fix(ogtags): respect target host/SNI/insecure flags in OG passthrough (#1283)

2025-11-16 21:32:03 -05:00 · 2025-11-16 21:32:03 -05:00 · 1d91bc99f2
commit 1d91bc99f2
parent c70b939651
14 changed files with 440 additions and 84 deletions
--- a/lib/config.go
+++ b/lib/config.go
@ -27,27 +27,30 @@ import (
 )

 type Options struct {
-	Next                 http.Handler
-	Policy               *policy.ParsedConfig
-	Logger               *slog.Logger
-	OpenGraph            config.OpenGraph
-	PublicUrl            string
-	CookieDomain         string
-	JWTRestrictionHeader string
-	BasePrefix           string
-	WebmasterEmail       string
-	Target               string
-	RedirectDomains      []string
-	ED25519PrivateKey    ed25519.PrivateKey
-	HS512Secret          []byte
-	CookieExpiration     time.Duration
-	CookieSameSite       http.SameSite
-	ServeRobotsTXT       bool
-	CookieSecure         bool
-	StripBasePrefix      bool
-	CookiePartitioned    bool
-	CookieDynamicDomain  bool
-	DifficultyInJWT      bool
+	Next                     http.Handler
+	Policy                   *policy.ParsedConfig
+	Target                   string
+	TargetHost               string
+	TargetSNI                string
+	TargetInsecureSkipVerify bool
+	CookieDynamicDomain      bool
+	CookieDomain             string
+	CookieExpiration         time.Duration
+	CookiePartitioned        bool
+	BasePrefix               string
+	WebmasterEmail           string
+	RedirectDomains          []string
+	ED25519PrivateKey        ed25519.PrivateKey
+	HS512Secret              []byte
+	StripBasePrefix          bool
+	OpenGraph                config.OpenGraph
+	ServeRobotsTXT           bool
+	CookieSecure             bool
+	CookieSameSite           http.SameSite
+	Logger                   *slog.Logger
+	PublicUrl                string
+	JWTRestrictionHeader     string
+	DifficultyInJWT          bool
 }

 func LoadPoliciesOrDefault(ctx context.Context, fname string, defaultDifficulty int) (*policy.ParsedConfig, error) {
@ -116,9 +119,13 @@ func New(opts Options) (*Server, error) {
 		hs512Secret: opts.HS512Secret,
 		policy:      opts.Policy,
 		opts:        opts,
-		OGTags:      ogtags.NewOGTagCache(opts.Target, opts.Policy.OpenGraph, opts.Policy.Store),
-		store:       opts.Policy.Store,
-		logger:      opts.Logger,
+		OGTags: ogtags.NewOGTagCache(opts.Target, opts.Policy.OpenGraph, opts.Policy.Store, ogtags.TargetOptions{
+			Host:               opts.TargetHost,
+			SNI:                opts.TargetSNI,
+			InsecureSkipVerify: opts.TargetInsecureSkipVerify,
+		}),
+		store:  opts.Policy.Store,
+		logger: opts.Logger,
 	}

 	mux := http.NewServeMux()