hyper-auth-proxy

A proxy to do http basic auth from a JWT token and redis session credentials

usage

Little auth proxy based on hyper-reverse-proxy that can be used to add Basic auth header for a backend service without having to send credentials base64 encoded on the web.

It will use JWK token key sid field to seek for the credentials in a Redis instance. The JWT token is read from Authorization cookie. The credentials are stored in json :

{ "credentials": "dXNlcjp0ZXN0" }

They can be used "as is" or the credentials can be encoded (for example with AES).

Without encoded credentials, the proxy will make a request with Authorization header :

Authorization: Basic dXNlcjp0ZXN0

The main should contain a tokio main section and call the run_service function.

Example :

use hyper_auth_proxy::{run_service, ProxyConfig};

#[tokio::main]
async fn main() {
    let (_tx, rx) = tokio::sync::oneshot::channel::<()>();
    let config = ProxyConfig::default();
    let server = run_service(config.clone(), rx).await;
    println!("Running auth proxy on {:?} with backend {:?}", config.address, config.back_uri);
    if let Err(e) = server.await {
        eprintln!("server error: {}", e);
    }
}

The proxy configuration contains the following parameters :

 use std::net::SocketAddr;
 struct ProxyConfig {
    pub jwt_key: String,
    pub credentials_key: String,
    pub back_uri: String,
    pub redis_uri: String,
    pub address: SocketAddr,
}

logging && debugging

It uses log API so for example with env_logger it can be launched with

$ RUST_LOG=debug hyper-auth-proxy

And you should have logs like :

[2022-03-16T12:51:26Z INFO  my_auth_proxy] Running auth proxy on 127.0.0.1:3000 with backend "http://backend"
[2022-03-16T12:51:33Z DEBUG hyper_auth_proxy] cannot find auth cookie: no cookies header
[2022-03-16T12:53:21Z DEBUG hyper_auth_proxy] cannot find auth cookie: no auth cookie
[2022-03-16T12:53:35Z DEBUG hyper_auth_proxy] cannot decode jwt token: cannot decode jwt token (No claims component found in token string)