Validate cloudflare access protected origins

2026-03-24 12:50:45 +08:00
parent 854718992f
commit ed6be9b078
7 changed files with 217 additions and 0 deletions
--- a/protocol/cloudflare/dispatch.go
+++ b/protocol/cloudflare/dispatch.go
@@ -321,6 +321,18 @@ func (i *Inbound) roundTripHTTP(ctx context.Context, stream io.ReadWriteCloser,
 		defer cancel()
 		httpRequest = httpRequest.WithContext(requestCtx)
 	}
+	if service.OriginRequest.Access.Required {
+		validator, err := i.accessCache.Get(service.OriginRequest.Access)
+		if err != nil {
+			i.logger.ErrorContext(ctx, "create access validator: ", err)
+			respWriter.WriteResponse(err, nil)
+			return
+		}
+		if err := validator.Validate(requestCtx, httpRequest); err != nil {
+			respWriter.WriteResponse(nil, encodeResponseHeaders(http.StatusForbidden, http.Header{}))
+			return
+		}
+	}

 	httpClient := &http.Client{
 		Transport: transport,