Skip to content

Improve logging and lockdown features #31

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 11 commits into
base: main
Choose a base branch
from
Open

Improve logging and lockdown features #31

wants to merge 11 commits into from

Conversation

timflyio
Copy link

@timflyio timflyio commented Oct 7, 2025
edited
Loading

Adds improvements to make it easier to run a somewhat open tokenizer, including restrictions to limit general internet access (require fly src), and improved auditing to help track down abuse if it happens.

  • Adds a lot more information to the log files, including the unwrapped/parsed/redacted token, source ip, and fly src, when possible.
  • Adds an option to reject any request that does not carry fly-src. The intention here is for allowing a somewhat open fly proxy that cant be abused from outside fly.
  • Adds a tool for generating a specific type of wrapped token, as used by my pilot proxy project.
  • Adds a cmd line option for printing out the seal key so you dont have to grep it from logs.
  • Stores the parsed fly-src in request context to avoid parsing it multiple times.
  • Get rid of internal flysrc parsing library and use github.com/superfly/flysrc-go.

@timflyio timflyio marked this pull request as ready for review October 9, 2025 20:32
@timflyio
get rid of flysrc internal library and instead use public superfly/fl…
7666b81 
…ysrc-go library.

Since the flysrc parser used to be static, we now have to pass in a context to the authorizers so they can get the flysrc parser instance that was constructed for the tokenizer instance.
@timflyio
bump dep version
ce9ea89
@timflyio
fix dockerfile for latest changes
1b4f537
@timflyio
Copy link
Author

tested deploy from timapp branch in xau, running command from another machine in xau:
curl -H "Proxy-Tokenizer: CUg3e/QsJ9F8joj8SGwtRLRO1+ov+lqv+6QaYBEoSlmK9NORKPnfjICXkLl8zMy2bW35sRZPmJixAj0Qu2yKOT+q32/JBnLuYv3US6MSdgTJmnSg+8S7w8c+SkJQR6h4RIAaO68cLqLsB6/jLcl1Bc6Pf7FObIx+29WN4cE15C+bKXDM3O8SA7A33CcLpDHRDJzGoukFM20TobN4A+ZsBfDoejVU53Iv4I8u/oBmKbRfhuT0T2igpAfVaxB/5gyeMMgGTY8vYI69TvjVU0006rp3lXWXF93G5AiYsSfMwPNChfWrGXmKwRd0hVYpDTvBRFebd0lPlVE=" -H "fly-src-optin: *" -x https://tokenizer.fly.dev:8443 http://timflyio-go-example.fly.dev

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@timflyio