diff options
author | Matthew Holt <[email protected]> | 2024-04-22 15:47:09 -0600 |
---|---|---|
committer | Matthew Holt <[email protected]> | 2024-04-22 15:47:09 -0600 |
commit | 6a0299905479083f250c39d5780c305f82863273 (patch) | |
tree | 820e8d2581151abc276d3b351ba6ee2021c12fc0 | |
parent | 9f97df2275638ef80ca104dd0ca51e5a7ab93b21 (diff) | |
download | caddy-6a0299905479083f250c39d5780c305f82863273.tar.gz caddy-6a0299905479083f250c39d5780c305f82863273.zip |
caddytls: Add Caddyfile support for on-demand permission module (close #6260)
-rw-r--r-- | caddyconfig/httpcaddyfile/options.go | 25 | ||||
-rw-r--r-- | caddyconfig/httploader.go | 10 | ||||
-rw-r--r-- | modules/caddytls/ondemand.go | 12 |
3 files changed, 39 insertions, 8 deletions
diff --git a/caddyconfig/httpcaddyfile/options.go b/caddyconfig/httpcaddyfile/options.go index bbc63ced8..6a8ba0bd3 100644 --- a/caddyconfig/httpcaddyfile/options.go +++ b/caddyconfig/httpcaddyfile/options.go @@ -345,9 +345,34 @@ func parseOptOnDemand(d *caddyfile.Dispenser, _ any) (any, error) { if ond == nil { ond = new(caddytls.OnDemandConfig) } + if ond.PermissionRaw != nil { + return nil, d.Err("on-demand TLS permission module (or 'ask') already specified") + } perm := caddytls.PermissionByHTTP{Endpoint: d.Val()} ond.PermissionRaw = caddyconfig.JSONModuleObject(perm, "module", "http", nil) + case "permission": + if !d.NextArg() { + return nil, d.ArgErr() + } + if ond == nil { + ond = new(caddytls.OnDemandConfig) + } + if ond.PermissionRaw != nil { + return nil, d.Err("on-demand TLS permission module (or 'ask') already specified") + } + modName := d.Val() + modID := "tls.permission." + modName + unm, err := caddyfile.UnmarshalModule(d, modID) + if err != nil { + return nil, err + } + perm, ok := unm.(caddytls.OnDemandPermission) + if !ok { + return nil, d.Errf("module %s (%T) is not an on-demand TLS permission module", modID, unm) + } + ond.PermissionRaw = caddyconfig.JSONModuleObject(perm, "module", modName, nil) + case "interval": if !d.NextArg() { return nil, d.ArgErr() diff --git a/caddyconfig/httploader.go b/caddyconfig/httploader.go index e0ce4ebf7..528cea6c8 100644 --- a/caddyconfig/httploader.go +++ b/caddyconfig/httploader.go @@ -181,19 +181,13 @@ func (hl HTTPLoader) makeClient(ctx caddy.Context) (*http.Client, error) { if err != nil { return nil, fmt.Errorf("getting server identity credentials: %v", err) } - if tlsConfig == nil { - tlsConfig = new(tls.Config) - } - tlsConfig.Certificates = certs + tlsConfig = &tls.Config{Certificates: certs} } else if hl.TLS.ClientCertificateFile != "" && hl.TLS.ClientCertificateKeyFile != "" { cert, err := tls.LoadX509KeyPair(hl.TLS.ClientCertificateFile, hl.TLS.ClientCertificateKeyFile) if err != nil { return nil, err } - if tlsConfig == nil { - tlsConfig = new(tls.Config) - } - tlsConfig.Certificates = []tls.Certificate{cert} + tlsConfig = &tls.Config{Certificates: []tls.Certificate{cert}} } // trusted server certs diff --git a/modules/caddytls/ondemand.go b/modules/caddytls/ondemand.go index 31f6ef2dc..060a3ac6a 100644 --- a/modules/caddytls/ondemand.go +++ b/modules/caddytls/ondemand.go @@ -28,6 +28,7 @@ import ( "go.uber.org/zap" "github.com/caddyserver/caddy/v2" + "github.com/caddyserver/caddy/v2/caddyconfig/caddyfile" ) func init() { @@ -117,6 +118,17 @@ func (PermissionByHTTP) CaddyModule() caddy.ModuleInfo { } } +// UnmarshalCaddyfile implements caddyfile.Unmarshaler. +func (p *PermissionByHTTP) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { + if !d.Next() { + return nil + } + if !d.AllArgs(&p.Endpoint) { + return d.ArgErr() + } + return nil +} + func (p *PermissionByHTTP) Provision(ctx caddy.Context) error { p.logger = ctx.Logger() p.replacer = caddy.NewReplacer() |