replacer: disable replace for authz misc

2025-04-18 08:04:02 +03:00 · 2022-03-05 16:01:09 -05:00 · 2022-03-05 16:01:09 -05:00 · 0207ed1ae8
commit 0207ed1ae8
parent 7f0bac7999
6 changed files with 14 additions and 11 deletions
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@ -81,10 +81,10 @@ module github.com/greenpau/caddy-security
 go 1.16

 require (
-    github.com/greenpau/go-authcrunch v1.0.17
+    github.com/greenpau/go-authcrunch v1.0.18
 )

-replace github.com/greenpau/go-authcrunch v1.0.17 => /home/greenpau/dev/go/src/github.com/greenpau/go-authcrunch
+replace github.com/greenpau/go-authcrunch v1.0.18 => /home/greenpau/dev/go/src/github.com/greenpau/go-authcrunch
 ```

 Then, modify `Makefile` such that that replacement passes to `xcaddy` builder:
@ -93,7 +93,7 @@ Then, modify `Makefile` such that that replacement passes to `xcaddy` builder:
        @mkdir -p ../xcaddy-$(PLUGIN_NAME) && cd ../xcaddy-$(PLUGIN_NAME) && \
                xcaddy build $(CADDY_VERSION) --output ../$(PLUGIN_NAME)/bin/caddy \
                --with github.com/greenpau/caddy-security@$(LATEST_GIT_COMMIT)=$(BUILD_DIR) \
-                --with github.com/greenpau/go-authcrunch@v1.0.17=/home/greenpau/dev/go/src/github.com/greenpau/go-authcrunch
+                --with github.com/greenpau/go-authcrunch@v1.0.18=/home/greenpau/dev/go/src/github.com/greenpau/go-authcrunch
 ```

 Once all the necessary packages are installed, you should be ready to compile
--- a/2
+++ b/2
@ -17,7 +17,7 @@ all: info
 		xcaddy build $(CADDY_VERSION) --output ../$(PLUGIN_NAME)/bin/caddy \
 		--with github.com/greenpau/caddy-security@$(LATEST_GIT_COMMIT)=$(BUILD_DIR) \
 		--with github.com/greenpau/caddy-trace@v1.1.8
-	@#--with github.com/greenpau/go-authcrunch@v1.0.17=/home/greenpau/dev/go/src/github.com/greenpau/go-authcrunch
+	@#--with github.com/greenpau/go-authcrunch@v1.0.18=/home/greenpau/dev/go/src/github.com/greenpau/go-authcrunch
 	@#bin/caddy run -config assets/config/Caddyfile
 	@for f in `find ./assets -type f -name 'Caddyfile'`; do bin/caddy fmt -overwrite $$f; done

--- a/caddyfile_authz.go
+++ b/caddyfile_authz.go
@ -45,35 +45,39 @@ func parseCaddyfileAuthorization(d *caddyfile.Dispenser, repl *caddy.Replacer, c
 		p := &authz.PolicyConfig{Name: args[1]}
 		for nesting := d.Nesting(); d.NextBlock(nesting); {
 			k := d.Val()
-			v := util.FindReplaceAll(repl, d.RemainingArgs())
 			rootDirective = mkcp(authzPrefix, args[0], k)
 			switch k {
 			case "crypto":
+				v := util.FindReplaceAll(repl, d.RemainingArgs())
 				if err := parseCaddyfileAuthorizationCrypto(d, repl, p, rootDirective, v); err != nil {
 					return err
 				}
 			case "acl":
+				v := util.FindReplaceAll(repl, d.RemainingArgs())
 				if err := parseCaddyfileAuthorizationACL(d, repl, p, rootDirective, v); err != nil {
 					return err
 				}
 			case "allow", "deny":
+				v := util.FindReplaceAll(repl, d.RemainingArgs())
 				if err := parseCaddyfileAuthorizationACLShortcuts(d, repl, p, rootDirective, k, v); err != nil {
 					return err
 				}
 			case "bypass":
+				v := util.FindReplaceAll(repl, d.RemainingArgs())
 				if err := parseCaddyfileAuthorizationBypass(d, repl, p, rootDirective, v); err != nil {
 					return err
 				}
 			case "enable", "disable", "validate", "set", "with":
-				if err := parseCaddyfileAuthorizationMisc(d, repl, p, rootDirective, k, v); err != nil {
+				if err := parseCaddyfileAuthorizationMisc(d, repl, p, rootDirective, k, d.RemainingArgs()); err != nil {
 					return err
 				}
 			case "inject":
+				v := util.FindReplaceAll(repl, d.RemainingArgs())
 				if err := parseCaddyfileAuthorizationHeaderInjection(d, repl, p, rootDirective, v); err != nil {
 					return err
 				}
 			default:
-				return errors.ErrMalformedDirective.WithArgs(rootDirective, v)
+				return errors.ErrMalformedDirective.WithArgs(rootDirective, d.RemainingArgs())
 			}
 		}
 		if err := cfg.AddAuthorizationPolicy(p); err != nil {
--- a/caddyfile_authz_misc.go
+++ b/caddyfile_authz_misc.go
@ -59,7 +59,6 @@ func parseCaddyfileAuthorizationMisc(h *caddyfile.Dispenser, repl *caddy.Replace
 			p.ValidateSourceAddress = true
 		case v == "bearer header":
 			p.ValidateBearerHeader = true
-
 		case v == "":
 			return h.Errf("%s directive has no value", rootDirective)
 		default:
--- a/go.mod
+++ b/go.mod
@ -5,7 +5,7 @@ go 1.16
 require (
 	github.com/caddyserver/caddy/v2 v2.4.6
 	github.com/google/go-cmp v0.5.7
-	github.com/greenpau/go-authcrunch v1.0.17
+	github.com/greenpau/go-authcrunch v1.0.18
 	github.com/satori/go.uuid v1.2.0
 	go.uber.org/zap v1.20.0
 )
--- a/go.sum
+++ b/go.sum
@ -476,8 +476,8 @@ github.com/gorilla/mux v1.7.3/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2z
 github.com/gorilla/websocket v0.0.0-20170926233335-4201258b820c/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
 github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
 github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
-github.com/greenpau/go-authcrunch v1.0.17 h1:EeHJAcWil9VAGA44Tk58Po6uH5Q46hJtJI5n0gUVLjA=
-github.com/greenpau/go-authcrunch v1.0.17/go.mod h1:wiUiQW5IPGxX8jAZMnqs/nhMF0DFHQAqEYsb8nU3KEE=
+github.com/greenpau/go-authcrunch v1.0.18 h1:g9Ev4MVOP2pq+DnEThq0r8Vtfcuj43+MJSIn11eX190=
+github.com/greenpau/go-authcrunch v1.0.18/go.mod h1:wiUiQW5IPGxX8jAZMnqs/nhMF0DFHQAqEYsb8nU3KEE=
 github.com/greenpau/versioned v1.0.27 h1:aFJ16tzsUkbc6WT7DRia60S0VrgWzBNuul3h0RXFKxM=
 github.com/greenpau/versioned v1.0.27/go.mod h1:rtFCvaWWNbMH4CJnje/xicgmrM63j++rUh5juSu0k/A=
 github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA=