Skip to content

ochanoco/torima

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

613 Commits

.github/workflows

.github/workflows

 
 

core

core

 
 

data

data

 
 

docker

docker

 
 

ent

ent

 
 

serv

serv

 
 

static

static

 
 

.dockerignore

.dockerignore

 
 

.gitignore

.gitignore

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

config.yaml

config.yaml

 
 

docker-compose.yml

docker-compose.yml

 
 

go.mod

go.mod

 
 

go.sum

go.sum

 
 

main.go

main.go

 
 

secret.env.template

secret.env.template

 
 

Repository files navigation

torima

Go

The easiest and solid security measures 😎

Torima is a proxy server authenticating users before access to the servicer, namely, IAP(Identity-Aware Proxy).
Using strong user identifiers (the default is LINE Account), Torima deters cyber attacks 🛡️.

These are...
☑️ Torima mitigates bot access (because the bot does not have an account coupled with the user's strong identifier in general).
☑️ Torima provides revocation features for malicious users (owing to the difficulty of making multiple accounts).
☑️ Torima provides a tracking feature to hold malicious users criminally accountable.

Japanese

Dependencies

  • Docker
  • Docker Compose

Installation

1. Obtain information for authentication

  • a. Make a LINE Login account at this site, and register as a Provider of LINE Developer.
  • b. Then obtain Channel ID and Channel secret.
  • c. Finally, set the https://<DOMAIN>/torima/auth/callback to Callback URL.
    The <DOMAIN> is the domain that is accessed by end users.

See details.

2. Login Github Container Registry

Login to the GitHub container registry using the following commands.

docker login ghcr.io

3. Make docker-compose.yaml

Set up the docker-compose configuration as follows:

version: "3"
services:
  proxy:
    image: ghcr.io/ochanoco/torima:develop
    volumes:
      - "./data:/workspace/data"
      - "./config.yaml:/workspace/config.yaml"
    ports:
      - 8080:8080
    env_file:
      - ./secret.env
    environment:
      - TORIMA_DB_TYPE=sqlite3 # Your DB type
      - TORIMA_DB_CONFIG=file:./data/db.sqlite3?_fk=1 # Your db configuration 

  app:
  # your front-end server...
  # we assume the server uses port 5000.
  # do not use `port`

  api:
  # your API server...
  # we assume the server uses port 5001.
  # do not use `port`

Tip

We recommend deploying your application server using the identical docker-compose.yaml because of security reasons.

Caution

Ports of the application server should not be exposed.
(Do not use ports except the torima container.)

4. Fill out secret.env

Make a secret.env file and fill in the parameters below.

TORIMA_CLIENT_ID="Channel ID"
TORIMA_CLIENT_SECRET="Channel Secret"

# It will be shared between your application and this proxy and used for authentication.
# TORIMA_SECRET="this-is-token"

5. Set up the configuration file

Create the configuration file and save it as config.yaml.

port: 8080

default_origin: app:5000 # your front-end server

protection_scope: 
- api:5001 # your API servers

white_list_path: 
- /favicon.ico

scheme: http

6. Implement redirected path

Implement the page at /_torima/back on your pages for redirect back after login. In Torima, users jump back to the path after logging in.

7. Deploy

Deploy the server using the following command:

docker-compose up

Tips

  • The user ID is on the X-Torima-UserID header on your server.
  • If the pulling container does not work, it is possible that the container image has expired.

Example

This repository shows the example.

About

Torima: The easiest and solid security measures.

ochano.co

Topics

golang security authentication proxy iap oidc line-login

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

8 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

2 tags

Packages 1

 

Contributors 3

  •  
  •  
  •  

Languages