Provide user info in Remote-* headers. Caddy configuration improved.

2025-09-25 18:12:40 -06:00
parent b0a1bb72dc
commit e514ae010d
9 changed files with 109 additions and 51 deletions
--- a/caddy/Caddyfile
+++ b/caddy/Caddyfile
@@ -0,0 +1,30 @@
+localhost {
+	import auth/setup
+	# Only users with myapp:reports and auth admin permissions
+	handle_path /reports {
+		import auth/require perm=myapp:reports&perm=auth:admin
+		respond "Reports area (protected) for {http.request.header.remote-org-name}" 200
+	}
+	# Public paths (no auth)
+	@public path /favicon.ico /.well-known/*
+	handle @public {
+		reverse_proxy :3000
+	}
+	# Respond with user's display name
+	handle_path /hello {
+		import auth/require ""
+		respond "Hello, {http.request.header.remote-name}! Your permissions: {http.request.header.remote-groups}" 200
+	}
+	# Default route, requires authentication but no authorization
+	handle {
+		import auth/require ""
+		reverse_proxy :3000
+	}
+}
+
+localhost:4404 {
+	# Full site protected, /auth/ reserved for auth service
+	import auth/all perm=auth:admin {
+		reverse_proxy :3000
+	}
+}