Token/password protected http proxy

[thetakodev]

Issue type:

• ➕ Feature request

---

Short description:

Please add an option to protect with password, token or whatever, so you can send requests with a second parameter for this basic auth(still better than nothing), so other people cant break you systems, by sending random http requests.

(I just want to make a reactor controller app for android, would be so much satisfaction to do, pls add)

[rubensworks]

This would definitely be interesting to have.

I have a huge list of feature request before this though, so don't expect this anytime soon. PRs are welcome though.

[otakup0pe]

I've started some work on this. Do y'all have any feelings on how it is implemented? Off the top of my head I'm thinking....

• New string config param apiToken. Defaults to blank which preserves existing behavior.
• Somewhere around here check to see if the apiToken is not blank. If it's not then check for the X-IntegratedRest-Token header and compare. Proceed as normal if it matches, throw a 403 if it does not.

[rubensworks]

I had in mind to use HTTP's basic authentication protocol: https://en.wikipedia.org/wiki/Basic_access_authentication
Should be supported already by most HTTP server-side and client-side libraries.

Basic access authentication - Wikipedia

[otakup0pe]

Aite I'll go with basic auth. Do we want to support multiple users / .htpasswd style or just a single user/pass in the config?

[rubensworks]

I would suggest multiple users directly in the config. Should be easy to implement as a map or list.