barbercollie/tinyauth
1
0
Fork 1
mirror of https://github.com/steveiliop56/tinyauth.git synced 2025-10-28 20:55:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

refactor: unify labels

Browse Source
This commit is contained in:
Stavros
2025-08-29 13:52:47 +03:00
parent 03d06cb0a7
commit 598abc5fe1
5 changed files with 138 additions and 104 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
internal/service/auth_service.go
View File

@@ -283,18 +283,18 @@ func (auth *AuthService) UserAuthConfigured() bool {
return len(auth.Config.Users) > 0 || auth.LDAP != nil
}
func (auth *AuthService) IsResourceAllowed(c *gin.Context, context config.UserContext, labels config.Labels) bool {
func (auth *AuthService) IsResourceAllowed(c *gin.Context, context config.UserContext, labels config.AppLabels) bool {
if context.OAuth {
log.Debug().Msg("Checking OAuth whitelist")
return utils.CheckFilter(labels.OAuth.Whitelist, context.Email)
}
log.Debug().Msg("Checking users")
return utils.CheckFilter(labels.Users, context.Username)
return utils.CheckFilter(labels.Users.Allow, context.Username)
}
func (auth *AuthService) IsInOAuthGroup(c *gin.Context, context config.UserContext, labels config.Labels) bool {
if labels.OAuth.Groups == "" {
func (auth *AuthService) IsInOAuthGroup(c *gin.Context, context config.UserContext, groups string) bool {
if groups == "" {
return true
}
@@ -304,10 +304,10 @@ func (auth *AuthService) IsInOAuthGroup(c *gin.Context, context config.UserConte
}
// No need to parse since they are from the API response
oauthGroups := strings.Split(context.OAuthGroups, ",")
groupsSplit := strings.Split(groups, ",")
for _, group := range oauthGroups {
if utils.CheckFilter(labels.OAuth.Groups, group) {
for _, group := range groupsSplit {
if utils.CheckFilter(groups, group) {
return true
}
}
@@ -316,12 +316,12 @@ func (auth *AuthService) IsInOAuthGroup(c *gin.Context, context config.UserConte
return false
}
func (auth *AuthService) IsAuthEnabled(uri string, labels config.Labels) (bool, error) {
if labels.Allowed == "" {
func (auth *AuthService) IsAuthEnabled(uri string, pathAllow string) (bool, error) {
if pathAllow == "" {
return true, nil
}
regex, err := regexp.Compile(labels.Allowed)
regex, err := regexp.Compile(pathAllow)
if err != nil {
return true, err
@@ -346,8 +346,8 @@ func (auth *AuthService) GetBasicAuth(c *gin.Context) *config.User {
}
}
func (auth *AuthService) CheckIP(labels config.Labels, ip string) bool {
for _, blocked := range labels.IP.Block {
func (auth *AuthService) CheckIP(labels config.IPLabels, ip string) bool {
for _, blocked := range labels.Block {
res, err := utils.FilterIP(blocked, ip)
if err != nil {
log.Warn().Err(err).Str("item", blocked).Msg("Invalid IP/CIDR in block list")
@@ -359,7 +359,7 @@ func (auth *AuthService) CheckIP(labels config.Labels, ip string) bool {
}
}
for _, allowed := range labels.IP.Allow {
for _, allowed := range labels.Allow {
res, err := utils.FilterIP(allowed, ip)
if err != nil {
log.Warn().Err(err).Str("item", allowed).Msg("Invalid IP/CIDR in allow list")
@@ -371,7 +371,7 @@ func (auth *AuthService) CheckIP(labels config.Labels, ip string) bool {
}
}
if len(labels.IP.Allow) > 0 {
if len(labels.Allow) > 0 {
log.Debug().Str("ip", ip).Msg("IP not in allow list, denying access")
return false
}
@@ -380,8 +380,8 @@ func (auth *AuthService) CheckIP(labels config.Labels, ip string) bool {
return true
}
func (auth *AuthService) IsBypassedIP(labels config.Labels, ip string) bool {
for _, bypassed := range labels.IP.Bypass {
func (auth *AuthService) IsBypassedIP(labels config.IPLabels, ip string) bool {
for _, bypassed := range labels.Bypass {
res, err := utils.FilterIP(bypassed, ip)
if err != nil {
log.Warn().Err(err).Str("item", bypassed).Msg("Invalid IP/CIDR in bypass list")