Mirrors/wireguard_webadmin
1
0
Fork 0
mirror of https://github.com/eduardogsilva/wireguard_webadmin.git synced 2026-03-17 22:36:17 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

add allow_invalid_cert field to application model and update related forms and config processing

Browse Source
This commit is contained in:
Eduardo Silva
2026-03-16 14:27:03 -03:00
parent c707d278f3
commit 5cadfba3b7
5 changed files with 38 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
app_gateway/caddy_config_export.py
View File

@@ -26,6 +26,7 @@ def build_applications_data():
'name': app.display_name or app.name, 'name': app.display_name or app.name,
'hosts': list(app.hosts.values_list('hostname', flat=True)), 'hosts': list(app.hosts.values_list('hostname', flat=True)),
'upstream': app.upstream, 'upstream': app.upstream,
'allow_invalid_cert': app.allow_invalid_cert,
} }
entries.append(entry) entries.append(entry)
return {'entries': entries} return {'entries': entries}

4
app_gateway/forms.py
View File

@@ -13,11 +13,12 @@ from app_gateway.models import (
class ApplicationForm(forms.ModelForm): class ApplicationForm(forms.ModelForm):
class Meta: class Meta:
model = Application model = Application
fields = ['name', 'display_name', 'upstream'] fields = ['name', 'display_name', 'upstream', 'allow_invalid_cert']
labels = { labels = {
'name': _('Name'), 'name': _('Name'),
'display_name': _('Display Name'), 'display_name': _('Display Name'),
'upstream': _('Upstream'), 'upstream': _('Upstream'),
'allow_invalid_cert': _('Allow invalid/self-signed certificate'),
} }
def __init__(self, *args, **kwargs): def __init__(self, *args, **kwargs):
@@ -33,6 +34,7 @@ class ApplicationForm(forms.ModelForm):
), ),
Div( Div(
Div('upstream', css_class='col-md-12'), Div('upstream', css_class='col-md-12'),
Div('allow_invalid_cert', css_class='col-md-12'),
css_class='row' css_class='row'
), ),
Div( Div(

16
app_gateway/migrations/0007_application_allow_invalid_cert.py Normal file
View File

@@ -0,0 +1,16 @@
from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
('app_gateway', '0006_alter_accesspolicy_policy_type'),
]
operations = [
migrations.AddField(
model_name='application',
name='allow_invalid_cert',
field=models.BooleanField(default=False, help_text='Allow invalid or self-signed TLS certificates from the upstream'),
),
]

1
app_gateway/models.py
View File

@@ -10,6 +10,7 @@ class Application(models.Model):
name = models.SlugField(max_length=64, unique=True) name = models.SlugField(max_length=64, unique=True)
display_name = models.CharField(max_length=128, blank=True) display_name = models.CharField(max_length=128, blank=True)
upstream = models.CharField(max_length=255, help_text=_("Upstream address, e.g.: http://10.188.18.27:3000")) upstream = models.CharField(max_length=255, help_text=_("Upstream address, e.g.: http://10.188.18.27:3000"))
allow_invalid_cert = models.BooleanField(default=False, help_text=_("Allow invalid or self-signed TLS certificates from the upstream"))
created = models.DateTimeField(auto_now_add=True) created = models.DateTimeField(auto_now_add=True)
updated = models.DateTimeField(auto_now=True) updated = models.DateTimeField(auto_now=True)

26
containers/caddy/process_config.py
View File

@@ -74,24 +74,32 @@ def build_caddyfile(apps, auth_policies, routes):
return " handle {" return " handle {"
return f" handle {matcher} {{" return f" handle {matcher} {{"
def emit_reverse_proxy(base, upstream_path, indent=" "): def emit_reverse_proxy(base, upstream_path, indent=" ", allow_invalid_cert=False):
if upstream_path: if upstream_path:
lines.append(f"{indent}rewrite * {upstream_path}{{uri}}") lines.append(f"{indent}rewrite * {upstream_path}{{uri}}")
lines.append(f"{indent}reverse_proxy {base}") if allow_invalid_cert:
lines.append(f"{indent}reverse_proxy {base} {{")
lines.append(f"{indent} transport http {{")
lines.append(f"{indent} tls_insecure_skip_verify")
lines.append(f"{indent} }}")
lines.append(f"{indent}}}")
else:
lines.append(f"{indent}reverse_proxy {base}")
def emit_protected_handle(path_matcher, base, upstream_path): def emit_protected_handle(path_matcher, base, upstream_path, allow_invalid_cert=False):
lines.append(handle_open(path_matcher)) lines.append(handle_open(path_matcher))
lines.append(f" forward_auth {AUTH_GATEWAY_INTERNAL_URL} {{") lines.append(f" forward_auth {AUTH_GATEWAY_INTERNAL_URL} {{")
lines.append(f" uri {AUTH_GATEWAY_CHECK_URI}") lines.append(f" uri {AUTH_GATEWAY_CHECK_URI}")
lines.append(" copy_headers X-Auth-User X-Auth-Email X-Auth-Groups X-Auth-Factors X-Auth-Policy") lines.append(" copy_headers X-Auth-User X-Auth-Email X-Auth-Groups X-Auth-Factors X-Auth-Policy")
lines.append(" }") lines.append(" }")
emit_reverse_proxy(base, upstream_path) emit_reverse_proxy(base, upstream_path, allow_invalid_cert=allow_invalid_cert)
lines.append(" }") lines.append(" }")
lines.append("") lines.append("")
for app in apps: for app in apps:
hosts = app.get("hosts", []) hosts = app.get("hosts", [])
upstream = app.get("upstream", "") upstream = app.get("upstream", "")
allow_invalid_cert = app.get("allow_invalid_cert", False)
static_routes = app.get("static_routes", []) static_routes = app.get("static_routes", [])
app_id = app.get("id", "") app_id = app.get("id", "")
@@ -117,7 +125,7 @@ def build_caddyfile(apps, auth_policies, routes):
app_route_data = route_entries.get(app_id) app_route_data = route_entries.get(app_id)
if app_route_data is None: if app_route_data is None:
emit_reverse_proxy(base, upstream_path, indent=" ") emit_reverse_proxy(base, upstream_path, indent=" ", allow_invalid_cert=allow_invalid_cert)
lines.append("}") lines.append("}")
lines.append("") lines.append("")
continue continue
@@ -129,7 +137,7 @@ def build_caddyfile(apps, auth_policies, routes):
matcher = f"{path_prefix}*" matcher = f"{path_prefix}*"
if policy_type == "bypass": if policy_type == "bypass":
lines.append(handle_open(matcher)) lines.append(handle_open(matcher))
emit_reverse_proxy(base, upstream_path) emit_reverse_proxy(base, upstream_path, allow_invalid_cert=allow_invalid_cert)
lines.append(" }") lines.append(" }")
lines.append("") lines.append("")
elif policy_type == "deny": elif policy_type == "deny":
@@ -138,15 +146,15 @@ def build_caddyfile(apps, auth_policies, routes):
lines.append(" }") lines.append(" }")
lines.append("") lines.append("")
else: else:
emit_protected_handle(matcher, base, upstream_path) emit_protected_handle(matcher, base, upstream_path, allow_invalid_cert=allow_invalid_cert)
default_policy_type = get_policy_type(app_route_data.get("default_policy")) default_policy_type = get_policy_type(app_route_data.get("default_policy"))
if default_policy_type == "bypass": if default_policy_type == "bypass":
emit_reverse_proxy(base, upstream_path, indent=" ") emit_reverse_proxy(base, upstream_path, indent=" ", allow_invalid_cert=allow_invalid_cert)
elif default_policy_type == "deny": elif default_policy_type == "deny":
lines.append(" respond 403") lines.append(" respond 403")
else: else:
emit_protected_handle("*", base, upstream_path) emit_protected_handle("*", base, upstream_path, allow_invalid_cert=allow_invalid_cert)
lines.append("}") lines.append("}")
lines.append("") lines.append("")