3ce20314db9a02d73028c06e4d5ea52d4169d689
Rename the 'entry' column to 'ip' throughout the database schema and function signatures for clarity. This affects both the CREATE TABLE statement and all INSERT queries in the audit_log table. The parameter naming in AddPermanentEntry, DeletePermanentEntry, and AddTempEntry functions has also been updated to reflect the more specific 'ip' terminology. Corresponding log messages have been adjusted to use 'temp ip' instead of 'temp entry' for consistency.
auth-proxy
A lightweight Go auth proxyway that sits in front of sensitive services (phpMyAdmin, Gitea, uptime kuma) and provides:
- IP-based whitelisting (permanent and temporary via REST API with TTL, stored in SQLite)
- No domain changes — NGINX continues to proxy to the same
server_name
Architecture
Client ──NGINX auth_request──► auth-proxy ──► allow / deny
NGINX calls auth-proxy as an internal subrequest. On 200 the original request proceeds. On 401/403 NGINX returns the response to the client. Whitelisted IPs never see auth.
Build
go build -o auth-proxy ./src
Docker
docker build -t db123/auth-proxy:latest .
or
docker pull git.yejayekhoob.com/db123/auth-proxy:latest
Quick start
# Set required env vars (see .env.example)
cp .env.example .env
vim .env
# Start
./auth-proxy
Directory structure
├── src/
│ ├── main.go — entry point
│ ├── auth.go — HTTP handlers
│ ├── db.go — database operations
│ ├── config.go — configuration
│ ├── cleanup.go — cleanup goroutine
│ └── auth_test.go — unit tests
├── docs/
│ ├── api.md
│ ├── deploy.md
│ ├── design.md
│ └── security.md
├── Dockerfile
├── docker-compose.yml
├── go.mod
└── openapi.yaml
API
The API requires a bearer token set via AUTH_PROXY_API_TOKEN. All endpoints return 401 Unauthorized if the token is missing or invalid.
| Method | Path | Description |
|---|---|---|
| POST | /api/whitelist/temp |
Add a temporary whitelisted IP |
| GET | /api/whitelist/temp/list |
List active temporary entries |
| DELETE | /api/whitelist/temp/{ip} |
Remove a temporary entry |
| POST | /api/whitelist/perm |
Add a permanent whitelisted IP/CIDR |
| GET | /api/whitelist/perm/list |
List active permanent entries |
| DELETE | /api/whitelist/perm/{entry} |
Remove a permanent entry |
| GET | /api/logs |
Retrieve audit log entries |
| GET | /status |
Health check with DB status |
See docs/api.md for full API reference.
NGINX integration
See docs/deploy.md for the full NGINX auth_request configuration.
Documentation
README.md— this filedocs/api.md— API referencedocs/security.md— security model and notesdocs/deploy.md— deployment instructionsdocs/design.md— design rationale
Description
Languages
Go
95.8%
Dockerfile
4.2%