internal/outpost: improve logging and add tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2393
This commit is contained in:
Jens Langhammer 2022-02-26 22:29:56 +01:00
parent fb60cefb72
commit 6fdf3ad3e5
2 changed files with 53 additions and 2 deletions

View file

@ -123,8 +123,9 @@ func (a *Application) IsAllowlisted(u *url.URL) bool {
} else {
testString = u.String()
}
a.log.WithField("regex", u.String()).WithField("url", testString).Trace("Matching URL against allow list")
if ur.MatchString(testString) {
match := ur.MatchString(testString)
a.log.WithField("match", match).WithField("regex", ur.String()).WithField("url", testString).Trace("Matching URL against allow list")
if match {
return true
}
}

View file

@ -0,0 +1,50 @@
package application
import (
"net/url"
"regexp"
"testing"
"github.com/stretchr/testify/assert"
"goauthentik.io/api"
)
func urlMustParse(u string) *url.URL {
ur, err := url.Parse(u)
if err != nil {
panic(err)
}
return ur
}
func TestIsAllowlisted_Proxy_Single(t *testing.T) {
a := newTestApplication()
a.proxyConfig.Mode = api.PROXYMODE_PROXY.Ptr()
assert.Equal(t, false, a.IsAllowlisted(urlMustParse("")))
a.UnauthenticatedRegex = []*regexp.Regexp{
regexp.MustCompile("^/foo"),
}
assert.Equal(t, true, a.IsAllowlisted(urlMustParse("http://some-host/foo")))
}
func TestIsAllowlisted_Proxy_Domain(t *testing.T) {
a := newTestApplication()
a.proxyConfig.Mode = api.PROXYMODE_FORWARD_DOMAIN.Ptr()
assert.Equal(t, false, a.IsAllowlisted(urlMustParse("")))
a.UnauthenticatedRegex = []*regexp.Regexp{
regexp.MustCompile("^/foo"),
}
assert.Equal(t, false, a.IsAllowlisted(urlMustParse("http://some-host/foo")))
a.UnauthenticatedRegex = []*regexp.Regexp{
regexp.MustCompile("^http://some-host/foo"),
}
assert.Equal(t, true, a.IsAllowlisted(urlMustParse("http://some-host/foo")))
a.UnauthenticatedRegex = []*regexp.Regexp{
regexp.MustCompile("https://health.domain.tld/ping/*"),
}
assert.Equal(t, false, a.IsAllowlisted(urlMustParse("http://some-host/foo")))
assert.Equal(t, false, a.IsAllowlisted(urlMustParse("https://health.domain.tld/")))
assert.Equal(t, true, a.IsAllowlisted(urlMustParse("https://health.domain.tld/ping/qq")))
}