diff --git a/caddyconfig/httpcaddyfile/addresses.go b/caddyconfig/httpcaddyfile/addresses.go index e40f30ce..51411a9a 100644 --- a/caddyconfig/httpcaddyfile/addresses.go +++ b/caddyconfig/httpcaddyfile/addresses.go @@ -20,6 +20,7 @@ import ( "reflect" "strconv" "strings" + "unicode" "github.com/caddyserver/caddy/v2" "github.com/caddyserver/caddy/v2/caddyconfig/caddyfile" @@ -333,8 +334,8 @@ func (a Address) Normalize() Address { return Address{ Original: a.Original, - Scheme: strings.ToLower(a.Scheme), - Host: strings.ToLower(host), + Scheme: lowerExceptPlaceholders(a.Scheme), + Host: lowerExceptPlaceholders(host), Port: a.Port, Path: path, } @@ -361,3 +362,31 @@ func (a Address) Key() string { } return res } + +// lowerExceptPlaceholders lowercases s except within +// placeholders (substrings in non-escaped '{ }' spans). +// See https://github.com/caddyserver/caddy/issues/3264 +func lowerExceptPlaceholders(s string) string { + var sb strings.Builder + var escaped, inPlaceholder bool + for _, ch := range s { + if ch == '\\' && !escaped { + escaped = true + sb.WriteRune(ch) + continue + } + if ch == '{' && !escaped { + inPlaceholder = true + } + if ch == '}' && inPlaceholder && !escaped { + inPlaceholder = false + } + if inPlaceholder { + sb.WriteRune(ch) + } else { + sb.WriteRune(unicode.ToLower(ch)) + } + escaped = false + } + return sb.String() +} diff --git a/caddyconfig/httpcaddyfile/addresses_test.go b/caddyconfig/httpcaddyfile/addresses_test.go index 8de1f099..612ef67e 100644 --- a/caddyconfig/httpcaddyfile/addresses_test.go +++ b/caddyconfig/httpcaddyfile/addresses_test.go @@ -108,6 +108,10 @@ func TestKeyNormalization(t *testing.T) { input string expect string }{ + { + input: "example.com", + expect: "example.com", + }, { input: "http://host:1234/path", expect: "http://host:1234/path", @@ -124,6 +128,22 @@ func TestKeyNormalization(t *testing.T) { input: "A:2015/Path", expect: "a:2015/Path", }, + { + input: "sub.{env.MY_DOMAIN}", + expect: "sub.{env.MY_DOMAIN}", + }, + { + input: "sub.ExAmPle", + expect: "sub.example", + }, + { + input: "sub.\\{env.MY_DOMAIN\\}", + expect: "sub.\\{env.my_domain\\}", + }, + { + input: "sub.{env.MY_DOMAIN}.com", + expect: "sub.{env.MY_DOMAIN}.com", + }, { input: ":80", expect: ":80", @@ -156,7 +176,7 @@ func TestKeyNormalization(t *testing.T) { continue } if actual := addr.Normalize().Key(); actual != tc.expect { - t.Errorf("Test %d: Normalized key for address '%s' was '%s' but expected '%s'", i, tc.input, actual, tc.expect) + t.Errorf("Test %d: Input '%s': Expected '%s' but got '%s'", i, tc.input, tc.expect, actual) } } diff --git a/modules/caddyhttp/caddyauth/caddyauth.go b/modules/caddyhttp/caddyauth/caddyauth.go index a6165d4d..a88bff60 100644 --- a/modules/caddyhttp/caddyauth/caddyauth.go +++ b/modules/caddyhttp/caddyauth/caddyauth.go @@ -29,6 +29,8 @@ func init() { // Authentication is a middleware which provides user authentication. // Rejects requests with HTTP 401 if the request is not authenticated. +// +// Its API is still experimental and may be subject to change. type Authentication struct { // A set of authentication providers. If none are specified, // all requests will always be unauthenticated.