39 Repos
Methods for authorizing requests using bearer tokens in HTTP headers.
Distinguishing note: Focuses on the extraction and validation of tokens from authorization headers.
Explore 39 awesome GitHub repositories matching security & cryptography · Token-based Authorization. Refine with filters or upvote what's useful.
Payload is a headless content management system and application framework that uses a code-first approach to define data schemas and administrative interfaces. By utilizing a centralized, type-safe configuration object, it automatically generates database schemas, API endpoints, and a fully customizable admin panel. The system is built on a database-agnostic architecture, allowing it to interface with various storage engines while providing a unified, type-safe API for server-side operations, REST, and GraphQL. What distinguishes Payload is its deep extensibility and developer-centric design.
Identifies users by extracting and validating JSON Web Tokens from the Authorization header.
This project is a multi-provider AI gateway and proxy server that intercepts and routes requests between AI clients and various large language model providers. It functions as an API protocol translator and model router, mapping incoming requests to specific upstream providers or local runners to provide a unified interface for multiple models. The system distinguishes itself by bridging chat platforms and command line interfaces, converting messages from chat services into managed command line sessions. It further optimizes traffic by executing certain web search and fetch requests locally a
Secures the API entry point using constant-time matching of authorization tokens in request headers.
Hey is a command-line utility designed for HTTP load testing and API performance benchmarking. It functions as a concurrent request generator that simulates high volumes of traffic against target endpoints to evaluate service responsiveness, throughput, and stability under load. The tool distinguishes itself by integrating specialized modules for cryptographic request signing and internal service authorization. It supports the generation of digital signatures for decentralized social protocols and validates backend requests using shared secret tokens, allowing for secure interaction with prot
Verifies incoming traffic using shared secret tokens to enforce secure access control for internal services.
OpenZeppelin Contracts is a library of modular, secure, and reusable smart contract components designed for the development of decentralized applications. It provides a foundational framework for building standard-compliant contracts, offering battle-tested implementations for token standards, access control, and common utility patterns. The project distinguishes itself through its comprehensive support for complex architectural patterns, including proxy-based upgradeability, role-based access control, and account abstraction. It enables developers to implement modular logic injection via hoo
Enables users to approve token allowances via off-chain cryptographic signatures, eliminating the need for on-chain transactions.
Mastra is an orchestration framework designed for building, deploying, and managing autonomous AI agents and multi-agent systems. It provides a comprehensive suite of primitives for creating resilient AI applications, including durable workflow orchestration, event-driven agent loops, and semantic memory management. By integrating these core components, the platform enables developers to build complex, multi-step processes that can reason about goals and execute tasks without manual intervention. The framework distinguishes itself through its focus on observability and secure, isolated execut
Enables authenticated sessions by extracting and validating authorization tokens from URL query parameters.
Sanic is an asynchronous Python web framework designed for building high-performance APIs and services. It operates as a production-ready ASGI web server, utilizing a non-blocking event loop to handle concurrent requests and maximize throughput. The framework is built to support scalable architectures, offering built-in worker process management to distribute traffic across available CPU cores. What distinguishes Sanic is its focus on modularity and developer-centric tooling. It features a blueprint-based system for organizing complex applications into pluggable components, alongside a robust
Parses standard authentication headers from incoming requests to extract tokens for use in route handlers.
This project is a comprehensive technical interview preparation resource and computer science interview guide. It serves as an educational reference for developers to study core software engineering fundamentals and common coding patterns required for employment screenings. The repository provides detailed guides and references covering data structures and algorithms, networking and security, operating systems, and web development. It specifically focuses on the implementation and complexity analysis of sorting, searching, and graph algorithms. The material encompasses a wide breadth of comp
Describes the process of transforming HTML tags into a hierarchical tree-like object model.
This project is a technical educational guide focused on browser architecture and the internal processes used to render web pages. It provides a detailed breakdown of the web request lifecycle, from the initial networking phase to the final visual output on a screen. The guide covers specific technical sequences including the DNS resolution process across browser, operating system, and ISP caches, and the establishment of secure connections through the TLS handshake. It also details the communication flow between clients and servers using the HTTP protocol and server-side request handling. T
Describes the transformation of raw bytes into tokens and nodes to build the Document Object Model.
Quarkus is a Kubernetes-native Java framework designed for building high-performance, memory-efficient applications. It utilizes ahead-of-time native compilation to transform Java code into standalone, optimized binaries that eliminate the need for a virtual machine, enabling rapid startup and reduced memory consumption. By performing code augmentation during the build phase, it shifts heavy processing tasks away from runtime, ensuring that applications are optimized for cloud-native environments. The framework distinguishes itself through a unified approach to reactive and imperative program
Maintains user sessions by storing authorization tokens in secure backends or encrypted cookies.
Midday is an open-source, self-hosted financial dashboard designed for business expense management and automated bookkeeping. It functions as a centralized platform that aggregates transaction history and account balances from multiple external banking providers, allowing users to maintain full control over their sensitive financial data on private infrastructure. The platform distinguishes itself through its automated reconciliation workflows, which categorize business expenditures and generate structured financial reports to reduce manual data entry. By integrating with financial data aggre
Manages persistent access to sensitive financial data by exchanging temporary security tokens for long-lived, scoped API credentials.
Mall-swarm is a microservices-based e-commerce system built with Spring Cloud Alibaba and Spring Boot. It functions as a scalable online retail platform designed to manage complex business logic through a distributed architecture of independent services. The system utilizes Kubernetes and Docker for service orchestration, incorporating a unified API gateway for traffic routing and service discovery. Security is handled via a unified identity and access management framework for verifying user tokens across all connected microservices. The platform includes a dedicated search engine for high-p
Implements token-based authorization to validate user identities across all microservices.
Night is a developer community platform designed to facilitate peer-to-peer learning and technical knowledge management. It functions as a collaborative space where users can organize study groups, curate engineering resources, and host technical discussions to support ongoing professional development. The system operates as a relational database application that manages complex interactions between users, learning materials, and collaborative session metadata. It incorporates a role-based access control framework to enforce permissions and restrict administrative actions through token valida
Validates user identity tokens to authorize access and restrict administrative operations within the platform.
Cockpit-tools is a toolkit for managing multiple AI service credentials and account identities. It provides utilities for importing account credentials via authorization tokens or data files to enable rapid switching between user identities without manual login procedures. The project includes an automation utility for scheduling model wake-ups and quota reset cycles, as well as a monitoring dashboard to track API credits and usage limits across various platforms. Additionally, it functions as a launcher for running multiple independent AI editor instances, mapping each to a unique user direc
Enables instant swapping of active AI user identities by replacing authorization tokens in the local state.
This project provides a standardized RESTful API for accessing comprehensive aerospace mission records and space exploration data. It serves as a structured interface for retrieving historical and upcoming launch details, hardware specifications, and media assets, while also providing real-time tracking for satellite orbital paths. The service distinguishes itself through a robust architecture designed for high-performance data retrieval. It utilizes in-memory response caching to reduce latency and server load, alongside query-parameter-based filtering that allows users to precisely control t
Validates security credentials via request header tokens to enforce access control for sensitive operations.
Electric is a Postgres data synchronization engine and replication proxy designed to enable local-first software. It replicates data from Postgres databases to client-side stores in real time using logical replication, allowing applications to maintain a local embedded database for offline access and low-latency updates. The system distinguishes itself by using shapes to filter and authorize specific subsets of database rows and columns before streaming them to clients or edge workers. It further supports multi-user collaboration by integrating a conflict-free replicated data type framework t
Issues shape-scoped tokens that are validated by a proxy to ensure only authorized data subsets are requested.
wewe-rss is an RSS feed generator and scheduled aggregator that converts social media accounts and web content into standardized RSS, Atom, or JSON feeds. It functions as a full-text content extractor, retrieving the complete body of articles rather than short summaries. The system operates as an API-protected feed gateway, utilizing token-based authorization and request rate limiting to restrict access and maintain stability. It supports subscription portability by exporting tracked sources into standardized OPML files. The project manages content aggregation through automated polling via c
Secures API access by validating requests using secret authorization tokens.
The inspector is a diagnostic and validation tool for the Model Context Protocol. It provides an interactive interface and a transport proxy to discover, inspect, and execute the tools, prompts, and resources provided by an MCP server. The project serves as a debugger and compliance tester to verify that server implementations adhere to the protocol specification and JSON-RPC standards. It allows for real-time monitoring of message exchanges and logs between clients and servers across various transport layers, such as standard input/output and Server-Sent Events. The tool covers a broad rang
Uses OAuth 2.1 resource indicators to obtain specific access tokens for restricted resources.
Neutralinojs is a lightweight cross-platform desktop application framework that allows developers to build native applications using web technologies and a C++ backend. It serves as a native system API bridge, enabling JavaScript frontend code to execute system commands and manage files across Windows, macOS, and Linux. The project distinguishes itself as a portable runtime that renders interfaces via the system's built-in webview instead of bundling a full browser engine. This approach enables the packaging of web assets into small, standalone executable binaries. The framework provides com
Secures the native API by validating unique connection tokens and origin headers for every request.
CloudSaver is a multi-cloud file transfer manager and storage aggregator designed to discover remote resources and save them directly to cloud drives. It functions as a cloud file downloader and management platform that enables the movement of data between different cloud storage providers without requiring files to be downloaded to a local device first. The system uses OAuth authentication to manage secure connections to third-party cloud drives, facilitating direct server-to-server data transfers. It incorporates asynchronous streaming to move data between remote sources and destinations, p
Tracks user identity and authorization state using secure bearer tokens for session persistence.
Lnd is a full implementation of the Lightning Network protocol, functioning as a Bitcoin Layer 2 daemon that manages payment channels and settles transactions on the Bitcoin blockchain. It serves as an off-chain payment processor and a cryptographic wallet manager, enabling the execution of instant, scalable transactions through a network node. The project distinguishes itself through a focus on secure node networking and programmatic control. It provides gRPC and REST API servers for automating payment workflows and utilizes macaroon-based authorization to delegate granular permissions via c
Implements macaroon-based authorization to delegate granular API permissions via signed tokens.