{"id":18447282,"url":"https://github.com/lamg/pmproxy","last_synced_at":"2025-04-08T00:32:04.857Z","repository":{"id":32196283,"uuid":"103572175","full_name":"lamg/pmproxy","owner":"lamg","description":"HTTP proxy with per user download quotas","archived":false,"fork":false,"pushed_at":"2023-02-24T23:26:46.000Z","size":3529,"stargazers_count":8,"open_issues_count":3,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-03-23T03:32:19.739Z","etag":null,"topics":["consumption","http-proxy","ldap-client","proxy","quota"],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/lamg.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-09-14T19:17:55.000Z","updated_at":"2022-09-02T17:22:18.000Z","dependencies_parsed_at":"2024-11-06T07:12:40.158Z","dependency_job_id":null,"html_url":"https://github.com/lamg/pmproxy","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lamg%2Fpmproxy","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lamg%2Fpmproxy/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lamg%2Fpmproxy/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lamg%2Fpmproxy/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/lamg","download_url":"https://codeload.github.com/lamg/pmproxy/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247755439,"owners_count":20990617,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["consumption","http-proxy","ldap-client","proxy","quota"],"created_at":"2024-11-06T07:12:36.390Z","updated_at":"2025-04-08T00:32:03.871Z","avatar_url":"https://github.com/lamg.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"```\n ____  __  __ ____                      \n|  _ \\|  \\/  |  _ \\ _ __ _____  ___   _ \n| |_) | |\\/| | |_) | '__/ _ \\ \\/ / | | |\n|  __/| |  | |  __/| | | (_) \u003e  \u003c| |_| |\n|_|   |_|  |_|_|   |_|  \\___/_/\\_\\\\__, |\n                                  |___/ \n```\n\n[![License Badge][0]](LICENSE) [![Build Status][1]][2] [![Coverage Status][3]][4] [![Go Report Card][5]][6]\n\nPMProxy is an HTTP proxy server which uses a predicate for allowing or forbidding requests, and assigning resources to them once they are allowed.\n \nThe predicate contains references as identifiers, which point to _managers_ that analyzing:\n- the client IP address\n- the time the request was made\n- and the requested URL\n\nreturn `true` or `false` when the predicate is evaluated with a specific request.\n\nThere are also managers that once they are reached by the predicate evaluation always return `true`, but also set themselves as handlers of the connections made by that client.\n\n## Configuration example\n\nThe [sessionIPM](manual.md/#sessionIPM) manager only returns `true` when the client, identified by its IP address, authenticated against it, with valid credentials according a configured database. The [dwnConsR](manual.md/#dwnConsR) manager always returns `true`, but every downloaded amount by a client (identified by the IP address from which it authenticated) is accumulated until it reaches a quota. Then the connections by that client are denied, until a reset occurs manually or at regular time intervals.\n\nThe following configuration will only allow connections from IPs authenticated by `session:sessionIPM`, and will have 1 GB for downloading each day:\n\n```toml\nrule = \"sessions ∧ down\"\n\n[[sessionIPM]]\n\tname = \"sessions\"\n\tauth = \"map\"\n\n[[dwnConsR]]\n\tname = \"down\"\n\tuserDBN = \"map\"\n\tresetCycle = \"24h\"\n\t[dwnConsR.groupQuota]\n\t\tgroup0 = \"1 GB\"\n\n[mapDB]\n\tname = \"map\"\n\t[mapDB.userPass]\n\t\tuser0 = \"pass0\"\n\t[mapDB.userGroup]\n\t\tuser0 = [\"group0\"]\n```\n\nThe previous content must be placed at `$HOME/.config/pmproxy/managers.toml`.\n\nAlso there's a separate file for the servers (proxy and API) configuration, that must be placed at `$HOME/.config/pmproxy/server.toml`.An example content is:\n\n```toml\n[api]\n\texcludedRoutes=[\"/about\"]\n\thttpsCert=\"cert.pem\"\n\thttpsKey=\"key.pem\"\n\twebStaticFilesDir=\"staticFiles\"\n\tpersistInterval=\"5m\"\n\t[api.server]\n\t\treadTimeout=\"30s\"\n\t\twriteTimeout=\"20s\"\n\t\taddr=\":4443\"\n\t\tfastOrStd=false\n\n[proxy]\n\tdialTimeout=\"10s\"\n\t[proxy.server]\n\t\treadTimeout=\"30s\"\n\t\twriteTimeout=\"20s\"\n\t\taddr=\":8080\"\n\t\tfastOrStd=false\n```\n\nWith the previous configuration the [pmproxy](cmd/pmproxy) command will start an HTTP proxy server at `:8080`, and an HTTPS [API](manual.md/#api-description) server at `:4443`. Then you can use your browser with `pmproxy-server-address:8080` as your HTTP proxy, and `https://pmproxy-server-address:4443` as argument to `pmcl` while discovering and querying assigned managers according the predicate. The `excludedRoutes` field is a list of routes that a web interface, served from the `webStaticFilesDir`, handles without requesting them to the server.\n\n## Client usage example\n\nRunning the proxy with the previous configuration at `localhost`, the command `pmcl d https://localhost:4443` will return:\n\n```\nMatch result: false\n[❌] sessions:sessionIPM\n```\n\nWith that, and knowing the credentials configured at the `mapDB` object in `managers.toml`, it's possible to log in with `pmcl l -m sessions https://localhost:4443 user0 pass0`. This will create a file `login.secret` at the current path with information for `pmcl` to work properly. Then the command `pmcl s` will return:\n\n```\nUser: user0\nName: user0\nGroups: [group0]\nQuota: 1 GB Consumption: 0 B\n```\n\nand `pmcl d`:\n\n```\nMatch result: true\n[✅] down:DwnConsR\n[✅] sessions:sessionIPM\n```\n\n## Deployment\n\nFor a server with high traffic soon the amount of opened connections will increase up to the default limit for each process, therefore you need to configure a limit more suited for you needs. Using [systemd][7] units makes easier running, restarting or stopping the process, with a particular connection amount limit.\n\nAs example you can put the following content in `/etc/systemd/system/pmproxy.service`:\n\n```conf\n[Unit]\nDescription=PMProxy Service\nAfter=network.target\n\n[Service]\nType=simple\nUser=root\nLimitNOFILE=49152\nWorkingDirectory=/root/.config/pmproxy\nExecStart=/usr/local/bin/pmproxy\nRestart=on-abort\n\n[Install]\nWantedBy=multi-user.target\n``` \n\nwhich increases the limit number of opened files (`LimitNOFILE`) up to 49152, when usually it's 1024 (it can be found in `/etc/security/limits.conf`). Since opened connections count as opened files, this solves the previously mentioned problem.\n\nAlso having [systemd][7] a configuration allows to see the logs with `journalctl -u pmproxy`. Otherwise `journalctl _PID=X`, where X is the `pmproxy` process ID, will do.\n\n[0]: https://img.shields.io/badge/License-AGPL%203%2B-blue.svg\n[1]: https://travis-ci.com/lamg/pmproxy.svg?branch=master\n[2]: https://travis-ci.com/lamg/pmproxy\n[3]: https://coveralls.io/repos/github/lamg/pmproxy/badge.svg?branch=master\u0026service=github\n[4]: https://coveralls.io/github/lamg/pmproxy?branch=master\n[5]: https://goreportcard.com/badge/github.com/lamg/pmproxy\n[6]: https://goreportcard.com/report/github.com/lamg/pmproxy\n[7]: https://en.wikipedia.org/wiki/Systemd\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flamg%2Fpmproxy","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flamg%2Fpmproxy","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flamg%2Fpmproxy/lists"}