diff options
author | Francis Lavoie <lavofr@gmail.com> | 2022-06-16 16:28:11 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-06-16 14:28:11 -0600 |
commit | 0b6f7643569690b9a3defe989fb2e0c2607215ec (patch) | |
tree | 44044e13a55f7930563dc4cd425222ffd775b269 /modules/caddyhttp | |
parent | 050d6e0aebf678d05ada525936739913df4661f8 (diff) |
forwardauth: Support renaming copied headers, block support (#4783)
Diffstat (limited to 'modules/caddyhttp')
-rw-r--r-- | modules/caddyhttp/reverseproxy/forwardauth/caddyfile.go | 33 |
1 files changed, 26 insertions, 7 deletions
diff --git a/modules/caddyhttp/reverseproxy/forwardauth/caddyfile.go b/modules/caddyhttp/reverseproxy/forwardauth/caddyfile.go index 1571f09..c22ddde 100644 --- a/modules/caddyhttp/reverseproxy/forwardauth/caddyfile.go +++ b/modules/caddyhttp/reverseproxy/forwardauth/caddyfile.go @@ -17,6 +17,7 @@ package forwardauth import ( "encoding/json" "net/http" + "strings" "github.com/caddyserver/caddy/v2" "github.com/caddyserver/caddy/v2/caddyconfig" @@ -115,7 +116,7 @@ func parseCaddyfile(h httpcaddyfile.Helper) ([]httpcaddyfile.ConfigValue, error) // collect the headers to copy from the auth response // onto the original request, so they can get passed // through to a backend app - headersToCopy := []string{} + headersToCopy := make(map[string]string) // read the subdirectives for configuring the forward_auth shortcut // NOTE: we delete the tokens as we go so that the reverse_proxy @@ -141,10 +142,28 @@ func parseCaddyfile(h httpcaddyfile.Helper) ([]httpcaddyfile.ConfigValue, error) case "copy_headers": args := dispenser.RemainingArgs() - dispenser.Delete() - for _, headerField := range args { + hadBlock := false + for nesting := dispenser.Nesting(); dispenser.NextBlock(nesting); { + hadBlock = true + args = append(args, dispenser.Val()) + } + + dispenser.Delete() // directive name + if hadBlock { + dispenser.Delete() // opening brace + dispenser.Delete() // closing brace + } + for range args { dispenser.Delete() - headersToCopy = append(headersToCopy, headerField) + } + + for _, headerField := range args { + if strings.Contains(headerField, ">") { + parts := strings.Split(headerField, ">") + headersToCopy[parts[0]] = parts[1] + } else { + headersToCopy[headerField] = headerField + } } if len(headersToCopy) == 0 { return nil, dispenser.ArgErr() @@ -180,9 +199,9 @@ func parseCaddyfile(h httpcaddyfile.Helper) ([]httpcaddyfile.ConfigValue, error) }, } - for _, headerField := range headersToCopy { - handler.Request.Set[headerField] = []string{ - "{http.reverse_proxy.header." + headerField + "}", + for from, to := range headersToCopy { + handler.Request.Set[to] = []string{ + "{http.reverse_proxy.header." + from + "}", } } |