From 9d28c2cc1cd663d20340e76bb30c87e7cc588cad Mon Sep 17 00:00:00 2001 From: Aldira Putra Raharja Date: Wed, 16 Oct 2024 23:45:31 +0200 Subject: [PATCH] feat(ci): fix build on upstream and update readme (#5) --- .github/workflows/next.yaml | 2 +- .github/workflows/pr.yaml | 11 +++++++---- README.md | 26 ++++++++++++++++++++++++-- docs/docs/deployment.md | 15 ++------------- 4 files changed, 34 insertions(+), 20 deletions(-) diff --git a/.github/workflows/next.yaml b/.github/workflows/next.yaml index dd64d73..916e4e4 100644 --- a/.github/workflows/next.yaml +++ b/.github/workflows/next.yaml @@ -50,7 +50,7 @@ jobs: distribution: goreleaser # 'latest', 'nightly', or a semver version: "~> v2" - args: release --clean --draft + args: release --snapshot --draft env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Your GoReleaser Pro key, if you are using the 'goreleaser-pro' distribution diff --git a/.github/workflows/pr.yaml b/.github/workflows/pr.yaml index 6b0117e..9af51c6 100644 --- a/.github/workflows/pr.yaml +++ b/.github/workflows/pr.yaml @@ -53,8 +53,6 @@ jobs: uses: actions/setup-go@v5 with: go-version: stable - # More assembly might be required: Docker logins, GPG, etc. - # It all depends on your needs. - name: Run GoReleaser uses: goreleaser/goreleaser-action@v6 with: @@ -62,8 +60,13 @@ jobs: distribution: goreleaser # 'latest', 'nightly', or a semver version: "~> v2" - args: build --snapshot + args: release --snapshot --clean env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Your GoReleaser Pro key, if you are using the 'goreleaser-pro' distribution - # GORELEASER_KEY: ${{ secrets.GORELEASER_KEY }} \ No newline at end of file + # GORELEASER_KEY: ${{ secrets.GORELEASER_KEY }} + - name: Upload assets + uses: actions/upload-artifact@v3 + with: + name: binary + path: dist/* \ No newline at end of file diff --git a/README.md b/README.md index 983e58a..4c28bcd 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,29 @@ -# Pasolo +# Introduction Pasolo is an authentication server for single users with passkeys. Pasolo runs alongside with other reverse proxy system such as Caddy, Traefik, Nginx, using `forward_auth` or `external_auth` functionality. ## Why? -Inspired by a post in [r/selfhosted](https://www.reddit.com/r/selfhosted/comments/1f7fith/passkeys/) and other similar project like [Vouch Proxy](https://github.com/vouch/vouch-proxy), [oauth2-proxy](https://oauth2-proxy.github.io/oauth2-proxy/) and [Ory oathkeeper](https://www.ory.sh/docs/oathkeeper), Pasolo developed for self-hosted / home lab use cases, where the user is very limited -- in this case 1 person -- but want some degree of authentication on their setup. \ No newline at end of file +Inspired by a post in [r/selfhosted](https://www.reddit.com/r/selfhosted/comments/1f7fith/passkeys/) and other similar project like [Vouch Proxy](https://github.com/vouch/vouch-proxy), [oauth2-proxy](https://oauth2-proxy.github.io/oauth2-proxy/) and [Ory oathkeeper](https://www.ory.sh/docs/oathkeeper), Pasolo developed for self-hosted / home lab use cases, where the user is very limited -- in this case 1 person -- but want some degree of authentication on their setup. + +## How It Works + +![Pasolo Network Illustration](/docs/static/img/pasolo-network-illustration.png) + +Pasolo runs alongside with your load balancer, works the best when it runs as one of your subdomain. + +1. Client tries to access `app.your.domain`, the request received by Load Balancer. +2. Instead of forwarded directly to `app.your.domain`, the request forwarded to `pasolo.your.domain`. +3. Pasolo validate the request via request cookies. When pasolo find the request doesn't contains cookies or contains invalid cookies, it return 401 (Not Authorized) +4. The Load Balancer receive the 401 and act accordingly. It is recommended to configure the Load Balancer to forward the user to pasolo login page -- in this example `pasolo.your.domain/login` +5. Client login using passkeys that has been registered on the setup process, then redirected to `app.your.domain`. +6. Same as step 2, load balancer forward it to pasolo +7. Pasolo validate the request and return success 200 +8. Then Load Balancer forward the request to `app.your.domain` +9. `app.your.domain` now reply the request as usual. + +Please note that the redirection to Pasolo `/login` page only happen when no session found on the request, or the existing session is invalid. + +## Getting Started + +To get started, choose your desired reverse proxy to use, then configure it to use pasolo for authentication \ No newline at end of file diff --git a/docs/docs/deployment.md b/docs/docs/deployment.md index 56d7ab7..2d3755a 100644 --- a/docs/docs/deployment.md +++ b/docs/docs/deployment.md @@ -3,15 +3,7 @@ sidebar_position: 2 --- # Deployment -Pasolo is available as a Container Image and utilize environment variable as the main configuration. - -```mermaid -graph LR; - A-->B; - A-->C; - B-->D; - C-->D; -``` +Pasolo is available at [GitHub Release](https://github.com/dirathea/pasolo/releases) as a single binary, or as Container Image. To customize deployment, use environment variable. # Required Environment Variable @@ -38,10 +30,7 @@ Pasolo also required persistent volume to store login session, as well as regist # example docker-compose.yml services: auth: - build: - context: ../../. - dockerfile: Dockerfile - image: pasolo:latest + image: ghcr.io/dirathea/pasolo:latest env_file: - .env environment: