Add whitelist

Author: keimoon

api/main.go

@@ -17,6 +17,10 @@ func Main(ctx *goru.Context) {
 		gorux.ResponseJSON(ctx, http.StatusOK, Error("Anduin OAUTH proxy version "+service.Version()))
 		return
 	}
+	if service.CheckWhitelist(ctx, p) {
+		service.ReverseProxy(ctx, p, nil)
+		return
+	}
 	user := service.CheckSession(ctx)
 	if user != nil {
 		service.ReverseProxy(ctx, p, user)

proxy/proxy.go

@@ -8,10 +8,18 @@ import (
 	"strings"
 	"time"
 
+	"regexp"
+
 	"github.com/anduintransaction/oauth-proxy/utils"
 	"gottb.io/goru/config"
+	"gottb.io/goru/log"
 )
 
+type whilelist struct {
+	method string
+	path   *regexp.Regexp
+}
+
 type Proxy struct {
 	Provider      string   `config:"provider"`
 	Scheme        string   `config:"scheme"`
@@ -24,9 +32,11 @@ type Proxy struct {
 	CallbackURI   string   `config:"callback_uri"`
 	Organizations []string `config:"organizations"`
 	Teams         []string `config:"teams"`
+	Whitelists    []string `config:"whitelists"`
 	organizations utils.StringSet
 	teams         utils.StringSet
 	target        *url.URL
+	whitelists    []*whilelist
 	reverseProxy  *httputil.ReverseProxy
 }
 
@@ -42,6 +52,23 @@ func (p *Proxy) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	p.reverseProxy.ServeHTTP(w, r)
 }
 
+func (p *Proxy) IsWhiteList(method, path string) bool {
+	for _, w := range p.whitelists {
+		if w.method != "ANY" && w.method != method {
+			continue
+		}
+		path = strings.TrimRight(path, "/")
+		if path == "" {
+			path = "/"
+		}
+		matched := w.path.MatchString(path)
+		if matched {
+			return true
+		}
+	}
+	return false
+}
+
 func (p *Proxy) createReverseProxy() {
 	p.reverseProxy = &httputil.ReverseProxy{
 		Director: p.transformRequest,
@@ -133,8 +160,25 @@ func Start(config *config.Config) error {
 		if err != nil {
 			return err
 		}
+		proxy.whitelists = []*whilelist{}
+		for _, wl := range proxy.Whitelists {
+			w := &whilelist{}
+			pieces := strings.SplitN(wl, ":", 2)
+			if len(pieces) == 1 {
+				w.method = "ANY"
+				w.path, err = regexp.Compile("^" + pieces[0] + "$")
+			} else {
+				w.method = strings.ToUpper(pieces[0])
+				w.path, err = regexp.Compile("^" + pieces[1] + "$")
+			}
+			if err != nil {
+				return err
+			}
+			proxy.whitelists = append(proxy.whitelists, w)
+		}
 		proxy.createReverseProxy()
 		proxyMap[proxy.RequestHost] = proxy
+		log.Debug(proxy)
 	}
 
 	rand.Seed(time.Now().UnixNano())

service/misc.go

@@ -6,7 +6,7 @@ import (
 )
 
 func Version() string {
-	return "0.3.0"
+	return "0.4.0"
 }
 
 func generateRandomState() (string, error) {

service/proxy.go

@@ -30,6 +30,10 @@ func DoRedirect(ctx *goru.Context, prox *proxy.Proxy) {
 	goru.Redirect(ctx, redirectURI)
 }
 
+func CheckWhitelist(ctx *goru.Context, prox *proxy.Proxy) bool {
+	return prox.IsWhiteList(ctx.Request.Method, ctx.Request.URL.Path)
+}
+
 func CheckSession(ctx *goru.Context) *proxy.UserInfo {
 	authCookie, err := ctx.Request.Cookie(proxy.Config.CookieName)
 	if err != nil {
@@ -61,8 +65,10 @@ func CheckSession(ctx *goru.Context) *proxy.UserInfo {
 }
 
 func ReverseProxy(ctx *goru.Context, prox *proxy.Proxy, user *proxy.UserInfo) {
-	ctx.Request.Header.Add("X-Forwarded-User", user.Name)
-	ctx.Request.Header.Add("X-Forwarded-Email", user.Email)
+	if user != nil {
+		ctx.Request.Header.Add("X-Forwarded-User", user.Name)
+		ctx.Request.Header.Add("X-Forwarded-Email", user.Email)
+	}
 	log.Debugf("Reverse proxy for %s to %s", prox.RequestHost, ctx.Request.URL.String())
 	prox.ServeHTTP(ctx.ResponseWriter, ctx.Request)
 }