akanealw/Charon
1
0
Fork 0
Code Issues Pull Requests Actions 14 Packages Projects Releases Wiki Activity
Files
028233f378cfdbd4e2fcbd3d56f3e4af2e4a75eb
Charon/docs/reports/crowdsec_bouncer_field_investigation.md
GitHub Actions f936c93896 fix: add missing field handlers in proxy host Update endpoint 
Add handlers for enable_standard_headers, forward_auth_enabled, and waf_disabled fields
in the proxy host Update function. These fields were defined in the model but were not
being processed during updates, causing:

- 500 errors when saving proxy host configurations
- Auth pass-through failures for apps like Seerr/Overseerr due to missing X-Forwarded-* headers

Changes:
- backend: Add field handlers for 3 missing fields in proxy_host_handler.go
- backend: Add 5 comprehensive unit tests for field handling
- frontend: Update TypeScript ProxyHost interface with missing fields
- docs: Document fixes in CHANGELOG.md

Tests: All 1147 tests pass (backend 85.6%, frontend 87.7% coverage)
Security: No vulnerabilities (Trivy + govulncheck clean)

Fixes #16 (auth pass-through)
Fixes #17 (500 error on save)
2025-12-20 01:55:52 +00:00

137 lines
2.7 KiB
Markdown
Raw Blame History

# CrowdSec Bouncer Field Name Investigation
**Date:** December 15, 2025
**Agent:** Backend_Dev
**Status:** 🔴 BLOCKED - Plugin Configuration Schema Unknown
---
## Executive Summary
CrowdSec LAPI is running correctly on port 8085 and responding to queries. However, **the Caddy CrowdSec bouncer cannot connect to LAPI** because the plugin rejects ALL field name variants tested in the JSON configuration.
### Field Names Tested (All Rejected)
-`api_url` - "json: unknown field"
-`crowdsec_lapi_url` - "json: unknown field"
-`lapi_url` - "json: unknown field"
-`enable_streaming` - "json: unknown field"
-`ticker_interval` - "json: unknown field"
**Hypothesis:** Configuration may need to be at **app-level** (`apps.crowdsec`) instead of **handler-level** (inline in route).
---
## Current Implementation (Handler-Level)
```go
// backend/internal/caddy/config.go, line 750
func buildCrowdSecHandler(...) (Handler, error) {
h := Handler{"handler": "crowdsec"}
h["lapi_url"] = "http://127.0.0.1:8085"
h["api_key"] = apiKey
return h, nil
}
```
This generates:
```json
{
"handle": [
{
"handler": "crowdsec",
"lapi_url": "http://127.0.0.1:8085",
"api_key": "..."
}
]
}
```
**Result:** `json: unknown field "lapi_url"`
---
## Caddyfile Format (from plugin README)
```caddyfile
{
crowdsec {
api_url http://localhost:8080
api_key <api_key>
ticker_interval 15s
}
}
```
**Note:** This is **app-level config**, not handler-level!
---
## Proposed Solution: App-Level Configuration
### Structure A: Dedicated CrowdSec App
```json
{
"apps": {
"http": {...},
"crowdsec": {
"api_url": "http://127.0.0.1:8085",
"api_key": "..."
}
}
}
```
Handler becomes:
```json
{
"handler": "crowdsec" // No inline config
}
```
### Structure B: HTTP App Config
```json
{
"apps": {
"http": {
"crowdsec": {
"api_url": "http://127.0.0.1:8085",
"api_key": "..."
},
"servers": {...}
}
}
}
```
---
## Next Steps
1. **Research Plugin Source:**
```bash
git clone https://github.com/hslatman/caddy-crowdsec-bouncer
cd caddy-crowdsec-bouncer
grep -r "json:" --include="*.go"
```
2. **Test App-Level Config:**
- Modify `GenerateConfig()` to add `apps.crowdsec`
- Remove inline config from handler
- Rebuild and test
3. **Fallback:**
- File issue with plugin maintainer
- Request JSON configuration documentation
---
**Blocker:** Unknown JSON configuration schema for caddy-crowdsec-bouncer
**Recommendation:** Pause CrowdSec bouncer work until plugin configuration is clarified
**Impact:** Critical - Zero blocking functionality in production
Reference in New Issue View Git Blame Copy Permalink