Refactored trusted_proxies_unix to boolean

cseufert · francislavoie · commit f9199c7a3812 · 2025-10-15T22:16:44.000-04:00
Added .caddyfiletest case for trusted_proxies_unix
diff --git a/caddyconfig/httpcaddyfile/serveroptions.go b/caddyconfig/httpcaddyfile/serveroptions.go
@@ -51,7 +51,7 @@ type serverOptions struct {
 	StrictSNIHost        *bool
 	TrustedProxiesRaw    json.RawMessage
 	TrustedProxiesStrict int
-	TrustedProxiesUnix   int
+	TrustedProxiesUnix   bool
 	ClientIPHeaders      []string
 	ShouldLogCredentials bool
 	Metrics              *caddyhttp.Metrics
@@ -256,7 +256,7 @@ func unmarshalCaddyfileServerOptions(d *caddyfile.Dispenser) (any, error) {
 			if d.NextArg() {
 				return nil, d.ArgErr()
 			}
-			serverOpts.TrustedProxiesUnix = 1
+			serverOpts.TrustedProxiesUnix = true
 
 		case "client_ip_headers":
 			headers := d.RemainingArgs()
diff --git a/caddytest/integration/caddyfile_adapt/reverse_proxy_trusted_proxies_unix.caddyfiletest b/caddytest/integration/caddyfile_adapt/reverse_proxy_trusted_proxies_unix.caddyfiletest
@@ -0,0 +1,59 @@
+{
+	servers {
+		trusted_proxies_unix
+	}
+}
+
+example.com {
+	reverse_proxy https://local:8080
+}
+----------
+{
+	"apps": {
+		"http": {
+			"servers": {
+				"srv0": {
+					"listen": [
+						":443"
+					],
+					"routes": [
+						{
+							"match": [
+								{
+									"host": [
+										"example.com"
+									]
+								}
+							],
+							"handle": [
+								{
+									"handler": "subroute",
+									"routes": [
+										{
+											"handle": [
+												{
+													"handler": "reverse_proxy",
+													"transport": {
+														"protocol": "http",
+														"tls": {}
+													},
+													"upstreams": [
+														{
+															"dial": "local:8080"
+														}
+													]
+												}
+											]
+										}
+									]
+								}
+							],
+							"terminal": true
+						}
+					],
+					"trusted_proxies_unix": true
+				}
+			}
+		}
+	}
+}
diff --git a/modules/caddyhttp/server.go b/modules/caddyhttp/server.go
@@ -208,7 +208,7 @@ type Server struct {
 	//
 	// This option is disabled by default.
 
-	TrustedProxiesUnix int `json:"trusted_proxies_unix,omitempty"`
+	TrustedProxiesUnix bool `json:"trusted_proxies_unix,omitempty"`
 
 	// Enables access logging and configures how access logs are handled
 	// in this server. To minimally enable access logs, simply set this
@@ -949,7 +949,7 @@ func determineTrustedProxy(r *http.Request, s *Server) (bool, string) {
 		return false, ""
 	}
 
-	if s.TrustedProxiesUnix > 0 && r.RemoteAddr == "@" {
+	if s.TrustedProxiesUnix && r.RemoteAddr == "@" {
 		if s.TrustedProxiesStrict > 0 {
 			ipRanges := []netip.Prefix{}
 			if s.trustedProxies != nil {
diff --git a/modules/caddyhttp/server_test.go b/modules/caddyhttp/server_test.go
@@ -300,7 +300,7 @@ func TestServer_DetermineTrustedProxy_TrustedLoopback(t *testing.T) {
 func TestServer_DetermineTrustedProxy_UnixSocket(t *testing.T) {
 	server := &Server{
 		ClientIPHeaders:    []string{"X-Forwarded-For"},
-		TrustedProxiesUnix: 1,
+		TrustedProxiesUnix: true,
 	}
 
 	req := httptest.NewRequest("GET", "/", nil)
@@ -316,7 +316,7 @@ func TestServer_DetermineTrustedProxy_UnixSocket(t *testing.T) {
 func TestServer_DetermineTrustedProxy_UnixSocketStrict(t *testing.T) {
 	server := &Server{
 		ClientIPHeaders:      []string{"X-Forwarded-For"},
-		TrustedProxiesUnix:   1,
+		TrustedProxiesUnix:   true,
 		TrustedProxiesStrict: 1,
 	}
 
