fixed blocking logic

CodeShellDev · CodeShellDev · commit 3e76bffa509a · 2025-09-14T19:23:05.000+02:00
diff --git a/.github/templates/README.template.md b/.github/templates/README.template.md
@@ -236,13 +236,11 @@ blockedEndpoints: [/v1/register, /v1/unregister, /v1/qrcodelink, /v1/contacts]
 
 Override Blocked Endpoints by explicitly allowing endpoints in `allowedEndpoints`.
 
-| Config (A)                  | (B)                              |   Result    |     |                |     |
-| :-------------------------- | :------------------------------- | :---------: | --- | :------------: | --- |
-| `allowedEndpoints:`         |                                  |   **all**   | 🛑  |                |     |
-| `blockedEndpoints:`         |                                  |   **all**   | ✅  |                |     |
-| `allowedEndpoints:`         | `blockedEndpoints: ["/v2/send"]` | **default** | ✅  | **`/v2/send`** | 🛑  |
-| `blockedEndpoints:`         | `allowedEndpoints: ["/v2/send"]` | **default** | 🛑  | **`/v2/send`** | ✅  |
-| `blockedEndpoints: ["/v2"]` | `allowedEndpoints: ["/v2/send"]` | **`/v2*`**  | 🛑  | **`/v2/send`** | ✅  |
+| Config (Allow)                   | (Block)                             |   Result   |     |                   |     |
+| :------------------------------- | :---------------------------------- | :--------: | --- | :---------------: | --- |
+| `allowedEndpoints: ["/v2/send"]` | `unset`                             |  **all**   | 🛑  |  **`/v2/send`**   | ✅  |
+| `unset`                          | `blockedEndpoints: ["/v1/receive"]` |  **all**   | ✅  | **`/v1/receive`** | 🛑  |
+| `blockedEndpoints: ["/v2"]`      | `allowedEndpoints: ["/v2/send"]`    | **`/v2*`** | 🛑  |  **`/v2/send`**   | ✅  |
 
 ```yaml
 allowedEndpoints: [/v2/send]
diff --git a/internals/proxy/middlewares/endpoints.go b/internals/proxy/middlewares/endpoints.go
@@ -21,7 +21,7 @@ func (data EndpointsMiddleware) Use() http.Handler {
 		blockedEndpoints := settings.BLOCKED_ENDPOINTS
 		allowedEndpoints := settings.ALLOWED_ENDPOINTS
 
-		if blockedEndpoints == nil {
+		if blockedEndpoints == nil && allowedEndpoints == nil {
 			blockedEndpoints = getSettings("*").BLOCKED_ENDPOINTS
 		}
 
@@ -38,25 +38,37 @@ func (data EndpointsMiddleware) Use() http.Handler {
 }
 
 func isBlocked(endpoint string, allowed []string, blocked []string) bool {
-	var result bool
-
 	if blocked == nil {
-		return false
+		blocked = []string{}
 	}
 
 	if allowed == nil {
-		return true
+		allowed = []string{}
 	}
 
-	isBlocked := slices.ContainsFunc(blocked, func(try string) bool {
+	isExplicitlyBlocked := slices.ContainsFunc(blocked, func(try string) bool {
 		return strings.HasPrefix(endpoint, try)
 	})
 
 	isExplictlyAllowed := slices.ContainsFunc(allowed, func(try string) bool {
 		return strings.HasPrefix(endpoint, try)
 	})
 
-	result = isBlocked && !isExplictlyAllowed
+	// Block all except explicitly Allowed
+	if len(blocked) == 0 && len(allowed) != 0 {
+		return !isExplictlyAllowed
+	}
+
+	// Allow all except explicitly Blocked
+	if len(allowed) == 0 && len(blocked) != 0{
+		return isExplicitlyBlocked
+	}
+
+	// Excplicitly Blocked except excplictly Allowed
+	if len(blocked) != 0 && len(allowed) != 0 {
+		return isExplicitlyBlocked && !isExplictlyAllowed
+	}
 
-	return result
+	// Block all
+	return true
 }
