mirror of
https://github.com/steveiliop56/tinyauth.git
synced 2025-10-27 20:25:41 +00:00
feat: add support for comma list in label domain check
This commit is contained in:
Stavros
3
.gitignore
vendored
3
.gitignore
vendored
@@ -11,8 +11,7 @@ docker-compose.test*
|
||||
users.txt
|
||||
|
||||
# secret test file
|
||||
secret.txt
|
||||
secret_oauth.txt
|
||||
secret*
|
||||
|
||||
# vscode
|
||||
.vscode
|
||||
|
||||
@@ -233,8 +233,8 @@ func (auth *Auth) RecordLoginAttempt(identifier string, success bool) {
|
||||
}
|
||||
}
|
||||
|
||||
func (auth *Auth) EmailWhitelisted(emailSrc string) bool {
|
||||
return utils.CheckWhitelist(auth.Config.OauthWhitelist, emailSrc)
|
||||
func (auth *Auth) EmailWhitelisted(email string) bool {
|
||||
return utils.CheckFilter(auth.Config.OauthWhitelist, email, true)
|
||||
}
|
||||
|
||||
func (auth *Auth) CreateSessionCookie(c *gin.Context, data *types.SessionCookie) error {
|
||||
@@ -368,13 +368,13 @@ func (auth *Auth) ResourceAllowed(c *gin.Context, context types.UserContext, lab
|
||||
// Check if oauth is allowed
|
||||
if context.OAuth {
|
||||
log.Debug().Msg("Checking OAuth whitelist")
|
||||
return utils.CheckWhitelist(labels.OAuth.Whitelist, context.Email)
|
||||
return utils.CheckFilter(labels.OAuth.Whitelist, context.Email, true)
|
||||
}
|
||||
|
||||
// Check users
|
||||
log.Debug().Msg("Checking users")
|
||||
|
||||
return utils.CheckWhitelist(labels.Users, context.Username)
|
||||
return utils.CheckFilter(labels.Users, context.Username, true)
|
||||
}
|
||||
|
||||
func (auth *Auth) OAuthGroup(c *gin.Context, context types.UserContext, labels types.Labels) bool {
|
||||
@@ -394,7 +394,7 @@ func (auth *Auth) OAuthGroup(c *gin.Context, context types.UserContext, labels t
|
||||
|
||||
// For every group check if it is in the required groups
|
||||
for _, group := range oauthGroups {
|
||||
if utils.CheckWhitelist(labels.OAuth.Groups, group) {
|
||||
if utils.CheckFilter(labels.OAuth.Groups, group, true) {
|
||||
log.Debug().Str("group", group).Msg("Group is in required groups")
|
||||
return true
|
||||
}
|
||||
|
||||
@@ -113,7 +113,7 @@ func (docker *Docker) GetLabels(id string, domain string) (types.Labels, error)
|
||||
}
|
||||
|
||||
// Check if the labels match the id or the domain
|
||||
if strings.TrimPrefix(inspect.Name, "/") == id || labels.Domain == domain {
|
||||
if strings.TrimPrefix(inspect.Name, "/") == id || utils.CheckFilter(labels.Domain, domain, false) { // Disable regex for now
|
||||
log.Debug().Str("id", inspect.ID).Msg("Found matching container")
|
||||
return labels, nil
|
||||
}
|
||||
|
||||
@@ -292,17 +292,17 @@ func ParseSecretFile(contents string) string {
|
||||
return ""
|
||||
}
|
||||
|
||||
// Check if a string matches a regex or a whitelist
|
||||
func CheckWhitelist(whitelist string, str string) bool {
|
||||
// Check if the whitelist is empty
|
||||
if len(strings.TrimSpace(whitelist)) == 0 {
|
||||
// Check if a string matches a regex or if it is included in a comma separated list
|
||||
func CheckFilter(filter string, str string, regex bool) bool {
|
||||
// Check if the filter is empty
|
||||
if len(strings.TrimSpace(filter)) == 0 {
|
||||
return true
|
||||
}
|
||||
|
||||
// Check if the whitelist is a regex
|
||||
if strings.HasPrefix(whitelist, "/") && strings.HasSuffix(whitelist, "/") {
|
||||
// Check if the filter is a regex
|
||||
if strings.HasPrefix(filter, "/") && strings.HasSuffix(filter, "/") && regex {
|
||||
// Create regex
|
||||
re, err := regexp.Compile(whitelist[1 : len(whitelist)-1])
|
||||
re, err := regexp.Compile(filter[1 : len(filter)-1])
|
||||
|
||||
// Check if there was an error
|
||||
if err != nil {
|
||||
@@ -316,11 +316,11 @@ func CheckWhitelist(whitelist string, str string) bool {
|
||||
}
|
||||
}
|
||||
|
||||
// Split the whitelist by comma
|
||||
whitelistSplit := strings.Split(whitelist, ",")
|
||||
// Split the filter by comma
|
||||
filterSplit := strings.Split(filter, ",")
|
||||
|
||||
// Loop through the whitelist
|
||||
for _, item := range whitelistSplit {
|
||||
// Loop through the filter items
|
||||
for _, item := range filterSplit {
|
||||
// Check if the item matches with the string
|
||||
if strings.TrimSpace(item) == str {
|
||||
return true
|
||||
|
||||
@@ -377,77 +377,77 @@ func TestParseUser(t *testing.T) {
|
||||
}
|
||||
}
|
||||
|
||||
// Test the whitelist function
|
||||
func TestCheckWhitelist(t *testing.T) {
|
||||
t.Log("Testing check whitelist with a comma whitelist")
|
||||
// Test the check filter function
|
||||
func TestCheckFilter(t *testing.T) {
|
||||
t.Log("Testing check filter with a comma separated list")
|
||||
|
||||
// Create variables
|
||||
whitelist := "user1,user2,user3"
|
||||
filter := "user1,user2,user3"
|
||||
str := "user1"
|
||||
expected := true
|
||||
|
||||
// Test the check whitelist function
|
||||
result := utils.CheckWhitelist(whitelist, str)
|
||||
// Test the check filter function
|
||||
result := utils.CheckFilter(filter, str, false)
|
||||
|
||||
// Check if the result is equal to the expected
|
||||
if result != expected {
|
||||
t.Fatalf("Expected %v, got %v", expected, result)
|
||||
}
|
||||
|
||||
t.Log("Testing check whitelist with a regex whitelist")
|
||||
t.Log("Testing check filter with a regex filter")
|
||||
|
||||
// Create variables
|
||||
whitelist = "/^user[0-9]+$/"
|
||||
filter = "/^user[0-9]+$/"
|
||||
str = "user1"
|
||||
expected = true
|
||||
|
||||
// Test the check whitelist function
|
||||
result = utils.CheckWhitelist(whitelist, str)
|
||||
// Test the check filter function
|
||||
result = utils.CheckFilter(filter, str, true)
|
||||
|
||||
// Check if the result is equal to the expected
|
||||
if result != expected {
|
||||
t.Fatalf("Expected %v, got %v", expected, result)
|
||||
}
|
||||
|
||||
t.Log("Testing check whitelist with an empty whitelist")
|
||||
t.Log("Testing check filter with an empty filter")
|
||||
|
||||
// Create variables
|
||||
whitelist = ""
|
||||
filter = ""
|
||||
str = "user1"
|
||||
expected = true
|
||||
|
||||
// Test the check whitelist function
|
||||
result = utils.CheckWhitelist(whitelist, str)
|
||||
// Test the check filter function
|
||||
result = utils.CheckFilter(filter, str, false)
|
||||
|
||||
// Check if the result is equal to the expected
|
||||
if result != expected {
|
||||
t.Fatalf("Expected %v, got %v", expected, result)
|
||||
}
|
||||
|
||||
t.Log("Testing check whitelist with an invalid regex whitelist")
|
||||
t.Log("Testing check filter with an invalid regex filter")
|
||||
|
||||
// Create variables
|
||||
whitelist = "/^user[0-9+$/"
|
||||
filter = "/^user[0-9+$/"
|
||||
str = "user1"
|
||||
expected = false
|
||||
|
||||
// Test the check whitelist function
|
||||
result = utils.CheckWhitelist(whitelist, str)
|
||||
// Test the check filter function
|
||||
result = utils.CheckFilter(filter, str, true)
|
||||
|
||||
// Check if the result is equal to the expected
|
||||
if result != expected {
|
||||
t.Fatalf("Expected %v, got %v", expected, result)
|
||||
}
|
||||
|
||||
t.Log("Testing check whitelist with a non matching whitelist")
|
||||
t.Log("Testing check filter with a non matching list")
|
||||
|
||||
// Create variables
|
||||
whitelist = "user1,user2,user3"
|
||||
filter = "user1,user2,user3"
|
||||
str = "user4"
|
||||
expected = false
|
||||
|
||||
// Test the check whitelist function
|
||||
result = utils.CheckWhitelist(whitelist, str)
|
||||
// Test the check filter function
|
||||
result = utils.CheckFilter(filter, str, false)
|
||||
|
||||
// Check if the result is equal to the expected
|
||||
if result != expected {
|
||||
|
||||
Reference in New Issue
Block a user