underpants

command module

v0.0.0-...-052274c Latest Latest Go to latest Published: Feb 25, 2023 License: MIT Imports: 23 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/kellegous/underpants

Links

Open Source Insights

README ¶

Underpants

A reverse HTTP proxy that authenticates requests through OAuth2.

Suppose you are a Google Apps customer and suppose you want to restrict access to some web servers to just the folks in your organization. Like, for instance, if you're building your internal apps on AWS. Pain in the ass, right? So put underpants in between the world and your backends and you can use your Google credentials to get in.

Installation

go get github.com/kellegous/underpants

Configuration

Your underpants are configured through a silly little JSON file. Here's an example:

{
  "host" : "underpants.company.com",
  "oauth" : {
    "provider"      : "google",
    "domain"        : "company.com",
    "client-id"     : "oauth-client-id",
    "client-secret" : "oauth-client-secret"
  },
  "use-strict-security-headers": true,
  "certs" : [
    {
      "crt" : "/path/to/crt.pem",
      "key" : "/path/to/key.pem"
    }
  ],
  "routes" : [
    {
      "from" : "public.company.com",
      "to"   : "http://localhost:8080"
    }
  ]
}

Available Providers

Google
Okta

Google

You can get your oauth-client-id and oauth-client-secret by creating a project on Google's API Console. You will use that for your client-id and client-secret. Generally, you will also want to use the domain configuration to limit authentication to a particular domain.

Okta

For testing, you can create a developer account. Configuration of okta requires client-id, client-secret and base-url which will point to the domain for your okta instance (i.e. https://example.okta.com).

Additional Details

The certs section is optional and its absence will cause your underpants proxy to operate on pure HTTP. The key file may be encrypted so long as it is in encrypted PEM format with proper Proc-Type and Dek-Info headers. If you do not know what that means, just use openssl and that is what you will end up with.

If your configuration can stomach it, enable use-strict-security-headers to get some extra peace of mind. This will block clickjacking, disable downstream HTTP caching, and turn on Strict-Transport-Security if HTTPS.

For more granular access control, you can configure groups and their membership in the JSON file. Once groups are configured, routes will deny all users who are not a member of one of the authorized groups by default. The special * group can be used to allow any authenticated user access to the route. See underpants.sample.groups.json for a configuration sample.

Running

Just run it; it's an executable.

underpants

Some TODO's

Handle non-transactional traffic, like web sockets.

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

underpants.go

Directories ¶

Path	Synopsis
auth
google
mailchimp
okta
config
hub
internal
mux
proxy
user
util

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL