~tomleb/mkproof-proxy

A reverse proxy which requires proof of work to be able to access the upstream server
Detect incorrect proof based on exit code
Test for non ErrIncorrectProof errors
Fix valid proof not working

refs

master
browse  log 

clone

read-only
https://git.sr.ht/~tomleb/mkproof-proxy
read/write
git@git.sr.ht:~tomleb/mkproof-proxy

You can also use your local clone with git send-email.

#mkproof-proxy

Reverse proxy which requires proof of work using mkproof before authorizing access to upstream.

When the mkproof-proxy receives a request, it generates a challenge that must be completed before authorizing access to the upstream url. The challenge is displayed on screen and set in a JWT. The user must then compute the solution and submit it to the proxy. The proxy will verify the solution and if valid, will grant access to the upstream url. The access grant is given until the cookie/JWT expires.

The -secret-key flag is used to configure the secret key that will be used to sign the token. The key must be kept secret to avoid forged tokens which would allow users to bypass the proof of work challenge.

The -fake flag is meant for testing only. This implements a proof of work with a challenge that has a value of challenge and with a solution that is also a value of challenge. This flag may be removed in the future.

#Usage

Usage of ./mkproof-proxy:
  -checkproof string
    	Path to the checkproof binary
  -fake
    	Use fake proof of work
  -listen-addr string
    	Listening address of the proxy (default "127.0.0.1:8080")
  -mkchallenge string
    	Path to the mkchallenge binary
  -secret-key string
    	Secret for signing jwt tokens
  -upstream-url string
    	The upstream url to proxy to

#License

See LICENSE.