Skip to content

Conversation

timflyio
Copy link

@timflyio timflyio commented Oct 7, 2025

Adds improvements to make it easier to run a somewhat open tokenizer, including restrictions to limit general internet access (require fly src), and improved auditing to help track down abuse if it happens.

  • Adds a lot more information to the log files, including the unwrapped/parsed/redacted token, source ip, and fly src, when possible.
  • Adds an option to reject any request that does not carry fly-src. The intention here is for allowing a somewhat open fly proxy that cant be abused from outside fly.
  • Adds a tool for generating a specific type of wrapped token, as used by my pilot proxy project.
  • Adds a cmd line option for printing out the seal key so you dont have to grep it from logs.
  • Stores the parsed fly-src in request context to avoid parsing it multiple times.
  • Get rid of internal flysrc parsing library and use github.com/superfly/flysrc-go.

@timflyio timflyio marked this pull request as ready for review October 9, 2025 20:32
…ysrc-go library.

Since the flysrc parser used to be static, we now have to pass in a context to the authorizers so they can get the flysrc parser instance that was constructed for the tokenizer instance.
@timflyio
Copy link
Author

tested deploy from timapp branch in xau, running command from another machine in xau:
curl -H "Proxy-Tokenizer: CUg3e/QsJ9F8joj8SGwtRLRO1+ov+lqv+6QaYBEoSlmK9NORKPnfjICXkLl8zMy2bW35sRZPmJixAj0Qu2yKOT+q32/JBnLuYv3US6MSdgTJmnSg+8S7w8c+SkJQR6h4RIAaO68cLqLsB6/jLcl1Bc6Pf7FObIx+29WN4cE15C+bKXDM3O8SA7A33CcLpDHRDJzGoukFM20TobN4A+ZsBfDoejVU53Iv4I8u/oBmKbRfhuT0T2igpAfVaxB/5gyeMMgGTY8vYI69TvjVU0006rp3lXWXF93G5AiYsSfMwPNChfWrGXmKwRd0hVYpDTvBRFebd0lPlVE=" -H "fly-src-optin: *" -x https://tokenizer.fly.dev:8443 http://timflyio-go-example.fly.dev

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant