feat: Implement a gatekeeper service for access control and add CMS health monitoring with a connectivity notice.
Some checks failed
Build & Deploy KLZ Cables / 🔍 Prepare Environment (push) Successful in 21s
Build & Deploy KLZ Cables / 🧪 Quality Assurance (push) Successful in 1m24s
Build & Deploy KLZ Cables / 🏗️ Build & Push (push) Failing after 3m8s
Build & Deploy KLZ Cables / 🚀 Deploy (push) Has been skipped
Build & Deploy KLZ Cables / 🔔 Notifications (push) Successful in 2s
Some checks failed
Build & Deploy KLZ Cables / 🔍 Prepare Environment (push) Successful in 21s
Build & Deploy KLZ Cables / 🧪 Quality Assurance (push) Successful in 1m24s
Build & Deploy KLZ Cables / 🏗️ Build & Push (push) Failing after 3m8s
Build & Deploy KLZ Cables / 🚀 Deploy (push) Has been skipped
Build & Deploy KLZ Cables / 🔔 Notifications (push) Successful in 2s
This commit is contained in:
60
gatekeeper/index.js
Normal file
60
gatekeeper/index.js
Normal file
@@ -0,0 +1,60 @@
|
||||
const express = require('express');
|
||||
const cookieParser = require('cookie-parser');
|
||||
const path = require('path');
|
||||
|
||||
const app = express();
|
||||
const PORT = process.env.PORT || 3000;
|
||||
const GATEKEEPER_PASSWORD = process.env.GATEKEEPER_PASSWORD || 'klz2026';
|
||||
const AUTH_COOKIE_NAME = 'klz_gatekeeper_session';
|
||||
|
||||
app.set('view engine', 'ejs');
|
||||
app.set('views', path.join(__dirname, 'views'));
|
||||
app.use(express.urlencoded({ extended: true }));
|
||||
app.use(cookieParser());
|
||||
app.use(express.static(path.join(__dirname, 'public')));
|
||||
|
||||
// ForwardAuth check endpoint
|
||||
app.get('/verify', (req, res) => {
|
||||
const session = req.cookies[AUTH_COOKIE_NAME];
|
||||
|
||||
if (session === GATEKEEPER_PASSWORD) {
|
||||
return res.status(200).send('OK');
|
||||
}
|
||||
|
||||
// Traefik will use this to redirect if requested
|
||||
const originalUrl = req.headers['x-forwarded-uri'] || '/';
|
||||
const host = req.headers['x-forwarded-host'] || '';
|
||||
const proto = req.headers['x-forwarded-proto'] || 'https';
|
||||
|
||||
// Redirect to login
|
||||
res.status(401).set('X-Auth-Redirect', `${proto}://${host}/gatekeeper/login?redirect=${encodeURIComponent(originalUrl)}`).send('Unauthorized');
|
||||
});
|
||||
|
||||
// Login page
|
||||
app.get('/gatekeeper/login', (req, res) => {
|
||||
res.render('login', {
|
||||
error: req.query.error ? 'Invalid password' : null,
|
||||
redirect: req.query.redirect || '/'
|
||||
});
|
||||
});
|
||||
|
||||
// Handle login
|
||||
app.post('/gatekeeper/login', (req, res) => {
|
||||
const { password, redirect } = req.body;
|
||||
|
||||
if (password === GATEKEEPER_PASSWORD) {
|
||||
res.cookie(AUTH_COOKIE_NAME, GATEKEEPER_PASSWORD, {
|
||||
httpOnly: true,
|
||||
secure: true,
|
||||
path: '/',
|
||||
maxAge: 30 * 24 * 60 * 60 * 1000 // 30 days
|
||||
});
|
||||
return res.redirect(redirect || '/');
|
||||
}
|
||||
|
||||
res.redirect(`/gatekeeper/login?error=1&redirect=${encodeURIComponent(redirect || '/')}`);
|
||||
});
|
||||
|
||||
app.listen(PORT, () => {
|
||||
console.log(`Gatekeeper listening on port ${PORT}`);
|
||||
});
|
||||
Reference in New Issue
Block a user