diff options
| author | vnxme <[email protected]> | 2024-08-07 20:02:23 +0300 |
|---|---|---|
| committer | GitHub <[email protected]> | 2024-08-07 11:02:23 -0600 |
| commit | 59cbb2c83a03b6fe352ae0b5d05581d9148a4d24 (patch) | |
| tree | 2f437bbef98830c52c5ba65e51f19f21d3aa59bb /modules/caddytls | |
| parent | a8b0dfa8da5616837f7e028578ddb9b7ad36b64e (diff) | |
| download | caddy-59cbb2c83a03b6fe352ae0b5d05581d9148a4d24.tar.gz caddy-59cbb2c83a03b6fe352ae0b5d05581d9148a4d24.zip | |
caddytls,caddyhttp: Placeholders for some TLS and HTTP matchers (#6480)
* Runtime placeholders for caddytls matchers (1/3):
- remove IPs validation in UnmarshalCaddyfile
* Runtime placeholders for caddytls matchers (2/3):
- add placeholder replacement for IPs in Provision
* Runtime placeholders for caddytls matchers (3/3):
- add placeholder replacement for other strings
* Runtime placeholders for caddyhttp matchers (1/1):
- add placeholder replacement for IPs in Provision
* Runtime placeholders for caddyhttp/caddytls matchers:
- move PrivateRandesCIDR under internal
Diffstat (limited to 'modules/caddytls')
| -rw-r--r-- | modules/caddytls/matchers.go | 58 |
1 files changed, 34 insertions, 24 deletions
diff --git a/modules/caddytls/matchers.go b/modules/caddytls/matchers.go index a23a19317..83a464713 100644 --- a/modules/caddytls/matchers.go +++ b/modules/caddytls/matchers.go @@ -26,6 +26,7 @@ import ( "github.com/caddyserver/caddy/v2" "github.com/caddyserver/caddy/v2/caddyconfig/caddyfile" + "github.com/caddyserver/caddy/v2/internal" ) func init() { @@ -49,8 +50,17 @@ func (MatchServerName) CaddyModule() caddy.ModuleInfo { // Match matches hello based on SNI. func (m MatchServerName) Match(hello *tls.ClientHelloInfo) bool { + // caddytls.TestServerNameMatcher calls this function without any context + var repl *caddy.Replacer + if ctx := hello.Context(); ctx != nil { + repl = ctx.Value(caddy.ReplacerCtxKey).(*caddy.Replacer) + } else { + repl = caddy.NewReplacer() + } + for _, name := range m { - if certmagic.MatchWildcard(hello.ServerName, name) { + rs := repl.ReplaceAll(name, "") + if certmagic.MatchWildcard(hello.ServerName, rs) { return true } } @@ -107,16 +117,19 @@ func (MatchRemoteIP) CaddyModule() caddy.ModuleInfo { // Provision parses m's IP ranges, either from IP or CIDR expressions. func (m *MatchRemoteIP) Provision(ctx caddy.Context) error { + repl := caddy.NewReplacer() m.logger = ctx.Logger() for _, str := range m.Ranges { - cidrs, err := m.parseIPRange(str) + rs := repl.ReplaceAll(str, "") + cidrs, err := m.parseIPRange(rs) if err != nil { return err } m.cidrs = append(m.cidrs, cidrs...) } for _, str := range m.NotRanges { - cidrs, err := m.parseIPRange(str) + rs := repl.ReplaceAll(str, "") + cidrs, err := m.parseIPRange(rs) if err != nil { return err } @@ -185,22 +198,18 @@ func (m *MatchRemoteIP) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { for d.NextArg() { val := d.Val() + var exclamation bool if len(val) > 1 && val[0] == '!' { - prefixes, err := m.parseIPRange(val[1:]) - if err != nil { - return err - } - for _, prefix := range prefixes { - m.NotRanges = append(m.NotRanges, prefix.String()) - } + exclamation, val = true, val[1:] + } + ranges := []string{val} + if val == "private_ranges" { + ranges = internal.PrivateRangesCIDR() + } + if exclamation { + m.NotRanges = append(m.NotRanges, ranges...) } else { - prefixes, err := m.parseIPRange(val) - if err != nil { - return err - } - for _, prefix := range prefixes { - m.Ranges = append(m.Ranges, prefix.String()) - } + m.Ranges = append(m.Ranges, ranges...) } } @@ -233,9 +242,11 @@ func (MatchLocalIP) CaddyModule() caddy.ModuleInfo { // Provision parses m's IP ranges, either from IP or CIDR expressions. func (m *MatchLocalIP) Provision(ctx caddy.Context) error { + repl := caddy.NewReplacer() m.logger = ctx.Logger() for _, str := range m.Ranges { - cidrs, err := m.parseIPRange(str) + rs := repl.ReplaceAll(str, "") + cidrs, err := m.parseIPRange(rs) if err != nil { return err } @@ -300,13 +311,12 @@ func (m *MatchLocalIP) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { } for d.NextArg() { - prefixes, err := m.parseIPRange(d.Val()) - if err != nil { - return err - } - for _, prefix := range prefixes { - m.Ranges = append(m.Ranges, prefix.String()) + val := d.Val() + if val == "private_ranges" { + m.Ranges = append(m.Ranges, internal.PrivateRangesCIDR()...) + continue } + m.Ranges = append(m.Ranges, val) } // No blocks are supported |