From 9f027101147646226471c3ccb10dc7caafb202b4 Mon Sep 17 00:00:00 2001 From: Stavros Date: Wed, 9 Jul 2025 17:49:13 +0300 Subject: [PATCH] feat: add support for comma list in label domain check --- .gitignore | 3 +-- internal/auth/auth.go | 10 ++++---- internal/docker/docker.go | 2 +- internal/utils/utils.go | 22 +++++++++--------- internal/utils/utils_test.go | 44 ++++++++++++++++++------------------ 5 files changed, 40 insertions(+), 41 deletions(-) diff --git a/.gitignore b/.gitignore index 8cb2bae..ec50bdf 100644 --- a/.gitignore +++ b/.gitignore @@ -11,8 +11,7 @@ docker-compose.test* users.txt # secret test file -secret.txt -secret_oauth.txt +secret* # vscode .vscode diff --git a/internal/auth/auth.go b/internal/auth/auth.go index cc17340..530120a 100644 --- a/internal/auth/auth.go +++ b/internal/auth/auth.go @@ -233,8 +233,8 @@ func (auth *Auth) RecordLoginAttempt(identifier string, success bool) { } } -func (auth *Auth) EmailWhitelisted(emailSrc string) bool { - return utils.CheckWhitelist(auth.Config.OauthWhitelist, emailSrc) +func (auth *Auth) EmailWhitelisted(email string) bool { + return utils.CheckFilter(auth.Config.OauthWhitelist, email, true) } func (auth *Auth) CreateSessionCookie(c *gin.Context, data *types.SessionCookie) error { @@ -368,13 +368,13 @@ func (auth *Auth) ResourceAllowed(c *gin.Context, context types.UserContext, lab // Check if oauth is allowed if context.OAuth { log.Debug().Msg("Checking OAuth whitelist") - return utils.CheckWhitelist(labels.OAuth.Whitelist, context.Email) + return utils.CheckFilter(labels.OAuth.Whitelist, context.Email, true) } // Check users log.Debug().Msg("Checking users") - return utils.CheckWhitelist(labels.Users, context.Username) + return utils.CheckFilter(labels.Users, context.Username, true) } func (auth *Auth) OAuthGroup(c *gin.Context, context types.UserContext, labels types.Labels) bool { @@ -394,7 +394,7 @@ func (auth *Auth) OAuthGroup(c *gin.Context, context types.UserContext, labels t // For every group check if it is in the required groups for _, group := range oauthGroups { - if utils.CheckWhitelist(labels.OAuth.Groups, group) { + if utils.CheckFilter(labels.OAuth.Groups, group, true) { log.Debug().Str("group", group).Msg("Group is in required groups") return true } diff --git a/internal/docker/docker.go b/internal/docker/docker.go index 423fe0c..535e314 100644 --- a/internal/docker/docker.go +++ b/internal/docker/docker.go @@ -113,7 +113,7 @@ func (docker *Docker) GetLabels(id string, domain string) (types.Labels, error) } // Check if the labels match the id or the domain - if strings.TrimPrefix(inspect.Name, "/") == id || labels.Domain == domain { + if strings.TrimPrefix(inspect.Name, "/") == id || utils.CheckFilter(labels.Domain, domain, false) { // Disable regex for now log.Debug().Str("id", inspect.ID).Msg("Found matching container") return labels, nil } diff --git a/internal/utils/utils.go b/internal/utils/utils.go index 9fa5b69..6e1c631 100644 --- a/internal/utils/utils.go +++ b/internal/utils/utils.go @@ -292,17 +292,17 @@ func ParseSecretFile(contents string) string { return "" } -// Check if a string matches a regex or a whitelist -func CheckWhitelist(whitelist string, str string) bool { - // Check if the whitelist is empty - if len(strings.TrimSpace(whitelist)) == 0 { +// Check if a string matches a regex or if it is included in a comma separated list +func CheckFilter(filter string, str string, regex bool) bool { + // Check if the filter is empty + if len(strings.TrimSpace(filter)) == 0 { return true } - // Check if the whitelist is a regex - if strings.HasPrefix(whitelist, "/") && strings.HasSuffix(whitelist, "/") { + // Check if the filter is a regex + if strings.HasPrefix(filter, "/") && strings.HasSuffix(filter, "/") && regex { // Create regex - re, err := regexp.Compile(whitelist[1 : len(whitelist)-1]) + re, err := regexp.Compile(filter[1 : len(filter)-1]) // Check if there was an error if err != nil { @@ -316,11 +316,11 @@ func CheckWhitelist(whitelist string, str string) bool { } } - // Split the whitelist by comma - whitelistSplit := strings.Split(whitelist, ",") + // Split the filter by comma + filterSplit := strings.Split(filter, ",") - // Loop through the whitelist - for _, item := range whitelistSplit { + // Loop through the filter items + for _, item := range filterSplit { // Check if the item matches with the string if strings.TrimSpace(item) == str { return true diff --git a/internal/utils/utils_test.go b/internal/utils/utils_test.go index 31090f6..0f9630a 100644 --- a/internal/utils/utils_test.go +++ b/internal/utils/utils_test.go @@ -377,77 +377,77 @@ func TestParseUser(t *testing.T) { } } -// Test the whitelist function -func TestCheckWhitelist(t *testing.T) { - t.Log("Testing check whitelist with a comma whitelist") +// Test the check filter function +func TestCheckFilter(t *testing.T) { + t.Log("Testing check filter with a comma separated list") // Create variables - whitelist := "user1,user2,user3" + filter := "user1,user2,user3" str := "user1" expected := true - // Test the check whitelist function - result := utils.CheckWhitelist(whitelist, str) + // Test the check filter function + result := utils.CheckFilter(filter, str, false) // Check if the result is equal to the expected if result != expected { t.Fatalf("Expected %v, got %v", expected, result) } - t.Log("Testing check whitelist with a regex whitelist") + t.Log("Testing check filter with a regex filter") // Create variables - whitelist = "/^user[0-9]+$/" + filter = "/^user[0-9]+$/" str = "user1" expected = true - // Test the check whitelist function - result = utils.CheckWhitelist(whitelist, str) + // Test the check filter function + result = utils.CheckFilter(filter, str, true) // Check if the result is equal to the expected if result != expected { t.Fatalf("Expected %v, got %v", expected, result) } - t.Log("Testing check whitelist with an empty whitelist") + t.Log("Testing check filter with an empty filter") // Create variables - whitelist = "" + filter = "" str = "user1" expected = true - // Test the check whitelist function - result = utils.CheckWhitelist(whitelist, str) + // Test the check filter function + result = utils.CheckFilter(filter, str, false) // Check if the result is equal to the expected if result != expected { t.Fatalf("Expected %v, got %v", expected, result) } - t.Log("Testing check whitelist with an invalid regex whitelist") + t.Log("Testing check filter with an invalid regex filter") // Create variables - whitelist = "/^user[0-9+$/" + filter = "/^user[0-9+$/" str = "user1" expected = false - // Test the check whitelist function - result = utils.CheckWhitelist(whitelist, str) + // Test the check filter function + result = utils.CheckFilter(filter, str, true) // Check if the result is equal to the expected if result != expected { t.Fatalf("Expected %v, got %v", expected, result) } - t.Log("Testing check whitelist with a non matching whitelist") + t.Log("Testing check filter with a non matching list") // Create variables - whitelist = "user1,user2,user3" + filter = "user1,user2,user3" str = "user4" expected = false - // Test the check whitelist function - result = utils.CheckWhitelist(whitelist, str) + // Test the check filter function + result = utils.CheckFilter(filter, str, false) // Check if the result is equal to the expected if result != expected {