mirror of
https://github.com/openziti/zrok.git
synced 2024-12-31 19:22:37 +01:00
improvements to public proxy glob implementation (#413)
This commit is contained in:
parent
fdc6b72c23
commit
0c38ab0f43
@ -267,17 +267,18 @@ func authHandler(handler http.Handler, pcfg *Config, key []byte, ctx ziti.Contex
|
|||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
if validDomains, found := oauthCfg.(map[string]interface{})["email_domains"]; found {
|
if validEmailAddressPatterns, found := oauthCfg.(map[string]interface{})["email_domains"]; found {
|
||||||
if castedDomains, ok := validDomains.([]interface{}); !ok {
|
if castedPatterns, ok := validEmailAddressPatterns.([]interface{}); !ok {
|
||||||
logrus.Error("invalid email domain format")
|
logrus.Error("invalid email pattern array format")
|
||||||
return
|
return
|
||||||
} else {
|
} else {
|
||||||
if len(castedDomains) > 0 {
|
if len(castedPatterns) > 0 {
|
||||||
found := false
|
found := false
|
||||||
for _, domain := range castedDomains {
|
for _, pattern := range castedPatterns {
|
||||||
match, err := glob.Compile(domain.(string))
|
if castedPattern, ok := pattern.(string); ok {
|
||||||
|
match, err := glob.Compile(castedPattern)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logrus.Errorf("invalid glob pattern: '%v'", err)
|
logrus.Errorf("invalid email address pattern glob '%v': %v", pattern.(string), err)
|
||||||
unauthorizedUi.WriteUnauthorized(w)
|
unauthorizedUi.WriteUnauthorized(w)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
@ -285,9 +286,14 @@ func authHandler(handler http.Handler, pcfg *Config, key []byte, ctx ziti.Contex
|
|||||||
found = true
|
found = true
|
||||||
break
|
break
|
||||||
}
|
}
|
||||||
|
} else {
|
||||||
|
logrus.Errorf("invalid email address pattern '%v'", pattern)
|
||||||
|
unauthorizedUi.WriteUnauthorized(w)
|
||||||
|
return
|
||||||
|
}
|
||||||
}
|
}
|
||||||
if !found {
|
if !found {
|
||||||
logrus.Warnf("invalid email domain")
|
logrus.Warnf("unauthorized email '%v' for '%v'", claims.Email, shrToken)
|
||||||
unauthorizedUi.WriteUnauthorized(w)
|
unauthorizedUi.WriteUnauthorized(w)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user