barbercollie/tinyauth
1
0
Fork 1
mirror of https://github.com/steveiliop56/tinyauth.git synced 2025-10-28 04:35:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: header based acls (#337)

Browse Source 
* feat: add header decoder

* feat: allow for dash substitute over slash for environments like kubernetes

* feat: use decoded headers in proxy controller

* refactor: simplify decode header to node function

* refactor: use stdlib prefix check in header decoder

* fix: lowercase key and filter before comparing
This commit is contained in:
Stavros
2025-09-02 19:06:52 +03:00
committed by GitHub
parent 9ce16c9652
commit f0d2da281a
10 changed files with 355 additions and 51 deletions
Download Patch File Download Diff File Expand all files Collapse all files

48
internal/utils/label_utils.go
View File

@@ -1,48 +0,0 @@
package utils
import (
"net/http"
"strings"
"tinyauth/internal/config"
"github.com/traefik/paerser/parser"
)
func GetLabels(labels map[string]string) (config.Labels, error) {
var labelsParsed config.Labels
err := parser.Decode(labels, &labelsParsed, "tinyauth", "tinyauth.apps")
if err != nil {
return config.Labels{}, err
}
return labelsParsed, nil
}
func ParseHeaders(headers []string) map[string]string {
headerMap := make(map[string]string)
for _, header := range headers {
split := strings.SplitN(header, "=", 2)
if len(split) != 2 || strings.TrimSpace(split[0]) == "" || strings.TrimSpace(split[1]) == "" {
continue
}
key := SanitizeHeader(strings.TrimSpace(split[0]))
if strings.ContainsAny(key, " \t") {
continue
}
key = http.CanonicalHeaderKey(key)
value := SanitizeHeader(strings.TrimSpace(split[1]))
headerMap[key] = value
}
return headerMap
}
func SanitizeHeader(header string) string {
return strings.Map(func(r rune) rune {
// Allow only printable ASCII characters (32-126) and safe whitespace (space, tab)
if r == ' ' || r == '\t' || (r >= 32 && r <= 126) {
return r
}
return -1
}, header)
}