update

.github/workflows/build.yml

@@ -18,12 +18,3 @@ jobs:
           password: ${{ secrets.DOCKER_PASSWORD }}
           repository: klnchu/cam
           tag_with_ref: true
-
-      - name: build docker
-        uses: docker/build-push-action@v1
-        with: 
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-          registry: docker.pkg.github.com
-          repository: kuozo/cam/cam
-          tag_with_ref: true

README.md

@@ -25,7 +25,7 @@ order {
 
 :9527 {
     cam {
-        auth_url /mg/users/verify
+        auth_url http://127.0.0.1:8092/auth/verify
         prefix_url /apis/
     }
 

cam.go

@@ -2,6 +2,7 @@ package cam
 
 import (
 	"net/http"
+	"strconv"
 	"strings"
 
 	"github.com/caddyserver/caddy/v2"
@@ -70,6 +71,11 @@ func (c *Cam) UnmarshalCaddyfile(d *caddyfile.Dispenser) error {
 				return d.Err("auth endpoint like http://** format")
 			}
 			c.AuthEndpoint = AuthEndpoint
+		case "allow_url":
+			if len(args) != 1 {
+				return d.Err("invalid allow url")
+			}
+			c.AllowURL = c.splitPrefix(args[0])
 		default:
 			d.Err("Unknow cam parameter: " + parameter)
 		}
@@ -86,6 +92,9 @@ func (c Cam) ServeHTTP(w http.ResponseWriter, r *http.Request, next caddyhttp.Ha
 
 	// make sure the url filter
 	url := r.URL.String()
+	if include(url, c.AllowURL) {
+		return next.ServeHTTP(w, r)
+	}
 	if !include(url, c.PrefixURL) {
 		return next.ServeHTTP(w, r)
 	}
@@ -94,10 +103,14 @@ func (c Cam) ServeHTTP(w http.ResponseWriter, r *http.Request, next caddyhttp.Ha
 		makeErrResp(w, 401, "token must value")
 		return nil
 	}
-	if !verifyToken(c.AuthEndpoint, token, url) {
-		makeErrResp(w, 403, "permission denied")
+	ar := verifyToken(c.AuthEndpoint, token, url)
+	if ar.Code != 200 {
+		makeErrResp(w, ar.Code, ar.Message)
 		return nil
 	}
+	r.Header.Add("x-user-id", strconv.Itoa(ar.Data.ID))
+	r.Header.Add("x-user-type", strconv.Itoa(ar.Data.IsSuper))
+	r.Header.Add("x-user-name", ar.Data.Name)
 	return next.ServeHTTP(w, r)
 }
 

tool.go

@@ -7,17 +7,35 @@ import (
 	"strings"
 )
 
+var codeMessageMap = map[int]string{
+	402: "bad request",
+	500: "bad gateway",
+	200: "success",
+}
+
 // ErrResp .
 type ErrResp struct {
 	Code    int    `json:"code"`
 	Message string `json:"message"`
 }
 
+// AuthUser auth user data
+type AuthUser struct {
+	Name    string `json:"name"`
+	ID      int    `json:"id"`
+	IsSuper int    `json:"is_super"`
+}
+
 // AuthResponse  response for auth
 type AuthResponse struct {
-	Code    int    `json:"code"`
-	Data    bool   `json:"data"`
-	Message string `json:"message"`
+	Code    int      `json:"code"`
+	Data    AuthUser `json:"data,omitempty"`
+	Message string   `json:"message"`
+}
+
+func (ar *AuthResponse) makeData(code int) {
+	ar.Code = code
+	ar.Message = codeMessageMap[code]
 }
 
 func include(data string, lst []string) bool {
@@ -38,29 +56,38 @@ func makeErrResp(w http.ResponseWriter, code int, message string) {
 	json.NewEncoder(w).Encode(er)
 }
 
-func verifyToken(authEndpoint string, token string, url string) bool {
+func verifyToken(authEndpoint string, token string, url string) *AuthResponse {
 	cli := http.Client{}
+	ar := new(AuthResponse)
+	ar.makeData(200)
 	req, err := http.NewRequest("GET", authEndpoint, nil)
 	if err != nil {
-		return false
+		ar.makeData(402)
+		return ar
 	}
 	req.Header.Add("token", token)
 	req.Header.Add("uri", url)
 	resp, err := cli.Do(req)
 	if err != nil {
-		return false
+		ar.makeData(402)
+		return ar
 	}
 	defer resp.Body.Close()
 	if resp.StatusCode != 200 {
-		return false
+		ar.makeData(500)
+		return ar
 	}
 	body, err := ioutil.ReadAll(resp.Body)
 	if err != nil {
-		return false
+		ar.makeData(500)
+		return ar
 	}
-	ar := new(AuthResponse)
 	if err := json.Unmarshal(body, ar); err != nil {
-		return false
+		ar.makeData(500)
+		return ar
+	}
+	if ar.Code == 0 {
+		ar.makeData(resp.StatusCode)
 	}
-	return ar.Data
+	return ar
 }