akanealw/Charon
1
0
Fork 0
Code Issues Pull Requests Actions 16 Packages Projects Releases Wiki Activity
Files
6e0cb3f89a99fe052d431d3797326ba4bdd92fcd
Charon/docs/reports/crowdsec_bouncer_field_investigation.md
GitHub Actions f936c93896 fix: add missing field handlers in proxy host Update endpoint 
Add handlers for enable_standard_headers, forward_auth_enabled, and waf_disabled fields
in the proxy host Update function. These fields were defined in the model but were not
being processed during updates, causing:

- 500 errors when saving proxy host configurations
- Auth pass-through failures for apps like Seerr/Overseerr due to missing X-Forwarded-* headers

Changes:
- backend: Add field handlers for 3 missing fields in proxy_host_handler.go
- backend: Add 5 comprehensive unit tests for field handling
- frontend: Update TypeScript ProxyHost interface with missing fields
- docs: Document fixes in CHANGELOG.md

Tests: All 1147 tests pass (backend 85.6%, frontend 87.7% coverage)
Security: No vulnerabilities (Trivy + govulncheck clean)

Fixes #16 (auth pass-through)
Fixes #17 (500 error on save)
2025-12-20 01:55:52 +00:00

2.7 KiB
Raw Blame History

CrowdSec Bouncer Field Name Investigation

Date: December 15, 2025 Agent: Backend_Dev Status: 🔴 BLOCKED - Plugin Configuration Schema Unknown

Executive Summary

CrowdSec LAPI is running correctly on port 8085 and responding to queries. However, the Caddy CrowdSec bouncer cannot connect to LAPI because the plugin rejects ALL field name variants tested in the JSON configuration.

Field Names Tested (All Rejected)

  • api_url - "json: unknown field"
  • crowdsec_lapi_url - "json: unknown field"
  • lapi_url - "json: unknown field"
  • enable_streaming - "json: unknown field"
  • ticker_interval - "json: unknown field"

Hypothesis: Configuration may need to be at app-level (apps.crowdsec) instead of handler-level (inline in route).

Current Implementation (Handler-Level)

// backend/internal/caddy/config.go, line 750
func buildCrowdSecHandler(...) (Handler, error) {
    h := Handler{"handler": "crowdsec"}
    h["lapi_url"] = "http://127.0.0.1:8085"
    h["api_key"] = apiKey
    return h, nil
}

This generates:

{
  "handle": [
    {
      "handler": "crowdsec",
      "lapi_url": "http://127.0.0.1:8085",
      "api_key": "..."
    }
  ]
}

Result: json: unknown field "lapi_url"

Caddyfile Format (from plugin README)

{
  crowdsec {
    api_url http://localhost:8080
    api_key <api_key>
    ticker_interval 15s
  }
}

Note: This is app-level config, not handler-level!

Proposed Solution: App-Level Configuration

Structure A: Dedicated CrowdSec App

{
  "apps": {
    "http": {...},
    "crowdsec": {
      "api_url": "http://127.0.0.1:8085",
      "api_key": "..."
    }
  }
}

Handler becomes:

{
  "handler": "crowdsec"  // No inline config
}

Structure B: HTTP App Config

{
  "apps": {
    "http": {
      "crowdsec": {
        "api_url": "http://127.0.0.1:8085",
        "api_key": "..."
      },
      "servers": {...}
    }
  }
}

Next Steps

  1. Research Plugin Source:

    git clone https://github.com/hslatman/caddy-crowdsec-bouncer
cd caddy-crowdsec-bouncer
grep -r "json:" --include="*.go"

  2. Test App-Level Config:

    • Modify GenerateConfig() to add apps.crowdsec
    • Remove inline config from handler
    • Rebuild and test

  3. Fallback:

    • File issue with plugin maintainer
    • Request JSON configuration documentation

Blocker: Unknown JSON configuration schema for caddy-crowdsec-bouncer Recommendation: Pause CrowdSec bouncer work until plugin configuration is clarified Impact: Critical - Zero blocking functionality in production

Reference in New Issue View Git Blame Copy Permalink