Crate hyper_auth_proxy

source · []
Expand description

hyper-auth-proxy CircleCI

A proxy to do http basic auth from a JWT token and redis session credentials

schema

Little auth proxy based on hyper-reverse-proxy that can be used to add Basic auth header for a backend service without having to send credentials base64 encoded on the web.

It will use JWK token key sid field to seek for the credentials in a Redis instance. The credentials are stored in json :

{ "credentials": "dXNlcjp0ZXN0" }

They can be used “as is” or the credentials can be encoded (for example with AES).

Without encoded credentials, the proxy will make a request with Authorization header :

Authorization: Basic dXNlcjp0ZXN0

The main should contain a tokio main section and call the run_service function.

Example :

use hyper_auth_proxy::{run_service, ProxyConfig};

#[tokio::main]
async fn main() {
    let (_tx, rx) = tokio::sync::oneshot::channel::<()>();
    let config = ProxyConfig::default();
    let server = run_service(config.clone(), rx).await;
    println!("Running auth proxy on {:?} with backend {:?}", config.address, config.back_uri);
    if let Err(e) = server.await {
        eprintln!("server error: {}", e);
    }
}

The proxy configuration contains the following parameters :

 use std::net::SocketAddr;
 struct ProxyConfig {
    pub jwt_key: String,
    pub credentials_key: String,
    pub back_uri: String,
    pub redis_uri: String,
    pub address: SocketAddr,
}

Modules

errors
redis_session

Structs

ProxyConfig
SessionToken

Functions

run_service

Runs the proxy without credential decoder. The string in Redis credential field is used as Authorization header

run_service_with_decoder

Runs the proxy with a credential decoder function. It should be with the signature :