Provide user info in Remote-* headers. Caddy configuration improved.

caddy/auth/all

@@ -0,0 +1,6 @@
+# Enable auth site at /auth (setup) and require authentication on all paths
+import setup
+handle {
+    import require {args[0]}
+    {block}
+}

caddy/auth/require

@@ -0,0 +1,17 @@
+# Permission to use within your endpoints that need authentication/authorization, that
+# is different depending on the route (otherwise use auth/all).
+forward_auth {$AUTH_UPSTREAM:localhost:4401} {
+    uri /auth/api/forward?{args[0]}
+    copy_headers {
+        Remote-User
+        Remote-Name
+        Remote-Groups
+        Remote-Org
+        Remote-Org-Name
+        Remote-Role
+        Remote-Role-Name
+        Remote-Session-Expires
+        Remote-Session-Type
+        Remote-Credential
+    }
+}

caddy/auth/setup

@@ -0,0 +1,6 @@
+# Setup auth service at /auth/ and remove any Remote-* headers sent by client (for security)
+header -Remote-*
+@auth_api path /auth /auth/*
+handle @auth_api {
+    reverse_proxy {$AUTH_UPSTREAM:localhost:4401}
+}