mirror of
https://github.com/parkan/go-hauk.git
synced 2026-05-08 16:47:46 +02:00
1.7 KiB
1.7 KiB
go-hauk
Go port of the Hauk location sharing backend.
why
The original PHP implementation works fine but has some overhead. This port provides:
- 345x higher throughput (45k vs 133 req/s)
- 36x smaller image (16MB vs 578MB)
- 3x lower memory footprint (8MB vs 25MB idle)
- single static binary, no runtime dependencies
- redis only (no memcached)
usage
docker run -p 8080:8080 \
-e HAUK_AUTH_METHOD=password \
-e HAUK_PASSWORD_HASH='$2a$10$...' \
-e HAUK_REDIS_ADDR=redis:6379 \
ghcr.io/parkan/go-hauk
config
all config via environment variables:
| var | default | description |
|---|---|---|
| HAUK_LISTEN_ADDR | :8080 | listen address |
| HAUK_PUBLIC_URL | http://localhost:8080/ | public url for share links |
| HAUK_REDIS_ADDR | localhost:6379 | redis address (host:port or redis:// url) |
| HAUK_AUTH_METHOD | password | auth method (password, htpasswd, ldap) |
| HAUK_PASSWORD_HASH | bcrypt hash for password auth | |
| HAUK_RATE_LIMIT_AUTH | 10 | max auth requests per minute per ip |
| HAUK_RATE_LIMIT_ADOPT | 10 | max adopt requests per minute per ip |
| HAUK_TRUST_PROXY | true | trust X-Forwarded-For (set false if not behind proxy) |
see config/config.go for full list.
security improvements over upstream
- adopt authorization: only share owner can adopt into groups (fixes CVE-like auth bypass in upstream)
- built-in rate limiting on auth and adopt endpoints (configurable, default 10 req/min/ip)
compatibility
drop-in replacement for the php backend. works with the existing android app and web frontend.
license
same as upstream (apache 2.0).