feat(lib): Add optional restrictions for JWT based on a specific header value (#697)

* Add JWTRestrictionHeader funktionality * Add JWTRestrictionHeader to docs * Move JWT_RESTRICTION_HEADER from advanced section to normal one * Add rull request URL to Changelog * Set default value of JWT_RESTRICTION_HEADER to X-Real-IP
2025-08-14 01:27:42 +02:00 · 2025-08-14 01:27:42 +02:00 · ff691dfee8
commit ff691dfee8
parent 83503525f2
5 changed files with 79 additions and 46 deletions
--- a/lib/config.go
+++ b/lib/config.go
@ -27,24 +27,25 @@ import (
 )

 type Options struct {
-	Next                http.Handler
-	Policy              *policy.ParsedConfig
-	Target              string
-	CookieDynamicDomain bool
-	CookieDomain        string
-	CookieExpiration    time.Duration
-	CookiePartitioned   bool
-	BasePrefix          string
-	WebmasterEmail      string
-	RedirectDomains     []string
-	ED25519PrivateKey   ed25519.PrivateKey
-	HS512Secret         []byte
-	StripBasePrefix     bool
-	OpenGraph           config.OpenGraph
-	ServeRobotsTXT      bool
-	CookieSecure        bool
-	Logger              *slog.Logger
-	PublicUrl           string
+	Next                 http.Handler
+	Policy               *policy.ParsedConfig
+	Target               string
+	CookieDynamicDomain  bool
+	CookieDomain         string
+	CookieExpiration     time.Duration
+	CookiePartitioned    bool
+	BasePrefix           string
+	WebmasterEmail       string
+	RedirectDomains      []string
+	ED25519PrivateKey    ed25519.PrivateKey
+	HS512Secret          []byte
+	StripBasePrefix      bool
+	OpenGraph            config.OpenGraph
+	ServeRobotsTXT       bool
+	CookieSecure         bool
+	Logger               *slog.Logger
+	PublicUrl            string
+	JWTRestrictionHeader string
 }

 func LoadPoliciesOrDefault(ctx context.Context, fname string, defaultDifficulty int) (*policy.ParsedConfig, error) {