Added basic auth exception paths

Added feature request from #25
2025-08-10 23:27:50 +02:00 · 2023-08-22 23:46:54 +08:00
parent dce58343db
commit 4f7f60188f
11 changed files with 486 additions and 156 deletions
--- a/src/mod/dynamicproxy/basicAuth.go
+++ b/src/mod/dynamicproxy/basicAuth.go
@@ -3,6 +3,7 @@ package dynamicproxy
 import (
 	"errors"
 	"net/http"
+	"strings"

 	"imuslab.com/zoraxy/mod/auth"
 )
@@ -15,6 +16,16 @@ import (
 */

 func (h *ProxyHandler) handleBasicAuthRouting(w http.ResponseWriter, r *http.Request, pe *ProxyEndpoint) error {
+	if len(pe.BasicAuthExceptionRules) > 0 {
+		//Check if the current path matches the exception rules
+		for _, exceptionRule := range pe.BasicAuthExceptionRules {
+			if strings.HasPrefix(r.RequestURI, exceptionRule.PathPrefix) {
+				//This path is excluded from basic auth
+				return nil
+			}
+		}
+	}
+
 	proxyType := "vdir-auth"
 	if pe.ProxyType == ProxyType_Subdomain {
 		proxyType = "subd-auth"
--- a/src/mod/dynamicproxy/dynamicproxy.go
+++ b/src/mod/dynamicproxy/dynamicproxy.go
@@ -246,14 +246,15 @@ func (router *Router) AddVirtualDirectoryProxyService(options *VdirOptions) erro
 	proxy := dpcore.NewDynamicProxyCore(path, options.RootName, options.SkipCertValidations)

 	endpointObject := ProxyEndpoint{
-		ProxyType:            ProxyType_Vdir,
-		RootOrMatchingDomain: options.RootName,
-		Domain:               domain,
-		RequireTLS:           options.RequireTLS,
-		SkipCertValidations:  options.SkipCertValidations,
-		RequireBasicAuth:     options.RequireBasicAuth,
-		BasicAuthCredentials: options.BasicAuthCredentials,
-		Proxy:                proxy,
+		ProxyType:               ProxyType_Vdir,
+		RootOrMatchingDomain:    options.RootName,
+		Domain:                  domain,
+		RequireTLS:              options.RequireTLS,
+		SkipCertValidations:     options.SkipCertValidations,
+		RequireBasicAuth:        options.RequireBasicAuth,
+		BasicAuthCredentials:    options.BasicAuthCredentials,
+		BasicAuthExceptionRules: options.BasicAuthExceptionRules,
+		Proxy:                   proxy,
 	}

 	router.ProxyEndpoints.Store(options.RootName, &endpointObject)
@@ -271,46 +272,24 @@ func (router *Router) LoadProxy(ptype string, key string) (*ProxyEndpoint, error
 		if !ok {
 			return nil, errors.New("target proxy not found")
 		}
-		return proxy.(*ProxyEndpoint), nil
+
+		targetProxy := proxy.(*ProxyEndpoint)
+		targetProxy.parent = router
+		return targetProxy, nil
 	} else if ptype == "subd" {
 		proxy, ok := router.SubdomainEndpoint.Load(key)
 		if !ok {
 			return nil, errors.New("target proxy not found")
 		}
-		return proxy.(*ProxyEndpoint), nil
+
+		targetProxy := proxy.(*ProxyEndpoint)
+		targetProxy.parent = router
+		return targetProxy, nil
 	}

 	return nil, errors.New("unsupported ptype")
 }

-/*
-Save routing from RP
-*/
-func (router *Router) SaveProxy(ptype string, key string, newConfig *ProxyEndpoint) {
-	if ptype == "vdir" {
-		router.ProxyEndpoints.Store(key, newConfig)
-
-	} else if ptype == "subd" {
-		router.SubdomainEndpoint.Store(key, newConfig)
-	}
-
-}
-
-/*
-Remove routing from RP
-*/
-func (router *Router) RemoveProxy(ptype string, key string) error {
-	//fmt.Println(ptype, key)
-	if ptype == "vdir" {
-		router.ProxyEndpoints.Delete(key)
-		return nil
-	} else if ptype == "subd" {
-		router.SubdomainEndpoint.Delete(key)
-		return nil
-	}
-	return errors.New("invalid ptype")
-}
-
 /*
 Add an default router for the proxy server
 */
--- a/src/mod/dynamicproxy/proxyEndpoint.go
+++ b/src/mod/dynamicproxy/proxyEndpoint.go
@@ -0,0 +1,68 @@
+package dynamicproxy
+
+import "errors"
+
+/*
+	ProxyEndpoint.go
+	author: tobychui
+
+	This script handle the proxy endpoint object actions
+	so proxyEndpoint can be handled like a proper oop object
+
+	Most of the functions are implemented in dynamicproxy.go
+*/
+
+//Get the string version of proxy type
+func (ep *ProxyEndpoint) GetProxyTypeString() string {
+	if ep.ProxyType == ProxyType_Subdomain {
+		return "subd"
+	} else if ep.ProxyType == ProxyType_Vdir {
+		return "vdir"
+	}
+
+	return "unknown"
+}
+
+//Update change in the current running proxy endpoint config
+func (ep *ProxyEndpoint) UpdateToRuntime() {
+	if ep.IsVdir() {
+		ep.parent.ProxyEndpoints.Store(ep.RootOrMatchingDomain, ep)
+
+	} else if ep.IsSubDomain() {
+		ep.parent.SubdomainEndpoint.Store(ep.RootOrMatchingDomain, ep)
+	}
+}
+
+//Return true if the endpoint type is virtual directory
+func (ep *ProxyEndpoint) IsVdir() bool {
+	return ep.ProxyType == ProxyType_Vdir
+}
+
+//Return true if the endpoint type is subdomain
+func (ep *ProxyEndpoint) IsSubDomain() bool {
+	return ep.ProxyType == ProxyType_Subdomain
+}
+
+//Remove this proxy endpoint from running proxy endpoint list
+func (ep *ProxyEndpoint) Remove() error {
+	//fmt.Println(ptype, key)
+	if ep.IsVdir() {
+		ep.parent.ProxyEndpoints.Delete(ep.RootOrMatchingDomain)
+		return nil
+	} else if ep.IsSubDomain() {
+		ep.parent.SubdomainEndpoint.Delete(ep.RootOrMatchingDomain)
+		return nil
+	}
+	return errors.New("invalid or unsupported type")
+
+}
+
+//ProxyEndpoint remove provide global access by key
+func (router *Router) RemoveProxyEndpointByRootname(proxyType string, rootnameOrMatchingDomain string) error {
+	targetEpt, err := router.LoadProxy(proxyType, rootnameOrMatchingDomain)
+	if err != nil {
+		return err
+	}
+
+	return targetEpt.Remove()
+}
--- a/src/mod/dynamicproxy/subdomain.go
+++ b/src/mod/dynamicproxy/subdomain.go
@@ -34,13 +34,14 @@ func (router *Router) AddSubdomainRoutingService(options *SubdOptions) error {
 	proxy := dpcore.NewDynamicProxyCore(path, "", options.SkipCertValidations)

 	router.SubdomainEndpoint.Store(options.MatchingDomain, &ProxyEndpoint{
-		RootOrMatchingDomain: options.MatchingDomain,
-		Domain:               domain,
-		RequireTLS:           options.RequireTLS,
-		Proxy:                proxy,
-		SkipCertValidations:  options.SkipCertValidations,
-		RequireBasicAuth:     options.RequireBasicAuth,
-		BasicAuthCredentials: options.BasicAuthCredentials,
+		RootOrMatchingDomain:    options.MatchingDomain,
+		Domain:                  domain,
+		RequireTLS:              options.RequireTLS,
+		Proxy:                   proxy,
+		SkipCertValidations:     options.SkipCertValidations,
+		RequireBasicAuth:        options.RequireBasicAuth,
+		BasicAuthCredentials:    options.BasicAuthCredentials,
+		BasicAuthExceptionRules: options.BasicAuthExceptionRules,
 	})

 	log.Println("Adding Subdomain Rule: ", options.MatchingDomain+" to "+domain)
--- a/src/mod/dynamicproxy/typedef.go
+++ b/src/mod/dynamicproxy/typedef.go
@@ -59,56 +59,51 @@ type BasicAuthUnhashedCredentials struct {
 	Password string
 }

+// Paths to exclude in basic auth enabled proxy handler
+type BasicAuthExceptionRule struct {
+	PathPrefix string
+}
+
 // A proxy endpoint record
 type ProxyEndpoint struct {
-	ProxyType            int                     //The type of this proxy, see const def
-	RootOrMatchingDomain string                  //Root for vdir or Matching domain for subd
-	Domain               string                  //Domain or IP to proxy to
-	RequireTLS           bool                    //Target domain require TLS
-	SkipCertValidations  bool                    //Set to true to accept self signed certs
-	RequireBasicAuth     bool                    //Set to true to request basic auth before proxy
-	BasicAuthCredentials []*BasicAuthCredentials `json:"-"`
-	Proxy                *dpcore.ReverseProxy    `json:"-"`
+	ProxyType               int                       //The type of this proxy, see const def
+	RootOrMatchingDomain    string                    //Root for vdir or Matching domain for subd, also act as key
+	Domain                  string                    //Domain or IP to proxy to
+	RequireTLS              bool                      //Target domain require TLS
+	SkipCertValidations     bool                      //Set to true to accept self signed certs
+	RequireBasicAuth        bool                      //Set to true to request basic auth before proxy
+	BasicAuthCredentials    []*BasicAuthCredentials   `json:"-"` //Basic auth credentials
+	BasicAuthExceptionRules []*BasicAuthExceptionRule //Path to exclude in a basic auth enabled proxy target
+	Proxy                   *dpcore.ReverseProxy      `json:"-"`
+
+	parent *Router
 }

 type RootOptions struct {
-	ProxyLocation        string
-	RequireTLS           bool
-	SkipCertValidations  bool
-	RequireBasicAuth     bool
-	BasicAuthCredentials []*BasicAuthCredentials
+	ProxyLocation           string
+	RequireTLS              bool
+	SkipCertValidations     bool
+	RequireBasicAuth        bool
+	BasicAuthCredentials    []*BasicAuthCredentials
+	BasicAuthExceptionRules []*BasicAuthExceptionRule
 }

 type VdirOptions struct {
-	RootName             string
-	Domain               string
-	RequireTLS           bool
-	SkipCertValidations  bool
-	RequireBasicAuth     bool
-	BasicAuthCredentials []*BasicAuthCredentials
+	RootName                string
+	Domain                  string
+	RequireTLS              bool
+	SkipCertValidations     bool
+	RequireBasicAuth        bool
+	BasicAuthCredentials    []*BasicAuthCredentials
+	BasicAuthExceptionRules []*BasicAuthExceptionRule
 }

 type SubdOptions struct {
-	MatchingDomain       string
-	Domain               string
-	RequireTLS           bool
-	SkipCertValidations  bool
-	RequireBasicAuth     bool
-	BasicAuthCredentials []*BasicAuthCredentials
+	MatchingDomain          string
+	Domain                  string
+	RequireTLS              bool
+	SkipCertValidations     bool
+	RequireBasicAuth        bool
+	BasicAuthCredentials    []*BasicAuthCredentials
+	BasicAuthExceptionRules []*BasicAuthExceptionRule
 }
-
-/*
-type ProxyEndpoint struct {
-	Root string
-	Domain         string
-	RequireTLS     bool
-	Proxy          *reverseproxy.ReverseProxy `json:"-"`
-}
-
-type SubdomainEndpoint struct {
-	MatchingDomain string
-	Domain         string
-	RequireTLS     bool
-	Proxy          *reverseproxy.ReverseProxy `json:"-"`
-}
-*/