auth-proxy-server

Go implementation of reverse proxy server with OAuth OIDC or x509 authentication. It provides CMS authentication headers based on CRIC information, and build-in rotate logs functionality.

For full details please refer to this document.

Building and runnign the code

The code can be build as following:

# to build
make
# or use go build command
go build -ldflags="-X main.version=`git rev-parse --short HEAD`"

To run the service we can choose either between CERN SSO OAuth2 OICD authentication or x509 one. In both cases, please provide CRIC file and/or URL.

# to run with CERN SSO OAuth OICD authentication
auth-proxy-server -config config.json

# to run with x509 authentication
auth-proxy-server -config config.json -useX509

Code organization

The code is implemented as the following modules:

• config.go provides server configuration methods
• cric.go provides CMS CRIC service functionality
• data.go holds all data structures used in the package
• logging.go provides logging functionality
• iam.go module provides all necessary logic to handle IAM
• main.go the main module
• metrics.go Prometheus metrics module
• oauth.go provides implementation of oathProxyServer
• redirect.go provides logic of reverse proxy
• server.go provides main APS server logic
• scitokens.go module provides support for SciTokens
• utils.go provides various utils used in a code
• x509.go provides implementation of x509ProxyServer

Both server implementations (oauthProxyServer and x509ProxyServer) support /server end-point which can be used to update server settings, e.g. curl -X POST -H"Content-type: application/json" -d '{"verbose":true}' https://a.b.com/server

This codebase is based on different examples taken from:

• Reverse proxy server in one line
• Reverse proxy server demo
• Reverse proxy server
• Metrics in reverse proxy server
• GoLang reverse proxy