diff --git a/main.go b/main.go index 22690d9..dfb700d 100644 --- a/main.go +++ b/main.go @@ -22,16 +22,18 @@ func main() { keyPath := flag.String("key", "", "Path to the private (client mode) or public (server mode) to use") + simulateCaddy := flag.Bool("caddy", false, "Simulate caddy reverse proxy") + flag.Parse() if *useClient { - runClient(keyPath) + runClient(keyPath, *simulateCaddy) } else { - runServer(keyPath) + runServer(keyPath, *simulateCaddy) } } -func runClient(keyFile *string) { +func runClient(keyFile *string, simulateCaddy bool) { testData := map[string]string{"hello": "world"} json_data, _ := json.Marshal(testData) @@ -49,7 +51,9 @@ func runClient(keyFile *string) { id := digest.FromBytes(json_data) - req, err := http.NewRequest("POST", "http://localhost:8080/post", bytes.NewBuffer(json_data)) + var req *http.Request + + req, err = http.NewRequest("POST", "http://localhost:8080/post", bytes.NewBuffer(json_data)) if err != nil { log.Fatal(err) @@ -58,6 +62,11 @@ func runClient(keyFile *string) { req.Header.Add("Content-Digest", string(id.Algorithm())+"="+id.Encoded()) req.Header.Add("Content-Type", "application/json") + if simulateCaddy { + req.Header.Add("X-Forwarded-Method", req.Method) + req.Header.Add("X-Forwarded-Uri", req.RequestURI) + } + resp, err := client.Do(req) if err != nil { @@ -73,17 +82,18 @@ func runClient(keyFile *string) { } fmt.Println(resp.StatusCode) + fmt.Println(resp.Header) fmt.Println(string(out[:])) } -func runServer(keyFile *string) { +func runServer(keyFile *string, simulateCaddy bool) { key, err := loadPublicKey(*keyFile) if err != nil { log.Fatal(err) } - server.Start(key) + server.Start(key, simulateCaddy) } func loadPrivateKey(keyFile string) (crypto.PrivateKey, error) { diff --git a/server/caddy_rewrite.go b/server/caddy_rewrite.go new file mode 100644 index 0000000..5325299 --- /dev/null +++ b/server/caddy_rewrite.go @@ -0,0 +1,20 @@ +package server + +import ( + "fmt" + "net/http" +) + +func rewriteHeaders(next http.Handler) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + forwardedMethod := r.Header.Get("X-Forwarded-Method") + forwardedUri := r.Header.Get("X-Forwarded-Uri") + + fmt.Printf("Headers: %s, %s\n", forwardedMethod, forwardedUri) + + r.Method = forwardedMethod + r.RequestURI = forwardedUri + + next.ServeHTTP(w, r) + }) +} diff --git a/server/server.go b/server/server.go index dc36cca..a22e1df 100644 --- a/server/server.go +++ b/server/server.go @@ -10,7 +10,7 @@ import ( "github.com/common-fate/httpsig/inmemory" ) -func Start(publicKey crypto.PublicKey) error { +func Start(publicKey crypto.PublicKey, isCaddyAuth bool) error { keyDir := InMemoryDirectory{ records: map[string]KeyEntry{}, } @@ -41,14 +41,26 @@ func Start(publicKey crypto.PublicKey) error { }, }) - mux.Handle("/", verifier(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - fmt.Printf("Responding...\n") + verifyHandler := verifier(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { attr := httpsig.AttributesFromContext(r.Context()).(string) - fmt.Printf("User is %s\n", attr) - msg := fmt.Sprintf("hello, %s!", attr) - w.Write([]byte(msg)) - fmt.Printf("Responded...\n") - }))) + + if isCaddyAuth { + w.Header().Add("Remote-User", attr) + } else { + msg := fmt.Sprintf("hello, %s!", attr) + w.Write([]byte(msg)) + } + })) + + var handler http.Handler + + if isCaddyAuth { + handler = rewriteHeaders(verifyHandler) + } else { + handler = verifyHandler + } + + mux.Handle("/", handler) err := http.ListenAndServe("localhost:8080", mux)