test: extend traefik browser tests

fix: skip browser detection for nginx and envoy
2026-04-03 04:17:58 +00:00 · 2026-04-02 18:46:38 +03:00 · 2026-04-02 18:24:38 +03:00
2 changed files with 52 additions and 2 deletions
--- a/internal/controller/proxy_controller.go
+++ b/internal/controller/proxy_controller.go
@@ -323,11 +323,14 @@ func (controller *ProxyController) getHeader(c *gin.Context, header string) (str
 }

 func (controller *ProxyController) useBrowserResponse(proxyCtx ProxyContext) bool {
-	if !proxyCtx.IsBrowser {
+	// If it's nginx or envoy we need non-browser response
+	if proxyCtx.ProxyType == Nginx || proxyCtx.ProxyType == Envoy {
 		return false
 	}

-	if proxyCtx.ProxyType == Traefik {
+	// For other proxies (traefik or caddy) we can check
+	// the user agent to determine if it's a browser or not
+	if proxyCtx.IsBrowser {
 		return true
 	}

--- a/internal/controller/proxy_controller_test.go
+++ b/internal/controller/proxy_controller_test.go
@@ -190,6 +190,53 @@ func TestProxyController(t *testing.T) {
 				assert.Equal(t, 401, recorder.Code)
 			},
 		},
+		{
+			description: "Ensure forward auth with is browser false returns json",
+			middlewares: []gin.HandlerFunc{},
+			run: func(t *testing.T, router *gin.Engine, recorder *httptest.ResponseRecorder) {
+				req := httptest.NewRequest("GET", "/api/auth/traefik", nil)
+				req.Header.Set("x-forwarded-host", "test.example.com")
+				req.Header.Set("x-forwarded-proto", "https")
+				req.Header.Set("x-forwarded-uri", "/")
+				router.ServeHTTP(recorder, req)
+
+				assert.Equal(t, 401, recorder.Code)
+				assert.Contains(t, recorder.Body.String(), `"status":401`)
+				assert.Contains(t, recorder.Body.String(), `"message":"Unauthorized"`)
+			},
+		},
+		{
+			description: "Ensure forward auth with caddy and browser user agent returns redirect",
+			middlewares: []gin.HandlerFunc{},
+			run: func(t *testing.T, router *gin.Engine, recorder *httptest.ResponseRecorder) {
+				req := httptest.NewRequest("GET", "/api/auth/traefik", nil)
+				req.Header.Set("x-forwarded-host", "test.example.com")
+				req.Header.Set("x-forwarded-proto", "https")
+				req.Header.Set("x-forwarded-uri", "/")
+				req.Header.Set("user-agent", browserUserAgent)
+				router.ServeHTTP(recorder, req)
+
+				assert.Equal(t, 307, recorder.Code)
+				location := recorder.Header().Get("Location")
+				assert.Contains(t, location, "https://tinyauth.example.com/login?redirect_uri=")
+				assert.Contains(t, location, "https%3A%2F%2Ftest.example.com%2F")
+			},
+		},
+		{
+			description: "Ensure forward auth with caddy and non browser user agent returns json",
+			middlewares: []gin.HandlerFunc{},
+			run: func(t *testing.T, router *gin.Engine, recorder *httptest.ResponseRecorder) {
+				req := httptest.NewRequest("GET", "/api/auth/traefik", nil)
+				req.Header.Set("x-forwarded-host", "test.example.com")
+				req.Header.Set("x-forwarded-proto", "https")
+				req.Header.Set("x-forwarded-uri", "/")
+				router.ServeHTTP(recorder, req)
+
+				assert.Equal(t, 401, recorder.Code)
+				assert.Contains(t, recorder.Body.String(), `"status":401`)
+				assert.Contains(t, recorder.Body.String(), `"message":"Unauthorized"`)
+			},
+		},
 		{
 			description: "Ensure normal authentication flow for forward auth",
 			middlewares: []gin.HandlerFunc{
Author	SHA1	Message	Date
Stavros	3373dcc412	test: extend traefik browser tests	2026-04-02 18:46:38 +03:00
Stavros	9d666dc108	fix: skip browser detection for nginx and envoy	2026-04-02 18:24:38 +03:00