feat: add regex support to oauth whitelist

2025-10-27 20:25:41 +00:00 · 2025-04-18 19:36:50 +03:00
parent 34b1c97db0
commit 85ad0d19c7
7 changed files with 7 additions and 27 deletions
--- a/cmd/root.go
+++ b/cmd/root.go
@@ -61,13 +61,6 @@ var rootCmd = &cobra.Command{
 			HandleError(errors.New("no users or OAuth configured"), "No users or OAuth configured")
 		}

-		// Create oauth whitelist
-		oauthWhitelist := utils.Filter(strings.Split(config.OAuthWhitelist, ","), func(val string) bool {
-			return val != ""
-		})
-
-		log.Debug().Msg("Parsed OAuth whitelist")
-
 		// Get domain
 		log.Debug().Msg("Getting domain")
 		domain, err := utils.GetUpperDomain(config.AppURL)
@@ -108,7 +101,7 @@ var rootCmd = &cobra.Command{
 		// Create auth config
 		authConfig := types.AuthConfig{
 			Users:           users,
-			OauthWhitelist:  oauthWhitelist,
+			OauthWhitelist:  config.OAuthWhitelist,
 			Secret:          config.Secret,
 			CookieSecure:    config.CookieSecure,
 			SessionExpiry:   config.SessionExpiry,
--- a/frontend/src/pages/unauthorized-page.tsx
+++ b/frontend/src/pages/unauthorized-page.tsx
@@ -35,7 +35,7 @@ export const UnauthorizedPage = () => {
          ) : (
            <Text>
              <Trans
-                i18nKey="unauthorizedLoginSubtitle"
+                i18nKey="unaothorizedLoginSubtitle"
                t={t}
                components={{ Code: <Code /> }}
                values={{ username }}
--- a/internal/api/api_test.go
+++ b/internal/api/api_test.go
@@ -36,7 +36,7 @@ var handlersConfig = types.HandlersConfig{
 // Simple auth config for tests
 var authConfig = types.AuthConfig{
 	Users:           types.Users{},
-	OauthWhitelist:  []string{},
+	OauthWhitelist:  "",
 	Secret:          "super-secret-api-thing-for-tests", // It is 32 chars long
 	CookieSecure:    false,
 	SessionExpiry:   3600,
--- a/internal/auth/auth.go
+++ b/internal/auth/auth.go
@@ -134,20 +134,7 @@ func (auth *Auth) RecordLoginAttempt(identifier string, success bool) {
 }

 func (auth *Auth) EmailWhitelisted(emailSrc string) bool {
-	// If the whitelist is empty, allow all emails
-	if len(auth.Config.OauthWhitelist) == 0 {
-		return true
-	}
-
-	// Loop through the whitelist and return true if the email matches
-	for _, email := range auth.Config.OauthWhitelist {
-		if email == emailSrc {
-			return true
-		}
-	}
-
-	// If no emails match, return false
-	return false
+	return utils.CheckWhitelist(auth.Config.OauthWhitelist, emailSrc)
 }

 func (auth *Auth) CreateSessionCookie(c *gin.Context, data *types.SessionCookie) error {
--- a/internal/auth/auth_test.go
+++ b/internal/auth/auth_test.go
@@ -10,7 +10,7 @@ import (

 var config = types.AuthConfig{
 	Users:          types.Users{},
-	OauthWhitelist: []string{},
+	OauthWhitelist: "",
 	SessionExpiry:  3600,
 }

--- a/internal/types/config.go
+++ b/internal/types/config.go
@@ -68,7 +68,7 @@ type APIConfig struct {
 // AuthConfig is the configuration for the auth service
 type AuthConfig struct {
 	Users           Users
-	OauthWhitelist  []string
+	OauthWhitelist  string
 	SessionExpiry   int
 	Secret          string
 	CookieSecure    bool
--- a/internal/utils/utils.go
+++ b/internal/utils/utils.go
@@ -288,7 +288,7 @@ func ParseSecretFile(contents string) string {
 // Check if a string matches a regex or a whitelist
 func CheckWhitelist(whitelist string, str string) bool {
 	// Check if the whitelist is empty
-	if len(whitelist) == 0 {
+	if len(strings.TrimSpace(whitelist)) == 0 {
 		return true
 	}