From 85ad0d19c753d414d26f563e205f6071c921bbf9 Mon Sep 17 00:00:00 2001 From: Stavros Date: Fri, 18 Apr 2025 19:36:50 +0300 Subject: [PATCH] feat: add regex support to oauth whitelist --- cmd/root.go | 9 +-------- frontend/src/pages/unauthorized-page.tsx | 2 +- internal/api/api_test.go | 2 +- internal/auth/auth.go | 15 +-------------- internal/auth/auth_test.go | 2 +- internal/types/config.go | 2 +- internal/utils/utils.go | 2 +- 7 files changed, 7 insertions(+), 27 deletions(-) diff --git a/cmd/root.go b/cmd/root.go index b5d76b5..ae3e935 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -61,13 +61,6 @@ var rootCmd = &cobra.Command{ HandleError(errors.New("no users or OAuth configured"), "No users or OAuth configured") } - // Create oauth whitelist - oauthWhitelist := utils.Filter(strings.Split(config.OAuthWhitelist, ","), func(val string) bool { - return val != "" - }) - - log.Debug().Msg("Parsed OAuth whitelist") - // Get domain log.Debug().Msg("Getting domain") domain, err := utils.GetUpperDomain(config.AppURL) @@ -108,7 +101,7 @@ var rootCmd = &cobra.Command{ // Create auth config authConfig := types.AuthConfig{ Users: users, - OauthWhitelist: oauthWhitelist, + OauthWhitelist: config.OAuthWhitelist, Secret: config.Secret, CookieSecure: config.CookieSecure, SessionExpiry: config.SessionExpiry, diff --git a/frontend/src/pages/unauthorized-page.tsx b/frontend/src/pages/unauthorized-page.tsx index fe6f693..6825bd2 100644 --- a/frontend/src/pages/unauthorized-page.tsx +++ b/frontend/src/pages/unauthorized-page.tsx @@ -35,7 +35,7 @@ export const UnauthorizedPage = () => { ) : ( }} values={{ username }} diff --git a/internal/api/api_test.go b/internal/api/api_test.go index 6a122b0..69979bd 100644 --- a/internal/api/api_test.go +++ b/internal/api/api_test.go @@ -36,7 +36,7 @@ var handlersConfig = types.HandlersConfig{ // Simple auth config for tests var authConfig = types.AuthConfig{ Users: types.Users{}, - OauthWhitelist: []string{}, + OauthWhitelist: "", Secret: "super-secret-api-thing-for-tests", // It is 32 chars long CookieSecure: false, SessionExpiry: 3600, diff --git a/internal/auth/auth.go b/internal/auth/auth.go index 9dbd105..d6ed5f3 100644 --- a/internal/auth/auth.go +++ b/internal/auth/auth.go @@ -134,20 +134,7 @@ func (auth *Auth) RecordLoginAttempt(identifier string, success bool) { } func (auth *Auth) EmailWhitelisted(emailSrc string) bool { - // If the whitelist is empty, allow all emails - if len(auth.Config.OauthWhitelist) == 0 { - return true - } - - // Loop through the whitelist and return true if the email matches - for _, email := range auth.Config.OauthWhitelist { - if email == emailSrc { - return true - } - } - - // If no emails match, return false - return false + return utils.CheckWhitelist(auth.Config.OauthWhitelist, emailSrc) } func (auth *Auth) CreateSessionCookie(c *gin.Context, data *types.SessionCookie) error { diff --git a/internal/auth/auth_test.go b/internal/auth/auth_test.go index 08e6bc9..d9dac6b 100644 --- a/internal/auth/auth_test.go +++ b/internal/auth/auth_test.go @@ -10,7 +10,7 @@ import ( var config = types.AuthConfig{ Users: types.Users{}, - OauthWhitelist: []string{}, + OauthWhitelist: "", SessionExpiry: 3600, } diff --git a/internal/types/config.go b/internal/types/config.go index 13730b4..6092a48 100644 --- a/internal/types/config.go +++ b/internal/types/config.go @@ -68,7 +68,7 @@ type APIConfig struct { // AuthConfig is the configuration for the auth service type AuthConfig struct { Users Users - OauthWhitelist []string + OauthWhitelist string SessionExpiry int Secret string CookieSecure bool diff --git a/internal/utils/utils.go b/internal/utils/utils.go index 772c125..2583015 100644 --- a/internal/utils/utils.go +++ b/internal/utils/utils.go @@ -288,7 +288,7 @@ func ParseSecretFile(contents string) string { // Check if a string matches a regex or a whitelist func CheckWhitelist(whitelist string, str string) bool { // Check if the whitelist is empty - if len(whitelist) == 0 { + if len(strings.TrimSpace(whitelist)) == 0 { return true }