diff options
Diffstat (limited to 'modules')
31 files changed, 920 insertions, 214 deletions
diff --git a/modules/caddyhttp/caddyhttp.go b/modules/caddyhttp/caddyhttp.go index 467b40f..21c5b6d 100644 --- a/modules/caddyhttp/caddyhttp.go +++ b/modules/caddyhttp/caddyhttp.go @@ -15,9 +15,12 @@ package caddyhttp import ( + "bytes" "context" "crypto/tls" + "encoding/json" "fmt" + "io" "log" weakrand "math/rand" "net" @@ -244,6 +247,14 @@ func (app *App) automaticHTTPS() error { for d := range domainSet { domains = append(domains, d) if !srv.AutoHTTPS.Skipped(d, srv.AutoHTTPS.SkipCerts) { + // if a certificate for this name is already loaded, + // don't obtain another one for it, unless we are + // supposed to ignore loaded certificates + if !srv.AutoHTTPS.IgnoreLoadedCerts && + len(tlsApp.CertificatesWithSAN(d)) > 0 { + log.Printf("[INFO][%s] Skipping automatic certificate management because a certificate with that SAN is already loaded", d) + continue + } domainsForCerts = append(domainsForCerts, d) } } @@ -319,7 +330,7 @@ func (app *App) automaticHTTPS() error { } redirTo += "{http.request.uri}" - redirRoutes = append(redirRoutes, ServerRoute{ + redirRoutes = append(redirRoutes, Route{ matcherSets: []MatcherSet{ { MatchProtocol("http"), @@ -328,7 +339,7 @@ func (app *App) automaticHTTPS() error { }, handlers: []MiddlewareHandler{ StaticResponse{ - StatusCode: weakString(strconv.Itoa(http.StatusTemporaryRedirect)), // TODO: use permanent redirect instead + StatusCode: WeakString(strconv.Itoa(http.StatusTemporaryRedirect)), // TODO: use permanent redirect instead Headers: http.Header{ "Location": []string{redirTo}, "Connection": []string{"close"}, @@ -431,6 +442,77 @@ type MiddlewareHandler interface { // emptyHandler is used as a no-op handler. var emptyHandler HandlerFunc = func(http.ResponseWriter, *http.Request) error { return nil } +// WeakString is a type that unmarshals any JSON value +// as a string literal, with the following exceptions: +// 1) actual string values are decoded as strings, and +// 2) null is decoded as empty string +// and provides methods for getting the value as various +// primitive types. However, using this type removes any +// type safety as far as deserializing JSON is concerned. +type WeakString string + +// UnmarshalJSON satisfies json.Unmarshaler according to +// this type's documentation. +func (ws *WeakString) UnmarshalJSON(b []byte) error { + if len(b) == 0 { + return io.EOF + } + if b[0] == byte('"') && b[len(b)-1] == byte('"') { + var s string + err := json.Unmarshal(b, &s) + if err != nil { + return err + } + *ws = WeakString(s) + return nil + } + if bytes.Equal(b, []byte("null")) { + return nil + } + *ws = WeakString(b) + return nil +} + +// MarshalJSON marshals was a boolean if true or false, +// a number if an integer, or a string otherwise. +func (ws WeakString) MarshalJSON() ([]byte, error) { + if ws == "true" { + return []byte("true"), nil + } + if ws == "false" { + return []byte("false"), nil + } + if num, err := strconv.Atoi(string(ws)); err == nil { + return json.Marshal(num) + } + return json.Marshal(string(ws)) +} + +// Int returns ws as an integer. If ws is not an +// integer, 0 is returned. +func (ws WeakString) Int() int { + num, _ := strconv.Atoi(string(ws)) + return num +} + +// Float64 returns ws as a float64. If ws is not a +// float value, the zero value is returned. +func (ws WeakString) Float64() float64 { + num, _ := strconv.ParseFloat(string(ws), 64) + return num +} + +// Bool returns ws as a boolean. If ws is not a +// boolean, false is returned. +func (ws WeakString) Bool() bool { + return string(ws) == "true" +} + +// String returns ws as a string. +func (ws WeakString) String() string { + return string(ws) +} + const ( // DefaultHTTPPort is the default port for HTTP. DefaultHTTPPort = 80 diff --git a/modules/caddyhttp/encode/brotli/brotli.go b/modules/caddyhttp/encode/brotli/brotli.go index 0890d43..e30d7bc 100644 --- a/modules/caddyhttp/encode/brotli/brotli.go +++ b/modules/caddyhttp/encode/brotli/brotli.go @@ -16,8 +16,10 @@ package caddybrotli import ( "fmt" + "strconv" "github.com/andybalholm/brotli" + "github.com/caddyserver/caddy/caddyconfig/caddyfile" "github.com/caddyserver/caddy/v2" "github.com/caddyserver/caddy/v2/modules/caddyhttp/encode" ) @@ -35,6 +37,22 @@ type Brotli struct { Quality *int `json:"quality,omitempty"` } +// UnmarshalCaddyfile sets up the handler from Caddyfile tokens. +func (b *Brotli) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { + for d.Next() { + if !d.NextArg() { + continue + } + qualityStr := d.Val() + quality, err := strconv.Atoi(qualityStr) + if err != nil { + return err + } + b.Quality = &quality + } + return nil +} + // Validate validates b's configuration. func (b Brotli) Validate() error { if b.Quality != nil { @@ -64,6 +82,7 @@ func (b Brotli) NewEncoder() encode.Encoder { // Interface guards var ( - _ encode.Encoding = (*Brotli)(nil) - _ caddy.Validator = (*Brotli)(nil) + _ encode.Encoding = (*Brotli)(nil) + _ caddy.Validator = (*Brotli)(nil) + _ caddyfile.Unmarshaler = (*Brotli)(nil) ) diff --git a/modules/caddyhttp/encode/caddyfile.go b/modules/caddyhttp/encode/caddyfile.go new file mode 100644 index 0000000..846ec03 --- /dev/null +++ b/modules/caddyhttp/encode/caddyfile.go @@ -0,0 +1,85 @@ +// Copyright 2015 Matthew Holt and The Caddy Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package encode + +import ( + "encoding/json" + "fmt" + + "github.com/caddyserver/caddy" + "github.com/caddyserver/caddy/caddyconfig" + "github.com/caddyserver/caddy/caddyconfig/caddyfile" + "github.com/caddyserver/caddy/caddyconfig/httpcaddyfile" +) + +// UnmarshalCaddyfile sets up the handler from Caddyfile tokens. Syntax: +// +// encode [<matcher>] <formats...> { +// gzip [<level>] +// zstd +// brotli [<quality>] +// } +// +// Specifying the formats on the first line will use those formats' defaults. +func (enc *Encode) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { + for d.Next() { + for _, arg := range d.RemainingArgs() { + mod, err := caddy.GetModule("http.encoders." + arg) + if err != nil { + return fmt.Errorf("finding encoder module '%s': %v", mod.Name, err) + } + encoding, ok := mod.New().(Encoding) + if !ok { + return fmt.Errorf("module %s is not an HTTP encoding", mod.Name) + } + if enc.EncodingsRaw == nil { + enc.EncodingsRaw = make(map[string]json.RawMessage) + } + enc.EncodingsRaw[arg] = caddyconfig.JSON(encoding, nil) + } + + for d.NextBlock() { + name := d.Val() + mod, err := caddy.GetModule("http.encoders." + name) + if err != nil { + return fmt.Errorf("getting encoder module '%s': %v", mod.Name, err) + } + unm, ok := mod.New().(caddyfile.Unmarshaler) + if !ok { + return fmt.Errorf("encoder module '%s' is not a Caddyfile unmarshaler", mod.Name) + } + err = unm.UnmarshalCaddyfile(d.NewFromNextTokens()) + if err != nil { + return err + } + encoding, ok := unm.(Encoding) + if !ok { + return fmt.Errorf("module %s is not an HTTP encoding", mod.Name) + } + if enc.EncodingsRaw == nil { + enc.EncodingsRaw = make(map[string]json.RawMessage) + } + enc.EncodingsRaw[name] = caddyconfig.JSON(encoding, nil) + } + } + + return nil +} + +// Bucket returns the HTTP Caddyfile handler bucket number. +func (enc Encode) Bucket() int { return 3 } + +// Interface guard +var _ httpcaddyfile.HandlerDirective = (*Encode)(nil) diff --git a/modules/caddyhttp/encode/encode.go b/modules/caddyhttp/encode/encode.go index b2c1327..4e5f743 100644 --- a/modules/caddyhttp/encode/encode.go +++ b/modules/caddyhttp/encode/encode.go @@ -52,19 +52,15 @@ type Encode struct { // Provision provisions enc. func (enc *Encode) Provision(ctx caddy.Context) error { - enc.writerPools = make(map[string]*sync.Pool) - for modName, rawMsg := range enc.EncodingsRaw { val, err := ctx.LoadModule("http.encoders."+modName, rawMsg) if err != nil { return fmt.Errorf("loading encoder module '%s': %v", modName, err) } - encoder := val.(Encoding) - - enc.writerPools[encoder.AcceptEncoding()] = &sync.Pool{ - New: func() interface{} { - return encoder.NewEncoder() - }, + encoding := val.(Encoding) + err = enc.addEncoding(encoding) + if err != nil { + return err } } enc.EncodingsRaw = nil // allow GC to deallocate - TODO: Does this help? @@ -85,10 +81,28 @@ func (enc *Encode) ServeHTTP(w http.ResponseWriter, r *http.Request, next caddyh defer w.(*responseWriter).Close() break } - return next.ServeHTTP(w, r) } +func (enc *Encode) addEncoding(e Encoding) error { + ae := e.AcceptEncoding() + if ae == "" { + return fmt.Errorf("encoder does not specify an Accept-Encoding value") + } + if _, ok := enc.writerPools[ae]; ok { + return fmt.Errorf("encoder already added: %s", ae) + } + if enc.writerPools == nil { + enc.writerPools = make(map[string]*sync.Pool) + } + enc.writerPools[ae] = &sync.Pool{ + New: func() interface{} { + return e.NewEncoder() + }, + } + return nil +} + // openResponseWriter creates a new response writer that may (or may not) // encode the response with encodingName. The returned response writer MUST // be closed after the handler completes. diff --git a/modules/caddyhttp/encode/gzip/gzip.go b/modules/caddyhttp/encode/gzip/gzip.go index 45c5f54..28b08c2 100644 --- a/modules/caddyhttp/encode/gzip/gzip.go +++ b/modules/caddyhttp/encode/gzip/gzip.go @@ -18,7 +18,9 @@ import ( "compress/flate" "compress/gzip" // TODO: consider using https://github.com/klauspost/compress/gzip "fmt" + "strconv" + "github.com/caddyserver/caddy/caddyconfig/caddyfile" "github.com/caddyserver/caddy/v2" "github.com/caddyserver/caddy/v2/modules/caddyhttp/encode" ) @@ -35,6 +37,22 @@ type Gzip struct { Level int `json:"level,omitempty"` } +// UnmarshalCaddyfile sets up the handler from Caddyfile tokens. +func (g *Gzip) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { + for d.Next() { + if !d.NextArg() { + continue + } + levelStr := d.Val() + level, err := strconv.Atoi(levelStr) + if err != nil { + return err + } + g.Level = level + } + return nil +} + // Provision provisions g's configuration. func (g *Gzip) Provision(ctx caddy.Context) error { if g.Level == 0 { @@ -69,7 +87,8 @@ var defaultGzipLevel = 5 // Interface guards var ( - _ encode.Encoding = (*Gzip)(nil) - _ caddy.Provisioner = (*Gzip)(nil) - _ caddy.Validator = (*Gzip)(nil) + _ encode.Encoding = (*Gzip)(nil) + _ caddy.Provisioner = (*Gzip)(nil) + _ caddy.Validator = (*Gzip)(nil) + _ caddyfile.Unmarshaler = (*Gzip)(nil) ) diff --git a/modules/caddyhttp/encode/zstd/zstd.go b/modules/caddyhttp/encode/zstd/zstd.go index acebff5..1ec2337 100644 --- a/modules/caddyhttp/encode/zstd/zstd.go +++ b/modules/caddyhttp/encode/zstd/zstd.go @@ -15,6 +15,7 @@ package caddyzstd import ( + "github.com/caddyserver/caddy/caddyconfig/caddyfile" "github.com/caddyserver/caddy/v2" "github.com/caddyserver/caddy/v2/modules/caddyhttp/encode" "github.com/klauspost/compress/zstd" @@ -30,6 +31,11 @@ func init() { // Zstd can create Zstandard encoders. type Zstd struct{} +// UnmarshalCaddyfile sets up the handler from Caddyfile tokens. +func (z *Zstd) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { + return nil +} + // AcceptEncoding returns the name of the encoding as // used in the Accept-Encoding request headers. func (Zstd) AcceptEncoding() string { return "zstd" } @@ -40,5 +46,8 @@ func (z Zstd) NewEncoder() encode.Encoder { return writer } -// Interface guard -var _ encode.Encoding = (*Zstd)(nil) +// Interface guards +var ( + _ encode.Encoding = (*Zstd)(nil) + _ caddyfile.Unmarshaler = (*Zstd)(nil) +) diff --git a/modules/caddyhttp/fileserver/caddyfile.go b/modules/caddyhttp/fileserver/caddyfile.go new file mode 100644 index 0000000..49c5728 --- /dev/null +++ b/modules/caddyhttp/fileserver/caddyfile.go @@ -0,0 +1,87 @@ +// Copyright 2015 Matthew Holt and The Caddy Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package fileserver + +import ( + "github.com/caddyserver/caddy/caddyconfig/caddyfile" + "github.com/caddyserver/caddy/caddyconfig/httpcaddyfile" +) + +// UnmarshalCaddyfile sets up the handler from Caddyfile tokens. Syntax: +// +// file_server [<matcher>] [browse] { +// hide <files...> +// index <files...> +// browse [<template_file>] +// root <path> +// } +// +// If browse is given on the first line, it can't be used in the block also. +// The default root is the one given by the root directive. +func (fsrv *FileServer) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { + for d.Next() { + args := d.RemainingArgs() + switch len(args) { + case 0: + case 1: + if args[0] != "browse" { + return d.ArgErr() + } + fsrv.Browse = new(Browse) + default: + return d.ArgErr() + } + + for d.NextBlock() { + switch d.Val() { + case "hide": + fsrv.Hide = d.RemainingArgs() + if len(fsrv.Hide) == 0 { + return d.ArgErr() + } + case "index": + fsrv.IndexNames = d.RemainingArgs() + if len(fsrv.Hide) == 0 { + return d.ArgErr() + } + case "root": + if !d.Args(&fsrv.Root) { + return d.ArgErr() + } + case "browse": + if fsrv.Browse != nil { + return d.Err("browsing is already configured") + } + fsrv.Browse = new(Browse) + d.Args(&fsrv.Browse.TemplateFile) + default: + return d.Errf("unknown subdirective '%s'", d.Val()) + } + } + } + + // if no root was configured explicitly, use site root + if fsrv.Root == "" { + fsrv.Root = "{http.var.root}" + } + + return nil +} + +// Bucket returns the HTTP Caddyfile handler bucket number. +func (fsrv FileServer) Bucket() int { return 7 } + +// Interface guard +var _ httpcaddyfile.HandlerDirective = (*FileServer)(nil) diff --git a/modules/caddyhttp/fileserver/matcher.go b/modules/caddyhttp/fileserver/matcher.go index 17d5c11..c2e38ca 100644 --- a/modules/caddyhttp/fileserver/matcher.go +++ b/modules/caddyhttp/fileserver/matcher.go @@ -20,6 +20,7 @@ import ( "os" "time" + "github.com/caddyserver/caddy/caddyconfig/caddyfile" "github.com/caddyserver/caddy/v2" "github.com/caddyserver/caddy/v2/modules/caddyhttp" ) @@ -51,6 +52,39 @@ type MatchFile struct { TryPolicy string `json:"try_policy,omitempty"` } +// UnmarshalCaddyfile sets up the matcher from Caddyfile tokens. Syntax: +// +// file { +// root <path> +// try_files <files...> +// try_policy <first_exist|smallest_size|largest_size|most_recent_modified> +// } +// +func (m *MatchFile) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { + for d.Next() { + for d.NextBlock() { + switch d.Val() { + case "root": + if !d.NextArg() { + return d.ArgErr() + } + m.Root = d.Val() + case "try_files": + m.TryFiles = d.RemainingArgs() + if len(m.TryFiles) == 0 { + return d.ArgErr() + } + case "try_policy": + if !d.NextArg() { + return d.ArgErr() + } + m.TryPolicy = d.Val() + } + } + } + return nil +} + // Validate ensures m has a valid configuration. func (m MatchFile) Validate() error { switch m.TryPolicy { diff --git a/modules/caddyhttp/fileserver/staticfiles.go b/modules/caddyhttp/fileserver/staticfiles.go index a66b753..1b542cf 100644 --- a/modules/caddyhttp/fileserver/staticfiles.go +++ b/modules/caddyhttp/fileserver/staticfiles.go @@ -48,8 +48,6 @@ type FileServer struct { Hide []string `json:"hide,omitempty"` IndexNames []string `json:"index_names,omitempty"` Browse *Browse `json:"browse,omitempty"` - - // TODO: Content negotiation } // Provision sets up the static files responder. @@ -83,7 +81,7 @@ func (fsrv *FileServer) ServeHTTP(w http.ResponseWriter, r *http.Request, _ cadd filesToHide := fsrv.transformHidePaths(repl) - root := repl.ReplaceAll(fsrv.Root, "") + root := repl.ReplaceAll(fsrv.Root, ".") suffix := repl.ReplaceAll(r.URL.Path, "") filename := sanitizedPathJoin(root, suffix) @@ -302,7 +300,7 @@ func calculateEtag(d os.FileInfo) string { return `"` + t + s + `"` } -var defaultIndexNames = []string{"index.html"} +var defaultIndexNames = []string{"index.html", "index.txt"} var bufPool = sync.Pool{ New: func() interface{} { diff --git a/modules/caddyhttp/headers/caddyfile.go b/modules/caddyhttp/headers/caddyfile.go new file mode 100644 index 0000000..03f9e68 --- /dev/null +++ b/modules/caddyhttp/headers/caddyfile.go @@ -0,0 +1,92 @@ +// Copyright 2015 Matthew Holt and The Caddy Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package headers + +import ( + "net/http" + "strings" + + "github.com/caddyserver/caddy/caddyconfig/caddyfile" + "github.com/caddyserver/caddy/caddyconfig/httpcaddyfile" +) + +// UnmarshalCaddyfile sets up the handler from Caddyfile tokens. Syntax: +// +// headers [<matcher>] [[+|-]<field> <value>] { +// [+][<field>] [<value>] +// [-<field>] +// } +// +// Either a block can be opened or a single header field can be configured +// in the first line, but not both in the same directive. +func (h *Headers) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { + for d.Next() { + // first see if headers are in the initial line + var hasArgs bool + if d.NextArg() { + hasArgs = true + field := d.Val() + d.NextArg() + value := d.Val() + h.processCaddyfileLine(field, value) + } + + // if not, they should be in a block + for d.NextBlock() { + if hasArgs { + return d.Err("cannot specify headers in both arguments and block") + } + field := d.Val() + var value string + if d.NextArg() { + value = d.Val() + } + h.processCaddyfileLine(field, value) + } + } + return nil +} + +func (h *Headers) processCaddyfileLine(field, value string) { + if strings.HasPrefix(field, "+") { + if h.Response == nil { + h.Response = &RespHeaderOps{HeaderOps: new(HeaderOps)} + } + if h.Response.Add == nil { + h.Response.Add = make(http.Header) + } + h.Response.Add.Set(field[1:], value) + } else if strings.HasPrefix(field, "-") { + if h.Response == nil { + h.Response = &RespHeaderOps{HeaderOps: new(HeaderOps)} + } + h.Response.Delete = append(h.Response.Delete, field[1:]) + h.Response.Deferred = true + } else { + if h.Response == nil { + h.Response = &RespHeaderOps{HeaderOps: new(HeaderOps)} + } + if h.Response.Set == nil { + h.Response.Set = make(http.Header) + } + h.Response.Set.Set(field, value) + } +} + +// Bucket returns the HTTP Caddyfile handler bucket number. +func (h Headers) Bucket() int { return 3 } + +// Interface guard +var _ httpcaddyfile.HandlerDirective = (*Headers)(nil) diff --git a/modules/caddyhttp/matchers.go b/modules/caddyhttp/matchers.go index 6c5a23e..72b5476 100644 --- a/modules/caddyhttp/matchers.go +++ b/modules/caddyhttp/matchers.go @@ -28,6 +28,7 @@ import ( "strings" "github.com/caddyserver/caddy/v2" + "github.com/caddyserver/caddy/v2/caddyconfig/caddyfile" "github.com/caddyserver/caddy/v2/pkg/caddyscript" "go.starlark.net/starlark" ) @@ -125,6 +126,12 @@ func init() { }) } +// UnmarshalCaddyfile implements caddyfile.Unmarshaler. +func (m *MatchHost) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { + *m = d.RemainingArgs() + return nil +} + // Match returns true if r matches m. func (m MatchHost) Match(r *http.Request) bool { reqHost, _, err := net.SplitHostPort(r.Host) @@ -177,12 +184,24 @@ func (m MatchPath) Match(r *http.Request) bool { return false } +// UnmarshalCaddyfile implements caddyfile.Unmarshaler. +func (m *MatchPath) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { + *m = d.RemainingArgs() + return nil +} + // Match returns true if r matches m. func (m MatchPathRE) Match(r *http.Request) bool { repl := r.Context().Value(caddy.ReplacerCtxKey).(caddy.Replacer) return m.MatchRegexp.Match(r.URL.Path, repl, "path_regexp") } +// UnmarshalCaddyfile implements caddyfile.Unmarshaler. +func (m *MatchMethod) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { + *m = d.RemainingArgs() + return nil +} + // Match returns true if r matches m. func (m MatchMethod) Match(r *http.Request) bool { for _, method := range m { @@ -193,6 +212,18 @@ func (m MatchMethod) Match(r *http.Request) bool { return false } +// UnmarshalCaddyfile implements caddyfile.Unmarshaler. +func (m *MatchQuery) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { + for d.Next() { + parts := strings.SplitN(d.Val(), "=", 2) + if len(parts) != 2 { + return d.Errf("malformed query matcher token: %s; must be in param=val format", d.Val()) + } + url.Values(*m).Set(parts[0], parts[1]) + } + return nil +} + // Match returns true if r matches m. func (m MatchQuery) Match(r *http.Request) bool { for param, vals := range m { @@ -206,6 +237,18 @@ func (m MatchQuery) Match(r *http.Request) bool { return false } +// UnmarshalCaddyfile implements caddyfile.Unmarshaler. +func (m *MatchHeader) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { + for d.Next() { + var field, val string + if !d.Args(&field, &val) { + return d.Errf("expected both field and value") + } + http.Header(*m).Set(field, val) + } + return nil +} + // Match returns true if r matches m. func (m MatchHeader) Match(r *http.Request) bool { for field, allowedFieldVals := range m { @@ -227,6 +270,21 @@ func (m MatchHeader) Match(r *http.Request) bool { return true } +// UnmarshalCaddyfile implements caddyfile.Unmarshaler. +func (m *MatchHeaderRE) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { + if *m == nil { + *m = make(map[string]*MatchRegexp) + } + for d.Next() { + var field, val string + if !d.Args(&field, &val) { + return d.ArgErr() + } + (*m)[field] = &MatchRegexp{Pattern: val} + } + return nil +} + // Match returns true if r matches m. func (m MatchHeaderRE) Match(r *http.Request) bool { for field, rm := range m { @@ -274,6 +332,16 @@ func (m MatchProtocol) Match(r *http.Request) bool { return false } +// UnmarshalCaddyfile implements caddyfile.Unmarshaler. +func (m *MatchProtocol) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { + var proto string + if !d.Args(&proto) { + return d.Err("expected exactly one protocol") + } + *m = MatchProtocol(proto) + return nil +} + // UnmarshalJSON unmarshals data into m's unexported map field. // This is done because we cannot embed the map directly into // the struct, but we need a struct because we need another @@ -282,6 +350,12 @@ func (m *MatchNegate) UnmarshalJSON(data []byte) error { return json.Unmarshal(data, &m.matchersRaw) } +// UnmarshalCaddyfile implements caddyfile.Unmarshaler. +func (m *MatchNegate) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { + // TODO: figure out how this will work + return nil +} + // Provision loads the matcher modules to be negated. func (m *MatchNegate) Provision(ctx caddy.Context) error { for modName, rawMsg := range m.matchersRaw { @@ -301,6 +375,12 @@ func (m MatchNegate) Match(r *http.Request) bool { return !m.matchers.Match(r) } +// UnmarshalCaddyfile implements caddyfile.Unmarshaler. +func (m *MatchRemoteIP) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { + m.Ranges = d.RemainingArgs() + return nil +} + // Provision parses m's IP ranges, either from IP or CIDR expressions. func (m *MatchRemoteIP) Provision(ctx caddy.Context) error { for _, str := range m.Ranges { @@ -379,7 +459,7 @@ func (m MatchStarlarkExpr) Match(r *http.Request) bool { // MatchRegexp is an embeddable type for matching // using regular expressions. type MatchRegexp struct { - Name string `json:"name"` + Name string `json:"name,omitempty"` Pattern string `json:"pattern"` compiled *regexp.Regexp } @@ -431,6 +511,14 @@ func (mre *MatchRegexp) Match(input string, repl caddy.Replacer, scope string) b return true } +// UnmarshalCaddyfile implements caddyfile.Unmarshaler. +func (mre *MatchRegexp) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { + if !d.Args(&mre.Name, &mre.Pattern) { + return fmt.Errorf("missing arguments") + } + return nil +} + // ResponseMatcher is a type which can determine if a given response // status code and its headers match some criteria. type ResponseMatcher struct { @@ -506,4 +594,14 @@ var ( _ caddy.Provisioner = (*MatchNegate)(nil) _ RequestMatcher = (*MatchStarlarkExpr)(nil) _ caddy.Provisioner = (*MatchRegexp)(nil) + + _ caddyfile.Unmarshaler = (*MatchHost)(nil) + _ caddyfile.Unmarshaler = (*MatchPath)(nil) + _ caddyfile.Unmarshaler = (*MatchPathRE)(nil) + _ caddyfile.Unmarshaler = (*MatchMethod)(nil) + _ caddyfile.Unmarshaler = (*MatchQuery)(nil) + _ caddyfile.Unmarshaler = (*MatchHeader)(nil) + _ caddyfile.Unmarshaler = (*MatchHeaderRE)(nil) + _ caddyfile.Unmarshaler = (*MatchProtocol)(nil) + _ caddyfile.Unmarshaler = (*MatchRemoteIP)(nil) ) diff --git a/modules/caddyhttp/replacer.go b/modules/caddyhttp/replacer.go index 439d245..cc29789 100644 --- a/modules/caddyhttp/replacer.go +++ b/modules/caddyhttp/replacer.go @@ -15,6 +15,7 @@ package caddyhttp import ( + "fmt" "net" "net/http" "net/textproto" @@ -28,6 +29,7 @@ import ( func addHTTPVarsToReplacer(repl caddy.Replacer, req *http.Request, w http.ResponseWriter) { httpVars := func(key string) (string, bool) { if req != nil { + // query string parameters if strings.HasPrefix(key, queryReplPrefix) { vals := req.URL.Query()[key[len(queryReplPrefix):]] // always return true, since the query param might @@ -35,6 +37,7 @@ func addHTTPVarsToReplacer(repl caddy.Replacer, req *http.Request, w http.Respon return strings.Join(vals, ","), true } + // request header fields if strings.HasPrefix(key, reqHeaderReplPrefix) { field := key[len(reqHeaderReplPrefix):] vals := req.Header[textproto.CanonicalMIMEHeaderKey(field)] @@ -43,6 +46,7 @@ func addHTTPVarsToReplacer(repl caddy.Replacer, req *http.Request, w http.Respon return strings.Join(vals, ","), true } + // cookies if strings.HasPrefix(key, cookieReplPrefix) { name := key[len(cookieReplPrefix):] for _, cookie := range req.Cookies() { @@ -87,14 +91,7 @@ func addHTTPVarsToReplacer(repl caddy.Replacer, req *http.Request, w http.Respon return req.URL.RawQuery, true } - if strings.HasPrefix(key, respHeaderReplPrefix) { - field := key[len(respHeaderReplPrefix):] - vals := w.Header()[textproto.CanonicalMIMEHeaderKey(field)] - // always return true, since the header field might - // be present only in some requests - return strings.Join(vals, ","), true - } - + // hostname labels if strings.HasPrefix(key, hostLabelReplPrefix) { idxStr := key[len(hostLabelReplPrefix):] idx, err := strconv.Atoi(idxStr) @@ -111,6 +108,7 @@ func addHTTPVarsToReplacer(repl caddy.Replacer, req *http.Request, w http.Respon return hostLabels[idx], true } + // path parts if strings.HasPrefix(key, pathPartsReplPrefix) { idxStr := key[len(pathPartsReplPrefix):] idx, err := strconv.Atoi(idxStr) @@ -129,9 +127,31 @@ func addHTTPVarsToReplacer(repl caddy.Replacer, req *http.Request, w http.Respon } return pathParts[idx], true } + + // middleware variables + if strings.HasPrefix(key, varsReplPrefix) { + varName := key[len(varsReplPrefix):] + tbl := req.Context().Value(VarCtxKey).(map[string]interface{}) + raw, ok := tbl[varName] + if !ok { + // variables can be dynamic, so always return true + // even when it may not be set; treat as empty + return "", true + } + // do our best to convert it to a string efficiently + switch val := raw.(type) { + case string: + return val, true + case fmt.Stringer: + return val.String(), true + default: + return fmt.Sprintf("%s", val), true + } + } } if w != nil { + // response header fields if strings.HasPrefix(key, respHeaderReplPrefix) { field := key[len(respHeaderReplPrefix):] vals := w.Header()[textproto.CanonicalMIMEHeaderKey(field)] @@ -153,5 +173,6 @@ const ( cookieReplPrefix = "http.request.cookie." hostLabelReplPrefix = "http.request.host.labels." pathPartsReplPrefix = "http.request.uri.path." + varsReplPrefix = "http.var." respHeaderReplPrefix = "http.response.header." ) diff --git a/modules/caddyhttp/reverseproxy/module.go b/modules/caddyhttp/reverseproxy/module.go index 2e6a338..0bae58e 100755 --- a/modules/caddyhttp/reverseproxy/module.go +++ b/modules/caddyhttp/reverseproxy/module.go @@ -15,6 +15,8 @@ package reverseproxy import ( + "github.com/caddyserver/caddy/caddyconfig/caddyfile" + "github.com/caddyserver/caddy/caddyconfig/httpcaddyfile" "github.com/caddyserver/caddy/v2" ) @@ -25,3 +27,27 @@ func init() { New: func() interface{} { return new(LoadBalanced) }, }) } + +// UnmarshalCaddyfile sets up the handler from Caddyfile tokens. Syntax: +// +// proxy [<matcher>] <to> +// +// TODO: This needs to be finished. It definitely needs to be able to open a block... +func (lb *LoadBalanced) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { + for d.Next() { + allTo := d.RemainingArgs() + if len(allTo) == 0 { + return d.ArgErr() + } + for _, to := range allTo { + lb.Upstreams = append(lb.Upstreams, &UpstreamConfig{Host: to}) + } + } + return nil +} + +// Bucket returns the HTTP Caddyfile handler bucket number. +func (*LoadBalanced) Bucket() int { return 7 } + +// Interface guard +var _ httpcaddyfile.HandlerDirective = (*LoadBalanced)(nil) diff --git a/modules/caddyhttp/reverseproxy/upstream.go b/modules/caddyhttp/reverseproxy/upstream.go index 10df80b..1f0693e 100755 --- a/modules/caddyhttp/reverseproxy/upstream.go +++ b/modules/caddyhttp/reverseproxy/upstream.go @@ -179,21 +179,21 @@ type LoadBalanced struct { // The following struct fields are set by caddy configuration. // TryInterval is the max duration for which request retrys will be performed for a request. - TryInterval string `json:"try_interval"` + TryInterval string `json:"try_interval,omitempty"` // Upstreams are the configs for upstream hosts - Upstreams []*UpstreamConfig `json:"upstreams"` + Upstreams []*UpstreamConfig `json:"upstreams,omitempty"` // LoadBalanceType is the string representation of what loadbalancing algorithm to use. i.e. "random" or "round_robin". - LoadBalanceType string `json:"load_balance_type"` + LoadBalanceType string `json:"load_balance_type,omitempty"` // NoHealthyUpstreamsMessage is returned as a response when there are no healthy upstreams to loadbalance to. - NoHealthyUpstreamsMessage string `json:"no_healthy_upstreams_message"` + NoHealthyUpstreamsMessage string `json:"no_healthy_upstreams_message,omitempty"` // TODO :- store healthcheckers as package level state where each upstream gets a single healthchecker // currently a healthchecker is created for each upstream defined, even if a healthchecker was previously created // for that upstream - HealthCheckers []*HealthChecker + HealthCheckers []*HealthChecker `json:"health_checkers,omitempty"` } // Cleanup stops all health checkers on a loadbalanced reverse proxy. @@ -320,22 +320,22 @@ func (lb *LoadBalanced) random() *upstream { // UpstreamConfig represents the config of an upstream. type UpstreamConfig struct { // Host is the host name of the upstream server. - Host string `json:"host"` + Host string `json:"host,omitempty"` // FastHealthCheckDuration is the duration for which a health check is performed when a node is considered unhealthy. - FastHealthCheckDuration string `json:"fast_health_check_duration"` + FastHealthCheckDuration string `json:"fast_health_check_duration,omitempty"` - CircuitBreaker json.RawMessage `json:"circuit_breaker"` + CircuitBreaker json.RawMessage `json:"circuit_breaker,omitempty"` // // CircuitBreakerConfig is the config passed to setup a circuit breaker. - // CircuitBreakerConfig *circuitbreaker.Config `json:"circuit_breaker"` + // CircuitBreakerConfig *circuitbreaker.Config `json:"circuit_breaker,omitempty"` circuitbreaker CircuitBreaker // HealthCheckDuration is the default duration for which a health check is performed. - HealthCheckDuration string `json:"health_check_duration"` + HealthCheckDuration string `json:"health_check_duration,omitempty"` // HealthCheckPath is the path at the upstream host to use for healthchecks. - HealthCheckPath string `json:"health_check_path"` + HealthCheckPath string `json:"health_check_path,omitempty"` } // upstream represents an upstream host. diff --git a/modules/caddyhttp/rewrite/caddyfile.go b/modules/caddyhttp/rewrite/caddyfile.go new file mode 100644 index 0000000..e2111a2 --- /dev/null +++ b/modules/caddyhttp/rewrite/caddyfile.go @@ -0,0 +1,38 @@ +// Copyright 2015 Matthew Holt and The Caddy Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package rewrite + +import ( + "github.com/caddyserver/caddy/caddyconfig/caddyfile" + "github.com/caddyserver/caddy/caddyconfig/httpcaddyfile" +) + +// UnmarshalCaddyfile sets up the handler from Caddyfile tokens. Syntax: +// +// rewrite [<matcher>] <to> +// +// The <to> parameter becomes the new URI. +func (rewr *Rewrite) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { + for d.Next() { + rewr.URI = d.Val() + } + return nil +} + +// Bucket returns the HTTP Caddyfile handler bucket number. +func (rewr Rewrite) Bucket() int { return 1 } + +// Interface guard +var _ httpcaddyfile.HandlerDirective = (*Rewrite)(nil) diff --git a/modules/caddyhttp/routes.go b/modules/caddyhttp/routes.go index b0672b1..ffa7ce7 100644 --- a/modules/caddyhttp/routes.go +++ b/modules/caddyhttp/routes.go @@ -22,10 +22,10 @@ import ( "github.com/caddyserver/caddy/v2" ) -// ServerRoute represents a set of matching rules, +// Route represents a set of matching rules, // middlewares, and a responder for handling HTTP // requests. -type ServerRoute struct { +type Route struct { Group string `json:"group,omitempty"` MatcherSets []map[string]json.RawMessage `json:"match,omitempty"` Handle []json.RawMessage `json:"handle,omitempty"` @@ -37,22 +37,22 @@ type ServerRoute struct { } // Empty returns true if the route has all zero/default values. -func (sr ServerRoute) Empty() bool { - return len(sr.MatcherSets) == 0 && - len(sr.Handle) == 0 && - len(sr.handlers) == 0 && - !sr.Terminal && - sr.Group == "" +func (r Route) Empty() bool { + return len(r.MatcherSets) == 0 && + len(r.Handle) == 0 && + len(r.handlers) == 0 && + !r.Terminal && + r.Group == "" } -func (sr ServerRoute) anyMatcherSetMatches(r *http.Request) bool { - for _, ms := range sr.matcherSets { - if ms.Match(r) { +func (r Route) anyMatcherSetMatches(req *http.Request) bool { + for _, ms := range r.matcherSets { + if ms.Match(req) { return true } } // if no matchers, always match - return len(sr.matcherSets) == 0 + return len(r.matcherSets) == 0 } // MatcherSet is a set of matchers which @@ -73,7 +73,7 @@ func (mset MatcherSet) Match(r *http.Request) bool { // RouteList is a list of server routes that can // create a middleware chain. -type RouteList []ServerRoute +type RouteList []Route // Provision sets up all the routes by loading the modules. func (routes RouteList) Provision(ctx caddy.Context) error { diff --git a/modules/caddyhttp/server.go b/modules/caddyhttp/server.go index d79d8d3..f820f71 100644 --- a/modules/caddyhttp/server.go +++ b/modules/caddyhttp/server.go @@ -57,7 +57,7 @@ func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) { repl := caddy.NewReplacer() ctx := context.WithValue(r.Context(), caddy.ReplacerCtxKey, repl) ctx = context.WithValue(ctx, ServerCtxKey, s) - ctx = context.WithValue(ctx, TableCtxKey, make(map[string]interface{})) // TODO: Implement this + ctx = context.WithValue(ctx, VarCtxKey, make(map[string]interface{})) r = r.WithContext(ctx) // once the pointer to the request won't change @@ -201,6 +201,14 @@ type AutoHTTPSConfig struct { // that certificates will not be provisioned and managed // for these names. SkipCerts []string `json:"skip_certificates,omitempty"` + + // By default, automatic HTTPS will obtain and renew + // certificates for qualifying hostnames. However, if + // a certificate with a matching SAN is already loaded + // into the cache, certificate management will not be + // enabled. To force automated certificate management + // regardless of loaded certificates, set this to true. + IgnoreLoadedCerts bool `json:"ignore_loaded_certificates,omitempty"` } // Skipped returns true if name is in skipSlice, which @@ -225,6 +233,6 @@ const ( // For referencing the server instance ServerCtxKey caddy.CtxKey = "server" - // For the request's variable table (TODO: implement this) - TableCtxKey caddy.CtxKey = "table" + // For the request's variable table + VarCtxKey caddy.CtxKey = "vars" ) diff --git a/modules/caddyhttp/staticerror.go b/modules/caddyhttp/staticerror.go index 3a8e8bc..1834cf7 100644 --- a/modules/caddyhttp/staticerror.go +++ b/modules/caddyhttp/staticerror.go @@ -18,7 +18,6 @@ import ( "fmt" "net/http" "strconv" - "strings" "github.com/caddyserver/caddy/v2" ) @@ -33,7 +32,7 @@ func init() { // StaticError implements a simple handler that returns an error. type StaticError struct { Error string `json:"error,omitempty"` - StatusCode weakString `json:"status_code,omitempty"` + StatusCode WeakString `json:"status_code,omitempty"` } func (e StaticError) ServeHTTP(w http.ResponseWriter, r *http.Request, _ Handler) error { @@ -53,43 +52,3 @@ func (e StaticError) ServeHTTP(w http.ResponseWriter, r *http.Request, _ Handler // Interface guard var _ MiddlewareHandler = (*StaticError)(nil) - -// weakString is a type that unmarshals any JSON value -// as a string literal, and provides methods for -// getting the value as different primitive types. -// However, using this type removes any type safety -// as far as deserializing JSON is concerned. -type weakString string - -// UnmarshalJSON satisfies json.Unmarshaler. It -// unmarshals b by always interpreting it as a -// string literal. -func (ws *weakString) UnmarshalJSON(b []byte) error { - *ws = weakString(strings.Trim(string(b), `"`)) - return nil -} - -// Int returns ws as an integer. If ws is not an -// integer, 0 is returned. -func (ws weakString) Int() int { - num, _ := strconv.Atoi(string(ws)) - return num -} - -// Float64 returns ws as a float64. If ws is not a -// float value, the zero value is returned. -func (ws weakString) Float64() float64 { - num, _ := strconv.ParseFloat(string(ws), 64) - return num -} - -// Bool returns ws as a boolean. If ws is not a -// boolean, false is returned. -func (ws weakString) Bool() bool { - return string(ws) == "true" -} - -// String returns ws as a string. -func (ws weakString) String() string { - return string(ws) -} diff --git a/modules/caddyhttp/staticresp.go b/modules/caddyhttp/staticresp.go index 291d992..cafee35 100644 --- a/modules/caddyhttp/staticresp.go +++ b/modules/caddyhttp/staticresp.go @@ -20,6 +20,7 @@ import ( "strconv" "github.com/caddyserver/caddy/v2" + "github.com/caddyserver/caddy/v2/caddyconfig/caddyfile" ) func init() { @@ -31,12 +32,48 @@ func init() { // StaticResponse implements a simple responder for static responses. type StaticResponse struct { - StatusCode weakString `json:"status_code"` - Headers http.Header `json:"headers"` - Body string `json:"body"` - Close bool `json:"close"` + StatusCode WeakString `json:"status_code,omitempty"` + Headers http.Header `json:"headers,omitempty"` + Body string `json:"body,omitempty"` + Close bool `json:"close,omitempty"` } +// UnmarshalCaddyfile sets up the handler from Caddyfile tokens. Syntax: +// +// static_response [<matcher>] <status> { +// body <text> +// close +// } +// +func (s *StaticResponse) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { + for d.Next() { + var statusCodeStr string + if d.Args(&statusCodeStr) { + s.StatusCode = WeakString(statusCodeStr) + } + for d.NextBlock() { + switch d.Val() { + case "body": + if s.Body != "" { + return d.Err("body already specified") + } + if !d.Args(&s.Body) { + return d.ArgErr() + } + case "close": + if s.Close { + return d.Err("close already specified") + } + s.Close = true + } + } + } + return nil +} + +// Bucket returns the HTTP Caddyfile handler bucket number. +func (StaticResponse) Bucket() int { return 7 } + func (s StaticResponse) ServeHTTP(w http.ResponseWriter, r *http.Request, _ Handler) error { repl := r.Context().Value(caddy.ReplacerCtxKey).(caddy.Replacer) diff --git a/modules/caddyhttp/staticresp_test.go b/modules/caddyhttp/staticresp_test.go index 49adedd..cd0d1a1 100644 --- a/modules/caddyhttp/staticresp_test.go +++ b/modules/caddyhttp/staticresp_test.go @@ -30,7 +30,7 @@ func TestStaticResponseHandler(t *testing.T) { w := httptest.NewRecorder() s := StaticResponse{ - StatusCode: weakString(strconv.Itoa(http.StatusNotFound)), + StatusCode: WeakString(strconv.Itoa(http.StatusNotFound)), Headers: http.Header{ "X-Test": []string{"Testing"}, }, diff --git a/modules/caddyhttp/table.go b/modules/caddyhttp/table.go deleted file mode 100644 index 5b1fed5..0000000 --- a/modules/caddyhttp/table.go +++ /dev/null @@ -1,55 +0,0 @@ -// Copyright 2015 Matthew Holt and The Caddy Authors -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package caddyhttp - -import ( - "net/http" - - "github.com/caddyserver/caddy/v2" -) - -func init() { - caddy.RegisterModule(caddy.Module{ - Name: "http.handlers.table", - New: func() interface{} { return new(tableMiddleware) }, - }) - - caddy.RegisterModule(caddy.Module{ - Name: "http.matchers.table", - New: func() interface{} { return new(tableMatcher) }, - }) -} - -type tableMiddleware struct { -} - -func (t tableMiddleware) ServeHTTP(w http.ResponseWriter, r *http.Request, next Handler) error { - // tbl := r.Context().Value(TableCtxKey).(map[string]interface{}) - - // TODO: implement this... - - return nil -} - -type tableMatcher struct { -} - -func (m tableMatcher) Match(r *http.Request) bool { - return false // TODO: implement -} - -// Interface guards -var _ MiddlewareHandler = (*tableMiddleware)(nil) -var _ RequestMatcher = (*tableMatcher)(nil) diff --git a/modules/caddyhttp/templates/caddyfile.go b/modules/caddyhttp/templates/caddyfile.go new file mode 100644 index 0000000..50bb3f8 --- /dev/null +++ b/modules/caddyhttp/templates/caddyfile.go @@ -0,0 +1,63 @@ +// Copyright 2015 Matthew Holt and The Caddy Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package templates + +import ( + "github.com/caddyserver/caddy/caddyconfig/caddyfile" + "github.com/caddyserver/caddy/caddyconfig/httpcaddyfile" +) + +// UnmarshalCaddyfile sets up the handler from Caddyfile tokens. Syntax: +// +// templates [<matcher>] { +// mime <types...> +// between <open_delim> <close_delim> +// root <path> +// } +// +func (t *Templates) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { + for d.Next() { + for d.NextBlock() { + switch d.Val() { + case "mime": + t.MIMETypes = d.RemainingArgs() + if len(t.MIMETypes) == 0 { + return d.ArgErr() + } + case "between": + t.Delimiters = d.RemainingArgs() + if len(t.Delimiters) != 2 { + return d.ArgErr() + } + case "root": + if !d.Args(&t.IncludeRoot) { + return d.ArgErr() + } + } + } + } + + if t.IncludeRoot == "" { + t.IncludeRoot = "{http.var.root}" + } + + return nil +} + +// Bucket returns the HTTP Caddyfile handler bucket number. +func (t Templates) Bucket() int { return 5 } + +// Interface guard +var _ httpcaddyfile.HandlerDirective = (*Templates)(nil) diff --git a/modules/caddyhttp/templates/templates.go b/modules/caddyhttp/templates/templates.go index 9a41b6d..442e177 100644 --- a/modules/caddyhttp/templates/templates.go +++ b/modules/caddyhttp/templates/templates.go @@ -108,7 +108,8 @@ func (t *Templates) ServeHTTP(w http.ResponseWriter, r *http.Request, next caddy func (t *Templates) executeTemplate(rr caddyhttp.ResponseRecorder, r *http.Request) error { var fs http.FileSystem if t.IncludeRoot != "" { - fs = http.Dir(t.IncludeRoot) + repl := r.Context().Value(caddy.ReplacerCtxKey).(caddy.Replacer) + fs = http.Dir(repl.ReplaceAll(t.IncludeRoot, ".")) } ctx := &templateContext{ diff --git a/modules/caddyhttp/templates/tplcontext.go b/modules/caddyhttp/templates/tplcontext.go index ffcc636..a51e54b 100644 --- a/modules/caddyhttp/templates/tplcontext.go +++ b/modules/caddyhttp/templates/tplcontext.go @@ -136,19 +136,6 @@ func (c templateContext) Cookie(name string) string { return "" } -// Hostname gets the (remote) hostname of the client making the request. -// Performance warning: This involves a DNS lookup. -func (c templateContext) Hostname() string { - ip := c.RemoteIP() - - hostnameList, err := net.LookupAddr(ip) - if err != nil || len(hostnameList) == 0 { - return c.Req.RemoteAddr - } - - return hostnameList[0] -} - // RemoteIP gets the IP address of the client making the request. func (c templateContext) RemoteIP() string { ip, _, err := net.SplitHostPort(c.Req.RemoteAddr) diff --git a/modules/caddyhttp/vars.go b/modules/caddyhttp/vars.go new file mode 100644 index 0000000..f74556a --- /dev/null +++ b/modules/caddyhttp/vars.go @@ -0,0 +1,71 @@ +// Copyright 2015 Matthew Holt and The Caddy Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package caddyhttp + +import ( + "net/http" + + "github.com/caddyserver/caddy/v2" +) + +func init() { + caddy.RegisterModule(caddy.Module{ + Name: "http.handlers.vars", + New: func() interface{} { return new(VarsMiddleware) }, + }) + caddy.RegisterModule(caddy.Module{ + Name: "http.matchers.vars", + New: func() interface{} { return new(VarsMiddleware) }, + }) +} + +// VarsMiddleware is an HTTP middleware which sets variables +// in the context, mainly for use by placeholders. +type VarsMiddleware map[string]string + +func (t VarsMiddleware) ServeHTTP(w http.ResponseWriter, r *http.Request, next Handler) error { + vars := r.Context().Value(VarCtxKey).(map[string]interface{}) + repl := r.Context().Value(caddy.ReplacerCtxKey).(caddy.Replacer) + for k, v := range t { + keyExpanded := repl.ReplaceAll(k, "") + valExpanded := repl.ReplaceAll(v, "") + vars[keyExpanded] = valExpanded + } + return next.ServeHTTP(w, r) +} + +// VarsMatcher is an HTTP request matcher which can match +// requests based on variables in the context. +type VarsMatcher map[string]string + +// Match matches a request based on variables in the context. +func (m VarsMatcher) Match(r *http.Request) bool { + vars := r.Context().Value(VarCtxKey).(map[string]string) + repl := r.Context().Value(caddy.ReplacerCtxKey).(caddy.Replacer) + for k, v := range m { + keyExpanded := repl.ReplaceAll(k, "") + valExpanded := repl.ReplaceAll(v, "") + if vars[keyExpanded] != valExpanded { + return false + } + } + return true +} + +// Interface guards +var ( + _ MiddlewareHandler = (*VarsMiddleware)(nil) + _ RequestMatcher = (*VarsMatcher)(nil) +) diff --git a/modules/caddytls/connpolicy.go b/modules/caddytls/connpolicy.go index 8cb6ffe..e061281 100644 --- a/modules/caddytls/connpolicy.go +++ b/modules/caddytls/connpolicy.go @@ -172,7 +172,7 @@ func (p *ConnectionPolicy) buildStandardTLSConfig(ctx caddy.Context) error { // add all the cipher suites in order, without duplicates cipherSuitesAdded := make(map[uint16]struct{}) for _, csName := range p.CipherSuites { - csID := supportedCipherSuites[csName] + csID := SupportedCipherSuites[csName] if _, ok := cipherSuitesAdded[csID]; !ok { cipherSuitesAdded[csID] = struct{}{} cfg.CipherSuites = append(cfg.CipherSuites, csID) @@ -182,7 +182,7 @@ func (p *ConnectionPolicy) buildStandardTLSConfig(ctx caddy.Context) error { // add all the curve preferences in order, without duplicates curvesAdded := make(map[tls.CurveID]struct{}) for _, curveName := range p.Curves { - curveID := supportedCurves[curveName] + curveID := SupportedCurves[curveName] if _, ok := curvesAdded[curveID]; !ok { curvesAdded[curveID] = struct{}{} cfg.CurvePreferences = append(cfg.CurvePreferences, curveID) @@ -203,10 +203,10 @@ func (p *ConnectionPolicy) buildStandardTLSConfig(ctx caddy.Context) error { // min and max protocol versions if p.ProtocolMin != "" { - cfg.MinVersion = supportedProtocols[p.ProtocolMin] + cfg.MinVersion = SupportedProtocols[p.ProtocolMin] } if p.ProtocolMax != "" { - cfg.MaxVersion = supportedProtocols[p.ProtocolMax] + cfg.MaxVersion = SupportedProtocols[p.ProtocolMax] } if p.ProtocolMin > p.ProtocolMax { return fmt.Errorf("protocol min (%x) cannot be greater than protocol max (%x)", p.ProtocolMin, p.ProtocolMax) diff --git a/modules/caddytls/fileloader.go b/modules/caddytls/fileloader.go index 5f277c8..7a0d14d 100644 --- a/modules/caddytls/fileloader.go +++ b/modules/caddytls/fileloader.go @@ -25,12 +25,12 @@ import ( func init() { caddy.RegisterModule(caddy.Module{ Name: "tls.certificates.load_files", - New: func() interface{} { return fileLoader{} }, + New: func() interface{} { return FileLoader{} }, }) } -// fileLoader loads certificates and their associated keys from disk. -type fileLoader []CertKeyFilePair +// FileLoader loads certificates and their associated keys from disk. +type FileLoader []CertKeyFilePair // CertKeyFilePair pairs certificate and key file names along with their // encoding format so that they can be loaded from disk. @@ -42,7 +42,7 @@ type CertKeyFilePair struct { } // LoadCertificates returns the certificates to be loaded by fl. -func (fl fileLoader) LoadCertificates() ([]Certificate, error) { +func (fl FileLoader) LoadCertificates() ([]Certificate, error) { var certs []Certificate for _, pair := range fl { certData, err := ioutil.ReadFile(pair.Certificate) @@ -73,4 +73,4 @@ func (fl fileLoader) LoadCertificates() ([]Certificate, error) { } // Interface guard -var _ CertificateLoader = (fileLoader)(nil) +var _ CertificateLoader = (FileLoader)(nil) diff --git a/modules/caddytls/folderloader.go b/modules/caddytls/folderloader.go index 24a7fbb..ae7f056 100644 --- a/modules/caddytls/folderloader.go +++ b/modules/caddytls/folderloader.go @@ -30,20 +30,20 @@ import ( func init() { caddy.RegisterModule(caddy.Module{ Name: "tls.certificates.load_folders", - New: func() interface{} { return folderLoader{} }, + New: func() interface{} { return FolderLoader{} }, }) } -// folderLoader loads certificates and their associated keys from disk +// FolderLoader loads certificates and their associated keys from disk // by recursively walking the specified directories, looking for PEM // files which contain both a certificate and a key. -type folderLoader []string +type FolderLoader []string // LoadCertificates loads all the certificates+keys in the directories // listed in fl from all files ending with .pem. This method of loading // certificates expects the certificate and key to be bundled into the // same file. -func (fl folderLoader) LoadCertificates() ([]Certificate, error) { +func (fl FolderLoader) LoadCertificates() ([]Certificate, error) { var certs []Certificate for _, dir := range fl { err := filepath.Walk(dir, func(fpath string, info os.FileInfo, err error) error { @@ -135,4 +135,4 @@ func x509CertFromCertAndKeyPEMFile(fpath string) (tls.Certificate, error) { return cert, nil } -var _ CertificateLoader = (folderLoader)(nil) +var _ CertificateLoader = (FolderLoader)(nil) diff --git a/modules/caddytls/sessiontickets.go b/modules/caddytls/sessiontickets.go index c47f823..2eb0773 100644 --- a/modules/caddytls/sessiontickets.go +++ b/modules/caddytls/sessiontickets.go @@ -29,7 +29,7 @@ import ( // SessionTicketService configures and manages TLS session tickets. type SessionTicketService struct { KeySource json.RawMessage `json:"key_source,omitempty"` - RotationInterval caddy.Duration `json:"rotation_interval,omitempty"` + RotationInterval caddy.Duration `json:"rotation_interval,omitempty"` MaxKeys int `json:"max_keys,omitempty"` DisableRotation bool `json:"disable_rotation,omitempty"` Disabled bool `json:"disabled,omitempty"` diff --git a/modules/caddytls/tls.go b/modules/caddytls/tls.go index e70fbd1..ec16995 100644 --- a/modules/caddytls/tls.go +++ b/modules/caddytls/tls.go @@ -45,8 +45,8 @@ func init() { // TLS represents a process-wide TLS configuration. type TLS struct { Certificates map[string]json.RawMessage `json:"certificates,omitempty"` - Automation AutomationConfig `json:"automation,omitempty"` - SessionTickets SessionTicketService `json:"session_tickets,omitempty"` + Automation AutomationConfig `json:"automation"` + SessionTickets SessionTicketService `json:"session_tickets"` certificateLoaders []CertificateLoader certCache *certmagic.Cache @@ -105,16 +105,12 @@ func (t *TLS) Provision(ctx caddy.Context) error { onDemandRateLimiter.SetLimit(0) } - return nil -} - -// Start activates the TLS module. -func (t *TLS) Start() error { + // load manual/static (unmanaged) certificates - we do this in + // provision so that other apps (such as http) can know which + // certificates have been manually loaded magic := certmagic.New(t.certCache, certmagic.Config{ - Storage: t.ctx.Storage(), + Storage: ctx.Storage(), }) - - // load manual/static (unmanaged) certificates for _, loader := range t.certificateLoaders { certs, err := loader.LoadCertificates() if err != nil { @@ -128,6 +124,11 @@ func (t *TLS) Start() error { } } + return nil +} + +// Start activates the TLS module. +func (t *TLS) Start() error { // load automated (managed) certificates if automatedRawMsg, ok := t.Certificates[automateKey]; ok { var names []string @@ -204,6 +205,12 @@ func (t *TLS) getAutomationPolicyForName(name string) AutomationPolicy { return AutomationPolicy{Management: mgmt} } +// CertificatesWithSAN returns the list of all certificates +// in the cache the match the given SAN value. +func (t *TLS) CertificatesWithSAN(san string) []certmagic.Certificate { + return t.certCache.CertificatesWithSAN(san) +} + // CertificateLoader is a type that can load certificates. // Certificates can optionally be associated with tags. type CertificateLoader interface { diff --git a/modules/caddytls/values.go b/modules/caddytls/values.go index 0c62058..b10fe22 100644 --- a/modules/caddytls/values.go +++ b/modules/caddytls/values.go @@ -22,12 +22,16 @@ import ( "github.com/klauspost/cpuid" ) -// supportedCipherSuites is the unordered map of cipher suite +// SupportedCipherSuites is the unordered map of cipher suite // string names to their definition in crypto/tls. All values // should be IANA-reserved names. See // https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml +// Two of the cipher suite constants in the standard lib do not use the +// full IANA name, but we do; see: +// https://github.com/golang/go/issues/32061 and +// https://github.com/golang/go/issues/30325#issuecomment-512862374. // TODO: might not be needed much longer: https://github.com/golang/go/issues/30325 -var supportedCipherSuites = map[string]uint16{ +var SupportedCipherSuites = map[string]uint16{ "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384": tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384": tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256": tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, @@ -84,22 +88,24 @@ func getOptimalDefaultCipherSuites() []uint16 { return defaultCipherSuitesWithoutAESNI } -// supportedCurves is the unordered map of supported curves. +// SupportedCurves is the unordered map of supported curves. // https://golang.org/pkg/crypto/tls/#CurveID -var supportedCurves = map[string]tls.CurveID{ - "X25519": tls.X25519, - "P256": tls.CurveP256, - "P384": tls.CurveP384, - "P521": tls.CurveP521, +var SupportedCurves = map[string]tls.CurveID{ + // TODO: Use IANA names, probably? see https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8 + // All named crypto/elliptic curves have secpXXXr1 IANA names. + "x25519": tls.X25519, // x25519, 29 + "p256": tls.CurveP256, // secp256r1, 23 + "p384": tls.CurveP384, // secp384r1, 24 + "p521": tls.CurveP521, // secp521r1, 25 } // supportedCertKeyTypes is all the key types that are supported // for certificates that are obtained through ACME. var supportedCertKeyTypes = map[string]certcrypto.KeyType{ - "RSA2048": certcrypto.RSA2048, - "RSA4096": certcrypto.RSA4096, - "P256": certcrypto.EC256, - "P384": certcrypto.EC384, + "rsa_2048": certcrypto.RSA2048, + "rsa_4096": certcrypto.RSA4096, + "ec_p256": certcrypto.EC256, + "ec_p384": certcrypto.EC384, } // defaultCurves is the list of only the curves we want to use @@ -115,9 +121,9 @@ var defaultCurves = []tls.CurveID{ tls.CurveP256, } -// supportedProtocols is a map of supported protocols. -// HTTP/2 only supports TLS 1.2 and higher. -var supportedProtocols = map[string]uint16{ +// SupportedProtocols is a map of supported protocols. +// Note that HTTP/2 only supports TLS 1.2 and higher. +var SupportedProtocols = map[string]uint16{ "tls1.0": tls.VersionTLS10, "tls1.1": tls.VersionTLS11, "tls1.2": tls.VersionTLS12, |