authproxy

package

v0.1.0 Latest Latest Go to latest Published: Mar 1, 2026 License: MIT Imports: 9 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/hazyhaar/pkg

Links

Open Source Insights

README ¶

authproxy — FO-to-BO authentication proxy

authproxy translates back-office (BO) internal auth API responses into front-office (FO) cookies and redirects. The FO never exposes the BO URL to end users.

Browser ──POST /login──► FO (authproxy) ──POST /api/internal/auth/login──► BO
         ◄── cookie ───  FO             ◄────── {token, user} ──────────   BO

Quick start

proxy := authproxy.NewAuthProxy(boURL, "example.com", true)
proxy.HealthCheck = func() bool { return bo.IsReachable() }

mux.HandleFunc("POST /login", proxy.LoginHandler(shield.SetFlash))
mux.HandleFunc("POST /register", proxy.RegisterHandler(shield.SetFlash))

Exported API

Symbol	Description
`AuthProxy`	Proxy forwarding login/register to BO
`NewAuthProxy(boURL, cookieDomain, secure)`	Create proxy with 10 s HTTP timeout
`LoginHandler(setFlash)`	POST handler: proxy login, set JWT cookie
`RegisterHandler(setFlash)`	POST handler: proxy registration
`HealthCheck`	Optional callback for circuit-breaker integration

Documentation ¶

Overview ¶

Package authproxy provides HTTP handlers that proxy authentication requests from a front-office (FO) to a back-office (BO) internal API. The BO performs the actual credential validation, and the proxy translates JSON responses into cookies and redirects so that the user never sees the BO URL.

This package was extracted from github.com/hazyhaar/pkg/dbsync to allow services that need auth proxying without importing the full dbsync package.

Index ¶

type AuthProxy
- func NewAuthProxy(boURL, cookieDomain string, secure bool) *AuthProxy

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type AuthProxy ¶

type AuthProxy struct {

	// HealthCheck is an optional callback that returns whether the BO is
	// reachable. When set and returning false, auth handlers fail fast
	// instead of waiting for the HTTP timeout.
	HealthCheck func() bool
	// contains filtered or unexported fields
}

AuthProxy calls the BO internal auth API and translates the JSON response into cookies + redirects for the FO domain. The user never sees the BO URL.

func NewAuthProxy ¶

func NewAuthProxy(boURL, cookieDomain string, secure bool) *AuthProxy

NewAuthProxy creates an auth proxy that calls BO internal API endpoints.

Parameters:

boURL: base URL of the back-office, e.g. "https://rv.docbusinessia.fr"
cookieDomain: cookie Domain attribute ("" uses the request host)
secure: whether to set the Secure flag on cookies (true for HTTPS)

func (*AuthProxy) ForgotPasswordHandler ¶

func (p *AuthProxy) ForgotPasswordHandler(setFlash func(http.ResponseWriter, string, string)) http.HandlerFunc

ForgotPasswordHandler returns an http.HandlerFunc for POST /forgot-password on the FO. It reads the form, calls BO /api/internal/auth/forgot-password, and redirects. The BO URL is never exposed to the user.

The handler forwards the FO origin (scheme + host from the incoming request) to the BO as the "origin" field. The BO MUST use this origin — not its own URL — when constructing the password reset link in the email. This ensures the user clicks a link like https://fo.example.com/reset-password?token=xxx and never sees the BO address.

func (*AuthProxy) LoginHandler ¶

func (p *AuthProxy) LoginHandler(setFlash func(http.ResponseWriter, string, string)) http.HandlerFunc

LoginHandler returns an http.HandlerFunc for POST /login on the FO. It reads the form, calls BO /api/internal/auth/login, sets the cookie, and redirects.

func (*AuthProxy) RegisterHandler ¶

func (p *AuthProxy) RegisterHandler(setFlash func(http.ResponseWriter, string, string)) http.HandlerFunc

RegisterHandler returns an http.HandlerFunc for POST /register on the FO. It reads the form, calls BO /api/internal/auth/register, and redirects.

func (*AuthProxy) ResetPasswordHandler ¶

func (p *AuthProxy) ResetPasswordHandler(setFlash func(http.ResponseWriter, string, string)) http.HandlerFunc

ResetPasswordHandler returns an http.HandlerFunc for POST /reset-password on the FO. It reads the form, calls BO /api/internal/auth/reset-password, and redirects. The BO URL is never exposed to the user.

Source Files ¶

View all Source files

authproxy.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL