Try simulating caddy forward_auth

2025-02-16 13:51:53 -05:00 · 2025-02-16 13:51:53 -05:00 · 65934ea570
commit 65934ea570
parent 1af1d774d3
3 changed files with 56 additions and 14 deletions
--- a/server/server.go
+++ b/server/server.go
@ -10,7 +10,7 @@ import (
 	"github.com/common-fate/httpsig/inmemory"
 )

-func Start(publicKey crypto.PublicKey) error {
+func Start(publicKey crypto.PublicKey, isCaddyAuth bool) error {
 	keyDir := InMemoryDirectory{
 		records: map[string]KeyEntry{},
 	}
@ -41,14 +41,26 @@ func Start(publicKey crypto.PublicKey) error {
 		},
 	})

-	mux.Handle("/", verifier(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		fmt.Printf("Responding...\n")
+	verifyHandler := verifier(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		attr := httpsig.AttributesFromContext(r.Context()).(string)
-		fmt.Printf("User is %s\n", attr)
-		msg := fmt.Sprintf("hello, %s!", attr)
-		w.Write([]byte(msg))
-		fmt.Printf("Responded...\n")
-	})))
+
+		if isCaddyAuth {
+			w.Header().Add("Remote-User", attr)
+		} else {
+			msg := fmt.Sprintf("hello, %s!", attr)
+			w.Write([]byte(msg))
+		}
+	}))
+
+	var handler http.Handler
+
+	if isCaddyAuth {
+		handler = rewriteHeaders(verifyHandler)
+	} else {
+		handler = verifyHandler
+	}
+
+	mux.Handle("/", handler)

 	err := http.ListenAndServe("localhost:8080", mux)