Crate hyper_auth_proxy
source · [−]Expand description
hyper-auth-proxy
A proxy to do http basic auth from a JWT token and redis session credentials
usage
Little auth proxy based on hyper-reverse-proxy that can be used to add Basic auth header for a backend service without having to send credentials base64 encoded on the web.
It will use JWK token key sid
field to seek for the credentials in a Redis instance. The JWT token is read from Authorization
cookie. The credentials are stored in json :
{ "credentials": "dXNlcjp0ZXN0" }
They can be used “as is” or the credentials can be encoded (for example with AES).
Without encoded credentials, the proxy will make a request with Authorization
header :
Authorization: Basic dXNlcjp0ZXN0
The main should contain a tokio main section and call the run_service function.
Example :
use hyper_auth_proxy::{run_service, ProxyConfig};
#[tokio::main]
async fn main() {
let (_tx, rx) = tokio::sync::oneshot::channel::<()>();
let config = ProxyConfig::default();
let server = run_service(config.clone(), rx).await;
println!("Running auth proxy on {:?} with backend {:?}", config.address, config.back_uri);
if let Err(e) = server.await {
eprintln!("server error: {}", e);
}
}
The proxy configuration contains the following parameters :
use std::net::SocketAddr;
struct ProxyConfig {
pub jwt_key: String,
pub credentials_key: String,
pub back_uri: String,
pub redis_uri: String,
pub address: SocketAddr,
}
logging && debugging
It uses log API so for example with env_logger it can be launched with
$ RUST_LOG=debug hyper-auth-proxy
And you should have logs like :
[2022-03-16T12:51:26Z INFO my_auth_proxy] Running auth proxy on 127.0.0.1:3000 with backend "http://backend"
[2022-03-16T12:51:33Z DEBUG hyper_auth_proxy] cannot find auth cookie: no cookies header
[2022-03-16T12:53:21Z DEBUG hyper_auth_proxy] cannot find auth cookie: no auth cookie
[2022-03-16T12:53:35Z DEBUG hyper_auth_proxy] cannot decode jwt token: cannot decode jwt token (No claims component found in token string)
Modules
Structs
Functions
Runs the proxy without credential decoder. The string in Redis credential field is used
as Authorization
header
Runs the proxy with a credential decoder function. It should be with the signature :