bluekitedreamer
commented
5 months ago Very cool project, you could also integrate passportJS to allow for other auth request options
Open zuavra opened 5 months ago
bluekitedreamer
commented
5 months ago Very cool project, you could also integrate passportJS to allow for other auth request options
zuavra
commented
5 months ago @bluekitedreamer Thank you for the suggestion but most (all?) of Passport's auth strategies are federated and require cookies and some degree of interactivity. I think they'd be better suited to something like vouch-proxy which specializes in federated proxy auth.
bluekitedreamer
commented
5 months ago @zuavra Very true, I misrepresent my thought process here.
I think the better way to say what I was imagining was to layer-cake some of these solutions (IP Whitelisting, and SSO/other sign on) in order to achieve better security. Although some SSO solutions do provide whitelisting solutions on their side, I sort of like the approach of not even making it to the SSO login at all (redirect fails before connection) without first having the IP whitelisted.
Then again you could just add the whitelist rule in front of the reverse proxy for the SSO login as well.
Hi, https://github.com/zuavra/nginx-ip-whitelister/ is a tool specifically designed to integrate with NPM.
It's a web app that acts as a validator for nginx via the ngx_http_auth_request_module and can be configured to allow/deny access based on various conditions (geoip, secret key, 2FA with TOTP, network masks etc.)