Detect incorrect proof based on exit code
Test for non ErrIncorrectProof errors
Fix valid proof not working
Reverse proxy which requires proof of work using mkproof before authorizing access to upstream.
When the mkproof-proxy receives a request, it generates a challenge that must be completed before authorizing access to the upstream url. The challenge is displayed on screen and set in a JWT. The user must then compute the solution and submit it to the proxy. The proxy will verify the solution and if valid, will grant access to the upstream url. The access grant is given until the cookie/JWT expires.
The -secret-key
flag is used to configure the secret key that will be used to
sign the token. The key must be kept secret to avoid forged tokens which would
allow users to bypass the proof of work challenge.
The -fake
flag is meant for testing only. This implements a proof of work with
a challenge that has a value of challenge
and with a solution that is also a
value of challenge
. This flag may be removed in the future.
Usage of ./mkproof-proxy:
-checkproof string
Path to the checkproof binary
-fake
Use fake proof of work
-listen-addr string
Listening address of the proxy (default "127.0.0.1:8080")
-mkchallenge string
Path to the mkchallenge binary
-secret-key string
Secret for signing jwt tokens
-upstream-url string
The upstream url to proxy to
See LICENSE.