diff --git a/internal/nodes/http_request_auth.go b/internal/nodes/http_request_auth.go index 4fc9609..b3b0149 100644 --- a/internal/nodes/http_request_auth.go +++ b/internal/nodes/http_request_auth.go @@ -19,7 +19,10 @@ func (this *HTTPRequest) doAuth() (shouldStop bool) { if !ref.IsOn || ref.AuthPolicy == nil || !ref.AuthPolicy.IsOn { continue } - b, err := ref.AuthPolicy.Filter(this.RawReq, func(subReq *http.Request) (status int, err error) { + if !ref.AuthPolicy.MatchRequest(this.RawReq) { + continue + } + ok, newURI, uriChanged, err := ref.AuthPolicy.Filter(this.RawReq, func(subReq *http.Request) (status int, err error) { subReq.TLS = this.RawReq.TLS subReq.RemoteAddr = this.RawReq.RemoteAddr subReq.Host = this.RawReq.Host @@ -36,24 +39,31 @@ func (this *HTTPRequest) doAuth() (shouldStop bool) { this.write50x(err, http.StatusInternalServerError, "Failed to execute the AuthPolicy", "认证策略执行失败", false) return } - if b { + if ok { + if uriChanged { + this.uri = newURI + } return } else { + // Basic Auth比较特殊 if ref.AuthPolicy.Type == serverconfigs.HTTPAuthTypeBasicAuth { - var method = ref.AuthPolicy.Method().(*serverconfigs.HTTPAuthBasicMethod) - var headerValue = "Basic realm=\"" - if len(method.Realm) > 0 { - headerValue += method.Realm - } else { - headerValue += this.ReqHost + method, ok := ref.AuthPolicy.Method().(*serverconfigs.HTTPAuthBasicMethod) + if ok { + var headerValue = "Basic realm=\"" + if len(method.Realm) > 0 { + headerValue += method.Realm + } else { + headerValue += this.ReqHost + } + headerValue += "\"" + if len(method.Charset) > 0 { + headerValue += ", charset=\"" + method.Charset + "\"" + } + this.writer.Header()["WWW-Authenticate"] = []string{headerValue} } - headerValue += "\"" - if len(method.Charset) > 0 { - headerValue += ", charset=\"" + method.Charset + "\"" - } - this.writer.Header()["WWW-Authenticate"] = []string{headerValue} } this.writer.WriteHeader(http.StatusUnauthorized) + this.tags = append(this.tags, ref.AuthPolicy.Type) return true } }