https://github.com/nanvenomous/go-libero
an API-key based guard to your web API, forward_auth compatible through a reverse proxy
https://github.com/nanvenomous/go-libero
Last synced: 2 months ago
JSON representation
an API-key based guard to your web API, forward_auth compatible through a reverse proxy
- Host: GitHub
- URL: https://github.com/nanvenomous/go-libero
- Owner: nanvenomous
- Created: 2024-07-25T15:54:18.000Z (over 1 year ago)
- Default Branch: mainline
- Last Pushed: 2025-04-19T14:20:49.000Z (7 months ago)
- Last Synced: 2025-06-07T17:42:59.300Z (6 months ago)
- Language: Go
- Size: 4.88 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: readme.md
Awesome Lists containing this project
README
## Intro
`go-libero` is a simple API-key based guard to any API
## Motivation
- safe against [timing attacks](https://en.wikipedia.org/wiki/Timing_attack) using `crypto/subtle` from go standard library
- works with any proxy provider that supports [forward_auth](https://docs.goauthentik.io/docs/providers/proxy/forward_auth)
## Usage
build and serve libero
```bash
git clone https://github.com/nanvenomous/go-libero.git && cd go-libero
go build ./...
LIBERO_API_KEY='your-api-key' ./libero
```
libero should now be running on `4444`
however you still need to guard your resource server within the reverse proxy (the following example uses [caddy](https://caddyserver.com/))
assuming you have a resource server running locally on port `4005`
so in your `Caddyfile`:
```Caddyfile
my-domain.com {
forward_auth :4444 {
uri /
}
reverse_proxy :4005 {
header_up Host localhost:4005
}
}
```
- [caddy forward_auth docs](https://caddyserver.com/docs/caddyfile/directives/forward_auth)
## The name
libero is the term from the position in volleyball
go-libero is the gurdian diety of your web api
- art by [racooncake on deviantart](https://www.deviantart.com/racooncake/art/Nishinoya-Haikyuu-941441796)