From bd5add4a4840efc10c2adcecd4d76429df04380c Mon Sep 17 00:00:00 2001
From: Andrii Nikitin <anikitin@suse.de>
Date: Mon, 3 Nov 2025 04:53:43 +0100
Subject: [PATCH] Detect vpn from http header variable

---
 lib/MirrorCache/Datamodule.pm   | 19 +++++++++++++++++++
 t/environ/01-smoke-multiroot.sh |  7 +++++++
 2 files changed, 26 insertions(+)

diff --git a/lib/MirrorCache/Datamodule.pm b/lib/MirrorCache/Datamodule.pm
index 30405d15..7bfd4a5a 100644
--- a/lib/MirrorCache/Datamodule.pm
+++ b/lib/MirrorCache/Datamodule.pm
@@ -63,6 +63,8 @@ has '_root_longitude' => ($ENV{MIRRORCACHE_ROOT_LONGITUDE} ? int($ENV{MIRRORCACH
 has root_subtree => ($ENV{MIRRORCACHE_SUBTREE} // "");
 
 has _vpn_var => $ENV{MIRRORCACHE_VPN};
+has _vpn_header_variable => ($ENV{MIRRORCACHE_VPN_HEADER_VARIABLE} // "");
+has _vpn_header_value    => ($ENV{MIRRORCACHE_VPN_HEADER_VALUE} // "");
 has vpn_prefix => ($ENV{MIRRORCACHE_VPN_PREFIX} ? lc($ENV{MIRRORCACHE_VPN_PREFIX}) : "10.");
 has vpn_prefix_neg => ($ENV{MIRRORCACHE_VPN_PREFIX_NEG} ? lc($ENV{MIRRORCACHE_VPN_PREFIX_NEG}) : "");
 
@@ -114,6 +116,7 @@ sub reset($self, $c, $top_folder = undef) {
     $self->file_age(undef);
     $self->media_version(undef);
     $self->ext(undef);
+    $self->_vpn(undef);
 }
 
 sub ip_sha1($self) {
@@ -129,6 +132,22 @@ sub ip($self) {
 
 sub vpn($self) {
     return $self->_vpn_var if defined $self->_vpn_var;
+    if (my $var = $self->_vpn_header_variable) {
+        unless (defined $self->_vpn) {
+            if (my $val = scalar($self->_vpn_header_value)) {
+                eval {
+                    if (my $zone = $self->c->req->headers->header($var)) {
+                        if (fc($zone) eq fc($val)) {
+                            $self->_vpn(1);
+                        } else {
+                            $self->_vpn(0);
+                        }
+                    }
+                    1;
+                } or print STDERR "Error in detecting $var: $@";
+            }
+        }
+    }
 
     unless (defined $self->_vpn) {
         unless ($self->vpn_prefix) {
diff --git a/t/environ/01-smoke-multiroot.sh b/t/environ/01-smoke-multiroot.sh
index 70139bfd..18d3d828 100755
--- a/t/environ/01-smoke-multiroot.sh
+++ b/t/environ/01-smoke-multiroot.sh
@@ -5,6 +5,8 @@ mc=$(environ mc $(pwd))
 MIRRORCACHE_SCHEDULE_RETRY_INTERVAL=0
 
 $mc/gen_env MIRRORCACHE_SCHEDULE_RETRY_INTERVAL=$MIRRORCACHE_SCHEDULE_RETRY_INTERVAL \
+    MIRRORCACHE_VPN_HEADER_VARIABLE='X-Company-Zone' \
+    MIRRORCACHE_VPN_HEADER_VALUE='engineering' \
     MIRRORCACHE_ROOT="'$mc/dt/root1:root1.com:root1.vpn|$mc/dt/root2:root2.com:root2.vpn|$mc/dt/root3:root3.com:root3.vpn'"
 
 mkdir -p $mc/dt/root1
@@ -44,6 +46,11 @@ $mc/sql "insert into server(hostname,urldir,enabled,country,region) select '$($a
 $mc/curl -Is /download/folder1/file1.1.dat | grep -i location: | grep root1.com
 $mc/curl -H 'X-Forwarded-For: 10.0.0.1' -Is /download/folder1/file1.1.dat | grep -i location: | grep root1.vpn
 
+$mc/curl -H 'X-Company-Zone: other'       -Is /download/folder1/file1.1.dat | grep -i location: | grep root1.com
+$mc/curl -H 'X-Company-Zone: engineering' -Is /download/folder1/file1.1.dat | grep -i location: | grep root1.vpn
+$mc/curl -H 'X-Forwarded-For: 10.0.0.1; X-Company-Zone: other'       -Is /download/folder1/file1.1.dat | grep -i location: | grep root1.com
+
+
 $mc/backstage/job folder_sync_schedule_from_misses
 $mc/backstage/job folder_sync_schedule
 $mc/backstage/shoot