extern/zrok
1
1
Fork 0
mirror of https://github.com/openziti/zrok.git synced 2024-12-22 14:50:55 +01:00
Code Issues Packages Projects Releases Wiki Activity

improvements to public proxy glob implementation (#413)

Browse Source
This commit is contained in:
Michael Quigley 2024-02-16 11:54:06 -05:00
parent fdc6b72c23
commit 0c38ab0f43
No known key found for this signature in database
GPG Key ID: 9B60314A9DD20A62
1 changed files with 19 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
endpoints/publicProxy/http.go
View File

@ -267,17 +267,18 @@ func authHandler(handler http.Handler, pcfg *Config, key []byte, ctx ziti.Contex
return
}
if validDomains, found := oauthCfg.(map[string]interface{})["email_domains"]; found {
if castedDomains, ok := validDomains.([]interface{}); !ok {
logrus.Error("invalid email domain format")
if validEmailAddressPatterns, found := oauthCfg.(map[string]interface{})["email_domains"]; found {
if castedPatterns, ok := validEmailAddressPatterns.([]interface{}); !ok {
logrus.Error("invalid email pattern array format")
return
} else {
if len(castedDomains) > 0 {
if len(castedPatterns) > 0 {
found := false
for _, domain := range castedDomains {
match, err := glob.Compile(domain.(string))
for _, pattern := range castedPatterns {
if castedPattern, ok := pattern.(string); ok {
match, err := glob.Compile(castedPattern)
if err != nil {
logrus.Errorf("invalid glob pattern: '%v'", err)
logrus.Errorf("invalid email address pattern glob '%v': %v", pattern.(string), err)
unauthorizedUi.WriteUnauthorized(w)
return
}
@ -285,9 +286,14 @@ func authHandler(handler http.Handler, pcfg *Config, key []byte, ctx ziti.Contex
found = true
break
}
} else {
logrus.Errorf("invalid email address pattern '%v'", pattern)
unauthorizedUi.WriteUnauthorized(w)
return
}
}
if !found {
logrus.Warnf("invalid email domain")
logrus.Warnf("unauthorized email '%v' for '%v'", claims.Email, shrToken)
unauthorizedUi.WriteUnauthorized(w)
return
}