feat: implement path block and user block

Fixes #313

internal/controller/proxy_controller.go

@@ -112,7 +112,7 @@ func (controller *ProxyController) proxyHandler(c *gin.Context) {
 		return
 	}
 
-	authEnabled, err := controller.Auth.IsAuthEnabled(uri, labels.Path.Allow)
+	authEnabled, err := controller.Auth.IsAuthEnabled(uri, labels.Path)
 
 	if err != nil {
 		log.Error().Err(err).Msg("Failed to check if auth is enabled for resource")

internal/service/auth_service.go

@@ -289,6 +289,13 @@ func (auth *AuthService) IsResourceAllowed(c *gin.Context, context config.UserCo
 		return utils.CheckFilter(labels.OAuth.Whitelist, context.Email)
 	}
 
+	if labels.Users.Block != "" {
+		log.Debug().Msg("Checking blocked users")
+		if utils.CheckFilter(labels.Users.Block, context.Username) {
+			return false
+		}
+	}
+
 	log.Debug().Msg("Checking users")
 	return utils.CheckFilter(labels.Users.Allow, context.Username)
 }
@@ -316,12 +323,23 @@ func (auth *AuthService) IsInOAuthGroup(c *gin.Context, context config.UserConte
 	return false
 }
 
-func (auth *AuthService) IsAuthEnabled(uri string, pathAllow string) (bool, error) {
-	if pathAllow == "" {
-		return true, nil
+func (auth *AuthService) IsAuthEnabled(uri string, path config.PathLabels) (bool, error) {
+	// Check for block list
+	if path.Block != "" {
+		regex, err := regexp.Compile(path.Block)
+
+		if err != nil {
+			return true, err
 		}
 
-	regex, err := regexp.Compile(pathAllow)
+		if !regex.MatchString(uri) {
+			return false, nil
+		}
+	}
+
+	// Check for allow list
+	if path.Allow != "" {
+		regex, err := regexp.Compile(path.Allow)
 
 		if err != nil {
 			return true, err
@@ -330,6 +348,7 @@ func (auth *AuthService) IsAuthEnabled(uri string, pathAllow string) (bool, erro
 		if regex.MatchString(uri) {
 			return false, nil
 		}
+	}
 
 	return true, nil
 }