Go implementation of reverse proxy server with OAuth OIDC or x509 authentication. It provides CMS authentication headers based on CRIC information, and build-in rotate logs functionality.
For full details please refer to this document.
The code can be build as following:
# to build
make
# or use go build command
go build -ldflags="-X main.version=`git rev-parse --short HEAD`"
To run the service we can choose either between CERN SSO OAuth2 OICD authentication or x509 one. In both cases, please provide CRIC file and/or URL.
# to run with CERN SSO OAuth OICD authentication
auth-proxy-server -config config.json
# to run with x509 authentication
auth-proxy-server -config config.json -useX509
The code is implemented as the following modules:
- config.go provides server configuration methods
- cric.go provides CMS CRIC service functionality
- data.go holds all data structures used in the package
- logging.go provides logging functionality
- iam.go module provides all necessary logic to handle IAM
- main.go the main module
- metrics.go Prometheus metrics module
- oauth.go provides implementation of oathProxyServer
- redirect.go provides logic of reverse proxy
- server.go provides main APS server logic
- scitokens.go module provides support for SciTokens
- utils.go provides various utils used in a code
- x509.go provides implementation of x509ProxyServer
Both server implementations (oauthProxyServer and x509ProxyServer) support /server end-point which can be used to update server settings, e.g. curl -X POST -H"Content-type: application/json" -d '{"verbose":true}' https://a.b.com/server
This codebase is based on different examples taken from: