gate-keeper

gate-keeper is simple anti-bruteforce service with gRPC API

                                                                     
           +----------+                            +-------------+                     +---------+
           |          |                            |             |   reset ip/login    |         |           
           |  Some    | ip+login+hash(pass) req    |             +<--------------------+         |
 Auth Req  |  Auth    +--------------------------->+             |    CIDR black list  |         |
+--------->+  Service |                            | Gate-Keeper +<--------------------+ gkcli   |
           |          +<---------------------------+             |    CIDR white list  |         |
<----------+          |       ok/nok resp          |             +<--------------------+         |
   ok/nok  |          |                            |             |                     |         |
           +----------+                            +-------------+                     +---------+

Build

Binaries

make build

produces gk and gkcli in ./bin directory

gk is service gkcli is cli command able to:

• check if ip/login/pass banned or not
• add IP CIDR to white/black list
• reset tries counters for particular IP/Logins
• exec simple benchmark against service

Code check

VETing/linting/errchecking:

make check-all

Unit tests

make test

Container

builds docker container:

make build-container

Run

to build and run latest version in docker:

docker-compose up -d

to run binaries natively:

make run

Bench

to do unit benchmark core:

make bench

to do e2e benchmark gkcli simple-bench inside docker container:

make docker-bench

TODO

• make white/black lists persitent somewhere (DB? file?)
• add option to move all state to external DB (Redis)
• add multicore/multi-instance benchmarks
• send notifications to Kafka topics
• add prometheus-style metrics
• move containers to Github registry