Giter Club home page Giter Club logo

vsts's Introduction

VSTS - Very Simple Token Service

Very simple JWT token generator / validator. Created to use with Traefik ForwardAuth middleware since it hides behind Traefik (can be located internally). This service is of no use publicly exposed since the /gen endpoint would be accessable.

API

GET /gen

Generate a token in the response body.

GET /auth

The /auth endpoint works in 3 ways, in this order:

Expecting either of the following headers: TOKEN: <token> where <token> is a valid generated token from the /gen endpoint. X-Forwarded-Uri: <Uri> where Uri contains a query parameter token=<token>

Expecting a query param: /auth?token=<token>.

GET /auth/:token

Expecting a token in the path: /auth/<token>.

On a valid token, the service will respond with a status code 200 making it useful for something like Traefik ForwardAuth.

On a missing token a 401 is returned. On an invalid token a 404 is returned. This can be because the token is bogus, it expired or is a different token (different secret).

GET /healthz

Very simple health check endpoint at: /healthz.

Config file and Environment variable overrides.

The server may be configured with a configuration file with a basename of settings and any of the following supported formats {json, yaml, toml, INI, RON, JSON5}.

All of which can be overriden by environment variables:

  • VSTS_SERVER_PORT
  • VSTS_JWT_SECRET
  • VSTS_JWT_DURATION

Examples:

Run with secret set up by environment variable:

VSTS_JWT_SECRET="test" VSTS_SERVER_PORT=3030 VSTS_JWT_DURATION="3d 4h 10s" ./vsts

vsts's People

Contributors

dependabot[bot] avatar exodus avatar

Stargazers

avatar

Watchers

avatar

Forkers

dbalseiro

vsts's Issues

Handle validating token from headers

To support something like Traefik ForwardAuth which passes the URI in a header X-FORWARDED-Uri we need to extract that
header and then parse the URI.

Expire time should be configurable

Add token expire time to configuration. Use something like parse duration for easier configuration language like:

jwt:
  expire: 1w

where expire can be any valid duration parser: 1w, 1s, 1d

Libraries to explore:

It seems https://github.com/zeta12ti/parse_duration/ is no longer maintained and has some issues (DoS)
https://github.com/baoyachi/duration-str has recent activity and no reported issues.
https://github.com/tailhook/humantime seems well maintained.

Should work with chrono / standard Duration ideally.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.