Skip to content

Commit cc6d73e

Browse files
CodeShellDevCodeShellDev
authored
fix: endpoints middleware (#116)
1 parent 428e9ed commit cc6d73e

File tree

2 files changed

+27
-20
lines changed

2 files changed

+27
-20
lines changed

data/defaults.yml

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -32,7 +32,6 @@ settings:
3232

3333
access:
3434
endpoints:
35-
- "!/v1/about"
3635
- "!/v1/configuration"
3736
- "!/v1/devices"
3837
- "!/v1/register"

internals/proxy/middlewares/endpoints.go

Lines changed: 27 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,7 @@ import (
44
"net/http"
55
"slices"
66
"strings"
7+
"path"
78

89
log "github.com/codeshelldev/secured-signal-api/utils/logger"
910
)
@@ -52,38 +53,45 @@ func getEndpoints(endpoints []string) ([]string, []string) {
5253
return allowedEndpoints, blockedEndpoints
5354
}
5455

56+
func matchesPattern(endpoint, pattern string) bool {
57+
ok, _ := path.Match(pattern, endpoint)
58+
return
59+
}
60+
5561
func isBlocked(endpoint string, endpoints []string) bool {
56-
if endpoints == nil {
57-
return false
58-
} else if len(endpoints) <= 0 {
59-
return false
62+
if len(endpoints) == 0 {
63+
// default: block all
64+
return true
6065
}
6166

6267
allowed, blocked := getEndpoints(endpoints)
6368

64-
isExplicitlyBlocked := slices.ContainsFunc(blocked, func(try string) bool {
65-
return strings.HasPrefix(endpoint, try)
69+
isExplicitlyAllowed := slices.ContainsFunc(allowed, func(try string) bool {
70+
return matchesPattern(endpoint, try)
6671
})
67-
68-
isExplictlyAllowed := slices.ContainsFunc(allowed, func(try string) bool {
69-
return strings.HasPrefix(endpoint, try)
72+
isExplicitlyBlocked := slices.ContainsFunc(blocked, func(try string) bool {
73+
return matchesPattern(endpoint, try)
7074
})
7175

72-
// Block all except explicitly Allowed
73-
if len(blocked) == 0 && len(allowed) != 0 {
74-
return !isExplictlyAllowed
76+
// explicit allow > block
77+
if isExplicitlyAllowed {
78+
return false
79+
}
80+
81+
if isExplicitlyBlocked {
82+
return true
7583
}
7684

77-
// Allow all except explicitly Blocked
78-
if len(allowed) == 0 && len(blocked) != 0 {
79-
return isExplicitlyBlocked
85+
// only allowed endpoints -> block anything not allowed
86+
if len(allowed) > 0 && len(blocked) == 0 {
87+
return true
8088
}
8189

82-
// Excplicitly Blocked except excplictly Allowed
83-
if len(blocked) != 0 && len(allowed) != 0 {
84-
return isExplicitlyBlocked && !isExplictlyAllowed
90+
// only blocked endpoints -> allow anything not blocked
91+
if len(blocked) > 0 && len(allowed) == 0 {
92+
return false
8593
}
8694

87-
// Block all
95+
// no match -> default: block all
8896
return true
8997
}

0 commit comments

Comments
 (0)