initial user-agent driven interstitial implementation (#715)

endpoints/publicProxy/config.go

@@ -16,11 +16,16 @@ type Config struct {
 	Identity     string
 	Address      string
 	HostMatch    string
-	Interstitial bool
+	Interstitial *InterstitialConfig
 	Oauth        *OauthConfig
 	Tls          *endpoints.TlsConfig
 }
 
+type InterstitialConfig struct {
+	Enabled           bool
+	UserAgentPrefixes []string
+}
+
 type OauthConfig struct {
 	BindAddress  string
 	RedirectUrl  string
@@ -48,7 +53,6 @@ func DefaultConfig() *Config {
 	return &Config{
 		Identity: "public",
 		Address:  "0.0.0.0:8080",
-		Interstitial: false,
 	}
 }
 

endpoints/publicProxy/http.go

@@ -158,7 +158,22 @@ func shareHandler(handler http.Handler, pcfg *Config, key []byte, ctx ziti.Conte
 		if shrToken != "" {
 			if svc, found := endpoints.GetRefreshedService(shrToken, ctx); found {
 				if cfg, found := svc.Config[sdk.ZrokProxyConfig]; found {
-					if pcfg.Interstitial {
+					if pcfg.Interstitial != nil && pcfg.Interstitial.Enabled {
+						sendInterstitial := true
+						if len(pcfg.Interstitial.UserAgentPrefixes) > 0 {
+							ua := r.Header.Get("User-Agent")
+							matched := false
+							for _, prefix := range pcfg.Interstitial.UserAgentPrefixes {
+								if strings.HasPrefix(ua, prefix) {
+									matched = true
+									break
+								}
+							}
+							if !matched {
+								sendInterstitial = false
+							}
+						}
+						if sendInterstitial {
 							if v, istlFound := cfg["interstitial"]; istlFound {
 								if istlEnabled, ok := v.(bool); ok && istlEnabled {
 									skip := r.Header.Get("skip_zrok_interstitial")
@@ -171,6 +186,7 @@ func shareHandler(handler http.Handler, pcfg *Config, key []byte, ctx ziti.Conte
 								}
 							}
 						}
+					}
 
 					if scheme, found := cfg["auth_scheme"]; found {
 						switch scheme {