feat: implement path block and user block

Fixes #313

internal/controller/proxy_controller.go

@@ -112,7 +112,7 @@ func (controller *ProxyController) proxyHandler(c *gin.Context) {
 		return
 	}
 
-	authEnabled, err := controller.Auth.IsAuthEnabled(uri, labels.Path.Allow)
+	authEnabled, err := controller.Auth.IsAuthEnabled(uri, labels.Path)
 
 	if err != nil {
 		log.Error().Err(err).Msg("Failed to check if auth is enabled for resource")

internal/service/auth_service.go

@@ -289,6 +289,13 @@ func (auth *AuthService) IsResourceAllowed(c *gin.Context, context config.UserCo
 		return utils.CheckFilter(labels.OAuth.Whitelist, context.Email)
 	}
 
+	if labels.Users.Block != "" {
+		log.Debug().Msg("Checking blocked users")
+		if utils.CheckFilter(labels.Users.Block, context.Username) {
+			return false
+		}
+	}
+
 	log.Debug().Msg("Checking users")
 	return utils.CheckFilter(labels.Users.Allow, context.Username)
 }
@@ -316,19 +323,31 @@ func (auth *AuthService) IsInOAuthGroup(c *gin.Context, context config.UserConte
 	return false
 }
 
-func (auth *AuthService) IsAuthEnabled(uri string, pathAllow string) (bool, error) {
+func (auth *AuthService) IsAuthEnabled(uri string, path config.PathLabels) (bool, error) {
-	if pathAllow == "" {
+	// Check for block list
-		return true, nil
+	if path.Block != "" {
+		regex, err := regexp.Compile(path.Block)
+
+		if err != nil {
+			return true, err
+		}
+
+		if !regex.MatchString(uri) {
+			return false, nil
+		}
 	}
 
-	regex, err := regexp.Compile(pathAllow)
+	// Check for allow list
+	if path.Allow != "" {
+		regex, err := regexp.Compile(path.Allow)
 
-	if err != nil {
+		if err != nil {
-		return true, err
+			return true, err
-	}
+		}
 
-	if regex.MatchString(uri) {
+		if regex.MatchString(uri) {
-		return false, nil
+			return false, nil
+		}
 	}
 
 	return true, nil