline Status](https://gitlab.com/Y_Software/new-home-proxy/badges/master/pipeline.svg)](https://gitlab.com/Y_Software/new-home-proxy/pipelines)
[![creates.io](https://img.shields.io/crates/v/new-home-proxy.svg?style=flat-square&logo=rust)](https://crates.io/crates/new-home-proxy)

# New Home: Proxy

Supplies a basic proxy for use with the New Home system.
Used to make the Core part publicly available with SSL encryption.
Enables the New Home UI to be hosted SSL encrypted and built as PWA.

## Why?

While you still can run your own UI, I want to have the UI available as PWA. 
For this however I have to add a Service Worker to it and this on the other 
hand requires the UI to be served via HTTPS (which still is possible for me).
But now the Core has to be reachable as well via HTTPS, and this certificate 
has to be trusted. This is where I fail. No one will give you a (trusted) SSL
certificate for an IP, especially not for a network-internal IP. So I have to 
get the Core out of your home and available via SSL. So this proxy server will
be hosted (with SSL encryption) by me or if you have the know-how by yourself.

## How? (Tech part)

The proxy constits of 2 parts:

* The client, which will run on your Raspberry PI
* The server, which will run on my (or your) Server

Additionally, I will provide configuration files, so that you can deploy it
straight to Heroku and have this proxy hosted "by yourself". At least so that
you know, that I'm not copying data on my server.

### How the connection works

Giving the public access to your home is a sensible topic, so it has to be secure.
I try my best to make it secure by encrypting all the traffic between your home,
the proxy server and the UI (aka your local device). To ensure that not someone
else will access your home resources, the client proxy requires a login. The login
is not part of the server but on the client (**your** Raspberry PI).

To get away without any port forwarding in your router, the client connects to the
server. By this only the server has to be available in the public and the client
is just sitting some where, even behind a firewall. And the even better part is,
that the communication runs via websocket connection, so you only need a single
port and a single SSL setup for securing the proxy request and the client tunnel.

To secure your home from intruders there are login credentials that has to be sent
in a proxy request. They will be forwarded to the client and the client will then
validate them. By this you can't be fooled by a manipulated server that is allowing
everything.

All of this should prevent someone from breaking into your home. If someone has 
still concerns please let me know of this, so I can get into it and try to fix this.