auth-proxy is a minimal HTTP reverse proxy that shows login pages on protected pages, and passes user information in headers. My goal was to build something that’s as flexible as possible and can add auth to any existing infrastructure.

It’s pretty straightforward to use, after setting up Stack Auth (which this is based on) you can use the Docker container to proxy port 3000 to 3001:

    docker run -it \
      -e NEXT_PUBLIC_STACK_PROJECT_ID=<project-id> \
      -e NEXT_PUBLIC_STACK_PUBLISHABLE_CLIENT_KEY=<client-key> \
      -e STACK_SECRET_SERVER_KEY=<server-key> \
      -e SERVER_PORT=3000 \
      -e PROXY_PORT=3001 \
      -p 3001:3001 \
      stackauth/auth-proxy:latest <protected-page-patterns>

If you now go to http://localhost:3001/handler/sign-in, you will see a log-in page.

Once you’re authenticated, every request to your HTTP server will have the following extra headers:

- x-stack-authenticated ("true" if authenticated; not present otherwise)

- x-stack-user-id

- x-stack-user-primary-email

- x-stack-user-display-name

If you’re building an SPA or client-side app, you can also fetch the current authentication status on /handler/me:

    {
      "user": {
        "id": "...",
          "primary_email": "email@test.com",
          "display_name": "John Doe"
        },
      "authenticated": true
    }

This is all still pretty hacky, but I’d love to hear your feedback. Any cool ideas on what to build?

PS: Big props to fellow HN user rudasn who brought it up first, and who gave us plenty of ideas after another Hacker News thread: https://news.ycombinator.com/item?id=41195470