generated from traefik/plugindemo
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #1 from RiskIdent/op-2637/add-tls-cipher-header
Add TLS Cipher header
- Loading branch information
Showing
17 changed files
with
273 additions
and
359 deletions.
There are no files selected for viewing
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Validating CODEOWNERS rules …
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,5 @@ | ||
| # SPDX-FileCopyrightText: 2024 Risk.Ident GmbH <[email protected]> | ||
| # | ||
| # SPDX-License-Identifier: CC0-1.0 | ||
|
|
||
| * @RiskIdent/platform |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,12 +1,12 @@ | ||
| displayName: Demo Plugin | ||
| displayName: TLS headers | ||
| type: middleware | ||
| iconPath: .assets/icon.png | ||
|
|
||
| import: github.com/traefik/plugindemo | ||
| import: github.com/RiskIdent/traefik-tls-headers-plugin | ||
| basePkg: plugin | ||
|
|
||
| summary: '[Demo] Add Request Header' | ||
| summary: 'Add TLS information to request headers' | ||
|
|
||
| testData: | ||
| Headers: | ||
| X-Demo: test | ||
| X-URL: '{{URL}}' | ||
| headers: | ||
| cipher: X-Tls-Cipher |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,8 @@ | ||
| ARG TRAEFIK_VERSION=v3.0.0 | ||
| ARG BASE_IMAGE=docker.io/traefik:${TRAEFIK_VERSION} | ||
| FROM ${BASE_IMAGE} | ||
|
|
||
| COPY testconfig/traefik.yml /etc/traefik/traefik.yml | ||
| COPY testconfig/dynamic.yml /etc/traefik/dynamic.yml | ||
|
|
||
| COPY . plugins-local/src/github.com/RiskIdent/traefik-tls-headers-plugin |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,3 +1,3 @@ | ||
| module github.com/traefik/plugindemo | ||
| module github.com/RiskIdent/traefik-tls-headers-plugin | ||
|
|
||
| go 1.19 | ||
| go 1.22.5 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,57 @@ | ||
| // Package plugin contains the Traefik plugin for adding headers based on the | ||
| // TLS information | ||
| package plugin | ||
|
|
||
| import ( | ||
| "context" | ||
| "crypto/tls" | ||
| "errors" | ||
| "net/http" | ||
| ) | ||
|
|
||
| var errMissingHeaderConfig = errors.New("missing header config: must set headers.cipher") | ||
|
|
||
| // Config the plugin configuration. | ||
| type Config struct { | ||
| Headers ConfigHeaders `json:"headers,omitempty"` | ||
| } | ||
|
|
||
| // ConfigHeaders defines the headers to use for the different values. | ||
| type ConfigHeaders struct { | ||
| Cipher string `json:"cipher,omitempty"` | ||
| } | ||
|
|
||
| // CreateConfig creates the default plugin configuration. | ||
| func CreateConfig() *Config { | ||
| return &Config{ | ||
| Headers: ConfigHeaders{}, | ||
| } | ||
| } | ||
|
|
||
| // TLSHeadersPlugin is the main handler model for this Traefik plugin. | ||
| type TLSHeadersPlugin struct { | ||
| next http.Handler | ||
| headers ConfigHeaders | ||
| name string | ||
| } | ||
|
|
||
| // New created a new TLSHeadersPlugin. | ||
| func New(_ context.Context, next http.Handler, config *Config, name string) (http.Handler, error) { | ||
| if config.Headers == (ConfigHeaders{}) { | ||
| return nil, errMissingHeaderConfig | ||
| } | ||
|
|
||
| return &TLSHeadersPlugin{ | ||
| headers: config.Headers, | ||
| next: next, | ||
| name: name, | ||
| }, nil | ||
| } | ||
|
|
||
| func (a *TLSHeadersPlugin) ServeHTTP(rw http.ResponseWriter, req *http.Request) { | ||
| if a.headers.Cipher != "" && req.TLS != nil { | ||
| req.Header.Set(a.headers.Cipher, tls.CipherSuiteName(req.TLS.CipherSuite)) | ||
| } | ||
|
|
||
| a.next.ServeHTTP(rw, req) | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,58 @@ | ||
| package plugin | ||
|
|
||
| import ( | ||
| "context" | ||
| "io" | ||
| "net/http" | ||
| "net/http/httptest" | ||
| "testing" | ||
| ) | ||
|
|
||
| func TestInvalidConfig(t *testing.T) { | ||
| cfg := CreateConfig() | ||
| next := http.HandlerFunc(func(http.ResponseWriter, *http.Request) {}) | ||
| _, err := New(context.Background(), next, cfg, "traefik-tls-headers-plugin") | ||
| if err == nil { | ||
| t.Fatal("expected error") | ||
| } | ||
| } | ||
|
|
||
| func TestTLSCipher(t *testing.T) { | ||
| cfg := CreateConfig() | ||
| cfg.Headers.Cipher = "X-Tls-Cipher" | ||
| next := http.HandlerFunc(func(_ http.ResponseWriter, r *http.Request) { | ||
| assertHeader(t, r.Header, "X-Tls-Cipher", "TLS_AES_128_GCM_SHA256") | ||
| }) | ||
| handler, err := New(context.Background(), next, cfg, "traefik-tls-headers-plugin") | ||
| if err != nil { | ||
| t.Fatal(err) | ||
| } | ||
|
|
||
| server := httptest.NewTLSServer(handler) | ||
| defer server.Close() | ||
|
|
||
| req, err := http.NewRequest(http.MethodGet, server.URL, nil) | ||
| if err != nil { | ||
| t.Fatal(err) | ||
| } | ||
|
|
||
| client := server.Client() | ||
| resp, err := client.Do(req) | ||
| if err != nil { | ||
| t.Fatal(err) | ||
| } | ||
| defer func(Body io.ReadCloser) { | ||
| err := Body.Close() | ||
| if err != nil { | ||
| t.Fatal(err) | ||
| } | ||
| }(resp.Body) | ||
| } | ||
|
|
||
| func assertHeader(t *testing.T, header http.Header, key, expected string) { | ||
| t.Helper() | ||
|
|
||
| if header.Get(key) != expected { | ||
| t.Errorf("invalid header value\nwant: %s=%q\ngot: %s=%q", key, expected, key, header.Get(key)) | ||
| } | ||
| } |
Oops, something went wrong.