www/caddy: Allow access lists in handlers

Monviech commented 2 months ago

Fixes: https://github.com/opnsense/plugins/issues/4223

Details:

When no access list in a handler is chosen, it will render without as before
If an access list is chosen, it will render inside the path handler, kinda like the forward auth directive. This prevents further processing if IPs have been matched.

There is an additional bug fix in here that fixes a typo that prevented inverted access lists being rendered correctly. If nobody tests this I will extract the bugfix and merge it in a separate PR.

EDIT:

The whole access list feature has been rewritten to be simpler and the same in the whole template

Monviech commented 2 months ago

@fichtner Thank you but this needs some more work. If this gets implemented I want the access lists to behave the same at all spots and all use the same macro.

For that I need to adjust a few more spots.

Monviech commented 2 months ago

Okay I'm pretty much done here. I kinda want to ship this since it cleans up a lot more logic than I anticipated.

https://caddy.community/t/reverse-proxy-using-ufw-to-block-traffic/22198/7

This was the example for the logic, just rendered a tiny bit different in this PR due to the way the template works.

opnsense / plugins

www/caddy: Allow access lists in handlers #4245