You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
<palign="center">Reverse proxy to apply auth*n scenarios to STAC APIs.</p>
4
+
</div>
5
+
6
+
---
2
7
3
8
> [!WARNING]
4
9
> This project is currently in active development and may change drastically in the near future while we work towards solidifying a first release.
@@ -11,69 +16,64 @@ STAC Auth Proxy is a proxy API that mediates between the client and an internall
11
16
- 🎟️ Content Filtering: Apply CQL2 filters to client requests, filtering API content based on user context
12
17
- 📖 OpenAPI Augmentation: Update [OpenAPI](https://swagger.io/specification/) with security requirements, keeping auto-generated docs (e.g. [Swagger UI](https://swagger.io/tools/swagger-ui/)) accurate
13
18
14
-
## Installation
19
+
## Usage
15
20
16
21
> [!NOTE]
17
22
> Currently, the project is only installable by downlaoding the repository. It will eventually be available on Docker ([#5](https://github.com/developmentseed/issues/5)) and PyPi ([#30](https://github.com/developmentseed/issues/30)).
18
23
19
-
This project uses [`uv`](https://docs.astral.sh/uv/) to manage project dependencies and environment.
24
+
### Installation
25
+
26
+
For local development, his project uses [`uv`](https://docs.astral.sh/uv/) to manage project dependencies and environment.
20
27
21
28
```sh
22
29
uv sync
23
30
```
24
31
25
-
## Running
32
+
Otherwise, the application can be installed as a standard Python module:
26
33
27
34
```sh
28
-
uv run python -m stac_auth_proxy
35
+
python3 install src
29
36
```
30
37
31
-
##Configuration
38
+
### Running
32
39
33
-
The application is configurable via environment variables.
40
+
The simplest way to run the project is by calling the module directly:
34
41
35
-
### Core Settings
42
+
```sh
43
+
python -m stac_auth_proxy
44
+
```
36
45
37
-
-`DEBUG`
46
+
Alternatively, the application's factory can be passed to Uvicorn:
38
47
39
-
- Enables debug mode and `/_debug` endpoint
40
-
-**Type:** boolean
41
-
-**Default:**`false`
42
-
-**Example:**`true`
48
+
```sh
49
+
uvicorn --factory stac_auth_proxy:create_app
50
+
```
43
51
44
-
-`UPSTREAM_URL`
52
+
### Configuration
53
+
54
+
The application is configurable via environment variables.
Routes can be configured as requiring a valid authentication token by by specifying a blanket `default_public` rule and then explicit overrides (`private_endpoints` or `public_endpoints`).
67
-
68
71
-`DEFAULT_PUBLIC`
69
-
70
72
-**Description:** Default access policy for endpoints
71
73
-**Type:** boolean
72
74
-**Default:**`false`
73
75
-**Example:**`false`, `1`, `True`
74
-
75
76
-`PRIVATE_ENDPOINTS`
76
-
77
77
-**Description:** Endpoints explicitely marked as requiring authentication, for use when `DEFAULT_PUBLIC == True`
78
78
-**Type:** JSON object mapping regex patterns to HTTP methods OR to tuples of HTTP methods and an array of strings representing required scopes.
79
79
-**Default:**
@@ -86,7 +86,6 @@ Routes can be configured as requiring a valid authentication token by by specify
86
86
"^/collections/([^/]+)/bulk_items$": ["POST"]
87
87
}
88
88
```
89
-
90
89
- `PUBLIC_ENDPOINTS`
91
90
- **Description:** Endpoints explicitely marked as not requiring authentication, for use when `DEFAULT_PUBLIC == False`
92
91
- **Type:** JSON object mapping regex patterns to HTTP methods
@@ -97,19 +96,12 @@ Routes can be configured as requiring a valid authentication token by by specify
97
96
"^/api$": ["GET"]
98
97
}
99
98
```
100
-
101
-
### API Documentation
102
-
103
99
- `OPENAPI_SPEC_ENDPOINT`
104
100
- Path to serve OpenAPI specification
105
101
- **Type:** string or null
106
102
- **Default:** `null` (disabled)
107
103
- **Example:** `/api`
108
-
109
-
### Filtering
110
-
111
104
- `ITEMS_FILTER`
112
-
113
105
- Configuration for item-level filtering
114
106
- **Type:** JSON object with class configuration
115
107
- **Default:** `null`
@@ -127,7 +119,6 @@ Routes can be configured as requiring a valid authentication token by by specify
127
119
}
128
120
}
129
121
```
130
-
131
122
- `ITEMS_FILTER_ENDPOINTS`
132
123
- Where to apply item filtering
133
124
- **Type:** JSON object mapping regex patterns to HTTP methods
0 commit comments