Reverse proxy which requires proof of work using mkproof before authorizing access to upstream.
When the mkproof-proxy receives a request, it generates a challenge that must be completed before authorizing access to the upstream url. The challenge is displayed on screen and set in a JWT. The user must then compute the solution and submit it to the proxy. The proxy will verify the solution and if valid, will grant access to the upstream url. The access grant is given until the cookie/JWT expires.
-secret-key flag is used to configure the secret key that will be used to
sign the token. The key must be kept secret to avoid forged tokens which would
allow users to bypass the proof of work challenge.
-fake flag is meant for testing only. This implements a proof of work with
a challenge that has a value of
challenge and with a solution that is also a
challenge. This flag may be removed in the future.
Usage of ./mkproof-proxy: -checkproof string Path to the checkproof binary -fake Use fake proof of work -listen-addr string Listening address of the proxy (default "127.0.0.1:8080") -mkchallenge string Path to the mkchallenge binary -secret-key string Secret for signing jwt tokens -upstream-url string The upstream url to proxy to