- commit
- 65934ea
- parent
- 1af1d77
- author
- cheddar
- date
- 2025-02-16 19:51:53 +0100 CET
Try simulating caddy forward_auth
3 files changed,
+56,
-14
M
main.go
+16,
-6
1@@ -22,16 +22,18 @@ func main() {
2
3 keyPath := flag.String("key", "", "Path to the private (client mode) or public (server mode) to use")
4
5+ simulateCaddy := flag.Bool("caddy", false, "Simulate caddy reverse proxy")
6+
7 flag.Parse()
8
9 if *useClient {
10- runClient(keyPath)
11+ runClient(keyPath, *simulateCaddy)
12 } else {
13- runServer(keyPath)
14+ runServer(keyPath, *simulateCaddy)
15 }
16 }
17
18-func runClient(keyFile *string) {
19+func runClient(keyFile *string, simulateCaddy bool) {
20 testData := map[string]string{"hello": "world"}
21 json_data, _ := json.Marshal(testData)
22
23@@ -49,7 +51,9 @@ func runClient(keyFile *string) {
24
25 id := digest.FromBytes(json_data)
26
27- req, err := http.NewRequest("POST", "http://localhost:8080/post", bytes.NewBuffer(json_data))
28+ var req *http.Request
29+
30+ req, err = http.NewRequest("POST", "http://localhost:8080/post", bytes.NewBuffer(json_data))
31
32 if err != nil {
33 log.Fatal(err)
34@@ -58,6 +62,11 @@ func runClient(keyFile *string) {
35 req.Header.Add("Content-Digest", string(id.Algorithm())+"="+id.Encoded())
36 req.Header.Add("Content-Type", "application/json")
37
38+ if simulateCaddy {
39+ req.Header.Add("X-Forwarded-Method", req.Method)
40+ req.Header.Add("X-Forwarded-Uri", req.RequestURI)
41+ }
42+
43 resp, err := client.Do(req)
44
45 if err != nil {
46@@ -73,17 +82,18 @@ func runClient(keyFile *string) {
47 }
48
49 fmt.Println(resp.StatusCode)
50+ fmt.Println(resp.Header)
51 fmt.Println(string(out[:]))
52 }
53
54-func runServer(keyFile *string) {
55+func runServer(keyFile *string, simulateCaddy bool) {
56 key, err := loadPublicKey(*keyFile)
57
58 if err != nil {
59 log.Fatal(err)
60 }
61
62- server.Start(key)
63+ server.Start(key, simulateCaddy)
64 }
65
66 func loadPrivateKey(keyFile string) (crypto.PrivateKey, error) {
+20,
-0
1@@ -0,0 +1,20 @@
2+package server
3+
4+import (
5+ "fmt"
6+ "net/http"
7+)
8+
9+func rewriteHeaders(next http.Handler) http.Handler {
10+ return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
11+ forwardedMethod := r.Header.Get("X-Forwarded-Method")
12+ forwardedUri := r.Header.Get("X-Forwarded-Uri")
13+
14+ fmt.Printf("Headers: %s, %s\n", forwardedMethod, forwardedUri)
15+
16+ r.Method = forwardedMethod
17+ r.RequestURI = forwardedUri
18+
19+ next.ServeHTTP(w, r)
20+ })
21+}
+20,
-8
1@@ -10,7 +10,7 @@ import (
2 "github.com/common-fate/httpsig/inmemory"
3 )
4
5-func Start(publicKey crypto.PublicKey) error {
6+func Start(publicKey crypto.PublicKey, isCaddyAuth bool) error {
7 keyDir := InMemoryDirectory{
8 records: map[string]KeyEntry{},
9 }
10@@ -41,14 +41,26 @@ func Start(publicKey crypto.PublicKey) error {
11 },
12 })
13
14- mux.Handle("/", verifier(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
15- fmt.Printf("Responding...\n")
16+ verifyHandler := verifier(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
17 attr := httpsig.AttributesFromContext(r.Context()).(string)
18- fmt.Printf("User is %s\n", attr)
19- msg := fmt.Sprintf("hello, %s!", attr)
20- w.Write([]byte(msg))
21- fmt.Printf("Responded...\n")
22- })))
23+
24+ if isCaddyAuth {
25+ w.Header().Add("Remote-User", attr)
26+ } else {
27+ msg := fmt.Sprintf("hello, %s!", attr)
28+ w.Write([]byte(msg))
29+ }
30+ }))
31+
32+ var handler http.Handler
33+
34+ if isCaddyAuth {
35+ handler = rewriteHeaders(verifyHandler)
36+ } else {
37+ handler = verifyHandler
38+ }
39+
40+ mux.Handle("/", handler)
41
42 err := http.ListenAndServe("localhost:8080", mux)
43