fix: fix docker label matching logic

2025-10-27 20:25:41 +00:00 · 2025-07-10 00:34:04 +03:00
parent b3dca0429f
commit 476ed6964d
5 changed files with 23 additions and 16 deletions
--- a/internal/auth/auth.go
+++ b/internal/auth/auth.go
@@ -234,7 +234,7 @@ func (auth *Auth) RecordLoginAttempt(identifier string, success bool) {
 }

 func (auth *Auth) EmailWhitelisted(email string) bool {
-	return utils.CheckFilter(auth.Config.OauthWhitelist, email, true)
+	return utils.CheckFilter(auth.Config.OauthWhitelist, email)
 }

 func (auth *Auth) CreateSessionCookie(c *gin.Context, data *types.SessionCookie) error {
@@ -368,13 +368,13 @@ func (auth *Auth) ResourceAllowed(c *gin.Context, context types.UserContext, lab
 	// Check if oauth is allowed
 	if context.OAuth {
 		log.Debug().Msg("Checking OAuth whitelist")
-		return utils.CheckFilter(labels.OAuth.Whitelist, context.Email, true)
+		return utils.CheckFilter(labels.OAuth.Whitelist, context.Email)
 	}

 	// Check users
 	log.Debug().Msg("Checking users")

-	return utils.CheckFilter(labels.Users, context.Username, true)
+	return utils.CheckFilter(labels.Users, context.Username)
 }

 func (auth *Auth) OAuthGroup(c *gin.Context, context types.UserContext, labels types.Labels) bool {
@@ -394,7 +394,7 @@ func (auth *Auth) OAuthGroup(c *gin.Context, context types.UserContext, labels t

 	// For every group check if it is in the required groups
 	for _, group := range oauthGroups {
-		if utils.CheckFilter(labels.OAuth.Groups, group, true) {
+		if utils.CheckFilter(labels.OAuth.Groups, group) {
 			log.Debug().Str("group", group).Msg("Group is in required groups")
 			return true
 		}
--- a/internal/docker/docker.go
+++ b/internal/docker/docker.go
@@ -69,7 +69,7 @@ func (docker *Docker) DockerConnected() bool {
 	return err == nil
 }

-func (docker *Docker) GetLabels(id string, domain string) (types.Labels, error) {
+func (docker *Docker) GetLabels(app string, domain string) (types.Labels, error) {
 	// Check if we have access to the Docker API
 	isConnected := docker.DockerConnected()

@@ -112,9 +112,16 @@ func (docker *Docker) GetLabels(id string, domain string) (types.Labels, error)
 			continue
 		}

-		// Check if the labels match the id or the domain
-		if strings.TrimPrefix(inspect.Name, "/") == id || utils.CheckFilter(labels.Domain, domain, false) { // Disable regex for now
-			log.Debug().Str("id", inspect.ID).Msg("Found matching container")
+		// Check if the container matches the ID or domain
+		for _, lDomain := range labels.Domain {
+			if lDomain == domain {
+				log.Debug().Str("id", inspect.ID).Msg("Found matching container by domain")
+				return labels, nil
+			}
+		}
+
+		if strings.TrimPrefix(inspect.Name, "/") == app {
+			log.Debug().Str("id", inspect.ID).Msg("Found matching container by name")
 			return labels, nil
 		}
 	}
--- a/internal/types/config.go
+++ b/internal/types/config.go
@@ -129,7 +129,7 @@ type Labels struct {
 	Users   string
 	Allowed string
 	Headers []string
-	Domain  string
+	Domain  []string
 	Basic   BasicLabels
 	OAuth   OAuthLabels
 	IP      IPLabels
--- a/internal/utils/utils.go
+++ b/internal/utils/utils.go
@@ -293,14 +293,14 @@ func ParseSecretFile(contents string) string {
 }

 // Check if a string matches a regex or if it is included in a comma separated list
-func CheckFilter(filter string, str string, regex bool) bool {
+func CheckFilter(filter string, str string) bool {
 	// Check if the filter is empty
 	if len(strings.TrimSpace(filter)) == 0 {
 		return true
 	}

 	// Check if the filter is a regex
-	if strings.HasPrefix(filter, "/") && strings.HasSuffix(filter, "/") && regex {
+	if strings.HasPrefix(filter, "/") && strings.HasSuffix(filter, "/") {
 		// Create regex
 		re, err := regexp.Compile(filter[1 : len(filter)-1])

--- a/internal/utils/utils_test.go
+++ b/internal/utils/utils_test.go
@@ -387,7 +387,7 @@ func TestCheckFilter(t *testing.T) {
 	expected := true

 	// Test the check filter function
-	result := utils.CheckFilter(filter, str, false)
+	result := utils.CheckFilter(filter, str)

 	// Check if the result is equal to the expected
 	if result != expected {
@@ -402,7 +402,7 @@ func TestCheckFilter(t *testing.T) {
 	expected = true

 	// Test the check filter function
-	result = utils.CheckFilter(filter, str, true)
+	result = utils.CheckFilter(filter, str)

 	// Check if the result is equal to the expected
 	if result != expected {
@@ -417,7 +417,7 @@ func TestCheckFilter(t *testing.T) {
 	expected = true

 	// Test the check filter function
-	result = utils.CheckFilter(filter, str, false)
+	result = utils.CheckFilter(filter, str)

 	// Check if the result is equal to the expected
 	if result != expected {
@@ -432,7 +432,7 @@ func TestCheckFilter(t *testing.T) {
 	expected = false

 	// Test the check filter function
-	result = utils.CheckFilter(filter, str, true)
+	result = utils.CheckFilter(filter, str)

 	// Check if the result is equal to the expected
 	if result != expected {
@@ -447,7 +447,7 @@ func TestCheckFilter(t *testing.T) {
 	expected = false

 	// Test the check filter function
-	result = utils.CheckFilter(filter, str, false)
+	result = utils.CheckFilter(filter, str)

 	// Check if the result is equal to the expected
 	if result != expected {