From 476ed6964d13d0edeccc50d8625a30d47caedbb2 Mon Sep 17 00:00:00 2001 From: Stavros Date: Thu, 10 Jul 2025 00:34:04 +0300 Subject: [PATCH] fix: fix docker label matching logic --- internal/auth/auth.go | 8 ++++---- internal/docker/docker.go | 15 +++++++++++---- internal/types/config.go | 2 +- internal/utils/utils.go | 4 ++-- internal/utils/utils_test.go | 10 +++++----- 5 files changed, 23 insertions(+), 16 deletions(-) diff --git a/internal/auth/auth.go b/internal/auth/auth.go index 530120a..50379e5 100644 --- a/internal/auth/auth.go +++ b/internal/auth/auth.go @@ -234,7 +234,7 @@ func (auth *Auth) RecordLoginAttempt(identifier string, success bool) { } func (auth *Auth) EmailWhitelisted(email string) bool { - return utils.CheckFilter(auth.Config.OauthWhitelist, email, true) + return utils.CheckFilter(auth.Config.OauthWhitelist, email) } func (auth *Auth) CreateSessionCookie(c *gin.Context, data *types.SessionCookie) error { @@ -368,13 +368,13 @@ func (auth *Auth) ResourceAllowed(c *gin.Context, context types.UserContext, lab // Check if oauth is allowed if context.OAuth { log.Debug().Msg("Checking OAuth whitelist") - return utils.CheckFilter(labels.OAuth.Whitelist, context.Email, true) + return utils.CheckFilter(labels.OAuth.Whitelist, context.Email) } // Check users log.Debug().Msg("Checking users") - return utils.CheckFilter(labels.Users, context.Username, true) + return utils.CheckFilter(labels.Users, context.Username) } func (auth *Auth) OAuthGroup(c *gin.Context, context types.UserContext, labels types.Labels) bool { @@ -394,7 +394,7 @@ func (auth *Auth) OAuthGroup(c *gin.Context, context types.UserContext, labels t // For every group check if it is in the required groups for _, group := range oauthGroups { - if utils.CheckFilter(labels.OAuth.Groups, group, true) { + if utils.CheckFilter(labels.OAuth.Groups, group) { log.Debug().Str("group", group).Msg("Group is in required groups") return true } diff --git a/internal/docker/docker.go b/internal/docker/docker.go index 535e314..ea6760d 100644 --- a/internal/docker/docker.go +++ b/internal/docker/docker.go @@ -69,7 +69,7 @@ func (docker *Docker) DockerConnected() bool { return err == nil } -func (docker *Docker) GetLabels(id string, domain string) (types.Labels, error) { +func (docker *Docker) GetLabels(app string, domain string) (types.Labels, error) { // Check if we have access to the Docker API isConnected := docker.DockerConnected() @@ -112,9 +112,16 @@ func (docker *Docker) GetLabels(id string, domain string) (types.Labels, error) continue } - // Check if the labels match the id or the domain - if strings.TrimPrefix(inspect.Name, "/") == id || utils.CheckFilter(labels.Domain, domain, false) { // Disable regex for now - log.Debug().Str("id", inspect.ID).Msg("Found matching container") + // Check if the container matches the ID or domain + for _, lDomain := range labels.Domain { + if lDomain == domain { + log.Debug().Str("id", inspect.ID).Msg("Found matching container by domain") + return labels, nil + } + } + + if strings.TrimPrefix(inspect.Name, "/") == app { + log.Debug().Str("id", inspect.ID).Msg("Found matching container by name") return labels, nil } } diff --git a/internal/types/config.go b/internal/types/config.go index 83dc8bb..2a9683d 100644 --- a/internal/types/config.go +++ b/internal/types/config.go @@ -129,7 +129,7 @@ type Labels struct { Users string Allowed string Headers []string - Domain string + Domain []string Basic BasicLabels OAuth OAuthLabels IP IPLabels diff --git a/internal/utils/utils.go b/internal/utils/utils.go index 6e1c631..5871465 100644 --- a/internal/utils/utils.go +++ b/internal/utils/utils.go @@ -293,14 +293,14 @@ func ParseSecretFile(contents string) string { } // Check if a string matches a regex or if it is included in a comma separated list -func CheckFilter(filter string, str string, regex bool) bool { +func CheckFilter(filter string, str string) bool { // Check if the filter is empty if len(strings.TrimSpace(filter)) == 0 { return true } // Check if the filter is a regex - if strings.HasPrefix(filter, "/") && strings.HasSuffix(filter, "/") && regex { + if strings.HasPrefix(filter, "/") && strings.HasSuffix(filter, "/") { // Create regex re, err := regexp.Compile(filter[1 : len(filter)-1]) diff --git a/internal/utils/utils_test.go b/internal/utils/utils_test.go index 0f9630a..abc83ba 100644 --- a/internal/utils/utils_test.go +++ b/internal/utils/utils_test.go @@ -387,7 +387,7 @@ func TestCheckFilter(t *testing.T) { expected := true // Test the check filter function - result := utils.CheckFilter(filter, str, false) + result := utils.CheckFilter(filter, str) // Check if the result is equal to the expected if result != expected { @@ -402,7 +402,7 @@ func TestCheckFilter(t *testing.T) { expected = true // Test the check filter function - result = utils.CheckFilter(filter, str, true) + result = utils.CheckFilter(filter, str) // Check if the result is equal to the expected if result != expected { @@ -417,7 +417,7 @@ func TestCheckFilter(t *testing.T) { expected = true // Test the check filter function - result = utils.CheckFilter(filter, str, false) + result = utils.CheckFilter(filter, str) // Check if the result is equal to the expected if result != expected { @@ -432,7 +432,7 @@ func TestCheckFilter(t *testing.T) { expected = false // Test the check filter function - result = utils.CheckFilter(filter, str, true) + result = utils.CheckFilter(filter, str) // Check if the result is equal to the expected if result != expected { @@ -447,7 +447,7 @@ func TestCheckFilter(t *testing.T) { expected = false // Test the check filter function - result = utils.CheckFilter(filter, str, false) + result = utils.CheckFilter(filter, str) // Check if the result is equal to the expected if result != expected {