From e4dcc746106c5760c741ab772dae8b3c73dffd22 Mon Sep 17 00:00:00 2001
From: uumas <gitcommit@uumas.fi>
Date: Tue, 9 May 2023 21:39:37 +0300
Subject: [PATCH] vhost: Add support for http basic auth

---
 roles/vhost/defaults/main.yml       |  3 +++
 roles/vhost/meta/argument_specs.yml | 21 +++++++++++++++++++++
 roles/vhost/tasks/caddy.yml         |  7 +++++++
 roles/vhost/tasks/main.yml          |  3 +++
 4 files changed, 34 insertions(+)

diff --git a/roles/vhost/defaults/main.yml b/roles/vhost/defaults/main.yml
index acdec77..5296292 100644
--- a/roles/vhost/defaults/main.yml
+++ b/roles/vhost/defaults/main.yml
@@ -5,6 +5,9 @@ web_server: caddy
 vhost_locations: []
 vhost_headers: {}
 
+vhost_basicauth: false
+vhost_basicauth_users: {}
+
 proxy_target_protocol: http
 proxy_target_host: localhost
 
diff --git a/roles/vhost/meta/argument_specs.yml b/roles/vhost/meta/argument_specs.yml
index 13d0ee8..acdb0e4 100644
--- a/roles/vhost/meta/argument_specs.yml
+++ b/roles/vhost/meta/argument_specs.yml
@@ -33,6 +33,17 @@ argument_specs:
         required: false
         default: {}
 
+      vhost_basicauth:
+        description: Whether to require basic auth for the vhost
+        type: bool
+        required: false
+        default: false
+      vhost_basicauth_users:
+        description: A dict of basic auth users and their password hashes. Required if vhost_basicauth is true
+        type: dict
+        required: false
+        default: {}
+
       proxy_target_port:
         description: Port where to proxy requests to. Only applicable if vhost_type is reverse_proxy
         type: int
@@ -107,6 +118,16 @@ argument_specs:
             required: false
             default: "{{ vhost_headers }}"
 
+          basicauth:
+            description: Whether to require basic auth for the location
+            type: bool
+            required: false
+            default: "{{ vhost_basicauth }}"
+          basicauth_users:
+            description: A dict of basic auth users and their password hashes. Required if basicauth is true
+            type: dict
+            default: "{{ vhost_basicauth_users }}"
+
           proxy_target_port:
             description: Port where to proxy requests to. Only applicable if type is reverse_proxy.
             type: int
diff --git a/roles/vhost/tasks/caddy.yml b/roles/vhost/tasks/caddy.yml
index 20d449f..032f2fb 100644
--- a/roles/vhost/tasks/caddy.yml
+++ b/roles/vhost/tasks/caddy.yml
@@ -11,6 +11,13 @@
           {% for header in location.headers | dict2items %}
           header {{ header.key }} `{{ header.value }}`
           {% endfor %}
+          {% if location.basicauth %}
+          basicauth {
+            {% for user in location.basicauth_users | dict2items %}
+            {{ user.key }} {{ user.value }}
+            {% endfor %}
+          }
+          {% endif %}
           {% if location.type == 'reverse_proxy' %}
           reverse_proxy {{ location.proxy_target_protocol }}://{{ location.proxy_target_host }}:{{ location.proxy_target_port }} {
             {% if location.proxy_target_protocol == 'https' and location.proxy_target_host == 'localhost' %}
diff --git a/roles/vhost/tasks/main.yml b/roles/vhost/tasks/main.yml
index 31a7ed6..775cb52 100644
--- a/roles/vhost/tasks/main.yml
+++ b/roles/vhost/tasks/main.yml
@@ -26,6 +26,9 @@
       'type': item.type | default(vhost_type),
       'headers': item.headers | default(vhost_headers),
 
+      'basicauth': item.basicauth | default(vhost_basicauth),
+      'basicauth_users': item.basicauth_users | default(vhost_basicauth_users),
+
       'proxy_target_port': item.proxy_target_port | default(proxy_target_port if vhost_type == 'reverse_proxy' else ''),
       'proxy_target_host': item.proxy_target_host | default(proxy_target_host),
       'proxy_target_protocol': item.proxy_target_protocol | default(proxy_target_protocol),