Try simulating caddy forward_auth

2025-02-16 13:51:53 -05:00 · 2025-02-16 13:51:53 -05:00 · 65934ea570
commit 65934ea570
parent 1af1d774d3
3 changed files with 56 additions and 14 deletions
--- a/main.go
+++ b/main.go
@ -22,16 +22,18 @@ func main() {
 	keyPath := flag.String("key", "", "Path to the private (client mode) or public (server mode) to use")
 	simulateCaddy := flag.Bool("caddy", false, "Simulate caddy reverse proxy")
 	flag.Parse()
 	if *useClient {
-		runClient(keyPath)
+		runClient(keyPath, *simulateCaddy)
 	} else {
-		runServer(keyPath)
+		runServer(keyPath, *simulateCaddy)
 	}
 }
-func runClient(keyFile *string) {
+func runClient(keyFile *string, simulateCaddy bool) {
 	testData := map[string]string{"hello": "world"}
 	json_data, _ := json.Marshal(testData)
@ -49,7 +51,9 @@ func runClient(keyFile *string) {
 	id := digest.FromBytes(json_data)
-	req, err := http.NewRequest("POST", "http://localhost:8080/post", bytes.NewBuffer(json_data))
+	var req *http.Request
 	req, err = http.NewRequest("POST", "http://localhost:8080/post", bytes.NewBuffer(json_data))
 	if err != nil {
 		log.Fatal(err)
@ -58,6 +62,11 @@ func runClient(keyFile *string) {
 	req.Header.Add("Content-Digest", string(id.Algorithm())+"="+id.Encoded())
 	req.Header.Add("Content-Type", "application/json")
 	if simulateCaddy {
 		req.Header.Add("X-Forwarded-Method", req.Method)
 		req.Header.Add("X-Forwarded-Uri", req.RequestURI)
 	}
 	resp, err := client.Do(req)
 	if err != nil {
@ -73,17 +82,18 @@ func runClient(keyFile *string) {
 	}
 	fmt.Println(resp.StatusCode)
 	fmt.Println(resp.Header)
 	fmt.Println(string(out[:]))
 }
-func runServer(keyFile *string) {
+func runServer(keyFile *string, simulateCaddy bool) {
 	key, err := loadPublicKey(*keyFile)
 	if err != nil {
 		log.Fatal(err)
 	}
-	server.Start(key)
+	server.Start(key, simulateCaddy)
 }
 func loadPrivateKey(keyFile string) (crypto.PrivateKey, error) {
--- a/server/caddy_rewrite.go
+++ b/server/caddy_rewrite.go
@ -0,0 +1,20 @@
 package server
 import (
 	"fmt"
 	"net/http"
 )
 func rewriteHeaders(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		forwardedMethod := r.Header.Get("X-Forwarded-Method")
 		forwardedUri := r.Header.Get("X-Forwarded-Uri")
 		fmt.Printf("Headers: %s, %s\n", forwardedMethod, forwardedUri)
 		r.Method = forwardedMethod
 		r.RequestURI = forwardedUri
 		next.ServeHTTP(w, r)
 	})
 }
--- a/server/server.go
+++ b/server/server.go
@ -10,7 +10,7 @@ import (
 	"github.com/common-fate/httpsig/inmemory"
 )
-func Start(publicKey crypto.PublicKey) error {
+func Start(publicKey crypto.PublicKey, isCaddyAuth bool) error {
 	keyDir := InMemoryDirectory{
 		records: map[string]KeyEntry{},
 	}
@ -41,14 +41,26 @@ func Start(publicKey crypto.PublicKey) error {
 		},
 	})
-	mux.Handle("/", verifier(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+	verifyHandler := verifier(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		fmt.Printf("Responding...\n")
 		attr := httpsig.AttributesFromContext(r.Context()).(string)
-		fmt.Printf("User is %s\n", attr)
+
-		msg := fmt.Sprintf("hello, %s!", attr)
+		if isCaddyAuth {
-		w.Write([]byte(msg))
+			w.Header().Add("Remote-User", attr)
-		fmt.Printf("Responded...\n")
+		} else {
-	})))
+			msg := fmt.Sprintf("hello, %s!", attr)
 			w.Write([]byte(msg))
 		}
 	}))
 	var handler http.Handler
 	if isCaddyAuth {
 		handler = rewriteHeaders(verifyHandler)
 	} else {
 		handler = verifyHandler
 	}
 	mux.Handle("/", handler)
 	err := http.ListenAndServe("localhost:8080", mux)