mirror of
https://github.com/steveiliop56/tinyauth.git
synced 2026-05-07 21:08:12 +00:00
Stavros
1382ab41e7
* wip * fix: fix util imports * fix: fix bootstrap import issues * fix: fix cli imports * fix: context controller * fix: use new context in user controller * fix: fix imports and context in proxy controller * fix: fix oauth and oidc controller imports and context * feat: finalize context functionality * refactor: simplify acls checking logic by passing the entire acl struct * chore: rename get basic auth to encode basic auth for clarity * fix: fix controller tests * tests: fix service tests * tests: fix utils tests * tests: move to testify for testing in utils * fix: fix config reference generator * tests: add tests for context parsing * tests: add tests for context middleware * tests: remove error wrapper from context tests * tests: fix log wrapper tests * fix: fix verion setting in cd and dockerfiles * fix: review comments batch 1 * fix: review comments batch 2 * fix: review comments batch 3 * fix: delete totp pending session cookie on totp success * tests: fix user controller tests * fix: don't audit login too early * fix: own comments
93 lines
1.8 KiB
Go
93 lines
1.8 KiB
Go
package utils
|
|
|
|
import (
|
|
"errors"
|
|
"fmt"
|
|
"net"
|
|
"net/url"
|
|
"strings"
|
|
|
|
"github.com/tinyauthapp/tinyauth/internal/utils/tlog"
|
|
|
|
"github.com/weppos/publicsuffix-go/publicsuffix"
|
|
)
|
|
|
|
// Get cookie domain parses a hostname and returns the upper domain (e.g. sub1.sub2.domain.com -> sub2.domain.com)
|
|
func GetCookieDomain(u string) (string, error) {
|
|
parsed, err := url.Parse(u)
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
|
|
host := parsed.Hostname()
|
|
|
|
if netIP := net.ParseIP(host); netIP != nil {
|
|
return "", errors.New("IP addresses not allowed")
|
|
}
|
|
|
|
parts := strings.Split(host, ".")
|
|
|
|
if len(parts) == 2 {
|
|
tlog.App.Warn().Msgf("Running on the root domain, cookies will be set for .%v", host)
|
|
return host, nil
|
|
}
|
|
|
|
if len(parts) < 3 {
|
|
return "", errors.New("invalid app url, must be at least second level domain")
|
|
}
|
|
|
|
domain := strings.Join(parts[1:], ".")
|
|
|
|
_, err = publicsuffix.DomainFromListWithOptions(publicsuffix.DefaultList, domain, nil)
|
|
|
|
if err != nil {
|
|
return "", errors.New("domain in public suffix list, cannot set cookies")
|
|
}
|
|
|
|
return domain, nil
|
|
}
|
|
|
|
func ParseFileToLine(content string) string {
|
|
lines := strings.Split(content, "\n")
|
|
users := make([]string, 0)
|
|
|
|
for _, line := range lines {
|
|
if strings.TrimSpace(line) == "" {
|
|
continue
|
|
}
|
|
users = append(users, strings.TrimSpace(line))
|
|
}
|
|
|
|
return strings.Join(users, ",")
|
|
}
|
|
|
|
func Filter[T any](slice []T, test func(T) bool) (res []T) {
|
|
res = make([]T, 0)
|
|
for _, value := range slice {
|
|
if test(value) {
|
|
res = append(res, value)
|
|
}
|
|
}
|
|
return res
|
|
}
|
|
|
|
func IsRedirectSafe(redirectURL string, domain string) bool {
|
|
if redirectURL == "" {
|
|
return false
|
|
}
|
|
|
|
parsed, err := url.Parse(redirectURL)
|
|
|
|
if err != nil {
|
|
return false
|
|
}
|
|
|
|
hostname := parsed.Hostname()
|
|
|
|
if strings.HasSuffix(hostname, fmt.Sprintf(".%s", domain)) {
|
|
return true
|
|
}
|
|
|
|
return hostname == domain
|
|
}
|