mirror of
https://github.com/caddyserver/caddy.git
synced 2024-12-15 16:23:38 +08:00
09b2cbcf4d
* caddyhttp: Add `MatchWithError` to replace SetVar hack * Error in IP matchers on TLS handshake not complete * Use MatchWithError everywhere possible * Move implementations to MatchWithError versions * Looser interface checking to allow fallback * CEL factories can return RequestMatcherWithError * Clarifying comment since it's subtle that an err is returned * Return 425 Too Early status in IP matchers * Keep AnyMatch signature the same for now * Apparently Deprecated can't be all-uppercase to get IDE linting * Linter
457 lines
12 KiB
Go
457 lines
12 KiB
Go
// Copyright 2015 Matthew Holt and The Caddy Authors
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
|
|
package caddyhttp
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"net/http"
|
|
"reflect"
|
|
"strings"
|
|
|
|
"github.com/google/cel-go/cel"
|
|
"github.com/google/cel-go/common/types/ref"
|
|
|
|
"github.com/caddyserver/caddy/v2"
|
|
"github.com/caddyserver/caddy/v2/caddyconfig/caddyfile"
|
|
)
|
|
|
|
func init() {
|
|
caddy.RegisterModule(VarsMiddleware{})
|
|
caddy.RegisterModule(VarsMatcher{})
|
|
caddy.RegisterModule(MatchVarsRE{})
|
|
}
|
|
|
|
// VarsMiddleware is an HTTP middleware which sets variables to
|
|
// have values that can be used in the HTTP request handler
|
|
// chain. The primary way to access variables is with placeholders,
|
|
// which have the form: `{http.vars.variable_name}`, or with
|
|
// the `vars` and `vars_regexp` request matchers.
|
|
//
|
|
// The key is the variable name, and the value is the value of the
|
|
// variable. Both the name and value may use or contain placeholders.
|
|
type VarsMiddleware map[string]any
|
|
|
|
// CaddyModule returns the Caddy module information.
|
|
func (VarsMiddleware) CaddyModule() caddy.ModuleInfo {
|
|
return caddy.ModuleInfo{
|
|
ID: "http.handlers.vars",
|
|
New: func() caddy.Module { return new(VarsMiddleware) },
|
|
}
|
|
}
|
|
|
|
func (m VarsMiddleware) ServeHTTP(w http.ResponseWriter, r *http.Request, next Handler) error {
|
|
vars := r.Context().Value(VarsCtxKey).(map[string]any)
|
|
repl := r.Context().Value(caddy.ReplacerCtxKey).(*caddy.Replacer)
|
|
for k, v := range m {
|
|
keyExpanded := repl.ReplaceAll(k, "")
|
|
if valStr, ok := v.(string); ok {
|
|
v = repl.ReplaceAll(valStr, "")
|
|
}
|
|
vars[keyExpanded] = v
|
|
|
|
// Special case: the user ID is in the replacer, pulled from there
|
|
// for access logs. Allow users to override it with the vars handler.
|
|
if keyExpanded == "http.auth.user.id" {
|
|
repl.Set(keyExpanded, v)
|
|
}
|
|
}
|
|
return next.ServeHTTP(w, r)
|
|
}
|
|
|
|
// UnmarshalCaddyfile implements caddyfile.Unmarshaler. Syntax:
|
|
//
|
|
// vars [<name> <val>] {
|
|
// <name> <val>
|
|
// ...
|
|
// }
|
|
func (m *VarsMiddleware) UnmarshalCaddyfile(d *caddyfile.Dispenser) error {
|
|
d.Next() // consume directive name
|
|
|
|
if *m == nil {
|
|
*m = make(VarsMiddleware)
|
|
}
|
|
|
|
nextVar := func(headerLine bool) error {
|
|
if headerLine {
|
|
// header line is optional
|
|
if !d.NextArg() {
|
|
return nil
|
|
}
|
|
}
|
|
varName := d.Val()
|
|
|
|
if !d.NextArg() {
|
|
return d.ArgErr()
|
|
}
|
|
varValue := d.ScalarVal()
|
|
|
|
(*m)[varName] = varValue
|
|
|
|
if d.NextArg() {
|
|
return d.ArgErr()
|
|
}
|
|
return nil
|
|
}
|
|
|
|
if err := nextVar(true); err != nil {
|
|
return err
|
|
}
|
|
for d.NextBlock(0) {
|
|
if err := nextVar(false); err != nil {
|
|
return err
|
|
}
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
// VarsMatcher is an HTTP request matcher which can match
|
|
// requests based on variables in the context or placeholder
|
|
// values. The key is the placeholder or name of the variable,
|
|
// and the values are possible values the variable can be in
|
|
// order to match (logical OR'ed).
|
|
//
|
|
// If the key is surrounded by `{ }` it is assumed to be a
|
|
// placeholder. Otherwise, it will be considered a variable
|
|
// name.
|
|
//
|
|
// Placeholders in the keys are not expanded, but
|
|
// placeholders in the values are.
|
|
type VarsMatcher map[string][]string
|
|
|
|
// CaddyModule returns the Caddy module information.
|
|
func (VarsMatcher) CaddyModule() caddy.ModuleInfo {
|
|
return caddy.ModuleInfo{
|
|
ID: "http.matchers.vars",
|
|
New: func() caddy.Module { return new(VarsMatcher) },
|
|
}
|
|
}
|
|
|
|
// UnmarshalCaddyfile implements caddyfile.Unmarshaler.
|
|
func (m *VarsMatcher) UnmarshalCaddyfile(d *caddyfile.Dispenser) error {
|
|
if *m == nil {
|
|
*m = make(map[string][]string)
|
|
}
|
|
// iterate to merge multiple matchers into one
|
|
for d.Next() {
|
|
var field string
|
|
if !d.Args(&field) {
|
|
return d.Errf("malformed vars matcher: expected field name")
|
|
}
|
|
vals := d.RemainingArgs()
|
|
if len(vals) == 0 {
|
|
return d.Errf("malformed vars matcher: expected at least one value to match against")
|
|
}
|
|
(*m)[field] = append((*m)[field], vals...)
|
|
if d.NextBlock(0) {
|
|
return d.Err("malformed vars matcher: blocks are not supported")
|
|
}
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// Match matches a request based on variables in the context,
|
|
// or placeholders if the key is not a variable.
|
|
func (m VarsMatcher) Match(r *http.Request) bool {
|
|
match, _ := m.MatchWithError(r)
|
|
return match
|
|
}
|
|
|
|
// MatchWithError returns true if r matches m.
|
|
func (m VarsMatcher) MatchWithError(r *http.Request) (bool, error) {
|
|
if len(m) == 0 {
|
|
return true, nil
|
|
}
|
|
|
|
vars := r.Context().Value(VarsCtxKey).(map[string]any)
|
|
repl := r.Context().Value(caddy.ReplacerCtxKey).(*caddy.Replacer)
|
|
|
|
for key, vals := range m {
|
|
var varValue any
|
|
if strings.HasPrefix(key, "{") &&
|
|
strings.HasSuffix(key, "}") &&
|
|
strings.Count(key, "{") == 1 {
|
|
varValue, _ = repl.Get(strings.Trim(key, "{}"))
|
|
} else {
|
|
varValue = vars[key]
|
|
}
|
|
|
|
// see if any of the values given in the matcher match the actual value
|
|
for _, v := range vals {
|
|
matcherValExpanded := repl.ReplaceAll(v, "")
|
|
var varStr string
|
|
switch vv := varValue.(type) {
|
|
case string:
|
|
varStr = vv
|
|
case fmt.Stringer:
|
|
varStr = vv.String()
|
|
case error:
|
|
varStr = vv.Error()
|
|
case nil:
|
|
varStr = ""
|
|
default:
|
|
varStr = fmt.Sprintf("%v", vv)
|
|
}
|
|
if varStr == matcherValExpanded {
|
|
return true, nil
|
|
}
|
|
}
|
|
}
|
|
return false, nil
|
|
}
|
|
|
|
// CELLibrary produces options that expose this matcher for use in CEL
|
|
// expression matchers.
|
|
//
|
|
// Example:
|
|
//
|
|
// expression vars({'{magic_number}': ['3', '5']})
|
|
// expression vars({'{foo}': 'single_value'})
|
|
func (VarsMatcher) CELLibrary(_ caddy.Context) (cel.Library, error) {
|
|
return CELMatcherImpl(
|
|
"vars",
|
|
"vars_matcher_request_map",
|
|
[]*cel.Type{CELTypeJSON},
|
|
func(data ref.Val) (RequestMatcherWithError, error) {
|
|
mapStrListStr, err := CELValueToMapStrList(data)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return VarsMatcher(mapStrListStr), nil
|
|
},
|
|
)
|
|
}
|
|
|
|
// MatchVarsRE matches the value of the context variables by a given regular expression.
|
|
//
|
|
// Upon a match, it adds placeholders to the request: `{http.regexp.name.capture_group}`
|
|
// where `name` is the regular expression's name, and `capture_group` is either
|
|
// the named or positional capture group from the expression itself. If no name
|
|
// is given, then the placeholder omits the name: `{http.regexp.capture_group}`
|
|
// (potentially leading to collisions).
|
|
type MatchVarsRE map[string]*MatchRegexp
|
|
|
|
// CaddyModule returns the Caddy module information.
|
|
func (MatchVarsRE) CaddyModule() caddy.ModuleInfo {
|
|
return caddy.ModuleInfo{
|
|
ID: "http.matchers.vars_regexp",
|
|
New: func() caddy.Module { return new(MatchVarsRE) },
|
|
}
|
|
}
|
|
|
|
// UnmarshalCaddyfile implements caddyfile.Unmarshaler.
|
|
func (m *MatchVarsRE) UnmarshalCaddyfile(d *caddyfile.Dispenser) error {
|
|
if *m == nil {
|
|
*m = make(map[string]*MatchRegexp)
|
|
}
|
|
// iterate to merge multiple matchers into one
|
|
for d.Next() {
|
|
var first, second, third string
|
|
if !d.Args(&first, &second) {
|
|
return d.ArgErr()
|
|
}
|
|
|
|
var name, field, val string
|
|
if d.Args(&third) {
|
|
name = first
|
|
field = second
|
|
val = third
|
|
} else {
|
|
field = first
|
|
val = second
|
|
}
|
|
|
|
// Default to the named matcher's name, if no regexp name is provided
|
|
if name == "" {
|
|
name = d.GetContextString(caddyfile.MatcherNameCtxKey)
|
|
}
|
|
|
|
(*m)[field] = &MatchRegexp{Pattern: val, Name: name}
|
|
if d.NextBlock(0) {
|
|
return d.Err("malformed vars_regexp matcher: blocks are not supported")
|
|
}
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// Provision compiles m's regular expressions.
|
|
func (m MatchVarsRE) Provision(ctx caddy.Context) error {
|
|
for _, rm := range m {
|
|
err := rm.Provision(ctx)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// Match returns true if r matches m.
|
|
func (m MatchVarsRE) Match(r *http.Request) bool {
|
|
match, _ := m.MatchWithError(r)
|
|
return match
|
|
}
|
|
|
|
// MatchWithError returns true if r matches m.
|
|
func (m MatchVarsRE) MatchWithError(r *http.Request) (bool, error) {
|
|
vars := r.Context().Value(VarsCtxKey).(map[string]any)
|
|
repl := r.Context().Value(caddy.ReplacerCtxKey).(*caddy.Replacer)
|
|
for key, val := range m {
|
|
var varValue any
|
|
if strings.HasPrefix(key, "{") &&
|
|
strings.HasSuffix(key, "}") &&
|
|
strings.Count(key, "{") == 1 {
|
|
varValue, _ = repl.Get(strings.Trim(key, "{}"))
|
|
} else {
|
|
varValue = vars[key]
|
|
}
|
|
|
|
var varStr string
|
|
switch vv := varValue.(type) {
|
|
case string:
|
|
varStr = vv
|
|
case fmt.Stringer:
|
|
varStr = vv.String()
|
|
case error:
|
|
varStr = vv.Error()
|
|
case nil:
|
|
varStr = ""
|
|
default:
|
|
varStr = fmt.Sprintf("%v", vv)
|
|
}
|
|
|
|
valExpanded := repl.ReplaceAll(varStr, "")
|
|
if match := val.Match(valExpanded, repl); match {
|
|
return match, nil
|
|
}
|
|
}
|
|
return false, nil
|
|
}
|
|
|
|
// CELLibrary produces options that expose this matcher for use in CEL
|
|
// expression matchers.
|
|
//
|
|
// Example:
|
|
//
|
|
// expression vars_regexp('foo', '{magic_number}', '[0-9]+')
|
|
// expression vars_regexp('{magic_number}', '[0-9]+')
|
|
func (MatchVarsRE) CELLibrary(ctx caddy.Context) (cel.Library, error) {
|
|
unnamedPattern, err := CELMatcherImpl(
|
|
"vars_regexp",
|
|
"vars_regexp_request_string_string",
|
|
[]*cel.Type{cel.StringType, cel.StringType},
|
|
func(data ref.Val) (RequestMatcherWithError, error) {
|
|
refStringList := reflect.TypeOf([]string{})
|
|
params, err := data.ConvertToNative(refStringList)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
strParams := params.([]string)
|
|
matcher := MatchVarsRE{}
|
|
matcher[strParams[0]] = &MatchRegexp{
|
|
Pattern: strParams[1],
|
|
Name: ctx.Value(MatcherNameCtxKey).(string),
|
|
}
|
|
err = matcher.Provision(ctx)
|
|
return matcher, err
|
|
},
|
|
)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
namedPattern, err := CELMatcherImpl(
|
|
"vars_regexp",
|
|
"vars_regexp_request_string_string_string",
|
|
[]*cel.Type{cel.StringType, cel.StringType, cel.StringType},
|
|
func(data ref.Val) (RequestMatcherWithError, error) {
|
|
refStringList := reflect.TypeOf([]string{})
|
|
params, err := data.ConvertToNative(refStringList)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
strParams := params.([]string)
|
|
name := strParams[0]
|
|
if name == "" {
|
|
name = ctx.Value(MatcherNameCtxKey).(string)
|
|
}
|
|
matcher := MatchVarsRE{}
|
|
matcher[strParams[1]] = &MatchRegexp{
|
|
Pattern: strParams[2],
|
|
Name: name,
|
|
}
|
|
err = matcher.Provision(ctx)
|
|
return matcher, err
|
|
},
|
|
)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
envOpts := append(unnamedPattern.CompileOptions(), namedPattern.CompileOptions()...)
|
|
prgOpts := append(unnamedPattern.ProgramOptions(), namedPattern.ProgramOptions()...)
|
|
return NewMatcherCELLibrary(envOpts, prgOpts), nil
|
|
}
|
|
|
|
// Validate validates m's regular expressions.
|
|
func (m MatchVarsRE) Validate() error {
|
|
for _, rm := range m {
|
|
err := rm.Validate()
|
|
if err != nil {
|
|
return err
|
|
}
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// GetVar gets a value out of the context's variable table by key.
|
|
// If the key does not exist, the return value will be nil.
|
|
func GetVar(ctx context.Context, key string) any {
|
|
varMap, ok := ctx.Value(VarsCtxKey).(map[string]any)
|
|
if !ok {
|
|
return nil
|
|
}
|
|
return varMap[key]
|
|
}
|
|
|
|
// SetVar sets a value in the context's variable table with
|
|
// the given key. It overwrites any previous value with the
|
|
// same key.
|
|
//
|
|
// If the value is nil (note: non-nil interface with nil
|
|
// underlying value does not count) and the key exists in
|
|
// the table, the key+value will be deleted from the table.
|
|
func SetVar(ctx context.Context, key string, value any) {
|
|
varMap, ok := ctx.Value(VarsCtxKey).(map[string]any)
|
|
if !ok {
|
|
return
|
|
}
|
|
if value == nil {
|
|
if _, ok := varMap[key]; ok {
|
|
delete(varMap, key)
|
|
return
|
|
}
|
|
}
|
|
varMap[key] = value
|
|
}
|
|
|
|
// Interface guards
|
|
var (
|
|
_ MiddlewareHandler = (*VarsMiddleware)(nil)
|
|
_ caddyfile.Unmarshaler = (*VarsMiddleware)(nil)
|
|
_ RequestMatcherWithError = (*VarsMatcher)(nil)
|
|
_ caddyfile.Unmarshaler = (*VarsMatcher)(nil)
|
|
_ RequestMatcherWithError = (*MatchVarsRE)(nil)
|
|
_ caddyfile.Unmarshaler = (*MatchVarsRE)(nil)
|
|
)
|