Token/password protected http proxy

Question

Token/password protected http proxy

thetakodev opened this issue 6 years ago · 5 comments

thetakodev commented 6 years ago

Issue type:

➕ Feature request

Short description:

Please add an option to protect with password, token or whatever, so you can send requests with a second parameter for this basic auth(still better than nothing), so other people cant break you systems, by sending random http requests.

(I just want to make a reactor controller app for android, would be so much satisfaction to do, pls add)

rubensworks · Answer 1 · 2018-07-14T05:56:13.000Z

This would definitely be interesting to have.

I have a huge list of feature request before this though, so don't expect this anytime soon. PRs are welcome though.

otakup0pe · Answer 2 · 2020-07-29T02:15:56.000Z

I've started some work on this. Do y'all have any feelings on how it is implemented? Off the top of my head I'm thinking....

New string config param apiToken. Defaults to blank which preserves existing behavior.
Somewhere around here check to see if the apiToken is not blank. If it's not then check for the X-IntegratedRest-Token header and compare. Proceed as normal if it matches, throw a 403 if it does not.

rubensworks · Answer 3 · 2020-07-29T09:57:27.000Z

I had in mind to use HTTP's basic authentication protocol: https://en.wikipedia.org/wiki/Basic_access_authentication
Should be supported already by most HTTP server-side and client-side libraries.

Basic access authentication - Wikipedia

otakup0pe · Answer 4 · 2020-07-29T18:06:44.000Z

Aite I'll go with basic auth. Do we want to support multiple users / .htpasswd style or just a single user/pass in the config?

rubensworks · Answer 5 · 2020-07-30T06:36:33.000Z

I would suggest multiple users directly in the config. Should be easy to implement as a map or list.

Share to

Issue type:

Short description: