From 8ceac0236c555979a9172c69c1a9e895d7487d6f Mon Sep 17 00:00:00 2001 From: Yves Fischer Date: Sat, 17 Dec 2016 15:50:27 +0100 Subject: replace all with subdirectory rust/ --- README.md | 74 +++++++++++++++++++++++---------------------------------------- 1 file changed, 27 insertions(+), 47 deletions(-) (limited to 'README.md') diff --git a/README.md b/README.md index 08ce4e4..826c929 100644 --- a/README.md +++ b/README.md @@ -1,60 +1,40 @@ -# apache-auth-xmppmessage +# auth-xmppessage -Authenticate users using tokens sent via xmpp. +### Compile -This script is almost stateless, there is no database required. -To protect against DoS it uses a lockfile, this way allowing only on -instance at a time. +It's written in rust, compile it with `cargo build`. -## Install requirements +### Run - # pip - pip3 install --user -r sleekxmpp==1.3.1 +``` +Usage: ./target/debug/auth_xmppmessage [options] - # FreeBSD: - pkg install py34-sleekxmpp - pkg install ap24-mod_authnz_external24 +Options: + -j, --jid JID bot jid + -p, --password PASSWORD + bot password + -s, --secret SECRET server secret for token generation + -t, --time HOURS Validity of the token in hours (default 48) + -o, --port PORT TCP Port to listen on + -d, --debug Use loglevel Debug instead of Warn + -n, --nosend Don't send XMPP message, just print debug infos + -h, --help print this help menu +``` +### Nginx configuration -## Configuration - - DefineExternalAuth xmpp-login pipe /usr/local/etc/apache24/login.py - - AuthType Basic - AuthName "Login with Jabber ID and empty password to request a token" - AuthBasicProvider external - AuthExternalContext "validsec=7200;secret=adsasd;users=user1@jabber.org,user2@jabber.org;jid=bot@jabber.org;jid_pw=secret-xmpp-pw" - AuthExternal xmpp-login - Require valid-user - - -### Options - -- validsec: timespan in which a token is valid. - There are always 2 valid tokens, the current and the previous. - The current is `token(now % validsec)`. The previous is `token(now % validsec - validsec)`. - A token valid-range is determined by `% validsec` and NOT by the time the token was requested. -- secret: random secret data. Used as a salt for the token. -- users: comma separated list of JIDs that are allowed to receive tokens. - Tokens are user-specific. User `A` cannot use the token from user `B`. -- jid: JID of the bot who sends the tokens to the users. -- jid\_pw: password of the bot. - - - -# nginx - -## configuration - - location /grafana { - auth_request /_auth; - # ... - } - +``` location = /_auth { - proxy_pass http://localhost:8081/; + proxy_pass http://127.0.0.1:8081/; # --port PORT proxy_pass_request_body off; proxy_set_header Content-Length ""; proxy_set_header X-Original-URI "$scheme://$host$request_uri"; + proxy_set_header X-Allowed-Jid "JID1,JID2"; } + location /app { + satisfy any; + auth_request /_auth; + deny all; + } +``` -- cgit v1.2.1