auth proxy: add VFS options parameter for use for default VFS

This is for use from the RC API.

cmd/serve/ftp/ftp.go

@@ -175,7 +175,7 @@ func newServer(ctx context.Context, f fs.Fs, opt *Options) (*driver, error) {
 		opt: *opt,
 	}
 	if proxyflags.Opt.AuthProxy != "" {
-		d.proxy = proxy.New(ctx, &proxyflags.Opt)
+		d.proxy = proxy.New(ctx, &proxyflags.Opt, &vfscommon.Opt)
 		d.userPass = make(map[string]string, 16)
 	} else {
 		d.globalVFS = vfs.New(f, &vfscommon.Opt)

cmd/serve/http/http.go

@@ -146,7 +146,7 @@ func run(ctx context.Context, f fs.Fs, opt Options) (s *HTTP, err error) {
 	}
 
 	if proxyflags.Opt.AuthProxy != "" {
-		s.proxy = proxy.New(ctx, &proxyflags.Opt)
+		s.proxy = proxy.New(ctx, &proxyflags.Opt, &vfscommon.Opt)
 		// override auth
 		s.opt.Auth.CustomAuthFn = s.auth
 	} else {

cmd/serve/proxy/proxy.go

@@ -122,6 +122,7 @@ type Proxy struct {
 	vfsCache *libcache.Cache
 	ctx      context.Context // for global config
 	Opt      Options
+	vfsOpt   vfscommon.Options
 }
 
 // cacheEntry is what is stored in the vfsCache
@@ -131,12 +132,15 @@ type cacheEntry struct {
 }
 
 // New creates a new proxy with the Options passed in
-func New(ctx context.Context, opt *Options) *Proxy {
+//
+// Any VFS are created with the vfsOpt passed in.
+func New(ctx context.Context, opt *Options, vfsOpt *vfscommon.Options) *Proxy {
 	return &Proxy{
 		ctx:      ctx,
 		Opt:      *opt,
 		cmdLine:  strings.Fields(opt.AuthProxy),
 		vfsCache: libcache.New(),
+		vfsOpt:   *vfsOpt,
 	}
 }
 
@@ -242,7 +246,7 @@ func (p *Proxy) call(user, auth string, isPublicKey bool) (value any, err error)
 		// need to in memory. An attacker would find it easier to go
 		// after the unencrypted password in memory most likely.
 		entry := cacheEntry{
-			vfs:    vfs.New(f, &vfscommon.Opt),
+			vfs:    vfs.New(f, &p.vfsOpt),
 			pwHash: sha256.Sum256([]byte(auth)),
 		}
 		return entry, true, nil

cmd/serve/proxy/proxy_test.go

@@ -13,6 +13,7 @@ import (
 	"github.com/rclone/rclone/fs"
 	"github.com/rclone/rclone/fs/config/configmap"
 	"github.com/rclone/rclone/fs/config/obscure"
+	"github.com/rclone/rclone/vfs/vfscommon"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	"golang.org/x/crypto/ssh"
@@ -22,7 +23,7 @@ func TestRun(t *testing.T) {
 	opt := DefaultOpt
 	cmd := "go run proxy_code.go"
 	opt.AuthProxy = cmd
-	p := New(context.Background(), &opt)
+	p := New(context.Background(), &opt, &vfscommon.Opt)
 
 	t.Run("Normal", func(t *testing.T) {
 		config, err := p.run(map[string]string{

cmd/serve/s3/server.go

@@ -81,7 +81,7 @@ func newServer(ctx context.Context, f fs.Fs, opt *Options) (s *Server, err error
 	w.handler = w.faker.Server()
 
 	if proxyflags.Opt.AuthProxy != "" {
-		w.proxy = proxy.New(ctx, &proxyflags.Opt)
+		w.proxy = proxy.New(ctx, &proxyflags.Opt, &vfscommon.Opt)
 		// proxy auth middleware
 		w.handler = proxyAuthMiddleware(w.handler, w)
 		w.handler = authPairMiddleware(w.handler, w)

cmd/serve/sftp/server.go

@@ -53,7 +53,7 @@ func newServer(ctx context.Context, f fs.Fs, opt *Options) *server {
 		waitChan: make(chan struct{}),
 	}
 	if proxyflags.Opt.AuthProxy != "" {
-		s.proxy = proxy.New(ctx, &proxyflags.Opt)
+		s.proxy = proxy.New(ctx, &proxyflags.Opt, &vfscommon.Opt)
 	} else {
 		s.vfs = vfs.New(f, &vfscommon.Opt)
 	}

cmd/serve/webdav/webdav.go

@@ -205,7 +205,7 @@ func newWebDAV(ctx context.Context, f fs.Fs, opt *Options) (w *WebDAV, err error
 		opt: *opt,
 	}
 	if proxyflags.Opt.AuthProxy != "" {
-		w.proxy = proxy.New(ctx, &proxyflags.Opt)
+		w.proxy = proxy.New(ctx, &proxyflags.Opt, &vfscommon.Opt)
 		// override auth
 		w.opt.Auth.CustomAuthFn = w.auth
 	} else {