forked from
pds.dad/pds-gatekeeper
Microservice to bring 2FA to self hosted PDSes
1# PDS gatekeeper
2
3A microservice that sits on the same server as the PDS to add some of the security that the entryway does.
4
5
6
7PDS gatekeeper works by overriding some of the PDS endpoints inside your Caddyfile to provide gatekeeping to certain
8endpoints. Mainly, the ability to have 2FA on a self hosted PDS like it does on a Bluesky mushroom(PDS). Most of the
9logic of these endpoints still happens on the PDS via a proxied request, just some are gatekept.
10
11# Features
12
13## 2FA
14
15- Overrides The login endpoint to add 2FA for both Bluesky client logged in and OAuth logins
16- Overrides the settings endpoints as well. As long as you have a confirmed email you can turn on 2FA
17
18## Captcha on Create Account
19
20Future feature?
21
22# Setup
23
24We are getting close! Testing now
25
26Nothing here yet! If you are brave enough to try before full release, let me know and I'll help you set it up.
27But I want to run it locally on my own PDS first to test run it a bit.
28
29Example Caddyfile (mostly so I don't lose it for now. Will have a better one in the future)
30
31```caddyfile
32http://localhost {
33
34 @gatekeeper {
35 path /xrpc/com.atproto.server.getSession
36 path /xrpc/com.atproto.server.updateEmail
37 path /xrpc/com.atproto.server.createSession
38 path /@atproto/oauth-provider/~api/sign-in
39 }
40
41 handle @gatekeeper {
42 reverse_proxy http://localhost:8080
43 }
44
45 reverse_proxy /* http://localhost:3000
46}
47
48```