new auth provider: reject by HTTP reverse proxy

Snawoot · Snawoot · commit bb55e6abd1ef · 2025-11-14T15:47:25.000+02:00
diff --git a/auth/auth.go b/auth/auth.go
@@ -36,6 +36,8 @@ func NewAuth(paramstr string, logger *clog.CondLogger) (Auth, error) {
 		return NewRedisAuth(url, true, logger)
 	case "none":
 		return NoAuth{}, nil
+	case "reject-http", "reject-https":
+		return NewRejectHTTPAuth(url, logger)
 	default:
 		return nil, errors.New("Unknown auth scheme")
 	}
diff --git a/auth/rejecthttp.go b/auth/rejecthttp.go
@@ -0,0 +1,55 @@
+package auth
+
+import (
+	"context"
+	"net/http"
+	"net/http/httputil"
+	"net/url"
+	"strings"
+
+	clog "github.com/SenseUnit/dumbproxy/log"
+)
+
+type RejectHTTPAuth struct {
+	proxy *httputil.ReverseProxy
+}
+
+func NewRejectHTTPAuth(u *url.URL, logger *clog.CondLogger) (*RejectHTTPAuth, error) {
+	values, err := url.ParseQuery(u.RawQuery)
+	if err != nil {
+		return nil, err
+	}
+	scheme, _ := strings.CutPrefix(strings.ToLower(u.Scheme), "reject-")
+	target := &url.URL{
+		Scheme: scheme,
+		User: u.User,
+		Host: u.Host,
+		Path: u.Path,
+		RawPath: u.RawPath,
+		RawQuery: values.Get("qs"),
+	}
+	method := values.Get("method")
+	return &RejectHTTPAuth{
+		proxy: &httputil.ReverseProxy{
+			Rewrite: func(r *httputil.ProxyRequest) {
+				r.Out.URL = target
+				r.Out.Host = ""
+				if method != "" {
+					r.Out.Method = method
+				}
+			},
+		},
+	}, nil
+}
+
+func (a *RejectHTTPAuth) Validate(ctx context.Context, w http.ResponseWriter, r *http.Request) (string, bool) {
+	r = r.Clone(ctx)
+	a.proxy.ServeHTTP(w, r)
+	return "", false
+}
+
+func (_ *RejectHTTPAuth) Valid(_, _, _ string) bool {
+	return false
+}
+
+func (_ *RejectHTTPAuth) Stop() {}

Original file line number	Diff line number	Diff line change
`@@ -36,6 +36,8 @@ func NewAuth(paramstr string, logger *clog.CondLogger) (Auth, error) {`
`36`	`36`	`return NewRedisAuth(url, true, logger)`
`37`	`37`	`case "none":`
`38`	`38`	`return NoAuth{}, nil`
	`39`	`+ case "reject-http", "reject-https":`
	`40`	`+ return NewRejectHTTPAuth(url, logger)`
`39`	`41`	`default:`
`40`	`42`	`return nil, errors.New("Unknown auth scheme")`
`41`	`43`	`}`