1. The problem I’m having:
I need some ideas and guidance on basic user authentication. We use URLs like the one below
https://demo.example.com/login?secure-sign-in=7b0a5d94-840f-4e3f-a6b6-c2769e4ebf28
We want do the following:
1- Strip the secure-sign-in uuid token from the query string
2- Add the uuid to the header as x-secure-sign-in
3- Verify that the x-secure-sign-in meets the following regex (regex has been tested to be accurate and working)
^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[4][0-9a-fA-F]{3}-[89ABab][0-9a-fA-F]{3}-[0-9a-fA-F]{12}$
4- Serve a react project to the authenticated user
5- Serve an error to users who don’t have a proper uuid
When a user is authenticated, we track the x-secure-sign-in header and pass it along to track user interactions with elements of the page.
I’ve set up a small test, see the Caddyfile below, but it doesn’t seem to be working. Even when I pass a proper secure-sign-in uuid token in the URL, I still get 401 Unauthorized. I have doubled checked the regex, so we can confirm that isn’t causing it.
We are happy to use a different approach which can accomplish the same end goal.
Thank you in advance for your help!
2. Error messages and/or full log output:
3. Caddy version:
v2.7.5
4. How I installed and ran Caddy:
a. System environment:
Ubuntu 22.04 LTS on Linode
b. Command:
c. Service/unit/compose file:
d. My complete Caddy config:
demo.example.com {
# Match requests to /login with a query parameter
@captureQuery path /login
#rewrite @captureQuery /login
rewrite @captureQuery /login{uri}
# Set the captured query parameter as a header
header @captureQuery x-secure-sign-in {http.request.uri.query.secure-sign-in}
@uuid header_regexp x-secure-sign-in ^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[4][0-9a-fA-F]{3}-[89ABab][0-9a-fA-F]{3}-[0-9a-fA-F]{12}$
# Check the header for the UUID
handle @uuid {
# If the UUID matches
respond "YAY! Authorized"
}
# If the UUID doesn't match, respond with an error
handle {
# If the UUID doesn't matches
respond "Unauthorized access!" 401
}
}