mirror of
https://github.com/caddyserver/caddy.git
synced 2024-12-27 14:13:48 +03:00
caddytls: Add Caddyfile support for on-demand permission module (close #6260)
This commit is contained in:
parent
9f97df2275
commit
6a02999054
3 changed files with 39 additions and 8 deletions
|
@ -345,9 +345,34 @@ func parseOptOnDemand(d *caddyfile.Dispenser, _ any) (any, error) {
|
||||||
if ond == nil {
|
if ond == nil {
|
||||||
ond = new(caddytls.OnDemandConfig)
|
ond = new(caddytls.OnDemandConfig)
|
||||||
}
|
}
|
||||||
|
if ond.PermissionRaw != nil {
|
||||||
|
return nil, d.Err("on-demand TLS permission module (or 'ask') already specified")
|
||||||
|
}
|
||||||
perm := caddytls.PermissionByHTTP{Endpoint: d.Val()}
|
perm := caddytls.PermissionByHTTP{Endpoint: d.Val()}
|
||||||
ond.PermissionRaw = caddyconfig.JSONModuleObject(perm, "module", "http", nil)
|
ond.PermissionRaw = caddyconfig.JSONModuleObject(perm, "module", "http", nil)
|
||||||
|
|
||||||
|
case "permission":
|
||||||
|
if !d.NextArg() {
|
||||||
|
return nil, d.ArgErr()
|
||||||
|
}
|
||||||
|
if ond == nil {
|
||||||
|
ond = new(caddytls.OnDemandConfig)
|
||||||
|
}
|
||||||
|
if ond.PermissionRaw != nil {
|
||||||
|
return nil, d.Err("on-demand TLS permission module (or 'ask') already specified")
|
||||||
|
}
|
||||||
|
modName := d.Val()
|
||||||
|
modID := "tls.permission." + modName
|
||||||
|
unm, err := caddyfile.UnmarshalModule(d, modID)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
perm, ok := unm.(caddytls.OnDemandPermission)
|
||||||
|
if !ok {
|
||||||
|
return nil, d.Errf("module %s (%T) is not an on-demand TLS permission module", modID, unm)
|
||||||
|
}
|
||||||
|
ond.PermissionRaw = caddyconfig.JSONModuleObject(perm, "module", modName, nil)
|
||||||
|
|
||||||
case "interval":
|
case "interval":
|
||||||
if !d.NextArg() {
|
if !d.NextArg() {
|
||||||
return nil, d.ArgErr()
|
return nil, d.ArgErr()
|
||||||
|
|
|
@ -181,19 +181,13 @@ func (hl HTTPLoader) makeClient(ctx caddy.Context) (*http.Client, error) {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fmt.Errorf("getting server identity credentials: %v", err)
|
return nil, fmt.Errorf("getting server identity credentials: %v", err)
|
||||||
}
|
}
|
||||||
if tlsConfig == nil {
|
tlsConfig = &tls.Config{Certificates: certs}
|
||||||
tlsConfig = new(tls.Config)
|
|
||||||
}
|
|
||||||
tlsConfig.Certificates = certs
|
|
||||||
} else if hl.TLS.ClientCertificateFile != "" && hl.TLS.ClientCertificateKeyFile != "" {
|
} else if hl.TLS.ClientCertificateFile != "" && hl.TLS.ClientCertificateKeyFile != "" {
|
||||||
cert, err := tls.LoadX509KeyPair(hl.TLS.ClientCertificateFile, hl.TLS.ClientCertificateKeyFile)
|
cert, err := tls.LoadX509KeyPair(hl.TLS.ClientCertificateFile, hl.TLS.ClientCertificateKeyFile)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
if tlsConfig == nil {
|
tlsConfig = &tls.Config{Certificates: []tls.Certificate{cert}}
|
||||||
tlsConfig = new(tls.Config)
|
|
||||||
}
|
|
||||||
tlsConfig.Certificates = []tls.Certificate{cert}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// trusted server certs
|
// trusted server certs
|
||||||
|
|
|
@ -28,6 +28,7 @@ import (
|
||||||
"go.uber.org/zap"
|
"go.uber.org/zap"
|
||||||
|
|
||||||
"github.com/caddyserver/caddy/v2"
|
"github.com/caddyserver/caddy/v2"
|
||||||
|
"github.com/caddyserver/caddy/v2/caddyconfig/caddyfile"
|
||||||
)
|
)
|
||||||
|
|
||||||
func init() {
|
func init() {
|
||||||
|
@ -117,6 +118,17 @@ func (PermissionByHTTP) CaddyModule() caddy.ModuleInfo {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// UnmarshalCaddyfile implements caddyfile.Unmarshaler.
|
||||||
|
func (p *PermissionByHTTP) UnmarshalCaddyfile(d *caddyfile.Dispenser) error {
|
||||||
|
if !d.Next() {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
if !d.AllArgs(&p.Endpoint) {
|
||||||
|
return d.ArgErr()
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
func (p *PermissionByHTTP) Provision(ctx caddy.Context) error {
|
func (p *PermissionByHTTP) Provision(ctx caddy.Context) error {
|
||||||
p.logger = ctx.Logger()
|
p.logger = ctx.Logger()
|
||||||
p.replacer = caddy.NewReplacer()
|
p.replacer = caddy.NewReplacer()
|
||||||
|
|
Loading…
Reference in a new issue