PAO Space Proxy

A rewriting proxy to handle OAuth redirects and authentication flows behind FRP.

Features

• Dynamic URL rewriting for OAuth/ADFS authentication flows
• Cookie manipulation for cross-domain authentication
• CORS handling
• Configurable via environment variables
• Security-focused logging (no sensitive data in logs)

Configuration

Environment Variables

Copy .env.example to .env and configure:

cp .env.example .env

Required:

• PROXY_PORT: Port to run the proxy server (default: 8888)
• PUBLIC_HOSTNAME: Public hostname/IP that clients use to access the proxy

Optional:

• REWRITE_DOMAINS: Comma-separated list of domains to rewrite in responses
• DOMAIN_MAP: JSON object mapping domains to custom backend targets

Example .env

NODE_ENV=production
PROXY_PORT=8888
PUBLIC_HOSTNAME=yourhost.com
REWRITE_DOMAINS=login.microsoftonline.com,aadcdn.msauth.net,graph.microsoft.com,paospace.ykpaoschool.cn:8192
DOMAIN_MAP={"paospace.ykpaoschool.cn:8192":"https://127.0.0.1:8889"}

Running the Proxy

Using Docker Compose (Recommended)

# Configure environment
cp .env.example .env
# Edit .env with your settings

# Start the service
docker-compose up -d

Using Node.js directly

# Configure environment
cp .env.example .env
# Edit .env with your settings

# Install dependencies
npm install

# Start the proxy
npm start

FRP Configuration

To expose internal services through this proxy using FRP (Fast Reverse Proxy):

FRP Client Configuration (frpc.ini)

[common]
server_addr = your-frp-server.com
server_port = 7000

[paospace]
type = https
local_ip = 127.0.0.1
local_port = 8192
custom_domains = paospace.ykpaoschool.cn

Proxy Setup

1. Run FRP client to expose internal service (e.g., paospace.ykpaoschool.cn:8192)
2. Configure this proxy with DOMAIN_MAP to route requests to the FRP-exposed service
3. Set PUBLIC_HOSTNAME to your proxy's public address
4. Access via: http://your-proxy:8888/https://paospace.ykpaoschool.cn:8192

Development

# Install dependencies
npm install

# Run in development mode
npm start