12 Repos
Components for verifying identity and authorization on incoming API requests.
Distinguishing note: Focuses on request-level security enforcement rather than user-facing login flows.
Explore 12 awesome GitHub repositories matching security & cryptography · Authentication Middleware. Refine with filters or upvote what's useful.
File Browser is a self-hosted application that provides a web-based interface for managing files and directories on a server. It functions as a virtual file system abstraction, allowing users to browse, organize, and edit text-based files directly within their browser without requiring local access to the server. The platform distinguishes itself through a comprehensive command-line interface that enables full administrative control over system configurations, user accounts, and automation hooks. It supports a flexible, event-driven architecture where custom shell scripts can be triggered aut
Supports multiple identity verification strategies including internal credentials, reverse proxy headers, and external script execution.
This project is a modular authentication framework designed to manage user identity, session tracking, and access control across web applications. It provides a unified solution for handling email-based credentials and social identity federation, allowing developers to implement secure login and registration flows that maintain consistent user states across client and server environments. The system utilizes a plugin-based architecture and middleware-driven request interception to allow for the extension of core authentication logic. It features type-safe schema generation, which derives data
A flexible architecture that allows developers to extend core authentication logic through custom plugins and server-side hooks.
Next-auth is an authentication and identity management library for web frameworks. It provides a unified system for handling user sign-in and session state across server and client environments, functioning as a session management framework and an OIDC authentication library. The project distinguishes itself through a provider-based identity abstraction that supports multiple authentication methods, including OAuth, email magic links, traditional credentials, and passwordless passkeys. It allows for the registration of custom OAuth or OIDC compliant providers and offers tools to define branda
Implements security middleware to verify identity and enforce access control on incoming requests.
This project is an enterprise knowledge platform designed for teams to create, manage, and publish structured documentation. Built on a high-performance runtime, it provides a centralized environment where contributors can author content using markdown, HTML, or a visual editor. The system is engineered to handle collaborative workflows, ensuring that technical and non-technical users alike can maintain documentation with consistent rendering and version control. What distinguishes this platform is its focus on secure, scalable, and synchronized content management. It features granular path-b
Integrates diverse identity providers through standardized middleware to centralize access control.
Authelia is a centralized identity and access management server designed to secure web applications through unified authentication and authorization. It functions as an identity authority that enables single sign-on across diverse platforms, allowing users to access multiple services with a single set of credentials. By acting as a standards-compliant provider, it facilitates secure identity propagation and token issuance for client applications. The platform distinguishes itself through its ability to integrate directly with web gateways as a reverse proxy authentication middleware, intercep
A security component that integrates with web gateways to validate user sessions and authorize requests before they reach protected backend services.
Secure the tracking server using built-in authentication methods and network protection middleware to prevent unauthorized access.
Lucia is an authentication library that provides session management, OAuth integration, and password-based login for web applications. It creates and validates server-side sessions using cryptographically random tokens stored in HttpOnly, Secure, SameSite=Lax cookies, with constant-time token comparison to prevent timing side-channel attacks. The library supports authentication through email and password, GitHub OAuth, Google OAuth, and passkey-based sign-in. It enforces two-factor authentication using time-based one-time passwords (TOTP) from authenticator apps, generates recovery codes for
Limits failed login attempts from a single source within a time window to prevent brute-force attacks.
Crater is an open source invoicing software and multi-tenant accounting system. It serves as a financial management tool for creating professional invoices and estimates, tracking business expenses, and managing the financial records of several distinct business entities within a single instance. The platform integrates with payment processors to collect client payments automatically and provides a dedicated billing portal where customers can access their history and pay invoices online. It includes a template-based engine for generating PDF invoices and supports the automation of recurring s
Implements middleware to verify identity and authorization on incoming financial record requests.
Tinyauth is an authentication middleware service and identity provider that verifies user identities to grant system access. It operates as a standalone server or as an authentication gateway, utilizing a reverse proxy model to intercept requests and validate credentials before traffic reaches protected backend services. The project functions as an OpenID Connect provider for single sign-on experiences and an OAuth 2.0 gateway that delegates verification to external providers such as Google and GitHub. It also acts as an LDAP authentication server, allowing for centralized user management and
Provides a standalone server or middleware component for verifying identity and authorization on incoming requests.
Kimai is an open-source time tracking system that records employee working hours, manages absences, and generates professional invoices from recorded timesheets and expenses. It organizes all time records through a mandatory three-level hierarchy of customer, project, and activity, and supports project budget monitoring with configurable time and money limits. The application is extensible through a plugin system that allows adding custom features, invoice templates, reporting views, and dashboard widgets without modifying core files. It provides a RESTful JSON API for programmatic read and w
Records failed authentication requests in a format compatible with Fail2Ban for automated blocking.
TablePro is a cross-platform database management client designed for browsing, querying, and administering both SQL and NoSQL databases. It functions as a unified workspace that integrates a code-centric SQL editor with schema visualization tools, allowing developers to manage complex data models and execute queries across diverse database engines. The application distinguishes itself through an agentic AI integration layer that connects language models directly to database tools, enabling automated query generation, optimization, and error fixing with configurable approval gates. It features
Blocks client requests after a threshold of failed authentication attempts to enhance security.
This project is a Docker-based web gateway and Nginx reverse proxy manager. It functions as a containerized network edge designed to route incoming HTTP and HTTPS traffic to backend services using subdomains and subfolders. The system automates the procurement and renewal of Let's Encrypt SSL certificates via the ACME protocol and various DNS plugins. It includes a mechanism to export and share these certificates through persistent volumes so other containers can utilize the same encryption keys. Security is handled through a combination of server intrusion prevention, using Fail2Ban to moni
Provides middleware that intercepts proxy requests to verify identities via local passwords or LDAP.