MCPcopy
hub / github.com/caddyserver/caddy / parseCaddyfile

Function parseCaddyfile

modules/caddyhttp/reverseproxy/forwardauth/caddyfile.go:64–293  ·  view source on GitHub ↗

parseCaddyfile parses the forward_auth directive, which has the same syntax as the reverse_proxy directive (in fact, the reverse_proxy's directive Unmarshaler is invoked by this function) but the resulting proxy is specially configured for most™️ auth gateways that support forward auth. The typical

(h httpcaddyfile.Helper)

Source from the content-addressed store, hash-verified

62// }
63// }
64func parseCaddyfile(h httpcaddyfile.Helper) ([]httpcaddyfile.ConfigValue, error) {
65 if !h.Next() {
66 return nil, h.ArgErr()
67 }
68
69 // if the user specified a matcher token, use that
70 // matcher in a route that wraps both of our routes;
71 // either way, strip the matcher token and pass
72 // the remaining tokens to the unmarshaler so that
73 // we can gain the rest of the reverse_proxy syntax
74 userMatcherSet, err := h.ExtractMatcherSet()
75 if err != nil {
76 return nil, err
77 }
78
79 // make a new dispenser from the remaining tokens so that we
80 // can reset the dispenser back to this point for the
81 // reverse_proxy unmarshaler to read from it as well
82 dispenser := h.NewFromNextSegment()
83
84 // create the reverse proxy handler
85 rpHandler := &reverseproxy.Handler{
86 // set up defaults for header_up; reverse_proxy already deals with
87 // adding the other three X-Forwarded-* headers, but for this flow,
88 // we want to also send along the incoming method and URI since this
89 // request will have a rewritten URI and method.
90 Headers: &headers.Handler{
91 Request: &headers.HeaderOps{
92 Set: http.Header{
93 "X-Forwarded-Method": []string{"{http.request.method}"},
94 "X-Forwarded-Uri": []string{"{http.request.uri}"},
95 },
96 },
97 },
98
99 // we always rewrite the method to GET, which implicitly
100 // turns off sending the incoming request's body, which
101 // allows later middleware handlers to consume it
102 Rewrite: &rewrite.Rewrite{
103 Method: "GET",
104 },
105
106 HandleResponse: []caddyhttp.ResponseHandler{},
107 }
108
109 // collect the headers to copy from the auth response
110 // onto the original request, so they can get passed
111 // through to a backend app
112 headersToCopy := make(map[string]string)
113
114 // read the subdirectives for configuring the forward_auth shortcut
115 // NOTE: we delete the tokens as we go so that the reverse_proxy
116 // unmarshal doesn't see these subdirectives which it cannot handle
117 for dispenser.Next() {
118 for dispenser.NextBlock(0) {
119 // ignore any sub-subdirectives that might
120 // have the same name somewhere within
121 // the reverse_proxy passthrough tokens

Callers

nothing calls this directly

Calls 15

UnmarshalCaddyfileMethod · 0.95
JSONModuleObjectFunction · 0.92
ArgErrMethod · 0.80
ExtractMatcherSetMethod · 0.80
NewFromNextSegmentMethod · 0.80
NextBlockMethod · 0.80
NestingMethod · 0.80
ValMethod · 0.80
NextArgMethod · 0.80
DeleteNMethod · 0.80
RemainingArgsMethod · 0.80

Tested by

no test coverage detected