I recently set up Caddy to reverse proxy all my services on the internet. In order to keep everything organized I started using for the first time NodeJS to render a custom homepage with links to all the services. The problem is that I want to implement a login sistem in node at the level of the homepage and authenticate the user so that he can connect to all the services proxied by Caddy.
My idea is to implement a cookies-based login sistem and update constantly Caddy so that for every endpoint of the site only the user carring a valid authorization cookie can access.
I looked online on how to create a login system and found some resources using passportjs and local strategy, from which I do not know how to create tokens and authorization coockies. I found a library called passport-cookie but again I would need a list of authorized cookie at every login to feed it to Caddy and secure also endpoints not controlled by node. How could I do this?
There are a few options to achieve your goal:
The simplest solution to secure your services would be Basic Auth, which basically tells your user's browser to ask for a username and password which is then sent to the server.
https://caddyserver.com/docs/caddyfile/directives/basicauth
Even though it is very quick to set up, you lose benefits such as fine-grined access control and your users' ability to change their username/password.
OAuth allows your users to sign in with their own account, for example from Google or Facebook. Take a look at this complete Caddy Auth System: https://github.com/greenpau/caddy-auth-portal
Finally, if you want to use this challenge as a learning opportunity, you can take a look at JWT based authentication. Take a look at this module: https://github.com/greenpau/caddy-auth-jwt
This would enable you to issue JWT tokens in your node.js application which are then verified by Caddy.
Obviously, all of these solutions do require some research and skill and I would rate their difficulty to implement in ascending order, with your plan of building your own Auth system being the most difficult.