{"id":25998535,"url":"https://github.com/knifemaster007/pgauthproxy","last_synced_at":"2025-03-05T17:25:08.023Z","repository":{"id":57555763,"uuid":"311820244","full_name":"KnifeMaster007/pgAuthProxy","owner":"KnifeMaster007","description":"Postgres authentication proxy written in Go","archived":false,"fork":false,"pushed_at":"2024-05-14T11:59:19.000Z","size":26,"stargazers_count":11,"open_issues_count":0,"forks_count":3,"subscribers_count":1,"default_branch":"master","last_synced_at":"2024-06-20T17:30:36.903Z","etag":null,"topics":["authentication","authorization","postgres","postgresql"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/KnifeMaster007.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-11-11T00:33:11.000Z","updated_at":"2024-04-17T12:16:50.000Z","dependencies_parsed_at":"2024-06-20T17:12:55.156Z","dependency_job_id":"0ef1921f-a4ec-469c-a314-ad19dcea99fe","html_url":"https://github.com/KnifeMaster007/pgAuthProxy","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/KnifeMaster007%2FpgAuthProxy","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/KnifeMaster007%2FpgAuthProxy/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/KnifeMaster007%2FpgAuthProxy/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/KnifeMaster007%2FpgAuthProxy/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/KnifeMaster007","download_url":"https://codeload.github.com/KnifeMaster007/pgAuthProxy/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":242068885,"owners_count":20066981,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authentication","authorization","postgres","postgresql"],"created_at":"2025-03-05T17:25:07.528Z","updated_at":"2025-03-05T17:25:07.982Z","avatar_url":"https://github.com/KnifeMaster007.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# PgAuthProxy\n\n[![Go Report Card](https://goreportcard.com/badge/github.com/KnifeMaster007/pgAuthProxy?style=flat-square)](https://goreportcard.com/report/github.com/KnifeMaster007/pgAuthProxy)\n\nPgAuthProxy is a PostgreSQL gateway with customizable authentication. It provides \nsingle entrypoint for various database servers with credentials mapping capability.\n\n## Installation\n\n```\ngo install github.com/KnifeMaster007/pgAuthProxy\n```\n\n## Core concepts\n\nWhen client connects PgAuthProxy, it handles the connection this way:\n\n1. Receives startup message from the client, \n   which includes the names of the user and of the database\n2. Responds to client with Authentication Request message\n3. Client responds with password message\n4. PgAuthProxy executes user-defined authenticator command\n5. If authenticator command execution succeeded, \n   PgAuthProxy initiates connection to host, provided by authenticator\n6. If connection to target succeeded, PgAuthProxy sends startup message \n   with parameters provided by the authenticator(user, database, etc.)\n7. On authentication request from target host, PgAuthProxy sends \n   credential, provided by authenticator\n8. If authentication with the target is successful, PgAuthProxy just forwards any \n   further messages between the client and target host\n\n## Usage\n\n```\npgAuthProxy [flags]\n\nFlags:\n      --clear-passwd    use cleartext password instead of MD5-hashed\n      --config string   configuration file path\n  -h, --help            help for pgAuthProxy\n      --listen string   bind address (default \":5432\")\n```\n\n## Configuration file\n\n```yaml\nlisten: 0.0.0.0:15432                             # bind address (default \":5432\")\n\nauthenticator:\n  cleartext_password: false                       # use cleartext password instead of MD5-hashed\n  cmd: [\"authenticator.py\", \"--md5-passwords\"]    # authentication command\n```\n\n## Authenticator executable call conventions\n\nAuthenticator must process startup message parameters and credentials, \nprovided by user, and respond with startup message and credentials for target database server\n\nPgAuthProxy launches authenticator on each connection, passes input parameters to STDIN\nand reads target database parameters from an authenticator's STDOUT. \nNon-zero exit code treated as authentication error.\n\n### Example\n\n#### Authenticator input\n```\nuser=testuser\ndatabase=testuser\napplication_name=psql\nclient_encoding=UTF8\n_SOURCE_CRED=md55fa959c75491e1ce08541c50bc3ac3c4\n_SOURCE_SALT=2182654f\n```\n\nIf cleartext passwords is enabled, _SOURCE_CRED will contain password,\n_SOURCE_SALT will be 00000000\n\n#### Authenticator output\n```\nuser=postgres\ndatabase=postgres\napplication_name=psql(proxied for testuser)\nclient_encoding=UTF8\n_META_TARGET_HOST=pgbouncer.prod:5432\n_META_TARGET_CRED=md53670464b1b43f39455d2637b187f9245\n```\n\n## Limitations\n * SSL is not supported yet\n * Cleartext password authentication with backend is not supported","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fknifemaster007%2Fpgauthproxy","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fknifemaster007%2Fpgauthproxy","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fknifemaster007%2Fpgauthproxy/lists"}