Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

panic when trying modified example Caddyfile #4

Closed
csarn opened this issue Nov 14, 2021 · 4 comments
Closed

panic when trying modified example Caddyfile #4

csarn opened this issue Nov 14, 2021 · 4 comments

Comments

@csarn
Copy link

csarn commented Nov 14, 2021

I tried out running this with a modified caddyfile:

{
  http_port     8080
  admin off
  debug
}

*:8080 {
   @localhost host localhost
   handle @localhost {
     route /auth* {
       authp {
         crypto default token lifetime 3600
         crypto key sign-verify 0e2fdcf8-6868-41a7-884b-7308795fc286
         backends {
           local_backend {
             method local
             path users.json
             realm local
           }
         }
         ui {
           theme basic
         }
       }
    }

    route /* {
      authorize
      respond "auth"
    }
    route {
      redir http://{hostport}/auth 302
    }
  }
}

I downloaded caddy from the official homepage with your two plugins enabled (and with lego-deprecated, if that is important), and ran it.

When loading http://localhost:8080/auth in a browser, I get a login screen. But when loading http://localhost:8080, I get a panic: exception.txt

I need that different caddyfile structure because I want to use wildcard certificates.
Is there something I'm doing wrong or is this a bug in authp?
@greenpau
Copy link
Collaborator

@csarn , thank you for the issue. I will respond in full when I get off mobile. Meanwhile, please try this and see the diff.

{
  http_port     8080
  admin off
  debug
}

*:8080 {
   @localhost host localhost
   handle @localhost {
     route /auth* {
       authp {
         crypto default token lifetime 3600
         crypto key sign-verify 0e2fdcf8-6868-41a7-884b-7308795fc286
         backend local users.json local
         cookie insecure on
         # add user transform and add a link

ui {
				links {
					"My Website" / "las la-star"
					"My Identity" "/auth/whoami" icon "las la-star"
				}
			}
			transform user {
				match origin local
				action add role authp/user
			}
			transform user {
				match origin local
				match roles authp/user
				ui link "Portal Settings" /auth/settings icon "las la-code-branch"
			}

       }
    }

    route /* {
      authorize {
        primary yes
        crypto key verify 0e2fdcf8-6868-41a7-884b-7308795fc286
      }
      respond "auth"
    }
    route {
      redir http://{hostport}/auth 302
    }
  }
}

@csarn
Copy link
Author

csarn commented Nov 16, 2021

Thanks for the quick reply!
Your configuration didn't work out of the box, but I got it to work after some modification (modifying backend, ui links, adding acl):

{
  http_port     8080
  admin off
  debug
}

*:8080 {
   @localhost host localhost
   handle @localhost {
     route /auth* {
       authp {
         crypto default token lifetime 3600
         crypto key sign-verify 0e2fdcf8-6868-41a7-884b-7308795fc286
         backends {
         local_backend {
         method local
         path users.json
         realm local
         }
         }
         cookie insecure on
         # add user transform and add a link

ui {
                                links {
                                        "My Website" /
                                        "My Identity" "/auth/whoami"
                                }
                        }
                        transform user {
                                match origin local
                                action add role authp/user
                        }
                        transform user {
                                match origin local
                                match roles authp/user
                                ui link "Portal Settings" /auth/settings
                        }

       }
    }

    route /* {
      authorize {
        primary yes
	acl rule {
	 match roles authp/user
	allow stop counter log debug
	}
        crypto key verify 0e2fdcf8-6868-41a7-884b-7308795fc286
      }
      respond "auth"
    }
    route {
      redir http://{hostport}/auth 302
    }
  }
}

Is my first configuration still indicating a bug? I guess an error message would be better than a panic, so I'll leave this open :)

@greenpau
Copy link
Collaborator

Is my first configuration still indicating a bug? I guess an error message would be better than a panic, so I'll leave this open :)

I think this is the intended behavior. There is no way for the plugin instance to know if it is the only one in the config. Further, the plugin instance also does not know about any other parts of the config, because it is being isolated by design. Thus, the primary yes is necessary.

@greenpau
Copy link
Collaborator

@csarn , also use caddy fmt -overwrite path/to/Caddyfile to format your Caddyfiles.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@greenpau @csarn