http: increase default response header timeout to 60s, add option to …

…customize it, schema update
yusing · Jan 29, 2025 · 68eb6e1 · 68eb6e1
1 parent d9b6b82
commit 68eb6e1
Show file tree

Hide file tree

Showing 18 changed files with 107 additions and 35 deletions.
diff --git a/internal/error/nested_error.go b/internal/error/nested_error.go
@@ -76,9 +76,7 @@ func (err *nestedError) Error() string {
 	if err.Err != nil {
 		lines = append(lines, makeLine(err.Err.Error(), 0))
 	}
-	if extras := makeLines(err.Extras, 1); len(extras) > 0 {
-		lines = append(lines, extras...)
-	}
+	lines = append(lines, makeLines(err.Extras, 1)...)
 	return strutils.JoinLines(lines)
 }
 
@@ -104,9 +102,7 @@ func makeLines(errs []error, level int) []string {
 			if err.Err != nil {
 				lines = append(lines, makeLine(err.Err.Error(), level))
 			}
-			if extras := makeLines(err.Extras, level+1); len(extras) > 0 {
-				lines = append(lines, extras...)
-			}
+			lines = append(lines, makeLines(err.Extras, level+1)...)
 		default:
 			lines = append(lines, makeLine(err.Error(), level))
 		}

diff --git a/internal/net/http/common.go b/internal/net/http/common.go
@@ -20,7 +20,7 @@ var (
 		TLSHandshakeTimeout:   10 * time.Second,
 		ExpectContinueTimeout: 1 * time.Second,
 		DisableCompression:    true, // Prevent double compression
-		ResponseHeaderTimeout: 30 * time.Second,
+		ResponseHeaderTimeout: 60 * time.Second,
 		WriteBufferSize:       16 * 1024, // 16KB
 		ReadBufferSize:        16 * 1024, // 16KB
 	}

diff --git a/internal/route/http.go b/internal/route/http.go
@@ -44,11 +44,15 @@ type (
 // var globalMux    = http.NewServeMux() // TODO: support regex subdomain matching.
 
 func NewHTTPRoute(entry *entry.ReverseProxyEntry) (impl, E.Error) {
-	var trans *http.Transport
-	if entry.Raw.NoTLSVerify {
+	trans := gphttp.DefaultTransport
+	httpConfig := entry.Raw.HTTPConfig
+
+	if httpConfig.NoTLSVerify {
 		trans = gphttp.DefaultTransportNoTLS
-	} else {
-		trans = gphttp.DefaultTransport
+	}
+	if httpConfig.ResponseHeaderTimeout > 0 {
+		trans = trans.Clone()
+		trans.ResponseHeaderTimeout = httpConfig.ResponseHeaderTimeout
 	}
 
 	service := entry.TargetName()

diff --git a/internal/route/types/http_config.go b/internal/route/types/http_config.go
@@ -0,0 +1,10 @@
+package types
+
+import (
+	"time"
+)
+
+type HTTPConfig struct {
+	NoTLSVerify           bool          `json:"no_tls_verify,omitempty"`
+	ResponseHeaderTimeout time.Duration `json:"response_header_timeout,omitempty"`
+}
diff --git a/internal/route/types/http_config_test.go b/internal/route/types/http_config_test.go
@@ -0,0 +1,47 @@
+package types
+
+import (
+	"testing"
+	"time"
+
+	"github.com/yusing/go-proxy/internal/utils"
+	. "github.com/yusing/go-proxy/internal/utils/testing"
+)
+
+func TestHTTPConfigDeserialize(t *testing.T) {
+	tests := []struct {
+		name     string
+		input    map[string]any
+		expected HTTPConfig
+	}{
+		{
+			name: "no_tls_verify",
+			input: map[string]any{
+				"no_tls_verify": "true",
+			},
+			expected: HTTPConfig{
+				NoTLSVerify: true,
+			},
+		},
+		{
+			name: "response_header_timeout",
+			input: map[string]any{
+				"response_header_timeout": "1s",
+			},
+			expected: HTTPConfig{
+				ResponseHeaderTimeout: 1 * time.Second,
+			},
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			cfg := RawEntry{}
+			err := utils.Deserialize(tt.input, &cfg)
+			if err != nil {
+				ExpectNoError(t, err)
+			}
+			ExpectDeepEqual(t, cfg.HTTPConfig, &tt.expected)
+		})
+	}
+}
diff --git a/internal/route/types/raw_entry.go b/internal/route/types/raw_entry.go
@@ -25,11 +25,12 @@ type (
 
 		// raw entry object before validation
 		// loaded from docker labels or yaml file
-		Alias        string                     `json:"alias"`
-		Scheme       string                     `json:"scheme,omitempty"`
-		Host         string                     `json:"host,omitempty"`
-		Port         string                     `json:"port,omitempty"`
-		NoTLSVerify  bool                       `json:"no_tls_verify,omitempty"`
+		Alias  string `json:"alias"`
+		Scheme string `json:"scheme,omitempty"`
+		Host   string `json:"host,omitempty"`
+		Port   string `json:"port,omitempty"`
+
+		HTTPConfig   `json:"http"`
 		PathPatterns []string                   `json:"path_patterns,omitempty"`
 		Rules        rules.Rules                `json:"rules,omitempty" validate:"omitempty,unique=Name"`
 		HealthCheck  *health.HealthCheckConfig  `json:"healthcheck,omitempty"`

diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
 	"name": "godoxy-schemas",
-	"version": "0.9.0-20",
+	"version": "0.9.0-21",
 	"description": "JSON Schema and typescript types for GoDoxy configuration",
 	"license": "MIT",
 	"repository": {

diff --git a/schemas/config.schema.json b/schemas/config.schema.json
diff --git a/schemas/config/notification.d.ts b/schemas/config/notification.d.ts
@@ -9,7 +9,7 @@ export interface GotifyConfig extends NotificationConfig {
     provider: "gotify";
     token: string;
 }
-export declare const WEBHOOK_TEMPLATES: readonly ["discord"];
+export declare const WEBHOOK_TEMPLATES: readonly ["", "discord"];
 export declare const WEBHOOK_METHODS: readonly ["POST", "GET", "PUT"];
 export declare const WEBHOOK_MIME_TYPES: readonly ["application/json", "application/x-www-form-urlencoded", "text/plain"];
 export declare const WEBHOOK_COLOR_MODES: readonly ["hex", "dec"];

diff --git a/schemas/config/notification.js b/schemas/config/notification.js
@@ -1,5 +1,5 @@
 export const NOTIFICATION_PROVIDERS = ["webhook", "gotify"];
-export const WEBHOOK_TEMPLATES = ["discord"];
+export const WEBHOOK_TEMPLATES = ["", "discord"];
 export const WEBHOOK_METHODS = ["POST", "GET", "PUT"];
 export const WEBHOOK_MIME_TYPES = [
     "application/json",

diff --git a/schemas/config/notification.ts b/schemas/config/notification.ts
@@ -17,7 +17,7 @@ export interface GotifyConfig extends NotificationConfig {
   token: string;
 }
 
-export const WEBHOOK_TEMPLATES = ["discord"] as const;
+export const WEBHOOK_TEMPLATES = ["", "discord"] as const;
 export const WEBHOOK_METHODS = ["POST", "GET", "PUT"] as const;
 export const WEBHOOK_MIME_TYPES = [
   "application/json",

diff --git a/schemas/docker_routes.schema.json b/schemas/docker_routes.schema.json
diff --git a/schemas/middleware_compose.schema.json b/schemas/middleware_compose.schema.json
@@ -1 +1 @@
-{"$schema":"http://json-schema.org/draft-07/schema#","definitions":{"CIDR":{"anyOf":[{"pattern":"^[0-9]*\\.[0-9]*\\.[0-9]*\\.[0-9]*$","type":"string"},{"pattern":"^.*:.*:.*:.*:.*:.*:.*:.*$","type":"string"},{"pattern":"^[0-9]*\\.[0-9]*\\.[0-9]*\\.[0-9]*/[0-9]*$","type":"string"},{"pattern":"^::[0-9]*$","type":"string"},{"pattern":"^.*::/[0-9]*$","type":"string"},{"pattern":"^.*:.*::/[0-9]*$","type":"string"}]},"Duration":{"pattern":"^([0-9]+(ms|s|m|h))+$","type":"string"},"HTTPHeader":{"description":"HTTP Header","pattern":"^[a-zA-Z0-9\\-]+$","type":"string"},"MiddlewareComposeMap":{"anyOf":[{"additionalProperties":false,"properties":{"use":{"enum":["CustomErrorPage","ErrorPage","customErrorPage","custom_error_page","errorPage","error_page"],"type":"string"}},"required":["use"],"type":"object"},{"additionalProperties":false,"properties":{"use":{"enum":["RedirectHTTP","redirectHTTP","redirect_http"],"type":"string"}},"required":["use"],"type":"object"},{"additionalProperties":false,"properties":{"use":{"enum":["SetXForwarded","setXForwarded","set_x_forwarded"],"type":"string"}},"required":["use"],"type":"object"},{"additionalProperties":false,"properties":{"use":{"enum":["HideXForwarded","hideXForwarded","hide_x_forwarded"],"type":"string"}},"required":["use"],"type":"object"},{"additionalProperties":false,"properties":{"allow":{"items":{"$ref":"#/definitions/CIDR"},"type":"array"},"message":{"default":"IP not allowed","description":"Error message when blocked","type":"string"},"status":{"$ref":"#/definitions/StatusCode","default":403,"description":"HTTP status code when blocked (alias of status_code)"},"status_code":{"$ref":"#/definitions/StatusCode","default":403,"description":"HTTP status code when blocked"},"use":{"enum":["CIDRWhitelist","cidrWhitelist","cidr_whitelist"],"type":"string"}},"required":["allow","use"],"type":"object"},{"additionalProperties":false,"properties":{"recursive":{"default":false,"description":"Recursively resolve the IP","type":"boolean"},"use":{"enum":["cloudflareRealIp","cloudflare_real_ip"],"type":"string"}},"required":["use"],"type":"object"},{"additionalProperties":false,"properties":{"add_headers":{"additionalProperties":false,"description":"Add HTTP headers","items":{"type":"string"},"type":"array"},"hide_headers":{"description":"Hide HTTP headers","items":{"$ref":"#/definitions/HTTPHeader"},"type":"array"},"set_headers":{"additionalProperties":false,"description":"Set HTTP headers","items":{"type":"string"},"type":"array"},"use":{"enum":["ModifyRequest","Request","modifyRequest","modify_request","request"],"type":"string"}},"required":["use"],"type":"object"},{"additionalProperties":false,"properties":{"add_headers":{"additionalProperties":false,"description":"Add HTTP headers","items":{"type":"string"},"type":"array"},"hide_headers":{"description":"Hide HTTP headers","items":{"$ref":"#/definitions/HTTPHeader"},"type":"array"},"set_headers":{"additionalProperties":false,"description":"Set HTTP headers","items":{"type":"string"},"type":"array"},"use":{"enum":["ModifyResponse","Response","modifyResponse","modify_response","response"],"type":"string"}},"required":["use"],"type":"object"},{"additionalProperties":false,"properties":{"allowed_groups":{"description":"Allowed groups","items":{"type":"string"},"minItems":1,"type":"array"},"allowed_users":{"description":"Allowed users","items":{"type":"string"},"minItems":1,"type":"array"},"use":{"enum":["OIDC","oidc"],"type":"string"}},"required":["use"],"type":"object"},{"additionalProperties":false,"properties":{"average":{"description":"Average number of requests allowed in a period","type":"number"},"burst":{"description":"Maximum number of requests allowed in a period","type":"number"},"period":{"$ref":"#/definitions/Duration","default":"1s","description":"Duration of the rate limit"},"use":{"enum":["RateLimit","rateLimit","rate_limit"],"type":"string"}},"required":["average","burst","use"],"type":"object"},{"additionalProperties":false,"properties":{"from":{"items":{"$ref":"#/definitions/CIDR"},"type":"array"},"header":{"$ref":"#/definitions/HTTPHeader","default":"X-Real-IP","description":"Header to get the client IP from"},"recursive":{"default":false,"description":"Recursive resolve the IP","type":"boolean"},"use":{"enum":["RealIP","realIP","real_ip"],"type":"string"}},"required":["from","use"],"type":"object"}]},"StatusCode":{"anyOf":[{"pattern":"^[0-9]*$","type":"string"},{"type":"number"}]}},"items":{"$ref":"#/definitions/MiddlewareComposeMap"},"type":"array"}
+{"$schema":"http://json-schema.org/draft-07/schema#","definitions":{"CIDR":{"anyOf":[{"pattern":"^[0-9]*\\.[0-9]*\\.[0-9]*\\.[0-9]*$","type":"string"},{"pattern":"^.*:.*:.*:.*:.*:.*:.*:.*$","type":"string"},{"pattern":"^[0-9]*\\.[0-9]*\\.[0-9]*\\.[0-9]*/[0-9]*$","type":"string"},{"pattern":"^::[0-9]*$","type":"string"},{"pattern":"^.*::/[0-9]*$","type":"string"},{"pattern":"^.*:.*::/[0-9]*$","type":"string"}]},"Duration":{"pattern":"^([0-9]+(ms|s|m|h))+$","type":"string"},"HTTPHeader":{"description":"HTTP Header","pattern":"^[a-zA-Z0-9\\-]+$","type":"string"},"MiddlewareComposeMap":{"anyOf":[{"additionalProperties":false,"properties":{"use":{"enum":["CustomErrorPage","ErrorPage","customErrorPage","custom_error_page","errorPage","error_page"],"type":"string"}},"required":["use"],"type":"object"},{"additionalProperties":false,"properties":{"use":{"enum":["RedirectHTTP","redirectHTTP","redirect_http"],"type":"string"}},"required":["use"],"type":"object"},{"additionalProperties":false,"properties":{"use":{"enum":["SetXForwarded","setXForwarded","set_x_forwarded"],"type":"string"}},"required":["use"],"type":"object"},{"additionalProperties":false,"properties":{"use":{"enum":["HideXForwarded","hideXForwarded","hide_x_forwarded"],"type":"string"}},"required":["use"],"type":"object"},{"additionalProperties":false,"properties":{"allow":{"items":{"$ref":"#/definitions/CIDR"},"type":"array"},"message":{"default":"IP not allowed","description":"Error message when blocked","type":"string"},"status":{"$ref":"#/definitions/StatusCode","default":403,"description":"HTTP status code when blocked (alias of status_code)"},"status_code":{"$ref":"#/definitions/StatusCode","default":403,"description":"HTTP status code when blocked"},"use":{"enum":["CIDRWhitelist","cidrWhitelist","cidr_whitelist"],"type":"string"}},"required":["allow","use"],"type":"object"},{"additionalProperties":false,"properties":{"recursive":{"default":false,"description":"Recursively resolve the IP","type":"boolean"},"use":{"enum":["CloudflareRealIP","cloudflareRealIp","cloudflare_real_ip"],"type":"string"}},"required":["use"],"type":"object"},{"additionalProperties":false,"properties":{"add_headers":{"additionalProperties":false,"description":"Add HTTP headers","items":{"type":"string"},"type":"array"},"hide_headers":{"description":"Hide HTTP headers","items":{"$ref":"#/definitions/HTTPHeader"},"type":"array"},"set_headers":{"additionalProperties":false,"description":"Set HTTP headers","items":{"type":"string"},"type":"array"},"use":{"enum":["ModifyRequest","Request","modifyRequest","modify_request","request"],"type":"string"}},"required":["use"],"type":"object"},{"additionalProperties":false,"properties":{"add_headers":{"additionalProperties":false,"description":"Add HTTP headers","items":{"type":"string"},"type":"array"},"hide_headers":{"description":"Hide HTTP headers","items":{"$ref":"#/definitions/HTTPHeader"},"type":"array"},"set_headers":{"additionalProperties":false,"description":"Set HTTP headers","items":{"type":"string"},"type":"array"},"use":{"enum":["ModifyResponse","Response","modifyResponse","modify_response","response"],"type":"string"}},"required":["use"],"type":"object"},{"additionalProperties":false,"properties":{"allowed_groups":{"description":"Allowed groups","items":{"type":"string"},"minItems":1,"type":"array"},"allowed_users":{"description":"Allowed users","items":{"type":"string"},"minItems":1,"type":"array"},"use":{"enum":["OIDC","oidc"],"type":"string"}},"required":["use"],"type":"object"},{"additionalProperties":false,"properties":{"average":{"description":"Average number of requests allowed in a period","type":"number"},"burst":{"description":"Maximum number of requests allowed in a period","type":"number"},"period":{"$ref":"#/definitions/Duration","default":"1s","description":"Duration of the rate limit"},"use":{"enum":["RateLimit","rateLimit","rate_limit"],"type":"string"}},"required":["average","burst","use"],"type":"object"},{"additionalProperties":false,"properties":{"from":{"items":{"$ref":"#/definitions/CIDR"},"type":"array"},"header":{"$ref":"#/definitions/HTTPHeader","default":"X-Real-IP","description":"Header to get the client IP from"},"recursive":{"default":false,"description":"Recursive resolve the IP","type":"boolean"},"use":{"enum":["RealIP","realIP","real_ip"],"type":"string"}},"required":["from","use"],"type":"object"}]},"StatusCode":{"anyOf":[{"pattern":"^[0-9]*$","type":"string"},{"type":"number"}]}},"items":{"$ref":"#/definitions/MiddlewareComposeMap"},"type":"array"}
diff --git a/schemas/middlewares/middlewares.d.ts b/schemas/middlewares/middlewares.d.ts
@@ -46,7 +46,7 @@ export type CIDRWhitelist = {
     message?: string;
 };
 export type CloudflareRealIP = {
-    use: "cloudflare_real_ip" | "cloudflareRealIp" | "cloudflare_real_ip";
+    use: "cloudflare_real_ip" | "cloudflareRealIp" | "CloudflareRealIP";
     /** Recursively resolve the IP
      *
      * @default false

diff --git a/schemas/middlewares/middlewares.ts b/schemas/middlewares/middlewares.ts
@@ -96,7 +96,7 @@ export type CIDRWhitelist = {
 };
 
 export type CloudflareRealIP = {
-  use: "cloudflare_real_ip" | "cloudflareRealIp" | "cloudflare_real_ip";
+  use: "cloudflare_real_ip" | "cloudflareRealIp" | "CloudflareRealIP";
   /** Recursively resolve the IP
    *
    * @default false

diff --git a/schemas/providers/routes.d.ts b/schemas/providers/routes.d.ts
@@ -1,7 +1,7 @@
 import { AccessLogConfig } from "../config/access_log";
 import { accessLogExamples } from "../config/entrypoint";
 import { MiddlewaresMap } from "../middlewares/middlewares";
-import { Hostname, IPv4, IPv6, PathPattern, Port, StreamPort } from "../types";
+import { Duration, Hostname, IPv4, IPv6, PathPattern, Port, StreamPort } from "../types";
 import { HealthcheckConfig } from "./healthcheck";
 import { HomepageConfig } from "./homepage";
 import { LoadBalanceConfig } from "./loadbalance";
@@ -33,11 +33,18 @@ export type ReverseProxyRoute = {
      * @default 80
      */
     port?: Port;
-    /** Skip TLS verification
-     *
-     * @default false
-     */
-    no_tls_verify?: boolean;
+    http: {
+        /** Skip TLS verification
+       *
+       * @default false
+       */
+        no_tls_verify?: boolean;
+        /** Response header timeout
+         *
+         * @default 60s
+         */
+        response_header_timeout?: Duration;
+    };
     /** Path patterns (only patterns that match will be proxied).
      *
      * See https://pkg.go.dev/net/http#hdr-Patterns-ServeMux

diff --git a/schemas/providers/routes.ts b/schemas/providers/routes.ts
@@ -1,7 +1,7 @@
 import { AccessLogConfig } from "../config/access_log";
 import { accessLogExamples } from "../config/entrypoint";
 import { MiddlewaresMap } from "../middlewares/middlewares";
-import { Hostname, IPv4, IPv6, PathPattern, Port, StreamPort } from "../types";
+import { Duration, Hostname, IPv4, IPv6, PathPattern, Port, StreamPort } from "../types";
 import { HealthcheckConfig } from "./healthcheck";
 import { HomepageConfig } from "./homepage";
 import { LoadBalanceConfig } from "./loadbalance";
@@ -36,11 +36,18 @@ export type ReverseProxyRoute = {
    * @default 80
    */
   port?: Port;
-  /** Skip TLS verification
+  http: {
+    /** Skip TLS verification
    *
    * @default false
    */
-  no_tls_verify?: boolean;
+    no_tls_verify?: boolean;
+    /** Response header timeout
+     *
+     * @default 60s
+     */
+    response_header_timeout?: Duration;
+  }
   /** Path patterns (only patterns that match will be proxied).
    *
    * See https://pkg.go.dev/net/http#hdr-Patterns-ServeMux
Original file line number	Diff line number	Diff line change
		@@ -1 +1 @@
		{"$schema":"http://json-schema.org/draft-07/schema#","definitions":{"CIDR":{"anyOf":[{"pattern":"^[0-9]\\.[0-9]\\.[0-9]\\.[0-9]$","type":"string"},{"pattern":"^.:.:.:.:.:.:.:.$","type":"string"},{"pattern":"^[0-9]\\.[0-9]\\.[0-9]\\.[0-9]/[0-9]$","type":"string"},{"pattern":"^::[0-9]$","type":"string"},{"pattern":"^.::/[0-9]$","type":"string"},{"pattern":"^.:.::/[0-9]$","type":"string"}]},"Duration":{"pattern":"^([0-9]+(ms\|s\|m\|h))+$","type":"string"},"HTTPHeader":{"description":"HTTP Header","pattern":"^[a-zA-Z0-9\\-]+$","type":"string"},"MiddlewareComposeMap":{"anyOf":[{"additionalProperties":false,"properties":{"use":{"enum":["CustomErrorPage","ErrorPage","customErrorPage","custom_error_page","errorPage","error_page"],"type":"string"}},"required":["use"],"type":"object"},{"additionalProperties":false,"properties":{"use":{"enum":["RedirectHTTP","redirectHTTP","redirect_http"],"type":"string"}},"required":["use"],"type":"object"},{"additionalProperties":false,"properties":{"use":{"enum":["SetXForwarded","setXForwarded","set_x_forwarded"],"type":"string"}},"required":["use"],"type":"object"},{"additionalProperties":false,"properties":{"use":{"enum":["HideXForwarded","hideXForwarded","hide_x_forwarded"],"type":"string"}},"required":["use"],"type":"object"},{"additionalProperties":false,"properties":{"allow":{"items":{"$ref":"#/definitions/CIDR"},"type":"array"},"message":{"default":"IP not allowed","description":"Error message when blocked","type":"string"},"status":{"$ref":"#/definitions/StatusCode","default":403,"description":"HTTP status code when blocked (alias of status_code)"},"status_code":{"$ref":"#/definitions/StatusCode","default":403,"description":"HTTP status code when blocked"},"use":{"enum":["CIDRWhitelist","cidrWhitelist","cidr_whitelist"],"type":"string"}},"required":["allow","use"],"type":"object"},{"additionalProperties":false,"properties":{"recursive":{"default":false,"description":"Recursively resolve the IP","type":"boolean"},"use":{"enum":["cloudflareRealIp","cloudflare_real_ip"],"type":"string"}},"required":["use"],"type":"object"},{"additionalProperties":false,"properties":{"add_headers":{"additionalProperties":false,"description":"Add HTTP headers","items":{"type":"string"},"type":"array"},"hide_headers":{"description":"Hide HTTP headers","items":{"$ref":"#/definitions/HTTPHeader"},"type":"array"},"set_headers":{"additionalProperties":false,"description":"Set HTTP headers","items":{"type":"string"},"type":"array"},"use":{"enum":["ModifyRequest","Request","modifyRequest","modify_request","request"],"type":"string"}},"required":["use"],"type":"object"},{"additionalProperties":false,"properties":{"add_headers":{"additionalProperties":false,"description":"Add HTTP headers","items":{"type":"string"},"type":"array"},"hide_headers":{"description":"Hide HTTP headers","items":{"$ref":"#/definitions/HTTPHeader"},"type":"array"},"set_headers":{"additionalProperties":false,"description":"Set HTTP headers","items":{"type":"string"},"type":"array"},"use":{"enum":["ModifyResponse","Response","modifyResponse","modify_response","response"],"type":"string"}},"required":["use"],"type":"object"},{"additionalProperties":false,"properties":{"allowed_groups":{"description":"Allowed groups","items":{"type":"string"},"minItems":1,"type":"array"},"allowed_users":{"description":"Allowed users","items":{"type":"string"},"minItems":1,"type":"array"},"use":{"enum":["OIDC","oidc"],"type":"string"}},"required":["use"],"type":"object"},{"additionalProperties":false,"properties":{"average":{"description":"Average number of requests allowed in a period","type":"number"},"burst":{"description":"Maximum number of requests allowed in a period","type":"number"},"period":{"$ref":"#/definitions/Duration","default":"1s","description":"Duration of the rate limit"},"use":{"enum":["RateLimit","rateLimit","rate_limit"],"type":"string"}},"required":["average","burst","use"],"type":"object"},{"additionalProperties":false,"properties":{"from":{"items":{"$ref":"#/definitions/CIDR"},"type":"array"},"header":{"$ref":"#/definitions/HTTPHeader","default":"X-Real-IP","description":"Header to get the client IP from"},"recursive":{"default":false,"description":"Recursive resolve the IP","type":"boolean"},"use":{"enum":["RealIP","realIP","real_ip"],"type":"string"}},"required":["from","use"],"type":"object"}]},"StatusCode":{"anyOf":[{"pattern":"^[0-9]$","type":"string"},{"type":"number"}]}},"items":{"$ref":"#/definitions/MiddlewareComposeMap"},"type":"array"}
		{"$schema":"http://json-schema.org/draft-07/schema#","definitions":{"CIDR":{"anyOf":[{"pattern":"^[0-9]\\.[0-9]\\.[0-9]\\.[0-9]$","type":"string"},{"pattern":"^.:.:.:.:.:.:.:.$","type":"string"},{"pattern":"^[0-9]\\.[0-9]\\.[0-9]\\.[0-9]/[0-9]$","type":"string"},{"pattern":"^::[0-9]$","type":"string"},{"pattern":"^.::/[0-9]$","type":"string"},{"pattern":"^.:.::/[0-9]$","type":"string"}]},"Duration":{"pattern":"^([0-9]+(ms\|s\|m\|h))+$","type":"string"},"HTTPHeader":{"description":"HTTP Header","pattern":"^[a-zA-Z0-9\\-]+$","type":"string"},"MiddlewareComposeMap":{"anyOf":[{"additionalProperties":false,"properties":{"use":{"enum":["CustomErrorPage","ErrorPage","customErrorPage","custom_error_page","errorPage","error_page"],"type":"string"}},"required":["use"],"type":"object"},{"additionalProperties":false,"properties":{"use":{"enum":["RedirectHTTP","redirectHTTP","redirect_http"],"type":"string"}},"required":["use"],"type":"object"},{"additionalProperties":false,"properties":{"use":{"enum":["SetXForwarded","setXForwarded","set_x_forwarded"],"type":"string"}},"required":["use"],"type":"object"},{"additionalProperties":false,"properties":{"use":{"enum":["HideXForwarded","hideXForwarded","hide_x_forwarded"],"type":"string"}},"required":["use"],"type":"object"},{"additionalProperties":false,"properties":{"allow":{"items":{"$ref":"#/definitions/CIDR"},"type":"array"},"message":{"default":"IP not allowed","description":"Error message when blocked","type":"string"},"status":{"$ref":"#/definitions/StatusCode","default":403,"description":"HTTP status code when blocked (alias of status_code)"},"status_code":{"$ref":"#/definitions/StatusCode","default":403,"description":"HTTP status code when blocked"},"use":{"enum":["CIDRWhitelist","cidrWhitelist","cidr_whitelist"],"type":"string"}},"required":["allow","use"],"type":"object"},{"additionalProperties":false,"properties":{"recursive":{"default":false,"description":"Recursively resolve the IP","type":"boolean"},"use":{"enum":["CloudflareRealIP","cloudflareRealIp","cloudflare_real_ip"],"type":"string"}},"required":["use"],"type":"object"},{"additionalProperties":false,"properties":{"add_headers":{"additionalProperties":false,"description":"Add HTTP headers","items":{"type":"string"},"type":"array"},"hide_headers":{"description":"Hide HTTP headers","items":{"$ref":"#/definitions/HTTPHeader"},"type":"array"},"set_headers":{"additionalProperties":false,"description":"Set HTTP headers","items":{"type":"string"},"type":"array"},"use":{"enum":["ModifyRequest","Request","modifyRequest","modify_request","request"],"type":"string"}},"required":["use"],"type":"object"},{"additionalProperties":false,"properties":{"add_headers":{"additionalProperties":false,"description":"Add HTTP headers","items":{"type":"string"},"type":"array"},"hide_headers":{"description":"Hide HTTP headers","items":{"$ref":"#/definitions/HTTPHeader"},"type":"array"},"set_headers":{"additionalProperties":false,"description":"Set HTTP headers","items":{"type":"string"},"type":"array"},"use":{"enum":["ModifyResponse","Response","modifyResponse","modify_response","response"],"type":"string"}},"required":["use"],"type":"object"},{"additionalProperties":false,"properties":{"allowed_groups":{"description":"Allowed groups","items":{"type":"string"},"minItems":1,"type":"array"},"allowed_users":{"description":"Allowed users","items":{"type":"string"},"minItems":1,"type":"array"},"use":{"enum":["OIDC","oidc"],"type":"string"}},"required":["use"],"type":"object"},{"additionalProperties":false,"properties":{"average":{"description":"Average number of requests allowed in a period","type":"number"},"burst":{"description":"Maximum number of requests allowed in a period","type":"number"},"period":{"$ref":"#/definitions/Duration","default":"1s","description":"Duration of the rate limit"},"use":{"enum":["RateLimit","rateLimit","rate_limit"],"type":"string"}},"required":["average","burst","use"],"type":"object"},{"additionalProperties":false,"properties":{"from":{"items":{"$ref":"#/definitions/CIDR"},"type":"array"},"header":{"$ref":"#/definitions/HTTPHeader","default":"X-Real-IP","description":"Header to get the client IP from"},"recursive":{"default":false,"description":"Recursive resolve the IP","type":"boolean"},"use":{"enum":["RealIP","realIP","real_ip"],"type":"string"}},"required":["from","use"],"type":"object"}]},"StatusCode":{"anyOf":[{"pattern":"^[0-9]$","type":"string"},{"type":"number"}]}},"items":{"$ref":"#/definitions/MiddlewareComposeMap"},"type":"array"}