feat: add SQLite persistence and REST API for temporary whitelisting
- Migrate IP-based temporary whitelisting from file to SQLite storage - Add REST API endpoints for managing temporary and permanent whitelists - Create `.env.example` with required environment variables - Document API endpoints in README.md and docs/api.md - Add new dependency `modernc.org/sqlite` for SQLite support - Update deployment and security documentation
This commit is contained in:
25
README.md
25
README.md
@@ -1,10 +1,9 @@
|
||||
# auth-gate
|
||||
|
||||
A lightweight Go auth gateway that sits in front of sensitive services (phpMyAdmin, Git,
|
||||
uptime monitors) and provides:
|
||||
A lightweight Go auth gateway that sits in front of sensitive services (phpMyAdmin, Gitea,
|
||||
uptime kuma) and provides:
|
||||
|
||||
- IP-based whitelisting (permanent via file, temporary via REST API with TTL)
|
||||
- HTTP Basic Auth as fallback
|
||||
- IP-based whitelisting (permanent and temporary via REST API with TTL, stored in SQLite)
|
||||
- No domain changes — NGINX continues to proxy to the same `server_name`
|
||||
|
||||
## Architecture
|
||||
@@ -39,6 +38,22 @@ vim .env
|
||||
./auth-gate
|
||||
```
|
||||
|
||||
## API
|
||||
|
||||
The API requires a bearer token set via `AUTH_GATE_API_TOKEN`. All endpoints return `401 Unauthorized` if the token is missing or invalid.
|
||||
|
||||
| Method | Path | Description |
|
||||
|--------|------|-------------|
|
||||
| POST | `/api/whitelist/temp` | Add a temporary whitelisted IP |
|
||||
| GET | `/api/whitelist/temp/list` | List active temporary entries |
|
||||
| DELETE | `/api/whitelist/temp/{ip}` | Remove a temporary entry |
|
||||
| POST | `/api/whitelist/perm` | Add a permanent whitelisted IP/CIDR |
|
||||
| DELETE | `/api/whitelist/perm/{entry}` | Remove a permanent entry |
|
||||
| GET | `/api/logs` | Retrieve audit log entries |
|
||||
| GET | `/status` | Health check |
|
||||
|
||||
See `docs/api.md` for full API reference.
|
||||
|
||||
## NGINX integration
|
||||
|
||||
See `docs/deploy.md` for the full NGINX `auth_request` configuration.
|
||||
@@ -49,4 +64,4 @@ See `docs/deploy.md` for the full NGINX `auth_request` configuration.
|
||||
- `docs/api.md` — API reference
|
||||
- `docs/security.md` — security model and notes
|
||||
- `docs/deploy.md` — deployment instructions
|
||||
- `docs/design.md` — design rationale
|
||||
- `docs/design.md` — design rationale
|
||||
|
||||
Reference in New Issue
Block a user