caddy_knockknock

package module
v0.1.99 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 9, 2024 License: Apache-2.0 Imports: 16 Imported by: 0

README

Caddy Knock Knock

A simple enough but secure for someone auth schema for caddy reverse proxies.

Basically, you can forbid access to services until a particular, secret parameter is added to the service's URL. Then a session cookie authorizes the access until the tab/browser is closed.

You must be aware that this secret parameter is equivalent to a token and must be protected as a secret. Don't create a bookmark in the browser. Keep it safe.

And yes, in the future I will add a timeout, not just "forever". But it's a good POC for now.

Building

xcaddy build --with github.com/proofrock/caddy_knockknock@v0.1.0

Configuration

First of all, decide a key and hash it with argon2, for example using this site (it doesn't seem to send your key over the internet at the time of writing, but check yourself!)

Example:
key: abcdef
hash: $argon2id$v=19$m=16,t=2,p=1$Y2lhb2dlcm0$llGztGLqY/nSR2ax5vCtIg

Then, suppose you have a site to protect in caddy:

Example:
https://protected.example.com

You add a parameter kkkey with the secret:

Example:
https://protected.example.com?kkkey=abcdef

When you do so, your session will be enabled for https://protected.example.com.

This is the corresponding Caddyfile:

{
 order caddy_knockknock first
}

protected.example.com {
  caddy_knockknock {
    key_hash "$argon2id$v=19$m=16,t=2,p=1$Y2lhb2dlcm0$llGztGLqY/nSR2ax5vCtIg"
  }
  respond "Authorized!"
}

Documentation

Index

Constants

View Source 
const VERSION = "v0.1.0"

Variables

View Source 
var (
	ErrInvalidHash         = errors.New("the encoded hash is not in the correct format")
	ErrIncompatibleVersion = errors.New("incompatible version of argon2")
)

Functions

This section is empty.

Types

type CaddyKnockKnock 

type CaddyKnockKnock struct {
	HashedKey string `json:"key_hash,omitempty"`
	// contains filtered or unexported fields
}

func (CaddyKnockKnock) CaddyModule 

func (CaddyKnockKnock) CaddyModule() caddy.ModuleInfo

func (*CaddyKnockKnock) Provision 

func (m *CaddyKnockKnock) Provision(ctx caddy.Context) error

func (CaddyKnockKnock) ServeHTTP 

func (m CaddyKnockKnock) ServeHTTP(w http.ResponseWriter, r *http.Request, next caddyhttp.Handler) error

func (*CaddyKnockKnock) UnmarshalCaddyfile 

func (m *CaddyKnockKnock) UnmarshalCaddyfile(d *caddyfile.Dispenser) error

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.