19753ec07d910eb8e731ca9b5bab17e179c9ff7b
Update the CI/CD workflow to reference the full path to Go binaries (/usr/local/go/bin/go, gofmt) instead of relying on PATH resolution. This ensures the correct Go version is used when running in the Docker container where the binary location may differ from the default PATH expectation.
auth-gate
A lightweight Go auth gateway that sits in front of sensitive services (phpMyAdmin, Gitea, uptime kuma) and provides:
- IP-based whitelisting (permanent and temporary via REST API with TTL, stored in SQLite)
- No domain changes — NGINX continues to proxy to the same
server_name
Architecture
Client ──NGINX auth_request──► auth-gate ──► allow / deny
NGINX calls auth-gate as an internal subrequest. On 200 the original request proceeds. On 401/403 NGINX returns the response to the client. Whitelisted IPs never see auth.
Build
go build -o auth-gate .
Docker
docker build -t yejayekhoob/auth-gate:latest .
Quick start
# Set required env vars (see .env.example)
cp .env.example .env
vim .env
# Start
./auth-gate
API
The API requires a bearer token set via AUTH_GATE_API_TOKEN. All endpoints return 401 Unauthorized if the token is missing or invalid.
| Method | Path | Description |
|---|---|---|
| POST | /api/whitelist/temp |
Add a temporary whitelisted IP |
| GET | /api/whitelist/temp/list |
List active temporary entries |
| DELETE | /api/whitelist/temp/{ip} |
Remove a temporary entry |
| POST | /api/whitelist/perm |
Add a permanent whitelisted IP/CIDR |
| DELETE | /api/whitelist/perm/{entry} |
Remove a permanent entry |
| GET | /api/logs |
Retrieve audit log entries |
| GET | /status |
Health check |
See docs/api.md for full API reference.
NGINX integration
See docs/deploy.md for the full NGINX auth_request configuration.
Documentation
README.md— this filedocs/api.md— API referencedocs/security.md— security model and notesdocs/deploy.md— deployment instructionsdocs/design.md— design rationale
Description
Languages
Go
95.8%
Dockerfile
4.2%