Compare commits
18 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| fcb9daa30c | |||
36a1b08052
|
|||
|
9d902dce55
|
|||
|
f15cfec74f
|
|||
| 8106f5b1a1 | |||
|
427cee1884
|
|||
|
92b075df55
|
|||
| a7035a6bac | |||
|
5597c2ae3f
|
|||
| 9e1fefaa2f | |||
|
a79eb29dab
|
|||
| 5f28d5ca7a | |||
|
d57cc27e19
|
|||
| 05fcd4b0f8 | |||
|
f7b55bb26c
|
|||
| 0d26bf4cf8 | |||
|
3299419726
|
|||
|
79dfbcf053
|
26
CHANGELOG.md
26
CHANGELOG.md
@@ -2,6 +2,32 @@
|
||||
|
||||
All notable changes to this project will be documented in this file.
|
||||
|
||||
## [0.5.0](https://git.0xmax42.io/maxp/lt-auth-proxy/compare/v0.4.0..v0.5.0) - 2025-05-11
|
||||
|
||||
### 🚀 Features
|
||||
|
||||
- *(env)* Update default LanguageTool server port to 8081 - ([f15cfec](https://git.0xmax42.io/maxp/lt-auth-proxy/commit/f15cfec74f9fb8325e90c7acc40ff7a166b9f9df))
|
||||
|
||||
### 📚 Documentation
|
||||
|
||||
- Update LanguageTool backend port in README - ([9d902dc](https://git.0xmax42.io/maxp/lt-auth-proxy/commit/9d902dce55f12d274d3b9bd75cc3d3b0f75384c6))
|
||||
- *(readme)* Update service configuration and license link - ([427cee1](https://git.0xmax42.io/maxp/lt-auth-proxy/commit/427cee188404b00ec30c8f52f4a66c4609511a8f))
|
||||
- *(readme)* Update service configuration and license link - ([92b075d](https://git.0xmax42.io/maxp/lt-auth-proxy/commit/92b075df558d2d52da9496f74f84c149d3b18df5))
|
||||
- *(readme)* Add project time badge - ([5597c2a](https://git.0xmax42.io/maxp/lt-auth-proxy/commit/5597c2ae3fa3920340499e0b5924b75352591729))
|
||||
|
||||
## [0.4.0](https://git.0xmax42.io/maxp/lt-auth-proxy/compare/v0.3.0..v0.4.0) - 2025-05-11
|
||||
|
||||
### 🚀 Features
|
||||
|
||||
- *(server)* Add graceful shutdown handling - ([d57cc27](https://git.0xmax42.io/maxp/lt-auth-proxy/commit/d57cc27e19e68c13ac08af223c3721a9c45fafd1))
|
||||
|
||||
## [0.3.0](https://git.0xmax42.io/maxp/lt-auth-proxy/compare/v0.2.1..v0.3.0) - 2025-05-11
|
||||
|
||||
### 🚀 Features
|
||||
|
||||
- *(logging)* Add debug logs for key validation and request handling - ([3299419](https://git.0xmax42.io/maxp/lt-auth-proxy/commit/32994197261e9ab5a46df5f90f2faed89cd68558))
|
||||
- *(utils)* Add utility to mask API keys - ([79dfbcf](https://git.0xmax42.io/maxp/lt-auth-proxy/commit/79dfbcf053d613fe3fff63bfd24537a1665c9389))
|
||||
|
||||
## [0.2.1](https://git.0xmax42.io/maxp/lt-auth-proxy/compare/v0.1.1..v0.2.1) - 2025-05-11
|
||||
|
||||
### 🚀 Features
|
||||
|
||||
25
README.md
25
README.md
@@ -1,5 +1,7 @@
|
||||
# lt-auth-proxy
|
||||
|
||||
|
||||
|
||||
A lightweight, production-ready reverse proxy for [LanguageTool](https://languagetool.org) with API key authentication.
|
||||
|
||||
This service acts as a transparent gateway that verifies an `apiKey` before forwarding requests to a running LanguageTool server instance. It is fully self-contained, built in Deno, and distributed as a minimal multi-architecture Docker image.
|
||||
@@ -25,7 +27,7 @@ You can run the proxy via Docker:
|
||||
docker run -p 8011:8011 \
|
||||
-e API_KEYS="demo-key,another-key" \
|
||||
-e LT_SERVER_HOST=lt-server \
|
||||
-e LT_SERVER_PORT=8010 \
|
||||
-e LT_SERVER_PORT=8081 \
|
||||
git.0xmax42.io/simdev/lt-auth-proxy:latest
|
||||
```
|
||||
|
||||
@@ -39,7 +41,7 @@ docker run -p 8011:8011 \
|
||||
| `PROXY_HOST` | ❌ no | `0.0.0.0` | Host/IP address to bind the proxy to |
|
||||
| `PROXY_PORT` | ❌ no | `8011` | Port the proxy listens on |
|
||||
| `LT_SERVER_HOST` | ❌ no | `localhost` | Hostname of the LanguageTool backend |
|
||||
| `LT_SERVER_PORT` | ❌ no | `8010` | Port of the LanguageTool backend |
|
||||
| `LT_SERVER_PORT` | ❌ no | `8081` | Port of the LanguageTool backend |
|
||||
|
||||
---
|
||||
|
||||
@@ -60,23 +62,30 @@ src/
|
||||
```yaml
|
||||
services:
|
||||
lt-server:
|
||||
image: languagetool/languagetool:latest
|
||||
ports:
|
||||
- "8010:8010"
|
||||
image: meyay/languagetool:latest
|
||||
restart: unless-stopped
|
||||
user: "783:783"
|
||||
networks:
|
||||
- default
|
||||
|
||||
proxy:
|
||||
image: git.0xmax42.io/maxp/lt-auth-proxy:latest
|
||||
ports:
|
||||
- "8011:8011"
|
||||
environment:
|
||||
- API_KEYS=demo-key
|
||||
- API_KEYS=demo-key,another-key
|
||||
- LT_SERVER_HOST=lt-server
|
||||
- LT_SERVER_PORT=8010
|
||||
- LT_SERVER_PORT=8081
|
||||
```
|
||||
|
||||
Please note that this setup does not include SSL encryption. A reverse proxy such as Traefik should be used for this.
|
||||
|
||||
---
|
||||
|
||||
## 📖 License
|
||||
|
||||
MIT © 0xMax42
|
||||
[MIT © 0xMax42](./LICENSE)
|
||||
|
||||
---
|
||||
|
||||
[https://git.0xmax42.io/maxp/lt-auth-proxy](https://git.0xmax42.io/maxp/lt-auth-proxy)
|
||||
|
||||
@@ -53,10 +53,10 @@ export class Env {
|
||||
return this._ltServerHost;
|
||||
}
|
||||
|
||||
/** Port of the LanguageTool backend (default: 8010) */
|
||||
/** Port of the LanguageTool backend (default: 8081) */
|
||||
static get ltServerPort(): number {
|
||||
if (this._ltServerPort === undefined) {
|
||||
this._ltServerPort = Number(this.getEnv('LT_SERVER_PORT') || 8010);
|
||||
this._ltServerPort = Number(this.getEnv('LT_SERVER_PORT') || 8081);
|
||||
}
|
||||
return this._ltServerPort;
|
||||
}
|
||||
|
||||
@@ -1,5 +1,6 @@
|
||||
import { Middleware } from 'http-kernel/Types/mod.ts';
|
||||
import { Env } from './env.ts';
|
||||
import { maskApiKey } from './utils.ts';
|
||||
|
||||
/**
|
||||
* Middleware that checks for a valid API key via form param.
|
||||
@@ -17,12 +18,15 @@ export const authMiddleware: Middleware = async (ctx, next) => {
|
||||
const key = params.get('apiKey');
|
||||
|
||||
if (!key || !Env.apiKeys.includes(key)) {
|
||||
console.debug('Invalid API key:', maskApiKey(key));
|
||||
return new Response('Forbidden – Invalid API key', { status: 403 });
|
||||
}
|
||||
} else {
|
||||
console.debug('Unsupported content type:', contentType);
|
||||
return new Response('Unsupported content type', { status: 415 });
|
||||
}
|
||||
|
||||
console.debug('Valid API key:', maskApiKey(ctx.req.headers.get('apiKey')));
|
||||
return await next();
|
||||
};
|
||||
|
||||
|
||||
@@ -37,12 +37,16 @@ export const handler: Handler = async (ctx) => {
|
||||
const headers = new Headers(ctx.req.headers);
|
||||
headers.delete('content-length');
|
||||
|
||||
console.debug('Forwarding request to:', proxyUrl.toString());
|
||||
|
||||
const forwarded = await fetch(proxyUrl.toString(), {
|
||||
method: ctx.req.method,
|
||||
headers,
|
||||
body,
|
||||
});
|
||||
|
||||
console.debug('Received response from LT server:', forwarded.status);
|
||||
|
||||
const respHeaders = new Headers(forwarded.headers);
|
||||
return new Response(forwarded.body, {
|
||||
status: forwarded.status,
|
||||
|
||||
11
src/main.ts
11
src/main.ts
@@ -3,6 +3,7 @@ import { Env } from './env.ts';
|
||||
import { ltProxyAuth } from './ltProxyAuth.ts';
|
||||
import { ltProxyHandler } from './ltProxyHandler.ts';
|
||||
|
||||
const ac = new AbortController();
|
||||
const httpKernel = new HttpKernel();
|
||||
|
||||
httpKernel.route({
|
||||
@@ -11,9 +12,19 @@ httpKernel.route({
|
||||
}).middleware(ltProxyAuth).handle(ltProxyHandler);
|
||||
|
||||
Deno.serve({
|
||||
signal: ac.signal,
|
||||
port: Env.proxyPort,
|
||||
hostname: Env.proxyHost,
|
||||
onListen: ({ hostname, port }) => {
|
||||
console.info(`lt-auth-proxy listening on ${hostname}:${port}`);
|
||||
},
|
||||
}, async (req) => await httpKernel.handle(req));
|
||||
|
||||
const shutdown = () => {
|
||||
console.info('Shutting down the server...');
|
||||
ac.abort();
|
||||
console.info('Server shut down successfully.');
|
||||
};
|
||||
|
||||
Deno.addSignalListener('SIGINT', shutdown);
|
||||
Deno.addSignalListener('SIGTERM', shutdown);
|
||||
|
||||
6
src/utils.ts
Normal file
6
src/utils.ts
Normal file
@@ -0,0 +1,6 @@
|
||||
export const maskApiKey = (key: string | null): string => {
|
||||
if (!key) return '*****';
|
||||
return key.length <= 5
|
||||
? '*'.repeat(key.length)
|
||||
: key.slice(0, 5) + '*'.repeat(key.length - 5);
|
||||
};
|
||||
Reference in New Issue
Block a user