{"id":27918637,"url":"https://github.com/stack-auth/auth-proxy","last_synced_at":"2025-05-06T18:24:17.826Z","repository":{"id":261848306,"uuid":"869157376","full_name":"stack-auth/auth-proxy","owner":"stack-auth","description":null,"archived":false,"fork":false,"pushed_at":"2024-11-08T18:53:09.000Z","size":414,"stargazers_count":17,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2024-11-08T19:38:55.633Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/stack-auth.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-10-07T20:14:58.000Z","updated_at":"2024-11-08T18:53:13.000Z","dependencies_parsed_at":"2024-11-08T19:50:55.296Z","dependency_job_id":null,"html_url":"https://github.com/stack-auth/auth-proxy","commit_stats":null,"previous_names":["stack-auth/auth-proxy"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stack-auth%2Fauth-proxy","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stack-auth%2Fauth-proxy/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stack-auth%2Fauth-proxy/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stack-auth%2Fauth-proxy/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/stack-auth","download_url":"https://codeload.github.com/stack-auth/auth-proxy/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252742279,"owners_count":21797197,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-05-06T18:24:13.968Z","updated_at":"2025-05-06T18:24:17.801Z","avatar_url":"https://github.com/stack-auth.png","language":"JavaScript","readme":"# auth-proxy\n\nauth-proxy is a simple one-command proxy that authenticates your HTTP requests and redirects to a pre-built sign-in page if a user is not authenticated.\n\n## Setup\n\nFirst, sign in and create your API keys on [Stack Auth cloud](https://stack-auth.com/) (or you can [host it locally](https://github.com/stack-auth/stack)). Stack Auth is the open-source Auth0 alternative.\n\nThen, start your application server on port `3000` and run the proxy with the following command:\n\n```sh\ndocker run \\\n  -e NEXT_PUBLIC_STACK_PROJECT_ID=\u003cproject-id\u003e \\\n  -e NEXT_PUBLIC_STACK_PUBLISHABLE_CLIENT_KEY=\u003cclient-key\u003e \\\n  -e STACK_SECRET_SERVER_KEY=\u003cserver-key\u003e \\\n  -e SERVER_PORT=3000 \\\n  -e PROXY_PORT=3001 \\\n  -p 3001:3001 \\\n  stackauth/auth-proxy:latest \u003cpatterns\u003e\n```\n\nYou can now access your application server at [localhost:3001](http://localhost:3001) and all the routes under the protected patterns will only be accessible by authenticated users.\n\nThe protected patterns are URL patterns (check out the syntax [here](https://github.com/snd/url-pattern)). Don't forget to include the leading `/` and handling the trailing `/`. For example, if you want to protect everything under `/a` and only the route `/b` (not `/b/c`), you can run \n\n`... stackauth/auth-proxy:latest \"/a(/*)\" \"/b(/)\"`.\n\n\u003cdetails\u003e\n  \u003csummary\u003eIf you don't have an application server, you can run our example server to play around with the proxy\u003c/summary\u003e\n\nStart the example server on port 3000:\n```sh\ngit clone git@github.com:stack-auth/auth-proxy.git\ncd express-example-server\nnpm install\nnpm run dev\n```\n\nYou can check out the original server without the proxy at [localhost:3000](http://localhost:3000).\n\nNow, open a new terminal and run the proxy server on port 3000:\n\n```sh\ndocker run \\\n  -e NEXT_PUBLIC_STACK_PROJECT_ID=\u003cproject-id\u003e \\\n  -e NEXT_PUBLIC_STACK_PUBLISHABLE_CLIENT_KEY=\u003cclient-key\u003e \\\n  -e STACK_SECRET_SERVER_KEY=\u003cserver-key\u003e \\\n  -e SERVER_PORT=3000 \\\n  -e PROXY_PORT=3001 \\\n  -p 3001:3001 \\\n  stackauth/auth-proxy:latest \"/protected(/*)\"\n```\n\nYou can explore the proxy at [localhost:3001](http://localhost:3001).\n\u003c/details\u003e\n\n## Features\n\nIf you access a protected page through the proxy without being authenticated, you will be redirected to a sign-in page like this (customizable on the dashboard):\n\n\u003cdiv align=\"center\"\u003e\n\u003cimg alt=\"Stack Setup\" src=\"assets/sign-in.png\" width=\"400\" /\u003e\n\u003c/div\u003e\n\nAfter signing in, you will be able to access the protected pages. \n\nTo retrieve user information from your webpage, you can read the headers as shown in this JavaScript Express + handlebars example (works similarly on other languages/frameworks):\n\n```js\nconst express = require(\"express\");\nconst handlebars = require(\"handlebars\");\n\nconst app = express();\n\nconst template = handlebars.compile(`\n\u003cdiv\u003e\n  {{#if authenticated}}\n    \u003cp\u003eName: {{displayName}}\u003c/p\u003e\n    \u003cp\u003e\u003ca href=\"/handler/account-settings\"\u003eAccount Settings\u003c/a\u003e\u003c/p\u003e\n  {{else}}\n    \u003cp\u003e\u003ca href=\"/handler/sign-in\"\u003eSign In\u003c/a\u003e\u003c/p\u003e\n  {{/if}}\n\u003c/div\u003e\n`);\n\napp.get('/', (req, res) =\u003e {\n  const authenticated = !!req.headers['x-stack-authenticated'];\n  const displayName = req.headers['x-stack-user-display-name'] || '';\n  const html = template({ authenticated, displayName });\n  res.send(html);\n});\n\napp.listen(3000);\n```\n\nAvailable headers:\n\n- `x-stack-authenticated`: \"true\" if authenticated; not present otherwise.\n- `x-stack-user-id`\n- `x-stack-user-primary-email`\n- `x-stack-user-display-name`\n\nAvailable URLs (redirect your app server to these URLs as needed):\n\n- `/handler/sign-in`\n- `/handler/sign-up`\n- `/handler/sign-out`: Clears cookies and redirects back to your homepage.\n- `/handler/account-settings`: Users can update their email, display name, password, etc.\n- `/handler/me`: If you make a request to this URL with the user's session cookie, you will get the client information in JSON. This is useful for client-side apps.\n\n## How It Works\n\nWhen a request is received, the logic is as follows:\n\n```\nif url is /handler/*:\n  render the auth pages\nelse:\n  if user is not authenticated \u0026\u0026 url is protected:\n    redirect to /handler/sign-in\n  else:\n    forward the request to your server with user info headers\n```\n\n```mermaid\ngraph TB\n    Client((Request))\n    Proxy[Auth Proxy]\n    YourServer[Your Server]\n    StackAuthServer[Stack Auth Server]\n    \n    Client --\u003e Proxy\n    Proxy --\u003e |\"add user info headers\"| YourServer\n    Proxy --\u003e StackAuthServer\n    StackAuthServer --\u003e Proxy\n\n    classDef container fill:#1168bd,stroke:#0b4884,color:#ffffff\n    class StackAuthServer container\n    class YourServer container\n    class Proxy container\n```\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fstack-auth%2Fauth-proxy","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fstack-auth%2Fauth-proxy","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fstack-auth%2Fauth-proxy/lists"}