feat: use decoded headers in proxy controller

2025-10-28 12:45:47 +00:00 · 2025-09-02 18:19:18 +03:00
parent b6bc3d0020
commit 78920cba64
7 changed files with 96 additions and 62 deletions
--- a/internal/utils/decoders/header_decoder.go
+++ b/internal/utils/decoders/header_decoder.go
@@ -11,13 +11,13 @@ import (

 // Based on: https://github.com/traefik/paerser/blob/master/parser/labels_decode.go (Apache 2.0 License)

-func DecodeHeaders(headers map[string]string) (config.App, error) {
-	var app config.App
+func DecodeHeaders(headers map[string]string) (config.AppConfigs, error) {
+	var app config.AppConfigs

-	err := decodeHeadersHelper(headers, &app, "tinyauth")
+	err := decodeHeadersHelper(headers, &app, "tinyauth", "tinyauth-apps")

 	if err != nil {
-		return config.App{}, err
+		return config.AppConfigs{}, err
 	}

 	return app, nil
--- a/internal/utils/decoders/header_decoder_test.go
+++ b/internal/utils/decoders/header_decoder_test.go
@@ -9,51 +9,55 @@ import (

 func TestDecodeHeaders(t *testing.T) {
 	// Variables
-	expected := config.App{
-		Config: config.AppConfig{
-			Domain: "example.com",
-		},
-		Users: config.AppUsers{
-			Allow: "user1,user2",
-			Block: "user3",
-		},
-		OAuth: config.AppOAuth{
-			Whitelist: "somebody@example.com",
-			Groups:    "group3",
-		},
-		IP: config.AppIP{
-			Allow:  []string{"10.71.0.1/24", "10.71.0.2"},
-			Block:  []string{"10.10.10.10", "10.0.0.0/24"},
-			Bypass: []string{"192.168.1.1"},
-		},
-		Response: config.AppResponse{
-			Headers: []string{"X-Foo=Bar", "X-Baz=Qux"},
-			BasicAuth: config.AppBasicAuth{
-				Username:     "admin",
-				Password:     "password",
-				PasswordFile: "/path/to/passwordfile",
+	expected := config.AppConfigs{
+		Apps: map[string]config.App{
+			"foo": {
+				Config: config.AppConfig{
+					Domain: "example.com",
+				},
+				Users: config.AppUsers{
+					Allow: "user1,user2",
+					Block: "user3",
+				},
+				OAuth: config.AppOAuth{
+					Whitelist: "somebody@example.com",
+					Groups:    "group3",
+				},
+				IP: config.AppIP{
+					Allow:  []string{"10.71.0.1/24", "10.71.0.2"},
+					Block:  []string{"10.10.10.10", "10.0.0.0/24"},
+					Bypass: []string{"192.168.1.1"},
+				},
+				Response: config.AppResponse{
+					Headers: []string{"X-Foo=Bar", "X-Baz=Qux"},
+					BasicAuth: config.AppBasicAuth{
+						Username:     "admin",
+						Password:     "password",
+						PasswordFile: "/path/to/passwordfile",
+					},
+				},
+				Path: config.AppPath{
+					Allow: "/public",
+					Block: "/private",
+				},
 			},
 		},
-		Path: config.AppPath{
-			Allow: "/public",
-			Block: "/private",
-		},
 	}
 	test := map[string]string{
-		"Tinyauth-Config-Domain":                   "example.com",
-		"Tinyauth-Users-Allow":                     "user1,user2",
-		"Tinyauth-Users-Block":                     "user3",
-		"Tinyauth-OAuth-Whitelist":                 "somebody@example.com",
-		"Tinyauth-OAuth-Groups":                    "group3",
-		"Tinyauth-IP-Allow":                        "10.71.0.1/24,10.71.0.2",
-		"Tinyauth-IP-Block":                        "10.10.10.10,10.0.0.0/24",
-		"Tinyauth-IP-Bypass":                       "192.168.1.1",
-		"Tinyauth-Response-Headers":                "X-Foo=Bar,X-Baz=Qux",
-		"Tinyauth-Response-BasicAuth-Username":     "admin",
-		"Tinyauth-Response-BasicAuth-Password":     "password",
-		"Tinyauth-Response-BasicAuth-PasswordFile": "/path/to/passwordfile",
-		"Tinyauth-Path-Allow":                      "/public",
-		"Tinyauth-Path-Block":                      "/private",
+		"Tinyauth-Apps-Foo-Config-Domain":                   "example.com",
+		"Tinyauth-Apps-Foo-Users-Allow":                     "user1,user2",
+		"Tinyauth-Apps-Foo-Users-Block":                     "user3",
+		"Tinyauth-Apps-Foo-OAuth-Whitelist":                 "somebody@example.com",
+		"Tinyauth-Apps-Foo-OAuth-Groups":                    "group3",
+		"Tinyauth-Apps-Foo-IP-Allow":                        "10.71.0.1/24,10.71.0.2",
+		"Tinyauth-Apps-Foo-IP-Block":                        "10.10.10.10,10.0.0.0/24",
+		"Tinyauth-Apps-Foo-IP-Bypass":                       "192.168.1.1",
+		"Tinyauth-Apps-Foo-Response-Headers":                "X-Foo=Bar,X-Baz=Qux",
+		"Tinyauth-Apps-Foo-Response-BasicAuth-Username":     "admin",
+		"Tinyauth-Apps-Foo-Response-BasicAuth-Password":     "password",
+		"Tinyauth-Apps-Foo-Response-BasicAuth-PasswordFile": "/path/to/passwordfile",
+		"Tinyauth-Apps-Foo-Path-Allow":                      "/public",
+		"Tinyauth-Apps-Foo-Path-Block":                      "/private",
 	}

 	// Test
--- a/internal/utils/decoders/label_decoder.go
+++ b/internal/utils/decoders/label_decoder.go
@@ -6,13 +6,13 @@ import (
 	"github.com/traefik/paerser/parser"
 )

-func DecodeLabels(labels map[string]string) (config.Labels, error) {
-	var appLabels config.Labels
+func DecodeLabels(labels map[string]string) (config.AppConfigs, error) {
+	var appLabels config.AppConfigs

-	err := parser.Decode(labels, &appLabels, "tinyauth")
+	err := parser.Decode(labels, &appLabels, "tinyauth", "tinyauth.apps")

 	if err != nil {
-		return config.Labels{}, err
+		return config.AppConfigs{}, err
 	}

 	return appLabels, nil
--- a/internal/utils/decoders/label_decoder_test.go
+++ b/internal/utils/decoders/label_decoder_test.go
@@ -9,7 +9,7 @@ import (

 func TestDecodeLabels(t *testing.T) {
 	// Variables
-	expected := config.Labels{
+	expected := config.AppConfigs{
 		Apps: map[string]config.App{
 			"foo": {
 				Config: config.AppConfig{
--- a/internal/utils/header_utils.go
+++ b/internal/utils/header_utils.go
@@ -32,3 +32,13 @@ func SanitizeHeader(header string) string {
 		return -1
 	}, header)
 }
+
+func NormalizeHeaders(headers http.Header) map[string]string {
+	var result = make(map[string]string)
+
+	for key, values := range headers {
+		result[key] = strings.Join(values, ",")
+	}
+
+	return result
+}