Extended demo Caddyfile

Caddyfile

@@ -1,22 +1,35 @@
 (auth) {
-	# Forward /auth/ to the authentication service
+	# Permission check (named arg: perm=...)
-	@auth path /auth/*
-	handle @auth {
-		reverse_proxy localhost:4401
-	}
-	handle {
-		# Check for authentication
 	forward_auth localhost:4401 {
-			uri /auth/forward-auth
+		uri /auth/forward-auth?{args.0}
-			copy_headers x-auth*
+		copy_headers x-auth-*
-		}
-		{block}
 	}
 }
 
 localhost {
-	import auth {
+	# Single definition for auth service endpoints (avoid duplicate matcher names)
-		# Proxy authenticated requests to the main application
+	@auth_api path /auth/*
-		reverse_proxy localhost:3000
+	handle @auth_api {
+		reverse_proxy localhost:4401
+	}
+
+	# Admin-protected paths
+	handle_path /admin/* {
+		import auth perm=auth:admin
+		# Respond with a message for the admin area
+		respond "Admin area (protected)" 200
+	}
+
+	# Reports-protected paths
+	handle_path /reports/* {
+		import auth perm=reports:view
+		# Respond with a message for the reports area
+		respond "Reports area (protected)" 200
+	}
+
+	# Unprotected (fallback)
+	handle {
+		# Respond with a public content message
+		respond "Public content" 200
 	}
 }