3 stable releases
1.2.0 | Oct 13, 2024 |
---|---|
1.1.0 | Sep 14, 2024 |
1.0.0 | Aug 23, 2024 |
#151 in HTTP server
38 downloads per month
90KB
354 lines
AKAS: API Key Authorization Server
A server written in Rust to authorize HTTP requests that include an authorization bearer in their header.
Authorization: Bearer <token>
The file of the list of the tokens to be used for authorization should contain one token per line in plain or SHA-256 format:
- plain (default)
mykey-3532dceb-f38a-491b-814d-9607bc9a947a
mykey-c2d79a40-388e-4709-9e4b-903035b0e71e
...
- sha256 (not yet implemented)
8b89600015b273c28f966f368456e45e01df239a36bf939ff72a16881f775679
fb22be500af1ef0479745bbbce847854da33f5e910361ad278e0282995b95f4d
...
Usage
AKAS: API Key Authorization Server
Usage: akas [OPTIONS] --file <FILE>
Options:
-f, --file <FILE> File path of the tokens list
-p, --port <PORT> Port of the server [default: 5001]
--format <FORMAT> Format of the token in the file <plain|sha256> [default: plain]
--length <LENGTH> Length of the token [optional] [default: 0]
--prefix <PREFIX> Prefix of the token [optional] [default: ]
-h, --help Print help
-V, --version Print version
- Start akas server with the default port
5001
and a file containing plain tokens:
./akas --file plain-tokens.txt
- Example of configuration of a Nginx server:
server {
listen 80;
server_name _;
location / {
auth_request /auth;
auth_request_set $auth_status $upstream_status;
root /usr/share/nginx/html;
index index.html index.htm;
}
location = /auth {
internal;
proxy_pass http://localhost:5001/auth;
proxy_pass_request_body off;
proxy_set_header content-length "";
proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for;
proxy_set_header x-original-host $host;
proxy_set_header x-original-uri $request_uri;
proxy_set_header x-original-remote-addr $remote_addr;
}
}
More details of Nginx configuration can be found in the configuring subrequest authentication* documentation
- Authorized request:
curl -H "Authorization: Bearer <token>" http://<host>/
Endpoints URIs
/auth
: default endpoint./auth-ok
: always return200 OK
without checking the token (for testing purposes)./auth-unauthorized
: always return401 Unauthorized
without checking the token (for testing purposes or disable access).
Features & Limitations
- Authorization by HTTP Bearer Token.
- Configuration:
- via command line arguments.
- via environment variables.
- plain input tokens file (plain text).
- hashed input tokens file (hashed - sha256).
- Plain or hashed tokens loaded and saved in a Rust HashSet for a fast authorization check.
- Check of the token format during the loading process of the file based tokens storage:
- prefix and length for plain tokens file.
- SHA-256 for hashed tokens file.
- Initial check of the input token format in the header (length and prefix) [optional].
- Endpoints:
-
/auth
: default endpoint. -
/auth-ok
: always return200 OK
without checking the token. -
/auth-unauthorized
: always return401 Unauthorized
without checking the token.
-
- Binaries compatibility for Linux with no dependencies:
- x86-64 and arm64.
- glibc (debian, ubuntu, fedora...) and musl libc (alpine ...).
- Tests:
- Unit tests (Rust).
- Integration tests (actix_web::test).
- Functional tests (Robot Framework).
- Gitlab CI/CD Pipeline to auto-publish new versions.
- Renovate Bot auto-update dependencies.
- AKAS packaged in an Alpine Docker image.
- Log requests [optional]:
- All requests
- Only unauthorized requests (401).
- Cache implementation for faster access to token authorization without SHA-256 operation (LRU Cache).
Installation
-
Binary file installation on Linux via the GitLab package registry of the project:
- 2 architectures:
- akas-x86_64-linux-<gnu|musl>.tar.gz : x86_64 (Intel, Amd).
- akas-aarch64-linux-<gnu|musl>.tar.gz : arm64
- 2 C standard library with no dependencies:
- akas-<x86_64|aarch64>-linux-gnu.tar.gz : glibc for Debian, Ubuntu, Fedora...
- akas-<x86_64|aarch64>-linux-musl.tar.gz : musl libc for Alpine
- 2 architectures:
-
With a Rust environment, running this command will globally install the akas binary:
cargo install akas
Development
-
Clone the source repository:
git clone https://gitlab.com/op_so/projects/akas.git
-
To format and lint:
cargo fmt # cargo fmt -- --check
cargo clippy
- To test:
cargo test
cargo tarpaulin --ignore-tests
cargo audit
-
To run:
cargo run -- --file tests/files/plain_token.txt
-
To build:
cargo build # Debug binary target/debug/akas
cargo build --release # Release binary target/release/akas
Authors
- FX Soubirou - Initial work - GitLab repositories
License
This program is free software: you can redistribute it and/or modify it under the terms of the MIT License (MIT). See the LICENSE for details.
Dependencies
~16–26MB
~450K SLoC