search

authcrunch / authcrunch.github.io

Documentation for Caddy v2 Auth Portal and Authorize Plugins.
79 stars 32 forks source link

panic when trying modified example Caddyfile #4

Closed csarn closed 2 years ago

csarn commented 2 years ago

I tried out running this with a modified caddyfile:

{
  http_port     8080
  admin off
  debug
}

*:8080 {
   @localhost host localhost
   handle @localhost {
     route /auth* {
       authp {
         crypto default token lifetime 3600
         crypto key sign-verify 0e2fdcf8-6868-41a7-884b-7308795fc286
         backends {
           local_backend {
             method local
             path users.json
             realm local
           }
         }
         ui {
           theme basic
         }
       }
    }

    route /* {
      authorize
      respond "auth"
    }
    route {
      redir http://{hostport}/auth 302
    }
  }
}

I downloaded caddy from the official homepage with your two plugins enabled (and with lego-deprecated, if that is important), and ran it.

When loading http://localhost:8080/auth in a browser, I get a login screen. But when loading http://localhost:8080, I get a panic: exception.txt

I need that different caddyfile structure because I want to use wildcard certificates. Is there something I'm doing wrong or is this a bug in authp?

greenpau commented 2 years ago

@csarn , thank you for the issue. I will respond in full when I get off mobile. Meanwhile, please try this and see the diff.

{
  http_port     8080
  admin off
  debug
}

*:8080 {
   @localhost host localhost
   handle @localhost {
     route /auth* {
       authp {
         crypto default token lifetime 3600
         crypto key sign-verify 0e2fdcf8-6868-41a7-884b-7308795fc286
         backend local users.json local
         cookie insecure on
         # add user transform and add a link

ui {
                links {
                    "My Website" / "las la-star"
                    "My Identity" "/auth/whoami" icon "las la-star"
                }
            }
            transform user {
                match origin local
                action add role authp/user
            }
            transform user {
                match origin local
                match roles authp/user
                ui link "Portal Settings" /auth/settings icon "las la-code-branch"
            }

       }
    }

    route /* {
      authorize {
        primary yes
        crypto key verify 0e2fdcf8-6868-41a7-884b-7308795fc286
      }
      respond "auth"
    }
    route {
      redir http://{hostport}/auth 302
    }
  }
}
csarn commented 2 years ago

Thanks for the quick reply! Your configuration didn't work out of the box, but I got it to work after some modification (modifying backend, ui links, adding acl):

{
  http_port     8080
  admin off
  debug
}

*:8080 {
   @localhost host localhost
   handle @localhost {
     route /auth* {
       authp {
         crypto default token lifetime 3600
         crypto key sign-verify 0e2fdcf8-6868-41a7-884b-7308795fc286
         backends {
         local_backend {
         method local
         path users.json
         realm local
         }
         }
         cookie insecure on
         # add user transform and add a link

ui {
                                links {
                                        "My Website" /
                                        "My Identity" "/auth/whoami"
                                }
                        }
                        transform user {
                                match origin local
                                action add role authp/user
                        }
                        transform user {
                                match origin local
                                match roles authp/user
                                ui link "Portal Settings" /auth/settings
                        }

       }
    }

    route /* {
      authorize {
        primary yes
    acl rule {
     match roles authp/user
    allow stop counter log debug
    }
        crypto key verify 0e2fdcf8-6868-41a7-884b-7308795fc286
      }
      respond "auth"
    }
    route {
      redir http://{hostport}/auth 302
    }
  }
}

Is my first configuration still indicating a bug? I guess an error message would be better than a panic, so I'll leave this open :)

greenpau commented 2 years ago

Is my first configuration still indicating a bug? I guess an error message would be better than a panic, so I'll leave this open :)

I think this is the intended behavior. There is no way for the plugin instance to know if it is the only one in the config. Further, the plugin instance also does not know about any other parts of the config, because it is being isolated by design. Thus, the primary yes is necessary.

greenpau commented 2 years ago

@csarn , also use caddy fmt -overwrite path/to/Caddyfile to format your Caddyfiles.