Send request body to authorization server for forward auth

2024-12-12 18:18:05 +09:00 · 2024-12-12 18:18:05 +09:00 · 26738cbf93
commit 26738cbf93
parent b1934231ca
20 changed files with 411 additions and 38 deletions
--- a/pkg/config/dynamic/http_config.go
+++ b/pkg/config/dynamic/http_config.go
@ -21,6 +21,11 @@ const (

 	// DefaultFlushInterval is the default value for the ResponseForwarding flush interval.
 	DefaultFlushInterval = ptypes.Duration(100 * time.Millisecond)
+
+	// MirroringDefaultMirrorBody is the Mirroring.MirrorBody option default value.
+	MirroringDefaultMirrorBody = true
+	// MirroringDefaultMaxBodySize is the Mirroring.MaxBodySize option default value.
+	MirroringDefaultMaxBodySize int64 = -1
 )

 // +k8s:deepcopy-gen=true
@ -100,9 +105,9 @@ type Mirroring struct {

 // SetDefaults Default values for a WRRService.
 func (m *Mirroring) SetDefaults() {
-	defaultMirrorBody := true
+	defaultMirrorBody := MirroringDefaultMirrorBody
 	m.MirrorBody = &defaultMirrorBody
-	var defaultMaxBodySize int64 = -1
+	defaultMaxBodySize := MirroringDefaultMaxBodySize
 	m.MaxBodySize = &defaultMaxBodySize
 }

--- a/pkg/config/dynamic/middlewares.go
+++ b/pkg/config/dynamic/middlewares.go
@ -9,6 +9,9 @@ import (
 	"github.com/traefik/traefik/v3/pkg/ip"
 )

+// ForwardAuthDefaultMaxBodySize is the ForwardAuth.MaxBodySize option default value.
+const ForwardAuthDefaultMaxBodySize int64 = -1
+
 // +k8s:deepcopy-gen=true

 // Middleware holds the Middleware configuration.
@ -251,6 +254,15 @@ type ForwardAuth struct {
 	// HeaderField defines a header field to store the authenticated user.
 	// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/forwardauth/#headerfield
 	HeaderField string `json:"headerField,omitempty" toml:"headerField,omitempty" yaml:"headerField,omitempty" export:"true"`
+	// ForwardBody defines whether to send the request body to the authentication server.
+	ForwardBody bool `json:"forwardBody,omitempty" toml:"forwardBody,omitempty" yaml:"forwardBody,omitempty" export:"true"`
+	// MaxBodySize defines the maximum body size in bytes allowed to be forwarded to the authentication server.
+	MaxBodySize *int64 `json:"maxBodySize,omitempty" toml:"maxBodySize,omitempty" yaml:"maxBodySize,omitempty" export:"true"`
+}
+
+func (f *ForwardAuth) SetDefaults() {
+	defaultMaxBodySize := ForwardAuthDefaultMaxBodySize
+	f.MaxBodySize = &defaultMaxBodySize
 }

 // +k8s:deepcopy-gen=true
--- a/pkg/config/dynamic/zz_generated.deepcopy.go
+++ b/pkg/config/dynamic/zz_generated.deepcopy.go
@ -370,6 +370,11 @@ func (in *ForwardAuth) DeepCopyInto(out *ForwardAuth) {
 		*out = make([]string, len(*in))
 		copy(*out, *in)
 	}
+	if in.MaxBodySize != nil {
+		in, out := &in.MaxBodySize, &out.MaxBodySize
+		*out = new(int64)
+		**out = **in
+	}
 	return
 }