db123-test 252c617769 fix: handle errors from audit log INSERT statements
Previously, errors from INSERT INTO audit_log were silently discarded using _, _, which
meant audit log failures could go unnoticed during add/delete/cleanup operations.

The changes now properly capture and return errors for permanent entry operations and
temporary entry operations, except for cleanupExpiredTemp which logs warnings instead
of failing the entire cleanup process when individual audit log entries fail.
2026-05-04 13:16:58 +03:30

auth-proxy

A lightweight Go auth proxyway that sits in front of sensitive services (phpMyAdmin, Gitea, uptime kuma) and provides:

  • IP-based whitelisting (permanent and temporary via REST API with TTL, stored in SQLite)
  • No domain changes — NGINX continues to proxy to the same server_name

Architecture

Client ──NGINX auth_request──► auth-proxy ──► allow / deny

NGINX calls auth-proxy as an internal subrequest. On 200 the original request proceeds. On 401/403 NGINX returns the response to the client. Whitelisted IPs never see auth.

Build

go build -o auth-proxy .

Docker

docker build -t db123/auth-proxy:latest .

or

docker pull git.yejayekhoob.com/db123/auth-proxy:latest

Quick start

# Set required env vars (see .env.example)
cp .env.example .env
vim .env

# Start
./auth-proxy

API

The API requires a bearer token set via AUTH_PROXY_API_TOKEN. All endpoints return 401 Unauthorized if the token is missing or invalid.

Method Path Description
POST /api/whitelist/temp Add a temporary whitelisted IP
GET /api/whitelist/temp/list List active temporary entries
DELETE /api/whitelist/temp/{ip} Remove a temporary entry
POST /api/whitelist/perm Add a permanent whitelisted IP/CIDR
GET /api/whitelist/perm/list List active permanent entries
DELETE /api/whitelist/perm/{entry} Remove a permanent entry
GET /api/logs Retrieve audit log entries
GET /status Health check

See docs/api.md for full API reference.

NGINX integration

See docs/deploy.md for the full NGINX auth_request configuration.

Documentation

  • README.md — this file
  • docs/api.md — API reference
  • docs/security.md — security model and notes
  • docs/deploy.md — deployment instructions
  • docs/design.md — design rationale
Description
No description provided
Readme 119 KiB
Languages
Go 95.8%
Dockerfile 4.2%