serv/caddy
1
0
Fork 0
mirror of https://github.com/caddyserver/caddy.git synced 2024-12-26 21:53:48 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

caddytls: Add Caddyfile support for on-demand permission module (close #6260)

Browse source
This commit is contained in:
Matthew Holt 2024-04-22 15:47:09 -06:00
parent 9f97df2275
commit 6a02999054
No known key found for this signature in database
GPG key ID: 2A349DD577D586A5
3 changed files with 39 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

25
caddyconfig/httpcaddyfile/options.go
View file

@ -345,9 +345,34 @@ func parseOptOnDemand(d *caddyfile.Dispenser, _ any) (any, error) {
if ond == nil { if ond == nil {
ond = new(caddytls.OnDemandConfig) ond = new(caddytls.OnDemandConfig)
} }
if ond.PermissionRaw != nil {
return nil, d.Err("on-demand TLS permission module (or 'ask') already specified")
}
perm := caddytls.PermissionByHTTP{Endpoint: d.Val()} perm := caddytls.PermissionByHTTP{Endpoint: d.Val()}
ond.PermissionRaw = caddyconfig.JSONModuleObject(perm, "module", "http", nil) ond.PermissionRaw = caddyconfig.JSONModuleObject(perm, "module", "http", nil)
case "permission":
if !d.NextArg() {
return nil, d.ArgErr()
}
if ond == nil {
ond = new(caddytls.OnDemandConfig)
}
if ond.PermissionRaw != nil {
return nil, d.Err("on-demand TLS permission module (or 'ask') already specified")
}
modName := d.Val()
modID := "tls.permission." + modName
unm, err := caddyfile.UnmarshalModule(d, modID)
if err != nil {
return nil, err
}
perm, ok := unm.(caddytls.OnDemandPermission)
if !ok {
return nil, d.Errf("module %s (%T) is not an on-demand TLS permission module", modID, unm)
}
ond.PermissionRaw = caddyconfig.JSONModuleObject(perm, "module", modName, nil)
case "interval": case "interval":
if !d.NextArg() { if !d.NextArg() {
return nil, d.ArgErr() return nil, d.ArgErr()

10
caddyconfig/httploader.go
View file

@ -181,19 +181,13 @@ func (hl HTTPLoader) makeClient(ctx caddy.Context) (*http.Client, error) {
if err != nil { if err != nil {
return nil, fmt.Errorf("getting server identity credentials: %v", err) return nil, fmt.Errorf("getting server identity credentials: %v", err)
} }
if tlsConfig == nil { tlsConfig = &tls.Config{Certificates: certs}
tlsConfig = new(tls.Config)
}
tlsConfig.Certificates = certs
} else if hl.TLS.ClientCertificateFile != "" && hl.TLS.ClientCertificateKeyFile != "" { } else if hl.TLS.ClientCertificateFile != "" && hl.TLS.ClientCertificateKeyFile != "" {
cert, err := tls.LoadX509KeyPair(hl.TLS.ClientCertificateFile, hl.TLS.ClientCertificateKeyFile) cert, err := tls.LoadX509KeyPair(hl.TLS.ClientCertificateFile, hl.TLS.ClientCertificateKeyFile)
if err != nil { if err != nil {
return nil, err return nil, err
} }
if tlsConfig == nil { tlsConfig = &tls.Config{Certificates: []tls.Certificate{cert}}
tlsConfig = new(tls.Config)
}
tlsConfig.Certificates = []tls.Certificate{cert}
} }
// trusted server certs // trusted server certs

12
modules/caddytls/ondemand.go
View file

@ -28,6 +28,7 @@ import (
"go.uber.org/zap" "go.uber.org/zap"
"github.com/caddyserver/caddy/v2" "github.com/caddyserver/caddy/v2"
"github.com/caddyserver/caddy/v2/caddyconfig/caddyfile"
) )
func init() { func init() {
@ -117,6 +118,17 @@ func (PermissionByHTTP) CaddyModule() caddy.ModuleInfo {
} }
} }
// UnmarshalCaddyfile implements caddyfile.Unmarshaler.
func (p *PermissionByHTTP) UnmarshalCaddyfile(d *caddyfile.Dispenser) error {
if !d.Next() {
return nil
}
if !d.AllArgs(&p.Endpoint) {
return d.ArgErr()
}
return nil
}
func (p *PermissionByHTTP) Provision(ctx caddy.Context) error { func (p *PermissionByHTTP) Provision(ctx caddy.Context) error {
p.logger = ctx.Logger() p.logger = ctx.Logger()
p.replacer = caddy.NewReplacer() p.replacer = caddy.NewReplacer()