From 9941706b73a7df4d9ea6d921cb663cf9bb63f5fa Mon Sep 17 00:00:00 2001
From: bel <bel@bel.bel>
Date: Sun, 10 Mar 2024 09:51:29 -0600
Subject: [PATCH 1/4] trivial

---
 server/server.go | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/server/server.go b/server/server.go
index a2579b2..a00cbe6 100755
--- a/server/server.go
+++ b/server/server.go
@@ -8,11 +8,6 @@ import (
 	"errors"
 	"fmt"
 	"io"
-	"gogs.inhome.blapointe.com/local/logb"
-	"gogs.inhome.blapointe.com/local/oauth2/oauth2client"
-	"gogs.inhome.blapointe.com/local/rproxy3/config"
-	"gogs.inhome.blapointe.com/local/rproxy3/storage"
-	"gogs.inhome.blapointe.com/local/rproxy3/storage/packable"
 	"log"
 	"net"
 	"net/http"
@@ -22,6 +17,12 @@ import (
 	"strings"
 	"time"
 
+	"gogs.inhome.blapointe.com/local/logb"
+	"gogs.inhome.blapointe.com/local/oauth2/oauth2client"
+	"gogs.inhome.blapointe.com/local/rproxy3/config"
+	"gogs.inhome.blapointe.com/local/rproxy3/storage"
+	"gogs.inhome.blapointe.com/local/rproxy3/storage/packable"
+
 	"github.com/google/uuid"
 	"golang.org/x/time/rate"
 )
@@ -211,7 +212,8 @@ func (s *Server) doBOAuthZ(foo http.HandlerFunc) http.HandlerFunc {
 		if ok {
 			usr, pwd, ok := r.BasicAuth()
 			if !ok || rusr != usr || rpwd != pwd {
-				w.WriteHeader(http.StatusUnauthorized)
+				w.Header().Set("WWW-Authenticate", "Basic")
+				w.WriteHeader(403)
 				log.Printf("denying proxy basic auth")
 				return
 			}
@@ -224,6 +226,7 @@ func (s *Server) doBOAuthZ(foo http.HandlerFunc) http.HandlerFunc {
 		if url, exists := config.GetBOAuthZ(); ok && exists {
 			err := oauth2client.Authenticate(url, key, w, r)
 			if err != nil {
+				log.Printf("failed proxy oauth2: %v", err)
 				return
 			}
 		}

From fb6d7af6d3d7cdd8422d3d78fb59ff9682ea146f Mon Sep 17 00:00:00 2001
From: bel <bel@bel.bel>
Date: Sun, 10 Mar 2024 09:54:05 -0600
Subject: [PATCH 2/4] from gogs to gitea

---
 config/new.go         |  4 ++--
 go.mod                |  8 ++++----
 go.sum                | 16 ++++++++--------
 main.go               |  4 ++--
 server/new.go         |  4 ++--
 server/proxy.go       |  4 ++--
 server/routes.go      |  2 +-
 server/server.go      | 10 +++++-----
 server/server_test.go |  5 +++--
 storage/db.go         |  2 +-
 storage/db_test.go    |  2 +-
 storage/map.go        |  2 +-
 12 files changed, 32 insertions(+), 31 deletions(-)

diff --git a/config/new.go b/config/new.go
index 9cfdd67..86b3506 100755
--- a/config/new.go
+++ b/config/new.go
@@ -2,8 +2,8 @@ package config
 
 import (
 	"fmt"
-	"gogs.inhome.blapointe.com/local/args"
-	"gogs.inhome.blapointe.com/local/logb"
+	"gitea.inhome.blapointe.com/local/args"
+	"gitea.inhome.blapointe.com/local/logb"
 	"log"
 	"os"
 	"strings"
diff --git a/go.mod b/go.mod
index 5bba004..4a58970 100644
--- a/go.mod
+++ b/go.mod
@@ -1,12 +1,12 @@
-module gogs.inhome.blapointe.com/local/rproxy3
+module gitea.inhome.blapointe.com/local/rproxy3
 
 go 1.18
 
 require (
+	gitea.inhome.blapointe.com/local/args v0.0.0-20240109214601-658deda479a4
+	gitea.inhome.blapointe.com/local/logb v0.0.0-20231109150430-1221d87a6dbc
+	gitea.inhome.blapointe.com/local/oauth2 v0.0.0-20240109220403-8897142866f1
 	github.com/google/uuid v1.3.0
-	gogs.inhome.blapointe.com/local/args v0.0.0-20230410154220-44370f257b34
-	gogs.inhome.blapointe.com/local/logb v0.0.0-20230410154319-880efa39d871
-	gogs.inhome.blapointe.com/local/oauth2 v0.0.0-20230410162733-d39498ff8454
 	golang.org/x/time v0.1.0
 )
 
diff --git a/go.sum b/go.sum
index 08a5d57..619a384 100644
--- a/go.sum
+++ b/go.sum
@@ -1,5 +1,13 @@
 bazil.org/fuse v0.0.0-20180421153158-65cc252bf669/go.mod h1:Xbm+BRKSBEpa4q4hTSxohYNQpsxXPbPry4JJWOB3LB8=
 cloud.google.com/go v0.33.1/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
+gitea.inhome.blapointe.com/local/args v0.0.0-20240109214601-658deda479a4 h1:4qBHjKAiEwRV1A1tN1JK6PsLV1+UwESXKrjGqfCCdNk=
+gitea.inhome.blapointe.com/local/args v0.0.0-20240109214601-658deda479a4/go.mod h1:SqCOE3bE3wvrztVIQGHuyxHKfDjRKU9EWhBdkmkiwyc=
+gitea.inhome.blapointe.com/local/logb v0.0.0-20231109150430-1221d87a6dbc h1:u3akQkq12V8xWXlcDgjZxIK6hqo6f1eHd9KOxAKMoKc=
+gitea.inhome.blapointe.com/local/logb v0.0.0-20231109150430-1221d87a6dbc/go.mod h1:KwilawX4UgD4HxSJAVFEzkuckrnHeQrd49KwUX6GpYU=
+gitea.inhome.blapointe.com/local/oauth2 v0.0.0-20240109220403-8897142866f1 h1:GO2/M+5a5i4FqiOnG6hq73nITDv2Rf8oTF973RsYQgo=
+gitea.inhome.blapointe.com/local/oauth2 v0.0.0-20240109220403-8897142866f1/go.mod h1:XvS1/YJqCL+HoLo76dSLTjRYR+4Hfg4srhEVhMK3L8E=
+gitea.inhome.blapointe.com/local/router v0.0.0-20231109150317-e6b81bf7c23c/go.mod h1:xYz/cn236KTBSWNQ9bqCyBmy8aQ7VL95pDDJmeupmN4=
+gitea.inhome.blapointe.com/local/storage v0.0.0-20231109151605-736d446d407d/go.mod h1:TRK5z/XTT6jws++Q21Y8DQot+5vZGTNeHf+RjuY8aQk=
 github.com/Azure/azure-pipeline-go v0.1.8/go.mod h1:XA1kFWRVhSK+KNFiOhfv83Fv8L9achrP7OxIzeTn1Yg=
 github.com/Azure/azure-storage-blob-go v0.0.0-20181023070848-cf01652132cc/go.mod h1:oGfmITT1V6x//CswqY2gtAHND+xIP64/qL7a5QJix0Y=
 github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8=
@@ -139,14 +147,6 @@ github.com/xdg-go/stringprep v1.0.2/go.mod h1:8F9zXuvzgwmyT5DUm4GUfZGDdT3W+LCvS6
 github.com/youmark/pkcs8 v0.0.0-20181117223130-1be2e3e5546d/go.mod h1:rHwXgn7JulP+udvsHwJoVG1YGAP6VLg4y9I5dyZdqmA=
 github.com/yunify/qingstor-sdk-go v2.2.15+incompatible/go.mod h1:w6wqLDQ5bBTzxGJ55581UrSwLrsTAsdo9N6yX/8d9RY=
 go.mongodb.org/mongo-driver v1.7.2/go.mod h1:Q4oFMbo1+MSNqICAdYMlC/zSTrwCogR4R8NzkI+yfU8=
-gogs.inhome.blapointe.com/local/args v0.0.0-20230410154220-44370f257b34 h1:0tuX5dfOksiOQD1vbJjVNVTVxTTIng7UrUdSLF5T+Ao=
-gogs.inhome.blapointe.com/local/args v0.0.0-20230410154220-44370f257b34/go.mod h1:YG9n3Clg7683ohkVnJK2hdX8bBS9EojIsd1qPZumX0Y=
-gogs.inhome.blapointe.com/local/logb v0.0.0-20230410154319-880efa39d871 h1:cMGPiwvK/QGg4TfW8VasO6SsS/O7UQmwyKDErV/ozoA=
-gogs.inhome.blapointe.com/local/logb v0.0.0-20230410154319-880efa39d871/go.mod h1:E0pLNvMLzY0Kth1W078y+06z1AUyVMWnChMpRFf4w2Q=
-gogs.inhome.blapointe.com/local/oauth2 v0.0.0-20230410162733-d39498ff8454 h1:U8gUhe9E97/uG3ne6D1VONCCVC6jjBbF1gDMKn3GCeo=
-gogs.inhome.blapointe.com/local/oauth2 v0.0.0-20230410162733-d39498ff8454/go.mod h1:YDG4DAUbmKcQUDWdZAJyoUtX+N2zQIFQ0fz88lAPuiU=
-gogs.inhome.blapointe.com/local/router v0.0.0-20230410162418-08ccdc13df87/go.mod h1:FCXhK6+lzJcxBsptnei6vw9pChuQvr4NtuosngjVJDk=
-gogs.inhome.blapointe.com/local/storage v0.0.0-20230410162102-db39d7b02e29/go.mod h1:zk8Fe2Ezc2f6oOe2yllsbEhXqssUU1K2faoS0eQ9alY=
 golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190131182504-b8fe1690c613/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
diff --git a/main.go b/main.go
index 2b2404d..e0e9b9a 100755
--- a/main.go
+++ b/main.go
@@ -1,8 +1,8 @@
 package main
 
 import (
-	"gogs.inhome.blapointe.com/local/rproxy3/config"
-	"gogs.inhome.blapointe.com/local/rproxy3/server"
+	"gitea.inhome.blapointe.com/local/rproxy3/config"
+	"gitea.inhome.blapointe.com/local/rproxy3/server"
 )
 
 func main() {
diff --git a/server/new.go b/server/new.go
index 0e7103a..334e055 100755
--- a/server/new.go
+++ b/server/new.go
@@ -1,8 +1,8 @@
 package server
 
 import (
-	"gogs.inhome.blapointe.com/local/rproxy3/config"
-	"gogs.inhome.blapointe.com/local/rproxy3/storage"
+	"gitea.inhome.blapointe.com/local/rproxy3/config"
+	"gitea.inhome.blapointe.com/local/rproxy3/storage"
 
 	"golang.org/x/time/rate"
 )
diff --git a/server/proxy.go b/server/proxy.go
index b62ba16..d5de8ad 100755
--- a/server/proxy.go
+++ b/server/proxy.go
@@ -4,8 +4,8 @@ import (
 	"bytes"
 	"crypto/tls"
 	"io"
-	"gogs.inhome.blapointe.com/local/rproxy3/config"
-	"gogs.inhome.blapointe.com/local/rproxy3/storage/packable"
+	"gitea.inhome.blapointe.com/local/rproxy3/config"
+	"gitea.inhome.blapointe.com/local/rproxy3/storage/packable"
 	"log"
 	"net/http"
 	"net/http/httputil"
diff --git a/server/routes.go b/server/routes.go
index 956b808..7d30def 100755
--- a/server/routes.go
+++ b/server/routes.go
@@ -1,7 +1,7 @@
 package server
 
 import (
-	"gogs.inhome.blapointe.com/local/rproxy3/config"
+	"gitea.inhome.blapointe.com/local/rproxy3/config"
 )
 
 func (s *Server) Routes() error {
diff --git a/server/server.go b/server/server.go
index a00cbe6..dd9e2c1 100755
--- a/server/server.go
+++ b/server/server.go
@@ -17,11 +17,11 @@ import (
 	"strings"
 	"time"
 
-	"gogs.inhome.blapointe.com/local/logb"
-	"gogs.inhome.blapointe.com/local/oauth2/oauth2client"
-	"gogs.inhome.blapointe.com/local/rproxy3/config"
-	"gogs.inhome.blapointe.com/local/rproxy3/storage"
-	"gogs.inhome.blapointe.com/local/rproxy3/storage/packable"
+	"gitea.inhome.blapointe.com/local/logb"
+	"gitea.inhome.blapointe.com/local/oauth2/oauth2client"
+	"gitea.inhome.blapointe.com/local/rproxy3/config"
+	"gitea.inhome.blapointe.com/local/rproxy3/storage"
+	"gitea.inhome.blapointe.com/local/rproxy3/storage/packable"
 
 	"github.com/google/uuid"
 	"golang.org/x/time/rate"
diff --git a/server/server_test.go b/server/server_test.go
index da09272..2346919 100755
--- a/server/server_test.go
+++ b/server/server_test.go
@@ -3,13 +3,14 @@ package server
 import (
 	"context"
 	"fmt"
-	"gogs.inhome.blapointe.com/local/rproxy3/config"
-	"gogs.inhome.blapointe.com/local/rproxy3/storage"
 	"net/http"
 	"net/http/httptest"
 	"strings"
 	"testing"
 
+	"gitea.inhome.blapointe.com/local/rproxy3/config"
+	"gitea.inhome.blapointe.com/local/rproxy3/storage"
+
 	"golang.org/x/time/rate"
 )
 
diff --git a/storage/db.go b/storage/db.go
index 2eb7492..20c0140 100755
--- a/storage/db.go
+++ b/storage/db.go
@@ -2,7 +2,7 @@ package storage
 
 import (
 	"errors"
-	"gogs.inhome.blapointe.com/local/rproxy3/storage/packable"
+	"gitea.inhome.blapointe.com/local/rproxy3/storage/packable"
 )
 
 var ErrNotFound = errors.New("not found")
diff --git a/storage/db_test.go b/storage/db_test.go
index 409fc27..76adfdb 100755
--- a/storage/db_test.go
+++ b/storage/db_test.go
@@ -1,7 +1,7 @@
 package storage
 
 import (
-	"gogs.inhome.blapointe.com/local/rproxy3/storage/packable"
+	"gitea.inhome.blapointe.com/local/rproxy3/storage/packable"
 	"os"
 	"testing"
 )
diff --git a/storage/map.go b/storage/map.go
index e253032..bf78cc5 100755
--- a/storage/map.go
+++ b/storage/map.go
@@ -2,7 +2,7 @@ package storage
 
 import (
 	"fmt"
-	"gogs.inhome.blapointe.com/local/rproxy3/storage/packable"
+	"gitea.inhome.blapointe.com/local/rproxy3/storage/packable"
 )
 
 type Map map[string]map[string][]byte

From abf628d2bbd3a651a594bcc336d4bad33531497f Mon Sep 17 00:00:00 2001
From: bel <bel@bel.bel>
Date: Sun, 10 Mar 2024 11:08:51 -0600
Subject: [PATCH 3/4] proxy2 does auth inline

---
 config/config.go    |  41 ++++++++----
 config/new.go       |   9 ++-
 example_config.yaml |   4 +-
 server/new.go       |   2 -
 server/proxy.go     |  11 ++--
 server/server.go    | 156 ++++----------------------------------------
 6 files changed, 51 insertions(+), 172 deletions(-)

diff --git a/config/config.go b/config/config.go
index a503e00..6873ab5 100755
--- a/config/config.go
+++ b/config/config.go
@@ -4,15 +4,19 @@ import (
 	"encoding/json"
 	"fmt"
 	"log"
+	"regexp"
 	"strings"
 	"time"
+
+	"gopkg.in/yaml.v2"
 )
 
 type Proxy struct {
-	To string
+	Auth string
+	To   string
 }
 
-func parseProxy(s string) (string, Proxy) {
+func parseOneProxyCSV(s string) (string, Proxy) {
 	p := Proxy{}
 	key := ""
 	l := strings.Split(s, ",")
@@ -25,16 +29,6 @@ func parseProxy(s string) (string, Proxy) {
 	return key, p
 }
 
-func GetAuthelia() (string, bool) {
-	authelia := conf.Get("authelia").GetString()
-	return authelia, authelia != ""
-}
-
-func GetBOAuthZ() (string, bool) {
-	boauthz := conf.Get("oauth").GetString()
-	return boauthz, boauthz != ""
-}
-
 func GetAuth() (string, string, bool) {
 	user := conf.Get("user").GetString()
 	pass := conf.Get("pass").GetString()
@@ -63,11 +57,30 @@ func GetRate() (int, int) {
 }
 
 func GetRoutes() map[string]Proxy {
-	list := conf.Get("proxy").GetString()
+	s := conf.Get("proxy2").GetString()
+	var dict map[string]string
+	if err := yaml.Unmarshal([]byte(s), &dict); err == nil && len(s) > 0 {
+		pattern := regexp.MustCompile(`(([^:]*):)?([a-z0-9]*:.*)`)
+		result := map[string]Proxy{}
+		for k, v := range dict {
+			submatches := pattern.FindAllStringSubmatch(v, -1)
+			log.Printf("%+v", submatches)
+			result[k] = Proxy{
+				Auth: submatches[0][2],
+				To:   submatches[0][3],
+			}
+		}
+		return result
+	}
+	return getRoutesCSV()
+}
+
+func getRoutesCSV() map[string]Proxy {
+	list := conf.Get("proxy2").GetString()
 	definitions := strings.Split(list, ",,")
 	routes := make(map[string]Proxy)
 	for _, definition := range definitions {
-		k, v := parseProxy(definition)
+		k, v := parseOneProxyCSV(definition)
 		routes[k] = v
 	}
 	return routes
diff --git a/config/new.go b/config/new.go
index 86b3506..596c9a1 100755
--- a/config/new.go
+++ b/config/new.go
@@ -2,12 +2,13 @@ package config
 
 import (
 	"fmt"
-	"gitea.inhome.blapointe.com/local/args"
-	"gitea.inhome.blapointe.com/local/logb"
 	"log"
 	"os"
 	"strings"
 	"time"
+
+	"gitea.inhome.blapointe.com/local/args"
+	"gitea.inhome.blapointe.com/local/logb"
 )
 
 var conf *args.ArgSet
@@ -50,9 +51,7 @@ func parseArgs() (*args.ArgSet, error) {
 	as.Append(args.STRING, "trim", "path prefix to trim, like '/abc' to change '/abc/def' to '/def'", "")
 	as.Append(args.STRING, "tcp", "address for tcp only tunnel", "")
 	as.Append(args.DURATION, "timeout", "timeout for tunnel", time.Minute)
-	as.Append(args.STRING, "proxy", "double-comma separated (+ if auth)from,scheme://to.tld:port,,", "")
-	as.Append(args.STRING, "oauth", "url for boauthz", "")
-	as.Append(args.STRING, "authelia", "url for authelia", "")
+	as.Append(args.STRING, "proxy2", "double-comma separated 'from,scheme://to.tld:port,,' OR a yaml dictionary of 'from: (password:)scheme://to.tld:port'", "")
 	as.Append(args.STRING, "cors", "json dict key:true for keys to set CORS permissive headers, like {\"from\":true}", "{}")
 	as.Append(args.STRING, "nopath", "json dict key:true for keys to remove all path info from forwarded request, like -cors", "{}")
 	as.Append(args.STRING, "level", "log level", "info")
diff --git a/example_config.yaml b/example_config.yaml
index 24f9210..4c8f4c1 100755
--- a/example_config.yaml
+++ b/example_config.yaml
@@ -7,5 +7,7 @@ crt: ""
 key: ""
 tcp: ""
 timeout: 1m
-proxy: a,http://localhost:41912,,+b,http://localhost:41912
+proxy2: |
+  a: http://localhost:41912
+  b: password:http://localhost:41912
 oauth: http://localhost:23456
diff --git a/server/new.go b/server/new.go
index 334e055..48269c1 100755
--- a/server/new.go
+++ b/server/new.go
@@ -17,7 +17,5 @@ func New() *Server {
 		altaddr: altport,
 		limiter: rate.NewLimiter(rate.Limit(r), b),
 	}
-	_, server.auth.BOAuthZ = config.GetBOAuthZ()
-	_, server.auth.Authelia = config.GetAuthelia()
 	return server
 }
diff --git a/server/proxy.go b/server/proxy.go
index d5de8ad..341160f 100755
--- a/server/proxy.go
+++ b/server/proxy.go
@@ -4,13 +4,14 @@ import (
 	"bytes"
 	"crypto/tls"
 	"io"
-	"gitea.inhome.blapointe.com/local/rproxy3/config"
-	"gitea.inhome.blapointe.com/local/rproxy3/storage/packable"
 	"log"
 	"net/http"
 	"net/http/httputil"
 	"net/url"
 	"strings"
+
+	"gitea.inhome.blapointe.com/local/rproxy3/config"
+	"gitea.inhome.blapointe.com/local/rproxy3/storage/packable"
 )
 
 type redirPurge struct {
@@ -51,10 +52,10 @@ func (s *Server) lookup(host string) (*url.URL, error) {
 	return v.URL(), err
 }
 
-func (s *Server) lookupAuth(host string) (bool, error) {
+func (s *Server) lookupAuth(host string) (string, error) {
 	v := packable.NewString()
-	err := s.db.Get(nsBOAuthZ, host, v)
-	return v.String() == "true", err
+	err := s.db.Get(nsRouting, host+"//auth", v)
+	return v.String(), err
 }
 
 func mapKey(host string) string {
diff --git a/server/server.go b/server/server.go
index dd9e2c1..e2a342c 100755
--- a/server/server.go
+++ b/server/server.go
@@ -12,13 +12,10 @@ import (
 	"net"
 	"net/http"
 	"net/url"
-	"path"
 	"strconv"
 	"strings"
 	"time"
 
-	"gitea.inhome.blapointe.com/local/logb"
-	"gitea.inhome.blapointe.com/local/oauth2/oauth2client"
 	"gitea.inhome.blapointe.com/local/rproxy3/config"
 	"gitea.inhome.blapointe.com/local/rproxy3/storage"
 	"gitea.inhome.blapointe.com/local/rproxy3/storage/packable"
@@ -28,7 +25,6 @@ import (
 )
 
 const nsRouting = "routing"
-const nsBOAuthZ = "oauth"
 
 type listenerScheme int
 
@@ -57,21 +53,18 @@ type Server struct {
 	username string
 	password string
 	limiter  *rate.Limiter
-	auth     struct {
-		BOAuthZ  bool
-		Authelia bool
-	}
 }
 
 func (s *Server) Route(src string, dst config.Proxy) error {
-	hasOAuth := strings.HasPrefix(src, "+")
 	src = strings.TrimPrefix(src, "+")
 	log.Printf("Adding route %q -> %v...\n", src, dst)
 	u, err := url.Parse(dst.To)
 	if err != nil {
 		return err
 	}
-	s.db.Set(nsBOAuthZ, src, packable.NewString(fmt.Sprint(hasOAuth)))
+	if err := s.db.Set(nsRouting, src+"//auth", packable.NewString(dst.Auth)); err != nil {
+		return err
+	}
 	return s.db.Set(nsRouting, src, packable.NewURL(u))
 }
 
@@ -108,135 +101,6 @@ func (s *Server) Run() error {
 	return errors.New("did not load server")
 }
 
-func (s *Server) doAuthelia(foo http.HandlerFunc) http.HandlerFunc {
-	return func(w http.ResponseWriter, r *http.Request) {
-		authelia, ok := config.GetAuthelia()
-		if !ok {
-			panic("howd i get here")
-		}
-		url, err := url.Parse(authelia)
-		if err != nil {
-			panic(fmt.Sprintf("bad config for authelia url: %v", err))
-		}
-		url.Path = "/api/verify"
-		logb.Verbosef("authelia @ %s", url.String())
-		req, err := http.NewRequest(http.MethodGet, url.String(), nil)
-		if err != nil {
-			panic(err.Error())
-		}
-		r2 := r.Clone(r.Context())
-		if r2.URL.Host == "" {
-			r2.URL.Host = r2.Host
-		}
-		if r2.URL.Scheme == "" {
-			r2.URL.Scheme = "https"
-		}
-		for _, httpreq := range []*http.Request{r, req} {
-			for k, v := range map[string]string{
-				"X-Original-Url":    r2.URL.String(),
-				"X-Forwarded-Proto": r2.URL.Scheme,
-				"X-Forwarded-Host":  r2.URL.Host,
-				"X-Forwarded-Uri":   r2.URL.String(),
-			} {
-				if _, ok := httpreq.Header[k]; !ok {
-					logb.Verbosef("authelia header setting %s:%s", k, v)
-					httpreq.Header.Set(k, v)
-				}
-			}
-		}
-		if cookie, err := r.Cookie("authelia_session"); err == nil {
-			logb.Verbosef("authelia session found in cookies; %+v", cookie)
-			req.AddCookie(cookie)
-		}
-		c := &http.Client{
-			Timeout: time.Minute,
-			Transport: &http.Transport{
-				TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
-			},
-		}
-
-		autheliaKey := mapKey(req.Host)
-		logb.Verbosef("request to %s is authelia %s? %v", r.Host, autheliaKey, strings.HasPrefix(r.Host, autheliaKey))
-		if strings.HasPrefix(r.Host, autheliaKey) {
-			logb.Debugf("no authelia for %s because it has prefix %s", r.Host, autheliaKey)
-			foo(w, r)
-			return
-		}
-
-		resp, err := c.Do(req)
-		if err != nil {
-			http.Error(w, err.Error(), http.StatusInternalServerError)
-			return
-		}
-		logb.Debugf(
-			"authelia: %+v, %+v \n\t-> \n\t(%d) %+v, %+v",
-			req,
-			req.Cookies(),
-			resp.StatusCode,
-			resp.Header,
-			resp.Cookies(),
-		)
-		defer resp.Body.Close()
-		if resp.StatusCode == http.StatusOK {
-			for k := range resp.Header {
-				if strings.HasPrefix(k, "Remote-") {
-					cookie := &http.Cookie{
-						Name:     k,
-						Value:    resp.Header.Get(k),
-						Path:     "/",
-						SameSite: http.SameSiteLaxMode,
-						Expires:  time.Now().Add(24 * time.Hour * 30),
-					}
-					logb.Verbosef("setting authelia cookie in response: %+v", cookie)
-					http.SetCookie(w, cookie)
-					logb.Verbosef("setting authelia cookie in request: %+v", cookie)
-					r.AddCookie(cookie)
-				}
-			}
-			foo(w, r)
-			return
-		}
-		url.Path = ""
-		q := url.Query()
-		q.Set("rd", r2.URL.String())
-		url.RawQuery = q.Encode()
-		logb.Verbosef("authelia status %d, rd'ing %s", resp.StatusCode, url.String())
-		http.Redirect(w, r, url.String(), http.StatusFound)
-	}
-}
-
-func (s *Server) doBOAuthZ(foo http.HandlerFunc) http.HandlerFunc {
-	return func(w http.ResponseWriter, r *http.Request) {
-		key := mapKey(r.Host)
-		rusr, rpwd, ok := config.GetAuth()
-		if ok {
-			usr, pwd, ok := r.BasicAuth()
-			if !ok || rusr != usr || rpwd != pwd {
-				w.Header().Set("WWW-Authenticate", "Basic")
-				w.WriteHeader(403)
-				log.Printf("denying proxy basic auth")
-				return
-			}
-		}
-		ok, err := s.lookupAuth(key)
-		if err != nil {
-			w.WriteHeader(http.StatusInternalServerError)
-			return
-		}
-		if url, exists := config.GetBOAuthZ(); ok && exists {
-			err := oauth2client.Authenticate(url, key, w, r)
-			if err != nil {
-				log.Printf("failed proxy oauth2: %v", err)
-				return
-			}
-		}
-		if config.GetNoPath(key) && path.Ext(r.URL.Path) == "" {
-			r.URL.Path = "/"
-		}
-		foo(w, r)
-	}
-}
-
 func (s *Server) ServeTCP(addr string) error {
 	listen, err := net.Listen("tcp", s.addr)
 	if err != nil {
@@ -286,12 +150,14 @@ func (s *Server) Pre(foo http.HandlerFunc) http.HandlerFunc {
 			return
 		}
 
-		if s.auth.BOAuthZ {
-			logb.Verbosef("doing boauthz for request to %s", r.URL.String())
-			s.doBOAuthZ(foo)(w, r)
-		} else if s.auth.Authelia {
-			logb.Verbosef("doing authelia for request to %s", r.URL.String())
-			s.doAuthelia(foo)(w, r)
+		if auth, err := s.lookupAuth(mapKey(r.Host)); err != nil {
+			log.Printf("failed to lookup auth for %s (%s): %v", r.Host, mapKey(r.Host), err)
+			w.Header().Set("WWW-Authenticate", "Basic")
+			http.Error(w, err.Error(), http.StatusForbidden)
+		} else if _, p, _ := r.BasicAuth(); auth != p {
+			log.Printf("failed to auth: expected %q but got %q", auth, p)
+			w.Header().Set("WWW-Authenticate", "Basic")
+			http.Error(w, "unexpected basic auth", http.StatusForbidden)
 		} else {
 			foo(w, r)
 		}

From f083763f1d7e0fd450f167db58f091310c8b2ec2 Mon Sep 17 00:00:00 2001
From: bel <bel@bel.bel>
Date: Sun, 10 Mar 2024 11:17:48 -0600
Subject: [PATCH 4/4] there we go

---
 server/server.go | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/server/server.go b/server/server.go
index e2a342c..4ffbfbc 100755
--- a/server/server.go
+++ b/server/server.go
@@ -153,11 +153,11 @@ func (s *Server) Pre(foo http.HandlerFunc) http.HandlerFunc {
 		if auth, err := s.lookupAuth(mapKey(r.Host)); err != nil {
 			log.Printf("failed to lookup auth for %s (%s): %v", r.Host, mapKey(r.Host), err)
 			w.Header().Set("WWW-Authenticate", "Basic")
-			http.Error(w, err.Error(), http.StatusForbidden)
+			http.Error(w, err.Error(), http.StatusUnauthorized)
 		} else if _, p, _ := r.BasicAuth(); auth != p {
 			log.Printf("failed to auth: expected %q but got %q", auth, p)
 			w.Header().Set("WWW-Authenticate", "Basic")
-			http.Error(w, "unexpected basic auth", http.StatusForbidden)
+			http.Error(w, "unexpected basic auth", http.StatusUnauthorized)
 		} else {
 			foo(w, r)
 		}
@@ -215,7 +215,6 @@ func (cb corsResponseWriter) WriteHeader(code int) {
 func doCORS(w http.ResponseWriter, r *http.Request) (http.ResponseWriter, bool) {
 	key := mapKey(r.Host)
 	if !config.GetCORS(key) {
-		pushMeta(r, "do-cors", "not enabled for key")
 		return w, false
 	}
 	pushMeta(r, "do-cors", "enabled for key")