mirror of
https://github.com/tobychui/zoraxy.git
synced 2025-08-06 21:28:30 +02:00
System arch optimization
- Optimized types and definitions - Moved shutdown seq to start.go file - Moved authelia to auth/sso module - Added different auth types support (wip) - Updated proxy config structure - Added v3.1.4 to v3.1.5 auto upgrade utilities - Fixed #426 - Optimized status page UI - Added options to disable uptime montior in config
This commit is contained in:
Toby Chui
@@ -309,10 +309,25 @@ func ReverseProxyHandleAddEndpoint(w http.ResponseWriter, r *http.Request) {
|
||||
}
|
||||
}
|
||||
|
||||
//Generate a default authenticaion provider
|
||||
authMethod := dynamicproxy.AuthMethodNone
|
||||
if requireBasicAuth {
|
||||
authMethod = dynamicproxy.AuthMethodBasic
|
||||
}
|
||||
thisAuthenticationProvider := dynamicproxy.AuthenticationProvider{
|
||||
AuthMethod: authMethod,
|
||||
BasicAuthCredentials: basicAuthCredentials,
|
||||
BasicAuthExceptionRules: []*dynamicproxy.BasicAuthExceptionRule{},
|
||||
}
|
||||
|
||||
thisCustomHeaderRules := dynamicproxy.HeaderRewriteRules{
|
||||
UserDefinedHeaders: []*rewrite.UserDefinedHeader{},
|
||||
}
|
||||
|
||||
//Generate a proxy endpoint object
|
||||
thisProxyEndpoint := dynamicproxy.ProxyEndpoint{
|
||||
//I/O
|
||||
ProxyType: dynamicproxy.ProxyType_Host,
|
||||
ProxyType: dynamicproxy.ProxyTypeHost,
|
||||
RootOrMatchingDomain: rootOrMatchingDomain,
|
||||
MatchingDomainAlias: aliasHostnames,
|
||||
ActiveOrigins: []*loadbalance.Upstream{
|
||||
@@ -333,13 +348,16 @@ func ReverseProxyHandleAddEndpoint(w http.ResponseWriter, r *http.Request) {
|
||||
//VDir
|
||||
VirtualDirectories: []*dynamicproxy.VirtualDirectoryEndpoint{},
|
||||
//Custom headers
|
||||
UserDefinedHeaders: []*rewrite.UserDefinedHeader{},
|
||||
|
||||
//Auth
|
||||
RequireBasicAuth: requireBasicAuth,
|
||||
BasicAuthCredentials: basicAuthCredentials,
|
||||
BasicAuthExceptionRules: []*dynamicproxy.BasicAuthExceptionRule{},
|
||||
DefaultSiteOption: 0,
|
||||
DefaultSiteValue: "",
|
||||
AuthenticationProvider: &thisAuthenticationProvider,
|
||||
|
||||
//Header Rewrite
|
||||
HeaderRewriteRules: &thisCustomHeaderRules,
|
||||
|
||||
//Default Site
|
||||
DefaultSiteOption: 0,
|
||||
DefaultSiteValue: "",
|
||||
// Rate Limit
|
||||
RequireRateLimit: requireRateLimit,
|
||||
RateLimit: int64(proxyRateLimit),
|
||||
@@ -379,7 +397,7 @@ func ReverseProxyHandleAddEndpoint(w http.ResponseWriter, r *http.Request) {
|
||||
|
||||
//Write the root options to file
|
||||
rootRoutingEndpoint := dynamicproxy.ProxyEndpoint{
|
||||
ProxyType: dynamicproxy.ProxyType_Root,
|
||||
ProxyType: dynamicproxy.ProxyTypeRoot,
|
||||
RootOrMatchingDomain: "/",
|
||||
ActiveOrigins: []*loadbalance.Upstream{
|
||||
{
|
||||
@@ -494,7 +512,19 @@ func ReverseProxyHandleEditEndpoint(w http.ResponseWriter, r *http.Request) {
|
||||
//Generate a new proxyEndpoint from the new config
|
||||
newProxyEndpoint := dynamicproxy.CopyEndpoint(targetProxyEntry)
|
||||
newProxyEndpoint.BypassGlobalTLS = bypassGlobalTLS
|
||||
newProxyEndpoint.RequireBasicAuth = requireBasicAuth
|
||||
if newProxyEndpoint.AuthenticationProvider == nil {
|
||||
newProxyEndpoint.AuthenticationProvider = &dynamicproxy.AuthenticationProvider{
|
||||
AuthMethod: dynamicproxy.AuthMethodNone,
|
||||
BasicAuthCredentials: []*dynamicproxy.BasicAuthCredentials{},
|
||||
BasicAuthExceptionRules: []*dynamicproxy.BasicAuthExceptionRule{},
|
||||
}
|
||||
}
|
||||
if requireBasicAuth {
|
||||
newProxyEndpoint.AuthenticationProvider.AuthMethod = dynamicproxy.AuthMethodBasic
|
||||
} else {
|
||||
newProxyEndpoint.AuthenticationProvider.AuthMethod = dynamicproxy.AuthMethodNone
|
||||
}
|
||||
|
||||
newProxyEndpoint.RequireRateLimit = requireRateLimit
|
||||
newProxyEndpoint.RateLimit = proxyRateLimit
|
||||
newProxyEndpoint.UseStickySession = useStickySession
|
||||
@@ -624,7 +654,7 @@ func UpdateProxyBasicAuthCredentials(w http.ResponseWriter, r *http.Request) {
|
||||
}
|
||||
|
||||
usernames := []string{}
|
||||
for _, cred := range targetProxy.BasicAuthCredentials {
|
||||
for _, cred := range targetProxy.AuthenticationProvider.BasicAuthCredentials {
|
||||
usernames = append(usernames, cred.Username)
|
||||
}
|
||||
|
||||
@@ -668,7 +698,7 @@ func UpdateProxyBasicAuthCredentials(w http.ResponseWriter, r *http.Request) {
|
||||
if credential.Password == "" {
|
||||
//Check if exists in the old credential files
|
||||
keepUnchange := false
|
||||
for _, oldCredEntry := range targetProxy.BasicAuthCredentials {
|
||||
for _, oldCredEntry := range targetProxy.AuthenticationProvider.BasicAuthCredentials {
|
||||
if oldCredEntry.Username == credential.Username {
|
||||
//Exists! Reuse the old hash
|
||||
mergedCredentials = append(mergedCredentials, &dynamicproxy.BasicAuthCredentials{
|
||||
@@ -693,7 +723,7 @@ func UpdateProxyBasicAuthCredentials(w http.ResponseWriter, r *http.Request) {
|
||||
}
|
||||
}
|
||||
|
||||
targetProxy.BasicAuthCredentials = mergedCredentials
|
||||
targetProxy.AuthenticationProvider.BasicAuthCredentials = mergedCredentials
|
||||
|
||||
//Save it to file
|
||||
SaveReverseProxyConfig(targetProxy)
|
||||
@@ -727,7 +757,7 @@ func ListProxyBasicAuthExceptionPaths(w http.ResponseWriter, r *http.Request) {
|
||||
}
|
||||
|
||||
//List all the exception paths for this proxy
|
||||
results := targetProxy.BasicAuthExceptionRules
|
||||
results := targetProxy.AuthenticationProvider.BasicAuthExceptionRules
|
||||
if results == nil {
|
||||
//It is a config from a really old version of zoraxy. Overwrite it with empty array
|
||||
results = []*dynamicproxy.BasicAuthExceptionRule{}
|
||||
@@ -764,7 +794,7 @@ func AddProxyBasicAuthExceptionPaths(w http.ResponseWriter, r *http.Request) {
|
||||
|
||||
//Add a new exception rule if it is not already exists
|
||||
alreadyExists := false
|
||||
for _, thisExceptionRule := range targetProxy.BasicAuthExceptionRules {
|
||||
for _, thisExceptionRule := range targetProxy.AuthenticationProvider.BasicAuthExceptionRules {
|
||||
if thisExceptionRule.PathPrefix == matchingPrefix {
|
||||
alreadyExists = true
|
||||
break
|
||||
@@ -774,7 +804,7 @@ func AddProxyBasicAuthExceptionPaths(w http.ResponseWriter, r *http.Request) {
|
||||
utils.SendErrorResponse(w, "This matching path already exists")
|
||||
return
|
||||
}
|
||||
targetProxy.BasicAuthExceptionRules = append(targetProxy.BasicAuthExceptionRules, &dynamicproxy.BasicAuthExceptionRule{
|
||||
targetProxy.AuthenticationProvider.BasicAuthExceptionRules = append(targetProxy.AuthenticationProvider.BasicAuthExceptionRules, &dynamicproxy.BasicAuthExceptionRule{
|
||||
PathPrefix: strings.TrimSpace(matchingPrefix),
|
||||
})
|
||||
|
||||
@@ -808,7 +838,7 @@ func RemoveProxyBasicAuthExceptionPaths(w http.ResponseWriter, r *http.Request)
|
||||
|
||||
newExceptionRuleList := []*dynamicproxy.BasicAuthExceptionRule{}
|
||||
matchingExists := false
|
||||
for _, thisExceptionalRule := range targetProxy.BasicAuthExceptionRules {
|
||||
for _, thisExceptionalRule := range targetProxy.AuthenticationProvider.BasicAuthExceptionRules {
|
||||
if thisExceptionalRule.PathPrefix != matchingPrefix {
|
||||
newExceptionRuleList = append(newExceptionRuleList, thisExceptionalRule)
|
||||
} else {
|
||||
@@ -821,7 +851,7 @@ func RemoveProxyBasicAuthExceptionPaths(w http.ResponseWriter, r *http.Request)
|
||||
return
|
||||
}
|
||||
|
||||
targetProxy.BasicAuthExceptionRules = newExceptionRuleList
|
||||
targetProxy.AuthenticationProvider.BasicAuthExceptionRules = newExceptionRuleList
|
||||
|
||||
// Save configs to runtime and file
|
||||
targetProxy.UpdateToRuntime()
|
||||
@@ -914,13 +944,13 @@ func ReverseProxyList(w http.ResponseWriter, r *http.Request) {
|
||||
thisEndpoint := dynamicproxy.CopyEndpoint(value.(*dynamicproxy.ProxyEndpoint))
|
||||
//Clear the auth passwords before showing to front-end
|
||||
cleanedCredentials := []*dynamicproxy.BasicAuthCredentials{}
|
||||
for _, user := range thisEndpoint.BasicAuthCredentials {
|
||||
for _, user := range thisEndpoint.AuthenticationProvider.BasicAuthCredentials {
|
||||
cleanedCredentials = append(cleanedCredentials, &dynamicproxy.BasicAuthCredentials{
|
||||
Username: user.Username,
|
||||
PasswordHash: "",
|
||||
})
|
||||
}
|
||||
thisEndpoint.BasicAuthCredentials = cleanedCredentials
|
||||
thisEndpoint.AuthenticationProvider.BasicAuthCredentials = cleanedCredentials
|
||||
results = append(results, thisEndpoint)
|
||||
return true
|
||||
})
|
||||
@@ -1127,7 +1157,7 @@ func HandleCustomHeaderList(w http.ResponseWriter, r *http.Request) {
|
||||
}
|
||||
|
||||
//List all custom headers
|
||||
customHeaderList := targetProxyEndpoint.UserDefinedHeaders
|
||||
customHeaderList := targetProxyEndpoint.HeaderRewriteRules.UserDefinedHeaders
|
||||
if customHeaderList == nil {
|
||||
customHeaderList = []*rewrite.UserDefinedHeader{}
|
||||
}
|
||||
@@ -1269,7 +1299,7 @@ func HandleHostOverwrite(w http.ResponseWriter, r *http.Request) {
|
||||
|
||||
if r.Method == http.MethodGet {
|
||||
//Get the current host header
|
||||
js, _ := json.Marshal(targetProxyEndpoint.RequestHostOverwrite)
|
||||
js, _ := json.Marshal(targetProxyEndpoint.HeaderRewriteRules.RequestHostOverwrite)
|
||||
utils.SendJSONResponse(w, string(js))
|
||||
} else if r.Method == http.MethodPost {
|
||||
//Set the new host header
|
||||
@@ -1278,7 +1308,7 @@ func HandleHostOverwrite(w http.ResponseWriter, r *http.Request) {
|
||||
//As this will require change in the proxy instance we are running
|
||||
//we need to clone and respawn this proxy endpoint
|
||||
newProxyEndpoint := targetProxyEndpoint.Clone()
|
||||
newProxyEndpoint.RequestHostOverwrite = newHostname
|
||||
newProxyEndpoint.HeaderRewriteRules.RequestHostOverwrite = newHostname
|
||||
//Save proxy endpoint
|
||||
err = SaveReverseProxyConfig(newProxyEndpoint)
|
||||
if err != nil {
|
||||
@@ -1341,7 +1371,7 @@ func HandleHopByHop(w http.ResponseWriter, r *http.Request) {
|
||||
|
||||
if r.Method == http.MethodGet {
|
||||
//Get the current hop by hop header state
|
||||
js, _ := json.Marshal(!targetProxyEndpoint.DisableHopByHopHeaderRemoval)
|
||||
js, _ := json.Marshal(!targetProxyEndpoint.HeaderRewriteRules.DisableHopByHopHeaderRemoval)
|
||||
utils.SendJSONResponse(w, string(js))
|
||||
} else if r.Method == http.MethodPost {
|
||||
//Set the hop by hop header state
|
||||
@@ -1351,7 +1381,7 @@ func HandleHopByHop(w http.ResponseWriter, r *http.Request) {
|
||||
//we need to clone and respawn this proxy endpoint
|
||||
newProxyEndpoint := targetProxyEndpoint.Clone()
|
||||
//Storage file use false as default, so disable removal = not enable remover
|
||||
newProxyEndpoint.DisableHopByHopHeaderRemoval = !enableHopByHopRemover
|
||||
newProxyEndpoint.HeaderRewriteRules.DisableHopByHopHeaderRemoval = !enableHopByHopRemover
|
||||
|
||||
//Save proxy endpoint
|
||||
err = SaveReverseProxyConfig(newProxyEndpoint)
|
||||
@@ -1414,7 +1444,7 @@ func HandleHSTSState(w http.ResponseWriter, r *http.Request) {
|
||||
|
||||
if r.Method == http.MethodGet {
|
||||
//Return current HSTS enable state
|
||||
hstsAge := targetProxyEndpoint.HSTSMaxAge
|
||||
hstsAge := targetProxyEndpoint.HeaderRewriteRules.HSTSMaxAge
|
||||
js, _ := json.Marshal(hstsAge)
|
||||
utils.SendJSONResponse(w, string(js))
|
||||
return
|
||||
@@ -1426,7 +1456,7 @@ func HandleHSTSState(w http.ResponseWriter, r *http.Request) {
|
||||
}
|
||||
|
||||
if newMaxAge == 0 || newMaxAge >= 31536000 {
|
||||
targetProxyEndpoint.HSTSMaxAge = int64(newMaxAge)
|
||||
targetProxyEndpoint.HeaderRewriteRules.HSTSMaxAge = int64(newMaxAge)
|
||||
err = SaveReverseProxyConfig(targetProxyEndpoint)
|
||||
if err != nil {
|
||||
utils.SendErrorResponse(w, "save HSTS state failed: "+err.Error())
|
||||
@@ -1468,11 +1498,11 @@ func HandlePermissionPolicy(w http.ResponseWriter, r *http.Request) {
|
||||
}
|
||||
|
||||
currentPolicy := permissionpolicy.GetDefaultPermissionPolicy()
|
||||
if targetProxyEndpoint.PermissionPolicy != nil {
|
||||
currentPolicy = targetProxyEndpoint.PermissionPolicy
|
||||
if targetProxyEndpoint.HeaderRewriteRules.PermissionPolicy != nil {
|
||||
currentPolicy = targetProxyEndpoint.HeaderRewriteRules.PermissionPolicy
|
||||
}
|
||||
result := CurrentPolicyState{
|
||||
PPEnabled: targetProxyEndpoint.EnablePermissionPolicyHeader,
|
||||
PPEnabled: targetProxyEndpoint.HeaderRewriteRules.EnablePermissionPolicyHeader,
|
||||
CurrentPolicy: currentPolicy,
|
||||
}
|
||||
|
||||
@@ -1487,7 +1517,7 @@ func HandlePermissionPolicy(w http.ResponseWriter, r *http.Request) {
|
||||
return
|
||||
}
|
||||
|
||||
targetProxyEndpoint.EnablePermissionPolicyHeader = enableState
|
||||
targetProxyEndpoint.HeaderRewriteRules.EnablePermissionPolicyHeader = enableState
|
||||
SaveReverseProxyConfig(targetProxyEndpoint)
|
||||
targetProxyEndpoint.UpdateToRuntime()
|
||||
utils.SendOK(w)
|
||||
@@ -1509,7 +1539,7 @@ func HandlePermissionPolicy(w http.ResponseWriter, r *http.Request) {
|
||||
}
|
||||
|
||||
//Save it to file
|
||||
targetProxyEndpoint.PermissionPolicy = newPermissionPolicy
|
||||
targetProxyEndpoint.HeaderRewriteRules.PermissionPolicy = newPermissionPolicy
|
||||
SaveReverseProxyConfig(targetProxyEndpoint)
|
||||
targetProxyEndpoint.UpdateToRuntime()
|
||||
utils.SendOK(w)
|
||||
|
||||
Reference in New Issue
Block a user